Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?PHP
- require("connect.php");
- //Get username information
- $username=$_POST['username'];
- $password=$_POST['password'];
- $username=mysql_real_escape_string($username);
- $password=mysql_real_escape_string($password);
- //check that user is not banned
- $banned=mysql_query("SELECT * FROM GUIDTech WHERE user='" .$username. "'");
- while($rows=mysql_fetch_array($banned)){
- $banned1=$rows['BANNED'];
- }
- //Get id from username for retrieval of the password hash and salt
- $result=mysql_query("SELECT * FROM ".$pf."members WHERE name='" . $username. "'")or die('fout'. mysql_error());
- while($rows=mysql_fetch_array($result)){
- $id=$rows['id'];
- //We need this information to make sure the user is allowed to access this system
- $group=$rows['mgroup'];
- $user2 = $rows['name'];
- }
- //*********************************************************************
- //Modify this table to use your usergroup names
- $allowedgroups = array (
- "Root Admin",
- "Global Moderator",
- "Administrators",
- "Coder",
- "Super ViP Member",
- "GFX Designer",
- "VIP-Member",
- "Head Moderator",
- "Special Member",
- "Members",
- "Designer",
- "Local Moderator",
- "Support",
- "Warez Mod"
- );
- //**********************************************************************
- //Get password hash and salt using email
- $nick=mysql_query("SELECT * FROM ".$pf."members WHERE name='".$username."'");
- while($rows=mysql_fetch_array($nick)){
- $nickname=$rows['members_display_name'];
- $m_login_key = $rows['member_login_key'];
- }
- //Get use the group ID to get the group title text
- $verify=mysql_query("SELECT * FROM ".$pf."groups");
- while($rows=mysql_fetch_array($verify)){
- $result=mysql_query("SELECT * FROM ".$pf."groups WHERE g_id='".$group."'");
- while($rows2=mysql_fetch_array($result)){
- $group=$rows2['g_title'];
- }
- }
- $usergroup = false;
- if(in_array($group, $allowedgroups)) {
- $usergroup = true;
- }
- //Get password hash and salt using email
- $result=mysql_query("SELECT * FROM ".$pf."members_converge WHERE converge_id='" . $id . "'");
- while($rows=mysql_fetch_array($result)){
- $checkpass=$rows['converge_pass_hash'];
- $salt=$rows['converge_pass_salt'];
- }
- //echo $checkpass . "<br />" . md5($_POST['pass']);
- //$ip = explode('.', $_SERVER['REMOTE_ADDR']);
- //$salt2 = md5($DBpassword . $DBusername);
- //$pass2 = md5( md5( $id . "-" . $ip[0] . '-' . $ip[1] . '-' . $m_login_key) . $salt2);
- $password = md5( md5( $salt ) . md5( $password ) );
- if($password != $checkpass/*$_COOKIE['ipb_stronghold']*/){
- echo '<meta http-equiv="refresh" content="0;url=wrong.php">' ; //Error
- exit;
- }
- if(!$usergroup){
- echo '<meta http-equiv="refresh" content="0;url=group.php">' ; //Error
- exit;
- }
- session_start();
- $_SESSION['code'] = md5(rand(1,1000));
- $_SESSION['user'] = $user2;
- $_SESSION['nickname'] = $nickname;
- $_SESSION['group'] = $group;
- $res = mysql_query("SELECT * FROM GUIDTech WHERE user='". $_SESSION['user'] ."'")or die(mysql_error());
- //$data = mysql_fetch_assoc($res);
- if(mysql_num_rows($res) >= 1) {
- mysql_query("UPDATE GUIDTech SET code='" . $_SESSION['code'] ."', user='". $_SESSION['user'] . "', nickname='". $_SESSION['nickname']."' WHERE user='" . $_SESSION['user'] ."'")or die(mysql_error());
- }
- else {
- mysql_query("INSERT INTO GUIDTech (user, nickname, code, group) VALUES ('". $_SESSION['user'] ."', '". $_SESSION['nickname']."', '" .$_SESSION['code'] ."', '" .$_SESSION['group'] ."')")or die(mysql_error());
- }
- header("Location: thanks.php");
- ob_end_flush();
- ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement