Файл: inc/auth.php
Строк: 241
<?php
// Криме / Krime
function getcode()
{
global $s_sitename, $s_siteurl;
$code = md5(uniqid(rand(), TRUE) . time() . md5($s_sitename . $s_siteurl) . date('d/m/y', time()));
return substr($code, 0, 15);
}
function checkusername($username)
{
$query=mysql_query("select * from `users` where `username`='".clean($username)."'");
return (bool)(mysql_num_rows($query) > 0);
}
function checkpassword($username, $password)
{
$query = mysql_query('SELECT * FROM `users` WHERE `username` = '' . clean($username) . '' AND `password` = '' . clean(md5(md5($password))) . '' AND `approved` = '1';');
return (bool)(mysql_num_rows($query) > 0);
}
function checkemail($email)
{
if(eregi("^[_a-z0-9-]+(.[_a-z0-9-]+)*@[a-z0-9-]+(.[a-z0-9-]+)*(.[a-z]{2,3})$", $email))
{
return TRUE;
}
else
{
return FALSE;
}
}
function checkinvite($code)
{
$query = mysql_query('SELECT * FROM `invites` WHERE `code` = '' . clean($code) . '';');
return (bool)(mysql_num_rows($query) > 0);
}
function addinvite($username)
{
if(checkusername($username))
{
$invite = getcode();
mysql_query('INSERT INTO `invites` VALUES('0', '' . getid($username) . '', '' . $invite . '');');
if(mysql_affected_rows() > 0)
return $invite;
else
return NULL;
}
else
{
return NULL;
}
}
function removeinvite($code)
{
$query = mysql_query('SELECT * FROM `invites` WHERE `code` = '' . clean($code) . '';');
if(mysql_num_rows($query) > 0)
{
@mysql_query('DELETE FROM `invites` WHERE `code` = '' . clean($code) . '';');
}
return;
}
function checkadmin($username = NULL)
{
if($username == NULL)
{
global $u_username;
if(checkusername($u_username))
{
$query = mysql_query('SELECT * FROM `users` WHERE `username` = '' . clean($u_username) . '';');
$result = mysql_fetch_array($query);
return (bool)($result['status'] >= 3);
}
else
{
return FALSE;
}
}
else
{
if(checkusername($username))
{
$query = mysql_query('SELECT * FROM `users` WHERE `username` = '' . clean($username) . '';');
$result = mysql_fetch_array($query);
return (bool)($result['status'] >= 3);
}
else
{
return FALSE;
}
}
}
function checkmod($username = NULL)
{
if($username == NULL)
{
global $u_username;
if(checkusername($u_username))
{
$query = mysql_query('SELECT * FROM `users` WHERE `username` = '' . clean($u_username) . '';');
$result = mysql_fetch_array($query);
return (bool)($result['status'] >= 2);
}
else
{
return FALSE;
}
}
else
{
if(checkusername($username))
{
$query = mysql_query('SELECT * FROM `users` WHERE `username` = '' . clean($username) . '';');
$result = mysql_fetch_array($query);
return (bool)($result['status'] >= 2);
}
else
{
return FALSE;
}
}
}
function checkbanned($username = NULL)
{
$time = time();
$timeout = $time - 120960;
@mysql_query('UPDATE `users` SET `banned` = '0', `bantime` = '0' WHERE `bantime` < '' . $timeout . '';');
if($username != NULL)
{
if(checkusername($username))
{
$query = mysql_query('SELECT * FROM `users` WHERE `username` = '' . clean($username) . '';');
$result = mysql_fetch_array($query);
return (bool)($result['banned'] > 0);
}
else
{
return FALSE;
}
}
else
{
$useragent = isset($_SERVER['HTTP_USER_AGENT']) ? clean($_SERVER['HTTP_USER_AGENT']) : 'unknown';
$userip = isset($_SERVER['X_FORWARDED_FOR']) ? clean($_SERVER['X_FORWARDED_FOR']) : (isset($_SERVER['REMOTE_ADDR']) ? clean($_SERVER['REMOTE_ADDR']) : 'unknown');
