search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Codechange: Gruppierung der Ausgabe der Benutzerliste, Tabellen mit <thead> und ...
[wmmkf.git] / login.php
blob23a9def0b333f31ae75ca0592bb9e16f572ba0fc
1 <?php
2 ###############################################################################
3 # my little forum #
4 # Copyright (C) 2005 Alex #
5 # http://www.mylittlehomepage.net/ #
6 # #
7 # This program is free software; you can redistribute it and/or #
8 # modify it under the terms of the GNU General Public License #
9 # as published by the Free Software Foundation; either version 2 #
10 # of the License, or (at your option) any later version. #
11 # #
12 # This program is distributed in the hope that it will be useful, #
13 # but WITHOUT ANY WARRANTY; without even the implied warranty of #
14 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
15 # GNU General Public License for more details. #
16 # #
17 # You should have received a copy of the GNU General Public License #
18 # along with this program; if not, write to the Free Software #
19 # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. #
20 ###############################################################################
21
22 include("inc.php");
23 include_once("functions/include.prepare.php");
24
25 // Variablen importieren:
26 if (isset($_SESSION[$settings['session_prefix'].'user_id'])) $user_id = $_SESSION[$settings['session_prefix'].'user_id'];
27 #if (isset($_SESSION[$settings['session_prefix'].'user_type'])) $user_type = $_SESSION[$settings['session_prefix'].'user_type'];
28 #if (isset($_SESSION[$settings['session_prefix'].'user_name'])) $user_name = $_SESSION[$settings['session_prefix'].'user_name'];
29 if (isset($_POST['username'])) $username = $_POST['username'];
30 if (isset($_POST['userpw'])) $userpw = $_POST['userpw'];
31 if (isset($_GET['username'])) $username = $_GET['username'];
32 if (isset($_GET['userpw'])) $userpw = $_GET['userpw'];
33 if (isset($_GET['action'])) $action = $_GET['action'];
34 if (isset($_POST['action'])) $action = $_POST['action'];
35 if (isset($_GET['msg'])) $msg = $_GET['msg'];
36 if (isset($_POST['pwf_username'])) $pwf_username = $_POST['pwf_username'];
37 if (isset($_POST['pwf_email'])) $pwf_email = $_POST['pwf_email'];
38
39 // schauen, ob Session registriert ist - wenn nicht, dann zum Login:
40 if (isset($_SESSION[$settings['session_prefix'].'user_id']) && empty($action))
41 {
42 $action = "logout";
43 }
44 else if (empty($_SESSION[$settings['session_prefix'].'user_id'])
45 && isset($username)
46 && $username != ""
47 && isset($userpw)
48 && $userpw != "")
49 {
50 $action = "login ok";
51 }
52 else if (empty($_SESSION[$settings['session_prefix'].'user_id'])
53 && isset($username)
54 && isset($userpw)
55 && ($username == "" || $userpw == ""))
56 {
57 header('Location: '.$settings['forum_address'].'login.php?msg=login_failed');
58 die('<a href="'.$_SERVER['SCRIPT_NAME'].'?msg=login_failed">further...</a>');
59 }
60 else if (empty($_SESSION[$settings['session_prefix'].'user_id'])
61 && isset($_COOKIE['auto_login'])
62 && isset($settings['autologin'])
63 && $settings['autologin'] == 1)
64 {
65 $action = "auto_login";
66 }
67 else if (empty($_SESSION[$settings['session_prefix'].'user_id'])
68 && empty($action)
69 && empty($_GET['activate']))
70 {
71 $action = "login";
72 }
73 else if (empty($_SESSION[$settings['session_prefix'].'user_id'])
74 && empty($action)
75 && isset($_GET['activate']))
76 {
77 $action = "activate";
78 }
79
80 // Aktionen, bevor HTML ausgegeben wird:
81 switch ($action)
82 {
83 case "login ok":
84 if (isset($username)
85 && trim($username) != ""
86 && isset($userpw)
87 && $userpw != "")
88 {
89 $result = mysql_query("SELECT user_id, user_name, user_pw, user_type, UNIX_TIMESTAMP(last_login) AS last_login, UNIX_TIMESTAMP(last_logout) AS last_logout, user_view, time_difference, activate_code FROM ".$db_settings['userdata_table']." WHERE user_name = '".mysql_escape_string($username)."'", $connid);
90 if (!$result) die($lang['db_error']);
91 if (mysql_num_rows($result) == 1)
92 {
93 $feld = mysql_fetch_assoc($result);
94 if ($feld["user_pw"] == md5($userpw))
95 {
96 if (trim($feld["activate_code"]) != '')
97 {
98 header('Location: '.$settings['forum_address'].'login.php?msg=account_not_activated');
99 die('<a href="'.$_SERVER['SCRIPT_NAME'].'?msg=account_not_activated">further...</a>');
100 }
101 if (isset($_POST['autologin_checked'])
102 && isset($settings['autologin'])
103 && $settings['autologin'] == 1)
104 {
105 $cookie_pw = md5($feld["user_pw"]);
106 setcookie("auto_login",$feld["user_id"].".".$cookie_pw,time()+(3600*24*30));
107 }
108 else
109 {
110 setcookie("auto_login","",0);
111 }
112 $user_id = $feld["user_id"];
113 $user_name = $feld["user_name"];
114 $user_type = $feld["user_type"];
115 $user_view = $feld["user_view"];
116 $user_time_difference = $feld["time_difference"];
117 $newtime = $feld["last_logout"];
118 $_SESSION[$settings['session_prefix'].'user_id'] = $user_id;
119 $_SESSION[$settings['session_prefix'].'user_name'] = $user_name;
120 $_SESSION[$settings['session_prefix'].'user_type'] = $user_type;
121 $_SESSION[$settings['session_prefix'].'user_view'] = $user_view;
122 $_SESSION[$settings['session_prefix'].'newtime'] = $newtime;
123 $_SESSION[$settings['session_prefix'].'user_time_difference'] = $user_time_difference;
124 $update_result = mysql_query("UPDATE ".$db_settings['userdata_table']." SET logins=logins+1, last_login=NOW(), last_logout=NOW(), registered=registered WHERE user_id='".$user_id."'", $connid);
125 if ($db_settings['useronline_table'] != "")
126 {
127 @mysql_query("DELETE FROM ".$db_settings['useronline_table']." WHERE ip = '".$_SERVER['REMOTE_ADDR']."'", $connid);
128 }
129 header('Location: '.$settings['forum_address'].'index.php');
130 die('<a href="index.php">further...</a>');
131 }
132 else
133 {
134 header('Location: '.$settings['forum_address'].'login.php?msg=login_failed');
135 die('<a href="'.$_SERVER['SCRIPT_NAME'].'?msg=login_failed">further...</a>');
136 }
137 }
138 else
139 {
140 header('Location: '.$settings['forum_address'].'login.php?msg=login_failed');
141 die('<a href="'.$_SERVER['SCRIPT_NAME'].'?msg=login_failed">further...</a>');
142 }
143 }
144 else
145 {
146 header('Location: '.$settings['forum_address'].'login.php?msg=login_failed');
147 die('<a href="'.$_SERVER['SCRIPT_NAME'].'?msg=login_failed">further...</a>');
148 }
149 break;
150 case "auto_login":
151 if (empty($_SESSION[$settings['session_prefix'].'user_id'])
152 && isset($_COOKIE['auto_login'])
153 && isset($settings['autologin'])
154 && $settings['autologin'] == 1)
155 {
156 $auto_login_array = explode(".",$_COOKIE['auto_login']);
157 $c_uid = $auto_login_array[0];
158 $c_uid = (int)$c_uid;
159 $result = mysql_query("SELECT user_id, user_name, user_pw, user_type, UNIX_TIMESTAMP(last_login) AS last_login, UNIX_TIMESTAMP(last_logout) AS last_logout, user_view, time_difference, activate_code FROM ".$db_settings['userdata_table']." WHERE user_id = '".$c_uid."'", $connid);
160 if (!$result) die($lang['db_error']);
161 if (mysql_num_rows($result) == 1)
162 {
163 $feld = mysql_fetch_assoc($result);
164 if (md5($feld["user_pw"]) == $auto_login_array[1]
165 && trim($feld["activate_code"]==''))
166 {
167 $user_id = $feld["user_id"];
168 $user_name = $feld["user_name"];
169 $user_type = $feld["user_type"];
170 $user_view = $feld["user_view"];
171 $user_time_difference = $feld["time_difference"];
