3err0/sibtracker
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
01f669f2bf
sibtracker/system/modules/sitelogin.php

139 lines
5.1 KiB
PHP
Raw Normal View History

message
2019-05-18 13:46:03 +08:00
<?php
if( ! defined( 'DATALIFEENGINE' ) ) {die( "Hacking attempt!" );}
$_IP = $db->safesql( $_SERVER['REMOTE_ADDR'] );
$dle_login_hash = "";
//Завершение сеанса пользователя
if( isset( $_REQUEST['action'] ) and $_REQUEST['action'] == "logout" ) {
$dle_user_id = "";
$dle_password = "";
set_cookie( "dle_user_id", "", 0 );
set_cookie( "dle_name", "", 0 );
set_cookie( "dle_password", "", 0 );
set_cookie( "dle_skin", "", 0 );
set_cookie( "dle_newpm", "", 0 );
set_cookie( "dle_hash", "", 0 );
set_cookie( session_name(), "", 0 );
setcookie("dle_onl_session","", time() - 3600, "/", $domain);
@session_destroy();
@session_unset();
$is_logged = 0;
header( "Location: ".str_replace("index.php","",$_SERVER['PHP_SELF']) );
die();
}
$is_logged = 0;
$member_id = array ();
if( isset( $_POST['login'] ) AND $_POST['login_name'] AND $_POST['login_password'] AND $_POST['login'] == "submit" ) {
$_POST['login_name'] = $db->safesql( $_POST['login_name'] );
$_POST['login_password'] = @md5( $_POST['login_password'] );
if ( !preg_match( "/[\||\'|\<|\>|\"|\!|\?|\$|\@|\/|\\\|\&\~\*\+]/", $_POST['login_name']) ) {
$member_id = $db->super_query( "SELECT * FROM " . USERPREFIX . "_users where name='{$_POST['login_name']}' and password='" . md5( $_POST['login_password'] ) . "'" );
if( $member_id['user_id'] ) {
set_cookie( "dle_user_id", $member_id['user_id'], 365 );
set_cookie( "dle_password", $_POST['login_password'], 365 );
$_SESSION['dle_user_id'] = $member_id['user_id'];
$_SESSION['dle_password'] = $_POST['login_password'];
$dle_login_hash = md5( $_SERVER['HTTP_HOST'] . $member_id['user_id'] . sha1($_POST['login_password']) . $config['key'] . date( "Ymd" ) );
if( $config['log_hash'] ) {
$salt = "abchefghjkmnpqrstuvwxyz0123456789";
$hash = '';
srand( ( double ) microtime() * 1000000 );
for($i = 0; $i < 9; $i ++) {
$hash .= $salt{rand( 0, 33 )};
}
$hash = md5( $hash );
$db->query( "UPDATE " . USERPREFIX . "_users set hash='" . $hash . "', lastdate='{$_TIME}', logged_ip='" . $_IP . "' WHERE user_id='{$member_id['user_id']}'" );
set_cookie( "dle_hash", $hash, 365 );
$_COOKIE['dle_hash'] = $hash;
$member_id['hash'] = $hash;
} else
$db->query( "UPDATE LOW_PRIORITY " . USERPREFIX . "_users set lastdate='{$_TIME}', logged_ip='" . $_IP . "' WHERE user_id='{$member_id['user_id']}'" );
$is_logged = TRUE;
}
}
} elseif( isset( $_SESSION['dle_user_id'] ) AND intval( $_SESSION['dle_user_id'] ) > 0 AND $_SESSION['dle_password'] ) {
$member_id = $db->super_query( "SELECT * FROM " . USERPREFIX . "_users WHERE user_id='" . intval( $_SESSION['dle_user_id'] ) . "'" );
if( $member_id['user_id'] AND $member_id['password'] AND $member_id['password'] == md5( $_SESSION['dle_password'] ) ) {
$is_logged = TRUE;
$dle_login_hash = md5( $_SERVER['HTTP_HOST'] . $member_id['user_id'] . sha1($_SESSION['dle_password']) . $config['key'] . date( "Ymd" ) );
} else {
$member_id = array ();
$is_logged = false;
}
} elseif( isset( $_COOKIE['dle_user_id'] ) AND intval( $_COOKIE['dle_user_id'] ) > 0 AND $_COOKIE['dle_password']) {
$member_id = $db->super_query( "SELECT * FROM " . USERPREFIX . "_users WHERE user_id='" . intval( $_COOKIE['dle_user_id'] ) . "'" );
if( $member_id['user_id'] AND $member_id['password'] AND $member_id['password'] == md5( $_COOKIE['dle_password'] ) ) {
$is_logged = TRUE;
$dle_login_hash = md5( $_SERVER['HTTP_HOST'] . $member_id['user_id'] . sha1($_COOKIE['dle_password']) . $config['key'] . date( "Ymd" ) );
$_SESSION['dle_user_id'] = $member_id['user_id'];
$_SESSION['dle_password'] = $_COOKIE['dle_password'];
} else {
$member_id = array ();
$is_logged = false;
}
if( $config['log_hash'] and (($_COOKIE['dle_hash'] != $member_id['hash']) or ($member_id['hash'] == "")) ) {
$member_id = array ();
$is_logged = false;
}
}
if( isset( $_POST['login'] ) and ! $is_logged ) {msgbox( $lang['login_err'], $lang['login_err_1'] );}
//Пользователь авторизировался
if( $is_logged ) {
if(!$_TIME) $_TIME = time() + ($config['date_adjust'] * 60);
//Проверка на привязанность к IP
if( ! allowed_ip( $member_id['allowed_ip'] ) ) {
$is_logged = 0;
msgbox( $lang['login_err'], $lang['ip_block_login'] );
}
if( $config['ip_control'] == '2' and ! check_netz( $member_id['logged_ip'], $_IP ) and ! isset( $_POST['login'] ) ) $is_logged = 0;
elseif( $config['ip_control'] == '1' and $user_group[$member_id['user_group']]['allow_admin'] and ! check_netz( $member_id['logged_ip'], $_IP ) and ! isset( $_POST['login'] ) ) $is_logged = 0;
}
//Не авторизированный пользователь
if( ! $is_logged ) {
$member_id = array ();
set_cookie( "dle_user_id", "", 0 );
set_cookie( "dle_password", "", 0 );
set_cookie( "dle_hash", "", 0 );
$_SESSION['dle_user_id'] = 0;
$_SESSION['dle_password'] = "";
//Если не авторизирован, то группа пользователей 5(Гость)
$member_id['user_group'] = 5;
}
?>
Reference in New Issue Copy Permalink