start(); $is_loged_in = FALSE; $member_id = array (); $result = ""; $username = ""; $cmd5_password = ""; $allow_login = false; $check_log = false; $js_array = array (); $PHP_SELF = $_SERVER['PHP_SELF']; $_IP = $db->safesql( $_SERVER['REMOTE_ADDR'] ); $_TIME = time () +($config['date_adjust'] * 60); require_once (ENGINE_DIR .'/skins/default.skin.php'); if( isset( $_POST['action'] ) ) $action = $_POST['action']; else $action = $_GET['action']; if( isset( $_POST['mod'] ) ) $mod = $_POST['mod']; else $mod = $_GET['mod']; $mod = totranslit ( $mod,true,false ); $action = totranslit ( $action,false,false ); $user_group = get_vars( "usergroup"); if( !$user_group ) { $user_group = array (); $db->query( "SELECT * FROM ".USERPREFIX ."_usergroups ORDER BY id ASC"); while ( $row = $db->get_row() ) { $user_group[$row['id']] = array (); foreach ( $row as $key =>$value ) { $user_group[$row['id']][$key] = stripslashes($value); } } set_vars( "usergroup",$user_group ); $db->free(); } $cat_info = get_vars( "category"); if( !is_array( $cat_info ) ) { $cat_info = array (); $db->query( "SELECT * FROM ".PREFIX ."_category ORDER BY posi ASC"); while ( $row = $db->get_row() ) { $cat_info[$row['id']] = array (); foreach ( $row as $key =>$value ) { $cat_info[$row['id']][$key] = stripslashes( $value ); } } set_vars( "category",$cat_info ); $db->free(); } if( count( $cat_info ) ) { foreach ( $cat_info as $key ) { $cat[$key['id']] = $key['name']; $cat_parentid[$key['id']] = $key['parentid']; } } if( $_REQUEST['action'] == "logout") { set_cookie( "dle_user_id","",0 ); set_cookie( "dle_name","",0 ); set_cookie( "dle_password","",0 ); set_cookie( "dle_skin","",0 ); set_cookie( "dle_newpm","",0 ); set_cookie( "dle_hash","",0 ); set_cookie( "dle_compl","",0 ); set_cookie( session_name(),"",0 ); @session_unset(); @session_destroy(); if( $config['extra_login'] ) auth(); msg( "info",$lang['index_msge'],$lang['index_exit'] ); } $allow_login = true; if ($config['login_log']) $allow_login = check_allow_login ($_IP,$config['login_log']); if (!$allow_login) msg( "info",$lang['index_msge'],$lang['login_err_2'] ); if( $allow_login ) { if( $config['extra_login'] ) { if( !isset( $_SERVER['PHP_AUTH_USER'] ) ||!isset( $_SERVER['PHP_AUTH_PW'] ) ) auth(); $username = $_SERVER['PHP_AUTH_USER']; $cmd5_password = md5( $_SERVER['PHP_AUTH_PW'] ); $post = true; $check_log = true; }elseif( intval( $_SESSION['dle_user_id'] ) >0 AND $_SESSION['dle_password'] ) { $username = $_SESSION['dle_user_id']; $cmd5_password = $_SESSION['dle_password']; $post = false; if (!$_SESSION['check_log']) $check_log = true; }elseif( intval( $_COOKIE['dle_user_id'] ) >0 AND $_COOKIE['dle_password']) { $username = $_COOKIE['dle_user_id']; $cmd5_password = $_COOKIE['dle_password']; $post = false; $check_log = true; } if( $_REQUEST['subaction'] == 'dologin') { $username = $_POST['username']; $cmd5_password = md5( $_POST['password'] ); $post = true; $check_log = true; } } if( check_login( $username,$cmd5_password,$post,$check_log ) ) { $is_loged_in = true; $dle_login_hash = md5( $_SERVER['HTTP_HOST'] .$member_id['user_id'] .sha1($cmd5_password) .$config['key'] .date( "Ymd") ); if( !$_SESSION['dle_user_id'] and $_COOKIE['dle_user_id'] ) { $_SESSION['dle_user_id'] = $_COOKIE['dle_user_id']; $_SESSION['dle_password'] = $_COOKIE['dle_password']; } }else { $dle_login_hash = ""; if( $_REQUEST['subaction'] == 'dologin') { $result = "".$lang['index_errpass'] .""; }else $result = ""; if( $config['extra_login'] ) auth(); $is_loged_in = false; } if( $is_loged_in and !$_SESSION['dle_xtra'] and $config['extra_login'] ) { $_SESSION['dle_xtra'] = true; $_REQUEST['subaction'] = 'dologin'; } if( $is_loged_in and $_REQUEST['subaction'] == 'dologin') { $_SESSION['dle_user_id'] = $member_id['user_id']; $_SESSION['dle_password'] = $cmd5_password; if ( intval($_POST['login_not_save']) ) { set_cookie( "dle_user_id","",0 ); set_cookie( "dle_password","",0 ); }else { set_cookie( "dle_user_id",$member_id['user_id'],365 ); set_cookie( "dle_password",$cmd5_password,365 ); } $time_now = time() +($config['date_adjust'] * 60); if ($config['login_log']) $db->query( "DELETE FROM ".PREFIX ."_login_log WHERE ip = '{$_IP}'"); if( $config['log_hash'] ) { $salt = "abchefghjkmnpqrstuvwxyz0123456789"; $hash = ''; srand( ( double ) microtime() * 1000000 ); for($i = 0;$i <9;$i ++) { $hash .= $salt{rand( 0,33 )}; } $hash = md5( $hash ); set_cookie( "dle_hash",$hash,365 ); $_COOKIE['dle_hash'] = $hash; $member_id['hash'] = $hash; $db->query( "UPDATE ".USERPREFIX ."_users set hash='".$hash ."', lastdate='{$time_now}', logged_ip='".$_IP ."' WHERE user_id='{$member_id['user_id']}'"); }else $db->query( "UPDATE ".USERPREFIX ."_users set lastdate='{$time_now}', logged_ip='".$_IP ."' WHERE user_id='{$member_id['user_id']}'"); } if( $is_loged_in and $config['log_hash'] and (($_COOKIE['dle_hash'] != $member_id['hash']) or ($member_id['hash'] == "")) ) { $is_loged_in = FALSE; } if( $is_loged_in and $config['ip_control'] == '1'and !check_netz( $member_id['logged_ip'],$_IP ) and $_REQUEST['subaction'] != 'dologin') $is_loged_in = FALSE; if( !$is_loged_in ) { $member_id = array(); set_cookie( "dle_user_id","",0 ); set_cookie( "dle_name","",0 ); set_cookie( "dle_password","",0 ); set_cookie( "dle_hash","",0 ); set_cookie( "dle_compl","",0 ); $_SESSION['dle_user_id'] = 0; $_SESSION['dle_password'] = ""; $_SESSION['check_log'] = 0; if( $config['extra_login'] ) auth(); } if ( $is_loged_in ) define( 'LOGGED_IN',$is_loged_in ); ?>