- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- 31
- 32
- 33
- 34
- 35
- 36
- 37
- 38
- 39
- 40
- 41
- 42
- 43
- 44
- 45
- 46
- 47
- 48
- 49
- 50
- 51
- 52
- 53
- 54
- 55
- 56
- 57
- 58
- 59
- 60
- 61
- 62
- 63
- 64
- 65
- 66
- 67
- 68
- 69
- 70
- 71
- 72
- 73
- 74
- 75
- 76
- 77
- 78
- 79
- 80
- 81
- 82
- 83
- 84
- 85
- 86
- 87
- 88
- 89
- 90
- 91
- 92
- 93
- 94
- 95
- 96
- 97
- 98
- 99
- 100
$name=$_POST['name'];
$name = substr($name,0,15);
$pass=$_POST['pass'];
$pass = substr($pass,0,32);
$pass1 = $pass;
$ok=$_POST['ok'];
$ok = substr($ok,0,1);
$name2=$name;
$name = strtolower($name);
$name0=$name;
$name = str_replace('..',"",$name);
$name = str_replace('.',"",$name);
$name = str_replace('/',"",$name);
$name = str_replace('>',"",$name);
$name = str_replace('<',"",$name);
$name = str_replace("'","",$name);
$name = str_replace('`',"",$name);
$name = str_replace('"',"",$name);
$name = str_replace('from',"",$name);
$name = str_replace('select',"",$name);
$name = str_replace('script',"",$name);
$name = str_replace('table',"",$name);
$name = str_replace('union',"",$name);
$name = str_replace('code',"",$name);
$name = str_replace('hex',"",$name);
$name = str_replace('%',"",$name);
if ($name != $name0)
{
echo "<script>alert('Введён запрещённый символ')</script><meta http-equiv='REFRESH' CONTENT='0;URL=shop.php'>";
exit;
}
$name=$name2;
$pass2=$pass;
$pass= strtolower($pass);
$pass0=$pass;
$pass = str_replace("'","",$pass);
$pass = str_replace('"',"",$pass);
$pass = str_replace('`',"",$pass);
$pass = str_replace('/',"",$pass);
$pass = str_replace('from',"",$pass);
$pass = str_replace('select',"",$pass);
$pass = str_replace('script',"",$pass);
$pass = str_replace('table',"",$pass);
$pass = str_replace('union',"",$pass);
$pass = str_replace('code',"",$pass);
$pass = str_replace('hex',"",$pass);
if ($pass != $pass0)
{
echo "<script>alert('Введён запрещённый символ')</script><meta http-equiv='REFRESH' CONTENT='0;URL=shop.php'>";
exit;
}
$pass=$pass2;
if ($ok != "")
{
if ((strlen($name)<3) || (strlen($pass)<3))
{
echo "<script>alert('Маленькая длина логина или пароля')</script><meta http-equiv='REFRESH' CONTENT='0;URL=vhod.php?l=1'>";
exit;
}
$n=0;
$vsql = mysql_query(" select `username` from `$table` ") or die(mysql_error());
while (($vsql1 = mysql_fetch_array($vsql)) !== false)
{
if ($vsql1["username"] == $name )
{
$n=$vsql1["username"];
}
}
if ($n == $name)
{
if ($n != $name)
{
echo "<script>alert('Не верно введён логин или пароль')</script><meta http-equiv='REFRESH' CONTENT='0;URL=vhod.php?l=1'>";
exit;
}
if ($n == "0")
{
echo "<script>alert('Нет такого логина')</script><meta http-equiv='REFRESH' CONTENT='0;URL=vhod.php?l=1'>";
exit;
}
$sql = mysql_query("select * from `$table` where username='$name' ") or die(mysql_error());
$sql1 = mysql_fetch_array($sql);
$pass=$sql1['password'];
$salt=$sql1['salt'];
$email=$sql1['email'];
$c_login=md5($pass.$salt.$ip.$pass.$salt);
$pass1 = md5(md5($pass1).$salt);
// echo "<script>alert('".$pass1." ==>".$pass."')</script><meta http-equiv='REFRESH' CONTENT='0;URL=vhod.php?l=1'>";
if ($pass1 == $pass)
{
echo "<meta http-equiv='REFRESH' CONTENT='0;URL=cookies.php?p=".$c_login."&n=".$name."&o=1'>";
exit;
}
else
{
echo "<script>alert('Не верно введён логин или пароль. Повторите попытку.')</script><meta http-equiv='REFRESH' CONTENT='0;URL=vhod.php?l=1'>";
exit;
}
Вот так вот... Просто человек не знает про mysql_escape_string()
Говнокод by nod
ыыыыы