function contact() { global $pagenum, $contactmessage, $set; $out = "<div id=\"LNE_contact\">\n<form method=\"post\" id=\"LNE_contactform\" action=\"\"><fieldset>\n"; if ($_SESSION['user'] != "") { $out .= "<input type=\"hidden\" name=\"name\" value=\"" . $_SESSION['user'] . "\" />\n"; $out .= "<input type=\"hidden\" name=\"email\" value=\"\" />\n"; } else { $out .= "<p><b>{$contactmessage['30']}:</b><br />\n"; $out .= "<input type=\"text\" name=\"name\" value=\"\" /></p>\n"; $out .= "<p><b>{$contactmessage['31']}:</b><br />\n"; $out .= "<input type=\"text\" name=\"email\" value=\"\" /></p>\n"; $out .= "<p><b>{$contactmessage['34']}:</b><br />\n"; $out .= "<input type=\"text\" name=\"phone\" value=\"\" /></p>\n"; } $out .= "<p><b>{$contactmessage['32']}:</b><br />\n"; $out .= "<textarea name=\"text\"></textarea></p>\n"; if ($_SESSION['user'] != "") { srand((double) microtime() * 1000000); $a = rand(1, 9); $b = rand(1, 9); $c = $a * $b; $_SESSION[session_id()] = $c; $out .= "<input type=\"hidden\" name=\"secCode\" value=\"{$c}\" />\n"; } else { $out .= "<p><b>{$contactmessage['99']}:</b><br />\n"; if ($set['extension'] == "0") { //text catchpa - use this is your server doesn't display the catchpa image correctly srand((double) microtime() * 1000000); $a = rand(0, 9); $b = rand(0, 9); $c = $a + $b; $out .= "{$a} + {$b} = "; $_SESSION[session_id()] = $c; $out .= "<input type=\"text\" name=\"secCode\" maxlength=\"2\" style=\"width:20px\" />"; $out .= "</p>\n"; // end of text catchpa } else { // image catchpa $out .= catchpa(); $out .= "</p>\n"; // end of image catchpa } } $out .= "<p><input type=\"hidden\" name=\"page\" value=\"{$pagenum}\" />\n"; $out .= "<input type=\"hidden\" name=\"submit\" value=\"Send message\" />\n"; $out .= "<input type=\"submit\" name=\"aa\" value=\"{$contactmessage['33']}\" />"; $out .= "</p>\n</fieldset></form></div>\n"; return $out; }
function uploads() { global $uploadsmessage, $prefix, $set; if (file_exists("addons/uploads/lang/lang_" . $set['language'] . ".php")) { require_once "addons/uploads/lang/lang_" . $set['language'] . ".php"; } else { require_once "addons/uploads/lang/lang_en_US.php"; } require_once "addons/uploads/settings.php"; if (!($crow = fetch_array(dbquery("SELECT * FROM " . $prefix . "downloadscat WHERE nome=\"Uploads\"")))) { dbquery("INSERT INTO " . $prefix . "downloadscat (id, nome, descr) VALUES (null, \"Uploads\", \"Users upload here\")"); $crow = fetch_array(dbquery("SELECT * FROM " . $prefix . "downloadscat WHERE nome=\"Uploads\"")); } $message = ""; if ($_POST['submitupload'] == "Add Upload") { if ($_POST['secCode'] != $_SESSION['operation']) { $message = $uploadsmessage[8]; } else { $succeded = false; $message = $_FILES["file"]["error"]; if ($_FILES['uploadedfile']['name'] != "") { $_FILES['uploadedfile']['name'] = str_replace(" ", "_", $_FILES['uploadedfile']['name']); $target_path = "./uploads/" . basename($_FILES['uploadedfile']['name']); if (file_exists($target_path)) { unlink($target_path); } if (move_uploaded_file($_FILES['uploadedfile']['tmp_name'], $target_path)) { $succeded = true; $message = $uploadsmessage[12]; @chmod($target_path, 0644); } else { $message = $uploadsmessage[11]; } } else { $message = $uploadsmessage[9]; } if ($succeded) { $filenam = basename($_FILES['uploadedfile']['name']); $query = "INSERT INTO " . $prefix . "downloads (reg,nome,file,downloads,ex) VALUES (null,\"" . encode(sanitize($_POST['nome'])) . "\",\"{$filenam}\", 0, " . sanitize($_POST['cat']) . ")"; if (!dbquery($query)) { $message = $uploadsmessage[10]; } } } } else { if ($_SESSION['adminlevel'] >= $adminlevel) { $out .= "\n<div id=\"LNE_show\">\n"; $out .= "<div align=\"center\">\n<h3>{$uploadsmessage['5']}</h3>\n"; $out .= "<form enctype=\"multipart/form-data\" method=\"post\" action=\"\"><fieldset style=\"border: 0;\"><table>\n"; $out .= "<tr><td align=\"right\"><input type=\"hidden\" name=\"MAX_FILE_SIZE\" value=\"{$max_upload_file_size}\" /><b>{$uploadsmessage['13']}: </b></td>"; $out .= "<td><input type=\"text\" name=\"nome\" style=\"width: 100%;\" /></td></tr>\n"; $out .= "<tr><td align=\"right\"><b>{$uploadsmessage['5']}: </b></td><td><input style=\" text-align: left;\" name=\"uploadedfile\" type=\"file\" name=\"uploadfile\" />\n</td></tr>\n"; $out .= "<tr><td align=\"right\"><b>{$uploadsmessage['6']}: </b></td>\n"; if ($set['catchpa'] == "0") { //text catchpa srand((double) microtime() * 1000000); $a = rand(0, 9); $b = rand(0, 9); $c = $a + $b; $out .= "<td>{$a} + {$b} = "; $_SESSION['operation'] = $c; $out .= "<input type=\"text\" name=\"secCode\" maxlength=\"2\" style=\"width:20px\" /></td></tr>\n"; } else { // image catchpa $out .= "<td>"; $out .= catchpa(); /* $out.="<img src=\"./LightNEasy/seccode.php\" width=\"71\" height=\"21\" align=\"absmiddle\" />"; */ $out .= "</td></tr>\n"; } $out .= "<tr><td></td><td><input type=\"hidden\" name=\"cat\" value=\"" . $crow['id'] . "\" /><input type=\"hidden\" name=\"submitupload\" value=\"Add Upload\" />\n"; $out .= "<input type=\"submit\" name=\"aaa\" value=\"{$uploadsmessage['7']}\" />\n"; $out .= "</td><td> </td></tr>\n</table>\n</fieldset>\n</form>\n</div>\n"; } else { $out .= "<h3>{$uploadsmessage['21']}</h3>\n"; } } if ($message != "") { $out .= "<h3 style=\"color: red;\">{$message}</h3>\n"; } if (!($result = dbquery("SELECT * FROM " . $prefix . "downloads WHERE ex=" . $crow['id'] . " ORDER BY reg DESC"))) { die($uploadsmessage[3]); } $out .= "<h3>{$uploadsmessage['14']}</h3>\n"; if (num_rows($result)) { $GETarray = $_GET; $out .= "<ul>"; while ($row = fetch_array($result)) { $GETarray['dlid'] = $row['reg']; $out .= "<li>" . decode($row['nome']) . "</li>\n"; } $out .= "</ul>"; } else { $out .= "<h3>{$uploadsmessage['4']}</h3>"; } $out .= "</div>\n"; return $out; }
function commentform($newsid) { global $newsmessage, $editar, $set; $out = "<form action=\"\" id=\"LNEnews_commentform\" method=\"post\"><fieldset class=\"noborder\">\n"; if ($_SESSION['user'] != "") { $out .= "<input type=\"hidden\" name=\"commentname\" value=\"" . $_SESSION['user'] . "\" />\n"; $out .= "<input type=\"hidden\" name=\"commentemail\" value=\"" . $_SESSION['email'] . "\" />\n"; } else { $out .= "<p><b>" . $newsmessage[30] . ":</b><br />\n"; $out .= "<input type=\"text\" name=\"commentname\" value=\""; if ($editar) { $out .= sanitize($_POST['commentname']); } $out .= "\" /></p>\n"; $out .= "<p><b>" . $newsmessage[31] . ":</b><br />\n"; $out .= "<input type=\"text\" name=\"commentemail\" value=\""; if ($editar) { $out .= sanitize($_POST['commentemail']); } $out .= "\"></p>\n"; } $out .= "<p><b>" . $newsmessage[138] . ":</b><br />\n"; $out .= "<textarea name=\"commentmessage\">"; if ($editar) { $out .= sanitize($_POST['commentmessage']); } $out .= "</textarea></p>\n"; if ($_SESSION['user'] != "") { srand((double) microtime() * 1000000); $a = rand(1, 99); $_SESSION[session_id()] = $a; $out .= "<input type=\"hidden\" name=\"secCode\" value=\"{$a}\" />\n"; } else { $out .= "<p><b>{$newsmessage['99']}:<br />\n"; if ($set['extension'] == "0") { //text catchpa - use this is your server doesn't display the catchpa image correctly srand((double) microtime() * 1000000); $a = rand(0, 9); $b = rand(0, 9); $c = $a + $b; $out .= "<td>{$a} + {$b} = "; $_SESSION[session_id()] = $c; $out .= "<input type=\"text\" name=\"secCode\" maxlength=\"2\" style=\"width:20px\" /></p>\n"; // end of text catchpa } else { // image catchpa $out .= catchpa() . "</p>\n"; // end of image catchpa } } $out .= "<input type=\"hidden\" name=\"submit\" value=\"sendcomment\" />\n"; $out .= "<input type=\"hidden\" name=\"newsid\" value=\"{$newsid}\" />\n"; $out .= "<input type=\"submit\" class=\"submit\" value=\"{$newsmessage['137']}\" />\n</fieldset></form><br />\n"; return $out; }
function register() { global $langmessage, $message, $prefix; $message = ""; if ($_POST['submit'] == "enterregister") { if ($_SESSION[session_id()] != $_POST['secCode']) { $message = "<h3>{$langmessage['64']}</h3>\n"; } if ($_POST['handle'] == "" || $_POST['password'] == "" || $_POST['password1'] == "" || $_POST['email'] == "") { $message = "<h3>{$langmessage['101']}</h3>\n"; } // check if both passwords match if ($_POST['password'] != $_POST['password1']) { $message = "<h3>{$langmessage['180']}</h3>\n"; } if ($message == "") { $handle = encode(sanitize(strip_tags($_POST['handle']))); $password = sanitize($_POST['password']); $email = sanitize(strip_tags($_POST['email'])); $fname = encode(sanitize(strip_tags($_POST['fname']))); $lname = encode(sanitize(strip_tags($_POST['lname']))); $website = sanitize(strip_tags($_POST['website'])); $location = encode(sanitize(strip_tags($_POST['location']))); if (num_rows(dbquery("SELECT * FROM " . $prefix . "users WHERE handle=\"{$handle}\""))) { $message = "<h3>{$langmessage['33']}</h3>\n"; } } if ($message == "") { // all ok so far $ip = $_SERVER['REMOTE_ADDR']; $query = "INSERT INTO " . $prefix . "users (id, handle, password, adminlevel, ip, datejoined, email, firstname, lastname, website, location) VALUES (null, \"{$handle}\", \"" . sha1($password) . "\", 2, \"{$ip}\", " . time() . ", \"{$email}\", \"{$fname}\", \"{$lname}\", \"{$website}\", \"{$location}\")"; dbquery($query); $message = "<h3>{$langmessage['27']}.</h3><p>{$langmessage['181']}</p>\n"; } return $message; } else { $out = "<p>{$langmessage['174']}</p>\n"; $out .= "<form name=\"form1\" method=\"post\" action=\"\">\n"; $out .= "<table>\n"; $out .= "<tr><td align=\"right\">{$langmessage['155']} </td><td><input type=\"text\" name=\"handle\" value=\"\" /></td></tr>\n"; $out .= "<tr><td align=\"right\">{$langmessage['6']} </td><td><input type=\"password\" name=\"password\" value=\"\" /></td></tr>\n"; $out .= "<tr><td align=\"right\">{$langmessage['156']} </td><td><input type=\"password\" name=\"password1\" value=\"\" /></td></tr>\n"; $out .= "<tr><td align=\"right\">{$langmessage['158']} </td><td><input type=\"text\" name=\"email\" value=\"\" /></td></tr>\n"; $out .= "<tr><td align=\"right\">{$langmessage['166']} </td><td><input type=\"text\" name=\"fname\" value=\"\" /></td></tr>\n"; $out .= "<tr><td align=\"right\">{$langmessage['167']} </td><td><input type=\"text\" name=\"lname\" value=\"\" /></td></tr>\n"; $out .= "<tr><td align=\"right\">{$langmessage['10']} </td><td><input type=\"text\" name=\"website\" value=\"\" /></td></tr>\n"; $out .= "<tr><td align=\"right\">{$langmessage['169']} </td><td><input type=\"text\" name=\"location\" value=\"\" /></td></tr>\n"; $out .= "<tr><td align=\"right\">{$langmessage['63']}</td><td>" . catchpa() . "</td></tr>\n"; $out .= "<tr><td><input type=\"hidden\" name=\"submit\" value=\"enterregister\"></td><td><input type=\"submit\" name=\"aaa\" value=\"{$langmessage['179']}\"></td></tr>\n"; $out .= "</table></form>\n"; } return $out; }