header('Location: ' . 'http://' . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']) . '/index.php?action=locked'); die; } else { if ($account == '3') { //Okay session_regenerate_id(true); $_SESSION['cmtx_username'] = $_POST['username']; $_SESSION['cmtx_password'] = md5($_POST['password']); $_SESSION['cmtx_csrf_key'] = cmtx_get_random_key(20); $_SESSION['cmtx_user_agent'] = $_SERVER['HTTP_USER_AGENT']; $_SESSION['cmtx_user_lang'] = $_SERVER['HTTP_ACCEPT_LANGUAGE']; $_SESSION['cmtx_ip_address'] = cmtx_get_ip_address(); session_write_close(); cmtx_db_query("UPDATE `" . $cmtx_mysql_table_prefix . "admins` SET `last_login` = NOW() WHERE `id` = '" . cmtx_get_admin_id() . "'"); cmtx_db_query("UPDATE `" . $cmtx_mysql_table_prefix . "admins` SET `resets` = '0' WHERE `id` = '" . cmtx_get_admin_id() . "'"); cmtx_db_query("UPDATE `" . $cmtx_mysql_table_prefix . "admins` SET `login_attempts` = '0' WHERE `id` = '" . cmtx_get_admin_id() . "'"); cmtx_delete_attempts(); cmtx_db_query("UPDATE `" . $cmtx_mysql_table_prefix . "logins` SET `dated` = NOW() ORDER BY `dated` ASC LIMIT 1"); header('Location: ' . 'http://' . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']) . '/index.php?page=dashboard'); die; } else { //Wrong if (!cmtx_setting('is_demo')) { cmtx_add_attempt(); } header('Location: ' . 'http://' . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']) . '/index.php?action=attempt'); die; } } } } else {
echo $_GET['page']; ?> " target="_blank"><?php echo CMTX_LINK_HELP; ?> </a> </div> <h3><?php echo CMTX_TITLE_ADMIN; ?> </h3> <hr class="title"/> <?php $admin_id = cmtx_get_admin_id(); ?> <?php if (isset($_POST['submit']) && cmtx_setting('is_demo')) { ?> <div class="warning"><?php echo CMTX_MSG_DEMO; ?> </div> <div style="clear: left;"></div> <?php } else { if (isset($_POST['submit'])) { cmtx_check_csrf_form_key(); $username = $_POST['username'];
function cmtx_restrict_page($page) { //check whether page is restricted global $cmtx_mysql_table_prefix; $allowed_pages_query = cmtx_db_query("SELECT * FROM `" . $cmtx_mysql_table_prefix . "admins` WHERE `id` = '" . cmtx_get_admin_id() . "'"); $allowed_pages_result = cmtx_db_fetch_assoc($allowed_pages_query); $restrict_pages = $allowed_pages_result['restrict_pages']; $allowed_pages = $allowed_pages_result['allowed_pages']; if ($page != 'dashboard' && $restrict_pages && !in_array($page, explode(',', $allowed_pages))) { return true; } else { return false; } }