Файл: inc/head.php
Строк: 41
<?php
/*@session_name('SESS');
ini_set('session.save_path', '/home/diz.ru/tmp/');*/
session_start();
$sess=mysql_escape_string(session_id());
if (!eregi('[A-z0-9]{32}',$sess))$sess=md5(rand(09009,999999));
$nick=mysql_real_escape_string($_REQUEST['login']);
if (isset($_GET['login']) and isset($_GET['password']))
{
$result=mysql_query("SELECT * FROM `".prefix."users` WHERE `login`='".$nick."' AND `password`='".$_GET['password']."'");
if (mysql_num_rows($result)==1)
{
$_USER=mysql_fetch_array(mysql_query("SELECT * FROM `".prefix."users` WHERE `login`='".$nick."' AND `password` = '".$_GET['password']."' LIMIT 1"));
$_SESSION['id_user']=$_USER['id'];
setcookie('id_user', $_USER['id'], time()+60*60*24*365);
$_enter=true;setcookie('password', cookie_encrypt($_POST['password'],$_USER['id']), time()+60*60*24*365);
}
}
elseif
(isset($_POST['login']) and isset($_POST['password']))
{
$result=mysql_query("SELECT * FROM `".prefix."users` WHERE `login`='".$nick."' AND `password`='".$_POST['password']."'");if (mysql_num_rows($result)==1)
{
$_USER=mysql_fetch_array(mysql_query("SELECT * FROM `".prefix."users` WHERE `login`='".$nick."' AND `password` = '".$_POST['password']."' LIMIT 1"));
$_SESSION['id_user']=$_USER['id'];
$_enter=true;setcookie('id_user', $_USER['id'], time()+60*60*24*365);setcookie('password', cookie_encrypt($_POST['password'],$_USER['id']), time()+60*60*24*365);
}
}
elseif
(isset($_SESSION['id_user']) and mysql_result(mysql_query("SELECT COUNT(*) FROM `".prefix."users` WHERE `id`='".$_SESSION['id_user']."' LIMIT 1"), 0)==1)
{
$_USER=mysql_fetch_array(mysql_query("SELECT * FROM `".prefix."users` WHERE `id`='".$_SESSION['id_user']."' LIMIT 1"));$_enter=true;
}
if (isset($_COOKIE['id_user']) and isset($_COOKIE['password']) and $_COOKIE['id_user']!=NULL and $_COOKIE['password']!=NULL)
{
if (mysql_result(mysql_query("SELECT COUNT(*) FROM `".prefix."users` WHERE `id` = ".intval($_COOKIE['id_user'])." AND `password` = '".cookie_decrypt($_COOKIE['password'],intval($_COOKIE['id_user']))."' LIMIT 1"), 0)==1)
{
$_USER=mysql_fetch_array(mysql_query("SELECT * FROM `".prefix."users` WHERE `id` = ".intval($_COOKIE['id_user'])." AND `password` = '".cookie_decrypt($_COOKIE['password'],intval($_COOKIE['id_user']))."' LIMIT 1"));
$_SESSION['id_user']=$_USER['id'];
$_enter=true;
}
else
{
$_enter=false;
setcookie('id_user');
setcookie('password');
}
}
$_zapros='?';
?>