Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- include("Config.php");
- session_start();
- if($_SERVER["REQUEST_METHOD"] == "POST") {
- if(empty($_POST['id']) || empty($_POST['password']) || empty($_POST['username'])) {
- die('Id, Username, Password are not null!!!');
- }
- $id = $_POST['id'];
- $username = mysqli_real_escape_string($db,$_POST['username']);
- $password = mysqli_real_escape_string($db,$_POST['password']);
- if(preg_match('/\s|[\(\)\'"\/\\=&\|1-9]|#|\/\*|into|file|case|group|where|order|offset|limit|and|or|not|null|union|select|from|when|--|;/i', $id))
- die('Filter is working!!!!');
- $sql = "SELECT `id` FROM `user` WHERE `id` = $id AND `password` = '$password'";
- $result = mysqli_query($db,$sql) or die (mysqli_error($db));
- $row = mysqli_fetch_array($result,MYSQLI_ASSOC);
- $count = mysqli_num_rows($result);
- if($count == 1) {
- $_SESSION['login_user'] = $username;
- if (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])){
- $remote_ip = $_SERVER['HTTP_X_FORWARDED_FOR'];
- $user_agent = $_SERVER['HTTP_USER_AGENT'];
- if(preg_match('/[\/%#;-]|into|file|case|group|order|offset|limit|and|or|not|null|union|where|if|ascii|char|ord|case|when|div|mod|\+|\*|\&|\|/i', $remote_ip))
- die('Filter is working!!!!');
- if(preg_match('/[%#;-]|into|file|case|group|order|offset|limit|and|or|not|null|union|where|if|ascii|char|ord|case|when|div|mod|\+|\*|\&|\|/i', $user_agent))
- die('Filter is working!!!!');
- $user_id = $row['id'];
- $sql_insert = "INSERT INTO `log`(`username`,`remote_ip`, `user_agent`) VALUES ('$username','$remote_ip','$user_agent')";
- mysqli_query($db,$sql_insert) or die (mysqli_error($db));
- $result = mysqli_affected_rows($db);
- if($result > 0){
- //get log data
- $sql = "SELECT `username`, `remote_ip`, `user_agent` FROM `log` WHERE `username` = '$username' ORDER BY timestamp DESC LIMIT 1";
- $result = mysqli_query($db,$sql) or die (mysqli_error($db));
- $row = mysqli_fetch_array($result,MYSQLI_ASSOC);
- $count = mysqli_num_rows($result);
- if($count == 1) {
- echo "[Log]- Remote IP: ".$row['remote_ip']." | User agent: ".$row['user_agent']." | Username: ".$row['username'];
- }
- }
- }
- }else {
- $error = "Your Id or Password is invalid";
- echo $error;
- }
- mysqli_close($db);
- }
- ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement