define('MN_LOGGED', false); @(include_once './data/databases/config.php'); include_once './stuff/inc/mn-functions.php'; $lng = select_lang(); include_once './stuff/lang/lang_' . $lng . '.php'; include_once './stuff/inc/mn-definitions.php'; if (file_exists($file['banned_ips'])) { include_once $file['banned_ips']; } else { $banned_ips = array(); } $mn_users = load_basic_data('users'); $post = get_post_data($_POST['post_id']); $mn_redir = isset($_POST['redir']) && !empty($_POST['redir']) ? $_POST['redir'] : str_replace('&mn_msg=c_added', '', $_SERVER['HTTP_REFERER']); $conf['comments_antiflood'] = isset($conf['comments_antiflood']) && is_numeric($conf['comments_antiflood']) ? $conf['comments_antiflood'] : '30'; if (isset($_SESSION['mn_logged']) && $_SESSION['mn_logged'] && !check_hash()) { session_destroy(); $url_data = explode('/', $conf['admin_url']); setcookie('mn_user_hash', '', time() - 3600, '/', $_SERVER['SERVER_NAME']); setcookie('mn_logged', '', time() - 3600, '/', $_SERVER['SERVER_NAME']); header('location: ' . $mn_redir . '#mn-comment-form'); exit; } elseif (isset($_SESSION['mn_logged']) && !$_SESSION['mn_logged'] && isset($_COOKIE['mn_user_name']) && isset($_COOKIE['mn_user_hash']) && $conf['users_perm_login']) { permanent_login(); } elseif (in_array(@$_POST['comment_author'], $mn_users) || isset($_POST['comment_pass']) && !empty($_POST['comment_pass'])) { do_login($_POST['comment_author'], $_POST['comment_pass'], false); } if ($post['comments'] == '1' && ($conf['comments'] === true || $conf['comments'] >= 1) && !check_ip_ban($_SERVER['REMOTE_ADDR'], $banned_ips)) { // Check for correct captcha code if ((!isset($_SESSION['mn_logged']) || !$_SESSION['mn_logged']) && isset($conf['comments_captcha']) && $conf['comments_captcha']) { require_once './stuff/inc/recaptchalib.php';
This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. */ $error = false; $no_require_login = "******"; require_once "../inc/base.php"; if (isset($_POST['password'])) { $pass = get_config("login_pass"); if (substr($pass, 0, 4) == "sha:") { if (check_hash($pass, trim($_POST['password']))) { $_SESSION['logged_in'] = true; header("Location: index.php"); exit; } $error = "Login failed"; } else { if ($pass == trim($_POST['password'])) { $_SESSION['logged_in'] = true; header("Location: index.php"); exit; } else { $error = "Login failed"; } } } else {
function get_check_sum($url) { return check_hash(hash_url($url)); }
$title = 'Авторизация'; $login = ''; session_start(); header("HTTP/1.0 401 Unauthorized"); require_once 'secure.inc.php'; if ($_SERVER['REQUEST_METHOD'] == "POST") { $login = trim(strip_tags($_POST['login'])); $pw = trim(strip_tags($_POST['pw'])); $ref = trim(strip_tags($_GET['ref'])); if (!$ref) { $ref = '/shop_book/admin/'; } if ($login and $pw) { if ($result = user_exists($login)) { list($_, $hash) = explode(':', $result); if (check_hash($pw, $hash)) { $_SESSION['admin'] = true; header("Location: {$ref}"); exit; } else { $title = "Неправильный пароль."; } } else { $title = "Неправильное имя пользователя"; } } else { $title = "Заполните все поля"; } } ?> <!DOCTYPE HTML>
$accountNumber = null; $accountName = null; $sortCode = null; $_SESSION["hasError"] = false; $_SESSION["error"] = ""; if (isset($_GET["HashDigest"])) { $_SESSION["CrossReference"] = $_GET["CrossReference"]; $_SESSION["paymentMethod"] = "Credit Card"; $_SESSION["CreateHash"] = create_hash($pre_shared_key, $password); $_SESSION["HashDigest"] = $_GET["HashDigest"]; $_SESSION["MerchantID"] = $_GET["MerchantID"]; $_SESSION["CheckHash"] = check_hash($pre_shared_key, $password); $_SESSION["OrderID"] = $_GET["OrderID"]; $order_id = $_GET['OrderID']; $result_sql = "SELECT * FROM worldpay_status WHERE order_id = \"\{$order_id\}\""; $result = $wpdb->get_row($result_sql); $_SESSION["delete"] = $wpdb->delete('worldpay_status', array('order_id' => '{' . $order_id . '}')); if (false == $_SESSION["hasError"] && "5" == $result->status) { $_SESSION["error"] = $result->message; $_SESSION["hasError"] = true; } if (false == $_SESSION["hasError"] && "HASH PASSED" != $_SESSION["CheckHash"]) {