} if (!hook("replaceauth")) { # First check that this IP address has not been locked out due to excessive attempts. $ip = get_ip(); $lockouts = sql_value("select count(*) value from ip_lockout where ip='" . escape_check($ip) . "' and tries>='" . $max_login_attempts_per_ip . "' and date_add(last_try,interval " . $max_login_attempts_wait_minutes . " minute)>now()", 0); $username = trim(getvalescaped("username", "")); if ($case_insensitive_username) { $username = sql_value("select username value from user where lower(username)=lower('" . $username . "')", $username); } # Also check that the username provided has not been locked out due to excessive login attempts. $ulockouts = sql_value("select count(*) value from user where username='******' and login_tries>='" . $max_login_attempts_per_username . "' and date_add(login_last_try,interval " . $max_login_attempts_wait_minutes . " minute)>now()", 0); if ($lockouts > 0 || $ulockouts > 0) { $error = str_replace("?", $max_login_attempts_wait_minutes, $lang["max_login_attempts_exceeded"]); } elseif (array_key_exists("username", $_POST) && getval("langupdate", "") == "") { $password = trim(getvalescaped("password", "")); $result = perform_login(); if ($result['valid']) { $expires = 0; if (getval("remember", "") != "") { $expires = 100; } # remember login for 100 days # Store language cookie rs_setcookie("language", $language, 1000); # Only used if not global cookies rs_setcookie("language", $language, 1000, $baseurl_short . "pages/"); # Set the session cookie. rs_setcookie("user", "", 0); # Set user cookie, setting secure only flag if a HTTPS site, and also setting the HTTPOnly flag so this cookie cannot be probed by scripts (mitigating potential XSS vuln.) rs_setcookie("user", $result['session_hash'], $expires, "", "", substr($baseurl, 0, 5) == "https", true); # Set default resource types
echo "<p class=\"success\">" . get_opendb_lang_var('new_passwd_sent') . "</p>"; } } // no point if site disabled, email is not available if (is_site_enabled() && is_valid_opendb_mailer() && get_opendb_config_var('email', 'send_to_site_admin') !== FALSE) { $footer_links_r[] = array(text => get_opendb_lang_var('email_administrator'), target => "popup(640,480)", url => "email.php?op=send_to_site_admin&inc_menu=N&subject=" . get_opendb_lang_var('lost_password')); } echo format_footer_links($footer_links_r); } else { opendb_redirect('welcome.php'); return; } } else { //if($HTTP_VARS['op'] == 'login') if (strlen($HTTP_VARS['uid']) > 0 && strlen($HTTP_VARS['passwd']) > 0) { $result = perform_login($HTTP_VARS); if ($result === TRUE) { if (strlen($HTTP_VARS['redirect']) > 0) { // User tried to get in with an invalid session. // We've just given her a valid one, so log it // appropriately and send a redirect to where she // really wanted to go. opendb_redirect(urldecode($HTTP_VARS['redirect'])); return; } else { opendb_redirect('welcome.php'); return; } } else { if ($result === "SITE_IS_DISABLED") { opendb_site_disabled(get_opendb_config_var('login', 'show_menu') !== FALSE);
} exit(0); } // General curl settings $ch = curl_init(); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true); curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.6) Gecko/20070725 Firefox/2.0.0.6"); curl_setopt($ch, CURLOPT_TIMEOUT, 60); curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 60); curl_setopt($ch, CURLOPT_COOKIEFILE, $cookie); curl_setopt($ch, CURLOPT_COOKIEJAR, $cookie); if (!empty($settings['url_login'])) { $time_login = perform_login(); echo "login.value {$time_login}\n"; } foreach ($settings['test_pages'] as $label => $value) { $page_time = perform_get_page($value); echo "{$label}.value {$page_time}\n"; } curl_close($ch); function perform_get_page($url) { global $ch; global $settings; global $debug; $options['url'] = $url; if ($debug) { print 'Getting: ' . $options['url'] . PHP_EOL;