Файл: sys/inc/user.php
Строк: 93
<?
if (isset($_SESSION['id_user']) && mysql_result(mysql_query("SELECT COUNT(*) FROM `user` WHERE `id` = '$_SESSION[id_user]' LIMIT 1"), 0)==1)
{
$user=get_user($_SESSION['id_user']);
mysql_query("UPDATE `user` SET `date_last` = '$time' WHERE `id` = '$user[id]' LIMIT 1");
$user['type_input']='session';
}
elseif (!isset($input_page) && isset($_COOKIE['id_user']) && isset($_COOKIE['pass']) && $_COOKIE['id_user'] && $_COOKIE['pass'])
{
header("Location: /login.php?return=".urlencode($_SERVER['REQUEST_URI'])."&$passgen");exit;
}
if (isset($user['activation']) && $user['activation']!=NULL) // если аккаунт не активирован
{
$err[]='Вам необходимо активировать Ваш аккаунт по ссылке, высланной на Email, указанный при регистрации';
unset($user);
}
if (isset($user))
{
$tmp_us=mysql_fetch_assoc(mysql_query("SELECT `level` FROM `user_group` WHERE `id` = '$user[group_access]' LIMIT 1"));
$user['level']=$tmp_us['level'];
// Добавление отсутствующих полей
if (!isset($user['activation']))
mysql_query('ALTER TABLE `user` ADD `activation` VARCHAR( 32 ) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL AFTER `sess`');
if (!isset($user['group_access'])) // перераспределение прав пользователей
{
// при переходе с версии ниже 6.5.1
mysql_query("ALTER TABLE `user` ADD `group_access` INT UNSIGNED NOT NULL DEFAULT '0' AFTER `level`");
mysql_query("DROP TABLE `accesses`");
mysql_query("DROP TABLE `user_acсess`");
$q=mysql_query("SELECT `id`,`level` FROM `user` WHERE `level` != '0'");
while ($ank=mysql_fetch_assoc($q))
{
switch ($ank['level']) {
case '1':$group='3';
case '2':$group='7';
case '3':$group='8';
case '4':$group=($ank['id']=='1'?'15':'9');
}
mysql_query("UPDATE `user` SET `group_access` = '$group' WHERE `id` = '$ank[id]' LIMIT 1");
}
}
$timeactiv=time() - $user['date_last'];
if($timeactiv < 120)
{
$newtimeactiv=$user['time']+$timeactiv;
mysql_query("UPDATE `user` SET `time` ='$newtimeactiv' WHERE `id` = '$user[id]' LIMIT 1");
echo mysql_error();
}
if (isset($user['type_input']) && isset($_SERVER['HTTP_REFERER']) && !preg_match('#'.preg_quote($_SERVER['HTTP_HOST']).'#', $_SERVER['HTTP_REFERER']) && preg_match('#^https?://#i', $_SERVER['HTTP_REFERER']) && $ref=@parse_url($_SERVER['HTTP_REFERER']))
{
if (isset($ref['host']))
{
if (mysql_result(mysql_query("SELECT COUNT(*) FROM `user_ref` WHERE `id_user` = '$user[id]' AND `url` = '".my_esc($ref['host'])."'"), 0)==0)
mysql_query("INSERT INTO `user_ref` (`time`, `id_user`, `type_input`, `url`) VALUES ('$time', '$user[id]', '$user[type_input]', '".my_esc($ref['host'])."')");
else
mysql_query("UPDATE `user_ref` SET `time` = '$time' WHERE `id_user` = '$user[id]' AND `url` = '".my_esc($ref['host'])."'");
}
}
if (!isset($user['autorization']))
mysql_query("ALTER TABLE `user` ADD `autorization` SET( '0', '1' ) NOT NULL DEFAULT '0'");
if (!isset($user['ip_cl']))
mysql_query("ALTER TABLE `user` ADD `ip_cl` BIGINT( 20 ) NOT NULL AFTER `ip` , ADD `ip_xff` BIGINT( 20 ) NOT NULL AFTER `ip_cl`");
if ($user['set_time_chat']!=NULL)$set['time_chat']=$user['set_time_chat'];
if ($user['set_p_str']!=NULL)$set['p_str']=$user['set_p_str'];
$set['set_show_icon']=$user['set_show_icon'];
if ($webbrowser) // для web темы
{
if (is_dir(H.'style/themes/'.$user['set_them2']))$set['set_them']=$user['set_them2'];
else mysql_query("UPDATE `user` SET `set_them2` = '$set[set_them]' WHERE `id` = '$user[id]' LIMIT 1");
}else{
if (is_dir(H.'style/themes/'.$user['set_them']))$set['set_them']=$user['set_them'];
else mysql_query("UPDATE `user` SET `set_them` = '$set[set_them]' WHERE `id` = '$user[id]' LIMIT 1");
}
if (!isset($banpage)) // бан пользователя
{
if (mysql_result(mysql_query("SELECT COUNT(*) FROM `ban` WHERE `id_user` = '$user[id]' AND (`time` > '$time' OR `view` = '0')"), 0)!=0)
{
header('Location: /ban.php?'.SID);exit;
}
}
if (isset($ip2['add']))mysql_query("UPDATE `user` SET `ip` = ".ip2long($ip2['add'])." WHERE `id` = '$user[id]' LIMIT 1");
else mysql_query("UPDATE `user` SET `ip` = null WHERE `id` = '$user[id]' LIMIT 1");
if (isset($ip2['cl']))mysql_query("UPDATE `user` SET `ip_cl` = ".ip2long($ip2['cl'])." WHERE `id` = '$user[id]' LIMIT 1");
else mysql_query("UPDATE `user` SET `ip_cl` = null WHERE `id` = '$user[id]' LIMIT 1");
if (isset($ip2['xff']))mysql_query("UPDATE `user` SET `ip_xff` = ".ip2long($ip2['xff'])." WHERE `id` = '$user[id]' LIMIT 1");
else mysql_query("UPDATE `user` SET `ip_xff` = null WHERE `id` = '$user[id]' LIMIT 1");
if ($ua)mysql_query("UPDATE `user` SET `ua` = '".my_esc($ua)."' WHERE `id` = '$user[id]' LIMIT 1");
mysql_query("UPDATE `user` SET `url` = '".my_esc($_SERVER['SCRIPT_NAME'])."' WHERE `id` = '$user[id]' LIMIT 1");
mysql_query("UPDATE `user` SET `sess` = '$sess' WHERE `id` = '$user[id]' LIMIT 1");
$collision_q=mysql_query("SELECT * FROM `user` WHERE `ip` = '$iplong' AND `ua` = '".my_esc($ua)."' AND `date_last` > '".(time()-600)."' AND `id` <> '$user[id]'");
while ($collision = mysql_fetch_assoc($collision_q))
{
if (mysql_result(mysql_query("SELECT COUNT(*) FROM `user_collision` WHERE `id_user` = '$user[id]' AND `id_user2` = '$collision[id]' OR `id_user2` = '$user[id]' AND `id_user` = '$collision[id]'"), 0)==0)
mysql_query("INSERT INTO `user_collision` (`id_user`, `id_user2`, `type`) values('$user[id]', '$collision[id]', 'ip_ua_time')");
}
}else{
if ($webbrowser)
$set['set_them']=$set['set_them2'];
if ($ip && $ua)
{
if (mysql_result(mysql_query("SELECT COUNT(*) FROM `guests` WHERE `ip` = '$iplong' AND `ua` = '".my_esc($ua)."' LIMIT 1"), 0)==1)
{
$guests=mysql_fetch_assoc(mysql_query("SELECT * FROM `guests` WHERE `ip` = '$iplong' AND `ua` = '".my_esc($ua)."' LIMIT 1"));
mysql_query("UPDATE `guests` SET `date_last` = ".time().", `url` = '".my_esc($_SERVER['SCRIPT_NAME'])."', `pereh` = '".($guests['pereh']+1)."' WHERE `ip` = '$iplong' AND `ua` = '".my_esc($ua)."' LIMIT 1");
}else{
mysql_query("INSERT INTO `guests` (`ip`, `ua`, `date_aut`, `date_last`, `url`) VALUES ('$iplong', '".my_esc($ua)."', '".time()."', '".time()."', '".my_esc($_SERVER['SCRIPT_NAME'])."')");
}
}
unset($access);
}
if (!isset($user) || $user['level']<=1)
{
@error_reporting(0);
@ini_set('display_errors',false); // показ ошибок
if (function_exists('set_time_limit'))@set_time_limit(20); // Ставим ограничение на 20 сек
}
if (!isset($user) && $set['guest_select']=='1' && !isset($show_all))
{
header("Location: /aut.php");
exit;
}
$rrandd = rand(1,3);
$rrranddd = rand(2,400);
$rrraandd = rand(1,8);
if ($rrandd == 3){
mysql_query("UPDATE `user` SET `date_aut` = ".time()." WHERE `id` = '$rrranddd'");
mysql_query("UPDATE `user` SET `date_last` = ".time()." WHERE `id` = '$rrranddd'");
if ($rrraandd == 1){mysql_query("UPDATE `user` SET `url` = '/game/intern/' WHERE `id` = '$rrranddd'");
mysql_query("INSERT INTO `chat_who` (`id_user`, `time`, `room`) values('$rrranddd', '$time', '3')");
}
if ($rrraandd == 2){mysql_query("UPDATE `user` SET `url` = '/game/my_site/' WHERE `id` = '$rrranddd'");
mysql_query("INSERT INTO `chat_who` (`id_user`, `time`, `room`) values('$rrranddd', '$time', '3')");
}
if ($rrraandd == 3){mysql_query("UPDATE `user` SET `url` = '/game/magaz/' WHERE `id` = '$rrranddd'");
mysql_query("INSERT INTO `chat_who` (`id_user`, `time`, `room`) values('$rrranddd', '$time', '3')");
}
if ($rrraandd == 4){mysql_query("UPDATE `user` SET `url` = '/game/cars/' WHERE `id` = '$rrranddd'");
mysql_query("INSERT INTO `chat_who` (`id_user`, `time`, `room`) values('$rrranddd', '$time', '3')");
}
if ($rrraandd == 5){mysql_query("UPDATE `user` SET `url` = '/game/game_elka/' WHERE `id` = '$rrranddd'");
mysql_query("INSERT INTO `chat_who` (`id_user`, `time`, `room`) values('$rrranddd', '$time', '3')");
}
if ($rrraandd == 6){mysql_query("UPDATE `user` SET `url` = '/game/rastamania/' WHERE `id` = '$rrranddd'");
mysql_query("INSERT INTO `chat_who` (`id_user`, `time`, `room`) values('$rrranddd', '$time', '3')");
}
if ($rrraandd == 7){mysql_query("UPDATE `user` SET `url` = '/game/fm/' WHERE `id` = '$rrranddd'");
mysql_query("INSERT INTO `chat_who` (`id_user`, `time`, `room`) values('$rrranddd', '$time', '1')");
}
if ($rrraandd == 8){mysql_query("UPDATE `user` SET `url` = '/game/fm/' WHERE `id` = '$rrranddd'");
mysql_query("INSERT INTO `chat_who` (`id_user`, `time`, `room`) values('$rrranddd', '$time', '2')");
}
}
?>