This commit has been accessed 559 times via Git panel.
commit 26787eab08dbd25b23f74e23ed4249dbb9c9af30
tree 3e012ffca37ae2228be28c1eddc978b2c642c09a
parent 0bc3d939315bf889dd6cf2f96feb1202577924e2
author Engels Antonio <engels@majcms.org> 1307319787 +0800
committer Engels Antonio <engels@majcms.org> 1307319787 +0800
Add member auto-lockout after multiple failed logins
diff --git a/add.php b/add.php
index fa4ba7a..f20abfe 100644
--- a/add.php
+++ b/add.php
@@ -28,7 +28,7 @@
}
}
- if ((file_exists("data/members/active/{$_SESSION['logged_in']}/rw.txt") or file_exists("data/members/active/{$_SESSION['logged_in']}/category.txt")) and file_exists("data/bb.txt") and !file_exists("data/noadd.txt")) {
+ if ((file_exists("data/members/active/{$_SESSION['logged_in']}/bb-rw.txt") or file_exists("data/members/active/{$_SESSION['logged_in']}/category.txt")) and file_exists("data/bb.txt") and !file_exists("data/noadd.txt")) {
$login_username = $_SESSION['logged_in'];
}
}
@@ -672,7 +672,7 @@ a:active {
}
if ($_SESSION['logged_in'] != file_get_contents("data/username.txt")) {
- if (file_exists("data/members/active/{$_SESSION['logged_in']}/rw.txt") and file_exists("data/bb.txt")) {
+ if (file_exists("data/members/active/{$_SESSION['logged_in']}/bb-rw.txt") and file_exists("data/bb.txt")) {
$ml_from_firstname = file_get_contents("data/members/active/{$_SESSION['logged_in']}/firstname.txt");
$ml_from_lastname = file_get_contents("data/members/active/{$_SESSION['logged_in']}/lastname.txt");
@@ -731,11 +731,12 @@ a:active {
if ($dh_ml_member = opendir("data/members/active")) {
while (($ml_member = readdir($dh_ml_member)) !== false) {
if ($ml_member != "." && $ml_member != ".." && fnmatch("*", $ml_member)) {
- if (file_exists("data/members/active/$ml_member/noml.txt")) {
+
+ if (file_exists("data/members/active/$ml_member/bb-noml.txt")) {
continue;
}
- if (file_exists("data/members/active/$ml_member/vacation.txt")) {
+ if (file_exists("data/members/active/$ml_member/bb-vacation.txt")) {
continue;
}
diff --git a/edit.php b/edit.php
index 5bae69a..3b8c413 100644
--- a/edit.php
+++ b/edit.php
@@ -31,7 +31,7 @@
$do = 0;
- if (file_exists("data/members/active/{$_SESSION['logged_in']}/rw.txt") and file_exists("data/wiki.txt") and (file_exists("data/items/{$_REQUEST['entry']}/edit.txt") or (file_get_contents("data/items/{$_REQUEST['entry']}/author.txt") == $_SESSION['logged_in']))) {
+ if (file_exists("data/members/active/{$_SESSION['logged_in']}/bb-rw.txt") and file_exists("data/wiki.txt") and (file_exists("data/items/{$_REQUEST['entry']}/edit.txt") or (file_get_contents("data/items/{$_REQUEST['entry']}/author.txt") == $_SESSION['logged_in']))) {
$do = 1;
}
@@ -448,7 +448,7 @@ a:active {
<p><table border="0" cellspacing="2" cellpadding="0" bgcolor="#ffffff">
<?php
- if (($_SESSION['logged_in'] == $login_username) or (file_exists("data/members/active/{$_SESSION['logged_in']}/ul.txt") and file_exists("data/members/active/{$_SESSION['logged_in']}/rw.txt"))) {
+ if (($_SESSION['logged_in'] == $login_username) or (file_exists("data/members/active/{$_SESSION['logged_in']}/bb-ul.txt") and file_exists("data/members/active/{$_SESSION['logged_in']}/bb-rw.txt"))) {
?>
<input type="hidden" name="max_file_size" value="<?php
diff --git a/index.php b/index.php
index 132c047..c6ca03b 100644
--- a/index.php
+++ b/index.php
@@ -285,7 +285,7 @@ if (isset($maj_req_entry) and !empty($maj_req_entry) and isset($_REQUEST['commen
if ($maj_unread_active_member != "." && $maj_unread_active_member != "..") {
- if ((!file_exists("data/members/active/$maj_unread_active_member/vacation.txt") and !file_exists("data/items/$maj_req_entry/members")) or (!file_exists("data/members/active/$maj_unread_active_member/vacation.txt") and file_exists("data/items/$maj_req_entry/members") and file_exists("data/items/$maj_req_entry/members/$maj_unread_active_member"))) {
+ if ((!file_exists("data/members/active/$maj_unread_active_member/bb-vacation.txt") and !file_exists("data/items/$maj_req_entry/members")) or (!file_exists("data/members/active/$maj_unread_active_member/bb-vacation.txt") and file_exists("data/items/$maj_req_entry/members") and file_exists("data/items/$maj_req_entry/members/$maj_unread_active_member"))) {
if (!file_exists("data/members/active/$maj_unread_active_member/comments")) {
mkdir("data/members/active/$maj_unread_active_member/comments");
@@ -413,11 +413,11 @@ if (isset($maj_req_entry) and !empty($maj_req_entry) and isset($_REQUEST['commen
while (($maj_ml_member = readdir($maj_dh_ml_member)) !== false) {
if ($maj_ml_member != "." && $maj_ml_member != "..") {
- if (file_exists("data/members/active/$maj_ml_member/noml.txt")) {
+ if (file_exists("data/members/active/$maj_ml_member/bb-noml.txt")) {
continue;
}
- if (file_exists("data/members/active/$maj_ml_member/vacation.txt")) {
+ if (file_exists("data/members/active/$maj_ml_member/bb-vacation.txt")) {
continue;
}
@@ -926,7 +926,7 @@ elseif (isset($_SESSION['logged_in']) and ($_SESSION['logged_in'] != $maj_login_
}
}
- if (!file_exists("data/noadd.txt") and (file_exists("data/members/active/{$_SESSION['logged_in']}/rw.txt") or file_exists("data/members/active/{$_SESSION['logged_in']}/categories/$maj_req_category"))) {
+ if (!file_exists("data/noadd.txt") and (file_exists("data/members/active/{$_SESSION['logged_in']}/bb-rw.txt") or file_exists("data/members/active/{$_SESSION['logged_in']}/categories/$maj_req_category"))) {
echo '<a class="navlink" href="add.php">Add Entry</a><br>';
}
@@ -2054,7 +2054,7 @@ foreach ($maj_disp as $maj_d) {
readfile("data/items/$maj_d/title.txt");
- if (isset($_SESSION['logged_in']) and ($_SESSION['logged_in'] != $maj_login_username) and file_exists("data/members/active/{$_SESSION['logged_in']}") and file_exists("data/wiki.txt") and (file_exists("data/items/$maj_d/edit.txt") or (file_get_contents("data/items/$maj_d/author.txt") == $_SESSION['logged_in'])) and file_exists("data/members/active/{$_SESSION['logged_in']}/rw.txt") and !file_exists("data/items/$maj_d/passwd.txt") and !file_exists("data/items/$maj_d/lock.txt")) {
+ if (isset($_SESSION['logged_in']) and ($_SESSION['logged_in'] != $maj_login_username) and file_exists("data/members/active/{$_SESSION['logged_in']}") and file_exists("data/wiki.txt") and (file_exists("data/items/$maj_d/edit.txt") or (file_get_contents("data/items/$maj_d/author.txt") == $_SESSION['logged_in'])) and file_exists("data/members/active/{$_SESSION['logged_in']}/bb-rw.txt") and !file_exists("data/items/$maj_d/passwd.txt") and !file_exists("data/items/$maj_d/lock.txt")) {
if (file_exists("data/items/$maj_d/wiki/delta") and (count(glob("data/items/$maj_d/wiki/delta/*")) > 0)) {
echo "<a href=\"wiki.php?entry=$maj_d\">";
diff --git a/login.php b/login.php
index d93e0d3..79ac5e8 100644
--- a/login.php
+++ b/login.php
@@ -105,11 +105,34 @@ a:active {
$err_username = "0";
}
else {
- if (file_exists("data/members/active/$put_username") and file_exists("data/bb.txt") and !file_exists("data/members/active/$put_username/lockout.txt")) {
