developpeur
 24581 
|  Posté : 22-04-2004 14:23
snake :
remplace auth.inc.php par cette version SVP
<?PHP
/************************************************************** **********/
/* NPDS V : Net Portal Dynamic System . & nbsp; */
/* =========================== &nbs p; ; */
/* &nb sp; &nbs p; ; & nbsp; */
/* Original Copyright (c) 2001 by Francisco Burzi (fburzi@ncc.org.ve) */
/* http://phpnuke.org */
/* &nb sp; &nbs p; ; & nbsp; */
/* This version name NPDS Copyright (c) 2001-2004 */
/* &nb sp; &nbs p; ; & nbsp; */
/* This program is free software. You can redistribute it and/or modify */
/* it under the terms of the GNU General Public License as published by */
/* the Free Software Foundation; either version 2 of the License. */
/************************************************************************/
br />function Admin_alert($motif) {
global $admin;
setcookie("admin","",0);
unset($admin);
Ecr_Log("security", "auth.inc.php/Admin_alert : ".$motif, "");
echo "<html>\n";
echo "<body bgcolor=\"#FFFFFF\" text=\"#000000\">\n<br /><br /><br />";
echo "<center><img src=\"images/eyes.gif\" border=0><br /><br />\n";
echo "<font face=\"Verdana\" size=\"3\"><b>.: IP recorded :.</b></fon t></center>\n";
echo "</body>\n";
echo "</html>\n";
redirect_!url(!"admin.php");
die();
}
if ((isset($aid)) and (isset($pwd)) and ($op == "login")) {
if ($aid!="" and $pwd!="") {
$result=mysql_query("select pwd from authors where aid='$ai d'");
if (!$result) {
Admin_Alert ("DB not ready #1 : $aid");
} else {
list($pass) =mysql_fetch_row($result);
if ($s ystem_md5) {
; $passwd=crypt($pwd,$pass);
} else {
; $passwd=$pwd;
}
if ((s trcmp($passwd,$pass)==0) and ($pass != "")) {
; $admin = base_64_encode("$aid:".md5($passwd));
; if ($admin_cook_duration<=0) {$admin_cook_duration=1;}
; $timeX=time()+(3600*$admin_cook_duration);
; setcookie("admin","$admin",$timeX);
} else {
; Admin_Alert("Passwd not in DB#1 : $passwd");
}
}
}
}
#autodoc $admintest - $super_admintest : permet ;de savoir si un admin est connecté ($admint est=true) et s'il est SuperAdmin ($super_admintest=tru e)
$admintest = false;
$super_admintest = false;
if ($admin!="") {
$Xadmin = base_64_decode($admin);
$Xadmin = explode(":", $Xadmin);
$aid = htmlspecialchars($Xadmin[0], ENT_QUOTES);
$AIpwd = $Xadmin[1];
if ($aid=="" or $AIpwd=="") {
Admin_Alert("Null Aid or Passwd");
}
$result=mysql_query("select pwd, radminsuper from authors w here aid='$aid'");
if (!$result) {
Admin_Alert("DB not ready #2 : $aid");
} else {
list($AIpass, $Xsuper_admintest)=mysql_fetch_row ($result);
if (md5($AIpass) == $AIpwd and $AIpass != "") {
$admintest = true;
$super_admintest = $Xsupe r_admintest;
} else {
Admin_Alert("Password in Cookies not Good #1 : $AIpwd");
}
}
unset ($AIpass);
unset ($AIpwd);
unset ($Xadmin);
unset ($Xsuper_admintest);
}
?>
|
