Bravo List - View Single Post - where to find $CURUSER where it being created?...

rootKID · #5 7th July 2012, 19:55

okay, thanks... just one question,

what do i need to edit if i wish to put more users into the tracker?...

i mean, i know i have to define them inside config, but i also know that i need to define them other places... where would that be to be exact?... thanks :)...

EDIT:

this is the login.php page:

PHP Code:


			
<?php

require_once("include/bittorrent.php");

echo stdhead("Login");

?>











<form method="post" action="takelogin.php">

<table class="login_table" align="center" border="1">



<tr>

<td>Username</td>

<td><input type="text" name="username" id="username" size="35" /></td>

</tr>



<tr>

<td>Password</td>

<td><input type="password" name="password" id="password" size="35" /></td>

</tr>



<tr>

<td align="center" colspan="2"><input type="submit" name="login_submit" value="Login Now!" /></td>

</tr>



</table>

</form>











<?php

echo stdfooter();

?>

and this is the takelogin.php page:

PHP Code:


			
<?php

require_once 'include/bittorrent.php';

require_once "include/password_functions.php";

echo stdhead("Login");



if (!mkglobal('username:password'))

die();

$lang = array_merge(load_language('takelogin'));





$res = mysql_query("SELECT id, passhash, secret, enabled FROM users WHERE username = " . sqlesc($username) . " AND status = 'confirmed'");

$row = mysql_fetch_assoc($res);



if (!$row)

stderr($lang['tlogin_failed'], 'Username or password incorrect');



if ($row['passhash'] != make_passhash($row['secret'], md5($password)))

stderr($lang['tlogin_failed'], 'Username or password incorrect');



if ($row['enabled'] == 'no')

stderr($lang['tlogin_failed'], $lang['tlogin_disabled']);



logincookie($row['id'], $row['passhash']);



header("Location: {$SS['baseurl']}/index.php");



echo stdfooter();

?>

and inside bittorrent.php userlogin:

PHP Code:


			
function userlogin() {

global $SS;

unset($GLOBALS["CURUSER"]);



$ip = getip();

$nip = ip2long($ip);



require_once "cache/bans_cache.php";

if(count($bans) > 0)

{

    foreach($bans as $k) {

        if($nip >= $k['first'] && $nip <= $k['last']) {

        header("HTTP/1.0 403 Forbidden");

        print "<html><body><h1>403 Forbidden</h1>Unauthorized IP address. Please, piss off... you had your chance.</body></html>\n";

        exit();

        }

    }

    unset($bans);

}

if (!$SS['site_online'] || !get_mycookie('uid') || !get_mycookie('pass'))

    return;

$id = 0 + get_mycookie('uid');

if (!$id || strlen( get_mycookie('pass') ) != 32)

    return;

$res = mysql_query("SELECT * FROM users WHERE id = $id AND enabled='yes' AND status = 'confirmed'");// or die(mysql_error());

$row = mysql_fetch_assoc($res);

if (!$row)

    return;



if (get_mycookie('pass') !== $row["passhash"])

    return;

mysql_query("UPDATE users SET last_access='" . TIME_NOW . "', ip=".sqlesc($ip)." WHERE id=" . $row["id"]);// or die(mysql_error());

$row['ip'] = $ip;

$GLOBALS["CURUSER"] = $row;

}

ideas?...
PS: is userlogin the only thing i need to get the login page to work? 'O_o...