Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- if (isset($_GET['u']) && isset($_GET['p']) && isset($_GET['v'])) {
- $version = $_GET['v'];
- if ($version >= 1180) {
- include("config.php");
- include("funcs.php");
- $connect = mysql_connect(MYSQL_ADDRESS,MYSQL_USERNAME,MYSQL_PASSWORD) or die(mysql_error());
- mysql_select_db(MYSQL_DATABASE) or die(mysql_error());
- $loggedin = 0;
- $ulevel = 0;
- $ufunc = 0;
- $cuser = "a";
- $username = "a";
- $username = $_GET['u'];
- $upm = 0;
- if (isset($_GET['upm'])) {
- $upm = $_GET['upm'];
- }
- $upm = md5($upm);
- $npassword = $_SERVER['QUERY_STRING'];
- $password = urlencode($_GET['p']);
- $groups = array();
- $xpassword = preg_match("/(.*)&v=(.*)&upm=(.*)&p=(.*)/", $npassword, $groups);
- $xpassword = $groups[4];
- $method = 0;
- $username = escapem($username);
- $version = escapem($version);
- //$password = escapem($password);
- $tpassword = md5($xpassword);
- if ($upm == 0) {
- $res = mysql_query("SELECT username, phlevel FROM ".MYSQL_PREFIX."_users WHERE username='$username' AND password='$tpassword'");
- $method = 1;
- } else {
- $res = mysql_query("SELECT username, phlevel, ac_md5 FROM ".MYSQL_PREFIX."_users WHERE username='$username' AND ac_md5='$upm'");
- $method = 2;
- }
- $num = mysql_num_rows($res);
- $row = mysql_fetch_array($res);
- if ($num == 1) {
- $ip = $_SERVER['REMOTE_ADDR'];
- $now = time();
- $username = $row['username'];
- $loggedin = 1;
- echo "$username";
- } else {
- echo "error2 - User: $username - Password: $groups[4] - UPM: $upm - $method";
- #print_r($groups);
- }
- } else {
- echo "update";
- }
- }
- ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement