<?php
/* login.php
Copyright 2006, 2007, 2008 Elmar Wenners
Support site: http://www.chaozz.nl
This file is part of FreeWebshop.org.
FreeWebshop.org is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
FreeWebshop.org is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with FreeWebshop.org; if not, write to the Free Software
Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
*/
?>
<?php
$lostlogin = 0;
if (!empty($_GET['lostlogin'])) {
$lostlogin=$_GET['lostlogin'];
}
$email = "";
if (!empty($_POST['email'])) {
$email=$_POST['email'];
}
if ($email == "") { $email = "--"; }
if ($lostlogin == 0) {
include ("./includes/startmodules.inc.php");
if ($_POST['name'] == NULL) {
?>
<html><head><link href="<?php echo $template_dir."/".$template."/stylesheet.css"; ?>" rel="stylesheet" type="text/css" />
<META HTTP-EQUIV="Refresh" CONTENT="5; URL=index.php?page=my"></head>
<body><br /><br /><br /><br /><br /><br /><br />
<h4><?php echo $txt['login1'] ?> <a href="index.php?page=my"><?php echo $txt['login2'] ?></a></h4></body></html>
<?php
exit;
}
$post_name = $_POST['name'];
$post_pass = $_POST['pass'];
if ((empty($post_pass)) || ($post_pass == "")) { $post_pass = "no_password_is_never_valid!"; }
$query = sprintf("SELECT * FROM `".$dbtablesprefix."customer` WHERE `LOGINNAME`=%s AND `PASSWORD`=%s", quote_smart($post_name), quote_smart(md5($post_pass)));
$sql = mysql_query($query) or die(mysql_error());
$count = mysql_num_rows($sql);
while ($row = mysql_fetch_row($sql)) {
$id = $row[0];
$name = $row[1];
$pass = $row[2];
$group = $row[13];
}
if ($count == 1) // one customer found, ok
{
// if a cookie already exists, then the user was logged in as a guest. so let's check if he has stuff in his cart
if (isset($_COOKIE['fws_guest'])) {
$fws_cust = $_COOKIE['fws_guest'];
$sessionid = $fws_cust; // read the sessionid
// now check if this guest has products in his basket
$query = "SELECT * FROM ".$dbtablesprefix."basket WHERE (CUSTOMERID = ".$sessionid." AND ORDERID = 0) ORDER BY ID";
$sql = mysql_query($query) or die(mysql_error());
while ($row = mysql_fetch_row($sql)) {
$update_query = "UPDATE `".$dbtablesprefix."basket` SET `CUSTOMERID` = ".$id." WHERE ID = '".$row[0]."'";
$update_sql = mysql_query($update_query) or die(mysql_error());
}
// now kill the cookie
setcookie ("fws_guest", "", time() - 3600);
}
$cookie_data = $name.'-'.$id.'-'.md5($pass); //name userid and encrypted password
// store IP
$query = "UPDATE `".$dbtablesprefix."customer` SET `IP` = '".GetUserIP()."' WHERE `ID`=".$id;
$sql = mysql_query($query) or die(mysql_error());
// make acccesslog entry
$query = sprintf("INSERT INTO ".$dbtablesprefix."accesslog (login, time, succeeded) VALUES(%s, '".date("F j, Y, g:i a")."', '1')", quote_smart($_POST['name']));
$sql = mysql_query($query) or die(mysql_error());
if(setcookie ("fws_cust",$cookie_data, 0)==TRUE) //time()+3600
{
if (!empty($_POST['pagetoload'])) {
$pagetoload=$_POST['pagetoload'];
}
else { $pagetoload = "page=my"; }
// if the admin logs in, lets show him the admin screen
if ($group == "ADMIN" && $pagetoload = "page=my") {
$pagetoload = "page=admin";
}
?>
<html><head><link href="<?php echo $template_dir."/".$template."/stylesheet.css"; ?>" rel="stylesheet" type="text/css" />
<META HTTP-EQUIV="Refresh" CONTENT="0; URL=index.php?<?php echo $pagetoload."&version=".$version; ?>"></head>
<body><br /><br /><br /><br /><br /><br /><br />
<h4><?php echo $txt['login3'] ?></h4></body></html>
<?php
}
}
else
{
$query = sprintf("INSERT INTO ".$dbtablesprefix."accesslog (login, time, succeeded) VALUES(%s, '".date("F j, Y, g:i a")."', '0')", quote_smart($_POST['name']));
$sql = mysql_query($query) or die(mysql_error());
?>
<html><head><link href="<?php echo $template_dir."/".$template."/stylesheet.css"; ?>" rel="stylesheet" type="text/css" />
<META HTTP-EQUIV="Refresh" CONTENT="5; URL=index.php?page=my"></head>
<body><br /><br /><br /><br /><br /><br /><br />
<h4><?php echo $txt['login1'] ?> <a href="index.php?page=my"><?php echo $txt['login2'] ?></a></h4></body></html>
<?php
exit;
}
}
if ($lostlogin == 1) {
?>
<table width="60%" class="datatable">
<caption><?php echo $txt['checklogin8'] ?></caption>
<tr><td>
<?php echo $txt['checklogin9'] ?><br /><br />
<form method="POST" action="?page=login&lostlogin=2">
<div style="text-align:center;">
<input type="text" name="email" size="30">
<input type="submit" value="<?php echo $txt['checklogin10'] ?>" name="sub">
</div>
</form>
</tr>
</table>
<?php
}
if ($lostlogin == 2) {
// lets find the correct data in the database
$query = sprintf("SELECT * FROM `".$dbtablesprefix."customer` WHERE `EMAIL` = %s", quote_smart($email));
$sql = mysql_query($query) or die(mysql_error());
if (mysql_num_rows($sql) == 0) {
PutWindow($gfx_dir, $txt['general12'], $txt['checklogin15'], "warning.gif", "50");
echo "<h4><a href=\"javascript:history.go(-1)\">" . $txt['checklogin18'] . "</a></h4>";
exit;
}
while ($row = mysql_fetch_row($sql)) {
$login = $row[1];
// Make up a random new password, simplest case, a 5-digit number
$pass = CreateRandomCode(6);
// Update the database with this new password
$query = sprintf("UPDATE `".$dbtablesprefix."customer` SET `PASSWORD` = %s WHERE `LOGINNAME` = %s", quote_smart(md5($pass)), quote_smart($login));
$sql = mysql_query($query) or die(mysql_error());
}
mymail($webmaster_mail, $email, $txt['checklogin13'], $txt['checklogin14']."<br /><br />".$txt['checklogin2'].": ".$login."<br />".$txt['checklogin3'].": ".$pass, $charset);
PutWindow($gfx_dir, $txt['checklogin13'], $txt['checklogin12']. " " . $email, "notify.gif", "50");
}
?>