ISPConfig3 devel
blame | history | patch | commit | commitdiff | show whitespace
tbrehm
2012-01-27 b0711a41c9cd3628507c424aba889d94b0c2cef2 
 interface/web/login/index.php


@@ -60,7 +60,7 @@


      if(count($_POST) > 0) {


         


         //** Check variables


         if(!preg_match("/^[\w\.\-\_]{1,64}$/", $_POST['username'])) $error = $app->lng('user_regex_error');


         if(!preg_match("/^[\w\.\-\_\@]{1,128}$/", $_POST['username'])) $error = $app->lng('user_regex_error');


         if(!preg_match("/^.{1,64}$/i", $_POST['passwort'])) $error = $app->lng('pw_error_length');


         


           //** iporting variables


@@ -111,11 +111,38 @@


                    $sql = "SELECT * FROM sys_user WHERE USERNAME = '$username' and PASSWORT = '". $passwort. "'";


                  $user = $app->db->queryOneRecord($sql);


               } else {


                  if(stristr($username,'@')) {


                     //* mailuser login


                     $sql = "SELECT * FROM mail_user WHERE login = '$username'";


                     $mailuser = $app->db->queryOneRecord($sql);


                     $user = false;


                     if($mailuser) {


                        $saved_password = stripslashes($mailuser['password']);


                        $salt = '$1$'.substr($saved_password,3,8).'$';


                        //* Check if mailuser password is correct


                        if(crypt(stripslashes($passwort),$salt) == $saved_password) {


                           //* we build a fake user here which has access to the mailuser module only and userid 0


                           $user = array();


                           $user['userid'] = 0;


                           $user['active'] = 1;


                           $user['startmodule'] = 'mailuser';


                           $user['modules'] = 'mailuser';


                           $user['typ'] = 'user';


                           $user['email'] = $mailuser['email'];


                           $user['username'] = $username;


                           $user['language'] = $conf['language'];


                           $user['theme'] = $conf['theme'];


                           $user['mailuser_id'] = $mailuser['mailuser_id'];


                           $user['default_group'] = $mailuser['sys_groupid'];


                        }


                     }


							


                  } else {


                     //* normal cp user login


                    $sql = "SELECT * FROM sys_user WHERE USERNAME = '$username'";


                  $user = $app->db->queryOneRecord($sql);




                  if($user) {


							


                     $saved_password = stripslashes($user['passwort']);


                     


                     if(substr($saved_password,0,3) == '$1$') {


@@ -136,6 +163,7 @@


                     $user = false;


                  }


               }


               }


                  


                  if($user) {


                      if($user['active'] == 1) {


@@ -143,6 +171,7 @@


                         $sql = "DELETE FROM `attempts_login` WHERE `ip`='{$ip}'";


                         $app->db->query($sql);


                         $user = $app->db->toLower($user);


							


                     if ($loginAs) $oldSession = $_SESSION['s'];


                          $_SESSION = array();


                     if ($loginAs) $_SESSION['s_old'] = $oldSession; // keep the way back!