File size: 4.87Kb
<?php
$show_all = true;
$input_page = true;
only_unreg();
if ( isset( $_GET['id'] ) && isset( $_GET['pass'] ) ) {
if ( db::count("SELECT COUNT(*) FROM `user` WHERE `id` = '" . intval( $_GET['id'] ) . "' AND `pass` = '" . shif( $_GET['pass'] ) . "' LIMIT 1") == 1 ) {
$user = get_user( $_GET['id'] );
$_SESSION['id_user'] = $user['id'];
db::query("UPDATE `user` SET `date_aut` = " . time() . " WHERE `id` = '$user[id]' LIMIT 1");
db::query("UPDATE `user` SET `date_last` = " . time() . " WHERE `id` = '$user[id]' LIMIT 1");
db::query("INSERT INTO `user_log` (`id_user`, `time`, `ua`, `ip`, `method`) values('$user[id]', '$time', '$user[ua]' , '$user[ip]', '0')");
} else
$_SESSION['err'] = 'Неправильный логин или пароль';
} elseif ( isset( $_POST['nick'] ) && isset( $_POST['pass'] ) ) {
if ( db::count("SELECT COUNT(*) FROM `user` WHERE `nick` = '" . my_esc( $_POST['nick'] ) . "' AND `pass` = '" . shif( $_POST['pass'] ) . "' LIMIT 1") ) {
$user = db::fetch("SELECT `id` FROM `user` WHERE `nick` = '" . my_esc( $_POST['nick'] ) . "' AND `pass` = '" . shif( $_POST['pass'] ) . "' LIMIT 1", ARRAY_A);
$_SESSION['id_user'] = $user['id'];
$user = get_user( $user['id'] );
if ( isset( $_POST['aut_save'] ) && $_POST['aut_save'] ) {
setcookie( 'id_user', $user['id'], time() + 60 * 60 * 24 * 365 );
setcookie( 'pass', cookie_encrypt( $_POST['pass'] ), time() + 60 * 60 * 24 * 365 );
}
db::query("UPDATE `user` SET `date_aut` = '$time', `date_last` = '$time' WHERE `id` = '$user[id]' LIMIT 1");
db::query("INSERT INTO `user_log` (`id_user`, `time`, `ua`, `ip`, `method`) values('$user[id]', '$time', '$user[ua]' , '$user[ip]', '1')");
} else
$_SESSION['err'] = 'Неправильный логин или пароль';
} elseif ( isset( $_COOKIE['id_user'] ) && isset( $_COOKIE['pass'] ) && $_COOKIE['id_user'] && $_COOKIE['pass'] ) {
if ( db::count("SELECT COUNT(*) FROM `user` WHERE `id` = " . intval( $_COOKIE['id_user'] ) . " AND `pass` = '" . shif(cookie_decrypt($_COOKIE['pass'])) . "' LIMIT 1") == 1 ) {
$user = get_user( $_COOKIE['id_user'] );
$_SESSION['id_user'] = $user['id'];
db::query("UPDATE `user` SET `date_aut` = '$time', `date_last` = '$time' WHERE `id` = '$user[id]' LIMIT 1");
$user['type_input'] = 'cookie';
} else {
$_SESSION['err'] = 'Ошибка авторизации по COOKIE';
setcookie( 'id_user' );
setcookie( 'pass' );
}
} else
$_SESSION['err'] = 'Ошибка авторизации';
if ( !isset( $user ) ) {
header( 'Location: /aut.php' );
exit;
}
if ( isset( $ip2['add'] ) )
db::query("UPDATE `user` SET `ip` = " . ip2long( $ip2['add'] ) . " WHERE `id` = '$user[id]' LIMIT 1");
else
db::query("UPDATE `user` SET `ip` = null WHERE `id` = '$user[id]' LIMIT 1");
if ( isset( $ip2['cl'] ) )
db::query("UPDATE `user` SET `ip_cl` = " . ip2long( $ip2['cl'] ) . " WHERE `id` = '$user[id]' LIMIT 1");
else
db::query("UPDATE `user` SET `ip_cl` = null WHERE `id` = '$user[id]' LIMIT 1");
if ( isset( $ip2['xff'] ) )
db::query("UPDATE `user` SET `ip_xff` = " . ip2long( $ip2['xff'] ) . " WHERE `id` = '$user[id]' LIMIT 1");
else
db::query("UPDATE `user` SET `ip_xff` = null WHERE `id` = '$user[id]' LIMIT 1");
if ( $ua )
db::query("UPDATE `user` SET `ua` = '" . my_esc( $ua ) . "' WHERE `id` = '$user[id]' LIMIT 1");
db::query("UPDATE `user` SET `sess` = '$sess' WHERE `id` = '$user[id]' LIMIT 1");
db::query("UPDATE `user` SET `browser` = '" . ( $webbrowser == true ? "wap" : "web") . "' WHERE `id` = '$user[id]' LIMIT 1" );
$collision_q = db::query("SELECT * FROM `user` WHERE `ip` = '$iplong' AND `ua` = '" . my_esc( $ua ) . "' AND `date_last` > '" . ( time() - 600 ) . "' AND `id` <> '$user[id]'");
while ( $collision = $collision_q->fetch_assoc() ) {
if ( db::count("SELECT COUNT(*) FROM `user_collision` WHERE `id_user` = '$user[id]' AND `id_user2` = '$collision[id]' OR `id_user2` = '$user[id]' AND `id_user` = '$collision[id]'") == 0 )
db::query("INSERT INTO `user_collision` (`id_user`, `id_user2`, `type`) values('$user[id]', '$collision[id]', 'ip_ua_time')");
}
if ( isset( $user ) && $user['rating_tmp'] > 1000 ) {
$col = $user['rating_tmp'];
$col = $col / 1000;
$col = intval( $col );
db::query("update `user` set `rating` = '" . ( $user['rating'] + $col ) . "' where `id` = '$user[id]' limit 1");
$_SESSION['message'] = "Поздравляем! Вам за вашу активность начислено $col% рейтинга!";
$col = $user['rating_tmp'] - ( $col * 1000 );
db::query("update `user` set `rating_tmp` = '$col' where `id` = '$user[id]' limit 1");
}
header('Location: ' . ds_site_url() . '/my_aut.php');