From f6a729df8790121b3086db0404df35ab0a2ce97c Mon Sep 17 00:00:00 2001
From: Axel Guckelsberger <info@guite.de>
Date: Sat, 27 Apr 2013 10:06:19 +0300
Subject: [PATCH] Update index.php

---
 index.php | 246 +++++++++++++++++-------------------------------------
 1 file changed, 78 insertions(+), 168 deletions(-)

diff --git a/index.php b/index.php
index c639174c..7270c952 100644
--- a/index.php
+++ b/index.php
@@ -22,106 +22,74 @@ define('AREA', 'login');
 /**
  * Include our init.php, which manages Sessions, Language etc.
  */
+require ('./lib/init.php');
 
-require ("./lib/init.php");
-
-if($action == '')
-{
+if ($action == '') {
 	$action = 'login';
 }
 
-if($action == 'login')
-{
-	if(isset($_POST['send'])
-	&& $_POST['send'] == 'send')
-	{
+if ($action == 'login') {
+	if (isset($_POST['send'])
+		&& $_POST['send'] == 'send'
+	) {
 		$loginname = validate($_POST['loginname'], 'loginname');
 		$password = validate($_POST['password'], 'password');
 
 		$row = $db->query_first("SELECT `loginname` AS `customer` FROM `" . TABLE_PANEL_CUSTOMERS . "` WHERE `loginname`='" . $db->escape($loginname) . "'");
 
-		if($row['customer'] == $loginname)
-		{
+		if ($row['customer'] == $loginname) {
 			$table = "`" . TABLE_PANEL_CUSTOMERS . "`";
 			$uid = 'customerid';
 			$adminsession = '0';
 			$is_admin = false;
-		}
-		else
-		{
-			if((int)$settings['login']['domain_login'] == 1)
-			{
+		} else {
+			$is_admin = true;
+			if ((int)$settings['login']['domain_login'] == 1) {
 				/**
 				 * check if the customer tries to login with a domain, #374
 				 */
 				$domainname = $idna_convert->encode(preg_replace(Array('/\:(\d)+$/', '/^https?\:\/\//'), '', $loginname));
 				$row2 = $db->query_first("SELECT `customerid` FROM `".TABLE_PANEL_DOMAINS."` WHERE `domain` = '".$db->escape($domainname)."'");
 	
-				if(isset($row2['customerid']) && $row2['customerid'] > 0)
-				{
+				if (isset($row2['customerid']) && $row2['customerid'] > 0) {
 					$loginname = getCustomerDetail($row2['customerid'], 'loginname');
-					
-					if($loginname !== false)
-					{
+					if ($loginname !== false) {
 						$row3 = $db->query_first("SELECT `loginname` AS `customer` FROM `" . TABLE_PANEL_CUSTOMERS . "` WHERE `loginname`='" . $db->escape($loginname) . "'");
-		
-						if($row3['customer'] == $loginname)
-						{
+						if ($row3['customer'] == $loginname) {
 							$table = "`" . TABLE_PANEL_CUSTOMERS . "`";
 							$uid = 'customerid';
 							$adminsession = '0';
 							$is_admin = false;
 						}
 					}
-					else
-					{
-						$is_admin = true;
-					}
 				}
-				else
-				{
-					$is_admin = true;
-				}
-			}
-			else
-			{
-				$is_admin = true;
 			}
 		}
 
-		if(hasUpdates($version) && $is_admin == false)
-		{
+		if (hasUpdates($version) && $is_admin == false) {
 			redirectTo('index.php');
 			exit;
 		}
 
-		if($is_admin)
-		{
-			if(hasUpdates($version))
-			{
+		if ($is_admin) {
+			if (hasUpdates($version)) {
 				$row = $db->query_first("SELECT `loginname` AS `admin` FROM `" . TABLE_PANEL_ADMINS . "` WHERE `loginname`='" . $db->escape($loginname) . "' AND `change_serversettings` = '1'");
 				/*
 				 * not an admin who can see updates
 				 */
-				if(!isset($row['admin']))
-				{
+				if (!isset($row['admin'])) {
 					redirectTo('index.php');
 					exit;
 				}
-			}
-			else
-			{
+			} else {
 				$row = $db->query_first("SELECT `loginname` AS `admin` FROM `" . TABLE_PANEL_ADMINS . "` WHERE `loginname`='" . $db->escape($loginname) . "'");
 			}
 
-			if($row['admin'] == $loginname)
-			{
+			if ($row['admin'] == $loginname) {
 				$table = "`" . TABLE_PANEL_ADMINS . "`";
 				$uid = 'adminid';
 				$adminsession = '1';
-			}
-			else
-			{
+			} else {
 				redirectTo('index.php', Array('showmessage' => '2'), true);
 				exit;
 			}
@@ -129,64 +97,48 @@ if($action == 'login')
 
 		$userinfo = $db->query_first("SELECT * FROM $table WHERE `loginname`='" . $db->escape($loginname) . "'");
 
-		if($userinfo['loginfail_count'] >= $settings['login']['maxloginattempts']
-		&& $userinfo['lastlogin_fail'] > (time() - $settings['login']['deactivatetime']))
-		{
+		if ($userinfo['loginfail_count'] >= $settings['login']['maxloginattempts']
+			&& $userinfo['lastlogin_fail'] > (time() - $settings['login']['deactivatetime'])
+		) {
 			redirectTo('index.php', Array('showmessage' => '3'), true);
 			exit;
-		}
-		elseif($userinfo['password'] == md5($password))
-		{
+		} elseif($userinfo['password'] == md5($password)) {
 			// login correct
 			// reset loginfail_counter, set lastlogin_succ
-
 			$db->query("UPDATE $table SET `lastlogin_succ`='" . time() . "', `loginfail_count`='0' WHERE `$uid`='" . (int)$userinfo[$uid] . "'");
 			$userinfo['userid'] = $userinfo[$uid];
 			$userinfo['adminsession'] = $adminsession;
-		}
-		else
-		{
+		} else {
 			// login incorrect
-
 			$db->query("UPDATE $table SET `lastlogin_fail`='" . time() . "', `loginfail_count`=`loginfail_count`+1 WHERE `$uid`='" . (int)$userinfo[$uid] . "'");
 			unset($userinfo);
 			redirectTo('index.php', Array('showmessage' => '2'), true);
 			exit;
 		}
 
-		if(isset($userinfo['userid'])
-		&& $userinfo['userid'] != '')
-		{
+		if (isset($userinfo['userid'])
+			&& $userinfo['userid'] != ''
+		) {
 			$s = md5(uniqid(microtime(), 1));
 
-			if(isset($_POST['language']))
-			{
+			if (isset($_POST['language'])) {
 				$language = validate($_POST['language'], 'language');
-
-				if($language == 'profile')
-				{
+				if ($language == 'profile') {
 					$language = $userinfo['def_language'];
-				}
-				elseif(!isset($languages[$language]))
-				{
+				} elseif(!isset($languages[$language])) {
 					$language = $settings['panel']['standardlanguage'];
 				}
-			}
-			else
-			{
+			} else {
 				$language = $settings['panel']['standardlanguage'];
 			}
 
-			if(isset($userinfo['theme']) && $userinfo['theme'] != '') {
+			if (isset($userinfo['theme']) && $userinfo['theme'] != '') {
 				$theme = $userinfo['theme'];
-			}
-			else
-			{
+			} else {
 				$theme = $settings['panel']['default_theme'];
 			}
 
-			if($settings['session']['allow_multiple_login'] != '1')
-			{
+			if ($settings['session']['allow_multiple_login'] != '1') {
 				$db->query("DELETE FROM `" . TABLE_PANEL_SESSIONS . "` WHERE `userid` = '" . (int)$userinfo['userid'] . "' AND `adminsession` = '" . $db->escape($userinfo['adminsession']) . "'");
 			}
 
@@ -195,56 +147,41 @@ if($action == 'login')
 			$columns = mysql_num_fields($fields);
 			$field_array = array();
 			for ($i = 0; $i < $columns; $i++) {
-    			$field_array[] = mysql_field_name($fields, $i);
+				$field_array[] = mysql_field_name($fields, $i);
 			}
 
-    		if (!in_array('theme', $field_array)) {
+			if (!in_array('theme', $field_array)) {
 				$db->query("INSERT INTO `" . TABLE_PANEL_SESSIONS . "` (`hash`, `userid`, `ipaddress`, `useragent`, `lastactivity`, `language`, `adminsession`) VALUES ('" . $db->escape($s) . "', '" . (int)$userinfo['userid'] . "', '" . $db->escape($remote_addr) . "', '" . $db->escape($http_user_agent) . "', '" . time() . "', '" . $db->escape($language) . "', '" . $db->escape($userinfo['adminsession']) . "')");
-    		} else {
-    			$db->query("INSERT INTO `" . TABLE_PANEL_SESSIONS . "` (`hash`, `userid`, `ipaddress`, `useragent`, `lastactivity`, `language`, `adminsession`, `theme`) VALUES ('" . $db->escape($s) . "', '" . (int)$userinfo['userid'] . "', '" . $db->escape($remote_addr) . "', '" . $db->escape($http_user_agent) . "', '" . time() . "', '" . $db->escape($language) . "', '" . $db->escape($userinfo['adminsession']) . "', '" . $db->escape($theme) . "')");
-    		}
+    			} else {
+    				$db->query("INSERT INTO `" . TABLE_PANEL_SESSIONS . "` (`hash`, `userid`, `ipaddress`, `useragent`, `lastactivity`, `language`, `adminsession`, `theme`) VALUES ('" . $db->escape($s) . "', '" . (int)$userinfo['userid'] . "', '" . $db->escape($remote_addr) . "', '" . $db->escape($http_user_agent) . "', '" . time() . "', '" . $db->escape($language) . "', '" . $db->escape($userinfo['adminsession']) . "', '" . $db->escape($theme) . "')");
+    			}
 
-			if($userinfo['adminsession'] == '1')
-			{
-				if(hasUpdates($version))
-				{
+			if ($userinfo['adminsession'] == '1') {
+				if (hasUpdates($version)) {
 					redirectTo('admin_updates.php', Array('s' => $s), true);
-					exit;
-				}
-				else
-				{
+				} else {
 					redirectTo('admin_index.php', Array('s' => $s), true);
-					exit;
 				}
-			}
-			else
-			{
+			} else {
 				redirectTo('customer_index.php', Array('s' => $s), true);
-				exit;
 			}
-		}
-		else
-		{
+		} else {
 			redirectTo('index.php', Array('showmessage' => '2'), true);
-			exit;
 		}
-	}
-	else
-	{
+		exit;
+	} else {
 		$language_options = '';
-		$language_options.= makeoption($lng['login']['profile_lng'], 'profile', 'profile', true, true);
+		$language_options .= makeoption($lng['login']['profile_lng'], 'profile', 'profile', true, true);
 
-		while(list($language_file, $language_name) = each($languages))
-		{
-			$language_options.= makeoption($language_name, $language_file, 'profile', true);
+		while (list($language_file, $language_name) = each($languages)) {
+			$language_options .= makeoption($language_name, $language_file, 'profile', true);
 		}
 
 		$smessage = isset($_GET['showmessage']) ? (int)$_GET['showmessage'] : 0;
 		$message = '';
 		$successmessage = '';
 
-		switch($smessage)
-		{
+		switch ($smessage) {
 			case 1:
 				$successmessage = $lng['pwdreminder']['success'];
 				break;
@@ -264,23 +201,21 @@ if($action == 'login')
 		}
 
 		$update_in_progress = '';
-		if(hasUpdates($version))
-		{
+		if (hasUpdates($version)) {
 			$update_in_progress = $lng['update']['updateinprogress_onlyadmincanlogin'];
 		}
 
-		eval("echo \"" . getTemplate("login") . "\";");
+		eval("echo \"" . getTemplate('login') . "\";");
 	}
 }
 
-if($action == 'forgotpwd')
-{
+if ($action == 'forgotpwd') {
 	$adminchecked = false;
 	$message = '';
 
-	if(isset($_POST['send'])
-	&& $_POST['send'] == 'send')
-	{
+	if (isset($_POST['send'])
+		&& $_POST['send'] == 'send'
+	) {
 		$loginname = validate($_POST['loginname'], 'loginname');
 		$email = validateEmail($_POST['loginemail'], 'email');
 		$sql = "SELECT `adminid`, `customerid`, `firstname`, `name`, `company`, `email`, `loginname`, `def_language`, `deactivated` FROM `" . TABLE_PANEL_CUSTOMERS . "`
@@ -288,64 +223,48 @@ if($action == 'forgotpwd')
 				AND `email`='" . $db->escape($email) . "'";
 		$result = $db->query($sql);
 
-		if($db->num_rows() == 0)
-		{
+		if ($db->num_rows() == 0) {
 			$sql = "SELECT `adminid`, `name`, `email`, `loginname`, `def_language` FROM `" . TABLE_PANEL_ADMINS . "`
 				WHERE `loginname`='" . $db->escape($loginname) . "'
 				AND `email`='" . $db->escape($email) . "'";
 			$result = $db->query($sql);
 				
-			if($db->num_rows() > 0)
-			{
+			if ($db->num_rows() > 0) {
 				$adminchecked = true;
-			}
-			else
-			{
+			} else {
 				$result = null;
 			}
 		}
 
-		if($result !== null)
-		{
+		if ($result !== null) {
 			$user = $db->fetch_array($result);
 			
 			/* Check whether user is banned */
-			if($user['deactivated'])
-			{
+			if ($user['deactivated']) {
 				$message = $lng['pwdreminder']['notallowed'];
 				redirectTo('index.php', Array('showmessage' => '5'), true);
 			}
 
-			if(($adminchecked && $settings['panel']['allow_preset_admin'] == '1')
-			|| $adminchecked == false)
-			{
-				if($user !== false)
-				{
+			if (($adminchecked && $settings['panel']['allow_preset_admin'] == '1')
+				|| $adminchecked == false
+			) {
+				if ($user !== false) {
 					if ($settings['panel']['password_min_length'] <= 6) {
 						$password = substr(md5(uniqid(microtime(), 1)), 12, 6);
 					} else {
 						// make it two times larger than password_min_length
 						$rnd = '';
 						$minlength = $settings['panel']['password_min_length'];
-						while (strlen($rnd) < ($minlength * 2))
-						{
+						while (strlen($rnd) < ($minlength * 2)) {
 							$rnd .= md5(uniqid(microtime(), 1));
 						}
 						$password = substr($rnd, (int)($minlength / 2), $minlength);
 					}
 
-					if($adminchecked)
-					{
-						$db->query("UPDATE `" . TABLE_PANEL_ADMINS . "` SET `password`='" . md5($password) . "'
-								WHERE `loginname`='" . $user['loginname'] . "'
-								AND `email`='" . $user['email'] . "'");
-					}
-					else
-					{
-						$db->query("UPDATE `" . TABLE_PANEL_CUSTOMERS . "` SET `password`='" . md5($password) . "'
-								WHERE `loginname`='" . $user['loginname'] . "'
-								AND `email`='" . $user['email'] . "'");
-					}
+					$passwordTable = $adminchecked ? TABLE_PANEL_ADMINS : TABLE_PANEL_CUSTOMERS;
+					$db->query("UPDATE `" . $passwordTable . "` SET `password`='" . md5($password) . "'
+							WHERE `loginname`='" . $user['loginname'] . "'
+							AND `email`='" . $user['email'] . "'");
 
 					$rstlog = FroxlorLogger::getInstanceOf(array('loginname' => 'password_reset'), $db, $settings);
 					$rstlog->logAction(USR_ACTION, LOG_WARNING, "Password for user '" . $user['loginname'] . "' has been reset!");
@@ -389,9 +308,7 @@ if($action == 'forgotpwd')
 					$mail->ClearAddresses();
 					redirectTo('index.php', Array('showmessage' => '1'), true);
 					exit;
-				}
-				else
-				{
+				} else {
 					$rstlog = FroxlorLogger::getInstanceOf(array('loginname' => 'password_reset'), $db, $settings);
 					$rstlog->logAction(USR_ACTION, LOG_WARNING, "User '" . $loginname . "' tried to reset pwd but wasn't found in database!");
 					$message = $lng['login']['combination_not_found'];
@@ -399,28 +316,21 @@ if($action == 'forgotpwd')
 
 				unset($user);
 			}
-		}
-		else
-		{
+		} else {
 			$message = $lng['login']['usernotfound'];
 		}
 	}
 
-	if($adminchecked)
-	{
-		if($settings['panel']['allow_preset_admin'] != '1')
-		{
+	if ($adminchecked) {
+		if ($settings['panel']['allow_preset_admin'] != '1') {
 			$message = $lng['pwdreminder']['notallowed'];
 			unset ($adminchecked);
 		}
-	}
-	else
-	{
-		if($settings['panel']['allow_preset'] != '1')
-		{
+	} else {
+		if ($settings['panel']['allow_preset'] != '1') {
 			$message = $lng['pwdreminder']['notallowed'];
 		}
 	}
 
-	eval("echo \"" . getTemplate("fpwd") . "\";");
+	eval("echo \"" . getTemplate('fpwd') . "\";");
 }