0) { $xtr = "&template={$_post['template']}"; } $_val = jmCookie('get',$_COOKIE['JMU_Cookie']); if (strlen($_val['user_nickname']) > 1 && strlen($_val['user_password']) > 1) { $status = getUserData($_val['user_nickname'],$_val['user_password']); if (is_array($status)) { sessionBegin($status); header("Location: {$config['jamroom_index']}?mode=login{$xtr}"); } else { sessionDestroy(); jmCookie('destroy','null'); header("Location: login.php"); } exit; } if (isset($_post['breakout']) && $_post['breakout'] == 'yes') { ob_start(); echo "
"; ob_end_flush(); exit; } elseif ((isset($_post['to']) && $_post['to'] == 'yes') && @is_file($jamroom_db['set_file'])) { ob_start(); jmHtmlBegin($language['login'][1]); jmBodyBegin(); jmShowError($language['login'][20]); jmRefresh($language['login'][19],'login.php','_parent'); jmBodyEnd(); jmHtmlEnd(); ob_end_flush(); exit; } elseif ((isset($_post['mode']) && $_post['mode'] == 'pwreset') && $config['password_changes'] == 'yes') { if ($config['disable_jamroom'] == 'yes') { ob_start(); jmHtmlBegin($language['band'][38]); jmBodyBegin(); jmShowError($config['disable_notice']); jmRefresh($language['login'][19],'login.php','_self'); jmBodyEnd(); jmHtmlEnd(); ob_end_flush(); exit; } if (strlen($_post['template']) > 0) { if (strlen($_post['mailerr']) > 0) { $signup['LOGIN_ERROR'] = $language['login'][7]; unset($_post['mailerr']); } htmlShowTemplate("{$jamroom['jm_dir']}/templates/login/{$_post['template']}",$signup,"{$jamroom['jm_dir']}/templates/login"); exit; } ob_start(); jmHtmlBegin($language['login'][4]); jmBodyBegin('jmAltTable'); jmBeginForm('login.php?mode=forgot'); $style = str_replace('.css','',$config['default_style']); jmSpanCell("",$language['login'][5],'60'); jmShowLine($language['login'][6]); if (!empty($_post['mailerr'])) { jmShowError($language['login'][7]); unset($_post['mailerr']); } jmInput($language['message'][5],'forgot','text'); jmSubmit($language['login'][9]); jmEndForm(); jmRefresh($language['login'][10],'login.php','_self'); jmBodyEnd(); jmHtmlEnd(); ob_end_flush(); exit; } elseif (((empty($_post['jm_user']) && empty($_post['jm_pass'])) && $_post['mode'] != 'forgot') || !empty($_post['logerr'])) { ob_start(); if (strlen($_post['template']) > 0) { if (isset($_post['logerr'])) { if (isset($_post['logerr']) && $_post['logerr'] == 'nonval') { $signup['LOGIN_ERROR'] = 'Your account has not been validated. Please check your email for your Signup Validation link'; } else { $signup['LOGIN_ERROR'] = $language['login'][13]; } unset($_post['logerr']); } htmlShowTemplate("{$jamroom['jm_dir']}/templates/login/{$_post['template']}",$signup,"{$jamroom['jm_dir']}/templates/login"); ob_end_flush(); exit; } jmHtmlBegin($language['login'][1]); jmBodyBegin('jmAltTable'); jmBeginForm('login.php'); $style = str_replace('.css','',$config['default_style']); jmSpanCell("",$language['login'][11],'60'); jmShowLine("{$config['system_name']} {$language['login'][12]}"); if (strlen($_post['logerr']) > 0) { if (isset($_post['logerr']) && $_post['logerr'] == 'nonval') { jmShowError($language['login'][21]); } else { jmShowError($language['login'][13]); } unset($_post['logerr']); } if (isset($config['disable_jamroom']) && $config['disable_jamroom'] == 'yes') { jmShowNotice($config['disable_notice']); } jmInput($language['login'][8],'jm_user','username'); jmInput($language['login'][14],'jm_pass','password'); jmCheckBox($language['login'][22],'jm_cookie',$language['login'][23]); jmSubmit('login'); if (isset($config['password_changes']) && $config['password_changes'] == 'yes') { jmRefresh($language['login'][15],'login.php?mode=pwreset','_self'); } if ((isset($signup['login_signup']) && $signup['login_signup'] == 'yes') && (isset($signup['user_signups']) && $signup['user_signups'] == 'yes')) { if (count(getBandNames('0')) < readMasterConfig(genc('get','czoxOiI1Ijs='))) { jmRefresh($language['login'][16],'signup.php?mode=suser','_self'); } } jmEndForm(); jmBodyEnd(); jmHtmlEnd(); ob_end_flush(); exit; } elseif ((isset($_post['mode']) && $_post['mode'] == 'forgot') && $config['password_changes'] == 'yes') { $req = "SELECT * FROM {$jamroom_db['user']} WHERE user_emailadr = '{$_post['forgot']}' AND user_id != 0 LIMIT 1"; $_rt = dbQuery($req,'SINGLE'); dbClose(); if (strlen($_rt['user_emailadr']) == 0) { sessionDestroy(); header("Location: login.php?mode=pwreset&mailerr=mailerr{$xtr}"); exit; } $np = substr(md5(rand(0,999999)),0,6); $_rt['user_password'] = genc('set',$np); $_rt['admin_changed'] = 'yes'; $var = setData($_rt['user_id'],'user',$_rt); if ($var != '1') { jmLogger(0,'CRI',"(login.php) {$_post['mode']}: error updating user information for {$_rt['user_nickname']} - verify database connection"); jmErrorPage("{$language['login'][17]}"); } else { jmLogger(0,'INF',"(login.php) {$_post['mode']}: password reset request for ({$_rt['user_nickname']}) - new password sent to {$_rt['user_emailadr']}"); $_sub = array( '{USERNAME}' => urldecode($_rt['user_nickname']), '{PASSWORD}' => $np, '{JAMROOM_URL}' => $jamroom['jm_htm'] ); if (strlen($config['password_subject']) == 0) { $config['password_subject'] = 'Jamroom Password Reset'; } $config['password_subject'] = urldecode($config['password_subject']); $config['password_body'] = urldecode($config['password_body']); emailForm($_rt['user_emailadr'],$config['password_subject'],$config['password_body'],$_sub); if (strlen($_post['template']) > 0) { $_rt['user_nickname'] = urldecode($_rt['user_nickname']); htmlShowTemplate("{$jamroom['jm_dir']}/templates/login/{$_post['template']}",$_rt,"{$jamroom['jm_dir']}/templates/login"); exit; } ob_start(); jmHtmlBegin($language['band'][38]); jmBodyBegin(); jmShowSuccess($language['login'][18]); jmRefresh($language['login'][19],'login.php','_self'); jmBodyEnd(); jmHtmlEnd(); ob_end_flush(); exit; } } elseif (!empty($_post['jm_user']) && !empty($_post['jm_pass'])) { $status = getUserData($_post['jm_user'],genc('set',$_post['jm_pass'])); $brute_ip = getIpOctets($jamroom['ip_address'],3); if (!is_array($status)) { sessionDestroy(); jmCookie('destroy','null'); $_post['jm_user'] = dbEscapeString($_post['jm_user']); $req = "SELECT * FROM {$jamroom_db['user']} WHERE user_nickname = '{$_post['jm_user']}' AND user_deleted = 'new' LIMIT 1"; $_rt = dbQuery($req,'SINGLE'); if (strlen($_rt['user_nickname']) > 0) { header("Location: login.php?logerr=nonval{$xtr}"); exit; } sleep(1); $req = "SELECT temp_int FROM {$jamroom_db['temp']} WHERE temp_key = 'jr_login_attempts' AND temp_varchar = '{$brute_ip}' LIMIT 1"; $_rt = dbQuery($req,'SINGLE'); if (is_numeric($_rt['temp_int']) && $_rt['temp_int'] > 0) { $req = "UPDATE {$jamroom_db['temp']} SET temp_int = (temp_int + 1) WHERE temp_key = 'jr_login_attempts' AND temp_varchar = '{$brute_ip}' LIMIT 1"; $_rt['temp_int']++; } else { $req = "INSERT INTO {$jamroom_db['temp']} (temp_key,temp_int,temp_varchar) VALUES('jr_login_attempts',1,'{$brute_ip}')"; $_rt['temp_int'] = 1; } $cnt = dbQuery($req,'COUNT'); sleep($_rt['temp_int'] * 3); jmLogger(0,'MAJ',"(login.php) unsuccessful login attempt for user ({$_post['jm_user']}) - attempt {$_rt['temp_int']}"); header("Location: login.php?logerr=pword{$xtr}"); exit; } else { $req = "DELETE FROM {$jamroom_db['temp']} WHERE temp_key = 'jr_login_attempts' AND temp_varchar = '{$brute_ip}'"; $cnt = dbQuery($req,'COUNT'); if ((isset($config['disable_jamroom']) && $config['disable_jamroom'] == 'yes') && $status['user_id'] != '0') { ob_start(); jmHtmlBegin($language['band'][38]); jmBodyBegin(); jmShowError($config['disable_notice']); jmRefresh($language['login'][19],'login.php','_self'); jmBodyEnd(); jmHtmlEnd(); ob_end_flush(); exit; } sessionBegin($status); if (isset($_post['jm_cookie']) && $_post['jm_cookie'] == 'on') { jmCookie('set',array($_post['jm_user'],genc('set',$_post['jm_pass']))); } else { jmCookie('destroy','null'); } jmLogger(0,'INF',"(login.php) user ({$status['user_nickname']}) login successful"); $tim = time(); $req = "UPDATE {$jamroom_db['user']} SET user_updated = {$tim}, user_ip = '{$jamroom['ip_address']}' WHERE user_id = {$status['user_id']} LIMIT 1"; $cnt = dbQuery($req,'COUNT'); if ($cnt != 1) { jmLogger(0,'MAJ',"unable to update user_updated time for user_id {$status['user_id']} ({$status['user_nickname']})"); } if ($status['user_id'] == 0) { header("Location: {$config['jamroom_index']}?mode=login&menu=show_config"); } else { header("Location: {$config['jamroom_index']}?mode=login"); } exit; } } else { sessionDestroy(); jmCookie('destroy','null'); unset($_post['logerr']); if ((!empty($_post['jm_user']) && empty($_post['jm_pass'])) || (empty($_post['jm_user']) && !empty($_post['jm_pass']))) { header("Location: login.php?logerr=logerr{$xtr}"); } else { header("Location: login.php{$xtr}"); } exit; } ?>