function check_regist_form($id, $passwd, $passwd2, $name, $email, $comment)
{
if (check_id($id) && check_passwd($passwd) && check_retype_passwd($passwd, $passwd2) && check_email($email) && check_comment($comment)) {
return TRUE;
// check_name($name) &&
} else {
return FALSE;
}
}
function pkwk_login($pass = '')
{
global $adminpass;
if (!PKWK_READONLY && isset($adminpass) && check_passwd($pass, $adminpass)) {
return TRUE;
} else {
sleep(2);
// Blocking brute force attack
return FALSE;
}
}
}
/**
* function to check weather given password is correct or not
* returns true on success
*/
function check_passwd($username, $password)
{
$q = "SELECT * FROM user_record WHERE username='******'";
$result = mysql_query($q);
$row = mysql_fetch_array($result);
return $row['Password'] == $password;
}
$u = $_POST['user'];
$p = $_POST['pass'];
if (usname_exist($u)) {
if (!check_passwd($u, $p)) {
echo "wrong password entered<br>redirecting you to login....";
$_SESSION['log'] = "wrong password entered<br>redirecting you to login....";
header("location:login.php");
} else {
$_SESSION['username'] = $u;
//$_SESSION['count']=1;
//$_SESSION['flag']=0;
header("location:all_song_display.php");
}
} else {
echo "Username not found<br>redirect to login page...";
$_SESSION['log'] = "Username not found<br>redirect to login page...";
header("location:login.php");
}
?>
<html>
<head>
<link rel='icon' href='src/ic.png' type='image/x-icon'/>
<title>OJ7 - Sign in</title>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
</head>
<body>
<?php
include 'oj-header.php';
?>
<div align='center' width='800px'>
<?php
if ($_GET['cmd'] == 'check') {
$checkres = check_passwd($_POST['uid'], $_POST['passwd']);
if ($checkres == 1) {
header("Location: error.php?word=No such user");
return;
} else {
if ($checkres == 2) {
header("Location: error.php?word=Wrong password");
return;
}
}
$_SESSION['signedin'] = 1;
$_SESSION['uid'] = $_POST['uid'];
header("Location: " . $_COOKIE['lurl']);
}
if ($_GET['cmd'] == 'leave') {
$_SESSION['signedin'] = 0;
<?php
include 'oj-header.php';
?>
<div align='center' width='800px'>
<?php
if (!$_SESSION['signedin']) {
header("Location: error.php?word=Please sign in first");
return;
} else {
if ($_GET['cmd'] == 'recv') {
$uid = getuid();
$uname = $_POST['uname'];
$grade = $_POST['grade'];
$passwdold = $_POST['passwdold'];
if (check_passwd($uid, $passwdold)) {
header("Location: error.php?word=Wrong password");
return;
}
$passwd = $_POST['passwd'];
if ($passwd != $_POST['reppasswd']) {
header("Location: error.php?word=Password not match!");
return;
}
$fln = "../users/" . $uid . ".uinfo";
$opf = fopen($fln, "w");
fprintf($opf, "%s\n%s\n", $uname, $grade);
fclose($opf);
if (strlen($passwd) > 0) {
$fln = "../users/" . $uid . ".upasswd";
$opf = fopen($fln, "w");
function ss_chkusr($title, $users)
{
global $script;
global $login_log;
$qm = get_qm();
// キャンセルなら、トップへリダイレクト
if (isset($_POST['send']) && $_POST['send'] == $qm->m['ss_authform']['btn_cancel']) {
//この比較は非推奨
header('Location: ' . $script);
exit;
} else {
if (isset($_POST['send']) && $_POST['send'] == $qm->m['ss_authform']['btn_login']) {
$user = isset($_POST['username']) ? $_POST['username'] : '';
$pass = isset($_POST['password']) ? $_POST['password'] : '';
// User, Passwordをチェック
$auth = array_key_exists($user, $users) && check_passwd($pass, $users[$user]);
//認証OK、NGに応じた処理
if ($auth) {
$_SESSION['usr'] = $user;
if (ss_admin_check()) {
$d = dir(CACHEQHM_DIR);
while (false !== ($entry = $d->read())) {
if ($entry != '.' && $entry != '..') {
$entry = CACHEQHM_DIR . $entry;
if (file_exists($entry)) {
// cacheqhmディレクトリにある3日前の一時ファイルを削除
if (mktime(date("H"), date("i"), date("s"), date("n"), date("j") - 3, date("Y")) > time(fileatime($entry))) {
unlink($entry);
}
}
}
}
$d->close();
}
return TRUE;
} else {
// カウントして、3回以上試行したらエラーを出す
$_SESSION['ct'] = $_SESSION['ct'] + 1;
if ($_SESSION['ct'] > 3) {
$_SESSION['ct'] = 0;
return FALSE;
}
ss_msg($qm->m['ss_authform']['err_auth']);
exit;
}
} else {
ss_auth_loginform($title);
exit;
}
}
}
function check_login_logout($area = false)
{
if ($area == false) {
//Get folder name = area (admin, print, upload, ...)
$path = pathinfo($_SERVER["SCRIPT_FILENAME"]);
$path = explode("/", $path["dirname"]);
$area = trim($path[sizeof($path) - 1]);
}
if (isset($_POST["logout"]) or isset($_GET["logout"])) {
if (isset($_SESSION["LOGINAREA"])) {
$_SESSION["LOGINAREA"] = false;
unset($_SESSION['LOGINAREA']);
}
} else {
if (isset($_SESSION["LOGINAREA"])) {
//Logout ???
//Bereits in dem bereich eingeloggt?
if ($_SESSION["LOGINAREA"] == $area) {
return true;
}
}
}
//if( check_ip() ) return true;
if (isset($_POST["password"])) {
if (check_passwd($area, $_POST["password"])) {
$_SESSION["LOGINAREA"] = $area;
//Anmeldung in Session speichern
return true;
}
} else {
if (check_passwd($area, false)) {
$_SESSION["LOGINAREA"] = $area;
//Anmeldung in Session speichern
return true;
}
}
echo create_header($_SESSION["settings"]["html_title"], "", "", "", "", "logolisa.svg");
echo "<form action='' method='POST'>\n\t\t\t" . ucfirst($area) . "-Passwort: <input type='password' name='password'>\n\t\t\t<input type='submit' value='anmelden'>\n\t\t\t</form>\n\t\t";
echo create_footer();
exit(0);
}
