View file system/sys.php

File size: 18.08Kb
<?php
// by mides (Mike O.), coolcms.mobi

// choose whether you wanna show the error or not; 1 - yes, 0 - no
$debugmode = 0;
if ($debugmode) {
  @error_reporting(E_ALL);
  @ini_set('display_errors', true);
  @ini_set('html_errors', true);
  @ini_set('error_reporting', E_ALL);
} else {
  @error_reporting(E_ALL ^ E_NOTICE);
  @ini_set('display_errors', false);
  @ini_set('html_errors', false);
  @ini_set('error_reporting', E_ALL ^ E_NOTICE);
}

//session_name('SID');

// check $_GET to make sure it's Ok
foreach ($_GET as $check_url) {
    if (!is_string($check_url) || !preg_match('#^(?:[a-z0-9_\-/]+|\.+(?!/))*$#i', $check_url)) {
    header ('Location: ../');
    exit;
    } 
} 
unset($check_url);

// let's connect to our DataBase
require_once 'db.php';
$connect = mysql_connect(DBHOST, DBUSER, DBPASS) or die(mysql_error('Ошибка подключения к БД. Неверный пользователь или пароль.'));
mysql_query('SET NAMES `utf8`', $connect);
mysql_select_db(DBNAME, $connect) or die('Не правильно прописано название БД.');

define ('HOME', $_SERVER['HTTP_HOST']);
define ('HTTPHOME', 'http://'.HOME);

// getting main variables
$id = isset($_GET['id']) ? abs(intval($_GET['id'])) : 0;
$act = isset($_GET['act']) ? check($_GET['act']) : FALSE;
$title = isset($title) ? $title : FALSE;
$m_title = empty($title) ? HOME : $title.' - '.HOME;
$page = isset($_GET['p']) ? abs(intval($_GET['p'])) : 1;
$pages = isset($pages) ? abs(intval($pages)) : 0;
$ok = isset($_GET['ok']) ? 1 : FALSE;
$spam = isset($_SESSION['spam']) ? $_SESSION['spam'] : FALSE;

$ip = $_SERVER['REMOTE_ADDR'];
$user_agent = $_SERVER['HTTP_USER_AGENT'];

$level = 0;
$flevel = '';
while (!file_exists($flevel.'a.php') && $level < 5) {
    $flevel .= '../';
    ++$level;
} 
unset($level);
define ('FLEVEL', $flevel);
define('TIME', time());

// let's get the default site settings
$config_r = mysql_query("SELECT * FROM `config` WHERE `id` = 1");
$config = mysql_fetch_assoc($config_r);

if (isset($_COOKIE['cusername']) and isset($_COOKIE['cpassword'])) {
    $cusername = check($_COOKIE['cusername']);
    $cpassword = check($_COOKIE['cpassword']);

    $query = mysql_query("SELECT * FROM `users` WHERE `username` = '$cusername' and `password` = '$cpassword' LIMIT 1");
    $u = mysql_fetch_assoc($query);

    if ($u['id']) {
        $config['style'] = $u['style'];
        $config['onpage'] = $u['onpage'];
        $config['language'] = $u['language'];

        // kick, ban
		$ban_r = mysql_query("SELECT `id` FROM `ban` WHERE `id_user` = '$u[id]' and `until` > '".TIME."'");
		if (mysql_num_rows($ban_r)) {
            header('location: '.HTTPHOME.'/banned.php');
        }
        mysql_query("UPDATE `users` SET `lastvisit` = '".TIME."' WHERE `id` = '$u[id]'");

        if (utf_lower($u['username']) != $cusername OR $u['password'] != $cpassword) {
            setcookie('cusername', '', TIME - 86400*31);
            setcookie('cpassword', '', TIME - 86400*31);
        }
    }
} else {
	$u = 0;
}

// the whole online thing
$where = empty($u['id']) ? "WHERE `ip` = '$ip'" : "WHERE `id_user` = '$u[id]'";
$online_r = mysql_query("SELECT `id_user` FROM `online` $where");
if (mysql_num_rows($online_r)) {
	mysql_query("UPDATE `online` SET `place` = '$title', `time` = '".TIME."' $where");
} else {
	mysql_query("INSERT INTO `online` SET `id_user` = '$u[id]', `ip` = '$ip', `user_agent` = '$user_agent', `place` = '$title', `time` = '".TIME."'");
}
mysql_query("DELETE FROM `online` WHERE `time` <= '".(TIME - 60 * 3)."'");


if (!file_exists($flevel.'inc/styles/'.$config['style'].'/style.css')) {
    $config['style'] = 'default';
}

// checking language (settting default one if check failed)
if (!file_exists($flevel.'language/'.$config['language'].'.php')) {
    $config['language'] = 'russian';
}
require_once $flevel.'language/'.$config['language'].'.php';

// CoolCMS FUNCTIONS //

function sendpm($id_user, $msg) {
    $pm_r = mysql_query("SELECT `id` FROM `pm` WHERE (`id_user` = '$id_user' and `id_sender` = '-1') OR (`id_user` = '-1' and `id_sender` = '$id_user')");
    $pm = mysql_fetch_assoc($pm_r);
    if ($pm ['id']) {
        $id_pm = $pm['id'];
        mysql_query("UPDATE `pm` SET `time` = '".TIME."' WHERE `id` = '$id_pm'");
    } else {
        mysql_query("INSERT INTO `pm` SET `id_user` = '$id_user', `id_sender` = '-1', `time` = '".TIME."'");
        $id_pm = mysql_insert_id();
    }
    mysql_query("INSERT INTO `pm_msg` SET `id_pm` = '$id_pm', `id_user` = '$id_user', `id_sender` = '-1', `text` = '$msg', `time` = '".TIME."'");
}

function access($access) {
    global $u;
    if ($u['id']) {
        if ($u['access'] == $access or $u['access'] > $access) {
            return true;
        }
    }
    return false;
}

function access2($id_user) {
    global $lang;
    $user_r = mysql_query("SELECT `access` FROM `users` WHERE `id` = '$id_user'");
    $user = mysql_fetch_assoc($user_r);
    switch($user['access']) {
		case '1': $access = $lang['curator']; break;
		case '2': $access = $lang['moderator']; break;
		case '3': $access = $lang['administrator']; break;
		default: $access = $lang['User']; break;
    }
    return $access;
}

function highlight() {
	//
}

function bb($msg){
    $result_sm = mysql_query("SELECT * FROM `smiles`");
    while ($s = mysql_fetch_assoc($result_sm)) {
            $msg = str_replace($s['code'], '<img src="'.FLEVEL.$s['path'].'" alt="'.$s['code'].'" />', $msg);
    }			
    $msg = preg_replace("#\[red\](.*?)\[/red\]#si", "<span style=\"color: red\">\\1</span>", $msg);
    $msg = preg_replace("#\[blue\](.*?)\[/blue\]#si", "<span style=\"color: blue\">\\1</span>", $msg);
    $msg = preg_replace("#\[black\](.*?)\[/black\]#si", "<span style=\"color: black\">\\1</span>", $msg);
    $msg = preg_replace("#\[green\](.*?)\[/green\]#si", "<span style=\"color: green\">\\1</span>", $msg);
    $msg = preg_replace("#\[orange\](.*?)\[/orange\]#si", "<span style=\"color: orange\">\\1</span>", $msg);
    $msg = preg_replace("#\[pink\](.*?)\[/pink\]#si", "<span style=\"color: pink\">\\1</span>", $msg);
    $msg = preg_replace("#\[gray\](.*?)\[/gray\]#si", "<span style=\"color: gray\">\\1</span>", $msg);
    $msg = preg_replace("#\[big\](.*?)\[/big\]#si", "<span style=\"font-size: 20px\">\\1</span>", $msg);
    $msg = preg_replace("#\[small\](.*?)\[/small\]#si", "<span style=\"font-size: 8px\">\\1</span>", $msg);
    $msg = preg_replace("#\[b\](.*?)\[/b\]#si", "<b>\\1</b>", $msg);
    $msg = preg_replace("#\[u\](.*?)\[/u\]#si", "<u>\\1</u>", $msg);
    $msg = preg_replace("#\[i\](.*?)\[/i\]#si", "<i>\\1</i>", $msg);
    $msg = preg_replace("#\[strike\](.*?)\[/strike\]#si", "<strike>\\1</strike>", $msg);
    $msg = preg_replace("#\[q\](.*?)\[/q\]#si", "<div class=\"quote\">\\1</div>", $msg);
    $msg = preg_replace_callback('~\[url=((https?|ftp)://.+?)\](.+?)\[/url\]|((https?|ftp)://[0-9a-zа-яё/.;?=\(\)\_\-&%#]+)~ui', 'url_replace', $msg);
    return nl2br($msg);
}

function bbpanel($form, $field) {
	return '<script language="JavaScript" type="text/javascript">
	function tag(text1, text2) {
	if ((document.selection)) {
		document.' . $form . '.' . $field . '.focus();
		document.' . $form . '.document.selection.createRange().text = text1+document.' . $form . '.document.selection.createRange().text+text2;
	} else if(document.forms[\'' . $form . '\'].elements[\'' . $field . '\'].selectionStart!=undefined) {
		var element = document.forms[\'' . $form . '\'].elements[\'' . $field . '\'];
		var str = element.value;
		var start = element.selectionStart;
		var length = element.selectionEnd - element.selectionStart;
		element.value = str.substr(0, start) + text1 + str.substr(start, length) + text2 + str.substr(start + length);
	} else 
		document.' . $form . '.' . $field . '.value += text1+text2;
	}
	</script>
	<script type="text/javascript" src="http://code.jquery.com/jquery-1.4.2.min.js"></script>
	
	<a href="javascript:tag(\'[b]\', \'[/b]\')"><img src="'.HTTPHOME.'/inc/bb/bold.png" alt="b" title="Жирный"/></a>
	<a href="javascript:tag(\'[i]\', \'[/i]\')"><img src="'.HTTPHOME.'/inc/bb/italic.png" alt="i" title="Наклонный"/></a>
	<a href="javascript:tag(\'[u]\', \'[/u]\')"><img src="'.HTTPHOME.'/inc/bb/underline.png" alt="u" title="Подчёркнутый"/></a>
	<a href="javascript:tag(\'[strike]\', \'[/strike]\')"><img src="'.HTTPHOME.'/inc/bb/strike.png" alt="s" title="Перечёркнутый"/></a>
	<a href="javascript:tag(\'[url=]\', \'[/url]\')"><img src="'.HTTPHOME.'/inc/bb/link.png" alt="url" title="Ссылка" /></a>
	<a href="javascript:tag(\' :)\', \'\')"><img src="'.HTTPHOME.'/inc/smiles/1.gif" alt=":)" title=":)" /></a>
	<a href="javascript:tag(\' :(\', \'\')"><img src="'.HTTPHOME.'/inc/smiles/7.gif" alt=":(" title=":(" /></a>
	<a href="javascript:tag(\' ;/\', \'\')"><img src="'.HTTPHOME.'/inc/smiles/33.gif" alt=";/" title=";/" /></a>
	<a href="http://upfiles.mobi/upload/" target="_blank"><img src="'.HTTPHOME.'/inc/attach.png" alt="attach" title="Загрузить файл" /></a>';

}

function ccdate($time, $user_4_online) {
    if (date('d.m.y', $time) == date('d.m.y', time())) {
        $date = date('<b>H:i</b>', $time);
    } else {
        $date = date('d.m.y, H:i', $time);
    }

    if (!empty($user_4_online)) {
        $online_r = mysql_query("SELECT `id` FROM `online` WHERE `id_user` = '$user_4_online'");
        if (mysql_num_rows($online_r)) {
            $date = '<font color="green">[On]</font> '.$date;
        } else {
			$date = '<font color="red">[Off]</font> '.$date;
		}
    }
    return '<span style="font-size: 10px">'.$date.'</span>';
}

function check($check){
    $check = htmlspecialchars(mysql_real_escape_string($check));

    //$search = array('|', '\'', '$', '\\', '^', '%', '`', "\0", "\x00", "\x1A", "‮⁄∩");
    //$replace = array('&#124;', '&#39;', '&#36;', '&#92;', '&#94;', '&#37;', '&#96;', '', '', '', '');
    //$msg = str_replace($search, $replace, $msg);

