I know some of the changes from php4 to php5 and most of them are minor ones with no effect really with the output of php4 scripts running in php5
But I am getting a login redirect loop
Login query's the DB and verifies login credentials
then redirects to the member page
then redirects back to the login page!
What functions should I look for that would be not working in a php5 environment.
The script runs flawless in php4....
Here is the login page
Code: Select all
<?php
$phrase['groups'] = array(
'preferences');
define('LOCATION','login');
define('MD5_INCLUDE','md5');
require_once('./functions/core.config.inc.php');
$navcrumb = array("$ilpage[login]" => $ilcrumbs["$ilpage[login]"]);
// #### MEMBER LOGIN PROCESS ###################################################
$redirect = isset($ilance->GPC['redirect']) ? $ilance->GPC['redirect'] : '';
if (isset($ilance->GPC['login_process']) AND $ilance->GPC['login_process'] == 1)
{
$area_title = $phrase['_submitting_login_information'].' . .';
$page_title = SITE_NAME.' - '.$phrase['_submitting_login_information'];
$badusername = 1;
$badpassword = 1;
if (!empty($ilance->GPC['username']))
{
$sqluser = $ilance->db->query("SELECT * FROM ".DB_PREFIX."users
WHERE username = '".mysql_real_escape_string($ilance->GPC['username'])."'
LIMIT 1");
if ($ilance->db->num_rows($sqluser) > 0)
{
$user_result = $ilance->db->fetch_array($sqluser);
$badusername = 0;
$badpassword = 0;
if ($user_result['password'] != iif($ilance->GPC['password'] AND !$ilance->GPC['md5pass'], md5(md5($ilance->GPC['password']) . $user_result['salt']), '') AND $user_result['password'] != md5($ilance->GPC['md5pass'] . $user_result['salt']) AND $user_result['password'] != iif($ilance->GPC['md5pass_utf'], md5($ilance->GPC['md5pass_utf'] . $user_result['salt']), ''))
{
$badpassword = 1;
}
}
if ($badusername == 0 AND $badpassword == 0)
{
// update last seen for this member
$ilance->db->query("UPDATE ".DB_PREFIX."users
SET lastseen = '".DATETIME24H."'
WHERE user_id = '".$user_result['user_id']."'
LIMIT 1");
// default subscription params
$subscription_result['subscriptionid'] = 0;
$subscription_result['active'] = 'no';
$subscription_plan_result['cost'] = 0;
// fetch user subscription infos
$sql_subscription_user = $ilance->db->query("SELECT * FROM ".DB_PREFIX."subscription_user
WHERE user_id = '".$user_result['user_id']."'
LIMIT 1");
if ($ilance->db->num_rows($sql_subscription_user) > 0)
{
$subscription_result = $ilance->db->fetch_array($sql_subscription_user);
$sql_subscription_plan = $ilance->db->query("SELECT * FROM ".DB_PREFIX."subscription
WHERE subscriptionid = '".$subscription_result['subscriptionid']."'
LIMIT 1");
if ($ilance->db->num_rows($sql_subscription_plan) > 0)
{
$subscription_plan_result = $ilance->db->fetch_array($sql_subscription_plan);
}
}
if ($user_result['status'] == 'active')
{
$sql_prefs = $ilance->db->query("SELECT * FROM ".DB_PREFIX."preferences
WHERE user_id = '".$user_result['user_id']."'
LIMIT 1");
$pref_result = $ilance->db->fetch_array($sql_prefs);
$sel_currencies = $ilance->db->query("SELECT * FROM ".DB_PREFIX."currency
WHERE currency_id = '".$pref_result['currencyid']."'
LIMIT 1");
$res_currencies = $ilance->db->fetch_array($sel_currencies);
// are we still logged in as admin?
if (!empty($_SESSION['ilancedata']['admin']) AND is_array($_SESSION['ilancedata']['admin']))
{
// globalize user
$_SESSION['ilancedata']['user'] = array(
// customer
"sessionid" => session_id(),
"status" => $user_result['status'],
"userid" => intval($user_result['user_id']),
"username" => stripslashes($user_result['username']),
"password" => $user_result['password'],
"salt" => $user_result['salt'],
"email" => $user_result['email'],
"firstname" => stripslashes($user_result['first_name']),
"lastname" => stripslashes($user_result['last_name']),
"fullname" => $user_result['first_name'] . ' ' . $user_result['last_name'],
"address" => ucwords(stripslashes($user_result['address'])),
"address2" => ucwords(stripslashes($user_result['address2'])),
"fulladdress" => ucwords(stripslashes($user_result['address'])) . ' ' . ucwords(stripslashes($user_result['address2'])),
"city" => ucwords(stripslashes($user_result['city'])),
"state" => ucwords(stripslashes($user_result['state'])),
"postalzip" => strtoupper(trim($user_result['zip_code'])),
"countryid" => intval($user_result['country']),
"lastseen" => $user_result['lastseen'],
"ipaddress" => $user_result['ipaddress'],
"iprestrict" => $user_result['iprestrict'],
"auctiondelists" => intval($user_result['auctiondelists']),
"bidretracts" => intval($user_result['bidretracts']),
"warnings" => intval($user_result['warnings']),
"warningbans" => intval($user_result['warning_bans']),
"warninglevel" => intval($user_result['warning_level']),
// referral code
"ridcode" => $user_result['rid'],
// date of birth
"dob" => $user_result['dob'],
// customer ratings
"serviceawards" => intval($user_result['serviceawards']),
"productawards" => intval($user_result['productawards']),
"servicerating" => $user_result['servicerating'],
"productrating" => $user_result['productrating'],
"buyingservicerating" => $user_result['buyingservicerating'],
"buyingproductrating" => $user_result['buyingproductrating'],
// customer preferences
"languageid" => intval($pref_result['languageid']),
"timezoneid" => intval($pref_result['timezoneid']),
"timezonedst" => $pref_result['timezone_dst'],
"distance" => $pref_result['project_distance'],
"emailnotify" => intval($pref_result['emailnotify']),
"companyname" => stripslashes($pref_result['companyname']),
// customer subscription
"roleid" => intval($subscription_result['roleid']),
"subscriptionid" => intval($subscription_result['subscriptionid']),
"cost" => $subscription_plan_result['cost'],
"active" => $subscription_result['active'],
// customer currency
"currencyid" => intval($pref_result['currencyid']),
"currencyname" => stripslashes($res_currencies['currency_name']),
"currencysymbol" => $ilance->currency->currencies[$pref_result['currencyid']]['symbol_left'],
"currencyabbrev" => strtoupper($res_currencies['currency_abbrev']));
}
else
{
// globalize user
$_SESSION['ilancedata'] = array(
"user" => array(
// customer
"sessionid" => session_id(),
"status" => $user_result['status'],
"userid" => intval($user_result['user_id']),
"username" => stripslashes($user_result['username']),
"password" => $user_result['password'],
"salt" => $user_result['salt'],
"email" => $user_result['email'],
"firstname" => stripslashes($user_result['first_name']),
"lastname" => stripslashes($user_result['last_name']),
"fullname" => $user_result['first_name'] . ' ' . $user_result['last_name'],
"address" => ucwords(stripslashes($user_result['address'])),
"address2" => ucwords(stripslashes($user_result['address2'])),
"fulladdress" => ucwords(stripslashes($user_result['address'])) . ' ' . ucwords(stripslashes($user_result['address2'])),
"city" => ucwords(stripslashes($user_result['city'])),
"state" => ucwords(stripslashes($user_result['state'])),
"postalzip" => strtoupper(trim($user_result['zip_code'])),
"countryid" => intval($user_result['country']),
"lastseen" => $user_result['lastseen'],
"ipaddress" => $user_result['ipaddress'],
"iprestrict" => $user_result['iprestrict'],
"auctiondelists" => intval($user_result['auctiondelists']),
"bidretracts" => intval($user_result['bidretracts']),
"warnings" => intval($user_result['warnings']),
"warningbans" => intval($user_result['warning_bans']),
"warninglevel" => intval($user_result['warning_level']),
// referral code
"ridcode" => $user_result['rid'],
// date of birth
"dob" => $user_result['dob'],
// customer ratings
"serviceawards" => intval($user_result['serviceawards']),
"productawards" => intval($user_result['productawards']),
"servicerating" => $user_result['servicerating'],
"productrating" => $user_result['productrating'],
"buyingservicerating" => $user_result['buyingservicerating'],
"buyingproductrating" => $user_result['buyingproductrating'],
// customer preferences
"languageid" => intval($pref_result['languageid']),
"timezoneid" => intval($pref_result['timezoneid']),
"timezonedst" => $pref_result['timezone_dst'],
"distance" => $pref_result['project_distance'],
"emailnotify" => intval($pref_result['emailnotify']),
"companyname" => stripslashes($pref_result['companyname']),
// customer subscription
"roleid" => intval($subscription_result['roleid']),
"subscriptionid" => intval($subscription_result['subscriptionid']),
"cost" => $subscription_plan_result['cost'],
"active" => $subscription_result['active'],
// customer currency
"currencyid" => intval($pref_result['currencyid']),
"currencyname" => stripslashes($res_currencies['currency_name']),
"currencysymbol" => $ilance->currency->currencies[$pref_result['currencyid']]['symbol_left'],
"currencyabbrev" => strtoupper($res_currencies['currency_abbrev'])));
}
// create remember me cookies for user (used for auto-site logins)
if (isset($ilance->GPC['remember']) AND $ilance->GPC['remember'])
{
setcookie($ilconfig['globalsecurity_cookiename'].'[userid]', $ilance->crypt->three_layer_encrypt($_SESSION['ilancedata']['user']['userid'], $ilconfig['key1'], $ilconfig['key2'], $ilconfig['key3']), TIMESTAMPNOW+31622400, '/', '');
setcookie($ilconfig['globalsecurity_cookiename'].'[password]', $ilance->crypt->three_layer_encrypt($_SESSION['ilancedata']['user']['password'], $ilconfig['key1'], $ilconfig['key2'], $ilconfig['key3']), TIMESTAMPNOW+31622400, '/', '');
setcookie($ilconfig['globalsecurity_cookiename'].'[username]', $ilance->crypt->three_layer_encrypt($_SESSION['ilancedata']['user']['username'], $ilconfig['key1'], $ilconfig['key2'], $ilconfig['key3']), TIMESTAMPNOW+31622400, '/', '');
}
// remember users last visit and last hit activity
setcookie($ilconfig['globalsecurity_cookiename'].'[lastvisit]', DATETIME24H, TIMESTAMPNOW+31622400, '/', '');
setcookie($ilconfig['globalsecurity_cookiename'].'[lastactivity]', DATETIME24H, TIMESTAMPNOW+31622400, '/', '');
if (!empty($redirect))
{
refresh($redirect);
exit();
}
else if (!empty($pref_result['start_page']))
{
refresh($pref_result['start_page'] . $ilconfig['globalsecurity_extensionmime']);
exit();
}
else
{
refresh($ilpage['main']."?cmd=cp");
exit();
}
}
else if ($user_result['status'] == "suspended")
{
refresh($ilpage['login'].'?error=suspended');
exit();
}
else if ($user_result['status'] == "cancelled")
{
refresh($ilpage['login'].'?error=cancelled');
exit();
}
else if ($user_result['status'] == "unverified")
{
refresh($ilpage['login'].'?error=unverified');
exit();
}
elseif ($user_result['status'] == "moderated")
{
refresh($ilpage['login'].'?error=moderated');
exit();
}
else if ($user_result['status'] == "banned")
{
// aparently, this user appears to be banned
if (isset($show['warnings']) AND $show['warnings'])
{
if (!empty($user_result['user_id']) AND $user_result['user_id'] > 0)
{
$sqlb = $ilance->db->query("SELECT * FROM ".DB_PREFIX."warnings_bans
WHERE banuserid = '".intval($user_result['user_id'])."'
