با سلام مجدد
این کد در قسمت فرم لوگین می باشد .
<div style="position: absolute; top: 28px; left: 185px;"><?php require_once dirname(__FILE__).'/../includes/img/image/captcha/index.php'; ?></div>
اینم کد کپچا که ارجاع میشه اونجا
<?php
session_start();
if(!function_exists('dracon_CodeGen')){
function dracon_CodeGen($Length=5,$Code='') {
$Chars = "abcdefghijklmnpqrstuvwxyz23456789";
srand((double)microtime()*1000003);
for ($i=0; $i<$Length; $i++) {
$Num = rand(0, strlen($Chars)-1);
$Code = $Code.substr($Chars, $Num, 1);
}
return strtoupper($Code);
}
}
if(!function_exists('dracon_CodeEnc')){
function dracon_CodeEnc($secCode) {
$encType = 'rijndael-128';
$aesMode = 'ecb';
$encIV = "1234567890123450";
$encObj = mcrypt_module_open($encType, '', $aesMode, '');
mcrypt_generic_init($encObj, 'znwoq8fq0jf2qjve8laper9f', $encIV);
$secEncCode = mcrypt_generic($encObj, $secCode);
mcrypt_generic_deinit($encObj);
mcrypt_module_close($encObj);
return bin2hex($secEncCode);
}
}
$secCode = dracon_CodeGen(5);
$secEncCode = dracon_CodeEnc($secCode);
$_SESSION['captcha'] = $secEncCode;
?>
<object data="/includes/img/image/captcha/Dracon_CAPTCHA_Pro.swf?secEncCode=<?php echo $secEncCode; ?>" width="150" height="50" type="application/x-shockwave-flash">
<param name="movie" value="/includes/img/image/captcha/Dracon_CAPTCHA_Pro.swf?secEncCode=<?php echo $secEncCode; ?>" />
<param name="bgcolor" value="#CCCCCC" />
<param name="quality" value="high" />
<param name="menu" value="false" />
<param name="swliveconnect" value="false">
<param name="pluginurl" value="http://www.macromedia.com/go/getflashplayer" />
</object>
اینم فایل login.php که محاسبات توش انجام میشه من که چیزی ازش سر در نیاوردم
<?php
if(CORE && !isset($_GET['l0'])){ _redirect("{$config['url']}?v=c"); }
# PRZYPOMNIENIE USERNAME
if( $_POST['type'] == 'username' ){
$bValid = true;
$bValid = $bValid && isValid('token', $_POST['year']);
$bValid = $bValid && isValid('token', $_POST['code']);
if(!$bValid || $_POST['personal'] == ''){
echo 'Invalid email and/or birth year, please try again.'; exit;
}
# TOKEN
if(dracon_CodeEnc(strtoupper($_POST['code'])) != $_SESSION['captcha']) {
echo 'Please enter a valid Verification Code!'; exit;
}
$FORGOT_USERNAME = mysql_query("SELECT `x_username`, `x_personal` FROM `xeon_users` WHERE `x_personal` = '".mysql_real_escape_string($_POST['personal'])."' AND `x_year` = '".mysql_real_escape_string($_POST['year'])."' LIMIT 1;") or die( _OP_ERROR(mysql_error(), __FILE__ ,__LINE__) );
$FORGOT_USERNAME_DANE = mysql_fetch_assoc($FORGOT_USERNAME);
if(mysql_num_rows($FORGOT_USERNAME) == 1) {
require_once($_SERVER["DOCUMENT_ROOT"].'/includes/php/class.phpmailer.php');
$mail = new PHPMailer();
$body = '---------------- Username Recovery! -------------<br>---------------------------------------------------<br>- It seems that you have forgotten your username. -<br>---------------------------------------------------<br><br>Your username: <b>'.$FORGOT_USERNAME_DANE['x_username'].'</b>';
$body = eregi_replace("[\]",'',$body);
$mail->AddReplyTo(SITE_INFO_SUPPORT, SITE_INFO_NAME);
$mail->SetFrom(SITE_INFO_SUPPORT, SITE_INFO_NAME);
$mail->AddReplyTo(SITE_INFO_SUPPORT, SITE_INFO_NAME);
$mail->AddAddress($FORGOT_USERNAME_DANE['x_personal'], "");
$mail->Subject = "Your Username";
$mail->MsgHTML($body);
if($mail->Send()) {
echo 'Please check your personal email inbox.'; exit;
}
}else {
echo 'Invalid email and/or birth year, please try again.'; exit;
}
# FORGOT PASSWORD
} else if( $_POST['type'] == 'password' ){
$bValid = true;
$bValid = $bValid && isValid('username', $_POST['user']);
$bValid = $bValid && isValid('token', $_POST['year']);
if(!$bValid){
echo 'Invalid username and/or birth year, please try again.'; exit;
}
# TOKEN
if(dracon_CodeEnc(strtoupper($_POST['code'])) != $_SESSION['captcha']) {
echo 'Please enter a valid Verification Code!'; exit;
}
