Пример #1
0
function add_invalid_login()
{
    global $adminer;
    $filename = get_adminer_temp_dir() . "/adminer.invalid";
    $fp = @fopen($filename, "r+");
    // @ - may not exist
    if (!$fp) {
        // c+ is available since PHP 5.2.6
        $fp = @fopen($filename, "w");
        // @ - may not be writable
        if (!$fp) {
            return;
        }
    }
    flock($fp, LOCK_EX);
    $invalids = unserialize(stream_get_contents($fp));
    $time = time();
    if ($invalids) {
        foreach ($invalids as $ip => $val) {
            if ($val[0] < $time) {
                unset($invalids[$ip]);
            }
        }
    }
    $invalid =& $invalids[$adminer->bruteForceKey()];
    if (!$invalid) {
        $invalid = array($time + 30 * 60, 0);
        // active for 30 minutes
    }
    $invalid[1]++;
    $serialized = serialize($invalids);
    rewind($fp);
    fwrite($fp, $serialized);
    ftruncate($fp, strlen($serialized));
    flock($fp, LOCK_UN);
    fclose($fp);
}
Пример #2
0
/** Read password from file adminer.key in temporary directory or create one
* @param bool
* @return string or false if the file can not be created
*/
function password_file($create)
{
    $filename = get_adminer_temp_dir() . "/adminer.key";
    $return = @file_get_contents($filename);
    // @ - may not exist
    if ($return || !$create) {
        return $return;
    }
    $fp = @fopen($filename, "w");
    // @ - can have insufficient rights //! is not atomic
    if ($fp) {
        $return = rand_string();
        fwrite($fp, $return);
        fclose($fp);
    }
    return $return;
}