<?php
///////////////////////////////////////////////////////////////////////////////////////////////////////////
// Sitelok (Password Version) V2.50 //
///////////////////////////////////////////////////////////////////////////////////////////////////////////
error_reporting (E_ALL ^ E_NOTICE);
if (!empty($_GET)) while(list($name, $value) = each($_GET)) $$name = $value;
if (!empty($_POST)) while(list($name, $value) = each($_POST)) $$name = $value;
require_once("getconfig.php");
if ($sitelokaction=="modifyprofile")
require_once("sitelokapi.php");
// Don't change message text here. Change the settings in slconfig.php if necessary
if (!defined('MSG_ACCDEN'))
define("MSG_ACCDEN","Access Denied");
if (!defined('MSG_DBPROB'))
define("MSG_DBPROB","There was a database problem");
if (!defined('MSG_WRONGGROUP'))
define("MSG_WRONGGROUP","Your membership does not allow access to this page");
if (!defined('MSG_EXPIRED'))
define("MSG_EXPIRED","Access to this page is blocked because your membership has expired");
if (!defined('MSG_ACCESSFILE'))
define("MSG_ACCESSFILE","You are not allowed access to this file");
if (!defined('MSG_FILEOPEN'))
define("MSG_FILEOPEN","Sitelok could not open the file");
if (!defined('MSG_DOWNEXP'))
define("MSG_DOWNEXP","Sorry but this download link has expired");
if (!defined('MSG_TURING1'))
define("MSG_TURING1","Turing code did not match");
if (!defined('MSG_PASSEMAIL'))
define("MSG_PASSEMAIL","Your login details have been emailed to you");
if (!defined('MSG_NOMATCH'))
define("MSG_NOMATCH","No match for username or email");
if (!defined('MSG_AUTHFAIL'))
define("MSG_AUTHFAIL","Authentication failed");
if (!defined('MSG_DISABLED'))
define("MSG_DISABLED","Access is currently disabled");
if (!defined('MSG_ACCESSLOC'))
define("MSG_ACCESSLOC","Access not allowed from this location");
if (!defined('MSG_SESSEXP'))
define("MSG_SESSEXP","Session has expired");
if (!defined('MSG_INACTEXP'))
define("MSG_INACTEXP","Session was inactive and expired");
if (!defined('MSG_ENTERUSER'))
define("MSG_ENTERUSER","Please enter your username");
if (!defined('MSG_ENTERPASS'))
define("MSG_ENTERPASS","Please enter your password");
if (!defined('MSG_ENTERTURING'))
define("MSG_ENTERTURING","Please enter the displayed turing code");
if (!defined('MSG_FORGOT1'))
define("MSG_FORGOT1","Please enter your username or email address and the display Turing code");
if (!defined('MSG_FORGOT2'))
define("MSG_FORGOT2","Please enter your username or email address");
if (!defined('MSG_PASS5'))
define("MSG_PASS5","Password must be at least 5 characters long");
if (!defined('MSG_PASSNG'))
define("MSG_PASSNG","Password contains invalid characters");
if (!defined('MSG_PASSVER'))
define("MSG_PASSVER","Verify password does not match");
if (!defined('MSG_ENTERNAME'))
define("MSG_ENTERNAME","Please enter your name");
if (!defined('MSG_ENTEREMAIL'))
define("MSG_ENTEREMAIL","Please enter your valid email address");
if (!defined('MSG_USERNG'))
define("MSG_USERNG","Username contains invalid characters");
if (!defined('MSG_EMAILNG'))
define("MSG_EMAILNG","Email address is not valid");
if (!defined('MSG_PROFUPDATED'))
define("MSG_PROFUPDATED","Your profile has been updated");
if (!defined('MSG_PROFPROBLEM'))
define("MSG_PROFPROBLEM","An error occurred and your profile was NOT updated");
if (!defined('MSG_USEREXISTS'))
define("MSG_USEREXISTS","Sorry this username already exists");
if (!defined('MSG_UPLOADERROR'))
define("MSG_UPLOADERROR","File upload failed");
if (!defined('MSG_UPLOADTYPE'))
define("MSG_UPLOADTYPE","Files of this type cannot be uploaded");
$found=false;
if (!empty($_REQUEST))
{
reset($_REQUEST);
while(list($namepair, $valuepair) = each($_REQUEST))
{
$namepair=strtolower($namepair);
if ($namepair=="dbpassword") $found=true;
if ($namepair=="thispage") $found=true;
if ($namepair=="sitelokloginkey") $found=true;
if ($namepair=="groupswithaccess") $found=true;
if ($namepair=="userswithaccess") $found=true;
if ($namepair=="maxsessiontime") $found=true;
if ($namepair=="maxinactivitytime") $found=true;
if ($namepair=="filelocation") $found=true;
if ($namepair=="expiredpage") $found=true;
if ($namepair=="wronggrouppage") $found=true;
if ($namepair=="noaccesspage") $found=true;
if ($namepair=="loginpage") $found=true;
if ($namepair=="messagepage") $found=true;
if ($namepair=="logoutpage") $found=true;
if ($namepair=="allowexpireduser") $found=true;
if ($namepair=="startpage") $found=true;
if ($namepair=="dbupdate") $found=true;
if ($namepair=="demomode") $found=true;
if ($namepair=="allowsearchengine") $found=true;
if ($namepair=="searchenginegroup") $found=true;
}
}
if ($found)
{
sl_ShowMessage($MessagePage,MSG_ACCDEN);
exit;
}
$thispage=$_SERVER['PHP_SELF'];
// Trim username and password
if (isset($username))
$username=trim($username);
if (isset($password))
$password=trim($password);
// See if page has requested an override for a setting
if (isset($loginpage))
$LoginPage=$loginpage;
if (isset($expiredpage))
$ExpiredPage=$expiredpage;
if (isset($wronggrouppage))
$WrongGroupPage=$wronggrouppage;
if (isset($noaccesspage))
$NoAccessPage=$noaccesspage;
if (isset($logoutpage))
$LogoutPage=$logoutpage;
if (isset($messagepage))
$MessagePage=$messagepage;
if (isset($maxsessiontime))
$MaxSessionTime=$maxsessiontime;
if (isset($maxinactivitytime))
$MaxInactivityTime=$maxinactivitytime;
if (isset($filelocation))
$FileLocation=$filelocation;
if (!isset($RedirectAfterLogin))
$RedirectAfterLogin=1;
if (!isset($startpage))
{
$startpage=$thispage;
if ($_SERVER['REQUEST_URI']!="")
$startpage=$_SERVER['REQUEST_URI'];
else
{
if ($_SERVER['SCRIPT_NAME']!="")
{
$startpage=$_SERVER['SCRIPT_NAME'];
if ($_SERVER['QUERY_STRING']!="")
$startpage=$startpage."?".$_SERVER['QUERY_STRING'];
}
}
$startpageoveridden=false;
}
else
$startpageoveridden=true;
if (isset($allowsearchengine))
$AllowSearchEngine=$allowsearchengine;
if (isset($searchenginegroup))
$SearchEngineGroup=$searchenginegroup;
if (isset($searchenginepublicaccess))
$SearchEnginePublicAccess=$searchenginepublicaccess;
$PHPSESSID="";
if (!isset($loginredirect))
$loginredirect=0;
// Detect and authenticate search engine access if required
$slsearchengine=false;
$slsearchenginebot="";
if (($AllowSearchEngine) && ($groupswithaccess!="ADMIN") && ($groupswithaccess!="DEMOADMIN"))
{
// Check that group is allowed first
$segroupallowed=false;
$sumg=explode(",",$SearchEngineGroup);
$aug=explode(",",$groupswithaccess);
for ($k=0;$k<count($aug);$k++)
{
for ($j=0;$j<count($sumg);$j++)
{
if (($aug[$k]=="ALL") || ($aug[$k]==""))
$segroupallowed=true;
if ($sumg[$j]=="ALL")
$segroupallowed=true;
if ($sumg[$j]==$aug[$k])
$segroupallowed=true;
}
}
if ($userswithaccess!="")
{
$seuwa=explode(",",$userswithaccess);
if (!in_array("searchenginebot",$seuwa))
$segroupallowed=false;
}
if (($segroupallowed) || (in_array("PUBLIC",$aug)))
{
$botname=sl_issearchengine($_SERVER['REMOTE_ADDR'],$_SERVER['HTTP_USER_AGENT']);
if ($botname!="")
{
$slsearchengine=true;
$slsearchenginebot=$botname;
$slusername="searchenginebot";
$slpassword="";
$slpasswordclue="";
$slpasswordhash="";
$slname="Search Engine";
$slusergroups=$SearchEngineGroup;
$slcustom1="";
$slcustom2="";
$slcustom3="";
$slcustom4="";
$slcustom5="";
$slcustom6="";
$slcustom7="";
$slcustom8="";
$slcustom9="";
$slcustom10="";
$slcustom11="";
$slcustom12="";
$slcustom13="";
$slcustom14="";
$slcustom15="";
$slcustom16="";
$slcustom17="";
$slcustom18="";
$slcustom19="";
$slcustom20="";
$slcustom21="";
$slcustom22="";
$slcustom23="";
$slcustom24="";
$slcustom25="";
$slcustom26="";
$slcustom27="";
$slcustom28="";
$slcustom29="";
$slcustom30="";
$slcustom31="";
$slcustom32="";
$slcustom33="";
$slcustom34="";
$slcustom35="";
$slcustom36="";
$slcustom37="";
$slcustom38="";
$slcustom39="";
$slcustom40="";
$slcustom41="";
$slcustom42="";
$slcustom43="";
$slcustom44="";
$slcustom45="";
$slcustom46="";
$slcustom47="";
$slcustom48="";
$slcustom49="";
$slcustom50="";
$slfirstname="Search";
$sllastname="Engine";
$slemail=$SiteEmail;
$slstarttime=time();
$slaccesstime=time();
$slcreated=time();
$sljustloggedin=false;
$slpublicaccess=false;
$slordercustom="";
$sumg=explode(",",$SearchEngineGroup);
for ($k=0;$k<count($sumg);$k++)
{
$slgroupname[]=$sumg[$k];
if ($GroupNames[$sumg[$k]]!="")
$slgroupdesc[]=$GroupNames[$sumg[$k]];
else
$slgroupdesc[]=$sumg[$k]." members area";
$slgroupexpiry[]="Unlimited";
$slgroupexpiryts[]=0;
$slgroupexpirytsbyname[$sumg[$k]]=0;
$slgroupexpirybyname[$sumg[$k]]="Unlimited";
}
$slpublicaccess=false;
if (in_array("PUBLIC",$aug))
{
if ((in_array("PUBLIC",$aug)) && (!$segroupallowed))
$slpublicaccess=true;
if ($groupswithaccess=="PUBLIC")
$slpublicaccess=false;
}
}
}
}
// End of search engine detection
if ($slsearchengine==false)
{
// See if username and login saved in client cookie
$sitelokcookie=$_COOKIE['SITELOKPW'.$SessionName];
$slcookieusername="";
$slcookiepassword="";
$slcookielogin="";
if ($_SESSION['ses_sljustloggedin']==true)
{
$sljustloggedin=true;
$_SESSION['ses_sljustloggedin']=false;
}
else
$sljustloggedin=false;
if ($sitelokcookie!="")
{
$sitelokcookie=base64_decode($sitelokcookie);
$slcookieusername=strtok($sitelokcookie,"|");
$slcookiepassword=strtok("|");
$slcookielogin=strtok("|");
}
/*
// If downloading file then the session_cache_limiter is required because of a bug in IE when using SSL
if ((isset($_REQUEST['sldownload'])) || ($_REQUEST['act']=="exportselected") || ($_REQUEST['logmanageact']=="export"))
session_cache_limiter('public');
if ($SessionName!="")
session_name($SessionName);
session_start();
*/
$sitelokloginkey=$_SESSION['ses_slloginkey'];
// If $groupswithaccess is not set then make it ALL
if ((!isset($groupswithaccess)) || ($groupswithaccess==""))
$groupswithaccess="ALL";
// See if page has public access
$gwa=explode(",",$groupswithaccess);
$i=array_search("PUBLIC",$gwa);
if (is_integer($i))
{
$publicaccess=true;
unset($gwa[$i]);
$groupswithaccess=implode(",",$gwa);
}
else
$publicaccess=false;
$PHPSESSID=$_COOKIE['PHPSESSID'];
if (($slcookielogin=="2") && ($LoginType=="NORMAL") && ($CookieLogin==2))
{
$username=$slcookieusername;
$password=$slcookiepassword;
}
if (($sitelokloginkey!="LOGGEDIN") && ($sitelokhash=="") && ($password=="") && ($publicaccess==false) && ($forgotpassword!="forgotten-it"))
{
if ($NoAccessPage!="")
{
if ((strtolower(substr($NoAccessPage,0,7))=="http://") || (strtolower(substr($NoAccessPage,0,8))=="https://"))
header("Location: ".$NoAccessPage);
else
include $NoAccessPage;
exit;
}
// We need to send login page to browser unless we are doing download. In this case show warning.
if ((isset($_REQUEST['sldownload'])) || ($_REQUEST['act']=="exportselected") || ($_REQUEST['logmanageact']=="export"))
{
sl_ShowMessage($MessagePage,"Please login to access this file.\n");
}
else
{
$sitelokloginkey=DisplayLoginPage($LoginPage,$LoginType,"");
}
exit;
}
if (($sitelokloginkey!="LOGGEDIN") && ($forgotpassword=="forgotten-it"))
{
// Check Turing code if required
if ($TuringLogin==1)
{
$turingmatch=false;
if ((strtolower($_SESSION['ses_slturingcode'])==strtolower(trim($turing))) && ($_SESSION['ses_slturingcode']!=""))
{
$turingmatch=true;
$_SESSION['ses_slturingcode']="";
}
else if ((strtolower($_SESSION['ses_slpreviousturingcode'])==strtolower(trim($turing))) && ($_SESSION['ses_slpreviousturingcode']!=""))
{
$turingmatch=true;
$_SESSION['ses_slpreviousturingcode']="";
}
if (!$turingmatch)
{
$sitelokloginkey=DisplayLoginPage($LoginPage,$LoginType,MSG_TURING1);
exit;
}
}
// User forgot password so try to match username with username or email address in database
$mysql_link=mysql_connect($DbHost,$DbUser,$DbPassword);
if ($mysql_link==0)
{
$sitelokloginkey=DisplayLoginPage($LoginPage,$LoginType,MSG_DBPROB);
exit;
}
$db=mysql_select_db($DbName,$mysql_link);
if ($db==False)
{
mysql_close($mysql_link);
$sitelokloginkey=DisplayLoginPage($LoginPage,$LoginType,MSG_DBPROB);
exit;
}
$sqlquery="SELECT * FROM ".$DbTableName." WHERE ".$UsernameField."=".sl_quote_smart($username)." OR ".$EmailField."=".sl_quote_smart($username);
$mysql_result=mysql_query($sqlquery,$mysql_link);
$row=mysql_fetch_array($mysql_result,MYSQL_ASSOC);
if ($row!=False)
{
$fus=$row[$UsernameField];
$fpw=$row[$PasswordField];
$fnm=$row[$NameField];
$fem=$row[$EmailField];
$fug=$row[$UsergroupsField];
$fcu1=$row[$Custom1Field];
$fcu2=$row[$Custom2Field];
$fcu3=$row[$Custom3Field];
$fcu4=$row[$Custom4Field];
$fcu5=$row[$Custom5Field];
$fcu6=$row[$Custom6Field];
$fcu7=$row[$Custom7Field];
$fcu8=$row[$Custom8Field];
$fcu9=$row[$Custom9Field];
$fcu10=$row[$Custom10Field];
$fcu11=$row[$Custom11Field];
$fcu12=$row[$Custom12Field];
$fcu13=$row[$Custom13Field];
$fcu14=$row[$Custom14Field];
$fcu15=$row[$Custom15Field];
$fcu16=$row[$Custom16Field];
$fcu17=$row[$Custom17Field];
$fcu18=$row[$Custom18Field];
$fcu19=$row[$Custom19Field];
$fcu20=$row[$Custom20Field];
$fcu21=$row[$Custom21Field];
$fcu22=$row[$Custom22Field];
$fcu23=$row[$Custom23Field];
$fcu24=$row[$Custom24Field];
$fcu25=$row[$Custom25Field];
$fcu26=$row[$Custom26Field];
$fcu27=$row[$Custom27Field];
$fcu28=$row[$Custom28Field];
$fcu29=$row[$Custom29Field];
$fcu30=$row[$Custom30Field];
$fcu31=$row[$Custom31Field];
$fcu32=$row[$Custom32Field];
$fcu33=$row[$Custom33Field];
$fcu34=$row[$Custom34Field];
$fcu35=$row[$Custom35Field];
$fcu36=$row[$Custom36Field];
$fcu37=$row[$Custom37Field];
$fcu38=$row[$Custom38Field];
$fcu39=$row[$Custom39Field];
$fcu40=$row[$Custom40Field];
$fcu41=$row[$Custom41Field];
$fcu42=$row[$Custom42Field];
$fcu43=$row[$Custom43Field];
$fcu44=$row[$Custom44Field];
$fcu45=$row[$Custom45Field];
$fcu46=$row[$Custom46Field];
$fcu47=$row[$Custom47Field];
$fcu48=$row[$Custom48Field];
$fcu49=$row[$Custom49Field];
$fcu50=$row[$Custom50Field];
// mysql_close($mysql_link);
if ($MD5passwords!=true)
{
if ($ForgottenEmail!="")
{
sl_ReadEmailTemplate($ForgottenEmail,$subject,$mailBody,$htmlformat);
}
else
{
$subject=$SiteName." login details";
