<?phpinclude("lib/config.php");session_start();//$password = false;i

1. <?php
2.  
3. include("lib/config.php");
4. session_start();
5.  
6. //$password = false;
7. if (!empty($_SERVER["HTTP_CF_CONNECTING_IP"])) {
8. $ip = $_SERVER["HTTP_CF_CONNECTING_IP"];
9. } elseif (!empty($_SERVER['HTTP_CLIENT_IP'])) {
10. $ip = $_SERVER['HTTP_CLIENT_IP'];
11. } elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) {
12. $ip = $_SERVER['HTTP_X_FORWARDED_FOR'];
13. } else {
14. $ip = $_SERVER['REMOTE_ADDR'];
15. }
16.  
17. if ($_SERVER["REQUEST_METHOD"] == "POST") {
18.  
19.  
20.  
21. // username and password sent from form
22.  
23. $myusername = mysqli_real_escape_string($db, $_POST['username']);
24. $mypassword = mysqli_real_escape_string($db, $_POST['password']);
25.  
26.  
27. if ($result = $db->query("SELECT passcode FROM admin WHERE username = '$myusername'")) {
28. while ($row = $result->fetch_assoc()) {
29. $password = $row['passcode'];
30. }
31.  
32. $result->close();
33. }
34.  
35. if (isset($password)) {
36. $parts = explode('$', $password);
37. $hash = "{SHA512-CRYPT}" . crypt($mypassword, sprintf('$%s$%s$%s$', $parts[1], $parts[2], $parts[3]));
38. } else {
39. $password = false;
40. $hash = false;
41. }
42.  
43. if ($password != false && $hash != false && $password === $hash) {
44.  
45.  
46. session_regenerate_id();
47. $_SESSION['login_user'] = $myusername;
48. $db->query("UPDATE `admin` SET `session`='" . session_id() . "',`ip`='$ip' WHERE `username`='$myusername'");
49.  
50. header("location: index.php");
51. } else {
52.  
53.  
54. $unixtime = time();
55. $db->query("UPDATE `admin` SET `faillogin`=faillogin+1, `failip`='$ip',`failtime`='$unixtime' WHERE `username`='$myusername'");
56. $error = "Your Login Name or Password is invalid";
57.  
58. error_log(date('d.m.Y H:i:s',$unixtime). " || Wrong login credentials => Username: ".$myusername." - IP: ".$ip."\n", 3, "/var/www/log/admin_wrongpassword.log");
59. }
60.  
61. // Dieser Abschnitt ist zum generieren eines neuen Passworts gedacht, solltest Du einen Benutzer registrieren!
62. // $salt = substr(sha1(rand()), 0, 16);
63. // $hashedPassword = "{SHA512-CRYPT}" . crypt($mypassword, '$6$' . $salt . '$');
64. //
65. }
66. ?>
67. <html>
68.  
69.  
70. <head>
71. <?php include('header.php'); ?>
72. </head>
73.  
74. <body>
75. <div class="container">
76.  
77.  
78. <div class="row">
79.  
80. <div class="col-xs-offset-2 col-xs-8 col-sm-6 col-sm-offset-3 col-md-4 col-md-offset-4 ">
81. <h1 class="text-center"><kbd>CSGORUBY SCRIPT RECODE</kbd></h1>
82.  
83. <div class="panel panel-warning text-center">
84. <div class="panel-heading">Login</div>
85. <div class="panel-body">
86. <form method="post">
87. <div class="form-group">
88. <label class="sr-only" for="exampleInputEmail3">Email address</label>
89. <input type="text" class="form-control" name="username" placeholder="Username">
90. </div>
91. <div class="form-group">
92. <label class="sr-only" for="exampleInputPassword3">Password</label>
93. <input type="password" class="form-control" name="password" placeholder="Password">
94. </div>
95. <button type="submit" class="btn btn-primary">Sign in</button>
96. </form>
97. <div class="text-right">
98. IP: <?php echo $ip; ?>
99. </div>
100. <div class="text-danger"><?php if(isset($error)) { echo $error; } ?></div>
101. </div>
102. </div>
103.  
104. </div>
105. </div>
106. </div>
107.  
108. </body>
109. </html>