<?php
$page = 'login';
$file = 'login.php';
$idpg = 2;
include '../cfg.php';
include '../ini.php';
$user = addslashes(htmlspecialchars($_POST["user"], ENT_QUOTES));
$password = $_POST['pass'];
$get_pass = mysql_query("SELECT id, login, pass, status FROM users WHERE login = '".$user."' LIMIT 1");
$row = mysql_fetch_array($get_pass);
$id = $row['id'];
$login = $row['login'];
$user_password = $row['pass'];
$status = $row['status'];
if(as_md5($key, $password) != $user_password || !$login) {
$login = '';
include "../template.php";
exit();
} elseif($status == 4) {
print "<html>
<head>
<meta http-equiv=\"Content-Type\" content=\"text/html; charset=utf-8\">
<link href=\"/files/styles.css\" rel=\"stylesheet\">
<script language=\"javascript\">alert('".$lng['er_block_auth']."!'); top.location.href=\"/\";</script>
<title>Redirect</title>
</head>
<body bgcolor=\"#eeeeee\" topmargin=\"0\" leftmargin=\"0\">
<a href=\"/\">Back!</a>
</body>
</html>";
} else {
session_start();
session_register('login');
$_SESSION['login'] = $user;
$ip = getip();
$time = time();
mysql_query("UPDATE users SET ip = '".$ip."', go_time = ".$time." WHERE login = '".$login."' LIMIT 1");
mysql_query("INSERT INTO logip (user_id, ip, date) VALUES (".$id.", '".$ip."', ".$time.")");
print "<html>
<head>
<meta http-equiv=\"Content-Type\" content=\"text/html; charset=utf-8\">
<link href=\"/files/styles.css\" rel=\"stylesheet\">
<script language=\"javascript\">top.location.href=\"/userinfo/\";</script>
<title>Redirect</title>
</head>
<body bgcolor=\"#eeeeee\" topmargin=\"0\" leftmargin=\"0\">
<a href=\"/userinfo/\">Enter!</a>
</body>
</html>";
}
?>