<?php
// by mides, 1da.su
// check $_GET to make sure it's Ok
foreach ($_GET as $check_url) {
if (!is_string($check_url) || !preg_match('#^(?:[a-z0-9_\-/]+|\.+(?!/))*$#i', $check_url)) {
header ('Location: ../');
exit;
}
}
unset($check_url);
// let's connect to our DataBase
require_once 'db.php';
$connect = mysql_connect(DBHOST, DBUSER, DBPASS) or die(mysql_error('Ошибка подключения к БД. Неверный пользователь или пароль.'));
mysql_query('SET NAMES `utf8`', $connect);
mysql_select_db(DBNAME, $connect) or die('Не правильно прописано название БД.');
// let's get the default site settings
$config_r = mysql_query("SELECT * FROM `config` WHERE `id` = 1");
$config = mysql_fetch_assoc($config_r);
$config['copy'] = $_SERVER['HTTP_HOST'];
if (isset($_COOKIE['ulogin']) and isset($_COOKIE['upass'])) {
$ulogin = check($_COOKIE['ulogin']);
$upass = check($_COOKIE['upass']);
$query = mysql_query("SELECT * FROM `users` WHERE `login` = '$ulogin' and `pass` = '$upass' LIMIT 1");
$u = mysql_fetch_assoc($query);
if ($u['id']) {
$config['style'] = $u['style'];
$config['onpage'] = $u['onpage'];
$online_r = mysql_query("SELECT `id_user` FROM `online` WHERE `id_user` = '$u[id]'");
if (mysql_num_rows($online_r)) {
mysql_query("UPDATE `online` SET `place` = '$title', `time` = '".time()."' WHERE `id_user` = '$u[id]'");
} else {
mysql_query("INSERT INTO `online` SET `id_user` = '$u[id]', `place` = '$title', `time` = '".time()."'");
}
mysql_query("DELETE FROM `online` WHERE `time` <= '".(time() - 60 * 3)."'");
if ($u['locked'] > time()) {
header('location: ../locked.php');
}
mysql_query("UPDATE `users` SET `locked` = 0, `locked_who` = '', `reason` = '' WHERE `locked` < '".time()."'");
if ($u['login'] != $ulogin or $u['pass'] != $upass) {
setcookie('login', '', time() - 86400*31);
setcookie('pass', '', time() - 86400*31);
}
}
}
function tp($title){
echo '<div class="title">'.$title.'</div><div class="main">';
return;
}
function error($error){
echo '<div class="title">Ошибка!</div><div class="main">'.$error;
return;
}
function info($info){
echo '<div class="title">Информация</div><div class="main">'.$info;
return;
}
function nav_main(){
echo '</div><div class="navigation"><a href="../">На главную</a></div>';
return;
}
function nav($link){
echo '</div><div class="navigation"><a href="'.$link.'">Назад</a><br /><a href="../">На главную</a></div>';
return;
}
function nav2($link, $link_name){
echo '</div><div class="navigation"><a href="'.$link.'">'.$link_name.'</a><br /><a href="../">На главную</a></div>';
return;
}
function check($check){
$check = htmlspecialchars(mysql_real_escape_string($check));
$search = array('|', '\'', '$', '\\', '^', '%', '`', "\0", "\x00", "\x1A", "⁄∩");
$replace = array('|', ''', '$', '\', '^', '%', '`', '', '', '', '');
$msg = str_replace($search, $replace, $msg);
$msg = stripslashes(trim($msg));
return $check;
}
function generate($number){
$arr = array('a','b','c','d','e','f','g','h','i','j','k','l','m','n','o','p','r','s','t','u','v','x','y','z','A','B','C','D','E','F','G','H','I','J','K','L','M','N','O','P','R','S','T','U','V','X','Y','Z','1','2','3','4','5','6','7','8','9','0');
// Генерируем пароль
$pass = '';
for($i = 0; $i < $number; $i++){
// Вычисляем случайный индекс массива
$index = rand(0, count($arr) - 1);
$pass .= $arr[$index];
}
return $pass;
}
function navig($page, $link, $pages) {
if ($pages > 1) {
echo '</div><div class="main">Cтр.: ';
for ($k = 1; $k <= $pages; $k++) {
if ( $k == 1 or $k == $pages or 2 >= ($page - $k) and -2 <= ($page - $k) ) {
if ($k == $page) {
$write = '<u>'.$k.'</u> ';
} else {
$write = '<a href="'.$link.'p='.$k.'">'.$k.'</a> ';
}
echo $write;
}
}
}
}
function bb($msg){
$result_sm = mysql_query("SELECT * FROM `smiles`");
while ($s = mysql_fetch_assoc($result_sm)) {
$msg = str_replace($s['code'], '<img src="'.$s['path'].'" alt="" />', $msg);
}
$msg = preg_replace("#\[url=(.*?)\](.*?)\[/url\]#si", "<a href=\"\\1\">\\2</a>", $msg);
$msg = preg_replace("#\[red\](.*?)\[/red\]#si", "<span style=\"color: red\">\\1</span>", $msg);
$msg = preg_replace("#\[blue\](.*?)\[/blue\]#si", "<span style=\"color: blue\">\\1</span>", $msg);
$msg = preg_replace("#\[black\](.*?)\[/black\]#si", "<span style=\"color: black\">\\1</span>", $msg);
$msg = preg_replace("#\[green\](.*?)\[/green\]#si", "<span style=\"color: green\">\\1</span>", $msg);
$msg = preg_replace("#\[orange\](.*?)\[/orange\]#si", "<span style=\"color: orange\">\\1</span>", $msg);
$msg = preg_replace("#\[pink\](.*?)\[/pink\]#si", "<span style=\"color: pink\">\\1</span>", $msg);
$msg = preg_replace("#\[gray\](.*?)\[/gray\]#si", "<span style=\"color: gray\">\\1</span>", $msg);
$msg = preg_replace("#\[big\](.*?)\[/big\]#si", "<span style=\"font-size: 20px\">\\1</span>", $msg);
$msg = preg_replace("#\[small\](.*?)\[/small\]#si", "<span style=\"font-size: 8px\">\\1</span>", $msg);
$msg = preg_replace("#\[b\](.*?)\[/b\]#si", "<b>\\1</b>", $msg);
$msg = preg_replace("#\[u\](.*?)\[/u\]#si", "<u>\\1</u>", $msg);
$msg = preg_replace("#\[i\](.*?)\[/i\]#si", "<i>\\1</i>", $msg);
$msg = preg_replace("#\[strike\](.*?)\[/strike\]#si", "<strike>\\1</strike>", $msg);
return nl2br($msg);
}
function access($id_user) {
$user_r = mysql_query("SELECT `access` FROM `users` WHERE `id` = '$id_user'");
$user = mysql_fetch_assoc($user_r);
switch($user['access']) {
case '1': $access = 'Куратор'; break;
case '2': $access = 'Модератор'; break;
case '3': $access = 'Администратор'; break;
default: $access = 'Пользователь'; break;
}
return $access;
}
function login($id) {
if ($id == 0) {
return 'Гость';
} else {
$user_r = mysql_query("SELECT `login`, `access` FROM `users` WHERE `id` = '$id'");
$user = mysql_fetch_assoc($user_r);
if ($user['login']) {
switch($user['access']) {
case '1': $user['login'] = '<font color="green">'.$user['login'].'</font>'; break;
case '2': $user['login'] = '<font color="blue">'.$user['login'].'</font>'; break;
case '3': $user['login'] = '<font color="red">'.$user['login'].'</font>'; break;
default: $user['login']; break;
}
return $user['login'];
} else {
return '<font color="grey">удален</font>';
}
}
}
function login_simple($id){
if ($id == 0) {
return 'Гость';
} else {
$user_r = mysql_query("SELECT `login` FROM `users` WHERE `id` = '$id'");
$user = mysql_fetch_assoc($user_r);
if ($user['login']) {
return $user['login'];
} else {
return 'удален';
}
}
}
function get_id($login){
$user_r = mysql_query("SELECT `id` FROM `users` WHERE `login` = '$login'");
$user = mysql_fetch_assoc($user_r);
return $user['id'];
}
function online($time, $id_user) {
$online_r = mysql_query("SELECT `id` FROM `online` WHERE `id_user` = '$id_user'");
if (mysql_num_rows($online_r)) {
return '<font color="green">'.$time.'</font>';
} else {
return $time;
}
}
function size($filesize) {
if ($filesize < 1000000) {
$kb = round($filesize / 1000, 3);
$result = $kb.' Kb';
} else {
$mb = round($filesize / 1000000, 3);
$result = $mb.' Mb';
}
return $result;
}
function ext($filename) {
return substr(strrchr($filename, '.'), 1);
}
?>