<?php
// --------------------------------------------------------------------------
//
// Esvon Classifieds v.4.0
// Copyright(C), Esvon LTD, 2001-2010, All Rights Reserved.
// E-mail: hide@address.com
//
// All forms of reproduction, including, but not limited to, internet posting,
// printing, e-mailing, faxing and recording are strictly prohibited.
// One license required per site running Esvon Classifieds.
// To obtain a license for using Esvon Classifieds, please register at
// http://www.esvon.com/pg/products/p_classifieds/
//
// --------------------------------------------------------------------------
if(!defined('SITE_PATH')) die('Access Denied');
DoNotCache();
if($_POST['act']=='login') ProcessFormLogin();
elseif($_POST['act']=='forgot') ProcessFormLostPwd();
elseif($_GET['relogin']) UserRelogin();
elseif($_GET['logout']){
$ses_uid = (int)hwSessionGetVar('userid');
if($ses_uid){
$ref_url = InputUrl2Html($_REQUEST['ref_url']);
if(!$ref_url) $ref_url = 'index.php?page=login';
/*$args = array(
'REF_URL' => urlencode($ref_url),
'rows' => '',
'a_url' => '',
'mod_num' => 0,
'frames' => '',
'action' => 'out',
'userid' => $ses_uid,
);
hwModEvent('onUserLogout',$args);*/
hwSessionSetVar('userid', 0);
//hwSessionSetVar('is_logout', 1);
$db->query('DELETE FROM '.TBL_USER_ON.' WHERE id='.$ses_uid);
setcookie(COOKIE_LOG, '', 1);
JSRedirect($ref_url);
//EvalAdvTpl(ADM_TPL_PATH.'u_login_ok.htm',$args,1);
exit;
}
}
TryExtraLogin();
ShowFormLogin();
// functions
function ShowFormLogin() {
$tpl_v = array();
$tpl_v['t_login'] = EN_LOGIN_EM ? hwLng('email') : hwLng('username');
$tpl_v['t_login_uf'] = ucfirst($tpl_v['t_login']);
$tpl_v['ses_rnd'] = mt_rand();
hwSessionSetVar('ses_rnd',$tpl_v['ses_rnd']);
$a_glob = array('err_msg','login_fg','err_msg_fg');
foreach($a_glob as $k) $tpl_v[$k] = $GLOBALS[$k];
$tpl_v['login'] = html_esc($_POST['login']);
/*$tpl_v['is_logout'] = (int)hwSessionGetVar('is_logout');
if($tpl_v['is_logout']) hwSessionSetVar('is_logout', 0);*/
EvalAdvTpl(TPL_PATH.'login.htm', $tpl_v, 1);
}
function ProcessFormLogin() {
global $err_msg;
$login = trim($_POST['login']);
$pwd = $_POST['pwd_md5'] ? $_POST['pwd_md5'] : $_POST['pwd'];
$ref_url = InputUrl2Html($_REQUEST['ref_url']);
if(!$login) $err_msg = hwLng('err_login');
else{
include_once SITE_PATH.'inc/auth.inc.php';
$err_msg = '';
$auth = UserAuthenticate($login,$pwd,$_POST['cook']);
if(!$err_msg){
if(is_null($auth)) $err_msg = hwLng('err_ac_disabled');
elseif(!$auth) $err_msg = hwLng('err_login');
}
if(!$err_msg){
/*
if(!$ref_url){
$amt = $db->one_data('SELECT count(*) FROM '.TBL_AD.' WHERE userid='.(int)hwSessionGetVar('userid'));
if(!$amt) $ref_url = preg_replace('/index\.php.*?$/i','index.php?page=add',$_SERVER['REQUEST_URI']);
}
*/
if(strpos($ref_url,'page=login')!==false) $ref_url = '';
if(!$ref_url) $ref_url = 'index.php?page=account';
JSRedirect($ref_url);
exit;
/*$args = array(
'USERNAME' => $GLOBALS['username'],
'EMAIL' => $GLOBALS['email'],
'LOGIN' => html_esc($login),
'PWD' => $GLOBALS['pwd'], // set as plain text in auth.inc.php
'REF_URL' => urlencode($ref_url),
'rows' => '',
'a_url' => '',
'mod_num' => 0,
'frames' => '',
'action' => 'in',
);
hwModEvent('onUserLoginRedirect',$args);
EvalAdvTpl(ADM_TPL_PATH.'u_login_ok.htm',$args,1);
exit;*/
}
}
}
function UserRelogin(){
$userid = (int)hwSessionGetVar('userid');
$ref_url = '';
if(!$userid){
if($_GET['relogin'] == 'paid') $ref_url = urlencode($_SERVER['REQUEST_URI']);
header('Location: index.php?page=login&ref_url='.$ref_url);
exit;
}
hwLoginByUserID($userid);
if ($_GET['relogin']=='paid') {
global $db;
$pay_id = $db->one_data('SELECT id FROM '.TBL_PAY_LOG.' WHERE userid="'.$userid.'" ORDER BY id DESC LIMIT 1');
if($pay_id){
JSRedirect('index.php?page=order_ipn&uid='.$userid.'&pay_id='.$pay_id);
exit;
}
}
JSRedirect('index.php?page=account');
exit;
}
function TryExtraLogin() {
$pg = $_GET['pg'];
if (!$pg || ($pg!='msg' && $pg!='timer')) return;
if($pg=='msg') {
if (!$_GET['r_url'] || ($_GET['act']!='in' && $_GET['act']!='out')) return;
$v['REF_URL'] = InputUrl2Html($_GET['r_url']);
EvalAdvTpl(TPL_PATH.'log'.$_GET['act'].'_msg.htm',$v,1);
exit;
}
elseif ($pg=='timer') {
// Get active URL's
$v['mod_num'] = 0;
$v['a_url'] = '';
$a_url = InputUrl2Html($_GET['a_url']);
if($a_url) {
$a_url = substr($a_url,0,strlen($a_url)-1);
$a_url = explode('|',$a_url);
foreach ($a_url AS $key => $value) {
$v['a_url'].="a_url[".($key+1)."]='$value';\n";
$v['mod_num']++;
}
}
$v['redirect_url'] = InputUrl2Html($_GET['r_url']);
EvalAdvTpl(ADM_TPL_PATH.'u_login_timer.htm',$v,1);
exit;
}
}
function ProcessFormLostPwd() {
global $db,$err_msg_fg;
$col = EN_LOGIN_EM ? 'email' : 'username';
$login_fg = trim($_POST['login_fg']);
if(!$_POST['login_fg']){
$col2 = EN_LOGIN_EM ? 'username' : 'email';
if($_POST[$col2]){
$col = $col2;
$login_fg = trim($_POST[$col]);
}
}
$err_msg_fg = '';
if(!$login_fg) $err_msg_fg = hwErrMsgRequired($col);
else {
list($uid,$pwd,$email,$login) = $db->one_row("SELECT id,pwd,email,$col FROM ".TBL_USER." WHERE $col=".$db->esc($login_fg));
if(!$uid){
if($col=='email'){
$code = $db->one_data("SELECT code FROM ".TBL_REG_CONFIRM." WHERE email=".$db->esc($login_fg));
if(!$code) $err_msg_fg = sprintf(hwLng('err_no_match'),$col);
else $email = $login_fg;
}
else $err_msg_fg = sprintf(hwLng('err_no_match'),$col);
}
}
if(!$err_msg_fg) {
$err_msg_fg = sprintf(hwLng('err_lostpwd_sent'),$email);
$tpl_v = compact('login','pwd');
$tpl_v['login_url'] = SITE_URL.'index.php?page='.($code ? "reg&code=$code" : "login");
$email_body = EvalAdvTpl(TPL_PATH.'lostpwd.mail',$tpl_v);
hwSendMail($email,ADMIN_EMAIL,'',$email_body);
}
}
function InputUrl2Html($url){
if(!$url) return '';
$url = html_esc($url);
return str_replace('&', '&', $url);
}
?>