Hallo ihr lieben
Ich hoffe ihr könnt mir auch diesmal weiterhelfen.
Wir haben das Problem, dass wir nach dem Einloggen auf der village.php-Seite hängen bleiben. Man kommt von da aus nicht mehr weg. Man kann nur noch die Navs reparieren über die admin grotte (mit nem anderen nutzer).
Ich habe jetzt schon einpaar Sachen durchstöbert und den Befehl
$this->bbcode_second_pass_code('', 'UPDATE `accounts` SET `output` = '', `allowednavs` = '', `restorepage` = '' WHERE `acctid` = 'die id'') aus dem Thread (viewtopic.php?f=34&t=1887&hilit=tipps+und+tricks 2. Post) ausgeführt. Das hat allerdings nicht geholfen...
Dann habe ich noch was von "Location sollte immer 0" gelesen... Allerdings finde ich den Thread beim besten Willen nicht mehr >.<
Ich hoffe ihr könnt mir helfen...
Hier mal Login.php, und Village.php
PHP:
<?php
// 21072004
require_once "common.php";
addcommentary();
checkday();
if ($session['user']['alive']){ }else{
redirect("shades.php");
}
$sql="SELECT acctid1,acctid2,turn FROM pvp WHERE acctid1=".$session[user][acctid]." OR acctid2=".$session[user][acctid]."";
$result = db_query($sql) or die(db_error(LINK));
$row = db_fetch_assoc($result);
if(($row[acctid1]==$session[user][acctid] && $row[turn]==1) || ($row[acctid2]==$session[user][acctid] && $row[turn]==2)){
redirect("pvparena.php");
}
// if (getsetting("automaster",1) && $session['user']['seenmaster']!=1){
if (getsetting("automaster",1) && $session['user']['seenmaster']!=2){
//masters hunt down truant students
$exparray=array(1=>100,400,1002,1912,3140,4707,6641,8985,11795,15143,19121,23840,29437,36071,43930,55000);
while (list($key,$val)=each($exparray)){
$exparray[$key]= round(
$val + ($session['user']['dragonkills']/4) * $session['user']['level'] * 100
,0);
}
$expreqd=$exparray[$session['user']['level']+1];
if ($session['user']['experience']>$expreqd && $session['user']['level']<15){
redirect("train.php?op=autochallenge");
}else if ($session['user']['experience']>$expreqd && $session['user']['level']>=15){
redirect("dragon.php?op=autochallenge");
}
}
$session['user']['specialinc']="";
$session['user']['specialmisc']="";
if (@file_exists("houses.php")) addnav("Wohnviertel","houses.php?location=1");
addnav("Houseshop","houseshop.php");
addnav('Die RP Orte','orte.php');
addnav("Klingengasse");
addnav("Trainingslager","train.php");
if (getsetting("pvp",1)){
addnav("Spieler töten","pvp.php");
addnav("A?Die Arena","pvparena.php");
}
addnav("Ruhmeshalle","hof.php");
addnav("Bibliothek","library.php");
addnav("Marktplatz");
if (getsetting("vendor",0)==1) addnav("Wanderhändler","vendor.php");
addnav("W?MightyEs Waffen","weapons.php");
addnav("R?Pegasus Rüstungen","armor.php");
addnav("B?Die alte Bank","bank.php");
addnav("Arbeitsvermittlung","arbeit.php");
addnav("Z?Zigeunerzelt","gypsy.php");
if (@file_exists("pavilion.php")) addnav("P?Auffälliger Pavilion","pavilion.php");
addnav("Tavernenstrasse");
addnav("Speisesaal","speisesaal.php");
addnav("E?Schenke zum Eberkopf","inn.php",true);
addnav("Mericks Ställe","stables.php");
if (@file_exists("lodge.php")) addnav("J?Jägerhütte","lodge.php");
addnav("G?Der Garten", "gardens.php");
addnav("F?Seltsamer Felsen", "rock.php");
addnav("`bSonstiges`b");
addnav("??F.A.Q. (für neue Spieler)", "petition.php?op=faq",false,true);
addnav("N?Tägliche News","news.php");
addnav("Profil & Inventar","prefs.php");
addnav("Adminliste","superlist.php");
addnav("Bewohnerliste","list.php");
addnav("In die Felder (Logout)","login.php?op=logout",true);
addnav("Spiel-Forum","http://www.logd-welt.de/forum/index.php",false,false,true);
if ($session[user][superuser]>=2){
addnav("X?`bAdmin Grotte`b","superuser.php");
if (@file_exists("test.php")) addnav("Test","test.php");
}
//let users try to cheat, we protect against this and will know if they try.
addnav("","superuser.php");
addnav("","user.php");
addnav("","taunt.php");
addnav("","creatures.php");
addnav("","configuration.php");
addnav("","badword.php");
addnav("","armoreditor.php");
addnav("","bios.php");
addnav("","badword.php");
addnav("","donators.php");
addnav("","referers.php");
addnav("","retitle.php");
addnav("","stats.php");
addnav("","viewpetition.php");
addnav("","weaponeditor.php");
if ($session[user][superuser]){
addnav("Neuer Tag","newday.php");
}
if (getsetting("topwebid", 0) != 0) {
addnav("Top Web Games");
if (date("Y-W", strtotime($session['user']['lastwebvote'])) < date("Y-W"))
$hilight="`&";
else
$hilight="";
addnav("S?".$hilight."Stimme abgeben", "http://www.topwebgames.com/in.asp?id=".getsetting("topwebid", 0)."&acctid={$session['user']['acctid']}", false, true);
}
page_header("Das Internat von St. Heathsun");
//Palisaden by Taraen
if ($session[user][namecheck]<=2){
redirect("enter.php");
}
//end Palisaden by Taraen
//output("<img src='images/trans.gif' width='1' height='700' alt='' align='right'>",true);
output("`c<img src='http://i40.tinypic.com/fsxt3.jpg'>`c`n`n",true);
output("`&`c`n Das Internat von St.Heathsun.`nStrahlender Sonnenschein und unendliches Wissen`n.Das altherrschaftliche Gemäuer, besiedelt von den Reichsten`nund Klügsten - und jenen, die es gerne wären - Schülern aller Herrenländer,`nbirgt vieles, was es zu entdecken gilt. `nWissen, das absorbiert werden will. Herzen, die im Sturm erobert werden wollen.`nGeheimnisse, die sich, wie schleichend Schatten, durch die Ritzen des Mauerwerks Gehör verschaffen wollen.`n
`c`n");
$sql = "SELECT * FROM news WHERE 1 ORDER BY newsid DESC LIMIT 1";
$result = db_query($sql) or die(db_error(LINK));
$row = db_fetch_assoc($result);
output("`&Auf dem Aushang kannst du folgende Nachricht lesen:`n`n`c`i$row[newstext]`i`c`n");
if (getsetting('activategamedate','0')==1) output("`&Heute ist der `^".getgamedate()."`& in St. Heathsun.`n");
output("`&Die Uhr am Turm des Hauptgebäudes zeigt dir `^".getgametime()."`@.");
output(" `&Das heutige Wetter: `6".$settings['weather']."`&.");
// $t1 = strtotime("now")*getsetting("daysperday",4);
// $t2 = strtotime($session[user][lasthit])*getsetting("daysperday",4);
// $d1 = date("Y-m-d",$t1);
// $d2 = date("Y-m-d",$t2);
//output("`n`nToday is $d1, your last new day was $d2");
output("`n`n`%`&In der Nähe reden einige Schüler:`n");
viewcommentary("village","Hinzufügen",25);
page_footer();
?>
// 21072004
require_once "common.php";
addcommentary();
checkday();
if ($session['user']['alive']){ }else{
redirect("shades.php");
}
$sql="SELECT acctid1,acctid2,turn FROM pvp WHERE acctid1=".$session[user][acctid]." OR acctid2=".$session[user][acctid]."";
