Просмотр архива CoolCMS v5.0 B


<?php 

/*

 * @author mides <Mike Osendowski>

 * @link http://midwm.org

 * @copyright 2011-2014

*/



require_once 'core/system.php';



switch ($act) {

    default:

        if (is_auth())

        {

            redirect(HTTPHOME);

        }

        

        if ($refurl && $refurl != HTTPHOME.'login/')

        {

            $_SESSION['login_refurl'] = $refurl;

        }

        

        $cuser = (isset($_COOKIE['cuser'])) ? check($_COOKIE['cuser']) : FALSE;

        

        $config['newtitle'] = $lang['Sign_In'];

        $tpl['file'] = 'login';

        require_once 'core/header.php';

        require_once 'core/footer.php';

    break;

    

    case 'auth':

        $username = isset($_POST['username']) ? check(utf_lower($_POST['username'])) : check(utf_lower($_GET['u']));

        $password = isset($_POST['password']) ? hash('sha512', md5(md5(check($_POST['password'])))) : hash('sha512', md5(md5(check($_GET['p']))));

        $cookies = !empty($_POST['cookies']) ? 1 : FALSE;



        if ($username && $password)

        {

            $checkuser = DB::run()->queryFetch("select `username`, `password`, `verified` from `users` where `username` = ? and `password` = ? limit 1;", array($username, $password));

            if ($checkuser)

            {

                if ($checkuser['verified'] == 1)

                {

                    $encodedpass = hash('sha512', md5(md5($checkuser['password'].$config['keypass'])));

                    if ($cookies)

                    {

                        setcookie("cuser", $checkuser['username'], time() + 3600 * 24 * 365, '/', '');

                        setcookie("ckey", $encodedpass, time() + 3600 * 24 * 365, '/', '');

                    }



                    $_SESSION['suser'] = $checkuser['username'];

                    $_SESSION['skey'] = $encodedpass;

                    $_SESSION['ip'] = $ip;

                        

                    DB::run()->query("UPDATE `users` SET `lastseen` = ?, `ip` = ?, `browser` = ? WHERE `username` = ?;", array(TIME, $ip, $browser, $checkuser['username']));

                    $redirect = isset($_SESSION['login_refurl']) ? $_SESSION['login_refurl'] : HTTPHOME;

                    unset($_SESSION['login_refurl']);

                    redirect($redirect);

                }

                else

                {

                    $_SESSION['note'] = $lang['Please_verify_your_email_address'];

                }

            }

            else

            {

                $_SESSION['note'] = $lang['The_username_or_password_you_entered_is_incorrect'];

            }

        }



        redirect(HTTPHOME.'login');

    break;



    case 'logout':

        if (is_auth())

        {

            DB::run()->query("delete from `online` where `userid` = ?;", array($u['id']));

            $_SESSION = array();

            setcookie('ckey', '', 0, '/', '');

            setcookie(session_name(), '', 0, '/', '');

            session_unset();

            session_destroy();

        }

        redirect(HTTPHOME.'login');

    break;

}