Bug cms

0){redirect('maintenance');} if($_GET['ref'] != ""){setcookie("PlusREF", $db->EscapeString($_GET['ref']), time()+3600);} if(isset($_POST['logare'])) { $name = $db->EscapeString($_POST['login']); $pass = $db->EscapeString($_POST['pass']); $ltype = ($site['reg_logtype'] == 1 ? ''email'' : ''login''); $sql = $db->Query("SELECT id,login,banned,activate FROM 'users' WHERE ".$ltype."='".$name."' AND 'pass'=MD5('".$pass."')"); $data = $db->FetchArray($sql); if($data['banned'] > 0){ $errMsg = "ERROR: Your account is banned!"; }elseif($data['activate'] > 0){ $errMsg = "ERROR: You need to confirm your email first!"; }elseif($data['id'] != '') { $db->Query("UPDATE 'users' SET 'online'=NOW() WHERE 'login'='".$data['login']."'"); $_SESSION['EX_login'] = $data['login']; redirect('index.php'); }else{ $errMsg = "ERROR: Username or password are wrong!"; } } ?>