File: /home/httpd/html/baretube.com.new/admin/login.php
<?php
$thispage = 'login';
require('db.php');
$date = date('Ymd');
@$string = file_get_contents($basepath . '/admin/logs/login' . $date . '.txt');
if ($string) {
$attempts = explode("\n", $string);
}
if (is_array($attempts)) {
foreach ($attempts as $i) {
$loginAttempts[ip2long($_SERVER['REMOTE_ADDR'])] ++;
}
}
if ($_POST['admin_username'] && $_POST['admin_password']) {
if (($_POST['admin_username'] == $admin_username && $_POST['admin_password'] == $admin_password) || count(dbQuery("SELECT record_num FROM users WHERE is_admin = 1 AND username = '" . mysqli_real_escape_string($dblink, $_POST['admin_username']) . "' AND password = MD5(CONCAT('" . mysqli_real_escape_string($dblink, $_POST['admin_password']) . "',salt))",false)) > 0) {
if ($_GET['referrer'] && stripos($_GET['referrer'],'http://') === false && stripos($_GET['referrer'],'https://') === false) {
$newLocation = $_GET['referrer'];
} else {
$newLocation = 'index.php';
}
if ($admin_ip_limitation) {
if (in_array($_SERVER['REMOTE_ADDR'], $admin_allowed_ips)) {
$_SESSION['isAdmin'] = true;
$_SESSION['ip'] = $_SERVER['REMOTE_ADDR'];
$_SESSION['_timestamp'] = time();
dbQuery("INSERT INTO user_logins SET time = NOW(), user = '" . mysqli_real_escape_string($dblink, $_POST['admin_username']) . "', ip = '$_SERVER[REMOTE_ADDR]', `status` = 'Admin Login Successful'");
header("Location: $newLocation");
exit();
} else {
file_put_contents($basepath . '/admin/logs/login' . $date . '.txt', "$_SERVER[REMOTE_ADDR]\n", FILE_APPEND);
dbQuery("INSERT INTO user_logins SET time = NOW(), user = '" . mysqli_real_escape_string($dblink, $_POST['admin_username']) . "', ip = '$_SERVER[REMOTE_ADDR]', `status` = 'Admin Login Failure - IP Not Whitelisted'");
header("Location: login.php?msg=Access_Denied");
exit();
}
} else {
$_SESSION['isAdmin'] = true;
$_SESSION['ip'] = $_SERVER['REMOTE_ADDR'];
$_SESSION['_timestamp'] = time();
dbQuery("INSERT INTO user_logins SET time = NOW(), user = '" . mysqli_real_escape_string($dblink, $_POST['admin_username']) . "', ip = '$_SERVER[REMOTE_ADDR]', `status` = 'Admin Login Successful'");
header("Location: $newLocation");
exit();
}
} else {
file_put_contents($basepath . '/admin/logs/login' . $date . '.txt', "$_SERVER[REMOTE_ADDR]\n", FILE_APPEND);
dbQuery("INSERT INTO user_logins SET time = NOW(), user = '" . mysqli_real_escape_string($dblink, $_POST['admin_username']) . "', ip = '$_SERVER[REMOTE_ADDR]', `status` = 'Admin Login Failure - Incorrect Password'");
header("Location: login.php?msg=Access_Denied");
exit();
}
}
if ($_GET['msg'] == 'IP_Restricted') {
$message = "Your IP has been restricted for 24 hours.";
$padding = "27px";
} elseif ($_GET['msg'] == 'IP_Restricted_All') {
$message = "A bruteforce attack has been detected on your admin area, and access has been disabled. Please contact support for instructions on how to re-enable your admin area.";
$padding = "0px";
} elseif ($_GET['msg'] == "Access_Denied") {
$message = "Login Failed. Incorrect username or password.";
$padding = "27px";
} else {
$padding = '66px';
}
?>
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width,initial-scale=1.0,minimum-scale=1.0,maximum-scale=1.0,user-scalable=no">
<meta name="apple-mobile-web-app-capable" content="yes" />
<meta name="apple-mobile-web-app-status-bar-style" content="black">
<title>Mechbunny Tube Admin Area</title>
<meta name="keywords" content="" />
<meta name="description" content="" />
<link rel="shortcut icon" href="<?php echo $basehttp; ?>/admin/public/favicon.ico" type="image/x-icon">
<link rel="stylesheet" href="http://fonts.googleapis.com/css?family=Open+Sans:300,400,600,700,800&subset=latin,latin-ext">
<link rel="stylesheet" href="<?php echo $basehttp; ?>/admin/public/css/app.css" media="all">
<!-- Media Queries support for IE6-8 -->
<!--[if lt IE 9]><script src="<?php echo $basehttp; ?>/admin/public/js/libs/respond.min.js"></script><![endif]-->
<!-- HTML5 element support for IE6-8 -->
<!--[if lt IE 9]><script src="//html5shiv.googlecode.com/svn/trunk/html5.js"></script><![endif]-->
<!--[if (gte IE 6)&(lte IE 8)]>
<script src="<?php echo $basehttp; ?>/admin/public/js/libs/selectivizr-min.js"></script>
<![endif]-->
</head>
<body class="login">
<div id="page" class="page-login">
<section class="login-content">
<form action="" method="POST" id="form-login">
<div class="inner">
<div class="left">
<a href="http://www.mechbunny.com"><img src="<?php echo $basehttp; ?>/admin/public/img/mb-logo-small.png" alt="" class="logo" /></a>
<h1>Admin Area</h1>
<strong>When using the admin area:</strong>
<ul>
<li>We recommend using Mozilla Firefox</li>
<li>Javascript must be turned on.</li>
<li>Cookies must be turned on.</li>
</ul>
</div>
<div class="right" style="padding-top:<?php echo $padding; ?>;">
<?php if ($message != "") { ?>
<div class="notification error"><?php echo $message; ?></div>
<?php } ?>
<input type="text" name="admin_username" placeholder="Username" required value='' />
<input type="password" name="admin_password" placeholder="Password" required value='' />
<input type="hidden" name="loginSubmit" value="1">
<button type="submit" class="btn btn-gray login">Login</button>
</div>
</div>
</form>
</section> <!-- // #content -->
<p class="copyright">© Copyright 2008-<?php echo date('Y'); ?> Mechanical Bunny Media. All right reserved.</p>
</div> <!-- // #page -->
<!-- jQuery -->
<script src="<?php echo $basehttp; ?>/admin/public/js/libs/jquery.js"></script>
<script src="<?php echo $basehttp; ?>/admin/public/js/libs/jquery.uniform.min.js"></script>
<script src="<?php echo $basehttp; ?>/admin/public/js/libs/jquery.colorbox-min.js"></script>
<script src="<?php echo $basehttp; ?>/admin/public/js/libs/jquery.mousewheel.min.js"></script>
<script src="<?php echo $basehttp; ?>/admin/public/js/libs/jquery.mCustomScrollbar.min.js"></script>
<!-- libs -->
<script src="<?php echo $basehttp; ?>/admin/public/js/libs/modernizr.custom.min.js"></script>
<!-- application -->
<script src="<?php echo $basehttp; ?>/admin/public/js/app/app.js"></script>
<script src="<?php echo $basehttp; ?>/admin/public/js/app/main.js"></script>
</body>
</html>