connectDB(); // Make new connection // Load the configuration for the admin interface $Config = $DB->query_fetchDB(" SELECT config_name, config_value FROM ot_config WHERE autoload = 'yes' ORDER BY id ASC "); // Fetch config from DB for($i = 0; $i < count($Config); $i++) { define("CONF_" . strtoupper(stripslashes($Config[$i]['config_name'])), stripslashes($Config[$i]['config_value'])); } // Load the user if(($_SERVER['SERVER_NAME'] . $_SERVER['PHP_SELF'] != CONF_URL . "/admin/login.php") && ($_SERVER['SERVER_NAME'] . $_SERVER['PHP_SELF'] != CONF_URL . "/admin/user-activate.php")) // Not the login or activation page? { if( ! empty($_SESSION['logged_in']) && ! empty($_SESSION['id'])) // Session exists { if(md5($_SESSION['id'].$_SERVER['REMOTE_ADDR']) == $_SESSION['logged_in']) // Acceptable session? { $User = $DB->query_fetchDB(" SELECT u.id, u.user_login, u.user_realname, u.user_email, u.user_url, u.user_registered FROM ot_users AS u INNER JOIN ot_users_level AS l ON l.user_id = u.id && l.level_key = 'panel' && l.level_value = 'true' WHERE u.id = '" . addslashes($_SESSION['id']) . "' && u.user_status = 'active' LIMIT 1 "); // Fetch user if($User) // User exists? { define("USER_ID", $User['0']['id']); define("USER_LOGIN", stripslashes($User['0']['user_login'])); define("USER_REALNAME", stripslashes($User['0']['user_realname'])); define("USER_EMAIL", stripslashes($User['0']['user_email'])); define("USER_URL", stripslashes($User['0']['user_url'])); define("USER_REGISTERED", stripslashes($User['0']['user_login'])); $Levels = $DB->query_fetchDB(" SELECT level_key, level_value FROM ot_users_level WHERE user_id = '" . $User['0']['id'] . "' "); // Fetch levels from DB if($Levels) { for($i = 0; $i < count($Levels); $i++) { define("USER_LEVEL_" . strtoupper(stripslashes($Levels[$i]['level_key'])), stripslashes($Levels[$i]['level_value'])); } } } else { header("Location: logout.php"); // Logout !!! Session Hi-jacking !!! die(); } } else { header("Location: logout.php"); // Logout !!! Session Hi-jacking !!! die(); } } else // Guest !!! Not permitted !!! { header("Location: logout.php"); // Logout !!! Session Hi-jacking !!! die(); } } // Update userinfo user_info(); ?>