Файл: system/user.php
Строк: 12
<?php
// Авторизация
if (isset($_REQUEST['us']) && isset($_REQUEST['ps']))
{
$us = my_check(mysql_real_escape_string($_REQUEST['us']));
$ps = my_check(mysql_real_escape_string($_REQUEST['ps']));
if (!ctype_digit($us))
{
$us = mb_strtolower($us, 'UTF8');
$sqlAut = mysql_query("SELECT `id` FROM `users` WHERE `login` = '$us' AND `pass` = '$ps' LIMIT 1");
} else {
$sqlAut = mysql_query("SELECT `id` FROM `users` WHERE `id` = '$us' AND `pass` = '$ps' LIMIT 1");
}
if (mysql_num_rows($sqlAut) != false)
{
$user = mysql_fetch_assoc($sqlAut);
$_SESSION['us'] = $user['id'];
$_SESSION['ps'] = $ps;
setcookie('us', $user['id'], time() + 604800, '/');
setcookie('ps', $ps, time() + 604800, '/');
}
else
{
session_destroy();
setcookie('us', '');
setcookie('ps', '');
header('Location: /auth.php?no');
die();
}
}
if (isset($_SESSION['us']) && isset($_SESSION['ps']))
{
$sqlAut = mysql_query("SELECT * FROM `users` WHERE `id` = '$_SESSION[us]' AND `pass` = '$_SESSION[ps]' LIMIT 1");
if (mysql_num_rows($sqlAut) != false)
{
$user = mysql_fetch_assoc($sqlAut);
}
else
{
session_destroy();
setcookie('us', '');
setcookie('ps', '');
header('Location: /auth.php?no');
die();
}
}
?>