<?php
/*
MGB 0.6.x - OpenSource PHP and MySql Guestbook
Copyright (C) 2004 - 2011 Juergen Grueneisl - http://www.m-gb.org/
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
*/
// ============= //
// login.inc.php //
// ============= //
//
// ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ //
// make sure nobody has direct acces to this script
if (!defined('ADMINISTRATION'))
{
include ("error.html");
die();
}
require ("../includes/functions.inc.php");
if(isset($_GET['action']) AND ($_GET['action'] == "logout"))
{
// logout
$link = @mysql_connect($db['hostname'], $db['username'], $db['password']) or die ("(login.inc.php) Error, line 39: ".mysql_error());
@mysql_select_db($db['dbname'], $link) or die ("(login.inc.php) Error, line 40: ".mysql_error());
if(isset($_SESSION['ID']))
{
$sql = "UPDATE ".$db['prefix']."user SET `logged_out` = '1' WHERE ID=".secure_value($_SESSION['ID'])." LIMIT 1";
@mysql_query($sql, $link) or die ("(login.inc.php) Error, line 45: ".mysql_error());
session_unset();
session_destroy();
$_SESSION = array();
}
$login_is_ok = 0;
$login_status_text = $lang['logged_out'];
$login_status_img = "<img src=\"templates/default/images/login.png\" height=\"16\" width=\"16\" title=\"{LANG_LOGIN}\" alt=\"{LANG_LOGIN}\">";
$_POST['sent'] = 0;
}
else
{
if(isset($_POST['sent']) AND $_POST['sent'] == 1)
{
if(!empty($_POST['username']) AND !empty($_POST['password']))
{
$_POST['username'] = secure_value($_POST['username']);
if(login_ok($_POST['username'], "", $_POST['password']))
{
if(!isset($_SESSION['key']))
{
$link = @mysql_connect($db['hostname'], $db['username'], $db['password']) or die ("(login.inc.php) Error, line 68: ".mysql_error());
@mysql_select_db($db['dbname'], $link) or die ("(login.inc.php) Error, line 69: ".mysql_error());
generate_key_and_pw($_POST['username'], 16);
$sql = "SELECT ID, user_name, user_key, user_is_active, logged_out FROM ".$db['prefix']."user WHERE user_name=".$_POST['username'];
$result = @mysql_query($sql, $link) or die ("(login.inc.php) Error, line 74: ".mysql_error());
$user = @mysql_fetch_array($result);
$_SESSION['ID'] = $user['ID'];
$_SESSION['username'] = $user['user_name'];
$_SESSION['key'] = $user['user_key'];
$_SESSION['user_is_active'] = $user['user_is_active'];
if($_SESSION['user_is_active'] == 1)
{
$login_status_text = $lang['login_ok'];
$login_status_img = NULL;
$login_is_ok = 1;
if(SID != NULL) { $sid = "?".SID; } else {$sid = NULL; }
if($user['logged_out'] == 0)
{
$errorcode = 10;
$refresh = "<meta http-equiv=\"refresh\" content=\"5; URL=admin.php".$sid."\">";
}
else
{
$refresh = "<meta http-equiv=\"refresh\" content=\"2; URL=admin.php".$sid."\">";
}
$sql = "UPDATE ".$db['prefix']."user SET `logged_in` = '".time()."', `logged_out` = '0' WHERE ID=".secure_value($user['ID'])." LIMIT 1";
@mysql_query($sql, $link) or die ("(login.inc.php) Error, line 102: ".mysql_error());
}
else
{
session_unset();
session_destroy();
$_SESSION = array();
$login_status_text = $lang['logged_out'];
$login_status_img = NULL;
$login_is_ok = 0;
$errorcode = 3;
$refresh = NULL;
}
}
else
{
$login_status_text = $lang['logged_out'];
$login_status_img = "<img src=\"templates/default/images/login.png\" height=\"16\" width=\"16\" title=\"{LANG_LOGIN}\" alt=\"{LANG_LOGIN}\">";
$login_is_ok = 0;
}
}
else
{
$login_status_text = $lang['logged_out'];
$login_status_img = "<img src=\"templates/default/images/login.png\" height=\"16\" width=\"16\" title=\"{LANG_LOGIN}\" alt=\"{LANG_LOGIN}\">";
$login_is_ok = 0;
$errorcode = 2;
}
}
else
{
$login_status_text = $lang['logged_out'];
$login_status_img = "<img src=\"templates/default/images/login.png\" height=\"16\" width=\"16\" title=\"{LANG_LOGIN}\" alt=\"{LANG_LOGIN}\">";
$login_is_ok = 0;
$errorcode = 1;
}
}
else
{
$login_status_text = $lang['logged_out'];
$login_status_img = "<img src=\"templates/default/images/login.png\" height=\"16\" width=\"16\" title=\"{LANG_LOGIN}\" alt=\"{LANG_LOGIN}\">";
$login_is_ok = 0;
}
}
if (isset($errorcode) AND $errorcode == 1) { $errormessage = $lang['errormessage1']; }
if (isset($errorcode) AND $errorcode == 2) { $errormessage = $lang['errormessage2']; }
if (isset($errorcode) AND $errorcode == 3) { $errormessage = $lang['errormessage3']; }
if (isset($errorcode) AND $errorcode == 9) { $errormessage = $lang['errormessage9']; }
if (isset($errorcode) AND $errorcode == 10) { $errormessage = $lang['errormessage10']; }
if (!isset($errorcode)) { $content_errormessage = NULL; };
if (isset($login_is_ok) AND $login_is_ok == 1)
{
$page_include = $content_login_ok;
$page_include = template("TEMPLATE_ERRORMESSAGE", $content_errormessage, $page_include);
if(!isset($errormessage)) { $errormessage = NULL; }
$page_include = template("ERRORMESSAGE", $errormessage, $page_include);
$page_include = template("LANG_PLEASE_WAIT", $lang['please_wait'], $page_include);
}
else
{
$page_include = $content_login;
if(!isset($errormessage)) { $errormessage = NULL; }
$page_include = template("TEMPLATE_ERRORMESSAGE", $content_errormessage, $page_include);
$page_include = template("ERRORMESSAGE", $errormessage, $page_include);
$page_include = template("LANG_LOGIN_USERNAME", $lang['login_username'], $page_include);
$page_include = template("LANG_LOGIN_PASSWORD", $lang['login_password'], $page_include);
$page_include = template("LANG_LOGIN_LOSTPASSWORD", $lang['login_lostpassword'], $page_include);
}
$content_scrolling_function = NULL;
// close sql connection
@mysql_close($link);
?>