Example #1
0
} else {
    include_once '_transfer/language.php';
    if (!isset($_POST['username']) || !isset($_POST['username'])) {
        include_once 'template/t_header.php';
        $reason = "<font color=\"darkred\">" . $write[2] . "</font><br>";
    } else {
        if ($captchaEnable != 0 && $_SESSION['CaptchaText'] != $_POST['CaptchaText']) {
            include_once 'template/t_header.php';
            $reason = "<font color=\"darkred\">Wrong Captcha code!</font><br>";
        } else {
            $username = strtoupper(addslashes($_POST['username']));
            $SHA1Password = SHA1Password($username, strtoupper(addslashes($_POST['password'])));
            $connection = mysql_connect($AccountDBHost, $DBUser, $DBPassword);
            mysql_select_db($AccountDB, $connection);
            mysql_set_charset('utf8', $connection);
            $query = mysql_query("SELECT `id`,`username` FROM `account` WHERE `username` = \"" . _Y($username) . "\" AND `sha_pass_hash` = \"" . _Y($SHA1Password) . "\";", $connection) or die(mysql_error());
            $result = mysql_fetch_array($query);
            mysql_close($connection);
            if ($result['username'] == "") {
                include_once 'template/t_header.php';
                $reason = "<font color=\"darkred\">Wrong Password!</font><br>";
            } else {
                if ($result['username']) {
                    $_SESSION['loged'] = $SHA1Password;
                    $_SESSION['id'] = $result['id'];
                    $_SESSION['user'] = $result['username'];
                    Header('Location: playerside.php');
                }
            }
        }
    }
function _lookForAccount($connection, $U)
{
    $query = mysql_query("SELECT `id` FROM `account` WHERE `username` = '" . _Y($U) . "';", $connection) or die(mysql_error());
    $row = mysql_fetch_array($query);
    return isset($row[0]) ? $row[0] : -1;
}