API tools faq
paste
Guest User

Untitled

a guest
Apr 21st, 2018
214
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 6.60 KB | None | 0 0
raw download clone embed print report
  1. <?php
  2. /*
  3. Ceres Control Panel
  4.  
  5. This is a control pannel program for Athena and Freya
  6. Copyright (C) 2005 by Beowulf and Nightroad
  7.  
  8. This program is free software; you can redistribute it and/or
  9. modify it under the terms of the GNU General Public License
  10. as published by the Free Software Foundation; either version 2
  11. of the License, or (at your option) any later version.
  12.  
  13. This program is distributed in the hope that it will be useful,
  14. but WITHOUT ANY WARRANTY; without even the implied warranty of
  15. MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  16. GNU General Public License for more details.
  17.  
  18. You should have received a copy of the GNU General Public License
  19. along with this program; if not, write to the Free Software
  20. Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
  21.  
  22. To contact any of the authors about special permissions send
  23. an e-mail to cerescp@gmail.com
  24. */
  25.  
  26. session_start();
  27. include_once 'config.php'; // loads config variables
  28. include_once 'query.php'; // imports queries
  29. include_once 'functions.php';
  30. include_once 'bruteforce.php';
  31.  
  32. if (!isset($_SESSION[$CONFIG_name.'account_id']) && isset($_COOKIE['login_pass']) && isset($_COOKIE['userid'])) {
  33.  
  34. $bf_check = bf_check_user(trim($_COOKIE['userid']));
  35. if ($bf_check > 0 || inject(trim($_COOKIE['userid']))) { // Based on Rasqual notes I fix it [BeoWulf]
  36. setcookie("login_pass", "", time() - 3600);
  37. setcookie("userid", "", time() - 3600);
  38. } else {
  39. $query = sprintf(LOGIN_USER, trim($_COOKIE['userid']));
  40. $result = execute_query($query, 'index.php');
  41.  
  42. if($line = $result->fetch_row()) {
  43. if (md5($CONFIG_name.$line[3]) == $_COOKIE['login_pass']) {
  44. $_SESSION[$CONFIG_name.'account_id'] = $line[0];
  45. $_SESSION[$CONFIG_name.'userid'] = $line[1];
  46. $_SESSION[$CONFIG_name.'level'] = $line[2];
  47. setcookie("login_pass", $_COOKIE['login_pass'], time() + 3600 * 24 * 30);
  48. setcookie("userid", $_COOKIE['userid'], time() + 3600 * 24 * 30);
  49. } else {
  50. setcookie("login_pass", "", time() - 3600);
  51. setcookie("userid", "", time() - 3600);
  52.  
  53. bf_error(trim($_COOKIE['userid']));
  54. echo "<script type=\"text/javascript\">LINK_ajax('login.php','login_div');</script>";
  55. alert($lang['COOKIE_REJECTED']);
  56. }
  57. } else {
  58. setcookie("login_pass", "", time() - 3600);
  59. setcookie("userid", "", time() - 3600);
  60.  
  61. bf_error(trim($_COOKIE['userid']));
  62. echo "<script type=\"text/javascript\">LINK_ajax('login.php','login_div');</script>";
  63. alert($lang['COOKIE_REJECTED']);
  64. }
  65. }
  66. }
  67.  
  68. if (!empty($POST_opt)) {
  69. if ($POST_opt == 1 && isset($POST_frm_name) && !strcmp($POST_frm_name, "login")) {
  70. if (inject($POST_username) || inject($POST_login_pass))
  71. alert($lang['INCORRECT_CHARACTER']);
  72.  
  73. $session = $_SESSION[$CONFIG_name.'sessioncode'];
  74. if ($CONFIG_auth_image && function_exists("gd_info")
  75. && strtoupper($POST_code) != substr(strtoupper(md5("Mytext".$session['login'])), 0, 6))
  76. alert($lang['INCORRECT_CODE']);
  77.  
  78. if (strlen($POST_username) > 23 || strlen($POST_username) < 4)
  79. alert($lang['USERNAME_LENGTH']);
  80.  
  81. if (strlen($POST_login_pass) > 23 || strlen($POST_login_pass) < 4)
  82. alert($lang['PASSWORD_LENGTH_OLD']);
  83.  
  84. $bf_check = bf_check_user(trim($POST_username));
  85. if ($bf_check > 0) {
  86. $msg = sprintf($lang['BLOCKED'], $bf_check);
  87. alert($msg);
  88. }
  89.  
  90. $query = sprintf(LOGIN_USER, trim($POST_username));
  91. $result = execute_query($query, 'index.php');
  92.  
