<?phpsession_start();require_once "includes/config.php";require_once "incl

1. <?php
2. session_start();
3. require_once "includes/config.php";
4. require_once "includes/functions.php";
5.  
6. if(isset($_SESSION['status']))
7. {
8.     if($_SESSION['status'] == 'authenticated')
9.     {
10.         header("Location: index.php");
11.         exit;
12.     }
13. }
14.  
15. request_clean(true,true,true,false);
16.  
17.  
18. if(isset($_POST['login']) && isset($_POST['pass']) && isset($_POST['verif_box'])) {
19.  
20.     //sleep(2);
21.     $username = $_POST['login'];
22.     $pass = $_POST['pass'];
23.     $tm_flag['verif_box'] = $_POST["verif_box"];
24.  
25.  
26.     if(!valid_user($username)){
27.         $tm_flag['valid_username']="0";
28.         echo "er1";
29.         exit();
30.     }
31.     elseif(valid_pass($pass,$pass)!="1"){
32.         $tm_flag['valid_pass']="0";
33.             echo "er2";
34.         exit();
35.     }
36.     elseif(img_validate($tm_flag['verif_box'])) {
37.        
38. echo "gg";
39. exit();
40.         mysql_connect(DB_HOST,DB_USER,DB_PASS) or die(writeErrors(mysql_error(),$_SERVER['REMOTE_ADDR'],date("m.d.Y h:iA T"),__FILE__,__LINE__));
41.         mysql_select_db(DB_NAME) or die(writeErrors(mysql_error(),$_SERVER['REMOTE_ADDR'],date("m.d.Y h:iA T"),__FILE__,__LINE__));
42.         /* Checking weather username exisets in the database */
43.         $pass = md5(md5($pass));
44.         $result = mysql_query("SELECT * FROM usernames WHERE username='$username' and password='$pass';") or die(writeErrors(mysql_error(),$_SERVER['REMOTE_ADDR'],date("m.d.Y h:iA T"),__FILE__,__LINE__));
45.         if($result != false)
46.         {
47.             $numrows = mysql_num_rows($result);
48.             $result = mysql_fetch_assoc($result);
49.             if($numrows > 0)
50.             {
51.                 //create session
52.                 $_SESSION['status'] = "authenticated";
53.                 $_SESSION['id'] = $result['id'];
54.                 $_SESSION['username'] = $result['username'];
55.                 $_SESSION['email'] = $result['email'];
56.                 $_SESSION['icq'] = $result['icq'];
57.                 $_SESSION['ip'] = $_SERVER['REMOTE_ADDR'];
58.                 $_SESSION['user_agent'] = $_SERVER["HTTP_USER_AGENT"];
59.  
60.                 //update ip, access date, user agent
61.                 mysql_query("UPDATE usernames SET ip='".$_SERVER['REMOTE_ADDR']."',acc_dat='".time()."',user_agent='".$_SERVER["HTTP_USER_AGENT"]."' WHERE id='".$_SESSION['id']." LIMIT 1';") or die(writeErrors(mysql_error(),$_SERVER['REMOTE_ADDR'],date("m.d.Y h:iA T"),__FILE__,__LINE__));
62.                
63.  
64.                 header("Location: index.php");
65.                 exit;
66.             }
67.         }
68.         else {
69.             $tm_flag['bad_username']="1";
70.         }
71.     }
72. }
73. require('template/t_login.php');
74.  
75. ?>