Файл: modules/auth/index.php
Строк: 44
<?php
switch ($act) {
default:
if (is_auth())
{
redirect(HTTPHOME);
}
$cuser = (isset($_COOKIE['cuser'])) ? check($_COOKIE['cuser']) : FALSE;
$config['newtitle'] = $lang['Sign_In'];
$tpl['file'] = 'login';
require_once 'core/header.php';
break;
case 'auth':
$username = isset($_POST['username']) ? check(utf_lower($_POST['username'])) : check(utf_lower($_GET['u']));
$password = isset($_POST['password']) ? hash('sha512', md5(md5(check($_POST['password'])))) : hash('sha512', md5(md5(check($_GET['p']))));
$cookies = !empty($_POST['cookies']) ? 1 : FALSE;
if ($username && $password)
{
$checkuser = DB::run()->queryFetch("select `username`, `password`, `verified` from `users` where `username` = ? and `password` = ? limit 1;", array($username, $password));
if ($checkuser)
{
if ($checkuser['verified'] == 1)
{
$encodedpass = hash('sha512', md5(md5($checkuser['password'].$config['keypass'])));
if ($cookies)
{
setcookie("cuser", $checkuser['username'], time() + 3600 * 24 * 365, '/', '');
setcookie("ckey", $encodedpass, time() + 3600 * 24 * 365, '/', '');
}
$_SESSION['suser'] = $checkuser['username'];
$_SESSION['skey'] = $encodedpass;
$_SESSION['ip'] = $ip;
DB::run()->query("UPDATE `users` SET `lastseen` = ?, `ip` = ?, `browser` = ? WHERE `username` = ?;", array(TIME, $ip, $browser, $checkuser['username']));
redirect(HTTPHOME);
}
else
{
$_SESSION['note'] = $lang['Please_verify_your_email_address'];
}
}
else
{
$_SESSION['note'] = $lang['The_username_or_password_you_entered_is_incorrect'];
}
}
redirect(HTTPHOME.'login');
break;
case 'logout':
if (is_auth())
{
DB::run()->query("delete from `online` where `userid` = ?;", array($u['id']));
$_SESSION = array();
setcookie('ckey', '', 0, '/', '');
setcookie(session_name(), '', 0, '/', '');
session_unset();
session_destroy();
}
redirect(HTTPHOME.'login');
break;
}