ACC SHELL

Path : /www/hosting/oltv.cz/_/admin/core/
File Upload :
Current File : /www/hosting/oltv.cz/_/admin/core/login.php

<?php
/**
 * kontrola formuláře pro přihlášení uživatele do administrace
 *
 * @author Filip Štencl
 * @since 14.9.2013
 *
 */

require("../../include/config.php");
session_start();
//----------------------------------------------------------------------------------------------------------
if (isset($_SESSION['notification_output']) && $_SESSION['notification_output'] != "") { $_SESSION['notification_output'] = ""; }
if (isset($_SESSION['notification_success']) && $_SESSION['notification_success'] != "") {$_SESSION['notification_success'] = ""; }
if (isset($_SESSION['notification_information']) && $_SESSION['notification_information'] != "") { $_SESSION['notification_information'] = ""; }
if (isset($_SESSION['notification_attention']) && $_SESSION['notification_attention'] != "") { $_SESSION['notification_attention'] = ""; }
if (isset($_SESSION['notification_error']) && $_SESSION['notification_error'] != "") { $_SESSION['notification_error'] = ""; }
if (isset($_SESSION['notification_alert']) && $_SESSION['notification_alert'] != "") { $_SESSION['notification_alert'] = ""; }


if (isset($_POST['login']) && $_POST['login'] <> "" && isset($_POST['heslo']) && $_POST['heslo'] <> "") {

	$login = strtolower(trim($_POST['login']));
	$pocet = dibi::query("SELECT ifnull(count(*),0) FROM [admin_uzivatele_log] WHERE [uspech] = 0 AND [caszalozeni] > date_add(NOW(),INTERVAL -5 MINUTE) AND LOWER([login]) = %s",$login)->fetchSingle();


	if ($pocet < 3) {
		$result = dibi::query("SELECT * FROM [admin_uzivatele] WHERE [smazano] = 0 AND [povolen] = 1 AND LOWER([login]) = %s AND [heslo] = %s",$login,sha1($_POST['heslo']));

		if ($result->count() == 0)  {
			$_SESSION['admin_id'] = "";

			$arr = array(
				"login" => $login,
				"ip" => ip_adresa(),
				"uspech" => 0
			);

			dibi::query("INSERT INTO [admin_uzivatele_log] ", $arr);
			$presmerovani = "./?err=1";
		} else {
			$row = $result->fetch();
			$_SESSION['admin_id'] = $row->id;
			$_SESSION['admin_superadmin'] = $row->superadmin;
			$_SESSION['sidebar'] = $row->sidebar;

			// cookies
			if (isset($_POST['cookie']) && $_POST['cookie'] == 1) {
				$response = new Nette\Http\Response;
				$response->setCookie("cms_login", base64_encode($_POST['login'].":".sha1($_POST['heslo'])),"1 year");
			}

			// last url
			$last_url = dibi::query("SELECT cesta FROM [admin_nav_history] WHERE idadmin_uzivatele = %i ORDER BY id DESC LIMIT 0,1",$row->id)->fetchSingle();
			//$file_headers = @get_headers("..".$last_url);
			//if($file_headers[0] == 'HTTP/1.1 404 Not Found') { $last_url = "./home.php"; }

			$last_url = "./home.php";

			dibi::query("DELETE FROM [admin_nav_history] WHERE [idadmin_uzivatele] = %i", intval($row->id));
			dibi::query("DELETE FROM [admin_uzivatele_log] WHERE [login] = %s",$login);
			dibi::query("UPDATE [admin_uzivatele] SET [caszmeny] = NOW() WHERE [id] = %i",$row->id);
			notification::infoBox_success("Byl jste přihlášen do systému.");
			notification::zaloguj("Přihlášení uživatele <strong>".$row->jmeno." ".$row->prijmeni."</strong>",0,0);
			$presmerovani = $last_url;

			echo $presmerovani;
		}
    } else { $presmerovani = "./?err=2"; }
} else {
	$presmerovani = "./?err=1";
}
redirect($presmerovani);

ACC SHELL 2018