Файл: sys/inc/user.php
Строк: 116
<?php
if (isset($_SESSION['id_user']) && mysql_result(mysql_query("SELECT COUNT(*) FROM `user` WHERE `id` = '" . mysql_real_escape_string($_SESSION['id_user']) . "' LIMIT 1"), 0) == 1) {
$user = mysql_fetch_assoc(mysql_query("SELECT * FROM `user` WHERE `id` = '" . mysql_real_escape_string($_SESSION['id_user']) . "' LIMIT 1"));
mysql_query("UPDATE `user` SET `date_last` = '" . mysql_real_escape_string($time) . "' WHERE `id` = '" . mysql_real_escape_string($user['id']) . "' LIMIT 1");
$user['type_input'] = 'session';
} elseif (!isset($input_page) && isset($_COOKIE['id_user']) && isset($_COOKIE['pass']) && $_COOKIE['id_user'] && $_COOKIE['pass']) {
header("Location: /user/login.php?return=" . urlencode($_SERVER['REQUEST_URI']) . "&$passgen");
exit;
}
if (isset($user['activation']) && $user['activation'] != NULL) { // если аккаунт не активирован
$err[] = 'Вам необходимо активировать Ваш аккаунт по ссылке, высланной на Email, указанный при регистрации';
unset($user);
}
if (isset($user)) {
$timeactiv = time() - $user['date_last'];
if ($timeactiv < 120) {
$newtimeactiv = $user['time'] + $timeactiv;
mysql_query("UPDATE `user` SET `time` ='" . mysql_real_escape_string($newtimeactiv) . "', `perehodu` = '" . mysql_real_escape_string($user['perehodu'] + 1) . "' WHERE `id` = '" . mysql_real_escape_string($user['id']) . "' LIMIT 1");
echo mysql_error();
}
$tmp_us = mysql_fetch_assoc(mysql_query("SELECT `level` FROM `user_group` WHERE `id` = '$user[group_access]' LIMIT 1"));
$user['level'] = $tmp_us['level'];
// Добавление отсутствующих полей
if (!isset($user['activation'])) {
mysql_query('ALTER TABLE `user` ADD `activation` VARCHAR( 32 ) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL AFTER `sess`');
}
if (isset($user['type_input']) && isset($_SERVER['HTTP_REFERER']) && !preg_match('#' . preg_quote($_SERVER['HTTP_HOST']) . '#', $_SERVER['HTTP_REFERER']) && preg_match('#^https?://#i', $_SERVER['HTTP_REFERER']) && $ref = @parse_url($_SERVER['HTTP_REFERER'])) {
if (isset($ref['host'])) {
if (mysql_result(mysql_query("SELECT COUNT(*) FROM `user_ref` WHERE `id_user` = '" . mysql_real_escape_string($user['id']) . "' AND `url` = '" . mysql_real_escape_string($ref['host']) . "'"), 0) == 0) {
mysql_query("INSERT INTO `user_ref` (`time`, `id_user`, `type_input`, `url`) VALUES ('" . mysql_real_escape_string($time) . "', '" . mysql_real_escape_string($user['id']) . "', '" . mysql_real_escape_string($user['type_input']) . "', '" . mysql_real_escape_string($ref['host']) . "')");
} else {
mysql_query("UPDATE `user_ref` SET `time` = '" . mysql_real_escape_string($time) . "' WHERE `id_user` = '" . mysql_real_escape_string($user['id']) . "' AND `url` = '" . mysql_real_escape_string($ref['host']) . "'");
}
}
}
if (!isset($user['autorization'])) {
mysql_query("ALTER TABLE `user` ADD `autorization` SET( '0', '1' ) NOT NULL DEFAULT '0'");
}
if (!isset($user['ip_cl'])) {
mysql_query("ALTER TABLE `user` ADD `ip_cl` BIGINT( 20 ) NOT NULL AFTER `ip` , ADD `ip_xff` BIGINT( 20 ) NOT NULL AFTER `ip_cl`");
}
if ($user['set_p_str']) {
$set['p_str'] = (int) $user['set_p_str'];
}
if (isset($user) && isset($_GET['sort']) && ($_GET['sort'] == '0' || $_GET['sort'] == '1')) {
mysql_query("update `user` set `sort` = '$_GET[sort]' where `id` = '$user[id]' limit 1");
header('Location: ' . htmlspecialchars($_SERVER['HTTP_REFERER']));
}
if (isset($user)) {
$sort = ($user['sort'] == 1 ? ' ASC ' : ' DESC ');
} else {
$sort = 'DESC';
}
// бан пользователя
if (!isset($banpage) && mysql_result(mysql_query("SELECT COUNT(*) FROM `ban` WHERE `id_user` = '$user[id]' AND (`time` > '$time' OR `view` = '0')"), 0)) {
header('Location: /ban.php?' . SID);
exit;
}
if (isset($ip2['add'])) {
mysql_query("UPDATE `user` SET `ip` = " . ip2long($ip2['add']) . " WHERE `id` = '" . mysql_real_escape_string($user['id']) . "' LIMIT 1");
} else {
mysql_query("UPDATE `user` SET `ip` = null WHERE `id` = '" . mysql_real_escape_string($user['id']) . "' LIMIT 1");
}
if (isset($ip2['cl'])) {
mysql_query("UPDATE `user` SET `ip_cl` = " . ip2long($ip2['cl']) . " WHERE `id` = '" . mysql_real_escape_string($user['id']) . "' LIMIT 1");
} else {
mysql_query("UPDATE `user` SET `ip_cl` = null WHERE `id` = '" . mysql_real_escape_string($user['id']) . "' LIMIT 1");
}
if (isset($ip2['xff'])) {
mysql_query("UPDATE `user` SET `ip_xff` = " . ip2long($ip2['xff']) . " WHERE `id` = '" . mysql_real_escape_string($user['id']) . "' LIMIT 1");
} else {
mysql_query("UPDATE `user` SET `ip_xff` = null WHERE `id` = '" . mysql_real_escape_string($user['id']) . "' LIMIT 1");
}
if ($ua) {
mysql_query("UPDATE `user` SET `ua` = '" . mysql_real_escape_string($ua) . "' WHERE `id` = '" . mysql_real_escape_string($user['id']) . "' LIMIT 1");
}
if (mysql_result(mysql_query("SELECT COUNT(*) FROM `notification_set` WHERE `id_user` = '$user[id]'"), 0) == 0) {
mysql_query("INSERT INTO `notification_set` (`id_user`) VALUES ('$user[id]')");
}
mysql_query("UPDATE `user` SET `url` = '" . mysql_real_escape_string($_SERVER['SCRIPT_NAME']) . "' WHERE `id` = '" . mysql_real_escape_string($user['id']) . "' LIMIT 1");
if (!preg_match("/bforumb/i", mysql_real_escape_string($_SERVER['SCRIPT_NAME']))) {
unset($_SESSION['sort_' . $user['id']]);
}
mysql_query('UPDATE `user` SET `forum_url` = "' . mysql_real_escape_string($_SERVER["REQUEST_URI"]) . '" WHERE `id` = ' . $user['id']);
mysql_query("UPDATE `user` SET `sess` = '" . mysql_real_escape_string($sess) . "' WHERE `id` = '" . mysql_real_escape_string($user['id']) . "' LIMIT 1");
if (IS_WEB == 1) {
mysql_query("UPDATE `user` SET `browser` = 'web' WHERE `id` = '" . mysql_real_escape_string($user['id']) . "' LIMIT 1");
} else {
mysql_query("UPDATE `user` SET `browser` = 'wap' WHERE `id` = '" . mysql_real_escape_string($user['id']) . "' LIMIT 1");
}
$collision_q = mysql_query("SELECT * FROM `user` WHERE `ip` = '" . mysql_real_escape_string($iplong) . "' AND `ua` = '" . mysql_real_escape_string($ua) . "' AND `date_last` > '" . mysql_real_escape_string(time() - 600) . "' AND `id` <> '" . mysql_real_escape_string($user['id']) . "'");
while ($collision = mysql_fetch_assoc($collision_q)) {
if (mysql_result(mysql_query("SELECT COUNT(*) FROM `user_collision` WHERE `id_user` = '" . mysql_real_escape_string($user['id']) . "' AND `id_user2` = '" . mysql_real_escape_string($collision['id']) . "' OR `id_user2` = '" . mysql_real_escape_string($user['id']) . "' AND `id_user` = '" . mysql_real_escape_string($collision['id']) . "'"), 0) == 0) {
mysql_query("INSERT INTO `user_collision` (`id_user`, `id_user2`, `type`) values('" . mysql_real_escape_string($user['id']) . "', '" . mysql_real_escape_string($collision['id']) . "', 'ip_ua_time')");
}
}
} else {
if ($ip && $ua) {
if (mysql_result(mysql_query("SELECT COUNT(*) FROM `guests` WHERE `ip` = '" . mysql_real_escape_string($iplong) . "' AND `ua` = '" . mysql_real_escape_string($ua) . "' LIMIT 1"), 0) == 1) {
$guests = mysql_fetch_assoc(mysql_query("SELECT * FROM `guests` WHERE `ip` = '" . mysql_real_escape_string($iplong) . "' AND `ua` = '" . mysql_real_escape_string($ua) . "' LIMIT 1"));
mysql_query("UPDATE `guests` SET `date_last` = '" . mysql_real_escape_string(time()) . "', `url` = '" . mysql_real_escape_string($_SERVER['SCRIPT_NAME']) . "', `pereh` = '" . mysql_real_escape_string($guests['pereh'] + 1) . "' WHERE `ip` = '" . mysql_real_escape_string($iplong) . "' AND `ua` = '" . mysql_real_escape_string($ua) . "' LIMIT 1");
} else {
mysql_query("INSERT INTO `guests` (`ip`, `ua`, `date_aut`, `date_last`, `url`) VALUES ('" . mysql_real_escape_string($iplong) . "', '" . mysql_real_escape_string($ua) . "', '" . mysql_real_escape_string(time()) . "', '" . mysql_real_escape_string(time()) . "', '" . mysql_real_escape_string($_SERVER['SCRIPT_NAME']) . "')");
}
}
unset($access);
}
if (isset($user)) {
$SexKomm = "" . ($user['sex'] ? 'прокомментировал' : 'прокомментировала') . "";
$SexOtv = "" . ($user['sex'] ? 'ответил' : 'ответила') . "";
$SexOcen = "" . ($user['sex'] ? 'оценил' : 'оценила') . "";
$SexOst = "" . ($user['sex'] ? 'оставил' : 'оставила') . "";
$SexZapr = "" . ($user['sex'] ? 'запретил' : 'запретила') . "";
$SexNap = "" . ($user['sex'] ? 'написал' : 'написала') . "";
}
if (!isset($user) || $user['level'] == 0) {
ini_set('display_errors', 'On'); // сообщения с ошибками будут показываться
error_reporting(E_ALL); // E_ALL - отображаем ВСЕ ошибки
if (function_exists('set_time_limit')) {
set_time_limit(20);
} // Ставим ограничение на 20 сек
}
if (!isset($user) && $set['guest_select'] == '1' && !isset($show_all)) {
header("Location: /user/aut.php");
exit;
}