public static function VERIFY($L, $A = FALSE) { $F = FALSE; $U = $_COOKIE['core_u']; $K = $_COOKIE['core_k']; if (isset($U) && isset($K)) { $R = MYSQL::QUERY('SELECT session_key,session_experation,qas_time FROM core_users_sessions WHERE session_user = ? LIMIT 1', array($U)); if (!empty($R) && $K == $R['session_key'] && TIME() < $R['session_experation']) { $R = MYSQL::QUERY('SELECT * FROM core_users WHERE user_id = ? LIMIT 1', array($U)); if (!empty($R) && $R['level'] >= $L) { $S = MYSQL::QUERY('SELECT * FROM core_stores WHERE s_id = ? LIMIT 1', array($R['store'])); DATE_DEFAULT_TIMEZONE_SET($S['s_timezone']); $R['store_info'] = $S; return $R; } else { $F = TRUE; } } else { if ($K == $R['session_key']) { $F = TRUE; } else { die(json_encode(array("NA" => "qas"))); } } } else { $F = TRUE; } if ($F == TRUE) { if ($A == FALSE) { setcookie("core_u", "", time() - 100000, '/'); setcookie("core_k", "", time() - 100000, '/'); header("Location: https://secure.cellwiz.net/new"); } else { die(json_encode(array("NA" => "true"))); } } }
<?php require "../../frame/engine.php"; ENGINE::START("HASH"); $Hash = new PasswordHash(8, true); $USER = $_POST['usr']; $USER_CLEAN = STRTOLOWER($USER); $PASS = $_POST['pas']; if (empty($USER) && empty($PASS)) { die('e1437'); } else { $R = MYSQL::QUERY("SELECT * FROM core_users WHERE username_clean = ? LIMIT 1", array($USER_CLEAN)); if (empty($R)) { die('e1435'); } else { if (!$Hash->CheckPassword($PASS, $R['password'])) { die('e1436'); } else { $S = MYSQL::QUERY('SELECT * FROM core_stores WHERE s_id = ? LIMIT 1', array($R['store'])); DATE_DEFAULT_TIMEZONE_SET($S['s_timezone']); USER::LOG("Logged In", $R['user_id']); $SES_EXP = TIME() + 43200; $SES_GEN = FORMAT::SES(50); $params = array($SES_GEN, $R['user_id'], $SES_EXP, $SES_GEN, $SES_EXP); MYSQL::QUERY('INSERT INTO core_users_sessions (session_key,session_user,session_experation) VALUES (?,?,?) ON DUPLICATE KEY UPDATE session_key=?,session_experation=?', $params); setcookie("core_u", $params[1], $SES_EXP, '/'); setcookie("core_k", $params[0], $SES_EXP, '/'); echo 's1434'; } } }