<?
require_once("libs/header.php");
$form=array(
"method"=>"POST",
"action"=>"login.php",
"message"=>"",
"errorcount"=>0,
"fields"=>$LOGIN_FORM,
"submit"=>$lang['login']
);
$userform=new UserForms($form["fields"]);
if($_SERVER["REQUEST_METHOD"]==$form["method"])
{
$userform->load($form["fields"], $_POST);
$form["errorcount"]=$userform->check($form["fields"]);
// Validate all inputs
// Added by SepedaTua on June 01, 2006 - http://www.sepedatua.info/
/********************** SepedaTua ****************************/
/* Fields:
$form["fields"]["login"]["value"]
$form["fields"]["password"]["value"]
*/
$search = array ('@<script[^>]*?>.*?</script>@si',
'@<[\/\!]*?[^<>]*?>@si',
'@([\r\n])[\s]+@',
'@&(quot|#34);@i',
'@&(amp|#38);@i',
'@&(lt|#60);@i',
'@&(gt|#62);@i',
'@&(nbsp|#160);@i',
'@&(iexcl|#161);@i',
'@&(cent|#162);@i',
'@&(pound|#163);@i',
'@&(copy|#169);@i',
'@&#(\d+);@e');
$replace = array ('',
'',
'\1',
'"',
'&',
'<',
'>',
' ',
chr(161),
chr(162),
chr(163),
chr(169),
'chr(\1)');
$flogin = $form["fields"]["login"]["value"];
$fpassword = $form["fields"]["password"]["value"];
$form["fields"]["login"]["value"] = preg_replace($search, $replace, $form["fields"]["login"]["value"]);
$form["fields"]["password"]["value"] = preg_replace($search, $replace, $form["fields"]["password"]["value"]);
if ($flogin!=$form["fields"]["login"]["value"] or $fpassword!=$form["fields"]["password"]["value"]) { exit("Bad Request"); }
/************************ eod ******************************/
if($form["errorcount"]==0)
{
if(!$CurUser->authorize($mysql,
$form["fields"]["login"]["value"],
$form["fields"]["password"]["value"]))
{
$form["errorcount"]=1;
$form["message"]=$lang['auth_failed'];
}else
{
$log->log("A", $CurUser->getid());
Header("Location:main.php");
exit();
}
}
}
//$smarty->debugging=true;
$smarty->assign("form", $form);
$smarty->display("login.tpl");
?>