Okay, the problem is back. I upgraded to 1.2.3, it even says it's 1.2.3, but recently it happened again, and now my users can no longer login. Again. Here's the php:
Code:
<?php
include("inc/functions.php");
//***************//
// START SCRIPT //
//***************//
if($isloggedin == "yes"){
$article_title = $langislog;
$article_content = $langislogfull;
}
else{
//User is not logged in, so let's attempt to log them in...
$username = $_POST["username"];
$username = secure($username);
$password = $_POST["password"];
$password = secure($password);
//User is not logged in
$loginform = "<form name='form1' method='post' action='login.php'>
<p>Username:
<input name='username' type='text' id='username'>
</p>
<p>Password:
<input name='password' type='password' id='password'>
</p>
<p>
<input type='submit' name='Submit' value='Submit'>
</p>
<p>Don't have an account?<br>
<a href='register.php'>Register Free</a> </p>
<a href='forgotpass.php'>Forgot your password? Click Here</a>
</form>";
if($loggedinname == "" and $password == ""){
// User is viewing login form
$article_title = "Member Login:";
$article_content = $loginform;
}
else if(($username != "" and $password == "") or ($username == "" and $password != "") ){
//Something was left blank
$article_title = "Login Error:";
$article_content = "Something was left blank. Please try logging in again.<br><br>{$loginform}";
}
else if($username != "" and $password != ""){
// Try to log the user in
$password = passencr($username, $password);
$result = runquery("SELECT * FROM {$prefix}users WHERE username = '$username'") ;
$user = mysql_fetch_array($result);
if($username == $user['username'] and $password == $user['password']){
$article_title = "Login Successful!";
$article_content = "Welcome back {$username}. You are now logged in. <a href='account.php'>Click Here to view or edit your account.</a>";
// Set the cookie
$Month = 2592000 + time();
// Convert from username to uid to secure data, no need for password since it is already hashed.
$uid = usernametouid($username);
setcookie("auid",$uid,$Month);
setcookie("apass",$password,$Month);
}
else{
$article_title = "Login Failed!";
$article_content = "Sorry, we could not log you on with the details specified. You can <a href='login.php'>try again</a> or <a href='forgotpass.php'>request a password reset.</a>";
$fail = 1;
}
}
}
//***************//
// OUTPUT PAGE //
//***************//
echo showpage($article_title, $article_content, $date);
?>