<?php
// by mides (Mike O.), coolcms.mobi
// choose whether you wanna show the error or not; 1 - yes, 0 - no
$debugmode = 0;
if ($debugmode) {
@error_reporting(E_ALL);
@ini_set('display_errors', true);
@ini_set('html_errors', true);
@ini_set('error_reporting', E_ALL);
} else {
@error_reporting(E_ALL ^ E_NOTICE);
@ini_set('display_errors', false);
@ini_set('html_errors', false);
@ini_set('error_reporting', E_ALL ^ E_NOTICE);
}
session_name('SID');
// check $_GET to make sure it's Ok
foreach ($_GET as $check_url) {
if (!is_string($check_url) || !preg_match('#^(?:[a-z0-9_\-/]+|\.+(?!/))*$#i', $check_url)) {
header ('Location: ../');
exit;
}
}
unset($check_url);
// let's connect to our DataBase
require_once 'db.php';
$connect = mysql_connect(DBHOST, DBUSER, DBPASS) or die(mysql_error('Ошибка подключения к БД. Неверный пользователь или пароль.'));
mysql_query('SET NAMES `utf8`', $connect);
mysql_select_db(DBNAME, $connect) or die('Не правильно прописано название БД.');
define ('HOME', $_SERVER['HTTP_HOST']);
define ('HTTPHOME', 'http://'.HOME);
// getting main variables
$id = isset($_GET['id']) ? abs(intval($_GET['id'])) : 0;
$act = isset($_GET['act']) ? check($_GET['act']) : FALSE;
$title = isset($title) ? $title : FALSE;
$m_title = empty($title) ? HOME : $title.' - '.HOME;
$page = isset($_GET['p']) ? abs(intval($_GET['p'])) : 1;
$pages = isset($pages) ? abs(intval($pages)) : 0;
$ok = isset($_GET['ok']) ? 1 : FALSE;
$spam = isset($_SESSION['spam']) ? $_SESSION['spam'] : FALSE;
$ip = $_SERVER['REMOTE_ADDR'];
$user_agent = $_SERVER['HTTP_USER_AGENT'];
$level = 0;
$flevel = '';
while (!file_exists($flevel.'a.php') && $level < 5) {
$flevel .= '../';
++$level;
}
unset($level);
define ('FLEVEL', $flevel);
define('TIME', time());
// let's get the default site settings
$config_r = mysql_query("SELECT * FROM `config` WHERE `id` = 1");
$config = mysql_fetch_assoc($config_r);
if (isset($_COOKIE['cusername']) and isset($_COOKIE['cpassword'])) {
$cusername = check($_COOKIE['cusername']);
$cpassword = check($_COOKIE['cpassword']);
$query = mysql_query("SELECT * FROM `users` WHERE `username` = '$cusername' and `password` = '$cpassword' LIMIT 1");
$u = mysql_fetch_assoc($query);
if ($u['id']) {
$config['style'] = $u['style'];
$config['onpage'] = $u['onpage'];
$config['language'] = $u['language'];
$online_r = mysql_query("SELECT `id_user` FROM `online` WHERE `id_user` = '$u[id]'");
if (mysql_num_rows($online_r)) {
mysql_query("UPDATE `online` SET `place` = '$title', `time` = '".TIME."' WHERE `id_user` = '$u[id]'");
} else {
mysql_query("INSERT INTO `online` SET `id_user` = '$u[id]', `ip` = '$ip', `user_agent` = '$user_agent', `place` = '$title', `time` = '".time()."'");
}
// kick, ban
$ban_r = mysql_query("SELECT `id` FROM `ban` WHERE `id_user` = '$u[id]' and `until` > '".TIME."'");
if (mysql_num_rows($ban_r)) {
header('location: '.HTTPHOME.'/banned.php');
}
mysql_query("UPDATE `users` SET `lastvisit` = '".TIME."' WHERE `id` = '$u[id]'");
if ($u['username'] != $cusername or $u['password'] != $cpassword) {
setcookie('cusername', '', TIME - 86400*31);
setcookie('cpassword', '', TIME - 86400*31);
}
}
} else {
$u = 0;
$online_r = mysql_query("SELECT `id_user` FROM `online` WHERE `ip` = '$ip'");
if (mysql_num_rows($online_r)) {
