$ids = explode(".", $_GET['p']); if (isset($ids[1])) { $type = $ids[1]; } else { $type = "png"; } if (isset($ids[0])) { $name = clean($ids[0]); } else { $name = ""; } if (isset($name) && $name != "") { $uID = $name; $USER_OBJECT->getByCol("username", $uID); $user = $USER_OBJECT->getNext(); $rights = getRights($user['uID']); $sourcePhotos = array(); $loadedPhotos = array(); $sourcePhotos = appendPhoto($sourcePhotos, $img_root . "./imgs/crest-data/crest.png", 100, 100); if ($rights['banned']) { $sourcePhotos = prefixPhoto($sourcePhotos, $img_root . "./imgs/crest-data/bg-banned.png", 0, 0); } else { if ($rights['admin']) { $sourcePhotos = prefixPhoto($sourcePhotos, $img_root . "./imgs/crest-data/bg-root.png", 0, 0); } else { if ($rights['staff']) { $sourcePhotos = prefixPhoto($sourcePhotos, $img_root . "./imgs/crest-data/bg-staff.png", 0, 0); } else { if ($rights['modi']) { $sourcePhotos = prefixPhoto($sourcePhotos, $img_root . "./imgs/crest-data/bg-modi.png", 0, 0); } else {
<?php session_start(); require_once("db.class.php/db.class.php"); $DB = new DB(); // get the rights of the person logged in // will return a number 1 - 3 or null function getRights(){ global $DB; $lsql = "SELECT userlevel FROM reps WHERE id=".$_SESSION['loggedin']; $level = $DB->queryUniqueValue($lsql); $csql = "SELECT createdby_repid FROM leads WHERE id = ".$_REQUEST['id']; $created_by = $DB->queryUniqueValue($csql); //$created_by == $_SESSION['loggedin'] if($level == "1"){ $ret = "1:full"; }else{ $ret = "1:restricted"; } return $ret; } if(isset($_REQUEST['id'])){ print getRights(); } ?>
/** * Видео-каталог * (C) 2006-2009 Ilya Spesivtsev, macondos@gmail.com * * Back-offic'ные задачи * Интерфейс администратора * * @author Ilya Spesivtsev * @version 1.07 */ require_once "config.php"; header('Expires: -1'); require_once "functions.php"; session_start(); require_once isset($config['logon.php']) ? $config['logon.php'] : "logon.php"; if (!getRights("admin_view", $user)) { echo "У вас недостаточно прав для того, чтобы войти на эту страницу"; exit; } $idSQLConnection = mysql_connect($config['mysqlhost'], $config['mysqluser'], $config['mysqlpass']); if (!$idSQLConnection) { echo "Критическая ошибка на сервере. Ошибка при подключении к базе данных."; exit; } $result = mysql_select_db($config['mysqldb'], $idSQLConnection); if (!$result) { echo "Критическая ошибка на сервере. Ошибка при выборе базы данных."; exit; } if (isset($config['mysql_set_names'])) { mysql_query($config['mysql_set_names']);
require_once "functions.php"; $noajax = isset($_REQUEST["noajax"]) ? 1 : 0; if (!$noajax) { require_once "jshttprequest/JsHttpRequest.php"; $JsHttpRequest = new JsHttpRequest("windows-1251"); } $idSQLConnection = mysql_connect($config['mysqlhost'], $config['mysqluser'], $config['mysqlpass']); if (!$idSQLConnection) { echo "Критическая ошибка на сервере. Ошибка при подключении к базе данных."; exit; } $result = mysql_select_db($config['mysqldb'], $idSQLConnection); if (!$result) { echo "Критическая ошибка на сервере. Ошибка при выборе базы данных."; exit; } if (isset($config['mysql_set_names'])) { mysql_query($config['mysql_set_names']); } $login = $_SESSION['login']; $pass = $_SESSION['pass']; $user = GetUserID($login, $pass); $action = isset($_REQUEST["action"]) ? strtolower($_REQUEST["action"]) : ""; if (getRights($action, $user) || $action == "exit") { switch ($action) { case "test": $text = $_REQUEST['text']; $_RESULT["md5"] = text; break; } }
$result = mysql_query($sql); $films = array(); while ($result && ($field = mysql_fetch_assoc($result))) { $films[] = $field; } $_RESULT["films"] = $films; break; case "deletefilm": $Moderator = 0; $id = (int) $_REQUEST['id']; $result = mysql_query("SELECT Moderator FROM films WHERE ID={$id}"); if ($result && ($field = mysql_fetch_assoc($result))) { $Moderator = $field["Moderator"]; } if ($user["ID"] == $Moderator || getRights("deletefilm_ext", $user)) { $all = isset($_REQUEST['all']) && $_REQUEST['all'] == 1 && getRights("deletefilm_erase", $user) ? 1 : 0; $asDir = 0; if ($all) { require_once "classes/storages.php"; $storages = new Storages(); if (isset($config["dir_extensions"])) { $storages->set_dir_extensions($config["dir_extensions"]); } $result = mysql_query("SELECT Moderator,AsDir FROM films WHERE ID={$id}"); if ($result && ($field = mysql_fetch_assoc($result))) { $asDir = $field["AsDir"]; } $result = mysql_query("SELECT Path FROM files WHERE FilmID={$id}"); while ($result && ($field = mysql_fetch_assoc($result))) { $mypath_dec = $storages->decode_path($field["Path"]); $path_parts = pathinfo($mypath_dec);
var FIXED_WIDTH_POSTER = <?php echo $gd_loaded ? 0 : (isset($config["covers"]["defaultcovers"]["width"]) ? $config["covers"]["defaultcovers"]["width"] : 160); ?> ; var RIGHTS_SETBOOKMARK = <?php echo getRights("setbookmark", $user); ?> ; var RIGHTS_POSTCOMMENT = <?php echo getRights("postcomment", $user); ?> ; var RIGHTS_SETRATING = <?php echo getRights("setrating", $user); ?> ; var CAN_NOT_SETBOOKMARK = "<?php echo isset($config['can_not_setbookmark']) ? $config['can_not_setbookmark'] : "Только зарегистрированные пользователи могут создавать закладки.<br> <a href='?register=1' class='alert_link'>Зарегистрируйтесь</a><br>или войдите под своим логином<br><form action='?' method='post'><input type='hidden' name='logon' value='1'><table border='0' width='100%'><tr><td>Логин:</td><td><input name='login'></td></tr><tr><td>Пароль:</td><td><input name='pass' type='password'></td></tr><tr><td colspan='2'><input id='remember' type='checkbox' value='1' name='remember'><label for='remember'>Автоматически входить</label></td></tr><tr><td colspan='2' align='center'><input type='submit' value='OK'></td></tr></table></form>"; ?> "; var CAN_NOT_POSTCOMMENT = "<?php echo isset($config['can_not_postcomment']) ? $config['can_not_postcomment'] : "Только зарегистрированные пользователи могут оставлять отзывы.<br> <a href='?register=1' class='alert_link'>Зарегистрируйтесь</a> или <a href='javascript:Exit();' class='alert_link'>войдите</a> под своим логином"; ?> "; var CAN_NOT_SETRATING = "<?php echo isset($config['can_not_setrating']) ? $config['can_not_setrating'] : "<a href='?register=1' class='alert_link'>Зарегистрируйтесь</a> или <a href='javascript:Exit();' class='alert_link'>войдите</a> под своим логином,<br> чтобы ставить рейтинги"; ?> ";
session_destroy(); session_start(); $_SESSION['msg'] = "See ya' later! I miss ya already!"; header("Location: " . $SITE_PREFIX . "t/login"); exit(0); } if (isset($_POST['login'])) { if (isset($_POST['name']) && $_POST['name'] != "" && isset($_POST['pass']) && $_POST['pass'] != "") { $_SESSION['key'] = $_SESSION['token']; unset($_SESSION['token']); $user = new user(); $user->getByCol("username", $_POST['name']); $foo = $user->getNext(); $p_check = md5($_SESSION['key'] . $foo['password']); if ($_POST['pass'] == $p_check) { $_SESSION['rights'] = getRights($foo['uID']); if ($_SESSION['rights']['banned']) { $_SESSION['msg'] = "You're banned, asshole. GTFO"; header("Location: " . $SITE_PREFIX . "t/banned"); exit(0); } else { $_SESSION['id'] = $foo['uID']; $_SESSION['real_name'] = $foo['real_name']; $_SESSION['username'] = $foo['username']; $_SESSION['email'] = $foo['email']; // set patrick_stewart var for private / public stuff // $_SESSION['patrick_stewart'] = TRUE; // Context / copied from: // // http://www.youtube.com/watch?v=Fg_cwI1Xj4M ( Nawt a rickroll ) // ^ this is lulzy. Watch.