function rate_limiter(&$log)
{
$myreturn = false;
global $dbtable_prefix;
$where = '';
if (!empty($log['user_id'])) {
$where = " AND `fk_user_id`='" . $log['user_id'] . "'";
} else {
$where = " AND `ip`='" . $log['ip'] . "' AND `sess`='" . $log['sess'] . "'";
}
$query = "SELECT `limit`,`interval`,`punishment`,`fk_lk_id_error_message` FROM `{$dbtable_prefix}rate_limiter` WHERE `level_code`='" . $log['level'] . "' AND `m_value`='" . $log['membership'] . "'";
if (!($res = @mysql_query($query))) {
trigger_error(mysql_error(), E_USER_ERROR);
}
$punish = array();
while ($rsrow = mysql_fetch_assoc($res)) {
$query = "SELECT count(*) FROM `{$dbtable_prefix}site_log` WHERE `level_code`='" . $log['level'] . "' AND `time`>=DATE_SUB('" . gmdate('YmdHis') . "',INTERVAL " . $rsrow['interval'] . " MINUTE) {$where}";
if (!($res2 = @mysql_query($query))) {
trigger_error(mysql_error(), E_USER_ERROR);
}
if (mysql_result($res2, 0, 0) >= $rsrow['limit']) {
$punish[$rsrow['punishment']] = $rsrow['fk_lk_id_error_message'];
}
}
if (isset($punish[_PUNISH_BANIP_])) {
$query = "INSERT IGNORE INTO `{$dbtable_prefix}site_bans` SET `ban_type`=" . _PUNISH_BANIP_ . ",`what`='" . $log['ip'] . "',`reason`='" . $punish[_PUNISH_BANIP_] . "'";
if (!($res = @mysql_query($query))) {
trigger_error(mysql_error(), E_USER_ERROR);
}
regenerate_ban_array();
}
if (isset($punish[_PUNISH_BANUSER_])) {
$query = "INSERT IGNORE INTO `{$dbtable_prefix}site_bans` SET `ban_type`=" . _PUNISH_BANUSER_ . ",`what`='" . $log['user'] . "',`reason`='" . $punish[_PUNISH_BANUSER_] . "'";
if (!($res = @mysql_query($query))) {
trigger_error(mysql_error(), E_USER_ERROR);
}
regenerate_ban_array();
}
if (isset($punish[_PUNISH_BANEMAIL_])) {
$query = "INSERT IGNORE INTO `{$dbtable_prefix}site_bans` SET `ban_type`=" . _PUNISH_BANEMAIL_ . ",`what`='" . $log['email'] . "',`reason`='" . $punish[_PUNISH_BANEMAIL_] . "'";
if (!($res = @mysql_query($query))) {
trigger_error(mysql_error(), E_USER_ERROR);
}
regenerate_ban_array();
}
if (isset($punish[_PUNISH_ERROR_])) {
$topass['message']['type'] = MESSAGE_ERROR;
$topass['message']['text'] = isset($GLOBALS['_lang'][$punish[_PUNISH_ERROR_]]) ? $GLOBALS['_lang'][$punish[_PUNISH_ERROR_]] : '';
redirect2page('info.php', $topass);
} elseif (isset($punish[_PUNISH_UPGRADE_])) {
$topass['message']['type'] = MESSAGE_ERROR;
$topass['message']['text'] = isset($GLOBALS['_lang'][$punish[_PUNISH_UPGRADE_]]) ? $GLOBALS['_lang'][$punish[_PUNISH_UPGRADE_]] : '';
redirect2page(_BASEURL_ . '/info.php?type=access', $topass, '', true);
}
return $myreturn;
}
}
$time = mktime(gmdate('H'), gmdate('i'), gmdate('s'), gmdate('m'), gmdate('d'), gmdate('Y'));
if (!empty($_SESSION[_LICENSE_KEY_]['user']['user_id'])) {
$query = "DELETE FROM `{$dbtable_prefix}online` WHERE `fk_user_id`='" . $_SESSION[_LICENSE_KEY_]['user']['user_id'] . "'";
if (isset($_on_before_insert)) {
for ($i = 0; isset($_on_before_insert[$i]); ++$i) {
call_user_func($_on_before_insert[$i]);
}
}
@mysql_query($query);
add_member_score($_SESSION[_LICENSE_KEY_]['user']['user_id'], 'login', -1);
$query = "UPDATE `" . USER_ACCOUNTS_TABLE . "` SET `last_activity`='" . gmdate('YmdHis') . "' WHERE `" . USER_ACCOUNT_ID . "`=" . $_SESSION[_LICENSE_KEY_]['user']['user_id'];
if (!($res = @mysql_query($query))) {
trigger_error(mysql_error(), E_USER_ERROR);
}
if (isset($_on_after_insert)) {
for ($i = 0; isset($_on_after_insert[$i]); ++$i) {
call_user_func($_on_after_insert[$i]);
}
}
}
$_SESSION[_LICENSE_KEY_]['user'] = array();
unset($_SESSION[_LICENSE_KEY_]['user']);
$_SESSION[_LICENSE_KEY_]['user']['loginout'] = $time;
header('Expires: Mon,26 Jul 1997 05:00:00 GMT');
header('Last-Modified: ' . gmdate('D,d M Y H:i:s') . ' GMT');
header('Cache-Control: no-store,no-cache,must-revalidate', false);
header('Cache-Control: post-check=0,pre-check=0', false);
header('Pragma: no-cache', false);
redirect2page('index.php');
if (isset($captions_changed[$photo_id])) {
$query .= ",`caption`='{$caption}'";
if (!empty($config['manual_photo_approval'])) {
$query .= ",`status`=" . STAT_PENDING;
} else {
// leave as it was - whatever it was.
// $query.=",`status`=".STAT_APPROVED;
}
}
$query .= " WHERE `photo_id`={$photo_id} AND `fk_user_id`='" . $_SESSION[_LICENSE_KEY_]['user']['user_id'] . "'";
if (isset($_on_before_update)) {
for ($i = 0; isset($_on_before_update[$i]); ++$i) {
call_user_func($_on_before_update[$i]);
}
}
if (!($res = @mysql_query($query))) {
trigger_error(mysql_error(), E_USER_ERROR);
}
if (isset($_on_after_update)) {
for ($i = 0; isset($_on_after_update[$i]); ++$i) {
call_user_func($_on_after_update[$i]);
}
}
}
$topass['message']['type'] = MESSAGE_INFO;
$topass['message']['text'] = $GLOBALS['_lang'][92];
}
}
$nextpage = _BASEURL_ . '/' . $nextpage;
redirect2page($nextpage, $topass, '', true);
if (!($res = @mysql_query($query))) {
trigger_error(mysql_error(), E_USER_ERROR);
}
if (mysql_num_rows($res)) {
$user_ids = mysql_result($res, 0, 0);
$user_ids = explode(',', $user_ids);
$key = array_search($uid, $user_ids) + $_GET['go'];
if (isset($user_ids[$key])) {
$uid = (int) $user_ids[$key];
}
}
}
} else {
$topass['message']['type'] = MESSAGE_ERROR;
$topass['message']['text'] = 'No user selected';
redirect2page('admin/cpanel.php', $topass);
}
$config = get_site_option(array('datetime_format', 'time_offset'), 'def_user_prefs');
$categs = array();
$account = array();
$query = "SELECT `fk_user_id`,`_photo`,`_user`,`alt_url`,`rad_longitude`,`rad_latitude`,`score`,`status`,`reject_reason`,UNIX_TIMESTAMP(`date_added`) as `date_added`,`del`";
foreach ($_pfields as $field_id => $field) {
// if ($field->config['visible']) {
$query .= ',' . $field->query_select();
// }
}
$query .= " FROM `{$dbtable_prefix}user_profiles` WHERE `fk_user_id`={$uid}";
if (!($res = @mysql_query($query))) {
trigger_error(mysql_error(), E_USER_ERROR);
}
if (mysql_num_rows($res)) {
require_once '../../includes/common.inc.php';
require_once '../../includes/admin_functions.inc.php';
allow_dept(DEPT_ADMIN);
$qs = '';
$qs_sep = '';
$topass = array();
$country_id = isset($_GET['country_id']) ? (int) $_GET['country_id'] : 0;
$query = "DELETE FROM `{$dbtable_prefix}loc_cities` WHERE `fk_country_id`={$country_id}";
if (!($res = @mysql_query($query))) {
trigger_error(mysql_error(), E_USER_ERROR);
}
$query = "DELETE FROM `{$dbtable_prefix}loc_states` WHERE `fk_country_id`={$country_id}";
if (!($res = @mysql_query($query))) {
trigger_error(mysql_error(), E_USER_ERROR);
}
$query = "DELETE FROM `{$dbtable_prefix}loc_countries` WHERE `country_id`={$country_id}";
if (!($res = @mysql_query($query))) {
trigger_error(mysql_error(), E_USER_ERROR);
}
$topass['message']['type'] = MESSAGE_INFO;
$topass['message']['text'] = 'Country and all its states and cities deleted.';
if (isset($_GET['o'])) {
$qs .= $qs_sep . 'o=' . $_GET['o'];
$qs_sep = '&';
}
if (isset($_GET['r'])) {
$qs .= $qs_sep . 'r=' . $_GET['r'];
$qs_sep = '&';
}
redirect2page('admin/loc_countries.php', $topass, $qs);
} elseif ($rsrow['status'] == STAT_APPROVED) {
$rsrow['approved'] = true;
}
if (empty($rsrow['del'])) {
unset($rsrow['del']);
}
$loop[] = $rsrow;
}
$_GET = array('search' => $output['search_md5'], 'sortby' => $sortby);
$output['pager2'] = pager($totalrows, $o, $r);
$output['totalrows'] = $totalrows;
}
if (empty($loop)) {
$topass['message']['type'] = MESSAGE_INFO;
$topass['message']['text'] = 'No members found meeting your search criteria.';
redirect2page('admin/member_search.php', $topass);
}
$output['return2me'] = 'member_results.php';
if (!empty($output['search_md5'])) {
$output['return2me'] .= '?search=' . $output['search_md5'] . "&sortby={$sortby}&o={$o}&r={$r}";
} elseif (!empty($_SERVER['QUERY_STRING'])) {
$output['return2me'] .= '?' . $_SERVER['QUERY_STRING'];
}
$output['return2me'] = rawurlencode($output['return2me']);
$tpl->set_file('content', 'member_results.html');
$tpl->set_loop('loop', $loop);
$tpl->set_var('output', $output);
$tpl->process('content', 'content', TPL_LOOP | TPL_NOLOOP | TPL_OPTLOOP | TPL_OPTIONAL);
$tpl->drop_loop('loop');
unset($loop);
$tplvars['title'] = 'Search Results';
$new_levels[$levels[$l]] += $memberships[$m];
}
}
}
// save in db
foreach ($new_levels as $k => $v) {
$query = "UPDATE `{$dbtable_prefix}access_levels` SET `level`='{$v}' WHERE `level_id`={$k}";
if (!($res = @mysql_query($query))) {
trigger_error(mysql_error(), E_USER_ERROR);
}
}
// save in file
require_once _BASEPATH_ . '/includes/classes/fileop.class.php';
require_once _BASEPATH_ . '/includes/access_levels.inc.php';
$query = "SELECT `level_code`,`level` FROM `{$dbtable_prefix}access_levels`";
if (!($res = @mysql_query($query))) {
trigger_error(mysql_error(), E_USER_ERROR);
}
$towrite = "<?php\n\$GLOBALS['_access_level']=array('auth'=>65534,'all'=>65535";
while ($rsrow = mysql_fetch_row($res)) {
$towrite .= ",'" . $rsrow[0] . "'=>" . $rsrow[1];
}
$towrite .= ");\n";
$towrite .= '$GLOBALS[\'_allow_na\']=' . var_export($GLOBALS['_allow_na'], true) . ";\n";
$fileop = new fileop();
$fileop->file_put_contents(_BASEPATH_ . '/includes/access_levels.inc.php', $towrite);
$topass['message']['type'] = MESSAGE_INFO;
$topass['message']['text'] = 'Access levels changed.';
}
redirect2page('admin/access_levels.php', $topass, $qs);
