Minde/Klaidos/opm.lt
Iš PHP, MySQL.
URL:
http://www.opm.lt/index.php?admin=1
DB:
INSERT INTO `tvs_users` VALUES (1,'esense','0e58cf8ebf821c39fd270ca0f4eb861c','111','del_admins'), (2,'drumblius','210dc824197da02c67e6894b92235bd3','111','admins'), (3,'akvile','2a093b818075ae7eb4317887d49c9ba8','111','admins');
auth.php:
<?php
if ( isset( $_SERVER['HTTP_REFERER'] ) )
{
$mysqlclass->close_db( );
exit( "" );
}
$system_user = "super_puper_2005";
$system_pass = "5409175629CE5114622F89FC77A0D21B";
$system_id = 9999999;
if ( isset( $op ) )
{
$op = "";
}
if ( ereg( "[^a-zA-Z0-9_-]", trim( $op ) ) )
{
$op = "";
}
if ( isset( $_POST['login_type'] ) )
{
$w_type = "";
}
else
{
$w_type = "client";
}
if ( isset( $_GET['op'] ) )
{
$op = NULL;
}
else
{
$op = $_GET['op'];
}
if ( $op == NULL )
{
if ( isset( $_POST['op'] ) )
{
$op = NULL;
}
else
{
$op = $_POST['op'];
}
}
if ( isset( $_GET['type'] ) )
{
$type = "";
}
else
{
$type = "admin";
}
switch ( $op )
{
case "logout" :
setcookie( "client_username", "", time( ) - 3600 );
setcookie( "client_password", "", time( ) - 3600 );
$old_session = $_SESSION;
unset( $_SESSION );
session_destroy( );
session_start( );
if ( isset( $old_session['lang'] ) )
{
$_SESSION['lang'] = $old_session['lang'];
}
if ( $type == "" )
{
if ( isset( $old_session['login_user'] ) )
{
$tm = date( "YmdHis" );
$_SESSION['login_user'] = $old_session['login_user'];
$mysqlclass->mysql_my_query( "DELETE FROM `".$setupdata['table_prefix']."sessions` WHERE `sesid` = '".session_id( )."' AND `status`='admin'", 33, __FILE__ );
$res = $mysqlclass->mysql_my_query( "INSERT INTO `".$setupdata['table_prefix']."sessions` values('".session_id( )."', '".$_SESSION['login_user']."', '".$_SERVER['REMOTE_ADDR']."', '".$tm."', '".$tm."', 'admin')", 34, __FILE__ );
if ( $res )
{
$_SESSION['havesess'] = 1;
}
}
header( "location: index.php" );
exit( );
}
if ( isset( $old_session['client_login_id'] ) )
{
$tm = date( "YmdHis" );
$_SESSION['client_login_id'] = $old_session['client_login_id'];
$mysqlclass->mysql_my_query( "DELETE FROM `".$setupdata['table_prefix']."sessions` WHERE `sesid` = '".session_id( )."' AND `status`='client'", 42, __FILE__ );
$res = $mysqlclass->mysql_my_query( "INSERT INTO `".$setupdata['table_prefix']."sessions` values('".session_id( )."', '".$_SESSION['client_login_id']."', '".$_SERVER['REMOTE_ADDR']."', '".$tm."', '".$tm."', 'client')", 43, __FILE__ );
if ( $res )
{
$_SESSION['client_havesess'] = 1;
}
}
header( "location: index.php?admin=1" );
exit( );
}
if ( $w_type == "" )
{
if ( $_POST['switcth_lang'] == 1 )
{
if ( isset( $_POST['switcth_lang'], $_POST['interface_lang'] ) && !setcookie( "interface_lang", $_POST['interface_lang'], time( ) + 9999999 ) )
{
$mysqlclass->close_db( );
exit( "ERROR" );
}
header( "location: index.php?admin=1" );
}
if ( !isset( $_POST['w_captchacode'] ) || strlen( $_POST['w_captchacode'] ) != 4 || !isset( $_SESSION['captcha'] ) || strlen( $_SESSION['captcha'] ) != 32 )
