what to look for?

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
esmarts
Forum Newbie
Posts: 14
Joined: Fri Aug 08, 2008 10:05 pm

what to look for?

Post by esmarts »

OK
I know some of the changes from php4 to php5 and most of them are minor ones with no effect really with the output of php4 scripts running in php5

But I am getting a login redirect loop

Login query's the DB and verifies login credentials

then redirects to the member page

then redirects back to the login page!

What functions should I look for that would be not working in a php5 environment.
The script runs flawless in php4....


Here is the login page

Code: Select all

<?php
 
$phrase['groups'] = array(
'preferences');
 
define('LOCATION','login');
define('MD5_INCLUDE','md5');
 
require_once('./functions/core.config.inc.php');
$navcrumb = array("$ilpage[login]" => $ilcrumbs["$ilpage[login]"]);
 
// #### MEMBER LOGIN PROCESS ###################################################
$redirect = isset($ilance->GPC['redirect']) ? $ilance->GPC['redirect'] : '';
if (isset($ilance->GPC['login_process']) AND $ilance->GPC['login_process'] == 1)
{
    $area_title = $phrase['_submitting_login_information'].' . .';
    $page_title = SITE_NAME.' - '.$phrase['_submitting_login_information'];
    $badusername = 1;
    $badpassword = 1;
    if (!empty($ilance->GPC['username']))
    {
        $sqluser = $ilance->db->query("SELECT * FROM ".DB_PREFIX."users
        WHERE username = '".mysql_real_escape_string($ilance->GPC['username'])."'
        LIMIT 1");
        if ($ilance->db->num_rows($sqluser) > 0)
        {
            $user_result = $ilance->db->fetch_array($sqluser);
            $badusername = 0;
            $badpassword = 0;
            if ($user_result['password'] != iif($ilance->GPC['password'] AND !$ilance->GPC['md5pass'], md5(md5($ilance->GPC['password']) . $user_result['salt']), '') AND $user_result['password'] != md5($ilance->GPC['md5pass'] . $user_result['salt']) AND $user_result['password'] != iif($ilance->GPC['md5pass_utf'], md5($ilance->GPC['md5pass_utf'] . $user_result['salt']), ''))
            {
                $badpassword = 1;
            }
        }
        if ($badusername == 0 AND $badpassword == 0)
        {
            // update last seen for this member
            $ilance->db->query("UPDATE ".DB_PREFIX."users
            SET lastseen = '".DATETIME24H."'
            WHERE user_id = '".$user_result['user_id']."'
            LIMIT 1");
            
            // default subscription params
            $subscription_result['subscriptionid'] = 0;
            $subscription_result['active'] = 'no';
            $subscription_plan_result['cost'] = 0;
            
            // fetch user subscription infos
            $sql_subscription_user = $ilance->db->query("SELECT * FROM ".DB_PREFIX."subscription_user
            WHERE user_id = '".$user_result['user_id']."'
            LIMIT 1");
            if ($ilance->db->num_rows($sql_subscription_user) > 0)
            {
                $subscription_result = $ilance->db->fetch_array($sql_subscription_user);
                $sql_subscription_plan = $ilance->db->query("SELECT * FROM ".DB_PREFIX."subscription
                WHERE subscriptionid = '".$subscription_result['subscriptionid']."'
                LIMIT 1");
                if ($ilance->db->num_rows($sql_subscription_plan) > 0)
                {
                    $subscription_plan_result = $ilance->db->fetch_array($sql_subscription_plan);
                }
            }
            if ($user_result['status'] == 'active')
            {
                $sql_prefs = $ilance->db->query("SELECT * FROM ".DB_PREFIX."preferences
                WHERE user_id = '".$user_result['user_id']."'
                LIMIT 1");
                $pref_result = $ilance->db->fetch_array($sql_prefs);
                                    
                $sel_currencies = $ilance->db->query("SELECT * FROM ".DB_PREFIX."currency
                WHERE currency_id = '".$pref_result['currencyid']."'
                LIMIT 1");
                $res_currencies = $ilance->db->fetch_array($sel_currencies);
                                
                // are we still logged in as admin?
                if (!empty($_SESSION['ilancedata']['admin']) AND is_array($_SESSION['ilancedata']['admin']))
                {
                    // globalize user
                    $_SESSION['ilancedata']['user'] = array(
                    // customer
                    "sessionid" => session_id(),
                    "status" => $user_result['status'],
                    "userid" => intval($user_result['user_id']),
                    "username" => stripslashes($user_result['username']),
                    "password" => $user_result['password'],
                    "salt" => $user_result['salt'],
                    "email" => $user_result['email'],
                    "firstname" => stripslashes($user_result['first_name']),
                    "lastname" => stripslashes($user_result['last_name']),
                    "fullname" => $user_result['first_name'] . ' ' . $user_result['last_name'],
                    "address" => ucwords(stripslashes($user_result['address'])),
                    "address2" => ucwords(stripslashes($user_result['address2'])),
                    "fulladdress" => ucwords(stripslashes($user_result['address'])) . ' ' . ucwords(stripslashes($user_result['address2'])),
                    "city" => ucwords(stripslashes($user_result['city'])),
                    "state" => ucwords(stripslashes($user_result['state'])),
                    "postalzip" => strtoupper(trim($user_result['zip_code'])),
                    "countryid" => intval($user_result['country']),
                    "lastseen" => $user_result['lastseen'],
                    "ipaddress" => $user_result['ipaddress'],
                    "iprestrict" => $user_result['iprestrict'],
                    "auctiondelists" => intval($user_result['auctiondelists']),
                    "bidretracts" => intval($user_result['bidretracts']),
                    "warnings" => intval($user_result['warnings']),
                    "warningbans" => intval($user_result['warning_bans']),
                    "warninglevel" => intval($user_result['warning_level']),
                    // referral code
                    "ridcode" => $user_result['rid'],
                    // date of birth
                    "dob" => $user_result['dob'],
                    // customer ratings
                    "serviceawards" => intval($user_result['serviceawards']),
                    "productawards" => intval($user_result['productawards']),
                    "servicerating" => $user_result['servicerating'],
                    "productrating" => $user_result['productrating'],
                    "buyingservicerating" => $user_result['buyingservicerating'],
                    "buyingproductrating" => $user_result['buyingproductrating'],
                    // customer preferences
                    "languageid" => intval($pref_result['languageid']),
                    "timezoneid" => intval($pref_result['timezoneid']),
                    "timezonedst" => $pref_result['timezone_dst'],
                    "distance" => $pref_result['project_distance'],
                    "emailnotify" => intval($pref_result['emailnotify']),
                    "companyname" => stripslashes($pref_result['companyname']),
                    // customer subscription
                    "roleid" => intval($subscription_result['roleid']),
                    "subscriptionid" => intval($subscription_result['subscriptionid']),
                    "cost" => $subscription_plan_result['cost'],
                    "active" => $subscription_result['active'],
                    // customer currency
                    "currencyid" => intval($pref_result['currencyid']),
                    "currencyname" => stripslashes($res_currencies['currency_name']),
                    "currencysymbol" => $ilance->currency->currencies[$pref_result['currencyid']]['symbol_left'],
                    "currencyabbrev" => strtoupper($res_currencies['currency_abbrev']));    
                }
                else
                {
                    // globalize user
                    $_SESSION['ilancedata'] = array(
                    "user" => array(
                    // customer
                    "sessionid" => session_id(),
                    "status" => $user_result['status'],
                    "userid" => intval($user_result['user_id']),
                    "username" => stripslashes($user_result['username']),
                    "password" => $user_result['password'],
                    "salt" => $user_result['salt'],
                    "email" => $user_result['email'],
                    "firstname" => stripslashes($user_result['first_name']),
                    "lastname" => stripslashes($user_result['last_name']),
                    "fullname" => $user_result['first_name'] . ' ' . $user_result['last_name'],
                    "address" => ucwords(stripslashes($user_result['address'])),
                    "address2" => ucwords(stripslashes($user_result['address2'])),
                    "fulladdress" => ucwords(stripslashes($user_result['address'])) . ' ' . ucwords(stripslashes($user_result['address2'])),
                    "city" => ucwords(stripslashes($user_result['city'])),
                    "state" => ucwords(stripslashes($user_result['state'])),
                    "postalzip" => strtoupper(trim($user_result['zip_code'])),
                    "countryid" => intval($user_result['country']),
                    "lastseen" => $user_result['lastseen'],
                    "ipaddress" => $user_result['ipaddress'],
                    "iprestrict" => $user_result['iprestrict'],
                    "auctiondelists" => intval($user_result['auctiondelists']),
                    "bidretracts" => intval($user_result['bidretracts']),
                    "warnings" => intval($user_result['warnings']),
                    "warningbans" => intval($user_result['warning_bans']),
                    "warninglevel" => intval($user_result['warning_level']),
                    // referral code
                    "ridcode" => $user_result['rid'],
                    // date of birth
                    "dob" => $user_result['dob'],
                    // customer ratings
                    "serviceawards" => intval($user_result['serviceawards']),
                    "productawards" => intval($user_result['productawards']),
                    "servicerating" => $user_result['servicerating'],
                    "productrating" => $user_result['productrating'],
                    "buyingservicerating" => $user_result['buyingservicerating'],
                    "buyingproductrating" => $user_result['buyingproductrating'],
                    // customer preferences
                    "languageid" => intval($pref_result['languageid']),
                    "timezoneid" => intval($pref_result['timezoneid']),
                    "timezonedst" => $pref_result['timezone_dst'],
                    "distance" => $pref_result['project_distance'],
                    "emailnotify" => intval($pref_result['emailnotify']),
                    "companyname" => stripslashes($pref_result['companyname']),
                    // customer subscription
                    "roleid" => intval($subscription_result['roleid']),
                    "subscriptionid" => intval($subscription_result['subscriptionid']),
                    "cost" => $subscription_plan_result['cost'],
                    "active" => $subscription_result['active'],
                    // customer currency
                    "currencyid" => intval($pref_result['currencyid']),
                    "currencyname" => stripslashes($res_currencies['currency_name']),
                    "currencysymbol" => $ilance->currency->currencies[$pref_result['currencyid']]['symbol_left'],
                    "currencyabbrev" => strtoupper($res_currencies['currency_abbrev'])));
                }
 
 
                // create remember me cookies for user (used for auto-site logins)
                if (isset($ilance->GPC['remember']) AND $ilance->GPC['remember'])
                {
                    setcookie($ilconfig['globalsecurity_cookiename'].'[userid]', $ilance->crypt->three_layer_encrypt($_SESSION['ilancedata']['user']['userid'], $ilconfig['key1'], $ilconfig['key2'], $ilconfig['key3']), TIMESTAMPNOW+31622400, '/', '');
                    setcookie($ilconfig['globalsecurity_cookiename'].'[password]', $ilance->crypt->three_layer_encrypt($_SESSION['ilancedata']['user']['password'], $ilconfig['key1'], $ilconfig['key2'], $ilconfig['key3']), TIMESTAMPNOW+31622400, '/', '');
                    setcookie($ilconfig['globalsecurity_cookiename'].'[username]', $ilance->crypt->three_layer_encrypt($_SESSION['ilancedata']['user']['username'], $ilconfig['key1'], $ilconfig['key2'], $ilconfig['key3']), TIMESTAMPNOW+31622400, '/', '');
                }
                
