Old stuff/old_sites/www/auth.php
(Deskargatu)
<?php
if ($_GET['nick'] == "anonymous")
{
setcookie("nick","",(time()-1),"/");
setcookie("PHPSESSID","",(time()-1),"/");
unset($nick);
unset($axx);
}
else
{
$nick = $_POST['login'] or $nick = $_COOKIE['nick'];
$password = $_POST['password'] or $password="";
if (!empty($nick) and !empty($password))
{
$query = "SELECT * FROM mp_membres WHERE pseudo='$nick'";
$result=mysql_query($query) or die("FATAL: ".mysql_error());
if ($row = mysql_fetch_assoc($result)) { $pass=$row['password']; $axx =$row['axx']; }
if (strcmp($pass,md5($password))==0)
{
for ($j=0;$j<500;$j++)
{
$pid = 0;
for($i=0;$i<25;$i++) { $pid=$pid.rand(0,9); }
setcookie("PHPSESSID",$pid,(time()+60*60*24*365),"/");
setcookie("nick",$nick,(time()+60*60*24*365),"/");
$query = "UPDATE mp_membres SET phpsessid='".$pid."' WHERE pseudo='$nick' ";
# print $query;
mysql_query($query) or next;
break;
}
}
else {
$identified="Authentification failed";
unset($axx);
unset($email);
unset($nick);
print $identified;
}
}
elseif ($nick and $_COOKIE['PHPSESSID'])
{
$query = "SELECT * FROM mp_membres WHERE pseudo='".$_COOKIE['nick']."'";
# print $query;
$result=mysql_query($query) or die("FATAL: ".mysql_error());
if ($row = mysql_fetch_assoc($result)) { $phpid=$row['phpsessid']; $axx =$row['axx']; }
# print "ID $phpid";
if (strcmp($phpid,$_COOKIE['PHPSESSID'])!=0)
{
unset($axx); unset($nick);
}
}
else { unset($axx); unset($nick); }
if (empty($nick)) { $nick = "Anonymous"; }
}
?>
Tfe