Заменить в файле modules/account/index.php функцию login() на эту
function login() {
global $prefix, $db, $conf, $stop;
$code = ($conf['captyp'] == 1) ? $_SESSION['captcha'] : substr(hexdec(md5(date("F j").$_SESSION['captcha'].$conf['sitekey'])), 2, 6);
unset($_SESSION['captcha']);
if (extension_loaded("gd") && $code != $_POST['check'] && ($conf['gfx_chk'] == 2 || $conf['gfx_chk'] == 4 || $conf['gfx_chk'] == 5 || $conf['gfx_chk'] == 7)) $stop[] = _SECCODEINCOR;
$uname = htmlspecialchars(trim(substr($_POST['user_name'], 0, 25)));
$upass = htmlspecialchars(trim(substr($_POST['user_password'], 0, 25)));
if (!$uname || !$upass) $stop[] = _LOGININCOR;
$result = $db->sql_query("SELECT user_id, user_name, user_email, user_password, user_storynum, user_blockon, user_theme FROM ".$prefix."_users WHERE (user_name='".$uname."' or user_email= '".$uname."') AND user_password='".md5_salt($upass)."'");
if ($db->sql_numrows($result) != 1) $stop[] = _LOGININCOR;
list($user_id, $user_name, $user_email, $user_password, $user_storynum, $user_blockon, $user_theme) = $db->sql_fetchrow($result);
$check = true;
if($user_name != $uname)$check = false;
if($user_email != $uname)$check = false;
if (!$user_id || $check!=false || $user_password != md5_salt($upass) ) $stop[] = _LOGININCOR;
if (!$stop) {
cookieset($user_id, $user_name, $user_password, $user_storynum, $user_blockon, $user_theme);
$uip = getip();
$uvisit = save_datetime(1, "");
$uagent = getagent();
$db->sql_query("DELETE FROM ".$prefix."_session WHERE uname='".$uip."' AND guest='0'");
$db->sql_query("UPDATE ".$prefix."_users SET user_last_ip='".$uip."', user_lastvisit='".$uvisit."', user_agent='".$uagent."' WHERE user_name='".$user_name."'");
login_report(0, 1, $uname, "");
if ($conf['forum']) {
new_user($user_name, $upass, $user_email);
log_in($uname, $upass);
}
referer("index.php?name=".$conf['name']."&op=profil");
} else {
login_report(0, 0, $uname, $upass);
if ($conf['forum']) check_user($uname, $upass);
account();
}
}