Exemple #1
 function load($tpl_name, $menu = 'log')
     $url = @parse_url($tpl_name);
     $file_path = dirname($this->clear_url_dir($url['path']));
     $tpl_name = pathinfo($url['path']);
     $tpl_name = totranslit($tpl_name['basename']);
     $tpl = file_get_contents(ROOT_DIR . "/templates/" . $this->config_dle['skin'] . "/billing/" . $tpl_name . ".tpl");
     if (!$tpl) {
         return $this->lang['cabinet_theme_error'] . "{$tpl_name}.tpl";
     foreach ($this->elements as $key => $value) {
         $tpl = str_replace($key, $value, $tpl);
     foreach ($this->element_block as $key => $value) {
         $tpl = preg_replace("'\\[" . $key . "\\].*?\\[/" . $key . "\\]'si", $value, $tpl);
     /* Plugins menu */
     $tpl_plugin = $this->T_preg_match($tpl, '~\\[plugin\\](.*?)\\[/plugin\\]~is');
     $plugins_list = $this->T_plugins();
     $plugins = "";
     if (count($plugins_list)) {
         foreach ($plugins_list as $name => $pl_config) {
             $time_plugins_theme = $tpl_plugin;
             $time_plugins_theme = str_replace("{plugin_link}", $name, $time_plugins_theme);
             $time_plugins_theme = str_replace("{plugin_name}", $pl_config['name'], $time_plugins_theme);
             $time_plugins_theme = $menu == $name ? str_replace("{plugin_active}", "_active", $time_plugins_theme) : str_replace("{plugin_active}", "", $time_plugins_theme);
             $time_plugins_theme = str_replace("{URL_CABINET}", $this->config_dle['http_home_url'] . $this->config['page'] . ".html", $time_plugins_theme);
             $plugins .= $time_plugins_theme;
     $tpl = str_replace("{URL_CABINET}", $this->config_dle['http_home_url'] . $this->config['page'] . ".html", $tpl);
     $tpl = str_replace("{THEME}", $this->config_dle['http_home_url'] . "templates/" . $this->config_dle['skin'] . "/billing", $tpl);
     $tpl = str_replace("[active]" . $menu . "[/active]", "_active", $tpl);
     $tpl = str_replace("{BALANCE}", $this->member_id[$this->config['fname']] . " " . $this->pay_api->bf_declOfNum($this->config['currency']), $tpl);
     $tpl = preg_replace("'\\[active\\].*?\\[/active\\]'si", '', $tpl);
     $tpl = preg_replace("'\\[plugin\\].*?\\[/plugin\\]'si", $plugins, $tpl);
     $elements = array();
     return $tpl;
Exemple #2
require_once ENGINE_DIR . '/modules/sitelogin.php';
if (!$is_logged or !$user_group[$member_id['user_group']]['allow_admin']) {
$buffer = "";
if ($_REQUEST['action'] == "clearCache") {
    if ($member_id['user_group'] != 1) {
    $buffer = "Кеш стрима успешно очищен.";
} elseif ($_REQUEST['action'] == 'setTitle') {
    $login = totranslit($_POST['login']);
    $error = array();
    $service = $_POST['service'];
    switch ($service) {
        case "twitch":
            $titleTW = gettwitch($login, true);
            if ($titleTW['status'] == '404') {
                $setTitle = false;
                $error = array("status" => inv("Данного логина не существует в этом сервисе стримминга. Проверьте правильность веденного логина пользователя."), "code" => 404);
            } else {
                $setTitle = $titleTW['status'];
        case "goodgame":
            $titleGG = setTitleGG($login);
            if (!$titleGG) {
Exemple #3
@ini_set('error_reporting', E_ALL ^ E_WARNING ^ E_NOTICE);
define('DATALIFEENGINE', true);
define('ROOT_DIR', substr(dirname(__FILE__), 0, -12));
define('ENGINE_DIR', ROOT_DIR . '/engine');
include ENGINE_DIR . '/data/config.php';
if ($config['http_home_url'] == "") {
    $config['http_home_url'] = explode("engine/ajax/complaint.php", $_SERVER['PHP_SELF']);
    $config['http_home_url'] = reset($config['http_home_url']);
    $config['http_home_url'] = "http://" . $_SERVER['HTTP_HOST'] . $config['http_home_url'];
require_once ENGINE_DIR . '/classes/mysql.php';
require_once ENGINE_DIR . '/data/dbconfig.php';
require_once ENGINE_DIR . '/modules/functions.php';
$_COOKIE['dle_skin'] = trim(totranslit($_COOKIE['dle_skin'], false, false));
$_TIME = time();
if ($_COOKIE['dle_skin']) {
    if (@is_dir(ROOT_DIR . '/templates/' . $_COOKIE['dle_skin'])) {
        $config['skin'] = $_COOKIE['dle_skin'];
if ($config["lang_" . $config['skin']]) {
    if (file_exists(ROOT_DIR . '/language/' . $config["lang_" . $config['skin']] . '/website.lng')) {
        @(include_once ROOT_DIR . '/language/' . $config["lang_" . $config['skin']] . '/website.lng');
    } else {
        die("Language file not found");
} else {
    include_once ROOT_DIR . '/language/' . $config['langs'] . '/website.lng';
if ($config['allow_share'] and ($dle_module == "showfull" or $dle_module == "static")) {
    if (preg_match("/(msie)/i", $_SERVER['HTTP_USER_AGENT'])) {
        $js_array[] = "engine/classes/masha/ierange.js";
        $js_array[] = "engine/classes/masha/masha.js";
    } else {
        $js_array[] = "engine/classes/masha/masha.js";
$js_array = build_js($js_array, $config);
if ($allow_comments_ajax and ($config['allow_comments_wysiwyg'] or $config['allow_quick_wysiwyg'])) {
    $lang['wysiwyg_language'] = totranslit($lang['wysiwyg_language'], false, false);
    if ($config['allow_quick_wysiwyg'] == "2" or $config['allow_comments_wysiwyg'] == "2") {
        $js_array .= "\n<script type=\"text/javascript\" src=\"{$config['http_home_url']}engine/editor/jscripts/tiny_mce/jquery.tinymce.js\"></script>";
    if ($config['allow_quick_wysiwyg'] == "1" or $config['allow_comments_wysiwyg'] == "1") {
        $js_array .= "\n<script type=\"text/javascript\" src=\"{$config['http_home_url']}engine/editor/scripts/language/{$lang['wysiwyg_language']}/editor_lang.js\"></script>";
        $js_array .= "\n<script type=\"text/javascript\" src=\"{$config['http_home_url']}engine/editor/scripts/innovaeditor.js\"></script>";
if ($config['allow_admin_wysiwyg'] == "1" or $config['allow_site_wysiwyg'] == "1" or $config['allow_static_wysiwyg'] == "1") {
    $js_array .= "\n<script type=\"text/javascript\" src=\"http://ajax.googleapis.com/ajax/libs/webfont/1/webfont.js\"></script>";
    $js_array .= "\n<script type=\"text/javascript\" src=\"{$config['http_home_url']}engine/editor/scripts/webfont.js\"></script>";
    $js_array .= "\n<link media=\"screen\" href=\"{$config['http_home_url']}engine/editor/css/default.css\" type=\"text/css\" rel=\"stylesheet\" />";
if (strpos($tpl->result['content'], "<video") !== false) {
    $js_array .= "\n<link media=\"screen\" href=\"{$config['http_home_url']}engine/editor/scripts/common/mediaelement/mediaelementplayer.min.css\" type=\"text/css\" rel=\"stylesheet\" />";
Exemple #5
     $descr = $lang['rules_edit'];
 } else {
     $name = trim(totranslit($_POST['name'], true, false));
     $descr = trim($db->safesql(htmlspecialchars($_POST['description'])));
     if (!count($_POST['grouplevel'])) {
         $_POST['grouplevel'] = array("all");
     $grouplevel = $db->safesql(implode(',', $_POST['grouplevel']));
 $disable_index = isset($_POST['disable_index']) ? intval($_POST['disable_index']) : 0;
 $template = $db->safesql($template);
 $allow_template = intval($_POST['allow_template']);
 $allow_count = intval($_POST['allow_count']);
 $allow_sitemap = intval($_POST['allow_sitemap']);
 $tpl = trim(totranslit($_POST['static_tpl']));
 $skin_name = trim(totranslit($_POST['skin_name'], false, false));
 $newdate = $_POST['newdate'];
 if (isset($_POST['allow_date'])) {
     $allow_date = $_POST['allow_date'];
 } else {
     $allow_date = "";
 if (isset($_POST['allow_now'])) {
     $allow_now = $_POST['allow_now'];
 } else {
     $allow_now = "";
 // Обработка даты и времени
 $added_time = time() + $config['date_adjust'] * 60;
 $newsdate = strtotime($newdate);
 if ($allow_date != "yes") {
@ini_set('error_reporting', E_ALL ^ E_WARNING ^ E_NOTICE);
define('DATALIFEENGINE', true);
define('ROOT_DIR', substr(dirname(__FILE__), 0, -12));
define('ENGINE_DIR', ROOT_DIR . '/engine');
include ENGINE_DIR . '/data/config.php';
if ($config['http_home_url'] == "") {
    $config['http_home_url'] = explode("engine/ajax/profile.php", $_SERVER['PHP_SELF']);
    $config['http_home_url'] = reset($config['http_home_url']);
    $config['http_home_url'] = "http://" . $_SERVER['HTTP_HOST'] . $config['http_home_url'];
require_once ENGINE_DIR . '/classes/mysql.php';
require_once ENGINE_DIR . '/data/dbconfig.php';
require_once ENGINE_DIR . '/modules/functions.php';
require_once ENGINE_DIR . '/classes/templates.class.php';
$_REQUEST['skin'] = trim(totranslit($_REQUEST['skin'], false, false));
$_TIME = time() + $config['date_adjust'] * 60;
if ($_REQUEST['skin'] == "" or !@is_dir(ROOT_DIR . '/templates/' . $_REQUEST['skin'])) {
    die("Hacking attempt!");
//################# Определение групп пользователей
$user_group = get_vars("usergroup");
if (!$user_group) {
    $user_group = array();
    $db->query("SELECT * FROM " . USERPREFIX . "_usergroups ORDER BY id ASC");
    while ($row = $db->get_row()) {
        $user_group[$row['id']] = array();
        foreach ($row as $key => $value) {
            $user_group[$row['id']][$key] = stripslashes($value);
 //Проверка на админа
 $row = $db->super_query("SELECT admin, del, ban FROM `" . PREFIX . "_communities` WHERE id = '{$id}'");
 if (stripos($row['admin'], "u{$user_id}|") !== false and isset($wall_text) and !empty($wall_text) or isset($attach_files) and !empty($attach_files) and $row['del'] == 0 and $row['ban'] == 0) {
     //Оприделение изображения к ссылке
     if (stripos($attach_files, 'link|') !== false) {
         $attach_arr = explode('||', $attach_files);
         $cnt_attach_link = 1;
         foreach ($attach_arr as $attach_file) {
             $attach_type = explode('|', $attach_file);
             if ($attach_type[0] == 'link' and preg_match('/http:\\/\\/(.*?)+$/i', $attach_type[1]) and $cnt_attach_link == 1) {
                 $domain_url_name = explode('/', $attach_type[1]);
                 $rdomain_url_name = str_replace('http://', '', $domain_url_name[2]);
                 $rImgUrl = $attach_type[4];
                 $rImgUrl = str_replace("\\", "/", $rImgUrl);
                 $img_name_arr = explode(".", $rImgUrl);
                 $img_format = totranslit(end($img_name_arr));
                 $image_name = substr(md5($server_time . md5($rImgUrl)), 0, 15);
                 //Разришенные форматы
                 $allowed_files = array('jpg', 'jpeg', 'jpe', 'png', 'gif');
                 //Загружаем картинку на сайт
                 if (in_array(strtolower($img_format), $allowed_files) and preg_match("/http:\\/\\/(.*?)(.jpg|.png|.gif|.jpeg|.jpe)/i", $rImgUrl)) {
                     //Директория загрузки фото
                     $upload_dir = ROOT_DIR . '/uploads/attach/' . $user_id;
                     //Если нет папки юзера, то создаём её
                     if (!is_dir($upload_dir)) {
                         @mkdir($upload_dir, 0777);
                         @chmod($upload_dir, 0777);
                     //Подключаем класс для фотографий
                     include ENGINE_DIR . '/classes/images.php';
                     if (@copy($rImgUrl, $upload_dir . '/' . $image_name . '.' . $img_format)) {
Exemple #8
     $short_story = $db->safesql($parse->BB_Parse($parse->process($_POST['short_story']), false));
     $allow_br = 1;
 if ($parse->not_allowed_text) {
     $stop .= "<li>" . $lang['news_err_39'] . "</li>";
 $title = $db->safesql($parse->process(trim(strip_tags($_POST['title']))));
 $alt_name = trim($parse->process(stripslashes($_POST['alt_name'])));
 $add_module = "yes";
 $xfieldsaction = "init";
 $category = $catlist;
 include ENGINE_DIR . '/inc/xfields.php';
 if ($alt_name == "" or !$alt_name) {
     $alt_name = totranslit(stripslashes($title), true, false);
 } else {
     $alt_name = totranslit($alt_name, true, false);
 if ($title == "" or !$title) {
     $stop .= $lang['add_err_1'];
 if (dle_strlen($title, $config['charset']) > 200) {
     $stop .= $lang['add_err_2'];
 if ($config['create_catalog']) {
     $catalog_url = $db->safesql(dle_substr(htmlspecialchars(strip_tags(stripslashes(trim($title))), ENT_QUOTES, $config['charset']), 0, 1, $config['charset']));
 } else {
     $catalog_url = "";
 if ($user_group[$member_id['user_group']]['disable_news_captcha'] and $member_id['news_num'] >= $user_group[$member_id['user_group']]['disable_news_captcha']) {
     $user_group[$member_id['user_group']]['news_question'] = false;
     $user_group[$member_id['user_group']]['news_sec_code'] = false;
Exemple #9
         header("Location: {$_SERVER['REQUEST_URI']}");
 if ($_POST['banned']) {
     $banned = "yes";
 if (!$user_group[$editlevel]['time_limit']) {
     $time_limit = "";
 $image = $_FILES['image']['tmp_name'];
 $image_name = $_FILES['image']['name'];
 $image_size = $_FILES['image']['size'];
 $img_name_arr = explode(".", $image_name);
 $type = totranslit(end($img_name_arr));
 if ($image_name != "") {
     $image_name = totranslit(stripslashes($img_name_arr[0])) . "." . $type;
 if (stripos($image_name, "php") !== false) {
     die("Hacking attempt!");
 if (is_uploaded_file($image)) {
     if ($image_size < 100000) {
         $allowed_extensions = array("jpg", "png", "jpe", "jpeg", "gif");
         if (in_array($type, $allowed_extensions) and $image_name) {
             include_once ENGINE_DIR . '/classes/thumb.class.php';
             $res = @move_uploaded_file($image, ROOT_DIR . "/uploads/fotos/" . $id . "." . $type);
             if ($res) {
                 @chmod(ROOT_DIR . "/uploads/fotos/" . $id . "." . $type, 0666);
                 $thumb = new thumbnail(ROOT_DIR . "/uploads/fotos/" . $id . "." . $type);
                 if ($thumb->size_auto($user_group[$member_id['user_group']]['max_foto'])) {
 private function check_filename($filename)
     if ($filename != "") {
         $filename = str_replace("\\", "/", $filename);
         $filename = str_replace("..", "", $filename);
         $filename = str_replace("/", "", $filename);
         $filename_arr = explode(".", $filename);
         $type = totranslit(end($filename_arr));
         $curr_key = key($filename_arr);
         $filename = totranslit(implode(".", $filename_arr), false) . "." . $type;
     } else {
         return false;
     $filename = str_replace("..", ".", $filename);
     $filename = str_ireplace("php", "", $filename);
     if (stripos($filename, "php") !== false) {
         return false;
     if (stripos($filename, "phtm") !== false) {
         return false;
     if (stripos($filename, "shtm") !== false) {
         return false;
     if (stripos($filename, ".htaccess") !== false) {
         return false;
     if (stripos($filename, ".cgi") !== false) {
         return false;
     if (stripos($filename, ".html") !== false) {
         return false;
     if (stripos($filename, ".ini") !== false) {
         return false;
     if (stripos($filename, ".") === 0) {
         return false;
     if (stripos($filename, ".") === false) {
         return false;
     return $filename;
Exemple #11
 function sub_load_template($tpl_name)
     $tpl_name = str_replace(chr(0), '', $tpl_name);
     $url = @parse_url($tpl_name);
     $file_path = dirname($this->clear_url_dir($url['path']));
     $tpl_name = pathinfo($url['path']);
     $tpl_name = totranslit($tpl_name['basename']);
     $type = explode(".", $tpl_name);
     $type = strtolower(end($type));
     if ($type != "tpl") {
         return "Not Allowed Template Name: " . $tpl_name;
     if ($file_path and $file_path != ".") {
         $tpl_name = $file_path . "/" . $tpl_name;
     if (strpos($tpl_name, '/templates/') === 0) {
         $tpl_name = str_replace('/templates/', '', $tpl_name);
         $templatefile = ROOT_DIR . '/templates/' . $tpl_name;
     } else {
         $templatefile = $this->dir . "/" . $tpl_name;
     if ($tpl_name == '' || !file_exists($templatefile)) {
         $templatefile = str_replace(ROOT_DIR, '', $templatefile);
         return "Template not found: " . $templatefile;
         return false;
     if (stripos($templatefile, ".php") !== false) {
         return "Not Allowed Template Name: " . $tpl_name;
     $template = file_get_contents($templatefile);
     $template = $this->check_module($template);
     if (strpos($template, "[group=") !== false or strpos($template, "[not-group=") !== false) {
         $template = $this->check_group($template);
     if (strpos($template, "[page-count=") !== false) {
         $template = preg_replace_callback("#\\[(page-count)=(.+?)\\](.*?)\\[/page-count\\]#is", array(&$this, 'check_page'), $template);
     if (strpos($template, "[not-page-count=") !== false) {
         $template = preg_replace_callback("#\\[(not-page-count)=(.+?)\\](.*?)\\[/not-page-count\\]#is", array(&$this, 'check_page'), $template);
     if (strpos($template, "[tags=") !== false) {
         $template = preg_replace_callback("#\\[(tags)=(.+?)\\](.*?)\\[/tags\\]#is", array(&$this, 'check_tag'), $template);
     if (strpos($template, "[not-tags=") !== false) {
         $template = preg_replace_callback("#\\[(not-tags)=(.+?)\\](.*?)\\[/not-tags\\]#is", array(&$this, 'check_tag'), $template);
     if (strpos($template, "[news=") !== false) {
         $template = preg_replace_callback("#\\[(news)=(.+?)\\](.*?)\\[/news\\]#is", array(&$this, 'check_tag'), $template);
     if (strpos($template, "[not-news=") !== false) {
