function index()
{
security($this);
$this->session->set_userdata('page_title', 'Companydrivers');
$data['userdetails'] = $this->session->userdata('alluserdata');
$this->load->view('userprofile/dashboard', $data);
}
function __construct()
{
parent::Controller();
$this->load->helper('kernel');
$this->username = security($_REQUEST);
$this->load->database();
}
function save_step1()
{
security($this);
$urldata = $this->uri->uri_to_assoc(4, array('m', 'action'));
$data = assign_to_data($urldata);
# If a file has been uploaded, and there are no errors process it before continuing
if (trim($_FILES['cashierphoto']['name']) != '' && $_FILES['cashierphoto']['error'] == '' && $this->input->post('editid')) {
#The file name
$file_stamp = 'cashierphoto' . $_POST['editid'];
# Upload the file and return the results of the upload
$processing_results = $this->acravfile->perfom_file_upload($this->libfileobj, $_FILES['cashierphoto'], $file_stamp, UPLOAD_DIRECTORY, $this->session->userdata('local_allowed_extensions'));
$_FILES['cashierphoto']['error'] = $processing_results['errors'];
# Will be saved in the database as the event's document file name
$_POST['cashierphoto'] = $processing_results['filename'];
}
# Display appropriate message based on the results
if ($this->input->post('save') && $this->process_form_data($urldata, $_POST, 'save')) {
$data['msg'] = "The payment data was successfully saved.";
} else {
# For each error to be displayed as an error, it should start with "ERROR:"
$data['msg'] = "ERROR: The payment data was not saved or may not be saved correctly. Please contact your administrator.";
}
$data['action'] = 'view';
$data['id'] = $this->input->post('editid');
# User is updating the company payment data
if (isset($data['id'])) {
$data['paymentdetails'] = $this->Query_reader->get_row_as_array('pick_payment_by_company_id', array('companyid' => $data['id']));
}
$this->load->view('companyprofile/managepayments', $data);
}
/**
* POST | This handles the registration with validation.
*
* @return mixed
*/
public function storeRegistrationForm()
{
$inputs = request()->get();
$validator = new RegistrationValidator();
$validation = $validator->validate($inputs);
if (count($validation)) {
session()->set('input', $inputs);
return redirect()->to(url()->previous())->withError(RegistrationValidator::toHtml($validation));
}
$token = bin2hex(random_bytes(100));
$connection = db()->connection();
try {
$connection->begin();
$user = new User();
$success = $user->create(['email' => $inputs['email'], 'password' => security()->hash($inputs['password']), 'token' => $token]);
if ($success === false) {
throw new Exception('It seems we can\'t create an account, ' . 'please check your access credentials!');
}
queue(\Components\Queue\Email::class, ['function' => 'registeredSender', 'template' => 'emails.registered-inlined', 'to' => $inputs['email'], 'url' => route('activateUser', ['token' => $token]), 'subject' => 'You are now registered, activation is required.']);
$connection->commit();
} catch (TransactionFailed $e) {
$connection->rollback();
throw $e;
} catch (Exception $e) {
$connection->rollback();
throw $e;
}
return redirect()->to(route('showLoginForm'))->withSuccess(lang()->get('responses/register.creation_success'));
}
function manage_drivers()
{
security($this, 'isadmin');
$urldata = $this->uri->uri_to_assoc(4, array('action'));
$data = assign_to_data($urldata);
$this->load->view('userprofile/drivers', $data);
}
public function testHelpersFacade()
{
$this->assertInstanceOf(\Clarity\Support\Auth\Auth::class, auth());
$this->assertInstanceOf(\Phalcon\Config::class, config());
$this->assertInstanceOf(\Phalcon\Mvc\Dispatcher::class, dispatcher());
$this->assertInstanceOf(\Phalcon\Filter::class, filter());
$this->assertInstanceOf(\Phalcon\Flash\Direct::class, flash()->direct());
$this->assertInstanceOf(\Phalcon\Flash\Session::class, flash()->session());
$this->assertInstanceOf(\League\Flysystem\Filesystem::class, flysystem());
$this->assertInstanceOf(\League\Flysystem\MountManager::class, flysystem_manager());
$this->assertInstanceOf(\Clarity\Support\Redirect\Redirect::class, redirect());
$this->assertInstanceOf(\Clarity\Support\Phalcon\Http\Request::class, request());
$this->assertInstanceOf(\Phalcon\Http\Response::class, response());
$this->assertInstanceOf(\Phalcon\Mvc\Router::class, route());
$this->assertInstanceOf(\Phalcon\Security::class, security());
$this->assertInstanceOf(\Phalcon\Tag::class, tag());
$this->assertInstanceOf(\Phalcon\Mvc\Url::class, url());
$this->assertInstanceOf(\Phalcon\Mvc\View::class, view());
# getting an error, will check later on
$this->assertInstanceOf(\Monolog\Logger::class, logger());
# adapter base functions
// $this->assertInstanceOf(, cache());
// $this->assertInstanceOf(, db());
// $this->assertInstanceOf(, queue());
// $this->assertInstanceOf(, session());
$this->assertContains(url()->getBaseUri() . 'auth/login', route('showLoginForm'));
$this->assertInstanceOf(\Phalcon\Mvc\View::class, view('welcome'));
}
function Users()
{
parent::Controller();
security($this);
$this->session->set_userdata('page_title', 'Company Profile');
$this->load->model('reminder');
#this->load->model('reminder');
security($this);
}
public function execute($request, callable $next)
{
if ($request->isPost()) {
if (security()->checkToken() === false) {
# throw exception or redirect the user
# or render a content using
# View::take(<resources.view>);exit;
throw new AccessNotAllowedException('Token mismatch, what are you doing?');
}
}
return $next($request);
}
function music_upload($file_name, &$space_left)
{
global $database, $url, $user;
// SET KEY VARIABLES
$file_maxsize = $user->level_info['level_music_maxsize'];
$file_exts = explode(",", str_replace(" ", "", strtolower($user->level_info['level_music_exts'])));
$file_types = explode(",", str_replace(" ", "", strtolower($user->level_info['level_music_mimes'])));
$new_music = new se_upload();
$new_music->new_upload($file_name, $file_maxsize, $file_exts, $file_types);
// CHECK SPACE LEFT
if ($new_music->file_size > $space_left) {
$new_music->is_error = 4000087;
} else {
$space_left = $space_left - $file_filesize;
}
if (!$new_music->is_error) {
// GENERATE TITLE
$myId3 = new ID3($file_dest);
if ($myId3->getInfo()) {
$id3_artist = trim($myId3->getArtist());
$id3_title = trim($myId3->getTitle());
if ($id3_artist && $id3_title) {
$music_title = $id3_artist . ' - ' . $id3_title;
}
}
if (!trim($music_title)) {
$music_title = $new_music->file_name;
}
$music_title = security(censor($music_title));
// INSERT ROW INTO MUSIC TABLE
$time = time();
$track_num = $database->database_fetch_array($database->database_query("SELECT music_track_num as track FROM se_music WHERE music_user_id = '{$this->user_id}' ORDER BY music_track_num DESC LIMIT 1"));
$track_num = $track_num['track'] + 1;
$database->database_query("\r\n INSERT INTO se_music\r\n (\r\n music_user_id,\r\n music_track_num,\r\n music_date,\r\n music_title,\r\n music_ext,\r\n music_filesize\r\n )\r\n VALUES\r\n (\r\n '{$this->user_id}',\r\n '{$track_num}',\r\n '{$time}',\r\n '{$music_title}',\r\n '{$new_music->file_ext}',\r\n '{$new_music->file_size}'\r\n )\r\n ");
$music_id = $database->database_insert_id();
// MOVE UPLOADED FILE
