Exemple #1
0
<?php

defined('_VALID') or die('Restricted Access!');
if ($config['game_module'] == '0') {
    die;
}
require $config['BASE_DIR'] . '/classes/filter.class.php';
require $config['BASE_DIR'] . '/include/adodb/adodb.inc.php';
require $config['BASE_DIR'] . '/include/compat/json.php';
require $config['BASE_DIR'] . '/classes/pagination.class.php';
require $config['BASE_DIR'] . '/include/dbconn.php';
$code = array();
if (isset($_POST['game_id']) && isset($_POST['page'])) {
    $filter = new VFilter();
    $gid = $filter->get('game_id', 'INTEGER');
    $page = $filter->get('page', 'INTEGER');
    $uid = isset($_SESSION['uid']) ? intval($_SESSION['uid']) : NULL;
    $sql = "SELECT COUNT(CID) AS total_comments FROM game_comments WHERE GID = " . $gid . " AND status = '1'";
    $rsc = $conn->execute($sql);
    $total = $rsc->fields['total_comments'];
    $pagination = new Pagination(10, $page);
    $limit = $pagination->getLimit($total);
    $sql = "SELECT c.CID, c.UID, c.comment, c.addtime, s.username, s.photo, s.gender\n                       FROM game_comments AS c, signup AS s\n                       WHERE c.GID = " . $gid . " AND c.status = '1' AND c.UID = s.UID \n                       ORDER BY c.addtime DESC LIMIT " . $limit;
    $rs = $conn->execute($sql);
    $comments = $rs->getrows();
    $page_link = $pagination->getPagination('game/' . $gid, 'p_game_comments_' . $gid . '_');
    $page_link_b = $pagination->getPagination('game/' . $gid, 'pp_game_comments_' . $gid . '_');
    $start_num = $pagination->getStartItem();
    $end_num = $pagination->getEndItem();
    $code[] = '<div class="blinkp">';
    $code[] = $lang['global.showing'] . ' <strong>' . $start_num . '</strong> ' . $lang['global.to'] . ' <strong>' . $end_num . '</strong> ' . $lang['global.of'] . ' <strong>' . $total . '</strong> ' . $lang['global.comments'] . '.';
Exemple #2
0
<?php

defined('_VALID') or die('Restricted Access!');
require $config['BASE_DIR'] . '/classes/filter.class.php';
require $config['BASE_DIR'] . '/include/compat/json.php';
require $config['BASE_DIR'] . '/include/adodb/adodb.inc.php';
require $config['BASE_DIR'] . '/include/dbconn.php';
$data = array('status' => 0, 'msg' => '');
if (isset($_POST['video_id'])) {
    $filter = new VFilter();
    $video_id = $filter->get('video_id', 'INTEGER');
    if (isset($_SESSION['uid'])) {
        $sql = "SELECT VID FROM favourite WHERE VID = " . $video_id . " AND UID = " . intval($_SESSION['uid']) . " LIMIT 1";
        $conn->execute($sql);
        if ($conn->Affected_Rows() == 1) {
            $data['msg'] = show_err($lang['ajax.favorite_video_exists']);
        } else {
            $sql = "SELECT VID FROM video WHERE VID = " . $video_id . " AND UID = " . intval($_SESSION['uid']) . " LIMIT 1";
            $conn->execute($sql);
            if ($conn->Affected_Rows() == 1) {
                $data['msg'] = show_err($lang['ajax.favorite_video_self']);
            } else {
                $sql = "INSERT INTO favourite SET VID = " . $video_id . ", UID = " . intval($_SESSION['uid']);
                $conn->execute($sql);
                $sql = "UPDATE video SET fav_num = fav_num+1 WHERE VID = " . $video_id . " LIMIT 1";
                $conn->execute($sql);
                $data['msg'] = show_msg($lang['ajax.favorite_video_success']);
                $data['status'] = 1;
            }
        }
    } else {
<?php

defined('_VALID') or die('Restricted Access!');
require $config['BASE_DIR'] . '/classes/filter.class.php';
require $config['BASE_DIR'] . '/include/adodb/adodb.inc.php';
require $config['BASE_DIR'] . '/include/dbconn.php';
require $config['BASE_DIR'] . '/include/compat/json.php';
$data = array('status' => 1, 'msg' => '');
if (isset($_POST['user_id'])) {
    if (isset($_SESSION['uid'])) {
        $uid = intval($_SESSION['uid']);
        $filter = new VFilter();
        $user_id = $filter->get('user_id', 'INTEGER');
        if ($uid == $user_id) {
            $data['msg'] = show_err('Invalid request!?');
        } else {
            $sql = "SELECT UID FROM video_subscribe WHERE UID = " . $uid . " AND SUID = " . $user_id . " LIMIT 1";
            $conn->execute($sql);
            if ($conn->Affected_Rows() != 1) {
                $data['msg'] = show_err($lang['ajax.remove_sub_exists']);
            } else {
                $data['status'] = 1;
                $data['msg'] = show_msg($lang['ajax.remove_sub_success']);
                $sql = "DELETE FROM video_subscribe WHERE UID = " . $uid . " AND SUID = " . $user_id . " LIMIT 1";
                $conn->execute($sql);
                $sql = "UPDATE signup SET popularity = popularity-1, points = points-2 WHERE UID = " . $uid . " LIMIT 1";
                $conn->execute($sql);
            }
        }
    } else {
        $data['msg'] = show_err($lang['ajax.remove_sub_login']);
Exemple #4
0
<?php

defined('_VALID') or die('Restricted Access!');
require $config['BASE_DIR'] . '/classes/filter.class.php';
require $config['BASE_DIR'] . '/include/adodb/adodb.inc.php';
require $config['BASE_DIR'] . '/include/dbconn.php';
if (isset($_POST['friend_id'])) {
    if (isset($_SESSION['uid'])) {
        $filter = new VFilter();
        $uid = intval($_SESSION['uid']);
        $fid = $filter->get('friend_id', 'INTEGER');
        $sql = "SELECT UID FROM friends WHERE UID = " . $uid . " AND FID = " . $fid . " AND status = 'Pending' LIMIT 1";
        $conn->execute($sql);
        if ($conn->Affected_Rows() == 1) {
            $sql = "DELETE FROM friends WHERE UID = " . $uid . " AND FID = " . $fid . " LIMIT 1";
            $conn->execute($sql);
            $sql = "UPDATE signup SET total_friends = total_friends-1, popularity = popularity-2 WHERE UID = " . $uid . " LIMIT 1";
            $conn->execute($sql);
            $sql = "UPDATE signup SET points = points-2 WHERE UID = " . $fid . " LIMIT 1";
            $conn->execute($sql);
            $message = $lang['ajax.reject_friend_success'];
            $sql = "SELECT u.username, u.email, p.friend_request FROM signup AS u, users_prefs AS p \n                               WHERE u.UID = " . $fid . " AND u.UID = p.UID LIMIT 1";
            $rs = $conn->execute($sql);
            if ($conn->Affected_Rows() === 1 && $rs->fields['friend_request'] == '1') {
                $to = $rs->fields['email'];
                $receiver = $rs->fields['username'];
                $sql = "SELECT username FROM signup WHERE UID = " . $uid . " LIMIT 1";
                $rs = $conn->execute($sql);
                if ($conn->Affected_Rows() === 1) {
                    $username = $rs->fields['username'];
                    require $config['BASE_DIR'] . '/classes/email.class.php';
Exemple #5
0
<?php

defined('_VALID') or die('Restricted Access!');
if ($config['game_module'] == '0') {
    die;
}
require $config['BASE_DIR'] . '/classes/filter.class.php';
require $config['BASE_DIR'] . '/include/compat/json.php';
require $config['BASE_DIR'] . '/include/adodb/adodb.inc.php';
require $config['BASE_DIR'] . '/include/dbconn.php';
require $config['BASE_DIR'] . '/include/function_user.php';
$response = array('status' => 0, 'msg' => '', 'debug' => '');
if (isset($_POST['game_id'])) {
    if (isset($_SESSION['uid'])) {
        $filter = new VFilter();
        $gid = $filter->get('game_id', 'INTEGER');
        $uid = intval($_SESSION['uid']);
        $sql = "SELECT UID FROM game WHERE GID = " . $gid . " LIMIT 1";
        $rs = $conn->execute($sql);
        if ($conn->Affected_Rows() === 1) {
            $game = $rs->getrows();
            if ($uid == $game[0][0]) {
                deleteGame($gid);
                $response['status'] = 1;
                $response['msg'] = show_msg_mb($lang['ajax.delete_game_success']);
            } else {
                $response['msg'] = show_err_mb($lang['ajax.delete_game_failed']);
            }
        } else {
            $response['msg'] = show_err_mb($lang['ajax.delete_game_failed']);
        }
Exemple #6
0
<?php

defined('_VALID') or die('Restricted Access!');
Auth::checkAdmin();
// If Posted
if (isset($_POST['submit_media_mp4'])) {
    $filter = new VFilter();
    //config settings
    $iphone_convert = $filter->get('iphone_convert', 'INTEGER');
    //db settings
    $iphone_ovc_profile = $filter->get('iphone_ovc_profile');
    $iphone_resize_base = $filter->get('iphone_resize_base');
    $iphone_resize_width = $filter->get('iphone_resize_width', 'INTEGER');
    $iphone_resize_height = $filter->get('iphone_resize_height', 'INTEGER');
    $iphone_ref_bitrate = $filter->get('iphone_ref_bitrate', 'INTEGER');
    $iphone_ref_type = $filter->get('iphone_ref_type');
    $iphone_blackbars = $filter->get('iphone_blackbars', 'INTEGER');
    $iphone_encodepass = $filter->get('iphone_encodepass', 'INTEGER');
    $iphone_audio_sampling = $filter->get('iphone_audio_sampling', 'INTEGER');
    $iphone_audio_bitrate = $filter->get('iphone_audio_bitrate', 'INTEGER');
    // Set Defaults
    $iphone_ovc_profile = $iphone_ovc_profile == '' ? 'standard' : $iphone_ovc_profile;
    $iphone_resize_base = $iphone_resize_base == '' ? 'both' : $iphone_resize_base;
    $iphone_resize_width = $iphone_resize_width == '' ? '480' : $iphone_resize_width;
    $iphone_resize_height = $iphone_resize_height == '' ? '320' : $iphone_resize_height;
    $iphone_ref_bitrate = $iphone_ref_bitrate == '' ? '1500' : $iphone_ref_bitrate;
    $iphone_ref_type = $iphone_ref_type == '' ? 'standard' : $iphone_ref_type;
    $iphone_encodepass = $iphone_encodepass == '1' ? '1' : '2';
    $iphone_blackbars = $iphone_blackbars == '0' ? '0' : '1';
    $iphone_audio_sampling = $iphone_audio_sampling == '' ? '48000' : $iphone_audio_sampling;
    $iphone_audio_bitrate = $iphone_audio_bitrate == '' ? '128' : $iphone_audio_bitrate;
Exemple #7
0
    $sql = "SELECT FID FROM friends WHERE UID = " . $uid . " LIMIT 1";
    $conn->execute($sql);
    if ($conn->Affected_Rows() != 1) {
        $access = false;
        $_URL = $config['BASE_URL'] . '/error/private_messages_friends';
    }
} elseif ($config['private_msgs'] == 'disabled') {
    $access = false;
    $_URL = $config['BASE_URL'] . '/error/private_messages_disabled';
}
if (!$access) {
    VRedirect::go($_URL);
}
require $config['BASE_DIR'] . '/classes/filter.class.php';
require $config['BASE_DIR'] . '/classes/validation.class.php';
$filter = new VFilter();
$subject = $filter->get('s', 'STRING', 'GET');
$compose = array('receiver' => '', 'friend' => '', 'subject' => $subject, 'body' => '', 'save_outbox' => 1, 'send_self' => 0);
if (isset($query['1']) && $query['1'] != '') {
    $valid = new VValidation();
    if ($valid->usernameExists($query['1'])) {
        $compose['receiver'] = $query['1'];
    }
}
if (isset($_POST['send_mail'])) {
    $valid = new VValidation();
    $receiver = $filter->get('receiver');
    $friend = $filter->get('receiver_friend');
    $subject = $filter->get('subject');
    $body = $filter->process(trim($_POST['body']), array('a'), array('href'));
    if ($receiver == '') {
Exemple #8
0
<?php

