API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Oct 11th, 2016
126
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 4.54 KB | None | 0 0
raw download clone embed print report
  1. if (isset($get['login'])) {
  2. session_start();
  3. $page = "login";
  4. $timepr = time();
  5. $id_url = filter($get['login']);
  6. if (isset($_SESSION['subid'])) {
  7. logout();
  8. }
  9. if ($data['doLogin']=='Login')
  10. {
  11.  
  12. $email = $data['usr_email'];
  13. $pass = $data['password'];
  14.  
  15.  
  16. if (strpos($email,'@') === false) {
  17. $user_cond = "username='$email'";
  18. $result = mysql_query("SELECT `id`,`clientid`,`serverid`,`username`,`password`,`showftp` FROM subuser WHERE
  19. username='$email'
  20. ") or die (mysql_error());
  21. $num = mysql_num_rows($result);
  22.  
  23. // Match row found with more than 1 results - the user is authenticated.
  24. if ( $num > 0 ) {
  25.  
  26. list($subid,$clientid,$serverid,$username,$password,$showftp) = mysql_fetch_row($result);
  27.  
  28. //check against salt
  29. if ($password === PwdHash($pass,substr($password,0,9))) {
  30. if(empty($err)){
  31. $clinetip = $_SERVER['REMOTE_ADDR'];
  32. $clienthost = gethostbyaddr($clinetip);
  33. $datum = date("d-m-y H:i:s",time());
  34.  
  35. mysql_query("UPDATE subuser SET `lastlogin` = '$datum',`lastip` = '$clinetip' WHERE id='$subid'");
  36. // this sets session and logs user in
  37. session_start();
  38. mysql_query("INSERT INTO login_history (clientid,time,date,user) VALUES('$clientid','$timepr',now(),'$username')");
  39.  
  40. // this sets variables in the session
  41. $_SESSION['subid']= $subid;
  42. $_SESSION['username'] = $username;
  43. $_SESSION['showftp'] = $showftp;
  44. $_SESSION['userlevel'] = "1";
  45. $_SESSION['HTTP_USER_AGENT'] = md5($_SERVER['HTTP_USER_AGENT'], $_SERVER['HTTP_HOST']);
  46. $_SESSION['LAST_ACTIVITY'] = time();
  47.  
  48.  
  49. header("Location: index.php?gamesrv=$serverid");
  50. }
  51. }
  52. else
  53. {
  54. //$msg = urlencode("Invalid Login. Please try again with correct user email and password. ");
  55. $err = $lang['login_err'];
  56. //header("Location: login.php?msg=$msg");
  57. }
  58. } else {
  59. $err = $lang['login_err'];
  60. }
  61. } else {
  62. $result = mysql_query("SELECT `clientid`,`md5_id`,`password`,`firstname`,`email`,`approved`,`userlevel` FROM users WHERE
  63. email='$email'
  64. AND `banned` = '0'
  65. ") or die (mysql_error());
  66. $num = mysql_num_rows($result);
  67.  
  68. // Match row found with more than 1 results - the user is authenticated.
  69. if ( $num > 0 ) {
  70.  
  71. list($id,$clientid,$password,$firstname,$sesemail,$approved,$userlevel) = mysql_fetch_row($result);
  72.  
  73. if(!$approved) {
  74. //$msg = urlencode("Account not activated. Please check your email for activation code");
  75. $_SESSION['MSG'] = msg($lang['nije_aktiviran']);
  76. $err = 1;
  77. header("Location: index.php?login");
  78. exit();
  79. }
  80.  
  81. //check against salt
  82. if ($password === PwdHash($pass,substr($password,0,9))) {
  83. if(empty($err)){
  84. $clinetip = $_SERVER['REMOTE_ADDR'];
  85. $clienthost = gethostbyaddr($clinetip);
  86. $datum = date("d-m-y H:i:s",time());
  87. mysql_query("UPDATE users SET `lastip` = '$clinetip',`lasthost` = '$clienthost',`lastlogin` = '$datum' WHERE md5_id='$clientid'");
  88. // this sets session and logs user in
  89. session_start();
  90. mysql_query("INSERT INTO login_history (clientid,time,date,user) VALUES('$id','$timepr',now(),'$sesemail')");
  91.  
  92. // this sets variables in the session
  93. $_SESSION['clientid']= $clientid;
  94. $_SESSION['username'] = $firstname;
  95. $_SESSION['userlevel'] = $userlevel;
  96. $_SESSION['email'] = $sesemail;
  97. $_SESSION['HTTP_USER_AGENT'] = md5($_SERVER['HTTP_USER_AGENT'], $_SERVER['HTTP_HOST']);
  98. $_SESSION['LAST_ACTIVITY'] = time();
  99.  
  100. //update the timestamp and key for cookie
  101. $stamp = time();
  102. $ckey = GenKey();
  103. mysql_query("update users set `ctime`='$stamp', `ckey` = '$ckey' where clientid='$clientid'") or die(mysql_error());
  104.  
  105. //set a cookie
  106.  
  107. if(isset($request['remember'])){
  108. setcookie("clientid", $_SESSION['clientid'], time()+60*60*24*COOKIE_TIME_OUT, "/");
  109. setcookie("user_key", sha1($ckey), time()+60*60*24*COOKIE_TIME_OUT, "/");
  110. setcookie("username",$_SESSION['username'], time()+60*60*24*COOKIE_TIME_OUT, "/");
  111. }
  112. if(empty($_SESSION['return'])) {
  113. header("Location: index.php?home"); }
  114. else {
  115. $returnpage = $_SESSION['return'];
  116. if($returnpage === "ordnerlist") {
  117. $_SESSION['completord'] = true;
  118. }
  119. header("Location: index.php?$returnpage");
  120. unset($_SESSION['return']);
  121. }
  122. }
  123. }
  124. else
  125. {
  126. //$msg = urlencode("Invalid Login. Please try again with correct user email and password. ");
  127. $err = $lang['login_err'];
  128. //header("Location: login.php?msg=$msg");
  129. }
  130. } else {
  131. $err = $lang['login_err'];
  132. }
  133.  
  134. }
  135. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!