mysql_query("UPDATE `online` SET `place` = '$title', `time` = '".TIME."' WHERE `ip` = '$ip'");
} else {
mysql_query("INSERT INTO `online` SET `ip` = '$ip', `user_agent` = '$user_agent', `place` = '$title', `time` = '".TIME."'");
}
}
mysql_query("DELETE FROM `online` WHERE `time` <= '".(TIME - 60 * 3)."'");
if (!file_exists($flevel.'inc/styles/'.$config['style'].'/style.css')) {
$config['style'] = 'default';
}
// checking language (settting default one if check failed)
if (!file_exists($flevel.'language/'.$config['language'].'.php')) {
$config['language'] = 'russian';
}
require_once $flevel.'language/'.$config['language'].'.php';
// CoolCMS FUNCTIONS //
function sendpm($id_user, $msg) {
$pm_r = mysql_query("SELECT `id` FROM `pm` WHERE `id_user` = '$id_user' and `id_sender` = '-1' OR `id_user` = '-1' and `id_sender` = '$id_user'");
$pm = mysql_fetch_assoc($pm_r);
if ($pm ['id']) {
$id_pm = $pm['id'];
mysql_query("UPDATE `pm` SET `time` = '".TIME."' WHERE `id` = '$id_pm'");
} else {
mysql_query("INSERT INTO `pm` SET `id_user` = '$id_user', `id_sender` = '-1', `time` = '".TIME."'");
$id_pm = mysql_insert_id();
}
mysql_query("INSERT INTO `pm_msg` SET `id_pm` = '$id_pm', `id_user` = '$id_user', `id_sender` = '-1', `text` = '$msg', `time` = '".TIME."'");
}
function access($access) {
global $u;
if ($u['id']) {
if ($u['access'] == $access or $u['access'] > $access) {
return true;
}
}
return false;
}
function access2($id_user) {
global $lang;
$user_r = mysql_query("SELECT `access` FROM `users` WHERE `id` = '$id_user'");
$user = mysql_fetch_assoc($user_r);
switch($user['access']) {
case '1': $access = $lang['curator']; break;
case '2': $access = $lang['moderator']; break;
case '3': $access = $lang['administrator']; break;
default: $access = $lang['User']; break;
}
return $access;
}
function bb($msg){
$result_sm = mysql_query("SELECT * FROM `smiles`");
while ($s = mysql_fetch_assoc($result_sm)) {
$msg = str_replace($s['code'], '<img src="'.FLEVEL.$s['path'].'" alt="'.$s['code'].'" />', $msg);
}
$msg = preg_replace("#\[red\](.*?)\[/red\]#si", "<span style=\"color: red\">\\1</span>", $msg);
$msg = preg_replace("#\[blue\](.*?)\[/blue\]#si", "<span style=\"color: blue\">\\1</span>", $msg);
$msg = preg_replace("#\[black\](.*?)\[/black\]#si", "<span style=\"color: black\">\\1</span>", $msg);
$msg = preg_replace("#\[green\](.*?)\[/green\]#si", "<span style=\"color: green\">\\1</span>", $msg);
$msg = preg_replace("#\[orange\](.*?)\[/orange\]#si", "<span style=\"color: orange\">\\1</span>", $msg);
$msg = preg_replace("#\[pink\](.*?)\[/pink\]#si", "<span style=\"color: pink\">\\1</span>", $msg);
$msg = preg_replace("#\[gray\](.*?)\[/gray\]#si", "<span style=\"color: gray\">\\1</span>", $msg);
$msg = preg_replace("#\[big\](.*?)\[/big\]#si", "<span style=\"font-size: 20px\">\\1</span>", $msg);
$msg = preg_replace("#\[small\](.*?)\[/small\]#si", "<span style=\"font-size: 8px\">\\1</span>", $msg);
$msg = preg_replace("#\[b\](.*?)\[/b\]#si", "<b>\\1</b>", $msg);
$msg = preg_replace("#\[u\](.*?)\[/u\]#si", "<u>\\1</u>", $msg);
$msg = preg_replace("#\[i\](.*?)\[/i\]#si", "<i>\\1</i>", $msg);
$msg = preg_replace("#\[strike\](.*?)\[/strike\]#si", "<strike>\\1</strike>", $msg);
$msg = preg_replace("#\[q\](.*?)\[/q\]#si", "<div class=\"quote\">\\1</div>", $msg);
