| 1 |
<?php</span> |
|---|
| 2 |
<span class="code-lang">$root_path = './'; |
|---|
| 3 |
require ($root_path . 'include/config.php'); |
|---|
| 4 |
|
|---|
| 5 |
$userdata = session_pagestart($user_ip); |
|---|
| 6 |
init_userprefs($userdata); |
|---|
| 7 |
|
|---|
| 8 |
$action = request_var('action', '' ); |
|---|
| 9 |
$returnto = request_var('returnto', '' ); |
|---|
| 10 |
|
|---|
| 11 |
$redirect = request_var('redirect', '' ); |
|---|
| 12 |
$admin = request_var('admin', '' );</span> |
|---|
| 13 |
<span class="code-lang"> |
|---|
| 14 |
if ( isset($_POST['login']) ) { |
|---|
| 15 |
$username = request_var('username', '' ); |
|---|
| 16 |
$password = request_var('password', '' ); |
|---|
| 17 |
$autologin = request_var('autologin', '' ); |
|---|
| 18 |
$sql = "SELECT uid, pass, secret, enabled, email, status, class FROM " . USERS_TABLE . " WHERE name = '" . $db->sql_escape($username) . "' AND uid <> " . ANONYMOUS; |
|---|
| 19 |
$result = $db->sql_query($sql); |
|---|
| 20 |
if (!$row = $db->sql_fetchrow($result)) { |
|---|
| 21 |
trigger_error($lang['no_such_user']); |
|---|
| 22 |
} |
|---|
| 23 |
if ( !$row['status'] ) { |
|---|
| 24 |
trigger_error($lang['pending_account']); |
|---|
| 25 |
} |
|---|
| 26 |
if ($row['pass'] != md5($row['secret'] . $password . $row['secret'])) { |
|---|
| 27 |
trigger_error($lang['another_pass']); |
|---|
| 28 |
} |
|---|
| 29 |
if ( !$row['enabled'] ) { |
|---|
| 30 |
trigger_error($lang['account_disabled']); |
|---|
| 31 |
} |
|---|
| 32 |
if ( $row['class'] >= UC_ADMINISTRATOR && $admin ) { |
|---|
| 33 |
define('ADMIN_START', true); |
|---|
| 34 |
$session_id = session_begin($row['uid'], $user_ip, FALSE, $autologin, $admin); |
|---|
| 35 |
|
|---|
| 36 |
if( $session_id ) { |
|---|
| 37 |
$url = ( $redirect ? str_replace('&', '&', htmlspecialchars($redirect) ) : ( $returnto ? $returnto : 'my.php') ); |
|---|
| 38 |
$url = append_sid($url); |
|---|
| 39 |
meta_refresh(3, $url); |
|---|
| 40 |
trigger_error($lang['admin_login_sucefully'] . '<br /><br />' . sprintf($lang['click_here_to_login_to_admin_panel'], '<a href="' . $url . '">', '</a>')); |
|---|
| 41 |
} |
|---|
| 42 |
else { |
|---|
| 43 |
trigger_error("Couldn't start session : login"); |
|---|
| 44 |
} |
|---|
| 45 |
} |
|---|
| 46 |
else { |
|---|
| 47 |
session_begin ($row['uid'], $user_ip, false, $autologin); |
|---|
| 48 |
$returnto = urldecode($returnto); |
|---|
| 49 |
$returnto = ( $returnto ? $returnto : 'my.php'); |
|---|
| 50 |
redirect( append_sid($root_path . $returnto)); |
|---|
| 51 |
} |
|---|
| 52 |
} |
|---|
| 53 |
elseif ( $action == 'logout' ) { |
|---|
| 54 |
if ( $userdata['session_logged_in'] ) { |
|---|
| 55 |
session_end ($userdata['session_id'], $userdata['uid']); |
|---|
| 56 |
} |
|---|
| 57 |
redirect( append_sid($root_path)); |
|---|
| 58 |
} |
|---|
| 59 |
else { |
|---|
| 60 |
if ( $userdata['session_logged_in'] && !$admin && !$redirect ) { |
|---|
| 61 |
redirect( append_sid($root_path)); |
|---|
| 62 |
} |
|---|
| 63 |
show_login_box(); |
|---|
| 64 |
} |
|---|
| 65 |
?> |
|---|