                // remember users last visit and last hit activity
                setcookie($ilconfig['globalsecurity_cookiename'].'[lastvisit]', DATETIME24H, TIMESTAMPNOW+31622400, '/', '');
                setcookie($ilconfig['globalsecurity_cookiename'].'[lastactivity]', DATETIME24H, TIMESTAMPNOW+31622400, '/', '');
                if (!empty($redirect))
                {
                    refresh($redirect);
                    exit();
                }
                else if (!empty($pref_result['start_page']))
                {
                    refresh($pref_result['start_page'] . $ilconfig['globalsecurity_extensionmime']);
                    exit();
                }
                else
                {
                    refresh($ilpage['main']."?cmd=cp");
                    exit();
                }
            }
            else if ($user_result['status'] == "suspended")
            {
                refresh($ilpage['login'].'?error=suspended');   
                exit();
            }
            else if ($user_result['status'] == "cancelled")
            {
                refresh($ilpage['login'].'?error=cancelled');   
                exit();
            }
            else if ($user_result['status'] == "unverified")
            {
                refresh($ilpage['login'].'?error=unverified');
                exit();
            }
            elseif ($user_result['status'] == "moderated")
            {
                refresh($ilpage['login'].'?error=moderated');
                exit();
            }
            else if ($user_result['status'] == "banned")
            {
                // aparently, this user appears to be banned
                if (isset($show['warnings']) AND $show['warnings'])
                {
                    if (!empty($user_result['user_id']) AND $user_result['user_id'] > 0)
                    {
                        $sqlb = $ilance->db->query("SELECT * FROM ".DB_PREFIX."warnings_bans
                        WHERE banuserid = '".intval($user_result['user_id'])."'
                        AND banstatus = '1'
                        LIMIT 1");
                        if ($ilance->db->num_rows($sqlb) > 0)
                        {
                            $resban = $ilance->db->fetch_array($sqlb);
                            $datesplit = explode('-', $resban['banliftdate']);
                            $daysleft = $ilance->datetime->fetch_days_between(gmdate('m'), gmdate('d'), gmdate('Y'), $datesplit[1], $datesplit[2], $datesplit[0]);
                            print_notice($phrase['_you_have_been_banned_from_the_marketplace'], $phrase['_you_have_been_banned_from_the_marketplace'].".  You have <strong>$daysleft</strong> days remaining for this ban to mature.<br />If you would like to dispute this ban, contact our staff.", $ilpage['main'].'?cmd=contact&subcmd=banned', $phrase['_contact_customer_support']);
                            exit();
                        }
                        else 
                        {
                            print_notice($phrase['_you_have_been_banned_from_the_marketplace'], $phrase['_you_have_been_banned_from_the_marketplace'].".<br />If you would like to dispute this ban, contact our staff.", $ilpage['main'].'?cmd=contact&subcmd=banned', $phrase['_contact_customer_support']);
                            exit();
                        }
                    }
                }
                else 
                {
                    print_notice($phrase['_you_have_been_banned_from_the_marketplace'], $phrase['_you_have_been_banned_from_the_marketplace'].".<br />If you would like to dispute this ban, contact our staff.", $ilpage['main'].'?cmd=contact&subcmd=banned', $phrase['_contact_customer_support']);
                    exit();
                }
            }
            else
            {
                refresh($ilpage['login'].'?error=1');
                exit();
            }
        }
        else
        {
            if ($ilconfig['globalsecurity_emailonfailedlogins'])
            {
                // count number of login attempts
                $sel_attempts = $ilance->db->query("SELECT COUNT(*) AS num_attempts FROM ".DB_PREFIX."failed_logins
                WHERE attempted_username = '".mysql_real_escape_string($ilance->GPC['username'])."'");
                $sel_attempts_array = $ilance->db->fetch_array($sel_attempts);
                if ($sel_attempts_array['num_attempts'] >= $ilconfig['globalsecurity_numfailedloginattempts'])
                {
                    // to be added: check if this user is actually a user, if so
                    // send them an email also informing them of a suspicious hack attempt
                }
                $ilance->db->query("INSERT INTO ".DB_PREFIX."failed_logins
                (id, attempted_username, attempted_password, referrer_page, ip_address, datetime_failed)
                VALUES(
                NULL,
                '".mysql_real_escape_string($ilance->GPC['username'])."',
                '".mysql_real_escape_string($ilance->GPC['password'])."',
                '".mysql_real_escape_string($_SERVER['HTTP_REFERER'])."',
                '".mysql_real_escape_string($_SERVER['REMOTE_ADDR'])."',
                '".DATETIME24H."')");
                
                ######################################
                # ILANCE => EMAIL TEMPLATE ENGINE V1.0
                ######################################
                # GRAB EMAIL: ID=76, NAME=Failed Login Attempt - Admin
                $query1="SELECT ";
                $query1.="subject_".fetch_site_slng().", ";
                $query1.="message_".fetch_site_slng()." ";
                $query1.="FROM ";
                $query1.=DB_PREFIX."email ";
                $query1.="WHERE ";
                $query1.="varname='failed_login_attempt_admin'";
                $runit=$ilance->db->query($query1);
                $rs1=$ilance->db->fetch_array($runit);
                
                $subject=stripslashes(trim($rs1[0]));
                $message=stripslashes(trim($rs1[1]));
                
                $subject=str_replace("{{remote_addr}}", mysql_real_escape_string($_SERVER['REMOTE_ADDR']), $subject);
                $subject=str_replace("{{num_attempts}}", $sel_attempts_array['num_attempts'], $subject);
                $subject=str_replace("{{date_time}}", DATETIME24H, $subject);
                $subject=str_replace("{{referrer}}", mysql_real_escape_string($_SERVER['HTTP_REFERER']), $subject);
                $subject=str_replace("{{username}}", $ilance->GPC['username'], $subject);
                $subject=str_replace("{{password}}", $ilance->GPC['password'], $subject);
                $subject=str_replace("{{site_name}}", SITE_NAME, $subject);
                $subject=str_replace("{{https_server}}", HTTPS_SERVER, $subject);
                $subject=str_replace("{{http_server}}", HTTP_SERVER, $subject);
                $subject=str_replace("{{generate_date}}", apiDate(DATETIME24H, $ilconfig['globalserverlocale_globaltimeformat'], 0, 0), $subject);
 
                $message=str_replace("{{remote_addr}}", mysql_real_escape_string($_SERVER['REMOTE_ADDR']), $message);
                $message=str_replace("{{num_attempts}}", $sel_attempts_array['num_attempts'], $message);
                $message=str_replace("{{date_time}}", DATETIME24H, $message);
                $message=str_replace("{{referrer}}", mysql_real_escape_string($_SERVER['HTTP_REFERER']), $message);
                $message=str_replace("{{username}}", $ilance->GPC['username'], $message);
                $message=str_replace("{{password}}", $ilance->GPC['password'], $message);
                $message=str_replace("{{site_name}}", SITE_NAME, $message);
                $message=str_replace("{{site_title}}", SITE_TITLE, $message);
                $message=str_replace("{{site_email}}", SITE_EMAIL, $message);
                $message=str_replace("{{site_phone}}", SITE_PHONE, $message);
                $message=str_replace("{{site_address}}", SITE_ADDRESS, $message);
                $message=str_replace("{{http_server_admin}}", HTTP_SERVER_ADMIN, $message);
                $message=str_replace("{{https_server_admin}}", HTTPS_SERVER_ADMIN, $message);
                $message=str_replace("{{https_server}}", HTTPS_SERVER, $message);
                $message=str_replace("{{http_server}}", HTTP_SERVER, $message);
                $message=str_replace("{{generate_date}}", apiDate(DATETIME24H, $ilconfig['globalserverlocale_globaltimeformat'], 0, 0), $message);
                $message=str_replace("{{email_id}}", "76", $message);
                api_email(SITE_EMAIL, $subject,$message, SITE_EMAIL);
                refresh($ilpage['login'].'?error=1');   
                exit();
            }
            else
            {
                refresh($ilpage['login'].'?error=1');
                exit(); 
            }
        }
    }
    else
    {
        refresh($ilpage['login'].'?error=1');
        exit(); 
    }
}
 
// #### MEMBER LOGOUT REQUEST ##################################################
if (isset($ilance->GPC['cmd']) AND $ilance->GPC['cmd'] == '_logout')
{
    $area_title = $phrase['_logging_out_of_marketplace'];
    $page_title = $phrase['_logging_out_of_marketplace'];
 
    // keep last visit and last activity cookie .-)
    setcookie($ilconfig['globalsecurity_cookiename'].'[lastvisit]', DATETIME24H, TIMESTAMPNOW+31556926, '/', '');
    setcookie($ilconfig['globalsecurity_cookiename'].'[lastactivity]', DATETIME24H, TIMESTAMPNOW+31622400, '/', '');
    
    // expire member specific cookies so the marketplace doesn't re-login user in automatically
        // leave username cookie alone so the marketplace can greet the member by username (login, breadcrumb, etc)
    setcookie($ilconfig['globalsecurity_cookiename'].'[userid]', '', 0, '/', '');
    setcookie($ilconfig['globalsecurity_cookiename'].'[password]', '', 0, '/', '');
    
    // expire any checkboxes selected in this session
    setcookie('ilance_inlineproduct', '', 0, '/', '');
    setcookie('ilance_inlineservice', '', 0, '/', '');
    setcookie('ilance_inlineprovider', '', 0, '/', '');
    
 
    if (!empty($_SESSION['ilancedata']['admin']) AND is_array($_SESSION['ilancedata']['admin']))
    {
        // destroy partial member session
        // we are a user requesting to logout but we're also logged in as an admin in another window..
        // if we destroy entire session then the admin session is also lost.. :(
        // to avoid this let's just flush out the user session array and leave
        // the admin session in tact
        $_SESSION['ilancedata']['user'] = '';
        $_SESSION['ilancedata']['user'] = array();
    }
    else
    {
        // destroy entire member session
        session_unset();
        $ilance->sessions->sess_destroy(session_id());
        session_destroy();  
    }
    
        // refresh page to set new sessions to empty values
    refresh($ilpage['login']);
    exit();
}
 
// #### ADMINCP LOGIN HANDLER ##################################################
else if (isset($ilance->GPC['login_process']) AND $ilance->GPC['login_process'] == 2)
{
    $area_title = $phrase['_submitting_login_information'].' . .';
    $page_title = SITE_NAME.' - '.$phrase['_submitting_login_information'];
    $badusername = 1;
    $badpassword = 1;
    if (isset($ilance->GPC['username']))
    {
        $sqluser = $ilance->db->query("SELECT * FROM ".DB_PREFIX."admin
        WHERE username = '".mysql_real_escape_string($ilance->GPC['username'])."'
        LIMIT 1");
        if ($ilance->db->num_rows($sqluser) > 0)
        {
            $user_result = $ilance->db->fetch_array($sqluser);
            $badusername = 0;
            $badpassword = 0;
            if ($user_result['password'] != iif($ilance->GPC['password'] AND !$ilance->GPC['md5pass'], md5(md5($ilance->GPC['password']) . $user_result['salt']), '') AND $user_result['password'] != md5($ilance->GPC['md5pass'] . $user_result['salt']) AND $user_result['password'] != iif($ilance->GPC['md5pass_utf'], md5($ilance->GPC['md5pass_utf'] . $user_result['salt']), ''))
            {
                $badpassword = 1;
            }
        }
        if ($badusername == 0 AND $badpassword == 0)
        {
            if ($user_result['status'] == 'active')
            {
                if (!empty($_SESSION['ilancedata']['user']))
                {
                    // the admin is logging in and has already logged in
                    // previously as a member in another browser window
                                        $_SESSION['ilancedata']['admin'] = array(
                                        "sessionid" => session_id(),
                                        "status" => $user_result['status'],
                                        "userid" => intval($user_result['admin_id']),
                                        "username" => stripslashes($user_result['username']),
                                        "password" => $user_result['password'],
                                        "salt" => $user_result['salt'],
                                        "email" => $user_result['email'],
                                        "lastseen" => $user_result['last_login'],
                                        "ipaddress" => $user_result['ipaddress'],
                                        "iprestrict" => $user_result['iprestrict'],
                                        "isroot" => intval($user_result['isroot']),
                                        "browseragent" => (!empty($_SESSION['ilancedata']['user']['browseragent']) ? $_SESSION['ilancedata']['user']['browseragent'] : $_SERVER['HTTP_USER_AGENT']));
                }
                else
                {
                    // we are just logging in as an admin
                    $_SESSION['ilancedata'] = array(
                                        "admin" => array(
                                        "sessionid" => session_id(),
                                        "status" => $user_result['status'],
                                        "userid" => intval($user_result['admin_id']),
                                        "username" => stripslashes($user_result['username']),
                                        "password" => $user_result['password'],
                                        "salt" => $user_result['salt'],
                                        "email" => $user_result['email'],
                                        "lastseen" => $user_result['last_login'],
                                        "ipaddress" => $user_result['ipaddress'],
                                        "iprestrict" => $user_result['iprestrict'],
                                        "isroot" => intval($user_result['isroot']),
                                        "browseragent" => (!empty($_SESSION['ilancedata']['user']['browseragent']) ? $_SESSION['ilancedata']['user']['browseragent'] : $_SERVER['HTTP_USER_AGENT'])));
                }
 
                                // create remember me cookies for admin (used for auto-admin logins)
                if (isset($ilance->GPC['remember']) AND $ilance->GPC['remember'] == 1)
                { 
                    setcookie($ilconfig['globalsecurity_cookiename'].'[admin][userid]', $ilance->crypt->three_layer_encrypt($_SESSION['ilancedata']['admin']['userid'], $ilconfig['key1'], $ilconfig['key2'], $ilconfig['key3']), TIMESTAMPNOW+31622400, '/', '');
                    setcookie($ilconfig['globalsecurity_cookiename'].'[admin][password]', $ilance->crypt->three_layer_encrypt($_SESSION['ilancedata']['admin']['password'], $ilconfig['key1'], $ilconfig['key2'], $ilconfig['key3']), TIMESTAMPNOW+31622400, '/', '');
                    setcookie($ilconfig['globalsecurity_cookiename'].'[admin][username]', $ilance->crypt->three_layer_encrypt($_SESSION['ilancedata']['admin']['username'], $ilconfig['key1'], $ilconfig['key2'], $ilconfig['key3']), TIMESTAMPNOW+31622400, '/', '');
                }
                                
                                // remember users last visit and last hit activity
                setcookie($ilconfig['globalsecurity_cookiename'].'[admin][lastvisit]', DATETIME24H, TIMESTAMPNOW+31622400, '/', '');
                setcookie($ilconfig['globalsecurity_cookiename'].'[admin][lastactivity]', DATETIME24H, TIMESTAMPNOW+31622400, '/', '');
                                
                // update admins ip address
                $ilance->db->query("UPDATE ".DB_PREFIX."admin
                SET ipaddress = '".mysql_real_escape_string($_SERVER['REMOTE_ADDR'])."',
                last_login = '".DATETIME24H."'
                WHERE admin_id = '".$user_result['admin_id']."'
                LIMIT 1");
                if (isset($ilance->GPC['redirect']) AND $ilance->GPC['redirect'] != '')
                {
                    refresh($ilance->GPC['redirect']);
                    exit();
                }
                else
                {
                    // redirect to admin dashboard
                    refresh($ilpage['dashboard'], HTTPS_SERVER_ADMIN . $ilpage['dashboard']);
                    exit();
                }
            }
            else if ($user_result['status'] == 'suspended')
            {
                refresh($ilpage['login'].'?error=suspended');   
                exit();
            }
            else
            {
                refresh($ilpage['login'].'?error=1');
                exit();
            }
        }
        else
        {
            if ($ilconfig['globalsecurity_emailonfailedlogins'] == 1)
            {
                $ilance->db->query("INSERT INTO ".DB_PREFIX."failed_logins
                (id, attempted_username, attempted_password, referrer_page, ip_address, datetime_failed)
                VALUES(
                NULL,
                '".mysql_real_escape_string($ilance->GPC['username'])."',
                '".mysql_real_escape_string($ilance->GPC['password'])."',
                '".mysql_real_escape_string(getenv('REFERRER'))."',
                '".mysql_real_escape_string(getenv('REMOTE_ADDR'))."',
                '".DATETIME24H."')");
                
                ######################################
                # ILANCE => EMAIL TEMPLATE ENGINE V1.0
                ######################################
                # GRAB EMAIL: ID=76, NAME=Failed Login Attempt - Admin
                $query1="SELECT ";
                $query1.="subject_".fetch_site_slng().", ";
                $query1.="message_".fetch_site_slng()." ";
                $query1.="FROM ";
                $query1.=DB_PREFIX."email ";
                $query1.="WHERE ";
                $query1.="varname='failed_login_attempt_admin'";
                $runit=$ilance->db->query($query1);
                $rs1=$ilance->db->fetch_array($runit);
                
                $subject=stripslashes(trim($rs1[0]));
                $message=stripslashes(trim($rs1[1]));
                
                $subject=str_replace("{{remote_addr}}", getenv('REMOTE_ADDR'), $subject);
                $subject=str_replace("{{num_attempts}}", $sel_attempts_array['num_attempts'], $subject);
                $subject=str_replace("{{date_time}}", DATETIME24H, $subject);
                $subject=str_replace("{{referrer}}", getenv('REFERRER'), $subject);
                $subject=str_replace("{{username}}", $ilance->GPC['username'], $subject);
                $subject=str_replace("{{password}}", $ilance->GPC['password'], $subject);
                $subject=str_replace("{{site_name}}", SITE_NAME, $subject);
                $subject=str_replace("{{https_server}}", HTTPS_SERVER, $subject);
                $subject=str_replace("{{http_server}}", HTTP_SERVER, $subject);
                $subject=str_replace("{{generate_date}}", apiDate(DATETIME24H, $ilconfig['globalserverlocale_globaltimeformat'], 0, 0), $subject);
                
                $message=str_replace("{{remote_addr}}", getenv('REMOTE_ADDR'), $message);
                $message=str_replace("{{num_attempts}}", $sel_attempts_array['num_attempts'], $message);
                $message=str_replace("{{date_time}}", DATETIME24H, $message);
                $message=str_replace("{{referrer}}", getenv('REFERRER'), $message);
                $message=str_replace("{{username}}", $ilance->GPC['username'], $message);
                $message=str_replace("{{password}}", $ilance->GPC['password'], $message);
                $message=str_replace("{{site_name}}", SITE_NAME, $message);
                $message=str_replace("{{site_title}}", SITE_TITLE, $message);
                $message=str_replace("{{site_email}}", SITE_EMAIL, $message);
                $message=str_replace("{{site_phone}}", SITE_PHONE, $message);
                $message=str_replace("{{site_address}}", SITE_ADDRESS, $message);
                $message=str_replace("{{http_server_admin}}", HTTP_SERVER_ADMIN, $message);
                $message=str_replace("{{https_server_admin}}", HTTPS_SERVER_ADMIN, $message);
                $message=str_replace("{{https_server}}", HTTPS_SERVER, $message);
                $message=str_replace("{{http_server}}", HTTP_SERVER, $message);
                $message=str_replace("{{generate_date}}", apiDate(DATETIME24H, $ilconfig['globalserverlocale_globaltimeformat'], 0, 0), $message);
                $message=str_replace("{{email_id}}", "76", $message);
                api_email(SITE_EMAIL, $subject, $message, SITE_EMAIL);
                refresh($ilpage['login'] . '?error=1', HTTPS_SERVER_ADMIN . $ilpage['login'] . '?error=1');
                exit();
            }
            else
            {
                refresh($ilpage['login'] . '?error=1', HTTPS_SERVER_ADMIN . $ilpage['login'] . '?error=1');
                exit(); 
            }
        }
    }
    else
    {
        refresh($ilpage['login'] . '?error=1', HTTPS_SERVER_ADMIN . $ilpage['login'] . '?error=1');
        exit(); 
    }
}
 
// #### RENEW PASSWORD #########################################################
if (isset($ilance->GPC['cmd']) AND $ilance->GPC['cmd'] == '_pw-renew')
{
    $area_title = $phrase['_request_account_password'];
    $page_title = SITE_NAME.' - '.$phrase['_request_account_password'];
 
    // javascript header includes
    $headinclude .= '
    <script type="text/javascript">
    <!--
    function validatePWR(f)
    {
        haveerrors = 0;
        (f.username.value.length < 1) ? showImage("usernameerror", "'.$ilconfig['template_relativeimagepath'].$ilconfig['template_imagesfolder'].'misc/fieldempty.gif", true) : showImage("usernameerror", "'.$ilconfig['template_relativeimagepath'].$ilconfig['template_imagesfolder'].'misc/blankimage.gif", false);
        (f.phone.value.length < 1) ? showImage("phoneerror", "'.$ilconfig['template_relativeimagepath'].$ilconfig['template_imagesfolder'].'misc/fieldempty.gif", true) : showImage("phoneerror", "'.$ilconfig['template_relativeimagepath'].$ilconfig['template_imagesfolder'].'misc/blankimage.gif", false);
        return (!haveerrors);
    }
    // -->
    </script>
    ';
    
    $ilance->template->load_file('main', 'password_renewal_login.html');
    $ilance->template->parse_hash('main', array('ilpage' => $ilpage));
    $ilance->template->parse_if_blocks('main');
    $ilance->template->pprint('main', array('userid','input_style','remote_addr','rid','login_include','bgcolor','headinclude','onload','area_title','page_title','site_name','https_server','http_server','lanceads_header','lanceads_footer'));
    exit();
}
else if (isset($ilance->GPC['cmd']) AND $ilance->GPC['cmd'] == '_do-pw-request' 
    AND isset($ilance->GPC['username']))
{
    $username = strip_tags(mysql_real_escape_string($ilance->GPC['username']));
    $phone = strip_tags(mysql_real_escape_string(trim($ilance->GPC['phone'])));
    
    $sql = $ilance->db->query("SELECT email, username, secretquestion, phone FROM ".DB_PREFIX."users
    WHERE username = '".$username."'
    AND phone LIKE ('%".$phone."%')");
    if ($ilance->db->num_rows($sql) > 0)
    {
        $res = $ilance->db->fetch_array($sql);
        $email = $res['email'];
        $secret_question = stripslashes($res['secretquestion']);
        $username = stripslashes($res['username']);
        $area_title = $phrase['_change_account_password_verification'];
        $page_title = SITE_NAME.' - '.$phrase['_change_account_password_verification'];
        $headinclude .= '
        <script type="text/javascript">
        <!--
        function validateSAForm(f)
        {
            haveerrors = 0;
            (f.secretanswer.value.length < 1) ? showImage("secretanswererror", "'.$ilconfig['template_relativeimagepath'].$ilconfig['template_imagesfolder'].'misc/fieldempty.gif", true) : showImage("secretanswererror", "'.$ilconfig['template_relativeimagepath'].$ilconfig['template_imagesfolder'].'misc/blankimage.gif", false);
            return (!haveerrors);
        }
        //-->
        </script>';
        $ilance->template->load_file('main', 'password_change.html');
        $ilance->template->parse_hash('main', array('ilpage' => $ilpage));
        $ilance->template->parse_if_blocks('main');
        $ilance->template->pprint('main', array('username','secret_question','userid','input_style','remote_addr','rid','login_include','bgcolor','headinclude','onload','area_title','page_title','site_name','https_server','http_server','lanceads_header','lanceads_footer'));
        exit();
    }
    else
    {
        $area_title = $phrase['_request_account_password_denied'];
        $page_title = SITE_NAME.' - '.$phrase['_request_account_password_denied'];
 
        // javascript header includes
        $headinclude .= '
        <script type="text/javascript">
        <!--
        function validatePWR(f)
        {
            haveerrors = 0;
            (f.username.value.length < 1) ? showImage("usernameerror", "'.$ilconfig['template_relativeimagepath'].$ilconfig['template_imagesfolder'].'misc/fieldempty.gif", true) : showImage("usernameerror", "'.$ilconfig['template_relativeimagepath'].$ilconfig['template_imagesfolder'].'misc/blankimage.gif", false);
            (f.phone.value.length < 1) ? showImage("phoneerror", "'.$ilconfig['template_relativeimagepath'].$ilconfig['template_imagesfolder'].'misc/fieldempty.gif", true) : showImage("phoneerror", "'.$ilconfig['template_relativeimagepath'].$ilconfig['template_imagesfolder'].'misc/blankimage.gif", false);
            return (!haveerrors);
        }
        //-->
        </script>';
        $ilance->template->load_file('main', 'password_renewal_denied.html');
        $ilance->template->parse_hash('main', array('ilpage' => $ilpage));
        $ilance->template->parse_if_blocks('main');
        $ilance->template->pprint('main',   array('userid','input_style','remote_addr','rid','login_include','bgcolor','headinclude','onload','area_title','page_title','site_name','https_server','http_server','lanceads_header','lanceads_footer'));
        exit();
    }
}
else if (isset($ilance->GPC['cmd']) AND $ilance->GPC['cmd'] == 'password-change'
        AND isset($ilance->GPC['secretanswer'])
        AND isset($ilance->GPC['username']))
{
    $secretanswer = strip_tags(mysql_real_escape_string($ilance->GPC['secretanswer']));
    $secretanswermd5 = md5($secretanswer);
    $username = strip_tags(mysql_real_escape_string($ilance->GPC['username']));
    
    $sql = $ilance->db->query("SELECT user_id, secretanswer, email FROM ".DB_PREFIX."users
    WHERE username = '".$username."'
    LIMIT 1");
    if ($ilance->db->num_rows($sql) > 0)
    {
        $res = $ilance->db->fetch_array($sql);
        $email = $res['email'];
        $userid = $res['user_id'];
        $secretanswerdb = stripslashes($res['secretanswer']);
    }
    else
    {
        $area_title = $phrase['_request_account_password_denied'];
        $page_title = SITE_NAME.' - '.$phrase['_request_account_password_denied'];
 
        // javascript header includes
        $headinclude .= '
        <script type="text/javascript">
        <!--
        function validatePWR(f)
        {
            haveerrors = 0;
            (f.username.value.length < 1) ? showImage("usernameerror", "'.$ilconfig['template_relativeimagepath'].$ilconfig['template_imagesfolder'].'misc/fieldempty.gif", true) : showImage("usernameerror", "'.$ilconfig['template_relativeimagepath'].$ilconfig['template_imagesfolder'].'misc/blankimage.gif", false);
            (f.phone.value.length < 1) ? showImage("phoneerror", "'.$ilconfig['template_relativeimagepath'].$ilconfig['template_imagesfolder'].'misc/fieldempty.gif", true) : showImage("phoneerror", "'.$ilconfig['template_relativeimagepath'].$ilconfig['template_imagesfolder'].'misc/blankimage.gif", false);
            return (!haveerrors);
        }
        //-->
        </script>';
        $ilance->template->load_file('main', 'password_renewal_denied.html');
        $ilance->template->parse_hash('main', array('ilpage' => $ilpage));
                $ilance->template->parse_if_blocks('main');
        $ilance->template->pprint('main', array('userid','input_style','remote_addr','rid','login_include','bgcolor','headinclude','onload','area_title','page_title','site_name','https_server','http_server','lanceads_header','lanceads_footer'));
        exit();
    }
    
    if ($secretanswermd5 == $secretanswerdb)
    {
                $salt = construct_password_salt($length = 5);
        $newpassword = construct_password(8);
        $newpasswordmd5 = md5(md5($newpassword) . $salt);
        
        $ilance->db->query("UPDATE ".DB_PREFIX."users
        SET password = '".mysql_real_escape_string($newpasswordmd5)."',
        salt = '".mysql_real_escape_string($salt)."' 
        WHERE user_id = '".intval($userid)."'
        LIMIT 1");
        
        #######################################
        ## ILANCE => EMAIL TEMPLATE ENGINE V1.0
        #######################################
        ## GRAB EMAIL: ID=84, NAME=Password Recovery Renewed - Customer
        $query1="SELECT ";
        $query1.="subject_".$_SESSION['ilancedata']['user']['slng'].", ";
        $query1.="message_".$_SESSION['ilancedata']['user']['slng']." ";
        $query1.="FROM ";
        $query1.=DB_PREFIX."email ";
        $query1.="WHERE ";
        $query1.="varname='password_renewed'";
        $runit=$ilance->db->query($query1);
        $rs1=$ilance->db->fetch_array($runit);
 
        $subject=stripslashes(trim($rs1[0]));
        $message=stripslashes(trim($rs1[1]));
        
        $subject=str_replace("{{username}}", $username, $subject);
        $subject=str_replace("{{site_name}}", SITE_NAME, $subject);
        $subject=str_replace("{{https_server}}", HTTPS_SERVER, $subject);
        $subject=str_replace("{{http_server}}", HTTP_SERVER, $subject);
        $subject=str_replace("{{generate_date}}", apiDate(DATETIME24H, $ilconfig['globalserverlocale_globaltimeformat'], 0, 0), $subject);
 
        $message=str_replace("{{username}}", $username, $message);
        $message=str_replace("{{password}}", $newpassword, $message);
        $message=str_replace("{{site_name}}", SITE_NAME, $message);
        $message=str_replace("{{site_title}}", SITE_TITLE, $message);
        $message=str_replace("{{site_email}}", SITE_EMAIL, $message);
        $message=str_replace("{{site_phone}}", SITE_PHONE, $message);
        $message=str_replace("{{site_address}}", SITE_ADDRESS, $message);
        $message=str_replace("{{http_server_admin}}", HTTP_SERVER_ADMIN, $message);
        $message=str_replace("{{https_server_admin}}", HTTPS_SERVER_ADMIN, $message);
        $message=str_replace("{{https_server}}", HTTPS_SERVER, $message);
        $message=str_replace("{{http_server}}", HTTP_SERVER, $message);
        $message=str_replace("{{generate_date}}", apiDate(DATETIME24H, $ilconfig['globalserverlocale_globaltimeformat'], 0, 0), $message);
        $message=str_replace("{{email_id}}", "84", $message);
        api_email($email, $subject, $message, SITE_EMAIL);
        $area_title = $phrase['_account_password_renewal_success'];
        $page_title = SITE_NAME.' - '.$phrase['_account_password_renewal_success'];
        print_notice($phrase['_your_account_password_was_changed'], $phrase['_you_have_successfully_renewed_the_password_for_your_online_account'], $ilpage['login'], $phrase['_login_to_your_account']);
        exit();
    }
    else
    {
        $username = strip_tags(mysql_real_escape_string($ilance->GPC['username']));
        $sql = $ilance->db->query("SELECT email FROM ".DB_PREFIX."users
        WHERE username = '".$username."'");
        if ($ilance->db->num_rows($sql) > 0)
        {
            $res = $ilance->db->fetch_array($sql);
            $email = $res['email'];
            $ip = $_SERVER['REMOTE_ADDR'];
            $agent = $_SERVER['HTTP_USER_AGENT'];
            
            #######################################
            ## ILANCE => EMAIL TEMPLATE ENGINE V1.0
            #######################################
            ## GRAB EMAIL: ID=192, NAME=Password Recovery Attempt Denied - Customer
            $query1="SELECT ";
            $query1.="subject_".$_SESSION['ilancedata']['user']['slng'].", ";
            $query1.="message_".$_SESSION['ilancedata']['user']['slng']." ";
            $query1.="FROM ";
            $query1.=DB_PREFIX."email ";
            $query1.="WHERE ";
            $query1.="varname='password_recovery_denied'";
            $runit=$ilance->db->query($query1);
            $rs1=$ilance->db->fetch_array($runit);
            
            $subject=stripslashes(trim($rs1[0]));
            $message=stripslashes(trim($rs1[1]));
            
            $subject=str_replace("{{username}}", $username, $subject);
            $subject=str_replace("{{ipaddress}}", $ip, $subject);
            $subject=str_replace("{{site_name}}", SITE_NAME, $subject);
            $subject=str_replace("{{https_server}}", HTTPS_SERVER, $subject);
            $subject=str_replace("{{http_server}}", HTTP_SERVER, $subject);
            $subject=str_replace("{{generate_date}}", apiDate(DATETIME24H, $ilconfig['globalserverlocale_globaltimeformat'], 0, 0), $subject);
 
            $message=str_replace("{{username}}", $username, $message);
            $message=str_replace("{{ipaddress}}", $ip, $message);
            $message=str_replace("{{agent}}", $agent, $message);
            $message=str_replace("{{site_name}}", SITE_NAME, $message);
            $message=str_replace("{{site_title}}", SITE_TITLE, $message);
            $message=str_replace("{{site_email}}", SITE_EMAIL, $message);
            $message=str_replace("{{site_phone}}", SITE_PHONE, $message);
            $message=str_replace("{{site_address}}", SITE_ADDRESS, $message);
            $message=str_replace("{{http_server_admin}}", HTTP_SERVER_ADMIN, $message);
            $message=str_replace("{{https_server_admin}}", HTTPS_SERVER_ADMIN, $message);
            $message=str_replace("{{https_server}}", HTTPS_SERVER, $message);
            $message=str_replace("{{http_server}}", HTTP_SERVER, $message);
            $message=str_replace("{{generate_date}}", apiDate(DATETIME24H, $ilconfig['globalserverlocale_globaltimeformat'], 0, 0), $message);
            $message=str_replace("{{email_id}}", "192", $message);
            api_email($email, $subject, $message, SITE_EMAIL);
            
            $area_title = $phrase['_request_account_password_denied'];
            $page_title = SITE_NAME.' - '.$phrase['_request_account_password_denied'];
            
            // javascript header includes
            $headinclude .= '
            <script type="text/javascript">
            <!--
            function validatePWR(f)
            {
                haveerrors = 0;
                (f.username.value.length < 1) ? showImage("usernameerror", "'.$ilconfig['template_relativeimagepath'].$ilconfig['template_imagesfolder'].'misc/fieldempty.gif", true) : showImage("usernameerror", "'.$ilconfig['template_relativeimagepath'].$ilconfig['template_imagesfolder'].'misc/blankimage.gif", false);
                (f.phone.value.length < 1) ? showImage("phoneerror", "'.$ilconfig['template_relativeimagepath'].$ilconfig['template_imagesfolder'].'misc/fieldempty.gif", true) : showImage("phoneerror", "'.$ilconfig['template_relativeimagepath'].$ilconfig['template_imagesfolder'].'misc/blankimage.gif", false);
                return (!haveerrors);
            }
            // -->
            </script>';
            $ilance->template->load_file('main', 'password_renewal_denied.html');
            $ilance->template->parse_hash('main', array('ilpage' => $ilpage));
            $ilance->template->parse_if_blocks('main');
            $ilance->template->pprint('main',   array('userid','input_style','remote_addr','rid','login_include','bgcolor','headinclude','onload','area_title','page_title','site_name','https_server','http_server','lanceads_header','lanceads_footer'));
            exit();
        }
        else
        {
            $area_title = $phrase['_request_account_password_denied'];
            $page_title = SITE_NAME.' - '.$phrase['_request_account_password_denied'];
 
            // javascript header includes
            $headinclude .= '
            <script type="text/javascript">
            <!--
            function validatePWR(f)
            {
                haveerrors = 0;
                s(f.username.value.length < 1) ? showImage("usernameerror", "'.$ilconfig['template_relativeimagepath'].$ilconfig['template_imagesfolder'].'misc/fieldempty.gif", true) : showImage("usernameerror", "'.$ilconfig['template_relativeimagepath'].$ilconfig['template_imagesfolder'].'misc/blankimage.gif", false);
                (f.phone.value.length < 1) ? showImage("phoneerror", "'.$ilconfig['template_relativeimagepath'].$ilconfig['template_imagesfolder'].'misc/fieldempty.gif", true) : showImage("phoneerror", "'.$ilconfig['template_relativeimagepath'].$ilconfig['template_imagesfolder'].'misc/blankimage.gif", false);
                return (!haveerrors);
            }
            // -->
            </script>';
            $ilance->template->load_file('main', 'password_renewal_denied.html');
            $ilance->template->parse_hash('main', array('ilpage' => $ilpage));
            $ilance->template->parse_if_blocks('main');
            $ilance->template->pprint('main',   array('userid','input_style','remote_addr','rid','login_include','bgcolor','headinclude','onload','area_title','page_title','site_name','https_server','http_server','lanceads_header','lanceads_footer'));
            exit();
        }
    }
}
else
{
    if(empty($_COOKIE['ilancedata']['username']))
        $onload='document.login.username.focus();';
    else
        $onload='document.login.password.focus();';
        
    if (!empty($_SESSION['ilancedata']['user']['userid']) AND $_SESSION['ilancedata']['user']['userid'] > 0)
    {
        $area_title = $phrase['_already_logged_in_menu'];
        $page_title = SITE_NAME.' - '.$phrase['_already_logged_in_menu'];
        refresh($ilpage['main']);
        exit();
    }
    else
    {
        $area_title = $phrase['_login_area_menu'];
        $page_title = SITE_NAME.' - '.$phrase['_login_area_menu'];
        if (!empty($_COOKIE[$ilconfig['globalsecurity_cookiename']]['rid']))
        {
            $rid = trim($_COOKIE[$ilconfig['globalsecurity_cookiename']]['rid']);
        }
        
        $user_cookie = '';
        if (!empty($_COOKIE[$ilconfig['globalsecurity_cookiename']]['username']))
        {
            $user_cookie = $ilance->crypt->three_layer_decrypt($_COOKIE[$ilconfig['globalsecurity_cookiename']]['username'], $ilconfig['key1'], $ilconfig['key2'], $ilconfig['key3']);
        }
        $ilance->template->load_file('main', 'login.html');
        $ilance->template->parse_hash('main', array('ilpage' => $ilpage));
        $ilance->template->parse_if_blocks('main');
        $ilance->template->pprint('main', array('remember_checked','formid','input_style','redirect','referer','securekey_hidden','rid','login','user_cookie','enter_username','enter_password','buyer_login','seller_login','clientip','rem_cookies','how_t','in_y','place_bids','register_as_provider','register_as_buyer','retreive_password','login_include','headinclude','onload','area_title','page_title','site_name','https_server','http_server','lanceads_header','lanceads_footer'));
        exit();
    }
}
?>
User avatar
Syntac
Forum Contributor
Posts: 327
Joined: Sun Sep 14, 2008 7:59 pm

Re: what to look for?

Post by Syntac »

?
User avatar
requinix
Spammer :|
Posts: 6617
Joined: Wed Oct 15, 2008 2:35 am
Location: WA, USA

Re: what to look for?

Post by requinix »

If you quote him you'll see the message.
Slight editing to prevent horrible page breakage
esmarts wrote:OK
I know some of the changes from php4 to php5 and most of them are minor ones with no effect really with the output of php4 scripts running in php5

But I am getting a login redirect loop

Login query's the DB and verifies login credentials

then redirects to the member page

then redirects back to the login page!

What functions should I look for that would be not working in a php5 environment.
The script runs flawless in php4....


