Файл: vxas.ru/sys/inc/user.php
Строк: 99
<?
if (isset($_SESSION['id_user']) && mysql_result(mysql_query("SELECT COUNT(*) FROM `user` WHERE `id` = '".mysql_real_escape_string($_SESSION[id_user])."' LIMIT 1"), 0)==1)
{
$user=get_user($_SESSION['id_user']);
mysql_query("UPDATE `user` SET `date_last` = '".mysql_real_escape_string($time)."' WHERE `id` = '".mysql_real_escape_string($user[id])."' LIMIT 1");
$user['type_input']='session';
}
elseif (!isset($input_page) && isset($_COOKIE['id_user']) && isset($_COOKIE['pass']) && $_COOKIE['id_user'] && $_COOKIE['pass'])
{
header("Location: /login.php?return=".urlencode($_SERVER['REQUEST_URI'])."&$passgen");exit;
}
#######
$num=0;# ENK by [МиниКодер] :-D (Неуберать или в зебре появятся ошибки)
#######
if (isset($user['activation']) && $user['activation']!=NULL) // если аккаунт не активирован
{
$err[]='Вам необходимо активировать Ваш аккаунт по ссылке, высланной на Email, указанный при регистрации';
unset($user);
}
//////////////
if (isset($user))
{
$timeactiv=time()-$user['date_last'];
if($timeactiv<120)
{
$newtimeactiv=$user['time']+$timeactiv;
mysql_query("UPDATE `user` SET `time` ='".mysql_real_escape_string($newtimeactiv)."', `perehodu` = '".mysql_real_escape_string($user['perehodu']+1)."' WHERE `id` = '".mysql_real_escape_string($user[id])."' LIMIT 1");
echo mysql_error();
}
}
//////////////
if (isset($user))
{
$tmp_us=mysql_fetch_assoc(mysql_query("SELECT `level` FROM `user_group` WHERE `id` = '".mysql_real_escape_string($user[group_access])."' LIMIT 1"));
$user['level']=$tmp_us['level'];
$timeactiv=time() - $user['date_last'];
if($timeactiv < 120)
{
$newtimeactiv=$user['time']+$timeactiv;
mysql_query("UPDATE `user` SET `time` ='".mysql_real_escape_string($newtimeactiv)."' WHERE `id` = '".mysql_real_escape_string($user[id])."' LIMIT 1");
echo mysql_error();
}
if (isset($user['type_input']) && isset($_SERVER['HTTP_REFERER']) && !preg_match('#'.preg_quote($_SERVER['HTTP_HOST']).'#', $_SERVER['HTTP_REFERER']) && preg_match('#^https?://#i', $_SERVER['HTTP_REFERER']) && $ref=@parse_url($_SERVER['HTTP_REFERER']))
{
if (isset($ref['host']))
{
if (mysql_result(mysql_query("SELECT COUNT(*) FROM `user_ref` WHERE `id_user` = '".mysql_real_escape_string($user[id])."' AND `url` = '".my_esc($ref['host'])."'"), 0)==0)
mysql_query("INSERT INTO `user_ref` (`time`, `id_user`, `type_input`, `url`) VALUES ('".mysql_real_escape_string($time)."', '".mysql_real_escape_string($user[id])."', '".mysql_real_escape_string($user[type_input])."', '".my_esc($ref['host'])."')");
else
mysql_query("UPDATE `user_ref` SET `time` = '".mysql_real_escape_string($time)."' WHERE `id_user` = '".mysql_real_escape_string($user[id])."' AND `url` = '".my_esc($ref['host'])."'");
}
}
if ($user['set_time_chat']!=NULL)$set['time_chat']=$user['set_time_chat'];
if ($user['set_p_str']!=NULL)$set['p_str']=$user['set_p_str'];
$set['set_show_icon']=$user['set_show_icon'];
if ($webbrowser) // для web темы
{
if (is_dir(H.'style/themes/'.$user['set_them2']))$set['set_them']=$user['set_them2'];
else mysql_query("UPDATE `user` SET `set_them2` = '".mysql_real_escape_string($set[set_them])."' WHERE `id` = '".mysql_real_escape_string($user[id])."' LIMIT 1");
}
else
{
if (is_dir(H.'style/themes/'.$user['set_them']))$set['set_them']=$user['set_them'];
else mysql_query("UPDATE `user` SET `set_them` = '".mysql_real_escape_string($set[set_them])."' WHERE `id` = '".mysql_real_escape_string($user[id])."' LIMIT 1");
}
if (!isset($banpage)) // бан пользователя
{
if (mysql_result(mysql_query("SELECT COUNT(*) FROM `ban` WHERE `id_user` = '".mysql_real_escape_string($user[id])."' AND (`time` > '".mysql_real_escape_string($time)."' OR `view` = '0')"), 0)!=0)
{
header('Location: /ban.php?'.SID);exit;
}
}
if (isset($ip2['add']))mysql_query("UPDATE `user` SET `ip` = ".ip2long($ip2['add'])." WHERE `id` = '".mysql_real_escape_string($user[id])."' LIMIT 1");
else mysql_query("UPDATE `user` SET `ip` = null WHERE `id` = '".mysql_real_escape_string($user[id])."' LIMIT 1");
if (isset($ip2['cl']))mysql_query("UPDATE `user` SET `ip_cl` = ".ip2long($ip2['cl'])." WHERE `id` = '".mysql_real_escape_string($user[id])."' LIMIT 1");
else mysql_query("UPDATE `user` SET `ip_cl` = null WHERE `id` = '".mysql_real_escape_string($user[id])."' LIMIT 1");
if (isset($ip2['xff']))mysql_query("UPDATE `user` SET `ip_xff` = ".ip2long($ip2['xff'])." WHERE `id` = '".mysql_real_escape_string($user[id])."' LIMIT 1");
else mysql_query("UPDATE `user` SET `ip_xff` = null WHERE `id` = '".mysql_real_escape_string($user[id])."' LIMIT 1");
if ($ua)mysql_query("UPDATE `user` SET `ua` = '".my_esc($ua)."' WHERE `id` = '".mysql_real_escape_string($user[id])."' LIMIT 1");
mysql_query("UPDATE `user` SET `url` = '".my_esc($_SERVER['SCRIPT_NAME'])."' WHERE `id` = '".mysql_real_escape_string($user[id])."' LIMIT 1");
mysql_query("UPDATE `user` SET `sess` = '".mysql_real_escape_string($sess)."' WHERE `id` = '".mysql_real_escape_string($user[id])."' LIMIT 1");
$collision_q=mysql_query("SELECT * FROM `user` WHERE `ip` = '".mysql_real_escape_string($iplong)."' AND `ua` = '".my_esc($ua)."' AND `date_last` > '".mysql_real_escape_string(time()-600)."' AND `id` <> '".mysql_real_escape_string($user[id])."'");
while ($collision = mysql_fetch_assoc($collision_q))
{
if (mysql_result(mysql_query("SELECT COUNT(*) FROM `user_collision` WHERE `id_user` = '".mysql_real_escape_string($user[id])."' AND `id_user2` = '".mysql_real_escape_string($collision[id])."' OR `id_user2` = '".mysql_real_escape_string($user[id])."' AND `id_user` = '".mysql_real_escape_string($collision[id])."'"), 0)==0)
mysql_query("INSERT INTO `user_collision` (`id_user`, `id_user2`, `type`) values('".mysql_real_escape_string($user[id])."', '".mysql_real_escape_string($collision[id])."', 'ip_ua_time')");
}
}
else
{
if ($webbrowser)
$set['set_them']=$set['set_them2'];
if ($ip && $ua)
{
if (mysql_result(mysql_query("SELECT COUNT(*) FROM `guests` WHERE `ip` = '".mysql_real_escape_string($iplong)."' AND `ua` = '".my_esc($ua)."' LIMIT 1"), 0)==1)
{
$guests=mysql_fetch_assoc(mysql_query("SELECT * FROM `guests` WHERE `ip` = '".mysql_real_escape_string($iplong)."' AND `ua` = '".my_esc($ua)."' LIMIT 1"));
mysql_query("UPDATE `guests` SET `date_last` = '".mysql_real_escape_string(time())."', `url` = '".my_esc($_SERVER['SCRIPT_NAME'])."', `pereh` = '".mysql_real_escape_string($guests['pereh']+1)."' WHERE `ip` = '".mysql_real_escape_string($iplong)."' AND `ua` = '".my_esc($ua)."' LIMIT 1");
}
else
{
mysql_query("INSERT INTO `guests` (`ip`, `ua`, `date_aut`, `date_last`, `url`) VALUES ('".mysql_real_escape_string($iplong)."', '".my_esc($ua)."', '".mysql_real_escape_string(time())."', '".mysql_real_escape_string(time())."', '".my_esc($_SERVER['SCRIPT_NAME'])."')");
}
}
unset($access);
}
if (!isset($user) || $user['level']==0)
{
@error_reporting(0);
@ini_set('display_errors',false); // показ ошибок
if (function_exists('set_time_limit'))@set_time_limit(20); // Ставим ограничение на 20 сек
}
if (!isset($user) && $set['guest_select']=='1' && !isset($show_all))
{
header("Location: /aut.php");
exit;
}
?>