<?php //error_reporting( E_ALL | E_STRICT ); ini_set( 'display_errors', true )

1. <?php
2.     //error_reporting( E_ALL | E_STRICT ); ini_set( 'display_errors', true );
3.    
4.     if(isset($_GET['act']) && $_GET['act'] == "logout")
5.     {
6.         session_start();
7.         session_unset();
8.         session_destroy();
9.         setcookie("ukey", "", time()-60*60*24*365);
10.         header('Location: login.php');
11.         exit;
12.     }
13.    
14.     require "header.php";
15.     $user = new user();
16.     if($gbaccID)
17.     {
18.         header('Location: account.php');
19.         exit;
20.     }
21.     if( isset($_GET['act']) && $_GET['act'] == "auth" && isset($_POST['password']) )
22.     {
23.         $username = $db->real_escape_string($_POST['login']);
24.         $password = md5($_POST['password']); // Old accounts will have to use forgotten password and reset it.
25.  
26.         if($user->login_check($username, $password))
27.         {
28.             $query = "SELECT $account_table.email, $account_table.accid, $account_table.access FROM $account_table JOIN $user_table ON $user_table.accid=$account_table.accid WHERE $user_table.login = '$username'";
29.             $result = $db->query($query);
30.             $row = $result->fetch_assoc();
31.             $accID = $row['accid'];
32.             $email = $row['email'];
33.             $access = $row['access'];
34.             if( $row['email'] != '' )
35.             {
36.                 //$_SESSION['login'] = $username;
37.                 //$_SESSION['email'] = $email;
38.                 $_SESSION['ohsnap'] = 'here is your problem.';
39.                 $_SESSION['password'] = $password;
40.                 $_SESSION['accid'] = $accID;
41.                 $_SESSION['access'] = $access;
42.                 $banned = $user->check_bans($email);
43.                 $_SESSION['banned'] = $banned;
44.                 $curdate = mktime();
45.                 $curip = $db->real_escape_string($_SERVER['REMOTE_ADDR']);
46.                 $query = "UPDATE $user_table SET last_login = '$curdate', last_ip='$curip' WHERE login = '$username'";
47.                 $db->query($query) or die($db->error);
48.                
49.                 $key = substr( ($curdate.$password), 0, 25 );
50.                 $query = "UPDATE $account_table SET ukey = '$key' WHERE email = '$email' AND password = '$password'";
51.                 $db->query($query) or die($db->error);
52.                 setcookie("ukey", $key, time()+60*60*24*90);
53.                 header('Location: login.php');
54.                 exit;
55.             }
56.         } else {
57.             echo "Error, wrong username/password combination.";
58.         }
59.     }
60.     echo '</head><body>'.$top_bar;
61. ?>
62.     <br />
63.     <div id="inputContainer" style="width:230px;">
64.         <h2>Login</h2>
65.         <form action="login.php?act=auth" method="post" name="loginform" id="loginform">
66.             <label for="login">Username</label>
67.             <input type="text" class="text input" name="login" style="width: 225px;">
68.             <label for="password">Password</label>
69.             <input type="password" class="text input" name="password" style="width: 225px;">
70.             <input type="submit" name="submit" value="Log In" class="submit-btn" />
71.             <div class="clear"></div>
72.             <a href="register.php">Register</a> / <a href="settings.php?act=recover_password" id="recover-password">Recover Lost Password</a>
73.         </form>
74.     </div>
75. <?php echo $footer; ?>