- 001
- 002
- 003
- 004
- 005
- 006
- 007
- 008
- 009
- 010
- 011
- 012
- 013
- 014
- 015
- 016
- 017
- 018
- 019
- 020
- 021
- 022
- 023
- 024
- 025
- 026
- 027
- 028
- 029
- 030
- 031
- 032
- 033
- 034
- 035
- 036
- 037
- 038
- 039
- 040
- 041
- 042
- 043
- 044
- 045
- 046
- 047
- 048
- 049
- 050
- 051
- 052
- 053
- 054
- 055
- 056
- 057
- 058
- 059
- 060
- 061
- 062
- 063
- 064
- 065
- 066
- 067
- 068
- 069
- 070
- 071
- 072
- 073
- 074
- 075
- 076
- 077
- 078
- 079
- 080
- 081
- 082
- 083
- 084
- 085
- 086
- 087
- 088
- 089
- 090
- 091
- 092
- 093
- 094
- 095
- 096
- 097
- 098
- 099
- 100
$name=$_POST['name'];
$name = substr($name,0,15);
$pass=$_POST['pass'];
$pass = substr($pass,0,32);
$pass1 = $pass;
$ok=$_POST['ok'];
$ok = substr($ok,0,1);
$name2=$name;
$name = strtolower($name);
$name0=$name;
$name = str_replace('..',"",$name);
$name = str_replace('.',"",$name);
$name = str_replace('/',"",$name);
$name = str_replace('>',"",$name);
$name = str_replace('<',"",$name);
$name = str_replace("'","",$name);
$name = str_replace('`',"",$name);
$name = str_replace('"',"",$name);
$name = str_replace('from',"",$name);
$name = str_replace('select',"",$name);
$name = str_replace('script',"",$name);
$name = str_replace('table',"",$name);
$name = str_replace('union',"",$name);
$name = str_replace('code',"",$name);
$name = str_replace('hex',"",$name);
$name = str_replace('%',"",$name);
if ($name != $name0)
{
echo "<script>alert('Введён запрещённый символ')</script><meta http-equiv='REFRESH' CONTENT='0;URL=shop.php'>";
exit;
}
$name=$name2;
$pass2=$pass;
$pass= strtolower($pass);
$pass0=$pass;
$pass = str_replace("'","",$pass);
$pass = str_replace('"',"",$pass);
$pass = str_replace('`',"",$pass);
$pass = str_replace('/',"",$pass);
$pass = str_replace('from',"",$pass);
$pass = str_replace('select',"",$pass);
$pass = str_replace('script',"",$pass);
$pass = str_replace('table',"",$pass);
$pass = str_replace('union',"",$pass);
$pass = str_replace('code',"",$pass);
$pass = str_replace('hex',"",$pass);
if ($pass != $pass0)
{
echo "<script>alert('Введён запрещённый символ')</script><meta http-equiv='REFRESH' CONTENT='0;URL=shop.php'>";
exit;
}
$pass=$pass2;
if ($ok != "")
{
if ((strlen($name)<3) || (strlen($pass)<3))
{
echo "<script>alert('Маленькая длина логина или пароля')</script><meta http-equiv='REFRESH' CONTENT='0;URL=vhod.php?l=1'>";
exit;
}
$n=0;
$vsql = mysql_query(" select `username` from `$table` ") or die(mysql_error());
while (($vsql1 = mysql_fetch_array($vsql)) !== false)
{
if ($vsql1["username"] == $name )
{
$n=$vsql1["username"];
}
}
if ($n == $name)
{
if ($n != $name)
{
echo "<script>alert('Не верно введён логин или пароль')</script><meta http-equiv='REFRESH' CONTENT='0;URL=vhod.php?l=1'>";
exit;
}
if ($n == "0")
{
echo "<script>alert('Нет такого логина')</script><meta http-equiv='REFRESH' CONTENT='0;URL=vhod.php?l=1'>";
exit;
}
$sql = mysql_query("select * from `$table` where username='$name' ") or die(mysql_error());
$sql1 = mysql_fetch_array($sql);
$pass=$sql1['password'];
$salt=$sql1['salt'];
$email=$sql1['email'];
$c_login=md5($pass.$salt.$ip.$pass.$salt);
$pass1 = md5(md5($pass1).$salt);
// echo "<script>alert('".$pass1." ==>".$pass."')</script><meta http-equiv='REFRESH' CONTENT='0;URL=vhod.php?l=1'>";
if ($pass1 == $pass)
{
echo "<meta http-equiv='REFRESH' CONTENT='0;URL=cookies.php?p=".$c_login."&n=".$name."&o=1'>";
exit;
}
else
{
echo "<script>alert('Не верно введён логин или пароль. Повторите попытку.')</script><meta http-equiv='REFRESH' CONTENT='0;URL=vhod.php?l=1'>";
exit;
}
Вот так вот... Просто человек не знает про mysql_escape_string()
Говнокод by nod