function userlogin()
{
    global $INSTALLER09, $mc1, $CURBLOCK, $mood, $whereis, $CURUSER;
    unset($GLOBALS["CURUSER"]);
    $dt = TIME_NOW;
    $ip = getip();
    $nip = ip2long($ip);
    $ipf = $_SERVER['REMOTE_ADDR'];
    if (isset($CURUSER)) {
        return;
    }
    if (!$INSTALLER09['site_online'] || !get_mycookie('uid') || !get_mycookie('pass') || !get_mycookie('hashv')) {
        return;
    }
    $id = (int) get_mycookie('uid');
    if (!$id or strlen(get_mycookie('pass')) != 32 or get_mycookie('hashv') != hashit($id, get_mycookie('pass'))) {
        return;
    }
    // let's cache $CURUSER - pdq - *Updated*
    if (($row = $mc1->get_value('MyUser_' . $id)) === false) {
        // $row not found
        $user_fields_ar_int = array('id', 'added', 'last_login', 'last_access', 'curr_ann_last_check', 'curr_ann_id', 'stylesheet', 'class', 'override_class', 'language', 'av_w', 'av_h', 'country', 'warned', 'torrentsperpage', 'topicsperpage', 'postsperpage', 'reputation', 'dst_in_use', 'auto_correct_dst', 'chatpost', 'smile_until', 'vip_until', 'freeslots', 'free_switch', 'reputation', 'invites', 'invitedby', 'uploadpos', 'forumpost', 'downloadpos', 'immunity', 'leechwarn', 'last_browse', 'sig_w', 'sig_h', 'forum_access', 'hit_and_run_total', 'donoruntil', 'donated', 'vipclass_before', 'passhint', 'avatarpos', 'sendpmpos', 'invitedate', 'anonymous_until', 'pirate', 'king', 'ssluse', 'paranoia', 'parked_until', 'bjwins', 'bjlosses', 'irctotal', 'last_access_numb', 'onlinetime', 'hits', 'comments', 'categorie_icon', 'perms', 'mood', 'pms_per_page', 'watched_user', 'game_access', 'opt1', 'opt2', 'can_leech', 'wait_time', 'torrents_limit', 'peers_limit', 'torrent_pass_version');
        $user_fields_ar_float = array('time_offset', 'total_donated');
        $user_fields_ar_str = array('username', 'passhash', 'secret', 'torrent_pass', 'email', 'status', 'editsecret', 'privacy', 'info', 'acceptpms', 'ip', 'avatar', 'title', 'notifs', 'enabled', 'donor', 'deletepms', 'savepms', 'show_shout', 'show_staffshout', 'shoutboxbg', 'vip_added', 'invite_rights', 'anonymous', 'disable_reason', 'clear_new_tag_manually', 'signatures', 'signature', 'highspeed', 'hnrwarn', 'parked', 'hintanswer', 'support', 'supportfor', 'invitees', 'invite_on', 'subscription_pm', 'gender', 'viewscloud', 'tenpercent', 'avatars', 'offavatar', 'hidecur', 'signature_post', 'forum_post', 'avatar_rights', 'offensive_avatar', 'view_offensive_avatar', 'google_talk', 'msn', 'aim', 'yahoo', 'website', 'icq', 'show_email', 'gotgift', 'hash1', 'suspended', 'warn_reason', 'onirc', 'birthday', 'got_blocks', 'pm_on_delete', 'commentpm', 'split', 'browser', 'got_moods', 'show_pm_avatar', 'watched_user_reason', 'staff_notes', 'where_is', 'forum_sort', 'browse_icons');
        $user_fields = implode(', ', array_merge($user_fields_ar_int, $user_fields_ar_float, $user_fields_ar_str));
        $res = sql_query("SELECT " . $user_fields . " " . "FROM users " . "WHERE id = " . sqlesc($id) . " " . "AND enabled='yes' " . "AND status = 'confirmed'") or sqlerr(__FILE__, __LINE__);
        if (mysqli_num_rows($res) == 0) {
            $salty = md5("Th15T3xtis5add3dto66uddy6he@water..." . $row['username'] . "");
            header("Location: {$INSTALLER09['baseurl']}/logout.php?hash_please={$salty}");
            //die;
            return;
        }
        $row = mysqli_fetch_assoc($res);
        foreach ($user_fields_ar_int as $i) {
            $row[$i] = (int) $row[$i];
        }
        foreach ($user_fields_ar_float as $i) {
            $row[$i] = (double) $row[$i];
        }
        foreach ($user_fields_ar_str as $i) {
            $row[$i] = $row[$i];
        }
        $mc1->cache_value('MyUser_' . $id, $row, $INSTALLER09['expires']['curuser']);
        unset($res);
    }
    //==
    if (get_mycookie('pass') !== md5($row["passhash"] . $_SERVER["REMOTE_ADDR"])) {
        $salty = md5("Th15T3xtis5add3dto66uddy6he@water..." . $row['username'] . "");
        header("Location: {$INSTALLER09['baseurl']}/logout.php?hash_please={$salty}");
        //die;
        return;
    }
    // bans by djGrrr <3 pdq
    if (!isset($row['perms']) || !($row['perms'] & bt_options::PERMS_BYPASS_BAN)) {
        $banned = false;
        if (check_bans($ip, $reason)) {
            $banned = true;
        } else {
            if ($ip != $ipf) {
                if (check_bans($ipf, $reason)) {
                    $banned = true;
                }
            }
        }
        if ($banned) {
            header('Content-Type: text/html; charset=utf-8');
            echo '<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
      <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"><head>
      <title>Forbidden</title>
      </head><body>
      <h1>403 Forbidden</h1>Unauthorized IP address!
      <p>Reason: <strong>' . htmlsafechars($reason) . '</strong></p>
      </body></html>';
            die;
        }
    }
    // Allowed staff
    if ($row["class"] >= UC_STAFF) {
        $allowed_ID = $INSTALLER09['allowed_staff']['id'];
        if (!in_array((int) $row["id"], $allowed_ID, true)) {
            $msg = "Fake Account Detected: Username: "******"username"]) . " - UserID: " . (int) $row["id"] . " - UserIP : " . getip();
            // Demote and disable
            sql_query("UPDATE users SET enabled = 'no', class = 0 WHERE id =" . sqlesc($row["id"])) or sqlerr(__FILE__, __LINE__);
            $mc1->begin_transaction('MyUser_' . $row['id']);
            $mc1->update_row(false, array('enabled' => 'no', 'class' => 0));
            $mc1->commit_transaction($INSTALLER09['expires']['curuser']);
            $mc1->begin_transaction('user' . $row['id']);
            $mc1->update_row(false, array('enabled' => 'no', 'class' => 0));
            $mc1->commit_transaction($INSTALLER09['expires']['user_cache']);
            write_log($msg);
            $salty = md5("Th15T3xtis5add3dto66uddy6he@water..." . $row['username'] . "");
            header("Location: {$INSTALLER09['baseurl']}/logout.php?hash_please={$salty}");
            die;
        }
    }
    // user stats - *Updated*
    $What_Cache = XBT_TRACKER == true ? 'userstats_xbt_' : 'userstats_';
    if (($stats = $mc1->get_value($What_Cache . $id)) === false) {
        $What_Expire = XBT_TRACKER == true ? $INSTALLER09['expires']['u_stats_xbt'] : $INSTALLER09['expires']['u_stats'];
        $stats_fields_ar_int = array('uploaded', 'downloaded');
        $stats_fields_ar_float = array('seedbonus');
        $stats_fields_ar_str = array('modcomment', 'bonuscomment');
        $stats_fields = implode(', ', array_merge($stats_fields_ar_int, $stats_fields_ar_float, $stats_fields_ar_str));
        $s = sql_query("SELECT " . $stats_fields . " FROM users WHERE id=" . sqlesc($id)) or sqlerr(__FILE__, __LINE__);
        $stats = mysqli_fetch_assoc($s);
        foreach ($stats_fields_ar_int as $i) {
            $stats[$i] = (int) $stats[$i];
        }
        foreach ($stats_fields_ar_float as $i) {
            $stats[$i] = (double) $stats[$i];
        }
        foreach ($stats_fields_ar_str as $i) {
            $stats[$i] = $stats[$i];
        }
        $mc1->cache_value($What_Cache . $id, $stats, $What_Expire);
    }
    $row['seedbonus'] = $stats['seedbonus'];
    $row['uploaded'] = $stats['uploaded'];
    $row['downloaded'] = $stats['downloaded'];
    //==
    if (($ustatus = $mc1->get_value('userstatus_' . $id)) === false) {
        $sql2 = sql_query('SELECT * FROM ustatus WHERE userid = ' . sqlesc($id));
        if (mysqli_num_rows($sql2)) {
            $ustatus = mysqli_fetch_assoc($sql2);
        } else {
            $ustatus = array('last_status' => '', 'last_update' => 0, 'archive' => '');
        }
        $mc1->add_value('userstatus_' . $id, $ustatus, $INSTALLER09['expires']['u_status']);
        // 30 days
    }
    $row['last_status'] = $ustatus['last_status'];
    $row['last_update'] = $ustatus['last_update'];
    $row['archive'] = $ustatus['archive'];
    //==
    if ($row['ssluse'] > 1 && !isset($_SERVER['HTTPS']) && !defined('NO_FORCE_SSL')) {
        $INSTALLER09['baseurl'] = str_replace('http', 'https', $INSTALLER09['baseurl']);
        header('Location: ' . $INSTALLER09['baseurl'] . $_SERVER['REQUEST_URI']);
        exit;
    }
    // bitwise curuser bloks by pdq
    $blocks_key = 'blocks::' . $row['id'];
    if (($CURBLOCK = $mc1->get_value($blocks_key)) === false) {
        $c_sql = sql_query('SELECT * FROM user_blocks WHERE userid = ' . sqlesc($row['id'])) or sqlerr(__FILE__, __LINE__);
        if (mysqli_num_rows($c_sql) == 0) {
            sql_query('INSERT INTO user_blocks(userid) VALUES(' . sqlesc($row['id']) . ')');
            header('Location: index.php');
            die;
        }
        $CURBLOCK = mysqli_fetch_assoc($c_sql);
        $CURBLOCK['index_page'] = (int) $CURBLOCK['index_page'];
        $CURBLOCK['global_stdhead'] = (int) $CURBLOCK['global_stdhead'];
        $CURBLOCK['userdetails_page'] = (int) $CURBLOCK['userdetails_page'];
        $mc1->cache_value($blocks_key, $CURBLOCK, 0);
    }
    //== where is by putyn
    $where_is['username'] = htmlsafechars($row['username']);
    $whereis_array = array('index' => '%s is viewing the <a href="%s">home page</a>', 'browse' => '%s is viewing the <a href="%s">torrents page</a>', 'requests' => '%s is viewing the <a href="%s">requests page</a>', 'upload' => '%s is viewing the <a href="%s">upload page</a>', 'casino' => '%s is viewing the <a href="%s">casino page</a>', 'blackjack' => '%s is viewing the <a href="%s">blackjack page</a>', 'bet' => '%s is viewing the <a href="%s">bet page</a>', 'forums' => '%s is viewing the <a href="%s">forums page</a>', 'chat' => '%s is viewing the <a href="%s">irc page</a>', 'topten' => '%s is viewing the <a href="%s">statistics page</a>', 'faq' => '%s is viewing the <a href="%s">faq page</a>', 'rules' => '%s is viewing the <a href="%s">rules page</a>', 'staff' => '%s is viewing the <a href="%s">staff page</a>', 'announcement' => '%s is viewing the <a href="%s">announcements page</a>', 'usercp' => '%s is viewing the <a href="%s">usercp page</a>', 'offers' => '%s is viewing the <a href="%s">offers page</a>', 'pm_system' => '%s is viewing the <a href="%s">mailbox page</a>', 'userdetails' => '%s is viewing the <a href="%s">personal profile page</a>', 'details' => '%s is viewing the <a href="%s">torrents details page</a>', 'unknown' => '%s location is unknown');
    if (preg_match('/\\/(.*?)\\.php/is', $_SERVER['REQUEST_URI'], $whereis_temp)) {
        if (isset($whereis_array[$whereis_temp[1]])) {
            $whereis = sprintf($whereis_array[$whereis_temp[1]], $where_is['username'], htmlsafechars($_SERVER['REQUEST_URI']));
        } else {
            $whereis = sprintf($whereis_array['unknown'], $where_is['username']);
        }
    } else {
        $whereis = sprintf($whereis_array['unknown'], $where_is['username']);
    }
    //== online time pdq, original code by superman
    $userupdate0 = 'onlinetime = onlinetime + 0';
    $new_time = TIME_NOW - $row['last_access_numb'];
    $update_time = 0;
    if ($new_time < 300) {
        $userupdate0 = "onlinetime = onlinetime + " . $new_time;
        $update_time = $new_time;
    }
    $userupdate1 = "last_access_numb = " . TIME_NOW;
    //end online-time
    $update_time = $row['onlinetime'] + $update_time;
    //ip=".sqlesc($ip).", OR $row['ip'] !== $ip OR $row['ip'] == '', 'ip' => $ip,
    if ($row['last_access'] != '0' and $row['last_access'] < TIME_NOW - 180) {
        sql_query("UPDATE users SET where_is =" . sqlesc($whereis) . ", last_access=" . TIME_NOW . ", {$userupdate0}, {$userupdate1} WHERE id=" . sqlesc($row['id']));
        $mc1->begin_transaction('MyUser_' . $row['id']);
        $mc1->update_row(false, array('last_access' => TIME_NOW, 'onlinetime' => $update_time, 'last_access_numb' => TIME_NOW, 'where_is' => $whereis));
        $mc1->commit_transaction($INSTALLER09['expires']['curuser']);
        $mc1->begin_transaction('user' . $row['id']);
        $mc1->update_row(false, array('last_access' => TIME_NOW, 'onlinetime' => $update_time, 'last_access_numb' => TIME_NOW, 'where_is' => $whereis));
        $mc1->commit_transaction($INSTALLER09['expires']['user_cache']);
    }
    //==
    if ($row['override_class'] < $row['class']) {
        $row['class'] = $row['override_class'];
    }
    // Override class and save in GLOBAL array below.
    $GLOBALS["CURUSER"] = $row;
    get_template();
    $mood = create_moods();
}
Example #2
0
function userlogin()
{
    global $TBDEV;
    unset($GLOBALS["CURUSER"]);
    $ip = getip();
    $nip = ip2long($ip);
    require_once "cache/bans_cache.php";
    if (count($bans) > 0) {
        foreach ($bans as $k) {
            if ($nip >= $k['first'] && $nip <= $k['last']) {
                header("HTTP/1.0 403 Forbidden");
                print "<html><body><h1>403 Forbidden</h1>Unauthorized IP address.</body></html>\n";
                exit;
            }
        }
        unset($bans);
    }
    if (!$TBDEV['site_online'] || !get_mycookie('uid') || !get_mycookie('pass')) {
        return;
    }
    $id = 0 + get_mycookie('uid');
    if (!$id || strlen(get_mycookie('pass')) != 32) {
        return;
    }
    $res = mysql_query("SELECT * FROM users WHERE id = {$id} AND enabled='yes' AND status = 'confirmed'");
    // or die(mysql_error());
    $row = mysql_fetch_assoc($res);
    if (!$row) {
        return;
    }
    //$sec = hash_pad($row["secret"]);
    if (get_mycookie('pass') !== $row["passhash"]) {
        return;
    }
    mysql_query("UPDATE users SET last_access='" . TIME_NOW . "', ip=" . sqlesc($ip) . " WHERE id=" . $row["id"]);
    // or die(mysql_error());
    $row['ip'] = $ip;
    $GLOBALS["CURUSER"] = $row;
}
Example #3
0
function userlogin()
{
    global $TBDEV;
    unset($GLOBALS["CURUSER"]);
    $dt = time();
    $ip = getip();
    $nip = ip2long($ip);
    require_once CACHE_DIR . 'bans_cache.php';
    if (count($bans) > 0) {
        foreach ($bans as $k) {
            if ($nip >= $k['first'] && $nip <= $k['last']) {
                header("HTTP/1.0 403 Forbidden");
                print "<html><body><h1>403 Forbidden</h1>Unauthorized IP address.</body></html>\n";
                exit;
            }
        }
        unset($bans);
    }
    if (!$TBDEV['site_online'] || !get_mycookie('uid') || !get_mycookie('pass') || !get_mycookie('hashv')) {
        return;
    }
    $id = 0 + get_mycookie('uid');
    if (!$id or strlen(get_mycookie('pass')) != 32 or get_mycookie('hashv') != hashit($id, get_mycookie('pass'))) {
        return;
    }
    // ==Retro's Announcement mod
    $prefix = 'ChangeMe';
    $res = sql_query("SELECT " . $prefix . ".*, ann_main.subject AS curr_ann_subject, ann_main.body AS curr_ann_body " . "FROM users AS " . $prefix . " " . "LEFT JOIN announcement_main AS ann_main " . "ON ann_main.main_id = " . $prefix . ".curr_ann_id " . "WHERE " . $prefix . ".id = {$id} AND " . $prefix . ".enabled='yes' AND " . $prefix . ".status = 'confirmed'") or sqlerr(__FILE__, __LINE__);
    $row = mysql_fetch_assoc($res);
    if (!$row) {
        return;
    }
    if (get_mycookie('pass') !== md5($row["passhash"] . $_SERVER["REMOTE_ADDR"])) {
        return;
    }
    // If curr_ann_id > 0 but curr_ann_body IS NULL, then force a refresh
    if ($row['curr_ann_id'] > 0 and $row['curr_ann_body'] == NULL) {
        $row['curr_ann_id'] = 0;
        $row['curr_ann_last_check'] = '0';
    }
    // If elapsed > 10 minutes, force a announcement refresh.
    if ($row['curr_ann_last_check'] != '0' and $row['curr_ann_last_check'] < time($dt) - 600) {
        $row['curr_ann_last_check'] = '0';
    }
    if ($row['curr_ann_id'] == 0 and $row['curr_ann_last_check'] == '0') {
        // Force an immediate check...
        $query = sprintf('SELECT m.*,p.process_id FROM announcement_main AS m ' . 'LEFT JOIN announcement_process AS p ON m.main_id = p.main_id ' . 'AND p.user_id = %s ' . 'WHERE p.process_id IS NULL ' . 'OR p.status = 0 ' . 'ORDER BY m.main_id ASC ' . 'LIMIT 1', sqlesc($row['id']));
        $result = sql_query($query);
        if (mysql_num_rows($result)) {
            // Main Result set exists
            $ann_row = mysql_fetch_assoc($result);
            $query = $ann_row['sql_query'];
            // Ensure it only selects...
            if (!preg_match('/\\ASELECT.+?FROM.+?WHERE.+?\\z/', $query)) {
                die;
            }
            // The following line modifies the query to only return the current user
            // row if the existing query matches any attributes.
            $query .= ' AND u.id = ' . sqlesc($row['id']) . ' LIMIT 1';
            $result = sql_query($query);
            if (mysql_num_rows($result)) {
                // Announcement valid for member
                $row['curr_ann_id'] = $ann_row['main_id'];
                // Create two row elements to hold announcement subject and body.
                $row['curr_ann_subject'] = $ann_row['subject'];
                $row['curr_ann_body'] = $ann_row['body'];
                // Create additional set for main UPDATE query.
                $add_set = ', curr_ann_id = ' . sqlesc($ann_row['main_id']);
                $status = 2;
            } else {
                // Announcement not valid for member...
                $add_set = ', curr_ann_last_check = ' . sqlesc($dt);
                $status = 1;
            }
            // Create or set status of process
            if ($ann_row['process_id'] === NULL) {
                // Insert Process result set status = 1 (Ignore)
                $query = sprintf('INSERT INTO announcement_process (main_id, ' . 'user_id, status) VALUES (%s, %s, %s)', sqlesc($ann_row['main_id']), sqlesc($row['id']), sqlesc($status));
            } else {
                // Update Process result set status = 2 (Read)
                $query = sprintf('UPDATE announcement_process SET status = %s ' . 'WHERE process_id = %s', sqlesc($status), sqlesc($ann_row['process_id']));
            }
            sql_query($query);
        } else {
            // No Main Result Set. Set last update to now...
            $add_set = ', curr_ann_last_check = ' . sqlesc($dt);
        }
        unset($result);
        unset($ann_row);
    }
    $ip = $row['class'] >= UC_UPLOADER ? '127.0.0.1' : $ip;
    //==Null Staff ips
    $add_set = isset($add_set) ? $add_set : '';
    if ($row['last_access'] != '0' and $row['last_access'] < time($dt) - 180 || $row['ip'] !== $ip) {
        sql_query("UPDATE users SET last_access=" . sqlesc($dt) . ", ip=" . sqlesc($ip) . $add_set . " WHERE id=" . $row['id']);
        // or die(mysql_error());
        sql_query('INSERT INTO iplog (ip, userid, access) VALUES (' . ip2long($ip) . ', ' . $row['id'] . ', \'' . $row['last_access'] . '\') on DUPLICATE KEY update access=values(access)');
    }
    if ($row['override_class'] < $row['class']) {
        $row['class'] = $row['override_class'];
    }
    // Override class and save in GLOBAL array below.
    $GLOBALS["CURUSER"] = $row;
    get_template();
}
Example #4
0
function userlogin()
{
    global $CONFIG;
    $CURUSER = $updateuser = array();
    if (!$CONFIG['site_online'] || !get_mycookie('uid') || !get_mycookie('pass')) {
        return;
    }
    $id = 0 + get_mycookie('uid');
    if (!$id || strlen(get_mycookie('pass')) != 32) {
        return;
    }
    $res = mysql_query('SELECT * FROM `users` WHERE `id` = ' . $id . ' AND `enabled` = "yes"') or sqlerr(__FILE__, __LINE__);
    $row = mysql_fetch_assoc($res);
    if (!$row) {
        return;
    }
    Isy_user::prepare_curuser($row);
    $nowip = getip();
    if ($CONFIG['IPcookieCheck']) {
        $octet = explode(".", $nowip);
        $md5ip = md5($octet[0] . $row['passhash'] . $octet[1]);
        if (!get_mycookie('ipcheck') or get_mycookie('ipcheck') !== $md5ip) {
            return;
        }
    }
    if (get_mycookie('pass') !== $row["passhash"]) {
        return;
    }
    if ($row['lastseen'] < time() - 300) {
        $updateuser[] = '`lastseen` = ' . time();
    }
    if ($row['ip'] != $nowip) {
        $updateuser[] = '`ip` = ' . sqlesc($nowip);
    }
    if (count($updateuser)) {
        mysql_query('UPDATE `users` SET ' . implode(', ', $updateuser) . ' WHERE `id` = ' . $row['id']) or sqlerr(__FILE__, __LINE__);
    }
    Isy_user::$current = $row;
    $GLOBALS['CURUSER'] =& Isy_user::$current;
}
Example #5
0
function userlogin()
{
    global $INSTALLER09, $mc1, $CURBLOCK;
    unset($GLOBALS["CURUSER"]);
    $dt = time();
    $ip = getip();
    $nip = ip2long($ip);
    if (isset($CURUSER)) {
        return;
    }
    require_once INCL_DIR . 'user_functions.php';
    require_once CACHE_DIR . 'bans_cache.php';
    if (count($bans) > 0) {
        foreach ($bans as $k) {
            if ($nip >= $k['first'] && $nip <= $k['last']) {
                header("HTTP/1.0 403 Forbidden");
                print "<html><body><h1>403 Forbidden</h1>Unauthorized IP address.</body></html>\n";
                exit;
            }
        }
        unset($bans);
    }
    if (!$INSTALLER09['site_online'] || !get_mycookie('uid') || !get_mycookie('pass') || !get_mycookie('hashv')) {
        return;
    }
    $id = 0 + get_mycookie('uid');
    if (!$id or strlen(get_mycookie('pass')) != 32 or get_mycookie('hashv') != hashit($id, get_mycookie('pass'))) {
        return;
    }
    // ==Retro's Announcement mod
    $prefix = '09skan';
    /** let's cache $CURUSER - pdq **/
    $row = $mc1->get_value('MyUser_' . $id);
    if ($row === false) {
        // $row not found
        $res = sql_query("SELECT " . $prefix . ".*, ann_main.subject AS curr_ann_subject, ann_main.body AS curr_ann_body, s.last_status, s.last_update, s.archive FROM users AS " . $prefix . " LEFT JOIN announcement_main AS ann_main " . "ON ann_main.main_id = " . $prefix . ".curr_ann_id LEFT JOIN ustatus as s ON s.userid = " . $prefix . ".id WHERE " . $prefix . ".id = {$id} AND " . $prefix . ".enabled='yes' AND " . $prefix . ".status = 'confirmed'") or sqlerr(__FILE__, __LINE__);
        if (mysql_num_rows($res) == 0) {
            logoutcookie();
            return;
        }
        $row = mysql_fetch_assoc($res);
        //== Do all ints and floats
        $row['id'] = (int) $row['id'];
        $row['added'] = (int) $row['added'];
        $row['last_login'] = (int) $row['last_login'];
        $row['last_access'] = (int) $row['last_access'];
        $row['curr_ann_last_check'] = (int) $row['curr_ann_last_check'];
        $row['curr_ann_id'] = (int) $row['curr_ann_id'];
        $row['stylesheet'] = (int) $row['stylesheet'];
        $row['class'] = (int) $row['class'];
        $row['override_class'] = (int) $row['override_class'];
        $row['av_w'] = (int) $row['av_w'];
        $row['av_h'] = (int) $row['av_h'];
        $row['uploaded'] = (double) $row['uploaded'];
        $row['downloaded'] = (double) $row['downloaded'];
        $row['country'] = (int) $row['country'];
        $row['warned'] = (int) $row['warned'];
        $row['torrentsperpage'] = (int) $row['torrentsperpage'];
        $row['topicsperpage'] = (int) $row['topicsperpage'];
        $row['postsperpage'] = (int) $row['postsperpage'];
        $row['reputation'] = (int) $row['reputation'];
        $row['time_offset'] = (double) $row['time_offset'];
        $row['dst_in_use'] = (int) $row['dst_in_use'];
        $row['auto_correct_dst'] = (int) $row['auto_correct_dst'];
        $row['chatpost'] = (int) $row['chatpost'];
        $row['smile_until'] = (int) $row['smile_until'];
        $row['seedbonus'] = (double) $row['seedbonus'];
        $row['vip_until'] = (int) $row['vip_until'];
        $row['freeslots'] = (int) $row['freeslots'];
        $row['free_switch'] = (int) $row['free_switch'];
        $row['invites'] = (int) $row['invites'];
        $row['invitedby'] = (int) $row['invitedby'];
        $row['anonymous'] = $row['anonymous'];
        $row['uploadpos'] = (int) $row['uploadpos'];
        $row['forumpost'] = (int) $row['forumpost'];
        $row['downloadpos'] = (int) $row['downloadpos'];
        $row['immunity'] = (int) $row['immunity'];
        $row['leechwarn'] = (int) $row['leechwarn'];
        $row['last_browse'] = (int) $row['last_browse'];
        $row['sig_w'] = (int) $row['sig_w'];
        $row['sig_h'] = (int) $row['sig_h'];
        $row['forum_access'] = (int) $row['forum_access'];
        $row['hit_and_run_total'] = (int) $row['hit_and_run_total'];
        $row['donoruntil'] = (int) $row['donoruntil'];
        $row['donated'] = (int) $row['donated'];
        $row['total_donated'] = (double) $row['total_donated'];
        $row['vipclass_before'] = (int) $row['vipclass_before'];
        $row['passhint'] = (int) $row['passhint'];
        $row['avatarpos'] = (int) $row['avatarpos'];
        $row['sendpmpos'] = (int) $row['sendpmpos'];
        $row['invitedate'] = (int) $row['invitedate'];
        $row['anonymous_until'] = (int) $row['anonymous_until'];
        $row['pirate'] = (int) $row['pirate'];
        $row['king'] = (int) $row['king'];
        $row['ssluse'] = (int) $row['ssluse'];
        $row['paranoia'] = (int) $row['paranoia'];
        $row['parked_until'] = (int) $row['parked_until'];
        $row['bjwins'] = (int) $row['bjwins'];
        $row['bjlosses'] = (int) $row['bjlosses'];
        $row['irctotal'] = (int) $row['irctotal'];
        $row['last_access_numb'] = (int) $row['last_access_numb'];
        $row['onlinetime'] = (int) $row['onlinetime'];
        $ratio = $row['downloaded'] > 0 ? $row['uploaded'] / $row['downloaded'] : 0;
        $row['ratio'] = number_format($ratio, 2);
        $row['rep'] = get_reputation($row);
        $mc1->cache_value('MyUser_' . $id, $row, $INSTALLER09['expires']['curuser']);
        // set $Cache
        unset($res);
    }
    if (get_mycookie('pass') !== md5($row["passhash"] . $_SERVER["REMOTE_ADDR"])) {
        return;
    }
    //==Allowed staff
    if ($row["class"] >= UC_STAFF) {
        $allowed_ID = $INSTALLER09['allowed_staff']['id'];
        if (!in_array((int) $row["id"], $allowed_ID, true)) {
            $msg = "Fake Account Detected: Username: "******"username"] . " - UserID: " . $row["id"] . " - UserIP : " . getip();
            /** Demote and disable **/
            sql_query("UPDATE users SET enabled = 'no', class = 0 WHERE id =" . sqlesc($row["id"]) . "") or sqlerr(__FILE__, __LINE__);
            write_log($msg);
            autoshout($msg);
            logoutcookie();
        }
    }
    // If curr_ann_id > 0 but curr_ann_body IS NULL, then force a refresh
    if ($row['curr_ann_id'] > 0 and $row['curr_ann_body'] == NULL) {
        $row['curr_ann_id'] = 0;
        $row['curr_ann_last_check'] = '0';
    }
    // If elapsed > 10 minutes, force a announcement refresh.
    if ($row['curr_ann_last_check'] != '0' and $row['curr_ann_last_check'] < time($dt) - 600) {
        $row['curr_ann_last_check'] = '0';
    }
    if ($row['curr_ann_id'] == 0 and $row['curr_ann_last_check'] == '0') {
        // Force an immediate check...
        $query = sprintf('SELECT m.*,p.process_id FROM announcement_main AS m ' . 'LEFT JOIN announcement_process AS p ON m.main_id = p.main_id ' . 'AND p.user_id = %s ' . 'WHERE p.process_id IS NULL ' . 'OR p.status = 0 ' . 'ORDER BY m.main_id ASC ' . 'LIMIT 1', sqlesc($row['id']));
        $result = sql_query($query);
        if (mysql_num_rows($result)) {
            // Main Result set exists
            $ann_row = mysql_fetch_assoc($result);
            $query = $ann_row['sql_query'];
            // Ensure it only selects...
            if (!preg_match('/\\ASELECT.+?FROM.+?WHERE.+?\\z/', $query)) {
                die;
            }
            // The following line modifies the query to only return the current user
            // row if the existing query matches any attributes.
            $query .= ' AND u.id = ' . sqlesc($row['id']) . ' LIMIT 1';
            $result = sql_query($query);
            if (mysql_num_rows($result)) {
                // Announcement valid for member
                $row['curr_ann_id'] = $ann_row['main_id'];
                // Create two row elements to hold announcement subject and body.
                $row['curr_ann_subject'] = $ann_row['subject'];
                $row['curr_ann_body'] = $ann_row['body'];
                // Create additional set for main UPDATE query.
                $add_set = ', curr_ann_id = ' . sqlesc($ann_row['main_id']);
                $status = 2;
            } else {
                // Announcement not valid for member...
                $add_set = ', curr_ann_last_check = ' . sqlesc($dt);
                $status = 1;
            }
            // Create or set status of process
            if ($ann_row['process_id'] === NULL) {
                // Insert Process result set status = 1 (Ignore)
                $query = sprintf('INSERT INTO announcement_process (main_id, ' . 'user_id, status) VALUES (%s, %s, %s)', sqlesc($ann_row['main_id']), sqlesc($row['id']), sqlesc($status));
            } else {
                // Update Process result set status = 2 (Read)
                $query = sprintf('UPDATE announcement_process SET status = %s ' . 'WHERE process_id = %s', sqlesc($status), sqlesc($ann_row['process_id']));
            }
            sql_query($query);
        } else {
            // No Main Result Set. Set last update to now...
            $add_set = ', curr_ann_last_check = ' . sqlesc($dt);
        }
        unset($result);
        unset($ann_row);
    }
    if ($row['ssluse'] > 1 && !isset($_SERVER['HTTPS']) && !defined('NO_FORCE_SSL')) {
        $INSTALLER09['baseurl'] = str_replace('http', 'https', $INSTALLER09['baseurl']);
        header('Location: ' . $INSTALLER09['baseurl'] . $_SERVER['REQUEST_URI']);
        exit;
    }
    //== bitwise curuser bloks by pdq
    $blocks_key = 'blocks::' . $row['id'];
    $CURBLOCK = $mc1->get_value($blocks_key);
    if ($CURBLOCK === false) {
        $c_sql = sql_query('SELECT * FROM user_blocks WHERE userid = ' . $row['id']) or sqlerr(__FILE__, __LINE__);
        if (mysql_num_rows($c_sql) == 0) {
            sql_query('INSERT INTO user_blocks(userid) VALUES(' . $row['id'] . ')');
            header('Location: index.php');
            die;
        }
        $CURBLOCK = mysql_fetch_assoc($c_sql);
        $CURBLOCK['index_page'] = (int) $CURBLOCK['index_page'];
        $CURBLOCK['global_stdhead'] = (int) $CURBLOCK['global_stdhead'];
        $mc1->cache_value($blocks_key, $CURBLOCK, 0);
    }
    //== online time pdq
    $userupdate0 = 'onlinetime = onlinetime + 0';
    $new_time = TIME_NOW - $row['last_access_numb'];
    if ($new_time < 300) {
        $userupdate0 = "onlinetime = onlinetime + " . $new_time;
    }
    $userupdate1 = "last_access_numb = " . TIME_NOW;
    //end online-time
    $add_set = isset($add_set) ? $add_set : '';
    if ($row['ip'] !== $ip) {
        sql_query("UPDATE users SET last_access=" . TIME_NOW . ", {$userupdate0}, {$userupdate1}, ip=" . sqlesc($ip) . $add_set . " WHERE id=" . $row['id']);
        // or die(mysql_error());
        $mc1->delete_value('MyUser_' . $row['id']);
    } elseif ($row['last_access'] != '0' and $row['last_access'] < time($dt) - 180) {
        sql_query("UPDATE users SET last_access=" . TIME_NOW . ", {$userupdate0}, {$userupdate1}, ip=" . sqlesc($ip) . $add_set . " WHERE id=" . $row['id']);
        // or die(mysql_error());
        $mc1->delete_value('MyUser_' . $row['id']);
    }
    //==
    if ($row['override_class'] < $row['class']) {
        $row['class'] = $row['override_class'];
    }
    // Override class and save in GLOBAL array below.
    $GLOBALS["CURUSER"] = $row;
    get_template();
}
Example #6
0
function userlogin()
{
    global $INSTALLER09, $mc1, $CURBLOCK, $mood, $whereis;
    unset($GLOBALS["CURUSER"]);
    $dt = TIME_NOW;
    $ip = getip();
    $nip = ip2long($ip);
    $ipf = $_SERVER['REMOTE_ADDR'];
    if (isset($CURUSER)) {
        return;
    }
    if (!$INSTALLER09['site_online'] || !get_mycookie('uid') || !get_mycookie('pass') || !get_mycookie('hashv')) {
        return;
    }
    $id = 0 + get_mycookie('uid');
    if (!$id or strlen(get_mycookie('pass')) != 32 or get_mycookie('hashv') != hashit($id, get_mycookie('pass'))) {
        return;
    }
    // let's cache $CURUSER - pdq
    if (($row = $mc1->get_value('MyUser_' . $id)) === false) {
        // $row not found
        $user_fields = 'id, username, passhash, secret, passkey, email, status, added, ' . 'last_login, last_access, curr_ann_last_check, curr_ann_id, editsecret, privacy, stylesheet, ' . 'info, acceptpms, ip, class, override_class, language, avatar, av_w, av_h, ' . 'title, country, notifs, enabled, donor, warned, torrentsperpage, topicsperpage, ' . 'postsperpage, deletepms, savepms, reputation, time_offset, dst_in_use, auto_correct_dst, ' . 'show_shout, show_staffshout, shoutboxbg, chatpost, smile_until, vip_added, vip_until, ' . 'freeslots, free_switch, invites, invitedby, invite_rights, anonymous, uploadpos, forumpost, ' . 'downloadpos, immunity, leechwarn, disable_reason, clear_new_tag_manually, last_browse, sig_w, ' . 'sig_h, signatures, signature, forum_access, highspeed, hnrwarn, hit_and_run_total, donoruntil, ' . 'donated, total_donated, vipclass_before, parked, passhint, hintanswer, avatarpos, support, ' . 'supportfor, sendpmpos, invitedate, invitees, invite_on, subscription_pm, gender, anonymous_until, ' . 'viewscloud, tenpercent, avatars, offavatar, pirate, king, hidecur, ssluse, signature_post, forum_post, ' . 'avatar_rights, offensive_avatar, view_offensive_avatar, paranoia, google_talk, msn, aim, yahoo, website, ' . 'icq, show_email, parked_until, gotgift, hash1, suspended, bjwins, bjlosses, warn_reason, onirc, irctotal, ' . 'birthday, got_blocks, last_access_numb, onlinetime, pm_on_delete, commentpm, split, browser, hits, ' . 'comments, categorie_icon, reputation, perms, mood, got_moods, pms_per_page, show_pm_avatar, watched_user, game_access, browse_icons';
        $res = sql_query("SELECT " . $user_fields . " " . "FROM users " . "WHERE id = " . sqlesc($id) . " " . "AND enabled='yes' " . "AND status = 'confirmed'") or sqlerr(__FILE__, __LINE__);
        if (mysqli_num_rows($res) == 0) {
            logoutcookie();
            return;
        }
        $row = mysqli_fetch_assoc($res);
        // Do all ints and floats
        $row['id'] = (int) $row['id'];
        $row['added'] = (int) $row['added'];
        $row['last_login'] = (int) $row['last_login'];
        $row['last_access'] = (int) $row['last_access'];
        $row['curr_ann_last_check'] = (int) $row['curr_ann_last_check'];
        $row['curr_ann_id'] = (int) $row['curr_ann_id'];
        $row['stylesheet'] = (int) $row['stylesheet'];
        $row['class'] = (int) $row['class'];
        $row['override_class'] = (int) $row['override_class'];
        $row['av_w'] = (int) $row['av_w'];
        $row['av_h'] = (int) $row['av_h'];
        $row['country'] = (int) $row['country'];
        $row['warned'] = (int) $row['warned'];
        $row['torrentsperpage'] = (int) $row['torrentsperpage'];
        $row['topicsperpage'] = (int) $row['topicsperpage'];
        $row['postsperpage'] = (int) $row['postsperpage'];
        $row['reputation'] = (int) $row['reputation'];
        $row['time_offset'] = (double) $row['time_offset'];
        $row['dst_in_use'] = (int) $row['dst_in_use'];
        $row['auto_correct_dst'] = (int) $row['auto_correct_dst'];
        $row['chatpost'] = (int) $row['chatpost'];
        $row['smile_until'] = (int) $row['smile_until'];
        $row['vip_until'] = (int) $row['vip_until'];
        $row['freeslots'] = (int) $row['freeslots'];
        $row['free_switch'] = (int) $row['free_switch'];
        $row['invites'] = (int) $row['invites'];
        $row['invitedby'] = (int) $row['invitedby'];
        $row['anonymous'] = $row['anonymous'];
        $row['uploadpos'] = (int) $row['uploadpos'];
        $row['forumpost'] = (int) $row['forumpost'];
        $row['downloadpos'] = (int) $row['downloadpos'];
        $row['immunity'] = (int) $row['immunity'];
        $row['leechwarn'] = (int) $row['leechwarn'];
        $row['last_browse'] = (int) $row['last_browse'];
        $row['sig_w'] = (int) $row['sig_w'];
        $row['sig_h'] = (int) $row['sig_h'];
        $row['forum_access'] = (int) $row['forum_access'];
        $row['hit_and_run_total'] = (int) $row['hit_and_run_total'];
        $row['donoruntil'] = (int) $row['donoruntil'];
        $row['donated'] = (int) $row['donated'];
        $row['total_donated'] = (double) $row['total_donated'];
        $row['vipclass_before'] = (int) $row['vipclass_before'];
        $row['passhint'] = (int) $row['passhint'];
        $row['avatarpos'] = (int) $row['avatarpos'];
        $row['language'] = (int) $row['language'];
        $row['sendpmpos'] = (int) $row['sendpmpos'];
        $row['invitedate'] = (int) $row['invitedate'];
        $row['anonymous_until'] = (int) $row['anonymous_until'];
        $row['pirate'] = (int) $row['pirate'];
        $row['king'] = (int) $row['king'];
        $row['ssluse'] = (int) $row['ssluse'];
        $row['paranoia'] = (int) $row['paranoia'];
        $row['parked_until'] = (int) $row['parked_until'];
        $row['bjwins'] = (int) $row['bjwins'];
        $row['bjlosses'] = (int) $row['bjlosses'];
        $row['irctotal'] = (int) $row['irctotal'];
        $row['last_access_numb'] = (int) $row['last_access_numb'];
        $row['onlinetime'] = (int) $row['onlinetime'];
        $row['categorie_icon'] = (int) $row['categorie_icon'];
        $row['perms'] = (int) $row['perms'];
        $row['mood'] = (int) $row['mood'];
        $row['watched_user'] = (int) $row['watched_user'];
        $row['pms_per_page'] = (int) $row['pms_per_page'];
        $row['game_access'] = (int) $row['game_access'];
        $row['rep'] = get_reputation($row);
        $mc1->cache_value('MyUser_' . $id, $row, $INSTALLER09['expires']['curuser']);
        unset($res);
    }
    //==
    if (get_mycookie('pass') !== md5($row["passhash"] . $_SERVER["REMOTE_ADDR"])) {
        logoutcookie();
        return;
    }
    // bans by djGrrr <3 pdq
    if (!isset($row['perms']) || !($row['perms'] & bt_options::PERMS_BYPASS_BAN)) {
        $banned = false;
        if (check_bans($ip, $reason)) {
            $banned = true;
        } else {
            if ($ip != $ipf) {
                if (check_bans($ipf, $reason)) {
                    $banned = true;
                }
            }
        }
        if ($banned) {
            header('Content-Type: text/html; charset=utf-8');
            echo '<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
      <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"><head>
      <title>Forbidden</title>
      </head><body>
      <h1>403 Forbidden</h1>Unauthorized IP address!
