Файл: includes/auth.php
Строк: 17
<?php
if(isset($_POST['login']) && isset($_POST['pass']))
{
$_POST = decode_array($_POST);
$users = mysql_query('SELECT id, login FROM users WHERE login = "' . addslashes($_POST['login']) . '" AND password = "' . md5($_POST['pass']) . '"');
}
else
{
$_GET = decode_array($_GET);
$users = mysql_query('SELECT id, login FROM users WHERE id = "' . (int)($_GET['id']) . '" AND login = "' . addslashes($_GET['p']) . '"');
}
if(mysql_num_rows($users) == 0)
{
?>
<wml>
<card id="error" title="error" ontimer="main.php"><timer value="15"/>
<p align="center">
Your login failed
</p>
</card>
</wml>
<?php
exit;
}
else
{
// show main page
$user = mysql_fetch_array($users);
$id = $user['id'];
$login = $user['login'];
}
?>