ISPConfig3 devel
blame | history | patch | commit | commitdiff | ignore whitespace
Marius Burkard
2016-07-10 e1ceb050e19c7574bca146a8da7047ee4ff456b5 
 interface/web/login/index.php


@@ -60,7 +60,7 @@




   //** Check variables


   if(!preg_match("/^[\w\.\-\_\@]{1,128}$/", $_POST['username'])) $error = $app->lng('user_regex_error');


   if(!preg_match("/^.{1,64}$/i", $_POST['password'])) $error = $app->lng('pw_error_length');


   if(!preg_match("/^.{1,256}$/i", $_POST['password'])) $error = $app->lng('pw_error_length');




   //** importing variables


   $ip    = ip2long($_SERVER['REMOTE_ADDR']);


@@ -157,9 +157,8 @@


               $user = false;


               if($mailuser) {


                  $saved_password = stripslashes($mailuser['password']);


                  $salt = '$1$'.substr($saved_password, 3, 8).'$';


                  //* Check if mailuser password is correct


                  if(crypt(stripslashes($password), $salt) == $saved_password) {


                  if(crypt(stripslashes($password), $saved_password) == $saved_password) {


                     //* we build a fake user here which has access to the mailuser module only and userid 0


                     $user = array();


                     $user['userid'] = 0;


@@ -182,22 +181,15 @@


               $user = $app->db->queryOneRecord($sql, $username);


               if($user) {


                  $saved_password = stripslashes($user['passwort']);


                  if(substr($saved_password, 0, 3) == '$1$') {


                     //* The password is crypt-md5 encrypted


                     $salt = '$1$'.substr($saved_password, 3, 8).'$';


                        if(crypt(stripslashes($password), $salt) != $saved_password) {


                        $user = false;


                     }


                  } elseif(substr($saved_password, 0, 3) == '$5$') {


                     //* The password is crypt-sha256 encrypted


                     $salt = '$5$'.substr($saved_password, 3, 16).'$';


                        if(crypt(stripslashes($password), $salt) != $saved_password) {


                  if(substr($saved_password, 0, 1) == '$') {


                     //* The password is encrypted with crypt


                     if(crypt(stripslashes($password), $saved_password) != $saved_password) {


                        $user = false;


                     }


                  } else {


                        //* The password is md5 encrypted


                     //* The password is md5 encrypted


                     if(md5($password) != $saved_password) {


                           $user = false;


                        $user = false;


                     }


                  }


               } else {


@@ -217,16 +209,18 @@


                  $user = $app->db->toLower($user);


                  


                  if ($loginAs) $oldSession = $_SESSION['s'];


                  if (!$loginAs) session_regenerate_id(true);


                  // Session regenerate causes login problems on some systems, have to find a better way. see Issue #3827


                  //if (!$loginAs) session_regenerate_id(true);


                  $_SESSION = array();


                  if ($loginAs) $_SESSION['s_old'] = $oldSession; // keep the way back!


                  $_SESSION['s']['user'] = $user;


                  $_SESSION['s']['user']['theme'] = isset($user['app_theme']) ? $user['app_theme'] : 'default';


                  $_SESSION['s']['language'] = $user['language'];


                  $_SESSION["s"]['theme'] = $_SESSION['s']['user']['theme'];


                  if ($loginAs) $_SESSION['s']['plugin_cache'] = $_SESSION['s_old']['plugin_cache'];


                  


                  if(is_file($_SESSION['s']['user']['startmodule'].'/lib/module.conf.php')) {


                     include_once $_SESSION['s']['user']['startmodule'].'/lib/module.conf.php';


                  if(is_file(ISPC_WEB_PATH . '/' . $_SESSION['s']['user']['startmodule'].'/lib/module.conf.php')) {


                     include_once ISPC_WEB_PATH . '/' . $_SESSION['s']['user']['startmodule'].'/lib/module.conf.php';


                     $menu_dir = ISPC_WEB_PATH.'/' . $_SESSION['s']['user']['startmodule'] . '/lib/menu.d';


                        if (is_dir($menu_dir)) {


                        if ($dh = opendir($menu_dir)) {


@@ -268,7 +262,7 @@


                     echo 'LOGIN_REDIRECT:'.$_SESSION['s']['module']['startpage'];


                     exit;


                  } else {


                     header('Location: /index.php?phpsessid='.session_id());


                     header('Location: ../index.php');


                     die();


                  }


               }


@@ -312,6 +306,7 @@


}




$app->load('getconf');


$sys_config = $app->getconf->get_global_config('misc');




$security_config = $app->getconf->get_security_config('permissions');


if($security_config['password_reset_allowed'] == 'yes') {


@@ -348,7 +343,15 @@


$app->tpl->setVar('base64_logo_txt', $base64_logo_txt);




// Title


$app->tpl->setVar('company_name', $sys_config['company_name']. ' :: ');


if (!empty($sys_config['company_name'])) {


   $app->tpl->setVar('company_name', $sys_config['company_name']. ' :: ');


}




// Custom Login


if ($sys_config['custom_login_text'] != '') {


    $custom_login = @($sys_config['custom_login_link'] != '')?'<a href="'.$sys_config['custom_login_link'].'" target="_blank">'.$sys_config['custom_login_text'].'</a>':$sys_config['custom_login_text'];


}


$app->tpl->setVar('custom_login', $custom_login);




$app->tpl_defaults();