Server : Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.20 System : Linux st2.domain.com 3.10.0-1127.10.1.el7.x86_64 #1 SMP Wed Jun 3 14:28:03 UTC 2020 x86_64 User : apache ( 48) PHP Version : 7.4.20 Disable Function : NONE Directory : /var/www/html/thietkewebvumi.com/lib/ |
<?php
$CORE->lnk['logout'] = $INFO['forum_url']."/index.php?act=Login&code=03";
$CORE->lnk['ucp'] = $INFO['forum_url']."/index.php?act=UserCP&code=00";
$CORE->lnk['reg'] = $INFO['forum_url']."/index.php?act=Reg&code=00";
$CORE->lnk['showuser'] = $INFO['forum_url']."/index.php?showuser=";
$CORE->lnk['login'] = $INFO['forum_url']."/index.php?act=Login&code=00";
$CORE->lnk['login_form'] = $INFO['forum_url']."/index.php?act=Login&code=01&CookieDate=1";
$CORE->lnk['forum'] = "<img src='{$INFO['home_url']}/images/forum.png'> <a href='{$INFO['forum_url']}/index.php' ><span>Forums</span></A><BR>";
class class_user{
var $session_id = 0;
function user_check (){
global $CORE,$DB;
$cut_off = $CORE->vars['cutoff'] * 60;
$time = $CORE->time - $cut_off;
$cookie = array();
$cookie['session_id'] = $this->my_getcookie('session_id');
$cookie['member_id'] = $this->my_getcookie('member_id');
$cookie['pass_hash'] = $this->my_getcookie('pass_hash');
if (isset($_COOKIE['nnccookies'])) {
foreach ($_COOKIE['nnccookies'] as $name => $value) {
$CORE->cookies[$name] = trim ($value);
}
}
$DB->query("DELETE FROM ibf_sessions Where running_time < '".$time."'");
if ( $cookie['session_id'] )
{
$DB->query("SELECT id, member_id, running_time, location FROM ibf_sessions WHERE id='".$cookie['session_id']."' and ip_address='".$CORE->ip."'");
if ( $DB->get_num_rows() )
{
//load member and update session
$DB->query("UPDATE ibf_sessions SET running_time='".$CORE->time."' WHERE id='".$cookie['session_id']."'");
$DB->compile_query ("u.*,g.*","ibf_members u LEFT JOIN NNCCMS_groups g on (g.g_id=u.ug_id)","WHERE u.id='".$cookie['member_id']."' and u.member_login_key='".$cookie['pass_hash']."';",'');
if ($test = $DB->fetch_row()){
$CORE->user =$test;
}
}else {
$DB->query("SELECT id, member_id, running_time, location FROM ibf_sessions WHERE member_id='".$cookie['member_id']."' ");
if ( $temp = $DB->get_num_rows() ){
if ($cookie['member_id'] && $cookie['pass_hash']){
$DB->compile_query ("u.*,g.*","ibf_members u LEFT JOIN NNCCMS_groups g on (g.g_id=u.ug_id)","WHERE u.id='".$cookie['member_id']."' and u.member_login_key='".$cookie['pass_hash']."';",'');
if ($test = $DB->fetch_row()){
$CORE->user =$test;
$DB->query("UPDATE ibf_sessions SET member_name='".$CORE->user['name']."',
`member_id`='".$CORE->user['id']."',
`member_group`='".$CORE->user['mgroup']."'
