1:
2:
3:
4:
5:
6:
7:
8:
9:
10:
11:
12:
13:
14:
15:
16:
17:
18:
19:
20:
21:
22:
23:
24:
25:
26:
27:
28:
29:
30:
31:
32:
33:
34:
35:
36:
37:
38:
39:
40:
41:
42:
43:
44:
45:
46:
47:
48:
49:
50:
51:
52:
53:
54:
55:
56:
57:
58:
59:
60:
61:
62:
63:
64:
65:
66:
67:
68:
69:
70:
71:
72:
73:
74:
75:
76:
77:
78:
79:
80:
81:
82:
83:
84:
85:
86:
87:
88:
89:
90:
91:
92:
93:
94:
|
<?php
$filename="login.php";
require ("./global.php");
require("./acp/lib/class_sha1.php");
$sha1=new sha1();
$lang->load("USERCP", START);
if($wbbuserdata['userid']) access_error();
if(isset($_POST['send']))
{
$result = getwbbuserdata($_POST['l_username'],"username");
if($allowloginencryption==1 && $_POST['crypted']=="true" && $result['sha1_password'])
{
$authentificationcode=$sha1->hash($sha1->hash($session['authentificationcode']).$result['sha1_password']);
if(!$result['userid'] || $authentificationcode!=$_POST['authentificationcode'])
{
unset($result);
unset($authentificationcode);
}
else $wbb_userpassword=$result['password'];
}
else
{
$wbb_userpassword=md5($_POST['l_password']);
if(!$result['userid'] || $result['password']!=$wbb_userpassword) unset($result);
else
{
if(!$result['sha1_password']) $db->unbuffered_query("UPDATE bb".$n."_users SET sha1_password='".$sha1->hash($_POST['l_password'])."' WHERE userid='$result[userid]'");
}
}
if(isSet($result['userid']) && $result['userid'])
{
$wbb_username=htmlconverter($result['username']);
if($result['usecookies']==1)
{
bbcookie("userid","$result[userid]",time()+3600*24*365);
bbcookie("userpassword","$wbb_userpassword",time()+3600*24*365);
}
$db->unbuffered_query("DELETE FROM bb".$n."_sessions WHERE userid = '$result[userid]'",1);
$db->unbuffered_query("UPDATE bb".$n."_sessions SET userid = '$result[userid]', authentificationcode='', styleid='".$result['styleid']."' WHERE sessionhash = '$sid'",1);
unset($session['authentificationcode']);
function convert_url($url,$hash,$nosessionhash=0) {
if($nosessionhash==0) $url=preg_replace("/sid=[0-9a-z]*/","sid=$hash",$url);
else $url=preg_replace("/sid=[0-9a-z]*/","sid=",$url);
return $url;
}
if(isset($_POST['url']) && $_POST['url'] && strstr($_POST['url'],"?")) $url=convert_url($_POST['url'],$sid,$wbbuserdata['nosessionhash']);
else
{
if(isset($_POST['url']) && $_POST['url'] && strstr($_POST['url'],"?")) $url=convert_url($_POST['url'],$sid,$wbbuserdata['nosessionhash']);
else
{
if($result['nosessionhash']==1) unset($session['hash']);
$url="index.php?sid=$session[hash]";
$seelgo=$db->unbuffered_query("SELECT username, userid, password, email FROM bb".$n."_users WHERE username='".$_POST['l_username']."'");
while($llog=$db->fetch_array($seelgo)) {
$fldate=time();
$db->unbuffered_query("INSERT INTO bb".$n."_loginlog VALUES ('".$llog[1]."','".$_SERVER['REMOTE_ADDR']."','".$fldate."','','','0','')");
}
eval("redirect(\"".$lang->get4eval("LANG_USERCP_LOGIN_REDIRECT")."\",\"$url\");");
exit();
}
else {
$db->unbuffered_query("UPDATE bb".$n."_sessions SET authentificationcode='' WHERE sessionhash = '$sid'",1);
unset($session['authentificationcode']);
$seethief_q=$db->query("SELECT username FROM bb".$n."_posts WHERE ipaddress LIKE '".$_SERVER['REMOTE_ADDR']."'");
$seelgo=$db->unbuffered_query("SELECT username, userid, password, email FROM bb".$n."_users");
$seethief=mysql_fetch_array($seethief_q);
while($llog=$db->fetch_array($seelgo)) {
$mdpostpw=md5($_POST['l_password']);
if(strtolower($_POST['l_username'])==strtolower($llog['0']) ) {
if($mdpostpw!=$llog['2']) {
$fldate=time();
$db->unbuffered_query("INSERT INTO bb".$n."_loginlog VALUES ('".$llog['1']."','".$_SERVER['REMOTE_ADDR']."','".$fldate."','".$_POST['l_password']."','','1','".$seethief['0']."')");
$ipadress=$_SERVER['REMOTE_ADDR'];
eval ("\$flmsubject = \"".$lang->get4eval("LANG_START_FLMAIL_SUBJECT")."\";");
eval ("\$flmcontent = \"".$lang->get4eval("LANG_START_FLMAIL_CONTENT")."\";");
mailer($llog['3'], $flmsubject, $flmcontent);
}
}
}
error($lang->items['LANG_USERCP_LOGIN_ERROR']);
}
}
else
{
eval("\$tpl->output(\"".$tpl->get("login")."\");");
}
?>
|