Файл: vkolhoze.com/inc/start_sess.php
Строк: 44
<?
// Данные от базы данных
$db_host='localhost'; // хост
$db_password='111111'; // пароль
$db_user_name='db1433612738'; // имя пользователя
$db_name='db1433612738'; // имя базы данных
if(!($db=@mysql_connect($db_host, $db_user_name, $db_password)))
{
echo "<center>Тех работы..</center>";
exit;
}
// подключение к базе
if (!@mysql_select_db($db_name,$db))
{
echo "Wrong MySQL db name";
exit;
}
mysql_query('set charset utf8',$db);
mysql_query('SET names utf8',$db);
mysql_query('set character_set_client="utf8"',$db);
mysql_query('set character_set_connection="utf8"',$db);
mysql_query('set character_set_result="utf8"',$db);
if(empty($_COOKIE['pass']))$_COOKIE['pass']='';
if(!isset($_SESSION))
{
$sess_name = 'uids';
session_name($sess_name);
session_start();
$sess=mysql_escape_string(session_id());
if (!preg_match('#[A-z0-9]{32}#i',$sess))$sess=md5(rand(09009,999999));
if($_SESSION['_pr_sess_']!='1'){
setcookie($sess_name, $sess, time()+(3600*24*7));
$_SESSION['_pr_sess_']='1';
}
}
if(isset($_GET['user_id']) && !isset($_SESSION['id_user'])){
if(mysql_result(mysql_query("SELECT COUNT(*) FROM `kolhoz_user` WHERE `vk_id` = '".intval($_GET['user_id'])."'"),0)==1){
$us=mysql_fetch_array(mysql_query("SELECT `password`,`id` FROM `kolhoz_user` WHERE `vk_id` = '".intval($_GET['user_id'])."'"));
if(htmlspecialchars($_GET['auth_key'])=="$us[0]"){
$_SESSION['id_user']=$us[1];
$_SESSION['pass']=htmlspecialchars($_GET['auth_key']);
}
}else{
$name='vk_id_'.(intval($_GET['user_id'])).'';
mysql_query("INSERT INTO `kolhoz_user` SET `nick` = '$name', `password` = '".htmlspecialchars($_GET['auth_key'])."', `pol` = '1', `email` = '', `money` = '10000', `rubies` = '1000', `status` = '".(mysql_result(mysql_query("SELECT COUNT(*) FROM `kolhoz_user`"), 0)==0?3:0)."',`unlogin`='1',`vk_id`='".(intval($_GET['user_id']))."'");
$_SESSION['id_user']=mysql_insert_id();
$_SESSION['pass']=htmlspecialchars($_GET['auth_key']);
}
}
if (isset($_SESSION['id_user']) && isset($_SESSION['pass']) && mysql_result(mysql_query("SELECT COUNT(*) FROM `kolhoz_user` WHERE `id` = '$_SESSION[id_user]' AND `password`='$_SESSION[pass]' LIMIT 1"), 0)==1)
{
$ku=mysql_fetch_array(mysql_query("SELECT * FROM `kolhoz_user` WHERE `id` = '$_SESSION[id_user]'"));
if(mysql_result(mysql_query("SELECT COUNT(*) FROM `kolhoz_setting` WHERE `id_user` = '$ku[id]' LIMIT 1"),0)==0)mysql_query("INSERT INTO `kolhoz_setting` SET `id_user` = '$ku[id]'") or die (mysql_error());
$conf=mysql_fetch_array(mysql_query("SELECT * FROM `kolhoz_setting` WHERE `id_user` = '$_SESSION[id_user]'"));
}elseif (isset ($_COOKIE['log_id']) && isset ($_COOKIE['pass']) && mysql_result(mysql_query("SELECT COUNT(*) FROM `kolhoz_user` WHERE `id` = '".(base64_decode($_COOKIE['log_id']))."' AND `password`='".(base64_decode($_COOKIE['pass']))."' LIMIT 1"), 0)==1)
{
$_SESSION['id_user'] = base64_decode($_COOKIE['log_id']);
$_SESSION['pass'] = base64_decode($_COOKIE['pass']);
$ku=mysql_fetch_array(mysql_query("SELECT * FROM `kolhoz_user` WHERE `id` = '$_SESSION[id_user]' AND `password`='$_SESSION[pass]'"));
if(mysql_result(mysql_query("SELECT COUNT(*) FROM `kolhoz_setting` WHERE `id_user` = '$ku[id]' LIMIT 1"),0)==0)mysql_query("INSERT INTO `kolhoz_setting` SET `id_user` = '$ku[id]'") or die (mysql_error());
$conf=mysql_fetch_array(mysql_query("SELECT * FROM `kolhoz_setting` WHERE `id_user` = '$_SESSION[id_user]'"));
}
$set=array();
$set['p_str']=10;
?>