Файл: modules/user/sign_in.php
Строк: 60
<?php
if(isset($user)) header('location: /');
if(!empty($_GET['nick']) && !empty($_GET['password'])) {
$nick = escape($_GET['nick']);
$pass = crypto(input($_GET['password']));
if($db->query("SELECT * FROM `users` WHERE `nick` = '". $nick ."' AND `password` = '". $pass ."'")->rowCount() == 1) {
$userl = $db->query("SELECT * FROM `users` WHERE `nick` = '". $nick ."' AND `password` = '". $pass ."'")->fetch();
setcookie('uid', $userl['id'], time()+60*60*24*1024, '/');
setcookie('password', $pass, time()+60*60*24*1024, '/');
$_SESSION['uid'] = $userl['id'];
$_SESSION['password'] = $pass;
$_SESSION['lang'] = $userl['lang'];
$_COOKIE['lang'] = $userl['lang'];
header('Location: /');
exit;
} else { $err = $lang->word('fail_a');
}
}
elseif(!empty($_POST['nick']) && !empty($_POST['password'])) {
$nick = escape($_POST['nick']);
$pass = crypto(input($_POST['password']));
if($db->query("SELECT * FROM `users` WHERE `nick` = '". $nick ."' AND `password` = '". $pass ."'")->rowCount() == 1) {
$userl = $db->query("SELECT * FROM `users` WHERE `nick` = '". $nick ."' AND `password` = '". $pass ."'")->fetch();
setcookie('uid', $userl['id'], time()+60*60*24*1024, '/');
setcookie('password', $pass, time()+60*60*24*1024, '/');
$_SESSION['uid'] = $userl['id'];
$_SESSION['password'] = $pass;
$_SESSION['lang'] = $userl['lang'];
$_COOKIE['lang'] = $userl['lang'];
header('Location: /');
exit;
} else { $err = $lang->word('fail_a');
}
}
$title = $lang->word('sign_in');
require_once(SYS.'/view/header.php');
$tpl->div('title', $lang->word('sign_in'));
if(isset($err)) { $tpl->div('error', $err); }
echo '<div class="menu">
<form action="?" method="post">
'. $lang->word('nick') .':<br/>
<input type="text" name="nick" /><br/>
'. $lang->word('password') .': [<a href="/user/recovery">'.$lang->word('recovery_pass1').'</a>]<br/>
<input type="password" name="password" /><br/>
<input type="submit" value="'. $lang->word('sign_in_1') .'" />
</form>
</div>';
$tpl->div('block', img('lock.png') .' <a href="/sign_up/">'.$lang->word('sign_up').'</a><br/>'. HICO .'<a href="/">'. $lang->word('home') .'</a>');
require_once(SYS.'/view/footer.php');
?>