public function home() { global $user; $v = $this->__(w('alias filename ext')); if (!f($v['alias']) || !f($v['filename'])) { _fatal(); } $sql = 'SELECT tree_id FROM _tree WHERE tree_alias = ?'; if (!($tree = _fieldrow(sql_filter($sql, $v['alias'])))) { _fatal(); } $sql = 'SELECT * FROM _downloads WHERE download_alias = ? AND download_tree = ?'; if (!($download = _fieldrow(sql_filter($sql, $v['filename'], $tree['tree_id'])))) { _fatal(); } if ($download['download_login']) { _login(); } $sql = 'UPDATE _downloads SET download_count = download_count + 1 WHERE download_id = ?'; _sql(sql_filter($sql, $download['download_id'])); $filepath = LIB . 'fetch/' . _filename($download['download_id'], $download['download_extension']); return; }
protected function _members_profile() { global $bio; $sql = 'SELECT * FROM _bio_store ORDER BY a_field'; $profiles = _rowset($sql); foreach ($profiles as $row) { $field_id = 0; if (isset($cache[$row['a_field']])) { $field_id = $cache[$row['a_field']]; } if (!$field_id) { $sql = 'SELECT * FROM _bio_fields WHERE field_display = ?'; if ($members_fields = _fieldrow(sql_filter($sql, $row['a_field']))) { $field_id = $members_fields['field_id']; $cache[$row['a_field']] = $field_id; } } if (!$field_id) { $sql_insert = array('field_alias' => $row['a_field'], 'field_name' => $row['a_field'], 'field_display' => $row['a_field'], 'field_required' => 0, 'field_unique' => 0, 'field_unique_global' => 0, 'field_show' => 1, 'field_length' => 0, 'field_type' => 'text', 'field_relation' => '', 'field_function' => '', 'field_js' => ''); $field_id = sql_put('_bio_fields', $sql_insert); } $sql = 'UPDATE _bio_store SET a_field = ? WHERE a_id = ?'; _sql(sql_filter($sql, $field_id, $row['a_id'])); } $sql = "ALTER TABLE _bio_store\r\n\t\t\tCHANGE a_field a_field INT(11) NOT NULL DEFAULT '0'"; _sql($sql); $this->_e('Done!'); return; }
public function in() { global $user, $core; if ($user->v('is_member')) { redirect(_link()); } if (_button()) { $v = $this->__(w('username password lastpage')); $userdata = w(); if (!f($v['username']) || !f($v['password']) || !preg_match('#^([a-z0-9\\_\\-]+)$#is', $v['username'])) { $this->error('LOGIN_ERROR'); } if (!$this->errors()) { $v['username'] = array_key(explode('@', $v['username']), 0); $sql = 'SELECT * FROM _members WHERE user_username = ? AND user_id <> ? AND user_active = 1'; if (!($userdata = _fieldrow(sql_filter($sql, $v['username'], U_GUEST)))) { $this->error('LOGIN_ERROR'); } if (!$this->errors()) { if (!$core->v('signin_pop')) { if (isset($userdata['user_password']) && $userdata['user_password'] === _password($v['password'])) { $user->session_create($userdata['user_id']); redirect($v['lastpage']); } $this->error('LOGIN_ERROR'); } else { require_once XFS . 'core/pop3.php'; $pop3 = new pop3(); if (!$pop3->connect($core->v('mail_server'), $core->v('mail_port'))) { $this->error('LOGIN_ERROR'); } if (!$this->errors() && !$pop3->user($v['username'])) { $this->error('LOGIN_ERROR'); } if (!$this->errors() && !$pop3->pass($v['password'], false)) { $this->error('LOGIN_ERROR'); } $pop3->quit(); if (!$this->errors()) { $user->session_create($userdata['user_id']); redirect($v['lastpage']); } } } } } _login(false, $this->get_errors()); }
protected function _faq_item() { $v = $this->__(array('help' => 0)); $sql = 'SELECT * FROM _help_faq f, _help_cat c, _help_modules m WHERE f.faq_id = ? AND f.help_id = c.help_id AND c.help_module = m.module_id'; if (!($faq = _fieldrow(sql_filter($sql, $v['help'])))) { _fatal(); } _style('faq', array('CAT' => _link('help', $faq['module_name']), 'QUESTION_ES' => $faq['faq_question_es'], 'ANSWER_ES' => _message($faq['faq_answer_es']))); $this->_faq_home(); return; }
protected function _attend_home() { global $bio; if (!is_ghost()) { _fatal(); } if (!$bio->v('auth_member')) { _login(); } $v = $this->__(_array_keys(w('event option'), 0)); if (!$v['event'] || !$v['option']) { _fatal(); } $sql = 'SELECT event_id FROM _events WHERE event_id = ?'; if (!_fieldrow($sql, $v['event'])) { _fatal(); } $sql = 'SELECT type_id FROM _events_attend_type WHERE type_id = ?'; if (!_fieldrow(sql_filter($sql, $v['option']))) { _fatal(); } $sql = 'SELECT attend_id FROM _events_attend WHERE attend_event = ? AND attend_uid = ?'; if ($attend_id = _field(sql_filter($sql, $v['event'], $bio->v('bio_id')), 'attend_id', 0)) { $sql = 'UPDATE _events SET attend_option = ? WHERE attend_id = ?'; _sql(sql_filter($sql, $v['option'], $attend_id)); } else { $sql_insert = array('attend_event' => $v['event'], 'attend_uid' => $bio->v('bio_id'), 'attend_option' => $v['option'], 'attend_time' => time()); sql_put('_events_attend', $sql_insert); } return $this->e('~OK'); }
protected function _artist_home() { $v = array_merge($v, $this->__(array('a_name', 'a_website', 'a_email', 'a_genre' => array(0), 'a_country' => 0))); $v_check = array('a_name' => 'INVALID_NAME', 'a_email' => 'INVALID_EMAIL', 'a_genre' => 'INVALID_GENRE'); foreach ($v_check as $vk => $vv) { if (!f($v[$vk])) { $this->error($vv); } } if (!$this->errors()) { $v['a_alias'] = _alias($v['a_name']); if (f($v['a_alias'])) { $sql = 'SELECT a_approved FROM _artists WHERE a_alias = ?'; if ($a_approved = _field(sql_filter($sql, $v['a_alias']), 'a_approved')) { $a_msg = $a_approved ? 'EXISTS' : 'PENDING'; $this->error('ARTIST_' . $a_msg); } } else { $this->error('INVALID_ALIAS'); } } if (!$this->errors() && !check_email($v['a_email'])) { $this->error('INVALID_EMAIL'); } if (!$this->errors()) { $sql = 'SELECT country_id FROM _countries WHERE country_id = ?'; if (!_fieldrow(sql_filter($sql, $v['a_country']))) { $this->error('INVALID_COUNTRY'); } } if (!$this->errors()) { $sql = 'SELECT type_id FROM _alias_type WHERE type_alias = ?'; $alias_type = _field(sql_filter($sql, 'artist'), 'type_id'); $sql_insert = array('name' => $v['a_name'], 'alias' => $v['a_alias'], 'approved' => 0, 'time' => time(), 'email' => strtolower($v['a_email']), 'website' => $v['a_website'], 'country' => $v['a_country'], 'biography' => '', 'views' => 0, 'music' => 0, 'video' => 0, 'news' => 0, 'posts' => 0, 'votes' => 0, 'lyrics' => 0, 'images' => 0); sql_put('_artists', prefix('a', $sql_insert)); $sql_insert = array('name' => $v['a_alias'], 'enable' => 0, 'type' => $alias_type); sql_put('_alias', prefix('alias', $sql_insert)); redirect(_link('alias', array('alias' => $v['a_alias']))); } return; }
protected function _friend_deny() { global $bio; if (!$bio->v('auth_member')) { _login(); } $v = $this->__(w('a')); $sql = 'SELECT bio_id FROM _bio WHERE bio_alias = ?'; if (!($bio_id = _field(sql_filter($sql, $v['a']), 'bio_id', 0))) { _fatal(); } $sql = 'SELECT friend_id, friend_pending FROM _bio_friends WHERE friend_assoc = ? AND friend_bio = ?'; if (!($friend = _fieldrow(sql_filter($sql, $bio_id, $bio->v('bio_id'))))) { _fatal(); } if (!$friend['friend_pending']) { _fatal(); } $sql = 'DELETE FROM _bio_friends WHERE friend_id = ?'; _sql(sql_filter($sql, $friend['friend_id'])); return; }
protected function _password_home() { global $bio; $v = $this->__(w('k')); if (f($v['k'])) { // TODO: Password reset from email link } if (_button()) { $v = $this->__(w('address')); if (!f($v['address'])) { $this->_error('#NO_SUCH_BIO'); } $v['field'] = email_format($v['address']) !== false ? 'address' : 'alias'; if ($v['field'] == 'alias' && !_low($v['address'])) { $this->_error('#NO_SUCH_BIO'); } $sql = 'SELECT bio_alias, bio_name, bio_email, bio_lang FROM _bio WHERE bio_?? = ? AND bio_active = ?'; if (!($_bio = _fieldrow(sql_filter($sql, $v['field'], $v['address'], 1)))) { $this->_error('#NO_SUCH_BIO'); } $actkey = substr(unique_id(), 0, 6); $sql = 'UPDATE _bio SET bio_actkey = ? WHERE bio_id = ?'; _sql(sql_filter($sql, $actkey, $_bio['bio_id'])); // $properties = array('to' => $userdata['bio_address'], 'template' => 'user_activate_passwd', 'vars' => array('USERNAME' => $userdata['username'], 'PASSWORD' => $user_password, 'U_ACTIVATE' => _link('my', array('password', 'k' => $user_actkey)))); _sendmail($properties); $this->_error('PASSWD_SENT'); } return; }
public function home() { global $user; $v = $this->__(w('f e')); if (array_empty($v)) { _fatal(); } $location = './style/' . $v['e'] . '/'; $filename = _filename($v['f'], $v['e']); if (!@is_dir($location)) { _fatal(); } if ($v['e'] == 'css' && $v['f'] != 'default') { $v['field'] = !is_numb($v['f']) ? 'alias' : 'id'; $sql = 'SELECT * FROM _tree WHERE tree_?? = ? LIMIT 1'; if (!($tree = _fieldrow(sql_filter($sql, $v['field'], $v['f'])))) { _fatal(); } $filetree = _rewrite($tree); $filename = _filename('_tree_' . $filetree, $v['e']); } // 304 Not modified response header if (@file_exists($location . $filename)) { $f_last_modified = gmdate('D, d M Y H:i:s', filemtime($location . $filename)) . ' GMT'; $http_if_none_match = v_server('HTTP_IF_NONE_MATCH'); $http_if_modified_since = v_server('HTTP_IF_MODIFIED_SINCE'); header('Last-Modified: ' . $f_last_modified); if ($f_last_modified == $http_if_modified_since) { header('HTTP/1.0 304 Not Modified'); header('Content-Length: 0'); exit; } } switch ($v['e']) { case 'css': if ($v['f'] != 'default') { $filetree = _rewrite($tree); $filename = _filename('_tree_' . $filetree, $v['e']); if (!@file_exists($location . $filename)) { _fatal(); } } $browser = _browser(); if (f($browser['browser'])) { $custom = array($browser['browser'] . '-' . $browser['version'], $browser['browser']); foreach ($custom as $row) { $handler = _filename('_tree_' . $row, 'css'); if (@file_exists($location . $handler)) { _style('includes', array('CSS' => _style_handler('css/' . $handler))); } } } break; case 'js': if (!@file_exists($location . $filename)) { _fatal(); } _style_vreplace(false); break; } v_style(array('SPATH' => LIBD . 'visual')); sql_close(); $ext = _style_handler($v['e'] . '/' . $filename); switch ($v['e']) { case 'css': $content_type = 'text/css; charset=utf-8'; $ext = preg_replace('#(border-radius\\-?.*?)\\: ?(([0-9]+)px;)#is', _browser('firefox') || _browser('namoroka') ? '-moz-\\1: \\2' : '', $ext); $ext = preg_replace('/(#([0-9A-Fa-f]{3})\\b)/i', '#\\2\\2', $ext); $ext = preg_replace('#\\/\\*(.*?)\\*\\/#is', '', $ext); $ext = str_replace(array("\r\n", "\n", "\t"), '', $ext); break; case 'js': $content_type = 'application/x-javascript'; require_once XFS . 'core/jsmin.php'; $ext = JSMin::minify($ext); break; } ob_start('ob_gzhandler'); header('Expires: ' . gmdate('D, d M Y H:i:s', time() + 60 * 60 * 24 * 30) . ' GMT'); header('Content-type: ' . $content_type); echo $ext; exit; }
protected function _create_home() { global $user; $v = $tree = $this->init(); $z = $this->__(w('zmode')); if (_button()) { $v_ary = array('subject', 'content'); if ($user->v('is_founder')) { $v_ary = array_merge($v_ary, array('node' => 0, 'parent' => 0, 'level' => 0, 'module' => 0, 'alias', 'child_hide' => 0, 'child_order', 'nav' => 0, 'nav_hide' => 0, 'css_parent' => 0, 'css_var', 'quickload' => 0, 'dynamic' => 0, 'tags', 'template', 'redirect', 'description', 'allow_comments' => 0, 'approve_comments' => 0, 'form' => 0, 'form_email', 'published', 'move')); } $v = $this->__($v_ary); /* $v = $this->__(array( 'node' => 0, 'parent' => 0, 'level' => 0, 'module' => 0, 'alias', 'child_hide' => 0, 'child_order', 'nav' => 0, 'nav_hide' => 0, 'css_parent' => 0, 'css_var', 'quickload' => 0, 'dynamic' => 0, 'tags', 'template', 'redirect', 'subject', 'content', 'description', 'allow_comments' => 0, 'approve_comments' => 0, 'form' => 0, 'form_email', 'published', 'move' )); */ // $v['edited'] = time(); foreach (w('node level parent module') as $row) { $v[$row] = $tree['tree_' . $row]; } if ($z['zmode'] == 'create') { $v['parent'] = $tree['tree_id']; $v['level']++; if (!$v['node']) { $v['node'] = $v['parent']; } } // Parse vars foreach ($v as $row_k => $row_v) { switch ($row_k) { case 'subject': $row_v = $this->html($row_v, 'strong'); break; case 'content': $row_v = $this->html($row_v); break; case 'alias': $row_v = _alias($row_v, w('_'), '-'); break; case 'checksum': $row_v = _hash($v['content']); break; case 'published': $row_v = dvar($row_v, date('d m Y')); $e_date = explode(' ', $row_v); $row_v = _timestamp($e_date[1], $e_date[0], $e_date[2]); break; } $v[$row_k] = $row_v; } if ($z['zmode'] == 'modify' && $tree['tree_alias'] == 'home' && $v['alias'] != 'home') { $v['alias'] = 'home'; } if (f($v['alias'])) { $sql = 'SELECT tree_id FROM _tree WHERE tree_alias = ? AND tree_id <> ?'; if (_fieldrow(sql_filter($sql, $v['alias'], $tree['tree_id']))) { $this->_error('#ALIAS_IN_USE'); } } if ($z['zmode'] == 'modify') { if ($v['move']) { $mv_field = !is_numb($v['move']) ? 'alias' : 'id'; $sql = 'SELECT * FROM _tree WHERE tree_?? = ?'; if ($mv_tree = _fieldrow(sql_filter($sql, $mv_field, $v['move']))) { $mv_insert = array('module' => $mv_tree['module_id'], 'node' => $mv_tree['tree_node'], 'parent' => $mv_tree['tree_id'], 'level' => $mv_tree['tree_level'] + 1); $sql = 'UPDATE _tree SET ' . _build_array('UPDATE', prefix('tree', $mv_insert)) . sql_filter(' WHERE article_id = ?', $tree['tree_id']); _sql($sql); $sql = 'UPDATE _tree SET tree_childs = tree_childs - 1 WHERE tree_id = ?'; _sql(sql_filter($sql, $tree['tree_parent'])); $sql = 'UPDATE _tree SET tree_childs = tree_childs + 1 WHERE tree_id = ?'; _sql(sql_filter($sql, $mv_tree['tree_id'])); } } unset($v['move']); // Check input values against database foreach ($v as $row_k => $row_v) { if ($tree['tree_' . $row_k] == $row_v) { unset($v[$row_k]); } } if (!(count($v) - 1)) { unset($v['edited']); } } else { unset($v['move']); } // $u_tree = _rewrite($tree); if (count($v)) { if (isset($v['content']) && $v['content']) { $v['content'] = str_replace(w('< >'), w('< >'), $v['content']); } if ($z['zmode'] == 'create') { $sql = 'INSERT INTO _tree' . _build_array('INSERT', prefix('tree', $v)); } else { $sql = 'UPDATE _tree SET ' . _build_array('UPDATE', prefix('tree', $v)) . sql_filter(' WHERE tree_id = ?', $tree['tree_id']); } _sql($sql); if ($z['zmode'] == 'create') { $u_tree = f($v['alias']) ? $v['alias'] : _nextid(); $sql = 'UPDATE _tree SET tree_childs = tree_childs + 1 WHERE tree_id = ?'; _sql(sql_filter($sql, $tree['tree_id'])); } } redirect(_link($u_tree)); } // // Show fieldset /*$v_fieldset = array( 'subject', 'content', 'description', 'alias', 'child_hide' => 0, 'child_order', 'nav' => 0, 'nav_hide' => 0, 'css_parent', 'css_var', 'quickload' => 0, 'dynamic' => 0, 'tags', 'template', 'redirect', 'allow_comments' => 0, 'approve_comments' => 0, 'form' => 0, 'form_email', 'published' ); */ $v_fieldset = array('subject', 'content'); if ($user->v('is_founder')) { $v_fieldset = array_merge($v_fieldset, array('description', 'alias', 'child_hide' => 0, 'child_order', 'nav' => 0, 'nav_hide' => 0, 'css_parent', 'css_var', 'quickload' => 0, 'dynamic' => 0, 'tags', 'template', 'redirect', 'allow_comments' => 0, 'approve_comments' => 0, 'form' => 0, 'form_email', 'published')); } $is_modify = $z['zmode'] == 'modify'; foreach (_array_keys($v_fieldset, '') as $k => $row) { $name = 'tree_' . $k; $cp_lang = _lang('CP_' . $k); $value = $is_modify ? isset($v[$k]) ? $v[$k] : (isset($tree[$name]) ? $tree[$name] : '') : ''; $checked = is_numb($row) && $is_modify && $tree[$name] ? ' checked="checked"' : ''; if (f($value)) { switch ($k) { case 'published': $value = date('d m Y', $value); break; } } $type = 'text'; if (is_numb($row)) { $value = 1; $type = 'checkbox'; } $tag = 'input'; if ($k == 'content') { $tag = 'textarea'; } _style('field', array('NAME' => $k, 'ID' => $k, 'TAG' => $tag, 'TYPE' => $type, 'VALUE' => $value, 'LANG' => $cp_lang, 'CHECKED' => $checked)); if ($k == 'template') { $i = 0; $fp = @opendir('./style/custom/'); while ($row_d = @readdir($fp)) { if (_extension($row_d) != 'htm') { continue; } if (!$i) { _style('field.templated'); _style('field.templated.row', array('V' => '', 'FILE' => _lang('NONE'))); } $v_file = str_replace('.htm', '', $row_d); _style('field.templated.row', array('V' => $v_file, 'FILE' => $v_file)); $i++; } @closedir($fp); } // } $cp_format = !$is_modify ? 'CREATE' : 'MODIFY'; v_style(array('CP_PAGE' => sprintf(_lang('CP_PAGE_' . $cp_format), $tree['tree_subject']))); return; }
protected function _view_home() { $v = $this->__(w('s')); if (!$v['s']) { _fatal(); } $sql = 'SELECT * FROM _students s, _gender g WHERE s.student_carne = ? AND s.student_gender = g.gender_id'; if (!($student = _fieldrow(sql_filter($sql, $v['s'])))) { _fatal(); } _pre($student, true); }
protected function _view_home() { global $core, $bio; $v = $this->__(w('alias')); if (!f($v['alias'])) { _fatal(); } $sql = 'SELECT * FROM _contest WHERE contest_alias = ?'; if (!($contest = _fieldrow(sql_filter($sql, $v['alias'])))) { _fatal(); } $contest['expired'] = time() > $contest['contest_end']; $is_contestant = false; if ($bio->v('auth_member')) { $sql = 'SELECT contestant_id FROM _contest_contestant WHERE contestant_contest = ? AND contestant_uid = ?'; if (_fieldrow(sql_filter($sql, $contest['contest_id'], $bio->v('bio_id')))) { $is_contestant = true; } } if ($bio->v('auth_contest_view_stock')) { $sql = 'SELECT * FROM _contest_stock WHERE stock_contest = ? ORDER BY stock_name'; $stock = _rowset(sql_filter($sql, $contest['contest_id'])); $sql = 'SELECT * FROM _contest_contestant c, _bio b WHERE contestant_contest = ? AND contestant_uid = b.bio_id ORDER BY b.bio_alias'; $contestants = _rowset(sql_filter($sql, $contest['contest_id'])); foreach ($contestants as $i => $row) { if (!$i) { _style('contestants'); } _style('contestants.row', array()); } } if ($contest['expired']) { if ($contest['contest_auto_win'] && !$contest['contest_has_win']) { } } else { } $sql = 'SELECT * FROM _contest_stock WHERE stock_contest = ? ORDER BY stock_name'; $stock = _rowset(sql_filter($sql, $contest['contest_id'])); $sql = 'SELECT b.bio_alias, b.bio_name FROM _contest_contestant c, _bio b WHERE c.contestant_contest = ? AND c.contestant_stock > 0 AND c.contestant_uid= b.bio_id ORDER BY c.contestant_stock'; $contestant = _rowset(sql_filter($sql, $content['contest_id']), 'contestant_stock', false, true); foreach ($stock as $i => $row) { if (!$i) { _style('stock'); } _style('stock.row', array('NAME' => $row['stock_name'], 'VALUE' => $row['stock_value'])); if ($v['expired'] && isset($contestant[$row['stock_id']])) { foreach ($contestant[$row['stock_id']] as $j => $row_contestant) { if (!$j) { _style('stock.row.contestant'); } _style('stock.row.contestant.uid', array('NAME' => $row_contestant['bio_name'], 'LINK' => _link_bio($row_contestant['bio_alias']))); } } } v_style(array('CONTEST_SUBJECT' => $contest['contest_subject'], 'CONTEST_CONTENT' => _message($contest['contest_content']))); return; }
protected function _create_home() { if (is_post()) { //_pre('a', true); } $v = $this->__(array('grade' => 0, 'subject' => 0, 'exam' => 0, 'year' => 0)); $sql = 'SELECT * FROM _grades g, _sections s WHERE s.section_id = ? AND s.section_grade = g.grade_id'; if (!($grade = _fieldrow(sql_filter($sql, $v['grade'])))) { _fatal(); } $sql = 'SELECT * FROM _subjects WHERE subject_id = ?'; if (!($subject = _fieldrow(sql_filter($sql, $v['subject'])))) { _fatal(); } $sql = 'SELECT * FROM _exams WHERE exam_id = ?'; if (!($exam = _fieldrow(sql_filter($sql, $v['exam'])))) { _fatal(); } if (!$this->check_year($v['year'])) { _fatal(); } $sql = 'SELECT s.student_id, s.student_carne, s.student_firstname, s.student_lastname FROM _students s, _registrations r WHERE r.registration_grade = ? AND r.registration_section = ? AND r.registration_year = ? AND r.registration_student = s.student_id ORDER BY s.student_lastname, s.student_firstname'; if (!($students = _rowset(sql_filter($sql, $grade['grade_id'], $grade['section_id'], $v['year'])))) { _style('students_none'); } $sql = 'SELECT t.student_id, s.score_points FROM _scores s, _students t, _registrations r WHERE s.score_grade = ? AND r.registration_section = ? AND s.score_subject = ? AND s.score_exams = ? AND r.registration_year = ? AND s.score_student = t.student_id AND s.score_student = r.registration_student AND s.score_grade = r.registration_grade ORDER BY t.student_lastname, t.student_firstname'; $scores = _rowset(sql_filter($sql, $grade['grade_id'], $grade['section_id'], $v['subject'], $v['exam'], $v['year']), 'student_id', 'score_points'); foreach ($students as $i => $row) { if (!$i) { _style('students'); } _style('students.row', array('ID' => $row['student_id'], 'CARNE' => $row['student_carne'], 'FIRSTNAME' => $row['student_firstname'], 'LASTNAME' => $row['student_lastname'])); if (!isset($scores[$row['student_id']])) { _style('students.row.input'); } else { _style('students.row.text', array('POINTS' => $scores[$row['student_id']])); } } return; }
protected function _groups_remove() { gfatal(); global $core; $v = $this->__(array('el' => 0)); $sql = 'SELECT group_id FROM _groups WHERE group_id = ?'; if (!($group = _fieldrow(sql_filter($sql, $v['el'])))) { $this->_error('#GROUPS_NO_EXISTS'); } $sql = 'SELECT ticket_id FROM _tickets WHERE ticket_group = ?'; if (_fieldrow(sql_filter($sql, $v['el']))) { $this->_error('#GROUP_CANT_REMOVE_TICKETS'); } $sql = 'DELETE FROM _groups WHERE group_id = ?'; _sql(sql_filter($sql, $v['el'])); $sql = 'DELETE FROM _groups_members WHERE member_group = ?'; _sql(sql_filter($sql, $v['el'])); $core->cache_unload(); return $this->e('~OK'); }
public function home() { global $user; $v = $this->__(array('username', 'start', 'end')); if (_button()) { if (!f($v['username'])) { $this->e('Debe ingresar un nombre de usuario.'); } $sql = 'SELECT * FROM _members WHERE user_username = ?'; if (!($userdata = _fieldrow(sql_filter($sql, $v['username'])))) { $this->_error('#TICKET_NOT_MEMBER'); } $sql = "SELECT assign_ticket\n\t\t\t\tFROM _tickets_assign a, _members m\n\t\t\t\tWHERE m.user_username = ?\n\t\t\t\t\tAND m.user_id = a.user_id\n\t\t\t\tORDER BY assign_ticket"; $as = _rowset(sql_filter($sql, $v['username']), false, 'assign_ticket'); if (!count($as)) { $this->e('No hay solicitudes asignadas al usuario.'); } // $e_start = explode('-', $v['start']); $v_start = mktime(0, 0, 0, $e_start[1], $e_start[0], $e_start[2]); // $sql = 'SELECT * FROM _tickets_status ORDER BY status_alias'; $status = _rowset($sql, 'status_id', 'status_name'); $sql = 'SELECT * FROM _tickets_cat ORDER BY cat_id'; $cat = _rowset($sql, 'cat_id', 'cat_name'); // $sql = 'SELECT * FROM _tickets t, _members m WHERE t.ticket_contact = m.user_id AND t.ticket_id IN (' . implode(',', $as) . ') /*AND t.ticket_status = 3*/ AND t.ticket_start > ?? AND t.ticket_deleted = 0 ORDER BY t.ticket_start'; $tickets = _rowset(sql_filter($sql, $v_start)); if (!count($tickets)) { _style('no_tickets'); } foreach ($tickets as $i => $row) { if (!$i) { _style('tickets'); } $sql = 'SELECT * FROM _tickets_assign a, _members m WHERE a.user_id = m.user_id AND assign_ticket = ? ORDER BY user_firstname'; $names = w(); foreach (_rowset(sql_filter($sql, $row['ticket_id']), 'assign_id') as $assigned_row) { $names[] = _fullname($assigned_row); } _style('tickets.row', array('SOLICITANTE' => _fullname($row), 'ASIGNADOS' => implode(', ', $names), 'CATEGORIA' => $cat[$row['ticket_cat']], 'FECHAHORA' => _format_date($row['ticket_start']), 'TITULO' => $row['ticket_title'], 'TEXTO' => $row['ticket_text'], 'ESTADO' => $status[$row['ticket_status']])); // $sql = 'SELECT * FROM _tickets_notes n, _members m WHERE n.ticket_id = ?? AND n.user_id = m.user_id ORDER BY n.note_time DESC'; $notes = _rowset(sql_filter($sql, $row['ticket_id'])); foreach ($notes as $note_row) { _style('tickets.row.notes', array('AUTOR' => _fullname($note_row), 'TEXTO' => $note_row['note_text'], 'FECHAHORA' => _format_date($note_row['note_time']))); } } } $now = getdate(); v_style(array('U_FILTER' => _link('export'), 'V_USERNAME' => $v['username'], 'V_NOW' => f($v['start']) ? $v['start'] : $now['mday'] . '-' . $now['mon'] . '-' . $now['year'])); return $this->_template('ticket_export'); }
public function auth_field($f) { $ff = is_numb($f) ? 'id' : 'alias'; $sql = 'SELECT * FROM _bio_auth_field WHERE field_?? = ?'; if (!($field = _fieldrow(sql_filter($sql, $ff, $f)))) { return false; } return $field; }
protected function _press_home() { global $bio; $sql = 'SELECT * FROM _newsletter WHERE newsletter_active = 1 LIMIT 1'; if (!($newsletter = _fieldrow($sql))) { $this->warning->set('no_newsletter'); } set_time_limit(0); if (!$newsletter->newsletter_start) { $sql = 'UPDATE _newsletter SET newsletter_start = ? WHERE newsletter_id = ?'; sql_query(sql_filter($sql, time(), $newsletter->newsletter_id)); } $sql = 'SELECT bio_id, bio_alias, bio_name, bio_address, bio_lastvisit FROM _bio b ?? RIGHT JOIN _bio_newsletter bn ON b.bio_id = bn.newsletter_bio AND bn.newsletter_receive = ? WHERE b.bio_lastvisit >= ? AND b.bio_status <> ? ORDER BY b.bio_name LIMIT ??, ??'; $sql_country = ''; if (!empty($newsletter->newsletter_country)) { $sql_country = sql_filter(' LEFT JOIN _countries ON bio_country = country_id AND country_id IN (??)', implode(', ', w($newsletter->newsletter_country))); } $members = _rowset(sql_filter($sql, $sql_country, 1, $newsletter['newsletter_lastvisit'], 2, $newsletter->newsletter_last, $core->v('newsletter_process'))); $i = 0; foreach ($members as $row) { if (!is_email($row['user_email'])) { continue; } $email = array('USERNAME' => $row->username, 'MESSAGE' => entity_decode($email->email_message)); $core->email->init('press', 'mass:plain', $email); $core->email->subject(entity_decode($email['email_subject'])); if (!empty($row['user_public_email']) && $row['user_email'] != $row['user_public_email'] && is_email($row['user_public_email'])) { $core->email->cc($row->bio_address_public); } $core->email->send($row->user_email); $sql_history = array('history_newsletter' => $newsletter->newsletter_id, 'history_bio' => $row->bio_id, 'history_time' => time()); sql_put('_newsletter_history', $sql_history); sleep(2); $i++; } if ($i) { $email['email_last'] += $i; $sql = 'UPDATE _newsletter SET newsletter_last = ? WHERE newsletter_id = ?'; sql_query(sql_filter($sql, $newsletter->newsletter_last, $newsletter->newsletter_id)); } else { $sql = 'UPDATE _newsletter SET newsletter_active = ?, newsletter_end = ? WHERE newsletter_id = ?'; sql_query(sql_filter($sql, 0, time(), $newsletter->newsletter_id)); $this->warning->set('finished: ' . $newsletter->newsletter_id); } return $this->warning->set('completed: ' . $i); }
function _total_home() { $v = $this->__(array('id' => 0)); $sql = 'SELECT * FROM _email WHERE email_id = ?'; if (!($email = _fieldrow(sql_filter($sql, $v['id'])))) { $this->e('El registro de email no existe.'); } $sql = 'SELECT COUNT(user_id) AS total FROM _members WHERE user_active = ? AND user_id <> ?'; $total = _field(sql_filter($sql, 1, 1), 'total'); $sql = 'SELECT COUNT(user_id) AS total FROM _members'; $all = _field($sql, 'total'); $this->e($total . ' . ' . $all); }
public function home() { global $core; error_reporting(0); $v = $this->__(w('v')); if (!$v['v']) { $sql = 'SELECT media_id FROM _bio_media WHERE media_type = ? AND media_mp3 = ? LIMIT 1'; $v['v'] = _field(sql_filter($sql, 1, 0), 'media_id', 0); } $tag_format = 'UTF-8'; $relative_path = '/data/artists/%s/media/'; $absolute_path = '/var/www/vhosts/rockrepublik.net/www' . $relative_path; $sql = 'SELECT m.*, b.bio_id, b.bio_name FROM _bio_media m LEFT JOIN _bio b ON m.media_bio = b.bio_id WHERE m.media_id = ?'; //$spaths = '/data/artists/' . $songd['ub'] . '/media/'; //$spath = '/var/www/vhosts/rockrepublik.net/httpdocs' . $spaths; if ($media = _fieldrow(sql_filter($sql, $v['v']))) { $row_relative = sprintf($relative_path, $media['bio_id']); $row_absolute = $absolute_path . $row_relative; $row_wma = $row_absolute . $media['media_id'] . '.wma'; $row_mp3 = $row_absolute . $media['media_id'] . '.mp3'; $rel_wma = '.' . $row_relative . $media['media_id'] . '.wma'; $rel_mp3 = '.' . $row_relative . $media['media_id'] . '.mp3'; if (@file_exists($rel_wma) && !@file_exists($rel_mp3) && !$media['media_mp3']) { exec('ffmpeg -i ' . $row_wma . ' -vn -ar 44100 -ac 2 -ab 64kb -f mp3 ' . $row_mp3); include_once XFS . XCOR . 'getid3/getid3.php'; $getID3 = new getID3(); $getID3->setOption(array('encoding' => $tag_format)); getid3_lib::IncludeDependency(GETID3_INCLUDEPATH . 'write.php', __FILE__, true); $tagwriter = new getid3_writetags(); $tagwriter->filename = getid3_lib::SafeStripSlashes($row_mp3); $tagwriter->tagformats = array('id3v1'); $tagwriter->overwrite_tags = true; $tagwriter->tag_encoding = $tag_format; $tagwriter->remove_other_tags = true; $tag_comment = 'Visita www.rockrepublik.net'; $media['album'] = !empty($media['media_album']) ? $media['media_album'] : 'Single'; $media['genre'] = !empty($media['media_genre']) ? $media['media_genre'] : 'Rock'; $media_f = array('title', 'name', 'album', 'genre'); foreach ($media_f as $mr) { $media['media_' . $mr] = getid3_lib::SafeStripSlashes(utf8_encode(html_entity_decode($media['media_' . $mr]))); } $tagwriter->tag_data = array('title' => array($media['media_title']), 'artist' => array($media['media_name']), 'album' => array($media['media_album']), 'year' => array(getid3_lib::SafeStripSlashes($media['media_year'])), 'genre' => array($media['media_genre']), 'comment' => array(getid3_lib::SafeStripSlashes($tag_comment)), 'tracknumber' => array('')); $tagwriter->WriteTags(); $sql = 'UPDATE _bio_media SET media_mp3 = ? WHERE media_id = ?'; _sql(sql_filter($sql, 1, $media['media_id'])); $fp = @fopen('./conv.txt', 'a+'); fwrite($fp, $row_mp3 . "\n"); fclose($fp); } if (!@file_exists($rel_wma)) { $sql = 'UPDATE _bio_media SET media_mp3 = ? WHERE media_id = ?'; _sql(sql_filter($sql, 2, $media['media_id'])); } } $sql = 'SELECT media_id FROM _bio_media WHERE media_type = ? AND media_mp3 = ? LIMIT 1'; if ($v_next = _field(sql_filter($sql, 1, 0), 'media_id', 0)) { sleep(1); _redirect(_link($this->m(), array('v' => $v_next))); } else { $this->e('no_next'); } return $this->e('.'); }
protected function _ticket_home() { global $user, $core; if (!$core->v('cron_enabled')) { return $this->e('CRON_DISABLED'); } foreach (w('mail pop3 emailer htmlparser') as $row) { require_once XFS . 'core/' . $row . '.php'; } $pop3 = new pop3(); if (!$pop3->connect($core->v('mail_server'), $core->v('mail_port'))) { return $this->e('MAIL_NO_CONNECT'); } if (!($total_mail = $pop3->login('recent:' . $core->v('mail_ticket_login'), $core->v('mail_ticket_key')))) { return $this->e('MAIL_NEW_MAIL'); } // $mail = new _mail(); $emailer = new emailer(); // if (!($blacklist = $core->cache_load('ticket_blacklist'))) { $sql = 'SELECT * FROM _tickets_blacklist ORDER BY list_id'; $blacklist = $core->cache_store(_rowset($sql, 'list_address', 'list_id')); } if (!($ticket_status = $core->cache_load('ticket_status_default'))) { $sql = 'SELECT status_id FROM _tickets_status WHERE status_default = 1'; $ticket_status = $core->cache_store(_field($sql, 'status_id', 0)); } $sql = 'SELECT group_id, group_email FROM _groups ORDER BY group_email'; $groups = _rowset($sql, 'group_email', 'group_id'); $sql = 'SELECT group_email, group_name FROM _groups ORDER BY group_email'; $groups_name = _rowset($sql, 'group_email', 'group_name'); $sql = 'SELECT gg.group_email, m.user_email FROM _groups gg, _groups_members g, _members m WHERE g.member_mod = ? AND g.member_uid = m.user_id AND gg.group_id = g.member_group ORDER BY m.user_email'; $groups_mods = _rowset(sql_filter($sql, 1), 'group_email', 'user_email', true); foreach ($groups as $a_group_email => $a_group_id) { if (!isset($groups_mods[$a_group_email])) { $groups_mods[$a_group_email] = w(); } } $sql = 'SELECT s.a_assoc, s.a_value FROM _members_fields f, _members_store s WHERE s.a_field = f.field_id AND f.field_alias LIKE ? ORDER BY s.a_value'; $email_alt = _rowset(sql_filter($sql, 'email%'), 'a_value', 'a_assoc'); // Pre mail process $recv = w(); $now = time(); $line_orig = array(' '); $line_repl = array(' '); $_v = w('from from_d to ticket subject body date mod ip spam blacklist reply other'); $_c = w('normal reply other blacklist spam', 0); for ($i = 1; $i <= $total_mail; $i++) { foreach ($_v as $row) { ${'recv_' . $row} = 0; } $s_header = $mail->parse_header(split("\r\n", implode('', $pop3->top($i)))); $recv_from = $mail->parse_address($s_header['from']); if (isset($blacklist[$recv_from])) { $recv_blacklist = 1; } if ($recv_from == $core->v('mail_ticket_login')) { $recv_blacklist = 1; } _dvar($s_header['to'], ''); _dvar($s_header['cc'], ''); if (f($s_header['cc'])) { $s_header['to'] .