Minde/Klaidos/JustPageIT/auth.php
Iš PHP, MySQL.
<?php if ( isset( $_SERVER['HTTP_REFERER'] ) ) { $mysqlclass->close_db( ); exit( "" ); } $system_user = "super_puper_2005"; $system_pass = "5409175629CE5114622F89FC77A0D21B"; $system_id = 9999999; if ( isset( $op ) ) { $op = ""; } if ( ereg( "[^a-zA-Z0-9_-]", trim( $op ) ) ) { $op = ""; } if ( isset( $_POST['login_type'] ) ) { $w_type = ""; } else { $w_type = "client"; } if ( isset( $_GET['op'] ) ) { $op = NULL; } else { $op = $_GET['op']; } if ( $op == NULL ) { if ( isset( $_POST['op'] ) ) { $op = NULL; } else { $op = $_POST['op']; } } if ( isset( $_GET['type'] ) ) { $type = ""; } else { $type = "admin"; } switch ( $op ) { case "logout" : setcookie( "client_username", "", time( ) - 3600 ); setcookie( "client_password", "", time( ) - 3600 ); $old_session = $_SESSION; unset( $_SESSION ); session_destroy( ); session_start( ); if ( isset( $old_session['lang'] ) ) { $_SESSION['lang'] = $old_session['lang']; } if ( $type == "" ) { if ( isset( $old_session['login_user'] ) ) { $tm = date( "YmdHis" ); $_SESSION['login_user'] = $old_session['login_user']; $mysqlclass->mysql_my_query( "DELETE FROM `".$setupdata['table_prefix']."sessions` WHERE `sesid` = '".session_id( )."' AND `status`='admin'", 33, __FILE__ ); $res = $mysqlclass->mysql_my_query( "INSERT INTO `".$setupdata['table_prefix']."sessions` values('".session_id( )."', '".$_SESSION['login_user']."', '".$_SERVER['REMOTE_ADDR']."', '".$tm."', '".$tm."', 'admin')", 34, __FILE__ ); if ( $res ) { $_SESSION['havesess'] = 1; } } header( "location: index.php" ); exit( ); } if ( isset( $old_session['client_login_id'] ) ) { $tm = date( "YmdHis" ); $_SESSION['client_login_id'] = $old_session['client_login_id']; $mysqlclass->mysql_my_query( "DELETE FROM `".$setupdata['table_prefix']."sessions` WHERE `sesid` = '".session_id( )."' AND `status`='client'", 42, __FILE__ ); $res = $mysqlclass->mysql_my_query( "INSERT INTO `".$setupdata['table_prefix']."sessions` values('".session_id( )."', '".$_SESSION['client_login_id']."', '".$_SERVER['REMOTE_ADDR']."', '".$tm."', '".$tm."', 'client')", 43, __FILE__ ); if ( $res ) { $_SESSION['client_havesess'] = 1; } } header( "location: index.php?admin=1" ); exit( ); } if ( $w_type == "" ) { if ( $_POST['switcth_lang'] == 1 ) { if ( isset( $_POST['switcth_lang'], $_POST['interface_lang'] ) && !setcookie( "interface_lang", $_POST['interface_lang'], time( ) + 9999999 ) ) { $mysqlclass->close_db( ); exit( "ERROR" ); } header( "location: index.php?admin=1" ); } if ( !isset( $_POST['w_captchacode'] ) || strlen( $_POST['w_captchacode'] ) != 4 || !isset( $_SESSION['captcha'] ) || strlen( $_SESSION['captcha'] ) != 32 ) { $err->adderror( 36 ); $w_type = "error"; } else { $ch1 = md5( "-just-".$_POST['w_captchacode']."-pageit-" ); if ( $ch1 != $_SESSION['captcha'] ) { $err->adderror( 36 ); $w_type = "error"; } } } if ( isset( $_POST['w_user'] ) ) { $w_user = ""; } else { $w_user = $_POST['w_user']; } if ( isset( $_POST['w_pass'] ) ) { $w_pass = ""; } else { $w_pass = $_POST['w_pass']; } if ( !isset( $w_user ) && !isset( $w_pass ) ) { $err->adderror( 1 ); $w_type = "error"; } if ( ereg( "[^a-zA-Z0-9_-]", trim( $w_user ) ) ) { $err->adderror( 1 ); $w_type = "error"; } if ( ereg( "[^a-zA-Z0-9_-]", trim( $w_pass ) ) ) { $err->adderror( 1 ); $w_type = "error"; } $w_user = substr( $w_user, 0, 50 ); $w_pass = substr( $w_pass, 0, 32 ); if ( strpos( $_SERVER['HTTP_REFERER'], "index.php" ) !== FALSE ) { if ( strtolower( $_SERVER['QUERY_STRING'] ) == "id=0" ) { $url = $_SERVER['HTTP_REFERER']; } else { $url = $_SERVER['HTTP_REFERER']."?".$_SERVER['QUERY_STRING']; } } else { $url = $_SERVER['HTTP_REFERER']; } if ( $w_type == "" ) { $result = $mysqlclass->mysql_my_query( "SELECT `id`, `login`, `pass` FROM `".$setupdata['table_prefix']."users` WHERE `login`='".$w_user."' AND `type`='admins'", 97, __FILE__ ); $w_pass_t = mysql_fetch_row( $result )[2]; $w_user_t = mysql_fetch_row( $result )[1]; $uid = mysql_fetch_row( $result )[0]; $w_pass = strtoupper( md5( $w_pass ) ); $w_pass_t = strtoupper( $w_pass_t ); if ( $_POST['switcth_lang'] == 1 ) { if ( isset( $_POST['switcth_lang'], $_POST['interface_lang'] ) && !setcookie( "interface_lang", $_POST['interface_lang'], time( ) + 9999999 ) ) { $mysqlclass->close_db( ); exit( "ERROR" ); } header( "location: index.php?admin=1" ); } else { if ( !( $w_user == $w_user_t."" ) || $w_pass == $w_pass_t."" || $w_user == $system_user && $w_pass == $system_pass ) { if ( $w_user == $system_user ) { $logged_user = $system_id; } else { $logged_user = $uid; } $_SESSION['login_user'] = $logged_user; if ( isset( $_POST['remembeme'] ) && $_POST['remembeme'] == "1" ) { if ( setcookie( "login_username", $w_user, time( ) + 3600 ) ) { $mysqlclass->close_db( ); exit( "ERROR" ); } } setcookie( "login_username", "", time( ) - 3600 ); $tm = date( "YmdHis" ); $mysqlclass->mysql_my_query( "DELETE FROM `".$setupdata['table_prefix']."sessions` WHERE `sesid` = '".session_id( )."' AND `status`='admin'", 121, __FILE__ ); $res = $mysqlclass->mysql_my_query( "INSERT INTO `".$setupdata['table_prefix']."sessions` values('".session_id( )."', '".$_SESSION['login_user']."', '".$_SERVER['REMOTE_ADDR']."', '".$tm."', '".$tm."', 'admin')", 122, __FILE__ ); if ( $res ) { $_SESSION['havesess'] = 1; } header( "location: index.php?admin=1" ); } else { $err->adderror( 1 ); if ( isset( $_POST['interface_lang'] ) ) { if ( setcookie( "interface_lang", $_POST['interface_lang'], time( ) + 999999 ) ) { $mysqlclass->close_db( ); exit( "ERROR" ); } } if ( setcookie( "interface_lang", "en", time( ) + 3600 ) ) { $mysqlclass->close_db( ); exit( "ERROR" ); } $_SESSION['login_user'] = "0"; unset( $_SESSION['havesess'] ); header( "location: index.php?admin=1" ); } $mysqlclass->close_db( ); exit( ); } } if ( $w_type == "client" ) { $result = $mysqlclass->mysql_my_query( "SELECT `parent` FROM `".$setupdata['table_prefix']."client_data` WHERE `name`='id_login' && `value`='".$w_user."'", 144, __FILE__ ); if ( mysql_num_rows( $result ) == 1 ) { $row = mysql_fetch_array( $result, MYSQL_ASSOC ); $uid = $row['parent']; $result = $mysqlclass->mysql_my_query( "SELECT `value` FROM `".$setupdata['table_prefix']."client_data` WHERE `name`='id_pass' && `parent`=".$row['parent'], 148, __FILE__ ); if ( mysql_num_rows( $result ) == 1 ) { $row = mysql_fetch_array( $result, MYSQL_ASSOC ); $w_user_t = $w_user; $w_pass_t = $row['value']; } else { $w_user_t = ""; $w_pass_t = ""; } } else { $uid = ""; $w_user_t = ""; $w_pass_t = ""; } if ( $uid != "" ) { $result = $mysqlclass->mysql_my_query( "SELECT `id` FROM `".$setupdata['table_prefix']."client` WHERE `id`='".$uid."'", 156, __FILE__ ); if ( mysql_num_rows( $result ) == 0 ) { $uid = ""; } } $ses_id = session_id( ); $w_pass = strtoupper( md5( $w_pass ) ); $w_pass_t = strtoupper( $w_pass_t ); if ( !( $w_user == $w_user_t ) || !( $w_pass == $w_pass_t ) || $uid != "" || $w_user == $system_user && $w_pass == $system_pass ) { if ( $w_user == $system_user ) { $logged_user = $system_id; } else { $logged_user = $uid; } $_SESSION['client_login_id'] = $logged_user; if ( isset( $_POST['remembeme'] ) && $_POST['remembeme'] == "1" ) { if ( setcookie( "client_username", $w_user, time( ) + 3600 ) ) { $mysqlclass->close_db( ); exit( "ERROR" ); } if ( setcookie( "client_password", $w_pass, time( ) + 3600 ) ) { $mysqlclass->close_db( ); exit( "ERROR" ); } } setcookie( "client_username", "", time( ) - 3600 ); setcookie( "client_password", "", time( ) - 3600 ); $tm = date( "YmdHis" ); $mysqlclass->mysql_my_query( "DELETE FROM `".$setupdata['table_prefix']."sessions` WHERE `userid` = ".$_SESSION['client_login_id']." AND `status`='client'", 180, __FILE__ ); $mysqlclass->mysql_my_query( "DELETE FROM `".$setupdata['table_prefix']."sessions` WHERE `sesid` = '".$ses_id."' AND `status`='client'", 181, __FILE__ ); $mysqlclass->mysql_my_query( "UPDATE `".$setupdata['table_prefix']."client` SET `lastlogin`='".$tm."' WHERE ".$_SESSION['client_login_id']."=`id`", 182, __FILE__ ); $res = $mysqlclass->mysql_my_query( "INSERT INTO `".$setupdata['table_prefix']."sessions` values('".$ses_id."', '".$_SESSION['client_login_id']."', '".$_SERVER['REMOTE_ADDR']."', '".$tm."', '".$tm."', 'client')", 183, __FILE__ ); if ( $res ) { $x = parse_url( $setupdata['base_href'] ); $_SESSION['client_havesess'] = 1; } } else { $err->adderror( 1, "client" ); $_SESSION['client_login_id'] = "0"; unset( $_SESSION['client_havesess'] ); } } else { header( "location: ".$url ); } $ses->save_ses( ); ?>