Файл: sys/inc/user.php
Строк: 59
<?php
/*
Dcms-Fiera 3x
*/
if (isset($_SESSION['id_user']) && mysql_result(query("SELECT COUNT(*) FROM `user` WHERE `id` = '" . intval($_SESSION['id_user']) . "' LIMIT 1"), 0) == 1) {
$user = get_user($_SESSION['id_user']);
include_once H . 'sys/inc/shif.php';
if (empty($_COOKIE['pass']) OR empty($_COOKIE['id_user'])) {
setcookie('id_user', $user['id'], time() + 60 * 60 * 24 * 365);
setcookie('pass', cookie_encrypt($user['pass'], $user['id']), time() + 60 * 60 * 24 * 365);
}
$tmp_us = mysql_fetch_assoc(query("SELECT `level` FROM `user_group` WHERE `id` = '" . $user['group_access'] . "' LIMIT 1"));
$timeactiv = time() - $user['date_last'];
if ($timeactiv < 120) {
$newtimeactiv = $user['time'] + $timeactiv;
$sqlup['timeactiv'] = ", `time` = '" . $newtimeactiv . "'";
unset($nevtimeactiv, $timeactiv);
} else
$sqlup['timeactiv'] = NULL;
if ($webbrowser) { # для web темы
if (is_dir(H . 'style/themes/' . $user['set_them2'])) {
$set['set_them'] = $user['set_them2'];
$sqlup['setthem'] = NULL;
} else {
$sqlup['setthem'] = ", `set_them2` = '" . $set['set_them'] . "'";
}
} else {
if (is_dir(H . 'style/themes/' . $user['set_them'])) {
$set['set_them'] = $user['set_them'];
$sqlup['setthem'] = NULL;
} else {
$sqlup['setthem'] = ", `set_them` = '" . $set['set_them'] . "'";
}
}
if (isset($ip2['add']))
$sqlup['ip'] = ", `ip` = '" . ip2long($ip2['add']) . "'";
else
$sqlup['ip'] = NULL;
if (isset($ip2['cl']))
$sqlup['ip_cl'] = ", `ip_cl` = '" . ip2long($ip2['cl']) . "'";
else
$sqlup['ip_cl'] = NULL;
if (isset($ip2['xff']))
$sqlup['ip_xff'] = ", `ip_xff` = '" . ip2long($ip2['xff']) . "'";
else
$sqlup['ip_xff'] = NULL;
if ($ua)
$sqlup['ua'] = ", `ua` = '" . mysql_real_escape_string($ua) . "'";
else
$sqlup['ua'] = NULL;
$sqlup['userlevel'] = ", `level` = '" . $tmp_us['level'] . "'";
$sqlup['sess'] = ", `sess` = '" . $sess . "'";
$sqlup['url'] = ", `url` = '" . mysql_real_escape_string($_SERVER['REQUEST_URI']) . "'";
query("UPDATE `user` SET `hash` = '" . md5(md5($ip . md5($ua) . $user['id'])) . "', `date_last` = '" . $time . "'" . $sqlup['userlevel'] . "" . $sqlup['timeactiv'] . "" . $sqlup['setthem'] . "" . $sqlup['ip'] . "" . $sqlup['ip_cl'] . "" . $sqlup['ip_xff'] . "" . $sqlup['ua'] . "" . $sqlup['url'] . "" . $sqlup['sess'] . " WHERE `id` = '" . $user['id'] . "' LIMIT 1");
$user['type_input'] = 'session';
unset($sqlup);
}
elseif (!isset($input_page) && isset($_COOKIE['id_user'], $_COOKIE['pass']) && $_COOKIE['id_user'] && $_COOKIE['pass']) {
exit(header("Location: /login.php?return=" . urlencode($_SERVER['REQUEST_URI']) . "&"));
}
// если аккаунт не активирован
if (isset($user['activation']) && $user['activation'] != NULL) {
$err[] = 'Вам необходимо активировать Ваш аккаунт по ссылке, высланной на Email, указанный при регистрации';
unset($user);
}
if (isset($user)) {
//записываем посещание реферов
if (isset($user['type_input'], $ref['host'], $_SERVER['HTTP_REFERER']) && !preg_match('#' . preg_quote($_SERVER['HTTP_HOST']) . '#', $_SERVER['HTTP_REFERER']) && preg_match('#^https?://#i', $_SERVER['HTTP_REFERER']) && $ref = @parse_url($_SERVER['HTTP_REFERER'])) {
if (count::query("user_ref", " `id_user` = '{$user['id']}' AND `url` = '" . mysql_real_escape_string($ref['host']) . "'") == 0)
query("INSERT INTO `user_ref` (`time`, `id_user`, `type_input`, `url`) VALUES ('" . time() . "', '{$user['id']}', '{$user['type_input']}', '" . mysql_real_escape_string($ref['host']) . "')");
else
query("UPDATE `user_ref` SET `time` = '" . time() . "' WHERE `id_user` = '{$user['id']}' AND `url` = '" . mysql_real_escape_string($ref['host']) . "'");
}
//указываем число пунктов на страницу
if ($user['set_p_str'] != NULL)
$set['p_str'] = $user['set_p_str'];
//большие или маленткие иконки (вероятно будет удалено)
$set['set_show_icon'] = $user['set_show_icon'];
# бан пользователя
if (!isset($banpage) and mysql_result(query("SELECT COUNT(*) FROM `ban` WHERE `id_user` = '$user[id]' AND (`time` > '" . time() . "' OR `view` = '0')"), 0) != 0)
exit(header('Location: /ban.php?'));
}
else {
//если веб тема то включаем ту чт ов админки указана
if ($webbrowser)
$set['set_them'] = $set['set_them2'];
//записываем гостей
if ($ip AND $ua AND count::query("guests", " `ip` = '$iplong' AND `ua` = '" . mysql_real_escape_string($ua) . "' LIMIT 1") == 1) {
$sc = mysql_real_escape_string($_SERVER['SCRIPT_NAME']);
query("UPDATE `guests` SET `date_last` = " . time() . ", `url` = '{$sc}', `pereh` = pereh+1 WHERE `ip` = '$iplong' AND `ua` = '" . mysql_real_escape_string($ua) . "' LIMIT 1");
} else {
query("INSERT INTO `guests` (`ip`, `ua`, `date_aut`, `date_last`, `url`) VALUES ('$iplong', '" . mysql_real_escape_string($ua) . "', '" . time() . "', '" . time() . "', '{$sc}')");
}
unset($access);
}
# Показ ошибок
if (isset($user) AND $user['group_access'] > 1 AND $set['show_err_php'] == 1) {
error_reporting(E_ALL);
ini_set('display_errors', true);
}
# Включаем режим если гость кидаем на авторизацию
if (!isset($user) and $set['guest_select'] == 1 and ! isset($show_all))
exit(header('Location: /aut.php'));
//Загрузка дополнительных плагинов
$Search = glob(H . 'sys/user_inc/*.php');
foreach ($Search as $load_plugins) {
sort($Search);
include_once $load_plugins;
}