Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?
- if(!defined("IN_SCRIPT")) die("Hacking Attempt!");
- $ME['login'] = '0';
- $ME['ip'] = $_SERVER['REMOTE_ADDR'];
- $ME['browser'] = $_SERVER['HTTP_USER_AGENT'];
- $ME['id'] = '0';
- //validate username & password if send, so user can login
- if(isset($_GET['login'])){
- if(isset($_POST['login_username']) && isset($_POST['login_password'])){
- $username = $_POST['login_username'];
- $password = sha1(stripslashes($_POST['login_password']));
- $autologin = isset($_POST['autologin']) ? true : false;
- $sql = "SELECT * FROM `".TBL_USERS."` WHERE username='".$username."' LIMIT 1";
- $query = mysql_query($sql);
- if($ds = mysql_fetch_array($query)){
- if($password == $ds['password']){
- $sid = $f->rand_string(50);
- $zid = $f->rand_string(10);
- $czid = sha1($ds['username'].$ds['password'].$zid);
- $jetzt = time();
- $sql = "INSERT INTO `".TBL_SESSIONS."` SET
- sid='".$sid."',
- zid='".$zid."',
- uid='".$ds['id']."',
- datum='".$jetzt."',
- ip='".$ME['ip']."'
- ";
- $query = mysql_query($sql);
- if($query){
- if($autologin){
- setcookie(COOKIE_PREFIX."sid", $sid, $jetzt+(365*24*60*60));
- setcookie(COOKIE_PREFIX."zid", $czid, $jetzt+(365*24*60*60));
- }else{
- setcookie(COOKIE_PREFIX."sid", $sid);
- setcookie(COOKIE_PREFIX."zid", $czid);
- }
- $f->redirect("/");
- }else{
- //mysql-error
- }
- }else{
- //incorrect username/_password_
- }
- }else{
- //incorrect _username_/password
- }
- }else{
- }
- }
- //validate cookies if set
- if(isset($_COOKIE[COOKIE_PREFIX.'sid']) && isset($_COOKIE[COOKIE_PREFIX.'zid'])){
- $csid = $_COOKIE[COOKIE_PREFIX.'sid'];
- $czid = $_COOKIE[COOKIE_PREFIX.'zid'];
- if(preg_match('/^[a-zA-Z0-9]+$/',$csid) && preg_match('/^[a-f0-9]+$/i',$czid)){
- $sql = "SELECT * FROM `".TBL_SESSIONS."` WHERE sid='".$csid."' LIMIT 1";
- $query = mysql_query($sql);
- if($ds = mysql_fetch_array($query)){
- $uid = $ds['uid'];
- $zid = $ds['zid'];
- unset($ds);
- unset($query);
- $sql = "SELECT * FROM `".TBL_USERS."` WHERE id='".$uid."' LIMIT 1";
- $query = mysql_query($sql);
- if($ds = mysql_fetch_array($query)){
- $password = $ds['password'];
- $username = $ds['username'];
- $nzid = sha1($username.$password.$zid);
- if($nzid == $czid){
- @@ $ME['login'] = '1'; //cookies are absolutely okay
- $ME['id'] = $uid;
- $levels = explode(" ",$ds['level']);
- foreach($levels as $level){
- if(trim($level) != ""){
- if(preg_match('/^(.+)=(.+)$/', $level, $ret)){
- $ME['level'][$ret[1]] = $ret[2];
- }else{
- $ME['level'][$level] = "1";
- }
- }
- }
- }
- unset($ds);
- unset($query);
- }
- }
- }
- }
- if(isset($_GET['logout'])){
- if($ME['login']){
- $sql = "DELETE FROM `".TBL_SESSIONS."` WHERE uid='".$ME['id']."'";
- $query = mysql_query($sql);
- }
- setcookie(COOKIE_PREFIX."sid", '', time()-1000);
- setcookie(COOKIE_PREFIX."zid", '', time()-1000);
- $f->redirect("/");
- }
- ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement