function userlogin()
{
global $INSTALLER09, $mc1, $CURBLOCK, $mood, $whereis, $CURUSER;
unset($GLOBALS["CURUSER"]);
$dt = TIME_NOW;
$ip = getip();
$nip = ip2long($ip);
$ipf = $_SERVER['REMOTE_ADDR'];
if (isset($CURUSER)) {
return;
}
if (!$INSTALLER09['site_online'] || !get_mycookie('uid') || !get_mycookie('pass') || !get_mycookie('hashv')) {
return;
}
$id = (int) get_mycookie('uid');
if (!$id or strlen(get_mycookie('pass')) != 32 or get_mycookie('hashv') != hashit($id, get_mycookie('pass'))) {
return;
}
// let's cache $CURUSER - pdq - *Updated*
if (($row = $mc1->get_value('MyUser_' . $id)) === false) {
// $row not found
$user_fields_ar_int = array('id', 'added', 'last_login', 'last_access', 'curr_ann_last_check', 'curr_ann_id', 'stylesheet', 'class', 'override_class', 'language', 'av_w', 'av_h', 'country', 'warned', 'torrentsperpage', 'topicsperpage', 'postsperpage', 'reputation', 'dst_in_use', 'auto_correct_dst', 'chatpost', 'smile_until', 'vip_until', 'freeslots', 'free_switch', 'reputation', 'invites', 'invitedby', 'uploadpos', 'forumpost', 'downloadpos', 'immunity', 'leechwarn', 'last_browse', 'sig_w', 'sig_h', 'forum_access', 'hit_and_run_total', 'donoruntil', 'donated', 'vipclass_before', 'passhint', 'avatarpos', 'sendpmpos', 'invitedate', 'anonymous_until', 'pirate', 'king', 'ssluse', 'paranoia', 'parked_until', 'bjwins', 'bjlosses', 'irctotal', 'last_access_numb', 'onlinetime', 'hits', 'comments', 'categorie_icon', 'perms', 'mood', 'pms_per_page', 'watched_user', 'game_access', 'opt1', 'opt2', 'can_leech', 'wait_time', 'torrents_limit', 'peers_limit', 'torrent_pass_version');
$user_fields_ar_float = array('time_offset', 'total_donated');
$user_fields_ar_str = array('username', 'passhash', 'secret', 'torrent_pass', 'email', 'status', 'editsecret', 'privacy', 'info', 'acceptpms', 'ip', 'avatar', 'title', 'notifs', 'enabled', 'donor', 'deletepms', 'savepms', 'show_shout', 'show_staffshout', 'shoutboxbg', 'vip_added', 'invite_rights', 'anonymous', 'disable_reason', 'clear_new_tag_manually', 'signatures', 'signature', 'highspeed', 'hnrwarn', 'parked', 'hintanswer', 'support', 'supportfor', 'invitees', 'invite_on', 'subscription_pm', 'gender', 'viewscloud', 'tenpercent', 'avatars', 'offavatar', 'hidecur', 'signature_post', 'forum_post', 'avatar_rights', 'offensive_avatar', 'view_offensive_avatar', 'google_talk', 'msn', 'aim', 'yahoo', 'website', 'icq', 'show_email', 'gotgift', 'hash1', 'suspended', 'warn_reason', 'onirc', 'birthday', 'got_blocks', 'pm_on_delete', 'commentpm', 'split', 'browser', 'got_moods', 'show_pm_avatar', 'watched_user_reason', 'staff_notes', 'where_is', 'forum_sort', 'browse_icons');
$user_fields = implode(', ', array_merge($user_fields_ar_int, $user_fields_ar_float, $user_fields_ar_str));
$res = sql_query("SELECT " . $user_fields . " " . "FROM users " . "WHERE id = " . sqlesc($id) . " " . "AND enabled='yes' " . "AND status = 'confirmed'") or sqlerr(__FILE__, __LINE__);
if (mysqli_num_rows($res) == 0) {
$salty = md5("Th15T3xtis5add3dto66uddy6he@water..." . $row['username'] . "");
header("Location: {$INSTALLER09['baseurl']}/logout.php?hash_please={$salty}");
//die;
return;
}
$row = mysqli_fetch_assoc($res);
foreach ($user_fields_ar_int as $i) {
$row[$i] = (int) $row[$i];
}
foreach ($user_fields_ar_float as $i) {
$row[$i] = (double) $row[$i];
}
foreach ($user_fields_ar_str as $i) {
$row[$i] = $row[$i];
}
$mc1->cache_value('MyUser_' . $id, $row, $INSTALLER09['expires']['curuser']);
unset($res);
}
//==
if (get_mycookie('pass') !== md5($row["passhash"] . $_SERVER["REMOTE_ADDR"])) {
$salty = md5("Th15T3xtis5add3dto66uddy6he@water..." . $row['username'] . "");
header("Location: {$INSTALLER09['baseurl']}/logout.php?hash_please={$salty}");
//die;
return;
}
// bans by djGrrr <3 pdq
if (!isset($row['perms']) || !($row['perms'] & bt_options::PERMS_BYPASS_BAN)) {
$banned = false;
if (check_bans($ip, $reason)) {
$banned = true;
} else {
if ($ip != $ipf) {
if (check_bans($ipf, $reason)) {
$banned = true;
}
}
}
if ($banned) {
header('Content-Type: text/html; charset=utf-8');
echo '<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"><head>
<title>Forbidden</title>
</head><body>
<h1>403 Forbidden</h1>Unauthorized IP address!
