/** * page code function */ function PageCompPageMainCode() { $memberID = getLoggedId(); $p_arr = getProfileInfo($memberID); //db_assoc_arr( "SELECT `Status` FROM `Profiles` WHERE `ID` = '$memberID'" ); if ($p_arr['Status'] != 'Unconfirmed') { return _t("_NO_NEED_TO_CONFIRM_EMAIL"); } else { return activation_mail($memberID); } }
$sel_str = ""; while (list($key, $val) = each($_POST)) { if ((int) $key && $val) { $sel_str .= ",{$key}"; } } $sel_str = substr($sel_str, 1); $sel_arr = explode(",", $sel_str); $owner = $PARTNER ? $_COOKIE['partnerID'] : 0; while (list($key, $val) = each($sel_arr)) { switch ($_POST['prf_form_submit']) { case "Delete": profile_delete($val); break; case "Confirm Email": activation_mail($val, 0); break; case "Send Message": profile_send_message($val, $_POST['Message']); break; case 'Activate': db_res("UPDATE `Profiles` SET `Status` = 'Active' WHERE `ID` = '" . (int) $val . "'"); createUserDataFile((int) $val); reparseObjTags('profile', (int) $val); break; case 'Approval': db_res("UPDATE `Profiles` SET `Status` = 'Approval' WHERE `ID` = '" . (int) $val . "'"); createUserDataFile((int) $val); reparseObjTags('profile', (int) $val); break; case 'Ban':
exit; } else { if ((isset($_POST['adm-mp-delete']) || isset($_POST['adm-mp-delete-spammer'])) && (bool) $_POST['members']) { $iIdCurr = getLoggedId(); foreach ($_POST['members'] as $iId) { $iId = (int) $iId; if ($iIdCurr != $iId) { $bResult = profile_delete($iId, isset($_POST['adm-mp-delete-spammer'])); } } echo "<script>window.parent." . BX_DOL_ADM_MP_JS_NAME . ".reload();</script>"; exit; } else { if (isset($_POST['adm-mp-confirm']) && (bool) $_POST['members']) { foreach ($_POST['members'] as $iId) { activation_mail((int) $iId, 0); } echo "<script>alert('" . _t('_adm_txt_mp_activation_sent') . "')</script>"; exit; } else { if (isset($_POST['action']) && $_POST['action'] == 'get_members') { $aParams = array(); if (is_array($_POST['ctl_value'])) { foreach ($_POST['ctl_value'] as $sValue) { $aValue = explode('=', $sValue); $aParams[$aValue[0]] = $aValue[1]; } } echo json_encode(array('code' => 0, 'content' => getMembers(array('view_type' => $_POST['view_type'], 'view_start' => (int) $_POST['view_start'], 'view_per_page' => (int) $_POST['view_per_page'], 'view_order' => $_POST['view_order'], 'ctl_type' => $_POST['ctl_type'], 'ctl_params' => $aParams)))); exit; } else {
function insert($fname, $lname, $email, $pass, $createDate) { require 'dbconnect.php'; $db = database_connect(); $v = $db->prepare("INSERT INTO user (`fname`, `lname`, `email`, `pass`, `create_date`) VALUES (?,?,?,?,?)"); $v->bindValue(1, $fname); $v->bindValue(2, $lname); $v->bindValue(3, $email); $v->bindValue(4, $pass); $v->bindValue(5, $createDate); $res = $v->execute(); echo $res; $db = NULL; } insert($_POST['fname'], $_POST['lname'], $_POST['new-email'], $_POST['pass1'], "2015-05-10"); activation_mail($_POST['fname'], $_POST['lname'], $_POST['new-email']); exit; } ?> <?php if (isset($_POST['login'])) { function login($user, $pass) { require 'dbconnect.php'; $db = database_connect(); $v = $db->prepare("SELECT * FROM `user` WHERE email = '" . $user . "'"); $v->execute(); $res = $v->fetch(PDO::FETCH_ASSOC); if ($pass == $res['pass']) { $db = NULL;
