define('MN_LOGGED', false);
@(include_once './data/databases/config.php');
include_once './stuff/inc/mn-functions.php';
$lng = select_lang();
include_once './stuff/lang/lang_' . $lng . '.php';
include_once './stuff/inc/mn-definitions.php';
if (file_exists($file['banned_ips'])) {
include_once $file['banned_ips'];
} else {
$banned_ips = array();
}
$mn_users = load_basic_data('users');
$post = get_post_data($_POST['post_id']);
$mn_redir = isset($_POST['redir']) && !empty($_POST['redir']) ? $_POST['redir'] : str_replace('&mn_msg=c_added', '', $_SERVER['HTTP_REFERER']);
$conf['comments_antiflood'] = isset($conf['comments_antiflood']) && is_numeric($conf['comments_antiflood']) ? $conf['comments_antiflood'] : '30';
if (isset($_SESSION['mn_logged']) && $_SESSION['mn_logged'] && !check_hash()) {
session_destroy();
$url_data = explode('/', $conf['admin_url']);
setcookie('mn_user_hash', '', time() - 3600, '/', $_SERVER['SERVER_NAME']);
setcookie('mn_logged', '', time() - 3600, '/', $_SERVER['SERVER_NAME']);
header('location: ' . $mn_redir . '#mn-comment-form');
exit;
} elseif (isset($_SESSION['mn_logged']) && !$_SESSION['mn_logged'] && isset($_COOKIE['mn_user_name']) && isset($_COOKIE['mn_user_hash']) && $conf['users_perm_login']) {
permanent_login();
} elseif (in_array(@$_POST['comment_author'], $mn_users) || isset($_POST['comment_pass']) && !empty($_POST['comment_pass'])) {
do_login($_POST['comment_author'], $_POST['comment_pass'], false);
}
if ($post['comments'] == '1' && ($conf['comments'] === true || $conf['comments'] >= 1) && !check_ip_ban($_SERVER['REMOTE_ADDR'], $banned_ips)) {
// Check for correct captcha code
if ((!isset($_SESSION['mn_logged']) || !$_SESSION['mn_logged']) && isset($conf['comments_captcha']) && $conf['comments_captcha']) {
require_once './stuff/inc/recaptchalib.php';
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License along
with this program; if not, write to the Free Software Foundation, Inc.,
51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/
$error = false;
$no_require_login = "******";
require_once "../inc/base.php";
if (isset($_POST['password'])) {
$pass = get_config("login_pass");
if (substr($pass, 0, 4) == "sha:") {
if (check_hash($pass, trim($_POST['password']))) {
$_SESSION['logged_in'] = true;
header("Location: index.php");
exit;
}
$error = "Login failed";
} else {
if ($pass == trim($_POST['password'])) {
$_SESSION['logged_in'] = true;
header("Location: index.php");
exit;
} else {
$error = "Login failed";
}
}
} else {
function get_check_sum($url)
{
return check_hash(hash_url($url));
}
$title = 'Авторизация';
$login = '';
session_start();
header("HTTP/1.0 401 Unauthorized");
require_once 'secure.inc.php';
if ($_SERVER['REQUEST_METHOD'] == "POST") {
$login = trim(strip_tags($_POST['login']));
$pw = trim(strip_tags($_POST['pw']));
$ref = trim(strip_tags($_GET['ref']));
if (!$ref) {
$ref = '/shop_book/admin/';
}
if ($login and $pw) {
if ($result = user_exists($login)) {
list($_, $hash) = explode(':', $result);
if (check_hash($pw, $hash)) {
$_SESSION['admin'] = true;
header("Location: {$ref}");
exit;
} else {
$title = "Неправильный пароль.";
}
} else {
$title = "Неправильное имя пользователя";
}
} else {
$title = "Заполните все поля";
}
}
?>
<!DOCTYPE HTML>
$accountNumber = null;
$accountName = null;
$sortCode = null;
$_SESSION["hasError"] = false;
$_SESSION["error"] = "";
if (isset($_GET["HashDigest"])) {
$_SESSION["CrossReference"] = $_GET["CrossReference"];
$_SESSION["paymentMethod"] = "Credit Card";
$_SESSION["CreateHash"] = create_hash($pre_shared_key, $password);
$_SESSION["HashDigest"] = $_GET["HashDigest"];
$_SESSION["MerchantID"] = $_GET["MerchantID"];
$_SESSION["CheckHash"] = check_hash($pre_shared_key, $password);
$_SESSION["OrderID"] = $_GET["OrderID"];
$order_id = $_GET['OrderID'];
$result_sql = "SELECT * FROM worldpay_status WHERE order_id = \"\{$order_id\}\"";
$result = $wpdb->get_row($result_sql);
$_SESSION["delete"] = $wpdb->delete('worldpay_status', array('order_id' => '{' . $order_id . '}'));
if (false == $_SESSION["hasError"] && "5" == $result->status) {
$_SESSION["error"] = $result->message;
$_SESSION["hasError"] = true;
}
if (false == $_SESSION["hasError"] && "HASH PASSED" != $_SESSION["CheckHash"]) {
