Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- include("/Scripts/config.php");
- $user = mysql_real_escape_string(stripslashes($_POST["strUsername"]));
- $pass = md5(mysql_real_escape_string(stripslashes($_POST["strPassword"])));
- $error = 0;
- if ($_SERVER['HTTP_X_FORWARD_FOR']) {
- $ip = $_SERVER['HTTP_X_FORWARD_FOR'];
- } else {
- $ip = $_SERVER['REMOTE_ADDR'];
- }
- if (!preg_match('/^[a-z0-9\s_-]+$/i', $user) || ($user == "")) {
- $error = 1;
- echo "<login bSuccess='0' sMsg='Username must contain letters, spaces or numbers!'/>";
- }
- if (!preg_match('/^[a-z0-9]+$/i', $pass) || ($pass == "")) {
- $error = 1;
- echo "<login bSuccess='0' sMsg='Password must contain letters and numbers!'/>";
- }
- $getuservar = mysql_query("SELECT * FROM wqw_users WHERE username='$user' AND password='$pass' LIMIT 1")or die("Query failed with error: ".mysql_error());
- $num = mysql_num_rows($getuservar);
- $getuser = mysql_fetch_array($getuservar);
- $userid = $getuser['id'];
- if ($num == 0) {
- $error = 1;
- echo "<login bSuccess='0' sMsg='You have entered the wrong Username or Password,\n Please click Cancel and try again.'/>";
- } else if ($getuser['banned'] == 1) {
- $error = 1;
- echo "<login bSuccess='0' sMsg='Your user account is currently not activated/banned!'/>";
- }
- if ($error != 1) {
- session_start();
- $_SESSION['name'] = $user;
- $_SESSION['pass'] = $pass;
- if($getuser["admin"]==1){
- $_SESSION['adm'] = "true";
- }
- //Adds no class if user does not have a class...
- $getclass = mysql_query("SELECT * FROM wqw_items WHERE sES='ar' AND equipped=1 AND userid=$userid LIMIT 1")or die("Query failed with error: ".mysql_error());
- $classcheck = mysql_num_rows($getclass);
- if ($classcheck == 0) {
- $checkitem = mysql_query("SELECT itemid FROM wqw_items WHERE itemid=2506 AND userid=$userid LIMIT 1")or die("Query failed with error: ".mysql_error());
- $itemcheck = mysql_num_rows($checkitem);
- if($itemcheck==0){
- $addclass = mysql_query("INSERT INTO wqw_items (itemid, userid, equipped, sES, iLvl, classXP, className) VALUES ('2506', '$userid', '1', 'ar', '1', '0', 'No Class')") or die("Error adding class! contact PDL Staff immediately!" . mysql_error());
- $updateclass = mysql_query("UPDATE wqw_users SET currentClass=11 WHERE id=$userid");
- } else {
- $equipclass = mysql_query("UPDATE wqw_items SET equipped=1 WHERE itemid=2506 AND userid=$userid")or die("Query failed with error: ".mysql_error());
- $updateclass = mysql_query("UPDATE wqw_users SET currentClass=11 WHERE id=$userid");
- }
- }
- $setip = mysql_query("UPDATE wqw_users SET loginip='$ip' WHERE username='$user' AND password='$pass'");
- echo "<login bSuccess='1' iAccess='" . $getuser["access"] . "' iUpg='" . $getuser["upgrade"] . "' iAge='" . $getuser["age"] . "' sToken='" . $pass . "' dUpgExp='" . $getuser["upgrade"] . "' iUpgDays='" . $getuser["upgDays"] . "' iSendEmail='" . $getuser["emailActive"] . "' strEmail='" . $getuser["email"] . "' bCCOnly='0'>";
- $getchar = mysql_query("SELECT * FROM wqw_servers LIMIT 10")or die("Query failed with error: ".mysql_error());
- while ($char = mysql_fetch_array($getchar)) {
- echo "<servers sName='" . $char["name"] . "' sIP='" . $char["ip"] . "' iCount='" . $char["count"] . "' iMax='" . $char["max"] . "' bOnline='" . $char["online"] . "' bChat='" . $char["bchat"] . "' iChat='" . $char["ichat"] . "' bUpg='" . $char["upgrade"] . "'/>";
- }
- echo "</login>";
- }
- ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement