Guest User

Untitled

a guest
Mar 8th, 2018
83
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 11.13 KB | None | 0 0
  1. <?PHP
  2.  
  3. /***************************************************************************
  4. CuteNews CutePHP.com
  5. Copyright (C) 2005 Georgi Avramov (flexer@cutephp.com)
  6. ****************************************************************************/
  7.  
  8. error_reporting (E_ALL ^ E_NOTICE);
  9.  
  10. require_once("./inc/functions.inc.php");
  11. //#################
  12.  
  13. $PHP_SELF = "index.php";
  14. $cutepath = ".";
  15. $config_path_image_upload = "./data/upimages";
  16.  
  17. $config_use_cookies = TRUE; // Use Cookies When Checking Authorization
  18. $config_use_sessions = FALSE; // Use Sessions When Checking Authorization
  19. $config_check_referer = TRUE; // Set to TRUE for more seciruty
  20. //#################
  21.  
  22. $Timer = new microTimer;
  23. $Timer->start();
  24.  
  25. // Check if CuteNews is not installed
  26. $all_users_db = file("./data/users.db.php");
  27. $check_users = $all_users_db;
  28. $check_users[1] = trim($check_users[1]);
  29. $check_users[2] = trim($check_users[2]);
  30. if((!$check_users[2] or $check_users[2] == "") and (!$check_users[1] or $check_users[1] == "")){
  31. if(!file_exists("./inc/install.php")){ die('<h2>Error!</h2>CuteNews detected that you do not have users in your users.db.php file and wants to run the install module.<br>
  32. However, the install module (<b>./inc/install.php</b>) can not be located, please reupload this file and make sure you set the proper permissions so the installation can continue.'); }
  33. require("./inc/install.php");
  34. die();
  35. }
  36.  
  37. require_once("./data/config.php");
  38. if(isset($config_skin) and $config_skin != "" and file_exists("./skins/${config_skin}.skin.php")){
  39. require_once("./skins/${config_skin}.skin.php");
  40. }else{
  41. $using_safe_skin = true;
  42. require_once("./skins/default.skin.php");
  43. }
  44.  
  45. // Check if there's copyright logo and Force if not
  46. b64dck();
  47.  
  48. if($config_use_sessions){
  49. @session_start();
  50. @header("Cache-control: private");
  51. }
  52.  
  53. if($action == "logout")
  54. {
  55. setcookie("md5_password","");
  56. setcookie("username","");
  57. setcookie("login_referer","");
  58.  
  59. if($config_use_sessions){
  60. @session_destroy();
  61. @session_unset();
  62. setcookie(session_name(),"");
  63. }
  64. msg("info", "Logout", "You are now logged out, <a href=\"$PHP_SELF\">login</a><br /><br>");
  65. }
  66.  
  67.  
  68. !!$is_loged_in = FALSE;
  69. !!$cookie_logged = FALSE;
  70. !!$session_logged = FALSE;
  71. $temp_arr = explode("?", $HTTP_REFERER);
  72. $HTTP_REFERER = $temp_arr[0];
  73. if(substr($HTTP_REFERER, -1) == "/"){ $HTTP_REFERER.= "index.php"; }
  74.  
  75. // Check if The User is Identified
  76.  
  77.  
  78. !!if($config_use_cookies == TRUE){
  79. /* Login Authorization using COOKIES */
  80.  
  81. !! if(isset($username))
  82. {
  83. echo "hi";
  84.  
  85. if(isset($HTTP_COOKIE_VARS["md5_password"])){ $cmd5_password = $HTTP_COOKIE_VARS["md5_password"]; }
  86. elseif(isset($_COOKIE["md5_password"])){ $cmd5_password = $_COOKIE["md5_password"]; }
  87. else{ $cmd5_password = md5($password); }
  88.  
  89.  
  90. // Do we have correct username and password ?
  91. if(check_login($username, $cmd5_password))
  92. {
  93. if($action == 'dologin'){
  94. setcookie("lastusername", $username, time()+1012324305);
  95. if($rememberme == 'yes'){
  96. setcookie("username", $username, time()+60*60*24*30);
  97. setcookie("md5_password", $cmd5_password, time()+60*60*24*30);
  98. }
  99. else{
  100. setcookie("username", $username);
  101. setcookie("md5_password", $cmd5_password);
  102. }
  103. }
  104.  
