| firefly007 |
12th March 2014 07:58 |
I'm pretty sure you can disable it from admin pan but try this..
/login.php
PHP Code:
<?php
/*
+--------------------------------------------------------------------------
| TS Special Edition v.4.3
| ========================================
| by xam
| (c) 2005 - 2007 Template Shares Services
| http://templateshares.net
| ========================================
| Web: http://templateshares.net
| Time: April 23, 2008, 7:23 am
| Signature Key: TSSE00282008
| Email: contact@templateshares.net
| TS SE IS NOT FREE SOFTWARE!
+---------------------------------------------------------------------------
*/
require_once("include/bittorrent.php");
include_once(INC_PATH.'/functions_security.php');
include_once(INC_PATH.'/functions_login.php');
gzip();
dbconn();
failedloginscheck();
cur_user_check() ;
$lang->load('login');
define('L_VERSION', '1.2 by xam');
$do = isset($_GET['do']) ? $_GET['do'] : (isset($_POST['do']) ? $_POST['do'] : '');
if ($do == 'activation_code')
{
function show_activation_errors()
{
global $activation_error, $lang;
if (count($activation_error) > 0)
{
$errors = implode('', $activation_error);
echo '
<table class="main" border="1" cellspacing="0" cellpadding="5" width="100%">
<tr>
<td class="thead">
'.$lang->global['error'].'
</td>
</tr>
<tr>
<td>
<font color="red">
<strong>
'.$errors.'
</strong>
</font>
</td>
</tr>
</table>
';
}
}
if ($_SERVER['REQUEST_METHOD'] == 'POST')
{
$activation_error = array();
$lang->load('signup');
$email = isset($_POST['email']) ? htmlspecialchars_uni($_POST['email']) : '';
if (empty($email) OR !check_email($email))
{
$activation_error[] = $lang->signup['invalidemail'];
}
else if(EmailBanned($email))
{
$activation_error[] = $lang->signup['invalidemail2'];
}
if (count($activation_error) == 0)
{
$email = safe_email($email);
$res = sql_query("SELECT id, username, editsecret FROM users WHERE enabled = 'yes' AND status = 'pending' AND email = ".sqlesc($email)." LIMIT 1");
if (mysql_num_rows($res) == 0)
{
$activation_error[] = $lang->login['resend4'];
}
else
{
$row = @mysql_fetch_assoc($res) or stderr($lang->global['error'], $lang->global['dberror']);
$body = sprintf($lang->signup['verifiyemailbody'], $row['username'], $SITENAME, $email, htmlspecialchars_uni($_SERVER['REMOTE_ADDR']), $BASEURL, $row['id'], md5($row['editsecret']), $REPORTMAIL);
sent_mail($email,sprintf($lang->signup['verifiyemailsubject'],$SITENAME),$body,"signup",false);
header("Location: $BASEURL/ok.php?type=signup&email=" . urlencode($email));
exit;
}
}
}
stdhead($lang->login['resend'], false, 'collapse');
show_activation_errors();
echo '
<form method="post" action="'.$_SERVER['SCRIPT_NAME'].'">
<input type="hidden" name="do" value="activation_code">
<table class="main" border="1" cellspacing="0" cellpadding="5" width="100%">
<tr>
<td align="left" class="thead" colspan="2">
'.$lang->login['resend'].'
