Exemple #1
0
function get_check($address)
{
    global $blocked_addresses;
    if (strrchr($address, '/')) {
        $address = substr(strrchr($address, '/'), 1);
    }
    $ipc = ip_check($address);
    $addressip = ip_check($address) ? $address : gethostbyname_cached($address);
    if (!ip_check($addressip)) {
        havok(1, $address, $addressip);
    }
    foreach ($blocked_addresses as $badd) {
        if (!$ipc) {
            if (strlen($badd) <= strlen($address) && substr($address, strlen($address) - strlen($badd), strlen($badd)) == $badd) {
                havok(5);
            }
        }
        if ($badd == $addressip) {
            havok(2, $address, $addressip);
        } elseif (ip_check($badd, true)) {
            if (ipcompare($badd, $addressip)) {
                havok(2, $address, $addressip);
            }
        } else {
            $baddip = gethostbyname_cached($badd);
            if (empty($baddip)) {
                havok(4);
            }
            if ($baddip == $addressip) {
                havok(2, $address, $addressip);
            }
        }
    }
    return $addressip;
}
<?php

/* $Id: get_newpass.php,v 1.8 2005/11/18 04:19:33 nighty Exp $ */
require "../../php_includes/cmaster.inc";
$cTheme = get_theme_info();
std_theme_styles(1);
std_theme_body();
$username = strtolower($_POST["username"]);
if ($crc != md5($ts . $_SERVER["HTTP_USER_AGENT"] . CRC_SALT_0001)) {
    echo "<h1>Error<br><br>Please use the regular page.</h1>\n";
    echo "<a href=forgotten_pass.php>click here</a>.";
    echo "</body></html>\n\n";
    die;
}
if (!ip_check($username, 0)) {
    echo "<h1>Error<br>\n";
    echo "Too many failed 'forgotten password' attempts for this user.</h1><br>\n";
    echo "</body>\n";
    echo "</html>\n\n";
    die;
}
std_connect();
/*
       	$res=pg_safe_exec("select * from noreg where lower(user_name)='$username' AND type=4");
        if (pg_numrows($res)>0)
        	{
        	echo "<h1>Error<br>\n";
        	echo "The USERNAME entered is fraudulous.</h1><br><h2>This username cannot be used (FRAUD USERNAME)</h2><br><br>\n";
	echo "<a href=\"forgotten_pass.php\">Try again.</a>\n";
	echo "</body>\n";
	echo "</html>\n\n";
Exemple #3
0
<html>
<head>
<title>CService Login</title>
<?php 
std_theme_styles();
?>
</head>
<?php 
if (($username != "" || $_COOKIE['rlogin'] != "") && !preg_match(NON_BOGUS, $username)) {
    std_theme_body("", "document.forms[0].password.focus();");
} else {
    std_theme_body("", "document.forms[0].username.focus();");
}
if ($failed) {
    echo "<font color=\"#" . $cTheme->main_warnmsg . "\">Login failed. Please try again</font>";
    ip_check($username, 1);
}
echo "<center>\n";
echo "<font size=+2><b>Welcome to CService</b></font>\n";
echo "<br>\n";
echo "<table width=\"400\" bgcolor=#" . $cTheme->main_textcolor . ">\n";
echo "<tr><td>\n";
echo "<table cellpadding=5 bgcolor=#" . $cTheme->table_bgcolor . " width=\"100%\">\n";
echo "<tr><td><center>\n";
echo "<font color=#" . $cTheme->main_textcolor . ">\n";
echo "<font size=+2><b>CService Login</b></font>\n";
if (ereg("^http", $redir)) {
    $tgt = "";
} else {
    $tgt = " target=body";
}
Exemple #4
0
    if (!preg_match("/^[A-Za-z0-9_+-.]+@[A-Za-z0-9.-]+\\.[A-Za-z][A-Za-z]+\$/", $_POST["from_mail"])) {
        echo $back_lnk;
        echo "<big>e-mail syntax is invalid</big>.";
        die("</td></tr></table></body></html>");
    }
}
$da_crc = md5(CRC_SALT_0013 . $user_id . $_POST["from_mail"] . $_POST["ct"] . $_POST["complaint_text"] . cl_ip());
$da_users_id = $user_id;
switch ($_POST["ct"]) {
    case 1:
        if (!preg_match(NON_BOGUS, trim($_POST["login"]))) {
            echo $back_lnk;
            echo "<big>bogus username</big>.";
            die("</td></tr></table></body></html>");
        }
        if (!ip_check(trim($_POST["login"]), 1)) {
            echo $back_lnk;
            echo "<big>too many failed attempts for username / password pair, try again later.</big>";
            die("</td></tr></table></body></html>");
        }
        $da_users_id = chk_password($_POST["login"], $_POST["passwd"]);
        if ($da_users_id == 0) {
            echo $back_lnk;
            echo "<big>username or password is invalid</big>.";
            die("</td></tr></table></body></html>");
        }
        $rf = pg_safe_exec("SELECT flags FROM users WHERE id='" . (int) $da_users_id . "'");
        $of = pg_fetch_object($rf);
        if (!((int) $of->flags & 1)) {
            // not suspended
            echo $back_lnk;