Ejemplo n.º 1
2
            if (ini_get('zlib.output_compression')) {
                ini_set('zlib.output_compression', 'Off');
            }
            header('Content-Type: application/force-download');
            header('Content-Disposition: attachment; filename="' . basename($file) . '"');
            header('Content-Transfer-Encoding: binary');
            header('Accept-Ranges: bytes');
            header('Cache-control: private');
            header('Pragma: private');
            header('Expires: Mon, 26 Jul 1997 05:00:00 GMT');
            header('Content-Length: ' . filesize($file));
            readfile($file);
            exit;
        } else {
            VRedirect::go($config['BASE_URL'] . '/error');
        }
    } else {
        VRedirect::go($config['BASE_URL'] . '/error');
    }
}
if ($new_permisions['sd_downloads'] == 0 && !$_SESSION['uid']) {
    $_SESSION['error'] = $lang['download.error'];
    VRedirect::go($config['BASE_URL'] . '/signup');
}
if ($new_permisions['sd_downloads'] == 0 && $_SESSION['uid'] && $_SESSION['uid_premium'] == 0) {
    VRedirect::go($config['BASE_URL'] . '/error/download_free');
}
if ($new_permisions['sd_downloads'] == 0 && $_SESSION['uid_premium']) {
    VRedirect::go($config['BASE_URL'] . '/error/download_premium');
}
die;
Ejemplo n.º 2
0
 public static function check($ip, $size)
 {
     global $config, $conn, $lang, $user_limit_bandwidth, $type_of_user;
     $limit = $user_limit_bandwidth * 1024 * 1024;
     $sql = "SELECT guest_id, bandwidth\n                  FROM guests\n                  WHERE guest_ip = " . $ip . "\n                  LIMIT 1";
     $rs = $conn->execute($sql);
     if ($conn->Affected_Rows() === 1) {
         $guest_id = $rs->fields['guest_id'];
         $guest_bandwidth = $rs->fields['bandwidth'];
         if ($guest_bandwidth > $limit) {
             if ($type_of_user == 'guest') {
                 $_SESSION['error'] = $lang['guest.limit'];
                 VRedirect::go($config['BASE_URL'] . '/signup');
             } elseif ($type_of_user == 'free') {
                 VRedirect::go($config['BASE_URL'] . '/error/free_limit_reached');
             } elseif ($type_of_user == 'premium') {
                 VRedirect::go($config['BASE_URL'] . '/error/premium_limit_reached');
             }
         } else {
             $sql = "UPDATE guests\n                        SET bandwidth = bandwidth + " . $size . ",\n                            last_login = '******'Y-m-d h:i:s') . "'\n                        WHERE guest_id = " . $guest_id . "\n                        LIMIT 1";
             $conn->execute($sql);
         }
     } else {
         $sql = "INSERT INTO guests (guest_ip, last_login, bandwidth)\n                    VALUES (" . $ip . ", '" . date('Y-m-d h:i:s') . "', " . $size . ")";
         $conn->execute($sql);
     }
     return false;
 }
Ejemplo n.º 3
0
 public function confirm()
 {
     global $config;
     if ($config['email_verification'] == '0') {
         return true;
     }
     if (isset($_SESSION['uid']) && isset($_SESSION['email'])) {
         if (isset($_SESSION['emailverified']) && $_SESSION['emailverified'] == 'yes') {
             return true;
         }
     }
     $_SESSION['redirect'] = isset($_SERVER['REQUEST_URI']) ? $_SERVER['REQUEST_URI'] : $config['BASE_URL'];
     VRedirect::go($config['BASE_URL'] . '/confirm');
 }
Ejemplo n.º 4
0
    } elseif (strlen($title) > 299) {
        $errors[] = 'Notice title field cannot contain more then 299 characters!';
    } else {
        $notice['title'] = $title;
    }
    if ($category == '0' or $category == '') {
        $errors[] = 'Please select a notice category!';
    } else {
        $notice['category'] = $category;
    }
    if ($content == '') {
        $errors[] = 'Notice content cannot be blank!';
    } else {
        $notice['content'] = $content;
    }
    if (!$errors) {
        $sql = "SELECT UID FROM signup WHERE username = '******' LIMIT 1";
        $rs = $conn->execute($sql);