+ if (file_exists("data/members/active/$put_username") and file_exists("data/bb.txt") and !file_exists("data/members/active/$put_username/bb-lockout.txt")) {
+
$get_password = file_get_contents("data/members/active/$put_username/password.txt");
$last_login = "data/members/active/$put_username/bb-last.txt";
$logins = "data/members/active/$put_username/bb-logins.txt";
$err_username = "0";
+
+ if (($get_password != $put_password) and (file_exists("data/bb-invalid.txt"))) {
+
+ $max_invalid = file_get_contents("data/bb-invalid.txt");
+
+ if (file_exists("data/members/active/$put_username/bb-invalid.txt")) {
+ $count_invalid = file_get_contents("data/members/active/$put_username/bb-invalid.txt");
+ }
+ else {
+ $count_invalid = "0";
+ }
+
+ $count_invalid = $count_invalid + 1;
+
+ $fp_invalid_txt = fopen("data/members/active/$put_username/bb-invalid.txt", "w");
+ fwrite($fp_invalid_txt, $count_invalid);
+ fclose($fp_invalid_txt);
+
+ if ($count_invalid >= $max_invalid) {
+ touch("data/members/active/$put_username/bb-lockout.txt");
+ }
+ }
}
}
diff --git a/member.php b/member.php
index 7c1be00..96b11a9 100644
--- a/member.php
+++ b/member.php
@@ -173,55 +173,55 @@ if ($id == "all") {
if (isset($_POST['edit']) and !empty($_POST['edit']) and ($_POST['edit'] == "on") and isset($_POST['username']) and !empty($_POST['username']) and file_exists("data/members/active/{$_POST['username']}") and isset($_SESSION['logged_in']) and !empty($_SESSION['logged_in']) and ($_SESSION['logged_in'] == file_get_contents("data/username.txt"))) {
- if (isset($_POST['rw']) and !empty($_POST['rw']) and ($_POST['rw'] == "on") and !file_exists("data/members/active/{$_POST['username']}/rw.txt")) {
- touch("data/members/active/{$_POST['username']}/rw.txt");
+ if (isset($_POST['rw']) and !empty($_POST['rw']) and ($_POST['rw'] == "on") and !file_exists("data/members/active/{$_POST['username']}/bb-rw.txt")) {
+ touch("data/members/active/{$_POST['username']}/bb-rw.txt");
}
- if ((!isset($_POST['rw']) or empty($_POST['rw'])) and file_exists("data/members/active/{$_POST['username']}/rw.txt")) {
- unlink("data/members/active/{$_POST['username']}/rw.txt");
+ if ((!isset($_POST['rw']) or empty($_POST['rw'])) and file_exists("data/members/active/{$_POST['username']}/bb-rw.txt")) {
+ unlink("data/members/active/{$_POST['username']}/bb-rw.txt");
}
- if (isset($_POST['ul']) and !empty($_POST['ul']) and ($_POST['ul'] == "on") and !file_exists("data/members/active/{$_POST['username']}/ul.txt")) {
- touch("data/members/active/{$_POST['username']}/ul.txt");
+ if (isset($_POST['ul']) and !empty($_POST['ul']) and ($_POST['ul'] == "on") and !file_exists("data/members/active/{$_POST['username']}/bb-ul.txt")) {
+ touch("data/members/active/{$_POST['username']}/bb-ul.txt");
}
- if ((!isset($_POST['ul']) or empty($_POST['ul'])) and file_exists("data/members/active/{$_POST['username']}/ul.txt")) {
- unlink("data/members/active/{$_POST['username']}/ul.txt");
+ if ((!isset($_POST['ul']) or empty($_POST['ul'])) and file_exists("data/members/active/{$_POST['username']}/bb-ul.txt")) {
+ unlink("data/members/active/{$_POST['username']}/bb-ul.txt");
}
- if (isset($_POST['noml']) and !empty($_POST['noml']) and ($_POST['noml'] == "on") and !file_exists("data/members/active/{$_POST['username']}/noml.txt")) {
- touch("data/members/active/{$_POST['username']}/noml.txt");
+ if (isset($_POST['noml']) and !empty($_POST['noml']) and ($_POST['noml'] == "on") and !file_exists("data/members/active/{$_POST['username']}/bb-noml.txt")) {
+ touch("data/members/active/{$_POST['username']}/bb-noml.txt");
}
- if ((!isset($_POST['noml']) or empty($_POST['noml'])) and file_exists("data/members/active/{$_POST['username']}/noml.txt")) {
- unlink("data/members/active/{$_POST['username']}/noml.txt");
+ if ((!isset($_POST['noml']) or empty($_POST['noml'])) and file_exists("data/members/active/{$_POST['username']}/bb-noml.txt")) {
+ unlink("data/members/active/{$_POST['username']}/bb-noml.txt");
}
if (isset($_POST['lockout']) and !empty($_POST['lockout']) and ($_POST['lockout'] == "on")) {
- if (!file_exists("data/members/active/{$_POST['username']}/lockout.txt")) {
- touch("data/members/active/{$_POST['username']}/lockout.txt");
+ if (!file_exists("data/members/active/{$_POST['username']}/bb-lockout.txt")) {
+ touch("data/members/active/{$_POST['username']}/bb-lockout.txt");
}
- if (file_exists("data/members/active/{$_POST['username']}/noml.txt")) {
- touch("data/members/active/{$_POST['username']}/noml2.txt");
+ if (file_exists("data/members/active/{$_POST['username']}/bb-noml.txt")) {
+ touch("data/members/active/{$_POST['username']}/bb-noml2.txt");
}
- if (!file_exists("data/members/active/{$_POST['username']}/noml.txt")) {
- touch("data/members/active/{$_POST['username']}/noml.txt");
+ if (!file_exists("data/members/active/{$_POST['username']}/bb-noml.txt")) {
+ touch("data/members/active/{$_POST['username']}/bb-noml.txt");
}
}
- if ((!isset($_POST['lockout']) or empty($_POST['lockout'])) and file_exists("data/members/active/{$_POST['username']}/lockout.txt")) {
+ if ((!isset($_POST['lockout']) or empty($_POST['lockout'])) and file_exists("data/members/active/{$_POST['username']}/bb-lockout.txt")) {
- unlink("data/members/active/{$_POST['username']}/lockout.txt");
+ unlink("data/members/active/{$_POST['username']}/bb-lockout.txt");
- if (file_exists("data/members/active/{$_POST['username']}/noml.txt")) {
- unlink("data/members/active/{$_POST['username']}/noml.txt");
+ if (file_exists("data/members/active/{$_POST['username']}/bb-noml.txt")) {
+ unlink("data/members/active/{$_POST['username']}/bb-noml.txt");
}
- if (file_exists("data/members/active/{$_POST['username']}/noml2.txt")) {
- rename("data/members/active/{$_POST['username']}/noml2.txt","data/members/active/{$_POST['username']}/noml.txt");
+ if (file_exists("data/members/active/{$_POST['username']}/bb-noml2.txt")) {
+ rename("data/members/active/{$_POST['username']}/bb-noml2.txt","data/members/active/{$_POST['username']}/bb-noml.txt");
}
}
@@ -247,8 +247,8 @@ if ($id == "all") {
unlink("data/members/active/{$_POST['username']}/category.txt");
}
- if (file_exists("data/members/active/{$_POST['username']}/ul.txt") and !file_exists("data/members/active/{$_POST['username']}/rw.txt") and !file_exists("data/members/active/{$_POST['username']}/category.txt")) {
- unlink("data/members/active/{$_POST['username']}/ul.txt");
+ if (file_exists("data/members/active/{$_POST['username']}/bb-ul.txt") and !file_exists("data/members/active/{$_POST['username']}/bb-rw.txt") and !file_exists("data/members/active/{$_POST['username']}/category.txt")) {
+ unlink("data/members/active/{$_POST['username']}/bb-ul.txt");
}
if (isset($_POST['del']) and !empty($_POST['del']) and ($_POST['del'] == "on")) {
@@ -299,6 +299,31 @@ if (file_exists("data/members/active")) {
foreach ($show_member_list as $member_list_entry) {
+ /* remove the lines below in version 3.0 */
+ if (file_exists("data/members/active/$member_list_entry/rw.txt")) {
+ rename("data/members/active/$member_list_entry/rw.txt","data/members/active/$member_list_entry/bb-rw.txt");
+ }
+ if (file_exists("data/members/active/$member_list_entry/vacation.txt")) {
+ rename("data/members/active/$member_list_entry/vacation.txt","data/members/active/$member_list_entry/bb-vacation.txt");
+ }
+ if (file_exists("data/members/active/$member_list_entry/ul.txt")) {
+ rename("data/members/active/$member_list_entry/ul.txt","data/members/active/$member_list_entry/bb-ul.txt");
+ }
+ if (file_exists("data/members/active/$member_list_entry/noml.txt")) {
+ rename("data/members/active/$member_list_entry/noml.txt","data/members/active/$member_list_entry/bb-noml.txt");
+ }
+ if (file_exists("data/members/active/$member_list_entry/noml2.txt")) {
+ rename("data/members/active/$member_list_entry/noml2.txt","data/members/active/$member_list_entry/bb-noml2.txt");
+ }
+
+ if (file_exists("data/members/active/$member_list_entry/resetx.txt")) {
+ rename("data/members/active/$member_list_entry/resetx.txt","data/members/active/$member_list_entry/bb-resetx.txt");
+ }
+ if (file_exists("data/members/active/$member_list_entry/resetl.txt")) {
+ rename("data/members/active/$member_list_entry/resetl.txt","data/members/active/$member_list_entry/bb-resetl.txt");
+ }
+ /* remove the lines above in version 3.0 */
+
echo "<tr><td bgcolor=#ffffff align=center>";
$sess_count = 0;
@@ -358,8 +383,8 @@ if (file_exists("data/members/active")) {
echo "<td bgcolor=#ffffff align=center><nobr><code>$member_since</code></nobr></td>";
}
- if ((file_get_contents("data/username.txt") == $member_list_entry) and file_exists("data/logins.txt")) {
- $logins = file_get_contents("data/logins.txt");
+ if ((file_get_contents("data/username.txt") == $member_list_entry) and file_exists("data/bb-logins.txt")) {
+ $logins = file_get_contents("data/bb-logins.txt");
echo "<td bgcolor=#ffffff align=right><code>$logins</code></td>";
}
elseif (file_exists("data/members/active/$member_list_entry") and file_exists("data/members/active/$member_list_entry/bb-logins.txt")) {
@@ -367,7 +392,7 @@ if (file_exists("data/members/active")) {
echo "<td bgcolor=#ffffff align=right><code>$logins</code></td>";
}
- if ((file_get_contents("data/username.txt") == $member_list_entry) and !file_exists("data/logins.txt")) {
+ if ((file_get_contents("data/username.txt") == $member_list_entry) and !file_exists("data/bb-logins.txt")) {
echo "<td bgcolor=#ffffff align=right><code>0</code></td>";
}
elseif (file_exists("data/members/active/$member_list_entry") and !file_exists("data/members/active/$member_list_entry/bb-logins.txt")) {
@@ -439,25 +464,25 @@ if (file_exists("data/members/active")) {
echo "<form action=member.php method=post><input type=hidden name=id value=all><input type=hidden name=edit value=on><input type=hidden name=username value=$member_list_entry>";
echo "<td bgcolor=#ffffff align=center><input type=checkbox name=rw";
- if (file_exists("data/members/active/$member_list_entry/rw.txt")) {
+ if (file_exists("data/members/active/$member_list_entry/bb-rw.txt")) {
echo " checked";
}
echo "></td><td bgcolor=#ffffff align=center><input type=checkbox name=ul";
- if (file_exists("data/members/active/$member_list_entry/ul.txt")) {
+ if (file_exists("data/members/active/$member_list_entry/bb-ul.txt")) {
echo " checked";
}
echo "></td><td bgcolor=#ffffff align=center><input type=checkbox name=noml";
- if (file_exists("data/members/active/$member_list_entry/noml.txt")) {
+ if (file_exists("data/members/active/$member_list_entry/bb-noml.txt")) {
echo " checked";
}
echo "></td><td bgcolor=#ffffff align=center><input type=checkbox name=lockout";
- if (file_exists("data/members/active/$member_list_entry/lockout.txt")) {
+ if (file_exists("data/members/active/$member_list_entry/bb-lockout.txt")) {
echo " checked";
}
@@ -804,8 +829,8 @@ elseif (file_exists("data/members/active/$id")) {
echo "<tr><td width=90>profile views</td><td><code>$views</code></td></tr>";
}
-if ((file_get_contents("data/username.txt") == $id) and file_exists("data/logins.txt")) {
- $logins = file_get_contents("data/logins.txt");
+if ((file_get_contents("data/username.txt") == $id) and file_exists("data/bb-logins.txt")) {
+ $logins = file_get_contents("data/bb-logins.txt");
echo "<tr><td width=90>total logins</td><td><code>$logins</code></td></tr>";
}
elseif (file_exists("data/members/active/$id") and file_exists("data/members/active/$id/bb-logins.txt")) {
@@ -892,7 +917,7 @@ if ($id == file_get_contents("data/username.txt")) {
if (($id != file_get_contents("data/username.txt")) and file_exists("data/members/active/$id")) {
- if (file_exists("data/members/active/$id/rw.txt")) {
+ if (file_exists("data/members/active/$id/bb-rw.txt")) {
echo "rw";
}
else {
@@ -902,7 +927,7 @@ if (($id != file_get_contents("data/username.txt")) and file_exists("data/member
if (($id != file_get_contents("data/username.txt")) and file_exists("data/members/active/$id")) {
- if (file_exists("data/members/active/$id/ul.txt")) {
+ if (file_exists("data/members/active/$id/bb-ul.txt")) {
echo " upload";
}
}
diff --git a/options.php b/options.php
index df913e8..81a81f5 100644
--- a/options.php
+++ b/options.php
@@ -108,7 +108,7 @@ if (isset($_REQUEST['username']) and !empty($_REQUEST['username']) and isset($_R
if (file_exists("data/members/active/$username") and ($_REQUEST['key'] == file_get_contents("data/members/active/$username/key.txt"))) {
unlink("data/members/active/$username/key.txt");
- unlink("data/members/active/$username/vacation.txt");
+ unlink("data/members/active/$username/bb-vacation.txt");
unlink("data/members/active/$username/email.txt");
rename("data/members/active/$username/new-email.txt","data/members/active/$username/email.txt");
echo "<p><font style=\"font-size: 12px;\"><b>Thanks!</b></font></p><p>You have successfully verified your new e-mail address.<br>Click <a href=index.php>here</a> to go to the index page.</p>";
@@ -319,20 +319,20 @@ $max_image_size = 1000000;
}
}
-if (isset($_POST['vacation']) and !empty($_POST['vacation']) and ($_POST['vacation'] == "on") and !file_exists("data/members/active/{$_SESSION['logged_in']}/vacation.txt")) {
- touch("data/members/active/{$_SESSION['logged_in']}/vacation.txt");
+if (isset($_POST['vacation']) and !empty($_POST['vacation']) and ($_POST['vacation'] == "on") and !file_exists("data/members/active/{$_SESSION['logged_in']}/bb-vacation.txt")) {
+ touch("data/members/active/{$_SESSION['logged_in']}/bb-vacation.txt");
}
if (!isset($_POST['vacation']) or empty($_POST['vacation'])) {
if (isset($_POST['edit']) and ($_POST['edit'] == "on")) {
- if (file_exists("data/members/active/{$_SESSION['logged_in']}/vacation.txt")) {
- unlink("data/members/active/{$_SESSION['logged_in']}/vacation.txt");
+ if (file_exists("data/members/active/{$_SESSION['logged_in']}/bb-vacation.txt")) {
+ unlink("data/members/active/{$_SESSION['logged_in']}/bb-vacation.txt");
}
}
}
-if (file_exists("data/members/active/{$_SESSION['logged_in']}/key.txt") and !file_exists("data/members/active/{$_SESSION['logged_in']}/vacation.txt")) {
- touch("data/members/active/{$_SESSION['logged_in']}/vacation.txt");
