Размер файла: 4.8Kb
<?php
include('inc/core.php');
#mysql_query('INSERT INTO `blog_pagetitles` (page,title) VALUES ("'.URL.$_SERVER['PHP_SELF'].'","Авторизация")');
$pagetitle = 'Вход';
#session_destroy();
if (empty($_GET['act'])) $act = 'nick_index';
else $act = htmlspecialchars($_GET['act']);
if (isset($_SESSION['autorized'])) { redirect('index.php'); die(); }
if (isset($_GET['id']) && isset($_GET['pass'])) {
$res = mysql_fetch_object(mysql_query('SELECT * FROM `'.db_prefix.'users` WHERE id='.htmlspecialchars($_GET['id']).''));
if (empty($res)) {
$_SESSION['error'] = 'Ошибка при авторизации';
redirect('auto.php');
die();
}
if (htmlspecialchars($_GET['pass'])!=$res->password) {
$_SESSION['error'] = 'Неверный пароль';
redirect('auto.php');
}
## успешная авторизация
$_SESSION['autorized'] = 1;
$_SESSION['id'] = $res->id;
$_SESSION['nick'] = $res->nick;
$_SESSION['access'] = $res->access;
$_SESSION['time_pref'] = $res->time_pref;
$_SESSION['lastvote'] = $res->lastvote;
$_SESSION['set_msg'] = $res->set_msg;
mysql_query('UPDATE `'.db_prefix.'users` SET lastauto='.$auto.' WHERE id='.$_SESSION['id'].'');
$_SESSION['info'] = 'Вы успешно авторизовались';
redirect('index.php');
die();
}
if ($act=='id_index') {
include('design/'.$_SESSION['design'].'/header.php');
echo '<div align="center"><div class="order">
<b><a href="auto.php?act=id_index">Вход по ID</a></b>
<a href="auto.php?act=nick_index">Вход по нику</a></div></div>
<div id="menu"><ul>
<div align="center">
<form action="auto.php?act=id_end" method="post">
<b>Ваш ID:</b><br>
<input type="text" name="id"><br>
<b>Ваш пароль:</b><br>
<input type="password" name="password"><br>
<input type="submit" value="Войти">
</form>
</div>
<li><a href="index.php"><img src="images/back.png"> На главную</a></li>
</ul></div>
</div>';
}
if ($act=='id_end') {
if (empty($_POST['id']) || empty($_POST['password'])) {
$_SESSION['error'] = 'Вы не ввели ID или пароль';
redirect('auto.php?act=id_index');
die();
}
$res = mysql_fetch_object(mysql_query('SELECT * FROM `'.db_prefix.'users` WHERE id='.htmlspecialchars(trim(mysql_real_escape_string($_POST['id']))).''));
if (empty($res)) {
$_SESSION['error'] = 'Пользователя с таким ID не существует';
redirect('auto.php?act=id_index');
die();
}
if (md5(htmlspecialchars($_POST['password']))!=$res->password) {
$_SESSION['error'] = 'Неверный пароль';
redirect('auto.php?act=id_index');
die();
}
## успешная авторизация
$_SESSION['autorized'] = 1;
$_SESSION['id'] = $res->id;
$_SESSION['nick'] = $res->nick;
$_SESSION['lastvote'] = $res->lastvote;
$_SESSION['set_head'] = $res->set_head;
$_SESSION['access'] = $res->access;
mysql_query('UPDATE `'.db_prefix.'users` SET lastauto='.$auto.' WHERE id='.$_SESSION['id'].'');
$_SESSION['info'] = 'Вы успешно авторизовались';
redirect('index.php');
die();
}
if ($act=='nick_index') {
include('design/'.$_SESSION['design'].'/header.php');
echo '<div align="center"><div class="order">
<a href="auto.php?act=id_index">Вход по ID</a>
<b><a href="auto.php?act=nick_end">Вход по нику</a></b></div></div>
<div id="menu"><ul>
<div align="center">
<form action="auto.php?act=nick_end" method="post">
<b>Ваш ник:</b><br>
<input type="text" name="nick"><br>
<b>Ваш пароль:</b><br>
<input type="password" name="password"><br>
<input type="submit" value="Войти">
</form>
</div>
<li><a href="index.php"><img src="images/back.png"> На главную</a></li>
</ul></div>
</div>
';
}
if ($act=='nick_end') {
$nick = htmlspecialchars(trim(mysql_real_escape_string($_POST['nick'])));
$password = htmlspecialchars(md5($_POST['password']));
$res = mysql_fetch_object(mysql_query('SELECT * FROM `'.db_prefix.'users` WHERE nick="'.$nick.'"'));
if (empty($res)) {
$_SESSION['error'] = 'Пользователь с таким ником не найден';
redirect('auto.php?act=nick_index');
die();
}
if ($res->password==$password) {
## успешная авторизация
$_SESSION['autorized'] = 1;
$_SESSION['id'] = $res->id;
$_SESSION['nick'] = $res->nick;
$_SESSION['lastvote'] = $res->lastvote;
$_SESSION['set_head'] = $res->set_head;
$_SESSION['access'] = $res->access;
mysql_query('UPDATE `'.db_prefix.'users` SET lastauto='.$auto.' WHERE id='.$_SESSION['id'].'');
$_SESSION['info'] = 'Вы успешно авторизовались';
redirect('index.php');
die();
} else {
$_SESSION['error'] = 'Неверный ник или пароль';
redirect('auto.php?act=nick_index');
die();
}
}
include('design/'.$_SESSION['design'].'/footer.php');
?>