defined('_VALID') or die('Restricted Access!');
Auth::checkAdmin();
//include($config['BASE_DIR'].'/include/function_conversions.php');
if (isset($_POST['submit_media_mp4'])) {
    $filter = new VFilter();
    //config settings
    $hd_convert = $filter->get('hd_convert', 'INTEGER');
    //db settings
    $condition_value = $filter->get('condition_value', 'INTEGER');
    $hd_ovc_profile = $filter->get('hd_ovc_profile');
    $hd_resize_base = $filter->get('hd_resize_base');
    $hd_resize_width = $filter->get('hd_resize_width', 'INTEGER');
    $hd_resize_height = $filter->get('hd_resize_height', 'INTEGER');
    $hd_ref_bitrate = $filter->get('hd_ref_bitrate', 'INTEGER');
    $hd_ref_type = $filter->get('hd_ref_type');
    $hd_blackbars = $filter->get('hd_blackbars', 'INTEGER');
    $hd_encodepass = $filter->get('hd_encodepass', 'INTEGER');
    $hd_audio_sampling = $filter->get('hd_audio_sampling', 'INTEGER');
    $hd_audio_bitrate = $filter->get('hd_audio_bitrate', 'INTEGER');
    //prep
    $hd_ovc_profile = $hd_ovc_profile == '' ? 'standard' : $hd_ovc_profile;
    $hd_resize_base = $hd_resize_base == '' ? 'both' : $hd_resize_base;
    $hd_resize_width = $hd_resize_width == '' ? '640' : $hd_resize_width;
    $hd_resize_height = $hd_resize_height == '' ? '480' : $hd_resize_height;
    $hd_ref_bitrate = $hd_ref_bitrate == '' ? '1500' : $hd_ref_bitrate;
    $hd_ref_type = $hd_ref_type == '' ? 'standard' : $hd_ref_type;
    $hd_encodepass = $hd_encodepass == '1' ? '1' : '2';
    $hd_blackbars = $hd_blackbars == '0' ? '0' : '1';
    $hd_audio_sampling = $hd_audio_sampling == '' ? '48000' : $hd_audio_sampling;
Exemple #9
0
<?php

defined('_VALID') or die('Restricted Access!');
Auth::checkAdmin();
if (isset($_POST['submit_media_mp4'])) {
    $filter = new VFilter();
    //db settings
    $flv_ovc_profile = $filter->get('flv_ovc_profile');
    $flv_resize_base = $filter->get('flv_resize_base');
    $flv_resize_width = $filter->get('flv_resize_width', 'INTEGER');
    $flv_resize_height = $filter->get('flv_resize_height', 'INTEGER');
    $flv_ref_bitrate = $filter->get('flv_ref_bitrate', 'INTEGER');
    $flv_ref_type = $filter->get('flv_ref_type');
    $flv_blackbars = $filter->get('flv_blackbars', 'INTEGER');
    $flv_encodepass = $filter->get('flv_encodepass', 'INTEGER');
    $flv_audio_sampling = $filter->get('flv_audio_sampling', 'INTEGER');
    $flv_audio_bitrate = $filter->get('flv_audio_bitrate', 'INTEGER');
    //prep
    $flv_ovc_profile = $flv_ovc_profile == '' ? 'standard' : $flv_ovc_profile;
    $flv_resize_base = $flv_resize_base == '' ? 'both' : $flv_resize_base;
    $flv_resize_width = $flv_resize_width == '' ? '480' : $flv_resize_width;
    $flv_resize_height = $flv_resize_height == '' ? '320' : $flv_resize_height;
    $flv_ref_bitrate = $flv_ref_bitrate == '' ? '1500' : $flv_ref_bitrate;
    $flv_ref_type = $flv_ref_type == '' ? 'standard' : $flv_ref_type;
    $flv_encodepass = $flv_encodepass == '1' ? '1' : '2';
    $flv_blackbars = $flv_blackbars == '0' ? '0' : '1';
    $flv_audio_sampling = $flv_audio_sampling == '' ? '48000' : $flv_audio_sampling;
    $flv_audio_bitrate = $flv_audio_bitrate == '' ? '128' : $flv_audio_bitrate;
    if ($flv_ref_bitrate == '') {
        $errors[] = 'Video Bit-rate for converted videos cannot be left blank!';
    } elseif (!is_numeric($flv_ref_bitrate)) {
<?php

defined('_VALID') or die('Restricted Access!');
if ($config['game_module'] == '0') {
    die;
}
require $config['BASE_DIR'] . '/classes/filter.class.php';
require $config['BASE_DIR'] . '/include/adodb/adodb.inc.php';
require $config['BASE_DIR'] . '/include/compat/json.php';
require $config['BASE_DIR'] . '/include/dbconn.php';
$data = array('msg' => '', 'status' => 0, 'debug' => '');
if (isset($_POST['parent_id']) && isset($_POST['comment_id'])) {
    if (isset($_SESSION['uid'])) {
        $filter = new VFilter();
        $uid = intval($_SESSION['uid']);
        $cid = $filter->get('comment_id', 'INTEGER');
        $gid = $filter->get('parent_id', 'INTEGER');
        $sql = "DELETE FROM game_comments WHERE UID = " . $uid . " AND GID = " . $gid . " AND CID = " . $cid . " LIMIT 1";
        $conn->execute($sql);
        if ($conn->Affected_Rows() == 1) {
            $data['status'] = 1;
            $sql = "UPDATE game SET total_comments = total_comments-1 WHERE GID = " . $gid . " LIMIT 1";
            $conn->execute($sql);
            $data['msg'] = $lang['ajax.comment_delete_success'];
        } else {
            $data['msg'] = $lang['ajax.comment_delete_failed'];
        }
    } else {
        $data['msg'] = $lang['ajax.comment_delete_login'];
    }
} else {
Exemple #11
0
<?php

