id=$_SESSION['uid']; $this->initlogin(); return; } //cokkie if(isset($_COOKIE['cuid']) && isset($_COOKIE['cusername']) && isset($_COOKIE['cpassword'])) { global $conn,$lm_rand; $row=$conn->GetRow("SELECT * FROM #__users WHERE id=".$_COOKIE['cuid']); if($_COOKIE['cusername']==$row['username'] && $_COOKIE['cpassword']==md5($lm_rand.$row['password']) ) { $this->id=$_COOKIE['cuid']; $this->initlogin(); } } } function initlogin() { global $conn,$lm_rand,$lm_website; $row=$conn->GetRow("SELECT * FROM #__users WHERE id=".$this->id); $this->gid=$row['gid']; $this->name=$row['name']; $this->username=$row['username']; $this->email=$row['email']; $etime=60*15; // fifteen minutes if(isset($_POST['remember'])){$etime=3600*24*14;} $_SESSION['uid']=$this->id; setcookie("cuid",$this->id, time()+$etime); setcookie("cusername",$row['username'], time()+$etime); setcookie("cpassword",md5($lm_rand.$row['password']), time()+$etime); } function logout() { global $lm_website,$limbocore,$conn; setcookie("cuid","", time()-3600*24*14); setcookie("cusername","", time()-3600*24*14); setcookie("cpassword","", time()-3600*24*14); $conn->Execute("DELETE FROM #__simple_stats WHERE id>1 AND ip='".$_SERVER['REMOTE_ADDR']."'"); session_destroy(); $limbocore->redir($lm_website."index.php"); } function login() { global $lm_website,$conn,$limbocore; $username = $_POST['username']; $password = $_POST['password']; if(!isset($username) || !isset($password) || $username=='' || $password=='' ) { echo "\n"; exit(); } $rs=$conn->Execute("SELECT * FROM #__users WHERE username = '".dbencode($username)."' AND password = '".md5($password)."'"); if($rs && $rs->RecordCount()>0) { $rsa=$rs->GetArray(); if(!$rsa[0]['published']){ echo "\n"; exit(); } $this->id=$rsa[0]['id']; $conn->Execute("DELETE FROM #__simple_stats WHERE id>1 AND ip='".$_SERVER['REMOTE_ADDR']."'"); $this->initlogin(); $conn->Execute("UPDATE #__users SET lastvisitDate ='".time()."' WHERE id = ".$this->id); $limbocore->redir($lm_website."index.php"); exit(); }else { echo "\n"; exit(); } } function admin_login() { global $conn,$limbocore; $username = $_POST['login_username']; $password = $_POST['login_password']; $rs=$conn->Execute("SELECT id,name,username,published,gid FROM #__users WHERE username = '".dbencode($username)."' AND password = '".md5($password)."'"); if($rs && $rs->RecordCount()>0) { $rsa=$rs->GetArray(); if(!$rsa[0]['published']){ echo "\n"; exit(); } $this->id=$rsa[0]['id']; session_destroy(); $this->initlogin(); return; }else { return; } } function isuser() { if($this->id)return true; else return false; } function isadmin() { if($this->id && $this->gid==5 ) return true; else return false; } /* a very very basic and light ACL */ function isauth($action) { $level[1]=''; $level[2]='=edit_content='; $level[3]='=admin_login=admin_content=admin_help='.$level[2]; $level[4]='=admin_templates=admin_language=admin_menu=admin_components=admin_modules='.$level[3]; $level[5]=''; if($this->id ) { switch($this->gid){ case 1: return false; case 2: if(strstr($level[2],$action))return true; else return false; case 3: if(strstr($level[3],$action))return true; else return false; case 4: if(strstr($level[4],$action))return true; else return false; case 5: return true; } } else return false; } function register() { global $conn; global $reg_name,$reg_email,$reg_username,$reg_password,$time; /* check for username and email */ $urow=$conn->Execute("SELECT id FROM #__users WHERE username='".dbencode($reg_username)."'"); if($urow && $urow->RecordCount()>0) { echo "\n"; exit(); } $urow=$conn->Execute("SELECT id FROM #__users WHERE email='".dbencode($reg_email)."'"); if($urow && $urow->RecordCount()>0) { echo "\n"; exit(); } $conn->Execute("INSERT INTO #__users (name,username,email,password,registerDate) VALUES ('".dbencode($reg_name)."','".dbencode($reg_username)."','".dbencode($reg_email)."','".md5($reg_password)."','$time')" ); } function update() { global $conn; global $lm_name,$lm_email,$lm_username,$lm_password; /* check for username and email */ $urow=$conn->Execute("SELECT id FROM #__users WHERE username='".dbencode($lm_username)."' AND id<>".$this->id); if($urow && $urow->RecordCount()>0) { echo "\n"; exit(); } $urow=$conn->Execute("SELECT id FROM #__users WHERE email='".dbencode($lm_email)."' AND id<>".$this->id); if($urow && $urow->RecordCount()>0) { echo "\n"; exit(); } $conn->Execute("UPDATE #__users SET name='".dbencode($lm_name)."',username='".dbencode($lm_username)."',email='".dbencode($lm_email)."',password='".md5($lm_password)."' WHERE id=".$this->id); } } $my = new Auth(); if(!$my->id){ $access_sql="AND access < 1"; //public accss }else { $access_sql="AND access < 2"; //redgistered access } ?>