gitlabFork/ISPConfig3.git - Solinfo Gitblit

			@@ -51,22 +51,30 @@
			$app->uses('tpl');
			$app->tpl->newTemplate('form.tpl.htm');

			$error = '';
			$error = '';

			$app->load_language_file('web/login/lib/lang/'.$conf["language"].'.lng');


			//* Login Form was send
			if(count($_POST) > 0) {

			// iporting variables

			//** Check variables
			if(!preg_match("/^[\w\.\-\_]{1,64}$/", $_POST['username'])) $error = $app->lng('user_regex_error');
			if(!preg_match("/^.{1,64}$/i", $_POST['passwort'])) $error = $app->lng('pw_error_length');

			//** iporting variables
			$ip = $app->db->quote(ip2long($_SERVER['REMOTE_ADDR']));
			$username = $app->db->quote($_POST['username']);
			$passwort = $app->db->quote($_POST['passwort']);
			$passwort = $app->db->quote($_POST['passwort']);
			$loginAs = false;
			$time = time();

			if($username != '' and $passwort != '') {
			if($username != '' && $passwort != '' && $error == '') {
			/*
			* Check, if there is a "login as" instead of a "normal" login
			*/
			if (isset($_SESSION['s']['user'])){
			if (isset($_SESSION['s']['user']) && $_SESSION['s']['user']['active'] == 1){
			/*
			* only the admin can "login as" so if the user is NOT a admin, we
			* open the startpage (after killing the old session), so the user
			@@ -91,21 +99,38 @@
			$loginAs = false;
			}

			//* Check if there already wrong logins
			//* Check if there are already wrong logins
			$sql = "SELECT * FROM `attempts_login` WHERE `ip`= '{$ip}' AND `login_time` > (NOW() - INTERVAL 1 MINUTE) LIMIT 1";
			echo $sql;
			$alreadyfailed = $app->db->queryOneRecord($sql);
			//* login to much wrong
			if($alreadyfailed['times'] > 5) {
			$error = $app->lng(1004);
			$error = $app->lng('error_user_too_many_logins');
			} else {
			if ($loginAs){
			$sql = "SELECT * FROM sys_user WHERE USERNAME = '$username' and PASSWORT = '". $passwort. "'";
			$user = $app->db->queryOneRecord($sql);
			} else {
			$sql = "SELECT * FROM sys_user WHERE USERNAME = '$username'";
			$user = $app->db->queryOneRecord($sql);
			if($user && $user['active'] == 1) {
			$saved_password = stripslashes($user['passwort']);
			if(substr($saved_password,0,3) == '$1$') {
			//* The password is crypt-md5 encrypted
			$salt = '$1$'.substr($saved_password,3,8).'$';
			if(crypt($passwort,$salt) != $saved_password) {
			$user = false;
			}
			} else {
			//* The password is md5 encrypted
			if(md5($passwort) != $saved_password) {
			$user = false;
			}
			}
			} else {
			$user = false;
			}
			}
			else {
			$sql = "SELECT * FROM sys_user WHERE USERNAME = '$username' and ( PASSWORT = '".md5($passwort)."' or PASSWORT = password('$passwort') )";
			}
			$user = $app->db->queryOneRecord($sql);

			if($user) {
			if($user['active'] == 1) {
			// User login right, so attempts can be deleted
			@@ -128,7 +153,7 @@

			exit;
			} else {
			$error = $app->lng(1003);
			$error = $app->lng('error_user_blocked');
			}
			} else {
			if(!$alreadyfailed['times'] )
			@@ -142,13 +167,13 @@
			$app->db->query($sql);
			}
			//* Incorrect login - Username and password incorrect
			$error = $app->lng(1002);
			$error = $app->lng('error_user_password_incorrect');
			if($app->db->errorMessage != '') $error .= '<br />'.$app->db->errorMessage != '';
			}
			}
			} else {
			//* Username or password empty
			$error = $app->lng(1001);
			if($error == '') $error = $app->lng('error_user_password_empty');
			}
			}
			if($error != ''){
			@@ -158,6 +183,9 @@


			$app->tpl->setVar('error', $error);
			$app->tpl->setVar('username_txt', $app->lng('username_txt'));
			$app->tpl->setVar('password_txt', $app->lng('password_txt'));
			$app->tpl->setVar('login_button_txt', $app->lng('login_button_txt'));
			$app->tpl->setInclude('content_tpl','login/templates/index.htm');
			$app->tpl_defaults();