Файл: login.php
Строк: 63
<?php
/* DCMS Special
* Дата последнего редактирования 22.01.2016
* Модифицировал densnet
*/
foreach (array('start', 'compress', 'sess', 'settings', 'db_connect', 'ipua', 'fnc', 'shif') as $inc) {
require_once "sys/inc/$inc.php";
}
$show_all = true; // показ для всех
$input_page = true;
require_once H . 'sys/inc/user.php';
only_unreg();
if (isset($_GET['id']) && isset($_GET['pass']) and $set['avto_login_set'] == 1) {
if (mysql_result(mysql_query("SELECT COUNT(*) FROM `user` WHERE `id` = '" . intval($_GET['id']) . "' AND `pass` = '" . shif($_GET['pass']) . "' LIMIT 1"), 0) == 1) {
$user = get_user($_GET['id']);
$_SESSION['id_user'] = $user['id'];
mysql_query("UPDATE `user` SET `date_aut` = " . time() . " , `date_last` = " . time() . " WHERE `id` = '$user[id]' LIMIT 1");
mysql_query("INSERT INTO `user_log` (`id_user`, `time`, `ua`, `ip`, `method`) values('$user[id]', '$time', '$user[ua]' , '$user[ip]', '0')");
} else {
$err[] = lang('Неправильный логин или пароль');
}
} elseif (isset($_POST['nick']) && isset($_POST['pass'])) {
if (mysql_result(mysql_query("SELECT COUNT(*) FROM `user` WHERE `nick` = '" . mysql_real_escape_string($_POST['nick']) . "' AND `pass` = '" . shif($_POST['pass']) . "' LIMIT 1"), 0)) {
$user = mysql_fetch_assoc(mysql_query("SELECT `id` FROM `user` WHERE `nick` = '" . mysql_real_escape_string($_POST['nick']) . "' AND `pass` = '" . shif($_POST['pass']) . "' LIMIT 1"));
$_SESSION['id_user'] = $user['id'];
$user = get_user($user['id']);
mysql_query("INSERT INTO `user_log` (`id_user`, `time`, `ua`, `ip`, `method`) values('$user[id]', '$time', '$user[ua]' , '$user[ip]', '1')");
#сохранение данных в COOKIE
if (isset($_POST['aut_save']) && $_POST['aut_save']) {
setcookie('id_user', $user['id'], time() + 60 * 60 * 24 * 365);
setcookie('pass', cookie_encrypt($_POST['pass'], $user['id']), time() + 60 * 60 * 24 * 365);
}
if ($set['antihah_hash'] == 1 and $user['hash_set'] == 1) {
$hash = " `hash` = '" . md5(md5($ip . md5($ua) . $user['id'])) . "',";
} else {
$hash = null;
}
mysql_query("UPDATE `user` SET $hash `date_aut` = '$time', `date_last` = '$time' WHERE `id` = '$user[id]' LIMIT 1");
} else {
$err[] = lang('Неправильный логин или пароль');
}
} elseif (isset($_COOKIE['id_user'], $_COOKIE['pass']) && $_COOKIE['id_user'] && $_COOKIE['pass']) {
cache_delete::user($_COOKIE['id_user']);
$hash_set = mysql_result(mysql_query("SELECT COUNT(*) FROM `user` WHERE `id` = " . intval($_COOKIE['id_user']) . " AND `hash_set` = 1"), 0);
if ($set['antihah_hash'] == 1 AND $hash_set == 1) {
$hash = " `hash` = '" . md5(md5($ip . md5($ua) . $_COOKIE['id_user'])) . "' AND ";
} else {
$hash = null;
}
if (mysql_result(mysql_query("SELECT COUNT(*) FROM `user` WHERE $hash `id` = " . intval($_COOKIE['id_user']) . " AND `pass` = '" . shif(cookie_decrypt($_COOKIE['pass'], intval($_COOKIE['id_user']))) . "' LIMIT 1"), 0) == 1) {
$user = get_user($_COOKIE['id_user']);
$_SESSION['id_user'] = $user['id'];
mysql_query("UPDATE `user` SET `date_aut` = '$time', `date_last` = '$time' WHERE `id` = '$user[id]' LIMIT 1");
mysql_query("INSERT INTO `user_log` (`id_user`, `time`, `ua`, `ip`, `method`) values('$user[id]', '$time', '$user[ua]' , '$user[ip]', '2')");
$user['type_input'] = 'cookie';
} else {
$err[] = lang('Ошибка авторизации по COOKIE');
setcookie('id_user');
setcookie('pass');
header("Location: /aut.php");
exit();
}
} else {
$err[] = lang('Ошибка авторизации');
}
if (!isset($user)) {
$set['title'] = lang('Авторизация');
require_once H . 'sys/inc/thead.php';
aut();
err();
$doc->Link('list-group-item', '/aut.php', 'arrow-left', 'Повторить попытку входа');
require_once H . 'sys/inc/tfoot.php';
}
mysql_query("UPDATE `user` SET `browser` = '" . (IS_WEB == 'web' ? 'web' : 'wap') . "' WHERE `id` = " . $user['id']);
// Проверяем на схожие ники
$collision_q = mysql_query("SELECT * FROM `user` WHERE `ip` = '$iplong' AND `ua` = '" . mysql_real_escape_string($ua) . "' AND `date_last` > '" . (time() - 600) . "' AND `id` <> '$user[id]'");
while ($collision = mysql_fetch_assoc($collision_q)) {
if (mysql_result(mysql_query("SELECT COUNT(*) FROM `user_collision` WHERE `id_user` = '$user[id]' AND `id_user2` = '$collision[id]' OR `id_user2` = '$user[id]' AND `id_user` = '$collision[id]'"), 0) == 0) {
mysql_query("INSERT INTO `user_collision` (`id_user`, `id_user2`, `type`) values('$user[id]', '$collision[id]', 'ip_ua_time')");
}
}
if (isset($_GET['return'])) {
header('Location: ' . urldecode($_GET['return']));
} else {
if ($set['aut_ref'] == 1 && isset($_SESSION['ref_loc'])) {
exit(header("Location: " . $_SESSION['ref_loc'] . "?&aut_ref"));
} else {
exit(header("Location: /index.php"));
}
}
exit;