MuCMS PHP Cross Reference Content Management Systems

Source: /admin/login.php - 445 lines - 17002 bytes - Summary - Text - Print

Description: the login script This is the login script

   1  <?php
   2      
   3  // Wed 14 Nov 2007 06:51:01 AM EST

   4  
   5  /**

   6  * the login script

   7  *

   8  * This is the login script

   9  *

  10  * @access       public

  11  * @author       Matthew Craig <matt@taggedzi.com>

  12  * @copyright   (c) Copyright 2006-2007 Matthew Craig.  All rights Reserved.

  13  * @see  MuCMS

  14  * @see Template

  15  * @see cleaner.php

  16  * @see silver.php

  17  * @see silverload.php

  18  * @see class.phpmailer.php

  19  * @todo  Add md5 Salts, perhaps switch to SHA1, or add second key

  20  */
  21   
  22  // Start Session

  23  session_start();
  24  
  25  // Check for injection type attacks

  26  include_once ('security.php');
  27  
  28  include_once ('cleaner.php');
  29  include_once ('classes/class.mucms.php');
  30  $login = new MuCMS;
  31  
  32  include_once ('classes/class.theme.php');
  33  $Display = new Template;
  34  
  35  $Title = 'MuCMS Login Screen';
  36  
  37  /**

  38  * Description for the page (header info)

  39  * @var string plain text format

  40  */
  41  $description = 'The Login Screen for MuCMS'; 
  42  
  43  /**

  44  * Keywords for the page  (header info) 

  45  * @var string plain text format

  46  */
  47  $keywords = 'Login';
  48  
  49  /**

  50  * Content for the page  

  51  * @var string formated in HTML

  52  */
  53  $content = '';
  54  
  55  /**

  56  * Top Menu Bar for the page  

  57  * @var string formated in HTML

  58  */
  59  $TopMenuBar = '
  60  <div id="tabs" class="noprint">
  61      <h3 class="noscreen">Navigation</h3>
  62      <ul class="box">
  63          <li id="active"><a href="#">Login<span class="tab-l"></span><span class="tab-r"></span></a></li>
  64          <li><a href="http://mucms.taggedzi.com/">Leave<span class="tab-l"></span><span class="tab-r"></span></a></li>
  65      </ul>
  66      <hr class="noscreen" />
  67  </div>';
  68  
  69  /**

  70  * Side Menu for the page  

  71  * @var string formated in HTML

  72  */
  73  $SideMenu = '
  74  <h3><span><a href="#">Login Options</a></span></h3>
  75  <ul id="category">
  76      <li id="category-active"><a href="login.php">login</a></li> <!-- Active -->
  77      <li><a href="http://mucms.taggedzi.com">Leave Site<span class="tab-l"></span><span class="tab-r"></span></a></li>
  78  </ul>';
  79  
  80  /**

  81  * Bread crumb for the page  

  82  * @var string plain text formatL

  83  */
  84  $BreadCrumb = '';
  85  
  86  /**

  87  * Footer for the page  

  88  * @var string formated in HTML

  89  */
  90  $Footer = '<p id="copyright">M&micro;CMS &copy; Copyright 2007 <a href="http://mucms.taggedzi.com/">Matthew Craig</a></p>';
  91  
  92  // this saved the Login Count     : This is a helper function

  93  function SaveCount($num, $offset = 300 , $note) {
  94      if(file_exists('silverload.php')) {
  95          $time = time() + ($offset * 60);
  96          if ($note) {
  97              $sender = '<?php $SilverLoad = ' . $num . '; $SilverPoisen = ' . $time . '; $Notified = True; ?>';
  98          } else {
  99              $sender = '<?php $SilverLoad = ' . $num . '; $SilverPoisen = ' . $time . '; $Notified = False; ?>';
 100          }
 101          $fp = @fopen('silverload.php','wb');
 102          fwrite ($fp, $sender);
 103          fclose($fp);
 104      } else {
 105          $sender = '<?php $SilverLoad=0; $SilverPoisen=0; $Notified = FALSE;  ?>';
 106          $fp = @fopen('silverload.php','wb');
 107          fwrite ($fp, $sender);
 108          fclose($fp);
 109      }    
 110  }
 111  
 112  // Helper function for logging traffic

