<?php
/******************************************************************************
* login.php *
* Login Page File *
* See readme.txt for additional information *
*******************************************************************************
* eqEpic - The Epic Raid Manager *
* Open-Source Project By Ryan Christenson *
* =========================================================================== *
* Software Version: eqEpic 0.7.8 *
* Software by: The RSWR Network (http://www.rswr.net) *
* Copyright 2006-2007 by: Ryan Christenson (http://www.rswr.net) *
* Support, News, Updates at: http://forum.rswr.net/ *
*******************************************************************************
* This program is free software; you can redistribute it and/or modify *
* it under the terms of the GNU General Public License as published by *
* the Free Software Foundation; either version 2 of the License, or *
* (at your option) any later version. *
* *
* This program is distributed in the hope that it will be useful, *
* but WITHOUT ANY WARRANTY; without even the implied warranty of *
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
* GNU General Public License for more details. *
* *
* You should have received a copy of the GNU General Public License *
* along with DownloadCounter; if not, write to the Free Software *
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA *
******************************************************************************/
session_start();
ob_start();
?>
<?php
header("Expires: Mon, 26 Jul 1997 05:00:00 GMT"); // Date in the past
header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT"); // Always modified
header("Cache-Control: private, no-store, no-cache, must-revalidate"); // HTTP/1.1
header("Cache-Control: post-check=0, pre-check=0", false);
header("Pragma: no-cache"); // HTTP/1.0
?>
<?php include ("ewconfig.php") ?>
<?php include ("db.php") ?>
<?php include ("secinfo.php") ?>
<?php include ("advsecu.php") ?>
<?php include ("phpmkrfn.php") ?>
<?php
LoadUserLevel(); // Load user level
if (@$_POST["submit"] <> "") {
$bValidPwd = false;
// Setup variables
$sUsername = @$_POST["username"];
$sPassword = @$_POST["password"];
if (ValidateUser($sUsername, $sPassword)) {
// Write cookies
$sLoginType = strtolower($_POST["rememberme"]);
$expirytime = time() + 365*24*60*60; // change cookie expiry time here
if ($sLoginType == "a") {
setCookie(ewCookieAutoLogin, "autologin", $expirytime);
setCookie(ewCookieUserName, $sUsername, $expirytime);
setCookie(ewCookiePassword, TEAencrypt($sPassword, EW_RANDOM_KEY), $expirytime);
} elseif ($sLoginType == "u") {
setCookie(ewCookieAutoLogin, "rememberusername", $expirytime);
setCookie(ewCookieUserName, $sUsername, $expirytime);
} else {
setCookie(ewCookieAutoLogin, "", $expirytime);
}
$_SESSION[ewSessionStatus] = "login";
ob_end_clean();
header("Location: index.php");
exit();
} else {
$_SESSION[ewSessionMessage] = "Incorrect Username or Password";
}
} else {
if (IsLoggedIn()) {
if ($_SESSION[ewSessionMessage] == "") {
ob_end_clean();
header("Location: index.php");
exit();
}
} else { // Check auto login
if (@$_COOKIE[ewCookieAutoLogin] == "autologin") {
$sUsername = @$_COOKIE[ewCookieUserName] ;
$sPassword = TEAdecrypt(@$_COOKIE[ewCookiePassword] , EW_RANDOM_KEY);
if (ValidateUser($sUsername, $sPassword)) {
ob_end_clean();
header("Location: index.php");
exit();
}
}
}
}
?>
<?php include ("sources/header.php") ?>
<script type="text/javascript" src="ewp.js"></script>
<script type="text/javascript">
<!--
function EW_checkMyForm(EW_this) {
if (!EW_hasValue(EW_this.username, "TEXT" )) {
if (!EW_onError(EW_this, EW_this.username, "TEXT", "Please Enter Your User Name"))
return false;
}
if (!EW_hasValue(EW_this.password, "PASSWORD" )) {
if (!EW_onError(EW_this, EW_this.password, "PASSWORD", "Please Enter Your Password"))
return false;
}
return true;
}
//-->
</script>
<?php
if (@$_SESSION[ewSessionMessage] <> "") {
?>
<p><div class="ewmsg"><?php echo $_SESSION[ewSessionMessage]; ?></div></p>
<?php
$_SESSION[ewSessionMessage] = ""; // Clear message
}
?>
<form action="login.php" method="post" onsubmit="return EW_checkMyForm(this);">
<table align="center" class="table_other">
<tr>
<td>Username</td>
<td><input type="text" name="username" size="20" value="<?php echo @$_COOKIE[ewCookieUserName]; ?>" class="text" /></td>
</tr>
<tr>
<td>Password</td>
<td><input type="password" name="password" size="20" class="text" /></td>
</tr>
<tr>
<td> </td>
<td>
<?php if (@$_COOKIE[ewCookieAutoLogin] == "autologin") { ?>
<input type="radio" name="rememberme" value="a" checked />Auto login until I logout explicitly<br /><input type="radio" name="rememberme" value="u" />Save my user name<br /><input type="radio" name="rememberme" value="n" />Always ask for my user name and password
<?php } elseif (@$_COOKIE[ewCookieAutoLogin] == "rememberusername") { ?>
<input type="radio" name="rememberme" value="a" />Auto login until I logout explicitly<br /><input type="radio" name="rememberme" value="u" checked />Save my user name<br /><input type="radio" name="rememberme" value="n" />Always ask for my user name and password
<?php } else { ?>
<input type="radio" name="rememberme" value="a" />Auto login until I logout explicitly<br /><input type="radio" name="rememberme" value="u" />Save my user name<br /><input type="radio" name="rememberme" value="n" checked />Always ask for my user name and password
<?php } ?>
</td>
</tr>
<tr>
<td colspan="2" align="center"><input type="submit" name="submit" value="Login" class="button" /></td>
</tr>
</table>
</form>
<br />
<center>
<div class="rollover forgot" >
<a href="forgetpwd.php"><img src="images/but_forgot.gif" alt="Players List" border="0"/></a>
</div>
<div class="rollover reg">
<a href="register.php"><img src="images/but_reg.gif" alt="Players List" border="0"/></a>
</div>
</center>
<?php
// Function to validate user
function ValidateUser($Username,$Password)
{
$ValidateUser = false;
$CaseSensitive = false; // Modify case sensitivity here
// Check other users
if (!$ValidateUser) {
$conn = phpmkr_db_connect(HOST, USER, PASS, DB, PORT);
$Username = (!get_magic_quotes_gpc()) ? addslashes($Username) : $Username;
$sFilter = "(`user` = '" . AdjustSql($Username) . "')";
$sSql = ewBuildSql(ewSqlSelect, ewSqlWhere, ewSqlGroupBy, ewSqlHaving, ewSqlOrderBy, $sFilter, "");
$query = phpmkr_query($sSql,$conn) or die("Failed to execute query at line " . __LINE__ . ": " . phpmkr_error($conn) . '<br />SQL: ' . $sSql);
if (phpmkr_num_rows($query) > 0) {
$rs = phpmkr_fetch_array($query);
if ($CaseSensitive) {
$ValidateUser=($rs["pass"] == $Password);
} else {
$ValidateUser=(strtolower($rs["pass"]) == strtolower($Password));
}
if ($ValidateUser) {
$_SESSION[ewSessionStatus] = "login";
$_SESSION[ewSessionUserName] = $rs["user"];
$_SESSION[ewSessionSysAdmin] = 0; // Non system admin
$_SESSION[ewSessionUserID] = $rs["user"]; // User ID
$_SESSION[ewSessionUserLevel] = $rs["UserLevel"]; // User Level
if ($_SESSION[ewSessionUserLevel] == -1) { // System admin
$_SESSION[ewSessionUserID] = -1;
}
SetUpUserLevel();
}
}
phpmkr_free_result($query);
phpmkr_db_close($conn);
}
return $ValidateUser;
}
?>
<?php include ("footer.php") ?>