".$clang->gT("Data for username and one time password was received but the usage of one time passwords is disabled at your configuration settings. Please add the following line to config.php to enable one time passwords: ")."
"; $loginsummary .= '
$use_one_time_passwords = true;
'; $loginsummary .= "

".$clang->gT("Continue")."
\n"; } //Data was passed, using one time passwords is enabled else { //check if user exists in DB $query = "SELECT uid, users_name, password, one_time_pw, dateformat, full_name, htmleditormode, questionselectormode, templateeditormode FROM ".db_table_name('users')." WHERE users_name=".$connect->qstr($user); $ADODB_FETCH_MODE = ADODB_FETCH_ASSOC; //Checked $result = $connect->SelectLimit($query, 1) or safe_die ($query."
".$connect->ErrorMsg()); if(!$result) { echo "
".$connect->ErrorMsg(); } if ($result->RecordCount() < 1) { // wrong or unknown username $loginsummary = sprintf($clang->gT("No one-time password found for user %s"),htmlspecialchars($user))."
"; if ($sessionhandler=='db') { adodb_session_regenerate_id(); } else { session_regenerate_id(); } } else { //get one time pw from db $srow = $result->FetchRow(); $otpw = $srow['one_time_pw']; //check if passed password and one time password from database DON'T match if($pw != $otpw) { //no match -> warning $loginsummary = "

".$clang->gT("Passed single-use password was wrong or user doesn't exist")."
"; $loginsummary .= "

".$clang->gT("Continue")."
\n"; } //both passwords match else { //delete one time password in database $uquery = "UPDATE ".db_table_name('users')." SET one_time_pw='' WHERE users_name='".db_quote($user)."'"; $uresult = $connect->Execute($uquery); //data necessary for following functions $_SESSION['user'] = $srow['users_name']; $_SESSION['checksessionpost'] = sRandomChars(10); $_SESSION['loginID'] = $srow['uid']; $_SESSION['dateformat'] = $srow['dateformat']; $_SESSION['htmleditormode'] = $srow['htmleditormode']; $_SESSION['questionselectormode'] = $srow['questionselectormode']; $_SESSION['templateeditormode'] = $srow['templateeditormode']; $_SESSION['full_name'] = $srow['full_name']; GetSessionUserRights($_SESSION['loginID']); // Check if the user has changed his default password if (strtolower($srow['password'])=='password') { $_SESSION['pw_notify']=true; $_SESSION['flashmessage']=$clang->gT("Warning: You are still using the default password ('password'). Please change your password and re-login again."); } else { $_SESSION['pw_notify']=false; } //delete passed information unset($_GET['user']); unset($_GET['onepass']); } //else -> passwords match } //else -> password found } //else -> one time passwords enabled } //else -> one time passwords set } //else -> data was passed by URL // check data for login if( isset($_POST['user']) && isset($_POST['password']) || ($action == "forgotpass") || ($action == "login") || ($action == "logout") || ($useWebserverAuth === true && !isset($_SESSION['loginID'])) ) { include("usercontrol.php"); } // login form if(!isset($_SESSION['loginID']) && $action != "forgotpass" && ($action != "logout" || ($action == "logout" && !isset($_SESSION['loginID'])))) // && $action != "login") // added by Dennis { if($action == "forgotpassword") { $loginsummary = '

'; } elseif (!isset($loginsummary)) { // could be at login or after logout $refererargs=''; // If this is a direct access to admin.php, no args are given // If we are called from a link with action and other args set, get them if (isset($_SERVER['QUERY_STRING']) && $_SERVER['QUERY_STRING']) { $refererargs = html_escape($_SERVER['QUERY_STRING']); } //include("database.php"); $sIp = getIPAddress(); $query = "SELECT * FROM ".db_table_name('failed_login_attempts'). " WHERE ip='$sIp';"; $ADODB_FETCH_MODE = ADODB_FETCH_ASSOC; $result = $connect->query($query) or safe_die ($query."
".$connect->ErrorMsg()); $bCannotLogin = false; $intNthAttempt = 0; if ($result!==false && $result->RecordCount() >= 1) { $field = $result->FetchRow(); $intNthAttempt = $field['number_attempts']; if ($intNthAttempt>=$maxLoginAttempt){ $bCannotLogin = true; } $iLastAttempt = strtotime($field['last_attempt']); if (time() > $iLastAttempt + $timeOutTime){ $bCannotLogin = false; $query = "DELETE FROM ".db_table_name('failed_login_attempts'). " WHERE ip='$sIp';"; $result = $connect->query($query) or safe_die ($query."
".$connect->ErrorMsg()); } } $loginsummary =""; if (!$bCannotLogin) { if (!isset($logoutsummary)) { $loginsummary = "

".$clang->gT("You have to login first.")."

"; } else { $loginsummary = "
".$logoutsummary."

"; } $loginsummary .= "".$clang->gT("Username")." ".$clang->gT("Password")." ".$clang->gT("Language")." \n

"; } else{ $loginsummary .= "

".sprintf($clang->gT("You have exceeded you maximum login attempts. Please wait %d minutes before trying again"),($timeOutTime/60))."

"; } if ($display_user_password_in_email === true) { $loginsummary .= "

".$clang->gT("Forgot Your Password?")."
\n"; } $loginsummary .= "

"; $loginsummary .= " \n"; } }

'.$clang->gT('You have to enter user name and email.').'

".$clang->gT("You have to login first.")."