<?php
/**
*
* CMS osRealty 2.1.x
* Autor: Roman Chernyshov
* E-mail: support@osRealty.ru
* URL: www.osRealty.ru
*
*/
defined('_JEXEC') or die('Restricted access');
$err = '';
if ($_POST['add'] == 1) {
if (!empty($_POST['alert']) and email_check($_POST['email'])) {
$text = PHP_slashes(htmlspecialchars(markhtml($_POST['alert'])));
$email = htmlspecialchars($_POST['email']);
$idd = intval($_POST['idd']);
$sql = "INSERT INTO `#__alert` (`fore`, `text`, `email`) VALUES \r\n\t\t\t('{$idd}','{$text}','{$email}')";
$DB->execute($sql);
$err = 'oke';
} else {
$err = 'pub1';
}
}
?>
<div class="fore-old-call">
<img src="/<?php
echo $theme;
?>
images/alert.png" width="279" height="22" border="0" alt="Пожаловаться на прогноз" title="Пожаловаться на прогноз"/>
<div class="border"></div>
$message[0] = 'error';
$message[1] = 'Вы не заполнили поля "заголовок".';
}
if (empty($message[0])) {
$max_img_size_art_prev = $DB->getOne("SELECT `value` FROM `#__setting` WHERE `name`='max_img_size_art_prev' LIMIT 1;");
$max_img_width_art_prev = $DB->getOne("SELECT `value` FROM `#__setting` WHERE `name`='max_img_width_art_prev' LIMIT 1;");
$max_img_height_art_prev = $DB->getOne("SELECT `value` FROM `#__setting` WHERE `name`='max_img_height_art_prev' LIMIT 1;");
$max_img_size_art_prev = $max_img_size_art_prev * 1024;
$title = PHP_slashes(htmlspecialchars(strip_tags($_POST['title'])));
$chpu = PHP_slashes(htmlspecialchars(strip_tags($_POST['chpu'])));
if ($chpu == '') {
$chpu = generate_chpu($title);
}
$cat = intval($_POST['cat']);
$comments = intval($_POST['comments']);
$text = PHP_slashes(markhtml($_POST['textarea1']));
$date = time();
$show_date = intval($_POST['show_date']);
$original_url = htmlspecialchars(strip_tags($_POST['original_url']));
$tags = $tags_ru = htmlspecialchars(strip_tags($_POST['tags']));
$tags = explode(',', $tags);
$tags_en = '';
foreach ($tags as $tag) {
$t_en = generate_chpu($tag);
if (empty($tags_en)) {
$tags_en = $t_en;
} else {
$tags_en = $tags_en . ', ' . $t_en;
}
$DB->show_err = FALSE;
$sql = "\tINSERT INTO `#__tags` (`name_rus`, `name_eng`, `count`) \r\n\t\t\t\t\tVALUES ('" . strtolower($tag) . "', '" . $t_en . "','0')";
function saveComments()
{
$name = trim(strip_tags($_POST['nameComment']));
$email = trim($_POST['emailComment']);
$text = PHP_slashes(htmlspecialchars(markhtml(trim(rawurldecode($_POST['textComment'])))));
$post_url = htmlspecialchars(trim($_POST['posturlComment']));
$urlOpen = htmlspecialchars(trim($_POST['posturlOpenComment']));
$error = false;
$login = intval($_POST['loginComment']);
$replyComment = intval($_POST['replyComment']);
$cap = $_POST['nameCommentCap'];
if ($this->capcha) {
if ($_SESSION['captha_text'] != $_POST['capcha']) {
echo 'ERR5';
exit;
}
}
if ($login == 1) {
$persona = intval($_POST['personaComment']);
$checked = htmlspecialchars(trim($_POST['checkedComment']));
if ($persona > 0 and $checked > '') {
$sql = "SELECT rche_users.* FROM rche_users\n\t\t\t\tWHERE rche_users.userID='{$persona}' LIMIT 1";
$user = $this->registry['DB']->getAll($sql);
if (md5($user[0]['password'] . $this->key) == $checked) {
$this->login = true;
$this->user = $user[0];
}
} else {
echo 'ERR4';
exit;
}
}
if (!$this->login) {
if (strlen($name) < 3) {
$error = true;
$msg = 1;
}
if (!$this->emailCheck($email) or strlen($name) > 100) {
$error = true;
$msg = 2;
}
$img = 'images/boy48.gif';
} else {
$img = $this->user['photo'];
$im = explode('/', $img);
$img = '/images/' . $this->user['userID'] . '/48/48/1/' . $im['4'];
$name = $this->user['username'];
$user = $this->user['userid'];
}
if (strlen($text) == 0) {
$error = true;
$msg = 3;
}
if (strlen($post_url) > 50 or strlen($post_url) < 10) {
$error = true;
$msg = 4;
}
if ($error) {
echo 'ERR' . $msg;
exit;
}
$pass = $this->generate_password(8);
$date = $this->get_Date();
$time = time();
if ($cap == '') {
$sql = "INSERT INTO {$this->prefix}{$this->table} (`reply`,`user`,`name`,`email`,`comment`,`date`,`url`,`pass`,`urlOpen`)\n\t\t\tVALUE ('{$replyComment}','{$this->user['userID']}','{$name}','{$email}','{$text}','{$time}','{$post_url}','{$pass}','{$urlOpen}')";
$this->registry['DB']->execute($sql);
}
$lastId = $this->registry['DB']->id;
setcookie('comment' . $lastId, $pass, $time + 120, '/');
if (intval($_POST['noAjax']) != 1) {
echo $this->itemComments($name, $date, html_entity_decode($text), $img, $lastId, true, $user);
exit;
}
}
$friends = intval($_POST['friends2']);
$where = "`punbb_users`.`id`='{$friends}'";
}
if ($recipient == 3) {
$friends = PHP_slashes(htmlspecialchars($_POST['friends3']));
$where = "`#__users`.`username`='{$friends}'";
}
if ($err == 0) {
$test_user = $DB->getAll('SELECT `#__users`.`id` as `userID`,`#__users`.`username`,`#__users`.`email` FROM `#__users` WHERE ' . $where);
if (count($test_user) == 0 or count($test_user) > 1) {
$err = 1;
$message = "Ошибка: Вы указали несуществующего получателя";
}
if ($err == 0) {
$subject = PHP_slashes(utf8_substr(htmlspecialchars(strip_tags($_POST['title'])), 0, 250));
$mess = PHP_slashes(utf8_substr(htmlspecialchars(markhtml($_POST['textarea1'])), 0, 2000));
if (empty($subject)) {
$err = 1;
$message = "Ошибка: Вы не указали тему сообщения";
}
if (empty($mess)) {
$err = 1;
$message = "Ошибка: Вы не указали текс сообщения";
}
if ($err == 0) {
$sql = "\tINSERT INTO `#__message` (`from`, `to`, `date`,`subject`,`message`,`view`,`tresh`) \r\n\t\t\t\t\tVALUES ('" . $user->get_property('userID') . "', '" . $test_user[0]['userID'] . "','" . time() . "',\r\n\t\t\t\t\t\t'{$subject}','{$mess}','0','0')";
$DB->execute($sql);
$message = "Ваше сообщение успешно отправлено пользователю " . $test_user[0]['username'];
$sql = "SELECT LAST_INSERT_ID()";
$last_id = $DB->getOne($sql);
$emailsup = $DB->getOne('SELECT `#__setting`.`value`
