function structure_item($index) { global $structure; $t = trim(mystrtolower($structure[$index])); $name = ereg_replace("\\([^\\)]*\\)\$", "", $t); $t = ereg_replace(".*\\(", "", $t); $link = ereg_replace("\\)", "", $t); $link = "../" . $link; $res[0] = $name; $res[1] = $link; return $res; }
} if ($job == 'ajaxverify') { acceptrequest('savecookie,securitycode'); $savecookie = floor($savecookie); if ($config['loginvalidation'] == 1) { if ($db_defaultsessdir != 1) { session_save_path("./{$db_tmpdir}"); } session_cache_limiter("private, must-revalidate"); session_start(); if ($securitycode == '' || strtolower($securitycode) != strtolower($_SESSION['code'])) { catcherror($lnc[165]); } } $password = md5($_POST['password']); $username = safe_convert(mystrtolower($_POST['username'])); $try = $blog->getbyquery("SELECT * FROM `{$db_prefix}user` WHERE LOWER(username)='{$username}' AND `userpsw`='{$password}'"); if (!is_array($try)) { catcherror($lnc[166]); } else { $userid = $try['userid']; catchsuccess("{$userid}-{$password}-{$savecookie}"); } } if ($job == 'ajaxloginsuccess') { if ($permission['CP'] == 1) { $destine = array("{$lnc[163]}|index.php", "{$lnc[107]}|admin.php"); } else { $destine = "{$lnc[163]}|index.php"; } catchsuccess("{$lnc[167]} " . $userdetail['username'], $destine);
if ($ajax != 'on') { $blogalias = blogalias_convert($blogalias); if ($blogalias == '') { $deletealias = true; } else { if ($job == 'restore') { $findalias_plus = "AND `blogid`<>'{$records['blogid']}'"; } $findalias = $blog->getgroupbyquery("SELECT * FROM `{$db_prefix}blogs` WHERE `blogalias`='{$blogalias}' {$findalias_plus} LIMIT 1"); if ($findalias[0]['blogalias'] == $blogalias) { $blogalias .= '_' . rand(1000, 9999); } $deletealias = false; } if ($tags) { $tags_array = @explode(' ', mystrtolower(trim($tags))); $tags_array_all = array_unique($tags_array); $tags = @implode(' ', $tags_array_all); $tags = safe_convert($tags); $tags = str_replace(' ', '', $tags); $tags_array = @explode(' ', $tags); $tags = '>' . str_replace(' ', '>', $tags) . '>'; } else { $tags = ''; } } if ($pinged) { $pinged = safe_convert($pinged); } if (is_array($permitgp)) { $permitgp = array_diff(array_keys($usergp), $permitgp);
function checkuser($username, $password) { global $db_prefix; $blog = new boblog(); $password = md5($password); $username = mystrtolower($username); $userdetail = $blog->getbyquery("SELECT * FROM `{$db_prefix}user` WHERE LOWER(username)='{$username}' AND `userpsw`='{$password}'"); if (!$userdetail) { return false; } else { if (file_exists("data/usergroup{$userdetail['usergroup']}.php")) { include "data/usergroup{$userdetail['usergroup']}.php"; } else { include "data/usergroup0.php"; } if ($permission['XMLRPC'] != 1) { return false; } else { return $userdetail; } } }
function keep_htmlcode_matches($str) { /* HTML code tidy by Bob Shen 2007-2-21 */ global $mbcon; if ($mbcon['tidyhtml'] != '1') { return $str; } $outhtml = ''; $htmltagstart = array('li' => 0, 'ul' => 0, 'ol' => 0, 'dd' => 0, 'dt' => 0, 'dl' => 0, 'td' => 0, 'tr' => 0, 'tbody' => 0, 'table' => 0); $htmltagend = array(); $allowsingle = array('br', 'hr', 'img', 'param'); $str = preg_split("/(<[^>]+?>)/si", $str, -1, PREG_SPLIT_NO_EMPTY | PREG_SPLIT_DELIM_CAPTURE); foreach ($str as $singlestr) { if ($singlestr == '' || strstr($singlestr, '<!--')) { $outhtml .= $singlestr; } elseif (strstr($singlestr, '<')) { //if (substr_count($singlestr, '<')!=substr_count($singlestr, '>') || substr_count($singlestr, '"')%2==1 || substr_count($singlestr, "'")%2==1) continue; $tmp = str_replace(array('/>', '<', '>'), array(' />', '', ''), mystrtolower($singlestr)); @(list($currenttag) = @explode(' ', $tmp)); if (!in_array($currenttag, $allowsingle)) { if ($currenttag[0] == '/') { $currenttag = str_replace('/', '', $currenttag); $htmltagend[$currenttag] += 1; } else { $htmltagstart[$currenttag] += 1; } } $outhtml .= $singlestr; } else { $outhtml .= $singlestr; } } foreach ($htmltagstart as $tag => $counter) { $counter = floor($counter); $htmltagend[$tag] = floor($htmltagend[$tag]); $difference = $counter - $htmltagend[$tag]; if ($difference == 0) { continue; } elseif ($difference < 0) { $outhtml = @implode('', array_fill(0, abs($difference), "<{$tag}>")) . $outhtml; } else { $outhtml .= @implode('', array_fill(0, abs($difference), "</{$tag}>")); } } return $outhtml; }
