Просмотр файла system/sys.php

Размер файла: 7.69Kb
<?php
// by mides, 1da.su

// check $_GET to make sure it's Ok
foreach ($_GET as $check_url) {
	if (!is_string($check_url) || !preg_match('#^(?:[a-z0-9_\-/]+|\.+(?!/))*$#i', $check_url)) {
    	header ('Location: ../');
    	exit;
	} 
} 
unset($check_url);

// let's connect to our DataBase
require_once 'db.php';
$connect = mysql_connect(DBHOST, DBUSER, DBPASS) or die(mysql_error('Ошибка подключения к БД. Неверный пользователь или пароль.'));
mysql_query('SET NAMES `utf8`', $connect);
mysql_select_db(DBNAME, $connect) or die('Не правильно прописано название БД.');

// let's get the default site settings
$config_r = mysql_query("SELECT * FROM `config` WHERE `id` = 1");
$config = mysql_fetch_assoc($config_r);
$config['copy'] = $_SERVER['HTTP_HOST'];

if (isset($_COOKIE['ulogin']) and isset($_COOKIE['upass'])) {
	$ulogin = check($_COOKIE['ulogin']);
	$upass = check($_COOKIE['upass']);
		
	$query = mysql_query("SELECT * FROM `users` WHERE `login` = '$ulogin' and `pass` = '$upass' LIMIT 1");
	$u = mysql_fetch_assoc($query);
	
	if ($u['id']) {
		$config['style'] = $u['style'];
		$config['onpage'] = $u['onpage'];
					
		$online_r = mysql_query("SELECT `id_user` FROM `online` WHERE `id_user` = '$u[id]'");
		if (mysql_num_rows($online_r)) {
			mysql_query("UPDATE `online` SET `place` = '$title', `time` = '".time()."' WHERE `id_user` = '$u[id]'");
		} else {
			mysql_query("INSERT INTO `online` SET `id_user` = '$u[id]', `place` = '$title', `time` = '".time()."'");
		}
		mysql_query("DELETE FROM `online` WHERE `time` <= '".(time() - 60 * 3)."'");
			
		if ($u['locked'] > time()) {
			header('location: ../locked.php');
		}
		mysql_query("UPDATE `users` SET `locked` = 0, `locked_who` = '', `reason` = '' WHERE `locked` < '".time()."'");

		if ($u['login'] != $ulogin or $u['pass'] != $upass) {
			setcookie('login', '', time() - 86400*31);
			setcookie('pass', '', time() - 86400*31);
		}
	}
}

function tp($title){
	echo '<div class="title">'.$title.'</div><div class="main">';
    return;
}

function error($error){
    echo '<div class="title">Ошибка!</div><div class="main">'.$error;
    return;
}

function info($info){
    echo '<div class="title">Информация</div><div class="main">'.$info;
    return;
}

function nav_main(){
    echo '</div><div class="navigation"><a href="../">На главную</a></div>';
    return;
}

function nav($link){
    echo '</div><div class="navigation"><a href="'.$link.'">Назад</a><br /><a href="../">На главную</a></div>';
    return;
}

function nav2($link, $link_name){
    echo '</div><div class="navigation"><a href="'.$link.'">'.$link_name.'</a><br /><a href="../">На главную</a></div>';
    return;
}

function check($check){
	$check = htmlspecialchars(mysql_real_escape_string($check));
	
	$search = array('|', '\'', '$', '\\', '^', '%', '`', "\0", "\x00", "\x1A", "‮⁄∩");
	$replace = array('&#124;', '&#39;', '&#36;', '&#92;', '&#94;', '&#37;', '&#96;', '', '', '', '');
	$msg = str_replace($search, $replace, $msg);
	
	$msg = stripslashes(trim($msg));
	return $check;
}

function generate($number){
	$arr = array('a','b','c','d','e','f','g','h','i','j','k','l','m','n','o','p','r','s','t','u','v','x','y','z','A','B','C','D','E','F','G','H','I','J','K','L','M','N','O','P','R','S','T','U','V','X','Y','Z','1','2','3','4','5','6','7','8','9','0');  
    // Генерируем пароль  
    $pass = '';  
    for($i = 0; $i < $number; $i++){
		// Вычисляем случайный индекс массива
		$index = rand(0, count($arr) - 1);
		$pass .= $arr[$index];  
    }
	return $pass;  
}

function navig($page, $link, $pages) {
	if ($pages > 1) {
		echo '</div><div class="main">Cтр.: ';
		for ($k = 1; $k <= $pages; $k++) {
			if ( $k == 1 or $k == $pages or 2 >= ($page - $k) and -2 <= ($page - $k) ) {
				if ($k == $page) {
					$write = '<u>'.$k.'</u> ';
				} else {
					$write = '<a href="'.$link.'p='.$k.'">'.$k.'</a> ';
				}
				echo $write;
			}
		}
	}
}

function bb($msg){
	$result_sm = mysql_query("SELECT * FROM `smiles`");
	while ($s = mysql_fetch_assoc($result_sm)) {
		$msg = str_replace($s['code'], '<img src="'.$s['path'].'" alt="" />', $msg);
	}			
	$msg = preg_replace("#\[url=(.*?)\](.*?)\[/url\]#si", "<a href=\"\\1\">\\2</a>", $msg);
	$msg = preg_replace("#\[red\](.*?)\[/red\]#si", "<span style=\"color: red\">\\1</span>", $msg);
	$msg = preg_replace("#\[blue\](.*?)\[/blue\]#si", "<span style=\"color: blue\">\\1</span>", $msg);
	$msg = preg_replace("#\[black\](.*?)\[/black\]#si", "<span style=\"color: black\">\\1</span>", $msg);
	$msg = preg_replace("#\[green\](.*?)\[/green\]#si", "<span style=\"color: green\">\\1</span>", $msg);
	$msg = preg_replace("#\[orange\](.*?)\[/orange\]#si", "<span style=\"color: orange\">\\1</span>", $msg);
	$msg = preg_replace("#\[pink\](.*?)\[/pink\]#si", "<span style=\"color: pink\">\\1</span>", $msg);
	$msg = preg_replace("#\[gray\](.*?)\[/gray\]#si", "<span style=\"color: gray\">\\1</span>", $msg);
	$msg = preg_replace("#\[big\](.*?)\[/big\]#si", "<span style=\"font-size: 20px\">\\1</span>", $msg);
	$msg = preg_replace("#\[small\](.*?)\[/small\]#si", "<span style=\"font-size: 8px\">\\1</span>", $msg);
	$msg = preg_replace("#\[b\](.*?)\[/b\]#si", "<b>\\1</b>", $msg);
	$msg = preg_replace("#\[u\](.*?)\[/u\]#si", "<u>\\1</u>", $msg);
	$msg = preg_replace("#\[i\](.*?)\[/i\]#si", "<i>\\1</i>", $msg);
	$msg = preg_replace("#\[strike\](.*?)\[/strike\]#si", "<strike>\\1</strike>", $msg);
	return nl2br($msg);
}

function access($id_user) {
	$user_r = mysql_query("SELECT `access` FROM `users` WHERE `id` = '$id_user'");
	$user = mysql_fetch_assoc($user_r);
	switch($user['access']) {
		case '1': $access = 'Куратор'; break;
		case '2': $access = 'Модератор'; break;
		case '3': $access = 'Администратор'; break;
		default: $access = 'Пользователь'; break;
	}
	return $access;
}

function login($id) {
	if ($id == 0) {
		return 'Гость';
	} else {
		$user_r = mysql_query("SELECT `login`, `access` FROM `users` WHERE `id` = '$id'");
		$user = mysql_fetch_assoc($user_r);
		if ($user['login']) {
			switch($user['access']) {
				case '1': $user['login'] = '<font color="green">'.$user['login'].'</font>'; break;
				case '2': $user['login'] = '<font color="blue">'.$user['login'].'</font>'; break;
				case '3': $user['login'] = '<font color="red">'.$user['login'].'</font>'; break;
				default: $user['login']; break;
			}
			return $user['login'];
		} else {
			return '<font color="grey">удален</font>';
		}
	}
}

function login_simple($id){
	if ($id == 0) {
		return 'Гость';
	} else {
		$user_r = mysql_query("SELECT `login` FROM `users` WHERE `id` = '$id'");
		$user = mysql_fetch_assoc($user_r);
		if ($user['login']) {
			return $user['login'];
		} else {
			return 'удален';
		}
	}
}

function get_id($login){
	$user_r = mysql_query("SELECT `id` FROM `users` WHERE `login` = '$login'");
	$user = mysql_fetch_assoc($user_r);
	return $user['id'];
}


function online($time, $id_user) {
	$online_r = mysql_query("SELECT `id` FROM `online` WHERE `id_user` = '$id_user'");
	if (mysql_num_rows($online_r)) {
		return '<font color="green">'.$time.'</font>';
	} else {
		return $time;
	}
}

function size($filesize) {
	if ($filesize < 1000000) {
		$kb = round($filesize / 1000, 3);
		$result = $kb.' Kb';
	} else {
		$mb = round($filesize / 1000000, 3);
		$result = $mb.' Mb';
	}
	return $result;
}

function ext($filename) {
    return substr(strrchr($filename, '.'), 1);
}








?>