Mercurial Mercurial > repos > enano-1.1 / comparison
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
includes/sessions.php
changeset 188 b4aaca42c8a4
parent 174 4c5c2b66a34d
child 193 ebe99e82a59a
child 195 eec079676fe7
child 203 8e2fffc5c622
equal deleted inserted replaced
186:b796208d050d 188:b4aaca42c8a4 
   583     
   583     
   584     // Select the user data from the table, and decrypt that so we can verify the password
 
   584     // Select the user data from the table, and decrypt that so we can verify the password
 
   585     $this->sql('SELECT password,old_encryption,user_id,user_level,theme,style,temp_password,temp_password_time FROM '.table_prefix.'users WHERE lcase(username)=\''.$db_username_lower.'\' OR username=\'' . $db_username . '\';');
 
   585     $this->sql('SELECT password,old_encryption,user_id,user_level,theme,style,temp_password,temp_password_time FROM '.table_prefix.'users WHERE lcase(username)=\''.$db_username_lower.'\' OR username=\'' . $db_username . '\';');
 
   586     if($db->numrows() < 1)
 
   586     if($db->numrows() < 1)
 
   587     {
 
   587     {
 
   588       return "The username and/or password is incorrect.";
 
       
   589       // This wasn't logged in <1.0.2, dunno how it slipped through
 
   588       // This wasn't logged in <1.0.2, dunno how it slipped through
 
   590       if($level > USER_LEVEL_MEMBER)
 
   589       if($level > USER_LEVEL_MEMBER)
 
   591         $this->sql('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,date_string,author,edit_summary,page_text) VALUES(\'security\', \'admin_auth_bad\', '.time().', \''.date('d M Y h:i a').'\', \''.$db->escape($username).'\', \''.$db->escape($_SERVER['REMOTE_ADDR']).'\', ' . intval($level) . ')');
 
   590         $this->sql('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,date_string,author,edit_summary,page_text) VALUES(\'security\', \'admin_auth_bad\', '.time().', \''.date('d M Y h:i a').'\', \''.$db->escape($username).'\', \''.$db->escape($_SERVER['REMOTE_ADDR']).'\', ' . intval($level) . ')');
 
   592       else
 
   591       else
 
   593         $this->sql('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,date_string,author,edit_summary) VALUES(\'security\', \'auth_bad\', '.time().', \''.date('d M Y h:i a').'\', \''.$db->escape($username).'\', \''.$db->escape($_SERVER['REMOTE_ADDR']).'\')');
 
   592         $this->sql('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,date_string,author,edit_summary) VALUES(\'security\', \'auth_bad\', '.time().', \''.date('d M Y h:i a').'\', \''.$db->escape($username).'\', \''.$db->escape($_SERVER['REMOTE_ADDR']).'\')');
 
   594         
   593       return "The username and/or password is incorrect.";  
   595     }
 
   594     }
 
   596     $row = $db->fetchrow();
 
   595     $row = $db->fetchrow();
 
   597     
   596     
   598     // Check to see if we're logging in using a temporary password
 
   597     // Check to see if we're logging in using a temporary password
 
   599     
   598     
   706     // Initialize our success switch
 
   705     // Initialize our success switch
 
   707     $success = false;
 
   706     $success = false;
 
   708     
   707     
   709     // Retrieve the real password from the database
 
   708     // Retrieve the real password from the database
 
   710     $this->sql('SELECT password,old_encryption,user_id,user_level,temp_password,temp_password_time FROM '.table_prefix.'users WHERE lcase(username)=\''.$this->prepare_text(strtolower($username)).'\';');
 
   709     $this->sql('SELECT password,old_encryption,user_id,user_level,temp_password,temp_password_time FROM '.table_prefix.'users WHERE lcase(username)=\''.$this->prepare_text(strtolower($username)).'\';');
 
   711     if($db->numrows() < 1)
 
   710     if ( $db->numrows() < 1 )
 
   712       return 'The username and/or password is incorrect.';
 
   711     {
 
       
   712       // This wasn't logged in <1.0.2, dunno how it slipped through
 
       
   713       if($level > USER_LEVEL_MEMBER)
 
       
   714         $this->sql('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,date_string,author,edit_summary,page_text) VALUES(\'security\', \'admin_auth_bad\', '.time().', \''.date('d M Y h:i a').'\', \''.$db->escape($username).'\', \''.$db->escape($_SERVER['REMOTE_ADDR']).'\', ' . intval($level) . ')');
 
       
   715       else
 
       
   716         $this->sql('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,date_string,author,edit_summary) VALUES(\'security\', \'auth_bad\', '.time().', \''.date('d M Y h:i a').'\', \''.$db->escape($username).'\', \''.$db->escape($_SERVER['REMOTE_ADDR']).'\')');
 
       
   717       return "The username and/or password is incorrect.";  
       
   718     }
 
   713     $row = $db->fetchrow();
 
   719     $row = $db->fetchrow();
 
   714     
   720     
   715     // Check to see if we're logging in using a temporary password
 
   721     // Check to see if we're logging in using a temporary password
 
   716     
   722     
   717     if((intval($row['temp_password_time']) + 3600*24) > time() )
 
   723     if((intval($row['temp_password_time']) + 3600*24) > time() )
Enano CMS (1.1.x)