Location: PHPKode > projects > web-cp - Web Hosting Control Panel > webcp/web/passwd.login.inc.phps
<?	/*
	// File:	mail_passwd.phps
	// Purpose:	web://cp login screen, handle logout
	// Creation:	2001-10-29
	// Author:	Felix <hide@address.com>
	*/


//
// Check if needed vars are there
if (!isset($cfg))
	return 'login.inc.php :: $cfg not loaded (web/config.inc.phps)';
if (!is_array($T))
	include("lang/".$cfg['defaultlang'].".phps");
if (!isset($web_name))
	return 'login.inc.php :: $web_name not loaded (web/init.inc.phps)';


//
// If fetch method is a POST (attempted login), verify its authenticity
if ($HTTP_POST_VARS AND $failed != "recover") {
	// Standardize Input
	$username = trim($username);
	if (!eregi($rx['user'],$data['username']))
		$data['username'] = '_invalid';
		
	if (!$cfg['ssl']) {
		$salt = floor(time() / 300);
		$password = trim($md5pass);
	}
	else {
		$password = md5(trim($password));
		$salt = '';
	}

	// Check user against database
	$dbp = mysql_query("SELECT type,favorites,DECODE(password,'".$cfg['key']."') AS password FROM users WHERE username='$username'") or print(mysql_error());
	$data = mysql_fetch_array($dbp);
	
	if (md5($data['password'].$salt) != $password)
		unset($data);
	
	// If the user is valid
	if ($data) {
		// Log it
		webcp_log(2,"",$username,"login succesfull",$REMOTE_ADDR);
		
		// If user is a demo, associate current webcp_tag (if it exists, else pass on)
		switch ($data['type']) {
			
			case 'demo':
			$dbp = mysql_query("SELECT webcp_tag FROM users WHERE username='$username'");
			$data2 = mysql_fetch_array($dbp);
			if (trim($data2['webcp_tag'])) {
				$webcp_tag = $data2['webcp_tag'];
				break;
			}
			default:
			
			// Generate Unique Tag & Update the db
			srand((float) microtime() * 1000000);
			do {
				$webcp_tag = md5(uniqid(rand()));
				$dbp = mysql_query("SELECT username FROM users WHERE webcp_tag='$webcp_tag'");
			} while (mysql_num_rows($dbp));
			mysql_query("UPDATE users SET webcp_tag='$webcp_tag', remote_addr='$REMOTE_ADDR', timeout='".(time() + $timeout)."' WHERE username='$username'");
		}
		
		// if 'cookiesec' is set, set cookie with ssl and sysname settings.  Else don't.
		if ($cfg['cookiesec'])
			send_cookie("webcp_tag",$webcp_tag,time()+5000000,"",$cfg['sysname'], $cfg['ssl']?1:0);
		else
			send_cookie("webcp_tag",$webcp_tag,time()+5000000,"",$HTTP_HOST);
		
		// If 'bookmark' is set, redirect user to nothing (init will pick it up), else reload to allow in
		if (trim($data['favorites']) AND !trim($cp)) {
			$tmp = explode(":",$data['favorites']);
			send_header("Location: ".$web_name."/?".time());
			return false;
		}
		else {
			send_header("Location: ".$web_name."/?cp=$cp&url=$url&number=$number&user=$user&".time());
			return false;
		}
	}
	
	// Else if User / Password not valid
	else {
		// Check if username is valid & log if appropriate (warn)
		$dbp = mysql_query("SELECT username FROM users WHERE username='$username'");
		if (mysql_num_rows($dbp))
			webcp_log(2,"",$username,"login failed",$REMOTE_ADDR);
		
		// Stay in login and display error message
		$failed = "invalid";
	}
}

// If $failed is a logout, unset the cookie, clear the tag & timeout.
if ($failed == "logout" OR $failed == "access") {
	// if 'cookiesec' is set, unset cookie with ssl and domain settings.  Else don't.
	if ($cfg['cookiesec'])
		send_cookie("webcp_tag","",time() - 3600,"/",$cfg['sysname']);
	else
		send_cookie("webcp_tag","",time() - 3600,"/",$HTTP_HOST);
	
	// update database
	mysql_query("UPDATE users SET webcp_tag='', timeout='' WHERE webcp_tag='$webcp_tag'");
}

// If $failed is a su (substitute user), verify user level, unset the cookie, re-login.
elseif ($failed == "su") {
	$dbp = mysql_query("SELECT id,level FROM users WHERE webcp_tag='$webcp_tag'");
	$tmpdata = mysql_fetch_array($dbp);
	
