// Loginif (isset($_POST['form_sent']) && $action == 'in'){ $form_userna

1.  
2. // Login
3. if (isset($_POST['form_sent']) && $action == 'in')
4. {
5. $form_username = trim($_POST['req_username']);
6. $form_password = trim($_POST['req_password']);
7.  
8. ($hook = get_hook('li_login_form_submitted')) ? eval($hook) : null;
9.  
10. // Get user info matching login attempt
11. $query = array(
12. 'SELECT' => 'u.id, u.group_id, u.password, u.save_pass, u.salt',
13. 'FROM' => 'users AS u'
14. );
15.  
16. if ($db_type == 'mysql' || $db_type == 'mysqli')
17. $query['WHERE'] = 'username=\''.$forum_db->escape($form_username).'\'';
18. else
19. $query['WHERE'] = 'LOWER(username)=LOWER(\''.$forum_db->escape($form_username).'\')';
20.  
21. ($hook = get_hook('li_qr_get_login_data')) ? eval($hook) : null;
22. $result = $forum_db->query_build($query) or error(__FILE__, __LINE__);
23. list($user_id, $group_id, $db_password_hash, $save_pass, $salt) = $forum_db->fetch_row($result);
24.  
25. $authorized = false;
26. if (!empty($db_password_hash))
27. {
28. $sha1_in_db = (strlen($db_password_hash) == 40) ? true : false;
29. $form_password_hash = sha1($salt.sha1($form_password));
30.  
31. if ($sha1_in_db && $db_password_hash == $form_password_hash)
32. $authorized = true;
33. else if ((!$sha1_in_db && $db_password_hash == md5($form_password)) || ($sha1_in_db && $db_password_hash == sha1($form_password)))
34. {
35. $authorized = true;
36.  
37. $salt = random_key(12);
38. $form_password_hash = sha1($salt.sha1($form_password));
39.  
40. // There's an old MD5 hash or an unsalted SHA1 hash in the database, so we replace it
41. // with a randomly generated salt and a new, salted SHA1 hash
42. $query = array(
43. 'UPDATE' => 'users',
44. 'SET' => 'password=\''.$form_password_hash.'\', salt=\''.$forum_db->escape($salt).'\'',
45. 'WHERE' => 'id='.$user_id
46. );
47.  
48. ($hook = get_hook('li_qr_update_user_hash')) ? eval($hook) : null;
49. $forum_db->query_build($query) or error(__FILE__, __LINE__);
50. }
51. }
52.  
53. ($hook = get_hook('li_login_pre_auth_message')) ? eval($hook) : null;
54.  
55. if (!$authorized)
56. $errors[] = sprintf($lang_login['Wrong user/pass']);
57.  
58. // Did everything go according to plan?
59. if (empty($errors))
60. {
61. // Update the status if this is the first time the user logged in
62. if ($group_id == FORUM_UNVERIFIED)
63. {
64. $query = array(
65. 'UPDATE' => 'users',
66. 'SET' => 'group_id='.$forum_config['o_default_user_group'],
67. 'WHERE' => 'id='.$user_id
68. );
69.  
70. ($hook = get_hook('li_qr_update_user_group')) ? eval($hook) : null;
71. $forum_db->query_build($query) or error(__FILE__, __LINE__);
72. }
73.  
74. // Remove this user's guest entry from the online list
75. $query = array(
76. 'DELETE' => 'online',
77. 'WHERE' => 'ident=\''.$forum_db->escape(get_remote_address()).'\''
78. );
79.  
80. ($hook = get_hook('li_qr_delete_online_user')) ? eval($hook) : null;
81. $forum_db->query_build($query) or error(__FILE__, __LINE__);
82.  
83. $expire = ($save_pass == '1') ? time() + 31536000 : 0;
84. forum_setcookie($cookie_name, base64_encode($user_id.'|'.$form_password_hash), $expire);
85.  
86. redirect(forum_htmlencode($_POST['redirect_url']).((substr_count($_POST['redirect_url'], '?') == 1) ? '&' : '?').'login=1', $lang_login['Login redirect']);
87. }
88. }