$mailBody= "Your login details for $SiteName are as follows:-\n\n";
$mailBody.="Username: ".$fus."\n";
$mailBody.="Password: ".$fpw."\n\n";
$mailBody.="If you have any further problems please email us at ".$SiteEmail.".\n";
$htmlformat="";
}
sl_SendEmail($fem,$mailBody,$subject,$htmlformat,$fus,$fpw,$fnm,$fem,$fug,$fcu1,$fcu2,$fcu3,$fcu4,$fcu5,$fcu6,$fcu7,$fcu8,$fcu9,$fcu10,
$fcu11,$fcu12,$fcu13,$fcu14,$fcu15,$fcu16,$fcu17,$fcu18,$fcu19,$fcu20,$fcu21,$fcu22,$fcu23,$fcu24,$fcu25,$fcu26,$fcu27,$fcu28,$fcu29,$fcu30,
$fcu31,$fcu32,$fcu33,$fcu34,$fcu35,$fcu36,$fcu37,$fcu38,$fcu39,$fcu40,$fcu41,$fcu42,$fcu43,$fcu44,$fcu45,$fcu46,$fcu47,$fcu48,$fcu49,$fcu50);
$sitelokloginkey=DisplayLoginPage($LoginPage,$LoginType,MSG_PASSEMAIL);
if (substr($LogDetails,2,1)=="Y")
sl_AddToLog("Password Requested",$username,"User forgot password");
}
else
{
if ($ForgottenEmail!="")
{
sl_ReadEmailTemplate($ForgottenEmail,$subject,$mailBody,$htmlformat);
}
else
{
$newpw=sl_CreatePassword($RandomPasswordMask);
if ($SitelokLocationURL!="")
$slpwURL=$SitelokLocationURL;
else
$slpwURL="http://".$_SERVER['HTTP_HOST']."/slpw/";
$newpwhash=md5($SiteKey."3".$fus.md5($fpw.$SiteKey).$newpw);
$newpwauth="3,".$fus.",".md5($fpw.$SiteKey).",".$newpw.",".$newpwhash;
$newpwauth = base64_encode($newpwauth);
$newpwauth = rawurlencode($newpwauth);
$subject=$SiteName." login details";
$mailBody ="<html>\n";
$mailBody.="<head>\n";
$mailBody.="<title>Login details</title>\n";
$mailBody.="</head>\n";
$mailBody.="<body>\n";
$mailBody.="Login details for $SiteName. To activate your new password please click the link below.<br>\n";
$mailBody.="<br>\n";
$mailBody.="Username: ".$fus."<br>\n";
$mailBody.="Password: ".$newpw."<br><br>\n";
$mailBody.="<a href=\"".$slpwURL."linkprocess.php?auth=".$newpwauth."\">Activate Now</a><br><br>\n";
$mailBody.="If you have any further questions or problems please email us at <a href=\"mailto:".$SiteEmail."\">".$SiteEmail."</a>.<br>\n";
$mailBody.="</body>\n";
$mailBody.="</html>\n";
$htmlformat="Y";
}
sl_SendEmail($fem,$mailBody,$subject,$htmlformat,$fus,$fpw,$fnm,$fem,$fug,$fcu1,$fcu2,$fcu3,$fcu4,$fcu5,$fcu6,$fcu7,$fcu8,$fcu9,$fcu10,
$fcu11,$fcu12,$fcu13,$fcu14,$fcu15,$fcu16,$fcu17,$fcu18,$fcu19,$fcu20,$fcu21,$fcu22,$fcu23,$fcu24,$fcu25,$fcu26,$fcu27,$fcu28,$fcu29,$fcu30,
$fcu31,$fcu32,$fcu33,$fcu34,$fcu35,$fcu36,$fcu37,$fcu38,$fcu39,$fcu40,$fcu41,$fcu42,$fcu43,$fcu44,$fcu45,$fcu46,$fcu47,$fcu48,$fcu49,$fcu50);
$sitelokloginkey=DisplayLoginPage($LoginPage,$LoginType,MSG_PASSEMAIL);
if (substr($LogDetails,2,1)=="Y")
sl_AddToLog("Password Requested",$username,"User forgot password");
}
}
else
{
$sitelokloginkey=DisplayLoginPage($LoginPage,$LoginType,MSG_NOMATCH);
}
exit;
}
if (($sitelokloginkey!="LOGGEDIN") && ($username!=""))
{
$slpublicaccess=true;
// Clear stored Login Key to stop second attempt with same key
$_SESSION['ses_slloginkey']="";
// Check Turing code if required
if ($TuringLogin==1)
{
$turingmatch=false;
if ((strtolower($_SESSION['ses_slturingcode'])==strtolower(trim($turing))) && ($_SESSION['ses_slturingcode']!=""))
{
$turingmatch=true;
$_SESSION['ses_slturingcode']="";
}
else if ((strtolower($_SESSION['ses_slpreviousturingcode'])==strtolower(trim($turing))) && ($_SESSION['ses_slpreviousturingcode']!=""))
{
$turingmatch=true;
$_SESSION['ses_slpreviousturingcode']="";
}
if (!$turingmatch)
{
$sitelokloginkey=DisplayLoginPage($LoginPage,$LoginType,MSG_TURING1);
exit;
}
}
// First lookup username and get details
$mysql_link=mysql_connect($DbHost,$DbUser,$DbPassword);
if ($mysql_link==0)
{
$sitelokloginkey=DisplayLoginPage($LoginPage,$LoginType,MSG_DBPROB);
exit;
}
$db=mysql_select_db($DbName,$mysql_link);
if ($db==False)
{
mysql_close($mysql_link);
$sitelokloginkey=DisplayLoginPage($LoginPage,$LoginType,MSG_DBPROB);
exit;
}
$query="SELECT * FROM ".$DbTableName." WHERE ".$UsernameField."=".sl_quote_smart($username);
$mysql_result=mysql_query($query,$mysql_link);
if (!$row=mysql_fetch_array($mysql_result,MYSQL_ASSOC))
{
// mysql_close($mysql_link);
if ($slcookielogin=="2")
setcookie("SITELOKPW".$SessionName,"",time()-86400,"/","");
$sitelokloginkey=DisplayLoginPage($LoginPage,$LoginType,MSG_AUTHFAIL);
if (substr($LogDetails,1,1)=="Y")
sl_AddToLog("Login Problem",$username,"Username does not exist");
exit;
}
$created=$row[$CreatedField];
$username=$row[$UsernameField];
$Passphrase=$row[$PasswordField];
$Name=$row[$NameField];
$Enabled=$row[$EnabledField];
$Email=$row[$EmailField];
$Usergroups=$row[$UsergroupsField];
$Custom1=$row[$Custom1Field];
$Custom2=$row[$Custom2Field];
$Custom3=$row[$Custom3Field];
$Custom4=$row[$Custom4Field];
$Custom5=$row[$Custom5Field];
$Custom6=$row[$Custom6Field];
$Custom7=$row[$Custom7Field];
$Custom8=$row[$Custom8Field];
$Custom9=$row[$Custom9Field];
$Custom10=$row[$Custom10Field];
$Custom11=$row[$Custom11Field];
$Custom12=$row[$Custom12Field];
$Custom13=$row[$Custom13Field];
$Custom14=$row[$Custom14Field];
$Custom15=$row[$Custom15Field];
$Custom16=$row[$Custom16Field];
$Custom17=$row[$Custom17Field];
$Custom18=$row[$Custom18Field];
$Custom19=$row[$Custom19Field];
$Custom20=$row[$Custom20Field];
$Custom21=$row[$Custom21Field];
$Custom22=$row[$Custom22Field];
$Custom23=$row[$Custom23Field];
$Custom24=$row[$Custom24Field];
$Custom25=$row[$Custom25Field];
$Custom26=$row[$Custom26Field];
$Custom27=$row[$Custom27Field];
$Custom28=$row[$Custom28Field];
$Custom29=$row[$Custom29Field];
$Custom30=$row[$Custom30Field];
$Custom31=$row[$Custom31Field];
$Custom32=$row[$Custom32Field];
$Custom33=$row[$Custom33Field];
$Custom34=$row[$Custom34Field];
$Custom35=$row[$Custom35Field];
$Custom36=$row[$Custom36Field];
$Custom37=$row[$Custom37Field];
$Custom38=$row[$Custom38Field];
$Custom39=$row[$Custom39Field];
$Custom40=$row[$Custom40Field];
$Custom41=$row[$Custom41Field];
$Custom42=$row[$Custom42Field];
$Custom43=$row[$Custom43Field];
$Custom44=$row[$Custom44Field];
$Custom45=$row[$Custom45Field];
$Custom46=$row[$Custom46Field];
$Custom47=$row[$Custom47Field];
$Custom48=$row[$Custom48Field];
$Custom49=$row[$Custom49Field];
$Custom50=$row[$Custom50Field];
$OpenSession=$row[$SessionField];
// mysql_close($mysql_link);
// Verify password hash matches
$hash=md5($Passphrase.$sitelokloginkey);
$hash=strtolower($hash);
if ($Enabled!="Yes")
{
$sitelokloginkey=DisplayLoginPage($LoginPage,$LoginType,MSG_DISABLED);
if (substr($LogDetails,1,1)=="Y")
sl_AddToLog("Login Problem",$username,"User access disabled");
exit;
}
$loginallowed=false;
if (($LoginType=="SECURE") && ($sitelokhash==$hash))
$loginallowed=true;
if (($LoginType=="NORMAL") && ($MD5passwords==false) && (($password==$Passphrase) || ($password==md5(md5($Passphrase.$SiteKey).$SiteKey))))
$loginallowed=true;
if (($LoginType=="NORMAL") && ($MD5passwords==true) && ((md5($password.$SiteKey)==$Passphrase) || ($password==md5($Passphrase.$SiteKey))))
$loginallowed=true;
if ($loginallowed==true)
{
// Mod to limit access to X locations using cookie. The count is stored in $CookieAccessLimit custom field.
if (($CookieAccessLimit!="") && ($row[$CookieAccessLimit]!=""))
{
$accesscount=$row[$CookieAccessLimit];
// Access cookie required for access
// See if cookie exists and value correct
$slaccesscookiename="SITELOKACCESS_".$username;
$slaccesscookievalue=$_COOKIE[$slaccesscookiename];
if (($slaccesscookievalue!=md5($username.$SiteKey)) && ($accesscount<1))
{
$sitelokloginkey=DisplayLoginPage($LoginPage,$LoginType,MSG_ACCESSLOC);
if (substr($LogDetails,1,1)=="Y")
sl_AddToLog("Login Problem",$username,"Access not allowed from this location");
exit;
}
if (($slaccesscookievalue!=md5($username.$SiteKey)) && ($accesscount>0))
{
// Create access cookie for this location and decrement count in custom field
setcookie("SITELOKACCESS_".$username,md5($username.$SiteKey),2147483647,"/","");
$accesscount=$accesscount-1;
$query="UPDATE ".$DbTableName." SET ".$CookieAccessLimit."=".sl_quote_smart($accesscount)." WHERE ".$UsernameField."=".sl_quote_smart($username);
$mysql_result=mysql_query($query,$mysql_link);
}
}
// Store session id
$ThisSession=session_id();
$mysql_result=mysql_query("UPDATE ".$DbTableName." SET ".$SessionField."='".$ThisSession."' WHERE ".$UsernameField."=".sl_quote_smart($username),$mysql_link);
// Check if user currently has session open. If so destroy that session if concurrent logins not allowed.
if (($ConcurrentLogin==false) && ($OpenSession!=""))
{
session_id($OpenSession);
@session_destroy();
if ($SessionName!="")
session_name($SessionName);
session_id($ThisSession);
session_start();
}
$_SESSION['ses_slloginkey']="LOGGEDIN";
$sitelokloginkey="LOGGEDIN";
$slusername=$username;
$slpassword=$password;
$slpasswordclue=sl_passwordclue($slpassword);
$slpasswordhash=md5(md5($slpassword.$SiteKey).$SiteKey);
$slusergroups=$Usergroups;
$slname=$Name;
$namesarray=explode(" ",trim($name));
$slfirstname=$namesarray[0];
$sllastname=$namesarray[count($namesarray)-1];
$slemail=$Email;
$slstarttime=time();
$slaccesstime=time();
$slcreated=gmmktime(0,0,0,substr($created,2,2),substr($created,4,2),substr($created,0,2));
$slenabled=$Enabled;
$slcustom1=$Custom1;
$slcustom2=$Custom2;
$slcustom3=$Custom3;
$slcustom4=$Custom4;
$slcustom5=$Custom5;
$slcustom6=$Custom6;
$slcustom7=$Custom7;
$slcustom8=$Custom8;
$slcustom9=$Custom9;
$slcustom10=$Custom10;
$slcustom11=$Custom11;
$slcustom12=$Custom12;
$slcustom13=$Custom13;
$slcustom14=$Custom14;
$slcustom15=$Custom15;
$slcustom16=$Custom16;
$slcustom17=$Custom17;
$slcustom18=$Custom18;
$slcustom19=$Custom19;
$slcustom20=$Custom20;
$slcustom21=$Custom21;
$slcustom22=$Custom22;
$slcustom23=$Custom23;
$slcustom24=$Custom24;
$slcustom25=$Custom25;
$slcustom26=$Custom26;
$slcustom27=$Custom27;
$slcustom28=$Custom28;
$slcustom29=$Custom29;
$slcustom30=$Custom30;
$slcustom31=$Custom31;
$slcustom32=$Custom32;
$slcustom33=$Custom33;
$slcustom34=$Custom34;
$slcustom35=$Custom35;
$slcustom36=$Custom36;
$slcustom37=$Custom37;
$slcustom38=$Custom38;
$slcustom39=$Custom39;
$slcustom40=$Custom40;
$slcustom41=$Custom41;
$slcustom42=$Custom42;
$slcustom43=$Custom43;
$slcustom44=$Custom44;
$slcustom45=$Custom45;
$slcustom46=$Custom46;
$slcustom47=$Custom47;
$slcustom48=$Custom48;
$slcustom49=$Custom49;
$slcustom50=$Custom50;
$slordercustom=sl_ordercustom($slusername,$IPaddr);
$_SESSION['ses_slusername']=$slusername;
$_SESSION['ses_slpassword']=$slpassword;
$_SESSION['ses_slstarttime']=$slstarttime;
$_SESSION['ses_slaccesstime']=$slaccesstime;
$_SESSION['ses_slcreated']=$slcreated;
$_SESSION['ses_slenabled']=$slenabled;
$_SESSION['ses_slusergroups']=$Usergroups;
$_SESSION['ses_slname']=$Name;
$_SESSION['ses_slemail']=$Email;
$_SESSION['ses_slcustom1']=$Custom1;
$_SESSION['ses_slcustom2']=$Custom2;
$_SESSION['ses_slcustom3']=$Custom3;
$_SESSION['ses_slcustom4']=$Custom4;
$_SESSION['ses_slcustom5']=$Custom5;
$_SESSION['ses_slcustom6']=$Custom6;
$_SESSION['ses_slcustom7']=$Custom7;
$_SESSION['ses_slcustom8']=$Custom8;
$_SESSION['ses_slcustom9']=$Custom9;
$_SESSION['ses_slcustom10']=$Custom10;
$_SESSION['ses_slcustom11']=$Custom11;
$_SESSION['ses_slcustom12']=$Custom12;
$_SESSION['ses_slcustom13']=$Custom13;
$_SESSION['ses_slcustom14']=$Custom14;
$_SESSION['ses_slcustom15']=$Custom15;
$_SESSION['ses_slcustom16']=$Custom16;
$_SESSION['ses_slcustom17']=$Custom17;
$_SESSION['ses_slcustom18']=$Custom18;
$_SESSION['ses_slcustom19']=$Custom19;
$_SESSION['ses_slcustom20']=$Custom20;
$_SESSION['ses_slcustom21']=$Custom21;
$_SESSION['ses_slcustom22']=$Custom22;
$_SESSION['ses_slcustom23']=$Custom23;
$_SESSION['ses_slcustom24']=$Custom24;
$_SESSION['ses_slcustom25']=$Custom25;
$_SESSION['ses_slcustom26']=$Custom26;
$_SESSION['ses_slcustom27']=$Custom27;
$_SESSION['ses_slcustom28']=$Custom28;
$_SESSION['ses_slcustom29']=$Custom29;
$_SESSION['ses_slcustom30']=$Custom30;
$_SESSION['ses_slcustom31']=$Custom31;
$_SESSION['ses_slcustom32']=$Custom32;
$_SESSION['ses_slcustom33']=$Custom33;
$_SESSION['ses_slcustom34']=$Custom34;
$_SESSION['ses_slcustom35']=$Custom35;
$_SESSION['ses_slcustom36']=$Custom36;
$_SESSION['ses_slcustom37']=$Custom37;
$_SESSION['ses_slcustom38']=$Custom38;
$_SESSION['ses_slcustom39']=$Custom39;
$_SESSION['ses_slcustom40']=$Custom40;
$_SESSION['ses_slcustom41']=$Custom41;
$_SESSION['ses_slcustom42']=$Custom42;
$_SESSION['ses_slcustom43']=$Custom43;
$_SESSION['ses_slcustom44']=$Custom44;
$_SESSION['ses_slcustom45']=$Custom45;
$_SESSION['ses_slcustom46']=$Custom46;
$_SESSION['ses_slcustom47']=$Custom47;
$_SESSION['ses_slcustom48']=$Custom48;
$_SESSION['ses_slcustom49']=$Custom49;
$_SESSION['ses_slcustom50']=$Custom50;
if (substr($LogDetails,0,1)=="Y")
sl_AddToLog("Login",$slusername,"");
$sljustloggedin=true;
if (function_exists(sl_onLogin))
{
$paramdata['username']=$slusername;
$paramdata['password']=$slpassword;
$paramdata['enabled']=$slenabled;
$paramdata['name']=$slname;
$paramdata['email']=$slemail;
$paramdata['usergroups']=$slusergroups;
$paramdata['custom1']=$slcustom1;
$paramdata['custom2']=$slcustom2;
$paramdata['custom3']=$slcustom3;
$paramdata['custom4']=$slcustom4;
$paramdata['custom5']=$slcustom5;
$paramdata['custom6']=$slcustom6;
$paramdata['custom7']=$slcustom7;
$paramdata['custom8']=$slcustom8;
$paramdata['custom9']=$slcustom9;
$paramdata['custom10']=$slcustom10;
$paramdata['custom11']=$slcustom11;
$paramdata['custom12']=$slcustom12;
$paramdata['custom13']=$slcustom13;
$paramdata['custom14']=$slcustom14;
$paramdata['custom15']=$slcustom15;
$paramdata['custom16']=$slcustom16;
$paramdata['custom17']=$slcustom17;
$paramdata['custom18']=$slcustom18;
$paramdata['custom19']=$slcustom19;
$paramdata['custom20']=$slcustom20;
$paramdata['custom21']=$slcustom21;
$paramdata['custom22']=$slcustom22;
$paramdata['custom23']=$slcustom23;
$paramdata['custom24']=$slcustom24;
$paramdata['custom25']=$slcustom25;
$paramdata['custom26']=$slcustom26;
$paramdata['custom27']=$slcustom27;
$paramdata['custom28']=$slcustom28;
$paramdata['custom29']=$slcustom29;
$paramdata['custom30']=$slcustom30;
$paramdata['custom31']=$slcustom31;
$paramdata['custom32']=$slcustom32;
$paramdata['custom33']=$slcustom33;
$paramdata['custom34']=$slcustom34;
$paramdata['custom35']=$slcustom35;
$paramdata['custom36']=$slcustom36;
$paramdata['custom37']=$slcustom37;
$paramdata['custom38']=$slcustom38;
$paramdata['custom39']=$slcustom39;
$paramdata['custom40']=$slcustom40;
$paramdata['custom41']=$slcustom41;
$paramdata['custom42']=$slcustom42;
$paramdata['custom43']=$slcustom43;
$paramdata['custom44']=$slcustom44;
$paramdata['custom45']=$slcustom45;
$paramdata['custom46']=$slcustom46;
$paramdata['custom47']=$slcustom47;
$paramdata['custom48']=$slcustom48;
$paramdata['custom49']=$slcustom49;
$paramdata['custom50']=$slcustom50;
sl_onLogin($paramdata);
}
$_SESSION['ses_sljustloggedin']=true;
// See if user wants to remember login
// First handle if login page was displayed
if ($loginformused=="1")
{
if (((($remember=="1") || ($remember=="2"))) && (($LoginType=="NORMAL") && ($CookieLogin!="0")))
setcookie("SITELOKPW".$SessionName,base64_encode($username."|".$password."|".$CookieLogin),2147483647,"/","");
else
setcookie("SITELOKPW".$SessionName,"",time()-86400,"/","");
}
else
{
if (((($slcookielogin=="1") || ($slcookielogin=="2"))) && (($LoginType=="NORMAL") && ($CookieLogin!="0")))
setcookie("SITELOKPW".$SessionName,base64_encode($username."|".$password."|".$CookieLogin),2147483647,"/","");
else
setcookie("SITELOKPW".$SessionName,"",time()-86400,"/","");
}
if ((!$startpageoveridden) && ($loginredirect!=0))
{
// if user is member of group then see if it has login redirect set. Only use first group listed
if ($slusergroups!="")
{
$grouptocheck=strtok($slusergroups,"^");
$grouptocheck=strtok($grouptocheck,":");
$lgaction=$_SESSION['ses_slgrouploginaction_'.$grouptocheck];
if ($lgaction=="URL")
$startpage=$_SESSION['ses_slgrouploginvalue_'.$grouptocheck];
if (substr($lgaction,0,6)=="custom")
{
$pvar="sl".$lgaction;
$startpage=$$pvar;
}
}
}
if ($RedirectAfterLogin==1)
{
// If login page credentials sent by GET then remove the query data for security
$pos=strpos($startpage,"?");
if (is_integer($pos))
{
$query=substr($startpage,$pos+1);
$queryarray=explode("&",$query);
$newquery="";
for ($k=0;$k<count($queryarray);$k++)
{
if ((substr($queryarray[$k],0,9)!="username=") && (substr($queryarray[$k],0,9)!="password="))
{
if ($newquery!="")
$newquery.="&";
$newquery.=$queryarray[$k];
}
}
if ($newquery!="")
$newquery="?".$newquery;
$startpage=substr($startpage,0,$pos).$newquery;
}
header("Location: ".$startpage);
exit;
}
}
else
{
if ($slcookielogin=="2")
setcookie("SITELOKPW".$SessionName,"",time()-86400,"/","");
$sitelokloginkey=DisplayLoginPage($LoginPage,$LoginType,MSG_AUTHFAIL);
if (substr($LogDetails,1,1)=="Y")
sl_AddToLog("Login Problem",$username,"Authentication failed");
exit;
}
}
// Valid session started already
// Setup variables that user can include in secured pages
if (($dbupdate==true) || ($DBupdate==true) || ($_SESSION['ses_UserReload']=="reload"))
{
if (!sl_UpdateUserVariables($_SESSION['ses_slusername'],true))
sl_ShowMessage($MessagePage,MSG_DBPROB);
}
else
sl_UpdateUserVariables($_SESSION['ses_slusername'],false);
if ($sitelokaction=="logout")
{
if (substr($LogDetails,0,1)=="Y")
sl_AddToLog("Logout",$slusername,"");
sl_processlogout($slusername);
@session_destroy();
setcookie(session_name(), '', time()-42000, '/');
// session_start();
// We need to send login page to browser
// $sitelokloginkey=DisplayLoginPage($LoginPage,$LoginType,"");
if ($slcookielogin=="2")
setcookie("SITELOKPW".$SessionName,"",time()-86400,"/","");
header("Location: ".$LogoutPage);
exit;
}
// If $userswithaccess is set then check current username (unless current user is ADMIN)
if ($DemoMode)
$admingroupname="DEMOADMIN";
else
$admingroupname="ADMIN";
if ($userswithaccess!="")
{
$match=0;
$umg=explode("^",$slusergroups);
for ($k=0;$k<count($umg);$k++)
{
$usrgrp=strtok($umg[$k],":");
if ($usrgrp==$admingroupname)
{
$match=1;
break;
}
}
if ($match==0)
{
$uwa=explode(",",$userswithaccess);
for ($k=0;$k<count($uwa);$k++)
{
if (strtolower($slusername)==strtolower(trim($uwa[$k])))
{
$match=1;
break;
}
}
}
if ($match==0)
{
if ($WrongGroupPage!="")
{
if ((strtolower(substr($WrongGroupPage,0,7))=="http://") || (strtolower(substr($WrongGroupPage,0,8))=="https://"))
header("Location: ".$WrongGroupPage);
else
include $WrongGroupPage;
}
else
sl_ShowMessage($MessagePage,MSG_WRONGGROUP);
exit;
}
}
$sldateexpired=0;
if ($groupswithaccess!="")
{
$match=0;
$gmexpired=0;
$slpublicaccess=false;
if ($slusergroups!="")
{
$gwa=explode(",",$groupswithaccess);
$umg=explode("^",$slusergroups);
for ($k=0;$k<count($gwa);$k++)
{
for ($j=0;$j<count($umg);$j++)
{
$usrgrp=strtok($umg[$j],":");
$grpexp=trim(strtok(":"));
$gwa[$k]=trim($gwa[$k]);
if (($usrgrp==$gwa[$k]) || (($usrgrp=="ALL") && ($gwa[$k]!=$admingroupname)) || ($usrgrp==$admingroupname) || ($gwa[$k]=="ALL"))
{
if ($grpexp!="")
{
if ($DateFormat=="DDMMYY")
{
$day=substr($grpexp,0,2);
$month=substr($grpexp,2,2);
$year=substr($grpexp,4,2);
}
if ($DateFormat=="MMDDYY")
{
$month=substr($grpexp,0,2);
$day=substr($grpexp,2,2);
$year=substr($grpexp,4,2);
}
$exptime=gmmktime(23,59,59,intval($month),intval($day),intval($year)+2000);
if (time()>$exptime)
{
$gmexpired=1;
$slexpiredgroup=$usrgrp;
$sldateexpired=$exptime;
}
else
{
$match=1;
break;
}
}
else
{
$match=1;
break;
}
}
}
if ($match==1)
break;
}
}
if (($match==0) && ($gmexpired==0) && ($publicaccess==false))
{
if ($WrongGroupPage!="")
{
if ((strtolower(substr($WrongGroupPage,0,7))=="http://") || (strtolower(substr($WrongGroupPage,0,8))=="https://"))
header("Location: ".$WrongGroupPage);
else
include $WrongGroupPage;
}
else
sl_ShowMessage($MessagePage,MSG_WRONGGROUP);
exit;
}
if (($match==0) && ($gmexpired==0) && ($publicaccess==true))
{
// If group not allowed access but page is PUBLIC then allow public access only
$slpublicaccess=true;
}
if (($match==0) && ($gmexpired==1) && ($publicaccess==true))
