'; } else echo ''; } ?> Pandora FMS - <?php echo $lang_label["header_title"]; ?> '; $REMOTE_ADDR = getenv ("REMOTE_ADDR"); global $REMOTE_ADDR; // Login process if ( (! isset ($_SESSION['id_usuario'])) AND (isset ($_GET["login"]))) { $nick = entrada_limpia ($_POST["nick"]); $pass = entrada_limpia ($_POST["pass"]); // Connect to Database $sql1 = 'SELECT * FROM tusuario WHERE id_usuario = "'.$nick.'"'; $result = mysql_query ($sql1); // For every registry if ($row = mysql_fetch_array ($result)){ if ($row["password"] == md5 ($pass)){ // Login OK // Nick could be uppercase or lowercase (select in MySQL // is not case sensitive) // We get DB nick to put in PHP Session variable, // to avoid problems with case-sensitive usernames. // Thanks to David Muñiz for Bug discovery :) $nick = $row["id_usuario"]; unset ($_GET["sec2"]); $_GET["sec"] = "general/logon_ok"; update_user_contact ($nick); logon_db ($nick, $REMOTE_ADDR); $_SESSION['id_usuario'] = $nick; } else { // Login failed (bad password) unset ($_GET["sec2"]); include "general/logon_failed.php"; // change password to do not show all string $primera = substr ($pass,0,1); $ultima = substr ($pass, strlen ($pass) - 1, 1); $pass = $primera . "****" . $ultima; audit_db ($nick, $REMOTE_ADDR, "Logon Failed", "Incorrect password: " . $nick . " / " . $pass); echo ''; exit; } } else { // User not known unset ($_GET["sec2"]); include "general/logon_failed.php"; $primera = substr ($pass, 0, 1); $ultima = substr ($pass, strlen ($pass) - 1, 1); $pass = $primera . "****" . $ultima; audit_db ($nick, $REMOTE_ADDR, "Logon Failed", "Invalid username: " . $nick . " / " . $pass); echo ''; exit; } } elseif (! isset ($_SESSION['id_usuario'])) { // There is no user connected include "general/login_page.php"; exit; } if (isset ($_GET["logoff"])) { // Log off unset ($_GET["sec2"]); $_GET["sec"] = "general/logoff"; $iduser = $_SESSION["id_usuario"]; logoff_db ($iduser, $REMOTE_ADDR); session_unregister ("id_usuario"); } ?>
"") { if (file_exists ($pagina . ".php")) { require ($pagina . ".php"); } else { echo "
Sorry! I can't find the page!"; } } } elseif (isset ($_GET["sec"])) { $pagina = parametro_limpio ($_GET["sec"]); if (file_exists ($pagina . ".php")) { require ($pagina . ".php"); } else { echo "
Sorry! I can't find the page!"; } } else { require ("general/logon_ok.php"); //default } ?>