  105. $cookie_logged = TRUE;
  106.  
  107. }else{
  108. setcookie("username", FALSE);
  109. setcookie("md5_password", FALSE);
  110. $result = "<font color=red>Wrong username or password</font>";
  111. $cookie_logged = FALSE;
  112. }
  113. }
  114. /* END Login Authorization using COOKIES */
  115. }
  116.  
  117. if($config_use_sessions == TRUE){
  118. /* Login Authorization using SESSIONS */
  119. if(isset($HTTP_X_FORWARDED_FOR)){ $ip = $HTTP_X_FORWARDED_FOR; }
  120. elseif(isset($HTTP_CLIENT_IP)) { $ip = $HTTP_CLIENT_IP; }
  121. if($ip == "") { $ip = $REMOTE_ADDR; }
  122. if($ip == "") { $ip = "not detected";}
  123.  
  124. if($action == "dologin")
  125. {
  126. $md5_password = md5($password);
  127. if(check_login($username, $md5_password)){
  128. $session_logged = TRUE;
  129.  
  130. @session_register('username');
  131. @session_register('md5_password');
  132. @session_register('ip');
  133. @session_register('login_referer');
  134.  
  135. $_SESSION['username'] = "$username";
  136. $_SESSION['md5_password'] = "$md5_password";
  137. $_SESSION['ip'] = "$ip";
  138. $_SESSION['login_referer'] = "$HTTP_REFERER";
  139.  
  140. }else{
  141. $result = "<font color=red>Wrong username and/or password</font>";
  142. $session_logged = FALSE;
  143. }
  144. }elseif(isset($_SESSION['username'])){ // Check the if member is using valid username/password
  145. if(check_login($_SESSION['username'], $_SESSION['md5_password'])){
  146. if($_SESSION['ip'] != $ip){ $session_logged = FALSE; $result = "The IP in the session doesn not match with your IP"; }
  147. else{ $session_logged = TRUE; }
  148. }else{
  149. $result = "<font color=red>Wrong username and/or password !!!</font>";
  150. $session_logged = FALSE;
  151. }
  152. }
  153.  
  154. if(!$username){ $username = $_SESSION['username']; }
  155. /* END Login Authorization using SESSIONS */
  156. }
  157.  
  158. ###########################
  159.  
  160. if($session_logged == TRUE or $cookie_logged == TRUE){
  161. if($action == 'dologin'){
  162. //-------------------------------------------
  163. // Modify the Last Login Date of the user
  164. //-------------------------------------------
  165. $old_users_db = $all_users_db;
  166. $modified_users = fopen("./data/users.db.php", "w");
  167. foreach($old_users_db as $old_users_db_line){
  168. $old_users_db_arr = explode("|", $old_users_db_line);
  169. if($member_db[0] != $old_users_db_arr[0]){
  170. fwrite($modified_users, "$old_users_db_line");
  171. }else{
  172. fwrite($modified_users, "$old_users_db_arr[0]|$old_users_db_arr[1]|$old_users_db_arr[2]|$old_users_db_arr[3]|$old_users_db_arr[4]|$old_users_db_arr[5]|$old_users_db_arr[6]|$old_users_db_arr[7]|$old_users_db_arr[8]|".time()."||\n");
  173. }
  174. }
  175. fclose($modified_users);
  176. }
  177.  
  178. $is_loged_in = TRUE;
  179. }
  180.  
  181. ###########################
  182.  
  183. // If User is Not Logged In, Display The Login Page
  184. if($is_loged_in == FALSE)
  185. {
  186. if($config_use_sessions){
  187. @session_destroy();
  188. @session_unset();
  189. }
  190.  
  191. // setcookie("username","");
  192. // setcookie("password","");
  193. // setcookie("md5_password","");
  194. // setcookie("login_referer","");
  195.  
  196. echoheader("user","Please Login");
  197.  
  198. if($config_allow_registration == "yes"){ $allow_reg_status = "<a href='register.php'>(register)</a> "; }else{ $allow_reg_status = ""; }
  199.  
  200. echo "
  201. <table width=\"100%\" border=0 cellpadding=1 cellspacing=0>
  202. <form name=login action='$PHP_SELF' method=post>
  203. <tr>
  204.  
  205. <td width=80>Username: </td>
  206. <td width='160'><input tabindex=1 type=text name=username value='$lastusername' style='width:150;'></td>
  207. <td>&nbsp;$allow_reg_status</a></td>
  208. </tr>
  209. <tr>
  210. <td>Password: </td>
  211. <td><input type=password name=password style='width:150'></td>
  212. <td>&nbsp;<a href='register.php?action=lostpass'>(lost password)</a> </td>
  213. </tr>
  214. <tr>
  215.  
  216. <td></td>
  217. <td style='text-align:left'>
  218. <input accesskey='s' type=submit style=\"width:150; background-color: #F3F3F3;\" value=' Login... '><br/>
  219. </td>
  220. <td style='text-align:left'><label for=rememberme title='Remmber me for 30 days, Do not use on Public-Terminals!'>
  221. <input id=rememberme type=checkbox value=yes style=\"border:0px;\" name=rememberme>
  222. Remember Me</label> </td>
  223. </tr>
  224.  
  225. <tr>
  226. <td align=center colspan=4 style='text-align:left;'>$result</td>
  227. </tr>
  228. <input type=hidden name=action value=dologin>
  229. </form>
  230. </table>";
  231.  
  232. echofooter();
  233. }
  234. elseif($is_loged_in == TRUE)
  235. {
  236.  
  237. //----------------------------------
  238. // Check Referer
  239. //----------------------------------
  240. if($config_check_referer == TRUE){
  241. $self = $_SERVER["SCRIPT_NAME"];
  242. if($self == ""){ $self = $_SERVER["REDIRECT_URL"]; }
  243. if($self == ""){ $self = "index.php"; }
  244.  
  245. if(!eregi("$self",$HTTP_REFERER) and $HTTP_REFERER != ""){
  246. die("<h2>Sorry but your access to this page was denied !</h2><br>try to <a href=\"?action=logout\">logout</a> and then login again<br>To turn off this security check, change \$config_check_referer in index.php to FALSE");
  247. }
  248. }
  249. // ********************************************************************************
  250. // Include System Module
  251. // ********************************************************************************
  252. if($HTTP_SERVER_VARS['QUERY_STRING'] == "debug"){ debug(); }
  253.  
  254. //name of mod //access
  255. $system_modules = array('addnews' => 'user',
  256. 'editnews' => 'user',
  257. 'main' => 'user',
  258. 'options' => 'user',
  259. 'images' => 'user',
  260. 'editusers' => 'admin',
  261. 'editcomments' => 'admin',
  262. 'tools' => 'admin',
  263. 'ipban' => 'admin',
  264. 'about' => 'user',
  265. 'preview' => 'user',
  266. 'categories' => 'admin',
  267. 'massactions' => 'user',
  268. 'help' => 'user',
  269. 'snr' => 'admin',
  270. 'debug' => 'admin',
  271. 'wizards' => 'admin',
  272. );
  273.  
  274.  
  275. if($mod == ""){ require("./inc/main.php"); }
  276. elseif( $system_modules[$mod] )
  277. {
  278. if( $member_db[1] == 4 and $mod != 'options'){ msg('error', 'Error!', 'Access Denied for your user-level (commenter)'); }
  279. elseif( $system_modules[$mod] == "user"){ require("./inc/". $mod . ".php"); }
  280. elseif( $system_modules[$mod] == "admin" and $member_db[1] == 1){ require("./inc/". $mod . ".php"); }
  281. elseif( $system_modules[$mod] == "admin" and $member_db[1] != 1){ msg("error", "Access denied", "Only admin can access this module"); exit; }
  282. else{ die("Module access must be set to <b>user</b> or <b>admin</b>"); }
  283. }
  284. else{ die("$mod is NOT a valid module"); }
  285. }
  286.  
  287. echo"<!-- execution time: ".$Timer->stop()." -->";
  288. ?>
Add Comment
Please, Sign In to add comment