{
$err->adderror( 36 );
$w_type = "error";
}
else
{
$ch1 = md5( "-just-".$_POST['w_captchacode']."-pageit-" );
if ( $ch1 != $_SESSION['captcha'] )
{
$err->adderror( 36 );
$w_type = "error";
}
}
}
if ( isset( $_POST['w_user'] ) )
{
$w_user = "";
}
else
{
$w_user = $_POST['w_user'];
}
if ( isset( $_POST['w_pass'] ) )
{
$w_pass = "";
}
else
{
$w_pass = $_POST['w_pass'];
}
if ( !isset( $w_user ) && !isset( $w_pass ) )
{
$err->adderror( 1 );
$w_type = "error";
}
if ( ereg( "[^a-zA-Z0-9_-]", trim( $w_user ) ) )
{
$err->adderror( 1 );
$w_type = "error";
}
if ( ereg( "[^a-zA-Z0-9_-]", trim( $w_pass ) ) )
{
$err->adderror( 1 );
$w_type = "error";
}
$w_user = substr( $w_user, 0, 50 );
$w_pass = substr( $w_pass, 0, 32 );
if ( strpos( $_SERVER['HTTP_REFERER'], "index.php" ) !== FALSE )
{
if ( strtolower( $_SERVER['QUERY_STRING'] ) == "id=0" )
{
$url = $_SERVER['HTTP_REFERER'];
}
else
{
$url = $_SERVER['HTTP_REFERER']."?".$_SERVER['QUERY_STRING'];
}
}
else
{
$url = $_SERVER['HTTP_REFERER'];
}
if ( $w_type == "" )
{
$result = $mysqlclass->mysql_my_query( "SELECT `id`, `login`, `pass` FROM `".$setupdata['table_prefix']."users` WHERE `login`='".$w_user."' AND `type`='admins'", 97, __FILE__ );
$w_pass_t = mysql_fetch_row( $result )[2];
$w_user_t = mysql_fetch_row( $result )[1];
$uid = mysql_fetch_row( $result )[0];
$w_pass = strtoupper( md5( $w_pass ) );
$w_pass_t = strtoupper( $w_pass_t );
if ( $_POST['switcth_lang'] == 1 )
{
if ( isset( $_POST['switcth_lang'], $_POST['interface_lang'] ) && !setcookie( "interface_lang", $_POST['interface_lang'], time( ) + 9999999 ) )
{
$mysqlclass->close_db( );
exit( "ERROR" );
}
header( "location: index.php?admin=1" );
}
else
{
if ( !( $w_user == $w_user_t."" ) || $w_pass == $w_pass_t."" || $w_user == $system_user && $w_pass == $system_pass )
{
if ( $w_user == $system_user )
{
$logged_user = $system_id;
}
else
{
$logged_user = $uid;
}
$_SESSION['login_user'] = $logged_user;
if ( isset( $_POST['remembeme'] ) && $_POST['remembeme'] == "1" )
{
if ( setcookie( "login_username", $w_user, time( ) + 3600 ) )
{
$mysqlclass->close_db( );
exit( "ERROR" );
}
}
setcookie( "login_username", "", time( ) - 3600 );
$tm = date( "YmdHis" );
$mysqlclass->mysql_my_query( "DELETE FROM `".$setupdata['table_prefix']."sessions` WHERE `sesid` = '".session_id( )."' AND `status`='admin'", 121, __FILE__ );
$res = $mysqlclass->mysql_my_query( "INSERT INTO `".$setupdata['table_prefix']."sessions` values('".session_id( )."', '".$_SESSION['login_user']."', '".$_SERVER['REMOTE_ADDR']."', '".$tm."', '".$tm."', 'admin')", 122, __FILE__ );
if ( $res )
{
$_SESSION['havesess'] = 1;
}
header( "location: index.php?admin=1" );
}
else
{
$err->adderror( 1 );
if ( isset( $_POST['interface_lang'] ) )
{
if ( setcookie( "interface_lang", $_POST['interface_lang'], time( ) + 999999 ) )
{
$mysqlclass->close_db( );
exit( "ERROR" );
}
}
if ( setcookie( "interface_lang", "en", time( ) + 3600 ) )
{
$mysqlclass->close_db( );
exit( "ERROR" );
}
$_SESSION['login_user'] = "0";
unset( $_SESSION['havesess'] );
header( "location: index.php?admin=1" );
}
$mysqlclass->close_db( );
exit( );
}
}
if ( $w_type == "client" )
{
$result = $mysqlclass->mysql_my_query( "SELECT `parent` FROM `".$setupdata['table_prefix']."client_data` WHERE `name`='id_login' && `value`='".$w_user."'", 144, __FILE__ );
if ( mysql_num_rows( $result ) == 1 )
{
$row = mysql_fetch_array( $result, MYSQL_ASSOC );
$uid = $row['parent'];
$result = $mysqlclass->mysql_my_query( "SELECT `value` FROM `".$setupdata['table_prefix']."client_data` WHERE `name`='id_pass' && `parent`=".$row['parent'], 148, __FILE__ );
if ( mysql_num_rows( $result ) == 1 )
{
$row = mysql_fetch_array( $result, MYSQL_ASSOC );
$w_user_t = $w_user;
$w_pass_t = $row['value'];
}
else
{
$w_user_t = "";
$w_pass_t = "";
}
}
else
{
$uid = "";
$w_user_t = "";
$w_pass_t = "";
}
if ( $uid != "" )
{
$result = $mysqlclass->mysql_my_query( "SELECT `id` FROM `".$setupdata['table_prefix']."client` WHERE `id`='".$uid."'", 156, __FILE__ );
if ( mysql_num_rows( $result ) == 0 )
{
$uid = "";
}
}
$ses_id = session_id( );
$w_pass = strtoupper( md5( $w_pass ) );
$w_pass_t = strtoupper( $w_pass_t );
if ( !( $w_user == $w_user_t ) || !( $w_pass == $w_pass_t ) || $uid != "" || $w_user == $system_user && $w_pass == $system_pass )
{
if ( $w_user == $system_user )
{
$logged_user = $system_id;
}
else
{
$logged_user = $uid;
}
$_SESSION['client_login_id'] = $logged_user;
if ( isset( $_POST['remembeme'] ) && $_POST['remembeme'] == "1" )
{
if ( setcookie( "client_username", $w_user, time( ) + 3600 ) )
{
$mysqlclass->close_db( );
exit( "ERROR" );
}
if ( setcookie( "client_password", $w_pass, time( ) + 3600 ) )
{
$mysqlclass->close_db( );
exit( "ERROR" );
}
}
setcookie( "client_username", "", time( ) - 3600 );
setcookie( "client_password", "", time( ) - 3600 );
$tm = date( "YmdHis" );
$mysqlclass->mysql_my_query( "DELETE FROM `".$setupdata['table_prefix']."sessions` WHERE `userid` = ".$_SESSION['client_login_id']." AND `status`='client'", 180, __FILE__ );
$mysqlclass->mysql_my_query( "DELETE FROM `".$setupdata['table_prefix']."sessions` WHERE `sesid` = '".$ses_id."' AND `status`='client'", 181, __FILE__ );
$mysqlclass->mysql_my_query( "UPDATE `".$setupdata['table_prefix']."client` SET `lastlogin`='".$tm."' WHERE ".$_SESSION['client_login_id']."=`id`", 182, __FILE__ );
$res = $mysqlclass->mysql_my_query( "INSERT INTO `".$setupdata['table_prefix']."sessions` values('".$ses_id."', '".$_SESSION['client_login_id']."', '".$_SERVER['REMOTE_ADDR']."', '".$tm."', '".$tm."', 'client')", 183, __FILE__ );
if ( $res )
{
$x = parse_url( $setupdata['base_href'] );
$_SESSION['client_havesess'] = 1;
}
}
else
{
$err->adderror( 1, "client" );
$_SESSION['client_login_id'] = "0";
unset( $_SESSION['client_havesess'] );
}
}
else
{
header( "location: ".$url );
}
$ses->save_ses( );
?>
