function nel_initialize_session($dataforce, $plugins, $authorize) { session_start(); require_once INCLUDE_PATH . 'admin/login.php'; if (!empty($_SESSION)) { if (isset($dataforce['get_mode'])) { if ($dataforce['get_mode'] === 'log_out') { nel_terminate_session(); echo '<meta http-equiv="refresh" content="1;URL=' . PHP_SELF2 . PHP_EXT . '">'; die; } else { if ($dataforce['get_mode'] === 'admin') { nel_regen_session(); nel_login($dataforce, $authorize); die; } } } else { if (isset($dataforce['admin_mode'])) { nel_regen_session(); } else { } } } else { if (isset($dataforce['admin_mode']) && $dataforce['admin_mode'] === 'login') { if ($dataforce['username'] !== '' && nel_hash($dataforce['admin_pass'], $plugins) === $authorize->get_user_setting($dataforce['username'], 'staff_password')) { // We set up the session here $_SESSION['ignore_login'] = FALSE; $_SESSION['username'] = $dataforce['username']; $_SESSION['login_time'] = time(); $_SESSION['last_activity'] = time(); $user_auth = $authorize->get_user_auth($dataforce['username']); $_SESSION['perms'] = $user_auth['perms']; $_SESSION['settings'] = $user_auth['settings']; } else { nel_terminate_session(); nel_derp(107, array('origin' => 'SESSION_INIT')); } nel_set_session_cookie(); nel_login($dataforce, $authorize); die; } else { nel_terminate_session(); } } }
function nel_apply_ban($dataforce, $dbh) { $base_host = $_SERVER["REMOTE_ADDR"]; if ($dataforce['mode'] === 'banappeal') { reset($_POST); while ($item = each($_POST)) { if ($item[0] === 'bawww') { $bawww = $item[1]; } else { if ($item[0] === 'banned_ip') { $banned_ip = $item[1]; } } } $prepared = $dbh->prepare('UPDATE ' . BANTABLE . ' SET appeal=:bawww, appeal_status=1 WHERE host=:host'); $prepared->bindParam(':bawww', $bawww, PDO::PARAM_STR); $prepared->bindParam(':host', @inet_pton($banned_ip), PDO::PARAM_STR); $prepared->execute(); unset($prepared); } $prepared = $dbh->prepare('SELECT * FROM ' . BANTABLE . ' WHERE host=:host'); $prepared->bindParam(':host', @inet_pton($base_host), PDO::PARAM_STR); $prepared->execute(); $bandata = $prepared->fetch(PDO::FETCH_ASSOC); unset($prepared); $bandata['length_base'] = $bandata['length'] + $bandata['ban_time']; if (time() >= $bandata['length_base']) { $prepared = $dbh->prepare('DELETE FROM ' . BANTABLE . ' WHERE id=:banid'); $prepared->bindParam(':banid', $bandata['id'], PDO::PARAM_INT); $prepared->execute(); unset($prepared); return; } else { if (!empty($_SESSION)) { nel_terminate_session(); } nel_render_ban_page($dataforce, $bandata); die; } }