forked from services/mlmmj-light-web-ecg
Changed README, disabled unneded features, Hiding some features from the GUI
This commit is contained in:
mlmmj mailinglist daemon and simple webinterface
parent
1e0a17e6cf
commit
81d0c6e6ef
63
login.php
63
login.php
@@ -1,20 +1,25 @@
|
||||
<?php
|
||||
|
||||
# TODO: Remove this afterwards
|
||||
error_reporting(E_ALL);
|
||||
ini_set("display_errors", 1);
|
||||
|
||||
require("init.php");
|
||||
$login_domain = isset($_POST["login_domain"]) ? $_POST["login_domain"] : "";
|
||||
$login_pass = isset($_POST["login_pass"]) ? $_POST["login_pass"] : "";
|
||||
|
||||
// Convert to lower case
|
||||
$login_domain = strtolower($login_domain);
|
||||
#$login_domain = strtolower($login_domain);
|
||||
|
||||
if( !empty($login_domain) && !empty($login_pass) )
|
||||
{
|
||||
if ( preg_match("/[^a-z0-9\-\.]/", $login_domain) )
|
||||
{
|
||||
// Domain must contain only english letters, digits, hyphens and dots
|
||||
$_SESSION["error_code"] = 1;
|
||||
header("Location: error.php");
|
||||
exit();
|
||||
}
|
||||
#if ( preg_match("/[^a-z0-9\-\.]/", $login_domain) )
|
||||
#{
|
||||
# // Domain must contain only english letters, digits, hyphens and dots
|
||||
# $_SESSION["error_code"] = 1;
|
||||
# header("Location: error.php");
|
||||
# exit();
|
||||
#}
|
||||
|
||||
if ( preg_match("/[^A-Za-z0-9]/", $login_pass) )
|
||||
{
|
||||
@@ -27,34 +32,34 @@ if( !empty($login_domain) && !empty($login_pass) )
|
||||
// Sha256 sum of entered password
|
||||
$login_hash = hash("sha256", $login_pass);
|
||||
|
||||
$hashes = file_get_contents("$lists_path/passwords.txt");
|
||||
preg_match("/^$login_domain:(.*).*/m", $hashes, $hash);
|
||||
#$hashes = file_get_contents("$lists_path/passwords.txt");
|
||||
#preg_match("/^$login_domain:(.*).*/m", $hashes, $hash);
|
||||
|
||||
// Is there such domain?
|
||||
if ( count($hash) == 0 )
|
||||
{
|
||||
preg_match("/^list\.$login_domain:(.*).*/m", $hashes, $hash);
|
||||
// Maybe user omitted "list." prefix?
|
||||
if ( count($hash) == 0 )
|
||||
{
|
||||
// No luck. Incorrect domain
|
||||
$_SESSION["error_code"] = 4;
|
||||
header("Location: error.php");
|
||||
exit();
|
||||
}
|
||||
else
|
||||
{
|
||||
// Yes, he omitted "list."
|
||||
$login_domain = "list.$login_domain";
|
||||
}
|
||||
}
|
||||
#if ( count($hash) == 0 )
|
||||
#{
|
||||
# preg_match("/^list\.$login_domain:(.*).*/m", $hashes, $hash);
|
||||
# // Maybe user omitted "list." prefix?
|
||||
# if ( count($hash) == 0 )
|
||||
# {
|
||||
# // No luck. Incorrect domain
|
||||
# $_SESSION["error_code"] = 4;
|
||||
# header("Location: error.php");
|
||||
# exit();
|
||||
# }
|
||||
# else
|
||||
# {
|
||||
# // Yes, he omitted "list."
|
||||
# $login_domain = "list.$login_domain";
|
||||
# }
|
||||
#}
|
||||
|
||||
// Compare hashes
|
||||
if($login_hash == $hash[1])
|
||||
if($login_hash == "3b844f5e23039700921b7a301b99d17470cf1f466986aa4e4e2e566369412d32")
|
||||
{
|
||||
// Authentication successful - Set session
|
||||
$_SESSION["auth"] = 1;
|
||||
$_SESSION["domain"] = $login_domain;
|
||||
$_SESSION["domain"] = ""; #$login_domain;
|
||||
header("Location: index.php");
|
||||
exit();
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user