$ck_staff_version = "0.1"; if (! $ck_common_version) { require("libs/ckcommon.inc"); } $ck_staff_params = array(); $ck_staff_bugs = ""; function LoginTableUpdated() { global $cnx, $ck_login_table, $ck_staff_bugs, $dbname; // to use this API the login table must have a LastSID field -- if not found // try to create it and issue true or false on success $login_fields = RunStatement("SHOW FIELDS FROM $ck_login_table", $cnx, "Name"); if ($login_fields[Error]) { $ck_staff_bugs .= "--------LoginTableUpdated()-------------\n" . mysql_errno($cnx) . ": $login_fields[Error]\n\n$login_fields[Statement]\n\n------------------------------------\n"; return 0; } if (! $login_fields[LastSID]) { $alterst = "ALTER TABLE $ck_login_table ADD LastSID VARCHAR(255) NOT NULL DEFAULT 'system'"; $altres = mysql_db_query($dbname, $alterst, $cnx); if ($altres) { return 1; } else { $ck_staff_bugs .= "-------LoginTableUpdated()--------------\n" . mysql_errno($cnx) . ": " . mysql_error($cnx) . "\n\n$alterst\n\n------------------------------------\n"; } } else { return 1; } } function ValidLogin($CLogin = "", $CPW = "") { global $SQLNow, $myIP, $myAgent, $cnx, $ck_user_params, $ck_login_table, $ck_staff_params, $ck_staff_bugs, $session, $ck_sid, $pre_item, $nxt_item; if (! $ck_login_table) { $ck_login_table = "Managers"; } if ((! $session) and ($ck_sid)) { // cookie OK $session = $ck_sid; } if ((! trim($CLogin)) and (! trim($CPW))) { $CLogin = $pre_item; $CPW = $nxt_item; } if ((! trim($CLogin)) or (! trim($CPW))) { $res = mysql_query("SELECT LogName AS Login, PassWord AS PW, AdminLevel, ID, Name, LastLogin, LastIP, SourceGroupID, LastUserAgent, LastSID FROM Managers WHERE LastSID='$session' OR (LastSID='' AND LastIP='$myIP')", $cnx); if (! $res) { if (LoginTableUpdated()) { $ck_staff_bugs .= "-------ValidLogin()--------------------\n" . mysql_errno($cnx) . ": " . mysql_error($cnx) . "\n\n------------------------------------\n"; // try again $resb = mysql_query("SELECT LogName AS Login, PassWord AS PW, AdminLevel, ID, Name, LastLogin, LastIP, SourceGroupID, LastUserAgent FROM Managers WHERE LastSID='$session' OR (LastSID='' AND LastIP='$myIP')", $cnx); if ($resb) { $res = $resb; } else { $ck_staff_bugs .= "-------ValidLogin()--------------------\n" . mysql_errno($cnx) . ": " . mysql_error($cnx) . "\n\n------------------------------------\n"; return 0; } } else { return 0; } } $ck_staff_params = mysql_fetch_array($res); if (! $ck_staff_params[ID]) { // we don't know you - bye bye $ck_staff_bugs .= "\nNo ID Found FOR $myIP\n"; return 0; } // login and password not sent from HTTP_POST_VARS // Grab Verification From SessionID In Log In TABLE if ((! $ck_staff_params[AdminLevel]) or ($ck_staff_params[AdminLevel] == 0)) { $ck_staff_bugs .= "\nAdmin Level Check: $ck_staff_params[AdminLevel]\n"; $ck_staff_params[AdminLevel] = 0; return $ck_staff_params[AdminLevel]; } if (! $ck_staff_params[LastLogin]) { $ck_staff_bugs .= "\nLast Login Check: $ck_staff_params[LastLogin]\n"; return 0; } if ((! $ck_staff_params[LastIP]) or ($ck_staff_params[LastIP] != $myIP)) { $ck_staff_bugs .= "\nLast Login IP Check: $ck_staff_params[LastIP] not $myIP\n"; return 0; } $lasttime = ereg_replace("[^0-9]+", "", $ck_staff_params[LastLogin]); $thistime = date("YmdHis"); $diff = $thistime - $lasttime; if ($diff > 6000) { $ck_staff_bugs .= "\nLast Login Time Check: DIFF: $diff Last Login: $lasttime Now: $thistime\n"; return 0; } mysql_query("UPDATE Managers SET LastLogin='$SQLNow', LastIP='$myIP', LastUserAgent='$myAgent', LastSID='$session' WHERE ID='$ck_staff_params[ID]'"); return $ck_staff_params[AdminLevel]; } else { // COMPARE login and password with $ck_staff_params $cry = crypt($CPW, substr($CLogin, 0, 2)); $res = mysql_query("SELECT LogName AS Login, PassWord AS PW, AdminLevel, ID, Name, LastLogin, LastIP, SourceGroupID, LastUserAgent, LastSID FROM Managers WHERE LogName='$CLogin' AND (PassWord='$cry' OR PassWord='$CPW')", $cnx); if (! $res) { if (LoginTableUpdated()) { $ck_staff_bugs .= "-------ValidLogin()--------------------\n" . mysql_errno($cnx) . ": " . mysql_error($cnx) . "\n\n------------------------------------\n"; // try again $resb = mysql_query("SELECT LogName AS Login, PassWord AS PW, AdminLevel, ID, Name, LastLogin, LastIP, SourceGroupID, LastUserAgent FROM Managers WHERE LastSID='$session' OR (LastSID='' AND LastIP='$myIP')", $cnx); if ($resb) { $res = $resb; } else { $ck_staff_bugs .= "-------ValidLogin()--------------------\n" . mysql_errno($cnx) . ": " . mysql_error($cnx) . "\n\n------------------------------------\n"; return 0; } } else { return 0; } } $ck_staff_params = mysql_fetch_array($res); if (! $ck_staff_params[ID]) { // we don't know you - bye bye $ck_staff_bugs .= "\nNo ID Found FOR $CLogin using $cry or $CPW\n"; return 0; } if (($cry == $ck_staff_params[PW]) or ($CPW == $ck_staff_params[PW])) { // matches encrypted or not encrypted mysql_query("UPDATE Managers SET LastLogin='$SQLNow', LastIP='$myIP', LastUserAgent='$myAgent', LastSID='$session' WHERE ID='$ck_staff_params[ID]'"); if ((! trim($pre_item)) and (! trim($nxt_item))) { $pre_item = $CLogin; $nxt_item = $ck_staff_params[PW]; } return $ck_staff_params[AdminLevel]; } else { $ck_staff_bugs .= "\nPassword Check: $cry or $CPW is not $ck_staff_params[PassWord]\n"; return 0; } } // just in case of slippage (who knows?) return 0; } function CreateLogForm($CLogin = "") { global $ck_staff_bugs, $area, $session, $user, $itemID, $pre_item, $nxt_item, $item_type, $extension, $PHP_SELF; return "
"; } ?>