API tools faq
paste
Guest User

Untitled

a guest
Nov 22nd, 2017
399
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 29.86 KB | None | 0 0
raw download clone embed print report
  1. <?php
  2. session_start();
  3. session_name(md5('seg'.$_SERVER['REMOTE_ADDR'].$_SERVER['HTTP_USER_AGENT']));
  4. $sessao_id = session_id();
  5. $timestamp = time();
  6. if (!isset($_SESSION["sessao"])) { //Inicializa variavel Sessao
  7. $sessao = array();
  8. $sessao["erro"] = "";
  9. $sessao["logado"]=false;
  10. $sessao["login"]= "";
  11. $sessao["timeout"]="";
  12. $_SESSION["sessao"] = $sessao; //Grava variavel sessao
  13. }
  14. else {
  15. $sessao = $_SESSION["sessao"]; //Recupera dados da variavel Sessao
  16. }
  17. include __DIR__ ."/atualizar/incluso/config.php";
  18. $ref2 = $_POST['ref'];
  19. $now = time();
  20. $dt = date("Y-m-d");
  21. $hora_cad = strftime("%H:%M:%S");
  22. $data = (!empty($dt)?substr($dt,8,2).'/'.substr($dt,5,2).'/'.substr($dt,0,4):date('d.m.Y'));
  23.  
  24. if(!empty($ref2)){
  25. $vai = "<meta http-equiv='refresh' content='0;URL=$ref2'>";
  26. } else {
  27. $vai = "<meta http-equiv='refresh' content='0;URL=meus-anuncios'>";
  28. }
  29. // VERIFICA SE EXISTE O USUÁRIO
  30. if(isset($_POST["email"])) {
  31. $login = $_POST['email'];
  32. $email2 = base64_encode($login);
  33. }
  34. $sql = $mysqli->query("SELECT id, email FROM usuarios WHERE email = '$login'");
  35. $linha = $sql->fetch_assoc();
  36. $total = $sql->num_rows;
  37. if ( $total > 0 ){ // ABRE SE O LOGIN EXISTE
  38. } // FECHA SE O LOGIN EXISTE
  39. else {
  40. echo "<meta http-equiv='refresh' content='0;URL=entrar?ac=". base64_encode('login') ."&token=$email2&ref=$ref2'>";
  41. die;
  42. }
  43. // VERIFICA SE ESTÁ PENDENTE DE CONFIFRMAÇÃO
  44. $sql2 = $mysqli->query("SELECT id, senha, salt FROM usuarios WHERE email = '$login' and status = 'zero'");
  45. $linha2 = $sql2->fetch_assoc();
  46. $total2 = $sql2->num_rows;
  47. if ( $total2 > 0 ){
  48. echo "<meta http-equiv='refresh' content='0;URL=entrar?ac=". base64_encode('pendente') ."&token=$email2&ref=$ref2'>";
  49. die;
  50. }
  51. // VERIFICA SE O USUÁRIO ESTÁ ATIVO
  52. $sql2 = $mysqli->query("SELECT id, email, senha, salt FROM usuarios WHERE email = '$login' and status = 'sim'");
  53. $linha2 = $sql2->fetch_assoc();
  54. $total2 = $sql2->num_rows;
  55. if ( $total2 > 0 ){
  56. $senha_valida = $linha2["senha"];
  57. $salt = $linha2["salt"];
  58. } else {
  59. echo "<meta http-equiv='refresh' content='0;URL=entrar?ac=". base64_encode('status') ."&token=$email2&ref=$ref2'>";
  60. die;
  61. }
  62. // VERIFICA SE A SENHA É IGUAL A DIGITADA
  63. if(isset($_POST["senha"])) {
  64. $senha = $_POST["senha"];
  65. //$senha = md5(anti_injection($_POST["password"]));
  66. $senha = hash('sha512', $senha . $salt);
  67. //$senha = hash('sha512', $senha);
  68. }
  69. if ($senha == "$senha_valida"){
  70.  
  71. // Todas as tentativas de login são contadas a partir da última hora.
  72. $valid_attempts = $now - (1 * 60 * 60);
  73. $sqlBrute = $mysqli->query("SELECT * FROM usuarios_banidos WHERE usuario_id = '$linha[id]' AND time > '$valid_attempts'");
  74. $totalBrute = $sqlBrute->num_rows;
  75. if ($totalBrute > 2) {
  76.  
  77. echo "<meta http-equiv='refresh' content='0;URL=entrar.php?ac=". base64_encode('banido') ."&token=$email2&ref=$ref2'>";
  78. die;
  79. }
  80. $sql_inclu = $mysqli->query("INSERT INTO usuarios_banidos (usuario_id, time) VALUES ('$linha2[id]', '$now')");
  81. $data = date ("Y-m-d");
  82. $hora = strftime("%H:%M:%S");
  83. $sql_logar = $mysqli->query("SELECT * FROM usuarios WHERE email = '$login' && senha = '$senha'");
  84. $fet_logar = $sql_logar->fetch_assoc();
  85. $num_logar = $sql_logar->num_rows;
  86. $ip_u = $fet_logar['ip'];
  87. $data_u = $fet_logar['data'];
  88. $hora_u = $fet_logar['hora'];
  89. $id_user = $fet_logar['id'];
  90. $visitas = $fet_logar['visitas'] + 1;
  91.  
