function gen_blogposts_cache() { global $dbtable_prefix; $dirname = dirname(__FILE__); $temp = array(); if ($dirname[0] == '/') { // unixes here $temp = explode('/', $dirname); } else { // windows here $temp = explode('\\', $dirname); } $interval = (int) $temp[count($temp) - 1]; // that's how often we're executed ;) $short_blog_chars = 400; $config = get_site_option(array('bbcode_blogs', 'use_smilies'), 'core_blog'); require_once _BASEPATH_ . '/includes/classes/fileop.class.php'; $fileop = new fileop(); $post_ids = array(); $query = "SELECT a.`post_id`,UNIX_TIMESTAMP(a.`date_posted`) as `date_posted`,a.`fk_user_id`,a.`_user` as `user`,a.`fk_blog_id`,a.`title`,a.`post_content`,b.`_photo` as `photo`,c.`blog_name` FROM `{$dbtable_prefix}blog_posts` a,`{$dbtable_prefix}user_profiles` b,`{$dbtable_prefix}user_blogs` c WHERE a.`fk_user_id`=b.`fk_user_id` AND a.`fk_blog_id`=c.`blog_id` AND a.`status`=" . STAT_APPROVED . " AND a.`last_changed`>=DATE_SUB('" . gmdate('YmdHis') . "',INTERVAL " . ($interval + 2) . " MINUTE)"; if (!($res = @mysql_query($query))) { trigger_error(mysql_error(), E_USER_ERROR); } while ($blog = mysql_fetch_assoc($res)) { $post_ids[] = $blog['post_id']; $blog['title'] = remove_banned_words(sanitize_and_format($blog['title'], TYPE_STRING, $GLOBALS['__field2format'][TEXT_DB2EDIT])); $blog['post_content'] = remove_banned_words($blog['post_content']); $post_content_short = substr($blog['post_content'], 0, strrpos(substr($blog['post_content'], 0, $short_blog_chars), ' ')); $post_content_short = sanitize_and_format($post_content_short, TYPE_STRING, $GLOBALS['__field2format'][TEXT_DB2DISPLAY]); $blog['post_content'] = sanitize_and_format($blog['post_content'], TYPE_STRING, $GLOBALS['__field2format'][TEXT_DB2DISPLAY]); if (!empty($config['bbcode_blogs'])) { $blog['post_content'] = bbcode2html($blog['post_content']); $post_content_short = bbcode2html($post_content_short); } if (!empty($config['use_smilies'])) { $blog['post_content'] = text2smilies($blog['post_content']); $post_content_short = text2smilies($post_content_short); } if (empty($blog['photo']) || !is_file(_PHOTOPATH_ . '/t1/' . $blog['photo'])) { $blog['photo'] = 'no_photo.gif'; } else { $blog['has_photo'] = true; } if (empty($blog['fk_user_id'])) { unset($blog['fk_user_id']); } $towrite = '<?php $post=' . var_export($blog, true) . ';'; $fileop->file_put_contents(_CACHEPATH_ . '/blogs/posts/' . $blog['post_id'][0] . '/' . $blog['post_id'] . '.inc.php', $towrite); $blog['post_content'] = $post_content_short; $towrite = '<?php $post=' . var_export($blog, true) . ';'; $fileop->file_put_contents(_CACHEPATH_ . '/blogs/posts/' . $blog['post_id'][0] . '/' . $blog['post_id'] . '_short.inc.php', $towrite); } return true; }
function __construct($error, $config = array()) { $this->_init(); $this->config = array_merge($this->config, $config); $error = array_merge(array('module_name' => '', 'text' => ''), $error); if ($this->config['log_mode'] == _ERRORLOG_DB_) { $dbtable_prefix = $GLOBALS['dbtable_prefix']; $query = "INSERT IGNORE INTO `{$dbtable_prefix}error_log` SET `module`='" . $error['module_name'] . "',`error`='" . sanitize_and_format($error['text'], TYPE_STRING, FORMAT_ADDSLASH) . "'"; @mysql_query($query); } elseif ($this->config['log_mode'] == _ERRORLOG_FILE_) { error_log("\n-------\n" . date('Y-m-d H:i:s', time()) . ': ' . $error['module_name'] . ': ' . $error['text'] . "\n\n", 3, $this->config['file_log']); } elseif ($this->config['log_mode'] == _ERRORLOG_STDOUT_) { echo $error['module_name'] . ': ' . $error['text']; } }
function upcoming_eot() { global $dbtable_prefix; $config['days_before'] = 4; $query_strlen = 20000; $now = gmdate('Ymd'); $query = "SELECT b.`email`,c.`_user` as `user` FROM `{$dbtable_prefix}payments` a,`" . USER_ACCOUNTS_TABLE . "` b,`{$dbtable_prefix}user_profiles` c WHERE a.`fk_user_id`=b.`" . USER_ACCOUNT_ID . "` AND a.`fk_user_id`=c.`fk_user_id` AND a.`paid_until`='{$now}'-INTERVAL " . $config['days_before'] . " DAY AND a.`is_active`=1 AND a.`is_recurring`=0"; if (!($res = @mysql_query($query))) { trigger_error(mysql_error(), E_USER_ERROR); } $alerts = array(); while ($rsrow = mysql_fetch_assoc($res)) { $alerts[$rsrow['email']] = $rsrow; } if (!empty($alerts)) { $skin = get_default_skin_dir(); $tpl = new phemplate(_BASEPATH_ . '/skins_site/' . $skin . '/emails/', 'remove_nonjs'); $tpl->set_file('temp', 'subscr_expire_alert.html'); $tpl->set_var('tplvars', $tplvars); $subject = sprintf($GLOBALS['_lang'][218], _SITENAME_); $subject = sanitize_and_format($subject, TYPE_STRING, $GLOBALS['__field2format'][FIELD_TEXTFIELD]); $insert = "INSERT INTO `{$dbtable_prefix}queue_email` (`to`,`subject`,`message_body`) VALUES "; $iquery = $insert; foreach ($alerts as $email => $v) { $tpl->set_var('output', $v); $message_body = $tpl->process('', 'temp', TPL_LOOP | TPL_OPTLOOP | TPL_OPTIONAL | TPL_FINISH); $message_body = sanitize_and_format($message_body, TYPE_STRING, $GLOBALS['__field2format'][FIELD_TEXTAREA]); if (strlen($iquery) > $query_strlen) { $iquery = substr($iquery, 0, -1); if (!($res = @mysql_query($iquery))) { trigger_error(mysql_error(), E_USER_ERROR); } $iquery = $insert; } $iquery .= "('{$email}','{$subject}','{$message_body}'),"; } if ($iquery != $insert) { $iquery = substr($iquery, 0, -1); if (!($res = @mysql_query($iquery))) { trigger_error(mysql_error(), E_USER_ERROR); } } } return true; }
function get_osignal_feed() { global $dbtable_prefix; require_once _BASEPATH_ . '/includes/classes/feed_reader.class.php'; $module_code = 'osignal_feed'; $config = get_site_option(array('enabled', 'feed_url'), $module_code); if ($config['enabled']) { $fr = new feedReader(); $ok = $fr->getFeed($config['feed_url']); if ($ok) { $query = "REPLACE INTO `{$dbtable_prefix}feed_cache` SET `module_code`='{$module_code}',`feed_xml`='" . sanitize_and_format($fr->getRawXML(), TYPE_STRING, FORMAT_ADDSLASH) . "',`update_time`='" . gmdate('YmdHis') . "'"; if (!($res = @mysql_query($query))) { trigger_error(mysql_error(), E_USER_ERROR); } } else { echo 'error retrieving the feed--> '; } } return true; }
function admin_processor() { $error = false; $my_input = array(); global $input, $__field2format, $dbtable_prefix, $default_skin_code; if (!$this->is_search) { $my_input['use_bbcode'] = sanitize_and_format_gpc($_POST, 'use_bbcode', TYPE_INT, 0, 0); $my_input['use_smilies'] = sanitize_and_format_gpc($_POST, 'use_smilies', TYPE_INT, 0, 0); $my_input['changes_status'] = sanitize_and_format_gpc($_POST, 'changes_status', TYPE_INT, 0, 0); $my_input['ta_len'] = sanitize_and_format_gpc($_POST, 'ta_len', TYPE_INT, 0, 0); $input['custom_config'] = sanitize_and_format(serialize($my_input), TYPE_STRING, FORMAT_ADDSLASH); } else { return array(); } return $error; }
default: break; } } check_login_member($input['acclevel_code']); if (!$error) { $query = "SELECT {$select} FROM {$from} WHERE {$where} ORDER BY {$orderby}"; //print $query; //die; if (!($res = @mysql_query($query))) { trigger_error(mysql_error(), E_USER_ERROR); } for ($i = 0; $i < mysql_num_rows($res); ++$i) { $post_ids[] = mysql_result($res, $i, 0); } $serialized_input = sanitize_and_format(serialize($input), TYPE_STRING, $__field2format[FIELD_TEXTFIELD]); $output['search_md5'] = md5($serialized_input); $query = "INSERT IGNORE INTO `{$dbtable_prefix}site_searches` SET `search_md5`='" . $output['search_md5'] . "',`search_type`=" . SEARCH_BLOG . ",`search`='{$serialized_input}',`results`='" . join(',', $post_ids) . "'"; if (!empty($_SESSION[_LICENSE_KEY_]['user']['user_id'])) { $query .= ",`fk_user_id`='" . $_SESSION[_LICENSE_KEY_]['user']['user_id'] . "'"; } if (!($res = @mysql_query($query))) { trigger_error(mysql_error(), E_USER_ERROR); } } } $output['totalrows'] = count($post_ids); // get the results from user cache for the found post_ids $loop = array(); if (!empty($output['totalrows'])) { if ($o >= $output['totalrows']) {
function admin_processor() { $error = false; global $input, $__field2format, $dbtable_prefix, $default_skin_code; $my_input = array(); if (!$this->is_search) { $age_start = sanitize_and_format_gpc($_POST, 'age_start', TYPE_INT, 0, 0); $age_end = sanitize_and_format_gpc($_POST, 'age_end', TYPE_INT, 0, 0); if ($age_start > $age_end) { $temp = $age_end; $age_end = $age_start; $age_start = $temp; } if ($age_start == $age_end) { $error = true; $GLOBALS['topass']['message']['type'] = MESSAGE_ERROR; $GLOBALS['topass']['message']['text'] = 'The start and end ages must not be equal'; } if (!$error) { $my_input['accepted_values'] = array('min' => $age_start, 'max' => $age_end); if (!empty($input['searchable']) && !empty($input['search_type'])) { $search_field = new $input['search_type'](array(), true); $temp = $search_field->admin_processor(); if (is_array($temp) && !empty($temp)) { $my_input = array_merge($my_input, $temp); } } $input['custom_config'] = sanitize_and_format(serialize($my_input), TYPE_STRING, FORMAT_ADDSLASH); } } else { return array(); } return $error; }
require_once '../includes/admin_functions.inc.php'; require_once '../includes/tables/loc_countries.inc.php'; allow_dept(DEPT_ADMIN); $tpl = new phemplate('skin/', 'remove_nonjs'); $countries = $countries_default['defaults']; if (isset($_SESSION['topass']['input'])) { $countries = $_SESSION['topass']['input']; } elseif (!empty($_GET['country_id'])) { $country_id = (int) $_GET['country_id']; $query = "SELECT `country_id`,`country`,`iso3166`,`prefered_input` FROM `{$dbtable_prefix}loc_countries` WHERE `country_id`={$country_id}"; if (!($res = @mysql_query($query))) { trigger_error(mysql_error(), E_USER_ERROR); } if (mysql_num_rows($res)) { $countries = mysql_fetch_assoc($res); $countries['country'] = sanitize_and_format($countries['country'], TYPE_STRING, $__field2format[TEXT_DB2EDIT]); } } $countries['prefered_input'] = vector2options($country_prefered_input, $countries['prefered_input']); $tpl->set_file('content', 'loc_countries_addedit.html'); $tpl->set_var('countries', $countries); if (isset($_GET['o'])) { $tpl->set_var('o', $_GET['o']); } if (isset($_GET['r'])) { $tpl->set_var('r', $_GET['r']); } $tpl->process('content', 'content'); $tplvars['title'] = 'Location Management: Countries'; $tplvars['page'] = 'loc_countries_addedit'; include 'frame.php';
trigger_error(mysql_error(), E_USER_ERROR); } $totalrows = mysql_result($res, 0, 0); $loop = array(); if (!empty($totalrows)) { $config = get_site_option(array('datetime_format', 'time_offset'), 'def_user_prefs'); $query = "SELECT `mail_id`,`is_read`,`fk_user_id_other`,`_user_other`,`subject`,UNIX_TIMESTAMP(`date_sent`) as `date_sent`,`message_type` FROM {$from} WHERE {$where} ORDER BY `date_sent` DESC LIMIT {$o},{$r}"; if (!($res = @mysql_query($query))) { trigger_error(mysql_error(), E_USER_ERROR); } $i = 0; while ($rsrow = mysql_fetch_assoc($res)) { if ($rsrow['message_type'] == MESS_SYSTEM) { $rsrow['_user_other'] = 'SYSTEM'; } else { $rsrow['_user_other'] = sanitize_and_format($rsrow['_user_other'], TYPE_STRING, $__field2format[TEXT_DB2DISPLAY]); } // no need to sanitize // $rsrow['subject']=sanitize_and_format($rsrow['subject'],TYPE_STRING,$__field2format[TEXT_DB2DISPLAY]); $rsrow['date_sent'] = strftime($config['datetime_format'], $rsrow['date_sent'] + $config['time_offset']); if ($rsrow['is_read']) { $rsrow['is_read'] = 'mail_read'; } else { $rsrow['is_read'] = 'mail_notread'; } if ($rsrow['message_type'] == MESS_SYSTEM || empty($rsrow['fk_user_id_other'])) { unset($rsrow['fk_user_id_other']); } $loop[] = $rsrow; ++$i; }
} $output['ips'] = join(', ', $output['ips']); } $output['pic_width'] = get_site_option('pic_width', 'core_photo'); if (empty($output['search_md5'])) { unset($output['search_md5']); } if (isset($_GET['o'])) { $output['o'] = $_GET['o']; } if (isset($_GET['r'])) { $output['r'] = $_GET['r']; } $output['return2me'] = 'profile.php'; if (!empty($_SERVER['QUERY_STRING'])) { $output['return2me'] .= '?' . $_SERVER['QUERY_STRING']; } $output['return2me'] = rawurlencode($output['return2me']); if (isset($_GET['return'])) { $output['return2'] = sanitize_and_format($_GET['return'], TYPE_STRING, $__field2format[FIELD_TEXTFIELD]); } $tpl->set_file('content', 'profile.html'); $tpl->set_loop('categs', $categs); $tpl->set_var('output', $output); $tpl->set_var('account', $account); $tpl->process('content', 'content', TPL_MULTILOOP | TPL_OPTIONAL); $tpl->drop_loop('categs'); $tplvars['title'] = sprintf('%1$s Member Profile', $output['_user']); $tplvars['css'] = 'profile.css'; $tplvars['page'] = 'profile'; include 'frame.php';
while ($rsrow = mysql_fetch_assoc($res)) { $memberships[$i] = $rsrow; if ($memberships[$i]['is_custom']) { $memberships[$i]['m_name'] .= ' <a href="javascript:;" onclick="del_membership(' . $memberships[$i]['m_id'] . ')" title="Delete this membership"><img src="skin/images/del.png" alt="Delete this membership" /></a>'; } ++$i; } $query = "SELECT `level_id`,`level_code`,`level_diz`,`level`,`disabled_level` FROM `{$dbtable_prefix}access_levels`"; if (!($res = @mysql_query($query))) { trigger_error(mysql_error(), E_USER_ERROR); } $i = 0; $access_levels = array(); while ($rsrow = mysql_fetch_assoc($res)) { $rsrow['level_code'] = sanitize_and_format($rsrow['level_code'], TYPE_STRING, $__field2format[TEXT_DB2DISPLAY]); $rsrow['level_diz'] = sanitize_and_format($rsrow['level_diz'], TYPE_STRING, $__field2format[TEXT_DB2DISPLAY]); $access_levels[$i]['row'] = '<td><a href="access_levels_addedit.php?level_id=' . $rsrow['level_id'] . '" title="' . $rsrow['level_diz'] . '">' . $rsrow['level_code'] . "</a></td>\n"; for ($j = 0; isset($memberships[$j]); ++$j) { $access_levels[$i]['row'] .= '<td><input type="checkbox" name="levels[' . $rsrow['level_id'] . '][' . $memberships[$j]['m_value'] . ']" value="1"'; if ((int) $memberships[$j]['m_value'] & (int) $rsrow['level']) { $access_levels[$i]['row'] .= ' checked="checked"'; } if ((int) $memberships[$j]['m_value'] & (int) $rsrow['disabled_level']) { $access_levels[$i]['row'] .= ' disabled="disabled"'; } $access_levels[$i]['row'] .= " /></td>\n"; } ++$i; } $tpl->set_file('content', 'access_levels.html'); $tpl->set_loop('access_levels', $access_levels);
$tpl = new phemplate(_BASEPATH_ . '/skins_site/' . get_my_skin() . '/', 'remove_nonjs'); $output = $user_blogs_default['defaults']; if (isset($_SESSION['topass']['input'])) { $output = $_SESSION['topass']['input']; // our 'return' here was decoded in the processor $output['return2'] = $output['return']; $output['return'] = rawurlencode($output['return']); } elseif (!empty($_GET['bid'])) { $blog_id = (int) $_GET['bid']; $query = "SELECT `blog_id`,`blog_name`,`blog_diz` FROM `{$dbtable_prefix}user_blogs` WHERE `blog_id`={$blog_id} AND `fk_user_id`='" . $_SESSION[_LICENSE_KEY_]['user']['user_id'] . "'"; if (!($res = @mysql_query($query))) { trigger_error(mysql_error(), E_USER_ERROR); } if (mysql_num_rows($res)) { $output = mysql_fetch_assoc($res); $output = sanitize_and_format($output, TYPE_STRING, $__field2format[TEXT_DB2EDIT]); } } if (empty($output['return'])) { $output['return2'] = sanitize_and_format_gpc($_GET, 'return', TYPE_STRING, $__field2format[FIELD_TEXTFIELD], ''); $output['return'] = rawurlencode($output['return2']); } $tpl->set_file('content', 'blog_addedit.html'); $tpl->set_var('output', $output); $tpl->process('content', 'content'); $tplvars['title'] = $GLOBALS['_lang'][220]; $tplvars['page_title'] = $GLOBALS['_lang'][220]; $tplvars['page'] = 'blog_addedit'; $tplvars['css'] = 'blog_addedit.css'; if (is_file('blog_addedit_left.php')) { include 'blog_addedit_left.php';
$output = $_SESSION['topass']['input']; $output['return2'] = $output['return']; $output['return'] = rawurlencode($output['return']); } else { if (!empty($_REQUEST['search'])) { $output['search'] = sanitize_and_format_gpc($_REQUEST, 'search', TYPE_STRING, $__field2format[FIELD_TEXTFIELD], ''); $query = "SELECT `results` FROM `{$dbtable_prefix}site_searches` WHERE `search_md5`='" . $output['search'] . "' AND `search_type`=" . SEARCH_USER; if (!($res = @mysql_query($query))) { trigger_error(mysql_error(), E_USER_ERROR); } if (mysql_num_rows($res)) { $results = mysql_result($res, 0, 0); $output['uids'] = explode(',', $results); } } elseif (!empty($_REQUEST['uids'])) { $output['uids'] = sanitize_and_format($_REQUEST['uids'], TYPE_INT, 0, array()); } } if (!empty($output['uids'])) { $output['uids'] = join('|', $output['uids']); } else { $topass['message']['type'] = MESSAGE_ERROR; $topass['message']['text'] = 'No members selected'; if (!empty($output['return'])) { $nextpage = _BASEURL_ . '/admin/' . $output['return']; } else { $nextpage = _BASEURL_ . '/admin/member_search.php'; } redirect2page($nextpage, $topass, '', true); } if (empty($output['return'])) {
=============================================================================== File: admin/file_edit.php $Revision$ Software by: DateMill (http://www.datemill.com) Copyright by: DateMill (http://www.datemill.com) Support at: http://www.datemill.com/forum ******************************************************************************* * See the "docs/licenses/etano.txt" file for license. * ******************************************************************************/ require_once '../includes/common.inc.php'; require_once '../includes/admin_functions.inc.php'; allow_dept(DEPT_ADMIN); $tpl = new phemplate('skin/', 'remove_nonjs'); $output = array(); $output['file'] = str_replace('..', '', preg_replace('~[^a-zA-Z0-9\\._/-]~', '', sanitize_and_format_gpc($_GET, 'f', TYPE_STRING, $__field2format[FIELD_TEXTFIELD], ''))); if (!empty($output['file']) && $output['file'][0] == '/') { $output['file'] = substr($output['file'], 1); } $file = _BASEPATH_ . '/' . $output['file']; $mode = isset($_GET['m']) ? (int) $_GET['m'] : 1; if (is_file($file)) { $output['file_content'] = str_replace(array('{', '}'), array('{', '}'), sanitize_and_format(file_get_contents($file), TYPE_STRING, $__field2format[TEXT_DB2EDIT])); } $tpl->set_file('content', 'file_edit.html'); $output['path'] = urlencode(pathinfo($output['file'], PATHINFO_DIRNAME)); $tpl->set_var('output', $output); $tpl->process('content', 'content', TPL_OPTIONAL); $tplvars['title'] = 'File editor'; $tplvars['css'] = 'file_edit.css'; $tplvars['page'] = 'file_edit'; include 'frame.php';
