Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?
- /*
- @author: albertojsé
- @devteam: h0kk.ve
- @package: compumania
- */
- session_start();
- include('dbconnect.php');
- define('IP_REAL', ((isset($_SERVER['HTTP_X_FORWARDED_FOR'])) ? $_SERVER['HTTP_X_FORWARDED_FOR'] : (isset($_SERVER['HTTP_VIA'])) ? $_SERVER['HTTP_VIA'] : (isset($_SERVER['REMOTE_ADDR'])) ? $_SERVER['REMOTE_ADDR'] : 'unknown'));
- class login
- {
- var private $username;
- var $real_ip = IP_REAL;
- private function check()
- {
- if (mysql_num_rows(@mysql_query('SELECT ip FROM check_tmp WHERE ip = "'.$this->real_ip.'"')) <= 0)
- {
- @mysql_query('INSERT INTO check_tmp SET ip = "'.$this->real_ip.'", attempt = 1, date_time = "'.strtotime(date("H:i:s")).'"');
- return true;
- }
- else
- {
- if (mysql_result(@mysql_query('SELECT attempt FROM check_tmp WHERE ip = "'.$this->real_ip.'"'), 0,0) >= 3)
- {
- if (strtotime(date('H:i:s'))-900 >= mysql_result(@mysql_query('SELECT date_time FROM check_tmp WHERE ip = "'.$this->real_ip.'"'), 0,0))
- {
- @mysql_query('DELETE FROM check_tmp WHERE ip = "'.$this->real_ip.'"');
- return true;
- }
- else
- {
- return false;
- }
- }
- else
- {
- @mysql_query('UPDATE check_tmp SET attempt = attempt+1 WHERE ip = "'.$this->real_ip.'"');
- return true;
- }
- }
- }
- public function login_user($username, $password)
- {
- $this->username = $username;
- $login_query = sprintf('SELECT * FROM users WHERE username = "%s" AND password = MD5("%s")', mysql_real_escape_string($username), mysql_real_escape_string($password));
- if(@mysql_num_rows(@mysql_query($login_query)) <= 0)
- {
- if ($this->check() == false)
- {
- die ('Error...');
- }
- }
- else
- {
- if (@mysql_result(@mysql_query('SELECT permise FROM users WHERE username = "'.$username.'"'), 0,0) == '1')
- {
- $_SESSION['login']['admin'] = true;
- }
- else
- {
- $_SESSION['login']['admin'] = false;
- }
- $update_login = sprintf('UPDATE users SET date_last_login = "%s", ip_last_login = "%s" WHERE username = "%s"', date('Y-m-d H:i:s', time()), $this->ip, mysql_real_escape_string($username));
- @mysql_query($update_login);
- $_SESSION['login']['status'] = true;
- $_SESSION['login']['username'] = $username;
- }
- }
- public function logout()
- {
- unset($_SESSION['login']);
- session_regenerate_id();
- }
- }
- ?>
Add Comment
Please, Sign In to add comment