| [ Index ] |
|
Code source de e107 0.7.8 |
1 <?php 2 /* 3 + ----------------------------------------------------------------------------+ 4 | e107 website system 5 | 6 | ©Steve Dunstan 2001-2002 7 | http://e107.org 8 | jalist@e107.org 9 | 10 | Released under the terms and conditions of the 11 | GNU General Public License (http://gnu.org). 12 | 13 | $Source: /cvsroot/e107/e107_0.7/e107_admin/auth.php,v $ 14 | $Revision: 1.14 $ 15 | $Date: 2006/11/25 05:34:28 $ 16 | $Author: e107coders $ 17 +----------------------------------------------------------------------------+ 18 */ 19 20 if (!defined('e107_INIT')) { exit; } 21 22 @include_once(e_LANGUAGEDIR.e_LANGUAGE."/admin/lan_admin.php"); 23 @include_once(e_LANGUAGEDIR."English/admin/lan_admin.php"); 24 if (ADMIN) 25 { 26 define("ADMIN_PAGE", true); 27 require_once(e_ADMIN."header.php"); 28 } 29 else 30 { 31 $use_imagecode = ($pref['logcode'] && extension_loaded("gd")); 32 if ($use_imagecode) 33 { 34 require_once(e_HANDLER."secure_img_handler.php"); 35 $sec_img = new secure_image; 36 } 37 38 if ($_POST['authsubmit']) 39 { 40 $obj = new auth; 41 42 if($use_imagecode) 43 { 44 if (!$sec_img->verify_code($_POST['rand_num'], $_POST['code_verify'])) 45 { 46 echo "<script type='text/javascript'>document.location.href='../index.php'</script>\n"; 47 header("location: ../index.php"); 48 exit; 49 } 50 } 51 52 $row = $authresult = $obj->authcheck($_POST['authname'], $_POST['authpass']); 53 if ($row[0] == "authfail") { 54 echo "<script type='text/javascript'>document.location.href='../index.php'</script>\n"; 55 header("location: ../index.php"); 56 exit; 57 } else { 58 59 $userpass = md5($_POST['authpass']); 60 $cookieval = $row['user_id'].".".md5($userpass); 61 62 $sql->db_Select("user", "*", "user_name='".$tp -> toDB($_POST['authname'])."'"); 63 list($user_id, $user_name, $userpass) = $sql->db_Fetch(); 64 if ($pref['user_tracking'] == "session") { 65 $_SESSION[$pref['cookie_name']] = $cookieval; 66 } else { 67 cookie($pref['cookie_name'], $cookieval, (time()+3600 * 24 * 30)); 68 } 69 echo "<script type='text/javascript'>document.location.href='admin.php'</script>\n"; 70 } 71 } 72 73 $e_sub_cat = 'logout'; 74 require_once(e_ADMIN."header.php"); 75 76 if (ADMIN == FALSE) { 77 $obj = new auth; 78 $obj->authform(); 79 require_once(e_ADMIN."footer.php"); 80 exit; 81 } 82 } 83 84 //------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------// 85 class auth 86 { 87 88 function authform() 89 { 90 /* 91 # Admin auth login 92 # 93 # - parameters none 94 # - return null 95 # - scope public 96 */ 97 98 global $use_imagecode, $sec_img; 99 100 $text = "<div style='text-align:center'> 101 <form method='post' action='".e_SELF."'>\n 102 <table style='width:50%' class='fborder'> 103 <tr> 104 <td style='width:35%' class='forumheader3'>".ADLAN_89."</td> 105 <td class='forumheader3' style='text-align:center'><input class='tbox' type='text' name='authname' size='30' value='$authname' maxlength='20' />\n</td> 106 </tr> 107 <tr> 108 <td style='width:35%' class='forumheader3'>".ADLAN_90."</td> 109 <td class='forumheader3' style='text-align:center'><input class='tbox' type='password' name='authpass' size='30' value='' maxlength='20' />\n</td> 110 </tr> 111 "; 112 113 if ($use_imagecode) { 114 $text .= " 115 <tr> 116 <td style='width:35%' class='forumheader3'>".ADLAN_152."</td> 117 <td style='text-align:center'> 118 <input type='hidden' name='rand_num' value='".$sec_img->random_number."'>". 119 $sec_img->r_image(). 120 "<br /><input class='tbox' type='text' name='code_verify' size='15' maxlength='20' /></td> 121 </tr> 122 "; 123 } 124 125 $text .= " 126 <tr> 127 <td colspan='2' style='text-align:center' class='forumheader'> 128 129 <input class='button' type='submit' name='authsubmit' value='".ADLAN_91."' /> 130 </td> 131 </tr> 132 </table> 133 </form> 134 </div>"; 135 136 $au = new e107table; 137 $au->tablerender(ADLAN_92, $text); 138 } 139 140 function authcheck($authname, $authpass) 141 { 142 /* 143 # Admin auth check 144 # - parameter #1: string $authname, entered name 145 # - parameter #2: string $authpass, entered pass 146 # - return boolean if fail, else result array 147 # - scope public 148 */ 149 global $tp; 150 $sql_auth = new db; 151 $authname = $tp -> toDB(preg_replace("/\sOR\s|\=|\#/", "", $authname)); 152 if ($sql_auth->db_Select("user", "*", "user_loginname='$authname' AND user_admin='1' ")) 153 { 154 $row = $sql_auth->db_Fetch(); 155 } 156 else 157 { 158 if ($sql_auth->db_Select("user", "*", "user_name='$authname' AND user_admin='1' ")) 159 { 160 $row = $sql_auth->db_Fetch(); 161 } 162 } 163 if($row['user_id']) 164 { 165 if($row['user_password'] == md5($authpass)) 166 { 167 return $row; 168 } 169 } 170 return array("authfail"); 171 } 172 } 173 174 //------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------// 175 ?>
titre
Description
Corps
titre
Description
Corps
titre
Description
Corps
titre
Corps
| Généré le : Sun Apr 1 01:23:32 2007 | par Balluche grâce à PHPXref 0.7 |