ISPConfig3 devel
blame | history | patch | commit | commitdiff | ignore whitespace
tbrehm
2012-06-11 897af06af9522ded99b1e0f46730299e89856ffe 
 interface/web/login/index.php


@@ -68,6 +68,7 @@


           $username = $app->db->quote($_POST['username']);


           $passwort = $app->db->quote($_POST['passwort']);


         $loginAs  = false;


         $time = time();


   


           if($username != '' && $passwort != '' && $error == '') {


            /*


@@ -105,21 +106,27 @@


              if($alreadyfailed['times'] > 5) {


                 $error = $app->lng('error_user_too_many_logins');


              } else {


	        		


               if ($loginAs){


                    $sql = "SELECT * FROM sys_user WHERE USERNAME = '$username' and PASSWORT = '". $passwort. "'";


                  $user = $app->db->queryOneRecord($sql);


               } else {


                    $sql = "SELECT * FROM sys_user WHERE USERNAME = '$username'";


                  $user = $app->db->queryOneRecord($sql);


                  if($user && $user['active'] == 1) {




                  if($user) {


							


                     $saved_password = stripslashes($user['passwort']);


							


                     if(substr($saved_password,0,3) == '$1$') {


                        //* The password is crypt-md5 encrypted


                        $salt = '$1$'.substr($saved_password,3,8).'$';


                        if(crypt($passwort,$salt) != $saved_password) {


								


                        if(crypt(stripslashes($passwort),$salt) != $saved_password) {


                           $user = false;


                        }


                     } else {


								


                        //* The password is md5 encrypted


                        if(md5($passwort) != $saved_password) {


                           $user = false;


@@ -148,7 +155,14 @@


                        include_once($_SESSION['s']['user']['startmodule'].'/lib/module.conf.php');


                        $_SESSION['s']['module'] = $module;


                     }


                     echo 'HEADER_REDIRECT:'.$_SESSION['s']['module']['startpage'];


							


                     $app->plugin->raiseEvent('login',$this);


							


                     /*


                      * We need LOGIN_REDIRECT instead of HEADER_REDIRECT to load the


                      * new theme, if the logged-in user has another


                      */


                     echo 'LOGIN_REDIRECT:'.$_SESSION['s']['module']['startpage'];


                              


                            exit;


                      } else {


@@ -168,11 +182,15 @@


                     //* Incorrect login - Username and password incorrect


                      $error = $app->lng('error_user_password_incorrect');


                      if($app->db->errorMessage != '') $error .= '<br />'.$app->db->errorMessage != '';


						


                  $app->plugin->raiseEvent('login_failed',$this);	


                    }


              }


            } else {


                //* Username or password empty


               if($error == '') $error = $app->lng('error_user_password_empty');


				


            $app->plugin->raiseEvent('login_empty',$this);


           }


      }


      if($error != ''){