$file_dest = $url->url_userdir($user->user_info[user_id]) . $music_id . "." . $new_music->file_ext;
$new_music->upload_file($file_dest);
}
// RETURN AND DELETE FROM DATABASE IF ERROR
if ($new_music->is_error) {
if ($music_id) {
$database->database_query("DELETE FROM se_music WHERE music_id='{$music_id}' && music_user_id='{$this->user_id}'");
}
if ($file_dest) {
@unlink($file_dest);
}
return array('is_error' => $new_music->is_error);
}
// RETURN FILE STATS
return array('music_id' => $music_id, 'music_ext' => $new_music->file_ext, 'music_filesize' => $new_music->file_size, 'music_title' => $music_title);
}
function Companyusers()
{
parent::Controller();
$this->load->library('form_validation');
$this->session->set_userdata('system', 'settings');
$this->session->set_userdata('page_title', 'Company Users');
$this->load->model('reminder');
$this->load->model('email_handler');
$this->load->model('users', 'user1');
//$this->load->library('My_Email');
//$this->load->library('email');
security($this);
}
function selectWinner()
{
security($this);
$data['userdetails'] = $this->session->userdata('alluserdata');
#split posted value to get bid_reply_id and winner company_id
$post_dets = explode("_", $_POST['chosen']);
$bid_reply_id = $post_dets[0];
$company_id = $post_dets[1];
$posted_by = $post_dets[2];
#get bid_request company for email purposes
$this->db->where('bid_request_id', $_POST['bid_request']);
$result = $this->db->get('company_bid_requests');
$data['bid_request_info'] = $result->result_array();
#get winner company details
$this->db->where('id', $company_id);
$result = $this->db->get('company');
$data['company_info'] = $result->result_array();
#email contents
$email_details = array("company" => $data['company_info'][0]['companyname'], "bid_title" => $_POST['bid_title'], "request_company" => $data['bid_request_info'][0]['companyname']);
#notify company via email
$this->email->subject('ACRAV - BID SUCCESS CONFIRMATION');
$this->email->message($this->generate_bid_winner_email($email_details));
$this->email->from("*****@*****.**", 'administator');
$this->email->to($data['company_info'][0]['emailaddress']);
#associative array for update statement
$setWinner = array("bid_winner" => 1);
#execute update query and notify winner via email
$this->db->where('reply_id', $bid_reply_id);
if ($this->db->update('bid_replies', $setWinner)) {
#send user system notification
$msgTitle = "Bid Confirmation for " . $_POST['bid_title'];
$userid = $data['userdetails']['userid'];
$company_id = $data['userdetails']['compid']['id'];
$noticeDetails = array("to_company_id" => $company_id, "from_company_id" => $company_id, "title" => $msgTitle, "content" => $this->generate_bid_winner_notice($email_details), "to_employee" => $posted_by, "from_employee" => $userid, "bid_reply_id" => $bid_reply_id, "bid_request_id" => $_POST['bid_request'], "notice_type" => "1");
$submit_query = $this->Query_reader->db_submit_array($noticeDetails, "notices");
$this->db->query($submit_query);
#notify winner via email
if ($this->email->send()) {
$data['msg'] = $data['company_info'][0]['companyname'] . " has been selected as the winner of this bid and has been notified via email.";
} else {
$data['msg'] = $data['company_info'][0]['companyname'] . " has been selected as the winner of this bid but an Error occurred while sending the notification email.";
}
} else {
#Query failed to execute
$data['msg'] = "ERROR : An error occured while executing the query. Please try again.";
}
$data['curPage'] = 'bids';
$this->load->view('companybids/bidwinner', $data);
}
function index()
{
security($this);
$data['userdetails'] = $this->session->userdata('alluserdata');
$query = $this->Query_reader->get_query_by_code('pick_company_info', array('id' => $this->userdata['companyid']));
$result = $this->db->query($query);
$company = $result->result_array();
$data['company_details'] = $company[0];
$this->db->where('to_employee', $data['userdetails']['userid']);
$this->db->where('has_read', '0');
$notices = $this->db->get('notice_details');
$data['count_notices'] = $notices->num_rows();
$data['notice_details'] = $notices->result_array();
$data['curPage'] = 'company';
$this->load->view('userprofile/register', $data);
}
function index()
{
security($this);
$data['userdetails'] = $this->session->userdata('alluserdata');
#get company cargo
$this->db->where('company_id', $data['userdetails']['companyid']);
$result = $this->db->get('containers');
$data['company_cargo'] = $result->result_array();
$this->db->where('to_employee', $data['userdetails']['userid']);
$this->db->where('has_read', '0');
$notices = $this->db->get('notice_details');
$data['count_notices'] = $notices->num_rows();
$data['notice_details'] = $notices->result_array();
$data['curPage'] = 'bids';
$this->load->view('userjobs/invitebids', $data);
}
function newBid()
{
security($this);
$data['userdetails'] = $this->session->userdata('alluserdata');
$this->db->where('bid_request_id', $this->uri->segment(4));
$result = $this->db->get('company_bid_requests');
$data['returned'] = $result->num_rows();
$data['job_data'] = $result->result_array();
#get bid replies to help checking if current company previously made a bid for this job
$sql = 'select companyname from company_bid_requests where bid_request_id =' . $this->uri->segment(4) . ' and company_id = ' . $data['userdetails']['companyid'];
$bid_replies_result = $this->db->query($sql);
#company should not respond to its own bid request
if ($data['userdetails']['companyid'] == $data['job_data'][0]['id']) {
$data['msg'] = "ERROR : You are not allowed to submit a bid for your own bid request";
#check if user has previously made a bid for this job
} elseif ($bid_replies_result) {
$data['msg'] = "ERROR : You are not allowed to bid MORE THAN ONCE for your a Job.";
}
$this->load->view('companybids/submitBids', $data);
}
$Buying_Rate = buyrate($BTE);
$Selling_Rate = sellrate($BTE);
if (!$Buying_Rate) {
$Buying_Rate = '0';
}
if (!$Selling_Rate) {
$Selling_Rate = '0';
}
$login_attempts = $_SESSION['login_attempts'];
if (!$login_attempts) {
$_SESSION['login_attempts'] = 0;
}
$myusername = security($_POST['username']);
$mypassword = security($_POST['password']);
$myrepeat = security($_POST['repeat']);
$form_action = security($_POST['action']);
if ($form_action == "login") {
$_SESSION['login_attempts'] = $login_attempts + 1;
if ($login_attempts <= 5) {
if ($myusername) {
if ($mypassword) {
$mypassword2 = md5($mypassword);
$sql = "SELECT * FROM users WHERE username='******'";
$result = mysql_query($sql);
$count = mysql_num_rows($result);
if ($count == 1) {
$Pass_Query = mysql_query("SELECT * FROM users WHERE username='******'");
while ($Pass_Row = mysql_fetch_assoc($Pass_Query)) {
$db_Login_Pass_Check = $Pass_Row['password'];
if ($mypassword2 == $db_Login_Pass_Check) {
$return_error = "Logged in.";
}
} else {
$Trade_Message = 'System error.';
}
} else {
$Trade_Message = 'Illegal Operation.';
}
} else {
$Trade_Message = 'Illegal Operation.';
}
}
}
}
$PST_Order_Action = security($_POST['order-action']);
$PST_Order_Amount = security($_POST['order-amount']);
$PST_Order_Rate = security($_POST['order-rate']);
if ($PST_Order_Action == "buy") {
if ($PST_Order_Amount) {
if ($PST_Order_Rate) {
$PST_Order_Amount = satoshitrim(satoshitize($PST_Order_Amount));
$PST_Order_Rate = satoshitrim(satoshitize($PST_Order_Rate));
$PST_Order_Sub_Total = $PST_Order_Amount * $PST_Order_Rate;
$PST_Order_Sub_Total = satoshitrim(satoshitize($PST_Order_Sub_Total));
if ($PST_Order_Sub_Total <= $Coin_A_Balance) {
if ($PST_Order_Sub_Total >= "0.00001") {
if ($PST_Order_Sub_Total != 0) {
if ($Selling_Rate >= $PST_Order_Rate) {
if ($Selling_Rate === $PST_Order_Rate) {
$Query = mysql_query("SELECT id, username, amount, rate FROM sell_orderbook WHERE want='{$BTC}' and processed='1' and trade_id = '" . $my_coins->getTradeId() . "' AND trade_with = '{$BTCRYX}' ORDER BY rate DESC LIMIT 1");
while ($Row = mysql_fetch_assoc($Query)) {
$CURR_Selling_ID = $Row['id'];
<?php
require "../coinapi_private/data.php";
$getaction = security($_POST['action']);
if (!isset($_SESSION['apiidentity'])) {
die("n/a");
}
if (isset($_SESSION['apiidentity'])) {
$EMAIL_INDENT = security($_SESSION['apiidentity']);
$Query = mysql_query("SELECT email FROM accounts WHERE email='{$EMAIL_INDENT}'");
if (mysql_num_rows($Query) == 0) {
die("n/a");
}
}
if (isset($_POST['speak'])) {
$speak = security($_POST['speak']);
if ($speak != "") {
if ($udb_chathandle) {
$sql = mysql_query("INSERT INTO chat (id,date,ip,email,username,message,status) VALUES ('','{$date}','{$ip}','{$udb_email}','{$udb_chathandle}','{$speak}','viewable')");
}
}
}
function changepasswd($changepasswd, $username, $password1, $password2)
{
global $db;
global $lang_error;
$password1 = security($password1);
$password2 = security($password2);
if ($changepasswd) {
if (!$password1 and !$password2) {
$info = '<div class="alert alert-error" style="margin:0px;"><strong>' . $lang_error['all_info'] . '</strong><br>' . $lang_error['err_01.8'] . '</div>';
return $info;
}
if ($password1 != $password2) {
$info = '<div class="alert alert-error" style="margin:0px;"><strong>' . $lang_error['all_info'] . '</strong><br>' . $lang_error['err_01.6'] . '</div>';
return $info;
}
if (!preg_match('/^[a-zA-Z0-9]+$/', $password1)) {
$info = '<div class="alert alert-error" style="margin:0px;"><strong>' . $lang_error['all_info'] . '</strong><br>' . $lang_error['err_01.7'] . '</div>';
return $info;
}
if (strlen($password1) < 6 or strlen($password1) > 15) {
$info = '<div class="alert alert-error" style="margin:0px;"><strong>' . $lang_error['all_info'] . '</strong><br>' . $lang_error['err_01.8'] . '</div>';
return $info;
}
$sql = $db->query("SELECT * FROM accounts WHERE Name='{$username}'") or die(mysql_error());
if ($row = $db->fetch_assoc($sql)) {
$db->query("UPDATE accounts SET pPodarok1 = '0' WHERE Name = '{$username}'") or die(mysql_error());
$db->query("UPDATE accounts SET pKey = '{$password1}' WHERE Name = '{$username}'") or die(mysql_error());
$_SESSION['username'] = $row['Name'];
$_SESSION['ip'] = $_SERVER['REMOTE_ADDR'];
$_SESSION['info'] = "changepasswd_ok";
header("Location: http://" . $_SERVER['HTTP_HOST'] . "/index.php?do=main");
//$info = '<div class="alert alert-success" style="margin:0px;"><strong>'.$lang_error['all_info'].'</strong><br>'.$lang_error['all_yes'].'</div>';
//return $info;
} else {
$info = '<div class="alert alert-error" style="margin:0px;"><strong>' . $lang_error['all_info'] . '</strong><br>That has happened, contact the administration.</div>';
return $info;
}
}
}
<?php
session_start();
error_reporting(0);
require_once 'auth.php';
if ($Logged_In !== 7) {
header("Location: index.php");
}
$withdraw_withdraw = security($_POST['action']);
$withdraw_amount = security($_POST['amount']);
$withdraw_address = security($_POST['address']);
$iid = security($_POST['iid']);
if (!$iid) {
$my_coins->setSelectInstanceId($my_coins->getCoinsInstanceId());
} else {
if ($iid != $my_coins->getSelectInstanceId()) {
header("Location: home.php");
}
}
$iid = $my_coins->getSelectInstanceId();
$cid = $my_coins->getCoinsSelectInstanceId() + 1;
if ($withdraw_withdraw == "withdraw") {
if ($withdraw_address) {
if ($withdraw_amount) {
$withdraw_amount = satoshitize($withdraw_amount);
if ($withdraw_amount <= $Bitcrystald_Balance[$iid]) {
$fee = $my_coins->coins[$my_coins->coins_names[$cid]]["fee"];
$FEEBEE = $my_coins->coins[$my_coins->coins_names[$cid]]["FEEBEE"];
$set_withdraw_amount = $withdraw_amount - $fee;
// minus the fee
$true_withdraw_amount = satoshitize($set_withdraw_amount);
include_once "include/jsonrpc/json_extension_api.inc";
}
// INITIATE DATABASE CONNECTION
$database =& SEDatabase::getInstance();
// Use this line if you changed the way database connection is loaded
//$database = new se_database($database_host, $database_username, $database_password, $database_name);
// SET LANGUAGE CHARSET
$database->database_set_charset(SE_Language::info('charset'));
// GET SETTINGS
$setting = $database->database_fetch_assoc($database->database_query("SELECT * FROM se_settings LIMIT 1"));
// Instantiate caching object
$cache_object = SECache::getInstance();
// ENSURE NO SQL INJECTIONS THROUGH POST OR GET ARRAYS
$_POST = security($_POST);
$_GET = security($_GET);
$_COOKIE = security($_COOKIE);
// CREATE SESSION
$session_options = @unserialize($setting['setting_session_options']);
if (!empty($session_options)) {
if (!empty($session_options['storage'])) {
Configure::write('Session.save', $session_options['storage']);
}
if (!empty($session_options['name'])) {
Configure::write('Session.cookie', $session_options['name']);
}
if (!empty($session_options['expire'])) {
Configure::write('Session.timeout', $session_options['expire']);
}
}
$session =& SESession::getInstance(null, true);
$session->engine(@$session_options['storage'], $session_options);
<?php
require "../coinapi_private/data.php";
$getaction = security($_POST['action']);
if (!isset($_SESSION['apiidentity'])) {
die("n/a");
}
if (isset($_SESSION['apiidentity'])) {
$EMAIL_INDENT = security($_SESSION['apiidentity']);
$Query = mysql_query("SELECT email FROM accounts WHERE email='{$EMAIL_INDENT}'");
if (mysql_num_rows($Query) == 0) {
die("n/a");
}
}
if (isset($_POST['speakprivate'])) {
$speak = security($_POST['speakprivate']);
$to = security($_POST['to']);
if ($speak != "") {
if ($udb_chathandle) {
if ($to) {
$sql = mysql_query("INSERT INTO privatechat (id,date,ip,email,username,room,message,status) VALUES ('','{$date}','{$ip}','{$udb_email}','{$udb_chathandle}','{$to}','{$speak}','viewable')");
}
}
}
}
<?php
$rq = true;
require './system/system_config.php';
if (isUser($config_db_accounts) === true) {
header("Location: live.php");
}
$msg = '';
if (isset($_POST['submit'])) {
if (!isset($_POST['email'])) {
$msg = 'No email entered!';
} elseif (!isset($_POST['password'])) {
$msg = 'No password entered!';
} else {
$email = security($_POST['email']);
$password = encrypy(security($_POST['password']));
$Function_Query1 = mysql_query("SELECT email, password FROM {$config_db_accounts} WHERE email='{$email}' and password='******'");
$Function_Query2 = mysql_query("SELECT email, password, status FROM {$config_db_accounts} WHERE email='{$email}' and password='******' and status='1'");
if (validate_email($email) !== true) {
$msg = 'Invalid email entered!';
} elseif (mysql_num_rows($Function_Query1) !== 1) {
$msg = 'Invalid login credentials!';
} elseif (mysql_num_rows($Function_Query2) !== 1) {
$msg = 'Account is disabled!';
} else {
$_SESSION['pu'] = $email;
$msg = 'Logged in successfully.
