function support_add($core, $user, $type, $text)
{
// Check all the parameters
$user = (int) $user;
$type = $type ? 1 : 0;
$text = $core->text->line($text);
if (!($core->user->id && $text && $user)) {
return false;
}
// Bad infoming data
$iptext = $core->server['REMOTE_ADDR'];
$ip = ip2int($iptext);
$geoipdata = geoip($core, $iptext);
if ($geoipdata) {
if ($geoipdata['city']) {
$geoip = $geoipdata['city'];
} elseif ($geoipdata['region']) {
$geoip = $geoipdata['region'];
} elseif ($geoipdata['district']) {
$geoip = $geoipdata['district'];
} elseif ($geoipdata['country']) {
$geoip = $geoipdata['country'];
} else {
$geoip = '';
}
} else {
$geoip = '';
}
// Add new message to the list
$sql = "INSERT INTO " . DB_SUPP . " SET supp_user = '******', user_id = '" . $core->user->id . "', user_name = '" . $core->user->name . "', supp_type = '{$type}', supp_time = '" . time() . "', supp_read = 0, supp_text = '{$text}', supp_ip = '{$ip}', supp_geo = '{$geoip}'";
if ($core->db->query($sql) && ($id = $core->db->lastid())) {
// Count new messages in the list
$cnt = $core->db->field("SELECT COUNT(*) FROM " . DB_SUPP . " WHERE supp_user = '******' AND supp_type = '{$type}' AND supp_read = 0");
$data = array('supp_last' => time(), 'supp_user' => $core->user->id, 'supp_name' => $core->user->name, 'supp_type' => $type, 'supp_notify' => 0);
if ($type) {
$data['supp_new'] = $cnt;
} else {
$data['supp_admin'] = $cnt;
}
$core->user->set($user, $data);
return $id;
} else {
return false;
}
// Database error
}
if (!$Err) {
$Secret = make_secret();
$torrent_pass = make_secret();
//Previously SELECT COUNT(ID) FROM users_main, which is a lot slower.
$DB->query("SELECT ID FROM users_main LIMIT 1");
$UserCount = $DB->record_count();
if ($UserCount == 0) {
$NewInstall = true;
$Class = SYSOP;
$Enabled = '1';
} else {
$NewInstall = false;
$Class = USER;
$Enabled = '0';
}
$ipcc = geoip($_SERVER['REMOTE_ADDR']);
$DB->query("INSERT INTO users_main \n\t\t\t\t(Username,Email,PassHash,Secret,IP,PermissionID,Enabled,Invites,ipcc) VALUES\n\t\t\t\t('" . db_string(trim($_POST['username'])) . "','" . db_string($_POST['email']) . "','" . db_string(make_hash($_POST['password'], $Secret)) . "','" . db_string($Secret) . "','" . db_string($_SERVER['REMOTE_ADDR']) . "','" . $Class . "','" . $Enabled . "','" . STARTING_INVITES . "', '{$ipcc}')");
$UserID = $DB->inserted_id();
//User created, delete invite. If things break after this point then it's better to have a broken account to fix, or a 'free' invite floating around that can be reused
$DB->query("DELETE FROM invites WHERE InviteKey='" . db_string($_REQUEST['invite']) . "'");
$DB->query("SELECT ID FROM stylesheets WHERE `Default`='1'");
list($StyleID) = $DB->next_record();
$AuthKey = make_secret();
$DB->query("INSERT INTO users_info (UserID, StyleID,AuthKey, Inviter, JoinDate) VALUES ('{$UserID}','{$StyleID}','" . db_string($AuthKey) . "', '{$InviterID}', '" . sqltime() . "')");
