function referral()
{
global $lang;
global $timezone;
$url = $GLOBALS['site_url'];
$domain = trim(str_replace('www.', "", $url));
if (isset($_SERVER['HTTP_REFERER'])) {
$referral = $_SERVER['HTTP_REFERER'];
} else {
$referral = $lang['unknown_referrer'];
}
if (isset($GLOBALS['pixie_user'])) {
$uname = $GLOBALS['pixie_user'];
} else {
$uname = 'Visitor';
}
$ip = $_SERVER['REMOTE_ADDR'];
$uname = sterilise_txt($uname, TRUE);
if (!preg_match('/^[0-9\\.]+$/', $ip)) {
$ip = sterilise($ip, TRUE);
$referral = sterilise($referral, TRUE);
}
if ($referral and !strstr($referral, $domain)) {
safe_insert('pixie_log', "user_id = '{$uname}', \n\t\t\t\t\t\t\t\t\t user_ip = '{$ip}', \n\t\t\t\t\t\t\t\t \t log_time = utc_timestamp(),\n\t\t\t\t\t\t\t\t \t log_type = 'referral',\n\t\t\t\t\t\t\t\t \t log_icon = 'referral',\n\t\t\t\t\t\t\t\t \t log_message = '{$referral}'");
}
}
function auth_login($username, $password, $remember)
{
global $lang;
global $timezone;
$username = sterilise_txt($username, TRUE);
$password = sterilise_txt($password, TRUE);
$remember = sterilise_txt($remember, TRUE);
$howmany = count(safe_rows('*', 'pixie_log', "log_message = '" . $lang['failed_login'] . "' and user_ip = '" . $_SERVER["REMOTE_ADDR"] . "' and log_time < utc_timestamp() and log_time > DATE_ADD(utc_timestamp(), INTERVAL -1 DAY)"));
sleep(1);
// should halt dictionary attacks
// no more logins than 3 in 24 hours
if ($howmany > 3) {
$message = $lang['login_exceeded'];
logme($lang['logins_exceeded'], 'yes', 'error');
return $message;
} else {
if (isset($username) && isset($password)) {
$r = safe_field('user_name', 'pixie_users', "user_name = '{$username}'and \n\t\t\tpass = password(lower('" . doSlash($password) . "')) and privs >= 0");
if ($r) {
$user_hits = safe_field('user_hits', 'pixie_users', "user_name='{$username}'");
safe_update('pixie_users', "last_access = utc_timestamp()", "user_name = '{$username}'");
safe_update('pixie_users', "user_hits = {$user_hits} + 1", "user_name = '{$username}'");
$nonce = safe_field('nonce', 'pixie_users', "user_name='{$username}'");
if (isset($remember) && $remember) {
// persistent cookie required
setcookie('pixie_login', $username . ',' . md5($username . $nonce), time() + 3600 * 24 * 365, '/');
} else {
// session-only cookie required
setcookie('pixie_login', $username . ',' . md5($username . $nonce), 0, '/');
}
$privs = safe_field('privs', 'pixie_users', "user_name='{$username}'");
// login is good, create user
$realname = safe_field('realname', 'pixie_users', "user_name='{$username}'");
$nonce = safe_field('nonce', 'pixie_users', "user_name='{$username}'");
if (isset($realname)) {
$GLOBALS['pixie_real_name'] = $realname;
}
if (isset($privs)) {
$GLOBALS['pixie_user_privs'] = $privs;
}
$GLOBALS['pixie_user'] = $username;
$GLOBALS['nonce'] = $nonce;
return '';
} else {
// login failed
$GLOBALS['pixie_user'] = '';
$message = $lang['login_incorrect'];
return $message;
}
} else {
$GLOBALS['pixie_user'] = '';
$message = $lang['login_missing'];
return $message;
}
}
}
function pixie()
{
global $s, $m, $x, $p, $rel_path, $staticpage, $style, $site_url, $page_display_name, $page_type, $page_id, $syle, $clean_urls, $default_page;
$request = $_SERVER['REQUEST_URI'];
if ($style) {
$request = str_replace("?style={$style}", "", $request);
}
$site_url_last = $site_url[strlen($site_url) - 1];
if ($site_url_last != '/') {
$site_url = $site_url . '/';
}
if ($clean_urls == 'yes') {
// if the request contains a ? then this person is accessing with a dirty URL and is handled accordingly
if (strpos($request, '?s=') !== FALSE) {
$rel_path = './';
} else {
//this is directory level of your installation. check autofind works!?!?
$url = explode('/', $request);
$count = count($url);
$site_url_x = str_replace('http://', "", $site_url);
$temp = explode('/', $site_url_x);
$install = count($temp);
$dir_level = $install - 2;
if ($dir_level < 0) {
$dir_level = 0;
}
if (isset($url[$dir_level + 1])) {
$s = strtolower($url[$dir_level + 1]);
} else {
$s = NULL;
}
if (isset($url[$dir_level + 2])) {
$m = strtolower($url[$dir_level + 2]);
} else {
$m = NULL;
}
if (isset($url[$dir_level + 3])) {
$x = strtolower($url[$dir_level + 3]);
} else {
$x = NULL;
}
if (isset($url[$dir_level + 4])) {
$p = strtolower($url[$dir_level + 4]);
} else {
$p = NULL;
}
switch ($count) {
case $dir_level + 3:
$rel_path = '../';
break;
case $dir_level + 4:
$rel_path = '../../';
break;
case $dir_level + 5:
$rel_path = '../../../';
break;
case $dir_level + 6:
$rel_path = '../../../../';
break;
default:
$rel_path = './';
break;
}
}
} else {
$rel_path = './';
}
if (!isset($s) or !$s) {
$last = $default_page[strlen($default_page) - 1];
$default = explode('/', $default_page);
if (isset($default['0'])) {
$s = sterilise_txt($default['0']);
} else {
$s = NULL;
}
if (isset($default['1'])) {
$m = sterilise_txt($default['1']);
} else {
$m = NULL;
}
if (isset($default['2'])) {
$x = sterilise_txt($default['2']);
} else {
$x = NULL;
}
if (isset($default['3'])) {
$p = sterilise_txt($default['3']);
} else {
$p = NULL;
}
}
$s = public_check_404($s);
if (isset($s) && $s == '404') {
$m = "";
$x = "";
$p = "";
}
if ($m == 'rss') {
if (isset($s)) {
$rss = public_check_rss($s);
}
if (!$rss) {
$s = '404';
$m = "";
$x = "";
$p = "";
}
}
if (isset($s)) {
$page_type = check_type($s);
}
if ($page_type == 'dynamic') {
$style = $page_type;
} else {
if ($page_type == 'static') {
$style = $s;
$m = "";
$x = "";
$p = "";
} else {
if ($s == '404') {
$style = '404';
} else {
$style = $s;
}
}
}
function resolver($string)
{
$string = str_replace('-', 'BREAK', $string);
$string = preg_replace('/[^a-zA-Z0-9]/', "", $string);
$string = str_replace('BREAK', '-', $string);
return $string;
}
$s = resolver($s);
$m = resolver($m);
$x = resolver($x);
$p = resolver($p);
$page_id = get_page_id($s);
$page_hits = safe_field('page_views', 'pixie_core', "page_name='{$s}'");
$page_display_name = safe_field('page_display_name', 'pixie_core', "page_name='{$s}'");
safe_update('pixie_core', "page_views = {$page_hits} + 1", "page_name = '{$s}'");
}
