require_once '../../functions/functions-install.php'; /* fetch username / pass if they are provided */ if (!empty($_POST['ipamusername']) && !empty($_POST['ipampassword'])) { # initialize array $ipampassword = array(); // verify that there are no invalid characters if (strpos($_POST['ipamusername'], " ") > 0) { die("<div class='alert alert-danger'>" . _("Invalid characters in username") . "!</div>"); } // check failed table if (isset($_SERVER['HTTP_X_FORWARDED_FOR'])) { $ip = $_SERVER['HTTP_X_FORWARDED_FOR']; } else { $ip = $_SERVER['REMOTE_ADDR']; } $cnt = check_blocked_ip($ip); # check for failed logins and captcha if ($cnt < 5) { } elseif (!isset($_POST['captcha'])) { updateLogTable("Login IP blocked", "Login from IP address {$ip} was blocked because of 5 minute block after 5 failed attempts", 1); die('<div class="alert alert-danger"><button type="button" class="close" data-dismiss="alert">×</button>' . _('You have been blocked for 5 minutes due to authentication failures') . '!</div>'); } else { # start session if (strlen($phpsessname) > 0) { session_name($phpsessname); } session_start(); # check captcha if ($_POST['captcha'] != $_SESSION['securimage_code_value']) { die("<div class='alert alert-danger'>" . _("Invalid security code") . "!</div>"); }
function print_index() { global $gbl, $sgbl, $ghtml, $login; ob_start(); print_time('index'); $cgi_clientname = $ghtml->frm_clientname; Htmllib::checkForScript($cgi_clientname); $cgi_class = $ghtml->frm_class; if (!$cgi_class) { $cgi_class = getClassFromName($cgi_clientname); } $cgi_password = $ghtml->frm_password; $cgi_forgotpwd = $ghtml->frm_forgotpwd; $cgi_email = $ghtml->frm_email; $cgi_key = $ghtml->frm_login_key; if (!$cgi_password || !$cgi_clientname) { $ghtml->print_redirect("/login/?frm_emessage=login_error"); } $cgi_classname = 'client'; if ($cgi_class) { $cgi_classname = $cgi_class; } if ($cgi_clientname == "" || $cgi_password == "" && $cgi_key == "") { $cgi_forgotpwd = $ghtml->frm_forgotpwd; return; } $ip = $_SERVER['REMOTE_ADDR']; if (!check_login_success($cgi_classname, $cgi_clientname, $cgi_password, $cgi_key)) { return; } log_log("login_success", "Successful Login to {$cgi_clientname} from " . $_SERVER['REMOTE_ADDR']); /* try { $att = $gbl->g->getFromList("loginattempt", $ip); $att->delete(); } catch (Exception $e) { } */ if (check_disable_admin($cgi_clientname)) { $ghtml->print_redirect("/login/?frm_emessage=login_error"); exit; } if (get_login($cgi_classname, $cgi_clientname)) { do_login($cgi_classname, $cgi_clientname); $login->was(); check_blocked_ip(); $ghtml->print_redirect("/"); } else { $ghtml->cgiset("frm_emessage", "login_error"); } $cgi_forgotpwd = $ghtml->frm_forgotpwd; }
/** * add/update entry */ function block_ip($ip) { # first check if already in if (check_blocked_ip($ip)) { # update update_blocked_count($ip); } else { add_blocked_entry($ip); } return true; }
} } ?> <div class="container"> <div class="row"> <div class="col-md-4 col-md-offset-4"> <div class="login-panel panel panel-default"> <div class="panel-heading"> <h3 style="margin-bottom:2px;" class="panel-title">Please Sign In</h3> <?php if ($error == true) { msg_warning($msg); } ?> <?php if (check_blocked_ip($forward, $remote)) { msg_error("Login blockiert für diese IP"); } ?> </div> <div class="panel-body"> <form action="index.php?page=login" method="post"> <fieldset> <div class="form-group"> <input class="form-control" placeholder="E-mail" name="email" type="email" autofocus> </div> <div class="form-group"> <input class="form-control" placeholder="Password" name="password" type="password" value=""> </div> <button type="submit" class="btn btn-lg btn-success btn-block">Login</button> </fieldset>