db_user admin db_pass g1231231 db_name p123ortal if empty _GET usernam

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
$db_user = 'admin';
$db_pass = 'g1231231';
$db_name = 'p123ortal';
if (!empty($_GET['username'])){
if(get_magic_quotes_gpc()) {
$username = stripslashes($_GET['username']);
} else {
$username = $_GET['username'];
}
$username = iconv("utf8", "cp1251", $username);
mysql_connect("localhost", $db_user, $db_pass) or die(mysql_error());
mysql_select_db($db_name) or die(mysql_error());
$query = sprintf("SELECT userid FROM _foruser WHERE username='%s'",
mysql_real_escape_string($username));
$result = mysql_query($query);
if (!empty($result)){
while($row = mysql_fetch_array( $result )) {
$userid = intval($row['userid']);
}
}
if (is_numeric($userid)){
$url = sprintf("http://aaa.ch/forum/member.php?u=%d", $userid);
header("Location: $url");
}
}else{
header("Location: http://aaa.ch/404/");
}