  93. if($line = $result->fetch_row()) {
  94. if ($CONFIG_md5_pass)
  95. $POST_login_pass = md5($POST_login_pass);
  96.  
  97. if ($line[3] == $POST_login_pass) {
  98. $_SESSION[$CONFIG_name.'account_id'] = $line[0];
  99. $_SESSION[$CONFIG_name.'userid'] = $line[1];
  100. $_SESSION[$CONFIG_name.'level'] = $line[2];
  101.  
  102. if ($POST_remember_me) {
  103. setcookie("login_pass", md5($CONFIG_name.$line[3]), time() + 3600 * 24 * 30);
  104. setcookie("userid", $line[1], time() + 3600 * 24 * 30);
  105. }
  106. } else {
  107. bf_error(trim($POST_username));
  108. alert($lang['WRONG_USERNAME_PASSWORD']);
  109. }
  110. } else {
  111. bf_error(trim($POST_username));
  112. alert($lang['WRONG_USERNAME_PASSWORD']);
  113. }
  114.  
  115. }
  116. }
  117.  
  118. if (isset($GET_opt) && $GET_opt == 2) {
  119. session_destroy();
  120. setcookie("login_pass", "", time() - 3600);
  121. setcookie("userid", "", time() - 3600);
  122. session_start();
  123. echo "
  124. <script type=\"text/javascript\">
  125. LINK_ajax('motd.php','main_div');
  126. load_menu();
  127. login_hide(1);
  128. </script>
  129. ";
  130. }
  131.  
  132.  
  133. if (!empty($_SESSION[$CONFIG_name.'account_id'])) {
  134. if ($_SESSION[$CONFIG_name.'account_id'] > 0) {
  135. $userid = htmlformat($_SESSION[$CONFIG_name.'userid']);
  136. opentable($lang['LOGIN_WELCOME']);
  137. echo "
  138. <script type=\"text/javascript\">
  139. login_hide(0);
  140. LINK_ajax('motd.php','main_div');
  141. load_menu();
  142. </script>
  143. <tr><td align=center>
  144. ".$lang['LOGIN_HELLO'].", $userid.<br><br>
  145. <span title=\"Logoff the server and, if any, reset the cookies\" style=\"cursor:pointer\" onMouseOver=\"this.style.color='#FF3300'\" onMouseOut=\"this.style.color='#000000'\" onClick=\"LINK_ajax('login.php?opt=2','login_div');\">Logoff</span>
  146. </td></tr>
  147. ";
  148. closetable();
  149. fim();
  150. }
  151. }
  152.  
  153. if (isset($_SESSION[$CONFIG_name.'sessioncode']))
  154. $session = $_SESSION[$CONFIG_name.'sessioncode'];
  155. $session['login'] = rand(12345, 99999);
  156. $_SESSION[$CONFIG_name.'sessioncode'] = $session;
  157. $var = rand(10, 9999999);
  158.  
  159. opentable("Login");
  160. echo "
  161. <form id=\"login\" onSubmit=\"return POST_ajax('login.php','login_div','login');\">
  162. <table border=\"0\" cellpadding=\"0\" cellspacing=\"0\">
  163. <tr><td align=left>".$lang['USERNAME'].":<br>
  164. <input type=\"text\" name=\"username\" maxlength=\"23\" size=\"23\" onKeyPress=\"return force(this.name,this.form.id,event);\">
  165. </td></tr>
  166. <tr><td align=left>".$lang['PASSWORD'].":<br>
  167. <input type=\"password\" name=\"login_pass\" maxlength=\"23\" size=\"23\" onKeyPress=\"return force(this.name,this.form.id,event);\">
  168. </td></tr>
  169. <input type=\"hidden\" name=\"opt\" value=\"1\">";
  170.  
  171. if ($CONFIG_auth_image && function_exists("gd_info")) {
  172. echo "<tr><td align=left>".$lang['CODE'].":<br>
  173. <input type=\"text\" name=\"code\" maxlength=\"6\" size=\"6\" onKeyPress=\"return force(this.name,this.form.id,event);\">&nbsp;
  174. <img src=\"img.php?img=login&var=$var\" alt=\"".$lang['SECURITY_CODE']."\"></td></tr>";
  175. }
  176.  
  177. echo "
  178. <tr><td align=left><input type=\"checkbox\" name=\"remember_me\" value=\"1\" style=\"border-color:#D0D9E0\" onKeyPress=\"return force(this.name,this.form.id,event);\">
  179. ".$lang['LOGIN_REMEMBER']."
  180. </td></tr><tr><td align=center><input type=\"submit\" value=\"login\">
  181. </td></tr></table></form>";
  182. closetable();
  183.  
  184. fim();
  185. ?>
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!