+if (file_exists("data/members/active/{$_SESSION['logged_in']}/key.txt") and !file_exists("data/members/active/{$_SESSION['logged_in']}/bb-vacation.txt")) {
+ touch("data/members/active/{$_SESSION['logged_in']}/bb-vacation.txt");
}
@@ -515,7 +515,7 @@ if (file_exists("data/members/active/{$_SESSION['logged_in']}/bb-last.txt")) {
<tr><td bgcolor="#ffffff"><p>country</p></td><td bgcolor="#ffffff" colspan="2">
-<select class="input" name="country">
+<select class="input" name="country" required>
<option<?php if (!file_exists("data/members/active/{$_SESSION['logged_in']}/country.txt")) { echo " selected"; } ?> value=""></option>
<option<?php if (file_get_contents("data/members/active/{$_SESSION['logged_in']}/country.txt") == "AF") { echo " selected"; } ?> value="AF">Afghanistan</option>
<option<?php if (file_get_contents("data/members/active/{$_SESSION['logged_in']}/country.txt") == "AX") { echo " selected"; } ?> value="AX">Aland (Ahvenanmaa) Islands</option>
@@ -804,7 +804,7 @@ if (file_exists("data/avatar.txt")) {
if (file_exists("data/avatar.txt") and (file_exists("images/members/{$_SESSION['logged_in']}/avatar.gif") or file_exists("images/members/{$_SESSION['logged_in']}/avatar.jpg") or file_exists("images/members/{$_SESSION['logged_in']}/avatar.png"))) { ?>
<tr><td bgcolor="#ffffff"><p></p></td><td bgcolor="#ffffff" colspan="2"><p><input type="checkbox" name="del_avatar">delete existing avatar</p></td></tr>
<?php } if (file_exists("data/ml.txt") and !file_exists("data/members/active/{$_SESSION['logged_in']}/key.txt")) { ?>
-<tr><td bgcolor="#ffffff"><p></p></td><td bgcolor="#ffffff" colspan="2"><p><input type="checkbox" name="vacation" <?php if (file_exists("data/members/active/{$_SESSION['logged_in']}/vacation.txt")) { echo checked; } ?>>temporarily disable mailing list subscription</p></td></tr>
+<tr><td bgcolor="#ffffff"><p></p></td><td bgcolor="#ffffff" colspan="2"><p><input type="checkbox" name="vacation" <?php if (file_exists("data/members/active/{$_SESSION['logged_in']}/bb-vacation.txt")) { echo checked; } ?>>temporarily disable mailing list subscription</p></td></tr>
<?php } ?>
<?php if (!file_exists("data/members/active/{$_SESSION['logged_in']}/bday.txt")) { ?>
diff --git a/reset.php b/reset.php
index 3c247bc..834b189 100644
--- a/reset.php
+++ b/reset.php
@@ -94,10 +94,10 @@ a:active {
</style>
<form enctype="multipart/form-data" action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
-<input required autofocus autocomplete=off class=input type=text name=username>
-<input required autocomplete=off class=input type=email name=addr>
-<input required autocomplete=off class=input type=text name=bday>
-<input class=input type=submit value=reset>
+<input required autofocus autocomplete="off" class="input" type="text" name="username">
+<input required autocomplete="off" class="input" type="email" name="addr">
+<input required autocomplete="off" class="input" type="text" name="bday">
+<input class="input" type="submit" value="reset">
</form>
<?php
@@ -131,10 +131,9 @@ if (isset($_POST['username']) and !empty($_POST['username']) and isset($_POST['a
$fp_passwd_txt = fopen("data/members/active/$username/password.txt","w");
fwrite($fp_passwd_txt,$passwd);
fclose($fp_passwd_txt);
-
-
- if (file_exists("data/members/active/$username/resetx.txt")) {
- $resetx = file_get_contents("data/members/active/$username/resetx.txt");
+
+ if (file_exists("data/members/active/$username/bb-resetx.txt")) {
+ $resetx = file_get_contents("data/members/active/$username/bb-resetx.txt");
}
else {
$resetx = 0;
@@ -142,12 +141,12 @@ if (isset($_POST['username']) and !empty($_POST['username']) and isset($_POST['a
$resetx = $resetx + 1;
- $fp_resetx_txt = fopen("data/members/active/$username/resetx.txt","w");
+ $fp_resetx_txt = fopen("data/members/active/$username/bb-resetx.txt","w");
fwrite($fp_resetx_txt,$resetx);
fclose($fp_resetx_txt);
$resetl = date("Ymd", time() + $offset);
- $fp_resetl_txt = fopen("data/members/active/$username/resetl.txt","w");
+ $fp_resetl_txt = fopen("data/members/active/$username/bb-resetl.txt","w");
fwrite($fp_resetl_txt,$resetl);
fclose($fp_resetl_txt);
@@ -184,6 +183,10 @@ if (isset($_POST['username']) and !empty($_POST['username']) and isset($_POST['a
"Reply-To: $from_email\r\n" .
"X-Mailer: $mailer");
+ if (file_exists("data/members/active/$username/bb-lockout.txt")) {
+ unlink("data/members/active/$username/bb-lockout.txt");
+ }
+
echo "<p><font style=\"font-size: 12px;\"><b>Password Reset</b></font></p><p>Check your ";
readfile("data/members/active/$username/email.txt");
echo " account for your new password.";
diff --git a/settings.php b/settings.php
index d1cb5c7..93ef550 100644
--- a/settings.php
+++ b/settings.php
@@ -701,6 +701,21 @@ if (!isset($_POST['bb_idle']) or empty($_POST['bb_idle']) or !is_numeric($_POST[
}
}
+if (isset($_POST['bb_invalid']) and !empty($_POST['bb_invalid']) and is_numeric($_POST['bb_invalid']) and ($_POST['bb_invalid'] > 0) and (file_get_contents("data/bb-invalid.txt") != $_POST['bb_invalid'])) {
+ $bb_invalid_write_content = number_format($_POST['bb_invalid'],0,'.','');
+ $fp_bb_invalid_txt = fopen("data/bb-invalid.txt","w");
+ fwrite($fp_bb_invalid_txt,$bb_invalid_write_content);
+ fclose($fp_bb_invalid_txt);
+}
+
+if (!isset($_POST['bb_invalid']) or empty($_POST['bb_invalid']) or !is_numeric($_POST['bb_invalid']) or ($_POST['bb_invalid'] <= 0)) {
+ if (isset($_POST['edit']) and ($_POST['edit'] == "on")) {
+ if (file_exists("data/bb-invalid.txt")) {
+ unlink("data/bb-invalid.txt");
+ }
+ }
+}
+
if (isset($_POST['bb_reserved']) and !empty($_POST['bb_reserved']) and (file_get_contents("data/bb-reserved.txt") != $_POST['bb_reserved'])) {
$bb_reserved_write_content = strtolower($_POST['bb_reserved']);
$bb_reserved_write_content = trim($bb_reserved_write_content);
@@ -1529,6 +1544,13 @@ if (file_exists("data/bb-idle.txt")) {
}
?>></td></tr>
+<tr><td>maximum invalid logins</td><td><input class="input" autocomplete="off" type="text" name="bb_invalid" <?php
+if (file_exists("data/bb-invalid.txt")) {
+ echo "value=";
+ readfile("data/bb-invalid.txt");
+}
+?>></td></tr>
+
<tr><td>reserved usernames</td><td><textarea class="input" name="bb_reserved"><?php if (file_exists("data/bb-reserved.txt")) { readfile("data/bb-reserved.txt"); } ?></textarea></td></tr>
<tr><td>banned email addresses</td><td><textarea class="input" name="bb_banned"><?php if (file_exists("data/bb-banned.txt")) { readfile("data/bb-banned.txt"); } ?></textarea></td></tr>
diff --git a/wiki.php b/wiki.php
index 6eb0369..63c4056 100644
--- a/wiki.php
+++ b/wiki.php
@@ -21,7 +21,7 @@
exit();
}
$do = 0;
- if (file_exists("data/members/active/{$_SESSION['logged_in']}/rw.txt") and file_exists("data/wiki.txt") and (file_exists("data/items/{$_REQUEST['entry']}/edit.txt") or (file_get_contents("data/items/{$_REQUEST['entry']}/author.txt") == $_SESSION['logged_in'])))
+ if (file_exists("data/members/active/{$_SESSION['logged_in']}/bb-rw.txt") and file_exists("data/wiki.txt") and (file_exists("data/items/{$_REQUEST['entry']}/edit.txt") or (file_get_contents("data/items/{$_REQUEST['entry']}/author.txt") == $_SESSION['logged_in'])))
{
$do = 1;
}
tree 3e012ffca37ae2228be28c1eddc978b2c642c09a
parent 0bc3d939315bf889dd6cf2f96feb1202577924e2
author Engels Antonio <engels@majcms.org> 1307319787 +0800
committer Engels Antonio <engels@majcms.org> 1307319787 +0800
Add member auto-lockout after multiple failed logins
diff --git a/add.php b/add.php
index fa4ba7a..f20abfe 100644
--- a/add.php
+++ b/add.php
@@ -28,7 +28,7 @@
}
}
- if ((file_exists("data/members/active/{$_SESSION['logged_in']}/rw.txt") or file_exists("data/members/active/{$_SESSION['logged_in']}/category.txt")) and file_exists("data/bb.txt") and !file_exists("data/noadd.txt")) {
+ if ((file_exists("data/members/active/{$_SESSION['logged_in']}/bb-rw.txt") or file_exists("data/members/active/{$_SESSION['logged_in']}/category.txt")) and file_exists("data/bb.txt") and !file_exists("data/noadd.txt")) {
$login_username = $_SESSION['logged_in'];
}
}
@@ -672,7 +672,7 @@ a:active {
}
if ($_SESSION['logged_in'] != file_get_contents("data/username.txt")) {
- if (file_exists("data/members/active/{$_SESSION['logged_in']}/rw.txt") and file_exists("data/bb.txt")) {
+ if (file_exists("data/members/active/{$_SESSION['logged_in']}/bb-rw.txt") and file_exists("data/bb.txt")) {
$ml_from_firstname = file_get_contents("data/members/active/{$_SESSION['logged_in']}/firstname.txt");
$ml_from_lastname = file_get_contents("data/members/active/{$_SESSION['logged_in']}/lastname.txt");
@@ -731,11 +731,12 @@ a:active {
if ($dh_ml_member = opendir("data/members/active")) {
while (($ml_member = readdir($dh_ml_member)) !== false) {
if ($ml_member != "." && $ml_member != ".." && fnmatch("*", $ml_member)) {
- if (file_exists("data/members/active/$ml_member/noml.txt")) {
+
+ if (file_exists("data/members/active/$ml_member/bb-noml.txt")) {
continue;
}
- if (file_exists("data/members/active/$ml_member/vacation.txt")) {
+ if (file_exists("data/members/active/$ml_member/bb-vacation.txt")) {
continue;
}
diff --git a/edit.php b/edit.php
index 5bae69a..3b8c413 100644
--- a/edit.php
+++ b/edit.php
@@ -31,7 +31,7 @@
$do = 0;
- if (file_exists("data/members/active/{$_SESSION['logged_in']}/rw.txt") and file_exists("data/wiki.txt") and (file_exists("data/items/{$_REQUEST['entry']}/edit.txt") or (file_get_contents("data/items/{$_REQUEST['entry']}/author.txt") == $_SESSION['logged_in']))) {
+ if (file_exists("data/members/active/{$_SESSION['logged_in']}/bb-rw.txt") and file_exists("data/wiki.txt") and (file_exists("data/items/{$_REQUEST['entry']}/edit.txt") or (file_get_contents("data/items/{$_REQUEST['entry']}/author.txt") == $_SESSION['logged_in']))) {
$do = 1;
}
@@ -448,7 +448,7 @@ a:active {
<p><table border="0" cellspacing="2" cellpadding="0" bgcolor="#ffffff">
<?php
- if (($_SESSION['logged_in'] == $login_username) or (file_exists("data/members/active/{$_SESSION['logged_in']}/ul.txt") and file_exists("data/members/active/{$_SESSION['logged_in']}/rw.txt"))) {
+ if (($_SESSION['logged_in'] == $login_username) or (file_exists("data/members/active/{$_SESSION['logged_in']}/bb-ul.txt") and file_exists("data/members/active/{$_SESSION['logged_in']}/bb-rw.txt"))) {
?>
<input type="hidden" name="max_file_size" value="<?php
diff --git a/index.php b/index.php
index 132c047..c6ca03b 100644
--- a/index.php
+++ b/index.php
@@ -285,7 +285,7 @@ if (isset($maj_req_entry) and !empty($maj_req_entry) and isset($_REQUEST['commen
if ($maj_unread_active_member != "." && $maj_unread_active_member != "..") {
- if ((!file_exists("data/members/active/$maj_unread_active_member/vacation.txt") and !file_exists("data/items/$maj_req_entry/members")) or (!file_exists("data/members/active/$maj_unread_active_member/vacation.txt") and file_exists("data/items/$maj_req_entry/members") and file_exists("data/items/$maj_req_entry/members/$maj_unread_active_member"))) {
+ if ((!file_exists("data/members/active/$maj_unread_active_member/bb-vacation.txt") and !file_exists("data/items/$maj_req_entry/members")) or (!file_exists("data/members/active/$maj_unread_active_member/bb-vacation.txt") and file_exists("data/items/$maj_req_entry/members") and file_exists("data/items/$maj_req_entry/members/$maj_unread_active_member"))) {
if (!file_exists("data/members/active/$maj_unread_active_member/comments")) {
mkdir("data/members/active/$maj_unread_active_member/comments");
@@ -413,11 +413,11 @@ if (isset($maj_req_entry) and !empty($maj_req_entry) and isset($_REQUEST['commen
while (($maj_ml_member = readdir($maj_dh_ml_member)) !== false) {
if ($maj_ml_member != "." && $maj_ml_member != "..") {
- if (file_exists("data/members/active/$maj_ml_member/noml.txt")) {
+ if (file_exists("data/members/active/$maj_ml_member/bb-noml.txt")) {
continue;
}
- if (file_exists("data/members/active/$maj_ml_member/vacation.txt")) {
+ if (file_exists("data/members/active/$maj_ml_member/bb-vacation.txt")) {
continue;
}
@@ -926,7 +926,7 @@ elseif (isset($_SESSION['logged_in']) and ($_SESSION['logged_in'] != $maj_login_
}
}
- if (!file_exists("data/noadd.txt") and (file_exists("data/members/active/{$_SESSION['logged_in']}/rw.txt") or file_exists("data/members/active/{$_SESSION['logged_in']}/categories/$maj_req_category"))) {
+ if (!file_exists("data/noadd.txt") and (file_exists("data/members/active/{$_SESSION['logged_in']}/bb-rw.txt") or file_exists("data/members/active/{$_SESSION['logged_in']}/categories/$maj_req_category"))) {
echo '<a class="navlink" href="add.php">Add Entry</a><br>';
}
@@ -2054,7 +2054,7 @@ foreach ($maj_disp as $maj_d) {
readfile("data/items/$maj_d/title.txt");
- if (isset($_SESSION['logged_in']) and ($_SESSION['logged_in'] != $maj_login_username) and file_exists("data/members/active/{$_SESSION['logged_in']}") and file_exists("data/wiki.txt") and (file_exists("data/items/$maj_d/edit.txt") or (file_get_contents("data/items/$maj_d/author.txt") == $_SESSION['logged_in'])) and file_exists("data/members/active/{$_SESSION['logged_in']}/rw.txt") and !file_exists("data/items/$maj_d/passwd.txt") and !file_exists("data/items/$maj_d/lock.txt")) {
+ if (isset($_SESSION['logged_in']) and ($_SESSION['logged_in'] != $maj_login_username) and file_exists("data/members/active/{$_SESSION['logged_in']}") and file_exists("data/wiki.txt") and (file_exists("data/items/$maj_d/edit.txt") or (file_get_contents("data/items/$maj_d/author.txt") == $_SESSION['logged_in'])) and file_exists("data/members/active/{$_SESSION['logged_in']}/bb-rw.txt") and !file_exists("data/items/$maj_d/passwd.txt") and !file_exists("data/items/$maj_d/lock.txt")) {
if (file_exists("data/items/$maj_d/wiki/delta") and (count(glob("data/items/$maj_d/wiki/delta/*")) > 0)) {
echo "<a href=\"wiki.php?entry=$maj_d\">";
diff --git a/login.php b/login.php
index d93e0d3..79ac5e8 100644
--- a/login.php
+++ b/login.php
@@ -105,11 +105,34 @@ a:active {
$err_username = "0";
}
else {
- if (file_exists("data/members/active/$put_username") and file_exists("data/bb.txt") and !file_exists("data/members/active/$put_username/lockout.txt")) {
+ if (file_exists("data/members/active/$put_username") and file_exists("data/bb.txt") and !file_exists("data/members/active/$put_username/bb-lockout.txt")) {
+
$get_password = file_get_contents("data/members/active/$put_username/password.txt");
$last_login = "data/members/active/$put_username/bb-last.txt";
$logins = "data/members/active/$put_username/bb-logins.txt";
$err_username = "0";
+
+ if (($get_password != $put_password) and (file_exists("data/bb-invalid.txt"))) {
+
+ $max_invalid = file_get_contents("data/bb-invalid.txt");
+
+ if (file_exists("data/members/active/$put_username/bb-invalid.txt")) {
+ $count_invalid = file_get_contents("data/members/active/$put_username/bb-invalid.txt");
+ }
+ else {
+ $count_invalid = "0";
+ }
+
+ $count_invalid = $count_invalid + 1;
+
+ $fp_invalid_txt = fopen("data/members/active/$put_username/bb-invalid.txt", "w");
+ fwrite($fp_invalid_txt, $count_invalid);
+ fclose($fp_invalid_txt);
+
+ if ($count_invalid >= $max_invalid) {
+ touch("data/members/active/$put_username/bb-lockout.txt");
+ }
+ }
}
}
diff --git a/member.php b/member.php
index 7c1be00..96b11a9 100644
--- a/member.php
+++ b/member.php
@@ -173,55 +173,55 @@ if ($id == "all") {
if (isset($_POST['edit']) and !empty($_POST['edit']) and ($_POST['edit'] == "on") and isset($_POST['username']) and !empty($_POST['username']) and file_exists("data/members/active/{$_POST['username']}") and isset($_SESSION['logged_in']) and !empty($_SESSION['logged_in']) and ($_SESSION['logged_in'] == file_get_contents("data/username.txt"))) {
- if (isset($_POST['rw']) and !empty($_POST['rw']) and ($_POST['rw'] == "on") and !file_exists("data/members/active/{$_POST['username']}/rw.txt")) {
- touch("data/members/active/{$_POST['username']}/rw.txt");
+ if (isset($_POST['rw']) and !empty($_POST['rw']) and ($_POST['rw'] == "on") and !file_exists("data/members/active/{$_POST['username']}/bb-rw.txt")) {
+ touch("data/members/active/{$_POST['username']}/bb-rw.txt");
}
- if ((!isset($_POST['rw']) or empty($_POST['rw'])) and file_exists("data/members/active/{$_POST['username']}/rw.txt")) {
- unlink("data/members/active/{$_POST['username']}/rw.txt");
+ if ((!isset($_POST['rw']) or empty($_POST['rw'])) and file_exists("data/members/active/{$_POST['username']}/bb-rw.txt")) {
+ unlink("data/members/active/{$_POST['username']}/bb-rw.txt");
}
- if (isset($_POST['ul']) and !empty($_POST['ul']) and ($_POST['ul'] == "on") and !file_exists("data/members/active/{$_POST['username']}/ul.txt")) {
- touch("data/members/active/{$_POST['username']}/ul.txt");
+ if (isset($_POST['ul']) and !empty($_POST['ul']) and ($_POST['ul'] == "on") and !file_exists("data/members/active/{$_POST['username']}/bb-ul.txt")) {
+ touch("data/members/active/{$_POST['username']}/bb-ul.txt");
}
- if ((!isset($_POST['ul']) or empty($_POST['ul'])) and file_exists("data/members/active/{$_POST['username']}/ul.txt")) {
- unlink("data/members/active/{$_POST['username']}/ul.txt");
+ if ((!isset($_POST['ul']) or empty($_POST['ul'])) and file_exists("data/members/active/{$_POST['username']}/bb-ul.txt")) {
+ unlink("data/members/active/{$_POST['username']}/bb-ul.txt");
}
- if (isset($_POST['noml']) and !empty($_POST['noml']) and ($_POST['noml'] == "on") and !file_exists("data/members/active/{$_POST['username']}/noml.txt")) {
- touch("data/members/active/{$_POST['username']}/noml.txt");
+ if (isset($_POST['noml']) and !empty($_POST['noml']) and ($_POST['noml'] == "on") and !file_exists("data/members/active/{$_POST['username']}/bb-noml.txt")) {
+ touch("data/members/active/{$_POST['username']}/bb-noml.txt");
}
- if ((!isset($_POST['noml']) or empty($_POST['noml'])) and file_exists("data/members/active/{$_POST['username']}/noml.txt")) {
- unlink("data/members/active/{$_POST['username']}/noml.txt");
+ if ((!isset($_POST['noml']) or empty($_POST['noml'])) and file_exists("data/members/active/{$_POST['username']}/bb-noml.txt")) {
+ unlink("data/members/active/{$_POST['username']}/bb-noml.txt");
}
if (isset($_POST['lockout']) and !empty($_POST['lockout']) and ($_POST['lockout'] == "on")) {
- if (!file_exists("data/members/active/{$_POST['username']}/lockout.txt")) {
- touch("data/members/active/{$_POST['username']}/lockout.txt");
+ if (!file_exists("data/members/active/{$_POST['username']}/bb-lockout.txt")) {
+ touch("data/members/active/{$_POST['username']}/bb-lockout.txt");
}
- if (file_exists("data/members/active/{$_POST['username']}/noml.txt")) {
- touch("data/members/active/{$_POST['username']}/noml2.txt");
+ if (file_exists("data/members/active/{$_POST['username']}/bb-noml.txt")) {
+ touch("data/members/active/{$_POST['username']}/bb-noml2.txt");
}
- if (!file_exists("data/members/active/{$_POST['username']}/noml.txt")) {
- touch("data/members/active/{$_POST['username']}/noml.txt");
+ if (!file_exists("data/members/active/{$_POST['username']}/bb-noml.txt")) {
+ touch("data/members/active/{$_POST['username']}/bb-noml.txt");
}
}
- if ((!isset($_POST['lockout']) or empty($_POST['lockout'])) and file_exists("data/members/active/{$_POST['username']}/lockout.txt")) {
+ if ((!isset($_POST['lockout']) or empty($_POST['lockout'])) and file_exists("data/members/active/{$_POST['username']}/bb-lockout.txt")) {
- unlink("data/members/active/{$_POST['username']}/lockout.txt");
+ unlink("data/members/active/{$_POST['username']}/bb-lockout.txt");
- if (file_exists("data/members/active/{$_POST['username']}/noml.txt")) {
- unlink("data/members/active/{$_POST['username']}/noml.txt");
+ if (file_exists("data/members/active/{$_POST['username']}/bb-noml.txt")) {
+ unlink("data/members/active/{$_POST['username']}/bb-noml.txt");
}
- if (file_exists("data/members/active/{$_POST['username']}/noml2.txt")) {
- rename("data/members/active/{$_POST['username']}/noml2.txt","data/members/active/{$_POST['username']}/noml.txt");
+ if (file_exists("data/members/active/{$_POST['username']}/bb-noml2.txt")) {
+ rename("data/members/active/{$_POST['username']}/bb-noml2.txt","data/members/active/{$_POST['username']}/bb-noml.txt");
}
}
@@ -247,8 +247,8 @@ if ($id == "all") {
unlink("data/members/active/{$_POST['username']}/category.txt");
}
- if (file_exists("data/members/active/{$_POST['username']}/ul.txt") and !file_exists("data/members/active/{$_POST['username']}/rw.txt") and !file_exists("data/members/active/{$_POST['username']}/category.txt")) {
- unlink("data/members/active/{$_POST['username']}/ul.txt");
+ if (file_exists("data/members/active/{$_POST['username']}/bb-ul.txt") and !file_exists("data/members/active/{$_POST['username']}/bb-rw.txt") and !file_exists("data/members/active/{$_POST['username']}/category.txt")) {
+ unlink("data/members/active/{$_POST['username']}/bb-ul.txt");
}
if (isset($_POST['del']) and !empty($_POST['del']) and ($_POST['del'] == "on")) {
@@ -299,6 +299,31 @@ if (file_exists("data/members/active")) {
foreach ($show_member_list as $member_list_entry) {
+ /* remove the lines below in version 3.0 */
+ if (file_exists("data/members/active/$member_list_entry/rw.txt")) {
+ rename("data/members/active/$member_list_entry/rw.txt","data/members/active/$member_list_entry/bb-rw.txt");
+ }
+ if (file_exists("data/members/active/$member_list_entry/vacation.txt")) {
