?
GR0V Shell
GR0V shell
Linux www.koreapackagetour.com 2.6.32-042stab145.3 #1 SMP Thu Jun 11 14:05:04 MSK 2020 x86_64
<?
class user extends MySql
{
function Access($module){
global $user_login;
$module=strtolower($module);
if($user_login['Access']=='Administrator'){
return true;
}
if($user_login['Login_Status']!='True'){
return false;
}
$this->Query("SELECT * FROM modules WHERE module_name='".$module."' AND usertype_access_id='".$user_login['Type']."'");
$numRow=$this->numRows();
if($numRow==0){
return false;
}
return true;
}
function Initial()
{
global $user_login;
$client_ip=getClientIp();
$SessionID=md5($this->getSessionID());
$current_time=time();
if($user_login['Login_Status']!=true){$su="Guest";}else{$su=$user_login['Login'];}
$time=time()-21600000;
$this->setQuery("DELETE FROM session WHERE session_time<$time");
$this->freeQuery();
$this->setQuery("SELECT * FROM session WHERE session_ip='$client_ip' AND session_user='$su'");
$this->QueryReturn();
if($this->numRows()==0){
$useronline=array(
'ip'=>getClientIp(),
'user'=>$su,
'time'=>time(),
'url'=>$_SERVER['QUERY_STRING']
);
$this->Insert('useronline',$useronline);
$this->setQuery("INSERT INTO session (session_id,session_time,session_ip,session_user) VALUES ('$SessionID','$current_time','$client_ip','$su')");
//$user['s_uid']=$SessionID;
if(!$this->QueryReturn()){
Error($this->mysqlError());}
}
}//end function user
function getSessionID(){
mt_srand ((double) microtime() * 1000000);
$pass_len = mt_rand (20,40);
$allchar = "abcdefghijklnmopqrstuvwxyzABCDEFGHIJKLNMOPQRSTUVWXYZ0123456789";
$str = "" ;
for ( $i = 0; $i<$pass_len ; $i++ ){
$str .= substr( $allchar, mt_rand (0,62), 1 ) ;
}
$timestamp= time();
$str=$str.$timestamp;
return($str);
}
function login($UserNameLogin,$UserPasswordLogin)
{
global $user_login;
$md5Pass=md5($UserPasswordLogin);
//$md5Pass=$UserPasswordLogin;
$this->setQuery("SELECT * FROM users where user_login= '$UserNameLogin' AND user_password = '$md5Pass'");
//print_r($this);
$result=$this->QueryReturn();
if($this->numRows()==""){
echo "<script>jAlert('Username or Password INCORRECT', 'Login Error');</script>";
exit();
}else{
$arr=mysql_fetch_array($result);
$this->setQuery("SELECT * FROM user_profile where user_id= '{$arr['user_id']}'");
$result2=$this->QueryReturn();
$arr2=mysql_fetch_array($result2);
/*if($arr['user_block']=='Yes'){
$error="Access Denine";
echo "<script>jAlert('Access Denine', 'Error');</script>";
exit();
}
if($arr['user_type']!='1'){
$error="Admin Only";
echo "<script>jAlert('Admin Only', 'Error');</script>";
exit();
}*/
//$_IpLogin=getClientIp();
$_SESSION["user_login"]['ID'] =$arr['user_id'];
$_SESSION["user_login"]['Login_Status'] ="True";
$_SESSION["user_login"]['Login'] =$arr['user_login'];
$_SESSION["user_login"]['Password'] =$arr['user_password'];
$_SESSION["user_login"]['Type'] =$arr['user_type'];
$_SESSION["user_login"]['Nickname'] =$arr2['nickname'];
$_SESSION["user_login"]['Name'] =$arr['user_name'];
print_r($_SESSION["user_login"]);
//$user_login['Group_Root']=$this->getRootParent($arr['user_type']);
//$access=$this->getDataOneRow('usertype',$arr['user_type'],'usertype_id');
//$user_login['Access']=$access['usertype_name'];
$this->setQuery("UPDATE users SET user_last_visit_time='".time()."' WHERE user_login='".$arr['user_login']."'");
$this->freeQuery();
$this->setQuery("UPDATE users SET user_last_login_ip='".getClientIp()."' WHERE user_login='".$arr['user_login']."'");
$this->freeQuery();
//$this->setQuery("UPDATE session set session_user='$UserNameLogin' where session_ip='$_IpLogin'");
//$this->freeQuery();
echo"<meta http-equiv=\"refresh\" content=\"0;url=admin.php\">";
//header("Location:index1.php");
}
}//end function login
function getRootParent($group){
$parent=$this->getRow('usertype',"WHERE usertype_id='$group'");
if($parent['usertype_parent']!=''){
$root=$this->getRootParent($parent['usertype_parent']);
}else{
return $parent['usertype_id'];
}
return $root;
}
function logout()
{
global $user_login;
//$_IpLogin=getClientIp();
//$this->setQuery("DELETE FROM session where session_user='".$user_login['Login']."'");
//$this->QueryReturn();
session_start();
session_destroy();
echo"<meta http-equiv=\"refresh\" content=\"0;url=index.php\">";
//header("Location:index1.php");
}//end function logout
function add_new_account(){
$data=Array(
'user_login'=>$_POST['username'],
'user_password'=>md5($_POST['password']),
'user_name'=>$_POST['name'],
'user_type'=>$_POST['cat_id'],
);
$chk_user=$this->check_data($table='users',$field='user_login',$_POST['username']);
//$this->Query("SELECT name,lastname FROM user_profile WHERE name='".$_POST['name']."' AND lastname='".$_POST['lastname']."'");
//$chk_name_lastname=$this->numRows();
// $chk_email=$this->check_data($table='users',$field='user_email',$_POST['email']);
if($chk_user==1){
echo "<SCRIPT>alert('Username is ready to use'); window.history.back(); </SCRIPT>\n";
exit();
}
/*if($chk_name_lastname==1){
echo "<SCRIPT>alert('ชื่อ-นามสกุล ".$_POST['name']." ".$_POST['lastname']." นี้มีในระบบแล้ว'); window.history.back(); </SCRIPT>\n";
exit();
}*/
/*
if($chk_email==1){
echo "<SCRIPT>alert('Email is ready to use'); window.history.back(); </SCRIPT>\n";
exit();
}
*/
if($_POST['password']!=$_POST['password2']){
echo $_POST['password']."!=".$_POST['password2'];
//echo "<SCRIPT>alert('รหัสผ่านไม่ตรงกัน'); window.history.back(); </SCRIPT>\n";
exit();
}
if($_POST['name']!=''&&$_POST['username']!=''&&$_POST['cat_id']!=''&&$_POST['password']==$_POST['password2']){
if($this->Insert('users',$data)){
$new_name=$_POST['username'];
if($_FILES['files']['name']!=''){
$filename = $_FILES['files']['name'];
$filetype = $_FILES['files']['type'];
$filetmp = $_FILES['files']['tmp_name'];
if($filetype == "image/gif"){
$ContentPhoto=$filename.".gif";
}else if ( $filetype == "image/bmp"){
$ContentPhoto=$filename.".bmp";
}else if ( $filetype == "image/png"){
$ContentPhoto=$filename.".png";
}else if (($filetype =="image/jpg")||($filetype =="image/jpeg")||($filetype =="image/pjpeg")){
$ContentPhoto=$filename.".jpg";
}
if($ContentPhoto != ""){
if ($filetype != ""){
move_uploaded_file($filetmp, "../backend/images/".$ContentPhoto);
}
else
$ContentPhoto="";
}
/* $picname=uploadfiles('photo',$new_name,$file_dir='../backend/images/',$limit_size='100',$numfiles=1);
if($picname[0]!=''){
make_thumb($img="../backend/images/".$picname[0],$thumb_path='../user_photo/thumbs/'.$picname[0],$new_w=120);
}*/
$id=$this->getDataOneRow('users',$new_name,'user_id');
$data2=Array(
'photo'=>$ContentPhoto,
'name'=>$_POST['firstname'],
'lastname'=>$_POST['lastname'],
'nickname'=>$_POST['name'],
'telephone'=>$_POST['tel'],
'email1'=>$_POST['email'],
'user_id'=>$id,
);
$this->Insert('user_profile',$data2);
}else{
echo"<meta http-equiv=\"refresh\" content=\"0;url=blog.php?mod=user&msg=0\">";
}
}else{
echo "<SCRIPT>alert('Require Fields Data'); window.history.back(); </SCRIPT>\n";
exit();
}
}//end new Account
function edit_user(){
//check_data_edit($table,$field,$data,$id_field,$id)
$chk_user=$this->check_data_edit($table='users',$field='user_login',$_POST['username'],'user_id',$_POST['user_id']);
$this->Query("SELECT name,lastname FROM user_profile WHERE user_id!='".$_POST['user_id']."' AND name='".$_POST['name']."' AND lastname='".$_POST['lastname']."'");
$chk_name_lastname=$this->numRows();
// $chk_email=$this->check_data_edit($table='users',$field='user_email',$_POST['email'],'user_id',$_POST['user_id']);
if($chk_user==1){
echo "<SCRIPT>alert('Username is ready to use'); window.history.back(); </SCRIPT>\n";
exit();
}
if($chk_name_lastname==1){
echo "<SCRIPT>alert('ชื่อ-นามสกุล ".$_POST['name']." ".$_POST['lastname']." นี้มีในระบบแล้ว'); window.history.back(); </SCRIPT>\n";
exit();
}
/*
if($chk_email==1){
echo "<SCRIPT>alert('Email is ready to use'); window.history.back(); </SCRIPT>\n";
exit();
}
*/
if($_POST['password']!=''){
if($_POST['password']!=$_POST['repassword']){
echo "<SCRIPT>alert('รหัสผ่านไม่ตรงกัน'); window.history.back(); </SCRIPT>\n";
exit();
}else{
$pass=md5($_POST['password']);
$this->Query("update users set user_password='$pass' where user_id='".$_POST['user_id']."'");
}
}//end check _POST['password']!=''
if($_POST['username']!=''){
$data=Array(
'user_login'=>$_POST['username'],
'user_name'=>$_POST['name'],
'user_email'=>$_POST['email1'],
'user_type'=>$_POST['usertype'],
'user_block'=>$_POST['block']
);
if($this->Update('users',$data,"where user_id='".$_POST['user_id']."'")){
$chk=$this->check_data($table='user_profile',$field='user_id',$_POST['user_id']);
$picname=uploadfiles('photo',$_POST['username'],$file_dir='../user_photo',$limit_size,$numfiles=1);
if($picname[0]==''){
$picname[0]=$_POST['edit_photo'];
}else{
$img_src="../user_photo/".$picname[0];
make_thumb($img_src,'../user_photo/thumbs/'.$picname[0],150);
}
$data3=Array('photo'=>$picname[0]);
$this->Update('user_profile',$data3,"where user_id='".$_POST['user_id']."'");
if($chk!=0){
$data2=Array(
'name'=>$_POST['name'],
'lastname'=>$_POST['lastname'],
'nickname'=>$_POST['nickname'],
'day'=>$_POST['day'],
'month'=>$_POST['month'],
'year'=>$_POST['year'],
'gender'=>$_POST['gender'],
'address'=>$_POST['address'],
'road'=>$_POST['road'],
'sub_district'=>$_POST['sub_district'],
'district'=>$_POST['district'],
'province'=>$_POST['province'],
'zipcode'=>$_POST['zipcode'],
'telephone'=>$_POST['telephone'],
'mobile'=>$_POST['mobile'],
'email1'=>$_POST['email1'],
'email2'=>$_POST['email2'],
'job'=>$_POST['job'],
);
$this->Update('user_profile',$data2,"where user_id='".$_POST['user_id']."'");
}else{
$data2=Array(
'photo'=>$picname[0],
'name'=>$_POST['name'],
'lastname'=>$_POST['lastname'],
'nickname'=>$_POST['nickname'],
'day'=>$_POST['day'],
'month'=>$_POST['month'],
'year'=>$_POST['year'],
'gender'=>$_POST['gender'],
'address'=>$_POST['address'],
'road'=>$_POST['road'],
'sub_district'=>$_POST['sub_district'],
'district'=>$_POST['district'],
'province'=>$_POST['province'],
'zipcode'=>$_POST['zipcode'],
'telephone'=>$_POST['telephone'],
'mobile'=>$_POST['mobile'],
'email1'=>$_POST['email1'],
'email2'=>$_POST['email2'],
'job'=>$_POST['job'],
'user_id'=>$_POST['user_id'],
);
$this->Insert('user_profile',$data2);
}
echo $picname[0];
echo"<meta http-equiv=\"refresh\" content=\"0;url=admin.php?mod=user&msg=2\">";
}else{
echo $picname[0];
echo"<meta http-equiv=\"refresh\" content=\"0;url=admin.php?mod=user&msg=6\">";
}
}else{
echo "<SCRIPT>alert('Require Fields Data'); window.history.back(); </SCRIPT>\n";
exit();
}
}//end edit user
function del_user(){
global $user_login;
$user_id=$_GET['id'];
$chk_admin=$this->getDataOneRow('users',$user_id,'user_id');
/*if($chk_admin['user_type']==1){
echo "<SCRIPT>alert('Cannot Delete Administator'); window.history.back(); </SCRIPT>\n";
exit();
}*/
if($user_login['Type']==1){
$rs=$this->Query("delete from users where user_id='$user_id'");
if($rs){
$this->Query("DELETE FROM user_profile WHERE user_id='$user_id'");
echo"<meta http-equiv=\"refresh\" content=\"0;url=admin.php?mod=user&msg=3\">";
}else{
echo"<meta http-equiv=\"refresh\" content=\"0;url=admin.php?mod=user&msg=5\">";
}
}else{
echo"<meta http-equiv=\"refresh\" content=\"0;url=admin.php?mod=user&msg=4\">";
}
}
}//end class user
?>
T1KUS90T