60) {
$_SESSION['last_access'] = time();
}
if (isset($_POST['command']) && $_POST['command'] == 'Logout') {
$past = time() - 3600;
foreach ($_COOKIE as $key => $value) {
setcookie($key, $value, $past, '/');
}
$_SESSION = array();
session_destroy();
$logmeout = true;
} else {
$logmeout = false;
}
include ("config.inc.php");
include ("newsportal.php");
$ip_pass = false;
if (! isset($_SESSION['remote_address'])) {
$_SESSION['remote_address'] = $_SERVER['REMOTE_ADDR'];
$_SESSION['start_address'] = $_SESSION['remote_address'];
$ip_pass = true;
} else {
if ($_SERVER['REMOTE_ADDR'] != $_SESSION['start_address']) {
$ip_pass = false;
} else {
$ip_pass = true;
}
}
if ($logmeout) {
include "head.inc";
echo "
";
echo "
You have been logged out
";
echo '';
echo '
';
include "tail.inc";
exit(0);
}
if (isset($_COOKIE['tzo'])) {
$offset = $_COOKIE['tzo'];
} else {
$offset = $CONFIG['timezone'];
}
if (! isset($_POST['command'])) {
$_POST['command'] = null;
}
$keyfile = $spooldir . '/keys.dat';
$keys = unserialize(file_get_contents($keyfile));
$title .= ' - User Configuration';
include "head.inc";
if (disable_page_by_user_agent($client_device, "bot", "User")) {
echo "Page Disabled";
include "tail.inc";
exit();
}
// How long should cookie allow user to stay logged in?
// 14400 = 4 hours
$auth_expire = 14400;
$logged_in = false;
if (! isset($_POST['username'])) {
$_POST['username'] = $_COOKIE['mail_name'];
}
$name = $_POST['username'];
if (! isset($_POST['password'])) {
$_POST['password'] = null;
}
if (! isset($_COOKIE['mail_auth'])) {
$_COOKIE['mail_auth'] = null;
}
if ((password_verify($_POST['username'] . $keys[0] . get_user_config($_POST['username'], 'encryptionkey'), $_COOKIE['mail_auth'])) || (password_verify($_POST['username'] . $keys[1] . get_user_config($_POST['username'], 'encryptionkey'), $_COOKIE['mail_auth']))) {
// if (((get_user_mail_auth_data($_COOKIE['mail_name'])) && password_verify($_POST['username'] . $keys[0] . get_user_config($_POST['username'], 'encryptionkey'), $_COOKIE['mail_auth'])) || (password_verify($_POST['username'] . $keys[1] . get_user_config($_POST['username'], 'encryptionkey'), $_COOKIE['mail_auth']))) {
$logged_in = true;
} else {
if (check_bbs_auth($_POST['username'], $_POST['password'])) {
if ($ip_pass) {
$_SESSION['pass'] = true;
}
$authkey = password_hash($_POST['username'] . $keys[0] . get_user_config($_POST['username'], 'encryptionkey'), PASSWORD_DEFAULT);
$pkey = hash('crc32', get_user_config($_POST['username'], 'encryptionkey'));
set_user_config(strtolower($_POST['username']), "pkey", $pkey);
?>
';
echo 'Configuration / ';
echo htmlspecialchars($_POST['username']) . '';
} else {
echo '';
echo 'user login / ';
echo htmlspecialchars($_POST['username']) . '
';
}
echo '';
if (isset($_POST['username'])) {
$name = $_POST['username'];
// Save name in cookie
if ($setcookies == true) {
setcookie("mail_name", stripslashes($name), time() + (3600 * 24 * 90), '/');
}
} else {
if ($setcookies) {
if ((isset($_COOKIE["mail_name"])) && (! isset($name))) {
$name = $_COOKIE["mail_name"];
} else {
$name = '';
}
}
}
if ($logged_in !== true) {
echo '';
exit(0);
}
$user = strtolower($_POST['username']);
$_SESSION['username'] = $user;
unset($user_config);
$userfile = $spooldir . '/' . $user . '-articleviews.dat';
if (is_file($userfile)) {
$userdata = unserialize(file_get_contents($userfile));
}
// Show Logged-In Message
if ($_POST['command'] != 'Configuration' && $_POST['command'] != 'SaveConfig') {
if (isset($_POST['source'])) {
$link = explode(':', $_POST['source']);
$golink = 'Continue to ' . $link[0] . '';
}
echo "";
echo "
You are logged in as " . $_POST['username'] . "
";
echo "" . $golink . "
";
echo '';
}
// Apply Config
if (isset($_POST['command']) && $_POST['command'] == 'SaveConfig') {
if ($OVERRIDES['disable_change_name'] != true) {
if (trim($_POST['display_name']) == '') {
$_POST['display_name'] = $user;
}
if (trim($_POST['display_email']) == '') {
$_POST['display_email'] = get_user_config($user, 'email');
}
// Don't allow using already existing username or alias
$value = get_user_config($_POST['display_name'], 'encryptionkey');
if (! $value) {
$value = get_config_file_value($config_dir . '/aliases.conf', strtolower($_POST['display_name']));
// Alias exists if $value is true
if (strtolower($value) == $user) {
// But it's our alias so it's ok to use
$value = false;
}
}
if(isset($OVERRIDES['reserved_names'])) {
$reserved_names = $OVERRIDES['reserved_names'];
} else {
$reserved_names = array("admin", "sysop");
}
if(isset($OVERRIDES['duplicate_aliases'])) {
$dupe_ok = $OVERRIDES['duplicate_aliases'];
} else {
$dupe_ok = false;
}
foreach($reserved_names as $name) {
if(strtolower($_POST['display_name']) == strtolower($name)) {
// It's a reserved alias
echo '' . $_POST['display_name'] . " is unavailable.
Please try again";
echo '