function referral() { global $lang; global $timezone; $url = $GLOBALS['site_url']; $domain = trim(str_replace('www.', "", $url)); if (isset($_SERVER['HTTP_REFERER'])) { $referral = $_SERVER['HTTP_REFERER']; } else { $referral = $lang['unknown_referrer']; } if (isset($GLOBALS['pixie_user'])) { $uname = $GLOBALS['pixie_user']; } else { $uname = 'Visitor'; } $ip = $_SERVER['REMOTE_ADDR']; $uname = sterilise_txt($uname, TRUE); if (!preg_match('/^[0-9\\.]+$/', $ip)) { $ip = sterilise($ip, TRUE); $referral = sterilise($referral, TRUE); } if ($referral and !strstr($referral, $domain)) { safe_insert('pixie_log', "user_id = '{$uname}', \n\t\t\t\t\t\t\t\t\t user_ip = '{$ip}', \n\t\t\t\t\t\t\t\t \t log_time = utc_timestamp(),\n\t\t\t\t\t\t\t\t \t log_type = 'referral',\n\t\t\t\t\t\t\t\t \t log_icon = 'referral',\n\t\t\t\t\t\t\t\t \t log_message = '{$referral}'"); } }
function auth_login($username, $password, $remember) { global $lang; global $timezone; $username = sterilise_txt($username, TRUE); $password = sterilise_txt($password, TRUE); $remember = sterilise_txt($remember, TRUE); $howmany = count(safe_rows('*', 'pixie_log', "log_message = '" . $lang['failed_login'] . "' and user_ip = '" . $_SERVER["REMOTE_ADDR"] . "' and log_time < utc_timestamp() and log_time > DATE_ADD(utc_timestamp(), INTERVAL -1 DAY)")); sleep(1); // should halt dictionary attacks // no more logins than 3 in 24 hours if ($howmany > 3) { $message = $lang['login_exceeded']; logme($lang['logins_exceeded'], 'yes', 'error'); return $message; } else { if (isset($username) && isset($password)) { $r = safe_field('user_name', 'pixie_users', "user_name = '{$username}'and \n\t\t\tpass = password(lower('" . doSlash($password) . "')) and privs >= 0"); if ($r) { $user_hits = safe_field('user_hits', 'pixie_users', "user_name='{$username}'"); safe_update('pixie_users', "last_access = utc_timestamp()", "user_name = '{$username}'"); safe_update('pixie_users', "user_hits = {$user_hits} + 1", "user_name = '{$username}'"); $nonce = safe_field('nonce', 'pixie_users', "user_name='{$username}'"); if (isset($remember) && $remember) { // persistent cookie required setcookie('pixie_login', $username . ',' . md5($username . $nonce), time() + 3600 * 24 * 365, '/'); } else { // session-only cookie required setcookie('pixie_login', $username . ',' . md5($username . $nonce), 0, '/'); } $privs = safe_field('privs', 'pixie_users', "user_name='{$username}'"); // login is good, create user $realname = safe_field('realname', 'pixie_users', "user_name='{$username}'"); $nonce = safe_field('nonce', 'pixie_users', "user_name='{$username}'"); if (isset($realname)) { $GLOBALS['pixie_real_name'] = $realname; } if (isset($privs)) { $GLOBALS['pixie_user_privs'] = $privs; } $GLOBALS['pixie_user'] = $username; $GLOBALS['nonce'] = $nonce; return ''; } else { // login failed $GLOBALS['pixie_user'] = ''; $message = $lang['login_incorrect']; return $message; } } else { $GLOBALS['pixie_user'] = ''; $message = $lang['login_missing']; return $message; } } }
function pixie() { global $s, $m, $x, $p, $rel_path, $staticpage, $style, $site_url, $page_display_name, $page_type, $page_id, $syle, $clean_urls, $default_page; $request = $_SERVER['REQUEST_URI']; if ($style) { $request = str_replace("?style={$style}", "", $request); } $site_url_last = $site_url[strlen($site_url) - 1]; if ($site_url_last != '/') { $site_url = $site_url . '/'; } if ($clean_urls == 'yes') { // if the request contains a ? then this person is accessing with a dirty URL and is handled accordingly if (strpos($request, '?s=') !== FALSE) { $rel_path = './'; } else { //this is directory level of your installation. check autofind works!?!? $url = explode('/', $request); $count = count($url); $site_url_x = str_replace('http://', "", $site_url); $temp = explode('/', $site_url_x); $install = count($temp); $dir_level = $install - 2; if ($dir_level < 0) { $dir_level = 0; } if (isset($url[$dir_level + 1])) { $s = strtolower($url[$dir_level + 1]); } else { $s = NULL; } if (isset($url[$dir_level + 2])) { $m = strtolower($url[$dir_level + 2]); } else { $m = NULL; } if (isset($url[$dir_level + 3])) { $x = strtolower($url[$dir_level + 3]); } else { $x = NULL; } if (isset($url[$dir_level + 4])) { $p = strtolower($url[$dir_level + 4]); } else { $p = NULL; } switch ($count) { case $dir_level + 3: $rel_path = '../'; break; case $dir_level + 4: $rel_path = '../../'; break; case $dir_level + 5: $rel_path = '../../../'; break; case $dir_level + 6: $rel_path = '../../../../'; break; default: $rel_path = './'; break; } } } else { $rel_path = './'; } if (!isset($s) or !$s) { $last = $default_page[strlen($default_page) - 1]; $default = explode('/', $default_page); if (isset($default['0'])) { $s = sterilise_txt($default['0']); } else { $s = NULL; } if (isset($default['1'])) { $m = sterilise_txt($default['1']); } else { $m = NULL; } if (isset($default['2'])) { $x = sterilise_txt($default['2']); } else { $x = NULL; } if (isset($default['3'])) { $p = sterilise_txt($default['3']); } else { $p = NULL; } } $s = public_check_404($s); if (isset($s) && $s == '404') { $m = ""; $x = ""; $p = ""; } if ($m == 'rss') { if (isset($s)) { $rss = public_check_rss($s); } if (!$rss) { $s = '404'; $m = ""; $x = ""; $p = ""; } } if (isset($s)) { $page_type = check_type($s); } if ($page_type == 'dynamic') { $style = $page_type; } else { if ($page_type == 'static') { $style = $s; $m = ""; $x = ""; $p = ""; } else { if ($s == '404') { $style = '404'; } else { $style = $s; } } } function resolver($string) { $string = str_replace('-', 'BREAK', $string); $string = preg_replace('/[^a-zA-Z0-9]/', "", $string); $string = str_replace('BREAK', '-', $string); return $string; } $s = resolver($s); $m = resolver($m); $x = resolver($x); $p = resolver($p); $page_id = get_page_id($s); $page_hits = safe_field('page_views', 'pixie_core', "page_name='{$s}'"); $page_display_name = safe_field('page_display_name', 'pixie_core', "page_name='{$s}'"); safe_update('pixie_core', "page_views = {$page_hits} + 1", "page_name = '{$s}'"); }