Demo

Probiere ClanSphere aus und teste daran herum. Demo

Nopaste Service - account.php
uFFy

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
 
<?php
// ClanSphere 2008 - www.clansphere.net
// $Id: account.php 1430 2008-12-10 13:08:44Z Fr33z3m4n $

$domain = (strpos($_SERVER['HTTP_HOST'], '.') !== FALSE) ? $_SERVER['HTTP_HOST'] : '';
$cookie = array('lifetime' => (cs_time() + 2592000), 'path' => '/', 'domain' => $domain);

$login = array('mode' => FALSE, 'error' => '', 'cookie' => 0);
$account = array('users_id' => 0);

if(version_compare(PHP_VERSION,'5.2.0','>')) {
	# Send cookie only by http protocol (available in PHP 5.2.0 or higher)
	session_set_cookie_params(0,$cookie['path'],$cookie['domain'],FALSE,TRUE);
} else {
	session_set_cookie_params(0,$cookie['path'],$cookie['domain']);
}
session_start();

if(empty($_SESSION['users_id'])) {

  if(isset($_POST['login'])) {
		$login['method'] = 'form';
		$login['nick'] = $_POST['nick'];
		$login['password'] = $_POST['password'];
		if($cs_db['hash']=='md5') {
			$login['securepw'] = md5($login['password']);
		}
		if($cs_db['hash']=='sha1') {
			$login['securepw'] = sha1($login['password']);
		}
		if(isset($_POST['cookie'])) {
			$login['cookie'] = $_POST['cookie'];
		}
    $login_where = "users_nick = '" . cs_sql_escape($login['nick']) . "'";
	}
	elseif(isset($_COOKIE['cs_userid']) AND isset($_COOKIE['cs_securepw'])) {
		$login['method'] = 'cookie';
		$login['userid'] = (int)$_COOKIE['cs_userid'];
		$login['securepw'] = $_COOKIE['cs_securepw'];
    $login_where = "users_id = '" . $login['userid'] . "'";
	}

	if(isset($login['method'])) {
		$login_db = cs_sql_select(__FILE__,'users','users_id, users_pwd, users_active',$login_where);
		if(!empty($login_db['users_pwd']) AND $login_db['users_pwd'] == $login['securepw']) { 
			if(empty($login_db['users_active'])) {
				$login['error'] = 'closed'; 
			}
			else {
				$login['mode'] = TRUE;
     
				$_SESSION['users_id'] = $login_db['users_id'];
        $_SESSION['users_ip'] = cs_getip();
				$_SESSION['users_agent'] = $_SERVER['HTTP_USER_AGENT'];
				$_SESSION['users_pwd'] = $login['securepw'];
			}
		}
		elseif(!empty($login_db['users_id'])) { 
			$login['error'] = 'wrong_pwd';
		}
		else {
			$login['error'] = 'user_notfound';
		}

		if(!empty($login['cookie']) AND !empty($login['mode'])) {
			$login['method'] = 'form_cookie';
			setcookie('cs_userid',$login_db['users_id'], $cookie['lifetime'], $cookie['path'], $cookie['domain']);
			setcookie('cs_securepw',$login['securepw'], $cookie['lifetime'], $cookie['path'], $cookie['domain']);
		}
	}
}

if(!empty($_SESSION['users_id'])) {

	if (empty($login['method'])) $login['method'] = 'session';
  $login['mode'] = TRUE;
	$acc_sc = 'users_id, users_nick, users_lang, access_id, users_limit, users_view, users_timezone, users_dstime, users_ajax, users_tpl, users_pwd';
	$account = cs_sql_select(__FILE__,'users',$acc_sc,'users_id = \'' . (int)$_SESSION['users_id'] . '\' AND users_pwd = \''.$_SESSION['users_pwd'].'\' AND users_active = 1');
  if (empty($account) ) {
    session_destroy();
    $login['mode'] = FALSE;
  }
  if (empty($cs_main['ajax'])) $account['users_ajax'] = 0;
}

if(!empty($_COOKIE['cs_userid'])) { 
  setcookie('cs_userid',$account['users_id'], $cookie['lifetime'], $cookie['path'], $cookie['domain']);
  setcookie('cs_securepw',array_pop($account), $cookie['lifetime'], $cookie['path'], $cookie['domain']);	
}
if(!empty($account['users_id'])) { 
	if($_SESSION['users_ip'] != cs_getip() OR $_SESSION['users_agent'] != $_SERVER['HTTP_USER_AGENT']) {
		session_destroy();
		$login['mode'] = FALSE;
	}
	elseif($cs_main['mod']=='users' AND $cs_main['action']=='logout') {
		setcookie('cs_userid', '', 1, $cookie['path'], $cookie['domain']);
		setcookie('cs_securepw', '', 1, $cookie['path'], $cookie['domain']);
		session_destroy();
		$login['mode'] = FALSE;
		if (!empty($account['users_ajax'])) cs_redirect('','users','login');
	}
	else {
    $cells = array('users_laston');
    $content = array(cs_time());
    cs_sql_update(__FILE__,'users',$cells,$content,$account['users_id']);
  }
}
else {
  $account = array('access_id' => 1, 'users_id' => 0, 'users_lang' => $cs_main['def_lang'], 'users_limit' => 20, 'users_timezone' => $cs_main['def_timezone'], 'users_dstime' => $cs_main['def_dstime']);
}

if(!empty($_GET['lang']) OR empty($account['users_id']) AND !empty($_COOKIE['cs_lang'])) {
	require_once('system/core/lang.php');
}

require_once('lang/' . $account['users_lang'] . '/system/comlang.php');

$gma = cs_sql_select(__FILE__,'access','*',"access_id = " . (int)$account['access_id']);
if(is_array($gma)) {
	$account = array_merge($account,$gma);
}

if(empty($cs_main['public']) AND !empty($account['users_id']) AND $account['access_clansphere'] < 3) {
    setcookie('cs_userid', '', 1, $cookie['path'], $cookie['domain']);
    setcookie('cs_securepw', '', 1, $cookie['path'], $cookie['domain']);
    session_destroy();
    $login['mode'] = FALSE;
    $login['error'] = 'not_public'; 
}

$cs_lang_main = cs_translate();

?>