Файл: core/system.php
Строк: 236
<?php
error_reporting(1);
/*
Определяем текущий домен сайта.
Дальнейшее использование
echo $set['site'];
*/
$set['site'] = htmlspecialchars($_SERVER['HTTP_HOST']);
/*
Записываем в константу полный путь до корня сайта.
Я обычно использую в функции require_once, т.к при указании полного пути до файла, файл находится быстрее
*/
define("H", $_SERVER["DOCUMENT_ROOT"].'/');
/*
==========================
Подключение к базе
==========================
*/
ob_start();
$db = mysql_connect('localhost','vh51444_ss','111111');
mysql_query('SET NAMES`utf8`',$db);
// Устанавливаем кодировку по умолчанию
mysql_select_db('vh51444_ss',$db);
// Загрузка остальных плагинов из папки "core/function/"
$opdirbase = opendir(H.'core/function/');
while ($filebase = readdir($opdirbase))
{
if (preg_match('#.php$#i', $filebase))
{
require_once(H.'core/function/' . $filebase);
}
}
function smiles($text){
$aa = mysql_query("SELECT name, adres FROM `smiles` order by `id` desc");
while($ba = mysql_fetch_assoc($aa)){
$text=str_replace($ba['name'],'<img src="' . $ba['adres'] . '" alt="smile" />', $text);
}
$user = mysql_fetch_assoc(mysql_query("SELECT * FROM `user` WHERE `id`,`prava` =
'$id' LIMIT 1"));
$bbcode = array(
'/[i](.+)[/i]/isU' => '<em>$1</em>',
'/[b](.+)[/b]/isU' => '<strong>$1</strong>',
'/[u](.+)[/u]/isU' => '<u>$1</u>',
'/придар/isU' => '<span style="color:#ff0000;">$1</span>',
'/Пидар/isU' => '<span style="color:#00bb00;">$1</span>',
'/Нахуй/isU' => '<span style="color:#00bb00;">$1</span>',
'/нахуй/isU' => '<span style="color:#00bb00;">$1</span>',
'/Продам/isU' => '<span style="color:#00bb00;">$1</span>',
'/продам/isU' => '<span style="color:#00bb00;">$1</span>',
'/продаю/isU' => '<span style="color:#00bb00;">$1</span>',
'/Продаю/isU' => '<span style="color:#00bb00;">$1</span>',
'/.com/isU' => '<span style="color:#0000bb;">$1</span>',
'/.ru/isU' => '<span style="color:#ffffff;">$1</span>',
'/приглашаю/isU' => '<span style="text-decoration:underline;">$1</span>',
'/[big](.+)[/big]/isU' => '<span style="font-size:large;">$1</span>',
'/[red](.+)[/red]/isU' => '<font color="red">$1</font>',
'/[blue](.+)[/blue]/isU' => '<font color="blue">$1</font>',
'/[coral](.+)[/coral]/isU' => '<font color="coral">$1</font>',
'/[green](.+)[/green]/isU' => '<font color="green">$1</font>',
'/[yellow](.+)[/yellow]/isU' => '<font color="yellow">$1</font>',
'/[aqua](.+)[/aqua]/isU' => '<font color="aqua">$1</font>',
'/[center](.+)[/center]/isU' => '<center>$1</center>',
'/[small](.+)[/small]/isU' => '<span style="font-size:xx-small;">$1</span>'
);
$text= preg_replace(array_keys($bbcode), array_values($bbcode), $text);
return nl2br($text);
}
/*
========================
Куки
========================
*/
session_start();
if(mysql_result(mysql_query("SELECT count(id) from `ipban` where `ip` = '".check($_SERVER['REMOTE_ADDR'])."'"),0) >= 1){
echo'Ваш персонаж заблокирован'; exit;
}
if(isset($_COOKIE['nick']) && isset($_COOKIE['pass'])) {
$usernick = check($_COOKIE['nick']);
$userpass = check($_COOKIE['pass']);
$user = mysql_fetch_assoc(mysql_query("SELECT * FROM `user` WHERE `nick` =
'$usernick' && `pass` = '$userpass' LIMIT
1"));
}
//////////////Функция BANNED/////////////////
if($user['banned'] > time() or $user['banned'] != 0){
function ban_time($tl){
$d=3600*24;
$day=floor($tl/$d);
$tl=$tl-($d*$day);
$hour=floor($tl/3600);
$tl=$tl-(3600*$hour);
$minute=floor($tl/60);
$tl=$tl-(60*$minute);
$second=floor($tl);
$dayt="".($day>0?"$day д. ":null)."";
$hourt="".($hour>0?"$hour ч. ":null)."";
$minutet="".($minute>0?"$minute м. ":null)."";
$secondt="".($second>0?"$second с. ":null)."";
if($day>0)
{
$minutet=NULL;
$secondt=NULL;
}
if($hour>0 && $day==0)
{
$secondt=NULL;
$dayt=NULL;
}
return "$dayt$hourt$minutet$secondt";
}
include 'head.php';
?>
<div class='player center'>
<center> Профиль заблокирован! <br/>
Причина: <?=$user['prich'];?><br/>
Окончание блокировки через: <?=ban_time($user['banned']-time());?>
</div>
</div>
<?include 'foot.php';
?>
</div>
</body>
</html>
<?
