cracker tracker
Posted: Fri Apr 14, 2006 5:38 pmcan somebody make this work with integramod?
- Code: Select all
################################################################ MOD Title]http://www.cback.de#[/url]# MOD Description: CrackerTracker Professional 2nd Edition is your Security ## Center for your phpBB. The MOD has enhanced ## features to block Worms before they can Exploit your ## forum or before they can make lots of traffic to your ## Server. Some Special Security features like ProxyBlocker ## and Flooding Protection are also included to this Security ## System from [url=http://www.cback.de]http://www.cback.de[/url]! We also add some nice ## Admin features against Spammers into your phpBB.## MOD Version: 4.1.1#### Installation Level: Intermediate## Installation Time: 24 Minutes## Files To Edit: 13## common.php## login.php## includes/constants.php## includes/functions.php## includes/functions_post.php## includes/page_tail.php## includes/usercp_activate.php## includes/usercp_register.php## includes/usercp_sendpasswd.php## includes/usercp_email.php## search.php## templates/subSilver/overall_footer.tpl## templates/subSilver/login_body.tpl################################################################ For Security Purposes, Please Check: [url=http://www.phpbb.com/mods/downloads/]http://www.phpbb.com/mods/downloads/[/url] for the## latest version of this MOD. Downloading this MOD from other sites could cause malicious code## to enter into your phpBB Forum. As such, phpBB will not offer support for MODs not offered## in our MOD-Database, located at: [url=http://www.phpbb.com/mods/downloads/#]http://www.phpbb.com/mods/downloads/#[/url]############################################################### Author Notes:#### Thanks to Michael Auchtor for Engish translation of the## CrackerTracker Language File!## ## If you like this Security Mod and you want to support the## CBACK Project, you can donate with PayPal on this page:## ## [url=http://www.cback.de/cback_de/donate.php#]http://www.cback.de/cback_de/donate.php#[/url]# ## just press the Button "Spenden" on this page. Would be nice.## ################################################################ MOD History:#### 2004-12-25 - Version 0.0.1## - Preview Version with just the Protector (Beta)## ## 2004-12-26 - Version 1.0.0## - First Release with extended Protector## ## 2004-12-27 - Version 1.0.1## - ACP Statistic Feature added## ## 2004-12-30 - Version 1.0.2## - New Logfile System with overflow Protection## ## 2005-01-03 - Version 1.0.3## - Little FIX for Register Globals Off## ## 2005-04-09 - Version 2.0.0## - New Release with complete new engine and## better Protection## - Name: CrackerTracker XTreme Edition## - Added: Calendar MOD Protection## - Added: Injection Detection Feature## - Optimized ACP view## - "Protected by" Picture## ## 2005-04-24 - Version 2.0.1## - Added: ACP Protection System## - Added: Enlarged Worm Protector## ## 2005-07-24 - Version 3.0.0## - New Release Called "CrackerTracker Professional"## - Automatic Engine Updater## - Attempt-Block-Counter in Footer## - Footer can be changed over ACP## - Max Log Entrys can be set in ACP## - Configuration System for your Logs## - New ACP Layout and more functions## - Better detection system## - Flood-Protectors## - Double Engine Protector## ## 2005-07-25 - Version 3.0.1## - Fixed Style Bug (Internet Explorer)## - Little Fix in common.php## ## 2005-07-25 - Version 3.1.0## - Fixed : Compatibility problems with some PHP Interpreters## - Changed: Search Protection now with better System## - Changed: Definition File## - Changed: Register Flood Protection Engine## - Added : highlight-String Filter## - Added : FID Protector## - Added : Update File Integrity Check## ## 2005-09-11 - Version 3.1.1## - Fixed : Search Flood Protection only on performed search## - Fixed : Problem with PHP Interpreter Globals off## - Fixed : Language File## ## 2005-10-06 - Version 3.1.2## - Removed: Auto Updater## ## 2005-10-31 - Version 3.1.3## - Change : Added a comment for phpBB 2.0.18 Users## ## 2005-11-30 - Version 4.0.0## - Completely new Release and completely recoded## - Name: "CrackerTracker Professional 2nd Edition"## - Many new Features added## - Anti Spammer System and Spamming Detector## - Fully Configurable over ACP## - Nice Admin Features added## - 3-Steps Security Scanner with CBACK PCSE## - Fast Proxy- and IP Blocker## - Improved Style System## - Performant Counter## - and many, many more#### 2005-12-15 - Version 4.0.1## - Improved Footer Compatibility with PHP 4.x## ## 2005-12-26 - Version 4.0.2## - Improvements to the Definition File#### 2006-01-03 - Version 4.1.0## - Protection from Mass Mail Sending## - Protection from Mass Password Reset Mail Sending## - Protects Login from BruteForce attacks## - Removed "Thumbs.db" from Package ;)## - Reduced Image Size for ACP#### 2006-01-16 - Version 4.1.1## - Making BruteForce Protector more comfortable################################################################## Before Adding This MOD To Your Forum, You Should Back Up All Files Related To This MOD################################################################-----[ OPEN ]------------------------------------------#common.php ##-----[ FIND ]------------------------------------------#error_reporting (E_ERROR | E_WARNING | E_PARSE); // This will NOT report uninitialized variablesset_magic_quotes_runtime(0); // Disable magic_quotes_runtime ##-----[ AFTER, ADD ]------------------------------------------#//// CBACK.de CrackerTracker// Worm&Exploit Protection Engine//include($phpbb_root_path . "ctracker/ct_security." . $phpEx); ##-----[ FIND ]------------------------------------------#$client_ip = ( !empty($HTTP_SERVER_VARS['REMOTE_ADDR']) ) ? $HTTP_SERVER_VARS['REMOTE_ADDR'] : ( ( !empty($HTTP_ENV_VARS['REMOTE_ADDR']) ) ? $HTTP_ENV_VARS['REMOTE_ADDR'] : getenv('REMOTE_ADDR') );$user_ip = encode_ip($client_ip); ##-----[ AFTER, ADD ]------------------------------------------#//// CBACK.de CrackerTracker// Proxy&IP Blocker and Function File//include($phpbb_root_path . 'ctracker/ct_ipblocker.'.$phpEx);include($phpbb_root_path . 'ctracker/ct_functions.'.$phpEx); ##-----[ OPEN ]------------------------------------------#includes/functions.php ##-----[ FIND ]------------------------------------------#include($phpbb_root_path . 'language/lang_' . $board_config['default_lang'] . '/lang_main.' . $phpEx); ##-----[ AFTER, ADD ]------------------------------------------#include($phpbb_root_path . 'language/lang_' . $board_config['default_lang'] . '/lang_ctracker.' . $phpEx); ##-----[ OPEN ]------------------------------------------#includes/page_tail.php ##-----[ FIND ]------------------------------------------#//// Show the overall footer.// ##-----[ BEFORE, ADD ]------------------------------------------#//// CBACK.de CrackerTracker// Footer Parser and Counter//include($phpbb_root_path . 'ctracker/ct_footer.'.$phpEx); ##-----[ OPEN ]------------------------------------------#includes/constants.php ##-----[ FIND ]------------------------------------------#// Table names ##-----[ BEFORE, ADD ]------------------------------------------#// CBACK CrackerTracker Professionaldefine('CTRACK', $table_prefix.'ctrack');define('CTFILTER', $table_prefix.'ct_filter');define('CTVISKEY', $table_prefix.'ct_viskey'); ##-----[ OPEN ]------------------------------------------#templates/subSilver/overall_footer.tpl ##-----[ FIND ]------------------------------------------#Powered by <a>phpBB</a> © 2001, 2005 phpBB Group<br>{TRANSLATION_INFO}</span></div> ##-----[ AFTER, ADD ]------------------------------------------#<BEGIN><div><span><br>{cback_cracker_tracker.CTRACKER_FOOTER}<br></span></div><END> ##-----[ OPEN ]------------------------------------------#search.php ##-----[ FIND ]------------------------------------------#//// End session management// ##-----[ AFTER, ADD ]------------------------------------------# //// CBACK CrackerTracker Search Flood Protection//if(($userdata['ct_searchtime'] > time()) and (!empty($HTTP_GET_VARS['search_id']) || isset($HTTP_POST_VARS['search_id']) || isset($HTTP_GET_VARS['search_keywords']) || isset($HTTP_POST_VARS['show_results']))){ $waittime = 0; $waittime = $userdata['ct_searchtime'] - time(); $waitmsg = ''; $waitmsg = sprintf($lang['ct_forum_sfl'], $ctracker_config['searchtime'], $waittime); if($userdata['username'] == 'Anonymous') { message_die(GENERAL_MESSAGE, $waitmsg); } else { $nusu = 0; $nusu = $userdata['ct_searchcount']; $sql = "UPDATE " . USERS_TABLE . " SET ct_searchcount = " . ($nusu + 1) . " WHERE username = '" . $userdata['username'] . "'"; $db->sql_query($sql); if($userdata['ct_searchcount'] >= $ctracker_config['maxsearch'] && $userdata['ct_searchtime'] > time()) { if($userdata['ct_searchcount'] == $ctracker_config['maxsearch']) { $stime = time() + $ctracker_config['searchtime']; $sql = "UPDATE " . USERS_TABLE . " SET ct_searchtime = " . $stime . " WHERE username = '" . $userdata['username'] . "'"; $db->sql_query($sql); } message_die(GENERAL_MESSAGE, $waitmsg); } }} if(isset($HTTP_POST_VARS['mode']) || isset($HTTP_GET_VARS['mode']) || !empty($HTTP_GET_VARS['search_id']) || isset($HTTP_POST_VARS['search_id']) || isset($HTTP_GET_VARS['search_keywords']) || isset($HTTP_POST_VARS['show_results'])){ if($userdata['ct_searchtime'] <time>sql_query($sql); if($userdata['username'] != 'Anonymous') { $sql = "UPDATE " . USERS_TABLE . " SET ct_searchcount = 1 WHERE username = '" . $userdata['username'] . "'"; $db->sql_query($sql); } }} ##-----[ FIND ]------------------------------------------# $forum_url = append_sid("viewforum.$phpEx?" . POST_FORUM_URL . '=' . $searchset[$i]['forum_id']); $topic_url = append_sid("viewtopic.$phpEx?" . POST_TOPIC_URL . '=' . $searchset[$i]['topic_id'] . "&highlight=$highlight_active"); $post_url = append_sid("viewtopic.$phpEx?" . POST_POST_URL . '=' . $searchset[$i]['post_id'] . "&highlight=$highlight_active") . '#' . $searchset[$i]['post_id']; ##-----[ BEFORE, ADD ]------------------------------------------# $sucheck = strtolower($highlight_active); $sucheck = str_replace($ct_rules, '*', $sucheck); if($sucheck != $highlight_active) { $highlight_active = ''; } ##-----[ OPEN ]------------------------------------------#includes/usercp_register.php ##-----[ FIND ]------------------------------------------#// ---------------------------------------// Load agreement template since user has not yet// agreed to registration conditions/coppa// ##-----[ AFTER, ADD ]------------------------------------------# //// CBACK CrackerTracker Register Flood Protection// if($ctracker_config['regblock'] == 1 && $HTTP_GET_VARS['mode'] == 'register') { if($ctracker_config['lastreg'] >= time()) { $lregtimestamp = $ctracker_config['lastreg']; $waittime = 0; $waittime = $lregtimestamp - time(); $waitmsg = ''; $waitmsg = sprintf($lang['ct_forum_rfl'], $waittime); message_die(GENERAL_MESSAGE, $waitmsg); } if(!empty($HTTP_SERVER_VARS['REMOTE_ADDR']) && $ctracker_config['lastreg_ip'] == $HTTP_SERVER_VARS['REMOTE_ADDR']) { // If the same IP wants to register we block this for 400 Seconds if($ctracker_config['lastreg'] + 400 >= time()) { message_die(GENERAL_MESSAGE, $lang['ct_forum_ifl']); } } } ##-----[ FIND ]------------------------------------------# // // Get current date // $sql = "INSERT INTO " . USERS_TABLE . " (user_id, username, user_regdate, user_password, user_email, user_icq, user_website, user_occ, user_from, user_interests, user_sig, user_sig_bbcode_uid, user_avatar, user_avatar_type, user_viewemail, user_aim, user_yim, user_msnm, user_attachsig, user_allowsmile, user_allowhtml, user_allowbbcode, user_allow_viewonline, user_notify, user_notify_pm, user_popup_pm, user_timezone, user_dateformat, user_lang, user_style, user_level, user_allow_pm, user_active, user_actkey) VALUES ($user_id, '" . str_replace("'", "''", $username) . "', " . time() . ", '" . str_replace("'", "''", $new_password) . "', '" . str_replace("'", "''", $email) . "', '" . str_replace("'", "''", $icq) . "', '" . str_replace("'", "''", $website) . "', '" . str_replace("'", "''", $occupation) . "', '" . str_replace("'", "''", $location) . "', '" . str_replace("'", "''", $interests) . "', '" . str_replace("'", "''", $signature) . "', '$signature_bbcode_uid', $avatar_sql, $viewemail, '" . str_replace("'", "''", str_replace(' ', '+', $aim)) . "', '" . str_replace("'", "''", $yim) . "', '" . str_replace("'", "''", $msn) . "', $attachsig, $allowsmilies, $allowhtml, $allowbbcode, $allowviewonline, $notifyreply, $notifypm, $popup_pm, $user_timezone, '" . str_replace("'", "''", $user_dateformat) . "', '" . str_replace("'", "''", $user_lang) . "', $user_style, 0, 1, "; ##-----[ BEFORE, ADD ]------------------------------------------# // CBACK CrackerTracker Register Flood Protection $stime = time() + $ctracker_config['regtime']; $sql = "UPDATE " . CTRACK . " SET value = " . $stime . " WHERE name = 'lastreg'"; $db->sql_query($sql); if(!empty($HTTP_SERVER_VARS['REMOTE_ADDR'])) { $sql = "UPDATE " . CTRACK . " SET value = '" . $HTTP_SERVER_VARS['REMOTE_ADDR'] . "' WHERE name = 'lastreg_ip'"; $db->sql_query($sql); } // END CBACK CrackerTracker Register Flood Protection ##-----[ OPEN ]------------------------------------------#includes/functions_post.php ##-----[ FIND ]------------------------------------------## Particial search, the original line is longer!# function submit_post($mode...{ global $userdata, $user_ip; ##-----[ AFTER, ADD ]------------------------------------------# global $ctracker_config; ##-----[ FIND ]------------------------------------------# $meta = '<meta>'; $message = $lang['Stored'] . '<br><br>' . sprintf($lang['Click_view_message'], '<a>', '</a>') . '<br><br>' . sprintf($lang['Click_return_forum'], '<a>', '</a>'); ##-----[ BEFORE, ADD ]------------------------------------------# // // CBACK CrackerTracker Spammer Protection Engine // $ctinfomeldung = ''; if(($mode == 'newtopic' || $mode == 'reply') and ($ctracker_config['floodprot'] == 1)) { if($userdata['user_level'] == 0 && $userdata['username'] != 'Anonymous') { if($userdata['ct_posttime'] >= time()) { if($userdata['ct_postcount'] > $ctracker_config['postintime']) { if($ctracker_config['autoban'] == 1) { ct_filllog(); $sql = "INSERT INTO " . BANLIST_TABLE . "( `ban_id` , `ban_userid` , `ban_ip` , `ban_email` ) VALUES ('', '" . $userdata['user_id'] . "', '', NULL);"; $db->sql_query($sql); if( $userdata['session_logged_in'] ) { session_end($userdata['session_id'], $userdata['user_id']); } } else { ct_filllog(); $sql = "UPDATE " . USERS_TABLE . " SET user_active = 0 WHERE username = '" . $userdata['username'] . "'"; $db->sql_query($sql); if( $userdata['session_logged_in'] ) { session_end($userdata['session_id'], $userdata['user_id']); } } message_die(GENERAL_MESSAGE, $lang['ct_forum_blo']); } else if($userdata['ct_postcount'] == $ctracker_config['postintime']) { $ctinfomeldung = sprintf($lang['ct_forum_wa'] . '<br><br>', $ctracker_config['posttimespan']); } else { $ctinfomeldung = ''; } $nupo = 0; $nupo = $userdata['ct_postcount']; $sql = "UPDATE " . USERS_TABLE . " SET ct_postcount = " . ($nupo + 1) . " WHERE username = '" . $userdata['username'] . "'"; $db->sql_query($sql); } else { $stime = time() + $ctracker_config['posttimespan']; $sql = "UPDATE " . USERS_TABLE . " SET ct_posttime = " . $stime . " WHERE username = '" . $userdata['username'] . "'"; $db->sql_query($sql); $sql = "UPDATE " . USERS_TABLE . " SET ct_postcount = 2 WHERE username = '" . $userdata['username'] . "'"; $db->sql_query($sql); } } } ##-----[ FIND ]------------------------------------------# $message = $lang['Stored'] . '<br><br>' . sprintf($lang['Click_view_message'], '<a>', '</a>') . '<br><br>' . sprintf($lang['Click_return_forum'], '<a>', '</a>'); ##-----[ IN-LINE FIND ]------------------------------------------#$lang['Stored'] . '<br><br>' . sprintf($lang['Click_view_message'], '<a>', '</a>') . '<br><br>' . sprintf($lang['Click_return_forum'], '<a>', '</a>'); ##-----[ IN-LINE BEFORE, ADD ]------------------------------------------#$ctinfomeldung . ##-----[ DIY INSTRUCTIONS ]------------------------------------------# Please Upload ALL included files to the correct position of your Board! ##-----[ DIY INSTRUCTIONS ]------------------------------------------# Set now CHMOD777 to the following Files: - ctracker/logs/counter.txt - ctracker/logs/logfile_flood.txt - ctracker/logs/logfile_proxy.txt - ctracker/logs/logfile_worms.txt ##-----[ DIY INSTRUCTIONS ]------------------------------------------# Upload the file install.php to your Webspace and execute it by entering the URL into your browser. After that please delete this file again from your Webspace! ##-----[ OPEN ]------------------------------------------# includes/usercp_email.php ##-----[ FIND ]------------------------------------------# if ( time() - $userdata['user_emailtime'] <board_config>= time() && $ctracker_config['mailfeature'] == 1 ) { message_die(GENERAL_MESSAGE, $lang['ct_forum_emb']); } ##-----[ FIND ]------------------------------------------# $sql = "UPDATE " . USERS_TABLE . " SET user_emailtime = " . time() . " WHERE user_id = " . $userdata['user_id']; ##-----[ BEFORE, ADD ]------------------------------------------# $mtimetemp = time() + 240; $sql = "UPDATE " . USERS_TABLE . " SET ct_mailcount = " . $mtimetemp . " WHERE user_id = " . $userdata['user_id']; $db->sql_query($sql); ##-----[ OPEN ]------------------------------------------# includes/usercp_sendpasswd.php ##-----[ FIND ]------------------------------------------# $username = ( !empty($HTTP_POST_VARS['username']) ) ? phpbb_clean_username($HTTP_POST_VARS['username']) : ''; $email = ( !empty($HTTP_POST_VARS['email']) ) ? trim(strip_tags(htmlspecialchars($HTTP_POST_VARS['email']))) : ''; $sql = "SELECT user_id, username, user_email, user_active, user_lang ##-----[ IN LINE FIND ]------------------------------------------#user_active, user_lang ##-----[ IN LINE AFTER, ADD ]------------------------------------------#, ct_pwreset, ct_unsucclogin ##-----[ FIND ]------------------------------------------# $username = $row['username']; $user_id = $row['user_id']; ##-----[ AFTER, ADD ]------------------------------------------# if ( $ctracker_config['pwreset'] == 1 ) { if ( $row['ct_pwreset'] == 1 && $row['ct_unsucclogin'] >= time()) { message_die(GENERAL_MESSAGE, $lang['ct_forum_pws']); } } ##-----[ FIND ]------------------------------------------# $sql = "UPDATE " . USERS_TABLE . " SET user_newpasswd = '" . md5($user_password) . "', user_actkey = '$user_actkey' WHERE user_id = " . $row['user_id']; if ( !$db->sql_query($sql) ) { message_die(GENERAL_ERROR, 'Could not update new password information', '', __LINE__, __FILE__, $sql); } ##-----[ BEFORE, ADD ]------------------------------------------# $loginsyst = time() + 14400; $sql = "UPDATE " . USERS_TABLE . " SET ct_pwreset = '1', ct_unsucclogin = '" . $loginsyst . "' WHERE user_id = " . $row['user_id']; if ( !$db->sql_query($sql) ) { message_die(GENERAL_ERROR, 'Could not update new password information', '', __LINE__, __FILE__, $sql); } ##-----[ OPEN ]------------------------------------------# includes/usercp_activate.php ##-----[ FIND ]------------------------------------------# $sql = "UPDATE " . USERS_TABLE . " SET user_active = 1, user_actkey = ''" . $sql_update_pass . " WHERE user_id = " . $row['user_id']; if ( !($result = $db->sql_query($sql)) ) { message_die(GENERAL_ERROR, 'Could not update users table', '', __LINE__, __FILE__, $sql_update); } ##-----[ AFTER, ADD ]------------------------------------------# $sql = "UPDATE " . USERS_TABLE . " SET ct_pwreset = '0', ct_unsucclogin = '0' WHERE user_id = " . $row['user_id']; if ( !$db->sql_query($sql) ) { message_die(GENERAL_ERROR, 'Could not update users table', '', __LINE__, __FILE__, $sql); } ##-----[ OPEN ]------------------------------------------# login.php ##-----[ FIND ]------------------------------------------#if (!empty($HTTP_POST_VARS['sid']) || !empty($HTTP_GET_VARS['sid'])){ $sid = (!empty($HTTP_POST_VARS['sid'])) ? $HTTP_POST_VARS['sid'] : $HTTP_GET_VARS['sid'];}else{ $sid = '';} ##-----[ AFTER, ADD ]------------------------------------------# // // CBACK CrackerTracker Visual Login Confirmation // visual confirmation code Generator taken from phpBB (c) phpBB Group // if ( isset($HTTP_GET_VARS['mode']) || isset($HTTP_POST_VARS['mode']) ) { $mode = ( isset($HTTP_GET_VARS['mode']) ) ? $HTTP_GET_VARS['mode'] : $HTTP_POST_VARS['mode']; $mode = htmlspecialchars($mode); if ( $mode == 'confirm' ) { if ( $userdata['session_logged_in'] ) { exit; } include($phpbb_root_path . 'ctracker/ct_confirm.'.$phpEx); exit; } } // // Now we check if the User is trying to Log in if he already has used one attempt or not // if not we disable the Visual Confirmation Code and with this we allow a normal login without any Confirmation // if the User tried to log in once we just continue with the normal Script and then we show the Visible Code every time the user // tries to log in before checking Password or anything. // Well OK its more DB gaming but many users want comfort AND security so let's do it ;-) // if(!empty($HTTP_POST_VARS['username']) && $ctracker_config['loginfeature'] == 1) { $secure_username = ''; $secure_username = isset($HTTP_POST_VARS['username']) ? phpbb_clean_username($HTTP_POST_VARS['username']) : ''; $sql = "SELECT ct_logintry FROM " . USERS_TABLE . " WHERE username = '" . str_replace("\'", "''", $secure_username) . "'"; if ( !($result = $db->sql_query($sql)) ) { message_die(GENERAL_ERROR, 'Error in obtaining userdata', '', __LINE__, __FILE__, $sql); } if( $row = $db->sql_fetchrow($result) ) { if($row['ct_logintry'] == 0) { $ctracker_config['loginfeature'] = 0; } } } else { $ctracker_config['loginfeature'] = 0; } if ( $ctracker_config['loginfeature'] == 1 && !$userdata['session_logged_in'] && !empty($HTTP_POST_VARS['confirm_id']) && !empty($HTTP_POST_VARS['confirm_code'])) { $confirm_id = htmlspecialchars($HTTP_POST_VARS['confirm_id']); if (!preg_match('/^[A-Za-z0-9]+$/', $confirm_id)) { $confirm_id = ''; } $sql = 'SELECT code FROM ' . CTVISKEY . " WHERE confirm_id = '$confirm_id' AND session_id = '" . $userdata['session_id'] . "'"; if (!($result = $db->sql_query($sql))) { message_die(GENERAL_ERROR, 'Could not obtain confirmation code', __LINE__, __FILE__, $sql); } if ($row = $db->sql_fetchrow($result)) { if ($row['code'] != $HTTP_POST_VARS['confirm_code']) { message_die(GENERAL_MESSAGE, $lang['ct_forum_sl1']); } else { $sql = 'DELETE FROM ' . CTVISKEY . " WHERE confirm_id = '$confirm_id' AND session_id = '" . $userdata['session_id'] . "'"; if (!$db->sql_query($sql)) { message_die(GENERAL_ERROR, 'Could not delete confirmation code', __LINE__, __FILE__, $sql); } } } else { message_die(GENERAL_MESSAGE, $lang['ct_forum_sl1']); } $db->sql_freeresult($result); } $vcheck_need = FALSE; $vcheck_login = TRUE; if($ctracker_config['loginfeature'] == 1 ) { $vcheck_need = TRUE; $vcheck_login = FALSE; } if (($vcheck_need = FALSE || $userdata['session_logged_in']) or (isset($HTTP_GET_VARS['logout']) || !empty($HTTP_POST_VARS['confirm_id']) && !empty($HTTP_POST_VARS['confirm_code']))) { $vcheck_login = TRUE; }##-----[ FIND ]------------------------------------------#if( isset($HTTP_POST_VARS['login']) || isset($HTTP_GET_VARS['login']) || isset($HTTP_POST_VARS['logout']) || isset($HTTP_GET_VARS['logout']) ) ##-----[ IN LINE FIND ]------------------------------------------#( isset($HTTP_POST_VARS['login']) ##-----[ IN LINE BEFORE, ADD ]------------------------------------------#(( $vcheck_login == TRUE ) and ##-----[ IN LINE FIND ]------------------------------------------# isset($HTTP_GET_VARS['logout']) ) ##-----[ IN LINE AFTER, ADD ]------------------------------------------#) ##-----[ FIND ]------------------------------------------# $autologin = ( isset($HTTP_POST_VARS['autologin']) ) ? TRUE : 0; $admin = (isset($HTTP_POST_VARS['admin'])) ? 