<?php
session_start();
$login = mysql_real_escape_string($_SESSION['login']);
$sid = htmlspecialchars(substr(session_id(),0,32), ENT_QUOTES);
function getip() {
if(getenv("HTTP_CLIENT_IP")) {
$ip = getenv("HTTP_CLIENT_IP");
} elseif(getenv("HTTP_X_FORWARDED_FOR")) {
$ip = getenv("HTTP_X_FORWARDED_FOR");
} else {
$ip = getenv("REMOTE_ADDR");
}
$ip = htmlspecialchars(substr($ip,0,15), ENT_QUOTES);
return $ip;
}
// Поехали определять язык
$lang = $_GET['lang'];
if($lang && (file_exists("lng/".$lang.".php") || file_exists("../lng/".$lang.".php"))) {
setcookie("langs", $lang, time() + 9592000000, "/");
} else {
$langs = htmlspecialchars(substr($_COOKIE['langs'],0,2), ENT_QUOTES);
if(!$langs) {
$l = htmlspecialchars(substr($_SERVER['HTTP_ACCEPT_LANGUAGE'],0,2), ENT_QUOTES);
if(file_exists("lng/".$l.".php")) {
$lang = $l;
} else {
$lang = $cfgLNG;
}
} else {
$lang = $langs;
}
}
include "lng/".$lang.".php";
// Заклнчили с языком
$ref = intval($_GET['ref']);
if($ref) {
setcookie("referal", $ref, time() + 2592000);
}
$referal = intval($_COOKIE['referal']);
function as_md5($key, $pass) {
$pass = md5($key.md5("Z&".$key."x_V".htmlspecialchars($pass, ENT_QUOTES)));
return $pass;
}
if (mysql_num_rows(mysql_query("SELECT * FROM blacklist_ip WHERE ip = '".getip()."' LIMIT 1"))) {
include "lib/errors/banip.php";
exit();
}
// Если сессии нет, проверяем cookies
if(!$login) {
if($_COOKIE['p_up1']) {
$get_user = mysql_query("SELECT login, pass, mail FROM users WHERE id = ".intval($_COOKIE['p_up1'])." LIMIT 1");
$row = mysql_fetch_array($get_user);
$login = $row['login'];
$pass = $row['pass'];
$mail = $row['mail'];
$user_pass = as_md5($key, $pass.$key.$login);
if($_COOKIE['p_up2'] == $user_pass) {
session_register('login');
} else {
$login = "";
}
}
}
// Вытаскиваем данные с юзера
if($login) {
$get_user_info = mysql_query("SELECT id, login, pass, mail, status, balance, wmz FROM users WHERE login = '".$login."' LIMIT 1");
$row = mysql_fetch_array($get_user_info);
$user_id = $row['id'];
$login = $row['login'];
$user_pass = $row['pass'];
$user_mail = $row['mail'];
$status = $row['status'];
$balance = $row['balance'];
$uwmz = $row['wmz'];
mysql_query("UPDATE users SET go_time = ".time().", ip = '".getip()."' WHERE id = ".$user_id." LIMIT 1");
$newmsgs = mysql_num_rows(mysql_query("SELECT `id` FROM `msgs` WHERE `to_id` = ".$user_id." AND `read` = 0"));
if($status == 3) {
include "lib/errors/banlogin.php";
exit();
}
} else {
$user_id = 0;
$login = "";
$user_pass = "";
$user_mail = "";
$status = 0;
$balance = 0;
$uwmz = "";
}
if(!$idpg) {
$idpg = 1;
}
$get_page_info = mysql_query("SELECT title, keywords, description, body, part FROM pages WHERE id = ".intval($idpg)." LIMIT 1");
$row = mysql_fetch_array($get_page_info);
$title = $row['title'];
$keywords = $row['keywords'];
$description = $row['description'];
$body = stripslashes($row['body']);
$part_page = $row['part'];
if($page == "news" && $_GET['id']) {
$get_news_info = mysql_query("SELECT subject, keywords, description, msg, date FROM news WHERE id = ".intval($_GET['id'])." LIMIT 1");
$row = mysql_fetch_array($get_news_info);
$title = $row['subject'];
$keywords = $row['keywords'];
$description = $row['description'];
$news_text = $row['msg'];
$news_date = $row['date'];
}
?>