Просмотр файла header/head.php

<?php
error_reporting(0);
session_name('PHP');
session_start();
$_GET['password'] = md5($_GET['password']);
$nick=mysql_real_escape_string($_REQUEST['login']);
if (isset($_GET['login']) and isset($_GET['password']))
{
$result=mysql_query("SELECT * FROM `".prefix."users` WHERE `login`='".$nick."' AND `password`='".mysql_real_escape_string($_GET['password'])."'");
if (mysql_num_rows($result)==1)
{
$_USER=mysql_fetch_array(mysql_query("SELECT * FROM `".prefix."users` WHERE `login`='".$nick."' AND `password` = '".mysql_real_escape_string($_GET['password'])."' LIMIT 1"));
$_SESSION['id_user']=$_USER['id'];
setcookie('id_user', $_USER['id'], time()+60*60*24*365);
$_enter=true;
setcookie('password', cookie_encrypt($_POST['password'],$_USER['id']), time()+60*60*24*365);
}
}

elseif (isset($_POST['login']) and isset($_POST['password']))
{
$result=mysql_query("SELECT * FROM `".prefix."users` WHERE `login`='".$nick."' AND `password`='".mysql_real_escape_string($_POST['password'])."'");
if (mysql_num_rows($result)==1)
{
$_USER=mysql_fetch_array(mysql_query("SELECT * FROM `".prefix."users` WHERE `login`='".$nick."' AND `password` = '".mysql_real_escape_string($_POST['password'])."' LIMIT 1"));
$_SESSION['id_user']=$_USER['id'];
$_enter=true;
setcookie('id_user', $_USER['id'], time()+60*60*24*365);
setcookie('password', cookie_encrypt($_POST['password'],$_USER['id']), time()+60*60*24*365);
}
}
elseif (isset($_SESSION['id_user']) and mysql_result(mysql_query("SELECT COUNT(*) FROM `".prefix."users` WHERE `id`='".$_SESSION['id_user']."' LIMIT 1"), 0)==1)
{
$_USER=mysql_fetch_array(mysql_query("SELECT * FROM `".prefix."users` WHERE `id`='".$_SESSION['id_user']."' LIMIT 1"));
$_enter=true;
}
if (isset($_COOKIE['id_user']) and isset($_COOKIE['password']) and $_COOKIE['id_user']!=NULL and $_COOKIE['password']!=NULL)
{
if (mysql_result(mysql_query("SELECT COUNT(*) FROM `".prefix."users` WHERE `id` = ".intval($_COOKIE['id_user'])." AND `password` = '".mysql_real_escape_string(cookie_decrypt($_COOKIE['password'],intval($_COOKIE['id_user'])))."' LIMIT 1"), 0)==1)
{
$_USER=mysql_fetch_array(mysql_query("SELECT * FROM `".prefix."users` WHERE `id` = ".intval($_COOKIE['id_user'])." AND `password` = '".mysql_real_escape_string(cookie_decrypt($_COOKIE['password'],intval($_COOKIE['id_user'])))."' LIMIT 1"));
$_SESSION['id_user']=$_USER['id'];
$_enter=true;
}
else
{
$_enter=false;setcookie('id_user');
setcookie('password');
}
}
$_zapros='?';

?>