}
echo '<input type="hidden" name="x_fields" value="true" />';
}
?>
</table>
<p class="ta-description"><label for="comment_text"><img src="./stuff/img/icons/comment.png" alt="comment" /> <?php
echo $lang['comm_text'];
?>
</label></p>
<?php
include './stuff/inc/tmpl/comment-form-buttons.php';
?>
<textarea name="comment_text" id="comment_text" rows="5" cols="40"><?php
echo check_text($var['comment_text']);
?>
</textarea>
</fieldset>
<ul id="comment-info" class="round hide">
<?php
if (!empty($var['ip_address']) && $var['ip_address'] != '-') {
$ip_info = in_array(trim($var['ip_address']), $banned_ips) ? ' <img src="./stuff/img/icons/warning.png" alt="" class="tooltip" title="' . $lang['uni_banned_ip'] . '" />' : ' <a href="./mn-tools.php?action=quickban&ip=' . $var['ip_address'] . '" class="fancy"><img src="./stuff/img/icons/ban.png" alt="" class="tooltip" title="' . $lang['uni_ban_ip'] . '" /></a>';
}
echo '<li><strong>' . $lang['uni_date'] . ':</strong> ' . date('j.n.Y H:i', $var['timestamp']) . '</li>';
echo '<li><strong>' . $lang['comm_ip_address'] . ':</strong> ' . $var['ip_address'] . $ip_info . '</li>';
echo '<li><strong>' . $lang['comm_host'] . ':</strong> ' . $var['host'] . '</li>';
echo '<li><strong>' . $lang['comm_user_agent'] . ':</strong> ' . $var['user_agent'] . '</li>';
?>
</ul>
?>
<form action="./mn-templates.php" method="post" class="tmpl-add">
<fieldset>
<table>
<?php
if ($var['tmpl_group'] != 'mn_default') {
?>
<tr>
<td><label for="tmpl_name"><?php
echo $lang['tmpl_tmpl_name'];
?>
:</label></td>
<td><input type="text" name="tmpl_name" id="tmpl_name" value="<?php
echo isset($_POST['tmpl_name']) ? check_text($_POST['tmpl_name']) : '';
?>
" class="text custom" /></td>
</tr>
<?php
}
?>
<tr>
<td><label for="tmpl_type"><?php
echo $lang['tmpl_tmpl_type'];
?>
:</label></td>
<td>
<select name="tmpl_type" class="custom long">
<?php
$var = array('name' => $xfields[$f]['name'], 'var' => $xfields[$f]['var'], 'section' => $xfields[$f]['section'], 'type' => $xfields[$f]['type'], 'options' => trim($xOptions), 'action' => 'edit');
overall_header($lang['xfields_xfields'], $lang['xfields_xfields'], 'main');
} elseif (isset($_POST['action']) && $_POST['action'] == 'xfield_edit' && array_key_exists($_POST['xfield_var'], $xfields)) {
$xVar = $_POST['xfield_var'];
$xName = !empty($_POST['field_name']) ? check_text(trim($_POST['field_name']), true) : $xfields[$xVar]['name'];
$xType = $_POST['field_type'] == 'select' && !empty($_POST['field_options']) ? 'select' : 'input';
if (!in_array($_POST['field_section'], array('posts', 'comments', 'pages', 'users'))) {
$xSection = $xfields[$xVar]['section'];
} else {
$xSection = $_POST['field_section'];
}
if ($xType == 'select' && !empty($_POST['field_options'])) {
$xOptions = array();
$xOptions_lines = explode("\n", trim($_POST['field_options']));
foreach ($xOptions_lines as $xLine) {
$xO = explode('=', check_text($xLine, true));
if (isset($xO[1])) {
$xOptions[$xO[0]] = $xO[1];
} else {
$xOptions[$xO[0]] = $xO[0];
}
}
} else {
$xOptions = '';
}
$xfields[$xVar] = array('name' => $xName, 'var' => $xVar, 'section' => $xSection, 'type' => $xType, 'options' => $xOptions, 'required' => 0);
mn_put_contents($file['xfields'], '<?php die();?>' . serialize($xfields));
header('Location: ./mn-tools.php?action=xfields&back=edited');
exit;
} elseif (isset($_GET['d']) && array_key_exists($_GET['d'], $xfields)) {
$admin_tmpl['xfields_delete'] = true;
$auto_id = file_exists($file['id_folders']) ? trim(file_get_contents($file['id_folders'])) : 1;
$folder_parent = isset($_POST['folder_parent']) ? (int) $_POST['folder_parent'] : 0;
$folders[$auto_id] = array('name' => check_text($_POST['folder_name'], true), 'parent_id' => $folder_parent);
if (mn_put_contents($file['folders'], DIE_LINE . serialize($folders))) {
mn_put_contents($file['id_folders'], $auto_id + 1);
header('location: ./mn-folders.php?back=added&f=' . $auto_id);
exit;
} else {
overal_header($lang['folders_folders'], $lang['folders_msg_put_contents_error'], 'error');
}
} else {
overall_header($lang['folders_folders'], $lang['folders_msg_empty_folder_name'], 'error');
}
} elseif (isset($_POST['action']) && $_POST['action'] == 'edit' && isset($_POST['id']) && array_key_exists($_POST['id'], $folders)) {
if (!empty($_POST['folder_name'])) {
$folders[$_POST['id']] = array('name' => check_text($_POST['folder_name'], true), 'parent_id' => (int) $_POST['folder_parent']);
if (mn_put_contents($file['folders'], DIE_LINE . serialize($folders))) {
header('location: ./mn-folders.php?back=edited&f=' . $_POST['id']);
exit;
} else {
overal_header($lang['folders_folders'], $lang['folders_msg_put_contents_error'], 'error');
}
} else {
overall_header($lang['folders_folders'], $lang['folders_msg_empty_folder_name'], 'error');
}
} elseif (isset($_GET['action']) && $_GET['action'] == 'edit' && isset($_GET['id']) && array_key_exists($_GET['id'], $folders)) {
$var = array('folder_name' => $folders[$_GET['id']]['name'], 'folder_id' => $_GET['id'], 'folder_parent' => $folders[$_GET['id']]['parent_id']);
overall_header($lang['folders_edit_folder'] . ' » ' . $var['folder_name'], $lang['folders_edit_folder'], 'main');
} elseif (isset($_GET['action']) && $_GET['action'] == 'delete' && isset($_GET['id']) && array_key_exists($_GET['id'], $folders)) {
$var = array('folder_name' => $folders[$_GET['id']]['name'], 'folder_id' => $_GET['id'], 'folder_parent' => $folders[$_GET['id']]['parent_id']);
$admin_tmpl['folders_main'] = false;
function get_title()
{
global $dir, $lang, $mn_categories, $mn_users;
if (isset($_GET['mn_post'])) {
if (is_numeric($_GET['mn_post']) && file_exists(MN_ROOT . $dir['posts'] . 'post_' . $_GET['mn_post'] . '.php')) {
$mn_post_id = $_GET['mn_post'];
} else {
$post_slugs = get_post_slugs();
if (in_array(check_text($_GET['mn_post'], true), $post_slugs)) {
$mn_post_id = array_search(check_text($_GET['mn_post'], true), $post_slugs);
} else {
$mn_post_id = 0;
}
}
$p = get_post_data($mn_post_id);
return encoding($p['title']);
} elseif (isset($_GET['mn_page'])) {
if (is_numeric($_GET['mn_page']) && file_exists(MN_ROOT . $dir['pages'] . 'page_' . $_GET['mn_page'] . '.php')) {
$mn_page_id = $_GET['mn_page'];
} else {
$pages_dir = dir(MN_ROOT . $dir['pages']);
$mn_page_id = '';
while ($p_file = $pages_dir->read()) {
if (!is_file(MN_ROOT . $dir['pages'] . $p_file)) {
continue;
} else {
$temp_var = get_page_data($p_file, false);
if ($temp_var['friendly_url'] == $_GET['mn_page']) {
$mn_page_id = $temp_var['id'];
} else {
continue;
}
}
}
}
$p = get_page_data($mn_page_id);
return encoding($p['title']);
} elseif (isset($_GET['mn_cat']) && !empty($_GET['mn_cat'])) {
return encoding($lang['cats_category'] . ': ' . $mn_categories[$_GET['mn_cat']]['name']);
} elseif (isset($_GET['mn_user']) && !empty($_GET['mn_user'])) {
return encoding($lang['users_user'] . ': ' . $mn_users[$_GET['mn_user']]);
} else {
return encoding($lang['posts_posts']);
}
}
$id = $var['file_id'];
$old_file = $var['filename'] . '.' . $var['ext'];
$new_filename = !empty($_POST['filename'][$id]) ? $_POST['filename'][$id] : $var['filename'];
$new_file = $new_filename . '.' . $var['ext'];
if ($old_file != $new_file) {
rename(MN_ROOT . $dir[$var['dir']] . $old_file, MN_ROOT . $dir[$var['dir']] . $new_file);
@mkdir(MN_ROOT . $dir[$var['dir']] . $new_file, 0777);
@chmod(MN_ROOT . $dir[$var['dir']] . $new_file, 0777);
if ($var['dir'] == 'images' && file_exists(MN_ROOT . $dir['thumbs'] . '_' . $old_file)) {
rename(MN_ROOT . $dir['thumbs'] . '_' . $old_file, MN_ROOT . $dir['thumbs'] . '_' . $new_file);
@mkdir(MN_ROOT . $dir['thumbs'] . '_' . $new_file, 0777);
@chmod(MN_ROOT . $dir['thumbs'] . '_' . $new_file, 0777);
}
}
$file_title = check_text($_POST['title'][$id], true);
$file_description = str_replace(array("\r", "\n"), array('', ''), check_text($_POST['description'][$id], true));
$files_lines .= $var['file_id'] . DELIMITER . $new_filename . DELIMITER . $var['ext'] . DELIMITER . $var['filesize'] . DELIMITER . $var['timestamp'] . DELIMITER . $var['dir'] . DELIMITER . $var['img_width'] . DELIMITER . $var['img_height'] . DELIMITER . $var['uploader_id'] . DELIMITER . $var['galleries'] . DELIMITER . $var['folder'] . DELIMITER . '' . DELIMITER . '' . DELIMITER . '' . DELIMITER . '' . DELIMITER . '' . DELIMITER . $file_title . DELIMITER . $file_description . "\n";
} elseif (isset($_POST['a']) && in_array($f_data[0], $_POST['files'])) {
if ($_POST['a'][0] == 'g' && isset($f_data[5]) && $f_data[5] == 'images') {
$f_gal_arr = explode(',', $f_data[9]);
$f_gal_arr[] = str_replace('g', '', $_POST['a']);
$f_gal_arr = array_unique($f_gal_arr);
$file_galleries = implode(',', $f_gal_arr);
$file_folder = $f_data[10];
} elseif (is_numeric($_POST['a'])) {
$file_galleries = $f_data[9];
$file_folder = is_numeric($_POST['a']) ? $_POST['a'] : $f_data[10];
} else {
$file_galleries = $f_data[9];
$file_folder = $f_data[10];
}
<?php
include "general_functions.php";
header("Content-Type: application/json");
$username = $_POST['username'];
$password = $_POST['password'];
//check whether username and password contain invalid characters
$valid_username = check_text($_POST['username']);
if (!$valid_username) {
echo json_encode(array("success" => false, "message" => "Invalid characters in username"));
exit;
}
$valid_password = check_text($_POST['password']);
if (!$valid_password) {
echo json_encode(array("success" => false, "message" => "Invalid characters in password"));
exit;
}
//check whether username exists in database
require "database.php";
$stmt = $mysqli->prepare("select count(*), id from users where username=?");
$stmt->bind_param('s', $username);
$stmt->execute();
$stmt->bind_result($cnt, $user_id);
$stmt->fetch();
$stmt->close();
if ($cnt == 1) {
//check whether password matches username
$stmt = $mysqli->prepare("select password from users where username=?");
$stmt->bind_param('s', $username);
$stmt->execute();
$stmt->bind_result($password_hash);
}
?>
<?php
echo $xfields_rows;
}
?>
<tr><td colspan="2">Text<span class="star">*</span> :</td></tr>
</table>
<?php
}
include './stuff/inc/tmpl/comment-form-buttons.php';
?>
<textarea name="comment_text" id="comment_text" rows="5" cols="40"><?php
echo $conf['web_encoding'] != 'utf-8' && !isset($_POST['form']) ? iconv($conf['web_encoding'], 'utf-8', check_text($_POST['comment_text'])) : check_text($_POST['comment_text']);
?>
</textarea>
<span id="spam-span"><?php
echo str_replace('%n%', '<strong>' . $lang['num'][$conf['comments_antispam']] . '</strong>', $lang['comm_antispam']);
?>
: <input type="text" name="robot" id="spam-input" style="width:20px;" value="" /><br /></span>
<?php
if (!isset($_SESSION['mn_logged']) && isset($conf['comments_captcha']) && $conf['comments_captcha']) {
echo '<script>var RecaptchaOptions = {custom_translations : { instructions_visual : "' . $lang['comm_captcha_help'] . ':"},theme : "white"};</script>';
require_once MN_ROOT . '/stuff/inc/recaptchalib.php';
echo '<p class="c captcha">' . recaptcha_get_html('6LfnaQoAAAAAAJ1Jcz_JKqzvhpIb9aigaALEzsj8') . '</p>';
}
?>
?>
<textarea name="text" id="text" class="tinymce" tabindex="3" rows="5" cols="60"><?php
echo check_text($var['text']);
?>
</textarea>
</div>
<?php
if (file_exists(MN_ROOT . $file['xfields'])) {
$xfields = get_unserialized_array('xfields');
$xfields_rows = '';
foreach ($xfields as $xVar => $x) {
if ($x['section'] != 'pages') {
continue;
} else {
$thisVar = isset($_POST['x' . $xVar]) ? check_text($_POST['x' . $xVar], true, false, 'xf') : @$var['xfields_array'][$xVar];
if (isset($x['type']) && $x['type'] == 'select') {
$xField = '<select name="x' . $xVar . '" id="x' . $xVar . '" class="long">';
foreach ($x['options'] as $oKey => $oValue) {
$sel = $thisVar == $oKey ? ' selected="selected"' : '';
$xField .= '<option value="' . $oKey . '"' . $sel . '>' . $oValue . '</option>';
}
$xField .= '</select>';
} else {
$xField = '<input type="text" name="x' . $xVar . '" id="x' . $xVar . '" value="' . $thisVar . '" class="text" />';
}
$xfields_rows .= '<tr><td class="r"><label for="x' . $x['var'] . '">' . $x['name'] . ':</label></td><td>' . $xField . '</td></tr>';
}
}
}
if (!empty($xfields_rows)) {
} else {
$error_message = $lang['users_msg_passwords_not_same'];
}
} else {
$error_message = $lang['users_msg_email_check'];
}
} else {
$error_message = $lang['users_msg_forbidden_chars'];
}
} else {
$error_message = $lang['users_msg_values_length'];
}
} else {
$error_message = $lang['users_msg_empty_values'];
}
$var = array('user_id' => $_POST['id'], 'username' => $_POST['username'], 'email' => $_POST['email'], 'group' => $_POST['group'], 'status' => $_POST['status'], 'nickname' => $_POST['nickname'], 'gender' => $_POST['gender'], 'bday_day' => $_POST['bday_day'], 'bday_month' => $_POST['bday_month'], 'bday_year' => $_POST['bday_year'], 'location' => $_POST['location'], 'www' => $_POST['www'], 'icq' => $_POST['icq'], 'msn' => $_POST['msn'], 'skype' => $_POST['skype'], 'jabber' => $_POST['jabber'], 'about' => check_text($_POST['about']));
overall_header($lang['users_add_new_user'] . ' » ' . $var['username'], $error_message, 'error');
} elseif (isset($_GET['action']) && $_GET['action'] == 'delete' && isset($_GET['id']) && $_GET['id'] != 1) {
$var = get_values('users', $_GET['id']);
$posts_count = get_posts_count('users');
$admin_tmpl['user_delete'] = true;
$admin_tmpl['form_users'] = false;
} elseif (isset($_POST['action']) && $_POST['action'] == 'delete' && isset($_POST['id']) && $_POST['id'] != 1) {
$u_file = file($file['users']);
$u_content = '';
foreach ($u_file as $u_line) {
$u_data = explode(DELIMITER, $u_line);
if ($u_data[0] == $_POST['id']) {
continue;
} else {
$u_content .= $u_line;
echo isset($conf['web_title_header']) && $conf['web_title_header'] == true ? ' checked="checked"' : '';
?>
title="<?php
echo $lang['config_web_title_checkbox'];
?>
" /> </td></tr>
<tr class="config-help"><td colspan="2"><?php
echo $lang['config_web_title_help'];
?>
</td></tr>
<tr><td class="labels"><label for="web_url"><img src="./stuff/img/icons/link.png" alt="" /> <?php
echo $lang['config_web_url'];
?>
:</label></td><td class="inputs"><input type="text" id="web_url" name="web_url" class="text" value="<?php
echo check_text($conf['web_url']);
?>
" /></td></tr>
<tr class="config-help"><td colspan="2"><?php
echo $lang['config_web_url_help'];
?>
</td></tr>
<tr>
<td><label for="format1"><img src="./stuff/img/icons/html.png" alt="" /> <?php
echo $lang['config_web_format'];
?>
:</label></td>
<td>
<input type="radio" class="radio" id="web_format2" name="web_format" value="html"<?php
if ($conf['web_format'] == 'html' || empty($conf['web_format'])) {
<label for="newpassword"> Password: </label>
<input type="text" name="newpassword" id="newpassword"/>
</p>
<p>
<input type="submit" value="Submit"/>
<input type="reset">
<p>
</form>
<?php
session_start();
include "general_functions.php";
//check if newusername or password is empty
if (!empty($_POST['newusername']) && !empty($_POST['newpassword'])) {
//check if newusername or password have invalid characters
$valid_newusername = check_text($_POST['newusername']);
$valid_newpassword = check_text($_POST['newpassword']);
if (!$valid_newusername) {
echo "Invalid username, try again";
exit;
}
if (!$valid_newpassword) {
echo "Invalid password, try again";
exit;
}
//check if username already exists
require "database.php";
$stmt = $mysqli->prepare("select count(*) from users where username=?");
if (!$stmt) {
printf("Query Prep Failed: %s\n", $mysqli->error);
exit;
}
<legend><?php
echo encoding($lang['comm_comment_addition'] . ' / ' . $lang['login_login']);
?>
</legend>
<p>
<?php
echo encoding($lang['comm_msg_login']);
if ($conf['users_registration']) {
echo ' (<a href="' . $conf['admin_url'] . '/mn-login.php?action=register">' . encoding($lang['login_register']) . '</a>)';
}
?>
</p>
<input type="text" name="user_login" id="user_login" value="<?php
echo check_text(@$_COOKIE['mn_user_name']);
?>
" /> <label for="comment_author"><?php
echo encoding($lang['login_user_login']);
?>
*</label><br />
<input type="password" name="user_pass" id="user_pass" value="" /> <label for="comment_pass"><?php
echo encoding($lang['login_user_password']);
?>
*</label><br />
<input type="hidden" name="action" value="login" />
<input type="hidden" name="redir" value="<?php
echo trim('http://' . $_SERVER['SERVER_NAME'] . $_SERVER['PHP_SELF'] . '?' . $_SERVER['QUERY_STRING'], '?') . '#mn-comment-form';
?>
" />
if (mn_put_contents($file['users'], $u_content)) {
if (isset($_POST['redir'])) {
header('location: ' . $_POST['redir']);
exit;
} else {
header('location: ./mn-profile.php?back=edited');
exit;
}
} else {
$error_message = $lang['users_msg_put_contents_error'];
}
}
} else {
$error_message = $lang['users_msg_email_check'];
}