require_once '../includes/admin_functions.inc.php'; require_once '../includes/tables/subscriptions_auto.inc.php'; allow_dept(DEPT_ADMIN); $tpl = new phemplate('skin/', 'remove_nonjs'); $subscriptions_auto = $subscriptions_auto_default['defaults']; if (isset($_SESSION['topass']['input'])) { $subscriptions_auto = $_SESSION['topass']['input']; } elseif (!empty($_GET['asubscr_id'])) { $asubscr_id = (int) $_GET['asubscr_id']; $query = "SELECT * FROM `{$dbtable_prefix}subscriptions_auto` WHERE `asubscr_id`={$asubscr_id}"; if (!($res = @mysql_query($query))) { trigger_error(mysql_error(), E_USER_ERROR); } if (mysql_num_rows($res)) { $subscriptions_auto = mysql_fetch_assoc($res); $subscriptions_auto = sanitize_and_format($subscriptions_auto, TYPE_STRING, $__field2format[TEXT_DB2EDIT]); } } $subscriptions_auto['fk_subscr_id'] = dbtable2options("`{$dbtable_prefix}subscriptions`", '`subscr_id`', '`subscr_name`', '`subscr_id`', $subscriptions_auto['fk_subscr_id']); if (empty($subscriptions_auto['dbfield'])) { $subscriptions_auto['to_members_1'] = 'checked="checked"'; } else { $subscriptions_auto['to_members_2'] = 'checked="checked"'; } $dbfields = array(); foreach ($_pfields as $pfield_id => $pfield) { if (get_class($pfield) == 'field_select') { $dbfields[$pfield['dbfield']] = $pfield->config['label'] . ' (' . $pfield->config['dbfield'] . ')'; } } if (!empty($subscriptions_auto['dbfield'])) {
$output = array(); $output['lk_type'] = FIELD_TEXTFIELD; if (isset($_SESSION['topass']['input'])) { $output = $_SESSION['topass']['input']; // our 'return' here was decoded in the processor $output['return2'] = $output['return']; $output['return'] = rawurlencode($output['return']); } elseif (!empty($_GET['lk_id'])) { $lk_id = (int) $_GET['lk_id']; $query = "SELECT `lk_id`,`alt_id_text`,`lk_type`,`lk_diz`,`lk_use`,`save_file` FROM `{$dbtable_prefix}lang_keys` WHERE `lk_id`={$lk_id}"; if (!($res = @mysql_query($query))) { trigger_error(mysql_error(), E_USER_ERROR); } if (mysql_num_rows($res)) { $output = mysql_fetch_assoc($res); $output['lk_diz'] = sanitize_and_format($output['lk_diz'], TYPE_STRING, $__field2format[TEXT_DB2EDIT]); $output['alt_id_text'] = sanitize_and_format($output['alt_id_text'], TYPE_STRING, $__field2format[TEXT_DB2EDIT]); } } $output['lk_type'] = vector2options($accepted_lk_types, $output['lk_type']); if (empty($output['return'])) { $output['return2'] = sanitize_and_format_gpc($_GET, 'return', TYPE_STRING, $__field2format[FIELD_TEXTFIELD], ''); $output['return'] = rawurlencode($output['return2']); } $tpl->set_file('content', 'lang_keys_addedit.html'); $tpl->set_var('output', $output); $tpl->process('content', 'content', TPL_OPTIONAL); $tplvars['title'] = 'Add/Edit Language Keys'; $tplvars['page'] = 'lang_keys_addedit'; $tplvars['css'] = 'lang_keys_addedit.css'; include 'frame.php';
break; case AMTPL_REJECT_COMM: switch ($output['m']) { case 'blog': $table = "`{$dbtable_prefix}comments_blog`"; break; case 'photo': $table = "`{$dbtable_prefix}comments_photo`"; break; case 'user': $table = "`{$dbtable_prefix}comments_profile`"; break; } $query = "SELECT `comment` FROM {$table} WHERE `comment_id`=" . $output['id']; if (!($res = @mysql_query($query))) { trigger_error(mysql_error(), E_USER_ERROR); } if (mysql_num_rows($res)) { $output = array_merge($output, mysql_fetch_assoc($res)); $output['comment'] = sanitize_and_format($output['comment'], TYPE_STRING, $__field2format[TEXT_DB2DISPLAY], ''); } $output['reject_comment'] = true; $tplvars['title'] = 'Reject a comment'; break; } $tpl->set_file('content', 'reject.html'); $tpl->set_var('output', $output); $tpl->process('content', 'content', TPL_OPTIONAL); $tplvars['css'] = 'reject.css'; $tplvars['page'] = 'reject'; include 'frame.php';
function display() { return sanitize_and_format($this->value, TYPE_STRING, $GLOBALS['__field2format'][TEXT_DB2DISPLAY]); }
} } $query = substr($query, 0, -1); if (!($res = @mysql_query($query))) { trigger_error(mysql_error(), E_USER_ERROR); } if (mysql_affected_rows()) { $topass['message']['type'] = MESSAGE_INFO; $topass['message']['text'] = 'Account added.'; } else { $topass['message']['type'] = MESSAGE_ERROR; $topass['message']['text'] = 'Error: account not added.'; } } } else { $nextpage = 'admin/admin_accounts_addedit.php'; // you must re-read all textareas from $_POST like this: // $input['x']=addslashes_mq($_POST['x']); $input = sanitize_and_format($input, TYPE_STRING, FORMAT_HTML2TEXT_FULL | FORMAT_STRIPSLASH); $topass['input'] = $input; } if (isset($_POST['o'])) { $qs .= $qs_sep . 'o=' . $_POST['o']; $qs_sep = '&'; } if (isset($_POST['r'])) { $qs .= $qs_sep . 'r=' . $_POST['r']; $qs_sep = '&'; } } redirect2page($nextpage, $topass, $qs);
