Changeset 118 for db/index.php
Legend:
- Unmodified
- Added
- Removed
-
db
- Property svn:ignore
-
old new 1 1 config.php 2 navrh
-
- Property svn:ignore
-
db/index.php
r113 r118 1 1 <?php 2 session_start(); $session = session_id('PHPSESSID'); 2 /* =========== CODE Security =========== */ 3 define('IN_CODE', TRUE); 4 5 /* =========== Sessions =========== */ 6 session_start(); 7 $session = session_id('PHPSESSID'); 3 8 $session_id = $_GET['PHPSESSID']; 4 9 if( !empty($session_id) ){ $session = $session_id; }; 5 10 6 /* =========== Security =========== */ 7 if( isset($_GET['Database']) OR isset($_POST['Database']) ){ unset($_GET['Database']); unset($_POST['Database']); }; 8 if( isset($_GET['DB_read']) OR isset($_POST['DB_read']) ){ unset($_GET['DB_read']); unset($_POST['DB_read']); }; 9 if( isset($_GET['Menu']) OR isset($_POST['Menu']) ){ unset($_GET['Menu']); unset($_POST['Menu']); }; 10 if( isset($_GET['text']) OR isset($_POST['text']) ){ unset($_GET['text']); unset($_POST['text']); }; 11 /* =========== Input/Output Security =========== */ 11 12 $klic=array_keys($_POST); 12 13 for ($i=0;$i<=count($klic)-1;$i++) { … … 20 21 /* =========== Config aj. =========== */ 21 22 require_once "./config.php"; 23 require_once "./language/".$Config['DB_read']['language'].".php"; 22 24 require_once "./check_database.php"; 23 25 require_once "./functions.php"; … … 41 43 $login_info = @MySQL_Fetch_Array($sql_user); 42 44 43 SwitchDB(3); // nastavení databáze na web44 45 SwitchDB(3); // nastavení databáze na web 46 45 47 $sql_active_id_dotaz = @mysql_query("SELECT * FROM `acc_online` WHERE `nick`='".$login_info['username']."' LIMIT 1"); 46 48 if( @mysql_num_rows($sql_active_id_dotaz) == 1 ) { … … 49 51 50 52 if( empty($active['id']) ){ 51 @mysql_query("INSERT INTO `acc_online` ( `nick`, ` phpsession`, `hodnost`, `dateoflogin` ) VALUES ( '".$login_info['username']."', '".$session."', '".$login_info['gmlevel']."', '".time()."' )");53 @mysql_query("INSERT INTO `acc_online` ( `nick`, `acc`, `phpsession`, `hodnost`, `dateoflogin` ) VALUES ( '".$login_info['username']."', '".$login_info['id']."', '".$session."', '".$login_info['gmlevel']."', '".time()."' )"); 52 54 $login_err = "Přihlášení proběhlo úspěšně."; 53 55 } 54 56 elseif( !empty($active['id']) ){ 55 57 @mysql_query("DELETE FROM `acc_online` WHERE id='".$active['id']."' LIMIT 1 "); 56 @mysql_query("INSERT INTO `acc_online` ( `nick`, ` phpsession`, `hodnost`, `dateoflogin` ) VALUES ( '".$login_info['username']."', '".$session."', '".$login_info['gmlevel']."', '".time()."' )");58 @mysql_query("INSERT INTO `acc_online` ( `nick`, `acc`, `phpsession`, `hodnost`, `dateoflogin` ) VALUES ( '".$login_info['username']."', '".$login_info['id']."', '".$session."', '".$login_info['gmlevel']."', '".time()."' )"); 57 59 $login_err = "Přihlášení proběhlo úspěšně."; 58 60 } … … 67 69 68 70 SwitchDB(3); // nastavení databáze na web 69 70 if( $_GET['id'] == "logout" ){ 71 session_destroy(); session_regenerate_id(); 71 72 if( $_GET['id'] == "logout" ){ 73 session_destroy(); session_regenerate_id(); unset($user,$SID); 72 74 @mysql_query("DELETE FROM `acc_online` WHERE `phpsession`='$session' LIMIT 1"); 73 unset($user); unset($SID);75 header("Location: ".ereg_replace("(&PHPSESSID=)([a-z0-9]*)", "", $_SERVER["HTTP_REFERER"])); exit; 74 76 }; 75 77 … … 95 97 // 2- položka 96 98 // 3- jiné */ 97 99 98 100 1 => array(1,"index.php?id=uvod$SID","Hlavni"), 99 101 2 => array(2,"./../","Zpět na web"), … … 154 156 // 40 => array(2,"./index.php?id=profes$SID","Prohlížet"), 155 157 // 41 => array(2,"./index.php?id=pteach$SID","Učitelé"), 158 42 => array(1,"#","Jiné"), 159 43 => array(2,"./index.php?id=navody$SID","Návody"), 160 44 => array(2,"./index.php?id=eventy$SID","Eventy"), 156 161 ); 157 162 $Menu = array_merge($Menu, $Menu_add); 158 163 159 164 /* =========== END_TOP =========== */ 160 $vlozeni_souboru = "OK";165 //$vlozeni_souboru = "OK"; 161 166 162 167 … … 165 170 $str = $_GET['str']; // tady získá str z adresy 166 171 $char = $_GET['char']; // tady získá str z adresy 167 $q = addslashes($_GET['q']);172 $q = $_GET['q']; 168 173 $limit = $_GET['list']; // tady získá list z adresy 169 174 if( is_numeric($limit) == FALSE ){ unset($limit); }; 170 175 if( $limit < 1 OR empty($limit) ){ $limit = 1; }; 171 $bug = addslashes($_GET['bug']); 176 $kategory = $_GET['kat']; // tady získá kategorii z adresy 177 if( is_numeric($kategory) == FALSE ){ unset($kategory); }; 178 $bug = $_GET['bug']; 172 179 if( is_numeric($bug) == FALSE ){ unset($bug); }; 173 $quest = addslashes($_GET['quest']);180 $quest = $_GET['quest']; 174 181 if( is_numeric($quest) == FALSE ){ unset($quest); }; 175 $creature = addslashes($_GET['creature']);182 $creature = $_GET['creature']; 176 183 if( is_numeric($creature) == FALSE ){ unset($creature); }; 177 $item = addslashes($_GET['item']);184 $item = $_GET['item']; 178 185 if( is_numeric($item) == FALSE ){ unset($item); }; 179 $lvl_d = addslashes($_GET['lvl_d']);186 $lvl_d = $_GET['lvl_d']; 180 187 if( is_numeric($lvl_d) == FALSE ){ unset($lvl_d); }; 181 $lvl_h = addslashes($_GET['lvl_h']);188 $lvl_h = $_GET['lvl_h']; 182 189 if( is_numeric($lvl_h) == FALSE ){ unset($lvl_h); }; 190 $guid = $_GET['navod']; 191 if( is_numeric($guid) == FALSE ){ unset($guid); }; 183 192 184 193 /* =========== Výchozí databáze =========== */ 185 194 SwitchDB(1); // nastavení databáze na mangos 186 195 187 196 switch($id){ 188 197 case 'character': $general_include = "./character.php"; break; 189 198 default: $general_include = "./hlavni.php"; break; 190 199 }; 191 200 192 201 /* =========== Vložení základního souboru =========== */ 193 require_once "./language/".$Config['DB_read']['language'].".php";194 195 202 require_once "./post_read.php"; 196 203 $BasicWiewer = new BasicWiewer(); … … 200 207 201 208 mysql_close(); // odpojíme se od databáze 202 unset($vlozeni_souboru);203 209 /* =========== END_scritps =========== */ 204 210 ?>
Note:
See TracChangeset
for help on using the changeset viewer.