View file st.php

File size: 6Kb
<?php

// Автор: waphak
// ICQ: 9988817

session_name("SID");
session_start();
include_once "theme/index.php";
require_once"conf.php";
require_once"config.php";
include_once "template/login.php";

if (!$_SESSION[uin]=="" && !md5($_SESSION[par])=="" && md5($_SESSION[par])==$provpar && $_SESSION[uin]==$provuin)
{

if(eregi("[^a-z0-9-]",$npar))
{
	echo'<br><center>
	Ошибка! Допустимы только знаки латинского алфавита и тире в поле "Пароль"
	<br><a href="profil.php?'.SID.'">Повторить</a><br>
	</center>';  exit;
}


$browser=htmlspecialchars(stripslashes(getenv('HTTP_USER_AGENT')));
if (getenv("HTTP_X_FORWARDED_FOR"))
 { $ip=htmlspecialchars(stripslashes(getenv("HTTP_X_FORWARDED_FOR"))); }
   else { $ip=htmlspecialchars(stripslashes($_SERVER['REMOTE_ADDR'])); }

	$text = @file("users/$uin.log");
	if ($text!="")
	{
		$udata = explode(":||:",$text[0]);
		$provuin=trim($udata[0]);
		$nick=trim($udata[2]);
		$name=trim($udata[3]);
		$surname=trim($udata[4]);
		$city=trim($udata[5]);
		$about=trim($udata[6]);
		$happy=trim($udata[7]);
		$height=trim($udata[8]);
		$weight=trim($udata[9]);
		$mail=trim($udata[10]);
		$mobile=trim($udata[11]);
		$provpar=trim($udata[1]);
		$browser=trim($udata[12]);
		$ip=trim($udata[13]);
		$regtime=trim($udata[14]);
		$photo=trim($udata[15]);
	}

	if (isset($_POST['nick'])) $nick = $_POST['nick'];
	if (isset($_POST['status'])) $status = $_POST['status'];
	
	$npar = htmlspecialchars(stripslashes(trim($npar)));
	$city = htmlspecialchars(stripslashes(trim($city)));
	$about = htmlspecialchars(stripslashes(trim($about)));
	$mail = htmlspecialchars(stripslashes(trim($mail)));
	$mobile=htmlspecialchars(stripslashes(trim($mobile)));
	$ip=htmlspecialchars(stripslashes(trim($ip)));
	$height=htmlspecialchars(stripslashes(trim($height)));
	$weight=htmlspecialchars(stripslashes(trim($weight)));
	$happy=htmlspecialchars(stripslashes(trim($happy)));
	$surname=htmlspecialchars(stripslashes(trim($surname)));
	$name=htmlspecialchars(stripslashes(trim($name)));
	$photo=htmlspecialchars(stripslashes(trim($photo)));
	$nick=htmlspecialchars(stripslashes(trim($nick)));
	$status = htmlspecialchars(stripslashes(trim($status)));

	$photo = str_replace(";","",$photo);
	$photo = str_replace(",","",$photo);
	$photo = str_replace("'","",$photo);
	$photo = str_replace("@","",$photo);
	$photo = str_replace("!","",$photo);
	$photo = str_replace("<","",$photo);
	$photo = str_replace(">","",$photo);
	$photo = str_replace("]","",$photo);
	$photo = str_replace("[","",$photo);
	$photo = str_replace("{","",$photo);
	$photo = str_replace("}","",$photo);
	$photo = str_replace("#","",$photo);
	$photo = str_replace("$","",$photo);
	$photo = str_replace("%","",$photo);
	$photo = str_replace("^","",$photo);
	$photo = str_replace("*","",$photo);
	$photo = str_replace("(","",$photo);
	$photo = str_replace(")","",$photo);
	$photo = str_replace("=","",$photo);
	$photo = str_replace("+","",$photo);
	$photo = str_replace("php.","",$photo);
	$photo = str_replace("PHP.","",$photo);
	$photo = str_replace("dat.","",$photo);
	$photo = str_replace("zip.","",$photo);
	$photo = str_replace("DAT.","",$photo);
	$photo = str_replace("ZIP.","",$photo);
	$photo = str_replace("Zip.","",$photo);
	$photo = str_replace("","",$photo);

	$about = str_replace("|","",$about);
	$about = str_replace("||","",$about);
	$about=str_replace("&","&amp;",$about);
	$about = str_replace("'", "&#39;",$about);
	$about=str_replace("<","&#60;",$about);
	$about=str_replace(">","&#62;",$about);
	$about=str_replace("\"","&#34;",$about);
	$about=str_replace("$","&#036;",$about);
	$about = str_replace("\\", "&#092;", $about);
	$about = str_replace("!", "&#33;", $about);
	$about = str_replace("[", "&#91;", $about);
	$about = str_replace("]", "&#93;", $about);
	$about = str_replace("@", "&#064;", $about);

	$nick = str_replace("|","",$nick);
	$nick = str_replace("||","",$nick);


	$status = str_replace("|","",$status);
	$status = str_replace("||","",$status);

	$city = str_replace("|","",$city);
	$city = str_replace("||","",$city);
	$city=str_replace("&","&amp;",$city);
	$city = str_replace("'", "&#39;",$city);
	$city=str_replace("<","&#60;",$city);
	$city=str_replace(">","&#62;",$city);
	$city=str_replace("\"","&#34;",$city);
	$city=str_replace("$","&#036;",$city);
	$city = str_replace("\\", "&#092;", $city);
	$city = str_replace("!", "&#33;", $city);
	$city = str_replace("[", "&#91;", $city);
	$city = str_replace("]", "&#93;", $city);
	$city = str_replace("@", "&#064;", $city); 

	$mail = str_replace("|","",$mail);
	$mail = str_replace("||","",$mail);
	$photo = str_replace("|","",$photo);
	$photo = str_replace("||","",$photo);
	$mobile = str_replace("|","",$mobile);
	$mobile = str_replace("||","",$mobile);
	$height = str_replace("|","",$height);
	$height = str_replace("||","",$height);
	$weight = str_replace("|","",$weight);
	$weight = str_replace("||","",$weight);
	$happy = str_replace("|","",$happy);
	$happy = str_replace("||","",$happy);
	$npars=md5($npar);

	$fal = @file("users/$uin.log"); 
	$udata = explode(":||:",$fal[0]);

$text=$uin.':||:'.$udata[1].':||:'.$nick.':||:'.$name.':||:'.$surname.':||:'.$city.':||:'.$about.':||:'.$happy.':||:'.$height.':||:'.$weight.':||:'.$mail.':||:'.$mobile.':||:'.$browser.':||:'.$ip.':||:'.$regtime.':||:'.$photo.':||:'.$status.':||:';

	$of = @file("users/$uin.log"); 
	$udata = explode(":||:",$of[0]);
	$provpar= $udata[1];
	$provpar= trim($provpar);

	if ($provpar==md5($_SESSION[par]))
	{
		$fp=fopen("users/$uin.log","a+");
		flock($fp,LOCK_EX);           
		ftruncate($fp,0);                                                                 
		fputs($fp,"$text");
		fflush($fp);
		flock($fp,LOCK_UN);
		fclose($fp);

header ("Location: index.php?".SID);
	}
	else
	{
		print"Неверный пароль!<br>";
	}


}else{
header ("Location: index.php?".SID);
}

include_once "theme/foot.php";
             
?>