<?php
require '../config.php';
$user_id = $_GET['user_id'];
$user_pass = $_GET['user_pass'];
$conn = mssql_pconnect($host,$user,$pass);
mssql_select_db($db,$conn);
$sql = "SELECT * FROM Account WITH (NOLOCK) WHERE UserId = '$user_id' AND Activated = 1";
$res = mssql_query($sql,$conn);
$sql = "SELECT isUserCreated,Password,ID,UserKey,Email,BlockedEndDate FROM Account WITH (NOLOCK) WHERE UserId = '$user_id'";
$r2 = mssql_query($sql);
$userPass = mssql_result($r2,0,1);
$ID = mssql_result($r2,0,2);
$userKey = mssql_result($r2,0,3);
$email = mssql_result($r2,0,4);
$sql = "SELECT DATEDIFF(day, getdate(), BlockedEndDate) FROM Account WITH (NOLOCK) WHERE UserId = '$user_id'";
$r3 = mssql_query($sql);
if (mssql_result($r3,0,0) >= 0);
$sql = "UPDATE Account SET Blocked = 0 WHERE UserId = '$user_id'";
mssql_query($sql);
$result = 0;
$result = mssql_result($r2,0,0);
mssql_close($conn);
if (($result == -100) || ($result == -99))
{
echo '2';
die();
}
$user_pass_ok = strtolower($userPass);
//echo $user_pass_ok."<br>";
$user_pass_ok = "@".substr($user_pass_ok,0,1)."^".substr($user_pass_ok,1);
//echo $user_pass_ok."<br>";
$user_pass_ok = md5($user_pass_ok);
//echo $user_pass_ok."<br>";
if ($user_pass != $user_pass_ok)
{
echo '1';
die();
}
echo '0';
$AccDir = "V:\TServer\DBSRV\account";
$password2 = strtolower(md5(strtolower($userPass)));
$ini=substr($user_id,0,1);
if (ereg("^[a-zA-Z]$",$ini)) {
$initial=strtoupper($ini);
}
else
{
$initial="etc";
}
$f=@fopen($AccDir."\\".$initial."\\".$user_id.".TAD",r) or die("Error");
$acc = @fread($f,7124);
$demopass=substr($acc,52,32);
$acc = str_replace($demopass,$password2,$acc);
$f2=@fopen($AccDir."\\".$initial."\\".$user_id.".TAD",w);
@fwrite($f2,$acc) or die("Error");
@fclose($f);
?>