<script type="text/javascript">
window.location = "live.php";
function relayer() {
window.location = "live.php";
<?php
//SQLi Protection
$table = $prefix . 'sqli-settings';
@($query = mysqli_query($connect, "SELECT * FROM `{$table}`"));
@($row = mysqli_fetch_assoc($query));
if ($row['protection'] == "Yes") {
//Santization of all fileds and requests
$_GET = filter_input_array(INPUT_GET, FILTER_SANITIZE_STRING);
$_POST = filter_input_array(INPUT_POST, FILTER_SANITIZE_STRING);
$table2 = $prefix . 'sqli-patterns';
@($query2 = mysqli_query($connect, "SELECT * FROM `{$table2}`"));
while ($row2 = mysqli_fetch_array($query2, MYSQL_ASSOC)) {
@($string = $_SERVER['QUERY_STRING']);
if (strpos(strtolower($string), $row2['pattern']) !== false) {
$attacked_page = security('' . $page . '?' . $string . '');
$type = "SQLi";
//AutoBan
if ($row['autoban'] == "Yes") {
$autoban = 'Yes';
$btable = $prefix . 'bans';
@($bansvalid = mysqli_query($connect, "SELECT * FROM `{$btable}` WHERE ip='{$ip}' LIMIT 1"));
@($bansvalidator = mysqli_num_rows($bansvalid));
if ($bansvalidator <= "0") {
$log = mysqli_query($connect, "INSERT INTO `{$btable}` (ip, date, time, reason, autoban) VALUES ('{$ip}', '{$date}', '{$time}', '{$type}', 'Yes')");
}
}
$autoban = 'No';
//Logging the Attack
if ($row['logging'] == "Yes") {
$ltable = $prefix . 'logs';
<?php
require "../coinapi_private/data.php";
if ($udb_email) {
$pm_handle = security($_POST['handle']);
$pm_rand = rand(100, 999);
$im_name = $pm_handle . $pm_rand;
$sql = mysql_query("INSERT INTO newims (id,date,ip,email,username,room,handle,status) VALUES ('','{$date}','{$ip}','{$udb_email}','{$udb_chathandle}','{$im_name}','{$pm_handle}','waiting')");
echo '<script type="text/javascript">
$(\'#' . $im_name . 'privatechatter\').submit(function() {
$.ajax({
data: $(this).serialize(),
type: $(this).attr(\'method\'),
url: $(this).attr(\'action\'),
success: function(response) {
$(\'#' . $im_name . 'speakprivate\').val(\'\');
}
});
return false;
});
setTimeout(function() {
$("#' . $im_name . 'privatechatroom").load("ajax_chatroom_private.php?to=' . $im_name . '");
$(\'#' . $im_name . 'privatechatroom\').scrollTop($(\'#' . $im_name . 'privatechatroom\')[0].scrollHeight);
}, 500);
setInterval(function () {
$("#' . $im_name . 'privatechatroom").load("ajax_chatroom_private.php?to=' . $im_name . '");
$(\'#' . $im_name . 'privatechatroom\').scrollTop($(\'#' . $im_name . 'privatechatroom\')[0].scrollHeight);
}, 1500);
$(function() {
$("#' . $im_name . '").draggable();
});
function main_switch()
{
cookies_main();
//if(GET_CACHED(__FILE__,__FUNCTION__,$_GET["main"])){return;}
$array["transport_settings"] = '{transport_settings}';
$array["security_settings"] = '{security_settings}';
$array["tweaks"] = '{tweaks}';
if (isset($_GET["ajaxmenu"])) {
echo "<div id='main_config_postfix'>";
}
switch ($_GET["main"]) {
case "transport_settings":
$html = Transport_rules_redirect();
//SET_CACHED(__FILE__,__FUNCTION__,$_GET["main"],$html);
echo $html;
break;
case "transport_settings_rules":
$html = Transport_rules();
//SET_CACHED(__FILE__,__FUNCTION__,$_GET["main"],$html);
echo $html;
break;
case "security_settings":
$html = security();
SET_CACHED(__FILE__, __FUNCTION__, $_GET["main"], $html);
echo $html;
break;
case "security2":
$html = security2();
SET_CACHED(__FILE__, __FUNCTION__, $_GET["main"], $html);
echo $html;
break;
case "tweaks":
$html = tweaks();
SET_CACHED(__FILE__, __FUNCTION__, $_GET["main"], $html);
echo $html;
break;
case "filters":
$html = filters_section();
SET_CACHED(__FILE__, __FUNCTION__, $_GET["main"], $html);
echo $html;
break;
case "mailbox":
$html = mailbox_section();
SET_CACHED(__FILE__, __FUNCTION__, $_GET["main"], $html);
echo $html;
break;
case "status":
$html = status_section();
SET_CACHED(__FILE__, __FUNCTION__, $_GET["main"], $html);
echo $html;
break;
case "filters-connect":
$html = filters_connect_section();
SET_CACHED(__FILE__, __FUNCTION__, $_GET["main"], $html);
echo $html;
break;
default:
$html = Transport_rules();
SET_CACHED(__FILE__, __FUNCTION__, $_GET["main"], $html);
echo $html;
break;
}
if (isset($_GET["ajaxmenu"])) {
echo "</div>";
}
}
<?php
session_start();
error_reporting(0);
require_once 'jsonRPCClient.php';
require_once 'auth.php';
$ajax_id = security($_GET['id']);
if (!$user_session) {
$do = "nothing";
} else {
if ($ajax_id == "pending-deposits") {
require 'ajax/pending-deposits.php';
}
if ($ajax_id == "balances") {
require 'ajax/balances.php';
}
}
if ($ajax_id == "buyorders") {
require 'ajax/buyorders.php';
}
if ($ajax_id == "sellorders") {
require 'ajax/sellorders.php';
}
if ($ajax_id == "orderspast") {
require 'ajax/orderspast.php';
}
if ($ajax_id == "orderscancel") {
require 'ajax/orderscancel.php';
}
if ($ajax_id == "stats") {
require 'ajax/stats.php';
function field_list($validate = 0, $format = 0, $search = 0, $field_where = "")
{
global $database, $datetime, $setting;
// GET NON DEPENDENT FIELDS IN CAT IF NECESSARY
$field_count = 0;
$this->fields = array();
$field_query = "SELECT " . $this->type . "field_id AS field_id, " . $this->type . "field_order AS field_order, " . $this->type . "field_title AS field_title, " . $this->type . "field_desc AS field_desc, " . $this->type . "field_signup AS field_signup, " . $this->type . "field_error AS field_error, " . $this->type . "field_type AS field_type, " . $this->type . "field_style AS field_style, " . $this->type . "field_maxlength AS field_maxlength, " . $this->type . "field_link AS field_link, " . $this->type . "field_options AS field_options, " . $this->type . "field_required AS field_required, " . $this->type . "field_regex AS field_regex, " . $this->type . "field_special AS field_special, " . $this->type . "field_html AS field_html, " . $this->type . "field_search AS field_search, " . $this->type . "field_display AS field_display FROM se_" . $this->type . "fields WHERE " . $this->type . "field_dependency='0'";
if ($field_where != "") {
$field_query .= " AND ({$field_where})";
}
$field_query .= " ORDER BY " . $this->type . "field_order";
$fields = $database->database_query($field_query);
while ($field_info = $database->database_fetch_assoc($fields)) {
// SET FIELD VARS
$is_field_error = 0;
$field_value = "";
$field_value_formatted = "";
$field_value_min = "";
$field_value_max = "";
$field_options = array();
// FIELD TYPE SWITCH
switch ($field_info[field_type]) {
case 1:
// TEXT FIELD
// TEXT FIELD
case 2:
// TEXTAREA
// VALIDATE POSTED FIELD VALUE
if ($validate == 1) {
// RETRIEVE POSTED FIELD VALUE AND FILTER FOR ADMIN-SPECIFIED HTML TAGS
$var = "field_" . $field_info[field_id];
$field_value = security(cleanHTML(censor($_POST[$var]), $field_info[field_html]));
if ($field_info[field_type] == 2) {
$field_value = str_replace("\r\n", "<br>", $field_value);
}
// CHECK FOR REQUIRED
if ($field_info[field_required] != 0 && trim($field_value) == "") {
$this->is_error = 96;
$is_field_error = 1;
}
// RUN PREG MATCH (ONLY FOR TEXT FIELDS)
if ($field_info[field_regex] != "" && trim($field_value) != "") {
if (!preg_match($field_info[field_regex], $field_value)) {
$this->is_error = 97;
$is_field_error = 1;
}
}
// UPDATE SAVE VALUE QUERY
if ($this->field_query != "") {
$this->field_query .= ", ";
}
if ($field_info[field_special] == 2 || $field_info[field_special] == 3) {
$field_value = ucwords($field_value);
}
$this->field_query .= $this->type . "value_{$field_info['field_id']}='{$field_value}'";
// CREATE A SEARCH QUERY FROM POSTED FIELD VALUE
} elseif ($search == 1) {
if ($field_info[field_search] == 2) {
$var1 = "field_" . $field_info[field_id] . "_min";
if (isset($_POST[$var1])) {
$field_value_min = $_POST[$var1];
} elseif (isset($_GET[$var1])) {
$field_value_min = $_GET[$var1];
