check_login_member('view_photo');
$tpl = new phemplate(_BASEPATH_ . '/skins_site/' . get_my_skin() . '/', 'remove_nonjs');
$photo_id = sanitize_and_format_gpc($_GET, 'photo_id', TYPE_INT, 0, 0);
$output = array();
$output['pic_width'] = get_site_option('pic_width', 'core_photo');
$loop_comments = array();
if (!empty($photo_id)) {
$query = "SELECT `photo_id`,`is_private`,`photo`,`caption`,`fk_user_id`,`_user` as `user`,`status`,`allow_comments`,`allow_rating`,`stat_votes`,`stat_votes_total` FROM `{$dbtable_prefix}user_photos` WHERE `photo_id`={$photo_id}";
if (!($res = @mysql_query($query))) {
trigger_error(mysql_error(), E_USER_ERROR);
}
if (mysql_num_rows($res)) {
$output = array_merge($output, mysql_fetch_assoc($res));
$is_friend = false;
if (!empty($_SESSION[_LICENSE_KEY_]['user']['user_id'])) {
$is_friend = is_network_member($output['fk_user_id'], $_SESSION[_LICENSE_KEY_]['user']['user_id'], NET_FRIENDS);
}
if (!empty($output['is_private']) && (empty($_SESSION[_LICENSE_KEY_]['user']['user_id']) || $output['fk_user_id'] != $_SESSION[_LICENSE_KEY_]['user']['user_id'] && !$is_friend)) {
$topass['message']['type'] = MESSAGE_ERROR;
$topass['message']['text'] = sprintf($GLOBALS['_lang'][277], _BASEURL_ . '/profile.php?uid=' . $output['fk_user_id'], get_user_by_userid($output['fk_user_id']));
redirect2page('info.php', $topass);
} elseif ($output['status'] == STAT_APPROVED || !empty($_SESSION[_LICENSE_KEY_]['user']['user_id']) && $output['fk_user_id'] == $_SESSION[_LICENSE_KEY_]['user']['user_id']) {
$output['caption'] = sanitize_and_format($output['caption'], TYPE_STRING, $__field2format[TEXT_DB2DISPLAY]);
if (!empty($output['allow_rating'])) {
if ($output['stat_votes'] > 0) {
$output['rate_num'] = number_format($output['stat_votes_total'] / $output['stat_votes'], 1);
} else {
$output['rate_num'] = 0;
}
$output['rate_percent'] = (int) ($output['rate_num'] * 100 / 5);
} else {
// check_login_member('auth'); this check was made at the begining
if (empty($output['_user_other'])) {
$output['_user_other'] = $GLOBALS['_lang'][135];
}
$tpl->set_var('spam_controls', false);
break;
}
$output['message_body'] = text2smilies(bbcode2html($output['message_body']));
if (empty($output['photo'])) {
$output['photo'] = 'no_photo.gif';
}
if (empty($output['other_id'])) {
unset($output['other_id']);
} else {
require _BASEPATH_ . '/includes/network_functions.inc.php';
if (is_network_member($_SESSION[_LICENSE_KEY_]['user']['user_id'], $output['other_id'], NET_BLOCK)) {
$output['is_blocked'] = true;
}
$output['net_block'] = NET_BLOCK;
}
$output['mailbox_name'] = $my_folders[$output['fid']];
$output['return2me'] = 'message_read.php';
if (!empty($_SERVER['QUERY_STRING'])) {
$output['return2me'] .= '?' . $_SERVER['QUERY_STRING'];
}
$output['return2me'] = rawurlencode($output['return2me']);
$tpl->set_file('content', 'message_read.html');
$tpl->set_var('output', $output);
$tpl->process('content', 'content', TPL_OPTIONAL);
if ($output['is_read'] == 0) {
$query = "UPDATE `{$dbtable_prefix}user_{$mailbox_table}` SET `is_read`=1 WHERE `mail_id`=" . $output['mail_id'] . " AND `fk_user_id`='" . $_SESSION[_LICENSE_KEY_]['user']['user_id'] . "'";
<?php
/******************************************************************************
Etano
===============================================================================
File: profile_left.php
$Revision$
Software by: DateMill (http://www.datemill.com)
Copyright by: DateMill (http://www.datemill.com)
Support at: http://www.datemill.com/forum
*******************************************************************************
* See the "docs/licenses/etano.txt" file for license. *
******************************************************************************/
$conn_net = array();
if (isset($output['uid'])) {
$uid = $output['uid'];
unset($output);
$output['uid'] = $uid;
if (!empty($_SESSION[_LICENSE_KEY_]['user']['user_id'])) {
if (is_network_member($_SESSION[_LICENSE_KEY_]['user']['user_id'], $output['uid'], NET_BLOCK)) {
$output['unblock_user'] = true;
}
$conn_net = is_network_member($_SESSION[_LICENSE_KEY_]['user']['user_id'], $output['uid'], 0, array(NET_BLOCK));
}
}
$tpl->set_file('left_content', 'profile_left.html');
$tpl->set_loop('conn_net', $conn_net);
$tpl->set_var('output', $output);
$tpl->set_var('tplvars', $tplvars);
$tpl->process('left_content', 'left_content', TPL_LOOP | TPL_OPTIONAL);
if (!empty($_GET['return'])) {
$input['return'] = sanitize_and_format_gpc($_GET, 'return', TYPE_STRING, $__field2format[FIELD_TEXTFIELD] | FORMAT_RUDECODE, '');
$nextpage = $input['return'];
}
if (empty($input['uid'])) {
$error = true;
$topass['message']['type'] = MESSAGE_ERROR;
$topass['message']['text'] = $GLOBALS['_lang'][81];
}
if (empty($input['net_id'])) {
$error = true;
$topass['message']['type'] = MESSAGE_ERROR;
$topass['message']['text'] = $GLOBALS['_lang'][82];
}
$other_user_name = get_user_by_userid($input['uid']);
if (is_network_member($_SESSION[_LICENSE_KEY_]['user']['user_id'], $input['uid'], $input['net_id'])) {
$error = true;
$topass['message']['type'] = MESSAGE_ERROR;
$topass['message']['text'] = sprintf($GLOBALS['_lang'][280], $other_user_name);
}
if (!$error) {
$query = "SELECT `is_bidi` FROM `{$dbtable_prefix}networks` WHERE `net_id`=" . $input['net_id'];
if (!($res = @mysql_query($query))) {
trigger_error(mysql_error(), E_USER_ERROR);
}
$is_bidi = 1;
if (mysql_num_rows($res)) {
$is_bidi = mysql_result($res, 0, 0);
} else {
$error = true;
$topass['message']['type'] = MESSAGE_ERROR;
$topass['message']['type'] = MESSAGE_ERROR;
$topass['message']['text'] = $GLOBALS['_lang'][75];
}
if (empty($input['subject'])) {
$error = true;
$topass['message']['type'] = MESSAGE_ERROR;
$topass['message']['text'] = $GLOBALS['_lang'][196];
}
if (empty($input['message_body'])) {
$error = true;
$topass['message']['type'] = MESSAGE_ERROR;
$topass['message']['text'] = $GLOBALS['_lang'][197];
}
if (!$error) {
// if the receiver didn't block me...
if (!is_network_member($input['fk_user_id'], $_SESSION[_LICENSE_KEY_]['user']['user_id'], NET_BLOCK)) {
// sender of the message: me
$input['fk_user_id_other'] = $_SESSION[_LICENSE_KEY_]['user']['user_id'];
$input['_user_other'] = $_SESSION[_LICENSE_KEY_]['user']['user'];
$input['subject'] = remove_banned_words($input['subject']);
$input['message_body'] = remove_banned_words($input['message_body']);
if (isset($_on_before_insert)) {
for ($i = 0; isset($_on_before_insert[$i]); ++$i) {
call_user_func($_on_before_insert[$i]);
}
}
queue_or_send_message($input, true);
// save the message in my outbox
$input['fk_user_id_other'] = $input['fk_user_id'];
$input['fk_user_id'] = $_SESSION[_LICENSE_KEY_]['user']['user_id'];
$input['_user_other'] = get_user_by_userid($input['fk_user_id_other']);
} else {
$error = true;
}
$tplvars['page_title'] = sprintf($GLOBALS['_lang'][143], get_user_by_userid($input['uid']));
break;
case 'priv':
$input['acclevel_code'] = 'auth';
$input['uid'] = sanitize_and_format_gpc($_GET, 'uid', TYPE_INT, 0, 0);
if (!empty($_SESSION[_LICENSE_KEY_]['user']['user_id']) && $input['uid'] == $_SESSION[_LICENSE_KEY_]['user']['user_id']) {
redirect2page('my_photos.php');
}
$user_name = get_user_by_userid($input['uid']);
if (!empty($input['uid'])) {
require_once _BASEPATH_ . '/includes/network_functions.inc.php';
// if I am a friend with this gorgeous girl show me the hidden stuff :)
if (!empty($_SESSION[_LICENSE_KEY_]['user']['user_id']) && is_network_member($input['uid'], $_SESSION[_LICENSE_KEY_]['user']['user_id'], NET_FRIENDS)) {
$where .= " AND a.`fk_user_id`=" . $input['uid'] . " AND `is_private`=1";
} else {
$output['no_results'] = sprintf($GLOBALS['_lang'][277], _BASEURL_ . '/profile.php?uid=' . $input['uid'], $user_name);
$error = true;
}
} else {
$error = true;
}
$tplvars['page_title'] = sprintf($GLOBALS['_lang'][279], $user_name);
break;
case 'field':
$input['acclevel_code'] = 'search_photo';
$input['f'] = sanitize_and_format_gpc($_GET, 'f', TYPE_STRING, $__field2format[FIELD_TEXTFIELD], '');
$input['v'] = sanitize_and_format_gpc($_GET, 'v', TYPE_STRING, $__field2format[FIELD_TEXTFIELD], '');
if (!empty($input['f']) && !empty($input['v'])) {
