PConnect($DBHOST, $DBUSER, $DBPASSWORD, $DBNAME); @mysql_query("SET NAMES 'UTF8'"); $sql = "SELECT * from config"; $rsc = $conn->Execute($sql); if($rsc){while(!$rsc->EOF) { $field = $rsc->fields['setting']; $config[$field] = $rsc->fields['value']; STemplate::assign($field, strip_mq_gpc($config[$field])); @$rsc->MoveNext(); }} if ($_REQUEST['language'] != "") { if ($_REQUEST['language'] == "english") { $_SESSION['language'] = "english"; } elseif ($_REQUEST['language'] == "spanish") { $_SESSION['language'] = "spanish"; } elseif ($_REQUEST['language'] == "french") { $_SESSION['language'] = "french"; } } if ($_SESSION['language'] == "") { $_SESSION['language'] = "english"; } if ($_SESSION['language'] == "english") { include("lang/english.php"); } elseif ($_SESSION['language'] == "spanish") { include("lang/spanish.php"); } elseif ($_SESSION['language'] == "french") { include("lang/french.php"); } else { include("lang/english.php"); } for ($i=0; $i $value) { if ($key != 'sig') { $payload .= $key . '=' . $value; } } if (md5($payload . $application_secret) != $args['sig']) { return null; } return $args; } $code = $_REQUEST['code']; if($code != "") { $my_url = $config['baseurl']."/"; $token_url = "https://graph.facebook.com/oauth/access_token?" . "client_id=" . $A . "&redirect_uri=" . urlencode($my_url) . "&client_secret=" . $B . "&code=" . $code; $response = @file_get_contents($token_url); $params = null; parse_str($response, $params); $graph_url = "https://graph.facebook.com/me?access_token=" . $params['access_token']; $user = json_decode(file_get_contents($graph_url)); $fname = htmlentities(strip_tags($user->name), ENT_COMPAT, "UTF-8"); $femail = htmlentities(strip_tags($user->email), ENT_COMPAT, "UTF-8"); $query="SELECT USERID FROM members WHERE email='".mysql_real_escape_string($femail)."' limit 1"; $executequery=$conn->execute($query); $FUID = intval($executequery->fields['USERID']); if($FUID > 0) { $query="SELECT USERID,email,username,verified from members WHERE USERID='".mysql_real_escape_string($FUID)."' and status='1'"; $result=$conn->execute($query); if($result->recordcount()>0) { $query="update members set lastlogin='".time()."' WHERE USERID='".mysql_real_escape_string($FUID)."'"; $conn->execute($query); $_SESSION['USERID']=$result->fields['USERID']; $_SESSION['EMAIL']=$result->fields['email']; $_SESSION['USERNAME']=$result->fields['username']; $_SESSION['VERIFIED']=$result->fields['verified']; $_SESSION['FB']="1"; header("Location:$config[baseurl]/account");exit; } } else { $md5pass = md5(generateCode(5).time()); if($fname != "" && $femail != "") { $query="INSERT INTO members SET email='".mysql_real_escape_string($femail)."',username='".mysql_real_escape_string($fname)."', password='".mysql_real_escape_string($md5pass)."', addtime='".time()."', lastlogin='".time()."', verified='1'"; $result=$conn->execute($query); $userid = mysql_insert_id(); if($userid != "" && is_numeric($userid) && $userid > 0) { $query="SELECT USERID,email,username,verified from members WHERE USERID='".mysql_real_escape_string($userid)."'"; $result=$conn->execute($query); $SUSERID = $result->fields['USERID']; $SEMAIL = $result->fields['email']; $SUSERNAME = $result->fields['username']; $SVERIFIED = $result->fields['verified']; $_SESSION['USERID']=$SUSERID; $_SESSION['EMAIL']=$SEMAIL; $_SESSION['USERNAME']=$SUSERNAME; $_SESSION['VERIFIED']=$SVERIFIED; $_SESSION['FB']="1"; header("Location:$config[baseurl]/account");exit; } } } } } } ?>