Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- if( isset($HTTP_POST_VARS['login']) || isset($HTTP_GET_VARS['login']) || isset($HTTP_POST_VARS['logout']) || isset($HTTP_GET_VARS['logout']) )
- {
- if( ( isset($HTTP_POST_VARS['login']) || isset($HTTP_GET_VARS['login']) ) && (!$userdata['session_logged_in'] || isset($HTTP_POST_VARS['admin'])) )
- {
- $username = isset($HTTP_POST_VARS['username']) ? $HTTP_POST_VARS['username'] : '';
- $password = isset($HTTP_POST_VARS['password']) ? $HTTP_POST_VARS['password'] : '';
- // Modified for SQL injection
- $sql = "SELECT user_id, username, user_password, user_active, user_level, user_login_tries, user_last_login_try
- FROM " . USERS_TABLE . "
- WHERE username = '" . $username . "'";
- if ( !($result = $db->sql_query($sql)) )
- {
- message_die(GENERAL_ERROR, 'Error in obtaining userdata', '', __LINE__, __FILE__, $sql);
- }
- if( $row = $db->sql_fetchrow($result) )
- {
- if( $row['user_level'] != ADMIN && $board_config['board_disable'] )
- {
- redirect(append_sid("index.$phpEx", true));
- }
- else
- {
- // If the last login is more than x minutes ago, then reset the login tries/time
- if ($row['user_last_login_try'] && $board_config['login_reset_time'] && $row['user_last_login_try'] < (time() - ($board_config['login_reset_time'] * 60)))
- {
- $db->sql_query('UPDATE ' . USERS_TABLE . ' SET user_login_tries = 0, user_last_login_try = 0 WHERE user_id = ' . $row['user_id']);
- $row['user_last_login_try'] = $row['user_login_tries'] = 0;
- }
- // Check to see if user is allowed to login again... if his tries are exceeded
- if ($row['user_last_login_try'] && $board_config['login_reset_time'] && $board_config['max_login_attempts'] &&
- $row['user_last_login_try'] >= (time() - ($board_config['login_reset_time'] * 60)) && $row['user_login_tries'] >= $board_config['max_login_attempts'] && $userdata['user_level'] != ADMIN)
- {
- message_die(GENERAL_MESSAGE, sprintf($lang['Login_attempts_exceeded'], $board_config['max_login_attempts'], $board_config['login_reset_time']));
- }
- // Modified for SQL injection
- $sql_checkpasswd = "SELECT user_id, username, user_password, user_active, user_level, user_login_tries, user_last_login_try
- FROM " . USERS_TABLE . "
- WHERE username = '" . $username . "'" . " AND user_password = '" . md5($password). "'";
- if ( !($result_checkpasswd = $db->sql_query($sql_checkpasswd)) )
- {
- message_die(GENERAL_ERROR, 'Error in obtaining userdata', '', __LINE__, __FILE__, $sql);
- }
- $row = $db->sql_fetchrow($result_checkpasswd);
- if($row && $row['user_active'] )
- {
- $autologin = ( isset($HTTP_POST_VARS['autologin']) ) ? TRUE : 0;
- $admin = (isset($HTTP_POST_VARS['admin'])) ? 1 : 0;
- $session_id = session_begin($row['user_id'], $user_ip, PAGE_INDEX, FALSE, $autologin, $admin);
- // Reset login tries
- $db->sql_query('UPDATE ' . USERS_TABLE . ' SET user_login_tries = 0, user_last_login_try = 0 WHERE user_id = ' . $row['user_id']);
- if( $session_id )
- {
- $url = ( !empty($HTTP_POST_VARS['redirect']) ) ? str_replace('&', '&', htmlspecialchars($HTTP_POST_VARS['redirect'])) : "index.$phpEx";
- redirect(append_sid($url, true));
- }
- else
- {
- message_die(CRITICAL_ERROR, "Couldn't start session : login", "", __LINE__, __FILE__);
- }
- }
- // Only store a failed login attempt for an active user - inactive users can't login even with a correct password
- elseif( $row['user_active'] )
- {
- // Save login tries and last login
- if ($row['user_id'] != ANONYMOUS)
- {
- $sql = 'UPDATE ' . USERS_TABLE . '
- SET user_login_tries = user_login_tries + 1, user_last_login_try = ' . time() . '
- WHERE user_id = ' . $row['user_id'];
- $db->sql_query($sql);
- }
- }
- $redirect = ( !empty($HTTP_POST_VARS['redirect']) ) ? str_replace('&', '&', htmlspecialchars($HTTP_POST_VARS['redirect'])) : '';
- $redirect = str_replace('?', '&', $redirect);
- if (strstr(urldecode($redirect), "\n") || strstr(urldecode($redirect), "\r") || strstr(urldecode($redirect), ';url'))
- {
- message_die(GENERAL_ERROR, 'Tried to redirect to potentially insecure url.');
- }
- $template->assign_vars(array(
- 'META' => "<meta http-equiv=\"refresh\" content=\"3;url=login.$phpEx?redirect=$redirect\">")
- );
- $message = $lang['Error_login'] . '<br /><br />' . sprintf($lang['Click_return_login'], "<a href=\"login.$phpEx?redirect=$redirect\">", '</a>') . '<br /><br />' . sprintf($lang['Click_return_index'], '<a href="' . append_sid("index.$phpEx") . '">', '</a>');
- message_die(GENERAL_MESSAGE, $message);
- }
- }
- else
- {
- $redirect = ( !empty($HTTP_POST_VARS['redirect']) ) ? str_replace('&', '&', htmlspecialchars($HTTP_POST_VARS['redirect'])) : "";
- $redirect = str_replace("?", "&", $redirect);
- if (strstr(urldecode($redirect), "\n") || strstr(urldecode($redirect), "\r") || strstr(urldecode($redirect), ';url'))
- {
- message_die(GENERAL_ERROR, 'Tried to redirect to potentially insecure url.');
- }
- $template->assign_vars(array(
- 'META' => "<meta http-equiv=\"refresh\" content=\"3;url=login.$phpEx?redirect=$redirect\">")
- );
- $message = $lang['Error_login'] . '<br /><br />' . sprintf($lang['Click_return_login'], "<a href=\"login.$phpEx?redirect=$redirect\">", '</a>') . '<br /><br />' . sprintf($lang['Click_return_index'], '<a href="' . append_sid("index.$phpEx") . '">', '</a>');
- message_die(GENERAL_MESSAGE, $message);
- }
- }
- else if( ( isset($HTTP_GET_VARS['logout']) || isset($HTTP_POST_VARS['logout']) ) && $userdata['session_logged_in'] )
- {
- // session id check
- if ($sid == '' || $sid != $userdata['session_id'])
- {
- message_die(GENERAL_ERROR, 'Invalid_session');
- }
- if( $userdata['session_logged_in'] )
- {
- session_end($userdata['session_id'], $userdata['user_id']);
- }
- if (!empty($HTTP_POST_VARS['redirect']) || !empty($HTTP_GET_VARS['redirect']))
- {
- $url = (!empty($HTTP_POST_VARS['redirect'])) ? htmlspecialchars($HTTP_POST_VARS['redirect']) : htmlspecialchars($HTTP_GET_VARS['redirect']);
- $url = str_replace('&', '&', $url);
- redirect(append_sid($url, true));
- }
- else
- {
- redirect(append_sid("index.$phpEx", true));
- }
- }
- else
- {
- $url = ( !empty($HTTP_POST_VARS['redirect']) ) ? str_replace('&', '&', htmlspecialchars($HTTP_POST_VARS['redirect'])) : "index.$phpEx";
- redirect(append_sid($url, true));
- }
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement