<?PHPrequire("connect.php");//Get username information$username=$_POST['us

1. <?PHP
2. require("connect.php");
3. //Get username information
4. $username=$_POST['username'];
5. $password=$_POST['password'];
6. $username=mysql_real_escape_string($username);
7. $password=mysql_real_escape_string($password);
8.  
9. //check that user is not banned
10. $banned=mysql_query("SELECT * FROM GUIDTech WHERE user='" .$username. "'");
11. while($rows=mysql_fetch_array($banned)){
12. $banned1=$rows['BANNED'];
13. }
14.  
15. //Get id from username for retrieval of the password hash and salt
16. $result=mysql_query("SELECT * FROM ".$pf."members WHERE name='" . $username. "'")or die('fout'. mysql_error());
17. while($rows=mysql_fetch_array($result)){
18. $id=$rows['id'];
19. //We need this information to make sure the user is allowed to access this system
20. $group=$rows['mgroup'];
21. $user2 = $rows['name'];
22. }
23.  
24. //*********************************************************************
25. //Modify this table to use your usergroup names
26. $allowedgroups = array (
27. "Root Admin",
28. "Global Moderator",
29. "Administrators",
30. "Coder",
31. "Super ViP Member",
32. "GFX Designer",
33. "VIP-Member",
34. "Head Moderator",
35. "Special Member",
36. "Members",
37. "Designer",
38. "Local Moderator",
39. "Support",
40. "Warez Mod"
41. );
42. //**********************************************************************
43. //Get password hash and salt using email
44. $nick=mysql_query("SELECT * FROM ".$pf."members WHERE name='".$username."'");
45. while($rows=mysql_fetch_array($nick)){
46. $nickname=$rows['members_display_name'];
47. $m_login_key = $rows['member_login_key'];
48. }
49.  
50. //Get use the group ID to get the group title text
51. $verify=mysql_query("SELECT * FROM ".$pf."groups");
52. while($rows=mysql_fetch_array($verify)){
53. $result=mysql_query("SELECT * FROM ".$pf."groups WHERE g_id='".$group."'");
54. while($rows2=mysql_fetch_array($result)){
55. $group=$rows2['g_title'];
56. }
57. }
58.  
59. $usergroup = false;
60. if(in_array($group, $allowedgroups)) {
61. $usergroup = true;
62. }
63.  
64. //Get password hash and salt using email
65. $result=mysql_query("SELECT * FROM ".$pf."members_converge WHERE converge_id='" . $id . "'");
66. while($rows=mysql_fetch_array($result)){
67. $checkpass=$rows['converge_pass_hash'];
68. $salt=$rows['converge_pass_salt'];
69. }
70. //echo $checkpass . "<br />" . md5($_POST['pass']);
71. //$ip = explode('.', $_SERVER['REMOTE_ADDR']);
72. //$salt2 = md5($DBpassword . $DBusername);
73. //$pass2 = md5( md5( $id . "-" . $ip[0] . '-' . $ip[1] . '-' . $m_login_key) . $salt2);
74. $password = md5( md5( $salt ) . md5( $password ) );
75.  
76. if($password != $checkpass/*$_COOKIE['ipb_stronghold']*/){
77. echo '<meta http-equiv="refresh" content="0;url=wrong.php">' ; //Error
78.  
79.  
80. exit;
81. }
82.  
83. if(!$usergroup){
84. echo '<meta http-equiv="refresh" content="0;url=group.php">' ; //Error
85. exit;
86. }
87.  
88. session_start();
89. $_SESSION['code'] = md5(rand(1,1000));
90. $_SESSION['user'] = $user2;
91. $_SESSION['nickname'] = $nickname;
92. $_SESSION['group'] = $group;
93. $res = mysql_query("SELECT * FROM GUIDTech WHERE user='". $_SESSION['user'] ."'")or die(mysql_error());
94. //$data = mysql_fetch_assoc($res);
95. if(mysql_num_rows($res) >= 1) {
96. mysql_query("UPDATE GUIDTech SET code='" . $_SESSION['code'] ."', user='". $_SESSION['user'] . "', nickname='". $_SESSION['nickname']."' WHERE user='" . $_SESSION['user'] ."'")or die(mysql_error());
97. }
98. else {
99. mysql_query("INSERT INTO GUIDTech (user, nickname, code, group) VALUES ('". $_SESSION['user'] ."', '". $_SESSION['nickname']."', '" .$_SESSION['code'] ."', '" .$_SESSION['group'] ."')")or die(mysql_error());
100. }
101. header("Location: thanks.php");
102. ob_end_flush();
103. ?>