header("Cache-control: private"); /* * List of the external modules required */ require_once "../../version.php"; require_once "../bta_funcs.php"; /* * Get the client's IP address. Used for verifying access. */ $ip = str_replace("::ffff:", "", $_SERVER["REMOTE_ADDR"]); /* * Check to make sure person is logged in, and that the session * is actually theirs. */ if (!admIsLoggedIn($ip)) { admShowError("You can't access this page directly.", "You don't appear to be logged in. Use admin/index.php to login to the administrative interface.", $adm_pageerr_title); exit; } ?> <HTML> <HEAD> <META NAME="Author" CONTENT="danomac"> <LINK REL="stylesheet" HREF="../admin.css" TYPE="text/css" TITLE="Default"> <?php echo "<TITLE>Confirm action help - {$phpbttracker_id} {$phpbttracker_ver}</TITLE>\r\n"; ?> </HEAD> <BODY CLASS="help"> <P CLASS="help_title"><?php echo "{$phpbttracker_id} {$phpbttracker_ver} - Confirm action help"; ?>
* This is rather redundant. I know. */ $refererArray = explode("/", $_SESSION['refering_page']); $refererCount = count($refererArray); if ($refererArray[$refererCount - 1] != "index.php") { admShowError("You have to use admin/index.php to login to the administrative interface.", "If you are trying to access this file from another page you may get this error. Use bta_login.php to login to the administrative interface.", $adm_pageerr_title); exit; } //reset the refering page $_SESSION['refering_page'] = $_SERVER['PHP_SELF']; } /* * If the admin username and password are not set, terminate */ if (!isset($admin_user) || !isset($admin_pass) || strlen($admin_user) == 0 || strlen($admin_pass) == 0) { admShowError("Administration root username and/or password not set", "The administration system will not function until you set these in the configuration.", $adm_pageerr_title); exit; } /* * Check to see if this session is logged on already, if it is, go to the main page */ if (isset($_SESSION['authenticated'])) { if ($_SESSION['authenticated']) { $_SESSION['refering_page'] = ""; admShowMsg("You are logged in already.", "Redirecting to the main administration panel.", $adm_page_title, true, "bta_main.php", 3); } } /* * Output the HEAD tags needed. */ echo "<HTML>\r\n<HEAD>\r\n<META NAME=\"Author\" CONTENT=\"danomac\">\r\n";
/* * Group administration is not enabled, terminate */ admShowError("Invalid username/password", "Check your username and password and try again.", $adm_pageerr_title); exit; } } else { /* * The username entered matches the "root" password * Check to see if the hashes match for the password */ if (hmac_md5($_POST["id"], md5($admin_pass)) != $_POST["passmd5"]) { admShowError("Invalid username/password", "Check your username and password and try again.", $adm_pageerr_title); exit; } /* * Okay the root password matches, now set the permission variable */ $_SESSION["admin_perms"]["root"] = true; } } else { admShowError("There was a problem processing your request", "It appears you are trying to steal a session. Shame on you!", $adm_pageerr_title); } } /* * Wow. All the tests pass. There should be a variable set in _SESSION now to verify * that the login was successful. Also, we can now redirect to the "main" administration panel. */ $_SESSION['refering_page'] = ""; $_SESSION['authenticated'] = true; admShowMsg("Authenticated.", "Redirecting to the main administration panel.", $adm_page_title, true, "bta_main.php");
session_save_path($GLOBALS["webserver_farm_session_path"]); } } session_start(); header("Cache-control: private"); /* * There are some variables defined in this script that are needed, such as the * phpbttracker version strings. */ require_once "bta_funcs.php"; /* * Let's try to stay HTML 4.01 compliant. */ echo "<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.01 Transitional//EN\">\r\n"; /* * Let's see if the bta_login.php page was used by checking to see if there * is a session variable set with the page referrer. * If yes, then destroy the session and log out. */ if (!isset($_SESSION['authenticated'])) { admShowError("You are not logged in.", "Common sense states that before you attempt to log out, you should be logged in to the interface first!", $adm_pageerr_title); } else { //okay, destroy the session. admKillSession(); //ensure the session was destroyed, and display a message if (!isset($_SESSION['authenticated'])) { admShowMsg("You are now logged off.", "You will need to logon again to use the Administrative interface.", $adm_page_title . " - Logout"); } else { admShowError("ERROR: You are not logged off.", "Could not logoff for an unknown reason.", $adm_pageerr_title); } }