      <p>Reason: <strong>' . htmlsafechars($reason) . '</strong></p>
      </body></html>';
            die;
        }
    }
    // Allowed staff
    if ($row["class"] >= UC_STAFF) {
        $allowed_ID = $INSTALLER09['allowed_staff']['id'];
        if (!in_array((int) $row["id"], $allowed_ID, true)) {
            $msg = "Fake Account Detected: Username: "******"username"]) . " - UserID: " . (int) $row["id"] . " - UserIP : " . getip();
            // Demote and disable
            sql_query("UPDATE users SET enabled = 'no', class = 0 WHERE id =" . sqlesc($row["id"])) or sqlerr(__FILE__, __LINE__);
            $mc1->begin_transaction('MyUser_' . $row['id']);
            $mc1->update_row(false, array('enabled' => 'no', 'class' => 0));
            $mc1->commit_transaction($INSTALLER09['expires']['curuser']);
            $mc1->begin_transaction('user' . $row['id']);
            $mc1->update_row(false, array('enabled' => 'no', 'class' => 0));
            $mc1->commit_transaction($INSTALLER09['expires']['user_cache']);
            write_log($msg);
            logoutcookie();
        }
    }
    // user stats
    if (($stats = $mc1->get_value('userstats_' . $id)) === false) {
        $sql = sql_query('SELECT uploaded, downloaded, seedbonus FROM users WHERE id = ' . sqlesc($id)) or sqlerr(__FILE__, __LINE__);
        $stats = mysqli_fetch_assoc($sql);
        $stats['seedbonus'] = (double) $stats['seedbonus'];
        $stats['uploaded'] = (double) $stats['uploaded'];
        $stats['downloaded'] = (double) $stats['downloaded'];
        $ratio = $stats['downloaded'] > 0 ? $stats['uploaded'] / $stats['downloaded'] : 0;
        $stats['ratio'] = number_format($ratio, 2);
        $mc1->cache_value('userstats_' . $id, $stats, $INSTALLER09['expires']['u_stats']);
        // 5 mins
    }
    $row['seedbonus'] = $stats['seedbonus'];
    $row['uploaded'] = $stats['uploaded'];
    $row['downloaded'] = $stats['downloaded'];
    $row['ratio'] = $stats['ratio'];
    //==
    if (($ustatus = $mc1->get_value('userstatus_' . $id)) === false) {
        $sql2 = sql_query('SELECT * FROM ustatus WHERE userid = ' . sqlesc($id));
        if (mysqli_num_rows($sql2)) {
            $ustatus = mysqli_fetch_assoc($sql2);
        } else {
            $ustatus = array('last_status' => '', 'last_update' => 0, 'archive' => '');
        }
        $mc1->add_value('userstatus_' . $id, $ustatus, $INSTALLER09['expires']['u_status']);
        // 30 days
    }
    $row['last_status'] = $ustatus['last_status'];
    $row['last_update'] = $ustatus['last_update'];
    $row['archive'] = $ustatus['archive'];
    //==
    if ($row['ssluse'] > 1 && !isset($_SERVER['HTTPS']) && !defined('NO_FORCE_SSL')) {
        $INSTALLER09['baseurl'] = str_replace('http', 'https', $INSTALLER09['baseurl']);
        header('Location: ' . $INSTALLER09['baseurl'] . $_SERVER['REQUEST_URI']);
        exit;
    }
    // bitwise curuser bloks by pdq
    $blocks_key = 'blocks::' . $row['id'];
    if (($CURBLOCK = $mc1->get_value($blocks_key)) === false) {
        $c_sql = sql_query('SELECT * FROM user_blocks WHERE userid = ' . sqlesc($row['id'])) or sqlerr(__FILE__, __LINE__);
        if (mysqli_num_rows($c_sql) == 0) {
            sql_query('INSERT INTO user_blocks(userid) VALUES(' . sqlesc($row['id']) . ')');
            header('Location: index.php');
            die;
        }
        $CURBLOCK = mysqli_fetch_assoc($c_sql);
        $CURBLOCK['index_page'] = (int) $CURBLOCK['index_page'];
        $CURBLOCK['global_stdhead'] = (int) $CURBLOCK['global_stdhead'];
        $CURBLOCK['userdetails_page'] = (int) $CURBLOCK['userdetails_page'];
        $mc1->cache_value($blocks_key, $CURBLOCK, 0);
    }
    //== online time pdq, original code by superman
    $userupdate0 = 'onlinetime = onlinetime + 0';
    $new_time = TIME_NOW - $row['last_access_numb'];
    $update_time = 0;
    if ($new_time < 300) {
        $userupdate0 = "onlinetime = onlinetime + " . $new_time;
        $update_time = $new_time;
    }
    $userupdate1 = "last_access_numb = " . TIME_NOW;
    //end online-time
    $update_time = $row['onlinetime'] + $update_time;
    if ($row['last_access'] != '0' and $row['last_access'] < TIME_NOW - 180) {
        sql_query("UPDATE users SET last_access=" . TIME_NOW . ", {$userupdate0}, {$userupdate1} WHERE id=" . sqlesc($row['id']));
        $mc1->begin_transaction('MyUser_' . $row['id']);
        $mc1->update_row(false, array('last_access' => TIME_NOW, 'onlinetime' => $update_time, 'last_access_numb' => TIME_NOW));
        $mc1->commit_transaction($INSTALLER09['expires']['curuser']);
        $mc1->begin_transaction('user' . $row['id']);
        $mc1->update_row(false, array('last_access' => TIME_NOW, 'onlinetime' => $update_time, 'last_access_numb' => TIME_NOW));
        $mc1->commit_transaction($INSTALLER09['expires']['user_cache']);
    }
    //==
    if ($row['override_class'] < $row['class']) {
        $row['class'] = $row['override_class'];
    }
    // Override class and save in GLOBAL array below.
    $GLOBALS["CURUSER"] = $row;
    get_template();
    $mood = create_moods();
}