<p>Reason: <strong>' . htmlsafechars($reason) . '</strong></p>
</body></html>';
die;
}
}
// Allowed staff
if ($row["class"] >= UC_STAFF) {
$allowed_ID = $INSTALLER09['allowed_staff']['id'];
if (!in_array((int) $row["id"], $allowed_ID, true)) {
$msg = "Fake Account Detected: Username: "******"username"]) . " - UserID: " . (int) $row["id"] . " - UserIP : " . getip();
// Demote and disable
sql_query("UPDATE users SET enabled = 'no', class = 0 WHERE id =" . sqlesc($row["id"])) or sqlerr(__FILE__, __LINE__);
$mc1->begin_transaction('MyUser_' . $row['id']);
$mc1->update_row(false, array('enabled' => 'no', 'class' => 0));
$mc1->commit_transaction($INSTALLER09['expires']['curuser']);
$mc1->begin_transaction('user' . $row['id']);
$mc1->update_row(false, array('enabled' => 'no', 'class' => 0));
$mc1->commit_transaction($INSTALLER09['expires']['user_cache']);
write_log($msg);
$salty = md5("Th15T3xtis5add3dto66uddy6he@water..." . $row['username'] . "");
header("Location: {$INSTALLER09['baseurl']}/logout.php?hash_please={$salty}");
die;
}
}
// user stats - *Updated*
$What_Cache = XBT_TRACKER == true ? 'userstats_xbt_' : 'userstats_';
if (($stats = $mc1->get_value($What_Cache . $id)) === false) {
$What_Expire = XBT_TRACKER == true ? $INSTALLER09['expires']['u_stats_xbt'] : $INSTALLER09['expires']['u_stats'];
$stats_fields_ar_int = array('uploaded', 'downloaded');
$stats_fields_ar_float = array('seedbonus');
$stats_fields_ar_str = array('modcomment', 'bonuscomment');
$stats_fields = implode(', ', array_merge($stats_fields_ar_int, $stats_fields_ar_float, $stats_fields_ar_str));
$s = sql_query("SELECT " . $stats_fields . " FROM users WHERE id=" . sqlesc($id)) or sqlerr(__FILE__, __LINE__);
$stats = mysqli_fetch_assoc($s);
foreach ($stats_fields_ar_int as $i) {
$stats[$i] = (int) $stats[$i];
}
foreach ($stats_fields_ar_float as $i) {
$stats[$i] = (double) $stats[$i];
}
foreach ($stats_fields_ar_str as $i) {
$stats[$i] = $stats[$i];
}
$mc1->cache_value($What_Cache . $id, $stats, $What_Expire);
}
$row['seedbonus'] = $stats['seedbonus'];
$row['uploaded'] = $stats['uploaded'];
$row['downloaded'] = $stats['downloaded'];
//==
if (($ustatus = $mc1->get_value('userstatus_' . $id)) === false) {
$sql2 = sql_query('SELECT * FROM ustatus WHERE userid = ' . sqlesc($id));
if (mysqli_num_rows($sql2)) {
$ustatus = mysqli_fetch_assoc($sql2);
} else {
$ustatus = array('last_status' => '', 'last_update' => 0, 'archive' => '');
}
$mc1->add_value('userstatus_' . $id, $ustatus, $INSTALLER09['expires']['u_status']);
// 30 days
}
$row['last_status'] = $ustatus['last_status'];
$row['last_update'] = $ustatus['last_update'];
$row['archive'] = $ustatus['archive'];
//==
if ($row['ssluse'] > 1 && !isset($_SERVER['HTTPS']) && !defined('NO_FORCE_SSL')) {
$INSTALLER09['baseurl'] = str_replace('http', 'https', $INSTALLER09['baseurl']);
header('Location: ' . $INSTALLER09['baseurl'] . $_SERVER['REQUEST_URI']);
exit;
}
// bitwise curuser bloks by pdq
$blocks_key = 'blocks::' . $row['id'];
if (($CURBLOCK = $mc1->get_value($blocks_key)) === false) {
$c_sql = sql_query('SELECT * FROM user_blocks WHERE userid = ' . sqlesc($row['id'])) or sqlerr(__FILE__, __LINE__);
if (mysqli_num_rows($c_sql) == 0) {
sql_query('INSERT INTO user_blocks(userid) VALUES(' . sqlesc($row['id']) . ')');
header('Location: index.php');
die;
}
$CURBLOCK = mysqli_fetch_assoc($c_sql);
$CURBLOCK['index_page'] = (int) $CURBLOCK['index_page'];
$CURBLOCK['global_stdhead'] = (int) $CURBLOCK['global_stdhead'];
$CURBLOCK['userdetails_page'] = (int) $CURBLOCK['userdetails_page'];
$mc1->cache_value($blocks_key, $CURBLOCK, 0);
}
//== where is by putyn
$where_is['username'] = htmlsafechars($row['username']);
$whereis_array = array('index' => '%s is viewing the <a href="%s">home page</a>', 'browse' => '%s is viewing the <a href="%s">torrents page</a>', 'requests' => '%s is viewing the <a href="%s">requests page</a>', 'upload' => '%s is viewing the <a href="%s">upload page</a>', 'casino' => '%s is viewing the <a href="%s">casino page</a>', 'blackjack' => '%s is viewing the <a href="%s">blackjack page</a>', 'bet' => '%s is viewing the <a href="%s">bet page</a>', 'forums' => '%s is viewing the <a href="%s">forums page</a>', 'chat' => '%s is viewing the <a href="%s">irc page</a>', 'topten' => '%s is viewing the <a href="%s">statistics page</a>', 'faq' => '%s is viewing the <a href="%s">faq page</a>', 'rules' => '%s is viewing the <a href="%s">rules page</a>', 'staff' => '%s is viewing the <a href="%s">staff page</a>', 'announcement' => '%s is viewing the <a href="%s">announcements page</a>', 'usercp' => '%s is viewing the <a href="%s">usercp page</a>', 'offers' => '%s is viewing the <a href="%s">offers page</a>', 'pm_system' => '%s is viewing the <a href="%s">mailbox page</a>', 'userdetails' => '%s is viewing the <a href="%s">personal profile page</a>', 'details' => '%s is viewing the <a href="%s">torrents details page</a>', 'unknown' => '%s location is unknown');
