".$clang->gT("Data for username and one time password was received but the usage of one time passwords is disabled at your configuration settings. Please add the following line to config.php to enable one time passwords: ")."
"; $loginsummary .= '
$use_one_time_passwords = true;
'; $loginsummary .= "

".$clang->gT("Continue")."
\n"; } //Data was passed, using one time passwords is enabled else { //check if user exists in DB $query = "SELECT uid, users_name, password, one_time_pw FROM ".db_table_name('users')." WHERE users_name=".$connect->qstr($user); $ADODB_FETCH_MODE = ADODB_FETCH_ASSOC; //Checked $result = $connect->SelectLimit($query, 1) or safe_die ($query."
".$connect->ErrorMsg()); if(!$result) { echo "
".$connect->ErrorMsg(); } if ($result->RecordCount() < 1) { // wrong or unknown username $loginsummary = sprintf($clang->gT("No one-time password found for user %s"),htmlspecialchars($user))."
"; session_regenerate_id(); } else { //get one time pw from db $srow = $result->FetchRow(); $otpw = $srow['one_time_pw']; //check if passed password and one time password from database DON'T match if($pw != $otpw) { //no match -> warning $loginsummary = "
".sprintf($clang->gT("Passed one time password doesn't match one time password for user %s")," ".htmlspecialchars($user)."")."
"; $loginsummary .= "

".$clang->gT("Continue")."
\n"; } //both passwords match else { //delete one time password in database $uquery = "UPDATE ".db_table_name('users')." SET one_time_pw='' WHERE users_name='".db_quote($user)."'"; $uresult = $connect->Execute($uquery); //data necessary for following functions $_SESSION['user'] = $srow['users_name']; $_SESSION['checksessionpost'] = randomkey(10); $_SESSION['loginID'] = $srow['uid']; GetSessionUserRights($_SESSION['loginID']); // Check if the user has changed his default password if (strtolower($srow['password'])=='password') { $_SESSION['pw_notify']=true; } else { $_SESSION['pw_notify']=false; } //delete passed information unset($_GET['user']); unset($_GET['onepass']); } //else -> passwords match } //else -> password found } //else -> one time passwords enabled } //else -> one time passwords set } //else -> data was passed by URL // check data for login if( isset($_POST['user']) && isset($_POST['password']) || ($action == "forgotpass") || ($action == "login") || ($action == "logout") || ($useWebserverAuth === true && !isset($_SESSION['loginID'])) ) // added by Dennis { include("usercontrol.php"); } // login form if(!isset($_SESSION['loginID']) && $action != "forgotpass" && ($action != "logout" || ($action == "logout" && !isset($_SESSION['loginID'])))) // && $action != "login") // added by Dennis { if($action == "forgotpassword") { $loginsummary = ' '; } elseif (!isset($loginsummary)) { // could be at login or after logout $refererargs=''; // If this is a direct access to admin.php, no args are given // If we are called from a link with action and other args set, get them if (isset($_SERVER['QUERY_STRING']) && $_SERVER['QUERY_STRING']) { $refererargs = html_escape($_SERVER['QUERY_STRING']); } $hidden_loginlang = ""; if (!isset($logoutsummary)) { $loginsummary = "

".$clang->gT("You have to login first.")."

"; } else { $loginsummary = "
".$logoutsummary."

"; } $loginsummary .= "

".$clang->gT("Username")."
".$clang->gT("Password")."
".$clang->gT("Language")."	\n" . "
	$hidden_loginlang \n
	".$clang->gT("Forgot Your Password?")." \n

"; $loginsummary .= " \n"; } } if (isset($loginsummary)) { $adminoutput.= "\n" ."\t\n" ."\t\t\n"; $adminoutput.= "\t\n"; $adminoutput.= "

\n"; if(isset($_SESSION['loginID'])) { $adminoutput.= showadminmenu(); } $adminoutput.= $loginsummary; $adminoutput.= "\t\t

\n"; } ?>

'.$clang->gT('Username').'
'.$clang->gT('Email').'

	'.$clang->gT('Main Admin Screen').'