-
Notifications
You must be signed in to change notification settings - Fork 72
/
login.php
55 lines (49 loc) · 1.9 KB
/
login.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
<?php
/*
* © CoinDice
* Demo: http://www.btcircle.com/dice
* Please do not copy or redistribute.
* More licences we sell, more products we develop in the future.
*/
header('X-Frame-Options: DENY');
session_start();
if (isset($_GET['logout'])) {
$_SESSION['logged_']=false;
header('Location: ./?logouted');
exit();
}
$included=true;
include '../inc/db-conf.php';
include '../inc/functions.php';
if (!empty($_POST['hash_one']) && !empty($_POST['hash_sec'])) {
if (!empty($_POST['ga_playertest'])) {
$this_admin=mysql_fetch_array(mysql_query("SELECT `username`,`ga_token` FROM `ga_players` WHERE `username`='".prot($_POST['hash_one'])."' AND `passwd`='".md5($_POST['hash_sec'])."' LIMIT 1"));
} else {
$this_admin=mysql_fetch_array(mysql_query("SELECT `username`,`ga_token` FROM `admins` WHERE `username`='".prot($_POST['hash_one'])."' AND `passwd`='".md5($_POST['hash_sec'])."' LIMIT 1"));
}
if ($this_admin['ga_token']=='') {
$_SESSION['logged_']=true;
$_SESSION['username']=$this_admin['username'];
mysql_query("INSERT INTO `admin_logs` (`ip`,`browser`) VALUES ('".$_SERVER['REMOTE_ADDR']."','".$_SERVER['HTTP_USER_AGENT']."')");
header('Location: ./');
}
else {
$_SESSION['2f_1']['username']=$this_admin['username'];
$_SESSION['2f_1']['ga_token']=$this_admin['ga_token'];
header('Location: ./?totp');
}
exit();
}
else if (!empty($_POST['totp'])) {
include './ga_class.php';
$verify=Google2FA::verify_key($_SESSION['2f_1']['ga_token'],$_POST['totp'],0);
if ($verify==true) {
$_SESSION['logged_']=true;
$_SESSION['username']=$_SESSION['2f_1']['username'];
$_SESSION['2f_1']=false;
mysql_query("INSERT INTO `admin_logs` (`ip`,`browser`) VALUES ('".$_SERVER['REMOTE_ADDR']."','".$_SERVER['HTTP_USER_AGENT']."')");
header('Location: ./');
}
}
header('Location: ./?login_error');
?>