$result = db_query($sql) or die(db_error(LINK));
$row = db_fetch_assoc($result);
if(($row[acctid1]==$session[user][acctid] && $row[turn]==1) || ($row[acctid2]==$session[user][acctid] && $row[turn]==2)){
redirect("pvparena.php");
}
// if (getsetting("automaster",1) && $session['user']['seenmaster']!=1){
if (getsetting("automaster",1) && $session['user']['seenmaster']!=2){
//masters hunt down truant students
$exparray=array(1=>100,400,1002,1912,3140,4707,6641,8985,11795,15143,19121,23840,29437,36071,43930,55000);
while (list($key,$val)=each($exparray)){
$exparray[$key]= round(
$val + ($session['user']['dragonkills']/4) * $session['user']['level'] * 100
,0);
}
$expreqd=$exparray[$session['user']['level']+1];
if ($session['user']['experience']>$expreqd && $session['user']['level']<15){
redirect("train.php?op=autochallenge");
}else if ($session['user']['experience']>$expreqd && $session['user']['level']>=15){
redirect("dragon.php?op=autochallenge");
}
}
$session['user']['specialinc']="";
$session['user']['specialmisc']="";
if (@file_exists("houses.php")) addnav("Wohnviertel","houses.php?location=1");
addnav("Houseshop","houseshop.php");
addnav('Die RP Orte','orte.php');
addnav("Klingengasse");
addnav("Trainingslager","train.php");
if (getsetting("pvp",1)){
addnav("Spieler töten","pvp.php");
addnav("A?Die Arena","pvparena.php");
}
addnav("Ruhmeshalle","hof.php");
addnav("Bibliothek","library.php");
addnav("Marktplatz");
if (getsetting("vendor",0)==1) addnav("Wanderhändler","vendor.php");
addnav("W?MightyEs Waffen","weapons.php");
addnav("R?Pegasus Rüstungen","armor.php");
addnav("B?Die alte Bank","bank.php");
addnav("Arbeitsvermittlung","arbeit.php");
addnav("Z?Zigeunerzelt","gypsy.php");
if (@file_exists("pavilion.php")) addnav("P?Auffälliger Pavilion","pavilion.php");
addnav("Tavernenstrasse");
addnav("Speisesaal","speisesaal.php");
addnav("E?Schenke zum Eberkopf","inn.php",true);
addnav("Mericks Ställe","stables.php");
if (@file_exists("lodge.php")) addnav("J?Jägerhütte","lodge.php");
addnav("G?Der Garten", "gardens.php");
addnav("F?Seltsamer Felsen", "rock.php");
addnav("`bSonstiges`b");
addnav("??F.A.Q. (für neue Spieler)", "petition.php?op=faq",false,true);
addnav("N?Tägliche News","news.php");
addnav("Profil & Inventar","prefs.php");
addnav("Adminliste","superlist.php");
addnav("Bewohnerliste","list.php");
addnav("In die Felder (Logout)","login.php?op=logout",true);
addnav("Spiel-Forum","http://www.logd-welt.de/forum/index.php",false,false,true);
if ($session[user][superuser]>=2){
addnav("X?`bAdmin Grotte`b","superuser.php");
if (@file_exists("test.php")) addnav("Test","test.php");
}
//let users try to cheat, we protect against this and will know if they try.
addnav("","superuser.php");
addnav("","user.php");
addnav("","taunt.php");
addnav("","creatures.php");
addnav("","configuration.php");
addnav("","badword.php");
addnav("","armoreditor.php");
addnav("","bios.php");
addnav("","badword.php");
addnav("","donators.php");
addnav("","referers.php");
addnav("","retitle.php");
addnav("","stats.php");
addnav("","viewpetition.php");
addnav("","weaponeditor.php");
if ($session[user][superuser]){
addnav("Neuer Tag","newday.php");
}
if (getsetting("topwebid", 0) != 0) {
addnav("Top Web Games");
if (date("Y-W", strtotime($session['user']['lastwebvote'])) < date("Y-W"))
$hilight="`&";
else
$hilight="";
addnav("S?".$hilight."Stimme abgeben", "http://www.topwebgames.com/in.asp?id=".getsetting("topwebid", 0)."&acctid={$session['user']['acctid']}", false, true);
}
page_header("Das Internat von St. Heathsun");
//Palisaden by Taraen
if ($session[user][namecheck]<=2){
redirect("enter.php");
}
//end Palisaden by Taraen
//output("<img src='images/trans.gif' width='1' height='700' alt='' align='right'>",true);
output("`c<img src='http://i40.tinypic.com/fsxt3.jpg'>`c`n`n",true);
output("`&`c`n Das Internat von St.Heathsun.`nStrahlender Sonnenschein und unendliches Wissen`n.Das altherrschaftliche Gemäuer, besiedelt von den Reichsten`nund Klügsten - und jenen, die es gerne wären - Schülern aller Herrenländer,`nbirgt vieles, was es zu entdecken gilt. `nWissen, das absorbiert werden will. Herzen, die im Sturm erobert werden wollen.`nGeheimnisse, die sich, wie schleichend Schatten, durch die Ritzen des Mauerwerks Gehör verschaffen wollen.`n
`c`n");
$sql = "SELECT * FROM news WHERE 1 ORDER BY newsid DESC LIMIT 1";
$result = db_query($sql) or die(db_error(LINK));
$row = db_fetch_assoc($result);
output("`&Auf dem Aushang kannst du folgende Nachricht lesen:`n`n`c`i$row[newstext]`i`c`n");
if (getsetting('activategamedate','0')==1) output("`&Heute ist der `^".getgamedate()."`& in St. Heathsun.`n");
output("`&Die Uhr am Turm des Hauptgebäudes zeigt dir `^".getgametime()."`@.");
output(" `&Das heutige Wetter: `6".$settings['weather']."`&.");
// $t1 = strtotime("now")*getsetting("daysperday",4);
// $t2 = strtotime($session[user][lasthit])*getsetting("daysperday",4);
// $d1 = date("Y-m-d",$t1);
// $d2 = date("Y-m-d",$t2);
//output("`n`nToday is $d1, your last new day was $d2");
output("`n`n`%`&In der Nähe reden einige Schüler:`n");
viewcommentary("village","Hinzufügen",25);
page_footer();
?>
login.php
PHP:
<?php
require_once "common.php";
if ($HTTP_POST_VARS[name]!=""){
if ($session[loggedin]){
redirect("badnav.php");
}else{
if(0){
}else{
$result = db_fetch_assoc(db_query("SELECT COUNT(acctid) AS onlinecount FROM accounts WHERE locked=0 AND loggedin=1 AND laston>'".date("Y-m-d H:i:s",strtotime(date("r")."-".getsetting("LOGINTIMEOUT",900)." seconds"))."'"));
$onlinecount = $result['onlinecount'];
$sql = "SELECT * FROM accounts WHERE login = '$HTTP_POST_VARS[name]' AND password=MD5('$HTTP_POST_VARS[password]') AND locked=0";
$result = db_query($sql);
if (db_num_rows($result)==1){
$session[user]=db_fetch_assoc($result);
//echo "Ooga Booga";
//flush();
//exit();
checkban($session[user][login]); //check if this account is banned
checkban(); //check if this computer is banned
/*if (strpos($_SERVER['SERVER_NAME'],"logd.mightye.org")!==false && $session['user']['superuser']<1){
if (date("H")<2 || date("H")>17){
$session[message]="`\$The dev server shuts down in the
evening now so that I may partake of my home
bandwidth. This server is only available from
2am to 5pm from now on.";
//echo $session[message];
header("Location: index.php");
exit();
//redirect("index.php");
}
}*/
if ($session[user][emailvalidation]!="" && substr($session['user']['emailvalidation'],0,1)!="x"){
$session[user]=array();
$session[message]="`4Fehler: Du musst deine E-Mail Adresse bestätigen lassen, bevor du dich einloggen kannst.";
echo $session[message];
//header("Location: index.php");
exit();
}else{
if ($onlinecount<getsetting("maxonline",10) || getsetting("maxonline",10)==0 || $session[user][superuser]>0){
//loaduser($session['user']);
$session[loggedin]=true;
$session[output]=$session[user][output];
$session['petitions'] = array();
$session[laston]=date("Y-m-d H:i:s");
$session[sentnotice]=0;
$session[user][dragonpoints]=unserialize($session[user][dragonpoints]);
$session[user][prefs]=unserialize($session[user][prefs]);
$session['bufflist']=unserialize($session['user']['bufflist']);
if (!is_array($session[user][dragonpoints])) $session[user][dragonpoints]=array();
if ($session[user][loggedin]){
$session[allowednavs]=unserialize($session[user][allowednavs]);
saveuser();
header("Location: {$session['user']['restorepage']}");
exit();
//redirect($session['user']['page']);//"badnav.php");
}
db_query("UPDATE accounts SET loggedin=".true.", location=0 WHERE acctid = ".$session[user][acctid]);
$session[user][loggedin]=true;
$location = $session[user][location];
$session[user][location]=0;
debuglog("logged in ");
if ($session[user][alive]==0 && $session[user][slainby]!=""){
//they're not really dead, they were killed in pvp.
$session[user][alive]=true;
}
if (getsetting("logdnet",0)){
//register with LoGDnet
@file(getsetting("logdnetserver","http://lotgd.net/")."logdnet.php?addy=".URLEncode(getsetting("serverurl","http://".$_SERVER['SERVER_NAME'].dirname($_SERVER['REQUEST_URI'])))."&desc=".URLEncode(getsetting("serverdesc","Another LoGD Server"))."&version=".URLEncode($logd_version)."");
}
if ($location==0){
redirect("news.php");
}else if($location==1){
redirect("inn.php?op=strolldown");
}else if($location==2){
redirect("houses.php?op=newday");
}else{
saveuser();
header("Location: {$session['user']['restorepage']}");
exit();
}
}else{
$session['user'] = array();
$session[message]="`4Fehler: Der Server ist voll.`0";
redirect("index.php");
}
}
}else{
$session[message]="`4Fehler: Login-Daten waren ungültig.`0";
//now we'll log the failed attempt and begin to issue bans if there are too many, plus notify the admins.
$sql = "DELETE FROM faillog WHERE date<'".date("Y-m-d H:i:s",strtotime(date("r")."-".(getsetting("expirecontent",180)/4)." days"))."'";
checkban();
db_query($sql);
$sql = "SELECT acctid FROM accounts WHERE login='{$_POST['name']}'";
$result = db_query($sql);
if (db_num_rows($result)>0){ // just in case there manage to be multiple accounts on this name.
while ($row=db_fetch_assoc($result)){
$sql = "INSERT INTO faillog VALUES (0,now(),'".addslashes(serialize($_POST))."','{$_SERVER['REMOTE_ADDR']}','{$row['acctid']}','{$_COOKIE['lgi']}')";
db_query($sql);
$sql = "SELECT faillog.*,accounts.superuser,name,login FROM faillog INNER JOIN accounts ON accounts.acctid=faillog.acctid WHERE ip='{$_SERVER['REMOTE_ADDR']}' AND date>'".date("Y-m-d H:i:s",strtotime(date("r")."-1 day"))."'";
$result2 = db_query($sql);
$c=0;
$alert="";
$su=false;
while ($row2=db_fetch_assoc($result2)){
if ($row2['superuser']>0) {$c+=1; $su=true;}
$c+=1;
$alert.="`3{$row2['date']}`7: Failed attempt from `&{$row2['ip']}`7 [`3{$row2['id']}`7] to log on to `^{$row2['login']}`7 ({$row2['name']}`7)`n";
}
if ($c>=10){ // 5 failed attempts for superuser, 10 for regular user
$sql = "INSERT INTO bans VALUES ('{$_SERVER['REMOTE_ADDR']}','','".date("Y-m-d H:i:s",strtotime(date("r")."+".($c*3)." hours"))."','Automatischer Systembann: Zu viele fehlgeschlagene Loginversuche.')";
db_query($sql);
if ($su){ // send a system message to admins regarding this failed attempt if it includes superusers.
$sql = "SELECT acctid FROM accounts WHERE superuser>=3";
$result2 = db_query($sql);
$subj = "`#{$_SERVER['REMOTE_ADDR']} failed to log in too many times!";
for ($i=0;$i<db_num_rows($result2);$i++){
$row2 = db_fetch_assoc($result2);
//delete old messages that
$sql = "DELETE FROM mail WHERE msgto={$row2['acctid']} AND msgfrom=0 AND subject = '$subj' AND seen=0";
db_query($sql);
if (db_affected_rows()>0) $noemail = true; else $noemail = false;
systemmail($row2['acctid'],"$subj","This message is generated as a result of one or more of the accounts having been a superuser account. Log Follows:`n`n$alert",0,$noemail);
}//end for
}//end if($su)
}//end if($c>=10)
}//end while
}else{
}//end if (db_num_rows)
redirect("index.php");
}
}
}
}else if ($HTTP_GET_VARS[op]=="logout"){
if ($session[user][loggedin]){
debuglog("logged out ");
$sql = "UPDATE accounts SET loggedin=0 WHERE acctid = ".$session[user][acctid];
db_query($sql) or die(sql_error($sql));
}
$session=array();
redirect("index.php");
}
// If you enter an empty username, don't just say oops.. do something useful.
$session=array();
$session[message]="`4Fehler: Die Login-Daten waren fehlerhaft.`0";
redirect("index.php");
?>
require_once "common.php";
if ($HTTP_POST_VARS[name]!=""){
if ($session[loggedin]){
redirect("badnav.php");
}else{
if(0){
}else{
$result = db_fetch_assoc(db_query("SELECT COUNT(acctid) AS onlinecount FROM accounts WHERE locked=0 AND loggedin=1 AND laston>'".date("Y-m-d H:i:s",strtotime(date("r")."-".getsetting("LOGINTIMEOUT",900)." seconds"))."'"));
$onlinecount = $result['onlinecount'];
$sql = "SELECT * FROM accounts WHERE login = '$HTTP_POST_VARS[name]' AND password=MD5('$HTTP_POST_VARS[password]') AND locked=0";
$result = db_query($sql);
if (db_num_rows($result)==1){
$session[user]=db_fetch_assoc($result);
//echo "Ooga Booga";
//flush();
//exit();
checkban($session[user][login]); //check if this account is banned
checkban(); //check if this computer is banned
/*if (strpos($_SERVER['SERVER_NAME'],"logd.mightye.org")!==false && $session['user']['superuser']<1){
if (date("H")<2 || date("H")>17){
$session[message]="`\$The dev server shuts down in the
evening now so that I may partake of my home
bandwidth. This server is only available from
2am to 5pm from now on.";
//echo $session[message];
header("Location: index.php");
exit();
//redirect("index.php");
}
}*/
if ($session[user][emailvalidation]!="" && substr($session['user']['emailvalidation'],0,1)!="x"){
$session[user]=array();
$session[message]="`4Fehler: Du musst deine E-Mail Adresse bestätigen lassen, bevor du dich einloggen kannst.";
echo $session[message];
//header("Location: index.php");
exit();
}else{
if ($onlinecount<getsetting("maxonline",10) || getsetting("maxonline",10)==0 || $session[user][superuser]>0){
//loaduser($session['user']);
$session[loggedin]=true;
$session[output]=$session[user][output];
$session['petitions'] = array();
$session[laston]=date("Y-m-d H:i:s");
$session[sentnotice]=0;
$session[user][dragonpoints]=unserialize($session[user][dragonpoints]);
$session[user][prefs]=unserialize($session[user][prefs]);
$session['bufflist']=unserialize($session['user']['bufflist']);
if (!is_array($session[user][dragonpoints])) $session[user][dragonpoints]=array();
if ($session[user][loggedin]){
$session[allowednavs]=unserialize($session[user][allowednavs]);
saveuser();
header("Location: {$session['user']['restorepage']}");
exit();
//redirect($session['user']['page']);//"badnav.php");
}
db_query("UPDATE accounts SET loggedin=".true.", location=0 WHERE acctid = ".$session[user][acctid]);
$session[user][loggedin]=true;
$location = $session[user][location];
$session[user][location]=0;
debuglog("logged in ");
if ($session[user][alive]==0 && $session[user][slainby]!=""){
//they're not really dead, they were killed in pvp.
