mirror of
https://github.com/Froxlor/Froxlor.git
synced 2024-09-21 10:27:29 +00:00
Update index.php
This commit is contained in:
Axel Guckelsberger
parent
413461364d
commit
f6a729df87
246
index.php
246
index.php
@ -22,106 +22,74 @@ define('AREA', 'login');
|
||||
/**
|
||||
* Include our init.php, which manages Sessions, Language etc.
|
||||
*/
|
||||
require ('./lib/init.php');
|
||||
|
||||
require ("./lib/init.php");
|
||||
|
||||
if($action == '')
|
||||
{
|
||||
if ($action == '') {
|
||||
$action = 'login';
|
||||
}
|
||||
|
||||
if($action == 'login')
|
||||
{
|
||||
if(isset($_POST['send'])
|
||||
&& $_POST['send'] == 'send')
|
||||
{
|
||||
if ($action == 'login') {
|
||||
if (isset($_POST['send'])
|
||||
&& $_POST['send'] == 'send'
|
||||
) {
|
||||
$loginname = validate($_POST['loginname'], 'loginname');
|
||||
$password = validate($_POST['password'], 'password');
|
||||
|
||||
$row = $db->query_first("SELECT `loginname` AS `customer` FROM `" . TABLE_PANEL_CUSTOMERS . "` WHERE `loginname`='" . $db->escape($loginname) . "'");
|
||||
|
||||
if($row['customer'] == $loginname)
|
||||
{
|
||||
if ($row['customer'] == $loginname) {
|
||||
$table = "`" . TABLE_PANEL_CUSTOMERS . "`";
|
||||
$uid = 'customerid';
|
||||
$adminsession = '0';
|
||||
$is_admin = false;
|
||||
}
|
||||
else
|
||||
{
|
||||
if((int)$settings['login']['domain_login'] == 1)
|
||||
{
|
||||
} else {
|
||||
$is_admin = true;
|
||||
if ((int)$settings['login']['domain_login'] == 1) {
|
||||
/**
|
||||
* check if the customer tries to login with a domain, #374
|
||||
*/
|
||||
$domainname = $idna_convert->encode(preg_replace(Array('/\:(\d)+$/', '/^https?\:\/\//'), '', $loginname));
|
||||
$row2 = $db->query_first("SELECT `customerid` FROM `".TABLE_PANEL_DOMAINS."` WHERE `domain` = '".$db->escape($domainname)."'");
|
||||
|
||||
if(isset($row2['customerid']) && $row2['customerid'] > 0)
|
||||
{
|
||||
if (isset($row2['customerid']) && $row2['customerid'] > 0) {
|
||||
$loginname = getCustomerDetail($row2['customerid'], 'loginname');
|
||||
|
||||
if($loginname !== false)
|
||||
{
|
||||
if ($loginname !== false) {
|
||||
$row3 = $db->query_first("SELECT `loginname` AS `customer` FROM `" . TABLE_PANEL_CUSTOMERS . "` WHERE `loginname`='" . $db->escape($loginname) . "'");
|
||||
|
||||
if($row3['customer'] == $loginname)
|
||||
{
|
||||
if ($row3['customer'] == $loginname) {
|
||||
$table = "`" . TABLE_PANEL_CUSTOMERS . "`";
|
||||
$uid = 'customerid';
|
||||
$adminsession = '0';
|
||||
$is_admin = false;
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
$is_admin = true;
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
$is_admin = true;
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
$is_admin = true;
|
||||
}
|
||||
}
|
||||
|
||||
if(hasUpdates($version) && $is_admin == false)
|
||||
{
|
||||
if (hasUpdates($version) && $is_admin == false) {
|
||||
redirectTo('index.php');
|
||||
exit;
|
||||
}
|
||||
|
||||
if($is_admin)
|
||||
{
|
||||
if(hasUpdates($version))
|
||||
{
|
||||
if ($is_admin) {
|
||||
if (hasUpdates($version)) {
|
||||
