sql_escape(utf8_clean_string($_COOKIE[$config['cookie_name'] . "_sid"])); //$session_id = mysql_real_escape_string($_COOKIE[$config['cookie_name'] . "_sid"]); } if (isset($_GET['sid'])){ $session_id = $db->sql_escape(utf8_clean_string($_GET['sid'])); //$session_id = mysql_real_escape_string($_GET['sid']); } $request = ( isset($_POST['f']) ) ? (int) $_POST['f'] : 0; if($request==0){ $sql = "Select user_id, username, (unix_timestamp(now())-session_time<(" . $config['session_length'] . " + 60)) as online from " . SESSIONS_TABLE . " left join " . USERS_TABLE . " on session_user_id=user_id where session_id='" . $session_id . "'"; $result = $db->sql_query($sql); $row = $db->sql_fetchrow($result); $db->sql_freeresult($result); if($row['online']!='1'||$row['user_id']=='1'){ echo ""; }else{ $t1 = time(); $name_length = strlen($row['username']); if($name_length<10){ $name_length = '00' . $name_length; }else if($name_length<100){ $name_length = '0' . $name_length; } $hash = md5($t1 . $session_id . HASH_SEED); echo "" . $row['user_id'] . '&' . $session_id . '&' . $name_length . $row['username'] . $hash . $t1 . ""; } }else{ $sql = "Select user_avatar from " . SESSIONS_TABLE . " left join " . USERS_TABLE . " on session_user_id=user_id where session_id='" . $session_id . "'"; $result = $db->sql_query($sql); $row = $db->sql_fetchrow($result); $db->sql_freeresult($result); if($row['user_avatar']==''){ echo "0"; }else{ echo "/" . $php_root_path . "download/file.php?avatar=" . $row['user_avatar'] . ""; } } ?>