function loginbypost() { global $LU, $attempt; $post_get = new GetVarClass(); $email = $post_get->getemail("email"); $pw = $post_get->getvar("pw"); if (!$email || !$pw) { return 0; } $subquery = "u.email='{$email}'"; $attempt = 1; $sql = "SELECT u.id,u.pw\n\t\tFROM " . PREF . "users AS u\n\t\tWHERE {$subquery} AND (u.pwhash=MD5('{$pw}') OR '{$LU["moderid"]}'<>0) AND u.active\n\t\tLIMIT 1"; $result = query($sql); $rows = num_rows($result); if ($rows) { list($LU["id"], $knownpw) = fetch_row($result); if (!ALLOWMULTISESSIONS) { dropallsessions($LU["id"]); } } return $rows; }
<?php include "../include/config.php"; $post_get = new GetVarClass(); $email = $post_get->getemail("email"); if (!$email) { die("Редактирование взноса невозможно: введите корректный e-mail. "); } $editorid = loginbycookie(); if (!isAdmin($editorid)) { die("У вас недостаточно прав доступа, чтобы изменить состояние взноса {$email}. "); } $payment = $post_get->getvar("payment", 1, 0); $sql = "UPDATE " . PREF . "users\n SET payment_royal_wedding={$payment}\n WHERE email='{$email}'\n LIMIT 1"; query($sql);