<?php
/**********************************************************
* ______ ______ ___ _______ ___ ___ _______ *
* | _ \ | _ \ | | | _ || Y || _ | *
* |. | \|. | \|. | |. 1___||. || 1___| *
* |. | |. | |. |___ |. |___ |. \_/ ||____ | *
* |: 1 |: 1 |: 1 ||: 1 ||: | ||: 1 | *
* |::.. . /|::.. . /|::.. . ||::.. . ||::.|:. ||::.. . | *
* `------' `------' `-------'`-------'`--- ---'`-------' *
* _______ _______ *
* .--.--. | _ | | | *
* | | | |___| | __ |___| | *
* \___/ _(__ | |__| / ___/ *
* |: 1 | |: 1 \ *
* |::.. . | |::.. . | *
* `-------' `-------' *
* *
* Script: DDLCMS v3.2 *
* Author: Little Dragon *
* Email: hide@address.com *
* Website: http://www.ddlcms.com *
* *
* Please direct bug reports, suggestions or feedback *
* to the DDLCMS forums: *
* *
* http://www.ddlcms.com/forums *
* *
* DDLCMS is a commercial grade content management *
* system for DDL site owners. It is provided free *
* of charge, provided: *
* *
* 1. You keep the linkback to http://www.ddlcms.com *
* in the footer. *
* *
* 2. You keep the sponsored links to Sharingzone.net *
* on your site. *
* *
* By using this script, you agree that you will not *
* modify, remove, or replace any encoded parts of *
* this script. All encoded parts MUST remain intact *
* for your site to remain in good standing. *
* *
**********************************************************/
if(isset($_GET) && is_array($_GET) && count($_GET) == 1 && array_key_exists('logout', $_GET))
{
$_SESSION = NULL;
session_destroy();
header('Location: ' . $site_url . '/admin/');
}
if((!isset($_SESSION) || !is_array($_SESSION) || !array_key_exists('authuser', $_SESSION)) && checkPostForm('adminLogin', $_POST) === TRUE)
{
$username = hash('sha512', $_POST['username']);
$password = hash('sha512', $_POST['password']);
$login = $_POST['login'];
$get = dbcom('SELECT * FROM auth LIMIT 1;');
$bannedIPQuery = dbcom("SELECT id FROM admin_bannedips WHERE ip = '{$_SERVER['REMOTE_ADDR']}' LIMIT 1;");
$bannedIPs = mysql_num_rows($bannedIPQuery);
$row = mysql_fetch_assoc($get);
$adminuser = $row['user'];
$adminpass = $row['pass'];
$locked = $row['locked'];
$failedLoginQuery = dbcom("SELECT TIMESTAMPDIFF(MINUTE, (SELECT loginTime FROM admin_logins WHERE ip = '{$_SERVER['REMOTE_ADDR']}' AND loginType = 0 AND viewed = 0 ORDER BY id DESC LIMIT 4,1), (SELECT loginTime FROM admin_logins WHERE ip = '{$_SERVER['REMOTE_ADDR']}' AND loginType = 0 AND viewed = 0 ORDER BY id DESC LIMIT 1)) AS theDiff, TIMESTAMPDIFF(HOUR, (SELECT loginTime FROM admin_logins WHERE ip = '{$_SERVER['REMOTE_ADDR']}' AND loginType = 0 AND viewed = 0 ORDER BY id DESC LIMIT 1), NOW()) AS theInterval;");
$failedLoginArray = mysql_fetch_assoc($failedLoginQuery);
session_start();
if($_SESSION['authuser'] != $adminuser)
{
if(!$login)
{
loginpage(FALSE);
}
elseif($bannedIPs == 1)
{
loginpage('locked');
}
elseif($failedLoginArray['theDiff'] != NULL && $failedLoginArray['theDiff'] <= 30 && $failedLoginArray['theInterval'] != NULL && $failedLoginArray['theInterval'] < 24)
{
loginpage('lock');
}
elseif(($username != $adminuser) || ($password != $adminpass))
{
loginpage(TRUE);
}
else
{
$_SESSION['authuser'] = $adminuser;
dbcom("INSERT INTO admin_logins VALUES(NULL, '{$_SERVER['REMOTE_ADDR']}', NOW(), 1, 1);");
dbcom("UPDATE auth SET locked = 0 WHERE user = '$adminuser' LIMIT 1;");
header('Location: ' . $_SERVER['REQUEST_URI']);
}
}
}
elseif((!isset($_SESSION) || !is_array($_SESSION) || !array_key_exists('authuser', $_SESSION)) && checkPostForm('adminLogin', $_POST) !== TRUE)
{
# else we enter the restricted area
loginpage(FALSE);
session_destroy();
}
?>