Файл: login.php
Строк: 50
<?php
/* Мод "Друзья"
* Версия v0.0.1
* Дата последнего редактирования 23.01.2015
* Двиг DCMS Special
* Модифицировал densnet
* Файл login.php
* Описание: авторизует пользователя
*/
require_once 'sys/inc/start.php';
require_once 'sys/inc/compress.php';
require_once 'sys/inc/sess.php';
require_once 'sys/inc/settings.php';
require_once 'sys/inc/db_connect.php';
require_once 'sys/inc/ipua.php';
require_once 'sys/inc/fnc.php';
$show_all = true; // показ для всех
$input_page = true;
require_once 'sys/inc/user.php';
user::only_unreg();
if (isset($_GET['id']) && isset($_GET['pass'])) {
if (mysql_result(mysql_query("SELECT COUNT(*) FROM `user` WHERE `id` = '" . intval($_GET['id']) . "' AND `pass` = '" . crypt::hash($_GET['pass']) . "' LIMIT 1"), 0) == 1) {
$user = user::get_user($_GET['id']);
$_SESSION['id_user'] = $user['id'];
mysql_query("UPDATE `user` SET `date_aut` = " . time() . " WHERE `id` = '$user[id]' LIMIT 1");
mysql_query("UPDATE `user` SET `date_last` = " . time() . " WHERE `id` = '$user[id]' LIMIT 1");
mysql_query("INSERT INTO `user_log` (`id_user`, `time`, `ua`, `ip`, `method`) values('$user[id]', '$time', '$user[ua]' , '$user[ip]', '0')");
} else {
$err[] = 'Неправильный логин или пароль';
}
} elseif (isset($_POST['nick']) && isset($_POST['pass'])) {
if (mysql_result(mysql_query("SELECT COUNT(*) FROM `user` WHERE `nick` = '" . mysql_real_escape_string($_POST['nick']) . "' AND `pass` = '" . crypt::hash($_POST['pass']) . "' LIMIT 1"), 0)) {
$user = mysql_fetch_assoc(mysql_query("SELECT `id` FROM `user` WHERE `nick` = '" . mysql_real_escape_string($_POST['nick']) . "' AND `pass` = '" . crypt::hash($_POST['pass']) . "' LIMIT 1"));
$_SESSION['id_user'] = $user['id'];
$user = user::get_user($user['id']);
# сохранение данных в COOKIE
if (isset($_POST['aut_save']) && $_POST['aut_save']) {
setcookie('id_user', $user['id'], time() + 3600 * 24 * 365);
setcookie('pass', crypt::encrypt($_POST['pass'], $user['id']), time() + 3600 * 24 * 365);
}
mysql_query("UPDATE `user` SET `date_aut` = '$time', `date_last` = '$time' WHERE `id` = '$user[id]' LIMIT 1");
mysql_query("INSERT INTO `user_log` (`id_user`, `time`, `ua`, `ip`, `method`) values('$user[id]', '$time', '$user[ua]' , '$user[ip]', '1')");
} else {
$err[] = 'Неправильный логин или пароль';
}
} elseif (isset($_COOKIE['id_user']) && isset($_COOKIE['pass']) && $_COOKIE['id_user'] && $_COOKIE['pass']) {
if (mysql_result(mysql_query("SELECT COUNT(*) FROM `user` WHERE `id` = " . intval($_COOKIE['id_user']) . " AND `pass` = '" . crypt::hash(crypt::decrypt($_COOKIE['pass'], intval($_COOKIE['id_user']))) . "' LIMIT 1"), 0) == 1) {
$user = user::get_user($_COOKIE['id_user']);
$_SESSION['id_user'] = $user['id'];
mysql_query("UPDATE `user` SET `date_aut` = '$time', `date_last` = '$time' WHERE `id` = '$user[id]' LIMIT 1");
$user['type_input'] = 'cookie';
} else {
$err[] = 'Ошибка авторизации по COOKIE';
setcookie('id_user');
setcookie('pass');
}
} else {
$err[] = 'Ошибка авторизации';
}
if (!isset($user)) {
$set['title'] = 'Авторизация';
require_once 'sys/inc/thead.php';
aut();
err();
header('Refresh: 1; url=/aut.php');
echo "<div class = 'razd'>";
echo img16('left.png')." <a href = '/aut.php?$passgen'>Повторить попытку входа</a>";
echo "</div>";
require_once 'sys/inc/tfoot.php';
}
$set['title'] = 'Дайджест';
if (IS_WEB) { // для web темы
if (is_dir(H . 'style/themes/' . $user['set_them2'])) {
$set['set_them'] = $user['set_them2'];
} else {
mysql_query("UPDATE `user` SET `set_them2` = '$set[set_them2]' WHERE `id` = '$user[id]' LIMIT 1");
}
} else {
if (is_dir(H . 'style/themes/' . $user['set_them'])) {
$set['set_them'] = $user['set_them'];
} else {
mysql_query("UPDATE `user` SET `set_them` = '$set[set_them]' WHERE `id` = '$user[id]' LIMIT 1");
}
}
if (isset($_GET['return'])) {
header('Location: ' . urldecode($_GET['return']));
} else {
header("Location: /umenu.php?" . SID);
}
exit;