} else { $_SESSION['hit'] = 0; } include "includes/ez_sql_core.php"; include "includes/ez_sql_mysqli.php"; $db = new ezSQL_mysqli(db_user, db_password, db_name, db_host); if (isset($_POST['user_login'])) { $user_login = trim($db->escape($_POST['user_login'])); } else { echo "<div class='alert alert-warning' style='width: 375px;'><i class='glyphicon glyphicon-info-sign'></i> Username / Email is Required.</div>"; include "includes/footer.php"; exit; } if (isset($_POST['user_password'])) { $user_password = trim($db->escape($_POST['user_password'])); $is_valid = checkpwd($user_password, $user_login); } //uesrs can login with either login name or email address. $pos = strrpos($user_login, "@"); if ($pos === false) { // note: three equal signs $checkusing = "user_login"; } else { $checkusing = "user_email"; } $is_pending = $db->get_var("select user_pending from site_users where user_login = '******' OR user_email = '{$user_login}' limit 1;"); if ($is_pending == 1) { //if user is pending, then set invalid to 0 $is_valid = 0; } if ($is_valid != 1) {
$dir = "user"; $where = _site_user; ## SECTIONS ## if (!isset($_GET['action'])) { $action = ""; } else { $action = $_GET['action']; } switch ($action) { case 'login': $where = _site_user_login; if ($_GET['do'] == "yes") { if ($secureLogin == 1 && ($_POST['secure'] != $_SESSION['sec_login'] || empty($_SESSION['sec_login']))) { $index = error(_error_invalid_regcode, 1); } else { if (checkpwd($_POST['user'], md5($_POST['pwd']))) { $qry = db("SELECT id,user,nick,pwd,email,level,time FROM " . $db['users'] . "\n \t\t \t \t WHERE user = '******'user']) . "'\n AND pwd = '" . md5($_POST['pwd']) . "'\n AND level != '0'"); $get = _fetch($qry); if (isset($_POST['permanent'])) { set_cookie($prev . "id", $get['id']); set_cookie($prev . "pwd", $get['pwd']); } $_SESSION['id'] = $get['id']; $_SESSION['pwd'] = $get['pwd']; $_SESSION['lastvisit'] = $get['time']; $_SESSION['ip'] = $userip; $upd = db("UPDATE " . $db['userstats'] . "\n\t\t \t\t\t\t SET `logins` = logins+1\n\t\t\t\t \t\t\t WHERE user = "******"UPDATE " . $db['users'] . "\n\t\t \t \t\t\t\t SET `online` = '1',\n `sessid` = '" . session_id() . "',\n `ip` = '" . $userip . "'\n\t\t\t\t\t\t WHERE id = " . $get['id']); $protocol = "login(" . $get['id'] . ")"; $upd = db("INSERT INTO " . $db['ipcheck'] . "\n SET `ip` = '" . $userip . "',\n `what` = '" . $protocol . "',\n `time` = '" . (int) time() . "'"); header("Location: ?action=userlobby");