<?php/*===============================================================| Uber

1. <?php
2. /*===============================================================
3. | UberCMS - Content Management System
4. | ###############################################################
5. | Heavily edited UberCMS - All rights reserved 'iRetroCMS'
6. | Copyright (c) 2010 - 2014, Meth0d 'http://www.meth0d.org'
7. \==============================================================*/
8. require_once "global.php";
9.  
10. define("FP", true);
11.  
12. if (LOGGED_IN)
13. {
14. header("Location: " . WWW . "/me");
15. exit;
16. }
17.  
18. $tpl->Init();
19.  
20. $tpl->SetParam('page_title', 'Log in, sign up and make friends!');
21. $tpl->SetParam('credentials_username', '');
22. $tpl->AddGeneric('head-init-fp');
23. $tpl->AddIncludeSet('frontpage');
24. $tpl->WriteIncludeFiles();
25. $tpl->AddGeneric('head-bottom-fp');
26.  
27.  
28. $frontpage = new Template('page-fp');
29. $frontpage->SetParam('login_result', '');
30. $frontpage->SetParam('headerClass', '');
31.  
32. if (isset($_POST['credentials_username']) && isset($_POST['credentials_password']))
33. {
34. $frontpage->SetParam('credentials_username', $_POST['credentials_username']);
35.  
36. $credUser = filter($_POST['credentials_username']);
37. $credPassword = $_POST['credentials_password'];
38.  
39. $errors = array();
40.  
41. if (strlen($_POST['credentials_username']) < 1 || strlen($_POST['credentials_password']) < 1)
42. {
43. $errors[] = "Please enter your details";
44. }
45.  
46. if (count($errors) == 0)
47. {
48. if ($users->ValidateUser($credUser, $core->uberHash($credPassword))) {
49. if(mysql_result(mysql_query("SELECT newcrypto FROM users WHERE username = '" . $credUser . "'"), 0) == "0") {
50. mysql_query("UPDATE users SET password = '" . $users->UserHash($credPassword, $credUser) . "' WHERE username = '" . $credUser . "'");
51. mysql_query("UPDATE users SET newcrypto = '1' WHERE username = '" . $credUser . "'");
52. }
53. }
54.  
55. $credPass = $users->UserHash($credPassword, $credUser);
56.  
57. if ($users->ValidateUser($credUser, $credPass))
58. {
59. if (isset($_POST['page']))
60. {
61. $reqPage = filter($_POST['page']);
62. $pos = strrpos($reqPage, WWW);
63.  
64. if ($pos === false || $pos != 0)
65. {
66. die("<b>Security warning!</b> A malicious request was detected that tried redirecting you to an external site. Please proceed with caution, this may have been an attempt to steal your login details. <a href='" . WWW . "'>Return to site</a>");
67. }
68. else
69. {
70. $_SESSION['page-redirect'] = $reqPage;
71. }
72. }
73.  
74.  
75. $_SESSION['UBER_USER_N'] = $users->GetUserVar($users->Name2id($credUser), 'username');
76. $_SESSION['UBER_USER_H'] = $credPass;
77.  
78. if (isset($_POST['_login_remember_me']))
79. {
80. $_SESSION['set_cookies'] = true;
81. }
82.  
83. header("Location: " . WWW . "/me");
84. exit;
85. }
86. else
87. {
88. $errors[] = "Incorrect password";
89. }
90. }
91.  
92. if (count($errors) > 0)
93. {
94.  
95. $loginResult = '<div id="login-errors">';
96.  
97. foreach ($errors as $err)
98. {
99. $loginResult .=' ' . $err . ' ';
100. }
101.  
102. $loginResult .= '</div>';
103. $frontpage->SetParam('headerClass', 'class="login-error"');
104. $frontpage->SetParam('login_result', $loginResult);
105. }
106. }
107.  
108. $tpl->AddTemplate($frontpage);
109. $tpl->Output();
110. ?>