$var = array('username' => $_SESSION['mn_user_name'], 'email' => $_POST['email'], 'public_email' => isset($_POST['public_email']) ? '1' : '0', 'nickname' => check_text($_POST['nickname'], true), 'gender' => check_text($_POST['gender'], true), 'bday_day' => check_text($_POST['bday_day'], true), 'bday_month' => check_text($_POST['bday_month'], true), 'bday_year' => check_text($_POST['bday_year'], true), 'location' => check_text($_POST['location'], true), 'www' => check_text($_POST['www'], true), 'icq' => check_text($_POST['icq'], true), 'msn' => check_text($_POST['msn'], true), 'skype' => check_text($_POST['skype'], true), 'jabber' => check_text($_POST['jabber'], true), 'about' => check_text($_POST['about'], true));
overall_header($lang['users_profile'], $error_message, 'error');
} elseif (isset($_GET['dt']) && $_GET['dt'] == $_SESSION['upload_token']) {
$var = get_values('users', $uid);
list($avatar_file, $avatar_ext, $avatar_width, $avatar_height) = explode(';', $var['avatar']);
if (file_exists('./' . $dir['avatars'] . $avatar_file . '.' . $avatar_ext)) {
unlink('./' . $dir['avatars'] . $avatar_file . '.' . $avatar_ext);
unlink('./' . $dir['avatars'] . $avatar_file . '-small.' . $avatar_ext);
unlink('./' . $dir['avatars'] . $avatar_file . '-mini.' . $avatar_ext);
}
$user_line = $var['user_id'] . DELIMITER . $var['username'] . DELIMITER . $var['pass'] . DELIMITER . $var['email'] . DELIMITER . $var['group'] . DELIMITER . $var['status'] . DELIMITER . $var['key'] . DELIMITER . $var['last_login'] . DELIMITER . $var['last_ip'] . DELIMITER . $var['registered'] . DELIMITER . $var['registered_ip'] . DELIMITER . $var['public_email'] . DELIMITER . '' . DELIMITER . '' . DELIMITER . '' . DELIMITER . '' . DELIMITER . '' . DELIMITER . '' . DELIMITER . '' . DELIMITER . '' . DELIMITER . $var['nickname'] . DELIMITER . $var['gender'] . DELIMITER . $var['birthdate'] . DELIMITER . $var['location'] . DELIMITER . $var['www'] . DELIMITER . $var['icq'] . DELIMITER . $var['msn'] . DELIMITER . $var['skype'] . DELIMITER . $var['jabber'] . DELIMITER . '' . DELIMITER . '' . DELIMITER . $var['other1'] . DELIMITER . $var['other2'] . DELIMITER . trim($var['about']) . "\n";
$u_file = file($file['users']);
$u_content = '';
foreach ($u_file as $u_line) {
$u_data = explode(DELIMITER, $u_line);
if ($uid == $u_data[0]) {
if ($g_data[0] == $_POST['id']) {
$g_content .= $_POST['id'] . DELIMITER . check_text($_POST['group_name']) . DELIMITER . friendly_url($_POST['group_name']) . DELIMITER . $permissions . "\n";
} else {
$g_content .= $single_line;
}
}
if (mn_put_contents($file['groups'], $g_content)) {
header('location: ./mn-groups.php?back=edited');
exit;
} else {
overal_header($lang['groups_groups'], $lang['groups_msg_put_contents_error'], 'error');
}
} else {
overall_header($lang['groups_groups'], $lang['groups_msg_empty_values'], 'error');
$var['permissions'] = $permissions;
$var['group_name'] = check_text($_POST['group_name']);
$admin_tmpl['groups_form'] = true;
}
} elseif (isset($_GET['action']) && $_GET['action'] == 'delete' && isset($_GET['id']) && file_exists($file['groups'])) {
$groups = load_basic_data('groups');
$var = get_values('groups', $_GET['id']);
$admin_tmpl['group_delete'] = true;
} elseif (isset($_POST['action']) && $_POST['action'] == 'delete' && isset($_POST['id']) && file_exists($file['groups'])) {
$g_file = file($file['groups']);
$g_content = '';
foreach ($g_file as $g_line) {
$g_data = explode(DELIMITER, $g_line);
if ($g_data[0] == $_POST['id'] && $_POST['id'] != 1) {
continue;
} else {
$g_content .= $g_line;
