Просмотр файла wu-engine/wu-actions/login.php

VPS - Скидка 25% по коду: TEAM
Размер файла: 2.13Kb 
<?php
require_once('../wu_init.php');
if (!wu_token()) { exit('wu-error'); }
require('../wu-functions/wu_functions.php');

if(isset($_POST['login']) && isset($_POST['pass'])){
if (!empty($_POST['login']) && !empty($_POST['pass'])) {

//Получаемые данные
$pdt = $dt + 300;
$login = mysqli_real_escape_string($connect_db, $_POST['login']);
$pass = mysqli_real_escape_string($connect_db, $_POST['pass']);

$user = mysqli_fetch_assoc(mysqli_query($connect_db, "SELECT uid,log,pas,regdate FROM ".DB_PREFIX."_users WHERE log='$login' LIMIT 1"));

//Проверка количества авторизаций
$c = mysqli_fetch_assoc(mysqli_query($connect_db, "SELECT c FROM ".DB_PREFIX."_login WHERE ip='$ip' LIMIT 1"));
$count = intval($c['c']);
if ($count > 10) { if ($count < $dt) { mysqli_query($connect_db, "UPDATE `".DB_PREFIX."_login` SET `c` = '1' WHERE ip='$ip' LIMIT 1"); $count = '1'; } else { exit('2'); } }

//Авторизация
if($user['pas'] === md5(md5($user['regdate'].'_'.$pass))) {
mysqli_query($connect_db, "UPDATE `".DB_PREFIX."_users` SET `lastip` = '$ip', `last` = '$dt' WHERE uid = '$user[uid]' LIMIT 1");
wu_log_auth(0,"Пользователь $login зашёл на сайт, IP: $ip");
mysqli_query($connect_db, "DELETE FROM `".DB_PREFIX."_login` WHERE ip='$ip'");
session_unset();
session_regenerate_id(true);
$_SESSION['uid'] = $user['uid'];
$_SESSION['login'] = $user['log'];
$_SESSION['pas'] = md5($user['pas']);
$_SESSION['HTTP_USER_AGENT'] = md5($_SERVER['HTTP_USER_AGENT']);
if(!isset($_COOKIE['wu_i'])) { wu_set_cookie('wu_i', wu_encode($user['uid'])); }
exit('1');
} else {
if ($count == 0) { mysqli_query($connect_db, "INSERT INTO `".DB_PREFIX."_login` (ip,c) VALUES ('$ip','1')"); }
if ($count > 0 && $count < 10) { mysqli_query($connect_db, "UPDATE `".DB_PREFIX."_login` SET `c` = `c`+1 WHERE ip='$ip' LIMIT 1"); }
if ($count == 10) { mysqli_query($connect_db, "UPDATE `".DB_PREFIX."_login` SET `c` = '$pdt' WHERE ip='$ip' LIMIT 1"); }
wu_log_auth(1,"Неудачный вход. Попытка использовать связку $login - $pass, IP: $ip");
exit('0');
}
} else { exit('4'); }
} else { exit('wu-error'); }
?>