<? defined('_JEXEC') or die('Hozzáférés megtagadva');
/* if (file_exists('../inc/config.php')) include_once ('../inc/config.php'); */
if (file_exists('inc/config.php')) include_once ('inc/config.php');

session_start();
header("Content-Type: text/html; charset=utf-8");

$sqltable = "users";

if (!isset($_COOKIE['hirdetes_cookie'])) {
	setcookie("hirdetes_cookie", "active", time()+1800); // 30 perc
	$_SESSION['hird'] = 1;
}
else {
	$_SESSION['hird'] = 0;
}

if (!isset($_SESSION['usertype'])) $_SESSION['usertype'] = 'user';

// NYELVI BEALLITASOK
if (!isset($_SESSION['nyelv'])) {
    if (!isset($_GET['lang'])) $_GET['lang'] = $config['default_lang_kod'];
    $query = mysql_query("
        SELECT id, code
        FROM nyelvek
        WHERE active=1
        ORDER BY FIELD(code, '".$_GET['lang']."') DESC
        LIMIT 1;
    ") or die(mysql_error()." - auth.php, alapertelmezett nyelv beallitasa");
    $_SESSION['nyelv'] = mysql_fetch_array($query, MYSQL_ASSOC);
}

unset($_SESSION['penznem']);

if (!isset($_SESSION['penznem'])) {
    $query = mysql_query("
        SELECT penznem_id id, penznem_nev nev, penznem_jel jel, penznem_kod kod, penznem_szorzo szorzo
        FROM penznem
        WHERE penznem_active=1
        ORDER BY FIELD(penznem_id, '".$config['default_curr_id']."') DESC
        LIMIT 1;
    ") or die(mysql_error()." - auth.php, alapertelmezett penznem beallitasa");
    $_SESSION['penznem'] = mysql_fetch_array($query, MYSQL_ASSOC);
}


if (isset($_GET['lang'])) $_SESSION['lang_code'] = $_GET['lang'];
if (isset($_SESSION['lang_code']) && $_SESSION['lang_code']=="en") {
	$_SESSION['lang'] = "2";
	$_SESSION['url_lang_code'] = "en/";
}
else { // alapertelmezett
	$_SESSION['lang_code'] = "hu";
	$_SESSION['lang'] = "1";
	$_SESSION['url_lang_code'] = "";
}

if (!isset($_SESSION['afa'])) {
	$sql_afa = mysql_query("SELECT ertek FROM konfig WHERE beallitas='afakulcs'");
	$afakulcs = mysql_fetch_array($sql_afa);
	$_SESSION['afa'] = $afakulcs[0];
}

if (isset($_POST['action']) && $_POST['action']=="login" && isset($_POST['query_string']) && $_POST['query_string']) {
	$username = mysql_real_escape_string($_POST['username']);
	$password = mysql_real_escape_string($_POST['password']);

    $loginerrors = array();
	if (!$username) $loginerrors[] = 'Adja meg e-mail címét';
	if (!$password) $loginerrors[] = 'Adja meg jelszavát';

	if (count($loginerrors) == 0) {
       // cookie ellenorzes
       if (!empty($_POST['stay_in'])) {
             $joined =''.$username.'[]'.md5($password).'';
             setcookie('login_cookie', $joined, 2147483647);
    	}

    	$get_user = mysql_query("
            SELECT
                user_id,
                IFNULL(user_nev, user_username) user_cim_nev,
                user_tipus,
                user_email,
                user_def_szall_user_cim_id
            FROM user
            WHERE user_username='".addslashes($username)."'
                AND user_password='".md5($password)."'
                AND (user_tipus='admin' OR user_tipus='user');
        ") or die(mysql_error()." - auth.php, felhasználó adatainak lekérdezése");
    	if (mysql_num_rows($get_user) > 0) { // BEJELENTKEZETT

            $user = mysql_fetch_array($get_user);
    		mysql_query("UPDATE user SET user_last_ip='".$_SERVER['REMOTE_ADDR']."', user_last_visit_datum=NOW(), user_visit_count=user_visit_count+1 WHERE user_username='".$_POST['username']."' AND user_password='".md5($_POST['password'])."'");

    		$_SESSION['logged_in'] = 1;
    		$_SESSION['userid'] = $user['user_id'];
    		$_SESSION['username'] = $username;
    		$_SESSION['email'] = $user['user_email'];
    		$_SESSION['user_def_szall_user_cim_id'] = $user['user_def_szall_user_cim_id'];
    		$_SESSION['usertype'] = $user['user_tipus'];
            if ($_SESSION['usertype']=='admin') $_SESSION['KCFINDER'] = array('disabled' => false);
			$_SESSION['fullname'] = $user['user_cim_nev'];
			$_SESSION['loginerrorstr'] = "";
    		session_write_close();

			// a dupla aktiválás miatt nem lehet önmagára dobni ha aktiválás után lép be
			$hova = $_POST['query_string']!="q" ? $_POST['query_string'] : $_SERVER['PHP_SELF'];
			header("Location: $hova");
    	}
        else {
            $loginerrors[] = 'Hibás e-mail cím, vagy jelszó';
        }
    }
    if (count($loginerrors) > 0) {
        $_SESSION['loginerrorstr'] = '<div class="ui-state-error ui-corner-all"><ul>';
        foreach($loginerrors AS $loginerror) {
            $_SESSION['loginerrorstr'] .= '<li><span class="ui-icon ui-icon-alert" style="float:left; margin-right:.3em;"></span>'.$loginerror.'</li>';
        }
        $_SESSION['loginerrorstr'] .= '</ul></div>';
    }
}
// cookie ellenorzes
if (isset($_COOKIE['login_cookie']) && (!isset($_SESSION['logged_in']) || $_SESSION['logged_in'] != 1)) {
    list($user, $pass) = explode('[]', $_COOKIE['login_cookie']);
	$get_user = mysql_query("
        SELECT
            user_id,
            IFNULL(user_nev, user_username) user_cim_nev,
            user_tipus,
            user_email,
            user_def_szall_user_cim_id
        FROM user
        WHERE user_username='".addslashes($user)."'
            AND user_password='".md5($pass)."'
            AND (user_tipus='admin' OR user_tipus='user');
    ") or die(mysql_error()." - auth.php, felhasznalo adatainak lekerdezese cookie alapjan");

    if (mysql_num_rows($get_user) > 0) {

        $user = mysql_fetch_array($get_user);
		mysql_query("UPDATE user SET user_last_ip='".$_SERVER['REMOTE_ADDR']."', user_last_visit_datum='NOW()', user_visit_count=user_visit_count+1 WHERE user_username='".addslashes($user['username'])."' AND user_password='".$pass."'");

    	$_SESSION['logged_in'] = 1;
    	$_SESSION['username'] = $user['user_username'];
		$_SESSION['fullname'] = $user['user_cim_nev'];
    	$_SESSION['usertype'] = $user['user_tipus'];
        if ($_SESSION['usertype']=='admin') $_SESSION['KCFINDER'] = array('disabled' => false);
		$_SESSION['user_def_szall_user_cim_id'] = $user['user_def_szall_user_cim_id'];
    	$_SESSION['userid'] = $user['user_id'];
    	$_SESSION['email'] = $user['user_email'];
    	session_write_close();
    }
}
if(!isset($_SESSION['username'])) {
   $_SESSION['logged_in'] = 0;
   $user = "Guest";
}
if(isset($_GET['action']) && $_GET['action']=="logout"){
	$_SESSION = array();
	setcookie('login_cookie', "", time() - 60);
	session_destroy();
	header("Location: $_SERVER[PHP_SELF]");
}

?>