<?php
/***************************************************************************
* Session.php
*
* begin : December 2005
* version : 25 October 2006
* copyright : (C) 2005,2006 grandolini.net
*
* Initializations
*
***************************************************************************/
if(!function_exists('get_microtime')) { function get_microtime() { list($usec,$sec)=explode(' ',microtime()); return((float)$usec+(float)$sec); } }
$start_pagebuild_time=get_microtime();
session_start(); $_SESSION[id]=session_id();
#
if(!function_exists('check_path')) { function check_path($path,$file)
{
if(eregi("http://|https://|ftp://|\.\./",$path) || !file_exists($path.'/'.$file))
{
# hacking attempt
#
header('Location: http://'.$_SERVER[HTTP_HOST].'/'.$_SESSION[misc][folder].'666.shtml');
die;
}
} }
if(!function_exists('check_access')) { function check_access($user,$pw,$min_priv=0)
{
global $USER_ID,$USER_PW;
include($_SERVER[DOCUMENT_ROOT].$_SESSION[misc][folder].'inc/user_fields.inc');
if($user!=$USER_ID || $pw!=$USER_PW) { $err=1; }
if($err==0)
{
$sth=db_query("SELECT * FROM $user_table WHERE id='$user' AND pw='$pw'");
if($sth[1]==0) { $err=1; }
else
{
$row=db_fetch($sth[0]); if($row[0][privil]<$min_priv) { $err=1; }
}
}
if($err==1)
{
header('Location: 600.php');
die;
}
} }
#
if(substr($_SERVER[HTTP_HOST],0,4)=='www.')
{
# www.sitename.com is redirected to sitename.com
#
header('Location: http://'.substr($_SERVER[HTTP_HOST],4));
die;
#-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*
}
#
#=============================================================================
if($skin=='' && (!isset($_SESSION[misc][skin]) || $_SESSION[misc][skin]==''))
{
# if the skin is not yet selected
#
$skin='phpCAMALEO';
#
require('private/Host.inc');
require('common/db/MySql.php');
$dbh=db_connect(array($host,$user,$password));
$dbs=db_select_db(array($db_main));
$sth=db_query("SELECT * FROM site_settings WHERE site='*default' AND code='site'");
if($sth[1]>0)
{
# if there is a default skin, load it
#
$row=db_fetch($sth[0]); if($row[0][value]!='') { $skin=$row[0][value]; }
}
$_SESSION[misc][skin]=$skin;
header('Location: LoadPage.php?page=welcome&skid='.$skin);
die;
#-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*
}
#
#=============================================================================
#
# Site variables initialization
#
require('common/db/Globals.inc');
require('private/Host.inc');
require('common/db/MySql.php');
require('common/includes/siteinit.inc');
if(substr($_SERVER[DOCUMENT_ROOT],-1,1)!='/')
{
if(substr($_SESSION[misc][folder],0,1)!='/') { $_SESSION[misc][folder]='/'.$_SESSION[misc][folder]; }
}
if(substr($_SESSION[misc][folder],-1,1)!='/') { $_SESSION[misc][folder]=$_SESSION[misc][folder].'/'; }
#
$_SESSION[common]=$_SERVER[DOCUMENT_ROOT].$_SESSION[misc][folder].'common/';
check_path($_SESSION[common],'index.html');
$_SESSION[skinf]=$_SERVER[DOCUMENT_ROOT].$_SESSION[misc][folder].'skins/'.$_SESSION[misc][skin].'/';
check_path($_SESSION[skinf],'Layout.php');
#
# Handling online table
#
$dbh=db_connect(array($host,$user,$password));
$dbs=db_select_db(array($db_main));
#
# Remove online users not loading any page since 15 minutes
#
$tmp=time()-(15*60); if($_SESSION[misc][location]=='l') { $tmp=time()-(120*60); /* 2 hours on local server */}
$sth=db_query("DELETE FROM online WHERE time<'".$tmp."'"); # time in seconds
#
## include($_SESSION[common].'fun2inc/get_port.inc'); $IP=get_port('ip');
#
$timestamp=time();
$IP=$_SERVER[REMOTE_ADDR];
$sth=db_query("SELECT * FROM online WHERE ip='$IP'");
if($sth[1]==0)
{
$sth=db_query("INSERT INTO online SET skin='".$_SESSION[misc][skin]."',page='".$_SESSION[PageNr]."',time='$timestamp',ip='$IP'");
#
# Update the total users online table
#
$sth=db_query("SELECT * FROM g_stat_misc WHERE stat_misc_skin='".$_SESSION[misc][skin]."' AND stat_misc_key='*tot_online'");
if($sth[1]>0)
{
$row=db_fetch($sth[0]); $TOT_ONLINE=$row[0][stat_misc_val]+1;
$sth=db_query("UPDATE g_stat_misc SET stat_misc_val='$TOT_ONLINE',stat_misc_date='$timestamp' WHERE stat_misc_skin='".$_SESSION[misc][skin]."' AND stat_misc_key='*tot_online'");
}
else
{
$TOT_ONLINE=1;
$sth=db_query("INSERT INTO g_stat_misc SET stat_misc_skin='".$_SESSION[misc][skin]."', stat_misc_key='*tot_online',stat_misc_val='$TOT_ONLINE',stat_misc_date='$timestamp'");
}
}
else
{
# Set user variables
#
$row=db_fetch($sth[0]);
$USER_ID =$row[0][user];
$USER_PW =$row[0][pw];
$USER_PRIV =$row[0][privil];
$USER_RRN =$row[0][userRRN];
$USER_TEAM =$row[0][team];
#
$sth=db_query("UPDATE online SET skin='".$_SESSION[misc][skin]."',page='".$_SESSION[PageNr]."',time='$timestamp' WHERE ip='$IP' LIMIT 1");
#
# Get total users online
#
$sth=db_query("SELECT * FROM g_stat_misc WHERE stat_misc_skin='".$_SESSION[misc][skin]."' AND stat_misc_key='*tot_online'");
if($sth[1]>0)
{
$row=db_fetch($sth[0]); $TOT_ONLINE=$row[0][stat_misc_val]+1;
}
else
{
$TOT_ONLINE=1;
}
}
#
# Count users online
#
$sth=db_query("SELECT ip FROM online WHERE skin='".$_SESSION[misc][skin]."'");
$NOW_ONLINE=$sth[1];
#
# Update the max users online table if necessary
#
$MAX_ONLINE=0;
$sth=db_query("SELECT * FROM g_stat_misc WHERE stat_misc_skin='".$_SESSION[misc][skin]."' AND stat_misc_key='*max_online'");
if($sth[1]>0) { $row=db_fetch($sth[0]); $MAX_ONLINE=$row[0][stat_misc_val]; }
if($NOW_ONLINE>$MAX_ONLINE)
{
if($sth[1]==0) { $sth=db_query("INSERT INTO g_stat_misc SET stat_misc_skin='".$_SESSION[misc][skin]."',stat_misc_key='*max_online',stat_misc_val='$NOW_ONLINE',stat_misc_date='$timestamp'"); }
else { $sth=db_query("UPDATE g_stat_misc SET stat_misc_val='$NOW_ONLINE',stat_misc_date='$timestamp' WHERE stat_misc_skin='".$_SESSION[misc][skin]."' AND stat_misc_key='*max_online'"); }
}
#=============================================================================
#
# Site maintenance in progress + not admin => halt the user
#
if($_SESSION[misc][wipfile]!='')
{
if(file_exists($_SERVER[DOCUMENT_ROOT].$_SESSION[misc][folder].$_SESSION[misc][wipfile]))
if($USER_PRIV<90)
{
include($_SERVER[DOCUMENT_ROOT].$_SESSION[misc][folder].'_/index.php');
die;
}
else
{
# Remove WIP link
#
?><div style="position:absolute;top:10;left:10;z-index:9999;background:#ff0000;padding:6px;border:2px solid #ffe900;">
<input class="button" type="button" value="remove wip" onclick="javascript:document.location='_/WIP_remove.php';">
</div><?php
}
}
#
# Set Country variables
#
#$_SESSION[sitelanguage]=''; # debug
if(!isset($_SESSION[sitelanguage]) || $_SESSION[sitelanguage]=='')
{
if(file_exists('plugins/get_country.inc') && file_exists($_SESSION[skinf].'def/getcountryKEY.inc'))
{
require('plugins/get_country.inc');
if($getcountryKEY!='')
{
$tmp=get_country($country_server,$country_serverf.'getcountry.php?req='.$_SERVER[HTTP_HOST].'&cid='.$getcountryKEY.'&inquiry='.$_SERVER[REMOTE_ADDR]);
list($_SESSION[country_name],$_SESSION[country_code],$_SESSION[country_code3],$_SESSION[country_language])=explode("\t",$tmp);
$_SESSION[country_desc]=$_SESSION[country_code].', '.$_SESSION[country_code3].', '.$_SESSION[country_language];
}
else { $_SESSION[country_desc]='For info about this flag, check: http://getcountry.grandolini.com'; }
