projects / mailer.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Copyright updated
[mailer.git] / 0.2.1 / inc / modules / guest / what-login.php
1 <?php\r
2 /************************************************************************\r
3  * MXChange v0.2.1                                    Start: 10/14/2003 *\r
4  * ===============                              Last change: 04/28/2004 *\r
5  *                                                                      *\r
6  * -------------------------------------------------------------------- *\r
7  * File              : what-login.php                                   *\r
8  * -------------------------------------------------------------------- *\r
9  * Short description : Login area (redirects to the real login module)  *\r
10  * -------------------------------------------------------------------- *\r
11  * Kurzbeschreibung  : Loginbereich (leitet an das richtige Lgin-Modul  *\r
12  *                     weiter)                                          *\r
13  * -------------------------------------------------------------------- *\r
14  *                                                                      *\r
15  * -------------------------------------------------------------------- *\r
16  * Copyright (c) 2003 - 2008 by Roland Haeder                           *\r
17  * For more information visit: http://www.mxchange.org                  *\r
18  *                                                                      *\r
19  * This program is free software; you can redistribute it and/or modify *\r
20  * it under the terms of the GNU General Public License as published by *\r
21  * the Free Software Foundation; either version 2 of the License, or    *\r
22  * (at your option) any later version.                                  *\r
23  *                                                                      *\r
24  * This program is distributed in the hope that it will be useful,      *\r
25  * but WITHOUT ANY WARRANTY; without even the implied warranty of       *\r
26  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the        *\r
27  * GNU General Public License for more details.                         *\r
28  *                                                                      *\r
29  * You should have received a copy of the GNU General Public License    *\r
30  * along with this program; if not, write to the Free Software          *\r
31  * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,               *\r
32  * MA  02110-1301  USA                                                  *\r
33  ************************************************************************/\r
34 \r
35 // Some security stuff...\r
36 if (ereg(basename(__FILE__), $_SERVER['PHP_SELF']))\r
37 {\r
38         $INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), "/inc") + 4)."/security.php";\r
39         require($INC);\r
40 }\r
41 \r
42 // Add description as navigation point\r
43 ADD_DESCR("guest", basename(__FILE__));\r
44 \r
45 OPEN_TABLE("100%", "guest_content_align", "");\r
46 global $DATA, $FATAL;\r
47 \r
48 // Initialize data\r
49 $probe_nickname = false; $UID = false; $hash = "";\r
50 unset($login); unset($online);\r
51 \r
52 if ((!empty($GLOBALS['userid'])) && (!empty($_COOKIE['u_hash'])))\r
53 {\r
54         // Already logged in?\r
55         $UID = $GLOBALS['userid'];\r
56 }\r
57  elseif ((!empty($_POST['id'])) && (!empty($_POST['password'])) && (isset($_POST['ok'])))\r
58 {\r
59         // Set userid and crypt password when login data was submitted\r
60         $probe_nickname = ((EXT_IS_ACTIVE("nickname")) && (("".round($_POST['id'])."") != $_POST['id']));\r
61         if ($probe_nickname)\r
62         {\r
63                 // Nickname entered\r
64                 $UID = SQL_ESCAPE($_POST['id']);\r
65         }\r
66          else\r
67         {\r
68                 // Direct userid entered\r
69                 $UID  = bigintval($_POST['id']);\r
70         }\r
71 }\r
72  elseif (!empty($_POST['new_pass']))\r
73 {\r
74         // New password requested\r
75         $UID = "0";\r
76         if (!empty($_POST['id'])) $UID = $_POST['id'];\r
77 }\r
78  else\r
79 {\r
80         // Not logged in\r
81         $UID = "0"; $hash = "";\r
82 }\r
83 \r
84 $URL = ""; $ADD = "";\r
85 // Set unset variables\r
86 if (empty($_POST['new_pass'])) $_POST['new_pass'] = "";\r
87 if (empty($_GET['login']))     $_GET['login']     = "";\r
88 \r
89 if (IS_LOGGED_IN())\r
90 {\r
91         // Login immidiately...\r
92         $URL = URL."/modules.php?module=login";\r
93 }\r
94  elseif (isset($_POST['ok']))\r
95 {\r
96         // Add last_login if available\r
97         $LAST = "";\r
98         if (GET_EXT_VERSION("sql_patches") >= "0.2.8")\r
99         {\r
100                 $LAST = ", last_login";\r
101         }\r
102 \r
103         // Check login data\r
104         $password = "";\r
105         if ($probe_nickname)\r
106         {\r
107                 // Nickname entered\r
108                 $result = SQL_QUERY_ESC("SELECT userid, password, last_online".$LAST." FROM "._MYSQL_PREFIX."_user_data WHERE nickname='%s' AND status='CONFIRMED' LIMIT 1",\r
109                  array($UID), __FILE__, __LINE__);\r
110                 list($UID2, $password, $online, $login) = SQL_FETCHROW($result);\r
111                 if (!empty($UID2)) $UID = $UID2;\r
112         }\r
113          else\r
114         {\r
115                 // Direct userid entered\r
116                 $result = SQL_QUERY_ESC("SELECT userid, password, last_online".$LAST." FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d AND status='CONFIRMED' LIMIT 1",\r
117                  array(bigintval($UID), $hash), __FILE__, __LINE__);\r
118                 list($dmy, $password, $online, $login) = SQL_FETCHROW($result);\r
119         }\r
120         if (SQL_NUMROWS($result) == 1)\r
121         {\r
122                 // Valid data found so let's load the last login data\r
123                 if (isset($_POST['ok']))\r
124                 {\r
125                         // By default the hash is empty\r
126                         $hash = "";\r
127 \r
128                         // Check for old MD5 passwords\r
129                         if ((strlen($password) == 32) && (md5($_POST['password']) == $password))\r
130                         {\r
131                                 // Just set the hash to the password from DB... :)\r
132                                 $hash = $password;\r
133                         }\r
134                          else\r
135                         {\r
136                                 // Encrypt hash for comparsion\r
137                                 $hash = generateHash($_POST['password'], substr($password, 0, -40));\r
138                         }\r
139 \r
140                         if ($hash == $password)\r
141                         {\r
142                                 // New hashed password found so let's generate a new one\r
143                                 $hash = generateHash($_POST['password']);\r
144 \r
145                                 // ... and update database\r
146                                 $result_update = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET password='%s' WHERE userid=%d AND status='CONFIRMED' LIMIT 1",\r
147                                  array($hash, $UID), __FILE__, __LINE__);\r
148 \r
149                                 // No login bonus by default\r
150                                 $BONUS = false;\r
151 \r
152                                 // Probe for last online timemark\r
153                                 $probe = time() -  $online;\r
154                                 if (!empty($login)) $probe = time() - $login;\r
155                                 if ((GET_EXT_VERSION("bonus") >= "0.2.2") && ($probe >= $CONFIG['login_timeout']))\r
156                                 {\r
157                                         // Add login bonus to user's account\r
158                                         $ADD = ", login_bonus=login_bonus+'".$CONFIG['login_bonus']."'";\r
159                                         $BONUS = true;\r
160 \r
161                                         // Subtract login bonus from userid's account or jackpot\r
162                                         if ((GET_EXT_VERSION("bonus") >= "0.3.5") && ($CONFIG['bonus_mode'] != "ADD")) BONUS_POINTS_HANDLER('login_bonus');\r
163                                 }\r
164 \r
165 \r
166                                 // Secure lifetime from input form\r
167                                 $l = bigintval($_POST['lifetime']);\r
168                                 $life = "-1";\r
169                                 if ($l > 0)\r
170                                 {\r
171                                         // Calculate lifetime of cookies\r
172                                         $life = time() + $l;\r
173 \r
174                                         // Calculate new hash with the secret key and master salt together\r
175                                         $hash = generatePassString($hash);\r
176 \r
177                                         // Update cookies\r
178                                         $login = (@setcookie("userid"  , $UID , $life, COOKIE_PATH)\r
179                                                && @setcookie("u_hash"  , $hash, $life, COOKIE_PATH)\r
180                                                && @setcookie("lifetime", $l   , $life, COOKIE_PATH));\r
181 \r
182                                         // Update global array\r
183                                         $GLOBALS['userid'] = $UID;\r
184                                         $_COOKIE['u_hash'] = $hash;\r
185                                         $_COOKIE['lifetime'] = $l;\r
186                                 }\r
187                                  else\r
188                                 {\r
189                                         // Check for login data\r
