|
Server IP : 10.128.40.6 / Your IP : 216.73.216.233 Web Server : Apache System : Linux webd006.cluster128.gra.hosting.ovh.net 5.15.206-ovh-vps-grsec-zfs-classid #1 SMP Fri May 15 02:41:25 UTC 2026 x86_64 User : logmcpe ( 111175) PHP Version : 7.3.33 Disable Function : _dyuweyrj4,_dyuweyrj4r,dl MySQL : OFF | cURL : ON | WGET : ON | Perl : ON | Python : ON Directory (0705) : /home/logmcpe/www/MCPRO/includes/ |
| [ Home ] | [ C0mmand ] | [ Upload File ] |
|---|
<?php
// session_start() ;
if ( empty ( $PHP_SELF ) && ! empty ( $_SERVER ) &&
! empty ( $_SERVER['PHP_SELF'] ) ) {
$PHP_SELF = $_SERVER['PHP_SELF'];
}
if ( ! empty ( $PHP_SELF ) && preg_match ( "/\/includes\//", $PHP_SELF ) ) {
die ( "You can't access this file directly!" );
}
// db settings are in config.php
// Establish a database connection.
// This may have happened in validate.php, depending on settings.
// If not, do it now.
// echo "---> $db_host <br/>";
// echo "---> $db_login <br/>";
// echo "---> $db_password <br/>";
// echo "---> $db_database <br/>";
if ( empty ( $conn ) ) {
$conn = dbi_connect ( $db_host, $db_login, $db_password, $db_database );
if ( ! $conn ) {
die_miserable_death (
"Error connecting to database:<blockquote>" .
dbi_error () . "</blockquote>\n" );
}
}
if(!isset($_SESSION['agence']))
$_SESSION['agence']='';
if(!isset($_SESSION['login']))
$_SESSION['login']='';
if(!isset($_SESSION['admin']))
$_SESSION['admin']='';
if(isset($_POST['login'], $_POST['password']))
{
echo "SELECT * FROM users WHERE name = '".addslashes($_POST['login'])."' AND passwd='".md5($_POST['password'])."'";
$user = dbi_fetch_row(dbi_query("SELECT * FROM users WHERE name = '".addslashes($_POST['login'])."' AND passwd='".md5($_POST['password'])."'")) ;
if($user)
{
$_SESSION['login'] = array($user['name'], $user['passwd']) ;
$_SESSION['agence'] = $user['agence_id'] ;
$_SESSION['bureau'] = $user['bureau_id'] ;
// if(isset($_POST['remember']))
// {
$cookie = '' ;
$md5name = md5($user['name']) ;
for($i = 0 ; $i < 32 ; $i++)
$cookie .= $md5name[$i].$user['passwd'][$i] ;
setcookie('login', $cookie, mktime(0, 0, 0, date('m')+6, date('d'), date('Y')), '/');//, 'www.gestion-mc.info') ;
// }
}
else
{
$_SESSION['login'] = '' ;
$_SESSION['agence'] = '' ;
$_SESSION['admin'] = '' ;
$_SESSION['bureau'] = '' ;
}
do_redirect('/');
}
elseif(!empty($_COOKIE['login']))
{
preg_match_all('/([0-9a-z])([0-9a-z])/i', $_COOKIE['login'] , $log) ;
$user = join('', $log[1]) ;
$pass = join('', $log[2]) ;
$q = dbi_query("SELECT * FROM users Where passwd = '$pass'") ;
while(($r = dbi_fetch_row($q)) && md5($r['name']) != $user) ;
if($r)
{
$_SESSION['login'] = array($r['name'], $r['passwd']) ;
$_SESSION['agence'] = $r['agence_id'] ;
$_SESSION['bureau'] = $r['bureau_id'] ;
}
}
$agence = $_SESSION['agence'] ;
$bureau = $_SESSION['bureau'] ;
// echo "---> test <br/>" ;
// echo " --> ".$_SESSION['login'][0]."<br/>";
// echo " --> ".$_SESSION['login'][1]."<br/>";
//dbi_query("INSERT INTO users (name, passwd, agence_id) Values ('admin', '".md5('admin')."', 1)") ;
function connecte ()
{
$user = dbi_fetch_row(dbi_query("SELECT * FROM users WHERE name = '".addslashes($_SESSION['login'][0])."' AND passwd='".$_SESSION['login'][1]."'")) ;
if(!$user)
{
$_SESSION['login'] = '' ;
$_SESSION['agence'] = '' ;
$_SESSION['bureau'] = '' ;
$_SESSION['admin'] = '' ;
}
else {
$_SESSION['admin'] = $user['admin'] ;
$_SESSION['user_id'] = $user['user_id'] ;
}
//echo 'login : '.!empty($_SESSION['login']).'<br>';
//echo 'agence : '.!empty($_SESSION['agence']).'<br>';
//echo (!empty($_SESSION['login']) && !empty($_SESSION['agence']));
return !empty($_SESSION['login']) && !empty($_SESSION['agence']) ;
}
if ( !connecte() && !strstr($PHP_SELF, 'login.php')) {
do_redirect ( "login.php" );
}
?>