WHERE id='".$sess."'");
$this->my_setcookie("member_id", $CORE->user['id']);
$this->my_setcookie("pass_hash", $test['member_login_key']);
}
}
$this->my_setcookie("session_id", $temp['id']);
}else {
$sess = md5( uniqid(microtime()) );
$DB->query("INSERT INTO `ibf_sessions` ( `id` , `member_name` , `member_id` , `ip_address` , `browser` , `running_time` , `login_type` , `location` , `member_group` , `in_forum` , `in_topic` , `in_error` )
VALUES (
'$sess ', NULL , '0', '".$CORE->ip."', NULL , '".$CORE->time."' , NULL , NULL , NULL , '0', NULL , '0'
)
");
if ($cookie['member_id'] && $cookie['pass_hash']){
$DB->compile_query ("u.*,g.*","ibf_members u LEFT JOIN NNCCMS_groups g on (g.g_id=u.ug_id)","WHERE u.id='".$cookie['member_id']."' and u.member_login_key='".$cookie['pass_hash']."';",'');
if ($test = $DB->fetch_row()){
$CORE->user =$test;
$DB->query("UPDATE ibf_sessions SET member_name='".$CORE->user['name']."',
`member_id`='".$CORE->user['id']."',
`member_group`='".$CORE->user['mgroup']."'
WHERE id='".$sess."'");
}
}
$this->my_setcookie("session_id", $sess);
$this->my_setcookie("member_id", $CORE->user['id']);
$this->my_setcookie("pass_hash", $test['member_login_key']);
}
}
}
else{
//insert new guest session to database
$sess = md5( uniqid(microtime()) );
$DB->query("INSERT INTO `ibf_sessions` ( `id` , `member_name` , `member_id` , `ip_address` , `browser` , `running_time` , `login_type` , `location` , `member_group` , `in_forum` , `in_topic` , `in_error` )
VALUES (
'$sess ', NULL , '0', '".$CORE->ip."', NULL , '".$CORE->time."' , NULL , NULL , NULL , '0', NULL , '0'
)
");
$this->my_setcookie("session_id", $sess);
//check pass
}
//continue
}
function get_stats($code=0)
{
global $CORE, $DB, $func;
$DB->query("SELECT * FROM ibf_sessions ;");
$cnt=$DB->get_num_rows();
$DB->query("SELECT member_name,member_id FROM ibf_sessions WHERE `member_id`>0 ;");
$members=$DB->get_num_rows();
$list = "";
while ($mem_list=$DB->fetch_row()){
$list .= "<a href='{$CORE->lnk['showuser']}{$mem_list['member_id']}'>{$mem_list['member_name']}</a> ";
}
$guest = $cnt - $members;
$DB->query("SELECT * FROM `NNCCMS_stats` LIMIT 1");
if ($t = $DB->fetch_row()){
$maxonline = $t['maxonline'];
$maxonlinedate = date("H:i j/m/y",$t['maxonlinedate']);
$toltalhit = $t['hit'];
}
if ($code !=1 ){
if ($cnt>$maxonline) {
$ext = ",`maxonline`='$cnt', `maxonlinedate` = '".$CORE->time."'";
}
$DB->query("UPDATE NNCCMS_stats SET `hit`=`hit`+1 {$ext}
;");
$browser = $this->getbrowser();
$os = $this->getos();
$DB->query("UPDATE NNCCMS_useragent SET value = value + 1
WHERE ((name = '" . $browser . "')
AND (type = 'browser'))
OR ((name = '" . $os . "')
AND (type = 'os'))
;");
}
return array( 'cnt' => $cnt,
'list' => $list,
'members' => $members,
'guest' => $guest,
'last_mem_name' => $last_mem_name,
'last_mem_id' => $last_mem_id,
'maxonline' => $maxonline,
'totaluser' => $totaluser,
'toltalhit' => $toltalhit,
'maxonlinedate' => $maxonlinedate);
}
function my_setcookie($name, $value = "")
{
global $CORE;
$expires = time() + 60*60*24*365;
$cookie_path = "";
$cookie_domain ="";
$name = $name;
@setcookie($name, $value, $expires, $cookie_path, $cookie_domain);
}
function my_getcookie($name)
{
global $CORE;
if (isset($_COOKIE[$CORE->vars['cookie_id'].$name]))
{
return urldecode($_COOKIE[$name]);
}
else
{
return FALSE;
}
}
function getbrowser() {
global $CORE;
$useragent = $CORE->browser;
if ((ereg("Nav",$useragent) | ereg("Gold",$useragent) | ereg("X11",$useragent) | ereg("Mozilla",$useragent) | ereg("Netscape",$useragent)) & (!ereg("MSIE",$useragent) & !ereg("Konqueror",$useragent))) {
$browser = "Netscape";
} elseif (ereg("Opera",$useragent)) {
$browser = "Opera";
} elseif (ereg("MSIE",$useragent)) {
$browser = "MSIE";
} elseif (ereg("Lynx",$useragent)) {
$browser = "Lynx";
} elseif (ereg("WebTV",$useragent)) {
$browser = "WebTV";
} elseif (ereg("Konqueror",$useragent)) {
$browser = "Konqueror";
} elseif (eregi("bot",$useragent) | ereg("Google",$useragent) | ereg("Slurp",$useragent) | ereg("Scooter",$useragent) | eregi("Spider",$useragent) | eregi("Infoseek",$useragent)) {
$browser = "Bot";
} else {
$browser = "Other";
}
return $browser;
}
function getos() {
global $CORE;
$useragent = $CORE->browser;
if (ereg("Win",$useragent)) {
$os = "Windows";
} elseif (ereg("Mac",$useragent) | ereg("PPC",$useragent)) {
$os = "Mac";
} elseif (ereg("Linux",$useragent)) {
$os = "Linux";
} elseif (ereg("SunOS",$useragent)) {
$os = "SunOS";
} elseif (ereg("IRIX",$useragent)) {
$os = "IRIX";
} elseif (ereg("BeOS",$useragent)) {
$os = "BeOS";
} elseif (eregi("OS/2",$useragent)) {
$os = "OS/2";
} else {
$os = "Other";
}
return $os;
}
} // end class member
// admin panel login
class admin_class {
function admin_class(){
global $sess,$print,$DB,$CORE;
if (!$sess) $this->admin_login();
if ($CORE->input['act']=="logout") $this->admin_logout();
$timeout=$CORE->time-7200;
$DB->query("DELETE FROM NNCCMS_adsessions where running_time<$timeout;");
$temp = $DB->query ("SELECT user_id from NNCCMS_adsessions where id='".$sess."' and ip_address='".$CORE->ip."';");
if ($test = $DB->fetch_row($temp)){
$u = $DB->query("SELECT * from NNCCMS_user where id='".$test['user_id']."' ;");
if ($mem = $DB->fetch_row($u)){
$CORE->admin_user =$mem;
$DB->query("UPDATE NNCCMS_adsessions SET running_time='".$CORE->time."'
where id='".$sess."' ;");
}
}else $this->admin_login ();
}
function admin_login (){
global $CORE,$ad_print,$DB,$print,$INFO;
if ($CORE->input['act']=="login"){
$username = trim($CORE->input['username']);
$password = trim($CORE->input['password']);
$pass=md5($password);
$DB->query("SELECT u.* from NNCCMS_user u,NNCCMS_groups g where u.name='".$username."' and u.password='".$pass."' and u.ug_id=g.g_id and g.g_access_cp>0;");
if ($test = $DB->fetch_row()){
$CORE->admin_user=$test;
$sess = md5( uniqid(microtime()) );
$DB->query("INSERT INTO `NNCCMS_adsessions` VALUES ( '".$sess."',
'".$CORE->admin_user['id']."',
'".$CORE->ip."',
'".$CORE->time."' ) ;");
$url = $INFO['home_url']."/admin.php?s=".$sess;
$print->redirect("You are login ....", $url);
}
}
$ad_print->ad_header ();
$CORE->admin_html .="
<br />
<br />
<br />
<br />
<table width=\"400\" align=\"center\" ><tr><td>
<div class=\"borderwrap\" >
<div class=\"maintitle\" >Admin Control Panel</div>
<table cellspacing=\"1\" width=\"100%\" >
<form action=\"{$CORE->admin_url}&act=login\" method=\"post\" name=\"loginform\">
<tr ><th>
To administer the CMS you must re-authenticate yourself.
