$result = dbquery("ALTER TABLE ".$db_prefix."users ADD user_new_pass SMALLINT(1) UNSIGNED NOT NULL DEFAULT '0'");
if (isset($_POST['login'])) {
$user_pass = md5($_POST['user_pass']);
$user_name = preg_replace(array("/\=/","/\#/","/\sOR\s/"), "", stripinput($_POST['user_name']));
$result = dbquery("SELECT * FROM ".$db_prefix."users WHERE user_name='$user_name' AND (user_password='".md5($user_pass)."' OR user_password='$user_pass')");
if (dbrows($result) != 0) {
$data = dbarray($result);
if ($data['user_password'] == $user_pass) {
$result = dbquery("UPDATE ".$db_prefix."users SET user_password='".md5($user_pass)."' WHERE user_id='".$data['user_id']."'");
}
$cookie_value = $data['user_id'].".".$user_pass;
if ($data['user_status'] == 0) {
$cookie_exp = isset($_POST['remember_me']) ? time() + 3600*24*30 : time() + 3600*3;
header("P3P: CP='NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM'");
setcookie("fusion_user", $cookie_value, $cookie_exp, "/", "", "0");
redirect(BASEDIR."setuser.php?user=".$data['user_name'], "script");
} elseif ($data['user_status'] == 1) {
redirect(BASEDIR."setuser.php?error=1", "script");
} elseif ($data['user_status'] == 2) {
redirect(BASEDIR."setuser.php?error=2", "script");
}
} else {
redirect(BASEDIR."setuser.php?error=3");
}
}
if (isset($_COOKIE['fusion_user'])) {
$cookie_vars = explode(".", $_COOKIE['fusion_user']);
$cookie_1 = isNum($cookie_vars['0']) ? $cookie_vars['0'] : "0";
$cookie_2 = (preg_match("/^[0-9a-z]{32}$/", $cookie_vars['1']) ? $cookie_vars['1'] : "");
$result = dbquery("SELECT * FROM ".$db_prefix."users WHERE user_id='$cookie_1' AND user_password='".md5($cookie_2)."'");
unset($cookie_vars,$cookie_1,$cookie_2);
if (dbrows($result) != 0) {
$userdata = dbarray($result);
if ($userdata['user_status'] == 0) {
if ($userdata['user_theme'] != "Default" && file_exists(THEMES.$userdata['user_theme']."/theme.php")) {
define("THEME", THEMES.$userdata['user_theme']."/");
} else {
define("THEME", THEMES.$settings['theme']."/");
}
if ($userdata['user_offset'] <> 0) {
$settings['timeoffset'] = $settings['timeoffset'] + $userdata['user_offset'];
}
if (empty($_COOKIE['fusion_lastvisit'])) {
setcookie("fusion_lastvisit", $userdata['user_lastvisit'], time() + 3600, "/", "", "0");
$lastvisited = $userdata['user_lastvisit'];
} else {
$lastvisited = $_COOKIE['fusion_lastvisit'];
}
} else {
header("P3P: CP='NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM'");
setcookie("fusion_user", "", time() - 7200, "/", "", "0");
setcookie("fusion_lastvisit", "", time() - 7200, "/", "", "0");
redirect(BASEDIR."index.php", "script");
}
} else {
header("P3P: CP='NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM'");
setcookie("fusion_user", "", time() - 7200, "/", "", "0");
setcookie("fusion_lastvisit", "", time() - 7200, "/", "", "0");
redirect(BASEDIR."index.php", "script");
}
} else {
define("THEME", THEMES.$settings['theme']."/");
$userdata = ""; $userdata['user_level'] = 0; $userdata['user_rights'] = ""; $userdata['user_groups'] = "";
}
if (isset($_POST['login']) ) {
$user_pass = md5($_POST['user_pass']);
[b]//add by slawekneo
$user_pass2 = md5($user_pass);[/b]
$user_name = preg_replace(array("/\=/","/\#/","/\sOR\s/"), "", stripinput($_POST['user_name']));
