$login1
$login2

$login3:

"; echo $foot; } if($task == "forgot2") { $username = $_POST['username']; $user = mysql_query("SELECT secure_question FROM bhost_users WHERE username='$username'"); if(mysql_num_rows($user) != 1) { echo $head; echo "

$login22

$login23
"; echo $foot; exit(); } $user_info = mysql_fetch_assoc($user); echo $head; echo "

$login1

$login24

$login25 $user_info[secure_question]
 
$login26
 
 
"; echo $foot; } if($task == "cancel") { header("Location: login.php"); exit(); } if($task == "sendpass") { $username = $_POST['username']; $secure_question = $_POST['secure_question']; $secure_answer = $_POST['secure_answer']; $user = mysql_query("SELECT * FROM bhost_users WHERE username='$username' AND secure_question='$secure_question' AND secure_answer='$secure_answer'"); if(mysql_num_rows($user) != 1) { echo $head; echo "

$login22

$login28
"; echo $foot; exit(); } $user_info = mysql_fetch_assoc($user); $password = randomcode(); $password_db = crypt($password, $user_info[code]); mysql_query("UPDATE bhost_users SET password='$password_db' WHERE u_id='$user_info[u_id]'"); $subject = htmlspecialchars_decode($admin_info[forgot_subject], ENT_QUOTES); $subject = str_replace("", "$user_info[fname]", $subject); $subject = str_replace("", "$user_info[lname]", $subject); $subject = str_replace("", $user_info[username], $subject); $subject = str_replace("", $password, $subject); $message = htmlspecialchars_decode($admin_info[forgot_message], ENT_QUOTES); $message = str_replace("", "$user_info[fname]", $message); $message = str_replace("", "$user_info[lname]", $message); $message = str_replace("", $user_info[username], $message); $message = str_replace("", $password, $message); //$forgot_headers = "MIME-Version: 1.0\nContent-type: text/html; charset=iso-8859-1\nFrom: $admin_info[fname] $admin_info[lname] <$admin_info[email]>\nReturn-Path: $admin_info[email]\nReply-To: $admin_info[email]"; //mail($user_info[email], $subject, $message, $forgot_headers); $message_headers = "MIME-Version: 1.0\n" . "From: \"Rivblog.com - support\" <{$admin_info[email]}>\n" . "Content-Type: text/plain; charset=\"utf-8\"\n"; $message = $message; // TODO: Don't hard code activation link. $subject = '[' . $from_name . '] ' . $subject; wp_mail($user_info[email], $subject, $message, $message_headers); echo $head; echo "

$login1

$login11

"; echo $foot; } if($task == "dologin") { $date = time(); $username = $_POST['username']; $password_unencrypted = $_POST['password']; $rememberme = $_POST['rememberme']; $ipaddress = $_SERVER['REMOTE_ADDR']; $check = mysql_query("SELECT username, password, code, verified FROM bhost_users WHERE username='$username'"); $check_info = @mysql_fetch_assoc($check); //alanic //per i vecchi blog devo utilizzare il metodo di controllo password //di WP require_once("class-phpass.php"); $wp_hasher = new PasswordHash(8, TRUE); $check_oldWP = $wp_hasher->CheckPassword($password_unencrypted, $check_info[password]); //end alanic $password = crypt($password_unencrypted, $check_info[code]); // NO JAVASCRIPT if(isset($_POST['javascript']) & $_POST['javascript'] == "no") { $result = "
$login13
"; $task = "main"; // LOGIN FAIL } elseif(mysql_num_rows($check) == 0) { mysql_query("INSERT INTO bhost_log (date, username, password, ipaddress, result) VALUES ('$date', '$username', '$password', '$ipaddress', 'Failure')"); $result = "
$login14
"; $task = "main"; } elseif(!$check_oldWP) { if(strtolower($username) != strtolower($check_info[username]) | $password != $check_info[password]) { mysql_query("INSERT INTO bhost_log (date, username, password, ipaddress, result) VALUES ('$date', '$username', '$password', '$ipaddress', 'Failure')"); $result = "
$login14
"; $task = "main"; } } elseif($check_info[verified] == 0) { mysql_query("INSERT INTO bhost_log (date, username, password, ipaddress, result) VALUES ('$date', '$username', '$password', '$ipaddress', '0')"); $result = "
$login15
"; $task = "main"; } else { // LOGIN SUCCESS //Alanic: per i vecchi blog if(!$check_oldWP) $user_info = mysql_fetch_assoc(mysql_query("SELECT * FROM bhost_users WHERE username='$username' AND password='$password'")); else $user_info = mysql_fetch_assoc(mysql_query("SELECT * FROM bhost_users WHERE username='$username' AND password='".$check_info[password]."'")); $date = time(); mysql_query("UPDATE bhost_users SET last_login='$date' WHERE u_id='$user_info[u_id]'"); mysql_query("INSERT INTO bhost_log (date, username, password, ipaddress, result) VALUES ('$date', '$username', '$password', '$ipaddress', '1')"); bumplog(); $user = crypt($user_info[username], $user_info[code]); if(!$check_oldWP) $pass = $user_info[password]; else $pass = $check_info[password]; $u_id = $user_info[u_id]; setcookie("admin_username", ""); setcookie("admin_password", ""); //die($user); // REMEMBER ME if(isset($rememberme) AND $rememberme == "1") { setcookie("username", "$user", time()+60*999999, "/"); setcookie("password", "$pass", time()+60*999999, "/"); setcookie("u_id", "$u_id", time()+60*999999, "/"); } else { // DONT REMEMBER ME setcookie("username", "$user", 0, "/"); setcookie("password", "$pass", 0, "/"); setcookie("u_id", "$u_id", 0, "/"); } // SET LOCATION if($ref == "1") { $location = url("entry", "$w", "", "$e_id"); } elseif($ref == "2") { $location = "post_comment.php?w=$w&e_id=$e_id"; } elseif($ref == "3") { $location = "edit_comment.php?w=$w&e_id=$e_id&c_id=$c_id"; } elseif($ref == "4") { $location = "delete_comment.php?w=$w&e_id=$e_id&c_id=$c_id"; } else { $location = "./manager/index.php"; } cheader($location); exit(); } } if($task == "main") { echo $head; echo "

$login16

$login17

$login18
 
$login19
 

 

$result
"; echo $foot; }