Project

General

Profile

« Previous | Next » 

Revision 2125

Added by darkviper over 10 years ago

! /framework/class.Login.php
! /account/ ~login_form.php ~login.php
! /admin/login/index.php
fixed some possible intruder vectors and complete 2.8.4 adaption

View differences:

index.php
18 18 
// Include the configuration file
19 19 
$sStartFile = dirname(dirname(__DIR__)).'/framework/initialize.php';
20 20 
if (!defined('SYSTEM_RUN')) {
21 
	require($sStartFile);
21 
    require($sStartFile);
22 22 
}
23 
//if(!class_exists('login', false)){ require_once(WB_PATH.'/framework/class.login.php'); }
24 
//if(!class_exists('frontend', false)){ require_once(WB_PATH.'/framework/class.frontend.php'); }
23 
$username_fieldname = 'username';
24 
$password_fieldname = 'password';
25 
if(isset($oReg->SmartLogin) && $oReg->SmartLogin == 'true') {
26 
    $sTmp = '_'.substr(md5(microtime()), -8);
27 
    $username_fieldname .= $sTmp;
28 
    $password_fieldname .= $sTmp;
29 
}
25 30 

  		




  26
  
  
    
if(defined('SMART_LOGIN') AND SMART_LOGIN == 'enabled') {


  		




  27
  
  
    
	// Generate username field name


  		




  28
  
  
    
	$username_fieldname = 'username_';


  		




  29
  
  
    
	$password_fieldname = 'password_';


  		




  30
  
  
    
	$salt = "abchefghjkmnpqrstuvwxyz0123456789";


  		




  31
  
  
    
	srand((double)microtime()*1000000);


  		




  32
  
  
    
	$i = 0;


  		




  33
  
  
    
	while ($i <= 7) {


  		




  34
  
  
    
		$num = rand() % 33;


  		




  35
  
  
    
		$tmp = substr($salt, $num, 1);


  		




  36
  
  
    
		$username_fieldname = $username_fieldname . $tmp;


  		




  37
  
  
    
		$password_fieldname = $password_fieldname . $tmp;


  		




  38
  
  
    
		$i++;


  		




  39
  
  
    
	}


  		




  40
  
  
    
} else {


  		




  41
  
  
    
	$username_fieldname = 'username';


  		




  42
  
  
    
	$password_fieldname = 'password';


  		




  43
  
  
    
}


  		




  44
  31
  
    
$admin = new frontend();


  		




  45
  
  
    
$WarnUrl = str_replace(WB_PATH,WB_URL,$admin->correct_theme_source('warning.html'));


  		




  
  32
  
    
$WarnUrl = str_replace($oReg->AppPath, $oReg->AppUrl, $admin->correct_theme_source('warning.html'));


  		




  46
  33
  
    
$LoginTpl = 'loginBox.htt';


  		




  47
  34
  
    
$ThemePath = dirname($admin->correct_theme_source('loginBox.htt'));


  		




  48
  35
  
    
$thisApp = new Login( array(


  		




  49
  
  
    
        'MAX_ATTEMPS'           => '3',


  		




  
  36
  
    
        'MAX_ATTEMPS'           => 3,


  		




  50
  37
  
    
        'WARNING_URL'           => $WarnUrl,


  		




  51
  38
  
    
        'INFO_URL'              => '##',


  		




  52
  39
  
    
        'INFO_TEXT'             => 'News',


  		




  53
  40
  
    
        'USERNAME_FIELDNAME'    => $username_fieldname,


  		




  54
  41
  
    
        'PASSWORD_FIELDNAME'    => $password_fieldname,


  		




  55
  
  
    
        'REMEMBER_ME_OPTION'    => SMART_LOGIN,


  		




  56
  
  
    
        'MIN_USERNAME_LEN'      => '2',


  		




  57
  
  
    
        'MIN_PASSWORD_LEN'      => '3',


  		




  58
  
  
    
        'MAX_USERNAME_LEN'      => '30',


  		




  59
  
  
    
        'MAX_PASSWORD_LEN'      => '30',


  		




  60
  
  
    
        'LOGIN_URL'             => ADMIN_URL."/login/index.php",


  		




  61
  
  
    
        'DEFAULT_URL'           => ADMIN_URL."/start/index.php",


  		




  
  42
  
    
        'REMEMBER_ME_OPTION'    => $oReg->SmartLogin,


  		




  
  43
  
    
        'MIN_USERNAME_LEN'      => 2,


  		




  
  44
  
    
        'MIN_PASSWORD_LEN'      => 3,


  		




  
  45
  
    
        'MAX_USERNAME_LEN'      => 100,


  		




  
  46
  
    
        'MAX_PASSWORD_LEN'      => 100,


  		




  
  47
  
    
        'LOGIN_URL'             => $oReg->AcpUrl."login/index.php",


  		




  
  48
  
    
        'DEFAULT_URL'           => $oReg->AcpUrl."start/index.php",


  		




  62
  49
  
    
        'TEMPLATE_DIR'          => $ThemePath,


  		




  63
  50
  
    
        'TEMPLATE_FILE'         => $LoginTpl,


  		




  64
  51
  
    
        'FRONTEND'              => false,


  		




  65
  
  
    
        'FORGOTTEN_DETAILS_APP' => ADMIN_URL."/login/forgot/index.php",


  		




  66
  
  
    
        'USERS_TABLE'           => TABLE_PREFIX."users",


  		




  67
  
  
    
        'GROUPS_TABLE'          => TABLE_PREFIX."groups",


  		




  
  52
  
    
        'FORGOTTEN_DETAILS_APP' => $oReg->AcpUrl."login/forgot/index.php",


  		




  
  53
  
    
        'USERS_TABLE'           => $oDb->TablePrefix."users",


  		




  
  54
  
    
        'GROUPS_TABLE'          => $oDb->TablePrefix."groups",


  		




  68
  55
  
    
    )


  		




  69
  56
  
    
);


  		












Also available in:  Unified diff