Файл: login.php
Строк: 38
<?
$login=$_POST['login'];
$login=$_POST['password'];
require ("inc/connect.inc.php");
function generateCode($length=6) {
$chars = "abcdefghijklmnopqrstuvwxyzABCDEFGHI JKLMNOPRQSTUVWXYZ0123456789";
$code = "";
$clen = strlen($chars) - 1;
while (strlen($code) < $length) {
$code .= $chars[mt_rand(0,$clen)];
}
return $code;
}
if(isset($_POST['status']))
{
$query = mysql_query("SELECT id, pass FROM ".$db_pref."users WHERE user='".mysql_real_escape_string($_POST['login'])."' LIMIT 1");
$data = mysql_fetch_assoc($query);
if($data['pass'] === md5(md5($_POST['password'].$sekretkey)))
{
$hash = md5(generateCode(10));
if(!@$_POST['not_attach_ip'])
{
$insip = ", login_ip=INET_ATON('".$_SERVER['REMOTE_ADDR']."')";
}
else{
$insip = ", login_ip='0'";
}
mysql_query("UPDATE ".$db_pref."users SET hash='".$hash."' ".$insip." WHERE id='".$data['id']."'");
setcookie("id", $data['id'], time()+60*60*24*30);
setcookie("hash", $hash, time()+60*60*24*30);
header("Location: account.php"); exit();
}
else
{
$urlpage='Логин';
include("header.php");
echo"
<div align='center' class='for'>
<span class='red'>
".$lang['hader10']."
</span>
</div>
";
include("footer.php");
exit();
}
}
?>