<?
//skip the functions file if somebody call it directly from the browser.
//if (ereg("functions.php", $_SERVER['SCRIPT_NAME'])) {
// Header("Location: index.php"); die();
//}
// Initate Sessions!
@session_start();
// Report all errors and ignor notices
error_reporting(E_ALL ^ E_NOTICE);
// Disable magic_quotes_runtime
// deprecated in php >= 5.3
//set_magic_quotes_runtime(0);
if (!ini_get("register_globals")) {
import_request_variables('GPC');
}
$phpver = phpversion();
if ($phpver < '4.1.0') {
$_GET = $HTTP_GET_VARS;
$_POST = $HTTP_POST_VARS;
$_SERVER = $HTTP_SERVER_VARS;
}
$phpver = explode(".", $phpver);
$phpver = "$phpver[0]$phpver[1]";
if ($phpver >= 41) {
$PHP_SELF = $_SERVER['PHP_SELF'];
}
if(isset($admin)){
$admin = base64_decode($admin);
$admin = addslashes($admin);
$admin = base64_encode($admin);
}
if(isset($user)){
$user = base64_decode($user);
$user = addslashes($user);
$user = base64_encode($user);
}
foreach ($_GET as $sec_key => $secvalue) {
if ((eregi("<[^>]*script*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*object*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*iframe*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*applet*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*meta*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*style*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*form*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*img*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*onmouseover*\"?[^>]*>", $secvalue)) ||
(eregi("\([^>]*\"?[^)]*\)", $secvalue)) ||
(eregi("\"", $secvalue))) {
die ("not allowed");
}
}
foreach ($_POST as $secvalue) {
if ((eregi("<[^>]*onmouseover*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]script*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]meta*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]style*\"?[^>]*>", $secvalue))) {
die ("not allowed");
}
}
//set root path
$ROOT_DIR = realpath(dirname(__FILE__));
$ROOT_DIR = str_replace('\\', '/', $ROOT_DIR);
include ("$ROOT_DIR/config.php");
include("$ROOT_DIR/mysql.class.php");
$db = new sql_db($db_host, $db_username, $db_password, $databse_name, false);
if(!$db->db_connect_id) {
//if connection to database/login faild, print error.
echo "<br><font color=\"red\"><h5><br><center>Error:</b><br><hr><br>
<b>Connection to database has faild!<br>
check mysql server/database name/username/password </center>
<br><br><br><br><br><br><br><br><br>";
echo mysql_error();
die();
}
//load the site options and info from db.
$options_sql = $db->sql_query("SELECT * FROM ".$prefix."_options");
$options = $db->sql_fetchrow($options_sql);
$site_name = stripslashes($options['site_name']);
$site_email= stripslashes($options['site_email']);
$site_url = stripslashes($options['site_url']);
$site_info = stripslashes($options['site_info']);
$language = stripslashes($options['language']);
$validate = intval($options['validate']);
//load the language
include ("$ROOT_DIR/lang/$language.php");
// SMARTY !!!! :)
require("./libs/smarty/Smarty.class.php");
$smarty = new Smarty();
$smarty->setTemplateDir("templates");
$smarty->setCompileDir('libs/smarty/templates_c');
$smarty->setCacheDir('libs/smarty/cache');
$smarty->setConfigDir('libs/smarty/configs');
$smarty->assign("user_logged_in", is_logged_in($_COOKIE['user']));
$user_information = @mysql_fetch_assoc($db->sql_query("SELECT * FROM `{$prefix}_users` WHERE username='" . get_username() . "';"));
$smarty->assign("current_first_name",$user_information['first_name']);
$smarty->assign("current_last_name",$user_information['last_name']);
$country_code = @country_to_code($user_information['country']);
$smarty->assign("user_country_code", $country_code);
$login_date = date_create($user_information['lastlogin']);
$smarty->assign("lastlogin", date_format($login_date, 'F j, Y'));
function find_userid($username){
global $db, $prefix;
$find_userid = mysql_fetch_assoc($db->sql_query("SELECT * FROM `{$prefix}_users` WHERE username='$username';"));
$found_userid = $find_userid['userid'];
return($found_userid);
}
//global function for checkig whethar user is logged in or not.
function is_logged_in($user) {
global $db,$prefix;
$read_cookie = explode("|", base64_decode($user));
$userid = addslashes($read_cookie[0]);
$passwd = $read_cookie[2];
$userid = intval($userid);
if ($userid != "" AND $passwd != "") {
$result = $db->sql_query("SELECT password FROM ".$prefix."_users WHERE userid='$userid'");
$row = $db->sql_fetchrow($result);
$pass = $row['password'];
if($pass == $passwd && $pass != "") {
return 1;
}
}
return 0;
}
function get_username() {
$read_cookie = explode("|", base64_decode($_COOKIE['user']));
$user = addslashes($read_cookie[1]);
return($user);
}
function get_userid() {
$read_cookie = explode("|", base64_decode($_COOKIE['user']));
$userid = $read_cookie[0];
return($userid);
}
function count_rows($userid){
global $prefix;
$result = mysql_query("SELECT userid FROM ".$prefix."_feedback WHERE userid=$userid");
$total_feedback = mysql_num_rows($result);
return($total_feedback);
}
function is_logged_in_admin($admin) {
global $db,$prefix;
$read_cookie = explode("|", base64_decode($admin));
$adminid = addslashes($read_cookie[0]);
$passwd = $read_cookie[2];
$adminid = intval($adminid);
if ($adminid != "" AND $passwd != "") {
$result = $db->sql_query("SELECT password FROM ".$prefix."_admin WHERE adminid='$adminid'");
$row = $db->sql_fetchrow($result);
$pass = $row['password'];
if($pass == $passwd && $pass != "") {
return 1;
}
}
return 0;
}
function msg_redirect($msg,$url,$seconds){
global $site_name, $site_url;
echo "<html dir=\""._LTR_RTL."\">\n"
."<head>\n"
."<title>$site_name</title>\n"
."<meta http-equiv=\"Refresh\" content=\"$seconds; URL=$url\">\n"
."<meta http-equiv=\"Content-Type\" content=\"text/html; charset="._CHARSET."\">\n"
."<link rel=\"stylesheet\" href=\"style.css\" type=\"text/css\">\n"
."</head>\n\n"
."<body>\n"
."<br />\n"
."<br />\n"
."<br />\n"
."<br />\n\n\n"
."<div align=\"center\">\n"
."<table cellpadding=\"6\" cellspacing=\"1\" border=\"0\" width=\"70%\" bgcolor=\"#E1E1E1\">"
."<tr>"
."<td bordercolor=\"#808080\">"._REDIRECTING."</td>"
."</tr> "
."<tr> "
."<td align=\"center\" bgcolor=\"#FFFFFF\">"
."<blockquote> "
."<p> </p>"
."<p><h3>$msg</h3></p>"
."<p><a href=\"$url\"> "
.""._CLICK_HERE_BROWSER_REDIRECT."</a></p><br />"
."</blockquote>"
."</div>\n"
."</td>\n"
."</tr>\n"
."</table>\n\n\n"
."</body>\n"
."</html>";
}
function user_exists($user) {
global $db,$prefix;
$user_check = mysql_fetch_assoc($db->sql_query("SELECT username FROM ".$prefix."_users WHERE username='$user'"));
if(trim($user_check['username']) == "") {
return false;
} else {
return true;
}
}
?>