} echo '<input type="hidden" name="x_fields" value="true" />'; } ?> </table> <p class="ta-description"><label for="comment_text"><img src="./stuff/img/icons/comment.png" alt="comment" /> <?php echo $lang['comm_text']; ?> </label></p> <?php include './stuff/inc/tmpl/comment-form-buttons.php'; ?> <textarea name="comment_text" id="comment_text" rows="5" cols="40"><?php echo check_text($var['comment_text']); ?> </textarea> </fieldset> <ul id="comment-info" class="round hide"> <?php if (!empty($var['ip_address']) && $var['ip_address'] != '-') { $ip_info = in_array(trim($var['ip_address']), $banned_ips) ? ' <img src="./stuff/img/icons/warning.png" alt="" class="tooltip" title="' . $lang['uni_banned_ip'] . '" />' : ' <a href="./mn-tools.php?action=quickban&ip=' . $var['ip_address'] . '" class="fancy"><img src="./stuff/img/icons/ban.png" alt="" class="tooltip" title="' . $lang['uni_ban_ip'] . '" /></a>'; } echo '<li><strong>' . $lang['uni_date'] . ':</strong> ' . date('j.n.Y H:i', $var['timestamp']) . '</li>'; echo '<li><strong>' . $lang['comm_ip_address'] . ':</strong> ' . $var['ip_address'] . $ip_info . '</li>'; echo '<li><strong>' . $lang['comm_host'] . ':</strong> ' . $var['host'] . '</li>'; echo '<li><strong>' . $lang['comm_user_agent'] . ':</strong> ' . $var['user_agent'] . '</li>'; ?> </ul>
?> <form action="./mn-templates.php" method="post" class="tmpl-add"> <fieldset> <table> <?php if ($var['tmpl_group'] != 'mn_default') { ?> <tr> <td><label for="tmpl_name"><?php echo $lang['tmpl_tmpl_name']; ?> :</label></td> <td><input type="text" name="tmpl_name" id="tmpl_name" value="<?php echo isset($_POST['tmpl_name']) ? check_text($_POST['tmpl_name']) : ''; ?> " class="text custom" /></td> </tr> <?php } ?> <tr> <td><label for="tmpl_type"><?php echo $lang['tmpl_tmpl_type']; ?> :</label></td> <td> <select name="tmpl_type" class="custom long"> <?php
$var = array('name' => $xfields[$f]['name'], 'var' => $xfields[$f]['var'], 'section' => $xfields[$f]['section'], 'type' => $xfields[$f]['type'], 'options' => trim($xOptions), 'action' => 'edit'); overall_header($lang['xfields_xfields'], $lang['xfields_xfields'], 'main'); } elseif (isset($_POST['action']) && $_POST['action'] == 'xfield_edit' && array_key_exists($_POST['xfield_var'], $xfields)) { $xVar = $_POST['xfield_var']; $xName = !empty($_POST['field_name']) ? check_text(trim($_POST['field_name']), true) : $xfields[$xVar]['name']; $xType = $_POST['field_type'] == 'select' && !empty($_POST['field_options']) ? 'select' : 'input'; if (!in_array($_POST['field_section'], array('posts', 'comments', 'pages', 'users'))) { $xSection = $xfields[$xVar]['section']; } else { $xSection = $_POST['field_section']; } if ($xType == 'select' && !empty($_POST['field_options'])) { $xOptions = array(); $xOptions_lines = explode("\n", trim($_POST['field_options'])); foreach ($xOptions_lines as $xLine) { $xO = explode('=', check_text($xLine, true)); if (isset($xO[1])) { $xOptions[$xO[0]] = $xO[1]; } else { $xOptions[$xO[0]] = $xO[0]; } } } else { $xOptions = ''; } $xfields[$xVar] = array('name' => $xName, 'var' => $xVar, 'section' => $xSection, 'type' => $xType, 'options' => $xOptions, 'required' => 0); mn_put_contents($file['xfields'], '<?php die();?>' . serialize($xfields)); header('Location: ./mn-tools.php?action=xfields&back=edited'); exit; } elseif (isset($_GET['d']) && array_key_exists($_GET['d'], $xfields)) { $admin_tmpl['xfields_delete'] = true;
