Файл: sys/user.php
Строк: 13
<?php
// Авторизация
if (isset($_POST['us']) or isset($_GET['us']) and isset($_POST['ps']) or isset($_GET['ps']))
{
$us = char(mysql_real_escape_string($_REQUEST['us']), 0);
$pswd = char(mysql_real_escape_string($_REQUEST['ps']), 0);
$ps = md5(sha1($pswd));
$sqlAut = mysql_query("SELECT id FROM users WHERE login = '$us' AND password = '$ps' LIMIT 1");
if (mysql_num_rows($sqlAut) != false)
{
$user = mysql_fetch_assoc($sqlAut);
$_SESSION['us'] = $user['id'];
$_SESSION['ps'] = $ps;
setcookie('us', $user['id'], $rtime + 604800, '/');
setcookie('ps', $ps, $rtime + 604800, '/');
}
else
{
session_destroy();
setcookie('us', '');
setcookie('ps', '');
header('Location: /?errorAut');
die();
}
}
if (isset($_SESSION['us']) && isset($_SESSION['ps']))
{
$sqlAut = mysql_query("SELECT * FROM users WHERE id = '$_SESSION[us]' AND password = '$_SESSION[ps]' LIMIT 1");
if (mysql_num_rows($sqlAut) != false)
{
$user = mysql_fetch_assoc($sqlAut);
}
else
{
session_destroy();
setcookie('us', '');
setcookie('ps', '');
header('Location: /?errorAut');
die();
}
}
// если гость бегает по сайту, кидаем на регу
if ($_SERVER['PHP_SELF'] !== '/aut.php' &&
$_SERVER['PHP_SELF'] !== '/index.php' &&
$_SERVER['PHP_SELF'] !== '/reg.php' &&
$_SERVER['PHP_SELF'] !== '/recall.php' &&
$_SERVER['PHP_SELF'] !== '/help.php' &&
empty($_SESSION['us']) &&
empty($_SESSION['ps']))
{
header('Location: /reg.php');
die();
}
?>