$val_dif = $max_val - $min_val;
$yscale = 7;
for ($i = 4; $i <= 10; ++$i) {
// find a divisor
if ($val_dif % $i == 0) {
$yscale = $i;
break;
}
}
$graph->setProp('scale', 'date');
$graph->setProp('pointstyle', 7);
$graph->setColor('pointcolor', -1, 255, 0, 0);
$graph->setProp('startdate', (int) $min_time);
$graph->setProp('enddate', (int) $max_time);
$graph->setProp('xsclpts', 6);
$graph->setProp('xincpts', 6);
$graph->setProp('ysclpts', $yscale);
$graph->setProp('yincpts', $yscale);
if ($max_time - $min_time <= 365 * 24 * 60 * 60) {
$graph->setProp('dateformat', 1);
} elseif ($max_time - $min_time > 365 * 24 * 60 * 60) {
$graph->setProp('dateformat', 1);
}
$graph->setProp('showyear', true);
$graph->graph();
$graph->showGraph(_BASEPATH_ . '/tmp/admin/' . $type . $start_date . $end_date . '.png');
// $graph->showGraph();
}
}
redirect2page('tmp/admin/' . $type . $start_date . $end_date . '.png');
}
if (!empty($_SERVER['QUERY_STRING'])) {
$output['return2me'] .= '?' . $_SERVER['QUERY_STRING'];
}
$output['return2me'] = rawurlencode($output['return2me']);
$tpl->set_file('content', 'message_read.html');
$tpl->set_var('output', $output);
$tpl->process('content', 'content', TPL_OPTIONAL);
if ($output['is_read'] == 0) {
$query = "UPDATE `{$dbtable_prefix}user_{$mailbox_table}` SET `is_read`=1 WHERE `mail_id`=" . $output['mail_id'] . " AND `fk_user_id`='" . $_SESSION[_LICENSE_KEY_]['user']['user_id'] . "'";
if (!($res = @mysql_query($query))) {
trigger_error(mysql_error(), E_USER_ERROR);
}
}
} else {
$topass['message']['type'] = MESSAGE_ERROR;
$topass['message']['text'] = $GLOBALS['_lang'][5];
redirect2page('mailbox.php');
}
} else {
$topass['message']['type'] = MESSAGE_ERROR;
$topass['message']['text'] = $GLOBALS['_lang'][5];
redirect2page('mailbox.php');
}
$tplvars['title'] = $GLOBALS['_lang'][136];
$tplvars['page_title'] = $GLOBALS['_lang'][136];
$tplvars['page'] = 'message_read';
$tplvars['css'] = 'message_read.css';
if (is_file('message_read_left.php')) {
include 'message_read_left.php';
}
include 'frame.php';
require_once '../../includes/common.inc.php';
require_once '../../includes/admin_functions.inc.php';
allow_dept(DEPT_ADMIN);
$error = false;
$qs = '';
$qs_sep = '';
$topass = array();
$word_id = isset($_GET['word_id']) ? (int) $_GET['word_id'] : 0;
$query = "DELETE FROM `{$dbtable_prefix}banned_words` WHERE `word_id`={$word_id}";
if (!($res = @mysql_query($query))) {
trigger_error(mysql_error(), E_USER_ERROR);
}
if (!$error) {
// save in file
require_once _BASEPATH_ . '/includes/classes/fileop.class.php';
$query = "SELECT `word` FROM `{$dbtable_prefix}banned_words`";
if (!($res = @mysql_query($query))) {
trigger_error(mysql_error(), E_USER_ERROR);
}
$towrite = array();
for ($i = 0; $i < mysql_num_rows($res); ++$i) {
$towrite[] = mysql_result($res, $i, 0);
}
$towrite = '<?php $_banned_words=' . var_export($towrite, true) . ';';
$fileop = new fileop();
$fileop->file_put_contents(_BASEPATH_ . '/includes/banned_words.inc.php', $towrite);
}
$topass['message']['type'] = MESSAGE_INFO;
$topass['message']['text'] = 'Word deleted.';
redirect2page('admin/banned_words.php', $topass, $qs);
Copyright by: DateMill (http://www.datemill.com)
Support at: http://www.datemill.com/forum
*******************************************************************************
* See the "docs/licenses/etano.txt" file for license. *
******************************************************************************/
require '../includes/common.inc.php';
require _BASEPATH_ . '/includes/user_functions.inc.php';
require _BASEPATH_ . '/skins_site/' . get_my_skin() . '/lang/join.inc.php';
$qs = 'type=signup';
$qssep = '&';
$uid = sanitize_and_format_gpc($_GET, 'uid', TYPE_INT, 0, 0);
if (!empty($uid)) {
$query = "SELECT `" . USER_ACCOUNT_ID . "` as `uid`,`email`,`temp_pass` FROM `" . USER_ACCOUNTS_TABLE . "` WHERE `" . USER_ACCOUNT_ID . "`={$uid}";
if (!($res = @mysql_query($query))) {
trigger_error(mysql_error(), E_USER_ERROR);
}
if (mysql_num_rows($res)) {
$input = mysql_fetch_assoc($res);
if (empty($input['temp_pass'])) {
$input['temp_pass'] = gen_pass(7);
$query = "UPDATE `" . USER_ACCOUNTS_TABLE . "` SET `temp_pass`='" . $input['temp_pass'] . "' WHERE `" . USER_ACCOUNT_ID . "`={$uid}";
if (!($res = @mysql_query($query))) {
trigger_error(mysql_error(), E_USER_ERROR);
}
}
send_template_email($input['email'], sprintf($GLOBALS['_lang'][70], _SITENAME_), 'confirm_reg.html', get_my_skin(), $input);
$qs .= $qssep . 'email=' . $input['email'];
}
}
redirect2page('info.php', array(), $qs);
<?php
/******************************************************************************
Etano
===============================================================================
File: admin/processors/admin_accounts_delete.php
$Revision$
Software by: DateMill (http://www.datemill.com)
Copyright by: DateMill (http://www.datemill.com)
Support at: http://www.datemill.com/forum
*******************************************************************************
* See the "docs/licenses/etano.txt" file for license. *
