is_valid)
{
$_SESSION['img_a_verified']=true;
}
else
{
$hesk_error_buffer['mysecnum']=$hesklang['recaptcha_error'];
}
}
// Using PHP generated image
else
{
$mysecnum = intval( hesk_POST('mysecnum', 0) );
if ( empty($mysecnum) )
{
$hesk_error_buffer['mysecnum'] = $hesklang['sec_miss'];
}
else
{
require(HESK_PATH . 'inc/secimg.inc.php');
$sc = new PJ_SecurityImage($hesk_settings['secimg_sum']);
if ( isset($_SESSION['checksum']) && $sc->checkCode($mysecnum, $_SESSION['checksum']) )
{
$_SESSION['img_a_verified'] = true;
}
else
{
$hesk_error_buffer['mysecnum'] = $hesklang['sec_wrng'];
}
}
}
}
/* Any missing fields? */
if (count($hesk_error_buffer)!=0)
{
$_SESSION['a_iserror'] = array_keys($hesk_error_buffer);
$tmp = '';
foreach ($hesk_error_buffer as $error)
{
$tmp .= "
$error\n";
}
$hesk_error_buffer = $tmp;
$hesk_error_buffer = $hesklang['pcer'].'
';
hesk_process_messages($hesk_error_buffer,'NOREDIRECT');
print_login();
exit();
}
elseif (isset($_SESSION['img_a_verified']))
{
unset($_SESSION['img_a_verified']);
}
/* User entered all required info, now lets limit brute force attempts */
hesk_limitBfAttempts();
$result = hesk_dbQuery("SELECT * FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."users` WHERE `user` = '".hesk_dbEscape($user)."' LIMIT 1");
if (hesk_dbNumRows($result) != 1)
{
hesk_session_stop();
$_SESSION['a_iserror'] = array('user','pass');
hesk_process_messages($hesklang['wrong_user'],'NOREDIRECT');
print_login();
exit();
}
$res=hesk_dbFetchAssoc($result);
foreach ($res as $k=>$v)
{
$_SESSION[$k]=$v;
}
/* Check password */
if (hesk_Pass2Hash($pass) != $_SESSION['pass'])
{
hesk_session_stop();
$_SESSION['a_iserror'] = array('pass');
hesk_process_messages($hesklang['wrong_pass'],'NOREDIRECT');
print_login();
exit();
}
$pass_enc = hesk_Pass2Hash($_SESSION['pass'].strtolower($user).$_SESSION['pass']);
/* Check if default password */
if ($_SESSION['pass'] == '499d74967b28a841c98bb4baaabaad699ff3c079')
{
hesk_process_messages($hesklang['chdp'],'NOREDIRECT','NOTICE');
}
unset($_SESSION['pass']);
/* Login successful, clean brute force attempts */
hesk_cleanBfAttempts();
/* Make sure our user is active */
if (!$_SESSION['active']) {
hesk_session_stop();
$_SESSION['a_iserror'] = array('active');
hesk_process_messages($hesklang['inactive_user'], 'NOREDIRECT');
print_login();
exit();
}
/* Regenerate session ID (security) */
hesk_session_regenerate_id();
/* Remember username? */
if ($hesk_settings['autologin'] && hesk_POST('remember_user') == 'AUTOLOGIN')
{
setcookie('hesk_username', "$user", strtotime('+1 year'));
setcookie('hesk_p', "$pass_enc", strtotime('+1 year'));
}
elseif ( hesk_POST('remember_user') == 'JUSTUSER')
{
setcookie('hesk_username', "$user", strtotime('+1 year'));
setcookie('hesk_p', '');
}
else
{
// Expire cookie if set otherwise
setcookie('hesk_username', '');
setcookie('hesk_p', '');
}
/* Close any old tickets here so Cron jobs aren't necessary */
if ($hesk_settings['autoclose'])
{
$revision = sprintf($hesklang['thist3'],hesk_date(),$hesklang['auto']);
hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` SET `status`='3', `history`=CONCAT(`history`,'".hesk_dbEscape($revision)."') WHERE `status` = '2' AND `lastchange` <= '".hesk_dbEscape( date('Y-m-d H:i:s',time() - $hesk_settings['autoclose']*86400) )."'");
}
/* Redirect to the destination page */
if ( hesk_isREQUEST('goto') )
{
$url = hesk_REQUEST('goto');
$url = str_replace('&','&',$url);
/* goto parameter can be set to the local domain only */
$myurl = parse_url($hesk_settings['hesk_url']);
$goto = parse_url($url);
if (isset($myurl['host']) && isset($goto['host']))
{
if ( str_replace('www.','',strtolower($myurl['host'])) != str_replace('www.','',strtolower($goto['host'])) )
{
$url = 'admin_main.php';
}
}
header('Location: '.$url);
}
else
{
header('Location: admin_main.php');
}
exit();
} // End do_login()
function print_login()
{
global $hesk_settings, $hesklang;
$hesk_settings['tmp_title'] = $hesk_settings['hesk_title'] . ' - ' .$hesklang['admin_login'];
require_once(HESK_PATH . 'inc/header.inc.php');
if ( hesk_isREQUEST('notice') )
{
hesk_process_messages($hesklang['session_expired'],'NOREDIRECT');
}
if (!isset($_SESSION['a_iserror']))
{
$_SESSION['a_iserror'] = array();
}
?>