if (!$logo_url) { $error = true; $sysmsg[] = __('logo_url_error'); } if (!$error) { $ins = array('logo_url' => $logo_url); $db->query_unbuffered("update {$tpf}users set " . $db->sql_array($ins) . " where userid='{$pd_uid}'"); $sysmsg[] = __('logo_url_update_success'); redirect('back', $sysmsg); } else { redirect('back', $sysmsg); } } elseif ($task == 'mod_pro') { form_auth(gpc('formhash', 'P', ''), formhash()); $space_name = trim(gpc('space_name', 'P', '')); if (checklength($space_name, 1, 250)) { $error = true; $sysmsg[] = __('space_name_error'); } if (!$error) { $ins = array('space_name' => htmlspecialchars($space_name)); $db->query_unbuffered("update {$tpf}users set " . $db->sql_array($ins) . " where userid='{$pd_uid}'"); $sysmsg[] = __('space_name_update_success'); redirect('back', $sysmsg); } else { redirect('back', $sysmsg); } } elseif ($task == 'mod_domain') { auth_task_mod_domain(); } elseif ($task == 'space_pwd') { auth_task_space_pwd();
$db->query_unbuffered("delete from {$tpf}folders where folder_id='{$folder_id}' and userid='{$pd_uid}'"); $sysmsg[] = __('delete_folder_success'); redirect($ref, $sysmsg); } else { $ref = $_SERVER['HTTP_REFERER']; $folder_name = @$db->result_first("select folder_name from {$tpf}folders where folder_id='{$folder_id}' and userid='{$pd_uid}'"); require_once template_echo($item, $user_tpl_dir); } break; case 'modify_folder': $folder_id = (int) gpc('folder_id', 'GP', 0); if ($task == 'modify_folder') { form_auth(gpc('formhash', 'P', ''), formhash()); $folder_name = trim(gpc('folder_name', 'P', '')); $pid = (int) gpc('pid', 'P', 0); if (checklength($folder_name, 1, 150)) { $error = true; $sysmsg[] = __('folder_name_error'); } elseif (strpos($folder_name, "'") !== false) { $error = true; $sysmsg[] = "不能含有单引号等特殊字符"; } if ($folder_id == $pid) { $error = true; $sysmsg[] = __('folder_id_pid_not_same'); } $num = @$db->result_first("select count(*) from {$tpf}folders where folder_name='{$folder_name}' and folder_id<>'{$folder_id}' and userid='{$pd_uid}'"); if ($num) { $error = true; $sysmsg[] = __('folder_exists'); }
} else { $ref = $_SERVER['HTTP_REFERER']; $cs_name = @$db->result_first("select cs_name from {$tpf}course_chapter_section where csid='{$cs_id}' "); require_once template_echo($item, $user_tpl_dir); } break; case 'modify_chapter_section': $cs_id = (int) gpc('cs_id', 'GP', 0); $course_id = (int) gpc('course_id', 'GP', 0); $error = $cs_id && $course_id ? false : true; if ($task == 'modify_chapter_section') { form_auth(gpc('formhash', 'P', ''), formhash()); $cs_name = trim(gpc('cs_name', 'P', '')); $pid = (int) gpc('pid', 'P', ''); $description = gpc('description', 'P', ''); if (checklength($cs_name, 1, 150)) { $error = true; $sysmsg[] = "章节名称长度非法,增加失败"; } elseif (strpos($cs_name, "'") !== false) { $error = true; $sysmsg[] = "不能含有单引号等特殊字符"; } $num = @$db->result_first("select count(*) from {$tpf}course_chapter_section where course_id<>'{$course_id}' and cs_name='{$cs_name}'"); if ($num) { $error = true; $sysmsg[] = "你开设的章节中,已经存在相同名称的章节"; } if (!$error) { $ins = array('cs_name' => $cs_name, 'description' => $description, 'course_id' => $course_id, 'parent_id' => $pid, 'update_date' => time()); $db->query_unbuffered("update {$tpf}course_chapter_section set " . $db->sql_array($ins) . " where csid='{$cs_id}'"); $sysmsg[] = "修改章节成功";
$error = true; $sysmsg[] = __('online_demo_deny'); } if ($password) { if (checklength($password, 6, 20)) { $error = true; $sysmsg[] = __('invalid_password'); } else { $md5_pwd = md5($password); } } else { $rs = $db->fetch_one_array("select password from {$tpf}users where userid='{$uid}'"); $md5_pwd = $rs['password']; } if ($income_pwd) { if (checklength($income_pwd, 6, 20)) { $error = true; $sysmsg[] = __('invalid_password'); } else { $income_pwd = md5($income_pwd); } } else { $income_pwd = @$db->result_first("select income_pwd from {$tpf}users where userid='{$uid}'"); } if ($gid > 1) { $rs = $db->fetch_one_array("select count(*) as total from {$tpf}users where gid=1 and userid<>'{$uid}'"); if (!$rs['total']) { $error = true; $sysmsg[] = __('only_one_admin'); } unset($rs);
unset($rs); } else { redirect("javascript:history.back()", $sysmsg); } } require_once template_echo('pd_account', $user_tpl_dir); break; case 'reset_pwd': $code = trim(gpc('code', 'GP', '')); $code = strlen($code) > 32 ? substr($code, 0, 32) : $code; if ($task == 'reset_pwd') { form_auth(gpc('formhash', 'P', ''), formhash()); $pwd = trim(gpc('pwd', 'P', '')); $pwd2 = trim(gpc('pwd2', 'P', '')); $userid = (int) gpc('userid', 'P', 0); if (checklength($pwd, 6, 20)) { $error = true; $sysmsg[] = __('user_password_false'); } if ($pwd != $pwd2) { $error = true; $sysmsg[] = __('confirm_pwd_not_same'); } else { $md5_pwd = md5($pwd); } if (!$userid || !$code) { $error = true; $sysmsg[] = '参数错误'; } else { $num = @$db->result_first("select count(*) from {$tpf}users where reset_code='{$code}' and userid='{$userid}'"); if (!$num) {
case 'mail_test': admin_no_power($task, 12, $pd_uid); if ($task == 'mail_test') { form_auth(gpc('formhash', 'P', ''), formhash()); $receive_address = trim(gpc('receive_address', 'P', '')); $mail_subject = trim(gpc('mail_subject', 'P', '')); $mail_content = trim(gpc('mail_content', 'P', '')); if (!checkemail($receive_address)) { $error = true; $sysmsg[] = __('email_address_error'); } if (checklength($mail_subject, 2, 80)) { $error = true; $sysmsg[] = __('email_subject_error'); } if (checklength($mail_content, 2, 250)) { $error = true; $sysmsg[] = __('email_content_error'); } if (!$error) { $to = $receive_address; $subject = $mail_subject; $body = $mail_content; $from = $sender = $username = $settings['email_address']; $fromname = $settings['email_user']; $host = $settings['email_smtp']; $port = (int) $settings['email_port']; $ssl = (int) $settings['email_ssl']; $password = $settings['email_pwd']; send_email($to, $subject, $body, $from, $fromname, $stmp = true, $sender, $host, $port, $ssl, $username, $password); $sysmsg[] = __('send_email_success');
$img_link = (int) gpc('img_link', 'P', 0); $music_link = (int) gpc('music_link', 'P', 0); $video_link = (int) gpc('video_link', 'P', 0); $zero_store_time = (int) gpc('zero_store_time', 'P', 0); $is_hidden = (int) gpc('is_hidden', 'P', 0); if (checklength($subject, 2, 150)) { $error = true; $sysmsg[] = __('vip_subject_error'); } else { $num = @$db->result_first("select count(*) from {$tpf}vips where subject='{$subject}' and vip_id<>'{$vip_id}'"); if ($num) { $error = true; $sysmsg[] = __('vip_subject_exists'); } } if (checklength($content, 2, 255)) { $error = true; $sysmsg[] = __('vip_content_error'); } if (!$error) { $ins = array('subject' => $subject, 'content' => $content, 'img' => $img, 'price' => (double) $price, 'days' => $days, 'pop_ads' => $pop_ads, 'down_second' => $down_second, 'downline_num' => $downline_num, 'search_down' => $search_down, 'img_link' => $img_link, 'music_link' => $music_link, 'video_link' => $video_link, 'zero_store_time' => $zero_store_time, 'is_hidden' => $is_hidden); $db->query_unbuffered("update {$tpf}vips set " . $db->sql_array($ins) . " where vip_id='{$vip_id}'"); $sysmsg[] = __('edit_vip_success'); redirect(urr(ADMINCP, "item=vip&menu=user&action=list"), $sysmsg); } else { redirect('back', $sysmsg); } } else { $pa = $db->fetch_one_array("select * from {$tpf}vips where vip_id='{$vip_id}'"); require_once template_echo($item, $admin_tpl_dir, '', 1); }
<html> <body> //validation <?php require_once 'functions.php'; $valid = TRUE; if (isset($_POST['submit'])) { foreach ($_POST as $key => $value) { ${$key} = $value; } $valid = $fn = checklength($fname, 1, 30); $ln = checklength($lname, 1, 30); $valid = $valid && $ln; $em = checkemail($email); $valid = $valid && $em; $ps = checkpassword($password); $valid = $valid && $ps; $ps2 = $password == $password2; $valid = $valid && $ps2; $zp = checkmail($zipcode, 'US'); $valid = $valid && $zp; if ($valid) { echo "form filled successfully!"; exit; } } else { $fn = $ln = $em = $ps = $ps2 = $hp = $zp = TRUE; $fname = $lname = $email = $zipcode = $omepage = ""; } if (!$valid) { ?>
case 'modify_link': $linkid = (int) gpc('linkid', 'GP', 0); if ($task == 'modify_link') { form_auth(gpc('formhash', 'P', ''), formhash()); $link_title = trim(gpc('link_title', 'P', '')); $link_url = trim(gpc('link_url', 'P', '')); $link_logo = trim(gpc('link_logo', 'P', '')); if ($settings['online_demo']) { $error = true; $sysmsg[] = __('online_demo_deny'); } if (checklength($link_title, 2, 100)) { $error = true; $sysmsg[] = __('link_title_error'); } if (checklength($link_url, 5, 100)) { $error = true; $sysmsg[] = __('link_url_error'); } if (substr($link_url, 0, 7) != 'http://' && substr($link_url, 0, 8) != 'https://') { $error = true; $sysmsg[] = __('link_url_prefix'); } if (!$error) { $ins = array('title' => replace_js($link_title), 'url' => replace_js($link_url), 'logo' => replace_js($link_logo)); $db->query_unbuffered("update {$tpf}links set " . $db->sql_array($ins) . " where linkid='{$linkid}' limit 1;"); redirect(urr(ADMINCP, "item={$item}&menu=extend&action=index"), '', 0); } else { redirect('back', $sysmsg); } } else {
$rs = $db->fetch_one_array("select count(*) as total from {$tpf}reports where file_id='" . $file_id . "' and userid='{$pd_uid}'"); if ($rs['total']) { $msg = __('report_already_exists'); } unset($rs); $ref = $_SERVER['HTTP_REFERER']; require_once template_echo($item, $user_tpl_dir); } break; case 'post_comment': $file_id = (int) gpc('file_id', 'GP', 0); if ($task == 'post_comment') { form_auth(gpc('formhash', 'P', ''), formhash()); $content = trim(gpc('content', 'P', '')); $ref = trim(gpc('ref', 'P', '')); if (checklength($content, 2, 600)) { $error = true; $sysmsg[] = __('cmt_content_error'); } if (!$error) { $ins = array('userid' => $pd_uid, 'file_id' => $file_id, 'content' => replace_js($content), 'in_time' => $timestamp, 'ip' => $onlineip, 'is_checked' => $settings['check_comment'] ? 0 : 1); $db->query("insert into {$tpf}comments set " . $db->sql_array($ins) . ";"); $sysmsg[] = __('cmt_success'); tb_redirect($ref, $sysmsg); } else { tb_redirect('back', $sysmsg); } } else { $ref = $_SERVER['HTTP_REFERER']; require_once template_echo($item, $user_tpl_dir); }
$pa[down_type] = 0; require_once template_echo($item, $admin_tpl_dir, '', 1); } break; case 'edit': $node_id = (int) gpc('node_id', 'GP', 0); if ($task == 'edit') { form_auth(gpc('formhash', 'P', ''), formhash()); $subject = trim(gpc('subject', 'P', '')); $host = trim(gpc('host', 'P', '')); $server_oid = trim(gpc('server_oid', 'P', '')); $icon = trim(gpc('icon', 'P', '')); $down_type = (int) gpc('down_type', 'P', 0); $parent_id = (int) gpc('parent_id', 'P', 0); $is_hidden = (int) gpc('is_hidden', 'P', 0); if (checklength($subject, 2, 150)) { $error = true; $sysmsg[] = __('nodes_subject_error'); } else { /*$num = @$db->result_first("select count(*) from {$tpf}nodes where subject='$subject' and node_id<>'$node_id' and parent_id='$parent_id'"); if($num){ $error = true; $sysmsg[] = __('nodes_subject_exists'); }*/ } if ($parent_id && !$host) { $error = true; $sysmsg[] = __('nodes_host_error'); } if ($parent_id && (substr($host, 0, 7) != 'http://' && substr($host, 0, 8) != 'https://')) { $error = true;
$params['adv_img_src'] = trim(gpc('adv_img_src', 'P', '')); $params['adv_img_url'] = trim(gpc('adv_img_url', 'P', '')); $params['adv_img_width'] = trim(gpc('adv_img_width', 'P', '')); $params['adv_img_height'] = trim(gpc('adv_img_height', 'P', '')); $params['adv_img_alt'] = trim(gpc('adv_img_alt', 'P', '')); if (!$params['adv_img_src']) { $error = true; $sysmsg[] = __('adv_img_src_error'); } if (!$params['adv_img_url']) { $error = true; $sysmsg[] = __('adv_img_url_error'); } } $params = $params ? serialize($params) : ''; if (checklength($adv_title, 2, 300)) { $error = true; $sysmsg[] = __('adv_title_error'); } if ($adv_starttime) { $arr = explode('-', $adv_starttime); $tmp_count = count($arr) - 1; if (strlen($adv_starttime) != 10 || $tmp_count != 2 || (int) $arr[0] < date('Y')) { $error = true; $sysmsg[] = __('time_format_error'); } else { $adv_starttime = @mktime(0, 0, 0, (int) $arr[1], (int) $arr[2], (int) $arr[0]); } } else { $adv_starttime = 0; }
function auth_task_guest() { global $db, $tpf, $pd_uid, $pd_gid; form_auth(gpc('formhash', 'P', ''), formhash()); $username = trim(gpc('username', 'P', '')); $password = trim(gpc('password', 'P', '')); $confirm_password = trim(gpc('confirm_password', 'P', '')); $email = trim(gpc('email', 'P', '')); $ref = trim(gpc('ref', 'P', '')); if (checklength($username, 2, 60)) { $error = true; $sysmsg[] = __('invalid_username'); } elseif (is_bad_chars($username)) { $error = true; $sysmsg[] = __('username_has_bad_chars'); } else { $rs = $db->fetch_one_array("select username from {$tpf}users where username='******' and userid<>'{$pd_uid}' limit 1"); if ($rs) { if (strcasecmp($username, $rs['username']) == 0) { $error = true; $sysmsg[] = __('username_already_exists'); } } unset($rs); } if (checklength($password, 6, 20)) { $error = true; $sysmsg[] = __('invalid_password'); } else { if ($password == $confirm_password) { $md5_pwd = md5($password); } else { $error = true; $sysmsg[] = __('confirm_password_invalid'); } } if (!checkemail($email)) { $error = true; $sysmsg[] = __('invalid_email'); } else { $rs = $db->fetch_one_array("select email from {$tpf}users where email='{$email}' and userid<>'{$pd_uid}' limit 1"); if ($rs) { if (strcasecmp($email, $rs['email']) == 0) { $error = true; $sysmsg[] = __('email_already_exists'); } unset($rs); } } if (!$error) { $ins = array('username' => $username, 'password' => $md5_pwd, 'email' => $email, 'space_name' => $username . __('file'), 'can_edit' => 0); $db->query_unbuffered("update {$tpf}users set " . $db->sql_array($ins) . " where userid='{$pd_uid}'"); pd_setcookie('phpdisk_zcore_info', pd_encode("{$pd_uid}\t{$pd_gid}\t{$username}\t{$md5_pwd}\t{$email}"), 86400 * 3); $sysmsg[] = __('guest_set_account_success'); tb_redirect($ref, $sysmsg); } else { tb_redirect('back', $sysmsg); } }
} break; case 'modify_cate': $cate_id = (int) gpc('cate_id', 'GP', 0); if ($task == 'modify_cate') { form_auth(gpc('formhash', 'P', ''), formhash()); $cate_name = trim(gpc('cate_name', 'P', '')); $pid = (int) gpc('pid', 'P', 0); $nav_show = (int) gpc('nav_show', 'P', 0); $cate_list = (int) gpc('cate_list', 'P', 0); $share_index = (int) gpc('share_index', 'P', 0); if ($settings['online_demo']) { $error = true; $sysmsg[] = __('online_demo_deny'); } if (checklength($cate_name, 1, 60)) { $error = true; $sysmsg[] = __('cate_name_error'); } $rs = $db->fetch_one_array("select count(*) as total from {$tpf}categories where cate_name='{$cate_name}' and pid='{$pid}' and cate_id<>'{$cate_id}'"); if ($rs['total']) { $error = true; $sysmsg[] = __('cate_name_exists'); } if ($cate_id == $pid) { $error = true; $sysmsg[] = __('cateid_pid_cannot_same'); } if (!$error) { $ins = array('cate_name' => $cate_name, 'pid' => $pid, 'nav_show' => $nav_show, 'cate_list' => $cate_list, 'share_index' => $share_index); $db->query_unbuffered("update {$tpf}categories set " . $db->sql_array($ins) . " where cate_id='{$cate_id}';");
} } break; case 'check_yxm': $settings[yxm_public_key] = $settings[yxm_public_key] ? $settings[yxm_public_key] : '82393b3baca49c60e4f0ea9f7f4f5960'; require_once 'yxm/YinXiangMaLib.php'; $YinXiangMa_response = YinXiangMa_ValidResult(@$_POST['YinXiangMa_challenge'], @$_POST['YXM_level'][0], @$_POST['YXM_input_result']); if ($YinXiangMa_response == "true") { echo 'true'; } else { echo 'Error!'; } break; case 'chk_username': $r_username = trim(gpc('r_username', 'P', '')); if (checklength($r_username, 2, 60)) { echo __('username_length_error'); } elseif (is_bad_chars($r_username)) { echo __('username_has_bad_chars'); } else { $num = @$db->result_first("select count(*) from {$tpf}users where username='******'"); if ($num) { echo __('username_already_exists'); } else { echo 'true|' . __('username_can_reg'); } } break; case 'chk_email': $r_email = trim(gpc('r_email', 'P', '')); if (!checkemail($r_email)) {
if ($task == 'modify_announce') { form_auth(gpc('formhash', 'P', ''), formhash()); $subject = trim(gpc('subject', 'P', '')); $expand = (int) gpc('expand', 'P', 0); $content = trim(gpc('content', 'P', '')); if ($settings['online_demo']) { $error = true; $sysmsg[] = __('online_demo_deny'); } if (checklength($subject, 1, 255)) { $error = true; $sysmsg[] = __('subject_error'); } else { $subject = str_ireplace('"', "'", $subject); } if (checklength($content, 1, 6000)) { $error = true; $sysmsg[] = __('content_error'); } else { $content = preg_replace("/<(\\/?i?frame.*?)>/si", "", $content); $content = preg_replace("/<(\\/?script.*?)>/si", "", $content); } $rs = $db->fetch_one_array("select count(*) as total from {$tpf}announces where subject='{$subject}'"); if ($rs['total'] > 1) { $error = true; $sysmsg[] = __('announce_exists'); } unset($rs); if (!$error) { $ins = array('subject' => $subject, 'content' => $content, 'is_expand' => $expand, 'in_time' => $timestamp); $db->query("update {$tpf}announces set " . $db->sql_array($ins) . " where annid='{$annid}' limit 1;");
tb_redirect(urr("space", ""), $sysmsg); } else { tb_redirect('back', $sysmsg); } } elseif ($task == 'password') { form_auth(gpc('formhash', 'P', ''), formhash()); $old_pwd = trim(gpc('old_pwd', 'P', '')); $new_pwd = trim(gpc('new_pwd', 'P', '')); $cfm_pwd = trim(gpc('cfm_pwd', 'P', '')); $rs = $db->fetch_one_array("select userid from {$tpf}users where password='******' and userid='{$pd_uid}'"); if (!$rs) { $error = true; $sysmsg[] = $L['invalid_password']; } unset($rs); if (checklength($new_pwd, 6, 20)) { $error = true; $sysmsg[] = $L['password_max_min']; } elseif ($new_pwd != $cfm_pwd) { $error = true; $sysmsg[] = $L['confirm_password_invalid']; } else { $md5_pwd = md5($new_pwd); } if (!$error) { $sql = "update {$tpf}users set password='******' where userid='{$pd_uid}'"; $db->query_unbuffered($sql); pd_setcookie('phpdisk_zcore_info', ''); $sysmsg[] = $L['password_modify_success']; tb_redirect(urr("account", "action=login"), $sysmsg, 2000, 'top'); } else {
<body> <?php require_once 'functions.php'; $valid = TRUE; if (isset($_POST['submit'])) { foreach ($_POST as $key => $value) { ${$key} = $value; } $valid = $fn = checklength($fname, 1, 30); $ln = checklength($lname, 1, 30); $valid = $valid && $ln; $a = digit($age); $valid = $valid && $a; $em = checkemail($email); $valid = $valid && $em; $com = checklength($comment, 1, 250); $valid = $valid && $com; if ($valid == 1) { echo "form filled successfully!"; exit; } } else { $fn = $ln = $a = $com = $em = TRUE; $fname = $lname = $age = $comment = $email = ""; } if (!$valid) { ?> <style type="text/css"> td.error { color:#F00;
} } else { $group_set = $db->fetch_one_array("select * from {$tpf}groups where gid='{$gid}'"); require_once template_echo($item, $admin_tpl_dir, '', 1); } break; case 'group_modify': $gid = (int) gpc('gid', 'GP', 0); if ($task == 'group_modify') { form_auth(gpc('formhash', 'P', ''), formhash()); $group_name = trim(gpc('group_name', 'P', '')); if ($settings['online_demo']) { $error = true; $sysmsg[] = __('online_demo_deny'); } if (checklength($group_name, 2, 100)) { $error = true; $sysmsg[] = __('group_name_error'); } $rs = $db->fetch_one_array("select count(*) as total from {$tpf}groups where group_name='{$group_name}' and gid<>'{$gid}'"); if ($rs['total'] > 0) { $error = true; $sysmsg[] = __('group_name_exists'); } unset($rs); if (!$error) { $db->query("update {$tpf}groups set group_name='{$group_name}' where gid='{$gid}'"); redirect(urr(ADMINCP, "item=groups&menu=user&action=index"), '', 0); } else { redirect('back', $sysmsg); }
switch ($action) { case 'add_server': if ($task == 'add_server') { form_auth(gpc('formhash', 'P', ''), formhash()); $server_name = trim(gpc('server_name', 'P', '')); $server_oid = (int) gpc('server_oid', 'P', 0); $server_host = trim(gpc('server_host', 'P', '')); $server_dl_host = trim(gpc('server_dl_host', 'P', '')); $server_closed = (int) gpc('server_closed', 'P', 0); $server_key = trim(gpc('server_key', 'P', '')); $server_store_path = trim(gpc('server_store_path', 'P', '')); if ($settings['online_demo']) { $error = true; $sysmsg[] = __('online_demo_deny'); } if (checklength($server_name, 2, 100)) { $error = true; $sysmsg[] = __('server_name_error'); } if (!is_numeric($server_oid)) { $error = true; $sysmsg[] = __('server_oid_error'); } elseif ((int) $server_oid == 1) { $error = true; $sysmsg[] = __('server_oid_key_error'); } $num = $db->result_first("select count(*) from {$tpf}servers where server_oid='{$server_oid}'"); if ($num) { $error = true; $sysmsg[] = __('server_oid_error'); }
} else { $down_active_num_max = 0; $down_active_num_min = 0; } $ip_interval = (int) gpc('ip_interval', 'P', 0); if (checklength($subject, 2, 150)) { $error = true; $sysmsg[] = __('plans_subject_error'); } else { $num = @$db->result_first("select count(*) from {$tpf}plans where subject='{$subject}' and plan_id<>'{$plan_id}'"); if ($num) { $error = true; $sysmsg[] = __('plans_subject_exists'); } } if (checklength($content, 2, 1000)) { $error = true; $sysmsg[] = __('plans_content_error'); } if (!$income_rate_credit || !$income_rate_money) { $error = true; $sysmsg[] = __('plans_income_rate_error'); } else { $income_rate = $income_rate_credit . ',' . $income_rate_money; } if (!is_numeric($ip_interval)) { $error = true; $sysmsg[] = __('plans_ip_interval_error'); } if ($auth[open_plan_active] && $settings[open_plan_active]) { if (!$down_active_num_max || !$down_active_num_min) {
} if ($task == 'edit') { form_auth(gpc('formhash', 'P', ''), formhash()); $meta_title = trim(gpc('meta_title', 'P', '')); $meta_keywords = trim(gpc('meta_keywords', 'P', '')); $meta_description = trim(gpc('meta_description', 'P', '')); $meta_title2 = trim(gpc('meta_title2', 'P', '')); $meta_keywords2 = trim(gpc('meta_keywords2', 'P', '')); $meta_description2 = trim(gpc('meta_description2', 'P', '')); $file_description = gpc('file_description', 'P', ''); $ref = trim(gpc('ref', 'P', '')); if ($settings['online_demo']) { $error = true; $sysmsg[] = __('online_demo_deny'); } if ($file_description && checklength($file_description, 1, 6000)) { $error = true; $sysmsg[] = __('file_description_error'); } else { $file_description = preg_replace("/<(\\/?i?frame.*?)>/si", "", $file_description); $file_description = preg_replace("/<(\\/?script.*?)>/si", "", $file_description); } if (!$error) { if ($auth[pd_a]) { update_seo('viewfile', $file_id, $meta_title, $meta_keywords, $meta_description); update_seo('download', $file_id, $meta_title2, $meta_keywords2, $meta_description2); } $db->query_unbuffered("update {$tpf}files set file_description='{$file_description}' where file_id='{$file_id}'"); $sysmsg[] = __('file_edit_success'); redirect($ref, $sysmsg); } else {
$nav_href = trim(gpc('nav_href', 'P', '')); $nav_target = trim(gpc('nav_target', 'P', '')); $nav_position = trim(gpc('nav_position', 'P', '')); if ($settings['online_demo']) { $error = true; $sysmsg[] = __('online_demo_deny'); } if (checklength($nav_text, 2, 250)) { $error = true; $sysmsg[] = __('nav_text_error'); } if ($nav_title && checklength($nav_title, 2, 50)) { $error = true; $sysmsg[] = __('nav_title_error'); } if (checklength($nav_href, 5, 80)) { $error = true; $sysmsg[] = __('nav_href_error'); } if (!$error) { $ins = array('text' => replace_js($nav_text), 'title' => replace_js($nav_title), 'href' => replace_js($nav_href), 'target' => $nav_target, 'position' => $nav_position); $db->query_unbuffered("update {$tpf}navigations set " . $db->sql_array($ins) . " where navid='{$navid}' limit 1;"); redirect(urr(ADMINCP, "item={$item}&menu=extend&action=index"), '', 0); } else { redirect('back', $sysmsg); } } else { $rs = $db->fetch_one_array("select * from {$tpf}navigations where navid='{$navid}'"); if ($rs) { $nav_text = $rs['text']; $nav_title = $rs['title'];
<html> <body> <?php require_once 'functions.php'; $as = digits(23); //echo(int) $as.'dfs'.'<br>'; $a = letter('123'); //echo(int) $a.'asd'.'<br>'; $b = checklength('adfdkzisdmfjk', 3, 9); //echo(int) $b.'sd'.'<br>'; $d = checkmail('asd-432', 'CA'); //echo(int)$d.'fcxgxd'.'<br>'; $check = checkurl('http//www.someone.co'); //echo(int) $check.'sdg'.'<br.'; $emails = checkemail('*****@*****.**'); //echo(int) $emails.'sdaerg'.'<br>'; $pass = checkpassword('rishu-23'); echo (int) $pass . '<br>'; ?> </body> </html>