function show_comments_page($dbconn, $diary_login)
{
$nid = (int) $_GET['nid'];
// Get Note
$sql = "SELECT u.uid, n.* FROM " . TABLE_USERS . " AS u, " . TABLE_NOTES . " AS n WHERE u.login='******' AND n.uid=u.uid AND n.nid='" . $nid . "' LIMIT 1";
$result = pg_query($sql) or die(pg_last_error($dbconn));
if (pg_num_rows($result) == 0) {
show_error_page($dbconn, $diary_login, "no such note!");
return;
} else {
$datanote = pg_fetch_object($result, NULL);
pg_free_result($result);
$sql = "SELECT u.uid, s.format_note, s.page_comments, s.format_comment FROM " . TABLE_SETTINGS . " AS s, " . TABLE_USERS . " AS u WHERE u.login='******' AND s.uid=u.uid LIMIT 1";
$result = pg_query($sql) or die(pg_last_error($dbconn));
$dataformat = pg_fetch_object($result, NULL);
// Strip link to add comment and number of comments
$dataformat->format_note = preg_replace('/(<a.* href="{hrefcomment}")(.+)(.*>)/', '', $dataformat->format_note);
$dataformat->format_note = preg_replace('/(.?{commentscount}.?)/', '', $dataformat->format_note);
$note = assign_vars($dataformat->format_note, array('{subject}' => $datanote->subject, '{contents}' => $datanote->contents, '{date}' => date("d-m-Y", $datanote->timestamp), '{time}' => date("H:i:s", $datanote->timestamp)));
$comments = get_comments($dbconn, $diary_login, $dataformat->format_comment, $nid);
$sql = "SELECT COUNT(c.*) AS commentscount FROM " . TABLE_USERS . " AS u, " . TABLE_COMMENTS . " AS c WHERE c.nid='" . $nid . "' AND c.uid=u.uid AND u.login='******'";
$result = pg_query($sql) or die(pg_last_error($dbconn));
$datacount = pg_fetch_object($result, NULL);
pg_free_result($result);
$commentscount = (int) $datacount->commentscount;
echo assign_vars($dataformat->page_comments, array('{login}' => $diary_login, '{note}' => $note, '{comments}' => $comments, '{commentscount}' => $commentscount, '{hrefcommentadd}' => 'http://' . $_SERVER['SERVER_NAME'] . '/' . PAGE_COMMENTS . '&nid=' . $nid . '&action=add'));
}
}
function get_archive_notes($dbconn, $diary_login, $format, $month, $year)
{
$notes = '';
$tmp = $format;
$sql = "SELECT u.uid, n.* FROM " . TABLE_USERS . " AS u, " . TABLE_NOTES . " AS n WHERE u.login='******' AND n.uid=u.uid AND n.year='" . $year . "' AND n.month='" . $month . "'";
$result = pg_query($sql) or die(pg_last_error($dbconn));
if (pg_num_rows($result) == 0) {
show_error_page($dbconn, $diary_login, "brak notek z tego okresu!");
return;
}
// pg_free_result($result);
while ($data = pg_fetch_object($result, NULL)) {
$sql2 = "SELECT COUNT(*) AS commentscount FROM " . TABLE_USERS . " AS u, " . TABLE_COMMENTS . " AS c WHERE u.login='******' AND c.uid=u.uid AND c.nid='" . $data->nid . "'";
$result2 = pg_query($sql2) or die(pg_last_error($dbconn));
$data2 = pg_fetch_object($result2, NULL);
$notes .= assign_vars($format, array('{subject}' => '<a href="http://' . $_SERVER['SERVER_NAME'] . '/' . PAGE_ARCHIVE . '&nid=' . $data->nid . '">' . $data->subject . '</a>', '{contents}' => $data->contents, '{date}' => date("d-m-Y", $data->timestamp), '{time}' => date("H:i:s", $data->timestamp), '{hrefcomment}' => 'http://' . $_SERVER['SERVER_NAME'] . '/' . PAGE_COMMENTS . '&nid=' . $data->nid, '{commentscount}' => (int) $data2->commentscount));
pg_free_result($result2);
}
return $notes;
}
/**
* Show a production error page for the given status code.
*
* @param int $statsuCode
* @return Illuminate\Http\Response
*/
function show_error_page($statusCode)
{
try {
// Firstly we'll try to make a view for the status code. The
// default theme ships with these views, but just for safety
// (in-case the theme system is what's causing the error)
// we also include duplicated views under app/views.
$string = View::make("errors/{$statusCode}");
} catch (Exception $e) {
// If we got an exception thrown in the process of loading the error
// view and our status code is not 500, the view probably doesn't
// exist. So we don't leave the users hanging, we'll attempt to
// show a 500 error page.
if ($statusCode != 500) {
return show_error_page(500);
}
// However, if we got this far, we'll simply return a string
// which lets the user know something's horribly wrong.
// This is basically a worst-case scenario.
$string = '500 Internal Server Error';
}
return Response::make($string, $statusCode);
}
jadi app ini bisa ditaroh dimana aja gk harus di document root apache
yeah.... :-)
*/
// pr($baseURI);exit;
$getURI = null;
if ($baseURI) {
$explURI = explode('/', $baseURI);
if ($explURI) {
foreach ($explURI as $key => $URI) {
if ($URI != "") {
$getURI[] = $URI;
}
}
} else {
// URI tidak didefinisi
show_error_page('URI not defined');
exit;
}
}
$vPage = form_validation($getURI);
// pr($vPage);exit;
if ($vPage) {
$validation['pid'] = @$vPage[0];
$validation['act'] = @$vPage[1];
$validation['det'] = @$vPage['det'];
}
// pr($validation);exit;
if (isset($validation)) {
if (isset($validation['pid'])) {
if ($validation['pid'] == '') {
$setPage = $CONFIG['admin']['default_view'];
function loadLeftView($fileName, $data = "")
{
global $CONFIG, $basedomain;
$php_ext = $CONFIG[$this->configkey]['php_ext'];
if ($data != '') {
/* Ubah subkey menjadi key utama */
foreach ($data as $key => $value) {
${$key} = $value;
}
}
/* include file view */
if (is_file(APP_VIEW . $fileName . $php_ext)) {
if ($fileName != '') {
$fileName = $fileName . '.php';
}
include APP_VIEW . $fileName;
return ob_get_clean();
} else {
show_error_page('File not exist');
return FALSE;
}
//return TRUE;
}
function loadView($fileName = 'home', $data = "")
{
global $CONFIG, $basedomain, $rootpath, $app_domain;
if ($fileName == "") {
return false;
}
if (array_key_exists('admin', $CONFIG)) {
$this->configkey = 'admin';
}
if (array_key_exists('dashboard', $CONFIG)) {
$this->configkey = 'dashboard';
}
if (array_key_exists('services', $CONFIG)) {
$this->configkey = 'services';
}
$getFileView = null;
// $php_ext = $CONFIG[$this->configkey]['php_ext'];
$html_ext = $CONFIG[$this->configkey]['html_ext'];
if ($data != '') {
/* Ubah subkey menjadi key utama */
foreach ($data as $key => $value) {
${$key} = $value;
}
}
if (!$this->view) {
$this->view = $this->setSmarty();
}
$this->view->assign('basedomain', $basedomain);
$this->view->assign('app_domain', $app_domain);
$this->view->assign('rootpath', $rootpath);
$fullFileName = APP_VIEW . $fileName . $html_ext;
// pr($fullFileName);
/* include file view */
if (is_file($fullFileName)) {
if ($fileName != '') {
$fileName = $fileName . $html_ext;
}
if (file_exists(APP_VIEW . $fileName)) {
ob_start();
// include APP_VIEW.$fileName;
$this->view->display(APP_VIEW . $fileName);
$getFileView = ob_get_contents();
ob_end_clean();
return $getFileView;
} else {
show_error_page('File not exist');
die;
}
} else {
show_error_page('File not exist');
die;
}
//return TRUE;
}
* --------------------------------------------------------------- *
* This script is NOT freeware! Please read the Copyright Notice *
* (Licence.txt) for further information. *
* *
*************************************************************************/
$templates_used = 'lightbox,thumbnail_bit';
$main_template = 'lightbox';
define('GET_CACHES', 1);
define('ROOT_PATH', './');
define('MAIN_SCRIPT', __FILE__);
include ROOT_PATH . 'global.php';
require ROOT_PATH . 'includes/sessions.php';
$user_access = get_permission();
include ROOT_PATH . 'includes/page_header.php';
if ($user_info['user_level'] == GUEST || $user_info['user_level'] == USER_AWAITING) {
show_error_page($lang['lightbox_register']);
}
//-----------------------------------------------------
//--- Show Images -------------------------------------
//-----------------------------------------------------
$imgtable_width = ceil(intval($config['image_table_width']) / $config['image_cells']);
if (substr($config['image_table_width'], -1) == "%") {
$imgtable_width .= "%";
}
$download_allowed = false;
$num_rows_all = 0;
$num_rows = 0;
if (!empty($user_info['lightbox_image_ids'])) {
$image_id_sql = str_replace(" ", ", ", trim($user_info['lightbox_image_ids']));
$sql = "SELECT COUNT(image_id) AS images\n FROM " . IMAGES_TABLE . "\n WHERE image_active = 1 AND image_id IN ({$image_id_sql}) AND cat_id NOT IN (" . get_auth_cat_sql("auth_viewcat", "NOTIN") . ")";
$result = $site_db->query_firstrow($sql);
function code_main()
{
// check if a session (w/ login) exists
if (!isset($_SESSION['logged_in']) || $_SESSION['logged_in'] != "yes") {
code_login_page();
}
// check if we're trying to get metadata details. if so, chop up the request
if (isset($_REQUEST['details_for']) && !empty($_REQUEST['details_for'])) {
list($details_for_resource, $details_for_class) = explode("|", $_REQUEST['details_for']);
} else {
$details_for_resource = "";
$details_for_class = "";
}
// set things up
$rets = new phRETS();
$rets->AddHeader("Accept", "*/*");
$rets->AddHeader("RETS-Version", "RETS/{$_SESSION['rets_version']}");
$rets->AddHeader("User-Agent", $_SESSION['user_agent']);
$rets->SetParam("cookie_file", $GLOBALS['cookie_file_name']);
$rets->SetParam("compression_enabled", true);
if ($_SESSION['force_basic'] == "true") {
$rets->SetParam("force_basic_authentication", true);
}
// make first connection
$connect = $rets->Connect($_SESSION['login_url'], $_SESSION['username'], $_SESSION['password'], $_SESSION['ua_pwd']);
if (!$connect) {
$error_details = $rets->Error();
$error_text = strip_tags($error_details['text']);
$error_type = strtoupper($error_details['type']);
show_error_page("<center><span style='color:red;font-weight:bold;'>{$error_type} ({$error_details['code']}) {$error_text}</span></center>");
}
$resource_info = $rets->GetMetadataInfo();
page_header("Server Information");
echo "<div class='box'>\n\t<div class='box_heading dark-bg'>Server Information</div>\n\t<div class='box_content light-bg'>\n\t\t<table border='0' cellpadding='1' cellspacing='1' width='100%'>\n\t\t";
// read back information from connection request
$rets_server_information = $rets->GetServerInformation();
echo "<tr><td width='25%' valign='top'><b>RETS Server:</b></td><td width='75%' class='detail'>{$rets_server_information['SystemDescription']}</td></tr>\n";
echo "<tr><td valign='top'><b>RETS System ID:</b></td><td class='detail'>{$rets_server_information['SystemID']}</td></tr>\n";
if (array_key_exists('TimeZoneOffset', $rets_server_information) && !empty($rets_server_information['TimeZoneOffset'])) {
echo "<tr><td valign='top'><b>Server Timezone:</b></td><td class='detail'>{$rets_server_information['TimeZoneOffset']}</td></tr>\n";
}
// read back information from connection request
$full_login_url = $rets->GetLoginURL();
echo "<tr><td valign='top'><b>Login URL:</b></td><td class='detail'>{$full_login_url}</td></tr>\n";
// read back information from connection request
$server_version = preg_replace('/RETS\\//', '', $rets->GetServerVersion());
echo "<tr><td valign='top'><b>RETS Version:</b></td><td class='detail'>{$server_version}</td></tr>\n";
// read back information from connection request
$server_software = $rets->GetServerSoftware();
if (empty($server_software)) {
$server_software = "(unknown)";
}
echo "<tr><td valign='top'><b>Server Software:</b></td><td class='detail'>{$server_software}</td></tr>\n";
// read back information from connection request
$auth_support = "";
if ($rets->CheckAuthSupport("digest") == true) {
$auth_support .= "Digest, ";
}
if ($rets->CheckAuthSupport("basic") == true) {
$auth_support .= "Basic, ";
}
$auth_support = preg_replace('/\\, $/', '', $auth_support);
if (empty($auth_support)) {
$auth_support = "(unknown - assuming Basic)";
// cURL blindly sends the login information if Basic so it doesn't give us a chance to auto-detect
}
echo "<tr><td valign='top'><b>Authen. Supported:</b></td><td class='detail'>{$auth_support}</td></tr>\n";
// read back information from login response
$transactions = $rets->GetAllTransactions();
$transactions_list = "";
foreach ($transactions as $transaction) {
$transactions_list .= "<acronym title='{$rets->capability_url[$transaction]}'>{$transaction}</acronym>, ";
}
$transactions_list = preg_replace('/\\, $/', '', $transactions_list);
echo "<tr><td valign='top'><b>Transactions Supported:</b></td><td class='detail'>{$transactions_list}</td></tr>\n";
// make first general GetMetadata request to see what's there
$rets_metadata_types = $rets->GetMetadataTypes();
$resources_avail = "";
foreach ($rets_metadata_types as $resource) {
$resources_avail .= "<a href='#md-{$resource['Resource']}'>{$resource['Resource']}</a>, ";
}
$resources_avail = preg_replace('/\\, $/', '', $resources_avail);
echo "<tr><td valign='top'><b>Metadata Resources:</b></td><td class='detail'>{$resources_avail}</td></tr>\n";
echo "\t\t</table>\n\t</div>\n\t</div>\n\t";
echo "\n<div class='box'>\n\t<div class='box_heading dark-bg'>Metadata Information</div>\n\t<div class='box_content light-bg'>\n\n";
$metadata_keyfield = array();
$metadata_details_pulldown = "";
foreach ($rets_metadata_types as $resource) {
echo "<a name='md-{$resource['Resource']}'></a>";
$metadata_details_pulldown .= "<optgroup label='{$resource['Resource']}'>";
echo "<div class='box-inner white-bg'>";
echo "<b>{$resource['Resource']}</b><br/><br/>\n";
echo "<span style='font-size: 8pt;'>";
foreach ($resource['Data'] as $class) {
$this_selected = $details_for_resource == $resource['Resource'] && $details_for_class == $class['ClassName'] ? " selected='selected'" : "";
$metadata_details_pulldown .= "<option value='{$resource['Resource']}|{$class['ClassName']}'{$this_selected}>{$class['ClassName']} - {$class['VisibleName']} - {$class['Description']}</option>";
echo " · <b><a href='' class='resource-class-link' data-resource='{$resource['Resource']}' data-class='{$class['ClassName']}' title='SystemName: {$class['ClassName']} StandardName: {$class['StandardName']}'>{$class['ClassName']}</a></b> - {$class['VisibleName']} - {$class['Description']}<br/>";
echo " StandardName: {$class['StandardName']} Last Updated: {$class['TableDate']} Version: {$class['TableVersion']}<br/>";
echo "<br/>\n";
}
$metadata_details_pulldown .= "</optgroup>";
echo "</span>\n";
echo "</div>\n\n";
}
echo "\n\n\t</div>\n</div>\n";
echo "\n<div class='box'>\n\t<a name='md-details' id='md-details'></a>\n\t<div class='box_heading dark-bg'>Metadata Details</div>\n\t<div class='box_content light-bg'>\n\n";
echo "<center><select name='details_for' id='resource-class-selector' ><option value=''></option>{$metadata_details_pulldown}</select></center><br/>";
echo "\n\n\t\t<div id='md-details-content'>\n\n\t\t</div>\n\n\t</div>\n</div>\n";
echo "\n<div style='text-align: center;'>\n<p><img src='{$GLOBALS['media_url']}search-icon-grey.gif' alt='Searchable Field'/> Searchable Field <img src='{$GLOBALS['media_url']}skey.png' alt='Key Field'/> Key Field <img src='{$GLOBALS['media_url']}star.png' alt='Required'/> Required <img src='{$GLOBALS['media_url']}heart.png' alt='InKeyIndex'/> InKeyIndex</p>\n</div>\n";
// disconnect from RETS server
$rets->Disconnect();
page_footer();
}
Diarusie is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with Foobar; if not, write to the Free Software
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
session_start();
define('IN_DIARY', true);
define('ROOT_PATH', realpath('./') . '/');
define('INCLUDE_PATH', realpath(ROOT_PATH . '../include') . '/');
setlocale(LC_ALL, 'en_EN');
bindtextdomain("diarusie", INCLUDE_PATH . 'locale/');
textdomain("diarusie");
bind_textdomain_codeset("diarusie", 'UTF-8');
//echo _("Welcome!");
@(include_once ROOT_PATH . 'extension.inc');
@(include_once INCLUDE_PATH . 'common.inc.' . PHP_EXT);
$dbconn = connect_db() or die("ups db!");
$diary_login = get_diary_login();
if (@(!$_SESSION['ip'])) {
$_SESSION['ip'] = guess_ip();
}
if (@$_GET['code'] == 404) {
show_error_page($dbconn, $diary_login, "Nie znaleziono zadanego pliku na serwerze " . $_SERVER['SERVER_NAME']);
} else {
echo "NIEZNANY KOD";
}
function csrf_check($use_show_error = false)
{
global $HTTP_SERVER_VARS, $HTTP_POST_VARS, $site_sess, $csrf_protection_name, $csrf_protection_expires;
if ($HTTP_SERVER_VARS['REQUEST_METHOD'] !== 'POST') {
return;
}
if (isset($HTTP_POST_VARS[$csrf_protection_name])) {
$session = $site_sess->get_session_var($csrf_protection_name);
if (!is_array($session)) {
return false;
}
$found = false;
foreach ($session as $token => $time) {
if (!secure_compare($token, (string) $HTTP_POST_VARS[$csrf_protection_name])) {
continue;
}
if ($csrf_protection_expires) {
if (time() <= $time + $csrf_protection_expires) {
$found = true;
} else {
unset($session[$token]);
}
} else {
$found = true;
}
break;
}
$site_sess->set_session_var($csrf_protection_name, $session);
if ($found) {
return;
}
}
header($HTTP_SERVER_VARS['SERVER_PROTOCOL'] . ' 403 Forbidden');
if ($use_show_error) {
csrf_rewrite();
show_error_page('CSRF check failed.');
} else {
echo "<html><head><title>CSRF check failed</title></head><body>CSRF check failed.</body></html>";
exit;
}
}
$action = "previewcard";
$main_template = "postcard_preview";
}
}
}
if ($action == "showcard") {
$expiry = time() - 60 * 60 * 24 * POSTCARD_EXPIRY;
$sql = "DELETE FROM " . POSTCARDS_TABLE . "\n WHERE (postcard_date < {$expiry})";
$site_db->query($sql);
if (!$postcard_id) {
redirect("index.php");
} else {
$sql = "SELECT p.postcard_id, p.image_id, p.postcard_date, p.postcard_bg_color, p.postcard_border_color, p.postcard_font_color, p.postcard_font_face, p.postcard_sender_name, p.postcard_sender_email, p.postcard_recipient_name, p.postcard_recipient_email, p.postcard_headline, p.postcard_message, i.image_name, i.cat_id, i.image_media_file, i.image_thumb_file\n FROM (" . POSTCARDS_TABLE . " p, " . IMAGES_TABLE . " i)\n WHERE p.postcard_id = '{$postcard_id}' AND p.image_id = i.image_id";
$image_row = $site_db->query_firstrow($sql);
if (!$image_row) {
show_error_page($lang['invalid_postcard_id']);
} else {
$image = get_media_code($image_row['image_media_file'], $image_row['image_id'], $image_row['cat_id'], $image_row['image_name'], $mode, 1);
$thumbnail = get_thumbnail_code($image_row['image_media_file'], $image_row['image_thumb_file'], $image_row['image_id'], $image_row['cat_id'], $image_row['image_name'], $mode);
$image_name_link = "<a href=\"" . $site_sess->url(ROOT_PATH . "details.php?" . URL_IMAGE_ID . "=" . $image_row['image_id']) . "\">" . format_text($image_row['image_name']) . "</a>";
$site_template->register_vars(array("image" => $image, "thumbnail" => $thumbnail, "image_name_link" => $image_name_link, "bg_color" => format_text($image_row['postcard_bg_color'], 2), "border_color" => format_text($image_row['postcard_border_color'], 2), "font_color" => format_text($image_row['postcard_font_color'], 2), "font_face" => format_text($image_row['postcard_font_face'], 2), "sender_name" => format_text($image_row['postcard_sender_name'], 2), "sender_email" => format_text($image_row['postcard_sender_email'], 2), "recipient_name" => format_text($image_row['postcard_recipient_name'], 2), "recipient_email" => format_text($image_row['postcard_recipient_email'], 2), "headline" => format_text($image_row['postcard_headline'], 2), "message" => format_text($image_row['postcard_message'], 0)));
}
}
}
if ($action == "previewcard") {
$error = 0;
$bg_color = un_htmlspecialchars(trim($HTTP_POST_VARS['bg_color']));
$border_color = un_htmlspecialchars(trim($HTTP_POST_VARS['border_color']));
$font_color = un_htmlspecialchars(trim($HTTP_POST_VARS['font_color']));
$font_face = un_htmlspecialchars(trim($HTTP_POST_VARS['font_face']));
$sender_name = un_htmlspecialchars(trim($HTTP_POST_VARS['sender_name']));
<?php
/**
* Koodi include auth protsessiloogika arusaadavuse tagamiseks.
* Vajab $u objekti. Loob lokaalseks arvepidamiseks uued olemid.
*
* @author: walker
*/
if (!isset($d)) {
$d = new DATABASE();
$d->debug = $w->debug;
if (!$d->connect(DB_HOST, DB_USER, DB_PASS, DATABASE)) {
$t->errors[ERROR][] = 'C001 ' . $l->txt_err_open_database;
show_error_page($t, $o);
// todo - erinevad tekstid
}
}
$s = new SESSION($d);
$s->debug = $w->debug;
$s->d = $d;
// Kas selline ettevõte eksisteerib juba lokaalses andmebaasis?
if (!$s->get_organization_id($u->company)) {
$c->name = $u->company;
$c->country_id = '1';
// TODO
if (!$s->create_organization($c)) {
$t->errors[ERROR][] = 'L005 ' . $l->txt_err_user_update;
show_login_page($t, $o);
}
unset($c);
}
@(include_once INCLUDE_PATH . 'common.inc.' . PHP_EXT);
$dbconn = connect_db() or die("ups db!");
$diary_login = get_diary_login();
if (@(!$_SESSION['ip'])) {
$_SESSION['ip'] = guess_ip();
}
switch (@$_GET['page']) {
case 'archive':
include INCLUDE_PATH . 'archive.inc.' . PHP_EXT;
if (@$_GET['nid'] >= 1) {
show_archive_page($dbconn, $diary_login, SHOW_NOTE);
} else {
if (@$_GET['month'] >= 1 && @$_GET['month'] <= 12) {
show_archive_page($dbconn, $diary_login, SHOW_MONTH);
} else {
show_error_page($dbconn, $diary_login, "turlaj dropsy petaku!");
}
}
break;
case 'comments':
include INCLUDE_PATH . 'comments.inc.' . PHP_EXT;
switch (@$_GET['action']) {
case 'add':
show_comment_add_page($dbconn, $diary_login);
break;
default:
if (!empty($_POST)) {
if (!$_POST['author'] || !$_POST['contents']) {
header("Location: http://" . $_SERVER['SERVER_NAME'] . "/" . PAGE_COMMENTS . "&nid=" . $_POST['nid'] . "&action=add");
} else {
add_comment_contents($dbconn, get_diary_uid());
$main_template = 0;
$nozip = 1;
define('ROOT_PATH', './');
include ROOT_PATH . 'global.php';
require ROOT_PATH . 'includes/sessions.php';
$error = 0;
if ($user_info['user_level'] != GUEST || empty($HTTP_POST_VARS['user_name']) || empty($HTTP_POST_VARS['user_password'])) {
if (!preg_match("/index\\.php/", $url) && !preg_match("/login\\.php/", $url) && !preg_match("/register\\.php/", $url) && !preg_match("/member\\.php/", $url)) {
