| Server IP : 23.111.136.34 / Your IP : 216.73.216.136 Web Server : Apache System : Linux servidor.eurohost.com.br 3.10.0-1160.119.1.el7.x86_64 #1 SMP Tue Jun 4 14:43:51 UTC 2024 x86_64 User : meusitei ( 1072) PHP Version : 5.6.40 Disable Function : show_source, system, shell_exec, passthru, proc_open MySQL : ON | cURL : ON | WGET : ON | Perl : ON | Python : ON | Sudo : ON | Pkexec : ON Directory : /home/meusitei/www/controle/cms/ |
Upload File : |
<?
include "conectdb.php";
//if($_POST["salvarsenha"]){
/*setcookie("salvarsenha", "1", (time() + (365 * 24 * 3600)));
setcookie("login", $_POST['ver_login'], (time() + (365 * 24 * 3600)));
setcookie("senha", $_POST['ver_senha'], (time() + (365 * 24 * 3600)));
}else{
setcookie("salvarsenha", "0", (time() + (-1)));
setcookie("login", $_POST['ver_login'], (time() + (-1)));
setcookie("senha", $_POST['ver_senha'], (time() + (-1)));
}*/
try {
$conn = new PDO("mysql:host=$pdo_hostname;dbname=$pdo_dbname", $pdo_username, $pdo_password,array(PDO::MYSQL_ATTR_INIT_COMMAND => "SET NAMES utf8"));
/*** echo a message saying we have connected ***/
}
catch(PDOException $e)
{
echo $e->getMessage();
}
if(($_POST['ver_login']) && ($_POST['ver_senha'])){
//$ver_login = filter_input(INPUT_POST, 'password', FILTER_SANITIZE_STRING, FILTER_FLAG_NO_ENCODE_QUOTES);
$sql = $conn->prepare("SELECT * FROM usuarios WHERE login = :login and senha = :senha");
$sql->bindValue(':login', $_POST['ver_login'], PDO::PARAM_INT);
$sql->bindValue(':senha', $_POST['ver_senha'], PDO::PARAM_INT);
$sql->execute() or die(print_r($sql->errorInfo()));
$linha = $sql->fetch(PDO::FETCH_ASSOC);
/*
$sql = mysql_query("SELECT * FROM usuarios WHERE login= '".anti_sql_injection($_POST['ver_login'])."' AND senha= '".anti_sql_injection($_POST['ver_senha'])."'");
$linha = mysql_fetch_array($sql);*/
if ( anti_sql_injection($_POST['ver_login']) == $linha['login'] and anti_sql_injection($_POST['ver_senha']) == $linha['senha'] and $linha['nivel'] != '2'){
session_start();
$id_user = $linha['id_session'];
$_SESSION['id_user'] = $linha['id_session'];
$nivel_user = $linha['nivel'];
$_SESSION['nivel_user'] = $linha['nivel'];
$ip = $_SERVER[REMOTE_ADDR];
$data = date('Y-m-d, H:i:s');
$result = $conn->prepare("SELECT * FROM sessao WHERE id_session=:id_session ORDER BY id_visita DESC LIMIT 1");
$result->bindValue(':id_session', $id_user, PDO::PARAM_INT);
$result->execute() or die(print_r($result->errorInfo()));
$row = $result->fetch(PDO::FETCH_BOTH);
/*$result = mysql_query("SELECT * FROM sessao WHERE id_session='$id_user' ORDER BY id_visita DESC LIMIT 1");
$row = mysql_fetch_row($result);*/
if ($row[1] != $id_user) {
$stmt = $conn->prepare('INSERT INTO sessao (id_session, ip, qtdevisita, ultimavisita ) VALUES(:id_session,:ip,:qtdevisita,:ultimavisita)');
$stmt->bindParam(':id_session', $id_user, PDO::PARAM_INT);
$stmt->bindParam(':ip', $ip, PDO::PARAM_STR);
$stmt->bindValue(':qtdevisita', 1, PDO::PARAM_INT);
$stmt->bindParam(':ultimavisita', $data, PDO::PARAM_STR);
$consultou = $stmt->execute() or die(print_r($stmt->errorInfo()));
// mysql_query("INSERT INTO sessao (id_session, ip, qtdevisita, ultimavisita ) VALUES('$id_user','$ip','1','$data')");
}
else {
$cont = $row[3];
$contnew = $cont + 1;
$stmt = $conn->prepare('INSERT INTO sessao (id_session, ip, qtdevisita, ultimavisita ) VALUES(:id_session,:ip,:qtdevisita,:ultimavisita)');
$stmt->bindParam(':id_session', $id_user, PDO::PARAM_INT);
$stmt->bindParam(':ip', $ip, PDO::PARAM_STR);
$stmt->bindParam(':qtdevisita', $contnew, PDO::PARAM_INT);
$stmt->bindParam(':ultimavisita', $data, PDO::PARAM_STR);
$consultou = $stmt->execute() or die(print_r($stmt->errorInfo()));
//mysql_query("INSERT INTO sessao (id_session, ip, qtdevisita, ultimavisita ) VALUES('$id_user','$ip','$contnew','$data')");
}
$horaTrabalho = date("H:i:s", mktime(gmdate("H")-3, gmdate("i"), gmdate("s"), gmdate("m"), gmdate("d"), gmdate("Y")));
/* $sqlpermissoes = mysql_query("SELECT * FROM permissoes WHERE id_session='$id_user'");
$linhapermissoes= mysql_fetch_array($sqlpermissoes);*/
$sqlpermissoes = $conn->prepare("SELECT * FROM permissoes WHERE id_session = :id_session");
