Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- // Block direct access to this file
- if( !defined("svncontrol_inc") ) {
- die( "Direct access of this file is not allowed." );
- }
- session_start();
- session_regenerate_id();
- // Switch modes
- if( isset($_SESSION['FIRST']) )
- $_SESSION['FIRST'] = false;
- // Check IP and useragent or login
- if( isset($_SESSION['AUTHENTICATED']) ) {
- if( md5($_SERVER['HTTP_USER_AGENT']) != $_SESSION['USERAGENT'] ||
- md5($_SERVER['REMOTE_ADDR']) != $_SESSION['USERADDR'] ) {
- // Void this session and restart
- session_unset();
- session_destroy();
- session_start();
- foreach( $_SESSION as $key => $value ) {
- unset( $_SESSION[$key] );
- }
- }
- } elseif( isset($_REQUEST['USERNAME']) && isset($_REQUEST['PASSWORD']) ) {
- $user = strtolower( $_REQUEST['USERNAME'] );
- $pass = base64_encode( pack("H*",sha1($_REQUEST['PASSWORD'])) );
- if( file_exists($svn_htpasswd) ) {
- $lines = file( $svn_htpasswd );
- foreach( $lines as $line ) {
- $userpasshash = explode( ':', $line );
- if( strtolower(rtrim($userpasshash[0])) === $user ) {
- // Found the user
- if( rtrim($userpasshash[1]) === '{SHA}'.$pass ) {
- // Success
- $_SESSION['AUTHENTICATED'] = true;
- $_SESSION['USERAGENT'] = md5( $_SERVER['HTTP_USER_AGENT'] );
- $_SESSION['USERADDR'] = md5( $_SERVER['REMOTE_ADDR'] );
- $_SESSION['FIRST'] = true;
- }
- }
- }
- }
- }
- ?>
Add Comment
Please, Sign In to add comment