login.php at MobileBB - Free PHP Code

<?

$error = false;
if(!isset($_REQUEST['email']))  {$email='';} else {$email=$_REQUEST['email'];}
if(!isset($_POST['password']))  {$password='';} else {$password=$_POST['password'];}

if (isset($_POST['forgotpass']) && $_POST['seccodeverify']=='')
	{
		sendmail($email,$board_title.' - Password reset ',$forum_home."?action=forgot&hashd=".sha1($shaprefix.date("Ymd"))."&hash=".sha1($shaprefix.$email)."&email=".$email,''); 
		echo "<div class='success'>Email with reset password link was sent. Go to <a href='?'>main page</a>.</div>";exit;	
	}	// reset password

if ($_GET['action']=='forgot')
	{
	if ($_GET['hashd'] != sha1($shaprefix.date("Ymd"))) { $error='Reset link expired.'; goto register;}
	if ($_GET['hash'] != sha1($shaprefix.$email)) { $error='Reset link is incorrect.'; goto register;}
	$result = mysql_query("select user_id from board_users where `user_email`='".$email."' and user_locked='0' limit 1");// or die(mysql_error());
	if (mysql_num_rows($result)!=1) { $error='User does not exist or is locked.'; goto register;} 	
	if (strlen($password)<3)
		{
		echo "<form method=post>New password:<input type=password name=password value='".$password."'><br><br><input type=submit name=submit value=submit></form>";exit;
		}	else 
		{
		mysql_query("update board_users set `user_pass`='".sha1($shaprefix.$password)."' where `user_email`='".$email."' and user_locked='0' limit 1") or die(mysql_error());
		echo "<div class='success'>New password set. Now you can login. Go to <a href='?action=login'>login</a></div><br>";exit;
		}	//if strlen password

	}	// get action - incoming password reset

if (isset($_POST['submit']))
	{ 
	if (strlen($email)<6 || strlen($email)>36) 	{ $error='Wrong email'; goto register;}
	if (strlen($password)<3 || strlen($password)>16) { $error='Wrong password'; goto register;}
	if (!preg_match('/^[A-Za-z0-9]+$/', $password)) { $error='Wrong password'; goto register;}
	if (!eregi('^[a-zA-Z0-9._-]+@[a-zA-Z0-9-]+\.[a-zA-Z]{2,4}(\.[a-zA-Z]{2,3})?(\.[a-zA-Z]{2,3})?$', $email)) { $error='Wrong email.'; goto register;}
	$result = mysql_query("select user_id from board_users where `user_email`='".$email."' and user_locked=0 and user_pass='".sha1($shaprefix.$password)."' limit 1"); // or die(mysql_error());
	if (mysql_num_rows($result)==1) 	
		{ 
		setcookie("email", $email, time()+(3600*24*90));  // 3600=1h
		setcookie("password", $password, time()+(3600*24*90));  // 3600=1h
		echo "<div class='success'>OK. Go to <a href='?'>main page</a>.</div>";exit;
		}
		$error= "Incorrect password.";
	}	// if isset submit


register:
if ($error) echo "<span class='error'>$error</span><br>";
echo "<form method=post>
	<label>Your email:</label>
	<br>
	<input type=email name=email value='".$email."'><br>	
	<label>Password:</label>
	<br>
	<input type=password name=password value='".$password."'><br>
	<br>
	<input type=submit name=submit value='submit'>
	<br><br>
	Forgot password ? <input type=checkbox name='forgotpass'> Check to reset password.<br>";
echo "<input id=\"seccodeverify\" type=\"text\" maxlength=\"4\" size=\"8\" name=\"seccodeverify\">";	// anti bot field generator spam , keep this value clear and hidden in css
echo "</form><br>";