firefly007 |
12th March 2014 07:58 |
I'm pretty sure you can disable it from admin pan but try this..
/login.php
PHP Code:
<?php /* +-------------------------------------------------------------------------- | TS Special Edition v.4.3 | ======================================== | by xam | (c) 2005 - 2007 Template Shares Services | http://templateshares.net | ======================================== | Web: http://templateshares.net | Time: April 23, 2008, 7:23 am | Signature Key: TSSE00282008 | Email: contact@templateshares.net | TS SE IS NOT FREE SOFTWARE! +--------------------------------------------------------------------------- */ require_once("include/bittorrent.php"); include_once(INC_PATH.'/functions_security.php'); include_once(INC_PATH.'/functions_login.php'); gzip(); dbconn(); failedloginscheck(); cur_user_check() ; $lang->load('login'); define('L_VERSION', '1.2 by xam');
$do = isset($_GET['do']) ? $_GET['do'] : (isset($_POST['do']) ? $_POST['do'] : '');
if ($do == 'activation_code') { function show_activation_errors() { global $activation_error, $lang; if (count($activation_error) > 0) { $errors = implode('', $activation_error); echo ' <table class="main" border="1" cellspacing="0" cellpadding="5" width="100%"> <tr> <td class="thead"> '.$lang->global['error'].' </td> </tr> <tr> <td> <font color="red"> <strong> '.$errors.' </strong> </font> </td> </tr> </table> '; } } if ($_SERVER['REQUEST_METHOD'] == 'POST') { $activation_error = array(); $lang->load('signup'); $email = isset($_POST['email']) ? htmlspecialchars_uni($_POST['email']) : ''; if (empty($email) OR !check_email($email)) { $activation_error[] = $lang->signup['invalidemail']; } else if(EmailBanned($email)) { $activation_error[] = $lang->signup['invalidemail2']; }
if (count($activation_error) == 0) { $email = safe_email($email); $res = sql_query("SELECT id, username, editsecret FROM users WHERE enabled = 'yes' AND status = 'pending' AND email = ".sqlesc($email)." LIMIT 1"); if (mysql_num_rows($res) == 0) { $activation_error[] = $lang->login['resend4']; } else { $row = @mysql_fetch_assoc($res) or stderr($lang->global['error'], $lang->global['dberror']); $body = sprintf($lang->signup['verifiyemailbody'], $row['username'], $SITENAME, $email, htmlspecialchars_uni($_SERVER['REMOTE_ADDR']), $BASEURL, $row['id'], md5($row['editsecret']), $REPORTMAIL); sent_mail($email,sprintf($lang->signup['verifiyemailsubject'],$SITENAME),$body,"signup",false); header("Location: $BASEURL/ok.php?type=signup&email=" . urlencode($email)); exit; } } } stdhead($lang->login['resend'], false, 'collapse'); show_activation_errors(); echo ' <form method="post" action="'.$_SERVER['SCRIPT_NAME'].'"> <input type="hidden" name="do" value="activation_code"> <table class="main" border="1" cellspacing="0" cellpadding="5" width="100%"> <tr> <td align="left" class="thead" colspan="2"> '.$lang->login['resend'].' </td> </tr> <tr> <td align="right" width="60%"> <b>'.sprintf($lang->login['resend2'], $SITENAME).'</b> </td> <td align="left" width="40%"> <input type="text" name="email" value=""> <input type="submit" value="'.$lang->login['resend3'].'"> </td> </tr> </table> </form> '; stdfoot(); exit; }
stdhead($lang->login['head'], false, 'collapse');
require_once(INC_PATH.'/class_page_check.php'); $newpage = new page_verify(); $newpage->create('login');
$username = isset($_GET['username']) ? htmlspecialchars_uni($_GET['username']) : (!empty($_COOKIE['ts_username']) ? htmlspecialchars_uni($_COOKIE['ts_username']) : '');
if (!empty($_GET["returnto"])) { $returnto = urldecode($_GET["returnto"]); if (!$_GET["nowarn"]) $error = "<tr><td colspan=\"2\"><div class=\"error\">".$lang->login['loginfirst']."</div></td></tr>"; } elseif (!empty($_GET['error'])) { if ($_GET['error'] == 1) $error = "<tr><td colspan=\"2\"><div class=\"error\">".sprintf($lang->login['error1'], remaining())."</div></td></tr>"; elseif ($_GET['error'] == 2) $error = "<tr><td colspan=\"2\"><div class=\"error\">".sprintf($lang->global['invalidimagecode'], remaining())."</div></td></tr>"; elseif ($_GET['error'] == 3) $error = "<tr><td colspan=\"2\"><div class=\"error\">".$lang->global['dontleavefieldsblank']."</div></td></tr>"; elseif ($_GET['error'] == 4) $error = "<tr><td colspan=\"2\"><div class=\"error\">".sprintf($lang->global['incorrectlogin'], '<a href="'.$BASEURL.'/recover.php">')."</div></td></tr>"; }
# begin showlastXtorrents if ($showlastxtorrents == 'multi') { $lang->load('index'); $extra1 = ($showimages == 'yes' ? ",torrents.t_image," : ",torrents.added,torrents.seeders,torrents.leechers,"); $extra2 = ($showimages == 'yes' ? " AND torrents.t_image != '' " : ""); $colspan = ($showimages == 'yes' ? "5" : "4"); $sql = 'SELECT torrents.id,torrents.name'.$extra1.'categories.vip FROM torrents LEFT JOIN categories ON torrents.category = categories.id WHERE torrents.visible = \'yes\' AND torrents.banned=\'no\''.$extra2.'ORDER BY added DESC LIMIT 0,'.$i_torrent_limit; $result = sql_query($sql); if( mysql_num_rows($result) != 0 ) { $showlastXtorrents = '
<!-- begin showlastXtorrents --> <script type="text/javascript"> function borderit(which,color) { if (document.all||document.getElementById) { which.style.borderColor=color } }; </script> <table border="0" cellspacing="0" cellpadding="5" width="100%"> <tr> <td align="center" class="thead" colspan="'.$colspan.'"> '.ts_collapse('showlastXtorrents').' '.$SITENAME.' '.sprintf($lang->index['lasttorrents'], $i_torrent_limit).' </td> </tr>'; if ($showimages != 'yes') $showlastXtorrents .= ' <tr> <td class="subheader" align="left">'.$lang->index['name'].'</td> <td class="subheader" align="left">'.$lang->index['uploaddat'].'</td> <td class="subheader" align="center">'.$lang->index['seeders'].'</td> <td class="subheader" align="center">'.$lang->index['leechers'].'</td> </tr>'; else $showlastXtorrents .= ' '.ts_collapse('showlastXtorrents', 2).' <tr>'; $i_count = $i_done = 0; while( $row = mysql_fetch_assoc($result) ) { if ($usergroups['canviewviptorrents'] != 'yes' && $row['vip'] == 'yes') continue; $seolink = ts_seo($row['id'], $row['name'], 's'); $fullname = htmlspecialchars_uni($row['name']); if ($showimages != 'yes') { $added = my_datee($dateformat, $row['added']).' '.my_datee($timeformat, $row['added']);
$showlastXtorrents .= ' <tr> <td align="left"> <a href="'.$seolink.'" alt="'.$fullname.'" title="'.$fullname.'"><b>' . cutename($fullname, 50) . '</b></a> </td> <td align="left"> ' . $added . ' </td> <td align="center"> ' . ts_nf($row['seeders']) . ' </td> <td align="center"> ' . ts_nf($row['leechers']) . ' </td> </tr>'; } else { if ($i_count > 0 && $i_count % 5 == 0) { $showlastXtorrents .= ' </tr> <tr>'; } $showlastXtorrents .= ' <td align="center" class="tcat"> <a href="'.$seolink.'"><img src="'.htmlspecialchars_uni($row['t_image']).'" width="125" height="125" alt="' . $fullname . '" title="' . $fullname . '" class="borderimage" onmouseover="borderit(this,\'black\')" onmouseout="borderit(this,\'white\')" /></a> </td>'; $i_count++; } } $trows = $i_torrent_limit - $i_count; if ($trows > 0 && $i_count > 0) { for ($i = 0; $i < $trows; $i++) { $showlastXtorrents .= '<td> </td>'; } } $showlastXtorrents .= ($showimages == 'yes' ? '</tr>' : '').' </tbody> </table> <!-- end showlastXtorrents -->'; echo $showlastXtorrents; } } # end showlastXtorrents
echo ' <form method="post" action="takelogin.php"> <table border="0" cellpadding="5" width="100%"> <tr><td colspan="2" class="thead" align="center"> '.ts_collapse('loginarea').' '.$SITENAME.' '.$lang->login['head'].' </td></tr>';
if (isset($error)) echo $error;
echo ts_collapse('loginarea',2).' <tr> <td class="rowhead">'.$lang->login['username'].'</td> <td align="left"><input type="text" name="username" class="inputUsername" value="'.$username.'" /></td> </tr>
<tr> <td class="rowhead">'.$lang->login['password'].'</td> <td align="left"><input type="password" name="password" class="inputPassword" value="" /></td> </tr>';
//show_image_code (); if ($securelogin == "yes") $sec = "CHECKED DISABLED /"; elseif ($securelogin == "no") $sec = "DISABLED /"; elseif ($securelogin == "op") $sec = " /";
echo ' <tr><td class="rowhead"><input type="checkbox" class="none" name="logout" style="vertical-align: middle;" value="yes" />'.$lang->login['logout15'].' <input type="checkbox" class="none" name="logintype" style="vertical-align: middle;" value="yes" '.$sec.'>'.$lang->login['securelogin'].'</td> <td align="left"><input type="submit" value="'.$lang->login['login'].'" /> <input type="reset" value="'.$lang->login['reset'].'" /></td></tr> ';
if (isset($returnto)) print("<input type=\"hidden\" name=\"returnto\" value=\"" . htmlspecialchars_uni($returnto) . "\" />\n");
echo ' </tbody></table></form> '.$lang->login['footer']; stdfoot(); ?>
/takelogin.php
PHP Code:
<?
require_once 'include/bittorrent.php'; include_once INC_PATH . '/functions_security.php'; include_once INC_PATH . '/functions_login.php'; gzip (); dbconn (); failedloginscheck (); cur_user_check (); define ('TL_VERSION', '0.5 by xam'); require_once INC_PATH . '/class_page_check.php'; $newpage = new page_verify (); $newpage->check ('login'); getvar (array ('username', 'password')); $lang->load ('login'); if ((empty ($username) OR empty ($password))) { header ('Location: ' . $BASEURL . '/login.php?error=3&username=' . htmlspecialchars_uni ($username)); exit (); }
/* if ($iv == 'yes') { check_code ($_POST['imagestring'], 'login.php', true, '&username=' . htmlspecialchars_uni ($username)); } */
$res = sql_query ('SELECT id, passhash, secret, enabled, usergroup, status, notifs FROM users WHERE username = ' . sqlesc ($username) . ' LIMIT 1'); $row = @mysql_fetch_assoc ($res); if ((empty ($row) OR !$row)) { failedlogins ('silent'); header ('Location: ' . $BASEURL . '/login.php?error=1&username=' . htmlspecialchars_uni ($username)); exit (); }
$ipaddress = getip (); if ($row['passhash'] != md5 ($row['secret'] . $password . $row['secret'])) { $md5pw = md5 ($password); $iphost = @gethostbyaddr ($ipaddress); failedlogins ('login', false, true, true, (int)$row['id']); header ('Location: ' . $BASEURL . '/login.php?error=4&username=' . htmlspecialchars_uni ($username)); exit (); }
if ($row['enabled'] == 'no') { stderr ($lang->login['banned'], $row['notifs']); } else { if ($row['status'] == 'pending') { stderr ($lang->global['error'], $lang->login['pending']); } }
$passh = $row['passhash']; logoutcookie (); if ((isset ($_POST['logout']) AND $_POST['logout'] == 'yes')) { logincookie ($row['id'], $passh, 15); if ($_POST['logintype'] == 'yes') { sessioncookie ($row['id'], $passh, true, true); } else { sessioncookie ($row['id'], $passh, true); } } else { logincookie ($row['id'], $passh); if ($_POST['logintype'] == 'yes') { sessioncookie ($row['id'], $passh, true, true); } else { sessioncookie ($row['id'], $passh); } }
sql_query ('DELETE FROM loginattempts WHERE banned = \'no\' AND ip = ' . sqlesc ($ipaddress)); $cut = TIMENOW - TS_TIMEOUT; sql_query ('DELETE FROM ts_sessions WHERE lastactivity < ' . sqlesc ($cut) . ' OR sessionhash = ' . sqlesc (md5 ($ipaddress . htmlspecialchars_uni (strtolower ($_SERVER['HTTP_USER_AGENT']))))); if (!empty ($_POST['returnto'])) { $returnto = $_POST['returnto']; } else { $returnto = 'index.php'; }
redirect ($returnto, $lang->login['logged']); ?>
/include/functions_security.php
PHP Code:
<?