        $uid = $rs->fields['UID'];
        $sql = "INSERT INTO notice (UID, category, title, content, addtime, adddate)\n                   VALUES (" . intval($uid) . ", " . intval($category) . ", '" . mysql_real_escape_string($title) . "',\n                           '" . mysql_real_escape_string($content) . "', " . time() . ", '" . date('Y-m-d') . "')";
        $conn->execute($sql);
        $_SESSION['message'] = 'Notice was successfully added!';
        VRedirect::go($config['BASE_URL'] . '/siteadmin/notices.php?m=list');
    }
}
$sql = "SELECT category_id, name FROM notice_categories\n               WHERE status = '1' ORDER BY name DESC";
$rs = $conn->execute($sql);
$categories = $rs->getrows();
$editor->set_code($notice['content']);
$smarty->assign('editor_wysiswyg', $editor->return_editor('100%', 350));
$smarty->assign('categories', $categories);
Ejemplo n.º 5
0
            $file = $config['BASE_DIR'] . '/media/photos/' . $value['PID'] . '.jpg';
            if (file_exists($file)) {
                @chmod($file, 0777);
                @unlink($file);
            }
            $file = $config['BASE_DIR'] . '/media/photos/tmb/' . $value['PID'] . '.jpg';
            if (file_exists($file)) {
                @chmod($file, 0777);
                @unlink($file);
            }
        }
        $sql = "DELETE FROM photos WHERE AID = " . $aid;
        $conn->execute($sql);
    } else {
        $sql = "SELECT UID FROM signup WHERE username = '******' LIMIT 1";
        $rs = $conn->execute($sql);
        $anon = intval($rs->fields['UID']);
        $sql = "UPDATE albums SET UID = " . $anon . " WHERE AID = " . $aid . " LIMIT 1";
        $conn->execute($sql);
        $sql = "UPDATE signup SET total_albums = total_albums+1 WHERE UID = " . $anon . " LIMIT 1";
        $conn->execute($sql);
    }
    $sql = "UPDATE signup SET total_albums = total_albums-1 WHERE UID = " . $uid . " LIMIT 1";
    $conn->execute($sql);
    $_SESSION['message'] = $lang['album.delete_msg'] . '!';
    header('Location: ' . $config['BASE_URL'] . '/albums');
    die;
}
if (isset($_POST['delete_no'])) {
    VRedirect::go($config['BASE_URL'] . '/albums');
}
Ejemplo n.º 6
0
        $mail->Body = nl2br($body);
        $mail->AddAddress($email);
        $mail->Send();
        $mail->ClearAddresses();
        $sql = "SELECT email_subject, email_path FROM emailinfo\n                           WHERE email_id = 'welcome' LIMIT 1";
        $rs = $conn->execute($sql);
        $email_subject = str_replace('{$site_title}', $config['site_title'], $rs->fields['email_subject']);
        $email_path = $rs->fields['email_path'];
        $body = $smarty->fetch($config['BASE_DIR'] . '/templates/' . $email_path);
        $mail->Subject = $email_subject;
        $mail->AltBody = $body;
        $mail->Body = nl2br($body);
        $mail->AddAddress($email);
        $mail->Send();
        $_SESSION['message'] = $lang['signup.msg'];
        VRedirect::go($config['BASE_URL']);
    }
}
$smarty->assign('errors', $errors);
$smarty->assign('err', $err);
$smarty->assign('messages', $messages);
$smarty->assign('menu', 'home');
$smarty->assign('signup', $signup);
$smarty->assign('self_title', $seo['signup_title']);
$smarty->assign('self_description', $seo['signup_desc']);
$smarty->assign('self_keywords', $seo['signup_keywords']);
$smarty->display('header.tpl');
$smarty->display('errors.tpl');
$smarty->display('messages.tpl');
$smarty->display('signup.tpl');
$smarty->display('footer.tpl');
Ejemplo n.º 7
0
    $sql = "SELECT VID FROM video WHERE VID = " . $vid . " LIMIT 1";
    $conn->execute($sql);
    if ($conn->Affected_Rows()) {
        $file = $config['BASE_DIR'] . '/media/videos/flv/' . $vid . '.flv';
        if (file_exists($file) && is_file($file) && is_readable($file)) {
            $conn->execute("UPDATE video SET download_num = download_num+1 WHERE VID = " . $vid . " LIMIT 1");
            @ob_end_clean();
            if (ini_get('zlib.output_compression')) {
                ini_set('zlib.output_compression', 'Off');
