PageRenderTime 54ms CodeModel.GetById 28ms RepoModel.GetById 0ms app.codeStats 0ms

/armory/source/login.php

https://bitbucket.org/chaosdeveloper/chaosweb-en
PHP | 183 lines | 183 code | 0 blank | 0 comment | 21 complexity | 04f1a110e1cacd5158c2ce00ccc055d9 MD5 | raw file
  1. <?php
  2. if(!defined('Armory') || ($config['Login'] == 0))
  3. {
  4. header('Location: ../');
  5. exit();
  6. }
  7. if(isset($_POST['name']) && isset($_POST['pass']))
  8. {
  9. switchConnection($realms[urldecode($_POST["realm"])][0],"");
  10. $banip = mysql_query("SELECT `ip` from `ip_banned` WHERE `ip` = '".$_SERVER['REMOTE_ADDR']."'");
  11. $numban = mysql_num_rows($banip);
  12. if($numban > 0)
  13. $banned = 1;
  14. else
  15. {
  16. $user_name = $_POST['name'];
  17. $user_pass = sha1(strtoupper($_POST['name'].":".$_POST['pass']));
  18. $select_acc = "SELECT username FROM account WHERE username='$user_name' AND sha_pass_hash='$user_pass'";
  19. $results=mysql_query($select_acc) or die (mysql_error());
  20. if(mysql_num_rows($results) == 1)
  21. {
  22. $row=mysql_fetch_array($results);
  23. $_SESSION['user_name'] = $row['username'];
  24. $_SESSION['logged_MBA'] = 1;
  25. $_SESSION['realm'] = urldecode($_POST["realm"]);
  26. }
  27. else
  28. $wrong=1;
  29. }
  30. }
  31. if (!isset($_SESSION['logged_MBA']) || isset($_POST["logout"]))
  32. {
  33. session_destroy();
  34. ?>
  35. <div class="list">
  36. <div class="full-list">
  37. <div class="tip" style="clear: left;">
  38. <table>
  39. <tr>
  40. <td class="tip-top-left"></td><td class="tip-top"></td><td class="tip-top-right"></td>
  41. </tr>
  42. <tr>
  43. <td class="tip-left"></td><td class="tip-bg">
  44. <div class="profile-wrapper">
  45. <blockquote>
  46. <b class="icharacters">
  47. <h4>
  48. <a href="character-search.php">Log In</a>
  49. </h4>
  50. <h3>Log In</h3>
  51. </b>
  52. </blockquote>
  53. <div class="login-box">
  54. <div class="login-contents">
  55. <div class="login-text">
  56. <form action="?searchType=login" method="post" name="login">
  57. <div class="reldiv">
  58. <a class="login-x" href="index.php"></a>
  59. <div class="login-title">Login Required</div>
  60. <div class="login-intromsg">You must log in with your server account to access protected areas of the Armory.</div>
  61. <div class="login-inputcontainer1">
  62. <div class="reldiv">
  63. <div class="login-inputitem1">Account Name</div>
  64. <div class="login-inputitem2">
  65. <input class="login-accountname" id="accountName" name="name" onkeypress="submitViaEnter(event)" tabindex="1" type="text" value="">
  66. </div>
  67. <div class="login-inputitem3">
  68. Realm
  69. <select class="login-accountname" id="realm" name="realm" onkeypress="submitViaEnter(event)" tabindex="1" type="text" value="">
  70. <?php
  71. foreach($realms as $key => $data)
  72. echo "<option value='".urlencode($key)."'>".$key."</option>";
  73. ?>
  74. </select>
  75. <!--<a href="account-name.html">Forgot your Account Name?</a>-->
  76. </div>
  77. </div>
  78. </div>
  79. <div class="login-inputcontainer2">
  80. <div class="reldiv">
  81. <div class="login-inputitem1">Password</div>
  82. <div class="login-inputitem2">
  83. <input class="login-accountname" name="pass" onkeypress="submitViaEnter(event)" tabindex="2" type="password" value="">
  84. </div>
  85. <div class="login-inputitem3">
  86. <?php
  87. if (isset($banned))
  88. echo "<center>IP ".$_SERVER['REMOTE_ADDR']." is banned.</center>";
  89. else if (isset($wrong))
  90. echo "<center>Wrong username or password</center>";
  91. ?>
  92. <!--<a href="password.html">Forgot your Password?</a> -->
  93. </div>
  94. </div>
  95. </div>
  96. <div class="login-buttons">
  97. <a class="bluebutton" href="javascript:document.login.submit();" id="loginsubmitbutton">
  98. <div class="bluebutton-a"></div>
  99. <div class="bluebutton-b">
