function CHECK_ADMIN_LOGIN ($admin_login, $password)
{
global $cacheArray, $_CONFIG, $cacheInstance;
- $ret = "404"; $pass = "";
+
+ // Init variables
+ $ret = "404";
+ $data = array();
+
+ // Is the cache valid?
if (!empty($cacheArray['admins']['aid'][$admin_login])) {
// Get password from cache
- $pass = $cacheArray['admins']['password'][$admin_login];
+ $data['password'] = $cacheArray['admins']['password'][$admin_login];
$ret = "pass";
$_CONFIG['cache_hits']++;
- } else {
+
+ // Include more admins data?
+ if (GET_EXT_VERSION("admins") >= "0.7.0") {
+ // Load them here
+ $data['login_failtures'] = $cacheArray['admins']['login_failtures'][$admin_login];
+ $data['last_failture'] = $cacheArray['admins']['last_failture'][$admin_login];
+ } // END - if
+ } elseif (GET_EXT_VERSION("cache") == "") {
$ADD = "";
if (GET_EXT_VERSION("admins") >= "0.7.0") {
// Load them here
}
//* DEBUG: */ echo "*".$data['password']."/".md5($password)."/".$ret."<br />";
- if ((strlen($data['password']) == 32) && ($data['password'] == md5($password))) {
+ if ((isset($data['password'])) && (strlen($data['password']) == 32) && ($data['password'] == md5($password))) {
// Generate new hash
$data['password'] = generateHash($password);
} elseif ((GET_EXT_VERSION("sql_patches") < "0.3.6") || (GET_EXT_VERSION("sql_patches") == "")) {
// Old hashing way
return $ret;
+ } elseif (!isset($data['password'])) {
+ // Password not found, so no valid login!
+ return $ret;
}
// Generate salt of password
// Check if password is same
//* DEBUG: */ echo "*".$ret.",".$data['password'].",".$password.",".$salt."*<br >\n";
- if (($ret == "pass") && ($data['password'] == generateHash($password, $salt)) && (!empty($salt))) {
- // Change the passord hash here
+ if (($ret == "pass") && ($data['password'] == generateHash($password, $salt)) && (!empty($salt))) {
+ // Re-hash the plain passord with new random salt
$data['password'] = generateHash($password);
// Do we have 0.7.0 of admins or later?
// Remmeber login failtures if available
if (GET_EXT_VERSION("admins") >= "0.7.0") {
// Store it in session
- set_session("mxchange_admin_failtures", $data['login_failtures']);
- ses_session("mxchange_admin_last_fail", $data['last_failture']);
+ set_session('mxchange_admin_failtures', $data['login_failtures']);
+ set_session('mxchange_admin_last_fail', $data['last_failture']);
} // END - if
// Update password
- $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_admins SET password='%s' WHERE login='%s' LIMIT 1",
+ $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_admins SET password='%s',login_failtures=0,last_failture='0000-00-00 00:00:00' WHERE login='%s' LIMIT 1",
array($data['password'], $admin_login), __FILE__, __LINE__);
- // Shall I remove the cache file?
- if ((EXT_IS_ACTIVE("cache")) && ($cacheInstance != false)) {
- if ($cacheInstance->cache_file("admins", true)) $cacheInstance->cache_destroy();
- } // END - if
+ // Rebuild cache
+ REBUILD_CACHE("admins", "admin");
// Login has failed by default... ;-)
$ret = "failed";
if (!LOGIN_ADMIN($admin_login, $data['password'])) {
// Something went wrong
$ret = "failed";
- }
+ } // END - if
}
+ // Count login failture if admins extension version is 0.7.0+
+ if (($ret == "pass") && (GET_EXT_VERSION("admins") >= "0.7.0")) {
+ // Update counter
+ SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_admins SET login_failtures=login_failtures+1,last_failture=NOW() WHERE login='%s' LIMIT 1",
+ array($admin_login), __FILE__, __LINE__);
+
+ // Rebuild cache
+ REBUILD_CACHE("admins", "admin");
+ } // END - if
+
// Return the result
//* DEBUG: */ die("RETURN=".$ret);
return $ret;
// Try to login the admin by setting some session/cookie variables
function LOGIN_ADMIN ($adminLogin, $passHash) {
+ global $cacheInstance;
+
+ // Reset failture counter on matching admins version
+ if ((GET_EXT_VERSION("admins") >= "0.7.0") && ((GET_EXT_VERSION("sql_patches") < "0.3.6") || (GET_EXT_VERSION("sql_patches") == ""))) {
+ // Reset counter on out-dated sql_patches version
+ SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_admins SET login_failtures=0,last_failture='0000-00-00 00:00:00' WHERE login='%s' LIMIT 1",
+ array($adminLogin), __FILE__, __LINE__);
+
+ // Rebuild cache
+ REBUILD_CACHE("admins", "admin");
+ } // END - if
+
// Now set all session variables and return the result
return (
(
) && (
set_session("admin_last", time())
) && (
- set_session("admin_to", $_POST['timeout'])
+ set_session("admin_to", bigintval($_POST['timeout']))
)
);
}
$pass = $cacheArray['admins']['password'][$admin_login];
$ret = "pass";
$_CONFIG['cache_hits']++;
- } else {
+ } elseif (GET_EXT_VERSION("cache") == "") {
// Get password from DB
$result = SQL_QUERY_ESC("SELECT password FROM "._MYSQL_PREFIX."_admins WHERE login='%s' LIMIT 1",
array($admin_login), __FILE__, __LINE__);
// Simply run generated SQL string
$result = SQL_QUERY($SQL, __FILE__, __LINE__);
- // Is the config table updated and the cache extension installed?
- if ((GET_EXT_VERSION("cache") >= "0.1.2") && ($tableName == "_config")) {
- // Remove it here...
- if ($cacheInstance->cache_file("config", true)) $cacheInstance->cache_destroy();
- unset($cacheArray);
- } // END - if
+ // Rebuild cache
+ REBUILD_CACHE("config", "config");
// Settings saved
LOAD_TEMPLATE("admin_settings_saved", false, "<STRONG class=\"admin_done\">".SETTINGS_SAVED."</STRONG>");