/** * Creates a new session. * * If cookies are disabled the page will be reloaded with session id added to query string. * * @param boolean Set to true if this function is called from sid_load() * @return object Data of the user who is calling this script */ function sid_new() { global $config, $db, $gpc; if (!$this->sidload && !array_empty($this->cookiedata)) { $load = $db->query('SELECT mid FROM '.$db->pre.'session WHERE mid = "'.$this->cookiedata[0].'" LIMIT 1'); if ($db->num_rows($load) == 1) { $this->sidload = true; $my = $this->sid_load(); return $my; } } if (!array_empty($this->cookiedata) && count($this->cookiedata) == 2) { $result = $db->query('SELECT u.*, f.* FROM '.$db->pre.'user AS u LEFT JOIN '.$db->pre.'userfields as f ON f.ufid = u.id WHERE u.id = "'.$this->cookiedata[0].'" AND u.pw = "'.$this->cookiedata[1].'" LIMIT 1'); $my = $this->cleanUserData($db->fetch_object($result)); $nodata = ($db->num_rows($result) == 1) ? false : true; if ($nodata == true) { // Loginversuch mit falschen Daten => Versuch protokollieren! makecookie($config['cookie_prefix'].'_vdata', '|', 0); set_failed_login(); } } else { $nodata = true; } if (!isset($my) || !is_object($my)) { $my = new stdClass(); } if ($nodata == false && $my->confirm == '11') { $id = &$my->id; $lastvisit = $my->lastvisit; $my->clv = $my->lastvisit; $my->vlogin = true; makecookie($config['cookie_prefix'].'_vdata', $my->id."|".$my->pw); } else { $id = 0; $lastvisit = $gpc->save_int(getcookie('vlastvisit')); $my->clv = $lastvisit; $my->vlogin = false; makecookie($config['cookie_prefix'].'_vdata', "|", -60); } $my->is_bot = $this->log_robot(); $this->sid = $this->construct_sid(); $my->sid = &$this->sid; $my->mark = serialize(array()); $my->pwfaccess = serialize(array()); $my->settings = serialize(array()); $action = $gpc->get('action', str); $qid = $gpc->get('id', int); $db->query("INSERT INTO {$db->pre}session (sid, mid, wiw_script, wiw_action, wiw_id, active, ip, user_agent, lastvisit, mark, pwfaccess, settings, is_bot) VALUES ('{$this->sid}', '{$id}','".SCRIPTNAME."','{$action}','{$qid}','".time()."','{$this->ip}','".$gpc->save_str($this->user_agent)."','{$lastvisit}','".$db->escape_string($my->mark)."','".$db->escape_string($my->pwfaccess)."','".$db->escape_string($my->settings)."','{$my->is_bot}')"); return $my; }
error('admin.php?action=index' . SID2URL_x, $lang->phrase('admin_requested_page_doesnot_exist')); } } } } else { ($code = $plugins->load('admin_notallowed')) ? eval($code) : null; if ($my->p['admin'] == 0 && $my->vlogin) { echo head(); error('index.php' . SID2URL_1, $lang->phrase('admin_not_allowed_to_view_this_page')); } include "classes/function.flood.php"; $addr = rawurldecode($gpc->get('addr', none)); if ($action == "login2") { $log_status = $slog->sid_login(true); if ($log_status == false) { $attempts = set_failed_login(); if ($attempts == $config['login_attempts_max']) { header('Location: index.php' . SID2URL_1); } else { echo head(); error('admin.php' . iif(!empty($addr), '?addr=' . rawurlencode($addr)), $lang->phrase('admin_incorrect_username_or_password_entered')); } } else { clear_login_attempts(); echo head(); ok('admin.php' . iif(!empty($addr), '?addr=' . rawurlencode($addr)), $lang->phrase('admin_successfully_logged_in')); } } else { echo head(); AdminLogInForm(); }
$loc = getRedirectURL(); if ($my->vlogin) { $slog->updatelogged(); $db->close(); viscacha_header("Location: {$loc}"); exit; } if ($remember == 1) { $remember = true; } else { $remember = false; } ($code = $plugins->load('log_login2')) ? eval($code) : null; $log_status = $slog->sid_login($remember); if ($log_status == false) { $attempts = $config['login_attempts_max'] - set_failed_login(); if ($attempts == 0) { error($lang->phrase('log_wrong_data_block'), "index.php" . SID2URL_1); } else { if ($attempts > 0) { $can_try = $lang->phrase('log_x_attempts'); } else { $can_try = ''; } error($lang->phrase('log_wrong_data'), "log.php?action=login&redirect=" . rawurlencode($loc) . SID2URL_x); } } else { clear_login_attempts(); ok($lang->phrase('log_msglogin'), $loc); } } elseif ($_GET['action'] == "logout") {