<?php
    set_error_handler("myErrorHandler");
    function myErrorHandler($errno, $errstr, $errfile, $errline)
    {
        switch ($errno) {
            case E_USER_ERROR:
                error_log("[E_USER_ERROR] " . $_SERVER['REQUEST_URI'] . ": [" . $errno . "] " . $errstr . " LINE " . $errline . " IN " . $errfile);
                die;
            case E_USER_WARNING:
                error_log("[E_USER_WARNING] " . $_SERVER['REQUEST_URI'] . ": [" . $errno . "] " . $errstr . " LINE " . $errline . " IN " . $errfile);
                die;
            case E_USER_NOTICE:
                error_log("[E_USER_NOTICE] " . $_SERVER['REQUEST_URI'] . ": [" . $errno . "] " . $errstr . " LINE " . $errline . " IN " . $errfile);
                break;
            case E_DEPRECATED:
                error_log("[E_DEPRECATED] " . $_SERVER['REQUEST_URI'] . ": [" . $errno . "] " . $errstr . " LINE " . $errline . " IN " . $errfile);
                break;
            default:
                error_log("[DEFAULT] " . $_SERVER['REQUEST_URI'] . ": [" . $errno . "] " . $errstr . " LINE " . $errline . " IN " .$errfile);
                break;
        }
    }

    define('INDEX.PHP', 1);
    
    date_default_timezone_set('America/Montreal');

    require_once('include/config.php');
    require_once('include/functions/connect.php');
    require_once('include/functions/general.php');
    require_once('include/functions/output.php');
    require_once('include/functions/ip_decode.php');
    require_once('include/functions/ip_encode.php');
    require_once('include/functions/maxmind.php');

    $login_attempt_made = 0;
    
    $_login_email = isset($_POST['login_email']) ? $_POST['login_email'] : (isset($_COOKIE['login_email']) ? $_COOKIE['login_email'] : '');
    $_login_password = isset($_POST['login_password']) ? "'" . md5(strtolower(rq($_POST['login_password']))) . "'" : (isset($_COOKIE['login_password']) ? sq($_COOKIE['login_password']) : "''");
    
    if (isset($_POST['login_email']) && isset($_POST['login_password']))
    {
        $login_attempt_made = 1;
    }
    
    $members = mysqli_query_logged("SELECT * FROM members WHERE email = " . sq($_login_email) . " AND password = " . $_login_password);
    if ($members_row = mysqli_fetch_assoc($members))
    {
        if ($login_attempt_made)
        {
            make_cookie('login_email', $members_row['email'], 356);
            make_cookie('login_password', $members_row['password']);
            make_cookie('notice', 'Login Successful');
            header('Location: ./?' . $_SERVER['QUERY_STRING']);
            die;
        }
    }
    else
    {
        if ($login_attempt_made)
        {
            kill_cookie('login_email');
            kill_cookie('login_password');
            make_cookie('notice', 'Login Failed');
            header('Location: ./?' . $_SERVER['QUERY_STRING']);
            die;
        }
        $members_row['id'] = null;
        $members_row['email'] = null;
        $members_row['password'] = null;
    }
    
    if (isset($_COOKIE['login_email']))
    {
        unset($_COOKIE['login_email']);
    }
    if (isset($_COOKIE['login_password']))
    {
        unset($_COOKIE['login_password']);
    }
    $_login_password = '';
    
    $members_row = set_permissions($members_row);

    if ($members_row['emulate'] && isset($_COOKIE['emulate']))
    {
        $members2 = mysqli_query_logged("SELECT * FROM members WHERE email = " . sq($_COOKIE['emulate']));
        if ($members2_row = mysqli_fetch_assoc($members2))
        {
               $members_row = set_permissions($members2_row); 
        }
       }

    $GLOBALS['auth'] = $members_row;
    
