} suppr("{$bazar_dir}/{$pic_path}/{$_picture}"); } } } } if ($picture_del) { $picture = ""; $_picture = ""; } // Database Update $query = mysql_query("update " . $prefix . "userdata\n\t\t\t\t\t\t set sex = '{$_POST['sex']}',\n\t\t\t\t newsletter = '{$_POST['newsletter']}',\n\t\t\t\t\t\t firstname = '{$_POST['firstname']}',\n\t\t\t\t\t\t lastname = '{$_POST['lastname']}',\n\t\t\t\t\t\t address = '{$_POST['address']}',\n\t\t\t\t\t\t zip = '{$_POST['zip']}',\n\t\t\t\t\t\t city = '{$_POST['city']}',\n\t\t\t\t\t\t state = '{$_POST['state']}',\n\t\t\t\t\t\t country = '{$_POST['country']}',\n\t\t\t\t\t\t phone = '{$_POST['phone']}',\n\t\t\t\t\t\t cellphone = '{$_POST['cellphone']}',\n\t\t\t\t\t\t icq = '{$_POST['icq']}',\n\t\t\t\t\t\t homepage = '{$_POST['homepage']}',\n\t\t\t\t\t\t hobbys = '{$_POST['hobbys']}',\n picture= '{$picture}',\n _picture= '{$_picture}',\n\t\t\t\t\t\t field1 = '{$_POST['field1']}',\n\t\t\t\t\t\t field2 = '{$_POST['field2']}',\n\t\t\t\t\t\t field3 = '{$_POST['field3']}',\n\t\t\t\t\t\t field4 = '{$_POST['field4']}',\n\t\t\t\t\t\t field5 = '{$_POST['field5']}',\n\t\t\t\t\t\t field6 = '{$_POST['field6']}',\n\t\t\t\t\t\t field7 = '{$_POST['field7']}',\n\t\t\t\t\t\t field8 = '{$_POST['field8']}',\n\t\t\t\t\t\t field9 = '{$_POST['field9']}',\n\t\t\t\t\t\t field10 = '{$_POST['field10']}',\n\t\t\t\t\t\t timezone = '{$_POST['timezone']}',\n\t\t\t\t\t\t dateformat = '{$_POST['dateformat']}'\n\t\t\t where id = '{$_SESSION['suserid']}'") or died(mysql_error()); $_SESSION[susertimezone] = $_POST[timezone]; $_SESSION[suserdateformat] = $_POST[dateformat]; logging("X", "{$_SESSION['suserid']}", "{$_SESSION['susername']}", "AUTH: updated data", ""); if (!$query) { $m_update = $error[20]; } else { $m_update = 2; } } if ($m_update != 2) { died($m_update); # $errormessage=rawurlencode($m_update); # header(headerstr("members.php?choice=myprofile&status=6&errormessage=$errormessage")); exit; } else { header(headerstr("members.php?choice=myprofile&status=5")); exit; } }
# filename : login.php # e-mail : support@phplogix.com # purpose : Member's login #$Id$ #License : GPL ################################################################################################# #TODO: GPL license header in every file. clean this up a bit, build login function, do away with the header() BS require "library.php"; if (strpos("{$loginlink}", "errormessage")) { $loginlink = substr("{$loginlink}", 0, strpos("{$loginlink}", "errormessage") - 1); } if (strpos("{$loginlink}", "?")) { $loginlink = $loginlink . "&"; } else { $loginlink = $loginlink . "?"; } if (!$username || !$password) { header(headerstr($loginlink . "status=3")); } else { $login = login($username, $password); if ($login != "2") { $errormessage = rawurlencode($login); header(headerstr($loginlink . "status=2&errormessage={$errormessage}")); exit; } else { // clear useronline (guest entry) mysql_query("DELETE FROM " . $prefix . "useronline WHERE ip='{$ip}' AND username=''"); header(headerstr($loginlink . "status=1")); exit; } }
} else { $chemail = $error[23]; } } else { $mdhash = substr(md5($_SESSION[suserid] . $email . $secret), 0, 10); $query = mysql_query("insert into " . $prefix . "confirm_email values ('{$_SESSION['suserid']}', '{$email}', '{$mdhash}', now())"); if (!$query) { $chemail = $error[20]; } else { $confirmurl = "{$url_to_start}" . "/confirm_email.php?mdhash=" . "{$mdhash}" . "&id=" . "{$_SESSION['suserid']}" . "&email=" . "{$email}"; $mailto = "{$email}"; $subject = "{$mail_msg['16']}"; $message = "{$mail_msg['17']}\n\n{$confirmurl}\n\n{$mail_msg['18']}"; $from = "From: {$admin_email}\r\nReply-to: {$admin_email}\r\n"; @mail($mailto, $subject, $message, $from); logging("X", "{$_SESSION['suserid']}", "{$_SESSION['susername']}", "AUTH: new email change", ""); $chemail = 2; } } } } if ($chemail != 2) { $errormessage = rawurlencode($chemail); header(headerstr("members.php?status=6&errormessage={$errormessage}")); exit; } else { $textmessage = rawurlencode($text_msg[2]); header(headerstr("members.php?status=4&textmessage={$textmessage}")); exit; } }
mysql_query("delete from " . $prefix . "pictures where picture_name = '{$db['picture2']}'") or died(mysql_error()); } if (!$pic_database && $db[_picture2] && is_file("{$bazar_dir}/{$pic_path}/{$db['_picture2']}")) { suppr("{$bazar_dir}/{$pic_path}/{$db['_picture2']}"); } elseif ($db[_picture2]) { mysql_query("delete from " . $prefix . "pictures where picture_name = '{$db['_picture2']}'") or died(mysql_error()); } if (!$pic_database && $db[picture3] && is_file("{$bazar_dir}/{$pic_path}/{$db['picture3']}")) { suppr("{$bazar_dir}/{$pic_path}/{$db['picture3']}"); } elseif ($db[picture3]) { mysql_query("delete from " . $prefix . "pictures where picture_name = '{$db['picture3']}'") or died(mysql_error()); } if (!$pic_database && $db[_picture3] && is_file("{$bazar_dir}/{$pic_path}/{$db['_picture3']}")) { suppr("{$bazar_dir}/{$pic_path}/{$db['_picture3']}"); } elseif ($db[_picture3]) { mysql_query("delete from " . $prefix . "pictures where picture_name = '{$db['_picture3']}'") or died(mysql_error()); } // Delete Entry from favorits-DB mysql_query("delete from " . $prefix . "favorits where adid = '{$db['id']}'") or died(mysql_error()); // Delete Entry from ads-DB mysql_query("delete from " . $prefix . "ads where id = '{$db['id']}'") or died(mysql_error()); } } else { // or only overwrite the password :-) better mysql_query("update " . $prefix . "ads set deleted='1' where userid = '{$_SESSION['suserid']}'") or died(mysql_error()); mysql_query("update " . $prefix . "userdata set password='******',language='xd' where id = '{$_SESSION['suserid']}'") or died(mysql_error()); } logging("X", "{$_SESSION['suserid']}", "{$_SESSION['susername']}", "AUTH: deleted", ""); logout(); header(headerstr("main.php?status=7"));
$text = explode(",", $keywords); for ($i = 0; $i < count($text); $i++) { if ($text[$i]) { $sqlquerystr2 = " AND (header LIKE '%" . $text[$i] . "%' OR text LIKE '%" . $text[$i] . "%' OR sfield LIKE '%" . $text[$i] . "%' OR field1 LIKE '%" . $text[$i] . "%' OR field2 LIKE '%" . $text[$i] . "%' OR field3 LIKE '%" . $text[$i] . "%' OR field4 LIKE '%" . $text[$i] . "%' OR field5 LIKE '%" . $text[$i] . "%' OR field6 LIKE '%" . $text[$i] . "%' OR field7 LIKE '%" . $text[$i] . "%' OR field8 LIKE '%" . $text[$i] . "%' OR field9 LIKE '%" . $text[$i] . "%' OR field10 LIKE '%" . $text[$i] . "%' OR field11 LIKE '%" . $text[$i] . "%' OR field12 LIKE '%" . $text[$i] . "%' OR field13 LIKE '%" . $text[$i] . "%' OR field14 LIKE '%" . $text[$i] . "%' OR field15 LIKE '%" . $text[$i] . "%' OR field16 LIKE '%" . $text[$i] . "%' OR field17 LIKE '%" . $text[$i] . "%' OR field18 LIKE '%" . $text[$i] . "%' OR field19 LIKE '%" . $text[$i] . "%' OR field20 LIKE '%" . $text[$i] . "%')"; } } } if ($in[search_sort] && $in[search_sort2]) { $sqlquerystr3 = " ORDER BY {$in['search_sort']} {$in['search_sort2']}"; } else { $sqlquerystr3 = " ORDER BY {$search_sort}"; } $showresult = 0; $sqlquery = "SELECT * FROM " . $prefix . "ads" . $sqlquerystr . $sqlquerystr2 . $sqlquerystr3; $result = mysql_query($sqlquery); // or died(mysql_error()); $db = mysql_fetch_array($result); if ($db) { $sqlquerystr = rawurlencode($sqlquerystr); $sqlquerystr2 = rawurlencode($in[text]); $sqlquerystr3 = rawurlencode($sqlquerystr3); header(headerstr("classified.php?sqlquery={$sqlquerystr}&sqlquery2={$sqlquerystr2}&sqlquery3={$sqlquerystr3}")); exit; } } $error = rawurlencode($error[30]); header(headerstr("classified.php?choice=search&catid={$in['catid']}&subcatid={$in['subcatid']}&status=6&errormessage={$error}")); exit; } else { died("FATAL ERROR"); }
} } // Delete Entry from favorits-DB mysql_query("delete from " . $prefix . "favorits where adid = '{$db['id']}'") or died("Database Query Error"); // Delete Entry from ads-DB mysql_query("delete from " . $prefix . "ads where id = '{$db['id']}'") or died("Database Query Error - ads"); } } if ($editadid && !$_SESSION[susermod]) { if ($adeditapproval) { $locvar = "choice=my&status=13&textmessage=" . rawurlencode($text_msg[1]); } else { # $locvar="choice=my&status=13&textmessage=".rawurlencode($text_msg[0]); $locvar = "choice=my&status=13"; } } else { if ($adapproval) { $locvar = "choice=my&status=13&textmessage=" . rawurlencode($text_msg[1]); } else { # $locvar="catid=$newcatid&subcatid=$newsubcatid&adid=$newadid&status=13&textmessage=".rawurlencode($text_msg[0]); $locvar = "catid={$newcatid}&subcatid={$newsubcatid}&adid={$newadid}&status=13"; # $locvar="catid=$newcatid&subcatid=$newsubcatid&status=13"; } if ($force_addad && $HTTP_COOKIE_VARS["ForceAddAd"] == 1) { setcookie("ForceAddAd", "", 0, "{$cookiepath}"); // delete cookie } } header(headerstr("classified.php?{$locvar}")); exit; }
<?php ################################################################################################# # # project : Logix Classifieds # filename : lang.php # last modified by : # e-mail : support@phplogix.com # purpose : Change the Language # ################################################################################################# include "library.php"; $cookietime = time() + 3600 * 24 * 356; setcookie("Language", $_REQUEST['lng'], $cookietime, $cookiepath); // 1 Year //include ("library.php"); if (strstr("{$url}", "errormessage")) { $url = substr("{$url}", 0, strpos("{$url}", "errormessage") - 1); } if (strstr("{$url}", "?")) { $url = $url . "&"; } else { $url = $url . "?"; } $_SESSION['suserlanguage'] = $lng; if ($_SESSION['suserid']) { mysql_query("UPDATE " . $prefix . "userdata SET language='{$lng}' WHERE id='{$_SESSION['suserid']}'"); } header(headerstr($url . "status=5"));
