private function rememberMeLogin()
{
global $db, $_COOKIE, $DBPrefix, $_SESSION;
if (!$this->logged_in && isset($_COOKIE['WEBID_RM_ID'])) {
$query = "SELECT userid FROM " . $DBPrefix . "rememberme WHERE hashkey = :RM_ID";
$params = array();
$params[] = array(':RM_ID', alphanumeric($_COOKIE['WEBID_RM_ID']), 'str');
$db->query($query, $params);
if ($db->numrows() > 0) {
// generate a random unguessable token
$_SESSION['csrftoken'] = md5(uniqid(rand(), true));
$id = $db->result('userid');
$query = "SELECT * FROM " . $DBPrefix . "users WHERE id = :user_id";
$params = array();
$params[] = array(':user_id', $id, 'int');
$db->query($query, $params);
if ($db->numrows() > 0) {
$user_data = $db->result();
$this->user_data = $user_data;
$_SESSION['WEBID_LOGGED_IN'] = $id;
$_SESSION['WEBID_LOGGED_NUMBER'] = strspn($user_data['password'], $user_data['hash']);
$_SESSION['WEBID_LOGGED_PASS'] = $user_data['password'];
$this->logged_in = true;
return true;
}
}
}
return false;
}
function load_counters()
{
global $system, $DBPrefix, $MSG, $_COOKIE, $user, $db;
$query = "SELECT * FROM " . $DBPrefix . "counters";
$db->direct_query($query);
$counter_data = $db->result();
$counters = '';
if ($system->SETTINGS['counter_auctions'] == 'y') {
$counters .= '<b>' . $counter_data['auctions'] . '</b> ' . strtoupper($MSG['232']) . '| ';
}
if ($system->SETTINGS['counter_users'] == 'y') {
$counters .= '<b>' . $counter_data['users'] . '</b> ' . strtoupper($MSG['231']) . ' | ';
}
if ($system->SETTINGS['counter_online'] == 'y') {
if (!$user->logged_in) {
if (!isset($_COOKIE['WEBID_ONLINE'])) {
$s = md5(rand(0, 99) . session_id());
setcookie('WEBID_ONLINE', $s, time() + 900);
} else {
$s = alphanumeric($_COOKIE['WEBID_ONLINE']);
setcookie('WEBID_ONLINE', $s, time() + 900);
}
} else {
$s = 'uId-' . $user->user_data['id'];
}
$uxtime = time();
$query = "SELECT ID FROM " . $DBPrefix . "online WHERE SESSION = :user";
$params = array();
$params[] = array(':user', $s, 'str');
$db->query($query, $params);
if ($db->numrows() == 0) {
$query = "INSERT INTO " . $DBPrefix . "online (SESSION, time) VALUES (:user, :timer)";
$params = array();
$params[] = array(':user', $s, 'str');
$params[] = array(':timer', $uxtime, 'int');
$db->query($query, $params);
} else {
$oID = $db->result('ID');
$query = "UPDATE " . $DBPrefix . "online SET time = :timer WHERE ID = :online_id";
$params = array();
$params[] = array(':timer', $uxtime, 'int');
$params[] = array(':online_id', $oID, 'int');
$db->query($query, $params);
}
$deltime = $uxtime - 900;
$query = "DELETE from " . $DBPrefix . "online WHERE time <= :timer";
$params = array();
$params[] = array(':timer', $deltime, 'int');
$db->query($query, $params);
$query = "SELECT id FROM " . $DBPrefix . "online";
$db->direct_query($query);
$count15min = $db->numrows('id');
$counters .= '<b>' . $count15min . '</b> ' . $MSG['2__0064'] . ' | ';
}
// Display current Date/Time
$mth = 'MON_0' . date('m', $system->ctime);
$date = $MSG[$mth] . date(' j, Y', $system->ctime);
$counters .= $date . ' <span id="servertime">' . date('H:i:s', $system->ctime) . '</span>';
return $counters;
}
<?php
/***************************************************************************
* copyright : (C) 2008 - 2015 WeBid
* site : http://www.webidsupport.com/
***************************************************************************/
/***************************************************************************
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version. Although none of the code may be
* sold. If you have been sold this script, get a refund.
***************************************************************************/
include 'common.php';
$query = "DELETE from " . $DBPrefix . "online WHERE SESSION = :session";
$params = array();
$params[] = array(':session', 'uId-' . $_SESSION['WEBID_LOGGED_IN'], 'str');
$db->query($query, $params);
unset($_SESSION['WEBID_LOGGED_IN'], $_SESSION['WEBID_LOGGED_NUMBER'], $_SESSION['WEBID_LOGGED_PASS']);
if (isset($_COOKIE['WEBID_RM_ID'])) {
$query = "DELETE FROM " . $DBPrefix . "rememberme WHERE hashkey = :hashkey";
$params = array();
$params[] = array(':hashkey', alphanumeric($_COOKIE['WEBID_RM_ID']), 'str');
$db->query($query, $params);
setcookie('WEBID_RM_ID', '', time() - 3600);
}
header('location: index.php');
exit;
<?php
/***************************************************************************
* copyright : (C) 2008 - 2016 WeBid
* site : http://www.webidsupport.com/
***************************************************************************/
/***************************************************************************
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version. Although none of the code may be
* sold. If you have been sold this script, get a refund.
