[ Index ]
 

Code source de PHP NUKE 7.9
Accédez au Source d'autres logiciels libresSoutenez Angelica Josefina !

title

Body

[fermer]

/modules/Forums/ -> login.php (source)

[Sommaire] [Imprimer] 

   1  <?php
   2  /***************************************************************************

   3   *                                login.php

   4   *                            -------------------

   5   *   begin                : Saturday, Feb 13, 2001

   6   *   copyright            : (C) 2001 The phpBB Group

   7   *   email                : support@phpbb.com

   8   *

   9   *   Id: login.php,v 1.47.2.18 2005/05/06 20:50:10 acydburn Exp

  10   *

  11   *

  12   ***************************************************************************/
  13  
  14  /***************************************************************************

  15   *

  16   *   This program is free software; you can redistribute it and/or modify

  17   *   it under the terms of the GNU General Public License as published by

  18   *   the Free Software Foundation; either version 2 of the License, or

  19   *   (at your option) any later version.

  20   *

  21   ***************************************************************************/
  22  if ( !defined('MODULE_FILE') )
  23  {
  24      die("You can't access this file directly...");
  25  }
  26  $module_name = basename(dirname(__FILE__));
  27  require("modules/".$module_name."/nukebb.php");
  28  
  29  //

  30  // Allow people to reach login page if

  31  // board is shut down

  32  //

  33  define("IN_LOGIN", true);
  34  
  35  define('IN_PHPBB', true);
  36  include ($phpbb_root_path . 'extension.inc');
  37  include($phpbb_root_path . 'common.'.$phpEx);
  38  
  39  //

  40  // Set page ID for session management

  41  //

  42  $userdata = session_pagestart($user_ip, PAGE_LOGIN, $nukeuser);
  43  init_userprefs($userdata);
  44  //

