session_start('fsadm2');
error_reporting(E_ERROR | E_WARNING | E_PARSE);
// Cloudflare addition
if (isset($_SERVER['HTTP_CF_CONNECTING_IP'])) {
$_SERVER['REMOTE_ADDR'] = $_SERVER['HTTP_CF_CONNECTING_IP'];
}
function sendmail($rcpt, $subj, $txt, $html = false)
{
$headers = 'From: hostmaster@fullserver.eu' . "\r\n" . 'Reply-To: hostmaster@fullserver.eu' . "\r\n" . 'X-Mailer: FSADM v2';
return mail($rcpt, $subj, $txt, $headers);
}
require_once "./p/libs/BazaDanych.class.php";
$RDB = new BazaDanych("dbhost", "dbname", "dbuser", "dbpass");
$LVL = 0;
if ($_SERVER['REQUEST_METHOD'] == 'POST' && $_POST['login'] && $_POST['haslo'] && !$_POST['token']) {
$autentykacja = $RDB->wynik("SELECT 1 FROM fs_players WHERE level>=1 AND nick='" . $RDB->e($_POST['login']) . "' AND password='******'login'] . "nhugdij89^Dhcd" . $_POST['haslo'])) . "' AND IFNULL(TIMESTAMPDIFF(MINUTE,NOW(),suspendedTo),0)<1");
if ($autentykacja != 1) {
$txt = $_POST['login'] . "\r\n" . print_r($_SERVER, 1) . "\r\n" . "\r\n" . print_r($_SESSION, 1) . "\r\n" . mysql_error() . "\r\n";
sendmail("*****@*****.**", "[FSADM] fail", $txt);
die("Podano nieprawidlowe dane logowania!");
}
$txt = $_POST['login'] . "\r\n" . print_r($_SERVER, 1) . "\r\n" . "\r\n" . print_r($_SESSION, 1) . "\r\n" . mysql_error() . "\r\n";
sendmail("*****@*****.**", "[FSADM] login (step1)", $txt);
$_SESSION['authkey'] = md5($_POST['login'] . strtoupper(md5($_POST['login'] . "nhugdij89^Dhcd" . $_POST['haslo'])));
$_SESSION['login'] = $_POST['login'];
}
if ($_SERVER['REQUEST_METHOD'] == 'POST' && !$_POST['login'] && !$_POST['haslo'] && $_POST['token'] && $_SESSION['authkey']) {
if (!isset($_SESSION['authkey'])) {
Header("Location: /auth.html");
exit;
}
function user_row_lss($username, $password)
{
global $db, $config, $user;
// first retrieve default group id
$sql = 'SELECT group_id
FROM ' . GROUPS_TABLE . "\n WHERE group_name = '" . $db->sql_escape('REGISTERED') . "'\n AND group_type = " . GROUP_SPECIAL;
$result = $db->sql_query($sql);
$row = $db->sql_fetchrow($result);
$db->sql_freeresult($result);
if (!$row) {
trigger_error('NO_GROUP');
}
$username_clean = utf8_clean_string($username);
$rdb = new BazaDanych();
$r_login = $rdb->e($username_clean);
$r_hash = md5(strtolower($username_clean) . "MRFX_01" . $password);
$auth = $rdb->wynik("SELECT email FROM lss_users WHERE login='******' AND hash='{$r_hash}';");
// generate user account data
return array('username' => $username, 'user_password' => phpbb_hash($password), 'user_email' => $auth, 'group_id' => (int) $row['group_id'], 'user_type' => USER_NORMAL, 'user_ip' => $user->ip, 'user_new' => $config['new_member_post_limit'] ? 1 : 0);
}
