API tools faq
paste
Guest User

Untitled

a guest
Dec 8th, 2017
76
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.33 KB | None | 0 0
raw download clone embed print report
  1. <?
  2.  
  3. /*
  4. @author: albertojsé
  5. @devteam: h0kk.ve
  6. @package: compumania
  7. */
  8.  
  9. session_start();
  10.  
  11. include('dbconnect.php');
  12.  
  13. define('IP_REAL', ((isset($_SERVER['HTTP_X_FORWARDED_FOR'])) ? $_SERVER['HTTP_X_FORWARDED_FOR'] : (isset($_SERVER['HTTP_VIA'])) ? $_SERVER['HTTP_VIA'] : (isset($_SERVER['REMOTE_ADDR'])) ? $_SERVER['REMOTE_ADDR'] : 'unknown'));
  14.  
  15. class login
  16. {
  17. var private $username;
  18. var $real_ip = IP_REAL;
  19.  
  20. private function check()
  21. {
  22. if (mysql_num_rows(@mysql_query('SELECT ip FROM check_tmp WHERE ip = "'.$this->real_ip.'"')) <= 0)
  23. {
  24. @mysql_query('INSERT INTO check_tmp SET ip = "'.$this->real_ip.'", attempt = 1, date_time = "'.strtotime(date("H:i:s")).'"');
  25. return true;
  26. }
  27. else
  28. {
  29. if (mysql_result(@mysql_query('SELECT attempt FROM check_tmp WHERE ip = "'.$this->real_ip.'"'), 0,0) >= 3)
  30. {
  31. if (strtotime(date('H:i:s'))-900 >= mysql_result(@mysql_query('SELECT date_time FROM check_tmp WHERE ip = "'.$this->real_ip.'"'), 0,0))
  32. {
  33. @mysql_query('DELETE FROM check_tmp WHERE ip = "'.$this->real_ip.'"');
  34. return true;
  35. }
  36. else
  37. {
  38. return false;
  39. }
  40. }
  41. else
  42. {
  43. @mysql_query('UPDATE check_tmp SET attempt = attempt+1 WHERE ip = "'.$this->real_ip.'"');
  44. return true;
  45. }
  46. }
  47. }
  48.  
  49. public function login_user($username, $password)
  50. {
  51. $this->username = $username;
  52.  
  53. $login_query = sprintf('SELECT * FROM users WHERE username = "%s" AND password = MD5("%s")', mysql_real_escape_string($username), mysql_real_escape_string($password));
  54.  
  55. if(@mysql_num_rows(@mysql_query($login_query)) <= 0)
  56. {
  57. if ($this->check() == false)
  58. {
  59. die ('Error...');
  60. }
  61. }
  62. else
  63. {
  64. if (@mysql_result(@mysql_query('SELECT permise FROM users WHERE username = "'.$username.'"'), 0,0) == '1')
  65. {
  66. $_SESSION['login']['admin'] = true;
  67. }
  68. else
  69. {
  70. $_SESSION['login']['admin'] = false;
  71. }
  72.  
  73. $update_login = sprintf('UPDATE users SET date_last_login = "%s", ip_last_login = "%s" WHERE username = "%s"', date('Y-m-d H:i:s', time()), $this->ip, mysql_real_escape_string($username));
  74. @mysql_query($update_login);
  75.  
  76. $_SESSION['login']['status'] = true;
  77. $_SESSION['login']['username'] = $username;
  78. }
  79. }
  80.  
  81. public function logout()
  82. {
  83. unset($_SESSION['login']);
  84. session_regenerate_id();
  85. }
  86. }
  87.  
  88. ?>
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!