function logincheck() { if ($_SESSION['admin'] == '') { login_failed(); } if ($_SESSION['adminid'] == '') { login_failed(); } if ($_SESSION['ip'] != $_SERVER['REMOTE_ADDR']) { login_failed(); } if ($_SESSION['browser'] != $_SERVER['HTTP_USER_AGENT']) { login_failed(); } }
function logincheck() { if ($_SESSION['user']['timeout'] < date('U')) { login_failed(); } if ($_SESSION['user']['name'] == '') { login_failed(); } if ($_SESSION['user']['omni'] == '') { login_failed(); } if ($_SESSION['user']['ip'] != $_SERVER['REMOTE_ADDR']) { login_failed(); } if ($_SESSION['user']['browser'] != $_SERVER['HTTP_USER_AGENT']) { login_failed(); } }
function logInMember() { $redir = 'index.php'; if ($_POST['signIn'] != '') { if ($_POST['username'] != '' && $_POST['password'] != '') { $username = makeSafe(strtolower($_POST['username'])); $password = md5($_POST['password']); if (sqlValue("select count(1) from membership_users where lcase(memberID)='{$username}' and passMD5='{$password}' and isApproved=1 and isBanned=0") == 1) { $_SESSION['memberID'] = $username; $_SESSION['memberGroupID'] = sqlValue("select groupID from membership_users where lcase(memberID)='{$username}'"); if ($_POST['rememberMe'] == 1) { @setcookie('FWLDBA_rememberMe', md5($username . $password), time() + 86400 * 30); } else { @setcookie('FWLDBA_rememberMe', '', time() - 86400 * 30); } // hook: login_ok if (function_exists('login_ok')) { $args = array(); if (!($redir = login_ok(getMemberInfo(), $args))) { $redir = 'index.php'; } } redirect($redir); exit; } } // hook: login_failed if (function_exists('login_failed')) { $args = array(); login_failed(array('username' => $_POST['username'], 'password' => $_POST['password'], 'IP' => $_SERVER['REMOTE_ADDR']), $args); } if (!headers_sent()) { header('HTTP/1.0 403 Forbidden'); } redirect("index.php?loginFailed=1"); exit; } elseif ((!$_SESSION['memberID'] || $_SESSION['memberID'] == $adminConfig['anonymousMember']) && $_COOKIE['FWLDBA_rememberMe'] != '') { $chk = makeSafe($_COOKIE['FWLDBA_rememberMe']); if ($username = sqlValue("select memberID from membership_users where convert(md5(concat(memberID, passMD5)), char)='{$chk}' and isBanned=0")) { $_SESSION['memberID'] = $username; $_SESSION['memberGroupID'] = sqlValue("select groupID from membership_users where lcase(memberID)='{$username}'"); } } }
} else { gotoindex(); } $db = new mydb(); $query = "select * from member where login_name=\$1"; $result = $db->query($query, array($login_name)); if (pg_num_rows($result) == 1) { $row = pg_fetch_assoc($result, 0); if (password_verify($pwd, $row['pwd'])) { $_SESSION['login_name'] = $row['login_name']; $_SESSION['id'] = $row['id']; $_SESSION['ipaddress'] = $_SERVER['REMOTE_ADDR']; login_success(); } else { login_failed(); } } else { login_failed(); } function login_success() { header("Location: top.php"); } function post_check() { return isset($_POST['login_name']) & isset($_POST['pwd']); } function login_failed() { include "login_failed.php"; }