  92. $insere = $mysqli->query("UPDATE usuarios SET data_u = '".$data_u."', hora_u = '".$hora_u."', ip_upd = '".$ip_u."' WHERE email = '".$login."'");
  93. //VERIFICAR SE O USUARIO JA ESTA CONECTADO E EXCLUIR O LOG DE usuarios_online
  94.  
  95. $sql_busca = $mysqli->query("SELECT login FROM usuarios_online WHERE login = '".$login."'");
  96. if ($sql_busca->num_rows > 0){
  97. $sql = "DELETE FROM usuarios_online WHERE login='".$login."'";
  98. $query = $mysqli->query($sql);
  99. }
  100.  
  101. $sql_inclu = $mysqli->query("INSERT INTO usuarios_online(codigo_usu, login, sessao, entrada, entrada2, hora, ip, ult_clique) VALUES
  102. ('$id_user', '$login', '$sessao_id', '$data', '$timestamp', '$hora', '".$ip."', '$timestamp')");
  103.  
  104. $sql_inclu = $mysqli->query("INSERT INTO usuario_log(id_user, login, entrada, hora, ip) VALUES
  105. ('$id_user', '$login', '$data', '$hora', '".$ip."')");
  106.  
  107. $sql_upgrade = $mysqli->query("UPDATE usuarios SET hora='$hora', data='$data', ip='".$ip."', visitas = '".$visitas."' WHERE login = '$login'");
  108.  
  109. $sql2 = $mysqli->query("SELECT * FROM usuarios WHERE email = '$login'");
  110. $s = $sql2->fetch_assoc();
  111.  
  112. //EXCLUIR USU�RIO DO BRUTEFORCE
  113. $sql_banido = $mysqli->query("SELECT * FROM usuarios_banidos WHERE usuario_id='".$s['id']."'");
  114.  
  115. for ($i = 0; $i < $sql_banido->num_rows; $i++) {
  116. $delete = $mysqli->query("DELETE FROM usuarios_banidos WHERE usuario_id='".$s['id']."'");
  117. }
  118.  
  119. if ($s['nivel'] == 1){
  120. echo "<meta http-equiv='refresh' content='0;URL=/atualizar/admin.php'>";
  121. } elseif ($s['nivel'] == 2){
  122. echo "$vai";
  123. } elseif ($s['nivel'] == 100){
  124. echo "<meta http-equiv='refresh' content='0;URL=master.php'>";
  125. } elseif ($s['nivel'] == 3){
  126. echo "<meta http-equiv='refresh' content='0;URL=vip.php'>";
  127. }
  128. //2 = Administrador
  129. else {
  130. echo "<meta http-equiv='refresh' content='0;URL=entrar?ac=". base64_encode('permissao') ."&token=$email2&ref=$ref2'>";
  131.  
  132. }
  133.  
  134. } else {
  135.  
  136. // Todas as tentativas de login são contadas a partir da últimas horas.
  137. $valid_attempts = $now - (1 * 60 * 60);
  138. $sqlBrute = $mysqli->query("SELECT * FROM usuarios_banidos WHERE usuario_id = '$linha[id]' AND time > '$valid_attempts'");
  139. if ($sqlBrute->num_rows > 2) {
  140. //phpmail
  141. if (!class_exists("phpmailer")) {
  142. require("PHPMailerAutoload.php");
  143. }
  144. $cMail = new PHPMailer();
  145. $cMail->IsSMTP();
  146. // dados para autenticação no servidor SMTP
  147. $cMail->Host = "".$i['smtp_servidor']."";
  148. $cMail->SMTPAuth = true;
  149. $cMail->Username = "".$i['smtp_email']."";
  150. $cMail->Password = "".$i['smtp_senha']."";
  151. // caso queira enviar o email no formato HTML adicione a linha
  152. $cMail->IsHTML(true);
  153. // email de origem
  154. $cMail->CharSet = 'UTF-8';
  155. $cMail->From = "nobody@npop.com.br";
  156. $cMail->FromName = "".utf8_decode($i['copyright'])." - Monitoramento";
  157. //email de destino
  158. //$cMail->AddAddress("".$email."");
  159. $cMail->AddAddress("".$i['email_principal']."", "Tentativas inválidas de login - ".utf8_decode($i['copyright'])."");
  160. $cMail->AddCC("".$i['email_alternativo']."", "Tentativas inválidas de login - ".utf8_decode($i['copyright']).""); // Cópia
  161. //anexos
  162. //$cMail->AddAttachment("/tmp/documento.pdf", "novo_nome.pdf"); // Insere um anexo
  163. // assunto da mensagem
  164. $cMail->Subject = "Tentativas inválidas de login ".utf8_decode($i['copyright'])."";
  165. // conteudo da mensagem mensagem
  166. $cMail->Body = "<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.0 Strict//EN\" \"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd\">
  167. <html xmlns=\"http://www.w3.org/1999/xhtml\">
  168. <head>
  169. <meta http-equiv=\"Content-Type\" content=\"text/html; charset=utf-8\" />
  170. <meta name=\"viewport\" content=\"width=device-width, initial-scale=1.0\"/>
  171. <title>Verificar Conta</title>
  172. <style type=\"text/css\">
  173. /* Based on The MailChimp Reset INLINE: Yes. */
  174. /* Client-specific Styles */
  175. #outlook a {
  176. padding: 0;
  177. } /* Force Outlook to provide a \"view in browser\" menu link. */
  178. body {
  179. width: 100% !important;
  180. -webkit-text-size-adjust: 100%;
  181. -ms-text-size-adjust: 100%;
  182. margin: 0;
  183. padding: 0;
  184. }
  185. .ExternalClass {
  186. width: 100%;
  187. } /* Force Hotmail to display emails at full width */
  188. .ExternalClass, .ExternalClass p, .ExternalClass span, .ExternalClass font, .ExternalClass td, .ExternalClass div {
  189. line-height: 100%;
  190. }
  191. /* Forces Hotmail to display normal line spacing. More on that: http://www.emailonacid.com/forum/viewthread/43/ */
  192. #backgroundTable {
  193. margin: 0;
  194. padding: 0;
  195. width: 100% !important;
  196. line-height: 100% !important;
  197. }
  198. /* End reset */
  199.  
  200. /* Some sensible defaults for images
  201. Bring inline: Yes. */
  202. img {
  203. outline: none;
  204. text-decoration: none;
  205. -ms-interpolation-mode: bicubic;
  206. }
  207. a img {
  208. border: none;
  209. }
  210. .image_fix {
  211. display: block;
  212. }
  213. /* Yahoo paragraph fix
  214. Bring inline: Yes. */
  215. p {
  216. margin: 1em 0;
  217. }
  218. /* Hotmail header color reset
  219. Bring inline: Yes. */
  220. h1, h2, h3, h4, h5, h6 {
  221. color: black !important;
  222. }
  223. h1 a, h2 a, h3 a, h4 a, h5 a, h6 a {
  224. color: blue !important;
  225. }
  226. h1 a:active, h2 a:active, h3 a:active, h4 a:active, h5 a:active, h6 a:active {
  227. color: red !important; /* Preferably not the same color as the normal header link color. There is limited support for psuedo classes in email clients, this was added just for good measure. */
  228. }
  229. h1 a:visited, h2 a:visited, h3 a:visited, h4 a:visited, h5 a:visited, h6 a:visited {
  230. color: purple !important; /* Preferably not the same color as the normal header link color. There is limited support for psuedo classes in email clients, this was added just for good measure. */
  231. }
  232. /* Outlook 07, 10 Padding issue fix
  233. Bring inline: No.*/
  234. table td {
  235. border-collapse: collapse;
  236. }
  237. /* Remove spacing around Outlook 07, 10 tables
  238. Bring inline: Yes */
  239. table {
  240. border-collapse: collapse;
  241. mso-table-lspace: 0pt;
  242. mso-table-rspace: 0pt;
  243. }
  244. /***************************************************
  245. ****************************************************
  246. MOBILE TARGETING
  247. ****************************************************
  248. ***************************************************/
  249. @media only screen and (max-device-width: 480px) {
  250. /* Part one of controlling phone number linking for mobile. */
  251. a[href^=\"tel\"], a[href^=\"sms\"] {
  252. text-decoration: none;
  253. color: blue; /* or whatever your want */
  254. pointer-events: none;
  255. cursor: default;
  256. }
  257. .mobile_link a[href^=\"tel\"], .mobile_link a[href^=\"sms\"] {
  258. text-decoration: default;
  259. color: orange !important;
  260. pointer-events: auto;
  261. cursor: default;
  262. }
  263. }
  264.  
  265. /* More Specific Targeting */
  266.  
  267. @media only screen and (min-device-width: 768px) and (max-device-width: 1024px) {
  268. /* You guessed it, ipad (tablets, smaller screens, etc) */
  269. /* repeating for the ipad */
  270. a[href^=\"tel\"], a[href^=\"sms\"] {
  271. text-decoration: none;
  272. color: blue; /* or whatever your want */
  273. pointer-events: none;
  274. cursor: default;
  275. }
  276. .mobile_link a[href^=\"tel\"], .mobile_link a[href^=\"sms\"] {
  277. text-decoration: default;
  278. color: orange !important;
  279. pointer-events: auto;
  280. cursor: default;
  281. }
  282. }
  283. </style>
  284. <!-- Targeting Windows Mobile -->
  285. <!--[if IEMobile 7]>
  286. <style type=\"text/css\">
  287.  
  288. </style>
  289. <![endif]-->
  290.  
