function check_login($username, $md5_password, $post = true, $check_log = false) { global $member_id, $db, $user_group, $lang, $_IP, $_TIME, $config; if ($username == "" or $md5_password == "") { return false; } $result = false; if ($post) { $username = $db->safesql($username); $md5_password = md5($md5_password); if ($config['auth_metod']) { if (preg_match("/[\\||\\'|\\<|\\>|\"|\\!|\\?|\$|\\/|\\\\|\\&\\~\\*\\+]/", $username)) { return false; } $where_name = "email='{$username}'"; } else { if (preg_match("/[\\||\\'|\\<|\\>|\"|\\!|\\?|\$|\\@|\\/|\\\\|\\&\\~\\*\\+]/", $username)) { return false; } $where_name = "name='{$username}'"; } $member_id = $db->super_query("SELECT * FROM " . USERPREFIX . "_users WHERE {$where_name} AND password='******'"); if ($member_id['user_id'] and $user_group[$member_id['user_group']]['allow_admin'] and $member_id['banned'] != 'yes') { $result = TRUE; } else { $member_id = array(); } } else { $username = intval($username); $md5_password = md5($md5_password); $member_id = $db->super_query("SELECT * FROM " . USERPREFIX . "_users WHERE user_id='{$username}'"); if ($member_id['user_id'] and $member_id['password'] and $member_id['password'] == $md5_password and $user_group[$member_id['user_group']]['allow_admin'] and $member_id['banned'] != 'yes') { $result = TRUE; } else { $member_id = array(); } } if ($result) { if (!allowed_ip($member_id['allowed_ip'])) { $member_id = array(); $result = false; set_cookie("dle_user_id", "", 0); set_cookie("dle_name", "", 0); set_cookie("dle_password", "", 0); set_cookie("dle_hash", "", 0); @session_destroy(); @session_unset(); set_cookie(session_name(), "", 0); msg("info", $lang['index_msge'], $lang['ip_block']); } } if (!$result) { if ($config['login_log']) { $db->query("INSERT INTO " . PREFIX . "_login_log (ip, count, date) VALUES('{$_IP}', '0', '" . time() . "') ON DUPLICATE KEY UPDATE count=count+1, date='" . time() . "'"); } } else { if ($check_log and !$_SESSION['check_log']) { if ($post) { $a_id = 82; $extr = ""; } else { $a_id = 86; if ($_SERVER['HTTP_REFERER']) { $extr = $db->safesql(htmlspecialchars($_SERVER['HTTP_REFERER'], ENT_QUOTES)); } else { $extr = "Direct DLE Adminpanel"; } } $db->query("INSERT INTO " . USERPREFIX . "_admin_logs (name, date, ip, action, extras) values ('" . $db->safesql($member_id['name']) . "', '{$_TIME}', '{$_IP}', '{$a_id}', '{$extr}')"); $_SESSION['check_log'] = 1; } } return $result; }
msgbox($lang['login_err'], $lang['login_err_1']); } } if (!$allow_login) { msgbox($lang['login_err'], $lang['login_err_2']); } if ($is_logged) { if ($config['online_status']) { $stime = 1200; } else { $stime = 14400; } if ($member_id['lastdate'] + $stime < $_TIME) { $db->query("UPDATE LOW_PRIORITY " . USERPREFIX . "_users SET lastdate='{$_TIME}' WHERE user_id='{$member_id['user_id']}'"); } if (!allowed_ip($member_id['allowed_ip'])) { $is_logged = 0; msgbox($lang['login_err'], $lang['ip_block_login']); } if ($config['ip_control'] == '2' and !check_netz($member_id['logged_ip'], $_IP) and !isset($_POST['login'])) { $is_logged = 0; } elseif ($config['ip_control'] == '1' and $user_group[$member_id['user_group']]['allow_admin'] and !check_netz($member_id['logged_ip'], $_IP) and !isset($_POST['login'])) { $is_logged = 0; } } if (!$is_logged) { $member_id = array(); set_cookie("dle_user_id", "", 0); set_cookie("dle_password", "", 0); set_cookie("dle_hash", "", 0); $_SESSION['dle_user_id'] = 0;