AND banstatus = '1'
LIMIT 1");
if ($ilance->db->num_rows($sqlb) > 0)
{
$resban = $ilance->db->fetch_array($sqlb);
$datesplit = explode('-', $resban['banliftdate']);
$daysleft = $ilance->datetime->fetch_days_between(gmdate('m'), gmdate('d'), gmdate('Y'), $datesplit[1], $datesplit[2], $datesplit[0]);
print_notice($phrase['_you_have_been_banned_from_the_marketplace'], $phrase['_you_have_been_banned_from_the_marketplace'].". You have <strong>$daysleft</strong> days remaining for this ban to mature.<br />If you would like to dispute this ban, contact our staff.", $ilpage['main'].'?cmd=contact&subcmd=banned', $phrase['_contact_customer_support']);
exit();
}
else
{
print_notice($phrase['_you_have_been_banned_from_the_marketplace'], $phrase['_you_have_been_banned_from_the_marketplace'].".<br />If you would like to dispute this ban, contact our staff.", $ilpage['main'].'?cmd=contact&subcmd=banned', $phrase['_contact_customer_support']);
exit();
}
}
}
else
{
print_notice($phrase['_you_have_been_banned_from_the_marketplace'], $phrase['_you_have_been_banned_from_the_marketplace'].".<br />If you would like to dispute this ban, contact our staff.", $ilpage['main'].'?cmd=contact&subcmd=banned', $phrase['_contact_customer_support']);
exit();
}
}
else
{
refresh($ilpage['login'].'?error=1');
exit();
}
}
else
{
if ($ilconfig['globalsecurity_emailonfailedlogins'])
{
// count number of login attempts
$sel_attempts = $ilance->db->query("SELECT COUNT(*) AS num_attempts FROM ".DB_PREFIX."failed_logins
WHERE attempted_username = '".mysql_real_escape_string($ilance->GPC['username'])."'");
$sel_attempts_array = $ilance->db->fetch_array($sel_attempts);
if ($sel_attempts_array['num_attempts'] >= $ilconfig['globalsecurity_numfailedloginattempts'])
{
// to be added: check if this user is actually a user, if so
// send them an email also informing them of a suspicious hack attempt
}
$ilance->db->query("INSERT INTO ".DB_PREFIX."failed_logins
(id, attempted_username, attempted_password, referrer_page, ip_address, datetime_failed)
VALUES(
NULL,
'".mysql_real_escape_string($ilance->GPC['username'])."',
'".mysql_real_escape_string($ilance->GPC['password'])."',
'".mysql_real_escape_string($_SERVER['HTTP_REFERER'])."',
'".mysql_real_escape_string($_SERVER['REMOTE_ADDR'])."',
'".DATETIME24H."')");
######################################
# ILANCE => EMAIL TEMPLATE ENGINE V1.0
######################################
# GRAB EMAIL: ID=76, NAME=Failed Login Attempt - Admin
$query1="SELECT ";
$query1.="subject_".fetch_site_slng().", ";
$query1.="message_".fetch_site_slng()." ";
$query1.="FROM ";
$query1.=DB_PREFIX."email ";
$query1.="WHERE ";
$query1.="varname='failed_login_attempt_admin'";
$runit=$ilance->db->query($query1);
$rs1=$ilance->db->fetch_array($runit);
$subject=stripslashes(trim($rs1[0]));
$message=stripslashes(trim($rs1[1]));
$subject=str_replace("{{remote_addr}}", mysql_real_escape_string($_SERVER['REMOTE_ADDR']), $subject);
$subject=str_replace("{{num_attempts}}", $sel_attempts_array['num_attempts'], $subject);
$subject=str_replace("{{date_time}}", DATETIME24H, $subject);
$subject=str_replace("{{referrer}}", mysql_real_escape_string($_SERVER['HTTP_REFERER']), $subject);
$subject=str_replace("{{username}}", $ilance->GPC['username'], $subject);
$subject=str_replace("{{password}}", $ilance->GPC['password'], $subject);
$subject=str_replace("{{site_name}}", SITE_NAME, $subject);
$subject=str_replace("{{https_server}}", HTTPS_SERVER, $subject);
$subject=str_replace("{{http_server}}", HTTP_SERVER, $subject);
$subject=str_replace("{{generate_date}}", apiDate(DATETIME24H, $ilconfig['globalserverlocale_globaltimeformat'], 0, 0), $subject);
$message=str_replace("{{remote_addr}}", mysql_real_escape_string($_SERVER['REMOTE_ADDR']), $message);
$message=str_replace("{{num_attempts}}", $sel_attempts_array['num_attempts'], $message);
$message=str_replace("{{date_time}}", DATETIME24H, $message);
$message=str_replace("{{referrer}}", mysql_real_escape_string($_SERVER['HTTP_REFERER']), $message);
$message=str_replace("{{username}}", $ilance->GPC['username'], $message);
$message=str_replace("{{password}}", $ilance->GPC['password'], $message);
$message=str_replace("{{site_name}}", SITE_NAME, $message);
$message=str_replace("{{site_title}}", SITE_TITLE, $message);
$message=str_replace("{{site_email}}", SITE_EMAIL, $message);
$message=str_replace("{{site_phone}}", SITE_PHONE, $message);
$message=str_replace("{{site_address}}", SITE_ADDRESS, $message);
$message=str_replace("{{http_server_admin}}", HTTP_SERVER_ADMIN, $message);
$message=str_replace("{{https_server_admin}}", HTTPS_SERVER_ADMIN, $message);
$message=str_replace("{{https_server}}", HTTPS_SERVER, $message);
$message=str_replace("{{http_server}}", HTTP_SERVER, $message);
$message=str_replace("{{generate_date}}", apiDate(DATETIME24H, $ilconfig['globalserverlocale_globaltimeformat'], 0, 0), $message);
$message=str_replace("{{email_id}}", "76", $message);
api_email(SITE_EMAIL, $subject,$message, SITE_EMAIL);
refresh($ilpage['login'].'?error=1');
exit();
}
else
{
refresh($ilpage['login'].'?error=1');
exit();
}
}
}
else
{
refresh($ilpage['login'].'?error=1');
exit();
}
}
// #### MEMBER LOGOUT REQUEST ##################################################
if (isset($ilance->GPC['cmd']) AND $ilance->GPC['cmd'] == '_logout')
{
$area_title = $phrase['_logging_out_of_marketplace'];
$page_title = $phrase['_logging_out_of_marketplace'];
// keep last visit and last activity cookie .-)
