sma-website /search/inc/admin_auth.inc.php

Language PHP Lines 146
MD5 Hash 3359391ab3391def82cb6328a96f33ba Estimated Cost $2,560 (why?)
Repository https://bitbucket.org/molusc/sma-website.git View Raw File
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
<?php

/******************************************************************************
 * iSearch2 - website search engine                                           *
 *                                                                            *
 * Visit the iSearch homepage at http://www.iSearchTheNet.com/isearch         *
 *                                                                            *
 * Copyright (C) 2002-2007 Z-Host. All rights reserved.                       *
 *                                                                            *
 ******************************************************************************/

if ( !defined('IN_ISEARCH') )
{
    die('Hacking attempt');
}

if (isset($_SERVER['PHP_SELF']))
{
    $PHP_SELF = $_SERVER['PHP_SELF'];
}

/* Clear the admin log file */
function isearch_clearAdminLog()
{
    global $isearch_table_admin_log;
    global $isearch_db;

    mysql_query("DELETE FROM $isearch_table_admin_log", $isearch_db);
}


/* Return the contents of the admin log */
function isearch_getAdminLog()
{
    global $isearch_table_admin_log;
    global $isearch_db;

    $log = '';

    $result = mysql_query("SELECT * FROM $isearch_table_admin_log ORDER BY id", $isearch_db);
    if ($result)
    {
        while ($item = mysql_fetch_object($result))
        {
            $log .= date('M d, Y, H:i:s - ', $item->time) . $item->msg . "\n";
        }
    }

    return $log;
}


/* Save the string in the admin log file */
function isearch_adminLog($string, $level=1)
{
    global $isearch_table_admin_log;
    global $isearch_db;

    $now = time();
    mysql_query("INSERT INTO $isearch_table_admin_log (msg, time) VALUES ('" . isearch_escape_string($string) . "', '$now')", $isearch_db);

    if ($level <= 5)
    {
        echo $string . "<br />\n";
    }
}


$isearch_admin = '';
if (isset($_REQUEST['isearch_password']))
{
    /* Remember the password in a session cookie */
    if ($_REQUEST['isearch_password'] != '')
    {
        $isearch_admin = md5($_REQUEST['isearch_password']);
    }
    setcookie('isearch_admin', $isearch_admin, isset($_REQUEST['isearch_remember_me']) ? 2147483647 : 0);
    if (md5($isearch_admin_password) == $isearch_admin)
    {
        isearch_adminLog('Admin login in from IP address : ' . $_SERVER['REMOTE_ADDR'], 5);
    }
    else if ($_REQUEST['isearch_password'] == '')
    {
        isearch_adminLog('Admin logged out from IP address : ' . $_SERVER['REMOTE_ADDR'], 5);
    }
    else
    {
        isearch_adminLog('!!! Admin login FAILED from IP address : ' . $_SERVER['REMOTE_ADDR'] . ' !!!', 5);
    }
}
else if (isset($_COOKIE['isearch_admin']))
{
    $isearch_admin = $_COOKIE['isearch_admin'];
}

if ($isearch_admin_password != '')
{
    if (md5($isearch_admin_password) != $isearch_admin)
    {
        if ($isearch_admin != '')
        {
            sleep(3);    /* Delay to help prevent password cracking */
            echo "<p>Incorrect password</p>\n";
        }

        /* Prompt for admin password */
        echo <<<EOF
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

<html dir="ltr" xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">

    <head>
        <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
        <title>iSearch Configuration</title>
        <meta name="author" content="Ian Willis" />
        <meta name="copyright" content="Copyright Z-Host. All rights reserved." />
        <meta name="robots" content="noindex,nofollow" />
        <meta http-equiv="pragma" content="no-cache" />
        <link rel="stylesheet" href="admin.css" type="text/css" />
        <style type="text/css" media="screen">
            h1, p { text-align: center }
            #isearch-divlogin { padding: 1em; text-align: center; background-color: #E0E0E0 }
        </style>
    </head>

    <body>

        <h1>iSearch $isearch_version Configuration</h1>
        <p class="center">Please enter your iSearch administrator password:</p>
        <form method="post" action="$PHP_SELF">
            <div id="isearch-divlogin">
                <p><label for="isearch_password"><strong>iSearch Administrator Password:</strong></label> <input maxlength="20" type="password" name="isearch_password" size="20" /></p>
                <p><label for="isearch_remember_me"><strong>Remember My Password On This Computer:</strong></label> <input type="checkbox" name="isearch_remember_me" /></p>
                <p><input type="submit" value="Login" /></p>
            </div>
        </form>

    </body>
</html>
EOF;
        exit;
    }
}

?>
Back to Top