function login()
{
if (!isset($_SESSION['user'])) {
if (!new_session()) {
trigger_error("User could not be created.");
}
}
// now the user dir should exist, move to it
if (!chdir($_SESSION['user']['dir'])) {
trigger_error("User directory ({$_SESSION["user"]["dir"]}) unavailable.");
}
}
$msg .= "Der Angegebene Benutzername existiert nicht.<br>";
}
$user = mysql_fetch_array($r_user);
if ($user['userpassword'] != md5($login_password)) {
$msg .= "Das Passwort ist leider falsch.<br>";
possible_flood(FLOOD_LOGIN);
}
if ($user['useractivate']) {
$msg .= "Sie haben ihren Account noch nicht aktiviert.";
}
if (isset($msg) && strlen($msg) > 0) {
message("Fehler", "Es sind leider Fehler aufgetreten:<font color='{$style['color_err']}'><br><br>{$msg}</font>");
}
global $g_user, $s;
$g_user = array();
$g_user['userisadmin'] = false;
$g_user['userid'] = $user['userid'];
$g_user['have_cookie'] = $login_cookie;
$s = new_session();
$g_user['have_cookie'] = false;
if ($login_cookie) {
setcookie("thwb_cookie", md5($login_password) . $user['userid'], time() + 60 * 60 * 24 * 365);
}
if (empty($source)) {
$source = 'index.php';
} else {
$source = urldecode($source);
}
// $source xss vuln fix by tendor
$source = str_replace(array('"', '<', '>'), array('%22', '%3c', '%3e'), $source);
message_redirect('Sie wurden erfolgreich eingeloggt, bitte warten ...', $source);
function update_session()
{
global $_db_table_config, $badgerDb, $_session_timeout, $logger;
$sess = $_COOKIE['badger_sess'];
$sql = "select logout, UNIX_TIMESTAMP(last) last from {$_db_table_config} where sid = '{$sess}'";
$res = query($sql);
//modified by badger
//$row = mysql_fetch_array($res);
$row = array();
$res->fetchInto($row, DB_FETCHMODE_ASSOC);
$logger->log('SESSION MANAGEMENT: last: ' . $row['last'] . ' time: ' . time() . ' diff: ' . (time() - $row['last']));
if ($row['last'] + $_session_timeout * 60 < time()) {
$GLOBALS['sessionTimeout'] = true;
return new_session();
} else {
if ($row['logout'] != 1) {
$sql = "update {$_db_table_config} set last = NOW() where sid = '{$sess}'";
query($sql);
if ($badgerDb->affectedRows() < 0) {
return new_session();
} else {
return $sess;
}
} else {
return new_session();
}
}
}
/**
* verifies session data
*
* returns `guest' in case of authentication failure;
* otherwise a thwb_cookie style string is returned
**/
function verify_session()
{
global $s, $pref, $config, $g_user, $HTTP_COOKIE_VARS, $HTTP_SERVER_VARS;
$have_cookie = !empty($HTTP_COOKIE_VARS['thwb_cookie']);
$have_sid_cookie = !empty($HTTP_COOKIE_VARS['thwb_session']);
$have_session = !empty($s);
$g_user['have_cookie'] = false;
if (!$have_cookie && !$have_session) {
return "guest";
}
if ($have_cookie && defined('THWB_NOSESSION_PAGE')) {
// check for existing session id
if (!$have_sid_cookie) {
$r_session = thwb_query("SELECT sessionid FROM " . $pref . "online WHERE userid = '" . addslashes(substr($HTTP_COOKIE_VARS['thwb_cookie'], 32)) . "' AND onlinetime >= '" . (time() - $config['session_timeout'] . "' ORDER BY onlinetime DESC LIMIT 1"));
if (mysql_num_rows($r_session)) {
// got a session id, use it.
$a_session = mysql_fetch_array($r_session);
$s = $a_session['sessionid'];
} else {
// we don't have a session id
// we must make sure that userid exists for new_session() relies on it.
if (empty($g_user['userid'])) {
$g_user['userid'] = substr($HTTP_COOKIE_VARS['thwb_cookie'], 32);
}
// user is using cookies, therefore we store the session id into a cookie, too.
$g_user['have_cookie'] = true;
$s = new_session();
}
} else {
$s = $HTTP_COOKIE_VARS['thwb_session'];
$g_user['have_cookie'] = true;
}
return $HTTP_COOKIE_VARS['thwb_cookie'];
} else {
if ($have_session || $have_sid_cookie) {
if ($have_sid_cookie) {
$s = $HTTP_COOKIE_VARS['thwb_session'];
}
$r_session = thwb_query("SELECT o.userid, o.onlineip, o.onlinetime, u.userpassword FROM " . $pref . "online AS o LEFT OUTER JOIN " . $pref . "user AS u ON o.userid = u.userid WHERE o.sessionid='" . addslashes($s) . "' ORDER BY o.onlinetime DESC LIMIT 1");
if (!mysql_num_rows($r_session)) {
// mismatching session id
return "guest";
}
$a_session = mysql_fetch_array($r_session);
if ($have_cookie) {
if (substr($HTTP_COOKIE_VARS['thwb_cookie'], 32) != $a_session['userid']) {
// session userid doest not match cookie user id
return "guest";
} else {
if (substr($HTTP_COOKIE_VARS['thwb_cookie'], 0, 32) != $a_session['userpassword']) {
// session password does not match cookie password
return "guest";
}
}
}
if (!$have_sid_cookie) {
// check first 24 bytes of ip (to avoid problems with aol and other proxies)
if (substr(dechex(ip2long($a_session['onlineip'])), 0, 6) != substr(dechex(ip2long($HTTP_SERVER_VARS['REMOTE_ADDR'])), 0, 6)) {
message("IP Mismatch", "Diese Session-ID ist an eine andere IP gebunden.<br>Klicken Sie <a href=\"" . build_link("login.php?source=" . $path) . "\">hier</a> um sich einzuloggen.");
}
// check session timeout
if ($a_session['onlinetime'] < time() - $config['session_timeout']) {
// timed out
thwb_query("DELETE FROM " . $pref . "online WHERE sessionid='" . addslashes($s) . "'");
message("Timeout", "Sie wurden automatisch ausgeloggt, weil Ihre Session-ID abgelaufen ist. <br>Bitte <a href=\"" . build_link("login.php?source=" . $path) . "\">loggen</a> Sie sich neu ein.");
}
}
// everything is ok
$g_user['have_cookie'] = $have_sid_cookie;
return $a_session['userpassword'] . $a_session['userid'];
} else {
// fall through
return "guest";
}
}
}
function update_session()
{
global $_db_table_config, $badgerDb;
$sess = $_COOKIE['badger_sess'];
$sql = "select logout from {$_db_table_config} where sid = '{$sess}'";
$res = query($sql);
//modified by badger
//$row = mysql_fetch_array($res);
$res->fetchInto($row, DB_FETCHMODE_ASSOC);
if ($row['logout'] != 1) {
$sql = "update {$_db_table_config} set last = NOW() where sid = '{$sess}'";
query($sql);
if ($badgerDb->affectedRows() < 0) {
return new_session();
} else {
return $sess;
}
} else {
return new_session();
}
}
<?php
include "connect.php";
include "private/create_session.php";
//Starting a session, if session is set, so redirect user
session_start();
if (isset($_SESSION['username']) && isset($_SESSION['mysession']) && isset($_SESSION['is_admin'])) {
header("Location: welcome.php");
//redirect to login page to secure the welcome page without login access.
}
// take the variables
if (isset($_POST['username']) && isset($_POST['password']) && isset($_POST['email'])) {
// $username = strip_tags( trim( $_POST['username'] ) );
$username = mysql_real_escape_string($_POST['username']);
$password = mysql_real_escape_string($_POST['password']);
$email = mysql_real_escape_string($_POST['email']);
$mysession = new_session($username, $password);
$sql = "INSERT INTO users " . "(email, username, password, mysession, is_admin) " . "VALUES " . "('{$email}', '{$username}', '{$password}', '{$mysession}', '0')";
if (@mysql_query($sql)) {
$_SESSION['username'] = $username;
$_SESSION['mysession'] = $mysession;
$_SESSION['password'] = $password;
$_SESSION['is_admin'] = $is_admin;
setcookie("CTF_Session", $row['mysession'], time() + 86400 * 30, '/', null, null, true);
header('Location: welcome.php');
} else {
echo 'username or email exist... sorry!';
foreach ($_COOKIE as $key => $value) {
setcookie($key, $value, $past, '/');
}
}
}
