Ejemplo n.º 1
0
function gen_blogposts_cache()
{
    global $dbtable_prefix;
    $dirname = dirname(__FILE__);
    $temp = array();
    if ($dirname[0] == '/') {
        // unixes here
        $temp = explode('/', $dirname);
    } else {
        // windows here
        $temp = explode('\\', $dirname);
    }
    $interval = (int) $temp[count($temp) - 1];
    // that's how often we're executed ;)
    $short_blog_chars = 400;
    $config = get_site_option(array('bbcode_blogs', 'use_smilies'), 'core_blog');
    require_once _BASEPATH_ . '/includes/classes/fileop.class.php';
    $fileop = new fileop();
    $post_ids = array();
    $query = "SELECT a.`post_id`,UNIX_TIMESTAMP(a.`date_posted`) as `date_posted`,a.`fk_user_id`,a.`_user` as `user`,a.`fk_blog_id`,a.`title`,a.`post_content`,b.`_photo` as `photo`,c.`blog_name` FROM `{$dbtable_prefix}blog_posts` a,`{$dbtable_prefix}user_profiles` b,`{$dbtable_prefix}user_blogs` c WHERE a.`fk_user_id`=b.`fk_user_id` AND a.`fk_blog_id`=c.`blog_id` AND a.`status`=" . STAT_APPROVED . " AND a.`last_changed`>=DATE_SUB('" . gmdate('YmdHis') . "',INTERVAL " . ($interval + 2) . " MINUTE)";
    if (!($res = @mysql_query($query))) {
        trigger_error(mysql_error(), E_USER_ERROR);
    }
    while ($blog = mysql_fetch_assoc($res)) {
        $post_ids[] = $blog['post_id'];
        $blog['title'] = remove_banned_words(sanitize_and_format($blog['title'], TYPE_STRING, $GLOBALS['__field2format'][TEXT_DB2EDIT]));
        $blog['post_content'] = remove_banned_words($blog['post_content']);
        $post_content_short = substr($blog['post_content'], 0, strrpos(substr($blog['post_content'], 0, $short_blog_chars), ' '));
        $post_content_short = sanitize_and_format($post_content_short, TYPE_STRING, $GLOBALS['__field2format'][TEXT_DB2DISPLAY]);
        $blog['post_content'] = sanitize_and_format($blog['post_content'], TYPE_STRING, $GLOBALS['__field2format'][TEXT_DB2DISPLAY]);
        if (!empty($config['bbcode_blogs'])) {
            $blog['post_content'] = bbcode2html($blog['post_content']);
            $post_content_short = bbcode2html($post_content_short);
        }
        if (!empty($config['use_smilies'])) {
            $blog['post_content'] = text2smilies($blog['post_content']);
            $post_content_short = text2smilies($post_content_short);
        }
        if (empty($blog['photo']) || !is_file(_PHOTOPATH_ . '/t1/' . $blog['photo'])) {
            $blog['photo'] = 'no_photo.gif';
        } else {
            $blog['has_photo'] = true;
        }
        if (empty($blog['fk_user_id'])) {
            unset($blog['fk_user_id']);
        }
        $towrite = '<?php $post=' . var_export($blog, true) . ';';
        $fileop->file_put_contents(_CACHEPATH_ . '/blogs/posts/' . $blog['post_id'][0] . '/' . $blog['post_id'] . '.inc.php', $towrite);
        $blog['post_content'] = $post_content_short;
        $towrite = '<?php $post=' . var_export($blog, true) . ';';
        $fileop->file_put_contents(_CACHEPATH_ . '/blogs/posts/' . $blog['post_id'][0] . '/' . $blog['post_id'] . '_short.inc.php', $towrite);
    }
    return true;
}
Ejemplo n.º 2
0
 function __construct($error, $config = array())
 {
     $this->_init();
     $this->config = array_merge($this->config, $config);
     $error = array_merge(array('module_name' => '', 'text' => ''), $error);
     if ($this->config['log_mode'] == _ERRORLOG_DB_) {
         $dbtable_prefix = $GLOBALS['dbtable_prefix'];
         $query = "INSERT IGNORE INTO `{$dbtable_prefix}error_log` SET `module`='" . $error['module_name'] . "',`error`='" . sanitize_and_format($error['text'], TYPE_STRING, FORMAT_ADDSLASH) . "'";
         @mysql_query($query);
     } elseif ($this->config['log_mode'] == _ERRORLOG_FILE_) {
         error_log("\n-------\n" . date('Y-m-d H:i:s', time()) . ': ' . $error['module_name'] . ': ' . $error['text'] . "\n\n", 3, $this->config['file_log']);
     } elseif ($this->config['log_mode'] == _ERRORLOG_STDOUT_) {
         echo $error['module_name'] . ': ' . $error['text'];
     }
 }
Ejemplo n.º 3
0
function upcoming_eot()
{
    global $dbtable_prefix;
    $config['days_before'] = 4;
    $query_strlen = 20000;
    $now = gmdate('Ymd');
    $query = "SELECT b.`email`,c.`_user` as `user` FROM `{$dbtable_prefix}payments` a,`" . USER_ACCOUNTS_TABLE . "` b,`{$dbtable_prefix}user_profiles` c WHERE a.`fk_user_id`=b.`" . USER_ACCOUNT_ID . "` AND a.`fk_user_id`=c.`fk_user_id` AND a.`paid_until`='{$now}'-INTERVAL " . $config['days_before'] . " DAY AND a.`is_active`=1 AND a.`is_recurring`=0";
    if (!($res = @mysql_query($query))) {
        trigger_error(mysql_error(), E_USER_ERROR);
    }
    $alerts = array();
    while ($rsrow = mysql_fetch_assoc($res)) {
        $alerts[$rsrow['email']] = $rsrow;
    }
    if (!empty($alerts)) {
        $skin = get_default_skin_dir();
        $tpl = new phemplate(_BASEPATH_ . '/skins_site/' . $skin . '/emails/', 'remove_nonjs');
        $tpl->set_file('temp', 'subscr_expire_alert.html');
        $tpl->set_var('tplvars', $tplvars);
        $subject = sprintf($GLOBALS['_lang'][218], _SITENAME_);
        $subject = sanitize_and_format($subject, TYPE_STRING, $GLOBALS['__field2format'][FIELD_TEXTFIELD]);
        $insert = "INSERT INTO `{$dbtable_prefix}queue_email` (`to`,`subject`,`message_body`) VALUES ";
        $iquery = $insert;
        foreach ($alerts as $email => $v) {
            $tpl->set_var('output', $v);
            $message_body = $tpl->process('', 'temp', TPL_LOOP | TPL_OPTLOOP | TPL_OPTIONAL | TPL_FINISH);
            $message_body = sanitize_and_format($message_body, TYPE_STRING, $GLOBALS['__field2format'][FIELD_TEXTAREA]);
            if (strlen($iquery) > $query_strlen) {
                $iquery = substr($iquery, 0, -1);
                if (!($res = @mysql_query($iquery))) {
                    trigger_error(mysql_error(), E_USER_ERROR);
                }
                $iquery = $insert;
            }
            $iquery .= "('{$email}','{$subject}','{$message_body}'),";
        }
        if ($iquery != $insert) {
            $iquery = substr($iquery, 0, -1);
            if (!($res = @mysql_query($iquery))) {
                trigger_error(mysql_error(), E_USER_ERROR);
            }
        }
    }
    return true;
}
Ejemplo n.º 4
0
function get_osignal_feed()
{
    global $dbtable_prefix;
    require_once _BASEPATH_ . '/includes/classes/feed_reader.class.php';
    $module_code = 'osignal_feed';
    $config = get_site_option(array('enabled', 'feed_url'), $module_code);
    if ($config['enabled']) {
        $fr = new feedReader();
        $ok = $fr->getFeed($config['feed_url']);
        if ($ok) {
            $query = "REPLACE INTO `{$dbtable_prefix}feed_cache` SET `module_code`='{$module_code}',`feed_xml`='" . sanitize_and_format($fr->getRawXML(), TYPE_STRING, FORMAT_ADDSLASH) . "',`update_time`='" . gmdate('YmdHis') . "'";
            if (!($res = @mysql_query($query))) {
                trigger_error(mysql_error(), E_USER_ERROR);
            }
        } else {
            echo 'error retrieving the feed--> ';
        }
    }
    return true;
}
Ejemplo n.º 5
0
 function admin_processor()
 {
     $error = false;
     $my_input = array();
     global $input, $__field2format, $dbtable_prefix, $default_skin_code;
     if (!$this->is_search) {
         $my_input['use_bbcode'] = sanitize_and_format_gpc($_POST, 'use_bbcode', TYPE_INT, 0, 0);
         $my_input['use_smilies'] = sanitize_and_format_gpc($_POST, 'use_smilies', TYPE_INT, 0, 0);
         $my_input['changes_status'] = sanitize_and_format_gpc($_POST, 'changes_status', TYPE_INT, 0, 0);
         $my_input['ta_len'] = sanitize_and_format_gpc($_POST, 'ta_len', TYPE_INT, 0, 0);
         $input['custom_config'] = sanitize_and_format(serialize($my_input), TYPE_STRING, FORMAT_ADDSLASH);
     } else {
         return array();
     }
     return $error;
 }
Ejemplo n.º 6
0
            default:
                break;
        }
    }
    check_login_member($input['acclevel_code']);
    if (!$error) {
        $query = "SELECT {$select} FROM {$from} WHERE {$where} ORDER BY {$orderby}";
        //print $query;
        //die;
        if (!($res = @mysql_query($query))) {
            trigger_error(mysql_error(), E_USER_ERROR);
        }
        for ($i = 0; $i < mysql_num_rows($res); ++$i) {
            $post_ids[] = mysql_result($res, $i, 0);
        }
        $serialized_input = sanitize_and_format(serialize($input), TYPE_STRING, $__field2format[FIELD_TEXTFIELD]);
        $output['search_md5'] = md5($serialized_input);
        $query = "INSERT IGNORE INTO `{$dbtable_prefix}site_searches` SET `search_md5`='" . $output['search_md5'] . "',`search_type`=" . SEARCH_BLOG . ",`search`='{$serialized_input}',`results`='" . join(',', $post_ids) . "'";
        if (!empty($_SESSION[_LICENSE_KEY_]['user']['user_id'])) {
            $query .= ",`fk_user_id`='" . $_SESSION[_LICENSE_KEY_]['user']['user_id'] . "'";
        }
        if (!($res = @mysql_query($query))) {
            trigger_error(mysql_error(), E_USER_ERROR);
        }
    }
}
$output['totalrows'] = count($post_ids);
// get the results from user cache for the found post_ids
$loop = array();
if (!empty($output['totalrows'])) {
    if ($o >= $output['totalrows']) {
Ejemplo n.º 7
0
 function admin_processor()
 {
     $error = false;
     global $input, $__field2format, $dbtable_prefix, $default_skin_code;
     $my_input = array();
     if (!$this->is_search) {
         $age_start = sanitize_and_format_gpc($_POST, 'age_start', TYPE_INT, 0, 0);
         $age_end = sanitize_and_format_gpc($_POST, 'age_end', TYPE_INT, 0, 0);
         if ($age_start > $age_end) {
             $temp = $age_end;
             $age_end = $age_start;
             $age_start = $temp;
         }
         if ($age_start == $age_end) {
             $error = true;
             $GLOBALS['topass']['message']['type'] = MESSAGE_ERROR;
             $GLOBALS['topass']['message']['text'] = 'The start and end ages must not be equal';
         }
         if (!$error) {
             $my_input['accepted_values'] = array('min' => $age_start, 'max' => $age_end);
             if (!empty($input['searchable']) && !empty($input['search_type'])) {
                 $search_field = new $input['search_type'](array(), true);
                 $temp = $search_field->admin_processor();
                 if (is_array($temp) && !empty($temp)) {
                     $my_input = array_merge($my_input, $temp);