***************************************************************************/
include 'common.php';
include INCLUDE_PATH . 'functions_ajax.php';
$do = alphanumeric($_GET['do']);
switch ($do) {
case 'uploadaucimages':
upload_images();
break;
case 'getupldtable':
getupldtable();
break;
}
$params = array();
$params[] = array(':user_ip', $_SERVER['REMOTE_ADDR'], 'str');
$params[] = array(':user_id', $user_data['id'], 'int');
$db->query($query, $params);
if ($db->numrows() == 0) {
$query = "INSERT INTO " . $DBPrefix . "usersips VALUES\n\t\t\t\t\t\t(NULL, :user_id, :user_ip, 'after','accept')";
$params = array();
$params[] = array(':user_ip', $_SERVER['REMOTE_ADDR'], 'str');
$params[] = array(':user_id', $user_data['id'], 'int');
$db->query($query, $params);
}
// delete your old session
if (isset($_COOKIE['WEBID_ONLINE'])) {
$query = "DELETE from " . $DBPrefix . "online WHERE SESSION = :SESSION";
$params = array();
$params[] = array(':SESSION', alphanumeric($_COOKIE['WEBID_ONLINE']), 'str');
$db->query($query, $params);
}
if (in_array($user_data['suspended'], array(5, 6, 7))) {
header('location: message.php');
exit;
}
if (isset($_SESSION['REDIRECT_AFTER_LOGIN'])) {
$URL = str_replace('\\r', '', str_replace('\\n', '', $_SESSION['REDIRECT_AFTER_LOGIN']));
unset($_SESSION['REDIRECT_AFTER_LOGIN']);
} else {
$URL = 'user_menu.php';
}
header('location: ' . $URL);
exit;
}
function load_counters()
{
global $system, $DBPrefix, $MSG, $_COOKIE, $user;
$query = "SELECT * FROM " . $DBPrefix . "counters";
$res = mysql_query($query);
$system->check_mysql($res, $query, __LINE__, __FILE__);
$counter_data = mysql_fetch_assoc($res);
$counters = '';
if ($system->SETTINGS['counter_auctions'] == 'y') {
$counters .= '<b>' . $counter_data['auctions'] . '</b> ' . strtoupper($MSG['232']) . '| ';
}
if ($system->SETTINGS['counter_users'] == 'y') {
$counters .= '<b>' . $counter_data['users'] . '</b> ' . strtoupper($MSG['231']) . ' | ';
}
if ($system->SETTINGS['counter_online'] == 'y') {
if (!$user->logged_in) {
if (!isset($_COOKIE['WEBID_ONLINE'])) {
$s = md5(rand(0, 99) . session_id());
setcookie('WEBID_ONLINE', $s, time() + 900);
} else {
$s = alphanumeric($_COOKIE['WEBID_ONLINE']);
setcookie('WEBID_ONLINE', $s, time() + 900);
}
} else {
$s = 'uId-' . $user->user_data['id'];
}
$uxtime = time();
$query = "SELECT id FROM " . $DBPrefix . "online WHERE SESSION = '{$s}'";
$res = mysql_query($query);
$system->check_mysql($res, $query, __LINE__, __FILE__);
if (mysql_num_rows($res) == 0) {
$query = "INSERT INTO " . $DBPrefix . "online (SESSION, time) VALUES ('{$s}', " . $uxtime . ")";
$system->check_mysql(mysql_query($query), $query, __LINE__, __FILE__);
} else {
$oID = mysql_result($res, 0, 'ID');
$query = "UPDATE " . $DBPrefix . "online SET time = " . $uxtime . " WHERE ID = '{$oID}'";
$system->check_mysql(mysql_query($query), $query, __LINE__, __FILE__);
}
$deltime = $uxtime - 900;
$query = "DELETE from " . $DBPrefix . "online WHERE time < " . $deltime;
$system->check_mysql(mysql_query($query), $query, __LINE__, __FILE__);
$query = "SELECT * FROM " . $DBPrefix . "online";
$res = mysql_query($query);
$system->check_mysql($res, $query, __LINE__, __FILE__);
$count15min = mysql_num_rows($res);
$counters .= '<b>' . $count15min . '</b> ' . $MSG['2__0064'] . ' | ';
}
// Display current Date/Time
$mth = 'MON_0' . date('m', $system->ctime);
$date = $MSG[$mth] . date(' j, Y', $system->ctime);
$counters .= $date . ' <span id="servertime">' . date('H:i:s', $system->ctime) . '</span>';
return $counters;
}