* See the "docs/licenses/etano.txt" file for license. * ******************************************************************************/ require_once '../includes/common.inc.php'; require_once '../includes/admin_functions.inc.php'; require_once '../includes/tables/site_news.inc.php'; allow_dept(DEPT_ADMIN); $tpl = new phemplate('skin/', 'remove_nonjs'); $output = $site_news_default['defaults']; if (isset($_SESSION['topass']['input'])) { $output = $_SESSION['topass']['input']; } elseif (!empty($_GET['news_id'])) { $news_id = (int) $_GET['news_id']; $query = "SELECT * FROM `{$dbtable_prefix}site_news` WHERE `news_id`='{$news_id}'"; if (!($res = @mysql_query($query))) { trigger_error(mysql_error(), E_USER_ERROR); } if (mysql_num_rows($res)) { $output = mysql_fetch_assoc($res); $output['news_title'] = sanitize_and_format($output['news_title'], TYPE_STRING, $__field2format[TEXT_DB2EDIT]); $output['news_body'] = sanitize_and_format($output['news_body'], TYPE_STRING, $__field2format[TEXT_DB2EDIT]); } } $output['return2'] = sanitize_and_format_gpc($_GET, 'return', TYPE_STRING, $__field2format[FIELD_TEXTFIELD], ''); $output['return'] = rawurlencode($output['return2']); $tpl->set_file('content', 'site_news_addedit.html'); $tpl->set_var('output', $output); $tpl->process('content', 'content'); $tplvars['title'] = 'Site News Management'; $tplvars['css'] = 'site_news_addedit.css'; $tplvars['page'] = 'site_news_addedit'; include 'frame.php';
if (!empty($totalrows)) { if ($o >= $totalrows) { $o = $totalrows - $r; $o = $o >= 0 ? $o : 0; } $config = get_site_option(array('datetime_format'), 'def_user_prefs'); $query = "SELECT a.`ban_id`,a.`ban_type`,a.`what`,b.`lang_value` as `reason`,UNIX_TIMESTAMP(a.`since`) as `since` FROM {$from} WHERE {$where} LIMIT {$o},{$r}"; if (!($res = @mysql_query($query))) { trigger_error(mysql_error(), E_USER_ERROR); } while ($rsrow = mysql_fetch_assoc($res)) { if ($rsrow['ban_type'] == _PUNISH_BANIP_) { $rsrow['what'] = long2ip($rsrow['what']); } $rsrow['ban_type'] = $accepted_punishments[$rsrow['ban_type']]; $rsrow['reason'] = sanitize_and_format($rsrow['reason'], TYPE_STRING, $__field2format[TEXT_DB2DISPLAY]); $rsrow['since'] = strftime($config['datetime_format'], $rsrow['since']); $loop[] = $rsrow; } $output['pager2'] = pager($totalrows, $o, $r); } $output['return2me'] = 'site_bans.php'; if (!empty($_SERVER['QUERY_STRING'])) { $output['return2me'] .= '?' . $_SERVER['QUERY_STRING']; } $output['return2me'] = rawurlencode($output['return2me']); $tpl->set_file('content', 'site_bans.html'); $tpl->set_loop('loop', $loop); $tpl->set_var('output', $output); $tpl->process('content', 'content', TPL_LOOP | TPL_NOLOOP); $tpl->drop_loop('loop');
$loop_friends = $user_cache->get_cache_tpl($loop_friends, 'result_user'); } unset($user_cache); // comments $loop_comments = create_comments_loop('user', $output['uid'], $output); $output['pic_width'] = get_site_option('pic_width', 'core_photo'); $tplvars['title'] = sprintf($GLOBALS['_lang'][152], $output['user']); $tplvars['page_title'] = $output['user']; } else { $topass['message']['type'] = MESSAGE_ERROR; $topass['message']['text'] = $GLOBALS['_lang'][7]; redirect2page('info.php', $topass); } $output['lang_273'] = sanitize_and_format($GLOBALS['_lang'][273], TYPE_STRING, $__field2format[TEXT_DB2DISPLAY]); $output['lang_274'] = sanitize_and_format($GLOBALS['_lang'][274], TYPE_STRING, $__field2format[TEXT_DB2DISPLAY]); $output['lang_256'] = sanitize_and_format($GLOBALS['_lang'][256], TYPE_STRING, $__field2format[TEXT_DB2DISPLAY]); $output['return2me'] = 'profile.php'; if (!empty($_SERVER['QUERY_STRING'])) { $output['return2me'] .= '?' . $_SERVER['QUERY_STRING']; } $output['return2me'] = rawurlencode($output['return2me']); $tpl->set_file('content', 'profile.html'); $tpl->set_var('output', $output); $tpl->set_var('tplvars', $tplvars); $tpl->set_loop('categs', $categs); $tpl->set_loop('user_photos', $user_photos); $tpl->set_loop('loop_comments', $loop_comments); $tpl->set_loop('loop_friends', $loop_friends); $tpl->process('content', 'content', TPL_LOOP | TPL_NOLOOP | TPL_OPTLOOP | TPL_OPTIONAL); $tpl->drop_loop('categs'); $tpl->drop_loop('user_photos');
if (!($res = @mysql_query($query))) { trigger_error(mysql_error(), E_USER_ERROR); } $totalrows = mysql_result($res, 0, 0); $loop = array(); if (!empty($totalrows)) { if ($o >= $totalrows) { $o = $totalrows - $r; $o = $o >= 0 ? $o : 0; } $query = "SELECT * FROM {$from} WHERE {$where} ORDER BY `news_id` DESC LIMIT {$o},{$r}"; if (!($res = @mysql_query($query))) { trigger_error(mysql_error(), E_USER_ERROR); } while ($rsrow = mysql_fetch_assoc($res)) { $rsrow['news_title'] = sanitize_and_format($rsrow['news_title'], TYPE_STRING, $__field2format[TEXT_DB2DISPLAY]); $loop[] = $rsrow; } $output['pager2'] = pager($totalrows, $o, $r); } $output['return2me'] = 'site_news.php'; if (!empty($_SERVER['QUERY_STRING'])) { $output['return2me'] .= '?' . $_SERVER['QUERY_STRING']; } $output['return2me'] = rawurlencode($output['return2me']); $tpl->set_file('content', 'site_news.html'); $tpl->set_loop('loop', $loop); $tpl->set_var('output', $output); $tpl->process('content', 'content', TPL_LOOP | TPL_NOLOOP); $tpl->drop_loop('loop'); $tpl->drop_var('output.pager2');
if ($i >= 0) { $site_skins[$i] = sanitize_and_format($site_skins[$i], TYPE_STRING, $__field2format[TEXT_DB2DISPLAY]); if (!empty($site_skins[$i]['is_default'])) { $site_skins[$i]['is_default'] = '<img src="skin/images/check.gif" />'; } else { unset($site_skins[$i]['is_default']); } } ++$i; $site_skins[$i]['module_code'] = $rsrow['module_code']; $site_skins[$i]['skin_name'] = $rsrow['module_name'] . ' ' . $rsrow['version']; $last_code = $rsrow['module_code']; } $site_skins[$i][$rsrow['config_option']] = $rsrow['config_value']; } // one more time for the last row if ($i >= 0) { $site_skins[$i] = sanitize_and_format($site_skins[$i], TYPE_STRING, $__field2format[TEXT_DB2DISPLAY]); if (!empty($site_skins[$i]['is_default'])) { $site_skins[$i]['is_default'] = '<img src="skin/images/check.gif" />'; } else { unset($site_skins[$i]['is_default']); } } $tpl->set_file('content', 'site_skins.html'); $tpl->set_loop('site_skins', $site_skins); $tpl->process('content', 'content', TPL_LOOP | TPL_NOLOOP | TPL_OPTLOOP); $tpl->drop_loop('site_skins'); $tplvars['title'] = 'Skin Settings'; $tplvars['page'] = 'site_skins'; include 'frame.php';
$where = 'a.`m_value_to`=b.`m_value`'; $from = "`{$dbtable_prefix}subscriptions` a,`{$dbtable_prefix}memberships` b"; $query = "SELECT count(*) FROM {$from} WHERE {$where}"; if (!($res = @mysql_query($query))) { trigger_error(mysql_error(), E_USER_ERROR); } $totalrows = mysql_result($res, 0, 0); $subscriptions = array(); if (!empty($totalrows)) { $query = "SELECT a.`subscr_id`,a.`subscr_name`,a.`price`,a.`currency`,a.`is_recurent`,b.`m_name` as `m_value_to`,a.`duration`,a.`is_visible` FROM {$from} WHERE {$where} ORDER BY a.`subscr_id`"; if (!($res = @mysql_query($query))) { trigger_error(mysql_error(), E_USER_ERROR); } while ($rsrow = mysql_fetch_assoc($res)) { $rsrow['currency'] = isset($accepted_currencies[$rsrow['currency']]) ? $accepted_currencies[$rsrow['currency']] : ''; $rsrow['subscr_name'] = sanitize_and_format($rsrow['subscr_name'], TYPE_STRING, $__field2format[TEXT_DB2DISPLAY]); if (!empty($rsrow['is_recurent'])) { $rsrow['is_recurent'] = '<img src="skin/images/refresh.gif" title="Recuring" />'; } else { unset($rsrow['is_recurent']); } if (!empty($rsrow['is_visible'])) { $rsrow['is_visible'] = '<img src="skin/images/check.gif" />'; } else { unset($rsrow['is_visible']); } if (empty($rsrow['duration'])) { $rsrow['duration'] = 'Lifetime'; } else { $rsrow['duration'] .= ' days'; }
******************************************************************************* * See the "docs/licenses/etano.txt" file for license. * ******************************************************************************/ require_once '../../includes/common.inc.php'; require_once '../../includes/admin_functions.inc.php'; allow_dept(DEPT_ADMIN); $query_strlen = 10000; $error = false; $qs = ''; $qs_sep = ''; $topass = array(); if ($_SERVER['REQUEST_METHOD'] == 'POST') { $input = array(); $input['uids'] = isset($_POST['uids']) ? $_POST['uids'] : ''; $input['uids'] = explode('|', $input['uids']); $input['uids'] = sanitize_and_format($input['uids'], TYPE_INT, 0, array()); $input['m_value'] = sanitize_and_format_gpc($_POST, 'm_value', TYPE_INT, 0, 0); $input['duration'] = sanitize_and_format_gpc($_POST, 'duration', TYPE_INT, 0, 0); $input['return'] = sanitize_and_format_gpc($_POST, 'return', TYPE_STRING, $__field2format[FIELD_TEXTFIELD] | FORMAT_RUDECODE, ''); if (!$error) { $now = gmdate('YmdHis'); $query = "UPDATE `{$dbtable_prefix}payments` SET `paid_until`='{$now}',`is_active`=0 WHERE `fk_user_id` IN ('" . join("','", $input['uids']) . "') AND `is_active`=1 AND `is_subscr`=1"; if (!($res = @mysql_query($query))) { trigger_error(mysql_error(), E_USER_ERROR); } $query = "SELECT `" . USER_ACCOUNT_ID . "` as `user_id`,`" . USER_ACCOUNT_USER . "` as `user`,`membership` FROM `" . USER_ACCOUNTS_TABLE . "` WHERE `" . USER_ACCOUNT_ID . "` IN ('" . join("','", $input['uids']) . "')"; if (!