Here is the login page

Code: Select all

<?php
 
$phrase['groups'] = array(
'preferences');
 
define('LOCATION','login');
define('MD5_INCLUDE','md5');
 
require_once('./functions/core.config.inc.php');
$navcrumb = array("$ilpage[login]" => $ilcrumbs["$ilpage[login]"]);
 
// #### MEMBER LOGIN PROCESS ###################################################
$redirect = isset($ilance->GPC['redirect']) ? $ilance->GPC['redirect'] : '';
if (isset($ilance->GPC['login_process']) AND $ilance->GPC['login_process'] == 1)
{
    $area_title = $phrase['_submitting_login_information'].' . .';
    $page_title = SITE_NAME.' - '.$phrase['_submitting_login_information'];
    $badusername = 1;
    $badpassword = 1;
    if (!empty($ilance->GPC['username']))
    {
        $sqluser = $ilance->db->query("SELECT * FROM ".DB_PREFIX."users
        WHERE username = '".mysql_real_escape_string($ilance->GPC['username'])."'
        LIMIT 1");
        if ($ilance->db->num_rows($sqluser) > 0)
        {
            $user_result = $ilance->db->fetch_array($sqluser);
            $badusername = 0;
            $badpassword = 0;
            if ($user_result['password'] != iif($ilance->GPC['password'] AND !$ilance->GPC['md5pass'], md5(md5($ilance->GPC['password']) . $user_result['salt']), '') AND $user_result['password'] != md5($ilance->GPC['md5pass'] . $user_result['salt']) AND $user_result['password'] != iif($ilance->GPC['md5pass_utf'], md5($ilance->GPC['md5pass_utf'] . $user_result['salt']), ''))
            {
                $badpassword = 1;
            }
        }
        if ($badusername == 0 AND $badpassword == 0)
        {
            // update last seen for this member
            $ilance->db->query("UPDATE ".DB_PREFIX."users
            SET lastseen = '".DATETIME24H."'
            WHERE user_id = '".$user_result['user_id']."'
            LIMIT 1");
            
            // default subscription params
            $subscription_result['subscriptionid'] = 0;
            $subscription_result['active'] = 'no';
            $subscription_plan_result['cost'] = 0;
            
            // fetch user subscription infos
            $sql_subscription_user = $ilance->db->query("SELECT * FROM ".DB_PREFIX."subscription_user
            WHERE user_id = '".$user_result['user_id']."'
            LIMIT 1");
            if ($ilance->db->num_rows($sql_subscription_user) > 0)
            {
                $subscription_result = $ilance->db->fetch_array($sql_subscription_user);
                $sql_subscription_plan = $ilance->db->query("SELECT * FROM ".DB_PREFIX."subscription
                WHERE subscriptionid = '".$subscription_result['subscriptionid']."'
                LIMIT 1");
                if ($ilance->db->num_rows($sql_subscription_plan) > 0)
                {
                    $subscription_plan_result = $ilance->db->fetch_array($sql_subscription_plan);
                }
            }
            if ($user_result['status'] == 'active')
            {
                $sql_prefs = $ilance->db->query("SELECT * FROM ".DB_PREFIX."preferences
                WHERE user_id = '".$user_result['user_id']."'
                LIMIT 1");
                $pref_result = $ilance->db->fetch_array($sql_prefs);
                                    
                $sel_currencies = $ilance->db->query("SELECT * FROM ".DB_PREFIX."currency
                WHERE currency_id = '".$pref_result['currencyid']."'
                LIMIT 1");
                $res_currencies = $ilance->db->fetch_array($sel_currencies);
                                
                // are we still logged in as admin?
                if (!empty($_SESSION['ilancedata']['admin']) AND is_array($_SESSION['ilancedata']['admin']))
                {
                    // globalize user
                    $_SESSION['ilancedata']['user'] = array(
                    // customer
                    "sessionid" => session_id(),
                    "status" => $user_result['status'],
                    "userid" => intval($user_result['user_id']),
                    "username" => stripslashes($user_result['username']),
                    "password" => $user_result['password'],
                    "salt" => $user_result['salt'],
                    "email" => $user_result['email'],
                    "firstname" => stripslashes($user_result['first_name']),
                    "lastname" => stripslashes($user_result['last_name']),
                    "fullname" => $user_result['first_name'] . ' ' . $user_result['last_name'],
                    "address" => ucwords(stripslashes($user_result['address'])),
                    "address2" => ucwords(stripslashes($user_result['address2'])),
                    "fulladdress" => ucwords(stripslashes($user_result['address'])) . ' ' . ucwords(stripslashes($user_result['address2'])),
                    "city" => ucwords(stripslashes($user_result['city'])),
                    "state" => ucwords(stripslashes($user_result['state'])),
                    "postalzip" => strtoupper(trim($user_result['zip_code'])),
                    "countryid" => intval($user_result['country']),
                    "lastseen" => $user_result['lastseen'],
                    "ipaddress" => $user_result['ipaddress'],
                    "iprestrict" => $user_result['iprestrict'],
                    "auctiondelists" => intval($user_result['auctiondelists']),
                    "bidretracts" => intval($user_result['bidretracts']),
                    "warnings" => intval($user_result['warnings']),
                    "warningbans" => intval($user_result['warning_bans']),
                    "warninglevel" => intval($user_result['warning_level']),
                    // referral code
                    "ridcode" => $user_result['rid'],
                    // date of birth
                    "dob" => $user_result['dob'],
                    // customer ratings
                    "serviceawards" => intval($user_result['serviceawards']),
                    "productawards" => intval($user_result['productawards']),
                    "servicerating" => $user_result['servicerating'],
                    "productrating" => $user_result['productrating'],
                    "buyingservicerating" => $user_result['buyingservicerating'],
                    "buyingproductrating" => $user_result['buyingproductrating'],
                    // customer preferences
                    "languageid" => intval($pref_result['languageid']),
                    "timezoneid" => intval($pref_result['timezoneid']),
                    "timezonedst" => $pref_result['timezone_dst'],
                    "distance" => $pref_result['project_distance'],
                    "emailnotify" => intval($pref_result['emailnotify']),
                    "companyname" => stripslashes($pref_result['companyname']),
                    // customer subscription
                    "roleid" => intval($subscription_result['roleid']),
                    "subscriptionid" => intval($subscription_result['subscriptionid']),
                    "cost" => $subscription_plan_result['cost'],
                    "active" => $subscription_result['active'],
                    // customer currency
                    "currencyid" => intval($pref_result['currencyid']),
                    "currencyname" => stripslashes($res_currencies['currency_name']),
                    "currencysymbol" => $ilance->currency->currencies[$pref_result['currencyid']]['symbol_left'],
                    "currencyabbrev" => strtoupper($res_currencies['currency_abbrev']));    
                }
                else
                {
                    // globalize user
                    $_SESSION['ilancedata'] = array(
                    "user" => array(
                    // customer
                    "sessionid" => session_id(),
                    "status" => $user_result['status'],
                    "userid" => intval($user_result['user_id']),
                    "username" => stripslashes($user_result['username']),
                    "password" => $user_result['password'],
                    "salt" => $user_result['salt'],
                    "email" => $user_result['email'],
                    "firstname" => stripslashes($user_result['first_name']),
                    "lastname" => stripslashes($user_result['last_name']),
                    "fullname" => $user_result['first_name'] . ' ' . $user_result['last_name'],
                    "address" => ucwords(stripslashes($user_result['address'])),
                    "address2" => ucwords(stripslashes($user_result['address2'])),
                    "fulladdress" => ucwords(stripslashes($user_result['address'])) . ' ' . ucwords(stripslashes($user_result['address2'])),
                    "city" => ucwords(stripslashes($user_result['city'])),
                    "state" => ucwords(stripslashes($user_result['state'])),
                    "postalzip" => strtoupper(trim($user_result['zip_code'])),
                    "countryid" => intval($user_result['country']),
                    "lastseen" => $user_result['lastseen'],
                    "ipaddress" => $user_result['ipaddress'],
                    "iprestrict" => $user_result['iprestrict'],
                    "auctiondelists" => intval($user_result['auctiondelists']),
                    "bidretracts" => intval($user_result['bidretracts']),
                    "warnings" => intval($user_result['warnings']),
                    "warningbans" => intval($user_result['warning_bans']),
                    "warninglevel" => intval($user_result['warning_level']),
                    // referral code
                    "ridcode" => $user_result['rid'],
                    // date of birth
                    "dob" => $user_result['dob'],
                    // customer ratings
                    "serviceawards" => intval($user_result['serviceawards']),
                    "productawards" => intval($user_result['productawards']),
                    "servicerating" => $user_result['servicerating'],
                    "productrating" => $user_result['productrating'],
                    "buyingservicerating" => $user_result['buyingservicerating'],
                    "buyingproductrating" => $user_result['buyingproductrating'],
                    // customer preferences
                    "languageid" => intval($pref_result['languageid']),
                    "timezoneid" => intval($pref_result['timezoneid']),
                    "timezonedst" => $pref_result['timezone_dst'],
                    "distance" => $pref_result['project_distance'],
                    "emailnotify" => intval($pref_result['emailnotify']),
                    "companyname" => stripslashes($pref_result['companyname']),
                    // customer subscription
                    "roleid" => intval($subscription_result['roleid']),
                    "subscriptionid" => intval($subscription_result['subscriptionid']),
                    "cost" => $subscription_plan_result['cost'],
                    "active" => $subscription_result['active'],
                    // customer currency
                    "currencyid" => intval($pref_result['currencyid']),
                    "currencyname" => stripslashes($res_currencies['currency_name']),
                    "currencysymbol" => $ilance->currency->currencies[$pref_result['currencyid']]['symbol_left'],
                    "currencyabbrev" => strtoupper($res_currencies['currency_abbrev'])));
                }
 
 
                // create remember me cookies for user (used for auto-site logins)
                if (isset($ilance->GPC['remember']) AND $ilance->GPC['remember'])
                {
                    setcookie($ilconfig['globalsecurity_cookiename'].'[userid]', $ilance->crypt->three_layer_encrypt($_SESSION['ilancedata']['user']['userid'], $ilconfig['key1'], $ilconfig['key2'], $ilconfig['key3']), TIMESTAMPNOW+31622400, '/', '');
                    setcookie($ilconfig['globalsecurity_cookiename'].'[password]', $ilance->crypt->three_layer_encrypt($_SESSION['ilancedata']['user']['password'], $ilconfig['key1'], $ilconfig['key2'], $ilconfig['key3']), TIMESTAMPNOW+31622400, '/', '');
                    setcookie($ilconfig['globalsecurity_cookiename'].'[username]', $ilance->crypt->three_layer_encrypt($_SESSION['ilancedata']['user']['username'], $ilconfig['key1'], $ilconfig['key2'], $ilconfig['key3']), TIMESTAMPNOW+31622400, '/', '');
                }
                
