Файл: impwar.tk/conf/session_start.php
Строк: 78
<?php
session_start();
include_once ''.$_SERVER['DOCUMENT_ROOT'].'/conf/AntiHack.class.php';
$lq = new AntiHack;
if (isset($_GET))$_GET = $lq->filter($_GET, 'get');
if (isset($_POST))$_POST = $lq->filter($_POST, 'post');
if (isset($_FILES))$_FILES = $lq->filter($_FILES, 'files');
if (isset($_COOKIE))$_COOKIE = $lq->filter($_COOKIE, 'cookie');
if (isset($_SERVER))$_SERVER = $lq->filter($_SERVER, 'server');
if (isset($_REQUEST))$_REQUEST = $lq->filter($_REQUEST, 'request');
unset($lq);
include_once $_SERVER['DOCUMENT_ROOT'].'/Dinc.php';
include_once 'function.php';
include_once 'dbconnect.php';
include_once $_SERVER['DOCUMENT_ROOT'].'/inc/SHIT_SYSTEM.php';
if (!isset($_SESSION['id'])) {
if ((isset($_COOKIE['id'])) and (isset($_COOKIE['nick']))) {
$user_id = filter($_COOKIE['id']);
$nickcode = filter($_COOKIE['nick']);
$query = $pdo->query("Select * from users where id = '$user_id' and nickcode = '$nickcode'");
$row = $query->fetch();
if (!empty($row)) {
$_SESSION['id'] = filter($_COOKIE['id']);
$_SESSION['nick'] = filter($row['nick']);
}
}
}
if (!isset($_COOKIE['id'])) {
if ((isset($_SESSION['id'])) and (isset($_SESSION['nick']))) {
$user_id = filter(abs(intval($_SESSION['id'])));
$nick = filter($_SESSION['nick']);
$query = $pdo->query("Select * from users where id = '$user_id' and nick = '$nick'");
$row = $query->fetch();
if (!empty($row)) {
setcookie('id', "$user_id", time() + (60 * 60 * 24 * 30)); // expires in 30 days
setcookie('nick', $row['nickcode'], time() + (60 * 60 * 24 * 30)); // expires in 30 days
}
}
}
$usid=abs(intval($_SESSION['id']));
$pdo->exec("UPDATE `users` SET `uip`='$_SERVER[REMOTE_ADDR]', `user_agent`='".$_SERVER['HTTP_USER_AGENT']."' WHERE `id`='$usid'");
$id = isset($_SESSION['id']);
$id = abs(intval($id));
$baned = $pdo->query("SELECT * FROM `us_ban` WHERE `ip` = '$_SERVER[REMOTE_ADDR]' and `time` > '".time()."' and `usid` = '$usid' and `type` = 'ip'")->fetch();
if($baned['time']>time()){echo'<hr>Ваш IP заблокирован до '.date('d.m.y. H:i:s',$baned['time']).'<br/>Причина: '.htmlentities($baned['prich']).'<hr>';exit();}
$vip_off= $pdo->query("SELECT * FROM `users` WHERE `id` = '$usid'")->fetch();
if($vip_off['viptime'] <= time()){
$id =isset($row['id']);
$pdo->exec("UPDATE `users` SET `vip`='0', `viptime`='0' WHERE `id`='$usid'");
}
$id = abs(intval($_SESSION['id']));
$user = $pdo->query("SELECT * FROM users WHERE id='".$id."'")->fetch();
$clan = $pdo->query("SELECT * FROM clans WHERE clan_id = '".$user['clan']."'")->fetch();
if($user['clan'] >0){
$stat = $clan['hp'];
$stat2 = $clan['bron'];
}else{
$stat = '0';
$stat2 = '0';
}
$pdo->exec("UPDATE users SET bronya = '".((($user['t_bron'] - 600)* 20-1) + $user['b_bron'] + 600 + ($stat2))."', max_hp = '".((($user['t_hp'] - 600) *25) + $user['b_hp'] + 600 + ($stat))."', yron_p = '".(((($user['t_sila'] - 600)* 20) / 2) + $user['b_pest'] + 600)."', yron_w = '".(((($user['t_sila'] - 600) * 20) / 2) + $user['b_avt'] + 600)."' WHERE id = '".$user['id']."'");
$id = abs(intval($_SESSION['id']));
$usr = $pdo->query("SELECT * FROM users WHERE id='".$id."'")->fetch();
if($usr['clan']>0){
$slava = $pdo->query("SELECT SUM(`slava`) FROM `users` where `clan`='".$usr['clan']."'")->fetchColumn();
$pdo->exec("UPDATE clans SET slava ='$slava' WHERE clan_id = '".$usr['clan']."'");}
?>