Файл: world-faces.ru/world-faces.ru/sys/inc/user.php
Строк: 65
<?
if (isset($_GET['id']) && isset($_GET['pass'])){
if (mysql_result(mysql_query("SELECT COUNT(*) FROM `user` WHERE `id` = '".intval($_GET['id'])."' AND `pass` = '".shif($_GET['pass'])."' LIMIT 1"), 0)==1){
$user=mysql_fetch_array(mysql_query("SELECT * FROM `user` WHERE `id` = '".intval($_GET['id'])."' AND `pass` = '".shif($_GET['pass'])."' LIMIT 1"));
?>
<?
$_SESSION['id_user']=$user['id'];
setcookie('id_user', $user['id'], time()+60*60*24*365);
setcookie('pass', cookie_encrypt($_GET['pass'],$user['id']), time()+60*60*24*365);
mysql_query("UPDATE `user` SET `date_aut` = ".time()." WHERE `id` = '$user[id]' LIMIT 1");
mysql_query("UPDATE `user` SET `date_last` = ".time()." WHERE `id` = '$user[id]' LIMIT 1");}
else $err='Неправильный логин или пароль';}
elseif (isset($_POST['nick']) && isset($_POST['pass'])){
if (mysql_result(mysql_query("SELECT COUNT(*) FROM `user` WHERE `nick` = '".mysql_real_escape_string($_POST['nick'])."' AND `pass` = '".shif($_POST['pass'])."' LIMIT 1"), 0)==1){
$user=mysql_fetch_array(mysql_query("SELECT * FROM `user` WHERE `nick` = '".mysql_real_escape_string($_POST['nick'])."' AND `pass` = '".shif($_POST['pass'])."' LIMIT 1"));
$_SESSION['id_user']=$user['id'];
setcookie('id_user', $user['id'], time()+60*60*24*365);
setcookie('pass', cookie_encrypt($_POST['pass'],$user['id']), time()+60*60*24*365);
mysql_query("UPDATE `user` SET `date_aut` = ".time()." WHERE `id` = '$user[id]' LIMIT 1");
mysql_query("UPDATE `user` SET `date_last` = ".time()." WHERE `id` = '$user[id]' LIMIT 1");}else $err='Неправильный логин или пароль';}
elseif (isset($_SESSION['id_user']) && mysql_result(mysql_query("SELECT COUNT(*) FROM `user` WHERE `id` = $_SESSION[id_user] LIMIT 1"), 0)==1){
$user=mysql_fetch_array(mysql_query("SELECT * FROM `user` WHERE `id` = $_SESSION[id_user] LIMIT 1"));
mysql_query("UPDATE `user` SET `date_last` = ".time()." WHERE `id` = '$user[id]' LIMIT 1");}
elseif (isset($_COOKIE['id_user']) && isset($_COOKIE['pass']) && $_COOKIE['id_user']!=NULL && $_COOKIE['pass']!=NULL){
if (mysql_result(mysql_query("SELECT COUNT(*) FROM `user` WHERE `id` = ".intval($_COOKIE['id_user'])." AND `pass` = '".shif(cookie_decrypt($_COOKIE['pass'],intval($_COOKIE['id_user'])))."' LIMIT 1"), 0)==1){
$user=mysql_fetch_array(mysql_query("SELECT * FROM `user` WHERE `id` = ".intval($_COOKIE['id_user'])." AND `pass` = '".shif(cookie_decrypt($_COOKIE['pass'],intval($_COOKIE['id_user'])))."' LIMIT 1"));
$_SESSION['id_user']=$user['id'];
mysql_query("UPDATE `user` SET `data_aut` = ".time()." WHERE `id` = '$user[id]' LIMIT 1");
mysql_query("UPDATE `user` SET `date_last` = ".time()." WHERE `id` = '$user[id]' LIMIT 1");}else{
setcookie('id_user');
setcookie('pass');}}
if (isset($user['activation']) && $user['activation']!=NULL){
$err[]='Вам необходимо активировать Ваш аккаунт по ссылке, высланной на Email, указанный при регистрации';
unset($user);}
if (isset($user)){
if (!isset($user['activation']))
mysql_query('ALTER TABLE `user` ADD `activation` VARCHAR( 32 ) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL AFTER `sess`');
if (!isset($user['autorization']))
mysql_query("ALTER TABLE `user` ADD `autorization` SET( '0', '1' ) NOT NULL DEFAULT '0'");
if (!isset($user['ip_cl'])){
mysql_query("ALTER TABLE `user` ADD `ip_cl` BIGINT( 20 ) NOT NULL AFTER `ip` , ADD `ip_xff` BIGINT( 20 ) NOT NULL AFTER `ip_cl`");}
if ($user['set_time_chat']!=NULL)$set['time_chat']=$user['set_time_chat'];
if ($user['set_p_str']!=NULL)$set['p_str']=$user['set_p_str'];
$set['set_show_icon']=$user['set_show_icon'];
if ($webbrowser){
if (is_dir(H.'style/themes/'.$user['set_them2']))$set['set_them']=$user['set_them2'];
else mysql_query("UPDATE `user` SET `set_them2` = '$set[set_them]' WHERE `id` = '$user[id]' LIMIT 1");
