/search/inc/admin_auth.inc.php
PHP | 145 lines | 107 code | 24 blank | 14 comment | 21 complexity | 3359391ab3391def82cb6328a96f33ba MD5 | raw file
Possible License(s): BSD-3-Clause
- <?php
-
- /******************************************************************************
- * iSearch2 - website search engine *
- * *
- * Visit the iSearch homepage at http://www.iSearchTheNet.com/isearch *
- * *
- * Copyright (C) 2002-2007 Z-Host. All rights reserved. *
- * *
- ******************************************************************************/
-
- if ( !defined('IN_ISEARCH') )
- {
- die('Hacking attempt');
- }
-
- if (isset($_SERVER['PHP_SELF']))
- {
- $PHP_SELF = $_SERVER['PHP_SELF'];
- }
-
- /* Clear the admin log file */
- function isearch_clearAdminLog()
- {
- global $isearch_table_admin_log;
- global $isearch_db;
-
- mysql_query("DELETE FROM $isearch_table_admin_log", $isearch_db);
- }
-
-
- /* Return the contents of the admin log */
- function isearch_getAdminLog()
- {
- global $isearch_table_admin_log;
- global $isearch_db;
-
- $log = '';
-
- $result = mysql_query("SELECT * FROM $isearch_table_admin_log ORDER BY id", $isearch_db);
- if ($result)
- {
- while ($item = mysql_fetch_object($result))
- {
- $log .= date('M d, Y, H:i:s - ', $item->time) . $item->msg . "\n";
- }
- }
-
- return $log;
- }
-
-
- /* Save the string in the admin log file */
- function isearch_adminLog($string, $level=1)
- {
- global $isearch_table_admin_log;
- global $isearch_db;
-
- $now = time();
- mysql_query("INSERT INTO $isearch_table_admin_log (msg, time) VALUES ('" . isearch_escape_string($string) . "', '$now')", $isearch_db);
-
- if ($level <= 5)
- {
- echo $string . "<br />\n";
- }
- }
-
-
- $isearch_admin = '';
- if (isset($_REQUEST['isearch_password']))
- {
- /* Remember the password in a session cookie */
- if ($_REQUEST['isearch_password'] != '')
- {
- $isearch_admin = md5($_REQUEST['isearch_password']);
- }
- setcookie('isearch_admin', $isearch_admin, isset($_REQUEST['isearch_remember_me']) ? 2147483647 : 0);
- if (md5($isearch_admin_password) == $isearch_admin)
- {
- isearch_adminLog('Admin login in from IP address : ' . $_SERVER['REMOTE_ADDR'], 5);
- }
- else if ($_REQUEST['isearch_password'] == '')
- {
- isearch_adminLog('Admin logged out from IP address : ' . $_SERVER['REMOTE_ADDR'], 5);
- }
- else
- {
- isearch_adminLog('!!! Admin login FAILED from IP address : ' . $_SERVER['REMOTE_ADDR'] . ' !!!', 5);
- }
- }
- else if (isset($_COOKIE['isearch_admin']))
- {
- $isearch_admin = $_COOKIE['isearch_admin'];
- }
-
- if ($isearch_admin_password != '')
- {
- if (md5($isearch_admin_password) != $isearch_admin)
- {
- if ($isearch_admin != '')
- {
- sleep(3); /* Delay to help prevent password cracking */
- echo "<p>Incorrect password</p>\n";
- }
-
- /* Prompt for admin password */
- echo <<<EOF
- <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-
- <html dir="ltr" xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
-
- <head>
- <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
- <title>iSearch Configuration</title>
- <meta name="author" content="Ian Willis" />
- <meta name="copyright" content="Copyright Z-Host. All rights reserved." />
- <meta name="robots" content="noindex,nofollow" />
- <meta http-equiv="pragma" content="no-cache" />
- <link rel="stylesheet" href="admin.css" type="text/css" />
- <style type="text/css" media="screen">
- h1, p { text-align: center }
- #isearch-divlogin { padding: 1em; text-align: center; background-color: #E0E0E0 }
- </style>
- </head>
-
- <body>
-
- <h1>iSearch $isearch_version Configuration</h1>
- <p class="center">Please enter your iSearch administrator password:</p>
- <form method="post" action="$PHP_SELF">
- <div id="isearch-divlogin">
- <p><label for="isearch_password"><strong>iSearch Administrator Password:</strong></label> <input maxlength="20" type="password" name="isearch_password" size="20" /></p>
- <p><label for="isearch_remember_me"><strong>Remember My Password On This Computer:</strong></label> <input type="checkbox" name="isearch_remember_me" /></p>
- <p><input type="submit" value="Login" /></p>
- </div>
- </form>
-
- </body>
- </html>
- EOF;
- exit;
- }
- }
-
- ?>