Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- session_start();
- if (isset($_POST['username'])) { $username = $_POST['username']; if ($username == '') { unset($username);} }
- if (isset($_POST['password'])) { $password=$_POST['password']; if ($password =='') { unset($password);} }
- if (empty($username) or empty($password))
- {
- exit ("All fields are required!");
- }
- $username = stripslashes($username);
- $username = htmlspecialchars($username);
- $password = stripslashes($password);
- $password = htmlspecialchars($password);
- $username = trim($username);
- $password = trim($password);
- include ("blocks/db.php");
- $ip=getenv("HTTP_X_FORWARDED_FOR");
- if (empty($ip) || $ip=='unknown') { $ip=getenv("REMOTE_ADDR"); }
- mysql_query ("DELETE FROM ips WHERE UNIX_TIMESTAMP() - UNIX_TIMESTAMP(date) > 900");
- $result = mysql_query("SELECT col FROM ips WHERE ip='$ip'",$db);
- $myrow = mysql_fetch_array($result);
- if ($myrow['col'] > 2) {
- exit("Too many failed logins. Please try again after 15 minutes.");
- }
- $password = md5($password);
- $password = strrev($password);
- $password = $password."b3p6f";
- $result = mysql_query("SELECT * FROM community WHERE username='$username' AND password='$password'",$db);
- $myrow = mysql_fetch_array($result);
- if (empty($myrow['id']))
- {
- $select = mysql_query ("SELECT ip FROM ips WHERE ip='$ip'");
- $tmp = mysql_fetch_row ($select);
- if ($ip == $tmp[0])
- {
- $result52 = mysql_query("SELECT col FROM ips WHERE ip='$ip'",$db);
- $myrow52 = mysql_fetch_array($result52);
- $col = $myrow52[0] + 1;
- mysql_query ("UPDATE ips SET col=$col,date=NOW() WHERE ip='$ip'");
- }
- else
- {
- mysql_query ("INSERT INTO ips (ip,date,col) VALUES ('$ip',NOW(),'1')");
- }
- exit ("Incorrect username or password.");
- }
- else
- {
- $_SESSION['password']=$myrow['password'];
- $_SESSION['username']=$myrow['username'];
- $_SESSION['id']=$myrow['id'];
- if (isset($_POST['save'])){
- setcookie("username", $_POST["username"], time()+9999999);
- setcookie("password", $_POST["password"], time()+9999999);}
- }
- echo "<html><head><meta http-equiv='Refresh' content='0; URL=index.php'></head></html>";
- ?>
Add Comment
Please, Sign In to add comment