Exemple #1
0
 function LogIn()
 {
     global $dataDir, $langmessage, $gp_internal_redir, $config;
     // check nonce
     // expire the nonce after 10 minutes
     if (!common::verify_nonce('login_nonce', $_POST['login_nonce'], true, 300)) {
         message($langmessage['OOPS'] . ' (Expired Nonce)');
         return;
     }
     if (!isset($_COOKIE['g']) && !isset($_COOKIE[gp_session_cookie])) {
         message($langmessage['COOKIES_REQUIRED']);
         $gp_internal_redir = 'Admin_Main';
         return false;
     }
     //delete the entry in $sessions if we're going to create another one with login
     if (isset($_COOKIE[gp_session_cookie])) {
         gpsession::CleanSession($_COOKIE[gp_session_cookie]);
     }
     include $dataDir . '/data/_site/users.php';
     $username = gpsession::GetLoginUser($users);
     if ($username === false) {
         gpsession::IncorrectLogin('1');
         return false;
     }
     $users[$username] += array('attempts' => 0, 'granted' => '', 'editing' => '');
     $userinfo = $users[$username];
     //Check Attempts
     if ($userinfo['attempts'] >= 5) {
         $timeDiff = (time() - $userinfo['lastattempt']) / 60;
         //minutes
         if ($timeDiff < 10) {
             message($langmessage['LOGIN_BLOCK'], ceil(10 - $timeDiff));
             $gp_internal_redir = 'Admin_Main';
             return false;
         }
     }
     //check against password sent to a user's email address from the forgot_password form
     $passed = false;
     if (!empty($userinfo['newpass']) && gpsession::CheckPassword($userinfo['newpass'])) {
         $userinfo['password'] = $userinfo['newpass'];
         $passed = true;
         //check password
     } elseif (gpsession::CheckPassword($userinfo['password'])) {
         $passed = true;
     }
     //if passwords don't match
     if ($passed !== true) {
         gpsession::IncorrectLogin('2');
         gpsession::UpdateAttempts($users, $username);
         return false;
     }
     //will be saved in UpdateAttempts
     if (isset($userinfo['newpass'])) {
         unset($userinfo['newpass']);
     }
     $session_id = gpsession::create($userinfo, $username);
     if (!$session_id) {
         message($langmessage['OOPS'] . ' (Data Not Saved)');
         gpsession::UpdateAttempts($users, $username, true);
         return false;
     }
     $logged_in = gpsession::start($session_id);
     if ($logged_in === true) {
         message($langmessage['logged_in']);
     } elseif ($logged_in === 'locked') {
         $logged_in = false;
     }
     //need to save the user info regardless of success or not
     //also saves file_name in users.php
     $users[$username] = $userinfo;
     gpsession::UpdateAttempts($users, $username, true);
     return $logged_in;
 }