Exemple #1
0
                if (!($res2 = @mysql_query($query))) {
                    trigger_error(mysql_error(), E_USER_ERROR);
                }
                $query = $insert;
            }
            $query .= "('" . mysql_result($res, $i, 0) . "','" . $input['subject'] . "','" . $input['message_body'] . "'),";
        }
        if ($query != $insert) {
            $query = substr($query, 0, -1);
            if (!($res2 = @mysql_query($query))) {
                trigger_error(mysql_error(), E_USER_ERROR);
            }
        }
        $topass['message']['type'] = MESSAGE_INFO;
        $topass['message']['text'] = sprintf('Email queued for delivery to %s members', count($input['uids']));
    } else {
        $nextpage = _BASEURL_ . '/admin/email_send.php';
        // 		you must re-read all textareas from $_POST like this:
        //		$input['x']=addslashes_mq($_POST['x']);
        $input['message_body'] = addslashes_mq($_POST['message_body']);
        $input = sanitize_and_format($input, TYPE_STRING, FORMAT_HTML2TEXT_FULL | FORMAT_STRIPSLASH);
        $topass['input'] = $input;
    }
}
if (empty($nextpage)) {
    $nextpage = _BASEURL_ . '/admin/member_search.php';
    if (isset($input['return'])) {
        $nextpage = _BASEURL_ . '/admin/' . $input['return'];
    }
}
redirect2page($nextpage, $topass, $qs, true);
Exemple #2
0
            }
            if (!($res = @mysql_query($query))) {
                trigger_error(mysql_error(), E_USER_ERROR);
            }
            $input['comment_id'] = mysql_insert_id();
            if (isset($_on_after_insert)) {
                for ($i = 0; isset($_on_after_insert[$i]); ++$i) {
                    call_user_func($_on_after_insert[$i]);
                }
            }
            if (isset($_on_after_approve)) {
                $GLOBALS['comment_ids'] = array($input['comment_id']);
                $GLOBALS['comment_type'] = $input['comment_type'];
                for ($i = 0; isset($_on_after_approve[$i]); ++$i) {
                    call_user_func($_on_after_approve[$i]);
                }
            }
            $topass['message']['type'] = MESSAGE_INFO;
            $topass['message']['text'] = 'Comment added.';
        }
    } else {
        $nextpage = 'comment_addedit.php';
        // 		you must re-read all textareas from $_POST like this:
        //		$input['x']=addslashes_mq($_POST['x']);
        $input['comment'] = addslashes_mq($_POST['comment']);
        $input = sanitize_and_format($input, TYPE_STRING, FORMAT_HTML2TEXT_FULL | FORMAT_STRIPSLASH);
        $topass['input'] = $input;
    }
}
$nextpage = _BASEURL_ . '/admin/' . $nextpage;
redirect2page($nextpage, $topass, '', true);
Exemple #3
0
function upload_file($destdir, $actual_field_name, $desired_filename = '', $required = false)
{
    $error = false;
    $filename = '';
    $message = '';
    if (isset($_FILES[$actual_field_name]['tmp_name']) && is_uploaded_file($_FILES[$actual_field_name]['tmp_name'])) {
        $filename = addslashes_mq($_FILES[$actual_field_name]['name']);
        $ext = strtolower(substr(strrchr($_FILES[$actual_field_name]['name'], "."), 1));
        global $accepted_images;
        if (empty($accepted_images)) {
            $accepted_images = array('jpg', 'jpeg', 'png');
        }
        if (!in_array($ext, $accepted_images)) {
            $error = true;
            $GLOBALS['topass']['message']['type'] = MESSAGE_ERROR;
            $GLOBALS['topass']['message']['text'] = 'Invalid file uploaded';
        } elseif ($_FILES[$actual_field_name]['size'] == 0) {
            $error = true;
            $GLOBALS['topass']['message']['type'] = MESSAGE_ERROR;
            $GLOBALS['topass']['message']['text'] = 'File upload error';
        } else {
            if (!empty($desired_filename)) {
                $filename = $desired_filename . '.' . $ext;
            }
            if (move_uploaded_file($_FILES[$actual_field_name]['tmp_name'], $destdir . '/' . $filename)) {
                @chmod($destdir . '/' . $filename, 0644);
            } else {
                $error = true;
                $GLOBALS['topass']['message']['type'] = MESSAGE_ERROR;
                $GLOBALS['topass']['message']['text'] = 'Cannot move file to the destination directory.';
            }
        }
    } elseif ($required) {
        $error = true;
        $GLOBALS['topass']['message']['type'] = MESSAGE_ERROR;
        $GLOBALS['topass']['message']['text'] = 'File is required';
    }
    if ($error) {
        $myreturn = false;
    } else {
        $myreturn = $filename;
    }
    return $myreturn;
}
Exemple #4
0
                    for ($i = 0; isset($_on_after_approve[$i]); ++$i) {
                        call_user_func($_on_after_approve[$i]);
                    }
                }
                $topass['message']['text'] = $GLOBALS['_lang'][20];
            } else {
                $topass['message']['text'] = $GLOBALS['_lang'][21];
            }
        }
        if (!isset($input['return']) || empty($input['return'])) {
            $qs .= $qs_sep . 'bid=' . $input['fk_blog_id'];
            $qs_sep = '&';
            $nextpage .= '?' . $qs;
        }
    } else {
        $nextpage = 'blog_posts_addedit.php';
        // 		you must re-read all textareas from $_POST like this:
        //		$input['x']=addslashes_mq($_POST['x']);
        $input['post_content'] = addslashes_mq($_POST['post_content']);
        $input['return'] = rawurlencode($input['return']);
        $input = sanitize_and_format($input, TYPE_STRING, FORMAT_HTML2TEXT_FULL | FORMAT_STRIPSLASH);
        $topass['input'] = $input;
        if (isset($_on_error)) {
            for ($i = 0; isset($_on_error[$i]); ++$i) {
                call_user_func($_on_error[$i]);
            }
        }
    }
}
$nextpage = _BASEURL_ . '/' . $nextpage;
redirect2page($nextpage, $topass, '', true);
Exemple #5
0
 function addslashes_mq($value)
 {
     if (is_array($value)) {
         $myreturn = array();
         while (list($k, $v) = each($value)) {
             $myreturn[addslashes_mq($k)] = addslashes_mq($v);
         }
     } else {
         if (get_magic_quotes_gpc() == 0) {
             $myreturn = addslashes($value);
         } else {
             $myreturn = $value;
         }
     }
     return $myreturn;
 }
Exemple #6
0
        if (!($res = @mysql_query($query))) {
            trigger_error(mysql_error(), E_USER_ERROR);
        }
        while ($rsrow = mysql_fetch_assoc($res)) {
            $properties = array();
            $properties['description'] = $rsrow['news_body'];
            $properties['link'] = '';
            $properties['title'] = $rsrow['news_title'];
            $properties['dc:date'] = $rsrow['date_posted'];
            $rss_writer_object->additem($properties);
        }
        if ($rss_writer_object->writerss($towrite)) {
            require_once _BASEPATH_ . '/includes/classes/fileop.class.php';
            $fileop = new fileop();
            $fileop->file_put_contents(_BASEPATH_ . '/rss/site_news.xml', $towrite);
        } else {
            $error = true;
            $topass['message']['type'] = MESSAGE_ERROR;
            $topass['message']['text'] = $rss_writer_object->error;
        }
    } else {
        $nextpage = 'admin/site_news_addedit.php';
        // 		you must re-read all textareas from $_POST like this:
        //		$input['x']=addslashes_mq($_POST['x']);
        $input['news_body'] = addslashes_mq($_POST['news_body']);
        $input = sanitize_and_format($input, TYPE_STRING, FORMAT_HTML2TEXT_FULL | FORMAT_STRIPSLASH);
        $topass['input'] = $input;
    }
}
$nextpage = _BASEURL_ . '/' . $nextpage;
redirect2page($nextpage, $topass, '', true);
Exemple #7
0
ini_set('include_path', '.');
ini_set('session.use_cookies', 1);
ini_set('session.use_trans_sid', 0);
ini_set('date.timezone', 'GMT');
// temporary fix for the php 5.1+ TZ compatibility
ini_set('error_reporting', 2047);
ini_set('display_errors', 0);
define('_LICENSE_KEY_', '');
