strtolower($username)))) { if (password_verify($password,$row['Password'])) { if ($settings['maintenence']['enabled'] && $settings['maintenence']['lockout'] && $row['UserLevel'] < $settings['userlevels']['admin'] && $_SERVER['REMOTE_ADDR'] != $settings['maintenence']['bypassip']) { ErrorPage("Access Denied","During maintenence, only an Administrator or above may log in."); die; } if ($row['UserLevel'] == $settings['userlevels']['guest']) { if ($settings['users']['regverify'] != "none") { $message = "Your user has not been activated."; if ($settings['users']['regverify'] == "admin") { $message .= "
An Admin must active your account."; } else if ($settings['users']['regverify'] == "email") { if (GetVerificationHash($row['ID'])) { $_SESSION['RESEND'] = $row['ID']; $message .= '
Resend Activation Email'; } else { } } else if ($settings['users']['regverify'] == "other") { $message .= '
Your Activation code is '.GetVerificationHash($result['UserID']); } ErrorPage("User not activated",$message); die; } else { UpdateQuery('Users', 'UserLevel=:UserLevel', 'ID=:ID', array( ':UserLevel' => $settings['userlevels']['user'], ':ID' => $result['UserID'], ) ); } } else if ($row['UserLevel'] == $settings['userlevels']['banned']) { Log_Login($username,"0:2"); ErrorPage("Login Failed","Banned users cannot login"); die; } if (Login($row['ID'])) { Log_Login($username,"1:0"); return true; } } else { Log_Login($username,"0:1"); ErrorPage("Login Failed","Invalid username or password
Please make sure the username and password are written in the correct case"); die; } } else { Log_Login($username,"0:0"); ErrorPage(null,"Login Failed","Invalid username or password
Please make sure the username and password are written in the correct case"); die; } } function Log_Login($username,$result) { InsertQuery('Logins','Username, Result, IP, Date', ':Username, :Result, :IP, :Date', array( ':Username' => htmlentities($username), ':Result' => htmlentities($result), ':IP' => $_SERVER['REMOTE_ADDR'], ':Date' => time() ) ); } function Login($id) { if (LoggedIn()) { return true; } global $settings; $expire = (strtotime($settings['users']['loginexpire'])); $time = time(); if ($settings['users']['iplock']) { $key = md5($_SERVER['REMOTE_ADDR'].$id.GetUserName($id)); } else { $key = md5($id.GetUserName($id)); } if (UpdateQuery('Users', 'LastIP=:LastIP, LoginDate=:LoginDate, AuthKey=:AuthKey', 'ID=:ID', array( ':LastIP' => $_SERVER['REMOTE_ADDR'], ':LoginDate' => time(), ':AuthKey' => $key, ':ID' => $id, ) )) { $_SESSION['LOGIN']['ID'] = $id; $_SESSION['LOGIN']['KEY'] = $key; setcookie("{$settings['site']['cookieprefix']}id",$id,$expire,"/",$_SERVER['SERVER_NAME']); setcookie("{$settings['site']['cookieprefix']}key",$key,$expire,"/",$_SERVER['SERVER_NAME']); return true; } return false; } if ($_SESSION['IMLOGGINGIN']) { unset($_SESSION['IMLOGGINGIN']); unset($_SESSION['form']); $message = '
You are now logged in
'; DialogMessage($message); echo $message; if (IsPopup()) { echo ''; CloseWindow(); } else if ($_GET['ref']) { ReturnTo(urldecode(base64_decode($_GET['ref']))); } else { ReturnPrevious(); } die; } else if ($_SERVER['REQUEST_METHOD'] == 'POST' && !empty($_POST) && isset($_POST['confirm']) && CheckCaptcha(1)) { $_SESSION['form'] = $_POST; if (Login_Try($_POST['username'], $_POST['password'])) { $_SESSION['IMLOGGINGIN'] = 1; header('Location: '.BuildURL('this',"ref={$_POST['ref']}")); die; } die; } else { MustBeLoggedOut(); } ?>