1 : 0; $session_id = session_begin($row['user_id'], $user_ip, PAGE_INDEX, FALSE, $autologin, $admin); ##-----[ AFTER, ADD ]------------------------------------------# $db->sql_query('UPDATE ' . USERS_TABLE . ' SET ct_logintry = 0 WHERE user_id = ' . $row['user_id']); ##-----[ FIND ]------------------------------------------# $redirect = ( !empty($HTTP_POST_VARS['redirect']) ) ? str_replace('&', '&', htmlspecialchars($HTTP_POST_VARS['redirect'])) : ''; $redirect = str_replace('?', '&', $redirect); if (strstr(urldecode($redirect), "n") || strstr(urldecode($redirect), "r")) { message_die(GENERAL_ERROR, 'Tried to redirect to potentially insecure url.'); } ##-----[ BEFORE, ADD ]------------------------------------------# if ($row['user_id'] != ANONYMOUS) { $sql = 'UPDATE ' . USERS_TABLE . ' SET ct_logintry = 1 WHERE user_id = ' . $row['user_id']; $db->sql_query($sql); } ##-----[ FIND ]------------------------------------------# $page_title = $lang['Login']; include($phpbb_root_path . 'includes/page_header.'.$phpEx); $template->set_filenames(array( 'body' => 'login_body.tpl') ); $forward_page = ''; ##-----[ AFTER, ADD ]------------------------------------------# // // CBACK CrackerTracker Login Confirmation // Confirmation Generator Taken from phpBB (C) phpBB Group // $confirm_image = ''; if( $ctracker_config['loginfeature'] == 1 && !$userdata['session_logged_in']) { $sql = 'SELECT session_id FROM ' . SESSIONS_TABLE; if (!($result = $db->sql_query($sql))) { message_die(GENERAL_ERROR, 'Could not select session data', '', __LINE__, __FILE__, $sql); } if ($row = $db->sql_fetchrow($result)) { $confirm_sql = ''; do { $confirm_sql .= (($confirm_sql != '') ? ', ' : '') . "'" . $row['session_id'] . "'"; } while ($row = $db->sql_fetchrow($result)); $sql = 'DELETE FROM ' . CTVISKEY . " WHERE session_id NOT IN ($confirm_sql)"; if (!$db->sql_query($sql)) { message_die(GENERAL_ERROR, 'Could not delete stale confirm data', '', __LINE__, __FILE__, $sql); } } $db->sql_freeresult($result); $confirm_chars = array('A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'I', 'J', 'K', 'L', 'M', 'N', 'O', 'P', 'Q', 'R', 'S', 'T', 'U', 'V', 'W', 'X', 'Y', 'Z', '1', '2', '3', '4', '5', '6', '7', '8', '9'); list($usec, $sec) = explode(' ', microtime()); mt_srand($sec * $usec); $max_chars = count($confirm_chars) - 1; $code = ''; for ($i = 0; $i <6>sql_query($sql)) { message_die(GENERAL_ERROR, 'Could not insert new confirm code information', '', __LINE__, __FILE__, $sql); } unset($code); $confirm_image = (@extension_loaded('zlib')) ? '<img>' : '<img><img><img><img><img><img>'; $hidden_form_fields .= '<input>'; $template->assign_block_vars('switch_confirm', array()); } ##-----[ FIND ]------------------------------------------# 'L_SEND_PASSWORD' => $lang['Forgotten_password'], ##-----[ AFTER, ADD ]------------------------------------------# 'CONFIRM_IMG' => $confirm_image, 'L_CONFIRM_CODE' => $lang['ct_forum_slo'], ##-----[ FIND ]------------------------------------------# 'S_HIDDEN_FIELDS' => $s_hidden_fields ) ##-----[ REPLACE WITH ]------------------------------------------# 'S_HIDDEN_FIELDS' => $s_hidden_fields . $hidden_form_fields) ##-----[ OPEN ]------------------------------------------# templates/subSilver/login_body.tpl ##-----[ FIND ]------------------------------------------# <tr> <td>{S_HIDDEN_FIELDS}<input></td> </tr> ##-----[ BEFORE, ADD ]------------------------------------------# <BEGIN> <tr> <td> <br><br><span>{L_CONFIRM_CODE}</span> <span> </span><br><br>{CONFIRM_IMG}<br><br></td> </tr> <tr> <td> <input> <br><br> </td> </tr> <END> ##-----[ SAVE/CLOSE ALL FILES ]------------------------------------------## EoM
