Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- if(!global_include()) { die(); }
- class Page_Login
- {
- protected static $error;
- public static function Build()
- {
- // Handle Login Counter
- if(!is_numeric(Session::get('LOGIN_EXPIRY_COUNT')))
- {
- Session::set('LOGIN_EXPIRY_COUNT',0);
- }
- if(!isset($_POST['_cmd'])) { $_POST['_cmd'] = "x"; }
- // Handle Login
- if($_POST['_cmd'] == 'login') {
- return self::doLogin();
- }
- elseif($_GET['act'] == 'logout') {
- return self::doLogout();
- }
- else {
- return self::loginForm();
- }
- }
- protected static function registerError($error)
- {
- self::$error = $error;
- return self::loginForm();
- }
- protected static function handleRedirect($url)
- {
- echo Style::head(Config::$config['server']['name'].' - Redirecting...');
- echo Style::subhead('Redirecting...');
- Main::redirect($url,0);
- echo Style::endsubhead();
- echo Style::endhead();
- return;
- }
- protected static function loginForm()
- {
- if(Session::get('loggedin')) {
- return self::handleRedirect(Main::getRootHTTP()."/player/?id=1");
- }
- echo Style::head(Config::$config['server']['name'].' - Authentication Required');
- echo Style::subhead('Authentication Required');
- if(!empty(self::$error)) {
- echo '<div class="error">'.self::$error.'</div>';
- }
- // Jesper was here
- if(!isset($_POST['_redirect'])) { $_POST['_redirect'] = ""; }
- if(!isset($_GET['referrer'])) { $_GET['referrer'] = ""; }
- if(!isset($_POST['username'])) { $_POST['username'] = ""; }
- echo '
- <form name="login" id="login" method="POST" action="../main/?act=login">
- <input type="hidden" name="_cmd" value="login" />
- <input type="hidden" name="_redirect" value="'.$_POST['_redirect'].'" />
- <input type="hidden" name="referrer" value="'.htmlentities($_GET['referrer']).'" />
- <table border="0" width="100%">
- <tr>
- <td width="30%">Account:</td>
- <td width="70%"><input type="text" name="username" style="width:99%" value="'.htmlentities($_POST['username']).'" class="tbox" /></td>
- <tr>
- <tr>
- <td>Password:</td>
- <td><input type="password" name="password" style="width:99%" value="" class="tbox" /></td>
- </tr>
- <tr>
- <td colspan="2"><input type="submit" value="Log In!" style="width:99%" class="button" /></td>
- </tr>
- </table>
- </form>
- <div align="right">
- <sub><a href="../main/?act=password" id="forgot_password_link">Forgot Password?</a> | <a href="../main/?act=register">Register</a></sub>
- </div>
- ';
- echo Style::endsubhead();
- echo Style::endhead();
- }
- protected static function doLogin()
- {
- // Process Brute-Force Prevention
- if(Session::get('LOGIN_EXPIRY_COUNT') > 5)
- {
- if((time() - Session::get('LOGIN_EXPIRY_TIMES')) > 600)
- {
- Session::set('LOGIN_EXPIRY_COUNT',0);
- Session::set('LOGIN_EXPIRY_TIMES',time());
- }
- return self::registerError("You have used all 5 login attempts. You may try again in 10 minutes.");
- }
- // Process Login
- MySQL::Open('L');
- $username = mysql_real_escape_string($_POST['username']);
- $password = mysql_real_escape_string($_POST['password']);
- //$encryptedpassword = sha1(strtoupper($username).":".strtoupper($password));
- $encryptedpassword = $password;
- // ^ Fuck off, go less-security! - Jesper
- // Check Variables
- if(empty($username) || empty($password))
- {
- return self::registerError("You must fill out all fields.");
- }
- // Check IP Locks
- if(!empty($iplock_add[strtoupper($username)]))
- {
- if($iplock_add[strtoupper($username)] != $_SERVER['REMOTE_ADDR'])
- {
- Log::Write('48',$username." is IP Locked!");
- return self::registerError("This account has restricted access.");
- }
- }
- // Check Account Information
- //$q = mysql_query("SELECT * FROM `accounts` WHERE `login` = '".$username."' AND (`password` = '".$password."' OR `encrypted_password` = '".$encryptedpassword."') LIMIT 1;") or die(mysql_error());