if (preg_match('/\\/(.*?)\\.php/is', $_SERVER['REQUEST_URI'], $whereis_temp)) {
if (isset($whereis_array[$whereis_temp[1]])) {
$whereis = sprintf($whereis_array[$whereis_temp[1]], $where_is['username'], htmlsafechars($_SERVER['REQUEST_URI']));
} else {
$whereis = sprintf($whereis_array['unknown'], $where_is['username']);
}
} else {
$whereis = sprintf($whereis_array['unknown'], $where_is['username']);
}
//== online time pdq, original code by superman
$userupdate0 = 'onlinetime = onlinetime + 0';
$new_time = TIME_NOW - $row['last_access_numb'];
$update_time = 0;
if ($new_time < 300) {
$userupdate0 = "onlinetime = onlinetime + " . $new_time;
$update_time = $new_time;
}
$userupdate1 = "last_access_numb = " . TIME_NOW;
//end online-time
$update_time = $row['onlinetime'] + $update_time;
//ip=".sqlesc($ip).", OR $row['ip'] !== $ip OR $row['ip'] == '', 'ip' => $ip,
if ($row['last_access'] != '0' and $row['last_access'] < TIME_NOW - 180) {
sql_query("UPDATE users SET where_is =" . sqlesc($whereis) . ", last_access=" . TIME_NOW . ", {$userupdate0}, {$userupdate1} WHERE id=" . sqlesc($row['id']));
$mc1->begin_transaction('MyUser_' . $row['id']);
$mc1->update_row(false, array('last_access' => TIME_NOW, 'onlinetime' => $update_time, 'last_access_numb' => TIME_NOW, 'where_is' => $whereis));
$mc1->commit_transaction($INSTALLER09['expires']['curuser']);
$mc1->begin_transaction('user' . $row['id']);
$mc1->update_row(false, array('last_access' => TIME_NOW, 'onlinetime' => $update_time, 'last_access_numb' => TIME_NOW, 'where_is' => $whereis));
$mc1->commit_transaction($INSTALLER09['expires']['user_cache']);
}
//==
if ($row['override_class'] < $row['class']) {
$row['class'] = $row['override_class'];
}
// Override class and save in GLOBAL array below.
$GLOBALS["CURUSER"] = $row;
get_template();
$mood = create_moods();
}
function userlogin()
{
global $TBDEV;
unset($GLOBALS["CURUSER"]);
$ip = getip();
$nip = ip2long($ip);
require_once "cache/bans_cache.php";
if (count($bans) > 0) {
foreach ($bans as $k) {
if ($nip >= $k['first'] && $nip <= $k['last']) {
header("HTTP/1.0 403 Forbidden");
print "<html><body><h1>403 Forbidden</h1>Unauthorized IP address.</body></html>\n";
exit;
}
}
unset($bans);
}
if (!$TBDEV['site_online'] || !get_mycookie('uid') || !get_mycookie('pass')) {
return;
}
$id = 0 + get_mycookie('uid');
if (!$id || strlen(get_mycookie('pass')) != 32) {
return;
}
$res = mysql_query("SELECT * FROM users WHERE id = {$id} AND enabled='yes' AND status = 'confirmed'");
// or die(mysql_error());
$row = mysql_fetch_assoc($res);
if (!$row) {
return;
}
//$sec = hash_pad($row["secret"]);
if (get_mycookie('pass') !== $row["passhash"]) {
return;
}
mysql_query("UPDATE users SET last_access='" . TIME_NOW . "', ip=" . sqlesc($ip) . " WHERE id=" . $row["id"]);
// or die(mysql_error());
$row['ip'] = $ip;
$GLOBALS["CURUSER"] = $row;
}
function userlogin()
{
global $TBDEV;
unset($GLOBALS["CURUSER"]);
$dt = time();
$ip = getip();
$nip = ip2long($ip);
require_once CACHE_DIR . 'bans_cache.php';
if (count($bans) > 0) {
foreach ($bans as $k) {
if ($nip >= $k['first'] && $nip <= $k['last']) {
header("HTTP/1.0 403 Forbidden");
print "<html><body><h1>403 Forbidden</h1>Unauthorized IP address.</body></html>\n";
exit;
}
}
unset($bans);
}
if (!$TBDEV['site_online'] || !get_mycookie('uid') || !get_mycookie('pass') || !get_mycookie('hashv')) {
return;
}
$id = 0 + get_mycookie('uid');
if (!$id or strlen(get_mycookie('pass')) != 32 or get_mycookie('hashv') != hashit($id, get_mycookie('pass'))) {
return;
}
// ==Retro's Announcement mod
$prefix = 'ChangeMe';
$res = sql_query("SELECT " . $prefix . ".*, ann_main.subject AS curr_ann_subject, ann_main.body AS curr_ann_body " . "FROM users AS " . $prefix . " " . "LEFT JOIN announcement_main AS ann_main " . "ON ann_main.main_id = " . $prefix . ".curr_ann_id " . "WHERE " . $prefix . ".id = {$id} AND " . $prefix . ".enabled='yes' AND " . $prefix . ".status = 'confirmed'") or sqlerr(__FILE__, __LINE__);
$row = mysql_fetch_assoc($res);
if (!$row) {
return;
}
if (get_mycookie('pass') !== md5($row["passhash"] . $_SERVER["REMOTE_ADDR"])) {
return;
}
// If curr_ann_id > 0 but curr_ann_body IS NULL, then force a refresh
if ($row['curr_ann_id'] > 0 and $row['curr_ann_body'] == NULL) {
$row['curr_ann_id'] = 0;
$row['curr_ann_last_check'] = '0';
}
// If elapsed > 10 minutes, force a announcement refresh.
if ($row['curr_ann_last_check'] != '0' and $row['curr_ann_last_check'] < time($dt) - 600) {
$row['curr_ann_last_check'] = '0';
}
if ($row['curr_ann_id'] == 0 and $row['curr_ann_last_check'] == '0') {
// Force an immediate check...
$query = sprintf('SELECT m.*,p.process_id FROM announcement_main AS m ' . 'LEFT JOIN announcement_process AS p ON m.main_id = p.main_id ' . 'AND p.user_id = %s ' . 'WHERE p.process_id IS NULL ' . 'OR p.status = 0 ' . 'ORDER BY m.main_id ASC ' . 'LIMIT 1', sqlesc($row['id']));
$result = sql_query($query);
if (mysql_num_rows($result)) {
// Main Result set exists
$ann_row = mysql_fetch_assoc($result);
$query = $ann_row['sql_query'];
// Ensure it only selects...
if (!preg_match('/\\ASELECT.+?FROM.+?WHERE.+?\\z/', $query)) {
die;
}
// The following line modifies the query to only return the current user
// row if the existing query matches any attributes.
$query .= ' AND u.id = ' . sqlesc($row['id']) . ' LIMIT 1';
$result = sql_query($query);
if (mysql_num_rows($result)) {
// Announcement valid for member
$row['curr_ann_id'] = $ann_row['main_id'];
// Create two row elements to hold announcement subject and body.
$row['curr_ann_subject'] = $ann_row['subject'];
$row['curr_ann_body'] = $ann_row['body'];
// Create additional set for main UPDATE query.
$add_set = ', curr_ann_id = ' . sqlesc($ann_row['main_id']);
$status = 2;
} else {
// Announcement not valid for member...
$add_set = ', curr_ann_last_check = ' . sqlesc($dt);
$status = 1;
}
// Create or set status of process
if ($ann_row['process_id'] === NULL) {
// Insert Process result set status = 1 (Ignore)
$query = sprintf('INSERT INTO announcement_process (main_id, ' . 'user_id, status) VALUES (%s, %s, %s)', sqlesc($ann_row['main_id']), sqlesc($row['id']), sqlesc($status));
} else {
// Update Process result set status = 2 (Read)
$query = sprintf('UPDATE announcement_process SET status = %s ' . 'WHERE process_id = %s', sqlesc($status), sqlesc($ann_row['process_id']));
}
sql_query($query);
} else {
// No Main Result Set. Set last update to now...
$add_set = ', curr_ann_last_check = ' . sqlesc($dt);
}
unset($result);
unset($ann_row);
}
$ip = $row['class'] >= UC_UPLOADER ? '127.0.0.1' : $ip;
//==Null Staff ips
$add_set = isset($add_set) ? $add_set : '';
if ($row['last_access'] != '0' and $row['last_access'] < time($dt) - 180 || $row['ip'] !== $ip) {
sql_query("UPDATE users SET last_access=" . sqlesc($dt) . ", ip=" . sqlesc($ip) . $add_set . " WHERE id=" . $row['id']);
// or die(mysql_error());
sql_query('INSERT INTO iplog (ip, userid, access) VALUES (' . ip2long($ip) . ', ' . $row['id'] . ', \'' . $row['last_access'] . '\') on DUPLICATE KEY update access=values(access)');
}
if ($row['override_class'] < $row['class']) {
$row['class'] = $row['override_class'];
}
// Override class and save in GLOBAL array below.
$GLOBALS["CURUSER"] = $row;
get_template();
}
function userlogin()
{
global $CONFIG;
$CURUSER = $updateuser = array();
if (!$CONFIG['site_online'] || !get_mycookie('uid') || !get_mycookie('pass')) {
return;
}
$id = 0 + get_mycookie('uid');
if (!$id || strlen(get_mycookie('pass')) != 32) {
return;
}
$res = mysql_query('SELECT * FROM `users` WHERE `id` = ' . $id . ' AND `enabled` = "yes"') or sqlerr(__FILE__, __LINE__);
$row = mysql_fetch_assoc($res);
if (!$row) {
return;
}
Isy_user::prepare_curuser($row);
$nowip = getip();
if ($CONFIG['IPcookieCheck']) {
$octet = explode(".", $nowip);
$md5ip = md5($octet[0] . $row['passhash'] . $octet[1]);
if (!get_mycookie('ipcheck') or get_mycookie('ipcheck') !== $md5ip) {
return;
}
}
if (get_mycookie('pass') !== $row["passhash"]) {
return;
}
if ($row['lastseen'] < time() - 300) {
$updateuser[] = '`lastseen` = ' . time();
}
if ($row['ip'] != $nowip) {
$updateuser[] = '`ip` = ' . sqlesc($nowip);
}
if (count($updateuser)) {
mysql_query('UPDATE `users` SET ' . implode(', ', $updateuser) . ' WHERE `id` = ' . $row['id']) or sqlerr(__FILE__, __LINE__);
}
Isy_user::$current = $row;
$GLOBALS['CURUSER'] =& Isy_user::$current;
}
function userlogin()
{
global $INSTALLER09, $mc1, $CURBLOCK;
unset($GLOBALS["CURUSER"]);
$dt = time();
$ip = getip();
$nip = ip2long($ip);
if (isset($CURUSER)) {
return;
}
require_once INCL_DIR . 'user_functions.php';
require_once CACHE_DIR . 'bans_cache.php';
if (count($bans) > 0) {
foreach ($bans as $k) {
if ($nip >= $k['first'] && $nip <= $k['last']) {
header("HTTP/1.0 403 Forbidden");
print "<html><body><h1>403 Forbidden</h1>Unauthorized IP address.</body></html>\n";
exit;
}
}
unset($bans);
}
if (!$INSTALLER09['site_online'] || !get_mycookie('uid') || !get_mycookie('pass') || !get_mycookie('hashv')) {
return;
}
$id = 0 + get_mycookie('uid');
if (!$id or strlen(get_mycookie('pass')) != 32 or get_mycookie('hashv') != hashit($id, get_mycookie('pass'))) {
return;
}
// ==Retro's Announcement mod
$prefix = '09skan';
/** let's cache $CURUSER - pdq **/
$row = $mc1->get_value('MyUser_' . $id);
if ($row === false) {
// $row not found
$res = sql_query("SELECT " . $prefix . ".*, ann_main.subject AS curr_ann_subject, ann_main.body AS curr_ann_body, s.last_status, s.last_update, s.archive FROM users AS " . $prefix . " LEFT JOIN announcement_main AS ann_main " . "ON ann_main.main_id = " . $prefix . ".curr_ann_id LEFT JOIN ustatus as s ON s.userid = " . $prefix . ".id WHERE " . $prefix . ".id = {$id} AND " . $prefix . ".enabled='yes' AND " . $prefix . ".status = 'confirmed'") or sqlerr(__FILE__, __LINE__);
if (mysql_num_rows($res) == 0) {
logoutcookie();
return;
}
$row = mysql_fetch_assoc($res);
//== Do all ints and floats
$row['id'] = (int) $row['id'];
$row['added'] = (int) $row['added'];
$row['last_login'] = (int) $row['last_login'];
$row['last_access'] = (int) $row['last_access'];
$row['curr_ann_last_check'] = (int) $row['curr_ann_last_check'];
$row['curr_ann_id'] = (int) $row['curr_ann_id'];
$row['stylesheet'] = (int) $row['stylesheet'];
$row['class'] = (int) $row['class'];
$row['override_class'] = (int) $row['override_class'];
$row['av_w'] = (int) $row['av_w'];
$row['av_h'] = (int) $row['av_h'];
$row['uploaded'] = (double) $row['uploaded'];
$row['downloaded'] = (double) $row['downloaded'];
$row['country'] = (int) $row['country'];
$row['warned'] = (int) $row['warned'];
$row['torrentsperpage'] = (int) $row['torrentsperpage'];
$row['topicsperpage'] = (int) $row['topicsperpage'];
$row['postsperpage'] = (int) $row['postsperpage'];
$row['reputation'] = (int) $row['reputation'];
$row['time_offset'] = (double) $row['time_offset'];
$row['dst_in_use'] = (int) $row['dst_in_use'];
$row['auto_correct_dst'] = (int) $row['auto_correct_dst'];
$row['chatpost'] = (int) $row['chatpost'];
$row['smile_until'] = (int) $row['smile_until'];
$row['seedbonus'] = (double) $row['seedbonus'];
$row['vip_until'] = (int) $row['vip_until'];
$row['freeslots'] = (int) $row['freeslots'];
$row['free_switch'] = (int) $row['free_switch'];
$row['invites'] = (int) $row['invites'];
$row['invitedby'] = (int) $row['invitedby'];
$row['anonymous'] = $row['anonymous'];
$row['uploadpos'] = (int) $row['uploadpos'];
$row['forumpost'] = (int) $row['forumpost'];
$row['downloadpos'] = (int) $row['downloadpos'];
$row['immunity'] = (int) $row['immunity'];
$row['leechwarn'] = (int) $row['leechwarn'];
$row['last_browse'] = (int) $row['last_browse'];
$row['sig_w'] = (int) $row['sig_w'];
$row['sig_h'] = (int) $row['sig_h'];
$row['forum_access'] = (int) $row['forum_access'];
$row['hit_and_run_total'] = (int) $row['hit_and_run_total'];
$row['donoruntil'] = (int) $row['donoruntil'];
$row['donated'] = (int) $row['donated'];
$row['total_donated'] = (double) $row['total_donated'];
$row['vipclass_before'] = (int) $row['vipclass_before'];
$row['passhint'] = (int) $row['passhint'];
$row['avatarpos'] = (int) $row['avatarpos'];
$row['sendpmpos'] = (int) $row['sendpmpos'];
$row['invitedate'] = (int) $row['invitedate'];
$row['anonymous_until'] = (int) $row['anonymous_until'];
$row['pirate'] = (int) $row['pirate'];
$row['king'] = (int) $row['king'];
$row['ssluse'] = (int) $row['ssluse'];
$row['paranoia'] = (int) $row['paranoia'];
$row['parked_until'] = (int) $row['parked_until'];
$row['bjwins'] = (int) $row['bjwins'];
$row['bjlosses'] = (int) $row['bjlosses'];
$row['irctotal'] = (int) $row['irctotal'];
$row['last_access_numb'] = (int) $row['last_access_numb'];
$row['onlinetime'] = (int) $row['onlinetime'];
$ratio = $row['downloaded'] > 0 ? $row['uploaded'] / $row['downloaded'] : 0;
$row['ratio'] = number_format($ratio, 2);
$row['rep'] = get_reputation($row);
$mc1->cache_value('MyUser_' . $id, $row, $INSTALLER09['expires']['curuser']);
// set $Cache
unset($res);
}
if (get_mycookie('pass') !== md5($row["passhash"] . $_SERVER["REMOTE_ADDR"])) {
return;
}
//==Allowed staff
if ($row["class"] >= UC_STAFF) {
$allowed_ID = $INSTALLER09['allowed_staff']['id'];
if (!in_array((int) $row["id"], $allowed_ID, true)) {
$msg = "Fake Account Detected: Username: "******"username"] . " - UserID: " . $row["id"] . " - UserIP : " . getip();
/** Demote and disable **/
sql_query("UPDATE users SET enabled = 'no', class = 0 WHERE id =" . sqlesc($row["id"]) . "") or sqlerr(__FILE__, __LINE__);
write_log($msg);
autoshout($msg);
logoutcookie();
}
}
// If curr_ann_id > 0 but curr_ann_body IS NULL, then force a refresh
if ($row['curr_ann_id'] > 0 and $row['curr_ann_body'] == NULL) {
$row['curr_ann_id'] = 0;
$row['curr_ann_last_check'] = '0';
}
// If elapsed > 10 minutes, force a announcement refresh.
if ($row['curr_ann_last_check'] != '0' and $row['curr_ann_last_check'] < time($dt) - 600) {
$row['curr_ann_last_check'] = '0';
}
if ($row['curr_ann_id'] == 0 and $row['curr_ann_last_check'] == '0') {
// Force an immediate check...
