View file public_html/login.php

World Fastest and Cheapest Hosting
Buy Cheapest Web Domains
File size: 3.29Kb 
<?
require_once('zsecurity.php');
session_start();

if (isset($_POST['username']))
{
	require('funciones.php');
	$username=uc($_POST['username']);
	$password=uc($_POST['password']);

	if ($password==NULL)
	{
		echo "<img src=\"images/error.png\" align=\"middle\">&nbsp;Введите пароль!";
	}else{
		require('config.php');
		$query = mysql_query("SELECT count(*) as kolvo FROM tb_users WHERE username = '$username' and password='$password'") or die(mysql_error());
		$query=mysql_fetch_array($query);
		mysql_close($con);
		if($query["kolvo"]<1)
		{
			echo "<img src=\"images/error.png\" align=\"middle\">&nbsp Введены неверные данные!!! Вход невозможен!";
			exit();
		}else{
			$lastlogdate=date("d.m.Y");
			$lastip = getRealIP();
			
			require('config.php');
	
			$res=mysql_query("select blockip from tb_users where username='$username'"); mysql_close($con);
			$blockip=mysql_result($res,0,0);
			$v=substr($lastip,0,strlen($blockip));
			if($v!=$blockip)
			{
				echo "<img src=\"images/error.png\" align=\"middle\">&nbsp;Ваш IP адрес не соответствует разрешенному для авторизации под данным логином! Вход невозможен!";
				
			}else{
				require('config.php');
				$res=mysql_query("select account, money from tb_users where username='$username'");
				$res=mysql_fetch_array($res);
				
				$money=$res["money"];
				
				if($res["account"]!="V.I.P.")
				{
					$res=mysql_query("select price from tb_config where item='referalclick'");
					$click=mysql_result($res,0,0);
				}else{
					$res=mysql_query("select price from tb_config where item='viprefclick'");
					$click=mysql_result($res,0,0);
				}
				
				$res=mysql_query("select * from tb_refbot where user='$username'");
				$plusmoney=0;
				while($row=mysql_fetch_array($res))
				{
					$tarif=$row["refbottarif"];
					$visits=$row["visits"];
					$ld=$row["data"];
					$id=$row["id"];

					$t=time();
					$kol=$t-$ld;
					$kol=floor($kol/24/3600);
					
					if($kol>=1)
					{
						$plusmoney=$plusmoney+$tarif*$click*$kol;
						$visits=$visits+$tarif*$kol;

						mysql_query("update tb_refbot set visits='$visits', data='$t' where id='$id'");
					}
				}

				$money=$money+$plusmoney;
				mysql_query("UPDATE tb_users SET money='$money', lastlogdate='$lastlogdate', lastiplog='$lastip' WHERE username='$username'");

				$_SESSION["username"]=$username;
				$_SESSION["password"]=$password;
				
				mysql_close($con);
				?>
				<script type="text/javascript">
				location.replace("members.php");
				</script>
				<noscript>
				<meta http-equiv="refresh" content="0; url=members.php">
				</noscript>
				<?
			}
		}
	}
}else{
?>
<form action='login.php' method='POST'>
<table width="100%" border="0" align="center">
  <tr>
    <td width="40%" align="right">Логин</td>
    <td width="60%" align="left"><input type='text' size='15' maxlength='25' name='username' autocomplete="off" value="" tabindex="1" /></td>
  </tr>
  <tr>
    <td width="40%" align="right">Пароль</td>
    <td width="60%" align="left"><input type='password' size='15' maxlength='25' name='password' autocomplete="off" value="" tabindex="2" /></td>
  </tr>
  <tr>
    <td colspan=2 align="center"><input type="submit" value="Войти" class="submit" tabindex="4" /></td>
  </tr>
</table>
</form>
<?
}
?>