                // remember users last visit and last hit activity
                setcookie($ilconfig['globalsecurity_cookiename'].'[lastvisit]', DATETIME24H, TIMESTAMPNOW+31622400, '/', '');
                setcookie($ilconfig['globalsecurity_cookiename'].'[lastactivity]', DATETIME24H, TIMESTAMPNOW+31622400, '/', '');
                if (!empty($redirect))
                {
                    refresh($redirect);
                    exit();
                }
                else if (!empty($pref_result['start_page']))
                {
                    refresh($pref_result['start_page'] . $ilconfig['globalsecurity_extensionmime']);
                    exit();
                }
                else
                {
                    refresh($ilpage['main']."?cmd=cp");
                    exit();
                }
            }
            else if ($user_result['status'] == "suspended")
            {
                refresh($ilpage['login'].'?error=suspended');   
                exit();
            }
            else if ($user_result['status'] == "cancelled")
            {
                refresh($ilpage['login'].'?error=cancelled');   
                exit();
            }
            else if ($user_result['status'] == "unverified")
            {
                refresh($ilpage['login'].'?error=unverified');
                exit();
            }
            elseif ($user_result['status'] == "moderated")
            {
                refresh($ilpage['login'].'?error=moderated');
                exit();
            }
            else if ($user_result['status'] == "banned")
            {
                // aparently, this user appears to be banned
                if (isset($show['warnings']) AND $show['warnings'])
                {
                    if (!empty($user_result['user_id']) AND $user_result['user_id'] > 0)
                    {
                        $sqlb = $ilance->db->query("SELECT * FROM ".DB_PREFIX."warnings_bans
                        WHERE banuserid = '".intval($user_result['user_id'])."'
                        AND banstatus = '1'
                        LIMIT 1");
                        if ($ilance->db->num_rows($sqlb) > 0)
                        {
                            $resban = $ilance->db->fetch_array($sqlb);
                            $datesplit = explode('-', $resban['banliftdate']);
                            $daysleft = $ilance->datetime->fetch_days_between(gmdate('m'), gmdate('d'), gmdate('Y'), $datesplit[1], $datesplit[2], $datesplit[0]);
                            print_notice($phrase['_you_have_been_banned_from_the_marketplace'], $phrase['_you_have_been_banned_from_the_marketplace'].".  You have <strong>$daysleft</strong> days remaining for this ban to mature.<br />If you would like to dispute this ban, contact our staff.", $ilpage['main'].'?cmd=contact&subcmd=banned', $phrase['_contact_customer_support']);
                            exit();
                        }
                        else 
                        {
                            print_notice($phrase['_you_have_been_banned_from_the_marketplace'], $phrase['_you_have_been_banned_from_the_marketplace'].".<br />If you would like to dispute this ban, contact our staff.", $ilpage['main'].'?cmd=contact&subcmd=banned', $phrase['_contact_customer_support']);
                            exit();
                        }
                    }
                }
                else 
                {
                    print_notice($phrase['_you_have_been_banned_from_the_marketplace'], $phrase['_you_have_been_banned_from_the_marketplace'].".<br />If you would like to dispute this ban, contact our staff.", $ilpage['main'].'?cmd=contact&subcmd=banned', $phrase['_contact_customer_support']);
                    exit();
                }
            }
            else
            {
                refresh($ilpage['login'].'?error=1');
                exit();
            }
        }
        else
        {
            if ($ilconfig['globalsecurity_emailonfailedlogins'])
            {
                // count number of login attempts
                $sel_attempts = $ilance->db->query("SELECT COUNT(*) AS num_attempts FROM ".DB_PREFIX."failed_logins
                WHERE attempted_username = '".mysql_real_escape_string($ilance->GPC['username'])."'");
                $sel_attempts_array = $ilance->db->fetch_array($sel_attempts);
                if ($sel_attempts_array['num_attempts'] >= $ilconfig['globalsecurity_numfailedloginattempts'])
                {
                    // to be added: check if this user is actually a user, if so
                    // send them an email also informing them of a suspicious hack attempt
                }
                $ilance->db->query("INSERT INTO ".DB_PREFIX."failed_logins
                (id, attempted_username, attempted_password, referrer_page, ip_address, datetime_failed)
                VALUES(
                NULL,
                '".mysql_real_escape_string($ilance->GPC['username'])."',
                '".mysql_real_escape_string($ilance->GPC['password'])."',
                '".mysql_real_escape_string($_SERVER['HTTP_REFERER'])."',
                '".mysql_real_escape_string($_SERVER['REMOTE_ADDR'])."',
                '".DATETIME24H."')");
                
                ######################################
                # ILANCE => EMAIL TEMPLATE ENGINE V1.0
                ######################################
                # GRAB EMAIL: ID=76, NAME=Failed Login Attempt - Admin
                $query1="SELECT ";
                $query1.="subject_".fetch_site_slng().", ";
                $query1.="message_".fetch_site_slng()." ";
                $query1.="FROM ";
                $query1.=DB_PREFIX."email ";
                $query1.="WHERE ";
                $query1.="varname='failed_login_attempt_admin'";
                $runit=$ilance->db->query($query1);
                $rs1=$ilance->db->fetch_array($runit);
                
                $subject=stripslashes(trim($rs1[0]));
                $message=stripslashes(trim($rs1[1]));
                
                $subject=str_replace("{{remote_addr}}", mysql_real_escape_string($_SERVER['REMOTE_ADDR']), $subject);
                $subject=str_replace("{{num_attempts}}", $sel_attempts_array['num_attempts'], $subject);
                $subject=str_replace("{{date_time}}", DATETIME24H, $subject);
                $subject=str_replace("{{referrer}}", mysql_real_escape_string($_SERVER['HTTP_REFERER']), $subject);
                $subject=str_replace("{{username}}", $ilance->GPC['username'], $subject);
                $subject=str_replace("{{password}}", $ilance->GPC['password'], $subject);
                $subject=str_replace("{{site_name}}", SITE_NAME, $subject);
                $subject=str_replace("{{https_server}}", HTTPS_SERVER, $subject);
                $subject=str_replace("{{http_server}}", HTTP_SERVER, $subject);
                $subject=str_replace("{{generate_date}}", apiDate(DATETIME24H, $ilconfig['globalserverlocale_globaltimeformat'], 0, 0), $subject);
 
                $message=str_replace("{{remote_addr}}", mysql_real_escape_string($_SERVER['REMOTE_ADDR']), $message);
                $message=str_replace("{{num_attempts}}", $sel_attempts_array['num_attempts'], $message);
                $message=str_replace("{{date_time}}", DATETIME24H, $message);
                $message=str_replace("{{referrer}}", mysql_real_escape_string($_SERVER['HTTP_REFERER']), $message);
                $message=str_replace("{{username}}", $ilance->GPC['username'], $message);
                $message=str_replace("{{password}}", $ilance->GPC['password'], $message);
                $message=str_replace("{{site_name}}", SITE_NAME, $message);
                $message=str_replace("{{site_title}}", SITE_TITLE, $message);
                $message=str_replace("{{site_email}}", SITE_EMAIL, $message);
                $message=str_replace("{{site_phone}}", SITE_PHONE, $message);
                $message=str_replace("{{site_address}}", SITE_ADDRESS, $message);
                $message=str_replace("{{http_server_admin}}", HTTP_SERVER_ADMIN, $message);
                $message=str_replace("{{https_server_admin}}", HTTPS_SERVER_ADMIN, $message);
                $message=str_replace("{{https_server}}", HTTPS_SERVER, $message);
                $message=str_replace("{{http_server}}", HTTP_SERVER, $message);
                $message=str_replace("{{generate_date}}", apiDate(DATETIME24H, $ilconfig['globalserverlocale_globaltimeformat'], 0, 0), $message);
                $message=str_replace("{{email_id}}", "76", $message);
                api_email(SITE_EMAIL, $subject,$message, SITE_EMAIL);
                refresh($ilpage['login'].'?error=1');   
                exit();
            }
            else
            {
                refresh($ilpage['login'].'?error=1');
                exit(); 
            }
        }
    }
    else
    {
        refresh($ilpage['login'].'?error=1');
        exit(); 
    }
}
 
// #### MEMBER LOGOUT REQUEST ##################################################
if (isset($ilance->GPC['cmd']) AND $ilance->GPC['cmd'] == '_logout')
{
    $area_title = $phrase['_logging_out_of_marketplace'];
    $page_title = $phrase['_logging_out_of_marketplace'];
 
    // keep last visit and last activity cookie .-)
    setcookie($ilconfig['globalsecurity_cookiename'].'[lastvisit]', DATETIME24H, TIMESTAMPNOW+31556926, '/', '');
    setcookie($ilconfig['globalsecurity_cookiename'].'[lastactivity]', DATETIME24H, TIMESTAMPNOW+31622400, '/', '');
    
    // expire member specific cookies so the marketplace doesn't re-login user in automatically
        // leave username cookie alone so the marketplace can greet the member by username (login, breadcrumb, etc)
    setcookie($ilconfig['globalsecurity_cookiename'].'[userid]', '', 0, '/', '');
    setcookie($ilconfig['globalsecurity_cookiename'].'[password]', '', 0, '/', '');
    
    // expire any checkboxes selected in this session
    setcookie('ilance_inlineproduct', '', 0, '/', '');
    setcookie('ilance_inlineservice', '', 0, '/', '');
    setcookie('ilance_inlineprovider', '', 0, '/', '');
    
 
    if (!empty($_SESSION['ilancedata']['admin']) AND is_array($_SESSION['ilancedata']['admin']))
    {
        // destroy partial member session
        // we are a user requesting to logout but we're also logged in as an admin in another window..
        // if we destroy entire session then the admin session is also lost.. :(
        // to avoid this let's just flush out the user session array and leave
        // the admin session in tact
        $_SESSION['ilancedata']['user'] = '';
        $_SESSION['ilancedata']['user'] = array();
    }
    else
    {
        // destroy entire member session
        session_unset();
        $ilance->sessions->sess_destroy(session_id());
        session_destroy();  
    }
    
        // refresh page to set new sessions to empty values
    refresh($ilpage['login']);
    exit();
}
 
// #### ADMINCP LOGIN HANDLER ##################################################
else if (isset($ilance->GPC['login_process']) AND $ilance->GPC['login_process'] == 2)
{
    $area_title = $phrase['_submitting_login_information'].' . .';
    $page_title = SITE_NAME.' - '.$phrase['_submitting_login_information'];
    $badusername = 1;
    $badpassword = 1;
    if (isset($ilance->GPC['username']))
    {
        $sqluser = $ilance->db->query("SELECT * FROM ".DB_PREFIX."admin
        WHERE username = '".mysql_real_escape_string($ilance->GPC['username'])."'
        LIMIT 1");
        if ($ilance->db->num_rows($sqluser) > 0)
        {
            $user_result = $ilance->db->fetch_array($sqluser);
            $badusername = 0;
            $badpassword = 0;
            if ($user_result['password'] != iif($ilance->GPC['password'] AND !$ilance->GPC['md5pass'], md5(md5($ilance->GPC['password']) . $user_result['salt']), '') AND $user_result['password'] != md5($ilance->GPC['md5pass'] . $user_result['salt']) AND $user_result['password'] != iif($ilance->GPC['md5pass_utf'], md5($ilance->GPC['md5pass_utf'] . $user_result['salt']), ''))
            {
                $badpassword = 1;
            }
        }
        if ($badusername == 0 AND $badpassword == 0)
        {
            if ($user_result['status'] == 'active')
            {
                if (!empty($_SESSION['ilancedata']['user']))
                {
                    // the admin is logging in and has already logged in
                    // previously as a member in another browser window
                                        $_SESSION['ilancedata']['admin'] = array(
                                        "sessionid" => session_id(),
                                        "status" => $user_result['status'],
                                        "userid" => intval($user_result['admin_id']),
                                        "username" => stripslashes($user_result['username']),
                                        "password" => $user_result['password'],
                                        "salt" => $user_result['salt'],
                                        "email" => $user_result['email'],
                                        "lastseen" => $user_result['last_login'],
                                        "ipaddress" => $user_result['ipaddress'],
                                        "iprestrict" => $user_result['iprestrict'],
                                        "isroot" => intval($user_result['isroot']),
                                        "browseragent" => (!empty($_SESSION['ilancedata']['user']['browseragent']) ? $_SESSION['ilancedata']['user']['browseragent'] : $_SERVER['HTTP_USER_AGENT']));
                }
                else
                {
                    // we are just logging in as an admin
                    $_SESSION['ilancedata'] = array(
                                        "admin" => array(
                                        "sessionid" => session_id(),
                                        "status" => $user_result['status'],
                                        "userid" => intval($user_result['admin_id']),
                                        "username" => stripslashes($user_result['username']),
                                        "password" => $user_result['password'],
                                        "salt" => $user_result['salt'],
                                        "email" => $user_result['email'],
                                        "lastseen" => $user_result['last_login'],
                                        "ipaddress" => $user_result['ipaddress'],
                                        "iprestrict" => $user_result['iprestrict'],
                                        "isroot" => intval($user_result['isroot']),
                                        "browseragent" => (!empty($_SESSION['ilancedata']['user']['browseragent']) ? $_SESSION['ilancedata']['user']['browseragent'] : $_SERVER['HTTP_USER_AGENT'])));
                }
 
                                // create remember me cookies for admin (used for auto-admin logins)
                if (isset($ilance->GPC['remember']) AND $ilance->GPC['remember'] == 1)
                { 
                    setcookie($ilconfig['globalsecurity_cookiename'].'[admin][userid]', $ilance->crypt->three_layer_encrypt($_SESSION['ilancedata']['admin']['userid'], $ilconfig['key1'], $ilconfig['key2'], $ilconfig['key3']), TIMESTAMPNOW+31622400, '/', '');
                    setcookie($ilconfig['globalsecurity_cookiename'].'[admin][password]', $ilance->crypt->three_layer_encrypt($_SESSION['ilancedata']['admin']['password'], $ilconfig['key1'], $ilconfig['key2'], $ilconfig['key3']), TIMESTAMPNOW+31622400, '/', '');
                    setcookie($ilconfig['globalsecurity_cookiename'].'[admin][username]', $ilance->crypt->three_layer_encrypt($_SESSION['ilancedata']['admin']['username'], $ilconfig['key1'], $ilconfig['key2'], $ilconfig['key3']), TIMESTAMPNOW+31622400, '/', '');
                }
                                
