Файл: enter.php
Строк: 9
<?php
if(isset($_GET['log'])){
$log = htmlspecialchars(stripslashes(addslashes($_GET['log'])));
$pas = htmlspecialchars(stripslashes(addslashes($_GET['pas'])));
}else{
$log = htmlspecialchars(stripslashes(addslashes($_POST['log'])));
$pas = htmlspecialchars(stripslashes(addslashes($_POST['pas'])));
}
include"files/db.php";
$saltuser=mysql_query("SELECT * FROM `users` WHERE `udata0`='$log' LIMIT 1");
$s=mysql_fetch_array($saltuser);
$pas = md5(md5($pas).$s[udata44]);
$polz=mysql_query("SELECT * FROM `users` WHERE `udata0`='$log' AND `udata1`='$pas' LIMIT 1");
if(mysql_num_rows($polz)==0){
$ip=htmlspecialchars(stripslashes($_SERVER['REMOTE_ADDR']));
$browser=$_SERVER['HTTP_USER_AGENT'];
$time = date("H:i d.m.y");
mysql_query("INSERT INTO
`l2pirates_hystory` SET
`nick` = '$log',
`mod` = '2',
`ip` = '$ip',
`brauzer` = '$browser',
`time` = '$time'");
header ("Location: index.php?error"); exit;
}else{
$a=mysql_query("SELECT * FROM `users` WHERE `udata0`='$log' AND `udata1`='$pas' LIMIT 1");
while($arr=mysql_fetch_array($a)){
SetCookie("user_id",$arr['id'],time()+86400*24*1000, '/');
SetCookie("pas",$pas,time()+86400*24*1000, '/');
$ip=htmlspecialchars(stripslashes($_SERVER['REMOTE_ADDR']));
$browser=$_SERVER['HTTP_USER_AGENT'];
$time = date("H:i d.m.y");
mysql_query("INSERT INTO
`l2pirates_hystory` SET
`nick` = '$log',
`mod` = '1',
`ip` = '$ip',
`brauzer` = '$browser',
`time` = '$time'");
}
header ("Location: main.php?"); exit;
}
?>