function storeTags($iID, $sTags, $sType) { $aTags = explodeTags($sTags); db_res("DELETE FROM `sys_tags` WHERE `ID` = {$iID} AND `Type` = '{$sType}'"); //re-store if exist foreach ($aTags as $sTag) { $sTag = addslashes($sTag); db_res("INSERT INTO `sys_tags` VALUES ( '{$sTag}', {$iID}, '{$sType}', CURRENT_TIMESTAMP )", 0); } }
function storeTags($iID, $sTags, $sType) { $aTags = explodeTags($sTags); db_res("DELETE FROM `sys_tags` WHERE `ID` = ? AND `Type` = ?", [$iID, $sType]); //re-store if exist foreach ($aTags as $sTag) { $sTag = addslashes($sTag); db_res("INSERT INTO `sys_tags` VALUES ( ?, ?, ?, CURRENT_TIMESTAMP )", [$sTag, $iID, $sType]); } }
function _passTags($s) { $sTags = $this->passXss($s); $aTags = explodeTags($sTags); return implode(",", $aTags); }
/** * SQL Updating fields of Advertisement * * @param $iEditAdvertisementID ID`s of editing Advertisement * @return Text presentation of data */ function ActionUpdateAdvertisementID($iEditAdvertisementID) { $sCheckPostSQL = "SELECT `IDProfile`\r\n\t\t\t\t\t\t\tFROM `ClassifiedsAdvertisements`\r\n\t\t\t\t\t\t\tWHERE `ID`={$iEditAdvertisementID}\r\n\t\t\t\t\t\t"; $aAdvOwner = db_arr($sCheckPostSQL); $iAdvOwner = $aAdvOwner['IDProfile']; $iVisitorID = (int) $_COOKIE['memberID']; if (($iVisitorID == $iAdvOwner || $this->bAdminMode) && $iEditAdvertisementID > 0) { if ($this->bAdminMode == FALSE) { $sRestrictRes = $this->RestrictAction($iVisitorID); if ($sRestrictRes != '') { return $sRestrictRes; } //if ($this->RestrictAction($iVisitorID)) return; } require_once BX_DIRECTORY_PATH_INC . 'tags.inc.php'; $sSuccUpd = _t("_SUCC_UPD_ADV"); $sFailUpd = _t("_FAIL_UPD_ADV"); $sCategoryID = process_db_input($_POST['Classified']); $sSubCategoryID = process_db_input($_POST['SubClassified']); $sCustomFieldValue1 = (int) $_POST['CustomFieldValue1']; $sCustomFieldValue2 = (int) $_POST['CustomFieldValue2']; $sTags = process_db_input($_POST['Tags']); $aTags = explodeTags($sTags); $sTags = implode(",", $aTags); $sSubject = $this->process_html_db_input($_POST['subject']); $sMessage = $this->process_html_db_input($_POST['message']); $changeCat = ($sCategoryID > 0 and $sSubCategoryID > 0) ? "`IDClassifiedsSubs`='{$sSubCategoryID}', " : ''; //1. get a new files and return string-array $sNewMedias = $this->parseUploadedFiles($iAdvOwner); //2. get current media datas from cls $aAdvData = $this->GetAdvertisementData($iEditAdvertisementID); $sMediaIDs = $aAdvData['Media']; //3. merge both $aOldChunks = preg_split("/[,]+/", $sMediaIDs, -1, PREG_SPLIT_NO_EMPTY); $aNewChunks = preg_split("/[,]+/", $sNewMedias, -1, PREG_SPLIT_NO_EMPTY); $aResultChunks = array_merge($aNewChunks, $aOldChunks); $sResultChunks = implode(",", $aResultChunks); $sPicsAddSQL = count($aNewChunks) > 0 ? "`Media` = '{$sResultChunks}'," : ''; //$sNewUri = uriGenerate($sSubject, 'ClassifiedsAdvertisements', 'EntryUri', 50); //4. update result $sQuery = "\r\n\t\t\t\tUPDATE `ClassifiedsAdvertisements` SET\r\n\t\t\t\t{$changeCat}\r\n\t\t\t\t`Subject`='{$sSubject}',\r\n\t\t\t\t`Message`='{$sMessage}',\r\n\t\t\t\t`CustomFieldValue1`={$sCustomFieldValue1},\r\n\t\t\t\t`CustomFieldValue2`={$sCustomFieldValue2},\r\n\t\t\t\t{$sPicsAddSQL}\r\n\t\t\t\t`Tags`='{$sTags}'\r\n\t\t\t\tWHERE `ID`={$iEditAdvertisementID}\r\n\t\t\t"; $vSqlRes = db_res($sQuery); $sRet = mysql_affected_rows() > 0 ? _t($sSuccUpd) : _t($sFailUpd); reparseObjTags('ad', $iEditAdvertisementID); $this->UseDefaultCF(); return MsgBox($sRet) . $this->ActionPrintAdvertisement($iEditAdvertisementID); } elseif ($iVisitorID != $iAdvOwner) { return MsgBox(_t('_Hacker String')); } else { return MsgBox(_t('_Error Occured')); } }
/** * Adding a New Post SQL * * @param $iLastID - returning Last Inserted ID (SQL) (just try) * @return HTML presentation of data */ function ActionAddNewPost(&$iLastID) { global $dir; $this->CheckLogged(); $iCategoryID = process_db_input((int) $_POST['categoryID']); $sCheckPostSQL = "SELECT `OwnerID`\n\t\t\t\t\t\t\tFROM `BlogCategories`\n\t\t\t\t\t\t\tWHERE `CategoryID`={$iCategoryID}\n\t\t\t\t\t\t"; $aCategoryOwner = db_arr($sCheckPostSQL); $iCategoryOwnerID = $aCategoryOwner['OwnerID']; if ($this->aBlogConf['visitorID'] == $iCategoryOwnerID && $iCategoryID > 0) { $sPostCaption = process_db_input($_POST['caption']); $sPostUri = uriGenerate($sPostCaption, 'BlogPosts', 'PostUri'); $sPostText = process_db_input($_POST['blogText']); $commentPerm = process_db_input($_POST['commentPerm']); $readPerm = process_db_input($_POST['readPerm']); $sTagsPerm = process_db_input($_POST['tags']); $aTags = explodeTags($sTagsPerm); $sTagsPerm = implode(",", $aTags); $queryActionAdd = " INSERT INTO "; $sAutoApprovalVal = getParam('blogAutoApproval') == 'on' ? "approval" : "disapproval"; $addQuery = "\n\t\t\t\t{$queryActionAdd} `BlogPosts`\n\t\t\t\tSET\n\t\t\t\t\t`CategoryID` = '{$iCategoryID}',\n\t\t\t\t\t`PostCaption` = '{$sPostCaption}',\n\t\t\t\t\t`PostUri` = '{$sPostUri}',\n\t\t\t\t\t`PostText` = '{$sPostText}',\n\t\t\t\t\t`PostReadPermission` = '{$readPerm}',\n\t\t\t\t\t`PostCommentPermission` = '{$commentPerm}',\n\t\t\t\t\t`PostStatus` = '{$sAutoApprovalVal}',\n\t\t\t\t\t`Tags` = '{$sTagsPerm}',\n\t\t\t\t\t`PostDate` = NOW()\n\t\t\t"; $sRet = _t('_failed_to_add_post'); if (db_res($addQuery)) { $iLastId = mysql_insert_id(); $this->iLastPostedPostID = $iLastId; if (0 < $_FILES['BlogPic']['size'] && 0 < strlen($_FILES['BlogPic']['name']) && 0 < $iLastId) { $sFileName = 'blog_' . $iLastId; $sExt = moveUploadedImage($_FILES, 'BlogPic', $dir['blogImage'] . $sFileName, '', false); if (strlen($sExt) && !(int) $sExt) { imageResize($dir['blogImage'] . $sFileName . $sExt, $dir['blogImage'] . 'small_' . $sFileName . $sExt, $this->iIconSize / 2, $this->iIconSize / 2); imageResize($dir['blogImage'] . $sFileName . $sExt, $dir['blogImage'] . 'big_' . $sFileName . $sExt, $this->iThumbSize, $this->iThumbSize); chmod($dir['blogImage'] . 