Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- if (isset($_POST['credentials_username']) && isset($_POST['credentials_password']))
- {
- $frontpage->SetParam('credentials_username', $_POST['credentials_username']);
- $credUser = filter($_POST['credentials_username']);
- $credPass = $core->UberHash($_POST['credentials_password']);
- $errors = array();
- if (strlen($_POST['credentials_username']) < 1)
- {
- $errors[] = "Please enter your username";
- }
- if (strlen($_POST['credentials_password']) < 1)
- {
- $errors[] = "Please enter your password";
- }
- $numRows = mysql_num_rows(mysql_query("SELECT * FROM users WHERE username='". $credUser ."'"));
- $resultedPassword = mysql_result(mysql_query("SELECT password FROM users WHERE username='". $credUser ."'"), 0);
- if($numRows!=1){
- $errors[] = "User doesn't even exist, how could you possibly enter Habplus?";
- }
- else
- if($credPass!=$resultedPassword){
- $errors[] = "Password is not associated with the account!";
- }
- if (count($errors) == 0)
- {
- if ($users->ValidateUser($credUser, $credPass))
- {
- if (isset($_POST['page']))
- {
- $reqPage = filter($_POST['page']);
- $pos = strrpos($reqPage, WWW);
- if ($pos === false || $pos != 0)
- {
- die("<b>Security warning!</b> A malicious request was detected that tried redirecting you to an external site. Please proceed with caution, this may have been an attempt to steal your login details. <a href='" . WWW . "'>Return to site</a>");
- }
- else
- {
- $_SESSION['page-redirect'] = $reqPage;
- }
- }
- $_SESSION['UBER_USER_N'] = $users->GetUserVar($users->Name2id($credUser), 'username');
- $_SESSION['UBER_USER_H'] = $credPass;
- if (isset($_POST['_login_remember_me']))
- {
- $_SESSION['set_cookies'] = true;
- }
- header("Location: " . WWW . "/security_check");
- exit;
- }
- else
- {
- $errors[] = "An error has occured, please contact a system administrator.";
- }
- }
- if (count($errors) > 0)
- {
- $loginResult = '<style>
- body{
- margin:0;
- }
- #error{
- font-family: verdana;
- font-size: 12px;
- font-weight:bold;
- padding: 15px;
- color:white;
- text-align:center;
- }
- .red {
- background-color:#CB2121;
- }
- </style>';
- $errCnt = 0;
- foreach ($errors as $err)
- {
- if($errCnt) {
- $loginResult .= '<div id="error" class="red">' . $err . '';
- } else {
- $loginResult .= '<div id="error" class="red">' . $err . '</div>';
- }
- $errCnt++;
- }
- $loginResult .= '</div>';
- $frontpage->SetParam('login_result', $loginResult);
- }
- }
Add Comment
Please, Sign In to add comment