    //$msg = stripslashes(trim($msg));
    return $check;
}

function error($error){
    echo '<div class="title">Ошибка!</div><div class="main">'.$error;
    return;
}

function ext($filename) {
    return substr(strrchr($filename, '.'), 1);
}

function generate($number){
    $arr = array('a','b','c','d','e','f','g','h','i','j','k','l','m','n','o','p','r','s','t','u','v','x','y','z','A','B','C','D','E','F','G','H','I','J','K','L','M','N','O','P','R','S','T','U','V','X','Y','Z','1','2','3','4','5','6','7','8','9','0');  
    // Генерируем пароль  
    $pass = '';  
    for($i = 0; $i < $number; $i++){
        // Вычисляем случайный индекс массива
        $index = rand(0, count($arr) - 1);
        $pass .= $arr[$index];  
    }
    return $pass;  
}

function id($username){
    $user_r = mysql_query("SELECT `id` FROM `users` WHERE `username` = '$username'");
    $user = mysql_fetch_assoc($user_r);
    if (isset($user['id'])) {
        return $user['id'];
    }
    return FALSE;
}

function info($info){
    global $lang;
    echo '<div class="title">'.$lang['info'].'</div><div class="main">'.$info;
    return;
}

function login($id) {
    if ($id == 0) {
        return 'Guest';
    } elseif ($id == -1) {
        return 'System';
    } else {
        $user_r = mysql_query("SELECT `username`, `access` FROM `users` WHERE `id` = '$id'");
        $user = mysql_fetch_assoc($user_r);
        if ($user['username']) {
            switch($user['access']) {
                case '1': $user['username'] = '<font color="green">'.$user['username'].'</font>'; break;
                case '2': $user['username'] = '<font color="blue">'.$user['username'].'</font>'; break;
                case '3': $user['username'] = '<font color="red">'.$user['username'].'</font>'; break;
                default: $user['username']; break;
            }
            return $user['username'];
        } else {
            return '<font color="grey">deleted</font>';
        }
    }
}
function username($id) {
    if ($id == 0) {
        return 'Guest';
    } elseif ($id == -1) {
        return 'System';
    } else {
        $user_r = mysql_query("SELECT `username`, `access` FROM `users` WHERE `id` = '$id'");
        $user = mysql_fetch_assoc($user_r);
        if ($user['username']) {
            switch($user['access']) {
                case '1': $user['username'] = '<font color="green">'.$user['username'].'</font>'; break;
                case '2': $user['username'] = '<font color="blue">'.$user['username'].'</font>'; break;
                case '3': $user['username'] = '<font color="red">'.$user['username'].'</font>'; break;
                default: $user['username']; break;
            }
            return $user['username'];
        } else {
            return '<font color="grey">deleted</font>';
        }
    }
}

function justusername($id){
    if ($id == 0) {
        return 'Гость';
    } else {
        $user_r = mysql_query("SELECT `username` FROM `users` WHERE `id` = '$id'");
        $user = mysql_fetch_assoc($user_r);
        if ($user['username']) {
                return $user['username'];
        } else {
                return 'deleted';
        }
    }
}

function nav($link){
    echo '</div><div class="navigation"><a href="'.$link.'">Назад</a><br /><a href="../">На главную</a></div>';
    return;
}

function nav2($link, $link_name){
    echo '</div><div class="navigation"><a href="'.$link.'">'.$link_name.'</a><br /><a href="../">На главную</a></div>';
    return;
}

function navig($page, $link, $pages) {
    global $lang;
    if ($pages > 1) {
        echo '</div><div class="main">'.$lang['pages'].': ';
        for ($k = 1; $k <= $pages; $k++) {
            if ( $k == 1 or $k == $pages or 2 >= ($page - $k) and -2 <= ($page - $k) ) {
                if ($k == $page) {
                    $write = '<u>'.$k.'</u> ';
                } else {
                    $write = '<a href="'.$link.'p='.$k.'">'.$k.'</a> ';
                }
                echo $write;
            }
        }
    }
}

function nav_main() {
    global $lang;
    echo '</div><div class="navigation"><a href="'.HTTPHOME.'">'.$lang['home'].'</a></div>';
    return;
}

function note() {
    if (isset($_SESSION['note'])) {
        echo '<b>'.$_SESSION['note'].'</b><br />';
        unset($_SESSION['note']);
    }
}

function online($time, $id_user) {
    $online_r = mysql_query("SELECT `id` FROM `online` WHERE `id_user` = '$id_user'");
    if (mysql_num_rows($online_r)) {
        return '<font color="green">'.$time.'</font>';
    } else {
        return $time;
    }
}

function redirect($url) {
    header('location: '.$url);
    exit;
}

function size($filesize) {
    if ($filesize < 1000000) {
        $kb = round($filesize / 1000, 3);
        $result = $kb.' Kb';
    } else {
        $mb = round($filesize / 1000000, 3);
        $result = $mb.' Mb';
    }
    return $result;
}

function str_to_en($string) {
    $converter = array(
        'а' => 'a',   'б' => 'b',   'в' => 'v',
        'г' => 'g',   'д' => 'd',   'е' => 'e',
        'ё' => 'e',   'ж' => 'zh',  'з' => 'z',
        'и' => 'i',   'й' => 'y',   'к' => 'k',
        'л' => 'l',   'м' => 'm',   'н' => 'n',
        'о' => 'o',   'п' => 'p',   'р' => 'r',
        'с' => 's',   'т' => 't',   'у' => 'u',
        'ф' => 'f',   'х' => 'h',   'ц' => 'c',
        'ч' => 'ch',  'ш' => 'sh',  'щ' => 'sch',
        'ь' => 'b',  'ы' => 'y',   'ъ' => 'b',
        'э' => 'e',   'ю' => 'yu',  'я' => 'ya',
        
        'А' => 'A',   'Б' => 'B',   'В' => 'V',
        'Г' => 'G',   'Д' => 'D',   'Е' => 'E',
        'Ё' => 'E',   'Ж' => 'Zh',  'З' => 'Z',
        'И' => 'I',   'Й' => 'Y',   'К' => 'K',
        'Л' => 'L',   'М' => 'M',   'Н' => 'N',
        'О' => 'O',   'П' => 'P',   'Р' => 'R',
        'С' => 'S',   'Т' => 'T',   'У' => 'U',
        'Ф' => 'F',   'Х' => 'H',   'Ц' => 'C',
        'Ч' => 'Ch',  'Ш' => 'Sh',  'Щ' => 'Sch',
        'Ь' => 'b',  'Ы' => 'Y',   'Ъ' => 'b',
        'Э' => 'E',   'Ю' => 'Yu',  'Я' => 'Ya',
    );
	return strtr($string, $converter);
}

function tp($title){
    echo '<div class="title">'.$title.'</div><div class="main">';
    return;
}

function url_replace($m) {
    if (!isset($m[4])) {
        $target = (strpos($m[1], HTTPHOME) === false) ? ' target="_blank"' : '';
        return '<a href="'.$m[1].'"'.$target.'>'.check(rawurldecode(html_entity_decode($m[3], ENT_QUOTES, 'utf-8'))).'</a>';
    } else {
        $target = (strpos($m[4], HTTPHOME) === false) ? ' target="_blank"' : '';
        return '<a href="'.$m[4].'"'.$target.'>'.check(rawurldecode(html_entity_decode($m[4], ENT_QUOTES, 'utf-8'))).'</a>';
    } 
}

function user($id, $field) {
    $user_r = mysql_query("SELECT `$field` FROM `users` WHERE `id` = '$id'");
    $user = mysql_fetch_assoc($user_r);
    if (isset($user[$field])) {
        return $user[$field];
    }
    return FALSE;
}

function utf_lower($str) {
	if (function_exists('mb_strtolower')) return mb_strtolower($str, 'utf-8');

	$arraytolower = array('А' => 'а', 'Б' => 'б', 'В' => 'в', 'Г' => 'г', 'Д' => 'д', 'Е' => 'е', 'Ё' => 'ё', 'Ж' => 'ж', 'З' => 'з', 'И' => 'и', 'Й' => 'й', 'К' => 'к', 'Л' => 'л', 'М' => 'м', 'Н' => 'н', 'О' => 'о', 'П' => 'п', 'Р' => 'р', 'С' => 'с', 'Т' => 'т', 'У' => 'у', 'Ф' => 'ф', 'Х' => 'х', 'Ц' => 'ц', 'Ч' => 'ч', 'Ш' => 'ш', 'Щ' => 'щ', 'Ь' => 'ь', 'Ъ' => 'ъ', 'Ы' => 'ы', 'Э' => 'э', 'Ю' => 'ю', 'Я' => 'я',
		'A' => 'a', 'B' => 'b', 'C' => 'c', 'D' => 'd', 'E' => 'e', 'I' => 'i', 'F' => 'f', 'G' => 'g', 'H' => 'h', 'J' => 'j', 'K' => 'k', 'L' => 'l', 'M' => 'm', 'N' => 'n', 'O' => 'o', 'P' => 'p', 'Q' => 'q', 'R' => 'r', 'S' => 's', 'T' => 't', 'U' => 'u', 'V' => 'v', 'W' => 'w', 'X' => 'x', 'Y' => 'y', 'Z' => 'z');

	return strtr($str, $arraytolower);
} 
























?>