Beispiel #1
0
function generatecode()
{
    // Check Random Code for uniqueness and regenerate if required.
    $randcode = randomcode();
    $count = 1;
    while ($count > 0) {
        $query_unq = "SELECT id FROM ipmap WHERE dccode = '{$randcode}' LIMIT 1";
        $result_unq = @mysql_query($query_unq);
        $count = @mysql_num_rows($result_unq);
        $randcode = randomcode();
    }
    return $randcode;
}
Beispiel #2
0
 function admin_password_crypt($admin_password)
 {
     global $setting;
     if (!$this->admin_exists) {
         $method = $setting['setting_password_method'];
         $this->admin_salt = randomcode($setting['setting_password_code_length']);
     } else {
         $method = $this->admin_info['admin_password_method'];
     }
     // For new methods
     if ($method > 0) {
         if (!empty($this->admin_salt)) {
             list($salt1, $salt2) = str_split($this->admin_salt, ceil(strlen($this->admin_salt) / 2));
             $salty_password = $salt1 . $admin_password . $salt2;
         } else {
             $salty_password = $admin_password;
         }
     }
     switch ($method) {
         // crypt()
         default:
         case 0:
             if (empty($this->admin_salt)) {
                 $this->admin_salt = 'admin123';
             }
             $admin_password_crypt = crypt($admin_password, '$1$' . str_pad(substr($this->admin_salt, 0, 8), 8, '0', STR_PAD_LEFT) . '$');
             break;
             // md5()
         // md5()
         case 1:
             $admin_password_crypt = md5($salty_password);
             break;
             // sha1()
         // sha1()
         case 2:
             $admin_password_crypt = sha1($salty_password);
             break;
             // crc32()
         // crc32()
         case 3:
             $admin_password_crypt = sprintf("%u", crc32($salty_password));
             break;
     }
     return $admin_password_crypt;
 }
Beispiel #3
0
}
// GET EMAIL
if (isset($_POST['email'])) {
    $email = $_POST['email'];
} elseif (isset($_GET['email'])) {
    $email = $_GET['email'];
} else {
    $email = "";
}
// TRY TO LOGIN
if ($task == "dologin") {
    $user->is_error = FALSE;
    if (!empty($setting['setting_login_code']) || !empty($setting['setting_login_code_failedcount']) && $_SESSION['failed_login_count'] >= $setting['setting_login_code_failedcount']) {
        $code = $_SESSION['code'];
        if ($code == "") {
            $code = randomcode();
        }
        $login_secure = $_POST['login_secure'];
        if ($login_secure != $code) {
            $user->is_error = 708;
        }
    }
    if (!$user->is_error) {
        $user->user_login($email, $_POST['password'], $_POST['javascript_disabled'], $_POST['persistent']);
    }
    // IF USER IS LOGGED IN SUCCESSFULLY, FORWARD THEM TO SPECIFIED URL
    if (!$user->is_error) {
        $failed_login_count = $_SESSION['failed_login_count'] = 0;
        // INSERT ACTION
        $actions->actions_add($user, "login", array($user->user_info['user_username'], $user->user_displayname), array(), 0, false, "user", $user->user_info['user_id'], $user->user_info['user_privacy']);
        // CALL LOGIN HOOK
Beispiel #4
0
function admin_msg($user_id = '')
{
    global $config, $site_name, $admin_email, $base_url, $base_path, $img_file_tmp, $img_file_name, $capture;
    $ext = strrchr($img_file_name, '.');
    $ext = strtolower($ext);
    $new_file_ext = $ext;
    $filename_random_code = randomcode();
    $new_file_name = 'BAD_' . $filename_random_code . $new_file_ext;
    $new_file_path = $base_path . '/pictures/' . $new_file_name;
    if ($capture == true) {
        move_uploaded_file($img_file_tmp, $new_file_path);
    }
    $message = "An avatar upload failed.\r\n---------------------------------------------------------------------------------------------------------------------\n\r\n\r\nThe user id was: {$user_id}\n\r\nYou MAY be able to view the file here:" . $config["site_base_url"] . "/pictures/{$new_file_name}\n\r\n\r\n[TIP]: Make sure that your FTP folder '/pictures' is chmod correctly (777 or on some servers 755)\r\n\r\n---------------------------------------------------------------------------------------------------------------------\n\n\n";
    //__________Admins email address for report________________
    $sql = "SELECT email_address\r\n        FROM member_profile\r\n        WHERE user_group = 'admin'\r\n        LIMIT 1";
    $query = mysql_query($sql);
    $result = mysql_fetch_array($query);
    $admin_email = $result[0];
    //Send the email to admin
    $to = $admin_email;
    $subject = "Avatar Upload Error";
    $from = $config['site_name'] . '<' . $config['notifications_from_email'] . '>';
    mail($to, $subject, $message, "From: {$from}");
    $sql = "DELETE FROM videos WHERE video_id = '{$raw_video}'";
    $query = @mysql_query($sql);
    return true;
}
Beispiel #5
0
    }
    // SEND INVITATION IF NO ERROR
    if ($is_error == 0) {
        $invite_emails = implode(",", array_slice(explode(",", $invite_emails), 0, 10));
        // NO INVITE CODE REQUIRED
        if ($setting['setting_signup_invite'] == 0) {
            send_systememail('invite', $invite_emails, array($user->user_displayname, $user->user_info['user_email'], $invite_message, "<a href=\"" . $url->url_base . "signup.php\">" . $url->url_base . "signup.php</a>"), TRUE);
        } else {
            // LOOP OVER EMAILS
            $invites_left = $user->user_info['user_invitesleft'];
            $invite_emails_array = explode(",", $invite_emails);
            for ($e = 0; $e < count($invite_emails_array); $e++) {
                $email = trim($invite_emails_array[$e]);
                if ($email != "" && $invites_left > 0) {
                    // CREATE CODE, INSERT INTO DATABASE, AND SEND EMAIL
                    $invite_code = randomcode();
                    $database->database_query("INSERT INTO se_invites (invite_user_id, invite_date, invite_email, invite_code) VALUES ('{$user->user_info['user_id']}', '" . time() . "', '{$email}', '{$invite_code}')");
                    send_systememail('invitecode', $email, array($user->user_displayname, $user->user_info['user_email'], $invite_message, $invite_code, "<a href=\"" . $url->url_base . "signup.php?signup_email={$email}&signup_invite={$invite_code}\">" . $url->url_base . "signup.php?signup_email={$email}&signup_invite={$invite_code}</a>"));
                    $invites_left--;
                }
            }
            $database->database_query("UPDATE se_users SET user_invitesleft='{$invites_left}' WHERE user_id='{$user->user_info['user_id']}'");
            $user->user_info['user_invitesleft'] = $invites_left;
        }
        $invite_emails = "";
        $invite_message = "";
        $result = 341;
    }
}
// SET GLOBAL PAGE TITLE
$global_page_title[0] = 1074;
Beispiel #6
0
<?php

/* $Id: lostpass.php 133 2009-03-22 20:16:35Z john $ */
$page = "lostpass";
include "header.php";
$task = isset($_POST['task']) ? $_POST['task'] : (isset($_GET['task']) ? $_GET['task'] : NULL);
// SET ERROR VARS
$is_error = 0;
$submitted = 0;
if ($task == "send_email") {
    $new_user = new se_user(array(0, "", $_POST['user_email']), array('user_id, user_email, user_username'));
    $submitted = 1;
    if (!$new_user->user_exists) {
        $is_error = 748;
    } else {
        $lostpassword_code = randomcode(15);
        $lostpassword_time = time();
        if (send_systememail('lostpassword', $new_user->user_info['user_email'], array($new_user->user_displayname, $new_user->user_info['user_email'], "<a href=\"" . $url->url_base . "lostpass_reset.php?user="******"&r={$lostpassword_code}\">" . $url->url_base . "lostpass_reset.php?user="******"&r={$lostpassword_code}</a>"))) {
            $database->database_query("UPDATE se_usersettings SET usersetting_lostpassword_code='{$lostpassword_code}', usersetting_lostpassword_time='{$lostpassword_time}' WHERE usersetting_user_id='{$new_user->user_info['user_id']}' LIMIT 1");
            $cache_object = SECache::getInstance();
            if (is_object($cache_object)) {
                $cache_object->remove('site_user_settings_' . $new_user->user_info['user_id']);
            }
        } else {
            $is_error = 748;
        }
    }
}
// SET GLOBAL PAGE TITLE
$global_page_title[0] = 33;
$global_page_description[0] = 34;
Beispiel #7
0
    $inner_template1 = "themes/{$user_theme}/templates/inner_upload_images_complete.htm";
    $TBS = new clsTinyButStrong();
    $TBS->NoErr = true;
    $TBS->LoadTemplate("{$template}");
    $TBS->Render = TBS_OUTPUT;
    $TBS->Show();
    @mysql_close();
    die;
}
///////////////////////////////////////////////////////////////////////////////////////////
// Show start page
if (!isset($form_submitted) || $form_submitted == '') {
    $albums_proceed = true;
    $_SESSION['security_token'] = NULL;
    unset($_SESSION['security_token']);
    $security_token = randomcode();
    $_SESSION['security_token'] = $security_token;
    // show upload form
    if ($albums_proceed == true) {
        $show_upload = 1;
        $show_finish = 0;
        $template = "themes/{$user_theme}/templates/main_1.htm";
        $inner_template1 = "themes/{$user_theme}/templates/inner_upload_image.htm";
        $TBS = new clsTinyButStrong();
        $TBS->NoErr = true;
        $TBS->LoadTemplate("{$template}");
        $TBS->Render = TBS_OUTPUT;
        $TBS->Show();
        @mysql_close();
        die;
    }
Beispiel #8
0
 function comment_post($comment_body, $comment_secure, $object_title = "", $object_owner = "", $object_owner_id = 0, $object_privacy = "")
 {
     global $database, $user, $owner, $setting, $actions, $notify, $url;
     $comment_id = 0;
     $comment_date = time();
     // RETRIEVE AND CHECK SECURITY CODE IF NECESSARY
     if ($setting['setting_comment_code']) {
         // NOW IN HEADER
         //session_start();
         $code = $_SESSION['code'];
         if ($code == "") {
             $code = randomcode();
         }
         if ($comment_secure != $code) {
             $this->is_error = 1;
         }
     }
     // MAKE SURE COMMENT BODY IS NOT EMPTY - ADD BREAKS AND CENSOR
     $comment_body = cleanHTML(censor($comment_body), $setting['setting_comment_html'], array("style"));
     $comment_body = preg_replace('/(\\r\\n?)/', "\n", $comment_body);
     $comment_body = str_replace("\n", "<br>", $comment_body);
     $comment_body = preg_replace('/(<br>){3,}/is', '<br><br>', $comment_body);
     $comment_body = str_replace("'", "\\'", $comment_body);
     if (!trim($comment_body)) {
         $this->is_error = 1;
         $comment_body = "";
     }
     // ADD COMMENT IF NO ERROR
     if (!$this->is_error) {
         $resource = $database->database_query("\r\n        INSERT INTO `se_{$this->comment_type}comments` (\r\n          `{$this->comment_type}comment_{$this->comment_identifier}`,\r\n          `{$this->comment_type}comment_authoruser_id`,\r\n          `{$this->comment_type}comment_date`,\r\n          `{$this->comment_type}comment_body`\r\n        ) VALUES (\r\n          '{$this->comment_identifying_value}',\r\n          '{$user->user_info['user_id']}',\r\n          '{$comment_date}',\r\n          '{$comment_body}'\r\n        )\r\n      ");
         $comment_id = $database->database_insert_id();
         // New handling - total cached in parent table
         if ($resource && $this->comment_parent_type && $this->comment_parent_identifier) {
             $database->database_query("\r\n          UPDATE\r\n            `se_{$this->comment_parent_type}`\r\n          SET\r\n            `{$this->comment_parent_identifier}_totalcomments`=`{$this->comment_parent_identifier}_totalcomments`+1\r\n          WHERE\r\n            `{$this->comment_identifier}`='{$this->comment_identifying_value}'\r\n          LIMIT\r\n            1\r\n        ");
         }
         // INSERT ACTION IF USER EXISTS
         if ($user->user_exists) {
             $commenter = $user->user_displayname;
             $comment_body_encoded = strip_tags($comment_body);
             if (strlen($comment_body_encoded) > 250) {
                 $comment_body_encoded = substr($comment_body_encoded, 0, 247) . "...";
             }
             $comment_body_encoded = str_replace(array("<br>", "<br />"), " ", $comment_body_encoded);
             $actions->actions_add($user, $this->comment_type . "comment", array($user->user_info['user_username'], $user->user_displayname, $owner->user_info['user_username'], $owner->user_displayname, $comment_body_encoded, $this->comment_identifying_value, $object_title, $object_owner_id), array(), 0, false, $object_owner, $object_owner_id, $object_privacy);
         } else {
             SE_Language::_preload(835);
             SE_Language::load();
             $commenter = SE_Language::_get(835);
         }
         // SEND PROFILE COMMENT NOTIFICATION IF COMMENTER IS NOT OWNER
         if ($owner->user_info['user_id'] != $user->user_info['user_id']) {
             $notifytype = $notify->notify_add($owner->user_info['user_id'], $this->comment_type . "comment", $this->comment_identifying_value, array($owner->user_info['user_username'], $this->comment_identifying_value, $object_owner_id), array($object_title));
             $object_url = $url->url_base . vsprintf($notifytype['notifytype_url'], array($owner->user_info['user_username'], $this->comment_identifying_value));
             $owner->user_settings();
             if ($owner->usersetting_info['usersetting_notify_' . $this->comment_type . 'comment']) {
                 send_systememail($this->comment_type . "comment", $owner->user_info['user_email'], array($owner->user_displayname, $commenter, "<a href=\"{$object_url}\">{$object_url}</a>"));
             }
         }
     }
     return array('comment_id' => $comment_id, 'comment_body' => $comment_body, 'comment_date' => $comment_date);
 }
Beispiel #9
0
//////////////////////////////////////////////////////////////////
// override downloads if this video has embeding turned off!!
if ($allow_embedding == 'no') {
    $allow_download = 0;
}
//////////////////////////////////////////////////////////////////
// override downloads if viewer is a guest!!
if ($user_id == '') {
    $allow_download = 0;
}
//////////////////////////////////////////////////////////////////
// override downloads if video is not an upload!!
if ($video_type == 'embedded') {
    $allow_download = 0;
}
$player_token = randomcode();
$template = "themes/{$user_theme}/templates/main_1.htm";
$inner_template1 = "themes/{$user_theme}/templates/inner_play.htm";
//middle of page
$TBS = new clsTinyButStrong();
$TBS->NoErr = true;
$TBS->LoadTemplate("{$template}");
$TBS->MergeBlock('blk1', $result_search);
$TBS->MergeBlock('blk2', $result_search2);
$TBS->MergeBlock('blk3', $result_search3);
// video responses if any
$TBS->MergeBlock('blk4', $result_search4);
$TBS->Render = TBS_OUTPUT;
$TBS->Show();
@mysql_close();
die;
Beispiel #10
0
 function user_create($signup_email, $signup_username, $signup_password, $signup_timezone, $signup_language, $signup_cat, $profile_field_query)
 {
     global $database, $setting, $url, $actions, $field;
     // PRESET VARS
     $signup_subnet_id = 0;
     $signup_level_info = $database->database_fetch_assoc($database->database_query("SELECT level_id, level_profile_privacy, level_profile_comments FROM se_levels WHERE level_default='1' LIMIT 1"));
     $signup_date = time();
     $signup_dateupdated = $signup_date;
     $signup_invitesleft = $setting['setting_signup_invite_numgiven'];
     $signup_notify_friendrequest = 1;
     $signup_notify_message = 1;
     $signup_notify_profilecomment = 1;
     $signup_profile_search = 1;
     $signup_ip = $_SERVER['REMOTE_ADDR'];
     // SET SIGNUP_USERNAME TO A PLACEHOLDER IF USERNAMES ARE NOT BEING USED
     if (!$setting['setting_username']) {
         $signup_username = randomcode(15);
     }
     // SET WHETHER USER IS ENABLED OR NOT
     $signup_enabled = (bool) $setting['setting_signup_enable'];
     // SET EMAIL VERIFICATION VARIABLE
     $signup_verified = !$setting['setting_signup_verify'];
     // CREATE RANDOM PASSWORD IF NECESSARY
     if ($setting['setting_signup_randpass']) {
         $signup_password = randomcode(10);
     }
     // ENCODE PASSWORD WITH MD5
     $crypt_password = $this->user_password_crypt($signup_password);
     $signup_code = $user_salt = $this->user_salt;
     // SET PRIVACY DEFAULT
     $allowable_privacy = unserialize($signup_level_info['level_profile_privacy']);
     rsort($allowable_privacy);
     $profile_privacy = $allowable_privacy[0];
     // SET COMMENT DEFAULT
     $allowable_comments = unserialize($signup_level_info['level_profile_comments']);
     rsort($allowable_comments);
     $profile_comments = $allowable_comments[0];
     // ADD USER TO USER TABLE
     $database->database_query("\r\n      INSERT INTO se_users (\r\n        user_level_id,\r\n        user_profilecat_id,\r\n        user_email,\r\n        user_newemail,\r\n        user_username,\r\n        user_password,\r\n        user_password_method,\r\n        user_code,\r\n        user_enabled,\r\n        user_verified,\r\n        user_signupdate,\r\n        user_invitesleft,\r\n        user_timezone,\r\n        user_language_id,\r\n        user_dateupdated,\r\n        user_search,\r\n        user_privacy,\r\n        user_comments,\r\n        user_ip_signup,\r\n        user_ip_lastactive\r\n      ) VALUES (\r\n        '{$signup_level_info['level_id']}',\r\n        '{$signup_cat}',\r\n        '{$signup_email}',\r\n        '{$signup_email}',\r\n        '{$signup_username}',\r\n        '{$crypt_password}',\r\n        '{$setting['setting_password_method']}',\r\n        '{$signup_code}',\r\n        '{$signup_enabled}',\r\n        '{$signup_verified}',\r\n        '{$signup_date}',\r\n        '{$signup_invitesleft}',\r\n        '{$signup_timezone}',\r\n        '{$signup_language}',\r\n        '{$signup_dateupdated}',\r\n        '{$signup_profile_search}',\r\n        '{$profile_privacy}',\r\n        '{$profile_comments}',\r\n        '{$signup_ip}',\r\n        '{$signup_ip}'\r\n      )\r\n    ");
     // RETRIEVE USER ID
     $user_id = $database->database_insert_id();
     if ($user_id) {
         $this->user_exists = TRUE;
     }
     // UPDATE USERNAME IF NECESSARY
     if (!$setting['setting_username']) {
         $database->database_query("UPDATE se_users SET user_username=user_id WHERE user_id='{$user_id}' LIMIT 1");
     }
     // GET USER INFO
     $this->user_info = $database->database_fetch_assoc($database->database_query("SELECT * FROM se_users WHERE user_id='{$user_id}' LIMIT 1"));
     $this->level_info = $database->database_fetch_assoc($database->database_query("SELECT * FROM se_levels WHERE level_id='{$this->user_info['user_level_id']}' LIMIT 1"));
     $this->subnet_info = $database->database_fetch_assoc($database->database_query("SELECT subnet_id, subnet_name FROM se_subnets WHERE subnet_id='{$this->user_info['user_subnet_id']}' LIMIT 1"));
     // ADD USER PROFILE
     $database->database_query("INSERT INTO se_profilevalues (profilevalue_user_id) VALUES ('{$this->user_info['user_id']}')");
     if ($profile_field_query) {
         $database->database_query("UPDATE se_profilevalues SET {$profile_field_query} WHERE profilevalue_user_id='{$this->user_info['user_id']}' LIMIT 1");
     }
     // GET PROFILE INFO
     $this->profile_info = $database->database_fetch_assoc($database->database_query("SELECT * FROM se_profilevalues WHERE profilevalue_user_id='{$this->user_info['user_id']}' LIMIT 1"));
     // GET SUBNET ID
     $signup_subnet = $this->user_subnet_select($signup_email, $signup_cat, $this->profile_info);
     $signup_subnet_id = $signup_subnet[0];
     $database->database_query("UPDATE se_users SET user_subnet_id='{$signup_subnet_id}' WHERE user_id='{$user_id}' LIMIT 1");
     $this->user_info['user_subnet_id'] = $signup_subnet_id;
     // ADD ROW IN STYLES TABLE
     $database->database_query("INSERT INTO se_profilestyles (profilestyle_user_id, profilestyle_css) VALUES ('{$this->user_info['user_id']}', '')");
     // ADD ROW IN SETTINGS TABLE
     $actiontypes = $database->database_query("SELECT actiontype_id FROM se_actiontypes");
     $action_ids = array();
     while ($actiontype = $database->database_fetch_assoc($actiontypes)) {
         $action_ids[] = $actiontype['actiontype_id'];
     }
     $database->database_query("\r\n      INSERT INTO se_usersettings (\r\n        usersetting_user_id,\r\n        usersetting_notify_friendrequest,\r\n        usersetting_notify_message,\r\n        usersetting_notify_profilecomment,\r\n        usersetting_actions_display\r\n      ) VALUES (\r\n        '{$this->user_info['user_id']}',\r\n        '{$signup_notify_friendrequest}',\r\n        '{$signup_notify_message}',\r\n        '{$signup_notify_profilecomment}',\r\n        '" . implode(",", $action_ids) . "'\r\n      )\r\n    ") or die($database->database_error());
     // ADD USER DIRECTORY
     $user_directory = $url->url_userdir($this->user_info['user_id']);
     $user_path_array = explode("/", $user_directory);
     array_pop($user_path_array);
     array_pop($user_path_array);
     $subdir = implode("/", $user_path_array) . "/";
     if (!is_dir($subdir)) {
         mkdir($subdir, 0777);
         chmod($subdir, 0777);
         $handle = fopen($subdir . "index.php", 'x+');
         fclose($handle);
     }
     if (!is_dir($user_directory)) {
         mkdir($user_directory, 0777);
         chmod($user_directory, 0777);
         $handle = fopen($user_directory . "/index.php", 'x+');
         fclose($handle);
     }
     // SAVE FIRST/LAST NAME, IF RELEVANT
     if (trim($field->field_special[2])) {
         $flquery[] = "user_fname='" . $field->field_special[2] . "'";
         $this->user_info['user_fname'] = $field->field_special[2];
     }
     if (trim($field->field_special[3])) {
         $flquery[] = "user_lname='" . $field->field_special[3] . "'";
         $this->user_info['user_lname'] = $field->field_special[3];
     }
     if (!empty($flquery)) {
         $database->database_query("UPDATE se_users SET " . implode(", ", $flquery) . " WHERE user_id='{$this->user_info['user_id']}'");
         $this->user_displayname_update($field->field_special[2], $field->field_special[3]);
     }
     // SET DISPLAY NAME
     $this->user_displayname();
     // CALL SIGNUP HOOK
     ($hook = SE_Hook::exists('se_signup_success')) ? SE_Hook::call($hook, array()) : NULL;
     // SEND RANDOM PASSWORD IF NECESSARY
     if ($setting['setting_signup_randpass']) {
         send_systememail('newpassword', $this->user_info['user_email'], array($this->user_displayname, $this->user_info['user_email'], $signup_password, "<a href=\"" . $url->url_base . "login.php\">" . $url->url_base . "login.php</a>"));
     }
     // SEND VERIFICATION EMAIL IF REQUIRED
     if ($setting['setting_signup_verify']) {
         $verify_code = md5($this->user_info['user_code']);
         $time = time();
         $verify_link = $url->url_base . "signup_verify.php?u={$this->user_info['user_id']}&verify={$verify_code}&d={$time}";
         send_systememail('verification', $this->user_info['user_email'], array($this->user_displayname, $this->user_info['user_email'], "<a href=\"{$verify_link}\">{$verify_link}</a>"));
     } else {
         $actions->actions_add($this, "signup", array($this->user_info['user_username'], $this->user_displayname), array(), 0, false, "user", $this->user_info['user_id'], $this->user_info['user_privacy']);
     }
     // SEND WELCOME EMAIL IF REQUIRED (AND IF VERIFICATION EMAIL IS NOT BEING SENT)
     if ($setting['setting_signup_welcome'] && !$setting['setting_signup_verify']) {
         send_systememail('welcome', $this->user_info['user_email'], array($this->user_displayname, $this->user_info['user_email'], $signup_password, "<a href=\"" . $url->url_base . "login.php\">" . $url->url_base . "login.php</a>"));
     }
 }
// CHECK IF USER IS ALLOWED TO COMMENT
$allowed_to_comment = 1;
if(!($privacy_max & $article->article_info[article_comments])) { $allowed_to_comment = 0; }


// IF A COMMENT IS BEING POSTED
if($task == "dopost" & $allowed_to_comment != 0) {
  $comment_date = time();
  $comment_body = $_POST['comment_body'];

  // RETRIEVE AND CHECK SECURITY CODE IF NECESSARY
  if($setting[setting_comment_code] != 0) {
    session_start();
    $code = $_SESSION['code'];
    if($code == "") { $code = randomcode(); }
    $comment_secure = $_POST['comment_secure'];

    if($comment_secure != $code) { $is_error = 1; }
  }

  // MAKE SURE COMMENT BODY IS NOT EMPTY
  $comment_body = censor(str_replace("\r\n", "<br>", $comment_body));
  $comment_body = preg_replace('/(<br>){3,}/is', '<br><br>', $comment_body);
  $comment_body = ChopText($comment_body);
  if(str_replace(" ", "", $comment_body) == "") { $is_error = 1; $comment_body = ""; }

  // ADD COMMENT IF NO ERROR
  if($is_error == 0) {
    $database->database_query("INSERT INTO se_articlecomments (articlecomment_article_id, articlecomment_authoruser_id, articlecomment_date, articlecomment_body) VALUES ('".$article->article_info[article_id]."', '".$user->user_info[user_id]."', '$comment_date', '$comment_body')");
Beispiel #12
0
    $_SESSION['vid_upload_token'] = $vid_upload_token;
    $template = "themes/{$user_theme}/templates/main_1.htm";
    $inner_template1 = "themes/{$user_theme}/templates/inner_upload_video_form.htm";
    $TBS = new clsTinyButStrong();
    $TBS->NoErr = true;
    $TBS->LoadTemplate("{$template}");
    $TBS->Render = TBS_OUTPUT;
    $TBS->Show();
    @mysql_close();
    die;
}
// disply clean page
if (!isset($form_submitted) || $form_submitted == '') {
    unset($_SESSION['vid_upload_token']);
    $_SESSION['vid_upload_token'] = NULL;
    $vid_upload_token = randomcode();
    $_SESSION['vid_upload_token'] = $vid_upload_token;
    $template = "themes/{$user_theme}/templates/main_1.htm";
    $inner_template1 = "themes/{$user_theme}/templates/inner_upload_video_form.htm";
    $TBS = new clsTinyButStrong();
    $TBS->NoErr = true;
    $TBS->LoadTemplate("{$template}");
    $TBS->Render = TBS_OUTPUT;
    $TBS->Show();
    @mysql_close();
    die;
}
if ($procede == true && $form_submitted == 'yes') {
    //=================================START OF UPLOAD=================================
    $THIS_VERSION = '2.0';
    if (isset($_GET['cmd']) && $_GET['cmd'] == 'about') {
Beispiel #13
0
     // LOADING TEMPLATE IS MAYBE USELESS SINCE THIS WOULD COME FROM A SCRIPT POST
     // MAYBE SHOULD JUST DO A DIE HERE!
     $message_type = $lang_error;
     $blk_notification = 1;
     $show_signup = 0;
     $template = "themes/{$user_theme}/templates/main_1.htm";
     $inner_template1 = "themes/{$user_theme}/templates/inner_signup_form.htm";
     $TBS = new clsTinyButStrong();
     $TBS->NoErr = true;
     $TBS->LoadTemplate("{$template}");
     $TBS->Render = TBS_OUTPUT;
     $TBS->Show();
     @mysql_close();
     die;
 } else {
     $random_code = randomcode();
     $password_email = $password;
     $password = md5($password);
     $passwordSalt = substr(md5(rand()), 0, 4);
     if ($zip_code > '') {
         $country_list = 'USA';
     }
     if ($send_confirm_email == 'yes') {
         // insert new user record
         $sql = "INSERT into member_profile (email_address, user_name, password, passwordSalt, first_name, last_name, zip_code, country, user_ip, birthday, account_status, account_type, date_created, random_code)\r\n    \t\t\t\t  VALUES ('{$email_address}', '{$user_name}', '{$password}', '{$passwordSalt}', '{$first_name}', '{$last_name}', '{$zip_code}', '{$country_list}', '{$user_ip}', '{$birthday}', 'new', 'standard', NOW(), '{$random_code}')";
         @mysql_query($sql) or die($config['error_26']);
         //error
         // get new user_id
         $sql = "SELECT user_id, email_address, random_code FROM member_profile WHERE random_code = '{$random_code}' AND email_address = '{$email_address}'";
         $query = @mysql_query($sql);
         while ($result = @mysql_fetch_array($query)) {
Beispiel #14
0
}
//Check if this member is active, get email, username
/////////////////////////////////////////////////////
$sql = "SELECT email_address, user_name FROM member_profile WHERE user_id = {$member_id} AND \taccount_status = 'active'";
$query = @mysql_query($sql);
$result = @mysql_fetch_array($query);
$friends_email = $result['email_address'];
$friends_username = $result['user_name'];
if (@mysql_num_rows($query) < 0) {
    ErrorDisplay1($config['error_2']);
    //user could not be found or is not active ...
    die;
}
//Everything Good sofar - Invite member
////////////////////////////////////////
$invite_id = randomcode();
$sql = "INSERT INTO friends (user_id, invitation_id, friends_id, invitation_type, blocked_users, invitation_status, my_username, friends_username, todays_date) VALUES ({$user_id}, '{$invite_id}', {$member_id}, 'online', 'no', 'pending', '{$user_name}', '{$friends_username}', NOW())";
@mysql_query($sql);
//Send Invitee an email
///////////////////////
// check users notification setting and send system notification
if (notification_preferences($member_id, "friendsinvite") == true) {
    //get my real name for use in email
    ///////////////////////////////////
    $sql_1 = "SELECT * FROM member_profile WHERE user_id = {$user_id}";
    $result_1 = @mysql_fetch_array(@mysql_query($sql_1));
    $my_real_name = $result_1['first_name'];
    //if the member has not yet updated their profile to show real name then use their username and email instead
    if ($my_real_name == "") {
        $my_real_name = $user_name . ' (' . $result_1['email_address'] . ')';
        //this will create something like: inmotion (me@gmail.com)