data_connect.php

File Type: php File Location: monofiles/ File name: data_connect.php
<?php 

// pano z - monocms.com - PHP powered login and user session script.
// #################################################################


session_name('MON');
session_start();
    
    if (
session_name() == 'MON')
        if (!isset(
$_SESSION['username'])) {

// Failed login attempts before blocking a user
$block 10;

// Minutes passed to unblock a user
$unblock 15;

// Get user ip
$user $_SERVER['REMOTE_ADDR'];


$ips 'filesinfo/address.xml';
$address_info simplexml_load_file($ips);


$block_message '<span style="font-weight:bold; font-size:14px; font-family:arial">Access denied - Maximum failed attempts reached</span>';


$log_ip = new SimpleXMLElement('<?xml version="1.0" encoding="utf-8"?><ipinfo></ipinfo>');


$unbl 0;

foreach(
$address_info as $ip_time_out) {
                
        if (
time() - $ip_time_out->on 60 $unblock) {
            
            
$bl $log_ip->addChild('ip','');
            
$bl->addChild('addr',$ip_time_out->addr);
            
$bl->addChild('on',$ip_time_out->on);
            
$bl->addChild('attem',$ip_time_out->attem);
        }
        
        else 
        
        
$unbl++;
}    


        if (
$unbl == 0) {
    
            
$log_ip $log_ip->asXML();
            
$log_ip simplexml_load_string($log_ip);
        
        }
        
        else {
        
        
$log_ip->asXML($ips);
        
$log_ip simplexml_load_file($ips);
        
        }
        
        
        
foreach(
$log_ip as $blocked_ips) {

    if ( (
$blocked_ips->addr !== false) && ($blocked_ips->addr == $user) && ($blocked_ips->attem >= $block)) {
    echo 
$block_message;
    exit();
    }

}
 
        
$monousers = new simpleXMLElement('filesinfo/log.xml',null,true);
    
        
$u 0;
        foreach(
$monousers->user as $usersinfo){


                
$username $usersinfo->name;
                
$password $usersinfo->pshs;


                if ( (isset(
$_POST['password'])) && (password_verify($_POST['password'],$password)) && (isset($_POST['username'])) && ($username == $_POST['username']))
        
                {
    
                    include 
'set-cost.php';
        
                    if (
password_needs_rehash($passwordPASSWORD_DEFAULT, ["cost" => $cost])) {


                        
$ph password_hash($_POST['password'], PASSWORD_DEFAULT, ["cost" => $cost]);

                        
$fileinfo file_get_contents('filesinfo/log.xml');
                        
$newinfo str_replace($password,$ph,$fileinfo);

                        
file_put_contents('filesinfo/log.xml',$newinfo);

                    }
                    
                    
// Username
                    
$_SESSION['username'] = $_POST['username'];
                    
                    
// Sort results in posts
                    
$_SESSION['MONSORT'] = 'sortbytime';

                    
                    
// Timeout session
                    
$t time();
                    
$_SESSION['MONtimeout'] = $t;


                    include 
'log.php';
                    
                    
                    
$_SESSION['userID'] = get_account($_POST['username'])['userID'];


                    
$monousers->user[$u]->login date('m/d/Y, H:i:s',$t);
                    
$monousers->user[$u]->ip $_SERVER['REMOTE_ADDR'];
                    
$monousers->asXML('filesinfo/log.xml');



                    if (isset(
$loginpage))

                        
header('Location: panel.php');
                        
//no exit().
                    
                    
break;
                }
                
$u++;
        }
        

    if ( (!isset(
$_GET['logout'])) && (isset($_POST['username'])) && (!isset($_SESSION['username'])) ) {

// This is a failed login attempt
$_SESSION['MONfailedlogin'] = true;

$log_ip = new SimpleXMLElement($ips,null,true);

$c 0;

foreach(
$log_ip as $obj){
        
        
        if (
$obj->addr == $user) {
            
            
            
$attempts $obj->attem;
            
$log_ip->ip[$c]->on time();
            
$log_ip->ip[$c]->attem $attempts 1;
            
            
            if (
$attempts == $block) {
                
$log_ip->asXML($ips);
                
header('Location: login.php');
                exit();
            }

            
$final_ip $log_ip->asXML($ips);
            
            break;
            
        
        }
        
        
$c++;    

        }

        
        if(!isset(
$final_ip)){
            
            
$new $log_ip->addChild('ip','');
            
$new->addChild('addr',$user);
            
$new->addChild('on',time());
            
$new->addChild('attem',1);

            
$log_ip->asXML($ips);
        }

            
            
$t time();
            
            include 
'log.php';
            
$td date('m/d/Y, H:i:s',$t);
            
update_log('failed',$td);
            
header('Location:login.php');
            exit();
        
        }
        
        
        if (!isset(
$loginpage)){

            print 
'<script type="text/javascript">top.window.location = "login.php";</script>';
            exit();
            }
}


    else
    

    {

    
// include the plugin file to support plugins - 2.7
    
include 'plugin.php';
    
insert('autologout');
    

    if (isset(
$loginpage))
    
        
header('Location: panel.php');
        
//no exit()
    
        
}

    if (isset(
$_GET['logout'])) {
        
        
session_destroy();
        
header('Location: login.php?bye');
    }

?>