Contributions by Keith Gable This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. In addition to being restricted by the GNU General Public License, Essence Engine may not be sold, rented, sublicensed, or leased; you are not permitted to generate revenue with the Essence Engine source code. You may, however, use Essence Engine to run a website that generates revenue via other means. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA $Id$ */ // Login processor // Logs in the user include("mainheader.php"); // Check if both informations are included, and form was submitted if ($_POST["submitlogin"]) { if ($_POST["loginuser"] && $_POST["loginpass"]) { $username = mysql_escape_string(strtolower($_POST["loginuser"])); $password = md5($_POST["loginpass"]); // Check database $result = mysql_query("SELECT * FROM users WHERE username='$username'", $db); if ($userinfo = mysql_fetch_array($result)) { if ($password == $userinfo["password"]) { if ($userinfo["usertype"] == 0) { //no sysmsg("Your account has been disabled. Please contact an Administrator for more information."); } elseif ($userinfo["usertype"] == 1) { if ($_POST["confirm"]) { if (md5($username . $password . "exorealm76785") == $_POST["confirm"]) { $result = mysql_query("UPDATE users SET usertype=2 WHERE username='$username'", $db); if (mysql_errno()) { sysmsg("There was an error activating your account, please try again."); } else { $dologin = true; $toindex = true; sysmsg("Your account has been activated! Welcome to the Realm!"); } } else { $toindex = true; sysmsg("Invalid activation key. Please try registering again or contact an Administrator."); } } else { sysmsg("Your account has not been activated yet. Please check your e-mail, or contact an Administrator."); } } else { $dologin = true; } if ($dologin) { // User OK, set up session variables $_SESSION["loggedin"] = true; $_SESSION["username"] = $userinfo["username"]; // If "Stay logged in" is checked, set a cookie. if ($_POST["staylogin"]) { setcookie("er41loggedin",md5($username . $password),time() + 60*60*24*30); sysmsg("Your login will be remembered on this computer for the next 30 days."); } } } else sysmsg("Wrong password given for the \"" . safetext($_POST["loginuser"]) . "\" account. Please try again."); } else sysmsg("No such user: \"" . safetext($_POST["loginuser"]) . "\". Please register for an account, or try again."); } else sysmsg("You must supply both a Username and Password to log in. Please try again."); } if ($_SESSION["loggedin"] || $_SESSION["sysmsgs"]) { // Redirect back to page the user logged in from if possible if ((!$toindex) && ($_SERVER["HTTP_REFERER"] && (strpos($_SERVER["HTTP_REFERER"],"login") === false))) header("Location: " . $_SERVER["HTTP_REFERER"]); else sendlocation("index.php"); exit; } // Still going? Then show form for login $pagetitle = "Login"; include("themeheader.php"); ?>