Code:
function login($username, $user_password, $redirect, $mode, $f, $t, $random_num, $gfx_check) {
global $nsnst_const, $setinfo, $user_prefix, $db, $module_name, $pm_login, $prefix, $gfx_chk;
$user_password = htmlspecialchars(stripslashes($user_password));
include_once('config.php');
$username = trim($username);
#$sql = 'SELECT user_password, user_id, storynum, umode, uorder, thold, noscore, ublockon, theme, commentmax FROM '.$user_prefix.'_users WHERE username=\''.$username.'\'';
$sql = "SELECT user_password, user_id, storynum, umode, uorder, thold, noscore, ublockon, theme, commentmax FROM ".$user_prefix."_users WHERE username='$username'";
$result = $db->sql_query($sql);
$setinfo = $db->sql_fetchrow($result);
$forward = ereg_replace('redirect=', '', "$redirect");
if (ereg('privmsg', $forward)) {
$pm_login = 'active';
}
if (($db->sql_numrows($result)==1) AND ($setinfo['user_id'] != 1) AND (!empty($setinfo['user_password']))) {
$dbpass=$setinfo['user_password'];
$non_crypt_pass = $user_password;
$old_crypt_pass = crypt($user_password,substr($dbpass,0,2));
$new_pass = md5($user_password);
if (($dbpass == $non_crypt_pass) OR ($dbpass == $old_crypt_pass)) {
$db->sql_query('UPDATE '.$user_prefix.'_users SET user_password=\''.$new_pass.'\' WHERE username=\''.$username.'\'');
$sql = 'SELECT user_password FROM '.$user_prefix.'_users WHERE username=\''.$username.'\'';
$result = $db->sql_query($sql);
$row = $db->sql_fetchrow($result);
$dbpass = $row['user_password'];
}
if ($dbpass != $new_pass) {
Header('Location: modules.php?name='.$module_name.'&stop=1');
return;
}
/*****[BEGIN]******************************************
[ Base: GFX Code v1.0.0 ]
******************************************************/
if (!security_code_check($gfx_check, array(2,4,5,7))) {
Header('Location: modules.php?name='.$module_name);
die();
}
else security_code(array(2,4,5,7));
/*****[END]********************************************
[ Base: GFX Code v1.0.0 ]
******************************************************/
//} else {
docookie($setinfo['user_id'], $username, $new_pass, $setinfo['storynum'], $setinfo['umode'], $setinfo['uorder'], $setinfo['thold'], $setinfo['noscore'], $setinfo['ublockon'], $setinfo['theme'], $setinfo['commentmax']);
if(!defined('NUKESENTINEL_IS_LOADED')) {
$uname = $_SERVER['REMOTE_ADDR'];
} else {
$uname = $nsnst_const['remote_ip'];
}
$db->sql_query('DELETE FROM '.$prefix.'_session WHERE uname=\''.$uname.'\' AND guest=\'1\'');
$db->sql_query('UPDATE '.$user_prefix.'_users SET last_ip=\''.$uname.'\' WHERE username=\''.$username.'\'');
// }
if (!empty($pm_login)) {
Header('Location: modules.php?name=Private_Messages&file=index&folder=inbox');
exit;
}
if (!isset($f)) $f='';
if (!isset($t)) $t='';
if (empty($redirect)) {
Header('Location: modules.php?name=Your_Account&op=userinfo&bypass=1&username='.$username);
} else if (empty($mode)) {
Header('Location: forums.html?file='.$forward);
} else if (!empty($t)) {
Header('Location: forums.html?file='.$forward.'&mode='.$mode.'&t='.$t);
} else {
Header('Location: forums.html?file='.$forward.'&mode='.$mode.'&f='.$f);
}
} else {
Header('Location: modules.php?name='.$module_name.'&stop=1');
}
}
|