$row = $db->query_first("SELECT `loginname` AS `admin` FROM `" . TABLE_PANEL_ADMINS . "` WHERE `loginname`='" . $db->escape($loginname) . "' AND `change_serversettings` = '1'");
|
||||
/*
|
||||
* not an admin who can see updates
|
||||
*/
|
||||
if(!isset($row['admin']))
|
||||
{
|
||||
if (!isset($row['admin'])) {
|
||||
redirectTo('index.php');
|
||||
exit;
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
} else {
|
||||
$row = $db->query_first("SELECT `loginname` AS `admin` FROM `" . TABLE_PANEL_ADMINS . "` WHERE `loginname`='" . $db->escape($loginname) . "'");
|
||||
}
|
||||
|
||||
if($row['admin'] == $loginname)
|
||||
{
|
||||
if ($row['admin'] == $loginname) {
|
||||
$table = "`" . TABLE_PANEL_ADMINS . "`";
|
||||
$uid = 'adminid';
|
||||
$adminsession = '1';
|
||||
}
|
||||
else
|
||||
{
|
||||
} else {
|
||||
redirectTo('index.php', Array('showmessage' => '2'), true);
|
||||
exit;
|
||||
}
|
||||
@ -129,64 +97,48 @@ if($action == 'login')
|
||||
|
||||
$userinfo = $db->query_first("SELECT * FROM $table WHERE `loginname`='" . $db->escape($loginname) . "'");
|
||||
|
||||
if($userinfo['loginfail_count'] >= $settings['login']['maxloginattempts']
|
||||
&& $userinfo['lastlogin_fail'] > (time() - $settings['login']['deactivatetime']))
|
||||
{
|
||||
if ($userinfo['loginfail_count'] >= $settings['login']['maxloginattempts']
|
||||
&& $userinfo['lastlogin_fail'] > (time() - $settings['login']['deactivatetime'])
|
||||
) {
|
||||
redirectTo('index.php', Array('showmessage' => '3'), true);
|
||||
exit;
|
||||
}
|
||||
elseif($userinfo['password'] == md5($password))
|
||||
{
|
||||
} elseif($userinfo['password'] == md5($password)) {
|
||||
// login correct
|
||||
// reset loginfail_counter, set lastlogin_succ
|
||||
|
||||
$db->query("UPDATE $table SET `lastlogin_succ`='" . time() . "', `loginfail_count`='0' WHERE `$uid`='" . (int)$userinfo[$uid] . "'");
|
||||
$userinfo['userid'] = $userinfo[$uid];
|
||||
$userinfo['adminsession'] = $adminsession;
|
||||
}
|
||||
else
|
||||
{
|
||||
} else {
|
||||
// login incorrect
|
||||
|
||||
$db->query("UPDATE $table SET `lastlogin_fail`='" . time() . "', `loginfail_count`=`loginfail_count`+1 WHERE `$uid`='" . (int)$userinfo[$uid] . "'");
|
||||
unset($userinfo);
|
||||
redirectTo('index.php', Array('showmessage' => '2'), true);
|
||||
exit;
|
||||
}
|
||||
|
||||
if(isset($userinfo['userid'])
|
||||
&& $userinfo['userid'] != '')
|
||||
{
|
||||
if (isset($userinfo['userid'])
|
||||
&& $userinfo['userid'] != ''
|
||||
) {
|
||||
$s = md5(uniqid(microtime(), 1));
|
||||
|
||||
if(isset($_POST['language']))
|
||||
{
|
||||
if (isset($_POST['language'])) {
|
||||
$language = validate($_POST['language'], 'language');
|
||||
|
||||
if($language == 'profile')
|
||||
{
|
||||
if ($language == 'profile') {
|
||||
$language = $userinfo['def_language'];
|
||||
}
|
||||
elseif(!isset($languages[$language]))
|
||||
{
|
||||
} elseif(!isset($languages[$language])) {
|
||||
$language = $settings['panel']['standardlanguage'];
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
} else {
|
||||
$language = $settings['panel']['standardlanguage'];
