function email() { global $CONF, $DB, $FORM, $LNG, $TMPL; $username = $DB->escape($FORM['u']); list($email) = $DB->fetch("SELECT email FROM {$CONF['sql_prefix']}_sites WHERE username = '******'", __FILE__, __LINE__); if ($email) { require_once "{$CONF['path']}/sources/misc/session.php"; $session = new session(); $TMPL['sid'] = $session->create('lost_pw', $username, 0); $lost_pw_email = new skin('lost_pw_email'); $lost_pw_email->send_email($email); $TMPL['content'] = $this->do_skin('lost_pw_finish'); } else { $this->error($LNG['g_invalid_u']); } }
function login() { global $CONF, $DB, $FORM, $LNG, $TMPL; if (!isset($FORM['password']) || !$FORM['password']) { $TMPL['content'] = $this->do_skin('admin_login'); } else { list($admin_password) = $DB->fetch("SELECT admin_password FROM {$CONF['sql_prefix']}_etc", __FILE__, __LINE__); if ($admin_password == md5($FORM['password'])) { require_once "{$CONF['path']}/sources/misc/session.php"; $session = new session(); $session->create('admin', 1); $this->main(); } else { $this->error($LNG['g_invalid_p']); } } }
function logon_perform() { $webtag = get_webtag(); // Check to see if the user is logging in as a guest or a normal user. if (isset($_POST['guest_logon'])) { // Check the Guest account is enabled. if (!user_guest_enabled()) { return false; } // Initialise Guest user session. session::create(0); // Success return true; } else { if (isset($_POST['user_logon']) && isset($_POST['user_password'])) { // Extract the submitted username $user_logon = $_POST['user_logon']; // Extract the submitted password $user_password = $_POST['user_password']; // Try and login the user. if ($uid = user_logon($user_logon, $user_password)) { // Initialise a user session. session::create($uid); // Check if we should save a token to allow auto logon, if (isset($_POST['user_remember']) && $_POST['user_remember'] == 'Y') { // Get a token for the entered password. $user_token = user_generate_token($uid); // Set a cookie with the logon and the token. html_set_cookie('user_logon', $user_logon, time() + YEAR_IN_SECONDS); html_set_cookie('user_token', $user_token, time() + YEAR_IN_SECONDS); } else { // Remove the cookie. html_set_cookie('user_logon', '', time() - YEAR_IN_SECONDS); html_set_cookie('user_token', '', time() - YEAR_IN_SECONDS); } // Success return true; } } } // Failed return false; }
function content() { global $smarty; if (trim($_POST['usrpass'])) { if ($_POST['usrlogin'] == '' && $_POST['usrpass'] == ADMIN_PASSWORD && substr(ADMIN_PASSWORD, 0, 3) != '$1$' && substr(ADMIN_PASSWORD, 0, 3) != '$2$' && substr(ADMIN_PASSWORD, 0, 3) != '$2a$') { @chmod("kbconfig.php", 0660); if (!is_writeable("kbconfig.php")) { $smarty->assign('error', 'Admin password is unencrypted and ' . 'kbconfig.php is not writeable. Either encrypt the admin ' . 'password or set kbconfig.php writeable.'); } else { $kbconfig = file_get_contents('kbconfig.php'); $newpwd = preg_replace('/(\\$|\\\\)/', '\\\\$1', crypt(ADMIN_PASSWORD)); $kbconfig = preg_replace('/define\\s*\\(\\s*[\'"]ADMIN_PASSWORD[\'"]' . '[^)]*\\)/', "define('ADMIN_PASSWORD', '" . $newpwd . "')", $kbconfig); file_put_contents("kbconfig.php", trim($kbconfig)); chmod("kbconfig.php", 0440); session::create(true); session_write_close(); header('Location: ' . htmlspecialchars_decode(edkURI::page('admin') . '&akey=' . session::makeKey())); //session created but not in current page die; } } else { if ($_POST['usrlogin'] == '' && crypt($_POST['usrpass'], ADMIN_PASSWORD) == ADMIN_PASSWORD) { session::create(true); $page = preg_replace('/[^a-zA-Z0-9-_]/', '', edkURI::getArg("page", 1)); $page = $page ? $page : "admin"; header('Location: ' . htmlspecialchars_decode(edkURI::page('admin') . '&akey=' . session::makeKey())); //session created but not in current page session_write_close(); die; } else { $result = user::login($_POST['usrlogin'], $_POST['usrpass']); if ($result) { header('Location: ' . html_entity_decode(edkURI::page('home'))); die; } else { $smarty->assign('error', 'Login error, please check your username and password.'); } } } } return $smarty->fetch(get_tpl('user_login')); }
function login() { global $CONF, $DB, $FORM, $LNG, $TMPL; if (!isset($FORM['u']) || !isset($FORM['password']) || !$FORM['u'] || !$FORM['password']) { $TMPL['content'] = $this->do_skin('user_cp_login'); } else { $TMPL['username'] = $DB->escape($FORM['u']); $password = md5($FORM['password']); list($username, $active) = $DB->fetch("SELECT username, active FROM {$CONF['sql_prefix']}_sites WHERE username = '******'username']}' AND password = '******'", __FILE__, __LINE__); if ($TMPL['username'] == $username) { if ($active) { require_once "{$CONF['path']}/sources/misc/session.php"; $session = new session(); $session->create('user_cp', $TMPL['username']); $this->main(); } else { $this->error($LNG['user_cp_inactive']); } } else { $this->error($LNG['g_invalid_u_or_p']); } } }
$y = intval(rand((int) ($size * 1.5), (int) ($ly - $size / 7))); list($r, $g, $b) = random_color(0, 127); $color = imagecolorallocate($image, $r, $g, $b); list($r, $g, $b) = random_color(0, 127); $shadow = imagecolorallocate($image, $r + 127, $g + 127, $b + 127); $TTF_file = change_TTF(); imagettftext($image, $size, $angle, $x + (int) ($size / 15), $y, $shadow, $TTF_file, $text); imagettftext($image, $size, $angle, $x, $y - (int) ($size / 15), $color, $TTF_file, $text); $x += (int) ($size + $minsize / 5); } $ip = $DB->escape($_SERVER['REMOTE_ADDR'], 1); $DB->query("DELETE FROM {$CONF['sql_prefix']}_sessions WHERE data LIKE '{$ip}|%'", __FILE__, __LINE__); $data = "{$ip}|" . sha1(')F*RJ@FHR^%X' . $string . '(*Ht3h7f9&^F' . $ip); require_once "{$CONF['path']}/sources/misc/session.php"; $session = new session(); $session->create('captcha', $data); header('Pragma: no-cache'); header('Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0'); header('Content-type: image/jpeg'); imagejpeg($image); imagedestroy($image); // Select a new random font function change_TTF() { global $TTF_RANGE, $TTF_folder; $key = array_rand($TTF_RANGE); $TTF_file = $TTF_folder . $TTF_RANGE[$key]; return $TTF_file; } // Select a random color within a range function random_color($min, $max)
function gateway($username) { global $CONF, $FORM, $TMPL; require_once "{$CONF['path']}/sources/misc/session.php"; $session = new session(); $TMPL['sid'] = $session->create('gateway', $username); $TMPL['username'] = $username; echo $this->do_skin('gateway'); exit; }
$url .= '?' . $_SERVER['QUERY_STRING']; } // Make sure there are no caching issues. header("Cache-Control: no-store, no-cache, must-revalidate"); header("Cache-Control: post-check=0, pre-check=0", false); header("Pragma: no-cache"); header("Expires: Mon, 26 Jul 1997 05:00:00 GMT"); header("Last-Modified: Mon, 26 Jul 1997 05:00:00 GMT"); $smarty = new Smarty(); $smarty->compile_dir = getcwd() . "/" . KB_CACHEDIR . '/templates_c'; $smarty->cache_dir = getcwd() . "/" . KB_CACHEDIR . '/data'; $smarty->template_dir = getcwd() . '/update/'; $smarty->assign('url', $url); if (!session::isAdmin()) { if (isset($_POST['usrpass']) && (crypt($_POST['usrpass'], ADMIN_PASSWORD) == ADMIN_PASSWORD || $_POST['usrpass'] == ADMIN_PASSWORD)) { session::create(true); $_SESSION['admin_key'] = session::makeKey(); if (strpos($url, '?') === false) { header('Location: ' . $url . '?akey=' . session::makeKey()); } else { header('Location: ' . $url . '&akey=' . session::makeKey()); } die; } else { $smarty->assign('content', $smarty->fetch('update_login.tpl')); $smarty->display('update.tpl'); die; } } if (phpversion() < "5.1.2") { $smarty->assign('content', "PHP version 5.1.2 or higher is required. You have version " . phpversion());