function main() { global $auth; if ($_REQUEST['action'] == 'delete' && $auth){ delete(); } elseif ($_REQUEST['action'] == 'list' && $auth){ view_list(); } elseif ($_REQUEST['action'] == 'banip' && $auth){ banip(); } elseif ($_REQUEST['action'] == 'search' && $auth){ search(); } elseif ($_REQUEST['action'] == 'bannedlist' && $auth){ bannedlist(); } elseif ($_REQUEST['action'] == 'unbanip' && $auth){ unbanip(); } elseif ($_REQUEST['action'] == 'logout'){ logout(); } elseif (1) { login_screen(); } }
echo html_scrub($name); ?> " SIZE="40" MAXLENGTH="50"> <P> <B>Someone who believes that...</B><BR> <textarea name="description" rows="6" cols="80"><?php echo html_scrub($description); ?> </textarea></p> <p><span class="ptitle">Privacy notes:</span> By creating a policy you are making your user name <b><?php echo user_getname(); ?> </b> and the policy's voting record public. <p><INPUT TYPE="SUBMIT" NAME="submit" VALUE="Make Policy"> </FORM> <p>If you like you can <a href="/forum/viewforum.php?f=1">discuss policies on our forum</a>. <?php } pw_footer(); } else { login_screen(); } ?>
function foaf_password($config, $realm, $authreqissuer) { /* print "<pre>"; print_r($_SERVER); print "</pre>"; */ if (empty($_SERVER['HTTP_AUTHORIZATION'])) { header('HTTP/1.1 401 Unauthorized'); header('WWW-Authenticate: Digest realm="' . $realm . '",qop="auth,auth-int",nonce="' . uniqid() . '",opaque="' . md5($realm) . '"'); // failed_password_check('Authentication was cancelled', $authreqissuer); die; } // analyze the PHP_AUTH_DIGEST variable if (!($data = http_digest_parse($_SERVER['HTTP_AUTHORIZATION']))) { failed_password_check('HTTP Digest was incomplete', $authreqissuer); } //$uri = 'http://'. $data['username']; $uri = $data['username']; $uri = urldecode($uri); if (!is_valid_url($uri)) { // $errmsg = "Authentication Failed - $uri is not a valid username for this service"; // failed_password_check($errmsg, $authreqissuer); $agent = NULL; } else { $agent = get_agent($uri); } // set up db $db = new db_class(); $db->connect('localhost', $config['db_user'], $config['db_pwd'], $config['db_name']); $webid = isset($agent) ? $agent['agent']['webid'] : ''; // $sql ='select password from passwords where webid="'. $webid . '" or mbox = "' . $data['username'] . '" and active = 1 and verified_mbox = 1 '; $sql = 'select password from passwords where webid="' . $webid . '" and active = 1 and verified_mbox = 1 '; // print $sql . "<br/>"; $results = $db->select($sql); if ($row = mysql_fetch_assoc($results)) { $pin = $row['password']; // generate the valid response $A1 = md5($data['username'] . ':' . $realm . ':' . $pin); $A2 = md5($_SERVER['REQUEST_METHOD'] . ':' . $data['uri']); $valid_response = md5($A1 . ':' . $data['nonce'] . ':' . $data['nc'] . ':' . $data['cnonce'] . ':' . $data['qop'] . ':' . $A2); /* print "<br/>A1 = md5 ( username= "******" :realm= " . $realm . " :password/pin= ". $pin . ")<br/>"; print "A2 = md5 ( request_method = " . $_SERVER['REQUEST_METHOD']. " uri = " . $data['uri'] . ")<br/>"; print "valid = md5 ( A1 : nonce= " . $data['nonce'] . " :nc= " . $data['nc'] . " :cnonce= " . $data['cnonce'] . " :qop= " . $data['qop'] . ")<br/>"; print "valid response = " . $valid_response . "<br/><br/>"; print "http digest response = " . $data['response'] . "<br/><br/>"; */ if ($valid_response == $data['response']) { // print "auth " . $authreqissuer . "<br/><br/>"; // print "webid " . $agent['agent']['webid'] . "<br/><br/>"; if (isset($authreqissuer)) { webid_redirect($authreqissuer, $agent['agent']['webid']); } else { login_screen($agent['agent']['webid']); } } else { failed_password_check('FOAF Password doesnot match', $authreqissuer); } } else { failed_password_check('FOAF Password doesnot match', $authreqissuer); } }
} // All match, set login variable and store username in cookie $_SESSION["login_username"] = $http_username; $_SESSION["valid_login"] = TRUE; header("Location: index.php?menu=home"); exit; } } // Log invalid attempts write_log("Invalid Login from IP: " . $_SERVER['REMOTE_ADDR'] . " trying Username:[" . filter_sql($http_username) . "] with Password:[" . filter_sql($http_password) . "]", "GU"); } log_ip("GU", 100); // Avoid flood-brute password guessing sleep(1); // One second delay to help prevent brute force attack login_screen("Login Failed"); exit; } if ($_SESSION["valid_login"] == TRUE) { //**************************************************************************** if (mysql_connect(MYSQL_IP, MYSQL_USERNAME, MYSQL_PASSWORD) == FALSE) { home_screen('ERROR', '<font color="red"><strong>Could Not Connect To Database</strong></font>', '', ''); exit; } if (mysql_select_db(MYSQL_DATABASE) == FALSE) { home_screen('ERROR', '<font color="red"><strong>Could Not Select Database</strong></font>', '', ''); exit; } //**************************************************************************** if ($_GET["menu"] == "home" || empty($_GET["menu"]) == TRUE) { $my_public_key = my_public_key();
$m_name = $u_data[1]; $m_email = $u_data[3]; $m_pass = PasswordGenerator(7) . rand(1, 99); $u_lines .= $u_data[0] . DELIMITER . $u_data[1] . DELIMITER . sha1($m_pass) . DELIMITER . $u_data[3] . DELIMITER . $u_data[4] . DELIMITER . $u_data[5] . DELIMITER . $u_data[6] . DELIMITER . $u_data[7] . DELIMITER . $_SERVER['REMOTE_ADDR'] . DELIMITER . $u_data[9] . DELIMITER . $u_data[10] . DELIMITER . $u_data[11] . DELIMITER . $u_data[12] . DELIMITER . $u_data[13] . DELIMITER . $u_data[14] . DELIMITER . $u_data[15] . DELIMITER . $u_data[16] . DELIMITER . $u_data[17] . DELIMITER . $u_data[18] . DELIMITER . $u_data[19] . DELIMITER . $u_data[20] . DELIMITER . $u_data[21] . DELIMITER . $u_data[22] . DELIMITER . $u_data[23] . DELIMITER . $u_data[24] . DELIMITER . $u_data[25] . DELIMITER . $u_data[26] . DELIMITER . $u_data[27] . DELIMITER . trim($u_data[28]) . DELIMITER . $u_data[29] . DELIMITER . $u_data[30] . DELIMITER . $u_data[31] . DELIMITER . $u_data[32] . DELIMITER . trim($u_data[33]) . "\n"; } else { $continue = false; $status_error = $u_data[5]; } } else { $u_lines .= $single_line; } } if ($continue) { if (@mail($m_email, $lang['login_lost_pass_mail_subject'], str_replace('%link%', $conf['admin_url'] . '/', $lang['login_lost_pass_mail_text']) . ' ' . $m_pass, "From: robot@mnewscms.com") && mn_put_contents($file['users'], $u_lines)) { header('location: ./mn-login.php?back=pass-sent'); exit; } else { login_screen($lang['login_msg_pass_not_sent'], $lang['login_msg_pass_not_sent'], 'error'); } } else { login_screen($lang['login_lost_pass_wrong_values'], $lang['login_lost_pass_wrong_values'], 'error'); } } elseif (isset($_GET['back']) && $_GET['back'] == 'loggedout') { login_screen($lang['login_login'], $lang['login_msg_logged_out'], 'info'); } elseif (isset($_GET['back']) && $_GET['back'] == 'auto-loggedout') { login_screen($lang['login_login'], $lang['login_msg_auto_logged_out'], 'info'); } elseif (isset($_GET['back']) && $_GET['back'] == 'pass-sent') { login_screen($lang['login_msg_pass_sent'], $lang['login_msg_pass_sent'], 'ok'); } else { login_screen($lang['login_login']); }