function rate_limiter(&$log) { $myreturn = false; global $dbtable_prefix; $where = ''; if (!empty($log['user_id'])) { $where = " AND `fk_user_id`='" . $log['user_id'] . "'"; } else { $where = " AND `ip`='" . $log['ip'] . "' AND `sess`='" . $log['sess'] . "'"; } $query = "SELECT `limit`,`interval`,`punishment`,`fk_lk_id_error_message` FROM `{$dbtable_prefix}rate_limiter` WHERE `level_code`='" . $log['level'] . "' AND `m_value`='" . $log['membership'] . "'"; if (!($res = @mysql_query($query))) { trigger_error(mysql_error(), E_USER_ERROR); } $punish = array(); while ($rsrow = mysql_fetch_assoc($res)) { $query = "SELECT count(*) FROM `{$dbtable_prefix}site_log` WHERE `level_code`='" . $log['level'] . "' AND `time`>=DATE_SUB('" . gmdate('YmdHis') . "',INTERVAL " . $rsrow['interval'] . " MINUTE) {$where}"; if (!($res2 = @mysql_query($query))) { trigger_error(mysql_error(), E_USER_ERROR); } if (mysql_result($res2, 0, 0) >= $rsrow['limit']) { $punish[$rsrow['punishment']] = $rsrow['fk_lk_id_error_message']; } } if (isset($punish[_PUNISH_BANIP_])) { $query = "INSERT IGNORE INTO `{$dbtable_prefix}site_bans` SET `ban_type`=" . _PUNISH_BANIP_ . ",`what`='" . $log['ip'] . "',`reason`='" . $punish[_PUNISH_BANIP_] . "'"; if (!($res = @mysql_query($query))) { trigger_error(mysql_error(), E_USER_ERROR); } regenerate_ban_array(); } if (isset($punish[_PUNISH_BANUSER_])) { $query = "INSERT IGNORE INTO `{$dbtable_prefix}site_bans` SET `ban_type`=" . _PUNISH_BANUSER_ . ",`what`='" . $log['user'] . "',`reason`='" . $punish[_PUNISH_BANUSER_] . "'"; if (!($res = @mysql_query($query))) { trigger_error(mysql_error(), E_USER_ERROR); } regenerate_ban_array(); } if (isset($punish[_PUNISH_BANEMAIL_])) { $query = "INSERT IGNORE INTO `{$dbtable_prefix}site_bans` SET `ban_type`=" . _PUNISH_BANEMAIL_ . ",`what`='" . $log['email'] . "',`reason`='" . $punish[_PUNISH_BANEMAIL_] . "'"; if (!($res = @mysql_query($query))) { trigger_error(mysql_error(), E_USER_ERROR); } regenerate_ban_array(); } if (isset($punish[_PUNISH_ERROR_])) { $topass['message']['type'] = MESSAGE_ERROR; $topass['message']['text'] = isset($GLOBALS['_lang'][$punish[_PUNISH_ERROR_]]) ? $GLOBALS['_lang'][$punish[_PUNISH_ERROR_]] : ''; redirect2page('info.php', $topass); } elseif (isset($punish[_PUNISH_UPGRADE_])) { $topass['message']['type'] = MESSAGE_ERROR; $topass['message']['text'] = isset($GLOBALS['_lang'][$punish[_PUNISH_UPGRADE_]]) ? $GLOBALS['_lang'][$punish[_PUNISH_UPGRADE_]] : ''; redirect2page(_BASEURL_ . '/info.php?type=access', $topass, '', true); } return $myreturn; }
} $time = mktime(gmdate('H'), gmdate('i'), gmdate('s'), gmdate('m'), gmdate('d'), gmdate('Y')); if (!empty($_SESSION[_LICENSE_KEY_]['user']['user_id'])) { $query = "DELETE FROM `{$dbtable_prefix}online` WHERE `fk_user_id`='" . $_SESSION[_LICENSE_KEY_]['user']['user_id'] . "'"; if (isset($_on_before_insert)) { for ($i = 0; isset($_on_before_insert[$i]); ++$i) { call_user_func($_on_before_insert[$i]); } } @mysql_query($query); add_member_score($_SESSION[_LICENSE_KEY_]['user']['user_id'], 'login', -1); $query = "UPDATE `" . USER_ACCOUNTS_TABLE . "` SET `last_activity`='" . gmdate('YmdHis') . "' WHERE `" . USER_ACCOUNT_ID . "`=" . $_SESSION[_LICENSE_KEY_]['user']['user_id']; if (!($res = @mysql_query($query))) { trigger_error(mysql_error(), E_USER_ERROR); } if (isset($_on_after_insert)) { for ($i = 0; isset($_on_after_insert[$i]); ++$i) { call_user_func($_on_after_insert[$i]); } } } $_SESSION[_LICENSE_KEY_]['user'] = array(); unset($_SESSION[_LICENSE_KEY_]['user']); $_SESSION[_LICENSE_KEY_]['user']['loginout'] = $time; header('Expires: Mon,26 Jul 1997 05:00:00 GMT'); header('Last-Modified: ' . gmdate('D,d M Y H:i:s') . ' GMT'); header('Cache-Control: no-store,no-cache,must-revalidate', false); header('Cache-Control: post-check=0,pre-check=0', false); header('Pragma: no-cache', false); redirect2page('index.php');
if (isset($captions_changed[$photo_id])) { $query .= ",`caption`='{$caption}'"; if (!empty($config['manual_photo_approval'])) { $query .= ",`status`=" . STAT_PENDING; } else { // leave as it was - whatever it was. // $query.=",`status`=".STAT_APPROVED; } } $query .= " WHERE `photo_id`={$photo_id} AND `fk_user_id`='" . $_SESSION[_LICENSE_KEY_]['user']['user_id'] . "'"; if (isset($_on_before_update)) { for ($i = 0; isset($_on_before_update[$i]); ++$i) { call_user_func($_on_before_update[$i]); } } if (!($res = @mysql_query($query))) { trigger_error(mysql_error(), E_USER_ERROR); } if (isset($_on_after_update)) { for ($i = 0; isset($_on_after_update[$i]); ++$i) { call_user_func($_on_after_update[$i]); } } } $topass['message']['type'] = MESSAGE_INFO; $topass['message']['text'] = $GLOBALS['_lang'][92]; } } $nextpage = _BASEURL_ . '/' . $nextpage; redirect2page($nextpage, $topass, '', true);
if (!($res = @mysql_query($query))) { trigger_error(mysql_error(), E_USER_ERROR); } if (mysql_num_rows($res)) { $user_ids = mysql_result($res, 0, 0); $user_ids = explode(',', $user_ids); $key = array_search($uid, $user_ids) + $_GET['go']; if (isset($user_ids[$key])) { $uid = (int) $user_ids[$key]; } } } } else { $topass['message']['type'] = MESSAGE_ERROR; $topass['message']['text'] = 'No user selected'; redirect2page('admin/cpanel.php', $topass); } $config = get_site_option(array('datetime_format', 'time_offset'), 'def_user_prefs'); $categs = array(); $account = array(); $query = "SELECT `fk_user_id`,`_photo`,`_user`,`alt_url`,`rad_longitude`,`rad_latitude`,`score`,`status`,`reject_reason`,UNIX_TIMESTAMP(`date_added`) as `date_added`,`del`"; foreach ($_pfields as $field_id => $field) { // if ($field->config['visible']) { $query .= ',' . $field->query_select(); // } } $query .= " FROM `{$dbtable_prefix}user_profiles` WHERE `fk_user_id`={$uid}"; if (!($res = @mysql_query($query))) { trigger_error(mysql_error(), E_USER_ERROR); } if (mysql_num_rows($res)) {
require_once '../../includes/common.inc.php'; require_once '../../includes/admin_functions.inc.php'; allow_dept(DEPT_ADMIN); $qs = ''; $qs_sep = ''; $topass = array(); $country_id = isset($_GET['country_id']) ? (int) $_GET['country_id'] : 0; $query = "DELETE FROM `{$dbtable_prefix}loc_cities` WHERE `fk_country_id`={$country_id}"; if (!($res = @mysql_query($query))) { trigger_error(mysql_error(), E_USER_ERROR); } $query = "DELETE FROM `{$dbtable_prefix}loc_states` WHERE `fk_country_id`={$country_id}"; if (!($res = @mysql_query($query))) { trigger_error(mysql_error(), E_USER_ERROR); } $query = "DELETE FROM `{$dbtable_prefix}loc_countries` WHERE `country_id`={$country_id}"; if (!($res = @mysql_query($query))) { trigger_error(mysql_error(), E_USER_ERROR); } $topass['message']['type'] = MESSAGE_INFO; $topass['message']['text'] = 'Country and all its states and cities deleted.'; if (isset($_GET['o'])) { $qs .= $qs_sep . 'o=' . $_GET['o']; $qs_sep = '&'; } if (isset($_GET['r'])) { $qs .= $qs_sep . 'r=' . $_GET['r']; $qs_sep = '&'; } redirect2page('admin/loc_countries.php', $topass, $qs);
} elseif ($rsrow['status'] == STAT_APPROVED) { $rsrow['approved'] = true; } if (empty($rsrow['del'])) { unset($rsrow['del']); } $loop[] = $rsrow; } $_GET = array('search' => $output['search_md5'], 'sortby' => $sortby); $output['pager2'] = pager($totalrows, $o, $r); $output['totalrows'] = $totalrows; } if (empty($loop)) { $topass['message']['type'] = MESSAGE_INFO; $topass['message']['text'] = 'No members found meeting your search criteria.'; redirect2page('admin/member_search.php', $topass); } $output['return2me'] = 'member_results.php'; if (!empty($output['search_md5'])) { $output['return2me'] .= '?search=' . $output['search_md5'] . "&sortby={$sortby}&o={$o}&r={$r}"; } elseif (!empty($_SERVER['QUERY_STRING'])) { $output['return2me'] .= '?' . $_SERVER['QUERY_STRING']; } $output['return2me'] = rawurlencode($output['return2me']); $tpl->set_file('content', 'member_results.html'); $tpl->set_loop('loop', $loop); $tpl->set_var('output', $output); $tpl->process('content', 'content', TPL_LOOP | TPL_NOLOOP | TPL_OPTLOOP | TPL_OPTIONAL); $tpl->drop_loop('loop'); unset($loop); $tplvars['title'] = 'Search Results';
$new_levels[$levels[$l]] += $memberships[$m]; } } } // save in db foreach ($new_levels as $k => $v) { $query = "UPDATE `{$dbtable_prefix}access_levels` SET `level`='{$v}' WHERE `level_id`={$k}"; if (!($res = @mysql_query($query))) { trigger_error(mysql_error(), E_USER_ERROR); } } // save in file require_once _BASEPATH_ . '/includes/classes/fileop.class.php'; require_once _BASEPATH_ . '/includes/access_levels.inc.php'; $query = "SELECT `level_code`,`level` FROM `{$dbtable_prefix}access_levels`"; if (!($res = @mysql_query($query))) { trigger_error(mysql_error(), E_USER_ERROR); } $towrite = "<?php\n\$GLOBALS['_access_level']=array('auth'=>65534,'all'=>65535"; while ($rsrow = mysql_fetch_row($res)) { $towrite .= ",'" . $rsrow[0] . "'=>" . $rsrow[1]; } $towrite .= ");\n"; $towrite .= '$GLOBALS[\'_allow_na\']=' . var_export($GLOBALS['_allow_na'], true) . ";\n"; $fileop = new fileop(); $fileop->file_put_contents(_BASEPATH_ . '/includes/access_levels.inc.php', $towrite); $topass['message']['type'] = MESSAGE_INFO; $topass['message']['text'] = 'Access levels changed.'; } redirect2page('admin/access_levels.php', $topass, $qs);