</td>
</tr>
<tr>
<td align="right" width="60%">
<b>'.sprintf($lang->login['resend2'], $SITENAME).'</b>
</td>
<td align="left" width="40%">
<input type="text" name="email" value=""> <input type="submit" value="'.$lang->login['resend3'].'">
</td>
</tr>
</table>
</form>
';
stdfoot();
exit;
}
stdhead($lang->login['head'], false, 'collapse');
require_once(INC_PATH.'/class_page_check.php');
$newpage = new page_verify();
$newpage->create('login');
$username = isset($_GET['username']) ? htmlspecialchars_uni($_GET['username']) : (!empty($_COOKIE['ts_username']) ? htmlspecialchars_uni($_COOKIE['ts_username']) : '');
if (!empty($_GET["returnto"]))
{
$returnto = urldecode($_GET["returnto"]);
if (!$_GET["nowarn"])
$error = "<tr><td colspan=\"2\"><div class=\"error\">".$lang->login['loginfirst']."</div></td></tr>";
}
elseif (!empty($_GET['error']))
{
if ($_GET['error'] == 1)
$error = "<tr><td colspan=\"2\"><div class=\"error\">".sprintf($lang->login['error1'], remaining())."</div></td></tr>";
elseif ($_GET['error'] == 2)
$error = "<tr><td colspan=\"2\"><div class=\"error\">".sprintf($lang->global['invalidimagecode'], remaining())."</div></td></tr>";
elseif ($_GET['error'] == 3)
$error = "<tr><td colspan=\"2\"><div class=\"error\">".$lang->global['dontleavefieldsblank']."</div></td></tr>";
elseif ($_GET['error'] == 4)
$error = "<tr><td colspan=\"2\"><div class=\"error\">".sprintf($lang->global['incorrectlogin'], '<a href="'.$BASEURL.'/recover.php">')."</div></td></tr>";
}
# begin showlastXtorrents
if ($showlastxtorrents == 'multi')
{
$lang->load('index');
$extra1 = ($showimages == 'yes' ? ",torrents.t_image," : ",torrents.added,torrents.seeders,torrents.leechers,");
$extra2 = ($showimages == 'yes' ? " AND torrents.t_image != '' " : "");
$colspan = ($showimages == 'yes' ? "5" : "4");
$sql = 'SELECT torrents.id,torrents.name'.$extra1.'categories.vip FROM torrents LEFT JOIN categories ON torrents.category = categories.id WHERE torrents.visible = \'yes\' AND torrents.banned=\'no\''.$extra2.'ORDER BY added DESC LIMIT 0,'.$i_torrent_limit;
$result = sql_query($sql);
if( mysql_num_rows($result) != 0 )
{
$showlastXtorrents = '
<!-- begin showlastXtorrents -->
<script type="text/javascript">
function borderit(which,color)
{
if (document.all||document.getElementById)
{
which.style.borderColor=color
}
};
</script>
<table border="0" cellspacing="0" cellpadding="5" width="100%">
<tr>
<td align="center" class="thead" colspan="'.$colspan.'">
'.ts_collapse('showlastXtorrents').'
'.$SITENAME.' '.sprintf($lang->index['lasttorrents'], $i_torrent_limit).'
</td>
</tr>';
if ($showimages != 'yes')
$showlastXtorrents .= '
<tr>
<td class="subheader" align="left">'.$lang->index['name'].'</td>
<td class="subheader" align="left">'.$lang->index['uploaddat'].'</td>
<td class="subheader" align="center">'.$lang->index['seeders'].'</td>
<td class="subheader" align="center">'.$lang->index['leechers'].'</td>
</tr>';
else
$showlastXtorrents .= '
'.ts_collapse('showlastXtorrents', 2).'
<tr>';
$i_count = $i_done = 0;
while( $row = mysql_fetch_assoc($result) )
{
if ($usergroups['canviewviptorrents'] != 'yes' && $row['vip'] == 'yes')
continue;
$seolink = ts_seo($row['id'], $row['name'], 's');
$fullname = htmlspecialchars_uni($row['name']);
if ($showimages != 'yes')
{
$added = my_datee($dateformat, $row['added']).' '.my_datee($timeformat, $row['added']);
$showlastXtorrents .= '
<tr>
<td align="left">
<a href="'.$seolink.'" alt="'.$fullname.'" title="'.$fullname.'"><b>' . cutename($fullname, 50) . '</b></a>
</td>
<td align="left">
' . $added . '
</td>
<td align="center">
' . ts_nf($row['seeders']) . '
</td>
<td align="center">
' . ts_nf($row['leechers']) . '
</td>
</tr>';
}
else
{
if ($i_count > 0 && $i_count % 5 == 0)
{
$showlastXtorrents .= '
</tr>
<tr>';
}
$showlastXtorrents .= '
<td align="center" class="tcat">
<a href="'.$seolink.'"><img src="'.htmlspecialchars_uni($row['t_image']).'" width="125" height="125" alt="' . $fullname . '" title="' . $fullname . '" class="borderimage" onmouseover="borderit(this,\'black\')" onmouseout="borderit(this,\'white\')" /></a>
</td>';
$i_count++;
}
}
$trows = $i_torrent_limit - $i_count;
if ($trows > 0 && $i_count > 0)
{
for ($i = 0; $i < $trows; $i++)
{
$showlastXtorrents .= '<td> </td>';
}
}
$showlastXtorrents .= ($showimages == 'yes' ? '</tr>' : '').'
