function check_regist_form($id, $passwd, $passwd2, $name, $email, $comment) { if (check_id($id) && check_passwd($passwd) && check_retype_passwd($passwd, $passwd2) && check_email($email) && check_comment($comment)) { return TRUE; // check_name($name) && } else { return FALSE; } }
function pkwk_login($pass = '') { global $adminpass; if (!PKWK_READONLY && isset($adminpass) && check_passwd($pass, $adminpass)) { return TRUE; } else { sleep(2); // Blocking brute force attack return FALSE; } }
} /** * function to check weather given password is correct or not * returns true on success */ function check_passwd($username, $password) { $q = "SELECT * FROM user_record WHERE username='******'"; $result = mysql_query($q); $row = mysql_fetch_array($result); return $row['Password'] == $password; } $u = $_POST['user']; $p = $_POST['pass']; if (usname_exist($u)) { if (!check_passwd($u, $p)) { echo "wrong password entered<br>redirecting you to login...."; $_SESSION['log'] = "wrong password entered<br>redirecting you to login...."; header("location:login.php"); } else { $_SESSION['username'] = $u; //$_SESSION['count']=1; //$_SESSION['flag']=0; header("location:all_song_display.php"); } } else { echo "Username not found<br>redirect to login page..."; $_SESSION['log'] = "Username not found<br>redirect to login page..."; header("location:login.php"); } ?>
<html> <head> <link rel='icon' href='src/ic.png' type='image/x-icon'/> <title>OJ7 - Sign in</title> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> </head> <body> <?php include 'oj-header.php'; ?> <div align='center' width='800px'> <?php if ($_GET['cmd'] == 'check') { $checkres = check_passwd($_POST['uid'], $_POST['passwd']); if ($checkres == 1) { header("Location: error.php?word=No such user"); return; } else { if ($checkres == 2) { header("Location: error.php?word=Wrong password"); return; } } $_SESSION['signedin'] = 1; $_SESSION['uid'] = $_POST['uid']; header("Location: " . $_COOKIE['lurl']); } if ($_GET['cmd'] == 'leave') { $_SESSION['signedin'] = 0;
<?php include 'oj-header.php'; ?> <div align='center' width='800px'> <?php if (!$_SESSION['signedin']) { header("Location: error.php?word=Please sign in first"); return; } else { if ($_GET['cmd'] == 'recv') { $uid = getuid(); $uname = $_POST['uname']; $grade = $_POST['grade']; $passwdold = $_POST['passwdold']; if (check_passwd($uid, $passwdold)) { header("Location: error.php?word=Wrong password"); return; } $passwd = $_POST['passwd']; if ($passwd != $_POST['reppasswd']) { header("Location: error.php?word=Password not match!"); return; } $fln = "../users/" . $uid . ".uinfo"; $opf = fopen($fln, "w"); fprintf($opf, "%s\n%s\n", $uname, $grade); fclose($opf); if (strlen($passwd) > 0) { $fln = "../users/" . $uid . ".upasswd"; $opf = fopen($fln, "w");
function ss_chkusr($title, $users) { global $script; global $login_log; $qm = get_qm(); // キャンセルなら、トップへリダイレクト if (isset($_POST['send']) && $_POST['send'] == $qm->m['ss_authform']['btn_cancel']) { //この比較は非推奨 header('Location: ' . $script); exit; } else { if (isset($_POST['send']) && $_POST['send'] == $qm->m['ss_authform']['btn_login']) { $user = isset($_POST['username']) ? $_POST['username'] : ''; $pass = isset($_POST['password']) ? $_POST['password'] : ''; // User, Passwordをチェック $auth = array_key_exists($user, $users) && check_passwd($pass, $users[$user]); //認証OK、NGに応じた処理 if ($auth) { $_SESSION['usr'] = $user; if (ss_admin_check()) { $d = dir(CACHEQHM_DIR); while (false !== ($entry = $d->read())) { if ($entry != '.' && $entry != '..') { $entry = CACHEQHM_DIR . $entry; if (file_exists($entry)) { // cacheqhmディレクトリにある3日前の一時ファイルを削除 if (mktime(date("H"), date("i"), date("s"), date("n"), date("j") - 3, date("Y")) > time(fileatime($entry))) { unlink($entry); } } } } $d->close(); } return TRUE; } else { // カウントして、3回以上試行したらエラーを出す $_SESSION['ct'] = $_SESSION['ct'] + 1; if ($_SESSION['ct'] > 3) { $_SESSION['ct'] = 0; return FALSE; } ss_msg($qm->m['ss_authform']['err_auth']); exit; } } else { ss_auth_loginform($title); exit; } } }
function check_login_logout($area = false) { if ($area == false) { //Get folder name = area (admin, print, upload, ...) $path = pathinfo($_SERVER["SCRIPT_FILENAME"]); $path = explode("/", $path["dirname"]); $area = trim($path[sizeof($path) - 1]); } if (isset($_POST["logout"]) or isset($_GET["logout"])) { if (isset($_SESSION["LOGINAREA"])) { $_SESSION["LOGINAREA"] = false; unset($_SESSION['LOGINAREA']); } } else { if (isset($_SESSION["LOGINAREA"])) { //Logout ??? //Bereits in dem bereich eingeloggt? if ($_SESSION["LOGINAREA"] == $area) { return true; } } } //if( check_ip() ) return true; if (isset($_POST["password"])) { if (check_passwd($area, $_POST["password"])) { $_SESSION["LOGINAREA"] = $area; //Anmeldung in Session speichern return true; } } else { if (check_passwd($area, false)) { $_SESSION["LOGINAREA"] = $area; //Anmeldung in Session speichern return true; } } echo create_header($_SESSION["settings"]["html_title"], "", "", "", "", "logolisa.svg"); echo "<form action='' method='POST'>\n\t\t\t" . ucfirst($area) . "-Passwort: <input type='password' name='password'>\n\t\t\t<input type='submit' value='anmelden'>\n\t\t\t</form>\n\t\t"; echo create_footer(); exit(0); }