$query = sprintf('SELECT m.*,p.process_id FROM announcement_main AS m ' . 'LEFT JOIN announcement_process AS p ON m.main_id = p.main_id ' . 'AND p.user_id = %s ' . 'WHERE p.process_id IS NULL ' . 'OR p.status = 0 ' . 'ORDER BY m.main_id ASC ' . 'LIMIT 1', sqlesc($row['id']));
$result = sql_query($query);
if (mysql_num_rows($result)) {
// Main Result set exists
$ann_row = mysql_fetch_assoc($result);
$query = $ann_row['sql_query'];
// Ensure it only selects...
if (!preg_match('/\\ASELECT.+?FROM.+?WHERE.+?\\z/', $query)) {
die;
}
// The following line modifies the query to only return the current user
// row if the existing query matches any attributes.
$query .= ' AND u.id = ' . sqlesc($row['id']) . ' LIMIT 1';
$result = sql_query($query);
if (mysql_num_rows($result)) {
// Announcement valid for member
$row['curr_ann_id'] = $ann_row['main_id'];
// Create two row elements to hold announcement subject and body.
$row['curr_ann_subject'] = $ann_row['subject'];
$row['curr_ann_body'] = $ann_row['body'];
// Create additional set for main UPDATE query.
$add_set = ', curr_ann_id = ' . sqlesc($ann_row['main_id']);
$status = 2;
} else {
// Announcement not valid for member...
$add_set = ', curr_ann_last_check = ' . sqlesc($dt);
$status = 1;
}
// Create or set status of process
if ($ann_row['process_id'] === NULL) {
// Insert Process result set status = 1 (Ignore)
$query = sprintf('INSERT INTO announcement_process (main_id, ' . 'user_id, status) VALUES (%s, %s, %s)', sqlesc($ann_row['main_id']), sqlesc($row['id']), sqlesc($status));
} else {
// Update Process result set status = 2 (Read)
$query = sprintf('UPDATE announcement_process SET status = %s ' . 'WHERE process_id = %s', sqlesc($status), sqlesc($ann_row['process_id']));
}
sql_query($query);
} else {
// No Main Result Set. Set last update to now...
$add_set = ', curr_ann_last_check = ' . sqlesc($dt);
}
unset($result);
unset($ann_row);
}
if ($row['ssluse'] > 1 && !isset($_SERVER['HTTPS']) && !defined('NO_FORCE_SSL')) {
$INSTALLER09['baseurl'] = str_replace('http', 'https', $INSTALLER09['baseurl']);
header('Location: ' . $INSTALLER09['baseurl'] . $_SERVER['REQUEST_URI']);
exit;
}
//== bitwise curuser bloks by pdq
$blocks_key = 'blocks::' . $row['id'];
$CURBLOCK = $mc1->get_value($blocks_key);
if ($CURBLOCK === false) {
$c_sql = sql_query('SELECT * FROM user_blocks WHERE userid = ' . $row['id']) or sqlerr(__FILE__, __LINE__);
if (mysql_num_rows($c_sql) == 0) {
sql_query('INSERT INTO user_blocks(userid) VALUES(' . $row['id'] . ')');
header('Location: index.php');
die;
}
$CURBLOCK = mysql_fetch_assoc($c_sql);
$CURBLOCK['index_page'] = (int) $CURBLOCK['index_page'];
$CURBLOCK['global_stdhead'] = (int) $CURBLOCK['global_stdhead'];
$mc1->cache_value($blocks_key, $CURBLOCK, 0);
}
//== online time pdq
$userupdate0 = 'onlinetime = onlinetime + 0';
$new_time = TIME_NOW - $row['last_access_numb'];
if ($new_time < 300) {
$userupdate0 = "onlinetime = onlinetime + " . $new_time;
}
$userupdate1 = "last_access_numb = " . TIME_NOW;
//end online-time
$add_set = isset($add_set) ? $add_set : '';
if ($row['ip'] !== $ip) {
sql_query("UPDATE users SET last_access=" . TIME_NOW . ", {$userupdate0}, {$userupdate1}, ip=" . sqlesc($ip) . $add_set . " WHERE id=" . $row['id']);
// or die(mysql_error());
$mc1->delete_value('MyUser_' . $row['id']);
} elseif ($row['last_access'] != '0' and $row['last_access'] < time($dt) - 180) {
sql_query("UPDATE users SET last_access=" . TIME_NOW . ", {$userupdate0}, {$userupdate1}, ip=" . sqlesc($ip) . $add_set . " WHERE id=" . $row['id']);
// or die(mysql_error());
$mc1->delete_value('MyUser_' . $row['id']);
}
//==
if ($row['override_class'] < $row['class']) {
$row['class'] = $row['override_class'];
}
// Override class and save in GLOBAL array below.
