for ($i = 0; $i < 9; $i++) { $hash .= $salt[rand(0, 33)]; } $hash = md5($hash); set_cookie("dle_hash", $hash, 365); $_COOKIE['dle_hash'] = $hash; $member_id['hash'] = $hash; $db->query("UPDATE " . USERPREFIX . "_users set hash='" . $hash . "', lastdate='{$time_now}', logged_ip='" . $_IP . "' WHERE user_id='{$member_id['user_id']}'"); } else { $db->query("UPDATE " . USERPREFIX . "_users set lastdate='{$time_now}', logged_ip='" . $_IP . "' WHERE user_id='{$member_id['user_id']}'"); } } if ($is_loged_in and $config['log_hash'] and ($_COOKIE['dle_hash'] != $member_id['hash'] or $member_id['hash'] == "")) { $is_loged_in = FALSE; } if ($is_loged_in and $config['ip_control'] == '1' and !check_netz($member_id['logged_ip'], $_IP) and $_REQUEST['subaction'] != 'dologin') { $is_loged_in = FALSE; } if (!$is_loged_in) { $member_id = array(); set_cookie("dle_user_id", "", 0); set_cookie("dle_name", "", 0); set_cookie("dle_password", "", 0); set_cookie("dle_hash", "", 0); set_cookie("dle_compl", "", 0); $_SESSION['dle_user_id'] = 0; $_SESSION['dle_password'] = ""; $_SESSION['check_log'] = 0; if ($config['extra_login']) { auth(); }
} if (!$allow_login) { msgbox($lang['login_err'], $lang['login_err_2']); } if ($is_logged) { if ($config['online_status']) { $stime = 1200; } else { $stime = 14400; } if ($member_id['lastdate'] + $stime < $_TIME) { $db->query("UPDATE LOW_PRIORITY " . USERPREFIX . "_users SET lastdate='{$_TIME}' WHERE user_id='{$member_id['user_id']}'"); } if (!allowed_ip($member_id['allowed_ip'])) { $is_logged = 0; msgbox($lang['login_err'], $lang['ip_block_login']); } if ($config['ip_control'] == '2' and !check_netz($member_id['logged_ip'], $_IP) and !isset($_POST['login'])) { $is_logged = 0; } elseif ($config['ip_control'] == '1' and $user_group[$member_id['user_group']]['allow_admin'] and !check_netz($member_id['logged_ip'], $_IP) and !isset($_POST['login'])) { $is_logged = 0; } } if (!$is_logged) { $member_id = array(); set_cookie("dle_user_id", "", 0); set_cookie("dle_password", "", 0); set_cookie("dle_hash", "", 0); $_SESSION['dle_user_id'] = 0; $_SESSION['dle_password'] = ""; }