Exemple #1
0
 function __construct($skin = '')
 {
     if (empty($skin)) {
         $skin = get_my_skin();
     }
     $this->skin = $skin;
     $this->cache = new Cache_Lite($GLOBALS['_cache_config']);
 }
Exemple #2
0
 function __construct()
 {
     require_once _BASEPATH_ . '/skins_site/' . get_my_skin() . '/lang/photos.inc.php';
     $this->_init();
     if (func_num_args() == 1) {
         $more_args = func_get_arg(0);
         $this->config = array_merge($this->config, $more_args);
     }
 }
Exemple #3
0
 function __construct()
 {
     require_once _BASEPATH_ . '/skins_site/' . get_my_skin() . '/lang/plugins/widget/osignal_feed/osignal_feed.class.php';
     $this->_init();
     if (func_num_args() == 1) {
         $more_args = func_get_arg(0);
         $this->config = array_merge($this->config, $more_args);
     }
 }
Exemple #4
0
<?php

/******************************************************************************
Etano
===============================================================================
File:                       processors/ipn.php
$Revision$
Software by:                DateMill (http://www.datemill.com)
Copyright by:               DateMill (http://www.datemill.com)
Support at:                 http://www.datemill.com/forum
*******************************************************************************
* See the "docs/licenses/etano.txt" file for license.                         *
******************************************************************************/
require '../includes/common.inc.php';
require _BASEPATH_ . '/includes/user_functions.inc.php';
require _BASEPATH_ . '/skins_site/' . get_my_skin() . '/lang/payment.inc.php';
$module_code = preg_replace('[^a-zA-Z0-9_]', '', sanitize_and_format_gpc($_REQUEST, 'p', TYPE_STRING, $__field2format[FIELD_TEXTFIELD], ''));
if (!empty($module_code)) {
    if (is_file(_BASEPATH_ . '/plugins/payment/' . $module_code . '/' . $module_code . '.class.php')) {
        include _BASEPATH_ . '/plugins/payment/' . $module_code . '/' . $module_code . '.class.php';
        $class = 'payment_' . $module_code;
        $pay = new $class();
        $pay->ipn();
    } else {
        require _BASEPATH_ . '/includes/classes/log_error.class.php';
        new log_error(array('module_name' => 'ipn', 'text' => 'Received a payment IPN for unexisting module: $_REQUEST:' . var_export($_REQUEST, true)));
    }
} else {
    require _BASEPATH_ . '/includes/classes/log_error.class.php';
    new log_error(array('module_name' => 'ipn', 'text' => 'Received a payment IPN without module code: $_REQUEST:' . var_export($_REQUEST, true)));
}
Exemple #5
0
<?php

/******************************************************************************
Etano
===============================================================================
File:                       processors/comment_delete.php
$Revision$
Software by:                DateMill (http://www.datemill.com)
Copyright by:               DateMill (http://www.datemill.com)
Support at:                 http://www.datemill.com/forum
*******************************************************************************
* See the "docs/licenses/etano.txt" file for license.                         *
******************************************************************************/
require '../includes/common.inc.php';
require _BASEPATH_ . '/includes/user_functions.inc.php';
require _BASEPATH_ . '/skins_site/' . get_my_skin() . '/lang/comments.inc.php';
check_login_member('auth');
if (is_file(_BASEPATH_ . '/events/processors/comment_delete.php')) {
    include _BASEPATH_ . '/events/processors/comment_delete.php';
}
$topass = array();
$comment_id = isset($_GET['comment_id']) ? (int) $_GET['comment_id'] : 0;
if (!empty($comment_id)) {
    $comment_type = isset($_GET['comment_type']) ? $_GET['comment_type'] : '';
    switch ($comment_type) {
        case 'blog':
            $table = "{$dbtable_prefix}comments_blog";
            $parent_table = "{$dbtable_prefix}blog_posts";
            $parent_key = "post_id";
            break;
        case 'photo':
Exemple #6
0
<?php

/******************************************************************************
Etano
===============================================================================
File:                       processors/search_delete.php
$Revision$
Software by:                DateMill (http://www.datemill.com)
Copyright by:               DateMill (http://www.datemill.com)
Support at:                 http://www.datemill.com/forum
*******************************************************************************
* See the "docs/licenses/etano.txt" file for license.                         *
******************************************************************************/
require '../includes/common.inc.php';
require _BASEPATH_ . '/includes/user_functions.inc.php';
require _BASEPATH_ . '/skins_site/' . get_my_skin() . '/lang/my_searches.inc.php';
check_login_member('save_searches');
$topass = array();
$search_id = isset($_GET['sid']) ? (int) $_GET['sid'] : 0;
$query = "DELETE FROM `{$dbtable_prefix}user_searches` WHERE `search_id`={$search_id} AND `fk_user_id`='" . $_SESSION[_LICENSE_KEY_]['user']['user_id'] . "'";
if (!($res = @mysql_query($query))) {
    trigger_error(mysql_error(), E_USER_ERROR);
}
$topass['message']['type'] = MESSAGE_INFO;
$topass['message']['text'] = $GLOBALS['_lang'][101];
$nextpage = 'my_searches.php';
if (!empty($_GET['return'])) {
    $input['return'] = sanitize_and_format_gpc($_GET, 'return', TYPE_STRING, $__field2format[FIELD_TEXTFIELD], '');
    $nextpage = $input['return'];
}
$nextpage = _BASEURL_ . '/' . $nextpage;
Exemple #7
0
function save_thumbnail($image, $size, $save_path, $save_name, $config = array())
{
    $myreturn = false;
    $size = array($size, $size);
    if (empty($config['padding_type'])) {
        $config['padding_type'] = PAD_1SIDE;
    }
    if (empty($config['quality'])) {
        $config['quality'] = 90;
    }
    if ($imginfo = getimagesize($image)) {
        $orig_size = array($imginfo[0], $imginfo[1]);
        if ($orig_size[0] / $size[0] < $orig_size[1] / $size[1]) {
            $relevant_length = 1;
        } else {
            $relevant_length = 0;
        }
        if ($imginfo[2] == IMAGETYPE_GIF && function_exists('imagecreatefromgif')) {
            //gif
            $myimg = @imagecreatefromgif($image);
        } elseif ($imginfo[2] == IMAGETYPE_JPEG && function_exists('imagecreatefromjpeg')) {
            //jpg
            ob_start();
            $myimg = @imagecreatefromjpeg($image);
            ob_end_flush();
        } elseif ($imginfo[2] == IMAGETYPE_PNG && function_exists('imagecreatefrompng')) {
            //png
            $myimg = @imagecreatefrompng($image);
        }
        if (!empty($myimg)) {
            $new_size = array();
            $mynewimg = '';
            if ($orig_size[$relevant_length] > $size[$relevant_length]) {
                // scale down
                $new_size[$relevant_length] = $size[$relevant_length];
                $new_size[1 - $relevant_length] = (int) ($orig_size[1 - $relevant_length] * ($size[$relevant_length] / $orig_size[$relevant_length]));
                if ($config['padding_type'] == PAD_1SIDE || $config['padding_type'] == PAD_2SIDES) {
                    //					$size=$size;	// this is actually just PAD_1SIDE and the photo will be square
                } else {
                    $size = $new_size;
                    // no padding here, photo has original proportions
                }
            } else {
                // picture is smaller than the needed size
                $new_size = $orig_size;
                if ($config['padding_type'] == PAD_2SIDES) {
                    //pad in both directions. square and big
                    //					$size=array($size,$size);
                } elseif ($config['padding_type'] == PAD_1SIDE) {
                    // padding in one direction only. square but smaller
                    $size = $orig_size[$relevant_length];
                    $size = array($size, $size);
                } else {
                    // no padding. original proportions
                    $size = $orig_size;
                }
            }
            $mynewimg = @imagecreatetruecolor($size[0], $size[1]);
            imagefilledrectangle($mynewimg, 0, 0, $size[0], $size[1], 0xffffff);
            $x = (int) (($size[0] - $new_size[0]) / 2);
            $y = (int) (($size[1] - $new_size[1]) / 2);
            if (defined('BICUBIC_RESAMPLE')) {
                imagecopyresamplebicubic($mynewimg, $myimg, $x, $y, 0, 0, $new_size[0], $new_size[1], $orig_size[0], $orig_size[1]);
            } else {
                fastimagecopyresampled($mynewimg, $myimg, $x, $y, 0, 0, $new_size[0], $new_size[1], $orig_size[0], $orig_size[1]);
            }
            if (!empty($config['watermark_text']) && function_exists('imagettftext')) {
                $config['watermark_text_color'] = str_pad($config['watermark_text_color'], 6, '0', STR_PAD_RIGHT);
                $text_color = imagecolorallocate($mynewimg, hexdec(substr($config['watermark_text_color'], 0, 2)), hexdec(substr($config['watermark_text_color'], 2, 2)), hexdec(substr($config['watermark_text_color'], 4, 2)));
                $text_color2 = imagecolorallocate($mynewimg, 255 - hexdec(substr($config['watermark_text_color'], 0, 2)), 255 - hexdec(substr($config['watermark_text_color'], 2, 2)), 255 - hexdec(substr($config['watermark_text_color'], 4, 2)));
                $font_size = 15;
                do {
                    --$font_size;
                    $text_box = imagettfbbox($font_size, 0, _BASEPATH_ . '/includes/fonts/arial.ttf', $config['watermark_text']);
                    $textlen = $text_box[2] - $text_box[0] + 5;
                } while ($textlen > $new_size[0]);
                $watermark_x = (int) (($size[0] - $new_size[0]) / 2) + 5;
                $watermark_y = $new_size[1] + (int) (($size[1] - $new_size[1]) / 2) - 20;
                //shadow first
                imagettftext($mynewimg, $font_size, 0, $watermark_x, $watermark_y, $text_color2, _BASEPATH_ . '/includes/fonts/arial.ttf', $config['watermark_text']);
                //text second
                imagettftext($mynewimg, $font_size, 0, $watermark_x + 1, $watermark_y + 1, $text_color, _BASEPATH_ . '/includes/fonts/arial.ttf', $config['watermark_text']);
            }
            if (!empty($config['watermark_image']) && is_file($config['watermark_image'])) {
                $wm_image = @imagecreatefrompng($config['watermark_image']);
                $wm_image_width = imagesx($wm_image);
                $wm_image_height = imagesy($wm_image);
                $wm_image_x = (int) (($size[0] - $new_size[0]) / 2) + 5;
                $wm_image_y = $new_size[1] + (int) (($size[1] - $new_size[1]) / 2) - $wm_image_height;
                if (defined('BICUBIC_RESAMPLE')) {
                    imagecopyresamplebicubic($mynewimg, $wm_image, $wm_image_x, $wm_image_y, 0, 0, $wm_image_width, $wm_image_height, $wm_image_width, $wm_image_height);
                } else {
                    fastimagecopyresampled($mynewimg, $wm_image, $wm_image_x, $wm_image_y, 0, 0, $wm_image_width, $wm_image_height, $wm_image_width, $wm_image_height);
                }
            }
            if (!empty($config['round_corners'])) {
                $skin = get_my_skin();
                imagealphablending($mynewimg, true);
                // put the corners
                $corner = @imagecreatefrompng(_BASEPATH_ . '/skins_site/' . $skin . '/images/corner_tl.png');
                imagecopy($mynewimg, $corner, 0, 0, 0, 0, 7, 7);
                $corner = @imagecreatefrompng(_BASEPATH_ . '/skins_site/' . $skin . '/images/corner_tr.png');
                imagecopy($mynewimg, $corner, $size[0] - 7, 0, 0, 0, 7, 7);
                $corner = @imagecreatefrompng(_BASEPATH_ . '/skins_site/' . $skin . '/images/corner_bl.png');
                imagecopy($mynewimg, $corner, 0, $size[1] - 7, 0, 0, 7, 7);
                $corner = @imagecreatefrompng(_BASEPATH_ . '/skins_site/' . $skin . '/images/corner_br.png');
                imagecopy($mynewimg, $corner, $size[0] - 7, $size[1] - 7, 0, 0, 7, 7);
                // draw the border lines
                $border_color = imagecolorallocate($mynewimg, 0xcc, 0xcc, 0xcc);
                imageline($mynewimg, 7, 0, $size[0] - 8, 0, $border_color);
                //tl->tr
                imageline($mynewimg, $size[0] - 1, 7, $size[0] - 1, $size[1] - 8, $border_color);
                //tr->br
                imageline($mynewimg, 7, $size[1] - 1, $size[0] - 8, $size[1] - 1, $border_color);
                //bl->br
                imageline($mynewimg, 0, 7, 0, $size[1] - 8, $border_color);
                //tl->bl
            }
            $myreturn = imagejpeg($mynewimg, $save_path . '/' . $save_name . '.jpg', $config['quality']);
        } else {
            $myreturn = false;
        }
    } else {
        $myreturn = false;
    }
    if (!empty($myimg)) {
        imagedestroy($myimg);
    }
    if (!empty($mynewimg)) {
        imagedestroy($mynewimg);
    }
    return $myreturn;
}
Exemple #8
0
File:                       my_networks.php
$Revision$
Software by:                DateMill (http://www.datemill.com)
Copyright by:               DateMill (http://www.datemill.com)
Support at:                 http://www.datemill.com/forum
*******************************************************************************
* See the "docs/licenses/etano.txt" file for license.                         *
******************************************************************************/
require 'includes/common.inc.php';
require _BASEPATH_ . '/includes/user_functions.inc.php';
require _BASEPATH_ . '/includes/network_functions.inc.php';
require _BASEPATH_ . '/skins_site/' . get_my_skin() . '/lang/net.inc.php';
check_login_member('manage_networks');
$tpl = new phemplate(_BASEPATH_ . '/skins_site/' . get_my_skin() . '/', 'remove_nonjs');
require _BASEPATH_ . '/includes/classes/user_cache.class.php';
$user_cache = new user_cache(get_my_skin());
$query = "SELECT `net_id`,`network` FROM `{$dbtable_prefix}networks`";
if (!($res = @mysql_query($query))) {
    trigger_error(mysql_error(), E_USER_ERROR);
}
$networks = array();
$i = 0;
while ($rsrow = mysql_fetch_assoc($res)) {
    $rsrow['network'] = sanitize_and_format($rsrow['network'], TYPE_STRING, $__field2format[TEXT_DB2DISPLAY]);
    $net_members = get_network_members($_SESSION[_LICENSE_KEY_]['user']['user_id'], $rsrow['net_id'], 4);
    if (!empty($net_members)) {
        $rsrow['members'] = $user_cache->get_cache_tpl($net_members, 'result_user');
    }
    if (!empty($rsrow['members'])) {
        $rsrow['see_all'] = true;
        $networks[] = $rsrow;
Exemple #9
0
        $input['error_email'] = 'red_border';
    }
    if (!$error) {
        $query = "SELECT `" . USER_ACCOUNT_ID . "` FROM `" . USER_ACCOUNTS_TABLE . "` WHERE `email`='" . $input['email'] . "' LIMIT 1";
        if (!($res = @mysql_query($query))) {
            trigger_error(mysql_error(), E_USER_ERROR);
        }
        if (mysql_num_rows($res)) {
            $error = true;
            $topass['message']['type'] = MESSAGE_ERROR;
            $topass['message']['text'][] = sprintf($GLOBALS['_lang'][204], $input['email']);
            $input['error_email'] = 'red_border';
        }
    }
    if (!$error) {
        $query = "REPLACE INTO `{$dbtable_prefix}user_settings2` SET `fk_user_id`='" . $_SESSION[_LICENSE_KEY_]['user']['user_id'] . "',`config_option`='new_email',`config_value`='" . $input['email'] . "'";
        if (!($res = @mysql_query($query))) {
            trigger_error(mysql_error(), E_USER_ERROR);
        }
        $input['email2'] = rawurlencode($input['email']);
        send_template_email($input['email'], sprintf($GLOBALS['_lang'][40], _SITENAME_), 'email_change_confirm.html', get_my_skin(), $input);
        $topass['message']['type'] = MESSAGE_INFO;
        $topass['message']['text'][] = $GLOBALS['_lang'][39];
    } else {
        // 		you must re-read all textareas from $_POST like this:
        //		$input['x']=addslashes_mq($_POST['x']);
        $input = sanitize_and_format($input, TYPE_STRING, FORMAT_HTML2TEXT_FULL | FORMAT_STRIPSLASH);
        $topass['input'] = $input;
    }
}
redirect2page($nextpage, $topass, $qs);
Exemple #10
0
<?php

/******************************************************************************
Etano
===============================================================================
File:                       processors/login.php
$Revision$
Software by:                DateMill (http://www.datemill.com)
Copyright by:               DateMill (http://www.datemill.com)
Support at:                 http://www.datemill.com/forum
*******************************************************************************
* See the "docs/licenses/etano.txt" file for license.                         *
******************************************************************************/
require '../includes/common.inc.php';
require _BASEPATH_ . '/includes/user_functions.inc.php';
require _BASEPATH_ . '/skins_site/' . get_my_skin() . '/lang/login.inc.php';
if (is_file(_BASEPATH_ . '/events/processors/login.php')) {
    include _BASEPATH_ . '/events/processors/login.php';
}
$score_threshold = 600;
// seconds
$error = false;
$topass = array();
$nextpage = 'login.php';
$qs = '';
$qssep = '';
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
