$ids = explode(".", $_GET['p']);
if (isset($ids[1])) {
$type = $ids[1];
} else {
$type = "png";
}
if (isset($ids[0])) {
$name = clean($ids[0]);
} else {
$name = "";
}
if (isset($name) && $name != "") {
$uID = $name;
$USER_OBJECT->getByCol("username", $uID);
$user = $USER_OBJECT->getNext();
$rights = getRights($user['uID']);
$sourcePhotos = array();
$loadedPhotos = array();
$sourcePhotos = appendPhoto($sourcePhotos, $img_root . "./imgs/crest-data/crest.png", 100, 100);
if ($rights['banned']) {
$sourcePhotos = prefixPhoto($sourcePhotos, $img_root . "./imgs/crest-data/bg-banned.png", 0, 0);
} else {
if ($rights['admin']) {
$sourcePhotos = prefixPhoto($sourcePhotos, $img_root . "./imgs/crest-data/bg-root.png", 0, 0);
} else {
if ($rights['staff']) {
$sourcePhotos = prefixPhoto($sourcePhotos, $img_root . "./imgs/crest-data/bg-staff.png", 0, 0);
} else {
if ($rights['modi']) {
$sourcePhotos = prefixPhoto($sourcePhotos, $img_root . "./imgs/crest-data/bg-modi.png", 0, 0);
} else {
<?php
session_start();
require_once("db.class.php/db.class.php");
$DB = new DB();
// get the rights of the person logged in
// will return a number 1 - 3 or null
function getRights(){
global $DB;
$lsql = "SELECT userlevel FROM reps WHERE id=".$_SESSION['loggedin'];
$level = $DB->queryUniqueValue($lsql);
$csql = "SELECT createdby_repid FROM leads WHERE id = ".$_REQUEST['id'];
$created_by = $DB->queryUniqueValue($csql);
//$created_by == $_SESSION['loggedin']
if($level == "1"){
$ret = "1:full";
}else{
$ret = "1:restricted";
}
return $ret;
}
if(isset($_REQUEST['id'])){
print getRights();
}
?>
/**
* Видео-каталог
* (C) 2006-2009 Ilya Spesivtsev, macondos@gmail.com
*
* Back-offic'ные задачи
* Интерфейс администратора
*
* @author Ilya Spesivtsev
* @version 1.07
*/
require_once "config.php";
header('Expires: -1');
require_once "functions.php";
session_start();
require_once isset($config['logon.php']) ? $config['logon.php'] : "logon.php";
if (!getRights("admin_view", $user)) {
echo "У вас недостаточно прав для того, чтобы войти на эту страницу";
exit;
}
$idSQLConnection = mysql_connect($config['mysqlhost'], $config['mysqluser'], $config['mysqlpass']);
if (!$idSQLConnection) {
echo "Критическая ошибка на сервере. Ошибка при подключении к базе данных.";
exit;
}
$result = mysql_select_db($config['mysqldb'], $idSQLConnection);
if (!$result) {
echo "Критическая ошибка на сервере. Ошибка при выборе базы данных.";
exit;
}
if (isset($config['mysql_set_names'])) {
mysql_query($config['mysql_set_names']);
require_once "functions.php";
$noajax = isset($_REQUEST["noajax"]) ? 1 : 0;
if (!$noajax) {
require_once "jshttprequest/JsHttpRequest.php";
$JsHttpRequest = new JsHttpRequest("windows-1251");
}
$idSQLConnection = mysql_connect($config['mysqlhost'], $config['mysqluser'], $config['mysqlpass']);
if (!$idSQLConnection) {
echo "Критическая ошибка на сервере. Ошибка при подключении к базе данных.";
exit;
}
$result = mysql_select_db($config['mysqldb'], $idSQLConnection);
if (!$result) {
echo "Критическая ошибка на сервере. Ошибка при выборе базы данных.";
exit;
}
if (isset($config['mysql_set_names'])) {
mysql_query($config['mysql_set_names']);
}
$login = $_SESSION['login'];
$pass = $_SESSION['pass'];
$user = GetUserID($login, $pass);
$action = isset($_REQUEST["action"]) ? strtolower($_REQUEST["action"]) : "";
if (getRights($action, $user) || $action == "exit") {
switch ($action) {
case "test":
$text = $_REQUEST['text'];
$_RESULT["md5"] = text;
break;
}
}
$result = mysql_query($sql);
$films = array();
while ($result && ($field = mysql_fetch_assoc($result))) {
$films[] = $field;
}
$_RESULT["films"] = $films;
break;
case "deletefilm":
$Moderator = 0;
$id = (int) $_REQUEST['id'];
$result = mysql_query("SELECT Moderator FROM films WHERE ID={$id}");
if ($result && ($field = mysql_fetch_assoc($result))) {
$Moderator = $field["Moderator"];
}
if ($user["ID"] == $Moderator || getRights("deletefilm_ext", $user)) {
$all = isset($_REQUEST['all']) && $_REQUEST['all'] == 1 && getRights("deletefilm_erase", $user) ? 1 : 0;
$asDir = 0;
if ($all) {
require_once "classes/storages.php";
$storages = new Storages();
if (isset($config["dir_extensions"])) {
$storages->set_dir_extensions($config["dir_extensions"]);
}
$result = mysql_query("SELECT Moderator,AsDir FROM films WHERE ID={$id}");
if ($result && ($field = mysql_fetch_assoc($result))) {
$asDir = $field["AsDir"];
}
$result = mysql_query("SELECT Path FROM files WHERE FilmID={$id}");
while ($result && ($field = mysql_fetch_assoc($result))) {
$mypath_dec = $storages->decode_path($field["Path"]);
$path_parts = pathinfo($mypath_dec);
var FIXED_WIDTH_POSTER = <?php
echo $gd_loaded ? 0 : (isset($config["covers"]["defaultcovers"]["width"]) ? $config["covers"]["defaultcovers"]["width"] : 160);
?>
;
var RIGHTS_SETBOOKMARK = <?php
echo getRights("setbookmark", $user);
?>
;
var RIGHTS_POSTCOMMENT = <?php
echo getRights("postcomment", $user);
?>
;
var RIGHTS_SETRATING = <?php
echo getRights("setrating", $user);
?>
;
var CAN_NOT_SETBOOKMARK = "<?php
echo isset($config['can_not_setbookmark']) ? $config['can_not_setbookmark'] : "Только зарегистрированные пользователи могут создавать закладки.<br> <a href='?register=1' class='alert_link'>Зарегистрируйтесь</a><br>или войдите под своим логином<br><form action='?' method='post'><input type='hidden' name='logon' value='1'><table border='0' width='100%'><tr><td>Логин:</td><td><input name='login'></td></tr><tr><td>Пароль:</td><td><input name='pass' type='password'></td></tr><tr><td colspan='2'><input id='remember' type='checkbox' value='1' name='remember'><label for='remember'>Автоматически входить</label></td></tr><tr><td colspan='2' align='center'><input type='submit' value='OK'></td></tr></table></form>";
?>
";
var CAN_NOT_POSTCOMMENT = "<?php
echo isset($config['can_not_postcomment']) ? $config['can_not_postcomment'] : "Только зарегистрированные пользователи могут оставлять отзывы.<br> <a href='?register=1' class='alert_link'>Зарегистрируйтесь</a> или <a href='javascript:Exit();' class='alert_link'>войдите</a> под своим логином";
?>
";
var CAN_NOT_SETRATING = "<?php
echo isset($config['can_not_setrating']) ? $config['can_not_setrating'] : "<a href='?register=1' class='alert_link'>Зарегистрируйтесь</a> или <a href='javascript:Exit();' class='alert_link'>войдите</a> под своим логином,<br> чтобы ставить рейтинги";
?>
";
session_destroy();
session_start();
$_SESSION['msg'] = "See ya' later! I miss ya already!";
header("Location: " . $SITE_PREFIX . "t/login");
exit(0);
}
if (isset($_POST['login'])) {
if (isset($_POST['name']) && $_POST['name'] != "" && isset($_POST['pass']) && $_POST['pass'] != "") {
$_SESSION['key'] = $_SESSION['token'];
unset($_SESSION['token']);
$user = new user();
$user->getByCol("username", $_POST['name']);
$foo = $user->getNext();
$p_check = md5($_SESSION['key'] . $foo['password']);
if ($_POST['pass'] == $p_check) {
$_SESSION['rights'] = getRights($foo['uID']);
if ($_SESSION['rights']['banned']) {
$_SESSION['msg'] = "You're banned, asshole. GTFO";
header("Location: " . $SITE_PREFIX . "t/banned");
exit(0);
} else {
$_SESSION['id'] = $foo['uID'];
$_SESSION['real_name'] = $foo['real_name'];
$_SESSION['username'] = $foo['username'];
$_SESSION['email'] = $foo['email'];
// set patrick_stewart var for private / public stuff
// $_SESSION['patrick_stewart'] = TRUE;
// Context / copied from:
//
// http://www.youtube.com/watch?v=Fg_cwI1Xj4M ( Nawt a rickroll )
// ^ this is lulzy. Watch.
