session_start();
header('Last-Modified: '.date('D, d M Y H:i:s T')); // always modified
header('Expires: 0'); // always already expired
header('Pragma: no-cache'); // HTTP/1.0
header('Cache-Control: private, no-store, no-cache, must-revalidate, max-age=0'); // HTTP/1.1
header('Cache-Control: post-check=0, pre-check=0', false); // for IE 5+
$action =(isset($_REQUEST["action"])? $_REQUEST["action"] : "");
$deadline = "2015-07-15 20:00:00";
$deadlineDate = new DateTime($deadline);
if (isset($_GET["chglang"])) $_SESSION["lang"] = $_GET["chglang"];
if (!isset($_SESSION["lang"]))
{
if (strstr($_SERVER["HTTP_ACCEPT_LANGUAGE"], "de"))
$_SESSION["lang"]="ger";
else
$_SESSION["lang"]="eng";
}
#$_SESSION["lang"]="eng";
include("config.inc.php");
include("../functions.inc.php");
include("lang-". $_SESSION["lang"] . ".inc.php");
$loginEnabled = false;
/*
if ($loginEnabled == false && $pageState == "after")
{
$intCurrentEF++;
}*/
// Was a login requested?
$err = "";
if ($action == "login")
{
if (!isset($_POST["userID"]) || $_POST["userID"] == "")
$err = $langErrorNoID . "
" . $err;
if (!isset($_POST["userLogin"]) || $_POST["userLogin"] == "")
$err = $langErrorNoLogin . "
" . $err;
if (!isset($_POST["userPass"]) || $_POST["userPass"] == "")
{
$err = $langErrorNoPass . "
" . $err;
}
else
{
$salt = substr(crypt($_POST["userID"], "ef"), 0, 2);
$cryptPassword = crypt($_POST["userPass"], $salt);
}
if ($err == "")
{
//$link = mysql_connect($mysqlHost,$mysqlUser,$mysqlPass)result = mysql($mysqlEFDB,"select id, nick, flags from members where id=\"". $_POST["userID"] . "\" AND flags like \"%suit%\"");
//$row=mysql_fetch_array($result);
//Prepare Array for Authcheck
// make Data for CURL instead:
/* $data = array('id' => strtolower($_POST["userID"]),
'nick' => stripslashes($_POST["userLogin"]),
'password' => $_POST["userPass"]);*/
$data = "id=" . urlencode(strtolower(trim($_POST["userID"]))) .
"&nick=" . urlencode(stripslashes($_POST["userLogin"])) .
"&password=" . urlencode($_POST["userPass"]);
// 'nick' => strtolower(stripslashes($_POST["userLogin"])),
//Send Authrequest
// list($header, $content) = PostRequest($authURL, "http://fursuit.eurofurence.org", $data);
$content = PostRequestNew($authURL, "http://fursuit.eurofurence.org", $data);
// Backup for SQL
// if ((strtolower($row["id"]) == strtolower($_POST["userID"])) && (utf8_encode(strtolower($row["nick"])) == strtolower(stripslashes($_POST["userLogin"]))) && ($row["password"] == $cryptPassword))
$content = substr($content, 0, (strlen($content) -1));
///echo "|" . $content . "|";
if ($content == "Login OK")
{
$_SESSION["userID"] = $_POST["userID"];
$_SESSION["userLogin"] = stripslashes($_POST["userLogin"]);
$_SESSION["userPass"] = $cryptPassword;
$_SESSION["loggedin"] = true;
$action = "loggedin";
}
else
{
// Logging
/* $file = fopen ( "loginfailbananansqueezeblahding.txt", "a");
fwrite($file, $_POST["userID"] . ", " . $_POST["userLogin"] . ", " . $_POST["userPass"] . ", [");
foreach($data as $key => $value)
{
fwrite($file,$value.", ");
}
fwrite($file,"], " . $content . ", " . $_SERVER['HTTP_USER_AGENT'] . "\n");
fclose($file); */
// /Logging
$err = "User " . $_POST["userLogin"] . " or password not found in Database
Please check your login data.
$content.";
$action = "loginfail";
}
//mysql_close($link);
}
}
#if ($action == "logout")
#{ session_unset();
# $_SESSION=array();
#}
if ($action == "checkvote")
{ if (isset($_REQUEST['answer']))
{
$link = mysql_connect($mysqlHost,$mysqlUser,$mysqlPass);
mysql_select_db($mysqlDB);
$resultVoting = mysql_query("select * from votingEF". $intCurrentEF. " where regNum=\"". $_SESSION["userID"] . "\"");
if (mysql_num_rows($resultVoting) == 0)
{
if ($_REQUEST['answer'] == "1" || $_REQUEST['answer'] == "2")
{
$action = "yesVoteIsOkay6wqmJuj3EF6oybiD1sCt";
}
else
{
$action = "";
$err = $langErrNoAnswer;
}
}
else
{
$action = "";
}
mysql_free_result($resultVoting);
mysql_close($link);
}
else
{
$action = "";
$err = $langErrNoAnswer;
}
}
$dateNow = new DateTime();
?>
switch ($action) { case ("logout"): session_unset(); $_SESSION=array(); ?> |