Mini Shell Moded By TiGER HeX
Home
||
Turbo Force
||
B-F Config_Cpanel
Current Path :
/
var
/
www
/
50mmla
/
admin
/
Linux midnightridazz 4.19.0-11-cloud-amd64 #1 SMP Debian 4.19.146-1 (2020-09-17) x86_64
Upload File :
New :
File
Dir
//var/www/50mmla/admin/index.php
<?php include_once('../includes/static/configure.php'); include_once('../includes/static/util.php'); include_once('../includes/static/dbcon.php'); include_once('../includes/static/gdimg.php'); include_once('../includes/static/sessions.php'); header("Expires: Mon, 26 Jul 1997 05:00:00 GMT"); // Date in the past header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT"); // always modified header("Cache-Control: no-store, no-cache, must-revalidate"); // HTTP/1.1 header("Cache-Control: post-check=0, pre-check=0", false); header("Pragma: no-cache"); // HTTP/1.0 $db = new sql_db(); if(!$db->db_connect_id){die("Unable to connect to sql server");} session_start(); $err=""; if(isset($_REQUEST['login'])){ $uname = $_REQUEST['usernameLogin']; $password = $_REQUEST['passwordLogin']; $sql = "SELECT user_id,username,banned,user_type FROM 50mm_users WHERE username ='$uname' AND password = '$password' AND verified = 1"; if( !($result = $db->sql_query($sql)) ){ $sql_error = $db->sql_error(); die($sql_error['message']); } if($db->sql_numrows($result) > 0){ $row = $db->sql_fetchrow($result); if($row['banned']){ header("Location: /banned.php"); exit(); }else{ //there's a record of us //clear old sessions $_SESSION = array(); if($row['user_type']=='EDITOR'){ $_SESSION['editor_id']=$row['user_id']; $uid = $row['user_id']; }elseif($row['user_type']=='ADMIN'){ $_SESSION['admin_id']=$row['user_id']; $uid = $row['user_id']; }else{ die("Hack Attempt"); } $_SESSION['username'] = $row['username']; $sess_id = session_id(); $expires = time() + SESS_LIFE; //print_r($_SESSION); $sql = "SELECT COUNT(*) AS total FROM 50mm_online WHERE session_id = '$sess_id'"; if( !($result = $db->sql_query($sql)) ){ $sql_error = $db->sql_error(); die($sql_error['message']); } $row = $db->sql_fetchrow($result); if($row['total'] > 0){ $sql = "UPDATE 50mm_online SET expires = '$expires',user_id = '".$uid."',username = '".$_SESSION['username']."' WHERE session_id='$sess_id'"; }else{ $sql = "INSERT INTO 50mm_online (session_id,user_id,username,expires) VALUES ('$sess_id','".$uid."','".$_SESSION['username']."','$expires')"; } if( !($result = $db->sql_query($sql)) ){ $sql_error = $db->sql_error(); die($sql_error['message']); } header("Location: admin.php"); exit(); } }else{ session_destroy(); $err ="<div class=\"error\">The login information you have provided does not match our records.<br>Or you have not yet verified your account.<br>Please try again or check your email to verify your account.</div>"; } } include_once('includes/header.php'); ?> <br> <script>divs = new Array('usernameLogin','passwordLogin');</script> <form id="login" action="<?echo $_SERVER['PHP_SELF']?>" method="post" enctype="multipart/form-data" onSubmit="return validateForm(this,divs,'loginError');"> <table border="0" cellpadding="4" cellspacing="0"> <tr> <td width="*"> </td> <td colspan="2"><div id="loginError" class="error" style="visibility:hidden;">Please correct the fields marked by *</div></td> </tr> <tr> <td width="*">Username<span id="errusernameLogin" class="error" style="visibility:hidden;"> *</span></td> <td colspan="2"><input type="text" name="usernameLogin" value="" class="field"></td> </tr> <tr> <td>Password<span id="errpasswordLogin" class="error" style="visibility:hidden;"> *</span></td> <td colspan="2"><input type="password" name="passwordLogin" value="" class="field"></td> </tr> <tr> <td> </td> <td width="*"> <input name="login" type="submit" class="button" value="Login"> <br><br><a href="../forgotPassword.php">Forgot your password?</a></td><br><br></td> </tr> </table> <br> <?echo $err?> </form> <? include_once('includes/footer.php'); include_once('includes/appBottom.php'); ?> <!--