";
$msg = null;
if ($action=='login') {
if (!$username) {
$msg = "Couldn't login. You didn't input a username.";
} else {
$username = trim($username);
$useridn = checkusername(stripslashes($username));
$userid = checkuser($username,$password);
if ($useridn === -1) {
$msg = "No user with that username exists.
If you aren't sure if you have an account, check the memberlist or register a new account.";
} elseif ($userid !== -1) {
$pwhash = $sql->resultq("SELECT `password` FROM `users` WHERE `id` = '$userid'");
$verify = create_verification_hash($verifyid, $pwhash);
setcookie('loguserid',$userid,2147483647, "/", $_SERVER['SERVER_NAME'], false, true);
setcookie('logverify',$verify,2147483647, "/", $_SERVER['SERVER_NAME'], false, true);
$msg = "You are now logged in as $username.
".redirect('index.php','the board',2);
$show_form = false;
} else {
$sql->query("INSERT INTO `failedlogins` SET `time` = '". ctime() ."', `username` = '". $username ."', `password` = '". $password ."', `ip` = '". $_SERVER['REMOTE_ADDR'] ."'");
$fails = $sql->resultq("SELECT COUNT(`id`) FROM `failedlogins` WHERE `ip` = '". $_SERVER['REMOTE_ADDR'] ."' AND `time` > '". (ctime() - 1800) ."'");
// Keep in mind, it's now not possible to trigger this if you're IP banned
// when you could previously, making extra checks to stop botspam not matter
// @xk_ircsend("102|". xk(14) ."Failed attempt". xk(8) ." #$fails ". xk(14) ."to log in as ". xk(8) . $username . xk(14) ." by IP ". xk(8) . $_SERVER['REMOTE_ADDR'] . xk(14) .".");
// report("mod", "Failed attempt **#$fails** to log in as **$username** by IP " . $_SERVER['REMOTE_ADDR'] . ".");
if ($fails >= 10) {
$sql->query("INSERT INTO `ipbans` SET `ip` = '". $_SERVER['REMOTE_ADDR'] ."', `date` = '". ctime() ."', `reason` = 'Too many failed login attempts. Send e-mail for password recovery'");
@xk_ircsend("102|". xk(7) ."Auto-IP banned ". xk(8) . $_SERVER['REMOTE_ADDR'] . xk(7) ." for this.");
report("mod", "Auto-IP banned " . $_SERVER['REMOTE_ADDR'] . "for this.");
@xk_ircsend("1|". xk(7) ."Auto-IP banned ". xk(8) . $_SERVER['REMOTE_ADDR'] . xk(7) ." for repeated failed logins.");
report("super", "Auto-IP banned " . $_SERVER['REMOTE_ADDR'] . "for repeated failed logins.");
}
$msg = "Couldn't login. The password you entered doesn't match.
If you've forgotten your password, join Discord (sorry) or email me at xkeeper@gmail.com / Discord @xkeeper.";
if ($fails >= 5) {
$msg .= "
Warning: Continued failed attempts will result in a ban.";
}
}
}
// $txt.="$tccell1>$msg
".redirect('index.php','the board',0);
} elseif ($action == 'logout') {
setcookie('loguserid','', time()-3600, "/", $_SERVER['SERVER_NAME'], false, true);
setcookie('logverify','', time()-3600, "/", $_SERVER['SERVER_NAME'], false, true);
// May as well unset this as well
setcookie('logpassword','', time()-3600, "/", $_SERVER['SERVER_NAME'], false, true);
$show_form = false;
$txt.="$tccell1> You are now logged out.
".redirect('index.php','the board',0);
} elseif ($action) { // Just what do you think you're doing
die("error");
// $sql->query("INSERT INTO `ipbans` SET `ip` = '". $_SERVER['REMOTE_ADDR'] ."', `date` = '". ctime() ."', `reason` = 'Generic internet exploit searcher'");
// if (!mysql_error())
// xk_ircsend("1|". xk(7) ."Auto-banned asshole trying to be clever with the login form (action: ".xk(8).$action.xk(7).") with IP ". xk(8) . $_SERVER['REMOTE_ADDR'] . xk(7) .".");
}
if ($msg) {
$txt .= <<
$tccellh>Message
$tccell1>$msg
MSG;
}
if ($show_form) {
$ipaddr = explode('.', $_SERVER['REMOTE_ADDR']);
for ($i = 4; $i > 0; --$i) {
$verifyoptext[$i] = "(".implode('.', $ipaddr).")";
$ipaddr[$i-1] = 'xxx';
}
$txt .= "";
}
print $txt.$tblend.$footer;
printtimedif($startingtime);