$message = "{$mail_msg['8']}{$username}\n{$mail_msg['3']}{$password}\n{$mail_msg['4']}{$email}\n{$mail_msg['5']}{$gender[$sex]}\n"; $from = "From: {$admin_email}\r\nReply-to: {$admin_email}\r\n"; @mail($mailto, $subject, $message, $from); } $register = 2; } } } } if ($no_confirmation && $register == 2) { if ($force_addad) { $cookietime = time() + 3600 * 24 * 356; setcookie("ForceAddAd", "1", $cookietime, "{$cookiepath}"); // 1 Year } header(headerstr("main.php")); } echo "<p> \n"; echo " <table align=\"center\" border=\"0\" cellspacing=\"0\" cellpadding=\"1\" width=\"{$table_width}\">\n"; echo " <tr>\n"; echo " <td class=\"class1\">\n"; echo " <table align=\"center\" border=\"0\" cellspacing=\"0\" cellpadding=\"10\" width=\"100%\">\n"; echo " <tr>\n"; echo " <td class=\"class2\">\n"; if ($register == 2) { include "{$language_dir}/register_done.inc"; } else { include "{$language_dir}/register_error.inc"; } echo " </td>\n"; echo " </tr>\n";
// IP banned, Do nothing !!! $errormessage = rawurlencode($error[27]); $headerstr = "status=9&errormessage={$errormessage}"; } elseif ($vote && $_SESSION[suserlastvote] + $vote_cookie_time * 3600 > $timestamp && $vote_cookie_time) { // Cookie is set - Already voted, Do nothing !!! $errormessage = rawurlencode($error[25]); $headerstr = "status=9&errormessage={$errormessage}"; } elseif ($vote) { mysql_query("update " . $prefix . "votes set votes=votes+1 where id='{$vote}'") or died("Database Query Error"); if ($_SESSION[suserid]) { mysql_query("update " . $prefix . "userdata set votes=votes+1,lastvotedate=now(),lastvote='{$timestamp}' where id='{$_SESSION['suserid']}'") or died("Database Query Error"); } $_SESSION[suserlastvote] = $timestamp; logging("X", "{$_SESSION['suserid']}", "{$_SESSION['susername']}", "VOTE: voted", ""); $headerstr = "status=10"; } } } else { $errormessage = rawurlencode($error[28]); $headerstr = "status=9&errormessage={$errormessage}"; } if (strpos("{$source}", "errormessage")) { $source = substr("{$source}", 0, strpos("{$source}", "errormessage") - 1); } if (strpos("{$source}", "?")) { $source = $source . "&"; } else { $source = $source . "?"; } header(headerstr($source . $headerstr));
// Remove http:// from URLs if ($in['icq'] != "" && ($in['icq'] < 1000 || $in['icq'] > 999999999)) { died("Non-valid ICQ entry, if you do not have an icq account please leave blank."); } if (!eregi("^[0-9a-z]([-_.]?[0-9a-z])*@[0-9a-z]([-.]?[0-9a-z])*\\.[a-z]{2,3}\$", $in['email']) && $in['email'] != "") { died("Non-valid Email entry, please enter your correct e-mail address or if you don't have one leave it blank."); } if (strlen($in['message']) < $limit["0"] || strlen($in['message']) > $limit["1"]) { died("Sorry, your message has to be between {$limit['0']} and {$limit['1']} characters."); } if ($in['email'] == "") { $in['email'] = "none"; } if ($in['icq'] == "") { $in['icq'] = 0; } if ($in['http'] == "") { $in['http'] = "none"; } if ($in['location'] == "0") { $in['location'] = "none"; } $in[browser] = $client; mysql_query("INSERT INTO " . $prefix . "guestbook (name, email, http, icq, message, timestamp, ip, location, browser)\n VALUES('{$in['name']}', '{$in['email']}','{$in['http']}','{$in['icq']}','{$in['message']}','{$add_date}', '{$ip}','{$in['location']}','{$in['browser']}')") or died("Database Query Error"); if ($gb_notify) { @mail("{$gb_notify}", "NOTIFY new Guestbook Entry", "Name: {$in['name']}\nLocation: {$in['location']}\nE-Mail: {$in['email']}\nICQ: {$in['icq']}\nWWW: {$in['http']}\n\n{$in['message']}", "From: {$gb_notify}"); } logging("X", "{$_SESSION['suserid']}", "{$_SESSION['susername']}", "GB: Entry added", "Name: {$in['name']} - Msg: {$in['message']}"); header(headerstr("guestbook.php?status=12")); exit; }