header("Cache-control: private");
/*
* List of the external modules required
*/
require_once "../../version.php";
require_once "../bta_funcs.php";
/*
* Get the client's IP address. Used for verifying access.
*/
$ip = str_replace("::ffff:", "", $_SERVER["REMOTE_ADDR"]);
/*
* Check to make sure person is logged in, and that the session
* is actually theirs.
*/
if (!admIsLoggedIn($ip)) {
admShowError("You can't access this page directly.", "You don't appear to be logged in. Use admin/index.php to login to the administrative interface.", $adm_pageerr_title);
exit;
}
?>
<HTML>
<HEAD>
<META NAME="Author" CONTENT="danomac">
<LINK REL="stylesheet" HREF="../admin.css" TYPE="text/css" TITLE="Default">
<?php
echo "<TITLE>Confirm action help - {$phpbttracker_id} {$phpbttracker_ver}</TITLE>\r\n";
?>
</HEAD>
<BODY CLASS="help">
<P CLASS="help_title"><?php
echo "{$phpbttracker_id} {$phpbttracker_ver} - Confirm action help";
?>
* This is rather redundant. I know.
*/
$refererArray = explode("/", $_SESSION['refering_page']);
$refererCount = count($refererArray);
if ($refererArray[$refererCount - 1] != "index.php") {
admShowError("You have to use admin/index.php to login to the administrative interface.", "If you are trying to access this file from another page you may get this error. Use bta_login.php to login to the administrative interface.", $adm_pageerr_title);
exit;
}
//reset the refering page
$_SESSION['refering_page'] = $_SERVER['PHP_SELF'];
}
/*
* If the admin username and password are not set, terminate
*/
if (!isset($admin_user) || !isset($admin_pass) || strlen($admin_user) == 0 || strlen($admin_pass) == 0) {
admShowError("Administration root username and/or password not set", "The administration system will not function until you set these in the configuration.", $adm_pageerr_title);
exit;
}
/*
* Check to see if this session is logged on already, if it is, go to the main page
*/
if (isset($_SESSION['authenticated'])) {
if ($_SESSION['authenticated']) {
$_SESSION['refering_page'] = "";
admShowMsg("You are logged in already.", "Redirecting to the main administration panel.", $adm_page_title, true, "bta_main.php", 3);
}
}
/*
* Output the HEAD tags needed.
*/
echo "<HTML>\r\n<HEAD>\r\n<META NAME=\"Author\" CONTENT=\"danomac\">\r\n";
/*
* Group administration is not enabled, terminate
*/
admShowError("Invalid username/password", "Check your username and password and try again.", $adm_pageerr_title);
exit;
}
} else {
/*
* The username entered matches the "root" password
* Check to see if the hashes match for the password
*/
if (hmac_md5($_POST["id"], md5($admin_pass)) != $_POST["passmd5"]) {
admShowError("Invalid username/password", "Check your username and password and try again.", $adm_pageerr_title);
exit;
}
/*
* Okay the root password matches, now set the permission variable
*/
$_SESSION["admin_perms"]["root"] = true;
}
} else {
admShowError("There was a problem processing your request", "It appears you are trying to steal a session. Shame on you!", $adm_pageerr_title);
}
}
/*
* Wow. All the tests pass. There should be a variable set in _SESSION now to verify
* that the login was successful. Also, we can now redirect to the "main" administration panel.
*/
$_SESSION['refering_page'] = "";
$_SESSION['authenticated'] = true;
admShowMsg("Authenticated.", "Redirecting to the main administration panel.", $adm_page_title, true, "bta_main.php");
session_save_path($GLOBALS["webserver_farm_session_path"]);
}
}
session_start();
header("Cache-control: private");
/*
* There are some variables defined in this script that are needed, such as the
* phpbttracker version strings.
*/
require_once "bta_funcs.php";
/*
* Let's try to stay HTML 4.01 compliant.
*/
echo "<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.01 Transitional//EN\">\r\n";
/*
* Let's see if the bta_login.php page was used by checking to see if there
* is a session variable set with the page referrer.
* If yes, then destroy the session and log out.
*/
if (!isset($_SESSION['authenticated'])) {
admShowError("You are not logged in.", "Common sense states that before you attempt to log out, you should be logged in to the interface first!", $adm_pageerr_title);
} else {
//okay, destroy the session.
admKillSession();
//ensure the session was destroyed, and display a message
if (!isset($_SESSION['authenticated'])) {
admShowMsg("You are now logged off.", "You will need to logon again to use the Administrative interface.", $adm_page_title . " - Logout");
} else {
admShowError("ERROR: You are not logged off.", "Could not logoff for an unknown reason.", $adm_pageerr_title);
}
}
