/** * Check if the user is who he/she says he is * Makes sure the user is who they claim to be by requiring a password to be typed in every hour. * Is turned on and off by the securityDisable setting. * Uses the adminLogin() function of Subs-Auth.php if they need to login, which saves all request (post and get) data. * * @param string $type = admin */ function validateSession($type = 'admin') { global $modSettings, $sourcedir, $user_info, $sc, $user_settings; // We don't care if the option is off, because Guests should NEVER get past here. is_not_guest(); // Validate what type of session check this is. $types = array(); call_integration_hook('integrate_validateSession', array($types)); $type = in_array($type, $types) || $type == 'moderate' ? $type : 'admin'; // If we're using XML give an additional ten minutes grace as an admin can't log on in XML mode. $refreshTime = isset($_GET['xml']) ? 4200 : 3600; // Is the security option off? if (!empty($modSettings['securityDisable' . ($type != 'admin' ? '_' . $type : '')])) { return; } // Or are they already logged in?, Moderator or admin sesssion is need for this area if (!empty($_SESSION[$type . '_time']) && $_SESSION[$type . '_time'] + $refreshTime >= time() || !empty($_SESSION['admin_time']) && $_SESSION['admin_time'] + $refreshTime >= time()) { return; } require_once $sourcedir . '/Subs-Auth.php'; // Hashed password, ahoy! if (isset($_POST[$type . '_hash_pass']) && strlen($_POST[$type . '_hash_pass']) == 40) { checkSession(); $good_password = in_array(true, call_integration_hook('integrate_verify_password', array($user_info['username'], $_POST[$type . '_hash_pass'], true)), true); if ($good_password || $_POST[$type . '_hash_pass'] == sha1($user_info['passwd'] . $sc)) { $_SESSION[$type . '_time'] = time(); return; } } // Posting the password... check it. if (isset($_POST[$type . '_pass'])) { checkSession(); $good_password = in_array(true, call_integration_hook('integrate_verify_password', array($user_info['username'], $_POST[$type . '_pass'], false)), true); // Password correct? if ($good_password || sha1(strtolower($user_info['username']) . $_POST[$type . '_pass']) == $user_info['passwd']) { $_SESSION[$type . '_time'] = time(); return; } } // OpenID? if (!empty($user_settings['openid_uri'])) { require_once $sourcedir . '/Subs-OpenID.php'; smf_openID_revalidate(); $_SESSION[$type . '_time'] = time(); return; } // Need to type in a password for that, man. if (!isset($_GET['xml'])) { adminLogin($type); } else { return 'session_verify_fail'; } }
function validateSession() { global $modSettings, $sourcedir, $user_info, $sc, $user_settings; // We don't care if the option is off, because Guests should NEVER get past here. is_not_guest(); // If we're using XML give an additional ten minutes grace as an admin can't log on in XML mode. $refreshTime = isset($_GET['xml']) ? 4200 : 3600; // Is the security option off? Or are they already logged in? if (!empty($modSettings['securityDisable']) || !empty($_SESSION['admin_time']) && $_SESSION['admin_time'] + $refreshTime >= time()) { return; } require_once $sourcedir . '/Subs-Auth.php'; // Hashed password, ahoy! if (isset($_POST['admin_hash_pass']) && strlen($_POST['admin_hash_pass']) == 40) { checkSession(); $good_password = in_array(true, call_integration_hook('integrate_verify_password', array($user_info['username'], $_POST['admin_hash_pass'], true)), true); if ($good_password || $_POST['admin_hash_pass'] == sha1($user_info['passwd'] . $sc)) { $_SESSION['admin_time'] = time(); unset($_SESSION['request_referer']); return; } } // Posting the password... check it. if (isset($_POST['admin_pass'])) { checkSession(); $good_password = in_array(true, call_integration_hook('integrate_verify_password', array($user_info['username'], $_POST['admin_pass'], false)), true); // Password correct? if ($good_password || sha1(strtolower($user_info['username']) . $_POST['admin_pass']) == $user_info['passwd']) { $_SESSION['admin_time'] = time(); unset($_SESSION['request_referer']); return; } } // OpenID? if (!empty($user_settings['openid_uri'])) { require_once $sourcedir . '/Subs-OpenID.php'; smf_openID_revalidate(); $_SESSION['admin_time'] = time(); unset($_SESSION['request_referer']); return; } // Better be sure to remember the real referer if (empty($_SESSION['request_referer'])) { $_SESSION['request_referer'] = isset($_SERVER['HTTP_REFERER']) ? @parse_url($_SERVER['HTTP_REFERER']) : array(); } elseif (empty($_POST)) { unset($_SESSION['request_referer']); } // Need to type in a password for that, man. adminLogin(); }