/* function show_image_code ($submitbutton = false, $buttonname = 'go') { global $iv; global $BASEURL; global $lang; global $pic_base_url; $imagehash = ''; if ($iv == 'yes') { $imagehash = image_code (); echo ' '; echo '<s'; echo 'cript type="text/javascript"> function reload () { document.getElementById(\'regimage\').src = "'; echo $BASEURL; echo '/image.php?" + (new Date()).getTime() + "&action=newregimage"; return; }; </script> '; echo ' <tr> <td class="rowhead">' . $lang->global['secimage'] . '</td> <td> <table> <tr> <td rowspan="2" class="none"><img src="' . $BASEURL . '/image.php?action=regimage" id="regimage" border="0" alt="" /></td> <td class="none"><img src="' . $BASEURL . '/' . $pic_base_url . 'listen.gif" border="0" style="cursor:pointer" onclick="return ts_open_popup(\'' . $BASEURL . '/listen.php\', 400, 120);" alt="' . $lang->global['seclisten'] . '" title="' . $lang->global['seclisten'] . '" /></td> </tr> <tr> <td class="none"><img src="' . $BASEURL . '/' . $pic_base_url . 'reload.gif" border="0" style="cursor:pointer" onload="reload()" onclick="javascript:reload()" alt="' . $lang->global['secimagehint'] . '" title="' . $lang->global['secimagehint'] . '" /></td> </tr> </table> </td> </tr> <tr><td class="rowhead">' . $lang->global['seccode'] . '</td> <td><input type="text" size="26" name="imagestring" class="inputPassword" value="" /> ' . ($submitbutton ? '<input type="submit" value="' . $buttonname . '" class="btn" />' : '') . ' </td></tr>'; }
}
function image_code ($length = 5) { $_SESSION['randomstr'] = $_SESSION['imagehash'] = $captcha_string = ''; $set = array ('A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'J', 'K', 'L', 'M', 'N', 'P', 'R', 'S', 'T', 'U', 'V', 'W', 'X', 'Y', 'Z'); $i = 1; while ($i <= $length) { $ch = rand (0, count ($set) - 1); $captcha_string .= $set[$ch]; ++$i; }
$imagehash = md5 ($captcha_string); $_SESSION['randomstr'] = $captcha_string; $_SESSION['imagehash'] = $imagehash; return $imagehash; } */ function check_code ($imagestring, $where = 'signup.php', $maxattemptlog = true, $extra = '', $returnback = false) { global $BASEURL; if (((!empty ($_SESSION['imagehash']) AND !empty ($imagestring)) AND md5 ($imagestring) === $_SESSION['imagehash'])) { unset ($_SESSION[randomstr]); unset ($_SESSION[imagehash]); if ($returnback) { return $returnback; } } else { if ($returnback) { if ($maxattemptlog) { failedlogins ('silent'); }
return false; }
if (($where == 'login.php' AND $maxattemptlog)) { failedlogins ('silent'); header ('' . 'Location: ' . $BASEURL . '/login.php?error=2' . $extra); exit (); return null; }
if (($where == 'recover.php' AND $maxattemptlog)) { failedlogins ('silent'); header ('' . 'Location: ' . $BASEURL . '/recover.php?error=2'); exit (); return null; }
