00001 <?php
00002 if(!defined('__PRAGYAN_CMS'))
00003 {
00004 header($_SERVER['SERVER_PROTOCOL'].' 403 Forbidden');
00005 echo "<h1>403 Forbidden<h1><h4>You are not authorized to access the page.</h4>";
00006 echo '<hr/>'.$_SERVER['SERVER_SIGNATURE'];
00007 exit(1);
00008 }
00016 function resetPasswd($allow_login) {
00017 if((!isset($_POST['user_email']))&&(!isset($_GET['key']))) {
00018 $resetPasswd =<<<RESET
00019 <form class="registrationform" method="POST" name="user_passreset" onsubmit="return checkForm(this)" action="./+login&subaction=resetPasswd">
00020 <fieldset>
00021 <legend>Reset Password</legend>
00022 <table>
00023 <tr>
00024 <td><label for="user_email" class="labelrequired">Email</label></td>
00025 <td><input type="text" name="user_email" id="user_email" class="required" onchange="if(this.length!=0) return checkEmail(this);"/><br /></td>
00026 </tr>
00027 <tr>
00028 <td colspan="2"> </td>
00029 </tr>
00030 <tr>
00031 <td><input type="submit" id="submitbutton" value="Submit"></td>
00032 <td>
00033 RESET;
00034 if($allow_login)
00035 $resetPasswd .="<a href='./+login&subaction=register'>Sign Up</a> ";
00036 $resetPasswd .= "<a href='./+login'>Login</a></td>
00037 </tr>
00038 </table>
00039 </fieldset>
00040 </form>";
00041 return $resetPasswd;
00042 }
00043 elseif(!isset($_GET['key'])) {
00044 $user_email = escape($_GET['user_email']);
00045 if (!eregi("^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,3})$", escape($_POST['user_email'])))
00046 displayerror("Invalid Email Id. <br /><input type=\"button\" onclick=\"history.go(-1)\" value=\"Go back\" />");
00047 else {
00048 $query = "SELECT * FROM `" . MYSQL_DATABASE_PREFIX . "users` WHERE `user_email`='".escape($_POST[user_email])."' ";
00049 $result = mysql_query($query);
00050 $temp = mysql_fetch_assoc($result);
00051 if (mysql_num_rows($result) == 0)
00052 displayerror("E-mail not in registered accounts list. <br /><input type=\"button\" onclick=\"history.go(-1)\" value=\"Go back\" />");
00053 elseif ($temp['user_activated'] == 0) {
00054 displayerror("Account not yet activated.<b>Please check your email</b> and click on the activation link. <a href=\"./+login&subaction=register&reSendKey=1\">Resend activation mail?</a><br /><input type=\"button\" onclick=\"history.go(-1)\" value=\"Go back\" />");
00055 } else {
00056
00057 $key = md5($temp['user_password'].'xXc'.substr($temp['user_email'],1,2));
00058
00059
00060
00061 $to = "$temp[user_email]";
00062 $mailtype = "password_forgot_reset";
00063 $language = "en";
00064
00065 $messenger = new messenger(false);
00066 global $onlineSiteUrl;
00067 $messenger->assign_vars(array('RESETPASS_URL'=>"$onlineSiteUrl/+login&subaction=resetPasswd&resetPasswd=$temp[user_email]&key=$key", 'NAME'=>"$temp[user_fullname]", 'WEBSITE'=>CMS_TITLE, 'DOMAIN' => $onlineSiteUrl));
00068
00069 if ($messenger->mailer($to,$mailtype,$key))
00070 displayinfo("Password reset link sent. Kindly check your e-mail. <br /><input type=\"button\" onclick=\"history.go(-2)\" value=\"Go back\" />");
00071 else
00072 displayerror("Password reset failed. Kindly contact webadmin@pragyan.org");
00073
00074
00075 }
00076 }
00077 }
00078 else {
00079 $key = escape($_GET['key']);
00080 $user_email = escape($_GET['resetPasswd']);
00081 $password = rand();
00082 $dbpassword = md5($password);
00083 $query = "SELECT * FROM `" . MYSQL_DATABASE_PREFIX . "users` WHERE `user_email`='" . $user_email . "'";
00084 $result = mysql_query($query);
00085 $temp = mysql_fetch_assoc($result);
00086 if ($key == md5($temp['user_password'].'xXc'.substr($temp['user_email'],1,2))) {
00087 $query = "UPDATE `" . MYSQL_DATABASE_PREFIX . "users` SET `user_password`='$dbpassword' WHERE `user_email`='$user_email'";
00088 $result = mysql_query($query);
