/** Vérifie que la session courante est correcte (cookie ok et ip valide). * Si besoin, et si réception des champs username & password, crée une nouvelle * session pour l'utilisateur annoncé. * Cette fonction doit être appellée à chaque page devant être authentifiée. * et AVANT d'émettre des données. (un cookie peut être envoyé) * @global string $session Le cookie de session eventuel * @global string $username/password le login/pass de l'utilisateur * @return boolean TRUE si la session est correcte, FALSE sinon. */ function checkid() { global $db, $err, $cuid, $restrictip, $authip; if (isset($_REQUEST["username"])) { if (empty($_REQUEST['password'])) { $err->raise("mem", _("Missing password")); return false; } if ($_REQUEST["username"] && $_REQUEST["password"]) { return $this->login($_REQUEST["username"], $_REQUEST["password"], isset($_REQUEST["restrictip"]) ? $_REQUEST["restrictip"] : 0); } } // end isset $_COOKIE["session"] = isset($_COOKIE["session"]) ? addslashes($_COOKIE["session"]) : ""; if (strlen($_COOKIE["session"]) != 32) { $err->raise("mem", _("Identity lost or unknown, please login")); return false; } $ip = get_remote_ip(); $db->query("select uid,'{$ip}' as me,ip from sessions where sid='" . $_COOKIE["session"] . "'"); if ($db->num_rows() == 0) { $err->raise("mem", _("Session unknown, contact the administrator")); return false; } $db->next_record(); if ($db->f("ip")) { if ($db->f("me") != $db->f("ip")) { $err->raise("mem", _("IP address incorrect, please contact the administrator")); return false; } } $cuid = $db->f("uid"); if (panel_islocked() && $cuid != 2000) { $err->raise("mem", _("This website is currently under maintenance, login is currently disabled.")); return false; } $db->query("select * from membres where uid='{$cuid}';"); $db->next_record(); $this->user = $db->Record; $err->error = 0; /* Remplissage de $local */ $db->query("SELECT * FROM local WHERE uid='{$cuid}';"); if ($db->num_rows()) { $db->next_record(); $this->local = $db->Record; } return true; }
<script src="js/jquery.tablesorter.min.js" type="text/javascript"></script> <link href="prettify/prettify.css" type="text/css" rel="stylesheet" /> <script src="prettify/prettify.js" type="text/javascript"></script> </head> <body onload="prettyPrint()"> <?php if ($isinvited && isset($oldid) && !empty($oldid) && $oldid != $cuid) { echo "<div align=center><p class='alert alert-warning'>"; __("Administrator session. you may <a href='adm_login.php'>return to your account</a> or <a href='adm_cancel.php'>cancel this feature</a>."); if ($oldid == 2000) { echo ' ' . _("You can also <a href='adm_update_domains.php'>apply changes</a>."); } // Yes, hardcoded uid. We will rewrite permissions another day echo "</p></div>"; } if (panel_islocked()) { echo "<div align=center><p class='alert alert-warning'>"; __("Panel is locked! No one can login!"); echo "</p></div>"; } ?> <div id="global" class="clearfix"> <div id="menu"><?php include_once "menu.php"; ?> </div> <div id="content">