function support_add($core, $user, $type, $text) { // Check all the parameters $user = (int) $user; $type = $type ? 1 : 0; $text = $core->text->line($text); if (!($core->user->id && $text && $user)) { return false; } // Bad infoming data $iptext = $core->server['REMOTE_ADDR']; $ip = ip2int($iptext); $geoipdata = geoip($core, $iptext); if ($geoipdata) { if ($geoipdata['city']) { $geoip = $geoipdata['city']; } elseif ($geoipdata['region']) { $geoip = $geoipdata['region']; } elseif ($geoipdata['district']) { $geoip = $geoipdata['district']; } elseif ($geoipdata['country']) { $geoip = $geoipdata['country']; } else { $geoip = ''; } } else { $geoip = ''; } // Add new message to the list $sql = "INSERT INTO " . DB_SUPP . " SET supp_user = '******', user_id = '" . $core->user->id . "', user_name = '" . $core->user->name . "', supp_type = '{$type}', supp_time = '" . time() . "', supp_read = 0, supp_text = '{$text}', supp_ip = '{$ip}', supp_geo = '{$geoip}'"; if ($core->db->query($sql) && ($id = $core->db->lastid())) { // Count new messages in the list $cnt = $core->db->field("SELECT COUNT(*) FROM " . DB_SUPP . " WHERE supp_user = '******' AND supp_type = '{$type}' AND supp_read = 0"); $data = array('supp_last' => time(), 'supp_user' => $core->user->id, 'supp_name' => $core->user->name, 'supp_type' => $type, 'supp_notify' => 0); if ($type) { $data['supp_new'] = $cnt; } else { $data['supp_admin'] = $cnt; } $core->user->set($user, $data); return $id; } else { return false; } // Database error }
if (!$Err) { $Secret = make_secret(); $torrent_pass = make_secret(); //Previously SELECT COUNT(ID) FROM users_main, which is a lot slower. $DB->query("SELECT ID FROM users_main LIMIT 1"); $UserCount = $DB->record_count(); if ($UserCount == 0) { $NewInstall = true; $Class = SYSOP; $Enabled = '1'; } else { $NewInstall = false; $Class = USER; $Enabled = '0'; } $ipcc = geoip($_SERVER['REMOTE_ADDR']); $DB->query("INSERT INTO users_main \n\t\t\t\t(Username,Email,PassHash,Secret,IP,PermissionID,Enabled,Invites,ipcc) VALUES\n\t\t\t\t('" . db_string(trim($_POST['username'])) . "','" . db_string($_POST['email']) . "','" . db_string(make_hash($_POST['password'], $Secret)) . "','" . db_string($Secret) . "','" . db_string($_SERVER['REMOTE_ADDR']) . "','" . $Class . "','" . $Enabled . "','" . STARTING_INVITES . "', '{$ipcc}')"); $UserID = $DB->inserted_id(); //User created, delete invite. If things break after this point then it's better to have a broken account to fix, or a 'free' invite floating around that can be reused $DB->query("DELETE FROM invites WHERE InviteKey='" . db_string($_REQUEST['invite']) . "'"); $DB->query("SELECT ID FROM stylesheets WHERE `Default`='1'"); list($StyleID) = $DB->next_record(); $AuthKey = make_secret(); $DB->query("INSERT INTO users_info (UserID, StyleID,AuthKey, Inviter, JoinDate) VALUES ('{$UserID}','{$StyleID}','" . db_string($AuthKey) . "', '{$InviterID}', '" . sqltime() . "')"); $DB->query("INSERT INTO users_history_ips\n\t\t\t\t\t(UserID, IP, StartTime) VALUES\n\t\t\t\t\t('{$UserID}', '" . db_string($_SERVER['REMOTE_ADDR']) . "', '" . sqltime() . "')"); $DB->query("INSERT INTO users_history_emails\n\t\t\t\t(UserID, Email, Time, IP) VALUES \n\t\t\t\t('{$UserID}', '" . db_string($_REQUEST['email']) . "', '0000-00-00 00:00:00', '" . db_string($_SERVER['REMOTE_ADDR']) . "')"); if ($_REQUEST['email'] != $InviteEmail) { $DB->query("INSERT INTO users_history_emails\n\t\t\t\t\t(UserID, Email, Time, IP) VALUES \n\t\t\t\t\t('{$UserID}', '{$InviteEmail}', '" . sqltime() . "', '" . db_string($_SERVER['REMOTE_ADDR']) . "')"); } // Manage invite trees, delete invite if ($InviterID !== NULL) {
function notify ($Channel, $Message) { global $LoggedUser; send_irc("PRIVMSG ".$Channel." :".$Message." error by ".(!empty($LoggedUser['ID']) ? "http://".NONSSL_SITE_URL."/user.php?id=".$LoggedUser['ID'] ." (".$LoggedUser['Username'].")" : $_SERVER['REMOTE_ADDR']." (".geoip($_SERVER['REMOTE_ADDR']).")")." accessing http://".NONSSL_SITE_URL."".$_SERVER['REQUEST_URI'].(!empty($_SERVER['HTTP_REFERER'])? " from ".$_SERVER['HTTP_REFERER'] : '')); }
function neworder($core, $data, $file = false) { $sid = (int) $data['site']; $spc = (int) $data['from']; $fid = (int) $data['flow']; $oid = (int) $data['offer']; $tgt = (int) $data['target']; $iptext = $data['ip']; $ip = ip2int($iptext); $name = $data['name'] ? $core->text->line($data['name']) : 'Без Воображения'; $ind = (int) $data['index']; $area = $core->text->line($data['area']); $city = $core->text->line($data['city']); $street = $core->text->line($data['street']); $addr = $core->text->line($data['addr']); if ($addr == 'Уточнить по телефону') { $addr = ''; } if ($addr == 'Адрес узнать по телефону') { $addr = ''; } $comm = $core->text->line($data['comm']); $phone = (string) trim(preg_replace('#[^0-9]+#i', '', $data['phone'])); $pres = $data['present'] > 0 ? (int) $data['present'] : 0; $cnt = $data['count'] > 0 ? (int) $data['count'] : 1; $more = $data['more'] > 0 ? (int) $data['more'] : 0; $dsc = $data['discount'] > 0 && $data['discount'] < 100 ? (int) $data['discount'] : 0; $cntr = $data['country'] ? strtolower(substr($core->text->link($data['country']), 0, 2)) : false; $dlvr = $data['delivery'] > 0 ? (int) $data['delivery'] : 1; $exti = (int) $data['exti']; $extu = $exti ? preg_replace('#[^0-9A-Za-z\\_\\-\\.]+#i', '', $data['extu']) : 0; $exts = $exti ? preg_replace('#[^0-9A-Za-z\\_\\-\\.]+#i', '', $data['exts']) : 0; $utmi = (int) $data['utmi']; $utmc = (int) $data['utmc']; $utms = (int) $data['utms']; $items = is_array($data['items']) ? serialize($data['items']) : ''; $meta = $data['meta'] ? addslashes(serialize(unserialize(stripslashes($data['meta'])))) : ''; $addr1 = $core->text->line($data['addr1']); $addr2 = $core->text->line($data['addr2']); $addr3 = $core->text->line($data['addr3']); if ($addr1) { $addr .= ', ' . $addr1; } if ($addr2) { $addr .= ', ' . $addr2; } if ($addr3) { $addr .= ', ' . $addr3; } if (!($oid && ($offer = $core->wmsale->get('offer', $oid)))) { return 'offer'; } $site = $sid ? $core->wmsale->get('site', $sid) : false; $flow = $fid ? $core->wmsale->get('flow', $fid) : false; $ext = $exti ? $core->wmsale->get('ext', $exti) : false; $status = $data['status'] ? (int) $data['status'] : 1; if ($status == 1) { $status = $offer['offer_payment'] == 1 ? 0 : 1; } $userid = $flow ? $flow['user_id'] : ($ext ? $ext['user_id'] : false); if ($userid && $core->user->get($userid, 'user_ban')) { return 'security'; } if ($phone) { // Name and address $name = mb_ucwords($name); if (!$ind) { if (preg_match('#^([0-9]+)#i', $addr, $ind)) { $ind = $ind[1]; $ad = preg_split('#[\\s,\\.]+#i', $addr, 2); $addr = trim($ad[1], ' ,'); } else { $ind = ''; } } // Price, presents and discounts if ($data['items']) { $price = $cnt = 0; $vars = $core->wmsale->get('vars', $offer['offer_id']); foreach ($vars as &$v) { if ($data['items'][$v['var_id']]) { $cnt += $data['items'][$v['var_id']]; $price += $data['items'][$v['var_id']] * $v['var_price']; } } unset($v, $vars); } else { $price = $cnt * $offer['offer_price']; } if ($dsc) { $price = ceil($price * ((100 - $dsc) / 100)); } if ($pres) { $price += $core->lang['presentp'][$pres]; } if ($more) { $price += $more; } if ($offer['offer_delivery']) { $price += $core->lang['deliverp'][$dlvr]; } else { $dlvr = 0; } // GeoIP data $geoipdata = geoip($core, $iptext); if ($geoipdata) { $geoip = array('geoip_country' => $geoipdata['country'], 'geoip_city' => $geoipdata['city'], 'geoip_region' => $geoipdata['region'], 'geoip_district' => $geoipdata['district'], 'geoip_lat' => $geoipdata['lat'], 'geoip_lng' => $geoipdata['lng']); if (!$cntr) { $cntr = $geoip['geoip_country']; } if (!$addr && !$city) { $city = $geoip['geoip_city']; } if (!$addr && !$area) { $area = $geoip['geoip_region']; } } else { $geoip = false; } // Check IP and phone if ($phone[0] == '9' && strlen($phone) == 10) { $phone = '7' . $phone; } if (substr($phone, 0, 2) == '89') { $phone = '79' . substr($phone, 2); } if (substr($phone, 0, 2) == '99') { $phone = '79' . substr($phone, 2); } $pok = substr($phone, 0, 2) == '79' ? 1 : 0; // Check for bans $phs = $core->db->field("SELECT `status` FROM " . DB_BAN_PH . " WHERE `phone` = '{$phone}' LIMIT 1"); $ips = $core->db->field("SELECT `status` FROM " . DB_BAN_IP . " WHERE `ip` = '{$ip}' LIMIT 1"); if ($phs || $ips) { return 'ban'; } // Guess gender automatically $nc = new NCLNameCaseRu(); $gender = $nc->genderDetect($name) != NCL::$MAN ? 2 : 1; unset($nc); // Script based company guess $comp = 0; if ($offer['offer_script']) { $scr = explode("\n", $offer['offer_script']); foreach ($scr as $sc) { // Prepare script line to process $sc = trim($sc); if (!$sc) { continue; } // Get company for the script line if (preg_match('/#([0-9]+)/si', $sc, $ms)) { $cms = $ms[1]; } else { continue; } // Get type and ID to match if (preg_match('#([a-z]+)\\:([0-9]+)#si', $sc, $ms)) { $iid = $ms[2]; $iit = $ms[1]; if (!($iid && $iit)) { continue; } } else { continue; } // Match if it matches switch ($iit) { case 'user': if ($flow['user_id'] == $iid) { $comp = $cms; } break; case 'flow': if ($fid == $iid) { $comp = $cms; } break; case 'site': if ($sid == $iid) { $comp = $cms; } break; case 'space': if ($spc == $iid) { $comp = $cms; } break; case 'ext': if ($exti == $iid) { $comp = $cms; } break; case 'country': if ($cntr == $iid) { $comp = $cms; } break; } if ($comp) { break; } // If script worked OK } unset($sc, $scr); } if (!$comp) { if ($offer['offer_mr'] && !$site['site_comp']) { $ct = $core->db->field("SELECT comp_id FROM " . DB_ORDER . " WHERE order_time > '" . (time() - 604800) . "' AND ( order_phone = '{$phone}' OR order_ip = '{$ip}' ) ORDER BY order_id DESC LIMIT 1"); $mrt = unserialize($offer['offer_mrt']); if (!($ct && in_array($ct, $mrt))) { if ($mrt && ($ct = wrand($mrt))) { $comp = $ct; } else { $comp = $site['comp_id']; } } else { $comp = $ct; } } else { $comp = $site['comp_id']; } } $data = array('offer_id' => $oid, 'comp_id' => $comp, 'wm_id' => $userid, 'flow_id' => $fid, 'site_id' => $sid, 'space_id' => $spc, 'target_id' => $tgt, 'utm_id' => $utmi, 'utm_src' => $utms, 'utm_cn' => $utmc, 'ext_id' => $exti, 'ext_uid' => $extu, 'ext_src' => $exts, 'order_time' => time(), 'order_ip' => $ip, 'order_country' => $cntr, 'order_name' => $name, 'order_gender' => $gender, 'order_phone' => $phone, 'order_phone_ok' => $pok, 'order_index' => $ind, 'order_area' => $area, 'order_city' => $city, 'order_street' => $street, 'order_addr' => $addr, 'order_items' => $items, 'order_meta' => $meta, 'order_count' => $cnt, 'order_present' => $pres, 'order_discount' => $dsc, 'order_delivery' => $dlvr, 'order_more' => $more, 'order_price' => $price, 'order_comment' => $comm, 'order_status' => $status, 'order_webstat' => $status); if ($geoip) { $data += $geoip; } if ($core->db->add(DB_ORDER, $data)) { $id = $core->db->lastid(); if ($file) { if (is_uploaded_file($file['tmp_name'])) { $dot = strrpos($file['name'], '.'); $ext = strtolower(substr($file['name'], $dot + 1)); $name = $id . '-' . substr($core->text->link(substr($file['name'], 0, $dot)), 0, 90) . '.' . $ext; $goodext = array('jpg', 'jpeg', 'gif', 'png', 'zip', 'rar', 'rar5', '7z', 'cdr', 'pdf', 'doc', 'docx', 'xls', 'xlsx', 'ppt', 'pptx'); if (in_array($ext, $goodext)) { move_uploaded_file($file['tmp_name'], sprintf(FILENAME, $name)); $core->db->edit(DB_ORDER, array('order_file' => $name), "order_id = '{$id}'"); } } } if ($exti && ($url = $core->wmsale->get('ext', $exti, 'url_new'))) { if (preg_match_all('#\\{eval:\\[(.*?)\\]\\}#si', $url, $ems)) { foreach ($ems[0] as $k => $v) { $url = str_replace($v, eval($ems[1][$k]), $url); } } $url = str_replace('{id}', $id, $url); $url = str_replace('{uid}', $extu, $url); $url = str_replace('{src}', $exts, $url); $url = str_replace('{time}', time(), $url); $url = str_replace('{price}', $price, $url); $url = str_replace('{count}', $cnt, $url); foreach ($offer as $k => $v) { $url = str_replace("{offer:{$k}}", $v, $url); } $odata = $offer['offer_pars'] ? unserialize($offer['offer_pars']) : false; if ($odata) { foreach ($odata as $k => $v) { $url = str_replace("{data:{$k}}", $v, $url); } } curl($url); } // PostBack processing if ($userid && ($pbu = $core->wmsale->get('flow', $flw, 'flow_pbu'))) { $pbd = array('id' => $id, 'offer' => $oid, 'flow' => $flw, 'target' => $tgt, 'site' => $sid, 'space' => $spc, 'count' => $cnt, 'price' => $price, 'status' => ${$status}); foreach ($pbd as $pbk => $pbv) { $pbu = str_replace('{' . $pbk . '}', $pbv, $pbu); } curl($pbu, $pbd); } return (int) $id; } else { return 'db'; } } else { return 'data'; } }
<?php if (isset($_SERVER['http_if_modified_since'])) { header("Status: 304 Not Modified"); die; } header('Expires: ' . date('D, d-M-Y H:i:s \\U\\T\\C', time() + 3600 * 24 * 120)); //120 days header('Last-Modified: ' . date('D, d-M-Y H:i:s \\U\\T\\C', time())); if (!check_perms('users_view_ips')) { die('Access denied.'); } if (empty($_GET['ip'])) { die("Invalid IP"); } die(geoip($_GET['ip']));
$DB->query("UPDATE users_sessions SET IP='" . $_SERVER['REMOTE_ADDR'] . "', Browser='" . $Browser . "', OperatingSystem='" . $OperatingSystem . "', LastUpdate='" . sqltime() . "' WHERE UserID='{$LoggedUser['ID']}' AND SessionID='" . db_string($SessionID) . "'"); $Cache->begin_transaction('users_sessions_' . $UserID); $Cache->delete_row($SessionID); $Cache->insert_front($SessionID, array('SessionID' => $SessionID, 'Browser' => $Browser, 'OperatingSystem' => $OperatingSystem, 'IP' => $_SERVER['REMOTE_ADDR'], 'LastUpdate' => sqltime())); $Cache->commit_transaction(0); } // IP changed if ($LoggedUser['IP'] != $_SERVER['REMOTE_ADDR'] && !check_perms('site_disable_ip_history')) { if (site_ban_ip($_SERVER['REMOTE_ADDR'])) { error('Your IP has been banned.'); } $CurIP = db_string($LoggedUser['IP']); $NewIP = db_string($_SERVER['REMOTE_ADDR']); $DB->query("UPDATE users_history_ips SET\n\t\t\t\tEndTime='" . sqltime() . "'\n\t\t\t\tWHERE EndTime IS NULL\n\t\t\t\tAND UserID='{$LoggedUser['ID']}'\n\t\t\t\tAND IP='{$CurIP}'"); $DB->query("INSERT IGNORE INTO users_history_ips\n\t\t\t\t(UserID, IP, StartTime) VALUES\n\t\t\t\t('{$LoggedUser['ID']}', '{$NewIP}', '" . sqltime() . "')"); $ipcc = geoip($NewIP); $DB->query("UPDATE users_main SET IP='{$NewIP}', ipcc='" . $ipcc . "' WHERE ID='{$LoggedUser['ID']}'"); $Cache->begin_transaction('user_info_heavy_' . $LoggedUser['ID']); $Cache->update_row(false, array('IP' => $_SERVER['REMOTE_ADDR'])); $Cache->commit_transaction(0); // ASN/Country changed? $Attributes = get_asn($_SERVER['REMOTE_ADDR']); $ASN = $Attributes['asnum']; $Country = $Attributes['country']; $CIDR = $Attributes['cidr']; if (!empty($ASN) && $LoggedUser['ASN'] != $ASN) { $CurASN = db_string($LoggedUser['ASN']); $NewASN = db_string($ASN); /* if (!empty($CurASN) && !empty($NewASN)) { send_irc("privmsg #watched :!mod ASN change? $CurASN -> $NewASN | http://musiceye.tv/user.php?id=$LoggedUser[ID] (".$LoggedUser['Username'].")"); }*/