forked from yunasc/tbdev
-
Notifications
You must be signed in to change notification settings - Fork 0
/
takelogin.php
73 lines (58 loc) · 3.2 KB
/
takelogin.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
<?
/*
// +--------------------------------------------------------------------------+
// | Project: TBDevYSE - TBDev Yuna Scatari Edition |
// +--------------------------------------------------------------------------+
// | This file is part of TBDevYSE. TBDevYSE is based on TBDev, |
// | originally by RedBeard of TorrentBits, extensively modified by |
// | Gartenzwerg. |
// | |
// | TBDevYSE is free software; you can redistribute it and/or modify |
// | it under the terms of the GNU General Public License as published by |
// | the Free Software Foundation; either version 2 of the License, or |
// | (at your option) any later version. |
// | |
// | TBDevYSE is distributed in the hope that it will be useful, |
// | but WITHOUT ANY WARRANTY; without even the implied warranty of |
// | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
// | GNU General Public License for more details. |
// | |
// | You should have received a copy of the GNU General Public License |
// | along with TBDevYSE; if not, write to the Free Software Foundation, |
// | Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA |
// +--------------------------------------------------------------------------+
// | Do not remove above lines! |
// +--------------------------------------------------------------------------+
*/
require_once("include/bittorrent.php");
if (!mkglobal("username:password"))
die();
dbconn();
function bark($text = "Èìÿ ïîëüçîâàòåëÿ èëè ïàðîëü íåâåðíû")
{
stderr("Îøèáêà âõîäà", $text);
}
function is_password_correct($password, $secret, $hash) {
return ($hash == md5($secret . $password . $secret) || $hash == md5($secret . trim($password) . $secret)); // À íàõóÿ âòîðàÿ ÷àñòü? Äåáèëû ââîäÿò èç ïèñåì ïàðîëè ñ ïðîáåëîì â êîíöå/íà÷àëå
}
$res = sql_query("SELECT id, passhash, secret, enabled, status FROM users WHERE username = " . sqlesc($username));
$row = mysql_fetch_array($res);
if (!$row)
bark("Âû íå çàðåãèñòðèðîâàíû â ñèñòåìå.");
if ($row["status"] == 'pending')
bark("Âû åùå íå àêòèâèðîâàëè ñâîé àêêàóíò! Àêòèâèðóéòå âàø àêêàóíò è ïîïðîáóéòå ñíîâà.");
if (!is_password_correct($password, $row['secret'], $row['passhash']))
bark();
if ($row["enabled"] == "no")
bark("Ýòîò àêêàóíò îòêëþ÷åí.");
$peers = sql_query("SELECT COUNT(id) FROM peers WHERE userid = $row[id]");
$num = mysql_fetch_row($peers);
$ip = getip();
if ($num[0] > 0 && $row[ip] != $ip && $row[ip])
bark("Ýòîò ïîëüçîâàòåëü íà äàííûé ìîìåíò àêòèâåí ñ äðóãîãî IP. Âõîä íåâîçìîæåí.");
logincookie($row["id"], $row["passhash"]);
if (!empty($_POST["returnto"]))
header("Location: $DEFAULTBASEURL/$_POST[returnto]");
else
header("Location: $DEFAULTBASEURL/");
?>