<?php require 'controller.php'; require 'session.php'; $email = $_POST['email']; $password = $_POST['password']; $type = $_POST['type']; if ($type == 'admin') { $message = adminLogin($email, $password); } else { $message = login($email, $password); } if ($message) { $response = setSession($email, $type, $message); echo $response; } else { echo false; }
<?php session_start(); include "dbconnection.php"; $email = clean($_REQUEST['email']); $password = clean(md5($_REQUEST['password'])); $result = adminLogin($email, $password); $row = mysql_fetch_array($result); $loginuser = $row['email']; $loginpassword = $row['password']; $adminfullname = $row['fullname']; $userId = $row['user_id']; if ($loginuser == $email and $loginpassword == $password) { $_SESSION['email'] = $loginuser; $_SESSION['password'] = $loginpassword; $_SESSION['fullname'] = $adminfullname; $_SESSION['user_id'] = $userId; if ($_SESSION['fullname'] == 'Administrator') { header("location:dashboard.php"); } else { header("location:momforum.php"); } if (isset($_REQUEST['rememberme'])) { header("location:dashboard.php"); setcookie("email", $_SESSION['email'], time() + 60 * 60 * 24 * 100, "/"); setcookie("password", $_REQUEST['password'], time() + 60 * 60 * 24 * 100, "/"); setcookie($_COOKIE['email'], $_COOKIE['password'], $expire); } } else { header("location:index.php?msg"); }
} } } /**************************************************************************** * Action Handler *****************************************************************************/ if (array_key_exists('action', $_POST)) { switch ($_POST['action']) { case 'update_base_url': saveBaseURL(); break; case 'add_license_key': $status_license_key = addLicenseKey($_POST['license_key']); break; case 'login': $login_error = adminLogin($nss); break; } } /**************************************************************************** * Begin Template *****************************************************************************/ ?> <!DOCTYPE HTML> <html> <head> <meta charset="utf-8"> <title>neosmart STREAM Admin</title> <link href='nss-admin/reset.css' type='text/css' rel='stylesheet' /> <link href='nss-admin/style.css' type='text/css' rel='stylesheet' /> <script type='text/javascript' src='nss-includes/jquery.js'></script>
function validateSession() { global $modSettings, $sourcedir, $user_info, $sc, $user_settings; // We don't care if the option is off, because Guests should NEVER get past here. is_not_guest(); // If we're using XML give an additional ten minutes grace as an admin can't log on in XML mode. $refreshTime = isset($_GET['xml']) ? 4200 : 3600; // Is the security option off? Or are they already logged in? if (!empty($modSettings['securityDisable']) || !empty($_SESSION['admin_time']) && $_SESSION['admin_time'] + $refreshTime >= time()) { return; } require_once $sourcedir . '/Subs-Auth.php'; // Hashed password, ahoy! if (isset($_POST['admin_hash_pass']) && strlen($_POST['admin_hash_pass']) == 40) { checkSession(); $good_password = false; if (isset($modSettings['integrate_verify_password']) && is_callable($modSettings['integrate_verify_password'])) { if (call_user_func(strpos($modSettings['integrate_verify_password'], '::') === false ? $modSettings['integrate_verify_password'] : explode('::', $modSettings['integrate_verify_password']), $user_info['username'], $_POST['admin_hash_pass'], true) === true) { $good_password = true; } } if ($good_password || $_POST['admin_hash_pass'] == sha1($user_info['passwd'] . $sc)) { $_SESSION['admin_time'] = time(); return; } } // Posting the password... check it. if (isset($_POST['admin_pass'])) { checkSession(); $good_password = false; if (isset($modSettings['integrate_verify_password']) && is_callable($modSettings['integrate_verify_password'])) { if (call_user_func(strpos($modSettings['integrate_verify_password'], '::') === false ? $modSettings['integrate_verify_password'] : explode('::', $modSettings['integrate_verify_password']), $user_info['username'], $_POST['admin_pass'], false) === true) { $good_password = true; } } // Password correct? if ($good_password || sha1(strtolower($user_info['username']) . $_POST['admin_pass']) == $user_info['passwd']) { $_SESSION['admin_time'] = time(); return; } } // OpenID? if (!empty($user_settings['openid_uri'])) { require_once $sourcedir . '/Subs-OpenID.php'; smf_openID_revalidate(); $_SESSION['admin_time'] = time(); return; } // Need to type in a password for that, man. adminLogin(); }
require_once "../libraries/validation.php"; require_once "../table/admin.php"; require_once "../table/misc.php"; //Which Table to include require_once "../module/adminLogin.php"; // Which Module to include $req = new Req(); $mysqli = new mysqli_functions(); $connection = $mysqli->connect(); if (is_bool($connection)) { Res::sendFailure($mysqli->message); } $module = new adminLogin($connection); switch ($req->getCmd()) { case "adminLogin": adminLogin(); break; case "forgotPwd": forgotPwd(); break; default: $connection->close(); Res::sendInvalid("invalidCmd:" . $req->getCmd()); } $mysqli->disconnect(); function adminLogin() { global $req; global $connection; global $module; $req->hasParams("user", "pwd", "rem");
<?php ob_start(); session_start(); require '../functions/functions.php'; if (adminLogin($_POST['username'], $_POST['password'])) { $_SESSION['status'] = "admin"; $_SESSION['username'] = $_POST['username']; $data['status'] = 1; echo json_encode($data); exit; } else { $data['status'] = 0; echo json_encode($data); exit; } ob_end_flush();
function validateSession() { global $modSettings, $sourcedir, $user_info, $sc; // We don't care if the option is off, because Guests should NEVER get past here. is_not_guest(); // Is the security option off? Or are they already logged in? if (!empty($modSettings['securityDisable']) || !empty($_SESSION['admin_time']) && $_SESSION['admin_time'] + 3600 >= time()) { return; } require_once $sourcedir . '/Subs-Auth.php'; // Hashed password, ahoy! if (isset($_POST['admin_hash_pass']) && strlen($_POST['admin_hash_pass']) == 40) { checkSession(); $good_password = false; if (isset($modSettings['integrate_verify_password']) && function_exists($modSettings['integrate_verify_password'])) { if (call_user_func($modSettings['integrate_verify_password'], $user_info['username'], $_POST['admin_hash_pass'], true) === true) { $good_password = true; } } if ($good_password || $_POST['admin_hash_pass'] == sha1($user_info['passwd'] . $sc)) { $_SESSION['admin_time'] = time(); return; } } // Posting the password... check it. if (isset($_POST['admin_pass'])) { checkSession(); $good_password = false; if (isset($modSettings['integrate_verify_password']) && function_exists($modSettings['integrate_verify_password'])) { if (call_user_func($modSettings['integrate_verify_password'], $user_info['username'], $_POST['admin_pass'], false) === true) { $good_password = true; } } // Password correct? if ($good_password || sha1(strtolower($user_info['username']) . $_POST['admin_pass']) == $user_info['passwd']) { $_SESSION['admin_time'] = time(); return; } } // Need to type in a password for that, man. adminLogin(); }
$loginPwd = stripslashes(trim($_POST['login-pwd'])); if (strlen($loginPwd) < 6 || strlen($loginPwd) > 18) { echo "0 密码不符合要求"; } else { $DB->connect($mysql_host, $mysql_user, $mysql_pass, $mysql_dbname, ''); $Password = $DB->fetch_one("SELECT `password` FROM `" . $table_member . "` WHERE `uid`=" . $loginArr['uid']); $DB->close(); if ($Password == md5($loginPwd)) { adminCookie(); echo "1 登录成功"; } else { echo "0 您输入的密码不正确"; } } } else { if (adminLogin()) { header("location:./admin/"); } else { $tmp = template("admin.html"); $tmp->assign('codeName', $code_name); $tmp->assign('codeVersion', $code_version); $tmp->assign('siteName', $site_name); $tmp->assign('siteDomain', $site_domain); $tmp->assign('siteCatalog', $site_catalog); $tmp->assign('siteIcp', $site_icp); $tmp->output(); } } } else { header("location:./"); }
/** * Check if the user is who he/she says he is. * * What it does: * - This function makes sure the user is who they claim to be by requiring a * password to be typed in every hour. * - This check can be turned on and off by the securityDisable setting. * - Uses the adminLogin() function of subs/Auth.subs.php if they need to login, * which saves all request (POST and GET) data. * * @param string $type = admin */ function validateSession($type = 'admin') { global $modSettings, $user_info, $user_settings; // Guests are not welcome here. is_not_guest(); // Validate what type of session check this is. $types = array(); call_integration_hook('integrate_validateSession', array(&$types)); $type = in_array($type, $types) || $type == 'moderate' ? $type : 'admin'; // Set the lifetime for our admin session. Default is ten minutes. $refreshTime = 600; if (isset($modSettings['admin_session_lifetime'])) { // Maybe someone is paranoid or mistakenly