edited

1. <?php
2. set_time_limit(0);
3. date_default_timezone_set('Australia/Melbourne');
4. ini_set("display_errors", "on");
5. error_reporting(E_ALL);
6.  
7. new core();
8.  
9. class core
10. {
11. public $userid, $configured = False, $mysql = Null, $config = False, $auth = False;
12.  
13. public function __construct()
14. {
15. session_start();
16. $GLOBALS["core"] = &$this;
17. $this->dir = __DIR__ . DIRECTORY_SEPARATOR;
18. $this->root = str_replace(array('\', '/'), DIRECTORY_SEPARATOR, $_SERVER["DOCUMENT_ROOT"]) . DIRECTORY_SEPARATOR;
19. $this->ds = DIRECTORY_SEPARATOR; /* Cause I get sick of typing "DIRECTORY_SEPARATOR" */
20. $this->userip = isset($_SERVER["HTTP_CF_CONNECTING_IP"]) ? $_SERVER["HTTP_CF_CONNECTING_IP"] : $_SERVER["REMOTE_ADDR"];
21. @include_once $this->dir . "_config.php";
22. require_once $this->dir . "_pdo.php";
23. $this->config = (object) array();
24. if(isset($config))
25. {
26. $this->config = (object) $config;
27. $this->mysql = new Database($this->config->sql->host, $this->config->sql->user, $this->config->sql->pass, $this->config->sql->name);
28. $this->page = isset($_GET["page"]) && is_string($_GET["page"]) ? strtolower($_GET["page"]) : "home";
29. $this->parse_page();
30. $this->pc = trim(ob_get_contents());
31. $this->pc = utf8_encode($this->pc);
32. ob_clean();
33. }
34.  
35. public function auth()
36. {
37. if(empty($_SESSION) && empty($_COOKIE))
38. {
39. return False;
40. }
41. if(empty($_SESSION) && !empty($_COOKIE[md5($this->userip)]))
42. {
43. $cookie = explode(chr(0), $_COOKIE[md5($this->userip)]);
44. $cookie = array_map(array($this->mysql, 'decrypt'), $cookie);
45. if(count($cookie) == 2 && $cookie[0] != false && $cookie[1] != false)
46. {
47. $_SESSION["user"] = $cookie[0];
48. $_SESSION["pass"] = $cookie[1];
49. }
50. }
51. if(empty($_SESSION["user"]))
52. {
53. return false;
54. }
55. $user = $this->mysql->fetch_array("select * from `users` where `username`='{$this->mysql->sanatize($_SESSION["user"])}';");
56. if(empty($user))
57. {
58. session_destroy();
59. setcookie(md5($this->userip), null, time() - 86400);
60. exit(header("Location: /ixat/home"));
61. } else {
62. $_SESSION["id"] = $this->userid = $user[0]["id"];
63. }
64. return isset($_SESSION["id"]) ? true : false;
65. }
66.  
67. public function parse_page()
68. {
69. $this->pages = glob($this->root . "_pages" . $this->ds . "*.php");
70. $this->pages = array_map(function($x)
71. {
72. return strtolower(substr($x, strrpos($x, DIRECTORY_SEPARATOR) + 1, -4));
73. }, $this->pages);
74. if(!in_array($this->page, $this->pages))
75. {
76. $embed = $this->getEmbed($this->page);
77. if($embed !== false)
78. {
79. return print "<h2 class=\"nopadding nomargin\"> {$this->page} </h2> <hr class=\"nopadding nomargin\" /> <br /> <div class=\"center\">{$embed}</div>";
80. } else {
81. $this->page = "home";
82. }
83. }
84. $core = &$this;
85. require_once "{$this->root}ixat/_pages{$this->ds}{$this->page}.php";
86. }
87.  
88. public function getEmbed($chat, $pass = false)
89. {
90. $chat = $this->mysql->fetch_array("select * from `chats` where `name`='{$this->mysql->sanatize($chat)}' or `id`='{$this->mysql->sanatize($chat)}';");
91. if($pass !== false)
92. {
93. $pass = "&pass=" . urlencode($pass);
94. }
95. return empty($chat) ? false : "<div class=\"panel panel-default\"><div class=\"panel-heading\"><h3 class=\"panel-title\"><b><font color=\"black\">{$chat[0]["name"]}</font></b></h3></div><br /><div class=\"panel-body\"><embed id=\"XenoBox\" width=\"730\" height=\"490\" type=\"application/x-shockwave-flash\" quality=\"high\" src=\"http://{$_SERVER["SERVER_NAME"]}/static/static.php?c=chat.swf&d=flash&id={$chat[0]["id"]}&gn={$chat[0]["name"]}{$pass}\" flashvars=\"id={$chat[0]["id"]}&gn={$chat[0]["name"]}{$pass}\" wmode=\"transparent\"></div></div>";
96. }
97.  
98. }