<?php // txt-db-api library: http://www.c-worker.ch/txtdbapi/index_eng.php require_once "php-txt-db/txt-db-api.php"; require_once "login.php"; require_once "auth.php"; require_once "navigation.php"; // Allow users to use the back button without re-posting data header("Cache-Control: private"); // Bypass Chrome's XSS check/block header("X-XSS-Protection: 0"); // Init global variables $db = new Database("pancoin"); $user = new User($db); // Check for logout and maybe display login page if ($_GET['action'] == 'logout') { $user->_logout(); display_login(); exit; } // Validate user and maybe display login page if (!validate_user($user)) { display_login(); exit; }
function do_login() { global $db, $db2; if (!isset($_POST['galaxy']) || empty($_POST['name']) || empty($_POST['password'])) { display_login('Per favore compila tutti i campi'); return 1; } $galaxy = (int) $_POST['galaxy']; switch ($galaxy) { case 0: $mydb = $db; break; case 1: $mydb = $db2; break; } $pass = md5($_POST['password']); $sql = 'SELECT * FROM user WHERE user_loginname = "' . addslashes($_POST['name']) . '"'; if (($login_user = $mydb->queryrow($sql)) === false) { display_login('Impossibile connettersi al database'); } if (empty($login_user['user_id'])) { display_login('Utente non esistente'); return 1; } // 29/03/11 - AC: Add ip log tracking //$mydb->lock('user_iplog'); $sql = 'SELECT * FROM user_iplog WHERE user_id = ' . $login_user['user_id'] . ' ORDER BY id DESC LIMIT 1'; if (($user_iplog = $mydb->queryrow($sql)) === false) { display_login('Impossibile leggere i dati ip log'); return 1; } if ($user_iplog['ip'] != $_SERVER["REMOTE_ADDR"] || empty($user_iplog['id'])) { $sql = 'INSERT INTO user_iplog (user_id, ip, time) VALUES (' . $login_user['user_id'] . ',"' . $_SERVER["REMOTE_ADDR"] . '",' . time() . ')'; $mydb->query($sql); } //$mydb->unlock('user_iplog'); // end ip log tracking $cookie_data = array('id' => $login_user['user_id']); $cookie_data['galaxy'] = $galaxy; if ($login_user['user_password'] == $pass) { $cookie_data['passwd'] = $pass; } else { display_login('Nome/Password errati'); return 1; } if ($login_user['user_auth_level'] == 3) { $cookie_data['auth_level'] = $login_user['user_auth_level']; } else { display_login('Utente non abilitato'); return 1; } if (!setcookie('stgcsupport_session', base64_encode(serialize($cookie_data)), time() + 60 * 60 * 24 * 30)) { display_login('Non è stato possibile impostare alcuna sessione cookie, per favore controlla le impostazioni di sicurezza cookie del browser'); return 1; } header('Location: index.php?p=home'); return 1; }