$query = mysql_query('SELECT * FROM `banned` WHERE `useragent` = '' . $useragent . '' AND `userip` = '' . $userip . '';');
return (bool)(mysql_num_rows($query) > 0);
}
}
function adduser($username, $password, $email)
{
if(!checkusername($username))
{
$useragent = trim(clean($_SERVER['HTTP_USER_AGENT']));
$userip = isset($_SERVER['X_FORWARDED_FOR']) ? (empty($_SERVER['X_FORWARDED_FOR']) ? trim(clean($_SERVER['REMOTE_ADDR'])) : trim(clean($_SERVER['X_FORWARDED_FOR']))) : trim(clean($_SERVER['REMOTE_ADDR']));
$query = mysql_query('INSERT INTO `users` VALUES ('0', '' . clean($username) . '', '' . clean(md5(md5($password))) . '', '' . clean($email) . '', '' . time() . '', '' . $useragent . '', '' . $userip . '', '0', '0', '1', '0');');
if(mysql_affected_rows() > 0)
return TRUE;
else
return FALSE;
}
else
{
return FALSE;
}
}
function removeuser($username)
{
if(checkusername($username))
{
$query = mysql_query('DELETE FROM `users` WHERE username = '' . clean($username) . '';');
if(mysql_affected_rows() > 0)
return TRUE;
else
return FALSE;
}
else
{
return FALSE;
}
}
function islogged()
{
$u_username = isset($_SESSION['username']) ? (empty($_SESSION['username']) ? NULL : clean($_SESSION['username'])) : NULL;
$u_password = isset($_SESSION['password']) ? (empty($_SESSION['password']) ? NULL : clean($_SESSION['password'])) : NULL;
if($u_username == NULL && $u_password == NULL)
{
return FALSE;
}
else
{
if(checkpassword($u_username, $u_password))
{
return TRUE;
}
else
{
return FALSE;
}
}
}
function getid($giusername = NULL)
{
if($giusername == NULL)
{
$u_username = isset($_SESSION['username']) ? (empty($_SESSION['username']) ? NULL : $_SESSION['username']) : NULL;;
if($u_username != NULL && checkusername($u_username))
{
$query = mysql_query('SELECT * FROM `users` WHERE `username` = '' . clean($u_username) . '';');
$result = mysql_fetch_array($query);
return intval($result['id']);
}
else
{
return NULL;
}
}
else
{
if($giusername != NULL && checkusername($giusername))
{
$query = mysql_query('SELECT * FROM `users` WHERE `username` = '' . clean($giusername) . '';');
$result = mysql_fetch_array($query);
return intval($result['id']);
}
else
{
return NULL;
}
}
}
function getusername($id)
{
if($id > 0)
{
$query = mysql_query('SELECT * FROM `users` WHERE `id` = '' . intval(clean($id)) . '';');
if(mysql_num_rows($query) > 0)
{
$result = mysql_fetch_array($query);
return $result['username'];
}
else
{
return NULL;
}
}
else
return NULL;
}
function formatstatus($sid)
{
global $lang;
if($sid == 3)
return $lang['status']['admin'];
elseif($sid == 2)
return $lang['status']['mod'];
else
return $lang['status']['user'];
}
function setonline($user, $where)
{
$time = time();
$timeout = $time - 840;
@mysql_query('DELETE FROM `online` WHERE `time` < '' . $timeout . '';');
$user = intval($user);
if($user > 0)
{
$query = mysql_query('SELECT * FROM `online` WHERE `user` = '' . $user . '';');
if(mysql_num_rows($query) > 0)
{
@mysql_query('UPDATE `online` SET `where` = '' . $where . '', `time` = '' . time() . '' WHERE `user` = '' . $user . '';');
return;
}
else
{
@mysql_query('INSERT INTO `online` VALUES('0', '' . intval(clean($user)) . '', '' . clean($where) . '', '' . time() . '');');
return;
}
}
}
?>