Posted by
Steff on 01 maart 2009, 17:09
#4
Ja ik was ook aan het twijfelen, iemand had hier op het forum eerder gezegt dat het dubbel md5 is.
Blijkbaar is het wel, had er overgekeken
(uit maincore.php ln 214-234)
Code
if (isset($_POST['login']) && isset($_POST['user_name']) && isset($_POST['user_pass'])) {
$user_name = preg_replace(array("/\=/","/\#/","/\sOR\s/"), "", stripinput($_POST['user_name']));
$user_pass = md5($_POST['user_pass']);
$result = dbquery("SELECT * FROM ".DB_USERS." WHERE user_name='".$user_name."' AND user_password='".md5($user_pass)."' LIMIT 1");
if (dbrows($result)) {
$data = dbarray($result);
$cookie_value = $data['user_id'].".".$user_pass;
if ($data['user_status'] == 0) {
$cookie_exp = isset($_POST['remember_me']) ? time() + 3600 * 24 * 30 : time() + 3600 * 3;
header("P3P: CP='NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM'");
setcookie(COOKIE_PREFIX."user", $cookie_value, $cookie_exp, "/", "", "0");
redirect(BASEDIR."setuser.php?user=".$data['user_name'], true);
} elseif ($data['user_status'] == 1) {
redirect(BASEDIR."setuser.php?error=1", true);
} elseif ($data['user_status'] == 2) {
redirect(BASEDIR."setuser.php?error=2", true);
}
} else {
redirect(BASEDIR."setuser.php?error=3");
}
}