function userlogin()
{
global $CURUSER, $TABLE_PREFIX, $err_msg_install, $btit_settings, $update_interval, $THIS_BASEPATH, $STYLEPATH, $STYLEURL, $STYLETYPE, $BASEURL, $USERLANG;
unset($GLOBALS['CURUSER']);
session_name("xbtit");
session_start();
$ip = getip();
//$_SERVER["REMOTE_ADDR"];
$nip = ip2long($ip);
$res = get_result("SELECT * FROM {$TABLE_PREFIX}bannedip WHERE INET_ATON('" . $ip . "') >= first AND INET_ATON('" . $ip . "') <= last LIMIT 1;", true, $btit_settings['cache_duration']);
if (count($res) > 0) {
header('HTTP/1.0 403 Forbidden');
?>
<html><body><h1>403 Forbidden</h1>Unauthorized IP address.</body></html>
<?php
die;
}
if (isset($_SESSION["CURUSER"]) && isset($_SESSION["CURUSER_EXPIRE"])) {
if ($_SESSION["CURUSER_EXPIRE"] > time()) {
if (!isset($STYLEPATH) || empty($STYLEPATH)) {
$STYLEPATH = is_null($_SESSION["CURUSER"]["style_path"]) ? $THIS_BASEPATH . "/style/xbtit_default" : $_SESSION["CURUSER"]["style_path"];
}
if (!isset($STYLEURL) || empty($STYLEURL)) {
$STYLEURL = is_null($_SESSION["CURUSER"]["style_url"]) ? $BASEURL . "/style/xbtit_default" : $_SESSION["CURUSER"]["style_url"];
}
if (!isset($STYLETYPE) || empty($STYLETYPE)) {
$STYLETYPE = is_null($_SESSION["CURUSER"]["style_type"]) ? 3 : (int) 0 + $_SESSION["CURUSER"]["style_type"];
}
if (!isset($USERLANG) || empty($USERLANG)) {
$USERLANG = is_null($_SESSION["CURUSER"]["language_path"]) ? $THIS_BASEPATH . "/language/english" : $THIS_BASEPATH . "/" . $_SESSION["CURUSER"]["language_url"];
}
$GLOBALS["CURUSER"] = $_SESSION["CURUSER"];
return;
} else {
unset($_SESSION["CURUSER"]);
unset($_SESSION["CURUSER_EXPIRE"]);
}
}
if ($btit_settings['xbtt_use']) {
$udownloaded = "u.downloaded+IFNULL(x.downloaded,0)";
$uuploaded = "u.uploaded+IFNULL(x.uploaded,0)";
$utables = "{$TABLE_PREFIX}users u LEFT JOIN xbt_users x ON x.uid=u.id";
} else {
$udownloaded = "u.downloaded";
$uuploaded = "u.uploaded";
$utables = "{$TABLE_PREFIX}users u";
}
// guest
if ($btit_settings["secsui_cookie_type"] == 1) {
$id = isset($_COOKIE["uid"]) && is_numeric($_COOKIE["uid"]) && $_COOKIE["uid"] > 1 ? $id = (int) 0 + $_COOKIE["uid"] : ($id = 1);
} elseif ($btit_settings["secsui_cookie_type"] == 2) {
$user_cookie_name = isset($btit_settings["secsui_cookie_name"]) && !empty($btit_settings["secsui_cookie_name"]) ? $btit_settings["secsui_cookie_name"] : "xbtitLoginCookie";
if (isset($_COOKIE[$user_cookie_name])) {
$user_cookie = unserialize($_COOKIE[$user_cookie_name]);
$id = is_numeric($user_cookie["id"]) && $user_cookie["id"] > 1 ? (int) 0 + $user_cookie["id"] : ($id = 1);
} else {
$id = 1;
}
} elseif ($btit_settings["secsui_cookie_type"] == 3) {
if (isset($_SESSION["login_cookie"])) {
$user_cookie = unserialize($_SESSION["login_cookie"]);
$id = is_numeric($user_cookie["id"]) && $user_cookie["id"] > 1 ? (int) 0 + $user_cookie["id"] : ($id = 1);
} else {
$id = 1;
}
} else {
$id = 1;
}
//proxy
$respr = do_sqlquery("SELECT * FROM {$TABLE_PREFIX}blacklist WHERE tip =" . $nip) or sqlerr(__FILE__, __LINE__);
