<?php

session_start();

include("../classes/db.class.php"); // Load the DB

include("../functions/error.func.php"); // Load errors 
include("../functions/files.func.php"); // Load file functions
include("../functions/forms.func.php"); // Load the forms
include("../functions/datetime.func.php"); // Load datetime
include("../functions/mail.func.php"); // Load mail
include("../functions/userinfo.func.php"); // Load userinfo

// Connect to the DB

$DB = new DB; // New DB
$DB->connectDB(); // Make new connection

// Load the configuration for the admin interface

$Config = $DB->query_fetchDB("
    SELECT config_name, config_value
    FROM ot_config
    WHERE autoload = 'yes'
    ORDER BY id ASC
"); // Fetch config from DB

for($i = 0; $i < count($Config); $i++)
{
    define("CONF_" . strtoupper(stripslashes($Config[$i]['config_name'])), stripslashes($Config[$i]['config_value']));
}

// Load the user

if(($_SERVER['SERVER_NAME'] . $_SERVER['PHP_SELF'] != CONF_URL . "/admin/login.php") && ($_SERVER['SERVER_NAME'] . $_SERVER['PHP_SELF'] != CONF_URL . "/admin/user-activate.php")) // Not the login or activation page?
{
    if( ! empty($_SESSION['logged_in']) && ! empty($_SESSION['id'])) // Session exists
    {
        if(md5($_SESSION['id'].$_SERVER['REMOTE_ADDR']) == $_SESSION['logged_in']) // Acceptable session?
        {
            $User = $DB->query_fetchDB("
                SELECT u.id, u.user_login, u.user_realname, u.user_email, u.user_url, u.user_registered
                FROM ot_users AS u
                INNER JOIN ot_users_level AS l
                ON l.user_id = u.id && l.level_key = 'panel' && l.level_value = 'true'
                WHERE u.id = '" . addslashes($_SESSION['id']) . "' &&
                      u.user_status = 'active'
                LIMIT 1
            "); // Fetch user

            if($User) // User exists?
            {
                define("USER_ID", $User['0']['id']);
                define("USER_LOGIN", stripslashes($User['0']['user_login']));
                define("USER_REALNAME", stripslashes($User['0']['user_realname']));
                define("USER_EMAIL", stripslashes($User['0']['user_email']));
                define("USER_URL", stripslashes($User['0']['user_url']));
                define("USER_REGISTERED", stripslashes($User['0']['user_login']));

                $Levels = $DB->query_fetchDB("
                    SELECT level_key, level_value
                    FROM ot_users_level
                    WHERE user_id = '" . $User['0']['id'] . "'
                "); // Fetch levels from DB

                if($Levels)
                {
                    for($i = 0; $i < count($Levels); $i++)
                    {
                        define("USER_LEVEL_" . strtoupper(stripslashes($Levels[$i]['level_key'])), stripslashes($Levels[$i]['level_value']));
                    }
                }
            }
            else
            {
                header("Location: logout.php"); // Logout !!! Session Hi-jacking !!!
                die();
            }
        }
        else
        {
            header("Location: logout.php"); // Logout !!! Session Hi-jacking !!!
            die();
        }
    }
    else // Guest !!! Not permitted !!!
    {
        header("Location: logout.php"); // Logout !!! Session Hi-jacking !!!
        die();
    }
}


// Update userinfo

user_info();

?>