inc/login_eventz.inc

   1 <?php
   2
   3 $status=login_eventz::login();
   4 if ($status) {
   5         Header("Location:".SCRIPT);
   6 }
   7
   8
   9 class login_eventz {
  10
  11 function login(){
  12         global $kyberia;
  13         global $error;
  14         $login=addslashes($_POST['login']);
  15         $password=$_POST['password'];
  16         $oldpassword=$password;
  17         $hash=md5($oldpassword);
  18         if (empty($_COOKIE['kybersession'])) {
  19                 $error='asi nemas zapnute cookies alebo co';
  20                 return false;
  21         }
  22         else $kybersession=$_COOKIE['kybersession'];
  23
  24         if (strlen($login) != strlen($_POST['login'])) {
  25                 $kyberia->ubikMail(252, "sql injekcia $login z $_SERVER[REMOTE_ADDR]");
  26                 $kyberia->ubikMail(231, "sql injekcia $login z $_SERVER[REMOTE_ADDR]");
  27                 $error = "Bohuzial, nemozes sa prihlasit, uz vyprsala tato nasa bonusova sluzba, prosim, sleduj nadalej kyberiu a cakaj na ine nase vychytavky.";
  28                 return false;
  29         }
  30
  31         $q="select * from user where login='$login' ";
  32         $set=$kyberia->query($q);
  33         $set->next();
  34         if ($set->getString('password')!=$hash) {
  35                 $error="Zadal si nespravne uzivatelske meno alebo heslo. Rob so sebou nieco";
  36                 if ($set->getString('id')) {
  37                         $kyberia->ubikMail($set->getString('id'),"Niekto sa skusal dostat do tvojho konta z adresy ".$_SERVER['REMOTE_ADDR']." a zadal heslo <select><option></option><option>$oldpassword</option></select>");
  38                 }
  39
  40                 return false;
  41         }
  42
  43         elseif ($set->getString('user_active')!='yes') {
  44                 $error="Tvoja buducnost je este stale v rukach KKpBB";
  45                 return false;
  46         }
  47
  48         else {
  49                 $user_id=$set->getString("id");
  50
  51 // updatuje friends_serial
  52     $q2="select friend_id from friends where user_id='$user_id'";
  53     $set2=$kyberia->query($q2);
  54     $friends_serial="";
  55     while ($set2->next()){
  56       $friends_serial.=($set2->getString('friend_id')).";";
  57     }
  58                 $kyberia->query("update user set friends_serial='$friends_serial' where id='$user_id'");
  59
  60                 $kyberia->query("delete from session where user_id='$user_id'");
  61                 $kyberia->query("INSERT into session set user_id='$user_id',session='$kybersession',user_name='".$set->getString('login')."',user_amount='".$set->getString('user_amount')."',admin='".$set->getString('admin')."'");
  62                 $kyberia->query("insert into user_ip set ip='".$_SERVER['HTTP_X_FORWARDED_HOST']."::".$_SERVER['REMOTE_ADDR']."',user_id='$user_id'");
  63         }
  64
  65         return true;
  66
  67 }
  68
  69 }
  70
  71 ?>