<?phpinclude("../config.php");/** Content Type is XML **/header("Conte

1. <?php
2. include("../config.php");
3.  
4. /** Content Type is XML **/
5.  
6. header("Content-Type: text/html");
7.  
8. $user = mysql_real_escape_string(stripslashes($_POST["strUsername"]));
9. $pass = md5(mysql_real_escape_string(stripslashes($_POST["strPassword"])));
10. $error = 0;
11.  
12. if ($_SERVER['HTTP_X_FORWARD_FOR']) {
13. $ip = $_SERVER['HTTP_X_FORWARD_FOR'];
14. } else {
15. $ip = $_SERVER['REMOTE_ADDR'];
16. }
17.  
18. if (!preg_match('/^[a-z0-9\s_-]+$/i', $user) || ($user == "")) {
19. $error = 1;
20. echo "<login bSuccess='0' sMsg='Username must contain letters, spaces or numbers!'/>";
21. }
22. if (!preg_match('/^[a-z0-9]+$/i', $pass) || ($pass == "")) {
23. $error = 1;
24. echo "<login bSuccess='0' sMsg='Password must contain letters and numbers!'/>";
25. }
26. $getuservar = mysql_query("SELECT * FROM wqw_users WHERE username='$user' AND password='$pass' LIMIT 1")or die("Query failed with error: ".mysql_error());
27. $num = mysql_num_rows($getuservar);
28. $getuser = mysql_fetch_array($getuservar);
29. $userid = $getuser['id'];
30.  
31. if ($num == 0) {
32. $error = 1;
33. echo "<login bSuccess='0' sMsg='You have entered the wrong Username or Password,\n Please click Cancel and try again.'/>";
34. } else if ($getuser['banned'] == 1) {
35. $error = 1;
36. echo "<login bSuccess='0' sMsg='Your user account is currently not activated/banned!'/>";
37. }
38.  
39. if ($error != 1) {
40. session_start();
41. $_SESSION['name'] = $user;
42. $_SESSION['pass'] = $pass;
43. if($getuser["admin"]==1){
44. $_SESSION['adm'] = "true";
45. }
46. //Adds no class if user does not have a class...
47.  
48. $getclass = mysql_query("SELECT * FROM wqw_items WHERE sES='ar' AND equipped=1 AND userid=$userid LIMIT 1")or die("Query failed with error: ".mysql_error());
49. $classcheck = mysql_num_rows($getclass);
50.  
51. if ($classcheck == 0) {
52. $checkitem = mysql_query("SELECT itemid FROM wqw_items WHERE itemid=2506 AND userid=$userid LIMIT 1")or die("Query failed with error: ".mysql_error());
53. $itemcheck = mysql_num_rows($checkitem);
54. if($itemcheck==0){
55. $addclass = mysql_query("INSERT INTO wqw_items (itemid, userid, equipped, sES, iLvl, classXP, className) VALUES ('2506', '$userid', '1', 'ar', '1', '0', 'No Class')") or die("Error adding class! contact PDL Staff immediately!" . mysql_error());
56. $updateclass = mysql_query("UPDATE wqw_users SET currentClass=11 WHERE id=$userid");
57. } else {
58. $equipclass = mysql_query("UPDATE wqw_items SET equipped=1 WHERE itemid=2506 AND userid=$userid")or die("Query failed with error: ".mysql_error());
59. $updateclass = mysql_query("UPDATE wqw_users SET currentClass=11 WHERE id=$userid");
60. }
61. }
62.  
63. $setip = mysql_query("UPDATE wqw_users SET loginip='$ip' WHERE username='$user' AND password='$pass'");
64. echo "<login bSuccess='1' iAccess='" . $getuser["access"] . "' iUpg='" . $getuser["upgrade"] . "' iAge='" . $getuser["age"] . "' sToken='" . $pass . "' dUpgExp='" . $getuser["upgrade"] . "' iUpgDays='" . $getuser["upgDays"] . "' iSendEmail='" . $getuser["emailActive"] . "' strEmail='" . $getuser["email"] . "' bCCOnly='0'>";
65. $getchar = mysql_query("SELECT * FROM wqw_servers LIMIT 10")or die("Query failed with error: ".mysql_error());
66. while ($char = mysql_fetch_array($getchar)) {
67. echo "<servers sName='" . $char["name"] . "' sIP='" . $char["ip"] . "' iCount='" . $char["count"] . "' iMax='" . $char["max"] . "' bOnline='" . $char["online"] . "' sLang='" . $char["sLang"] . "' iChat='" . $char["ichat"] . "' bUpg='" . $char["upgrade"] . "'/>";
68. }
69. echo "</login>";
70. }
71. ?>