{
// If group not allowed access but page is PUBLIC then allow public access only
$slpublicaccess=true;
}
if (($allowexpireduser!="Y") && ($publicaccess!=true))
{
if (($match==0) && ($gmexpired==1))
{
if (substr($LogDetails,6,1)=="Y")
sl_AddToLog("Membership Expired",$slusername,"Membership expired");
// @session_destroy();
if ($ExpiredPage!="")
{
if ((strtolower(substr($ExpiredPage,0,7))=="http://") || (strtolower(substr($ExpiredPage,0,8))=="https://"))
header("Location: ".$ExpiredPage);
else
include $ExpiredPage;
}
else
sl_ShowMessage($MessagePage,MSG_EXPIRED);
exit;
}
}
}
else
{
// Handle if $groupswithaccess is empty (or was originally set with just PUBLIC)
if ($slusername!="")
$slpublicaccess=false;
else
$slpublicaccess=true;
}
// See if session has timed out
if (($MaxSessionTime!=0) && ($publicaccess==false))
{
if ((time()-$slstarttime)>$MaxSessionTime)
{
if (substr($LogDetails,0,1)=="Y")
sl_AddToLog("Logout",$slusername,"Session expired");
sl_processlogout($slusername);
@session_destroy();
setcookie(session_name(), '', time()-42000, '/');
// If downloading file then the session_cache_limiter is required because of a bug in IE when using SSL
if ((isset($_REQUEST['sldownload'])) || ($_REQUEST['act']=="exportselected") || ($_REQUEST['logmanageact']=="export"))
session_cache_limiter('public');
if ($SessionName!="")
session_name($SessionName);
session_start();
// We need to send login page to browser
$sitelokloginkey=DisplayLoginPage($LoginPage,$LoginType,MSG_SESSEXP);
exit;
}
}
if (($MaxSessionTime!=0) && ($publicaccess==true))
{
if ((time()-$slstarttime)>$MaxSessionTime)
{
$slpublicaccess=true;
}
}
// See if session was inactive too long
if (($MaxInactivityTime!=0) && ($publicaccess==false))
{
if ((time()-$slaccesstime)>$MaxInactivityTime)
{
if (substr($LogDetails,0,1)=="Y")
sl_AddToLog("Logout",$slusername,"Session was inactive and expired");
sl_processlogout($slusername);
@session_destroy();
setcookie(session_name(), '', time()-42000, '/');
// If downloading file then the session_cache_limiter is required because of a bug in IE when using SSL
if ((isset($_REQUEST['sldownload'])) || ($_REQUEST['act']=="exportselected") || ($_REQUEST['logmanageact']=="export"))
session_cache_limiter('public');
if ($SessionName!="")
session_name($SessionName);
session_start();
// We need to send login page to browser
$sitelokloginkey=DisplayLoginPage($LoginPage,$LoginType,MSG_INACTEXP);
exit;
}
}
if (($MaxInactivityTime!=0) && ($publicaccess==true))
{
if ((time()-$slaccesstime)>$MaxInactivityTime)
{
$slpublicaccess=true;
}
}
$slaccesstime=time();
$_SESSION['ses_slaccesstime']=$slaccesstime;
if (isset($_REQUEST['sldownload']))
{
sitelokgetfile($_REQUEST['sldownload']);
exit;
}
// if not update form submission set newcustom etc variables for form prefill
if ($sitelokaction!="modifyprofile")
{
$newusername=$slusername;
$newname=$slname;
$newemail=$slemail;
for ($k=1;$k<51;$k++)
{
$cusvar="newcustom".$k;
$cusvar2="slcustom".$k;
$$cusvar=$$cusvar2;
}
}
if ($sitelokaction=="modifyprofile")
{
// Strip slashes from form prefill variables if necessary
if (get_magic_quotes_gpc())
{
$newusername=stripslashes($newusername);
$newname=stripslashes($newname);
$newemail=stripslashes($newemail);;
for ($k=1;$k<51;$k++)
{
$cusvar="newcustom".$k;
$$cusvar=stripslashes($$cusvar);
}
}
$msg="";
$mysql_link=mysql_connect($DbHost,$DbUser,$DbPassword);
if ($mysql_link==0)
{
sl_ShowMessage($MessagePage,MSG_DBPROB);
exit;
}
$db=mysql_select_db($DbName,$mysql_link);
if ($db==False)
{
sl_ShowMessage($MessagePage,MSG_DBPROB);
mysql_close($mysql_link);
exit;
}
if (md5($clientemail.$adminemail.$allowed.$SiteKey)==$hash)
{
// Check that input is allowed
if ((isset($_REQUEST['newusername'])) && (substr($allowed,0,1)=="Y"))
{
if (!((strspn($newusername, "@-_.0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ") == strlen($newusername)) && ($newusername!="")))
$msg=MSG_USERNG;
}
if ((isset($_REQUEST['newpassword'])) && ($newpassword!=""))
{
if (strspn($newpassword, $ValidPasswordChars) != strlen($newpassword))
$msg=MSG_PASSNG;
if (strlen($newpassword)<5)
$msg=MSG_PASS5;
}
if ((isset($_REQUEST['newpassword'])) && ($newpassword!="") && ($newpassword!=$verifynewpassword))
{
if ($msg=="")
$msg=MSG_PASSVER;
}
if ((isset($_REQUEST['newemail'])) && (!sl_validate_email($newemail)))
{
if ($msg=="")
$msg=MSG_EMAILNG;
}
if ((isset($_REQUEST['newemail'])) && (isset($_REQUEST['verifynewemail'])) && ($newemail!=$verifynewemail))
{
if ($msg=="")
$msg=MSG_PASSVER;
}
// If file(s) uploaded then check for errors
for ($k=1;$k<51;$k++)
{
$cusvar="newcustom".$k;
if (($_FILES[$cusvar]['name']!="") && ($_FILES[$cusvar]['error']>0))
$msg=MSG_UPLOADERROR.$_FILES[$cusvar]['error'];
}
// Validate custom fields where required
for ($k=1;$k<51;$k++)
{
$cusvar="newcustom".$k;
$cusvar2="Custom".$k."Validate";
$cusvar3="CustomTitle".$k;
$cusvar4="sl_onCustom".$k."Validate";
// First check file type if uploading (even if field has no validation)
if ($_FILES[$cusvar]['name'])
{
$ext=sl_fileextension($_FILES[$cusvar]['name']);
$ext=trim(strtolower($ext));
if (!is_integer(array_search($ext,$sl_alloweduploads)))
$msg=MSG_UPLOADTYPE;
}
if ((substr($allowed,$k+3,1)=="Y") && (($$cusvar2==1) || ($$cusvar2==3)))
{
if ($msg=="")
{
if ($_FILES[$cusvar]['name'])
$msg=call_user_func($cusvar4,$_FILES[$cusvar]['name'],$$cusvar3,1);
else
$msg=call_user_func($cusvar4,$$cusvar,$$cusvar3,1);
}
}
}
if ($msg=="")
{
// Setup query required
$Query="";
// If username is entered and allowed
if ((isset($_REQUEST['newusername'])) && ($newusername!="") && (substr($allowed,0,1)=="Y"))
{
if ($Query!="") $Query.=", ";
$Query.=$UsernameField."=".sl_quote_smart($newusername);
}
// If username is not entered (but is allowed) then use email as username
if ((!isset($_REQUEST['newusername'])) && (substr($allowed,0,1)=="Y") && (isset($_REQUEST['newemail'])))
{
if ($Query!="") $Query.=", ";
$Query.=$UsernameField."=".sl_quote_smart($newemail);
}
if ((isset($_REQUEST['newpassword'])) && ($newpassword!="") && ($newpassword==$verifynewpassword) && (substr($allowed,1,1)=="Y"))
{
if ($Query!="") $Query.=", ";
if ($MD5passwords)
$Query.=$PasswordField."=".sl_quote_smart(md5($newpassword.$SiteKey));
else
$Query.=$PasswordField."=".sl_quote_smart($newpassword);
}
if ((isset($_REQUEST['newname'])) && (substr($allowed,2,1)=="Y"))
{
if ($Query!="") $Query.=", ";
$Query.=$NameField."=".sl_quote_smart($newname);
}