00089 if (mysql_affected_rows() > 0) {
00090
00091
00092 $to = "$temp[user_email]";
00093 $mailtype = "password_reset";
00094 $language = "en";
00095
00096 $messenger = new messenger(false);
00097 global $onlineSiteUrl;
00098 $messenger->assign_vars(array('PASSWORD'=>"$password",'NAME'=>"$temp[user_fullname]", 'WEBSITE'=>CMS_TITLE, 'DOMAIN'=>$onlineSiteUrl));
00099
00100 if ($messenger->mailer($to,$mailtype,$key))
00101 displayinfo("Password reset. Kindly check your e-mail.");
00102 else
00103 displayerror("Password reset failed. Kindly contact administrator");
00104
00105
00106 }
00107 } else
00108 displayinfo(safe_html("Authentication failure for password reset for $user_email"));
00109 }
00110 return "";
00111 }
00123 function openid_endpoint($openid_url){
00124
00129 if(function_exists('filter_input')) {
00130 if( ! filter_input(INPUT_POST, "openid_identifier", FILTER_VALIDATE_URL)) {
00131 $error = "Error: OpenID Identifier is not in proper format.";
00132 }
00133 }
00134 else
00135 {
00136
00137 if( ! eregi("^((https?)://)?(((www\.)?[^ ]+\.[com|org|net|edu|gov|us]))([^ ]+)?$",$openid_url)) {
00138 $error = "Error: OpenID Identifier is not in proper format.";
00139 }
00140 }
00142 if ( ! isset($error)) {
00146 $_SESSION['openid_url'] = $openid_url;
00147
00151 $openid = new Dope_OpenID($openid_url);
00158 global $rewriteEngineEnabled;
00159
00163 if($rewriteEngineEnabled=='true')
00164 $returnURL="http://".$_SERVER['HTTP_HOST'].dirname($_SERVER['SCRIPT_NAME'])."/index.php?action=login&subaction=openid_verify";
00165 else
00166 $returnURL="http://".$_SERVER['HTTP_HOST'].dirname($_SERVER['SCRIPT_NAME'])."/?action=login&subaction=openid_verify";
00167
00168 $openid->setReturnURL($returnURL);
00169
00177 $openid->SetTrustRoot("http://".$_SERVER['HTTP_HOST'].dirname($_SERVER['SCRIPT_NAME']));
00178
00189 $openid->setOptionalInfo(array('nickname','fullname','email'));
00190
00191
00199
00200
00208
00209
00210
00212
00213 $endpoint_url = $openid->getOpenIDEndpoint();
00214 if($endpoint_url){
00216 $_SESSION['openid_endpoint_url'] = $endpoint_url;
00218 $openid->redirect();
00220 exit;
00221 }
00222 else{
00229 $the_error = $openid->getError();
00230 $error = "Error Code: {$the_error['code']}<br />";
00231 $error .= "Error Description: {$the_error['description']}<br />";
00232 }
00233 }
00234
00235 }
00266 function openid_login($userdata){
00267 $userdata['openid_url']=escape($_GET['openid_identity']);
00269 $query="SELECT * FROM `" . MYSQL_DATABASE_PREFIX . "openid_users` WHERE `openid_url` = '". $userdata['openid_url'] . "';";
00270
00271 $result=mysql_query($query) or die(mysql_error(). " in openid_login() inside login.lib.php while executing query for openid_row");
00272 $openid_row=mysql_fetch_array($result);
00273 if($openid_row)
00274 {
00275
00277 $userid=$openid_row['user_id'];
00278
00279
00281 $userdetails = getUserInfo(getUserEmail($userid));
00282
00283 if(!$userdetails)
00284 {
00285 displayerror("Your openid registration is corrupted. Please contact site administrator.");
00286 return;
00287 }
00289 if($userdetails && ($userdetails['user_activated']==0))
00290 {
00291 displayerror("Your account is not activated. Please verify your account using the email sent to you during registration or contact site administrator.");
00292 return;
00293 }
00294
00296 $query = "SELECT `user_lastlogin` FROM `". MYSQL_DATABASE_PREFIX . "users` WHERE `user_id`=".$openid_row['user_id']. ";";
00297 $result=mysql_query($query) or die(mysql_error(). " in openid_login() inside login.lib.php while trying to fetch last login");
00298 $last_login_row=mysql_fetch_array($result);
00299 $_SESSION['last_to_last_login_datetime']=$last_login_row['user_lastlogin'];
00300
00302 $query = "UPDATE `" . MYSQL_DATABASE_PREFIX . "users` SET `user_lastlogin`=NOW() WHERE `" . MYSQL_DATABASE_PREFIX . "users`.`user_id` =". $openid_row['user_id']. ";" ;
00303 mysql_query($query) or die(mysql_error() . " in openid_login() inside login.lib.php while trying to update the last login");
00305 setAuth($openid_row['user_id']);
00306
00307 return $openid_row['user_id'];
00308
00309 }
00310 else
00311 {
00321
00322 $_SESSION['openid_url']=$userdata['openid_url'];
00323 $_SESSION['openid_email']=$userdata['email'];
00324 if(array_key_exists('email',$userdata))
00325 {
00327 $userdetails = getUserInfo($userdata['email']);
00328 $userid= $userdetails['user_id'];
00330 if($userdetails && ($userdetails['user_activated']==0))
00331 {
00332 displayerror("Your account is not activated. Please verify your account using the email sent to you during registration or contact site administrator.");
00333 return;
00334 }
00335 if($userdetails && $userdetails['user_activated'] && ($userdetails['user_loginmethod']!='openid'))
00336 {
00339 $username=getUserName($userid);
00340 displayinfo("<ul><li>An account with your Email was found in our record already. This mean you are already registered as a user.</li>".
00341 "<li>You just need to provide your password of your existing account to link your OpenID with.</li>".
00342 "<li> This is a one time step after which you can use your OpenID account to Login.</li></ul>");
00343 $cmstitle=CMS_TITLE;
00344 $openid_pass_form=<<<OPENIDPASS
00345
00346 <form method="POST" class="registrationform" name="openid_pass" action="./home/+login&subaction=openid_pass">
00347 <fieldset>
00348 <legend>Password for the existing account </legend>
00349 Please Enter the Password of the pre-existing account on $cmstitle
00350 <input type="hidden" name="email" value="${userdata['email']}" />
00351 <table>
00352
00353 <tr><td>Username</td>
00354
00355 <td>$username</td></tr>
00356
00357 <tr><td>Email</td>
00358 <td>${userdata['email']}</td></tr>
00359 <tr><td><label for="user_password" class="labelrequired">Password</label></td>
00360 <td><input type="password" name="user_password" id="user_password" class="required" /><br /></td>
00361 </tr>
00362 <tr>
00363 <td><input type="submit" value="Submit" /></td>
00364
00365 </tr>
00366 </table>
00367 </fieldset>
00368 </form>
00369 OPENIDPASS;
00370 return $openid_pass_form;
00371
00372 }
00373
00374 else
00375 {
00382 displayinfo("Seems like you are using this OpenID for the first time. We just need your full name to continue.");
00383 $openid_detail_form=<<<OPENIDFORM
00384 <form method="POST" class="registrationform" name="quick_openid_reg" action="./home/+login&subaction=quick_openid_reg">
00385 <fieldset>
00386 <legend>Just give us your Full name</legend>
00387 <table>
00388 <tr>
00389 <td><label for="user_email" class="labelrequired">Email</label></td>
00390 <td><input type="text" name="user_email" value="${userdata['email']}" id="user_email" class="required" readonly="true" onchange="if(this.length!=0) return checkEmail(this);"/><br /></td>
00391 </tr>
00392
00393 <tr>
00394 <td><label for="user_name">Full Name</label></td>
00395 <td><input type="text" name="user_name" value="${userdata['fullname']}" id="user_name" class="required"/><br /></td>
00396 </tr>
00397
00398 <tr>
00399 <td><input type="submit" value="Submit" /></td>
00400
00401 </tr>
00402
00403 </table>
00404 </fieldset>
00405 </form>
00406 OPENIDFORM;
00407 return $openid_detail_form;
00408
00409
00410
00411 }
00412 }
00413 else
00414 {
00418 displayerror("The OpenID provider didn't return your Email Address. Please configure your Provider to provide your Email address");
00419 return;
00420 }
00421
00422
00423
00424 }
00425 }
00426
00427 function loginForm($allow_login=1)
00428 {
00429 global $urlRequestRoot;
00430 global $cmsFolder;