if (mysqli_num_rows($respr) > 0 || $_SERVER["HTTP_X_FORWARDED_FOR"] || $_SERVER["HTTP_X_FORWARDED"] || $_SERVER["HTTP_FORWARDED_FOR"] || $_SERVER["HTTP_VIA"] || $_SERVER["HTTP_FORWARDED"] || $_SERVER["HTTP_FORWARDED_FOR_IP"] || $_SERVER["HTTP_PROXY_CONNECTION"] || $_SERVER["VIA"] || $_SERVER["X_FORWARDED_FOR"] || $_SERVER["FORWARDED_FOR"] || $_SERVER["FORWARDED"] || $_SERVER["X_FORWARDED"] || $_SERVER["CLIENT_IP"] || $_SERVER["FORWARDED_FOR_IP"] || $_SERVER["HTTP_CLIENT_IP"] || in_array($_SERVER['REMOTE_PORT'], array(8080, 80, 6588, 8000, 3128, 553, 554))) {
$proxy = 'yes';
} else {
$proxy = 'no';
}
quickQuery("UPDATE {$TABLE_PREFIX}users SET proxy='{$proxy}' WHERE id = {$id}") or sqlerr(__FILE__, __LINE__);
//proxy
if ($id > 1) {
$res = do_sqlquery("SELECT u.profileview, u.team,u.commentpm,u.pchat,u.tor,u.gender,u.gotgift,u.dona,u.donb,u.birt,u.mal,u.fem,u.bann,u.war,u.par,u.bot,u.trmu,u.trmo,u.vimu,u.vimo,u.friend,u.junkie,u.staff,u.sysop, u.emailnot, u.left_l, u.pid, u.cip, u.booted,u.announce,u.userbar, u.invisible, u.showporn , u.immunity, u.dob,u.warn, u.donor,u.seedbonus, u.salt, u.pass_type, u.lip, u.cip, {$udownloaded} as downloaded, {$uuploaded} as uploaded, u.smf_fid, u.ipb_fid, u.topicsperpage, u.postsperpage,u.torrentsperpage, u.flag, u.avatar, UNIX_TIMESTAMP(u.lastconnect) AS lastconnect, UNIX_TIMESTAMP(u.joined) AS joined, u.id as uid, u.username, u.password, u.random, u.email, u.language,u.style, u.time_offset, ul.*, `s`.`style_url`, `s`.`style_type`, `l`.`language_url` FROM {$utables} INNER JOIN {$TABLE_PREFIX}users_level ul ON u.id_level=ul.id LEFT JOIN `{$TABLE_PREFIX}style` `s` ON `u`.`style`=`s`.`id` LEFT JOIN `{$TABLE_PREFIX}language` `l` ON `u`.`language`=`l`.`id` WHERE u.id = {$id} LIMIT 1;", true);
$row = mysqli_fetch_assoc($res);
if ($btit_settings["secsui_cookie_type"] == 1) {
if (md5($row["random"] . $row["password"] . $row["random"]) != $_COOKIE["pass"]) {
$id = 1;
}
} elseif ($btit_settings["secsui_cookie_type"] == 2 || $btit_settings["secsui_cookie_type"] == 3) {
$cookie_items = explode(",", $btit_settings["secsui_cookie_items"]);
$cookie_string = "";
foreach ($cookie_items as $ci_value) {
$ci_exp = explode("-", $ci_value);
if ($ci_exp[0] == 8) {
$ci_exp2 = explode("[+]", $ci_exp[1]);
if ($ci_exp2[0] == 1) {
$ip_parts = explode(".", getip());
if ($ci_exp2[1] == 1) {
$cookie_string .= $ip_parts[0] . "-";
}
if ($ci_exp2[1] == 2) {
$cookie_string .= $ip_parts[1] . "-";
}
if ($ci_exp2[1] == 3) {
$cookie_string .= $ip_parts[2] . "-";
}
if ($ci_exp2[1] == 4) {
$cookie_string .= $ip_parts[3] . "-";
}
if ($ci_exp2[1] == 5) {
$cookie_string .= $ip_parts[0] . "." . $ip_parts[1] . "-";
}
if ($ci_exp2[1] == 6) {
$cookie_string .= $ip_parts[1] . "." . $ip_parts[2] . "-";
}
if ($ci_exp2[1] == 7) {
$cookie_string .= $ip_parts[2] . "." . $ip_parts[3] . "-";
}
if ($ci_exp2[1] == 8) {
$cookie_string .= $ip_parts[0] . "." . $ip_parts[2] . "-";
}
if ($ci_exp2[1] == 9) {
$cookie_string .= $ip_parts[0] . "." . $ip_parts[3] . "-";
}
if ($ci_exp2[1] == 10) {
$cookie_string .= $ip_parts[1] . "." . $ip_parts[3] . "-";
}
if ($ci_exp2[1] == 11) {
$cookie_string .= $ip_parts[0] . "." . $ip_parts[1] . "." . $ip_parts[2] . "-";
}
