SHARE
TWEET

Untitled

a guest May 22nd, 2017 59 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. <?php
  2. ob_start('ob_gzhandler');
  3.  
  4. session_start();
  5.  
  6. define('ROOT', 1);
  7.  
  8. $config = require_once 'config.php';
  9.  
  10. include('engine.class.php');
  11.  
  12. $engine = new Engine;
  13.  
  14. $engine->load_extension('mysql');
  15. $engine->load_extension('steam');
  16.  
  17. $mysql  = new MySQL($config['host'], $config['user'], $config['pass'], $config['db']);
  18. $steam  = new Steam;
  19.  
  20. $mysql->connect();
  21.  
  22. if ($engine->request_var('logout') == 1)
  23. {
  24.     session_destroy();
  25.     header('Location: index.php');
  26. }
  27.  
  28. if ($_SERVER['REMOTE_ADDR'] != $_SESSION['ip'])
  29. {
  30.     $_SESSION['ip']      = $_SERVER['REMOTE_ADDR'];
  31.     $_SESSION['token']   = $engine->generate_security_token();
  32.     $_SESSION['user']    = false;
  33.     $_SESSION['attempt'] = 1;
  34. }
  35.  
  36. if($engine->request_var('login') && !$_SESSION['user'])
  37. {
  38.     if ($_SESSION['attempt'] >= $config['login_attempts'])
  39.     {
  40.         $error['login'] = 'Number of login attempts exceeded';
  41.     } else {
  42.         $sql = "SELECT id FROM users WHERE gamesynch_id = '" . $mysql->escape($engine->request_var('user')) . "' AND password = '" . $mysql->escape($engine->request_var('password')) . "'";
  43.         $query = $mysql->query_first($sql);
  44.    
  45.         if ($mysql->affected_rows == 1)
  46.         {
  47.             $_SESSION['user'] = $query['id'];
  48.         } else {
  49.             $error['attempt'] = $config['login_attempts'] - $_SESSION['attempt'];
  50.             $error['login'] = "You have entered invalid username or password (<b>$error[attempt]</b>)";
  51.             $_SESSION['attempt']++;
  52.         }  
  53.     }
  54. }
  55.  
  56. if ($_SESSION['user'])
  57. {
  58.     $sql = "SELECT * FROM users WHERE id = $_SESSION[user]";
  59.     $user = $mysql->query_first($sql);
  60. }
  61.  
  62. if (!$_SESSION['user']) {
  63. ?>
  64. <form name='input' action='' method='post'>
  65. Login:
  66. <input type='text' name='user' />
  67. <input type='password' name='password' />
  68. <input type='submit' name='login' value='Submit' />
  69. </form>
  70. <?php echo $error['login']; ?>
  71. <?php
  72. } else {
  73. echo "HI $user[gamesynch_id] <a href='?logout=1'>Logout</a>";
  74. }
  75. $mysql->close();
  76.  
  77. ob_end_flush();
  78. ?>
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top