/** * This function is always called. It checks if: * - A user just logged in * - A user is logged in, or * - A 'persistent login' cookie is set * * If either of these is true, a new session is started, or an old session is revived. * If it's not right, the user is booted to the login screen. * * @see Login(), NewSession(), ReviveSession() * */ function CheckLogin() { global $Users, $Pivot_Vars, $Cfg, $Paths; // User is banned.. if (isset($Cfg['bn_' . $_SERVER['REMOTE_ADDR']])) { Login(1, 1, "User is banned"); } // added to not check for referers if no session id is given.. if (!isset($Pivot_Vars['session'])) { $uri = 'http://' . $Pivot_Vars['HTTP_HOST'] . $Pivot_Vars['SCRIPT_NAME']; if (strpos($Pivot_Vars['HTTP_REFERER'], $uri) != 0) { $Pivot_Vars['user'] = ''; Login(0, 2, "No session active."); } } // If we selected logout from the menu.. if (isset($Pivot_Vars['func']) && $Pivot_Vars['func'] == 'login' && isset($Pivot_Vars['do']) && $Pivot_Vars['do'] == 'logout') { setcookie('user', '', -9999, $Paths['cookie_url']); setcookie('pass', '', -9999, $Paths['cookie_url']); setcookie('mode', 'nothing', -9999, $Paths['cookie_url']); unset($Users[$Cfg['tempsessions'][$Pivot_Vars['session']][0]]['session']); unset($Cfg['tempsessions'][$Pivot_Vars['session']]); SaveSettings(); login(0, 3, "User logged off"); } // if the user has cookies set, but no session is active yet.. if (isset($_COOKIE['user']) && isset($_COOKIE['hash']) && $_COOKIE['mode'] == 'stayloggedin' && (!isset($Pivot_Vars['session']) || $Pivot_Vars['session'] == "")) { debug("attempted ReviveSession.."); // Try to revive an old Session.. ReviveSession(); } else { if ($Pivot_Vars['func'] == 'login' || $Pivot_Vars['do'] == 'login') { // if we've just logged in, reset the cookies, if necesary and start a new session.. debug("attempted login.."); if ($Users[$Pivot_Vars['user']]['pass'] == md5($Pivot_Vars['pass']) && $Users[$Pivot_Vars['user']]['userlevel'] > 0) { NewSession($Pivot_Vars['user']); } else { // add one to the failed login attempts. if (strlen($Pivot_Vars['user']) > 0) { $Cfg['fl_' . $_SERVER['REMOTE_ADDR']]++; } Login(1, 4, "Incorrect username or password"); } } else { // when running normally, the session stuff is updated. $Pivot_Vars['user'] = $Cfg['tempsessions'][$Pivot_Vars['session']][0]; $ip = substr($_SERVER['REMOTE_ADDR'], 0, strrpos($_SERVER['REMOTE_ADDR'], ".")); // calculated locally: user's pass + current session + ip we got from user $hash1 = md5(md5($Users[$Pivot_Vars['user']]['pass'] . $Pivot_Vars['session']) . $ip); // stored hash $hash2 = $Cfg['tempsessions'][$Pivot_Vars['session']][1]; // we check if the two hash matches with the one that was stored if ($hash1 != $hash2) { // if this is the case, something's not ok, so go back to login.. Login(0, 0, "No hacking, please"); } } } // If by this point no session is set, we will show the login screen.. if (strlen($Pivot_Vars['session']) == 0) { Login(0, 8, "Please log on. (if you keep getting this message, delete the cookies for this site)"); } // Update the timer, so we can keep the user logged in. if ($Cfg['tempsessions'][$Pivot_Vars['session']][2] - time() <= $Cfg['session_length'] / 4) { $Cfg['tempsessions'][$Pivot_Vars['session']][2] = $Cfg['tempsessions'][$Pivot_Vars['session']][2] + $Cfg['session_length']; } }
/** * Get the link to edit or delete trackbacks directly from the entrypage. * * @param integer $uid * @param integer $count * @return string */ function get_edittrackbacklink($uid = 0, $number) { global $Paths, $Pivot_Vars, $db; if (!defined('LIVEPAGE')) { // For generated pages we don't make the links $output = ""; } else { // For livepages we make the links.. if ($uid == 0) { $uid = $db->entry['code']; } if (isset($_COOKIE['user']) && isset($_COOKIE['hash']) && $_COOKIE['mode'] == 'stayloggedin' && (!isset($Pivot_Vars['session']) || $Pivot_Vars['session'] == "")) { // Try to revive an old Session.. ReviveSession(); } if (isset($Pivot_Vars['user']) && $Pivot_Vars['user'] != "") { $editlink = sprintf("%sindex.php?session=%s&menu=entries&func=edittrackbacks&id=%s", $Paths['pivot_url'], $Pivot_Vars['session'], $uid); $output = sprintf("(<a href='%s&edit=%s'>%s</a>", $editlink, $number, lang('general', 'edit')); $output .= sprintf(" / <a href='%s&del=%s'>%s</a>)", $editlink, $number, lang('general', 'delete')); } else { $output = ""; } } return $output; }