brysf150 |
8th February 2009 23:10 |
I removed the code from login.php and takelogin.php.
You can use my login and takelogin if you like.
login.php
PHP Code:
<?php require_once "include/bittorrent.php" ; //require_once "include/user_functions.php"; //ini_set('session.use_trans_sid', '0'); maxcoder(); // Begin the session session_start(); (time() - $_SESSION['captcha_time'] < 10) ? exit('NO SPAM!') : NULL; stdhead("Login"); unset($returnto); if (!empty($_GET["returnto"])) { $returnto = $_GET["returnto"]; if (!isset($_GET["nowarn"])) { print("<center><h1><font color=white>Not logged in!</font></h1></center>\n"); print("<center><p><b><font color=white>Error:</b> The page you tried to view can only be used when you're logged in.</font></p><center>\n"); } } ?> <form method="post" action="takelogin.php"> <table align="center" border="0" cellpadding=5> <tr><center><font color="white"> <p><b>Note:</b> You need cookies enabled to log in.<b>[<?=$maxloginattempts;?>]</b> failed logins in a row will result in banning your ip</p> <p>You have <b><?=remaining ();?></b> login attempt(s).</p></center> <td class="rowhead">Username:</td> <td align="left"><input type="text" size=40 name="username" /></td> </tr> <tr> <td class="rowhead">Password:</td> <td align="left"><input type="password" size=40 name="password" /></td> </tr> <!--<tr><td class=rowhead>Duration:</td><td align=left><input type=checkbox name=logout value='yes' checked>Log me out after 15 minutes inactivity</td></tr>--> <tr> <td> </td> </tr> <tr> <td colspan="2" align="center"> <input type="submit" value="Log in!" class=btn> </td> </tr> </table> </td> </tr> </table> <? if (isset($returnto)) print("<input type=\"hidden\" name=\"returnto\" value=\"" . htmlentities($returnto) . "\" />\n"); ?> </form> <center><p>Please Note : Do not use IE to sign up or use this site</p> <p>Forget password? <a href="resetpw.php">Click <font color="green">here</a></font><font color="red"> to retrieve your password!</font></p> <p>New Member? <a href="signup.php">Sign-Up</a></p> <a href="http://www.mozilla.com" /> <img alt="Get Firefox" border="0" src="/pic/firefox.png"></a> <a href="http://www.utorrent.com" /> <img alt="Get Utorrent" border="0" src="/pic/utorrent.png"></a> <a href="http://tbdev.net" /> <img alt="Powered By TBDEV" border="0" src="/pic/tbdev.png"></a> </center> </font> <? ?>
takelogin.php
PHP Code:
<?php //print_r($_POST);exit(); require_once("include/bittorrent.php"); require_once "include/user_functions.php"; $sha=sha1($_SERVER['REMOTE_ADDR']); if(is_file(''.$dictbreaker.'/'.$sha) && filemtime(''.$dictbreaker.'/'.$sha)>(time()-8)){ @fclose(@fopen(''.$dictbreaker.'/'.$sha,'w')); die('Minimum 8 seconds between login attempts :)'); } if (!mkglobal("username:password")) die(); session_start(); dbconn(); maxcoder(); function bark($text) { print("<title>Error!</title>"); print("<table width='100%' height='100%' style='border: 8px ridge #000000'><tr><td align='center'>"); print("<center><h1 style='color: #CC3300;'>Error:</h1><h2>" . htmlspecialchars($text) . "</h2></center>"); print("<center><INPUT TYPE='button' VALUE='Back' onClick=\"history.go(-1)\"></center>"); print("</td></tr></table>"); die; } failedloginscheck (); $res = sql_query("SELECT id, passhash, secret, enabled FROM users WHERE username = " . sqlesc($username) . " AND status = 'confirmed'"); $row = mysql_fetch_assoc($res); if (!$row) { $ip = sqlesc(getip()); $added = sqlesc(get_date_time()); $a = (@mysql_fetch_row(@mysql_query("select count(*) from loginattempts where ip=$ip"))) or sqlerr(__FILE__, __LINE__); if ($a[0] == 0) sql_query("INSERT INTO loginattempts (ip, added, attempts) VALUES ($ip, $added, 1)") or sqlerr(__FILE__, __LINE__); else sql_query("UPDATE loginattempts SET attempts = attempts + 1 where ip=$ip") or sqlerr(__FILE__, __LINE__); @fclose(@fopen(''.$dictbreaker.'/'.sha1($_SERVER['REMOTE_ADDR']),'w')); bark(); } if ($row["passhash"] != md5($row["secret"] . $password . $row["secret"])) { $ip = sqlesc(getip()); $added = sqlesc(get_date_time()); $a = (@mysql_fetch_row(@sql_query("select count(*) from loginattempts where ip=$ip"))) or sqlerr(__FILE__, __LINE__); if ($a[0] == 0) sql_query("INSERT INTO loginattempts (ip, added, attempts) VALUES ($ip, $added, 1)") or sqlerr(__FILE__, __LINE__); else sql_query("UPDATE loginattempts SET attempts = attempts + 1 where ip=$ip") or sqlerr(__FILE__, __LINE__); @fclose(@fopen(''.$dictbreaker.'/'.sha1($_SERVER['REMOTE_ADDR']),'w')); $to = ($row["id"]); $msg = "[color=red]SECURITY[/color]\n Account: ID=".$row['id']." Somebody (probably you, ".$username."!) tried to login but failed!". "\nTheir [b]IP ADDRESS [/b] was : ". $ip . " (". @gethostbyaddr($ip) . ")". "\n If this wasn't you please report this event to a staff \n - Thank you.\n"; $sql = "INSERT INTO messages (sender, receiver, msg, added) VALUES('$from', '$to', ". sqlesc($msg).", $added);"; $res = sql_query($sql) or sqlerr(__FILE__, __LINE__); bark(); } if ($row["passhash"] != md5($row["secret"] . $password . $row["secret"])) bark(); if ($row["enabled"] == "no") bark("This account has been disabled."); $passh = md5($row["passhash"].$_SERVER["REMOTE_ADDR"]); logincookie($row["id"], $passh); $ip = sqlesc(getip()); sql_query("DELETE FROM loginattempts WHERE ip = $ip"); if (!empty($_POST["returnto"])) header("Location: $_POST[returnto]"); else header("Location: index.php"); stdfoot(); ?>
:ok:
|