quote_smart($_POST['user']);
$user_pass = $sqlr->quote_smart($_POST['pass']);
if (255 < strlen($user_name) || 255 < strlen($user_pass))
redirect('login.php?error=1');
$result = $sqlr->query('SELECT id, gmlevel, username FROM account WHERE username = \''.$user_name.'\' AND sha_pass_hash = \''.$user_pass.'\'');
unset($user_name);
if (1 == $sqlr->num_rows($result))
{
$id = $sqlr->result($result, 0, 'id');
if ($sqlr->result($sqlr->query('SELECT count(*) FROM account_banned WHERE id = '.$id.' AND active = \'1\''), 0))
{
redirect('login.php?error=3');
}
else
{
$_SESSION['user_id'] = $id;
$_SESSION['uname'] = $sqlr->result($result, 0, 'username');
$_SESSION['user_lvl'] = $sqlr->result($result, 0, 'gmlevel');
$_SESSION['realm_id'] = $sqlr->quote_smart($_POST['realm']);
$_SESSION['client_ip'] = (isset($_SERVER['REMOTE_ADDR']) ) ? $_SERVER['REMOTE_ADDR'] : getenv('REMOTE_ADDR');
$_SESSION['logged_in'] = true;
if (isset($_POST['remember']) && $_POST['remember'] != '')
{
setcookie( 'uname', $_SESSION['uname'], time()+60*60*24*7);
setcookie('realm_id', $_SESSION['realm_id'], time()+60*60*24*7);
setcookie( 'p_hash', $user_pass, time()+60*60*24*7);
}
redirect('index.php');
}
}
else
{
redirect('login.php?error=1');
}
}
//#################################################################################################
// Print login form
//#################################################################################################
function login(&$sqlr)
{
global $output, $lang_login,
$characters_db, $server, $remember_me_checked;
$output .= '
';
}
//#################################################################################################
// Login via set cookie
//#################################################################################################
function do_cookie_login(&$sqlr)
{
if (empty($_COOKIE['uname']) || empty($_COOKIE['p_hash']) || empty($_COOKIE['realm_id']))
redirect('login.php?error=2');
$user_name = $sqlr->quote_smart($_COOKIE['uname']);
$user_pass = $sqlr->quote_smart($_COOKIE['p_hash']);
$result = $sqlr->query('SELECT username, gmlevel, id FROM account WHERE username = \''.$user_name.'\' AND sha_pass_hash = \''.$user_pass.'\'');
unset($user_name);
unset($user_pass);
if ($sqlr->num_rows($result))
{
$id = $sqlr->result($result, 0, 'id');
if ($sqlr->result($sqlr->query('SELECT count(*) FROM account_banned WHERE id ='.$id.' AND active = \'1\''), 0))
{
redirect('login.php?error=3');
}
else
{
$_SESSION['user_id'] = $id;
$_SESSION['uname'] = $sqlr->result($result, 0, 'username');
$_SESSION['user_lvl'] = $sqlr->result($result, 0, 'gmlevel');
$_SESSION['realm_id'] = $sqlr->quote_smart($_COOKIE['realm_id']);
$_SESSION['client_ip'] = (isset($_SERVER['REMOTE_ADDR']) ) ? $_SERVER['REMOTE_ADDR'] : getenv('REMOTE_ADDR');
$_SESSION['logged_in'] = true;
redirect('index.php');
}
}
else
{
setcookie ( 'uname', '', time() - 3600);
setcookie ('realm_id', '', time() - 3600);
setcookie ( 'p_hash', '', time() - 3600);
redirect('login.php?error=1');
}
}
//#################################################################################################
// MAIN
//#################################################################################################
if (isset($_COOKIE["uname"]) && isset($_COOKIE["p_hash"]) && isset($_COOKIE["realm_id"]) && empty($_GET['error']))
do_cookie_login($sqlr);
$err = (isset($_GET['error'])) ? $_GET['error'] : NULL;
$lang_login = lang_login();
$output .= '
';
if (1 == $err)
$output .= '
'.$lang_login['bad_pass_user'].'
';
elseif (2 == $err)
$output .= '
'.$lang_login['missing_pass_user'].'
';
elseif (3 == $err)
$output .= '
'.$lang_login['banned_acc'].'
';
elseif (5 == $err)
$output .= '
'.$lang_login['no_permision'].'
';
elseif (6 == $err)
$output .= '
'.$lang_login['after_registration'].'
';
else
$output .= '
'.$lang_login['enter_valid_logon'].'
';
unset($err);
$output .= '
';
$action = (isset($_GET['action'])) ? $_GET['action'] : NULL;
if ('dologin' === $action)
dologin($sqlr);
else
login($sqlr);
unset($action);
unset($action_permission);
unset($lang_login);
require_once 'footer.php';
?>