Untitled

<?php
/*************** PHP LOGIN SCRIPT V 2.3*********************
(c) Balakrishnan 2009. All Rights Reserved

Usage: This script can be used FREE of charge for any commercial or personal projects. Enjoy!

Limitations:
- This script cannot be sold.
- This script should have copyright notice intact. Dont remove it please...
- This script may not be provided for download except from its original site.

For further usage, please contact me.

***********************************************************/
include 'dbc.php';

$err = array();

foreach($_GET as $key => $value) {
	$get[$key] = filter($value); //get variables are filtered.
}

if ($_POST['doLogin']=='Login')
{

foreach($_POST as $key => $value) {
	$data[$key] = filter($value); // post variables are filtered
}


$user_email = $data['usr_email'];
$pass = $data['pwd'];


if (strpos($user_email,'@') === false) {
    $user_cond = "user_name='$user_email'";
} else {
      $user_cond = "user_email='$user_email'";

}


$result = mysql_query("SELECT `id`,`pwd`,`full_name`,`approved`,`user_level` FROM users WHERE
           $user_cond
			AND `banned` = '0'
			") or die (mysql_error());
$num = mysql_num_rows($result);

  // Match row found with more than 1 results  - the user is authenticated.
    if ( $num > 0 ) {

	list($id,$pwd,$full_name,$approved,$user_level) = mysql_fetch_row($result);

	if(!$approved) {
	//$msg = urlencode("Account not activated. Please check your email for activation code");
	$err[] = "Account not activated. Please pay. If you already paid, please create a support ticket!";
       // die("<hr>Account not activated. Please pay. If you already paid, please create a support ticket!");

	//header("Location: login.php?msg=$msg");
	 //exit();
	 }

		//check against salt
	if ($pwd === PwdHash($pass,substr($pwd,0,9))) {
	if(empty($err)){

     // this sets session and logs user in
       session_start();
	   session_regenerate_id (true); //prevent against session fixation attacks.

	   // this sets variables in the session
		$_SESSION['user_id']= $id;
		$_SESSION['user_name'] = $full_name;
		$_SESSION['user_level'] = $user_level;
		$_SESSION['HTTP_USER_AGENT'] = md5($_SERVER['HTTP_USER_AGENT']);

		//update the timestamp and key for cookie
		$stamp = time();
		$ckey = GenKey();
		mysql_query("update users set `ctime`='$stamp', `ckey` = '$ckey' where id='$id'") or die(mysql_error());

		//set a cookie

	   if(isset($_POST['remember'])){
				  setcookie("user_id", $_SESSION['user_id'], time()+60*60*24*COOKIE_TIME_OUT, "/");
				  setcookie("user_key", sha1($ckey), time()+60*60*24*COOKIE_TIME_OUT, "/");
				  setcookie("user_name",$_SESSION['user_name'], time()+60*60*24*COOKIE_TIME_OUT, "/");
				   }
		  header("Location: index.php");
		 }
		}
		else
		{
		//die("<hr>Invalid login.");
		header("Location: login.php?msg=$msg");
		}
	} else {
echo("<hr>Invalid login, wrong username/password.");
	  }
}


?>
<html>
<head>
<title>Equinox Stress Test</title>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<link href="style1.css" rel="stylesheet" type="text/css" />
</head>
<body>
<div class="main">
  <div class="blok_header">
    <div class="header">
      <div class="logo"> <a href="index.html"><img src="images/logo.gif" width="139" height="153" border="0" alt="logo" class="one" /></a> </div>
      <div class="menu">
        <ul>
          <li><a href="index.php"><span>Home</span></a></li>
          <li><a href="register.php"><span>Register</span></a></li>
<?php
if (checkAdmin()) { ?>
          <li><a href="addshell.php"><span>Add Shell</span></a></li>
		  <li><a href="logs.php"><span>Logs</span></a></li>
		  <li><a href="admin.php"><span>Admin Cp</span></a></li>
		  <li><a href="logout.php"><span>Logout</span></a></li>
 <?php } ?>
        </ul>
      </div>
      <div class="clr"></div>
    </div>
    <div class="clr"></div>
  </div>
  <div class="clr"></div>
  <div class="header_text_bg">
    <h2>&nbsp;</h2>
    <div class="header_text">
      <div class="header_text_resize">
      <h2>			<?php
$link = mysql_connect(DB_HOST, DB_USER, DB_PASS);
mysql_select_db(DB_NAME, $link);
$result = mysql_query("SELECT * FROM getshells", $link);
$num_rows = mysql_num_rows($result);
$result2 = mysql_query("SELECT * FROM postshells", $link);
$num_rows2 = mysql_num_rows($result2);

$shellsOnline = $num_rows + $num_rows2;

echo "There are currently <b>" . $shellsOnline . "</b> shells online.";
?><br />
        <span>We update our shells daily!</span></h2>
        <div class="clr"></div>
      </div>
    </div>
    <div class="clr"></div>
  </div>
  <div class="clr"></div>
</div>

  <div class="body_resize">
    <div class="body">
      <h3>Equinox Stress Test(DDoS)</h3><br />
<span>
	<!--header -->
	<div id="header">
	<div id="header-links">
	No account? <b><a href="register.php">Click here</a></b> to buy.
	</div>
	</div>
	<div id="header-photo">
		<h1 id="logo-text"><a href="home.html" title=""></a></h1>
	<div id="playnow">
	<table class="l0g1n">
	<form action="login.php" method="post" name="logForm" id="logForm" >
	<tr>
	<td><b>Username</b></td>
	<td><input name="usr_email" type="text" class="required" id="txtbox" size="25"></li></td>
	</tr>
	<tr>
	<td><b>Password</b></td>
	<td>
	<input name="pwd" type="password" class="required password" id="txtbox" size="25"></li></td>
	</tr>
	<tr>
	<td>
	<input name="doLogin" type="submit" id="doLogin3" value="Login"></li>
	</td>
	<td>
	<input name="remember" type="checkbox" id="remember" value="1">&nbsp;
	<b>Remember me</b><br></li>
	</td>
	</tr>
	</form>
	</table>
	</div>
</span>
    </div>
    <div class="clr"></div>
  </div>
</body>
</html>

<br/><br/><br/><br/><br/><br/>

<?php
include 'footer.php';
?>