'; } else echo ''; } ?> Pandora - <?php echo $lang_label["header_title"]; ?> "; $REMOTE_ADDR = getenv("REMOTE_ADDR"); global $REMOTE_ADDR; if ( (! isset($_SESSION['id_usuario'])) AND (isset($_GET["login"]))){ // Login process $nick = entrada_limpia($_POST["nick"]); $pass = entrada_limpia($_POST["pass"]); // Connect to Database $sql1='SELECT * FROM tusuario WHERE id_usuario = "'.$nick.'"'; $result=mysql_query($sql1); // Every registry if ($row=mysql_fetch_array($result)){ if ($row["password"]==md5($pass)){ // Login OK // Nick could be uppercase or lowercase (select in mysql is not case sensitive) // We get DB nick to put in PHP Session variable, to avoid problems with case-sensitive usernames :) // Thanks to David Muñiz for Bug discovery :) $nick = $row["id_usuario"]; unset($_GET["sec2"]); $_GET["sec"]="general/logon_ok"; update_user_contact($nick); logon_db($nick,$REMOTE_ADDR); $_SESSION['id_usuario']=$nick; } else { // Login failed (bad password) unset($_GET["sec2"]); include "general/logon_failed.php"; // change password to do not show all string $primera = substr($pass,0,1); $ultima = substr($pass,strlen($pass)-1,1); $pass = $primera."****".$ultima; audit_db($nick,$REMOTE_ADDR,"Logon Failed","Incorrect password: ".$nick." / ".$pass); include "general/footer.php"; exit; } } else { // User not known unset($_GET["sec2"]); include "general/logon_failed.php"; $primera = substr($pass,0,1); $ultima = substr($pass,strlen($pass)-1,1); $pass = $primera."****".$ultima; audit_db($nick,$REMOTE_ADDR,"Logon Failed","Invalid username: ".$nick." / ".$pass); include "general/footer.php"; exit; } } // If there is no user connected elseif (! isset($_SESSION['id_usuario'])) { include "general/login_page.php"; exit; } if (isset($_GET["logoff"])){ // LOG OFF unset($_GET["sec2"]); $_GET["sec"]="general/logoff"; $iduser=$_SESSION["id_usuario"]; logoff_db($iduser,$REMOTE_ADDR); session_unregister("id_usuario"); } ?>
"") { if(file_exists($pagina.".php")) { require($pagina.".php"); } else print "
Sorry! I can't find the page!"; } } elseif (isset($_GET["sec"] )){ $pagina = parametro_limpio($_GET["sec"]); if(file_exists($pagina.".php")) { require($pagina.".php"); } else print "
Sorry! I can't find the page!"; } else require("general/logon_ok.php"); //default ?>