                 }
             }
             $input['custom_config'] = sanitize_and_format(serialize($my_input), TYPE_STRING, FORMAT_ADDSLASH);
         }
     } else {
         return array();
     }
     return $error;
 }
Ejemplo n.º 8
0
require_once '../includes/admin_functions.inc.php';
require_once '../includes/tables/loc_countries.inc.php';
allow_dept(DEPT_ADMIN);
$tpl = new phemplate('skin/', 'remove_nonjs');
$countries = $countries_default['defaults'];
if (isset($_SESSION['topass']['input'])) {
    $countries = $_SESSION['topass']['input'];
} elseif (!empty($_GET['country_id'])) {
    $country_id = (int) $_GET['country_id'];
    $query = "SELECT `country_id`,`country`,`iso3166`,`prefered_input` FROM `{$dbtable_prefix}loc_countries` WHERE `country_id`={$country_id}";
    if (!($res = @mysql_query($query))) {
        trigger_error(mysql_error(), E_USER_ERROR);
    }
    if (mysql_num_rows($res)) {
        $countries = mysql_fetch_assoc($res);
        $countries['country'] = sanitize_and_format($countries['country'], TYPE_STRING, $__field2format[TEXT_DB2EDIT]);
    }
}
$countries['prefered_input'] = vector2options($country_prefered_input, $countries['prefered_input']);
$tpl->set_file('content', 'loc_countries_addedit.html');
$tpl->set_var('countries', $countries);
if (isset($_GET['o'])) {
    $tpl->set_var('o', $_GET['o']);
}
if (isset($_GET['r'])) {
    $tpl->set_var('r', $_GET['r']);
}
$tpl->process('content', 'content');
$tplvars['title'] = 'Location Management: Countries';
$tplvars['page'] = 'loc_countries_addedit';
include 'frame.php';
Ejemplo n.º 9
0
     trigger_error(mysql_error(), E_USER_ERROR);
 }
 $totalrows = mysql_result($res, 0, 0);
 $loop = array();
 if (!empty($totalrows)) {
     $config = get_site_option(array('datetime_format', 'time_offset'), 'def_user_prefs');
     $query = "SELECT `mail_id`,`is_read`,`fk_user_id_other`,`_user_other`,`subject`,UNIX_TIMESTAMP(`date_sent`) as `date_sent`,`message_type` FROM {$from} WHERE {$where} ORDER BY `date_sent` DESC LIMIT {$o},{$r}";
     if (!($res = @mysql_query($query))) {
         trigger_error(mysql_error(), E_USER_ERROR);
     }
     $i = 0;
     while ($rsrow = mysql_fetch_assoc($res)) {
         if ($rsrow['message_type'] == MESS_SYSTEM) {
             $rsrow['_user_other'] = 'SYSTEM';
         } else {
             $rsrow['_user_other'] = sanitize_and_format($rsrow['_user_other'], TYPE_STRING, $__field2format[TEXT_DB2DISPLAY]);
         }
         // no need to sanitize
         //			$rsrow['subject']=sanitize_and_format($rsrow['subject'],TYPE_STRING,$__field2format[TEXT_DB2DISPLAY]);
         $rsrow['date_sent'] = strftime($config['datetime_format'], $rsrow['date_sent'] + $config['time_offset']);
         if ($rsrow['is_read']) {
             $rsrow['is_read'] = 'mail_read';
         } else {
             $rsrow['is_read'] = 'mail_notread';
         }
         if ($rsrow['message_type'] == MESS_SYSTEM || empty($rsrow['fk_user_id_other'])) {
             unset($rsrow['fk_user_id_other']);
         }
         $loop[] = $rsrow;
         ++$i;
     }
Ejemplo n.º 10
0
    }
    $output['ips'] = join(', ', $output['ips']);
}
$output['pic_width'] = get_site_option('pic_width', 'core_photo');
if (empty($output['search_md5'])) {
    unset($output['search_md5']);
}
if (isset($_GET['o'])) {
    $output['o'] = $_GET['o'];
}
if (isset($_GET['r'])) {
    $output['r'] = $_GET['r'];
}
$output['return2me'] = 'profile.php';
if (!empty($_SERVER['QUERY_STRING'])) {
    $output['return2me'] .= '?' . $_SERVER['QUERY_STRING'];
}
$output['return2me'] = rawurlencode($output['return2me']);
if (isset($_GET['return'])) {
    $output['return2'] = sanitize_and_format($_GET['return'], TYPE_STRING, $__field2format[FIELD_TEXTFIELD]);
}
$tpl->set_file('content', 'profile.html');
$tpl->set_loop('categs', $categs);
$tpl->set_var('output', $output);
$tpl->set_var('account', $account);
$tpl->process('content', 'content', TPL_MULTILOOP | TPL_OPTIONAL);
$tpl->drop_loop('categs');
$tplvars['title'] = sprintf('%1$s Member Profile', $output['_user']);
$tplvars['css'] = 'profile.css';
$tplvars['page'] = 'profile';
include 'frame.php';
Ejemplo n.º 11
0
while ($rsrow = mysql_fetch_assoc($res)) {
    $memberships[$i] = $rsrow;
    if ($memberships[$i]['is_custom']) {
        $memberships[$i]['m_name'] .= ' <a href="javascript:;" onclick="del_membership(' . $memberships[$i]['m_id'] . ')" title="Delete this membership"><img src="skin/images/del.png" alt="Delete this membership" /></a>';
    }
    ++$i;
}
$query = "SELECT `level_id`,`level_code`,`level_diz`,`level`,`disabled_level` FROM `{$dbtable_prefix}access_levels`";
if (!($res = @mysql_query($query))) {
    trigger_error(mysql_error(), E_USER_ERROR);
}
$i = 0;
$access_levels = array();
while ($rsrow = mysql_fetch_assoc($res)) {
    $rsrow['level_code'] = sanitize_and_format($rsrow['level_code'], TYPE_STRING, $__field2format[TEXT_DB2DISPLAY]);
    $rsrow['level_diz'] = sanitize_and_format($rsrow['level_diz'], TYPE_STRING, $__field2format[TEXT_DB2DISPLAY]);
    $access_levels[$i]['row'] = '<td><a href="access_levels_addedit.php?level_id=' . $rsrow['level_id'] . '" title="' . $rsrow['level_diz'] . '">' . $rsrow['level_code'] . "</a></td>\n";
    for ($j = 0; isset($memberships[$j]); ++$j) {
        $access_levels[$i]['row'] .= '<td><input type="checkbox" name="levels[' . $rsrow['level_id'] . '][' . $memberships[$j]['m_value'] . ']" value="1"';
        if ((int) $memberships[$j]['m_value'] & (int) $rsrow['level']) {
            $access_levels[$i]['row'] .= ' checked="checked"';
        }
        if ((int) $memberships[$j]['m_value'] & (int) $rsrow['disabled_level']) {
            $access_levels[$i]['row'] .= ' disabled="disabled"';
        }
        $access_levels[$i]['row'] .= " /></td>\n";
    }
    ++$i;
}
$tpl->set_file('content', 'access_levels.html');
$tpl->set_loop('access_levels', $access_levels);
Ejemplo n.º 12
0
$tpl = new phemplate(_BASEPATH_ . '/skins_site/' . get_my_skin() . '/', 'remove_nonjs');
$output = $user_blogs_default['defaults'];
if (isset($_SESSION['topass']['input'])) {
    $output = $_SESSION['topass']['input'];
    // our 'return' here was decoded in the processor
    $output['return2'] = $output['return'];
    $output['return'] = rawurlencode($output['return']);
} elseif (!empty($_GET['bid'])) {
    $blog_id = (int) $_GET['bid'];
    $query = "SELECT `blog_id`,`blog_name`,`blog_diz` FROM `{$dbtable_prefix}user_blogs` WHERE `blog_id`={$blog_id} AND `fk_user_id`='" . $_SESSION[_LICENSE_KEY_]['user']['user_id'] . "'";
    if (!($res = @mysql_query($query))) {
        trigger_error(mysql_error(), E_USER_ERROR);
    }
    if (mysql_num_rows($res)) {
        $output = mysql_fetch_assoc($res);
        $output = sanitize_and_format($output, TYPE_STRING, $__field2format[TEXT_DB2EDIT]);
    }
}
if (empty($output['return'])) {
    $output['return2'] = sanitize_and_format_gpc($_GET, 'return', TYPE_STRING, $__field2format[FIELD_TEXTFIELD], '');
    $output['return'] = rawurlencode($output['return2']);
}
$tpl->set_file('content', 'blog_addedit.html');
$tpl->set_var('output', $output);
$tpl->process('content', 'content');
$tplvars['title'] = $GLOBALS['_lang'][220];
$tplvars['page_title'] = $GLOBALS['_lang'][220];
$tplvars['page'] = 'blog_addedit';
$tplvars['css'] = 'blog_addedit.css';
if (is_file('blog_addedit_left.php')) {
    include 'blog_addedit_left.php';
Ejemplo n.º 13
0
    $output = $_SESSION['topass']['input'];
    $output['return2'] = $output['return'];
    $output['return'] = rawurlencode($output['return']);
} else {
    if (!empty($_REQUEST['search'])) {
        $output['search'] = sanitize_and_format_gpc($_REQUEST, 'search', TYPE_STRING, $__field2format[FIELD_TEXTFIELD], '');
        $query = "SELECT `results` FROM `{$dbtable_prefix}site_searches` WHERE `search_md5`='" . $output['search'] . "' AND `search_type`=" . SEARCH_USER;
        if (!($res = @mysql_query($query))) {
            trigger_error(mysql_error(), E_USER_ERROR);
        }
        if (mysql_num_rows($res)) {
            $results = mysql_result($res, 0, 0);
            $output['uids'] = explode(',', $results);
        }
    } elseif (!empty($_REQUEST['uids'])) {
        $output['uids'] = sanitize_and_format($_REQUEST['uids'], TYPE_INT, 0, array());
    }
}
if (!empty($output['uids'])) {
    $output['uids'] = join('|', $output['uids']);
} else {
    $topass['message']['type'] = MESSAGE_ERROR;
    $topass['message']['text'] = 'No members selected';
    if (!empty($output['return'])) {
        $nextpage = _BASEURL_ . '/admin/' . $output['return'];
    } else {
        $nextpage = _BASEURL_ . '/admin/member_search.php';
    }
    redirect2page($nextpage, $topass, '', true);
}
if (empty($output['return'])) {
Ejemplo n.º 14
0
===============================================================================
File:                       admin/file_edit.php
$Revision$
Software by:                DateMill (http://www.datemill.com)
Copyright by:               DateMill (http://www.datemill.com)
Support at:                 http://www.datemill.com/forum
*******************************************************************************
* See the "docs/licenses/etano.txt" file for license.                         *
******************************************************************************/
require_once '../includes/common.inc.php';
require_once '../includes/admin_functions.inc.php';
allow_dept(DEPT_ADMIN);
$tpl = new phemplate('skin/', 'remove_nonjs');
$output = array();
$output['file'] = str_replace('..', '', preg_replace('~[^a-zA-Z0-9\\._/-]~', '', sanitize_and_format_gpc($_GET, 'f', TYPE_STRING, $__field2format[FIELD_TEXTFIELD], '')));
if (!empty($output['file']) && $output['file'][0] == '/') {
    $output['file'] = substr($output['file'], 1);
}
$file = _BASEPATH_ . '/' . $output['file'];
$mode = isset($_GET['m']) ? (int) $_GET['m'] : 1;
if (is_file($file)) {
    $output['file_content'] = str_replace(array('{', '}'), array('&#x007B;', '&#x007D;'), sanitize_and_format(file_get_contents($file), TYPE_STRING, $__field2format[TEXT_DB2EDIT]));
}
$tpl->set_file('content', 'file_edit.html');
$output['path'] = urlencode(pathinfo($output['file'], PATHINFO_DIRNAME));
$tpl->set_var('output', $output);
$tpl->process('content', 'content', TPL_OPTIONAL);
$tplvars['title'] = 'File editor';
$tplvars['css'] = 'file_edit.css';
$tplvars['page'] = 'file_edit';
include 'frame.php';
Ejemplo n.º 15
0
require_once '../includes/admin_functions.inc.php';
require_once '../includes/tables/subscriptions_auto.inc.php';
allow_dept(DEPT_ADMIN);
$tpl = new phemplate('skin/', 'remove_nonjs');
$subscriptions_auto = $subscriptions_auto_default['defaults'];
if (isset($_SESSION['topass']['input'])) {
    $subscriptions_auto = $_SESSION['topass']['input'];
} elseif (!empty($_GET['asubscr_id'])) {
    $asubscr_id = (int) $_GET['asubscr_id'];
    $query = "SELECT * FROM `{$dbtable_prefix}subscriptions_auto` WHERE `asubscr_id`={$asubscr_id}";
    if (!($res = @mysql_query($query))) {
        trigger_error(mysql_error(), E_USER_ERROR);
    }
    if (mysql_num_rows($res)) {
        $subscriptions_auto = mysql_fetch_assoc($res);
        $subscriptions_auto = sanitize_and_format($subscriptions_auto, TYPE_STRING, $__field2format[TEXT_DB2EDIT]);
    }
}
$subscriptions_auto['fk_subscr_id'] = dbtable2options("`{$dbtable_prefix}subscriptions`", '`subscr_id`', '`subscr_name`', '`subscr_id`', $subscriptions_auto['fk_subscr_id']);
if (empty($subscriptions_auto['dbfield'])) {
    $subscriptions_auto['to_members_1'] = 'checked="checked"';
} else {
    $subscriptions_auto['to_members_2'] = 'checked="checked"';
}
$dbfields = array();
foreach ($_pfields as $pfield_id => $pfield) {
    if (get_class($pfield) == 'field_select') {
        $dbfields[$pfield['dbfield']] = $pfield->config['label'] . ' (' . $pfield->config['dbfield'] . ')';
    }
}
if (!empty($subscriptions_auto['dbfield'])) {
Ejemplo n.º 16
0
$output = array();
$output['lk_type'] = FIELD_TEXTFIELD;
if (isset($_SESSION['topass']['input'])) {
    $output = $_SESSION['topass']['input'];
    // our 'return' here was decoded in the processor
    $output['return2'] = $output['return'];
    $output['return'] = rawurlencode($output['return']);
} elseif (!empty($_GET['lk_id'])) {
    $lk_id = (int) $_GET['lk_id'];
    $query = "SELECT `lk_id`,`alt_id_text`,`lk_type`,`lk_diz`,`lk_use`,`save_file` FROM `{$dbtable_prefix}lang_keys` WHERE `lk_id`={$lk_id}";
    if (!($res = @mysql_query($query))) {
        trigger_error(mysql_error(), E_USER_ERROR);
    }
    if (mysql_num_rows($res)) {
        $output = mysql_fetch_assoc($res);
        $output['lk_diz'] = sanitize_and_format($output['lk_diz'], TYPE_STRING, $__field2format[TEXT_DB2EDIT]);
        $output['alt_id_text'] = sanitize_and_format($output['alt_id_text'], TYPE_STRING, $__field2format[TEXT_DB2EDIT]);
    }
}
$output['lk_type'] = vector2options($accepted_lk_types, $output['lk_type']);
if (empty($output['return'])) {
    $output['return2'] = sanitize_and_format_gpc($_GET, 'return', TYPE_STRING, $__field2format[FIELD_TEXTFIELD], '');
    $output['return'] = rawurlencode($output['return2']);
}
$tpl->set_file('content', 'lang_keys_addedit.html');
$tpl->set_var('output', $output);
$tpl->process('content', 'content', TPL_OPTIONAL);
$tplvars['title'] = 'Add/Edit Language Keys';
$tplvars['page'] = 'lang_keys_addedit';
$tplvars['css'] = 'lang_keys_addedit.css';
include 'frame.php';
Ejemplo n.º 17
0
        break;
    case AMTPL_REJECT_COMM:
        switch ($output['m']) {
            case 'blog':
                $table = "`{$dbtable_prefix}comments_blog`";
                break;
            case 'photo':
                $table = "`{$dbtable_prefix}comments_photo`";
                break;
            case 'user':
                $table = "`{$dbtable_prefix}comments_profile`";
                break;
        }
        $query = "SELECT `comment` FROM {$table} WHERE `comment_id`=" . $output['id'];
        if (!($res = @mysql_query($query))) {
            trigger_error(mysql_error(), E_USER_ERROR);
        }
        if (mysql_num_rows($res)) {
            $output = array_merge($output, mysql_fetch_assoc($res));
            $output['comment'] = sanitize_and_format($output['comment'], TYPE_STRING, $__field2format[TEXT_DB2DISPLAY], '');
        }
        $output['reject_comment'] = true;
        $tplvars['title'] = 'Reject a comment';
        break;
}
$tpl->set_file('content', 'reject.html');
$tpl->set_var('output', $output);
$tpl->process('content', 'content', TPL_OPTIONAL);
$tplvars['css'] = 'reject.css';
$tplvars['page'] = 'reject';
include 'frame.php';
Ejemplo n.º 18
0
 function display()
 {
     return sanitize_and_format($this->value, TYPE_STRING, $GLOBALS['__field2format'][TEXT_DB2DISPLAY]);
 }
Ejemplo n.º 19
0
                }
            }
            $query = substr($query, 0, -1);
            if (!($res = @mysql_query($query))) {
                trigger_error(mysql_error(), E_USER_ERROR);
            }
            if (mysql_affected_rows()) {
                $topass['message']['type'] = MESSAGE_INFO;
                $topass['message']['text'] = 'Account added.';
            } else {
                $topass['message']['type'] = MESSAGE_ERROR;
                $topass['message']['text'] = 'Error: account not added.';
            }
        }
    } else {
        $nextpage = 'admin/admin_accounts_addedit.php';
        // 		you must re-read all textareas from $_POST like this:
        //		$input['x']=addslashes_mq($_POST['x']);
        $input = sanitize_and_format($input, TYPE_STRING, FORMAT_HTML2TEXT_FULL | FORMAT_STRIPSLASH);
        $topass['input'] = $input;
    }
