139 lines
5.1 KiB
PHP
139 lines
5.1 KiB
PHP
<?php
|
||
if( ! defined( 'DATALIFEENGINE' ) ) {die( "Hacking attempt!" );}
|
||
|
||
$_IP = $db->safesql( $_SERVER['REMOTE_ADDR'] );
|
||
$dle_login_hash = "";
|
||
|
||
//Завершение сеанса пользователя
|
||
if( isset( $_REQUEST['action'] ) and $_REQUEST['action'] == "logout" ) {
|
||
$dle_user_id = "";
|
||
$dle_password = "";
|
||
set_cookie( "dle_user_id", "", 0 );
|
||
set_cookie( "dle_name", "", 0 );
|
||
set_cookie( "dle_password", "", 0 );
|
||
set_cookie( "dle_skin", "", 0 );
|
||
set_cookie( "dle_newpm", "", 0 );
|
||
set_cookie( "dle_hash", "", 0 );
|
||
set_cookie( session_name(), "", 0 );
|
||
setcookie("dle_onl_session","", time() - 3600, "/", $domain);
|
||
@session_destroy();
|
||
@session_unset();
|
||
$is_logged = 0;
|
||
|
||
header( "Location: ".str_replace("index.php","",$_SERVER['PHP_SELF']) );
|
||
die();
|
||
}
|
||
|
||
$is_logged = 0;
|
||
$member_id = array ();
|
||
|
||
if( isset( $_POST['login'] ) AND $_POST['login_name'] AND $_POST['login_password'] AND $_POST['login'] == "submit" ) {
|
||
$_POST['login_name'] = $db->safesql( $_POST['login_name'] );
|
||
$_POST['login_password'] = @md5( $_POST['login_password'] );
|
||
|
||
if ( !preg_match( "/[\||\'|\<|\>|\"|\!|\?|\$|\@|\/|\\\|\&\~\*\+]/", $_POST['login_name']) ) {
|
||
|
||
$member_id = $db->super_query( "SELECT * FROM " . USERPREFIX . "_users where name='{$_POST['login_name']}' and password='" . md5( $_POST['login_password'] ) . "'" );
|
||
|
||
if( $member_id['user_id'] ) {
|
||
set_cookie( "dle_user_id", $member_id['user_id'], 365 );
|
||
set_cookie( "dle_password", $_POST['login_password'], 365 );
|
||
|
||
$_SESSION['dle_user_id'] = $member_id['user_id'];
|
||
$_SESSION['dle_password'] = $_POST['login_password'];
|
||
|
||
$dle_login_hash = md5( $_SERVER['HTTP_HOST'] . $member_id['user_id'] . sha1($_POST['login_password']) . $config['key'] . date( "Ymd" ) );
|
||
|
||
if( $config['log_hash'] ) {
|
||
|
||
$salt = "abchefghjkmnpqrstuvwxyz0123456789";
|
||
$hash = '';
|
||
srand( ( double ) microtime() * 1000000 );
|
||
|
||
for($i = 0; $i < 9; $i ++) {
|
||
$hash .= $salt{rand( 0, 33 )};
|
||
}
|
||
|
||
$hash = md5( $hash );
|
||
|
||
$db->query( "UPDATE " . USERPREFIX . "_users set hash='" . $hash . "', lastdate='{$_TIME}', logged_ip='" . $_IP . "' WHERE user_id='{$member_id['user_id']}'" );
|
||
|
||
set_cookie( "dle_hash", $hash, 365 );
|
||
|
||
$_COOKIE['dle_hash'] = $hash;
|
||
$member_id['hash'] = $hash;
|
||
|
||
} else
|
||
$db->query( "UPDATE LOW_PRIORITY " . USERPREFIX . "_users set lastdate='{$_TIME}', logged_ip='" . $_IP . "' WHERE user_id='{$member_id['user_id']}'" );
|
||
|
||
$is_logged = TRUE;
|
||
}
|
||
}
|
||
|
||
