Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- if($_SESSION['id']){
- echo "You are already logged in!";
- }else{
- if(!$_POST['login']){
- echo "<fieldset><legend><b>Login to OriginalMS</b></legend>";
- echo "<form method=\"POST\"><center><table border=\"0\" width=\"300\">";
- echo "<tr><td align=\"right\" width=\"50%\"><b>Username:</b></td><td><input type=\"text\" name=\"username\" maxlength=\"12\"></td></tr>";
- echo "<tr><td align=\"right\"><b>Password:</b></td><td><input type=\"password\" name=\"password\" maxlength=\"12\"></td></tr>";
- echo "<tr><td></td><td><input type=\"submit\" name=\"login\" value=\"Login\"></td></tr>";
- echo "</table></center></form>";
- echo "</fieldset>";
- }else{
- $u = mysql_real_escape_string($_POST['username']);
- $p = mysql_real_escape_string($_POST['password']);
- $s = mysql_query("SELECT * FROM `accounts` WHERE `name`='".$u."'") or die(mysql_error());
- $i = mysql_fetch_array($s);
- if($i['password'] == hash('sha512',$p.$i['salt']) || sha1($p) == $i['password']){
- $user = mysql_query("SELECT * FROM `accounts` WHERE `name`='".$i['name']."' AND `password`='".$i['password']."'") or die(mysql_error());
- $auser = mysql_fetch_array($user);
- $_SESSION['id'] = $auser['id'];
- $_SESSION['name'] = $auser['name'];
- $_SESSION['mute'] = $auser['mute'];
- if($auser['webadmin'] == "1"){
- $_SESSION['admin'] = $auser['webadmin'];
- }
- if($auser['gm'] == "1"){
- $_SESSION['gm'] = $auser['gm'];
- }
- $name = mysql_query("SELECT * FROM `web_profile` WHERE `accountid`='".$auser['id']."'") or die(mysql_error());
- $pname = mysql_fetch_array($name);
- if($pname['name'] == NULL){
- $_SESSION['pname'] = NULL;
- }else{
- $_SESSION['pname'] = $pname['name'];
- }
- echo "<META HTTP-EQUIV=Refresh CONTENT=\"0; URL=community.php\">";
- }else{
- echo "The informations you supplied do not match/exist!";
- }
- }
- }
- ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
