($code = $plugins->load('admin_notallowed')) ? eval($code) : null; if ($my->p['admin'] == 0 && $my->vlogin) { echo head(); error('index.php' . SID2URL_1, $lang->phrase('admin_not_allowed_to_view_this_page')); } include "classes/function.flood.php"; $addr = rawurldecode($gpc->get('addr', none)); if ($action == "login2") { $log_status = $slog->sid_login(true); if ($log_status == false) { $attempts = set_failed_login(); if ($attempts == $config['login_attempts_max']) { header('Location: index.php' . SID2URL_1); } else { echo head(); error('admin.php' . iif(!empty($addr), '?addr=' . rawurlencode($addr)), $lang->phrase('admin_incorrect_username_or_password_entered')); } } else { clear_login_attempts(); echo head(); ok('admin.php' . iif(!empty($addr), '?addr=' . rawurlencode($addr)), $lang->phrase('admin_successfully_logged_in')); } } else { echo head(); AdminLogInForm(); } echo foot(); } ($code = $plugins->load('admin_end')) ? eval($code) : null; $slog->updatelogged(); $db->close();
function set_failed_login() { global $slog, $db, $config, $lang, $filesystem; if ($config['login_attempts_max'] == 0) { return -1; } $ip = $slog->getIP(); $time = time(); $limit = $time - $config['login_attempts_time'] * 60; $result = $db->query("SELECT COUNT(*) FROM {$db->pre}flood WHERE ip = '{$ip}' AND time > '{$limit}' AND type = '" . FLOOD_TYPE_LOGIN . "'", __LINE__, __FILE__); $data = $db->fetch_num($result); $data[0]++; if ($data[0] >= $config['login_attempts_max']) { // Bann setzen $until = $time + $config['login_attempts_time'] * 60; $lang->assign('ip', $ip); $line = "ip\t{$ip}\t{$until}\t0\t{$time}\t" . str_replace(array("\r", "\n", "\t"), ' ', $lang->phrase('login_attempts_banned')); $banned = file_get_contents('data/bannedip.php'); $banned = trim($banned, "\r\n"); // No check for double data at the moment, because don't know what to do with the old data. // ToDo: Add a check $filesystem->file_put_contents('data/bannedip.php', trim($banned . "\n" . $line, "\r\n")); // Clear login attempts after banning clear_login_attempts(); return $config['login_attempts_max']; } else { // Add one login attempt $db->query("INSERT INTO {$db->pre}flood SET time = '{$time}', ip = '{$ip}', type = '" . FLOOD_TYPE_LOGIN . "'", __LINE__, __FILE__); return $data[0]; } }