} else {
$field_value_min = "";
}
$var2 = "field_" . $field_info[field_id] . "_max";
if (isset($_POST[$var2])) {
$field_value_max = $_POST[$var2];
} elseif (isset($_GET[$var2])) {
$field_value_max = $_GET[$var2];
} else {
$field_value_max = "";
}
if ($field_value_min != "") {
if ($this->field_query != "") {
$this->field_query .= " AND ";
}
$this->field_query .= $this->type . "value_{$field_info['field_id']} >= {$field_value_min}";
$this->url_string .= $var1 . "=" . urlencode($field_value_min) . "&";
}
if ($field_value_max != "") {
if ($this->field_query != "") {
$this->field_query .= " AND ";
}
$this->field_query .= $this->type . "value_{$field_info['field_id']} <= {$field_value_max}";
$this->url_string .= $var2 . "=" . urlencode($field_value_max) . "&";
}
} elseif ($field_info[field_search] == 1) {
$var = "field_" . $field_info[field_id];
if (isset($_POST[$var])) {
$field_value = $_POST[$var];
} elseif (isset($_GET[$var])) {
$field_value = $_GET[$var];
} else {
$field_value = "";
}
if ($field_value != "") {
if ($this->field_query != "") {
$this->field_query .= " AND ";
}
$this->field_query .= $this->type . "value_{$field_info['field_id']} LIKE '%{$field_value}%'";
$this->url_string .= $var . "=" . urlencode($field_value) . "&";
}
} else {
$field_value = "";
}
// DO NOT VALIDATE FIELD VALUE AND DON'T CREATE SEARCH VALUE
} else {
// RETRIEVE DATABASE FIELD VALUE
if ($this->value_info != "") {
$value_column = $this->type . "value_" . $field_info[field_id];
$field_value = $this->value_info[$value_column];
}
}
// FORMAT VALUE FOR DISPLAY
if ($format == 1 && $field_info[field_display] != 0) {
// LINK BROWSABLE FIELD VALUES IF NECESSARY
if ($field_info[field_display] == 2) {
$br_exploded_field_values = explode("<br>", trim($field_value));
$exploded_field_values = array();
foreach ($br_exploded_field_values as $key => $value) {
$comma_exploded_field_values = explode(",", trim($value));
array_walk($comma_exploded_field_values, 'link_field_values', array($field_info[field_id], "", $field_info[field_link], $field_info[field_display]));
$exploded_field_values[$key] = implode(", ", $comma_exploded_field_values);
}
$field_value_formatted = implode("<br>", $exploded_field_values);
// MAKE SURE TO LINK FIELDS WITH A LINK TAG
} else {
$exploded_field_values = array(trim($field_value));
array_walk($exploded_field_values, 'link_field_values', array($field_info[field_id], "", $field_info[field_link], $field_info[field_display]));
$field_value_formatted = implode("", $exploded_field_values);
}
// DECODE TO MAKE HTML TAGS FOR FIELDS VALID
$field_value_formatted = htmlspecialchars_decode($field_value_formatted, ENT_QUOTES);
// FORMAT VALUE FOR FORM
} else {
if ($field_info[field_type] == 1) {
$options = unserialize($field_info[field_options]);
for ($i = 0, $max = count($options); $i < $max; $i++) {
SE_Language::_preload_multi($options[$i][label]);
SE_Language::load();
$field_options[] = array('label' => SE_Language::_get($options[$i][label]));
}
}
if ($field_info[field_type] == 2) {
$field_value = str_replace("<br>", "\r\n", $field_value);
}
}
break;
case 3:
// SELECT BOX
// SELECT BOX
case 4:
// RADIO BUTTON
// VALIDATE POSTED FIELD
if ($validate == 1) {
// RETRIEVE POSTED FIELD VALUE
$var = "field_" . $field_info[field_id];
$field_value = censor($_POST[$var]);
// CHECK FOR REQUIRED
if ($field_info[field_required] != 0 && ($field_value == "-1" || $field_value == "")) {
$this->is_error = 96;
$is_field_error = 1;
}
// UPDATE SAVE VALUE QUERY
if ($this->field_query != "") {
$this->field_query .= ", ";
}
$this->field_query .= $this->type . "value_{$field_info['field_id']}='{$field_value}'";
// CREATE A SEARCH QUERY FROM POSTED FIELD VALUE
} elseif ($search == 1) {
if ($field_info[field_search] == 2) {
$var1 = "field_" . $field_info[field_id] . "_min";
if (isset($_POST[$var1])) {
$field_value_min = $_POST[$var1];
} elseif (isset($_GET[$var1])) {
$field_value_min = $_GET[$var1];
} else {
$field_value_min = "";
}
$var2 = "field_" . $field_info[field_id] . "_max";
if (isset($_POST[$var2])) {
$field_value_max = $_POST[$var2];
} elseif (isset($_GET[$var2])) {
$field_value_max = $_GET[$var2];
} else {
$field_value_max = "";
}
if ($field_value_min != "" && $field_value_min != "-1") {
if ($this->field_query != "") {
$this->field_query .= " AND ";
}
$this->field_query .= $this->type . "value_{$field_info['field_id']} >= {$field_value_min}";
$this->url_string .= $var1 . "=" . urlencode($field_value_min) . "&";
}
if ($field_value_max != "" && $field_value_max != "-1") {
if ($this->field_query != "") {
$this->field_query .= " AND ";
}
$this->field_query .= $this->type . "value_{$field_info['field_id']} <= {$field_value_max}";
$this->url_string .= $var2 . "=" . urlencode($field_value_max) . "&";
}
} elseif ($field_info[field_search] == 1) {
$var = "field_" . $field_info[field_id];
if (isset($_POST[$var])) {
$field_value = $_POST[$var];
} elseif (isset($_GET[$var])) {
$field_value = $_GET[$var];
} else {
$field_value = "";
}
if ($field_value != "-1" && $field_value != "") {
if ($this->field_query != "") {
$this->field_query .= " AND ";
}
$this->field_query .= $this->type . "value_{$field_info['field_id']}='{$field_value}'";
$this->url_string .= $var . "=" . urlencode($field_value) . "&";
}
} else {
$field_value = "";
}
// DO NOT VALIDATE FIELD VALUE AND DON'T CREATE SEARCH VALUE
} else {
// RETRIEVE DATABASE FIELD VALUE
if ($this->value_info != "") {
$value_column = $this->type . "value_" . $field_info[field_id];
$field_value = $this->value_info[$value_column];
}
}
// LOOP OVER FIELD OPTIONS
$options = unserialize($field_info[field_options]);
for ($i = 0, $max = count($options); $i < $max; $i++) {
$dep_field_info = "";
$dep_field_value = "";
$dep_field_options = "";
// OPTION HAS DEPENDENCY
if ($options[$i][dependency] == "1") {
$dep_field_query = "SELECT " . $this->type . "field_id AS field_id, " . $this->type . "field_type AS field_type, " . $this->type . "field_title AS field_title, " . $this->type . "field_style AS field_style, " . $this->type . "field_options AS field_options, " . $this->type . "field_maxlength AS field_maxlength, " . $this->type . "field_link AS field_link, " . $this->type . "field_required AS field_required, " . $this->type . "field_regex AS field_regex, " . $this->type . "field_display AS field_display FROM se_" . $this->type . "fields WHERE " . $this->type . "field_id='" . $options[$i][dependent_id] . "' AND " . $this->type . "field_dependency='{$field_info['field_id']}'";
$dep_field = $database->database_query($dep_field_query);
if ($database->database_num_rows($dep_field) != "1") {
$options[$i][dependency] = 0;
} else {
$dep_field_info = $database->database_fetch_assoc($dep_field);
// VALIDATE POSTED FIELD VALUE
if ($validate == 1) {
// OPTION SELECTED
if ($field_value == $options[$i][value]) {
$dep_var = "field_" . $dep_field_info[field_id];
$dep_field_value = censor($_POST[$dep_var]);
// DEP FIELD TYPE
switch ($dep_field_info[field_type]) {
// TEXT FIELD
case "1":
// CHECK FOR REQUIRED
if ($dep_field_info[field_required] != 0 && trim($dep_field_value) == "") {
$this->is_error = 96;
$is_field_error = 1;
}
// RUN PREG MATCH
if ($dep_field_info[field_regex] != "" && trim($dep_field_value) != "") {
if (!preg_match($dep_field_info[field_regex], $dep_field_value)) {
$this->is_error = 97;
$is_field_error = 1;
}
}
break;
// SELECT BOX
// SELECT BOX
case "3":
// CHECK FOR REQUIRED
if ($dep_field_info['field_required'] != 0 && ($dep_field_value == "-1" || $dep_field_value == "")) {
$this->is_error = 96;
$is_field_error = 1;
}
break;
}
// OPTION NOT SELECTED
} else {
$dep_field_value = "";
}
// UPDATE SAVE VALUE QUERY
if ($this->field_query != "") {