    if (isset($_POST['o'])) {
        $qs .= $qs_sep . 'o=' . $_POST['o'];
        $qs_sep = '&';
    }
    if (isset($_POST['r'])) {
        $qs .= $qs_sep . 'r=' . $_POST['r'];
        $qs_sep = '&';
    }
}
redirect2page($nextpage, $topass, $qs);
Ejemplo n.º 20
0
* See the "docs/licenses/etano.txt" file for license.                         *
******************************************************************************/
require_once '../includes/common.inc.php';
require_once '../includes/admin_functions.inc.php';
require_once '../includes/tables/site_news.inc.php';
allow_dept(DEPT_ADMIN);
$tpl = new phemplate('skin/', 'remove_nonjs');
$output = $site_news_default['defaults'];
if (isset($_SESSION['topass']['input'])) {
    $output = $_SESSION['topass']['input'];
} elseif (!empty($_GET['news_id'])) {
    $news_id = (int) $_GET['news_id'];
    $query = "SELECT * FROM `{$dbtable_prefix}site_news` WHERE `news_id`='{$news_id}'";
    if (!($res = @mysql_query($query))) {
        trigger_error(mysql_error(), E_USER_ERROR);
    }
    if (mysql_num_rows($res)) {
        $output = mysql_fetch_assoc($res);
        $output['news_title'] = sanitize_and_format($output['news_title'], TYPE_STRING, $__field2format[TEXT_DB2EDIT]);
        $output['news_body'] = sanitize_and_format($output['news_body'], TYPE_STRING, $__field2format[TEXT_DB2EDIT]);
    }
}
$output['return2'] = sanitize_and_format_gpc($_GET, 'return', TYPE_STRING, $__field2format[FIELD_TEXTFIELD], '');
$output['return'] = rawurlencode($output['return2']);
$tpl->set_file('content', 'site_news_addedit.html');
$tpl->set_var('output', $output);
$tpl->process('content', 'content');
$tplvars['title'] = 'Site News Management';
$tplvars['css'] = 'site_news_addedit.css';
$tplvars['page'] = 'site_news_addedit';
include 'frame.php';
Ejemplo n.º 21
0
if (!empty($totalrows)) {
    if ($o >= $totalrows) {
        $o = $totalrows - $r;
        $o = $o >= 0 ? $o : 0;
    }
    $config = get_site_option(array('datetime_format'), 'def_user_prefs');
    $query = "SELECT a.`ban_id`,a.`ban_type`,a.`what`,b.`lang_value` as `reason`,UNIX_TIMESTAMP(a.`since`) as `since` FROM {$from} WHERE {$where} LIMIT {$o},{$r}";
    if (!($res = @mysql_query($query))) {
        trigger_error(mysql_error(), E_USER_ERROR);
    }
    while ($rsrow = mysql_fetch_assoc($res)) {
        if ($rsrow['ban_type'] == _PUNISH_BANIP_) {
            $rsrow['what'] = long2ip($rsrow['what']);
        }
        $rsrow['ban_type'] = $accepted_punishments[$rsrow['ban_type']];
        $rsrow['reason'] = sanitize_and_format($rsrow['reason'], TYPE_STRING, $__field2format[TEXT_DB2DISPLAY]);
        $rsrow['since'] = strftime($config['datetime_format'], $rsrow['since']);
        $loop[] = $rsrow;
    }
    $output['pager2'] = pager($totalrows, $o, $r);
}
$output['return2me'] = 'site_bans.php';
if (!empty($_SERVER['QUERY_STRING'])) {
    $output['return2me'] .= '?' . $_SERVER['QUERY_STRING'];
}
$output['return2me'] = rawurlencode($output['return2me']);
$tpl->set_file('content', 'site_bans.html');
$tpl->set_loop('loop', $loop);
$tpl->set_var('output', $output);
$tpl->process('content', 'content', TPL_LOOP | TPL_NOLOOP);
$tpl->drop_loop('loop');
Ejemplo n.º 22
0
        $loop_friends = $user_cache->get_cache_tpl($loop_friends, 'result_user');
    }
    unset($user_cache);
    // comments
    $loop_comments = create_comments_loop('user', $output['uid'], $output);
    $output['pic_width'] = get_site_option('pic_width', 'core_photo');
    $tplvars['title'] = sprintf($GLOBALS['_lang'][152], $output['user']);
    $tplvars['page_title'] = $output['user'];
} else {
    $topass['message']['type'] = MESSAGE_ERROR;
    $topass['message']['text'] = $GLOBALS['_lang'][7];
    redirect2page('info.php', $topass);
}
$output['lang_273'] = sanitize_and_format($GLOBALS['_lang'][273], TYPE_STRING, $__field2format[TEXT_DB2DISPLAY]);
$output['lang_274'] = sanitize_and_format($GLOBALS['_lang'][274], TYPE_STRING, $__field2format[TEXT_DB2DISPLAY]);
$output['lang_256'] = sanitize_and_format($GLOBALS['_lang'][256], TYPE_STRING, $__field2format[TEXT_DB2DISPLAY]);
$output['return2me'] = 'profile.php';
if (!empty($_SERVER['QUERY_STRING'])) {
    $output['return2me'] .= '?' . $_SERVER['QUERY_STRING'];
}
$output['return2me'] = rawurlencode($output['return2me']);
$tpl->set_file('content', 'profile.html');
$tpl->set_var('output', $output);
$tpl->set_var('tplvars', $tplvars);
$tpl->set_loop('categs', $categs);
$tpl->set_loop('user_photos', $user_photos);
$tpl->set_loop('loop_comments', $loop_comments);
$tpl->set_loop('loop_friends', $loop_friends);
$tpl->process('content', 'content', TPL_LOOP | TPL_NOLOOP | TPL_OPTLOOP | TPL_OPTIONAL);
$tpl->drop_loop('categs');
$tpl->drop_loop('user_photos');
Ejemplo n.º 23
0
if (!($res = @mysql_query($query))) {
    trigger_error(mysql_error(), E_USER_ERROR);
}
$totalrows = mysql_result($res, 0, 0);
$loop = array();
if (!empty($totalrows)) {
    if ($o >= $totalrows) {
        $o = $totalrows - $r;
        $o = $o >= 0 ? $o : 0;
    }
    $query = "SELECT * FROM {$from} WHERE {$where} ORDER BY `news_id` DESC LIMIT {$o},{$r}";
    if (!($res = @mysql_query($query))) {
        trigger_error(mysql_error(), E_USER_ERROR);
    }
    while ($rsrow = mysql_fetch_assoc($res)) {
        $rsrow['news_title'] = sanitize_and_format($rsrow['news_title'], TYPE_STRING, $__field2format[TEXT_DB2DISPLAY]);
        $loop[] = $rsrow;
    }
    $output['pager2'] = pager($totalrows, $o, $r);
}
$output['return2me'] = 'site_news.php';
if (!empty($_SERVER['QUERY_STRING'])) {
    $output['return2me'] .= '?' . $_SERVER['QUERY_STRING'];
}
$output['return2me'] = rawurlencode($output['return2me']);
$tpl->set_file('content', 'site_news.html');
$tpl->set_loop('loop', $loop);
$tpl->set_var('output', $output);
$tpl->process('content', 'content', TPL_LOOP | TPL_NOLOOP);
$tpl->drop_loop('loop');
$tpl->drop_var('output.pager2');
Ejemplo n.º 24
0
        if ($i >= 0) {
            $site_skins[$i] = sanitize_and_format($site_skins[$i], TYPE_STRING, $__field2format[TEXT_DB2DISPLAY]);
            if (!empty($site_skins[$i]['is_default'])) {
                $site_skins[$i]['is_default'] = '<img src="skin/images/check.gif" />';
            } else {
                unset($site_skins[$i]['is_default']);
            }
        }
        ++$i;
        $site_skins[$i]['module_code'] = $rsrow['module_code'];
        $site_skins[$i]['skin_name'] = $rsrow['module_name'] . ' ' . $rsrow['version'];
        $last_code = $rsrow['module_code'];
    }
    $site_skins[$i][$rsrow['config_option']] = $rsrow['config_value'];
}
// one more time for the last row
if ($i >= 0) {
    $site_skins[$i] = sanitize_and_format($site_skins[$i], TYPE_STRING, $__field2format[TEXT_DB2DISPLAY]);
    if (!empty($site_skins[$i]['is_default'])) {
        $site_skins[$i]['is_default'] = '<img src="skin/images/check.gif" />';
    } else {
        unset($site_skins[$i]['is_default']);
    }
}
$tpl->set_file('content', 'site_skins.html');
$tpl->set_loop('site_skins', $site_skins);
$tpl->process('content', 'content', TPL_LOOP | TPL_NOLOOP | TPL_OPTLOOP);
$tpl->drop_loop('site_skins');
$tplvars['title'] = 'Skin Settings';
$tplvars['page'] = 'site_skins';
include 'frame.php';
Ejemplo n.º 25
0
$where = 'a.`m_value_to`=b.`m_value`';
$from = "`{$dbtable_prefix}subscriptions` a,`{$dbtable_prefix}memberships` b";
$query = "SELECT count(*) FROM {$from} WHERE {$where}";
if (!($res = @mysql_query($query))) {
    trigger_error(mysql_error(), E_USER_ERROR);
}
$totalrows = mysql_result($res, 0, 0);
$subscriptions = array();
if (!empty($totalrows)) {
    $query = "SELECT a.`subscr_id`,a.`subscr_name`,a.`price`,a.`currency`,a.`is_recurent`,b.`m_name` as `m_value_to`,a.`duration`,a.`is_visible` FROM {$from} WHERE {$where} ORDER BY a.`subscr_id`";
    if (!($res = @mysql_query($query))) {
        trigger_error(mysql_error(), E_USER_ERROR);
    }
    while ($rsrow = mysql_fetch_assoc($res)) {
        $rsrow['currency'] = isset($accepted_currencies[$rsrow['currency']]) ? $accepted_currencies[$rsrow['currency']] : '';
        $rsrow['subscr_name'] = sanitize_and_format($rsrow['subscr_name'], TYPE_STRING, $__field2format[TEXT_DB2DISPLAY]);
        if (!empty($rsrow['is_recurent'])) {
            $rsrow['is_recurent'] = '<img src="skin/images/refresh.gif" title="Recuring" />';
        } else {
            unset($rsrow['is_recurent']);
        }
        if (!empty($rsrow['is_visible'])) {
            $rsrow['is_visible'] = '<img src="skin/images/check.gif" />';
        } else {
            unset($rsrow['is_visible']);
        }
        if (empty($rsrow['duration'])) {
            $rsrow['duration'] = 'Lifetime';
        } else {
            $rsrow['duration'] .= ' days';
        }
Ejemplo n.º 26
0
*******************************************************************************
* See the "docs/licenses/etano.txt" file for license.                         *
******************************************************************************/
require_once '../../includes/common.inc.php';
require_once '../../includes/admin_functions.inc.php';
allow_dept(DEPT_ADMIN);
$query_strlen = 10000;
$error = false;
$qs = '';
$qs_sep = '';
$topass = array();
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
    $input = array();
    $input['uids'] = isset($_POST['uids']) ? $_POST['uids'] : '';
    $input['uids'] = explode('|', $input['uids']);
    $input['uids'] = sanitize_and_format($input['uids'], TYPE_INT, 0, array());
    $input['m_value'] = sanitize_and_format_gpc($_POST, 'm_value', TYPE_INT, 0, 0);
    $input['duration'] = sanitize_and_format_gpc($_POST, 'duration', TYPE_INT, 0, 0);
    $input['return'] = sanitize_and_format_gpc($_POST, 'return', TYPE_STRING, $__field2format[FIELD_TEXTFIELD] | FORMAT_RUDECODE, '');
    if (!$error) {
        $now = gmdate('YmdHis');
        $query = "UPDATE `{$dbtable_prefix}payments` SET `paid_until`='{$now}',`is_active`=0 WHERE `fk_user_id` IN ('" . join("','", $input['uids']) . "') AND `is_active`=1 AND `is_subscr`=1";
        if (!($res = @mysql_query($query))) {
            trigger_error(mysql_error(), E_USER_ERROR);
        }
        $query = "SELECT `" . USER_ACCOUNT_ID . "` as `user_id`,`" . USER_ACCOUNT_USER . "` as `user`,`membership` FROM `" . USER_ACCOUNTS_TABLE . "` WHERE `" . USER_ACCOUNT_ID . "` IN ('" . join("','", $input['uids']) . "')";
        if (!($res = @mysql_query($query))) {
            trigger_error(mysql_error(), E_USER_ERROR);