</th></tr>
<tr><td class=\"row\" algin='center'>
<table width='100%' >
<tr>
<td>User Name</td>
<td><input type=\"text\" style=\"padding-left:5px; font-weight:bold; width:250px\" name=\"username\" value=\"{$CORE->input['username']}\" tabindex=\"1\" /></td>
<td> </td>
</tr>
<tr>
<td>Password</td>
<td><input type=\"password\" style=\"padding-left:5px; font-weight:bold; width:250px\" name=\"password\" tabindex=\"2\" /></td>
<td> </td>
</tr>
<tr >
<td > </td><td>
<input type=\"submit\" class=\"button\" value=\" Log in \" accesskey=\"s\" tabindex=\"3\" />
</td>
</tr>
</table>
</td>
</tr>
</form>
</table>
</div>
</td>
</tr>
</table>
<br />
<br />
<br />
<br />
";
$ad_print->ad_footer ();
print $CORE->admin_html;
exit ();
}
function admin_logout (){
global $DB,$print,$sess,$INFO;
$url = $INFO['home_url']."/admin.php?";
$DB->query("DELETE FROM NNCCMS_adsessions WHERE id='".$sess."' ;");
$print->redirect("You are now logged out",$url);
}
function ad_find_mem ($s){
global $DB;
$temp = $DB->query("SELECT * FROM ibf_members $s order by joined DESC");
return $temp;
}
function ad_show_user ($id){
global $DB;
$temp = $DB->query("SELECT * FROM ibf_members WHERE id=$id LIMIT 1");
return $temp;
}
function ad_edit_user ($id,$username,$pcount,$email,$ug_id){
global $CORE,$DB,$print;
$temp = $DB->query("UPDATE ibf_members set `ug_id` = $ug_id WHERE `id` = '$id' LIMIT 1");
$url = $CORE->admin_url."&act=user";
$text = "Edit user account ....";
$print->redirect ($text,$url);
}
function ad_do_val_list (){
global $DB,$CORE,$func,$print;
$input_arr = $CORE->input;
foreach ( $input_arr as $k => $v )
{
$v = intval($v);
if ($k=="u_".$v){
if ($CORE->input['code']==1){
$DB->query("update NNCCMS_user set `ug_id`=2 where `id`=$v and `ug_id`<2 ");
}
if ($CORE->input['code']==2){
$DB->query("DELETE FROM NNCCMS_user where id=$v");
}
}
}
$url = $CORE->admin_url."&act=user&code=validate";
$text = "Mass update users ....";
$print->redirect ($text,$url);
}
function validate_list (){
global $DB;
$temp = $DB->query("SELECT * FROM NNCCMS_user WHERE ug_id=1 order by joined DESC");
return $temp;
}
function ad_do_uaccept ($id){
global $print,$DB,$CORE;
$DB->close_db();
@flush();
echo "Error ! Please visit forum admin cp ";
exit;
}
function ad_del_user($id){
global $print,$DB,$CORE;
$DB->close_db();
@flush();
echo "Error ! Please visit forum admin cp ";
exit;
}
function ad_pass_user ($id,$password){
global $print,$DB,$CORE;
$password = md5($password) ;
$DB->query("UPDATE `NNCCMS_user`
SET `password` = '$password'
WHERE `id` = $id
");
$url = $CORE->admin_url."&act=user";
$text = "Change password ....";
$print->redirect ($text,$url);
}
function ad_create_user ($username,$password,$email,$ug_id){
global $print,$DB,$CORE;
$DB->close_db();
@flush();
echo "Error ! Please visit forum admin cp ";
exit;
}
}
?>