defined('_VALID') or die('Restricted Access!');
require $config['BASE_DIR'] . '/classes/auth.class.php';
require $config['BASE_DIR'] . '/classes/filter.class.php';
if ($config['blog_module'] == '0') {
    VRedirect::go($config['BASE_URL'] . '/error/page_invalid');
}
$auth = new Auth();
$auth->check();
$uid = intval($_SESSION['uid']);
$username = $_SESSION['username'];
$blog_title = NULL;
$blog_content = NULL;
if (isset($_POST['blog_add_submit'])) {
    $filter = new VFilter();
    $title = $filter->get('blog_title');
    $content = $_POST['blog_content'];
    if ($title == '') {
        $errors[] = $lang['blog.edit_title_empty'];
        $err['title'] = 1;
    } elseif (strlen($title) > 100) {
        $errors[] = $lang['blog.edit_title_big'];
        $err['title'] = 1;
    } else {
        $blog_title = $title;
    }
    if ($content == '') {
        $errors[] = $lang['blog.edit_content_empty'];
        $err['content'] = 1;
    } elseif (strlen($content) > 3000) {
Exemple #12
0
<?php

defined('_VALID') or die('Restricted Access!');
require $config['BASE_DIR'] . '/classes/auth.class.php';
require $config['BASE_DIR'] . '/classes/image.class.php';
require $config['BASE_DIR'] . '/classes/filter.class.php';
$auth = new Auth();
$auth->check();
if (isset($_SESSION['uid']) && $uid != $_SESSION['uid']) {
    session_write_close();
    header('Location: ' . $config['BASE_URL'] . '/error/album_permission');
    die;
}
if (isset($_POST['add_photos_submit'])) {
    $photos = 0;
    $filter = new VFilter();
    $image = new VImageConv();
    foreach ($_FILES as $key => $values) {
        if ($values['tmp_name'] != '') {
            if (is_uploaded_file($values['tmp_name']) && ($check = getimagesize($values['tmp_name']))) {
                $ext = strtolower(substr($values['name'], strrpos($values['name'], '.') + 1));
                if (!check_image($values['tmp_name'], $ext)) {
                    continue;
                }
                $photo_expl = explode('_', $key);
                $photo_nr = $photo_expl['1'];
                $caption = $filter->get('caption_' . $photo_nr);
                $sql_add = NULL;
                if ($caption != '') {
                    $sql_add = ", caption = '" . mysql_real_escape_string($caption) . "'";
                }
Exemple #13
0
function constructQuery()
{
    global $smarty;
    $query = array();
    $query_count = "SELECT COUNT(f.UID) AS total_users FROM signup AS u, users_flags AS f WHERE f.UID = u.UID";
    $query_select = "SELECT u.*, f.RID, f.reason, f.message, f.addtime, f.flag_id\n                           FROM signup AS u, users_flags AS f\n                           WHERE f.UID = u.UID";
    $query_option = array();
    $option_orig = array('username' => '', 'email' => '', 'country' => '', 'name' => '', 'gender' => '', 'relation' => '', 'sort' => 'u.UID', 'order' => 'DESC', 'display' => 10);
    $all = isset($_GET['all']) ? intval($_GET['all']) : 0;
    if ($all == 1) {
        unset($_SESSION['search_users_option']);
    }
    $option = isset($_SESSION['search_users_flagged_option']) ? $_SESSION['search_users_flagged_option'] : $option_orig;
    if (isset($_POST['search_videos'])) {
        global $config;
        require $config['BASE_DIR'] . '/classes/filter.class.php';
        $filter = new VFilter();
        $option['username'] = $filter->get('username');
        $option['email'] = $filter->get('email');
        $option['country'] = $filter->get('country');
        $option['name'] = $filter->get('name');
        $option['gender'] = $filter->get('gender');
        $option['relation'] = $filter->get('relation');
        $option['sort'] = $filter->get('sort');
        $option['order'] = $filter->get('order');
        $option['display'] = $filter->get('display', 'INTEGER');
        if ($option['username'] != '') {
            $query_option[] = " AND u.username LIKE '%" . mysql_real_escape_string($option['username']) . "%'";
        }
        if ($option['email'] != '') {
            $query_option[] = " AND u.email LIKE '%" . mysql_real_escape_string($option['email']) . "%'";
        }
        if ($option['country'] != '') {
            $query_option[] = " AND u.country LIKE '%" . mysql_real_escape_string($option['country']) . "%'";
        }
        if ($option['name'] != '') {
            $query_option[] = " AND ( u.fname LIKE '%" . mysql_real_escape_string($option['name']) . "%' OR u.lname LIKE '%" . mysql_real_escape_string($option['name']) . "%'";
        }
        if ($option['gender'] != '') {
            $query_option[] = " AND u.gender = '" . mysql_real_escape_string($option['gender']) . "'";
        }
        if ($option['relation'] != '') {
            $query_option[] = " AND u.relation = '" . mysql_real_escape_string($option['relation']) . "'";
        }
        $_SESSION['search_users_flagged_option'] = $option;
    }
    $query_option[] = " ORDER BY " . $option['sort'] . " " . $option['order'];
    $query['select'] = $query_select . implode(' ', $query_option);
    $query['count'] = $query_count . implode(' ', $query_option);
    $query['page_items'] = $option['display'];
    $smarty->assign('option', $option);
    return $query;
}
Exemple #14
0
<?php

defined('_VALID') or die('Restricted Access!');
require $config['BASE_DIR'] . '/classes/auth.class.php';
require $config['BASE_DIR'] . '/classes/filter.class.php';
if ($config['blog_module'] == '0') {
    VRedirect::go($config['BASE_URL'] . '/error/page_invalid');
}
$auth = new Auth();
$auth->check();
$uid = intval($_SESSION['uid']);
$username = $_SESSION['username'];
$blog_title = NULL;
$blog_content = NULL;
if (isset($_POST['blog_edit_submit'])) {
    $filter = new VFilter();
    $title = $filter->get('blog_title');
    $content = $filter->get('blog_content');
    if ($title == '') {
        $errors[] = $lang['blog.edit_title_empty'];
        $err['title'] = 1;
    } elseif (strlen($title) > 100) {
        $errors[] = $lang['blog.edit_title_big'];
        $err['title'] = 1;
    } else {
        $blog_title = $title;
    }
    if ($content == '') {
        $errors[] = $lang['blog.edit_content_empty'];
        $err['content'] = 1;
    } elseif (strlen($content) > 3000) {
Exemple #15
0
<?php