- $q = mysql_query("SELECT * FROM `accounts` WHERE `login` = '".$username."' AND `password` = '".$encryptedpassword."' LIMIT 1;") or die(mysql_error());
- // Error: Account not exist, Password wrong, Username wrong
- if(mysql_num_rows($q) != 1) {
- Session::set('LOGIN_EXPIRY_COUNT',(Session::get('LOGIN_EXPIRY_COUNT') + 1));
- Session::set('LOGIN_EXPIRY_TIMES',time());
- return self::registerError("You entered an incorrect username and/or password.");
- }
- $data = mysql_fetch_array($q,MYSQL_ASSOC);
- // Error: Account is banned
- if($data['banned'] == 1) {
- return self::registerError("The account "".htmlentities(ucfirst($username))."" is banned.");
- }
- // Check User Data Information
- $q2 = mysql_query("SELECT * FROM `e_userdata` WHERE `guid` = '".mysql_real_escape_string($data['acct'])."' LIMIT 1;");
- if(mysql_num_rows($q2) == 0)
- {
- // Create Missing Record
- mysql_query("INSERT INTO `e_userdata` (`guid`) VALUES ('".mysql_real_escape_string($data['acct'])."');") or die(mysql_error());
- $q2 = mysql_query("SELECT * FROM `e_userdata` WHERE `guid` = '".mysql_real_escape_string($data['acct'])."' LIMIT 1;");
- }
- $data2 = mysql_fetch_array($q2,MYSQL_ASSOC);
- // Clean Variables
- if(empty($data2['donor_points'])) { $data2['donor_points'] = 0; }
- if(empty($data2['voter_points'])) { $data2['voter_points'] = 0; }
- // Handle Account Forced Permissions
- $i = 1;
- foreach(Config::$config['realms'] as $id => $vars)
- {
- MySQL::Open('C',$id);
- $q3 = mysql_query("SELECT * FROM `account_forced_permissions` WHERE `login` LIKE '".mysql_real_escape_string(Session::get('login'))."';") or die(mysql_error());
- if(mysql_num_rows($q3) > 0)
- {
- $rowassoc = mysql_fetch_array($q3,MYSQL_ASSOC);
- Session::set('gm_flags_realm_'.$id,$rowassoc['permissions']);
- }
- else
- {
- Session::set('gm_flags_realm_'.$id,$data['gm']);
- }
- $i++;
- }
- // Set Session Variables
- Session::set('donor_points',$data2['donor_points']);
- Session::set('voter_points',$data2['voter_points']);
- Session::set('doncp_id',$data2['id']);
- Session::set('lastvote',$data2['vote_lasttime']);
- Session::set('votes',$data2['vote_total']);
- Session::set('purchased_titles',$data2['purchased_titles']);
- Session::set('flink_userid',$data2['flink_userid']);
- Session::set('flink_usernm',$data2['flink_usernm']);
- Session::set('secret_question',$data2['secret_question']);
- Session::set('secret_answer',$data2['secret_answer']);
- Session::set('acct',$data['acct']);
- Session::set('flags',$data['flags']);
- Session::set('email',$data['email']);
- Session::set('login',$data['login']);
- Session::set('password',$data['password']);
- //Session::set('encrypted_password',$data['encrypted_password']);
- Session::set('gm_flags_global',$data['gm']);
- Session::set('banned',$data['banned']);
- Session::set('lastlogin',$data['lastlogin']);
- Session::set('lastip',$data['lastip']);
- Session::set('muted',$data['muted']);
- Session::set('loggedin',true);
- Session::set('LOGIN_EXPIRY_COUNT',0);
- Session::UpdatePrivelages();
- // Log Administrator Logins
- if($data['gm'] == 'az') {
- Log::Write('46',$data['login']);
- }
- // Write Session Lock
- $handle = fopen('../data/cache/locks/lock_'.$data['acct'].'.php', 'w');
- fwrite($handle, "<?php \$account_lock = '".$_SERVER['REMOTE_ADDR']."'; ?>");
- // Redirect
- if(!empty($_POST['_redirect']))
- {
- return self::handleRedirect($_POST['_redirect']);
- }
- return self::handleRedirect("../player/?id=1");
- }
- protected static function doLogout()
- {
- if(!Session::get('loggedin')) {
- return self::loginForm();
- }
- if(Session::get('admin')) {
- Log::Write('47',Session::get('login'));
- }
- Session::Reset();
- return self::handleRedirect("../main/?act=login");
- }
- }
- Page_Login::Build();
- ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
