192 lines
6.2 KiB
PHP
192 lines
6.2 KiB
PHP
<?php
|
|
if( ! defined( 'DATALIFEENGINE' ) ) {die( "Hacking attempt!" );}
|
|
|
|
|
|
require_once (SYSTEM_DIR . '/data/config.php');
|
|
require_once (SYSTEM_DIR . '/classes/mysql.php');
|
|
require_once (SYSTEM_DIR . '/data/dbconfig.php');
|
|
require_once (SYSTEM_DIR . '/inc/include/functions.inc.php');
|
|
|
|
if( $config['http_home_url'] == "" ) {
|
|
$config['http_home_url'] = explode( $config['admin_path'], $_SERVER['PHP_SELF'] );
|
|
$config['http_home_url'] = reset( $config['http_home_url'] );
|
|
$config['http_home_url'] = "http://" . $_SERVER['HTTP_HOST'] . $config['http_home_url'];
|
|
$auto_detect_config = true;
|
|
}
|
|
|
|
$selected_language = $config['langs'];
|
|
if (isset( $_POST['selected_language'] )) {
|
|
$_POST['selected_language'] = totranslit( $_POST['selected_language'], false, false );
|
|
if (@is_dir ( ROOT_DIR . '/language/' .$_POST['selected_language'] )) {
|
|
$selected_language = $_POST['selected_language'];
|
|
set_cookie ("selected_language", $selected_language, 365);
|
|
}
|
|
} elseif (isset( $_COOKIE['selected_language'] )) {
|
|
$_COOKIE['selected_language'] = totranslit( $_COOKIE['selected_language'], false, false );
|
|
if (@is_dir ( ROOT_DIR . '/language/' . $_COOKIE['selected_language'] )) {
|
|
$selected_language = $_COOKIE['selected_language'];
|
|
}
|
|
}
|
|
|
|
require_once (ROOT_DIR . '/language/' . $selected_language . '/adminpanel.lng');
|
|
$config['charset'] = ($lang['charset'] != '') ? $lang['charset'] : $config['charset'];
|
|
check_xss();
|
|
|
|
$Timer = new microTimer( );
|
|
$Timer->start();
|
|
$is_loged_in = FALSE;
|
|
$member_id = array ();
|
|
$result = "";
|
|
$username = "";
|
|
$cmd5_password = "";
|
|
$allow_login = false;
|
|
$PHP_SELF = $_SERVER['PHP_SELF'];
|
|
$_IP = $db->safesql( $_SERVER['REMOTE_ADDR'] );
|
|
$_TIME = time() + ($config['date_adjust'] * 60);
|
|
require_once (SYSTEM_DIR . '/skins/default.skin.php');
|
|
|
|
if( isset( $_POST['action'] ) ) $action = $_POST['action']; else $action = $_GET['action'];
|
|
if( isset( $_POST['mod'] ) ) $mod = $_POST['mod']; else $mod = $_GET['mod'];
|
|
$mod = totranslit ( $mod, true, false ); $action = totranslit ( $action, false, false );
|
|
|
|
$user_group = $cache->get( "usergroup" );
|
|
if( ! $user_group ) {
|
|
$user_group = array ();
|
|
$db->query( "SELECT * FROM " . USERPREFIX . "_usergroups ORDER BY id ASC" );
|
|
while ( $row = $db->get_row() ) {
|
|
$user_group[$row['id']] = array ();
|
|
foreach ( $row as $key => $value ) {
|
|
$user_group[$row['id']][$key] = $value;
|
|
}
|
|
}
|
|
$cache->set( "usergroup", $user_group );
|
|
$db->free();
|
|
}
|
|
|
|
$cat_info = $cache->get( "category" );
|
|
if( ! is_array( $cat_info ) ) {
|
|
$cat_info = array ();
|
|
|
|
$db->query( "SELECT * FROM " . PREFIX . "_category ORDER BY posi ASC" );
|
|
while ( $row = $db->get_row() ) {
|
|
|
|
$cat_info[$row['id']] = array ();
|
|
|
|
foreach ( $row as $key => $value ) {
|
|
$cat_info[$row['id']][$key] = stripslashes( $value );
|
|
}
|
|
|
|
}
|
|
$cache->set( "category", $cat_info );
|
|
$db->free();
|
|
}
|
|
|
|
if( count( $cat_info ) ) {
|
|
foreach ( $cat_info as $key ) {
|
|
$cat[$key['id']] = $key['name'];
|
|
$cat_parentid[$key['id']] = $key['parentid'];
|
|
}
|
|
}
|
|
|
|
if( $_REQUEST['action'] == "logout" ) {
|
|
set_cookie( "dle_user_id", "", 0 );
|
|
set_cookie( "dle_name", "", 0 );
|
|
set_cookie( "dle_password", "", 0 );
|
|
set_cookie( "dle_skin", "", 0 );
|
|
set_cookie( "dle_newpm", "", 0 );
|
|
set_cookie( "dle_hash", "", 0 );
|
|
set_cookie( session_name(), "", 0 );
|
|
|
|
@session_unset();
|
|
@session_destroy();
|
|
|
|
msg( "info", $lang['index_msge'], $lang['index_exit'] );
|
|
}
|
|
|
|
if( $check_referer ) {
|
|
if( $_SERVER['HTTP_REFERER'] == '' and $_REQUEST['subaction'] != 'dologin' ) $allow_login = true;
|
|
elseif( clean_url( $_SERVER['HTTP_REFERER'] ) == clean_url( $_SERVER['HTTP_HOST'] ) ) $allow_login = true;
|
|
} else {
|
|
$allow_login = true;
|
|
}
|
|
|
|
if( $allow_login ) {
|
|
|
|
if( intval($_SESSION['dle_user_id']) > 0 AND $_SESSION['dle_password'] ) {
|
|
$username = $_SESSION['dle_user_id'];
|
|
$cmd5_password = $_SESSION['dle_password'];
|
|
$post = false;
|
|
} elseif(intval($_COOKIE['dle_user_id']) > 0 AND $_COOKIE['dle_password']) {
|
|
$username = $_COOKIE['dle_user_id'];
|
|
$cmd5_password = $_COOKIE['dle_password'];
|
|
$post = false;
|
|
}
|
|
if( $_REQUEST['subaction'] == 'dologin' ) {
|
|
$username = $_POST['username'];
|
|
$cmd5_password = md5( $_POST['password'] );
|
|
$post = true;
|
|
}
|
|
|
|
}
|
|
|
|
if( check_login( $username, $cmd5_password, $post ) ) {
|
|
$is_loged_in = true;
|
|
$_SESSION['dle_log'] = 0;
|
|
$dle_login_hash = md5($_SERVER['HTTP_HOST'] . $member_id['user_id'] . sha1($cmd5_password) . $config['key'] . date("Ymd"));
|
|
|
|
if( ! $_SESSION['dle_user_id'] and $_COOKIE['dle_user_id'] ) {
|
|
$_SESSION['dle_user_id'] = $_COOKIE['dle_user_id'];
|
|
$_SESSION['dle_password'] = $_COOKIE['dle_password'];
|
|
}
|
|
} else {
|
|
$dle_login_hash = "";
|
|
if( $_REQUEST['subaction'] == 'dologin' ) {
|
|
$result = "<font color=red>" . $lang['index_errpass'] . "</font>";
|
|
} else
|
|
$result = "";
|
|
$is_loged_in = false;
|
|
}
|
|
|
|
if( $is_loged_in and $_REQUEST['subaction'] == 'dologin' ) {
|
|
|
|
$_SESSION['dle_user_id'] = $member_id['user_id'];
|
|
$_SESSION['dle_password'] = $cmd5_password;
|
|
|
|
set_cookie( "dle_user_id", $member_id['user_id'], 365 );
|
|
set_cookie( "dle_password", $cmd5_password, 365 );
|
|
|
|
$time_now = time() + ($config['date_adjust'] * 60);
|
|
|
|
if( $config['log_hash'] ) {
|
|
$salt = "abchefghjkmnpqrstuvwxyz0123456789";
|
|
$hash = '';
|
|
srand( ( double ) microtime() * 1000000 );
|
|
for($i = 0; $i < 9; $i ++) {
|
|
$hash .= $salt{rand( 0, 33 )};
|
|
}
|
|
$hash = md5( $hash );
|
|
set_cookie( "dle_hash", $hash, 365 );
|
|
$_COOKIE['dle_hash'] = $hash;
|
|
$member_id['hash'] = $hash;
|
|
$db->query( "UPDATE " . USERPREFIX . "_users set hash='" . $hash . "', lastdate='{$time_now}', logged_ip='" . $_IP . "' WHERE user_id='{$member_id['user_id']}'" );
|
|
} else
|
|
$db->query( "UPDATE " . USERPREFIX . "_users set lastdate='{$time_now}', logged_ip='" . $_IP . "' WHERE user_id='{$member_id['user_id']}'" );
|
|
}
|
|
|
|
if( $is_loged_in and $config['log_hash'] and (($_COOKIE['dle_hash'] != $member_id['hash']) or ($member_id['hash'] == "")) ) {
|
|
$is_loged_in = FALSE;
|
|
}
|
|
|
|
if( $is_loged_in and $config['ip_control'] == '1' and ! check_netz( $member_id['logged_ip'], $_IP ) and $_REQUEST['subaction'] != 'dologin' ) $is_loged_in = FALSE;
|
|
if( ! $is_loged_in ) {
|
|
$member_id = array();
|
|
set_cookie( "dle_user_id","",0 );
|
|
set_cookie( "dle_name","",0 );
|
|
set_cookie( "dle_password","",0 );
|
|
set_cookie( "dle_hash","",0 );
|
|
$_SESSION['dle_user_id'] = 0;
|
|
$_SESSION['dle_password'] = "";
|
|
}
|
|
|
|
if ( $is_loged_in ) define( 'LOGGED_IN', $is_loged_in );
|
|
?>
|