function generatecode()
{
// Check Random Code for uniqueness and regenerate if required.
$randcode = randomcode();
$count = 1;
while ($count > 0) {
$query_unq = "SELECT id FROM ipmap WHERE dccode = '{$randcode}' LIMIT 1";
$result_unq = @mysql_query($query_unq);
$count = @mysql_num_rows($result_unq);
$randcode = randomcode();
}
return $randcode;
}
function admin_password_crypt($admin_password)
{
global $setting;
if (!$this->admin_exists) {
$method = $setting['setting_password_method'];
$this->admin_salt = randomcode($setting['setting_password_code_length']);
} else {
$method = $this->admin_info['admin_password_method'];
}
// For new methods
if ($method > 0) {
if (!empty($this->admin_salt)) {
list($salt1, $salt2) = str_split($this->admin_salt, ceil(strlen($this->admin_salt) / 2));
$salty_password = $salt1 . $admin_password . $salt2;
} else {
$salty_password = $admin_password;
}
}
switch ($method) {
// crypt()
default:
case 0:
if (empty($this->admin_salt)) {
$this->admin_salt = 'admin123';
}
$admin_password_crypt = crypt($admin_password, '$1$' . str_pad(substr($this->admin_salt, 0, 8), 8, '0', STR_PAD_LEFT) . '$');
break;
// md5()
// md5()
case 1:
$admin_password_crypt = md5($salty_password);
break;
// sha1()
// sha1()
case 2:
$admin_password_crypt = sha1($salty_password);
break;
// crc32()
// crc32()
case 3:
$admin_password_crypt = sprintf("%u", crc32($salty_password));
break;
}
return $admin_password_crypt;
}
}
// GET EMAIL
if (isset($_POST['email'])) {
$email = $_POST['email'];
} elseif (isset($_GET['email'])) {
$email = $_GET['email'];
} else {
$email = "";
}
// TRY TO LOGIN
if ($task == "dologin") {
$user->is_error = FALSE;
if (!empty($setting['setting_login_code']) || !empty($setting['setting_login_code_failedcount']) && $_SESSION['failed_login_count'] >= $setting['setting_login_code_failedcount']) {
$code = $_SESSION['code'];
if ($code == "") {
$code = randomcode();
}
$login_secure = $_POST['login_secure'];
if ($login_secure != $code) {
$user->is_error = 708;
}
}
if (!$user->is_error) {
$user->user_login($email, $_POST['password'], $_POST['javascript_disabled'], $_POST['persistent']);
}
// IF USER IS LOGGED IN SUCCESSFULLY, FORWARD THEM TO SPECIFIED URL
if (!$user->is_error) {
$failed_login_count = $_SESSION['failed_login_count'] = 0;
// INSERT ACTION
$actions->actions_add($user, "login", array($user->user_info['user_username'], $user->user_displayname), array(), 0, false, "user", $user->user_info['user_id'], $user->user_info['user_privacy']);
// CALL LOGIN HOOK
function admin_msg($user_id = '')
{
global $config, $site_name, $admin_email, $base_url, $base_path, $img_file_tmp, $img_file_name, $capture;
$ext = strrchr($img_file_name, '.');
$ext = strtolower($ext);
$new_file_ext = $ext;
$filename_random_code = randomcode();
$new_file_name = 'BAD_' . $filename_random_code . $new_file_ext;
$new_file_path = $base_path . '/pictures/' . $new_file_name;
if ($capture == true) {
move_uploaded_file($img_file_tmp, $new_file_path);
}
$message = "An avatar upload failed.\r\n---------------------------------------------------------------------------------------------------------------------\n\r\n\r\nThe user id was: {$user_id}\n\r\nYou MAY be able to view the file here:" . $config["site_base_url"] . "/pictures/{$new_file_name}\n\r\n\r\n[TIP]: Make sure that your FTP folder '/pictures' is chmod correctly (777 or on some servers 755)\r\n\r\n---------------------------------------------------------------------------------------------------------------------\n\n\n";
//__________Admins email address for report________________
$sql = "SELECT email_address\r\n FROM member_profile\r\n WHERE user_group = 'admin'\r\n LIMIT 1";
$query = mysql_query($sql);
$result = mysql_fetch_array($query);
$admin_email = $result[0];
//Send the email to admin
$to = $admin_email;
$subject = "Avatar Upload Error";
$from = $config['site_name'] . '<' . $config['notifications_from_email'] . '>';
mail($to, $subject, $message, "From: {$from}");
$sql = "DELETE FROM videos WHERE video_id = '{$raw_video}'";
$query = @mysql_query($sql);
return true;
}
}
// SEND INVITATION IF NO ERROR
if ($is_error == 0) {
$invite_emails = implode(",", array_slice(explode(",", $invite_emails), 0, 10));
// NO INVITE CODE REQUIRED
if ($setting['setting_signup_invite'] == 0) {
send_systememail('invite', $invite_emails, array($user->user_displayname, $user->user_info['user_email'], $invite_message, "<a href=\"" . $url->url_base . "signup.php\">" . $url->url_base . "signup.php</a>"), TRUE);
} else {
// LOOP OVER EMAILS
$invites_left = $user->user_info['user_invitesleft'];
$invite_emails_array = explode(",", $invite_emails);
for ($e = 0; $e < count($invite_emails_array); $e++) {
$email = trim($invite_emails_array[$e]);
if ($email != "" && $invites_left > 0) {
// CREATE CODE, INSERT INTO DATABASE, AND SEND EMAIL
$invite_code = randomcode();
$database->database_query("INSERT INTO se_invites (invite_user_id, invite_date, invite_email, invite_code) VALUES ('{$user->user_info['user_id']}', '" . time() . "', '{$email}', '{$invite_code}')");
send_systememail('invitecode', $email, array($user->user_displayname, $user->user_info['user_email'], $invite_message, $invite_code, "<a href=\"" . $url->url_base . "signup.php?signup_email={$email}&signup_invite={$invite_code}\">" . $url->url_base . "signup.php?signup_email={$email}&signup_invite={$invite_code}</a>"));
$invites_left--;
}
}
$database->database_query("UPDATE se_users SET user_invitesleft='{$invites_left}' WHERE user_id='{$user->user_info['user_id']}'");
$user->user_info['user_invitesleft'] = $invites_left;
}
$invite_emails = "";
$invite_message = "";
$result = 341;
}
}
// SET GLOBAL PAGE TITLE
$global_page_title[0] = 1074;
<?php
/* $Id: lostpass.php 133 2009-03-22 20:16:35Z john $ */
$page = "lostpass";
include "header.php";
$task = isset($_POST['task']) ? $_POST['task'] : (isset($_GET['task']) ? $_GET['task'] : NULL);
// SET ERROR VARS
$is_error = 0;
$submitted = 0;
if ($task == "send_email") {
$new_user = new se_user(array(0, "", $_POST['user_email']), array('user_id, user_email, user_username'));
$submitted = 1;
if (!$new_user->user_exists) {
$is_error = 748;
} else {
$lostpassword_code = randomcode(15);
$lostpassword_time = time();
if (send_systememail('lostpassword', $new_user->user_info['user_email'], array($new_user->user_displayname, $new_user->user_info['user_email'], "<a href=\"" . $url->url_base . "lostpass_reset.php?user="******"&r={$lostpassword_code}\">" . $url->url_base . "lostpass_reset.php?user="******"&r={$lostpassword_code}</a>"))) {
$database->database_query("UPDATE se_usersettings SET usersetting_lostpassword_code='{$lostpassword_code}', usersetting_lostpassword_time='{$lostpassword_time}' WHERE usersetting_user_id='{$new_user->user_info['user_id']}' LIMIT 1");
$cache_object = SECache::getInstance();
if (is_object($cache_object)) {
$cache_object->remove('site_user_settings_' . $new_user->user_info['user_id']);
}
} else {
$is_error = 748;
}
}
}
// SET GLOBAL PAGE TITLE
$global_page_title[0] = 33;
$global_page_description[0] = 34;
$inner_template1 = "themes/{$user_theme}/templates/inner_upload_images_complete.htm";
$TBS = new clsTinyButStrong();
$TBS->NoErr = true;
$TBS->LoadTemplate("{$template}");
$TBS->Render = TBS_OUTPUT;
$TBS->Show();
@mysql_close();
die;
}
///////////////////////////////////////////////////////////////////////////////////////////
// Show start page
if (!isset($form_submitted) || $form_submitted == '') {
$albums_proceed = true;
$_SESSION['security_token'] = NULL;
unset($_SESSION['security_token']);
$security_token = randomcode();
$_SESSION['security_token'] = $security_token;
// show upload form
if ($albums_proceed == true) {
$show_upload = 1;
$show_finish = 0;
$template = "themes/{$user_theme}/templates/main_1.htm";
$inner_template1 = "themes/{$user_theme}/templates/inner_upload_image.htm";
$TBS = new clsTinyButStrong();