            }
            header('Content-Type: application/force-download');
            header('Content-Disposition: attachment; filename="' . basename($file) . '"');
            header('Content-Transfer-Encoding: binary');
            header('Accept-Ranges: bytes');
            header('Cache-control: private');
            header('Pragma: private');
            header('Expires: Mon, 26 Jul 1997 05:00:00 GMT');
            header('Content-Length: ' . filesize($file));
            readfile($file);
            exit;
        } else {
            VRedirect::go($config['BASE_URL'] . '/error');
        }
    } else {
        VRedirect::go($config['BASE_URL'] . '/error');
    }
} else {
    $_SESSION['error'] = $lang['download.error'];
    VRedirect::go($config['BASE_URL'] . '/signup');
}
die;
Ejemplo n.º 8
0
     $suids = array();
     foreach ($subscriptions as $subscription) {
         $suids[] = $subscription['UID'];
     }
     $sql_add = " AND PREFIX.UID IN (" . implode(",", $suids) . ")";
 } else {
     $sql = "SELECT UID FROM signup WHERE username = '******' LIMIT 1";
     $rs = $conn->execute($sql);
     if (!$conn->Affected_Rows() === 1) {
         VRedirect::go($config['BASE_URL'] . '/error/user_missing');
     }
     $UID = intval($rs->fields['UID']);
     $sql = "SELECT SUID FROM video_subscribe WHERE UID = " . $uid . " AND SUID = " . $UID . " LIMIT 1";
     $conn->execute($sql);
     if (!$conn->Affected_Rows() === 1) {
         VRedirect::go($config['BASE_URL'] . '/error');
     }
     $sql_add = " AND PREFIX.UID = " . $UID;
 }
 $total_feeds = 0;
 if ($table == 'videos' || $table == 'all') {
     $video_approve = $config['approve'] == '1' ? " AND v.active = '1'" : NULL;
     $sql_count_videos = "SELECT COUNT(v.VID) AS total_videos\n                           FROM video AS v\n                           WHERE v.type = 'public'" . $video_approve . str_replace('PREFIX', 'v', $sql_add);
     $rs = $conn->execute($sql_count_videos);
     $total_videos = $rs->fields['total_videos'];
     $total_feeds = $total_feeds + $total_videos;
     $pagination = new Pagination(10);
     $limit = $pagination->getLimit($total_videos);
     $sql_videos = "SELECT v.VID, v.title, v.addtime, s.username\n                           FROM video AS v, signup AS s\n                           WHERE v.type = 'public'\n                           AND v.UID = s.UID" . $video_approve . str_replace('PREFIX', 'v', $sql_add) . "\n                           ORDER BY v.VID DESC LIMIT " . $limit;
     $rs = $conn->execute($sql_videos);
     $videos = $rs->getrows();
Ejemplo n.º 9
0
<?php

define('_VALID', true);
require 'include/config.php';
require 'include/function_global.php';
require 'include/function_smarty.php';
$vid = intval($_GET['id']);
if (isset($vid)) {
    $sql = "SELECT server, ipod_filename FROM video WHERE VID = '" . mysql_real_escape_string($vid) . "' AND active = '1' LIMIT 1";
    $rs = $conn->execute($sql);
    if ($conn->Affected_Rows() == 1) {
        $server = $rs->fields['server'];
        $mobile_filename = $rs->fields['ipod_filename'];
    }
}
if ($mobile_filename) {
    if ($config['multi_server'] == '1' && $server != '') {
        $MOBILE_URL = $server . '/iphone/' . $mobile_filename;
    } else {
        $MOBILE_URL = $config['BASE_URL'] . '/media/videos/iphone/' . $mobile_filename;
    }
} else {
    $MOBILE_URL = $config['BASE_URL'] . '/media/videos/iphone/no-video.mp4';
}
VRedirect::go($MOBILE_URL);
die;
Ejemplo n.º 10
0
define('_VALID', true);
define('_ADMIN', true);
include '../include/config.php';
$err = NULL;
$msg = NULL;
if (isset($_POST['submit_login'])) {
    $username = trim($_POST['username']);
    $password = trim($_POST['password']);
    if ($username == '' or $password == '') {
        $err = 'Please provide a username and password!';
    } else {
        if ($username == $config['admin_name'] && $password == $config['admin_pass']) {
            $_SESSION['AUID'] = $config['admin_name'];
            $_SESSION['APASSWORD'] = $config['admin_pass'];
