Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- include('lib.php');
- $mysql = DBC::getDefault();
- $err = array();
- foreach($_GET as $key => $value) {
- $get[$key] = $lib->filter($value); //get variables are filtered.
- }
- if ($_POST['DoLogin']=='Поехали!')
- {
- foreach($_POST as $key => $value) {
- $data[$key] = $lib->filter($value); // post variables are filtered
- }
- $username = $data['username'];
- $password = $data['password'];
- $result = $mysql->query("SELECT `id`,`password`,`favorite`,`user_level` FROM `stream_users` WHERE
- `username`='".$username."' AND `banned` = '0'");
- $num = mysql_num_rows($result);
- // Match row found with more than 1 results - the user is authenticated.
- if ( $num > 0 ) {
- list($id,$password_sql,$favorite,$user_level) = mysql_fetch_row($result);
- //if(!$approved) {
- //$msg = urlencode("Account not activated. Please check your email for activation code");
- //$err[] = "Account not activated. Please check your email for activation code";
- //header("Location: login.php?msg=$msg");
- //exit();
- // }
- //check against salt
- if ($password_sql === $lib->pass_hash($username,$password)){
- if(empty($err)){
- // this sets session and logs user in
- session_start();
- session_regenerate_id (true); //prevent against session fixation attacks.
- // this sets variables in the session
- $_SESSION['user_id']= $id;
- $_SESSION['user_name'] = $username_sql;
- $_SESSION['user_level'] = $user_level;
- $_SESSION['HTTP_USER_AGENT'] = md5($_SERVER['HTTP_USER_AGENT']);
- $_SESSION['favorite'] = $favorite;
- //update the timestamp and key for cookie
- $stamp = time();
- $ckey = $lib->GenKey();
- $mysql->query("update stream_users set `ctime`='$stamp', `ckey` = '$ckey' where id='$id'");
- //set a cookie
- if(isset($_POST['remember'])){
- setcookie("user_id", $_SESSION['user_id'], time()+60*60*24*$cookie_timeout, "/");
- setcookie("user_key", sha1($ckey), time()+60*60*24*$cookie_timeout, "/");
- setcookie("user_name",$_SESSION['user_name'], time()+60*60*24*$cookie_timeout, "/");
- setcookie("favorite",$_SESSION['favorite'], time()+60*60*24*$cookie_timeout, "/");
- }
- header("Location: index.php");
- }
- }
- else
- {
- //$msg = urlencode("Invalid Login. Please try again with correct user email and password. ");
- $err[] = "Invalid Login. Please try again with correct user email and password.";
- //header("Location: login.php?msg=$msg");
- }
- } else {
- $err[] = "Error - Invalid login. No such user exists";
- }
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement