Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- // Фильтр инъекций
- function filterHTML($str) {
- $blacklist = array ('?','&','<','>','"',"'","/",'INSERT','UPDATE','DELETE','WHERE', ' ');
- for($i=0;$i<=count($blacklist);$i++){
- $str = str_replace(strtolower($blacklist[$i]), null, ($str));
- }
- $str = htmlspecialchars(trim(stripslashes($str)));
- return $str;
- }
- // Функция авторизации администратора
- function AdminAuth($username,$password,$ws_conf){
- $mysqli = mysqli_connect($ws_conf['db']['host'],$ws_conf['db']['user'],$ws_conf['db']['pass'],$ws_conf['db']['base']);
- if ($mysqli->connect_errno) {
- $JSON_message = '{"result": "erorr", "message": "Ошибка соединения с базой данных."}';
- exit($JSON_message);
- }
- $username = filterHTML($username);
- $password = filterHTML($password);
- if($username != false && $password != false) {
- $continue = true;
- }
- if(!$continue) exit ('{"result": "erorr", "message": "Данные не прошли обработку."}');
- $getAccount = $mysqli->Query("SELECT * FROM `ws_users` WHERE `ws_username`='".$username."' AND `ws_password`='".$password."' AND `ws_admin`=1 LIMIT 1");
- if($getAccount->num_rows > 0) {
- while($admin = $getAccount->Fetch_Array()){
- $db_password = $admin['ws_password'];
- }
- if($password == $db_password) {
- $_SESSION['ws_admin'] = md5($password.rand(44444444,999999999999).$username.$db_password);
- $_SESSION['ws_user'] = $username;
- $JSON_message = '{"result": "success", "message": "logged_in", "adminLink": "/extends/pages/adminarea.php"}';
- exit ($JSON_message);
- } else {
- $JSON_message = '{"result": "error", "message": "Не верные данные."} ';
- exit ($JSON_message);
- }
- } else {
- $JSON_message = '{"result": "error", "message": "Не верные данные."}';
- exit ($JSON_message);
- }
- }
- if(isset($_GET['action'])) {
- if($_GET['action'] == 'admin_auth') {
- $username = $_GET['username'];
- $password = $_GET['password'];
- AdminAuth($username,$password,$ws_conf);
- }
- } else {
- $JSON_message = '{"result": "erorr", "message": "Не назначен параметр $_GET action"}';
- exit ($JSON_message);
- }
- ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement