ISPConfig3 devel
blame | history | patch | commit | commitdiff | ignore whitespace
bpssoft
2007-11-09 3eeed9bdef1040d4f1f9343201cd8b30e21d273c 
 interface/web/login/index.php


@@ -32,80 +32,110 @@




class login_index {




public $status = '';


private $target = '';




public function render() {


   public $status = '';


   private $target = '';


   private $app;


   private $conf;


   


   if(isset($_SESSION['s']['user']) && is_array($_SESSION['s']['user']) && is_array($_SESSION['s']['module'])) {


      die('HEADER_REDIRECT:'.$_SESSION['s']['module']['startpage']);


   public function __construct()


   {


      global $app, $conf;


      $this->app  = $app;


      $this->conf = $conf;


   }


   


   global $app, $conf;


   $app->uses('tpl');


   $app->tpl->newTemplate('form.tpl.htm');


    


    $error = '';    






   //* Login Form was send


   if(count($_POST) > 0) {




        // iporting variables


        $username = $app->db->quote($_POST['username']);


        $passwort = $app->db->quote($_POST['passwort']);




        if($username != '' and $passwort != '') {


                $sql = "SELECT * FROM sys_user WHERE USERNAME = '$username' and ( PASSWORT = '".md5($passwort)."' or PASSWORT = password('$passwort') )";


                $user = $app->db->queryOneRecord($sql);


                  if($user) {


                        if($user['active'] == 1) {


                                $user = $app->db->toLower($user);


                                $_SESSION = array();


                                $_SESSION['s']['user'] = $user;


                                $_SESSION['s']['user']['theme'] = isset($user['app_theme']) ? $user['app_theme'] : 'default';


                                $_SESSION['s']['language'] = $user['language'];


                        $_SESSION["s"]['theme'] = $_SESSION['s']['user']['theme'];


								


                        if(is_file($_SESSION['s']['user']['startmodule'].'/lib/module.conf.php')) {


                           include_once($_SESSION['s']['user']['startmodule'].'/lib/module.conf.php');


                           $_SESSION['s']['module'] = $module;


                        }


                        echo 'HEADER_REDIRECT:'.$_SESSION['s']['module']['startpage'];


								


                                exit;


                        } else {


                                $error = $app->lng(1003);


                        }


                } else {


                        //* Incorrect login - Username and password incorrect


                        $error = $app->lng(1002);


                        if($app->db->errorMessage != '') $error .= '<br>'.$app->db->errorMessage != '';


                }


        } else {


                //* Username or password empty


                $error = $app->lng(1001);


        }


   }


   if($error != ''){


        $error = '<table class="error">


      <tr>


      <td><strong>Error:</strong><br>'.$error.'</td>


      </tr>


      </table>';


   }








   $app->tpl->setVar('error', $error);


   $app->tpl->setInclude('content_tpl','login/templates/index.htm');


   $app->tpl_defaults();


   public function render() {


		


      if(isset($_SESSION['s']['user']) && is_array($_SESSION['s']['user']) && is_array($_SESSION['s']['module'])) {


         die('HEADER_REDIRECT:'.$_SESSION['s']['module']['startpage']);


      }


		


      $this->app->uses('tpl');


      $this->app->tpl->newTemplate('form.tpl.htm');


	    


       $error = '';    


   


   $this->status = 'OK';


   


   return $app->tpl->grab();


      //* Login Form was send


      if(count($_POST) > 0) {


   


} // << end function


           // iporting variables


           $ip      = $this->app->db->quote(ip2long($_SERVER['REMOTE_ADDR']));


           $username = $this->app->db->quote($_POST['username']);


           $passwort = $this->app->db->quote($_POST['passwort']); 


	


           if($username != '' and $passwort != '') {


              //* Check if there already wrong logins


              $sql = "SELECT * FROM `attempts_login` WHERE `ip`= '{$ip}' AND  `login_time` < NOW() + INTERVAL 15 MINUTE LIMIT 1";


              $alreadyfailed = $this->app->db->queryOneRecord($sql);


              //* login to much wrong


              if($alreadyfailed['times'] > 5) {


                 $error = $this->app->lng(1004);


              } else {


                 $sql = "SELECT * FROM sys_user WHERE USERNAME = '$username' and ( PASSWORT = '".md5($passwort)."' or PASSWORT = password('$passwort') )";


                  $user = $this->app->db->queryOneRecord($sql);


                  if($user) {


                      if($user['active'] == 1) {


                         // User login right, so attempts can be deleted


                         $sql = "DELETE FROM `attempts_login` WHERE `ip`='{$ip}'";


                         $this->app->db->query($sql);


                         $user = $this->app->db->toLower($user);


                          $_SESSION = array();


                          $_SESSION['s']['user'] = $user;


                          $_SESSION['s']['user']['theme'] = isset($user['app_theme']) ? $user['app_theme'] : 'default';


                          $_SESSION['s']['language'] = $user['language'];


                     $_SESSION["s"]['theme'] = $_SESSION['s']['user']['theme'];


										


                     if(is_file($_SESSION['s']['user']['startmodule'].'/lib/module.conf.php')) {


                        include_once($_SESSION['s']['user']['startmodule'].'/lib/module.conf.php');


                        $_SESSION['s']['module'] = $module;


                     }


                     echo 'HEADER_REDIRECT:'.$_SESSION['s']['module']['startpage'];


										


                            exit;


                      } else {


                         $error = $this->app->lng(1003);


                      }


                 } else {


                    if(!$alreadyfailed['times'] )


                    {


                       //* user login the first time wrong


                       $sql = "INSERT INTO `attempts_login` (`ip`, `times`, `login_time`) VALUES ('{$ip}', 1, NOW())";


                       $this->app->db->query($sql);


                    } elseif($alreadyfailed['times'] >= 1) {


                       //* update times wrong


                       $sql = "UPDATE `attempts_login` SET `times`=`times`+1, `login_time`=NOW() WHERE `login_time` >= '{$time}' LIMIT 1";


                       $this->app->db->query($sql);


                    }


                     //* Incorrect login - Username and password incorrect


                      $error = $this->app->lng(1002);


                      if($this->app->db->errorMessage != '') $error .= '<br />'.$this->app->db->errorMessage != '';


                    }


              }


            } else {


                //* Username or password empty


               $error = $this->app->lng(1001);


           }


      }


      if($error != ''){


           $error = '<table class="error">


         <tr>


         <td><strong>Error:</strong><br>'.$error.'</td>


         </tr>


         </table>';


      }


	


	


	


      $this->app->tpl->setVar('error', $error);


      $this->app->tpl->setInclude('content_tpl','login/templates/index.htm');


      $this->app->tpl_defaults();


		


      $this->status = 'OK';


		


      return $this->app->tpl->grab();


		


   } // << end function




} // << end class