<?php # Modified 07/15/2013 by Plugin Review Network # ------------------------------------------------ # License and copyright: # See license.txt for license information. # ------------------------------------------------ # MOD DEPRECATED - no longer required for Wordpress include_once 'config.php'; # ------------------------------------------------ # Check authentication $Is_Auth = User_Auth(); if ($Is_Auth) { $now = time(); $str1 = generate_random_block(); $str2 = generate_random_block(); $query = "UPDATE InfResp_config\n SET random_timestamp = '{$now}',\n random_str_1 = '{$str1}',\n random_str_2 = '{$str2}'"; $DB_result = mysql_query($query) or die("Invalid query: " . mysql_error()); $config['random_timestamp'] = $now; $config['random_str_1'] = $str1; $config['random_str_2'] = $str2; # Reset the user session reset_user_session(); } # Redirect to the login panel admin_redirect(); DB_disconnect();
function User_Auth() { global $config; # Start the session session_start(); # Is the session even here? if ($_SESSION['initialized'] != TRUE) { # Nope, it's not initialized... reset_user_session(); return FALSE; } # Check IP address against last known... if ($_SESSION['last_IP'] != $_SERVER['REMOTE_ADDR']) { # Not the same, reset the session and return FALSE reset_user_session(); return FALSE; } # Check session timestamp if (time() >= $_SESSION['timestamp'] + 10800) { # 3 hours of inactivity kills a session reset_user_session(); return FALSE; } # Test the login and pass $test_user = md5(WebEncrypt($config['admin_user'], $config['random_str_1'])); $test_pass = md5(WebEncrypt($config['admin_pass'], $config['random_str_2'])); if ($_SESSION['l'] == $test_user && $_SESSION['p'] == $test_pass) { # Update the session details, we're good! $_SESSION['timestamp'] = time(); return TRUE; } }