Файл: system/core.php
Строк: 45
<?php
defined('NTOP') or die('Error: restricted access');
$systema = mysql_query("SELECT * FROM `".$prefix."settings`");
$set = array();
while ($query = mysql_fetch_array($systema))
{
$set[$query[0]] = $query[1];
}
//Проверка юзера
if(isset($_COOKIE['login']) AND isset($_COOKIE['password']))
{
$user = mysql_query("SELECT * FROM `".$prefix."users` WHERE `login`='".htmlspecialchars(mysql_real_escape_string(trim($_COOKIE['login'])))."' AND `password`='".htmlspecialchars(mysql_real_escape_string(trim($_COOKIE['password'])))."'");
if(mysql_num_rows($user) > 0)
{
$user_data = mysql_fetch_array($user);
}
}
$pages = ($user_data) ? $user_data['pages'] : $set['pages'];
$page_platforms = ($user_data) ? $user_data['page_platforms'] : $set['page_platforms'];
$page_sait = ($user_data) ? $user_data['page_sait'] : $set['page_sait'];
$page_top = ($user_data) ? $user_data['page_top'] : $set['page_top'];
$page_sait_comments = ($user_data) ? $user_data['page_sait_comments'] : $set['page_sait_comments'];
$page_news = ($user_data) ? $user_data['page_news'] : $set['page_news'];
$page_nc = ($user_data) ? $user_data['page_newsc'] : $set['page_newsc'];
$page_users = $set['page_users'];
if (isset($_SERVER['HTTP_X_FORWARDED_FOR']) and preg_match('|^d{1,3}.d{1,3}.d{1,3}.d{1,3}$|',$_SERVER['HTTP_X_FORWARDED_FOR'])){
$ip = trim(htmlspecialchars(mysql_real_escape_string($_SERVER['HTTP_X_FORWARDED_FOR'])));
}elseif(isset($_SERVER['HTTP_CLIENT_IP']) and preg_match('|^d{1,3}.d{1,3}.d{1,3}.d{1,3}$|',$_SERVER['HTTP_CLIENT_IP'])){
$ip = trim(htmlspecialchars(mysql_real_escape_string($_SERVER['HTTP_CLIENT_IP'])));
}elseif(isset($_SERVER['REMOTE_ADDR']) and preg_match('|^d{1,3}.d{1,3}.d{1,3}.d{1,3}$|',$_SERVER['REMOTE_ADDR'])){
$ip = trim(htmlspecialchars(mysql_real_escape_string($_SERVER['REMOTE_ADDR'])));
}else{
$ip = 'Скрыт';
}
if (isset($_SERVER['HTTP_X_OPERAMINI_PHONE_UA'])){
$ua = trim(htmlspecialchars(mysql_real_escape_string($_SERVER['HTTP_X_OPERAMINI_PHONE_UA'])));
}elseif (isset($_SERVER['HTTP_USER_AGENT'])){
$ua = trim(htmlspecialchars(mysql_real_escape_string($_SERVER['HTTP_USER_AGENT'])));
}else{
$ua = 'Скрыт';
}
$ua = strtok($ua, '/');
$ua = strtok($ua, ' ');
//Определение Online
if (mysql_num_rows(mysql_query("SELECT * FROM `".$prefix."online` WHERE `ip` = '".$ip."' AND `ua` = '".$ua."' AND `time` > '".(time()-180)."'")) == 1)
{
mysql_query("UPDATE `".$prefix."online` SET `time` = '".time()."' WHERE `ip` = '".$ip."' AND `ua` = '".$ua."' LIMIT 1");
}
else
{
mysql_query("DELETE FROM `".$prefix."online` WHERE `time` < '".(time()-180)."'");
mysql_query("INSERT INTO `".$prefix."online` (`ip`, `ua`, `time`) values('".$ip."', '".$ua."', ".time().")");
}
$online = mysql_num_rows(mysql_query("SELECT * FROM `".$prefix."online` WHERE `time` > '".(time()-180)."'"));
$id = isset($_GET['id']) ? abs(intval($_GET['id'])) : '';
$sait = isset($_GET['sait']) ? abs(intval($_GET['sait'])) : '';
$act = isset($_GET['act']) ? htmlspecialchars(mysql_real_escape_string($_GET['act'])) : '';
?>