******************************************************************************/
require_once '../../includes/common.inc.php';
require_once '../../includes/admin_functions.inc.php';
allow_dept(DEPT_ADMIN);
$qs = '';
$qs_sep = '';
$topass = array();
$admin_id = isset($_GET['admin_id']) ? (int) $_GET['admin_id'] : 0;
$query = "DELETE FROM `{$dbtable_prefix}admin_accounts` WHERE `admin_id`={$admin_id}";
if (!($res = @mysql_query($query))) {
trigger_error(mysql_error(), E_USER_ERROR);
}
$topass['message']['type'] = MESSAGE_INFO;
$topass['message']['text'] = 'Account removed successfully.';
redirect2page('admin/admin_accounts.php', $topass, $qs);
$rsrow['pending'] = true;
} elseif ($rsrow['status'] == STAT_EDIT) {
$rsrow['need_edit'] = true;
} elseif ($rsrow['status'] == STAT_APPROVED) {
$rsrow['approved'] = true;
}
$loop[] = $rsrow;
}
$_GET = array('search' => $output['search_md5']);
$output['pager2'] = pager($totalrows, $o, $r);
$output['totalrows'] = $totalrows;
}
if (empty($loop)) {
$topass['message']['type'] = MESSAGE_INFO;
$topass['message']['text'] = 'No photos found meeting your search criteria.';
redirect2page('admin/photo_search.php', $topass);
}
$output['pic_width'] = get_site_option('pic_width', 'core_photo');
$output['return2me'] = 'photo_results.php';
if (!empty($output['search_md5'])) {
$output['return2me'] .= '?search=' . $output['search_md5'];
} elseif (!empty($_SERVER['QUERY_STRING'])) {
$output['return2me'] .= '?' . $_SERVER['QUERY_STRING'];
}
$output['return2me'] = rawurlencode($output['return2me']);
$tpl->set_file('content', 'photo_results.html');
$tpl->set_loop('loop', $loop);
$tpl->set_var('output', $output);
$tpl->process('content', 'content', TPL_LOOP | TPL_NOLOOP | TPL_OPTLOOP | TPL_OPTIONAL);
$tpl->drop_loop('loop');
unset($loop);
function check_login_member($level_code)
{
// is this user banned?
global $_bans;
if (isset($_bans[_PUNISH_BANUSER_]) && in_array($_SESSION[_LICENSE_KEY_]['user']['user'], $_bans[_PUNISH_BANUSER_])) {
die;
} elseif (isset($_bans[_PUNISH_BANIP_]) && in_array(sprintf('%u', ip2long($_SERVER['REMOTE_ADDR'])), $_bans[_PUNISH_BANIP_])) {
die;
} elseif (isset($_bans[_PUNISH_BANEMAIL_]) && in_array($_SESSION[_LICENSE_KEY_]['user']['email'], $_bans[_PUNISH_BANEMAIL_])) {
die;
}
global $dbtable_prefix;
if (!isset($GLOBALS['_access_level'][$level_code])) {
$GLOBALS['_access_level'][$level_code] = 0;
// no access allowed if level not defined
}
// ask visitors to login if they land on a page that doesn't allow guests
if (!($GLOBALS['_access_level'][$level_code] & 1) && empty($_SESSION[_LICENSE_KEY_]['user']['user_id'])) {
$_SESSION[_LICENSE_KEY_]['user']['timedout'] = array('url' => (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on' ? 'https://' : 'http://') . $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF'], 'method' => $_SERVER['REQUEST_METHOD'], 'qs' => $_SERVER['REQUEST_METHOD'] == 'GET' ? $_GET : $_POST);
redirect2page('login.php');
}
// unset($_SESSION[_LICENSE_KEY_]['user']['timedout']);
if (($GLOBALS['_access_level'][$level_code] & $_SESSION[_LICENSE_KEY_]['user']['membership']) != $_SESSION[_LICENSE_KEY_]['user']['membership']) {
redirect2page('info.php', array(), 'type=access');
// no access to this feature
}
if (!empty($_SESSION[_LICENSE_KEY_]['user']['user_id']) && $_SESSION[_LICENSE_KEY_]['user']['pstat'] < STAT_APPROVED && empty($GLOBALS['_allow_na'][$level_code])) {
redirect2page('info.php', array(), 'type=profile_na');
// no access to this feature until the profile gets approved
}
$user_id = !empty($_SESSION[_LICENSE_KEY_]['user']['user_id']) ? $_SESSION[_LICENSE_KEY_]['user']['user_id'] : 0;
if (USE_DB_SESSIONS == 0) {
$now = gmdate('YmdHis');
$query = "UPDATE `{$dbtable_prefix}online` SET `last_activity`='{$now}' WHERE `fk_user_id`={$user_id} AND `sess`='" . session_id() . "'";
if (!($res = @mysql_query($query))) {
trigger_error(mysql_error(), E_USER_ERROR);
}
if (!mysql_affected_rows()) {
$query = "REPLACE INTO `{$dbtable_prefix}online` SET `fk_user_id`={$user_id},`sess`='" . session_id() . "',`last_activity`='{$now}'";
if (!($res = @mysql_query($query))) {
trigger_error(mysql_error(), E_USER_ERROR);
}
}
}
// log and rate limit
$log['level'] = $level_code;
$log['user_id'] = $user_id;
$log['sess'] = session_id();
$log['user'] = $_SESSION[_LICENSE_KEY_]['user']['user'];
$log['membership'] = $_SESSION[_LICENSE_KEY_]['user']['membership'];
$log['ip'] = sprintf('%u', ip2long($_SERVER['REMOTE_ADDR']));
if ($level_code != 'all' && $level_code != 'auth') {
rate_limiter($log);
log_user_action($log);
}
}
File: admin/processors/error_log_delete.php
$Revision$
Software by: DateMill (http://www.datemill.com)
Copyright by: DateMill (http://www.datemill.com)
Support at: http://www.datemill.com/forum
*******************************************************************************
* See the "docs/licenses/etano.txt" file for license. *
******************************************************************************/
require_once '../../includes/common.inc.php';
require_once '../../includes/admin_functions.inc.php';
allow_dept(DEPT_ADMIN);
$qs = '';
$qs_sep = '';
