if (isset($_POST['login']) && isset($_POST['user_name']) && isset($_POST['user_pass'])) {
$user_name = preg_replace(array("/\=/","/\#/","/\sOR\s/"), "", stripinput($_POST['user_name']));
$user_pass = md5($_POST['user_pass']);
$result = dbquery("SELECT * FROM ".DB_USERS." WHERE [color=#ff0000](user_persnr='".$user_name."' OR user_name='".$user_name."')[/color] AND user_password='".md5($user_pass)."' LIMIT 1");
if (dbrows($result)) {
$data = dbarray($result);
$cookie_value = $data['user_id'].".".$user_pass;
if ($data['user_status'] == 0) {
$cookie_exp = isset($_POST['remember_me']) ? time() + 3600 * 24 * 30 : time() + 3600 * 3;
header("P3P: CP='NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM'");
setcookie(COOKIE_PREFIX."user", $cookie_value, $cookie_exp, "/", "", "0");
redirect(BASEDIR."setuser.php?user=".$data['user_name'], true);
} elseif ($data['user_status'] == 1) {
redirect(BASEDIR."setuser.php?error=1", true);
} elseif ($data['user_status'] == 2) {
redirect(BASEDIR."setuser.php?error=2", true);
}
} else {
redirect(BASEDIR."setuser.php?error=3");
}
}
if (isset($_COOKIE[COOKIE_PREFIX.'user'])) {
$cookie_vars = explode(".", $_COOKIE[COOKIE_PREFIX.'user']);
$cookie_1 = isnum($cookie_vars['0']) ? $cookie_vars['0'] : "0";
$cookie_2 = (preg_check("/^[0-9a-z]{32}$/", $cookie_vars['1']) ? $cookie_vars['1'] : "");
$result = dbquery("SELECT * FROM ".DB_USERS." WHERE user_id='$cookie_1' AND user_password='".md5($cookie_2)."' LIMIT 1");
unset($cookie_vars,$cookie_1,$cookie_2);
if (dbrows($result)) {
$userdata = dbarray($result);
if ($userdata['user_status'] == 0) {
if ($userdata['user_theme'] != "Default" && file_exists(THEMES.$userdata['user_theme']."/theme.php") && ($settings['userthemes'] == 1 || $userdata['user_level'] >= 102)) {
if (!theme_exists($userdata['user_theme'])) {
echo "".$settings['sitename']." - ".$locale['global_300'].".
\n";
echo $locale['global_301']
die();
}
} else {
if (!theme_exists($settings['theme'])) {
echo "".$settings['sitename']." - ".$locale['global_300'].".
\n";
echo $locale['global_301']
die();
}
}
if ($userdata['user_offset'] <> 0) {
$settings['timeoffset'] = $settings['timeoffset'] + $userdata['user_offset']
}
if (!isset($_COOKIE[COOKIE_PREFIX.'lastvisit']) || !isnum($_COOKIE[COOKIE_PREFIX.'lastvisit'])) {
$result = dbquery("UPDATE ".DB_USERS." SET user_threads='' WHERE user_id='".$userdata['user_id']."'");
setcookie(COOKIE_PREFIX."lastvisit", $userdata['user_lastvisit'], time() + 3600, "/", "", "0");
$lastvisited = $userdata['user_lastvisit']
} else {
$lastvisited = $_COOKIE[COOKIE_PREFIX.'lastvisit']
}
if ($userdata['user_level'] > 101) {
if (isset($_COOKIE[COOKIE_PREFIX.'admin']) && (!preg_match("#" . str_replace("../", "", "/".ADMIN) . "#i", FUSION_REQUEST) || USER_IP != $userdata['user_ip'])) {
setcookie(COOKIE_PREFIX."admin", "", time() - 7200, "/", "", "0");
}
}
} else {
header("P3P: CP='NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM'");
setcookie(COOKIE_PREFIX."user", "", time() - 7200, "/", "", "0");
setcookie(COOKIE_PREFIX."lastvisit", "", time() - 7200, "/", "", "0");
redirect(BASEDIR."index.php", true);
}
} else {
header("P3P: CP='NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM'");
setcookie(COOKIE_PREFIX."user", "", time() - 7200, "/", "", "0");
setcookie(COOKIE_PREFIX."lastvisit", "", time() - 7200, "/", "", "0");
redirect(BASEDIR."index.php", true);
}
} else {
if (!theme_exists($settings['theme'])) {
echo "".$settings['sitename']." - ".$locale['global_300'].".
\n";
echo $locale['global_301']
die();
}
$userdata = ""; $userdata['user_level'] = 0; $userdata['user_rights'] = ""; $userdata['user_groups'] = "";
}