mhmcr /mcsrv/auth.php

Language PHP Lines 60
MD5 Hash fc4c68aaf43a2970c36b84e31e23f26d Estimated Cost $1,359 (why?)
Repository https://bitbucket.org/mhell/mhmcr.git View Raw File View Project SPDX
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
<?php
	require_once('../system.php');
	$str = '';
	if (!empty($_POST['user']) and !empty($_POST['password']) and !empty($_POST['version'])) {
		require_once('../inń/pass.inc.php');
		$login    = $_POST['user'];
		$password = $_POST['password'];
		$ver      = $_POST['version'];
		if (!preg_match("/^[a-zA-Z0-9_-]+$/", $login)) {
			$str = "Login process [Bad symbols Login] ";
			echo "Bad login";
		} elseif (!preg_match("/^[a-zA-Z0-9_-]+$/", $password)) {
			$str = "Login process [Bad symbols Password] ";
			echo "Bad login";
		} elseif (!preg_match("/^[0-9]+$/", $ver)) {
			$str = "Login process [Bad symbols Version] ";
			echo "Bad login";
		} elseif (getGameInfo('launcher') == $ver) {
			$result = mysql_query("SELECT * FROM " . $db['tables']['users'] . " WHERE " . $db['users']['username'] . "='$login';");
			$line   = mysql_fetch_array($result);
			if (!$line) {
				vtxtlog("Login process [Unknown user] User [$login] Password [$password]");
				echo "Bad login";
				exit;
			}
			$user_lvl = $line[$bd_aLvl];
			if ($user_lvl <= 0) {
				$str = "Login process [Banned user] User [$login] Password [$password]";
				echo "Bad login";
			} else {
				$realPass   = $line[$bd_aPassword];
				$orig_login = $line[$bd_aUsername];
				if (checkPass($realPass, $password)) {
					$sessid    = generateSessionId();
					$gamebuild = getGameInfo('build');
					mysql_query("UPDATE " . $db['tables']['users'] . " SET " . $db['users']['session'] . "='$sessid' WHERE " . $db['users']['username'] . "='$login'");
					$dlticket = md5($orig_login);
					echo $gamebuild . ':' . $dlticket . ':' . $orig_login . ':' . $sessid . ':';
					$str = "Login process [Success] User [$login] Session [$sessid]";
				} else {
					$str = "Login process [Bad login] User [$login] Password [$password]";
					echo "Bad login";
				}
			}
		} else {
			$str = "Login process [Old version]";
			echo 'Old version';
		}
	} else {
		$str = "Login process [POST parameter empty] ";
		if (empty($_POST['user']))
			$str .= "LOGIN parameter is empty | ";
		if (empty($_POST['password']))
			$str .= "PASSWORD parameter is empty";
		if (empty($_POST['version']))
			$str .= "VER parameter is empty";
		echo "Bad login";
	}
	vtxtlog($str);
?>
Back to Top