[ PHPXref.com ] [ Generated: Sun Jul 20 18:52:10 2008 ] [ MuCMS 1.21 ]
[ Index ]     [ Variables ]     [ Functions ]     [ Classes ]     [ Constants ]     [ Statistics ]

title

Body

[close]

/admin/ -> login.php (source)

   1  <?php
   2  /*

   3  *    Copyright (C) 2006  Matthew Craig

   4  *    

   5  *    This program is free software; you can redistribute it and/or

   6  *    modify it under the terms of the GNU General Public License

   7  *    as published by the Free Software Foundation; either version 2

   8  *    of the License, or (at your option) any later version.

   9  *    

  10  *    This program is distributed in the hope that it will be useful,

  11  *    but WITHOUT ANY WARRANTY; without even the implied warranty of

  12  *    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

  13  *    GNU General Public License for more details.

  14  *    

  15  *    You should have received a copy of the GNU General Public License

  16  *    along with this program; if not, write to the Free Software

  17  *    Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.

  18  *    

  19  *    Matthew Craig

  20  *    2501 Riverside Dr Apt 309

  21  *    Coral Springs, FL 33065

  22  *    matt@taggedzi.com

  23  */
  24  
  25      /*

  26      *

  27      *

  28      *    Filename:         login.php

  29      *    Date:         03 April 2006

  30      *    Written by:    Matthew Craig

  31      *    Copyright:     (c) Copyright 2006 Matthew Craig.  All rights Reserved.

  32      *    Description:     This is the login page for MuCMS.

  33      *

  34      *    dependencies:    This is dependent on

  35      *                - class.data.php        : The data class object

  36      *                - cleaner.php        : Sterilizes the input string from the user

  37      *                - makeHTML.php    : Create the actual page output

  38      *                - silver. php         : the Password MD5

  39      *                - silverload.php        : the password log for locking the site, and tracking usage.

  40      *                - class.phpmailer.php : this is an externally generated php class (not created by Matthew Craig) for performing mail through php.  It is used here for smtp mail, so that a server running MuCMS does not have to have a mail binary connected to php.

  41      *    

  42      */
  43  
  44  // Start Session

  45  session_start();
  46  
  47  include_once ('cleaner.php');
  48  include_once ('class.data.php');
  49  include_once ('makeHTML.php');
  50  
  51  $login = new Admin;
  52  
  53  // If they have been aproved skip all other steps

  54  if ($_SESSION['aproval']== 'authorized' ) {
  55      $content = '<table width="50%">
  56                      <tr>
  57                          <td>
  58                              <p>You are already logged in. Please <a href="index.php">Click Here</a> to continue.</p>
  59                          </td>
  60                      </tr>
  61                  </table>';
  62      MakeHTML ('Login Succes', $content);
  63      exit;
  64  }
  65  
  66  // this saved the Login Count     : This is a helper function

  67  function SaveCount($num, $offset = 300 , $note) {
  68      if(file_exists('silverload.php')) {
  69          $time = time() + ($offset * 60);
  70          if ($note) {
  71              $sender = '<?php $SilverLoad = ' . $num . '; $SilverPoisen = ' . $time . '; $Notified = True; ?>';
  72          } else {
  73              $sender = '<?php $SilverLoad = ' . $num . '; $SilverPoisen = ' . $time . '; $Notified = False; ?>';
  74          }
  75          $fp = @fopen('silverload.php','wb');
  76          fwrite ($fp, $sender);
  77          fclose($fp);
  78      } else {
  79          $sender = '<?php $SilverLoad=0; $SilverPoisen=0; $Notified = FALSE;  ?>';
  80          $fp = @fopen('silverload.php','wb');
  81          fwrite ($fp, $sender);
  82          fclose($fp);
  83      }    
  84  }
  85  
  86  // Verify that the Password and Lock file exist  - or Lock the site

  87  if(file_exists('silverload.php') && file_exists('silver.php')) {
  88      include_once ('silverload.php');
  89      include_once('silver.php');
  90  } else {
  91          $content = '<table>
  92                      <tr>
  93                          <td>
  94                              <p>If this CMS has already been installed this site\'s administrative controls have been tampered with. This is now locked. Contact your administrator to fix this problem.</p>
  95                              <p>If this site has not been installed <a href="install.php">Click Here</a></p>
  96                          </td>
  97                      </tr>
  98                  </table>';
  99          MakeHTML('UnAuthorized Modification', $content);
 100      exit;
 101  }
 102  
 103  // Check Number of Login Attempts if greater than Max Lock server login functions

 104  if ($SilverLoad > $login->MaxLogin) {
 105      // if the Max Login Attempts have been reached check the time.  If the right time has elapsed release the lock down

 106      if ( time() >= $SilverPoisen) {
 107          // If enough time has passed

 108          $ServerLocked = False;
 109          // Reset the counter

 110          $SilverLoad = 0;
 111          // Save it

 112          SaveCount ($SilverLoad, $login->LockTime, FALSE );
 113      } else {
 114          // If enough time has not passed keep the server locked.

 115          $ServerLocked = True;
 116          if ($login->NotifyAdmin && !$Notified) {
 117          require_once ("class.phpmailer.php");
 118          //require_once('mailconfig.php');

 119          $mail = new PHPMailer();
 120          $mail->From     = $login->from_email;
 121          $mail->FromName = $login->from_name;
 122          $mail->Host     = $login->smtp_host;
 123          $mail->Mailer   = "smtp";    //  '' if using binary mail program, 'smtp' to use smtp service

 124          $mail->SMTPAuth = true;        // if a password is required

 125          $mail->Port     = $login->smtp_port;
 126          $mail->Username = $login->smtp_username;
 127          $mail->Password = $login->smtp_userpass;
 128          $mail->Priority = $login->priority; 
 129          
 130          $mail->Subject     = 'Alert! Potential Website Problems'; 
 131          $body = '<html>
 132              <head></head>
 133              <body>
 134              <table width="640">
 135                  <tr>
 136                      <td>
 137                          <h1><font color="#ff0000">Alert! This is an Automated Alert!</font></h1>
 138                          <p>This is an automated message do not respond to this address</p>
 139                          <p>Your Server at ' . $_SERVER["PHP_SELF"] .  ' is experiencing a potential problem.</p>
 140                          <p>Someone from the IP address of ' . $_SERVER["REMOTE_ADDR"] . ' has attempted to login to your site and failed to use the correct password.</p>
 141                          <p>If you see this message more than once, they have attempted multiple times (5 times per email).</p>
 142                      </td>
 143                  </tr>
 144              </table>
 145              </body>
 146              </html>';
 147          
 148              // Plain text body (for mail clients that cannot read HTML)

 149              $text_body  = "Alert! This is an automated Alert!\n\n";
 150              $text_body .= "This is an automated message do not respond to this address.\n\n";
 151              $text_body .= "Your Server at " . $_SERVER["PHP_SELF"] .  " is experiencing a potential problem. \n";
 152              $text_body .= "Someone from the IP address of " . $_SERVER["REMOTE_ADDR"] . " has attempted to login to your site and failed to use the correct password.\n";
 153              $text_body .= "If you see this message more than once, they have attempted multiple times (5 times per email).";
 154              $mail->Body    = $body;
 155              $mail->AltBody = $text_body;
 156              $mail->AddAddress($login->AdminEmail);
 157              $mail->Send();
 158              // Clear all addresses and attachments for next loop

 159              $mail->ClearAddresses();
 160              $mail->ClearAttachments();
 161              SaveCount ($SilverLoad, $login->LockTime, TRUE );
 162          } else {
 163              // If email is not enabled.... what to do... nothing for now

 164          }
 165      }
 166  
 167  } else {
 168      $ServerLocked = False;
 169  }
 170  
 171  if ($ServerLocked) {
 172      $content = '<table>
 173                      <tr>
 174                          <td>
 175                              <p>Aproximatly ' . round(($SilverPoisen - time()) / 60) . ' Minutes remaining until next avaliable login.</p>
 176                              <p>Your IP address has been logged and the administrator has been notified. ' . $_SERVER["REMOTE_ADDR"] . ':' . $_SERVER["REMOTE_HOST"] . '</p>
 177                          </td>
 178                      </tr>
 179                  </table>';
 180      MakeHTML('Login system Locked', $content);
 181      exit;
 182  }
 183  
 184  if (isset($_POST['minor']) && isset($_POST['password'])) {
 185      // Sterilize data

 186      $password = trim(SemiSterilizeInputString ($_POST['password']));
 187      // Save

 188      SaveCount ( $SilverLoad+1, ($login->LockTime) , FALSE );
 189      // include_once('class.data.php');

 190      if (md5($password) == $silver) {
 191          $_SESSION['aproval'] = 'authorized';
 192          $content = '<table>
 193                      <tr>
 194                          <td>
 195                              <p>There have been ' . $SilverLoad . ' login attempts before success.</p>
 196                              <p>Please <a href="index.php">Click Here</a> to continue.</p>
 197                          </td>
 198                      </tr>
 199                  </table>';
 200          MakeHTML('Login Success', $content);
 201          SaveCount ( 0 , 0 , FALSE);
 202      } else {
 203          $content = '<table>
 204                      <tr>
 205                          <td>
 206                                  <form action="login.php" method="post">
 207                                      <input type="password" name="password" onFocus="this.className=\'Active\'" onBlur="this.className=\'Passive\'" tabindex="1" accesskey="P"/>
 208                                      <input type="submit" value="Login" name="minor" accesskey="S" tabindex="2" />
 209                                  </form>
 210                              <p>Failed Attempts: ' .  $SilverLoad . '</p>
 211                          </td>
 212                      </tr>
 213                  </table>';
 214          MakeHTML('Login Failed', $content);
 215      }
 216  } else {
 217      $content = '<table>
 218                      <tr>
 219                          <td>
 220                                  <form action="login.php" method="post">
 221                                      <input type="password" name="password" onFocus="this.className=\'Active\'" onBlur="this.className=\'Passive\'" tabindex="1" accesskey="P" />
 222                                      <input type="submit" value="Login" name="minor" accesskey="S" tabindex="2" />
 223                                  </form>
 224                          </td>
 225                      </tr>
 226                  </table>';
 227          MakeHTML('Login', $content);
 228  }
 229  
 230  ?>


[ Powered by PHPXref - Served by Debian GNU/Linux ]