Old stuff/old_sites/ids/auth.php
(Deskargatu)
<?
if ($url[0] == "deco") {
setcookie("nick","", time());
setcookie("phpsessid","", time());
unset($axx);
}
else
{
if (! empty($_POST['username']))
{
$nick = $_POST['username'];
$password = $_POST['password'];
$contenu = $con->assocQuery("SELECT mbr_motdepasse FROM membres WHERE mbr_pseudo='$nick'") or print $con->error;
if(! $contenu) { $error = "Pseudo inconnu"; }
else
{
$pass =$contenu[0][mbr_motdepasse];
if (strcmp($pass,md5($password))==0)
{
$phpsessid = "";
for($i=0;$i<9;$i++)
{
$phpsessid .= chr(rand(48,57));
$phpsessid .= chr(rand(67,90));
$phpsessid .= chr(rand(97,122));
}
$con->execute("UPDATE membres SET mbr_phpsessid='$phpsessid' WHERE mbr_pseudo='$nick'");
setcookie("nick",$nick, time()+3600*24*365);
setcookie("phpsessid",$phpsessid, time()+3600*24*365);
$axx = "1";
}
}
}
else
{
if ($_COOKIE["nick"])
{
$nick = $_COOKIE["nick"];
$phpsessid = $_COOKIE["phpsessid"];
$contenu = $con->assocQuery("SELECT mbr_phpsessid FROM membres WHERE mbr_pseudo='$nick'") or print $con->error;
$sess =$contenu[0][mbr_phpsessid];
if (strcmp($sess,$phpsessid)==0)
{
$axx = "1";
}
else
{
unset($nick); unset($phpsessid);
}
}
}
}
?>
Tfe