$sqlpermissoes->bindValue(':id_session', $id_user, PDO::PARAM_INT);
$sqlpermissoes->execute() or die(print_r($sqlpermissoes->errorInfo()));
$linhapermissoes = $sqlpermissoes->fetch(PDO::FETCH_ASSOC);
$_SESSION['semlimite']=$linhapermissoes['semlimite'];
if ($_SESSION['semlimite']){
log_usuario($_SERVER['REQUEST_URI'],$id_user,array('acao' => 'logar sistema'));
header("Location: contador/index.php");
}
else {
$dia_sem = date('w');
switch ($dia_sem) {
case 0: $dia_sem = "dom_"; break;
case 1: $dia_sem = "seg_"; break;
case 2: $dia_sem = "ter_"; break;
case 3: $dia_sem = "qua_"; break;
case 4: $dia_sem = "qui_"; break;
case 5: $dia_sem = "sex_"; break;
case 6: $dia_sem = "sab_"; break;
}
if($linhapermissoes[$dia_sem.'ac']) {
$erroHorarioBloqueio = "ok";
session_unset();
session_destroy();
}
else{
$_SESSION['horaini']=$linhapermissoes[$dia_sem.'hi'];
$horaini=$_SESSION['horaini'];
$_SESSION['horafim']=$linhapermissoes[$dia_sem.'hf'];
$horafim=$_SESSION['horafim'];
$horaEnt=strftime("%H:%M:%S", strtotime($horaini));
$horaSai=strftime("%H:%M:%S", strtotime($horafim));
$midnite=strftime("%H:%M:%S", strtotime("00:00"));
$sevenh=strftime("%H:%M:%S", strtotime("07:00"));
if ( (strtotime($horaSai)>=strtotime($midnite)) and (strtotime($horaSai)<=strtotime($sevenh)) ){
$hours_diff = strftime("%H:%M:%S", strtotime("24:00"));
$horaSai=strtotime($horaSai)+ strtotime($hours_diff);
}
else $horaSai=strtotime($horaSai);
if ((strtotime($horaTrabalho) < strtotime($horaEnt)) or (strtotime($horaTrabalho) > $horaSai)){
$erroHorario = "ok";
session_unset();
session_destroy();
}
else {
log_usuario($_SERVER['REQUEST_URI'],$id_user,array('acao' => 'logar sistema'));
header("Location: contador/index.php");
}
}
}
}
else
$erro = "ok";
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Área Administrativa</title>
<link rel="shortcut icon" href="favicon.ico" />
<link rel="icon" href="favicon.png" type="image/png" />
<link href="../cms/css/capa.css" rel="stylesheet" type="text/css" />
<link rel='stylesheet' id='prettyPhoto-css' href="../cms/css/keyboard.css" type='text/css' media='screen, projection' />
<script type="text/javascript" src="../cms/js/keyboard.js"></script>
</head>
<body onLoad="status='www.seusiteimobiliario.com.br'; form_login.campo_login.focus();">
<!--GERAL-->
<div id="geral">
<span class="h1">Login administrativo</span><br />
<div id="caixa">
<div id="box">
<span class="h2">Insira seu nome de usuário e senha
para logar no sistema.</span>
</div>
<form action="../cms/index.php" method="post" name="form_login">
<? if ($erro){?>
<div id="login-error-message">Dados incorretos - Acesso restrito</div>
<? }?>
<? if ($erroHorario){?>
<div id="login-error-message">Horário de acesso expirado</div>
<? }
if ($erroHorarioBloqueio){
$dia = date(w);
$diasDasemana = array (1 => "Segunda-Feira",2 => "Terça-Feira",3 => "Quarta-Feira",4 => "Quinta-Feira",5 => "Sexta-Feira",6 => "Sábado",0 => "Domingo");
?>
<div id="login-error-message"> <? echo $diasDasemana[$dia]?> - Acesso bloqueado</div>
<? }?>
<fieldset>
<div class="boxbusca">
<label>Login:</label><br />
<input name="ver_login" type="text" value="<?php if(isset($_COOKIE['login'])){ echo $_COOKIE['login']; }; ?>" class="form" id="campo_login" size="35" maxlength="20" autocomplete="on" />
</div>
<div class="boxbusca">
<label>Senha:</label><br />
<input name="ver_senha" type="password" value="<?php if(isset($_COOKIE['senha'])){ echo $_COOKIE['senha']; }; ?>" class="keyboardInput" id="campo_senha" size="29" maxlength="20" autocomplete="on" />
</div>
<?php /*?>
<div class="boxbusca">
<input name="salvarsenha" type="checkbox" id="salvarsenha" <?php if($_COOKIE['salvarsenha']=="1"){ echo "checked=\"checked\""; } ?> />
<label for="salvarsenha"></label>
Salvar Senha
</div>
<?php */?>
</fieldset>
<div id="enviar"><input name="bt_entrar" type="submit" value="Entrar" title="Entrar" alt="Entrar" />
</div>
</form>
<div id="box">
<span><a href="recuperar.php">Esqueceu a senha?</a></span><br />
<span class="h2">Seu IP atual é: </span><span class="h3"><?= $_SERVER['REMOTE_ADDR']; ?></span></div>
<div class="clear"></div>
</div>
</div>
<!--FIM GERAL-->
</body>
</html>