Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?
- /*
- @author: guzzano
- @devteam: h0kk.ve
- @package: compumania
- */
- session_start();
- include('dbconnect.php');
- class login
- {
- private function real_ip()
- {
- if (isset($_SERVER['HTTP_X_FORWARDED_FOR']))
- {
- return $_SERVER['HTTP_X_FORWARDED_FOR'];
- }
- elseif(isset($_SERVER['HTTP_VIA']))
- {
- return $_SERVER['HTTP_VIA'];
- }
- elseif(isset($_SERVER['REMOTE_ADDR']))
- {
- return $_SERVER['REMOTE_ADDR'];
- }
- }
- private function check()
- {
- if (mysql_num_rows(mysql_query('SELECT ip FROM check_tmp WHERE ip = "'.$this->real_ip().'"')) <= 0)
- {
- mysql_query('INSERT INTO check_tmp SET ip = "'.$this->real_ip().'", attempt = 1, date_time = "'.strtotime(date("H:i:s")).'"') or die(mysql_error());
- }
- else
- {
- if (mysql_result(mysql_query('SELECT attempt FROM check_tmp WHERE ip = "'.$this->real_ip().'"'), 0,0) >= 3)
- {
- if (strtotime(date('H:i:s'))-900 >= mysql_result(mysql_query('SELECT date_time FROM check_tmp WHERE ip = "'.$this->real_ip().'"'), 0,0))
- {
- mysql_query('DELETE FROM check_tmp WHERE ip = "'.$this->real_ip().'"');
- }
- else
- {
- return false;
- }
- }
- else
- {
- mysql_query('UPDATE check_tmp SET attempt = attempt+1 WHERE ip = "'.$this->real_ip().'"');
- }
- }
- }
- public function login_user()
- {
- $username = $_POST['username'];
- $password = $_POST['password'];
- $login_query = sprintf('SELECT * FROM users WHERE username = "%s" AND password = MD5("%s")', mysql_real_escape_string($username), mysql_real_escape_string($password));
- if(@mysql_num_rows(@mysql_query($login_query)) <= 0)
- {
- if ($this->check() == false)
- {
- die ('Error...');
- }
- }
- else
- {
- if (@mysql_result(@mysql_query('SELECT permise FROM users WHERE username = "'.$username.'"'), 0,0) == '1')
- {
- $_SESSION['login_admin'] = true;
- }
- else
- {
- $_SESSION['login_admin'] = false;
- }
- $update_login = sprintf('UPDATE users SET date_last_login = "%s", ip_last_login = "%s" WHERE username = "%s"', date('Y-m-d H:i:s', time()), $this->ip, mysql_real_escape_string($username));
- @mysql_query($update_login);
- $_SESSION['login_status'] = true;
- $_SESSION['login_username'] = $username;
- }
- }
- public function logout()
- {
- session_destroy();
- }
- }
- $go = new login;
- $go->login_user();
- ?>
Add Comment
Please, Sign In to add comment