<?php
defined('_VALID') or die('Restricted Access!');
if ($config['game_module'] == '0') {
die;
}
require $config['BASE_DIR'] . '/classes/filter.class.php';
require $config['BASE_DIR'] . '/include/adodb/adodb.inc.php';
require $config['BASE_DIR'] . '/include/compat/json.php';
require $config['BASE_DIR'] . '/classes/pagination.class.php';
require $config['BASE_DIR'] . '/include/dbconn.php';
$code = array();
if (isset($_POST['game_id']) && isset($_POST['page'])) {
$filter = new VFilter();
$gid = $filter->get('game_id', 'INTEGER');
$page = $filter->get('page', 'INTEGER');
$uid = isset($_SESSION['uid']) ? intval($_SESSION['uid']) : NULL;
$sql = "SELECT COUNT(CID) AS total_comments FROM game_comments WHERE GID = " . $gid . " AND status = '1'";
$rsc = $conn->execute($sql);
$total = $rsc->fields['total_comments'];
$pagination = new Pagination(10, $page);
$limit = $pagination->getLimit($total);
$sql = "SELECT c.CID, c.UID, c.comment, c.addtime, s.username, s.photo, s.gender\n FROM game_comments AS c, signup AS s\n WHERE c.GID = " . $gid . " AND c.status = '1' AND c.UID = s.UID \n ORDER BY c.addtime DESC LIMIT " . $limit;
$rs = $conn->execute($sql);
$comments = $rs->getrows();
$page_link = $pagination->getPagination('game/' . $gid, 'p_game_comments_' . $gid . '_');
$page_link_b = $pagination->getPagination('game/' . $gid, 'pp_game_comments_' . $gid . '_');
$start_num = $pagination->getStartItem();
$end_num = $pagination->getEndItem();
$code[] = '<div class="blinkp">';
$code[] = $lang['global.showing'] . ' <strong>' . $start_num . '</strong> ' . $lang['global.to'] . ' <strong>' . $end_num . '</strong> ' . $lang['global.of'] . ' <strong>' . $total . '</strong> ' . $lang['global.comments'] . '.';
<?php
defined('_VALID') or die('Restricted Access!');
require $config['BASE_DIR'] . '/classes/filter.class.php';
require $config['BASE_DIR'] . '/include/compat/json.php';
require $config['BASE_DIR'] . '/include/adodb/adodb.inc.php';
require $config['BASE_DIR'] . '/include/dbconn.php';
$data = array('status' => 0, 'msg' => '');
if (isset($_POST['video_id'])) {
$filter = new VFilter();
$video_id = $filter->get('video_id', 'INTEGER');
if (isset($_SESSION['uid'])) {
$sql = "SELECT VID FROM favourite WHERE VID = " . $video_id . " AND UID = " . intval($_SESSION['uid']) . " LIMIT 1";
$conn->execute($sql);
if ($conn->Affected_Rows() == 1) {
$data['msg'] = show_err($lang['ajax.favorite_video_exists']);
} else {
$sql = "SELECT VID FROM video WHERE VID = " . $video_id . " AND UID = " . intval($_SESSION['uid']) . " LIMIT 1";
$conn->execute($sql);
if ($conn->Affected_Rows() == 1) {
$data['msg'] = show_err($lang['ajax.favorite_video_self']);
} else {
$sql = "INSERT INTO favourite SET VID = " . $video_id . ", UID = " . intval($_SESSION['uid']);
$conn->execute($sql);
$sql = "UPDATE video SET fav_num = fav_num+1 WHERE VID = " . $video_id . " LIMIT 1";
$conn->execute($sql);
$data['msg'] = show_msg($lang['ajax.favorite_video_success']);
$data['status'] = 1;
}
}
} else {
<?php
defined('_VALID') or die('Restricted Access!');
require $config['BASE_DIR'] . '/classes/filter.class.php';
require $config['BASE_DIR'] . '/include/adodb/adodb.inc.php';
require $config['BASE_DIR'] . '/include/dbconn.php';
require $config['BASE_DIR'] . '/include/compat/json.php';
$data = array('status' => 1, 'msg' => '');
if (isset($_POST['user_id'])) {
if (isset($_SESSION['uid'])) {
$uid = intval($_SESSION['uid']);
$filter = new VFilter();
$user_id = $filter->get('user_id', 'INTEGER');
if ($uid == $user_id) {
$data['msg'] = show_err('Invalid request!?');
} else {
$sql = "SELECT UID FROM video_subscribe WHERE UID = " . $uid . " AND SUID = " . $user_id . " LIMIT 1";
$conn->execute($sql);
if ($conn->Affected_Rows() != 1) {
$data['msg'] = show_err($lang['ajax.remove_sub_exists']);
} else {
$data['status'] = 1;
$data['msg'] = show_msg($lang['ajax.remove_sub_success']);
$sql = "DELETE FROM video_subscribe WHERE UID = " . $uid . " AND SUID = " . $user_id . " LIMIT 1";
$conn->execute($sql);
$sql = "UPDATE signup SET popularity = popularity-1, points = points-2 WHERE UID = " . $uid . " LIMIT 1";
$conn->execute($sql);
}
}
} else {
$data['msg'] = show_err($lang['ajax.remove_sub_login']);
<?php
defined('_VALID') or die('Restricted Access!');
require $config['BASE_DIR'] . '/classes/filter.class.php';
require $config['BASE_DIR'] . '/include/adodb/adodb.inc.php';
require $config['BASE_DIR'] . '/include/dbconn.php';
if (isset($_POST['friend_id'])) {
if (isset($_SESSION['uid'])) {
$filter = new VFilter();
$uid = intval($_SESSION['uid']);
$fid = $filter->get('friend_id', 'INTEGER');
$sql = "SELECT UID FROM friends WHERE UID = " . $uid . " AND FID = " . $fid . " AND status = 'Pending' LIMIT 1";
$conn->execute($sql);
if ($conn->Affected_Rows() == 1) {
$sql = "DELETE FROM friends WHERE UID = " . $uid . " AND FID = " . $fid . " LIMIT 1";
$conn->execute($sql);
$sql = "UPDATE signup SET total_friends = total_friends-1, popularity = popularity-2 WHERE UID = " . $uid . " LIMIT 1";
$conn->execute($sql);
$sql = "UPDATE signup SET points = points-2 WHERE UID = " . $fid . " LIMIT 1";
$conn->execute($sql);
$message = $lang['ajax.reject_friend_success'];
$sql = "SELECT u.username, u.email, p.friend_request FROM signup AS u, users_prefs AS p \n WHERE u.UID = " . $fid . " AND u.UID = p.UID LIMIT 1";
$rs = $conn->execute($sql);
if ($conn->Affected_Rows() === 1 && $rs->fields['friend_request'] == '1') {
$to = $rs->fields['email'];
$receiver = $rs->fields['username'];
$sql = "SELECT username FROM signup WHERE UID = " . $uid . " LIMIT 1";
$rs = $conn->execute($sql);
if ($conn->Affected_Rows() === 1) {
$username = $rs->fields['username'];
require $config['BASE_DIR'] . '/classes/email.class.php';
<?php
defined('_VALID') or die('Restricted Access!');
if ($config['game_module'] == '0') {
die;
}
require $config['BASE_DIR'] . '/classes/filter.class.php';
require $config['BASE_DIR'] . '/include/compat/json.php';
require $config['BASE_DIR'] . '/include/adodb/adodb.inc.php';
require $config['BASE_DIR'] . '/include/dbconn.php';
require $config['BASE_DIR'] . '/include/function_user.php';
$response = array('status' => 0, 'msg' => '', 'debug' => '');
if (isset($_POST['game_id'])) {
if (isset($_SESSION['uid'])) {
$filter = new VFilter();
$gid = $filter->get('game_id', 'INTEGER');
$uid = intval($_SESSION['uid']);
$sql = "SELECT UID FROM game WHERE GID = " . $gid . " LIMIT 1";
$rs = $conn->execute($sql);
if ($conn->Affected_Rows() === 1) {
$game = $rs->getrows();
if ($uid == $game[0][0]) {
deleteGame($gid);
$response['status'] = 1;
$response['msg'] = show_msg_mb($lang['ajax.delete_game_success']);
} else {
$response['msg'] = show_err_mb($lang['ajax.delete_game_failed']);
}
} else {
$response['msg'] = show_err_mb($lang['ajax.delete_game_failed']);
}
<?php
defined('_VALID') or die('Restricted Access!');
Auth::checkAdmin();
// If Posted
if (isset($_POST['submit_media_mp4'])) {
$filter = new VFilter();
//config settings
$iphone_convert = $filter->get('iphone_convert', 'INTEGER');
//db settings
$iphone_ovc_profile = $filter->get('iphone_ovc_profile');
$iphone_resize_base = $filter->get('iphone_resize_base');
$iphone_resize_width = $filter->get('iphone_resize_width', 'INTEGER');
$iphone_resize_height = $filter->get('iphone_resize_height', 'INTEGER');
$iphone_ref_bitrate = $filter->get('iphone_ref_bitrate', 'INTEGER');
$iphone_ref_type = $filter->get('iphone_ref_type');
$iphone_blackbars = $filter->get('iphone_blackbars', 'INTEGER');
$iphone_encodepass = $filter->get('iphone_encodepass', 'INTEGER');
$iphone_audio_sampling = $filter->get('iphone_audio_sampling', 'INTEGER');
$iphone_audio_bitrate = $filter->get('iphone_audio_bitrate', 'INTEGER');
// Set Defaults
$iphone_ovc_profile = $iphone_ovc_profile == '' ? 'standard' : $iphone_ovc_profile;
$iphone_resize_base = $iphone_resize_base == '' ? 'both' : $iphone_resize_base;
$iphone_resize_width = $iphone_resize_width == '' ? '480' : $iphone_resize_width;
$iphone_resize_height = $iphone_resize_height == '' ? '320' : $iphone_resize_height;
$iphone_ref_bitrate = $iphone_ref_bitrate == '' ? '1500' : $iphone_ref_bitrate;
$iphone_ref_type = $iphone_ref_type == '' ? 'standard' : $iphone_ref_type;
$iphone_encodepass = $iphone_encodepass == '1' ? '1' : '2';
$iphone_blackbars = $iphone_blackbars == '0' ? '0' : '1';
$iphone_audio_sampling = $iphone_audio_sampling == '' ? '48000' : $iphone_audio_sampling;
$iphone_audio_bitrate = $iphone_audio_bitrate == '' ? '128' : $iphone_audio_bitrate;
$sql = "SELECT FID FROM friends WHERE UID = " . $uid . " LIMIT 1";
$conn->execute($sql);
if ($conn->Affected_Rows() != 1) {
$access = false;
$_URL = $config['BASE_URL'] . '/error/private_messages_friends';
}
} elseif ($config['private_msgs'] == 'disabled') {
$access = false;
$_URL = $config['BASE_URL'] . '/error/private_messages_disabled';
}
if (!$access) {
VRedirect::go($_URL);
}
require $config['BASE_DIR'] . '/classes/filter.class.php';
require $config['BASE_DIR'] . '/classes/validation.class.php';
$filter = new VFilter();
$subject = $filter->get('s', 'STRING', 'GET');
$compose = array('receiver' => '', 'friend' => '', 'subject' => $subject, 'body' => '', 'save_outbox' => 1, 'send_self' => 0);
if (isset($query['1']) && $query['1'] != '') {
$valid = new VValidation();
if ($valid->usernameExists($query['1'])) {
$compose['receiver'] = $query['1'];
}
}
if (isset($_POST['send_mail'])) {
$valid = new VValidation();
$receiver = $filter->get('receiver');
$friend = $filter->get('receiver_friend');
$subject = $filter->get('subject');
$body = $filter->process(trim($_POST['body']), array('a'), array('href'));
if ($receiver == '') {
<?php
defined('_VALID') or die('Restricted Access!');
Auth::checkAdmin();
//include($config['BASE_DIR'].'/include/function_conversions.php');
if (isset($_POST['submit_media_mp4'])) {
$filter = new VFilter();
//config settings
$hd_convert = $filter->get('hd_convert', 'INTEGER');
//db settings
$condition_value = $filter->get('condition_value', 'INTEGER');
$hd_ovc_profile = $filter->get('hd_ovc_profile');
$hd_resize_base = $filter->get('hd_resize_base');
$hd_resize_width = $filter->get('hd_resize_width', 'INTEGER');
$hd_resize_height = $filter->get('hd_resize_height', 'INTEGER');
$hd_ref_bitrate = $filter->get('hd_ref_bitrate', 'INTEGER');
$hd_ref_type = $filter->get('hd_ref_type');
$hd_blackbars = $filter->get('hd_blackbars', 'INTEGER');
$hd_encodepass = $filter->get('hd_encodepass', 'INTEGER');
$hd_audio_sampling = $filter->get('hd_audio_sampling', 'INTEGER');
$hd_audio_bitrate = $filter->get('hd_audio_bitrate', 'INTEGER');
//prep
$hd_ovc_profile = $hd_ovc_profile == '' ? 'standard' : $hd_ovc_profile;
$hd_resize_base = $hd_resize_base == '' ? 'both' : $hd_resize_base;
$hd_resize_width = $hd_resize_width == '' ? '640' : $hd_resize_width;
$hd_resize_height = $hd_resize_height == '' ? '480' : $hd_resize_height;
$hd_ref_bitrate = $hd_ref_bitrate == '' ? '1500' : $hd_ref_bitrate;
$hd_ref_type = $hd_ref_type == '' ? 'standard' : $hd_ref_type;
$hd_encodepass = $hd_encodepass == '1' ? '1' : '2';
$hd_blackbars = $hd_blackbars == '0' ? '0' : '1';
$hd_audio_sampling = $hd_audio_sampling == '' ? '48000' : $hd_audio_sampling;
<?php
defined('_VALID') or die('Restricted Access!');
Auth::checkAdmin();
if (isset($_POST['submit_media_mp4'])) {
$filter = new VFilter();
//db settings
$flv_ovc_profile = $filter->get('flv_ovc_profile');
$flv_resize_base = $filter->get('flv_resize_base');
$flv_resize_width = $filter->get('flv_resize_width', 'INTEGER');
$flv_resize_height = $filter->get('flv_resize_height', 'INTEGER');
$flv_ref_bitrate = $filter->get('flv_ref_bitrate', 'INTEGER');
$flv_ref_type = $filter->get('flv_ref_type');
$flv_blackbars = $filter->get('flv_blackbars', 'INTEGER');
$flv_encodepass = $filter->get('flv_encodepass', 'INTEGER');
$flv_audio_sampling = $filter->get('flv_audio_sampling', 'INTEGER');
$flv_audio_bitrate = $filter->get('flv_audio_bitrate', 'INTEGER');
//prep
$flv_ovc_profile = $flv_ovc_profile == '' ? 'standard' : $flv_ovc_profile;
$flv_resize_base = $flv_resize_base == '' ? 'both' : $flv_resize_base;
$flv_resize_width = $flv_resize_width == '' ? '480' : $flv_resize_width;
$flv_resize_height = $flv_resize_height == '' ? '320' : $flv_resize_height;
$flv_ref_bitrate = $flv_ref_bitrate == '' ? '1500' : $flv_ref_bitrate;
$flv_ref_type = $flv_ref_type == '' ? 'standard' : $flv_ref_type;
$flv_encodepass = $flv_encodepass == '1' ? '1' : '2';
$flv_blackbars = $flv_blackbars == '0' ? '0' : '1';
$flv_audio_sampling = $flv_audio_sampling == '' ? '48000' : $flv_audio_sampling;
$flv_audio_bitrate = $flv_audio_bitrate == '' ? '128' : $flv_audio_bitrate;
if ($flv_ref_bitrate == '') {
$errors[] = 'Video Bit-rate for converted videos cannot be left blank!';
} elseif (!is_numeric($flv_ref_bitrate)) {
<?php
defined('_VALID') or die('Restricted Access!');
if ($config['game_module'] == '0') {
die;
}
require $config['BASE_DIR'] . '/classes/filter.class.php';
require $config['BASE_DIR'] . '/include/adodb/adodb.inc.php';
require $config['BASE_DIR'] . '/include/compat/json.php';
require $config['BASE_DIR'] . '/include/dbconn.php';
$data = array('msg' => '', 'status' => 0, 'debug' => '');
if (isset($_POST['parent_id']) && isset($_POST['comment_id'])) {
if (isset($_SESSION['uid'])) {
$filter = new VFilter();
$uid = intval($_SESSION['uid']);
$cid = $filter->get('comment_id', 'INTEGER');
$gid = $filter->get('parent_id', 'INTEGER');
$sql = "DELETE FROM game_comments WHERE UID = " . $uid . " AND GID = " . $gid . " AND CID = " . $cid . " LIMIT 1";
$conn->execute($sql);
if ($conn->Affected_Rows() == 1) {
$data['status'] = 1;
$sql = "UPDATE game SET total_comments = total_comments-1 WHERE GID = " . $gid . " LIMIT 1";
$conn->execute($sql);
$data['msg'] = $lang['ajax.comment_delete_success'];
} else {
$data['msg'] = $lang['ajax.comment_delete_failed'];
}
} else {
$data['msg'] = $lang['ajax.comment_delete_login'];
}
} else {
<?php
defined('_VALID') or die('Restricted Access!');
require $config['BASE_DIR'] . '/classes/auth.class.php';
require $config['BASE_DIR'] . '/classes/filter.class.php';
if ($config['blog_module'] == '0') {
VRedirect::go($config['BASE_URL'] . '/error/page_invalid');
}
$auth = new Auth();
$auth->check();
$uid = intval($_SESSION['uid']);
$username = $_SESSION['username'];
$blog_title = NULL;
$blog_content = NULL;
if (isset($_POST['blog_add_submit'])) {
$filter = new VFilter();
$title = $filter->get('blog_title');
$content = $_POST['blog_content'];
if ($title == '') {
$errors[] = $lang['blog.edit_title_empty'];
$err['title'] = 1;
} elseif (strlen($title) > 100) {
$errors[] = $lang['blog.edit_title_big'];
$err['title'] = 1;
} else {
$blog_title = $title;
}
if ($content == '') {
$errors[] = $lang['blog.edit_content_empty'];
$err['content'] = 1;
} elseif (strlen($content) > 3000) {
<?php
defined('_VALID') or die('Restricted Access!');
require $config['BASE_DIR'] . '/classes/auth.class.php';
require $config['BASE_DIR'] . '/classes/image.class.php';
require $config['BASE_DIR'] . '/classes/filter.class.php';
$auth = new Auth();
$auth->check();
if (isset($_SESSION['uid']) && $uid != $_SESSION['uid']) {
session_write_close();
header('Location: ' . $config['BASE_URL'] . '/error/album_permission');
die;
}
if (isset($_POST['add_photos_submit'])) {
$photos = 0;
$filter = new VFilter();
$image = new VImageConv();
foreach ($_FILES as $key => $values) {
if ($values['tmp_name'] != '') {
if (is_uploaded_file($values['tmp_name']) && ($check = getimagesize($values['tmp_name']))) {
$ext = strtolower(substr($values['name'], strrpos($values['name'], '.') + 1));
if (!check_image($values['tmp_name'], $ext)) {
continue;
}
$photo_expl = explode('_', $key);
$photo_nr = $photo_expl['1'];
$caption = $filter->get('caption_' . $photo_nr);
$sql_add = NULL;
if ($caption != '') {
$sql_add = ", caption = '" . mysql_real_escape_string($caption) . "'";
}
function constructQuery()
{
global $smarty;
$query = array();
$query_count = "SELECT COUNT(f.UID) AS total_users FROM signup AS u, users_flags AS f WHERE f.UID = u.UID";
$query_select = "SELECT u.*, f.RID, f.reason, f.message, f.addtime, f.flag_id\n FROM signup AS u, users_flags AS f\n WHERE f.UID = u.UID";
$query_option = array();
$option_orig = array('username' => '', 'email' => '', 'country' => '', 'name' => '', 'gender' => '', 'relation' => '', 'sort' => 'u.UID', 'order' => 'DESC', 'display' => 10);
$all = isset($_GET['all']) ? intval($_GET['all']) : 0;
if ($all == 1) {
unset($_SESSION['search_users_option']);
}
$option = isset($_SESSION['search_users_flagged_option']) ? $_SESSION['search_users_flagged_option'] : $option_orig;
if (isset($_POST['search_videos'])) {
global $config;
require $config['BASE_DIR'] . '/classes/filter.class.php';
$filter = new VFilter();
$option['username'] = $filter->get('username');
$option['email'] = $filter->get('email');
$option['country'] = $filter->get('country');
$option['name'] = $filter->get('name');
$option['gender'] = $filter->get('gender');
$option['relation'] = $filter->get('relation');
$option['sort'] = $filter->get('sort');
$option['order'] = $filter->get('order');
$option['display'] = $filter->get('display', 'INTEGER');
if ($option['username'] != '') {
$query_option[] = " AND u.username LIKE '%" . mysql_real_escape_string($option['username']) . "%'";
}
if ($option['email'] != '') {
$query_option[] = " AND u.email LIKE '%" . mysql_real_escape_string($option['email']) . "%'";
}
if ($option['country'] != '') {
$query_option[] = " AND u.country LIKE '%" . mysql_real_escape_string($option['country']) . "%'";
}
if ($option['name'] != '') {
$query_option[] = " AND ( u.fname LIKE '%" . mysql_real_escape_string($option['name']) . "%' OR u.lname LIKE '%" . mysql_real_escape_string($option['name']) . "%'";
}
if ($option['gender'] != '') {
$query_option[] = " AND u.gender = '" . mysql_real_escape_string($option['gender']) . "'";
}
if ($option['relation'] != '') {
$query_option[] = " AND u.relation = '" . mysql_real_escape_string($option['relation']) . "'";
}
$_SESSION['search_users_flagged_option'] = $option;
}
$query_option[] = " ORDER BY " . $option['sort'] . " " . $option['order'];
$query['select'] = $query_select . implode(' ', $query_option);
$query['count'] = $query_count . implode(' ', $query_option);
$query['page_items'] = $option['display'];
$smarty->assign('option', $option);
return $query;
}
<?php
defined('_VALID') or die('Restricted Access!');
require $config['BASE_DIR'] . '/classes/auth.class.php';
require $config['BASE_DIR'] . '/classes/filter.class.php';
if ($config['blog_module'] == '0') {
VRedirect::go($config['BASE_URL'] . '/error/page_invalid');
}
$auth = new Auth();
$auth->check();
$uid = intval($_SESSION['uid']);
$username = $_SESSION['username'];
$blog_title = NULL;
$blog_content = NULL;
if (isset($_POST['blog_edit_submit'])) {
$filter = new VFilter();
$title = $filter->get('blog_title');
$content = $filter->get('blog_content');
if ($title == '') {
$errors[] = $lang['blog.edit_title_empty'];
$err['title'] = 1;
} elseif (strlen($title) > 100) {
$errors[] = $lang['blog.edit_title_big'];
$err['title'] = 1;
} else {
$blog_title = $title;
}
if ($content == '') {
$errors[] = $lang['blog.edit_content_empty'];
$err['content'] = 1;
} elseif (strlen($content) > 3000) {
<?php
defined('_VALID') or die('Restricted Access!');
require $config['BASE_DIR'] . '/classes/filter.class.php';
$filter = new VFilter();
$mail_id = $filter->get('id', 'INTEGER', 'GET');
if (!$mail_id) {
VRedirect::go($config['BASE_URL'] . '/error/mail_missing');
}
$sql = "SELECT m.mail_id, m.sender, m.receiver, m.subject, m.body, s.photo, s.gender\n FROM mail AS m, signup AS s\n WHERE ( m.sender = '" . mysql_real_escape_string($username) . "' OR m.receiver = '" . mysql_real_escape_string($username) . "' )\n AND m.mail_id = " . $mail_id . " AND m.sender = s.username AND m.status = '1'\n LIMIT 1";
$rs = $conn->execute($sql);
if (!$conn->Affected_Rows()) {
VRedirect::go($config['BASE_URL'] . '/error/mail_missing');
}
$mail = $rs->getrows();
$mail = $mail['0'];
$sql = "UPDATE mail SET readed = '1' WHERE mail_id = " . $mail_id . " LIMIT 1";
$conn->execute($sql);
$smarty->assign('mail', $mail);
function construct_vote($likes, $dislikes)
{
$output = array();
$output[] = '<div class="pull-left">';
$output[] = '<i class="glyphicon glyphicon-thumbs-up"></i> <span id="photo_likes" class="text-white">' . $likes . '</span>';
$output[] = '</div>';
$output[] = '<div class="pull-right">';
$output[] = '<i class="glyphicon glyphicon-thumbs-down"></i> <span id="photo_dislikes" class="text-white">' . $dislikes . '</span>';
$output[] = '</div>';
$output[] = '<div class="clearfix"></div>';
return implode("\n", $output);
}
$data = array('msg' => '', 'rate' => 0, 'likes' => 0, 'dislikes' => 0, 'debug' => '');
if (isset($_POST['item_id']) && isset($_POST['vote'])) {
$allowed = false;
$filter = new VFilter();
$photo_id = $filter->get('item_id', 'INTEGER');
$vote = $filter->get('vote', 'STRING');
$sql = "SELECT p.rate, p.likes, p.dislikes, a.rate AS arate, a.likes AS alikes, a.dislikes AS adislikes FROM photos AS p, albums AS a\n WHERE p.PID = " . $photo_id . " AND a.AID = p.AID LIMIT 1";
$rs = $conn->execute($sql);
$rate = $rs->fields['rate'];
$likes = $rs->fields['likes'];
$dislikes = $rs->fields['dislikes'];
$arate = $rs->fields['arate'];
$alikes = $rs->fields['alikes'];
$adislikes = $rs->fields['adislikes'];
if ($config['photo_rate'] == 'user') {
if (isset($_SESSION['uid'])) {
$uid = intval($_SESSION['uid']);
$allowed = true;
}
}
if (!$errors) {
$dst = $config['BASE_DIR'] . '/media/users/orig/' . $image_name;
$image = new VImageConv();
$image->process($avatar_tmp, $dst, 'MAX_HEIGHT', 240, 200);
$image->resize(true);
if (file_exists($dst) && filesize($dst) > 100) {
$_SESSION['message'] = $lang['user.avatar_upload_msg'];
$_SESSION['uploaded'] = true;
VRedirect::go($config['BASE_URL'] . '/user/avatar');
}
}
}
}
if (isset($_POST['avatar_crop_submit'])) {
$filter = new VFilter();
$x = $filter->get('x1', 'INTEGER');
$y = $filter->get('y1', 'INTEGER');
$width = $filter->get('width', 'INTEGER');
$height = $filter->get('height', 'INTEGER');
$uid = $user['UID'];
$src = $config['BASE_DIR'] . '/media/users/orig/' . $uid . '.jpg';
$dst = $config['BASE_DIR'] . '/media/users/' . $uid . '.jpg';
$image = new VImageConv();
$image->process($src, $dst, 'EXACT', 100, 120);
$image->crop($x, $y, $width, $height, true);
if (file_exists($dst) && filesize($dst) > 100) {
$sql = "UPDATE signup SET photo = '" . intval($user['UID']) . ".jpg' WHERE UID = " . intval($uid) . " LIMIT 1";
$conn->execute($sql);
$_SESSION['message'] = $lang['user.avatar_crop_msg'];
VRedirect::go($config['BASE_URL'] . '/user/avatar');
}
}
$output = array();
$output[] = '<ul>';
$output[] = '<li><span' . $class_1 . '> </span></li>';
$output[] = '<li><span' . $class_2 . '> </span></li>';
$output[] = '<li><span' . $class_3 . '> </span></li>';
$output[] = '<li><span' . $class_4 . '> </span></li>';
$output[] = '<li><span' . $class_5 . '> </span></li>';
$output[] = '</ul>';
return implode("\n", $output);
}
$data = array('msg' => '', 'rating_code' => '', 'rate' => 0, 'ratedby' => 0, 'debug' => '');
if (isset($_POST['user_id']) && isset($_POST['rating'])) {
$allowed = false;
$filter = new VFilter();
$user_id = $filter->get('user_id', 'INTEGER');
$vote = $filter->get('rating', 'INTEGER');
$sql = "SELECT rate, ratedby FROM signup WHERE UID = " . $user_id . " LIMIT 1";
$rs = $conn->execute($sql);
$rate = $rs->fields['rate'];
$ratedby = $rs->fields['ratedby'];
if ($config['rating'] == 'user') {
if (isset($_SESSION['uid'])) {
$uid = intval($_SESSION['uid']);
$allowed = true;
}
} else {
$allowed = true;
}
if ($allowed) {
}
if ($config['edit_videos'] == '0') {
VRedirect::go($config['BASE_URL'] . '/error/page_invalid');
}
Auth::check();
$vid = get_request_arg('edit');
if (!$vid) {
VRedirect::go($config['BASE_URL'] . '/error/video_missing');
}
$uid = (int) $_SESSION['uid'];
$sql = "SELECT VID FROM video WHERE VID = " . $vid . " AND UID = " . $uid . " AND active = '1' LIMIT 1";
$conn->execute($sql);
if ($conn->Affected_Rows()) {
$categories = get_categories();
if (isset($_POST['edit_submit'])) {
$filter = new VFilter();
$title = $filter->get('title');
$keyword = $filter->get('keyword');
$channel = $filter->get('channel', 'INTEGER');
$type = $filter->get('type');
$thumb = $filter->get('thumb', 'INTEGER');
if ($title == '') {
$errors[] = $lang['upload.video_title_empty'];
$err['title'] = 1;
}
if ($keyword == '') {
$errors[] = $lang['upload.video_tags_empty'];
$err['tags'] = 1;
} else {
$keyword = prepare_string($keyword, false);
}
<?php
defined('_VALID') or die('Restricted Access!');
if ($config['game_module'] == '0') {
die;
}
require $config['BASE_DIR'] . '/classes/filter.class.php';
require $config['BASE_DIR'] . '/include/compat/json.php';
require $config['BASE_DIR'] . '/include/adodb/adodb.inc.php';
require $config['BASE_DIR'] . '/include/dbconn.php';
$data = array('status' => 0, 'msg' => '', 'debug' => '');
if (isset($_POST['item_id']) && isset($_POST['flag_id']) && isset($_POST['message'])) {
$filter = new VFilter();
$game_id = $filter->get('item_id', 'INTEGER');
$flag_id = $filter->get('flag_id');
$flag_message = $filter->get('message');
if (isset($_SESSION['uid'])) {
$uid = intval($_SESSION['uid']);
if ($flag_id == '' or strlen($flag_id) > 14) {
$data['msg'] = show_err_mb($lang['ajax.flag_invalid']);
} else {
$sql = "SELECT GID FROM game_flags WHERE GID = " . $game_id . " AND UID = " . $uid . " LIMIT 1";
$conn->execute($sql);
if ($conn->Affected_Rows() == 1) {
$data['msg'] = show_err_mb($lang['ajax.flag_game_exists']);
} else {
$sql = "INSERT INTO game_flags (GID, UID, reason, message, add_date)\n VALUES (" . $game_id . ", " . $uid . ", '" . mysql_real_escape_string($flag_id) . "',\n '" . mysql_real_escape_string($flag_message) . "', '" . date('Y-m-d') . "')";
$conn->execute($sql);
$data['status'] = 1;
$data['msg'] = show_msg_mb($lang['ajax.flag_game_success']);
}
$country = new I18N_ISO_3166();
$countries_twocode = $country->twocountry;
$countries = array();
foreach ($countries_twocode as $code => $value) {
$countries[] = $value;
}
$user = array();
$UID = isset($_GET['UID']) && is_numeric($_GET['UID']) ? intval(trim($_GET['UID'])) : NULL;
if (!$UID) {
$errors[] = 'Invalid user ID!';
}
if (!$errors) {
if (isset($_POST['edit_user'])) {
require $config['BASE_DIR'] . '/classes/filter.class.php';
require $config['BASE_DIR'] . '/classes/validation.class.php';
$filter = new VFilter();
$valid = new VValidation();
$email = $filter->get('email');
$fname = $filter->get('fname');
$lname = $filter->get('lname');
$town = $filter->get('town');
$city = $filter->get('city');
$zip = $filter->get('zip');
$aboutme = $filter->get('aboutme');
$fav_movies = $filter->get('fav_movie_show');
$fav_music = $filter->get('fav_music');
$fav_books = $filter->get('fav_book');
$occupation = $filter->get('occupation');
$interests = $filter->get('interest_hobby');
$company = $filter->get('company');
$school = $filter->get('school');
<?php
defined('_VALID') or die('Restricted Access!');
require $config['BASE_DIR'] . '/classes/filter.class.php';
require $config['BASE_DIR'] . '/include/adodb/adodb.inc.php';
require $config['BASE_DIR'] . '/include/compat/json.php';
require $config['BASE_DIR'] . '/classes/pagination.class.php';
require $config['BASE_DIR'] . '/include/dbconn.php';
$data = array('comments_code' => '');
$code = array();
$items_code = NULL;
if (isset($_POST['notice_id']) && isset($_POST['page'])) {
$filter = new VFilter();
$nid = $filter->get('notice_id', 'INTEGER');
$page = $filter->get('page', 'INTEGER');
$uid = isset($_SESSION['uid']) ? intval($_SESSION['uid']) : NULL;
$sql = "SELECT COUNT(CID) AS total_comments FROM notice_comments WHERE NID = " . $nid . " AND status = '1'";
$rsc = $conn->execute($sql);
$total = $rsc->fields['total_comments'];
$pagination = new Pagination(10, $page);
$limit = $pagination->getLimit($total);
$sql = "SELECT c.CID, c.UID, c.comment, c.addtime, s.username, s.photo, s.gender\n FROM notice_comments AS c, signup AS s \n WHERE c.NID = " . $nid . " AND c.status = '1' AND c.UID = s.UID \n ORDER BY c.addtime DESC LIMIT " . $limit;
$rs = $conn->execute($sql);
$comments = $rs->getrows();
$page_link = $pagination->getPagination('notice/' . $nid, 'p_notice_comments_' . $nid . '_');
$page_link_u = $pagination->getPagination('notice/' . $nid, 'pp_notice_comments_' . $nid . '_');
$start_num = $pagination->getStartItem();
$end_num = $pagination->getEndItem();
$code[] = $lang['global.showing'] . ' <span class="text-white">' . $start_num . '</span> ' . $lang['global.to'] . ' <span id="end_num" class="text-white">' . $end_num . '</span> ' . $lang['global.of'] . ' <span id="total_comments" class="text-white">' . $total . '</span> ' . $lang['global.comments'] . '.';
$code[] = '<div id="blog_response" class="response" style="display: none;"></div>';
if ($comments) {
if (isset($_POST['notice_id']) && isset($_POST['comment'])) {
if ($config['notice_comments'] == '0') {
$data['msg'] = show_err($lang['ajax.notice_comment_disabled']);
} elseif (isset($_SESSION['uid'])) {
$spam = false;
if (isset($_SESSION['n_comment_added'])) {
$delay = intval($_SESSION['n_comment_added']) + 30;
if (time() < $delay) {
$spam = true;
$_SESSION['n_comment_added'] = time();
}
}
if ($spam) {
$data['msg'] = show_err($lang['ajax.dont_spam']);
} else {
$filter = new VFilter();
$uid = intval($_SESSION['uid']);
$nid = $filter->get('notice_id', 'INTEGER');
$comment = $filter->get('comment');
$sql = "INSERT INTO notice_comments ( NID, UID, comment, addtime )\n VALUES (" . $nid . ", " . $uid . ", '" . mysql_real_escape_string($comment) . "', '" . time() . "')";
$conn->execute($sql);
$cid = mysql_insert_id();
$sql = "UPDATE notice SET total_comments = total_comments+1 WHERE NID = " . $nid . " LIMIT 1";
$conn->execute($sql);
$username = $_SESSION['username'];
$photo = $_SESSION['photo'] == '' ? 'nopic-' . $_SESSION['gender'] . '.gif' : $_SESSION['photo'];
$code = '<div id="notice_comment_' . $nid . '_' . $cid . '" class="col-xs-12 m-t-15">';
$code .= '<div class="row">';
$code .= '<div class="pull-left">';
$code .= '<a href="' . $config['BASE_URL'] . '/user/' . $username . '">';
$code .= '<img src="' . $config['BASE_URL'] . '/media/users/' . $photo . '" title="' . $username . '\'s avatar" alt="' . $username . '\'s avatar" class="img-responsive comment-avatar" />';
defined('_VALID') or die('Restricted Access!');
require $config['BASE_DIR'] . '/classes/auth.class.php';
$auth = new Auth();
$auth->check();
// we dont cache anything here...needed for the album avatar update!
header('Expires: Mon, 26 Jul 1997 05:00:00 GMT');
header('Cache-Control: no-store, no-cache, must-revalidate');
header('Cache-Control: post-check=0, pre-check=0', false);
header('Pragma: no-cache');
if (isset($_SESSION['uid']) && $uid != $_SESSION['uid']) {
VRedirect::go($config['BASE_URL'] . '/error/album_permission');
}
if (isset($_POST['submit_album_edit'])) {
require $config['BASE_DIR'] . '/classes/filter.class.php';
require $config['BASE_DIR'] . '/classes/image.class.php';
$filter = new VFilter();
$name = $filter->get('album_name');
$category = $filter->get('album_category');
$tags = $filter->get('album_tags');
$type = $filter->get('album_type');
$x = $filter->get('x1', 'INTEGER');
$y = $filter->get('y1', 'INTEGER');
$width = $filter->get('width', 'INTEGER');
$height = $filter->get('height', 'INTEGER');
$pid = $filter->get('photo', 'INTEGER');
$random = $filter->get('random');
if ($width < 50 || $width > 580 || $height != $width) {
$x = $filter->get('x1-i', 'INTEGER');
$y = $filter->get('y1-i', 'INTEGER');
$width = $filter->get('width-i', 'INTEGER');
$height = $filter->get('height-i', 'INTEGER');
<?php
defined('_VALID') or die('Restricted Access!');
if ($config['photo_module'] == '0') {
die;
}
require $config['BASE_DIR'] . '/classes/filter.class.php';
require $config['BASE_DIR'] . '/include/adodb/adodb.inc.php';
require $config['BASE_DIR'] . '/include/dbconn.php';
require $config['BASE_DIR'] . '/include/compat/json.php';
$data = array('status' => 0, 'msg' => '');
if (isset($_POST['photo_id'])) {
if (isset($_SESSION['uid'])) {
$filter = new VFilter();
$pid = $filter->get('photo_id', 'INTEGER');
$uid = intval($_SESSION['uid']);
$sql = "DELETE FROM photo_favorites WHERE UID = " . $uid . " AND PID = " . $pid . " LIMIT 1";
$conn->execute($sql);
$data['status'] = 1;
$data['msg'] = show_msg_mb($lang['ajax.remove_fav_photo_success']);
} else {
$response = show_err_mb($lang['ajax.remove_fav_photo_login']);
}
} else {
$data['msg'] = 'Invalid request!?';
}
echo json_encode($data);
die;
<?php
defined('_VALID') or die('Restricted Access!');
Auth::checkAdmin();
$album = array('username' => 'anonymous', 'name' => '', 'tags' => '', 'category' => 0, 'type' => 'public');
if (isset($_POST['add_album'])) {
require $config['BASE_DIR'] . '/classes/filter.class.php';
$filter = new VFilter();
$username = $filter->get('username');
$name = $filter->get('name');
$tags = $filter->get('tags');
$category = $filter->get('category', 'INTEGER');
$type = $filter->get('type');
if ($username == '') {
$errors[] = 'Please add a username for your game!';
} else {
$sql = "SELECT UID FROM signup WHERE username = '******' LIMIT 1";
$rs = $conn->execute($sql);
if ($conn->Affected_Rows() === 1) {
$uid = intval($rs->fields['UID']);
$album['username'] = $username;
} else {
$errors[] = 'Invalid username. Are you sure this username exists?!';
}
}
if ($name == '') {
$errors[] = 'Album name field cannot be blank!';
} elseif (strlen($name) < 3) {
$errors[] = 'Album title field must contain at least 3 characters and no more then 99!';
} else {
$album['name'] = $name;
if (isset($_POST['blog_id']) && isset($_POST['comment'])) {
if ($config['blog_comments'] == '0') {
$data['msg'] = $lang['ajax.blog_comment_disabled'];
} elseif (isset($_SESSION['uid'])) {
$spam = false;
if (isset($_SESSION['b_comment_added'])) {
$delay = intval($_SESSION['b_comment_added']) + 30;
if (time() < $delay) {
$spam = true;
$_SESSION['b_comment_added'] = time();
}
}
if ($spam) {
$data['msg'] = $lang['ajax.dont_spam'];
} else {
$filter = new VFilter();
$uid = intval($_SESSION['uid']);
$bid = $filter->get('blog_id', 'INTEGER');
$comment = $filter->get('comment');
$comment = preg_replace('/\\[photo=(.*?)\\]/ms', '<img src="' . $config['BASE_URL'] . '/media/photos/tmb/\\1.jpg" alt="" class="blog_image" />', $comment);
$sql = "INSERT INTO blog_comments ( BID, UID, comment, addtime )\n VALUES (" . $bid . ", " . $uid . ", '" . mysql_real_escape_string($comment) . "', '" . time() . "')";
$conn->execute($sql);
$cid = mysql_insert_id();
$sql = "UPDATE blog SET total_comments = total_comments+1 WHERE BID = " . $bid . " LIMIT 1";
$conn->execute($sql);
$username = $_SESSION['username'];
$photo = $_SESSION['photo'] == '' ? 'nopic-' . $_SESSION['gender'] . '.gif' : $_SESSION['photo'];
$code = '<div id="blog_comment_' . $bid . '_' . $cid . '">';
$code .= '<div id="delete_response_' . $cid . '" class="response" style="display: none;"></div>';
$code .= '<div class="comment">';
$code .= '<div class="comment_left">';
<?php
define('_VALID', true);
require 'include/config.php';
require 'classes/filter.class.php';
require 'classes/validation.class.php';
require 'include/function_smarty.php';
if (isset($_POST['submit_lost'])) {
$filter = new VFilter();
$valid = new VValidation();
$email = $filter->get('email');
if ($email == '') {
$errors[] = $lang['confirm.expl'];
} elseif (!$valid->email($email)) {
$errors[] = $lang['global.email_invalid'];
} elseif (!$valid->emailExists($email)) {
$errors[] = $lang['confirm.email_invalid'];
} else {
require 'classes/random.class.php';
require 'classes/email.class.php';
$passwd = VRandom::generate(8);
$password = md5($passwd);
$sql = "SELECT username FROM signup WHERE email = '" . mysql_real_escape_string($email) . "' LIMIT 1";
$rs = $conn->execute($sql);
$username = $rs->fields['username'];
$sql = "UPDATE signup SET pwd = '" . mysql_real_escape_string($password) . "'\n WHERE username = '******' LIMIT 1";
$conn->execute($sql);
$smarty->assign('receiver_name', $username);
$smarty->assign('password', $passwd);
$sql = "SELECT * FROM emailinfo WHERE email_id = 'recover_password' LIMIT 1";
$rs = $conn->execute($sql);
<?php
defined('_VALID') or die('Restricted Access!');
require $config['BASE_DIR'] . '/classes/filter.class.php';
require $config['BASE_DIR'] . '/include/adodb/adodb.inc.php';
require $config['BASE_DIR'] . '/include/compat/json.php';
require $config['BASE_DIR'] . '/classes/pagination.class.php';
require $config['BASE_DIR'] . '/include/dbconn.php';
$code = array();
if (isset($_POST['user_id']) && isset($_POST['page'])) {
$filter = new VFilter();
$oid = $filter->get('user_id', 'INTEGER');
$page = $filter->get('page', 'INTEGER');
$uid = isset($_SESSION['uid']) ? intval($_SESSION['uid']) : NULL;
$sql = "SELECT username FROM signup WHERE UID = " . $oid . " LIMIT 1";
$rs = $conn->execute($sql);
$username = $rs->fields['username'];
$sql = "SELECT COUNT(wall_id) AS total_walls FROM wall WHERE OID = " . $oid;
$rsc = $conn->execute($sql);
$total = $rsc->fields['total_walls'];
$pagination = new Pagination(10, $page);
$limit = $pagination->getLimit($total);
$sql = "SELECT w.wall_id, w.UID, w.message, w.addtime, u.username, u.photo, u.gender\n FROM wall AS w, signup AS u WHERE w.OID = " . $oid . " AND w.status = '1' AND w.UID = u.UID \n ORDER BY w.addtime DESC LIMIT " . $limit;
$rs = $conn->execute($sql);
$comments = $rs->getrows();
$page_link = $pagination->getPagination('user/' . $username . '/wall', 'p_wall_comments_' . $oid . '_');
$page_link_b = $pagination->getPagination('user/' . $username . '/wall', 'pp_wall_comments_' . $oid . '_');
$start_num = $pagination->getStartItem();
$end_num = $pagination->getEndItem();
$code[] = $lang['global.showing'] . ' <span class="text-white">' . $start_num . '</span> ' . $lang['global.to'] . ' <span id="end_num" class="text-white">' . $end_num . '</span> ' . $lang['global.of'] . ' <span id="total_comments" class="text-white">' . $total . '</span> ' . $lang['global.comments'] . '.';
$code[] = '<div id="wall_response" class="wall_posting" style="display: none;">' . $lang['global.posting'] . '</div>';
<?php
defined('_VALID') or die('Restricted Access!');
Auth::checkAdmin();
require_once 'editor_files/editor_functions.php';
require_once 'editor_files/config.php';
require_once 'editor_files/editor_class.php';
$editor = new wysiwygPro();
$editor->usexhtml(true);
$notice = array('username' => '', 'title' => '', 'category' => '', 'content' => '');
if (isset($_POST['submit_add_notice'])) {
require $config['BASE_DIR'] . '/classes/filter.class.php';
require $config['BASE_DIR'] . '/classes/validation.class.php';
$filter = new VFilter();
$valid = new VValidation();
$username = $filter->get('username');
$title = $filter->get('title');
$content = trim($_POST['htmlCode']);
$category = $filter->get('category', 'INTEGER');
if ($username == '') {
$errors[] = 'Username field cannot be blank!';
} elseif (!$valid->usernameExists($username)) {
$errors[] = 'Username does not exist!';
} else {
$notice['username'] = $username;
}
if ($title == '') {
$errors[] = 'Notice title field cannot be blank!';
} elseif (strlen($title) > 299) {
$errors[] = 'Notice title field cannot contain more then 299 characters!';
} else {