if ((isset($_REQUEST['newemail'])) && (substr($allowed,3,1)=="Y"))
{
if ($Query!="") $Query.=", ";
$Query.=$EmailField."=".sl_quote_smart($newemail);
}
$uploadprefix=(string)time()."_";
// If profile folder exists in $FileLocation then use that
if (is_dir($FileLocation."profile"))
$uploadprefix="profile/".$uploadprefix;
for ($k=1;$k<51;$k++)
{
$cusvar="newcustom".$k;
$cusvar2="Custom".$k."Field";
$cusvar3="newcustom".$k."clear";
if ((substr($allowed,$k+3,1)=="Y") && (substr($allowed,$k+3,1)=="Y"))
{
if ($_FILES[$cusvar]['name']!="")
{
if ($Query!="") $Query.=", ";
$Query.=$$cusvar2."=".sl_quote_smart($uploadprefix.$_FILES[$cusvar]['name']);
}
else
{
// If upload field but no file uploaded this time don't overwrite unless newcustomXclear field set
if (!isset($_FILES[$cusvar]['error']))
{
if ($Query!="") $Query.=", ";
$Query.=$$cusvar2."=".sl_quote_smart($$cusvar);
}
else
{
if ($$cusvar3!="")
{
if ($Query!="") $Query.=", ";
$Query.=$$cusvar2."=".sl_quote_smart("");
}
}
}
}
}
if ($Query!="")
{
$Query="UPDATE ".$DbTableName." SET ".$Query." WHERE ".$UsernameField."=".sl_quote_smart($slusername);
if ($DemoMode)
$mysql_result=true;
else
$mysql_result=mysql_query($Query,$mysql_link);
if ($mysql_result==true)
{
if ((isset($_REQUEST['newusername'])) && ($newusername!="") && (substr($allowed,0,1)=="Y"))
{
$oldusername=$slusername;
$slusername=$_SESSION['ses_slusername']=$newusername;
if ($oldusername!=$slusername)
sl_usernamechanged($oldusername,$slusername);
}
// If username is not entered (but is allowed) then use email as username
if ((!isset($_REQUEST['newusername'])) && (substr($allowed,0,1)=="Y") && (isset($_REQUEST['newemail'])))
{
$oldusername=$slusername;
$slusername=$_SESSION['ses_slusername']=$newemail;
if ($oldusername!=$slusername)
sl_usernamechanged($oldusername,$slusername);
}
if ((isset($_REQUEST['newpassword'])) && ($newpassword!="") && (substr($allowed,1,1)=="Y"))
{
$slpassword=$_SESSION['ses_slpassword']=$newpassword;
$slpasswordclue=sl_passwordclue($slpassword);
$slpasswordhash=md5(md5($slpassword.$SiteKey).$SiteKey);
}
if ((isset($_REQUEST['newname'])) && (substr($allowed,2,1)=="Y"))
$slname=$newname=$_SESSION['ses_slname']=$newname;
if ((isset($_REQUEST['newemail'])) && (substr($allowed,3,1)=="Y"))
$slemail=$newemail=$_SESSION['ses_slemail']=$newemail;
for ($k=1;$k<51;$k++)
{
$cusvar="newcustom".$k;
$cusvar2="ses_slcustom".$k;
$cusvar3="slcustom".$k;
$cusvar4="newcustom".$k."clear";
if (substr($allowed,$k+3,1)=="Y")
{
if ($_FILES[$cusvar]['name']!="")
{
// Handle upload
// Delete any existing file pointed to
if (($$cusvar3!="") && (file_exists($FileLocation.$$cusvar3)))
@unlink($FileLocation.$$cusvar3);
// Move uploaded file
if (!@move_uploaded_file($_FILES[$cusvar]['tmp_name'], $FileLocation.$uploadprefix.$_FILES[$cusvar]['name']))
$msg=MSG_UPLOADERROR.$_FILES[$cusvar]['error'];
$$cusvar=$uploadprefix.$_FILES[$cusvar]['name'];
$$cusvar3=$$cusvar;
$_SESSION[$cusvar2]=$$cusvar;
}
else
{
if (!isset($_FILES[$cusvar]['error']))
{
$$cusvar3=$$cusvar;
$_SESSION[$cusvar2]=$$cusvar;
}
else
{
if ($$cusvar4!="")
{
// Clear custom field and delete file pointed to if it exists
if (($$cusvar3!="") && (file_exists($FileLocation.$$cusvar3)))
@unlink($FileLocation.$$cusvar3);
$$cusvar3="";
$_SESSION[$cusvar2]="";
}
}
}
}
}
// If any modifygroup[] inputs are in the form then process them here
for ($k=0;$k<count($modifygroup);$k++)
{
$auth = rawurldecode($modifygroup[$k]);
$auth=base64_decode($auth);
$linkvars=explode(",",$auth);
$function = trim($linkvars[0]);
if ($function=="1") // add group
{
$setgroup = trim($linkvars[1]);
$setgroupexpiry = trim($linkvars[2]);
$hash = md5($SiteKey . $function . session_id() . $setgroup . $setgroupexpiry);
$verifyhash = trim($linkvars[3]);
$verifyhash = trim($verifyhash); // Clean up problem with strtok
if ($verifyhash==$hash)
sl_addgroup($setgroup,$setgroupexpiry,"","");
}
if ($function=="2") // remove group
{
$setgroup = trim($linkvars[1]);
$hash = md5($SiteKey . $function . session_id() . $setgroup);
$verifyhash = trim($linkvars[2]);
$verifyhash = trim($verifyhash); // Clean up problem with strtok
if ($verifyhash==$hash)
sl_removegroup($setgroup,"","");
}
if ($function=="3") // replace group
{
$setgroup = trim($linkvars[1]);
$setnewgroup = trim($linkvars[2]);
$setgroupexpiry = trim($linkvars[3]);
$hash = md5($SiteKey . $function . session_id() . $setgroup . $setnewgroup . $setgroupexpiry);
$verifyhash = trim($linkvars[4]);
$verifyhash = trim($verifyhash); // Clean up problem with strtok
if ($verifyhash==$hash)
sl_replacegroup($setgroup,$setnewgroup,$setgroupexpiry,"","");
}
if ($function=="4") // extend group
{
$setgroup = trim($linkvars[1]);
$setgroupexpiry = trim($linkvars[2]);
$setexpirytype = trim($linkvars[3]);
$hash = md5($SiteKey . $function . session_id() . $setgroup . $setgroupexpiry . $setexpirytype);
$verifyhash = trim($linkvars[4]);
$verifyhash = trim($verifyhash); // Clean up problem with strtok
if ($verifyhash==$hash)
sl_extendgroup($setgroup,$setgroupexpiry,$setexpirytype,"","");
}
}
if (substr($LogDetails,7,1)=="Y")
sl_AddToLog("User Modify",$slusername,"");
$msg=MSG_PROFUPDATED;
if ($clientemail!="")
{
if (sl_ReadEmailTemplate($clientemail,$subject,$mailBody,$htmlformat))
{
sl_SendEmail($slemail,$mailBody,$subject,$htmlformat,$slusername,$slpassword,$slname,$slemail,$slusergroups,$slcustom1,$slcustom2,$slcustom3,$slcustom4,$slcustom5,$slcustom6,$slcustom7,$slcustom8,$slcustom9,$slcustom10,
$slcustom11,$slcustom12,$slcustom13,$slcustom14,$slcustom15,$slcustom16,$slcustom17,$slcustom18,$slcustom19,$slcustom20,$slcustom21,$slcustom22,$slcustom23,$slcustom24,$slcustom25,$slcustom26,$slcustom27,$slcustom28,$slcustom29,$slcustom30,
$slcustom31,$slcustom32,$slcustom33,$slcustom34,$slcustom35,$slcustom36,$slcustom37,$slcustom38,$slcustom39,$slcustom40,$slcustom41,$slcustom42,$slcustom43,$slcustom44,$slcustom45,$slcustom46,$slcustom47,$slcustom48,$slcustom49,$slcustom50);
}
}
if ($adminemail!="")
{
if (sl_ReadEmailTemplate($adminemail,$subject,$mailBody,$htmlformat))
{
sl_SendEmail($SiteEmail,$mailBody,$subject,$htmlformat,$slusername,$slpassword,$slname,$slemail,$slusergroups,$slcustom1,$slcustom2,$slcustom3,$slcustom4,$slcustom5,$slcustom6,$slcustom7,$slcustom8,$slcustom9,$slcustom10,
$slcustom11,$slcustom12,$slcustom13,$slcustom14,$slcustom15,$slcustom16,$slcustom17,$slcustom18,$slcustom19,$slcustom20,$slcustom21,$slcustom22,$slcustom23,$slcustom24,$slcustom25,$slcustom26,$slcustom27,$slcustom28,$slcustom29,$slcustom30,