         $template = preg_replace_callback("#\\[(not-news)=(.+?)\\](.*?)\\[/not-news\\]#is", array(&$this, 'check_tag'), $template);
     if (strpos($template, "[smartphone]") !== false) {
         $template = preg_replace_callback("#\\[(smartphone)\\](.*?)\\[/smartphone\\]#is", array(&$this, 'check_device'), $template);
     if (strpos($template, "[not-smartphone]") !== false) {
         $template = preg_replace_callback("#\\[(not-smartphone)\\](.*?)\\[/not-smartphone\\]#is", array(&$this, 'check_device'), $template);
     if (strpos($template, "[tablet]") !== false) {
         $template = preg_replace_callback("#\\[(tablet)\\](.*?)\\[/tablet\\]#is", array(&$this, 'check_device'), $template);
     if (strpos($template, "[not-tablet]") !== false) {
         $template = preg_replace_callback("#\\[(not-tablet)\\](.*?)\\[/not-tablet\\]#is", array(&$this, 'check_device'), $template);
     if (strpos($template, "[desktop]") !== false) {
         $template = preg_replace_callback("#\\[(desktop)\\](.*?)\\[/desktop\\]#is", array(&$this, 'check_device'), $template);
     if (strpos($template, "[not-desktop]") !== false) {
         $template = preg_replace_callback("#\\[(not-desktop)\\](.*?)\\[/not-desktop\\]#is", array(&$this, 'check_device'), $template);
     return $template;
Exemple #12
$_IP = $db->safesql($_SERVER['REMOTE_ADDR']);
$_TIME = time() + $config['date_adjust'] * 60;
require_once ENGINE_DIR . '/skins/default.skin.php';
if (isset($_POST['action'])) {
    $action = $_POST['action'];
} else {
    $action = $_GET['action'];
if (isset($_POST['mod'])) {
    $mod = $_POST['mod'];
} else {
    $mod = $_GET['mod'];
$mod = totranslit($mod, true, false);
$action = totranslit($action, false, false);
$user_group = get_vars("usergroup");
if (!$user_group) {
    $user_group = array();
    $db->query("SELECT * FROM " . USERPREFIX . "_usergroups ORDER BY id ASC");
    while ($row = $db->get_row()) {
        $user_group[$row['id']] = array();
        foreach ($row as $key => $value) {
            $user_group[$row['id']][$key] = stripslashes($value);
    set_vars("usergroup", $user_group);
$cat_info = get_vars("category");
if (!is_array($cat_info)) {
    $db->query("INSERT INTO " . USERPREFIX . "_admin_logs (name, date, ip, action, extras) values ('" . $db->safesql($member_id['name']) . "', '{$_TIME}', '{$_IP}', '4', '{$banner_tag}')");
    header("Location: " . $_SERVER['PHP_SELF'] . "?mod=banners");
if ($_POST['action'] == "doedit") {
    if ($_REQUEST['user_hash'] == "" or $_REQUEST['user_hash'] != $dle_login_hash) {
        die("Hacking attempt! User not found");
    if (!$id) {
        msg("error", "ID not valid", "ID not valid");
    if (function_exists("get_magic_quotes_gpc") && get_magic_quotes_gpc()) {
        $_POST['banner_descr'] = stripslashes($_POST['banner_descr']);
        $_POST['banner_code'] = stripslashes($_POST['banner_code']);
    $banner_tag = totranslit(strip_tags(trim($_POST['banner_tag'])));
    $banner_descr = $db->safesql(strip_tags(trim($_POST['banner_descr'])));
    $banner_code = $db->safesql(trim($_POST['banner_code']));
    $approve = intval($_REQUEST['approve']);
    $short_place = intval($_REQUEST['short_place']);
    $bstick = intval($_REQUEST['bstick']);
    $main = intval($_REQUEST['main']);
    $fpage = intval($_REQUEST['fpage']);
    $category = $_POST['category'];
    if (!count($category)) {
        $category = array();
        $category[] = '0';
    $category_list = array();
    foreach ($category as $value) {
        $category_list[] = intval($value);
Exemple #14
} elseif ($action == "doedit") {
    if ($_REQUEST['user_hash'] == "" or $_REQUEST['user_hash'] != $dle_login_hash) {
        die("Hacking attempt! User not found");
    $quotes = array("'", "\"", "`", "\t", "\n", "\r", '"');
    $cat_name = $db->safesql(htmlspecialchars(strip_tags(stripslashes($_POST['cat_name'])), ENT_QUOTES));
    $skin_name = trim(totranslit($_POST['skin_name'], false, false));
    $cat_icon = $db->safesql(htmlspecialchars(strip_tags(stripslashes($_POST['cat_icon'])), ENT_QUOTES));
    $alt_cat_name = totranslit(stripslashes($_POST['alt_cat_name']), true, false);
    $catid = intval($_POST['catid']);
    $parentid = intval($_POST['parentid']);
    $meta_title = $db->safesql(htmlspecialchars(strip_tags(stripslashes($_POST['meta_title']))));
    $description = $db->safesql(dle_substr(strip_tags(stripslashes($_POST['descr'])), 0, 200, $config['charset']));
    $keywords = $db->safesql(str_replace($quotes, " ", strip_tags(stripslashes($_POST['keywords']))));
    $short_tpl = totranslit(stripslashes(trim($_POST['short_tpl'])));
    $full_tpl = totranslit(stripslashes(trim($_POST['full_tpl'])));
    if (in_array($_POST['news_sort'], array("date", "rating", "news_read", "title"))) {
        $news_sort = $db->safesql($_POST['news_sort']);
    } else {
        $news_sort = "";
    if (in_array($_POST['news_msort'], array("ASC", "DESC"))) {
        $news_msort = $db->safesql($_POST['news_msort']);
    } else {
        $news_msort = "";
    if ($_POST['news_number'] > 0) {
        $news_number = intval($_POST['news_number']);
    } else {
        $news_number = 0;
Exemple #15
 $short_story = $parse->process($_POST['short_story']);
 if ($config['allow_admin_wysiwyg'] or $allow_br != '1') {
     $full_story = $db->safesql($parse->BB_Parse($full_story));
     $short_story = $db->safesql($parse->BB_Parse($short_story));
 } else {
     $full_story = $db->safesql($parse->BB_Parse($full_story, false));
     $short_story = $db->safesql($parse->BB_Parse($short_story, false));
 if ($parse->not_allowed_text) {
     msg("error", $lang['addnews_error'], $lang['news_err_39'], "javascript:history.go(-1)");
 $alt_name = $_POST['alt_name'];
 if (trim($alt_name) == "" or !$alt_name) {
     $alt_name = totranslit(stripslashes($title), true, false);
 } else {
     $alt_name = totranslit(stripslashes($alt_name), true, false);
 $title = $db->safesql($title);
 $metatags = create_metatags($short_story . $full_story);
 $catalog_url = $db->safesql(dle_substr(htmlspecialchars(strip_tags(stripslashes(trim($_POST['catalog_url']))), ENT_QUOTES, $config['charset']), 0, 3, $config['charset']));
 if ($config['create_catalog'] and !$catalog_url) {
     $catalog_url = $db->safesql(dle_substr(htmlspecialchars(strip_tags(stripslashes(trim($title))), ENT_QUOTES, $config['charset']), 0, 1, $config['charset']));
 if (@preg_match("/[\\||\\<|\\>|\"|\\!|\\?|\$|\\@|\\/|\\\\|\\&\\~\\*\\+]/", $_POST['tags'])) {
     $_POST['tags'] = "";
 } else {
     $_POST['tags'] = @$db->safesql(htmlspecialchars(strip_tags(stripslashes(trim($_POST['tags']))), ENT_COMPAT, $config['charset']));
 if ($_POST['tags']) {
     $temp_array = array();
     $tags_array = array();
    if (!isset($xfieldsindex)) {
        msgbox('Информация', 'Выберите поле, которое хотите сдвинуть!', 'javascript:history.go(-1)');
    array_move($xfields, $xfieldsindex, +1);
//**************** Редактирование поля ****************** //
if ($_GET['act'] == 'edit') {
    $xfieldsindex = intval($_GET['id']);
    $editedxfield = $xfields[$xfieldsindex];
    //**************** Если нажали кнопку "Сохранить" ****************** //
    if (isset($_POST['edit_save'])) {
        $editedxfield = $_POST['editedxfield'];
        if (strlen(trim($editedxfield[0])) > 0 and strlen(trim($editedxfield[1])) > 0) {
            $editedxfield[0] = totranslit(trim($editedxfield[0]));
            $editedxfield[0] = str_replace('-', '_', $editedxfield[0]);
            $editedxfield[1] = htmlspecialchars(trim($editedxfield[1]));
            foreach ($xfields as $name => $value) {
                if ($name != $xfieldsindex and $value[0] == $editedxfield[0]) {
                    msgbox('Информация', 'Полe с таким названием уже существует!', 'javascript:history.go(-1)');
            if ($editedxfield[3] == "select") {
                $options = array();
                foreach (explode("\r\n", $editedxfield["6_select"]) as $name => $value) {
                    $value = trim($value);
                    if (!in_array($value, $options)) {
                        $options[] = $value;
Exemple #17
@ini_set('error_reporting', E_ALL ^ E_WARNING ^ E_NOTICE);
define('DATALIFEENGINE', true);
define('ROOT_DIR', substr(dirname(__FILE__), 0, -12));
define('ENGINE_DIR', ROOT_DIR . '/engine');
include ENGINE_DIR . '/data/config.php';
if ($config['http_home_url'] == "") {
    $config['http_home_url'] = explode("engine/ajax/rating.php", $_SERVER['PHP_SELF']);
    $config['http_home_url'] = reset($config['http_home_url']);
    $config['http_home_url'] = "http://" . $_SERVER['HTTP_HOST'] . $config['http_home_url'];
require_once ENGINE_DIR . '/classes/mysql.php';
require_once ENGINE_DIR . '/data/dbconfig.php';
require_once ENGINE_DIR . '/modules/functions.php';
$_REQUEST['skin'] = totranslit($_REQUEST['skin'], false, false);
if ($_REQUEST['skin']) {
    if (@is_dir(ROOT_DIR . '/templates/' . $_REQUEST['skin'])) {
        $config['skin'] = $_REQUEST['skin'];
    } else {
        die("Hacking attempt!");
if ($config["lang_" . $config['skin']]) {
    if (file_exists(ROOT_DIR . '/language/' . $config["lang_" . $config['skin']] . '/website.lng')) {
        include_once ROOT_DIR . '/language/' . $config["lang_" . $config['skin']] . '/website.lng';
    } else {
        die("Language file not found");
} else {
    include_once ROOT_DIR . '/language/' . $config['langs'] . '/website.lng';
Exemple #18
                 } else {
                     $stop .= $lang['news_err_14'];
             } else {
                 $stop .= $lang['news_err_15'];
         } else {
             $stop .= $lang['news_err_16'];
     } else {
         $stop .= $lang['news_err_32'];
     @unlink(ROOT_DIR . "/uploads/fotos/" . $row['user_id'] . "." . $type);
 if ($_POST['del_foto'] == "yes" and !$stop) {
     @unlink(ROOT_DIR . "/uploads/fotos/" . totranslit($row['foto']));
     $db->query("UPDATE " . USERPREFIX . "_users set foto='' WHERE user_id = '{$id}'");
 if (strlen($password1) > 0) {
     $altpass = md5($altpass);
     if ($altpass != $member_id['password']) {
         $stop .= $lang['news_err_17'];
     if ($password1 != $password2) {
         $stop .= $lang['news_err_18'];
     if (strlen($password1) < 6) {
         $stop .= $lang['news_err_19'];
     if ($member_id['user_id'] == $row['user_id'] and $user_group[$member_id['user_group']]['admin_editusers']) {
         $stop .= $lang['news_err_42'];
Exemple #19
 foreach ($_POST['content'] as $content) {
     $approve = intval($content['approve']);
     if (!count($content['category'])) {
         $content['category'] = array();
         $content['category'][] = '0';
     $category_list = array();
     foreach ($content['category'] as $value) {
         $category_list[] = intval($value);
     $category_list = $db->safesql(implode(',', $category_list));
     $full_story = $parse->process($content['full']);
     $short_story = $parse->process($content['short']);
     $title = $parse->process(trim(strip_tags($content['title'])));
     $_POST['title'] = $title;
     $alt_name = totranslit(stripslashes($title));
     $title = $db->safesql($title);
     if (!$allow_br) {
         $full_story = $db->safesql($parse->BB_Parse($full_story));
         $short_story = $db->safesql($parse->BB_Parse($short_story));
     } else {
         $full_story = $db->safesql($parse->BB_Parse($full_story, false));
         $short_story = $db->safesql($parse->BB_Parse($short_story, false));
     $metatags = create_metatags($short_story . $full_story);
     $thistime = date("Y-m-d H:i:s", strtotime($content['date']));
     if (trim($title) == "") {
         msg("error", $lang['addnews_error'], $lang['addnews_ertitle'], "javascript:history.go(-1)");
     if (trim($short_story) == "") {
         msg("error", $lang['addnews_error'], $lang['addnews_erstory'], "javascript:history.go(-1)");
Exemple #20
    $_SERVER['HTTP_HOST'] = reset_url($_SERVER['HTTP_HOST']);
        @header('Location: ' . $config['http_home_url']);
        die("Access denied!!!<br /><br />Please visit <a href=\"{$config['http_home_url']}\">{$config['http_home_url']}</a>");
$id = intval($_REQUEST['id']);
if ($_REQUEST['area'] == "static") {
    $row = $db->super_query("SELECT name, onserver FROM " . PREFIX . "_static_files WHERE id ='{$id}'");
} else {
    $row = $db->super_query("SELECT name, onserver FROM " . PREFIX . "_files WHERE id ='{$id}'");
if (!$row) {
    die("Access denied");
$config['files_max_speed'] = intval($config['files_max_speed']);
$row['onserver'] = totranslit($row['onserver'], false);
$file = new download(FILE_DIR . $row['onserver'], $row['name'], $config['files_force'], $config['files_max_speed']);
if ($_REQUEST['area'] == "static") {
    if ($config['files_count'] == "yes" and !$file->range) {
        $db->query("UPDATE " . PREFIX . "_static_files SET dcount=dcount+1 WHERE id ='{$id}'");
} else {
    if ($config['files_count'] == "yes" and !$file->range) {
        $db->query("UPDATE " . PREFIX . "_files SET dcount=dcount+1 WHERE id ='{$id}'");
Exemple #21
define('DATALIFEENGINE', true);
define('ROOT_DIR', substr(dirname(__FILE__), 0, -12));
define('ENGINE_DIR', ROOT_DIR . '/engine');
include ENGINE_DIR . '/data/config.php';
if ($config['http_home_url'] == "") {
    $config['http_home_url'] = explode("engine/ajax/antivirus.php", $_SERVER['PHP_SELF']);
    $config['http_home_url'] = reset($config['http_home_url']);
    $config['http_home_url'] = "http://" . $_SERVER['HTTP_HOST'] . $config['http_home_url'];
require_once ENGINE_DIR . '/classes/mysql.php';
require_once ENGINE_DIR . '/data/dbconfig.php';
require_once ENGINE_DIR . '/inc/include/functions.inc.php';
$selected_language = $config['langs'];
if (isset($_COOKIE['selected_language'])) {
    $_COOKIE['selected_language'] = trim(totranslit($_COOKIE['selected_language'], false, false));
    if ($_COOKIE['selected_language'] != "" and @is_dir(ROOT_DIR . '/language/' . $_COOKIE['selected_language'])) {
        $selected_language = $_COOKIE['selected_language'];
if (file_exists(ROOT_DIR . '/language/' . $selected_language . '/adminpanel.lng')) {
    require_once ROOT_DIR . '/language/' . $selected_language . '/adminpanel.lng';
} else {
    die("Language file not found");
$config['charset'] = $lang['charset'] != '' ? $lang['charset'] : $config['charset'];
require_once ENGINE_DIR . '/modules/sitelogin.php';
if ($member_id['user_group'] != 1) {
require_once ENGINE_DIR . '/classes/antivirus.class.php';
 Copyright (c) 2004,2013 SoftNews Media Group
 Данный код защищен авторскими правами
 Файл: static.php
 Назначение: вывод статистических страниц
if (!defined('DATALIFEENGINE')) {
    die("Hacking attempt!");
$name = @$db->safesql(trim(totranslit($_GET['page'], true, false)));
if (!$static_result['id']) {
    $static_result = $db->super_query("SELECT * FROM " . PREFIX . "_static WHERE name='{$name}'");
} else {
    $static_result['id'] = intval($static_result['id']);
if ($static_result['id']) {
    if ($static_result['allow_count']) {
        $db->query("UPDATE " . PREFIX . "_static SET views=views+1 WHERE id='{$static_result['id']}'");
    $static_result['grouplevel'] = explode(',', $static_result['grouplevel']);
    if ($static_result['date']) {
        $_DOCUMENT_DATE = $static_result['date'];
    $disable_index = $static_result['disable_index'];
    if ($static_result['grouplevel'][0] != "all" and !in_array($member_id['user_group'], $static_result['grouplevel'])) {
Exemple #23
        $config['skin'] = $_COOKIE['dle_skin'];
if ($config["lang_" . $config['skin']]) {
    if (file_exists(ROOT_DIR . '/language/' . $config["lang_" . $config['skin']] . '/website.lng')) {
        @(include_once ROOT_DIR . '/language/' . $config["lang_" . $config['skin']] . '/website.lng');
    } else {
        die("Language file not found");
} else {
    include_once ROOT_DIR . '/language/' . $config['langs'] . '/website.lng';
$config['charset'] = $lang['charset'] != '' ? $lang['charset'] : $config['charset'];
require_once ENGINE_DIR . '/classes/parse.class.php';
require_once ENGINE_DIR . '/modules/sitelogin.php';
$area = totranslit($_REQUEST['area'], true, false);
if (!$area) {
    $area = "news";
$allowed_areas = array('news' => array('comments_table' => 'comments'), 'ajax' => array('comments_table' => 'comments'), 'lastcomments' => array('comments_table' => 'comments'));
if (!is_array($allowed_areas[$area])) {
$parse = new ParseFilter();
$parse->safe_mode = true;
if (!$is_logged) {
$id = intval($_REQUEST['id']);
if (!$id) {
Exemple #24
 $profile_link = $config['http_home_url'] . "user/" . urlencode($member_id['name']) . "/";
 $options = array();
 $options['config'] = array(array('name' => $lang['opt_all'], 'url' => "?mod=options&action=syscon", 'mod' => "options", 'access' => "admin"), array('name' => $lang['opt_cat'], 'url' => "?mod=categories", 'mod' => "categories", 'access' => $user_group[$member_id['user_group']]['admin_categories']), array('name' => $lang['opt_db'], 'url' => "?mod=dboption", 'mod' => "dboption", 'access' => "admin"), array('name' => $lang['opt_vconf'], 'url' => "?mod=videoconfig", 'mod' => "videoconfig", 'access' => "admin"), array('name' => $lang['opt_xfil'], 'url' => "?mod=xfields&xfieldsaction=configure", 'mod' => "xfields", 'access' => $user_group[$member_id['user_group']]['admin_xfields']), array('name' => $lang['opt_question'], 'url' => "?mod=question", 'mod' => "question", 'access' => "admin"));
