[geeklog-cvs] Geeklog-1.x/public_html/admin auth.inc.php, 1.36, 1.37
Dirk Haun
dhaun at qs1489.pair.com
Sun Mar 9 12:21:20 EDT 2008
Update of /cvsroot/geeklog/Geeklog-1.x/public_html/admin
In directory qs1489.pair.com:/tmp/cvs-serv11798
Modified Files:
auth.inc.php
Log Message:
Check if local login is enabled before attempting to authenticate user; added missing login speedlimit
Index: auth.inc.php
===================================================================
RCS file: /cvsroot/geeklog/Geeklog-1.x/public_html/admin/auth.inc.php,v
retrieving revision 1.36
retrieving revision 1.37
diff -C2 -d -r1.36 -r1.37
*** auth.inc.php 17 Feb 2008 18:32:35 -0000 1.36
--- auth.inc.php 9 Mar 2008 16:21:18 -0000 1.37
***************
*** 35,48 ****
// this file can't be used on its own
! if (strpos ($_SERVER['PHP_SELF'], 'auth.inc.php') !== false)
! {
! die ('This file can not be used on its own.');
}
// MAIN
$uid = '';
! if (!empty ($_POST['loginname']) && !empty ($_POST['passwd'])) {
! $status = SEC_authenticate (COM_applyFilter ($_POST['loginname']),
! $_POST['passwd'], $uid);
} else {
$status = '';
--- 35,56 ----
// this file can't be used on its own
! if (strpos($_SERVER['PHP_SELF'], 'auth.inc.php') !== false) {
! die('This file can not be used on its own.');
}
// MAIN
+ COM_clearSpeedlimit($_CONF['login_speedlimit'], 'login');
+ if (COM_checkSpeedlimit('login', $_CONF['login_attempts']) > 0) {
+ COM_displayMessageAndAbort($LANG04[112], '', 403, 'Access denied');
+ }
+
$uid = '';
! if (!empty($_POST['loginname']) && !empty($_POST['passwd'])) {
! if ($_CONF['user_login_method']['standard'])
! $status = SEC_authenticate(COM_applyFilter($_POST['loginname']),
! $_POST['passwd'], $uid);
! } else {
! $status = '';
! }
} else {
$status = '';
***************
*** 51,66 ****
if ($status == USER_ACCOUNT_ACTIVE) {
! DB_change($_TABLES['users'],'pwrequestid',"NULL",'uid',$uid);
! $_USER = SESS_getUserDataFromId ($uid);
! $sessid = SESS_newSession ($_USER['uid'], $_SERVER['REMOTE_ADDR'],
$_CONF['session_cookie_timeout'], $_CONF['cookie_ip']);
! SESS_setSessionCookie ($sessid, $_CONF['session_cookie_timeout'],
$_CONF['cookie_session'], $_CONF['cookie_path'],
$_CONF['cookiedomain'], $_CONF['cookiesecure']);
! PLG_loginUser ($_USER['uid']);
// Now that we handled session cookies, handle longterm cookie
! if (!isset ($_COOKIE[$_CONF['cookie_name']])) {
// Either their cookie expired or they are new
--- 59,74 ----
if ($status == USER_ACCOUNT_ACTIVE) {
! DB_change($_TABLES['users'], 'pwrequestid', "NULL", 'uid', $uid);
! $_USER = SESS_getUserDataFromId($uid);
! $sessid = SESS_newSession($_USER['uid'], $_SERVER['REMOTE_ADDR'],
$_CONF['session_cookie_timeout'], $_CONF['cookie_ip']);
! SESS_setSessionCookie($sessid, $_CONF['session_cookie_timeout'],
$_CONF['cookie_session'], $_CONF['cookie_path'],
$_CONF['cookiedomain'], $_CONF['cookiesecure']);
! PLG_loginUser($_USER['uid']);
// Now that we handled session cookies, handle longterm cookie
! if (!isset($_COOKIE[$_CONF['cookie_name']])) {
// Either their cookie expired or they are new
***************
*** 72,78 ****
// They want their cookie to persist for some amount of time so set it now
! setcookie ($_CONF['cookie_name'], $_USER['uid'],
! time() + $cooktime, $_CONF['cookie_path'],
! $_CONF['cookiedomain'], $_CONF['cookiesecure']);
}
}
--- 80,86 ----
// They want their cookie to persist for some amount of time so set it now
! setcookie($_CONF['cookie_name'], $_USER['uid'],
! time() + $cooktime, $_CONF['cookie_path'],
! $_CONF['cookiedomain'], $_CONF['cookiesecure']);
}
}
***************
*** 84,117 ****
echo $display;
exit;
! } else if (!SEC_hasRights('story.edit,block.edit,topic.edit,user.edit,plugin.edit,user.mail,syndication.edit','OR') && (count (PLG_getAdminOptions()) == 0)) {
! $display .= COM_siteHeader();
! $display .= COM_startBlock($LANG20[01]);
! if (!empty($warn)) {
! $display .= $LANG20[02]
! .'<br' . XHTML . '><br' . XHTML . '>'
! .COM_accessLog($LANG20[03] . ' ' . $_POST['loginname']);
}
! $display .= '<form action="' . $_SERVER['PHP_SELF']
! . '" method="post">'
! .'<table cellspacing="0" cellpadding="0" border="0" width="100%">'.LB
! .'<tr><td align="right">'.$LANG20[04].' </td>'.LB
! .'<td><input type="text" name="loginname" size="16" maxlength="16"' . XHTML . '></td>'.LB
! .'</tr>'.LB
! .'<tr>'.LB
! .'<td align="right">'.$LANG20[05].' </td>'.LB
! .'<td><input type="password" name="passwd" size="16" maxlength="16"' . XHTML . '></td>'
! .'</tr>'.LB
! .'<tr>'.LB
! .'<td colspan="2" align="center" class="warning">'.$LANG20[06].'<input type="hidden" name="warn" value="1"' . XHTML . '>'
! .'<br' . XHTML . '><input type="submit" name="mode" value="'.$LANG20[07].'"' . XHTML . '></td>'.LB
! .'</tr>'.LB
! .'</table></form>'
! .COM_endBlock()
! .COM_siteFooter();
! echo $display;
! exit;
}
--- 92,131 ----
echo $display;
exit;
! } else if (!SEC_hasRights('story.edit,block.edit,topic.edit,user.edit,plugin.edit,user.mail,syndication.edit','OR') && (count(PLG_getAdminOptions()) == 0)) {
! COM_updateSpeedlimit('login');
! $display .= COM_siteHeader('menu');
! $display .= COM_startBlock($LANG20[1]);
! if (!$_CONF['user_login_method']['standard']) {
! $display .= '<p>' . $LANG_LOGIN[2] . '</p>';
! } else {
!
! if (!empty($warn)) {
! $display .= $LANG20[2]
! . '<br' . XHTML . '><br' . XHTML . '>'
! . COM_accessLog($LANG20[3] . ' ' . $_POST['loginname']);
! }
!
! $display .= '<form action="' . $_SERVER['PHP_SELF'] . '" method="post">'
! .'<table cellspacing="0" cellpadding="0" border="0" width="100%">'.LB
! .'<tr><td align="right">'.$LANG20[4].' </td>'.LB
! .'<td><input type="text" name="loginname" size="16" maxlength="16"' . XHTML . '></td>'.LB
! .'</tr>'.LB
! .'<tr>'.LB
! .'<td align="right">'.$LANG20[5].' </td>'.LB
! .'<td><input type="password" name="passwd" size="16" maxlength="16"' . XHTML . '></td>'
! .'</tr>'.LB
! .'<tr>'.LB
! .'<td colspan="2" align="center" class="warning">'.$LANG20[6].'<input type="hidden" name="warn" value="1"' . XHTML . '>'
! .'<br' . XHTML . '><input type="submit" name="mode" value="'.$LANG20[7].'"' . XHTML . '></td>'.LB
! .'</tr>'.LB
! .'</table></form>';
}
! $display .= COM_endBlock()
! . COM_siteFooter();
! echo $display;
! exit;
}
More information about the geeklog-cvs
mailing list