172 $newtime = $feld["last_logout"];
173 $_SESSION[$settings['session_prefix'].'user_id'] = $user_id;
174 $_SESSION[$settings['session_prefix'].'user_name'] = $user_name;
175 $_SESSION[$settings['session_prefix'].'user_type'] = $user_type;
176 $_SESSION[$settings['session_prefix'].'user_view'] = $user_view;
177 $_SESSION[$settings['session_prefix'].'newtime'] = $newtime;
178 $_SESSION[$settings['session_prefix'].'user_time_difference'] = $user_time_difference;
179 $update_result = mysql_query("UPDATE ".$db_settings['userdata_table']." SET logins=logins+1, last_login=NOW(), last_logout=NOW(), registered=registered WHERE user_id='".$user_id."'", $connid);
180 setcookie("auto_login",$_COOKIE['auto_login'],time()+(3600*24*30));
181 if ($db_settings['useronline_table'] != "")
182 {
183 @mysql_query("DELETE FROM ".$db_settings['useronline_table']." WHERE ip = '".$_SERVER['REMOTE_ADDR']."'", $connid);
184 }
185 }
186 else setcookie("auto_login","",0);
187 }
188 else setcookie("auto_login","",0);
189 }
190 else setcookie("auto_login","",0);
191 if (isset($_GET['referer'])
192 && isset($_GET['id']))
193 {
194 header('Location: '.$_GET['referer'].'?id='.intval($_GET['id']));
195 }
196 else if (isset($_GET['referer']))
197 {
198 header("Location: ".$_GET['referer']);
199 }
200 else
201 {
202 header('Location: '.$settings['forum_address'].'login.php');
203 die('<a href="'.$_SERVER['SCRIPT_NAME'].'">further...</a>');
204 }
205 break;
206 case "logout":
207 $update_result = mysql_query("UPDATE ".$db_settings['userdata_table']." SET last_login=last_login, last_logout=NOW(), registered=registered WHERE user_id='".$user_id."'", $connid);
208 session_destroy();
209 setcookie("auto_login","",0);
210 if ($db_settings['useronline_table'] != "")
211 {
212 @mysql_query("DELETE FROM ".$db_settings['useronline_table']." WHERE ip = 'uid_".$user_id."'", $connid);
213 }
214 header('Location: '.$settings['forum_address'].'index.php');
215 die('<a href="index.php">further...</a>');
216 break;
217 case "pw_forgotten_ok":
218 if (isset($pwf_username)
219 && trim($pwf_username) != ""
220 && isset($pwf_email)
221 && trim($pwf_email) != "")
222 {
223 $pwf_result = mysql_query("SELECT user_id, user_name, user_email, user_pw FROM ".$db_settings['userdata_table']." WHERE user_name = '".$pwf_username."'", $connid);
224 if (!$pwf_result) die($lang['db_error']);
225 $field = mysql_fetch_assoc($pwf_result);
226 mysql_free_result($pwf_result);
227 if ($field["user_email"] == $pwf_email)
228 {
229 $pwf_code = md5(uniqid(rand()));
230 $update_result = mysql_query("UPDATE ".$db_settings['userdata_table']." SET last_login=last_login, registered=registered, pwf_code='".$pwf_code."' WHERE user_id='".$field["user_id"]."' LIMIT 1", $connid);
231
232 # send mail with activating link:
233 $ip = $_SERVER["REMOTE_ADDR"];
234 $lang['pwf_activating_email_txt'] = str_replace("[name]", $field["user_name"], strip_tags($lang['pwf_activating_email_txt']));
235 $lang['pwf_activating_email_txt'] = str_replace("[forum_address]", $settings['forum_address'], $lang['pwf_activating_email_txt']);
236 $lang['pwf_activating_email_txt'] = str_replace("[activating_link]", $settings['forum_address']."login.php?activate=".$field["user_id"]."&code=".$pwf_code, $lang['pwf_activating_email_txt']);
237 # $lang['pwf_activating_email_txt'] = stripslashes($lang['pwf_activating_email_txt']);
238 $header = "From: ".$settings['forum_name']." <".$settings['forum_email'].">\n";
239 $header .= "X-Mailer: Php/" . phpversion(). "\n";
240 $header .= "X-Sender-ip: $ip\n";
241 $header .= "Content-Type: text/plain";
242 $pwf_mailto = $field["user_name"]." <".$field["user_email"].">";
243 if ($settings['mail_parameter']!='')
244 {
