View file system/header.php

File size: 6.95Kb
<?php


//Фильтр 
foreach ($_GET as $check_url) { if ((eregi("<[^>]*script*\"?[^>]*>", $check_url)) || (eregi("<[^>]*object*\"?[^>]*>", $check_url)) || (eregi("<[^>]*iframe*\"?[^>]*>", $check_url)) || (eregi("<[^>]*applet*\"?[^>]*>", $check_url)) || (eregi("<[^>]*meta*\"?[^>
]*>", $check_url)) || (eregi("<[^>]*style*\"?[^>]*>", $check_url)) || (eregi("<[^>]*form*\"?[^>]*>", $check_url)) || (eregi("\([^>]*\"?[^)]*\)", $check_url)) || (eregi("\"", $check_url)) || (eregi("\'", $check_url)) || (eregi("\./", $check_url)) ||  (eregi("%3E",
$check_url)) || (eregi("<", $check_url)) || (eregi("%3C", $check_url)) || (eregi(">", $check_url))){header ("Location: /index.php?error=403"); exit;}}






//Определение реального ip
if (isset($_SERVER['HTTP_X_FORWARDED_FOR']) && preg_match("|^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$|", $_SERVER['HTTP_X_FORWARDED_FOR'])){ $ip = $_SERVER['HTTP_X_FORWARDED_FOR'];} elseif(isset($_SERVER['HTTP_CLIENT_IP']) && preg_match("|^[0-9]{1,3}
\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$|", $_SERVER['HTTP_CLIENT_IP'])) { $ip = $_SERVER['HTTP_CLIENT_IP'];} else {$ip = preg_replace("|[^0-9.]|", "", $_SERVER['REMOTE_ADDR']);} $ip=prov($ip);

//Определение реального браузера

if (isset($_SERVER['HTTP_X_OPERAMINI_PHONE_UA'])) {$browsus = htmlspecialchars(stripslashes($_SERVER['HTTP_X_OPERAMINI_PHONE_UA']));}elseif(isset($_SERVER['HTTP_USER_AGENT'])) {$browsus=htmlspecialchars(stripslashes($_SERVER['HTTP_USER_AGENT']));} else {$browsus='Not_detected';
}
$ua=preg_replace('|http://|i','', $browsus);
$ua=strtok($ua,'(');
$ua=strtok($ua,' ');
$ua=substr($ua,0,22);
$ua=prov($ua);

//Обновление статистики
$obn=mysql_fetch_array(mysql_query("SELECT * FROM `system` WHERE `name`='obn' LIMIT 1"));
if($obn['value']!=date('d.m.Y')){
mysql_query("UPDATE `system` SET `value`='".date('d.m.Y')."' WHERE `name`='obn' LIMIT 1");
mysql_query("TRUNCATE TABLE `referers`");
mysql_query("DELETE FROM `online` WHERE `timer`<'".(time()-121)."'");
}
if(isset($_SERVER['HTTP_REFERER'])){
$referer=prov($_SERVER['HTTP_REFERER']);
$ref=explode('/',$referer);
if(!eregi(prov($_SERVER['HTTP_HOST']),$ref[2])){
$suchref=mysql_num_rows(mysql_query("SELECT * FROM `referers` WHERE `referer`='".$ref[2]."' LIMIT 1"));
if($suchref==0){
mysql_query("INSERT INTO `referers` SET `referer`='".$ref[2]."', `perehody`='1'");
}else{
mysql_query("UPDATE `referers` SET `perehody`=perehody+1 WHERE `referer`='".$ref[2]."' LIMIT 1");
}
}
}
$s=session_name().'='.session_id();
$vhod=0;
$adm_pr=0;
$id_user=0;
$gdeon=$_SERVER['PHP_SELF'].'?'.prov($_SERVER['QUERY_STRING']);

//БОТТ Система

mysql_query("update users set ldate='".date("d.m.Y")." в ".date("H:i")."', online='".time()."' where id_user='2'");

//Вход по cookie
if(!empty($_COOKIE['mylogin']) and !empty($_COOKIE['mypass']) ){ 
if(empty($_SESSION['login']) and empty($_SESSION['pass']) ){
$llogin=prov($_COOKIE['mylogin']); $lpass=prov($_COOKIE['mypass']);  
$erlog=mysql_num_rows(mysql_query("SELECT * FROM `users` WHERE `login`='$llogin' AND `pass`='$lpass' LIMIT 1"));
if($erlog==1){
$_SESSION['login']=$llogin; $_SESSION['pass']=$lpass;
}}}

//Авторизация и вход

if(!empty($_SESSION['login']) and !empty($_SESSION['pass'])){
$login=prov($_SESSION['login']);
$pass=prov($_SESSION['pass']);
if(isset($login) and isset($pass)){
$users=mysql_query("SELECT * FROM `users` WHERE `login`='$login' AND `pass`='$pass' AND `lua`='$ua' LIMIT 1");
$such=mysql_num_rows($users);
if($such==1){
$user=mysql_fetch_array($users);
$id_user=$user['id_user'];
$vhod=1; $tietd=time()-600; 
if($user['online']>$tietd){
$usetim=time()-$user['online']; $usetim=$usetim+$user['onsite']; }else{$usetim=$user['onsite'];} 
mysql_query("UPDATE `users` SET `onsite`='$usetim' WHERE `id_user`='$id_user'");
mysql_query("UPDATE `users` SET `unsite`=`unsite`+1 WHERE `online`<'".(time()-600)."' AND `id_user`='$id_user'");
mysql_query("UPDATE `users` SET `ldate`='".date("d.m.Y")." в ".date("H:i")."', `online`='".time()."', `gdeon`='$gdeon' WHERE `id_user`='$id_user'");
$provadm=mysql_num_rows(mysql_query("select * from system where name='admin' and value='$id_user' limit 1"));
if($provadm!=0){$adm_pr=2;}
if($provadm!=0){$adm_pr=2;}
$provmod=mysql_num_rows(mysql_query("select * from system where name='moder' and value='$id_user' limit 1"));
if($provmod!=0){$adm_pr=3;}
$provcre=mysql_num_rows(mysql_query("select * from system where name='creater' and value='$id_user' limit 1"));
if($provcre!=0){$adm_pr=4;}
$ibanned=mysql_query("select * from banned where id_user='$id_user' order by id_ban desc limit 1");
if(mysql_num_rows($ibanned)!=0){
$banned=mysql_fetch_array($ibanned);
if($banned['srok']==0 or ($banned['timer']+$banned['srok'])>time()){
if($banned['prich']==1){$newpri='Реклама';}
elseif($banned['prich']==2){$newpri='Оскорбление';}
elseif($banned['prich']==3){$newpri='Нецензурные выражения';}
elseif($banned['prich']==4){$newpri='Флуд/Флейм';}
elseif($banned['prich']==5){$newpri='Оффтопик';
}
else{$newpri='Другое';}
echo '<div class="i">Ошибка</div>
<div class="p">'.$user['login'].', Вы забанены!<br>
Причина: '.$newpri.'<br>';
if(!empty($banned['dopinf'])){
echo'Доп. информация: '.$banned['dopinf'].'<br>';
}
$ktoban=mysql_fetch_array(mysql_query("select login from users where id_user='".$banned['kto_zabanil']."' limit 1"));
echo'Вас забанил: '.$ktoban['login'].'<br>';
if($banned['srok']==0){
echo'Бан до отмены администрацией!<br>';
}else{
echo'Окончание бана: '.date('d.m.Y в H:i:s',$banned['timer']).'<br>';
}
require"../system/foot.php";
exit;
}
}
}
}
}
//Онлайн
if($vhod==0){
$suon=mysql_query("select * from online where iper='$ip' and uaer='$ua' limit 1");
if(mysql_num_rows($suon)==0){
mysql_query("insert into online set iper='$ip', uaer='$ua', timer='".time()."', query='$gdeon'");
}else{
mysql_query("update online set timer='".time()."', query='$gdeon' where iper='$ip' and uaer='$ua' limit 1");
}
}
//Фильтрация
if(isset($_GET['mod'])){$mod=cifry($_GET['mod']);}else{$mod='';}
if(isset($_GET['action'])){$action=cifry($_GET['action']);}else{$action='';}
if(!isset($title)){$title='';}


echo '<?xml version="2.1" encoding="utf-8"?>

<!DOCTYPE html PUBLIC "-//WAPFORUM//DTD XHTML Mobile 1.0//EN" "http://www.wapforum.org/DTD/xhtml-mobile10.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="ru">
<meta name="Copyright" content="Лучший двиг для вашего сайта JRCMS"/>
<head><title>'.$krsite.' - '.$title.'</title>
<link rel="shortcut icon" href="http://klemo.ru/favicon.ico" type="image/x-icon" />
<link rel="stylesheet" type="text/css" href="/style/style.css">
</head>
<body>
<div class="de">

<div class="sep" align="center"> <div class="res"><img src="/1.png" alt="" /> </a> </div></div>';
?>