setcookie($ilconfig['globalsecurity_cookiename'].'[lastvisit]', DATETIME24H, TIMESTAMPNOW+31556926, '/', '');
setcookie($ilconfig['globalsecurity_cookiename'].'[lastactivity]', DATETIME24H, TIMESTAMPNOW+31622400, '/', '');
// expire member specific cookies so the marketplace doesn't re-login user in automatically
// leave username cookie alone so the marketplace can greet the member by username (login, breadcrumb, etc)
setcookie($ilconfig['globalsecurity_cookiename'].'[userid]', '', 0, '/', '');
setcookie($ilconfig['globalsecurity_cookiename'].'[password]', '', 0, '/', '');
// expire any checkboxes selected in this session
setcookie('ilance_inlineproduct', '', 0, '/', '');
setcookie('ilance_inlineservice', '', 0, '/', '');
setcookie('ilance_inlineprovider', '', 0, '/', '');
if (!empty($_SESSION['ilancedata']['admin']) AND is_array($_SESSION['ilancedata']['admin']))
{
// destroy partial member session
// we are a user requesting to logout but we're also logged in as an admin in another window..
// if we destroy entire session then the admin session is also lost.. :(
// to avoid this let's just flush out the user session array and leave
// the admin session in tact
$_SESSION['ilancedata']['user'] = '';
$_SESSION['ilancedata']['user'] = array();
}
else
{
// destroy entire member session
session_unset();
$ilance->sessions->sess_destroy(session_id());
session_destroy();
}
// refresh page to set new sessions to empty values
refresh($ilpage['login']);
exit();
}
// #### ADMINCP LOGIN HANDLER ##################################################
else if (isset($ilance->GPC['login_process']) AND $ilance->GPC['login_process'] == 2)
{
$area_title = $phrase['_submitting_login_information'].' . .';
$page_title = SITE_NAME.' - '.$phrase['_submitting_login_information'];
$badusername = 1;
$badpassword = 1;
if (isset($ilance->GPC['username']))
{
$sqluser = $ilance->db->query("SELECT * FROM ".DB_PREFIX."admin
WHERE username = '".mysql_real_escape_string($ilance->GPC['username'])."'
LIMIT 1");
if ($ilance->db->num_rows($sqluser) > 0)
{
$user_result = $ilance->db->fetch_array($sqluser);
$badusername = 0;
$badpassword = 0;
if ($user_result['password'] != iif($ilance->GPC['password'] AND !$ilance->GPC['md5pass'], md5(md5($ilance->GPC['password']) . $user_result['salt']), '') AND $user_result['password'] != md5($ilance->GPC['md5pass'] . $user_result['salt']) AND $user_result['password'] != iif($ilance->GPC['md5pass_utf'], md5($ilance->GPC['md5pass_utf'] . $user_result['salt']), ''))
{
$badpassword = 1;
}
}
if ($badusername == 0 AND $badpassword == 0)
{
if ($user_result['status'] == 'active')
{
if (!empty($_SESSION['ilancedata']['user']))
{
// the admin is logging in and has already logged in
// previously as a member in another browser window
$_SESSION['ilancedata']['admin'] = array(
"sessionid" => session_id(),
"status" => $user_result['status'],
"userid" => intval($user_result['admin_id']),
"username" => stripslashes($user_result['username']),
"password" => $user_result['password'],
"salt" => $user_result['salt'],
"email" => $user_result['email'],
"lastseen" => $user_result['last_login'],
"ipaddress" => $user_result['ipaddress'],
"iprestrict" => $user_result['iprestrict'],
"isroot" => intval($user_result['isroot']),
"browseragent" => (!empty($_SESSION['ilancedata']['user']['browseragent']) ? $_SESSION['ilancedata']['user']['browseragent'] : $_SERVER['HTTP_USER_AGENT']));
}
else
{
// we are just logging in as an admin
$_SESSION['ilancedata'] = array(
"admin" => array(
"sessionid" => session_id(),
"status" => $user_result['status'],
"userid" => intval($user_result['admin_id']),
"username" => stripslashes($user_result['username']),
"password" => $user_result['password'],
"salt" => $user_result['salt'],
"email" => $user_result['email'],
"lastseen" => $user_result['last_login'],
"ipaddress" => $user_result['ipaddress'],
"iprestrict" => $user_result['iprestrict'],
"isroot" => intval($user_result['isroot']),
"browseragent" => (!empty($_SESSION['ilancedata']['user']['browseragent']) ? $_SESSION['ilancedata']['user']['browseragent'] : $_SERVER['HTTP_USER_AGENT'])));
}
// create remember me cookies for admin (used for auto-admin logins)
if (isset($ilance->GPC['remember']) AND $ilance->GPC['remember'] == 1)
{
setcookie($ilconfig['globalsecurity_cookiename'].'[admin][userid]', $ilance->crypt->three_layer_encrypt($_SESSION['ilancedata']['admin']['userid'], $ilconfig['key1'], $ilconfig['key2'], $ilconfig['key3']), TIMESTAMPNOW+31622400, '/', '');
setcookie($ilconfig['globalsecurity_cookiename'].'[admin][password]', $ilance->crypt->three_layer_encrypt($_SESSION['ilancedata']['admin']['password'], $ilconfig['key1'], $ilconfig['key2'], $ilconfig['key3']), TIMESTAMPNOW+31622400, '/', '');
setcookie($ilconfig['globalsecurity_cookiename'].'[admin][username]', $ilance->crypt->three_layer_encrypt($_SESSION['ilancedata']['admin']['username'], $ilconfig['key1'], $ilconfig['key2'], $ilconfig['key3']), TIMESTAMPNOW+31622400, '/', '');
}
// remember users last visit and last hit activity
setcookie($ilconfig['globalsecurity_cookiename'].'[admin][lastvisit]', DATETIME24H, TIMESTAMPNOW+31622400, '/', '');
setcookie($ilconfig['globalsecurity_cookiename'].'[admin][lastactivity]', DATETIME24H, TIMESTAMPNOW+31622400, '/', '');
// update admins ip address
$ilance->db->query("UPDATE ".DB_PREFIX."admin
SET ipaddress = '".mysql_real_escape_string($_SERVER['REMOTE_ADDR'])."',
last_login = '".DATETIME24H."'
WHERE admin_id = '".$user_result['admin_id']."'
LIMIT 1");
if (isset($ilance->GPC['redirect']) AND $ilance->GPC['redirect'] != '')
{
refresh($ilance->GPC['redirect']);
exit();
}
else
{
// redirect to admin dashboard
refresh($ilpage['dashboard'], HTTPS_SERVER_ADMIN . $ilpage['dashboard']);
exit();
}
}
else if ($user_result['status'] == 'suspended')
{
refresh($ilpage['login'].'?error=suspended');
exit();
}
else
{
refresh($ilpage['login'].'?error=1');
exit();
}
}
else
{
if ($ilconfig['globalsecurity_emailonfailedlogins'] == 1)
{
$ilance->db->query("INSERT INTO ".DB_PREFIX."failed_logins
(id, attempted_username, attempted_password, referrer_page, ip_address, datetime_failed)
VALUES(
NULL,
'".mysql_real_escape_string($ilance->GPC['username'])."',
'".mysql_real_escape_string($ilance->GPC['password'])."',
'".mysql_real_escape_string(getenv('REFERRER'))."',
'".mysql_real_escape_string(getenv('REMOTE_ADDR'))."',
'".DATETIME24H."')");
######################################
# ILANCE => EMAIL TEMPLATE ENGINE V1.0
######################################
# GRAB EMAIL: ID=76, NAME=Failed Login Attempt - Admin
$query1="SELECT ";
$query1.="subject_".fetch_site_slng().", ";
$query1.="message_".fetch_site_slng()." ";
$query1.="FROM ";
$query1.=DB_PREFIX."email ";
$query1.="WHERE ";
$query1.="varname='failed_login_attempt_admin'";
$runit=$ilance->db->query($query1);
$rs1=$ilance->db->fetch_array($runit);
$subject=stripslashes(trim($rs1[0]));
$message=stripslashes(trim($rs1[1]));
$subject=str_replace("{{remote_addr}}", getenv('REMOTE_ADDR'), $subject);
$subject=str_replace("{{num_attempts}}", $sel_attempts_array['num_attempts'], $subject);
$subject=str_replace("{{date_time}}", DATETIME24H, $subject);
$subject=str_replace("{{referrer}}", getenv('REFERRER'), $subject);
$subject=str_replace("{{username}}", $ilance->GPC['username'], $subject);
$subject=str_replace("{{password}}", $ilance->GPC['password'], $subject);
$subject=str_replace("{{site_name}}", SITE_NAME, $subject);
$subject=str_replace("{{https_server}}", HTTPS_SERVER, $subject);
$subject=str_replace("{{http_server}}", HTTP_SERVER, $subject);
$subject=str_replace("{{generate_date}}", apiDate(DATETIME24H, $ilconfig['globalserverlocale_globaltimeformat'], 0, 0), $subject);
$message=str_replace("{{remote_addr}}", getenv('REMOTE_ADDR'), $message);
$message=str_replace("{{num_attempts}}", $sel_attempts_array['num_attempts'], $message);
$message=str_replace("{{date_time}}", DATETIME24H, $message);
$message=str_replace("{{referrer}}", getenv('REFERRER'), $message);
$message=str_replace("{{username}}", $ilance->GPC['username'], $message);
$message=str_replace("{{password}}", $ilance->GPC['password'], $message);
$message=str_replace("{{site_name}}", SITE_NAME, $message);
$message=str_replace("{{site_title}}", SITE_TITLE, $message);
$message=str_replace("{{site_email}}", SITE_EMAIL, $message);
$message=str_replace("{{site_phone}}", SITE_PHONE, $message);
$message=str_replace("{{site_address}}", SITE_ADDRESS, $message);
$message=str_replace("{{http_server_admin}}", HTTP_SERVER_ADMIN, $message);
$message=str_replace("{{https_server_admin}}", HTTPS_SERVER_ADMIN, $message);
$message=str_replace("{{https_server}}", HTTPS_SERVER, $message);
$message=str_replace("{{http_server}}", HTTP_SERVER, $message);
$message=str_replace("{{generate_date}}", apiDate(DATETIME24H, $ilconfig['globalserverlocale_globaltimeformat'], 0, 0), $message);
$message=str_replace("{{email_id}}", "76", $message);
api_email(SITE_EMAIL, $subject, $message, SITE_EMAIL);
refresh($ilpage['login'] . '?error=1', HTTPS_SERVER_ADMIN . $ilpage['login'] . '?error=1');
exit();
}
else
{
refresh($ilpage['login'] . '?error=1', HTTPS_SERVER_ADMIN . $ilpage['login'] . '?error=1');
exit();
}
}
}
else
{
refresh($ilpage['login'] . '?error=1', HTTPS_SERVER_ADMIN . $ilpage['login'] . '?error=1');
exit();
}
}
// #### RENEW PASSWORD #########################################################
if (isset($ilance->GPC['cmd']) AND $ilance->GPC['cmd'] == '_pw-renew')
{
$area_title = $phrase['_request_account_password'];
$page_title = SITE_NAME.' - '.$phrase['_request_account_password'];
// javascript header includes
$headinclude .= '
<script type="text/javascript">
<!--
function validatePWR(f)
{
haveerrors = 0;
(f.username.value.length < 1) ? showImage("usernameerror", "'.$ilconfig['template_relativeimagepath'].$ilconfig['template_imagesfolder'].'misc/fieldempty.gif", true) : showImage("usernameerror", "'.$ilconfig['template_relativeimagepath'].$ilconfig['template_imagesfolder'].'misc/blankimage.gif", false);
