Файл: core/system.php
Строк: 156
<?php
/*
* @author mides <Mike Osendowski>
* @link http://midwm.org
* @copyright 2011-2014
*/
$level = 0;
$folder_level = FALSE;
while (!file_exists($folder_level.'config.php') && $level < 5) {
$folder_level .= '../';
++$level;
}
unset($level);
define('LEVEL', $folder_level);
require_once LEVEL.'config.php';
if (isset($debugmode) && $debugmode == 1) {
@error_reporting(E_ALL);
@ini_set('display_errors', true);
@ini_set('html_errors', true);
@ini_set('error_reporting', E_ALL);
} else {
@error_reporting(E_ALL ^ E_NOTICE);
@ini_set('display_errors', false);
@ini_set('html_errors', false);
@ini_set('error_reporting', E_ALL ^ E_NOTICE);
}
@session_name('SID');
@session_start();
if (get_magic_quotes_gpc()) {
$in = array(&$_GET, &$_POST, &$_COOKIE);
while (list($k, $v) = each($in)) {
foreach ($v as $key => $val) {
if (!is_array($val)) {
$in[$k][$key] = stripslashes($val);
continue;
}
$in[] = &$in[$k][$key];
}
}
unset ($in);
if (!empty ($_FILES)) {
foreach ($_FILES as $k => $v) {
$_FILES[$k]['name'] = stripslashes((string) $v['name']);
}
}
}
foreach ($_GET as $check_url) {
if (!is_string($check_url) || !preg_match('#^(?:[a-z0-9_-/]+|.+(?!/))*$#i', $check_url)) {
header('Location: '.LEVEL);
exit;
}
}
unset($check_url);
require_once 'mysqlpdo.php';
if (file_exists(LEVEL.'cache/config.tmp')) {
$config = unserialize(file_get_contents(LEVEL.'cache/config.tmp'));
} else {
$query = DB::run()->query("SELECT `name`, `value` FROM `configuration`;");
$config = $query->fetchAssoc();
@file_put_contents(LEVEL.'cache/config.tmp', serialize($config), LOCK_EX);
}
define('TIME', time() + $config['timeshift'] * 3600);
require_once 'functions.php';
/*
* Basic variables
* Основные переменные
*/
$mod = (isset($_GET['mod'])) ? htmlspecialchars($_GET['mod']) : FALSE;
$act = (isset($_GET['act'])) ? htmlspecialchars($_GET['act']) : FALSE;
$id = isset($_GET['id']) ? abs(intval($_GET['id'])) : 0;
$ip = check($_SERVER['REMOTE_ADDR']);
$serverip = check($_SERVER['SERVER_ADDR']);
$browser = getUserAgent();
$page = isset($_GET['page']) ? abs(intval($_GET['page'])) : 1;
$pages = isset($pages) ? $pages : 1;
$php_self = isset($_SERVER['PHP_SELF']) ? check(substr($_SERVER['PHP_SELF'], 1)) : FALSE;
$request_uri = check(urldecode(substr(strtok($_SERVER['REQUEST_URI'], 'S'), 1)));
$request_uri = $request_uri ? $request_uri : FALSE;
/*
* Referers
*/
$refurl = isset($_SERVER['HTTP_REFERER']) ? check($_SERVER['HTTP_REFERER']) : FALSE;
$refurl_short = $refurl ? GetDomain($refurl) : FALSE;
if ($refurl_short && $refurl_short != HOME) {
$queryRefs = DB::run()->querySingle("select count(`id`) from `referers` where `url_short` = ?;", array($refurl_short));
if ($queryRefs)
{
DB::run()->query("update `referers` set `url` = ?, `ip` = ?, `amount` = (`amount`+1), `time` = ? where `url_short` = ?;", array($refurl, $ip, time(), $url_short));
}
else
{
DB::run()->query("insert into `referers` set `url` = ?, `url_short` = ?, `ip` = ?, `amount` = ?, `time` = ?;", array($refurl, $refurl_short, $ip, 1, time()));
}
}
/*
* Login using Session and Cookies
* Checks if empty session login data
* if empty, then checks if isset cookie login data
* if isset and ok, then recreates session data
*/
if (empty($_SESSION['suser']) or empty($_SESSION['skey'])) {
if (isset($_COOKIE['cuser']) and isset($_COOKIE['ckey'])) {
$cuser = check($_COOKIE['cuser']);
$ckey = check($_COOKIE['ckey']);
if (!empty($cuser) and !empty($ckey)) {
$checkuser = DB::run()->queryFetch("select `username`, `password` from `users` where `username` = ? limit 1;", array($cuser));
if (!empty($checkuser)) {
if ($ckey == hash('sha512', md5(md5($checkuser['password'].$config['keypass'])))) {
session_regenerate_id(1);
$_SESSION['suser'] = $cuser;
$_SESSION['skey'] = hash('sha512', md5(md5($checkuser['password'].$config['keypass'])));
DB::run()->query("UPDATE `users` SET `lastseen` = ?, `ip` = ?, `browser` = ? WHERE `username` = ?;", array(time(), $ip, $browser, $cuser));
}
}
}
}
}
// ---------------------- Установка сессионных переменных -----------------------//
/*if (!isset($_SESSION['token'])) {
$_SESSION['token'] = generate_pass(6);
}
*/
ob_start('ob_processing');
/*
* Logging in
*/
if ($u = is_auth()) {
$config['ipp'] = $u['ipp'];
$config['theme'] = $u['theme'];
$config['language'] = $u['language'];
$config['bbpanel'] = $u['bbpanel'];
// if ($udata['users_ban'] == 1) {
// if (!strsearch($php_self, array('pages/ban.php', 'pages/rules.php'))) {
// redirect($config['home'].'/pages/ban.php?log='.$log.'&'.SID);
// }
// }
// if ($config['regkeys'] > 0 && $udata['users_confirmreg'] > 0 && empty($udata['users_ban'])) {
// if (!strsearch($php_self, array('pages/key.php', 'input.php'))) {
// redirect($config['home'].'/pages/key.php?log='.$log.'&'.SID);
// }
// }
// ---------------------- функция проверки ip и браузера -----------------------//
// if (!empty($udata['users_ipbinding'])) {
// if ($_SESSION['my_ip'] != $ip) {
// $_SESSION = array();
// setcookie(session_name(), '', 0, '/', '');
// session_unset();
// session_destroy();
// redirect($config['home'].'/'.$request_uri);
// }
// }
} else {
$cookieTheme = isset($_COOKIE['theme']) ? abs(intval($_COOKIE['theme'])) : detectMob();
switch ($cookieTheme)
{
case 1: $config['theme'] = $config['webtheme']; break;
default: $config['theme'] = $config['mobtheme']; break;
}
$lng = isset($_COOKIE['lng']) ? check($_COOKIE['lng']) : FALSE;
if ($lng) {
$language = DB::run()->queryFetch("select `file` from `language` where `file` = ?;", array($lng));
if ($language) {
$config['language'] = $language['file'];
}
}
}
DB::run()->query("update `bans` set `active` = 0 where `exp` < ?;", array(TIME));
$ban = DB::run()->queryFetch("select * from `bans` where `userid` = ? and `active` = 1 order by `time` desc limit 1;", array($u['id']));
if ($ban and $request_uri != 'user'.$ban['userid'].'/')
{
redirect(HTTPHOME.'user'.$ban['userid']);
}
require_once LEVEL.'language/'.$config['language'].'.php';