$val_dif = $max_val - $min_val; $yscale = 7; for ($i = 4; $i <= 10; ++$i) { // find a divisor if ($val_dif % $i == 0) { $yscale = $i; break; } } $graph->setProp('scale', 'date'); $graph->setProp('pointstyle', 7); $graph->setColor('pointcolor', -1, 255, 0, 0); $graph->setProp('startdate', (int) $min_time); $graph->setProp('enddate', (int) $max_time); $graph->setProp('xsclpts', 6); $graph->setProp('xincpts', 6); $graph->setProp('ysclpts', $yscale); $graph->setProp('yincpts', $yscale); if ($max_time - $min_time <= 365 * 24 * 60 * 60) { $graph->setProp('dateformat', 1); } elseif ($max_time - $min_time > 365 * 24 * 60 * 60) { $graph->setProp('dateformat', 1); } $graph->setProp('showyear', true); $graph->graph(); $graph->showGraph(_BASEPATH_ . '/tmp/admin/' . $type . $start_date . $end_date . '.png'); // $graph->showGraph(); } } redirect2page('tmp/admin/' . $type . $start_date . $end_date . '.png'); }
if (!empty($_SERVER['QUERY_STRING'])) { $output['return2me'] .= '?' . $_SERVER['QUERY_STRING']; } $output['return2me'] = rawurlencode($output['return2me']); $tpl->set_file('content', 'message_read.html'); $tpl->set_var('output', $output); $tpl->process('content', 'content', TPL_OPTIONAL); if ($output['is_read'] == 0) { $query = "UPDATE `{$dbtable_prefix}user_{$mailbox_table}` SET `is_read`=1 WHERE `mail_id`=" . $output['mail_id'] . " AND `fk_user_id`='" . $_SESSION[_LICENSE_KEY_]['user']['user_id'] . "'"; if (!($res = @mysql_query($query))) { trigger_error(mysql_error(), E_USER_ERROR); } } } else { $topass['message']['type'] = MESSAGE_ERROR; $topass['message']['text'] = $GLOBALS['_lang'][5]; redirect2page('mailbox.php'); } } else { $topass['message']['type'] = MESSAGE_ERROR; $topass['message']['text'] = $GLOBALS['_lang'][5]; redirect2page('mailbox.php'); } $tplvars['title'] = $GLOBALS['_lang'][136]; $tplvars['page_title'] = $GLOBALS['_lang'][136]; $tplvars['page'] = 'message_read'; $tplvars['css'] = 'message_read.css'; if (is_file('message_read_left.php')) { include 'message_read_left.php'; } include 'frame.php';
require_once '../../includes/common.inc.php'; require_once '../../includes/admin_functions.inc.php'; allow_dept(DEPT_ADMIN); $error = false; $qs = ''; $qs_sep = ''; $topass = array(); $word_id = isset($_GET['word_id']) ? (int) $_GET['word_id'] : 0; $query = "DELETE FROM `{$dbtable_prefix}banned_words` WHERE `word_id`={$word_id}"; if (!($res = @mysql_query($query))) { trigger_error(mysql_error(), E_USER_ERROR); } if (!$error) { // save in file require_once _BASEPATH_ . '/includes/classes/fileop.class.php'; $query = "SELECT `word` FROM `{$dbtable_prefix}banned_words`"; if (!($res = @mysql_query($query))) { trigger_error(mysql_error(), E_USER_ERROR); } $towrite = array(); for ($i = 0; $i < mysql_num_rows($res); ++$i) { $towrite[] = mysql_result($res, $i, 0); } $towrite = '<?php $_banned_words=' . var_export($towrite, true) . ';'; $fileop = new fileop(); $fileop->file_put_contents(_BASEPATH_ . '/includes/banned_words.inc.php', $towrite); } $topass['message']['type'] = MESSAGE_INFO; $topass['message']['text'] = 'Word deleted.'; redirect2page('admin/banned_words.php', $topass, $qs);
Copyright by: DateMill (http://www.datemill.com) Support at: http://www.datemill.com/forum ******************************************************************************* * See the "docs/licenses/etano.txt" file for license. * ******************************************************************************/ require '../includes/common.inc.php'; require _BASEPATH_ . '/includes/user_functions.inc.php'; require _BASEPATH_ . '/skins_site/' . get_my_skin() . '/lang/join.inc.php'; $qs = 'type=signup'; $qssep = '&'; $uid = sanitize_and_format_gpc($_GET, 'uid', TYPE_INT, 0, 0); if (!empty($uid)) { $query = "SELECT `" . USER_ACCOUNT_ID . "` as `uid`,`email`,`temp_pass` FROM `" . USER_ACCOUNTS_TABLE . "` WHERE `" . USER_ACCOUNT_ID . "`={$uid}"; if (!($res = @mysql_query($query))) { trigger_error(mysql_error(), E_USER_ERROR); } if (mysql_num_rows($res)) { $input = mysql_fetch_assoc($res); if (empty($input['temp_pass'])) { $input['temp_pass'] = gen_pass(7); $query = "UPDATE `" . USER_ACCOUNTS_TABLE . "` SET `temp_pass`='" . $input['temp_pass'] . "' WHERE `" . USER_ACCOUNT_ID . "`={$uid}"; if (!($res = @mysql_query($query))) { trigger_error(mysql_error(), E_USER_ERROR); } } send_template_email($input['email'], sprintf($GLOBALS['_lang'][70], _SITENAME_), 'confirm_reg.html', get_my_skin(), $input); $qs .= $qssep . 'email=' . $input['email']; } } redirect2page('info.php', array(), $qs);
<?php /****************************************************************************** Etano =============================================================================== File: admin/processors/admin_accounts_delete.php $Revision$ Software by: DateMill (http://www.datemill.com) Copyright by: DateMill (http://www.datemill.com) Support at: http://www.datemill.com/forum ******************************************************************************* * See the "docs/licenses/etano.txt" file for license. * ******************************************************************************/ require_once '../../includes/common.inc.php'; require_once '../../includes/admin_functions.inc.php'; allow_dept(DEPT_ADMIN); $qs = ''; $qs_sep = ''; $topass = array(); $admin_id = isset($_GET['admin_id']) ? (int) $_GET['admin_id'] : 0; $query = "DELETE FROM `{$dbtable_prefix}admin_accounts` WHERE `admin_id`={$admin_id}"; if (!($res = @mysql_query($query))) { trigger_error(mysql_error(), E_USER_ERROR); } $topass['message']['type'] = MESSAGE_INFO; $topass['message']['text'] = 'Account removed successfully.'; redirect2page('admin/admin_accounts.php', $topass, $qs);
$rsrow['pending'] = true; } elseif ($rsrow['status'] == STAT_EDIT) { $rsrow['need_edit'] = true; } elseif ($rsrow['status'] == STAT_APPROVED) { $rsrow['approved'] = true; } $loop[] = $rsrow; } $_GET = array('search' => $output['search_md5']); $output['pager2'] = pager($totalrows, $o, $r); $output['totalrows'] = $totalrows; } if (empty($loop)) { $topass['message']['type'] = MESSAGE_INFO; $topass['message']['text'] = 'No photos found meeting your search criteria.'; redirect2page('admin/photo_search.php', $topass); } $output['pic_width'] = get_site_option('pic_width', 'core_photo'); $output['return2me'] = 'photo_results.php'; if (!empty($output['search_md5'])) { $output['return2me'] .= '?search=' . $output['search_md5']; } elseif (!empty($_SERVER['QUERY_STRING'])) { $output['return2me'] .= '?' . $_SERVER['QUERY_STRING']; } $output['return2me'] = rawurlencode($output['return2me']); $tpl->set_file('content', 'photo_results.html'); $tpl->set_loop('loop', $loop); $tpl->set_var('output', $output); $tpl->process('content', 'content', TPL_LOOP | TPL_NOLOOP | TPL_OPTLOOP | TPL_OPTIONAL); $tpl->drop_loop('loop'); unset($loop);
function check_login_member($level_code) { // is this user banned? global $_bans; if (isset($_bans[_PUNISH_BANUSER_]) && in_array($_SESSION[_LICENSE_KEY_]['user']['user'], $_bans[_PUNISH_BANUSER_])) { die; } elseif (isset($_bans[_PUNISH_BANIP_]) && in_array(sprintf('%u', ip2long($_SERVER['REMOTE_ADDR'])), $_bans[_PUNISH_BANIP_])) { die; } elseif (isset($_bans[_PUNISH_BANEMAIL_]) && in_array($_SESSION[_LICENSE_KEY_]['user']['email'], $_bans[_PUNISH_BANEMAIL_])) { die; } global $dbtable_prefix; if (!isset($GLOBALS['_access_level'][$level_code])) { $GLOBALS['_access_level'][$level_code] = 0; // no access allowed if level not defined } // ask visitors to login if they land on a page that doesn't allow guests if (!($GLOBALS['_access_level'][$level_code] & 1) && empty($_SESSION[_LICENSE_KEY_]['user']['user_id'])) { $_SESSION[_LICENSE_KEY_]['user']['timedout'] = array('url' => (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on' ? 'https://' : 'http://') . $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF'], 'method' => $_SERVER['REQUEST_METHOD'], 'qs' => $_SERVER['REQUEST_METHOD'] == 'GET' ? $_GET : $_POST); redirect2page('login.php'); } // unset($_SESSION[_LICENSE_KEY_]['user']['timedout']); if (($GLOBALS['_access_level'][$level_code] & $_SESSION[_LICENSE_KEY_]['user']['membership']) != $_SESSION[_LICENSE_KEY_]['user']['membership']) { redirect2page('info.php', array(), 'type=access'); // no access to this feature } if (!empty($_SESSION[_LICENSE_KEY_]['user']['user_id']) && $_SESSION[_LICENSE_KEY_]['user']['pstat'] < STAT_APPROVED && empty($GLOBALS['_allow_na'][$level_code])) { redirect2page('info.php', array(), 'type=profile_na'); // no access to this feature until the profile gets approved } $user_id = !empty($_SESSION[_LICENSE_KEY_]['user']['user_id']) ? $_SESSION[_LICENSE_KEY_]['user']['user_id'] : 0; if (USE_DB_SESSIONS == 0) { $now = gmdate('YmdHis'); $query = "UPDATE `{$dbtable_prefix}online` SET `last_activity`='{$now}' WHERE `fk_user_id`={$user_id} AND `sess`='" . session_id() . "'"; if (!($res = @mysql_query($query))) { trigger_error(mysql_error(), E_USER_ERROR); } if (!mysql_affected_rows()) { $query = "REPLACE INTO `{$dbtable_prefix}online` SET `fk_user_id`={$user_id},`sess`='" . session_id() . "',`last_activity`='{$now}'"; if (!($res = @mysql_query($query))) { trigger_error(mysql_error(), E_USER_ERROR); } } } // log and rate limit $log['level'] = $level_code; $log['user_id'] = $user_id; $log['sess'] = session_id(); $log['user'] = $_SESSION[_LICENSE_KEY_]['user']['user']; $log['membership'] = $_SESSION[_LICENSE_KEY_]['user']['membership']; $log['ip'] = sprintf('%u', ip2long($_SERVER['REMOTE_ADDR'])); if ($level_code != 'all' && $level_code != 'auth') { rate_limiter($log); log_user_action($log); } }