(f.phone.value.length < 1) ? showImage("phoneerror", "'.$ilconfig['template_relativeimagepath'].$ilconfig['template_imagesfolder'].'misc/fieldempty.gif", true) : showImage("phoneerror", "'.$ilconfig['template_relativeimagepath'].$ilconfig['template_imagesfolder'].'misc/blankimage.gif", false);
return (!haveerrors);
}
// -->
</script>
';
$ilance->template->load_file('main', 'password_renewal_login.html');
$ilance->template->parse_hash('main', array('ilpage' => $ilpage));
$ilance->template->parse_if_blocks('main');
$ilance->template->pprint('main', array('userid','input_style','remote_addr','rid','login_include','bgcolor','headinclude','onload','area_title','page_title','site_name','https_server','http_server','lanceads_header','lanceads_footer'));
exit();
}
else if (isset($ilance->GPC['cmd']) AND $ilance->GPC['cmd'] == '_do-pw-request'
AND isset($ilance->GPC['username']))
{
$username = strip_tags(mysql_real_escape_string($ilance->GPC['username']));
$phone = strip_tags(mysql_real_escape_string(trim($ilance->GPC['phone'])));
$sql = $ilance->db->query("SELECT email, username, secretquestion, phone FROM ".DB_PREFIX."users
WHERE username = '".$username."'
AND phone LIKE ('%".$phone."%')");
if ($ilance->db->num_rows($sql) > 0)
{
$res = $ilance->db->fetch_array($sql);
$email = $res['email'];
$secret_question = stripslashes($res['secretquestion']);
$username = stripslashes($res['username']);
$area_title = $phrase['_change_account_password_verification'];
$page_title = SITE_NAME.' - '.$phrase['_change_account_password_verification'];
$headinclude .= '
<script type="text/javascript">
<!--
function validateSAForm(f)
{
haveerrors = 0;
(f.secretanswer.value.length < 1) ? showImage("secretanswererror", "'.$ilconfig['template_relativeimagepath'].$ilconfig['template_imagesfolder'].'misc/fieldempty.gif", true) : showImage("secretanswererror", "'.$ilconfig['template_relativeimagepath'].$ilconfig['template_imagesfolder'].'misc/blankimage.gif", false);
return (!haveerrors);
}
//-->
</script>';
$ilance->template->load_file('main', 'password_change.html');
$ilance->template->parse_hash('main', array('ilpage' => $ilpage));
$ilance->template->parse_if_blocks('main');
$ilance->template->pprint('main', array('username','secret_question','userid','input_style','remote_addr','rid','login_include','bgcolor','headinclude','onload','area_title','page_title','site_name','https_server','http_server','lanceads_header','lanceads_footer'));
exit();
}
else
{
$area_title = $phrase['_request_account_password_denied'];
$page_title = SITE_NAME.' - '.$phrase['_request_account_password_denied'];
// javascript header includes
$headinclude .= '
<script type="text/javascript">
<!--
function validatePWR(f)
{
haveerrors = 0;
(f.username.value.length < 1) ? showImage("usernameerror", "'.$ilconfig['template_relativeimagepath'].$ilconfig['template_imagesfolder'].'misc/fieldempty.gif", true) : showImage("usernameerror", "'.$ilconfig['template_relativeimagepath'].$ilconfig['template_imagesfolder'].'misc/blankimage.gif", false);
(f.phone.value.length < 1) ? showImage("phoneerror", "'.$ilconfig['template_relativeimagepath'].$ilconfig['template_imagesfolder'].'misc/fieldempty.gif", true) : showImage("phoneerror", "'.$ilconfig['template_relativeimagepath'].$ilconfig['template_imagesfolder'].'misc/blankimage.gif", false);
return (!haveerrors);
}
//-->
</script>';
$ilance->template->load_file('main', 'password_renewal_denied.html');
$ilance->template->parse_hash('main', array('ilpage' => $ilpage));
$ilance->template->parse_if_blocks('main');
$ilance->template->pprint('main', array('userid','input_style','remote_addr','rid','login_include','bgcolor','headinclude','onload','area_title','page_title','site_name','https_server','http_server','lanceads_header','lanceads_footer'));
exit();
}
}
else if (isset($ilance->GPC['cmd']) AND $ilance->GPC['cmd'] == 'password-change'
AND isset($ilance->GPC['secretanswer'])
AND isset($ilance->GPC['username']))
{
$secretanswer = strip_tags(mysql_real_escape_string($ilance->GPC['secretanswer']));
$secretanswermd5 = md5($secretanswer);
$username = strip_tags(mysql_real_escape_string($ilance->GPC['username']));
$sql = $ilance->db->query("SELECT user_id, secretanswer, email FROM ".DB_PREFIX."users
WHERE username = '".$username."'
LIMIT 1");
if ($ilance->db->num_rows($sql) > 0)
{
$res = $ilance->db->fetch_array($sql);
$email = $res['email'];
$userid = $res['user_id'];
$secretanswerdb = stripslashes($res['secretanswer']);
}
else
{
$area_title = $phrase['_request_account_password_denied'];
$page_title = SITE_NAME.' - '.$phrase['_request_account_password_denied'];
// javascript header includes
$headinclude .= '
<script type="text/javascript">
<!--
function validatePWR(f)
{
haveerrors = 0;
(f.username.value.length < 1) ? showImage("usernameerror", "'.$ilconfig['template_relativeimagepath'].$ilconfig['template_imagesfolder'].'misc/fieldempty.gif", true) : showImage("usernameerror", "'.$ilconfig['template_relativeimagepath'].$ilconfig['template_imagesfolder'].'misc/blankimage.gif", false);
(f.phone.value.length < 1) ? showImage("phoneerror", "'.$ilconfig['template_relativeimagepath'].$ilconfig['template_imagesfolder'].'misc/fieldempty.gif", true) : showImage("phoneerror", "'.$ilconfig['template_relativeimagepath'].$ilconfig['template_imagesfolder'].'misc/blankimage.gif", false);
return (!haveerrors);
}
//-->
</script>';
$ilance->template->load_file('main', 'password_renewal_denied.html');
$ilance->template->parse_hash('main', array('ilpage' => $ilpage));
$ilance->template->parse_if_blocks('main');
$ilance->template->pprint('main', array('userid','input_style','remote_addr','rid','login_include','bgcolor','headinclude','onload','area_title','page_title','site_name','https_server','http_server','lanceads_header','lanceads_footer'));
exit();
}
if ($secretanswermd5 == $secretanswerdb)
{
$salt = construct_password_salt($length = 5);
$newpassword = construct_password(8);
$newpasswordmd5 = md5(md5($newpassword) . $salt);
$ilance->db->query("UPDATE ".DB_PREFIX."users
SET password = '".mysql_real_escape_string($newpasswordmd5)."',
salt = '".mysql_real_escape_string($salt)."'
WHERE user_id = '".intval($userid)."'
LIMIT 1");
#######################################
## ILANCE => EMAIL TEMPLATE ENGINE V1.0
#######################################
## GRAB EMAIL: ID=84, NAME=Password Recovery Renewed - Customer
$query1="SELECT ";
$query1.="subject_".$_SESSION['ilancedata']['user']['slng'].", ";
$query1.="message_".$_SESSION['ilancedata']['user']['slng']." ";
$query1.="FROM ";
$query1.=DB_PREFIX."email ";
$query1.="WHERE ";
$query1.="varname='password_renewed'";
$runit=$ilance->db->query($query1);
$rs1=$ilance->db->fetch_array($runit);
$subject=stripslashes(trim($rs1[0]));
$message=stripslashes(trim($rs1[1]));
$subject=str_replace("{{username}}", $username, $subject);
$subject=str_replace("{{site_name}}", SITE_NAME, $subject);
$subject=str_replace("{{https_server}}", HTTPS_SERVER, $subject);
$subject=str_replace("{{http_server}}", HTTP_SERVER, $subject);
$subject=str_replace("{{generate_date}}", apiDate(DATETIME24H, $ilconfig['globalserverlocale_globaltimeformat'], 0, 0), $subject);
$message=str_replace("{{username}}", $username, $message);
$message=str_replace("{{password}}", $newpassword, $message);
$message=str_replace("{{site_name}}", SITE_NAME, $message);
$message=str_replace("{{site_title}}", SITE_TITLE, $message);
$message=str_replace("{{site_email}}", SITE_EMAIL, $message);
$message=str_replace("{{site_phone}}", SITE_PHONE, $message);
$message=str_replace("{{site_address}}", SITE_ADDRESS, $message);
$message=str_replace("{{http_server_admin}}", HTTP_SERVER_ADMIN, $message);
$message=str_replace("{{https_server_admin}}", HTTPS_SERVER_ADMIN, $message);
$message=str_replace("{{https_server}}", HTTPS_SERVER, $message);
$message=str_replace("{{http_server}}", HTTP_SERVER, $message);
$message=str_replace("{{generate_date}}", apiDate(DATETIME24H, $ilconfig['globalserverlocale_globaltimeformat'], 0, 0), $message);
$message=str_replace("{{email_id}}", "84", $message);
api_email($email, $subject, $message, SITE_EMAIL);
$area_title = $phrase['_account_password_renewal_success'];
$page_title = SITE_NAME.' - '.$phrase['_account_password_renewal_success'];
print_notice($phrase['_your_account_password_was_changed'], $phrase['_you_have_successfully_renewed_the_password_for_your_online_account'], $ilpage['login'], $phrase['_login_to_your_account']);
exit();
}
else
{
$username = strip_tags(mysql_real_escape_string($ilance->GPC['username']));
$sql = $ilance->db->query("SELECT email FROM ".DB_PREFIX."users
WHERE username = '".$username."'");
if ($ilance->db->num_rows($sql) > 0)
{
$res = $ilance->db->fetch_array($sql);
$email = $res['email'];
$ip = $_SERVER['REMOTE_ADDR'];
$agent = $_SERVER['HTTP_USER_AGENT'];
#######################################
## ILANCE => EMAIL TEMPLATE ENGINE V1.0
#######################################
## GRAB EMAIL: ID=192, NAME=Password Recovery Attempt Denied - Customer
$query1="SELECT ";
$query1.="subject_".$_SESSION['ilancedata']['user']['slng'].", ";
$query1.="message_".$_SESSION['ilancedata']['user']['slng']." ";
$query1.="FROM ";
$query1.=DB_PREFIX."email ";
$query1.="WHERE ";
$query1.="varname='password_recovery_denied'";
$runit=$ilance->db->query($query1);
$rs1=$ilance->db->fetch_array($runit);
$subject=stripslashes(trim($rs1[0]));
$message=stripslashes(trim($rs1[1]));
$subject=str_replace("{{username}}", $username, $subject);
$subject=str_replace("{{ipaddress}}", $ip, $subject);
$subject=str_replace("{{site_name}}", SITE_NAME, $subject);
$subject=str_replace("{{https_server}}", HTTPS_SERVER, $subject);
$subject=str_replace("{{http_server}}", HTTP_SERVER, $subject);