  291. <!-- ***********************************************
  292. ****************************************************
  293. END MOBILE TARGETING
  294. ****************************************************
  295. ************************************************ -->
  296. <!--[if gte mso 9]>
  297. <style>
  298. /* Target Outlook 2007 and 2010 */
  299. </style>
  300. <![endif]-->
  301. </head>
  302. <body style=\"padding:0; margin:0;\" bgcolor=\"#ffffff\">
  303. <table border=\"0\" cellpadding=\"0\" cellspacing=\"0\" width=\"100%\" bgcolor=\"#3b81bc\">
  304. <tr>
  305. <td align=\"center\"><center>
  306. <table border=\"0\" width=\"600\" cellpadding=\"0\" cellspacing=\"0\">
  307. <tr>
  308. <td style=\"color:#ffffff !important; font-size:24px; font-family: Arial, Verdana, sans-serif; padding-left:10px;\" height=\"40\"><img src=\"".$i[site]."/logomarcas/npop_logo_email.png\" alt=\"\" style=\"display:block;\" /></td>
  309. <td align=\"right\" height=\"45\" style=\"color:#FFFFFF !important; font-size:11px; font-family: Helvetica Neue Light, Helvetica Neue Regular, Helvetica, Arial;\">Tentativas inv�lidas de acesso.<br />
  310. Data/Hora: ".$data." �s ".$hora_cad."</td>
  311. </tr>
  312. </table>
  313. </center></td>
  314. </tr>
  315. </table>
  316. <table border=\"0\" cellpadding=\"0\" cellspacing=\"0\" width=\"100%\" bgcolor=\"#ffffff\">
  317. <tr>
  318. <td align=\"center\"><center>
  319. <table border=\"0\" width=\"600\" cellpadding=\"0\" cellspacing=\"0\">
  320. <tr>
  321. <td style=\"color:#333333 !important; font-size:20px; font-family: Arial, Verdana, sans-serif; padding-left:10px;\" height=\"40\">
  322. <h3 style=\"font-weight:normal; margin: 20px 0 0 0;\">Sinal de Alerta</h3>
  323. <h2 style=\"font-weight:normal; margin: 0;\">Atenção para tentativas inv�lidas de login</h2>
  324. <p style=\"font-size:14px; line-height:18px;\">
  325. Prezado(a) administrador do site NPop, <br /><br />
  326.  
  327. Observamos que ocorreu mais de duas tentativas inv�lidas de acesso a �rea do anunciante.</p>
  328. <p style=\"font-size:14px; line-height:18px;\">Login: <a href=\"#\">JohnDoe@johndoesemail.com</a><br />
  329. Data/Hora: ".$data." - ".$hora_cad."<br />
  330. IP: ".$ip."<br /><br/>
  331. Atenciosamente:<br/>
  332. Monitoramento <a href=\"".$i['site']."\">".utf8_decode($i['copyright'])."</a>
  333. </p>
  334. </td>
  335. </tr>
  336. </table>
  337. </center></td>
  338. </tr>
  339. </table>
  340. </center></td>
  341. </tr>
  342. </table>
  343. <table border=\"0\" cellpadding=\"0\" cellspacing=\"0\" width=\"100%\" bgcolor=\"#3b81bc\">
  344. <tr>
  345. <td align=\"center\"><center>
  346. <table border=\"0\" width=\"600\" cellpadding=\"0\" cellspacing=\"0\">
  347. <tr>
  348. <td style=\"color:#ffffff !important; font-size:20px; font-family: Arial, Verdana, sans-serif; padding-left:10px;\" height=\"40\"><center>
  349. <p style=\"font-size:10px; line-height:14px;\"> * O $i[copyright] conta com um sistema de aviso caso haja mais de duas tentativas de acesso sem sucesso.<br/>
  350. Não responda a este e-mail. Os e-mails enviados a este endereço não serão respondidos.<br/>
  351. Copyright &copy; 2016"; if($ano != "2016") { " - $ano";} "$i[copyright]. Todos os direitos reservados.
  352. </p>
  353. </center></td>
  354. </tr>
  355. </table>
  356. </center></td>
  357. </tr>
  358. </table>
  359. </body>
  360. </html>";
  361. //final do phpmail
  362. $sql_inclu = "INSERT INTO usuarios_banidos (usuario_id, time) VALUES ('$linha2[id]', '$now')";
  363. $exe_inclu = mysql_query($sql_inclu) or die (mysql_error());
  364.  
  365. echo "<meta http-equiv='refresh' content='0;URL=entrar?ac=". base64_encode('banido') ."&token=$email2&ref=$ref2'>";
  366. die;
  367. }
  368. $sql_inclu = "INSERT INTO usuarios_banidos (usuario_id, time) VALUES ('$linha2[id]', '$now')";
  369. $exe_inclu = mysql_query($sql_inclu) or die (mysql_error());
  370.  
  371. echo "<meta http-equiv='refresh' content='0;URL=entrar?ac=". base64_encode('senha') ."&token=$email2&ref=$ref2'>";
  372. die;
  373. }
  374. //REGISTRA SE��O
  375. $sessao["erro"] = "";
  376. $sessao["logado"] = true;
  377. $sessao["login"]= "$login";
  378. $sessao["timeout"] = time();
  379. $_SESSION["sessao"] = $sessao;
  380. session_name("SESS");
  381. session_start();
  382. $sessao_id = session_id();
  383. $timestamp = time();
  384. if (!isset($_SESSION["sessao"])) { //Inicializa variavel Sessao
  385. $sessao = array();
  386. $sessao["erro"] = "";
  387. $sessao["logado"]=false;
  388. $sessao["login"]= "";
  389. $sessao["timeout"]="";
  390. $_SESSION["sessao"] = $sessao; //Grava variavel sessao
  391. }
  392. else {
  393. $sessao = $_SESSION["sessao"]; //Recupera dados da variavel Sessao
  394. }
  395. include ("atualizar/incluso/config.php");
  396. $ref2 = $_POST['ref'];
  397. $now = time();
  398. $dt = date("Y-m-d");
  399. $hora_cad = strftime("%H:%M:%S");
  400. $data = (!empty($dt)?substr($dt,8,2).'/'.substr($dt,5,2).'/'.substr($dt,0,4):date('d.m.Y'));
  401.  
  402. if(!empty($ref2)){
  403. $vai = "<meta http-equiv='refresh' content='0;URL=$ref2'>";
  404. } else {
  405. $vai = "<meta http-equiv='refresh' content='0;URL=./anuncios'>";
  406. }
  407. $aclogin = base64_encode('login');
  408. $banido = base64_encode('banido');
  409. $acsenha = base64_encode('senha');
  410. $acstatus = base64_encode('acstatus');
  411. $pendente = base64_encode('pendente');
  412. $acpermissao = base64_encode('permissao');
  413. // VERIFICA SE EXISTE O USU�RIO
  414. if(isset($_POST["email"])) {
  415. $login = $_POST['email'];
  416. $email2 = base64_encode($login);
  417. }
  418. $sql = mysql_query("SELECT id, email FROM usuarios WHERE email = '$login'");
  419. $total = mysql_num_rows($sql);
  420. $linha = mysql_fetch_array($sql);
  421. if ( $total > 0 ){ // ABRE SE O LOGIN EXISTE
  422. } // FECHA SE O LOGIN EXISTE
  423. else {
  424. echo "<meta http-equiv='refresh' content='0;URL=entrar?ac=". base64_encode('login') ."&token=$email2&ref=$ref2'>";
  425. die;
  426. }
  427. // VERIFICA SE EST� PENDENTE DE CONFIFRMA��O
  428. $sql2 = mysql_query("SELECT id, senha, salt FROM usuarios WHERE email = '$login' and status = 'zero'");
  429. $total2 = mysql_num_rows($sql2);
  430. $linha2 = mysql_fetch_array($sql2);
  431. if ( $total2 > 0 ){
  432. echo "<meta http-equiv='refresh' content='0;URL=entrar?ac=". base64_encode('pendente') ."&token=$email2&ref=$ref2'>";
  433. die;
  434. }
  435. // VERIFICA SE O USU�RIO EST� ATIVO
  436. $sql2 = mysql_query("SELECT id, email, senha, salt FROM usuarios WHERE email = '$login' and status = 'sim'");
  437. $total2 = mysql_num_rows($sql2);
  438. $linha2 = mysql_fetch_array($sql2);
  439. if ( $total2 > 0 ){
  440. $senha_valida = $linha2["senha"];
  441. $salt = $linha2["salt"];
  442. } else {
  443. echo "<meta http-equiv='refresh' content='0;URL=entrar?ac=". base64_encode('status') ."&token=$email2&ref=$ref2'>";
  444. die;
  445. }
  446. // VERIFICA SE A SENHA � IGUAL � DIGITADA
  447. if(isset($_POST["senha"])) {
  448. $senha = $_POST["senha"];
  449. //$senha = md5(anti_injection($_POST["password"]));
  450. $senha = hash('sha512', $senha . $salt);
  451. //$senha = hash('sha512', $senha);
  452. }
  453. if ($senha == "$senha_valida"){
  454.  
  455. // Todas as tentativas de login s�o contadas a partir das �ltimas 1 horas.
  456. $valid_attempts = $now - (1 * 60 * 60);
  457. $sqlBrute = mysql_query("SELECT * FROM usuarios_banidos WHERE usuario_id = '$linha[id]' AND time > '$valid_attempts'");
  458. $totalBrute = mysql_num_rows($sqlBrute);
  459. if ($totalBrute > 2) {
  460.  
  461. echo "<meta http-equiv='refresh' content='0;URL=entrar.php?ac=$banido&token=$email2&ref=$ref2'>";
  462. die;
  463. }
  464. $sql_inclu = "INSERT INTO usuarios_banidos (usuario_id, time) VALUES ('$linha2[id]', '$now')";
  465. $exe_inclu = mysql_query($sql_inclu) or die (mysql_error());
  466.  
