<?phpinclude("lib/config.php");session_start();//$password = false;i

1. <?php
2.  
3. include("lib/config.php");
4. session_start();
5.  
6. //$password = false;
7. if (!empty($_SERVER["HTTP_CF_CONNECTING_IP"])) {
8. $ip = $_SERVER["HTTP_CF_CONNECTING_IP"];
9. } elseif (!empty($_SERVER['HTTP_CLIENT_IP'])) {
10. $ip = $_SERVER['HTTP_CLIENT_IP'];
11. } elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) {
12. $ip = $_SERVER['HTTP_X_FORWARDED_FOR'];
13. } else {
14. $ip = $_SERVER['REMOTE_ADDR'];
15. }
16.  
17. if ($_SERVER["REQUEST_METHOD"] == "POST") {
18.  
19.  
20.  
21. // username and password sent from form
22.  
23. $myusername = mysqli_real_escape_string($db, $_POST['username']);
24. $mypassword = mysqli_real_escape_string($db, $_POST['password']);
25.  
26.  
27. if ($result = $db->query("SELECT passcode FROM admin WHERE username = '$myusername'")) {
28. while ($row = $result->fetch_assoc()) {
29. $password = $row['passcode'];
30. }
31.  
32. $result->close();
33. }
34.  
35. if (!isset($password)) {
36. $password = false;
37. $hash = false;
38. }
39.  
40. if ($password != false && $hash != false && $password === $_POST['password']) {
41.  
42.  
43. session_regenerate_id();
44. $_SESSION['login_user'] = $myusername;
45. $db->query("UPDATE `admin` SET `session`='" . session_id() . "',`ip`='$ip' WHERE `username`='$myusername'");
46.  
47. header("location: index.php");
48. } else {
49.  
50.  
51. $unixtime = time();
52. $db->query("UPDATE `admin` SET `faillogin`=faillogin+1, `failip`='$ip',`failtime`='$unixtime' WHERE `username`='$myusername'");
53. $error = "Your Login Name or Password is invalid";
54.  
55. error_log(date('d.m.Y H:i:s',$unixtime). " || Wrong login credentials => Username: ".$myusername." - IP: ".$ip."\n", 3, "/var/www/log/admin_wrongpassword.log");
56. }
57.  
58. // Dieser Abschnitt ist zum generieren eines neuen Passworts gedacht, solltest Du einen Benutzer registrieren!
59. // $salt = substr(sha1(rand()), 0, 16);
60. // $hashedPassword = "{SHA512-CRYPT}" . crypt($mypassword, '$6$' . $salt . '$');
61. //
62. }
63. ?>
64. <html>
65.  
66.  
67. <head>
68. <?php include('header.php'); ?>
69. </head>
70.  
71. <body>
72. <div class="container">
73.  
74.  
75. <div class="row">
76.  
77. <div class="col-xs-offset-2 col-xs-8 col-sm-6 col-sm-offset-3 col-md-4 col-md-offset-4 ">
78. <h1 class="text-center"><kbd>CSGORUBY SCRIPT RECODE</kbd></h1>
79.  
80. <div class="panel panel-warning text-center">
81. <div class="panel-heading">Login</div>
82. <div class="panel-body">
83. <form method="post">
84. <div class="form-group">
85. <label class="sr-only" for="exampleInputEmail3">Email address</label>
86. <input type="text" class="form-control" name="username" placeholder="Username">
87. </div>
88. <div class="form-group">
89. <label class="sr-only" for="exampleInputPassword3">Password</label>
90. <input type="password" class="form-control" name="password" placeholder="Password">
91. </div>
92. <button type="submit" class="btn btn-primary">Sign in</button>
93. </form>
94. <div class="text-right">
95. IP: <?php echo $ip; ?>
96. </div>
97. <div class="text-danger"><?php if(isset($error)) { echo $error; } ?></div>
98. </div>
99. </div>
100.  
101. </div>
102. </div>
103. </div>
104.  
105. </body>
106. </html>