check_login_member('view_photo'); $tpl = new phemplate(_BASEPATH_ . '/skins_site/' . get_my_skin() . '/', 'remove_nonjs'); $photo_id = sanitize_and_format_gpc($_GET, 'photo_id', TYPE_INT, 0, 0); $output = array(); $output['pic_width'] = get_site_option('pic_width', 'core_photo'); $loop_comments = array(); if (!empty($photo_id)) { $query = "SELECT `photo_id`,`is_private`,`photo`,`caption`,`fk_user_id`,`_user` as `user`,`status`,`allow_comments`,`allow_rating`,`stat_votes`,`stat_votes_total` FROM `{$dbtable_prefix}user_photos` WHERE `photo_id`={$photo_id}"; if (!($res = @mysql_query($query))) { trigger_error(mysql_error(), E_USER_ERROR); } if (mysql_num_rows($res)) { $output = array_merge($output, mysql_fetch_assoc($res)); $is_friend = false; if (!empty($_SESSION[_LICENSE_KEY_]['user']['user_id'])) { $is_friend = is_network_member($output['fk_user_id'], $_SESSION[_LICENSE_KEY_]['user']['user_id'], NET_FRIENDS); } if (!empty($output['is_private']) && (empty($_SESSION[_LICENSE_KEY_]['user']['user_id']) || $output['fk_user_id'] != $_SESSION[_LICENSE_KEY_]['user']['user_id'] && !$is_friend)) { $topass['message']['type'] = MESSAGE_ERROR; $topass['message']['text'] = sprintf($GLOBALS['_lang'][277], _BASEURL_ . '/profile.php?uid=' . $output['fk_user_id'], get_user_by_userid($output['fk_user_id'])); redirect2page('info.php', $topass); } elseif ($output['status'] == STAT_APPROVED || !empty($_SESSION[_LICENSE_KEY_]['user']['user_id']) && $output['fk_user_id'] == $_SESSION[_LICENSE_KEY_]['user']['user_id']) { $output['caption'] = sanitize_and_format($output['caption'], TYPE_STRING, $__field2format[TEXT_DB2DISPLAY]); if (!empty($output['allow_rating'])) { if ($output['stat_votes'] > 0) { $output['rate_num'] = number_format($output['stat_votes_total'] / $output['stat_votes'], 1); } else { $output['rate_num'] = 0; } $output['rate_percent'] = (int) ($output['rate_num'] * 100 / 5); } else {
// check_login_member('auth'); this check was made at the begining if (empty($output['_user_other'])) { $output['_user_other'] = $GLOBALS['_lang'][135]; } $tpl->set_var('spam_controls', false); break; } $output['message_body'] = text2smilies(bbcode2html($output['message_body'])); if (empty($output['photo'])) { $output['photo'] = 'no_photo.gif'; } if (empty($output['other_id'])) { unset($output['other_id']); } else { require _BASEPATH_ . '/includes/network_functions.inc.php'; if (is_network_member($_SESSION[_LICENSE_KEY_]['user']['user_id'], $output['other_id'], NET_BLOCK)) { $output['is_blocked'] = true; } $output['net_block'] = NET_BLOCK; } $output['mailbox_name'] = $my_folders[$output['fid']]; $output['return2me'] = 'message_read.php'; if (!empty($_SERVER['QUERY_STRING'])) { $output['return2me'] .= '?' . $_SERVER['QUERY_STRING']; } $output['return2me'] = rawurlencode($output['return2me']); $tpl->set_file('content', 'message_read.html'); $tpl->set_var('output', $output); $tpl->process('content', 'content', TPL_OPTIONAL); if ($output['is_read'] == 0) { $query = "UPDATE `{$dbtable_prefix}user_{$mailbox_table}` SET `is_read`=1 WHERE `mail_id`=" . $output['mail_id'] . " AND `fk_user_id`='" . $_SESSION[_LICENSE_KEY_]['user']['user_id'] . "'";
<?php /****************************************************************************** Etano =============================================================================== File: profile_left.php $Revision$ Software by: DateMill (http://www.datemill.com) Copyright by: DateMill (http://www.datemill.com) Support at: http://www.datemill.com/forum ******************************************************************************* * See the "docs/licenses/etano.txt" file for license. * ******************************************************************************/ $conn_net = array(); if (isset($output['uid'])) { $uid = $output['uid']; unset($output); $output['uid'] = $uid; if (!empty($_SESSION[_LICENSE_KEY_]['user']['user_id'])) { if (is_network_member($_SESSION[_LICENSE_KEY_]['user']['user_id'], $output['uid'], NET_BLOCK)) { $output['unblock_user'] = true; } $conn_net = is_network_member($_SESSION[_LICENSE_KEY_]['user']['user_id'], $output['uid'], 0, array(NET_BLOCK)); } } $tpl->set_file('left_content', 'profile_left.html'); $tpl->set_loop('conn_net', $conn_net); $tpl->set_var('output', $output); $tpl->set_var('tplvars', $tplvars); $tpl->process('left_content', 'left_content', TPL_LOOP | TPL_OPTIONAL);