if (($where == 'recoverhint.php' AND $maxattemptlog)) { failedlogins ('silent'); header ('' . 'Location: ' . $BASEURL . '/recoverhint.php?error=2'); exit (); return null; }
if (strstr ($where, 'signup.php')) { $ayrac = (strstr ($where, '?') ? '&' : '?'); header ('Location: ' . $BASEURL . '/' . $where . $ayrac . 'error=2'); exit (); return null; }
if ($maxattemptlog) { failedlogins ('silent'); }
$where = $BASEURL . (substr ($where, 0, 1) == '/' ? '' : '/') . $where; header ('Location: ' . $where); exit (); }
}
function remaining ($type = 'login') { global $maxloginattempts; global $ip; if (!$ip) { $ip = getip (); }
$Query = sql_query ('SELECT SUM(attempts) FROM loginattempts WHERE ip=' . sqlesc ($ip) . ' LIMIT 0,1'); list ($total) = mysql_fetch_array ($Query); $left = $maxloginattempts - $total; return ($left <= 2 ? '<font color="#f90510">[' . $left . ']</font>' : '<font color="#037621">[' . $left . ']</font>'); }
function failedloginscheck ($type = 'Login') { global $maxloginattempts; global $BASEURL; global $ip; global $lang; if (!$ip) { $ip = getip (); }
$Query = @sql_query ('SELECT SUM(attempts) FROM loginattempts WHERE ip=' . @sqlesc ($ip) . ' LIMIT 0,1'); list ($total) = @mysql_fetch_array ($Query); if ($maxloginattempts <= $total) { sql_query ('UPDATE loginattempts SET banned = \'yes\' WHERE ip=' . sqlesc ($ip)); stderr (sprintf ($lang->global['xlocked'], $type), sprintf ($lang->global['xlocked2'], '<a href=' . $BASEURL . '/unbaniprequest.php?ip=' . htmlspecialchars_uni ($ip) . '&action=showform>'), false); }
}
function failedlogins ($type = 'login', $recover = false, $head = true, $msg = false, $uid = 0) { global $BASEURL; global $ip; global $lang; global $username; global $password; global $md5pw; global $iphost; global $ipaddress; if (!$ip) { $ip = getip (); }
$added = sqlesc (get_date_time ()); $a = mysql_fetch_row (@sql_query ('SELECT COUNT(*) FROM loginattempts WHERE ip=' . @sqlesc ($ip) . ' LIMIT 0,1')); if ($a[0] == 0) { sql_query ('INSERT INTO loginattempts (ip, added, attempts) VALUES (' . sqlesc ($ip) . ('' . ', ' . $added . ', 1)')); } else { sql_query ('UPDATE loginattempts SET attempts = attempts + 1 WHERE ip=' . sqlesc ($ip)); }
if ($recover) { sql_query ('UPDATE loginattempts SET type = \'recover\' WHERE ip = ' . sqlesc ($ip)); }
if (($msg AND $uid)) { $subject = sqlesc ($lang->global['warning']); $message = sqlesc (sprintf ($lang->global['accountwarn'], $username, $password, $md5pw, $ipaddress, $iphost)); sql_query ('' . 'INSERT INTO messages (sender, receiver, added, msg, subject) VALUES(0, ' . $uid . ', ' . $added . ', ' . $message . ', ' . $subject . ')'); }
if (($type == 'silent' OR $type == 'login')) { return null; }
stderr ($lang->global['error'], $type, false, $head); }
if (!defined ('IN_TRACKER')) { exit ('<font face=\'verdana\' size=\'2\' color=\'darkred\'><b>Error!</b> Direct initialization of this file is not allowed.</font>'); }
?>
|