Location: PHPKode > projects > DebWeb GUI > debwgui/login.php
<?php
require_once('config.php');
require_once('classes/sentry.php');
$sentry = new Sentry();
if ($_GET['logout']){
        if ($sentry->logout()){
                $loggedout = "- You Are now logged out.";
        }
}
if ($sentry->checkLogin()) {
         header("Location: index.php");
}

// checking for failed tries and blocking if for 10minutes if attempts exceeds 10
if (isset($_SESSION['failedcount']) && isset($_SESSION['failedtime'])) {
    $failedtimeout = time() - 600;
    if ($_SESSION['failedtime'] <= $failedtimeout) {
        unset($_SESSION['failedtime']);
        unset($_SESSION['failedcount']);
    }
    if ($_SESSION['failedcount'] >= 10) {
        die("NO ACCESS");
    }
}

if (!empty($_POST['login'])) {
	if($_SERVER['HTTP_REFERER'] == "http://".$settings['HOSTNAME']."".$_SERVER['PHP_SELF']."" or $_SERVER['HTTP_REFERER'] == "https://".$settings['HOSTNAME']."".$_SERVER['PHP_SELF']."") {
		require_once('classes/validator.php');
		$check = new validator();
	        $check->validateEmpty($_POST['username'], "Username cannot be empty!");
        	$check->validateEmpty($_POST['password'], "Password cannot be empty!");
		$check->validateEmpty($_POST['imgnr'], "Unique number ID cannot be empty!");
		$check->validateNumber($_POST['imgnr'],"Unique number ID is not numeric!");
		if (md5($_POST['imgnr']) !== $_SESSION['image_random_value']) {
			$check->addError("Unique number ID is not correct!");
		}
	        if ($check->foundErrors()) {
        	        $check->showErrors();
	        } else {
		$username = htmlentities($_POST['username']);
 		$password = htmlentities($_POST['password']);
	        $sentry->checkLogin($username,$password,'index.php','login.php');
		}
	} else {
		die ("NO ACCESS");
	}
}
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<title>DebWeb GUI Login</title>
<link href="css/debwebgui.css" rel="stylesheet" type="text/css">
</head>

<body>
  <div align="right" class="loginheader">
    <div align="center">DebWeb GUI Login
<?php
if (!empty($loggedout)) {
	print "$loggedout";
}
?>
</div>
  </div>
  <div align="center" class="_loginbox">
        <form name="loginform" method="post" action="">
    <table width="21%" border="0">
    <tr>
      <td colspan="2"></td>
    </tr>
    <tr>
      <td width="36%">Username</td>
      <td width="64%">
          <div align="left">
            <input name="username" type="text" class="username">
          </div>
        </td>
    </tr>
    <tr>
      <td>Password</td>
      <td>
          <div align="left">
            <input name="password" type="password" class="password">
          </div>
        </td>
    </tr>

    <tr>
      <td>
	<img src="functions/image.php" alt="imgnr" style="border: solid #000000 1px;">
	</td>
      <td>
          <div align="left">
            <input name="imgnr" type="text" class="imgnr">
          </div>
        </td>
    </tr>

    <tr>
      <td height="26"></td>
      <td><input type="submit" name="login" value="Login">
  </table>
</form>
</div>
<div align="right" class="loginmsg">(All incorrect logins will be logged and your IP might be banned)</div>
<?php include('includes/boxes.inc'); 
if(!$_SERVER['HTTPS']) {
    print "<center>";
    infobox("WARNING: Not a secure connection","You are not running a secure connection (SSL) meaning your username and password will be sent i clear text instead of encrypted.","400");
    print "</center>";
  }
?>
</body>
</html>
Return current item: DebWeb GUI