<?php /** * * CMS osRealty 2.1.x * Autor: Roman Chernyshov * E-mail: support@osRealty.ru * URL: www.osRealty.ru * */ defined('_JEXEC') or die('Restricted access'); $err = ''; if ($_POST['add'] == 1) { if (!empty($_POST['alert']) and email_check($_POST['email'])) { $text = PHP_slashes(htmlspecialchars(markhtml($_POST['alert']))); $email = htmlspecialchars($_POST['email']); $idd = intval($_POST['idd']); $sql = "INSERT INTO `#__alert` (`fore`, `text`, `email`) VALUES \r\n\t\t\t('{$idd}','{$text}','{$email}')"; $DB->execute($sql); $err = 'oke'; } else { $err = 'pub1'; } } ?> <div class="fore-old-call"> <img src="/<?php echo $theme; ?> images/alert.png" width="279" height="22" border="0" alt="Пожаловаться на прогноз" title="Пожаловаться на прогноз"/> <div class="border"></div>
$message[0] = 'error'; $message[1] = 'Вы не заполнили поля "заголовок".'; } if (empty($message[0])) { $max_img_size_art_prev = $DB->getOne("SELECT `value` FROM `#__setting` WHERE `name`='max_img_size_art_prev' LIMIT 1;"); $max_img_width_art_prev = $DB->getOne("SELECT `value` FROM `#__setting` WHERE `name`='max_img_width_art_prev' LIMIT 1;"); $max_img_height_art_prev = $DB->getOne("SELECT `value` FROM `#__setting` WHERE `name`='max_img_height_art_prev' LIMIT 1;"); $max_img_size_art_prev = $max_img_size_art_prev * 1024; $title = PHP_slashes(htmlspecialchars(strip_tags($_POST['title']))); $chpu = PHP_slashes(htmlspecialchars(strip_tags($_POST['chpu']))); if ($chpu == '') { $chpu = generate_chpu($title); } $cat = intval($_POST['cat']); $comments = intval($_POST['comments']); $text = PHP_slashes(markhtml($_POST['textarea1'])); $date = time(); $show_date = intval($_POST['show_date']); $original_url = htmlspecialchars(strip_tags($_POST['original_url'])); $tags = $tags_ru = htmlspecialchars(strip_tags($_POST['tags'])); $tags = explode(',', $tags); $tags_en = ''; foreach ($tags as $tag) { $t_en = generate_chpu($tag); if (empty($tags_en)) { $tags_en = $t_en; } else { $tags_en = $tags_en . ', ' . $t_en; } $DB->show_err = FALSE; $sql = "\tINSERT INTO `#__tags` (`name_rus`, `name_eng`, `count`) \r\n\t\t\t\t\tVALUES ('" . strtolower($tag) . "', '" . $t_en . "','0')";
function saveComments() { $name = trim(strip_tags($_POST['nameComment'])); $email = trim($_POST['emailComment']); $text = PHP_slashes(htmlspecialchars(markhtml(trim(rawurldecode($_POST['textComment']))))); $post_url = htmlspecialchars(trim($_POST['posturlComment'])); $urlOpen = htmlspecialchars(trim($_POST['posturlOpenComment'])); $error = false; $login = intval($_POST['loginComment']); $replyComment = intval($_POST['replyComment']); $cap = $_POST['nameCommentCap']; if ($this->capcha) { if ($_SESSION['captha_text'] != $_POST['capcha']) { echo 'ERR5'; exit; } } if ($login == 1) { $persona = intval($_POST['personaComment']); $checked = htmlspecialchars(trim($_POST['checkedComment'])); if ($persona > 0 and $checked > '') { $sql = "SELECT rche_users.* FROM rche_users\n\t\t\t\tWHERE rche_users.userID='{$persona}' LIMIT 1"; $user = $this->registry['DB']->getAll($sql); if (md5($user[0]['password'] . $this->key) == $checked) { $this->login = true; $this->user = $user[0]; } } else { echo 'ERR4'; exit; } } if (!$this->login) { if (strlen($name) < 3) { $error = true; $msg = 1; } if (!$this->emailCheck($email) or strlen($name) > 100) { $error = true; $msg = 2; } $img = 'images/boy48.gif'; } else { $img = $this->user['photo']; $im = explode('/', $img); $img = '/images/' . $this->user['userID'] . '/48/48/1/' . $im['4']; $name = $this->user['username']; $user = $this->user['userid']; } if (strlen($text) == 0) { $error = true; $msg = 3; } if (strlen($post_url) > 50 or strlen($post_url) < 10) { $error = true; $msg = 4; } if ($error) { echo 'ERR' . $msg; exit; } $pass = $this->generate_password(8); $date = $this->get_Date(); $time = time(); if ($cap == '') { $sql = "INSERT INTO {$this->prefix}{$this->table} (`reply`,`user`,`name`,`email`,`comment`,`date`,`url`,`pass`,`urlOpen`)\n\t\t\tVALUE ('{$replyComment}','{$this->user['userID']}','{$name}','{$email}','{$text}','{$time}','{$post_url}','{$pass}','{$urlOpen}')"; $this->registry['DB']->execute($sql); } $lastId = $this->registry['DB']->id; setcookie('comment' . $lastId, $pass, $time + 120, '/'); if (intval($_POST['noAjax']) != 1) { echo $this->itemComments($name, $date, html_entity_decode($text), $img, $lastId, true, $user); exit; } }
$friends = intval($_POST['friends2']); $where = "`punbb_users`.`id`='{$friends}'"; } if ($recipient == 3) { $friends = PHP_slashes(htmlspecialchars($_POST['friends3'])); $where = "`#__users`.`username`='{$friends}'"; } if ($err == 0) { $test_user = $DB->getAll('SELECT `#__users`.`id` as `userID`,`#__users`.`username`,`#__users`.`email` FROM `#__users` WHERE ' . $where); if (count($test_user) == 0 or count($test_user) > 1) { $err = 1; $message = "Ошибка: Вы указали несуществующего получателя"; } if ($err == 0) { $subject = PHP_slashes(utf8_substr(htmlspecialchars(strip_tags($_POST['title'])), 0, 250)); $mess = PHP_slashes(utf8_substr(htmlspecialchars(markhtml($_POST['textarea1'])), 0, 2000)); if (empty($subject)) { $err = 1; $message = "Ошибка: Вы не указали тему сообщения"; } if (empty($mess)) { $err = 1; $message = "Ошибка: Вы не указали текс сообщения"; } if ($err == 0) { $sql = "\tINSERT INTO `#__message` (`from`, `to`, `date`,`subject`,`message`,`view`,`tresh`) \r\n\t\t\t\t\tVALUES ('" . $user->get_property('userID') . "', '" . $test_user[0]['userID'] . "','" . time() . "',\r\n\t\t\t\t\t\t'{$subject}','{$mess}','0','0')"; $DB->execute($sql); $message = "Ваше сообщение успешно отправлено пользователю " . $test_user[0]['username']; $sql = "SELECT LAST_INSERT_ID()"; $last_id = $DB->getOne($sql); $emailsup = $DB->getOne('SELECT `#__setting`.`value`