Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- include('config.php');
- if(isset($_POST['Submit']))
- {
- $username = mysql_real_escape_string($_POST['username']);
- $pass = mysql_real_escape_string($_POST['password']);
- $hash = md5(rand(10000, 99999));
- $password = sha1(strtoupper($username).":".strtoupper($pass));
- $account_id = mysql_fetch_array(mysql_query("SELECT `id` FROM `".$database."`.`users` WHERE `username` = '".$username."'"));
- $row = mysql_fetch_assoc(mysql_query("SELECT `password` FROM `".$database."`.`users` WHERE `username` = '".$username."'"));
- if($row['password'] == $password)
- {
- if(mysql_num_rows(mysql_query("SELECT NULL FROM `".$database."`.`users` WHERE `username` = '".$account_id['id']."'")) > 0)
- {
- mysql_query("UPDATE `".$database."`.`users` SET `sessionkey` = '".$hash."' `time` = '".(time()+60*60)."' `ip` = '".md5($_SERVER['REMOTE_ADDR'])."' WHERE `account` = '".$account_id['id']."'");
- }
- else
- {
- setcookie('logged_in',$hash,time()+60*60, "/");
- mysql_query("INSERT INTO `".$database."`.`sessionkeys` (`account`,`sessionkey`,`time`,`ip`) VALUES ('".$account_id['id']."','".$hash."','".(time()+60*60)."','".md5($_SERVER['REMOTE_ADDR'])."')");
- header('Location:/');
- }
- }
- else
- {
- $fp = fopen("log.txt", "w");
- fwrite($fp, "[".date("Y.m.d H:i:s", time())."] Felhasználónév: ".$username." IP: ".base64_encode($_SERVER['REMOTE_ADDR'])."\n");
- fclose($fp);
- }
- }
- ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
