function userlogin() { global $CURUSER, $TABLE_PREFIX, $err_msg_install, $btit_settings, $update_interval, $THIS_BASEPATH, $STYLEPATH, $STYLEURL, $STYLETYPE, $BASEURL, $USERLANG; unset($GLOBALS['CURUSER']); session_name("xbtit"); session_start(); $ip = getip(); //$_SERVER["REMOTE_ADDR"]; $nip = ip2long($ip); $res = get_result("SELECT * FROM {$TABLE_PREFIX}bannedip WHERE INET_ATON('" . $ip . "') >= first AND INET_ATON('" . $ip . "') <= last LIMIT 1;", true, $btit_settings['cache_duration']); if (count($res) > 0) { header('HTTP/1.0 403 Forbidden'); ?> <html><body><h1>403 Forbidden</h1>Unauthorized IP address.</body></html> <?php die; } if (isset($_SESSION["CURUSER"]) && isset($_SESSION["CURUSER_EXPIRE"])) { if ($_SESSION["CURUSER_EXPIRE"] > time()) { if (!isset($STYLEPATH) || empty($STYLEPATH)) { $STYLEPATH = is_null($_SESSION["CURUSER"]["style_path"]) ? $THIS_BASEPATH . "/style/xbtit_default" : $_SESSION["CURUSER"]["style_path"]; } if (!isset($STYLEURL) || empty($STYLEURL)) { $STYLEURL = is_null($_SESSION["CURUSER"]["style_url"]) ? $BASEURL . "/style/xbtit_default" : $_SESSION["CURUSER"]["style_url"]; } if (!isset($STYLETYPE) || empty($STYLETYPE)) { $STYLETYPE = is_null($_SESSION["CURUSER"]["style_type"]) ? 3 : (int) 0 + $_SESSION["CURUSER"]["style_type"]; } if (!isset($USERLANG) || empty($USERLANG)) { $USERLANG = is_null($_SESSION["CURUSER"]["language_path"]) ? $THIS_BASEPATH . "/language/english" : $THIS_BASEPATH . "/" . $_SESSION["CURUSER"]["language_url"]; } $GLOBALS["CURUSER"] = $_SESSION["CURUSER"]; return; } else { unset($_SESSION["CURUSER"]); unset($_SESSION["CURUSER_EXPIRE"]); } } if ($btit_settings['xbtt_use']) { $udownloaded = "u.downloaded+IFNULL(x.downloaded,0)"; $uuploaded = "u.uploaded+IFNULL(x.uploaded,0)"; $utables = "{$TABLE_PREFIX}users u LEFT JOIN xbt_users x ON x.uid=u.id"; } else { $udownloaded = "u.downloaded"; $uuploaded = "u.uploaded"; $utables = "{$TABLE_PREFIX}users u"; } // guest if ($btit_settings["secsui_cookie_type"] == 1) { $id = isset($_COOKIE["uid"]) && is_numeric($_COOKIE["uid"]) && $_COOKIE["uid"] > 1 ? $id = (int) 0 + $_COOKIE["uid"] : ($id = 1); } elseif ($btit_settings["secsui_cookie_type"] == 2) { $user_cookie_name = isset($btit_settings["secsui_cookie_name"]) && !empty($btit_settings["secsui_cookie_name"]) ? $btit_settings["secsui_cookie_name"] : "xbtitLoginCookie"; if (isset($_COOKIE[$user_cookie_name])) { $user_cookie = unserialize($_COOKIE[$user_cookie_name]); $id = is_numeric($user_cookie["id"]) && $user_cookie["id"] > 1 ? (int) 0 + $user_cookie["id"] : ($id = 1); } else { $id = 1; } } elseif ($btit_settings["secsui_cookie_type"] == 3) { if (isset($_SESSION["login_cookie"])) { $user_cookie = unserialize($_SESSION["login_cookie"]); $id = is_numeric($user_cookie["id"]) && $user_cookie["id"] > 1 ? (int) 0 + $user_cookie["id"] : ($id = 1); } else { $id = 1; } } else { $id = 1; } //proxy $respr = do_sqlquery("SELECT * FROM {$TABLE_PREFIX}blacklist WHERE tip =" . $nip) or sqlerr(__FILE__, __LINE__); if (mysqli_num_rows($respr) > 0 || $_SERVER["HTTP_X_FORWARDED_FOR"] || $_SERVER["HTTP_X_FORWARDED"] || $_SERVER["HTTP_FORWARDED_FOR"] || $_SERVER["HTTP_VIA"] || $_SERVER["HTTP_FORWARDED"] || $_SERVER["HTTP_FORWARDED_FOR_IP"] || $_SERVER["HTTP_PROXY_CONNECTION"] || $_SERVER["VIA"] || $_SERVER["X_FORWARDED_FOR"] || $_SERVER["FORWARDED_FOR"] || $_SERVER["FORWARDED"] || $_SERVER["X_FORWARDED"] || $_SERVER["CLIENT_IP"] || $_SERVER["FORWARDED_FOR_IP"] || $_SERVER["HTTP_CLIENT_IP"] || in_array($_SERVER['REMOTE_PORT'], array(8080, 80, 6588, 8000, 3128, 553, 554))) { $proxy = 'yes'; } else { $proxy = 'no'; } quickQuery("UPDATE {$TABLE_PREFIX}users SET proxy='{$proxy}' WHERE id = {$id}") or sqlerr(__FILE__, __LINE__); //proxy if ($id > 1) { $res = do_sqlquery("SELECT u.profileview, u.team,u.commentpm,u.pchat,u.tor,u.gender,u.gotgift,u.dona,u.donb,u.birt,u.mal,u.fem,u.bann,u.war,u.par,u.bot,u.trmu,u.trmo,u.vimu,u.vimo,u.friend,u.junkie,u.staff,u.sysop, u.emailnot, u.left_l, u.pid, u.cip, u.booted,u.announce,u.userbar, u.invisible, u.showporn , u.immunity, u.dob,u.warn, u.donor,u.seedbonus, u.salt, u.pass_type, u.lip, u.cip, {$udownloaded} as downloaded, {$uuploaded} as uploaded, u.smf_fid, u.ipb_fid, u.topicsperpage, u.postsperpage,u.torrentsperpage, u.flag, u.avatar, UNIX_TIMESTAMP(u.lastconnect) AS lastconnect, UNIX_TIMESTAMP(u.joined) AS joined, u.id as uid, u.username, u.password, u.random, u.email, u.language,u.style, u.time_offset, ul.*, `s`.`style_url`, `s`.`style_type`, `l`.`language_url` FROM {$utables} INNER JOIN {$TABLE_PREFIX}users_level ul ON u.id_level=ul.id LEFT JOIN `{$TABLE_PREFIX}style` `s` ON `u`.`style`=`s`.`id` LEFT JOIN `{$TABLE_PREFIX}language` `l` ON `u`.`language`=`l`.`id` WHERE u.id = {$id} LIMIT 1;", true); $row = mysqli_fetch_assoc($res); if ($btit_settings["secsui_cookie_type"] == 1) { if (md5($row["random"] . $row["password"] . $row["random"]) != $_COOKIE["pass"]) { $id = 1; } } elseif ($btit_settings["secsui_cookie_type"] == 2 || $btit_settings["secsui_cookie_type"] == 3) { $cookie_items = explode(",", $btit_settings["secsui_cookie_items"]); $cookie_string = ""; foreach ($cookie_items as $ci_value) { $ci_exp = explode("-", $ci_value); if ($ci_exp[0] == 8) { $ci_exp2 = explode("[+]", $ci_exp[1]); if ($ci_exp2[0] == 1) { $ip_parts = explode(".", getip()); if ($ci_exp2[1] == 1) { $cookie_string .= $ip_parts[0] . "-"; } if ($ci_exp2[1] == 2) { $cookie_string .= $ip_parts[1] . "-"; } if ($ci_exp2[1] == 3) { $cookie_string .= $ip_parts[2] . "-"; } if ($ci_exp2[1] == 4) { $cookie_string .= $ip_parts[3] . "-"; } if ($ci_exp2[1] == 5) { $cookie_string .= $ip_parts[0] . "." . $ip_parts[1] . "-"; } if ($ci_exp2[1] == 6) { $cookie_string .= $ip_parts[1] . "." . $ip_parts[2] . "-"; } if ($ci_exp2[1] == 7) { $cookie_string .= $ip_parts[2] . "." . $ip_parts[3] . "-"; } if ($ci_exp2[1] == 8) { $cookie_string .= $ip_parts[0] . "." . $ip_parts[2] . "-"; } if ($ci_exp2[1] == 9) { $cookie_string .= $ip_parts[0] . "." . $ip_parts[3] . "-"; } if ($ci_exp2[1] == 10) { $cookie_string .= $ip_parts[1] . "." . $ip_parts[3] . "-"; } if ($ci_exp2[1] == 11) { $cookie_string .= $ip_parts[0] . "." . $ip_parts[1] . "." . $ip_parts[2] . "-"; } if ($ci_exp2[1] == 12) { $cookie_string .= $ip_parts[1] . "." . $ip_parts[2] . "." . $ip_parts[3] . "-"; } if ($ci_exp2[1] == 13) { $cookie_string .= $ip_parts[0] . "." . $ip_parts[1] . "." . $ip_parts[2] . "." . $ip_parts[3] . "-"; } unset($ci_exp2); } } else { if ($ci_exp[0] == 1 && $ci_exp[1] == 1) { $cookie_string .= $row["uid"] . "-"; } if ($ci_exp[0] == 2 && $ci_exp[1] == 1) { $cookie_string .= $row["password"] . "-"; } if ($ci_exp[0] == 3 && $ci_exp[1] == 1) { $cookie_string .= $row["random"] . "-"; } if ($ci_exp[0] == 4 && $ci_exp[1] == 1) { $cookie_string .= strtolower($row["username"]) . "-"; } if ($ci_exp[0] == 5 && $ci_exp[1] == 1) { $cookie_string .= $row["salt"] . "-"; } if ($ci_exp[0] == 6 && $ci_exp[1] == 1) { $cookie_string .= $_SERVER["HTTP_USER_AGENT"] . "-"; } if ($ci_exp[0] == 7 && $ci_exp[1] == 1) { $cookie_string .= $_SERVER["HTTP_ACCEPT_LANGUAGE"] . "-"; } } unset($ci_exp); } $final_cookie["hash"] = sha1(trim($cookie_string, "-")); if ($final_cookie["hash"] != $user_cookie["hash"]) { $id = 1; } } } if ($id == 1) { $res = do_sqlquery("SELECT u.profileview, u.team,u.commentpm,u.pchat,u.tor,u.gender,u.gotgift,u.emailnot, u.dona,u.donb,u.birt,u.mal,u.fem,u.bann,u.war,u.par,u.bot,u.trmu,u.trmo,u.vimu,u.vimo,u.friend,u.junkie,u.staff,u.sysop, u.left_l, u.pid, u.cip,u.booted,u.announce,u.userbar, u.invisible, u.showporn , u.immunity, u.dob, u.warn, u.donor,u.seedbonus, u.salt, u.pass_type, u.lip, u.cip, {$udownloaded} as downloaded, {$uuploaded} as uploaded, u.smf_fid, u.ipb_fid, u.topicsperpage, u.postsperpage,u.torrentsperpage, u.flag, u.avatar, UNIX_TIMESTAMP(u.lastconnect) AS lastconnect, UNIX_TIMESTAMP(u.joined) AS joined, u.id as uid, u.username, u.password, u.random, u.email, u.language,u.style, u.time_offset, ul.*, `s`.`style_url`, `s`.`style_type`, `l`.`language_url` FROM {$utables} INNER JOIN {$TABLE_PREFIX}users_level ul ON u.id_level=ul.id LEFT JOIN `{$TABLE_PREFIX}style` `s` ON `u`.`style`=`s`.`id` LEFT JOIN `{$TABLE_PREFIX}language` `l` ON `u`.`language`=`l`.`id` WHERE u.id = 1 LIMIT 1;", true); $row = mysqli_fetch_assoc($res); } // warn-ban system with acp by DT $resdt = mysqli_query($GLOBALS["___mysqli_ston"], "SELECT ban,bandt,booted,addbooted,whybooted FROM {$TABLE_PREFIX}users WHERE id=" . $id); $rowdt = mysqli_fetch_array($resdt); if ($rowdt["bandt"] == "yes" or $rowdt["ban"] == "yes" or $rowdt["booted"] == "yes") { header('HTTP/1.0 403 Forbidden'); ?> <html><body><h1>403 Forbidden</h1>You are Banned from this site !</body></html> <?php if ($rowdt["booted"] == "yes") { echo "<br><br>The reason :" . $rowdt["whybooted"]; } echo "<br><br><font color = red>But .... we give you one more change , you can come back , and login after : " . $rowdt["addbooted"] . "</font>"; die; } else { } // warn-ban system with acp by DT // bots start $crawler = crawlerDetect($_SERVER['HTTP_USER_AGENT']); if ($crawler) { @quickQuery("INSERT INTO {$TABLE_PREFIX}bots (name,visit) VALUES ('{$crawler}',NOW())") or die(is_object($GLOBALS["___mysqli_ston"]) ? mysqli_error($GLOBALS["___mysqli_ston"]) : (($___mysqli_res = mysqli_connect_error()) ? $___mysqli_res : false)); } else { // usual visitor } // bots end // CHECK FOR INSTALLATION FOLDER WITHOUT INSTALL.ME if ($row['id_level'] == 8 && (file_exists('install.php') || file_exists('upgrade.php'))) { // only owner level $err_msg_install = '<div align="center" style="color:red; font-size:12pt; font-weight: bold;">SECURITY WARNING: Delete install.php & upgrade.php!</div>'; } elseif ($btit_settings["site_offline"] && $row["id_level"] == 8) { $err_msg_install = "<div align=\"center\" style=\"color:red; font-size:12pt; font-weight: bold;\">REMEMBER: " . $btit_settings["name"] . " is currently offline.</div>"; } else { $err_msg_install = ''; } if (!isset($STYLEPATH) || empty($STYLEPATH)) { $STYLEPATH = $THIS_BASEPATH . "/" . (is_null($row["style_url"]) ? "style/xbtit_default" : $row["style_url"]); } if (!isset($STYLEURL) || empty($STYLEURL)) { $STYLEURL = $BASEURL . "/" . (is_null($row["style_url"]) ? "style/xbtit_default" : $row["style_url"]); } if (!isset($STYLETYPE) || empty($STYLETYPE)) { $STYLETYPE = is_null($row["style_type"]) ? 3 : (int) 0 + $row["style_type"]; } if (!isset($USERLANG) || empty($USERLANG)) { $USERLANG = is_null($row["language_url"]) ? $THIS_BASEPATH . "/language/english" : $THIS_BASEPATH . "/" . $row["language_url"]; } $_SESSION["CURUSER"] = $row; $_SESSION["CURUSER"]["style_url"] = $STYLEURL; $_SESSION["CURUSER"]["style_path"] = $STYLEPATH; $_SESSION["CURUSER"]["style_type"] = $STYLETYPE; $_SESSION["CURUSER"]["language_path"] = $USERLANG; $_SESSION["CURUSER_EXPIRE"] = time() + $btit_settings["cache_duration"]; $GLOBALS["CURUSER"] = $_SESSION["CURUSER"]; mysqli_free_result($res) || is_object($res) && get_class($res) == "mysqli_result" ? true : false; unset($row); }
<?php // basic sequence with LDAP is connect, bind, search, interpret search // result, close connection $searchname = trim(htmlspecialchars(strip_tags($_REQUEST['searchvalue']))); function crawlerDetect($USER_AGENT) { $crawlers = array(array('Google', 'Google'), array('msnbot', 'MSN'), array('Rambler', 'Rambler'), array('Yahoo', 'Yahoo'), array('AbachoBOT', 'AbachoBOT'), array('accoona', 'Accoona'), array('AcoiRobot', 'AcoiRobot'), array('ASPSeek', 'ASPSeek'), array('CrocCrawler', 'CrocCrawler'), array('Dumbot', 'Dumbot'), array('FAST-WebCrawler', 'FAST-WebCrawler'), array('GeonaBot', 'GeonaBot'), array('Gigabot', 'Gigabot'), array('Lycos', 'Lycos spider'), array('MSRBOT', 'MSRBOT'), array('Scooter', 'Altavista robot'), array('AltaVista', 'Altavista robot'), array('IDBot', 'ID-Search Bot'), array('eStyle', 'eStyle Bot'), array('Scrubby', 'Scrubby robot')); foreach ($crawlers as $c) { if (stristr($USER_AGENT, $c[0])) { return $c[1]; } } return false; } $crawler = crawlerDetect($_SERVER['HTTP_USER_AGENT']); $pos = strpos($searchname, '*'); $length = strlen($searchname); //echo $pos; if (!$crawler && strlen($searchname) > 1 && $pos != 1) { function obfuscate($input) { foreach (str_split($input) as $obj) { $output .= '&#' . ord($obj) . ';'; } return $output; } $ds = ldap_connect("ldap.llnl.gov"); if ($ds) { $r = ldap_bind($ds); // Search surname entry