                                // remember users last visit and last hit activity
                setcookie($ilconfig['globalsecurity_cookiename'].'[admin][lastvisit]', DATETIME24H, TIMESTAMPNOW+31622400, '/', '');
                setcookie($ilconfig['globalsecurity_cookiename'].'[admin][lastactivity]', DATETIME24H, TIMESTAMPNOW+31622400, '/', '');
                                
                // update admins ip address
                $ilance->db->query("UPDATE ".DB_PREFIX."admin
                SET ipaddress = '".mysql_real_escape_string($_SERVER['REMOTE_ADDR'])."',
                last_login = '".DATETIME24H."'
                WHERE admin_id = '".$user_result['admin_id']."'
                LIMIT 1");
                if (isset($ilance->GPC['redirect']) AND $ilance->GPC['redirect'] != '')
                {
                    refresh($ilance->GPC['redirect']);
                    exit();
                }
                else
                {
                    // redirect to admin dashboard
                    refresh($ilpage['dashboard'], HTTPS_SERVER_ADMIN . $ilpage['dashboard']);
                    exit();
                }
            }
            else if ($user_result['status'] == 'suspended')
            {
                refresh($ilpage['login'].'?error=suspended');   
                exit();
            }
            else
            {
                refresh($ilpage['login'].'?error=1');
                exit();
            }
        }
        else
        {
            if ($ilconfig['globalsecurity_emailonfailedlogins'] == 1)
            {
                $ilance->db->query("INSERT INTO ".DB_PREFIX."failed_logins
                (id, attempted_username, attempted_password, referrer_page, ip_address, datetime_failed)
                VALUES(
                NULL,
                '".mysql_real_escape_string($ilance->GPC['username'])."',
                '".mysql_real_escape_string($ilance->GPC['password'])."',
                '".mysql_real_escape_string(getenv('REFERRER'))."',
                '".mysql_real_escape_string(getenv('REMOTE_ADDR'))."',
                '".DATETIME24H."')");
                
                ######################################
                # ILANCE => EMAIL TEMPLATE ENGINE V1.0
                ######################################
                # GRAB EMAIL: ID=76, NAME=Failed Login Attempt - Admin
                $query1="SELECT ";
                $query1.="subject_".fetch_site_slng().", ";
                $query1.="message_".fetch_site_slng()." ";
                $query1.="FROM ";
                $query1.=DB_PREFIX."email ";
                $query1.="WHERE ";
                $query1.="varname='failed_login_attempt_admin'";
                $runit=$ilance->db->query($query1);
                $rs1=$ilance->db->fetch_array($runit);
                
                $subject=stripslashes(trim($rs1[0]));
                $message=stripslashes(trim($rs1[1]));
                
                $subject=str_replace("{{remote_addr}}", getenv('REMOTE_ADDR'), $subject);
                $subject=str_replace("{{num_attempts}}", $sel_attempts_array['num_attempts'], $subject);
                $subject=str_replace("{{date_time}}", DATETIME24H, $subject);
                $subject=str_replace("{{referrer}}", getenv('REFERRER'), $subject);
                $subject=str_replace("{{username}}", $ilance->GPC['username'], $subject);
                $subject=str_replace("{{password}}", $ilance->GPC['password'], $subject);
                $subject=str_replace("{{site_name}}", SITE_NAME, $subject);
                $subject=str_replace("{{https_server}}", HTTPS_SERVER, $subject);
                $subject=str_replace("{{http_server}}", HTTP_SERVER, $subject);
                $subject=str_replace("{{generate_date}}", apiDate(DATETIME24H, $ilconfig['globalserverlocale_globaltimeformat'], 0, 0), $subject);
                
                $message=str_replace("{{remote_addr}}", getenv('REMOTE_ADDR'), $message);
                $message=str_replace("{{num_attempts}}", $sel_attempts_array['num_attempts'], $message);
                $message=str_replace("{{date_time}}", DATETIME24H, $message);
                $message=str_replace("{{referrer}}", getenv('REFERRER'), $message);
                $message=str_replace("{{username}}", $ilance->GPC['username'], $message);
                $message=str_replace("{{password}}", $ilance->GPC['password'], $message);
                $message=str_replace("{{site_name}}", SITE_NAME, $message);
                $message=str_replace("{{site_title}}", SITE_TITLE, $message);
                $message=str_replace("{{site_email}}", SITE_EMAIL, $message);
                $message=str_replace("{{site_phone}}", SITE_PHONE, $message);
                $message=str_replace("{{site_address}}", SITE_ADDRESS, $message);
                $message=str_replace("{{http_server_admin}}", HTTP_SERVER_ADMIN, $message);
                $message=str_replace("{{https_server_admin}}", HTTPS_SERVER_ADMIN, $message);
                $message=str_replace("{{https_server}}", HTTPS_SERVER, $message);
                $message=str_replace("{{http_server}}", HTTP_SERVER, $message);
                $message=str_replace("{{generate_date}}", apiDate(DATETIME24H, $ilconfig['globalserverlocale_globaltimeformat'], 0, 0), $message);
                $message=str_replace("{{email_id}}", "76", $message);
                api_email(SITE_EMAIL, $subject, $message, SITE_EMAIL);
                refresh($ilpage['login'] . '?error=1', HTTPS_SERVER_ADMIN . $ilpage['login'] . '?error=1');
                exit();
            }
            else
            {
                refresh($ilpage['login'] . '?error=1', HTTPS_SERVER_ADMIN . $ilpage['login'] . '?error=1');
                exit(); 
            }
        }
    }
    else
    {
        refresh($ilpage['login'] . '?error=1', HTTPS_SERVER_ADMIN . $ilpage['login'] . '?error=1');
        exit(); 
    }
}
 
// #### RENEW PASSWORD #########################################################
if (isset($ilance->GPC['cmd']) AND $ilance->GPC['cmd'] == '_pw-renew')
{
    $area_title = $phrase['_request_account_password'];
    $page_title = SITE_NAME.' - '.$phrase['_request_account_password'];
 
    // javascript header includes
    $headinclude .= '
    <script type="text/javascript">
    <!--
    function validatePWR(f)
    {
        haveerrors = 0;
        (f.username.value.length < 1) ? showImage("usernameerror", "'.$ilconfig['template_relativeimagepath'].$ilconfig['template_imagesfolder'].'misc/fieldempty.gif", true) : showImage("usernameerror", "'.$ilconfig['template_relativeimagepath'].$ilconfig['template_imagesfolder'].'misc/blankimage.gif", false);
        (f.phone.value.length < 1) ? showImage("phoneerror", "'.$ilconfig['template_relativeimagepath'].$ilconfig['template_imagesfolder'].'misc/fieldempty.gif", true) : showImage("phoneerror", "'.$ilconfig['template_relativeimagepath'].$ilconfig['template_imagesfolder'].'misc/blankimage.gif", false);
        return (!haveerrors);
    }
    // -->
    </script>
    ';
    
    $ilance->template->load_file('main', 'password_renewal_login.html');
    $ilance->template->parse_hash('main', array('ilpage' => $ilpage));
    $ilance->template->parse_if_blocks('main');
    $ilance->template->pprint('main', array('userid', 'input_style', 'remote_addr', 'rid', 'login_include', 'bgcolor', 'headinclude', 'onload', 'area_title', 'page_title', 'site_name', 'https_server', 'http_server', 'lanceads_header', 'lanceads_footer'));
    exit();
}
else if (isset($ilance->GPC['cmd']) AND $ilance->GPC['cmd'] == '_do-pw-request' 
    AND isset($ilance->GPC['username']))
{
    $username = strip_tags(mysql_real_escape_string($ilance->GPC['username']));
    $phone = strip_tags(mysql_real_escape_string(trim($ilance->GPC['phone'])));
    
    $sql = $ilance->db->query("SELECT email, username, secretquestion, phone FROM ".DB_PREFIX."users
    WHERE username = '".$username."'
    AND phone LIKE ('%".$phone."%')");
    if ($ilance->db->num_rows($sql) > 0)
    {
        $res = $ilance->db->fetch_array($sql);
        $email = $res['email'];
        $secret_question = stripslashes($res['secretquestion']);
        $username = stripslashes($res['username']);
        $area_title = $phrase['_change_account_password_verification'];
        $page_title = SITE_NAME.' - '.$phrase['_change_account_password_verification'];
        $headinclude .= '
        <script type="text/javascript">
        <!--
        function validateSAForm(f)
        {
            haveerrors = 0;
            (f.secretanswer.value.length < 1) ? showImage("secretanswererror", "'.$ilconfig['template_relativeimagepath'].$ilconfig['template_imagesfolder'].'misc/fieldempty.gif", true) : showImage("secretanswererror", "'.$ilconfig['template_relativeimagepath'].$ilconfig['template_imagesfolder'].'misc/blankimage.gif", false);
            return (!haveerrors);
        }
        //-->
        </script>';
        $ilance->template->load_file('main', 'password_change.html');
        $ilance->template->parse_hash('main', array('ilpage' => $ilpage));
        $ilance->template->parse_if_blocks('main');
        $ilance->template->pprint('main', array('username', 'secret_question', 'userid', 'input_style', 'remote_addr', 'rid', 'login_include', 'bgcolor', 'headinclude', 'onload', 'area_title', 'page_title', 'site_name', 'https_server', 'http_server', 'lanceads_header', 'lanceads_footer'));
        exit();
    }
    else
    {
        $area_title = $phrase['_request_account_password_denied'];
        $page_title = SITE_NAME.' - '.$phrase['_request_account_password_denied'];
 
        // javascript header includes
        $headinclude .= '
        <script type="text/javascript">
        <!--
        function validatePWR(f)
        {
            haveerrors = 0;
            (f.username.value.length < 1) ? showImage("usernameerror", "'.$ilconfig['template_relativeimagepath'].$ilconfig['template_imagesfolder'].'misc/fieldempty.gif", true) : showImage("usernameerror", "'.$ilconfig['template_relativeimagepath'].$ilconfig['template_imagesfolder'].'misc/blankimage.gif", false);
            (f.phone.value.length < 1) ? showImage("phoneerror", "'.$ilconfig['template_relativeimagepath'].$ilconfig['template_imagesfolder'].'misc/fieldempty.gif", true) : showImage("phoneerror", "'.$ilconfig['template_relativeimagepath'].$ilconfig['template_imagesfolder'].'misc/blankimage.gif", false);
            return (!haveerrors);
        }
        //-->
        </script>';
        $ilance->template->load_file('main', 'password_renewal_denied.html');
        $ilance->template->parse_hash('main', array('ilpage' => $ilpage));
        $ilance->template->parse_if_blocks('main');
        $ilance->template->pprint('main', array('userid', 'input_style', 'remote_addr', 'rid', 'login_include', 'bgcolor', 'headinclude', 'onload', 'area_title', 'page_title', 'site_name', 'https_server', 'http_server', 'lanceads_header', 'lanceads_footer'));
        exit();
    }
}
else if (isset($ilance->GPC['cmd']) AND $ilance->GPC['cmd'] == 'password-change'
        AND isset($ilance->GPC['secretanswer'])
        AND isset($ilance->GPC['username']))
{
    $secretanswer = strip_tags(mysql_real_escape_string($ilance->GPC['secretanswer']));
    $secretanswermd5 = md5($secretanswer);
    $username = strip_tags(mysql_real_escape_string($ilance->GPC['username']));
    
    $sql = $ilance->db->query("SELECT user_id, secretanswer, email FROM ".DB_PREFIX."users
    WHERE username = '".$username."'
    LIMIT 1");
    if ($ilance->db->num_rows($sql) > 0)
    {
        $res = $ilance->db->fetch_array($sql);
        $email = $res['email'];
        $userid = $res['user_id'];
        $secretanswerdb = stripslashes($res['secretanswer']);
    }
    else
    {
        $area_title = $phrase['_request_account_password_denied'];
        $page_title = SITE_NAME.' - '.$phrase['_request_account_password_denied'];
 
        // javascript header includes
        $headinclude .= '
        <script type="text/javascript">
        <!--
        function validatePWR(f)
        {
            haveerrors = 0;
            (f.username.value.length < 1) ? showImage("usernameerror", "'.$ilconfig['template_relativeimagepath'].$ilconfig['template_imagesfolder'].'misc/fieldempty.gif", true) : showImage("usernameerror", "'.$ilconfig['template_relativeimagepath'].$ilconfig['template_imagesfolder'].'misc/blankimage.gif", false);
            (f.phone.value.length < 1) ? showImage("phoneerror", "'.$ilconfig['template_relativeimagepath'].$ilconfig['template_imagesfolder'].'misc/fieldempty.gif", true) : showImage("phoneerror", "'.$ilconfig['template_relativeimagepath'].$ilconfig['template_imagesfolder'].'misc/blankimage.gif", false);
            return (!haveerrors);
        }
        //-->
        </script>';
        $ilance->template->load_file('main', 'password_renewal_denied.html');
        $ilance->template->parse_hash('main', array('ilpage' => $ilpage));
                $ilance->template->parse_if_blocks('main');
        $ilance->template->pprint('main', array('userid', 'input_style', 'remote_addr', 'rid', 'login_include', 'bgcolor', 'headinclude', 'onload', 'area_title', 'page_title', 'site_name', 'https_server', 'http_server', 'lanceads_header', 'lanceads_footer'));
        exit();
    }
    
    if ($secretanswermd5 == $secretanswerdb)
    {
                $salt = construct_password_salt($length = 5);
        $newpassword = construct_password(8);
        $newpasswordmd5 = md5(md5($newpassword) . $salt);
        