  100. <div class="reldiv">
  101. <div class="bluebutton-color">Login</div>
  102. </div>Login</div>
  103. <div class="bluebutton-key"></div>
  104. <div class="bluebutton-c"></div>
  105. </a><a class="bluebutton" href="index.php" id="logincancelbutton">
  106. <div class="bluebutton-a"></div>
  107. <div class="bluebutton-b">
  108. <div class="reldiv">
  109. <div class="bluebutton-color">Cancel</div>
  110. </div>Cancel</div>
  111. <div class="bluebutton-c"></div>
  112. </a>
  113. </div>
  114. </div>
  115. </form>
  116. </div>
  117. </div>
  118. </div>
  119. </div>
  120. </td><td class="tip-right"></td>
  121. </tr>
  122. <tr>
  123. <td class="tip-bot-left"></td><td class="tip-bot"></td><td class="tip-bot-right"></td>
  124. </tr>
  125. </table>
  126. </div>
  127. </div>
  128. <?php
  129. }
  130. else
  131. {
  132. $username = $_SESSION['user_name'];
  133. $o->string("<br><br><br><center><span class=\"csearch-results-header\">You are logged as ".$username."</span></center>");
  134. $o->string("<center><form method=\"post\" action=\"?searchType=login\"><input name=\"logout\" style=\"border: 1px solid; font-weight: bold; background-color: rgb(0, 0, 0); color: rgb(255, 172, 4);\" value=\"Log out\" type=\"submit\"></form></center>");
  135. $o->string("<br><center><span class=\"csearch-results-header\">Change Password</span><br><br>");
  136. $o->string("<form method=\"post\" action=\"?searchType=login\">");
  137. $o->string("<table border=\"0\">");
  138. $o->string("<tr>");
  139. $o->string("<td><span class=\"csearch-results-header\">Old Password:</span></td>");
  140. $o->string("<td><input class=\"reg\" maxlength=\"30\" type=\"password\" name=\"old_pass\" size=\"30\"></td>");
  141. $o->string("</tr>");
  142. $o->string("<tr>");
  143. $o->string("<td><span class=\"csearch-results-header\">New Password:</span></td>");
  144. $o->string("<td><input class=\"reg\" maxlength=\"30\" type=\"password\" name=\"new_pass\" size=\"30\"></td>");
  145. $o->string("</tr>");
  146. $o->string("<tr>");
  147. $o->string("<td><span class=\"csearch-results-header\">Repeat New Password:</span></td>");
  148. $o->string("<td><input class=\"reg\" maxlength=\"30\" type=\"password\" name=\"rep_newpass\" size=\"30\"></td>");
  149. $o->string("</tr>");
  150. $o->string("</table>");
  151. $o->string("<center><input name=\"change\" style=\"border: 1px solid; font-weight: bold; background-color: rgb(0, 0, 0); color: rgb(255, 172, 4);\" value=\"Change password\" type=\"submit\"></center>");
  152. $o->string("</form>");
  153. $o->string("</center>");
  154. if(isset($_POST['old_pass']) && isset($_POST['new_pass']) && isset($_POST['rep_newpass']))
  155. {
  156. $pass_len = strlen($_POST['new_pass']);
  157. if(($pass_len >= 5) && ($pass_len <= 30))
  158. {
  159. if($_POST['new_pass'] == $_POST['rep_newpass'])
  160. {
  161. switchConnection($realms[$_SESSION["realm"]][0],"");
  162. $query = "SELECT `sha_pass_hash` FROM `account` WHERE `username` LIKE '$username' LIMIT 1";
  163. $result = mysql_query($query) or die (mysql_error());
  164. $row = mysql_fetch_assoc($result);
  165. $old_password = sha1(strtoupper($username.":".$_POST['old_pass']));
  166. if($old_password==$row["sha_pass_hash"])
  167. {
  168. $new_password = sha1(strtoupper($username.":".$_POST['new_pass']));
  169. $query = "UPDATE `account` SET `sha_pass_hash` = '$new_password' WHERE `username` = '$username' LIMIT 1";
  170. $result = mysql_query($query) or die (mysql_error());
  171. echo $o->string("<br><center>Password Changed</center>");
  172. }
  173. else
  174. $o->string("<br><center>Wrong Old Password</center>");
  175. }
  176. else
  177. $o->string("<br><center>New Password and Repeat New Password fields must match.</center>");
  178. }
  179. else
  180. $o->string("<br><center>Invalid length on New Password field (min5, max 30)</center>");
  181. }
  182. }
  183. ?>