/** * page code function */ function PageCompPageMainCode() { global $site; global $dir; global $tmpl; global $page; global $join_page_check_limit; global $join_pages_num; global $p_arr; global $_page; global $en_aff; global $oTemplConfig; global $newusernotify; $enable_security_image = getParam('enable_security_image'); $autoApproval_ifJoin = isAutoApproval('join'); ob_start(); switch ($page) { // fill inputs with values from precede join pages case $page > 1: $hidden_vals = ''; // inputs with POST values $respd = db_res("SELECT * FROM ProfilesDesc WHERE `visible` & 2 AND ( FIND_IN_SET('0',show_on_page) OR FIND_IN_SET('" . (int) $_page['name_index'] . "',show_on_page)) {$join_page_check_limit} ORDER BY `order` ASC"); while ($arrpd = mysql_fetch_array($respd)) { $fname = get_input_name($arrpd); switch ($arrpd['type']) { case 'set': // set of checkboxes $vals = preg_split("/[,\\']+/", $arrpd['extra'], -1, PREG_SPLIT_NO_EMPTY); $p_arr[$fname] = ''; foreach ($vals as $v) { if (strlen(trim($v)) <= 0) { continue; } $hidden_vals .= '<input type="hidden" name="' . ($fname . "_" . $v) . '" value="' . process_pass_data($_POST[$fname . "_" . $v]) . '">'; $p_arr[$fname . "_" . $v] = process_pass_data($_POST[$fname . "_" . $v]); if ($_POST[$fname . "_" . $v] == 'on') { if (strlen($p_arr[$fname])) { $p_arr[$fname] .= ",{$v}"; } else { $p_arr[$fname] .= $v; } } } break; case 'date': $p_arr[$fname] = sprintf("%04d-%02d-%02d", (int) $_POST[$fname . '_year'], (int) $_POST[$fname . '_month'], (int) $_POST[$fname . '_day']); $hidden_vals .= '<input type="hidden" name="' . $fname . '_year" value="' . (int) $_POST[$fname . '_year'] . '" />'; $hidden_vals .= '<input type="hidden" name="' . $fname . '_month" value="' . (int) $_POST[$fname . '_month'] . '" />'; $hidden_vals .= '<input type="hidden" name="' . $fname . '_day" value="' . (int) $_POST[$fname . '_day'] . '">'; break; default: if ($arrpd['get_value']) { $funcbody = $arrpd['get_value']; $func = create_function('$arg0', $funcbody); $hidden_vals .= '<input type="hidden" name="' . $fname . '" value="' . process_pass_data($_POST[$fname]) . '">'; $p_arr[$fname] = process_pass_data($func($_POST)); } else { $hidden_vals .= '<input type="hidden" name="' . $fname . '" value="' . process_pass_data($_POST[$fname]) . '">'; $p_arr[$fname] = process_pass_data($_POST[$fname]); } break; } } // check values $query = "SELECT * FROM ProfilesDesc\n\t\t\t\tWHERE `visible` & 2 AND ( FIND_IN_SET('0',show_on_page) OR FIND_IN_SET('" . (int) $_page['name_index'] . "',show_on_page)) {$join_page_check_limit}\n\t\t\t\tORDER BY `join_page` ASC"; $respd = db_res($query); while ($arrpd = mysql_fetch_array($respd)) { if (!strlen($arrpd['check'])) { continue; } $fname = get_input_name($arrpd); $funcbody = $arrpd[check]; $func = create_function('$arg0', $funcbody); if (!$func($p_arr[$fname])) { $add_on .= report_err(_t($arrpd['because'], $arrpd['min_length'], $arrpd['max_length'])); } } $page = !$add_on ? $page : $page - 1; break; break; case 'done': // fill array with POST values $respd = db_res("SELECT * FROM ProfilesDesc WHERE `visible` & 2 AND ( FIND_IN_SET('0',show_on_page) OR FIND_IN_SET('" . (int) $_page['name_index'] . "',show_on_page)) {$join_page_check_limit} ORDER BY `order` ASC"); while ($arrpd = mysql_fetch_array($respd)) { $fname = get_input_name($arrpd); switch ($arrpd['type']) { case 'set': // set of checkboxes $vals = preg_split("/[,\\']+/", $arrpd['extra'], -1, PREG_SPLIT_NO_EMPTY); $p_arr[$fname] = ''; foreach ($vals as $v) { if (strlen(trim($v)) <= 0) { continue; } $hidden_vals .= '<input type="hidden" name="' . ($fname . "_" . $v) . '" value="' . process_pass_data($_POST[$fname . "_" . $v]) . '">'; $p_arr[$fname . "_" . $v] = process_pass_data($_POST[$fname . "_" . $v]); if ($_POST[$fname . "_" . $v] == 'on') { if (strlen($p_arr[$fname])) { $p_arr[$fname] .= ",{$v}"; } else { $p_arr[$fname] .= $v; } } } break; case 'date': $p_arr[$fname] = sprintf("%04d-%02d-%02d", (int) $_POST[$fname . '_year'], (int) $_POST[$fname . '_month'], (int) $_POST[$fname . '_day']); $hidden_vals .= '<input type="hidden" name="' . $fname . '_year" value="' . (int) $_POST[$fname . '_year'] . '" />'; $hidden_vals .= '<input type="hidden" name="' . $fname . '_month" value="' . (int) $_POST[$fname . '_month'] . '" />'; $hidden_vals .= '<input type="hidden" name="' . $fname . '_day" value="' . (int) $_POST[$fname . '_day'] . '">'; break; default: if ($arrpd['get_value']) { $funcbody = $arrpd['get_value']; $func = create_function('$arg0', $funcbody); $hidden_vals .= '<input type="hidden" name="' . $fname . '" value="' . process_pass_data($_POST[$fname]) . '">'; $p_arr[$fname] = process_pass_data($func($_POST)); } else { $hidden_vals .= '<input type="hidden" name="' . $fname . '" value="' . process_pass_data($_POST[$fname]) . '">'; $p_arr[$fname] = process_pass_data($_POST[$fname]); } break; } } // check values if ($enable_security_image) { if (!isset($_POST['securityImageValue']) || !isset($_COOKIE['strSec']) || md5($_POST['securityImageValue']) != $_COOKIE['strSec']) { $page = $join_pages_num; $add_on .= report_err(_t("_SIMG_ERR")); } } $respd = db_res("SELECT * FROM ProfilesDesc WHERE `visible` & 2 AND ( FIND_IN_SET('0',show_on_page) OR FIND_IN_SET('" . (int) $_page['name_index'] . "',show_on_page)) {$join_page_check_limit} AND `join_page` > 0 ORDER BY `order` ASC"); while ($arrpd = mysql_fetch_array($respd)) { if (!strlen(trim($arrpd['check']))) { continue; } $fname = get_input_name($arrpd); $funcbody = $arrpd['check']; $func = create_function('$arg0', $funcbody); if (!$func($p_arr[$fname])) { $page = floor($arrpd['join_page'] / 1000); $add_on .= report_err(_t($arrpd['because'], $arrpd['min_length'], $arrpd['max_length'])); } } break; default: break; } switch ($page) { default: global $tmpl; if ($oTemplConfig->customize['join_page']['showPageText']) { $page_text = _t("_JOIN1", $page); } echo $add_on; break; } switch ($page) { case 'done': // new profile creation $cl_values = "INSERT INTO `Profiles` SET "; $cl_first = 0; $respd = db_res("SELECT * FROM ProfilesDesc WHERE `visible` & 2 AND `to_db` = 1 AND ( FIND_IN_SET('0',show_on_page) OR FIND_IN_SET('" . (int) $_page['name_index'] . "',show_on_page)) {$join_page_check_limit} ORDER BY `order` ASC"); while ($arrpd = mysql_fetch_array($respd)) { $fname = get_input_name($arrpd); $dbname = get_field_name($arrpd); $fval = $p_arr[$fname]; if ($dbname == 'zip') { $fval = strtoupper(str_replace(' ', '', $fval)); } switch ($arrpd['type']) { case 'set': // set of checkboxes // set of checkboxes case 'r': // reference to array for combo box // reference to array for combo box case 'a': // text Area // text Area case 'c': // input box // input box case 'rb': // radio buttons // radio buttons case 'e': // enum combo box // enum combo box case 'en': // enum combo box with numbers // enum combo box with numbers case 'eny': // enum combo box with numbers // enum combo box with numbers case 'date': // date $fval = process_db_input($fval, 0, 1); $cl_values .