require_once dirname(__FILE__) . '/../../includes/sessions.inc.php';
require_once dirname(__FILE__) . '/../../includes/sco_functions.inc.php';
$output = '';
if (!empty($_POST['dbhost']) && !empty($_POST['dbuser']) && !empty($_POST['dbpass']) && !empty($_POST['dbname'])) {
    $dbhost = addslashes_mq($_POST['dbhost']);
    $dbuser = addslashes_mq($_POST['dbuser']);
    $dbpass = addslashes_mq($_POST['dbpass']);
    $dbname = addslashes_mq($_POST['dbname']);
    if (function_exists('mysql_connect')) {
        $link = @mysql_connect($dbhost, $dbuser, $dbpass);
        if ($link) {
            if (@mysql_select_db($dbname, $link)) {
                $output = 'Connection successfull';
            } else {
                $output = 'Database Host, user and password are ok but the database name is wrong.';
            }
            mysql_close($link);
        } else {
            $output = 'Database Host or user or password are wrong.';
        }
    } else {
        $output = 'Server configuration does not allow db connections.';
    }
Exemple #8
0
            if (!($res = @mysql_query($query))) {
                trigger_error(mysql_error(), E_USER_ERROR);
            }
            if (!empty($input['send_email'])) {
                $query = "SELECT b.`email` FROM `{$dbtable_prefix}blog_posts` a,`" . USER_ACCOUNTS_TABLE . "` b WHERE a.`fk_user_id`=b.`" . USER_ACCOUNT_ID . "` AND a.`post_id`=" . $input['id'];
                if (!($res = @mysql_query($query))) {
                    trigger_error(mysql_error(), E_USER_ERROR);
                }
                if (mysql_num_rows($res)) {
                    $ok = queue_or_send_email(array(mysql_result($res, 0, 0)), array('subject' => $_POST['reason_title'], 'message_body' => $_POST['reject_reason']));
                }
            }
            if ($ok) {
                $topass['message']['type'] = MESSAGE_INFO;
                $topass['message']['text'] = 'Ok.';
            }
            if (empty($nextpage)) {
                $nextpage = 'blog_search.php';
            }
            break;
    }
} else {
    $nextpage = 'reject.php';
    // 		you must re-read all textareas from $_POST like this:
    //		$input['x']=addslashes_mq($_POST['x']);
    $input['reject_reason'] = addslashes_mq($_POST['reject_reason']);
    $input = sanitize_and_format($input, TYPE_STRING, FORMAT_HTML2TEXT_FULL | FORMAT_STRIPSLASH);
    $topass['input'] = $input;
}
$nextpage = _BASEURL_ . '/admin/' . $nextpage;
redirect2page($nextpage, $topass, '', true);
Exemple #9
0
ini_set('include_path', '.');
ini_set('session.use_cookies', 1);
ini_set('session.use_trans_sid', 0);
ini_set('date.timezone', 'GMT');
// temporary fix for the php 5.1+ TZ compatibility
ini_set('error_reporting', 2047);
ini_set('display_errors', 0);
define('_LICENSE_KEY_', '');
require_once dirname(__FILE__) . '/../../includes/sessions.inc.php';
require_once dirname(__FILE__) . '/../../includes/sco_functions.inc.php';
$output = '';
if (!empty($_POST['ftphost']) && !empty($_POST['ftpuser']) && !empty($_POST['ftppass']) && !empty($_POST['ftppath'])) {
    $host = addslashes_mq($_POST['ftphost']);
    $user = addslashes_mq($_POST['ftpuser']);
    $pass = addslashes_mq($_POST['ftppass']);
    $path = addslashes_mq($_POST['ftppath']);
    if (function_exists('ftp_connect')) {
        $link = @ftp_connect($host, 21, 10);
        if ($link) {
            if (@ftp_login($link, $user, $pass)) {
                if (@ftp_chdir($link, $path . 'media/pics/t1/0')) {
                    // a pretty unique path
                    $output = 'Connection successfull. The FTP Path is ok.';
                } else {
                    $output = 'The connection was successfull but the FTP Path is wrong.';
                }
            } else {
                $output = 'FTP Host is ok but either the user or the password are wrong.';
            }
            ftp_close($link);
        } else {
Exemple #10
0
            if (!($res = @mysql_query($query))) {
