Exemple #1
0
/**
 * This function is always called. It checks if:
 * - A user just logged in
 * - A user is logged in, or
 * - A 'persistent login' cookie is set
 *
 * If either of these is true, a new session is started, or an old session is revived.
 * If it's not right, the user is booted to the login screen.
 *
 * @see Login(), NewSession(), ReviveSession()
 *
 */
function CheckLogin()
{
    global $Users, $Pivot_Vars, $Cfg, $Paths;
    // User is banned..
    if (isset($Cfg['bn_' . $_SERVER['REMOTE_ADDR']])) {
        Login(1, 1, "User is banned");
    }
    // added to not check for referers if no session id is given..
    if (!isset($Pivot_Vars['session'])) {
        $uri = 'http://' . $Pivot_Vars['HTTP_HOST'] . $Pivot_Vars['SCRIPT_NAME'];
        if (strpos($Pivot_Vars['HTTP_REFERER'], $uri) != 0) {
            $Pivot_Vars['user'] = '';
            Login(0, 2, "No session active.");
        }
    }
    // If we selected logout from the menu..
    if (isset($Pivot_Vars['func']) && $Pivot_Vars['func'] == 'login' && isset($Pivot_Vars['do']) && $Pivot_Vars['do'] == 'logout') {
        setcookie('user', '', -9999, $Paths['cookie_url']);
        setcookie('pass', '', -9999, $Paths['cookie_url']);
        setcookie('mode', 'nothing', -9999, $Paths['cookie_url']);
        unset($Users[$Cfg['tempsessions'][$Pivot_Vars['session']][0]]['session']);
        unset($Cfg['tempsessions'][$Pivot_Vars['session']]);
        SaveSettings();
        login(0, 3, "User logged off");
    }
    // if the user has cookies set, but no session is active yet..
    if (isset($_COOKIE['user']) && isset($_COOKIE['hash']) && $_COOKIE['mode'] == 'stayloggedin' && (!isset($Pivot_Vars['session']) || $Pivot_Vars['session'] == "")) {
        debug("attempted ReviveSession..");
        // Try to revive an old Session..
        ReviveSession();
    } else {
        if ($Pivot_Vars['func'] == 'login' || $Pivot_Vars['do'] == 'login') {
            // if we've just logged in, reset the cookies, if necesary and start a new session..
            debug("attempted login..");
            if ($Users[$Pivot_Vars['user']]['pass'] == md5($Pivot_Vars['pass']) && $Users[$Pivot_Vars['user']]['userlevel'] > 0) {
                NewSession($Pivot_Vars['user']);
            } else {
                // add one to the failed login attempts.
                if (strlen($Pivot_Vars['user']) > 0) {
                    $Cfg['fl_' . $_SERVER['REMOTE_ADDR']]++;
                }
                Login(1, 4, "Incorrect username or password");
            }
        } else {
            // when running normally, the session stuff is updated.
            $Pivot_Vars['user'] = $Cfg['tempsessions'][$Pivot_Vars['session']][0];
            $ip = substr($_SERVER['REMOTE_ADDR'], 0, strrpos($_SERVER['REMOTE_ADDR'], "."));
            // calculated locally: user's pass + current session + ip we got from user
            $hash1 = md5(md5($Users[$Pivot_Vars['user']]['pass'] . $Pivot_Vars['session']) . $ip);
            // stored hash
            $hash2 = $Cfg['tempsessions'][$Pivot_Vars['session']][1];
            // we check if the two hash matches with the one that was stored
            if ($hash1 != $hash2) {
                // if this is the case, something's not ok, so go back to login..
                Login(0, 0, "No hacking, please");
            }
        }
    }
    // If by this point no session is set, we will show the login screen..
    if (strlen($Pivot_Vars['session']) == 0) {
        Login(0, 8, "Please log on. (if you keep getting this message, delete the cookies for this site)");
    }
    // Update the timer, so we can keep the user logged in.
    if ($Cfg['tempsessions'][$Pivot_Vars['session']][2] - time() <= $Cfg['session_length'] / 4) {
        $Cfg['tempsessions'][$Pivot_Vars['session']][2] = $Cfg['tempsessions'][$Pivot_Vars['session']][2] + $Cfg['session_length'];
    }
}
Exemple #2
0
/**
 * Get the link to edit or delete trackbacks directly from the entrypage.
 *
 * @param integer $uid
 * @param integer $count
 * @return string
 */
function get_edittrackbacklink($uid = 0, $number)
{
    global $Paths, $Pivot_Vars, $db;
    if (!defined('LIVEPAGE')) {
        // For generated pages we don't make the links
        $output = "";
    } else {
        // For livepages we make the links..
        if ($uid == 0) {
            $uid = $db->entry['code'];
        }
        if (isset($_COOKIE['user']) && isset($_COOKIE['hash']) && $_COOKIE['mode'] == 'stayloggedin' && (!isset($Pivot_Vars['session']) || $Pivot_Vars['session'] == "")) {
            // Try to revive an old Session..
            ReviveSession();
        }
        if (isset($Pivot_Vars['user']) && $Pivot_Vars['user'] != "") {
            $editlink = sprintf("%sindex.php?session=%s&amp;menu=entries&amp;func=edittrackbacks&amp;id=%s", $Paths['pivot_url'], $Pivot_Vars['session'], $uid);
            $output = sprintf("(<a href='%s&amp;edit=%s'>%s</a>", $editlink, $number, lang('general', 'edit'));
            $output .= sprintf(" / <a href='%s&amp;del=%s'>%s</a>)", $editlink, $number, lang('general', 'delete'));
        } else {
            $output = "";
        }
    }
    return $output;
}