1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
|
<?php
/**
* $Id: login.php,v 1.15 2003/04/02 12:16:54 courou Exp $
*
* Author : courou@users.sourceforge.net
* Website : http://allreponse.ath.cx
*
* Support : http://sourceforge.net/projects/myphpmoney/
* CVS : http://cvs.sourceforge.net/cgi-bin/viewcvs.cgi/myphpmoney/
*/
/**
* INCLUDE FILE
*/
require_once 'config/settings.inc.php';
/**
* LOGOUT AND CLOSE BROWSER
*/
if (isset($_GET['op']) && $_GET['op'] == 'Logout') {
## Dump the data storage
if (isset($OPTION_CONFIG) && $OPTION_CONFIG == 1) MPM_DumpDays();
## Delete the old file storage
if (isset($OPTION_SAUV_AUTO) && $OPTION_SAUV_AUTO == 1) MPM_DelDumpDays(__BACK_DAYS__,$_MPM['date_gettime']['mday']);
## CLOSE BROWSER NO CONFIRMATION
if (isset($_GET['more']) && $_GET['more'] == 'close') {
echo '<script type="text/javascript">javascript:opener=window;top.close();</script>';
exit;
}
## delete the current session and go the new session
$sess->delete();
page_open(array('sess'=>'MPM_Session'));
}
/**
* VERIF THE POST VALUE
*/
if (isset($_POST['op'])) {
switch ($_POST['op']) {
## Add new username
case 'ADD':
if (isset($_POST['new_password2']) && isset($_POST['new_username']) && isset($_POST['new_email'])) {
## Number maxi user
if (SQL_NumberAccount() >= __MAX_USERS__) {
XHTML_DisplayJs($_VAR['MESSAGE_JS']['JS_NBR_ACCOUNT']);
$sess->delete();
page_open(array('sess'=>'MPM_Session'));
}
## Ok for add the new username
else if (!SQL_VerifUser($_POST['new_username'])) {
$hash = isset($_POST['md5']) && $_POST['md5'] == 1 ? $_POST['new_password2'] : md5($_POST['new_password2']);
SQL_InsertUser
(
$tools->numero_unique(12),
$_POST['new_username'],
$hash,
$langs->detected_browser_country,
$langs->detected_browser_languages,
$_MPM['date_sql'],
$_MPM['date_sql'],
$_MPM['date_sql'],
$_POST['new_email'],
## addslashes for the (') AND str_replace for the (')
isset($_POST['new_firstname']) ? addslashes(str_replace('\"',""",stripslashes($_POST['new_firstname']))) : '',
isset($_POST['new_lastname']) ? addslashes(str_replace('\"',""",stripslashes($_POST['new_lastname']))) : ''
);
## Ok create the news session
$sess_pid = $tools->numero_unique(12);
$sess_user = $_POST['new_username'];
$sess_pwd = $hash;
$sess_time = $_MPM['date_unix'] + $_MPM['sess_expire'];
$sess->register('sess_pid'); $sess->register('sess_user');
$sess->register('sess_pwd'); $sess->register('sess_time');
$new_enter = true;
}
## User exist
else {
$_GET['op'] = 'Signup';
$_MPM['message'] = 1;
} ## end of if SQL_NumberAccount
} ## end if isset
break;
## Normal enter
case 'ENTER':
if (isset($_POST['md5']) && isset($sess_challenge) && isset($_POST['challenge']) && isset($_POST['response'])
&& isset($_POST['username']) && !(isset($sess_pid))) {
$pass = SQL_ReturnPassword($_POST['username']);
$hash = md5(md5($_POST['username']).':'.$pass.':'.$sess_challenge);
## No Use Encryption
if ($_POST['md5'] == 0) {
$each_response = explode(':',$_POST['response']);
## Just Security (paranoid)
if ($each_response[0] == $_POST['username'] && md5($each_response[1]) == $pass && $each_response[2] == $sess_challenge) {
$_POST['response'] = md5(md5($each_response[0]).':'.md5($each_response[1]).':'.$each_response[2]);
}
}
## OK enter
if ($_POST['challenge'] == $sess_challenge && $_POST['response'] == $hash) {
$db->query
(
"SELECT USERID, LASTVISIT FROM ".$_MPM['table'][3]."
WHERE PWD='$pass' AND LOGIN_NAME='".$_POST['username']."'"
);
## Update last visite
if ($db->num_rows() == 1) {
$db->next_record();
$sess_pid = $db->f('USERID');
$sess_user = $_POST['username'];
$sess_pwd = $pass;
$sess_time = $_MPM['date_unix'] + $_MPM['sess_expire'];
$sess->register('sess_pid'); $sess->register('sess_user');
$sess->register('sess_pwd'); $sess->register('sess_time');
## Update the last visite
SQL_UpdateUser(3,$db->f('LASTVISIT'),$_MPM['date_sql'],$db->f('USERID'));
} else {
$_MPM['message'] = 2;
} ## end of $db->num_rows()
} ## end $_POST['challenge'] == $sess_challenge ....
} ## end ENTER
break;
// default case
default:
break;
} ## end switch $_POST['op']
} ## end isset $_POST['op']
/**
* ENTER IN THE SESSION OR BUILD THE LOGIN FORM
*/
if (SQL_VerifSession() && !isset($new_enter)) {
header('location: '.$_MPM['http'][0].'');
page_close(); exit;
}
else if (isset($new_enter)) {
header('location: '.$_MPM["http"][1].'?opt=new');
page_close(); exit;
}
else {
XHTML_DisplayLogin();
}
/**
* BUILD THE FOOTER
*/
XHTML_footer();
|