= " `{$dbname}` = '{$fval}'"; $cl_values .= ", "; break; case 'p': $fval = md5(process_pass_data($fval)); $cl_values .= " `{$dbname}` = '{$fval}'"; $cl_values .= ", "; break; } } $cl_values .= " `LastReg` = NOW()"; db_res($cl_values); $IDnormal = mysql_insert_id(); $IDcrypt = crypt($IDnormal, "secret_string"); // encrypted ID for security purposes setcookie("IDc", $IDcrypt, 0, "/"); $_COOKIE['IDc'] = $IDcrypt; // Affiliate and friend checking if ($en_aff && $_COOKIE['idAff']) { $res = db_res("SELECT `ID` FROM `aff` WHERE `ID` = {$_COOKIE['idAff']} AND `Status` = 'active'"); if (mysql_num_rows($res)) { $res = db_res("INSERT INTO `aff_members` (`idAff`,`idProfile`) VALUES ({$_COOKIE['idAff']}, {$IDnormal})"); } } if ($en_aff && $_COOKIE['idFriend']) { $idFriend = getID($_COOKIE['idFriend']); if ($idFriend) { $res = db_res("UPDATE `Profiles` SET `aff_num` = `aff_num` + 1 WHERE `ID` = '{$idFriend}'"); createUserDataFile($idFriend); } } if (strcmp(crypt($IDnormal, 'secret_string'), $_COOKIE['IDc']) != 0) { ob_end_clean(); $_page['header'] = _t("_Error"); $ret = "<table width=\"100%\" cellpadding=4 cellspacing=4><tr><td align=center class=text2>"; $ret .= _t("_MUST_HAVE_COOKIES"); $ret .= "</td></tr></table>"; return $ret; } if (getParam('autoApproval_ifNoConfEmail') == 'on') { if (getParam('autoApproval_ifJoin')) { db_res("UPDATE `Profiles` SET `Status`='Active' WHERE `ID`='{$IDnormal}'"); $page_text = _t("_USER_ACTIVATION_SUCCEEDED") . $ret . $add_on; $message = getParam("t_Activation"); $subject = getParam('t_Activation_subject'); sendMail($p_arr['Email'], $subject, $message, $IDnormal); } else { db_res("UPDATE `Profiles` SET `Status`='Approval' WHERE `ID`='{$IDnormal}'"); $page_text = _t("_USER_CONF_SUCCEEDED") . $add_on; } if ($newusernotify) { $message = "New user {$p_arr['NickName']} with email {$p_arr['Email']} has been confirmed,\nhis/her ID is {$IDnormal}.\n--\n{$site['title']} mail delivery system\n<Auto-generated e-mail, please, do not reply>\n"; $subject = "New user confirmed"; sendMail($site['email_notify'], $subject, $message); } } else { $page_text = _t("_JOIN3") . $add_on; $page_text .= activation_mail($IDnormal); $page_text .= "<br /><br /><br /><br /><center>" . _t("_UPLOAD_WHILE_WAITING", $site['url']) . "</center>"; } modules_add($IDnormal); if (!$autoApproval_ifJoin) { modules_block($IDnormal); } createUserDataFile($IDnormal); // ---------------------------------------------------------- echo "<div id=\"first_column\">"; echo "<table width=\"100%\" cellpadding=\"0\" cellspacing=\"0\" border=\"0\"><tr><td align=center class=text2>"; echo "<div align=justify>{$page_text}</div>"; break; default: echo "<div id=\"first_column\">"; echo "<table width=\"100%\" cellpadding=\"0\" cellspacing=\"0\" border=\"0\"><tr><td align=center class=text2>"; //----------------------------------------------------------- do { $join_page_limit = 'done' == $page ? " AND join_page > '" . $join_pages_num * 1000 . "'" : " AND join_page > '" . $page * 1000 . "' AND join_page < '" . ($page + 1) * 1000 . "'"; $query = "SELECT COUNT(*) FROM `ProfilesDesc` WHERE `visible` & 2 {$join_page_limit} AND (FIND_IN_SET('0',show_on_page) OR FIND_IN_SET('3',show_on_page))"; $res = db_res($query); $item_num = mysql_fetch_row($res); if ($item_num[0] <= 0 && $page < $join_pages_num) { $page++; } } while ($item_num[0] <= 0 && $page < $join_pages_num); $join_page_limit = 'done' == $page ? " AND join_page > '" . $join_pages_num * 1000 . "'" : " AND join_page > '" . $page * 1000 . "' AND join_page < '" . ($page + 1) * 1000 . "'"; $hidden_vals .= "<input type=\"hidden\" name=\"page\" value=\"{$page}\" />"; //----------------------------------------------------------- echo "\n\t <form name=\"jform\" method=\"post\" action=\"{$_SERVER['PHP_SELF']}\" " . ($join_pages_num == $page ? "onSubmit=\"return validateJoinForm();\">" : ">") . "\n\n\t {$hidden_vals}\n\n\t <input type=hidden name=\"ID\" value=\"{$IDnormal}\" />\n\n\t <div align=justify>{$page_text}</div>\n<table width=\"100%\" cellspacing=\"2\" cellpadding=\"0\" border=\"0\">"; $first_row = 1; $respd = db_res("SELECT * FROM ProfilesDesc\n\t\t\t WHERE `visible` & 2 AND ( FIND_IN_SET('0',show_on_page) OR FIND_IN_SET('" . (int) $_page['name_index'] . "',show_on_page)) {$join_page_limit}\n\t\t\t ORDER BY `join_page` ASC"); if ($oTemplConfig->customize['join_page']['show_3rd_col']) { $columns = 3; } else { $columns = 2; } while ($arrpd = mysql_fetch_array($respd)) { $fname = get_input_name($arrpd); if ($arrpd['get_value'] && $arrpd['to_db'] == 0) { $funcbody = $arrpd['get_value']; $func = create_function('$arg0', $funcbody); $p_arr[$fname] = $func($p_arr); } $not_first_row = 0; switch ($arrpd['type']) { case 'set': // set of checkboxes echo print_row_set($first_row, $arrpd, $p_arr[$fname], "table", 0, $columns); break; case 'rb': // radio buttons echo print_row_radio_button($first_row, $arrpd, $p_arr[$fname], "table", 0, $columns); break; case 'r': // reference to array for combo box if ($fname == 'Country') { $onchange = "flagImage = document.getElementById('flagImageId'); flagImage.src = '{$site['flags']}' + this.value.toLowerCase() + '.gif';"; if (strlen($p_arr[$fname]) == 0) { $p_arr[$fname] = getParam('default_country'); } $imagecode = '<img id="flagImageId" src="' . ($site['flags'] . strtolower($p_arr[$fname])) . '.gif" alt="flag" />'; } else { $onchange = ''; $imagecode = ''; } echo print_row_ref($first_row, $arrpd, $p_arr[$fname], "table", 0, $columns, '', 0, $onchange, $imagecode); break; case '0': // divider echo print_row_delim($first_row, $arrpd, "panel", $columns); $not_first_row = 1; $first_row = 1; break; case 'e': // enum combo box echo print_row_enum($first_row, $arrpd, $p_arr[$fname], "table", $javascript, 0); break; case 'en': // enum combo box with numbers echo print_row_enum_n($first_row, $arrpd, $p_arr[$fname], "table", 0, $columns); break; case 'eny': // enum combo box with years echo print_row_enum_years($first_row, $arrpd, $p_arr[$fname], "table", 0, $columns); break; case 'date': //date echo print_row_date($first_row, $arrpd, $p_arr[$fname], "table", 0, $columns); break; case 'a': // text Area echo print_row_area($first_row, $arrpd, $p_arr[$fname], "table", 0, $columns); break; case 'c': // input box echo print_row_edit($first_row, $arrpd, $p_arr[$fname], "table", 0, $columns); break; case 'p': // input box password echo print_row_pwd($first_row, $arrpd, $p_arr[$fname], "table", 0, $columns); break; default: $not_first_row = 1; break; } if (!$not_first_row && $first_row == 1) { $first_row = 0; } } echo "</table>"; // show on the last page of join form if ($join_pages_num == $page) { ?