Файл: test.otwap.aux.su/test/enter.php
Строк: 68
<?php
session_start();
define ("TITLE", "Вход | WAP-казино");
include("head.php");
include("config.php");
include("bd.php");
echo '<div class="title"><div class="titletext"><b>Вход</b></div></div>';
$login = htmlspecialchars(trim($_GET['login']));
$pass = htmlspecialchars(trim($_GET['pass']));
$login = mysql_real_escape_string($login);
$pass = mysql_real_escape_string($pass);
$login = str_replace('/','',$login);
$login = str_replace('DROP','',$login);
$login = str_replace('drop','',$login);
$login = str_replace('UPDATE','',$login);
$login = str_replace('update','',$login);
$login = str_replace('SELECT','',$login);
$login = str_replace('select','',$login);
$login = str_replace('INSERT','',$login);
$login = str_replace('insert','',$login);
$login = str_replace('TRUNCATE','',$login);
$login = str_replace('truncate','',$login);
$login = str_replace('*','',$login);
$login = str_replace('"','',$login);
$login = str_replace('`','',$login);
$login = str_replace('.','',$login);
$pass = str_replace('/','',$pass);
$pass = str_replace('DROP','',$pass);
$pass = str_replace('drop','',$pass);
$pass = str_replace('UPDATE','',$pass);
$pass = str_replace('update','',$pass);
$pass = str_replace('SELECT','',$pass);
$pass = str_replace('select','',$pass);
$pass = str_replace('INSERT','',$pass);
$pass = str_replace('insert','',$pass);
$pass = str_replace('TRUNCATE','',$pass);
$pass = str_replace('truncate','',$pass);
$pass = str_replace('*','',$pass);
$pass = str_replace('"','',$pass);
$pass = str_replace('`','',$pass);
$pass = str_replace('.','',$pass);
if(empty($login)){
echo '<div class="bl"><div class="bltext">Не введено поле "Логин"!<br/>';
echo '»<a href="index.php"><b>Назад</b></a></div></div>';
include("foot.php");
exit();
}
if(empty($pass)){
echo '<div class="bl"><div class="bltext">Не введено поле "пароль"!<br/>';
echo '»<a href="index.php"><b>Назад</b></a></div></div>';
include("foot.php");
exit();
}
$res = mysql_query("SELECT * FROM user WHERE login='$login' and pass='$pass' LIMIT 1;");
if(!@mysql_num_rows($res))
{
print '<div class="bl"><div class="bltext">Ошибка входа!<br/>';
print '»<a href="index.php">Назад</a></div></div>';
include("foot.php");
exit();
}else{
$_SESSION['auth'] = true;
$_SESSION['login'] = htmlspecialchars(trim($login));
$_SESSION['pass'] = htmlspecialchars(trim($pass));
echo '<div class="bl"><div class="bltext"><b>Вы успешно вошли!</b><br />';
echo "»<a href='panel.php?".session_name()."=".session_id()."'>В личный кабинет</a></div></div>
<div class='bl'><div class='bltext'>»<a href='index.php'>На главную</a></div></div>";
}
include("foot.php");
?>