I removed the code from login.php and takelogin.php.
You can use my login and takelogin if you like.
login.php
PHP Code:
<?php
require_once "include/bittorrent.php" ;
//require_once "include/user_functions.php";
//ini_set('session.use_trans_sid', '0');
maxcoder();
// Begin the session
session_start();
(time() - $_SESSION['captcha_time'] < 10) ? exit('NO SPAM!') : NULL;
stdhead("Login");
unset($returnto);
if (!empty($_GET["returnto"])) {
$returnto = $_GET["returnto"];
if (!isset($_GET["nowarn"])) {
print("<center><h1><font color=white>Not logged in!</font></h1></center>\n");
print("<center><p><b><font color=white>Error:</b> The page you tried to view can only be used when you're logged in.</font></p><center>\n");
}
}
?>
<form method="post" action="takelogin.php">
<table align="center" border="0" cellpadding=5>
<tr><center><font color="white">
<p><b>Note:</b> You need cookies enabled to log in.<b>[<?=$maxloginattempts;?>]</b>
failed logins in a row will result in banning your ip</p>
<p>You have <b><?=remaining ();?></b> login attempt(s).</p></center>
<td class="rowhead">Username:</td>
<td align="left"><input type="text" size=40 name="username" /></td>
</tr>
<tr>
<td class="rowhead">Password:</td>
<td align="left"><input type="password" size=40 name="password" /></td>
</tr>
<!--<tr><td class=rowhead>Duration:</td><td align=left><input type=checkbox name=logout value='yes' checked>Log me out after 15 minutes inactivity</td></tr>-->
<tr>
<td> </td>
</tr>
<tr>
<td colspan="2" align="center">
<input type="submit" value="Log in!" class=btn>
</td>
</tr>
</table>
</td>
</tr>
</table>
<?
if (isset($returnto))
print("<input type=\"hidden\" name=\"returnto\" value=\"" . htmlentities($returnto) . "\" />\n");
?>
</form>
<center><p>Please Note : Do not use IE to sign up or use this site</p>
<p>Forget password? <a href="resetpw.php">Click <font color="green">here</a></font><font color="red"> to retrieve your password!</font></p>
<p>New Member? <a href="signup.php">Sign-Up</a></p>
<a href="http://www.mozilla.com" />
<img alt="Get Firefox" border="0" src="/pic/firefox.png"></a>
<a href="http://www.utorrent.com" />
<img alt="Get Utorrent" border="0" src="/pic/utorrent.png"></a>
<a href="http://tbdev.net" />
<img alt="Powered By TBDEV" border="0" src="/pic/tbdev.png"></a> </center>
</font>
<?
?>
takelogin.php
PHP Code:
<?php
//print_r($_POST);exit();
require_once("include/bittorrent.php");
require_once "include/user_functions.php";
$sha=sha1($_SERVER['REMOTE_ADDR']);
if(is_file(''.$dictbreaker.'/'.$sha) && filemtime(''.$dictbreaker.'/'.$sha)>(time()-8)){
@fclose(@fopen(''.$dictbreaker.'/'.$sha,'w'));
die('Minimum 8 seconds between login attempts :)');
}
if (!mkglobal("username:password"))
die();
session_start();
dbconn();
maxcoder();
function bark($text)
{
print("<title>Error!</title>");
print("<table width='100%' height='100%' style='border: 8px ridge #000000'><tr><td align='center'>");
print("<center><h1 style='color: #CC3300;'>Error:</h1><h2>" . htmlspecialchars($text) . "</h2></center>");
print("<center><INPUT TYPE='button' VALUE='Back' onClick=\"history.go(-1)\"></center>");
print("</td></tr></table>");
die;
}
failedloginscheck ();
$res = sql_query("SELECT id, passhash, secret, enabled FROM users WHERE username = " . sqlesc($username) . " AND status = 'confirmed'");
$row = mysql_fetch_assoc($res);
if (!$row) {
$ip = sqlesc(getip());
$added = sqlesc(get_date_time());
$a = (@mysql_fetch_row(@mysql_query("select count(*) from loginattempts where ip=$ip"))) or sqlerr(__FILE__, __LINE__);
if ($a[0] == 0)
sql_query("INSERT INTO loginattempts (ip, added, attempts) VALUES ($ip, $added, 1)") or sqlerr(__FILE__, __LINE__);
else
sql_query("UPDATE loginattempts SET attempts = attempts + 1 where ip=$ip") or sqlerr(__FILE__, __LINE__);
@fclose(@fopen(''.$dictbreaker.'/'.sha1($_SERVER['REMOTE_ADDR']),'w'));
bark();
}
if ($row["passhash"] != md5($row["secret"] . $password . $row["secret"])) {
$ip = sqlesc(getip());
$added = sqlesc(get_date_time());
$a = (@mysql_fetch_row(@sql_query("select count(*) from loginattempts where ip=$ip"))) or sqlerr(__FILE__, __LINE__);
if ($a[0] == 0)
sql_query("INSERT INTO loginattempts (ip, added, attempts) VALUES ($ip, $added, 1)") or sqlerr(__FILE__, __LINE__);
else
sql_query("UPDATE loginattempts SET attempts = attempts + 1 where ip=$ip") or sqlerr(__FILE__, __LINE__);
@fclose(@fopen(''.$dictbreaker.'/'.sha1($_SERVER['REMOTE_ADDR']),'w'));
$to = ($row["id"]);
$msg = "[color=red]SECURITY[/color]\n Account: ID=".$row['id']." Somebody (probably you, ".$username."!) tried to login but failed!". "\nTheir [b]IP ADDRESS [/b] was : ". $ip . " (". @gethostbyaddr($ip) . ")". "\n If this wasn't you please report this event to a staff \n - Thank you.\n";
$sql = "INSERT INTO messages (sender, receiver, msg, added) VALUES('$from', '$to', ". sqlesc($msg).", $added);";
$res = sql_query($sql) or sqlerr(__FILE__, __LINE__);
bark();
}
if ($row["passhash"] != md5($row["secret"] . $password . $row["secret"]))
bark();
if ($row["enabled"] == "no")
bark("This account has been disabled.");
$passh = md5($row["passhash"].$_SERVER["REMOTE_ADDR"]);
logincookie($row["id"], $passh);
$ip = sqlesc(getip());
sql_query("DELETE FROM loginattempts WHERE ip = $ip");
if (!empty($_POST["returnto"]))
header("Location: $_POST[returnto]");
else
header("Location: index.php");
stdfoot();
?>