'small_' . $sFileName . $sExt, 0644); chmod($dir['blogImage'] . 'big_' . $sFileName . $sExt, 0644); $query = "UPDATE `BlogPosts` SET `PostPhoto` = '" . $sFileName . $sExt . "' WHERE `PostID` = '{$iLastId}'"; db_res($query); @unlink($dir['blogImage'] . $sFileName . $sExt); } } if ($iLastId > 0) { $sRet = _t('_post_successfully_added'); reparseObjTags('blog', $iLastId); } } return MsgBox($sRet); } elseif ($this->aBlogConf['visitorID'] != $iCategoryOwnerID) { return MsgBox(_t('_Hacker String')); } else { return MsgBox(_t('_Error Occured')); } }
/** * function for New/Edit event * @return Text Result */ function SDAddEvent($iEventID = -1) { //for update event //print $iEventID; global $dir; global $logged; global $site; if (!$logged['member'] && !$logged['admin']) { member_auth(0); } // collect information about current member $aMember['ID'] = (int) $_COOKIE['memberID']; $aMemberData = getProfileInfo($aMember['ID']); // common $sEventTitle = process_db_input($_POST['event_title']); $sEventDesc = $this->process_html_db_input($_POST['event_desc']); $sEventStatusMessage = process_db_input($_POST['event_statusmsg']); // event place $sEventCountry = process_db_input($_POST['event_country']); $sEventCity = process_db_input($_POST['event_city']); $EventPlace = process_db_input($_POST['event_place']); $sTags = process_db_input($_POST['event_tags']); $aTags = explodeTags($sTags); $sTags = implode(",", $aTags); $sPictureName = $sBaseName; $aScan = getimagesize($_FILES['event_photo']['tmp_name']); if (in_array($aScan[2], array(1, 2, 3, 6)) && 0 < strlen($_FILES['event_photo']['name'])) { $sCurrentTime = time(); if ($iEventID == -1) { $sBaseName = 'g_' . $sCurrentTime . '_1'; } else { $sBaseName = db_value("SELECT `PhotoFilename` FROM `SDatingEvents` WHERE `ID`={$iEventID} LIMIT 1"); if ($sBaseName != "") { if (ereg("([a-z0-9_]+)\\.", $sBaseName, $aRegs)) { $sBaseName = $aRegs[1]; } } else { $sBaseName = $sBaseName != "" ? $sBaseName : 'g_' . $sCurrentTime . '_1'; } } $sExt = moveUploadedImage($_FILES, 'event_photo', $dir['tmp'] . $sBaseName, '', false); $sBaseName .= $sExt; $sPictureName = $sBaseName; $sThumbName = 'thumb_' . $sBaseName; $sIconName = 'icon_' . $sBaseName; // resize for thumbnail $vRes = imageResize($dir['tmp'] . $sBaseName, $dir['sdatingImage'] . $sThumbName, $this->iThumbSize, $this->iThumbSize); if ($vRes != IMAGE_ERROR_SUCCESS) { return SDATING_ERROR_PHOTO_PROCESS; } $vRes = imageResize($dir['tmp'] . $sBaseName, $dir['sdatingImage'] . $sPictureName, $this->iImgSize, $this->iImgSize); if ($vRes != IMAGE_ERROR_SUCCESS) { return SDATING_ERROR_PHOTO_PROCESS; } $vRes = imageResize($dir['tmp'] . $sBaseName, $dir['sdatingImage'] . $sIconName, $this->iIconSize, $this->iIconSize); if ($vRes != IMAGE_ERROR_SUCCESS) { return SDATING_ERROR_PHOTO_PROCESS; } unlink($dir['tmp'] . $sBaseName); chmod($dir['sdatingImage'] . $sPictureName, 0644); chmod($dir['sdatingImage'] . $sThumbName, 0644); chmod($dir['sdatingImage'] . $sIconName, 0644); $sEventPhotoFilename = process_db_input($sPictureName); } else { $sEventPhotoFilename = ''; } $sPictureSQL = ''; if ($iEventID > 0 && $sEventPhotoFilename != '') { $sPictureSQL = "`PhotoFilename` = '{$sEventPhotoFilename}',"; } // event date $sEventStart = strtotime($_REQUEST['event_start']); if ($sEventStart == -1) { return SDATING_ERROR_WRONG_DATE_FORMAT; } if ($this->bAdminMode) { $sEventEnd = strtotime($_POST['event_end']); //if ( $sEventEnd == -1 ) // return SDATING_ERROR_WRONG_DATE_FORMAT; $sEventSaleStart = strtotime($_POST['event_sale_start']); //if ( $sEventSaleStart == -1 ) // return SDATING_ERROR_WRONG_DATE_FORMAT; $sEventSaleEnd = strtotime($_POST['event_sale_end']); //if ( $sEventSaleEnd == -1 ) // return SDATING_ERROR_WRONG_DATE_FORMAT; //if ( $sEventEnd < $sEventStart || $sEventSaleEnd < $sEventSaleStart || $sEventStart < $sEventSaleStart ) // return SDATING_ERROR_WRONG_DATE_FORMAT; $sEventEndVal = "FROM_UNIXTIME( {$sEventEnd} )"; $sEventSaleStartVal = "FROM_UNIXTIME( {$sEventSaleStart} )"; $sEventSaleEndVal = "FROM_UNIXTIME( {$sEventSaleEnd} )"; } else { $sEventEndVal = 'NOW()'; $sEventSaleStartVal = 'NOW()'; $sEventSaleEndVal = 'NOW()'; } // event responsible $sEventRespId = $this->bAdminMode ? 0 : process_db_input($aMemberData['ID'], 0, 1); $sEventRespName = $this->bAdminMode ? _t('Admin') : process_db_input($aMemberData['NickName'], 0, 1); $sEventRespEmail = $this->bAdminMode ? $site['email'] : process_db_input($aMemberData['Email'], 0, 1); $sEventRespPhone = $this->bAdminMode ? '666' : process_db_input($aMemberData['Phone'], 0, 1); $iEventAgeLowerFilter = (int) getParam('search_start_age'); $iEventAgeUpperFilter = (int) getParam('search_end_age'); $sEventMembershipFilter = "\\'all\\'"; $iEventCountF = (int) $_POST['event_count_female']; $iEventCountM = (int) $_POST['event_count_male']; $dEventPriceF = '0.00'; $dEventPriceM = '0.00'; $dEventPriceC = '0.00'; // choose options $iEventChoosePeriod = 5; // allow to view participants $iEventAllowView = '1'; if ($iEventID == -1) { $sNewUri = uriGenerate($sEventTitle, 'SDatingEvents', 'EntryUri', 100); //Commented elements /*`EventEnd` = FROM_UNIXTIME( {$sEventEnd} ),*/ /*`TicketSaleStart` = FROM_UNIXTIME( {$sEventSaleStart} ),*/ /*`TicketSaleEnd` = FROM_UNIXTIME( {$sEventSaleEnd} ),*/ $vRes = db_res("INSERT INTO `SDatingEvents` SET\r\n\t\t\t\t\t\t`Title` = '{$sEventTitle}',\r\n\t\t\t\t\t\t`EntryUri` = '{$sNewUri}',\r\n\t\t\t\t\t\t`Description` = '{$sEventDesc}',\r\n\t\t\t\t\t\t`Status` = 