Файл: qiwi/user/aut.php
Строк: 27
<?
####### #######
# #
# by DaNzO #
# #
####### #######
include '../inc/db.php';
head();
if (isset($user['id'])){
header("Location: /index");
exit();
}
if (isset($_POST['aut'])){
if ($_SESSION['img'] != htmlspecialchars($_POST['img'])){
echo '<div class="err">Неверный код<br /><center><img src="/css/ajax-loader.gif"/></center></div>';
header('Refresh: 5; url=/index');
foot();
exit();
}
$query = mysql_query("SELECT id,pass FROM user WHERE login='".mysql_real_escape_string($_POST['login'])."' LIMIT 1");
$data = mysql_fetch_assoc($query);
if($data['pass'] === md5(md5($_POST['pass']))){
setcookie ("id", $data['id'], time() + 50000);
setcookie ("pass", $data['pass'], time() + 50000);
$_SESSION['id'] = $data['id'];
$_SESSION['login'] = $_POST['login'];
header('Location: /AutOk'); exit();
}
else
{
echo '<div class="err">Неправильные данные<br /><center><img src="/css/ajax-loader.gif"/></center></div>';
header('Refresh: 5; url=/index');
foot();
exit();
}
}
echo '<div class="menu">';
echo '
<form method="POST">
Логин: <br /><input name="login" type="text"/><br />
Пароль: <br /><input name="pass" type="password"/><br />
Введите код: <br />
<img src="/img.php" alt="captcha"/><br />
<input type="text" name="img" /><br />
<input name="aut" type="submit" value="Войти"/>
</form>
';
echo '</div>';
foot();
?>