### autor: Benjamin Wilfing ### email: benjamin.wilfing@selfhtml.org ### homepage: ### ### adapted for Jlog by Jeena Paradies ini_set("session.use_trans_sid", false); define("JLOG_ADMIN", true); define("JLOG_LOGIN", true); require_once('..'.DIRECTORY_SEPARATOR.'scripts'.DIRECTORY_SEPARATOR.'prepend.inc.php'); require(JLOG_BASEPATH.'admin'.DIRECTORY_SEPARATOR.'blog.func.php'); $false_password = ""; $get = strip($_GET); $post = strip($_POST); ### Plugin Hook $dispatch_login = $plugins->callHook('dispatchLogin', true); if ($_SERVER['REQUEST_METHOD'] == 'POST' AND $dispatch_login) { session_start(); $passwort = $post['password']; $url = !empty($post['url']) ? $post['url'] : ''; $hostname = $_SERVER['HTTP_HOST']; $path = dirname($_SERVER['SCRIPT_NAME']) . '/'; if (strpos($url, "\n") !== false or strpos($url, "\r") !== false) { die('Somebody tried to hack Jlog with Response-Splitting.'); } if (md5($passwort) == JLOG_ADMIN_PASSWORD) { $_SESSION['logged_in'] = true; session_regenerate_id(); // neue SID if ($_SERVER['SERVER_PROTOCOL'] == 'HTTP/1.1') { if (php_sapi_name() == 'cgi') header('Status: 303 See Other'); else header('HTTP/1.1 303 See Other'); } if ($path == $url) $url = $path . 'new.php'; if (!empty($url)) $path = $url; header('Location: ' . add_session_id_to_url("http://".$hostname.$path)); exit; } else { $false_password = "

".$l['admin']['login_false_pw']."

\n"; } } else { setcookie("cookieallowed", "true", time() + 180); } $c['meta']['title'] = $l['admin']['login_headline']; $c['main'] = '

'.$l['admin']['login_headline'].'

' . $false_password . '

'; ### Plugin Hook $c["main"] = $plugins->callHook('loginForm', $c["main"]); require_once(JLOG_BASEPATH.'scripts'.DIRECTORY_SEPARATOR.'do_template.php'); echo $body;