Changeset 67 for trunk/dictionary.php
- Timestamp:
- Feb 5, 2009, 11:12:54 PM (16 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/dictionary.php
r65 r67 1 1 <?php 2 2 3 session_start(); 4 5 // SQL injection hack protection 6 foreach($_POST as $Index => $Item) $_POST[$Index] = addslashes($_POST[$Index]); 7 foreach($_GET as $Index => $Item) $_GET[$Index] = addslashes($_GET[$Index]); 8 9 include('includes/config.php'); 10 include('includes/databaseconection.php'); 11 12 //připojení do databáze 13 $Database = new Database($Config['Database']['Host'], $Config['Database']['User'], $Config['Database']['Password']); 14 $Database->SQLCommand('SET NAMES '.$Config['Database']['Charset']); 15 $Database->SelectDatabase($Config['Database']['Database']); 16 17 function Licence($Licence) 18 { 19 global $Database; 20 21 if(isset($_SESSION['User']) and $_SESSION['User'] <> '') 22 { 23 $User = $_SESSION['User']; 24 $Line = mysql_fetch_assoc($Database->SQLCommand("SELECT sha1('".$_SESSION['Pass']."') as pass;")); 25 $Pass = $Line['pass']; 26 27 $Line = mysql_fetch_assoc($Database->SQLCommand("SELECT * FROM user WHERE LOWER(user) = LOWER('$User')")); 28 if(!$Line) 29 { 30 return false; 31 } else 32 { 33 if($Licence == 1) 34 { 35 if($Line['gm'] == 1) 36 { 37 return true; 38 } else return false; 39 } 40 if($Line['pass'] == $Pass) 41 { 42 43 // zapsání poslení použité IP 44 // $Addres = $_SERVER['REMOTE_ADDR']; 45 // $Database->SQLCommand("UPDATE user SET LastLogin = now(), LastIP = '$Addres' WHERE user = '$User'"); 46 47 return True; 48 } else { return False; 49 // die('Nemáte zde přístup, přihlate se: <a href="'.$Config['Web']['BaseURL'].'">zde</a>'); 50 } 51 } 52 } else { return False; 53 // die('Nemáte zde přístup, přihlate se: <a href="'.$Config['Web']['BaseURL'].'">zde</a>'); 54 } 55 } 3 include('includes/global.php'); 56 4 57 5 echo('<?xml version="1.0" encoding="'.$Config['Web']['Charset'].'"?>
Note:
See TracChangeset
for help on using the changeset viewer.