File: admin/processors/error_log_delete.php $Revision$ Software by: DateMill (http://www.datemill.com) Copyright by: DateMill (http://www.datemill.com) Support at: http://www.datemill.com/forum ******************************************************************************* * See the "docs/licenses/etano.txt" file for license. * ******************************************************************************/ require_once '../../includes/common.inc.php'; require_once '../../includes/admin_functions.inc.php'; allow_dept(DEPT_ADMIN); $qs = ''; $qs_sep = ''; $topass = array(); $log_id = isset($_GET['log_id']) ? (int) $_GET['log_id'] : 0; $act = isset($_GET['act']) ? $_GET['act'] : ''; if ($act == 'all') { $query = "TRUNCATE TABLE `{$dbtable_prefix}error_log`"; if (!($res = @mysql_query($query))) { trigger_error(mysql_error(), E_USER_ERROR); } } elseif ($act == 'one') { $query = "DELETE FROM `{$dbtable_prefix}error_log` WHERE `log_id`={$log_id}"; if (!($res = @mysql_query($query))) { trigger_error(mysql_error(), E_USER_ERROR); } } $topass['message']['type'] = MESSAGE_INFO; $topass['message']['text'] = 'Ok'; redirect2page('admin/error_log.php', $topass, $qs);
$_SESSION[_LICENSE_KEY_]['admin'] = array_merge(isset($_SESSION[_LICENSE_KEY_]['admin']) ? $_SESSION[_LICENSE_KEY_]['admin'] : array(), $admin); $_SESSION[_LICENSE_KEY_]['admin']['def_skin'] = get_default_skin_dir(); if (isset($_SESSION[_LICENSE_KEY_]['admin']['timedout']['url'])) { $next = $_SESSION[_LICENSE_KEY_]['admin']['timedout']; unset($_SESSION[_LICENSE_KEY_]['admin']['timedout']); if ($next['method'] == 'GET') { if (!empty($next['qs'])) { $next['url'] = $next['url'] . '?' . array2qs($next['qs']); } redirect2page($next['url'], array(), '', true); } else { post2page($next['url'], $next['qs'], true); } } else { redirect2page('admin/cpanel.php', $topass); } } else { $topass['message']['type'] = MESSAGE_ERROR; $topass['message']['text'] = 'Your account has been suspended'; } } else { $topass['message']['type'] = MESSAGE_ERROR; $topass['message']['text'] = 'Invalid username or pass. Please try again!'; } } else { $topass['message']['type'] = MESSAGE_ERROR; $topass['message']['text'] = 'Invalid username or pass. Please try again!'; } } redirect2page('admin/index.php', $topass);
<?php /****************************************************************************** Etano =============================================================================== File: admin/index.php $Revision$ Software by: DateMill (http://www.datemill.com) Copyright by: DateMill (http://www.datemill.com) Support at: http://www.datemill.com/forum ******************************************************************************* * See the "docs/licenses/etano.txt" file for license. * ******************************************************************************/ require_once '../includes/common.inc.php'; if (!isset($_SESSION[_LICENSE_KEY_]['admin']['admin_id'])) { if (!empty($_SESSION['topass'])) { $topass = $_SESSION['topass']; $_SESSION['topass'] = array(); } $message = isset($topass['message']) ? $topass['message'] : ''; $tpl = new phemplate('skin/', 'remove_nonjs'); $tpl->set_file('frame', 'index.html'); $tpl->set_var('title', 'Admin panel login'); $tpl->set_var('baseurl', _BASEURL_); $tpl->set_var('message', $message); $tpl->set_var('tplvars', $tplvars); echo $tpl->process('', 'frame', TPL_FINISH); } else { redirect2page('admin/cpanel.php'); }
require_once '../../includes/common.inc.php'; require_once '../../includes/admin_functions.inc.php'; allow_dept(DEPT_ADMIN); $qs = ''; $qs_sep = ''; $topass = array(); $rate_id = isset($_GET['rate_id']) ? (int) $_GET['rate_id'] : 0; $query = "SELECT `fk_lk_id_error_message` FROM `{$dbtable_prefix}rate_limiter` WHERE `rate_id`={$rate_id}"; if (!($res = @mysql_query($query))) { trigger_error(mysql_error(), E_USER_ERROR); } if (mysql_num_rows($res)) { $lk_id = mysql_result($res, 0, 0); $query = "DELETE FROM `{$dbtable_prefix}lang_strings` WHERE `fk_lk_id`={$lk_id}"; if (!($res = @mysql_query($query))) { trigger_error(mysql_error(), E_USER_ERROR); } $query = "DELETE FROM `{$dbtable_prefix}lang_keys` WHERE `lk_id`={$lk_id}"; if (!($res = @mysql_query($query))) { trigger_error(mysql_error(), E_USER_ERROR); } $query = "DELETE FROM `{$dbtable_prefix}rate_limiter` WHERE `rate_id`={$rate_id}"; if (!($res = @mysql_query($query))) { trigger_error(mysql_error(), E_USER_ERROR); } regenerate_langstrings_array(); $topass['message']['type'] = MESSAGE_INFO; $topass['message']['text'] = 'Limit removed successfully.'; } redirect2page('admin/rate_limiter.php', $topass, $qs);