($res = @mysql_query($query))) { trigger_error(mysql_error(), E_USER_ERROR); } $uids = array(); $insert = "INSERT INTO `{$dbtable_prefix}payments` (`is_active`,`is_subscr`,`fk_user_id`,`_user`,`gateway`,`m_value_to`,`paid_from`,`paid_until`,`date`) VALUES ";
for ($i = 0; isset($_on_after_post[$i]); ++$i) { call_user_func($_on_after_post[$i]); } } if (!$error) { $input['caption'] = remove_banned_words($input['caption']); $query = "SELECT `photo_id`,`caption`,`is_main`,`photo`,`status` FROM `{$dbtable_prefix}user_photos` WHERE `photo_id` IN ('" . join("','", array_keys($input['caption'])) . "') AND `fk_user_id`='" . $_SESSION[_LICENSE_KEY_]['user']['user_id'] . "'"; if (!($res = @mysql_query($query))) { trigger_error(mysql_error(), E_USER_ERROR); } $old_captions = array(); $old_main = 0; $photos = array(); $statuses = array(); while ($rsrow = mysql_fetch_assoc($res)) { $old_captions[$rsrow['photo_id']] = sanitize_and_format($rsrow['caption'], TYPE_STRING, $__field2format[TEXT_DB2DB]); $photos[$rsrow['photo_id']] = $rsrow['photo']; if (!empty($rsrow['is_main'])) { $old_main = $rsrow['photo_id']; } $statuses[$rsrow['photo_id']] = $rsrow['status']; } $captions_changed = array(); foreach ($input['caption'] as $photo_id => $caption) { if ($caption != $old_captions[$photo_id]) { $captions_changed[$photo_id] = 1; } } $now = gmdate('YmdHis'); $config = get_site_option(array('manual_photo_approval'), 'core_photo'); if (!empty($input['is_main']) && $input['is_main'] != $old_main && !isset($input['is_private'][$input['is_main']])) {
<?php /****************************************************************************** Etano =============================================================================== File: ajax/user_exists.php $Revision$ Software by: DateMill (http://www.datemill.com) Copyright by: DateMill (http://www.datemill.com) Support at: http://www.datemill.com/forum ******************************************************************************* * See the "docs/licenses/etano.txt" file for license. * ******************************************************************************/ require_once dirname(__FILE__) . '/../includes/common.inc.php'; require_once dirname(__FILE__) . '/../includes/user_functions.inc.php'; $output = ''; if (!empty($_POST['user'])) { $user = sanitize_and_format($_POST['user'], TYPE_STRING, $__field2format[FIELD_TEXTFIELD]); if (get_userid_by_user($user) || $user == 'guest') { $output = 1; } } echo $output;
Etano =============================================================================== File: admin/site_skins_addedit.php $Revision$ Software by: DateMill (http://www.datemill.com) Copyright by: DateMill (http://www.datemill.com) Support at: http://www.datemill.com/forum ******************************************************************************* * See the "docs/licenses/etano.txt" file for license. * ******************************************************************************/ require_once '../includes/common.inc.php'; require_once '../includes/admin_functions.inc.php'; require_once '../includes/tables/site_skins.inc.php'; allow_dept(DEPT_ADMIN); $tpl = new phemplate('skin/', 'remove_nonjs'); $site_skins = $site_skins_default['defaults']; if (isset($_SESSION['topass']['input'])) { $site_skins = $_SESSION['topass']['input']; } elseif (!empty($_GET['module_code'])) { $module_code = sanitize_and_format($_GET['module_code'], TYPE_STRING, $__field2format[FIELD_TEXTFIELD]); $site_skins = get_site_option(array(), $module_code); $site_skins = sanitize_and_format($site_skins, TYPE_STRING, $__field2format[TEXT_DB2EDIT]); $site_skins['fk_module_code'] = $module_code; } $site_skins['fk_locale_id'] = dbtable2options("`{$dbtable_prefix}locales`", '`locale_id`', '`locale_name`', '`locale_name`', $site_skins['fk_locale_id']); $tpl->set_file('content', 'site_skins_addedit.html'); $tpl->set_var('site_skins', $site_skins); $tpl->process('content', 'content'); $tplvars['title'] = 'Site Skins'; $tplvars['page'] = 'site_skins_addedit'; include 'frame.php';
function vector2options($show_vector, $selected_map_val = '', $exclusion_vector = array()) { $myreturn = ''; while (list($k, $v) = each($show_vector)) { if (!in_array($k, $exclusion_vector)) { $myreturn .= '<option value="' . sanitize_and_format($k, TYPE_STRING, $GLOBALS['__field2format'][TEXT_DB2EDIT]) . '"'; if (!is_array($selected_map_val) && $k == $selected_map_val || is_array($selected_map_val) && in_array($k, $selected_map_val)) { $myreturn .= ' selected="selected"'; } // $myreturn.='>'.sanitize_and_format($v,TYPE_STRING,$GLOBALS['__field2format'][TEXT_GPC2EDIT])."</option>\n"; $myreturn .= ">{$v}</option>\n"; } } return $myreturn; }