account-login.php at H-tracker

<?
//
//  H-Tracker v0.2
//    http://h-tracker.org
//    Based on TorrentTrader (http://www.torrenttrader.org)
//
//
require_once("backend/functions.php");
require_once("backend/phpbb2Bridge.php");
dbconn(); 

unset($returnto);
if (!empty($_GET["returnto"])) {
    $returnto = $_GET["returnto"];
    if (!$_GET["nowarn"]) {
        $message = "Sorry this page is only for members.";
    }
}  

if (mkglobal("username:password")) {
    $password = md5($password);

    $res = mysql_query("SELECT id, password, secret, status, enabled, email FROM users WHERE username = " . sqlesc($username) . "");
    $row = mysql_fetch_array($res);
    
    if ($row["status"] == "pending")
        $message = "Your account is currently pending, please check your email";

    if (!$row)
        $message = "Username Incorrect";
    elseif ($row["password"] != $password)
        $message = "Password Incorrect";
    elseif ($row["enabled"] == "no")
        $message = "This account has been disabled by an administrator."; 
    if (!$message){
        logincookie($row["id"], $row["password"], hash_pad($row["secret"], 20)); 
        if ( login_phpBB2user ( $username , $password , TRUE )== false )
        {
         insert_phpBB2user ( $username , $password , $row [ "email" ]);
         update_phpBB2userPassword ( $username ,$password ); // login failed: try to update the password in case it was changed
        login_phpBB2user ( $username , $password , TRUE );
         } 
        if(strpos(strtoupper(@gethostbyaddr(getip())), "PROXY.AOL"))
{
   show_error_msg("Warning!", "<h1>AOL Proxy Detected</h1><hr>Sorry but the AOL browser is banned from MYSITE. Please use another browser like Firefox/IE");
} 
        if (!empty($_POST["returnto"])) {
            header("Refresh: 0; url=" . $_POST["returnto"]);
            die();
        }
        else { 
            header("Refresh: 0; url=index.php");
            die();
        }
    }else{
        show_error_msg("Access Denied", $message,1);  
    }
}

logoutcookie();
logout_phpBB2user();

?>
<html>
<head>
<title>Login</title>
<link rel="stylesheet" type="text/css" href="<?= $site_config["SITEURL"]; ?>/themes/<?=$THEME?>/css/login.css">
</head>
<body>
<form method="post" action="account-login.php">
    <div align="center">
    <table border="0" cellpadding=6>
        <tr><td><B><?echo "" . USERNAME . "";?>:</B></td><td align=left><input id="username" type="text" size=35 name="username" /></td></tr>
        <tr><td><B><?echo "" . PASSWORD . "";?>:</B></td><td align=left><input id="pass" type="password" size=35 name="password" /></td></tr>
        <tr><td colspan="2" align="center"><input type="submit" value="<?echo "" . LOGIN . "";?>"><BR><BR><i><?echo "" . COOKIES . "";?></i></td></tr>
    </table>
    </div>
<?

if (isset($returnto))
    print("<input type=\"hidden\" name=\"returnto\" value=\"" . htmlspecialchars($returnto) . "\" />\n");

?>

</form>
<p align="center"><a href="account-signup.php"><?echo "" . REGISTERNEW . "";?></a> | <a href="account-recover.php"><?echo "" . RECOVER_ACCOUNT . "";?></a></p>
</body>
</html>