# Author: ZYMO
#
# Description:
#
# Hardened version of vAuthenticate 3.0.1 to address exploits
# and update deprecated database functions on PHP v5.5 servers.
#
*/
// Check if the cookies are set
// This removes some notices (undefined index)
if (isset($_COOKIE['USERNAME']) && isset($_COOKIE['PASSWORD'])) {
// Get values from superglobal variables
$USERNAME = $_COOKIE['USERNAME'];
$PASSWORD = $_COOKIE['PASSWORD'];
$CheckSecurity = new auth();
$check = $CheckSecurity->page_check($USERNAME, $PASSWORD);
} else {
$check = false;
}
if ($check == false) {
// Feel free to change the error message below. Just make sure you put a "\" before
// any double quote.
print "<b>Illegal Access</b>";
print "<br>";
print "<b>You do not have permission to view this page.</b>";
// REDIRECT BACK TO LOGIN PAGE
// REMOVE BLOCK IF NOT BEING USED
print "<br>";
print "You will be redirected back to the login page in a short while.";
?>
<HEAD>
}
$this->Priority = $this->priority;
}
}
if (!$limitedStartup) {
if ($config['softdebug'] == 1) {
$starttime = microtime();
$data->reset_counter();
}
$cookievalue = md5(time() . 'um');
$expire = time() + $config['session_length'];
if ($config['gzip'] == 1) {
$tpl->load_filter('output', 'gzip');
}
if (!$skipUser) {
$check = $Auth->page_check();
$user_page_auths = get_user_auths();
$user_groups = user_groups_id_key_array($check['id']);
$onlineUserList = get_online_users_array();
$userIdList = get_user_id_list_array();
}
$censorWords = get_censor();
$scoutlanguage = read_scout_language();
$tpl->assign("scoutlang", $scoutlanguage);
}
$timestamp = time();
} else {
require_once "config.php";
require_once "includes/db.php";
require_once "includes/functions.php";
$data = new database($dbname, $dbhost, $dbusername, $dbpassword, $dbprefix, $dbport);
