| 1 | <?php |
| 2 | |
| 3 | $status=login_eventz::login(); |
| 4 | if ($status) { |
| 5 | Header("Location:".SCRIPT); |
| 6 | } |
| 7 | |
| 8 | |
| 9 | class login_eventz { |
| 10 | |
| 11 | function login(){ |
| 12 | global $kyberia; |
| 13 | global $error; |
| 14 | $login=addslashes($_POST['login']); |
| 15 | $password=$_POST['password']; |
| 16 | $oldpassword=$password; |
| 17 | $hash=md5($oldpassword); |
| 18 | if (empty($_COOKIE['kybersession'])) { |
| 19 | $error='asi nemas zapnute cookies alebo co'; |
| 20 | return false; |
| 21 | } |
| 22 | else $kybersession=$_COOKIE['kybersession']; |
| 23 | |
| 24 | if (strlen($login) != strlen($_POST['login'])) { |
| 25 | $kyberia->ubikMail(252, "sql injekcia $login z $_SERVER[REMOTE_ADDR]"); |
| 26 | $kyberia->ubikMail(231, "sql injekcia $login z $_SERVER[REMOTE_ADDR]"); |
| 27 | $error = "Bohuzial, nemozes sa prihlasit, uz vyprsala tato nasa bonusova sluzba, prosim, sleduj nadalej kyberiu a cakaj na ine nase vychytavky."; |
| 28 | return false; |
| 29 | } |
| 30 | |
| 31 | $q="select * from user where login='$login' "; |
| 32 | $set=$kyberia->query($q); |
| 33 | $set->next(); |
| 34 | if ($set->getString('password')!=$hash) { |
| 35 | $error="Zadal si nespravne uzivatelske meno alebo heslo. Rob so sebou nieco"; |
| 36 | if ($set->getString('id')) { |
| 37 | $kyberia->ubikMail($set->getString('id'),"Niekto sa skusal dostat do tvojho konta z adresy ".$_SERVER['REMOTE_ADDR']." a zadal heslo <select><option></option><option>$oldpassword</option></select>"); |
| 38 | } |
| 39 | |
| 40 | return false; |
| 41 | } |
| 42 | |
| 43 | elseif ($set->getString('user_active')!='yes') { |
| 44 | $error="Tvoja buducnost je este stale v rukach KKpBB"; |
| 45 | return false; |
| 46 | } |
| 47 | |
| 48 | else { |
| 49 | $user_id=$set->getString("id"); |
| 50 | |
| 51 | // updatuje friends_serial |
| 52 | $q2="select friend_id from friends where user_id='$user_id'"; |
| 53 | $set2=$kyberia->query($q2); |
| 54 | $friends_serial=""; |
| 55 | while ($set2->next()){ |
| 56 | $friends_serial.=($set2->getString('friend_id')).";"; |
| 57 | } |
| 58 | $kyberia->query("update user set friends_serial='$friends_serial' where id='$user_id'"); |
| 59 | |
| 60 | $kyberia->query("delete from session where user_id='$user_id'"); |
| 61 | $kyberia->query("INSERT into session set user_id='$user_id',session='$kybersession',user_name='".$set->getString('login')."',user_amount='".$set->getString('user_amount')."',admin='".$set->getString('admin')."'"); |
| 62 | $kyberia->query("insert into user_ip set ip='".$_SERVER['HTTP_X_FORWARDED_HOST']."::".$_SERVER['REMOTE_ADDR']."',user_id='$user_id'"); |
| 63 | } |
| 64 | |
| 65 | return true; |
| 66 | |
| 67 | } |
| 68 | |
| 69 | } |
| 70 | |
| 71 | ?> |