function set_value(&$all_values, $sanitize = true)
{
if ($sanitize) {
$this->value = remove_banned_words(sanitize_and_format_gpc($all_values, $this->config['dbfield'], TYPE_STRING, $GLOBALS['__field2format'][FIELD_TEXTFIELD], $this->empty_value['edit']));
} elseif (isset($all_values[$this->config['dbfield']])) {
$this->value = $all_values[$this->config['dbfield']];
}
return true;
}
function admin_processor()
{
$error = false;
$my_input = array();
if ($this->is_search) {
$my_input['search_default'] = array('min' => sanitize_and_format_gpc($_POST, 'search_start', TYPE_INT, 0, 0), 'max' => sanitize_and_format_gpc($_POST, 'search_end', TYPE_INT, 0, 0));
return $my_input;
}
return $error;
}
function set_value(&$all_values, $sanitize = true)
{
$this->value = $this->empty_value['edit'];
if ($sanitize) {
$this->value['zip'] = sanitize_and_format_gpc($all_values, $this->config['dbfield'] . '_zip', TYPE_STRING, $GLOBALS['__field2format'][FIELD_TEXTFIELD], $this->empty_value['edit']['zip']);
$this->value['dist'] = sanitize_and_format_gpc($all_values, $this->config['dbfield'] . '_dist', TYPE_INT, 0, $this->empty_value['edit']['dist']);
} else {
if (isset($all_values[$this->config['dbfield'] . '_zip'])) {
$this->value['zip'] = $all_values[$this->config['dbfield'] . '_zip'];
} elseif (isset($this->config['default_value']['zip'])) {
$this->value['zip'] = $this->config['default_value']['zip'];
}
if (isset($all_values[$this->config['dbfield'] . '_dist'])) {
$this->value['dist'] = (int) $all_values[$this->config['dbfield'] . '_dist'];
} elseif (isset($this->config['default_value']['dist'])) {
$this->value['dist'] = (int) $this->config['default_value']['dist'];
}
}
return true;
}
function set_value(&$all_values, $sanitize = true)
{
$this->value = $this->empty_value['edit'];
if ($sanitize) {
$this->value['min'] = sanitize_and_format_gpc($all_values, $this->config['dbfield'] . '_min', TYPE_INT, 0, $this->empty_value['edit']['min']);
$this->value['max'] = sanitize_and_format_gpc($all_values, $this->config['dbfield'] . '_max', TYPE_INT, 0, $this->empty_value['edit']['max']);
} else {
if (isset($all_values[$this->config['dbfield'] . '_min'])) {
$this->value['min'] = (int) $all_values[$this->config['dbfield'] . '_min'];
}
if (isset($all_values[$this->config['dbfield'] . '_max'])) {
$this->value['max'] = (int) $all_values[$this->config['dbfield'] . '_max'];
}
}
if ($this->value['min'] > $this->value['max']) {
$temp = $this->value['max'];
$this->value['max'] = $this->value['min'];
$this->value['min'] = $temp;
}
return true;
}
*******************************************************************************
* See the "docs/licenses/etano.txt" file for license. *
******************************************************************************/
require '../includes/common.inc.php';
require _BASEPATH_ . '/includes/user_functions.inc.php';
require _BASEPATH_ . '/includes/field_functions.inc.php';
check_login_member('auth');
$error = false;
$qs = '';
$qs_sep = '';
$topass = array();
$nextpage = 'my_profile.php';
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
$input = array();
// get the input we need and sanitize it
$pcat_id = sanitize_and_format_gpc($_POST, 'pcat_id', TYPE_INT, 0, 0);
if (isset($_pcats[$pcat_id]) && count($_pcats[$pcat_id]['fields']) > 0) {
$config = get_site_option(array('manual_profile_approval'), 'core');
$on_changes = array();
$changes_status = array();
foreach ($_pcats[$pcat_id]['fields'] as $field_id) {
$field =& $_pfields[$field_id];
if ($field->config['editable']) {
$field->set_value($_POST, true);
// check for input errors
if (true !== ($temp = $field->validation_server())) {
$error = true;
$topass['message']['type'] = MESSAGE_ERROR;
if (empty($temp['text'])) {
$topass['message']['text'] = $GLOBALS['_lang'][69];
} else {
function search_results($search, $my_membership = 1)
{
global $dbtable_prefix;
global $_pfields;
$myreturn = array();
$input['acclevel_code'] = 'search_advanced';
// default access level is the one for advanced search!!!!
$search_fields = array();
$continue = false;
// for searches not based on search_fields
$select = "a.`fk_user_id`";
$from = "`{$dbtable_prefix}user_profiles` a";
$where = ' a.`status`=' . STAT_APPROVED . ' AND a.`del`=0';
$orderby = "ORDER BY a.`score` DESC";
if (isset($search['min_user_id'])) {
$where .= " AND a.`fk_user_id`>" . $search['min_user_id'];
}
// if (!empty($_SESSION[_LICENSE_KEY_]['user']['user_id'])) {
// $where.=" AND a.`fk_user_id`<>'".$_SESSION[_LICENSE_KEY_]['user']['user_id']."'";
// }
// define here all search types
// you can either add fields to be read into $search_fields or build the query directly
if (isset($search['st'])) {
switch ($search['st']) {
case 'basic':
$input['acclevel_code'] = 'search_basic';
$search_fields = $GLOBALS['basic_search_fields'];
if (isset($search['wphoto'])) {
$where .= " AND a.`_photo`!=''";
}
break;
case 'adv':
$input['acclevel_code'] = 'search_advanced';
// for advanced search we get all fields
foreach ($_pfields as $field_id => $field) {
if (!empty($field->config['searchable'])) {
$search_fields[] = $field_id;
}
}
if (isset($search['wphoto'])) {
$where .= " AND a.`_photo`!=''";
}
break;
case 'user':
$input['acclevel_code'] = 'search_advanced';
$continue = true;
$input['user'] = sanitize_and_format_gpc($search, 'user', TYPE_STRING, $GLOBALS['__field2format'][FIELD_TEXTFIELD], '');
if (strlen($input['user']) <= 3) {
// $topass['message']['text']=$GLOBALS['_lang'][8];
// $topass['message']['type']=MESSAGE_ERROR;
$where = '';
// force no results returned.