	// only preset password if current user is server admin+
	if ($tmpdata['id'] AND $tmpdata['level'] <= 1) {
		$tmpdata = fetchdata("password","user",$username);
		$password = $tmpdata['password'];
	}
	// if 'cookiesec' is set, unset cookie with ssl and domain settings.  Else don't.
	if ($cfg['cookiesec'])
		send_cookie("webcp_tag","",time() - 3600,"/",$cfg['sysname']);
	else
		send_cookie("webcp_tag","",time() - 3600,"/",$HTTP_HOST);
	
	// update database
	mysql_query("UPDATE users SET webcp_tag='', timeout='' WHERE webcp_tag='$webcp_tag'");
}

// If $failed is a recover, e-mail the user's password to the domain admin's e-mail address
elseif ($failed == "recover") {
	// Standardize Input
	$username = trim($username);
	
	// Check user against database
	$userdata = fetchdata("id,password","user",$username);

	// If the user is valid
	if ($userdata) {
		$domain = fetchdata("email","domain",$userdata['id']);
		if ($domain) 
			mail($domain['email'],"web://cp ".$T['Password Recovery']." -- ".$username,$T['Pass Recovery Msg'].$userdata['password'], "From: <".$cfg['adminmail'].">\n");
		else
			$failed = "recover-failed";
	}
	else
		$failed = "recover-failed";
}

// Check if its a case of initializing:  The webcp database hasn't been created yet
$dbp = mysql_query("SHOW TABLES FROM ".$cfg['dbname']);
if (!mysql_num_rows($dbp) && !file_exists($cfg['basedir'].'/config.php')) {
 	send_header("Location: ".$web_name."/setup_config.php");
 	return false;
}

// Check if its a case of initializing:  There are no users in the users table
$dbp = mysql_query("SELECT username FROM users");
if (!mysql_num_rows($dbp)) {
	send_header("Location: ".$web_name."/setup.php");
	return false;
}

// Show login screen
?>	
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<title>web://cp <?=$cfg['webcp']."  . ".$T['Web Hosting Control Panel'];?></title>
<style type="text/css">
<!--
	body	{ font-family: Arial; }
-->
</style>
<script language='JavaScript' src='script.js'></script>

</head>
<body bgcolor="#F5F5F5" text="#000000" link="#4B5C6C" vlink="#4B5C6C" alink="#667E93"
	leftmargin="0" marginwidth="0" topmargin="0" marginheight="0"
	onLoad="document.forms[0].username.focus();">

<div align="center"><br><br><br>
	<?
		// If $failed is set (failed login), echo the error
		if (isset($failed)) {
			echo "<p><center><font color='#990000'>";
			echo $T['err']['login'][$failed];
			echo "</font></center></p>\n";
		}
		
		// set salt for md5 (5 minute 'timer' to login)
		$utime = floor(time() / 300);
	?>
	<form name="webcplogin" action="<?="./?cp=$cp&url=$url&number=$number&user=$user"; ?>" method="POST" onSubmit="submitonce(this); <? if (!$cfg['ssl']) echo "md5crypt('webcplogin','password','md5pass',$utime);" ?>">
	<table border="0" cellspacing="0" cellpadding="0">
	<tr><td align="right">
	<table border="1" bordercolor="#FAFAFA" cellspacing="0" width="300" cellpadding="1" bordercolorlight="#A2A2A2">
	<tr>
		<td bgcolor="white" style="font-size:15px;"><b><?=$T['Password Recovery'];?></b></td>
	</tr>
	<tr>
		<td bgcolor="#DEDEDE" align="center" valign="top" style="font-size:14px;">
		<table border="0" cellspacing="0" cellpadding="0">
		<tr>
			<td align="right"><font size="1">
			<br>
			<div style="font-size:14px;"><?=$T['Username'];?>&nbsp;</div>
			<input type="text" name="username" size="35" maxlength="40" value="<? if ($username) echo $username;?>">&nbsp;<br>

                         <input type="hidden" name="failed" value="recover">&nbsp;</font>
			</td>
		</tr>
		</table>
		</td>
	</tr>
	</table>
	<input type="hidden" value="" name="md5pass">
	<br>
        <center><input type="submit" value="<?=$T['Submit'];?>"><br><a href='index.php'>(<?=$T['cancel'];?>)</a></center></td>
	</tr>
	</table>
	</form>
	<br><br>
	
	<div style="font-size:12px;">
 <p><?=$T['password will be emailed'];?>
	</div>

</div>
</body>
</html>
	
	
Return current item: web-cp - Web Hosting Control Panel