login_page();
}
if (strpos($CPG_REFERER, "logout.php") !== false || strpos($CPG_REFERER, "register.php") !== false) {
$CPG_REFERER = "index.php";
}
$login_failed = '';
$cookie_warning = '';
if ($superCage->post->keyExists('submitted')) {
if ($USER_DATA = $cpg_udb->login($superCage->post->getEscaped('username'), $superCage->post->getEscaped('password'), $superCage->post->getInt('remember_me'))) {
//$referer=preg_replace("'&'","&",$referer);
// Write the log entry
if ($CONFIG['log_mode'] == CPG_LOG_ALL) {
log_write('The user ' . $USER_DATA['user_name'] . ' (user ID ' . $USER_DATA['user_id'] . ") logged in.", CPG_ACCESS_LOG);
}
// Set the language preference
$sql = "UPDATE {$CONFIG['TABLE_USERS']} SET user_language = '{$USER['lang']}' WHERE user_id = {$USER_DATA['user_id']}";
$result = cpg_db_query($sql);
$cpg_udb->authenticate();
if (!$USER_DATA['has_admin_access']) {
unset($USER['am']);
user_save_profile();
}
$redirect = ($CPG_REFERER && (strpos($CPG_REFERER, 'login.php') === false)) ? $CPG_REFERER : 'index.php';
$pending_approvals = ($USER_DATA['has_admin_access'] && cpg_get_pending_approvals() > 0) ? ' '.$lang_gallery_admin_menu['upl_app_title'] : '';
cpgRedirectPage($redirect, $lang_login_php['login'], sprintf($lang_login_php['welcome'], $USER_DATA['user_name']).$pending_approvals, 3, 'success');
exit;
} else {
// Write the log entry
log_write("Failed login attempt at IP $hdr_ip with Username: " . $superCage->post->getEscaped('username'), CPG_SECURITY_LOG);
$login_failed = <<
{$lang_login_php['err_login']}
EOT;
// get IP address of the person who tried to log in, look it up on the banning table and increase the brute force counter. If the brute force counter has reached a critical limit, set a regular banning record
$result = cpg_db_query("SELECT ban_id, brute_force FROM {$CONFIG['TABLE_BANNED']} WHERE ip_addr = '$raw_ip' OR ip_addr = '$hdr_ip' LIMIT 1");
$failed_logon_counter = $result->fetchAssoc(true);
$expiry_date = date("Y-m-d H:i:s", mktime(date('H'), date('i') + $CONFIG['login_expiry'], date('s'), date('m'), date('d'), date('Y')));
if ($failed_logon_counter && $failed_logon_counter['brute_force']) {
$failed_logon_counter['brute_force'] = $failed_logon_counter['brute_force'] - 1;
$query_string = "UPDATE {$CONFIG['TABLE_BANNED']} SET brute_force = {$failed_logon_counter['brute_force']}, expiry = '$expiry_date' WHERE ban_id = {$failed_logon_counter['ban_id']}";
} else {
$failed_logon_counter['brute_force'] = $CONFIG['login_threshold'];
$query_string = "INSERT INTO {$CONFIG['TABLE_BANNED']} (ip_addr, expiry, brute_force) VALUES ('$raw_ip', '$expiry_date', {$failed_logon_counter['brute_force']})";
}
//write the logon counter to the database
cpg_db_query($query_string);
}
}
if (!$superCage->cookie->keyExists($CONFIG['cookie_name'] . '_data')) {
if (!$superCage->get->keyExists('reload_once')) {
$ref = $CPG_REFERER ? '?reload_once&referer='.urlencode($CPG_REFERER) : '?reload_once';
cpgRedirectPage('login.php'.$ref);
}
$cookie_warning = <<