if (empty($username)) { $errors[] = "Please input your username"; } if (checkUser($username) === false) { $errors[] = "That username does not exist in our database."; } $passCheck = checkPassword($username, $password); if ($passCheck === false) { $errors[] = "Your password is incorrect. Please try again."; } } if (!empty($errors)) { foreach ($errors as $error) { $return['error'] = true; $return['msg'] = $error; } } else { $ua = getBrowser(); $browser = $ua['name'] . ' ' . $ua['version']; $os = $ua['platform']; loginCheck($username); loginLog($passCheck, $browser, $os); $random = rand(1000000000, 9999999999.0); $sec = sha1(base64_encode($random)); $_SESSION['securedid'] = $sec; $_SESSION['uid'] = $passCheck; $url = "index.php"; $return['error'] = false; $return['msg'] = $url; } echo json_encode($return);
if (isset($_POST['user']) && $_POST['user'] != '' && isset($_POST['pass']) && $_POST['pass'] != '') { if (!checkLog()) { if ($_POST['user'] == RAZOR_SADMIN_USER and createHash($_POST['pass'], substr(RAZOR_SADMIN_PASS, 0, strlen(RAZOR_SADMIN_PASS) / 2), 'sha1') == RAZOR_SADMIN_PASS) { $_SESSION['loginTimeStamp'] = $ts = time(); $_SESSION['adminLogIn'] = sha1($_SERVER['REMOTE_ADDR'] . RAZOR_SADMIN_USER . $ts . $_SERVER['HTTP_USER_AGENT']); $_SESSION['adminType'] = 'sadmin'; } elseif ($_POST['user'] == RAZOR_ADMIN_USER and createHash($_POST['pass'], substr(RAZOR_ADMIN_PASS, 0, strlen(RAZOR_ADMIN_PASS) / 2), 'sha1') == RAZOR_ADMIN_PASS) { $_SESSION['loginTimeStamp'] = $ts = time(); $_SESSION['adminLogIn'] = sha1($_SERVER['REMOTE_ADDR'] . RAZOR_ADMIN_USER . $ts . $_SERVER['HTTP_USER_AGENT']); $_SESSION['adminType'] = 'admin'; } elseif ($_POST['user'] == RAZOR_USER_USER and createHash($_POST['pass'], substr(RAZOR_USER_PASS, 0, strlen(RAZOR_USER_PASS) / 2), 'sha1') == RAZOR_USER_PASS) { $_SESSION['loginTimeStamp'] = $ts = time(); $_SESSION['adminLogIn'] = sha1($_SERVER['REMOTE_ADDR'] . RAZOR_USER_USER . $ts . $_SERVER['HTTP_USER_AGENT']); $_SESSION['adminType'] = 'user'; } else { loginLog(); } } else { MsgBox(lt('You have exceeded the max amount of login attempts in') . ' ' . RAZOR_LOGAT_TIME / 60 . ' ' . lt('minutes'), 'redbox'); } } } else { if ($_SESSION['adminLogIn'] == sha1($_SERVER['REMOTE_ADDR'] . RAZOR_SADMIN_USER . $_SESSION['loginTimeStamp'] . $_SERVER['HTTP_USER_AGENT'])) { $_SESSION['loginTimeStamp'] = $ts = time(); $_SESSION['adminLogIn'] = sha1($_SERVER['REMOTE_ADDR'] . RAZOR_SADMIN_USER . $ts . $_SERVER['HTTP_USER_AGENT']); $_SESSION['adminType'] = 'sadmin'; } elseif ($_SESSION['adminLogIn'] == sha1($_SERVER['REMOTE_ADDR'] . RAZOR_ADMIN_USER . $_SESSION['loginTimeStamp'] . $_SERVER['HTTP_USER_AGENT'])) { $_SESSION['loginTimeStamp'] = $ts = time(); $_SESSION['adminLogIn'] = sha1($_SERVER['REMOTE_ADDR'] . RAZOR_ADMIN_USER . $ts . $_SERVER['HTTP_USER_AGENT']); $_SESSION['adminType'] = 'admin'; } elseif ($_SESSION['adminLogIn'] == sha1($_SERVER['REMOTE_ADDR'] . RAZOR_USER_USER . $_SESSION['loginTimeStamp'] . $_SERVER['HTTP_USER_AGENT'])) {