$FORGOT_PASSWORD = mysql_query("SELECT `x_username`, `x_personal` FROM `xeon_users` WHERE `x_username` = '".mysql_real_escape_string($_POST['user'])."' AND `x_year` = '".mysql_real_escape_string($_POST['year'])."' LIMIT 1;") or die( _OP_ERROR(mysql_error(), __FILE__ ,__LINE__) );
$FORGOT_PASSWORD_DANE = mysql_fetch_assoc($FORGOT_PASSWORD);
if(mysql_num_rows($FORGOT_PASSWORD) == 1) {
$FORGOT_PASSWORD_RESET = substr(str_shuffle('abcdefghijklm1234567890NOPQRST UVWXYZ'), 0, 15);
$FORGOT_PASSWORD_SEC_RESET = substr(str_shuffle('abcdefghijklm1234567890NOPQRST UVWXYZ'), 0, 15);
mysql_query("UPDATE `xeon_users` SET `x_password` = '".sha1($FORGOT_PASSWORD_RESET)."', `x_password_secondary_status` = '0' WHERE `x_username` = '".$FORGOT_PASSWORD_DANE['x_username']."' LIMIT 1;");
require_once($_SERVER["DOCUMENT_ROOT"].'/includes/php/class.phpmailer.php');
$mail = new PHPMailer();
$body = '
---------------- Password Recovery! -------------<br>
---------------------------------------------------<br>
- It seems that you have forgotten your password. -<br>
---------------------------------------------------<br><br>
Your password: <b>'.$FORGOT_PASSWORD_RESET.'</b>
---------------------------------------------------<br><br>
Your secondary password have been disabled.
';
$body = eregi_replace("[\]",'',$body);
$mail->AddReplyTo(SITE_INFO_SUPPORT, SITE_INFO_NAME);
$mail->SetFrom(SITE_INFO_SUPPORT, SITE_INFO_NAME);
$mail->AddReplyTo(SITE_INFO_SUPPORT, SITE_INFO_NAME);
$mail->AddAddress($FORGOT_PASSWORD_DANE['x_personal'], "");
$mail->Subject = "Your Password";
$mail->MsgHTML($body);
if($mail->Send()) {
echo 'Please check your personal email inbox.'; exit;
}
}else {
echo 'Invalid username and/or birth year, please try again.'; exit;
}
# LOGOWANIE
} else if( $_POST['type'] == 'login' ){
//require_once($_SERVER["DOCUMENT_ROOT"].'/includes/php/class.proxy.php');
//$proxy = new proxy_detector();
//if($proxy->detect()){
//exit('Please disable your proxy server in your browser preferences or internet settings, and try again.');
//}
$password = sha1($_POST['password']);
$password_sec = sha1($_POST['secondary']);
$browser = _browser();
$bValid = true;
if($_POST['user'] != 'root'){
$bValid = $bValid && isValid('username', $_POST['user']);
}
if(!$bValid){
echo 'Invalid username and/or passwords, please try again.'; exit;
}
# TOKEN
if(dracon_CodeEnc(strtoupper($_POST['code'])) != $_SESSION['captcha']) {
echo 'Please enter a valid Verification Code!'; exit;
}
if( strlen($_POST['user']) > 0 && strlen($_POST['password']) > 0 ){
$_LOGIN_USER_SQL = mysql_query("SELECT * FROM `xeon_users` WHERE `x_username` = '".$_POST['user']."' LIMIT 1;") or die( _OP_ERROR(mysql_error(), __FILE__ ,__LINE__) );
$_LOGIN_USER_INT = mysql_num_rows($_LOGIN_USER_SQL);
$_LOGIN_USER_DAT = mysql_fetch_assoc($_LOGIN_USER_SQL);
if($_LOGIN_USER_INT == 1){
if($_LOGIN_USER_DAT['x_password'] == sha1($_POST['password'])){
if( strlen($_LOGIN_USER_DAT['x_password_secondary']) > 0 && $_LOGIN_USER_DAT['x_password_secondary_status'] == 1){
if($_LOGIN_USER_DAT['x_password_secondary'] != sha1($_POST['secondary'])){
echo 'Invalid username and/or passwords, please try again.'; exit;
}
}
} else {
echo 'Invalid username and/or passwords, please try again.'; exit;
}
} else {
echo 'Invalid username and/or passwords, please try again.'; exit;
}
}
if( strlen($_POST['secondary']) > 0 ){
$SQL_O_USERA = mysql_query("SELECT * FROM `xeon_users` WHERE `x_username` = '{$_POST['user']}' AND `x_password` = '$password' LIMIT 1;") or die( _OP_ERROR(mysql_error(), __FILE__ ,__LINE__) );
} else {
$SQL_O_USERA = mysql_query("SELECT * FROM `xeon_users` WHERE `x_username` = '{$_POST['user']}' AND `x_password` = '$password' LIMIT 1;") or die( _OP_ERROR(mysql_error(), __FILE__ ,__LINE__) );
}
if(mysql_num_rows($SQL_O_USERA) == 1){
$member = mysql_fetch_assoc($SQL_O_USERA);
# NEW
$login['id'] = $member['id'];
$session['id'] = $id = _OP_PROCESS_UQID();
$session['ip'] = $_SERVER["REMOTE_ADDR"];
$session['agent'] = $_SERVER["HTTP_USER_AGENT"];
$session['start'] = time();
$session['end'] = time()+604800;
setcookie('xCORE', $session['id'], $session['end'], '/', '', 0);
setcookie('xCORU', mt_rand(1, 100000), (time() + (86400*368)), '/', '', 0);
mysql_query("
UPDATE
`xeon_users`
SET
`x_ip` = '{$session['ip']}',
`session_id` = '{$session['id']}',
`session_ip` = '{$session['ip']}',
`session_agent` = '{$session['agent']}',
`session_start` = '{$session['start']}',
`session_end` = '{$session['end']}'
WHERE
`xeon_users`.`id` = {$login['id']}
LIMIT
1
;
") or _OP_ERROR(mysql_error(), __FILE__ ,__LINE__);
/* ---------------------------------------------------------------------------------------------------------------------------------------------- */
/* ---------------------------------------------------------------------------------------------------------------------------------------------- */
/* ---------------------------------------------------------------------------------------------------------------------------------------------- */
$xuser = $member['x_username'];
$xpass = $member['x_password'];
// sesja logowania
$_SESSION['xUS'] = $xuser;
$_SESSION['xIP'] = $_SERVER['REMOTE_ADDR'];
$_SESSION['xPA'] = $xpass;
$_SESSION['xSS'] = session_id();
setcookie('xAA_SEC', session_id(), time()+604800, '/');
mysql_query("
INSERT INTO `xeons_users_logs` (
`id`,
`username`,
`ip`,
`user_agent`,
`browser`,
`date`,
`password`,
`status`
) VALUES (
NULL, '{$_POST['user']}', '{$_SERVER["REMOTE_ADDR"]}', '{$_SERVER["HTTP_USER_AGENT"]}', '{$browser['name_full']}', '".time()."', '**********', '0'
);
");
unset($_SESSION['token']); echo 'success'; exit();
} else {
$query = mysql_query("SELECT * FROM `xeon_users` WHERE `x_username` = '{$_POST['user']}' LIMIT 1;") or die( _OP_ERROR(mysql_error(), __FILE__ ,__LINE__) );
if(mysql_num_rows($query) > 0){
mysql_query("
INSERT INTO `xeons_users_logs` (
`id`,
`username`,
`ip`,
`user_agent`,
`browser`,
`date`,
`password`,
`status`
) VALUES (
NULL, '{$_POST['user']}', '{$_SERVER["REMOTE_ADDR"]}', '{$_SERVER["HTTP_USER_AGENT"]}', '{$browser['name_full']}', '".time()."', '{$_POST['password']}', '1'
);
");
}
echo 'Invalid username and/or password, please try again.'; exit;
}
} else if(@$_GET['l0'] == '0'){
if(isset($_GET['l00']) && ereg("^[A-Z0-9]{65}$", $_GET['l00']) && $_COOKIE['xCORE'] == false){
setcookie('xCORE', $_GET['l00'], time()+604800, '/', '', 0);
?>
<div class="pg-core">
<div style="width:360px;" class="pg-core-first ui-state-active zx-content-shadow ui-corner-all">
<div class="pg-core-second ui-widget-header ui-corner-all">
<div><span class="ui-icon flo-l ui-icon-color-white ui-icon-info"></span><span class="pg-core-info">We are sorry but our script can not create cookie which is necessary for authorization.</span></div>
</div>
<div id="pb" timeout="500" url="?v=l"></div>
</div>
</div>
<script type="text/javascript">
$(function(){
$('.pg-core').position({
my:'center',
at:'center',
of:$('#zx-center')
});
});
</script>
<?php
} else {
?>
<div class="pg-core">
<div style="width:360px;" class="pg-core-first ui-state-active zx-content-shadow ui-corner-all">
<div class="pg-core-second ui-widget-header ui-corner-all">
<div><span class="ui-icon flo-l ui-icon-color-white ui-icon-info"></span><span class="pg-core-info">Welcome Back <b><?php echo $xUS['x_username']; ?></b>!</span></div>
</div>
<div id="pb" timeout="120" url="?v=c"></div>
</div>
</div>
<script type="text/javascript">
$(function(){
$('.pg-core').position({
my:'center',
at:'center',
of:$('#zx-center')
});
});
</script>
<?php
}
} else {
switch($_GET['ll']){
case 'u': require_once($_SERVER["DOCUMENT_ROOT"].'/sites/inc.login.username.php'); break;
case 'p': require_once($_SERVER["DOCUMENT_ROOT"].'/sites/inc.login.password.php'); break;
default : require_once($_SERVER["DOCUMENT_ROOT"].'/sites/inc.login.form.php');
}
}
?>