archive
/
utd-control-panel


			
				
					
						
						
							12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667
							<?PHP

 require_once('lib/common.php');
 require_once('lib/database.php');
 require_once('lib/dashboard.php');
 
 define('NOLOGINREF', true); // So we don't go round in circles

 require_once('lib/account.php');

 if (isset($_POST['username']) && isset($_POST['password'])) {
   
   $pass = md5($_POST['username'].$_POST['password']);
   $user = mysql_real_escape_string($_POST['username']);

   $sql = 'SELECT user_id FROM users WHERE user_name = \''.$user.'\' AND user_pass = \''.$pass.'\'';
   $res = mysql_query($sql) or mf(__FILE__, __LINE__, $sql);

   if (mysql_num_rows($res) == 1) {
     $row = mysql_fetch_array($res);
     $uid = $row['user_id'];
     $sip = mysql_real_escape_string($_SERVER['REMOTE_ADDR']);

     $sql  = 'INSERT INTO sessions (user_id, session_ip, session_start, session_last';
     $sql .= ',session_ident) VALUES ('.$uid.', \''.$sip.'\', '.time().', '.time();
     $sql .= ', \'null\')';
     mysql_query($sql) or mf(__FILE__, __LINE__, $sql);

     $id = mysql_insert_id();

     $sid = md5($uid.$sip.$id);

     $sql = 'UPDATE sessions SET session_ident = \''.$sid.'\' WHERE session_id = '.$id;
     mysql_query($sql) or mf(__FILE__, __LINE__, $sql);

     setcookie('utdsid', $sid, time()+60*60*24, '/');
     logger::log('Login from '.$_SERVER['REMOTE_ADDR'],$uid,logger::information);
 
     header('Location: '.CP_PATH);
   } else {
     $sql = 'SELECT user_pass FROM users WHERE user_name = \''.m($_POST['username']).'\'';
     $res = mysql_query($sql) or mf(__FILE__, __LINE__, $sql);
     $row = mysql_fetch_array($res);
     if ($row['user_pass']{0} == '!') {
      define('MESSAGE', 'This account is locked. Please contact support@utd-hosting.com for assistance.');
      logger::log('Log in attempt for locked account '.$_POST['username'].' by '.$_SERVER['REMOTE_ADDR'], logger::normal);
     } else {
      define('MESSAGE', 'Invalid username/password combination');
      logger::log('Invalid login attempt for user '.$_POST['username'].' by '.$_SERVER['REMOTE_ADDR'], logger::normal); 
      bfc($_SERVER['REMOTE_ADDR']);
     }
   }
   
 }
 
 addDashboardItem('Useful links', 'Recover password', 'recoverpw');
 addDashboardItem('Frequently asked questions', 'Can I give other users access to my control panel?', 'support/006');
 addDashboardItem('Frequently asked questions', 'What do I do if I forget my username?', 'support/007');
 addDashboardItem('Frequently asked questions', 'Can I file support requests without using the control panel?', 'support/005');

 define('TITLE', 'Login');
 
 require_once('lib/header.php');
 require_once('pages/login.php');
 require_once('lib/footer.php');

?>