$DB->query("INSERT INTO users_history_ips\n\t\t\t\t\t(UserID, IP, StartTime) VALUES\n\t\t\t\t\t('{$UserID}', '" . db_string($_SERVER['REMOTE_ADDR']) . "', '" . sqltime() . "')");
$DB->query("INSERT INTO users_history_emails\n\t\t\t\t(UserID, Email, Time, IP) VALUES \n\t\t\t\t('{$UserID}', '" . db_string($_REQUEST['email']) . "', '0000-00-00 00:00:00', '" . db_string($_SERVER['REMOTE_ADDR']) . "')");
if ($_REQUEST['email'] != $InviteEmail) {
$DB->query("INSERT INTO users_history_emails\n\t\t\t\t\t(UserID, Email, Time, IP) VALUES \n\t\t\t\t\t('{$UserID}', '{$InviteEmail}', '" . sqltime() . "', '" . db_string($_SERVER['REMOTE_ADDR']) . "')");
}
// Manage invite trees, delete invite
if ($InviterID !== NULL) {
function notify ($Channel, $Message) {
global $LoggedUser;
send_irc("PRIVMSG ".$Channel." :".$Message." error by ".(!empty($LoggedUser['ID']) ? "http://".NONSSL_SITE_URL."/user.php?id=".$LoggedUser['ID'] ." (".$LoggedUser['Username'].")" : $_SERVER['REMOTE_ADDR']." (".geoip($_SERVER['REMOTE_ADDR']).")")." accessing http://".NONSSL_SITE_URL."".$_SERVER['REQUEST_URI'].(!empty($_SERVER['HTTP_REFERER'])? " from ".$_SERVER['HTTP_REFERER'] : ''));
}
function neworder($core, $data, $file = false)
{
$sid = (int) $data['site'];
$spc = (int) $data['from'];
$fid = (int) $data['flow'];
$oid = (int) $data['offer'];
$tgt = (int) $data['target'];
$iptext = $data['ip'];
$ip = ip2int($iptext);
$name = $data['name'] ? $core->text->line($data['name']) : 'Без Воображения';
$ind = (int) $data['index'];
$area = $core->text->line($data['area']);
$city = $core->text->line($data['city']);
$street = $core->text->line($data['street']);
$addr = $core->text->line($data['addr']);
if ($addr == 'Уточнить по телефону') {
$addr = '';
}
if ($addr == 'Адрес узнать по телефону') {
$addr = '';
}
$comm = $core->text->line($data['comm']);
$phone = (string) trim(preg_replace('#[^0-9]+#i', '', $data['phone']));
$pres = $data['present'] > 0 ? (int) $data['present'] : 0;
$cnt = $data['count'] > 0 ? (int) $data['count'] : 1;
$more = $data['more'] > 0 ? (int) $data['more'] : 0;
$dsc = $data['discount'] > 0 && $data['discount'] < 100 ? (int) $data['discount'] : 0;
$cntr = $data['country'] ? strtolower(substr($core->text->link($data['country']), 0, 2)) : false;
$dlvr = $data['delivery'] > 0 ? (int) $data['delivery'] : 1;
$exti = (int) $data['exti'];
$extu = $exti ? preg_replace('#[^0-9A-Za-z\\_\\-\\.]+#i', '', $data['extu']) : 0;
$exts = $exti ? preg_replace('#[^0-9A-Za-z\\_\\-\\.]+#i', '', $data['exts']) : 0;
$utmi = (int) $data['utmi'];
$utmc = (int) $data['utmc'];
$utms = (int) $data['utms'];
$items = is_array($data['items']) ? serialize($data['items']) : '';
$meta = $data['meta'] ? addslashes(serialize(unserialize(stripslashes($data['meta'])))) : '';
$addr1 = $core->text->line($data['addr1']);
$addr2 = $core->text->line($data['addr2']);
$addr3 = $core->text->line($data['addr3']);
if ($addr1) {
$addr .= ', ' . $addr1;
}
if ($addr2) {
$addr .= ', ' . $addr2;
}
if ($addr3) {
$addr .= ', ' . $addr3;
}
if (!($oid && ($offer = $core->wmsale->get('offer', $oid)))) {
return 'offer';
}
$site = $sid ? $core->wmsale->get('site', $sid) : false;
$flow = $fid ? $core->wmsale->get('flow', $fid) : false;
$ext = $exti ? $core->wmsale->get('ext', $exti) : false;
$status = $data['status'] ? (int) $data['status'] : 1;
if ($status == 1) {
$status = $offer['offer_payment'] == 1 ? 0 : 1;
}
$userid = $flow ? $flow['user_id'] : ($ext ? $ext['user_id'] : false);
if ($userid && $core->user->get($userid, 'user_ban')) {
return 'security';
}
if ($phone) {
// Name and address
$name = mb_ucwords($name);
if (!$ind) {
if (preg_match('#^([0-9]+)#i', $addr, $ind)) {
$ind = $ind[1];
$ad = preg_split('#[\\s,\\.]+#i', $addr, 2);
$addr = trim($ad[1], ' ,');
} else {
$ind = '';
}
}
// Price, presents and discounts
if ($data['items']) {
$price = $cnt = 0;
$vars = $core->wmsale->get('vars', $offer['offer_id']);
foreach ($vars as &$v) {
if ($data['items'][$v['var_id']]) {
$cnt += $data['items'][$v['var_id']];
$price += $data['items'][$v['var_id']] * $v['var_price'];
}
}
unset($v, $vars);
} else {
$price = $cnt * $offer['offer_price'];
}
if ($dsc) {
$price = ceil($price * ((100 - $dsc) / 100));
}
if ($pres) {
$price += $core->lang['presentp'][$pres];
}
if ($more) {
$price += $more;
}
if ($offer['offer_delivery']) {
$price += $core->lang['deliverp'][$dlvr];
} else {
$dlvr = 0;
}
// GeoIP data
$geoipdata = geoip($core, $iptext);
if ($geoipdata) {
$geoip = array('geoip_country' => $geoipdata['country'], 'geoip_city' => $geoipdata['city'], 'geoip_region' => $geoipdata['region'], 'geoip_district' => $geoipdata['district'], 'geoip_lat' => $geoipdata['lat'], 'geoip_lng' => $geoipdata['lng']);
if (!$cntr) {
$cntr = $geoip['geoip_country'];
}
if (!$addr && !$city) {
$city = $geoip['geoip_city'];
}
if (!$addr && !$area) {
$area = $geoip['geoip_region'];
}
} else {
$geoip = false;
}
// Check IP and phone
if ($phone[0] == '9' && strlen($phone) == 10) {
$phone = '7' . $phone;
}
if (substr($phone, 0, 2) == '89') {
$phone = '79' . substr($phone, 2);
}
if (substr($phone, 0, 2) == '99') {
$phone = '79' . substr($phone, 2);
}
$pok = substr($phone, 0, 2) == '79' ? 1 : 0;
// Check for bans
$phs = $core->db->field("SELECT `status` FROM " . DB_BAN_PH . " WHERE `phone` = '{$phone}' LIMIT 1");
$ips = $core->db->field("SELECT `status` FROM " . DB_BAN_IP . " WHERE `ip` = '{$ip}' LIMIT 1");
if ($phs || $ips) {
return 'ban';
}
// Guess gender automatically
$nc = new NCLNameCaseRu();
$gender = $nc->genderDetect($name) != NCL::$MAN ? 2 : 1;
unset($nc);
// Script based company guess
$comp = 0;
if ($offer['offer_script']) {
$scr = explode("\n", $offer['offer_script']);
foreach ($scr as $sc) {
// Prepare script line to process
$sc = trim($sc);
if (!$sc) {
continue;
}
// Get company for the script line
if (preg_match('/#([0-9]+)/si', $sc, $ms)) {
$cms = $ms[1];
} else {
continue;
}
// Get type and ID to match
if (preg_match('#([a-z]+)\\:([0-9]+)#si', $sc, $ms)) {
$iid = $ms[2];
$iit = $ms[1];
if (!($iid && $iit)) {
continue;
}
} else {
continue;
}
// Match if it matches
switch ($iit) {
case 'user':
if ($flow['user_id'] == $iid) {
$comp = $cms;
}
break;
case 'flow':
if ($fid == $iid) {
$comp = $cms;
}
break;
case 'site':
if ($sid == $iid) {
$comp = $cms;
}
break;
case 'space':
if ($spc == $iid) {
$comp = $cms;
}
break;
case 'ext':
if ($exti == $iid) {
$comp = $cms;
}
break;
case 'country':
if ($cntr == $iid) {
$comp = $cms;
}
break;
}
if ($comp) {
break;
}
// If script worked OK
}
unset($sc, $scr);
}
if (!$comp) {
if ($offer['offer_mr'] && !$site['site_comp']) {
$ct = $core->db->field("SELECT comp_id FROM " . DB_ORDER . " WHERE order_time > '" . (time() - 604800) . "' AND ( order_phone = '{$phone}' OR order_ip = '{$ip}' ) ORDER BY order_id DESC LIMIT 1");
$mrt = unserialize($offer['offer_mrt']);
if (!($ct && in_array($ct, $mrt))) {
if ($mrt && ($ct = wrand($mrt))) {
$comp = $ct;
} else {
$comp = $site['comp_id'];
}
} else {
$comp = $ct;
}
} else {
$comp = $site['comp_id'];
}
}
$data = array('offer_id' => $oid, 'comp_id' => $comp, 'wm_id' => $userid, 'flow_id' => $fid, 'site_id' => $sid, 'space_id' => $spc, 'target_id' => $tgt, 'utm_id' => $utmi, 'utm_src' => $utms, 'utm_cn' => $utmc, 'ext_id' => $exti, 'ext_uid' => $extu, 'ext_src' => $exts, 'order_time' => time(), 'order_ip' => $ip, 'order_country' => $cntr, 'order_name' => $name, 'order_gender' => $gender, 'order_phone' => $phone, 'order_phone_ok' => $pok, 'order_index' => $ind, 'order_area' => $area, 'order_city' => $city, 'order_street' => $street, 'order_addr' => $addr, 'order_items' => $items, 'order_meta' => $meta, 'order_count' => $cnt, 'order_present' => $pres, 'order_discount' => $dsc, 'order_delivery' => $dlvr, 'order_more' => $more, 'order_price' => $price, 'order_comment' => $comm, 'order_status' => $status, 'order_webstat' => $status);
if ($geoip) {
$data += $geoip;
}
if ($core->db->add(DB_ORDER, $data)) {
$id = $core->db->lastid();
if ($file) {
if (is_uploaded_file($file['tmp_name'])) {
$dot = strrpos($file['name'], '.');
$ext = strtolower(substr($file['name'], $dot + 1));
$name = $id . '-' . substr($core->text->link(substr($file['name'], 0, $dot)), 0, 90) . '.' . $ext;
$goodext = array('jpg', 'jpeg', 'gif', 'png', 'zip', 'rar', 'rar5', '7z', 'cdr', 'pdf', 'doc', 'docx', 'xls', 'xlsx', 'ppt', 'pptx');
if (in_array($ext, $goodext)) {
move_uploaded_file($file['tmp_name'], sprintf(FILENAME, $name));
$core->db->edit(DB_ORDER, array('order_file' => $name), "order_id = '{$id}'");
}
}
}
if ($exti && ($url = $core->wmsale->get('ext', $exti, 'url_new'))) {
if (preg_match_all('#\\{eval:\\[(.*?)\\]\\}#si', $url, $ems)) {
foreach ($ems[0] as $k => $v) {
$url = str_replace($v, eval($ems[1][$k]), $url);
}
}
$url = str_replace('{id}', $id, $url);
$url = str_replace('{uid}', $extu, $url);
$url = str_replace('{src}', $exts, $url);
$url = str_replace('{time}', time(), $url);
$url = str_replace('{price}', $price, $url);
$url = str_replace('{count}', $cnt, $url);
foreach ($offer as $k => $v) {
$url = str_replace("{offer:{$k}}", $v, $url);
