login_page(); } if (strpos($CPG_REFERER, "logout.php") !== false) { $CPG_REFERER = "index.php"; } $login_failed = ''; $cookie_warning = ''; if ($superCage->post->keyExists('submitted')) { if ($USER_DATA = $cpg_udb->login($superCage->post->getEscaped('username'), $superCage->post->getEscaped('password'), $superCage->post->getInt('remember_me'))) { //$referer=preg_replace("'&'","&",$referer); // Write the log entry if ($CONFIG['log_mode'] == CPG_LOG_ALL) { log_write('The user ' . $USER_DATA['user_name'] . ' (user ID ' . $USER_DATA['user_id'] . ") logged in.", CPG_ACCESS_LOG); } // Set the language preference $sql = "UPDATE {$CONFIG['TABLE_USERS']} SET user_language = '{$USER['lang']}' WHERE user_id = {$USER_DATA['user_id']}"; $result = cpg_db_query($sql); $cpg_udb->authenticate(); if (!$USER_DATA['has_admin_access']) { unset($USER['am']); user_save_profile(); } $redirect = ($CPG_REFERER && (strpos($CPG_REFERER, 'login.php') === false)) ? $CPG_REFERER : 'index.php'; $pending_approvals = ($USER_DATA['has_admin_access'] && cpg_get_pending_approvals() > 0) ? '
'.$lang_gallery_admin_menu['upl_app_title'] : ''; cpgRedirectPage($redirect, $lang_login_php['login'], sprintf($lang_login_php['welcome'], $USER_DATA['user_name']).$pending_approvals, 3, 'success'); exit; } else { // Write the log entry log_write("Failed login attempt with Username: " . $superCage->post->getEscaped('username'), CPG_SECURITY_LOG); $login_failed = <<
{$lang_login_php['err_login']}
EOT; // get IP address of the person who tried to log in, look it up on the banning table and increase the brute force counter. If the brute force counter has reached a critical limit, set a regular banning record $result = cpg_db_query("SELECT ban_id, brute_force FROM {$CONFIG['TABLE_BANNED']} WHERE ip_addr = '$raw_ip' OR ip_addr = '$hdr_ip' LIMIT 1"); $failed_logon_counter = mysql_fetch_assoc($result); mysql_free_result($result); $expiry_date = date("Y-m-d H:i:s", mktime(date('H'), date('i') + $CONFIG['login_expiry'], date('s'), date('m'), date('d'), date('Y'))); if ($failed_logon_counter['brute_force']) { $failed_logon_counter['brute_force'] = $failed_logon_counter['brute_force'] - 1; $query_string = "UPDATE {$CONFIG['TABLE_BANNED']} SET brute_force = {$failed_logon_counter['brute_force']}, expiry = '$expiry_date' WHERE ban_id = {$failed_logon_counter['ban_id']}"; } else { $failed_logon_counter['brute_force'] = $CONFIG['login_threshold']; $query_string = "INSERT INTO {$CONFIG['TABLE_BANNED']} (ip_addr, expiry, brute_force) VALUES ('$raw_ip', '$expiry_date', {$failed_logon_counter['brute_force']})"; } //write the logon counter to the database cpg_db_query($query_string); } } if (!$superCage->cookie->keyExists($CONFIG['cookie_name'] . '_data')) { if (!$superCage->get->keyExists('reload_once')) { $ref = $CPG_REFERER ? '?reload_once&referer='.urlencode($CPG_REFERER) : '?reload_once'; cpgRedirectPage('login.php'.$ref); } $cookie_warning = << {$lang_login_php['cookie_warning']} EOT; } if ($CONFIG['reg_requires_valid_email'] == 1) { $send_activation_link = '
'.$lang_login_php['send_activation_link'].''; } else { $send_activation_link = ''; } pageheader($lang_login_php['login']); if ($superCage->get->getInt('force_login')) { msg_box($lang_login_php['force_login_title'], $lang_login_php['force_login']); } //$referer = urlencode($referer); $username_icon = cpg_fetch_icon('my_profile', 2); $password_icon = cpg_fetch_icon('key_enter', 2); $ok_icon = cpg_fetch_icon('ok', 2); echo '
'; starttable(-1, cpg_fetch_icon('login', 2) . $lang_login_php['enter_login_pswd'], 2); //see how users are allowed to login, can be username, email address or both $login_method = $lang_login_php[$CONFIG['login_method']]; echo <<< EOT $login_failed $cookie_warning {$username_icon}{$login_method} {$password_icon}{$lang_login_php['password']} {$lang_login_php['forgot_password_link']} $send_activation_link EOT; endtable(); echo <<< EOT
EOT; pagefooter(); ?>