$GLOBALS["CURUSER"] = $row;
get_template();
}
function userlogin()
{
global $INSTALLER09, $mc1, $CURBLOCK, $mood, $whereis;
unset($GLOBALS["CURUSER"]);
$dt = TIME_NOW;
$ip = getip();
$nip = ip2long($ip);
$ipf = $_SERVER['REMOTE_ADDR'];
if (isset($CURUSER)) {
return;
}
if (!$INSTALLER09['site_online'] || !get_mycookie('uid') || !get_mycookie('pass') || !get_mycookie('hashv')) {
return;
}
$id = 0 + get_mycookie('uid');
if (!$id or strlen(get_mycookie('pass')) != 32 or get_mycookie('hashv') != hashit($id, get_mycookie('pass'))) {
return;
}
// let's cache $CURUSER - pdq
if (($row = $mc1->get_value('MyUser_' . $id)) === false) {
// $row not found
$user_fields = 'id, username, passhash, secret, passkey, email, status, added, ' . 'last_login, last_access, curr_ann_last_check, curr_ann_id, editsecret, privacy, stylesheet, ' . 'info, acceptpms, ip, class, override_class, language, avatar, av_w, av_h, ' . 'title, country, notifs, enabled, donor, warned, torrentsperpage, topicsperpage, ' . 'postsperpage, deletepms, savepms, reputation, time_offset, dst_in_use, auto_correct_dst, ' . 'show_shout, show_staffshout, shoutboxbg, chatpost, smile_until, vip_added, vip_until, ' . 'freeslots, free_switch, invites, invitedby, invite_rights, anonymous, uploadpos, forumpost, ' . 'downloadpos, immunity, leechwarn, disable_reason, clear_new_tag_manually, last_browse, sig_w, ' . 'sig_h, signatures, signature, forum_access, highspeed, hnrwarn, hit_and_run_total, donoruntil, ' . 'donated, total_donated, vipclass_before, parked, passhint, hintanswer, avatarpos, support, ' . 'supportfor, sendpmpos, invitedate, invitees, invite_on, subscription_pm, gender, anonymous_until, ' . 'viewscloud, tenpercent, avatars, offavatar, pirate, king, hidecur, ssluse, signature_post, forum_post, ' . 'avatar_rights, offensive_avatar, view_offensive_avatar, paranoia, google_talk, msn, aim, yahoo, website, ' . 'icq, show_email, parked_until, gotgift, hash1, suspended, bjwins, bjlosses, warn_reason, onirc, irctotal, ' . 'birthday, got_blocks, last_access_numb, onlinetime, pm_on_delete, commentpm, split, browser, hits, ' . 'comments, categorie_icon, reputation, perms, mood, got_moods, pms_per_page, show_pm_avatar, watched_user, game_access, browse_icons';
$res = sql_query("SELECT " . $user_fields . " " . "FROM users " . "WHERE id = " . sqlesc($id) . " " . "AND enabled='yes' " . "AND status = 'confirmed'") or sqlerr(__FILE__, __LINE__);
if (mysqli_num_rows($res) == 0) {
logoutcookie();
return;
}
$row = mysqli_fetch_assoc($res);
// Do all ints and floats
$row['id'] = (int) $row['id'];
$row['added'] = (int) $row['added'];
$row['last_login'] = (int) $row['last_login'];
$row['last_access'] = (int) $row['last_access'];
$row['curr_ann_last_check'] = (int) $row['curr_ann_last_check'];
$row['curr_ann_id'] = (int) $row['curr_ann_id'];
$row['stylesheet'] = (int) $row['stylesheet'];
$row['class'] = (int) $row['class'];
$row['override_class'] = (int) $row['override_class'];
$row['av_w'] = (int) $row['av_w'];
$row['av_h'] = (int) $row['av_h'];
$row['country'] = (int) $row['country'];
$row['warned'] = (int) $row['warned'];
$row['torrentsperpage'] = (int) $row['torrentsperpage'];
$row['topicsperpage'] = (int) $row['topicsperpage'];
$row['postsperpage'] = (int) $row['postsperpage'];
$row['reputation'] = (int) $row['reputation'];
$row['time_offset'] = (double) $row['time_offset'];
$row['dst_in_use'] = (int) $row['dst_in_use'];
$row['auto_correct_dst'] = (int) $row['auto_correct_dst'];
$row['chatpost'] = (int) $row['chatpost'];
$row['smile_until'] = (int) $row['smile_until'];
$row['vip_until'] = (int) $row['vip_until'];
$row['freeslots'] = (int) $row['freeslots'];
$row['free_switch'] = (int) $row['free_switch'];
$row['invites'] = (int) $row['invites'];
$row['invitedby'] = (int) $row['invitedby'];
$row['anonymous'] = $row['anonymous'];
$row['uploadpos'] = (int) $row['uploadpos'];
$row['forumpost'] = (int) $row['forumpost'];
$row['downloadpos'] = (int) $row['downloadpos'];
$row['immunity'] = (int) $row['immunity'];
$row['leechwarn'] = (int) $row['leechwarn'];
$row['last_browse'] = (int) $row['last_browse'];
$row['sig_w'] = (int) $row['sig_w'];
$row['sig_h'] = (int) $row['sig_h'];
$row['forum_access'] = (int) $row['forum_access'];
$row['hit_and_run_total'] = (int) $row['hit_and_run_total'];
$row['donoruntil'] = (int) $row['donoruntil'];
$row['donated'] = (int) $row['donated'];
$row['total_donated'] = (double) $row['total_donated'];
$row['vipclass_before'] = (int) $row['vipclass_before'];
$row['passhint'] = (int) $row['passhint'];
$row['avatarpos'] = (int) $row['avatarpos'];
$row['language'] = (int) $row['language'];
$row['sendpmpos'] = (int) $row['sendpmpos'];
$row['invitedate'] = (int) $row['invitedate'];
$row['anonymous_until'] = (int) $row['anonymous_until'];
$row['pirate'] = (int) $row['pirate'];
$row['king'] = (int) $row['king'];
$row['ssluse'] = (int) $row['ssluse'];
$row['paranoia'] = (int) $row['paranoia'];
$row['parked_until'] = (int) $row['parked_until'];
$row['bjwins'] = (int) $row['bjwins'];
$row['bjlosses'] = (int) $row['bjlosses'];
$row['irctotal'] = (int) $row['irctotal'];
$row['last_access_numb'] = (int) $row['last_access_numb'];
$row['onlinetime'] = (int) $row['onlinetime'];
$row['categorie_icon'] = (int) $row['categorie_icon'];
$row['perms'] = (int) $row['perms'];
$row['mood'] = (int) $row['mood'];
$row['watched_user'] = (int) $row['watched_user'];
$row['pms_per_page'] = (int) $row['pms_per_page'];
$row['game_access'] = (int) $row['game_access'];
$row['rep'] = get_reputation($row);
$mc1->cache_value('MyUser_' . $id, $row, $INSTALLER09['expires']['curuser']);
unset($res);
}
//==
if (get_mycookie('pass') !== md5($row["passhash"] . $_SERVER["REMOTE_ADDR"])) {
logoutcookie();
return;
}
// bans by djGrrr <3 pdq
if (!isset($row['perms']) || !($row['perms'] & bt_options::PERMS_BYPASS_BAN)) {
$banned = false;
if (check_bans($ip, $reason)) {
$banned = true;
} else {
if ($ip != $ipf) {
if (check_bans($ipf, $reason)) {
$banned = true;
}
}
}
if ($banned) {
header('Content-Type: text/html; charset=utf-8');
echo '<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"><head>
<title>Forbidden</title>
</head><body>
<h1>403 Forbidden</h1>Unauthorized IP address!
