if ($session['user']['restorepage'] > "") {
redirect($session['user']['restorepage']);
} else {
if ($location == $iname) {
redirect("inn.php?op=strolldown");
} else {
redirect("news.php");
}
}
}
} else {
$session['message'] = translate_inline("`4Error, your login was incorrect`0");
//now we'll log the failed attempt and begin to issue bans if
//there are too many, plus notify the admins.
$sql = "DELETE FROM " . db_prefix("faillog") . " WHERE date<'" . date("Y-m-d H:i:s", strtotime("-" . getsetting("expirecontent", 180) / 4 . " days")) . "'";
checkban($name, true);
db_query($sql);
$sql = "SELECT acctid FROM " . db_prefix("accounts") . " WHERE login='******'";
$result = db_query($sql);
if (db_num_rows($result) > 0) {
// just in case there manage to be multiple accounts on
// this name.
while ($row = db_fetch_assoc($result)) {
$post = httpallpost();
$sql = "INSERT INTO " . db_prefix("faillog") . " VALUES (0,'" . date("Y-m-d H:i:s") . "','" . addslashes(serialize($post)) . "','{$_SERVER['REMOTE_ADDR']}','{$row['acctid']}','{$_COOKIE['lgi']}')";
db_query($sql);
$sql = "SELECT " . db_prefix("faillog") . ".*," . db_prefix("accounts") . ".superuser,name,login FROM " . db_prefix("faillog") . " INNER JOIN " . db_prefix("accounts") . " ON " . db_prefix("accounts") . ".acctid=" . db_prefix("faillog") . ".acctid WHERE ip='{$_SERVER['REMOTE_ADDR']}' AND date>'" . date("Y-m-d H:i:s", strtotime("-1 day")) . "'";
$result2 = db_query($sql);
$c = 0;
$alert = "";
$su = false;
exit;
}
if ($login_true || $admin_user) {
} else {
if (USE_CAPCHA) {
if ($_SESSION['security_code'] != $_POST['security_code'] or empty($_POST['security_code'])) {
echo "<script language='javascript'>";
echo "alert('" . _JAVA_CAPTCHA_NOACC . "')";
echo "</script>";
echo "<script language='javascript'>javascript:history.go(-1)</script>";
exit;
}
}
}
checkban($_POST['NAME']);
checkban($_POST['COMMENT']);
$_GET['id'] = intval($_GET['id']);
//·Ó¡ÒÃà¾ÔèÁ¢éÍÁÙÅŧ´ÒµéÒàºÊ
$db->connectdb(DB_NAME, DB_USERNAME, DB_PASSWORD);
$db->add_db("web_video_comment2", array("video_id" => "" . $_GET['id'] . "", "name" => "" . htmlspecialchars($_POST['NAME']) . "", "comment" => "" . $_POST['COMMENT'] . "", "ip" => "" . $IPADDRESS . "", "post_date" => "" . TIMESTAMP . ""));
$db->closedb();
?>
<TABLE cellSpacing=0 cellPadding=0 width=750 border=0>
<TBODY>
<TR>
<TD width="10" vAlign=top></TD>
<TD width="740" vAlign=top>
<!-- gallery -->
<IMG SRC="images/menu/textmenu_video.gif" BORDER="0"><BR><BR>
<BR><BR><BR><BR>
<CENTER><IMG SRC="images/icon/download.gif" BORDER="0"><BR><BR>
redirect("news.php");
} else {
if ($location == 1) {
redirect("inn.php?op=strolldown");
} else {
saveuser();
header("Location: {$session['user']['restorepage']}");
exit;
}
}
}
} else {
$session[message] = "`4Error, your login was incorrect`0";
//now we'll log the failed attempt and begin to issue bans if there are too many, plus notify the admins.
$sql = "DELETE FROM faillog WHERE date<'" . date("Y-m-d H:i:s", strtotime("-" . getsetting("expirecontent", 180) / 4 . " days")) . "'";
checkban();
db_query($sql);
$sql = "SELECT acctid FROM accounts WHERE login='******'name']}'";
$result = db_query($sql);
if (db_num_rows($result) > 0) {
// just in case there manage to be multiple accounts on this name.
while ($row = db_fetch_assoc($result)) {
$sql = "INSERT INTO faillog VALUES (0,now(),'" . addslashes(serialize($_POST)) . "','{$_SERVER['REMOTE_ADDR']}','{$row['acctid']}','{$_COOKIE['lgi']}')";
db_query($sql);
$sql = "SELECT faillog.*,accounts.superuser,name,login FROM faillog INNER JOIN accounts ON accounts.acctid=faillog.acctid WHERE ip='{$_SERVER['REMOTE_ADDR']}' AND date>'" . date("Y-m-d H:i:s", strtotime("-1 day")) . "'";
$result2 = db_query($sql);
$c = 0;
$alert = "";
$su = false;
while ($row2 = db_fetch_assoc($result2)) {
if ($row2['superuser'] > 0) {
echo "alert('" . _JAVA_DATA_NULL . "')";
echo "</script>";
echo "<script language='javascript'>javascript:history.go(-1)</script>";
exit;
}
if ($login_true == $VIEWBOARD['post_name'] || $admin_user) {
} else {
if (USE_CAPCHA) {
check_captcha($_POST['security_code']);
}
}
//¨º if( !$login_true)
//àªç¤áº¹â¦É³Ò
checkban($_POST['topic']);
//checkban($_POST['DETAIL']);
checkban($_POST['post_name']);
//Check Pic Size
if (substr_count($_POST['detail'], '<p>') == 1) {
$temp = preg_replace("/<p>/i", "", $_POST['detail']);
$temp = preg_replace("/<\\/p>/i", "", $temp);
$_POST['detail'] = $temp;
}
$FILE = $_FILES['FILE'];
if ($FILE['size'] > _WEBBOARD_LIMIT_UPLOAD) {
echo "<script language='javascript'>";
echo "alert('" . _WEBBOARD_EDIT_ADD_PIC_WIDTH . " " . _WEBBOARD_LIMIT_UPLOAD / 1024 . " kB " . _WEBBOARD_EDIT_ADD_PIC_WIDTH . "')";
echo "</script>";
echo "<script language='javascript'>javascript:history.back()</script>";
exit;
}
$webboard_pic = $_POST['picture'];
//Check data
if (!$_POST['topic'] or !$_POST['category'] or !$_POST['detail'] or !$_POST['post_name']) {
echo "<script language='javascript'>";
echo "alert('" . _JAVA_DATA_NULL . "')";
echo "</script>";
echo "<script language='javascript'>javascript:history.go(-1)</script>";
exit;
}
if ($_SESSION['login_true'] || $_SESSION['admin_user']) {
} else {
if (USE_CAPCHA) {
check_captcha($_POST['security_code']);
}
}
//����ẹ��ɳ�
$TOPIC = checkban($_POST['topic']);
$DETAIL = banword($_POST['detail']);
$POSTNAME = CheckRude($_POST['post_name']);
if (substr_count($_POST['detail'], '<p>') == 1) {
$temp = preg_replace("/<p>/i", "", $_POST['detail']);
$temp = preg_replace("/<\\/p>/i", "", $temp);
$_POST['detail'] = $temp;
}
$FILE = $_FILES['FILE'];
$FILEATT = $_FILES['FILEATT'];
if ($FILE['size'] > _WEBBOARD_LIMIT_UPLOAD) {
echo "<script language='javascript'>";
echo "alert('" . _WEBBOARD_EDIT_ADD_PIC_WIDTH . " " . _WEBBOARD_LIMIT_UPLOAD / 1024 . " kB " . _WEBBOARD_EDIT_ADD_PIC_WIDTH . "')";
echo "</script>";
echo "<script language='javascript'>javascript:history.back()</script>";
exit;
//Definimos inside como verdadero
define('INSTALL', false);
//Definimos install como falso.
@session_destroy();
//Borramos las sesiones (@ para que no muestre si ahi algun error)
$InLogin = true;
//ponemos la variable $InLogin como verdadera
$ugamela_root_path = './';
//Definimos la variable $ugamela_root_path como un la ruta principal
include $ugamela_root_path . 'extension.inc';
//incluimos el archivo extension.inc
include $ugamela_root_path . 'common.' . $phpEx;
//incluimos el archivo common ($phpEx es la extension dada en extenxsion.inc)
includeLang('login');
//incluimos el archivo de idioma login ( atraves de una funcion )
checkban($_SERVER['REMOTE_ADDR']);
//es una funcion que comprueba si la ip esta baneada ( MOD por lyra )
if ($_POST) {
//Si existe $_POST (Enviaron el formulario mediante el metodo _POST)
$login = doquery("SELECT * FROM {{table}} WHERE `username` = '" . mysql_escape_string($_POST['username']) . "' LIMIT 1", "users", true);
//Buscamos los datos en la db del usuario puesto en el formulario.
if ($login) {
//Si se encontro algun resultado.
if ($login['password'] == md5($_POST['password'])) {
//Si la contraseña coincide con la de la db (codificada en md5).
include $ugamela_root_path . 'config.' . $phpEx;
//incluimos el archivo config
$_SESSION[USER_SESSION][id] = $login['id'];
//Creamos la sesion id.
$_SESSION[USER_SESSION][username] = $login['username'];
//Creamos la sesion username.
<?php
// translator ready
// addnews ready
// mail ready
define("ALLOW_ANONYMOUS", true);
require_once "common.php";
require_once "lib/is_email.php";
require_once "lib/checkban.php";
require_once "lib/http.php";
tlschema("create");
$trash = getsetting("expiretrashacct", 1);
$new = getsetting("expirenewacct", 10);
$old = getsetting("expireoldacct", 45);
checkban('', true);
$op = httpget('op');
if ($op == "val") {
$id = httpget('id');
$sql = "SELECT acctid,login,password,name FROM " . db_prefix("accounts") . " WHERE emailvalidation='{$id}' AND emailvalidation!=''";
$result = db_query($sql);
if (db_num_rows($result) > 0) {
$row = db_fetch_assoc($result);
$sql = "UPDATE " . db_prefix("accounts") . " SET emailvalidation='' WHERE emailvalidation='{$id}';";
db_query($sql);
output("`#`cYour email has been validated. You may now log in.`c`0");
rawoutput("<form action='login.php' method='POST'>");
rawoutput("<input name='name' value=\"{$row['login']}\" type='hidden'>");
rawoutput("<input name='password' value=\"!md52!{$row['password']}\" type='hidden'>");
rawoutput("<input name='force' value='1' type='hidden'>");
output("Your email has been validated, your login name is `^%s`0.`n`n", $row['login']);
$click = translate_inline("Click here to log in");
