<?php
# Modified 07/15/2013 by Plugin Review Network
# ------------------------------------------------
# License and copyright:
# See license.txt for license information.
# ------------------------------------------------
# MOD DEPRECATED - no longer required for Wordpress
include_once 'config.php';
# ------------------------------------------------
# Check authentication
$Is_Auth = User_Auth();
if ($Is_Auth) {
$now = time();
$str1 = generate_random_block();
$str2 = generate_random_block();
$query = "UPDATE InfResp_config\n SET random_timestamp = '{$now}',\n random_str_1 = '{$str1}',\n random_str_2 = '{$str2}'";
$DB_result = mysql_query($query) or die("Invalid query: " . mysql_error());
$config['random_timestamp'] = $now;
$config['random_str_1'] = $str1;
$config['random_str_2'] = $str2;
# Reset the user session
reset_user_session();
}
# Redirect to the login panel
admin_redirect();
DB_disconnect();
function User_Auth()
{
global $config;
# Start the session
session_start();
# Is the session even here?
if ($_SESSION['initialized'] != TRUE) {
# Nope, it's not initialized...
reset_user_session();
return FALSE;
}
# Check IP address against last known...
if ($_SESSION['last_IP'] != $_SERVER['REMOTE_ADDR']) {
# Not the same, reset the session and return FALSE
reset_user_session();
return FALSE;
}
# Check session timestamp
if (time() >= $_SESSION['timestamp'] + 10800) {
# 3 hours of inactivity kills a session
reset_user_session();
return FALSE;
}
# Test the login and pass
$test_user = md5(WebEncrypt($config['admin_user'], $config['random_str_1']));
$test_pass = md5(WebEncrypt($config['admin_pass'], $config['random_str_2']));
if ($_SESSION['l'] == $test_user && $_SESSION['p'] == $test_pass) {
# Update the session details, we're good!
$_SESSION['timestamp'] = time();
return TRUE;
}
}