defined('_VALID') or die('Restricted Access!');
require $config['BASE_DIR'] . '/classes/filter.class.php';
$filter = new VFilter();
$mail_id = $filter->get('id', 'INTEGER', 'GET');
if (!$mail_id) {
    VRedirect::go($config['BASE_URL'] . '/error/mail_missing');
}
$sql = "SELECT m.mail_id, m.sender, m.receiver, m.subject, m.body, s.photo, s.gender\n               FROM mail AS m, signup AS s\n               WHERE ( m.sender = '" . mysql_real_escape_string($username) . "' OR m.receiver = '" . mysql_real_escape_string($username) . "' )\n               AND m.mail_id = " . $mail_id . " AND m.sender = s.username AND m.status = '1'\n               LIMIT 1";
$rs = $conn->execute($sql);
if (!$conn->Affected_Rows()) {
    VRedirect::go($config['BASE_URL'] . '/error/mail_missing');
}
$mail = $rs->getrows();
$mail = $mail['0'];
$sql = "UPDATE mail SET readed = '1' WHERE mail_id = " . $mail_id . " LIMIT 1";
$conn->execute($sql);
$smarty->assign('mail', $mail);
Exemple #16
0
function construct_vote($likes, $dislikes)
{
    $output = array();
    $output[] = '<div class="pull-left">';
    $output[] = '<i class="glyphicon glyphicon-thumbs-up"></i> <span id="photo_likes" class="text-white">' . $likes . '</span>';
    $output[] = '</div>';
    $output[] = '<div class="pull-right">';
    $output[] = '<i class="glyphicon glyphicon-thumbs-down"></i> <span id="photo_dislikes" class="text-white">' . $dislikes . '</span>';
    $output[] = '</div>';
    $output[] = '<div class="clearfix"></div>';
    return implode("\n", $output);
}
$data = array('msg' => '', 'rate' => 0, 'likes' => 0, 'dislikes' => 0, 'debug' => '');
if (isset($_POST['item_id']) && isset($_POST['vote'])) {
    $allowed = false;
    $filter = new VFilter();
    $photo_id = $filter->get('item_id', 'INTEGER');
    $vote = $filter->get('vote', 'STRING');
    $sql = "SELECT p.rate, p.likes, p.dislikes, a.rate AS arate, a.likes AS alikes, a.dislikes AS adislikes FROM photos AS p, albums AS a\n                       WHERE p.PID = " . $photo_id . " AND a.AID = p.AID LIMIT 1";
    $rs = $conn->execute($sql);
    $rate = $rs->fields['rate'];
    $likes = $rs->fields['likes'];
    $dislikes = $rs->fields['dislikes'];
    $arate = $rs->fields['arate'];
    $alikes = $rs->fields['alikes'];
    $adislikes = $rs->fields['adislikes'];
    if ($config['photo_rate'] == 'user') {
        if (isset($_SESSION['uid'])) {
            $uid = intval($_SESSION['uid']);
            $allowed = true;
        }
Exemple #17
0
        }
        if (!$errors) {
            $dst = $config['BASE_DIR'] . '/media/users/orig/' . $image_name;
            $image = new VImageConv();
            $image->process($avatar_tmp, $dst, 'MAX_HEIGHT', 240, 200);
            $image->resize(true);
            if (file_exists($dst) && filesize($dst) > 100) {
                $_SESSION['message'] = $lang['user.avatar_upload_msg'];
                $_SESSION['uploaded'] = true;
                VRedirect::go($config['BASE_URL'] . '/user/avatar');
            }
        }
    }
}
if (isset($_POST['avatar_crop_submit'])) {
    $filter = new VFilter();
    $x = $filter->get('x1', 'INTEGER');
    $y = $filter->get('y1', 'INTEGER');
    $width = $filter->get('width', 'INTEGER');
    $height = $filter->get('height', 'INTEGER');
    $uid = $user['UID'];
    $src = $config['BASE_DIR'] . '/media/users/orig/' . $uid . '.jpg';
    $dst = $config['BASE_DIR'] . '/media/users/' . $uid . '.jpg';
    $image = new VImageConv();
    $image->process($src, $dst, 'EXACT', 100, 120);
    $image->crop($x, $y, $width, $height, true);
    if (file_exists($dst) && filesize($dst) > 100) {
        $sql = "UPDATE signup SET photo = '" . intval($user['UID']) . ".jpg' WHERE UID = " . intval($uid) . " LIMIT 1";
        $conn->execute($sql);
        $_SESSION['message'] = $lang['user.avatar_crop_msg'];
        VRedirect::go($config['BASE_URL'] . '/user/avatar');
Exemple #18
0
        }
    }
    $output = array();
    $output[] = '<ul>';
    $output[] = '<li><span' . $class_1 . '>&nbsp;</span></li>';
    $output[] = '<li><span' . $class_2 . '>&nbsp;</span></li>';
    $output[] = '<li><span' . $class_3 . '>&nbsp;</span></li>';
    $output[] = '<li><span' . $class_4 . '>&nbsp;</span></li>';
    $output[] = '<li><span' . $class_5 . '>&nbsp;</span></li>';
    $output[] = '</ul>';
    return implode("\n", $output);
}
$data = array('msg' => '', 'rating_code' => '', 'rate' => 0, 'ratedby' => 0, 'debug' => '');
if (isset($_POST['user_id']) && isset($_POST['rating'])) {
    $allowed = false;
    $filter = new VFilter();
    $user_id = $filter->get('user_id', 'INTEGER');
    $vote = $filter->get('rating', 'INTEGER');
    $sql = "SELECT rate, ratedby FROM signup WHERE UID = " . $user_id . " LIMIT 1";
    $rs = $conn->execute($sql);
    $rate = $rs->fields['rate'];
    $ratedby = $rs->fields['ratedby'];
    if ($config['rating'] == 'user') {
        if (isset($_SESSION['uid'])) {
            $uid = intval($_SESSION['uid']);
            $allowed = true;
        }
    } else {
        $allowed = true;
    }
    if ($allowed) {
Exemple #19
0
}
if ($config['edit_videos'] == '0') {
    VRedirect::go($config['BASE_URL'] . '/error/page_invalid');
}
Auth::check();
$vid = get_request_arg('edit');
if (!$vid) {
    VRedirect::go($config['BASE_URL'] . '/error/video_missing');
}
$uid = (int) $_SESSION['uid'];
$sql = "SELECT VID FROM video WHERE VID = " . $vid . " AND UID = " . $uid . " AND active = '1' LIMIT 1";
$conn->execute($sql);
if ($conn->Affected_Rows()) {
    $categories = get_categories();
    if (isset($_POST['edit_submit'])) {
        $filter = new VFilter();
        $title = $filter->get('title');
        $keyword = $filter->get('keyword');
        $channel = $filter->get('channel', 'INTEGER');
        $type = $filter->get('type');
        $thumb = $filter->get('thumb', 'INTEGER');
        if ($title == '') {
            $errors[] = $lang['upload.video_title_empty'];
            $err['title'] = 1;
        }
        if ($keyword == '') {
            $errors[] = $lang['upload.video_tags_empty'];
            $err['tags'] = 1;
        } else {
            $keyword = prepare_string($keyword, false);
        }
Exemple #20
0
<?php