    $user = strtolower(sanitize_and_format_gpc($_POST, 'user', TYPE_STRING, $__field2format[FIELD_TEXTFIELD], ''));
    $pass = sanitize_and_format_gpc($_POST, 'pass', TYPE_STRING, $__field2format[FIELD_TEXTFIELD], '');
    if (!empty($user) && !empty($pass)) {
        $log['level'] = 'login';
Exemple #11
0
     }
 }
 if (!$error) {
     if ($input['page'] == 1) {
         $input['temp_pass'] = md5(gen_pass(6));
         $query = "INSERT IGNORE INTO `" . USER_ACCOUNTS_TABLE . "` SET `" . USER_ACCOUNT_USER . "`='" . $input['user'] . "',`" . USER_ACCOUNT_PASS . "`=md5('" . $input['pass'] . "'),`email`='" . $input['email'] . "',`membership`=2,`status`=" . ASTAT_UNVERIFIED . ",`temp_pass`='" . $input['temp_pass'] . "'";
         if (!($res = @mysql_query($query))) {
             trigger_error(mysql_error(), E_USER_ERROR);
         }
         $_SESSION[_LICENSE_KEY_]['user']['reg_id'] = mysql_insert_id();
         $_SESSION[_LICENSE_KEY_]['user']['user'] = $input['user'];
         // for `dsb_payments`
         $_SESSION[_LICENSE_KEY_]['user']['email'] = $input['email'];
         // for info_signup.html
         $input['uid'] = $_SESSION[_LICENSE_KEY_]['user']['reg_id'];
         send_template_email($input['email'], sprintf($GLOBALS['_lang'][70], _SITENAME_), 'confirm_reg.html', get_my_skin(), $input);
     }
     $query = "SELECT `fk_user_id` FROM `{$dbtable_prefix}user_profiles` WHERE `fk_user_id`=" . $_SESSION[_LICENSE_KEY_]['user']['reg_id'];
     if (!($res = @mysql_query($query))) {
         trigger_error(mysql_error(), E_USER_ERROR);
     }
     $is_update = false;
     if (mysql_num_rows($res)) {
         $is_update = true;
     }
     $now = gmdate('YmdHis');
     if ($is_update) {
         $query = "UPDATE `{$dbtable_prefix}user_profiles` SET `last_changed`='{$now}'";
     } else {
         $query = "INSERT INTO `{$dbtable_prefix}user_profiles` SET `fk_user_id`='" . $_SESSION[_LICENSE_KEY_]['user']['reg_id'] . "',`last_changed`='{$now}',`date_added`='{$now}',`score`='" . add_member_score(0, 'join', 1, true) . "'";
     }
Exemple #12
0
Etano
===============================================================================
File:                       profile.php
$Revision$
Software by:                DateMill (http://www.datemill.com)
Copyright by:               DateMill (http://www.datemill.com)
Support at:                 http://www.datemill.com/forum
*******************************************************************************
* See the "docs/licenses/etano.txt" file for license.                         *
******************************************************************************/
//define('CACHE_LIMITER','private');
require_once 'includes/common.inc.php';
require_once 'includes/user_functions.inc.php';
require_once 'includes/network_functions.inc.php';
check_login_member('profile_view');
$tpl = new phemplate(_BASEPATH_ . '/skins_site/' . get_my_skin() . '/', 'remove_nonjs');
$uid = 0;
if (!empty($_GET['uid'])) {
    $uid = (string) (int) $_GET['uid'];
} elseif (isset($_GET['user'])) {
    $user = sanitize_and_format($_GET['user'], TYPE_STRING, $__field2format[FIELD_TEXTFIELD]);
    $uid = get_userid_by_user($user);
} elseif (!empty($_SESSION[_LICENSE_KEY_]['user']['user_id'])) {
    $uid = (string) $_SESSION[_LICENSE_KEY_]['user']['user_id'];
} else {
    redirect2page('index.php');
}
if (!empty($_SESSION[_LICENSE_KEY_]['user']['user_id']) && $_SESSION[_LICENSE_KEY_]['user']['user_id'] == $uid) {
    redirect2page('my_profile.php');
}
$output = array();
Exemple #13
0
<?php

/******************************************************************************
Etano
===============================================================================
File:                       processors/contact.php
$Revision$
Software by:                DateMill (http://www.datemill.com)
Copyright by:               DateMill (http://www.datemill.com)
Support at:                 http://www.datemill.com/forum
*******************************************************************************
* See the "docs/licenses/etano.txt" file for license.                         *
******************************************************************************/
require '../includes/common.inc.php';
require _BASEPATH_ . '/includes/user_functions.inc.php';
require _BASEPATH_ . '/skins_site/' . get_my_skin() . '/lang/contact.inc.php';
check_login_member('contact');
if (is_file(_BASEPATH_ . '/events/processors/contact.php')) {
    include _BASEPATH_ . '/events/processors/contact.php';
}
$error = false;
$qs = '';
$qs_sep = '';
$topass = array();
$nextpage = 'contact.php';
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
    $input = array();
    // get the input we need and sanitize it
    $input['fk_user_id'] = !empty($_SESSION[_LICENSE_KEY_]['user']['user_id']) ? $_SESSION[_LICENSE_KEY_]['user']['user_id'] : 0;
    $input['subject'] = sanitize_and_format_gpc($_POST, 'subject', TYPE_STRING, $__field2format[FIELD_TEXTFIELD], '');
    $input['name'] = sanitize_and_format_gpc($_POST, 'name', TYPE_STRING, $__field2format[FIELD_TEXTFIELD], '');
Exemple #14
0
Support at:                 http://www.datemill.com/forum
*******************************************************************************
* See the "docs/licenses/etano.txt" file for license.                         *
******************************************************************************/
if (!defined('_LICENSE_KEY_')) {
    die('Hacking attempt');
}
include _BASEPATH_ . '/includes/logs.inc.php';
include _BASEPATH_ . '/includes/site_bans.inc.php';
$_access_level = array();
require _BASEPATH_ . '/includes/access_levels.inc.php';
require_once _BASEPATH_ . '/includes/general_functions.inc.php';
$tplvars['tplurl'] = _BASEURL_ . '/skins_site/' . get_my_skin();
$tplvars['tplrelpath'] = $GLOBALS['relative_path'] . 'skins_site/' . get_my_skin();
$GLOBALS['_lang'] = array();
require _BASEPATH_ . '/skins_site/' . get_my_skin() . '/lang/global.inc.php';
$accepted_months = array($GLOBALS['_lang'][166], $GLOBALS['_lang'][167], $GLOBALS['_lang'][168], $GLOBALS['_lang'][169], $GLOBALS['_lang'][170], $GLOBALS['_lang'][171], $GLOBALS['_lang'][172], $GLOBALS['_lang'][173], $GLOBALS['_lang'][174], $GLOBALS['_lang'][175], $GLOBALS['_lang'][176], $GLOBALS['_lang'][177], $GLOBALS['_lang'][178]);
$_pfields = array();
$_pcats = array();
require _BASEPATH_ . '/includes/fields.inc.php';
if (!empty($_SESSION[_LICENSE_KEY_]['user']['user_id'])) {
    $_SESSION[_LICENSE_KEY_]['user']['user_id'] = (int) $_SESSION[_LICENSE_KEY_]['user']['user_id'];
    $tplvars['user_logged'] = true;
} else {
    $_SESSION[_LICENSE_KEY_]['user']['user'] = 'guest';
    $_SESSION[_LICENSE_KEY_]['user']['membership'] = 1;
}
$tplvars['myself'] = $_SESSION[_LICENSE_KEY_]['user'];
$GLOBALS['_list_of_online_members'] = get_online_ids();
$GLOBALS['page_last_modified_time'] = isset($_SESSION[_LICENSE_KEY_]['user']['loginout']) ? $_SESSION[_LICENSE_KEY_]['user']['loginout'] : 0;
// need this for cache control - the Last-Modified header
Exemple #15
0
<?php

/******************************************************************************
Etano
===============================================================================
File:                       processors/pass_change.php
$Revision$
Software by:                DateMill (http://www.datemill.com)
Copyright by:               DateMill (http://www.datemill.com)
Support at:                 http://www.datemill.com/forum
*******************************************************************************
* See the "docs/licenses/etano.txt" file for license.                         *
******************************************************************************/
require '../includes/common.inc.php';
require _BASEPATH_ . '/includes/user_functions.inc.php';
require _BASEPATH_ . '/skins_site/' . get_my_skin() . '/lang/pass_change.inc.php';
if (is_file(_BASEPATH_ . '/events/processors/pass_change.php')) {
    include _BASEPATH_ . '/events/processors/pass_change.php';
}
$error = false;
$qs = '';
$qs_sep = '';
$topass = array();
$nextpage = 'my_settings.php';
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
    $input = array();
    // get the input we need and sanitize it
    $input['pass'] = sanitize_and_format_gpc($_POST, 'pass', TYPE_STRING, $__field2format[FIELD_TEXTFIELD], '');
    $input['pass2'] = sanitize_and_format_gpc($_POST, 'pass2', TYPE_STRING, $__field2format[FIELD_TEXTFIELD], '');
    if ($input['pass'] != $input['pass2']) {
        $error = true;
Exemple #16
0
<?php

/******************************************************************************
Etano
===============================================================================
File:                       ajax/rate_item.php
$Revision: 610 $
Software by:                DateMill (http://www.datemill.com)
Copyright by:               DateMill (http://www.datemill.com)
Support at:                 http://www.datemill.com/forum
*******************************************************************************
* See the "docs/licenses/etano.txt" file for license.                         *
******************************************************************************/
require_once dirname(__FILE__) . '/../includes/common.inc.php';
require_once dirname(__FILE__) . '/../includes/user_functions.inc.php';
require_once _BASEPATH_ . '/skins_site/' . get_my_skin() . '/lang/rating.inc.php';
$output = '';
$error = false;
$id = 0;
$qs = '';
$vote_type = '';
$topass = array();
if (!empty($_SESSION[_LICENSE_KEY_]['user']['user_id'])) {
    if (!empty($_REQUEST['t']) && !empty($_REQUEST['id']) && !empty($_REQUEST['vote'])) {
        $vote_type = $_REQUEST['t'];
        $id = (int) $_REQUEST['id'];
        $vote = (int) $_REQUEST['vote'];
        if ($vote_type == 'photo') {
            $parent_field = "photo_id";
            $parent_table = "{$dbtable_prefix}user_photos";
            $table = "{$dbtable_prefix}rating_photo";
Exemple #17
0
 function __construct()
 {
     require_once _BASEPATH_ . '/skins_site/' . get_my_skin() . '/lang/payment.inc.php';
     $this->_init();
 }
Exemple #18
0
/******************************************************************************
Etano
===============================================================================
File:                       processors/filters_addedit.php
$Revision$
Software by:                DateMill (http://www.datemill.com)
Copyright by:               DateMill (http://www.datemill.com)
Support at:                 http://www.datemill.com/forum
*******************************************************************************
* See the "docs/licenses/etano.txt" file for license.                         *
******************************************************************************/
require '../includes/common.inc.php';
require _BASEPATH_ . '/includes/user_functions.inc.php';
require _BASEPATH_ . '/includes/tables/message_filters.inc.php';
require _BASEPATH_ . '/skins_site/' . get_my_skin() . '/lang/mailbox.inc.php';
check_login_member('manage_folders');
if (is_file(_BASEPATH_ . '/events/processors/filters_addedit.php')) {
    include _BASEPATH_ . '/events/processors/filters_addedit.php';
}
$error = false;
$qs = '';
$qs_sep = '';
$topass = array();
$nextpage = 'filters.php';
$input = array();
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
    // get the input we need and sanitize it
    foreach ($message_filters_default['types'] as $k => $v) {
        $input[$k] = sanitize_and_format_gpc($_POST, $k, $__field2type[$v], $__field2format[$v], $message_filters_default['defaults'][$k]);
    }
Exemple #19
0
        }
    }
    unset($_SESSION['captcha_word']);
    if (!$error) {
        $query = "SELECT `" . USER_ACCOUNT_ID . "` as `uid`,`" . USER_ACCOUNT_USER . "` as `user`,`email` FROM `" . USER_ACCOUNTS_TABLE . "` WHERE `email`='" . $input['email'] . "' LIMIT 1";
        if (!($res = @mysql_query($query))) {
            trigger_error(mysql_error(), E_USER_ERROR);
        }
        if (mysql_num_rows($res)) {
            $input = mysql_fetch_assoc($res);
            $input['temp_pass'] = md5(gen_pass(6));
            $input['ipaddr'] = $_SERVER['REMOTE_ADDR'];
            $query = "UPDATE `" . USER_ACCOUNTS_TABLE . "` SET `temp_pass`='" . $input['temp_pass'] . "' WHERE `" . USER_ACCOUNT_ID . "`=" . $input['uid'];
            if (!($res = @mysql_query($query))) {
                trigger_error(mysql_error(), E_USER_ERROR);
            }
            send_template_email($input['email'], sprintf($GLOBALS['_lang'][225], _SITENAME_), 'pass_reset.html', get_my_skin(), $input);
            $topass['message']['type'] = MESSAGE_INFO;
            $topass['message']['text'] = $GLOBALS['_lang'][89];
        } else {
            $topass['message']['type'] = MESSAGE_ERROR;
            $topass['message']['text'] = $GLOBALS['_lang'][90];
        }
    } else {
        // 		you must re-read all textareas from $_POST like this:
        //		$input['x']=addslashes_mq($_POST['x']);
        $input = sanitize_and_format($input, TYPE_STRING, FORMAT_HTML2TEXT_FULL | FORMAT_STRIPSLASH);
        $topass['input'] = $input;
    }
}
redirect2page($nextpage, $topass, $qs);
Exemple #20
0
/******************************************************************************
Etano
===============================================================================
File:                       processors/photo_settings.php
$Revision$
Software by:                DateMill (http://www.datemill.com)
Copyright by:               DateMill (http://www.datemill.com)
Support at:                 http://www.datemill.com/forum
*******************************************************************************
* See the "docs/licenses/etano.txt" file for license.                         *
******************************************************************************/
require '../includes/common.inc.php';
require _BASEPATH_ . '/includes/user_functions.inc.php';
require _BASEPATH_ . '/includes/tables/user_photos.inc.php';
require _BASEPATH_ . '/skins_site/' . get_my_skin() . '/lang/photos.inc.php';
check_login_member('upload_photos');
if (is_file(_BASEPATH_ . '/events/processors/photo_settings.php')) {
    include _BASEPATH_ . '/events/processors/photo_settings.php';
}
$error = false;
$qs = '';
$qs_sep = '';
$topass = array();
$nextpage = 'my_photos.php';
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
    $input = array();
    // get the input we need and sanitize it
    foreach ($user_photos_default['types'] as $k => $v) {
        $input[$k] = sanitize_and_format_gpc($_POST, $k, $__field2type[$v], $__field2format[$v], array());
    }
Exemple #21
0
 function process(&$input, $type)
 {
     global $dbtable_prefix, $tpl;
     if (!isset($tpl)) {
         $tpl = new phemplate(_BASEPATH_ . '/skins_site/' . get_my_skin() . '/', 'remove_nonjs');
     }
     //		require_once _BASEPATH_.'/includes/classes/log_error.class.php';
     //		new log_error(array('module_name'=>get_class($this),'text'=>$type.': new notif from paypal: $_POST:'.var_export($_POST,true).' $_GET:'.var_export($_GET,true).' $input:'.var_export($input,true)));
     if (strcasecmp($input['business'], $this->config['paypal_email']) == 0 || strcasecmp($input['receiver_email'], $this->config['paypal_email']) == 0) {
         // some transformations
         parse_str($input['custom'], $temp);
         if (!empty($temp['uid'])) {
             $input['user_id'] = $temp['uid'];
         }
         $input['dm_item_type'] = $temp['dit'];
         $input['business'] = strtolower($input['business']);
         $input['receiver_email'] = strtolower($input['receiver_email']);
         $input['first_name'] = ucwords(strtolower($input['first_name']));
         $input['last_name'] = ucwords(strtolower($input['last_name']));
         $query = "SELECT get_lock('" . $input['txn_id'] . "',10)";
         if (!($res = @mysql_query($query))) {
             trigger_error(mysql_error(), E_USER_ERROR);
         }
         if (mysql_result($res, 0, 0) == 1) {
             $query = "SELECT `payment_id`,`is_subscr`,`name`,`is_suspect` FROM `{$dbtable_prefix}payments` WHERE `gw_txn`='" . $input['txn_id'] . "' AND `date`>=now()-INTERVAL 1 DAY";
             if (!($res = @mysql_query($query))) {
                 trigger_error(mysql_error(), E_USER_ERROR);
             }
             if (mysql_num_rows($res)) {
                 // the other process already did the job. Let's release the lock
                 if ($type == 'pdt') {
                     $output = mysql_fetch_assoc($res);
                     // tell member that he will receive everything by email
                     if ($output['is_subscr']) {
                         if ($output['is_suspect']) {
                             $tpl->set_file('gateway_text', 'thankyou_subscr_nok.html');
                         } else {
                             $tpl->set_file('gateway_text', 'thankyou_subscr_ok.html');
                         }
                     } else {
                         $tpl->set_file('gateway_text', 'thankyou_prod_nok.html');
                     }
                     $tpl->set_var('output', $output);
                     $tpl->process('gateway_text', 'gateway_text', TPL_OPTIONAL);
                 }
                 $query = "SELECT release_lock('" . $input['txn_id'] . "')";
                 if (!($res = @mysql_query($query))) {
                     trigger_error(mysql_error(), E_USER_ERROR);
                 }
             } else {
                 // we arrived before the other process, let's do the dirty work...
                 if ($input['dm_item_type'] == 'subscr') {
                     $query = "SELECT `" . USER_ACCOUNT_ID . "` as `user_id`,`" . USER_ACCOUNT_USER . "` as `user` FROM `" . USER_ACCOUNTS_TABLE . "` WHERE `" . USER_ACCOUNT_ID . "`=" . $input['user_id'];
                     if (!($res = @mysql_query($query))) {
                         trigger_error(mysql_error(), E_USER_ERROR);
                     }
                     if (mysql_num_rows($res)) {
                         $real_user = mysql_fetch_assoc($res);
                         if (strcasecmp($input['txn_type'], 'web_accept') == 0 || strcasecmp($input['txn_type'], 'send_money') == 0 || strcasecmp($input['txn_type'], 'subscr_payment') == 0) {
                             if (strcasecmp($input['payment_status'], 'Completed') == 0) {
                                 $query = "SELECT `subscr_id`,`price`,`m_value_to`,`duration` FROM `{$dbtable_prefix}subscriptions` WHERE `subscr_id`=" . $input['item_number'] . " AND `is_visible`=1";
                                 if (!($res = @mysql_query($query))) {
                                     trigger_error(mysql_error(), E_USER_ERROR);
                                 }
                                 if (mysql_num_rows($res)) {
                                     $real_subscr = mysql_fetch_assoc($res);
                                     if (number_format($real_subscr['price'], 2) == number_format($input['mc_gross'], 2)) {
                                         if ($input['test_ipn'] != 1 || $this->config['demo_mode'] == 1 && $input['test_ipn'] == 1) {
                                             require_once _BASEPATH_ . '/includes/iso31661a2.inc.php';
                                             if (isset($GLOBALS['iso31661a2'][$input['residence_country']])) {
                                                 $input['country'] = $GLOBALS['iso31661a2'][$input['residence_country']];
                                                 $input['email'] = $input['payer_email'];
                                                 $this->check_fraud($input);
                                             } else {
                                                 $this->is_fraud = true;
                                                 $this->fraud_reason = 'Invalid country code received from paypal. Please contact administrator.';
                                                 require_once _BASEPATH_ . '/includes/classes/log_error.class.php';
                                                 new log_error(array('module_name' => get_class($this), 'text' => 'country code received from paypal not found in iso31661a2.inc.php file' . array2qs($_POST)));
                                             }
                                             if (!empty($real_subscr['duration'])) {
                                                 // if the old subscription is not over yet, we need to extend the new one with some days
                                                 $query = "SELECT a.`payment_id`,UNIX_TIMESTAMP(a.`paid_until`) as `paid_until`,b.`price`,b.`duration` FROM `{$dbtable_prefix}payments` a LEFT JOIN `{$dbtable_prefix}subscriptions` b ON a.`fk_subscr_id`=b.`subscr_id` WHERE a.`fk_user_id`=" . $real_user['user_id'] . " AND a.`refunded`=0 AND a.`is_active`=1 AND a.`is_subscr`=1 AND a.`m_value_to`>2 ORDER BY a.`paid_until` DESC LIMIT 1";
                                                 if (!($res = @mysql_query($query))) {
                                                     trigger_error(mysql_error(), E_USER_ERROR);
                                                 }
                                                 if (mysql_num_rows($res)) {
                                                     $rsrow = mysql_fetch_assoc($res);
                                                     $time = mktime(gmdate('H'), gmdate('i'), gmdate('s'), gmdate('m'), gmdate('d'), gmdate('Y'));
                                                     if ((int) $rsrow['paid_until'] > (int) $time) {
                                                         $remaining_days = ((int) $rsrow['paid_until'] - (int) $time) / 86400;
                                                         //86400 seconds in a day
                                                         if ($remaining_days > 0) {
                                                             $remaining_value = (int) $rsrow['price'] / (int) $rsrow['duration'] * $remaining_days;
                                                             $day_value_new = (int) $real_subscr['price'] / (int) $real_subscr['duration'];
                                                             $days_append = round($remaining_value / $day_value_new);
                                                             $real_subscr['duration'] = (int) $real_subscr['duration'];
                                                             $real_subscr['duration'] += $days_append;
                                                         }
                                                     }
                                                 }
                                             }
                                             $now = gmdate('Ymd');
                                             // all old active subscriptions end now!
                                             $query = "UPDATE `{$dbtable_prefix}payments` SET `paid_until`='{$now}',`is_active`=0 WHERE `fk_user_id`=" . $real_user['user_id'] . " AND `is_active`=1 AND `is_subscr`=1";
                                             if (!($res = @mysql_query($query))) {
                                                 trigger_error(mysql_error(), E_USER_ERROR);
                                             }
                                             // insert the new subscription
                                             $query = "INSERT INTO `{$dbtable_prefix}payments` SET `is_active`=1,`fk_user_id`=" . $real_user['user_id'] . ",`_user`='" . $real_user['user'] . "',`gateway`='" . $this->module_code . "',`is_subscr`=1,`fk_subscr_id`=" . $real_subscr['subscr_id'] . ",`gw_txn`='" . $input['txn_id'] . "',`name`='" . $input['first_name'] . ' ' . $input['last_name'] . "',`country`='" . $input['country'] . "',`email`='" . $input['payer_email'] . "',`m_value_to`=" . $real_subscr['m_value_to'] . ",`amount_paid`='" . $input['mc_gross'] . "',`is_suspect`=" . (int) $this->is_fraud . ",`suspect_reason`='" . $this->fraud_reason . "',`paid_from`='{$now}',`date`=now()";
                                             if (!empty($real_subscr['duration'])) {
                                                 $query .= ",`paid_until`='{$now}'+INTERVAL " . $real_subscr['duration'] . ' DAY';
                                             }
                                             if (!($res = @mysql_query($query))) {
                                                 trigger_error(mysql_error(), E_USER_ERROR);
                                             }
                                             if (!$this->is_fraud) {
                                                 $query = "UPDATE `" . USER_ACCOUNTS_TABLE . "` SET `membership`=" . $real_subscr['m_value_to'] . " WHERE `" . USER_ACCOUNT_ID . "`=" . $real_user['user_id'];
                                                 if (!($res = @mysql_query($query))) {
                                                     trigger_error(mysql_error(), E_USER_ERROR);
                                                 }
                                                 $myreturn = true;
                                                 add_member_score($real_user['user_id'], 'payment');
                                                 if ($type == 'pdt') {
                                                     $tpl->set_file('gateway_text', 'thankyou_subscr_ok.html');
                                                 }
                                             } else {
                                                 if ($type == 'pdt') {
                                                     $output['name'] = $input['card_holder_name'];
                                                     $tpl->set_file('gateway_text', 'thankyou_subscr_nok.html');
                                                     $tpl->set_var('output', $output);
                                                     $tpl->process('gateway_text', 'gateway_text', TPL_OPTIONAL);
                                                 }
                                                 // DEPT_ADMIN from includes/admin_functions.inc.php is hardcoded below as 4
                                                 $query = "SELECT `email` FROM `{$dbtable_prefix}admin_accounts` WHERE `dept_id`=4 ORDER BY `admin_id` DESC LIMIT 1";
                                                 if (!($res = @mysql_query($query))) {
                                                     trigger_error(mysql_error(), E_USER_ERROR);
                                                 }
                                                 if (mysql_num_rows($res)) {
                                                     send_template_email(mysql_result($res, 0, 0), 'Possible fraud detected on ' . _SITENAME_ . ', please investigate', '', '', array(), $this->module_code . ' TXN: ' . $input['txn_id'] . ': ' . $this->fraud_reason);
                                                 }
                                             }
                                         } else {
                                             // a demo transaction when we're not in demo mode
                                             if ($type == 'pdt') {
                                                 $tpl->set_var('gateway_text', $GLOBALS['_lang'][187]);
                                             }
                                             require_once _BASEPATH_ . '/includes/classes/log_error.class.php';
                                             new log_error(array('module_name' => get_class($this), 'text' => 'Demo transaction when demo is not enabled: ' . array2qs($_POST)));
                                         }
                                     } else {
                                         // paid price doesn't match the subscription price
                                         if ($type == 'pdt') {
                                             $tpl->set_var('gateway_text', $GLOBALS['_lang'][188]);
                                         }
                                         require_once _BASEPATH_ . '/includes/classes/log_error.class.php';
                                         new log_error(array('module_name' => get_class($this), 'text' => 'Invalid amount paid: ' . array2qs($_POST)));
                                     }
                                 } else {
                                     // if the subscr_id was not found
                                     if ($type == 'pdt') {
                                         $tpl->set_var('gateway_text', $GLOBALS['_lang'][189]);
                                     }
                                     require_once _BASEPATH_ . '/includes/classes/log_error.class.php';
                                     new log_error(array('module_name' => get_class($this), 'text' => 'Invalid subscr_id received after payment: ' . array2qs($_POST)));
                                 }
                             } else {
                                 if ($type == 'pdt') {
                                     $tpl->set_var('gateway_text', $GLOBALS['_lang'][190]);
                                 }
                                 require_once _BASEPATH_ . '/includes/classes/log_error.class.php';
                                 new log_error(array('module_name' => get_class($this), 'text' => 'Payment status not Completed: ' . $input['payment_status'] . "\n" . array2qs($_POST)));
                             }
                         } elseif (strcasecmp($input['txn_type'], 'subscr_eot') == 0) {
                             $query = "SELECT `payment_id` FROM `{$dbtable_prefix}payments` WHERE `fk_user_id`=" . $real_user['user_id'] . " AND `fk_subscr_id`=" . $input['item_number'] . " AND `is_active`=1 ORDER BY `payment_id` DESC LIMIT 1";
                             if (!($res = @mysql_query($query))) {
                                 trigger_error(mysql_error(), E_USER_ERROR);
                             }
                             if (mysql_num_rows($res)) {
                                 $payment_id = mysql_result($res, 0, 0);
                                 $now = gmdate('Ymd');
                                 $query = "UPDATE `{$dbtable_prefix}payments` SET `paid_until`='{$now}' WHERE `payment_id`={$payment_id}";
                                 if (!($res = @mysql_query($query))) {
                                     trigger_error(mysql_error(), E_USER_ERROR);
                                 }
                             } else {
                                 // invalid eot.
                                 require_once _BASEPATH_ . '/includes/classes/log_error.class.php';
                                 new log_error(array('module_name' => get_class($this), 'text' => 'Received End of Term notification for a subscription but subscription doesn\'t exist or not active. Maybe this member has 2 running subscriptions? ' . array2qs($_POST)));
                             }
                         } else {
                             // unhandled txn_type
                             if ($type == 'pdt') {
                                 $tpl->set_var('gateway_text', $GLOBALS['_lang'][191]);
                             }
                             require_once _BASEPATH_ . '/includes/classes/log_error.class.php';
                             new log_error(array('module_name' => get_class($this), 'text' => 'Unhandled txn_type (probably not an error): ' . $input['txn_type'] . "\n" . array2qs($_POST)));
                         }
                     } else {
                         // if the user_id was not found
                         if ($type == 'pdt') {
                             $tpl->set_var('gateway_text', $GLOBALS['_lang'][192]);
                         }
                         require_once _BASEPATH_ . '/includes/classes/log_error.class.php';
                         new log_error(array('module_name' => get_class($this), 'text' => 'Invalid user_id received after payment: ' . array2qs($_POST)));
                     }
                 } elseif ($input['dm_item_type'] == 'prod') {
                     // no product support for now in Etano
                     require_once _BASEPATH_ . '/includes/classes/log_error.class.php';
                     new log_error(array('module_name' => get_class($this), 'text' => 'Received dm_item_type=prod but we are not selling products: ' . array2qs($_POST)));
                 } else {
                     // dm_item_type is neither 'prod' nor 'subscr'
                     if ($type == 'pdt') {
                         $tpl->set_var('gateway_text', $GLOBALS['_lang'][193]);
                     }
                     require_once _BASEPATH_ . '/includes/classes/log_error.class.php';
                     new log_error(array('module_name' => get_class($this), 'text' => 'Invalid dm_item_type: ' . array2qs($_POST)));
                 }
                 // job done, release the lock
                 $query = "SELECT release_lock('" . $input['txn_id'] . "')";
                 if (!($res = @mysql_query($query))) {
                     trigger_error(mysql_error(), E_USER_ERROR);
                 }
             }
         } else {
             // we could not obtain the lock.
             // The other process is taking too long but at least this should mean that it is handling this
         }
     } else {
         require_once _BASEPATH_ . '/includes/classes/log_error.class.php';
         new log_error(array('module_name' => get_class($this), 'text' => 'Payment was not made into our account: ' . array2qs($_POST)));
     }
 }