function check_login($username, $md5_password, $post = true, $check_log = false)
{
global $member_id, $db, $user_group, $lang, $_IP, $_TIME, $config;
if ($username == "" or $md5_password == "") {
return false;
}
$result = false;
if ($post) {
$username = $db->safesql($username);
$md5_password = md5($md5_password);
if ($config['auth_metod']) {
if (preg_match("/[\\||\\'|\\<|\\>|\"|\\!|\\?|\$|\\/|\\\\|\\&\\~\\*\\+]/", $username)) {
return false;
}
$where_name = "email='{$username}'";
} else {
if (preg_match("/[\\||\\'|\\<|\\>|\"|\\!|\\?|\$|\\@|\\/|\\\\|\\&\\~\\*\\+]/", $username)) {
return false;
}
$where_name = "name='{$username}'";
}
$member_id = $db->super_query("SELECT * FROM " . USERPREFIX . "_users WHERE {$where_name} AND password='******'");
if ($member_id['user_id'] and $user_group[$member_id['user_group']]['allow_admin'] and $member_id['banned'] != 'yes') {
$result = TRUE;
} else {
$member_id = array();
}
} else {
$username = intval($username);
$md5_password = md5($md5_password);
$member_id = $db->super_query("SELECT * FROM " . USERPREFIX . "_users WHERE user_id='{$username}'");
if ($member_id['user_id'] and $member_id['password'] and $member_id['password'] == $md5_password and $user_group[$member_id['user_group']]['allow_admin'] and $member_id['banned'] != 'yes') {
$result = TRUE;
} else {
$member_id = array();
}
}
if ($result) {
if (!allowed_ip($member_id['allowed_ip'])) {
$member_id = array();
$result = false;
set_cookie("dle_user_id", "", 0);
set_cookie("dle_name", "", 0);
set_cookie("dle_password", "", 0);
set_cookie("dle_hash", "", 0);
@session_destroy();
@session_unset();
set_cookie(session_name(), "", 0);
msg("info", $lang['index_msge'], $lang['ip_block']);
}
}
if (!$result) {
if ($config['login_log']) {
$db->query("INSERT INTO " . PREFIX . "_login_log (ip, count, date) VALUES('{$_IP}', '0', '" . time() . "') ON DUPLICATE KEY UPDATE count=count+1, date='" . time() . "'");
}
} else {
if ($check_log and !$_SESSION['check_log']) {
if ($post) {
$a_id = 82;
$extr = "";
} else {
$a_id = 86;
if ($_SERVER['HTTP_REFERER']) {
$extr = $db->safesql(htmlspecialchars($_SERVER['HTTP_REFERER'], ENT_QUOTES));
} else {
$extr = "Direct DLE Adminpanel";
}
}
$db->query("INSERT INTO " . USERPREFIX . "_admin_logs (name, date, ip, action, extras) values ('" . $db->safesql($member_id['name']) . "', '{$_TIME}', '{$_IP}', '{$a_id}', '{$extr}')");
$_SESSION['check_log'] = 1;
}
}
return $result;
}
msgbox($lang['login_err'], $lang['login_err_1']);
}
}
if (!$allow_login) {
msgbox($lang['login_err'], $lang['login_err_2']);
}
if ($is_logged) {
if ($config['online_status']) {
$stime = 1200;
} else {
$stime = 14400;
}
if ($member_id['lastdate'] + $stime < $_TIME) {
$db->query("UPDATE LOW_PRIORITY " . USERPREFIX . "_users SET lastdate='{$_TIME}' WHERE user_id='{$member_id['user_id']}'");
}
if (!allowed_ip($member_id['allowed_ip'])) {
$is_logged = 0;
msgbox($lang['login_err'], $lang['ip_block_login']);
}
if ($config['ip_control'] == '2' and !check_netz($member_id['logged_ip'], $_IP) and !isset($_POST['login'])) {
$is_logged = 0;
} elseif ($config['ip_control'] == '1' and $user_group[$member_id['user_group']]['allow_admin'] and !check_netz($member_id['logged_ip'], $_IP) and !isset($_POST['login'])) {
$is_logged = 0;
}
}
if (!$is_logged) {
$member_id = array();
set_cookie("dle_user_id", "", 0);
set_cookie("dle_password", "", 0);
set_cookie("dle_hash", "", 0);
$_SESSION['dle_user_id'] = 0;