  467. $data = date ("Y-m-d");
  468. $hora = strftime("%H:%M:%S");
  469. $sql_logar = "SELECT * FROM usuarios WHERE email = '$login' && senha = '$senha'";
  470. $exe_logar = mysql_query($sql_logar) or die (mysql_error());
  471. $fet_logar = mysql_fetch_assoc($exe_logar);
  472. $num_logar = mysql_num_rows($exe_logar);
  473. $ip_u = $fet_logar['ip'];
  474. $data_u = $fet_logar['data'];
  475. $hora_u = $fet_logar['hora'];
  476. $id_user = $fet_logar['id'];
  477. $visitas = $fet_logar['visitas'] + 1;
  478. $insere = mysql_query("UPDATE usuarios SET data_u = '".$data_u."', hora_u = '".$hora_u."', ip_upd = '".$ip_u."' WHERE email = '".$login."'");
  479. //VERIFICAR SE O USUARIO JA ESTA CONECTADO E EXCLUIR O LOG DE usuarios_online
  480. $sql_busca = "SELECT login FROM usuarios_online WHERE login = '".$login."'";
  481. $exe_busca = mysql_query($sql_busca) or die (mysql_error());
  482. $num_busca = mysql_num_rows($exe_busca);
  483. if ($num_busca > 0){
  484. $sql = mysql_query("DELETE FROM usuarios_online WHERE login='".$login."'");
  485. }
  486. $sql_inclu = "INSERT INTO usuarios_online(codigo_usu, login, sessao, entrada, entrada2, hora, ip, ult_clique) VALUES
  487. ('$id_user', '$email', '$sessao_id', '$data', '$timestamp', '$hora', '". $_SERVER['REMOTE_ADDR'] ."', '$timestamp')";
  488. $exe_inclu = mysql_query($sql_inclu) or die (mysql_error());
  489. $sql_inclu = "INSERT INTO usuario_log(id, id_user, login, entrada, hora, ip) VALUES
  490. ('','$id_user', '$login', '$data', '$hora', '". $_SERVER['REMOTE_ADDR'] ."')";
  491. $exe_inclu = mysql_query($sql_inclu) or die (mysql_error());
  492. $sql_update = "UPDATE usuarios SET hora='$hora', data='$data', ip='". $_SERVER['REMOTE_ADDR'] ."', visitas = '".$visitas."' WHERE email = '$login'";
  493. $exe_update = mysql_query($sql_update) or die (mysql_error());
  494. $sql2 = "SELECT * FROM usuarios WHERE email = '$login'";
  495. $verifica = mysql_query($sql2) or die (mysql_error());
  496. $s = mysql_fetch_assoc($verifica);
  497.  
  498. //EXCLUIR USU�RIO DO BRUTEFORCE
  499. $sql_banido = mysql_query("SELECT * FROM usuarios_banidos WHERE usuario_id='".$fet_logar[id]."'");
  500. while ($banido = mysql_fetch_array($sql_banido)) {
  501. mysql_query("DELETE FROM usuarios_banidos WHERE usuario_id='".$fet_logar[id]."'");
  502. }
  503.  
  504. if ($s['nivel'] == 1){
  505. echo "<meta http-equiv='refresh' content='0;URL=/atualizar/admin.php'>";
  506. } elseif ($s['nivel'] == 2){
  507. echo "$vai";
  508. } elseif ($s['nivel'] == 100){
  509. echo "<meta http-equiv='refresh' content='0;URL=master.php'>";
  510. } elseif ($s['nivel'] == 3){
  511. echo "<meta http-equiv='refresh' content='0;URL=vip.php'>";
  512. }
  513. //2 = Administrador
  514. else {
  515. echo "<meta http-equiv='refresh' content='0;URL=entrar?ac=". base64_encode('permissao') ."&token=$email2&ref=$ref2'>";
  516.  
  517. }
  518.  
  519. } else {
  520.  
  521. // Todas as tentativas de login s�o contadas a partir das �ltimas 1 horas.
  522. $valid_attempts = $now - (1 * 60 * 60);
  523. $sqlBrute = mysql_query("SELECT * FROM usuarios_banidos WHERE usuario_id = '$linha[id]' AND time > '$valid_attempts'");
  524. $totalBrute = mysql_num_rows($sqlBrute);
  525. if ($totalBrute > 2) {
  526. //phpmail
  527. if (!class_exists("phpmailer")) {
  528. require("PHPMailerAutoload.php");
  529. }
  530. $cMail = new PHPMailer();
  531. $cMail->IsSMTP();
  532. // dados para autentica��o no servidor SMTP
  533. $cMail->Host = "".$i['smtp_servidor']."";
  534. $cMail->SMTPAuth = true;
  535. $cMail->Username = "".$i['smtp_email']."";
  536. $cMail->Password = "".$i['smtp_senha']."";
  537. // caso queira enviar o email no formato HTML adicione a linha
  538. $cMail->IsHTML(true);
  539. // email de origem
  540. $cMail->CharSet = 'UTF-8';
  541. $cMail->From = "nobody@npop.com.br";
  542. $cMail->FromName = "".utf8_decode($i['copyright'])." - Monitoramento";
  543. //email de destino
  544. //$cMail->AddAddress("".$email."");
  545. $cMail->AddAddress("".$i['email_principal']."", "Tentativas inv�lidas de login - ".utf8_decode($i['copyright'])."");
  546. $cMail->AddCC("".$i['email_alternativo']."", "Tentativas inv�lidas de login - ".utf8_decode($i['copyright']).""); // C�pia
  547. //anexos
  548. //$cMail->AddAttachment("/tmp/documento.pdf", "novo_nome.pdf"); // Insere um anexo
  549. // assunto da mensagem
  550. $cMail->Subject = "Tentativas inv�lidas de login ".utf8_decode($i['copyright'])."";
