adminfuncs.inc at DDL CMS

<?php
	function loginpage($error)
	{
		global $admin_email;
		# Kill any security threats:
		#require(WWWROOT . 'killthreat.php');
		echo "<html>\n<head>\n<title>Authorized Access</title>\n";
		echo "</head>\n<body>\n";
		echo "<table style='width:100%;height:100%;'>\n<tr>\n<td valign='top' align='center'><br><br>\n";
		echo "<form action='" . $_SERVER['REQUEST_URI'] . "' method='post'>\n";
		echo "<table border='0' width='300' cellspacing='0' cellpadding='4'><tr>\n";
		$formtitle = 'Authorization';
		if($error)
		{
			if($error === TRUE)
			{
				$formtitle = 'Wrong credentials!';
			}
			elseif($error =='lock')
			{
				$formtitle = 'Admin panel is locked.';
				dbcom('UPDATE auth SET locked = 1;');
			}
			else
			{
				$formtitle = 'Admin panel is locked.';
			}
		}
		echo '<th colspan="2">' . $formtitle . "</th>\n";
		echo '</tr>' . "\n";
		if($error === TRUE)
		{
			dbcom("INSERT INTO admin_logins VALUES(NULL, '{$_SERVER['REMOTE_ADDR']}', NOW(), 0, 0);");
			$bannedIPquery = dbcom("SELECT id FROM admin_bannedips WHERE ip = '{$_SERVER['REMOTE_ADDR']}' LIMIT 1;");
			if(mysql_num_rows($bannedIPquery) != 1)
			{
				$failedIPsQuery = dbcom("SELECT id FROM admin_logins WHERE ip = '{$_SERVER['REMOTE_ADDR']}' AND loginType = 0 ORDER BY id;");
				if(mysql_num_rows($failedIPsQuery) >= 5)
				{
					while($failedIPsArray = mysql_fetch_assoc($failedIPsQuery))
					{
						$IDs[] = $failedIPsArray['id'];
					}
					$count = 1;
					for($i = 0; $i < count($IDs); $i++)
					{
						if($i > 0)
						{
							if($IDs[$i] - $IDs[$i - 1] == 1)
							{
								$count++;
							}
							else
							{
								$count = 1;
							}
						}
					}
					if($count >= 5)
					{
						banAdminIP($_SERVER['REMOTE_ADDR']);
					}
				}
			}
			$headers = "FROM: ".$admin_email."\n";
			$headers .= "X-Sender: ".$admin_email."\n";
			$headers .= "X-Mailer: DDLCMS.com DDL Warez Script\n";
			$headers .= "X-Priority: 1\n";
			$headers .= "Return-Path: ".$admin_email."\n";
			$message = 'On ' . date('Y-m-d H:i:s') . ', a user from ' . $_SERVER['REMOTE_ADDR'] . ' attempted to login and failed.';
			@mail($admin_email, 'DDL CMS failed Admin login', $message, $headers);
			echo '<tr>' . "\n";
			echo '<td colspan="2" align="right"><span style="color: #ff0000">Your IP address has been logged.</span></td>' . "\n";;
			echo '</tr>' . "\n";
		}
		elseif($error == 'locked' || $error == 'lock')
		{
			 dbcom("INSERT INTO admin_logins VALUES(NULL, '{$_SERVER['REMOTE_ADDR']}', NOW(), 2, 0);");
		}
		echo '<tr>' . "\n";
		echo "<td align='right'><p><b><label for='username'>Username: </label></b></p></td>\n";
		echo "<td><input type='text' name='username' id='username' size='30' style='width:120px'></td>\n";
		echo "</tr><tr>\n";
		echo "<td align='right'><p><b><label for='password'>Password: </label></b></p></td>\n";
		echo "<td><input type='password' name='password' id='password' size='30' style='width:120px'></td>\n";
		echo "</tr><tr>\n";
		echo "<td></td>\n";
		echo "<td><input type='submit' value='Login' name='login' style='width:120'></td></tr></table></form>\n";
		echo "</td>\n</tr>\n</table>\n</body>\n</html>";
		exit();
	}
?>