if (!$access) {
VRedirect::go($_URL);
}
require $config['BASE_DIR'] . '/classes/filter.class.php';
require $config['BASE_DIR'] . '/classes/validation.class.php';
$filter = new VFilter();
$subject = $filter->get('s', 'STRING', 'GET');
$compose = array('receiver' => '', 'friend' => '', 'subject' => $subject, 'body' => '', 'save_outbox' => 1, 'send_self' => 0);
if (isset($query['1']) && $query['1'] != '') {
$valid = new VValidation();
if ($valid->usernameExists($query['1'])) {
$compose['receiver'] = $query['1'];
}
}
if (isset($_POST['send_mail'])) {
$valid = new VValidation();
$receiver = $filter->get('receiver');
$friend = $filter->get('receiver_friend');
$subject = $filter->get('subject');
$body = $filter->process(trim($_POST['body']), array('a'), array('href'));
if ($receiver == '') {
if ($friend != '') {
if (!$valid->usernameExists($friend)) {
$errors[] = translate('mail.compose_user_invalid', $config['site_name']);
} else {
$sql = "SELECT UID FROM signup WHERE username = '******' LIMIT 1";
$rs = $conn->execute($sql);
$fuid = intval($rs->fields['UID']);
$sql = "SELECT UID FROM friends WHERE UID = " . $uid . " AND FID = " . $fuid . " AND status = 'Confirmed' LIMIT 1";
$conn->execute($sql);
if ($conn->Affected_Rows() === 1) {
$countries_twocode = $country->twocountry;
$countries = array();
foreach ($countries_twocode as $code => $value) {
$countries[] = $value;
}
$user = array();
$UID = isset($_GET['UID']) && is_numeric($_GET['UID']) ? intval(trim($_GET['UID'])) : NULL;
if (!$UID) {
$errors[] = 'Invalid user ID!';
}
if (!$errors) {
if (isset($_POST['edit_user'])) {
require $config['BASE_DIR'] . '/classes/filter.class.php';
require $config['BASE_DIR'] . '/classes/validation.class.php';
$filter = new VFilter();
$valid = new VValidation();
$email = $filter->get('email');
$fname = $filter->get('fname');
$lname = $filter->get('lname');
$town = $filter->get('town');
$city = $filter->get('city');
$zip = $filter->get('zip');
$aboutme = $filter->get('aboutme');
$fav_movies = $filter->get('fav_movie_show');
$fav_music = $filter->get('fav_music');
$fav_books = $filter->get('fav_book');
$occupation = $filter->get('occupation');
$interests = $filter->get('interest_hobby');
$company = $filter->get('company');
$school = $filter->get('school');
$website = $filter->get('website');
}
if ($_SESSION['captcha_code'] != strtoupper($code)) {
$errors[] = $lang['global.verif_invalid'];
}
if ($message == '') {
$errors[] = $lang['global.message_empty'];
} elseif (strlen($message) > 999) {
$errors[] = translate($lang['global.message_length'], '999');
} else {
$invite['message'] = $message;
}
if (!$emails) {
$errors[] = $lang['invite.emails_empty'];
}
if (!$errors) {
$valid = new VValidation();
$index = 0;
foreach ($emails as $email) {
if (!$valid->email($email)) {
$emails[$index] = '';
}
++$index;
}
if (!$emails) {
$errors[] = $lang['invite.emails_invalid'];
}
if (!$errors) {
$sql = "SELECT email_subject, email_path FROM emailinfo\n WHERE email_id = 'invite_friends_email' LIMIT 1";
$rs = $conn->execute($sql);
$email_subject = str_replace('{$sender_name}', $name, $rs->fields['email_subject']);
$email_path = $rs->fields['email_path'];
<?php
defined('_VALID') or die('Restricted Access!');
Auth::checkAdmin();
require_once 'editor_files/editor_functions.php';
require_once 'editor_files/config.php';
require_once 'editor_files/editor_class.php';
$editor = new wysiwygPro();
$editor->usexhtml(true);
$notice = array('username' => '', 'title' => '', 'category' => '', 'content' => '');
if (isset($_POST['submit_add_notice'])) {
require $config['BASE_DIR'] . '/classes/filter.class.php';
require $config['BASE_DIR'] . '/classes/validation.class.php';
$filter = new VFilter();
$valid = new VValidation();
$username = $filter->get('username');
$title = $filter->get('title');
$content = trim($_POST['htmlCode']);
$category = $filter->get('category', 'INTEGER');
if ($username == '') {
$errors[] = 'Username field cannot be blank!';
} elseif (!$valid->usernameExists($username)) {
$errors[] = 'Username does not exist!';
} else {
$notice['username'] = $username;
}
if ($title == '') {
$errors[] = 'Notice title field cannot be blank!';
} elseif (strlen($title) > 299) {
$errors[] = 'Notice title field cannot contain more then 299 characters!';
} else {
// we're just displaying a congratulatory message.
// echo "Congratulations: you are a human!";
} else {
// This happens if the user does not pass the game.
// echo "Sorry, but we were not able to verify you as human. Please try again.";
$errors[] = $lang['signup.captcha'];
$err['captcha'] = 1;
}
}
$areyh = $ayah->getPublisherHTML();
$smarty->assign('areyh', $areyh);
}
$signup = array('username' => '', 'email' => '', 'age' => '', 'terms' => '', 'gender' => '');
if (isset($_POST['submit_signup'])) {
$filter = new VFilter();
$valid = new VValidation();
$username = $filter->get('username');
$password = $filter->get('password');
$password_confirm = $filter->get('password_confirm');
$email = $filter->get('email');
$vcode = $filter->get('verification');
$age = $filter->get('age');
$terms = $filter->get('terms');
$gender = $filter->get('gender');
if ($username == '') {
$errors[] = $lang['signup.username_empty'];
$err['username'] = 1;
} elseif (strlen($username) > 15) {
$errors[] = $lang['signup.username_length'];
$err['username'] = 1;
} elseif (!$valid->username($username)) {
$birth_month = date("m", strtotime($bday));
$birth_day = date("d", strtotime($bday));
$birth_year = date("Y", strtotime($bday));
$sql_add = NULL;
if ($password != '') {
if ($password != $password_confirm) {
$errors[] = $lang['signup.password_mismatch'];
$err['password'] = 1;
} else {
$password = md5($password);
$sql_add .= ", pwd = '" . mysql_real_escape_string($password) . "'";
}
}
if ($birth_month != '' && $birth_day != '' && $birth_year != '') {
require $config['BASE_DIR'] . '/classes/validation.class.php';
$valid = new VValidation();
if (!$valid->date($birth_month, $birth_day, $birth_year)) {
$errors[] = $lang['user.birthdate_invalid'];
$err['bday'] = 1;
} else {
$birth_date = $birth_year . '-' . $birth_month . '-' . $birth_day;
$sql_add .= ", bdate = '" . mysql_real_escape_string($birth_date) . "'";
}
}
if (!$errors) {
$sql = "UPDATE signup SET fname = '" . mysql_real_escape_string($fname) . "', lname = '" . mysql_real_escape_string($lname) . "',\n gender = '" . mysql_real_escape_string($gender) . "', relation = '" . mysql_real_escape_string($relation) . "',\n interested = '" . mysql_real_escape_string($interested) . "', website = '" . mysql_real_escape_string($website) . "',\n town = '" . mysql_real_escape_string($town) . "', city = '" . mysql_real_escape_string($city) . "',\n country = '" . mysql_real_escape_string($country) . "', aboutme = '" . mysql_real_escape_string($aboutme) . "',\n fav_movie_show = '" . mysql_real_escape_string($fav_movie_show) . "', fav_music = '" . mysql_real_escape_string($fav_music) . "',\n fav_book = '" . mysql_real_escape_string($fav_book) . "', turnon = '" . mysql_real_escape_string($turnon) . "',\n turnoff = '" . mysql_real_escape_string($turnoff) . "', occupation = '" . mysql_real_escape_string($occupation) . "',\n company = '" . mysql_real_escape_string($company) . "', school = '" . mysql_real_escape_string($school) . "',\n interest_hobby = '" . mysql_real_escape_string($interest_hobby) . "'" . $sql_add . "\n WHERE username = '******' LIMIT 1";
$conn->execute($sql);
$messages[] = 'Profile was successfully updated!';
}
}
$sql = "SELECT fname, lname, bdate, relation, interested, town, city, country, occupation, company, school,\n aboutme, interest_hobby, fav_movie_show, fav_music, fav_book, turnon, turnoff, website\n FROM signup WHERE username = '******' LIMIT 1";
$from = $filter->get('from');
$to = $filter->get('to');
$message = $filter->get('message');
$from = ereg_replace('[^ 0-9a-zA-Z,@.]', '', $from);
$to = ereg_replace('[^ 0-9a-zA-Z,@.]', '', $to);
$to = str_replace(',', '', $to);
$to = preg_replace('/\\s\\s+/', ' ', $to);
$to = str_replace("\r", '', $to);
$to = str_replace("\n", '', $to);
$to = explode(' ', $to);
if (!$to) {
$data['msg'] = $lang['ajax.share_recipient'];
} else {
$emails = array();
$users = array();
$valid = new VValidation();
foreach ($to as $key => $value) {
if ($valid->email($value)) {
$emails[] = $value;
} elseif ($valid->usernameExists($value)) {
$users[] = $value;
}
}
if ($users) {
$sql_add = array();
foreach ($users as $user) {
$sql_add[] = "'" . mysql_real_escape_string($user) . "'";
}
$sql = "SELECT email FROM signup WHERE username IN (" . implode(',', $sql_add) . ")";
$rs = $conn->execute($sql);
$users_emails = $rs->getrows();
<?php
define('_VALID', true);
require 'include/config.php';
require 'classes/auth.class.php';
require 'include/function_global.php';
require 'include/function_smarty.php';
require 'classes/pagination.class.php';
require 'classes/validation.class.php';
Auth::check();
$username = isset($_GET['u']) && VValidation::username($_GET['u']) && VValidation::usernameExists($_GET['u']) ? $_GET['u'] : 'all';
$table = isset($_GET['t']) && ctype_alpha($_GET['t']) ? $_GET['t'] : 'all';
$tables_allowed = array('all' => 1, 'videos' => 1, 'games' => 1, 'blogs' => 1, 'albums' => 1, 'photos' => 1);
if ($table != 'all' && !isset($tables_allowed[$table])) {
VRedirect::go($config['BASE_URL'] . '/error');
}
$uid = intval($_SESSION['uid']);
$sql = "SELECT s.UID, u.username\n FROM video_subscribe AS s, signup AS u\n WHERE s.SUID = " . $uid . "\n AND s.UID = u.UID";
$rs = $conn->execute($sql);
$subscriptions = $rs->getrows();
$feeds = array();
$page_link = NULL;
if ($subscriptions) {
$photo_approve = $config['approve_photos'] == '1' ? " AND a.status = '1'" : NULL;
$game_approve = $config['approve_games'] == '1' ? " AND g.status = '1'" : NULL;
$blog_approve = $config['approve_blogs'] == '1' ? " AND b.status = '1'" : NULL;
if ($username == 'all') {
$suids = array();
foreach ($subscriptions as $subscription) {
$suids[] = $subscription['UID'];
}
} elseif (strlen($admin_name) < 5) {
$errors[] = 'Admin name (used for siteadmin login) must be at least 6 characters long!';
}
if ($admin_pass == '') {
$errors[] = 'Admin pass (used for siteadmin login) cannot be blank!';
} elseif (strlen($admin_pass) < 5) {
$errors[] = 'Admin pass (used for siteadmin login) must be at least 6 characters long!';
}
if ($admin_email == '') {
$errors[] = 'Admin email field cannot be blank!';
} elseif (!VValidation::email($admin_email)) {
$errors[] = 'Admin email field is not a valid email address!';
}
if ($noreply_email == '') {
$errors[] = 'Noreply email field cannot be blank!';
} elseif (!VValidation::email($noreply_email)) {
$errors[] = 'Noreply email field is not a valid email address!';
}
if ($approve != '1' && $approve != '0') {
$errors[] = 'Video approve field can only be yes/no!';
}
if ($downloads != '1' && $downloads != '0') {
$errors[] = 'Video downloads field can only be yes/no!';
}
if ($captcha != '1' && $captcha != '0') {
$errors[] = 'Signup captcha field can only be yes/no!';
}
if ($gzip_encoding != '1' && $gzip_encoding != '0') {
$errors[] = 'GZIP Encoding field can only be yes/no!';
}
if ($videos_per_page == '' || $videos_per_page == '0') {