defined('_VALID') or die('Restricted Access!');
if ($config['game_module'] == '0') {
    die;
}
require $config['BASE_DIR'] . '/classes/filter.class.php';
require $config['BASE_DIR'] . '/include/compat/json.php';
require $config['BASE_DIR'] . '/include/adodb/adodb.inc.php';
require $config['BASE_DIR'] . '/include/dbconn.php';
$data = array('status' => 0, 'msg' => '', 'debug' => '');
if (isset($_POST['item_id']) && isset($_POST['flag_id']) && isset($_POST['message'])) {
    $filter = new VFilter();
    $game_id = $filter->get('item_id', 'INTEGER');
    $flag_id = $filter->get('flag_id');
    $flag_message = $filter->get('message');
    if (isset($_SESSION['uid'])) {
        $uid = intval($_SESSION['uid']);
        if ($flag_id == '' or strlen($flag_id) > 14) {
            $data['msg'] = show_err_mb($lang['ajax.flag_invalid']);
        } else {
            $sql = "SELECT GID FROM game_flags WHERE GID = " . $game_id . " AND UID = " . $uid . " LIMIT 1";
            $conn->execute($sql);
            if ($conn->Affected_Rows() == 1) {
                $data['msg'] = show_err_mb($lang['ajax.flag_game_exists']);
            } else {
                $sql = "INSERT INTO game_flags (GID, UID, reason, message, add_date)\n                            VALUES (" . $game_id . ", " . $uid . ", '" . mysql_real_escape_string($flag_id) . "',\n                                    '" . mysql_real_escape_string($flag_message) . "', '" . date('Y-m-d') . "')";
                $conn->execute($sql);
                $data['status'] = 1;
                $data['msg'] = show_msg_mb($lang['ajax.flag_game_success']);
            }
Exemple #21
0
$country = new I18N_ISO_3166();
$countries_twocode = $country->twocountry;
$countries = array();
foreach ($countries_twocode as $code => $value) {
    $countries[] = $value;
}
$user = array();
$UID = isset($_GET['UID']) && is_numeric($_GET['UID']) ? intval(trim($_GET['UID'])) : NULL;
if (!$UID) {
    $errors[] = 'Invalid user ID!';
}
if (!$errors) {
    if (isset($_POST['edit_user'])) {
        require $config['BASE_DIR'] . '/classes/filter.class.php';
        require $config['BASE_DIR'] . '/classes/validation.class.php';
        $filter = new VFilter();
        $valid = new VValidation();
        $email = $filter->get('email');
        $fname = $filter->get('fname');
        $lname = $filter->get('lname');
        $town = $filter->get('town');
        $city = $filter->get('city');
        $zip = $filter->get('zip');
        $aboutme = $filter->get('aboutme');
        $fav_movies = $filter->get('fav_movie_show');
        $fav_music = $filter->get('fav_music');
        $fav_books = $filter->get('fav_book');
        $occupation = $filter->get('occupation');
        $interests = $filter->get('interest_hobby');
        $company = $filter->get('company');
        $school = $filter->get('school');
<?php