</tbody>
</table>
<!-- end showlastXtorrents -->';
echo $showlastXtorrents;
}
}
# end showlastXtorrents
echo '
<form method="post" action="takelogin.php">
<table border="0" cellpadding="5" width="100%">
<tr><td colspan="2" class="thead" align="center">
'.ts_collapse('loginarea').'
'.$SITENAME.' '.$lang->login['head'].'
</td></tr>';
if (isset($error))
echo $error;
echo
ts_collapse('loginarea',2).'
<tr>
<td class="rowhead">'.$lang->login['username'].'</td>
<td align="left"><input type="text" name="username" class="inputUsername" value="'.$username.'" /></td>
</tr>
<tr>
<td class="rowhead">'.$lang->login['password'].'</td>
<td align="left"><input type="password" name="password" class="inputPassword" value="" /></td>
</tr>';
//show_image_code ();
if ($securelogin == "yes")
$sec = "CHECKED DISABLED /";
elseif ($securelogin == "no")
$sec = "DISABLED /";
elseif ($securelogin == "op")
$sec = " /";
echo '
<tr><td class="rowhead"><input type="checkbox" class="none" name="logout" style="vertical-align: middle;" value="yes" />'.$lang->login['logout15'].'
<input type="checkbox" class="none" name="logintype" style="vertical-align: middle;" value="yes" '.$sec.'>'.$lang->login['securelogin'].'</td>
<td align="left"><input type="submit" value="'.$lang->login['login'].'" /> <input type="reset" value="'.$lang->login['reset'].'" /></td></tr>
';
if (isset($returnto))
print("<input type=\"hidden\" name=\"returnto\" value=\"" . htmlspecialchars_uni($returnto) . "\" />\n");
echo '
</tbody></table></form>
'.$lang->login['footer'];
stdfoot();
?>
/takelogin.php
PHP Code:
<?
require_once 'include/bittorrent.php';
include_once INC_PATH . '/functions_security.php';
include_once INC_PATH . '/functions_login.php';
gzip ();
dbconn ();
failedloginscheck ();
cur_user_check ();
define ('TL_VERSION', '0.5 by xam');
require_once INC_PATH . '/class_page_check.php';
$newpage = new page_verify ();
$newpage->check ('login');
getvar (array ('username', 'password'));
$lang->load ('login');
if ((empty ($username) OR empty ($password)))
{
header ('Location: ' . $BASEURL . '/login.php?error=3&username=' . htmlspecialchars_uni ($username));
exit ();
}
/* if ($iv == 'yes')
{
check_code ($_POST['imagestring'], 'login.php', true, '&username=' . htmlspecialchars_uni ($username));
}
*/
$res = sql_query ('SELECT id, passhash, secret, enabled, usergroup, status, notifs FROM users WHERE username = ' . sqlesc ($username) . ' LIMIT 1');
$row = @mysql_fetch_assoc ($res);
if ((empty ($row) OR !$row))
{
failedlogins ('silent');
header ('Location: ' . $BASEURL . '/login.php?error=1&username=' . htmlspecialchars_uni ($username));
exit ();
}
$ipaddress = getip ();
if ($row['passhash'] != md5 ($row['secret'] . $password . $row['secret']))
{
$md5pw = md5 ($password);
$iphost = @gethostbyaddr ($ipaddress);
failedlogins ('login', false, true, true, (int)$row['id']);
header ('Location: ' . $BASEURL . '/login.php?error=4&username=' . htmlspecialchars_uni ($username));
exit ();
}
if ($row['enabled'] == 'no')
{
stderr ($lang->login['banned'], $row['notifs']);
}
else
{
if ($row['status'] == 'pending')
{
stderr ($lang->global['error'], $lang->login['pending']);
}
}
$passh = $row['passhash'];
logoutcookie ();
if ((isset ($_POST['logout']) AND $_POST['logout'] == 'yes'))
{
logincookie ($row['id'], $passh, 15);
if ($_POST['logintype'] == 'yes')
{
sessioncookie ($row['id'], $passh, true, true);
}
else
{
sessioncookie ($row['id'], $passh, true);
}
}
else
{
logincookie ($row['id'], $passh);
if ($_POST['logintype'] == 'yes')
{
sessioncookie ($row['id'], $passh, true, true);
}
else
{
sessioncookie ($row['id'], $passh);
}
}
sql_query ('DELETE FROM loginattempts WHERE banned = \'no\' AND ip = ' . sqlesc ($ipaddress));
$cut = TIMENOW - TS_TIMEOUT;
sql_query ('DELETE FROM ts_sessions WHERE lastactivity < ' . sqlesc ($cut) . ' OR sessionhash = ' . sqlesc (md5 ($ipaddress . htmlspecialchars_uni (strtolower ($_SERVER['HTTP_USER_AGENT'])))));
if (!empty ($_POST['returnto']))
{
$returnto = $_POST['returnto'];
}
else
{
$returnto = 'index.php';
}
redirect ($returnto, $lang->login['logged']);
?>
/include/functions_security.php
PHP Code:
<?
/* function show_image_code ($submitbutton = false, $buttonname = 'go')
{
global $iv;
global $BASEURL;
global $lang;
global $pic_base_url;
$imagehash = '';
if ($iv == 'yes')
{
$imagehash = image_code ();
echo ' ';
echo '<s';
echo 'cript type="text/javascript">
function reload ()
{
document.getElementById(\'regimage\').src = "';
echo $BASEURL;
echo '/image.php?" + (new Date()).getTime() + "&action=newregimage";
return;
};
</script>
';
echo '
<tr>
<td class="rowhead">' . $lang->global['secimage'] . '</td>
<td>
<table>
<tr>
<td rowspan="2" class="none"><img src="' . $BASEURL . '/image.php?action=regimage" id="regimage" border="0" alt="" /></td>
<td class="none"><img src="' . $BASEURL . '/' . $pic_base_url . 'listen.gif" border="0" style="cursor:pointer" onclick="return ts_open_popup(\'' . $BASEURL . '/listen.php\', 400, 120);" alt="' . $lang->global['seclisten'] . '" title="' . $lang->global['seclisten'] . '" /></td>
</tr>
<tr>
<td class="none"><img src="' . $BASEURL . '/' . $pic_base_url . 'reload.gif" border="0" style="cursor:pointer" onload="reload()" onclick="javascript:reload()" alt="' . $lang->global['secimagehint'] . '" title="' . $lang->global['secimagehint'] . '" /></td>
</tr>
</table>
</td>
</tr>
<tr><td class="rowhead">' . $lang->global['seccode'] . '</td>
<td><input type="text" size="26" name="imagestring" class="inputPassword" value="" />
' . ($submitbutton ? '<input type="submit" value="' . $buttonname . '" class="btn" />' : '') . '
</td></tr>';
}
}
function image_code ($length = 5)
{
$_SESSION['randomstr'] = $_SESSION['imagehash'] = $captcha_string = '';
$set = array ('A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'J', 'K', 'L', 'M', 'N', 'P', 'R', 'S', 'T', 'U', 'V', 'W', 'X', 'Y', 'Z');
$i = 1;
while ($i <= $length)
{
$ch = rand (0, count ($set) - 1);
$captcha_string .= $set[$ch];
++$i;
}
$imagehash = md5 ($captcha_string);
$_SESSION['randomstr'] = $captcha_string;
$_SESSION['imagehash'] = $imagehash;
return $imagehash;
}
*/
function check_code ($imagestring, $where = 'signup.php', $maxattemptlog = true, $extra = '', $returnback = false)
{
global $BASEURL;
if (((!empty ($_SESSION['imagehash']) AND !empty ($imagestring)) AND md5 ($imagestring) === $_SESSION['imagehash']))
{
unset ($_SESSION[randomstr]);
unset ($_SESSION[imagehash]);
if ($returnback)
{
return $returnback;
}
}
else
{
if ($returnback)
{
if ($maxattemptlog)
{
failedlogins ('silent');
}
return false;
}
if (($where == 'login.php' AND $maxattemptlog))
{
failedlogins ('silent');
header ('' . 'Location: ' . $BASEURL . '/login.php?error=2' . $extra);
exit ();
return null;
}
if (($where == 'recover.php' AND $maxattemptlog))
{
failedlogins ('silent');
header ('' . 'Location: ' . $BASEURL . '/recover.php?error=2');
exit ();
return null;
}
if (($where == 'recoverhint.php' AND $maxattemptlog))
{
failedlogins ('silent');
header ('' . 'Location: ' . $BASEURL . '/recoverhint.php?error=2');
exit ();
return null;
}
if (strstr ($where, 'signup.php'))
{
$ayrac = (strstr ($where, '?') ? '&' : '?');
header ('Location: ' . $BASEURL . '/' . $where . $ayrac . 'error=2');
exit ();
return null;
}
if ($maxattemptlog)
{
failedlogins ('silent');
}
$where = $BASEURL . (substr ($where, 0, 1) == '/' ? '' : '/') . $where;
header ('Location: ' . $where);
exit ();
}
}
function remaining ($type = 'login')
{
global $maxloginattempts;
global $ip;
if (!$ip)
{
$ip = getip ();
}
$Query = sql_query ('SELECT SUM(attempts) FROM loginattempts WHERE ip=' . sqlesc ($ip) . ' LIMIT 0,1');
list ($total) = mysql_fetch_array ($Query);
$left = $maxloginattempts - $total;
return ($left <= 2 ? '<font color="#f90510">[' . $left . ']</font>' : '<font color="#037621">[' . $left . ']</font>');
}
function failedloginscheck ($type = 'Login')
{
global $maxloginattempts;
global $BASEURL;
global $ip;
global $lang;
if (!$ip)
{
$ip = getip ();
}
$Query = @sql_query ('SELECT SUM(attempts) FROM loginattempts WHERE ip=' . @sqlesc ($ip) . ' LIMIT 0,1');
list ($total) = @mysql_fetch_array ($Query);
if ($maxloginattempts <= $total)
{
sql_query ('UPDATE loginattempts SET banned = \'yes\' WHERE ip=' . sqlesc ($ip));
stderr (sprintf ($lang->global['xlocked'], $type), sprintf ($lang->global['xlocked2'], '<a href=' . $BASEURL . '/unbaniprequest.php?ip=' . htmlspecialchars_uni ($ip) . '&action=showform>'), false);
}
}
function failedlogins ($type = 'login', $recover = false, $head = true, $msg = false, $uid = 0)
{
global $BASEURL;
global $ip;
global $lang;
global $username;
global $password;
global $md5pw;
global $iphost;
global $ipaddress;
if (!$ip)
{
$ip = getip ();
}
$added = sqlesc (get_date_time ());
$a = mysql_fetch_row (@sql_query ('SELECT COUNT(*) FROM loginattempts WHERE ip=' . @sqlesc ($ip) . ' LIMIT 0,1'));
if ($a[0] == 0)
{
sql_query ('INSERT INTO loginattempts (ip, added, attempts) VALUES (' . sqlesc ($ip) . ('' . ', ' . $added . ', 1)'));
}
else
{
sql_query ('UPDATE loginattempts SET attempts = attempts + 1 WHERE ip=' . sqlesc ($ip));
}
if ($recover)
{
sql_query ('UPDATE loginattempts SET type = \'recover\' WHERE ip = ' . sqlesc ($ip));
}
if (($msg AND $uid))
{
$subject = sqlesc ($lang->global['warning']);
$message = sqlesc (sprintf ($lang->global['accountwarn'], $username, $password, $md5pw, $ipaddress, $iphost));
sql_query ('' . 'INSERT INTO messages (sender, receiver, added, msg, subject) VALUES(0, ' . $uid . ', ' . $added . ', ' . $message . ', ' . $subject . ')');
}
if (($type == 'silent' OR $type == 'login'))
{
return null;
}
stderr ($lang->global['error'], $type, false, $head);
}
if (!defined ('IN_TRACKER'))
{
exit ('<font face=\'verdana\' size=\'2\' color=\'darkred\'><b>Error!</b> Direct initialization of this file is not allowed.</font>');
}
?>
|
