Ejemplo n.º 1
0
<?php

// txt-db-api library: http://www.c-worker.ch/txtdbapi/index_eng.php
require_once "php-txt-db/txt-db-api.php";
require_once "login.php";
require_once "auth.php";
require_once "navigation.php";
// Allow users to use the back button without re-posting data
header("Cache-Control: private");
// Bypass Chrome's XSS check/block
header("X-XSS-Protection: 0");
// Init global variables
$db = new Database("pancoin");
$user = new User($db);
// Check for logout and maybe display login page
if ($_GET['action'] == 'logout') {
    $user->_logout();
    display_login();
    exit;
}
// Validate user and maybe display login page
if (!validate_user($user)) {
    display_login();
    exit;
}
Ejemplo n.º 2
0
function do_login()
{
    global $db, $db2;
    if (!isset($_POST['galaxy']) || empty($_POST['name']) || empty($_POST['password'])) {
        display_login('Per favore compila tutti i campi');
        return 1;
    }
    $galaxy = (int) $_POST['galaxy'];
    switch ($galaxy) {
        case 0:
            $mydb = $db;
            break;
        case 1:
            $mydb = $db2;
            break;
    }
    $pass = md5($_POST['password']);
    $sql = 'SELECT *

            FROM user

            WHERE user_loginname = "' . addslashes($_POST['name']) . '"';
    if (($login_user = $mydb->queryrow($sql)) === false) {
        display_login('Impossibile connettersi al database');
    }
    if (empty($login_user['user_id'])) {
        display_login('Utente non esistente');
        return 1;
    }
    // 29/03/11 - AC: Add ip log tracking
    //$mydb->lock('user_iplog');
    $sql = 'SELECT * FROM user_iplog WHERE user_id = ' . $login_user['user_id'] . ' ORDER BY id DESC LIMIT 1';
    if (($user_iplog = $mydb->queryrow($sql)) === false) {
        display_login('Impossibile leggere i dati ip log');
        return 1;
    }
    if ($user_iplog['ip'] != $_SERVER["REMOTE_ADDR"] || empty($user_iplog['id'])) {
        $sql = 'INSERT INTO user_iplog (user_id, ip, time) VALUES (' . $login_user['user_id'] . ',"' . $_SERVER["REMOTE_ADDR"] . '",' . time() . ')';
        $mydb->query($sql);
    }
    //$mydb->unlock('user_iplog');
    // end ip log tracking
    $cookie_data = array('id' => $login_user['user_id']);
    $cookie_data['galaxy'] = $galaxy;
    if ($login_user['user_password'] == $pass) {
        $cookie_data['passwd'] = $pass;
    } else {
        display_login('Nome/Password errati');
        return 1;
    }
    if ($login_user['user_auth_level'] == 3) {
        $cookie_data['auth_level'] = $login_user['user_auth_level'];
    } else {
        display_login('Utente non abilitato');
        return 1;
    }
    if (!setcookie('stgcsupport_session', base64_encode(serialize($cookie_data)), time() + 60 * 60 * 24 * 30)) {
        display_login('Non &egrave; stato possibile impostare alcuna sessione cookie, per favore controlla le impostazioni di sicurezza cookie del browser');
        return 1;
    }
    header('Location: index.php?p=home');
    return 1;
}