$persistent_cookie[1] = _boolean($persistent_cookie[1]); $persistent_cookie_found = true; } } // kontrola existence session if (!$disabled && ($persistent_cookie_found or isset($_SESSION[_sessionprefix . "user"]) and isset($_SESSION[_sessionprefix . "password"]) and isset($_SESSION[_sessionprefix . "ip"]))) { // pouziti cookie pro nastaveni dat session (pokud neexistuji) $persistent_cookie_used = false; $persistent_cookie_bad = false; if ($persistent_cookie_found and !(isset($_SESSION[_sessionprefix . "user"]) and isset($_SESSION[_sessionprefix . "password"]) and isset($_SESSION[_sessionprefix . "ip"])) and _iplogCheck(1)) { $persistent_cookie_bad = true; $uquery = DB::query("SELECT * FROM `" . _mysql_prefix . "-users` WHERE id=" . $persistent_cookie[0]); if (DB::size($uquery) != 0) { $uquery = DB::row($uquery); $persistent_cookie_used = true; if ($persistent_cookie[2] == _md5HMAC($uquery['password'] . '$' . $uquery['email'], $persistent_cookie[1] ? _userip : _sessionprefix)) { // platna cooke $_SESSION[_sessionprefix . "user"] = $persistent_cookie[0]; $_SESSION[_sessionprefix . "password"] = $uquery['password']; $_SESSION[_sessionprefix . "ip"] = _userip; $_SESSION[_sessionprefix . "ipbound"] = true; $persistent_cookie_bad = false; } else { // neplatna cookie - zaznam v ip logu _iplogUpdate(1); } } } // kontroly $continue = false; if (!$persistent_cookie_bad) {
if (DB::size($query) != 0) { $query = DB::row($query); if (empty($username)) { $username = $query['username']; } $groupblock = DB::query_row("SELECT blocked FROM `" . _mysql_prefix . "-groups` WHERE id=" . $query['group']); if ($query['blocked'] == 0 and $groupblock['blocked'] == 0) { if (_md5Salt($password, $query['salt']) == $query['password']) { // navyseni poctu prihlaseni DB::query("UPDATE `" . _mysql_prefix . "-users` SET logincounter=logincounter+1 WHERE id=" . $query['id']); // zaslani cookie pro stale prihlaseni if ($persistent) { $persistent_cookie_data = array(); $persistent_cookie_data[] = $query['id']; $persistent_cookie_data[] = $ipbound ? '1' : '0'; $persistent_cookie_data[] = _md5HMAC($query['password'] . '$' . $query['email'], $ipbound ? _userip : _sessionprefix); setcookie(_sessionprefix . "persistent_key", implode('$', $persistent_cookie_data), time() + 2592000, "/"); } // ulozeni dat pro session $_SESSION[_sessionprefix . "user"] = $query['id']; $_SESSION[_sessionprefix . "password"] = $query['password']; $_SESSION[_sessionprefix . "ip"] = _userip; $_SESSION[_sessionprefix . "ipbound"] = $ipbound; $result = 1; } else { _iplogUpdate(1); } } else { $result = 2; } }
/** * Vygenerovat XSRF token * @param bool $forCheck token je ziskavan pro kontrolu (je bran ohled na situaci, ze mohlo zrovna dojit ke zmene ID session) 1/0 * @return string */ function _xsrfToken($forCheck = false) { // cache tokenu static $tokens = array(null, null); // typ tokenu (aktualni ci pro kontrolu) $type = $forCheck ? 1 : 0; // vygenerovat token if (null === $tokens[$type]) { // zjistit ID session if (defined('_no_session')) { // session je deaktivovana $sessionId = 'none'; } elseif ($forCheck && defined('_session_regenerate')) { // ID session bylo prave pregenerovane $sessionId = _session_old_id; } else { // ID aktualni session $sessionId = session_id(); if ('' === $sessionId) { $sessionId = 'none'; } } // vygenerovat token $tokens[$type] = _md5HMAC($sessionId, _sessionprefix); } // vystup return $tokens[$type]; }