}
suppr("{$bazar_dir}/{$pic_path}/{$_picture}");
}
}
}
}
if ($picture_del) {
$picture = "";
$_picture = "";
}
// Database Update
$query = mysql_query("update " . $prefix . "userdata\n\t\t\t\t\t\t set sex = '{$_POST['sex']}',\n\t\t\t\t newsletter = '{$_POST['newsletter']}',\n\t\t\t\t\t\t firstname = '{$_POST['firstname']}',\n\t\t\t\t\t\t lastname = '{$_POST['lastname']}',\n\t\t\t\t\t\t address = '{$_POST['address']}',\n\t\t\t\t\t\t zip = '{$_POST['zip']}',\n\t\t\t\t\t\t city = '{$_POST['city']}',\n\t\t\t\t\t\t state = '{$_POST['state']}',\n\t\t\t\t\t\t country = '{$_POST['country']}',\n\t\t\t\t\t\t phone = '{$_POST['phone']}',\n\t\t\t\t\t\t cellphone = '{$_POST['cellphone']}',\n\t\t\t\t\t\t icq = '{$_POST['icq']}',\n\t\t\t\t\t\t homepage = '{$_POST['homepage']}',\n\t\t\t\t\t\t hobbys = '{$_POST['hobbys']}',\n picture= '{$picture}',\n _picture= '{$_picture}',\n\t\t\t\t\t\t field1 = '{$_POST['field1']}',\n\t\t\t\t\t\t field2 = '{$_POST['field2']}',\n\t\t\t\t\t\t field3 = '{$_POST['field3']}',\n\t\t\t\t\t\t field4 = '{$_POST['field4']}',\n\t\t\t\t\t\t field5 = '{$_POST['field5']}',\n\t\t\t\t\t\t field6 = '{$_POST['field6']}',\n\t\t\t\t\t\t field7 = '{$_POST['field7']}',\n\t\t\t\t\t\t field8 = '{$_POST['field8']}',\n\t\t\t\t\t\t field9 = '{$_POST['field9']}',\n\t\t\t\t\t\t field10 = '{$_POST['field10']}',\n\t\t\t\t\t\t timezone = '{$_POST['timezone']}',\n\t\t\t\t\t\t dateformat = '{$_POST['dateformat']}'\n\t\t\t where id = '{$_SESSION['suserid']}'") or died(mysql_error());
$_SESSION[susertimezone] = $_POST[timezone];
$_SESSION[suserdateformat] = $_POST[dateformat];
logging("X", "{$_SESSION['suserid']}", "{$_SESSION['susername']}", "AUTH: updated data", "");
if (!$query) {
$m_update = $error[20];
} else {
$m_update = 2;
}
}
if ($m_update != 2) {
died($m_update);
# $errormessage=rawurlencode($m_update);
# header(headerstr("members.php?choice=myprofile&status=6&errormessage=$errormessage"));
exit;
} else {
header(headerstr("members.php?choice=myprofile&status=5"));
exit;
}
}
# filename : login.php
# e-mail : support@phplogix.com
# purpose : Member's login
#$Id$
#License : GPL
#################################################################################################
#TODO: GPL license header in every file. clean this up a bit, build login function, do away with the header() BS
require "library.php";
if (strpos("{$loginlink}", "errormessage")) {
$loginlink = substr("{$loginlink}", 0, strpos("{$loginlink}", "errormessage") - 1);
}
if (strpos("{$loginlink}", "?")) {
$loginlink = $loginlink . "&";
} else {
$loginlink = $loginlink . "?";
}
if (!$username || !$password) {
header(headerstr($loginlink . "status=3"));
} else {
$login = login($username, $password);
if ($login != "2") {
$errormessage = rawurlencode($login);
header(headerstr($loginlink . "status=2&errormessage={$errormessage}"));
exit;
} else {
// clear useronline (guest entry)
mysql_query("DELETE FROM " . $prefix . "useronline WHERE ip='{$ip}' AND username=''");
header(headerstr($loginlink . "status=1"));
exit;
}
}
} else {
$chemail = $error[23];
}
} else {
$mdhash = substr(md5($_SESSION[suserid] . $email . $secret), 0, 10);
$query = mysql_query("insert into " . $prefix . "confirm_email values ('{$_SESSION['suserid']}', '{$email}', '{$mdhash}', now())");
if (!$query) {
$chemail = $error[20];
} else {
$confirmurl = "{$url_to_start}" . "/confirm_email.php?mdhash=" . "{$mdhash}" . "&id=" . "{$_SESSION['suserid']}" . "&email=" . "{$email}";
$mailto = "{$email}";
$subject = "{$mail_msg['16']}";
$message = "{$mail_msg['17']}\n\n{$confirmurl}\n\n{$mail_msg['18']}";
$from = "From: {$admin_email}\r\nReply-to: {$admin_email}\r\n";
@mail($mailto, $subject, $message, $from);
logging("X", "{$_SESSION['suserid']}", "{$_SESSION['susername']}", "AUTH: new email change", "");
$chemail = 2;
}
}
}
}
if ($chemail != 2) {
$errormessage = rawurlencode($chemail);
header(headerstr("members.php?status=6&errormessage={$errormessage}"));
exit;
} else {
$textmessage = rawurlencode($text_msg[2]);
header(headerstr("members.php?status=4&textmessage={$textmessage}"));
exit;
}
}
mysql_query("delete from " . $prefix . "pictures where picture_name = '{$db['picture2']}'") or died(mysql_error());
}
if (!$pic_database && $db[_picture2] && is_file("{$bazar_dir}/{$pic_path}/{$db['_picture2']}")) {
suppr("{$bazar_dir}/{$pic_path}/{$db['_picture2']}");
} elseif ($db[_picture2]) {
mysql_query("delete from " . $prefix . "pictures where picture_name = '{$db['_picture2']}'") or died(mysql_error());
}
if (!$pic_database && $db[picture3] && is_file("{$bazar_dir}/{$pic_path}/{$db['picture3']}")) {
suppr("{$bazar_dir}/{$pic_path}/{$db['picture3']}");
} elseif ($db[picture3]) {
mysql_query("delete from " . $prefix . "pictures where picture_name = '{$db['picture3']}'") or died(mysql_error());
}
if (!$pic_database && $db[_picture3] && is_file("{$bazar_dir}/{$pic_path}/{$db['_picture3']}")) {
suppr("{$bazar_dir}/{$pic_path}/{$db['_picture3']}");
} elseif ($db[_picture3]) {
mysql_query("delete from " . $prefix . "pictures where picture_name = '{$db['_picture3']}'") or died(mysql_error());
}
// Delete Entry from favorits-DB
mysql_query("delete from " . $prefix . "favorits where adid = '{$db['id']}'") or died(mysql_error());
// Delete Entry from ads-DB
mysql_query("delete from " . $prefix . "ads where id = '{$db['id']}'") or died(mysql_error());
}
} else {
// or only overwrite the password :-) better
mysql_query("update " . $prefix . "ads set deleted='1' where userid = '{$_SESSION['suserid']}'") or died(mysql_error());
mysql_query("update " . $prefix . "userdata set password='******',language='xd' where id = '{$_SESSION['suserid']}'") or died(mysql_error());
}
logging("X", "{$_SESSION['suserid']}", "{$_SESSION['susername']}", "AUTH: deleted", "");
logout();
header(headerstr("main.php?status=7"));
$text = explode(",", $keywords);
for ($i = 0; $i < count($text); $i++) {
if ($text[$i]) {
$sqlquerystr2 = " AND (header LIKE '%" . $text[$i] . "%' OR text LIKE '%" . $text[$i] . "%' OR sfield LIKE '%" . $text[$i] . "%' OR field1 LIKE '%" . $text[$i] . "%' OR field2 LIKE '%" . $text[$i] . "%' OR field3 LIKE '%" . $text[$i] . "%' OR field4 LIKE '%" . $text[$i] . "%' OR field5 LIKE '%" . $text[$i] . "%' OR field6 LIKE '%" . $text[$i] . "%' OR field7 LIKE '%" . $text[$i] . "%' OR field8 LIKE '%" . $text[$i] . "%' OR field9 LIKE '%" . $text[$i] . "%' OR field10 LIKE '%" . $text[$i] . "%' OR field11 LIKE '%" . $text[$i] . "%' OR field12 LIKE '%" . $text[$i] . "%' OR field13 LIKE '%" . $text[$i] . "%' OR field14 LIKE '%" . $text[$i] . "%' OR field15 LIKE '%" . $text[$i] . "%' OR field16 LIKE '%" . $text[$i] . "%' OR field17 LIKE '%" . $text[$i] . "%' OR field18 LIKE '%" . $text[$i] . "%' OR field19 LIKE '%" . $text[$i] . "%' OR field20 LIKE '%" . $text[$i] . "%')";
}
}
}
if ($in[search_sort] && $in[search_sort2]) {
$sqlquerystr3 = " ORDER BY {$in['search_sort']} {$in['search_sort2']}";
} else {
$sqlquerystr3 = " ORDER BY {$search_sort}";
}
$showresult = 0;
$sqlquery = "SELECT * FROM " . $prefix . "ads" . $sqlquerystr . $sqlquerystr2 . $sqlquerystr3;
$result = mysql_query($sqlquery);
// or died(mysql_error());
$db = mysql_fetch_array($result);
if ($db) {
$sqlquerystr = rawurlencode($sqlquerystr);
$sqlquerystr2 = rawurlencode($in[text]);
$sqlquerystr3 = rawurlencode($sqlquerystr3);
header(headerstr("classified.php?sqlquery={$sqlquerystr}&sqlquery2={$sqlquerystr2}&sqlquery3={$sqlquerystr3}"));
exit;
}
}
$error = rawurlencode($error[30]);
header(headerstr("classified.php?choice=search&catid={$in['catid']}&subcatid={$in['subcatid']}&status=6&errormessage={$error}"));
exit;
} else {
died("FATAL ERROR");
}
}
}
// Delete Entry from favorits-DB
mysql_query("delete from " . $prefix . "favorits where adid = '{$db['id']}'") or died("Database Query Error");
// Delete Entry from ads-DB
mysql_query("delete from " . $prefix . "ads where id = '{$db['id']}'") or died("Database Query Error - ads");
}
}
if ($editadid && !$_SESSION[susermod]) {
if ($adeditapproval) {
$locvar = "choice=my&status=13&textmessage=" . rawurlencode($text_msg[1]);
} else {
# $locvar="choice=my&status=13&textmessage=".rawurlencode($text_msg[0]);
$locvar = "choice=my&status=13";
}
} else {
if ($adapproval) {
$locvar = "choice=my&status=13&textmessage=" . rawurlencode($text_msg[1]);
} else {
# $locvar="catid=$newcatid&subcatid=$newsubcatid&adid=$newadid&status=13&textmessage=".rawurlencode($text_msg[0]);
$locvar = "catid={$newcatid}&subcatid={$newsubcatid}&adid={$newadid}&status=13";
# $locvar="catid=$newcatid&subcatid=$newsubcatid&status=13";
}
if ($force_addad && $HTTP_COOKIE_VARS["ForceAddAd"] == 1) {
setcookie("ForceAddAd", "", 0, "{$cookiepath}");
// delete cookie
}
}
header(headerstr("classified.php?{$locvar}"));
exit;
}
<?php
#################################################################################################
#
# project : Logix Classifieds
# filename : lang.php
# last modified by :
# e-mail : support@phplogix.com
# purpose : Change the Language
#
#################################################################################################
include "library.php";
$cookietime = time() + 3600 * 24 * 356;
setcookie("Language", $_REQUEST['lng'], $cookietime, $cookiepath);
// 1 Year
//include ("library.php");
if (strstr("{$url}", "errormessage")) {
$url = substr("{$url}", 0, strpos("{$url}", "errormessage") - 1);
}
if (strstr("{$url}", "?")) {
$url = $url . "&";
} else {
$url = $url . "?";
}
$_SESSION['suserlanguage'] = $lng;
if ($_SESSION['suserid']) {
mysql_query("UPDATE " . $prefix . "userdata SET language='{$lng}' WHERE id='{$_SESSION['suserid']}'");
}
header(headerstr($url . "status=5"));
$message = "{$mail_msg['8']}{$username}\n{$mail_msg['3']}{$password}\n{$mail_msg['4']}{$email}\n{$mail_msg['5']}{$gender[$sex]}\n";
$from = "From: {$admin_email}\r\nReply-to: {$admin_email}\r\n";
@mail($mailto, $subject, $message, $from);
}
$register = 2;
}
}
}
}
if ($no_confirmation && $register == 2) {
if ($force_addad) {
$cookietime = time() + 3600 * 24 * 356;
setcookie("ForceAddAd", "1", $cookietime, "{$cookiepath}");
// 1 Year
}
header(headerstr("main.php"));
}
echo "<p> \n";
echo " <table align=\"center\" border=\"0\" cellspacing=\"0\" cellpadding=\"1\" width=\"{$table_width}\">\n";
echo " <tr>\n";
echo " <td class=\"class1\">\n";
echo " <table align=\"center\" border=\"0\" cellspacing=\"0\" cellpadding=\"10\" width=\"100%\">\n";
echo " <tr>\n";
echo " <td class=\"class2\">\n";
if ($register == 2) {
include "{$language_dir}/register_done.inc";
} else {
include "{$language_dir}/register_error.inc";
}
echo " </td>\n";
echo " </tr>\n";
// IP banned, Do nothing !!!
$errormessage = rawurlencode($error[27]);
$headerstr = "status=9&errormessage={$errormessage}";
} elseif ($vote && $_SESSION[suserlastvote] + $vote_cookie_time * 3600 > $timestamp && $vote_cookie_time) {
// Cookie is set - Already voted, Do nothing !!!
$errormessage = rawurlencode($error[25]);
$headerstr = "status=9&errormessage={$errormessage}";
} elseif ($vote) {
mysql_query("update " . $prefix . "votes set votes=votes+1 where id='{$vote}'") or died("Database Query Error");
if ($_SESSION[suserid]) {
mysql_query("update " . $prefix . "userdata set votes=votes+1,lastvotedate=now(),lastvote='{$timestamp}' where id='{$_SESSION['suserid']}'") or died("Database Query Error");
}
$_SESSION[suserlastvote] = $timestamp;
logging("X", "{$_SESSION['suserid']}", "{$_SESSION['susername']}", "VOTE: voted", "");
$headerstr = "status=10";
}
}
} else {
$errormessage = rawurlencode($error[28]);
$headerstr = "status=9&errormessage={$errormessage}";
}
if (strpos("{$source}", "errormessage")) {
$source = substr("{$source}", 0, strpos("{$source}", "errormessage") - 1);
}
if (strpos("{$source}", "?")) {
$source = $source . "&";
} else {
$source = $source . "?";
}
header(headerstr($source . $headerstr));
// Remove http:// from URLs
if ($in['icq'] != "" && ($in['icq'] < 1000 || $in['icq'] > 999999999)) {
died("Non-valid ICQ entry, if you do not have an icq account please leave blank.");
}
if (!eregi("^[0-9a-z]([-_.]?[0-9a-z])*@[0-9a-z]([-.]?[0-9a-z])*\\.[a-z]{2,3}\$", $in['email']) && $in['email'] != "") {
died("Non-valid Email entry, please enter your correct e-mail address or if you don't have one leave it blank.");
}
if (strlen($in['message']) < $limit["0"] || strlen($in['message']) > $limit["1"]) {
died("Sorry, your message has to be between {$limit['0']} and {$limit['1']} characters.");
}
if ($in['email'] == "") {
$in['email'] = "none";
}
if ($in['icq'] == "") {
$in['icq'] = 0;
}
if ($in['http'] == "") {
$in['http'] = "none";
}
if ($in['location'] == "0") {
$in['location'] = "none";
}
$in[browser] = $client;
mysql_query("INSERT INTO " . $prefix . "guestbook (name, email, http, icq, message, timestamp, ip, location, browser)\n VALUES('{$in['name']}', '{$in['email']}','{$in['http']}','{$in['icq']}','{$in['message']}','{$add_date}', '{$ip}','{$in['location']}','{$in['browser']}')") or died("Database Query Error");
if ($gb_notify) {
@mail("{$gb_notify}", "NOTIFY new Guestbook Entry", "Name: {$in['name']}\nLocation: {$in['location']}\nE-Mail: {$in['email']}\nICQ: {$in['icq']}\nWWW: {$in['http']}\n\n{$in['message']}", "From: {$gb_notify}");
}
logging("X", "{$_SESSION['suserid']}", "{$_SESSION['susername']}", "GB: Entry added", "Name: {$in['name']} - Msg: {$in['message']}");
header(headerstr("guestbook.php?status=12"));
exit;
}