'Active',\r\n\t\t\t\t\t\t`StatusMessage` = '{$sEventStatusMessage}',\r\n\t\t\t\t\t\t`Country` = '{$sEventCountry}',\r\n\t\t\t\t\t\t`City` = '{$sEventCity}',\r\n\t\t\t\t\t\t`Place` = '{$EventPlace}',\r\n\t\t\t\t\t\t`PhotoFilename` = '{$sEventPhotoFilename}',\r\n\t\t\t\t\t\t`EventStart` = FROM_UNIXTIME( {$sEventStart} ),\r\n\t\t\t\t\t\t`EventEnd` = {$sEventEndVal},\r\n\t\t\t\t\t\t`TicketSaleStart` = {$sEventSaleStartVal},\r\n\t\t\t\t\t\t`TicketSaleEnd` = {$sEventSaleEndVal},\r\n\t\t\t\t\t\t`ResponsibleID` = '{$sEventRespId}',\r\n\t\t\t\t\t\t`ResponsibleName` = '{$sEventRespName}',\r\n\t\t\t\t\t\t`ResponsibleEmail` = '{$sEventRespEmail}',\r\n\t\t\t\t\t\t`ResponsiblePhone` = '{$sEventRespPhone}',\r\n\t\t\t\t\t\t`EventSexFilter` = 'female,male',\r\n\t\t\t\t\t\t`EventAgeLowerFilter` = {$iEventAgeLowerFilter},\r\n\t\t\t\t\t\t`EventAgeUpperFilter` = {$iEventAgeUpperFilter},\r\n\t\t\t\t\t\t`EventMembershipFilter` = '{$sEventMembershipFilter}',\r\n\t\t\t\t\t\t`TicketCountFemale` = {$iEventCountF},\r\n\t\t\t\t\t\t`TicketCountMale` = {$iEventCountM},\r\n\t\t\t\t\t\t`TicketPriceFemale` = {$dEventPriceF},\r\n\t\t\t\t\t\t`TicketPriceMale` = {$dEventPriceM},\r\n\t\t\t\t\t\t`ChoosePeriod` = {$iEventChoosePeriod},\r\n\t\t\t\t\t\t`AllowViewParticipants` = {$iEventAllowView},\r\n\t\t\t\t\t\t`Tags` = '{$sTags}'\r\n\t\t\t\t\t\t"); $iLastID = mysql_insert_id(); if ($iLastID > 0) { $this->iLastInsertedID = $iLastID; reparseObjTags('event', $iLastID); } } else { //$sNewUri = uriGenerate($sEventTitle, 'SDatingEvents', 'EntryUri', 100); //Commented elements /*`EventEnd` = FROM_UNIXTIME( {$sEventEnd} ),*/ /*`TicketSaleStart` = FROM_UNIXTIME( {$sEventSaleStart} ),*/ /*`TicketSaleEnd` = FROM_UNIXTIME( {$sEventSaleEnd} ),*/ $vRes = db_res("UPDATE `SDatingEvents` SET\r\n\t\t\t\t\t\t`Title` = '{$sEventTitle}',\r\n\t\t\t\t\t\t`Description` = '{$sEventDesc}',\r\n\t\t\t\t\t\t`Status` = 'Active',\r\n\t\t\t\t\t\t`StatusMessage` = '{$sEventStatusMessage}',\r\n\t\t\t\t\t\t`Country` = '{$sEventCountry}',\r\n\t\t\t\t\t\t`City` = '{$sEventCity}',\r\n\t\t\t\t\t\t`Place` = '{$EventPlace}',\r\n\t\t\t\t\t\t{$sPictureSQL}\r\n\t\t\t\t\t\t`EventStart` = FROM_UNIXTIME( {$sEventStart} ),\r\n\t\t\t\t\t\t`EventEnd` = {$sEventEndVal},\r\n\t\t\t\t\t\t`TicketSaleStart` = {$sEventSaleStartVal},\r\n\t\t\t\t\t\t`TicketSaleEnd` = {$sEventSaleEndVal},\r\n\t\t\t\t\t\t`ResponsibleID` = '{$sEventRespId}',\r\n\t\t\t\t\t\t`ResponsibleName` = '{$sEventRespName}',\r\n\t\t\t\t\t\t`ResponsibleEmail` = '{$sEventRespEmail}',\r\n\t\t\t\t\t\t`ResponsiblePhone` = '{$sEventRespPhone}',\r\n\t\t\t\t\t\t`EventSexFilter` = 'female,male',\r\n\t\t\t\t\t\t`EventAgeLowerFilter` = {$iEventAgeLowerFilter},\r\n\t\t\t\t\t\t`EventAgeUpperFilter` = {$iEventAgeUpperFilter},\r\n\t\t\t\t\t\t`EventMembershipFilter` = '{$sEventMembershipFilter}',\r\n\t\t\t\t\t\t`TicketCountFemale` = {$iEventCountF},\r\n\t\t\t\t\t\t`TicketCountMale` = {$iEventCountM},\r\n\t\t\t\t\t\t`TicketPriceFemale` = {$dEventPriceF},\r\n\t\t\t\t\t\t`TicketPriceMale` = {$dEventPriceM},\r\n\t\t\t\t\t\t`ChoosePeriod` = {$iEventChoosePeriod},\r\n\t\t\t\t\t\t`AllowViewParticipants` = {$iEventAllowView},\r\n\t\t\t\t\t\t`Tags` = '{$sTags}'\r\n\t\t\t\t\t\tWHERE `ID` = {$iEventID}\r\n\t\t\t\t\t\t"); reparseObjTags('event', $iEventID); } return SDATING_ERROR_SUCCESS; }