trigger_error(mysql_error(), E_USER_ERROR); } $query = "DELETE FROM `{$dbtable_prefix}loc_states` WHERE `state_id`={$state_id}"; if (!($res = @mysql_query($query))) { trigger_error(mysql_error(), E_USER_ERROR); } $query = "UPDATE `{$dbtable_prefix}loc_countries` SET `num_states`=`num_states`-1 WHERE `country_id`={$country_id}"; if (!($res = @mysql_query($query))) { trigger_error(mysql_error(), E_USER_ERROR); } $topass['message']['type'] = MESSAGE_INFO; $topass['message']['text'] = 'State and all its cities deleted.'; if (isset($_GET['o'])) { $qs .= $qs_sep . 'o=' . $_GET['o']; $qs_sep = '&'; } if (isset($_GET['r'])) { $qs .= $qs_sep . 'r=' . $_GET['r']; $qs_sep = '&'; } if (isset($_GET['co'])) { $qs .= $qs_sep . 'co=' . $_GET['co']; $qs_sep = '&'; } if (isset($_GET['cr'])) { $qs .= $qs_sep . 'cr=' . $_GET['cr']; $qs_sep = '&'; } $qs .= $qs_sep . 'country_id=' . $country_id; redirect2page('admin/loc_states.php', $topass, $qs);
// with this if() we target date_format because an empty date_format // could break all dates on the site. if ($types[$module_code][$config_option] != FIELD_TEXTFIELD || !empty($config_value)) { $query = "REPLACE INTO `{$dbtable_prefix}user_settings2` SET `fk_user_id`='" . $_SESSION[_LICENSE_KEY_]['user']['user_id'] . "',`config_option`='{$config_option}',`config_value`='{$config_value}',`fk_module_code`='{$module_code}'"; if (isset($_on_before_update)) { for ($i = 0; isset($_on_before_update[$i]); ++$i) { call_user_func($_on_before_update[$i]); } } if (!($res = @mysql_query($query))) { trigger_error(mysql_error(), E_USER_ERROR); } if (isset($_on_after_update)) { for ($i = 0; isset($_on_after_update[$i]); ++$i) { call_user_func($_on_after_update[$i]); } } } } } // update the prefs stored in the session $_SESSION[_LICENSE_KEY_]['user']['prefs']['date_format'] = $input['def_user_prefs']['date_format']; $_SESSION[_LICENSE_KEY_]['user']['prefs']['datetime_format'] = $input['def_user_prefs']['datetime_format']; $_SESSION[_LICENSE_KEY_]['user']['prefs']['time_offset'] = $input['def_user_prefs']['time_offset']; $_SESSION[_LICENSE_KEY_]['user']['prefs']['rate_my_photos'] = $input['def_user_prefs']['rate_my_photos']; $_SESSION[_LICENSE_KEY_]['user']['prefs']['profile_comments'] = $input['def_user_prefs']['profile_comments']; $topass['message']['type'] = MESSAGE_INFO; $topass['message']['text'] = $GLOBALS['_lang'][80]; } redirect2page('my_settings.php', $topass, $qs);
Etano =============================================================================== File: admin/processors/user_sentmail_delete.php $Revision$ Software by: DateMill (http://www.datemill.com) Copyright by: DateMill (http://www.datemill.com) Support at: http://www.datemill.com/forum ******************************************************************************* * See the "docs/licenses/etano.txt" file for license. * ******************************************************************************/ require_once '../../includes/common.inc.php'; require_once '../../includes/admin_functions.inc.php'; allow_dept(DEPT_ADMIN); $qs = ''; $qs_sep = ''; $topass = array(); $uid = isset($_GET['uid']) ? (int) $_GET['uid'] : 0; $return = sanitize_and_format_gpc($_GET, 'return', TYPE_STRING, $__field2format[FIELD_TEXTFIELD], ''); $query = "DELETE FROM `{$dbtable_prefix}user_inbox` WHERE `fk_user_id_other`={$uid}"; if (!($res = @mysql_query($query))) { trigger_error(mysql_error(), E_USER_ERROR); } $numrows = mysql_affected_rows(); $topass['message']['type'] = MESSAGE_INFO; $topass['message']['text'] = sprintf('%s messages sent by this member were deleted', $numrows); $nextpage = _BASEURL_ . '/admin/member_search.php'; if (!empty($return)) { $nextpage = _BASEURL_ . '/admin/' . $return; } redirect2page($nextpage, $topass, $qs, true);
trigger_error(mysql_error(), E_USER_ERROR); } $query = "DELETE FROM `{$dbtable_prefix}modules` WHERE `module_code`='{$module_code}'"; if (!($res = @mysql_query($query))) { trigger_error(mysql_error(), E_USER_ERROR); } $query = "DELETE FROM `{$dbtable_prefix}lang_strings` WHERE `skin`='{$module_code}'"; if (!($res = @mysql_query($query))) { trigger_error(mysql_error(), E_USER_ERROR); } if (!empty($config['is_default'])) { $query = "SELECT `module_code` FROM `{$dbtable_prefix}modules` WHERE `module_type`=" . MODULE_SKIN . " LIMIT 1"; if (!($res = @mysql_query($query))) { trigger_error(mysql_error(), E_USER_ERROR); } if (mysql_num_rows($res)) { $module_code = mysql_result($res, 0, 0); set_site_option('is_default', $module_code, 1); } } require_once '../../includes/classes/fileop.class.php'; $fileop = new fileop(); $fileop->delete(_BASEPATH_ . '/skins_site/' . $config['skin_dir']); $topass['message']['type'] = MESSAGE_INFO; $topass['message']['text'] = 'Skin deleted.'; } else { $topass['message']['type'] = MESSAGE_ERROR; $topass['message']['text'] = 'You can\'t delete the last skin of the site!'; } redirect2page('admin/site_skins.php', $topass, $qs);
} $query = substr($query, 0, -1); if (!($res = @mysql_query($query))) { trigger_error(mysql_error(), E_USER_ERROR); } if (mysql_affected_rows()) { $topass['message']['type'] = MESSAGE_INFO; $topass['message']['text'] = 'Account added.'; } else { $topass['message']['type'] = MESSAGE_ERROR; $topass['message']['text'] = 'Error: account not added.'; } } } else { $nextpage = 'admin/admin_accounts_addedit.php'; // you must re-read all textareas from $_POST like this: // $input['x']=addslashes_mq($_POST['x']); $input = sanitize_and_format($input, TYPE_STRING, FORMAT_HTML2TEXT_FULL | FORMAT_STRIPSLASH); $topass['input'] = $input; } if (isset($_POST['o'])) { $qs .= $qs_sep . 'o=' . $_POST['o']; $qs_sep = '&'; } if (isset($_POST['r'])) { $qs .= $qs_sep . 'r=' . $_POST['r']; $qs_sep = '&'; } } redirect2page($nextpage, $topass, $qs);
$query = "SELECT `dbfield`,`field_type` FROM `{$dbtable_prefix}profile_fields2` WHERE `searchable`=1 AND `for_basic`=1 ORDER BY `order_num`"; if (!($res = @mysql_query($query))) { trigger_error(mysql_error(), E_USER_ERROR); } $fields = array(); // this should be rewritten with the new pfields system... while ($rsrow = mysql_fetch_assoc($res)) { if ($rsrow['field_type'] == 'field_location' || $rsrow['field_type'] == 'field_loc_req') { $fields[] = $rsrow['dbfield'] . '_country'; } elseif ($rsrow['field_type'] == 'field_mchecks') { } else { $fields[] = $rsrow['dbfield']; } } $query = "ALTER TABLE `{$dbtable_prefix}user_profiles` DROP INDEX `searchkey`"; @mysql_query($query); if (!empty($fields)) { $query = "ALTER TABLE `{$dbtable_prefix}user_profiles` ADD INDEX `searchkey` (`" . join("`,`", $fields) . "`)"; if (!($res = @mysql_query($query))) { trigger_error(mysql_error(), E_USER_ERROR); } } unset($GLOBALS['_pfields'], $GLOBALS['_pcats'], $GLOBALS['basic_search_fields']); require _BASEPATH_ . '/skins_site/' . $def_skin . '/lang/global.inc.php'; require _BASEPATH_ . '/includes/fields.inc.php'; regenerate_skin_cache(); } $topass['message']['type'] = MESSAGE_INFO; $topass['message']['text'] = 'Field and category changes applied successfully.'; redirect2page('admin/profile_fields.php', $topass);
$topass['message']['type'] = MESSAGE_ERROR; $topass['message']['text'] = 'File is not a valid Etano package'; } } if (isset($p) && $p->error && !empty($p->manual_actions)) { $tpl->set_file('content', 'package_install.html'); $tpl->set_loop('manual_actions', $p->manual_actions); $output['f'] = $file; $output['finish'] = $install_index; $output['show_finish'] = $show_finish; $tpl->set_var('output', $output); $tpl->process('content', 'content', TPL_LOOP | TPL_OPTIONAL); $tplvars['title'] = 'Package Manager'; $tplvars['page'] = 'package_install'; $tplvars['css'] = 'package_install.css'; include 'frame.php'; } elseif ($ui_request) { $tpl->set_file('content', 'package_ui.html'); $tpl->set_var('output', $p->ui); $tpl->process('content', 'content'); $tplvars['title'] = 'Package Manager'; $tplvars['page'] = 'package_install'; $tplvars['css'] = 'package_install.css'; include 'frame.php'; } else { if (!$error) { $topass['message']['type'] = MESSAGE_INFO; $topass['message']['text'] = 'Package installed successfully'; } redirect2page('admin/packages.php', $topass); }
$folder_id = isset($_GET['fid']) ? (int) $_GET['fid'] : 0; $query = "UPDATE `{$dbtable_prefix}user_inbox` SET `fk_folder_id`=" . FOLDER_INBOX . ", `del`=1 WHERE `fk_user_id`='" . $_SESSION[_LICENSE_KEY_]['user']['user_id'] . "' AND `fk_folder_id`={$folder_id}"; if (!($res = @mysql_query($query))) { trigger_error(mysql_error(), E_USER_ERROR); } $query = "DELETE FROM `{$dbtable_prefix}message_filters` WHERE `fk_user_id`='" . $_SESSION[_LICENSE_KEY_]['user']['user_id'] . "' AND `fk_folder_id`={$folder_id}"; if (!($res = @mysql_query($query))) { trigger_error(mysql_error(), E_USER_ERROR); } $query = "DELETE FROM `{$dbtable_prefix}user_folders` WHERE `folder_id`={$folder_id} AND `fk_user_id`='" . $_SESSION[_LICENSE_KEY_]['user']['user_id'] . "'"; if (isset($_on_before_delete)) { for ($i = 0; isset($_on_before_delete[$i]); ++$i) { call_user_func($_on_before_delete[$i]); } } if (!($res = @mysql_query($query))) { trigger_error(mysql_error(), E_USER_ERROR); } $query = "UPDATE `{$dbtable_prefix}user_inbox` SET `del`=1 WHERE `fk_user_id`='" . $_SESSION[_LICENSE_KEY_]['user']['user_id'] . "' AND `fk_folder_id`={$folder_id}"; if (!($res = @mysql_query($query))) { trigger_error(mysql_error(), E_USER_ERROR); } $topass['message']['type'] = MESSAGE_INFO; $topass['message']['text'] = $GLOBALS['_lang'][55]; if (isset($_on_after_delete)) { for ($i = 0; isset($_on_after_delete[$i]); ++$i) { call_user_func($_on_after_delete[$i]); } } redirect2page('folders.php', $topass, $qs);