if ($mbcon['anticorrupturl'] == 1) { $v_repurl = urlconvert($v_repurl); } if ($stat_property == 1 || $originblog['property'] == 2) { $reproperty = 1; } else { $reproperty = 0; } if ($logstat == 1) { $replier = $userdetail['username']; $replierid = $userdetail['userid']; } else { $v_password = md5($v_password); $v_replier_checker = mystrtolower($v_replier); $userchecker = $blog->getbyquery("SELECT * FROM `{$db_prefix}user` WHERE LOWER(username)='{$v_replier_checker}'"); if (mystrtolower($userchecker['username']) == $v_replier_checker && $v_password == $userchecker['userpsw']) { $replier = $userchecker['username']; $replierid = $userchecker['userid']; @setcookie('userid', $userchecker['userid']); @setcookie('userpsw', $v_password); } else { if ($userchecker['username']) { $cancel = $lnc[308]; } if (@in_iarray($v_replier, $adminlist)) { $cancel = $lnc[212]; } $replier = $v_replier; $replierid = -1; } }
</td></tr></table> eot; } if ($job == 'savenewuser' || $job == 'saveuser') { acceptrequest('p'); if ($job == 'savenewuser') { $username = trimplus(safe_convert($p['username'])); if ($username === '') { catcherror($lna[495]); } if ($p['password'] === '' || $p['password'] != $p['confirmpsw']) { catcherror($lna[496]); } else { $password = md5($p['password']); } $usercheck = mystrtolower($username); $try = $blog->getbyquery("SELECT userid FROM `{$db_prefix}user` WHERE LOWER(username)='{$usercheck}'"); if (is_array($try)) { catcherror($lna[497]); } } else { if ($p['newpsw'] !== '') { if ($p['newpsw'] != $p['confirmpsw']) { catcherror($lna[496]); } $password = "******" . md5($p['newpsw']) . "', "; } else { $password = ""; } } $email = strtolower(trimplus(safe_convert($p['email'])));
if ($fields[26] != "") { echo "<td width=1% align=center><a class=menu> </a></td>"; } echo "</tr>"; for ($i = 0; $i < count($tabledata); $i++) { $l = "?page=edit&id=" . $tabledata[$i][0]; $archive = trim($tabledata[$i][6]) == "" ? "<input type=checkbox name=farchive" . $tabledata[$i][0] . ">" : "<input type=checkbox name=farchive" . $tabledata[$i][0] . " checked>"; $title = trim($tabledata[$i][3]); $ch = $tabledata[$i][7] && $fields[19] != "no" ? "<input type=checkbox name=id" . $tabledata[$i][0] . ">" : " "; if ($adminrule > 1) { $ch = " "; } if ($root && $tabledata[$i][7]) { $ch = "<input type=checkbox name=id" . $tabledata[$i][0] . ">"; } $adda = mystrtolower($lt[32]); $addsublevel = "<a href=?page=add&parent=" . $tabledata[$i][0] . " class=normallink>[ " . $adda . " ]</a>"; echo "<tr bgcolor=" . $admin_settings['inputbg'] . "><td align=center>"; echo $ch . "</td>"; echo "<td align=center><input name=fdate" . $tabledata[$i][0] . " value=\"" . $tabledata[$i][2] . "\" class=inputtitle onFocus=\"Ch(this);\" onBlur=\"ChOut(this);\"></td>"; echo "<td width=100%><input name=ftitle" . $tabledata[$i][0] . " onFocus=\"Ch(this);\" onBlur=\"ChOut(this);\" class=inputtitle value=\"" . $title . "\"></td>"; if ($fields[4] != "") { echo "<td align=center>" . $archive . "</td>"; } echo "<td width=1% align=center><a href=" . $l . " class=normallink>" . $lt[49] . "</a></td>"; if ($fields[5] != "") { echo "<td align=center><a onClick=\"JavaScript:nwindow('attachments.php?id=" . $tabledata[$i][0] . "');\" target=attachments class=normallink><img src=../images/att.gif border=0 width=14 height=17 alt=\"" . $lt[50] . "\"></a></td>"; } if ($fields[16] != "" || $root) { echo "<td align=center>" . $addsublevel . "</td>"; }