Mini Shell Moded By TiGER HeX

//var/www/50mmla/login-08-09-0.php

<?php
include_once('includes/static/configure.php');
include_once('includes/static/util.php');
include_once('includes/static/dbcon.php');
include_once('includes/static/sessions.php');
include_once('includes/appTop.php');

//this is called from the email to activate the count
if(isset($_REQUEST['id'])){
   $query = base64_decode($_REQUEST['id']);//passed in are username,user_id, and refurl
   parse_str($query);
   $sql = "UPDATE 50mm_users SET verified = 1 WHERE user_id = '$user_id' AND username = '$username'";
   if( !($result = $db->sql_query($sql)) ){
      $sql_error = $db->sql_error();
      die($sql_error['message']);
   }
   $html =  "You have successfully activated your account. Please login in below.";
}else{
	$sql = "SELECT page_body FROM 50mm_pages WHERE page_name ='login'";
	if( !($result = $db->sql_query($sql)) ){
	   $sql_error = $db->sql_error();
	   die($sql_error['message']);
	}
	$row = $db->sql_fetchrow($result);
	$html = stripslashes($row['page_body']);
}
//refurl is passed to this script via the email validation see "parse_str" above
if(!isset($refurl)){
	if(isset($_REQUEST['refurl'])){
	   $refurl = urldecode($_REQUEST['refurl']);
	   if(preg_match("/logout.php/i",$refurl)){
		   $refurl = "/";
	   }
	}else{
	   $refurl = "/";
	}
}

if(isset($_REQUEST['login'])){
	$username = $_REQUEST['usernameLogin'];
	$password = $_REQUEST['passwordLogin'];
	$sql = "SELECT user_id,username,banned FROM 50mm_users WHERE username ='$username' AND password = '$password' AND verified = 1";
	if( !($result = $db->sql_query($sql)) ){
	   $sql_error = $db->sql_error();
	   die($sql_error['message']);
	}
	if($db->sql_numrows($result) > 0){
	  $row = $db->sql_fetchrow($result);
	  if($row['banned']){
		  header("Location: banned.php");
		  exit();
	  }else{
		  //we've authenticated so set the session id
		  $_SESSION['user_id']=$row['user_id'];
		  $_SESSION['username'] = $row['username'];
		  $sess_id = session_id();
		  $expires = time() + SESS_LIFE;

$sql = "SELECT COUNT(*) AS total FROM 50mm_online WHERE session_id = '$sess_id'";
		  if( !($result = $db->sql_query($sql)) ){
			 $sql_error = $db->sql_error();
			 die($sql_error['message']);
		  }
		  $row = $db->sql_fetchrow($result);
		  if($row['total'] > 0){
			 $sql = "UPDATE 50mm_online SET expires = '$expires',user_id = '".$_SESSION['user_id']."',username = '".$_SESSION['username']."' WHERE session_id='$sess_id'";
		  }else{
		     $sql = "INSERT INTO 50mm_online (session_id,user_id,username,expires) VALUES ('$sess_id','".$_SESSION['user_id']."','".$_SESSION['username']."','$expires')";
		  }
		  if( !($result = $db->sql_query($sql)) ){
			   $sql_error = $db->sql_error();
			   die($sql_error['message']);
		  }
		  header("Location: $refurl");
		  exit();
	  }
	}else{
	  session_destroy();
	  $url = append_query($_SERVER['PHP_SELF'],"errorCode",1);
	  $url = append_query($url,"refurl",$refurl);
	  header("Location: $url");
	  exit();
	}
}

$pg_name = basename($_SERVER['PHP_SELF']);
include_once('includes/header.php');

$err = "";
if(isset($_REQUEST['errorCode'])){
   $errorCode = $_REQUEST['errorCode'];
   if($errorCode == 1){
      $err ="<div class=\"error\">The password or username you have rpovided DO NOT match<br>or you have not yet verified your account.<br>Please try again or check your email to verify your account. <br><br>ATTENTION!! If your username was longer than 20 characters under the old site then it is no longer valid. You will need to choose a new username using a new email address. <br>Sorry for the inconvenience.</div>";
   }
}
echo $html;
?>
<br>
<script>divs = new Array('usernameLogin','passwordLogin');</script>
<form id="login" action="<?echo $_SERVER['PHP_SELF']?>" method="post" enctype="multipart/form-data" onSubmit="return validateForm(this,divs,'loginError');">
  <table border="0" cellpadding="4" cellspacing="0">
    <tr>
    <td width="*">&nbsp;</td>
    <td colspan="2"><div id="loginError" class="error" style="visibility:hidden;">Please correct the fields marked by *</div></td>
  </tr>
    <tr>
    <td width="*">Username<span id="errusernameLogin" class="error" style="visibility:hidden;"> *</span></td>
    <td colspan="2"><input type="text" name="usernameLogin" value="" class="field"></td>
  </tr>
  <tr>
    <td>Password<span id="errpasswordLogin" class="error" style="visibility:hidden;"> *</span></td>
    <td colspan="2"><input type="password" name="passwordLogin" value="" class="field"></td>
  </tr>
  <tr>
    <td>&nbsp;</td>
	<td width="*">	  
	   <input name="login" type="submit" class="button" value="Login">
	</td>
	<td style="padding-right:20px;"><a href="register.php?refurl=<?echo $refurl?>">Register</a> | <a href="forgotPassword.php">Forgot your password?</a></td><br><br> 
  </tr></table>
<br>
<?echo $err?>
<input name="refurl" value="<?echo $refurl?>" type="hidden">
</form>
<?
include_once('includes/footer.php');
include_once('includes/appBottom.php');
?>