0

-Hi,
I'm having trouble with B.I. Media Solutions Auction (phpprobid) , I'm getting the error message:

Fatal error: Cannot redeclare password_hash() in /home/betti397/public_html/includes/functions_login.php on line 147

I've been at it for hours.
I couldn't see any obvious errors in functions_login.php but then I'm not much good at PHP code.

Here is the file. I would greatly appreciate it if anyone could "spot the obvious error" for me:

<?
#################################################################
## B.I. Media Solutions v6.12                                                           ##
##-------------------------------------------------------------##
## Copyright ©2012 B.I. Media Solutions. All rights reserved.   ##
##-------------------------------------------------------------##
## (Mods-Store) -> Shopping Cart                                            ##
#################################################################

function login_user ($username, $password, $redirect_url = '', $admin_login = false)
{
    global $db, $setts, $signup_fee, $session;

    (array) $login_output = NULL;

    if ($admin_login) ## the spoofer login, we dont need to check for the password here
    {
        logout(false, false);

        $login_query = $db->query("SELECT user_id, username, active, approved, salt, payment_status, is_seller, mail_activated FROM " . DB_PREFIX . "users WHERE
            username='" . $username . "' LIMIT 0,1");
    }
    else
    {
        $salt = $db->get_sql_field("SELECT salt FROM " . DB_PREFIX . "users WHERE username='" . $username . "'", "salt");

        $password_hashed = password_hash($password, $salt);

        $password_old = substr(md5($password), 0, 30); ## added for backward compatibility (v5.25 and older versions)

        $login_query = $db->query("SELECT user_id, username, active, approved, salt, 
            payment_status, is_seller, mail_activated FROM " . DB_PREFIX . "users WHERE username='" . $username . "' AND 
            (password='" . $password_hashed . "' OR password='" . $password_old . "') LIMIT 0,1");
    }

    $is_login = $db->num_rows($login_query);

    $login_output['redirect_url'] = 'login.php?invalid_login=1';
    $login_output['user_exists'] = false;

    /**
     * Important: the redirect to activate_account.php only needs to happen if the signup fee wasnt paid.
     */

    if ($is_login)
    {
        $login_output = $db->fetch_array($login_query);
        $login_output['user_exists'] = true;

        $login_output['redirect_url'] = (!empty($redirect_url)) ? $redirect_url : 'index.php';

        $login_output['is_seller'] = ($setts['enable_private_site']) ? $login_output['is_seller'] : 1;

        ## add signup fee procedure here.
        $signup_result = $signup_fee->signup($login_output['user_id']);

        if ($login_output['active'] == 1 && $login_output['approved'] == 1 && $login_output['mail_activated'] == 1)
        {
            $login_output['active'] = 'Active';
            // now update all shopping carts from the temp session id to the session user id value
            $db->query("UPDATE " . DB_PREFIX . "shopping_carts SET 
                buyer_id=" . $login_output['user_id'] . " WHERE buyer_session_id='" . $session->value('buyer_session_id') . "' AND buyer_session_id!=''");
        }
        else if ($login_output['approved'] == 0 || $login_output['mail_activated'] == 0 || ($signup_result['amount']>0 && $login_output['payment_status'] != 'confirmed')) /* the signup fee wasnt paid, redirect to the payment page */
        {
            $login_output['active'] = null;
            $login_output['redirect_url'] = 'activate_account.php';

            // user_id and username wont be activated either, the user will need to log in again after making the signup fee payment
            $login_output['temp_user_id'] = $login_output['user_id'];
            $login_output['user_id'] = null;
            $login_output['username'] = null;
        }
        else /* means the user is suspended for whichever reason. Members area access is limited. */
        {
            $login_output['active'] = null;
            $login_output['redirect_url'] = 'members_area.php?page=account§ion=management';
        }

        ## need to fix the function here to see how it handles every situation.
    }

    return $login_output;
}

function login_admin ($username, $password, $pin_generated, $pin_submitted, $check_pin = true)
{
    global $db;

    (array) $login_output = NULL;

    $login_query = $db->query("SELECT * FROM " . DB_PREFIX . "admins WHERE
        username='" . $username . "' AND password='" . md5($password) . "' LIMIT 0,1");

    $is_login = $db->num_rows($login_query);

    if ($is_login)
    {
        $login_details = $db->fetch_array($login_query);

        $valid_pin = ($check_pin) ? check_pin($pin_generated, $pin_submitted) : true;

        if ($valid_pin)
        {
            $login_output['active'] = 'Active';
            $login_output['level'] = $login_details['level'];

            $update_last_login = $db->query("UPDATE " . DB_PREFIX . "admins SET
                date_lastlogin='" . CURRENT_TIME . "' WHERE id='" . $login_details['id'] . "'");
        }
    }

    return $login_output;
}

function logout ($logout_admin = false, $redirect = true)
{
    global $session;

    if ($logout_admin)
    {
        $session->unregister('adminarea');
        $session->unregister('adminlevel');
    }
    else
    {
        $session->unregister('membersarea');
        $session->unregister('username');
        $session->unregister('user_id');
        $session->unregister('is_seller');
        $session->unregister('rm_username');
        $session->unregister('login_store');
        $session->unregister('login_category');

        $session->unset_cookie('username_cookie');
    }

    if ($redirect)
    {
        header_redirect('index.php');
    }
}

function password_hash ($password, $salt)
{
    return md5(md5($password) . $salt);
}

function login_spoofer ($username, $admin_username, $admin_password)
{
    global $db;
    (array) $login_output = NULL;

    $login_query = $db->query("SELECT * FROM " . DB_PREFIX . "admins WHERE
        username='" . $admin_username . "' AND password='" . md5($admin_password) . "' AND level='1' LIMIT 0,1");

    $is_login = $db->num_rows($login_query);

    $login_output['admin_exists'] = false;
    if ($is_login)
    {
        $login_output = login_user($username, '', '', true);
        $login_output['admin_exists'] = true;
    }

    return $login_output;
}

?> 

Edited by yoou

2
Contributors
1
Reply
14
Views
2 Years
Discussion Span
Last Post by rproffitt
This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.