Example #1
0
 acceptrequest('sitename,siteurl,sitelogo,siteintro');
 if ($config['applylinkvalidation'] == 1) {
     acceptrequest('securitycode');
     if ($db_defaultsessdir != 1) {
         session_save_path("./{$db_tmpdir}");
     }
     session_cache_limiter("private, must-revalidate");
     session_start();
     if ($securitycode == '' || strtolower($securitycode) != strtolower($_SESSION['code'])) {
         catcherror($lnc[165]);
     }
 }
 $sitename = safe_convert(trimplus($sitename));
 $siteurl = safe_convert(trimplus($siteurl));
 $sitelogo = safe_convert(trimplus($sitelogo));
 $siteintro = safe_convert(trimplus($siteintro));
 if (!$sitename || !$siteurl) {
     catcherror($lnc[179]);
 }
 $siteurl = urlconvert($siteurl);
 $sitelogo = urlconvert($sitelogo);
 $siteid = time() . rand(0, 10);
 if (preg_search($sitename, $forbidden['banword']) || preg_search($siteintro, $forbidden['banword']) || preg_search($siteurl, $forbidden['banword']) || preg_search($sitename, $forbidden['suspect']) || preg_search($siteintro, $forbidden['suspect']) || preg_search($siteurl, $forbidden['suspect'])) {
     catcherror($lnc[214]);
 }
 $addline = "<?PHP exit();?><|>{$siteid}<|>{$sitename}<|>{$siteurl}<|>{$sitelogo}<|>{$siteintro}<|>\n";
 $filename = "data/cache_applylinks.php";
 $oldcontent = @readfromfile($filename);
 $content = $addline . $oldcontent;
 if (!writetofile($filename, $content)) {
     catcherror($lnc[7] . $filename);
Example #2
0
acceptrequest('job,selid');
if ($selid) {
    $repid = $selid;
} else {
    $repid = $itemid;
}
if (empty($job)) {
    $job = 'default';
}
if ($job == 'addadminreply' || $job == 'editadminreply') {
    if ($permission['ReplyReply'] != 1) {
        $cancel = $lna[345];
    }
    catcherror($cancel);
    acceptrequest('adminreplycontent');
    $adminreplycontent = trimplus($adminreplycontent);
    if ($adminreplycontent == '') {
        catcherror($lna[346]);
    }
    $adminreplycontent = safe_convert($adminreplycontent);
    $currenttime = time();
    if ($logstat == 0) {
        $userdetail['username'] = $lna[901];
    }
    if ($job == 'editadminreply') {
        $queryplus = "`adminrepeditorid`='{$userdetail['userid']}', `adminrepeditor`='{$userdetail['username']}', `adminrepedittime`='{$currenttime}'";
    } else {
        $queryplus = "`adminreplier`='{$userdetail['username']}', `adminrepid`='{$userdetail['userid']}',`adminreptime`='{$currenttime}'";
    }
    $blog->query("UPDATE `{$db_prefix}replies` SET `adminrepcontent`='{$adminreplycontent}' , {$queryplus} WHERE `repid`='{$repid}'");
    if ($ajax != 'on') {
Example #3
0
            if ($p['newpsw'] != $p['confirmpsw']) {
                catcherror($lna[496]);
            }
            $password = "******" . md5($p['newpsw']) . "', ";
        } else {
            $password = "";
        }
    }
    $email = strtolower(trimplus(safe_convert($p['email'])));
    $homepage = trimplus(safe_convert($p['homepage']));
    $gender = floor($p['gender']);
    $qq = floor($p['qq']);
    $msn = trimplus(safe_convert($p['msn']));
    $skype = trimplus(safe_convert($p['skype']));
    $from = trimplus(safe_convert($p['from']));
    $intro = trimplus(safe_convert($p['intro']));
    $musergroup = floor($p['usergroup']);
    if ($job == 'savenewuser') {
        $currentuserid = $maxrecord['maxuserid'] + 1;
        $imajikan = time();
        $blog->query("INSERT INTO `{$db_prefix}user` VALUES ('{$currentuserid}', '{$username}', '{$password}', '{$imajikan}', '{$musergroup}', '{$email}', '{$homepage}', '{$qq}', '{$msn}', '{$intro}', '{$gender}', '{$skype}', '{$from}', '0', '{$userdetail['ip']}', '')");
        $blog->query("UPDATE `{$db_prefix}maxrec` SET `maxuserid`=`maxuserid`+1");
        $blog->query("UPDATE `{$db_prefix}counter` SET `users`=`users`+1");
    } else {
        $blog->query("UPDATE `{$db_prefix}user` SET {$password} `usergroup`='{$musergroup}', `email`='{$email}', homepage='{$homepage}',  qq='{$qq}', msn='{$msn}', intro='{$intro}', gender='{$gender}', skype='{$skype}', `fromplace`='{$from}' WHERE `userid`='{$p['userid']}'");
        recache_adminlist();
    }
    catchsuccess($finishok2, array($backtouseradmin, $backtoaddnew));
}
if ($job == 'deluser') {
    if ($itemid === '') {
Example #4
0
 $lastpost = $_COOKIE['lastpost'];
 if ($nowtime['timestamp'] - $lastpost < $permission['MinPostInterval']) {
     catcherror($lnc[210]);
 }
 $findintable = $job == 'openidaddreply' ? 'replies' : 'messages';
 $findreplies = $blog->getbyquery("SELECT * FROM `{$db_prefix}{$findintable}` WHERE `repip`='{$userdetail['ip']}' ORDER BY `reptime` DESC LIMIT 1");
 if ($findreplies['repip'] == $userdetail['ip']) {
     if ($nowtime['timestamp'] - $findreplies['reptime'] < $permission['MinPostInterval']) {
         catcherror($lnc[210]);
     }
 }
 acceptrequest('openid_url,stat_html,stat_ubb,stat_emot,stat_property,v_content,v_id,v_security,onetimecounter');
 if (!$openid_url) {
     catcherror($lnc[212]);
 }
 $v_id = intval(trimplus($v_id));
 if ($job == 'openidaddreply') {
     checkpermission('Reply');
     if ($permission['SeeHiddenEntry'] != 1) {
         $limitmore = "AND `property`<>2";
     }
     $originblog = $blog->getbyquery("SELECT * FROM `{$db_prefix}blogs` WHERE `blogid`='{$v_id}' AND `property`<>1  AND `property`<>3 {$limitmore}");
     if ($originblog['blogid'] != $v_id) {
         $cancel = $lnc[211];
     } else {
         $allowedgp = @explode('|', $originblog['permitgp']);
         if ($originblog['permitgp'] != '' && !@in_array($userdetail['usergroup'], $allowedgp)) {
             $cancel = $lnc[211];
         }
     }
 } else {
Example #5
0
             $replierid = $userchecker['userid'];
             @setcookie('userid', $userchecker['userid']);
             @setcookie('userpsw', $v_password);
         } else {
             if ($userchecker['username']) {
                 $cancel = $lnc[308];
             }
             if (@in_iarray($v_replier, $adminlist)) {
                 $cancel = $lnc[212];
             }
             $replier = $v_replier;
             $replierid = -1;
         }
     }
 }
 $v_content = safe_convert(trimplus($v_content), $html);
 if ($v_content == '') {
     $cancel = $lnc[214];
 }
 if (strlen($v_content) > $permission['MaxPostLength']) {
     $cancel = $lnc[214];
 }
 if (preg_search($v_content, $forbidden['banword'])) {
     $cancel = $lnc[214];
 }
 catcherror($cancel);
 if ($mbcon['censorall'] == '1') {
     $suspectspam = 1;
 } elseif ($mbcon['antispam'] == '1' && $permission['NoSpam'] != 1) {
     //If the post contains more than X links, it may be a spam
     if (substr_count($v_content, 'http://') >= $mbcon['susurlnum']) {