defined('_VALID') or die('Restricted Access!');
require $config['BASE_DIR'] . '/classes/filter.class.php';
require $config['BASE_DIR'] . '/include/adodb/adodb.inc.php';
require $config['BASE_DIR'] . '/include/compat/json.php';
require $config['BASE_DIR'] . '/classes/pagination.class.php';
require $config['BASE_DIR'] . '/include/dbconn.php';
$data = array('comments_code' => '');
$code = array();
$items_code = NULL;
if (isset($_POST['notice_id']) && isset($_POST['page'])) {
    $filter = new VFilter();
    $nid = $filter->get('notice_id', 'INTEGER');
    $page = $filter->get('page', 'INTEGER');
    $uid = isset($_SESSION['uid']) ? intval($_SESSION['uid']) : NULL;
    $sql = "SELECT COUNT(CID) AS total_comments FROM notice_comments WHERE NID = " . $nid . " AND status = '1'";
    $rsc = $conn->execute($sql);
    $total = $rsc->fields['total_comments'];
    $pagination = new Pagination(10, $page);
    $limit = $pagination->getLimit($total);
    $sql = "SELECT c.CID, c.UID, c.comment, c.addtime, s.username, s.photo, s.gender\n                       FROM notice_comments AS c, signup AS s  \n                       WHERE c.NID = " . $nid . " AND c.status = '1' AND c.UID = s.UID \n                       ORDER BY c.addtime DESC LIMIT " . $limit;
    $rs = $conn->execute($sql);
    $comments = $rs->getrows();
    $page_link = $pagination->getPagination('notice/' . $nid, 'p_notice_comments_' . $nid . '_');
    $page_link_u = $pagination->getPagination('notice/' . $nid, 'pp_notice_comments_' . $nid . '_');
    $start_num = $pagination->getStartItem();
    $end_num = $pagination->getEndItem();
    $code[] = $lang['global.showing'] . ' <span class="text-white">' . $start_num . '</span> ' . $lang['global.to'] . ' <span id="end_num" class="text-white">' . $end_num . '</span> ' . $lang['global.of'] . ' <span id="total_comments" class="text-white">' . $total . '</span> ' . $lang['global.comments'] . '.';
    $code[] = '<div id="blog_response" class="response" style="display: none;"></div>';
    if ($comments) {
Exemple #23
0
if (isset($_POST['notice_id']) && isset($_POST['comment'])) {
    if ($config['notice_comments'] == '0') {
        $data['msg'] = show_err($lang['ajax.notice_comment_disabled']);
    } elseif (isset($_SESSION['uid'])) {
        $spam = false;
        if (isset($_SESSION['n_comment_added'])) {
            $delay = intval($_SESSION['n_comment_added']) + 30;
            if (time() < $delay) {
                $spam = true;
                $_SESSION['n_comment_added'] = time();
            }
        }
        if ($spam) {
            $data['msg'] = show_err($lang['ajax.dont_spam']);
        } else {
            $filter = new VFilter();
            $uid = intval($_SESSION['uid']);
            $nid = $filter->get('notice_id', 'INTEGER');
            $comment = $filter->get('comment');
            $sql = "INSERT INTO notice_comments ( NID, UID, comment, addtime )\n                               VALUES (" . $nid . ", " . $uid . ", '" . mysql_real_escape_string($comment) . "', '" . time() . "')";
            $conn->execute($sql);
            $cid = mysql_insert_id();
            $sql = "UPDATE notice SET total_comments = total_comments+1 WHERE NID = " . $nid . " LIMIT 1";
            $conn->execute($sql);
            $username = $_SESSION['username'];
            $photo = $_SESSION['photo'] == '' ? 'nopic-' . $_SESSION['gender'] . '.gif' : $_SESSION['photo'];
            $code = '<div id="notice_comment_' . $nid . '_' . $cid . '" class="col-xs-12 m-t-15">';
            $code .= '<div class="row">';
            $code .= '<div class="pull-left">';
            $code .= '<a href="' . $config['BASE_URL'] . '/user/' . $username . '">';
            $code .= '<img src="' . $config['BASE_URL'] . '/media/users/' . $photo . '" title="' . $username . '\'s avatar" alt="' . $username . '\'s avatar" class="img-responsive comment-avatar" />';
Exemple #24
0
defined('_VALID') or die('Restricted Access!');
require $config['BASE_DIR'] . '/classes/auth.class.php';
$auth = new Auth();
$auth->check();
// we dont cache anything here...needed for the album avatar update!
header('Expires: Mon, 26 Jul 1997 05:00:00 GMT');
header('Cache-Control: no-store, no-cache, must-revalidate');
header('Cache-Control: post-check=0, pre-check=0', false);
header('Pragma: no-cache');
if (isset($_SESSION['uid']) && $uid != $_SESSION['uid']) {
    VRedirect::go($config['BASE_URL'] . '/error/album_permission');
}
if (isset($_POST['submit_album_edit'])) {
    require $config['BASE_DIR'] . '/classes/filter.class.php';
    require $config['BASE_DIR'] . '/classes/image.class.php';
    $filter = new VFilter();
    $name = $filter->get('album_name');
    $category = $filter->get('album_category');
    $tags = $filter->get('album_tags');
    $type = $filter->get('album_type');
    $x = $filter->get('x1', 'INTEGER');
    $y = $filter->get('y1', 'INTEGER');
    $width = $filter->get('width', 'INTEGER');
    $height = $filter->get('height', 'INTEGER');
    $pid = $filter->get('photo', 'INTEGER');
    $random = $filter->get('random');
    if ($width < 50 || $width > 580 || $height != $width) {
        $x = $filter->get('x1-i', 'INTEGER');
        $y = $filter->get('y1-i', 'INTEGER');
        $width = $filter->get('width-i', 'INTEGER');
        $height = $filter->get('height-i', 'INTEGER');
<?php

defined('_VALID') or die('Restricted Access!');
if ($config['photo_module'] == '0') {
    die;
}
require $config['BASE_DIR'] . '/classes/filter.class.php';
require $config['BASE_DIR'] . '/include/adodb/adodb.inc.php';
require $config['BASE_DIR'] . '/include/dbconn.php';
require $config['BASE_DIR'] . '/include/compat/json.php';
$data = array('status' => 0, 'msg' => '');
if (isset($_POST['photo_id'])) {
    if (isset($_SESSION['uid'])) {
        $filter = new VFilter();
        $pid = $filter->get('photo_id', 'INTEGER');
        $uid = intval($_SESSION['uid']);
        $sql = "DELETE FROM photo_favorites WHERE UID = " . $uid . " AND PID = " . $pid . " LIMIT 1";
        $conn->execute($sql);
        $data['status'] = 1;
        $data['msg'] = show_msg_mb($lang['ajax.remove_fav_photo_success']);
    } else {
        $response = show_err_mb($lang['ajax.remove_fav_photo_login']);
    }
} else {
    $data['msg'] = 'Invalid request!?';
}
echo json_encode($data);
die;
Exemple #26
0
<?php

defined('_VALID') or die('Restricted Access!');
Auth::checkAdmin();
$album = array('username' => 'anonymous', 'name' => '', 'tags' => '', 'category' => 0, 'type' => 'public');
if (isset($_POST['add_album'])) {
    require $config['BASE_DIR'] . '/classes/filter.class.php';
    $filter = new VFilter();
    $username = $filter->get('username');
    $name = $filter->get('name');
    $tags = $filter->get('tags');
    $category = $filter->get('category', 'INTEGER');
    $type = $filter->get('type');
    if ($username == '') {
        $errors[] = 'Please add a username for your game!';
    } else {
        $sql = "SELECT UID FROM signup WHERE username = '******' LIMIT 1";
        $rs = $conn->execute($sql);
        if ($conn->Affected_Rows() === 1) {
            $uid = intval($rs->fields['UID']);
            $album['username'] = $username;
        } else {
            $errors[] = 'Invalid username. Are you sure this username exists?!';
        }
    }
    if ($name == '') {
        $errors[] = 'Album name field cannot be blank!';
    } elseif (strlen($name) < 3) {
        $errors[] = 'Album title field must contain at least 3 characters and no more then 99!';
    } else {
        $album['name'] = $name;
Exemple #27
0
if (isset($_POST['blog_id']) && isset($_POST['comment'])) {
    if ($config['blog_comments'] == '0') {
        $data['msg'] = $lang['ajax.blog_comment_disabled'];
    } elseif (isset($_SESSION['uid'])) {
        $spam = false;
        if (isset($_SESSION['b_comment_added'])) {
            $delay = intval($_SESSION['b_comment_added']) + 30;
            if (time() < $delay) {
                $spam = true;
                $_SESSION['b_comment_added'] = time();
            }
        }
        if ($spam) {
            $data['msg'] = $lang['ajax.dont_spam'];
        } else {
            $filter = new VFilter();
            $uid = intval($_SESSION['uid']);
            $bid = $filter->get('blog_id', 'INTEGER');
            $comment = $filter->get('comment');
            $comment = preg_replace('/\\[photo=(.*?)\\]/ms', '<img src="' . $config['BASE_URL'] . '/media/photos/tmb/\\1.jpg" alt="" class="blog_image" />', $comment);
            $sql = "INSERT INTO blog_comments ( BID, UID, comment, addtime )\n                               VALUES (" . $bid . ", " . $uid . ", '" . mysql_real_escape_string($comment) . "', '" . time() . "')";
            $conn->execute($sql);
            $cid = mysql_insert_id();
            $sql = "UPDATE blog SET total_comments = total_comments+1 WHERE BID = " . $bid . " LIMIT 1";
            $conn->execute($sql);
            $username = $_SESSION['username'];
            $photo = $_SESSION['photo'] == '' ? 'nopic-' . $_SESSION['gender'] . '.gif' : $_SESSION['photo'];
            $code = '<div id="blog_comment_' . $bid . '_' . $cid . '">';
            $code .= '<div id="delete_response_' . $cid . '" class="response" style="display: none;"></div>';
            $code .= '<div class="comment">';
            $code .= '<div class="comment_left">';
Exemple #28
0
<?php

define('_VALID', true);
require 'include/config.php';
require 'classes/filter.class.php';
require 'classes/validation.class.php';
require 'include/function_smarty.php';
if (isset($_POST['submit_lost'])) {
    $filter = new VFilter();
    $valid = new VValidation();
    $email = $filter->get('email');
    if ($email == '') {
        $errors[] = $lang['confirm.expl'];
    } elseif (!$valid->email($email)) {
        $errors[] = $lang['global.email_invalid'];
    } elseif (!$valid->emailExists($email)) {
        $errors[] = $lang['confirm.email_invalid'];
    } else {
        require 'classes/random.class.php';
        require 'classes/email.class.php';
        $passwd = VRandom::generate(8);
        $password = md5($passwd);
        $sql = "SELECT username FROM signup WHERE email = '" . mysql_real_escape_string($email) . "' LIMIT 1";
        $rs = $conn->execute($sql);
        $username = $rs->fields['username'];
        $sql = "UPDATE signup SET pwd = '" . mysql_real_escape_string($password) . "'\n                       WHERE username = '******' LIMIT 1";
        $conn->execute($sql);
        $smarty->assign('receiver_name', $username);
        $smarty->assign('password', $passwd);
        $sql = "SELECT * FROM emailinfo WHERE email_id = 'recover_password' LIMIT 1";
        $rs = $conn->execute($sql);
Exemple #29
0
<?php

defined('_VALID') or die('Restricted Access!');
require $config['BASE_DIR'] . '/classes/filter.class.php';
require $config['BASE_DIR'] . '/include/adodb/adodb.inc.php';
require $config['BASE_DIR'] . '/include/compat/json.php';
require $config['BASE_DIR'] . '/classes/pagination.class.php';
require $config['BASE_DIR'] . '/include/dbconn.php';
$code = array();
if (isset($_POST['user_id']) && isset($_POST['page'])) {
    $filter = new VFilter();
    $oid = $filter->get('user_id', 'INTEGER');
    $page = $filter->get('page', 'INTEGER');
    $uid = isset($_SESSION['uid']) ? intval($_SESSION['uid']) : NULL;
    $sql = "SELECT username FROM signup WHERE UID = " . $oid . " LIMIT 1";
    $rs = $conn->execute($sql);
    $username = $rs->fields['username'];
    $sql = "SELECT COUNT(wall_id) AS total_walls FROM wall WHERE OID = " . $oid;
    $rsc = $conn->execute($sql);
    $total = $rsc->fields['total_walls'];
    $pagination = new Pagination(10, $page);
    $limit = $pagination->getLimit($total);
    $sql = "SELECT w.wall_id, w.UID, w.message, w.addtime, u.username, u.photo, u.gender\n                       FROM wall AS w, signup AS u WHERE w.OID = " . $oid . " AND w.status = '1' AND w.UID = u.UID \n                       ORDER BY w.addtime DESC LIMIT " . $limit;
    $rs = $conn->execute($sql);
    $comments = $rs->getrows();
    $page_link = $pagination->getPagination('user/' . $username . '/wall', 'p_wall_comments_' . $oid . '_');
    $page_link_b = $pagination->getPagination('user/' . $username . '/wall', 'pp_wall_comments_' . $oid . '_');
    $start_num = $pagination->getStartItem();
    $end_num = $pagination->getEndItem();
    $code[] = $lang['global.showing'] . ' <span class="text-white">' . $start_num . '</span> ' . $lang['global.to'] . ' <span id="end_num" class="text-white">' . $end_num . '</span> ' . $lang['global.of'] . ' <span id="total_comments" class="text-white">' . $total . '</span> ' . $lang['global.comments'] . '.';
    $code[] = '<div id="wall_response" class="wall_posting" style="display: none;">' . $lang['global.posting'] . '</div>';
Exemple #30
0
<?php

defined('_VALID') or die('Restricted Access!');
Auth::checkAdmin();
require_once 'editor_files/editor_functions.php';
require_once 'editor_files/config.php';
require_once 'editor_files/editor_class.php';
$editor = new wysiwygPro();
$editor->usexhtml(true);
$notice = array('username' => '', 'title' => '', 'category' => '', 'content' => '');
if (isset($_POST['submit_add_notice'])) {
    require $config['BASE_DIR'] . '/classes/filter.class.php';
    require $config['BASE_DIR'] . '/classes/validation.class.php';
    $filter = new VFilter();
    $valid = new VValidation();
    $username = $filter->get('username');
    $title = $filter->get('title');
    $content = trim($_POST['htmlCode']);
    $category = $filter->get('category', 'INTEGER');
    if ($username == '') {
        $errors[] = 'Username field cannot be blank!';
    } elseif (!$valid->usernameExists($username)) {
        $errors[] = 'Username does not exist!';
    } else {
        $notice['username'] = $username;
    }
    if ($title == '') {
        $errors[] = 'Notice title field cannot be blank!';
    } elseif (strlen($title) > 299) {
        $errors[] = 'Notice title field cannot contain more then 299 characters!';
    } else {