<?php //---------------------------------\\ //-- DREAM CMS R63

1. <?php
2. //---------------------------------\\
3. //-- DREAM CMS R63 --\\
4. //-- DEVELOPED BY iBENSON --\\
5. //---------------------------------\\
6. include('_inc/core.php');
7.  
8. if ($_GET['from'] == 'register') {
9. $username = $_SESSION['login_username'];
10. $password = $_SESSION['login_password'];
11.  
12. if (mysql_num_rows(mysql_query("SELECT * FROM `users` WHERE `name`='" . $username . "' AND `password`='" . $password . "'"))==1) {
13. $token = 'SEC-'.rand(9,999).'_'.sha1(time()).'/'.rand(9,9999999).'/'.rand(9,9999999).'/'.rand(9,9999999);
14. mysql_query("UPDATE `users` SET `login_session`='" . $token . "' WHERE `name`='" . $username . "' AND `password`='" . sha1(md5($password).$password) . "'");
15. mysql_query("UPDATE `users` SET `update_time`='" . time() . "' WHERE `name`='" . $username . "' AND `password`='" . sha1(md5($password).$password) . "'");
16. mysql_query("UPDATE `users` SET `ip`='" . $_SERVER['REMOTE_ADDR'] . "' WHERE `name`='" . $username . "' AND `password`='" . sha1(md5($password).$password) . "'");
17. $_SESSION['register_step'] = '1';
18. $_SESSION['token'] = $token;
19. if(mysql_result(mysql_query("SELECT `level` FROM `users` WHERE `name`='" . $username . "' AND `password`='" . sha1(md5(password).$password) . "'"), 0) != '0'){
20. $_SESSION['logged_in'] = true;
21. header('location: ' . PATH . '/me');
22. }
23. }
24. }else{
25. // submit account details
26. $username = $_POST['username'];
27. $password = $_POST['password'];
28.  
29. if($username=='' && $password==''){
30. $_SESSION['error_at_login'] = $lang['name_and_pass_missing'];
31. header('location: ' . PATH);
32. }else if($username != '' && $password == ''){
33. $_SESSION['error_at_login'] = $lang['pass_missing'];
34. header('location: ' . PATH);
35. }else if($username == '' && $password != ''){
36. $_SESSION['error_at_login'] = $lang['user_missing'];
37. header('location: ' . PATH);
38. }else{
39. if (mysql_num_rows(mysql_query("SELECT * FROM `users` WHERE `name`='" . $username . "' AND `password`='" . sha1(md5($password).$password) . "'"))==1) {
40. $token = 'SEC-'.rand(9,999).'_'.sha1(time()).'/'.rand(9,9999999).'/'.rand(9,9999999).'/'.rand(9,9999999);
41. mysql_query("UPDATE `users` SET `login_session`='" . $token . "' WHERE `name`='" . $username . "' AND `password`='" . sha1(md5($password).$password) . "'");
42. mysql_query("UPDATE `users` SET `update_time`='" . time() . "' WHERE `name`='" . $username . "' AND `password`='" . sha1(md5($password).$password) . "'");
43. mysql_query("UPDATE `users` SET `ip`='" . $_SERVER['REMOTE_ADDR'] . "' WHERE `name`='" . $username . "' AND `password`='" . sha1(md5($password).$password) . "'");
44. $_SESSION['register_step'] = '1';
45. $_SESSION['token'] = $token;
46. $getLevel mysql_query("SELECT level FROM 'users' WHERE 'name`='" . $username ."' AND `password`='" . sha1(md5($password).$password) . "'");
47. if($getLevel >= 0) {
48. $_SESSION['logged_in'] == true;
49. }
50. }
51. }
52. }
53.  
54. // set page details
55. $page['id'] = 'account_submit';
56. $page['cat'] = 'account';
57. $page['allow_guests'] = 'true';
58. $page['set_bg'] = 'false';
59.  
60. // request page edits
61. require_once('_inc/page.php');
62. ?>
63. <div name="alignbox" align="center">
64. <div id="overlay">
65. <br />
66. <font size="1">You are being redirected... if you are not redirected <a href="<?php echo PATH; ?>/me">click here</a></font>
67. <br /><br />
68. </div>
69. </div>