$auto_id = file_exists($file['id_folders']) ? trim(file_get_contents($file['id_folders'])) : 1; $folder_parent = isset($_POST['folder_parent']) ? (int) $_POST['folder_parent'] : 0; $folders[$auto_id] = array('name' => check_text($_POST['folder_name'], true), 'parent_id' => $folder_parent); if (mn_put_contents($file['folders'], DIE_LINE . serialize($folders))) { mn_put_contents($file['id_folders'], $auto_id + 1); header('location: ./mn-folders.php?back=added&f=' . $auto_id); exit; } else { overal_header($lang['folders_folders'], $lang['folders_msg_put_contents_error'], 'error'); } } else { overall_header($lang['folders_folders'], $lang['folders_msg_empty_folder_name'], 'error'); } } elseif (isset($_POST['action']) && $_POST['action'] == 'edit' && isset($_POST['id']) && array_key_exists($_POST['id'], $folders)) { if (!empty($_POST['folder_name'])) { $folders[$_POST['id']] = array('name' => check_text($_POST['folder_name'], true), 'parent_id' => (int) $_POST['folder_parent']); if (mn_put_contents($file['folders'], DIE_LINE . serialize($folders))) { header('location: ./mn-folders.php?back=edited&f=' . $_POST['id']); exit; } else { overal_header($lang['folders_folders'], $lang['folders_msg_put_contents_error'], 'error'); } } else { overall_header($lang['folders_folders'], $lang['folders_msg_empty_folder_name'], 'error'); } } elseif (isset($_GET['action']) && $_GET['action'] == 'edit' && isset($_GET['id']) && array_key_exists($_GET['id'], $folders)) { $var = array('folder_name' => $folders[$_GET['id']]['name'], 'folder_id' => $_GET['id'], 'folder_parent' => $folders[$_GET['id']]['parent_id']); overall_header($lang['folders_edit_folder'] . ' » ' . $var['folder_name'], $lang['folders_edit_folder'], 'main'); } elseif (isset($_GET['action']) && $_GET['action'] == 'delete' && isset($_GET['id']) && array_key_exists($_GET['id'], $folders)) { $var = array('folder_name' => $folders[$_GET['id']]['name'], 'folder_id' => $_GET['id'], 'folder_parent' => $folders[$_GET['id']]['parent_id']); $admin_tmpl['folders_main'] = false;
function get_title() { global $dir, $lang, $mn_categories, $mn_users; if (isset($_GET['mn_post'])) { if (is_numeric($_GET['mn_post']) && file_exists(MN_ROOT . $dir['posts'] . 'post_' . $_GET['mn_post'] . '.php')) { $mn_post_id = $_GET['mn_post']; } else { $post_slugs = get_post_slugs(); if (in_array(check_text($_GET['mn_post'], true), $post_slugs)) { $mn_post_id = array_search(check_text($_GET['mn_post'], true), $post_slugs); } else { $mn_post_id = 0; } } $p = get_post_data($mn_post_id); return encoding($p['title']); } elseif (isset($_GET['mn_page'])) { if (is_numeric($_GET['mn_page']) && file_exists(MN_ROOT . $dir['pages'] . 'page_' . $_GET['mn_page'] . '.php')) { $mn_page_id = $_GET['mn_page']; } else { $pages_dir = dir(MN_ROOT . $dir['pages']); $mn_page_id = ''; while ($p_file = $pages_dir->read()) { if (!is_file(MN_ROOT . $dir['pages'] . $p_file)) { continue; } else { $temp_var = get_page_data($p_file, false); if ($temp_var['friendly_url'] == $_GET['mn_page']) { $mn_page_id = $temp_var['id']; } else { continue; } } } } $p = get_page_data($mn_page_id); return encoding($p['title']); } elseif (isset($_GET['mn_cat']) && !empty($_GET['mn_cat'])) { return encoding($lang['cats_category'] . ': ' . $mn_categories[$_GET['mn_cat']]['name']); } elseif (isset($_GET['mn_user']) && !empty($_GET['mn_user'])) { return encoding($lang['users_user'] . ': ' . $mn_users[$_GET['mn_user']]); } else { return encoding($lang['posts_posts']); } }
$id = $var['file_id']; $old_file = $var['filename'] . '.' . $var['ext']; $new_filename = !empty($_POST['filename'][$id]) ? $_POST['filename'][$id] : $var['filename']; $new_file = $new_filename . '.' . $var['ext']; if ($old_file != $new_file) { rename(MN_ROOT . $dir[$var['dir']] . $old_file, MN_ROOT . $dir[$var['dir']] . $new_file); @mkdir(MN_ROOT . $dir[$var['dir']] . $new_file, 0777); @chmod(MN_ROOT . $dir[$var['dir']] . $new_file, 0777); if ($var['dir'] == 'images' && file_exists(MN_ROOT . $dir['thumbs'] . '_' . $old_file)) { rename(MN_ROOT . $dir['thumbs'] . '_' . $old_file, MN_ROOT . $dir['thumbs'] . '_' . $new_file); @mkdir(MN_ROOT . $dir['thumbs'] . '_' . $new_file, 0777); @chmod(MN_ROOT . $dir['thumbs'] . '_' . $new_file, 0777); } } $file_title = check_text($_POST['title'][$id], true); $file_description = str_replace(array("\r", "\n"), array('', ''), check_text($_POST['description'][$id], true)); $files_lines .= $var['file_id'] . DELIMITER . $new_filename . DELIMITER . $var['ext'] . DELIMITER . $var['filesize'] . DELIMITER . $var['timestamp'] . DELIMITER . $var['dir'] . DELIMITER . $var['img_width'] . DELIMITER . $var['img_height'] . DELIMITER . $var['uploader_id'] . DELIMITER . $var['galleries'] . DELIMITER . $var['folder'] . DELIMITER . '' . DELIMITER . '' . DELIMITER . '' . DELIMITER . '' . DELIMITER . '' . DELIMITER . $file_title . DELIMITER . $file_description . "\n"; } elseif (isset($_POST['a']) && in_array($f_data[0], $_POST['files'])) { if ($_POST['a'][0] == 'g' && isset($f_data[5]) && $f_data[5] == 'images') { $f_gal_arr = explode(',', $f_data[9]); $f_gal_arr[] = str_replace('g', '', $_POST['a']); $f_gal_arr = array_unique($f_gal_arr); $file_galleries = implode(',', $f_gal_arr); $file_folder = $f_data[10]; } elseif (is_numeric($_POST['a'])) { $file_galleries = $f_data[9]; $file_folder = is_numeric($_POST['a']) ? $_POST['a'] : $f_data[10]; } else { $file_galleries = $f_data[9]; $file_folder = $f_data[10]; }
<?php include "general_functions.php"; header("Content-Type: application/json"); $username = $_POST['username']; $password = $_POST['password']; //check whether username and password contain invalid characters $valid_username = check_text($_POST['username']); if (!$valid_username) { echo json_encode(array("success" => false, "message" => "Invalid characters in username")); exit; } $valid_password = check_text($_POST['password']); if (!$valid_password) { echo json_encode(array("success" => false, "message" => "Invalid characters in password")); exit; } //check whether username exists in database require "database.php"; $stmt = $mysqli->prepare("select count(*), id from users where username=?"); $stmt->bind_param('s', $username); $stmt->execute(); $stmt->bind_result($cnt, $user_id); $stmt->fetch(); $stmt->close(); if ($cnt == 1) { //check whether password matches username $stmt = $mysqli->prepare("select password from users where username=?"); $stmt->bind_param('s', $username); $stmt->execute(); $stmt->bind_result($password_hash);
} ?> <?php echo $xfields_rows; } ?> <tr><td colspan="2">Text<span class="star">*</span> :</td></tr> </table> <?php } include './stuff/inc/tmpl/comment-form-buttons.php'; ?> <textarea name="comment_text" id="comment_text" rows="5" cols="40"><?php echo $conf['web_encoding'] != 'utf-8' && !isset($_POST['form']) ? iconv($conf['web_encoding'], 'utf-8', check_text($_POST['comment_text'])) : check_text($_POST['comment_text']); ?> </textarea> <span id="spam-span"><?php echo str_replace('%n%', '<strong>' . $lang['num'][$conf['comments_antispam']] . '</strong>', $lang['comm_antispam']); ?> : <input type="text" name="robot" id="spam-input" style="width:20px;" value="" /><br /></span> <?php if (!isset($_SESSION['mn_logged']) && isset($conf['comments_captcha']) && $conf['comments_captcha']) { echo '<script>var RecaptchaOptions = {custom_translations : { instructions_visual : "' . $lang['comm_captcha_help'] . ':"},theme : "white"};</script>'; require_once MN_ROOT . '/stuff/inc/recaptchalib.php'; echo '<p class="c captcha">' . recaptcha_get_html('6LfnaQoAAAAAAJ1Jcz_JKqzvhpIb9aigaALEzsj8') . '</p>'; } ?>
?> <textarea name="text" id="text" class="tinymce" tabindex="3" rows="5" cols="60"><?php echo check_text($var['text']); ?> </textarea> </div> <?php if (file_exists(MN_ROOT . $file['xfields'])) { $xfields = get_unserialized_array('xfields'); $xfields_rows = ''; foreach ($xfields as $xVar => $x) { if ($x['section'] != 'pages') { continue; } else { $thisVar = isset($_POST['x' . $xVar]) ? check_text($_POST['x' . $xVar], true, false, 'xf') : @$var['xfields_array'][$xVar]; if (isset($x['type']) && $x['type'] == 'select') { $xField = '<select name="x' . $xVar . '" id="x' . $xVar . '" class="long">'; foreach ($x['options'] as $oKey => $oValue) { $sel = $thisVar == $oKey ? ' selected="selected"' : ''; $xField .= '<option value="' . $oKey . '"' . $sel . '>' . $oValue . '</option>'; } $xField .= '</select>'; } else { $xField = '<input type="text" name="x' . $xVar . '" id="x' . $xVar . '" value="' . $thisVar . '" class="text" />'; } $xfields_rows .= '<tr><td class="r"><label for="x' . $x['var'] . '">' . $x['name'] . ':</label></td><td>' . $xField . '</td></tr>'; } } } if (!empty($xfields_rows)) {
} else { $error_message = $lang['users_msg_passwords_not_same']; } } else { $error_message = $lang['users_msg_email_check']; } } else { $error_message = $lang['users_msg_forbidden_chars']; } } else { $error_message = $lang['users_msg_values_length']; } } else { $error_message = $lang['users_msg_empty_values']; } $var = array('user_id' => $_POST['id'], 'username' => $_POST['username'], 'email' => $_POST['email'], 'group' => $_POST['group'], 'status' => $_POST['status'], 'nickname' => $_POST['nickname'], 'gender' => $_POST['gender'], 'bday_day' => $_POST['bday_day'], 'bday_month' => $_POST['bday_month'], 'bday_year' => $_POST['bday_year'], 'location' => $_POST['location'], 'www' => $_POST['www'], 'icq' => $_POST['icq'], 'msn' => $_POST['msn'], 'skype' => $_POST['skype'], 'jabber' => $_POST['jabber'], 'about' => check_text($_POST['about'])); overall_header($lang['users_add_new_user'] . ' » ' . $var['username'], $error_message, 'error'); } elseif (isset($_GET['action']) && $_GET['action'] == 'delete' && isset($_GET['id']) && $_GET['id'] != 1) { $var = get_values('users', $_GET['id']); $posts_count = get_posts_count('users'); $admin_tmpl['user_delete'] = true; $admin_tmpl['form_users'] = false; } elseif (isset($_POST['action']) && $_POST['action'] == 'delete' && isset($_POST['id']) && $_POST['id'] != 1) { $u_file = file($file['users']); $u_content = ''; foreach ($u_file as $u_line) { $u_data = explode(DELIMITER, $u_line); if ($u_data[0] == $_POST['id']) { continue; } else { $u_content .= $u_line;
echo isset($conf['web_title_header']) && $conf['web_title_header'] == true ? ' checked="checked"' : ''; ?> title="<?php echo $lang['config_web_title_checkbox']; ?> " /> </td></tr> <tr class="config-help"><td colspan="2"><?php echo $lang['config_web_title_help']; ?> </td></tr> <tr><td class="labels"><label for="web_url"><img src="./stuff/img/icons/link.png" alt="" /> <?php echo $lang['config_web_url']; ?> :</label></td><td class="inputs"><input type="text" id="web_url" name="web_url" class="text" value="<?php echo check_text($conf['web_url']); ?> " /></td></tr> <tr class="config-help"><td colspan="2"><?php echo $lang['config_web_url_help']; ?> </td></tr> <tr> <td><label for="format1"><img src="./stuff/img/icons/html.png" alt="" /> <?php echo $lang['config_web_format']; ?> :</label></td> <td> <input type="radio" class="radio" id="web_format2" name="web_format" value="html"<?php if ($conf['web_format'] == 'html' || empty($conf['web_format'])) {
<label for="newpassword"> Password: </label> <input type="text" name="newpassword" id="newpassword"/> </p> <p> <input type="submit" value="Submit"/> <input type="reset"> <p> </form> <?php session_start(); include "general_functions.php"; //check if newusername or password is empty if (!empty($_POST['newusername']) && !empty($_POST['newpassword'])) { //check if newusername or password have invalid characters $valid_newusername = check_text($_POST['newusername']); $valid_newpassword = check_text($_POST['newpassword']); if (!$valid_newusername) { echo "Invalid username, try again"; exit; } if (!$valid_newpassword) { echo "Invalid password, try again"; exit; } //check if username already exists require "database.php"; $stmt = $mysqli->prepare("select count(*) from users where username=?"); if (!$stmt) { printf("Query Prep Failed: %s\n", $mysqli->error); exit; }
<legend><?php echo encoding($lang['comm_comment_addition'] . ' / ' . $lang['login_login']); ?> </legend> <p> <?php echo encoding($lang['comm_msg_login']); if ($conf['users_registration']) { echo ' (<a href="' . $conf['admin_url'] . '/mn-login.php?action=register">' . encoding($lang['login_register']) . '</a>)'; } ?> </p> <input type="text" name="user_login" id="user_login" value="<?php echo check_text(@$_COOKIE['mn_user_name']); ?> " /> <label for="comment_author"><?php echo encoding($lang['login_user_login']); ?> *</label><br /> <input type="password" name="user_pass" id="user_pass" value="" /> <label for="comment_pass"><?php echo encoding($lang['login_user_password']); ?> *</label><br /> <input type="hidden" name="action" value="login" /> <input type="hidden" name="redir" value="<?php echo trim('http://' . $_SERVER['SERVER_NAME'] . $_SERVER['PHP_SELF'] . '?' . $_SERVER['QUERY_STRING'], '?') . '#mn-comment-form'; ?> " />