 113  function LogHit($Separator,$Type) {
 114              
 115      // Set Variables for logging

 116      $self         = $_SERVER["PHP_SELF"];
 117      $userIP     = $_SERVER["REMOTE_ADDR"];
 118      $userHOST     = $_SERVER["REMOTE_HOST"];
 119      $query        = $_SERVER["QUERY_STRING"];
 120      $browser     = $_SERVER["HTTP_USER_AGENT"];
 121      $port        = $_SERVER["REMOTE_PORT"];
 122      $reqURI        = $_SERVER["REQUEST_URI"];
 123      $day        = time();
 124      
 125      $filename = "login.log";
 126      $MaxHitTracker = 300;
 127      
 128      $sender = '';
 129      $sender = $Type . chr($Separator) . $day . chr($Separator) . $self . chr($Separator) . $userIP . chr($Separator) . $userHOST . chr($Separator) . $query . chr($Separator) . $browser . chr($Separator) . $port . chr($Separator) . $reqURI . "\n";
 130  
 131      if (file_exists($filename)) {
 132          // Get file contents read to an array

 133          $StatList = file($filename);
 134          
 135          // If there are more entries then allowed in the file

 136          if (count($StatList) >= $MaxHitTracker) {
 137              // If there are more entries then allowed delete the first entry

 138              array_splice($StatList, 0, 1);
 139          }
 140          
 141          // Open the file for writing

 142          $fp = @fopen($filename, 'wb');
 143          // Add the newest entry to the stat list

 144          array_push ($StatList, $sender);
 145          reset($StatList);
 146          // for each entry write to file

 147          for ($i = 0; $i < count($StatList); $i++) {
 148              // Add each entry in the StatList to the file, with a new line character.

 149              fwrite($fp, $StatList[$i]);
 150          }
 151          // Close the file

 152          fclose($fp);
 153          
 154      } else {
 155          $fp = @fopen($filename, 'wb');
 156          fwrite($fp, $sender);
 157          fclose($fp);
 158      }
 159  }
 160  
 161  // If they have been aproved skip all other steps

 162  if ($_SESSION['aproval']== 'authorized' ) {
 163      $BreadCrumb = '<p id="breadcrumbs">You are already logged in</p>';
 164      $SideMenu = '
 165          <h3><span><a href="#">Login Options</a></span></h3>
 166          <ul id="category">
 167              <li id="category-active"><a href="index.php">Proced to Site</a></li> <!-- Active -->
 168          </ul>';
 169      $content = '
 170          <div class="article">
 171              <h2><span><a href="#">You are already logged in</a></span></h2>
 172              <p class="info noprint">
 173                  <span class="date">' . trim(date("F j, Y, g:i a")) . '</span><span class="noscreen">,</span>
 174              </p>
 175              <p>Note: If you have not recieved prior authorization and coresponding password for this site you are an unauthorized user. Unauthorized access is not permitted. Unauthorized persons attempting to connect to this site will be prosecuted to the fullest extent of the law. 
 176              <p class="btn-more box noprint"><strong><a href="index.php">Continue</a></strong></p>        
 177          </div> <!-- /article -->
 178          <hr class="noscreen" />';
 179  
 180      // Takes the Generated content and displays it

 181      $Display->SetPage($Title, $Description, $Keywords, $content, $TopMenuBar, $SideMenu, $BreadCrumb, $Footer) ;
 182      $Display->CreatePage();
 183      
 184      LogHit($login->Separator,"Re-entry");
 185  
 186      exit;
 187  }
 188  
 189  // Verify that the Password and Lock file exist  - or Lock the site

