$lasterror[] = $language['login_fail_password'];
}
if (!$lasterror) {
$md5_username = md5($hash_salt . "{$username}");
$lasterror[] = $language['login_fail_password'];
$query = 'select * from ' . $mysql_ini['prefix'] . 'members where username = \'' . $md5_username . '\' limit 1';
$result = $db->query("{$query}");
if (mysqli_num_rows($result) === 1) {
$result = $result->fetch_assoc();
$md5_password = md5("{$username}" . "{$hash_salt}" . "{$password}" . $result['reg_time']);
if ($md5_password === $result['password']) {
$query = 'update ' . $mysql_ini['prefix'] . 'members set lastact_time = null where uid = \'' . $result['uid'] . '\'limit 1';
$db->query("{$query}");
unset($lasterror);
$result['uid'] = 999;
GlobalFunc::set_member_session($result, $cookiepre, $username);
include "./include/gc.inc.php";
Header("Location:" . "./cpanel.php");
exit;
}
}
}
if ($lasterror) {
$fail_login_time++;
if ($fail_login_time == 1) {
$query = 'insert into ' . $mysql_ini['prefix'] . 'spam_members values (\'' . $userIP . '\',1,' . $currenTime . ')';
} else {
if ($fail_login_time >= 3) {
$fail_login_time = 3;
$is_need_seccode = true;
}