if (!empty($_GET['return'])) { $input['return'] = sanitize_and_format_gpc($_GET, 'return', TYPE_STRING, $__field2format[FIELD_TEXTFIELD] | FORMAT_RUDECODE, ''); $nextpage = $input['return']; } if (empty($input['uid'])) { $error = true; $topass['message']['type'] = MESSAGE_ERROR; $topass['message']['text'] = $GLOBALS['_lang'][81]; } if (empty($input['net_id'])) { $error = true; $topass['message']['type'] = MESSAGE_ERROR; $topass['message']['text'] = $GLOBALS['_lang'][82]; } $other_user_name = get_user_by_userid($input['uid']); if (is_network_member($_SESSION[_LICENSE_KEY_]['user']['user_id'], $input['uid'], $input['net_id'])) { $error = true; $topass['message']['type'] = MESSAGE_ERROR; $topass['message']['text'] = sprintf($GLOBALS['_lang'][280], $other_user_name); } if (!$error) { $query = "SELECT `is_bidi` FROM `{$dbtable_prefix}networks` WHERE `net_id`=" . $input['net_id']; if (!($res = @mysql_query($query))) { trigger_error(mysql_error(), E_USER_ERROR); } $is_bidi = 1; if (mysql_num_rows($res)) { $is_bidi = mysql_result($res, 0, 0); } else { $error = true; $topass['message']['type'] = MESSAGE_ERROR;
$topass['message']['type'] = MESSAGE_ERROR; $topass['message']['text'] = $GLOBALS['_lang'][75]; } if (empty($input['subject'])) { $error = true; $topass['message']['type'] = MESSAGE_ERROR; $topass['message']['text'] = $GLOBALS['_lang'][196]; } if (empty($input['message_body'])) { $error = true; $topass['message']['type'] = MESSAGE_ERROR; $topass['message']['text'] = $GLOBALS['_lang'][197]; } if (!$error) { // if the receiver didn't block me... if (!is_network_member($input['fk_user_id'], $_SESSION[_LICENSE_KEY_]['user']['user_id'], NET_BLOCK)) { // sender of the message: me $input['fk_user_id_other'] = $_SESSION[_LICENSE_KEY_]['user']['user_id']; $input['_user_other'] = $_SESSION[_LICENSE_KEY_]['user']['user']; $input['subject'] = remove_banned_words($input['subject']); $input['message_body'] = remove_banned_words($input['message_body']); if (isset($_on_before_insert)) { for ($i = 0; isset($_on_before_insert[$i]); ++$i) { call_user_func($_on_before_insert[$i]); } } queue_or_send_message($input, true); // save the message in my outbox $input['fk_user_id_other'] = $input['fk_user_id']; $input['fk_user_id'] = $_SESSION[_LICENSE_KEY_]['user']['user_id']; $input['_user_other'] = get_user_by_userid($input['fk_user_id_other']);
} else { $error = true; } $tplvars['page_title'] = sprintf($GLOBALS['_lang'][143], get_user_by_userid($input['uid'])); break; case 'priv': $input['acclevel_code'] = 'auth'; $input['uid'] = sanitize_and_format_gpc($_GET, 'uid', TYPE_INT, 0, 0); if (!empty($_SESSION[_LICENSE_KEY_]['user']['user_id']) && $input['uid'] == $_SESSION[_LICENSE_KEY_]['user']['user_id']) { redirect2page('my_photos.php'); } $user_name = get_user_by_userid($input['uid']); if (!empty($input['uid'])) { require_once _BASEPATH_ . '/includes/network_functions.inc.php'; // if I am a friend with this gorgeous girl show me the hidden stuff :) if (!empty($_SESSION[_LICENSE_KEY_]['user']['user_id']) && is_network_member($input['uid'], $_SESSION[_LICENSE_KEY_]['user']['user_id'], NET_FRIENDS)) { $where .= " AND a.`fk_user_id`=" . $input['uid'] . " AND `is_private`=1"; } else { $output['no_results'] = sprintf($GLOBALS['_lang'][277], _BASEURL_ . '/profile.php?uid=' . $input['uid'], $user_name); $error = true; } } else { $error = true; } $tplvars['page_title'] = sprintf($GLOBALS['_lang'][279], $user_name); break; case 'field': $input['acclevel_code'] = 'search_photo'; $input['f'] = sanitize_and_format_gpc($_GET, 'f', TYPE_STRING, $__field2format[FIELD_TEXTFIELD], ''); $input['v'] = sanitize_and_format_gpc($_GET, 'v', TYPE_STRING, $__field2format[FIELD_TEXTFIELD], ''); if (!empty($input['f']) && !empty($input['v'])) {