Файл: www/pasw.php
Строк: 51
<?php
include 'inc/mysql.php';
include 'inc/check.php';
include 'inc/functions.php';
top();
if(isset($_SESSION['auth']) && $_SESSION['auth']==1){
header("Location: /?");
exit;
}
if (isset($_GET['login'])){
$login=$_POST['login'];
if (mysql_result(mysql_query("SELECT COUNT(*) FROM `account` WHERE
`login`='".mysql_real_escape_string($login)."'"),0)){
echo '<form action="?secret" method="post">
Логин:
<input name="login" value="'.mysql_real_escape_string($login).'">
<br />
Секретное слово:
<br>
<input name="secret"/>
<input type="submit" value="Дальше"/>
</form>';
exit;
}else{
header("Location: ?");
exit;
}
mysql_result(mysql_query("SELECT COUNT(*) FROM `account` WHERE `login`='".$login."' OR `name`='".$name."'"),0);
}
if (isset($_GET['secret'])){
$login=$_POST['login'];
$secret=$_POST['secret'];
if (mysql_result(mysql_query("SELECT COUNT(*) FROM `account` WHERE
`login`='".mysql_real_escape_string($login)."'
AND `secret`='".mysql_real_escape_string($secret)."'"),0)){
echo 'Ваш пароль: '.mysql_result(mysql_query("SELECT `password` FROM `account` WHERE
`login`='".mysql_real_escape_string($login)."'
AND `secret`='".mysql_real_escape_string($secret)."'"),0),'<br /><a href="/?"><<Назад</a>';
exit;
}else{
header("Location: ?");
exit;
}
}
echo '<form action="?login" method="post">
Ваш логин:
<br>
<input name="login"/>
<input type="submit" value="Дальше"/>
</form>';
?>