Файл: public_html/login.php
Строк: 79
<?
require_once('zsecurity.php');
session_start();
if (isset($_POST['username']))
{
require('funciones.php');
$username=uc($_POST['username']);
$password=uc($_POST['password']);
if ($password==NULL)
{
echo "<img src="images/error.png" align="middle"> Введите пароль!";
}else{
require('config.php');
$query = mysql_query("SELECT count(*) as kolvo FROM tb_users WHERE username = '$username' and password='$password'") or die(mysql_error());
$query=mysql_fetch_array($query);
mysql_close($con);
if($query["kolvo"]<1)
{
echo "<img src="images/error.png" align="middle">  Введены неверные данные!!! Вход невозможен!";
exit();
}else{
$lastlogdate=date("d.m.Y");
$lastip = getRealIP();
require('config.php');
$res=mysql_query("select blockip from tb_users where username='$username'"); mysql_close($con);
$blockip=mysql_result($res,0,0);
$v=substr($lastip,0,strlen($blockip));
if($v!=$blockip)
{
echo "<img src="images/error.png" align="middle"> Ваш IP адрес не соответствует разрешенному для авторизации под данным логином! Вход невозможен!";
}else{
require('config.php');
$res=mysql_query("select account, money from tb_users where username='$username'");
$res=mysql_fetch_array($res);
$money=$res["money"];
if($res["account"]!="V.I.P.")
{
$res=mysql_query("select price from tb_config where item='referalclick'");
$click=mysql_result($res,0,0);
}else{
$res=mysql_query("select price from tb_config where item='viprefclick'");
$click=mysql_result($res,0,0);
}
$res=mysql_query("select * from tb_refbot where user='$username'");
$plusmoney=0;
while($row=mysql_fetch_array($res))
{
$tarif=$row["refbottarif"];
$visits=$row["visits"];
$ld=$row["data"];
$id=$row["id"];
$t=time();
$kol=$t-$ld;
$kol=floor($kol/24/3600);
if($kol>=1)
{
$plusmoney=$plusmoney+$tarif*$click*$kol;
$visits=$visits+$tarif*$kol;
mysql_query("update tb_refbot set visits='$visits', data='$t' where id='$id'");
}
}
$money=$money+$plusmoney;
mysql_query("UPDATE tb_users SET money='$money', lastlogdate='$lastlogdate', lastiplog='$lastip' WHERE username='$username'");
$_SESSION["username"]=$username;
$_SESSION["password"]=$password;
mysql_close($con);
?>
<script type="text/javascript">
location.replace("members.php");
</script>
<noscript>
<meta http-equiv="refresh" content="0; url=members.php">
</noscript>
<?
}
}
}
}else{
?>
<form action='login.php' method='POST'>
<table width="100%" border="0" align="center">
<tr>
<td width="40%" align="right">Логин</td>
<td width="60%" align="left"><input type='text' size='15' maxlength='25' name='username' autocomplete="off" value="" tabindex="1" /></td>
</tr>
<tr>
<td width="40%" align="right">Пароль</td>
<td width="60%" align="left"><input type='password' size='15' maxlength='25' name='password' autocomplete="off" value="" tabindex="2" /></td>
</tr>
<tr>
<td colspan=2 align="center"><input type="submit" value="Войти" class="submit" tabindex="4" /></td>
</tr>
</table>
</form>
<?
}
?>