Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- if (isset($get['login'])) {
- session_start();
- $page = "login";
- $timepr = time();
- $id_url = filter($get['login']);
- if (isset($_SESSION['subid'])) {
- logout();
- }
- if ($data['doLogin']=='Login')
- {
- $email = $data['usr_email'];
- $pass = $data['password'];
- if (strpos($email,'@') === false) {
- $user_cond = "username='$email'";
- $result = mysql_query("SELECT `id`,`clientid`,`serverid`,`username`,`password`,`showftp` FROM subuser WHERE
- username='$email'
- ") or die (mysql_error());
- $num = mysql_num_rows($result);
- // Match row found with more than 1 results - the user is authenticated.
- if ( $num > 0 ) {
- list($subid,$clientid,$serverid,$username,$password,$showftp) = mysql_fetch_row($result);
- //check against salt
- if ($password === PwdHash($pass,substr($password,0,9))) {
- if(empty($err)){
- $clinetip = $_SERVER['REMOTE_ADDR'];
- $clienthost = gethostbyaddr($clinetip);
- $datum = date("d-m-y H:i:s",time());
- mysql_query("UPDATE subuser SET `lastlogin` = '$datum',`lastip` = '$clinetip' WHERE id='$subid'");
- // this sets session and logs user in
- session_start();
- mysql_query("INSERT INTO login_history (clientid,time,date,user) VALUES('$clientid','$timepr',now(),'$username')");
- // this sets variables in the session
- $_SESSION['subid']= $subid;
- $_SESSION['username'] = $username;
- $_SESSION['showftp'] = $showftp;
- $_SESSION['userlevel'] = "1";
- $_SESSION['HTTP_USER_AGENT'] = md5($_SERVER['HTTP_USER_AGENT'], $_SERVER['HTTP_HOST']);
- $_SESSION['LAST_ACTIVITY'] = time();
- header("Location: index.php?gamesrv=$serverid");
- }
- }
- else
- {
- //$msg = urlencode("Invalid Login. Please try again with correct user email and password. ");
- $err = $lang['login_err'];
- //header("Location: login.php?msg=$msg");
- }
- } else {
- $err = $lang['login_err'];
- }
- } else {
- $result = mysql_query("SELECT `clientid`,`md5_id`,`password`,`firstname`,`email`,`approved`,`userlevel` FROM users WHERE
- email='$email'
- AND `banned` = '0'
- ") or die (mysql_error());
- $num = mysql_num_rows($result);
- // Match row found with more than 1 results - the user is authenticated.
- if ( $num > 0 ) {
- list($id,$clientid,$password,$firstname,$sesemail,$approved,$userlevel) = mysql_fetch_row($result);
- if(!$approved) {
- //$msg = urlencode("Account not activated. Please check your email for activation code");
- $_SESSION['MSG'] = msg($lang['nije_aktiviran']);
- $err = 1;
- header("Location: index.php?login");
- exit();
- }
- //check against salt
- if ($password === PwdHash($pass,substr($password,0,9))) {
- if(empty($err)){
- $clinetip = $_SERVER['REMOTE_ADDR'];
- $clienthost = gethostbyaddr($clinetip);
- $datum = date("d-m-y H:i:s",time());
- mysql_query("UPDATE users SET `lastip` = '$clinetip',`lasthost` = '$clienthost',`lastlogin` = '$datum' WHERE md5_id='$clientid'");
- // this sets session and logs user in
- session_start();
- mysql_query("INSERT INTO login_history (clientid,time,date,user) VALUES('$id','$timepr',now(),'$sesemail')");
- // this sets variables in the session
- $_SESSION['clientid']= $clientid;
- $_SESSION['username'] = $firstname;
- $_SESSION['userlevel'] = $userlevel;
- $_SESSION['email'] = $sesemail;
- $_SESSION['HTTP_USER_AGENT'] = md5($_SERVER['HTTP_USER_AGENT'], $_SERVER['HTTP_HOST']);
- $_SESSION['LAST_ACTIVITY'] = time();
- //update the timestamp and key for cookie
- $stamp = time();
- $ckey = GenKey();
- mysql_query("update users set `ctime`='$stamp', `ckey` = '$ckey' where clientid='$clientid'") or die(mysql_error());
- //set a cookie
- if(isset($request['remember'])){
- setcookie("clientid", $_SESSION['clientid'], time()+60*60*24*COOKIE_TIME_OUT, "/");
- setcookie("user_key", sha1($ckey), time()+60*60*24*COOKIE_TIME_OUT, "/");
- setcookie("username",$_SESSION['username'], time()+60*60*24*COOKIE_TIME_OUT, "/");
- }
- if(empty($_SESSION['return'])) {
- header("Location: index.php?home"); }
- else {
- $returnpage = $_SESSION['return'];
- if($returnpage === "ordnerlist") {
- $_SESSION['completord'] = true;
- }
- header("Location: index.php?$returnpage");
- unset($_SESSION['return']);
- }
- }
- }
- else
- {
- //$msg = urlencode("Invalid Login. Please try again with correct user email and password. ");
- $err = $lang['login_err'];
- //header("Location: login.php?msg=$msg");
- }
- } else {
- $err = $lang['login_err'];
- }
- }
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement