هزینه میدم این کد رو برام درست کنید

[amirazizi]

با سلام.

5 هزار تومان + یک تشکر میدم فایل زیر رو بررسی کنید و برام شرط اولش رو بردارید.

هر کاری می کنم شرط اول رو بر میدارم کار بهم میریزه.

کد:

<?php
    session_start();
    //---- Check User Request Sender IS Admin  :: LEVEl 1
        if  (isset($_SESSION['etchat_db1_user_priv']) and isset($_SESSION['etchat_db1_username']) and isset($_SESSION['etchat_db1_user_id']) ){
            $Req_userMode = $_SESSION['etchat_db1_user_priv'];
            if ($Req_userMode != "admin"){
            $site_name = $_SERVER['SERVER_NAME'] ;
            
            header("Location: http://$site_name");
            exit;
            return false;
            }
            
        }else{
            $site_name = $_SERVER['SERVER_NAME'] ;
            header("Location: http://$site_name");
            exit;
            return false;
        }

    // check user panel Allow ?  === LEVEL 2 
        $usr_name = md5("0930".$_SESSION['etchat_db1_username']."800");
        $usr_id = $_SESSION['etchat_db1_user_id'];
        $sqliq="select usernames from user_panel where panel_name = 'admin'";
        $my_row2 = mysql_fetch_array(mysql_query($sqliq));
        $tag_string2 = $my_row2['usernames'];
        $usrstags = preg_split("/[\s,]+/", $tag_string2);
        $my_array = array($usrstags);
        //var_dump($my_array);
        //echo $usr_name;
        if (!in_array($usr_name,$usrstags)){
                $site_name2 = $_SERVER['SERVER_NAME'];
                header("Location: http://$site_name2/admin/login");
                exit();
                return false;
        }
        // LEVEL 3
        $sqlib="select allowpnl from db1_etchat_user where etchat_user_id = '$usr_id'";
        $my_row3 = mysql_fetch_array(mysql_query($sqlib));
        $allow_mypnl = $my_row3['allowpnl'];
        if ($allow_mypnl != '1'){
                $site_name2 = $_SERVER['SERVER_NAME'];
                header("Location: http://$site_name2/admin/login");
                exit();
                return false;
        }
        
        // check LEVEL 4
        if(!isset($_SESSION['secret']))
        {
            $site_name2 = $_SERVER['SERVER_NAME'];
            header("Location: http://$site_name2/admin/login");
            exit();
            return false;
        }else{
            $hash1=$_COOKIE["secret"];
            $ip=$_SERVER["REMOTE_ADDR"] ;
            $hash2=$_SESSION['secret'];
            $hash2Check=md5($hash1.$ip);
            if($hash2Check != $hash2)
            {
                $site_name2 = $_SERVER['SERVER_NAME'];
                header("Location: http://$site_name2/admin/login");
                exit();
            }    
        }
        
            // Check admins permisions
            $actual_link2 = "http://$_SERVER[HTTP_HOST]$_SERVER[REQUEST_URI]";
            $permison_pages = $_SESSION['adminpnl_permissions'];
            $url = $_SERVER['REQUEST_URI'];
            $url_splits = parse_url($url);
            $path = $url_splits['path'];
            $each_elemts = explode("/",$path);
            if (in_array("disableall", $permison_pages))
                {
                include_once('dontallow.php');
                exit;
                return false;
            }
            foreach($permison_pages as $x=>$x_value)
            {
            if (!empty($x_value)){
                if (in_array($x_value, $each_elemts))
                {
                include_once('dontallow.php');
                exit;
                return false;
                }
                else
                {
                 
                }
            }    
            }                    

?>