& Matías Parodi # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU Affero General Public License as # published by the Free Software Foundation, either version 3 of the # License, or (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU Affero General Public License for more details. # # You should have received a copy of the GNU Affero General Public License # along with this program. If not, see . # ## if (!defined("SECURITY")) { exit; } if ($_SESSION['LOGIN']) header("Location: {$base}notes"); if ($_POST) { $username = safe_str($_POST['username'], true); $password = safe_str($_POST['password']); if (eregi('^[a-zA-Z0-9._-]+@[a-zA-Z0-9-]+\.[a-zA-Z.]{2,5}$', $username)) { $sql = "SELECT * FROM `users` WHERE (`users`.`email` = '" . $username . "') LIMIT 1;"; } else { $sql = "SELECT * FROM `users` WHERE (`users`.`username` = '" . $username . "') LIMIT 1;"; } $result = mysql_query($sql); $row = mysql_fetch_assoc($result); mysql_free_result($result); if (mysql_affected_rows() == 1) { /* if ($row['status'] == 'banned') $login_err = _('Usuario baneado'); exit; */ $password = md5(md5($password) . md5($row['salt'])); $login = false; if (eregi('^[a-zA-Z0-9._-]+@[a-zA-Z0-9-]+\.[a-zA-Z.]{2,5}$', $username)) { if ((strtolower($username) == strtolower($row['email'])) and ($password == $row['password'])) $login = true; } else { if ((strtolower($username) == strtolower($row['username'])) and ($password == $row['password'])) $login = true; } if ($login) { $_SESSION['LOGIN'] = true; $_SESSION['ID_USER'] = $row['id_user']; $_SESSION['API'] = $row['api']; $_SESSION['USERNAME'] = $row['username']; $_SESSION['EMAIL'] = $row['email']; $sql = "DELETE FROM `sessions` WHERE (`sessions`.`username` = '" . $username . "') LIMIT 1;"; mysql_query($sql); setcookie("Jisko[SID]", md5(md5(SID) . md5($row['salt'])), time() + 86400, '/'); setcookie("Jisko[USERNAME]", $row['username'], time() + 86400, '/'); $sql = "INSERT INTO `sessions` (`sid`, `timestamp`, `id_user`, `api`, `username`) VALUES ('" . md5(md5(SID) . md5($row['salt'])) . "', UNIX_TIMESTAMP(), '" . $_SESSION['ID_USER'] . "', '" . $_SESSION['API'] . "', '" . $_SESSION['USERNAME'] . "');"; mysql_query($sql); $sql = "UPDATE `users` SET `last_login` = UNIX_TIMESTAMP(), `last_ip` = '" . $_SERVER['REMOTE_ADDR'] . "' WHERE (`users`.`id_user` = '" . $row['id_user'] . "') LIMIT 1;"; mysql_query($sql); header("Location: {$base}notes/all"); } else { $login_err = _('Identificación incorrecta'); } } else { $login_err = _('Identificación incorrecta'); } } echo ' '; ?>