00431 $openidFolder=$urlRequestRoot.'/'.$cmsFolder.'/openid';
00432 $openid_login_str =<<<OPENIDLOGIN
00433
00434 <!-- Simple OpenID Selector -->
00435 <link rel="stylesheet" href="$openidFolder/css/openid.css" />
00436
00437 <script type="text/javascript" src="$openidFolder/js/openid-jquery.js.php?imgpath=$openidFolder/images/"></script>
00438 <script type="text/javascript">
00439 $(document).ready(function() {
00440 openid.init('openid_identifier');
00441 });
00442 </script>
00443 <!-- /Simple OpenID Selector -->
00444
00445 <script language="javascript" type="text/javascript">
00446 <!--
00447 function checkLoginForm(inputhandler) {
00448 if(inputhandler.user_password.value.length==0) {
00449 alert("Blank password not allowed.");
00450 return false;
00451 }
00452 return checkEmail(this.user_email);
00453 }
00454 -->
00455 </script>
00456
00457 <fieldset>
00458 <legend>Login With your OpenID</legend>
00459 <!-- Simple OpenID Selector -->
00460 <form action="./+login&subaction=openid_login" method="post" id="openid_form">
00461 <input type="hidden" name="process" value="1" />
00462
00463 <p> Sign-in using your existing account on popular websites
00464 <br>Please click your account provider:</p>
00465
00466 <div id="openid_choice">
00467
00468 <div id="openid_btns"></div>
00469 </div>
00470
00471 <div id="openid_input_area">
00472 <input id="openid_identifier" name="openid_identifier" type="text" value="http://" />
00473 <br/>
00474 <input id="openid_submit" type="submit" value="Sign-In"/>
00475 </div>
00476 <noscript>
00477 <p>OpenID is service that allows you to log-on to many different websites using a single
00478 indentity.
00479 Find out <a href="http://openid.net/what/">more about OpenID</a> and <a href="http://openid.net/get/">how to get an OpenID enabled account</a>.</p>
00480 </noscript>
00481
00482 </form>
00483 <!-- /Simple OpenID Selector -->
00484 </fieldset>
00485 OPENIDLOGIN;
00486 $login_str=<<<LOGIN
00487 <script language="javascript" type="text/javascript">
00488 <!--
00489 function checkLoginForm(inputhandler) {
00490 if(inputhandler.user_password.value.length==0) {
00491 alert("Blank password not allowed.");
00492 return false;
00493 }
00494 return checkEmail(this.user_email);
00495 }
00496 -->
00497 </script>
00498 <form method="POST" class="registrationform" name="user_loginform" id="pragyan_loginform" onsubmit="return checkLoginForm(this);" action="./+login" autocomplete="off">
00499 <fieldset>
00500 <legend>Login</legend>
00501 <table cellspacing=0 cellpadding=0>
00502 <tr>
00503 <td><label for="user_email" class="labelrequired">Email</label></td>
00504 <td><input type="text" name="user_email" id="user_email" class="required" onchange="if(this.length!=0) return checkEmail(this);"/><br /></td>
00505 </tr>
00506 <tr><td><label for="user_password" class="labelrequired">Password</label></td>
00507 <td><input type="password" name="user_password" id="user_password" class="required" /><br /></td>
00508 </tr>
00509 <tr>
00510 <td><input type="submit" value="Login" /></td>
00511 <td><a href="./+login&subaction=resetPasswd">Lost Password?</a>
00512 LOGIN;
00513 if($allow_login)
00514 $login_str .= "<a href=\"./+login&subaction=register\">Sign Up</a>";
00515 $login_str .= "</td>
00516 </tr>
00517 </table>
00518 </fieldset>
00519 </form>";
00520 global $openid_enabled;
00521 if($openid_enabled=='true')
00522 return $openid_login_str.$login_str;
00523 else
00524 return $login_str;
00525 }
00526
00531 function login() {
00532 $allow_login_query = "SELECT `value` FROM `".MYSQL_DATABASE_PREFIX."global` WHERE `attribute` = 'allow_login'";
00533 $allow_login_result = mysql_query($allow_login_query);
00534 $allow_login_result = mysql_fetch_array($allow_login_result);
00535 if(isset($_GET['subaction'])) {
00536 if($_GET['subaction']=="resetPasswd") {
00537 return resetPasswd($allow_login_result[0]);
00538 }
00539 if($allow_login_result[0])
00540 if($_GET['subaction']=="register") {
00541 require_once("registration.lib.php");
00542 return register();
00543 }
00544 global $openid_enabled;
00545 if(($openid_enabled=='true')&&($allow_login_result[0])){
00546 if($_GET['subaction']=="openid_login")
00547 {
00548 if(isset($_POST['process']))
00549 {
00550 $openid_url = trim($_POST['openid_identifier']);
00551 openid_endpoint($openid_url);
00552 }
00553 }
00554 if($_GET['subaction']=="openid_verify"){
00555 if($_GET['openid_mode'] != "cancel")
00556 {
00557
00558 $openid_url = $_GET['openid_identity'];
00559 $openid = new Dope_OpenID($openid_url);
00560 $validate_result = $openid->validateWithServer();
00561 if ($validate_result === TRUE) {
00562 $userinfo = $openid->filterUserInfo($_GET);
00563 return openid_login($userinfo);
00564 }
00565 else if ($openid->isError() === TRUE){
00566 $the_error = $openid->getError();
00567 $error = "Error Code: {$the_error['code']}<br />";
00568 $error .= "Error Description: {$the_error['description']}<br />";
00569 }
00570 else{
00571 $error = "Error: Could not validate the OpenID at {$_SESSION['openid_url']}";
00572 }
00573 }
00574 else
00575 {
00576 displayerror("User cancelled the OpenID authorization");
00577 }
00578 }
00579 if($_GET['subaction']=="openid_pass")
00580 {
00581 if(!isset($_SESSION['openid_url']) || !isset($_SESSION['openid_email']))
00582 {
00583 displayerror("You are trying to link an OpenID account without validating your log-in. Please <a href=\"./+login\">Login</a> with your OpenID account first.");
00584 return;
00585 }
00586 else
00587 {
00588 $openid_url=$_SESSION['openid_url'];
00589 $openid_email=$_SESSION['openid_email'];
00590 unset($_SESSION['openid_url']);
00591 unset($_SESSION['openid_email']);
00592 if(!isset($_POST['user_password']))
00593 {
00594 displayerror("Empty Passwords not allowed");
00595 return;
00596 }
00597 $user_passwd=$_POST['user_password'];
00598 $info=getUserInfo($openid_email);
00599 if(!$info)
00600 {
00601 displayerror("No user with Email $openid_email");
00602 }
00603 else
00604 {
00605 $check=checkLogin($info['user_loginmethod'],$info['user_name'],$openid_email,$user_passwd);
00606 if($check)
00607 {
00608
00609 $query="INSERT INTO `" . MYSQL_DATABASE_PREFIX ."openid_users` (`openid_url`,`user_id`) VALUES ('$openid_url',".$info['user_id'].")";
00610 $result=mysql_query($query) or die(mysql_error()." in login() subaction=openid_pass while trying to Link OpenID account");
00611 if($result)
00612 {
00613 displayinfo("Account successfully Linked. Log In one more time to continue.");
00614 }
00615 }
00616 else
00617 {
00618 displayerror("The password you specified was incorrect");
00619 }
00620
00621 }
00622 }
00623 }
00624 if($_GET['subaction']=="quick_openid_reg")
00625 {
00626 if(!isset($_SESSION['openid_url']) || !isset($_SESSION['openid_email']))
00627 {
00628 displayerror("You are trying to register an OpenID account without validating your log-in. Please <a href=\"./+login\">Login</a> with your OpenID account first.");
00629 return;
00630 }
00631 else
00632 {
00633 $openid_url=$_SESSION['openid_url'];
00634 $openid_email=$_SESSION['openid_email'];
00635 unset($_SESSION['openid_url']);
00636 unset($_SESSION['openid_email']);
00637 if(!isset($_POST['user_name']) || $_POST['user_name']=="")
00638 {
00639 displayerror("You didn't specified your Full name. Please <a href=\"./+login\">Login</a> again.");
00640 return ;
00641 }
00642 $openid_fname=escape($_POST['user_name']);
00643
00644 $query = "INSERT INTO `" . MYSQL_DATABASE_PREFIX . "users` " ."(`user_name`, `user_email`, `user_fullname`, `user_password`, `user_activated`,`user_loginmethod`) ".