} else {
$where .= " AND a.`_user` LIKE '" . $input['user'] . "%'";
}
break;
case 'net':
$input['acclevel_code'] = 'search_basic';
$continue = true;
$input['fk_user_id'] = sanitize_and_format_gpc($search, 'uid', TYPE_INT, 0, 0);
$input['fk_net_id'] = sanitize_and_format_gpc($search, 'nid', TYPE_INT, 0, 0);
$select = "b.`fk_user_id_other`";
$from = "`{$dbtable_prefix}user_networks` b," . $from;
$where = "b.`fk_user_id`=" . $input['fk_user_id'] . " AND b.`fk_net_id`=" . $input['fk_net_id'] . " AND b.`nconn_status`=1 AND b.`fk_user_id_other`=a.`fk_user_id` AND " . $where;
break;
case 'new':
$input['acclevel_code'] = 'search_basic';
$continue = true;
$orderby = "ORDER BY a.`date_added` DESC";
break;
case 'online':
$input['acclevel_code'] = 'search_basic';
$continue = true;
$from = "`{$dbtable_prefix}online` b," . $from;
$where .= " AND b.`fk_user_id` IS NOT NULL AND b.`fk_user_id`=a.`fk_user_id`";
$orderby = "GROUP BY b.`fk_user_id` " . $orderby;
break;
case 'vote':
case 'views':
case 'comm':
// TODO
break;
default:
break;
}
}
if (allow_at_level($input['acclevel_code'], $my_membership)) {
for ($i = 0; isset($search_fields[$i]); ++$i) {
$field = $_pfields[$search_fields[$i]]->search();
$field->set_value($search);
$where .= $field->query_search();
$input = array_merge($input, $field->get_value(true));
}
if (!empty($where)) {
// if $where is empty then a condition above prevents us from searching.
$query = "SELECT {$select} FROM {$from} WHERE {$where} {$orderby}";
if (!($res = @mysql_query($query))) {
trigger_error(mysql_error(), E_USER_ERROR);
}
for ($i = 0; $i < mysql_num_rows($res); ++$i) {
$myreturn[] = mysql_result($res, $i, 0);
}
}
}
return $myreturn;
}
* See the "docs/licenses/etano.txt" file for license. *
******************************************************************************/
require_once '../includes/common.inc.php';
require_once '../includes/admin_functions.inc.php';
require_once '../includes/tables/site_news.inc.php';
allow_dept(DEPT_ADMIN);
$tpl = new phemplate('skin/', 'remove_nonjs');
$output = $site_news_default['defaults'];
if (isset($_SESSION['topass']['input'])) {
$output = $_SESSION['topass']['input'];
} elseif (!empty($_GET['news_id'])) {
$news_id = (int) $_GET['news_id'];
$query = "SELECT * FROM `{$dbtable_prefix}site_news` WHERE `news_id`='{$news_id}'";
if (!($res = @mysql_query($query))) {
trigger_error(mysql_error(), E_USER_ERROR);
}
if (mysql_num_rows($res)) {
$output = mysql_fetch_assoc($res);
$output['news_title'] = sanitize_and_format($output['news_title'], TYPE_STRING, $__field2format[TEXT_DB2EDIT]);
$output['news_body'] = sanitize_and_format($output['news_body'], TYPE_STRING, $__field2format[TEXT_DB2EDIT]);
}
}
$output['return2'] = sanitize_and_format_gpc($_GET, 'return', TYPE_STRING, $__field2format[FIELD_TEXTFIELD], '');
$output['return'] = rawurlencode($output['return2']);
$tpl->set_file('content', 'site_news_addedit.html');
$tpl->set_var('output', $output);
$tpl->process('content', 'content');
$tplvars['title'] = 'Site News Management';
$tplvars['css'] = 'site_news_addedit.css';
$tplvars['page'] = 'site_news_addedit';
include 'frame.php';
if (empty($input['astat'])) {
unset($input['astat']);
}
$input['pstat'] = sanitize_and_format_gpc($_GET, 'pstat', TYPE_INT, 0, 0);
if (empty($input['pstat'])) {
unset($input['pstat']);
}
$input['membership'] = sanitize_and_format_gpc($_GET, 'membership', TYPE_INT, 0, 0);
if (empty($input['membership'])) {
unset($input['membership']);
}
$input['photo'] = sanitize_and_format_gpc($_GET, 'photo', TYPE_INT, 0, 0);
if (empty($input['photo'])) {
unset($input['photo']);
}
$input['album'] = sanitize_and_format_gpc($_GET, 'album', TYPE_INT, 0, 0);
if (empty($input['album'])) {
unset($input['album']);
}
}
// we build the query but run it only if this is a first run, otherwise we already know the results
// we need the query though for the md5
$where = "a.`fk_user_id`=b.`" . USER_ACCOUNT_ID . "`";
$from = "`{$dbtable_prefix}user_profiles` a,`" . USER_ACCOUNTS_TABLE . "` b";
if (isset($input['user'])) {
$where .= " AND a.`_user` LIKE '" . $input['user'] . "%'";
}
if (isset($input['pstat'])) {
// profile status
$where .= " AND a.`status`=" . $input['pstat'];
}
*******************************************************************************
* See the "docs/licenses/etano.txt" file for license. *
******************************************************************************/
require_once '../includes/common.inc.php';
db_connect(_DBHOST_, _DBUSER_, _DBPASS_, _DBNAME_);
require_once '../includes/admin_functions.inc.php';
require_once '../includes/classes/fileop.class.php';
require_once '../includes/classes/etano_package.class.php';
allow_dept(DEPT_ADMIN);
set_time_limit(0);
ignore_user_abort(true);
$error = false;
$tpl = new phemplate('skin/', 'remove_nonjs');
$output = array();
$fileop = new fileop();
$file = sanitize_and_format_gpc($_GET, 'f', TYPE_STRING, $__field2format[FIELD_TEXTFIELD] | FORMAT_RUDECODE, '');
if (substr($file, 0, 7) == 'http://') {
// save it in tmp/packages and rename $file to filename.zip
require_once '../includes/classes/package_downloader.class.php';
$p = new package_downloader($file);
if ($p->download()) {
$file = $p->file_name;
} else {
$file = '';
$error = true;
$topass['message']['type'] = MESSAGE_ERROR;
$topass['message']['text'] = $p->error_text;
}
}
$install_index = 0;
$ui_request = false;
$tplvars['page_title'] = $GLOBALS['_lang'][104];
//$orderby="a.`date_posted` DESC"; // default
break;
case 'views':
$tplvars['page_title'] = $GLOBALS['_lang'][105];
$input['acclevel_code'] = 'search_blog';
$orderby = "a.`stat_views` DESC";
break;
case 'comm':
$tplvars['page_title'] = $GLOBALS['_lang'][106];
$input['acclevel_code'] = 'search_blog';
$orderby = "a.`stat_comments` DESC";
break;
case 'uid':
$input['acclevel_code'] = 'search_blog';
$input['uid'] = sanitize_and_format_gpc($_GET, 'uid', TYPE_INT, 0, 0);
$tplvars['page_title'] = sprintf($GLOBALS['_lang'][108], get_user_by_userid($input['uid']));
$where = "a.`fk_user_id`=" . $input['uid'] . " AND " . $where;
$orderby = "a.`post_id` DESC";
break;
case 'tag':
$tplvars['page_title'] = $GLOBALS['_lang'][107];
$input['acclevel_code'] = 'search_blog';
$input['tags'] = isset($_GET['tags']) ? $_GET['tags'] : '';
// remove extra spaces and words with less than 3 chars
$input['tags'] = trim(preg_replace(array("/\\s\\s+/", "/\\b[^\\s]{1,3}\\b/"), array(' ', ''), $input['tags']));
$input['tags'] = sanitize_and_format($input['tags'], TYPE_STRING, $__field2format[FIELD_TEXTFIELD]);
if (!empty($input['tags'])) {
$select .= ",MATCH (a.`title`,a.`post_content`) AGAINST ('" . $input['tags'] . "' IN BOOLEAN MODE) as `match_score`";
$where .= " AND MATCH (a.`title`,a.`post_content`) AGAINST ('" . $input['tags'] . "' IN BOOLEAN MODE)";
$orderby = "`match_score` DESC";
require _BASEPATH_ . '/includes/tables/message_filters.inc.php';
require _BASEPATH_ . '/skins_site/' . get_my_skin() . '/lang/mailbox.inc.php';
check_login_member('manage_folders');
if (is_file(_BASEPATH_ . '/events/processors/filters_addedit.php')) {
include _BASEPATH_ . '/events/processors/filters_addedit.php';
}
$error = false;
$qs = '';
$qs_sep = '';
$topass = array();
$nextpage = 'filters.php';
$input = array();
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
// get the input we need and sanitize it
foreach ($message_filters_default['types'] as $k => $v) {
$input[$k] = sanitize_and_format_gpc($_POST, $k, $__field2type[$v], $__field2format[$v], $message_filters_default['defaults'][$k]);
}
$input['fk_user_id'] = $_SESSION[_LICENSE_KEY_]['user']['user_id'];
switch ($input['filter_type']) {
case FILTER_SENDER:
if (!($input['field_value'] = get_userid_by_user($input['field_value']))) {
$error = true;
$topass['message']['type'] = MESSAGE_ERROR;
$topass['message']['text'] = sprintf($GLOBALS['_lang'][41], $input['field_value']);
}
break;
case FILTER_SENDER_PROFILE:
case FILTER_MESSAGE:
default:
break;
}
require _BASEPATH_ . '/includes/user_functions.inc.php';
require _BASEPATH_ . '/skins_site/' . get_my_skin() . '/lang/my_searches.inc.php';
check_login_member('save_searches');
if (is_file(_BASEPATH_ . '/events/processors/my_searches.php')) {
include _BASEPATH_ . '/events/processors/my_searches.php';
}
$error = false;
$qs = '';
$qs_sep = '';
$topass = array();
$nextpage = 'my_searches.php';
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
$input = array();
// get the input we need and sanitize it
$input['is_default'] = sanitize_and_format_gpc($_POST, 'is_default', TYPE_INT, 0, 0);
$input['alert'] = sanitize_and_format_gpc($_POST, 'alert', TYPE_INT, 0, array());
// make sure $input['alert'] is an array
if (!is_array($input['alert']) && !empty($input['alert'])) {
$input['alert'] = array($input['alert']);
}
if (!$error) {
if (isset($_on_before_update)) {
for ($i = 0; isset($_on_before_update[$i]); ++$i) {
call_user_func($_on_before_update[$i]);
}
}
$query = "UPDATE `{$dbtable_prefix}user_searches` SET `is_default`=0,`alert`=0 WHERE `fk_user_id`='" . $_SESSION[_LICENSE_KEY_]['user']['user_id'] . "'";
if (!($res = @mysql_query($query))) {
trigger_error(mysql_error(), E_USER_ERROR);
}
if (!empty($input['is_default'])) {
File: admin/processors/login.php
$Revision$
Software by: DateMill (http://www.datemill.com)
Copyright by: DateMill (http://www.datemill.com)
Support at: http://www.datemill.com/forum
*******************************************************************************
* See the "docs/licenses/etano.txt" file for license. *
******************************************************************************/
require_once '../../includes/common.inc.php';
require_once '../../includes/admin_functions.inc.php';
$topass = array();
$qs = '';
$qs_sep = '';
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
$username = strtolower(sanitize_and_format_gpc($_POST, 'username', TYPE_STRING, $__field2format[FIELD_TEXTFIELD], ''));
$password = sanitize_and_format_gpc($_POST, 'password', TYPE_STRING, $__field2format[FIELD_TEXTFIELD], '');
if (!empty($username) && !empty($password)) {
$query = "SELECT `admin_id`,`name`,`dept_id`,`status` FROM `{$dbtable_prefix}admin_accounts` WHERE `user`='{$username}' AND `pass`=md5('{$password}')";
if (!($res = @mysql_query($query))) {
trigger_error(mysql_error(), E_USER_ERROR);
}
if (mysql_num_rows($res)) {
$admin = mysql_fetch_assoc($res);
if ($admin['status'] == ASTAT_ACTIVE) {
$_SESSION[_LICENSE_KEY_]['admin'] = array_merge(isset($_SESSION[_LICENSE_KEY_]['admin']) ? $_SESSION[_LICENSE_KEY_]['admin'] : array(), $admin);
$_SESSION[_LICENSE_KEY_]['admin']['def_skin'] = get_default_skin_dir();
if (isset($_SESSION[_LICENSE_KEY_]['admin']['timedout']['url'])) {
$next = $_SESSION[_LICENSE_KEY_]['admin']['timedout'];
unset($_SESSION[_LICENSE_KEY_]['admin']['timedout']);
if ($next['method'] == 'GET') {
if (!empty($next['qs'])) {
}
}
// no need to sanitize
// $output=sanitize_and_format($output,TYPE_STRING,$__field2format[TEXT_DB2EDIT]);
if ($output['message_type'] == MESS_FLIRT) {
$output['flirt_reply'] = true;
}
} else {
trigger_error($GLOBALS['_lang'][120], E_USER_ERROR);
}
$output['lang_263'] = sanitize_and_format($GLOBALS['_lang'][263], TYPE_STRING, $__field2format[TEXT_DB2DISPLAY]);
$output['lang_264'] = sanitize_and_format($GLOBALS['_lang'][264], TYPE_STRING, $__field2format[TEXT_DB2DISPLAY]);
$output['lang_196'] = sanitize_and_format($GLOBALS['_lang'][196], TYPE_STRING, $__field2format[TEXT_DB2DISPLAY]);
$output['lang_197'] = sanitize_and_format($GLOBALS['_lang'][197], TYPE_STRING, $__field2format[TEXT_DB2DISPLAY]);
if (!isset($output['return']) && isset($_GET['return'])) {
$output['return'] = sanitize_and_format_gpc($_GET, 'return', TYPE_STRING, $__field2format[FIELD_TEXTFIELD] | FORMAT_RUENCODE, '');
}
$output['bbcode_message'] = get_site_option('bbcode_message', 'core');
if (empty($output['bbcode_message'])) {
unset($output['bbcode_message']);
}
$tpl->set_file('content', 'message_send.html');
$tpl->set_var('output', $output);
$tpl->process('content', 'content', TPL_OPTIONAL);
$tplvars['page_title'] = sprintf($GLOBALS['_lang'][137], $output['_user_other']);
$tplvars['title'] = $tplvars['page_title'];
$tplvars['page'] = 'message_send';
$tplvars['css'] = 'message_send.css';
if (is_file('message_send_left.php')) {
include 'message_send_left.php';
}
===============================================================================
File: admin/processors/site_skins_delete.php
$Revision$
Software by: DateMill (http://www.datemill.com)
Copyright by: DateMill (http://www.datemill.com)
Support at: http://www.datemill.com/forum
*******************************************************************************
* See the "docs/licenses/etano.txt" file for license. *
******************************************************************************/
require_once '../../includes/common.inc.php';
require_once '../../includes/admin_functions.inc.php';
allow_dept(DEPT_ADMIN);
$qs = '';
$qs_sep = '';
$topass = array();
$module_code = sanitize_and_format_gpc($_GET, 'module_code', TYPE_STRING, $__field2format[FIELD_TEXTFIELD], '');
$query = "SELECT count(*) FROM `{$dbtable_prefix}modules` WHERE `module_type`=" . MODULE_SKIN;
if (!($res = @mysql_query($query))) {
trigger_error(mysql_error(), E_USER_ERROR);
}
if (mysql_result($res, 0, 0) > 1) {
$config = get_site_option(array('is_default', 'skin_dir'), $module_code);
$query = "DELETE FROM `{$dbtable_prefix}site_options3` WHERE `fk_module_code`='{$module_code}'";
if (!($res = @mysql_query($query))) {
trigger_error(mysql_error(), E_USER_ERROR);
}
$query = "DELETE FROM `{$dbtable_prefix}modules` WHERE `module_code`='{$module_code}'";
if (!($res = @mysql_query($query))) {
trigger_error(mysql_error(), E_USER_ERROR);
}
$query = "DELETE FROM `{$dbtable_prefix}lang_strings` WHERE `skin`='{$module_code}'";
$types[$rsrow['fk_module_code']][$rsrow['config_option']] = $rsrow['option_type'];
switch ($rsrow['option_type']) {
case FIELD_CHECKBOX:
$input[$rsrow['fk_module_code']][$rsrow['config_option']] = sanitize_and_format_gpc($_POST, $rsrow['fk_module_code'] . '_' . $rsrow['config_option'], TYPE_STRING, $__field2format[FIELD_TEXTFIELD], 0);
break;
case FIELD_TEXTFIELD:
$input[$rsrow['fk_module_code']][$rsrow['config_option']] = sanitize_and_format_gpc($_POST, $rsrow['fk_module_code'] . '_' . $rsrow['config_option'], TYPE_STRING, $__field2format[FIELD_TEXTFIELD], '');
break;
case FIELD_INT:
$input[$rsrow['fk_module_code']][$rsrow['config_option']] = sanitize_and_format_gpc($_POST, $rsrow['fk_module_code'] . '_' . $rsrow['config_option'], TYPE_INT, 0, 0);
break;
case FIELD_TEXTAREA:
$input[$rsrow['fk_module_code']][$rsrow['config_option']] = sanitize_and_format_gpc($_POST, $rsrow['fk_module_code'] . '_' . $rsrow['config_option'], TYPE_STRING, $__field2format[FIELD_TEXTAREA], '');
break;
case FIELD_SELECT:
$input[$rsrow['fk_module_code']][$rsrow['config_option']] = sanitize_and_format_gpc($_POST, $rsrow['fk_module_code'] . '_' . $rsrow['config_option'], TYPE_INT, 0, 0);
break;
}
}
foreach ($input as $module_code => $v) {
foreach ($v as $config_option => $config_value) {
// with this if() we target date_format because an empty date_format
// could break all dates on the site.
if ($types[$module_code][$config_option] != FIELD_TEXTFIELD || !empty($config_value)) {
$query = "REPLACE INTO `{$dbtable_prefix}user_settings2` SET `fk_user_id`='" . $_SESSION[_LICENSE_KEY_]['user']['user_id'] . "',`config_option`='{$config_option}',`config_value`='{$config_value}',`fk_module_code`='{$module_code}'";
if (isset($_on_before_update)) {
for ($i = 0; isset($_on_before_update[$i]); ++$i) {
call_user_func($_on_before_update[$i]);
}
}
if (!($res = @mysql_query($query))) {
$continue = true;
$input['user'] = sanitize_and_format_gpc($_GET, 'user', TYPE_STRING, $__field2format[FIELD_TEXTFIELD], '');
if (strlen($input['user']) <= 3) {
$topass['message']['text'] = $GLOBALS['_lang'][8];
$topass['message']['type'] = MESSAGE_ERROR;
$where = '';
// force no results returned.
} else {
$where .= " AND a.`_user` LIKE '" . $input['user'] . "%'";
}
break;
case 'net':
$input['acclevel_code'] = 'search_basic';
$continue = true;
$input['fk_user_id'] = sanitize_and_format_gpc($_GET, 'uid', TYPE_INT, 0, 0);
$input['fk_net_id'] = sanitize_and_format_gpc($_GET, 'nid', TYPE_INT, 0, 0);
$select = "b.`fk_user_id_other`";
$from = "`{$dbtable_prefix}user_networks` b," . $from;
$where = "b.`fk_user_id`=" . $input['fk_user_id'] . " AND b.`fk_net_id`=" . $input['fk_net_id'] . " AND b.`nconn_status`=1 AND b.`fk_user_id_other`=a.`fk_user_id` AND " . $where;
break;
case 'new':
$input['acclevel_code'] = 'search_basic';
$continue = true;
$orderby = "ORDER BY a.`date_added` DESC";
break;
case 'online':
$input['acclevel_code'] = 'search_basic';
$continue = true;
$where .= " AND a.`fk_user_id` IN ('" . join("','", array_keys($_list_of_online_members)) . "')";
$skip_cache = true;
break;
$Revision$
Software by: DateMill (http://www.datemill.com)
Copyright by: DateMill (http://www.datemill.com)
Support at: http://www.datemill.com/forum
*******************************************************************************
* See the "docs/licenses/etano.txt" file for license. *
******************************************************************************/
define('NO_SESSION', 1);
require_once '../../includes/common.inc.php';
require_once '../../includes/admin_functions.inc.php';
set_error_handler('general_error');
set_time_limit(0);
ignore_user_abort(true);
ob_end_flush();
if (isset($_SERVER['REMOTE_ADDR'])) {
$lk = sanitize_and_format_gpc($_GET, 'lk', TYPE_STRING, $__field2format[FIELD_TEXTFIELD], '');
if ($lk == _LICENSE_KEY_) {
if (!empty($_GET['run'])) {
include_once dirname(__FILE__) . '/jobs/' . $_GET['run'];
} else {
$day = (int) date('d');
$weekday = (int) date('w');
//0 for sunday
$hour = (int) date('H');
$minute = (int) date('i');
$minute = $minute - $minute % 5;
// allow 4 minutes and 59 seconds run delay
print "time: {$hour}:{$minute}<br>";
$jobs = array();
// every 5 minutes
if ($minute % 5 == 0) {
$input['error_email'] = 'red_border';
}
if (!$error) {
$query = "SELECT `" . USER_ACCOUNT_ID . "` FROM `" . USER_ACCOUNTS_TABLE . "` WHERE `email`='" . $input['email'] . "' LIMIT 1";
if (!($res = @mysql_query($query))) {
trigger_error(mysql_error(), E_USER_ERROR);
}
if (mysql_num_rows($res)) {
$error = true;
$topass['message']['type'] = MESSAGE_ERROR;
$topass['message']['text'][] = sprintf($GLOBALS['_lang'][67], $input['email']);
$input['error_email'] = 'red_border';
}
}
if (get_site_option('use_captcha', 'core')) {
$captcha = sanitize_and_format_gpc($_POST, 'captcha', TYPE_STRING, $__field2format[FIELD_TEXTFIELD], '');
if (!$error && (!isset($_SESSION['captcha_word']) || strcasecmp($captcha, $_SESSION['captcha_word']) != 0)) {
$error = true;
$topass['message']['type'] = MESSAGE_ERROR;
$topass['message']['text'][] = $GLOBALS['_lang'][24];
$input['error_captcha'] = 'red_border';
}
}
unset($_SESSION['captcha_word']);
if (!$error && empty($input['agree'])) {
$error = true;
$topass['message']['type'] = MESSAGE_ERROR;
$topass['message']['text'][] = $GLOBALS['_lang'][68];
$input['error_agree'] = 'red_border';
}
}
<?php
/******************************************************************************
Etano
===============================================================================
File: admin/ajax/get_reject_reason.php
$Revision$
Software by: DateMill (http://www.datemill.com)
Copyright by: DateMill (http://www.datemill.com)
Support at: http://www.datemill.com/forum
*******************************************************************************
* See the "docs/licenses/etano.txt" file for license. *
******************************************************************************/
require_once dirname(__FILE__) . '/../../includes/common.inc.php';
require_once dirname(__FILE__) . '/../../includes/admin_functions.inc.php';
allow_dept(DEPT_ADMIN);
$amtpl_id = sanitize_and_format_gpc($_POST, 'amtpl_id', TYPE_INT, 0, 0);
$output = '';
$query = "SELECT `subject`,`message_body` FROM `{$dbtable_prefix}admin_mtpls` WHERE `amtpl_id`={$amtpl_id}";
if (!($res = @mysql_query($query))) {
trigger_error(mysql_error(), E_USER_ERROR);
}
if (mysql_num_rows($res)) {
$output .= '<reason_title>' . rawurlencode(mysql_result($res, 0, 0)) . '</reason_title>';
$output .= '<reject_reason>' . rawurlencode(mysql_result($res, 0, 1)) . '</reject_reason>';
}
header('Content-type: text/xml');
echo '<result>' . $output . '</result>';
$Revision$
Software by: DateMill (http://www.datemill.com)
Copyright by: DateMill (http://www.datemill.com)
Support at: http://www.datemill.com/forum
*******************************************************************************
* See the "docs/licenses/etano.txt" file for license. *
******************************************************************************/
require_once '../includes/common.inc.php';
require_once '../includes/admin_functions.inc.php';
require_once '../includes/classes/advgraph4.class.php';
allow_dept(DEPT_ADMIN | DEPT_MODERATOR);
$dot_types = array('num_users', 'online_users', 'paid_members');
$type = sanitize_and_format_gpc($_GET, 't', TYPE_STRING, 0, '');
$start_date = sanitize_and_format_gpc($_GET, 'start', TYPE_INT, 0, 0);
// unix time
$end_date = sanitize_and_format_gpc($_GET, 'end', TYPE_INT, 0, 0);
// unix time
$forced_end = false;
if (empty($end_date)) {
$end_date = mktime(0, 0, 0, date('m'), date('d'), date('Y'));
$forced_end = true;
}
if (in_array($type, $dot_types)) {
if (!is_file(_BASEPATH_ . '/tmp/admin/' . $type . $start_date . $end_date . '.png') || isset($_GET['refresh'])) {
$query = "SELECT `value`,UNIX_TIMESTAMP(`time`) as `time` FROM `{$dbtable_prefix}stats_dot` WHERE `dataset`='{$type}'";
if (!empty($start_date)) {
$query .= " AND `time`>='" . date('Ymd', $start_date) . "'";
}
if (!$forced_end) {
$query .= " AND `time`<='" . date('Ymd', $end_date) . "'";
}
require _BASEPATH_ . '/includes/user_functions.inc.php';
require _BASEPATH_ . '/skins_site/' . get_my_skin() . '/lang/blogs.inc.php';
check_login_member('read_blogs');
$tpl = new phemplate(_BASEPATH_ . '/skins_site/' . get_my_skin() . '/', 'remove_nonjs');
$blog = array();
$output = array();
$loop = array();
$blog_id = '';
if (!empty($_GET['bid'])) {
$blog_id = (string) (int) $_GET['bid'];
if (is_file(_CACHEPATH_ . '/blogs/' . $blog_id[0] . '/' . $blog_id . '/blog.inc.php')) {
include _CACHEPATH_ . '/blogs/' . $blog_id[0] . '/' . $blog_id . '/blog.inc.php';
}
$output = $blog;
$year = sanitize_and_format_gpc($_GET, 'y', TYPE_INT, 0, 0);
$month = sanitize_and_format_gpc($_GET, 'm', TYPE_INT, 0, 0);
if (empty($year)) {
$query = "SELECT YEAR(`date_posted`),MONTH(`date_posted`) FROM `{$dbtable_prefix}blog_posts` WHERE `fk_blog_id`={$blog_id} ORDER BY `date_posted` DESC LIMIT 1";
if (!($res = @mysql_query($query))) {
trigger_error(mysql_error(), E_USER_ERROR);
}
if (mysql_num_rows($res)) {
list($year, $month) = mysql_fetch_row($res);
}
} elseif (empty($month)) {
$query = "SELECT YEAR(`date_posted`),MONTH(`date_posted`) FROM `{$dbtable_prefix}blog_posts` WHERE `fk_blog_id`={$blog_id} AND YEAR(`date_posted`)='{$year}' ORDER BY `date_posted` DESC LIMIT 1";
if (!($res = @mysql_query($query))) {
trigger_error(mysql_error(), E_USER_ERROR);
}
if (mysql_num_rows($res)) {
list($year, $month) = mysql_fetch_row($res);
function admin_processor()
{
$error = false;
$my_input = array();
global $input, $__field2format, $dbtable_prefix, $default_skin_code;
if (!$this->is_search) {
$my_input['use_bbcode'] = sanitize_and_format_gpc($_POST, 'use_bbcode', TYPE_INT, 0, 0);
$my_input['use_smilies'] = sanitize_and_format_gpc($_POST, 'use_smilies', TYPE_INT, 0, 0);
$my_input['changes_status'] = sanitize_and_format_gpc($_POST, 'changes_status', TYPE_INT, 0, 0);
$my_input['ta_len'] = sanitize_and_format_gpc($_POST, 'ta_len', TYPE_INT, 0, 0);
$input['custom_config'] = sanitize_and_format(serialize($my_input), TYPE_STRING, FORMAT_ADDSLASH);
} else {
return array();
}
return $error;
}
******************************************************************************/
require_once '../../includes/common.inc.php';
require_once '../../includes/admin_functions.inc.php';
allow_dept(DEPT_ADMIN);
set_time_limit(0);
ignore_user_abort(true);
$error = false;
$qs = '';
$qs_sep = '';
$topass = array();
$nextpage = 'admin/package_install.php';
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
