query('SELECT id, username, password, save_pass, status FROM '.$db->prefix.'users WHERE username=\''.addslashes($username).'\'') or error('Unable to fetch user info', __FILE__, __LINE__, $db->error());
list($user_id, $correct_username, $correct_password, $save_pass, $status) = $db->fetch_row($result);
if ($correct_password == NULL || $correct_password != md5($password))
message($lang_login['Wrong user/pass'].' '.$lang_login['Forgotten pass'].'');
// Update the status if this is the first time the user logged in
if ($status == -1)
$db->query('UPDATE '.$db->prefix.'users SET status=0 WHERE id='.$user_id) or error('Unable to update user status', __FILE__, __LINE__, $db->error());
$expire = ($save_pass == '1') ? time() + 31536000 : 0;
if (isset($_COOKIE['punbb_cookie']))
{
list(, , $last_action, $last_timeout) = unserialize(un_escape($_COOKIE['punbb_cookie']));
setcookie('punbb_cookie', serialize(array($correct_username, $correct_password, $last_action, $last_timeout)), $expire, $cookie_path, $cookie_domain, $cookie_secure);
}
else
{
$now = time();
setcookie('punbb_cookie', serialize(array($correct_username, $correct_password, $now, $now)), $expire, $cookie_path, $cookie_domain, $cookie_secure);
}
redirect($_POST['redirect_url'], $lang_login['Login redirect']);
}
else if ($action == 'out')
{
if ($cookie['is_guest'])
header('Location: index.php');
// Remove user from "users online" list.
$db->query('DELETE FROM '.$db->prefix.'online WHERE ident=\''.addslashes($cookie['username']).'\'') or error('Unable to delete from online list', __FILE__, __LINE__, $db->error());
// Remove any left over search results
$db->query('DELETE FROM '.$db->prefix.'search_results WHERE ident=\''.addslashes($cookie['username']).'\'') or error('Unable to delete search results', __FILE__, __LINE__, $db->error());
list(, , $last_action, $last_timeout) = unserialize(un_escape($_COOKIE['punbb_cookie']));
setcookie('punbb_cookie', serialize(array('Guest', 'Guest', $last_action, $last_timeout)), time() + 31536000, $cookie_path, $cookie_domain, $cookie_secure);
redirect('index.php', $lang_login['Logout redirect']);
}
else if ($action == 'forget' || $action == 'forget_2')
{
if (isset($_POST['form_sent']))
{
require 'include/email.php';
// Validate the email-address
$email = strtolower(trim($_POST['req_email']));
if (!is_valid_email($email))
message($lang_common['Invalid e-mail']);
$result = $db->query('SELECT id, username FROM '.$db->prefix.'users WHERE email=\''.escape($email).'\'') or error('Unable to fetch user info', __FILE__, __LINE__, $db->error());
if ($db->num_rows($result))
{
// Loop through users we found
while ($cur_hit = $db->fetch_assoc($result))
{
$new_password = random_pass(8);
$new_password_key = random_pass(8);
$db->query('UPDATE '.$db->prefix.'users SET activate_string=\''.md5($new_password).'\', activate_key=\''.$new_password_key.'\' WHERE id='.$cur_hit['id']) or error('Unable to update activation data', __FILE__, __LINE__, $db->error());
$mail_subject = $lang_login['Forget mail 1'];
$mail_message = $lang_login['Forget mail 2'].' '.$cur_hit['username'].','."\r\r\n\n".$lang_login['Forget mail 3'].' '.$options['base_url'].'/. '.$lang_login['Forget mail 4']."\r\r\n\n".$lang_login['Forget mail 5']."\r\n".$options['base_url'].'/profile.php?id='.$cur_hit['id'].'&action=change_pass&key='.$new_password_key."\r\r\n\n".$lang_login['Forget mail 6'].' '.$new_password."\r\r\n\n".'/Forum Mailer'."\r\n".'('.$lang_login['Forget mail 7'].')';
$mail_extra = 'From: '.$options['board_title'].' Mailer <'.$options['webmaster_email'].'>';
pun_mail($email, $mail_subject, $mail_message, $mail_extra);
}
message($lang_login['Forget mail 8'].' '.$email.' '.$lang_login['Forget mail 9'].' '.$options['admin_email'].'.');
}
else
message($lang_login['No e-mail match'].' '.$email.'.');
}
else
{
$page_title = htmlspecialchars($options['board_title']).' / '.$lang_login['Request pass'];
$validate_form = true;
$form_name = 'request_pass';
$focus_element = 'req_email';
require 'header.php';
?>