PConnect($DBHOST, $DBUSER, $DBPASSWORD, $DBNAME); @mysql_query("SET NAMES 'UTF8'"); $sql = "SELECT * from config"; $rsc = $conn->Execute($sql); if($rsc){while(!$rsc->EOF) { $field = $rsc->fields['setting']; $config[$field] = $rsc->fields['value']; STemplate::assign($field, strip_mq_gpc($config[$field])); @$rsc->MoveNext(); }} if ($_REQUEST['language'] != "") { if ($_REQUEST['language'] == "english") { $_SESSION['language'] = "english"; } elseif ($_REQUEST['language'] == "spanish") { $_SESSION['language'] = "spanish"; } elseif ($_REQUEST['language'] == "portuguese") { $_SESSION['language'] = "portuguese"; } elseif ($_REQUEST['language'] == "czech") { $_SESSION['language'] = "czech"; } elseif ($_REQUEST['language'] == "french") { $_SESSION['language'] = "french"; } } if ($_SESSION['language'] == "") { $_SESSION['language'] = $default_language; } if ($_SESSION['language'] == "english") { include("lang/english.php"); } elseif ($_SESSION['language'] == "spanish") { include("lang/spanish.php"); } elseif ($_SESSION['language'] == "portuguese") { include("lang/portuguese.php"); } elseif ($_SESSION['language'] == "czech") { include("lang/czech.php"); } elseif ($_SESSION['language'] == "french") { include("lang/french.php"); } else { include("lang/".$default_language.".php"); } for ($i=0; $iexecute($bquery); $bcount = $bresult->fields['total']; if($bcount > "0") { $brdr = $config['baseurl']."/banned.php"; header("Location:$brdr"); exit; } } function create_slrememberme() { $key = md5(uniqid(rand(), true)); global $conn; $sql="update members set remember_me_time='".date('Y-m-d H:i:s')."', remember_me_key='".$key."' WHERE username='".mysql_real_escape_string($_SESSION[USERNAME])."'"; $conn->execute($sql); setcookie('slrememberme', gzcompress(serialize(array($_SESSION[USERNAME], $key)), 9), time()+60*60*24*30); } function destroy_slrememberme($username) { if (strlen($username) > 0) { global $conn; $sql="update members set remember_me_time=NULL, remember_me_key=NULL WHERE username='".mysql_real_escape_string($username)."'"; $conn->execute($sql); } setcookie ("slrememberme", "", time() - 3600); } if (!isset($_SESSION["USERNAME"]) && isset($_COOKIE['slrememberme'])) { $sql="update members set remember_me_time=NULL and remember_me_key=NULL WHERE remember_me_time<'".date('Y-m-d H:i:s', mktime(0, 0, 0, date("m")-1, date("d"), date("Y")))."'"; $conn->execute($sql); list($username, $key) = @unserialize(gzuncompress(stripslashes($_COOKIE['slrememberme']))); if (strlen($username) > 0 && strlen($key) > 0) { $sql="SELECT status,USERID,email,username,verified,gender from members WHERE username='".mysql_real_escape_string($username)."' and remember_me_key='".mysql_real_escape_string($key)."'"; $rs=$conn->execute($sql); if($rs->recordcount()<1) { $error=$lang['206']; } elseif($rs->fields['status'] == "0") { $error = $lang['62']; } if($error=="") { SESSION_REGISTER("USERID");$_SESSION[USERID]=$rs->fields['USERID']; SESSION_REGISTER("EMAIL");$_SESSION[EMAIL]=$rs->fields['email']; SESSION_REGISTER("USERNAME");$_SESSION[USERNAME]=$rs->fields['username']; SESSION_REGISTER("VERIFIED");$_SESSION[VERIFIED]=$rs->fields['verified']; SESSION_REGISTER("GENDER");$_SESSION[GENDER]=$rs->fields['gender']; create_slrememberme(); } else { destroy_slrememberme($username); } } } function generateCode($length) { $chars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPRQSTUVWXYZ0123456789"; $code = ""; $clen = strlen($chars) - 1; while (strlen($code) < $length) { $code .= $chars[mt_rand(0,$clen)]; } return $code; } if($config['enable_fc'] == "1") { if($_SESSION['USERID'] == "") { $A = $config['FACEBOOK_APP_ID']; $B = $config['FACEBOOK_SECRET']; define('FACEBOOK_APP_ID', $A); define('FACEBOOK_SECRET', $B); STemplate::assign('FACEBOOK_APP_ID',$A); STemplate::assign('FACEBOOK_SECRET',$B); function get_facebook_cookie($app_id, $application_secret) { $args = array(); parse_str(trim($_COOKIE['fbs_' . $app_id], '\\"'), $args); ksort($args); $payload = ''; foreach ($args as $key => $value) { if ($key != 'sig') { $payload .= $key . '=' . $value; } } if (md5($payload . $application_secret) != $args['sig']) { return null; } return $args; } $code = $_REQUEST['code']; if($code != "") { $my_url = $config['baseurl']."/"; $token_url = "https://graph.facebook.com/oauth/access_token?" . "client_id=" . $A . "&redirect_uri=" . urlencode($my_url) . "&client_secret=" . $B . "&code=" . $code; $response = @file_get_contents($token_url); $params = null; parse_str($response, $params); $graph_url = "https://graph.facebook.com/me?access_token=" . $params['access_token']; $user = json_decode(file_get_contents($graph_url)); $fname = htmlentities(strip_tags($user->name), ENT_COMPAT, "UTF-8"); $femail = htmlentities(strip_tags($user->email), ENT_COMPAT, "UTF-8"); $fsex = htmlentities(strip_tags($user->gender), ENT_COMPAT, "UTF-8"); if($fsex == "male") { $ag = "1"; } else { $ag = "0"; } $query="SELECT USERID FROM members WHERE email='".mysql_real_escape_string($femail)."' limit 1"; $executequery=$conn->execute($query); $FUID = intval($executequery->fields['USERID']); if($FUID > 0) { $query="SELECT USERID,email,username,verified,gender from members WHERE USERID='".mysql_real_escape_string($FUID)."' and status='1'"; $result=$conn->execute($query); if($result->recordcount()>0) { $query="update members set lastlogin='".time()."', lip='".$_SERVER['REMOTE_ADDR']."' WHERE USERID='".mysql_real_escape_string($FUID)."'"; $conn->execute($query); $_SESSION['USERID']=$result->fields['USERID']; $_SESSION['EMAIL']=$result->fields['email']; $_SESSION['USERNAME']=$result->fields['username']; $_SESSION['VERIFIED']=$result->fields['verified']; $_SESSION['GENDER']=$result->fields['gender']; $_SESSION['FB']="1"; header("Location:$config[baseurl]/account");exit; } } else { $md5pass = md5(generateCode(5).time()); if($fname != "" && $femail != "") { $query="INSERT INTO members SET email='".mysql_real_escape_string($femail)."',username='', password='".mysql_real_escape_string($md5pass)."', addtime='".time()."', lastlogin='".time()."', ip='".$_SERVER['REMOTE_ADDR']."', lip='".$_SERVER['REMOTE_ADDR']."', verified='1', gender='".$ag."'"; $result=$conn->execute($query); $userid = mysql_insert_id(); if($userid != "" && is_numeric($userid) && $userid > 0) { $query="SELECT USERID,email,username,verified,gender from members WHERE USERID='".mysql_real_escape_string($userid)."'"; $result=$conn->execute($query); $SUSERID = $result->fields['USERID']; $SEMAIL = $result->fields['email']; $SUSERNAME = $result->fields['username']; $SVERIFIED = $result->fields['verified']; $SGENDER = $result->fields['gender']; $_SESSION['USERID']=$SUSERID; $_SESSION['EMAIL']=$SEMAIL; $_SESSION['USERNAME']=$SUSERNAME; $_SESSION['VERIFIED']=$SVERIFIED; $_SESSION['SGENDER']=$SGENDER; $_SESSION['FB']="1"; header("Location:$config[baseurl]/account");exit; } } } } } function getCurrentPageUrl() { static $pageURL = ''; if(empty($pageURL)){ $pageURL = 'http'; if(isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on')$pageURL .= 's'; $pageURL .= '://'; if($_SERVER['SERVER_PORT'] != '80')$pageURL .= $_SERVER['SERVER_NAME'].':'.$_SERVER['SERVER_PORT'].$_SERVER['REQUEST_URI']; else $pageURL .= $_SERVER['SERVER_NAME'].$_SERVER['REQUEST_URI']; } return $pageURL; } if($_SESSION['USERNAME'] == "" && $_SESSION['FB'] == "1") { $url = getCurrentPageUrl(); $myurl = $config['baseurl']."/connect.php"; $cssurl = $config['baseurl']."/css/style.php"; $cssurl2 = $config['baseurl']."/css/style_grey.php"; $cssurl3 = $config['baseurl']."/css/style_blue.php"; $cssurl4 = $config['baseurl']."/css/style_green.php"; $myurl2 = $config['baseurl']."/logout.php"; if(($url != $myurl) && ($url != $cssurl) && ($url != $cssurl2) && ($url != $cssurl3) && ($url != $cssurl4) && ($url != $myurl2)) { header("Location:$config[baseurl]/connect.php");exit; } } } ?>