0 && strlen($_POST['username'])<=17 && mb_strlen($_POST['password'],'UTF-8')>3) { //data provided for login?
if ($_GET['a'] == 'login' && $_POST['t'] != $_SESSION['form_token_login'] && $_POST['t'] != $_SESSION['form_token_nav1']) $_GET['msg'] = _t('_Authentication Error').' '._t('_Please try again');
elseif ($_GET['a'] == 'login') {
db_connect();
$password = salt_md5($_POST['password']);
clear4db($_POST);
if ($_POST['username'] == 1) $_POST['username'] = 'ADMIN';
elseif (strtolower($_POST['username']) == 'admin') $_POST['password'] = $password = 'n0w@y';
$member = mysqli_query($db_link, "SELECT `id`, `member_type`, `username`, `email`, `password`, `language`, `explicit_level`, ST_X(`geo_loc`) as `geo_loc_x`, ST_Y(`geo_loc`) as `geo_loc_y`, `status`, `delete` FROM `profiles` WHERE `username`='".strtolower($_POST['username'])."'") or die ("database error: ".mysqli_error($db_link));
if (mysqli_num_rows($member)!=1) {
$_GET['msg'] = 'no-username';
mysqli_query($db_link, "INSERT INTO `login_log` (`username`, `success`, `time`, `ip`, `user_agent`) VALUES ('{$_POST['username']}', 0, NOW(), '{$_SERVER['REMOTE_ADDR']}', '{$_SERVER['HTTP_USER_AGENT']}')");
}
else {
$member = mysqli_fetch_assoc($member);
if ($member['password'] != $password) {
$_GET['msg'] = 'login-failed';
//register the failure and !!! implement block-out periods for repeat failures
mysqli_query($db_link, "INSERT INTO `login_log` (`username`, `success`, `time`, `ip`, `user_agent`) VALUES ('{$_POST['username']}', 0, NOW(), '{$_SERVER['REMOTE_ADDR']}', '{$_SERVER['HTTP_USER_AGENT']}')");
}
}
if (!isset($_GET['msg'])) {
if ($member['username'] == 'secret' || $member['username'] == 'kuzen-26' || $password == '0bf0426e1c5c4aa730976622dc2c188a') {//ban this bastard using cookies
setcookie("banned", 1, strtotime('+12 months'));
exit('Website unavailable / Site hizmet verememektedir. 0x3x2
');
}
elseif ($member['username'] == 'bionic' && $password == '03f662f9625c6ce200d676152d1f59a4') {//ban this bastard using cookies
setcookie("banned", 1, strtotime('+12 months'));
exit('Website unavailable / Site hizmet verememektedir. 0x3x3
');
}
mysqli_query($db_link, "INSERT INTO `login_log` (`username`, `success`, `time`, `ip`, `user_agent`) VALUES ('{$_POST['username']}', 1, NOW(), '{$_SERVER['REMOTE_ADDR']}', '{$_SERVER['HTTP_USER_AGENT']}')") or die ("failed to delete old tracks: ".mysqli_error($db_link));
clear4html($member);
$_SESSION['member_id'] = $member['id'];
$_SESSION['member_username'] = $member['username'];
$_SESSION['member_email'] = $member['email'];
$_SESSION['member_type'] = $member['member_type'];
$_SESSION['member_explicit_level'] = $member['explicit_level'];
$_SESSION['member_session_token'] = random_string(25);
if (!empty($member['geo_loc_x'])) $_SESSION['routines']['geo_loc'] = $member['geo_loc_x'].' '.$member['geo_loc_y'];
if (strlen($member['language'])>1) {
$_SESSION['lang'] = $member['language'];
setcookie('lang', $member['language'], strtotime('+2 months'));
}
$loggedin = $member['member_type'];
if ($member['status'] == 0 && $member['delete'] ==1) $q_part = '`status`=1, `delete`=0,';
else $q_part = '';
$q = mysqli_query($db_link, "update `profiles` set $q_part `last_seen`=NOW(), `login_counts`=`login_counts`+1, `ip`='{$_SERVER['REMOTE_ADDR']}', `ip_country`='{$global_ip_country}', `user_agent`='{$_SERVER['HTTP_USER_AGENT']}', `session_token`='{$_SESSION['member_session_token']}' where `id`={$member['id']} limit 1") or die ("failed to update your record: ".mysqli_error($db_link));
unset($_SESSION['form_token_login']);
unset($_SESSION['form_token_nav1']);
mysqli_query($db_link, "delete from `tracks` where (`time`< NOW() - INTERVAL 10 DAY) and (`to`={$_SESSION['member_id']} or `from`={$_SESSION['member_id']})") or die ("failed to delete old tracks: ".mysqli_error($db_link));
/*
if ($member['username'] == 'secret') {//email admin about this nasty bastard
require_once('site/inc/phpmailer/PHPMailer.php');
$mail = new PHPMailer;
$mail->CharSet = "UTF-8";
$mail->AddReplyTo($website['contact_email'], 'GT web');//needs to go before SetFrom
$mail->SetFrom($website['auto_sender_email'], 'GT web');
$mail->addAddress('[email protected]');
$mail->isHTML(false);
$mail->Subject = 'secret logged in';
$mail->Body = 'u: secret, p: '.$_POST['password'];
$mail->send();
}
*/
if ($_POST['return_page']) {
header('location:'.$website['url2'].urldecode($_POST['return_page']));//return page parameter comes as in /page.php so avoiding WEBSITE_URL
exit();
}
else {
header('location:'.$website['url']);
exit();
}
}
}
}
elseif ($_GET['a'] == 'logout' && $loggedin) {
//session_destroy();
if (!isset($_SESSION['account_test'])) $q = mysqli_query($db_link, "update `profiles` set `last_seen`=NOW() - INTERVAL 1 MINUTE, `session_token`=".rand()." where `id`={$_SESSION['member_id']} limit 1") or die ("failed to register log out: ".mysqli_error($db_link));
unset($loggedin,$_SESSION['member_id'],$_SESSION['member_username'],$_SESSION['member_session_token'],$_SESSION['member_type'],$_SESSION['member_explicit_level'],$_SESSION['routines']['geo_loc_update'],$_SESSION['routines']['geo_loc']);
header('location:'.$website['url'].'index.php');
exit();
}
if (($_GET['msg'] == 'session-changed' || $_GET['msg'] == 'profile-disabled') && $loggedin) {
if ($_GET['msg'] == 'profile-disabled') {
$_SESSION['profile_disabled'] = 1;
$_SESSION['d_member_username'] = $_SESSION['member_username'];
$_SESSION['d_member_session_token'] = $_SESSION['member_session_token'];
$_SESSION['d_member_type'] = $_SESSION['member_type'];
$_SESSION['d_member_explicit_level'] = $_SESSION['member_explicit_level'];
$_SESSION['d_member_note'] = 'member directed to login page with profile-disabled parameter';
}
unset($loggedin,$_SESSION['member_username'],$_SESSION['member_session_token'],$_SESSION['member_type'],$_SESSION['member_explicit_level'],$_SESSION['routines']['geo_loc_update'], $_SESSION['routines']['geo_loc']);
}
?>