<?php mysql_connect('localhost', 'table', 'pass') or die(mysql_error());

1. <?php
2.     mysql_connect('localhost', 'table', 'pass') or die(mysql_error());
3.     mysql_select_db('spiider_gate') or die(mysql_error());
4.  
5.     $user = @addslashes($_GET['username']);
6.     $pass = @addslashes($_GET['password']);
7.     $update = @addslashes($_GET['a']);
8.     $upload = @addslashes($_GET['u']);
9.     $t = @addslashes($_POST['data']);
10.     $password = md5($pass);
11.     $ip = $_SERVER['REMOTE_ADDR'];
12.    
13.     $sql = "SELECT Count(*) as Number FROM users WHERE username='" . $user . "' AND password='" . $password . "'";
14.     $query = mysql_query($sql) or die(mysql_error());
15.    
16.     $sql10 = "SELECT Count(*) as Number FROM ac WHERE username='" . $user . "'";
17.     $query10 = mysql_query($sql10) or die(mysql_error());
18.  
19.     $result = mysql_fetch_array($query);
20.     $NumberOfUsers = $result['Number'];
21.    
22.     $result10 = mysql_fetch_array($query10);
23.     $ac10 = $result10['Number'];
24.    
25.     $sql1 = "SELECT id FROM users WHERE username='" . $user . "' AND password='" . $password . "'";
26.     $query1 = mysql_query($sql1) or die(mysql_error());
27.  
28.     $result1 = mysql_fetch_array($query1);
29.     $userid = $result1['id'];
30.     if ($NumberOfUsers == 1) {
31.    
32.     $sql2= "UPDATE users SET ip='" . $ip ."' WHERE username='" . $user . "'";
33.     $query2 = mysql_query($sql2) or die(mysql_error());
34.     }
35.    
36.    
37. if ( $upload < 1 )
38.     {
39.     if ($NumberOfUsers != 1) {
40.        
41.         /*header('WWW-Authenticate: Basic realm="Login Failed"');
42.         header('Status: Login Failed');
43.         /* Special Header for CGI mode */
44.        /* header('HTTP-Status: Login Failed');
45.            
46.             exit;*/
47.             echo "Login Failed";
48.     } else {
49.     echo "Hi you are now logged!";
50.     if( $ac10 == 1)
51.     {
52.     $s1 = "UPDATE ac SET lastime='".time()."' WHERE username='".$user."'";
53.     mysql_query($s1) or die(mysql_error());
54.     }else{
55.     $s2 = "INSERT INTO ac VALUES('" . $user . "','".time()."')";
56.     mysql_query($s2) or die(mysql_error());
57.     }
58.     }    
59.  
60.     } else {
61.         if($NumberOfUsers == 1 && $update == 1)
62.         {
63.             $s3 = "UPDATE ac SET lastime='".time()."' WHERE username='".$user."'";
64.             mysql_query($s3) or die(mysql_error());
65.         }
66.         if ($upload == 1 ) {
67. if ($NumberOfUsers == 1) {
68. $now = date("YmdHms");  
69. $nome = $user.$now.".jpg";
70. $uploaddir = 'upload/'; // Relative Upload Location of data file
71.  
72. if (is_uploaded_file($_FILES['file']['tmp_name'])) {
73.  
74. $uploadfile = $uploaddir . basename($nome);
75.  
76. echo "File ". $_FILES['file']['name'] ." uploaded successfully. ";
77.  
78. if (move_uploaded_file($_FILES['file']['tmp_name'], $uploadfile)) {
79.  
80. echo "File is valid, and was successfully moved. ";
81.  
82. }
83.  
84. else
85.  
86. print_r($_FILES);
87.  
88. }
89.  
90. else {
91.  
92. echo "Upload Failed!!!";
93.  
94. print_r($_FILES);
95.  
96. }}
97. }
98.  
99. if ($upload == 2)
100. {
101.    
102. if ($NumberOfUsers == 1) {
103. $now = date("YmdHms");  
104. $nome = $user.$now.".txt";
105. $uploaddir = 'upload/'; // Relative Upload Location of data file
106.  
107. if (is_uploaded_file($_FILES['file']['tmp_name'])) {
108.  
109. $uploadfile = $uploaddir . basename($nome);
110.  
111. echo "File ". $_FILES['file']['name'] ." uploaded successfully. ";
112.  
113. if (move_uploaded_file($_FILES['file']['tmp_name'], $uploadfile)) {
114.  
115. echo "File is valid, and was successfully moved. ";
116.  
117. }
118.  
119. else
120.  
121. print_r($_FILES);
122.  
123. }
124.  
125. else {
126.  
127. echo "Upload Failed!!!";
128.  
129. print_r($_FILES);
130.  
131. }}
132. }
133.     }
134.         ?>