$input = array();
$input['package_path'] = sanitize_and_format_gpc($_POST, 'package_path', TYPE_STRING, $__field2format[FIELD_TEXTFIELD], '');
$input['install_index'] = isset($_POST['install_index']) ? (int) $_POST['install_index'] : -1;
$input['processor'] = sanitize_and_format_gpc($_POST, 'processor', TYPE_STRING, $__field2format[FIELD_TEXTFIELD], '');
$temp = explode('/', $input['package_path']);
$zip_name = $temp[count($temp) - 1] . '.zip';
$qs .= $qs_sep . 'f=' . $zip_name;
$qs_sep = '&';
if (empty($input['package_path'])) {
$error = true;
$topass['message']['type'] = MESSAGE_ERROR;
$topass['message']['text'][] = 'Required parameter \'package_path\' not received from user input!';
}
if ($input['install_index'] == -1) {
$error = true;
$topass['message']['type'] = MESSAGE_ERROR;
$topass['message']['text'][] = 'Required parameter \'install_index\' not received from user input!';
}
if (empty($input['processor'])) {
require_once '../../includes/admin_functions.inc.php';
require_once '../../includes/tables/admin_accounts.inc.php';
allow_dept(DEPT_ADMIN);
$error = false;
$qs = '';
$qs_sep = '';
$topass = array();
$nextpage = 'admin/admin_accounts.php';
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
$input = array();
// get the input we need and sanitize it
foreach ($admin_accounts_default['types'] as $k => $v) {
$input[$k] = sanitize_and_format_gpc($_POST, $k, $__field2type[$v], $__field2format[$v], $admin_accounts_default['defaults'][$k]);
}
$pass2 = sanitize_and_format_gpc($_POST, 'pass2', TYPE_STRING, $__field2format[FIELD_TEXTFIELD], '');
$input['change_pass'] = sanitize_and_format_gpc($_POST, 'change_pass', TYPE_INT, 0, 0);
$input['user'] = strtolower($input['user']);
// check for input errors
if (empty($input['user'])) {
$error = true;
$topass['message']['type'] = MESSAGE_ERROR;
$topass['message']['text'] = 'Please enter the user';
$input['error_user'] = '******';
}
if (empty($input['name'])) {
$error = true;
$topass['message']['type'] = MESSAGE_ERROR;
$topass['message']['text'] = 'Please enter the name';
$input['error_name'] = 'red_border';
}
if ($input['change_pass'] || empty($input['admin_id'])) {
require_once '../includes/admin_functions.inc.php';
allow_dept(DEPT_MODERATOR | DEPT_ADMIN);
$tpl = new phemplate('skin/', 'remove_nonjs');
$returned = false;
$output = array();
if (isset($_SESSION['topass']['input'])) {
$output = $_SESSION['topass']['input'];
// our 'return' here was decoded in the processor
$output['return'] = rawurlencode($output['return']);
$returned = true;
} else {
$output['t'] = sanitize_and_format_gpc($_GET, 't', TYPE_INT, 0, 0);
$output['id'] = sanitize_and_format_gpc($_GET, 'id', TYPE_INT, 0, 0);
$output['return2'] = sanitize_and_format_gpc($_GET, 'return', TYPE_STRING, $__field2format[FIELD_TEXTFIELD], '');
$output['return'] = rawurlencode($output['return2']);
$output['m'] = sanitize_and_format_gpc($_GET, 'm', TYPE_STRING, 0, '');
}
$query = "SELECT `amtpl_id`,`amtpl_name`,`subject`,`message_body` FROM `{$dbtable_prefix}admin_mtpls` WHERE `amtpl_type`=" . $output['t'];
if (!($res = @mysql_query($query))) {
trigger_error(mysql_error(), E_USER_ERROR);
}
$amtpls = array();
$i = 0;
while ($rsrow = mysql_fetch_assoc($res)) {
$rsrow = sanitize_and_format($rsrow, TYPE_STRING, $__field2format[TEXT_DB2EDIT]);
$amtpls[$rsrow['amtpl_id']] = $rsrow['amtpl_name'];
if ($i == 0 && !$returned) {
$output['reason_title'] = $rsrow['subject'];
$output['reject_reason'] = $rsrow['message_body'];
}
$i++;
Support at: http://www.datemill.com/forum
*******************************************************************************
* See the "docs/licenses/etano.txt" file for license. *
******************************************************************************/
require '../includes/common.inc.php';
require _BASEPATH_ . '/includes/admin_functions.inc.php';
allow_dept(DEPT_MODERATOR | DEPT_ADMIN);
// cleanup after an 'impersonate user' action
if (isset($_GET['clean_user_session'])) {
$_SESSION[_LICENSE_KEY_]['user'] = array();
unset($_SESSION[_LICENSE_KEY_]['user']);
}
$tpl = new phemplate('skin/', 'remove_nonjs');
$output = array('_user' => '');
// needed for the title
$output['search_md5'] = sanitize_and_format_gpc($_GET, 'search', TYPE_STRING, $__field2format[FIELD_TEXTFIELD], '');
$uid = 0;
if (!empty($_GET['uid'])) {
$uid = (int) $_GET['uid'];
if (!empty($output['search_md5']) && isset($_GET['go']) && ($_GET['go'] == 1 || $_GET['go'] == -1)) {
$query = "SELECT `results` FROM `{$dbtable_prefix}site_searches` WHERE `search_md5`='" . $output['search_md5'] . "'";
if (!($res = @mysql_query($query))) {
trigger_error(mysql_error(), E_USER_ERROR);
}
if (mysql_num_rows($res)) {
$user_ids = mysql_result($res, 0, 0);
$user_ids = explode(',', $user_ids);
$key = array_search($uid, $user_ids) + $_GET['go'];
if (isset($user_ids[$key])) {
$uid = (int) $user_ids[$key];
}
Etano
===============================================================================
File: admin/file_edit.php
$Revision$
Software by: DateMill (http://www.datemill.com)
Copyright by: DateMill (http://www.datemill.com)
Support at: http://www.datemill.com/forum
*******************************************************************************
* See the "docs/licenses/etano.txt" file for license. *
******************************************************************************/
require_once '../includes/common.inc.php';
require_once '../includes/admin_functions.inc.php';
allow_dept(DEPT_ADMIN);
$tpl = new phemplate('skin/', 'remove_nonjs');
$output = array();
$output['file'] = str_replace('..', '', preg_replace('~[^a-zA-Z0-9\\._/-]~', '', sanitize_and_format_gpc($_GET, 'f', TYPE_STRING, $__field2format[FIELD_TEXTFIELD], '')));
if (!empty($output['file']) && $output['file'][0] == '/') {
$output['file'] = substr($output['file'], 1);
}
$file = _BASEPATH_ . '/' . $output['file'];
$mode = isset($_GET['m']) ? (int) $_GET['m'] : 1;
if (is_file($file)) {
$output['file_content'] = str_replace(array('{', '}'), array('{', '}'), sanitize_and_format(file_get_contents($file), TYPE_STRING, $__field2format[TEXT_DB2EDIT]));
}
$tpl->set_file('content', 'file_edit.html');
$output['path'] = urlencode(pathinfo($output['file'], PATHINFO_DIRNAME));
$tpl->set_var('output', $output);
$tpl->process('content', 'content', TPL_OPTIONAL);
$tplvars['title'] = 'File editor';
$tplvars['css'] = 'file_edit.css';
$tplvars['page'] = 'file_edit';
$error = false;
$qs = '';
$qs_sep = '';
$topass = array();
$nextpage = 'my_photos.php';
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
$input = array();
// get the input we need and sanitize it
foreach ($user_photos_default['types'] as $k => $v) {
$input[$k] = sanitize_and_format_gpc($_POST, $k, $__field2type[$v], $__field2format[$v], array());
}
if (empty($input['is_main'])) {
$input['is_main'] = 0;
}
if (!empty($_POST['return'])) {
$input['return'] = sanitize_and_format_gpc($_POST, 'return', TYPE_STRING, $__field2format[FIELD_TEXTFIELD] | FORMAT_RUDECODE, '');
$nextpage = $input['return'];
}
if (isset($_on_after_post)) {
for ($i = 0; isset($_on_after_post[$i]); ++$i) {
call_user_func($_on_after_post[$i]);
}
}
if (!$error) {
$input['caption'] = remove_banned_words($input['caption']);
$query = "SELECT `photo_id`,`caption`,`is_main`,`photo`,`status` FROM `{$dbtable_prefix}user_photos` WHERE `photo_id` IN ('" . join("','", array_keys($input['caption'])) . "') AND `fk_user_id`='" . $_SESSION[_LICENSE_KEY_]['user']['user_id'] . "'";
if (!($res = @mysql_query($query))) {
trigger_error(mysql_error(), E_USER_ERROR);
}
$old_captions = array();
$old_main = 0;
File: admin/ajax/search_custom_config.php
$Revision: 610 $
Software by: DateMill (http://www.datemill.com)
Copyright by: DateMill (http://www.datemill.com)
Support at: http://www.datemill.com/forum
*******************************************************************************
* See the "docs/licenses/etano.txt" file for license. *
******************************************************************************/
require_once dirname(__FILE__) . '/../../includes/common.inc.php';
require_once dirname(__FILE__) . '/../../includes/admin_functions.inc.php';
allow_dept(DEPT_ADMIN);
$towrite = '';
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
$output = array();
$pfield_id = sanitize_and_format_gpc($_POST, 'pfield_id', TYPE_INT, 0, 0);
$search_type = sanitize_and_format_gpc($_POST, 'search_type', TYPE_STRING, $__field2format[FIELD_TEXTFIELD], '');
if (!empty($pfield_id)) {
$query = "SELECT `pfield_id`,`fk_lk_id_label`,`field_type`,`searchable`,`search_type`,`for_basic`,`fk_lk_id_search`,`at_registration`,`reg_page`,`required`,`editable`,`visible`,`dbfield`,`fk_lk_id_help`,`fk_pcat_id`,`custom_config`,`fn_on_change`,`order_num` FROM `{$dbtable_prefix}profile_fields2` WHERE `pfield_id`={$pfield_id}";
if (!($res = @mysql_query($query))) {
trigger_error(mysql_error(), E_USER_ERROR);
}
if (mysql_num_rows($res)) {
$output = mysql_fetch_assoc($res);
$temp = unserialize($output['custom_config']);
unset($output['custom_config']);
if (is_array($temp)) {
$output = array_merge($output, $temp);
}
}
}
// we need this as a global var because it is used by $search_field->edit_admin()
