Location: PHPKode > projects > Basic Announce > Basic Announce Version 4.0/check_login.php
<?php
################################################################################
##              -= YOU MAY NOT REMOVE OR CHANGE THIS NOTICE =-                 #
## --------------------------------------------------------------------------- #
##  ApPHP AdminPanel Pro                                                       #
##  Developed by:  ApPHP <hide@address.com>                                      #
##  License:       GNU LGPL v.3                                                #
##  Site:          http://www.apphp.com/php-adminpanel/                        #
##  Copyright:     ApPHP AdminPanel (c) 2006-2011. All rights reserved.        #
##                                                                             #
################################################################################

	// Initialize the session.
	session_start();

    require_once("inc/config.inc.php");
    require_once("inc/settings.inc.php");
	require_once("inc/functions.inc.php");
	
	require_once("inc/classes/session.class.php");
	$objSession = new SecureSession();
	
	$log 					  = (isset($_REQUEST['log'])) ? "?log=out" : "?log=none" ;
    $login_type 			  = isset($_POST['login_type']) ? remove_bad_chars($_POST['login_type']) : "";
	$ses_logins_attempts      = isset($_SESSION['logins_attempts']) ? (int)$_SESSION['logins_attempts'] : "0";
	$ses_logins_attempts_time = isset($_SESSION['logins_attempts_time']) ? $_SESSION['logins_attempts_time'] : "";
	$ses_logins_timeout       = isset($SETTINGS['excessive_logins_timeout']) ? (int)$SETTINGS['excessive_logins_timeout'] : "";
	$timeout_diff 		      = floor(time_diff(date("Y-m-d H:i:s"), $ses_logins_attempts_time) / 60);
	$msg = "1";    
    
	if($db->IsConnected())
	{
		$name_ 	     = isset($_POST['rt_admin_username']) ? prepare_input($_POST['rt_admin_username']) : "";
		$password_   = isset($_POST['rt_admin_password']) ? prepare_input($_POST['rt_admin_password']) : "";
		$remember_   = isset($_POST['st_remember']) ? remove_bad_chars($_POST['st_remember']) : "";
        $table       = "";
		$table_field = "";
		
		if($login_type == "admin"){
			$table = TABLE_ADMINS;
			$table_field = "admin_id";
			$logins_attempts = (int)$SETTINGS['admin_excessive_logins'];
		}else if(($login_type == "user") && module_istalled('users')){
			$table = TABLE_USERS;
			$table_field = "user_id";
			$logins_attempts = (int)$SETTINGS['user_excessive_logins'];			
		}

		$name_ = strip_quotes(remove_bad_chars($name_));
		$password_ = strip_quotes(remove_bad_chars($password_));

		if($SETTINGS['passwords_encryption']){
			if($SETTINGS['passwords_encryption_type'] == "AES"){
				$password = "AES_ENCRYPT('".$password_."', '".$SETTINGS['passwords_encrypt_key']."')";				
			}else{
				$password = "MD5('".$password_."')";
			}
		}else{
			$password = "'".$password_."'";
		}			

		$sql="SELECT * FROM ".$table." WHERE is_active = 1 and username = '".$name_."' AND password = ".$password."";			
		@$db->Query($sql);
	
		if($ses_logins_attempts >= $logins_attempts){
			if($ses_logins_timeout > $timeout_diff){
				$msg = "2";	
			}else{
				$_SESSION['logins_attempts'] = "0";
				$_SESSION['logins_attempts_time'] = "";
			}
		}
		
		if($msg == "1"){
			if($row = @$db->FetchAssoc()){						
				$objSession->SetFingerPrint();
				$_SESSION['adm_logged'] = true;
	
				$_SESSION['adm_user_id']  = $row['id'];
				$_SESSION['adm_username'] = ($row['last_name'] != "") ? $row['first_name']." ".$row['last_name'] : "";
				$_SESSION['adm_email']    = $row['email'];
				$_SESSION['adm_status']   = $row['status'];
				$_SESSION['last_login']   = $row['last_login'];
				$_SESSION['logins_count'] = $row['logins_count']+1;
				$_SESSION['menu_access_list'] = array();
				$_SESSION['logins_attempts'] = "0";
				$_SESSION['logins_attempts_time'] = "";
				$_SESSION['preferred_language'] = $row['preferred_language'];
	
				// save current login datetime
				$sql="UPDATE ".$table."
					  SET
						last_login = '".date("Y-m-d H:i:s")."',
						logins_count = logins_count + 1,
						logins_attempts = 0
					  WHERE id = ".(int)$row['id'];			
				$db->Exec($sql);
				
				// set access page control
				if($_SESSION['adm_status'] == "admin" ||
				   $_SESSION['adm_status'] == "user" ||
				   $_SESSION['adm_status'] == "privileged user")
				{
					$sql =  "SELECT ".TABLE_MENU.".*
							FROM ".TABLE_MENU."
								INNER JOIN ".TABLE_MENU_ACCESS_RIGHTS." ON ".TABLE_MENU.".id = ".TABLE_MENU_ACCESS_RIGHTS.".menu_id
								INNER JOIN ".$table." ON ".TABLE_MENU_ACCESS_RIGHTS.".".$table_field." = ".$table.".id    
							WHERE
								".TABLE_MENU.".is_menu_group = 0 AND
								".TABLE_MENU.".is_hidden = 0 AND                        
								".TABLE_MENU.".is_menu_item = 1 AND
								".TABLE_MENU_ACCESS_RIGHTS.".is_accessible = 1 AND
								".(($_SESSION['adm_status'] == "admin") ? $table.".status = 'admin' AND" : "")." 
								".$table.".id = ".(int)$_SESSION['adm_user_id']."
							ORDER BY ".TABLE_MENU.".order_index ASC";
					$db->Query($sql);
					$_SESSION['menu_access_list']["static_pages.php"] = "";
					$_SESSION['menu_access_list']["dynamic_pages.php"] = "";
					while($row = $db->FetchAssoc()){
						if($row['file_type_id'] == "1"){
							// static pages to view
							$_SESSION['menu_access_list']["static_pages.php"] .= "-".$row['id'];
						}else if($row['file_type_id'] == "2"){
							// dynamic pages to view
							$_SESSION['menu_access_list']["dynamic_pages.php"] .= "-".$row['page_name'];							
						}else{
							// add additional page to view
							$_SESSION['menu_access_list'][$row['page_name']] = $row['id'];
						}
					}
				}
				
				// save remember me info
				if($SETTINGS['allow_remember_me']){
					$cookie_lifetime = 3600*24*10;
					$cookie_expiredtime = -3600*24*2;
					if($remember_){
						setcookie("rem_name", base64_encode($name_), time()+$cookie_lifetime);
						setcookie("rem_password", base64_encode($password_), time()+$cookie_lifetime);
						setcookie("rem_user_type", base64_encode($login_type), time()+$cookie_lifetime);
					}else{
						setcookie("rem_name", "", time()-$cookie_expiredtime);
						setcookie("rem_password", "", time()-$cookie_expiredtime);
						setcookie("rem_user_type", "", time()-$cookie_expiredtime);
					}
				}
				
				echo "<script type='text/javascript'>top.location.href='index.php'</script>";
				exit;                            			
			}else{
				// update logins attempts 
				$sql="UPDATE ".$table." SET logins_attempts = logins_attempts + 1 WHERE username = '".$name_."'";
				if(!isset($_SESSION['logins_attempts'])){
					$_SESSION['logins_attempts'] = "1";
				}else{
					$_SESSION['logins_attempts']++;
	
					// add to system logs
					// ------------------
					if($_SESSION['logins_attempts'] == $logins_attempts){
						$ip_address = get_ip_address();
						
						$log_text  = "Username: ".$name_."<br>";
						$log_text .= "IP: ".$ip_address."<br>";
						$log_text .= "TIME: ".date("M d, Y g:i A")."<br>";
						$log_text .= "Attempts #".$_SESSION['logins_attempts'];
						
						// update logins attempts 
						$sql_login="INSERT INTO ".TABLE_SYSTEM_LOGS." (id, log_type, title, file_name, log, ip_address, date_created)
							        VALUES (NULL, 'Warning', 'Failed login attempt (".$login_type.")', '', '".$log_text."', '".$ip_address."', '".date("Y-m-d H:i:s")."')";
						$db->Exec($sql_login);
					}
				}
				$_SESSION['logins_attempts_time'] = date("Y-m-d H:i:s");
				$db->Exec($sql);
				
				$_SESSION['adm_logged']   = false;
				$_SESSION['adm_user_id']  = "";
				$_SESSION['adm_username'] = "";
				$_SESSION['adm_email']    = "";
				$_SESSION['adm_status']   = "";
				$_SESSION['last_login']   = "";
				$_SESSION['logins_count'] = "";
				$_SESSION['menu_access_list'] = array();
				$_SESSION['preferred_language'] = "";
			}
		}
	}

    header("location: login.php".$log."&msg=".$msg."&login_type=".$login_type);
    exit;

?>
100% Free PHP Newsletter Script! Download now!
Return current item: Basic Announce