data_connect.php
File Type: php
File Location: monofiles/
File name: data_connect.php
<?php
// pano z - monocms.com - PHP powered login and user session script.
// #################################################################
session_name('MON');
session_start();
if (session_name() == 'MON')
if (!isset($_SESSION['username'])) {
// Failed login attempts before blocking a user
$block = 10;
// Minutes passed to unblock a user
$unblock = 15;
// Get user ip
$user = $_SERVER['REMOTE_ADDR'];
$ips = 'filesinfo/address.xml';
$address_info = simplexml_load_file($ips);
$block_message = '<span style="font-weight:bold; font-size:14px; font-family:arial">Access denied - Maximum failed attempts reached</span>';
$log_ip = new SimpleXMLElement('<?xml version="1.0" encoding="utf-8"?><ipinfo></ipinfo>');
$unbl = 0;
foreach($address_info as $ip_time_out) {
if (time() - $ip_time_out->on < 60 * $unblock) {
$bl = $log_ip->addChild('ip','');
$bl->addChild('addr',$ip_time_out->addr);
$bl->addChild('on',$ip_time_out->on);
$bl->addChild('attem',$ip_time_out->attem);
}
else
$unbl++;
}
if ($unbl == 0) {
$log_ip = $log_ip->asXML();
$log_ip = simplexml_load_string($log_ip);
}
else {
$log_ip->asXML($ips);
$log_ip = simplexml_load_file($ips);
}
foreach($log_ip as $blocked_ips) {
if ( ($blocked_ips->addr !== false) && ($blocked_ips->addr == $user) && ($blocked_ips->attem >= $block)) {
echo $block_message;
exit();
}
}
$monousers = new simpleXMLElement('filesinfo/log.xml',null,true);
$u = 0;
foreach($monousers->user as $usersinfo){
$username = $usersinfo->name;
$password = $usersinfo->pshs;
if ( (isset($_POST['password'])) && (password_verify($_POST['password'],$password)) && (isset($_POST['username'])) && ($username == $_POST['username']))
{
include 'set-cost.php';
if (password_needs_rehash($password, PASSWORD_DEFAULT, ["cost" => $cost])) {
$ph = password_hash($_POST['password'], PASSWORD_DEFAULT, ["cost" => $cost]);
$fileinfo = file_get_contents('filesinfo/log.xml');
$newinfo = str_replace($password,$ph,$fileinfo);
file_put_contents('filesinfo/log.xml',$newinfo);
}
# New session id
session_regenerate_id(true);
// Username
$_SESSION['username'] = $_POST['username'];
// Sort results in posts
$_SESSION['MONSORT'] = 'sortbytime';
// Timeout session. If the autologout plugin is installed and off, we don't set this at all.
$t = time();
if (!is_file('../plugins/autologout.txt'))
$_SESSION['MONtimeout'] = $t;
include 'log.php';
$_SESSION['userID'] = get_account($_POST['username'])['userID'];
$monousers->user[$u]->login = date('m/d/Y, H:i:s',$t);
$monousers->user[$u]->ip = $_SERVER['REMOTE_ADDR'];
$monousers->asXML('filesinfo/log.xml');
if (isset($loginpage))
header('Location: panel.php');
//no exit().
break;
}
$u++;
}
if ( (!isset($_GET['logout'])) && (isset($_POST['username'])) && (!isset($_SESSION['username'])) ) {
// This is a failed login attempt
$_SESSION['MONfailedlogin'] = true;
$log_ip = new SimpleXMLElement($ips,null,true);
$c = 0;
foreach($log_ip as $obj){
if ($obj->addr == $user) {
$attempts = $obj->attem;
$log_ip->ip[$c]->on = time();
$log_ip->ip[$c]->attem = $attempts + 1;
if ($attempts == $block) {
$log_ip->asXML($ips);
header('Location: login.php');
exit();
}
$final_ip = $log_ip->asXML($ips);
break;
}
$c++;
}
if(!isset($final_ip)){
$new = $log_ip->addChild('ip','');
$new->addChild('addr',$user);
$new->addChild('on',time());
$new->addChild('attem',1);
$log_ip->asXML($ips);
}
$t = time();
include 'log.php';
$td = date('m/d/Y, H:i:s',$t);
update_log('failed',$td);
header('Location:login.php');
exit();
}
if (!isset($loginpage))
exit('Please login to your account');
}
else
{
// include the plugin file to support plugins - 2.7
include 'plugin.php';
insert('autologout');
if (isset($loginpage))
header('Location: panel.php');
//no exit()
}
if (isset($_GET['logout'])) {
session_destroy();
header('Location: login.php?bye');
}
?>