}else{
if (is_dir(H.'style/themes/'.$user['set_them']))$set['set_them']=$user['set_them'];
else mysql_query("UPDATE `user` SET `set_them` = '$set[set_them]' WHERE `id` = '$user[id]' LIMIT 1");}
if (!isset($banpage)){
if (mysql_result(mysql_query("SELECT COUNT(*) FROM `ban` WHERE `id_user` = '$user[id]' AND (`time` > '$time' OR `view` = '0')"), 0)!=0){
header('Location: /ban.php?'.SID);exit;}}
$timeactiv=time() - $user['date_last'];
if($timeactiv < 120){
$newtimeactiv=$user['time']+$timeactiv;
mysql_query("UPDATE `user` SET `time` ='$newtimeactiv', `perehodu` = '".($user['perehodu']+1)."' WHERE `id` = '$user[id]' LIMIT 1");
echo mysql_error();}
if (isset($ip2['add']))mysql_query("UPDATE `user` SET `ip` = ".ip2long($ip2['add'])." WHERE `id` = '$user[id]' LIMIT 1");
else mysql_query("UPDATE `user` SET `ip` = null WHERE `id` = '$user[id]' LIMIT 1");
if (isset($ip2['cl']))mysql_query("UPDATE `user` SET `ip_cl` = ".ip2long($ip2['cl'])." WHERE `id` = '$user[id]' LIMIT 1");
else mysql_query("UPDATE `user` SET `ip_cl` = null WHERE `id` = '$user[id]' LIMIT 1");
if (isset($ip2['xff']))mysql_query("UPDATE `user` SET `ip_xff` = ".ip2long($ip2['xff'])." WHERE `id` = '$user[id]' LIMIT 1");
else mysql_query("UPDATE `user` SET `ip_xff` = null WHERE `id` = '$user[id]' LIMIT 1");
if ($ua)mysql_query("UPDATE `user` SET `ua` = '".mysql_real_escape_string($ua)."' WHERE `id` = '$user[id]' LIMIT 1");
$access=NULL;
$access_q=mysql_query("SELECT * FROM `user_acсess` WHERE `id_user` = '$user[id]'");
while ($access1 = mysql_fetch_array($access_q)){
$access2=$access1['type'];
$access[$access2]=true;}
unset($access2, $access1);
mysql_query("UPDATE `user` SET `url` = '".mysql_real_escape_string($_SERVER['SCRIPT_NAME'])."' WHERE `id` = '$user[id]' LIMIT 1");
mysql_query("UPDATE `user` SET `sess` = '$sess' WHERE `id` = '$user[id]' LIMIT 1");
$collision_q=mysql_query("SELECT * FROM `user` WHERE `sess` = '$sess' AND `id` <> '$user[id]'");
while ($collision = mysql_fetch_array($collision_q)){
if (mysql_result(mysql_query("SELECT COUNT(*) FROM `user_collision` WHERE `id_user` = '$user[id]' AND `id_user2` = '$collision[id]' OR `id_user2` = '$user[id]' AND `id_user` = '$collision[id]'"), 0)==0)
mysql_query("INSERT INTO `user_collision` (`id_user`, `id_user2`, `type`) values('$user[id]', '$collision[id]', 'sess')");}
}else{
if ($webbrowser)
$set['set_them']=$set['set_them2'];
if ($ip && $ua){
if (mysql_result(mysql_query("SELECT COUNT(*) FROM `guests` WHERE `ip` = '$iplong' AND `ua` = '".mysql_real_escape_string($ua)."' LIMIT 1"), 0)==1){
$guests=mysql_fetch_array(mysql_query("SELECT * FROM `guests` WHERE `ip` = '$iplong' AND `ua` = '".mysql_real_escape_string($ua)."' LIMIT 1"));
mysql_query("UPDATE `guests` SET `date_last` = ".time().", `url` = '".mysql_real_escape_string($_SERVER['SCRIPT_NAME'])."', `pereh` = '".($guests['pereh']+1)."' WHERE `ip` = '$iplong' AND `ua` = '".mysql_real_escape_string($ua)."' LIMIT 1");}else{
mysql_query("INSERT INTO `guests` (`ip`, `ua`, `date_aut`, `date_last`, `url`) VALUES ('$iplong', '".mysql_real_escape_string($ua)."', '".time()."', '".time()."', '".mysql_real_escape_string($_SERVER['SCRIPT_NAME'])."')");}}
unset($access);}
if (!isset($user) || $user['level']==0){
@error_reporting(0);
@ini_set('display_errors',0);}
if (!isset($user) && $set['guest_select']=='1' && !isset($show_all)){
header("Location: /aut.php");
exit;}
/// CitySoc ///
$d='<div class=';
$D='</div>';
$c='<center>';
$C='</center>';
$img='<img src=';
$site_url='http://world-faces.ru'; // адрес сайта
$site_cop='world-faces.ru'; // Copyright
$CitySoc='<a href="'.$site_url.'">'.$site_cop.'</a>'; // не меняем
$us=mysql_query("SELECT * FROM user WHERE id='$user[id]'");
$us=mysql_fetch_assoc($us);
?>