File: /home/httpd/html/baretube.com.new/controllers/control.login.php
<?php
if ($_POST['ahd_username'] && $_POST['ahd_password']) {
$_POST = mysql_real_escape_array($_POST);
$pass = $_POST['ahd_password'];
$result = dbRow("SELECT * FROM users WHERE username = '{$_POST['ahd_username']}' AND password = MD5(CONCAT('$pass',salt))");
if (is_array($result)) {
if ($result['validate'] == '') {
$login = true;
if (function_exists('paysiteLoginCheck')) {
$checkLogin = paysiteLoginCheck($result['record_num']);
if (!$checkLogin) {
setMessage(_t('Your account has been temporarily disabled. Please contact the site administrator.'),"error");
$login = false;
}
}
if ($login === true) {
createUserSession($result);
$time = time();
dbQuery("UPDATE users SET lastlogin = '$time' WHERE record_num = '{$result['record_num']}'");
dbQuery("INSERT INTO user_logins SET `time` = NOW(), user = '{$_POST['ahd_username']}', ip = '{$_SERVER['REMOTE_ADDR']}', status = 'Front End Login Successful'");
if ($_REQUEST['ref']) {
header("Location: " . urldecode($_REQUEST['ref']));exit();
}
header("Location: $basehttp/my-profile");exit();
}
} else {
dbQuery("INSERT INTO user_logins SET `time` = NOW(), user = '{$_POST['ahd_username']}', ip = '{$_SERVER['REMOTE_ADDR']}', status = 'Front End Login Failure - Unverified Email'");
setMessage(_t('Sorry, you must verify your email before logging in.') . ' <a data-mb="modal" title="' . _t("Resend verification email") . '" data-opt-close="' . _t("Close") . '" href="' . $basehttp . '/action.php?action=resendVerification&id=' . $result['username'] . '">' . _t('Click here to resend verification email') . '</a>.',"error");
}
} else {
dbQuery("INSERT INTO user_logins SET `time` = NOW(), user = '{$_POST['ahd_username']}', ip = '$_SERVER[REMOTE_ADDR]', status = 'Front End Login Failure - Incorrect Password'");
setMessage(_t('The login information you have provided was incorrect. Please try again.'),"error");
}
} else if ($_POST) {
setMessage(_t('Incorrect username and password'),"error");
}
?>