function _checkFrontendUserAutoLogin() { if (!_getFeUserLoginStatus() && session_id() && !empty($_COOKIE['phpwcmsFeLoginRemember']) && !isset($_POST['phpwcmsFeLoginRemember']) && !isset($_GET['phpwcmsFeLoginRemember'])) { $_loginData = explode('##-|-##', $_COOKIE['phpwcmsFeLoginRemember']); if (!empty($_loginData[0]) && !empty($_loginData[1])) { $_loginData['validate_db']['userdetail'] = empty($_loginData[2]) ? 0 : 1; $_loginData['validate_db']['backenduser'] = empty($_loginData[3]) ? 0 : 1; $_loginData['query_result'] = _checkFrontendUserLogin($_loginData[0], $_loginData[1], $_loginData['validate_db']); if ($_loginData['query_result'] !== false && is_array($_loginData['query_result']) && count($_loginData['query_result'])) { if (isset($_loginData['query_result']['usr_login'])) { $_SESSION[session_id()] = $_loginData['query_result']['usr_login']; } elseif ($_loginData['query_result']['detail_login']) { $_SESSION[session_id()] = $_loginData['query_result']['detail_login']; } $_SESSION[session_id() . '_userdata'] = _getFrontendUserBaseData($_loginData['query_result']); } else { unset($_COOKIE['phpwcmsFeLoginRemember']); } } } // logout if (session_id() && (isset($_POST['feLogout']) || isset($_GET['feLogout']))) { unset($_SESSION[session_id()]); setcookie('phpwcmsFeLoginRemember', '', time() - 3600, '/', getCookieDomain()); } define('FEUSER_LOGIN_STATUS', _getFeUserLoginStatus()); }
// first check if (isset($_GET['u']) && $_GET['u'] == PHPWCMS_USER_KEY) { $ads_id = intval($_GET['adclickval']); $sql = 'SELECT * FROM ' . DB_PREPEND . 'phpwcms_ads_campaign '; $sql .= 'WHERE adcampaign_id=' . $ads_id . ' AND adcampaign_status=1 LIMIT 1'; $ad_data = _dbQuery($sql); if (!empty($ad_data[0]['adcampaign_data'])) { $ad_data = @unserialize($ad_data[0]['adcampaign_data']); $ads_userip = getRemoteIP(); $ads_useragent = $_SERVER['HTTP_USER_AGENT']; $ads_ref = isset($_GET['r']) ? trim($_GET['r']) : ''; $ads_cat = empty($_GET['c']) ? 0 : intval($_GET['c']); $ads_article = empty($_GET['a']) ? 0 : intval($_GET['a']); if (empty($_COOKIE['phpwcmsAdsUserId']) || !preg_match('/^[0-9a-f]{32}$/', $ads_userid = $_COOKIE['phpwcmsAdsUserId'])) { $ads_userid = md5($ads_userip . microtime()); setcookie('phpwcmsAdsUserId', $ads_userid, time() + 63072000, '/', getCookieDomain()); } $sql = 'INSERT DELAYED INTO ' . DB_PREPEND . 'phpwcms_ads_tracking ('; $sql .= 'adtracking_created, adtracking_campaignid, adtracking_ip, adtracking_cookieid, '; $sql .= 'adtracking_countclick, adtracking_countview, adtracking_useragent, adtracking_ref, '; $sql .= 'adtracking_catid, adtracking_articleid) VALUES ('; $sql .= "NOW(), " . $ads_id . ", " . _dbEscape($ads_userip) . ", " . _dbEscape($ads_userid) . ", "; $sql .= "1, 0, " . _dbEscape($ads_useragent) . ", " . _dbEscape($ads_ref) . ", " . $ads_cat . ", " . $ads_article . ")"; @_dbQuery($sql, 'INSERT'); $sql = 'UPDATE LOW_PRIORITY ' . DB_PREPEND . 'phpwcms_ads_campaign SET '; $sql .= 'adcampaign_curclick=adcampaign_curclick+1 WHERE adcampaign_id=' . $ads_id; @_dbQuery($sql, 'UPDATE'); headerRedirect($ad_data['url']); } } headerRedirect(PHPWCMS_URL);
function setItemsPerPage($default = 25) { if (isset($_GET['showipp'])) { $ipp = intval(is_numeric($_GET['showipp']) ? $_GET['showipp'] : $default); setcookie('phpwcmsBEItemsPerPage', $ipp, time() + 157680000, '/', getCookieDomain()); } elseif (isset($_SESSION['PAGE_FILTER'])) { $ipp = $_SESSION['PAGE_FILTER']['IPP']; } elseif (isset($_COOKIE['phpwcmsBEItemsPerPage'])) { $ipp = intval($_COOKIE['phpwcmsBEItemsPerPage']); } else { $ipp = $default; } if (!isset($_SESSION['PAGE_FILTER'])) { $_SESSION['PAGE_FILTER'] = array(); } $_SESSION['PAGE_FILTER']['IPP'] = $ipp; return $ipp; }
$_loginData['felogin_profile_registration'] = empty($_loginData['felogin_profile_registration']) ? 0 : 1; $_loginData['felogin_profile_manage'] = empty($_loginData['felogin_profile_manage']) ? 0 : 1; $_loginData['validate_db']['userdetail'] = empty($_loginData['felogin_validate_userdetail']) ? 0 : 1; $_loginData['validate_db']['backenduser'] = empty($_loginData['felogin_validate_backenduser']) ? 0 : 1; // handle Login if (isset($_POST['feLogin'])) { $_loginData['login'] = slweg($_POST['feLogin']); $_loginData['password'] = slweg($_POST['fePassword']); $_loginData['remember'] = empty($_POST['feRemember']) ? 0 : 1; $_loginData['query_result'] = _checkFrontendUserLogin($_loginData['login'], md5($_loginData['password']), $_loginData['validate_db']); // ok, and now check if we got valid login data if ($_loginData['query_result'] !== false && is_array($_loginData['query_result']) && count($_loginData['query_result'])) { $_SESSION[$_loginData['session_key']] = $_loginData['login']; $_SESSION[$_loginData['session_key'] . '_userdata'] = _getFrontendUserBaseData($_loginData['query_result']); if ($_loginData['remember'] && !empty($_loginData['felogin_cookie_expire'])) { setcookie('phpwcmsFeLoginRemember', $_loginData['login'] . '##-|-##' . md5($_loginData['password']) . '##-|-##' . $_loginData['validate_db']['userdetail'] . '##-|-##' . $_loginData['validate_db']['backenduser'], time() + $_loginData['felogin_cookie_expire'], '/', getCookieDomain()); } } else { $_loginData['error'] = true; } } elseif (isset($_POST['feReminder'])) { $_loginData['remind_data'] = slweg($_POST['feReminder']); // check if valid email - send login if ($_loginData['remind_data'] && is_valid_email($_loginData['remind_data'])) { if ($_loginData['validate_db']['userdetail']) { $sql = 'SELECT detail_login AS LOGIN, detail_email AS EMAIL FROM ' . DB_PREPEND . "phpwcms_userdetail WHERE LOWER(detail_email)="; $sql .= _dbEscape(strtolower($_loginData['remind_data'])) . " LIMIT 1"; $result = _dbQuery($sql); } // hm, seems no user found - OK test against cms users if ($_loginData['validate_db']['backenduser'] && !isset($result[0])) {