SESSION_START(); include("../includes/mysql.php"); include("../includes/function.php"); //error_reporting(E_ALL & ~E_NOTICE); /********* temp test ************ if($_GET["gh"] == "yes") { $_SESSION["ourtest"] = "y"; } if($_SESSION[ourtest] !== "y") { echo "Coming soon"; exit; } ********* end temp test ************/ $user_id = $_SESSION["user_id"]; $user_ip = getIp(); $ref_url = $_SERVER["HTTP_REFERER"]; $weekaway = time() + 2592000; $uniq = 0; $comeback = $_COOKIE["comeback"]; if($comeback == '' || $comeback == 0){ $uniq = 1; $comeback = 1; setcookie("comeback", $comeback, time()+$weekaway, "/", ".reportabuyer.com"); } else if($comeback == 1) { $uniq = 0; } $hits_time = date("Y-m-d H:i:s"); $domain = $_SERVER["HTTP_HOST"]; if(!$user_id) $user_id = 0; $hits_q = "insert into report_hits set user_ip='$user_ip', user_id='$user_id', ref_url='$ref_url', referredby = '1000', hit_date='$hits_time', uniq='$uniq'"; $hits_r = mysql_query($hits_q); if($_POST["login"] == "yes") { $email = mysql_real_escape_string(insert_string($_POST["email"])); $pswd = mysql_real_escape_string(insert_string($_POST["pswd"])); $sql = "select * from report_user where email='$email' && password='$pswd' && activate=1"; $res = mysql_query($sql); $error = ""; if(mysql_num_rows($res) > 0) { $user_id = mysql_result($res,0,"user_id"); $name = mysql_result($res,0,"name"); $user_fg = mysql_result($res,0,"fgprint"); $user_se = mysql_result($res,0,"user_session"); $_SESSION["user_id"] = $user_id; $_SESSION["user_session"] = $user_se; $_SESSION["user_name"] = $name; header('P3P: CP="IDC DSP COR CURa ADMa OUR IND PHY ONL COM STA"'); $un = md5($email); $us = md5("he6".$pswd); setcookie("un", $un, time()+3600*24*365, "/", ".reportabuyer.com"); setcookie("us", $us, time()+3600*24*365, "/", ".reportabuyer.com"); header("Location: /"); //echo ""; exit; } else { $error = "Email or Password not match"; } } // auto login $cookie_un = mysql_real_escape_string(urldecode($_COOKIE["un"])); $cookie_us = mysql_real_escape_string(urldecode($_COOKIE["us"])); if($cookie_un && $cookie_us && !$_SESSION["user_id"]) { $sql = "select * from report_user where MD5(email)='$cookie_un' && MD5(CONCAT('he6',password))='$cookie_us' && activate='1'"; $res = mysql_query($sql); if(mysql_num_rows($res) > 0) { $user_id = mysql_result($res,0,"user_id"); $name = mysql_result($res,0,"name"); $user_fg = mysql_result($res,0,"fgprint"); $user_se = mysql_result($res,0,"user_session"); $_SESSION["user_id"] = $user_id; $_SESSION["user_session"] = $user_se; $_SESSION["user_name"] = $name; } } /*********** temp check IP **************/ $thisip = getIp(); $checkIP = checkIP($thisip); /***************************************/ //echo "Coming Soon"; //exit; $user_sess = $_SESSION["user_session"]; $page_path = parse_url($_SERVER["REQUEST_URI"]); $page_arr = explode("/", $page_path["path"]); $page_name = urldecode($page_arr[1]); $item_id_1 = urldecode($page_arr[2]); $item_id_2 = urldecode($page_arr[3]); $item_id_3 = urldecode($page_arr[4]); //$menudata = "$page_name/$item_id_1"; if($page_name =="ckemail") { $ck_email = mysql_real_escape_string($item_id_1); $sql="select email from report_user where email='$ck_email'"; $res = mysql_query($sql); if(mysql_num_rows($res) > 0) { echo "Seem you already registered with us. Please login or use other email address"; echo ""; exit; } else { exit; } } if($page_name =="ckstore") { $ck_store = mysql_real_escape_string($item_id_1); $sql="select store_name from user_store where store_name='$ck_store' && user_id='$user_id'"; $res = mysql_query($sql); if(mysql_num_rows($res) > 0) { echo "$ck_store is already existed. Please use other store name"; echo ""; exit; } else { exit; } } if($page_name =="rec") { echo "
$username |