+ rename("data/members/active/$member_list_entry/vacation.txt","data/members/active/$member_list_entry/bb-vacation.txt");
+ }
+ if (file_exists("data/members/active/$member_list_entry/ul.txt")) {
+ rename("data/members/active/$member_list_entry/ul.txt","data/members/active/$member_list_entry/bb-ul.txt");
+ }
+ if (file_exists("data/members/active/$member_list_entry/noml.txt")) {
+ rename("data/members/active/$member_list_entry/noml.txt","data/members/active/$member_list_entry/bb-noml.txt");
+ }
+ if (file_exists("data/members/active/$member_list_entry/noml2.txt")) {
+ rename("data/members/active/$member_list_entry/noml2.txt","data/members/active/$member_list_entry/bb-noml2.txt");
+ }
+
+ if (file_exists("data/members/active/$member_list_entry/resetx.txt")) {
+ rename("data/members/active/$member_list_entry/resetx.txt","data/members/active/$member_list_entry/bb-resetx.txt");
+ }
+ if (file_exists("data/members/active/$member_list_entry/resetl.txt")) {
+ rename("data/members/active/$member_list_entry/resetl.txt","data/members/active/$member_list_entry/bb-resetl.txt");
+ }
+ /* remove the lines above in version 3.0 */
+
echo "<tr><td bgcolor=#ffffff align=center>";
$sess_count = 0;
@@ -358,8 +383,8 @@ if (file_exists("data/members/active")) {
echo "<td bgcolor=#ffffff align=center><nobr><code>$member_since</code></nobr></td>";
}
- if ((file_get_contents("data/username.txt") == $member_list_entry) and file_exists("data/logins.txt")) {
- $logins = file_get_contents("data/logins.txt");
+ if ((file_get_contents("data/username.txt") == $member_list_entry) and file_exists("data/bb-logins.txt")) {
+ $logins = file_get_contents("data/bb-logins.txt");
echo "<td bgcolor=#ffffff align=right><code>$logins</code></td>";
}
elseif (file_exists("data/members/active/$member_list_entry") and file_exists("data/members/active/$member_list_entry/bb-logins.txt")) {
@@ -367,7 +392,7 @@ if (file_exists("data/members/active")) {
echo "<td bgcolor=#ffffff align=right><code>$logins</code></td>";
}
- if ((file_get_contents("data/username.txt") == $member_list_entry) and !file_exists("data/logins.txt")) {
+ if ((file_get_contents("data/username.txt") == $member_list_entry) and !file_exists("data/bb-logins.txt")) {
echo "<td bgcolor=#ffffff align=right><code>0</code></td>";
}
elseif (file_exists("data/members/active/$member_list_entry") and !file_exists("data/members/active/$member_list_entry/bb-logins.txt")) {
@@ -439,25 +464,25 @@ if (file_exists("data/members/active")) {
echo "<form action=member.php method=post><input type=hidden name=id value=all><input type=hidden name=edit value=on><input type=hidden name=username value=$member_list_entry>";
echo "<td bgcolor=#ffffff align=center><input type=checkbox name=rw";
- if (file_exists("data/members/active/$member_list_entry/rw.txt")) {
+ if (file_exists("data/members/active/$member_list_entry/bb-rw.txt")) {
echo " checked";
}
echo "></td><td bgcolor=#ffffff align=center><input type=checkbox name=ul";
- if (file_exists("data/members/active/$member_list_entry/ul.txt")) {
+ if (file_exists("data/members/active/$member_list_entry/bb-ul.txt")) {
echo " checked";
}
echo "></td><td bgcolor=#ffffff align=center><input type=checkbox name=noml";
- if (file_exists("data/members/active/$member_list_entry/noml.txt")) {
+ if (file_exists("data/members/active/$member_list_entry/bb-noml.txt")) {
echo " checked";
}
echo "></td><td bgcolor=#ffffff align=center><input type=checkbox name=lockout";
- if (file_exists("data/members/active/$member_list_entry/lockout.txt")) {
+ if (file_exists("data/members/active/$member_list_entry/bb-lockout.txt")) {
echo " checked";
}
@@ -804,8 +829,8 @@ elseif (file_exists("data/members/active/$id")) {
echo "<tr><td width=90>profile views</td><td><code>$views</code></td></tr>";
}
-if ((file_get_contents("data/username.txt") == $id) and file_exists("data/logins.txt")) {
- $logins = file_get_contents("data/logins.txt");
+if ((file_get_contents("data/username.txt") == $id) and file_exists("data/bb-logins.txt")) {
+ $logins = file_get_contents("data/bb-logins.txt");
echo "<tr><td width=90>total logins</td><td><code>$logins</code></td></tr>";
}
elseif (file_exists("data/members/active/$id") and file_exists("data/members/active/$id/bb-logins.txt")) {
@@ -892,7 +917,7 @@ if ($id == file_get_contents("data/username.txt")) {
if (($id != file_get_contents("data/username.txt")) and file_exists("data/members/active/$id")) {
- if (file_exists("data/members/active/$id/rw.txt")) {
+ if (file_exists("data/members/active/$id/bb-rw.txt")) {
echo "rw";
}
else {
@@ -902,7 +927,7 @@ if (($id != file_get_contents("data/username.txt")) and file_exists("data/member
if (($id != file_get_contents("data/username.txt")) and file_exists("data/members/active/$id")) {
- if (file_exists("data/members/active/$id/ul.txt")) {
+ if (file_exists("data/members/active/$id/bb-ul.txt")) {
echo " upload";
}
}
diff --git a/options.php b/options.php
index df913e8..81a81f5 100644
--- a/options.php
+++ b/options.php
@@ -108,7 +108,7 @@ if (isset($_REQUEST['username']) and !empty($_REQUEST['username']) and isset($_R
if (file_exists("data/members/active/$username") and ($_REQUEST['key'] == file_get_contents("data/members/active/$username/key.txt"))) {
unlink("data/members/active/$username/key.txt");
- unlink("data/members/active/$username/vacation.txt");
+ unlink("data/members/active/$username/bb-vacation.txt");
unlink("data/members/active/$username/email.txt");
rename("data/members/active/$username/new-email.txt","data/members/active/$username/email.txt");
echo "<p><font style=\"font-size: 12px;\"><b>Thanks!</b></font></p><p>You have successfully verified your new e-mail address.<br>Click <a href=index.php>here</a> to go to the index page.</p>";
@@ -319,20 +319,20 @@ $max_image_size = 1000000;
}
}
-if (isset($_POST['vacation']) and !empty($_POST['vacation']) and ($_POST['vacation'] == "on") and !file_exists("data/members/active/{$_SESSION['logged_in']}/vacation.txt")) {
- touch("data/members/active/{$_SESSION['logged_in']}/vacation.txt");
+if (isset($_POST['vacation']) and !empty($_POST['vacation']) and ($_POST['vacation'] == "on") and !file_exists("data/members/active/{$_SESSION['logged_in']}/bb-vacation.txt")) {
+ touch("data/members/active/{$_SESSION['logged_in']}/bb-vacation.txt");
}
if (!isset($_POST['vacation']) or empty($_POST['vacation'])) {
if (isset($_POST['edit']) and ($_POST['edit'] == "on")) {
- if (file_exists("data/members/active/{$_SESSION['logged_in']}/vacation.txt")) {
- unlink("data/members/active/{$_SESSION['logged_in']}/vacation.txt");
+ if (file_exists("data/members/active/{$_SESSION['logged_in']}/bb-vacation.txt")) {
+ unlink("data/members/active/{$_SESSION['logged_in']}/bb-vacation.txt");
}
}
}
-if (file_exists("data/members/active/{$_SESSION['logged_in']}/key.txt") and !file_exists("data/members/active/{$_SESSION['logged_in']}/vacation.txt")) {
- touch("data/members/active/{$_SESSION['logged_in']}/vacation.txt");
+if (file_exists("data/members/active/{$_SESSION['logged_in']}/key.txt") and !file_exists("data/members/active/{$_SESSION['logged_in']}/bb-vacation.txt")) {
+ touch("data/members/active/{$_SESSION['logged_in']}/bb-vacation.txt");
}
@@ -515,7 +515,7 @@ if (file_exists("data/members/active/{$_SESSION['logged_in']}/bb-last.txt")) {
<tr><td bgcolor="#ffffff"><p>country</p></td><td bgcolor="#ffffff" colspan="2">
-<select class="input" name="country">
+<select class="input" name="country" required>
<option<?php if (!file_exists("data/members/active/{$_SESSION['logged_in']}/country.txt")) { echo " selected"; } ?> value=""></option>
<option<?php if (file_get_contents("data/members/active/{$_SESSION['logged_in']}/country.txt") == "AF") { echo " selected"; } ?> value="AF">Afghanistan</option>
<option<?php if (file_get_contents("data/members/active/{$_SESSION['logged_in']}/country.txt") == "AX") { echo " selected"; } ?> value="AX">Aland (Ahvenanmaa) Islands</option>
@@ -804,7 +804,7 @@ if (file_exists("data/avatar.txt")) {
if (file_exists("data/avatar.txt") and (file_exists("images/members/{$_SESSION['logged_in']}/avatar.gif") or file_exists("images/members/{$_SESSION['logged_in']}/avatar.jpg") or file_exists("images/members/{$_SESSION['logged_in']}/avatar.png"))) { ?>
<tr><td bgcolor="#ffffff"><p></p></td><td bgcolor="#ffffff" colspan="2"><p><input type="checkbox" name="del_avatar">delete existing avatar</p></td></tr>
<?php } if (file_exists("data/ml.txt") and !file_exists("data/members/active/{$_SESSION['logged_in']}/key.txt")) { ?>
-<tr><td bgcolor="#ffffff"><p></p></td><td bgcolor="#ffffff" colspan="2"><p><input type="checkbox" name="vacation" <?php if (file_exists("data/members/active/{$_SESSION['logged_in']}/vacation.txt")) { echo checked; } ?>>temporarily disable mailing list subscription</p></td></tr>
+<tr><td bgcolor="#ffffff"><p></p></td><td bgcolor="#ffffff" colspan="2"><p><input type="checkbox" name="vacation" <?php if (file_exists("data/members/active/{$_SESSION['logged_in']}/bb-vacation.txt")) { echo checked; } ?>>temporarily disable mailing list subscription</p></td></tr>
<?php } ?>
<?php if (!file_exists("data/members/active/{$_SESSION['logged_in']}/bday.txt")) { ?>
diff --git a/reset.php b/reset.php
index 3c247bc..834b189 100644
--- a/reset.php
+++ b/reset.php
@@ -94,10 +94,10 @@ a:active {
</style>
<form enctype="multipart/form-data" action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
-<input required autofocus autocomplete=off class=input type=text name=username>
-<input required autocomplete=off class=input type=email name=addr>
-<input required autocomplete=off class=input type=text name=bday>
-<input class=input type=submit value=reset>
+<input required autofocus autocomplete="off" class="input" type="text" name="username">
+<input required autocomplete="off" class="input" type="email" name="addr">
+<input required autocomplete="off" class="input" type="text" name="bday">
+<input class="input" type="submit" value="reset">
</form>
<?php
@@ -131,10 +131,9 @@ if (isset($_POST['username']) and !empty($_POST['username']) and isset($_POST['a
$fp_passwd_txt = fopen("data/members/active/$username/password.txt","w");
fwrite($fp_passwd_txt,$passwd);
fclose($fp_passwd_txt);
-
-
- if (file_exists("data/members/active/$username/resetx.txt")) {
- $resetx = file_get_contents("data/members/active/$username/resetx.txt");
+
+ if (file_exists("data/members/active/$username/bb-resetx.txt")) {
+ $resetx = file_get_contents("data/members/active/$username/bb-resetx.txt");
}
else {
$resetx = 0;
@@ -142,12 +141,12 @@ if (isset($_POST['username']) and !empty($_POST['username']) and isset($_POST['a
$resetx = $resetx + 1;
- $fp_resetx_txt = fopen("data/members/active/$username/resetx.txt","w");
+ $fp_resetx_txt = fopen("data/members/active/$username/bb-resetx.txt","w");
fwrite($fp_resetx_txt,$resetx);
fclose($fp_resetx_txt);
$resetl = date("Ymd", time() + $offset);
- $fp_resetl_txt = fopen("data/members/active/$username/resetl.txt","w");
+ $fp_resetl_txt = fopen("data/members/active/$username/bb-resetl.txt","w");
fwrite($fp_resetl_txt,$resetl);
fclose($fp_resetl_txt);
@@ -184,6 +183,10 @@ if (isset($_POST['username']) and !empty($_POST['username']) and isset($_POST['a
"Reply-To: $from_email\r\n" .
"X-Mailer: $mailer");
+ if (file_exists("data/members/active/$username/bb-lockout.txt")) {
+ unlink("data/members/active/$username/bb-lockout.txt");
+ }
+
echo "<p><font style=\"font-size: 12px;\"><b>Password Reset</b></font></p><p>Check your ";
readfile("data/members/active/$username/email.txt");
echo " account for your new password.";
diff --git a/settings.php b/settings.php
index d1cb5c7..93ef550 100644
--- a/settings.php
+++ b/settings.php
@@ -701,6 +701,21 @@ if (!isset($_POST['bb_idle']) or empty($_POST['bb_idle']) or !is_numeric($_POST[
}
}
+if (isset($_POST['bb_invalid']) and !empty($_POST['bb_invalid']) and is_numeric($_POST['bb_invalid']) and ($_POST['bb_invalid'] > 0) and (file_get_contents("data/bb-invalid.txt") != $_POST['bb_invalid'])) {
+ $bb_invalid_write_content = number_format($_POST['bb_invalid'],0,'.','');
+ $fp_bb_invalid_txt = fopen("data/bb-invalid.txt","w");
+ fwrite($fp_bb_invalid_txt,$bb_invalid_write_content);
+ fclose($fp_bb_invalid_txt);
+}
+
+if (!isset($_POST['bb_invalid']) or empty($_POST['bb_invalid']) or !is_numeric($_POST['bb_invalid']) or ($_POST['bb_invalid'] <= 0)) {
+ if (isset($_POST['edit']) and ($_POST['edit'] == "on")) {
+ if (file_exists("data/bb-invalid.txt")) {
+ unlink("data/bb-invalid.txt");
+ }
+ }
+}
+
if (isset($_POST['bb_reserved']) and !empty($_POST['bb_reserved']) and (file_get_contents("data/bb-reserved.txt") != $_POST['bb_reserved'])) {
$bb_reserved_write_content = strtolower($_POST['bb_reserved']);
$bb_reserved_write_content = trim($bb_reserved_write_content);
@@ -1529,6 +1544,13 @@ if (file_exists("data/bb-idle.txt")) {
}
?>></td></tr>
+<tr><td>maximum invalid logins</td><td><input class="input" autocomplete="off" type="text" name="bb_invalid" <?php
+if (file_exists("data/bb-invalid.txt")) {
+ echo "value=";
+ readfile("data/bb-invalid.txt");
+}
+?>></td></tr>
+
<tr><td>reserved usernames</td><td><textarea class="input" name="bb_reserved"><?php if (file_exists("data/bb-reserved.txt")) { readfile("data/bb-reserved.txt"); } ?></textarea></td></tr>
<tr><td>banned email addresses</td><td><textarea class="input" name="bb_banned"><?php if (file_exists("data/bb-banned.txt")) { readfile("data/bb-banned.txt"); } ?></textarea></td></tr>
diff --git a/wiki.php b/wiki.php
index 6eb0369..63c4056 100644
--- a/wiki.php
+++ b/wiki.php
@@ -21,7 +21,7 @@
exit();
}
$do = 0;
- if (file_exists("data/members/active/{$_SESSION['logged_in']}/rw.txt") and file_exists("data/wiki.txt") and (file_exists("data/items/{$_REQUEST['entry']}/edit.txt") or (file_get_contents("data/items/{$_REQUEST['entry']}/author.txt") == $_SESSION['logged_in'])))
+ if (file_exists("data/members/active/{$_SESSION['logged_in']}/bb-rw.txt") and file_exists("data/wiki.txt") and (file_exists("data/items/{$_REQUEST['entry']}/edit.txt") or (file_get_contents("data/items/{$_REQUEST['entry']}/author.txt") == $_SESSION['logged_in'])))
{
$do = 1;
}