}
$odata = $offer['offer_pars'] ? unserialize($offer['offer_pars']) : false;
if ($odata) {
foreach ($odata as $k => $v) {
$url = str_replace("{data:{$k}}", $v, $url);
}
}
curl($url);
}
// PostBack processing
if ($userid && ($pbu = $core->wmsale->get('flow', $flw, 'flow_pbu'))) {
$pbd = array('id' => $id, 'offer' => $oid, 'flow' => $flw, 'target' => $tgt, 'site' => $sid, 'space' => $spc, 'count' => $cnt, 'price' => $price, 'status' => ${$status});
foreach ($pbd as $pbk => $pbv) {
$pbu = str_replace('{' . $pbk . '}', $pbv, $pbu);
}
curl($pbu, $pbd);
}
return (int) $id;
} else {
return 'db';
}
} else {
return 'data';
}
}
<?php
if (isset($_SERVER['http_if_modified_since'])) {
header("Status: 304 Not Modified");
die;
}
header('Expires: ' . date('D, d-M-Y H:i:s \\U\\T\\C', time() + 3600 * 24 * 120));
//120 days
header('Last-Modified: ' . date('D, d-M-Y H:i:s \\U\\T\\C', time()));
if (!check_perms('users_view_ips')) {
die('Access denied.');
}
if (empty($_GET['ip'])) {
die("Invalid IP");
}
die(geoip($_GET['ip']));
$DB->query("UPDATE users_sessions SET IP='" . $_SERVER['REMOTE_ADDR'] . "', Browser='" . $Browser . "', OperatingSystem='" . $OperatingSystem . "', LastUpdate='" . sqltime() . "' WHERE UserID='{$LoggedUser['ID']}' AND SessionID='" . db_string($SessionID) . "'");
$Cache->begin_transaction('users_sessions_' . $UserID);
$Cache->delete_row($SessionID);
$Cache->insert_front($SessionID, array('SessionID' => $SessionID, 'Browser' => $Browser, 'OperatingSystem' => $OperatingSystem, 'IP' => $_SERVER['REMOTE_ADDR'], 'LastUpdate' => sqltime()));
$Cache->commit_transaction(0);
}
// IP changed
if ($LoggedUser['IP'] != $_SERVER['REMOTE_ADDR'] && !check_perms('site_disable_ip_history')) {
if (site_ban_ip($_SERVER['REMOTE_ADDR'])) {
error('Your IP has been banned.');
}
$CurIP = db_string($LoggedUser['IP']);
$NewIP = db_string($_SERVER['REMOTE_ADDR']);
$DB->query("UPDATE users_history_ips SET\n\t\t\t\tEndTime='" . sqltime() . "'\n\t\t\t\tWHERE EndTime IS NULL\n\t\t\t\tAND UserID='{$LoggedUser['ID']}'\n\t\t\t\tAND IP='{$CurIP}'");
$DB->query("INSERT IGNORE INTO users_history_ips\n\t\t\t\t(UserID, IP, StartTime) VALUES\n\t\t\t\t('{$LoggedUser['ID']}', '{$NewIP}', '" . sqltime() . "')");
$ipcc = geoip($NewIP);
$DB->query("UPDATE users_main SET IP='{$NewIP}', ipcc='" . $ipcc . "' WHERE ID='{$LoggedUser['ID']}'");
$Cache->begin_transaction('user_info_heavy_' . $LoggedUser['ID']);
$Cache->update_row(false, array('IP' => $_SERVER['REMOTE_ADDR']));
$Cache->commit_transaction(0);
// ASN/Country changed?
$Attributes = get_asn($_SERVER['REMOTE_ADDR']);
$ASN = $Attributes['asnum'];
$Country = $Attributes['country'];
$CIDR = $Attributes['cidr'];
if (!empty($ASN) && $LoggedUser['ASN'] != $ASN) {
$CurASN = db_string($LoggedUser['ASN']);
$NewASN = db_string($ASN);
/* if (!empty($CurASN) && !empty($NewASN)) {
send_irc("privmsg #watched :!mod ASN change? $CurASN -> $NewASN | http://musiceye.tv/user.php?id=$LoggedUser[ID] (".$LoggedUser['Username'].")");
}*/
