Bug fixes

This commit is contained in:
dignajar 2015-08-07 21:39:10 -03:00
parent e42c900c17
commit 6dc2c697c5
7 changed files with 60 additions and 8 deletions

View File

@ -18,10 +18,8 @@
if( $_SERVER['REQUEST_METHOD'] == 'POST' ) if( $_SERVER['REQUEST_METHOD'] == 'POST' )
{ {
$username = Sanitize::html($_POST['username']); // Verify User sanitize the input
$password = Sanitize::html($_POST['password']); if( $Login->verifyUser($_POST['username'], $_POST['password']) )
if( $Login->verifyUser($username, $password) )
{ {
Redirect::page('admin', 'dashboard'); Redirect::page('admin', 'dashboard');
} }

View File

@ -52,6 +52,9 @@ else
$layout['template'] = 'login.php'; $layout['template'] = 'login.php';
} }
// Plugins before admin area loaded
Theme::plugins('beforeAdminLoad');
// Admin theme init.php // Admin theme init.php
if( Sanitize::pathFile(PATH_ADMIN_THEMES, $Site->adminTheme().DS.'init.php') ) if( Sanitize::pathFile(PATH_ADMIN_THEMES, $Site->adminTheme().DS.'init.php') )
include(PATH_ADMIN_THEMES.$Site->adminTheme().DS.'init.php'); include(PATH_ADMIN_THEMES.$Site->adminTheme().DS.'init.php');
@ -63,4 +66,7 @@ else
// Load view and theme // Load view and theme
if( Sanitize::pathFile(PATH_ADMIN_THEMES, $Site->adminTheme().DS.$layout['template']) ) if( Sanitize::pathFile(PATH_ADMIN_THEMES, $Site->adminTheme().DS.$layout['template']) )
include(PATH_ADMIN_THEMES.$Site->adminTheme().DS.$layout['template']); include(PATH_ADMIN_THEMES.$Site->adminTheme().DS.$layout['template']);
// Plugins after admin area loaded
Theme::plugins('afterAdminLoad');
} }

View File

@ -21,6 +21,8 @@ $plugins = array(
'adminBodyBegin'=>array(), 'adminBodyBegin'=>array(),
'adminBodyEnd'=>array(), 'adminBodyEnd'=>array(),
'adminSidebar'=>array(), 'adminSidebar'=>array(),
'beforeAdminLoad'=>array(),
'afterAdminLoad'=>array(),
'loginHead'=>array(), 'loginHead'=>array(),
'loginBodyBegin'=>array(), 'loginBodyBegin'=>array(),

View File

@ -52,6 +52,9 @@ class Login {
public function verifyUser($username, $password) public function verifyUser($username, $password)
{ {
$username = Sanitize::html($username);
$password = Sanitize::html($password);
$username = trim($username); $username = trim($username);
$password = trim($password); $password = trim($password);

43
kernel/security.class.php Normal file
View File

@ -0,0 +1,43 @@
<?php defined('BLUDIT') or die('Bludit CMS.');
class Security extends dbJSON
{
private $dbFields = array(
'minutesBlocked'=>5,
'numberFailures'=>10
);
function __construct()
{
parent::__construct(PATH_DATABASES.'security.php');
}
public function addLoginFail()
{
$ip = $this->getUserIp();
// Save the database
$this->db[$ip] = (int)$this->db[$ip] + 1;
if( $this->save() === false ) {
Log::set(__METHOD__.LOG_SEP.'Error occurred when trying to save the database file.');
return false;
}
return true;
}
public function getUserIp()
{
// User IP
if(getenv('HTTP_X_FORWARDED_FOR'))
$ip = getenv('HTTP_X_FORWARDED_FOR');
elseif(getenv('HTTP_CLIENT_IP'))
$ip = getenv('HTTP_CLIENT_IP');
else
$ip = getenv('REMOTE_ADDR');
return $ip;
}
}

Binary file not shown.

Before

Width:  |  Height:  |  Size: 27 KiB