190                                         $login = IS_LOGGED_IN();\r
191                                 }\r
192 \r
193                                 if ($login)\r
194                                 {\r
195                                         // Update database records\r
196                                         $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET total_logins=total_logins+1".$ADD." WHERE userid=%d LIMIT 1",\r
197                                          array(bigintval($UID)), __FILE__, __LINE__);\r
198                                         if (SQL_AFFECTEDROWS($link) == 1)\r
199                                         {\r
200                                                 // Procedure to checking for login data\r
201                                                 if (($BONUS) && (EXT_IS_ACTIVE("bonus")))\r
202                                                 {\r
203                                                         // Bonus added (just displaying!)\r
204                                                         $URL = URL."/modules.php?module=chk_login&mode=bonus";\r
205                                                 }\r
206                                                  else\r
207                                                 {\r
208                                                         // Bonus not added\r
209                                                         $URL = URL."/modules.php?module=chk_login&mode=login";\r
210                                                 }\r
211                                         }\r
212                                          else\r
213                                         {\r
214                                                 // Cannot update counter!\r
215                                                 $URL = URL."/modules.php?module=".$GLOBALS['module']."&what=login&login=".CODE_CNTR_FAILED;\r
216                                         }\r
217                                 }\r
218                                  else\r
219                                 {\r
220                                         // Cookies not setable!\r
221                                         $URL = URL."/modules.php?module=".$GLOBALS['module']."&what=login&login=".CODE_NO_COOKIES;\r
222                                 }\r
223                         }\r
224                          else\r
225                         {\r
226                                 // Wrong password!\r
227                                 $ERROR = CODE_WRONG_PASS;\r
228                         }\r
229                 }\r
230                  else\r
231                 {\r
232                         // Fatal error!\r
233                         $ERROR = CODE_LOGIN_FAILED;\r
234                 }\r
235         }\r
236          else\r
237         {\r
238                 // Other account status?\r
239                 $result = SQL_QUERY_ESC("SELECT status FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1",\r
240                  array(bigintval($UID)), __FILE__, __LINE__);\r
241                 if (SQL_NUMROWS($result) == 1)\r
242                 {\r
243                         // Load status\r
244                         list($status) = SQL_FETCHROW($result);\r
245                         switch ($status)\r
246                         {\r
247                         case "LOCKED":\r
248                                 $ERROR = CODE_ID_LOCKED;\r
249                                 break;\r
250 \r
251                         case "UNCONFIRMED":\r
252                                 $ERROR = CODE_ID_UNCONFIRMED;\r
253                                 break;\r
254 \r
255                         default:\r
256                                 $ERROR = CODE_UNKNOWN_STATUS;\r
257                                 break;\r
258                         }\r
259                 }\r
260                  else\r
261                 {\r
262                         // ID not found!\r
263                         $ERROR = CODE_WRONG_ID;\r
264                 }\r
265 \r
266                 // Construct URL\r
267                 $URL = URL."/modules.php?module=".$GLOBALS['module']."&what=login&login=".$ERROR;\r
268         }\r
269 }\r
270  elseif ((!empty($_POST['new_pass'])) && (isset($UID)))\r
271 {\r
272         // Compile email when found in address (only secure chars!)\r
273         if (!empty($_POST['email'])) $_POST['email'] = str_replace("{DOT}", '.', $_POST['email']);\r
274 \r
275         // Set ID number when left empty\r
276         if (empty($_POST['id'])) $_POST['id'] = "0";\r
277 \r
278         // Probe userid/nickname\r
279         $probe_nickname = ((EXT_IS_ACTIVE("nickname")) && (("".round($_POST['id'])."") != $_POST['id']));\r
280         if ($probe_nickname)\r
281         {\r
282                 // Nickname entered\r
283                 $result = SQL_QUERY_ESC("SELECT userid, status FROM "._MYSQL_PREFIX."_user_data WHERE nickname='%s' OR email='%s' LIMIT 1",\r