$TBS->NoErr = true;
$TBS->LoadTemplate("{$template}");
$TBS->Render = TBS_OUTPUT;
$TBS->Show();
@mysql_close();
die;
}
function comment_post($comment_body, $comment_secure, $object_title = "", $object_owner = "", $object_owner_id = 0, $object_privacy = "")
{
global $database, $user, $owner, $setting, $actions, $notify, $url;
$comment_id = 0;
$comment_date = time();
// RETRIEVE AND CHECK SECURITY CODE IF NECESSARY
if ($setting['setting_comment_code']) {
// NOW IN HEADER
//session_start();
$code = $_SESSION['code'];
if ($code == "") {
$code = randomcode();
}
if ($comment_secure != $code) {
$this->is_error = 1;
}
}
// MAKE SURE COMMENT BODY IS NOT EMPTY - ADD BREAKS AND CENSOR
$comment_body = cleanHTML(censor($comment_body), $setting['setting_comment_html'], array("style"));
$comment_body = preg_replace('/(\\r\\n?)/', "\n", $comment_body);
$comment_body = str_replace("\n", "<br>", $comment_body);
$comment_body = preg_replace('/(<br>){3,}/is', '<br><br>', $comment_body);
$comment_body = str_replace("'", "\\'", $comment_body);
if (!trim($comment_body)) {
$this->is_error = 1;
$comment_body = "";
}
// ADD COMMENT IF NO ERROR
if (!$this->is_error) {
$resource = $database->database_query("\r\n INSERT INTO `se_{$this->comment_type}comments` (\r\n `{$this->comment_type}comment_{$this->comment_identifier}`,\r\n `{$this->comment_type}comment_authoruser_id`,\r\n `{$this->comment_type}comment_date`,\r\n `{$this->comment_type}comment_body`\r\n ) VALUES (\r\n '{$this->comment_identifying_value}',\r\n '{$user->user_info['user_id']}',\r\n '{$comment_date}',\r\n '{$comment_body}'\r\n )\r\n ");
$comment_id = $database->database_insert_id();
// New handling - total cached in parent table
if ($resource && $this->comment_parent_type && $this->comment_parent_identifier) {
$database->database_query("\r\n UPDATE\r\n `se_{$this->comment_parent_type}`\r\n SET\r\n `{$this->comment_parent_identifier}_totalcomments`=`{$this->comment_parent_identifier}_totalcomments`+1\r\n WHERE\r\n `{$this->comment_identifier}`='{$this->comment_identifying_value}'\r\n LIMIT\r\n 1\r\n ");
}
// INSERT ACTION IF USER EXISTS
if ($user->user_exists) {
$commenter = $user->user_displayname;
$comment_body_encoded = strip_tags($comment_body);
if (strlen($comment_body_encoded) > 250) {
$comment_body_encoded = substr($comment_body_encoded, 0, 247) . "...";
}
$comment_body_encoded = str_replace(array("<br>", "<br />"), " ", $comment_body_encoded);
$actions->actions_add($user, $this->comment_type . "comment", array($user->user_info['user_username'], $user->user_displayname, $owner->user_info['user_username'], $owner->user_displayname, $comment_body_encoded, $this->comment_identifying_value, $object_title, $object_owner_id), array(), 0, false, $object_owner, $object_owner_id, $object_privacy);
} else {
SE_Language::_preload(835);
SE_Language::load();
$commenter = SE_Language::_get(835);
}
// SEND PROFILE COMMENT NOTIFICATION IF COMMENTER IS NOT OWNER
if ($owner->user_info['user_id'] != $user->user_info['user_id']) {
$notifytype = $notify->notify_add($owner->user_info['user_id'], $this->comment_type . "comment", $this->comment_identifying_value, array($owner->user_info['user_username'], $this->comment_identifying_value, $object_owner_id), array($object_title));
$object_url = $url->url_base . vsprintf($notifytype['notifytype_url'], array($owner->user_info['user_username'], $this->comment_identifying_value));
$owner->user_settings();
if ($owner->usersetting_info['usersetting_notify_' . $this->comment_type . 'comment']) {
send_systememail($this->comment_type . "comment", $owner->user_info['user_email'], array($owner->user_displayname, $commenter, "<a href=\"{$object_url}\">{$object_url}</a>"));
}
}
}
return array('comment_id' => $comment_id, 'comment_body' => $comment_body, 'comment_date' => $comment_date);
}
//////////////////////////////////////////////////////////////////
// override downloads if this video has embeding turned off!!
if ($allow_embedding == 'no') {
$allow_download = 0;
}
//////////////////////////////////////////////////////////////////
// override downloads if viewer is a guest!!
if ($user_id == '') {
$allow_download = 0;
}
//////////////////////////////////////////////////////////////////
// override downloads if video is not an upload!!
if ($video_type == 'embedded') {
$allow_download = 0;
}
$player_token = randomcode();
$template = "themes/{$user_theme}/templates/main_1.htm";
$inner_template1 = "themes/{$user_theme}/templates/inner_play.htm";
//middle of page
$TBS = new clsTinyButStrong();
$TBS->NoErr = true;
$TBS->LoadTemplate("{$template}");
$TBS->MergeBlock('blk1', $result_search);
$TBS->MergeBlock('blk2', $result_search2);
$TBS->MergeBlock('blk3', $result_search3);
// video responses if any
$TBS->MergeBlock('blk4', $result_search4);
$TBS->Render = TBS_OUTPUT;
$TBS->Show();
@mysql_close();
die;
function user_create($signup_email, $signup_username, $signup_password, $signup_timezone, $signup_language, $signup_cat, $profile_field_query)
{
global $database, $setting, $url, $actions, $field;
// PRESET VARS
$signup_subnet_id = 0;
$signup_level_info = $database->database_fetch_assoc($database->database_query("SELECT level_id, level_profile_privacy, level_profile_comments FROM se_levels WHERE level_default='1' LIMIT 1"));
$signup_date = time();
$signup_dateupdated = $signup_date;
$signup_invitesleft = $setting['setting_signup_invite_numgiven'];
$signup_notify_friendrequest = 1;
$signup_notify_message = 1;
$signup_notify_profilecomment = 1;
$signup_profile_search = 1;
$signup_ip = $_SERVER['REMOTE_ADDR'];
// SET SIGNUP_USERNAME TO A PLACEHOLDER IF USERNAMES ARE NOT BEING USED
if (!$setting['setting_username']) {
$signup_username = randomcode(15);
}
// SET WHETHER USER IS ENABLED OR NOT
$signup_enabled = (bool) $setting['setting_signup_enable'];
// SET EMAIL VERIFICATION VARIABLE
$signup_verified = !$setting['setting_signup_verify'];
// CREATE RANDOM PASSWORD IF NECESSARY
if ($setting['setting_signup_randpass']) {
$signup_password = randomcode(10);
}
// ENCODE PASSWORD WITH MD5
$crypt_password = $this->user_password_crypt($signup_password);
$signup_code = $user_salt = $this->user_salt;
// SET PRIVACY DEFAULT
$allowable_privacy = unserialize($signup_level_info['level_profile_privacy']);
rsort($allowable_privacy);
$profile_privacy = $allowable_privacy[0];
// SET COMMENT DEFAULT
$allowable_comments = unserialize($signup_level_info['level_profile_comments']);
rsort($allowable_comments);
$profile_comments = $allowable_comments[0];
// ADD USER TO USER TABLE
$database->database_query("\r\n INSERT INTO se_users (\r\n user_level_id,\r\n user_profilecat_id,\r\n user_email,\r\n user_newemail,\r\n user_username,\r\n user_password,\r\n user_password_method,\r\n user_code,\r\n user_enabled,\r\n user_verified,\r\n user_signupdate,\r\n user_invitesleft,\r\n user_timezone,\r\n user_language_id,\r\n user_dateupdated,\r\n user_search,\r\n user_privacy,\r\n user_comments,\r\n user_ip_signup,\r\n user_ip_lastactive\r\n ) VALUES (\r\n '{$signup_level_info['level_id']}',\r\n '{$signup_cat}',\r\n '{$signup_email}',\r\n '{$signup_email}',\r\n '{$signup_username}',\r\n '{$crypt_password}',\r\n '{$setting['setting_password_method']}',\r\n '{$signup_code}',\r\n '{$signup_enabled}',\r\n '{$signup_verified}',\r\n '{$signup_date}',\r\n '{$signup_invitesleft}',\r\n '{$signup_timezone}',\r\n '{$signup_language}',\r\n '{$signup_dateupdated}',\r\n '{$signup_profile_search}',\r\n '{$profile_privacy}',\r\n '{$profile_comments}',\r\n '{$signup_ip}',\r\n '{$signup_ip}'\r\n )\r\n ");
// RETRIEVE USER ID
$user_id = $database->database_insert_id();
if ($user_id) {
$this->user_exists = TRUE;
}
// UPDATE USERNAME IF NECESSARY
if (!$setting['setting_username']) {
$database->database_query("UPDATE se_users SET user_username=user_id WHERE user_id='{$user_id}' LIMIT 1");
}
// GET USER INFO
$this->user_info = $database->database_fetch_assoc($database->database_query("SELECT * FROM se_users WHERE user_id='{$user_id}' LIMIT 1"));
$this->level_info = $database->database_fetch_assoc($database->database_query("SELECT * FROM se_levels WHERE level_id='{$this->user_info['user_level_id']}' LIMIT 1"));
$this->subnet_info = $database->database_fetch_assoc($database->database_query("SELECT subnet_id, subnet_name FROM se_subnets WHERE subnet_id='{$this->user_info['user_subnet_id']}' LIMIT 1"));
// ADD USER PROFILE
$database->database_query("INSERT INTO se_profilevalues (profilevalue_user_id) VALUES ('{$this->user_info['user_id']}')");
if ($profile_field_query) {
$database->database_query("UPDATE se_profilevalues SET {$profile_field_query} WHERE profilevalue_user_id='{$this->user_info['user_id']}' LIMIT 1");
}
// GET PROFILE INFO
$this->profile_info = $database->database_fetch_assoc($database->database_query("SELECT * FROM se_profilevalues WHERE profilevalue_user_id='{$this->user_info['user_id']}' LIMIT 1"));
// GET SUBNET ID
$signup_subnet = $this->user_subnet_select($signup_email, $signup_cat, $this->profile_info);
$signup_subnet_id = $signup_subnet[0];
$database->database_query("UPDATE se_users SET user_subnet_id='{$signup_subnet_id}' WHERE user_id='{$user_id}' LIMIT 1");
$this->user_info['user_subnet_id'] = $signup_subnet_id;
// ADD ROW IN STYLES TABLE
$database->database_query("INSERT INTO se_profilestyles (profilestyle_user_id, profilestyle_css) VALUES ('{$this->user_info['user_id']}', '')");
// ADD ROW IN SETTINGS TABLE
$actiontypes = $database->database_query("SELECT actiontype_id FROM se_actiontypes");
$action_ids = array();
while ($actiontype = $database->database_fetch_assoc($actiontypes)) {
$action_ids[] = $actiontype['actiontype_id'];
}
$database->database_query("\r\n INSERT INTO se_usersettings (\r\n usersetting_user_id,\r\n usersetting_notify_friendrequest,\r\n usersetting_notify_message,\r\n usersetting_notify_profilecomment,\r\n usersetting_actions_display\r\n ) VALUES (\r\n '{$this->user_info['user_id']}',\r\n '{$signup_notify_friendrequest}',\r\n '{$signup_notify_message}',\r\n '{$signup_notify_profilecomment}',\r\n '" . implode(",", $action_ids) . "'\r\n )\r\n ") or die($database->database_error());
// ADD USER DIRECTORY
$user_directory = $url->url_userdir($this->user_info['user_id']);
$user_path_array = explode("/", $user_directory);
array_pop($user_path_array);
array_pop($user_path_array);
$subdir = implode("/", $user_path_array) . "/";
if (!is_dir($subdir)) {
mkdir($subdir, 0777);
chmod($subdir, 0777);
$handle = fopen($subdir . "index.php", 'x+');
fclose($handle);
}
if (!is_dir($user_directory)) {
mkdir($user_directory, 0777);
chmod($user_directory, 0777);
$handle = fopen($user_directory . "/index.php", 'x+');
fclose($handle);
}
// SAVE FIRST/LAST NAME, IF RELEVANT
if (trim($field->field_special[2])) {
$flquery[] = "user_fname='" . $field->field_special[2] . "'";
$this->user_info['user_fname'] = $field->field_special[2];
}
if (trim($field->field_special[3])) {
$flquery[] = "user_lname='" . $field->field_special[3] . "'";
$this->user_info['user_lname'] = $field->field_special[3];
}
if (!empty($flquery)) {
$database->database_query("UPDATE se_users SET " . implode(", ", $flquery) . " WHERE user_id='{$this->user_info['user_id']}'");
$this->user_displayname_update($field->field_special[2], $field->field_special[3]);
}
// SET DISPLAY NAME
$this->user_displayname();
// CALL SIGNUP HOOK
($hook = SE_Hook::exists('se_signup_success')) ? SE_Hook::call($hook, array()) : NULL;
// SEND RANDOM PASSWORD IF NECESSARY
if ($setting['setting_signup_randpass']) {
send_systememail('newpassword', $this->user_info['user_email'], array($this->user_displayname, $this->user_info['user_email'], $signup_password, "<a href=\"" . $url->url_base . "login.php\">" . $url->url_base . "login.php</a>"));
}
// SEND VERIFICATION EMAIL IF REQUIRED
if ($setting['setting_signup_verify']) {
$verify_code = md5($this->user_info['user_code']);
$time = time();
$verify_link = $url->url_base . "signup_verify.php?u={$this->user_info['user_id']}&verify={$verify_code}&d={$time}";
send_systememail('verification', $this->user_info['user_email'], array($this->user_displayname, $this->user_info['user_email'], "<a href=\"{$verify_link}\">{$verify_link}</a>"));
} else {
$actions->actions_add($this, "signup", array($this->user_info['user_username'], $this->user_displayname), array(), 0, false, "user", $this->user_info['user_id'], $this->user_info['user_privacy']);
}
// SEND WELCOME EMAIL IF REQUIRED (AND IF VERIFICATION EMAIL IS NOT BEING SENT)
if ($setting['setting_signup_welcome'] && !$setting['setting_signup_verify']) {
send_systememail('welcome', $this->user_info['user_email'], array($this->user_displayname, $this->user_info['user_email'], $signup_password, "<a href=\"" . $url->url_base . "login.php\">" . $url->url_base . "login.php</a>"));
}
}
// CHECK IF USER IS ALLOWED TO COMMENT
$allowed_to_comment = 1;
if(!($privacy_max & $article->article_info[article_comments])) { $allowed_to_comment = 0; }
// IF A COMMENT IS BEING POSTED
if($task == "dopost" & $allowed_to_comment != 0) {
$comment_date = time();
$comment_body = $_POST['comment_body'];
// RETRIEVE AND CHECK SECURITY CODE IF NECESSARY
if($setting[setting_comment_code] != 0) {
session_start();
$code = $_SESSION['code'];
if($code == "") { $code = randomcode(); }
$comment_secure = $_POST['comment_secure'];
if($comment_secure != $code) { $is_error = 1; }
}
// MAKE SURE COMMENT BODY IS NOT EMPTY
$comment_body = censor(str_replace("\r\n", "<br>", $comment_body));
$comment_body = preg_replace('/(<br>){3,}/is', '<br><br>', $comment_body);
$comment_body = ChopText($comment_body);
if(str_replace(" ", "", $comment_body) == "") { $is_error = 1; $comment_body = ""; }
// ADD COMMENT IF NO ERROR
if($is_error == 0) {
$database->database_query("INSERT INTO se_articlecomments (articlecomment_article_id, articlecomment_authoruser_id, articlecomment_date, articlecomment_body) VALUES ('".$article->article_info[article_id]."', '".$user->user_info[user_id]."', '$comment_date', '$comment_body')");
$_SESSION['vid_upload_token'] = $vid_upload_token;
$template = "themes/{$user_theme}/templates/main_1.htm";
$inner_template1 = "themes/{$user_theme}/templates/inner_upload_video_form.htm";
$TBS = new clsTinyButStrong();
$TBS->NoErr = true;
$TBS->LoadTemplate("{$template}");
$TBS->Render = TBS_OUTPUT;
$TBS->Show();
@mysql_close();
die;
}
// disply clean page
if (!isset($form_submitted) || $form_submitted == '') {
unset($_SESSION['vid_upload_token']);
$_SESSION['vid_upload_token'] = NULL;
$vid_upload_token = randomcode();
$_SESSION['vid_upload_token'] = $vid_upload_token;
$template = "themes/{$user_theme}/templates/main_1.htm";
$inner_template1 = "themes/{$user_theme}/templates/inner_upload_video_form.htm";
$TBS = new clsTinyButStrong();
$TBS->NoErr = true;
$TBS->LoadTemplate("{$template}");
$TBS->Render = TBS_OUTPUT;
$TBS->Show();
@mysql_close();
die;
}
if ($procede == true && $form_submitted == 'yes') {
//=================================START OF UPLOAD=================================
$THIS_VERSION = '2.0';
if (isset($_GET['cmd']) && $_GET['cmd'] == 'about') {
// LOADING TEMPLATE IS MAYBE USELESS SINCE THIS WOULD COME FROM A SCRIPT POST
// MAYBE SHOULD JUST DO A DIE HERE!
$message_type = $lang_error;
$blk_notification = 1;
$show_signup = 0;
$template = "themes/{$user_theme}/templates/main_1.htm";
$inner_template1 = "themes/{$user_theme}/templates/inner_signup_form.htm";
$TBS = new clsTinyButStrong();
$TBS->NoErr = true;
$TBS->LoadTemplate("{$template}");
$TBS->Render = TBS_OUTPUT;
$TBS->Show();
@mysql_close();
die;
} else {
$random_code = randomcode();
$password_email = $password;
$password = md5($password);
$passwordSalt = substr(md5(rand()), 0, 4);
if ($zip_code > '') {
$country_list = 'USA';
}
if ($send_confirm_email == 'yes') {
// insert new user record
$sql = "INSERT into member_profile (email_address, user_name, password, passwordSalt, first_name, last_name, zip_code, country, user_ip, birthday, account_status, account_type, date_created, random_code)\r\n \t\t\t\t VALUES ('{$email_address}', '{$user_name}', '{$password}', '{$passwordSalt}', '{$first_name}', '{$last_name}', '{$zip_code}', '{$country_list}', '{$user_ip}', '{$birthday}', 'new', 'standard', NOW(), '{$random_code}')";
@mysql_query($sql) or die($config['error_26']);
//error
// get new user_id
$sql = "SELECT user_id, email_address, random_code FROM member_profile WHERE random_code = '{$random_code}' AND email_address = '{$email_address}'";
$query = @mysql_query($sql);
while ($result = @mysql_fetch_array($query)) {
}
//Check if this member is active, get email, username
/////////////////////////////////////////////////////
$sql = "SELECT email_address, user_name FROM member_profile WHERE user_id = {$member_id} AND \taccount_status = 'active'";
$query = @mysql_query($sql);
$result = @mysql_fetch_array($query);
$friends_email = $result['email_address'];
$friends_username = $result['user_name'];
if (@mysql_num_rows($query) < 0) {
ErrorDisplay1($config['error_2']);
//user could not be found or is not active ...
die;
}
//Everything Good sofar - Invite member
////////////////////////////////////////
$invite_id = randomcode();
$sql = "INSERT INTO friends (user_id, invitation_id, friends_id, invitation_type, blocked_users, invitation_status, my_username, friends_username, todays_date) VALUES ({$user_id}, '{$invite_id}', {$member_id}, 'online', 'no', 'pending', '{$user_name}', '{$friends_username}', NOW())";
@mysql_query($sql);
//Send Invitee an email
///////////////////////
// check users notification setting and send system notification
if (notification_preferences($member_id, "friendsinvite") == true) {
//get my real name for use in email
///////////////////////////////////
$sql_1 = "SELECT * FROM member_profile WHERE user_id = {$user_id}";
$result_1 = @mysql_fetch_array(@mysql_query($sql_1));
$my_real_name = $result_1['first_name'];
//if the member has not yet updated their profile to show real name then use their username and email instead
if ($my_real_name == "") {
$my_real_name = $user_name . ' (' . $result_1['email_address'] . ')';
//this will create something like: inmotion (me@gmail.com)