if (mn_put_contents($file['users'], $u_content)) { if (isset($_POST['redir'])) { header('location: ' . $_POST['redir']); exit; } else { header('location: ./mn-profile.php?back=edited'); exit; } } else { $error_message = $lang['users_msg_put_contents_error']; } } } else { $error_message = $lang['users_msg_email_check']; } $var = array('username' => $_SESSION['mn_user_name'], 'email' => $_POST['email'], 'public_email' => isset($_POST['public_email']) ? '1' : '0', 'nickname' => check_text($_POST['nickname'], true), 'gender' => check_text($_POST['gender'], true), 'bday_day' => check_text($_POST['bday_day'], true), 'bday_month' => check_text($_POST['bday_month'], true), 'bday_year' => check_text($_POST['bday_year'], true), 'location' => check_text($_POST['location'], true), 'www' => check_text($_POST['www'], true), 'icq' => check_text($_POST['icq'], true), 'msn' => check_text($_POST['msn'], true), 'skype' => check_text($_POST['skype'], true), 'jabber' => check_text($_POST['jabber'], true), 'about' => check_text($_POST['about'], true)); overall_header($lang['users_profile'], $error_message, 'error'); } elseif (isset($_GET['dt']) && $_GET['dt'] == $_SESSION['upload_token']) { $var = get_values('users', $uid); list($avatar_file, $avatar_ext, $avatar_width, $avatar_height) = explode(';', $var['avatar']); if (file_exists('./' . $dir['avatars'] . $avatar_file . '.' . $avatar_ext)) { unlink('./' . $dir['avatars'] . $avatar_file . '.' . $avatar_ext); unlink('./' . $dir['avatars'] . $avatar_file . '-small.' . $avatar_ext); unlink('./' . $dir['avatars'] . $avatar_file . '-mini.' . $avatar_ext); } $user_line = $var['user_id'] . DELIMITER . $var['username'] . DELIMITER . $var['pass'] . DELIMITER . $var['email'] . DELIMITER . $var['group'] . DELIMITER . $var['status'] . DELIMITER . $var['key'] . DELIMITER . $var['last_login'] . DELIMITER . $var['last_ip'] . DELIMITER . $var['registered'] . DELIMITER . $var['registered_ip'] . DELIMITER . $var['public_email'] . DELIMITER . '' . DELIMITER . '' . DELIMITER . '' . DELIMITER . '' . DELIMITER . '' . DELIMITER . '' . DELIMITER . '' . DELIMITER . '' . DELIMITER . $var['nickname'] . DELIMITER . $var['gender'] . DELIMITER . $var['birthdate'] . DELIMITER . $var['location'] . DELIMITER . $var['www'] . DELIMITER . $var['icq'] . DELIMITER . $var['msn'] . DELIMITER . $var['skype'] . DELIMITER . $var['jabber'] . DELIMITER . '' . DELIMITER . '' . DELIMITER . $var['other1'] . DELIMITER . $var['other2'] . DELIMITER . trim($var['about']) . "\n"; $u_file = file($file['users']); $u_content = ''; foreach ($u_file as $u_line) { $u_data = explode(DELIMITER, $u_line); if ($uid == $u_data[0]) {
if ($g_data[0] == $_POST['id']) { $g_content .= $_POST['id'] . DELIMITER . check_text($_POST['group_name']) . DELIMITER . friendly_url($_POST['group_name']) . DELIMITER . $permissions . "\n"; } else { $g_content .= $single_line; } } if (mn_put_contents($file['groups'], $g_content)) { header('location: ./mn-groups.php?back=edited'); exit; } else { overal_header($lang['groups_groups'], $lang['groups_msg_put_contents_error'], 'error'); } } else { overall_header($lang['groups_groups'], $lang['groups_msg_empty_values'], 'error'); $var['permissions'] = $permissions; $var['group_name'] = check_text($_POST['group_name']); $admin_tmpl['groups_form'] = true; } } elseif (isset($_GET['action']) && $_GET['action'] == 'delete' && isset($_GET['id']) && file_exists($file['groups'])) { $groups = load_basic_data('groups'); $var = get_values('groups', $_GET['id']); $admin_tmpl['group_delete'] = true; } elseif (isset($_POST['action']) && $_POST['action'] == 'delete' && isset($_POST['id']) && file_exists($file['groups'])) { $g_file = file($file['groups']); $g_content = ''; foreach ($g_file as $g_line) { $g_data = explode(DELIMITER, $g_line); if ($g_data[0] == $_POST['id'] && $_POST['id'] != 1) { continue; } else { $g_content .= $g_line;