www.gusucode.com > pluck PHP多国语言简洁CMS系统 v4.7.4PHP源码程序 > pluck PHP多国语言简洁CMS系统 v4.7.4/PluckCMS4.7.4/PluckCMS4.7.4/login.php
<?php
/*
* This file is part of pluck, the easy content management system
* Copyright (c) pluck team
* http://www.pluck-cms.org
* Pluck is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
* See docs/COPYING for the complete license.
*/
//First, define that we are in pluck.
define('IN_PLUCK', true);
//Then start session support.
session_start();
//Include security-enhancements.
require_once 'data/inc/security.php';
//Include functions.
require_once 'data/inc/functions.modules.php';
require_once 'data/inc/functions.all.php';
//Include variables.
require_once 'data/inc/variables.all.php';
//Check if we've installed pluck.
if (!file_exists('data/settings/install.dat')) {
$titelkop = $lang['install']['not'];
include_once 'data/inc/header2.php';
redirect('install.php', 3);
show_error($lang['install']['not_message'], 1);
include_once 'data/inc/footer.php';
}
//If pluck is installed:
else {
require_once 'data/settings/pass.php';
//Check if we're already logged in. First, get the token.
require_once 'data/settings/token.php';
if (isset($_SESSION[$token]) && ($_SESSION[$token] == 'pluck_loggedin')) {
header('Location: admin.php');
exit;
}
//Include header-file.
$titelkop = $lang['login']['title'];
include_once 'data/inc/header2.php';
//If password has been sent, and the bogus input is empty, MD5-encrypt password.
if (isset($_POST['submit']) && empty($_POST['bogus'])) {
$pass = hash('sha512', $cont1);
//Create hash from user-IP, for brute-force protection.
define('LOGIN_ATTEMPT_FILE', 'data/settings/loginattempt_'.hash('sha512', $_SERVER['REMOTE_ADDR']).'.php');
//Check if user has tried to login before.
if (file_exists(LOGIN_ATTEMPT_FILE)) {
require(LOGIN_ATTEMPT_FILE);
//Determine the amount of seconds that a user will be blocked (300 = 5 minutes).
$timestamp = $timestamp + 300;
//Block access if user has tried 5 times.
if (($tries == 5)) {
//Check if time hasn't exceeded yet, then block user.
if ($timestamp > time())
$login_error = show_error($lang['login']['too_many_attempts'], 1, true);
//If time has exceeded, unblock user.
else
unlink(LOGIN_ATTEMPT_FILE);
}
}
//If password is correct, save session-cookie.
if (($pass == $ww) && (!isset($login_error))) {
$_SESSION[$token] = 'pluck_loggedin';
//Delete loginattempt file, if it exists.
if (file_exists(LOGIN_ATTEMPT_FILE))
unlink(LOGIN_ATTEMPT_FILE);
//Display success message.
show_error($lang['login']['correct'], 3);
if (isset($_SESSION['pluck_before']))
redirect($_SESSION['pluck_before'], 1);
else
redirect('admin.php?action=start', 1);
include_once 'data/inc/footer.php';
exit;
}
//If password is not correct; display error, and store attempt in loginattempt file for brute-force protection.
elseif (($pass != $ww) && (!isset($login_error))) {
$login_error = show_error($lang['login']['incorrect'], 1, true);
//If a loginattempt file already exists, update tries variable.
if (file_exists(LOGIN_ATTEMPT_FILE))
$tries++;
else
$tries = 1;
//Get current timestamp and save file.
save_file (LOGIN_ATTEMPT_FILE, array('tries' => $tries, 'timestamp' => time()));
}
}
?>
<span class="kop2"><?php echo $lang['login']['password']; ?></span>
<form action="" method="post">
<input name="cont1" size="25" type="password" />
<input type="text" name="bogus" style="display: none;" />
<input type="submit" name="submit" value="<?php echo ucfirst($lang['login']['title']); ?>" />
</form>
<?php
if (isset($login_error))
echo $login_error;
include_once 'data/inc/footer.php';
}
?>