  551. // conteudo da mensagem mensagem
  552. $cMail->Body = "<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.0 Strict//EN\" \"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd\">
  553. <html xmlns=\"http://www.w3.org/1999/xhtml\">
  554. <head>
  555. <meta http-equiv=\"Content-Type\" content=\"text/html; charset=utf-8\" />
  556. <meta name=\"viewport\" content=\"width=device-width, initial-scale=1.0\"/>
  557. <title>Verificar Conta</title>
  558. <style type=\"text/css\">
  559. /* Based on The MailChimp Reset INLINE: Yes. */
  560. /* Client-specific Styles */
  561. #outlook a {
  562. padding: 0;
  563. } /* Force Outlook to provide a \"view in browser\" menu link. */
  564. body {
  565. width: 100% !important;
  566. -webkit-text-size-adjust: 100%;
  567. -ms-text-size-adjust: 100%;
  568. margin: 0;
  569. padding: 0;
  570. }
  571. .ExternalClass {
  572. width: 100%;
  573. } /* Force Hotmail to display emails at full width */
  574. .ExternalClass, .ExternalClass p, .ExternalClass span, .ExternalClass font, .ExternalClass td, .ExternalClass div {
  575. line-height: 100%;
  576. }
  577. /* Forces Hotmail to display normal line spacing. More on that: http://www.emailonacid.com/forum/viewthread/43/ */
  578. #backgroundTable {
  579. margin: 0;
  580. padding: 0;
  581. width: 100% !important;
  582. line-height: 100% !important;
  583. }
  584. /* End reset */
  585.  
  586. /* Some sensible defaults for images
  587. Bring inline: Yes. */
  588. img {
  589. outline: none;
  590. text-decoration: none;
  591. -ms-interpolation-mode: bicubic;
  592. }
  593. a img {
  594. border: none;
  595. }
  596. .image_fix {
  597. display: block;
  598. }
  599. /* Yahoo paragraph fix
  600. Bring inline: Yes. */
  601. p {
  602. margin: 1em 0;
  603. }
  604. /* Hotmail header color reset
  605. Bring inline: Yes. */
  606. h1, h2, h3, h4, h5, h6 {
  607. color: black !important;
  608. }
  609. h1 a, h2 a, h3 a, h4 a, h5 a, h6 a {
  610. color: blue !important;
  611. }
  612. h1 a:active, h2 a:active, h3 a:active, h4 a:active, h5 a:active, h6 a:active {
  613. color: red !important; /* Preferably not the same color as the normal header link color. There is limited support for psuedo classes in email clients, this was added just for good measure. */
  614. }
  615. h1 a:visited, h2 a:visited, h3 a:visited, h4 a:visited, h5 a:visited, h6 a:visited {
  616. color: purple !important; /* Preferably not the same color as the normal header link color. There is limited support for psuedo classes in email clients, this was added just for good measure. */
  617. }
  618. /* Outlook 07, 10 Padding issue fix
  619. Bring inline: No.*/
  620. table td {
  621. border-collapse: collapse;
  622. }
  623. /* Remove spacing around Outlook 07, 10 tables
  624. Bring inline: Yes */
  625. table {
  626. border-collapse: collapse;
  627. mso-table-lspace: 0pt;
  628. mso-table-rspace: 0pt;
  629. }
  630. /***************************************************
  631. ****************************************************
  632. MOBILE TARGETING
  633. ****************************************************
  634. ***************************************************/
  635. @media only screen and (max-device-width: 480px) {
  636. /* Part one of controlling phone number linking for mobile. */
  637. a[href^=\"tel\"], a[href^=\"sms\"] {
  638. text-decoration: none;
  639. color: blue; /* or whatever your want */
  640. pointer-events: none;
  641. cursor: default;
  642. }
  643. .mobile_link a[href^=\"tel\"], .mobile_link a[href^=\"sms\"] {
  644. text-decoration: default;
  645. color: orange !important;
  646. pointer-events: auto;
  647. cursor: default;
  648. }
  649. }
  650.  
  651. /* More Specific Targeting */
  652.  
  653. @media only screen and (min-device-width: 768px) and (max-device-width: 1024px) {
  654. /* You guessed it, ipad (tablets, smaller screens, etc) */
  655. /* repeating for the ipad */
  656. a[href^=\"tel\"], a[href^=\"sms\"] {
  657. text-decoration: none;
  658. color: blue; /* or whatever your want */
  659. pointer-events: none;
  660. cursor: default;
  661. }
  662. .mobile_link a[href^=\"tel\"], .mobile_link a[href^=\"sms\"] {
  663. text-decoration: default;
  664. color: orange !important;
  665. pointer-events: auto;
  666. cursor: default;
  667. }
  668. }
  669. </style>
  670. <!-- Targeting Windows Mobile -->
  671. <!--[if IEMobile 7]>
  672. <style type=\"text/css\">
  673.  
