127 $ret = filter_var($ret, FILTER_SANITIZE_EMAIL); // Remove all characters except letters, digits and !#$%&'*+-/=?^_`{|}~@.[] $to_remove = array("!","#","$","%","&","'","*","+","-","/","=","?","^","`","{","|","}","~","@",".","[","]","_"); $ret = str_replace($to_remove, "", $ret); return $ret; } function regen_session_with_lvl($lvl,$valid,$user) { global $cname,$sname; if (!$valid) { session_name($sname); session_start(); $_SESSION['failedlogins']=0; } session_regenerate_id(true); $_SESSION['LvL'] = $lvl; $_SESSION['user'] = $user; $_SESSION['token'] = md5($_SERVER['HTTP_USER_AGENT'].'&*@#^!'.(time()+4879)); $_SESSION['timezone'] = 0; $dCTOKEN = md5($_SERVER['HTTP_USER_AGENT'].'*22kd01$!@'.$_SESSION['LvL'].$_SESSION['token'].'23%&*'.session_id()); setcookie($cname.'[one]',$dCTOKEN,0,'/'); setcookie($cname.'[two]',$lvl,0,'/'); } $validsession = false; $killoldsession = true; $ErrorMsgExists = false; $cname="BPSW_TOKEN"; $sname="BPSW_ID"; session_name($sname); session_start(); if ( isset($_COOKIE[$cname]) && isset($_COOKIE[$sname]) ) { $clean['ctoken'] = sanitize_B($_COOKIE[$cname]['one']); $clean['cLvL'] = sanitize_B($_COOKIE[$cname]['two']); if ( isset($_SESSION['token']) && isset($_SESSION['LvL']) ) { $validsession = true; $ttoken = md5($_SERVER['HTTP_USER_AGENT'].'*22kd01$!@'.$clean['cLvL'].$_SESSION['token'].'23%&*'.session_id()); if ( ($ttoken == $clean['ctoken'] ) && ($_SESSION['LvL'] == $clean['cLvL']) ) { // all ok, se pastreaza sesiunea // echo "si token-urile se potrivesc
"; $killoldsession= false; } else { // echo "si token-urile NU se potrivesc
"; // nu se potriveste token-ul! // posibil atac informatic!!!!!!!!!!!!1111one } } } if ( isset($_GET['logout']) && isset($_SESSION['LvL']) ) if (is_int($_SESSION['LvL'])) { if ($_SESSION['LvL'] > 0) $killoldsession = true; } else $killoldsession = true; if ( $killoldsession ) { setcookie($cname,'', time() - 42000); setcookie($sname,'', time() - 42000); session_destroy(); $_SESSION = array(); $validsession = false; } //$newAccountErrLevel = 0; if ( isset($_POST['Account']) && isset($_POST['Passwd']) && $validsession && isset($_SESSION['LvL']) && isset($_COOKIE[$cname]) && isset($_COOKIE[$sname])) { $clean['Passwd'] = sanitize_B($_POST['Passwd']); $clean['Account'] = sanitize_A($_POST['Account']); sleep(1); if (true) { if ($clean['Passwd']==md5('14f5b04ee7f7cd3d43c70bb5a8c0960e'.$clean['ctoken']) && strtoupper($clean['Account'])=='ADMIN') { regen_session_with_lvl(9,true,"** ADMIN **"); } if ($clean['Passwd']==md5('2da6fbd42365e53876dc579ce9a71753'.$clean['ctoken']) && strtoupper($clean['Account'])=='DEMO') { regen_session_with_lvl(1,true,"** DEMO **"); } } else { } } else { if (!$validsession) regen_session_with_lvl(0,false,"Guest"); } ?>