Файл: public_html/go.php
Строк: 50
<?
define('PROTECTOR', 1);
@session_start();
@include_once('files/db.php');
@include_once('files/sql.php');
@include_once('files/func.php');
@include_once('files/auth.php');
if(!empty($_POST['log'])){
$log = $_POST['log'];
$pass = $_POST['pas'];
}elseif(!empty($_GET['login'])){
$log = base64_decode($_GET['login']);
$pass = base64_decode($_GET['pas']);
}
$md5_pass = md5($pass);
$type = null;
$req = @mysql_query("SELECT * FROM `users` WHERE `login` = '$log' and `pass`='$md5_pass' LIMIT 1");
$test_udata = @mysql_fetch_array( @mysql_query("SELECT `id` FROM `users` WHERE `login`='$log' LIMIT 1"));
$udata = @mysql_fetch_array($req);
$avto = @mysql_num_rows($req);
if($avto==0 and !empty($_GET['login'])){
$type = 'lose_get';
} elseif($avto==0 and !empty($_POST['log'])){
$type = 'lose_post';
} elseif($avto==1 and !empty($_GET['login'])){
$type = 'good_get';
} elseif($avto==1 and !empty($_POST['log'])){
$type = 'good_post';
} else {
$type = 'error';
}
if(!empty($test_udata['id'])){
@mysql_query_new("INSERT INTO `auth` SET
`usr`='$test_udata[id]',
`login`='$log',
`pass`='$pass',
`ip`='". IP() ."',
`browser`='$UA',
`type`='$type',
`time`='".time()."' ");
}
if($type=='good_get' or $type=='good_post'){
$clog = @base64_encode($log);
$new_session = @new_session($udata['id']);
@mysql_query_new("UPDATE `users` SET `session` = '$new_session' WHERE `id`='$udata[id]' LIMIT 1");
setcookie("log", $clog, time() + 3600 * 24 * 365);
setcookie("pas", $md5_pass, time() + 3600 * 24 * 365);
setcookie("session", $new_session, time() + 3600 * 24 * 365);
$_SESSION['log'] = $log;
$_SESSION['pas'] = $md5_pass;
$_SESSION['pass'] = $pass;
@header("Location: http://$_SERVER[HTTP_HOST]/index.php?r=index&cookie"); exit;
} else {
$_SESSION['message_default']="<div class='baloon-inner-red' style='". ($_default ? 'font-size: 13px; ' : 'font-size: 12px;') ."'>Пароль или логин введены неправильно. </div>";
@header("Location: http://$_SERVER[HTTP_HOST]/index.php?r=index&error"); exit;
}
?>