$session[user][alive]=true;
}
if (getsetting("logdnet",0)){
//register with LoGDnet
@file(getsetting("logdnetserver","http://lotgd.net/")."logdnet.php?addy=".URLEncode(getsetting("serverurl","http://".$_SERVER['SERVER_NAME'].dirname($_SERVER['REQUEST_URI'])))."&desc=".URLEncode(getsetting("serverdesc","Another LoGD Server"))."&version=".URLEncode($logd_version)."");
}
if ($location==0){
redirect("news.php");
}else if($location==1){
redirect("inn.php?op=strolldown");
}else if($location==2){
redirect("houses.php?op=newday");
}else{
saveuser();
header("Location: {$session['user']['restorepage']}");
exit();
}
}else{
$session['user'] = array();
$session[message]="`4Fehler: Der Server ist voll.`0";
redirect("index.php");
}
}
}else{
$session[message]="`4Fehler: Login-Daten waren ungültig.`0";
//now we'll log the failed attempt and begin to issue bans if there are too many, plus notify the admins.
$sql = "DELETE FROM faillog WHERE date<'".date("Y-m-d H:i:s",strtotime(date("r")."-".(getsetting("expirecontent",180)/4)." days"))."'";
checkban();
db_query($sql);
$sql = "SELECT acctid FROM accounts WHERE login='{$_POST['name']}'";
$result = db_query($sql);
if (db_num_rows($result)>0){ // just in case there manage to be multiple accounts on this name.
while ($row=db_fetch_assoc($result)){
$sql = "INSERT INTO faillog VALUES (0,now(),'".addslashes(serialize($_POST))."','{$_SERVER['REMOTE_ADDR']}','{$row['acctid']}','{$_COOKIE['lgi']}')";
db_query($sql);
$sql = "SELECT faillog.*,accounts.superuser,name,login FROM faillog INNER JOIN accounts ON accounts.acctid=faillog.acctid WHERE ip='{$_SERVER['REMOTE_ADDR']}' AND date>'".date("Y-m-d H:i:s",strtotime(date("r")."-1 day"))."'";
$result2 = db_query($sql);
$c=0;
$alert="";
$su=false;
while ($row2=db_fetch_assoc($result2)){
if ($row2['superuser']>0) {$c+=1; $su=true;}
$c+=1;
$alert.="`3{$row2['date']}`7: Failed attempt from `&{$row2['ip']}`7 [`3{$row2['id']}`7] to log on to `^{$row2['login']}`7 ({$row2['name']}`7)`n";
}
if ($c>=10){ // 5 failed attempts for superuser, 10 for regular user
$sql = "INSERT INTO bans VALUES ('{$_SERVER['REMOTE_ADDR']}','','".date("Y-m-d H:i:s",strtotime(date("r")."+".($c*3)." hours"))."','Automatischer Systembann: Zu viele fehlgeschlagene Loginversuche.')";
db_query($sql);
if ($su){ // send a system message to admins regarding this failed attempt if it includes superusers.
$sql = "SELECT acctid FROM accounts WHERE superuser>=3";
$result2 = db_query($sql);
$subj = "`#{$_SERVER['REMOTE_ADDR']} failed to log in too many times!";
for ($i=0;$i<db_num_rows($result2);$i++){
$row2 = db_fetch_assoc($result2);
//delete old messages that
$sql = "DELETE FROM mail WHERE msgto={$row2['acctid']} AND msgfrom=0 AND subject = '$subj' AND seen=0";
db_query($sql);
if (db_affected_rows()>0) $noemail = true; else $noemail = false;
systemmail($row2['acctid'],"$subj","This message is generated as a result of one or more of the accounts having been a superuser account. Log Follows:`n`n$alert",0,$noemail);
}//end for
}//end if($su)
}//end if($c>=10)
}//end while
}else{
}//end if (db_num_rows)
redirect("index.php");
}
}
}
}else if ($HTTP_GET_VARS[op]=="logout"){
if ($session[user][loggedin]){
debuglog("logged out ");
$sql = "UPDATE accounts SET loggedin=0 WHERE acctid = ".$session[user][acctid];
db_query($sql) or die(sql_error($sql));
}
$session=array();
redirect("index.php");
}
// If you enter an empty username, don't just say oops.. do something useful.
$session=array();
$session[message]="`4Fehler: Die Login-Daten waren fehlerhaft.`0";
redirect("index.php");
?>
Schon vielen vielen Dank und ... rettet mich ;_;
Viele Grüße
Lyn