245 if (@mail($pwf_mailto, strip_tags($lang['pwf_activating_email_sj']), $lang['pwf_activating_email_txt'], $header,$settings['mail_parameter']))
246 {
247 header('Location: '.$settings['forum_address'].'login.php?msg=mail_sent');
248 die('<a href="'.$_SERVER['SCRIPT_NAME'].'?msg=mail_sent">further...</a>');
249 }
250 else die($lang['mail_error']);
251 }
252 else
253 {
254 if (@mail($pwf_mailto, strip_tags($lang['pwf_activating_email_sj']), $lang['pwf_activating_email_txt'], $header))
255 {
256 header('Location: '.$settings['forum_address'].'login.php?msg=mail_sent');
257 die('<a href="'.$_SERVER['SCRIPT_NAME'].'?msg=mail_sent">further...</a>');
258 }
259 else die($lang['mail_error']);
260 }
261 }
262 else
263 {
264 header('Location: '.$settings['forum_address'].'login.php?msg=pwf_failed');
265 die('<a href="'.$_SERVER['SCRIPT_NAME'].'?msg=pwf_failed">further...</a>');
266 }
267 }
268 else
269 {
270 header('Location: '.$settings['forum_address'].'login.php?msg=pwf_failed');
271 die('<a href="'.$_SERVER['SCRIPT_NAME'].'?msg=pwf_failed">further...</a>');
272 }
273 break;
274 case "activate":
275 if (isset($_GET['activate'])
276 && trim($_GET['activate']) != ""
277 && isset($_GET['code'])
278 && trim($_GET['code']) != "")
279 {
280 $pwf_result = mysql_query("SELECT user_id, user_name, user_email, pwf_code FROM ".$db_settings['userdata_table']." WHERE user_id = '".intval($_GET["activate"])."'", $connid);
281 if (!$pwf_result) die($lang['db_error']);
282 $field = mysql_fetch_assoc($pwf_result);
283 mysql_free_result($pwf_result);
284 if ($field['user_id'] == $_GET["activate"]
285 && $field['pwf_code'] == $_GET['code'])
286 {
287 # generate new password:
288 $letters="abcdefghijkmnopqrstuvwxyzABCDEFGHJKLMNOPQRSTUVWXYZ0123456789";
289 mt_srand ((double)microtime()*1000000);
290 $new_user_pw="";
291 for ($i=0; $i<8; $i++)
292 {
293 $new_user_pw.=substr($letters,mt_rand(0,strlen($letters)-1),1);
294 }
295 $encoded_new_user_pw = md5($new_user_pw);
296 $update_result = mysql_query("UPDATE ".$db_settings['userdata_table']." SET last_login=last_login, registered=registered, user_pw='".$encoded_new_user_pw."', pwf_code='' WHERE user_id='".$field["user_id"]."' LIMIT 1", $connid);
297 # send new password:
298 $ip = $_SERVER["REMOTE_ADDR"];
299 $lang['new_pw_email_txt'] = str_replace("[name]", $field['user_name'], strip_tags($lang['new_pw_email_txt']));
300 $lang['new_pw_email_txt'] = str_replace("[password]", $new_user_pw, $lang['new_pw_email_txt']);
301 $lang['new_pw_email_txt'] = str_replace("[login_link]", $settings['forum_address']."login.php?username=".urlencode($field['user_name'])."&userpw=".$new_user_pw, $lang['new_pw_email_txt']);
302 # $lang['new_pw_email_txt'] = stripslashes($lang['new_pw_email_txt']);
303 $header = "From: ".$settings['forum_name']." <".$settings['forum_email'].">\n";
304 $header .= "X-Mailer: Php/" . phpversion(). "\n";
305 $header .= "X-Sender-ip: $ip\n";
306 $header .= "Content-Type: text/plain";
307 $new_pw_mailto = $field['user_name']." <".$field['user_email'].">";
308 if ($settings['mail_parameter']!='')
309 {
310 if (@mail($new_pw_mailto, strip_tags($lang['new_pw_email_sj']), $lang['new_pw_email_txt'], $header,$settings['mail_parameter']))
311 {
312 header('Location: '.$settings['forum_address'].'login.php?msg=pw_sent');
313 die('<a href="'.$_SERVER['SCRIPT_NAME'].'?msg=pw_sent">further...</a>');
314 }
315 else die($lang['mail_error']);
316 }
317 else
318 {
319 if (@mail($new_pw_mailto, strip_tags($lang['new_pw_email_sj']), $lang['new_pw_email_txt'], $header))
320 {
321 header('Location: '.$settings['forum_address'].'login.php?msg=pw_sent');
322 die("<a href=\"".$_SERVER['SCRIPT_NAME']."?msg=pw_sent\">further...</a>");
323 }
324 else die($lang['mail_error']);