misconfigured the param? Give them at least 5 minutes. if ($modSettings['admin_session_lifetime'] < 5) { $refreshTime = 300; } elseif ($modSettings['admin_session_lifetime'] > 14400) { $refreshTime = 86400; } else { $refreshTime = $modSettings['admin_session_lifetime'] * 60; } } // If we're using XML give an additional ten minutes grace as an admin can't log on in XML mode. if (isset($_GET['xml'])) { $refreshTime += 600; } // Is the security option off? if (!empty($modSettings['securityDisable' . ($type != 'admin' ? '_' . $type : '')])) { return; } // If their admin or moderator session hasn't expired yet, let it pass, let the admin session trump a moderation one as well if (!empty($_SESSION[$type . '_time']) && $_SESSION[$type . '_time'] + $refreshTime >= time() || !empty($_SESSION['admin_time']) && $_SESSION['admin_time'] + $refreshTime >= time()) { return; } require_once SUBSDIR . '/Auth.subs.php'; // Comming from the login screen if (isset($_POST[$type . '_pass']) || isset($_POST[$type . '_hash_pass'])) { checkSession(); validateToken('admin-login'); // Hashed password, ahoy! if (isset($_POST[$type . '_hash_pass']) && strlen($_POST[$type . '_hash_pass']) === 64) { // Allow integration to verify the password $good_password = in_array(true, call_integration_hook('integrate_verify_password', array($user_info['username'], $_POST[$type . '_hash_pass'], true)), true); $password = $_POST[$type . '_hash_pass']; if ($good_password || validateLoginPassword($password, $user_info['passwd'])) { $_SESSION[$type . '_time'] = time(); unset($_SESSION['request_referer']); return; } } // Posting the password... check it. if (isset($_POST[$type . '_pass']) && str_replace('*', '', $_POST[$type . '_pass']) !== '') { // Give integrated systems a chance to verify this password $good_password = in_array(true, call_integration_hook('integrate_verify_password', array($user_info['username'], $_POST[$type . '_pass'], false)), true); // Password correct? $password = $_POST[$type . '_pass']; if ($good_password || validateLoginPassword($password, $user_info['passwd'], $user_info['username'])) { $_SESSION[$type . '_time'] = time(); unset($_SESSION['request_referer']); return; } } } // OpenID? if (!empty($user_settings['openid_uri'])) { require_once SUBSDIR . '/OpenID.subs.php'; $openID = new OpenID(); $openID->revalidate(); $_SESSION[$type . '_time'] = time(); unset($_SESSION['request_referer']); return; } // Better be sure to remember the real referer if (empty($_SESSION['request_referer'])) { $_SESSION['request_referer'] = isset($_SERVER['HTTP_REFERER']) ? @parse_url($_SERVER['HTTP_REFERER']) : array(); } elseif (empty($_POST)) { unset($_SESSION['request_referer']); } // Need to type in a password for that, man. if (!isset($_GET['xml'])) { adminLogin($type); } else { return 'session_verify_fail'; } }
<?php require_once '../lib/connections/db.php'; include '../lib/functions/functions.php'; $returnURL = "index.php"; //For login // we check if everything is filled in and perform checks if (!$_POST['username'] || !$_POST['password']) { die(msg(0, "Username and / or password fields empty!")); } else { $res = adminLogin($_POST['username'], $_POST['password']); if ($res == 1) { die(msg(0, "Unknown User! You are not authorised to log in as an admin.")); } if ($res == 2) { die(msg(0, "Username and / or password incorrect!")); } if ($res == 99) { echo msg(1, $returnURL); } } function msg($status, $txt) { return '{"status":' . $status . ',"txt":"' . $txt . '"}'; }
<?php error_reporting(E_ALL); set_time_limit(0); header("content-Type: text/html; charset=utf-8"); require dirname(__FILE__) . "/../database/config_mysql.php"; require dirname(__FILE__) . "/../database/config_secure.php"; require dirname(__FILE__) . "/../database/config_site.php"; require dirname(__FILE__) . "/../database/config_group.php"; require dirname(__FILE__) . "/../database/config_mail.php"; require dirname(__FILE__) . "/../function.php"; require dirname(__FILE__) . "/../class/class_Mysql.php"; require dirname(__FILE__) . "/../class/class_Xxtea.php"; require dirname(__FILE__) . "/include/config.php"; require dirname(__FILE__) . "/include/function.php"; require dirname(__FILE__) . "/class/class_Query.php"; ini_set('date.timezone', $site_timezone); if (!adminLogin()) { header("location:../"); exit; } if (isset($_GET['page']) && is_numeric($_GET['page']) && $_GET['page'] > 1) { $page = intval($_GET['page']); } else { $page = "1"; } $DB = new DB_MySQL(); $QA = new QueryAction();