Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?
- require ROOT.'/config.php';
- if($config['debug'] == 1){
- ini_set('display_errors','On');
- error_reporting(E_ALL | E_ERROR | E_WARNING | E_PARSE);
- }else{
- ini_set('display_errors','Off');
- error_reporting(0);
- }
- require ROOT.'/_sys/func_client.php';
- require ROOT.'/_sys/func_client_login.php';
- require ROOT.'/_sys/db_connect.php';
- if($err_db){
- echo $err_db;
- exit;
- }
- //LOGIN DATA
- $is_logged = 0;
- $force_logout = 0;
- sec_session_start($config['web_path'],null,ROOT.$config['temp_path_sessions']);
- if(isset($_SESSION['memb___id'], $_SESSION['token'])){
- $memb___id = safe($_SESSION['memb___id']);
- $token = safe($_SESSION['token'],'',128);
- $i = $db->prepare("Use ".$config['mssql']['db_me_muonline']);
- $i->execute();
- $i = $db->prepare("Select memb__pwd,memb___id,mail_addr,transfer from MEMB_INFO where memb___id=?");
- $i->execute(array($memb___id));
- if($iu = $i->fetch()){
- $memb__pwd = $iu[0];
- $i->closeCursor();
- //$fn_check = $db->prepare("Select [dbo].[fn_md5](?,?)");
- //$fn_check->execute(array($memb__pwd,$memb___id));
- //if($ipwd = $memb__pwd/*$fn_check->fetch()*/)
- {
- $ipwd = $memb__pwd;
- //$fn_check->closeCursor();
- $build_token = hash('sha512',$memb___id.$memb__pwd.$config['random_key'].md5($_SERVER['HTTP_USER_AGENT']).$_SERVER['REMOTE_ADDR']);
- if($token == $build_token){
- if($memb___id == 'PHPCore'){
- $iu[3] = 0;
- }
- if($iu[3] == 1){
- $force_logout = 1;
- }else{
- $memb___id = $iu[1];
- $memb___mail = $iu[2];
- $is_logged = 1;
- }
- }else{
- $force_logout = 1;
- }
- }
- }else{
- $force_logout = 1;
- }
- if(isset($_GET['logout']) && $is_logged == 1){
- $force_logout = 1;
- $is_logout = 1;
- }
- if($force_logout == 1){
- $_SESSION = array();
- $params = session_get_cookie_params();
- setcookie(session_name(),'', time() - 42000, $config['web_path'], $params["domain"], $params["secure"], $params["httponly"]);
- session_destroy();
- }
- }elseif(isset($_POST['login']) && $is_logged == 0){
- $user = safe($_POST['user'],'',10);
- $password = safe($_POST['password'],'\@\-',12);
- if(!empty($user) && !empty($password)){
- $i = $db->prepare("Use ".$config['mssql']['db_me_muonline']);
- $i->execute();
- $i = $db->prepare("Select memb__pwd,memb___id,transfer from MEMB_INFO where memb___id=?");
- $i->execute(array($user));
- if($iu = $i->fetch()){
- $memb__pwd = $iu[0];
- $memb___id = $iu[1];
- $i->closeCursor();
- //$fn_check = $db->prepare("Select [dbo].[fn_md5](?,?)");
- //$fn_check->execute(array($password,$user));
- //if($ipwd = $fn_check->fetch())
- {
- //$fn_check->closeCursor();
- if(strcmp($memb__pwd,$password)==0/*$ipwd[0]*/){
- if($memb___id == 'PHPCore'){
- $iu[2] = 0;
- }
- if($iu[2] == 1){
- $alert_msg = alert('This account have been already transfered!',2);
- }else{
- $_SESSION['memb___id'] = $memb___id;
- $_SESSION['token'] = hash('sha512',$memb___id.$memb__pwd.$config['random_key'].md5($_SERVER['HTTP_USER_AGENT']).$_SERVER['REMOTE_ADDR']);
- $success_login = 1;
- }
- }else{
- $alert_msg = alert('Invalid Username / Password!',0);
- }
- }
- }else{
- $alert_msg = alert('Invalid Username / Password!',0);
- }
- }else{
- $alert_msg = alert('Some fileds where left blank!',0);
- }
- }
- ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement