if (!($res2 = @mysql_query($query))) {
trigger_error(mysql_error(), E_USER_ERROR);
}
$query = $insert;
}
$query .= "('" . mysql_result($res, $i, 0) . "','" . $input['subject'] . "','" . $input['message_body'] . "'),";
}
if ($query != $insert) {
$query = substr($query, 0, -1);
if (!($res2 = @mysql_query($query))) {
trigger_error(mysql_error(), E_USER_ERROR);
}
}
$topass['message']['type'] = MESSAGE_INFO;
$topass['message']['text'] = sprintf('Email queued for delivery to %s members', count($input['uids']));
} else {
$nextpage = _BASEURL_ . '/admin/email_send.php';
// you must re-read all textareas from $_POST like this:
// $input['x']=addslashes_mq($_POST['x']);
$input['message_body'] = addslashes_mq($_POST['message_body']);
$input = sanitize_and_format($input, TYPE_STRING, FORMAT_HTML2TEXT_FULL | FORMAT_STRIPSLASH);
$topass['input'] = $input;
}
}
if (empty($nextpage)) {
$nextpage = _BASEURL_ . '/admin/member_search.php';
if (isset($input['return'])) {
$nextpage = _BASEURL_ . '/admin/' . $input['return'];
}
}
redirect2page($nextpage, $topass, $qs, true);
}
if (!($res = @mysql_query($query))) {
trigger_error(mysql_error(), E_USER_ERROR);
}
$input['comment_id'] = mysql_insert_id();
if (isset($_on_after_insert)) {
for ($i = 0; isset($_on_after_insert[$i]); ++$i) {
call_user_func($_on_after_insert[$i]);
}
}
if (isset($_on_after_approve)) {
$GLOBALS['comment_ids'] = array($input['comment_id']);
$GLOBALS['comment_type'] = $input['comment_type'];
for ($i = 0; isset($_on_after_approve[$i]); ++$i) {
call_user_func($_on_after_approve[$i]);
}
}
$topass['message']['type'] = MESSAGE_INFO;
$topass['message']['text'] = 'Comment added.';
}
} else {
$nextpage = 'comment_addedit.php';
// you must re-read all textareas from $_POST like this:
// $input['x']=addslashes_mq($_POST['x']);
$input['comment'] = addslashes_mq($_POST['comment']);
$input = sanitize_and_format($input, TYPE_STRING, FORMAT_HTML2TEXT_FULL | FORMAT_STRIPSLASH);
$topass['input'] = $input;
}
}
$nextpage = _BASEURL_ . '/admin/' . $nextpage;
redirect2page($nextpage, $topass, '', true);
function upload_file($destdir, $actual_field_name, $desired_filename = '', $required = false)
{
$error = false;
$filename = '';
$message = '';
if (isset($_FILES[$actual_field_name]['tmp_name']) && is_uploaded_file($_FILES[$actual_field_name]['tmp_name'])) {
$filename = addslashes_mq($_FILES[$actual_field_name]['name']);
$ext = strtolower(substr(strrchr($_FILES[$actual_field_name]['name'], "."), 1));
global $accepted_images;
if (empty($accepted_images)) {
$accepted_images = array('jpg', 'jpeg', 'png');
}
if (!in_array($ext, $accepted_images)) {
$error = true;
$GLOBALS['topass']['message']['type'] = MESSAGE_ERROR;
$GLOBALS['topass']['message']['text'] = 'Invalid file uploaded';
} elseif ($_FILES[$actual_field_name]['size'] == 0) {
$error = true;
$GLOBALS['topass']['message']['type'] = MESSAGE_ERROR;
$GLOBALS['topass']['message']['text'] = 'File upload error';
} else {
if (!empty($desired_filename)) {
$filename = $desired_filename . '.' . $ext;
}
if (move_uploaded_file($_FILES[$actual_field_name]['tmp_name'], $destdir . '/' . $filename)) {
@chmod($destdir . '/' . $filename, 0644);
} else {
$error = true;
$GLOBALS['topass']['message']['type'] = MESSAGE_ERROR;
$GLOBALS['topass']['message']['text'] = 'Cannot move file to the destination directory.';
}
}
} elseif ($required) {
$error = true;
$GLOBALS['topass']['message']['type'] = MESSAGE_ERROR;
$GLOBALS['topass']['message']['text'] = 'File is required';
}
if ($error) {
$myreturn = false;
} else {
$myreturn = $filename;
}
return $myreturn;
}
for ($i = 0; isset($_on_after_approve[$i]); ++$i) {
call_user_func($_on_after_approve[$i]);
}
}
$topass['message']['text'] = $GLOBALS['_lang'][20];
} else {
$topass['message']['text'] = $GLOBALS['_lang'][21];
}
}
if (!isset($input['return']) || empty($input['return'])) {
$qs .= $qs_sep . 'bid=' . $input['fk_blog_id'];
$qs_sep = '&';
$nextpage .= '?' . $qs;
}
} else {
$nextpage = 'blog_posts_addedit.php';
// you must re-read all textareas from $_POST like this:
// $input['x']=addslashes_mq($_POST['x']);
$input['post_content'] = addslashes_mq($_POST['post_content']);
$input['return'] = rawurlencode($input['return']);
$input = sanitize_and_format($input, TYPE_STRING, FORMAT_HTML2TEXT_FULL | FORMAT_STRIPSLASH);
$topass['input'] = $input;
if (isset($_on_error)) {
for ($i = 0; isset($_on_error[$i]); ++$i) {
call_user_func($_on_error[$i]);
}
}
}
}
$nextpage = _BASEURL_ . '/' . $nextpage;
redirect2page($nextpage, $topass, '', true);
function addslashes_mq($value)
{
if (is_array($value)) {
$myreturn = array();
while (list($k, $v) = each($value)) {
$myreturn[addslashes_mq($k)] = addslashes_mq($v);
}
} else {
if (get_magic_quotes_gpc() == 0) {
$myreturn = addslashes($value);
} else {
$myreturn = $value;
}
}
return $myreturn;
}
if (!($res = @mysql_query($query))) {
trigger_error(mysql_error(), E_USER_ERROR);
}
while ($rsrow = mysql_fetch_assoc($res)) {
$properties = array();
$properties['description'] = $rsrow['news_body'];
$properties['link'] = '';
$properties['title'] = $rsrow['news_title'];
$properties['dc:date'] = $rsrow['date_posted'];
$rss_writer_object->additem($properties);
}
if ($rss_writer_object->writerss($towrite)) {
require_once _BASEPATH_ . '/includes/classes/fileop.class.php';
$fileop = new fileop();
$fileop->file_put_contents(_BASEPATH_ . '/rss/site_news.xml', $towrite);
} else {
$error = true;
$topass['message']['type'] = MESSAGE_ERROR;
$topass['message']['text'] = $rss_writer_object->error;
}
} else {
$nextpage = 'admin/site_news_addedit.php';
// you must re-read all textareas from $_POST like this:
// $input['x']=addslashes_mq($_POST['x']);
$input['news_body'] = addslashes_mq($_POST['news_body']);
$input = sanitize_and_format($input, TYPE_STRING, FORMAT_HTML2TEXT_FULL | FORMAT_STRIPSLASH);
$topass['input'] = $input;
}
}
$nextpage = _BASEURL_ . '/' . $nextpage;
redirect2page($nextpage, $topass, '', true);
ini_set('include_path', '.');
ini_set('session.use_cookies', 1);
ini_set('session.use_trans_sid', 0);
ini_set('date.timezone', 'GMT');
// temporary fix for the php 5.1+ TZ compatibility
ini_set('error_reporting', 2047);
ini_set('display_errors', 0);
define('_LICENSE_KEY_', '');
require_once dirname(__FILE__) . '/../../includes/sessions.inc.php';
require_once dirname(__FILE__) . '/../../includes/sco_functions.inc.php';
$output = '';
if (!empty($_POST['dbhost']) && !empty($_POST['dbuser']) && !empty($_POST['dbpass']) && !empty($_POST['dbname'])) {
$dbhost = addslashes_mq($_POST['dbhost']);
$dbuser = addslashes_mq($_POST['dbuser']);
$dbpass = addslashes_mq($_POST['dbpass']);
$dbname = addslashes_mq($_POST['dbname']);
if (function_exists('mysql_connect')) {
$link = @mysql_connect($dbhost, $dbuser, $dbpass);
if ($link) {
if (@mysql_select_db($dbname, $link)) {
$output = 'Connection successfull';
} else {
$output = 'Database Host, user and password are ok but the database name is wrong.';
}
mysql_close($link);
} else {
$output = 'Database Host or user or password are wrong.';
}
} else {
$output = 'Server configuration does not allow db connections.';
}
if (!($res = @mysql_query($query))) {
trigger_error(mysql_error(), E_USER_ERROR);
}
if (!empty($input['send_email'])) {
$query = "SELECT b.`email` FROM `{$dbtable_prefix}blog_posts` a,`" . USER_ACCOUNTS_TABLE . "` b WHERE a.`fk_user_id`=b.`" . USER_ACCOUNT_ID . "` AND a.`post_id`=" . $input['id'];
if (!($res = @mysql_query($query))) {
trigger_error(mysql_error(), E_USER_ERROR);
}
if (mysql_num_rows($res)) {
$ok = queue_or_send_email(array(mysql_result($res, 0, 0)), array('subject' => $_POST['reason_title'], 'message_body' => $_POST['reject_reason']));
}
}
if ($ok) {
$topass['message']['type'] = MESSAGE_INFO;
$topass['message']['text'] = 'Ok.';
}
if (empty($nextpage)) {
$nextpage = 'blog_search.php';
}
break;
}
} else {
$nextpage = 'reject.php';
// you must re-read all textareas from $_POST like this:
// $input['x']=addslashes_mq($_POST['x']);
$input['reject_reason'] = addslashes_mq($_POST['reject_reason']);
$input = sanitize_and_format($input, TYPE_STRING, FORMAT_HTML2TEXT_FULL | FORMAT_STRIPSLASH);
$topass['input'] = $input;
}
$nextpage = _BASEURL_ . '/admin/' . $nextpage;
redirect2page($nextpage, $topass, '', true);
ini_set('include_path', '.');
ini_set('session.use_cookies', 1);
ini_set('session.use_trans_sid', 0);
ini_set('date.timezone', 'GMT');
// temporary fix for the php 5.1+ TZ compatibility
ini_set('error_reporting', 2047);
ini_set('display_errors', 0);
define('_LICENSE_KEY_', '');
require_once dirname(__FILE__) . '/../../includes/sessions.inc.php';
require_once dirname(__FILE__) . '/../../includes/sco_functions.inc.php';
$output = '';
if (!empty($_POST['ftphost']) && !empty($_POST['ftpuser']) && !empty($_POST['ftppass']) && !empty($_POST['ftppath'])) {
$host = addslashes_mq($_POST['ftphost']);
$user = addslashes_mq($_POST['ftpuser']);
$pass = addslashes_mq($_POST['ftppass']);
$path = addslashes_mq($_POST['ftppath']);
if (function_exists('ftp_connect')) {
$link = @ftp_connect($host, 21, 10);
if ($link) {
if (@ftp_login($link, $user, $pass)) {
if (@ftp_chdir($link, $path . 'media/pics/t1/0')) {
// a pretty unique path
$output = 'Connection successfull. The FTP Path is ok.';
} else {
$output = 'The connection was successfull but the FTP Path is wrong.';
}
} else {
$output = 'FTP Host is ok but either the user or the password are wrong.';
}
ftp_close($link);
} else {
if (!($res = @mysql_query($query))) {
trigger_error(mysql_error(), E_USER_ERROR);
}
$topass['message']['type'] = MESSAGE_INFO;
$topass['message']['text'] = 'Flirt changed.';
} else {
unset($input['flirt_id']);
$query = "INSERT INTO `{$dbtable_prefix}flirts` SET ";
foreach ($flirts_default['defaults'] as $k => $v) {
if (isset($input[$k])) {
$query .= "`{$k}`='" . $input[$k] . "',";
}
}
$query = substr($query, 0, -1);
if (!($res = @mysql_query($query))) {
trigger_error(mysql_error(), E_USER_ERROR);
}
$topass['message']['type'] = MESSAGE_INFO;
$topass['message']['text'] = 'Flirt added.';
}
} else {
$nextpage = 'flirts_addedit.php';
// you must re-read all textareas from $_POST like this:
// $input['x']=addslashes_mq($_POST['x']);
$input['flirt_text'] = addslashes_mq($_POST['flirt_text']);
$input = sanitize_and_format($input, TYPE_STRING, FORMAT_HTML2TEXT_FULL | FORMAT_STRIPSLASH);
$topass['input'] = $input;
}
}
$nextpage = _BASEURL_ . '/admin/' . $nextpage;
redirect2page($nextpage, $topass, '', true);
if (!mysql_affected_rows()) {
$query = "INSERT IGNORE INTO `{$dbtable_prefix}user_profiles` SET `fk_user_id`='" . $input['fk_user_id'] . "',`last_changed`='" . gmdate('YmdHis') . "',`status`=" . STAT_APPROVED;
foreach ($_pfields as $field_id => $field) {
$query .= ',' . $field->query_set();
}
}
for ($i = 0; isset($on_changes[$i]); ++$i) {
if (function_exists($on_changes[$i]['fn'])) {
call_user_func($on_changes[$i]['fn'], $input['fk_user_id'], $on_changes[$i]['param2'], $on_changes[$i]['param3']);
}
}
$topass['message']['type'] = MESSAGE_INFO;
$topass['message']['text'] = 'Member profile has been changed.';
} else {
$nextpage = _BASEURL_ . '/admin/profile_edit.php';
// you must re-read all textareas from $_POST like this:
// $input['x']=addslashes_mq($_POST['x']);
for ($i = 0; isset($texts[$i]); ++$i) {
$input[$texts[$i]] = addslashes_mq($_POST[$texts[$i]]);
}
$input = sanitize_and_format($input, TYPE_STRING, FORMAT_HTML2TEXT_FULL | FORMAT_STRIPSLASH);
$topass['input'] = $input;
}
}
if (empty($nextpage)) {
$nextpage = _BASEURL_ . '/admin/member_search.php';
if (!empty($input['return'])) {
$nextpage = _BASEURL_ . '/admin/' . $input['return'];
}
}
redirect2page($nextpage, $topass, $qs, true);
$topass['message']['text'] = $GLOBALS['_lang'][29];
}
if (isset($_on_after_insert)) {
for ($i = 0; isset($_on_after_insert[$i]); ++$i) {
call_user_func($_on_after_insert[$i]);
}
}
}
if (empty($config['manual_com_approval'])) {
if (isset($_on_after_approve)) {
$GLOBALS['comment_ids'] = array($input['comment_id']);
$GLOBALS['comment_type'] = $input['comment_type'];
for ($i = 0; isset($_on_after_approve[$i]); ++$i) {
call_user_func($_on_after_approve[$i]);
}
}
}
} else {
$input['comment'] = isset($_POST['comment']) ? addslashes_mq($_POST['comment']) : '';
$input['return'] = rawurlencode($input['return']);
$input = sanitize_and_format($input, TYPE_STRING, FORMAT_HTML2TEXT_FULL | FORMAT_STRIPSLASH);
$topass['input'] = $input;
if (isset($_on_error)) {
for ($i = 0; isset($_on_error[$i]); ++$i) {
call_user_func($_on_error[$i]);
}
}
}
}
$nextpage = _BASEURL_ . '/' . $nextpage;
redirect2page($nextpage, $topass, '', true);