SHARE
TWEET

Untitled

a guest May 27th, 2019 73 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. <?php
  2. if(!empty($_SERVER['HTTP_X_REQUESTED_WITH']) && strtolower($_SERVER['HTTP_X_REQUESTED_WITH']) == 'xmlhttprequest') {
  3.     $is_ajax = $_REQUEST['is_ajax'];
  4.     if(isset($is_ajax) && $is_ajax) {
  5.         if(isset($_COOKIE["block"])) {
  6.             $cookie = json_decode($_COOKIE['block']);
  7.             $time = $cookie->expiry - time();
  8.             echo "wait%" . $time;
  9.             return;
  10.         }
  11.         else {
  12.             if(!isset($_SESSION['attempts'])) {
  13.                 $_SESSION['attempts'] = 1;
  14.             }
  15.             else {
  16.                 if($_SESSION['attempts'] >= 3) {
  17.                     $expiry = time() + 60;
  18.                     $cookieData = array("data" => 1, "expiry" => $expiry);
  19.                     setcookie("block", json_encode($cookieData), $expiry);
  20.                     $_SESSION['attempts'] = 1;
  21.                     $time = $expiry - time();
  22.                     echo "wait%" . $time;
  23.                     return;
  24.                 }
  25.                 else {
  26.                     $_SESSION['attempts']++;
  27.                 }
  28.             }
  29.         }
  30.         require once "assets/libs/gump.class.php";
  31. $gump = new GUMP();
  32. $_REQUEST = $gump->sanitize($_REQUEST);
  33.         $u = $mysqli->real_escape_string($_REQUEST['username']);
  34.         $p = $_REQUEST['password'];
  35.         $s = $mysqli->query("SELECT * FROM `accounts` WHERE `name`='".$u."'") or die();
  36.         $i = $s->fetch_assoc();
  37.         if($i['password'] == hash('sha512',$p.$i['salt']) || sha1($p) == $i['password']) {
  38.             #echo "SELECT * FROM `accounts` WHERE `name`='".$i['name']."' AND `password`='".$i['password']."'";
  39.             $userz = $mysqli->query("SELECT * FROM `accounts` WHERE `name`='".$i['name']."' AND `password`='".$i['password']."'") or die();
  40.             $auser = $userz->fetch_assoc();
  41.             $checkpname = $mysqli->query("SELECT * FROM ".$prefix."profile WHERE accountid=".$auser['id']."");
  42.             $countcheckpname = $checkpname->num_rows;
  43.             $checkprofile = $checkpname->fetch_assoc();
  44.             $_SESSION['id'] = $auser['id'];
  45.             $_SESSION['name'] = $auser['name'];
  46.             $_SESSION['mute'] = $auser['mute'];
  47.             $_SESSION['email'] = $auser['email'];
  48.             if($countcheckpname == 1) {
  49.                 $_SESSION['pname'] =  $checkprofile['name'];
  50.             }
  51.             else {$_SESSION['pname'] = "checkpname";}
  52.             if($auser['webadmin'] == "1") {
  53.                 $_SESSION['admin'] = $auser['webadmin'];
  54.             }
  55.             if(isset($auser['gm']) && $auser['gm'] >= $gmlevel) { // Make sure that the gm column exists. If it does, check if gmLevel is above
  56.                 $_SESSION['gm'] = $auser['gm'];
  57.             }
  58.             echo "success";
  59.         }
  60.         else {
  61.             // echo "bad password";
  62.         }
  63.     }
  64.     else {
  65.         // echo "not ajax";
  66.     }
  67. }
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top