            VRedirect::go($config['BASE_URL'] . '/siteadmin/index.php');
        } else {
            $err = 'Invalid username and/or password!';
        }
    }
}
if (isset($_POST['submit_forgot'])) {
    if (!isset($_SESSION['email_forgot'])) {
        $_SESSION['email_forgot'] = 1;
    }
    if ($_SESSION['email_forgot'] == 3) {
        $err = 'Please try again later!';
    }
    if ($err == '') {
        require '../classes/email.class.php';
        $mail = new VMail();
Ejemplo n.º 11
0
$is_friend = true;
if ($album['type'] == 'private') {
    $UID = isset($_SESSION['uid']) ? intval($_SESSION['uid']) : NULL;
    if ($UID) {
        if ($UID != $album['UID']) {
            $sql = "SELECT FID FROM friends \n                    WHERE ((UID = " . $uid . " AND FID = " . $UID . ")\n                    OR (UID = " . $UID . " AND FID = " . $uid . "))\n                    AND status = 'Confirmed'\n                    LIMIT 1";
            $conn->execute($sql);
            if ($conn->Affected_Rows() == 0) {
                $is_friend = false;
            }
        }
    } else {
        $is_friend = false;
    }
}
$ids = array();
$sql = "SELECT PID, caption FROM photos WHERE AID = " . $aid . " AND status = '1' ORDER BY PID ASC";
$rs = $conn->execute($sql);
$photos = $rs->getrows();
if ($conn->Affected_Rows() === 1) {
    VRedirect::go($config['BASE_URL'] . '/photo/' . $photos['0']['PID']);
} else {
    foreach ($photos as $photo) {
        $ids[] = $photo['PID'];
    }
    $ids = 'var ids = new Array(' . implode(',', $ids) . ');';
}
$smarty->assign('slider', true);
$smarty->assign('photos', $photos);
$smarty->assign('ids', $ids);
$smarty->assign('is_friend', $is_friend);
Ejemplo n.º 12
0
<?php

defined('_VALID') or die('Restricted Access!');
require $config['BASE_DIR'] . '/classes/auth.class.php';
require $config['BASE_DIR'] . '/classes/filter.class.php';
Auth::check();
$uid = intval($_SESSION['uid']);
if (isset($_POST['delete_yes']) && $_POST['delete_yes'] == 'Yes') {
    $sql = "DELETE FROM blog WHERE UID = " . $uid . " AND BID = " . $bid . " LIMIT 1";
    $conn->execute($sql);
    if ($conn->Affected_Rows() == 1) {
        $_SESSION['message'] = $lang['blog.delete_msg'];
        VRedirect::go($config['BASE_URL'] . '/user/' . $username . '/blog');
    } else {
        $errors[] = $lang['blog.delete_err'];
    }
}
if (isset($_POST['delete_no']) && $_POST['delete_no'] == 'No') {
    VRedirect::go($config['BASE_URL'] . '/user/' . $username . '/blog');
}
$smarty->assign('blog', $blog);
Ejemplo n.º 13
0
Archivo: add.php Proyecto: ecr007/pr0n
    } else {
        $sql = "SELECT CHID FROM channel WHERE name = '" . mysql_real_escape_string($name) . "' LIMIT 1";
        $conn->execute($sql);
        if ($conn->Affected_Rows() > 0) {
            $errors[] = 'Category name \'' . htmlspecialchars($name, ENT_QUOTES, 'UTF-8') . ' is already used. Please choose another name!';
        } else {
            $channel['name'] = $name;
        }
    }
    if ($_FILES['picture']['tmp_name'] == '') {
        $errors[] = 'Please provide a category image!';
    }
    if (!$errors) {
        $sql = "INSERT INTO channel (name) VALUES ('" . mysql_real_escape_string($name) . "')";
        $conn->execute($sql);
        $chid = $conn->Insert_ID();
        require $config['BASE_DIR'] . '/classes/image.class.php';
        $image = new VImageConv();
        $image->process($_FILES['picture']['tmp_name'], $chimg . '/' . $chid . '.jpg', 'MAX_WIDTH', 140, 105);
        $image->canvas(140, 105, '000000', true);
        if ($errors) {
            $sql = "DELETE FROM channel WHERE CHID = '" . mysql_real_escape_string($chid) . "' LIMIT 1";
            $conn->execute($sql);
        }
    }
    if (!$errors) {
        $msg = 'Category Successfuly added!';
        VRedirect::go('channels.php?msg=' . $msg);
    }
}
$smarty->assign('channel', $channel);
Ejemplo n.º 14
0
$self_keywords = implode(', ', $video['keyword']) . $seo['video_keywords'];