$slcustom31,$slcustom32,$slcustom33,$slcustom34,$slcustom35,$slcustom36,$slcustom37,$slcustom38,$slcustom39,$slcustom40,$slcustom41,$slcustom42,$slcustom43,$slcustom44,$slcustom45,$slcustom46,$slcustom47,$slcustom48,$slcustom49,$slcustom50);
}
}
if (function_exists(sl_onModifyUser))
{
if ($oldusername!="")
$paramdata['oldusername']=$oldusername;
else
$paramdata['oldusername']=$slusername;
$paramdata['username']=$slusername;
$paramdata['password']=$slpassword;
$paramdata['enabled']="Yes";
$paramdata['name']=$slname;
$paramdata['email']=$slemail;
$paramdata['usergroups']=$slusergroups;
$paramdata['custom1']=$slcustom1;
$paramdata['custom2']=$slcustom2;
$paramdata['custom3']=$slcustom3;
$paramdata['custom4']=$slcustom4;
$paramdata['custom5']=$slcustom5;
$paramdata['custom6']=$slcustom6;
$paramdata['custom7']=$slcustom7;
$paramdata['custom8']=$slcustom8;
$paramdata['custom9']=$slcustom9;
$paramdata['custom10']=$slcustom10;
$paramdata['custom11']=$slcustom11;
$paramdata['custom12']=$slcustom12;
$paramdata['custom13']=$slcustom13;
$paramdata['custom14']=$slcustom14;
$paramdata['custom15']=$slcustom15;
$paramdata['custom16']=$slcustom16;
$paramdata['custom17']=$slcustom17;
$paramdata['custom18']=$slcustom18;
$paramdata['custom19']=$slcustom19;
$paramdata['custom20']=$slcustom20;
$paramdata['custom21']=$slcustom21;
$paramdata['custom22']=$slcustom22;
$paramdata['custom23']=$slcustom23;
$paramdata['custom24']=$slcustom24;
$paramdata['custom25']=$slcustom25;
$paramdata['custom26']=$slcustom26;
$paramdata['custom27']=$slcustom27;
$paramdata['custom28']=$slcustom28;
$paramdata['custom29']=$slcustom29;
$paramdata['custom30']=$slcustom30;
$paramdata['custom31']=$slcustom31;
$paramdata['custom32']=$slcustom32;
$paramdata['custom33']=$slcustom33;
$paramdata['custom34']=$slcustom34;
$paramdata['custom35']=$slcustom35;
$paramdata['custom36']=$slcustom36;
$paramdata['custom37']=$slcustom37;
$paramdata['custom38']=$slcustom38;
$paramdata['custom39']=$slcustom39;
$paramdata['custom40']=$slcustom40;
$paramdata['custom41']=$slcustom41;
$paramdata['custom42']=$slcustom42;
$paramdata['custom43']=$slcustom43;
$paramdata['custom44']=$slcustom44;
$paramdata['custom45']=$slcustom45;
$paramdata['custom46']=$slcustom46;
$paramdata['custom47']=$slcustom47;
$paramdata['custom48']=$slcustom48;
$paramdata['custom49']=$slcustom49;
$paramdata['custom50']=$slcustom50;
sl_onModifyUser($paramdata);
}
// If $modsuccesspage is set redirect.
if ($modsuccesspage!="")
{
header("Location: ".$modsuccesspage);
exit;
}
}
}
else
{
if (isset($_REQUEST['newusername']))
$msg=MSG_USEREXISTS;
else
$msg=MSG_PROFPROBLEM;
}
}
else
{
if ($msg=="")
$msg=MSG_PROFUPDATED;
}
}
else
$msg=MSG_PROFPROBLEM;
// mysql_close($mysql_link);
}
} // ($slsearchengine==false)
function DisplayLoginPage($LoginPage,$LoginType,$msg)
{
global $_SESSION,$startpage,$LoginKey;
global $slcookieusername,$slcookiepassword,$slcookielogin,$CookieLogin;
global $TuringLogin,$SitelokLocationURL,$SitelokLocation;
// Display login page
// First create unique session based login key
$CharAllowed="abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";
srand((double) microtime() * 1000000);
$LoginKey="";
for ($k=0;$k<32;$k++)
{
$r=rand(0,61);
$LoginKey=$LoginKey.$CharAllowed[$r];
}
$_SESSION['ses_slloginkey']=$LoginKey;
if ($LoginPage!="")
{
if (file_exists($LoginPage))
{
$slpublicaccess=true;
include $LoginPage;
}
else
{
if (file_exists($SitelokLocation.$LoginPage))
{
$slpublicaccess=true;
include $SitelokLocation.$LoginPage;
}
else
$LoginPage="";
}
}
if ($LoginPage=="")
{
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-type" content="text/html;charset=UTF-8">
<title>Please login</title>
<style type="text/css">
<!--
p.normal {
font-size:12pt;
font-family: arial;
margin: 20px 20px 0px 20px;
padding: 0px 0px 0px 0px;
}
p.heading {
font-size:16pt;
font-family: arial;
font-weight: bold;
margin: 20px 20px 0px 20px;
padding: 0px 0px 0px 0px;
}
p.message {
font-size:10pt;
font-family: arial;
color: red;
font-weight: bold;
margin: 0px 0px 8px 0px;
padding: 0px 0px 0px 0px;
}
p.autostore {
font-size:10pt;
font-family: arial;
color: red;
margin: 20px 20px 0px 20px;
padding: 0px 0px 0px 0px;
}
p.forgot {
font-size:10pt;
font-family: arial;
color: blue;
margin: 20px 20px 20px 20px;
padding: 0px 0px 0px 0px;
}
input.textfield {
font-size:10pt;
font-family: arial;
}
input.buttonfield {
font-size:12pt;
font-family: arial;
margin: 0px 0px 20px 0px;
}
a {
font-size:10pt;
font-family: arial;
margin: 0px 0px 20px 0px;
padding: 0px 0px 0px 0px;
}
-->
</style>
</head>
<body OnLoad="document.siteloklogin.username.focus();">
<p class="normal" align="center"> </p>
<p class="normal" align="center"> </p>
<p class="normal" align="center"> </p>
<?php
if ($msg!="")
print "<p class=\"message\" align=\"center\">".$msg."</p>\n";
print "<form name=\"siteloklogin\"";
if ($LoginType=="SECURE")
print " autocomplete=\"off\"";
print " action=\"$startpage\" method=\"POST\" onSubmit=\"return validatelogin()\">\n";
siteloklogin();
?>
<table bgcolor="#a0b8c8" border="0" cellpadding="2" cellspacing="0" align="center">
<tr>
<td>
<table bgcolor="#ffffff" border="0" cellpadding="0" cellspacing="0">
<tr>
<td>
<table bgcolor="#ffffff" border="0" cellspacing="4" cellpadding="3">
<tr>
<td align="center">
<table border="0" cellpadding="0" cellspacing="0" bgcolor="#EEEEEE" align="center">
<tr>
<td align="center" colspan="3">
<p class="heading">Please login</p>
</td>
</tr>
<tr>
<td></td>
<td align="right"><p class="normal">Username:</p></td>
<td><p class="normal"><input type="text" name="username" value="<?php echo $slcookieusername; ?>" maxlength="50" size="20" class="textfield"></p></td>
</tr>
<tr>
<td></td>
<td align="right"><p class="normal">Password:</p></td>
<td><p class="normal"><input type="password" name="password" value="<?php echo $slcookieusername; ?>" maxlength="50" size="20" class="textfield"></p></td>
</tr>
<?php
if ($TuringLogin==1)
{
if ($SitelokLocationURL!="")
{
$slpwURLparts=getUrlParts($SitelokLocationURL);
$slpwURL="/".$slpwURLparts[resource];
}
else
$slpwURL="http://".$_SERVER['HTTP_HOST']."/slpw/";
?>
<tr>
<td></td>
<td align="right"><p class="normal">CAPTCHA:</p></td>
<td><p class="normal"><input type="text" name="turing" value="" maxlength="5" size="8" class="textfield"> <img src="<?php echo $slpwURL; ?>turingimage.php" width="60" height="30" align="top" alt="CAPTCHA"></p></t