<p>Reason: <strong>' . htmlsafechars($reason) . '</strong></p>
</body></html>';
die;
}
}
// Allowed staff
if ($row["class"] >= UC_STAFF) {
$allowed_ID = $INSTALLER09['allowed_staff']['id'];
if (!in_array((int) $row["id"], $allowed_ID, true)) {
$msg = "Fake Account Detected: Username: "******"username"]) . " - UserID: " . (int) $row["id"] . " - UserIP : " . getip();
// Demote and disable
sql_query("UPDATE users SET enabled = 'no', class = 0 WHERE id =" . sqlesc($row["id"])) or sqlerr(__FILE__, __LINE__);
$mc1->begin_transaction('MyUser_' . $row['id']);
$mc1->update_row(false, array('enabled' => 'no', 'class' => 0));
$mc1->commit_transaction($INSTALLER09['expires']['curuser']);
$mc1->begin_transaction('user' . $row['id']);
$mc1->update_row(false, array('enabled' => 'no', 'class' => 0));
$mc1->commit_transaction($INSTALLER09['expires']['user_cache']);
write_log($msg);
logoutcookie();
}
}
// user stats
if (($stats = $mc1->get_value('userstats_' . $id)) === false) {
$sql = sql_query('SELECT uploaded, downloaded, seedbonus FROM users WHERE id = ' . sqlesc($id)) or sqlerr(__FILE__, __LINE__);
$stats = mysqli_fetch_assoc($sql);
$stats['seedbonus'] = (double) $stats['seedbonus'];
$stats['uploaded'] = (double) $stats['uploaded'];
$stats['downloaded'] = (double) $stats['downloaded'];
$ratio = $stats['downloaded'] > 0 ? $stats['uploaded'] / $stats['downloaded'] : 0;
$stats['ratio'] = number_format($ratio, 2);
$mc1->cache_value('userstats_' . $id, $stats, $INSTALLER09['expires']['u_stats']);
// 5 mins
}
$row['seedbonus'] = $stats['seedbonus'];
$row['uploaded'] = $stats['uploaded'];
$row['downloaded'] = $stats['downloaded'];
$row['ratio'] = $stats['ratio'];
//==
if (($ustatus = $mc1->get_value('userstatus_' . $id)) === false) {
$sql2 = sql_query('SELECT * FROM ustatus WHERE userid = ' . sqlesc($id));
if (mysqli_num_rows($sql2)) {
$ustatus = mysqli_fetch_assoc($sql2);
} else {
$ustatus = array('last_status' => '', 'last_update' => 0, 'archive' => '');
}
$mc1->add_value('userstatus_' . $id, $ustatus, $INSTALLER09['expires']['u_status']);
// 30 days
}
$row['last_status'] = $ustatus['last_status'];
$row['last_update'] = $ustatus['last_update'];
$row['archive'] = $ustatus['archive'];
//==
if ($row['ssluse'] > 1 && !isset($_SERVER['HTTPS']) && !defined('NO_FORCE_SSL')) {
$INSTALLER09['baseurl'] = str_replace('http', 'https', $INSTALLER09['baseurl']);
header('Location: ' . $INSTALLER09['baseurl'] . $_SERVER['REQUEST_URI']);
exit;
}
// bitwise curuser bloks by pdq
$blocks_key = 'blocks::' . $row['id'];
if (($CURBLOCK = $mc1->get_value($blocks_key)) === false) {
$c_sql = sql_query('SELECT * FROM user_blocks WHERE userid = ' . sqlesc($row['id'])) or sqlerr(__FILE__, __LINE__);
if (mysqli_num_rows($c_sql) == 0) {
sql_query('INSERT INTO user_blocks(userid) VALUES(' . sqlesc($row['id']) . ')');
header('Location: index.php');
die;
}
$CURBLOCK = mysqli_fetch_assoc($c_sql);
$CURBLOCK['index_page'] = (int) $CURBLOCK['index_page'];
$CURBLOCK['global_stdhead'] = (int) $CURBLOCK['global_stdhead'];
$CURBLOCK['userdetails_page'] = (int) $CURBLOCK['userdetails_page'];
$mc1->cache_value($blocks_key, $CURBLOCK, 0);
}
//== online time pdq, original code by superman
$userupdate0 = 'onlinetime = onlinetime + 0';
$new_time = TIME_NOW - $row['last_access_numb'];
$update_time = 0;
if ($new_time < 300) {
$userupdate0 = "onlinetime = onlinetime + " . $new_time;
$update_time = $new_time;
}
$userupdate1 = "last_access_numb = " . TIME_NOW;
//end online-time
$update_time = $row['onlinetime'] + $update_time;
if ($row['last_access'] != '0' and $row['last_access'] < TIME_NOW - 180) {
sql_query("UPDATE users SET last_access=" . TIME_NOW . ", {$userupdate0}, {$userupdate1} WHERE id=" . sqlesc($row['id']));
$mc1->begin_transaction('MyUser_' . $row['id']);
$mc1->update_row(false, array('last_access' => TIME_NOW, 'onlinetime' => $update_time, 'last_access_numb' => TIME_NOW));
$mc1->commit_transaction($INSTALLER09['expires']['curuser']);
$mc1->begin_transaction('user' . $row['id']);
$mc1->update_row(false, array('last_access' => TIME_NOW, 'onlinetime' => $update_time, 'last_access_numb' => TIME_NOW));
$mc1->commit_transaction($INSTALLER09['expires']['user_cache']);
}
//==
if ($row['override_class'] < $row['class']) {
$row['class'] = $row['override_class'];
}
// Override class and save in GLOBAL array below.
$GLOBALS["CURUSER"] = $row;
get_template();
$mood = create_moods();
}