init.php

1. <?php
2. /*
3. =====================================================
4.  DataLife Engine - by SoftNews Media Group
5. -----------------------------------------------------
6.  http://dle-news.ru/
7. -----------------------------------------------------
8.  Copyright (c) 2004,2014 SoftNews Media Group
9. =====================================================
10.  Данный код защищен авторскими правами
11. =====================================================
12.  Файл: init.php
13. -----------------------------------------------------
14.  Назначение: подключение дополнительных модулей
15. =====================================================
16. */
17. if (! defined ( 'DATALIFEENGINE' )) {
18.     die ( "Hacking attempt!" );
19. }
20.  
21. @include (ENGINE_DIR . '/data/config.php');
22.  
23. date_default_timezone_set ( $config['date_adjust'] );
24.  
25. if ($config['http_home_url'] == "") {
26.    
27.     $config['http_home_url'] = explode ( "index.php", $_SERVER['PHP_SELF'] );
28.     $config['http_home_url'] = reset ( $config['http_home_url'] );
29.     $config['http_home_url'] = "http://" . $_SERVER['HTTP_HOST'] . $config['http_home_url'];
30.  
31. }
32.  
33. if ( !$config['version_id'] ) {
34.  
35.     if ( file_exists(ROOT_DIR . '/install.php') AND !file_exists(ENGINE_DIR . '/data/config.php') ) {
36.  
37.         header( "Location: ".str_replace("index.php","install.php",$_SERVER['PHP_SELF']) );
38.         die ( "Datalife Engine not installed. Please run install.php" );
39.  
40.     } else {
41.    
42.         die ( "Datalife Engine not installed. Please run install.php" );
43.     }
44.  
45. }
46.  
47. require_once ENGINE_DIR . '/classes/mysql.php';
48. require_once ENGINE_DIR . '/data/dbconfig.php';
49. require_once ENGINE_DIR . '/modules/functions.php';
50. require_once ENGINE_DIR . '/modules/gzip.php';
51.  
52. dle_session();
53.  
54. $Timer = new microTimer();
55.  
56. check_xss ();
57.  
58. if( $config['start_site'] == 3 AND $_SERVER['QUERY_STRING'] == "" AND !$_POST['do']) {
59.  
60.     $_GET['do'] = "static";
61.     $_REQUEST['do'] = "static";
62.     $_GET['page'] = "main";
63.     $_REQUEST['page'] = "main";
64.  
65. }
66.  
67. $cron = false;
68. $_TIME = time();
69. $config['charset'] = strtolower($config['charset']);
70.  
71. $cron_time = get_vars ( "cron" );
72.  
73. if (date ( "Y-m-d", $cron_time ) != date ( "Y-m-d", $_TIME )) $cron = 2;
74. elseif (($cron_time + (3600 * 2)) < $_TIME) $cron = 1;
75.  
76. if ($cron) include_once ENGINE_DIR . '/modules/cron.php';
77.  
78. if (isset ( $_GET['year'] )) $year = intval ( $_GET['year'] ); else $year = '';
79. if (isset ( $_GET['month'] )) $month = @$db->safesql ( sprintf("%02d", intval ( $_GET['month'] ) ) ); else $month = '';
80. if (isset ( $_GET['day'] )) $day = @$db->safesql ( sprintf("%02d", intval ( $_GET['day'] ) ) ); else $day = '';
81. if (isset ( $_GET['news_name'] )) $news_name = @$db->safesql ( strip_tags ( str_replace ( '/', '', $_GET['news_name'] ) ) ); else $news_name = '';
82. if (isset ( $_GET['newsid'] )) $newsid = intval ( $_GET['newsid'] ); else $newsid = 0;
83. if (isset ( $_GET['cstart'] )) $cstart = intval ( $_GET['cstart'] ); else $cstart = 0;
84. if (isset ( $_GET['news_page'] )) $news_page = intval ( $_GET['news_page'] ); else $news_page = 0;
85.  
86. if ($cstart > 9000000) {
87.  
88.     header( "Location: ".str_replace("index.php","",$_SERVER['PHP_SELF']) );
89.     die();
90. }
91.  
92. if (isset ( $_GET['catalog'] )) {
93.  
94.     $catalog = @strip_tags ( str_replace ( '/', '', urldecode ( $_GET['catalog'] ) ) );
95.  
96.     if ( $config['charset'] == "windows-1251" AND $config['charset'] != detect_encoding($catalog) ) {
97.         $catalog = iconv( "UTF-8", "windows-1251//IGNORE", $catalog );
98.     }
99.  
100.     $catalog = $db->safesql ( dle_substr ( $catalog, 0, 3, $config['charset'] ) );
101.  
102. } else $catalog = '';
103.  
104. if (isset ( $_GET['user'] )) {
105.  
106.     $user = @strip_tags ( str_replace ( '/', '', urldecode ( $_GET['user'] ) ) );
107.  
108.     if ( $config['charset'] == "windows-1251" AND $config['charset'] != detect_encoding($user) ) {
109.         $user = iconv( "UTF-8", "windows-1251//IGNORE", $user );
110.     }
111.  
112.     $user = $db->safesql ( $user );
113.  
114.     if( preg_match( "/[\||\'|\<|\>|\"|\!|\?|\$|\@|\/|\\\|\&\~\*\+]/", $user ) ) $user="";
115.  
116. } else $user = '';
117.  
118. if (isset ( $_GET['category'] )) {
119.     if (substr ( $_GET['category'], - 1, 1 ) == '/') $_GET['category'] = substr ( $_GET['category'], 0, - 1 );
120.     $category = explode ( '/', $_GET['category'] );
121.     $category = end ( $category );
122.     $category = $db->safesql ( strip_tags ( $category ) );
123. } else $category = '';
124.  
125. $PHP_SELF = $config['http_home_url'] . "index.php";
126. $pm_alert = "";
127. $ajax = "";
128. $allow_comments_ajax = false;
129. $_DOCUMENT_DATE = false;
130. $user_query = "";
131. $static_result = array ();
132. $is_logged = false;
133. $member_id = array ();
134. $related_buffer = false;
135. $banners = array ();
136. $banner_in_news = array ();
137. $js_array = array ();
138. $replace_links = array ();
139. $custom_news = false;
140.  
141. $metatags = array (
142.                 'title' => $config['home_title'],
143.                 'description' => $config['description'],
144.                 'keywords' => $config['keywords'],
145.                 'header_title' => "" );
146.  
147. //################# Определение групп пользователей
148. $user_group = get_vars ( "usergroup" );
149.  
150. if (! $user_group) {
151.     $user_group = array ();
152.    
153.     $db->query ( "SELECT * FROM " . USERPREFIX . "_usergroups ORDER BY id ASC" );
154.    
155.     while ( $row = $db->get_row () ) {
156.        
157.         $user_group[$row['id']] = array ();
158.        
159.         foreach ( $row as $key => $value ) {
160.             $user_group[$row['id']][$key] = stripslashes($value);
161.         }
162.    
163.     }
164.     set_vars ( "usergroup", $user_group );
165.     $db->free ();
166. }
167. //####################################################################################################################
168. //                    Определение категорий и их параметры
169. //####################################################################################################################
170. $cat_info = get_vars ( "category" );
171.  
172. if (! is_array ( $cat_info )) {
173.     $cat_info = array ();
174.    
175.     $db->query ( "SELECT * FROM " . PREFIX . "_category ORDER BY posi ASC" );
176.     while ( $row = $db->get_row () ) {
177.        
178.         $cat_info[$row['id']] = array ();
179.        
180.         foreach ( $row as $key => $value ) {
181.             $cat_info[$row['id']][$key] = stripslashes ( $value );
182.         }
183.    
184.     }
185.     set_vars ( "category", $cat_info );
186.     $db->free ();
187. }
188.  
189. //####################################################################################################################
190. //                    Определение забаненных пользователей и IP
191. //####################################################################################################################
192. $banned_info = get_vars ( "banned" );
193.  
194. if (! is_array ( $banned_info )) {
195.     $banned_info = array ();
196.    
197.     $db->query ( "SELECT * FROM " . USERPREFIX . "_banned" );
198.     while ( $row = $db->get_row () ) {
199.        
200.         if ($row['users_id']) {
201.            
202.             $banned_info['users_id'][$row['users_id']] = array (
203.                                                                 'users_id' => $row['users_id'],
204.                                                                 'descr' => stripslashes ( $row['descr'] ),
205.                                                                 'date' => $row['date'] );
206.        
207.         } else {
208.            
209.             if (count ( explode ( ".", $row['ip'] ) ) == 4)
210.                 $banned_info['ip'][$row['ip']] = array (
211.                                                         'ip' => $row['ip'],
212.                                                         'descr' => stripslashes ( $row['descr'] ),
213.                                                         'date' => $row['date']
214.                                                         );
215.             elseif (strpos ( $row['ip'], "@" ) !== false)
216.                 $banned_info['email'][$row['ip']] = array (
217.                                                             'email' => $row['ip'],
218.                                                             'descr' => stripslashes ( $row['descr'] ),
219.                                                             'date' => $row['date'] );
220.             else $banned_info['name'][$row['ip']] = array (
221.                                                             'name' => $row['ip'],
222.                                                             'descr' => stripslashes ( $row['descr'] ),
223.                                                             'date' => $row['date'] );
224.        
225.         }
226.    
227.     }
228.     set_vars ( "banned", $banned_info );
229.     $db->free ();
230. }
231.  
232. $category_skin = "";
233.  
234. if ($category != '') $category_id = get_ID ( $cat_info, $category );
235. else $category_id = false;
236.  
237. if ($category_id) $category_skin = $cat_info[$category_id]['skin'];
238.  
239. // #################################
240. if ($news_name != '' OR $newsid) {
241.    
242.     $allow_sql_skin = false;
243.    
244.     foreach ( $cat_info as $cats ) {
245.         if ($cats['skin'] != '') $allow_sql_skin = true;
246.     }
247.    
248.     if ($allow_sql_skin) {
249.        
250.         if (!$newsid) $sql_skin = $db->super_query ( "SELECT category FROM " . PREFIX . "_post where month(date) = '$month' AND year(date) = '$year' AND dayofmonth(date) = '$day' AND alt_name ='$news_name'" );
251.         else $sql_skin = $db->super_query ( "SELECT category FROM " . PREFIX . "_post where  id = '$newsid' AND approve" );
252.        
253.         $base_skin = explode ( ',', $sql_skin['category'] );
254.        
255.         $category_skin = $cat_info[$base_skin[0]]['skin'];
256.        
257.         unset ( $sql_skin );
258.         unset ( $base_skin );
259.    
260.     }
261.  
262. }
263.  
264. if (isset($_GET['do']) AND $_GET['do'] == "static") {
265.    
266.     $name = @$db->safesql( trim( totranslit( $_GET['page'], true, false ) ) );
267.     $static_result = $db->super_query ( "SELECT * FROM " . PREFIX . "_static WHERE name='{$name}'" );
268.     $category_skin = $static_result['template_folder'];
269.  
270. }
271.  
272. if ($category_skin != "") {
273.  
274.     $category_skin = trim( totranslit($category_skin, false, false) );
275.  
276.     if ($category_skin != '' AND @is_dir ( ROOT_DIR . '/templates/' . $category_skin )) {
277.         $config['skin'] = $category_skin;
278.     }
279.  
280. } elseif (isset ( $_REQUEST['action_skin_change'] )) {
281.    
282.     $_REQUEST['skin_name'] = trim( totranslit($_REQUEST['skin_name'], false, false) );
283.    
284.     if ($_REQUEST['skin_name'] != '' AND @is_dir ( ROOT_DIR . '/templates/' . $_REQUEST['skin_name'] ) ) {
285.         $config['skin'] = $_REQUEST['skin_name'];
286.         set_cookie ( "dle_skin", $_REQUEST['skin_name'], 365 );
287.     }
288.  
289. } elseif (isset ( $_COOKIE['dle_skin'] ) ) {
290.  
291.     $_COOKIE['dle_skin'] = trim( totranslit($_COOKIE['dle_skin'], false, false) );
292.  
293.     if ($_COOKIE['dle_skin'] != '' AND @is_dir ( ROOT_DIR . '/templates/' . $_COOKIE['dle_skin'] )) {
294.         $config['skin'] = $_COOKIE['dle_skin'];
295.     }
296. }
297.  
298. if (isset ( $config["lang_" . $config['skin']] ) and $config["lang_" . $config['skin']] != '') {
299.     if ( file_exists( ROOT_DIR . '/language/' . $config["lang_" . $config['skin']] . '/website.lng' ) ) {  
300.         include_once ROOT_DIR . '/language/' . $config["lang_" . $config['skin']] . '/website.lng';
301.     } else die("Language file not found");
302. } else {
303.    
304.     include_once ROOT_DIR . '/language/' . $config['langs'] . '/website.lng';
305.  
306. }
307.  
308. $config['charset'] = ($lang['charset'] != '') ? $lang['charset'] : $config['charset'];
309.  
310. $smartphone_detected = false;
311.  
312. if( isset( $_REQUEST['action'] ) and $_REQUEST['action'] == "mobiledisable" ) {
313.     $_SESSION['mobile_disable'] = 1;
314.     $_SESSION['mobile_enable'] = 0;
315.    
316.     $rewrite_url = isset( $_SERVER['HTTP_REFERER'] ) ? $_SERVER['HTTP_REFERER'] : "index.php";
317.    
318.     header( "Location: " . $rewrite_url );
319.     die();
320. }
321.  
322. if( isset( $_REQUEST['action'] ) and $_REQUEST['action'] == "mobile" ) {
323.     $_SESSION['mobile_enable'] = 1;
324.     $_SESSION['mobile_disable'] = 0;
325.    
326.     $rewrite_url = isset( $_SERVER['HTTP_REFERER'] ) ? $_SERVER['HTTP_REFERER'] : "index.php";
327.    
328.     header( "Location: " . $rewrite_url );
329.     die();
330. }
331.  
332. if( !isset( $_SESSION['mobile_disable'] ) ) $_SESSION['mobile_disable'] = 0;
333. if( !isset( $_SESSION['mobile_enable'] ) ) $_SESSION['mobile_enable'] = 0;
334.  
335. if( !isset ( $do ) AND isset ($_REQUEST['do']) ) $do = totranslit ( $_REQUEST['do'] ); elseif(isset ( $do )) $do = totranslit ( $do ); else $do = '';
336. if( !isset ( $subaction ) AND isset ($_REQUEST['subaction']) ) $subaction = totranslit ($_REQUEST['subaction']); elseif(isset($subaction)) $subaction = totranslit($subaction); else $subaction = '';
337. if( isset ($_REQUEST['doaction']) ) $doaction = totranslit ($_REQUEST['doaction']); else $doaction = "";
338. if( $do == "tags" AND !$_GET['tag'] ) $do = "alltags";
339.  
340. $dle_module = $do;
341. if ($do == "" and ! $subaction and $year) $dle_module = "date";
342. elseif ($do == "" and $catalog) $dle_module = "catalog";
343. elseif ($do == "") $dle_module = $subaction;
344. if ($subaction == '' AND $newsid) $dle_module = "showfull";
345. $dle_module = $dle_module ? $dle_module : "main";
346.  
347. require_once ENGINE_DIR . '/classes/templates.class.php';
348.  
349. $tpl = new dle_template();
350.  
351. if ( ($config['allow_smartphone'] AND !$_SESSION['mobile_disable'] AND $tpl->smartphone) OR $_SESSION['mobile_enable'] ) {
352.  
353.     if ( @is_dir ( ROOT_DIR . '/templates/smartphone' ) ) {
354.  
355.         $config['skin'] = "smartphone";
356.         $smartphone_detected = true;
357.         $config['allow_comments_wysiwyg'] = 0;
358.  
359.     }
360.  
361. }
362.  
363. $tpl->dir = ROOT_DIR . '/templates/' . totranslit($config['skin'], false, false);
364.  
365. define ( 'TEMPLATE_DIR', $tpl->dir );
366.  
367. if (isset ( $_POST['set_new_sort'] ) AND $config['allow_change_sort']) {
368.    
369.     $allowed_sort = array (
370.                             'date',
371.                             'rating',
372.                             'news_read',
373.                             'comm_num',
374.                             'title' );
375.    
376.     $find_sort = str_replace ( ".", "", totranslit ( $_POST['set_new_sort'] ) );
377.     $direction_sort = str_replace ( ".", "", totranslit ( $_POST['set_direction_sort'] ) );
378.  
379.     if (in_array($_POST['dlenewssortby'], $allowed_sort) AND stripos($find_sort, "dle_sort_") === 0) {
380.        
381.         if ($_POST['dledirection'] == "desc" or $_POST['dledirection'] == "asc") {
382.            
383.             $_SESSION[$find_sort] = $_POST['dlenewssortby'];
384.             $_SESSION[$direction_sort] = $_POST['dledirection'];
385.             $_SESSION['dle_no_cache'] = "1";
386.        
387.         }
388.    
389.     }
390.  
391. }
392.  
393. if ($config['allow_registration']) {
394.    
395.     include_once ENGINE_DIR . '/modules/sitelogin.php';
396.    
397.     if ( isset( $banned_info['ip'] ) ) $blockip = check_ip ( $banned_info['ip'] );  else $blockip = false;
398.    
399.     if (($is_logged AND $member_id['banned'] == "yes") OR $blockip) include_once ENGINE_DIR . '/modules/banned.php';
400.  
401.     if ($is_logged) {
402.        
403.         set_cookie ( "dle_newpm", $member_id['pm_unread'], 365 );
404.  
405.         if( !isset($_COOKIE['dle_newpm']) ) $_COOKIE['dle_newpm'] = 0;
406.  
407.         if ($member_id['pm_unread'] > intval ( $_COOKIE['dle_newpm'] ) AND !$smartphone_detected) {
408.            
409.             include_once ENGINE_DIR . '/modules/pm_alert.php';
410.        
411.         }
412.    
413.     }
414.    
415.     if ($is_logged and $user_group[$member_id['user_group']]['time_limit']) {
416.        
417.         if ($member_id['time_limit'] != "" and (intval ( $member_id['time_limit'] ) < $_TIME)) {
418.            
419.             $db->query ( "UPDATE " . USERPREFIX . "_users set user_group='{$user_group[$member_id['user_group']]['rid']}', time_limit='' WHERE user_id='$member_id[user_id]'" );
420.             $member_id['user_group'] = $user_group[$member_id['user_group']]['rid'];
421.        
422.         }
423.     }
424.  
425. } else {
426.  
427.     $dle_login_hash = "";
428.     $_IP = get_ip();
429. }
430.  
431. if (!$is_logged) $member_id['user_group'] = 5;
432.  
433. $tpl->load_template( 'login.tpl' );
434.  
435. $tpl->set( '{login-method}', $config['auth_metod'] ? "E-Mail:" : $lang['login_metod'] );
436. $tpl->set( '{registration-link}', $PHP_SELF . "?do=register" );
437. $tpl->set( '{lostpassword-link}', $PHP_SELF . "?do=lostpassword" );
438. $tpl->set( '{logout-link}', $PHP_SELF . "?action=logout" );
439. $tpl->set( '{admin-link}', $config['http_home_url'] . $config['admin_path'] . "?mod=main" );
440. $tpl->set( '{pm-link}', $PHP_SELF . "?do=pm" );
441. $tpl->set( '{group}', $user_group[$member_id['user_group']]['group_prefix'].$user_group[$member_id['user_group']]['group_name'].$user_group[$member_id['user_group']]['group_suffix'] );
442.  
443. if ($is_logged) {
444.  
445.     $tpl->set( '{login}', $member_id['name'] );
446.     $tpl->set( '{new-pm}', $member_id['pm_unread'] );
447.     $tpl->set( '{all-pm}', $member_id['pm_all'] );
448.  
449.     if ($member_id['favorites']) {
450.         $tpl->set( '{favorite-count}', count(explode("," ,$member_id['favorites'])) );
451.     } else $tpl->set( '{favorite-count}', '0' );
452.  
453.     if ( count(explode("@", $member_id['foto'])) == 2 ) {
454.         $tpl->set( '{foto}', 'http://www.gravatar.com/avatar/' . md5(trim($member_id['foto'])) . '?s=' . intval($user_group[$member_id['user_group']]['max_foto']) );          
455.     } else {
456.         if( $member_id['foto'] and (file_exists( ROOT_DIR . "/uploads/fotos/" . $member_id['foto'] )) ) $tpl->set( '{foto}', $config['http_home_url'] . "uploads/fotos/" . $member_id['foto'] );
457.         else $tpl->set( '{foto}', "{THEME}/dleimages/noavatar.png" );
458.     }
459.  
460. } else {
461.     $member_id['name'] ='';
462.     $tpl->set( '{login}', '' );
463.     $tpl->set( '{new-pm}', '0' );
464.     $tpl->set( '{all-pm}', '0' );
465.     $tpl->set( '{favorite-count}', '0' );
466.     $tpl->set( '{foto}', "{THEME}/dleimages/noavatar.png" );
467.  
468. }
469.  
470. if($config['allow_social'] AND $config['allow_registration'] AND !$is_logged) {
471.  
472.     include_once (ENGINE_DIR . '/data/socialconfig.php');
473.  
474.     if( !$_SESSION['state'] ) $_SESSION['state'] = md5(uniqid(rand(), TRUE));
475.  
476.     if ( $social_config['vk'] ) {
477.  
478.         $social_params = array(
479.             'client_id'     => $social_config['vkid'],
480.             'redirect_uri'  => $config['http_home_url'] . "index.php?do=auth-social&provider=vk",
481.             'scope' => 'offline,wall,email',
482.             'state' => $_SESSION['state'],
483.             'response_type' => 'code'
484.         );
485.  
486.         $tpl->set( '[vk]', "" );
487.         $tpl->set( '[/vk]', "" );
488.         $tpl->set( '{vk_url}', 'http://oauth.vk.com/authorize'.'?' . http_build_query($social_params) );
489.  
490.     } else {
491.  
492.         $tpl->set_block( "'\\[vk\\](.*?)\\[/vk\\]'si", "" );
493.         $tpl->set( '{vk_url}', '' );
494.     }
495.  
496.     if ( $social_config['od'] ) {
497.  
498.         $social_params = array(
499.             'client_id'     => $social_config['odid'],
500.             'redirect_uri'  => $config['http_home_url'] . "index.php?do=auth-social&provider=od",
501.             'response_type' => 'code'
502.         );
503.  
504.         $tpl->set( '[odnoklassniki]', "" );
505.         $tpl->set( '[/odnoklassniki]', "" );
506.         $tpl->set( '{odnoklassniki_url}', 'http://www.odnoklassniki.ru/oauth/authorize'.'?' . http_build_query($social_params) );
507.  
508.     } else {
509.  
510.         $tpl->set_block( "'\\[odnoklassniki\\](.*?)\\[/odnoklassniki\\]'si", "" );
511.         $tpl->set( '{odnoklassniki_url}', '' );
512.     }
513.  
514.     if ( $social_config['fc'] ) {
515.  
516.         $social_params = array(
517.             'client_id'     => $social_config['fcid'],
518.             'redirect_uri'  => $config['http_home_url'] . "index.php?do=auth-social&provider=fc",
519.             'scope' => 'public_profile, email',
520.             'display' => 'popup',
521.             'state' => $_SESSION['state'],
522.             'response_type' => 'code'
523.         );
524.  
525.         $tpl->set( '[facebook]', "" );
526.         $tpl->set( '[/facebook]', "" );
527.         $tpl->set( '{facebook_url}', 'https://www.facebook.com/dialog/oauth'.'?' . http_build_query($social_params) );
528.  
529.     } else {
530.  
531.         $tpl->set_block( "'\\[facebook\\](.*?)\\[/facebook\\]'si", "" );
532.         $tpl->set( '{facebook_url}', '' );
533.     }
534.  
535.  
536.     if ( $social_config['google'] ) {
537.  
538.         $social_params = array(
539.             'client_id'     => $social_config['googleid'],
540.             'redirect_uri'  => $config['http_home_url'] . "index.php?do=auth-social&provider=google",
541.             'scope'         => 'https://www.googleapis.com/auth/userinfo.email https://www.googleapis.com/auth/userinfo.profile',
542.             'state' => $_SESSION['state'],
543.             'response_type' => 'code'
544.         );
545.  
546.         $tpl->set( '[google]', "" );
547.         $tpl->set( '[/google]', "" );
548.         $tpl->set( '{google_url}', 'https://accounts.google.com/o/oauth2/auth'.'?' . http_build_query($social_params) );
549.  
550.     } else {
551.  
552.         $tpl->set_block( "'\\[google\\](.*?)\\[/google\\]'si", "" );
553.         $tpl->set( '{google_url}', '' );
554.     }
555.  
556.     if ( $social_config['mailru'] ) {
557.  
558.         $social_params = array(
559.             'client_id'     => $social_config['mailruid'],
560.             'redirect_uri'  => $config['http_home_url'] . "index.php?do=auth-social&provider=mailru",
561.             'state' => $_SESSION['state'],
562.             'response_type' => 'code'
563.         );
564.  
565.         $tpl->set( '[mailru]', "" );
566.         $tpl->set( '[/mailru]', "" );
567.         $tpl->set( '{mailru_url}', 'https://connect.mail.ru/oauth/authorize'.'?' . http_build_query($social_params) );
568.  
569.     } else {
570.  
571.         $tpl->set_block( "'\\[mailru\\](.*?)\\[/mailru\\]'si", "" );
572.         $tpl->set( '{mailru_url}', '' );
573.     }
574.  
575.     if ( $social_config['yandex'] ) {
576.  
577.         $social_params = array(
578.             'client_id'     => $social_config['yandexid'],
579.             'redirect_uri'  => $config['http_home_url'] . "index.php?do=auth-social&provider=yandex",
580.             'state' => $_SESSION['state'],
581.             'response_type' => 'code'
582.         );
583.  
584.         $tpl->set( '[yandex]', "" );
585.         $tpl->set( '[/yandex]', "" );
586.         $tpl->set( '{yandex_url}', 'https://oauth.yandex.ru/authorize'.'?' . http_build_query($social_params) );
587.  
588.     } else {
589.  
590.         $tpl->set_block( "'\\[yandex\\](.*?)\\[/yandex\\]'si", "" );
591.         $tpl->set( '{yandex_url}', '' );
592.     }
593.  
594. } else {
595.  
596.     $_SESSION['state'] = false;
597.  
598.     $tpl->set_block( "'\\[vk\\](.*?)\\[/vk\\]'si", "" );
599.     $tpl->set( '{vk_url}', '' );
600.     $tpl->set_block( "'\\[odnoklassniki\\](.*?)\\[/odnoklassniki\\]'si", "" );
601.     $tpl->set( '{odnoklassniki_url}', '' );
602.     $tpl->set_block( "'\\[facebook\\](.*?)\\[/facebook\\]'si", "" );
603.     $tpl->set( '{facebook_url}', '' );
604.     $tpl->set_block( "'\\[google\\](.*?)\\[/google\\]'si", "" );
605.     $tpl->set( '{google_url}', '' );
606.     $tpl->set_block( "'\\[mailru\\](.*?)\\[/mailru\\]'si", "" );
607.     $tpl->set( '{mailru_url}', '' );
608.     $tpl->set_block( "'\\[yandex\\](.*?)\\[/yandex\\]'si", "" );
609.     $tpl->set( '{yandex_url}', '' );
610. }
611.  
612. if( $user_group[$member_id['user_group']]['icon'] ) $tpl->set( '{group-icon}', "<img src=\"" . $user_group[$member_id['user_group']]['icon'] . "\" alt=\"\" />" );
613. else $tpl->set( '{group-icon}', "" );
614.  
615. if ( $user_group[$member_id['user_group']]['allow_admin'] ) {
616.     $tpl->set( '[admin-link]', "" );
617.     $tpl->set( '[/admin-link]', "" );
618. } else {
619.     $tpl->set_block( "'\\[admin-link\\](.*?)\\[/admin-link\\]'si", "" );
620. }
621.  
622. if ($config['allow_alt_url']) {
623.     $tpl->set( '{profile-link}', $config['http_home_url'] . "user/" . urlencode ( $member_id['name'] ) . "/" );
624.     $tpl->set( '{stats-link}', $config['http_home_url'] . "statistics.html" );
625.     $tpl->set( '{addnews-link}', $config['http_home_url'] . "addnews.html" );
626.     $tpl->set( '{favorites-link}', $config['http_home_url'] . "favorites/" );
627.     $tpl->set( '{newposts-link}', $config['http_home_url'] . "newposts/" );
628.  
629. } else {
630.     $tpl->set( '{profile-link}', $PHP_SELF . "?subaction=userinfo&user=" . urlencode ( $member_id['name'] ) );
631.     $tpl->set( '{stats-link}', $PHP_SELF . "?do=stats" );
632.     $tpl->set( '{addnews-link}', $PHP_SELF . "?do=addnews" );
633.     $tpl->set( '{favorites-link}', $PHP_SELF . "?do=favorites" );
634.     $tpl->set( '{newposts-link}', $PHP_SELF . "?subaction=newposts" );
635.  
636. }
637.  
638. if ($is_logged AND strpos( $tpl->copy_template, "[xfvalue_" ) !== false) {
639.  
640.     $xfields = xfieldsload( true );
641.     $xfieldsdata = xfieldsdataload( $member_id['xfields'] );
642.  
643.     foreach ( $xfields as $value ) {
644.         $preg_safe_name = preg_quote( $value[0], "'" );
645.  
646.         if( empty( $xfieldsdata[$value[0]] ) ) {
647.  
648.             $tpl->copy_template = preg_replace( "'\\[xfgiven_{$preg_safe_name}\\](.*?)\\[/xfgiven_{$preg_safe_name}\\]'is", "", $tpl->copy_template );
649.             $tpl->copy_template = str_replace( "[xfnotgiven_{$value[0]}]", "", $tpl->copy_template );
650.             $tpl->copy_template = str_replace( "[/xfnotgiven_{$value[0]}]", "", $tpl->copy_template );
651.  
652.         } else {
653.             $tpl->copy_template = preg_replace( "'\\[xfnotgiven_{$preg_safe_name}\\](.*?)\\[/xfnotgiven_{$preg_safe_name}\\]'is", "", $tpl->copy_template );
654.             $tpl->copy_template = str_replace( "[xfgiven_{$value[0]}]", "", $tpl->copy_template );
655.             $tpl->copy_template = str_replace( "[/xfgiven_{$value[0]}]", "", $tpl->copy_template );
656.         }
657.  
658.         $tpl->copy_template = preg_replace( "'\\[xfvalue_{$preg_safe_name}\\]'i", stripslashes( $xfieldsdata[$value[0]] ), $tpl->copy_template );
659.  
660.     }
661.  
662. } else {
663.  
664.     $tpl->copy_template = preg_replace( "'\\[xfgiven_(.*?)\\](.*?)\\[/xfgiven_(.*?)\\]'is", "", $tpl->copy_template );
665.     $tpl->copy_template = preg_replace( "'\\[xfvalue_(.*?)\\]'i", "", $tpl->copy_template );
666.     $tpl->copy_template = preg_replace( "'\\[xfnotgiven_(.*?)\\](.*?)\\[/xfnotgiven_(.*?)\\]'is", "", $tpl->copy_template );
667.  
668. }
669.  
670. $tpl->compile( 'login_panel' );
671. $tpl->clear();
672.  
673. if ($config['site_offline']) include_once ENGINE_DIR . '/modules/offline.php';
674.  
675. require_once ENGINE_DIR . '/modules/calendar.php';
676.  
677. if ($config['allow_topnews']) include_once ENGINE_DIR . '/modules/topnews.php';
678.  
679. if ($config['rss_informer']) include_once ENGINE_DIR . '/modules/rssinform.php';
680.  
681. if ($config['allow_links']) include_once ENGINE_DIR . '/modules/links.php';
682.  
683. require_once ROOT_DIR . '/engine/engine.php';
684.  
685. if ($config['allow_votes'] ) include_once ENGINE_DIR . '/modules/vote.php';
686.  
687. if ( !defined('BANNERS') ) {
688.     if ($config['allow_banner']) include_once ENGINE_DIR . '/modules/banners.php';
689. }
690.  
691. if ($config['allow_tags']) include_once ENGINE_DIR . '/modules/tagscloud.php';
692.  
693. ?>