<?php
$_SESSION['account'] = isset( $_SESSION['account'] ) ? $_SESSION['account'] : NULL;
// Прошедший аутентификацию ранее
if( $_SESSION['account'] )
{
redirect( gen_uri('account') );
}
$template_vars['header'] = array(
'TITLE' => $lang['LOGIN'],
'CSS' => $css
);
$template_vars['body'] = array();
$template->set_vars('header', $template_vars['header']);
if( empty($_POST) == false )
{
$id = isset( $_POST['id'] ) ? (int) $_POST['id'] : 0;
$password = isset( $_POST['password'] ) ? (string) $_POST['password'] : '';
if( get_magic_quotes_gpc() )
{
$password = stripslashes( $password );
}
if( !$sql->query("DELETE FROM `" . CATALOGUE_BANNED . "` WHERE `time` < UNIX_TIMESTAMP();") )
{
put_error(DBMS_ERROR, htmlspecialchars($sql->error['message']), __LINE__, __FILE__);
}
if( !$sql->query("SELECT * FROM `" . CATALOGUE_BANNED . "` WHERE `ip` = INET_ATON('" . $_SERVER['REMOTE_ADDR'] . "') AND `ua` = '" . mysql_escape_string($ua) . "';") )
{
put_error(DBMS_ERROR, htmlspecialchars($sql->error['message']), __LINE__, __FILE__);
}
if( $sql->num_rows() > 0 )
{
$template->set_block_vars('body', 'error', array('MESSAGE' => $lang['ERR_BANNED']));
}
else if( $password === '' )
{
$template->set_block_vars('body', 'error', array('MESSAGE' => $lang['ERR_EMPTY_PASSWORD']));
}
else if( $id === 0 )
{
$template->set_block_vars('body', 'error', array('MESSAGE' => $lang['ERR_EMPTY_ID']));
}
else
{
if( !($qresult = $sql->query("SELECT * FROM `" . CATALOGUE_SITES . "` WHERE `id` = " . $id . " AND `owner` = 'user';")) )
{
put_error(DBMS_ERROR, htmlspecialchars($sql->error['message']), __LINE__, __FILE__);
}
if( $sql->num_rows() > 0 )
{
$site = $sql->fetch_assoc($sql->result);
if( md5($password) == $site['password'] )
{
$phone_number = isset( $_SERVER['X_NOKIA_MSISDN'] ) ? $_SERVER['X_NOKIA_MSISDN'] : (isset( $_SERVER['X_NETWORK_INFO'] ) ? $_SERVER['X_NETWORK_INFO'] : '' );
$phone_number = cleanup($phone_number);
if( !$sql->query("UPDATE `" . CATALOGUE_SITES . "` SET `current_ip` = INET_ATON('" . $_SERVER['REMOTE_ADDR'] . "'), `current_ua` = '" . $sql->escape_string($ua) . "', `current_phone_number` = '" . $sql->escape_string($phone_number) . "' WHERE `id` = " . $id . ";") )
{
put_error(DBMS_ERROR, htmlspecialchars($sql->error['message']), __LINE__, __FILE__);
}
$_SESSION['account'] = $id;
redirect( gen_uri('account') );
}
else
{
$template->set_block_vars('body', 'error', array('MESSAGE' => $lang['ERR_LOGIN_FAILED']));
}
}
else
{
$template->set_block_vars('body', 'error', array('MESSAGE' => sprintf($lang['ERR_SITE_DNE'], $id)));
}
}
}
$template_vars['body'] = array(
'ID' => $lang['ID'],
'PASSWORD' => $lang['PASSWORD'],
'SUBMIT' => $lang['SUBMIT'],
'PATH' => gen_uri($m, '', $nocache),
'FORGOT_HREF' => gen_uri('forgot'),
'FORGOT' => $lang['FORGOT'],
'BACK_HREF' => gen_uri('index'),
'BACK' => $lang['BACK'],
'NOCACHE' => $nocache
);
$template_vars['footer'] = array(
'SWITCH_VERSION' => switch_version($m, '', $nocache),
'COUNTER' => '<a href="http://waplog.net/ru/c.shtml?29269"><img src="http://c.waplog.net/ru/29269.cnt" alt="waplog" /></a><br />'
);
$template->set_vars('header', $template_vars['header']);
$template->set_vars('body', $template_vars['body']);
?>