function set_params($str)
{
global $message, $sysmessage, $text, $test, $user, $img_url, $dbname, $site_url, $er, $id, $lang, $auth, $games, $r, $_POST, $_GET, $_GLOBALS, $act, $insertid;
$str = str_replace("->", "->", $str);
$str = str_replace("->", "->", $str);
if (is_array($_POST) && is_array($_GET)) {
$_POST = array_merge($_POST, $_GET);
} elseif (is_array($_GET)) {
$_POST = $_GET;
}
$st = $str;
while (strlen($q = strpos($str, "\$"))) {
$par_name = substr($str, 1 + $q, strpos($str, ";", 1 + $q) - $q - 1);
if (!strlen(${$par_name})) {
${$par_name} = $_GLOBALS[$par_name];
}
if (strstr($par_name, "->")) {
$ob = substr($par_name, 0, strpos($par_name, "->"));
$var = substr($par_name, 2 + strpos($par_name, "->"));
$vname = $ob . $var;
$st = str_replace($par_name, $vname, $st);
$str = str_replace($par_name, $vname, $str);
$par_name = $vname;
if (!${$par_name}) {
${$par_name} = ${$ob}->{$var};
}
} elseif (strstr($par_name, "message(")) {
$var = substr($par_name, 1 + strpos($par_name, "("));
$var = substr($var, 0, strlen($var) - 1);
${$par_name} = message($var);
} elseif (strstr($par_name, "image(")) {
$var = substr($par_name, 1 + strpos($par_name, "("));
$var = substr($var, 0, strlen($var) - 1);
$vars = explode(",", $var);
$var = $vars[0];
$st = str_replace($par_name, "image" . $var, $st);
$str = str_replace($par_name, "image" . $var, $str);
$par_name = "image" . $var;
if (!$vars[1]) {
${$par_name} = "<img src='{$img_url}?id={$var}&record=12&dbname={$dbname}' border=\"0\">";
} else {
${$par_name} = "<a href=\"{$img_url}?id={$var}&dbname={$dbname}&record=12\" target=_blank><img src='{$img_url}?id={$var}&record=5&dbname={$dbname}' border=\"0\"></a>";
}
} elseif (strstr($par_name, "[")) {
$ob = substr($par_name, 0, strpos($par_name, "["));
$var = substr($par_name, 1 + strpos($par_name, "["));
$var = substr($var, 0, strlen($var) - 1);
$st = str_replace($par_name, $var, $st);
$str = str_replace($par_name, $var, $str);
$par_name = $var;
if (!${$par_name}) {
${$par_name} = ${$ob}[$var];
}
if ($ob == "message" && !${$par_name}) {
${$par_name} = message($var);
}
} else {
//print "$_POST['team'] $par_name";
if ($r[$par_name]) {
${$par_name} = $r[$par_name];
} elseif (strlen($_POST[$par_name])) {
${$par_name} = $_POST[$par_name];
}
if (!${$par_name} && !strstr($par_name, ">")) {
$p = select("select @{$par_name}");
if ($p[0]) {
${$par_name} = $p[0];
}
}
$str = substr($str, 1 + $q);
${$par_name} = addslashes(${$par_name});
${$par_name} = str_replace(";", "#dot", ${$par_name});
$st = str_replace("\$" . $par_name . ";", ${$par_name}, $st);
$str = str_replace("\$" . $par_name . ";", ${$par_name}, $str);
}
}
$str = $st;
while (strlen($q = strpos($str, "^"))) {
$par_name = substr($str, 1 + $q, strpos($str, ";", 1 + $q) - $q - 1);
if (strstr($par_name, "(")) {
$result = myeval($par_name . ";");
if ($result) {
$st = str_replace("^" . $par_name . ";", $result, $st);
}
}
$str = substr($str, 1 + $q);
}
$str = $st;
while ($q = strpos($str, "@")) {
$pos = strpos($str, ";", 1 + $q);
if ($pos && (!($pos2 = strpos($str, "=", 1 + $q)) || $pos < $pos2) && (!($pos2 = strpos($str, ",", 1 + $q)) || $pos < $pos2) && (!($pos2 = strpos($str, " ", 1 + $q)) || $pos < $pos2)) {
$par_name = substr($str, 1 + $q, $pos - $q - 1);
if (!${$par_name}) {
${$par_name} = $_POST[$par_name];
}
$str = substr($str, 1 + $q);
if (strstr($par_name, "lang")) {
$par_val = str_replace("lang", $lang, $par_name);
} else {
$par_val = ${$par_name};
}
if ($par_name) {
$par_val = str_replace("<", "<", $par_val);
$par_val = str_replace(">", ">", $par_val);
//if($test) print "SET @"."$par_name='$par_val'<br>";
$sql = "SET @" . "{$par_name}='{$par_val}'";
// print "-".$sql.";<br>" ;
runquery($sql);
}
} else {
$str = substr($str, 1 + $q);
}
}
return $st;
}
function set_form_params($str, $i)
{
global $id, $engine_path, $site_path, $search, $im_array, $r, $REMOTE_ADDR, $_FILES, $_POST, $_GET, $id, $secpass, $lang, $auth, $er;
$ndate = 0;
$st = $str;
if (is_Array($_POST) && is_Array($_GET)) {
$_POST = array_merge($_POST, $_GET);
} elseif (is_Array($_GET)) {
$_POST = $_GET;
}
$im_count = 0;
if ($_POST['numrows']) {
$mult = 1;
}
if (!$_POST['Time']) {
$Time = mktime();
}
if (!$_POST['Day']) {
$Date = mktime();
}
if (!$_POST['IP']) {
$IP = $REMOTE_ADDR;
}
if ($this->mode == 1) {
if ($this->act == "select") {
$inner = $this->document->getElementsByTagName("header");
$fields = $inner[0]->getElementsByTagName("item");
} else {
$inner = $this->document->getElementsByTagName("fields");
$fields = $inner[0]->getElementsByTagName("field");
}
} else {
if ($this->act == "select") {
$fields = $this->attributes['item'];
} else {
$fields = $this->attributes['field'];
}
}
foreach ($fields as $field) {
$item = $this->getTemplateControl($field);
//$name=$field->getAttribute("name","no");
$name = $item->name;
if ($name == "IP") {
${$name} = $REMOTE_ADDR;
}
$items[$name] = $item;
if ($item->default && !$_POST[$name]) {
$_POST[$name] = $item->default;
} elseif ($item->type == "stringlike") {
$_POST[$name] = "%{$_POST[$name]}%";
}
if ($_POST[$name] == "%%") {
$_POST[$name] = "%";
}
if ($mult) {
$f['name'] = $_FILES[$name]['name'][$i];
$f['tmp_name'] = $_FILES[$name]['tmp_name'][$i];
$f['size'] = $_FILES[$name]['size'][$i];
$f['type'] = $_FILES[$name]['type'][$i];
} else {
$f = $_FILES[$name];
}
$type = $item->type;
if (($type == "file" || $type == "image" || $type == "imageeditor" || $type == "flag") && $f[name]) {
$file = fopen($f['tmp_name'], "r");
if (!$file) {
$er = sysmessage(4) . "<br>";
}
$fname = $f['tmp_name'];
if ($thios->mode == 1) {
$maxsize = $field->getAttribute("maxsize", '');
$format = $field->getAttribute("format", '');
} else {
$maxsize = $field['maxsize'];
$format = $field['format'];
}
if (!strstr($format, strtolower(substr($f['name'], strpos($f['name'], ".") + 1))) && $format) {
$er = sysmessage(5) . " .{$format}!<br>";
}
${$name} = fread($file, filesize($fname));
if ($type == "file") {
${$name} = addslashes(${$name});
}
}
//print "$type<br>";
//exit;
if (($type == "flag" || $type == "image" || $type == "imageeditor") && ($f[name] || $_POST['UploadedImage']) && ($id || strstr($str, "insert "))) {
//print $str;
//exit;
$image = new cls_image($f);
if ($this->mode == 1) {
$image->maxsize = $field->getAttribute("maxsize", '');
$image->maxwidth = $field->getAttribute("maxwidth", '');
$image->maxheight = $field->getAttribute("maxheight", '');
$image->mix = $field->getAttribute("mix", '');
$image->mix2 = $field->getAttribute("mix2", '');
if ($position = $field->getAttribute("position", '')) {
$image->position = $position;
}
if ($width = $field->getAttribute("width", '')) {
$image->newWidth = $width;
$image->fix = "width";
}
if ($height = $field->getAttribute("height", '')) {
$image->newHeight = $height;
$image->fix = "height";
}
if ($fix = $field->getAttribute("fix", '')) {
$image->fix = $fix;
}
} else {
$image->maxsize = $field['maxsize'];
$image->maxwidth = $field['maxwidth'];
$image->maxheight = $field['maxheight'];
$image->mix = $field['mix'];
$image->mix2 = $field['mix2'];
if ($image->mix2) {
$image2 = new cls_image($image->imageMix($image->mix2));
$image->contents = $image2->contents;
}
if ($position = $field['position']) {
$image->position = $position;
}
if ($width = $field['width']) {
$image->newWidth = $width;
$image->fix = "width";
}
if ($height = $field['height']) {
$image->newHeight = $height;
$image->fix = "height";
}
if ($fix = $field['fix']) {
$image->fix = $fix;
}
}
if ($_POST['UploadedImage'] == 1) {
$file_name = $site_path . "/images/" . $this->table . "/" . strtolower($name) . "/0.jpg";
$file = fopen($file_name, "r");
$image->contents = fread($file, filesize($file_name));
fclose($file);
$image->type = "jpeg";
} else {
$image->check();
}
${$name} = $image->contents;
$im_array[$im_count]['name'] = $item->name;
$im_array[$im_count]['image'] = $image->contents;
if (($width || $height) && $image->type == "gif") {
if ($this->mode == 1) {
if (!($bgcolor = $field->getAttribute("bgcolor", ''))) {
$bgcolor = "515E64";
} elseif (!($bgcolor = $field['bgcolor'])) {
$bgcolor = "515E64";
}
}
if ($width && $image->width > $width || $height && $image->height > $height) {
$image->gif2jpeg($bgcolor);
}
}
$Type = $image->type;
$ph[$name] = 1;
$ph['Small'] = 1;
if ($image->type != "gif") {
$Small = new cls_image($image->imageResize());
unlink($engine_path . "tmp/" . $image->name);
$Small = $Small->contents;
} else {
$Small = ${$name};
}
if ($_POST['UploadedImage'] == 1) {
$file_name = $site_path . "/images/" . $this->table . "/" . "small" . "/0.jpg";
$file = fopen($file_name, "r");
$Small = fread($file, filesize($file_name));
fclose($file);
$file_name = $site_path . "/images/" . $this->table . "/" . strtolower($name) . "/0.jpg";
$file = fopen($file_name, "r");
$image->contents = fread($file, filesize($file_name));
fclose($file);
}
$im_array[$im_count]['small'] = $Small;
$im_array[$im_count]['type'] = $image->imtype;
$im_count++;
$ImageFormat = $image->imtype;
} elseif ($type == "date" || $type == "currentdate" || $type == "datetime" || $type == "currentdatetime") {
${$name} = mktime($_POST['hour'][$ndate], $_POST['minute'][$ndate], $_POST['seconds'][$ndate], $_POST['month'][$ndate], $_POST['day'][$ndate], $_POST['year'][$ndate]);
if (${$name} == -1 || !$_POST['month'][$ndate] || !$_POST['day'][$ndate] || !$_POST['year'][$ndate]) {
unset(${$name});
}
$ndate++;
} elseif ($type == "sqldate") {
${$name} = $_POST['year'][$ndate] . "-" . $_POST['month'][$ndate] . "-" . $_POST['day'][$ndate];
if (${$name} == -1 || !$_POST['month'][$ndate] || !$_POST['day'][$ndate] || !$_POST['year'][$ndate]) {
unset(${$name});
}
$ndate++;
}
if (($type == "url" || $name == "url") && ${$name} && !strstr(${$name}, "http://")) {
${$name} = "http://" . ${$name};
}
}
while ($q = strpos($str, "\$")) {
$par_name = substr($str, 1 + $q, strpos($str, ";", 1 + $q) - $q - 1);
if (strstr($par_name, "->")) {
$ob = substr($par_name, 0, strpos($par_name, "->"));
$var = substr($par_name, 2 + strpos($par_name, "->"));
if (strstr($var, "[")) {
$vname = $ob . substr($var, 0, strpos($var, "[")) . substr($var, 1 + strpos($var, "["), strpos($var, "]") - strpos($var, "[") - 1);
} else {
$vname = $ob . $var;
}
$st = str_replace($par_name, $vname, $st);
$str = str_replace($par_name, $vname, $str);
$par_name = $vname;
if (!${$par_name}) {
if (!strstr($var, "[")) {
${$par_name} = ${$ob}->{$var};
} else {
$var1 = substr($var, 0, strpos($var, "["));
$var = substr($var, 1 + strpos($var, "["));
$var = substr($var, 0, strlen($var) - 1);
$v = ${$ob}->{$var1};
${$par_name} = $v[$var];
}
}
} elseif (strstr($par_name, "[")) {
$ob = substr($par_name, 0, strpos($par_name, "["));
$var = substr($par_name, 1 + strpos($par_name, "["));
$var = substr($var, 0, strlen($var) - 1);
$st = str_replace($par_name, $var, $st);
$str = str_replace($par_name, $var, $str);
$par_name = $var;
if (!${$par_name}) {
${$par_name} = ${$ob}[$var];
}
} else {
if ($r[$par_name]) {
${$par_name} = $r[$par_name];
} elseif ($_POST[$par_name]) {
${$par_name} = $_POST[$par_name];
}
if (!${$par_name} && !strstr($par_name, ">")) {
$p = select("select @{$par_name}");
if ($p[0]) {
${$par_name} = $p[0];
}
}
//print "$i:".$par_name.is_Array($$par_name).$parval[$i].")";
if (is_Array(${$par_name})) {
$parval = ${$par_name};
${$par_name} = $parval[$i];
}
$str = substr($str, 1 + $q);
${$par_name} = str_replace(";", "#dot", ${$par_name});
$st = str_replace("\$" . $par_name . ";", ${$par_name}, $st);
$str = str_replace("\$" . $par_name . ";", ${$par_name}, $str);
}
}
$str = $st;
$w = 0;
while (strlen($q = strpos($str, "^"))) {
$par_name = substr($str, 1 + $q, strpos($str, ";", 1 + $q) - $q - 1);
if (strstr($par_name, "(")) {
$result = myeval($par_name . ";");
if ($result) {
$st = str_replace("^" . $par_name . ";", $result, $st);
}
}
$str = substr($str, 1 + $q);
}
$str = $st;
while ($q = strpos($str, "@")) {
//отсекаем до ;
$pos = strpos($str, ";", 1 + $q);
if ($pos && (!($pos2 = strpos($str, "=", 1 + $q)) || $pos < $pos2) && (!($pos2 = strpos($str, ",", 1 + $q)) || $pos < $pos2) && (!($pos2 = strpos($str, " ", 1 + $q)) || $pos < $pos2)) {
$par_name = substr($str, 1 + $q, $pos - $q - 1);
$str = substr($str, 1 + $q);
$item = $items[$par_name];
if ($item->unique && $mult) {
foreach ($_POST[$par_name] as $val) {
if ($ar[$val]) {
$er .= sysmessage(6) . " {$item->caption}={$val} " . sysmessage(7) . "!<br>";
} else {
$ar[$val] = 1;
}
}
}
//elseif(is_Array($_POST[$par_name])) $$par_name=$_POST[$par_name][$i];
if (!${$par_name} && is_Array($_POST[$par_name])) {
$par_val = $_POST[$par_name][$i];
} elseif (!${$par_name}) {
$par_val = $_POST[$par_name];
} else {
$par_val = ${$par_name};
}
$error = $er;
if ($item->type == "email") {
$item->preg = "/^[_a-zA-Z0-9-]+(\\.[_a-zA-Z0-9-]+)*@[a-zA-Z0-9-]+(\\.[a-zA-Z0-9-]+)*(\\.[a-zA-Z]{2,4})\$/";
}
if ($item->preg && $par_val && !preg_match($item->preg, $par_val)) {
$er .= sysmessage(8) . " {$item->caption}<br>";
}
if (strlen($par_val) == 0 && $item->needed) {
$er .= sysmessage(9) . " {$item->caption}<br>";
}
if ($par_val && $item->maxlength && strlen($par_val) > $item->maxlength) {
$er .= sysmessage(10) . " {$item->caption} " . sysmessage(11) . " {$item->maxlength}";
}
if ($par_val && $item->minlength && strlen($par_val) < $item->minlength) {
$er .= sysmessage(10) . " {$item->caption} " . sysmessage(12) . " {$item->minlength}";
}
if (strlen($par_val) && strlen($item->max) && $par_val > $item->max) {
$er = sysmessage(6) . " {$item->caption} " . sysmessage(13) . " {$item->max}<br>";
}
if (strlen($par_val) && strlen($item->min) && $par_val < $item->min) {
$er = sysmessage(6) . " {$item->caption} " . sysmessage(14) . " {$item->min}<br>";
}
if ($er != $error) {
$this->wrong[$w] = $par_name;
$w++;
}
if ($par_name) {
if ($item->type != "flag" && $item->type != "image" && $item->type != "imageeditor" && $par_name != "Small" && $item->type != "file") {
$par_val = str_replace("<", "<", $par_val);
$par_val = str_replace(">", ">", $par_val);
//if($item->type=="numeric") $par_val=intval($par_val);
if ($item->type == "text" || $item->type == "editor" || $item->type == "string") {
$search .= strip_tags($par_val) . " ";
}
if ($item->type == "text" || $item->type == "editor") {
if ($item->type == "text") {
$par_val = str_replace("\r\n", "<br />", $par_val);
if ($item->type == "text") {
$par_val = mysql_real_escape_string($par_val);
}
}
$par_val = stripslashes($par_val);
} else {
$par_val = mysql_real_escape_string($par_val);
$par_val = stripslashes($par_val);
}
$par_val = stripslashes($par_val);
}
$par_val = addslashes($par_val);
$sql = "SET @" . "{$par_name}='{$par_val}'";
mysql_query($sql);
//print "$sql";
}
$par_val = stripslashes($par_val);
//$a=$par_val;
if ($item->unique && $par_val && !$mult) {
$par_val = addslashes($par_val);
$sql = "select * from {$this->table} where {$par_name}='{$par_val}' and {$item->unique}";
if ($this->select) {
$sq .= " and " . str_replace("=", "<>", substr($this->select, strpos($this->select, "where ") + 6));
while (strstr($sq, ".")) {
$sq = substr($sq, 0, strpos($sq, ".") - 1) . substr($sq, 1 + strpos($sq, "."));
}
$sql .= $sq;
}
$res = runsql($sql, $this->name);
if (mysql_num_rows($res)) {
$er .= sysmessage(3) . " {$item->caption}={$par_val}<br>";
}
}
} else {
$str = substr($str, 1 + $q);
}
//if($a!=$par_val) print "$par_name изменилс¤<br>";
}
return $st;
}
