Файл: system/core.php
Строк: 70
<?php
//error_reporting(0);
session_start();
ob_start();
$mysql_connect = mysql_connect('localhost','vol617_wmscriptt','lxspgbb7') or die("Ошибка");
mysql_select_db('vol617_wmscript',$mysql_connect) or die("Ошибка");
mysql_query("SET NAMES utf8");
define('home', $_SERVER['DOCUMENT_ROOT']);
foreach($_GET as $check_url)
{
if(!is_string($check_url) or !preg_match('#^(?:[a-z0-9_-/]+|.+(?!/))*$#i', $check_url))
{
header ('Location: '.home.'/index.php'); exit;
}
} unset($check_url);
if(isset($_COOKIE['ulogin']) && isset($_COOKIE['upassword']))
{
$ulogin = trim(htmlspecialchars(mysql_escape_string($_COOKIE['ulogin'])));
$upassword = trim(htmlspecialchars(mysql_escape_string($_COOKIE['upassword'])));
if(empty($ulogin) or empty($upassword))
{
setcookie('ulogin', '', time()-((60*60)*24), '/');
setcookie('upassword', '', time()-((60*60)*24), '/');
}
$user = mysql_fetch_assoc(mysql_query("SELECT * FROM `user` WHERE `login` = '".$ulogin."' and `password`='".$upassword."' LIMIT 1"));
mysql_query("UPDATE `user` SET `online`='".time()."',`ip`='".$_SERVER['REMOTE_ADDR']."',`ua`='".$_SERVER['HTTP_USER_AGENT']."',`self`='".$_SERVER['REQUEST_URI']."' WHERE `id`='".$user['id']."'");
$timeactiv=time() - $user['online'];
if($timeactiv < 120)
{
$newtimeactiv=$user['allonline']+$timeactiv;
mysql_query("UPDATE `user` SET `allonline` ='".$newtimeactiv."' WHERE `id`='".$user['id']."'");
}
if(isset($user['id']) && $user['login']!=$ulogin or $user['password']!=$upassword)
{
setcookie('ulogin', '', time()-((60*60)*24), '/');
setcookie('upassword', '', time()-((60*60)*24), '/');
}
}
include 'functions.php';
define('standart_css', 'blue_4ika');
if($user['id'])
{
$ban = mysql_fetch_assoc(mysql_query("SELECT * FROM `ban` WHERE `who` = '".$user['id']."'"));
if($ban['end'] > time())
{
include 'header.php';
echo '<div class="verh"><font color="red"><b>Вы забанены!</b></font></div><div class="lst">
Вас забанил: '.ustatus($ban['ho']).' <b>'.uname($ban['ho']).'</b> '.uaccess($ban['ho']).'<br>
Причины: <b>'.smiles(bbcode($ban['why'])).'</b><br>
Дата бана: <b>'.times($ban['time']).'</b><br>
Дата освобождения: <b>'.date('d.m.Y в H:i',$ban['end']).'</b>
</div>';
include 'footer.php'; exit;
}
$reg = mysql_fetch_assoc(mysql_query("SELECT * FROM `reg` WHERE `who` = '".$user['id']."' LIMIT 1"));
if($reg!=0)
{
if($reg['ok'] == 0)
{
include 'header.php';
echo '<div class="podverh">';
echo '<div class="uv"><div class="sm"></div><div class="sm"></div><div class="co">Стоп!</div></div>';
echo '</div>';
echo ' <div class="start">';
echo '<div class="s"><div class="ss"><span><a href="/cab">Кабинет</a></span></div></div>';
echo '<div class="post1">
<font color="red"><b>Ваш аккаунт не активирован!</b></font>
</div>';
include 'footer.php'; exit;
}elseif($reg['ok'] == 2)
{
include 'header.php';
echo '<div class="podverh">';
echo '<div class="uv"><div class="sm"></div><div class="sm"></div><div class="co">Стоп!</div></div>';
echo '</div>';
echo ' <div class="start">';
echo '<div class="s"><div class="ss"><span><a href="/cab">Кабинет</a></span></div></div>';
echo '<div class="post1">
<font color="red"><b>Вы не были допущены на сайт!</b></font>
</div>';
include 'footer.php'; exit;
}
}
}
?>