  674. </style>
  675. <![endif]-->
  676.  
  677. <!-- ***********************************************
  678. ****************************************************
  679. END MOBILE TARGETING
  680. ****************************************************
  681. ************************************************ -->
  682. <!--[if gte mso 9]>
  683. <style>
  684. /* Target Outlook 2007 and 2010 */
  685. </style>
  686. <![endif]-->
  687. </head>
  688. <body style=\"padding:0; margin:0;\" bgcolor=\"#ffffff\">
  689. <table border=\"0\" cellpadding=\"0\" cellspacing=\"0\" width=\"100%\" bgcolor=\"#3b81bc\">
  690. <tr>
  691. <td align=\"center\"><center>
  692. <table border=\"0\" width=\"600\" cellpadding=\"0\" cellspacing=\"0\">
  693. <tr>
  694. <td style=\"color:#ffffff !important; font-size:24px; font-family: Arial, Verdana, sans-serif; padding-left:10px;\" height=\"40\"><img src=\"".$i['site']."/logomarcas/npop_logo_email.png\" alt=\"\" style=\"display:block;\" /></td>
  695. <td align=\"right\" height=\"45\" style=\"color:#FFFFFF !important; font-size:11px; font-family: Helvetica Neue Light, Helvetica Neue Regular, Helvetica, Arial;\">Tentativas inválidas de acesso.<br />
  696. Data/Hora: ".$data." às ".$hora_cad."</td>
  697. </tr>
  698. </table>
  699. </center></td>
  700. </tr>
  701. </table>
  702. <table border=\"0\" cellpadding=\"0\" cellspacing=\"0\" width=\"100%\" bgcolor=\"#ffffff\">
  703. <tr>
  704. <td align=\"center\"><center>
  705. <table border=\"0\" width=\"600\" cellpadding=\"0\" cellspacing=\"0\">
  706. <tr>
  707. <td style=\"color:#333333 !important; font-size:20px; font-family: Arial, Verdana, sans-serif; padding-left:10px;\" height=\"40\">
  708. <h3 style=\"font-weight:normal; margin: 20px 0 0 0;\">Sinal de Alerta</h3>
  709. <h2 style=\"font-weight:normal; margin: 0;\">Atenção para tentativas inválidas de login</h2>
  710. <p style=\"font-size:14px; line-height:18px;\">
  711. Prezado(a) administrador do site NPop, <br /><br />
  712.  
  713. Observamos que ocorreu mais de duas tentativas inválidas de acesso a área do anunciante.</p>
  714. <p style=\"font-size:14px; line-height:18px;\">Login: <a href=\"#\">".$_POST["email"]."</a><br />
  715. Data/Hora: ".$data." - ".$hora_cad."<br />
  716. IP: ".$ip."<br /><br/>
  717. Atenciosamente:<br/>
  718. Monitoramento <a href=\"".$i['site']."\">".utf8_decode($i['copyright'])."</a>
  719. </p>
  720. </td>
  721. </tr>
  722. </table>
  723. </center></td>
  724. </tr>
  725. </table>
  726. </center></td>
  727. </tr>
  728. </table>
  729. <table border=\"0\" cellpadding=\"0\" cellspacing=\"0\" width=\"100%\" bgcolor=\"#3b81bc\">
  730. <tr>
  731. <td align=\"center\"><center>
  732. <table border=\"0\" width=\"600\" cellpadding=\"0\" cellspacing=\"0\">
  733. <tr>
  734. <td style=\"color:#ffffff !important; font-size:20px; font-family: Arial, Verdana, sans-serif; padding-left:10px;\" height=\"40\"><center>
  735. <p style=\"font-size:10px; line-height:14px;\"> * O $i[copyright] conta com um sistema de aviso caso haja mais de duas tentativas de acesso sem sucesso.<br/>
  736. Não responda a este e-mail. Os e-mails enviados a este endereço não serão respondidos.<br/>
  737. Copyright &copy; $ano " . $i['copyright'] . ". Todos os direitos reservados.
  738. </p>
  739. </center></td>
  740. </tr>
  741. </table>
  742. </center></td>
  743. </tr>
  744. </table>
  745. </body>
  746. </html>";
  747. //final do phpmail
  748.  
  749. $sql_inclu = $mysqli->query("INSERT INTO usuarios_banidos (usuario_id, time) VALUES ('$linha2[id]', '$now')");
  750. echo "<meta http-equiv='refresh' content='0;URL=entrar.php?ac=". base64_encode('banido') ."&token=$email2&ref=$ref2'>";
  751. die;
  752. }
  753. $sql_inclu = $mysqli->query("INSERT INTO usuarios_banidos (usuario_id, time) VALUES ('$linha2[id]', '$now')");
  754. echo "<meta http-equiv='refresh' content='0;URL=entrar.php?ac=". base64_encode('senha') ."&token=$email2&ref=$ref2'>";
  755. die;
  756. }
  757. $sessao["erro"] = "";
  758. $sessao["logado"] = true;
  759. $sessao["login"]= "$login";
  760. $sessao["timeout"] = time();
  761. $_SESSION["sessao"] = $sessao;
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!