if($user['banned'] < time()) {
if($user['banned'] != 0){
mysql_query("update `user` set `banned` = '0', `prich` = '' where `id` = '$user[id]'");
header("location: ?");
}
}
exit;
}
mysql_query("UPDATE `user` SET `useragent` = '$_SERVER[HTTP_USER_AGENT]' WHERE `id` = '$user[id]'");
// Дальнейшее обращение к пользователю $user['nick']
$act = isset($_GET['act']) ? htmlspecialchars($_GET['act']) : '';
// Постраничная навигация
if ($user['set_p_str']!=NULL)
$set['p_str'] = $user['set_p_str'];
mysql_query("update `user` set `online` = '".time()."', `ip` = '".htmlspecialchars(mysql_real_escape_string($_SERVER['REMOTE_ADDR']))."' where (`id` = '".$user['id']."') LIMIT 1");
mysql_query("update `user` set `health` = '".($user['health'] < $user['max_health'] ? ($user['health']+0) : ($user['health']+0) )."' where (`id` = '".$user['id']."') LIMIT 1");
$param = $user[sila] + $user[lovk] + $user[zashit] + $user[max_health];
mysql_query("UPDATE `user` SET `param` = '$param' WHERE `id` = '$user[id]' LIMIT 1");
if($user[health] < 0)mysql_query("UPDATE `user` SET `health` = '0' WHERE `id` = '$user[id]' LIMIT 1");
function pagenav($base_url, $start, $max_value, $num_per_page) {
////////////////////////////////////////////////////////////
// Функция постраничной навигации //
////////////////////////////////////////////////////////////
// За основу взята аналогичная функция от форума SMF2.0 //
////////////////////////////////////////////////////////////
$pgcont = 4;
$pgcont = (int)($pgcont - ($pgcont % 2)) / 2;
if ($start >= $max_value)
$start = max(0, (int)$max_value - (((int)$max_value % (int)$num_per_page) == 0 ? $num_per_page : ((int)$max_value % (int)$num_per_page)));
else
$start = max(0, (int)$start - ((int)$start % (int)$num_per_page));
$base_link = '<a href="' . strtr($base_url, array ('%' => '%%')) . 'starts=%d' . '">%s</a> ';
$pageindex = $start == 0 ? '' : sprintf($base_link, $start - $num_per_page, '<<');
if ($start > $num_per_page * $pgcont)
$pageindex .= sprintf($base_link, 0, '1');
if ($start > $num_per_page * ($pgcont + 1))
$pageindex .= '<span style="font-weight: small;"> ... </span>';
for ($nCont = $pgcont; $nCont >= 1; $nCont--)
if ($start >= $num_per_page * $nCont) {
$tmpStart = $start - $num_per_page * $nCont;
$pageindex .= sprintf($base_link, $tmpStart, $tmpStart / $num_per_page + 1);
}
$pageindex .= '[<b>' . ($start / $num_per_page + 1) . '</b>] ';
$tmpMaxPages = (int)(($max_value - 1) / $num_per_page) * $num_per_page;
for ($nCont = 1; $nCont <= $pgcont; $nCont++)
if ($start + $num_per_page * $nCont <= $tmpMaxPages) {
$tmpStart = $start + $num_per_page * $nCont;
$pageindex .= sprintf($base_link, $tmpStart, $tmpStart / $num_per_page + 1);
}
if ($start + $num_per_page * ($pgcont + 1) < $tmpMaxPages)
$pageindex .= '<span style="font-weight: small;"> ... </span>';
if ($start + $num_per_page * $pgcont < $tmpMaxPages)
$pageindex .= sprintf($base_link, $tmpMaxPages, $tmpMaxPages / $num_per_page + 1);
if ($start + $num_per_page < $max_value) {
$display_page = ($start + $num_per_page) > $max_value ? $max_value : ($start + $num_per_page);
$pageindex .= sprintf($base_link, $display_page, '>>');
}
return $pageindex;
}
foreach($_GET as $ad){
if(is_numeric($ad)){
$ad = abs(intval($ad));
}
if(preg_match('/include|asc|--|select|union|update|from|where|eval|glob|include|require|script|shell|BENCHMARK|CONCAT|INSERTb/i', $ad)){
$source = 'USER: '.$_SERVER['REMOTE_ADDR'].' | FILE: '.htmlspecialchars($_SERVER["REQUEST_URI"]).'
';
$file = htmlspecialchars($_SERVER['DOCUMENT_ROOT']).'/logs.txt';
$Saved_File = fopen($file, 'a+');
fwrite($Saved_File, $source);
fclose($Saved_File);
header("Refresh: 0;url=/index.php".SID);
exit(' ');
}
$ad = htmlspecialchars(mysql_real_escape_string($ad));
}
foreach($_POST as $ad){
if(is_numeric($ad)){
$ad = abs(intval($ad));
}else{
$ad = htmlspecialchars(mysql_real_escape_string($ad));
}
}
foreach($_SESSION as $ad){
$ad = htmlspecialchars(mysql_real_escape_string($ad));
}
foreach($_COOKIE as $ad){
$ad = htmlspecialchars(mysql_real_escape_string($ad));
}
$id = isset($_GET['id'])?abs(intval($_GET['id'])):NULL;
?>