 $options['user'] = array(array('name' => $lang['opt_user'], 'url' => "?mod=editusers&action=list", 'mod' => "editusers", 'access' => $user_group[$member_id['user_group']]['admin_editusers']), array('name' => $lang['opt_xprof'], 'url' => "?mod=userfields&xfieldsaction=configure", 'mod' => "userfields", 'access' => $user_group[$member_id['user_group']]['admin_userfields']), array('name' => $lang['opt_group'], 'url' => "?mod=usergroup", 'mod' => "usergroup", 'access' => "admin"), array('name' => $lang['opt_social'], 'url' => "?mod=social", 'mod' => "social", 'access' => "admin"));
 $options['templates'] = array(array('name' => $lang['opt_t'], 'url' => "?mod=templates&user_hash=" . $dle_login_hash, 'mod' => "templates", 'access' => "admin"), array('name' => $lang['opt_email'], 'url' => "?mod=email", 'mod' => "email", 'access' => "admin"));
 $options['filter'] = array(array('name' => $lang['opt_fil'], 'url' => "?mod=wordfilter", 'mod' => "wordfilter", 'access' => $user_group[$member_id['user_group']]['admin_wordfilter']), array('name' => $lang['opt_ipban'], 'url' => "?mod=blockip", 'mod' => "blockip", 'access' => $user_group[$member_id['user_group']]['admin_blockip']), array('name' => $lang['opt_iptools'], 'url' => "?mod=iptools", 'mod' => "iptools", 'access' => $user_group[$member_id['user_group']]['admin_iptools']), array('name' => $lang['opt_sfind'], 'url' => "?mod=search", 'mod' => "search", 'access' => "admin"), array('name' => $lang['opt_srebuild'], 'url' => "?mod=rebuild", 'mod' => "rebuild", 'access' => "admin"), array('name' => $lang['opt_complaint'], 'url' => "?mod=complaint", 'mod' => "complaint", 'access' => $user_group[$member_id['user_group']]['admin_complaint']), array('name' => $lang['opt_check'], 'url' => "?mod=check", 'mod' => "check", 'access' => "admin"), array('name' => $lang['opt_links'], 'url' => "?mod=links", 'mod' => "links", 'access' => "admin"));
 $options['others'] = array(array('name' => $lang['opt_rules'], 'url' => "?mod=static&action=doedit&page=rules", 'mod' => "rules", 'access' => $user_group[$member_id['user_group']]['admin_static']), array('name' => $lang['opt_static'], 'url' => "?mod=static", 'mod' => "static", 'access' => $user_group[$member_id['user_group']]['admin_static']), array('name' => $lang['opt_clean'], 'url' => "?mod=clean", 'mod' => "clean", 'access' => "admin"), array('name' => $lang['main_newsl'], 'url' => "?mod=newsletter", 'mod' => "newsletter", 'access' => $user_group[$member_id['user_group']]['admin_newsletter']), array('name' => $lang['opt_vote'], 'url' => "?mod=editvote", 'mod' => "editvote", 'access' => $user_group[$member_id['user_group']]['admin_editvote']), array('name' => $lang['opt_img'], 'url' => "?mod=files", 'mod' => "files", 'access' => "admin"), array('name' => $lang['opt_banner'], 'url' => "?mod=banners&action=list", 'mod' => "banners", 'access' => $user_group[$member_id['user_group']]['admin_banners']), array('name' => $lang['opt_google'], 'url' => "?mod=googlemap", 'mod' => "googlemap", 'access' => $user_group[$member_id['user_group']]['admin_googlemap']), array('name' => $lang['opt_rss'], 'url' => "?mod=rss", 'mod' => "rss", 'access' => $user_group[$member_id['user_group']]['admin_rss']), array('name' => $lang['opt_rssinform'], 'url' => "?mod=rssinform", 'mod' => "rssinform", 'access' => $user_group[$member_id['user_group']]['admin_rssinform']), array('name' => $lang['opt_tagscloud'], 'url' => "?mod=tagscloud", 'mod' => "tagscloud", 'access' => $user_group[$member_id['user_group']]['admin_tagscloud']), array('name' => $lang['opt_logs'], 'url' => "?mod=logs", 'mod' => "logs", 'access' => "admin"));
 $db->query("SELECT * FROM " . PREFIX . "_admin_sections");
 while ($row = $db->get_array()) {
     if ($row['allow_groups'] != "all") {
         $groups = explode(",", $row['allow_groups']);
         if (!in_array($member_id['user_group'], $groups) and $member_id['user_group'] != 1) {
     $row['name'] = totranslit($row['name'], true, false);
     $row['title'] = strip_tags(stripslashes($row['title']));
     $options['admin_sections'][] = array('name' => $row['title'], 'url' => "?mod={$row['name']}", 'mod' => "{$row['name']}", 'access' => 1);
 foreach ($options as $sub_options => $value) {
     $count_options = count($value);
     for ($i = 0; $i < $count_options; $i++) {
         if ($member_id['user_group'] == 1) {
         if ($member_id['user_group'] != 1 and $value[$i]['access'] == "admin") {
         if (!$value[$i]['access']) {
Exemple #25
                     @unlink(ROOT_DIR . "/uploads/posts/" . $folder_prefix . $dataimages);
                     @unlink(ROOT_DIR . "/uploads/posts/" . $folder_prefix . "thumbs/" . $dataimages);
             $db->query("DELETE FROM " . PREFIX . "_images WHERE news_id = '{$item_db['0']}'");
             $db->query("SELECT id, onserver FROM " . PREFIX . "_files WHERE news_id = '{$item_db['0']}'");
             while ($row = $db->get_row()) {
                 $url = explode("/", $row['onserver']);
                 if (count($url) == 2) {
                     $folder_prefix = $url[0] . "/";
                     $file = $url[1];
                 } else {
                     $folder_prefix = "";
                     $file = $url[0];
                 $file = totranslit($file, false);
                 if (trim($file) == ".htaccess") {
                     die("Hacking attempt!");
                 @unlink(ROOT_DIR . "/uploads/files/" . $folder_prefix . $file);
             $db->query("DELETE FROM " . PREFIX . "_files WHERE news_id = '{$item_db['0']}'");
