Файл: adultscript-2.0.3-pro/files/admin/login.php
Строк: 103
<?php
define('_VALID', true);
define('_ADMIN', true);
require realpath('../libraries/bootstrap.php');
$template = VF::cfg_item('template_admin');
$tpl = VF::factory('template', array(
'template' => $template,
'template_dir' => BASE_DIR.'/admin/templates/'.$template,
'template_url' => BASE_URL.'/admin/templates/'.$template,
'template_rel' => RELATIVE_URL.'/admin/templates/'.$template
));
$error = '';
$message = '';
$menu = 'login';
if (isset($_POST['submit_login'])) {
$filter = VF::factory('filter');
$username = $filter->get('username');
$password = $filter->get('password');
if ($username != '' && $password != '') {
if ($user = VAuth::login($username, $password)) {
if ($user['status'] == '1') {
$db =& VF::factory('database');
$db->query("UPDATE #__user
SET login_date = '".date('Y-m-d h:i:s')."',
login_ip = '".VServer::ip(true)."'
WHERE username = '".$db->escape($username)."'
LIMIT 1");
$_SESSION['user_id'] = intval($user['user_id']);
$_SESSION['group_id'] = intval($user['group_id']);
$_SESSION['username'] = $username;
$_SESSION['email'] = $user['email'];
$_SESSION['name'] = $user['name'];
$_SESSION['gender'] = $user['gender'];
$_SESSION['avatar'] = $user['avatar'];
$_SESSION['login_date'] = $user['login_date'];
$_SESSION['status'] = $user['status'];
VF::redirect(ADMIN_URL.'/index.php');
} else {
$error = 'Account Suspended!';
}
} else {
$error = 'Username and/or password invalid!';
}
} else {
$error = 'Please enter your username and password!';
}
}
if (isset($_POST['submit_forgot'])) {
$menu = 'forgot';
$filter = VF::factory('filter');
$email = $filter->get('email');
if ($email == '') {
$error = 'Please enter your email address!';
} elseif (!VValid::email($email)) {
$error = 'Email is not a valid email address!';
} else {
$db = VF::factory('database');
$db->query("SELECT user_id, username, password
FROM #__user
WHERE email = '".$db->escape($email)."'
AND status = 1
LIMIT 1");
if ($db->affected_rows()) {
$cfg = VF::cfg('core.config');
$user = $db->fetch_assoc();
$key = VHash::encrypt($user['user_id'].$user['username'].$user['password']);
$body = array();
$body[] = 'To change your password please click the link below:'."nn";
$body[] = '<a href="'.ADMIN_URL.'/login.php?e='.$email.'&r='.$key.'">Send me my password!</a>'."nn";
$body[] = 'Please dont close the browser and try to click the above link no more than 2 hours!';
$body = implode("n", $body);
$mail = VF::factory('email');
$mail->From = $cfg['email_admin'];
$mail->FromName = $cfg['site_name'];
$mail->Sender = $cfg['email_admin'];
$mail->AddReplyTo($cfg['email_admin'], $cfg['email_name']);
$mail->Subject = 'Your '.$cfg['site_name'].' administrator recover password link!';
$mail->AltBody = $body;
$mail->Body = nl2br($body);
$mail->AddAddress($email);
$mail->Send();
$_SESSION['key'] = $key;
$message = 'Email sent!';
} else {
$error = 'Invalid email address!';
}
}
}
if (isset($_GET['email']) && isset($_GET['r'])) {
$menu = 'forgot';
if (isset($_SESSION['key'])) {
$filter = VF::factory('filter');
$email = $filter->get('email', 'STRING', 'GET');
$key = $filter->get('email', 'STRING', 'GET');
if ($key == '') {
$error = 'Invalid recovery key!';
} elseif ($email == '') {
$error = 'Email is empty!';
} elseif (!VValid::email($email)) {
$error = 'Email is invalid!';
} else {
$db = VF::factory('database');
$db->query("SELECT user_id, username, password
FROM #__user
WHERE email = '".$db->escape($email)."'
AND status = 1
LIMIT 1");
if ($db->affected_rows()) {
$cfg = VF::cfg('core.config');
$user = $db->fetch_assoc();
if (VHash::check($user['user_id'].$user['username'].$user['password'], $_SESSION['key'])) {
$password = VText::random('password', 10);
$passworde = VHash::encrypt($password);
$db->query("UPDATE #__user
SET password = '".$db->escape($passworde)."'
WHERE email = '".$db->escape($email)."'
AND status = 1
LIMIT 1");
if ($db->affected_rows()) {
$body = array();
$body[] = 'Your username is: '.htmlspecialchars($user['username']);
$body[] = 'Your password is: '.$password;
$body = implode("n", $body);
$mail = VF::factory('email');
$mail->From = $cfg['email_admin'];
$mail->FromName = $cfg['site_name'];
$mail->Sender = $cfg['email_admin'];
$mail->AddReplyTo($cfg['email_admin'], $cfg['email_name']);
$mail->Subject = 'Your '.$cfg['site_name'].' administrator username and password!';
$mail->AltBody = $body;
$mail->Body = nl2br($body);
$mail->AddAddress($email);
$mail->Send();
$message = 'Email sent!';
} else {
$error = 'Failed to update password!';
}
} else {
$error = 'Incorrect recovery key!';
}
} else {
$error = 'Invalid email address!';
}
}
}
}
$tpl->menu = $menu;
$tpl->meta_title = 'Administrator Login';
$tpl->error = $error;
$tpl->message = $message;
$tpl->load('login');
$tpl->display();
VF::close();
?>