$this->field_query .= ", ";
}
$this->field_query .= $this->type . "value_{$dep_field_info['field_id']}='{$dep_field_value}'";
// DO NOT VALIDATE POSTED FIELD VALUE
} else {
// RETRIEVE DATABASE FIELD VALUE
if ($this->value_info != "") {
$value_column = $this->type . "value_" . $dep_field_info[field_id];
$dep_field_value = $this->value_info[$value_column];
}
}
// RETRIEVE DEP FIELD OPTIONS
$dep_options = unserialize($dep_field_info[field_options]);
for ($i2 = 0, $max2 = count($dep_options); $i2 < $max2; $i2++) {
SE_Language::_preload($dep_options[$i2][label]);
$dep_field_options[] = array('value' => $dep_options[$i2][value], 'label' => $dep_options[$i2][label]);
if ($dep_options[$i2][value] == $dep_field_value) {
$dep_field_value_formatted = $dep_options[$i2][label];
}
}
}
}
// FORMAT VALUE FOR DISPLAY IF OPTION IS SELECTED
if ($format == 1 && $field_value == $options[$i][value] && $field_info[field_display] != 0) {
SE_Language::_preload_multi($dep_field_info[field_title], $options[$i][label]);
SE_Language::load();
$field_value_formatted = SE_Language::_get($options[$i][label]);
// LINK FIELD VALUES IF NECESSARY
if ($field_info[field_display] == 2) {
link_field_values($field_value_formatted, "", array($field_info[field_id], $options[$i][value], "", $field_info[field_display]));
}
// ADD DEPENDENT VALUE TO FIELD VALUE
if ($dep_field_value != "" && $dep_field_info[field_display] != 0) {
if ($dep_field_info[field_type] == 3) {
$dep_field_value_formatted = SE_Language::_get($dep_field_value_formatted);
} else {
$dep_field_value_formatted = $dep_field_value;
}
link_field_values($dep_field_value_formatted, "", array($dep_field_info[field_id], $dep_field_value, $dep_field_info[field_link], $dep_field_info[field_display]));
$field_value_formatted .= " " . SE_Language::_get($dep_field_info[field_title]) . " " . $dep_field_value_formatted;
}
}
// SET OPTIONS ARRAY
SE_Language::_preload_multi($dep_field_info[field_title], $options[$i][label]);
$field_options[] = array('value' => $options[$i][value], 'label' => $options[$i][label], 'dependency' => $options[$i][dependency], 'dep_field_id' => $dep_field_info[field_id], 'dep_field_title' => $dep_field_info[field_title], 'dep_field_type' => $dep_field_info[field_type], 'dep_field_required' => $dep_field_info[field_required], 'dep_field_maxlength' => $dep_field_info[field_maxlength], 'dep_field_options' => $dep_field_options, 'dep_field_style' => $dep_field_info[field_style], 'dep_field_value' => $dep_field_value, 'dep_field_error' => $dep_field_error);
}
break;
case 5:
// DATE FIELD
// SET MONTH, DAY, AND YEAR FORMAT FROM SETTINGS
switch ($setting[setting_dateformat]) {
case "n/j/Y":
case "n.j.Y":
case "n-j-Y":
$month_format = "n";
$day_format = "j";
$year_format = "Y";
$date_order = "mdy";
break;
case "Y/n/j":
case "Ynj":
$month_format = "n";
$day_format = "j";
$year_format = "Y";
$date_order = "ymd";
break;
case "Y-n-d":
$month_format = "n";
$day_format = "d";
$year_format = "Y";
$date_order = "ymd";
break;
case "Y-m-d":
$month_format = "m";
$day_format = "d";
$year_format = "Y";
$date_order = "ymd";
break;
case "j/n/Y":
case "j.n.Y":
$month_format = "n";
$day_format = "j";
$year_format = "Y";
$date_order = "dmy";
break;
case "M. j, Y":
$month_format = "M";
$day_format = "j";
$year_format = "Y";
$date_order = "mdy";
break;
case "F j, Y":
case "l, F j, Y":
$month_format = "F";
$day_format = "j";
$year_format = "Y";
$date_order = "mdy";
break;
case "j F Y":
case "D j F Y":
case "l j F Y":
$month_format = "F";
$day_format = "j";
$year_format = "Y";
$date_order = "dmy";
break;
case "D-j-M-Y":
case "D j M Y":
case "j-M-Y":
$month_format = "M";
$day_format = "j";
$year_format = "Y";
$date_order = "dmy";
break;
case "Y-M-j":
$month_format = "M";
$day_format = "j";
$year_format = "Y";
$date_order = "ymd";
break;
}
// VALIDATE POSTED VALUE
if ($validate == 1) {
// RETRIEVE POSTED FIELD VALUE
$var1 = "field_" . $field_info[field_id] . "_1";
$var2 = "field_" . $field_info[field_id] . "_2";
$var3 = "field_" . $field_info[field_id] . "_3";
$field_1 = $_POST[$var1];
$field_2 = $_POST[$var2];
$field_3 = $_POST[$var3];
// ORDER DATE VALUES PROPERLY
switch ($date_order) {
case "mdy":
$month = $field_1;
$day = $field_2;
$year = $field_3;
break;
case "ymd":
$year = $field_1;
$month = $field_2;
$day = $field_3;
break;
case "dmy":
$day = $field_1;
$month = $field_2;
$year = $field_3;
break;
}
// CONSTRUCT FIELD VALUE
$field_value = str_pad($year, 4, '0', STR_PAD_LEFT) . "-" . str_pad($month, 2, '0', STR_PAD_LEFT) . '-' . str_pad($day, 2, '0', STR_PAD_LEFT);
// CHECK FOR REQUIRED
if ($field_info['field_required'] && ($month == "00" || $day == "00" || $year == "00")) {
$this->is_error = 96;
$is_field_error = 1;
}
// UPDATE SAVE VALUE QUERY
if ($this->field_query != "") {
$this->field_query .= ", ";
}
$this->field_query .= $this->type . "value_{$field_info['field_id']}='{$field_value}'";
// CREATE A SEARCH QUERY FROM POSTED FIELD VALUE
} elseif ($search == 1) {
// DATE IS A BIRTHDAY
if ($field_info[field_special] == 1) {
// RESET DATE ORDER SO MONTH IS LAST
$date_order = "mdy";
// RETRIEVE MIN/MAX YEARS
$var3_min = "field_" . $field_info[field_id] . "_3_min";
$var3_max = "field_" . $field_info[field_id] . "_3_max";
if (isset($_POST[$var3_min])) {
$field_3_min = $_POST[$var3_min];
} elseif (isset($_GET[$var3_min])) {
$field_3_min = $_GET[$var3_min];
} else {
$field_3_min = "";
}
if (isset($_POST[$var3_max])) {
$field_3_max = $_POST[$var3_max];
} elseif (isset($_GET[$var3_max])) {
$field_3_max = $_GET[$var3_max];
} else {
$field_3_max = "";
}
$this->url_string .= $var3_min . "=" . urlencode($field_3_min) . "&";
$this->url_string .= $var3_max . "=" . urlencode($field_3_max) . "&";
// CONSTRUCT SEARCH VALUES (MIN YEAR)
// IMPORTANT NOTE - BECAUSE IT DISPLAYS THE AGE (NOT THE YEAR) TO THE SEARCHER, THIS ACTUALLY CORRESPONDS TO THE MINIMUM AGE (MAXIMUM YEAR)
$field_value_min = str_pad($field_3_min, 4, '0', STR_PAD_LEFT);
if ($field_value_min != "0000") {
if ($this->field_query != "") {
$this->field_query .= " AND ";
}
$this->field_query .= $this->type . "value_{$field_info['field_id']}<='{$field_value_min}-" . date('m', time()) . "-" . date('d', time()) . "'";
}
// CONSTRUCT SEARCH VALUES (MAX YEAR)
// IMPORTANT NOTE - BECAUSE IT DISPLAYS THE AGE (NOT THE YEAR) TO THE SEARCHER, THIS ACTUALLY CORRESPONDS TO THE MAXIMUM AGE (MINIMUM YEAR)
$field_value_max = str_pad($field_3_max, 4, '0', STR_PAD_LEFT);
if ($field_value_max != "0000") {
if ($this->field_query != "") {
$this->field_query .= " AND ";
}
$this->field_query .= $this->type . "value_{$field_info['field_id']}>=DATE_ADD('" . ($field_value_max - 1) . "-" . date('m', time()) . "-" . date('d', time()) . "', INTERVAL 1 DAY)";
}
// EXCLUDE USERS WHO HAVE NOT ENTERED A BIRTH YEAR
if ($field_value_min != "0000" || $field_value_max != "0000") {
if ($this->field_query != "") {
$this->field_query .= " AND ";
}
$this->field_query .= "YEAR(" . $this->type . "value_{$field_info['field_id']})<>'0000'";
}
// DATE IS NOT A BIRTHDAY
} else {
// RETRIEVE VALUES
$var1 = "field_" . $field_info[field_id] . "_1";
$var2 = "field_" . $field_info[field_id] . "_2";
$var3 = "field_" . $field_info[field_id] . "_3";
if (isset($_POST[$var1])) {
$field_1 = $_POST[$var1];
} elseif (isset($_GET[$var1])) {
$field_1 = $_GET[$var1];
} else {
$field_1 = "";
}
if (isset($_POST[$var2])) {
$field_2 = $_POST[$var2];
} elseif (isset($_GET[$var2])) {
$field_2 = $_GET[$var2];
} else {
$field_2 = "";
}
if (isset($_POST[$var3])) {
$field_3 = $_POST[$var3];
} elseif (isset($_GET[$var3])) {
$field_3 = $_GET[$var3];
} else {
$field_3 = "";
}
$this->url_string .= $var1 . "=" . urlencode($field_1) . "&";
$this->url_string .= $var2 . "=" . urlencode($field_2) . "&";
$this->url_string .= $var3 . "=" . urlencode($field_3) . "&";
// ORDER DATE VALUES PROPERLY
switch ($date_order) {
case "mdy":
$month = str_pad($field_1, 2, '0', STR_PAD_LEFT);
$day = str_pad($field_2, 2, '0', STR_PAD_LEFT);
$year = str_pad($field_3, 4, '0', STR_PAD_LEFT);
break;
case "ymd":
$year = str_pad($field_1, 4, '0', STR_PAD_LEFT);
$month = str_pad($field_2, 2, '0', STR_PAD_LEFT);
$day = str_pad($field_3, 2, '0', STR_PAD_LEFT);
break;
case "dmy":
$day = str_pad($field_1, 2, '0', STR_PAD_LEFT);
$month = str_pad($field_2, 2, '0', STR_PAD_LEFT);
$year = str_pad($field_3, 4, '0', STR_PAD_LEFT);
break;
}
// CONSTRUCT FIELD VALUE
$field_value = $year . "-" . $month . '-' . $day;
if ($month != "00") {
if ($this->field_query != "") {
$this->field_query .= " AND ";
}
$this->field_query .= "MONTH(" . $this->type . "value_{$field_info['field_id']})='{$month}'";
}
if ($day != "00") {
if ($this->field_query != "") {
$this->field_query .= " AND ";
}
$this->field_query .= "DAY(" . $this->type . "value_{$field_info['field_id']})='{$day}'";
}
if ($year != "0000") {
if ($this->field_query != "") {
$this->field_query .= " AND ";
}
$this->field_query .= "YEAR(" . $this->type . "value_{$field_info['field_id']})='{$year}'";
}
}
// DO NOT VALIDATE FIELD VALUE AND DON'T CREATE SEARCH VALUE
} else {
// RETRIEVE DATABASE FIELD VALUE
if ($this->value_info != "") {
$value_column = $this->type . "value_" . $field_info[field_id];
$field_value = $this->value_info[$value_column];
} else {
$field_value = "0000-00-00";
}
}
$year = substr($field_value, 0, 4);
$month = substr($field_value, 5, 2);
$day = substr($field_value, 8, 2);
// FORMAT VALUE FOR DISPLAY
if ($format == 1 && $field_info[field_display] != 0) {
if ($field_value != "0000-00-00") {
if ($year == "0000") {
$year = "";
}
if ($month == "00") {
$month = "";
} else {
$month = $datetime->cdate("F", mktime(0, 0, 0, $month, 1, 1990));
}
if ($day == "00") {
$day = "";
} else {
$day = $datetime->cdate("{$day_format}", mktime(0, 0, 0, 1, $day, 1990));
}
switch ($date_order) {
case "mdy":
$field_value_formatted = "{$month} {$day} {$year}";
break;
case "ymd":
$field_value_formatted = "{$year} {$month} {$day}";
break;
case "dmy":
$field_value_formatted = "{$day} {$month} {$year}";
break;
}
if ($field_info[field_display] == 2) {
link_field_values($field_value_formatted, "", array($field_info[field_id], $field_value, "", $field_info[field_display]));
}
}
// FORMAT VALUE FOR FORM
} else {
// GET LANGUAGE VARS
SE_Language::_preload_multi(579, 580, 581);
// CONSTRUCT MONTH ARRAY
$month_array = array();
$month_array[0] = array('name' => "579", 'value' => "0", 'selected' => "");
for ($m = 1; $m <= 12; $m++) {
if ($month == $m) {
$selected = " SELECTED";
} else {
$selected = "";
}
$month_array[$m] = array('name' => $datetime->cdate("{$month_format}", mktime(0, 0, 0, $m, 1, 1990)), 'value' => $m, 'selected' => $selected);
}
// CONSTRUCT DAY ARRAY
$day_array = array();
$day_array[0] = array('name' => "580", 'value' => "0", 'selected' => "");
for ($d = 1; $d <= 31; $d++) {
if ($day == $d) {
$selected = " SELECTED";
} else {
$selected = "";
}
$day_array[$d] = array('name' => $datetime->cdate("{$day_format}", mktime(0, 0, 0, 1, $d, 1990)), 'value' => $d, 'selected' => $selected);
}
// CONSTRUCT YEAR ARRAY
$year_array = array();
$year_count = 1;
$current_year = $datetime->cdate("Y", time());
$year_array[0] = array('name' => "581", 'value' => "0", 'selected' => "");
for ($y = $current_year; $y >= 1920; $y--) {
if ($year == $y) {
$selected = " SELECTED";
} else {
$selected = "";
}
$year_array[$year_count] = array('name' => $y, 'value' => $y, 'selected' => $selected);
$year_count++;
}
// ORDER DATE ARRAYS PROPERLY
switch ($date_order) {
case "mdy":
$date_array1 = $month_array;
$date_array2 = $day_array;
$date_array3 = $year_array;
break;
case "ymd":
$date_array1 = $year_array;
$date_array2 = $month_array;
$date_array3 = $day_array;
break;
case "dmy":
$date_array1 = $day_array;
$date_array2 = $month_array;
$date_array3 = $year_array;
break;
}
}
break;
case 6:
// CHECKBOXES
// VALIDATE POSTED FIELD
if ($validate == 1) {
// RETRIEVE POSTED FIELD VALUE
$var = "field_" . $field_info[field_id];
$field_value = $_POST[$var];
// CHECK FOR REQUIRED
if ($field_info[field_required] != 0 && count($field_value) == 0) {
$this->is_error = 96;
$is_field_error = 1;
}
// UPDATE SAVE VALUE QUERY
if ($this->field_query != "") {
$this->field_query .= ", ";
}
$this->field_query .= $this->type . "value_{$field_info['field_id']}='" . implode(",", $field_value) . "'";
// CREATE A SEARCH QUERY FROM POSTED FIELD VALUE
} elseif ($search == 1) {
$var = "field_" . $field_info[field_id];
if (isset($_POST[$var])) {
$field_value = $_POST[$var];
} elseif (isset($_GET[$var])) {
$field_value = $_GET[$var];
} else {
$field_value = "";
}
if (count($field_value) != 0 && $field_value != "") {
for ($o = 0; $o < count($field_value); $o++) {
if ($this->field_query != "") {
$this->field_query .= " AND ";
}
$this->field_query .= "FIND_IN_SET('" . $field_value[$o] . "', " . $this->type . "value_{$field_info['field_id']})";
$this->url_string .= $var . "[]=" . urlencode($field_value[$o]) . "&";
}
}
// DO NOT VALIDATE FIELD VALUE AND DON'T CREATE SEARCH VALUE
} else {
// RETRIEVE DATABASE FIELD VALUE
if ($this->value_info != "") {
$value_column = $this->type . "value_" . $field_info[field_id];
$field_value = explode(",", $this->value_info[$value_column]);
}
}
// LOOP OVER FIELD OPTIONS
$options = unserialize($field_info[field_options]);
for ($i = 0, $max = count($options); $i < $max; $i++) {
$dep_field_info = "";
$dep_field_value = "";
$dep_field_options = "";
// OPTION HAS DEPENDENCY
if ($options[$i][dependency] == "1") {
$dep_field_query = "SELECT " . $this->type . "field_id AS field_id, " . $this->type . "field_type AS field_type, " . $this->type . "field_title AS field_title, " . $this->type . "field_style AS field_style, " . $this->type . "field_options AS field_options, " . $this->type . "field_maxlength AS field_maxlength, " . $this->type . "field_link AS field_link, " . $this->type . "field_required AS field_required, " . $this->type . "field_regex AS field_regex, " . $this->type . "field_display AS field_display FROM se_" . $this->type . "fields WHERE " . $this->type . "field_id='" . $options[$i][dependent_id] . "' AND " . $this->type . "field_dependency='{$field_info['field_id']}'";
$dep_field = $database->database_query($dep_field_query);
if ($database->database_num_rows($dep_field) != "1") {
$options[$i][dependency] = 0;
} else {
$dep_field_info = $database->database_fetch_assoc($dep_field);
// VALIDATE POSTED FIELD VALUE
if ($validate == 1) {
// OPTION SELECTED
if (in_array($options[$i][value], $field_value)) {
$dep_var = "field_" . $dep_field_info[field_id];
$dep_field_value = censor($_POST[$dep_var]);
// DEP FIELD TYPE
switch ($dep_field_info[field_type]) {
// TEXT FIELD
case "1":
// CHECK FOR REQUIRED
if ($dep_field_info[field_required] != 0 && trim($dep_field_value) == "") {
$this->is_error = 96;
$is_field_error = 1;
}
// RUN PREG MATCH
if ($dep_field_info[field_regex] != "" && trim($dep_field_value) != "") {
if (!preg_match($dep_field_info[field_regex], $dep_field_value)) {
$this->is_error = 97;
$is_field_error = 1;
}
}
break;
// SELECT BOX
// SELECT BOX
case "3":
// CHECK FOR REQUIRED
if ($dep_field_info['field_required'] != 0 && ($dep_field_value == "-1" || $dep_field_value == "")) {
$this->is_error = 96;
$is_field_error = 1;
}
break;
}
// OPTION NOT SELECTED
} else {
$dep_field_value = "";
}
// UPDATE SAVE VALUE QUERY
if ($this->field_query != "") {
$this->field_query .= ", ";
}
$this->field_query .= $this->type . "value_{$dep_field_info['field_id']}='{$dep_field_value}'";
// DO NOT VALIDATE POSTED FIELD VALUE
} else {
// RETRIEVE DATABASE FIELD VALUE
if ($this->value_info != "") {
$value_column = $this->type . "value_" . $dep_field_info[field_id];
$dep_field_value = $this->value_info[$value_column];
}
}
// RETRIEVE DEP FIELD OPTIONS
$dep_options = unserialize($dep_field_info[field_options]);
for ($i2 = 0, $max2 = count($dep_options); $i2 < $max2; $i2++) {
SE_Language::_preload($dep_options[$i2][label]);
$dep_field_options[] = array('value' => $dep_options[$i2][value], 'label' => $dep_options[$i2][label]);
if ($dep_options[$i2][value] == $dep_field_value) {
$dep_field_value_formatted = $dep_options[$i2][label];
}
}
}
}
// FORMAT VALUE FOR DISPLAY IF OPTION IS SELECTED
if ($format == 1 && in_array($options[$i][value], $field_value) && $field_info[field_display] != 0) {
SE_Language::_preload_multi($dep_field_info[field_title], $options[$i][label]);
SE_Language::load();
$formatted_prelim = SE_Language::_get($options[$i][label]);
// LINK FIELD VALUES IF NECESSARY
if ($field_info[field_display] == 2) {
link_field_values($formatted_prelim, "", array($field_info[field_id], $options[$i][value], "", $field_info[field_display]));
}
// ADD DEPENDENT VALUE TO FIELD VALUE
if ($dep_field_value != "" && $dep_field_info[field_display] != 0) {
if ($dep_field_info[field_type] == 3) {
$dep_field_value_formatted = SE_Language::_get($dep_field_value_formatted);
} else {
$dep_field_value_formatted = $dep_field_value;
}
link_field_values($dep_field_value_formatted, "", array($dep_field_info[field_id], $dep_field_value, $dep_field_info[field_link], $dep_field_info[field_display]));
$field_value_formatted .= " " . SE_Language::_get($dep_field_info[field_title]) . " " . $dep_field_value_formatted;
}
if (trim($field_value_formatted) != "") {
$field_value_formatted .= ", ";
}
$field_value_formatted .= $formatted_prelim;
}
// SET OPTIONS ARRAY
SE_Language::_preload_multi($dep_field_info[field_title], $options[$i][label]);
$field_options[] = array('value' => $options[$i][value], 'label' => $options[$i][label], 'dependency' => $options[$i][dependency], 'dep_field_id' => $dep_field_info[field_id], 'dep_field_title' => $dep_field_info[field_title], 'dep_field_type' => $dep_field_info[field_type], 'dep_field_required' => $dep_field_info[field_required], 'dep_field_maxlength' => $dep_field_info[field_maxlength], 'dep_field_options' => $dep_field_options, 'dep_field_style' => $dep_field_info[field_style], 'dep_field_value' => $dep_field_value, 'dep_field_error' => $dep_field_error);
}
break;
}
// SET FIELD ERROR IF ERROR OCCURRED
if ($is_field_error == 1) {
$field_error = $field_info[field_error];
} else {
$field_error = 0;
}
// SET FIELD VALUE ARRAY FOR LATER USE
// FIX THIS FOR CHECKBOXES (USED FOR SUBNETS?)
$this->fields_new[$this->type . "value_" . $field_info[field_id]] = $field_value;
// SET SPECIAL FIELDS, IF NECESSARY
if ($field_info[field_special] != 0) {
$this->field_special[$field_info[field_special]] = $field_value;
}
// SAVE FORMATTED FIELD VALUE IN ARRAY
if ($field_value_formatted != "") {
$this->field_values[] = $field_value_formatted;
}
// SET FIELD ARRAY AND INCREMENT FIELD COUNT
if ($format == 0 && $search == 0 || $format == 1 && $field_value_formatted != "" || $search == 1 && $field_info[field_search] != 0) {
SE_Language::_preload_multi($field_info[field_title], $field_info[field_desc], $field_info[field_error]);
$this->fields[] = $this->fields_all[] = array('field_id' => $field_info[field_id], 'field_title' => $field_info[field_title], 'field_desc' => $field_info[field_desc], 'field_type' => $field_info[field_type], 'field_required' => $field_info[field_required], 'field_style' => $field_info[field_style], 'field_maxlength' => $field_info[field_maxlength], 'field_special' => $field_info[field_special], 'field_signup' => $field_info[field_signup], 'field_search' => $field_info[field_search], 'field_options' => $field_options, 'field_value' => $field_value, 'field_value_formatted' => $field_value_formatted, 'field_value_min' => $field_value_min, 'field_value_max' => $field_value_max, 'field_error' => $field_error, 'date_array1' => $date_array1, 'date_array2' => $date_array2, 'date_array3' => $date_array3);
$field_count++;
}
}
}
}
$msg = '';
if (isset($_POST['submit'])) {
if (!isset($_POST['username'])) {
$msg = 'No username entered!';
} elseif (!isset($_POST['email'])) {
$msg = 'No email entered!';
} elseif (!isset($_POST['password'])) {
$msg = 'No password entered!';
} elseif (!isset($_POST['repeat'])) {
$msg = 'Password not repeated!';
} else {
$username = security($_POST['username']);
$email = security($_POST['email']);
$password = encrypy(security($_POST['password']));
$repeat = encrypy(security($_POST['repeat']));
$Function_Query1 = mysql_query("SELECT email FROM {$config_db_accounts} WHERE email='{$email}'");
$Function_Query2 = mysql_query("SELECT username FROM {$config_db_accounts} WHERE username='******'");
if ($password !== $repeat) {
$msg = 'Passwords did not match!';
} elseif ($config_registrations !== true) {
$msg = 'Registration is disabled.';
} elseif (validate_email($email) !== true) {
$msg = 'Invalid email entered!';
} elseif (validate_username($username) !== true) {
$msg = 'Invalid username entered!';
} elseif (strlen($username) <= 3 && strlen($username) >= 15) {
$msg = 'Usernames between 3 and 15 charecters!';
} elseif (mysql_num_rows($Function_Query1) === 1) {
$msg = 'Email already has an account!';
} elseif (mysql_num_rows($Function_Query2) === 1) {
all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
THE SOFTWARE.
*/
/**~. (c) 2014 Garrett R. Morris, OpenEx.pw .~**->>
*Licensed Under the MIT License : http://www.opensource.org/licenses/mit-license.php
***************************************/
//
//CSRF Protection
//
$token = security($_POST["csrf_token"]);
if (empty($token)) {
$errors[] = "a security error occured. please try again";
//we know the token is missing, but we don't let the end user know that.
} else {
if (!$loggedInUser->csrf_validate($token)) {
$errors[] = "a security error occured. please try again.";
//the token was wrong, but same here.
}
}
/*
basic usage
class:
$loggedInUser->csrf_token(true); <-- creates the token
$loggedInUser->csrf_token; <-- accesses the token from its storage in the session object
$loggedInUser->csrf_validate(); <-- validates and regenerates the token
<?php
require "../coinapi_private/data.php";
$datec = date('G');
$result = mysql_query("SELECT * FROM box2 WHERE datec='{$datec}'");
$num_rows = mysql_num_rows($result);
if ($num_rows > 4) {
$onloader = 'It seams someone is trying to abuse us.\\nTry again a later today.';
} else {
if (isset($_POST['addr'])) {
$User_Address = security(strip_tags($_POST['addr']));
}
if (isset($_POST['addr'])) {
if ($User_Address != "") {
$result = mysql_query("SELECT * FROM box2 WHERE date='{$date}' and address='{$User_Address}'");
$num_rows = mysql_num_rows($result);
if ($num_rows == 0) {
$result = mysql_query("SELECT * FROM box2 WHERE ip='{$ip}' and date='{$date}'");
$num_rows = mysql_num_rows($result);
if ($num_rows == 0) {
$result = mysql_query("SELECT * FROM box2 WHERE email='{$udb_email}' and date='{$date}'");
$num_rows = mysql_num_rows($result);
if ($num_rows == 0) {
$send_amount = "0.01";
$json_url = 'http://bdrf.info/api_mec.php?puk=jCM8kKazKMOcUDyhP80vIYYjy5DdGixnhr&prk=FsDCfGc8tUUDnoyjwezqxHQOJ9lXOiYUz8ScD&act=sendcoin&acnt=TheAdminsEmail@address.com&sid=BDRFM&to=' . $User_Address . '&amount=' . $send_amount;
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $json_url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$json_feed = curl_exec($ch);
curl_close($ch);
$txid_array = json_decode($json_feed, true);
