[ PHPXref.com ] [ Generated: Sun Jul 20 20:23:56 2008 ] [ Siteseed 1.6 ]
[ Index ]     [ Variables ]     [ Functions ]     [ Classes ]     [ Constants ]     [ Statistics ]

title

Body

[close]

/siteseed/ -> login.php (source)

   1  <?
   2  /**************************************
   3  
   4  Project: Siteseed (copyright MrNet 2001 - All right reserved)
   5  Filename: login.php
   6  Last modified: 20020821
   7  
   8  ***************************************/ 
   9  
  10  require_once  "whoisthis.php";
  11  require_once  "include/db_connect.php";
  12  require_once  "bo/include/defaults.php";
  13  require_once  "include/users.php";
  14  
  15  $first=1;
  16  
  17  // validate data
  18  $success_log+=0;
  19  $visual+=0;
  20  $area_id+=0;
  21  $url="index.php?article=$success_log&visual=$visual&id=$area_id";
  22  $skin += 0;
  23  $id += 0;
  24  $query="";
  25  $query2="";
  26  $user_id="";
  27  
  28  // what are the fields to check?
  29  $query = mysql_query ("SELECT field_name, field_type FROM user_fields WHERE required_to_login='1'");
  30  
  31  if (!$query)
  32  {
  33      exit;
  34  }
  35  
  36  // check them
  37  if (mysql_num_rows($query))
  38  {
  39      while (list($field, $type) = mysql_fetch_row($query))
  40      {
  41          $form_value = addslashes($$field);
  42  
  43          if($type=="password" || $type=="text") $before = $after = "'";
  44          else $before = $after = ""; 
  45  
  46          if($user_id)
  47          {
  48              $query2 = mysql_query ("SELECT id FROM users
  49              WHERE $field=$before$form_value$after
  50              AND id=$user_id");
  51          }
  52          else
  53          {
  54              $query2 = mysql_query ("SELECT id FROM users
  55              WHERE $field=$before$form_value$after");
  56          }
  57  
  58          if(!$query2)
  59          {
  60              exit;
  61          }
  62          else
  63          {
  64              if (!mysql_num_rows($query2))
  65              {
  66                  if (!$url_error)
  67                  {
  68                      // fetch skin data
  69               
  70                      if (!$skin) $skin = 1;
  71              
  72                      $query = mysql_query ("SELECT prefix, suffix FROM skins WHERE id=$skin");
  73                                   
  74                      if (!$query) error (mysql_error()."\nwhile fetching skin data");
  75  
  76                      else if (mysql_num_rows($query))
  77                      {
  78                          list ($prefix, $suffix) = mysql_fetch_row ($query);
  79               
  80                          $prefix = StripSlashes ($prefix);
  81                          $suffix = StripSlashes ($suffix);
  82                      } 
  83                      eval ("?>$prefix<?");
  84  
  85                      print "Login error!<br>";
  86                  }
  87          
  88  
  89  # Data Mining
  90  
  91                  if($first==1)
  92                  {
  93                      $first=0;
  94                      recordsession("login.php","username incorrect\t$user_id",$HTTP_USER_AGENT,$remoteip,$datamining);
  95                  }
  96                  else
  97                  {
  98                      recordsession("login.php","password incorrect\t$user_id",$HTTP_USER_AGENT,$remoteip,$datamining);
  99                  }
 100  
 101                  if (!$url_error)
 102                  {
 103                      eval ("?>$suffix<?");
 104                  }
 105                  else header ("Location: $url_error");
 106  
 107                  exit;
 108              }
 109              else
 110              {
 111                  // correct value, continue
 112                  list($user_id) = mysql_fetch_row($query2);
 113  
 114                  if($first==1)
 115                  {
 116                      $first=0;
 117                      recordsession("login.php","username ok\t$user_id",$HTTP_USER_AGENT,$remoteip,$datamining);
 118                  }
 119                  else
 120                  {
 121                      recordsession("login.php","password ok\t$user_id",$HTTP_USER_AGENT,$remoteip,$datamining);
 122                  }
 123              }
 124          }
 125      }
 126  
 127  
 128      // generate session hash
 129      $session_hash = md5 (uniqid (rand()));
 130  
 131      // set session cookie
 132          if ($SESSION_ID_LIFETIME>0)
 133          {
 134                  $lifetime=time() + $SESSION_ID_LIFETIME;
 135                  setcookie ("session_id", $session_hash, $lifetime);
 136          }
 137          else
 138          {
 139                  setcookie ("session_id", $session_hash);
 140          }
 141  
 142      
 143      // update users table
 144      $query = mysql_query ("UPDATE users SET session_id='$session_hash' WHERE id=$user_id");
 145      
 146      if (!$url_ok) header ("Location: $url");
 147      else header ("Location: $url_ok");
 148  
 149  }
 150  ?>


[ Powered by PHPXref - Served by Debian GNU/Linux ]