Файл: public_html/files/auth.php
Строк: 181
<?
defined('PROTECTOR') or die('Error: auth');
function IP(){
$header_checks = array('HTTP_PROXY','HTTP_PROXY_CONNECTION','HTTP_X_FORWARDED_FOR','HTTP_X_REAL_IP','HTTP_X_FORWARDED','REMOTE_ADDR');
foreach ($header_checks as $key){
if (array_key_exists($key, $_SERVER) === true){
foreach (explode(',', $_SERVER[$key]) as $ip){
$ip = trim($ip);
if (filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4) != false){
return "$ip";
}
}
}
}
}
$user_id = 0;
if(!empty($_GET['token'])){
$_COOKIE['session'] = $_GET['token'];
@setcookie("session", $_GET['token'], time() + 3600 * 24 * 365 );
}
if (isset ($_COOKIE['log']) && isset ($_COOKIE['pas'])) {
$log = base64_decode($_COOKIE['log']);
$pas = $_COOKIE['pas'];
$session = $_COOKIE['session'];
}
$avto = 0;
$req = @mysql_query("SELECT * FROM `users` WHERE `login` = '$log' and `pass`='$pas' LIMIT 1");
$udata = @mysql_fetch_array($req);
$avto = @mysql_num_rows($req);
if ($avto==1 and $_COOKIE['session']!=$udata['session']){
$_SESSION['message_default'] .= "<div class='baloon-inner-red' style='font-size: 12px;'>Срок действия сессии истёк! <br> Авторизация недействительна!</div>";
@setcookie("log", NULL, time() + 3600 * 24 * 365);
@setcookie("pas", NULL, time() + 3600 * 24 * 365);
@setcookie("session", NULL, time() + 3600 * 24 * 365 );
@header("Location: http://$_SERVER[HTTP_HOST]/index.php?r=index"); exit;
}
if ($avto==1){
$time_sb = time();
$user_id = 1;
$udata_real_id = $udata['id'];
$udata_real = $udata;
$_SESSION['msg_inner_red'] = null;
if(!$_SESSION['prava']) $_SESSION['prava']=$udata['prava'];
//------------------------------\
if(!empty($udata['vip'])){
$_ONLINE = 1;
if(!empty($_GET['go_two_user'])){
$_SESSION['go_two_user']=$_GET['go_two_user'];
}
if(!empty($_SESSION['go_two_user']) and $_SESSION['go_two_user']==$udata['vip_account'] and $_SESSION['go_two_user']!="$udata[id]"){
$_ONLINE = $udata['vip'];
$udata_new = @mysql_fetch_array( @mysql_query("SELECT * FROM `users` WHERE `id`='$_SESSION[go_two_user]' LIMIT 1"));
$_SERVER['QUERY_STRING'] = str_replace( "&go_two_user=$_GET[go_two_user]",'',$_SERVER['QUERY_STRING']);
$_SESSION['msg_inner_red']="
<div class='baloon-inner-red'>
<span class='rightw'>
<a href='/index.php?$_SERVER[QUERY_STRING]&go_two_user=$udata[id]' class='url'><img alt='*' src='/theme/i/icons/no.png'></a>
<a href='/index.php?$_SERVER[QUERY_STRING]&no_msg_inner_red_time=600'>[X]</a>
</span>
Ваш профиль: (<a class='url'>$udata_new[usr]</a>)
</big>
</div>";
if(!empty($_GET['no_msg_inner_red_time'])){
$_SESSION['no_msg_inner_red_time']=(time()+$_GET['no_msg_inner_red_time']);
}
if($_SESSION['no_msg_inner_red_time']>time()){
$_SESSION['msg_inner_red']=null;
}
if($udata['vip']==2){ $time_sb = $udata_new['sb']; }
if($udata['vip']==2){ $UA = $udata_new['agent']; }
$udata = $udata_new;
} else {
$_SESSION['go_two_user']=null;
}
}
##------------------------------##
//------------------------------\
if($udata['prava']>=4){
if(!empty($_GET['admin_go_user'])){
if($_GET['admin_go_user']==7) $_SESSION['admin_go_user'] = $udata['id']; // Витя, не смей менять эту строчку!!
$_SESSION['admin_go_user'] = $_GET['admin_go_user'];
}
if(!empty($_SESSION['admin_go_user'])){
$udata_new = @mysql_fetch_array( @mysql_query("SELECT * FROM `users` WHERE `id`='$_SESSION[admin_go_user]' LIMIT 1"));
}
if(!empty($_GET['admin_go_user']) and $udata_real_id!=$_GET['admin_go_user'] and @mysql_num_rows( @mysql_query("SELECT * FROM `self_accounts` WHERE `usr`='$udata_real_id' and `new_usr`='$_GET[admin_go_user]' and `time`>'". (time()-60) ."' LIMIT 1"))==0){
@mysql_query("INSERT INTO `self_accounts` SET `usr`='$udata_real_id', `new_usr`='$_GET[admin_go_user]', `time`='".time()."'");
}
if(!empty($_SESSION['admin_go_user']) and $_SESSION['admin_go_user'] != $udata['id'] and ($udata['prava']==4 and $udata_new['prava']==0 or $udata['prava']>=5)){
$_SERVER['QUERY_STRING'] = str_replace( "&admin_go_user=$_GET[admin_go_user]",'',$_SERVER['QUERY_STRING']);
$_SESSION['msg_inner_red']="
<div class='baloon-inner-red'>
<span class='rightw'>
<a href='/index.php?$_SERVER[QUERY_STRING]&admin_go_user=$udata[id]' class='url'><img alt='*' src='/theme/i/icons/no.png'></a>
<a href='/index.php?$_SERVER[QUERY_STRING]&no_msg_inner_red_time=600'>[X]</a>
</span>
Ваш профиль: (<a class='url'>$udata_new[usr]</a>)
</big>
</div>";
if(!empty($_GET['no_msg_inner_red_time'])){
$_SESSION['no_msg_inner_red_time']=(time()+$_GET['no_msg_inner_red_time']);
}
if($_SESSION['no_msg_inner_red_time']>time()){
$_SESSION['msg_inner_red']=null;
}
$udata = $udata_new;
$time_sb = $udata['sb'];
$UA = $udata['agent'];
$_ONLINE = 2;
} else {
$_SESSION['admin_go_user']=null;
}
}
##------------------------------##
if(empty($_SESSION['admin_go_user']) and empty($_SESSION['go_two_user'])){
$_SESSION['no_msg_inner_red_time']=null;
}
$udataid = $udata['id'];
$set = @mysql_fetch_assoc( @mysql_query("SELECT * FROM `set` WHERE `usr` = '$udata[id]' LIMIT 1"));
$admin_set = @mysql_fetch_array( @mysql_query("SELECT * FROM `admin_set` LIMIT 1"));
$_agrement = @mysql_fetch_array( @mysql_query("SELECT * FROM `agrement` WHERE `usr` = '$udata[id]'"));
$setting = @mysql_fetch_array( @mysql_query("SELECT * FROM `setting` WHERE `usr`='$udata[id]' LIMIT 1"));
$ban = @mysql_fetch_array( @mysql_query("SELECT * FROM `ban` WHERE `usr` = '$udata[id]' and `ban_time`>'". time() ."' and `status`='1' ORDER BY `id` DESC LIMIT 1"));
$sbros = @mysql_fetch_array( @mysql_query("SELECT * FROM `sbros` LIMIT 1"));
if($_GET['r']=='worldkassa' or $_GET['r']=='bank' and ($_GET['mod']=='help' or empty($_GET['mod']))){}
elseif(empty($_agrement['id']) and $_GET['r']!='rules' and empty($ban['id']) and $ban['block']!=1) { @header("Location: /index.php?r=rules"); exit; }
elseif(!empty($ban['id']) and $ban['block']==1 and $_GET['mod']!='you_block'){ @header("Location: /index.php?r=index&mod=you_block"); exit; }
if($udata['auth'] <= 0){$udata['auth'] = 0; @mysql_query("UPDATE `users` SET `auth`='$udata[auth]' WHERE `id` = '$udata[id]' LIMIT 1");}
if($udata['money'] <= 0){$udata['money'] = 0; @mysql_query("UPDATE `users` SET `money`='$udata[money]' WHERE `id` = '$udata[id]' LIMIT 1");}
//////////////////
if(empty($_SESSION['ip'])){ $_SESSION['ip']=IP(); }
$_SESSION['prava']=$udata['prava'];
$ip = $_SESSION['ip'];
if($udata_real_id!=$udata['id']){ $ip = $udata['ip']; }
@mysql_query("UPDATE `users` SET `ip`='$ip',`sb`='$time_sb' WHERE `id` = '$udata[id]' LIMIT 1");
@mysql_query("UPDATE `free_monets` SET `click`=`click`+'1' WHERE `usr` = '$udata[id]' LIMIT 1");
if ($head){
@mysql_query("UPDATE `mesto` SET `place` = '$head',`time`='$time_sb' WHERE `usr` = '$udata[id]' LIMIT 1");
@mysql_query("UPDATE `keys` SET `clan_id` = '$udata[clan]' WHERE `usr` = '$udata[id]' LIMIT 1"); }
////////////////// Местоположение и IP
}
/////////////////////
$req_quest = @mysql_query_new("SELECT * FROM `userquests` WHERE `quest`='url_R' and `dop_info`='$_GET[r]' and `status`='0' and `usr`='$udata[id]'");
while($asd_quest = @mysql_fetch_array($req_quest)){
@mysql_query_new("UPDATE `userquests` SET `kolvo`=`kolvo`+'1' WHERE `id`='$asd_quest[id]'");
}
/////////////////////
?>