..cool, we will make a new module and not just some new module, nope let's make a fully automatic injection script! This tutorial is the first step into making this. Let's first explain..
<?php
/* Authentication checker */
if(!defined('IN_SCRIPT')){
exit;
}
if(!defined("PASS_WO_LOGIN")){
// make sure we have any sort of authentication setup
if(!@$_CONTEXT['pass_access']){
if(!@$_CONTEXT['ip_access']){
// as long as we don't have any type of authentication, redirect to setup
header("Location: setup.php");
exit;
}
}
// block unauthorized ip access
if(isset($_CONTEXT['ip_access']) && $_CONTEXT['ip_access']){
if(in_array($_SERVER['REMOTE_ADDR'],$_CONTEXT['ip_allowed'])){
$bLoggedTHC = true;
}
}
// block unauthorized access without a password specified
if(isset($_CONTEXT['pass_access']) && $_CONTEXT['pass_access']==true){
$sCookieName = "thcauth_".substr($_CONTEXT['pass_hash'],0,5);
if(!isset($_COOKIE[$sCookieName])){
header("Location: ".$_PATHS['root_http']."/login.php");
exit;
}
$bLoggedTHC = ($_COOKIE[$sCookieName]==$_CONTEXT['pass_hash'] ? true : false);
}
if(!$bLoggedTHC){
// redirect on login failure
header("Location: ".$_CONTEXT['redirect_fail_login']);
exit;
}
}
?>