if (is_numeric($new_permisions['bandwidth']) && $new_permisions['bandwidth'] != '-1') {
    $user_limit_bandwidth = $new_permisions['bandwidth'];
    $remote_ip = ip2long($remote_ip);
    require $config['BASE_DIR'] . '/classes/bandwidth.class.php';
    $guest_limit = VBandwidth::check($remote_ip, intval($video['space']));
}
if ($new_permisions['watch_normal_videos'] == 0) {
    // nu are voie sa vada filme normale
    if ($type_of_user == 'guest') {
        $_SESSION['error'] = 'You need to register in order to watch videos';
        VRedirect::go($config['BASE_URL'] . '/signup');
    } elseif ($type_of_user == 'free') {
        VRedirect::go($config['BASE_URL'] . '/error/free_watch_permission');
    } elseif ($type_of_user == 'premium') {
        VRedirect::go($config['BASE_URL'] . '/error/premium_watch_permission');
    }
}
$smarty->assign('errors', $errors);
$smarty->assign('messages', $messages);
$smarty->assign('menu', 'videos');
$smarty->assign('submenu', '');
$smarty->assign('view', true);
$smarty->assign('autoheight', $autoheight);
$smarty->assign('player_width', $player_width);
$smarty->assign('video_width', $video_width);
$smarty->assign('video_height', $video_height);
$smarty->assign('embed_width', $embed_width);
$smarty->assign('embed_auto_height', $embed_auto_height);
$smarty->assign('hd', $hd);
$smarty->assign('video', $video);
Ejemplo n.º 15
0
    } else {
        $sql = "SELECT category_id FROM game_categories\n                       WHERE category_name = '" . mysql_real_escape_string($name) . "' LIMIT 1";
        $conn->execute($sql);
        if ($conn->Affected_Rows() > 0) {
            $errors[] = 'Category name \'' . htmlspecialchars($name, ENT_QUOTES, 'UTF-8') . ' is already used. Please choose another name!';
        } else {
            $channel['name'] = $name;
        }
    }
    if ($_FILES['picture']['tmp_name'] == '') {
        $errors[] = 'Please provide a category image!';
    }
    if (!$errors) {
        $sql = "INSERT INTO game_categories (category_name) VALUES ('" . mysql_real_escape_string($name) . "')";
        $conn->execute($sql);
        $chid = $conn->Insert_ID();
        require $config['BASE_DIR'] . '/classes/image.class.php';
        $image = new VImageConv();
        $image->process($_FILES['picture']['tmp_name'], $chimg . '/' . $chid . '.jpg', 'MAX_WIDTH', 384, 216);
        $image->canvas(384, 216, '000000', true);
        if ($errors) {
            $sql = "DELETE FROM game_categories WHERE category_id = '" . mysql_real_escape_string($chid) . "' LIMIT 1";
            $conn->execute($sql);
        }
    }
    if (!$errors) {
        $msg = 'Category Successfuly added!';
        VRedirect::go('channels.php?m=listgame&msg=' . $msg);
    }
}
$smarty->assign('channel', $channel);
Ejemplo n.º 16
0
                break;
            case 'duration':
                if (file_exists($config['HD_DIR'] . '/' . $VID . '.mp4')) {
                    $duration = get_video_duration($config['HD_DIR'] . '/' . $VID . '.mp4', $VID);
                } elseif (file_exists($config['FLV_DIR'] . '/' . $VID . '.flv')) {
                    $duration = get_video_duration($config['FLV_DIR'] . '/' . $VID . '.flv', $VID);
                } elseif (file_exists($config['FLV_DIR'] . '/' . $VID . '.mp4')) {
                    $duration = get_video_duration($config['FLV_DIR'] . '/' . $VID . '.mp4', $VID);
                } else {
                    $duration = get_video_duration($config['IPHONE_DIR'] . '/' . $VID . '.mp4', $VID);
                }
                $sql = "UPDATE video SET duration = " . $duration . " WHERE VID = " . $VID . " LIMIT 1";
                $conn->execute($sql);
                $_SESSION['message'] = 'Duration regenerated successfuly!';
                $remove = '&=duration&VID=' . $VID;
                VRedirect::go('videos.php?m=' . $module_keep . '&page=' . $page);
                break;
        }
    } else {
        $err = 'Invalid video id. Video does not exist!?';
    }
}
$query = constructQuery($module_keep);
$sql = $query['count'];
$rs = $conn->execute($sql);
$total_videos = $rs->fields['total_videos'];
$pagination = new Pagination($query['page_items']);
$limit = $pagination->getLimit($total_videos);
$paging = $pagination->getAdminPagination($remove);
$sql = $query['select'] . " LIMIT " . $limit;
$rs = $conn->execute($sql);
Ejemplo n.º 17
0
defined('_VALID') or die('Restricted Access!');
$access = true;
if ($config['private_msgs'] == 'friends') {
    $sql = "SELECT FID FROM friends WHERE UID = " . $uid . " LIMIT 1";
    $conn->execute($sql);
    if ($conn->Affected_Rows() != 1) {
        $access = false;
        $_URL = $config['BASE_URL'] . '/error/private_messages_friends';
    }
} elseif ($config['private_msgs'] == 'disabled') {
    $access = false;
    $_URL = $config['BASE_URL'] . '/error/private_messages_disabled';
}
if (!$access) {
    VRedirect::go($_URL);
}
require $config['BASE_DIR'] . '/classes/filter.class.php';
require $config['BASE_DIR'] . '/classes/validation.class.php';
$filter = new VFilter();
$subject = $filter->get('s', 'STRING', 'GET');
$compose = array('receiver' => '', 'friend' => '', 'subject' => $subject, 'body' => '', 'save_outbox' => 1, 'send_self' => 0);
if (isset($query['1']) && $query['1'] != '') {
    $valid = new VValidation();
    if ($valid->usernameExists($query['1'])) {
        $compose['receiver'] = $query['1'];
    }
}
if (isset($_POST['send_mail'])) {
    $valid = new VValidation();
    $receiver = $filter->get('receiver');
Ejemplo n.º 18
0
    VRedirect::go($config['BASE_URL'] . '/error/user_missing');
}
$user = $rs->getrows();
$user = $user['0'];
$username = strtoupper($user['username']);
$module = NULL;
$modules = array('default', 'video', 'photo', 'game');
$request = isset($_SERVER['REQUEST_URI']) ? $_SERVER['REQUEST_URI'] : NULL;
$request = isset($_SERVER['QUERY_STRING']) ? str_replace('?' . $_SERVER['QUERY_STRING'], '', $request) : $request;
$query = explode('/', $request);
if (is_array($query)) {
    foreach ($query as $key => $value) {
        if ($value == 'upload') {
            $module = isset($query[$key + 1]) ? $query[$key + 1] : 'default';
            if (!in_array($module, $modules)) {
                VRedirect::go($config['BASE_URL'] . '/error/missing');
            }
        }
    }
}
function getAnonymousUID()
{
    global $conn;
    $sql = "SELECT UID FROM signup WHERE username = '******' LIMIT 1";
    $rs = $conn->execute($sql);
    return intval($rs->fields['UID']);
}
if ($module == 'default') {
    $module_template = 'upload.tpl';
} else {
    $module_template = 'upload_' . $module . '.tpl';
Ejemplo n.º 19
0
    $errors[] = $_SESSION['error'];
    unset($_SESSION['error']);
}
$remote_ip = isset($_SERVER['REMOTE_ADDR']) && long2ip(ip2long($_SERVER['REMOTE_ADDR'])) ? $_SERVER['REMOTE_ADDR'] : NULL;
if (isset($_SESSION['uid'])) {
    $sid = intval($_SESSION['uid']);
    if ($remote_ip) {
        $sql = "UPDATE signup SET user_ip = '" . mysql_real_escape_string($remote_ip) . "' WHERE UID = " . $sid . " LIMIT 1";
        $conn->execute($sql);
    }
}
if ($remote_ip) {
    $sql = "SELECT ban_id FROM bans WHERE ban_ip = '" . mysql_real_escape_string($remote_ip) . "' LIMIT 1";
    $conn->execute($sql);
    if ($conn->Affected_Rows() > 0) {
        VRedirect::go($config['BASE_URL'] . '?msg=You are banned from this site!');
    }
}
if ($config['user_remember'] == '1') {
    Remember::check();
}
require 'smarty.php';
if ($config['submenu_tag_scroller'] == '1') {
    $tags = array();
    $sql = "SELECT keyword FROM video WHERE active = '1' ORDER BY viewnumber LIMIT 10";
    $rs = $conn->execute($sql);
    $rows = $rs->getrows();
    foreach ($rows as $row) {
        $tag_arr = explode(' ', $row['keyword']);
        foreach ($tag_arr as $tag) {
            if (strlen($tag) > 3 && !in_array($tag, $tags)) {
Ejemplo n.º 20
0
            $image->process($avatar_tmp, $dst, 'MAX_HEIGHT', 240, 200);
            $image->resize(true);
            if (file_exists($dst) && filesize($dst) > 100) {
                $_SESSION['message'] = $lang['user.avatar_upload_msg'];
                $_SESSION['uploaded'] = true;
                VRedirect::go($config['BASE_URL'] . '/user/avatar');
            }
        }
    }
}
if (isset($_POST['avatar_crop_submit'])) {
    $filter = new VFilter();
    $x = $filter->get('x1', 'INTEGER');
    $y = $filter->get('y1', 'INTEGER');
    $width = $filter->get('width', 'INTEGER');
    $height = $filter->get('height', 'INTEGER');
    $uid = $user['UID'];
    $src = $config['BASE_DIR'] . '/media/users/orig/' . $uid . '.jpg';
    $dst = $config['BASE_DIR'] . '/media/users/' . $uid . '.jpg';
    $image = new VImageConv();
    $image->process($src, $dst, 'EXACT', 100, 120);
    $image->crop($x, $y, $width, $height, true);
    if (file_exists($dst) && filesize($dst) > 100) {
        $sql = "UPDATE signup SET photo = '" . intval($user['UID']) . ".jpg' WHERE UID = " . intval($uid) . " LIMIT 1";
        $conn->execute($sql);
        $_SESSION['message'] = $lang['user.avatar_crop_msg'];
        VRedirect::go($config['BASE_URL'] . '/user/avatar');
    }
}
$smarty->assign('crop', $crop);
$smarty->assign('uploaded', $uploaded);
Ejemplo n.º 21
0
<?php

defined('_VALID') or die('Restricted Access!');
require $config['BASE_DIR'] . '/classes/auth.class.php';
$auth = new Auth();
$auth->check();
// we dont cache anything here...needed for the album avatar update!
header('Expires: Mon, 26 Jul 1997 05:00:00 GMT');
header('Cache-Control: no-store, no-cache, must-revalidate');
header('Cache-Control: post-check=0, pre-check=0', false);
header('Pragma: no-cache');
if (isset($_SESSION['uid']) && $uid != $_SESSION['uid']) {
    VRedirect::go($config['BASE_URL'] . '/error/album_permission');
}
if (isset($_POST['submit_album_edit'])) {
    require $config['BASE_DIR'] . '/classes/filter.class.php';
    require $config['BASE_DIR'] . '/classes/image.class.php';
    $filter = new VFilter();
    $name = $filter->get('album_name');
    $category = $filter->get('album_category');
    $tags = $filter->get('album_tags');
    $type = $filter->get('album_type');
    $x = $filter->get('x1', 'INTEGER');
    $y = $filter->get('y1', 'INTEGER');
    $width = $filter->get('width', 'INTEGER');
    $height = $filter->get('height', 'INTEGER');
    $pid = $filter->get('photo', 'INTEGER');
    $random = $filter->get('random');
    if ($width < 50 || $width > 580 || $height != $width) {
        $x = $filter->get('x1-i', 'INTEGER');
        $y = $filter->get('y1-i', 'INTEGER');
Ejemplo n.º 22
-1
<?php

define('_VALID', true);
require 'include/config.php';
require 'include/function_global.php';
require 'include/function_smarty.php';
require 'classes/pagination.class.php';
if ($config['game_module'] == '0') {
    VRedirect::go($config['BASE_URL'] . '/error/page_invalid');
}
$sql = "SELECT * FROM game_categories WHERE status = '1' ORDER BY category_name ASC";
$rs = $conn->execute($sql);
$categories = $rs->getrows();
$type = isset($_GET['type']) && ($_GET['type'] == 'private' or $_GET['type'] == 'public') ? $_GET['type'] : NULL;
$category = isset($_GET['c']) ? intval($_GET['c']) : 0;
$orders = array('bp', 'mr', 'mp', 'tr', 'md', 'tf');
$order = isset($_GET['o']) && in_array($_GET['o'], $orders) ? $_GET['o'] : 'bp';
$timeframes = array('t', 'w', 'm', 'a');
$timeframe = isset($_GET['t']) && in_array($_GET['t'], $timeframes) ? $_GET['t'] : 'a';
$sql_add = NULL;
$sql_add_count = NULL;
$sql_delim = ' WHERE ';
$title_t = NULL;
$title_c = NULL;
$title_o = NULL;
$title_p = NULL;
if ($type != '') {
    $title_p = ' ' . ucfirst($type == 'private' ? $lang['global.private'] : $lang['global.public']);
    $sql_add = $sql_delim . " type = '" . $type . "'";
    $sql_add_count = $sql_delim . " type = '" . $type . "'";
    $sql_delim = ' AND';
Ejemplo n.º 23
-1
<?php

define('_VALID', true);
require 'include/config.php';
require 'include/function_global.php';
require 'include/function_smarty.php';
require 'classes/filter.class.php';
require 'classes/pagination.class.php';
$filter = new VFilter();