                trigger_error(mysql_error(), E_USER_ERROR);
            }
            $topass['message']['type'] = MESSAGE_INFO;
            $topass['message']['text'] = 'Flirt changed.';
        } else {
            unset($input['flirt_id']);
            $query = "INSERT INTO `{$dbtable_prefix}flirts` SET ";
            foreach ($flirts_default['defaults'] as $k => $v) {
                if (isset($input[$k])) {
                    $query .= "`{$k}`='" . $input[$k] . "',";
                }
            }
            $query = substr($query, 0, -1);
            if (!($res = @mysql_query($query))) {
                trigger_error(mysql_error(), E_USER_ERROR);
            }
            $topass['message']['type'] = MESSAGE_INFO;
            $topass['message']['text'] = 'Flirt added.';
        }
    } else {
        $nextpage = 'flirts_addedit.php';
        // 		you must re-read all textareas from $_POST like this:
        //		$input['x']=addslashes_mq($_POST['x']);
        $input['flirt_text'] = addslashes_mq($_POST['flirt_text']);
        $input = sanitize_and_format($input, TYPE_STRING, FORMAT_HTML2TEXT_FULL | FORMAT_STRIPSLASH);
        $topass['input'] = $input;
    }
}
$nextpage = _BASEURL_ . '/admin/' . $nextpage;
redirect2page($nextpage, $topass, '', true);
Exemple #11
0
        if (!mysql_affected_rows()) {
            $query = "INSERT IGNORE INTO `{$dbtable_prefix}user_profiles` SET `fk_user_id`='" . $input['fk_user_id'] . "',`last_changed`='" . gmdate('YmdHis') . "',`status`=" . STAT_APPROVED;
            foreach ($_pfields as $field_id => $field) {
                $query .= ',' . $field->query_set();
            }
        }
        for ($i = 0; isset($on_changes[$i]); ++$i) {
            if (function_exists($on_changes[$i]['fn'])) {
                call_user_func($on_changes[$i]['fn'], $input['fk_user_id'], $on_changes[$i]['param2'], $on_changes[$i]['param3']);
            }
        }
        $topass['message']['type'] = MESSAGE_INFO;
        $topass['message']['text'] = 'Member profile has been changed.';
    } else {
        $nextpage = _BASEURL_ . '/admin/profile_edit.php';
        // 		you must re-read all textareas from $_POST like this:
        //		$input['x']=addslashes_mq($_POST['x']);
        for ($i = 0; isset($texts[$i]); ++$i) {
            $input[$texts[$i]] = addslashes_mq($_POST[$texts[$i]]);
        }
        $input = sanitize_and_format($input, TYPE_STRING, FORMAT_HTML2TEXT_FULL | FORMAT_STRIPSLASH);
        $topass['input'] = $input;
    }
}
if (empty($nextpage)) {
    $nextpage = _BASEURL_ . '/admin/member_search.php';
    if (!empty($input['return'])) {
        $nextpage = _BASEURL_ . '/admin/' . $input['return'];
    }
}
redirect2page($nextpage, $topass, $qs, true);
Exemple #12
0
                $topass['message']['text'] = $GLOBALS['_lang'][29];
            }
            if (isset($_on_after_insert)) {
                for ($i = 0; isset($_on_after_insert[$i]); ++$i) {
                    call_user_func($_on_after_insert[$i]);
                }
            }
        }
        if (empty($config['manual_com_approval'])) {
            if (isset($_on_after_approve)) {
                $GLOBALS['comment_ids'] = array($input['comment_id']);
                $GLOBALS['comment_type'] = $input['comment_type'];
                for ($i = 0; isset($_on_after_approve[$i]); ++$i) {
                    call_user_func($_on_after_approve[$i]);
                }
            }
        }
    } else {
        $input['comment'] = isset($_POST['comment']) ? addslashes_mq($_POST['comment']) : '';
        $input['return'] = rawurlencode($input['return']);
        $input = sanitize_and_format($input, TYPE_STRING, FORMAT_HTML2TEXT_FULL | FORMAT_STRIPSLASH);
        $topass['input'] = $input;
        if (isset($_on_error)) {
            for ($i = 0; isset($_on_error[$i]); ++$i) {
                call_user_func($_on_error[$i]);
            }
        }
    }
}
$nextpage = _BASEURL_ . '/' . $nextpage;
redirect2page($nextpage, $topass, '', true);