|
||||
}
|
||||
|
||||
if(isset($userinfo['theme']) && $userinfo['theme'] != '') {
|
||||
if (isset($userinfo['theme']) && $userinfo['theme'] != '') {
|
||||
$theme = $userinfo['theme'];
|
||||
}
|
||||
else
|
||||
{
|
||||
} else {
|
||||
$theme = $settings['panel']['default_theme'];
|
||||
}
|
||||
|
||||
if($settings['session']['allow_multiple_login'] != '1')
|
||||
{
|
||||
if ($settings['session']['allow_multiple_login'] != '1') {
|
||||
$db->query("DELETE FROM `" . TABLE_PANEL_SESSIONS . "` WHERE `userid` = '" . (int)$userinfo['userid'] . "' AND `adminsession` = '" . $db->escape($userinfo['adminsession']) . "'");
|
||||
}
|
||||
|
||||
@ -195,56 +147,41 @@ if($action == 'login')
|
||||
$columns = mysql_num_fields($fields);
|
||||
$field_array = array();
|
||||
for ($i = 0; $i < $columns; $i++) {
|
||||
$field_array[] = mysql_field_name($fields, $i);
|
||||
$field_array[] = mysql_field_name($fields, $i);
|
||||
}
|
||||
|
||||
if (!in_array('theme', $field_array)) {
|
||||
if (!in_array('theme', $field_array)) {
|
||||
$db->query("INSERT INTO `" . TABLE_PANEL_SESSIONS . "` (`hash`, `userid`, `ipaddress`, `useragent`, `lastactivity`, `language`, `adminsession`) VALUES ('" . $db->escape($s) . "', '" . (int)$userinfo['userid'] . "', '" . $db->escape($remote_addr) . "', '" . $db->escape($http_user_agent) . "', '" . time() . "', '" . $db->escape($language) . "', '" . $db->escape($userinfo['adminsession']) . "')");
|
||||
} else {
|
||||
$db->query("INSERT INTO `" . TABLE_PANEL_SESSIONS . "` (`hash`, `userid`, `ipaddress`, `useragent`, `lastactivity`, `language`, `adminsession`, `theme`) VALUES ('" . $db->escape($s) . "', '" . (int)$userinfo['userid'] . "', '" . $db->escape($remote_addr) . "', '" . $db->escape($http_user_agent) . "', '" . time() . "', '" . $db->escape($language) . "', '" . $db->escape($userinfo['adminsession']) . "', '" . $db->escape($theme) . "')");
|
||||
}
|
||||
} else {
|
||||
$db->query("INSERT INTO `" . TABLE_PANEL_SESSIONS . "` (`hash`, `userid`, `ipaddress`, `useragent`, `lastactivity`, `language`, `adminsession`, `theme`) VALUES ('" . $db->escape($s) . "', '" . (int)$userinfo['userid'] . "', '" . $db->escape($remote_addr) . "', '" . $db->escape($http_user_agent) . "', '" . time() . "', '" . $db->escape($language) . "', '" . $db->escape($userinfo['adminsession']) . "', '" . $db->escape($theme) . "')");
|
||||
}
|
||||
|
||||
if($userinfo['adminsession'] == '1')
|
||||
{
|
||||
if(hasUpdates($version))
|
||||
{
|
||||
if ($userinfo['adminsession'] == '1') {
|
||||
if (hasUpdates($version)) {
|
||||
redirectTo('admin_updates.php', Array('s' => $s), true);
|
||||
exit;
|
||||
}
|
||||
else
|
||||
{
|
||||
} else {
|
||||
redirectTo('admin_index.php', Array('s' => $s), true);
|
||||
exit;
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
} else {
|
||||
redirectTo('customer_index.php', Array('s' => $s), true);
|
||||
exit;
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
} else {
|
||||
redirectTo('index.php', Array('showmessage' => '2'), true);
|
||||
exit;
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
exit;
|
||||
} else {
|
||||
$language_options = '';
|
||||
$language_options.= makeoption($lng['login']['profile_lng'], 'profile', 'profile', true, true);
|
||||
$language_options .= makeoption($lng['login']['profile_lng'], 'profile', 'profile', true, true);
|
||||
|
||||
while(list($language_file, $language_name) = each($languages))
|
||||
{
|
||||
$language_options.= makeoption($language_name, $language_file, 'profile', true);
|
||||
while (list($language_file, $language_name) = each($languages)) {
|
||||
$language_options .= makeoption($language_name, $language_file, 'profile', true);
|
||||
}
|
||||
|
||||
$smessage = isset($_GET['showmessage']) ? (int)$_GET['showmessage'] : 0;
|
||||
$message = '';
|
||||
$successmessage = '';
|
||||
|
||||
switch($smessage)
|
||||
{
|
||||
switch ($smessage) {
|
||||
case 1:
|
||||
$successmessage = $lng['pwdreminder']['success'];
|
||||
break;
|
||||
@ -264,23 +201,21 @@ if($action == 'login')
|
||||
}
|
||||
|
||||
$update_in_progress = '';
|
||||
if(hasUpdates($version))
|
||||
{
|
||||
if (hasUpdates($version)) {
|
||||
$update_in_progress = $lng['update']['updateinprogress_onlyadmincanlogin'];
|
||||
}
|
||||
|
||||
eval("echo \"" . getTemplate("login") . "\";");
|
||||
eval("echo \"" . getTemplate('login') . "\";");
|
||||
}
|
||||
}
|
||||
|
||||
if($action == 'forgotpwd')
|
||||
{
|
||||
if ($action == 'forgotpwd') {
|
||||
$adminchecked = false;
|
||||
$message = '';
|
||||
|
||||
if(isset($_POST['send'])
|
||||
&& $_POST['send'] == 'send')
|
||||
{
|
||||
if (isset($_POST['send'])
|
||||
&& $_POST['send'] == 'send'
|
||||
) {
|
||||
$loginname = validate($_POST['loginname'], 'loginname');
|
||||
$email = validateEmail($_POST['loginemail'], 'email');
|
||||
$sql = "SELECT `adminid`, `customerid`, `firstname`, `name`, `company`, `email`, `loginname`, `def_language`, `deactivated` FROM `" . TABLE_PANEL_CUSTOMERS . "`
|
||||
@ -288,64 +223,48 @@ if($action == 'forgotpwd')
|
||||
AND `email`='" . $db->escape($email) . "'";
|
||||
$result = $db->query($sql);
|
||||
|
||||
if($db->num_rows() == 0)
|
||||
{
|
||||
if ($db->num_rows() == 0) {
|
||||
$sql = "SELECT `adminid`, `name`, `email`, `loginname`, `def_language` FROM `" . TABLE_PANEL_ADMINS . "`
|
||||
WHERE `loginname`='" . $db->escape($loginname) . "'
|
||||
AND `email`='" . $db->escape($email) . "'";
|
||||
$result = $db->query($sql);
|
||||
|
||||
if($db->num_rows() > 0)
|
||||
{
|
||||
if ($db->num_rows() > 0) {
|
||||
$adminchecked = true;
|
||||
}
|
||||
else
|
||||
{
|
||||
} else {
|
||||
$result = null;
|
||||
}
|
||||
}
|
||||
|
||||
if($result !== null)
|
||||
{
|
||||
if ($result !== null) {
|
||||
$user = $db->fetch_array($result);
|
||||
|
||||
/* Check whether user is banned */
|
||||
if($user['deactivated'])
|
||||
{
|
||||
if ($user['deactivated']) {
|
||||
$message = $lng['pwdreminder']['notallowed'];
|
||||
redirectTo('index.php', Array('showmessage' => '5'), true);
|
||||
}
|
||||
|
||||
if(($adminchecked && $settings['panel']['allow_preset_admin'] == '1')
|
||||
|| $adminchecked == false)
|
||||
{
|
||||
if($user !== false)
|
||||
{
|
||||
if (($adminchecked && $settings['panel']['allow_preset_admin'] == '1')
|
||||
|| $adminchecked == false
|
||||
) {
|
||||
if ($user !== false) {
|
||||
if ($settings['panel']['password_min_length'] <= 6) {
|
||||
$password = substr(md5(uniqid(microtime(), 1)), 12, 6);
|
||||
} else {
|
||||
// make it two times larger than password_min_length
|
||||
$rnd = '';
|
||||
$minlength = $settings['panel']['password_min_length'];
|
||||
while (strlen($rnd) < ($minlength * 2))
|
||||
{
|
||||
while (strlen($rnd) < ($minlength * 2)) {
|
||||
$rnd .= md5(uniqid(microtime(), 1));
|
||||
}
|
||||
$password = substr($rnd, (int)($minlength / 2), $minlength);
|
||||
}
|
||||
|
||||
if($adminchecked)
|
||||
{
|
||||
$db->query("UPDATE `" . TABLE_PANEL_ADMINS . "` SET `password`='" . md5($password) . "'
|
||||
WHERE `loginname`='" . $user['loginname'] . "'
|
||||
AND `email`='" . $user['email'] . "'");
|
||||
}
|
||||
else
|
||||
{
|
||||
$db->query("UPDATE `" . TABLE_PANEL_CUSTOMERS . "` SET `password`='" . md5($password) . "'
|
||||
WHERE `loginname`='" . $user['loginname'] . "'
|
||||
AND `email`='" . $user['email'] . "'");
|
||||
}
|
||||
$passwordTable = $adminchecked ? TABLE_PANEL_ADMINS : TABLE_PANEL_CUSTOMERS;
|
||||
$db->query("UPDATE `" . $passwordTable . "` SET `password`='" . md5($password) . "'
|
||||
WHERE `loginname`='" . $user['loginname'] . "'
|
||||
AND `email`='" . $user['email'] . "'");
|
||||
|
||||
$rstlog = FroxlorLogger::getInstanceOf(array('loginname' => 'password_reset'), $db, $settings);
|
||||
$rstlog->logAction(USR_ACTION, LOG_WARNING, "Password for user '" . $user['loginname'] . "' has been reset!");
|
||||
@ -389,9 +308,7 @@ if($action == 'forgotpwd')
|
||||
$mail->ClearAddresses();
|
||||
redirectTo('index.php', Array('showmessage' => '1'), true);
|
||||
exit;
|
||||
}
|
||||
else
|
||||
{
|
||||
} else {
|
||||
$rstlog = FroxlorLogger::getInstanceOf(array('loginname' => 'password_reset'), $db, $settings);
|
||||
$rstlog->logAction(USR_ACTION, LOG_WARNING, "User '" . $loginname . "' tried to reset pwd but wasn't found in database!");
|
||||
$message = $lng['login']['combination_not_found'];
|
||||
@ -399,28 +316,21 @@ if($action == 'forgotpwd')
|
||||
|
||||
unset($user);
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
} else {
|
||||
$message = $lng['login']['usernotfound'];
|
||||
}
|
||||
}
|
||||
|
||||
if($adminchecked)
|
||||
{
|
||||
if($settings['panel']['allow_preset_admin'] != '1')
|
||||
{
|
||||
if ($adminchecked) {
|
||||
if ($settings['panel']['allow_preset_admin'] != '1') {
|
||||
$message = $lng['pwdreminder']['notallowed'];
|
||||
unset ($adminchecked);
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
if($settings['panel']['allow_preset'] != '1')
|
||||
{
|
||||
} else {
|
||||
if ($settings['panel']['allow_preset'] != '1') {
|
||||
$message = $lng['pwdreminder']['notallowed'];
|
||||
}
|
||||
}
|
||||
|
||||
eval("echo \"" . getTemplate("fpwd") . "\";");
|
||||
eval("echo \"" . getTemplate('fpwd') . "\";");
|
||||
}
|
||||
|
||||
Loading…
Reference in New Issue
Block a user