LoGD Standardrelease steht hier zum Download zur Verfügung!

Zeige Source: /login.php

Hier klicken für den Source, ODER
Weitere Dateien, von denen du den Quelltext sehen kannst:
(Das Lesen des Source, um sich spielerische Vorteile zu verschaffen, ist nicht erlaubt. Solltest du Schwachstellen oder Fehler entdecken, bist du als Spieler verpflichtet, diese zu melden.)

Source von: /login.php

<?php



//29092006



require_once "common.php";



if (
$_POST[name]!=""){

    if (
$session[loggedin]){

        
redirect("badnav.php");

    }else{

        if(
0){

        }else{

            
$result db_fetch_assoc(db_query("SELECT COUNT(acctid) AS onlinecount FROM accounts WHERE locked=0 AND loggedin=1 AND laston>'".date("Y-m-d H:i:s",strtotime(date("c")."-".getsetting("LOGINTIMEOUT",900)." seconds"))."'"));

            
$onlinecount $result['onlinecount'];



            
$sql "SELECT * FROM accounts WHERE login = '".addslashes(stripslashes($_POST['name']))."' AND password=MD5('{$_POST['password']}') AND locked=0";

            
$result db_query($sql);

            if (
db_num_rows($result)==1){

                
$session[user]=db_fetch_assoc($result);

        require_once 
"./lib/gilden.php";

                
loadguild($session['user']['memberid']);

                
//echo "Ooga Booga";

                //flush();

                //exit();

                
checkban($session[user][login]); //check if this account is banned

                
checkban(); //check if this computer is banned

                /*if (strpos($_SERVER['SERVER_NAME'],"logd.mightye.org")!==false && $session['user']['superuser']<1){

                    if (date("H")<2 || date("H")>17){

                    $session[message]="`\$The dev server shuts down in the

                        evening now so that I may partake of my home

                        bandwidth.  This server is only available from

                        2am to 5pm from now on.";

                    //echo $session[message];

                    header("Location: index.php");

                    exit();

                    //redirect("index.php");

                    }

                }*/

                
if ($session[user][emailvalidation]!="" && substr($session['user']['emailvalidation'],0,1)!="x"){

                    
$session[user]=array();

                    
$session[message]="`4Fehler: Du musst deine E-Mail Adresse bestätigen lassen, bevor du dich einloggen kannst.";

                    echo 
$session[message];

                    
//header("Location: index.php");

                    
exit();

                }else{

                    if (
$onlinecount<getsetting("maxonline",10) || getsetting("maxonline",10)==|| $session[user][superuser]>0){

                        
//loaduser($session['user']);

                        
$session[loggedin]=true;

                        
$session[output]=$session[user][output];

                        
$session['petitions'] = array();

                        
$session[laston]=date("Y-m-d H:i:s");

                        
$session[sentnotice]=0;

                        
$session[user][dragonpoints]=unserialize($session[user][dragonpoints]);

                        
$session[user][prefs]=unserialize($session[user][prefs]);

                        
$session['bufflist']=unserialize($session['user']['bufflist']);

                        if (!
is_array($session[user][dragonpoints])) $session[user][dragonpoints]=array();

                        if (
$session[user][loggedin]){

                            
$session[allowednavs]=unserialize($session[user][allowednavs]);

                            
saveuser();

                            
header("Location: {$session['user']['restorepage']}");

                            exit();

                            
//redirect($session['user']['page']);//"badnav.php");

                        
}

                        
db_query("UPDATE accounts SET loggedin=".true.", location=0 WHERE acctid = ".$session[user][acctid]);

                        
$session[user][loggedin]=true;

                        
$location $session[user][location];

                        
$session[user][location]=0;

                        
debuglog("logged in ");

                        if (
$session[user][alive]==&& $session[user][slainby]!=""){

                            
//they're not really dead, they were killed in pvp.

                            
$session[user][alive]=true;

                        }

                        if (
getsetting("logdnet",0)){

                            
//register with LoGDnet

                            
@file(getsetting("logdnetserver","http://lotgd.net/")."logdnet.php?addy=".URLEncode(getsetting("serverurl","http://".$_SERVER['SERVER_NAME'].dirname($_SERVER['REQUEST_URI'])))."&desc=".URLEncode(getsetting("serverdesc","Another LoGD Server"))."&version=".URLEncode($logd_version)."");

                        }

                        if (
$location==0){

                            
redirect("news.php");

                        }else if(
$location==1){

                            
redirect("inn.php?op=strolldown");

                        }else if(
$location==2){

                            
redirect("houses.php?op=newday");

                        }else if(
$location==9){

                            
redirect("jail.php");

                        }else{

                            
saveuser();

                            
header("Location: {$session['user']['restorepage']}");

                            exit();

                        }

                    }else{

                        
$session['user'] = array();

                        
$session[message]="`4Fehler: Der Server ist voll.`0";

                        
redirect("index.php");

                    }

                }

            }else{

                
$session[message]="`4Fehler: Login-Daten waren ungültig.`0";

                
//now we'll log the failed attempt and begin to issue bans if there are too many, plus notify the admins.

                
$sql "DELETE FROM faillog WHERE date<'".date("Y-m-d H:i:s",strtotime(date("c")."-".(getsetting("expirecontent",180)/4)." days"))."'";

                
checkban();

                
db_query($sql);

                
$sql "SELECT acctid FROM accounts WHERE login='{$_POST['name']}'";

                
$result db_query($sql);

                if (
db_num_rows($result)>0){ // just in case there manage to be multiple accounts on this name.

                    
while ($row=db_fetch_assoc($result)){

                        
$sql "INSERT INTO faillog VALUES (0,now(),'".addslashes(serialize($_POST))."','{$_SERVER['REMOTE_ADDR']}','{$row['acctid']}','{$_COOKIE['lgi']}')";

                        
db_query($sql);

                        
$sql "SELECT faillog.*,accounts.superuser,name,login FROM faillog INNER JOIN accounts ON accounts.acctid=faillog.acctid WHERE ip='{$_SERVER['REMOTE_ADDR']}' AND date>'".date("Y-m-d H:i:s",strtotime(date("c")."-1 day"))."'";

                        
$result2 db_query($sql);

                        
$c=0;

                        
$alert="";

                        
$su=false;

                        while (
$row2=db_fetch_assoc($result2)){

                            if (
$row2['superuser']>0) {$c+=1$su=true;}

                            
$c+=1;

                            
$alert.="`3{$row2['date']}`7: Failed attempt from `&{$row2['ip']}`7 [`3{$row2['id']}`7] to log on to `^{$row2['login']}`7 ({$row2['name']}`7)`n";

                        }

                        if (
$c>=10){ // 5 failed attempts for superuser, 10 for regular user

                            
$sql "INSERT INTO bans VALUES ('{$_SERVER['REMOTE_ADDR']}','','".date("Y-m-d H:i:s",strtotime(date("c")."+".($c*3)." hours"))."','Automatischer Systembann: Zu viele fehlgeschlagene Loginversuche.')";

                            
db_query($sql);

                            if (
$su){ // send a system message to admins regarding this failed attempt if it includes superusers.

                                
$sql "SELECT acctid FROM accounts WHERE superuser>=3";

                                
$result2 db_query($sql);

                                
$subj "`#{$_SERVER['REMOTE_ADDR']} failed to log in too many times!";

                                for (
$i=0;$i<db_num_rows($result2);$i++){

                                    
$row2 db_fetch_assoc($result2);

                                    
//delete old messages that

                                    
$sql "DELETE FROM mail WHERE msgto={$row2['acctid']} AND msgfrom=0 AND subject = '$subj' AND seen=0";

                                    
db_query($sql);

                                    if (
db_affected_rows()>0$noemail true; else $noemail false;

                                    
systemmail($row2['acctid'],"$subj","This message is generated as a result of one or more of the accounts having been a superuser account.  Log Follows:`n`n$alert",0,$noemail);

                                }
//end for

                            
}//end if($su)

                        
}//end if($c>=10)

                    
}//end while

                
}else{



                }
//end if (db_num_rows)

                
redirect("index.php");

            }

        }

    }

}else if (
$_GET[op]=="logout"){

    if (
$session[user][loggedin]){

    
debuglog("logged out ");

      
$sql "UPDATE accounts SET loggedin=0 WHERE acctid = ".$session[user][acctid];

        
db_query($sql) or die(sql_error($sql));

    }

    
$session=array();

    
redirect("index.php");

}

// If you enter an empty username, don't just say oops.. do something useful.

$session=array();

$session[message]="`4Fehler: Die Login-Daten waren fehlerhaft.`0";

redirect("index.php");

?>