session_start('fsadm2'); error_reporting(E_ERROR | E_WARNING | E_PARSE); // Cloudflare addition if (isset($_SERVER['HTTP_CF_CONNECTING_IP'])) { $_SERVER['REMOTE_ADDR'] = $_SERVER['HTTP_CF_CONNECTING_IP']; } function sendmail($rcpt, $subj, $txt, $html = false) { $headers = 'From: hostmaster@fullserver.eu' . "\r\n" . 'Reply-To: hostmaster@fullserver.eu' . "\r\n" . 'X-Mailer: FSADM v2'; return mail($rcpt, $subj, $txt, $headers); } require_once "./p/libs/BazaDanych.class.php"; $RDB = new BazaDanych("dbhost", "dbname", "dbuser", "dbpass"); $LVL = 0; if ($_SERVER['REQUEST_METHOD'] == 'POST' && $_POST['login'] && $_POST['haslo'] && !$_POST['token']) { $autentykacja = $RDB->wynik("SELECT 1 FROM fs_players WHERE level>=1 AND nick='" . $RDB->e($_POST['login']) . "' AND password='******'login'] . "nhugdij89^Dhcd" . $_POST['haslo'])) . "' AND IFNULL(TIMESTAMPDIFF(MINUTE,NOW(),suspendedTo),0)<1"); if ($autentykacja != 1) { $txt = $_POST['login'] . "\r\n" . print_r($_SERVER, 1) . "\r\n" . "\r\n" . print_r($_SESSION, 1) . "\r\n" . mysql_error() . "\r\n"; sendmail("*****@*****.**", "[FSADM] fail", $txt); die("Podano nieprawidlowe dane logowania!"); } $txt = $_POST['login'] . "\r\n" . print_r($_SERVER, 1) . "\r\n" . "\r\n" . print_r($_SESSION, 1) . "\r\n" . mysql_error() . "\r\n"; sendmail("*****@*****.**", "[FSADM] login (step1)", $txt); $_SESSION['authkey'] = md5($_POST['login'] . strtoupper(md5($_POST['login'] . "nhugdij89^Dhcd" . $_POST['haslo']))); $_SESSION['login'] = $_POST['login']; } if ($_SERVER['REQUEST_METHOD'] == 'POST' && !$_POST['login'] && !$_POST['haslo'] && $_POST['token'] && $_SESSION['authkey']) { if (!isset($_SESSION['authkey'])) { Header("Location: /auth.html"); exit; }
function user_row_lss($username, $password) { global $db, $config, $user; // first retrieve default group id $sql = 'SELECT group_id FROM ' . GROUPS_TABLE . "\n WHERE group_name = '" . $db->sql_escape('REGISTERED') . "'\n AND group_type = " . GROUP_SPECIAL; $result = $db->sql_query($sql); $row = $db->sql_fetchrow($result); $db->sql_freeresult($result); if (!$row) { trigger_error('NO_GROUP'); } $username_clean = utf8_clean_string($username); $rdb = new BazaDanych(); $r_login = $rdb->e($username_clean); $r_hash = md5(strtolower($username_clean) . "MRFX_01" . $password); $auth = $rdb->wynik("SELECT email FROM lss_users WHERE login='******' AND hash='{$r_hash}';"); // generate user account data return array('username' => $username, 'user_password' => phpbb_hash($password), 'user_email' => $auth, 'group_id' => (int) $row['group_id'], 'user_type' => USER_NORMAL, 'user_ip' => $user->ip, 'user_new' => $config['new_member_post_limit'] ? 1 : 0); }