> <script language=javascript> <!-- function validateJoinForm() { if ( document.forms['jform'].elements['i_agree'].checked ) return true; alert('<?php echo _t("_CLICK_AGREE"); ?> '); return false; } --> </script> <?php echo "<br /><div class=\"security_image_block\"><center>\n"; if ($enable_security_image) { echo "\n\t\t <img alt=\"Security Image\" src=\"simg/simg.php\" /><br /><br />" . _t("_Enter what you see:") . "<input name=\"securityImageValue\" type=\"text\" size=\"15\"><br /><br />"; } echo "</center>"; $ret = <<<ID \t\t<script type="text/javascript"> \t\t\tfunction id_registration() \t\t\t{ \t\t\t\toCheckBox = document.getElementById( "boonex_id" ); \t\t\t\tif( oCheckBox.checked ) \t\t\t\t\twindow.open( 'http://www.boonex.com/id/', '', 'width=800, height=600, menubar=yes, status=yes, resizable=yes, scrollbars=yes, toolbar=yes, location=yes') \t\t\t} \t\t</script> ID; echo $ret; echo "\n\t\t <div style=\"text-align:center;\"><input type=checkbox name=i_agree id=i_agree /><label for=i_agree>" . _t("_I AGREE", $site['url']) . "</label> </div>\n"; // BoonEx ID implementation // <div style=\"text-align:center;\"><input type=checkbox name=\"boonex_id\" id=\"boonex_id\" /><label for=boonex_id>" . _t("_ID_CREATE", "http://www.boonex.com/id/" ) . "</label> </div>"; } echo "<br /><center><input onclick=\"id_registration();\" type=\"submit\" value=\"" . _t("_Join") . "\" /></center></form></div>"; break; } global $memberID; echo "</td></tr></table>"; echo "</div>"; echo "<div id=\"second_column\">"; echo "<div class=\"member_login\">"; $action = "login"; $text = _t('_Member Login'); $table = "Profiles"; $login_page = "{$site['url']}member.php"; $join_page = "{$site['url']}join_form.php"; $forgot_page = "{$site['url']}forgot.php"; $template = "{$dir['root']}templates/tmpl_{$tmpl}/join_login_form.html"; echo LoginForm($text, $action, $table, $login_page, $forgot_page, $template); echo "</div>"; if (getParam('enable_get_boonex_id')) { echo "<div class=\"import_boonex_id\">"; $action = "boonex"; $text = '<div class="boonex_id">' . _t('_Import BoonEx ID') . '</div>'; $table = "Profiles"; $login_page = "{$site['url']}member.php"; $join_page = "{$site['url']}join_form.php"; $forgot_page = ''; $template = "{$dir['root']}templates/tmpl_{$tmpl}/join_login_form.html"; echo LoginForm($text, $action, $table, $login_page, $forgot_page, $template); echo "</div>"; } echo "</div>"; $ret = ob_get_clean(); return $ret; }
} if (!$exist_arr || $ADMIN) { $create_result = db_res($cl_values); $affected_rows = mysql_affected_rows($MySQL->link); if (!$affected_rows) { $result_text .= _t("_No modification"); } else { if ($ADMIN && $_POST['NewProfile'] == 'YES') { $IDnormal = mysql_insert_id($MySQL->link); createUserDataFile($IDnormal); $result_text .= _t_action("_New profile created") . " ID: <a href='profile_edit.php?ID={$IDnormal}'>{$IDnormal}</a>."; } else { createUserDataFile($ID); if ('Unconfirmed' == $STATUS_CHANGE_TO) { // Send confirmation request to the user. activation_mail($ID); } $result_text .= _t_action('_MODIFICATIONS_APPLIED'); } } if ($ADMIN) { $Featured = $_POST['Featured'] == "on" ? 1 : 0; db_res("UPDATE `Profiles` SET `Featured` = '{$Featured}' WHERE `ID` = {$ID};"); createUserDataFile($ID); } if ($MEMBER) { setcookie("memberPassword", $p_arr_new['Password1'], 0, "/"); } if ($send_cupid_mail_id) { cupid_email($send_cupid_mail_id); }