if ($ci_exp2[1] == 12) {
$cookie_string .= $ip_parts[1] . "." . $ip_parts[2] . "." . $ip_parts[3] . "-";
}
if ($ci_exp2[1] == 13) {
$cookie_string .= $ip_parts[0] . "." . $ip_parts[1] . "." . $ip_parts[2] . "." . $ip_parts[3] . "-";
}
unset($ci_exp2);
}
} else {
if ($ci_exp[0] == 1 && $ci_exp[1] == 1) {
$cookie_string .= $row["uid"] . "-";
}
if ($ci_exp[0] == 2 && $ci_exp[1] == 1) {
$cookie_string .= $row["password"] . "-";
}
if ($ci_exp[0] == 3 && $ci_exp[1] == 1) {
$cookie_string .= $row["random"] . "-";
}
if ($ci_exp[0] == 4 && $ci_exp[1] == 1) {
$cookie_string .= strtolower($row["username"]) . "-";
}
if ($ci_exp[0] == 5 && $ci_exp[1] == 1) {
$cookie_string .= $row["salt"] . "-";
}
if ($ci_exp[0] == 6 && $ci_exp[1] == 1) {
$cookie_string .= $_SERVER["HTTP_USER_AGENT"] . "-";
}
if ($ci_exp[0] == 7 && $ci_exp[1] == 1) {
$cookie_string .= $_SERVER["HTTP_ACCEPT_LANGUAGE"] . "-";
}
}
unset($ci_exp);
}
$final_cookie["hash"] = sha1(trim($cookie_string, "-"));
if ($final_cookie["hash"] != $user_cookie["hash"]) {
$id = 1;
}
}
}
if ($id == 1) {
$res = do_sqlquery("SELECT u.profileview, u.team,u.commentpm,u.pchat,u.tor,u.gender,u.gotgift,u.emailnot, u.dona,u.donb,u.birt,u.mal,u.fem,u.bann,u.war,u.par,u.bot,u.trmu,u.trmo,u.vimu,u.vimo,u.friend,u.junkie,u.staff,u.sysop, u.left_l, u.pid, u.cip,u.booted,u.announce,u.userbar, u.invisible, u.showporn , u.immunity, u.dob, u.warn, u.donor,u.seedbonus, u.salt, u.pass_type, u.lip, u.cip, {$udownloaded} as downloaded, {$uuploaded} as uploaded, u.smf_fid, u.ipb_fid, u.topicsperpage, u.postsperpage,u.torrentsperpage, u.flag, u.avatar, UNIX_TIMESTAMP(u.lastconnect) AS lastconnect, UNIX_TIMESTAMP(u.joined) AS joined, u.id as uid, u.username, u.password, u.random, u.email, u.language,u.style, u.time_offset, ul.*, `s`.`style_url`, `s`.`style_type`, `l`.`language_url` FROM {$utables} INNER JOIN {$TABLE_PREFIX}users_level ul ON u.id_level=ul.id LEFT JOIN `{$TABLE_PREFIX}style` `s` ON `u`.`style`=`s`.`id` LEFT JOIN `{$TABLE_PREFIX}language` `l` ON `u`.`language`=`l`.`id` WHERE u.id = 1 LIMIT 1;", true);
$row = mysqli_fetch_assoc($res);
}
// warn-ban system with acp by DT
$resdt = mysqli_query($GLOBALS["___mysqli_ston"], "SELECT ban,bandt,booted,addbooted,whybooted FROM {$TABLE_PREFIX}users WHERE id=" . $id);
$rowdt = mysqli_fetch_array($resdt);
if ($rowdt["bandt"] == "yes" or $rowdt["ban"] == "yes" or $rowdt["booted"] == "yes") {
header('HTTP/1.0 403 Forbidden');
?>
<html><body><h1>403 Forbidden</h1>You are Banned from this site !</body></html>
<?php
if ($rowdt["booted"] == "yes") {
echo "<br><br>The reason :" . $rowdt["whybooted"];
}
echo "<br><br><font color = red>But .... we give you one more change , you can come back , and login after : " . $rowdt["addbooted"] . "</font>";
die;
} else {
}
// warn-ban system with acp by DT
// bots start
$crawler = crawlerDetect($_SERVER['HTTP_USER_AGENT']);
if ($crawler) {
@quickQuery("INSERT INTO {$TABLE_PREFIX}bots (name,visit) VALUES ('{$crawler}',NOW())") or die(is_object($GLOBALS["___mysqli_ston"]) ? mysqli_error($GLOBALS["___mysqli_ston"]) : (($___mysqli_res = mysqli_connect_error()) ? $___mysqli_res : false));
} else {
// usual visitor
}
// bots end
// CHECK FOR INSTALLATION FOLDER WITHOUT INSTALL.ME
if ($row['id_level'] == 8 && (file_exists('install.php') || file_exists('upgrade.php'))) {
// only owner level
$err_msg_install = '<div align="center" style="color:red; font-size:12pt; font-weight: bold;">SECURITY WARNING: Delete install.php & upgrade.php!</div>';
} elseif ($btit_settings["site_offline"] && $row["id_level"] == 8) {
$err_msg_install = "<div align=\"center\" style=\"color:red; font-size:12pt; font-weight: bold;\">REMEMBER: " . $btit_settings["name"] . " is currently offline.</div>";
} else {
$err_msg_install = '';
}
if (!isset($STYLEPATH) || empty($STYLEPATH)) {
$STYLEPATH = $THIS_BASEPATH . "/" . (is_null($row["style_url"]) ? "style/xbtit_default" : $row["style_url"]);
}
if (!isset($STYLEURL) || empty($STYLEURL)) {
$STYLEURL = $BASEURL . "/" . (is_null($row["style_url"]) ? "style/xbtit_default" : $row["style_url"]);
}
if (!isset($STYLETYPE) || empty($STYLETYPE)) {
$STYLETYPE = is_null($row["style_type"]) ? 3 : (int) 0 + $row["style_type"];
}
if (!isset($USERLANG) || empty($USERLANG)) {
$USERLANG = is_null($row["language_url"]) ? $THIS_BASEPATH . "/language/english" : $THIS_BASEPATH . "/" . $row["language_url"];
}
$_SESSION["CURUSER"] = $row;
$_SESSION["CURUSER"]["style_url"] = $STYLEURL;
$_SESSION["CURUSER"]["style_path"] = $STYLEPATH;
$_SESSION["CURUSER"]["style_type"] = $STYLETYPE;
$_SESSION["CURUSER"]["language_path"] = $USERLANG;
$_SESSION["CURUSER_EXPIRE"] = time() + $btit_settings["cache_duration"];
$GLOBALS["CURUSER"] = $_SESSION["CURUSER"];
mysqli_free_result($res) || is_object($res) && get_class($res) == "mysqli_result" ? true : false;
unset($row);
}
<?php
// basic sequence with LDAP is connect, bind, search, interpret search
// result, close connection
$searchname = trim(htmlspecialchars(strip_tags($_REQUEST['searchvalue'])));
function crawlerDetect($USER_AGENT)
{
$crawlers = array(array('Google', 'Google'), array('msnbot', 'MSN'), array('Rambler', 'Rambler'), array('Yahoo', 'Yahoo'), array('AbachoBOT', 'AbachoBOT'), array('accoona', 'Accoona'), array('AcoiRobot', 'AcoiRobot'), array('ASPSeek', 'ASPSeek'), array('CrocCrawler', 'CrocCrawler'), array('Dumbot', 'Dumbot'), array('FAST-WebCrawler', 'FAST-WebCrawler'), array('GeonaBot', 'GeonaBot'), array('Gigabot', 'Gigabot'), array('Lycos', 'Lycos spider'), array('MSRBOT', 'MSRBOT'), array('Scooter', 'Altavista robot'), array('AltaVista', 'Altavista robot'), array('IDBot', 'ID-Search Bot'), array('eStyle', 'eStyle Bot'), array('Scrubby', 'Scrubby robot'));
foreach ($crawlers as $c) {
if (stristr($USER_AGENT, $c[0])) {
return $c[1];
}
}
return false;
}
$crawler = crawlerDetect($_SERVER['HTTP_USER_AGENT']);
$pos = strpos($searchname, '*');
$length = strlen($searchname);
//echo $pos;
if (!$crawler && strlen($searchname) > 1 && $pos != 1) {
function obfuscate($input)
{
foreach (str_split($input) as $obj) {
$output .= '&#' . ord($obj) . ';';
}
return $output;
}
$ds = ldap_connect("ldap.llnl.gov");
if ($ds) {
$r = ldap_bind($ds);
// Search surname entry