 190  if(file_exists('silverload.php') && file_exists('silver.php')) {
 191      include_once ('silverload.php');
 192      include_once('silver.php');
 193  } else {
 194  
 195                  
 196      $BreadCrumb = '<p id="breadcrumbs">Password Not Established?</p>';
 197      
 198      $content = '
 199          <!-- Article -->
 200          <div class="article">
 201              <h2><span><a href="#">Password File does not exist</a></span></h2>
 202              <p class="info noprint">
 203                  <span class="date">' . trim(date("F j, Y, g:i a")) . '</span><span class="noscreen">,</span>
 204              </p>
 205              <p>If this CMS has already been installed this site\'s administrative controls have been tampered with. This is now locked. Contact your administrator to fix this problem.</p>
 206              <p>If this site has not been installed click Continue to Install.</p>
 207              <p>Note: If you have not recieved prior authorization and coresponding password for this site you are an unauthorized user. Unauthorized access is not permitted. Unauthorized persons attempting to connect to this site will be prosecuted to the fullest extent of the law. 
 208              <p class="btn-more box noprint"><strong><a href="install.php">Continue</a></strong></p>        
 209          </div> <!-- /article -->
 210          <hr class="noscreen" />';
 211      $SideMenu = '
 212          <h3><span><a href="#">Login Options</a></span></h3>
 213          <ul id="category">
 214              <li id="category-active"><a href="install.php">Install New</a></li> <!-- Active -->
 215              <li><a href="#">Contact Administrator</a></li>
 216          </ul>';
 217      
 218      // Takes the Generated content and displays it

 219      $Display->SetPage($Title, $Description, $Keywords, $content, $TopMenuBar, $SideMenu, $BreadCrumb, $Footer) ;
 220      $Display->CreatePage();
 221  
 222      // Log Hits

 223      LogHit($login->Separator,"Blank");
 224      exit;
 225  }
 226  
 227  // Check Number of Login Attempts if greater than Max Lock server login functions

 228  if ($SilverLoad > $login->MaxLogin) {
 229      // if the Max Login Attempts have been reached check the time.  If the right time has elapsed release the lock down

 230      if ( time() >= $SilverPoisen) {
 231          // If enough time has passed

 232          $ServerLocked = False;
 233          // Reset the counter

 234          $SilverLoad = 0;
 235          // Save it

 236          SaveCount ($SilverLoad, $login->LockTime, FALSE );
 237      } else {
 238          // If enough time has not passed keep the server locked.

 239          $ServerLocked = True;
 240          if ($login->NotifyAdmin && !$Notified) {
 241          require_once("class.phpmailer.php");
 242          //require_once('mailconfig.php');

 243          $mail = new PHPMailer();
 244          $mail->From     = $login->from_email;
 245          $mail->FromName = $login->from_name;
 246          $mail->Host     = $login->smtp_host;
 247          $mail->Mailer   = "smtp";    //  '' if using binary mail program, 'smtp' to use smtp service

 248              $mail->SMTPAuth = true;        // if a password is required

 249          $mail->Port     = $login->smtp_port;
 250              $mail->Username = $login->smtp_username;
 251              $mail->Password = $login->smtp_userpass;
 252          $mail->Priority = $login->priority; 
 253          
 254          $mail->Subject     = 'Alert! Potential Website Problems'; 
 255          $body = '<html>
 256              <head></head>
 257              <body>
 258              <table width="640">
 259                  <tr>
 260                      <td>
 261                          <h1><font color="#ff0000">Alert! This is an Automated Alert!</font></h1>
 262                          <p>This is an automated message do not respond to this address</p>
 263                          <p>Your Server at ' . $_SERVER["PHP_SELF"] .  ' is experiencing a potential problem.</p>
 264                          <p>Someone from the IP address of ' . $_SERVER["REMOTE_ADDR"] . ' has attempted to login to your site and failed to use the correct password.</p>
 265                          <p>If you see this message more than once, they have attempted multiple times (5 times per email).</p>
 266                      </td>
 267                  </tr>
 268              </table>
 269              </body>
 270              </html>';
 271          
 272              // Plain text body (for mail clients that cannot read HTML)

 273              $text_body  = "Alert! This is an automated Alert!\n\n";
 274              $text_body .= "This is an automated message do not respond to this address.\n\n";
 275              $text_body .= "Your Server at " . $_SERVER["PHP_SELF"] .  " is experiencing a potential problem. \n";
 276              $text_body .= "Someone from the IP address of " . $_SERVER["REMOTE_ADDR"] . " has attempted to login to your site and failed to use the correct password.\n";
 277              $text_body .= "If you see this message more than once, they have attempted multiple times (5 times per email).";
 278              $mail->Body    = $body;
 279              $mail->AltBody = $text_body;
 280              $mail->AddAddress($login->AdminEmail);
 281              $mail->Send();
 282              // Clear all addresses and attachments for next loop

