API tools faq
paste
Guest User

Untitled

a guest
Dec 10th, 2016
39
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 3.05 KB | None | 0 0
raw download clone embed print report
  1. <?php
  2. /*===============================================================
  3. | UberCMS - Content Management System
  4. | ###############################################################
  5. | Heavily edited UberCMS - All rights reserved 'iRetroCMS'
  6. | Copyright (c) 2010 - 2014, Meth0d 'http://www.meth0d.org'
  7. \==============================================================*/
  8. require_once "global.php";
  9.  
  10. define("FP", true);
  11.  
  12. if (LOGGED_IN)
  13. {
  14. header("Location: " . WWW . "/me");
  15. exit;
  16. }
  17.  
  18. $tpl->Init();
  19.  
  20. $tpl->SetParam('page_title', 'Your favorite place to be! :)');
  21. $tpl->SetParam('credentials_username', '');
  22. $tpl->WriteIncludeFiles();
  23. $tpl->AddGeneric('head-bottom-fp');
  24.  
  25.  
  26. $frontpage = new Template('page-newindex');
  27. $frontpage->SetParam('login_result', '');
  28. $frontpage->SetParam('headerClass', '');
  29.  
  30. if (isset($_POST['credentials_username']) && isset($_POST['credentials_password']))
  31. {
  32. $frontpage->SetParam('credentials_username', $_POST['credentials_username']);
  33.  
  34. $credUser = filter($_POST['credentials_username']);
  35. $credPassword = $_POST['credentials_password'];
  36.  
  37. $errors = array();
  38.  
  39. if (strlen($_POST['credentials_username']) < 1 || strlen($_POST['credentials_password']) < 1)
  40. {
  41. $errors[] = "Please enter your details";
  42. }
  43.  
  44. if (count($errors) == 0)
  45. {
  46. if ($users->ValidateUser($credUser, $core->uberHash($credPassword))) {
  47. if(mysql_result(mysql_query("SELECT newcrypto FROM users WHERE username = '" . $credUser . "'"), 0) == "0") {
  48. mysql_query("UPDATE users SET password = '" . $users->UserHash($credPassword, $credUser) . "' WHERE username = '" . $credUser . "'");
  49. mysql_query("UPDATE users SET newcrypto = '1' WHERE username = '" . $credUser . "'");
  50. }
  51. }
  52.  
  53. $credPass = $users->UserHash($credPassword, $credUser);
  54.  
  55. if ($users->ValidateUser($credUser, $credPass))
  56. {
  57. if (isset($_POST['page']))
  58. {
  59. $reqPage = filter($_POST['page']);
  60. $pos = strrpos($reqPage, WWW);
  61.  
  62. if ($pos === false || $pos != 0)
  63. {
  64. die("<b>Security warning!</b> A malicious request was detected that tried redirecting you to an external site. Please proceed with caution, this may have been an attempt to steal your login details. <a href='" . WWW . "'>Return to site</a>");
  65. }
  66. else
  67. {
  68. $_SESSION['page-redirect'] = $reqPage;
  69. }
  70. }
  71.  
  72.  
  73. $_SESSION['UBER_USER_N'] = $users->GetUserVar($users->Name2id($credUser), 'username');
  74. $_SESSION['UBER_USER_H'] = $credPass;
  75.  
  76. if (isset($_POST['_login_remember_me']))
  77. {
  78. $_SESSION['set_cookies'] = true;
  79. }
  80.  
  81. header("Location: " . WWW . "/me");
  82. exit;
  83. }
  84. else
  85. {
  86. $errors[] = "Incorrect password";
  87. }
  88. }
  89.  
  90. if (count($errors) > 0)
  91. {
  92.  
  93. $loginResult = '<div class="errorBox" style="margin-top:10px;">';
  94.  
  95. foreach ($errors as $err)
  96. {
  97. $loginResult .=' ' . $err . ' ';
  98. }
  99.  
  100. $loginResult .= '</div>';
  101. $frontpage->SetParam('headerClass', 'class="login-error"');
  102. $frontpage->SetParam('login_result', $loginResult);
  103. }
  104. }
  105.  
  106. $tpl->AddTemplate($frontpage);
  107. $tpl->Output();
  108. ?>
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!