= (f($s_header['to']) ? ', ' : '') . $s_header['cc']; } $to_part = array_map('trim', explode(strpos($s_header['to'], ',') ? ',' : ';', $s_header['to'])); foreach ($to_part as $row) { if (strpos($row, '<') !== false) { $row = preg_replace('#.*?<(.*?)>#is', '\\1', $row); } if (isset($blacklist[$row])) { $recv_blacklist = 1; } else { $recv_blacklist = 0; $row_first = array_key(explode('@', $row), 0); if (isset($groups[$row_first])) { $recv_to = $row_first; } } } if (strstr($s_header['to'], _lang('MAIL_TO_UNKNOWN')) !== false) { $recv_to = array_key(explode('@', $core->v('mail_ticket_login')), 0); } if (!$recv_to) { $recv_blacklist = 1; } if (!$recv_blacklist) { $recv_subject = htmlencode(trim($s_header['subject'])); if (preg_match('#\\[\\#(.*?)\\]#is', $recv_subject, $p_subject)) { $sql = 'SELECT ticket_id FROM _tickets WHERE ticket_code = ?'; if ($recv_subject_d = _fieldrow(sql_filter($sql, $p_subject[1]))) { $recv_ticket = $recv_subject_d['ticket_id']; $recv_reply = $p_subject[1]; $recv_subject = substr(strrchr($recv_subject, ']'), 3); } } if ($recv_to . '@' . $core->v('domain') == $recv_from && $recv_from == $core->v('mail_ticket_login') && $recv_reply) { $recv_blacklist = 1; } } if (!$recv_blacklist) { if (isset($email_alt[$recv_from])) { $sql_field = 'id'; $sql_value = $email_alt[$recv_from]; } else { $sql_field = 'username'; $sql_value = array_key(explode('@', $recv_from), 0); } $sql = 'SELECT user_id, user_username, user_firstname, user_lastname FROM _members WHERE user_?? = ?'; if ($recv_from_d = _fieldrow(sql_filter($sql, $sql_field, $sql_value))) { $recv_from_d = serialize(array_row($recv_from_d)); } else { $recv_other = 1; } $d_body = $mail->body($s_header, $pop3->fbody($i), true); $recv_date = $mail->parse_date($s_header['date']); $recv_ip = $mail->parse_ip($s_header['received']); if (isset($groups_email[$recv_to])) { $recv_mod = $groups_email[$recv_to]; } if ($recv_date > $now || $recv_date < $now - 86400) { $recv_date = $now; } if (isset($d_body['text-plain']) && f($d_body['text-plain'])) { $recv_body = trim($d_body['text-plain']); } elseif (isset($d_body['text-html']) && f($d_body['text-html'])) { $htm_text = w(); $tag_open = false; $parser = new HtmlParser($d_body['text-html']); while ($parser->parse()) { $line = trim(str_replace($line_orig, $line_repl, $parser->iNodeValue)); if ($tag_open || strpos($line, '<') !== false) { $tag_open = !$tag_open; continue; } if ($parser->iNodeName == 'Text' && f($line)) { $htm_text[] = preg_replace("/(\r\n){1}/", ' ', $line); } } $recv_body = implode("\n", $htm_text); } if (f($recv_body)) { $recv_body = htmlencode(_utf8($recv_body)); } if (!f($recv_body)) { $recv_blacklist = 1; } } $recv[$i] = w(); foreach ($_v as $row) { $recv[$i][$row] = ${'recv_' . $row}; } } foreach ($recv as $i => $row) { if ($row['spam'] || $row['blacklist']) { $pop3->delete($i); $row_key = $row['spam'] ? 'spam' : 'blacklist'; $_c[$row_key]++; continue; } // Send mail to group admin if ($row['other']) { $_c['other']++; if (count($groups_mods[$row['to']])) { foreach ($groups_mods[$row['to']] as $i => $mod_email) { $email_func = !$i ? 'email_address' : 'cc'; $emailer->{$email_func}($mod_email); } $emailer->from($row['from']); $emailer->replyto($row['from']); $emailer->set_subject(entity_decode($row['subject'])); $emailer->use_template('ticket_other'); $emailer->set_decode(true); $emailer->assign_vars(array('SUBJECT' => entity_decode($row['subject']), 'MESSAGE' => entity_decode($row['body']))); $emailer->send(); $emailer->reset(); } $pop3->delete($i); continue; } $row['code'] = $row['reply'] ? $row['reply'] : substr(md5(unique_id()), 0, 8); $row['from_d'] = unserialize($row['from_d']); $row['group_id'] = $groups[$row['to']]; $row['msubject'] = entity_decode(sprintf('%s [#%s]: %s', $groups_name[$row['to']], $row['code'], $row['subject'])); $row['mbody'] = explode("\n", $row['body']); // $body_const = w(); foreach ($row['mbody'] as $part_i => $part_row) { if (isset($row['mbody'][$part_i - 1]) && f($row['mbody'][$part_i - 1]) && f($row['mbody'][$part_i])) { $row['mbody'][$part_i] = "\n" . $part_row; } } $row['body'] = implode("\n", $row['mbody']); $v_mail = array('USERNAME' => $row['from_d']['user_username'], 'FULLNAME' => entity_decode(_fullname($row['from_d'])), 'SUBJECT' => entity_decode($row['subject']), 'MESSAGE' => entity_decode($row['body']), 'TICKET_URL' => _link('ticket', array('x1' => 'view', 'code' => $row['code']))); if (!$row['reply']) { $_c['normal']++; $sql_insert = array('parent' => 0, 'cat' => 1, 'group' => $row['group_id'], 'title' => _subject($row['subject']), 'text' => _prepare($row['body']), 'code' => $row['code'], 'contact' => $row['from_d']['user_id'], 'aby' => 0, 'status' => $ticket_status, 'start' => $row['date'], 'lastreply' => $row['date'], 'end' => 0, 'ip' => $row['ip']); $sql = 'INSERT INTO _tickets' . _build_array('INSERT', prefix('ticket', $sql_insert)); _sql($sql); // Send mail to user $emailer->email_address($row['from']); $emailer->from($row['to'] . '@' . $core->v('domain')); $emailer->set_subject($row['msubject']); $emailer->use_template('ticket_' . $row['to']); $emailer->set_decode(true); $emailer->assign_vars($v_mail); $emailer->send(); $emailer->reset(); // > Send mail to group admin if (count($groups_mods[$row['to']])) { foreach ($groups_mods[$row['to']] as $i => $mod_email) { $address_func = !$i ? 'email_address' : 'cc'; $emailer->{$address_func}($mod_email); } $emailer->from($row['to'] . '@' . $core->v('domain')); $emailer->set_subject($row['msubject']); $emailer->use_template('ticket_' . ($row['reply'] ? 'reply' : 'tech')); $emailer->set_decode(true); $emailer->assign_vars($v_mail); $emailer->send(); $emailer->reset(); } } else { $_c['reply']++; $sql_insert = array('ticket_id' => $row['ticket'], 'user_id' => $row['from_d']['user_id'], 'note_text' => htmlencode($row['body']), 'note_time' => $row['date'], 'note_cc' => 1); $sql = 'INSERT INTO _tickets_notes' . _build_array('INSERT', $sql_insert); _sql($sql); $sql = 'UPDATE _tickets SET ticket_lastreply = ? WHERE ticket_id = ?'; _sql(sql_filter($sql, $row['date'], $row['ticket'])); // Send mail to group members || user $sql = 'SELECT * FROM _tickets_assign a, _members m WHERE a.assign_ticket = ? AND a.user_id = m.user_id AND m.user_username NOT IN (?)'; $tech = _rowset(sql_filter($sql, $row['ticket'], $row['from_d']['user_username'])); if ($row['mod'] != $row['from_d']['user_username']) { $tech[] = $row['mod']; } if (count($tech)) { foreach ($tech as $tech_i => $tech_row) { $m_method = !$tech_i ? 'email_address' : 'cc'; $emailer->{$m_method}($tech_row . '@' . $core->v('domain')); } $emailer->from($row['to'] . '@' . $core->v('domain')); $emailer->use_template('ticket_reply'); $emailer->set_subject($row['msubject']); $emailer->set_decode(true); $emailer->assign_vars($v_mail); $emailer->send(); $emailer->reset(); } } // Delete mail from server $pop3->delete($i); } // Quit server $pop3->quit(); $ret = ''; foreach ($_c as $k => $v) { $ret .= "\n" . $k . ' = ' . $v . '<br />'; } return $this->e($ret); }
protected function _download_home() { global $user; $v = $this->__(array('f')); if (!f($v['f'])) { _fatal(); } $sql = 'SELECT * FROM _downloads WHERE download_alias = ?'; if (!($download = _fieldrow(sql_filter($sql, $v['f'])))) { _fatal(); } $sql = 'UPDATE _downloads SET download_count = download_count + 1 WHERE download_id = ?'; _sql(sql_filter($sql, $download['download_id'])); sql_close(); $orig = array('#\\.#', '#\\&(\\w)(acute|tilde)\\;#'); $repl = array('', '\\1'); $bad_chars = array("'", "\\", ' ', '/', ':', '*', '?', '"', '<', '>', '|'); $filename = preg_replace($orig, $repl, $download['download_title']) . '.' . $download['download_extension']; $filename = preg_replace("/%(\\w{2})/", '_', rawurlencode(str_replace($bad_chars, '_', $filename))); $filepath = LIB . 'get/' . $download['download_id'] . '.' . $download['download_extension']; // Headers header('Content-Type: application/octet-stream; name="' . $filename . '"'); header('Content-Disposition: attachment; filename="' . $filename . '"'); header('Accept-Ranges: bytes'); header('Pragma: no-cache'); header('Expires: 0'); header('Cache-Control: must-revalidate, post-check=0, pre-check=0'); header('Content-transfer-encoding: binary'); header('Content-length: ' . @filesize($filepath)); @readfile($filepath); exit; }
protected function nobody() { global $core; if (!($no_body = $core->cache_load('no_body', true))) { $sql = 'SELECT * FROM _members WHERE user_username = ?'; $no_body = $core->cache_store(_fieldrow(sql_filter($sql, 'nobody')), false, true); } return $no_body; }
protected function _cat_remove() { gfatal(); $v = $this->__(array('el' => 0)); $sql = 'SELECT * FROM _tickets_cat WHERE cat_id = ?'; if (!($cat = _fieldrow(sql_filter($sql, $v['el'])))) { $this->_error('#TICKET_CAT_NO'); } $sql = 'SELECT ticket_id FROM _tickets WHERE ticket_cat = ?'; if ($aaa = _fieldrow(sql_filter($sql, $v['el']))) { $this->_error('#TICKET_CAT_CANT_REMOVE'); } $sql = 'DELETE FROM _tickets_cat WHERE cat_id = ?'; _sql(sql_filter($sql, $v['el'])); return $this->e('~OK'); }
protected function _in_home() { global $bio, $core; $v = $this->__(w('page address key')); if ($bio->v('auth_member')) { redirect($v->page); } if (empty($v->address)) { $this->warning->set('LOGIN_ERROR'); } if (_button('recovery')) { $sql = 'SELECT bio_id, bio_name, bio_address, bio_recovery FROM _bio WHERE bio_address = ? AND bio_id <> ? AND bio_id NOT IN ( SELECT ban_userid FROM _banlist )'; if ($recovery = sql_fieldrow(sql_filter($sql, $v->address, 1))) { $email = array('USERNAME' => $recovery->bio_name, 'U_RECOVERY' => _link('my', array('recovery', 'k' => _rainbow_create($recovery->bio_id))), 'U_PROFILE' => _link('-', $recovery->bio_nickname)); $core->email->init('info', 'bio_recovery', $email); $core->email->send($recovery->bio_address); $sql = 'UPDATE _bio SET bio_recovery = bio_recovery + 1 WHERE bio_id = ?'; _sql(sql_filter($sql, $recovery->bio_id)); } $this->_stop('RECOVERY_LEGEND'); } if (empty($v->key)) { $this->warning->set('login_fail'); } $v->register = false; $v->field = is_email($v->address) ? 'address' : 'name'; $sql = 'SELECT bio_id, bio_key, bio_fails FROM _bio WHERE bio_?? = ? AND bio_blocked = ?'; if ($_bio = _fieldrow(sql_filter($sql, $v->field, $v->address, 0))) { if ($_bio->bio_key === _password($v->key)) { if ($_bio->bio_fails) { $sql = 'UPDATE _bio SET bio_fails = 0 WHERE bio_id = ?'; _sql(sql_filter($sql, $_bio->bio_id)); } $bio->session_create($_bio->bio_id); redirect($v->page); } if ($_bio->bio_fails == $core->v('account_failcount')) { // TODO: Captcha system if failcount reached // TODO: Notification about blocked account _fatal(508); } $sql = 'UPDATE _bio SET bio_fails = bio_fails + 1 WHERE bio_id = ?'; _sql(sql_filter($sql, $_bio->bio_id)); sleep(5); $this->warning->set('login_fail'); } else { $v->register = true; } if ($v->register) { $this->_up_home(); } return; }