if ($l == $config['admin_user'] and $p == $config['admin_pass']) { # Reset our randoms $now = time(); $str1 = generate_random_block(); $str2 = generate_random_block(); $query = "UPDATE " . $infrespconfig . "\n\t\t SET random_timestamp = '{$now}',\n\t\t random_str_1 = '{$str1}',\n\t\t random_str_2 = '{$str2}'"; $DB_result = mysql_query($query) or die("Invalid query: " . mysql_error()); $config['random_timestamp'] = $now; $config['random_str_1'] = $str1; $config['random_str_2'] = $str2; # Init our session data $_SESSION['initialized'] = TRUE; $_SESSION['timestamp'] = time(); $_SESSION['last_IP'] = $_SERVER['REMOTE_ADDR']; $_SESSION['l'] = md5(WebEncrypt($l, $config['random_str_1'])); $_SESSION['p'] = md5(WebEncrypt($p, $config['random_str_2'])); # Redirect $redir_URL = $siteURL . $ResponderDirectory . '/admin.php?action=list'; header("Location: {$redir_URL}"); print "<br>\n"; print "If your browser doesn't support redirects then you'll need to <A HREF=\"{$redir_URL}\">click here.</A><br>\n"; print "<br>\n"; die; } else { # Template top include 'templates/open.page.php'; print "<br />\n"; if ($_REQUEST['login'] != "" && $_REQUEST['pword'] != "") { print "<p class=\"err_msg\">Error: Invalid Login/Password.</p><br />\n"; } # ------ Admin login panel -------
function User_Auth() { global $config; # Start the session session_start(); # Is the session even here? if ($_SESSION['initialized'] != TRUE) { # Nope, it's not initialized... reset_user_session(); return FALSE; } # Check IP address against last known... if ($_SESSION['last_IP'] != $_SERVER['REMOTE_ADDR']) { # Not the same, reset the session and return FALSE reset_user_session(); return FALSE; } # Check session timestamp if (time() >= $_SESSION['timestamp'] + 10800) { # 3 hours of inactivity kills a session reset_user_session(); return FALSE; } # Test the login and pass $test_user = md5(WebEncrypt($config['admin_user'], $config['random_str_1'])); $test_pass = md5(WebEncrypt($config['admin_pass'], $config['random_str_2'])); if ($_SESSION['l'] == $test_user && $_SESSION['p'] == $test_pass) { # Update the session details, we're good! $_SESSION['timestamp'] = time(); return TRUE; } }