<?php
/* * ********************************************************************
* Copyright notice PHP Blogger 1.2.
*
* (c) 2011 Predrag Rukavina - admin[at]phpblogger[dot]org
* All rights reserved
*
* This script is part of the PHP Blogger project.
* The PHP Blogger project is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version 2
* of the License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
* MA 02110-1301, USA.
*
* This copyright notice MUST appear in all copies of the script!
* ********************************************************************** */
include('sharecon.php');
require_once ('languages/lang_'.$language.'.php');
if($editortrue == 2) {
echo $lang['SHARERNO'];
die();
}
if(isset($_POST['Submit'])) {
session_start();
if(get_magic_quotes_gpc()) {
$ccuser = stripslashes($_POST['username']);
$ccpass = stripslashes($_POST['password']);
$geturl = stripslashes($_POST['geturl']);
$urld = stripslashes($_POST['urld']);
$gettitle = stripslashes($_POST['gettitle']);
} else {
$ccuser = $_POST['username'];
$ccpass = $_POST['password'];
$geturl = $_POST['geturl'];
$urld = $_POST['urld'];
$gettitle = $_POST['gettitle'];
}
//require_once ('classes/securesession.class.php');
unset($_SESSION['cusid']);
unset($_SESSION['INC_USER_ID']);
unset($_SESSION['INC_USER_NAME']);
unset($_SESSION['CC_MODER']);
unset($_SESSION['INC_USER_THUMB']);
unset($_SESSION['INC_USER_PRIV']);
unset($_SESSION['HTTP_USER_AGENT']);
unset($_SESSION['logged_in']);
unset($_SESSION['loggedin']);
unset($_SESSION['ss_fprint']);
unset($_SESSION['incsess']);
unset($_SESSION['inecsess']);
$ccuser = $_POST['username'];
$ccpass = $_POST['password'];
$name = array($ccuser,$ccpass);
foreach($name as $name) {
if(preg_match('#[^A-Za-z0-9-]#',$name)) {
echo "Illegal Characters";
exit();
}
if(strlen($name) < 4) {
echo "<center><div id=\"toprow\">The field must be at least 4 characters long.";
exit();
}
}
$ccpass = md5($_POST['password']);
$ccpass = $conn->addq($ccpass);
$ccuser = $conn->addq($ccuser);
$arecordSet = &$conn->Execute('SELECT * FROM users WHERE username = ? and password = ?', array($ccuser, $ccpass));
if($arecordSet) {
if($arecordSet->fields == 0) {
echo "<div style=\"overflow:visible;background: lightyellow;border: 1px solid #555;color: #333;\">".
$lang['SIGFAL']."</div>";
$conn->Close();
die();
}
}
if(!$arecordSet)
print $conn->ErrorMsg();
else
while(!$arecordSet->EOF) {
$active = $arecordSet->fields['active'];
$kid = $arecordSet->fields['usid'];
$incusername = $arecordSet->fields['username'];
$incthumb = $arecordSet->fields['thumbs'];
$incpriv = $arecordSet->fields['privilege'];
$arecordSet->MoveNext();
}
if($active == 0) {
echo "<center><div style=\"margin-top:12px;background:#F8FAFC;text-align:left;border-top:1px solid #B5D4FE;border-bottom:1px solid #B5D4FE;width:444px;color:#444;font-family:'Lucida Grande',Verdana,Arial,Sans-Serif;font-size:10px;padding:5px 20px 5px 45px;\">$lang[SIGNOT]</div><br />";
exit();
}
if($active == 3) {
echo "<center><div style=\"margin-top:12px;background:#F8FAFC;text-align:left;border-top:1px solid #B5D4FE;border-bottom:1px solid #B5D4FE;width:444px;color:#444;font-family:'Lucida Grande',Verdana,Arial,Sans-Serif;font-size:10px;padding:5px 20px 5px 45px;\">$lang[SIGAPR]</div>";
exit();
}
require_once ('salt.php');
require_once ('classes/securesession.class.php');
$ss = new SecSession();
$ss->check_browser = true;
$ss->check_ip_blocks = 2;
$ss->secure_word = $salt;
$ss->regenerate_id = true;
$ss->Open();
$_SESSION['INC_USER_ID'] = $kid;
$_SESSION['INC_USER_NAME'] = $incusername;
$_SESSION['INC_USER_THUMB'] = $incthumb;
$_SESSION['INC_USER_PRIV'] = $incpriv;
$_SESSION['loggedin'] = true;
$incsess = md5(uniqid(rand(),TRUE));
$_SESSION['inecsess'] = $incsess;
session_write_close();
$time = date("Y-m-d H:i:s");
$time = $conn->addq($time);
$kid = $conn->addq($kid);
$sql = $conn->Prepare('UPDATE users SET lastime = ? WHERE usid = ?');
if($conn->Execute($sql,array($time,$kid)) === false) {
print '<br /><div id="error">error inserting[1]: '.$conn->ErrorMsg().'</div><br />';
}
$link = $urld;
$mtitle = $gettitle;
?>
<head>
<script type="text/javascript">
function delayer(){
window.location = "sharer.php?urld=<?php echo $link; ?>&title=<?php echo $mtitle; ?>"
}
</script>
</head>
<body onLoad="setTimeout('delayer()',2000)">
<?php
$conn->Close();
} else {
?>
<head>
<link rel="stylesheet" type="text/css" href="themes/<?php echo $themes; ?>/styles/share.css" />
<link href="templates/classic/styles/images/favicon.ico" type="image/x-icon" rel="shortcut icon" />
<title><?php echo $sitetitle ?></title>
<meta http-equiv="content-type" content="text/html; charset=UTF-8" />
</head>
<div id="menu">
<li><img id="logo" src="themes/<?php echo $themes ?>/styles/images/logo.png" width="197px" height="35px" border="0" /></li>
</div>
<form action="shareform.php" name="ccform" id="inrform" method="post">
<div id="line">Please enter your login name and password</div>
<input type="hidden" name="geturl" value="<?php echo @$geturl ?>" />
<input type="hidden" name="gettitle" value="<?php echo @$gettitle ?>" />
<input type="hidden" name="urld" value="<?php echo @$urld ?>" />
<br /><br />Username:<br />
<input id="sestext" name="username" type="text" />
<br />
<br />Password:<br />
<input id="sestext" name="password" type="password" />
<br /><br /><br />
<input id="cstart" type="submit" value="Submit" name="Submit" />
</form>
<?php
$conn->Close();
}
###############################
# shareform.php version 1.1.6.#
###############################
?>