$topass = array();
$log_id = isset($_GET['log_id']) ? (int) $_GET['log_id'] : 0;
$act = isset($_GET['act']) ? $_GET['act'] : '';
if ($act == 'all') {
$query = "TRUNCATE TABLE `{$dbtable_prefix}error_log`";
if (!($res = @mysql_query($query))) {
trigger_error(mysql_error(), E_USER_ERROR);
}
} elseif ($act == 'one') {
$query = "DELETE FROM `{$dbtable_prefix}error_log` WHERE `log_id`={$log_id}";
if (!($res = @mysql_query($query))) {
trigger_error(mysql_error(), E_USER_ERROR);
}
}
$topass['message']['type'] = MESSAGE_INFO;
$topass['message']['text'] = 'Ok';
redirect2page('admin/error_log.php', $topass, $qs);
$_SESSION[_LICENSE_KEY_]['admin'] = array_merge(isset($_SESSION[_LICENSE_KEY_]['admin']) ? $_SESSION[_LICENSE_KEY_]['admin'] : array(), $admin);
$_SESSION[_LICENSE_KEY_]['admin']['def_skin'] = get_default_skin_dir();
if (isset($_SESSION[_LICENSE_KEY_]['admin']['timedout']['url'])) {
$next = $_SESSION[_LICENSE_KEY_]['admin']['timedout'];
unset($_SESSION[_LICENSE_KEY_]['admin']['timedout']);
if ($next['method'] == 'GET') {
if (!empty($next['qs'])) {
$next['url'] = $next['url'] . '?' . array2qs($next['qs']);
}
redirect2page($next['url'], array(), '', true);
} else {
post2page($next['url'], $next['qs'], true);
}
} else {
redirect2page('admin/cpanel.php', $topass);
}
} else {
$topass['message']['type'] = MESSAGE_ERROR;
$topass['message']['text'] = 'Your account has been suspended';
}
} else {
$topass['message']['type'] = MESSAGE_ERROR;
$topass['message']['text'] = 'Invalid username or pass. Please try again!';
}
} else {
$topass['message']['type'] = MESSAGE_ERROR;
$topass['message']['text'] = 'Invalid username or pass. Please try again!';
}
}
redirect2page('admin/index.php', $topass);
<?php
/******************************************************************************
Etano
===============================================================================
File: admin/index.php
$Revision$
Software by: DateMill (http://www.datemill.com)
Copyright by: DateMill (http://www.datemill.com)
Support at: http://www.datemill.com/forum
*******************************************************************************
* See the "docs/licenses/etano.txt" file for license. *
******************************************************************************/
require_once '../includes/common.inc.php';
if (!isset($_SESSION[_LICENSE_KEY_]['admin']['admin_id'])) {
if (!empty($_SESSION['topass'])) {
$topass = $_SESSION['topass'];
$_SESSION['topass'] = array();
}
$message = isset($topass['message']) ? $topass['message'] : '';
$tpl = new phemplate('skin/', 'remove_nonjs');
$tpl->set_file('frame', 'index.html');
$tpl->set_var('title', 'Admin panel login');
$tpl->set_var('baseurl', _BASEURL_);
$tpl->set_var('message', $message);
$tpl->set_var('tplvars', $tplvars);
echo $tpl->process('', 'frame', TPL_FINISH);
} else {
redirect2page('admin/cpanel.php');
}
require_once '../../includes/common.inc.php';
require_once '../../includes/admin_functions.inc.php';
allow_dept(DEPT_ADMIN);
$qs = '';
$qs_sep = '';
$topass = array();
$rate_id = isset($_GET['rate_id']) ? (int) $_GET['rate_id'] : 0;
$query = "SELECT `fk_lk_id_error_message` FROM `{$dbtable_prefix}rate_limiter` WHERE `rate_id`={$rate_id}";
if (!($res = @mysql_query($query))) {
trigger_error(mysql_error(), E_USER_ERROR);
}
if (mysql_num_rows($res)) {
$lk_id = mysql_result($res, 0, 0);
$query = "DELETE FROM `{$dbtable_prefix}lang_strings` WHERE `fk_lk_id`={$lk_id}";
if (!($res = @mysql_query($query))) {
trigger_error(mysql_error(), E_USER_ERROR);
}
$query = "DELETE FROM `{$dbtable_prefix}lang_keys` WHERE `lk_id`={$lk_id}";
if (!($res = @mysql_query($query))) {
trigger_error(mysql_error(), E_USER_ERROR);
}
$query = "DELETE FROM `{$dbtable_prefix}rate_limiter` WHERE `rate_id`={$rate_id}";
if (!($res = @mysql_query($query))) {
trigger_error(mysql_error(), E_USER_ERROR);
}
regenerate_langstrings_array();
$topass['message']['type'] = MESSAGE_INFO;
$topass['message']['text'] = 'Limit removed successfully.';
}
redirect2page('admin/rate_limiter.php', $topass, $qs);
trigger_error(mysql_error(), E_USER_ERROR);
}
$query = "DELETE FROM `{$dbtable_prefix}loc_states` WHERE `state_id`={$state_id}";
if (!($res = @mysql_query($query))) {
trigger_error(mysql_error(), E_USER_ERROR);
}
$query = "UPDATE `{$dbtable_prefix}loc_countries` SET `num_states`=`num_states`-1 WHERE `country_id`={$country_id}";
if (!($res = @mysql_query($query))) {
trigger_error(mysql_error(), E_USER_ERROR);
}
$topass['message']['type'] = MESSAGE_INFO;
$topass['message']['text'] = 'State and all its cities deleted.';
if (isset($_GET['o'])) {
$qs .= $qs_sep . 'o=' . $_GET['o'];
$qs_sep = '&';
}
if (isset($_GET['r'])) {
$qs .= $qs_sep . 'r=' . $_GET['r'];
$qs_sep = '&';
}
if (isset($_GET['co'])) {
$qs .= $qs_sep . 'co=' . $_GET['co'];
$qs_sep = '&';
}
if (isset($_GET['cr'])) {
$qs .= $qs_sep . 'cr=' . $_GET['cr'];
$qs_sep = '&';
}
$qs .= $qs_sep . 'country_id=' . $country_id;
redirect2page('admin/loc_states.php', $topass, $qs);
// with this if() we target date_format because an empty date_format
// could break all dates on the site.
if ($types[$module_code][$config_option] != FIELD_TEXTFIELD || !empty($config_value)) {
$query = "REPLACE INTO `{$dbtable_prefix}user_settings2` SET `fk_user_id`='" . $_SESSION[_LICENSE_KEY_]['user']['user_id'] . "',`config_option`='{$config_option}',`config_value`='{$config_value}',`fk_module_code`='{$module_code}'";
if (isset($_on_before_update)) {
for ($i = 0; isset($_on_before_update[$i]); ++$i) {
call_user_func($_on_before_update[$i]);
}
}
if (!($res = @mysql_query($query))) {
trigger_error(mysql_error(), E_USER_ERROR);
}
if (isset($_on_after_update)) {
for ($i = 0; isset($_on_after_update[$i]); ++$i) {
call_user_func($_on_after_update[$i]);
}
}
}
}
}
// update the prefs stored in the session
$_SESSION[_LICENSE_KEY_]['user']['prefs']['date_format'] = $input['def_user_prefs']['date_format'];
$_SESSION[_LICENSE_KEY_]['user']['prefs']['datetime_format'] = $input['def_user_prefs']['datetime_format'];
$_SESSION[_LICENSE_KEY_]['user']['prefs']['time_offset'] = $input['def_user_prefs']['time_offset'];
$_SESSION[_LICENSE_KEY_]['user']['prefs']['rate_my_photos'] = $input['def_user_prefs']['rate_my_photos'];
$_SESSION[_LICENSE_KEY_]['user']['prefs']['profile_comments'] = $input['def_user_prefs']['profile_comments'];
$topass['message']['type'] = MESSAGE_INFO;
$topass['message']['text'] = $GLOBALS['_lang'][80];
}
redirect2page('my_settings.php', $topass, $qs);
Etano
===============================================================================
File: admin/processors/user_sentmail_delete.php
$Revision$
Software by: DateMill (http://www.datemill.com)
Copyright by: DateMill (http://www.datemill.com)
Support at: http://www.datemill.com/forum
*******************************************************************************
* See the "docs/licenses/etano.txt" file for license. *
******************************************************************************/
require_once '../../includes/common.inc.php';
require_once '../../includes/admin_functions.inc.php';
allow_dept(DEPT_ADMIN);
$qs = '';
$qs_sep = '';
$topass = array();
$uid = isset($_GET['uid']) ? (int) $_GET['uid'] : 0;
$return = sanitize_and_format_gpc($_GET, 'return', TYPE_STRING, $__field2format[FIELD_TEXTFIELD], '');
$query = "DELETE FROM `{$dbtable_prefix}user_inbox` WHERE `fk_user_id_other`={$uid}";
if (!($res = @mysql_query($query))) {
trigger_error(mysql_error(), E_USER_ERROR);
}
$numrows = mysql_affected_rows();
$topass['message']['type'] = MESSAGE_INFO;
$topass['message']['text'] = sprintf('%s messages sent by this member were deleted', $numrows);
$nextpage = _BASEURL_ . '/admin/member_search.php';
if (!empty($return)) {
$nextpage = _BASEURL_ . '/admin/' . $return;
}
redirect2page($nextpage, $topass, $qs, true);
trigger_error(mysql_error(), E_USER_ERROR);
}
$query = "DELETE FROM `{$dbtable_prefix}modules` WHERE `module_code`='{$module_code}'";
if (!($res = @mysql_query($query))) {
trigger_error(mysql_error(), E_USER_ERROR);
}
$query = "DELETE FROM `{$dbtable_prefix}lang_strings` WHERE `skin`='{$module_code}'";
if (!($res = @mysql_query($query))) {
trigger_error(mysql_error(), E_USER_ERROR);
}
if (!empty($config['is_default'])) {
$query = "SELECT `module_code` FROM `{$dbtable_prefix}modules` WHERE `module_type`=" . MODULE_SKIN . " LIMIT 1";
if (!($res = @mysql_query($query))) {
trigger_error(mysql_error(), E_USER_ERROR);
}
if (mysql_num_rows($res)) {
$module_code = mysql_result($res, 0, 0);
set_site_option('is_default', $module_code, 1);
}
}
require_once '../../includes/classes/fileop.class.php';
$fileop = new fileop();
$fileop->delete(_BASEPATH_ . '/skins_site/' . $config['skin_dir']);
$topass['message']['type'] = MESSAGE_INFO;
$topass['message']['text'] = 'Skin deleted.';
} else {
$topass['message']['type'] = MESSAGE_ERROR;
$topass['message']['text'] = 'You can\'t delete the last skin of the site!';
}
redirect2page('admin/site_skins.php', $topass, $qs);
}
$query = substr($query, 0, -1);
if (!($res = @mysql_query($query))) {
trigger_error(mysql_error(), E_USER_ERROR);
}
if (mysql_affected_rows()) {
$topass['message']['type'] = MESSAGE_INFO;
$topass['message']['text'] = 'Account added.';
} else {
$topass['message']['type'] = MESSAGE_ERROR;
$topass['message']['text'] = 'Error: account not added.';
}
}
} else {
$nextpage = 'admin/admin_accounts_addedit.php';
// you must re-read all textareas from $_POST like this:
// $input['x']=addslashes_mq($_POST['x']);
$input = sanitize_and_format($input, TYPE_STRING, FORMAT_HTML2TEXT_FULL | FORMAT_STRIPSLASH);
$topass['input'] = $input;
}
if (isset($_POST['o'])) {
$qs .= $qs_sep . 'o=' . $_POST['o'];
$qs_sep = '&';
}
if (isset($_POST['r'])) {
$qs .= $qs_sep . 'r=' . $_POST['r'];
$qs_sep = '&';
}
}
redirect2page($nextpage, $topass, $qs);
$query = "SELECT `dbfield`,`field_type` FROM `{$dbtable_prefix}profile_fields2` WHERE `searchable`=1 AND `for_basic`=1 ORDER BY `order_num`";
if (!($res = @mysql_query($query))) {
trigger_error(mysql_error(), E_USER_ERROR);
}
$fields = array();
// this should be rewritten with the new pfields system...
while ($rsrow = mysql_fetch_assoc($res)) {
if ($rsrow['field_type'] == 'field_location' || $rsrow['field_type'] == 'field_loc_req') {
$fields[] = $rsrow['dbfield'] . '_country';
} elseif ($rsrow['field_type'] == 'field_mchecks') {
} else {
$fields[] = $rsrow['dbfield'];
}
}
$query = "ALTER TABLE `{$dbtable_prefix}user_profiles` DROP INDEX `searchkey`";
@mysql_query($query);
if (!empty($fields)) {
$query = "ALTER TABLE `{$dbtable_prefix}user_profiles` ADD INDEX `searchkey` (`" . join("`,`", $fields) . "`)";
if (!($res = @mysql_query($query))) {
trigger_error(mysql_error(), E_USER_ERROR);
}
}
unset($GLOBALS['_pfields'], $GLOBALS['_pcats'], $GLOBALS['basic_search_fields']);
require _BASEPATH_ . '/skins_site/' . $def_skin . '/lang/global.inc.php';
require _BASEPATH_ . '/includes/fields.inc.php';
regenerate_skin_cache();
}
$topass['message']['type'] = MESSAGE_INFO;
$topass['message']['text'] = 'Field and category changes applied successfully.';
redirect2page('admin/profile_fields.php', $topass);
$topass['message']['type'] = MESSAGE_ERROR;
$topass['message']['text'] = 'File is not a valid Etano package';
}
}
if (isset($p) && $p->error && !empty($p->manual_actions)) {
$tpl->set_file('content', 'package_install.html');
$tpl->set_loop('manual_actions', $p->manual_actions);
$output['f'] = $file;
$output['finish'] = $install_index;
$output['show_finish'] = $show_finish;
$tpl->set_var('output', $output);
$tpl->process('content', 'content', TPL_LOOP | TPL_OPTIONAL);
$tplvars['title'] = 'Package Manager';
$tplvars['page'] = 'package_install';
$tplvars['css'] = 'package_install.css';
include 'frame.php';
} elseif ($ui_request) {
$tpl->set_file('content', 'package_ui.html');
$tpl->set_var('output', $p->ui);
$tpl->process('content', 'content');
$tplvars['title'] = 'Package Manager';
$tplvars['page'] = 'package_install';
$tplvars['css'] = 'package_install.css';
include 'frame.php';
} else {
if (!$error) {
$topass['message']['type'] = MESSAGE_INFO;
$topass['message']['text'] = 'Package installed successfully';
}
redirect2page('admin/packages.php', $topass);
}
$folder_id = isset($_GET['fid']) ? (int) $_GET['fid'] : 0;
$query = "UPDATE `{$dbtable_prefix}user_inbox` SET `fk_folder_id`=" . FOLDER_INBOX . ", `del`=1 WHERE `fk_user_id`='" . $_SESSION[_LICENSE_KEY_]['user']['user_id'] . "' AND `fk_folder_id`={$folder_id}";
if (!($res = @mysql_query($query))) {
trigger_error(mysql_error(), E_USER_ERROR);
}
$query = "DELETE FROM `{$dbtable_prefix}message_filters` WHERE `fk_user_id`='" . $_SESSION[_LICENSE_KEY_]['user']['user_id'] . "' AND `fk_folder_id`={$folder_id}";
if (!($res = @mysql_query($query))) {
trigger_error(mysql_error(), E_USER_ERROR);
}
$query = "DELETE FROM `{$dbtable_prefix}user_folders` WHERE `folder_id`={$folder_id} AND `fk_user_id`='" . $_SESSION[_LICENSE_KEY_]['user']['user_id'] . "'";
if (isset($_on_before_delete)) {
for ($i = 0; isset($_on_before_delete[$i]); ++$i) {
call_user_func($_on_before_delete[$i]);
}
}
if (!($res = @mysql_query($query))) {
trigger_error(mysql_error(), E_USER_ERROR);
}
$query = "UPDATE `{$dbtable_prefix}user_inbox` SET `del`=1 WHERE `fk_user_id`='" . $_SESSION[_LICENSE_KEY_]['user']['user_id'] . "' AND `fk_folder_id`={$folder_id}";
if (!($res = @mysql_query($query))) {
trigger_error(mysql_error(), E_USER_ERROR);
}
$topass['message']['type'] = MESSAGE_INFO;
$topass['message']['text'] = $GLOBALS['_lang'][55];
if (isset($_on_after_delete)) {
for ($i = 0; isset($_on_after_delete[$i]); ++$i) {
call_user_func($_on_after_delete[$i]);
}
}
redirect2page('folders.php', $topass, $qs);
$categs[count($categs) - 1]['class'] = 'last';
// get some friends
$loop_friends = get_network_members($output['uid'], NET_FRIENDS, 4);
if (!empty($loop_friends)) {
$loop_friends = $user_cache->get_cache_tpl($loop_friends, 'result_user');
}
unset($user_cache);
// comments
$loop_comments = create_comments_loop('user', $output['uid'], $output);
$output['pic_width'] = get_site_option('pic_width', 'core_photo');
$tplvars['title'] = sprintf($GLOBALS['_lang'][152], $output['user']);
$tplvars['page_title'] = $output['user'];
} else {
$topass['message']['type'] = MESSAGE_ERROR;
$topass['message']['text'] = $GLOBALS['_lang'][7];
redirect2page('info.php', $topass);
}
$output['lang_273'] = sanitize_and_format($GLOBALS['_lang'][273], TYPE_STRING, $__field2format[TEXT_DB2DISPLAY]);
$output['lang_274'] = sanitize_and_format($GLOBALS['_lang'][274], TYPE_STRING, $__field2format[TEXT_DB2DISPLAY]);
$output['lang_256'] = sanitize_and_format($GLOBALS['_lang'][256], TYPE_STRING, $__field2format[TEXT_DB2DISPLAY]);
$output['return2me'] = 'profile.php';
if (!empty($_SERVER['QUERY_STRING'])) {
$output['return2me'] .= '?' . $_SERVER['QUERY_STRING'];
}
$output['return2me'] = rawurlencode($output['return2me']);
$tpl->set_file('content', 'profile.html');
$tpl->set_var('output', $output);
$tpl->set_var('tplvars', $tplvars);
$tpl->set_loop('categs', $categs);
$tpl->set_loop('user_photos', $user_photos);
$tpl->set_loop('loop_comments', $loop_comments);
unset($_SESSION['topass']['input']);
if ($agree) {
$output['agree'] = 'checked="checked"';
}
} elseif (!empty($_GET['p'])) {
$page = (int) $_GET['p'];
}
foreach ($_pfields as $field_id => $field) {
if (isset($field->config['reg_page']) && $field->config['reg_page'] == $page) {
$my_fields[] = $field_id;
$_pfields[$field_id]->set_value($output, false);
}
}
// no landing on 2+ join pages.
if ($page > 1 && empty($_SESSION[_LICENSE_KEY_]['user']['reg_id'])) {
redirect2page('join.php');
}
$loop = array();
$j = 0;
for ($i = 0; isset($my_fields[$i]); ++$i) {
$field =& $_pfields[$my_fields[$i]];
$loop[$i]['label'] = $field->config['label'];
$loop[$i]['dbfield'] = $field->config['dbfield'];
$loop[$i]['required'] = isset($field->config['required']) ? true : false;
$loop[$i]['help_text'] = $field->config['help_text'];
$loop[$i]['js'] = $field->edit_js();
$loop[$i]['field'] = $field->edit($i + 6);
if (isset($output['error_' . $field->config['dbfield']])) {
$loop[$j]['class_error'] = $output['error_' . $field->config['dbfield']];
unset($output['error_' . $field->config['dbfield']]);
}
<?php
/******************************************************************************
Etano
===============================================================================
File: admin/processors/subscriptions_auto_delete.php
$Revision$
Software by: DateMill (http://www.datemill.com)
Copyright by: DateMill (http://www.datemill.com)
Support at: http://www.datemill.com/forum
*******************************************************************************
* See the "docs/licenses/etano.txt" file for license. *
******************************************************************************/
require_once '../../includes/common.inc.php';
require_once '../../includes/admin_functions.inc.php';
allow_dept(DEPT_ADMIN);
$qs = '';
$qs_sep = '';
$topass = array();
$asubscr_id = isset($_GET['asubscr_id']) ? (int) $_GET['asubscr_id'] : 0;
$query = "DELETE FROM `{$dbtable_prefix}subscriptions_auto` WHERE `asubscr_id`={$asubscr_id}";
if (!($res = @mysql_query($query))) {
trigger_error(mysql_error(), E_USER_ERROR);
}
$topass['message']['type'] = MESSAGE_INFO;
$topass['message']['text'] = 'Subscription assignment deleted.';
redirect2page('admin/subscriptions_auto.php', $topass, $qs);
} elseif ($rsrow['status'] == STAT_EDIT) {
$rsrow['need_edit'] = true;
} elseif ($rsrow['status'] == STAT_APPROVED) {
$rsrow['approved'] = true;
}
$rsrow['date_posted'] = strftime($config['datetime_format'], $rsrow['date_posted'] + $config['time_offset']);
$loop[] = $rsrow;
}
$_GET = array('search' => $output['search_md5']);
$output['pager2'] = pager($totalrows, $o, $r);
$output['totalrows'] = $totalrows;
}
if (empty($loop)) {
$topass['message']['type'] = MESSAGE_INFO;
$topass['message']['text'] = 'No blogs found meeting your search criteria.';
redirect2page('admin/blog_search.php', $topass);
}
$output['return2me'] = 'blog_results.php';
if (!empty($output['search_md5'])) {
$output['return2me'] .= '?search=' . $output['search_md5'];
} elseif (!empty($_SERVER['QUERY_STRING'])) {
$output['return2me'] .= '?' . $_SERVER['QUERY_STRING'];
}
$output['return2me'] = rawurlencode($output['return2me']);
$tpl->set_file('content', 'blog_results.html');
$tpl->set_loop('loop', $loop);
$tpl->set_var('output', $output);
$tpl->process('content', 'content', TPL_LOOP | TPL_NOLOOP | TPL_OPTLOOP | TPL_OPTIONAL);
$tpl->drop_loop('loop');
unset($loop);
$tplvars['title'] = 'Blog Search Results';