00645 "VALUES ('".$openid_email."', '".$openid_email."','".$openid_fname."','0',1,'openid');";
00646 $result=mysql_query($query) or die(mysql_error()." in login() subaction=quick_openid_reg while trying to insert information of new account");
00647 if($result)
00648 {
00649 $id=mysql_insert_id();
00650 $query="INSERT INTO `" . MYSQL_DATABASE_PREFIX ."openid_users` (`openid_url`,`user_id`) VALUES ('$openid_url',".$id.")";
00651 $result=mysql_query($query) or die(mysql_error()." in login() subaction=quick_openid_reg while trying to Link OpenID account");
00652 if($result)
00653 {
00654 displayinfo("Account successfully registered. You can now login via OpenID. Please complete your profile information after logging in.");
00655 }
00656
00657 }
00658
00659 return "";
00660
00661 }
00662 }
00663 }
00664 }
00665
00666 if (!isset ($_POST['user_email'])) {
00667 return loginForm($allow_login_result[0]);
00668 } else {
00669
00670
00671
00672
00673
00674
00675
00676
00677
00678
00679
00680
00681
00682
00683 global $cookieSupported;
00684 $login_status = false;
00685 if($cookieSupported==true) {
00686 if ((($_POST['user_email']) == "") || (($_POST['user_password']) == "")){
00687 displayerror("Blank e-mail or password NOT allowed. <br /><input type=\"button\" onclick=\"history.go(-1)\" value=\"Go back\" />");
00688 return loginForm($allow_login_result[0]);
00689 }
00690 else {
00691 $user_email = escape($_POST['user_email']);
00692 $user_passwd = escape($_POST['user_password']);
00693 $login_method = '';
00694
00695 if($temp = getUserInfo($user_email)) {
00696
00697 $login_status = checkLogin($temp['user_loginmethod'],$temp['user_name'],$user_email,$user_passwd);
00698
00699 if ($login_status)
00700 updateUserPassword($user_email,$user_passwd);
00701 }
00702 else {
00703 global $authmethods;
00704 if(strpos($user_email,'@') > -1) {
00705 $tmp = explode('@',$user_email);
00706 $user_name = $tmp[0];
00707 $user_domain = strtolower($tmp[1]);
00708 }
00709 else $user_name = $user_email;
00710
00711 if(isset($user_domain) && $user_domain==$authmethods['imap']['user_domain']) {
00712 if($login_status = checkLogin('imap',$user_name,$user_email,$user_passwd)) $login_method='imap';
00713 }
00714 elseif(isset($user_domain) && $user_domain==$authmethods['ads']['user_domain']) {
00715 if($login_status = checkLogin('ads',$user_name,$user_email,$user_passwd)) $login_method='ads';
00716 }
00717
00718 elseif(isset($user_domain) && $user_domain==$authmethods['ldap']['user_domain']) {
00719 if(($login_status = checkLogin('ldap',$user_name,$user_email,$user_passwd))) $login_method='ldap';
00720 }
00721
00722 if($login_status) {
00723 $user_fullname = strtoupper($user_name);
00724 $user_md5passwd = md5($user_passwd);
00725 $query = "INSERT INTO `" . MYSQL_DATABASE_PREFIX . "users` " .
00726 "(`user_id`, `user_name`, `user_email`, `user_fullname`, `user_password`, `user_loginmethod`, `user_activated`) " .
00727 "VALUES (DEFAULT, '{$user_name}', '{$user_email}', '{$user_fullname}', '{$user_md5passwd}', '{$login_method}', '1')";
00728 mysql_query($query) or die(mysql_error() . " creating new user !");
00729 }
00730 else displaywarning("Incorrect username and/or password for <b>".(isset($user_domain)?$user_domain."</b> domain!":$user_name."</b> user"));
00731 }
00732
00733 if($login_status) {
00734 $temp = getUserInfo($user_email);
00735 if (!$temp['user_activated']) {
00736 displayinfo("The e-mail has not yet been verified. Kindly check your email and click on verification link. <br /><input type=\"button\" onclick=\"history.go(-1)\" value=\"Go back\" />");
00737
00738
00739 }
00740 else {
00741 $query = "UPDATE `" . MYSQL_DATABASE_PREFIX . "users` SET `user_lastlogin`=NOW() WHERE `" . MYSQL_DATABASE_PREFIX . "users`.`user_id` =$temp[user_id]";
00742 mysql_query($query) or die(mysql_error() . " in login.lib.L:111");
00743 $_SESSION['last_to_last_login_datetime']=$temp['user_lastlogin'];
00744 setAuth($temp['user_id']);
00745
00746
00747
00748 return $temp['user_id'];
00749 }
00750 }
00751 else {
00752 displaywarning("Wrong E-mail or password. <a href='./+login&subaction=resetPasswd'>Lost Password?</a><br />");
00753 return loginForm($allow_login_result[0]);
00754 }
00755 }
00756 return 0;
00757 } else {
00758 showCookieWarning();
00759 return 0;
00760 }
00761 }
00762 }
00763
00764
00765
00766
00767