Bug fixes
This commit is contained in:
parent
e42c900c17
commit
6dc2c697c5
@ -18,10 +18,8 @@
|
||||
|
||||
if( $_SERVER['REQUEST_METHOD'] == 'POST' )
|
||||
{
|
||||
$username = Sanitize::html($_POST['username']);
|
||||
$password = Sanitize::html($_POST['password']);
|
||||
|
||||
if( $Login->verifyUser($username, $password) )
|
||||
// Verify User sanitize the input
|
||||
if( $Login->verifyUser($_POST['username'], $_POST['password']) )
|
||||
{
|
||||
Redirect::page('admin', 'dashboard');
|
||||
}
|
||||
|
@ -24,8 +24,8 @@ define('BLUDIT', true);
|
||||
define('DS', DIRECTORY_SEPARATOR);
|
||||
|
||||
// PHP paths
|
||||
define('PATH_ROOT', __DIR__.DS);
|
||||
define('PATH_BOOT', PATH_ROOT.'kernel'.DS.'boot'.DS);
|
||||
define('PATH_ROOT', __DIR__.DS);
|
||||
define('PATH_BOOT', PATH_ROOT.'kernel'.DS.'boot'.DS);
|
||||
|
||||
// Init
|
||||
require(PATH_BOOT.'init.php');
|
||||
|
@ -52,6 +52,9 @@ else
|
||||
$layout['template'] = 'login.php';
|
||||
}
|
||||
|
||||
// Plugins before admin area loaded
|
||||
Theme::plugins('beforeAdminLoad');
|
||||
|
||||
// Admin theme init.php
|
||||
if( Sanitize::pathFile(PATH_ADMIN_THEMES, $Site->adminTheme().DS.'init.php') )
|
||||
include(PATH_ADMIN_THEMES.$Site->adminTheme().DS.'init.php');
|
||||
@ -63,4 +66,7 @@ else
|
||||
// Load view and theme
|
||||
if( Sanitize::pathFile(PATH_ADMIN_THEMES, $Site->adminTheme().DS.$layout['template']) )
|
||||
include(PATH_ADMIN_THEMES.$Site->adminTheme().DS.$layout['template']);
|
||||
|
||||
// Plugins after admin area loaded
|
||||
Theme::plugins('afterAdminLoad');
|
||||
}
|
||||
|
@ -21,6 +21,8 @@ $plugins = array(
|
||||
'adminBodyBegin'=>array(),
|
||||
'adminBodyEnd'=>array(),
|
||||
'adminSidebar'=>array(),
|
||||
'beforeAdminLoad'=>array(),
|
||||
'afterAdminLoad'=>array(),
|
||||
|
||||
'loginHead'=>array(),
|
||||
'loginBodyBegin'=>array(),
|
||||
|
@ -23,8 +23,8 @@ class Login {
|
||||
{
|
||||
Session::set('username', $username);
|
||||
Session::set('role', $role);
|
||||
Session::set('fingerPrint', $this->fingerPrint());
|
||||
Session::set('sessionTime', time());
|
||||
Session::set('fingerPrint', $this->fingerPrint());
|
||||
Session::set('sessionTime', time());
|
||||
|
||||
Log::set(__METHOD__.LOG_SEP.'Set fingerPrint: '.$this->fingerPrint());
|
||||
}
|
||||
@ -52,6 +52,9 @@ class Login {
|
||||
|
||||
public function verifyUser($username, $password)
|
||||
{
|
||||
$username = Sanitize::html($username);
|
||||
$password = Sanitize::html($password);
|
||||
|
||||
$username = trim($username);
|
||||
$password = trim($password);
|
||||
|
||||
|
43
kernel/security.class.php
Normal file
43
kernel/security.class.php
Normal file
@ -0,0 +1,43 @@
|
||||
<?php defined('BLUDIT') or die('Bludit CMS.');
|
||||
|
||||
class Security extends dbJSON
|
||||
{
|
||||
private $dbFields = array(
|
||||
'minutesBlocked'=>5,
|
||||
'numberFailures'=>10
|
||||
);
|
||||
|
||||
function __construct()
|
||||
{
|
||||
parent::__construct(PATH_DATABASES.'security.php');
|
||||
}
|
||||
|
||||
|
||||
|
||||
public function addLoginFail()
|
||||
{
|
||||
$ip = $this->getUserIp();
|
||||
|
||||
// Save the database
|
||||
$this->db[$ip] = (int)$this->db[$ip] + 1;
|
||||
if( $this->save() === false ) {
|
||||
Log::set(__METHOD__.LOG_SEP.'Error occurred when trying to save the database file.');
|
||||
return false;
|
||||
}
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
public function getUserIp()
|
||||
{
|
||||
// User IP
|
||||
if(getenv('HTTP_X_FORWARDED_FOR'))
|
||||
$ip = getenv('HTTP_X_FORWARDED_FOR');
|
||||
elseif(getenv('HTTP_CLIENT_IP'))
|
||||
$ip = getenv('HTTP_CLIENT_IP');
|
||||
else
|
||||
$ip = getenv('REMOTE_ADDR');
|
||||
|
||||
return $ip;
|
||||
}
|
||||
}
|
Binary file not shown.
Before Width: | Height: | Size: 27 KiB |
Loading…
Reference in New Issue
Block a user