function inboxFull($user = null) { global $cfg; if (!$user) { $user = $this->to; } return dbCount('pms WHERE owner=' . (int) $user) >= $cfg['pmLimit']; }
if (!empty($_GET['gg'])) { $gg = (int) $_GET['gg']; $param[] = 'gg=' . $gg; $url[] = 'gg=' . $gg; //GG } } #ID Grupy if ($id) { $param[] = 'ID IN (SELECT u FROM ' . PRE . 'groupuser WHERE g=' . $id . ')'; $toURL = 'users/' . $id; } else { $toURL = 'users'; } #Licz $total = dbCount('users' . ($param ? ' WHERE ' . join(' AND ', $param) : '')); #Brak? if ($total < 1) { $view->info($lang['nousers']); return 1; } #Sortowanie if (isset($_GET['sort']) && ctype_alnum($_GET['sort'])) { $sortURL = 'sort=' . $_GET['sort']; switch ($_GET['sort']) { case '1': $sort = 'login'; break; case '3': $sort = 'lvis DESC'; break;
$poll = $db->query('SELECT * FROM ' . PRE . 'polls WHERE access="' . LANG . '" ORDER BY ID DESC LIMIT 1')->fetch(2); #Istnieje? + ID if ($poll) { $id = $poll['ID']; } else { $view->message(22); exit; } #G³osowa³ na... $voted = isset($_COOKIE['voted']) ? explode('o', $_COOKIE['voted']) : array(); #ID u¿ytkownika lub adres IP $u = $poll['ison'] == 3 && UID ? UID : $ip; #Mo¿e g³osowaæ? if (!in_array($poll['ID'], $voted) && $poll['ison'] != 2 && (UID || $poll['ison'] == 1)) { #Je¿eli brak wpisu w bazie, ¿e g³osowa³... if (dbCount('pollvotes WHERE ID=' . $id . ' AND user='******'type'] == 1) { $q = (int) $_POST['vote']; //1 odp. } else { $correct = array(); foreach (array_keys($_POST['vote']) as $key) { if (is_numeric($key)) { $correct[] = $key; } //Wiele odp. } $q = $correct ? join(',', $correct) : 0; } #Aktualizuj try {
foreach ($res as $u) { $mail->addBlindCopy($u[0], $u[1]); } if ($mail->sendTo($_POST['rcpt'], $cfg['mail'])) { $log[] = $lang['msent']; } else { $log[] = $lang['mnsent']; } } $view->info('<ul><li>' . join('</li><li>', $log) . '</li></ul>'); } elseif (isset($_POST['next'])) { $ile = 0; $lv = Prepare($_POST['lv']); $gr = Prepare($_POST['gr']); if ($lv && $gr) { $ile = dbCount('users WHERE mails=1 AND lv IN(' . $lv . ') AND ID IN (SELECT u FROM ' . PRE . 'groupuser WHERE g IN(' . $gr . '))'); } if ($ile == 0) { $view->info($lang['nousnd']); } } #Show form if (isset($_POST['next']) && $ile > 0) { $view->script('./lib/editor.js'); //Edytor $view->script('./cache/emots.js'); //Emotki $view->script(LANG_DIR . 'edit.js'); //Jêzyk $view->add('mailing', array('start' => false, 'cfg' => &$cfg, 'level' => $lv, 'group' => $gr, 'title' => $lang['massl'] . $ile)); }
<div class="row"> <div class="col-md-6"> <div class="box box-default"> <div class="box-header with-border"> <h3 class="box-title">Statistik</h3> <div class="box-tools pull-right"> <button class="btn btn-box-tool" data-widget="collapse"><i class="fa fa-minus"></i></button> </div> </div> <div class="box-body"> <ul class="dashboard-step"> <?php $postCount = dbCount('posts', array('post_type' => 'post')); $pageCount = dbCount('posts', array('post_type' => 'page')); $eventCount = dbCount('posts', array('post_type' => 'event')); ?> <li><i class="fa fa-newspaper-o"></i> <?php echo $postCount; ?> <a href="<?php echo base_url(roleURIUser() . 'content/posts'); ?> "> Berita </a></li> <li><i class="fa fa-file-o"></i> <?php echo $pageCount; ?> <a href="<?php echo base_url(roleURIUser() . 'content/pages'); ?> "> Halaman </a></li>
break; case 11: $if = 'groups WHERE access!=1 AND ID=' . $id; break; case 59: $if = 'pages WHERE access=1 AND ID=' . $id; break; case 15: $if = 'polls WHERE access="' . LANG . '" AND ID=' . $id; break; default: $data = parse_ini_file('./cfg/types.ini', 1); include './cfg/content.php'; $if = isset($data[$type]['comm']) && ($data[$type]['comm'] == 1 || isset($cfg[$data[$type]['comm']])) ? $data[$type]['table'] . ' i INNER JOIN ' . PRE . 'cats c ON i.cat=c.ID WHERE i.access=1 AND c.access!=3 AND c.opt&2 AND i.ID=' . $id : ''; } if (!$if or !dbCount($if)) { $error[] = $lang['c11']; } } } else { if (!admit('CM')) { $error[] = $lang['c11']; #No right to edit comment } $type = null; } #Page title $view->title = $type ? $lang['addComm'] : $lang['c1']; #Init CAPTCHA system if (UID || empty($cfg['captcha']) || isset($_SESSION['human'])) { $noSPAM = false;
if (iCMSa != 1 || !admit('L')) { exit; } require LANG_DIR . 'events.php'; #Delete events if ($_POST && ($x = GetID(true))) { $db->exec('DELETE FROM ' . PRE . 'log WHERE ID IN (' . $x . ')'); event('ERASE'); } #Page number if (isset($_GET['page']) && $_GET['page'] > 1) { $page = $_GET['page']; $st = ($page - 1) * 30; } else { $page = 1; $st = 0; } #Total events $total = dbCount('log'); $event = array(); #Get events - FETCH_ASSOC $res = $db->query('SELECT l.*,u.login FROM ' . PRE . 'log l LEFT JOIN ' . PRE . 'users u ON l.user=u.ID AND l.user!=0 ORDER BY date DESC LIMIT ' . $st . ',30'); $res->setFetchMode(3); #List events foreach ($res as $i) { $event[] = array('id' => $i[0], 'text' => isset($events[$i[1]]) ? $events[$i[1]] : $i[1], 'date' => genDate($i[2], true), 'login' => $i[5], 'ip' => $i[3], 'user' => $i[4] ? url('user/' . urlencode($i[5])) : false); } #Prepare template $view->add('log', array('event' => &$event, 'pages' => pages($page, $total, 30, url('log', '', 'admin'), 1), 'url' => url('log', 'page=' . $page, 'admin')));
<label>Email</label> <input type="text" name="email" class="form-block" required="" value=""/> </div> <div class=""> <label>Komentar</label> <textarea class="form-block" rows="3" name="data" required="" maxlength="400"></textarea> </div><br/> <button type="submit" class="form-block">Kirim</button> <?php echo form_close(); ?> </div> <hr style="border: 1px solid #D3D2D5"/> <?php $s = array('post_id' => $postid, 'comment_status' => 'publish'); if (dbCount('postcomment', $s) > 0) { $dCom = dbGet('postcomment', $s, 'comment_date DESC'); foreach ($dCom as $rCom) { $nama = $rCom->nama; $email = $rCom->email; $comment = $rCom->comment; ?> <div class="comment-item"> <strong class="comment-author"><?php echo $nama; ?> </strong> <blockquote class="comment-data"><?php echo $comment; ?> </blockquote>
$type = (int) $_POST['t'][$i]; $val = clean($_POST['adr'][$i]); } $o[] = array(0 => $_POST['txt'][$i], 1 => $type, 2 => $val, 3 => isset($_POST['nw'][$i]), 4 => $i, 5 => $id); } #Start transaction try { $db->beginTransaction(); #Edit existing if ($id && !isset($_POST['savenew'])) { $q = $db->prepare('UPDATE ' . PRE . 'menu SET text=:text, disp=:disp, menu=:menu, type=:type, img=:img, value=:value WHERE ID=' . $id); $db->exec('DELETE FROM ' . PRE . 'mitems WHERE menu=' . $id); } else { $q = $db->prepare('INSERT INTO ' . PRE . 'menu (seq,text,disp,menu,type,img,value) VALUES (' . (dbCount('menu') + 1) . ',:text,:disp,:menu,:type,:img,:value)'); } $q->execute($m); #Get ID if (!$id or isset($_POST['savenew'])) { $id = $db->lastInsertId(); } #Menu items if ($m['type'] == 3) { #Add menu items $q = $db->prepare('INSERT INTO ' . PRE . 'mitems (text,type,url,nw,seq,menu) VALUES (?,?,?,?,?,?)'); foreach ($o as &$i) { $i[5] = $id; $q->execute($i); } }
function comments($id, $type = 5, $mayPost = true, $url = '') { global $db, $cfg, $view, $URL; #Page division if ($cfg['commNum']) { #Select page if (isset($_GET['page']) && $_GET['page'] > 1) { $page = $_GET['page']; $st = ($page - 1) * $cfg['commNum']; } else { $page = 1; $st = 0; } if (!$url) { $url = url($URL[0] . '/' . $id); } $total = dbCount('comms WHERE TYPE=' . $type . ' AND CID=' . $id); $CP = $total > $cfg['commNum'] ? pages($page, $total, $cfg['commNum'], $url) : null; } else { $total = null; $CP = null; } $comm = array(); #May edit or delete $mayEdit = admit('CM'); $mayDel = $mayEdit || $type == 10 && $id == UID; $comURL = url('comment/'); $modURL = url('moderate/'); $userURL = url('user/'); #Get from database if ($total !== 0) { $res = $db->query('SELECT c.ID,c.access,c.name,c.author,c.ip,c.date,c.UA,c.text,u.login,u.photo,u.mail FROM ' . PRE . 'comms c LEFT JOIN ' . PRE . 'users u ON c.UID!=0 AND c.UID=u.ID WHERE c.TYPE=' . $type . ' AND c.CID=' . $id . ($mayEdit ? '' : ' AND c.access=1') . ($cfg['commSort'] == 2 ? '' : ' ORDER BY c.ID DESC') . ($total ? ' LIMIT ' . $st . ',' . $cfg['commNum'] : '')); $res->setFetchMode(3); #BBCode if (isset($cfg['bbcode'])) { include_once './lib/bbcode.php'; } foreach ($res as $x) { $comm[] = array('text' => nl2br(emots(isset($cfg['bbcode']) ? BBCode($x[7]) : $x[7])), 'date' => genDate($x[5], 1), 'title' => $x[2], 'user' => $x[8] ? $x[8] : $x[3], 'ip' => $mayEdit ? $x[4] : null, 'edit' => $mayEdit ? $comURL . $x[0] : false, 'del' => $mayDel ? $comURL . $x[0] : false, 'agent' => $x[6], 'accept' => $mayEdit && $x[1] != 1 ? $comURL . $x[0] : false, 'findIP' => $mayEdit ? $modURL . $x[4] : false, 'profile' => $x[8] ? $userURL . urlencode($x[8]) : false, 'photo' => empty($cfg['commPhoto']) ? false : ($x[9] ? $x[9] : ($cfg['commPhoto'] == 2 ? PROTO . 'www.gravatar.com/avatar/' . md5(strtolower($x[10])) . '?d=' . $cfg['gdef'] : false))); } $res = null; } #Prepare template $data['comment'] =& $comm; $data['parts'] =& $CP; #Highlight code $data['color'] = isset($cfg['colorCode']); #May comment if (UID || isset($cfg['commGuest'])) { if (empty($_SESSION['post']) or $_SESSION['post'] < $_SERVER['REQUEST_TIME']) { $data['url'] = $comURL . $id . '/' . $type; $_SESSION['CV'][$type][$id] = true; } else { $data['url'] = null; } $data['mustLogin'] = false; } else { $data['mustLogin'] = true; } #Assign to template $view->add('comments', $data); }
if (isset($_GET['page']) && $_GET['page'] > 1) { $page = $_GET['page']; $st = ($page - 1) * 30; } else { $page = 1; $st = 0; } #Search users if (isset($_REQUEST['s']) && $_REQUEST['s']) { $s = str_replace(array('"', '\'', '%'), '', clean($_REQUEST['s'], 30)); $w = ' WHERE login LIKE "' . str_replace('*', '%', $s) . '%"'; } else { $s = $w = ''; } #User number $total = dbCount('users' . $w); $users = array(); #Get users $res = $db->query('SELECT ID,login,lv,adm FROM ' . PRE . 'users' . $w . ' ORDER BY lv DESC, adm DESC, ID DESC LIMIT ' . $st . ',30'); $res->setFetchMode(3); //NUM foreach ($res as $u) { #User level switch ($u[2]) { case '0': $lv = $lang['locked']; break; case '1': $lv = $lang['user']; break; case '2':
} else { $page = 1; $st = 0; } #Filter: IP / hidden if (isset($URL[1])) { if ($URL[1] == 'hidden') { $q = ' WHERE access!=1'; } else { $q = ' WHERE ip=' . $db->quote($URL[1]); } } else { $q = ''; } #Count all comments $total = dbCount('comms' . $q); $com = array(); #Get comments from database $res = $db->query('SELECT c.*,u.login FROM ' . PRE . 'comms c LEFT JOIN ' . PRE . 'users u ON c.UID!=0 AND c.UID=u.ID ' . $q . ' ORDER BY c.ID DESC LIMIT ' . $st . ',20'); #BBCode support if (isset($cfg['bbcode'])) { include_once './lib/bbcode.php'; } #Get category types $type = parse_ini_file('cfg/types.ini', 1); foreach ($res as $x) { switch ($x['TYPE']) { case '10': $co = 'user'; break; case '59':
$del = array(); foreach ($_POST['x'] as $key => $val) { $del[] = (int) $key; } $db->exec('DELETE FROM ' . PRE . 'guestbook WHERE ID IN (' . join(',', $del) . ')'); } #Page number if (isset($_GET['page']) && $_GET['page'] > 1) { $page = $_GET['page']; $st = ($page - 1) * $cfg['gbNum']; } else { $page = 1; $st = 0; } #Total $total = dbCount('guestbook WHERE lang="' . LANG . '"'); $num = 0; $all = array(); #Get posts $query = $db->prepare('SELECT * FROM ' . PRE . 'guestbook WHERE lang=? ORDER BY ID DESC LIMIT ?,?'); $query->bindValue(1, LANG); $query->bindValue(2, $st, 1); $query->bindValue(3, $cfg['gbNum'], 1); //PARAM_INT $query->execute(); #BBCode if (isset($cfg['bbcode'])) { require './lib/bbcode.php'; } #Posts foreach ($query as $x) {
$u['pass'] = $user['pass']; } else { $u['pass'] = md5($_POST['pass']); if (strlen($_POST['pass']) < 5 || strlen($_POST['pass']) > 50) { $error[] = $lang['badPass']; } #Passwords different if ($_POST['pass'] != $_POST['pass2']) { $error[] = $lang['pass2']; } } #E-mail if (empty($cfg['nomail'])) { if (filter_var($u['mail'], FILTER_VALIDATE_EMAIL)) { #E-mail already exists if (dbCount('users WHERE mail="' . $u['mail'] . '"' . (UID ? ' AND ID!=' . UID : ''))) { $error[] = $lang['mailEx']; } } else { $u['mail'] = clean($u['mail']); $error[] = $lang['badMail']; } #Banned E-mail if ($cfg['mailban']) { foreach ($cfg['mailban'] as $x) { if (stripos($u['mail'], $x) !== false) { $error[] = $lang['mailEx']; } } } }
#Page title $view->title = $lang['account']; #No one can edit first user except himself if ($id == 1 && UID != 1) { return; } #Errors $error = array(); #Edit user if ($_POST) { $u = array('login' => clean($_POST['login']), 'about' => clean($_POST['about']), 'skype' => clean($_POST['skype'], 40), 'jabber' => clean($_POST['jabber'], 60), 'photo' => clean($_POST['photo']), 'mail' => clean($_POST['mail']), 'city' => clean($_POST['city']), 'tlen' => clean($_POST['tlen'], 30), 'www' => clean($_POST['www']), 'sex' => (int) $_POST['sex'], 'icq' => is_numeric($_POST['icq']) ? $_POST['icq'] : null, 'gg' => is_numeric($_POST['gg']) ? $_POST['gg'] : null); #Login if (isset($u['login'][21]) || !isset($u['login'][2])) { $error[] = $lang['badLogin']; } if (dbCount('users WHERE login="******" AND ID!=' . $id) !== 0) { $error[] = $lang['loginEx']; } switch ($cfg['logins']) { case 1: $re = '/^[A-Za-z0-9 _-]*$/'; break; case 2: $re = '/^[0-9\\pL _.-]*$/u'; break; default: $re = '/^[^&/?#=]$/'; break; } if (!preg_match($re, $u['login'])) { $error[] = $lang['loginChar'];
if (isset($_GET['page']) && $_GET['page'] > 1) { $page = $_GET['page']; $st = ($page - 1) * 30; } else { $page = 1; $st = 0; } #Find $find = empty($_GET['find']) ? '' : clean($_GET['find'], 30); if ($find) { $param[] = 'name LIKE ' . $db->quote($find . '%'); } #Params -> string $param = $join . ($param ? ' WHERE ' . join(' AND ', $param) : ''); #Count items $total = dbCount($table . $param); #Zero if ($total == 0 && !$find) { header('Location: ' . URL . url('edit/' . $act, $id ? 'catid=' . $id : null)); $view->info($lang['noc']); return 1; } #Prepare URL $url = url('list/' . $act . '/' . $id); #Get items $res = $db->query('SELECT ID,name,access FROM ' . PRE . $table . $param . ' ORDER BY ID DESC LIMIT ' . $st . ',30'); $res->setFetchMode(3); $items = array(); #Prepare item foreach ($res as $i) { switch ($i[2]) {
function CountItems() { global $db; $cat = $db->query('SELECT ID,type,access,sc FROM ' . PRE . 'cats')->fetchAll(3); //FETCH_NUM $ile = count($cat); if ($ile > 0) { #Dla każdej kategorii policz liczbę zawartości for ($i = 0; $i < $ile; ++$i) { $id = $cat[$i][0]; $num[$id] = dbCount(typeOf($cat[$i][1]) . ' WHERE cat=' . $id . ' AND access=1'); #ID kategorii nadrzędnej $sub[$id] = $cat[$i][3]; #Tablica będzie zawierać ilość kategorii w podkategoriach $total[$id] = $num[$id]; } for ($i = 0; $i < $ile; $i++) { #Jeżeli dostępna - znajdź podkategorie i dolicz ilość zawartości if ($cat[$i][2] != 2 && $cat[$i][2] != 3) { $x = $cat[$i][3]; #Nadkategoria while ($x != 0 && is_numeric($x)) { $total[$x] += $total[$cat[$i][0]]; $x = $sub[$x]; } } } #Zapisz ilość dla każdej kategorii $q = $db->prepare('UPDATE ' . PRE . 'cats SET num=?, nums=? WHERE ID=?'); foreach ($total as $k => $x) { if (is_numeric($x) && is_numeric($num[$k])) { $q->execute(array($num[$k], $x, $k)); } } } }
#W¹tki $view->title = $lang['topics']; break; case 'drafts': $q = 'p.st=3 AND p.owner=' . UID; #Kopie robocze $view->title = $lang['drafts']; break; default: $q = 'p.st<3 AND p.owner=' . UID; #Odebrane $view->title = $user['pms'] ? sprintf('%s (%d)', $lang['inbox'], $user['pms']) : $lang['inbox']; $id = 'inbox'; } #Licz $total = dbCount('pms p WHERE p.del!=' . UID . ' AND ' . $q); #Brak? if ($total < 1) { $view->info($view->title . '<br /><br />' . $lang['pm11']); return 1; } #Pobierz $res = $db->query('SELECT p.ID, p.th, p.topic, p.st, u.ID as uid, u.login FROM ' . PRE . 'pms p LEFT JOIN ' . PRE . 'users u ON p.usr=u.ID WHERE p.del!=' . UID . ' AND ' . $q . ' ORDER BY p.st,p.ID DESC LIMIT ' . $st . ',20'); #Adresy $userURL = url('user/'); $yourURL = $userURL . urlencode($user['login']); $pms = array(); $url = url('pms/view/'); #Lista foreach ($res as $x) { $pms[] = array('id' => $x['ID'], 'topic' => $x['topic'], 'new' => $x['st'] == '1', 'url' => $url . ($x['th'] ? $x['th'] : $x['ID']), 'login' => $x['login'], 'userURL' => $userURL . urlencode($x['login']));
$ip = $_SERVER['REMOTE_ADDR'] . (isset($_SERVER['HTTP_X_FORWARDED_FOR']) ? ' ' . $_SERVER['HTTP_X_FORWARDED_FOR'] : ''); #Guests if (!UID && !isset($cfg['bugsVote'])) { exit($lang['logtov']); } #Get data $q = $db->prepare('SELECT c.rate FROM ' . PRE . 'bugs b INNER JOIN ' . PRE . 'bugcats c ON b.cat=c.ID WHERE b.ID=?'); $q->bindValue(1, $id, 1); $q->execute(); #Does not exist if (!($bug = $q->fetch(2))) { exit('Issue not found!'); } #Hands try { if (dbCount('rates WHERE type=66 AND ID=' . $id . ' AND IP=' . $db->quote($ip))) { exit($lang['voted']); } $db->beginTransaction(); if ($bug['rate'] == 1) { $field = $vote == 5 ? 'pos' : 'neg'; $db->exec(sprintf('UPDATE %sbugs SET %s=%s+1 WHERE ID=%d', PRE, $field, $field, $id)); $info = 'OK'; } elseif ($vote > 0 && $vote < 6) { $all = $db->query('SELECT count(*),SUM(mark) FROM ' . PRE . 'rates WHERE type=66 AND ID=' . $id)->fetch(3); $all[1] += $vote; $all[0] += 1; $avg = $all[0] > 1 ? count($all[1] / $all[0]) : $vote; $db->exec('UPDATE ' . PRE . 'bugs SET pos=' . $avg . ', neg=' . $all[0] . ' WHERE ID=' . $id); $info = json_encode(array($avg, $all[0])); } else {
<?php if (iCMS != 1) { exit; } require './cfg/account.php'; require LANG_DIR . 'profile.php'; #Get group if (!($group = $db->query('SELECT * FROM ' . PRE . 'groups WHERE access!="0" AND ID=' . $id)->fetch(2))) { return; } #Page title $view->title = $group['name']; #Are you a member $member = UID ? dbCount('groupuser WHERE g=' . $id . ' AND u=' . UID) : 0; #Group URL $url = url('group/' . $id); #May join $mayJoin = UID && !$member && $group['opened'] == 1; $mayLeave = UID && $member; $askJoin = sprintf($lang['wantJoin'], $group['name']); $askLeave = sprintf($lang['wantLeave'], $group['name']); #Special missions if (isset($URL[2])) { #Join group if ($mayJoin && $URL[2] == 'join') { if (isset($_POST['yes'])) { try { $db->beginTransaction(); $q = $db->prepare('INSERT INTO ' . PRE . 'groupuser (u,g,date) VALUES (?,?,?)'); $q->execute(array(UID, $id, $_SERVER['REQUEST_TIME']));