284                  array(addslashes($UID), $_POST['email']), __FILE__, __LINE__);\r
285         }\r
286          else\r
287         {\r
288                 // Direct userid entered\r
289                 $result = SQL_QUERY_ESC("SELECT userid, status FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d OR email='%s' LIMIT 1",\r
290                  array(bigintval($UID), $_POST['email']), __FILE__, __LINE__);\r
291         }\r
292         if (SQL_NUMROWS($result) == 1)\r
293         {\r
294                 // This data is valid, so we create a new pass... :-)\r
295                 list($UID, $status) = SQL_FETCHROW($result);\r
296 \r
297                 if ($status == "CONFIRMED")\r
298                 {\r
299                         // Ooppps, this was missing! ;-) We should update the database...\r
300                         $NEW_PASS = GEN_PASS();\r
301                         $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET password='%s' WHERE userid=%d LIMIT 1",\r
302                          array(generateHash($NEW_PASS), bigintval($UID)), __FILE__, __LINE__);\r
303 \r
304                         // Prepare data and message for email\r
305                         $DATA = array($NEW_PASS, getenv('REMOTE_ADDR'));\r
306                         $msg = LOAD_EMAIL_TEMPLATE("new-pass", "", bigintval($UID));\r
307 \r
308                         // ... and send it away\r
309                         SEND_EMAIL(bigintval($UID), GUEST_NEW_PASSWORD, $msg);\r
310 \r
311                         // Output note to user\r
312                         LOAD_TEMPLATE("admin_settings_saved", false, GUEST_NEW_PASSWORD_SEND);\r
313                 }\r
314                  else\r
315                 {\r
316                         // Account is locked or unconfirmed\r
317                         switch ($status)\r
318                         {\r
319                                 case "LOCKED"     : $MSG = CODE_ID_LOCKED;      break;\r
320                                 case "UNCONFIRMED": $MSG = CODE_ID_UNCONFIRMED; break;\r
321                         }\r
322 \r
323                         // Load URL\r
324                         LOAD_URL(URL."/modules.php?module=".$GLOBALS['module']."&amp;what=login&login=".$MSG);\r
325                 }\r
326         }\r
327          else\r
328         {\r
329                 // ID or email is wrong\r
330                 LOAD_TEMPLATE("admin_settings_saved", false, "<SPAN class=\"guest_failed\">".GUEST_WRONG_ID_EMAIL."</SPAN>");\r
331         }\r
332 }\r
333  else\r
334 {\r
335         // Login problems?\r
336         if (!empty($_GET['login']))\r
337         {\r
338                 // Ok, which one now?\r
339                 $MSG = "<TR>\r
340   <TD width=\"10\">&nbsp;</TD>\r
341   <TD colspan=\"7\" align=\"center\">\r
342     <STRONG><SPAN class=\"guest_failed\">";\r
343                 switch ($_GET['login'])\r
344                 {\r
345                 case CODE_WRONG_PASS:\r
346                         $MSG .= LOGIN_WRONG_PASS;\r
347                         break;\r
348 \r
349                 case CODE_WRONG_ID:\r
350                         $MSG .= LOGIN_WRONG_ID;\r
351                         break;\r
352 \r
353                 case CODE_ID_LOCKED:\r
354                         $MSG .= LOGIN_ID_LOCKED;\r
355                         break;\r
356 \r
357                 case CODE_ID_UNCONFIRMED:\r
358                         $MSG .= LOGIN_ID_UNCONFIRMED;\r
359                         break;\r
360 \r
361                 case CODE_NO_COOKIES:\r
362                         $MSG .= LOGIN_NO_COOKIES;\r
363                         break;\r
364 \r
365                 default:\r
366                         $MSG .= LOGIN_WRONG_ID;\r
367                         break;\r
368                 }\r
369                 $MSG .= "</SPAN></STRONG>\r
370   </TD>\r
371   <TD width=\"10\">&nbsp;</TD>\r
372 </TR>\n";\r
373                 define ('LOGIN_FAILURE_MSG', $MSG);\r
374         }\r
375          else\r
376         {\r
377                 // No problems, no output\r
378                 define ('LOGIN_FAILURE_MSG', "");\r
379         }\r
380         // Display login form with resend-password form\r
381         if (EXT_IS_ACTIVE("nickname"))\r
382         {\r
383                 LOAD_TEMPLATE("guest_nickname_login");\r
384         }\r
385          else\r
386         {\r
387                 LOAD_TEMPLATE("guest_login");\r
388         }\r
389 }\r
390 \r
391 // Was an URL constructed?\r
392 if (!empty($URL))\r
393 {\r
394         // URL was constructed\r
395         if (!empty($FATAL[0]))\r
396         {\r
397                 // Fatal errors!\r
398                 require_once(PATH."inc/fatal_errors.php");\r
399         }\r
400          else\r
401         {\r
402                 // Load URL\r
403                 LOAD_URL($URL);\r
404         }\r
405 }\r
406 \r
407 CLOSE_TABLE();\r
408 //\r
409 ?>\r
Mailer-Project repository