Untitled

<?php
if (!defined('CN_INIT_LOGINBOX')) {
    // Define variables and constants and include files
    define('CN_INIT_LOGINBOX', true);
    $cutepath = dirname(__FILE__);
    chdir($cutepath);
    if (isset($_GET['action'])) {
        $action = $_GET['action'];
    } elseif (isset($_POST['action'])) {
        $action = $_POST['action'];
    } else {
        $action = '';
    }

    require_once($cutepath.'/inc/functions.inc.php');

    // Start Session
    session_start();

    // Log user out if requested
    if ($action == 'logout') {
        session_destroy();
        session_unset();
        setcookie(session_name(), '');
        unset($_SESSION);
        $message = '<div style="color: green;">Logged Out</div>';
    }

    // Detect IP
    $ip = '';
    if (isset($_SERVER['HTTP_X_FORWARDED_FOR'])) {
        $ip = $_SERVER['HTTP_X_FORWARDED_FOR'];
    } elseif (isset($_SERVER['HTTP_CLIENT_IP'])) {
        $ip = $_SERVER['HTTP_CLIENT_IP'];
    }
    if ($ip == '') {
        $ip = $_SERVER['REMOTE_ADDR'];
    }
    if ($ip == '') {
        $ip = 'not detected';
    }

    $all_users = file($cutepath.'/data/users.db.php');
    $is_logged_in = false;
    if ($action == 'login') {
        $md5_password = md5($password);
        if (check_login($username, $md5_password)) {
            $_SESSION['username'] = $username;
            $_SESSION['md5_password'] = $md5_password;
            $_SESSION['ip'] = $ip;
            $_SESSION['login_referer'] = $HTTP_REFERER;

            $is_logged_in = true;
            $name = $_POST['name'] = $member_db[4];
            $mail = $_POST['mail'] = $member_db[5];

            $old_users_db = file($cutepath.'/data/users.db.php');
            $modified_users = fopen($cutepath.'/data/users.db.php', 'w');
            foreach ($old_users_db as $old_users_db_line) {
                $old_users_db_arr = explode('|', $old_users_db_line);
                if ($member_db[0] != $old_users_db_arr[0]) {
                    fwrite($modified_users, $old_users_db_line);
                } else {
                    fwrite($modified_users, $old_users_db_arr[0].'|'.$old_users_db_arr[1].'|'.$old_users_db_arr[2].'|'.$old_users_db_arr[3].'|'.$old_users_db_arr[4].'|'.$old_users_db_arr[5].'|'.$old_users_db_arr[6].'|'.$old_users_db_arr[7].'|'.$old_users_db_arr[8].'|'.time().'||'.chr(10));
                }
            }
            fclose($modified_users);
        } else {
            $message = '<div style="color: red;">Invalid login</div>';
        }
    } elseif (isset($_SESSION['username'])) {
        if (check_login($_SESSION['username'], $_SESSION['md5_password'])) {
            if ($_SESSION['ip'] != $ip) {
                $message = '<div style="color: red;">Session IP doesn\'t match.</div>';
            } else {
                $is_logged_in = true;
                $name = $_POST['name'] = $member_db[4];
                $mail = $_POST['mail'] = $member_db[5];
            }
        } else {
            $message = '<div style="color: red;">Invalid login</div>';
        }
    }
    chdir(dirname($_SERVER['SCRIPT_FILENAME']));
} else {
    if ($is_logged_in) {
?>
<p>
    You are logged in as <?=htmlentities($_SESSION['username'])?>, <a href="<?=$PHP_SELF?>?action=logout">Log Out</a>
</p>
<?php
    } else {
?>
 <form name="login" action="<?=htmlentities($PHP_SELF)?>" method="post">
  <input type="hidden" name="action" value="login" />
  <?=$message?>
  <label for="username">Username:</label>
  <br />
  <input type="text" name="username" id="username" value="<?=htmlentities($_SESSION['lastusername'])?>" style="width: 140px;" />
  <br />
  <label for="password">Password:</label>
  <br />
  <input type="password" name="password" id="password" style="width: 140px;" />
  <br />
  <input type="submit" style="width: 75px;" value='Login' accesskey="s" />
 </form>
<?php
    }
}
?>