    $_notice = isset($_COOKIE['notice']) ? $_COOKIE['notice'] : null;
    if (isset($_COOKIE['notice']))
    {
        kill_cookie('notice');
    }
    
    if ($GLOBALS['auth']['id'])
    {
        mysqli_query_logged("REPLACE INTO members_laston SET user_id = '" . $GLOBALS['auth']['id'] . "'");
    }
    
    mysqli_query_logged("REPLACE INTO stats_ips SET user_id = '" . $members_row['id'] . "', ip = '" . server('REMOTE_ADDR') . "', country = '" . ip2country() . "'");

    $_load_file_name = isset($_GET['a']) ? 'action/' . $_GET['a'] : (isset($_GET['aa']) ? 'action/admin/' . $_GET['aa'] : (isset($_GET['am']) ? 'action/member/' . $_GET['am'] : (isset($_GET['g']) ? 'graphic/' . $_GET['g'] : (isset($_GET['j']) ? 'ajax/' . $_GET['j'] : (isset($_GET['s']) ? 'show/' . $_GET['s'] : (isset($_GET['sa']) ? 'show/admin/' . $_GET['sa'] : (isset($_GET['sm']) ? 'show/member/' . $_GET['sm'] : (isset($_GET['jm']) ? 'ajax/member/' . $_GET['jm'] : (isset($_GET['ja']) ? 'ajax/admin/' . $_GET['ja'] : '')))))))));

    $include = '';
    if ($_load_file_name && strpos($_load_file_name, '.') === false)
    {
        if (is_file('include/' . $_load_file_name . '.php'))
        {
            if (strpos($_load_file_name, '/admin/') !== false && !$GLOBALS['auth']['sysop'])
            {
                //NOTHING
            }
            elseif (strpos($_load_file_name, '/member/') !== false && !$GLOBALS['auth']['id'])
            {
                //NOTHING
            }
            else
            {
                $include = 'include/' . $_load_file_name . '.php';
            }
        }
        else
        {
            $include = 'include/show/error.php';
        }
    }

    if ($include == '')
    {
        header('Location: ./?s=home');
        die;
    }
    
    mysqli_query_logged("DELETE FROM tiles_pending WHERE due_date < NOW()");

    $_action = isset($_GET['a']) ? trim($_GET['a']) : null;
    $_back = isset($_GET['b']) ? trim(str_replace('@', '&', $_GET['b'])) : null;
    $_display = isset($_GET['d']) ? trim($_GET['d']) : null;
    $_error = isset($_GET['e']) ? trim($_GET['e']) : null;
    $_graphic = isset($_GET['g']) ? trim($_GET['g']) : null;
    $_id = isset($_GET['i']) ? $_GET['i'] : null;
    $_ajax = isset($_GET['j']) ? trim($_GET['j']) : null;
    $_order = isset($_GET['o']) ? trim($_GET['o']) : null;
    $_page = isset($_GET['p']) ? $_GET['p'] : null;
    $_page = $_page > 0 ? $_page : 1;
    $_show = isset($_GET['s']) ? trim($_GET['s']) : null;
    $_user = isset($_GET['u']) ? trim($_GET['u']) : null;
    $_x = isset($_GET['x']) ? $_GET['x'] : null;
    $_x = $_x > 0 ? $_x : 0;
    $_y = isset($_GET['y']) ? $_GET['y'] : null;
    $_y = $_y > 0 ? $_y : 0;

    if ($include)
    {
        include($include);
    }
 
       function set_permissions($user)
    {
        $user['sysop'] = false;
        $default_perms = mysqli_query_logged("SELECT DISTINCT permission FROM permissions");
        while ($default_perm = mysqli_fetch_assoc($default_perms))
        {
            $user[$default_perm['permission']] = false;    
        }
        if ($user['id'])
        {
            $permissions = mysqli_query_logged("SELECT permission, ip FROM permissions WHERE user_id = '" . $user['id'] . "'");
            while ($permission = mysqli_fetch_assoc($permissions))
            {    
                if ($permission['ip'] == '' || $permission['ip'] == $_SERVER['REMOTE_ADDR'])
                {
                    $user[$permission['permission']] = true;
                    if ($user['sysop'] == false)
                    {
                        $user['sysop'] = true;
                    }
                }
            }
        }
        return $user;
    }
?>