$result = dbquery("SELECT * FROM ".$db_prefix."users WHERE user_name='$user_name' AND (user_password='".md5($user_pass)."' OR user_password='$user_pass')");
if (dbrows($result) != 0) {
$data = dbarray($result);
[b]//edit by slawekneo
if ($data['user_password'] == $user_pass && $data['user_new_pass'] == 0) {
$result = dbquery("UPDATE ".$db_prefix."users SET user_password='".md5($user_pass)."', user_new_pass=1 WHERE user_id='".$data['user_id']."'");
} else if ($data['user_password'] == $user_pass && $data['user_new_pass'] == 1) {
redirect(BASEDIR."setuser.php?error=3", "script");
} else if ($data['user_password'] == $user_pass2 && $data['user_new_pass'] == 0) {
$result = dbquery("UPDATE ".$db_prefix."users SET user_new_pass=1 WHERE user_id='".$data['user_id']."'");
}
//end edit
//edit by slawekneo
if ($data['user_status'] == 0 && $data['user_password'] == $user_pass2) {
//add by slawekneo
$result = dbquery("UPDATE ".$db_prefix."users SET user_ip='".USER_IP."' WHERE user_id='".$data['user_id']."'");[/b]
$cookie_value = $data['user_id'].".".$user_pass;
$cookie_exp = isset($_POST['remember_me']) ? time() + 3600*24*30 : time() + 3600*3;
header("P3P: CP='NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM'");
setcookie("fusion_user", $cookie_value, $cookie_exp, "/", "", "0");
redirect(BASEDIR."setuser.php?user=".$data['user_name'], "script");
} elseif ($data['user_status'] == 1) {
redirect(BASEDIR."setuser.php?error=1", "script");
} elseif ($data['user_status'] == 2) {
redirect(BASEDIR."setuser.php?error=2", "script");
}
} else {
redirect(BASEDIR."setuser.php?error=3");
}
}
if (isset($_COOKIE['fusion_user'])) {
$cookie_vars = explode(".", $_COOKIE['fusion_user']);
$cookie_1 = isNum($cookie_vars['0']) ? $cookie_vars['0'] : "0";
$cookie_2 = (preg_match("/^[0-9a-z]{32}$/", $cookie_vars['1']) ? $cookie_vars['1'] : "");
[b]//edit by slawekneo
$result = dbquery("SELECT * FROM ".$db_prefix."users WHERE user_id='$cookie_1' AND user_password='".md5($cookie_2)."' AND user_ip='".USER_IP."'");[/b]
unset($cookie_vars,$cookie_1,$cookie_2);
if (dbrows($result) != 0) {
$userdata = dbarray($result);
if ($userdata['user_status'] == 0) {
if ($userdata['user_theme'] != "Default" && file_exists(THEMES.$userdata['user_theme']."/theme.php")) {
define("THEME", THEMES.$userdata['user_theme']."/");
} else {
define("THEME", THEMES.$settings['theme']."/");
}
if ($userdata['user_offset'] <> 0) {
$settings['timeoffset'] = $settings['timeoffset'] + $userdata['user_offset'];
}
if (empty($_COOKIE['fusion_lastvisit'])) {
setcookie("fusion_lastvisit", $userdata['user_lastvisit'], time() + 3600, "/", "", "0");
$lastvisited = $userdata['user_lastvisit'];
} else {
$lastvisited = $_COOKIE['fusion_lastvisit'];
}
} else {
header("P3P: CP='NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM'");
setcookie("fusion_user", "", time() - 7200, "/", "", "0");
setcookie("fusion_lastvisit", "", time() - 7200, "/", "", "0");
redirect(BASEDIR."index.php", "script");
}
} else {
header("P3P: CP='NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM'");
setcookie("fusion_user", "", time() - 7200, "/", "", "0");
setcookie("fusion_lastvisit", "", time() - 7200, "/", "", "0");
redirect(BASEDIR."index.php", "script");
}
} else {
define("THEME", THEMES.$settings['theme']."/");
$userdata = ""; $userdata['user_level'] = 0; $userdata['user_rights'] = ""; $userdata['user_groups'] = "";
}
if (isset($_POST['login'])) {
[b]//Edit by slawekneo
$user_pass = strlen($_POST['user_pass']) == 32 ? "" : md5($_POST['user_pass']);[/b]
$user_name = preg_replace(array("/\=/","/\#/","/\sOR\s/"), "", stripinput($_POST['user_name']));
$result = dbquery("SELECT * FROM ".$db_prefix."users WHERE user_name='$user_name' AND (user_password='".md5($user_pass)."' OR user_password='$user_pass')");
if (dbrows($result) != 0) {
$data = dbarray($result);
if ($data['user_password'] == $user_pass) {
$result = dbquery("UPDATE ".$db_prefix."users SET user_password='".md5($user_pass)."' WHERE user_id='".$data['user_id']."'");
}
$cookie_value = $data['user_id'].".".$user_pass;
if ($data['user_status'] == 0) {
[b]//Add by slawekneo
$result = dbquery("UPDATE ".$db_prefix."users SET user_ip='".USER_IP."' WHERE user_id='".$data['user_id']."'");[/b]
$cookie_exp = isset($_POST['remember_me']) ? time() + 3600*24*30 : time() + 3600*3;
header("P3P: CP='NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM'");
setcookie("fusion_user", $cookie_value, $cookie_exp, "/", "", "0");
redirect(BASEDIR."setuser.php?user=".$data['user_name'], "script");
} elseif ($data['user_status'] == 1) {
redirect(BASEDIR."setuser.php?error=1", "script");
} elseif ($data['user_status'] == 2) {
redirect(BASEDIR."setuser.php?error=2", "script");
}
} else {
redirect(BASEDIR."setuser.php?error=3");
}
}
if (isset($_COOKIE['fusion_user'])) {
$cookie_vars = explode(".", $_COOKIE['fusion_user']);
$cookie_1 = isNum($cookie_vars['0']) ? $cookie_vars['0'] : "0";
$cookie_2 = (preg_match("/^[0-9a-z]{32}$/", $cookie_vars['1']) ? $cookie_vars['1'] : "");
[b]//edit by slawekneo
$result = dbquery("SELECT * FROM ".$db_prefix."users WHERE user_id='$cookie_1' AND user_password='".md5($cookie_2)."' AND user_ip='".USER_IP."'");[/b]
unset($cookie_vars,$cookie_1,$cookie_2);
if (dbrows($result) != 0) {
$userdata = dbarray($result);
if ($userdata['user_status'] == 0) {
if ($userdata['user_theme'] != "Default" && file_exists(THEMES.$userdata['user_theme']."/theme.php")) {
define("THEME", THEMES.$userdata['user_theme']."/");
} else {
define("THEME", THEMES.$settings['theme']."/");
}
if ($userdata['user_offset'] <> 0) {
$settings['timeoffset'] = $settings['timeoffset'] + $userdata['user_offset'];
}
if (empty($_COOKIE['fusion_lastvisit'])) {
setcookie("fusion_lastvisit", $userdata['user_lastvisit'], time() + 3600, "/", "", "0");
$lastvisited = $userdata['user_lastvisit'];
} else {
$lastvisited = $_COOKIE['fusion_lastvisit'];
}
} else {
header("P3P: CP='NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM'");
setcookie("fusion_user", "", time() - 7200, "/", "", "0");
setcookie("fusion_lastvisit", "", time() - 7200, "/", "", "0");
redirect(BASEDIR."index.php", "script");
}
} else {
header("P3P: CP='NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM'");
setcookie("fusion_user", "", time() - 7200, "/", "", "0");
setcookie("fusion_lastvisit", "", time() - 7200, "/", "", "0");
redirect(BASEDIR."index.php", "script");
}
} else {
define("THEME", THEMES.$settings['theme']."/");
$userdata = ""; $userdata['user_level'] = 0; $userdata['user_rights'] = ""; $userdata['user_groups'] = "";
}
Category Forum
Bugs and Errors - 6Labels
None yet
Statistics
0 participants
Notifications
You are not receiving notifications from this thread.
Related Questions