- 01
- 02
- 03
- 04
- 05
- 06
- 07
- 08
- 09
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- 31
- 32
- 33
- 34
- 35
- 36
- 37
- 38
- 39
- 40
- 41
- 42
- 43
- 44
- 45
- 46
- 47
- 48
- 49
- 50
- 51
- 52
- 53
- 54
- 55
- 56
- 57
- 58
- 59
- 60
- 61
- 62
- 63
- 64
- 65
- 66
- 67
- 68
- 69
- 70
- 71
- 72
- 73
- 74
- 75
- 76
- 77
- 78
- 79
- 80
- 81
- 82
- 83
- 84
- 85
- 86
- 87
- 88
- 89
- 90
- 91
- 92
- 93
- 94
if (isset ($_POST['SendAuthForm'])) {
//массив ошибок
$AuthError = array ();
if (!isset ($_POST['AuthLogin']) || $_POST['AuthLogin'] == '' || !isset ($_POST['AuthPass']) || $_POST['AuthPass'] == '') {
$AuthError[] = $ForumLang['AuthErrors']['WrongLoginPass'];
}
else {
$AuthLogin = trim ($_POST['AuthLogin']);
$AuthPass = trim ($_POST['AuthPass']);
$CheckUserValid = 0;
//проверка логина-пароля
$SQLCheckAuth = 'SELECT UserID, UserPassword, UserMail, GroupID
FROM users
WHERE UserLogin = \'' . Defence_EscapeString ($DBType, $AuthLogin) . '\'';
$CheckAuthQuery = DB_Query ($DBType, $SQLCheckAuth, $ForumConnection);
if (!$CheckAuthQuery) {
exit ('Error while checking auth data!');
}
$UserExists = DB_NumRows ($DBType, $CheckAuthQuery);
if ($UserExists == 0) {
$CheckUserValid++;
}
//массив
$UserRow = DB_FetchAssoc ($DBType, $CheckAuthQuery);
//данные
$UserPass = $UserRow['UserPassword'];
$UserID = intval ($UserRow['UserID']);
$UserMail = $UserRow['UserMail'];
$GroupID = intval ($UserRow['GroupID']);
if (Main_Crypt ($AuthPass) <> $UserPass) {
$CheckUserValid++;
}
if ($CheckUserValid > 0) {
$AuthError[] = $ForumLang['AuthErrors']['WrongLoginPass'];
}
else {
//удаление из гостей
$SQLDelFromGuests = 'DELETE FROM guest_activity
WHERE SessionID=\'' . $SessionID . '\'';
$DelFromGuestsQuery = DB_Query ($DBType, $SQLDelFromGuests, $ForumConnection);
if (!$DelFromGuestsQuery) {
exit ('Error while deleting user from guest table!');
}
//редактирование таблицы пользователя
$CurAction = 'main_page';
$SQLUpdateUser = 'UPDATE user_activity
SET UserLastLogin=\'' . $Now . '\', UserLastAction=\'' . $CurAction . '\', UserIsOnline=\'yes\'
WHERE UserID=\'' . $UserID . '\'';
$UpdateUserQuery = DB_Query ($DBType, $SQLUpdateUser, $ForumConnection);
if (!$UpdateUserQuery) {
exit ('Error while updating user status onto \'yes\'!');
}
//регенерация ид сессии
session_regenerate_id (TRUE);
$SecureString = '';
//ip пользователя
$CurUserIP = $_SERVER['REMOTE_ADDR'];
$IPArray = explode ('.', $CurUserIP);
$IPRanks = array ();
for ($i=0; $i < $NumIPRanks; $i++) {
$IPRanks[] = $IPArray[$i];
}
$IPFinalString = implode ('.', $IPRanks);
$IPFinalString = sha1 ($IPFinalString . $AuthSalt);
//user-agent
$CurUserAgent = $_SERVER['HTTP_USER_AGENT'];
$CurUserAgent = substr ($CurUserAgent, 0, 50);
$CurUserAgent = sha1 ($CurUserAgent . $AuthSalt);
//объединение
$SecureString = sha1 ($IPFinalString . $CurUserAgent . $AuthSalt);
//случайная строка - хеш
$RandomString = Main_GenerateRandString (10, '1');
$RandomString = sha1 ($RandomString . $AuthSalt . time ());
//данные в сессию
unset ($_SESSION['UserData']);
$_SESSION['UserData'] = array ();
$_SESSION['UserData']['UserType'] = 'member';
$_SESSION['UserData']['UserID'] = $UserID;
$_SESSION['UserData']['UserName'] = $AuthLogin;
$_SESSION['UserData']['GroupID'] = $GroupID;
$_SESSION['UserData'][$SecureKey] = $SecureString;
$_SESSION['UserData'][$SecureCookieName] = $RandomString;
//куки
setcookie($SecureCookieName,$RandomString);
//перенаправление
$_SESSION['Message'] = 'auth_sucess';
$URL = '?action=message';
Header('Location:' . $SelfName . $URL);
exit ();
}
}
//проверка
}
Vasiliy 23.02.2011 17:48 # −3
Lure Of Chaos 24.02.2011 01:08 # 0
не факт, что не школьник