start(); $is_loged_in = FALSE; $member_id = array (); $result = ""; $username = ""; $cmd5_password = ""; $allow_login = false; $PHP_SELF = $_SERVER['PHP_SELF']; $_IP = $db->safesql( $_SERVER['REMOTE_ADDR'] ); $_TIME = time() + ($config['date_adjust'] * 60); require_once (SYSTEM_DIR . '/skins/default.skin.php'); if( isset( $_POST['action'] ) ) $action = $_POST['action']; else $action = $_GET['action']; if( isset( $_POST['mod'] ) ) $mod = $_POST['mod']; else $mod = $_GET['mod']; $mod = totranslit ( $mod, true, false ); $action = totranslit ( $action, false, false ); $user_group = $cache->get( "usergroup" ); if( ! $user_group ) { $user_group = array (); $db->query( "SELECT * FROM " . USERPREFIX . "_usergroups ORDER BY id ASC" ); while ( $row = $db->get_row() ) { $user_group[$row['id']] = array (); foreach ( $row as $key => $value ) { $user_group[$row['id']][$key] = $value; } } $cache->set( "usergroup", $user_group ); $db->free(); } $cat_info = $cache->get( "category" ); if( ! is_array( $cat_info ) ) { $cat_info = array (); $db->query( "SELECT * FROM " . PREFIX . "_category ORDER BY posi ASC" ); while ( $row = $db->get_row() ) { $cat_info[$row['id']] = array (); foreach ( $row as $key => $value ) { $cat_info[$row['id']][$key] = stripslashes( $value ); } } $cache->set( "category", $cat_info ); $db->free(); } if( count( $cat_info ) ) { foreach ( $cat_info as $key ) { $cat[$key['id']] = $key['name']; $cat_parentid[$key['id']] = $key['parentid']; } } if( $_REQUEST['action'] == "logout" ) { set_cookie( "dle_user_id", "", 0 ); set_cookie( "dle_name", "", 0 ); set_cookie( "dle_password", "", 0 ); set_cookie( "dle_skin", "", 0 ); set_cookie( "dle_newpm", "", 0 ); set_cookie( "dle_hash", "", 0 ); set_cookie( session_name(), "", 0 ); @session_unset(); @session_destroy(); msg( "info", $lang['index_msge'], $lang['index_exit'] ); } if( $check_referer ) { if( $_SERVER['HTTP_REFERER'] == '' and $_REQUEST['subaction'] != 'dologin' ) $allow_login = true; elseif( clean_url( $_SERVER['HTTP_REFERER'] ) == clean_url( $_SERVER['HTTP_HOST'] ) ) $allow_login = true; } else { $allow_login = true; } if( $allow_login ) { if( intval($_SESSION['dle_user_id']) > 0 AND $_SESSION['dle_password'] ) { $username = $_SESSION['dle_user_id']; $cmd5_password = $_SESSION['dle_password']; $post = false; } elseif(intval($_COOKIE['dle_user_id']) > 0 AND $_COOKIE['dle_password']) { $username = $_COOKIE['dle_user_id']; $cmd5_password = $_COOKIE['dle_password']; $post = false; } if( $_REQUEST['subaction'] == 'dologin' ) { $username = $_POST['username']; $cmd5_password = md5( $_POST['password'] ); $post = true; } } if( check_login( $username, $cmd5_password, $post ) ) { $is_loged_in = true; $_SESSION['dle_log'] = 0; $dle_login_hash = md5($_SERVER['HTTP_HOST'] . $member_id['user_id'] . sha1($cmd5_password) . $config['key'] . date("Ymd")); if( ! $_SESSION['dle_user_id'] and $_COOKIE['dle_user_id'] ) { $_SESSION['dle_user_id'] = $_COOKIE['dle_user_id']; $_SESSION['dle_password'] = $_COOKIE['dle_password']; } } else { $dle_login_hash = ""; if( $_REQUEST['subaction'] == 'dologin' ) { $result = "" . $lang['index_errpass'] . ""; } else $result = ""; $is_loged_in = false; } if( $is_loged_in and $_REQUEST['subaction'] == 'dologin' ) { $_SESSION['dle_user_id'] = $member_id['user_id']; $_SESSION['dle_password'] = $cmd5_password; set_cookie( "dle_user_id", $member_id['user_id'], 365 ); set_cookie( "dle_password", $cmd5_password, 365 ); $time_now = time() + ($config['date_adjust'] * 60); if( $config['log_hash'] ) { $salt = "abchefghjkmnpqrstuvwxyz0123456789"; $hash = ''; srand( ( double ) microtime() * 1000000 ); for($i = 0; $i < 9; $i ++) { $hash .= $salt{rand( 0, 33 )}; } $hash = md5( $hash ); set_cookie( "dle_hash", $hash, 365 ); $_COOKIE['dle_hash'] = $hash; $member_id['hash'] = $hash; $db->query( "UPDATE " . USERPREFIX . "_users set hash='" . $hash . "', lastdate='{$time_now}', logged_ip='" . $_IP . "' WHERE user_id='{$member_id['user_id']}'" ); } else $db->query( "UPDATE " . USERPREFIX . "_users set lastdate='{$time_now}', logged_ip='" . $_IP . "' WHERE user_id='{$member_id['user_id']}'" ); } if( $is_loged_in and $config['log_hash'] and (($_COOKIE['dle_hash'] != $member_id['hash']) or ($member_id['hash'] == "")) ) { $is_loged_in = FALSE; } if( $is_loged_in and $config['ip_control'] == '1' and ! check_netz( $member_id['logged_ip'], $_IP ) and $_REQUEST['subaction'] != 'dologin' ) $is_loged_in = FALSE; if( ! $is_loged_in ) { $member_id = array(); set_cookie( "dle_user_id","",0 ); set_cookie( "dle_name","",0 ); set_cookie( "dle_password","",0 ); set_cookie( "dle_hash","",0 ); $_SESSION['dle_user_id'] = 0; $_SESSION['dle_password'] = ""; } if ( $is_loged_in ) define( 'LOGGED_IN', $is_loged_in ); ?>