$adminsession = '1'; } else { // Log failed login $rstlog = FroxlorLogger::getInstanceOf(array('loginname' => $_SERVER['REMOTE_ADDR'])); $rstlog->logAction(LOGIN_ACTION, LOG_WARNING, "Unknown user '" . $loginname . "' tried to login."); redirectTo('index.php', array('showmessage' => '2')); exit; } } $userinfo_stmt = Database::prepare("SELECT * FROM {$table}\n\t\t\tWHERE `loginname`= :loginname"); Database::pexecute($userinfo_stmt, array("loginname" => $loginname)); $userinfo = $userinfo_stmt->fetch(PDO::FETCH_ASSOC); if ($userinfo['loginfail_count'] >= Settings::Get('login.maxloginattempts') && $userinfo['lastlogin_fail'] > time() - Settings::Get('login.deactivatetime')) { redirectTo('index.php', array('showmessage' => '3')); exit; } elseif (validatePasswordLogin($userinfo, $password, $table, $uid)) { // only show "you're banned" if the login was successfull // because we don't want to publish that the user does exist if ($userinfo['deactivated']) { unset($userinfo); redirectTo('index.php', array('showmessage' => '5')); exit; } else { // login correct // reset loginfail_counter, set lastlogin_succ $stmt = Database::prepare("UPDATE {$table}\n\t\t SET `lastlogin_succ`= :lastlogin_succ, `loginfail_count`='0'\n\t\t WHERE `{$uid}`= :uid"); Database::pexecute($stmt, array("lastlogin_succ" => time(), "uid" => $userinfo[$uid])); $userinfo['userid'] = $userinfo[$uid]; $userinfo['adminsession'] = $adminsession; } } else {
} if ($userinfo['pop3'] == '1') { $se[] = "POP3"; } if ($userinfo['phpenabled'] == '1') { $se[] = "PHP"; } if ($userinfo['perlenabled'] == '1') { $se[] = "Perl/CGI"; } $services_enabled = implode(", ", $se); eval("echo \"" . getTemplate('index/index') . "\";"); } elseif ($page == 'change_password') { if (isset($_POST['send']) && $_POST['send'] == 'send') { $old_password = validate($_POST['old_password'], 'old password'); if (!validatePasswordLogin($userinfo, $old_password, TABLE_PANEL_CUSTOMERS, 'customerid')) { standard_error('oldpasswordnotcorrect'); } $new_password = validatePassword($_POST['new_password'], 'new password'); $new_password_confirm = validatePassword($_POST['new_password_confirm'], 'new password confirm'); if ($old_password == '') { standard_error(array('stringisempty', 'oldpassword')); } elseif ($new_password == '') { standard_error(array('stringisempty', 'newpassword')); } elseif ($new_password_confirm == '') { standard_error(array('stringisempty', 'newpasswordconfirm')); } elseif ($new_password != $new_password_confirm) { standard_error('newpasswordconfirmerror'); } else { // Update user password $stmt = Database::prepare("UPDATE `" . TABLE_PANEL_CUSTOMERS . "`\n\t\t\t\tSET `password` = :newpassword\n\t\t\t\tWHERE `customerid` = :customerid");
$days = floor($hours / 24); $hours = floor($hours - $days * 24); $minutes = floor($minutes - $days * 24 * 60 - $hours * 60); $seconds = floor($seconds - $days * 24 * 60 * 60 - $hours * 60 * 60 - $minutes * 60); $uptime = "{$days}d, {$hours}h, {$minutes}m, {$seconds}s"; // Just cleanup unset($uptime_array, $seconds, $minutes, $hours, $days); } else { // Nothing of the above worked, show an error :/ $uptime = ''; } eval("echo \"" . getTemplate("index/index") . "\";"); } elseif ($page == 'change_password') { if (isset($_POST['send']) && $_POST['send'] == 'send') { $old_password = validate($_POST['old_password'], 'old password'); if (!validatePasswordLogin($userinfo, $old_password, TABLE_PANEL_ADMINS, 'adminid')) { standard_error('oldpasswordnotcorrect'); } $new_password = validate($_POST['new_password'], 'new password'); $new_password_confirm = validate($_POST['new_password_confirm'], 'new password confirm'); if ($old_password == '') { standard_error(array('stringisempty', 'oldpassword')); } elseif ($new_password == '') { standard_error(array('stringisempty', 'newpassword')); } elseif ($new_password_confirm == '') { standard_error(array('stringisempty', 'newpasswordconfirm')); } elseif ($new_password != $new_password_confirm) { standard_error('newpasswordconfirmerror'); } else { $chgpwd_stmt = Database::prepare("\n\t\t\t\tUPDATE `" . TABLE_PANEL_ADMINS . "`\n\t\t\t\tSET `password`= :newpasswd\n\t\t\t\tWHERE `adminid`= :adminid"); Database::pexecute($chgpwd_stmt, array('newpasswd' => makeCryptPassword($new_password), 'adminid' => (int) $userinfo['adminid']));