 283              $mail->ClearAddresses();
 284              $mail->ClearAttachments();
 285              SaveCount ($SilverLoad, $login->LockTime, TRUE );
 286              LogHit($login->Separator);
 287          } else {
 288              // If email is not enabled.... what to do... nothing for now

 289          }
 290      }
 291  
 292  } else {
 293      $ServerLocked = False;
 294  }
 295  
 296  if ($ServerLocked) {
 297  
 298      $BreadCrumb = '<p id="breadcrumbs">Too many login attempts.</p>';
 299      
 300      $content = '
 301          <!-- Article -->
 302          <div class="article">
 303              <h2><span><a href="#">System Lock Down</a></span></h2>
 304              <p class="info noprint">
 305                  <span class="date">' . trim(date("F j, Y, g:i a")) . '</span><span class="noscreen">,</span>
 306                  <span class="user">Failed Login Attempts: ' . $SilverLoad . '</span><span class="noscreen">,</span><br />
 307                  <span class="cat">Status <b>Locked</b> for: ' . round(($SilverPoisen - time()) / 60) . ' minutes</span><span class="noscreen">,</span>
 308              </p>
 309              <p>This site is under a security lock down due to to many password entries in a given time. If you have received this message in error please contact your site administrator.</p>
 310              <p>Note: If you have not recieved prior authorization and coresponding password for this site you are an unauthorized user. Unauthorized access is not permitted. Unauthorized persons attempting to connect to this site will be prosecuted to the fullest extent of the law. 
 311              <p></p>
 312          </div> <!-- /article -->
 313          <hr class="noscreen" />';
 314      
 315      $SideMenu = '
 316          <h3><span><a href="#">Login Options</a></span></h3>
 317          <ul id="category">
 318              <li id="category-active"><a href="login.php#">Wait ' . round(($SilverPoisen - time()) / 60) . ' minutes</a></li> <!-- Active -->
 319              <li><a href="http://mucms.taggedzi.com/">Leave</a></li>
 320          </ul>';
 321  
 322      // Takes the Generated content and displays it

 323      $Display->SetPage($Title, $Description, $Keywords, $content, $TopMenuBar, $SideMenu, $BreadCrumb, $Footer) ;
 324      $Display->CreatePage();
 325      
 326      // Log Hits

 327      LogHit($login->Separator,"Locked");
 328      exit;
 329  }
 330  
 331  if (isset($_POST['minor']) && isset($_POST['password'])) {
 332      // Sterilize data

 333      $password = trim(SemiSterilizeInputString ($_POST['password']));
 334      // Save

 335      SaveCount ( $SilverLoad+1, ($login->LockTime) , FALSE );
 336      // Log the Entery

 337      
 338      // include_once('class.data.php');

 339      if (md5($password . $login->Salts) == $silver) {
 340          $_SESSION['aproval'] = 'authorized';
 341                  
 342          $BreadCrumb = '<p id="breadcrumbs">Login Success</p>';
 343      
 344          $content = '
 345              <!-- Article -->
 346              <div class="article">
 347                  <h2><span><a href="#">Login Success</a></span></h2>
 348                  <p class="info noprint">
 349                      <span class="date">' . trim(date("F j, Y, g:i a")) . '</span><span class="noscreen">,</span>
 350                      <span class="user">Failed Login Attempts: ' . $SilverLoad . '</span><span class="noscreen">,</span>
 351                  </p>
 352                  <p> Login successful. Please click continue to procede.</p>
 353                  <p>Note: If you have not recieved prior authorization and coresponding password for this site you are an unauthorized user. Unauthorized access is not permitted. Unauthorized persons attempting to connect to this site will be prosecuted to the fullest extent of the law. 
 354                  <p class="btn-more box noprint"><strong><a href="index.php">Continue</a></strong></p>
 355              </div> <!-- /article -->
 356              <hr class="noscreen" />';
 357          $SideMenu = '
 358              <h3><span><a href="#">Login Options</a></span></h3>
 359              <ul id="category">
 360                  <li><a href="index.php">Continue to Control Panel</a></li>
 361              </ul>';
 362  
 363          // Takes the Generated content and displays it