} elseif( isset( $_SESSION['dle_user_id'] ) AND intval( $_SESSION['dle_user_id'] ) > 0 AND $_SESSION['dle_password'] ) {
|
||
|
||
$member_id = $db->super_query( "SELECT * FROM " . USERPREFIX . "_users WHERE user_id='" . intval( $_SESSION['dle_user_id'] ) . "'" );
|
||
|
||
if( $member_id['user_id'] AND $member_id['password'] AND $member_id['password'] == md5( $_SESSION['dle_password'] ) ) {
|
||
|
||
$is_logged = TRUE;
|
||
$dle_login_hash = md5( $_SERVER['HTTP_HOST'] . $member_id['user_id'] . sha1($_SESSION['dle_password']) . $config['key'] . date( "Ymd" ) );
|
||
|
||
} else {
|
||
|
||
$member_id = array ();
|
||
$is_logged = false;
|
||
}
|
||
|
||
} elseif( isset( $_COOKIE['dle_user_id'] ) AND intval( $_COOKIE['dle_user_id'] ) > 0 AND $_COOKIE['dle_password']) {
|
||
|
||
$member_id = $db->super_query( "SELECT * FROM " . USERPREFIX . "_users WHERE user_id='" . intval( $_COOKIE['dle_user_id'] ) . "'" );
|
||
|
||
if( $member_id['user_id'] AND $member_id['password'] AND $member_id['password'] == md5( $_COOKIE['dle_password'] ) ) {
|
||
|
||
$is_logged = TRUE;
|
||
$dle_login_hash = md5( $_SERVER['HTTP_HOST'] . $member_id['user_id'] . sha1($_COOKIE['dle_password']) . $config['key'] . date( "Ymd" ) );
|
||
|
||
$_SESSION['dle_user_id'] = $member_id['user_id'];
|
||
$_SESSION['dle_password'] = $_COOKIE['dle_password'];
|
||
|
||
} else {
|
||
$member_id = array ();
|
||
$is_logged = false;
|
||
|
||
}
|
||
|
||
if( $config['log_hash'] and (($_COOKIE['dle_hash'] != $member_id['hash']) or ($member_id['hash'] == "")) ) {
|
||
$member_id = array ();
|
||
$is_logged = false;
|
||
}
|
||
}
|
||
|
||
if( isset( $_POST['login'] ) and ! $is_logged ) {msgbox( $lang['login_err'], $lang['login_err_1'] );}
|
||
|
||
//Пользователь авторизировался
|
||
if( $is_logged ) {
|
||
if(!$_TIME) $_TIME = time() + ($config['date_adjust'] * 60);
|
||
//Проверка на привязанность к IP
|
||
if( ! allowed_ip( $member_id['allowed_ip'] ) ) {
|
||
$is_logged = 0;
|
||
msgbox( $lang['login_err'], $lang['ip_block_login'] );
|
||
}
|
||
|
||
if( $config['ip_control'] == '2' and ! check_netz( $member_id['logged_ip'], $_IP ) and ! isset( $_POST['login'] ) ) $is_logged = 0;
|
||
elseif( $config['ip_control'] == '1' and $user_group[$member_id['user_group']]['allow_admin'] and ! check_netz( $member_id['logged_ip'], $_IP ) and ! isset( $_POST['login'] ) ) $is_logged = 0;
|
||
}
|
||
|
||
//Не авторизированный пользователь
|
||
if( ! $is_logged ) {
|
||
$member_id = array ();
|
||
set_cookie( "dle_user_id", "", 0 );
|
||
set_cookie( "dle_password", "", 0 );
|
||
set_cookie( "dle_hash", "", 0 );
|
||
$_SESSION['dle_user_id'] = 0;
|
||
$_SESSION['dle_password'] = "";
|
||
|
||
//Если не авторизирован, то группа пользователей 5(Гость)
|
||
$member_id['user_group'] = 5;
|
||
}
|
||
?>
|