Ejemplo n.º 1
0
post_only();
if ($hc_cfg[1] == 0) {
    exit;
}
include HCPATH . HCINC . '/functions/events.php';
include HCLANG . '/config.php';
include HCLANG . '/public/submit.php';
$proof = $challenge = '';
if ($hc_cfg[65] == 1) {
    $proof = isset($_POST['proof']) ? $_POST['proof'] : NULL;
    $challenge = isset($_SESSION['hc_cap']) ? $_SESSION['hc_cap'] : NULL;
} elseif ($hc_cfg[65] == 2) {
    $proof = isset($_POST["recaptcha_response_field"]) ? $_POST["recaptcha_response_field"] : NULL;
    $challenge = isset($_POST["recaptcha_challenge_field"]) ? $_POST["recaptcha_challenge_field"] : NULL;
}
spamIt($proof, $challenge, 1);
$newPkID = 0;
$dates = array();
$appStatus = user_check_status() && $_SESSION['UserLevel'] == 2 ? 1 : 2;
$pubDate = $appStatus == 1 ? "'" . SYSDATE . ' ' . SYSTIME . "'" : 'NULL';
$filter = array('/onclick=["\'][^"\']+["\']/i', '/ondblclick=["\'][^"\']+["\']/i', '/onkeydown=["\'][^"\']+["\']/i', '/onkeypress=["\'][^"\']+["\']/i', '/onkeyup=["\'][^"\']+["\']/i', '/onmousedown=["\'][^"\']+["\']/i', '/onmousemove=["\'][^"\']+["\']/i', '/onmouseout=["\'][^"\']+["\']/i', '/onmouseover=["\'][^"\']+["\']/i', '/onmouseup=["\'][^"\']+["\']/i', '/onmousemove=["\'][^"\']+["\']/i', '/onfocus=["\'][^"\']+["\']/i', '/onblur=["\'][^"\']+["\']/i');
$eID = $tbd = $stop = 0;
$subName = isset($_POST['submitName']) ? htmlspecialchars(strip_tags($_POST['submitName'])) : NULL;
$subEmail = isset($_POST['submitEmail']) ? htmlspecialchars(strip_tags($_POST['submitEmail'])) : NULL;
$subID = isset($_POST['submitID']) ? htmlspecialchars(strip_tags($_POST['submitID'])) : NULL;
$eventTitle = isset($_POST['eventTitle']) ? htmlspecialchars(cleanQuotes(strip_tags($_POST['eventTitle']))) : NULL;
$eventDesc = isset($_POST['eventDescription']) ? cleanQuotes(strip_tags($_POST['eventDescription'], '<abbr><acronym><blockquote><br><caption><center><cite><dd><del><dfn><dir><div><dl><dt><em><i><font><hr><img><legend><li><menu><ol><p><pre><listing><plaintext><q><small><span><strike><strong><b><style><sub><sup><table><td><tr><tt><u><ul><var>'), 0) : NULL;
$eventDesc = preg_replace($filter, '', $eventDesc);
$locID = isset($_POST['locPreset']) ? htmlspecialchars(strip_tags($_POST['locPreset'])) : NULL;
$contactName = isset($_POST['contactName']) ? htmlspecialchars(strip_tags($_POST['contactName'])) : NULL;
$contactEmail = isset($_POST['contactEmail']) ? htmlspecialchars(strip_tags($_POST['contactEmail'])) : NULL;
Ejemplo n.º 2
0
 */
define('isHC', true);
define('isAction', true);
include dirname(__FILE__) . '/loader.php';
action_headers();
post_only();
include HCLANG . '/public/rsvp.php';
$proof = $challenge = '';
if ($hc_cfg[65] == 1) {
    $proof = isset($_POST['proof']) ? $_POST['proof'] : NULL;
    $challenge = isset($_SESSION['hc_cap']) ? $_SESSION['hc_cap'] : NULL;
} elseif ($hc_cfg[65] == 2) {
    $proof = isset($_POST["recaptcha_response_field"]) ? $_POST["recaptcha_response_field"] : NULL;
    $challenge = isset($_POST["recaptcha_challenge_field"]) ? $_POST["recaptcha_challenge_field"] : NULL;
}
spamIt($proof, $challenge, 3);
$eID = isset($_POST['eID']) && is_numeric($_POST['eID']) ? cIn(strip_tags($_POST['eID'])) : 0;
