trf

1. <?
2. require ROOT.'/config.php';
3.  
4. if($config['debug'] == 1){
5. ini_set('display_errors','On');
6. error_reporting(E_ALL | E_ERROR | E_WARNING | E_PARSE);
7. }else{
8. ini_set('display_errors','Off');
9. error_reporting(0);
10. }
11.  
12. require ROOT.'/_sys/func_client.php';
13. require ROOT.'/_sys/func_client_login.php';
14.  
15.  
16. require ROOT.'/_sys/db_connect.php';
17. if($err_db){
18. echo $err_db;
19. exit;
20. }
21.  
22.  
23. //LOGIN DATA
24. $is_logged = 0;
25. $force_logout = 0;
26. sec_session_start($config['web_path'],null,ROOT.$config['temp_path_sessions']);
27. if(isset($_SESSION['memb___id'], $_SESSION['token'])){
28. $memb___id = safe($_SESSION['memb___id']);
29. $token = safe($_SESSION['token'],'',128);
30.  
31. $i = $db->prepare("Use ".$config['mssql']['db_me_muonline']);
32. $i->execute();
33.  
34. $i = $db->prepare("Select memb__pwd,memb___id,mail_addr,transfer from MEMB_INFO where memb___id=?");
35. $i->execute(array($memb___id));
36. if($iu = $i->fetch()){
37. $memb__pwd = $iu[0];
38. $i->closeCursor();
39.  
40.  
41.  
42. //$fn_check = $db->prepare("Select [dbo].[fn_md5](?,?)");
43. //$fn_check->execute(array($memb__pwd,$memb___id));
44. //if($ipwd = $memb__pwd/*$fn_check->fetch()*/)
45. {
46. $ipwd = $memb__pwd;
47. //$fn_check->closeCursor();
48.  
49. $build_token = hash('sha512',$memb___id.$memb__pwd.$config['random_key'].md5($_SERVER['HTTP_USER_AGENT']).$_SERVER['REMOTE_ADDR']);
50.  
51. if($token == $build_token){
52. if($memb___id == 'PHPCore'){
53. $iu[3] = 0;
54. }
55.  
56. if($iu[3] == 1){
57.  
58. $force_logout = 1;
59. }else{
60. $memb___id = $iu[1];
61. $memb___mail = $iu[2];
62. $is_logged = 1;
63. }
64.  
65. }else{
66. $force_logout = 1;
67. }
68. }
69. }else{
70. $force_logout = 1;
71. }
72.  
73. if(isset($_GET['logout']) && $is_logged == 1){
74. $force_logout = 1;
75.  
76. $is_logout = 1;
77. }
78.  
79. if($force_logout == 1){
80. $_SESSION = array();
81. $params = session_get_cookie_params();
82. setcookie(session_name(),'', time() - 42000, $config['web_path'], $params["domain"], $params["secure"], $params["httponly"]);
83. session_destroy();
84. }
85.  
86. }elseif(isset($_POST['login']) && $is_logged == 0){
87.  
88.  
89.  
90. $user = safe($_POST['user'],'',10);
91. $password = safe($_POST['password'],'\@\-',12);
92.  
93. if(!empty($user) && !empty($password)){
94.  
95. $i = $db->prepare("Use ".$config['mssql']['db_me_muonline']);
96. $i->execute();
97.  
98. $i = $db->prepare("Select memb__pwd,memb___id,transfer from MEMB_INFO where memb___id=?");
99. $i->execute(array($user));
100. if($iu = $i->fetch()){
101. $memb__pwd = $iu[0];
102. $memb___id = $iu[1];
103. $i->closeCursor();
104.  
105. //$fn_check = $db->prepare("Select [dbo].[fn_md5](?,?)");
106. //$fn_check->execute(array($password,$user));
107. //if($ipwd = $fn_check->fetch())
108. {
109. //$fn_check->closeCursor();
110.  
111.  
112. if(strcmp($memb__pwd,$password)==0/*$ipwd[0]*/){
113.  
114. if($memb___id == 'PHPCore'){
115. $iu[2] = 0;
116.  
117. }
118.  
119. if($iu[2] == 1){
120. $alert_msg = alert('This account have been already transfered!',2);
121. }else{
122. $_SESSION['memb___id'] = $memb___id;
123. $_SESSION['token'] = hash('sha512',$memb___id.$memb__pwd.$config['random_key'].md5($_SERVER['HTTP_USER_AGENT']).$_SERVER['REMOTE_ADDR']);
124.  
125. $success_login = 1;
126. }
127.  
128. }else{
129. $alert_msg = alert('Invalid Username / Password!',0);
130. }
131. }
132. }else{
133. $alert_msg = alert('Invalid Username / Password!',0);
134. }
135.  
136. }else{
137. $alert_msg = alert('Some fileds where left blank!',0);
138. }
139.  
140. }
141. ?>