$subject=str_replace("{{generate_date}}", apiDate(DATETIME24H, $ilconfig['globalserverlocale_globaltimeformat'], 0, 0), $subject);
$message=str_replace("{{username}}", $username, $message);
$message=str_replace("{{ipaddress}}", $ip, $message);
$message=str_replace("{{agent}}", $agent, $message);
$message=str_replace("{{site_name}}", SITE_NAME, $message);
$message=str_replace("{{site_title}}", SITE_TITLE, $message);
$message=str_replace("{{site_email}}", SITE_EMAIL, $message);
$message=str_replace("{{site_phone}}", SITE_PHONE, $message);
$message=str_replace("{{site_address}}", SITE_ADDRESS, $message);
$message=str_replace("{{http_server_admin}}", HTTP_SERVER_ADMIN, $message);
$message=str_replace("{{https_server_admin}}", HTTPS_SERVER_ADMIN, $message);
$message=str_replace("{{https_server}}", HTTPS_SERVER, $message);
$message=str_replace("{{http_server}}", HTTP_SERVER, $message);
$message=str_replace("{{generate_date}}", apiDate(DATETIME24H, $ilconfig['globalserverlocale_globaltimeformat'], 0, 0), $message);
$message=str_replace("{{email_id}}", "192", $message);
api_email($email, $subject, $message, SITE_EMAIL);
$area_title = $phrase['_request_account_password_denied'];
$page_title = SITE_NAME.' - '.$phrase['_request_account_password_denied'];
// javascript header includes
$headinclude .= '
<script type="text/javascript">
<!--
function validatePWR(f)
{
haveerrors = 0;
(f.username.value.length < 1) ? showImage("usernameerror", "'.$ilconfig['template_relativeimagepath'].$ilconfig['template_imagesfolder'].'misc/fieldempty.gif", true) : showImage("usernameerror", "'.$ilconfig['template_relativeimagepath'].$ilconfig['template_imagesfolder'].'misc/blankimage.gif", false);
(f.phone.value.length < 1) ? showImage("phoneerror", "'.$ilconfig['template_relativeimagepath'].$ilconfig['template_imagesfolder'].'misc/fieldempty.gif", true) : showImage("phoneerror", "'.$ilconfig['template_relativeimagepath'].$ilconfig['template_imagesfolder'].'misc/blankimage.gif", false);
return (!haveerrors);
}
// -->
</script>';
$ilance->template->load_file('main', 'password_renewal_denied.html');
$ilance->template->parse_hash('main', array('ilpage' => $ilpage));
$ilance->template->parse_if_blocks('main');
$ilance->template->pprint('main', array('userid','input_style','remote_addr','rid','login_include','bgcolor','headinclude','onload','area_title','page_title','site_name','https_server','http_server','lanceads_header','lanceads_footer'));
exit();
}
else
{
$area_title = $phrase['_request_account_password_denied'];
$page_title = SITE_NAME.' - '.$phrase['_request_account_password_denied'];
// javascript header includes
$headinclude .= '
<script type="text/javascript">
<!--
function validatePWR(f)
{
haveerrors = 0;
s(f.username.value.length < 1) ? showImage("usernameerror", "'.$ilconfig['template_relativeimagepath'].$ilconfig['template_imagesfolder'].'misc/fieldempty.gif", true) : showImage("usernameerror", "'.$ilconfig['template_relativeimagepath'].$ilconfig['template_imagesfolder'].'misc/blankimage.gif", false);
(f.phone.value.length < 1) ? showImage("phoneerror", "'.$ilconfig['template_relativeimagepath'].$ilconfig['template_imagesfolder'].'misc/fieldempty.gif", true) : showImage("phoneerror", "'.$ilconfig['template_relativeimagepath'].$ilconfig['template_imagesfolder'].'misc/blankimage.gif", false);
return (!haveerrors);
}
// -->
</script>';
$ilance->template->load_file('main', 'password_renewal_denied.html');
$ilance->template->parse_hash('main', array('ilpage' => $ilpage));
$ilance->template->parse_if_blocks('main');
$ilance->template->pprint('main', array('userid','input_style','remote_addr','rid','login_include','bgcolor','headinclude','onload','area_title','page_title','site_name','https_server','http_server','lanceads_header','lanceads_footer'));
exit();
}
}
}
else
{
if(empty($_COOKIE['ilancedata']['username']))
$onload='document.login.username.focus();';
else
$onload='document.login.password.focus();';
if (!empty($_SESSION['ilancedata']['user']['userid']) AND $_SESSION['ilancedata']['user']['userid'] > 0)
{
$area_title = $phrase['_already_logged_in_menu'];
$page_title = SITE_NAME.' - '.$phrase['_already_logged_in_menu'];
refresh($ilpage['main']);
exit();
}
else
{
$area_title = $phrase['_login_area_menu'];
$page_title = SITE_NAME.' - '.$phrase['_login_area_menu'];
if (!empty($_COOKIE[$ilconfig['globalsecurity_cookiename']]['rid']))
{
$rid = trim($_COOKIE[$ilconfig['globalsecurity_cookiename']]['rid']);
}
$user_cookie = '';
if (!empty($_COOKIE[$ilconfig['globalsecurity_cookiename']]['username']))
{
$user_cookie = $ilance->crypt->three_layer_decrypt($_COOKIE[$ilconfig['globalsecurity_cookiename']]['username'], $ilconfig['key1'], $ilconfig['key2'], $ilconfig['key3']);
}
$ilance->template->load_file('main', 'login.html');
$ilance->template->parse_hash('main', array('ilpage' => $ilpage));
$ilance->template->parse_if_blocks('main');
$ilance->template->pprint('main', array('remember_checked','formid','input_style','redirect','referer','securekey_hidden','rid','login','user_cookie','enter_username','enter_password','buyer_login','seller_login','clientip','rem_cookies','how_t','in_y','place_bids','register_as_provider','register_as_buyer','retreive_password','login_include','headinclude','onload','area_title','page_title','site_name','https_server','http_server','lanceads_header','lanceads_footer'));
exit();
}
}
?>