$categs[count($categs) - 1]['class'] = 'last'; // get some friends $loop_friends = get_network_members($output['uid'], NET_FRIENDS, 4); if (!empty($loop_friends)) { $loop_friends = $user_cache->get_cache_tpl($loop_friends, 'result_user'); } unset($user_cache); // comments $loop_comments = create_comments_loop('user', $output['uid'], $output); $output['pic_width'] = get_site_option('pic_width', 'core_photo'); $tplvars['title'] = sprintf($GLOBALS['_lang'][152], $output['user']); $tplvars['page_title'] = $output['user']; } else { $topass['message']['type'] = MESSAGE_ERROR; $topass['message']['text'] = $GLOBALS['_lang'][7]; redirect2page('info.php', $topass); } $output['lang_273'] = sanitize_and_format($GLOBALS['_lang'][273], TYPE_STRING, $__field2format[TEXT_DB2DISPLAY]); $output['lang_274'] = sanitize_and_format($GLOBALS['_lang'][274], TYPE_STRING, $__field2format[TEXT_DB2DISPLAY]); $output['lang_256'] = sanitize_and_format($GLOBALS['_lang'][256], TYPE_STRING, $__field2format[TEXT_DB2DISPLAY]); $output['return2me'] = 'profile.php'; if (!empty($_SERVER['QUERY_STRING'])) { $output['return2me'] .= '?' . $_SERVER['QUERY_STRING']; } $output['return2me'] = rawurlencode($output['return2me']); $tpl->set_file('content', 'profile.html'); $tpl->set_var('output', $output); $tpl->set_var('tplvars', $tplvars); $tpl->set_loop('categs', $categs); $tpl->set_loop('user_photos', $user_photos); $tpl->set_loop('loop_comments', $loop_comments);
unset($_SESSION['topass']['input']); if ($agree) { $output['agree'] = 'checked="checked"'; } } elseif (!empty($_GET['p'])) { $page = (int) $_GET['p']; } foreach ($_pfields as $field_id => $field) { if (isset($field->config['reg_page']) && $field->config['reg_page'] == $page) { $my_fields[] = $field_id; $_pfields[$field_id]->set_value($output, false); } } // no landing on 2+ join pages. if ($page > 1 && empty($_SESSION[_LICENSE_KEY_]['user']['reg_id'])) { redirect2page('join.php'); } $loop = array(); $j = 0; for ($i = 0; isset($my_fields[$i]); ++$i) { $field =& $_pfields[$my_fields[$i]]; $loop[$i]['label'] = $field->config['label']; $loop[$i]['dbfield'] = $field->config['dbfield']; $loop[$i]['required'] = isset($field->config['required']) ? true : false; $loop[$i]['help_text'] = $field->config['help_text']; $loop[$i]['js'] = $field->edit_js(); $loop[$i]['field'] = $field->edit($i + 6); if (isset($output['error_' . $field->config['dbfield']])) { $loop[$j]['class_error'] = $output['error_' . $field->config['dbfield']]; unset($output['error_' . $field->config['dbfield']]); }
<?php /****************************************************************************** Etano =============================================================================== File: admin/processors/subscriptions_auto_delete.php $Revision$ Software by: DateMill (http://www.datemill.com) Copyright by: DateMill (http://www.datemill.com) Support at: http://www.datemill.com/forum ******************************************************************************* * See the "docs/licenses/etano.txt" file for license. * ******************************************************************************/ require_once '../../includes/common.inc.php'; require_once '../../includes/admin_functions.inc.php'; allow_dept(DEPT_ADMIN); $qs = ''; $qs_sep = ''; $topass = array(); $asubscr_id = isset($_GET['asubscr_id']) ? (int) $_GET['asubscr_id'] : 0; $query = "DELETE FROM `{$dbtable_prefix}subscriptions_auto` WHERE `asubscr_id`={$asubscr_id}"; if (!($res = @mysql_query($query))) { trigger_error(mysql_error(), E_USER_ERROR); } $topass['message']['type'] = MESSAGE_INFO; $topass['message']['text'] = 'Subscription assignment deleted.'; redirect2page('admin/subscriptions_auto.php', $topass, $qs);
} elseif ($rsrow['status'] == STAT_EDIT) { $rsrow['need_edit'] = true; } elseif ($rsrow['status'] == STAT_APPROVED) { $rsrow['approved'] = true; } $rsrow['date_posted'] = strftime($config['datetime_format'], $rsrow['date_posted'] + $config['time_offset']); $loop[] = $rsrow; } $_GET = array('search' => $output['search_md5']); $output['pager2'] = pager($totalrows, $o, $r); $output['totalrows'] = $totalrows; } if (empty($loop)) { $topass['message']['type'] = MESSAGE_INFO; $topass['message']['text'] = 'No blogs found meeting your search criteria.'; redirect2page('admin/blog_search.php', $topass); } $output['return2me'] = 'blog_results.php'; if (!empty($output['search_md5'])) { $output['return2me'] .= '?search=' . $output['search_md5']; } elseif (!empty($_SERVER['QUERY_STRING'])) { $output['return2me'] .= '?' . $_SERVER['QUERY_STRING']; } $output['return2me'] = rawurlencode($output['return2me']); $tpl->set_file('content', 'blog_results.html'); $tpl->set_loop('loop', $loop); $tpl->set_var('output', $output); $tpl->process('content', 'content', TPL_LOOP | TPL_NOLOOP | TPL_OPTLOOP | TPL_OPTIONAL); $tpl->drop_loop('loop'); unset($loop); $tplvars['title'] = 'Blog Search Results';