        }
        $uids = array();
        $insert = "INSERT INTO `{$dbtable_prefix}payments` (`is_active`,`is_subscr`,`fk_user_id`,`_user`,`gateway`,`m_value_to`,`paid_from`,`paid_until`,`date`) VALUES ";
Ejemplo n.º 27
0
     for ($i = 0; isset($_on_after_post[$i]); ++$i) {
         call_user_func($_on_after_post[$i]);
     }
 }
 if (!$error) {
     $input['caption'] = remove_banned_words($input['caption']);
     $query = "SELECT `photo_id`,`caption`,`is_main`,`photo`,`status` FROM `{$dbtable_prefix}user_photos` WHERE `photo_id` IN ('" . join("','", array_keys($input['caption'])) . "') AND `fk_user_id`='" . $_SESSION[_LICENSE_KEY_]['user']['user_id'] . "'";
     if (!($res = @mysql_query($query))) {
         trigger_error(mysql_error(), E_USER_ERROR);
     }
     $old_captions = array();
     $old_main = 0;
     $photos = array();
     $statuses = array();
     while ($rsrow = mysql_fetch_assoc($res)) {
         $old_captions[$rsrow['photo_id']] = sanitize_and_format($rsrow['caption'], TYPE_STRING, $__field2format[TEXT_DB2DB]);
         $photos[$rsrow['photo_id']] = $rsrow['photo'];
         if (!empty($rsrow['is_main'])) {
             $old_main = $rsrow['photo_id'];
         }
         $statuses[$rsrow['photo_id']] = $rsrow['status'];
     }
     $captions_changed = array();
     foreach ($input['caption'] as $photo_id => $caption) {
         if ($caption != $old_captions[$photo_id]) {
             $captions_changed[$photo_id] = 1;
         }
     }
     $now = gmdate('YmdHis');
     $config = get_site_option(array('manual_photo_approval'), 'core_photo');
     if (!empty($input['is_main']) && $input['is_main'] != $old_main && !isset($input['is_private'][$input['is_main']])) {
Ejemplo n.º 28
0
<?php

/******************************************************************************
Etano
===============================================================================
File:                       ajax/user_exists.php
$Revision$
Software by:                DateMill (http://www.datemill.com)
Copyright by:               DateMill (http://www.datemill.com)
Support at:                 http://www.datemill.com/forum
*******************************************************************************
* See the "docs/licenses/etano.txt" file for license.                         *
******************************************************************************/
require_once dirname(__FILE__) . '/../includes/common.inc.php';
require_once dirname(__FILE__) . '/../includes/user_functions.inc.php';
$output = '';
if (!empty($_POST['user'])) {
    $user = sanitize_and_format($_POST['user'], TYPE_STRING, $__field2format[FIELD_TEXTFIELD]);
    if (get_userid_by_user($user) || $user == 'guest') {
        $output = 1;
    }
}
echo $output;
Ejemplo n.º 29
0
Etano
===============================================================================
File:                       admin/site_skins_addedit.php
$Revision$
Software by:                DateMill (http://www.datemill.com)
Copyright by:               DateMill (http://www.datemill.com)
Support at:                 http://www.datemill.com/forum
*******************************************************************************
* See the "docs/licenses/etano.txt" file for license.                         *
******************************************************************************/
require_once '../includes/common.inc.php';
require_once '../includes/admin_functions.inc.php';
require_once '../includes/tables/site_skins.inc.php';
allow_dept(DEPT_ADMIN);
$tpl = new phemplate('skin/', 'remove_nonjs');
$site_skins = $site_skins_default['defaults'];
if (isset($_SESSION['topass']['input'])) {
    $site_skins = $_SESSION['topass']['input'];
} elseif (!empty($_GET['module_code'])) {
    $module_code = sanitize_and_format($_GET['module_code'], TYPE_STRING, $__field2format[FIELD_TEXTFIELD]);
    $site_skins = get_site_option(array(), $module_code);
    $site_skins = sanitize_and_format($site_skins, TYPE_STRING, $__field2format[TEXT_DB2EDIT]);
    $site_skins['fk_module_code'] = $module_code;
}
$site_skins['fk_locale_id'] = dbtable2options("`{$dbtable_prefix}locales`", '`locale_id`', '`locale_name`', '`locale_name`', $site_skins['fk_locale_id']);
$tpl->set_file('content', 'site_skins_addedit.html');
$tpl->set_var('site_skins', $site_skins);
$tpl->process('content', 'content');
$tplvars['title'] = 'Site Skins';
$tplvars['page'] = 'site_skins_addedit';
include 'frame.php';
Ejemplo n.º 30
0
function vector2options($show_vector, $selected_map_val = '', $exclusion_vector = array())
{
    $myreturn = '';
    while (list($k, $v) = each($show_vector)) {
        if (!in_array($k, $exclusion_vector)) {
            $myreturn .= '<option value="' . sanitize_and_format($k, TYPE_STRING, $GLOBALS['__field2format'][TEXT_DB2EDIT]) . '"';
            if (!is_array($selected_map_val) && $k == $selected_map_val || is_array($selected_map_val) && in_array($k, $selected_map_val)) {
                $myreturn .= ' selected="selected"';
            }
            //			$myreturn.='>'.sanitize_and_format($v,TYPE_STRING,$GLOBALS['__field2format'][TEXT_GPC2EDIT])."</option>\n";
            $myreturn .= ">{$v}</option>\n";
        }
    }
    return $myreturn;
}