Файл: autorize.php
Строк: 33
<?php
session_start();
include ('private/mysql.php');
include ('tmp/head.php');
if($_GET['login'] == '' and $_GET['password'] == ''){
$login = mysql_real_escape_string(htmlspecialchars($_POST['login']));
$password = mysql_real_escape_string(htmlspecialchars($_POST['password']));
}else{
$login = mysql_real_escape_string(htmlspecialchars($_GET['login']));
$password = mysql_real_escape_string(htmlspecialchars($_GET['password']));
}
if($login == '' or $password == ''){
echo "Необходимо заполнить все поля.<br><a href='index.php'>Назад</a>";
exit;
}
$hash = md5(md5($password));
$q = mysql_query("SELECT * FROM `users` WHERE `login`='$login'");
$e = mysql_num_rows($q);
if($e == '0'){
$_SESSION['enter_error'] = "true";
header('Location: index.php');
exit;
}
$w = mysql_fetch_assoc($q);
if($hash !== $w['password']){
$_SESSION['enter_error'] = "true";
header('Location: index.php');
exit;
}
$_SESSION['uid'] = $w['id'];
$uid = $_SESSION['uid'];
$set_online = time()+900;
mysql_query("UPDATE `users` SET `online`='$set_online' WHERE `id`='$uid'");
header('Location: main.php?');
exit;
?>