Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- //---------------------------------\\
- //-- DREAM CMS R63 --\\
- //-- DEVELOPED BY iBENSON --\\
- //---------------------------------\\
- include('_inc/core.php');
- if ($_GET['from'] == 'register') {
- $username = $_SESSION['login_username'];
- $password = $_SESSION['login_password'];
- if (mysql_num_rows(mysql_query("SELECT * FROM `users` WHERE `name`='" . $username . "' AND `password`='" . $password . "'"))==1) {
- $token = 'SEC-'.rand(9,999).'_'.sha1(time()).'/'.rand(9,9999999).'/'.rand(9,9999999).'/'.rand(9,9999999);
- mysql_query("UPDATE `users` SET `login_session`='" . $token . "' WHERE `name`='" . $username . "' AND `password`='" . sha1(md5($password).$password) . "'");
- mysql_query("UPDATE `users` SET `update_time`='" . time() . "' WHERE `name`='" . $username . "' AND `password`='" . sha1(md5($password).$password) . "'");
- mysql_query("UPDATE `users` SET `ip`='" . $_SERVER['REMOTE_ADDR'] . "' WHERE `name`='" . $username . "' AND `password`='" . sha1(md5($password).$password) . "'");
- $_SESSION['register_step'] = '1';
- $_SESSION['token'] = $token;
- if(mysql_result(mysql_query("SELECT `level` FROM `users` WHERE `name`='" . $username . "' AND `password`='" . sha1(md5(password).$password) . "'"), 0) != '0'){
- $_SESSION['logged_in'] = true;
- header('location: ' . PATH . '/me');
- }
- }
- }else{
- // submit account details
- $username = $_POST['username'];
- $password = $_POST['password'];
- if($username=='' && $password==''){
- $_SESSION['error_at_login'] = $lang['name_and_pass_missing'];
- header('location: ' . PATH);
- }else if($username != '' && $password == ''){
- $_SESSION['error_at_login'] = $lang['pass_missing'];
- header('location: ' . PATH);
- }else if($username == '' && $password != ''){
- $_SESSION['error_at_login'] = $lang['user_missing'];
- header('location: ' . PATH);
- }else{
- if (mysql_num_rows(mysql_query("SELECT * FROM `users` WHERE `name`='" . $username . "' AND `password`='" . sha1(md5($password).$password) . "'"))==1) {
- $token = 'SEC-'.rand(9,999).'_'.sha1(time()).'/'.rand(9,9999999).'/'.rand(9,9999999).'/'.rand(9,9999999);
- mysql_query("UPDATE `users` SET `login_session`='" . $token . "' WHERE `name`='" . $username . "' AND `password`='" . sha1(md5($password).$password) . "'");
- mysql_query("UPDATE `users` SET `update_time`='" . time() . "' WHERE `name`='" . $username . "' AND `password`='" . sha1(md5($password).$password) . "'");
- mysql_query("UPDATE `users` SET `ip`='" . $_SERVER['REMOTE_ADDR'] . "' WHERE `name`='" . $username . "' AND `password`='" . sha1(md5($password).$password) . "'");
- $_SESSION['register_step'] = '1';
- $_SESSION['token'] = $token;
- $getLevel mysql_query("SELECT level FROM 'users' WHERE 'name`='" . $username ."' AND `password`='" . sha1(md5($password).$password) . "'");
- if($getLevel >= 0) {
- $_SESSION['logged_in'] == true;
- }
- }
- }
- }
- // set page details
- $page['id'] = 'account_submit';
- $page['cat'] = 'account';
- $page['allow_guests'] = 'true';
- $page['set_bg'] = 'false';
- // request page edits
- require_once('_inc/page.php');
- ?>
- <div name="alignbox" align="center">
- <div id="overlay">
- <br />
- <font size="1">You are being redirected... if you are not redirected <a href="<?php echo PATH; ?>/me">click here</a></font>
- <br /><br />
- </div>
- </div>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement