SHARE
TWEET

Untitled

a guest Nov 6th, 2018 151 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. <?php
  2.  
  3. include("lib/config.php");
  4. session_start();
  5.  
  6. //$password = false;
  7. if (!empty($_SERVER["HTTP_CF_CONNECTING_IP"])) {
  8.     $ip = $_SERVER["HTTP_CF_CONNECTING_IP"];
  9. } elseif (!empty($_SERVER['HTTP_CLIENT_IP'])) {
  10.     $ip = $_SERVER['HTTP_CLIENT_IP'];
  11. } elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) {
  12.     $ip = $_SERVER['HTTP_X_FORWARDED_FOR'];
  13. } else {
  14.     $ip = $_SERVER['REMOTE_ADDR'];
  15. }
  16.  
  17. if ($_SERVER["REQUEST_METHOD"] == "POST") {
  18.  
  19.  
  20.  
  21.     // username and password sent from form
  22.  
  23.     $myusername = mysqli_real_escape_string($db, $_POST['username']);
  24.     $mypassword = mysqli_real_escape_string($db, $_POST['password']);
  25.  
  26.  
  27.     if ($result = $db->query("SELECT passcode FROM admin WHERE username = '$myusername'")) {
  28.         while ($row = $result->fetch_assoc()) {
  29.             $password = $row['passcode'];
  30.         }
  31.  
  32.         $result->close();
  33.     }
  34.  
  35.     if (isset($password)) {
  36.         $parts = explode('$', $password);
  37.         $hash = "{SHA512-CRYPT}" . crypt($mypassword, sprintf('$%s$%s$%s$', $parts[1], $parts[2], $parts[3]));
  38.     } else {
  39.         $password = false;
  40.         $hash = false;
  41.     }
  42.  
  43.     if ($password != false && $hash != false && $password === $hash) {
  44.  
  45.  
  46.         session_regenerate_id();
  47.         $_SESSION['login_user'] = $myusername;
  48.         $db->query("UPDATE `admin` SET `session`='" . session_id() . "',`ip`='$ip' WHERE `username`='$myusername'");
  49.  
  50.         header("location: index.php");
  51.     } else {
  52.  
  53.  
  54.         $unixtime = time();
  55.         $db->query("UPDATE `admin` SET `faillogin`=faillogin+1, `failip`='$ip',`failtime`='$unixtime' WHERE `username`='$myusername'");
  56.         $error = "Your Login Name or Password is invalid";
  57.  
  58.         error_log(date('d.m.Y H:i:s',$unixtime). " || Wrong login credentials => Username: ".$myusername." - IP: ".$ip."\n", 3, "/var/www/log/admin_wrongpassword.log");
  59.     }
  60.  
  61.     // Dieser Abschnitt ist zum generieren eines neuen Passworts gedacht, solltest Du einen Benutzer registrieren!
  62.     // $salt = substr(sha1(rand()), 0, 16);
  63.     // $hashedPassword = "{SHA512-CRYPT}" . crypt($mypassword, '$6$' . $salt . '$');
  64.     //
  65. }
  66. ?>
  67. <html>
  68.  
  69.  
  70. <head>
  71.     <?php include('header.php'); ?>
  72. </head>
  73.  
  74. <body>
  75. <div class="container">
  76.  
  77.  
  78.     <div class="row">
  79.  
  80.         <div class="col-xs-offset-2 col-xs-8 col-sm-6 col-sm-offset-3 col-md-4 col-md-offset-4 ">
  81.             <h1 class="text-center"><kbd>CSGORUBY SCRIPT RECODE</kbd></h1>
  82.  
  83.             <div class="panel panel-warning text-center">
  84.                 <div class="panel-heading">Login</div>
  85.                 <div class="panel-body">
  86.                 <form method="post">
  87.                     <div class="form-group">
  88.                         <label class="sr-only" for="exampleInputEmail3">Email address</label>
  89.                         <input type="text" class="form-control" name="username" placeholder="Username">
  90.                     </div>
  91.                     <div class="form-group">
  92.                         <label class="sr-only" for="exampleInputPassword3">Password</label>
  93.                         <input type="password" class="form-control" name="password" placeholder="Password">
  94.                     </div>
  95.                     <button type="submit" class="btn btn-primary">Sign in</button>
  96.                 </form>
  97.                     <div class="text-right">
  98.                         IP: <?php echo $ip; ?>
  99.                     </div>
  100.                 <div class="text-danger"><?php if(isset($error)) { echo $error; } ?></div>
  101.                 </div>
  102.             </div>
  103.  
  104.         </div>
  105.     </div>
  106. </div>
  107.  
  108. </body>
  109. </html>
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top