Parašė MAnjack· 2008 Sau. 16 16:01:08
#4
Redaguok šitą vietą:
if (isset($_POST['login'])) {
$user_pass = md5($_POST['user_pass']);
$user_name = preg_replace(array("/\=/","/\#/","/\sOR\s/"), "", stripinput($_POST['user_name']));
$result = dbquery("SELECT * FROM ".$db_prefix."users WHERE user_name='$user_name' AND (user_password='".md5($user_pass)."' OR user_password='$user_pass')");
if (dbrows($result) != 0) {
$data = dbarray($result);
if ($data['user_password'] == $user_pass) {
$result = dbquery("UPDATE ".$db_prefix."users SET user_password='".md5($user_pass)."' WHERE user_id='".$data['user_id']."'");
}
$cookie_value = $data['user_id'].".".$user_pass;
if ($data['user_status'] == 0) {
$cookie_exp = isset($_POST['remember_me']) ? time() + 3600*24*30 : time() + 3600*3;
header("P3P: CP='NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM'");
setcookie("fusion_user", $cookie_value, $cookie_exp, "/", "", "0");
redirect(BASEDIR."index.php", "script");
redirect(BASEDIR."setuser.php?user=".$data['user_name'], "script");
} elseif ($data['user_status'] == 1) {
redirect(BASEDIR."setuser.php?error=1", "script");
} elseif ($data['user_status'] == 2) {
redirect(BASEDIR."setuser.php?error=2", "script");
}
} else {
redirect(BASEDIR."setuser.php?error=3");
}
}