private function rememberMeLogin() { global $db, $_COOKIE, $DBPrefix, $_SESSION; if (!$this->logged_in && isset($_COOKIE['WEBID_RM_ID'])) { $query = "SELECT userid FROM " . $DBPrefix . "rememberme WHERE hashkey = :RM_ID"; $params = array(); $params[] = array(':RM_ID', alphanumeric($_COOKIE['WEBID_RM_ID']), 'str'); $db->query($query, $params); if ($db->numrows() > 0) { // generate a random unguessable token $_SESSION['csrftoken'] = md5(uniqid(rand(), true)); $id = $db->result('userid'); $query = "SELECT * FROM " . $DBPrefix . "users WHERE id = :user_id"; $params = array(); $params[] = array(':user_id', $id, 'int'); $db->query($query, $params); if ($db->numrows() > 0) { $user_data = $db->result(); $this->user_data = $user_data; $_SESSION['WEBID_LOGGED_IN'] = $id; $_SESSION['WEBID_LOGGED_NUMBER'] = strspn($user_data['password'], $user_data['hash']); $_SESSION['WEBID_LOGGED_PASS'] = $user_data['password']; $this->logged_in = true; return true; } } } return false; }
function load_counters() { global $system, $DBPrefix, $MSG, $_COOKIE, $user, $db; $query = "SELECT * FROM " . $DBPrefix . "counters"; $db->direct_query($query); $counter_data = $db->result(); $counters = ''; if ($system->SETTINGS['counter_auctions'] == 'y') { $counters .= '<b>' . $counter_data['auctions'] . '</b> ' . strtoupper($MSG['232']) . '| '; } if ($system->SETTINGS['counter_users'] == 'y') { $counters .= '<b>' . $counter_data['users'] . '</b> ' . strtoupper($MSG['231']) . ' | '; } if ($system->SETTINGS['counter_online'] == 'y') { if (!$user->logged_in) { if (!isset($_COOKIE['WEBID_ONLINE'])) { $s = md5(rand(0, 99) . session_id()); setcookie('WEBID_ONLINE', $s, time() + 900); } else { $s = alphanumeric($_COOKIE['WEBID_ONLINE']); setcookie('WEBID_ONLINE', $s, time() + 900); } } else { $s = 'uId-' . $user->user_data['id']; } $uxtime = time(); $query = "SELECT ID FROM " . $DBPrefix . "online WHERE SESSION = :user"; $params = array(); $params[] = array(':user', $s, 'str'); $db->query($query, $params); if ($db->numrows() == 0) { $query = "INSERT INTO " . $DBPrefix . "online (SESSION, time) VALUES (:user, :timer)"; $params = array(); $params[] = array(':user', $s, 'str'); $params[] = array(':timer', $uxtime, 'int'); $db->query($query, $params); } else { $oID = $db->result('ID'); $query = "UPDATE " . $DBPrefix . "online SET time = :timer WHERE ID = :online_id"; $params = array(); $params[] = array(':timer', $uxtime, 'int'); $params[] = array(':online_id', $oID, 'int'); $db->query($query, $params); } $deltime = $uxtime - 900; $query = "DELETE from " . $DBPrefix . "online WHERE time <= :timer"; $params = array(); $params[] = array(':timer', $deltime, 'int'); $db->query($query, $params); $query = "SELECT id FROM " . $DBPrefix . "online"; $db->direct_query($query); $count15min = $db->numrows('id'); $counters .= '<b>' . $count15min . '</b> ' . $MSG['2__0064'] . ' | '; } // Display current Date/Time $mth = 'MON_0' . date('m', $system->ctime); $date = $MSG[$mth] . date(' j, Y', $system->ctime); $counters .= $date . ' <span id="servertime">' . date('H:i:s', $system->ctime) . '</span>'; return $counters; }
<?php /*************************************************************************** * copyright : (C) 2008 - 2015 WeBid * site : http://www.webidsupport.com/ ***************************************************************************/ /*************************************************************************** * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. Although none of the code may be * sold. If you have been sold this script, get a refund. ***************************************************************************/ include 'common.php'; $query = "DELETE from " . $DBPrefix . "online WHERE SESSION = :session"; $params = array(); $params[] = array(':session', 'uId-' . $_SESSION['WEBID_LOGGED_IN'], 'str'); $db->query($query, $params); unset($_SESSION['WEBID_LOGGED_IN'], $_SESSION['WEBID_LOGGED_NUMBER'], $_SESSION['WEBID_LOGGED_PASS']); if (isset($_COOKIE['WEBID_RM_ID'])) { $query = "DELETE FROM " . $DBPrefix . "rememberme WHERE hashkey = :hashkey"; $params = array(); $params[] = array(':hashkey', alphanumeric($_COOKIE['WEBID_RM_ID']), 'str'); $db->query($query, $params); setcookie('WEBID_RM_ID', '', time() - 3600); } header('location: index.php'); exit;
<?php /*************************************************************************** * copyright : (C) 2008 - 2016 WeBid * site : http://www.webidsupport.com/ ***************************************************************************/ /*************************************************************************** * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. Although none of the code may be * sold. If you have been sold this script, get a refund. ***************************************************************************/ include 'common.php'; include INCLUDE_PATH . 'functions_ajax.php'; $do = alphanumeric($_GET['do']); switch ($do) { case 'uploadaucimages': upload_images(); break; case 'getupldtable': getupldtable(); break; }
$params = array(); $params[] = array(':user_ip', $_SERVER['REMOTE_ADDR'], 'str'); $params[] = array(':user_id', $user_data['id'], 'int'); $db->query($query, $params); if ($db->numrows() == 0) { $query = "INSERT INTO " . $DBPrefix . "usersips VALUES\n\t\t\t\t\t\t(NULL, :user_id, :user_ip, 'after','accept')"; $params = array(); $params[] = array(':user_ip', $_SERVER['REMOTE_ADDR'], 'str'); $params[] = array(':user_id', $user_data['id'], 'int'); $db->query($query, $params); } // delete your old session if (isset($_COOKIE['WEBID_ONLINE'])) { $query = "DELETE from " . $DBPrefix . "online WHERE SESSION = :SESSION"; $params = array(); $params[] = array(':SESSION', alphanumeric($_COOKIE['WEBID_ONLINE']), 'str'); $db->query($query, $params); } if (in_array($user_data['suspended'], array(5, 6, 7))) { header('location: message.php'); exit; } if (isset($_SESSION['REDIRECT_AFTER_LOGIN'])) { $URL = str_replace('\\r', '', str_replace('\\n', '', $_SESSION['REDIRECT_AFTER_LOGIN'])); unset($_SESSION['REDIRECT_AFTER_LOGIN']); } else { $URL = 'user_menu.php'; } header('location: ' . $URL); exit; }
function load_counters() { global $system, $DBPrefix, $MSG, $_COOKIE, $user; $query = "SELECT * FROM " . $DBPrefix . "counters"; $res = mysql_query($query); $system->check_mysql($res, $query, __LINE__, __FILE__); $counter_data = mysql_fetch_assoc($res); $counters = ''; if ($system->SETTINGS['counter_auctions'] == 'y') { $counters .= '<b>' . $counter_data['auctions'] . '</b> ' . strtoupper($MSG['232']) . '| '; } if ($system->SETTINGS['counter_users'] == 'y') { $counters .= '<b>' . $counter_data['users'] . '</b> ' . strtoupper($MSG['231']) . ' | '; } if ($system->SETTINGS['counter_online'] == 'y') { if (!$user->logged_in) { if (!isset($_COOKIE['WEBID_ONLINE'])) { $s = md5(rand(0, 99) . session_id()); setcookie('WEBID_ONLINE', $s, time() + 900); } else { $s = alphanumeric($_COOKIE['WEBID_ONLINE']); setcookie('WEBID_ONLINE', $s, time() + 900); } } else { $s = 'uId-' . $user->user_data['id']; } $uxtime = time(); $query = "SELECT id FROM " . $DBPrefix . "online WHERE SESSION = '{$s}'"; $res = mysql_query($query); $system->check_mysql($res, $query, __LINE__, __FILE__); if (mysql_num_rows($res) == 0) { $query = "INSERT INTO " . $DBPrefix . "online (SESSION, time) VALUES ('{$s}', " . $uxtime . ")"; $system->check_mysql(mysql_query($query), $query, __LINE__, __FILE__); } else { $oID = mysql_result($res, 0, 'ID'); $query = "UPDATE " . $DBPrefix . "online SET time = " . $uxtime . " WHERE ID = '{$oID}'"; $system->check_mysql(mysql_query($query), $query, __LINE__, __FILE__); } $deltime = $uxtime - 900; $query = "DELETE from " . $DBPrefix . "online WHERE time < " . $deltime; $system->check_mysql(mysql_query($query), $query, __LINE__, __FILE__); $query = "SELECT * FROM " . $DBPrefix . "online"; $res = mysql_query($query); $system->check_mysql($res, $query, __LINE__, __FILE__); $count15min = mysql_num_rows($res); $counters .= '<b>' . $count15min . '</b> ' . $MSG['2__0064'] . ' | '; } // Display current Date/Time $mth = 'MON_0' . date('m', $system->ctime); $date = $MSG[$mth] . date(' j, Y', $system->ctime); $counters .= $date . ' <span id="servertime">' . date('H:i:s', $system->ctime) . '</span>'; return $counters; }