API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Jun 18th, 2017
74
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
PHP 6.41 KB | None | 0 0
raw download clone embed print report
  1. if( isset($HTTP_POST_VARS['login']) || isset($HTTP_GET_VARS['login']) || isset($HTTP_POST_VARS['logout']) || isset($HTTP_GET_VARS['logout']) )
  2. {
  3.     if( ( isset($HTTP_POST_VARS['login']) || isset($HTTP_GET_VARS['login']) ) && (!$userdata['session_logged_in'] || isset($HTTP_POST_VARS['admin'])) )
  4.     {
  5.         $username = isset($HTTP_POST_VARS['username']) ? $HTTP_POST_VARS['username'] : '';
  6.         $password = isset($HTTP_POST_VARS['password']) ? $HTTP_POST_VARS['password'] : '';
  7.  
  8. // Modified for SQL injection
  9.         $sql = "SELECT user_id, username, user_password, user_active, user_level, user_login_tries, user_last_login_try
  10.             FROM " . USERS_TABLE . "
  11.             WHERE username = '" . $username . "'";
  12.         if ( !($result = $db->sql_query($sql)) )
  13.         {
  14.             message_die(GENERAL_ERROR, 'Error in obtaining userdata', '', __LINE__, __FILE__, $sql);
  15.         }
  16.  
  17.         if( $row = $db->sql_fetchrow($result) )
  18.         {
  19.             if( $row['user_level'] != ADMIN && $board_config['board_disable'] )
  20.             {
  21.                 redirect(append_sid("index.$phpEx", true));
  22.             }
  23.             else
  24.             {
  25.                 // If the last login is more than x minutes ago, then reset the login tries/time
  26.                 if ($row['user_last_login_try'] && $board_config['login_reset_time'] && $row['user_last_login_try'] < (time() - ($board_config['login_reset_time'] * 60)))
  27.                 {
  28.                     $db->sql_query('UPDATE ' . USERS_TABLE . ' SET user_login_tries = 0, user_last_login_try = 0 WHERE user_id = ' . $row['user_id']);
  29.                     $row['user_last_login_try'] = $row['user_login_tries'] = 0;
  30.                 }
  31.                
  32.                 // Check to see if user is allowed to login again... if his tries are exceeded
  33.                 if ($row['user_last_login_try'] && $board_config['login_reset_time'] && $board_config['max_login_attempts'] &&
  34.                     $row['user_last_login_try'] >= (time() - ($board_config['login_reset_time'] * 60)) && $row['user_login_tries'] >= $board_config['max_login_attempts'] && $userdata['user_level'] != ADMIN)
  35.                 {
  36.                     message_die(GENERAL_MESSAGE, sprintf($lang['Login_attempts_exceeded'], $board_config['max_login_attempts'], $board_config['login_reset_time']));
  37.                 }
  38.  
  39. // Modified for SQL injection
  40.                 $sql_checkpasswd = "SELECT user_id, username, user_password, user_active, user_level, user_login_tries, user_last_login_try
  41.                         FROM " . USERS_TABLE . "
  42.                         WHERE username = '" . $username . "'" . " AND user_password = '" . md5($password). "'";
  43.                 if ( !($result_checkpasswd = $db->sql_query($sql_checkpasswd)) )
  44.                 {
  45.                         message_die(GENERAL_ERROR, 'Error in obtaining userdata', '', __LINE__, __FILE__, $sql);
  46.                 }
  47.                 $row = $db->sql_fetchrow($result_checkpasswd);
  48.                 if($row && $row['user_active'] )
  49.                 {
  50.                     $autologin = ( isset($HTTP_POST_VARS['autologin']) ) ? TRUE : 0;
  51.  
  52.                     $admin = (isset($HTTP_POST_VARS['admin'])) ? 1 : 0;
  53.                     $session_id = session_begin($row['user_id'], $user_ip, PAGE_INDEX, FALSE, $autologin, $admin);
  54.  
  55.                     // Reset login tries
  56.                     $db->sql_query('UPDATE ' . USERS_TABLE . ' SET user_login_tries = 0, user_last_login_try = 0 WHERE user_id = ' . $row['user_id']);
  57.  
  58.                     if( $session_id )
  59.                     {
  60.                         $url = ( !empty($HTTP_POST_VARS['redirect']) ) ? str_replace('&', '&', htmlspecialchars($HTTP_POST_VARS['redirect'])) : "index.$phpEx";
  61.                         redirect(append_sid($url, true));
  62.                     }
  63.                     else
  64.                     {
  65.                         message_die(CRITICAL_ERROR, "Couldn't start session : login", "", __LINE__, __FILE__);
  66.                     }
  67.                 }
  68.                 // Only store a failed login attempt for an active user - inactive users can't login even with a correct password
  69.                 elseif( $row['user_active'] )
  70.                 {
  71.                     // Save login tries and last login
  72.                     if ($row['user_id'] != ANONYMOUS)
  73.                     {
  74.                         $sql = 'UPDATE ' . USERS_TABLE . '
  75.                             SET user_login_tries = user_login_tries + 1, user_last_login_try = ' . time() . '
  76.                             WHERE user_id = ' . $row['user_id'];
  77.                         $db->sql_query($sql);
  78.                     }
  79.                 }
  80.  
  81.                 $redirect = ( !empty($HTTP_POST_VARS['redirect']) ) ? str_replace('&', '&', htmlspecialchars($HTTP_POST_VARS['redirect'])) : '';
  82.                 $redirect = str_replace('?', '&', $redirect);
  83.  
  84.                 if (strstr(urldecode($redirect), "\n") || strstr(urldecode($redirect), "\r") || strstr(urldecode($redirect), ';url'))
  85.                 {
  86.                     message_die(GENERAL_ERROR, 'Tried to redirect to potentially insecure url.');
  87.                 }
  88.  
  89.                 $template->assign_vars(array(
  90.                     'META' => "<meta http-equiv=\"refresh\" content=\"3;url=login.$phpEx?redirect=$redirect\">")
  91.                 );
  92.  
  93.                 $message = $lang['Error_login'] . '<br /><br />' . sprintf($lang['Click_return_login'], "<a href=\"login.$phpEx?redirect=$redirect\">", '</a>') . '<br /><br />' .  sprintf($lang['Click_return_index'], '<a href="' . append_sid("index.$phpEx") . '">', '</a>');
  94.  
  95.                 message_die(GENERAL_MESSAGE, $message);
  96.             }
  97.         }
  98.         else
  99.         {
  100.             $redirect = ( !empty($HTTP_POST_VARS['redirect']) ) ? str_replace('&', '&', htmlspecialchars($HTTP_POST_VARS['redirect'])) : "";
  101.             $redirect = str_replace("?", "&", $redirect);
  102.  
  103.             if (strstr(urldecode($redirect), "\n") || strstr(urldecode($redirect), "\r") || strstr(urldecode($redirect), ';url'))
  104.             {
  105.                 message_die(GENERAL_ERROR, 'Tried to redirect to potentially insecure url.');
  106.             }
  107.  
  108.             $template->assign_vars(array(
  109.                 'META' => "<meta http-equiv=\"refresh\" content=\"3;url=login.$phpEx?redirect=$redirect\">")
  110.             );
  111.  
  112.             $message = $lang['Error_login'] . '<br /><br />' . sprintf($lang['Click_return_login'], "<a href=\"login.$phpEx?redirect=$redirect\">", '</a>') . '<br /><br />' .  sprintf($lang['Click_return_index'], '<a href="' . append_sid("index.$phpEx") . '">', '</a>');
  113.  
  114.             message_die(GENERAL_MESSAGE, $message);
  115.         }
  116.     }
  117.     else if( ( isset($HTTP_GET_VARS['logout']) || isset($HTTP_POST_VARS['logout']) ) && $userdata['session_logged_in'] )
  118.     {
  119.         // session id check
  120.         if ($sid == '' || $sid != $userdata['session_id'])
  121.         {
  122.             message_die(GENERAL_ERROR, 'Invalid_session');
  123.         }
  124.  
  125.         if( $userdata['session_logged_in'] )
  126.         {
  127.             session_end($userdata['session_id'], $userdata['user_id']);
  128.         }
  129.  
  130.         if (!empty($HTTP_POST_VARS['redirect']) || !empty($HTTP_GET_VARS['redirect']))
  131.         {
  132.             $url = (!empty($HTTP_POST_VARS['redirect'])) ? htmlspecialchars($HTTP_POST_VARS['redirect']) : htmlspecialchars($HTTP_GET_VARS['redirect']);
  133.             $url = str_replace('&', '&', $url);
  134.             redirect(append_sid($url, true));
  135.         }
  136.         else
  137.         {
  138.             redirect(append_sid("index.$phpEx", true));
  139.         }
  140.     }
  141.     else
  142.     {
  143.         $url = ( !empty($HTTP_POST_VARS['redirect']) ) ? str_replace('&', '&', htmlspecialchars($HTTP_POST_VARS['redirect'])) : "index.$phpEx";
  144.         redirect(append_sid($url, true));
  145.     }
  146. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!