$msg = preg_replace_callback('~\[url=((https?|ftp)://.+?)\](.+?)\[/url\]|((https?|ftp)://[0-9a-zа-яё/.;?=\(\)\_\-&%#]+)~ui', 'url_replace', $msg);
return nl2br($msg);
}
function ccdate($time, $user_4_online) {
if (date('d.m.y', $time) == date('d.m.y', time())) {
$date = date('<b>H:i</b>', $time);
} else {
$date = date('d.m.y, H:i', $time);
}
if (!empty($user_4_online)) {
$online_r = mysql_query("SELECT `id` FROM `online` WHERE `id_user` = '$user_4_online'");
if (mysql_num_rows($online_r)) {
$date = '<font color="green">[On] '.$date.'</font>';
}
}
return '<span style="font-size: 10px">'.$date.'</span>';
}
function check($check){
$check = htmlspecialchars(mysql_real_escape_string($check));
//$search = array('|', '\'', '$', '\\', '^', '%', '`', "\0", "\x00", "\x1A", "⁄∩");
//$replace = array('|', ''', '$', '\', '^', '%', '`', '', '', '', '');
//$msg = str_replace($search, $replace, $msg);
//$msg = stripslashes(trim($msg));
return $check;
}
function error($error){
echo '<div class="title">Ошибка!</div><div class="main">'.$error;
return;
}
function ext($filename) {
return substr(strrchr($filename, '.'), 1);
}
function generate($number){
$arr = array('a','b','c','d','e','f','g','h','i','j','k','l','m','n','o','p','r','s','t','u','v','x','y','z','A','B','C','D','E','F','G','H','I','J','K','L','M','N','O','P','R','S','T','U','V','X','Y','Z','1','2','3','4','5','6','7','8','9','0');
// Генерируем пароль
$pass = '';
for($i = 0; $i < $number; $i++){
// Вычисляем случайный индекс массива
$index = rand(0, count($arr) - 1);
$pass .= $arr[$index];
}
return $pass;
}
function id($username){
$user_r = mysql_query("SELECT `id` FROM `users` WHERE `username` = '$username'");
$user = mysql_fetch_assoc($user_r);
if (isset($user['id'])) {
return $user['id'];
}
return FALSE;
}
function info($info){
global $lang;
echo '<div class="title">'.$lang['info'].'</div><div class="main">'.$info;
return;
}
function login($id) {
if ($id == 0) {
return 'Guest';
} elseif ($id == -1) {
return 'System';
} else {
$user_r = mysql_query("SELECT `username`, `access` FROM `users` WHERE `id` = '$id'");
$user = mysql_fetch_assoc($user_r);
if ($user['username']) {
switch($user['access']) {
case '1': $user['username'] = '<font color="green">'.$user['username'].'</font>'; break;
case '2': $user['username'] = '<font color="blue">'.$user['username'].'</font>'; break;
case '3': $user['username'] = '<font color="red">'.$user['username'].'</font>'; break;
default: $user['username']; break;
}
return $user['username'];
} else {
return '<font color="grey">deleted</font>';
}
}
}
function username($id) {
if ($id == 0) {
return 'Guest';
} elseif ($id == -1) {
return 'System';
} else {
$user_r = mysql_query("SELECT `username`, `access` FROM `users` WHERE `id` = '$id'");
$user = mysql_fetch_assoc($user_r);
if ($user['username']) {
switch($user['access']) {
case '1': $user['username'] = '<font color="green">'.$user['username'].'</font>'; break;
case '2': $user['username'] = '<font color="blue">'.$user['username'].'</font>'; break;
case '3': $user['username'] = '<font color="red">'.$user['username'].'</font>'; break;
default: $user['username']; break;
}
return $user['username'];
} else {
return '<font color="grey">deleted</font>';
}
}
}
function justusername($id){
if ($id == 0) {
return 'Гость';
} else {
$user_r = mysql_query("SELECT `username` FROM `users` WHERE `id` = '$id'");
$user = mysql_fetch_assoc($user_r);
if ($user['username']) {
return $user['username'];
} else {
return 'deleted';
}
}
}
function nav($link){
echo '</div><div class="navigation"><a href="'.$link.'">Назад</a><br /><a href="../">На главную</a></div>';
return;
}
function nav2($link, $link_name){
echo '</div><div class="navigation"><a href="'.$link.'">'.$link_name.'</a><br /><a href="../">На главную</a></div>';
return;
}
function navig($page, $link, $pages) {
global $lang;
if ($pages > 1) {
echo '</div><div class="main">'.$lang['pages'].': ';
for ($k = 1; $k <= $pages; $k++) {
if ( $k == 1 or $k == $pages or 2 >= ($page - $k) and -2 <= ($page - $k) ) {
if ($k == $page) {
$write = '<u>'.$k.'</u> ';
} else {
$write = '<a href="'.$link.'p='.$k.'">'.$k.'</a> ';
}
echo $write;
}
}
}
}
function nav_main() {
global $lang;
echo '</div><div class="navigation"><a href="'.HTTPHOME.'">'.$lang['home'].'</a></div>';
return;
}
function note() {
if (isset($_SESSION['note'])) {
echo '<b>'.$_SESSION['note'].'</b><br />';
unset($_SESSION['note']);
}
}
function online($time, $id_user) {
$online_r = mysql_query("SELECT `id` FROM `online` WHERE `id_user` = '$id_user'");
if (mysql_num_rows($online_r)) {
return '<font color="green">'.$time.'</font>';
} else {
return $time;
}
}
function redirect($url) {
header('location: '.$url);
exit;
}
function size($filesize) {
if ($filesize < 1000000) {
$kb = round($filesize / 1000, 3);
$result = $kb.' Kb';
} else {
$mb = round($filesize / 1000000, 3);
$result = $mb.' Mb';
}
return $result;
}
function str_to_en($string) {
$converter = array(
'а' => 'a', 'б' => 'b', 'в' => 'v',
'г' => 'g', 'д' => 'd', 'е' => 'e',
'ё' => 'e', 'ж' => 'zh', 'з' => 'z',
'и' => 'i', 'й' => 'y', 'к' => 'k',
'л' => 'l', 'м' => 'm', 'н' => 'n',
'о' => 'o', 'п' => 'p', 'р' => 'r',
'с' => 's', 'т' => 't', 'у' => 'u',
'ф' => 'f', 'х' => 'h', 'ц' => 'c',
'ч' => 'ch', 'ш' => 'sh', 'щ' => 'sch',
'ь' => 'b', 'ы' => 'y', 'ъ' => 'b',
'э' => 'e', 'ю' => 'yu', 'я' => 'ya',
'А' => 'A', 'Б' => 'B', 'В' => 'V',
'Г' => 'G', 'Д' => 'D', 'Е' => 'E',
'Ё' => 'E', 'Ж' => 'Zh', 'З' => 'Z',
'И' => 'I', 'Й' => 'Y', 'К' => 'K',
'Л' => 'L', 'М' => 'M', 'Н' => 'N',
'О' => 'O', 'П' => 'P', 'Р' => 'R',
'С' => 'S', 'Т' => 'T', 'У' => 'U',
'Ф' => 'F', 'Х' => 'H', 'Ц' => 'C',
'Ч' => 'Ch', 'Ш' => 'Sh', 'Щ' => 'Sch',
'Ь' => 'b', 'Ы' => 'Y', 'Ъ' => 'b',
'Э' => 'E', 'Ю' => 'Yu', 'Я' => 'Ya',
);
return strtr($string, $converter);
}
function tp($title){
echo '<div class="title">'.$title.'</div><div class="main">';
return;
}
function url_replace($m) {
if (!isset($m[4])) {
$target = (strpos($m[1], HOME) === false) ? ' target="_blank"' : '';
return '<a href="'.$m[1].'"'.$target.'>'.check(rawurldecode(html_entity_decode($m[3], ENT_QUOTES, 'utf-8'))).'</a>';
} else {
$target = (strpos($m[4], HOME) === false) ? ' target="_blank"' : '';
return '<a href="'.$m[4].'"'.$target.'>'.check(rawurldecode(html_entity_decode($m[4], ENT_QUOTES, 'utf-8'))).'</a>';
}
}
function user($id, $field) {
$user_r = mysql_query("SELECT `$field` FROM `users` WHERE `id` = '$id'");
$user = mysql_fetch_assoc($user_r);
if (isset($user[$field])) {
return $user[$field];
}
return FALSE;
}
?>