325 }
326 }
327 else
328 {
329 header('Location: '.$settings['forum_address'].'login.php?msg=code_invalid');
330 die('<a href="'.$_SERVER['SCRIPT_NAME'].'?msg=code_invalid">further...</a>');
331 }
332 }
333 else
334 {
335 header('Location: '.$settings['forum_address'].'login.php?msg=code_invalid');
336 die('<a href="'.$_SERVER['SCRIPT_NAME'].'?msg=code_invalid">further...</a>');
337 }
338 break;
339 }
340
341 // HTML:
342 $wo = strip_tags($lang['login_title']);
343 $topnav = '<img src="img/where.png" alt="" width="11" height="8" /><b>'.$lang['login_title'].'</b>';
344 parse_template();
345 echo $header;
346
347 switch ($action)
348 {
349 case "login":
350 if (isset($msg))
351 {
352 switch ($msg)
353 {
354 case "noaccess":
355 echo '<p class="caution">'.$lang['no_access_marking'].'</p>'."\n";
356 break;
357 case "noentry":
358 echo '<p class="caution">'.$lang['no_entry_marking'].'</p>'."\n";
359 break;
360 case "mail_sent":
361 echo '<p class="caution">'.$lang['pwf_mail_sent_marking'].'</p>'."\n";
362 break;
363 case "pw_sent":
364 echo '<p class="caution">'.$lang['new_pw_ok'].'</p>'."\n";
365 break;
366 case "code_invalid":
367 echo '<p class="caution">'.$lang['new_pw_failed'].'</p>'."\n";
368 break;
369 case "login_failed":
370 echo '<p class="caution">'.$lang['login_failed_marking'].'</p>'."\n";
371 break;
372 case "account_not_activated":
373 echo '<p class="caution">'.$lang['account_not_activated'].'</p>'."\n";
374 break;
375 case "pwf_failed":
376 echo '<p class="caution">'.$lang['pwf_failed_marking'].'</p>'."\n";
377 break;
378 case "user_banned":
379 echo '<p class="caution">'.$lang['user_banned'].'</p>'."\n";
380 break;
381 case "user_activated":
382 echo '<p class="normal">'.$lang['user_activated'].'</p>'."\n";
383 break;
384 }
385 }
386 echo '<form action="'.$_SERVER['SCRIPT_NAME'].'" method="post"><div>'."\n";
387 echo '<label for="user-name">'.$lang['username_marking'].'</label><br />'."\n";
388 echo '<input type="text" name="username" id="user-name" /><br /><br />'."\n";
389 echo '<label for="user-pwd">'.$lang['password_marking'].'</label><br />'."\n";
390 echo '<input type="password" name="userpw" id="user-pwd" /><br /><br />'."\n";
391 if (isset($settings['autologin'])
392 && $settings['autologin'] == 1)
393 {
394 echo '<input type="checkbox" name="autologin_checked" id="autologin" value="true" />'."\n";
395 echo '<label for="autologin" class="small"> '.$lang['auto_login_marking'];
396 echo '</label><br /><br />'."\n";
397 }
398 echo '<input type="submit" value="'.outputLangDebugInAttributes($lang['login_submit_button']).'" />'."\n";
399 echo '</div></form>'."\n";
400 echo '<p>'.$lang['login_advice'].'</p>'."\n";
401 echo '<p><span class="small"><a href="'.$_SERVER['SCRIPT_NAME'].'?action=pw_forgotten">'."\n";
402 echo $lang['pw_forgotten_linkname'].'</a></span></p>'."\n";
403 break;
404
405 case "pw_forgotten":
406 echo '<h2>'.$lang['pw_forgotten_hl'].'</h2>'."\n";
407 echo '<p class="normal">'.$lang['pw_forgotten_exp'].'</p>'."\n";
408 echo '<form action="login.php" method="post">'."\n";
409 echo '<div>'."\n";
410 echo '<input type="hidden" name="action" value="pw_forgotten_ok" />'."\n";
411 echo '<label for="user-name">'.$lang['username_marking'].'</label><br />'."\n";
412 echo '<input type="text" name="pwf_username" id="user-name" /><br /><br />'."\n";
413 echo '<label for="user-email">'.$lang['user_email_marking'].'</label><br />'."\n";
414 echo '<input type="text" name="pwf_email" id="user-email" /><br /><br />'."\n";
415 echo '<input type="submit" value="'.outputLangDebugInAttributes($lang['submit_button_ok']).'" /></div>'."\n";
416 echo '</form>'."\n";
417 break;
418 }
419 echo $footer;
420 ?>
a fork of mylittleforum version 1