@Ghazascanner
_2019runbot
Ghazascanner File Manager
server :Linux www.thesweb.ru 4.19.0-22-amd64 #1 SMP Debian 4.19.260-1 (2022-09-29) x86_64
Current Path :
/
var
/
www
/
www-root
/
data
/
www
/
new.labinform.ru
/
free_thes
/
Path :
Upload File :
New :
File
Dir
/var/www/www-root/data/www/new.labinform.ru/free_thes/auth.php
<?php //ob_start(); //session_start(); //if ((isset($_SESSION['valid'])) && ($_SESSION['valid'] === true)) { // if ((!isset($_SESSION['authurl'])) || ($_SESSION['authurl'] == '') || ($_SESSION['authurl'] == '/auth.php')) // $_SESSION['authurl'] = '/'; // header('Location: ' . $_SESSION['authurl']); //} //print_r($_POST); $msg = ""; if (isset($_POST['username']) && !empty($_POST['username']) && !empty($_POST['password'])) { //include_once "config.php"; $login = $_POST['username']; $password = $_POST['password']; $sql = 'SELECT userid, login, usertypeid FROM users WHERE login = \'' . $login . '\' AND password = \'' . $password . '\' AND (last_check IS NULL OR (last_check + (\'3 second\')::interval < CURRENT_TIMESTAMP)); '; //SELECT * FROM users WHERE last_check IS NULL OR (last_check + ('3 second')::interval < CURRENT_TIMESTAMP); //UPDATE users SET last_check = CURRENT_TIMESTAMP //echo $sql; if (isset($_SESSION[LoginURI]['copy2Thes'])) unset($_SESSION[LoginURI]['copy2Thes']); $res = pg_query ($conn, $sql); if ($row = pg_fetch_array($res)) { $_SESSION[LoginURI]['valid_thes'] = true; $_SESSION[LoginURI]['timeout'] = time(); $_SESSION[LoginURI]['login'] = $login; $_SESSION[LoginURI]['username'] = $login; $_SESSION[LoginURI]['usertypeid'] = $row['usertypeid']; $_SESSION[LoginURI]['usr_id'] = $row['userid']; $timeout = 600; $_SESSION[LoginURI]["expires_by"] = time() + $timeout; pg_free_result ($res); $sql = "INSERT INTO session(sessionid, userid, datestart, timestart, dateend, timeend, dateload, timeload, copyid) ". "VALUES (nextval('sequence_session'), " . $_SESSION[LoginURI]['usr_id'] . ", current_date, current_time, current_date, current_time, NULL, NULL, (SELECT valueid FROM sequence where fieldstr = 'CopyId')) RETURNING sessionid"; $res = pg_query ($conn, $sql); $_SESSION[LoginURI]['ssid'] = ''; if ($row = pg_fetch_array($res)) $_SESSION[LoginURI]['ssid'] = $row['sessionid']; $msg = '{"status": "OK", "message":"Залогинено!", "session_id": "' . $_SESSION[LoginURI]['ssid'] . '", "user": "' . $_SESSION[LoginURI]['username'] .'"}'; pg_free_result ($res); //exit; header('Location: ' . $_SERVER['REQUEST_URI']); } else { pg_free_result ($res); $sql = 'UPDATE users SET last_check = CURRENT_TIMESTAMP WHERE userid in (SELECT userid FROM users WHERE login = \'' . str_replace("'", "''", $login) . '\')'; $res = pg_query ($conn, $sql); $msg = "Неверный логин или пароль."; } //exit; } else { $msg = ""; } ?> <!DOCTYPE HTML> <html> <head> <meta content="text/html;charset=utf-8" http-equiv="Content-Type"> <title>Авторизация</title> <!--link href = "css/bootstrap.min.css" rel = "stylesheet"--> <script src="jquery-3.1.1.min.js" type="text/javascript"></script> <script src="jquery.easyui.min.js" type="text/javascript"></script> <link rel="stylesheet" type="text/css" href="themes/gray/easyui.css" /> <link rel="shortcut icon" type="image/x-icon" href="favicon.ico" /> <link rel="stylesheet" type="text/css" href="themes/icon.css" /> <link rel="stylesheet" type="text/css" href="themes/color.css" /> <link rel="stylesheet" type="text/css" href="main.css" /> <style> body { font: 13px/20px 'Lucida Grande',Tahoma,Verdana,sans-serif; padding-top: 40px; padding-bottom: 40px; /*background-color: #ebebeb;*/ } .error-login { font-size: 8pt; color: red; } </style> <script> $(document).ready(function () { $('#pass').textbox('textbox').bind('keydown', function(e) { if (e.which == 13) { submitForm(); return false; } }); setTimeout(function () { if ($('#login').textbox('getText') != '') { $('#pass').textbox('textbox').focus(); $('#pass').textbox('textbox').focus(); } else { $('#login').textbox('textbox').focus(); $('#login').textbox('textbox').focus(); } }, 50); }); function submitForm(){ $('#ff').submit(); } function clearForm(){ $('#ff').form('clear'); } </script> </head> <body style="visibility: hidden" onload="setTimeout ('document.body.style.visibility = \'visible\'', 0)"> <div class="easyui-panel" data-options="style: {margin: '180px auto 0 auto'}" title="Авторизация :: <? echo $title ?>" style="max-width:400px; padding:30px 50px;"> <!--div class = "login"--> <!--h1>Авторизация</h1--> <form id="ff" class="form-signin" role="form" action="" method="post"> <p> <input id="login" type="text" class="easyui-textbox" name="username" style="width:100%;height:40px;padding:12px" data-options="prompt:'Пользователь',iconCls:'icon-man',iconWidth:38" value="<? if (isset($_SESSION[LoginURI]['login'])) echo $_SESSION[LoginURI]['login']; ?>"> <!--input type="text" class="form-control" name="username" placeholder="Пользователь" required autofocus--><br/> </p> <p> <input id="pass" class="easyui-passwordbox" name="password" style="width:100%;height:40px;padding:12px" data-options="prompt:'Пароль', checkInterval: 1, lastDelay: 0, iconWidth:38"> <!--input type = "password" class="form-control" name="password" placeholder="Пароль" required--><br /> </p> <p class="submit"> <!--input type="submit" name="login" value="Вход"--> <a href="javascript:;" class="easyui-linkbutton" data-options="onClick: submitForm, iconCls:'icon-ok', iconWidth:38" style="padding:5px 0px;width:100%; height: 40px"> <span style="font-size:14px;">Вход</span> </a> <?PHP if ($msg != "") { echo "<div class=\"error-login\">" . $msg . "</div>"; } ?> </p> </form> </div> </body> </html>