  45  // End session management

  46  //

  47  
  48  // session id check

  49  if (!empty($HTTP_POST_VARS['sid']) || !empty($HTTP_GET_VARS['sid']))
  50  {
  51      $sid = (!empty($HTTP_POST_VARS['sid'])) ? $HTTP_POST_VARS['sid'] : $HTTP_GET_VARS['sid'];
  52  }
  53  else
  54  {
  55      $sid = '';
  56  }
  57  
  58  if( isset($HTTP_POST_VARS['login']) || isset($HTTP_GET_VARS['login']) || isset($HTTP_POST_VARS['logout']) || isset($HTTP_GET_VARS['logout']) )
  59  {
  60      if( ( isset($HTTP_POST_VARS['login']) || isset($HTTP_GET_VARS['login']) ) && (!$userdata['session_logged_in'] || isset($HTTP_POST_VARS['admin'])) )
  61      {
  62          $username = isset($HTTP_POST_VARS['username']) ? phpbb_clean_username($HTTP_POST_VARS['username']) : '';
  63          $password = isset($HTTP_POST_VARS['password']) ? $HTTP_POST_VARS['password'] : '';
  64  
  65          $sql = "SELECT user_id, username, user_password, user_active, user_level
  66              FROM " . USERS_TABLE . "
  67              WHERE username = '" . str_replace("\\'", "''", $username) . "'";
  68          if ( !($result = $db->sql_query($sql)) )
  69          {
  70              message_die(GENERAL_ERROR, 'Error in obtaining userdata', '', __LINE__, __FILE__, $sql);
  71          }
  72  
  73          if( $row = $db->sql_fetchrow($result) )
  74          {
  75              if( $row['user_level'] != ADMIN && $board_config['board_disable'] )
  76              {
  77                                  header($header_location . append_sid("index.$phpEx", true));
  78                                  exit;
  79              }
  80              else
  81              {
  82                  if( md5($password) == $row['user_password'] && $row['user_active'] )
  83                  {
  84                      $autologin = ( isset($HTTP_POST_VARS['autologin']) ) ? TRUE : 0;
  85  
  86                      $admin = (isset($HTTP_POST_VARS['admin'])) ? 1 : 0;
  87                      $session_id = session_begin($row['user_id'], $user_ip, PAGE_INDEX, FALSE, $autologin, $admin);
  88  
  89                      if( $session_id )
  90                      {
  91                          $url = ( !empty($HTTP_POST_VARS['redirect']) ) ? str_replace('&amp;', '&', htmlspecialchars($HTTP_POST_VARS['redirect'])) : "index.$phpEx";
  92                          redirect(append_sid($url, true));
  93                      }
  94                      else
  95                      {
  96                          message_die(CRITICAL_ERROR, "Couldn't start session : login", "", __LINE__, __FILE__);
  97                      }
  98                  }
  99                  else
 100                  {
 101                      $redirect = ( !empty($HTTP_POST_VARS['redirect']) ) ? str_replace('&amp;', '&', htmlspecialchars($HTTP_POST_VARS['redirect'])) : '';
 102                      $redirect = str_replace('?', '&', $redirect);
 103  
 104                      if (strstr(urldecode($redirect), "\n") || strstr(urldecode($redirect), "\r"))
 105                      {
 106                          message_die(GENERAL_ERROR, 'Tried to redirect to potentially insecure url.');
 107                      }
 108  
 109                      $template->assign_vars(array(
 110                          'META' => '<meta http-equiv=\"refresh\" content=\"3;url=' . append_sid("login.$phpEx?redirect=$redirect") . '\">')
 111                      );
 112  
 113                      $message = $lang['Error_login'] . '<br /><br />' . sprintf($lang['Click_return_login'], '<a href=\"' . append_sid("login.$phpEx?redirect=$redirect") . '\">', '</a>') . '<br /><br />' .  sprintf($lang['Click_return_index'], '<a href="' . append_sid("index.$phpEx") . '">', '</a>');
 114  
 115                      message_die(GENERAL_MESSAGE, $message);
 116                  }
 117              }
 118          }
 119          else
 120          {
 121              $redirect = ( !empty($HTTP_POST_VARS['redirect']) ) ? str_replace('&amp;', '&', htmlspecialchars($HTTP_POST_VARS['redirect'])) : "";
 122              $redirect = str_replace("?", "&", $redirect);
 123  
 124              if (strstr(urldecode($redirect), "\n") || strstr(urldecode($redirect), "\r"))
 125              {
 126                  message_die(GENERAL_ERROR, 'Tried to redirect to potentially insecure url.');
 127              }
 128  
 129              $template->assign_vars(array(
 130                  'META' => '<meta http-equiv=\"refresh\" content=\"3;url=' . append_sid("login.$phpEx?redirect=$redirect") . '\">')
 131              );
 132  
 133                          $message = $lang['Error_login'] . '<br /><br />' . sprintf($lang['Click_return_login'], '<a href=\"' . append_sid("login.$phpEx?redirect=$redirect") . '\">', '</a>') . '<br /><br />' .  sprintf($lang['Click_return_index'], '<a href="' . append_sid("index.$phpEx") . '">', '</a>');
 134  
 135              message_die(GENERAL_MESSAGE, $message);
 136          }
 137      }
 138      else if( ( isset($HTTP_GET_VARS['logout']) || isset($HTTP_POST_VARS['logout']) ) && $userdata['session_logged_in'] )
 139      {
 140          if( $userdata['session_logged_in'] )
 141          {
 142              session_end($userdata['session_id'], $userdata['user_id']);
 143          }
 144  
 145          if (!empty($HTTP_POST_VARS['redirect']) || !empty($HTTP_GET_VARS['redirect']))
 146          {
 147              $url = (!empty($HTTP_POST_VARS['redirect'])) ? htmlspecialchars($HTTP_POST_VARS['redirect']) : htmlspecialchars($HTTP_GET_VARS['redirect']);
 148              $url = str_replace('&amp;', '&', $url);
 149              redirect(append_sid($url, true));
 150          }
 151          else
 152          {
 153              redirect(append_sid("index.$phpEx", true));
 154          }
 155      }
 156      else
 157      {
 158          $url = ( !empty($HTTP_POST_VARS['redirect']) ) ? str_replace('&amp;', '&', htmlspecialchars($HTTP_POST_VARS['redirect'])) : "index.$phpEx";
 159          redirect(append_sid($url, true));
 160      }
 161  }
 162  else
 163  {
 164      //

 165      // Do a full login page dohickey if

 166      // user not already logged in

 167      //

 168      if( !$userdata['session_logged_in'] || (isset($HTTP_GET_VARS['admin']) && $userdata['session_logged_in'] && $userdata['user_level'] == ADMIN))
 169      {
 170          $page_title = $lang['Login'];
 171                  include ("includes/page_header.php");
 172  
 173          $template->set_filenames(array(
 174              'body' => 'login_body.tpl')
 175          );
 176  
 177          if( isset($HTTP_POST_VARS['redirect']) || isset($HTTP_GET_VARS['redirect']) )
 178          {
 179              $forward_to = $HTTP_SERVER_VARS['QUERY_STRING'];
 180  
 181              if( preg_match("/^redirect=([a-z0-9\.#\/\?&=\+\-_]+)/si", $forward_to, $forward_matches) )
 182              {
 183                  $forward_to = ( !empty($forward_matches[3]) ) ? $forward_matches[3] : $forward_matches[1];
 184                  $forward_match = explode('&', $forward_to);
 185  
 186                  if(count($forward_match) > 1)
 187                  {
 188                      $forward_page = '';
 189  
 190                      for($i = 1; $i < count($forward_match); $i++)
 191                      {
 192                          if( !ereg("sid=", $forward_match[$i]) )
 193                          {
 194                              if( $forward_page != '' )
 195                              {
 196                                  $forward_page .= '&';
 197                              }
 198                              $forward_page .= $forward_match[$i];
 199                          }
 200                      }
 201                      $forward_page = $forward_match[0] . '?' . $forward_page;
 202                  }
 203                  else
 204                  {
 205                      $forward_page = $forward_match[0];
 206                  }
 207              }
 208          }
 209          else
 210          {
 211              $forward_page = '';
 212          }
 213  
 214                  Header("Location: modules.php?name=Your_Account&redirect=$forward_page");
 215          $username = ( $userdata['user_id'] != ANONYMOUS ) ? $userdata['username'] : '';
 216  
 217          $s_hidden_fields = '<input type="hidden" name="redirect" value="' . $forward_page . '" />';
 218  
 219          $s_hidden_fields .= (isset($HTTP_GET_VARS['admin'])) ? '<input type="hidden" name="admin" value="1" />' : '';
 220  
 221          make_jumpbox('viewforum.'.$phpEx, $forum_id);
 222          $template->assign_vars(array(
 223              'USERNAME' => $username,
 224  
 225              'L_ENTER_PASSWORD' => (isset($HTTP_GET_VARS['admin'])) ? $lang['Admin_reauthenticate'] : $lang['Enter_password'],
 226              'L_SEND_PASSWORD' => $lang['Forgotten_password'],
 227  
 228              'U_SEND_PASSWORD' => append_sid("profile.$phpEx?mode=sendpassword"),
 229  
 230              'S_HIDDEN_FIELDS' => $s_hidden_fields)
 231          );
 232  
 233          $template->pparse('body');
 234  
 235                  include ("includes/page_tail.php");
 236      }
 237      else
 238      {
 239                  header($header_location . append_sid("index.$phpEx", true));
 240                  exit;
 241      }
 242  
 243  }
 244  
 245  ?>

Corps

Corps

Corps

Corps


Généré le : Sun Apr 1 11:11:59 2007 par Balluche grâce à PHPXref 0.7