}
if (!hook("replaceauth")) {
# First check that this IP address has not been locked out due to excessive attempts.
$ip = get_ip();
$lockouts = sql_value("select count(*) value from ip_lockout where ip='" . escape_check($ip) . "' and tries>='" . $max_login_attempts_per_ip . "' and date_add(last_try,interval " . $max_login_attempts_wait_minutes . " minute)>now()", 0);
$username = trim(getvalescaped("username", ""));
if ($case_insensitive_username) {
$username = sql_value("select username value from user where lower(username)=lower('" . $username . "')", $username);
}
# Also check that the username provided has not been locked out due to excessive login attempts.
$ulockouts = sql_value("select count(*) value from user where username='******' and login_tries>='" . $max_login_attempts_per_username . "' and date_add(login_last_try,interval " . $max_login_attempts_wait_minutes . " minute)>now()", 0);
if ($lockouts > 0 || $ulockouts > 0) {
$error = str_replace("?", $max_login_attempts_wait_minutes, $lang["max_login_attempts_exceeded"]);
} elseif (array_key_exists("username", $_POST) && getval("langupdate", "") == "") {
$password = trim(getvalescaped("password", ""));
$result = perform_login();
if ($result['valid']) {
$expires = 0;
if (getval("remember", "") != "") {
$expires = 100;
}
# remember login for 100 days
# Store language cookie
rs_setcookie("language", $language, 1000);
# Only used if not global cookies
rs_setcookie("language", $language, 1000, $baseurl_short . "pages/");
# Set the session cookie.
rs_setcookie("user", "", 0);
# Set user cookie, setting secure only flag if a HTTPS site, and also setting the HTTPOnly flag so this cookie cannot be probed by scripts (mitigating potential XSS vuln.)
rs_setcookie("user", $result['session_hash'], $expires, "", "", substr($baseurl, 0, 5) == "https", true);
# Set default resource types
echo "<p class=\"success\">" . get_opendb_lang_var('new_passwd_sent') . "</p>";
}
}
// no point if site disabled, email is not available
if (is_site_enabled() && is_valid_opendb_mailer() && get_opendb_config_var('email', 'send_to_site_admin') !== FALSE) {
$footer_links_r[] = array(text => get_opendb_lang_var('email_administrator'), target => "popup(640,480)", url => "email.php?op=send_to_site_admin&inc_menu=N&subject=" . get_opendb_lang_var('lost_password'));
}
echo format_footer_links($footer_links_r);
} else {
opendb_redirect('welcome.php');
return;
}
} else {
//if($HTTP_VARS['op'] == 'login')
if (strlen($HTTP_VARS['uid']) > 0 && strlen($HTTP_VARS['passwd']) > 0) {
$result = perform_login($HTTP_VARS);
if ($result === TRUE) {
if (strlen($HTTP_VARS['redirect']) > 0) {
// User tried to get in with an invalid session.
// We've just given her a valid one, so log it
// appropriately and send a redirect to where she
// really wanted to go.
opendb_redirect(urldecode($HTTP_VARS['redirect']));
return;
} else {
opendb_redirect('welcome.php');
return;
}
} else {
if ($result === "SITE_IS_DISABLED") {
opendb_site_disabled(get_opendb_config_var('login', 'show_menu') !== FALSE);
}
exit(0);
}
// General curl settings
$ch = curl_init();
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.6) Gecko/20070725 Firefox/2.0.0.6");
curl_setopt($ch, CURLOPT_TIMEOUT, 60);
curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 60);
curl_setopt($ch, CURLOPT_COOKIEFILE, $cookie);
curl_setopt($ch, CURLOPT_COOKIEJAR, $cookie);
if (!empty($settings['url_login'])) {
$time_login = perform_login();
echo "login.value {$time_login}\n";
}
foreach ($settings['test_pages'] as $label => $value) {
$page_time = perform_get_page($value);
echo "{$label}.value {$page_time}\n";
}
curl_close($ch);
function perform_get_page($url)
{
global $ch;
global $settings;
global $debug;
$options['url'] = $url;
if ($debug) {
print 'Getting: ' . $options['url'] . PHP_EOL;