 364          $Display->SetPage($Title, $Description, $Keywords, $content, $TopMenuBar, $SideMenu, $BreadCrumb, $Footer) ;
 365          $Display->CreatePage();
 366  
 367          SaveCount ( 0 , 0 , FALSE);
 368          LogHit($login->Separator,"Success");
 369          
 370      } else {
 371                  
 372          $BreadCrumb = '<p id="breadcrumbs">Login required</p>';
 373      
 374          $content = '            
 375          <!-- Article -->
 376              <div class="article">
 377                  <h2><span><a href="#">Enter System Password</a></span></h2>
 378                   <p class="info noprint">
 379                      <span class="date">' . trim(date("F j, Y, g:i a")) . '</span><span class="noscreen">,</span>
 380                      <span class="user">Failed Login Attempts: ' . $SilverLoad . '</span><span class="noscreen">,</span>
 381                  </p>
 382  
 383  
 384                      <p>
 385                          <form action="login.php" method="post"  style="text-align:center;">
 386                              <input type="password" name="password" tabindex="1" accesskey="P" />
 387                              <input type="submit" value="Login" name="minor" accesskey="S" tabindex="2" />
 388                          </form>
 389                      </p>
 390                  <p>Note: If you have not recieved prior authorization and coresponding password for this site you are an unauthorized user. Unauthorized access is not permitted. Unauthorized persons attempting to connect to this site will be prosecuted to the fullest extent of the law. 
 391                      <p></p>
 392              </div> <!-- /article -->
 393  
 394              <hr class="noscreen" />';
 395              $SideMenu = '
 396                  <h3><span><a href="#">Login Options</a></span></h3>
 397                  
 398                          <ul id="category">
 399                      <li id="category-active"><a href="login.php">Login</a></li>
 400                      <li><a href="http://mucms.taggedzi.com">Leave Site<span class="tab-l"></span><span class="tab-r"></span></a></li>
 401                          </ul>';
 402          $Display->SetPage($Title, $Description, $Keywords, $content, $TopMenuBar, $SideMenu, $BreadCrumb, $Footer) ;
 403          $Display->CreatePage();
 404          // Log Hits

 405          LogHit($login->Separator,"Failed");
 406      }
 407  
 408  } else {
 409      $BreadCrumb = '<p id="breadcrumbs">Login required</p>';
 410  
 411      $content = '
 412          <!-- Article -->
 413          <div class="article">
 414              <h2><span><a href="#">Enter System Password</a></span></h2>
 415              <p class="info noprint">
 416                  <span class="date">' . trim(date("F j, Y, g:i a")) . '</span><span class="noscreen">,</span>
 417                  <span class="user">Failed Login Attempts: ' . $SilverLoad . '</span><span class="noscreen">,</span>
 418              </p>
 419              <p>
 420                  <form action="login.php" method="post"  style="text-align:center;">
 421                      <input type="password" name="password" tabindex="1" accesskey="P" />
 422                      <input type="submit" value="Login" name="minor" accesskey="S" tabindex="2" />
 423                  </form>
 424              </p>
 425              <p>Note: If you have not recieved prior authorization and coresponding password for this site you are an unauthorized user. Unauthorized access is not permitted. Unauthorized persons attempting to connect to this site will be prosecuted to the fullest extent of the law. 
 426              <p></p>
 427          </div> <!-- /article -->
 428          <hr class="noscreen" />';
 429  
 430      $SideMenu = '
 431          <h3><span><a href="#">Login Options</a></span></h3>
 432          <ul id="category">
 433              <li id="category-active"><a href="login.php">Login</a></li>
 434              <li><a href="http://mucms.taggedzi.com">Leave Site<span class="tab-l"></span><span class="tab-r"></span></a></li>
 435          </ul>';
 436  
 437  // Takes the Generated content and displays it

 438  $Display->SetPage($Title, $Description, $Keywords, $content, $TopMenuBar, $SideMenu, $BreadCrumb, $Footer) ;
 439  $Display->CreatePage();
 440  
 441  // Log Hits

 442  LogHit($login->Separator,"Entry");
 443  }
 444  
 445  ?>

title

Description

title

Description

title

Description

title

title

Body