File size: 4.65Kb
<?php
/*\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\//
// Sitchi CMS - Mobile Content Management System //
// The author: Nikoloz Sitchinava [sitchi] //
// Link: http://sitchicms.num.ge //
// Skype: SitchiCMS //
// License: LICENSE.txt (see attached file) //
// Version: VERSION.txt (see attached file) //
//\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\*/
defined('_SITCHICMS') or die ('Restricted access');
/* სესიის დაწყება */
session_name('SDG');
session_start();
$ss=mysql_real_escape_string(session_id());
if (!preg_match('[A-z0-9]',$ss))$ss=md5(rand(09009,999999));
/* სტანდარტული პარამეტრების გამოყენება */
$set_l = mysql_query("SELECT * FROM `settings` WHERE `id` = 1");
$set = mysql_fetch_assoc($set_l);
/* დამ.ფუნქციები */
mb_internal_encoding('UTF-8');
$time = time() + $set['timeshift'] * 3600;
$microtime = microtime(1);
/* ავტორიზაცია */
if (isset($_SESSION['id_user']) && mysql_result(mysql_query("SELECT COUNT(*) FROM `users` WHERE `id` = '$_SESSION[id_user]' LIMIT 1"), 0)==1)
{
$user=mysql_fetch_assoc(mysql_query("SELECT * FROM `users` WHERE `id` = '".$_SESSION['id_user']."' LIMIT 1"));
$timeactiv=$time - $user['lastvisit'];
if($timeactiv < 120)
{
$newtimeactiv=$user['alltime']+$timeactiv;
mysql_query("UPDATE `users` SET `alltime` ='$newtimeactiv' WHERE `id` = '$user[id]' LIMIT 1");
}
mysql_query('UPDATE `users` SET `lastvisit` = '.$time.' WHERE `id` ='.$user['id'].' LIMIT 1');
}else
if (isset($_COOKIE['id_user']) && isset($_COOKIE['pass']))
{
if (mysql_result(mysql_query("SELECT COUNT(*) FROM `users` WHERE `id` = ".intval($_COOKIE['id_user'])." AND `pass` = '".mysql_real_escape_string($_COOKIE['pass'])."' LIMIT 1"), 0)==1)
{
$user_id = intval($_COOKIE['id_user']);
$user=mysql_fetch_assoc(mysql_query("SELECT * FROM `users` WHERE `id` = ".$user_id." LIMIT 1"));
$_SESSION['id_user']=$user_id;
}
}
/* ვაფიქსირებთ ბრაუზერს და IP მისამართს */
if(isset($_SERVER['REMOTE_ADDR']) && filter_var($_SERVER['REMOTE_ADDR'], FILTER_VALIDATE_IP, FILTER_FLAG_IPV4))
{
$ip=ip2long($_SERVER['REMOTE_ADDR']);
}
if (isset($_SERVER['HTTP_USER_AGENT']))
{
$ua=$_SERVER['HTTP_USER_AGENT'];
$ua=strtok($ua, '/');
$ua=strtok($ua, '(');
$ua=preg_replace('[^a-z_\./ 0-9\-]', null, $ua);
if (isset($_SERVER['HTTP_X_OPERAMINI_PHONE_UA']))
{
$ua_om=$_SERVER['HTTP_X_OPERAMINI_PHONE_UA'];
$ua_om=strtok($ua_om, '/');
$ua_om=strtok($ua_om, '(');
$ua_om=preg_replace('[^a-z_\. 0-9\-]', null, $ua_om);
$ua='Opera Mini ('.$ua_om.')';
}
}else{
$ua = 'not defined';
}
if(isset($user))
{
if (isset($ip))mysql_query("UPDATE `users` SET `ip` = '".mysql_real_escape_string($ip)."' WHERE `id` = '$user[id]' LIMIT 1");
if (isset($ua))mysql_query("UPDATE `users` SET `ua` = '".mysql_real_escape_string($ua)."' WHERE `id` = '$user[id]' LIMIT 1");
}else{
if (mysql_result(mysql_query("SELECT COUNT(*) FROM `user_guest` WHERE `ip` = '$ip' AND `ua` = '".mysql_real_escape_string($ua)."' LIMIT 1"), 0)==1)
{
$user_guest=mysql_fetch_assoc(mysql_query("SELECT * FROM `user_guest` WHERE `ip` = '$ip' AND `ua` = '".mysql_real_escape_string($ua)."' LIMIT 1"));
mysql_query("UPDATE `user_guest` SET `lastvisit` = '".$time."' WHERE `ip` = '$ip' AND `ua` = '".mysql_real_escape_string($ua)."' LIMIT 1");
}else{
mysql_query("INSERT INTO `user_guest` (`ip`, `ua`, `lastvisit`) VALUES ('$ip', '".mysql_real_escape_string($ua)."', '".$time."')");
}
}
/* ვამისამართებთ მომხმარებელს ან სტუმარს თუ ის ბლოკირებულია */
if (!isset($banpage) && isset($user))
{
if (mysql_result(mysql_query("SELECT COUNT(*) FROM `ban` WHERE `id_user` = '$user[id]' AND (`time` > '$time' OR `view` = '0')"), 0)!=0)
{
header('Location: /pages/ban.php?'.SID);exit;
}else
if (mysql_result(mysql_query("SELECT COUNT(*) FROM `ban_ip` WHERE `min` <= '$ip' AND `max` >= '$ip'"), 0)!=0)
{
header("Location: /pages/ban_ip.php");exit;
}
}else
if (!isset($ban_ip_page))
{
if (mysql_result(mysql_query("SELECT COUNT(*) FROM `ban_ip` WHERE `min` <= '$ip' AND `max` >= '$ip'"), 0)!=0)
{
header("Location: /pages/ban_ip.php");
exit;
}
}
//
if (isset($user['set_p_count']))$set['p_count']=(int)$user['set_p_count'];
/* ვრთავთ შეცდომების ჩვენებას პარამეტრებიდან */
if ($set['show_err_php']==1 && $user['level']>=2)
{
error_reporting(E_ALL);
ini_set('display_errors',true);
}
?>