}
if(file_exists($_SESSION[skinf].'lang/'.$_SESSION[country_language].'/welcome.txt'))
{
# the language returned by getcountry is supported
#
$_SESSION[sitelanguage]=$_SESSION[country_language];
}
#
if($_SESSION[sitelanguage]=='') { $_SESSION[sitelanguage]=$_SESSION[misc][langdef]; } # Default language
if($_SESSION[misc][langforce]!='') { $_SESSION[sitelanguage]=$_SESSION[misc][langforce]; } # Force language
}
#
# Set the display language chosen by the user
#
if($_GET[lang]!='' && $_SESSION[misc][langforce]=='')
{
$_SESSION[sitelanguage]=$_GET[lang];
if(!file_exists($_SESSION[skinf].'def/'.$_SESSION[sitelanguage]))
{
# Language not supported: use site default language
#
$_SESSION[sitelanguage]=$_SESSION[misc][langdef];
}
}
#==================
# Definitions
#==================
define(_CR_,"\r\n"); define(_TAB_, "\t");
#
# skins definitions to be used before the page is build (layout.php)
#
if(file_exists($_SESSION[skinf].'def/'.$_SESSION[sitelanguage].'/'.$defs.'_defs.php')) { include_once($_SESSION[skinf].'def/'.$_SESSION[sitelanguage].'/'.$defs.'_defs.php'); }
else { if(file_exists($_SESSION[skinf].'def/'.$_SESSION[misc][langdef].'/'.$defs.'_defs.php')) { include_once($_SESSION[skinf].'def/'.$_SESSION[misc][langdef].'/'.$defs.'_defs.php'); } }
#
# phpCAMALEO definitions to be used before the page is build (layout.php)
#
if(file_exists($_SERVER[DOCUMENT_ROOT].$_SESSION[misc][folder].'skins/phpCAMALEO/def/'.$_SESSION[sitelanguage].'/'.$defs.'_defs.php')) { include_once($_SERVER[DOCUMENT_ROOT].$_SESSION[misc][folder].'skins/phpCAMALEO/def/'.$_SESSION[sitelanguage].'/'.$defs.'_defs.php'); }
else { if(file_exists($_SERVER[DOCUMENT_ROOT].$_SESSION[misc][folder].'skins/phpCAMALEO/def/'.$_SESSION[misc][langdef].'/'.$defs.'_defs.php')) { include_once($_SERVER[DOCUMENT_ROOT].$_SESSION[misc][folder].'skins/phpCAMALEO/def/'.$_SESSION[misc][langdef].'/'.$defs.'_defs.php'); } }
#
# skins own defs override phpCAMALEO defs, else get the default language version
#
if(file_exists($_SESSION[skinf].'def/'.$_SESSION[sitelanguage].'/common_defs.php')) { include_once($_SESSION[skinf].'def/'.$_SESSION[sitelanguage].'/common_defs.php'); }
else { if(file_exists($_SESSION[skinf].'def/'.$_SESSION[misc][langdef].'/common_defs.php')) { include_once($_SESSION[skinf].'def/'.$_SESSION[misc][langdef].'/common_defs.php'); } }
#
# phpCAMALEO common defs
#
if(file_exists($_SERVER[DOCUMENT_ROOT].$_SESSION[misc][folder].'skins/phpCAMALEO/def/'.$_SESSION[sitelanguage].'/common_defs.php')) { include_once($_SERVER[DOCUMENT_ROOT].$_SESSION[misc][folder].'skins/phpCAMALEO/def/'.$_SESSION[sitelanguage].'/common_defs.php'); }
else { if(file_exists($_SERVER[DOCUMENT_ROOT].$_SESSION[misc][folder].'skins/phpCAMALEO/def/'.$_SESSION[misc][langdef].'/common_defs.php')) { include_once($_SERVER[DOCUMENT_ROOT].$_SESSION[misc][folder].'skins/phpCAMALEO/def/'.$_SESSION[misc][langdef].'/common_defs.php'); } }
#
include('common/fun2inc/time_format.inc');
if($USER_PRIV==90 || $_SESSION[misc][location]=='l')
{
# Stuff for the admin
#
include($_SESSION[common].'fun2inc/showtable.inc');
include($_SESSION[common].'fun2inc/echo_r.inc');
}
if(!file_exists($_SERVER[DOCUMENT_ROOT].$_SESSION[misc][folder].'tmp/last_update_'.$_SESSION[misc][skin].'.inc'))
{
include($_SERVER[DOCUMENT_ROOT].$_SESSION[misc][folder].'common/fun2inc/bld_last_update.inc');
bld_last_update(date('j F Y'),$_SERVER[DOCUMENT_ROOT].$_SESSION[misc][folder].'Session.php');
}
include($_SERVER[DOCUMENT_ROOT].$_SESSION[misc][folder].'tmp/last_update_'.$_SESSION[misc][skin].'.inc');
$_SESSION[go]=1;
?>