        $ilance->db->query("UPDATE ".DB_PREFIX."users
        SET password = '".mysql_real_escape_string($newpasswordmd5)."',
        salt = '".mysql_real_escape_string($salt)."' 
        WHERE user_id = '".intval($userid)."'
        LIMIT 1");
        
        #######################################
        ## ILANCE => EMAIL TEMPLATE ENGINE V1.0
        #######################################
        ## GRAB EMAIL: ID=84, NAME=Password Recovery Renewed - Customer
        $query1="SELECT ";
        $query1.="subject_".$_SESSION['ilancedata']['user']['slng'].", ";
        $query1.="message_".$_SESSION['ilancedata']['user']['slng']." ";
        $query1.="FROM ";
        $query1.=DB_PREFIX."email ";
        $query1.="WHERE ";
        $query1.="varname='password_renewed'";
        $runit=$ilance->db->query($query1);
        $rs1=$ilance->db->fetch_array($runit);
 
        $subject=stripslashes(trim($rs1[0]));
        $message=stripslashes(trim($rs1[1]));
        
        $subject=str_replace("{{username}}", $username, $subject);
        $subject=str_replace("{{site_name}}", SITE_NAME, $subject);
        $subject=str_replace("{{https_server}}", HTTPS_SERVER, $subject);
        $subject=str_replace("{{http_server}}", HTTP_SERVER, $subject);
        $subject=str_replace("{{generate_date}}", apiDate(DATETIME24H, $ilconfig['globalserverlocale_globaltimeformat'], 0, 0), $subject);
 
        $message=str_replace("{{username}}", $username, $message);
        $message=str_replace("{{password}}", $newpassword, $message);
        $message=str_replace("{{site_name}}", SITE_NAME, $message);
        $message=str_replace("{{site_title}}", SITE_TITLE, $message);
        $message=str_replace("{{site_email}}", SITE_EMAIL, $message);
        $message=str_replace("{{site_phone}}", SITE_PHONE, $message);
        $message=str_replace("{{site_address}}", SITE_ADDRESS, $message);
        $message=str_replace("{{http_server_admin}}", HTTP_SERVER_ADMIN, $message);
        $message=str_replace("{{https_server_admin}}", HTTPS_SERVER_ADMIN, $message);
        $message=str_replace("{{https_server}}", HTTPS_SERVER, $message);
        $message=str_replace("{{http_server}}", HTTP_SERVER, $message);
        $message=str_replace("{{generate_date}}", apiDate(DATETIME24H, $ilconfig['globalserverlocale_globaltimeformat'], 0, 0), $message);
        $message=str_replace("{{email_id}}", "84", $message);
        api_email($email, $subject, $message, SITE_EMAIL);
        $area_title = $phrase['_account_password_renewal_success'];
        $page_title = SITE_NAME.' - '.$phrase['_account_password_renewal_success'];
        print_notice($phrase['_your_account_password_was_changed'], $phrase['_you_have_successfully_renewed_the_password_for_your_online_account'], $ilpage['login'], $phrase['_login_to_your_account']);
        exit();
    }
    else
    {
        $username = strip_tags(mysql_real_escape_string($ilance->GPC['username']));
        $sql = $ilance->db->query("SELECT email FROM ".DB_PREFIX."users
        WHERE username = '".$username."'");
        if ($ilance->db->num_rows($sql) > 0)
        {
            $res = $ilance->db->fetch_array($sql);
            $email = $res['email'];
            $ip = $_SERVER['REMOTE_ADDR'];
            $agent = $_SERVER['HTTP_USER_AGENT'];
            
            #######################################
            ## ILANCE => EMAIL TEMPLATE ENGINE V1.0
            #######################################
            ## GRAB EMAIL: ID=192, NAME=Password Recovery Attempt Denied - Customer
            $query1="SELECT ";
            $query1.="subject_".$_SESSION['ilancedata']['user']['slng'].", ";
            $query1.="message_".$_SESSION['ilancedata']['user']['slng']." ";
            $query1.="FROM ";
            $query1.=DB_PREFIX."email ";
            $query1.="WHERE ";
            $query1.="varname='password_recovery_denied'";
            $runit=$ilance->db->query($query1);
            $rs1=$ilance->db->fetch_array($runit);
            
            $subject=stripslashes(trim($rs1[0]));
            $message=stripslashes(trim($rs1[1]));
            
            $subject=str_replace("{{username}}", $username, $subject);
            $subject=str_replace("{{ipaddress}}", $ip, $subject);
            $subject=str_replace("{{site_name}}", SITE_NAME, $subject);
            $subject=str_replace("{{https_server}}", HTTPS_SERVER, $subject);
            $subject=str_replace("{{http_server}}", HTTP_SERVER, $subject);
            $subject=str_replace("{{generate_date}}", apiDate(DATETIME24H, $ilconfig['globalserverlocale_globaltimeformat'], 0, 0), $subject);
 
            $message=str_replace("{{username}}", $username, $message);
            $message=str_replace("{{ipaddress}}", $ip, $message);
            $message=str_replace("{{agent}}", $agent, $message);
            $message=str_replace("{{site_name}}", SITE_NAME, $message);
            $message=str_replace("{{site_title}}", SITE_TITLE, $message);
            $message=str_replace("{{site_email}}", SITE_EMAIL, $message);
            $message=str_replace("{{site_phone}}", SITE_PHONE, $message);
            $message=str_replace("{{site_address}}", SITE_ADDRESS, $message);
            $message=str_replace("{{http_server_admin}}", HTTP_SERVER_ADMIN, $message);
            $message=str_replace("{{https_server_admin}}", HTTPS_SERVER_ADMIN, $message);
            $message=str_replace("{{https_server}}", HTTPS_SERVER, $message);
            $message=str_replace("{{http_server}}", HTTP_SERVER, $message);
            $message=str_replace("{{generate_date}}", apiDate(DATETIME24H, $ilconfig['globalserverlocale_globaltimeformat'], 0, 0), $message);
            $message=str_replace("{{email_id}}", "192", $message);
            api_email($email, $subject, $message, SITE_EMAIL);
            
            $area_title = $phrase['_request_account_password_denied'];
            $page_title = SITE_NAME.' - '.$phrase['_request_account_password_denied'];
            
            // javascript header includes
            $headinclude .= '
            <script type="text/javascript">
            <!--
            function validatePWR(f)
            {
                haveerrors = 0;
                (f.username.value.length < 1) ? showImage("usernameerror", "'.$ilconfig['template_relativeimagepath'].$ilconfig['template_imagesfolder'].'misc/fieldempty.gif", true) : showImage("usernameerror", "'.$ilconfig['template_relativeimagepath'].$ilconfig['template_imagesfolder'].'misc/blankimage.gif", false);
                (f.phone.value.length < 1) ? showImage("phoneerror", "'.$ilconfig['template_relativeimagepath'].$ilconfig['template_imagesfolder'].'misc/fieldempty.gif", true) : showImage("phoneerror", "'.$ilconfig['template_relativeimagepath'].$ilconfig['template_imagesfolder'].'misc/blankimage.gif", false);
                return (!haveerrors);
            }
            // -->
            </script>';
            $ilance->template->load_file('main', 'password_renewal_denied.html');
            $ilance->template->parse_hash('main', array('ilpage' => $ilpage));
            $ilance->template->parse_if_blocks('main');
            $ilance->template->pprint('main', array('userid', 'input_style', 'remote_addr', 'rid', 'login_include', 'bgcolor', 'headinclude', 'onload', 'area_title', 'page_title', 'site_name', 'https_server', 'http_server', 'lanceads_header', 'lanceads_footer'));
            exit();
        }
        else
        {
            $area_title = $phrase['_request_account_password_denied'];
            $page_title = SITE_NAME.' - '.$phrase['_request_account_password_denied'];
 
            // javascript header includes
            $headinclude .= '
            <script type="text/javascript">
            <!--
            function validatePWR(f)
            {
                haveerrors = 0;
                s(f.username.value.length < 1) ? showImage("usernameerror", "'.$ilconfig['template_relativeimagepath'].$ilconfig['template_imagesfolder'].'misc/fieldempty.gif", true) : showImage("usernameerror", "'.$ilconfig['template_relativeimagepath'].$ilconfig['template_imagesfolder'].'misc/blankimage.gif", false);
                (f.phone.value.length < 1) ? showImage("phoneerror", "'.$ilconfig['template_relativeimagepath'].$ilconfig['template_imagesfolder'].'misc/fieldempty.gif", true) : showImage("phoneerror", "'.$ilconfig['template_relativeimagepath'].$ilconfig['template_imagesfolder'].'misc/blankimage.gif", false);
                return (!haveerrors);
            }
            // -->
            </script>';
            $ilance->template->load_file('main', 'password_renewal_denied.html');
            $ilance->template->parse_hash('main', array('ilpage' => $ilpage));
            $ilance->template->parse_if_blocks('main');
            $ilance->template->pprint('main', array('userid', 'input_style', 'remote_addr', 'rid', 'login_include', 'bgcolor', 'headinclude', 'onload', 'area_title', 'page_title', 'site_name', 'https_server', 'http_server', 'lanceads_header', 'lanceads_footer'));
            exit();
        }
    }
}
else
{
    if(empty($_COOKIE['ilancedata']['username']))
        $onload='document.login.username.focus();';
    else
        $onload='document.login.password.focus();';
        
    if (!empty($_SESSION['ilancedata']['user']['userid']) AND $_SESSION['ilancedata']['user']['userid'] > 0)
    {
        $area_title = $phrase['_already_logged_in_menu'];
        $page_title = SITE_NAME.' - '.$phrase['_already_logged_in_menu'];
        refresh($ilpage['main']);
        exit();
    }
    else
    {
        $area_title = $phrase['_login_area_menu'];
        $page_title = SITE_NAME.' - '.$phrase['_login_area_menu'];
        if (!empty($_COOKIE[$ilconfig['globalsecurity_cookiename']]['rid']))
        {
            $rid = trim($_COOKIE[$ilconfig['globalsecurity_cookiename']]['rid']);
        }
        
        $user_cookie = '';
        if (!empty($_COOKIE[$ilconfig['globalsecurity_cookiename']]['username']))
        {
            $user_cookie = $ilance->crypt->three_layer_decrypt($_COOKIE[$ilconfig['globalsecurity_cookiename']]['username'], $ilconfig['key1'], $ilconfig['key2'], $ilconfig['key3']);
        }
        $ilance->template->load_file('main', 'login.html');
        $ilance->template->parse_hash('main', array('ilpage' => $ilpage));
        $ilance->template->parse_if_blocks('main');
        $ilance->template->pprint('main', array('remember_checked', 'formid', 'input_style', 'redirect', 'referer', 'securekey_hidden', 'rid', 'login', 'user_cookie', 'enter_username', 'enter_password', 'buyer_login', 'seller_login', 'clientip', 'rem_cookies', 'how_t', 'in_y', 'place_bids', 'register_as_provider', 'register_as_buyer', 'retreive_password', 'login_include', 'headinclude', 'onload', 'area_title', 'page_title', 'site_name', 'https_server', 'http_server', 'lanceads_header', 'lanceads_footer'));
        exit();
    }
}
?>
josh
DevNet Master
Posts: 4872
Joined: Wed Feb 11, 2004 3:23 pm
Location: Palm beach, Florida

Re: what to look for?

Post by josh »

Are our forums borked?
esmarts
Forum Newbie
Posts: 14
Joined: Fri Aug 08, 2008 10:05 pm

Re: what to look for?

Post by esmarts »

LOL sry about that guys, I don't know why it did that!

But the questions are still there for the taking.. lol
User avatar
requinix
Spammer :|
Posts: 6617
Joined: Wed Oct 15, 2008 2:35 am
Location: WA, USA

Re: what to look for?

Post by requinix »

Turn on error_reporting as high as it goes, make sure display_errors is on, and hope for an error message?

It'd probably be something like an undefined variable or a headers already sent.
Post Reply