diff --git a/admin/controllers/login.php b/admin/controllers/login.php index eb6d5cfc..60227b2e 100644 --- a/admin/controllers/login.php +++ b/admin/controllers/login.php @@ -18,10 +18,8 @@ if( $_SERVER['REQUEST_METHOD'] == 'POST' ) { - $username = Sanitize::html($_POST['username']); - $password = Sanitize::html($_POST['password']); - - if( $Login->verifyUser($username, $password) ) + // Verify User sanitize the input + if( $Login->verifyUser($_POST['username'], $_POST['password']) ) { Redirect::page('admin', 'dashboard'); } diff --git a/index.php b/index.php index 365c449e..75f5d69e 100644 --- a/index.php +++ b/index.php @@ -24,8 +24,8 @@ define('BLUDIT', true); define('DS', DIRECTORY_SEPARATOR); // PHP paths -define('PATH_ROOT', __DIR__.DS); -define('PATH_BOOT', PATH_ROOT.'kernel'.DS.'boot'.DS); +define('PATH_ROOT', __DIR__.DS); +define('PATH_BOOT', PATH_ROOT.'kernel'.DS.'boot'.DS); // Init require(PATH_BOOT.'init.php'); diff --git a/kernel/boot/admin.php b/kernel/boot/admin.php index fcf9ceac..fc852a1e 100644 --- a/kernel/boot/admin.php +++ b/kernel/boot/admin.php @@ -52,6 +52,9 @@ else $layout['template'] = 'login.php'; } + // Plugins before admin area loaded + Theme::plugins('beforeAdminLoad'); + // Admin theme init.php if( Sanitize::pathFile(PATH_ADMIN_THEMES, $Site->adminTheme().DS.'init.php') ) include(PATH_ADMIN_THEMES.$Site->adminTheme().DS.'init.php'); @@ -63,4 +66,7 @@ else // Load view and theme if( Sanitize::pathFile(PATH_ADMIN_THEMES, $Site->adminTheme().DS.$layout['template']) ) include(PATH_ADMIN_THEMES.$Site->adminTheme().DS.$layout['template']); + + // Plugins after admin area loaded + Theme::plugins('afterAdminLoad'); } diff --git a/kernel/boot/rules/80.plugins.php b/kernel/boot/rules/80.plugins.php index 5e3607a9..bafa283c 100644 --- a/kernel/boot/rules/80.plugins.php +++ b/kernel/boot/rules/80.plugins.php @@ -21,6 +21,8 @@ $plugins = array( 'adminBodyBegin'=>array(), 'adminBodyEnd'=>array(), 'adminSidebar'=>array(), + 'beforeAdminLoad'=>array(), + 'afterAdminLoad'=>array(), 'loginHead'=>array(), 'loginBodyBegin'=>array(), diff --git a/kernel/login.class.php b/kernel/login.class.php index d9ad1a11..d55d118b 100644 --- a/kernel/login.class.php +++ b/kernel/login.class.php @@ -23,8 +23,8 @@ class Login { { Session::set('username', $username); Session::set('role', $role); - Session::set('fingerPrint', $this->fingerPrint()); - Session::set('sessionTime', time()); + Session::set('fingerPrint', $this->fingerPrint()); + Session::set('sessionTime', time()); Log::set(__METHOD__.LOG_SEP.'Set fingerPrint: '.$this->fingerPrint()); } @@ -52,6 +52,9 @@ class Login { public function verifyUser($username, $password) { + $username = Sanitize::html($username); + $password = Sanitize::html($password); + $username = trim($username); $password = trim($password); diff --git a/kernel/security.class.php b/kernel/security.class.php new file mode 100644 index 00000000..90a7e38c --- /dev/null +++ b/kernel/security.class.php @@ -0,0 +1,43 @@ +5, + 'numberFailures'=>10 + ); + + function __construct() + { + parent::__construct(PATH_DATABASES.'security.php'); + } + + + + public function addLoginFail() + { + $ip = $this->getUserIp(); + + // Save the database + $this->db[$ip] = (int)$this->db[$ip] + 1; + if( $this->save() === false ) { + Log::set(__METHOD__.LOG_SEP.'Error occurred when trying to save the database file.'); + return false; + } + + return true; + } + + public function getUserIp() + { + // User IP + if(getenv('HTTP_X_FORWARDED_FOR')) + $ip = getenv('HTTP_X_FORWARDED_FOR'); + elseif(getenv('HTTP_CLIENT_IP')) + $ip = getenv('HTTP_CLIENT_IP'); + else + $ip = getenv('REMOTE_ADDR'); + + return $ip; + } +} \ No newline at end of file diff --git a/themes/pure/screenshot.jpg b/themes/pure/screenshot.jpg deleted file mode 100644 index 3f039100..00000000 Binary files a/themes/pure/screenshot.jpg and /dev/null differ