     } else {
         $no_permission = TRUE;
 clear_cache(array('news_', 'full_' . $item_db[0], 'comm_' . $item_db[0], 'tagscloud_', 'archives_', 'calendar_', 'rss'));
 if (!$_SESSION['admin_referrer']) {
     $_SESSION['admin_referrer'] = "?mod=editnews&amp;action=list";
     $where_date = " AND date < '" . $thisdate . "'";
 } else {
     $where_date = "";
 $this_month = date('m', $_TIME);
 $this_year = date('Y', $_TIME);
 $sql = "";
 if ($year != '' and $month != '') {
     $cache_id = $config['skin'] . $month . $year;
 } else {
     $cache_id = $config['skin'] . $this_month . $this_year;
 $tpl->result['calendar'] = dle_cache("calendar", $cache_id);
 if (!$tpl->result['calendar']) {
     if ($year != '' and $month != '') {
         $month = totranslit($month, true, false);
         if ($year == $this_year and $month < $this_month or $year < $this_year) {
             $where_date = "";
             $approve = "";
         } else {
             $approve = " AND approve=1";
         $sql = "SELECT DISTINCT DAYOFMONTH(date) as day FROM " . PREFIX . "_post WHERE date >= '{$year}-{$month}-01' AND date < '{$year}-{$month}-01' + INTERVAL 1 MONTH" . $approve . $where_date;
         $this_month = $month;
         $this_year = $year;
     } else {
         $sql = "SELECT DISTINCT DAYOFMONTH(date) as day FROM " . PREFIX . "_post WHERE date >= '{$this_year}-{$this_month}-01' AND date < '{$this_year}-{$this_month}-01' + INTERVAL 1 MONTH AND approve=1" . $where_date;
     if ($sql != "") {
         while ($row = $db->get_row()) {
Exemple #27
} else {
    $user = '';
$category = '';
if (isset($_REQUEST['do'])) {
    $do = totranslit($_REQUEST['do']);
} else {
    $do = "";
if (isset($_REQUEST['subaction'])) {
    $subaction = totranslit($_REQUEST['subaction']);
} else {
    $subaction = "";
if (isset($_REQUEST['doaction'])) {
    $doaction = totranslit($_REQUEST['doaction']);
} else {
    $doaction = "";
if ($do == "tags" and !$_GET['tag']) {
    $do = "alltags";
$dle_module = $do;
if ($do == "" and !$subaction and $year) {
    $dle_module = "date";
} elseif ($do == "" and $catalog) {
    $dle_module = "catalog";
} elseif ($do == "") {
    $dle_module = $subaction;
if ($subaction == '' and $newsid) {
function setTitleGG($login)
    $stream_goodgame = file_get_contents("http://goodgame.ru/api/getchannelstatus?id=" . totranslit($login) . "&fmt=json");
    $stream_goodgame = json_decode($stream_goodgame, true);
    $idXml = getgoodgame(totranslit($login));
    $id = explode("=>", $idXml->stream->stream_id);
    return $stream_goodgame[$id[0]];
Exemple #29
        $img_info = @getimagesize($config_path_image_upload . $file);
        $total_size += $this_size;
        echo "\n\t  <tr>\n\t  <td><a target=_blank href=\"" . $config['http_home_url'] . "uploads/" . $userdir . $sub_dir . "{$file}\">{$file}</a></td>\n\t  <td>{$img_info['0']}x{$img_info['1']}</td>\n\t  <td>" . formatsize($this_size) . "</td>\n\t  <td><input type=\"checkbox\" name=\"images[{$file}]\" value=\"{$file}\" style=\"border: 0; background: transparent;\"></td>\n\t  </tr>";
if (!$total_size) {
    echo "<tr><td colspan=\"4\" align=\"center\" height=\"40\">" . $lang['files_head_4'] . "</td></tr>";
echo "</tbody></table><div class=\"box-footer padded\">\n\t\t<div id=\"file-uploader\" style=\"width:210px;float:left;\"></div>{$lang['images_listdir']} {$folder_list}\n\t\t<div style=\"float:right;\">{$lang['images_size']} " . formatsize($total_size) . " <input class=\"btn btn-red\" type=\"submit\" value=\" {$lang['images_del']} \"><input type=\"hidden\" name=\"action\" value=\"doimagedelete\"><input type=\"hidden\" name=\"user_hash\" value=\"{$dle_login_hash}\" /></div>\n\t</div>";
if ($_GET['userdir']) {
    $userdir = totranslit($_GET['userdir'], true, false);
} else {
    $userdir = "";
if ($_GET['sub_dir']) {
    $subdir = totranslit($_GET['sub_dir'], true, false);
} else {
    $subdir = "";
echo <<<HTML
<script type="text/javascript">
jQuery(document).ready(function (\$) {

\tvar totaladded = 0;
\tvar totaluploaded = 0;

\tvar uploader = new qq.FileUploader({
\t\telement: document.getElementById('file-uploader'),
Exemple #30
//Если нажали "Добавить"
if (isset($_POST['save'])) {
    $price = intval($_POST['price']);
    //Разришенные форматы
    $allowed_files = array('jpg', 'png');
    //Получаем данные о фотографии ОРИГИНАЛ
    $image_tmp = $_FILES['original']['tmp_name'];
    $image_name = totranslit($_FILES['original']['name']);
    // оригинальное название для оприделения формата
    $image_size = $_FILES['original']['size'];
    // размер файла
    $type = end(explode(".", $image_name));
    // формат файла
    //Получаем данные о фотографии КОПИЯ
    $image_tmp_2 = $_FILES['thumbnail']['tmp_name'];
    $image_name_2 = totranslit($_FILES['thumbnail']['name']);
    // оригинальное название для оприделения формата
    $image_size_2 = $_FILES['thumbnail']['size'];
    // размер файла
    $type_2 = end(explode(".", $image_name_2));
    // формат файла
    //Проверям если, формат верный то пропускаем
    if ($price) {
        if (in_array(strtolower($type), $allowed_files) and in_array(strtolower($type_2), $allowed_files)) {
            if ($image_size < 200000) {
                if ($image_size_2 < 100000) {
                    $rand_name = rand(0, 1000);
                    move_uploaded_file($image_tmp, ROOT_DIR . '/uploads/gifts/' . $rand_name . '.' . $type);
                    move_uploaded_file($image_tmp_2, ROOT_DIR . '/uploads/gifts/' . $rand_name . '.' . $type_2);
                    $db->query("INSERT INTO `" . PREFIX . "_gifts_list` SET img = '" . $rand_name . "', price = '" . $price . "'");
                    msgbox('Информация', 'Подарок успешно добавлен', '?mod=gifts');