PageRenderTime 40ms CodeModel.GetById 16ms RepoModel.GetById 0ms app.codeStats 0ms

/search/inc/admin_auth.inc.php

https://bitbucket.org/molusc/sma-website
PHP | 145 lines | 107 code | 24 blank | 14 comment | 21 complexity | 3359391ab3391def82cb6328a96f33ba MD5 | raw file
Possible License(s): BSD-3-Clause
  1. <?php
  2. /******************************************************************************
  3. * iSearch2 - website search engine *
  4. * *
  5. * Visit the iSearch homepage at http://www.iSearchTheNet.com/isearch *
  6. * *
  7. * Copyright (C) 2002-2007 Z-Host. All rights reserved. *
  8. * *
  9. ******************************************************************************/
  10. if ( !defined('IN_ISEARCH') )
  11. {
  12. die('Hacking attempt');
  13. }
  14. if (isset($_SERVER['PHP_SELF']))
  15. {
  16. $PHP_SELF = $_SERVER['PHP_SELF'];
  17. }
  18. /* Clear the admin log file */
  19. function isearch_clearAdminLog()
  20. {
  21. global $isearch_table_admin_log;
  22. global $isearch_db;
  23. mysql_query("DELETE FROM $isearch_table_admin_log", $isearch_db);
  24. }
  25. /* Return the contents of the admin log */
  26. function isearch_getAdminLog()
  27. {
  28. global $isearch_table_admin_log;
  29. global $isearch_db;
  30. $log = '';
  31. $result = mysql_query("SELECT * FROM $isearch_table_admin_log ORDER BY id", $isearch_db);
  32. if ($result)
  33. {
  34. while ($item = mysql_fetch_object($result))
  35. {
  36. $log .= date('M d, Y, H:i:s - ', $item->time) . $item->msg . "\n";
  37. }
  38. }
  39. return $log;
  40. }
  41. /* Save the string in the admin log file */
  42. function isearch_adminLog($string, $level=1)
  43. {
  44. global $isearch_table_admin_log;
  45. global $isearch_db;
  46. $now = time();
  47. mysql_query("INSERT INTO $isearch_table_admin_log (msg, time) VALUES ('" . isearch_escape_string($string) . "', '$now')", $isearch_db);
  48. if ($level <= 5)
  49. {
  50. echo $string . "<br />\n";
  51. }
  52. }
  53. $isearch_admin = '';
  54. if (isset($_REQUEST['isearch_password']))
  55. {
  56. /* Remember the password in a session cookie */
  57. if ($_REQUEST['isearch_password'] != '')
  58. {
  59. $isearch_admin = md5($_REQUEST['isearch_password']);
  60. }
  61. setcookie('isearch_admin', $isearch_admin, isset($_REQUEST['isearch_remember_me']) ? 2147483647 : 0);
  62. if (md5($isearch_admin_password) == $isearch_admin)
  63. {
  64. isearch_adminLog('Admin login in from IP address : ' . $_SERVER['REMOTE_ADDR'], 5);
  65. }
  66. else if ($_REQUEST['isearch_password'] == '')
  67. {
  68. isearch_adminLog('Admin logged out from IP address : ' . $_SERVER['REMOTE_ADDR'], 5);
  69. }
  70. else
  71. {
  72. isearch_adminLog('!!! Admin login FAILED from IP address : ' . $_SERVER['REMOTE_ADDR'] . ' !!!', 5);
  73. }
  74. }
  75. else if (isset($_COOKIE['isearch_admin']))
  76. {
  77. $isearch_admin = $_COOKIE['isearch_admin'];
  78. }
  79. if ($isearch_admin_password != '')
  80. {
  81. if (md5($isearch_admin_password) != $isearch_admin)
  82. {
  83. if ($isearch_admin != '')
  84. {
  85. sleep(3); /* Delay to help prevent password cracking */
  86. echo "<p>Incorrect password</p>\n";
  87. }
  88. /* Prompt for admin password */
  89. echo <<<EOF
  90. <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
  91. <html dir="ltr" xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
  92. <head>
  93. <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
  94. <title>iSearch Configuration</title>
  95. <meta name="author" content="Ian Willis" />
  96. <meta name="copyright" content="Copyright Z-Host. All rights reserved." />
  97. <meta name="robots" content="noindex,nofollow" />
  98. <meta http-equiv="pragma" content="no-cache" />
  99. <link rel="stylesheet" href="admin.css" type="text/css" />
  100. <style type="text/css" media="screen">
  101. h1, p { text-align: center }
  102. #isearch-divlogin { padding: 1em; text-align: center; background-color: #E0E0E0 }
  103. </style>
  104. </head>
  105. <body>
  106. <h1>iSearch $isearch_version Configuration</h1>
  107. <p class="center">Please enter your iSearch administrator password:</p>
  108. <form method="post" action="$PHP_SELF">
  109. <div id="isearch-divlogin">
  110. <p><label for="isearch_password"><strong>iSearch Administrator Password:</strong></label> <input maxlength="20" type="password" name="isearch_password" size="20" /></p>
  111. <p><label for="isearch_remember_me"><strong>Remember My Password On This Computer:</strong></label> <input type="checkbox" name="isearch_remember_me" /></p>
  112. <p><input type="submit" value="Login" /></p>
  113. </div>
  114. </form>
  115. </body>
  116. </html>
  117. EOF;
  118. exit;
  119. }
  120. }
  121. ?>