<?php

foreach (array('_COOKIE', '_POST', '_GET') as $_request) {
    foreach (${$_request} as $_key => $_value) {
        $_key[0] != '_' && (${$_key} = GlobalCore::chobits_addslashes($_value));
    }
}
$sid = GlobalCore::chobits_addslashes($transsidstatus && (isset($_GET['sid']) || isset($_POST['sid'])) ? isset($_GET['sid']) ? $_GET['sid'] : $_POST['sid'] : (isset($_DCOOKIE['sid']) ? $_DCOOKIE['sid'] : ''));
$authkey = AUTHKEY;
$chobits_auth_key = md5($authkey . $_SERVER['HTTP_USER_AGENT']);
list($nw_pw, $nw_uid) = empty($_DCOOKIE['auth']) ? array('', '', 0) : GlobalCore::chobits_addslashes(explode("\t", GlobalCore::authcode($_DCOOKIE['auth'], 'DECODE')), 1);
$sessionexists = 0;
if (!defined('NO_SESSION')) {
    $membertablefields = 'm.uid AS nw_uid, m.username AS nw_user, m.nickname AS nw_nick,m.password AS nw_pw,m.avatar AS nw_avatar, m.regdate AS nw_regdate,
    	m.adminid, m.groupid, m.email, m.timeoffset, m.timeformat, m.dateformat, m.lastvisit, m.lastactivity';
    if ($sid) {
        if ($nw_uid) {
            $query = $db->query("SELECT s.sid, s.groupid='6' AS ipbanned, {$membertablefields}\r\n    \t\t\tFROM {$tablepre}sessions s, {$tablepre}members m\r\n    \t\t\tWHERE m.uid=s.uid AND s.sid='{$sid}' AND CONCAT_WS('.',s.ip1,s.ip2,s.ip3,s.ip4)='{$onlineip}' AND m.uid='{$nw_uid}'\r\n    \t\t\tAND m.password='******'");
        } else {
            $query = $db->query("SELECT sid, uid AS sessionuid, groupid, groupid='6' AS ipbanned\r\n    \t\t\tFROM {$tablepre}sessions WHERE sid='{$sid}' AND CONCAT_WS('.',ip1,ip2,ip3,ip4)='{$onlineip}'");
        }
        if ($_DSESSION = $db->fetch_array($query)) {
            $sessionexists = 1;
            if (!empty($_DSESSION['sessionuid'])) {
                $_DSESSION = array_merge($_DSESSION, $db->fetch_first("SELECT {$membertablefields}\r\n    \t\t\t\tFROM {$tablepre}members m WHERE uid='{$_DSESSION['sessionuid']}'"));
            }
        } else {
            if ($_DSESSION = $db->fetch_first("SELECT sid, groupid, groupid='6' AS ipbanned\r\n    \t\t\tFROM {$tablepre}sessions WHERE sid='{$sid}' AND CONCAT_WS('.',ip1,ip2,ip3,ip4)='{$onlineip}'")) {
                GlobalCore::clearcookies();
                $sessionexists = 1;
            }
Пример #2
0
        } else {
            $md5_password = md5($password);
            $password = preg_replace("/^(.{" . round(strlen($password) / 4) . "})(.+?)(.{" . round(strlen($password) / 6) . "})\$/s", "\\1***\\3", $password);
        }
        if (preg_match("%^[A-Za-z][A-Za-z0-9]*_?[A-Za-z0-9]*\$%i", $email)) {
            $where = "m.username = '******'";
        } else {
            $where = "m.email = '{$email}'";
        }
        $query = $db->query("SELECT m.uid AS nw_uid, m.username AS nw_user, m.nickname AS nw_nick,m.password AS nw_pw,\r\n\t\t\t\t\tm.adminid, m.groupid, m.lastvisit\r\n\t\t\t\t\tFROM {$tablepre}members m\r\n\t\t\t\t\tWHERE {$where}");
        $member = $db->fetch_array($query);
        if ($member['nw_uid'] && $member['nw_pw'] == $md5_password) {
            extract($member);
            $nw_userss = $nw_user;
            $nw_user = addslashes($nw_user);
            $nw_nick = addslashes($nw_nick);
            $styleid = 1;
            $cookietime = intval(isset($_POST['cookietime']) ? $_POST['cookietime'] : ($_DCOOKIE['cookietime'] ? $_DCOOKIE['cookietime'] : 0));
            GlobalCore::chobits_setcookie('cookietime', $cookietime, 31536000);
            GlobalCore::chobits_setcookie('auth', GlobalCore::authcode("{$nw_pw}\t{$nw_uid}", 'ENCODE'), $cookietime);
            $sessionexists = 0;
            GlobalCore::showmessage('login_succeed', NWDIR, 'DONE');
        }
        $errorlog = GlobalCore::nwHtmlspecialchars($timestamp . "\t" . ($member['nw_user'] ? $member['nw_user'] : stripslashes($username)) . "\t" . $password . "\t" . $onlineip);
        GlobalCore::writelog('illegallog', $errorlog);
        GlobalCore::loginfailed($loginperm);
        GlobalCore::showmessage('login_invalid', NWDIR . '/login', 'HALTED');
    }
} else {
    GlobalCore::showmessage('undefined_action');
}