Revision 1833
Added by Dietmar over 11 years ago
- security fix CRLF injection/HTTP response splitting
| class.login.php | ||
|---|---|---|
| 46 | 46 |
$username_fieldname = 'username'; |
| 47 | 47 |
$password_fieldname = 'password'; |
| 48 | 48 |
} |
| 49 |
$this->username = htmlspecialchars (strtolower($this->get_post($username_fieldname)), ENT_QUOTES); |
|
| 50 | 49 |
|
| 50 |
if( is_array($this->get_post($username_fieldname) ) ) {
|
|
| 51 |
$_POST[$username_fieldname]=implode(',',$this->get_post($username_fieldname));
|
|
| 52 |
} |
|
| 53 |
$this->username = htmlspecialchars (strtolower( $this->get_post($username_fieldname) ), ENT_QUOTES); |
|
| 54 |
|
|
| 55 |
if( is_array($this->get_post($password_fieldname) ) ) {
|
|
| 56 |
$_POST[$password_fieldname]=implode(',',$this->get_post($password_fieldname));
|
|
| 57 |
} |
|
| 51 | 58 |
$this->password = $this->get_post($password_fieldname); |
| 59 |
|
|
| 52 | 60 |
// Figure out if the "remember me" option has been checked |
| 53 | 61 |
if($this->get_post('remember') == 'true') {
|
| 54 | 62 |
$this->remember = $this->get_post('remember');
|
| ... | ... | |
| 60 | 68 |
$this->username_len = strlen($this->username); |
| 61 | 69 |
$this->password_len = strlen($this->password); |
| 62 | 70 |
} |
| 71 |
|
|
| 72 |
$sServerUrl = $_SERVER['SERVER_NAME']; |
|
| 73 |
$sServerScheme = $_SERVER['REQUEST_SCHEME']; |
|
| 74 |
$sServerPath = $_SERVER['SCRIPT_NAME']; |
|
| 63 | 75 |
// If the url is blank, set it to the default url |
| 64 | 76 |
$this->url = $this->get_post('url');
|
| 77 |
$aUrl = parse_url( $this->url ); |
|
| 78 |
$this->url = isset($aRedirecthUrl['host']) &&($sServerUrl==$aUrl['host']) ? $this->url:ADMIN_URL.'/start/index.php'; |
|
| 65 | 79 |
if ($this->redirect_url!='') {
|
| 80 |
$aRedirecthUrl = parse_url( $this->redirect_url ); |
|
| 81 |
$this->redirect_url = isset($aRedirecthUrl['host']) &&($sServerUrl==$aRedirecthUrl['host']) ? $this->redirect_url:$sServerScheme.'://'.$sServerUrl; |
|
| 66 | 82 |
$this->url = $this->redirect_url; |
| 67 | 83 |
} |
| 68 | 84 |
if(strlen($this->url) < 2) {
|
| 69 |
$this->url = $config_array['DEFAULT_URL']; |
|
| 85 |
$aDefaultUrl = parse_url( $this->default_url ); |
|
| 86 |
$this->default_url = isset($aDefaultUrl['host']) &&($sServerUrl==$aDefaultUrl['host']) ? $this->default_url:$sServerScheme.'://'.$sServerUrl; |
|
| 87 |
$this->url = $this->default_url; |
|
| 70 | 88 |
} |
| 89 |
|
|
| 71 | 90 |
if($this->is_authenticated() == true) {
|
| 72 | 91 |
// User already logged-in, so redirect to default url |
| 73 |
// header("Location: ".$this->url);
|
|
| 74 |
// exit(0); |
|
| 75 | 92 |
$this->send_header($this->url); |
| 76 | 93 |
} elseif($this->is_remembered() == true) {
|
| 77 | 94 |
// User has been "remembered" |
| ... | ... | |
| 86 | 103 |
// Check if the user exists (authenticate them) |
| 87 | 104 |
if($this->authenticate()) {
|
| 88 | 105 |
// Authentication successful |
| 89 |
// header("Location: ".$this->url);
|
|
| 90 |
// exit(0); |
|
| 91 | 106 |
$this->send_header($this->url); |
| 92 | 107 |
} else {
|
| 93 | 108 |
$this->message = $MESSAGE['LOGIN_AUTHENTICATION_FAILED']; |
| ... | ... | |
| 119 | 134 |
$this->password = md5($this->password); |
| 120 | 135 |
if($this->authenticate()) {
|
| 121 | 136 |
// Authentication successful |
| 122 |
// echo $this->url;exit(); |
|
| 123 |
// header("Location: ".$this->url);
|
|
| 124 |
// exit(0); |
|
| 125 | 137 |
$this->send_header($this->url); |
| 126 | 138 |
} else {
|
| 127 | 139 |
$this->message = $MESSAGE['LOGIN_AUTHENTICATION_FAILED']; |
| ... | ... | |
| 298 | 310 |
} |
| 299 | 311 |
$template->set_var(array( |
| 300 | 312 |
'ACTION_URL' => $this->login_url, |
| 313 |
'URL' => $this->default_url, |
|
| 301 | 314 |
'ATTEMPS' => $this->get_session('ATTEMPS'),
|
| 302 | 315 |
'USERNAME' => $this->username, |
| 303 | 316 |
'USERNAME_FIELDNAME' => $this->username_fieldname, |
Also available in: Unified diff