Файл: core/modules/auth.php
Строк: 35
<?php
if (!defined('BLOG')) { die('Access Denied!'); }
$is_admin = FALSE;
if (!empty($config['cookies']) && empty($_SESSION[SP]['login']) && empty($_SESSION[SP]['paswd'])) {
if (!empty($_COOKIE['clog']) && !empty($_COOKIE['cpas']) && !empty($_COOKIE['cuip'])) {
$unlog = check(xoft_decode($_COOKIE['clog'], $config['key']));
$unpar = xoft_decode($_COOKIE['cpas'], $config['key']);
$userp = substr(str_replace('.', '', $_SERVER['REMOTE_ADDR']), 0, 5);
if ($userp == $_COOKIE['cuip']) {
session_regenerate_id(1);
$_SESSION[SP]['login'] = $unlog;
$_SESSION[SP]['paswd'] = $unpar;
$_SESSION[SP]['userp'] = $userp;
}
}
}
# Авторизация
if (!empty($_SESSION[SP]['login']) && !empty($_SESSION[SP]['paswd']) && !empty($_SESSION[SP]['userp'])) {
$log = check($_SESSION[SP]['login']);
$usip = substr(str_replace('.', '', $_SERVER['REMOTE_ADDR']), 0, 5);
$uset = $db->selectRow( "SELECT * FROM ?_user WHERE `login` = ? LIMIT 1", $log );
if (!empty($uset) && $usip == $_SESSION[SP]['userp']) {
if ($_SESSION[SP]['login'] == $uset['login'] && md5($_SESSION[SP]['paswd']) == $uset['pass']) {
$is_admin = 1;
$_SESSION[SP]['times'] = !empty($_SESSION[SP]['times']) ? (int) $_SESSION[SP]['times'] : 0;
if ($_SESSION[SP]['times'] < (time()-$config['online_time'])) {
$db->query("UPDATE ?_user SET `now_time` = ? WHERE `login` = ? LIMIT 1;", time(), $uset['login']);
$_SESSION[SP]['times'] = time();
}
}
}
}
if (!empty($_GET['logout']) && $is_admin) {
unset($_SESSION[SP]['login'], $_SESSION[SP]['paswd'], $_SESSION[SP]['userp']);
unset($_COOKIE['clog'], $_COOKIE['cpas'], $_COOKIE['cuip']);
addMessage('Досвидание ' . $uset['login'] . '!', 'ok');
gen_red('index');
}
?>