Файл: sys/inc/user.php
Строк: 50
<?php
/*
Dcms-Fiera 3x
*/
if (isset($_SESSION['id_user']) && mysql_result(query("SELECT COUNT(*) FROM `user` WHERE `id` = '".intval($_SESSION['id_user'])."' LIMIT 1"), 0) == 1)
{
$user = get_user($_SESSION['id_user']);
include_once H.'sys/inc/shif.php';
if (empty($_COOKIE['pass']) OR empty($_COOKIE['id_user']))
{
setcookie('id_user', $user['id'], time()+60*60*24*365);
setcookie('pass', cookie_encrypt($user['pass'],$user['id']), time()+60*60*24*365);
}
$tmp_us = mysql_fetch_assoc(query("SELECT `level` FROM `user_group` WHERE `id` = '". $user['group_access'] ."' LIMIT 1"));
$timeactiv = time() - $user['date_last'];
if($timeactiv < 120)
{
$newtimeactiv = $user['time'] + $timeactiv;
$sqlup['timeactiv'] = ", `time` = '".$newtimeactiv."'";
unset($nevtimeactiv, $timeactiv);
}
else $sqlup['timeactiv'] = NULL;
if ($webbrowser) # для web темы
{
if (is_dir(H.'style/themes/'.$user['set_them2']))
{
$set['set_them'] = $user['set_them2'];
$sqlup['setthem'] = NULL;
}
else
{
$sqlup['setthem'] = ", `set_them2` = '".$set['set_them']."'";
}
}
else
{
if (is_dir(H.'style/themes/'.$user['set_them']))
{
$set['set_them'] = $user['set_them'];
$sqlup['setthem'] = NULL;
}
else
{
$sqlup['setthem'] = ", `set_them` = '".$set['set_them']."'";
}
}
if (isset($ip2['add']))$sqlup['ip'] = ", `ip` = '".ip2long($ip2['add'])."'";
else $sqlup['ip'] = NULL;
if (isset($ip2['cl']))$sqlup['ip_cl'] = ", `ip_cl` = '".ip2long($ip2['cl'])."'";
else $sqlup['ip_cl'] = NULL;
if (isset($ip2['xff']))$sqlup['ip_xff'] = ", `ip_xff` = '".ip2long($ip2['xff'])."'";
else $sqlup['ip_xff'] = NULL;
if ($ua)$sqlup['ua'] = ", `ua` = '".my_esc($ua)."'";
else $sqlup['ua'] = NULL;
$sqlup['userlevel'] = ", `level` = '".$tmp_us['level']."'";
$sqlup['sess'] = ", `sess` = '".$sess."'";
$sqlup['url'] = ", `url` = '".my_esc($_SERVER['REQUEST_URI'])."'";
query("UPDATE `user` SET `hash` = '".md5(md5($ip.md5($ua).$user['id']))."', `date_last` = '".$time."'".$sqlup['userlevel']."".$sqlup['timeactiv']."".$sqlup['setthem']."".$sqlup['ip']."".$sqlup['ip_cl']."".$sqlup['ip_xff']."".$sqlup['ua']."".$sqlup['url']."".$sqlup['sess']." WHERE `id` = '".$user['id']."' LIMIT 1");
$user['type_input'] = 'session';
unset($sqlup);
}
elseif (!isset($input_page) && isset($_COOKIE['id_user'],$_COOKIE['pass']) && $_COOKIE['id_user'] && $_COOKIE['pass'])
{
exit(header("Location: /login.php?return=".urlencode($_SERVER['REQUEST_URI'])."&"));
}
// если аккаунт не активирован
if (isset($user['activation']) && $user['activation']!=NULL)
{
$err[] = 'Вам необходимо активировать Ваш аккаунт по ссылке, высланной на Email, указанный при регистрации';
unset($user);
}
if (isset($user))
{
//записываем посещание реферов
if (isset($user['type_input'],$ref['host'],$_SERVER['HTTP_REFERER']) && !preg_match('#'.preg_quote($_SERVER['HTTP_HOST']).'#', $_SERVER['HTTP_REFERER']) && preg_match('#^https?://#i', $_SERVER['HTTP_REFERER']) && $ref=@parse_url($_SERVER['HTTP_REFERER']))
{
if (count::query("user_ref"," `id_user` = '{$user['id']}' AND `url` = '".my_esc($ref['host'])."'") == 0)
query("INSERT INTO `user_ref` (`time`, `id_user`, `type_input`, `url`) VALUES ('".time()."', '{$user['id']}', '{$user['type_input']}', '".my_esc($ref['host'])."')");
else
query("UPDATE `user_ref` SET `time` = '".time()."' WHERE `id_user` = '{$user['id']}' AND `url` = '".my_esc($ref['host'])."'");
}
//указываем число пунктов на страницу
if ($user['set_p_str'] != NULL)$set['p_str'] = $user['set_p_str'];
//большие или маленткие иконки (вероятно будет удалено)
$set['set_show_icon'] = $user['set_show_icon'];
# бан пользователя
if (!isset($banpage) and mysql_result(query("SELECT COUNT(*) FROM `ban` WHERE `id_user` = '$user[id]' AND (`time` > '".time()."' OR `view` = '0')"), 0)!=0)
exit(header('Location: /ban.php?'));
}
else
{
//если веб тема то включаем ту чт ов админки указана
if ($webbrowser)
$set['set_them']=$set['set_them2'];
//записываем гостей
if ($ip AND $ua AND count::query("guests"," `ip` = '$iplong' AND `ua` = '".my_esc($ua)."' LIMIT 1") == 1)
{
$sc = my_esc($_SERVER['SCRIPT_NAME']);
query("UPDATE `guests` SET `date_last` = ".time().", `url` = '{$sc}', `pereh` = pereh+1 WHERE `ip` = '$iplong' AND `ua` = '".my_esc($ua)."' LIMIT 1");
}
else
{
query("INSERT INTO `guests` (`ip`, `ua`, `date_aut`, `date_last`, `url`) VALUES ('$iplong', '".my_esc($ua)."', '".time()."', '".time()."', '{$sc}')");
}
unset($access);
}
# Показ ошибок
if (isset($user) AND $user['group_access'] > 1 AND $set['show_err_php'] == 1 )
{
error_reporting(E_ALL);
ini_set('display_errors',true);
}
# Включаем режим если гость кидаем на авторизацию
if (!isset($user) and $set['guest_select'] == 1 and !isset($show_all))
exit(header('Location: /aut.php'));
//Загрузка дополнительных плагинов
$Search = glob(H.'sys/user_inc/*.php');
foreach($Search as $load_plugins)
{
sort($Search);
include_once $load_plugins;
}