function print_comments($url) { $url = trim(str_replace('"', "'", urldecode($url))); if (!empty($_POST["comment"])) { $text = str_replace('"', "'", htmlspecialchars(strip_tags($_POST["comment"]))); $text = str_replace("\n", "<br/>", $text); $query = 'SELECT * FROM `nodes_comments` WHERE `text` LIKE "' . $text . '" AND `url` LIKE "' . $url . '" AND `user_id` = "' . $_SESSION["user"]["id"] . '"'; $res = engine::mysql($query); $data = mysql_fetch_array($res); if (empty($data) && intval($_SESSION["user"]["id"] > 0)) { $query = 'INSERT INTO `nodes_comments` (`url`, `reply`, `user_id`, `text`, `date`) ' . 'VALUES("' . $url . '", "' . intval($_POST["reply"]) . '", "' . $_SESSION["user"]["id"] . '", "' . $text . '", "' . date("U") . '")'; engine::mysql($query); $query = 'SELECT * FROM `nodes_config` WHERE `name` = "send_comments_email"'; $r_conf = engine::mysql($query); $d_conf = mysql_fetch_array($r_conf); if (intval($d_conf["value"])) { $query = 'SELECT * FROM `nodes_config` WHERE `name` = "email"'; $r_email = engine::mysql($query); $d_email = mysql_fetch_array($r_email); $message = 'User ' . $_SESSION["user"]["name"] . ' add new comment!<br/>' . '<a href="' . $_SERVER["SCRIPT_URI"] . '">' . $_SERVER["SCRIPT_URI"] . '</a><br/>' . '<br/>Comment:<br/>-----------------------------<br/>' . $text; engine::send_mail($d_email["value"], "no-reply@" . $_SERVER["HTTP_HOST"], "New comment at " . $_SERVER["HTTP_HOST"], $message); } $fout .= ' <script>alert("' . $GLOBALS["Lang"]["Comment submited!"] . '");</script> '; } } $flag = 0; $fout1 .= '<table align=center style="width: 100%; max-width: 500px; font-size: 14px;">'; $query = 'SELECT * FROM `nodes_comments` WHERE `url` LIKE "' . $url . '"'; $res = engine::mysql($query); while ($data = mysql_fetch_array($res)) { if (intval($data["id"]) > 0) { $fout1 .= print_comment($data["id"]); $flag = 1; } } $fout1 .= '</table><br/>'; if (!empty($_SESSION["user"])) { if (!$flag) { $fout .= $GLOBALS["Lang"]["There is no comments"] . '<br/><br/>'; } else { $fout .= $fout1; } $fout .= ' <form method="POST"> <div id="new_comment" style="display:none;"> <h2 style="font-size: 21px;">' . $GLOBALS["Lang"]["Add new comment"] . '</h2><br/><br/> <textarea name="comment" cols=50 style="height: 80px; width: 100%; max-width: 500px;"></textarea><br/><br/> <center><input type="submit" class="btn" value="' . $GLOBALS["Lang"]["Submit comment"] . '" style="width: 280px;" /></center> </div> <input type="button" class="btn" value="' . $GLOBALS["Lang"]["Add comment"] . '" style="width: 280px;" onClick=\'document.getElementById("new_comment").style.display="block";this.style.display="none";\' /> </form> '; } return $fout; }
$query = 'UPDATE `nodes_transactions` SET `status` = "1" WHERE `id` = "' . $payment->getId() . '"'; } else { $query = 'SELECT * FROM `nodes_transactions` WHERE `id` = "' . $_REQUEST["id"] . '"'; $res = engine::mysql($query); $d = mysql_fetch_array($res); $query = 'UPDATE `nodes_transactions` SET `status` = "1" WHERE `id` = "' . $_REQUEST["id"] . '"'; } engine::mysql($query); $query = 'SELECT * FROM `nodes_config` WHERE `name` = "send_paypal_email"'; $res = engine::mysql($query); $spe = mysql_fetch_array($res); $query = 'SELECT * FROM `nodes_config` WHERE `name` = "email_signature"'; $res = engine::mysql($query); $sign = mysql_fetch_array($res); if ($spe["value"]) { engine::send_mail($dd["email"], $_SESSION["user"]["email"], "New payment to " . $_SERVER["HTTP_HOST"], 'Transaction successfully finished!' . $sign["value"]); } // new message in chat to receiver // /* $query = 'SELECT * FROM `nodes_excursions` WHERE `id` = "'.$d["order_id"].'"'; $res = engine::mysql($query); $d = mysql_fetch_array($res); $query = 'SELECT * FROM `nodes_users` WHERE `id` = "'.$d["user_id"].'"'; $res = engine::mysql($query); $dd = mysql_fetch_array($res); $text = 'User <b>'.$_SESSION["user"]["name"].'</b> create a new transaction'; $mail = 'User <a href="http://'.$_SERVER["HTTP_HOST"].'/account/inbox/'.$_SESSION["user"]["id"].'" target="_blank"><b>'.$_SESSION["user"]["name"].'</b></a> create a new transaction'; $query = 'INSERT INTO `nodes_message`(`from`, `to`, `text`, `date`) VALUES("'.$_SESSION["user"]["id"].'", "'.$d["user_id"].'", "'.$text.'", "'.date("U").'")'; engine::mysql($query);
@mysql_query("SET NAMES utf8"); $res = mysql_query($query) or die(mysql_error()); $target = mysql_fetch_array($res); $query = 'INSERT INTO `nodes_message`(`from`, `to`, `text`, `date`) VALUES("' . intval($_GET["id"]) . '", "' . intval($_GET["target"]) . '", "' . $text . '", "' . date("U") . '")'; @mysql_query("SET NAMES utf8"); mysql_query($query); $query = 'SELECT * FROM `nodes_config` WHERE `name` = "send_message_email"'; $r_conf = engine::mysql($query); $d_conf = mysql_fetch_array($r_conf); $query = 'SELECT * FROM `nodes_config` WHERE `name` = " email_signature"'; $r_sign = engine::mysql($query); $d_sign = mysql_fetch_array($r_sign); if ($d_conf["value"]) { if ($target["online"] < date("U") - 300) { $message = 'User ' . $_SESSION["user"]["name"] . ' sent a message for you!<br/><br/>' . '<a href="http://' . $_SERVER["HTTP_HOST"] . '/inbox/' . $_SESSION["user"]["id"] . '">http://' . $_SERVER["HTTP_HOST"] . '/inbox/' . $_SESSION["user"]["id"] . '</a>' . $d_sign["value"]; engine::send_mail($target["email"], "no-reply@" . $_SERVER["HTTP_HOST"], "New message at " . $_SERVER["HTTP_HOST"], $message); } } } } $query = 'SELECT * FROM `nodes_message` WHERE (`from` = ' . $_GET["id"] . ' AND `to` = ' . $_GET["target"] . ') OR (`from` = ' . $_GET["target"] . ' AND `to` = ' . $_GET["id"] . ') ORDER BY `date` ASC'; @mysql_query("SET NAMES utf8"); $res = mysql_query($query) or die(mysql_error()); $fout = '<div id="chat">' . '<table style="width: 100%; padding-top: 10px; padding-bottom: 10px;" border=0 >'; while ($data = mysql_fetch_array($res)) { if ($data["from"] == $_GET['id']) { if ($data["readed"] == "0") { $fout .= '<tr><td style="background: #dfdfdf;">'; } else { $fout .= '<tr><td>'; }
function template($site) { $this->site = $site; $this->engine = $this->site->engine; if (!empty($_POST["contact"]) && !empty($_POST["text"]) && !empty($_SESSION["user"]["id"])) { engine::send_mail($site->configs["email"], $_POST["contact"], "New message from " . $_SERVER["HTTP_HOST"], str_replace("\n", "<br/>", $_POST["text"])); $site->activejs .= ' alert("' . $GLOBALS["Lang"]["Message sent successfully"] . '"); '; } $site->activejs .= ' if(!window.jQuery) document.write(unescape(\'<script type="text/javascript" src="/libs/jquery-1.11.1.js">%3C/script%3E\')); if(window.jQuery) try { jQuery("a, img, div, input, select, textarea, button").tooltipster(); }catch(err) { document.write(unescape(\'<script type="text/javascript" src="/libs/jquery.tooltipster.min.js">%3C/script%3E\')); jQuery("a, img, div, input, select, textarea, button").tooltipster(); } '; if (!isset($_POST["jQuery"])) { $header = '<header id="mainHead"> <div class="container"> <div id="logo"> <div id="logoOne"><a href="/"><img src="/img/logo.png" style="height: 65px;" alt="' . $site->config->name . '"></a></div> <div id="logoTwo"><a href="/" id="site_title">' . $site->title . '</a></div> </div> <div id="nav"> <ul> <li><a href="/">' . $GLOBALS["Lang"]["Home"] . '</a></li> <li><a href="/content">' . $GLOBALS["Lang"]["Content"] . '</a></li> '; if (empty($_SESSION["user"]["id"])) { $header .= '<li class="last"><a href="/register" class="btn">' . $GLOBALS["Lang"]["Sign Up"] . '</a></li> <li class="last" id="last"><a href="#" class="btn" onClick="show_login_form();">' . $GLOBALS["Lang"]["Login"] . '</a></li>'; } else { $header .= '<li class="last"><a href="/account" class="btn">' . $GLOBALS["Lang"]["My Account"] . '</a></li> <li class="last" id="last"><a href="#" onClick="logout();" class="btn">' . $GLOBALS["Lang"]["Logout"] . '</a></li>'; } $header .= ' </ul></div> <div id="searchIcon" onClick=\'result = prompt("' . $GLOBALS["Lang"]["Search"] . '", ""); if(result){ window.location="/search/"+encodeURIComponent(result); }\'> <img src="/img/search.png" style="height: 25px;" /> <form id="search_form" method="GET" action="/search/"><input type="hidden" id="query" name="q" value="" /></form> </div> <a id="menuIcon"><img src="/img/menu.png" alt="' . $GLOBALS["Lang"]["Show navigation"] . '"></a> <div id="langIcon"> <form method="POST" id="lang_select"> <select name="lang" onChange=\'document.getElementById("lang_select").submit();\'>'; if ($_SESSION["Lang"] == "en") { $header .= '<option selected>EN</option>'; } else { $header .= '<option>EN</option>'; } if ($_SESSION["Lang"] == "ru") { $header .= '<option selected>RU</option>'; } else { $header .= '<option>RU</option>'; } if ($_SESSION["Lang"] == "gr") { $header .= '<option selected>GR</option>'; } else { $header .= '<option>GR</option>'; } $header .= ' </select> </form> </div> </div> </header> <section id="bigNav"> <div class="container"> <ul> <li><a href="/content">' . $GLOBALS["Lang"]["Content"] . '</a></li>'; if (empty($_SESSION["user"]["id"])) { $header .= ' <li><a href="#" onClick="show_login_form();">' . $GLOBALS["Lang"]["Login"] . '</a></li> <li><a href="/register">' . $GLOBALS["Lang"]["Sign Up"] . '</a></li>'; } if (empty($_SESSION["user"]["id"])) { $header .= ' <li style="display:none;"><a href="/sitemap.php" target="_blank">' . $GLOBALS["Lang"]["Sitemap"] . '</a></li>'; } else { if ($_SESSION["user"]["id"] == "1") { $header .= ' <li><a href="/admin" target="_blank">' . $GLOBALS["Lang"]["Admin"] . '</a></li>'; } $header .= ' <li><a href="/account">' . $GLOBALS["Lang"]["Account"] . '</a></li> <li><a href="#" onClick="logout();">' . $GLOBALS["Lang"]["Logout"] . '</a></li>'; } $header .= ' </ul> </div> </section>'; $header .= ' <div id="content"> <!-- content --> '; $footer = ' <!-- /content --> </div> <section id="footer"> <div class="container"> <div class="footer_left"> <div class="footer_contacts"> <span>' . $GLOBALS["Lang"]["Get in Touch"] . '</span> <div style="clear:both; height: 25px;"></div> <a href="https://twitter.com/" target="_blank"> <div class="social_img"><img src="/img/social/tw.png" alt="Twitter"/></div> <div style="padding-top: 7px;" title="' . $GLOBALS["Lang"]["Connect us at"] . ' Twitter">Twitter</div> </a> <div style="clear:both; height: 20px;"></div> <a href="https://www.facebook.com/" target="_blank"> <div class="social_img"><img src="/img/social/fb.png" alt="Facebook"/></div> <div style="padding-top: 7px;" title="' . $GLOBALS["Lang"]["Connect us at"] . ' Facebook">Facebook</div> </a> <div style="clear:both; height: 10px;"></div> </div> </div> <div class="footer_right left-center" id="contact_us"> <span>' . $GLOBALS["Lang"]["Contact Us"] . '</span> <div style="clear:both; height: 20px;"></div> <form method="POST"> <textarea name="text" placeHolder="' . $GLOBALS["Lang"]["Your message here"] . '" '; if (!empty($_SESSION["user"]["id"])) { $footer .= '></textarea><br/>' . '<input type="submit" onClick=\'send_message();\' class="btn" style="width: 270px;" value="' . $GLOBALS["Lang"]["Send message"] . '" />'; } else { $footer .= 'onFocus="show_login_form();" ></textarea><br/>' . '<input type="button" class="btn" style="width: 270px;" value="' . $GLOBALS["Lang"]["Send message"] . '" onClick="show_login_form();" />'; } $footer .= ' </form> </div> <div style="clear:both;"></div> </div> <div id="copyright">' . $GLOBALS["Lang"]["Copyright"] . ' <a href="http://' . $_SERVER["HTTP_HOST"] . '" title="' . $site->configs["description"] . '">' . $_SERVER["HTTP_HOST"] . '</a>, 2015. ' . $GLOBALS["Lang"]["All rights reserved"] . '</div> <div id="developed"> <div id="caption">' . $GLOBALS["Lang"]["Developed by"] . ' <a onMouseOver=\'show_developer();\' onClick=\'window.open("http://nodes-studio.com");\'>Nodes Studio</a></div> <div id="freelance" onMouseOut=\'hide_developer();\'> <img src="/img/developed.png" title="Nodes Studio - Development Future!" onClick=\'window.open("http://nodes-studio.com");\' /> </div> </div> <div style="clear:both;"></div> </section> <script src="/script.js" language="JavaScript" type="text/javascript"></script> <!-- <script src="http://code.jquery.com/jquery-1.11.1.min.js" type="text/javascript"></script> --> <script language="JavaScript" type="text/javascript"> if(!window.jQuery) document.write(unescape(\'<script type="text/javascript" src="/libs/jquery-1.11.1.js">%3C/script%3E\')); </script> <script type="text/javascript" src="/jquery.js"></script> <script src="/libs/jquery.tooltipster.min.js" type="text/javascript"></script> <div id="floater"> <img src="/img/up_button.png" alt="' . $GLOBALS["Lang"]["Up"] . '"> </div> '; } if (empty($site->get)) { $this->site->content = $header . ' <section id="topSection"> </section> <section id="contentSection"> <div class="container"> ' . $this->site->content . ' </div> </section> <section id="bottomSection"> </section> ' . $footer; } else { if (!empty($site->menu)) { $header .= ' <nav> <div id="submenu"> <div onClick=\'show_more(this);\' id="submenu_button" ><img src="/img/sliderBars.png" title="' . $GLOBALS["Lang"]["Show All"] . '" /></div> ' . $site->menu . ' </div> </nav> <section id="contentSection"> '; } else { $header .= '<section id="contentSection" style="padding-top: 80px;">'; } $this->site->content = $header . ' <div class="container"> ' . $this->site->content . ' </div> </section> ' . $footer; } }
<html> <head> <link href="/style.css" rel="stylesheet" type="text/css"> </head> <body style="background: #fff; opacity: 1;">'; if (!empty($_POST["email"])) { $email = str_replace('"', "'", $_POST["email"]); $query = 'SELECT * FROM `nodes_users` WHERE `email` = "' . $email . '"'; $res = engine::mysql($query); $data = mysql_fetch_array($res); if (!empty($data)) { $new_pass = substr(md5($email . date("U")), 0, 6); $query = 'UPDATE `nodes_users` SET `pass` = "' . md5($new_pass) . '" WHERE `email` = "' . $email . '"'; @mysql_query("SET NAMES utf8"); $res = mysql_query($query) or die(mysql_error()); engine::send_mail($email, "no-reply@" . $_SERVER[HTTP_HOST], $GLOBALS["Lang"]["New password for"] . " " . $_SERVER[HTTP_HOST], $GLOBALS["Lang"]["New password is"] . ": " . $new_pass . '<br/><br/><a href="http://' . $_SERVER[HTTP_HOST] . '">' . $_SERVER[HTTP_HOST] . '</a>'); $fout .= '<div style="text-align:center; padding-top: 100px;">' . $GLOBALS["Lang"]["Message with new password is sended to email"] . '.</div> <script>function redirect(){window.location="account.php?mode=form";}setTimeout(redirect, 3000);</script>'; } else { $fout .= '<div style="text-align:center; padding-top: 100px;">Email ' . $GLOBALS["Lang"]["not found"] . '.</div>' . '<script>function redirect(){window.location="account.php?mode=remember";}setTimeout(redirect, 3000);</script>'; } } else { $fout .= '<div style="text-align:left;"><script>parent.document.getElementById("nodes_iframe").style.height="235px";</script><center><h3 style="color: #555;">Restore password</h3></center><br/><form method="POST">' . '<input type="text" name="email" value="' . $_POST["email"] . '" class="input" style="width: 200px; padding: 5px; margin-top: 5px;" placeHolder="Email" /><br/>' . '<div style="padding-top: 17px; padding-bottom: 20px; margin: auto; text-align: center;"><a onClick=\'parent.window.location = "register";\'>' . $GLOBALS["Lang"]["Sign Up"] . '</a> | <a rel="nofollow" href="/account.php?mode=login">Login</a></div>' . '<input type="submit" class="btn" value="Submit" style="width: 200px;" /></form></div>'; } $fout .= '</body></html>'; } else { if ($_GET["mode"] == "social" && !empty($_GET["method"])) { if ($_GET["method"] == "fb") { require_once 'engine/api/oauth/fb_auth.php'; } else { if ($_GET["method"] == "vk") {
function register_class($site) { $this->site = $site; $this->engine = $this->site->engine; $site->title = $GLOBALS["Lang"]["Sign Up"] . ' - ' . $site->title; if (!empty($site->get[1])) { $site->content = engine::error(); return; } if (!empty($_POST["email"])) { if ($_POST["captcha"] != $_SESSION["captcha"]) { $fout = '<script>alert("' . $GLOBALS["Lang"]["Error"] . '. ' . $GLOBALS["Lang"]["Invalid conformation code"] . '.");</script>'; } else { $name = mysql_real_escape_string($_POST["name"]); $email = strtolower(mysql_real_escape_string($_POST["email"])); $query = 'SELECT * FROM `nodes_users` WHERE `email` = "' . $email . '"'; @mysql_query("SET NAMES utf8"); $r = mysql_query($query) or die(mysql_error()); $d = mysql_fetch_array($r); if (!empty($d)) { $fout = '<script>alert("' . $GLOBALS["Lang"]["Error"] . '. ' . $GLOBALS["Lang"]["Email"] . ' ' . $GLOBALS["Lang"]["allready exist"] . '.");</script>'; unset($_POST["email"]); } else { if (strpos($email, "@")) { if (!empty($_POST["pass"])) { $query = 'INSERT INTO `nodes_users` (`name`, `photo`, `email`, `pass`, `online`) VALUES ("' . $name . '", "/img/anon.jpg", "' . $email . '", "' . md5(trim($_POST["pass"])) . '", "' . date("U") . '")'; @mysql_query("SET NAMES utf8"); mysql_query($query) or die(mysql_error()); $query = 'SELECT * FROM `nodes_users` WHERE `email` = "' . $email . '" AND `pass` = "' . md5(trim($_POST["pass"])) . '"'; @mysql_query("SET NAMES utf8"); $res = mysql_query($query) or die(mysql_error()); $data = mysql_fetch_array($res); if (!empty($data)) { unset($data["pass"]); unset($data[5]); unset($data["token"]); unset($data[9]); $_SESSION["user"] = $data; $fout = '<script language="JavaScript">window.location = "/";</script>'; } else { $fout = '<div style="text-align:center; padding-top: 100px;">' . $GLOBALS["Lang"]["Incorrect email of password"] . '.</div>'; } if ($site->configs["send_registration_email"]) { engine::send_mail($email, "no-reply@" . $_SERVER["HTTP_HOST"], $GLOBALS["Lang"]["Registration at"] . ' ' . $_SERVER["HTTP_HOST"], 'Dear ' . $name . '!<br/><br/>' . $GLOBALS["Lang"]["We are glad to confirm sucsessful registration at"] . ' <a href="http://' . $_SERVER["HTTP_HOST"] . '/">' . $_SERVER["HTTP_HOST"] . '</a>' . $site->configs["email_signature"]); } $site->content = $fout; return; } else { $fout = '<script>alert("' . $GLOBALS["Lang"]["Error"] . '. ' . $GLOBALS["Lang"]["Enter password"] . '.");</script>'; } } else { $fout = '<script>alert("' . $GLOBALS["Lang"]["Error"] . '. ' . $GLOBALS["Lang"]["Incorrect email"] . '.");</script>'; unset($_POST["email"]); } } } } $fout = '<h1>' . $GLOBALS["Lang"]["Sign Up"] . '</h1>' . '<br/>' . '<br/><form method="POST">' . '<input required type="text" name="email" value="' . $_POST["email"] . '" class="input" style="padding: 5px; width: 100%;max-width: 265px; margin-top: 0px;" placeHolder="' . $GLOBALS["Lang"]["Email"] . '" title="' . $GLOBALS["Lang"]["Email"] . '" /><br/>' . '<input required type="text" name="name" value="' . $_POST["name"] . '" class="input" style="padding: 5px;width: 100%;max-width: 265px; margin-top: 10px;" placeHolder="' . $GLOBALS["Lang"]["Name"] . '" title="' . $GLOBALS["Lang"]["Name"] . '" /><br/>' . '<input required type="password" name="pass" class="input" style="width: 100%;padding: 5px;max-width: 265px; margin-top: 10px;" placeHolder="' . $GLOBALS["Lang"]["Password"] . '" title="' . $GLOBALS["Lang"]["Password"] . '" value="' . $_POST["pass"] . '" /><br/>' . '<br/>' . '<center><img src="/captcha.php?' . md5(date("U")) . '" /></center>' . '<input required type="text" name="captcha" class="input" style="width: 100%;padding: 5px;max-width: 265px; margin-top: 5px;" placeHolder="' . $GLOBALS["Lang"]["Confirmation code"] . '" title="' . $GLOBALS["Lang"]["Confirmation code"] . '" />' . '<br/><input type="submit" class="btn" value="' . $GLOBALS["Lang"]["Submit"] . '" style="width: 100%;max-width: 265px;margin-top: 10px;" /></form>' . '<br/><br/>' . $fout; $site->content = $fout; }