Файл: _system/user.php
Строк: 135
<?
if (!isset($_SERVER['REQUEST_URI']) || $_SERVER['REQUEST_URI'] == '/')
$_SERVER['REQUEST_URI'] = 'index.php';
/**
*
* @var Авторизация на сайте
*
*/
if (isset($_SESSION['id_user']) && $sql -> selectCount("SELECT COUNT(*) FROM `users` WHERE `id` = '" . $_SESSION['id_user'] . "'") == 1) {
$user = $sql -> fetch("SELECT * FROM `users` WHERE `id` = '$_SESSION[id_user]' LIMIT 1");
if ($user['sess'] != $signature) {
setcookie('id_user');
setcookie('pass');
session_destroy();
header('Location: /?func=user.auth&return=' . text($_SERVER['REQUEST_URI']));
exit;
}
$sql -> update("UPDATE `users` SET `date_last` = '$time', `sess` = '$signature' WHERE `id` = '$user[id]' LIMIT 1");
if ($sql -> selectCount("SELECT COUNT(*) FROM `ban` WHERE `id_ban` = '" . $user['id'] . "' AND `time` > '$time'") != 0) {
if ($func != 'user.ban' && $func != 'user.mail') {
header('Location: /?func=user.ban');
exit;
}
}
} elseif (!isset($input_page) && isset($_COOKIE['id_user']) && isset($_COOKIE['pass']) && $_COOKIE['id_user'] && $_COOKIE['pass'] && $func != 'user.auth') {
header("Location: /?func=user.auth&return=" . text($_SERVER['REQUEST_URI']));
exit;
}
/**
* Переназначение переменных для пользователя
*/
$design = $system['design'];
if (isset($user['id'])) {
$design = $user['design'];
$system['page_str'] = $user['page_str'];
}
/*
if (isset($_GET['t']) && $_GET['t'] == 'wap' && !isset($user)) {
$_SESSION['guest_theme']='wap';
header("Location: /?func=home");
exit;
} elseif (isset($_GET['t']) && $_GET['t'] == 'web' && !isset($user)) {
$_SESSION['guest_theme']='web';
header("Location: /?func=home");
exit;
}
if (isset($_SESSION['guest_theme']) && $_SESSION['guest_theme'] == 'web' && !isset($user)) {
$design = 'slate';
$design = 'slate';
} elseif (isset($_SESSION['guest_theme']) && $_SESSION['guest_theme'] == 'wap' && !isset($user)) {
$design = 'default';
$design = 'default';
}
*/
/*
* Папка дизайна с учетом выбора темы пользователем
*/
define('THEME', $_SERVER['DOCUMENT_ROOT'] . '/themes/' . $design . '/');
define('ICONS', '/themes/' . $design . '/ico/');
define('CSS', '/themes/' . $design . '/css/');
define('JSC', '/themes/' . $design . '/js/');
/**
* Права доступа
*/
$level = 0;
if (isset($user['id']) && $user['level'] == 3 && $user['id'] == $system['admin_id'] ) {
$level = 4;
} elseif (isset($user['id'])) {
$level = $user['level'];
}
if($func != 'user.auth'){
//Гость
if($level ==0){
if ($ip && $ua) {
require FUNC . 'user.browser.php';
//$browser = browser($_SERVER['HTTP_USER_AGENT']);
$browser = $_SERVER['HTTP_USER_AGENT'];
if ($sql -> selectCount("SELECT COUNT(*) FROM `gosti_online` WHERE `ip` = '$iplong' AND `ua` = '".esc($browser)."' ") == 1) {
$guests = $sql -> fetch("SELECT * FROM `gosti_online` WHERE `ip` = '$iplong' AND `ua` = '".esc($browser)."' LIMIT 1");
$sql -> update("UPDATE `gosti_online` SET `date_last` = ".time().", `url` = '/?".esc($_SERVER['QUERY_STRING'])."', `pereh` = '".($guests['pereh']+1)."' WHERE `ip` = '$iplong' AND `ua` = '".esc($browser)."' LIMIT 1");
} else {
$sql -> insert("INSERT INTO `gosti_online` (`ip`, `ua`, `date_aut`, `date_last`, `url`) VALUES ('$iplong', '".esc($browser)."', '".time()."', '".time()."', '/?".esc($_SERVER['QUERY_STRING'])."')");
}
}
}
}
// Рефералы
if ($system['ref_status'] == 1) {
if ($level == 0 && !isset($_SESSION['referer']) && (isset($_GET['ref']) || in_array($func, array('shop.goods', 'user.profile', 'shop.seller', 'links.user', 'siller.user', 'profiwm'))))
{
if ($func == 'shop.goods' && !isset($_GET['ref'])) {
$ref_goods = $sql->fetch("SELECT * FROM `shop_goods` WHERE `id` = '$ID' LIMIT 1");
$referal_id = $ref_goods['id_user'];
$_GET['ref'] = (int)$referal_id;