$search_query = $filter->get('search_query', 'STRING', 'GET');
$search_type = $filter->get('search_type', 'STRING', 'GET');
$search_types = array('videos', 'photos', 'users', 'games');
if (!in_array($search_type, $search_types)) {
    VRedirect::go($config['BASE_URL'] . '/error/invalid_search_type');
}
$module = 'modules/search/' . $search_type . '.php';
$module_template = 'search_' . $search_type . '.tpl';
require $module;
$self_title = strtoupper($search_type) . " - " . str_replace('{#search_query#}', $search_query, $seo['search_title']);
$smarty->assign('errors', $errors);
$smarty->assign('messages', $messages);
$smarty->assign('menu', 'home');
$smarty->assign('search_query', $search_query);
$smarty->assign('search_type', $search_type);
$smarty->assign('self_title', $self_title);
$smarty->assign('self_description', $seo['search_desc']);
$smarty->assign('self_keywords', $seo['search_keywords']);
$smarty->display('header.tpl');
$smarty->display('errors.tpl');
$smarty->display('messages.tpl');
$smarty->display($module_template);
Ejemplo n.º 24
-1
<?php

define('_VALID', true);
require 'include/config.php';
require 'include/function_global.php';
require 'include/function_smarty.php';
require 'include/function_notice.php';
require 'classes/pagination.class.php';
$NID = get_request_arg('notice');
if (!$NID) {
    VRedirect::go($config['BASE_URL'] . '/error');
}
$sql = "SELECT n.NID, n.UID, n.title, n.content, n.total_comments, n.addtime, s.username\n                   FROM notice AS n, signup AS s WHERE status ='1' AND n.UID = s.UID AND n.NID = " . $NID . " LIMIT 1";
$rs = $conn->execute($sql);
if ($conn->Affected_Rows() != 1) {
    VRedirect::go($config['BASE_URL'] . '/error/invalid_notice');
}
$notice = $rs->getrows();
$notice = $notice['0'];
$sql = "UPDATE notice SET total_views = total_views+1 WHERE NID = " . $NID . " LIMIT 1";
$conn->execute($sql);
$sql = "SELECT COUNT(CID) AS total_comments FROM notice_comments WHERE NID = " . $NID . " AND status = '1'";
$rsc = $conn->execute($sql);
$total = $rsc->fields['total_comments'];
$pagination = new Pagination(10);
$limit = $pagination->getLimit($total);
$sql = "SELECT c.CID, c.UID, c.comment, c.addtime, s.username, s.photo, s.gender\n                   FROM notice_comments AS c, signup AS s \n                   WHERE c.NID = " . $NID . " AND c.status = '1' AND c.UID = s.UID\n                   ORDER BY c.addtime DESC LIMIT " . $limit;
$rs = $conn->execute($sql);
$comments = $rs->getrows();
$page_link = $pagination->getPagination('notice/' . $NID, 'p_notice_comments_' . $NID . '_');
$page_link_b = $pagination->getPagination('notice/' . $NID, 'pp_notice_comments_' . $NID . '_');
Ejemplo n.º 25
-2
    }
    if ($content == '') {
        $errors[] = $lang['blog.edit_content_empty'];
        $err['content'] = 1;
    } elseif (strlen($content) > 3000) {
        $errors[] = $lang['blog.edit_content_big'];
        $err['title'] = 1;
    } else {
        $blog_content = $content;
    }
    if (!$errors) {
        $content = strip_tags($content);
        $sql = "UPDATE blog SET title = '" . mysql_real_escape_string($blog_title) . "', \n                                       content = '" . mysql_real_escape_string($content) . "'\n                       WHERE BID = " . $bid . " AND UID = " . $uid . " LIMIT 1";
        $conn->execute($sql);
        $_SESSION['message'] = 'Blog was sucessfully updated!';
        VRedirect::go($config['BASE_URL'] . '/blog/' . $bid);
    }
}
$sql = "SELECT title, content FROM blog WHERE BID = " . $bid . " LIMIT 1";
$rs = $conn->execute($sql);
$blog_title = $rs->fields['title'];
$blog_base_url = str_replace('/', '\\/', $config['BASE_URL']);
$blog_content = $rs->fields['content'];
$sql = "SELECT * FROM signup WHERE UID = " . $uid . " LIMIT 1";
$rs = $conn->execute($sql);
$user = $rs->getrows();
$user = $user['0'];
$smarty->assign('editor', true);
$smarty->assign('bid', $bid);
$smarty->assign('blog_title', $blog_title);
$smarty->assign('blog_content', $blog_content);