<?phpif($hkzone !== true){ header("Location: index.php?throwBack=true"); exi

1. <?php
2.  
3. if($hkzone !== true){ header("Location: index.php?throwBack=true"); exit; }
4. if(session_is_registered(acp)){ header("Location: index.php?loginThrowBack=true"); exit; }
5.  
6. $pagename = "Login";
7. $pageid = "login";
8.  
9. if(isset($_POST['username'])){
10.  
11. $form_name = addslashes($_POST['username']);
12. $form_pass = HoloHash($_POST['password']);
13. $form_pass2 = HoloHashMD5($_POST['password']);
14. $form_code = $_POST['codeword'];
15.  
16. $check = mysql_query("SELECT * FROM users WHERE username = '" . $form_name . "' AND password = '" . $form_pass . "' AND secretcode = '".$form_code."' AND rank > 3 or username = '" . $form_name . "' AND password = '" . $form_pass2 . "' AND secretcode = '".$form_code."' AND rank > 3 LIMIT 1") or die(mysql_error());
17. $valid = mysql_num_rows($check);
18.  
19. if(!empty($form_name) && !empty($form_pass)){
20. if($valid > 0){
21. $row = mysql_fetch_assoc($check);
22.  
23. $_SESSION['acp'] = true;
24. $_SESSION['hkusername'] = $row['username'];
25. $_SESSION['hkpassword'] = $form_pass2;
26. $_SESSION['hkcode'] = $form_code;
27.  
28. $my_id = $row['id'];
29.  
30. if(!session_is_registered(username)){
31. $_SESSION['username'] = $row['username'];
32. $_SESSION['password'] = $form_pass2;
33. $_SESSION['code'] = $form_code;
34. }
35.  
36. mysql_query("UPDATE users SET ip_last = '".$remote_ip."' WHERE id = '".$row['id']."' LIMIT 1");
37. mysql_query("INSERT INTO stafflogs (action,message,note,userid,targetid,timestamp) VALUES ('Housekeeping','Login (IP: ".$remote_ip.")','login.php','".$my_id."','0','".$date_full."')") or die(mysql_error());
38. if($_POST['headerclient'] == true){
39. header("location: $path/client"); exit;
40. }else{
41. header("location: ".$adminpath."/hotel/de/housekeeping/index/p/home"); exit;
42. }
43.  
44. } else {
45. $msg = "Username, Passwort, Habbo ID oder Security Code Falsch";
46. header("location: ".$adminpath."/hotel/de/housekeeping/index/p/login");
47. }
48. } else {
49. $msg = "Du hast nicht alle Felder ausgefüllt!";
50. }
51.  
52. } elseif($notify_logout == true){
53. mysql_query("INSERT INTO stafflogs (action,message,note,userid,targetid,timestamp) VALUES ('Housekeeping','Logout','notify_logout','".$my_id."','0','".$date_full."')") or die(mysql_error());
54. $msg = "<font color='green'>Du hast dich komplett ausgeloggt.</font>";
55. } else {
56. $msg = "Bitte Einloggen";
57. }
58.  
59. include('subheader.php');
60.  
61. ?>
62. <style type="text/css">
63. body {
64. background-color: #000
65.  
66. }
67. </style>
68.  
69. <div id='ipdwrapper'>
70. <div align='center'>
71. <br><img src="./images/logo.png">
72. <br>
73. <div class="header_right"><img src="./images/header_tm1.gif"></div>
74. <div style='width:500px'>
75. <div class='outerdiv' id='global-outerdiv'><!-- OUTERDIV -->
76. <table cellpadding='0' cellspacing='8' width='100%' id='tablewrap'>
77. <tr>
78. <td id='rightblock'>
79. <div>
80. <form id='loginform' action='<?php echo $adminpath; ?>/hotel/de/housekeeping/index/p/login&do=submit' method='post'>
81. <input type='hidden' name='qstring' value='' />
82. <table width='100%' cellpadding='0' cellspacing='0' border='0'>
83. <tr>
84. <td width='200' class='tablerow1' valign='top' style='border:0px;width:200px'>
85. <div style='text-align:center;padding-top:20px'>
86. <img src='./images/frank_waving_dbl_sml.gif' alt='Housekeeping' border='0' />
87. </div>
88. <br />
89. <div class='desctext' style='font-size:10px'>
90. <div align='center'><strong>Willkommen im Housekeeping</strong></div>
91. <br />
92. <div style='font-size:9px;color:gray'>Du bist hier im Administrator Bereich des Hotels gelandet. Dieser Service bleibt 24/7 Online.<br /><br /><b>Info zur "Habbo ID"</b>:<br>Deine Habbo ID findest du auf deiner ME Seite. Sie steht da, wo deine Taler, Pixel ect. stehen</div>
93. </div>
94. </td>
95. <td width='300' style='width:300px' valign='top'>
96. <table width='100%' cellpadding='5' cellspacing='0' border='0'>
97. <tr>
98. <td colspan='2' align='center'>
99. <br />
100. <div style='font-weight:bold;color:red'><?php echo $msg; ?></div><br />
101. </td>
102. </tr>
103. <?php if($notify_login !== "login"){ ?>
104. <tr>
105. <td align='right'><strong>Username</strong></td>
106. <td><input style='border:1px solid #AAA' type='text' size='20' name='username' id='namefield' value='' /></td>
107. </tr>
108. <tr>
109. <td align='right'><strong>Passwort</strong></td>
110. <td><input style='border:1px solid #AAA' type='password' size='20' name='password' value='' /></td>
111. </tr>
112. <tr>
113. <td align='right'><strong>Security Code</strong></td>
114. <td><input style='border:1px solid #AAA' type='text' size='20' name='codeword' value=''></td>
115. </tr>
116. <tr>
117. <td align='right'><strong>Client Einloggen</strong></td>
118. <td><input style='border:1px solid #AAA' type='checkbox' size='20' name='headerclient' value='true'></td>
119. </tr>
120. <tr>
121. <td colspan='2' align='center'><input type='submit' style='border:1px solid #AAA' value='Login' /></td>
122. </tr>
123. <?php } ?>
124. <tr>
125. <td colspan='2'><br /><center><img src="./images/workman_habbo_down.gif"></center></td>
126. </tr>
127. </table>
128. </td>
129. </tr>
130. </table>
131. </form>
132.  
133. </div>
134. </td>
135. </tr>
136. </table>
137. </div><!-- / OUTERDIV -->
138.  
139. </div>
140. </div>
141. <script type='text/javascript'>
142. if (top.location != self.location) { top.location = self.location }
143.  
144. try
145. {
146. window.onload = function() { document.getElementById('namefield').focus(); }
147. }
148. catch(error)
149. {
150. alert(error);
151. }
152.  
153. </script>