} else {
if (!isset($_GET['ref'])) {
$_GET['ref'] = (int) $_GET['id'];
}
$referal_id = (int) $_GET['ref'];
}
if ($sql->selectCount("SELECT COUNT(*) FROM `users` WHERE (`id` = '" . $referal_id . "' OR `login` = '" . $sql->esc($_GET['ref']) . "')") == 1)
{
$ref = @parse_url($_SERVER['HTTP_REFERER']);
if ($sql -> selectCount("SELECT COUNT(*) FROM `referals` WHERE `ip` = '" . $iplong . "'") == 0 && $sql -> selectCount("SELECT COUNT(*) FROM `users` WHERE `ip` = '" . $iplong . "'") == 0)
{
$referal = $sql->fetch("SELECT * FROM `users` WHERE `id` = '$referal_id' OR `login` = '" . $sql->esc($_GET['ref']) . "' LIMIT 1");
$_SESSION['id_referal'] = $referal['id'];
setcookie('id_referal', $referal['id'], time() + 60 * 60 * 24 * 365);
if ($iplong)setcookie('my_ip', $iplong, time() + 60 * 60 * 24 * 365);
if ($_SERVER['HTTP_REFERER'])setcookie('ref_url', $ref['host'], time() + 60 * 60 * 24 * 365);
}
}
}
$_SESSION['referer'] = true;
if (isset($_COOKIE['id_referal']) || isset($_SESSION['id_referal'])) {
$referal_id = (isset($_SESSION['id_referal']) ? $_SESSION['id_referal'] : (int) $_COOKIE['id_referal']);
}
}
/**
* Если не подтвержден email кидаем на страницу подтверждения
*/
if (isset($user) && $user['activate'] != 0 && $func != 'user.reg') {
header('Location: /?func=user.reg&step=3');
exit;
}
/**
* @var Режим доступа к разделам cайта
*/
if (!isset($user['id']) && $system['site_open'] == '0')
{
$err[] = 'Только для авторизованных пользователей';
if ($func != 'user.reg' && $func != 'user.auth') {
header('Location: /?func=user.auth');
exit;
}
}
/**
* Счетчики
*/
$counter = array();
if ($level > 0) {
$counter['journal'] = $sql -> selectCount("SELECT COUNT(*) FROM `journal` WHERE `id_user` = '$user[id]' AND `read` = '0'");
$counter['mail'] = $sql -> selectCount("SELECT COUNT(*) FROM `mail` WHERE `id_contact` = '$user[id]' AND `read` = '0'");
}
if ($level > 1) {
$counter['admin'] = 0;
$counter['admin'] = $counter['admin'] + $sql -> selectCount("SELECT COUNT(*) FROM `support` WHERE `read` = '0' AND `level` = '1'");
}
if ($level > 2) {
$counter['admin'] = $counter['admin'] + $sql -> selectCount("SELECT COUNT(*) FROM `billing_log` WHERE `admin_read` = '1'");
$counter['admin'] = $counter['admin'] + $sql -> selectCount("SELECT COUNT(*) FROM `admin_journal` WHERE `read` = '0'");
$counter['admin'] = $counter['admin'] + $sql -> selectCount("SELECT COUNT(*) FROM `ads` WHERE `pays` = '1' AND `time_last` = '0'");
$counter['admin'] = $counter['admin'] + $sql -> selectCount("SELECT COUNT(*) FROM `users` WHERE `activate` != '0' AND `date_reg` > '".(time() - 86400)."'");
}
//echo '-'.$sql -> selectCount("SELECT COUNT(*) FROM `users` WHERE `activate` != '0' AND `date_reg` > '".(time() - 86400)."'");
//echo $referal_id . ':' . $func;
/***смс Антифлуд***/
if ($sql->select("SELECT `id_user` FROM `smsantiflud` WHERE `id_user` = '" . $user['id'] . "'") != 0)
{
$sql -> delete("DELETE FROM `smsantiflud` WHERE `id_user` = '" . $user['id'] . "'");
}
/***end***/
if ($_SERVER['PHP_SELF'] != '/adm_panel/mysql.php')
{ require(ROOT . '_system/_classes/AntiHack.Classes.php');
$lq = new AntiHack;
if (isset($_GET))$_GET = $lq->filter($_GET, 'get');
if (isset($_POST))$_POST = $lq->filter($_POST, 'post');
//if (isset($_FILES))$_FILES = $lq->filter($_FILES, 'files');
//if (isset($_COOKIE))$_COOKIE = $lq->filter($_COOKIE, 'cookie');
if (isset($_SERVER))$_SERVER = $lq->filter($_SERVER, 'server');
if (isset($_REQUEST))$_REQUEST = $lq->filter($_REQUEST, 'request');
unset($lq);
}
if (isset($_GET['_1118538408(0)']))die('Этот способ взлома больше не работает. (с) Бродяга');
//echo $sql -> selectCount("SELECT COUNT(*) FROM `referals` WHERE `ip` = '" . $iplong . "'");
?>