$regName = isset($_POST['hc_f1']) ? cIn(strip_tags(cleanBreaks($_POST['hc_f1']))) : '';
$regEmail = isset($_POST['hc_f2']) ? cIn(strip_tags(cleanBreaks($_POST['hc_f2']))) : '';
$phone = isset($_POST['hc_f3']) ? cIn(strip_tags($_POST['hc_f3'])) : '';
$address = isset($_POST['hc_f4']) ? cIn(strip_tags($_POST['hc_f4'])) : '';
$address2 = isset($_POST['hc_f5']) ? cIn(strip_tags($_POST['hc_f5'])) : '';
$city = isset($_POST['hc_f6']) ? cIn(strip_tags($_POST['hc_f6'])) : '';
$state = isset($_POST['locState']) ? cIn(strip_tags($_POST['locState'])) : '';
$country = isset($_POST['hc_f9']) ? cIn(strip_tags($_POST['hc_f9'])) : '';
$zip = isset($_POST['hc_f8']) ? cIn(strip_tags($_POST['hc_f8'])) : '';
$partySize = is_numeric($_POST['hc_f7']) ? cIn(strip_tags($_POST['hc_f7'])) + 1 : 0;
$result = doQuery("SELECT PkID FROM " . HC_TblPrefix . "registrants WHERE Email = '" . $regEmail . "' AND EventID = '" . $eID . "'");
if (hasRows($result)) {
    header("Location: " . CalRoot . "/index.php?com=rsvp&eID=" . $eID . "&msg=1");
} else {
Ejemplo n.º 3
0
define('isAction', true);
include dirname(__FILE__) . '/loader.php';
action_headers();
post_only();
include HCLANG . '/public/news.php';
if (!isset($_POST['dID'])) {
    $target = '/index.php?com=edit&msg=2';
    $proof = $challenge = '';
    if ($hc_cfg[65] == 1) {
        $proof = isset($_POST['proof']) ? $_POST['proof'] : NULL;
        $challenge = isset($_SESSION['hc_cap']) ? $_SESSION['hc_cap'] : NULL;
    } elseif ($hc_cfg[65] == 2) {
        $proof = isset($_POST["recaptcha_response_field"]) ? $_POST["recaptcha_response_field"] : NULL;
        $challenge = isset($_POST["recaptcha_challenge_field"]) ? $_POST["recaptcha_challenge_field"] : NULL;
    }
    spamIt($proof, $challenge, 4);
    $email = isset($_POST['hc_fz']) ? cIn(strip_tags($_POST['hc_fz'])) : '';
    $do = isset($_POST['hc_fy']) ? cIn($_POST['hc_fy']) : '';
    $stop = preg_match('/^([a-zA-Z0-9_\\.\\-])+\\@(([a-zA-Z0-9\\-])+\\.)+([a-zA-Z0-9]{2,4})+$/', $email) == 1 ? 0 : 1;
    $stop = is_numeric($do) ? 0 : 1;
    if ($stop == 0) {
        $result = doQuery("SELECT PkID FROM " . HC_TblPrefix . "subscribers WHERE email = '" . $email . "' && IsConfirm = 1");
        if (hasRows($result)) {
            doQuery("UPDATE " . HC_TblPrefix . "subscribers SET GUID = MD5(CONCAT(rand(UNIX_TIMESTAMP()) * (RAND()*1000000),'" . $email . "')) WHERE email = '" . $email . "'");
            $result = doQuery("SELECT FirstName, LastName, GUID FROM " . HC_TblPrefix . "subscribers WHERE email = '" . $email . "'");
            $GUID = hasRows($result) ? mysql_result($result, 0, 2) : '';
            if ($GUID != '') {
                $link = $do == 0 ? CalRoot . '/index.php?com=signup&u=' . $GUID : CalRoot . '/index.php?com=signup&d=' . $GUID;
                $doMsg = $do == 0 ? 'Edit' : 'Delete';
                $subject = $hc_lang_news[$doMsg . 'Subject'] . ' - ' . CalName;
                $message = '<p>' . $hc_lang_news[$doMsg . 'EmailA'] . ' <a href="' . $link . '">' . $link . '</a></p>';
Ejemplo n.º 4
0
 */
define('isHC', true);
define('isAction', true);
include dirname(__FILE__) . '/loader.php';
action_headers();
post_only();
include HCLANG . '/public/send.php';
$proof = $challenge = '';
if ($hc_cfg[65] == 1) {
    $proof = isset($_POST['proof']) ? $_POST['proof'] : NULL;
    $challenge = isset($_SESSION['hc_cap']) ? $_SESSION['hc_cap'] : NULL;
} elseif ($hc_cfg[65] == 2) {
    $proof = isset($_POST["recaptcha_response_field"]) ? $_POST["recaptcha_response_field"] : NULL;
    $challenge = isset($_POST["recaptcha_challenge_field"]) ? $_POST["recaptcha_challenge_field"] : NULL;
}
spamIt($proof, $challenge, 2);
$myName = cIn(strip_tags(cleanBreaks($_POST['hc_fx1'])));
$myEmail = cIn(strip_tags(cleanBreaks($_POST['hc_fx2'])));
$friendName = cIn(strip_tags(cleanBreaks($_POST['hc_fx3'])));
$friendEmail = cIn(strip_tags(cleanBreaks($_POST['hc_fx4'])));
$sendMsg = cleanBreaks(nl2br(strip_tags($_POST['hc_fx5'])));
$eID = isset($_POST['eID']) && is_numeric($_POST['eID']) ? cIn(strip_tags($_POST['eID'])) : 0;
$tID = isset($_POST['tID']) && is_numeric($_POST['tID']) ? cIn(strip_tags($_POST['tID'])) : 0;
if ($tID == 0) {
    $result = doQuery("SELECT Title, StartDate, StartTime, TBD FROM " . HC_TblPrefix . "events WHERE PkID = '" . $eID . "'");
} else {
    $result = doQuery("SELECT Name, Address, Address2, City, State, Zip, Country FROM " . HC_TblPrefix . "locations WHERE PkID = '" . $eID . "'");
}
if (hasRows($result) && $myName != '' && $myEmail != '' && $friendName != '' && $friendEmail != '') {
    $message = '<p>' . cOut($sendMsg) . '</p>';
    $message .= '<p><b>' . mysql_result($result, 0, 0) . '</b><br />';
Ejemplo n.º 5
0
define('hcAdmin', true);
include '../loader.php';
action_headers();
post_only();
$token = isset($_POST['token']) ? cIn(strip_tags($_POST['token'])) : '';
if (!check_form_token($token)) {
    go_home();
}
include HCLANG . '/admin/login.php';
$proof = $challenge = '';
if ($hc_cfg[65] == 1) {
    $proof = isset($_POST['proof']) ? $_POST['proof'] : NULL;
    $challenge = isset($_SESSION['hc_cap']) ? $_SESSION['hc_cap'] : NULL;
} elseif ($hc_cfg[65] == 2) {
    $proof = isset($_POST["recaptcha_response_field"]) ? $_POST["recaptcha_response_field"] : NULL;
    $challenge = isset($_POST["recaptcha_challenge_field"]) ? $_POST["recaptcha_challenge_field"] : NULL;
}
spamIt($proof, $challenge, 0);
$email = isset($_POST['email']) ? cIn($_POST['email']) : '';
$result = doQuery("SELECT FirstName, LastName, Email, Passwrd FROM " . HC_TblPrefix . "admin WHERE email = '" . $email . "' AND IsActive = 1");
if (hasRows($result)) {
    $pwKey = md5(date("U") . md5(date("U")));
    doQuery("UPDATE " . HC_TblPrefix . "admin SET PCKey = '" . cIn($pwKey) . "' WHERE Email = '" . $email . "'");
    $subject = CalName . ' ' . $hc_lang_login['LoginSubject'];
    $message = '<a href="' . AdminRoot . '/index.php?lp=2&k=' . $pwKey . '">' . AdminRoot . '/index.php?lp=2&k=' . $pwKey . '</a>';
    $message .= '<br /><br />' . $hc_lang_login['LoginEmail'] . ' <b>' . strip_tags($_SERVER["REMOTE_ADDR"]) . "</b>";
    reMail(trim(mysql_result($result, 0, 0) . ' ' . mysql_result($result, 0, 1)), mysql_result($result, 0, 2), $subject, $message, $hc_cfg[79], $hc_cfg[78]);
    header('Location: ' . AdminRoot . '/?lmsg=3');
} else {
    header('Location: ' . AdminRoot . '/');
}