redirect($url);
} else {
redirect("index.php");
}
} else {
$user_name = trim($HTTP_POST_VARS['user_name']);
$user_password = trim($HTTP_POST_VARS['user_password']);
$auto_login = isset($HTTP_POST_VARS['auto_login']) && $HTTP_POST_VARS['auto_login'] == 1 ? 1 : 0;
if ($site_sess->login($user_name, $user_password, $auto_login)) {
if (!preg_match("/index\\.php/", $url) && !preg_match("/login\\.php/", $url) && !preg_match("/register\\.php/", $url) && !preg_match("/member\\.php/", $url)) {
redirect($url);
} else {
redirect("index.php");
}
} else {
$error = $lang['invalid_login'];
}
}
if ($error) {
$main_template = "error";
include ROOT_PATH . 'includes/page_header.php';
show_error_page($error);
}
$msg .= ($msg != "" ? "<br />" : "") . $lang['update_password_confirm_error'];
$error = 1;
}
if (!$error) {
$user_password_hashed = salted_hash($user_password);
$sql = "UPDATE " . USERS_TABLE . "\n SET " . get_user_table_field("", "user_password") . " = '" . $user_password_hashed . "'\n WHERE " . get_user_table_field("", "user_id") . " = " . $user_info['user_id'];
$site_db->query($sql);
$msg = $lang['update_password_success'];
$user_info = $site_sess->load_user_info($user_info['user_id']);
}
$action = "editprofile";
}
if ($action == "editprofile") {
$txt_clickstream = $lang['control_panel'];
if ($user_info['user_level'] == GUEST) {
show_error_page($lang['no_permission']);
exit;
}
$user_name = $user_info['user_name'];
if (!$update_process) {
$user_email = $user_info['user_email'];
$user_email2 = $user_info['user_email'];
$user_showemail = $user_info['user_showemail'];
$user_allowemails = $user_info['user_allowemails'];
$user_invisible = $user_info['user_invisible'];
$user_homepage = $user_info['user_homepage'];
$user_icq = $user_info['user_icq'];
}
if ($user_showemail == 1) {
$user_showemail_yes = " checked=\"checked\"";
$user_showemail_no = "";
| us to have error handling setup before we boot our application.
|
*/
require __DIR__ . '/errors.php';
/*
|--------------------------------------------------------------------------
| Maintenance Mode Handler
|--------------------------------------------------------------------------
|
| The "down" Artisan command gives you the ability to put an application
| into maintenance mode. Here, you will define what is displayed back
| to the user if maintenance mode is in effect for the application.
|
*/
App::down(function () {
return show_error_page(503);
});
/*
|--------------------------------------------------------------------------
| Require The Functions File
|--------------------------------------------------------------------------
|
| We will require a file which you can define any custom functions for
| your application, before any usage of these functions occurs. This
| is just a convenient way to organize your code.
|
*/
require app_path() . '/functions.php';
/*
|--------------------------------------------------------------------------
| Require The Hooks File
<?php
/*
|--------------------------------------------------------------------------
| Application Error Handler
|--------------------------------------------------------------------------
|
| Here you may handle any errors that occur in your application, including
| logging them or displaying custom views for specific errors. You may
| even register several error handlers to handle different types of
| exceptions. If nothing is returned, the default error view is
| shown, which includes a detailed stack trace during debug.
|
*/
App::error(function (Exception $exception, $code) {
Log::error($exception);
if (Config::get('app.debug') === false) {
return show_error_page($code);
}
});
