}
return $r;
}
}
function convert($from, $to, $string)
{
if (function_exists('iconv')) {
return @iconv($from, $to, $string);
} else {
return $string;
}
}
$news_id = intval($_REQUEST['news_id']);
$rss_id = intval($_REQUEST['rss_id']);
$link = parse_url(urldecode($_REQUEST['link']));
$parse = new ParseFilter(array(), array(), 1, 1);
$parse->leech_mode = true;
$rss = $db->super_query("SELECT * FROM " . PREFIX . "_rss WHERE id='{$rss_id}'");
$rss['cookie'] = str_replace("\n", "; ", str_replace("\r", "", stripslashes(rtrim($rss['cookie']))));
$content = get_content($link['scheme'], $link['host'], $link['path'], $link['query'], $rss['cookie']);
$rss['search'] = addcslashes(stripslashes($rss['search']), "[]!-.?*\\()|");
$rss['search'] = str_replace("{get}", "(.*)", $rss['search']);
$rss['search'] = str_replace("{skip}", ".*", $rss['search']);
$rss['search'] = preg_replace("![\n\r\t]!s", "", $rss['search']);
$rss['search'] = preg_replace("!>[ ]{1,}<!s", "><", $rss['search']);
if ($rss['search'] != "" && preg_match("!" . $rss['search'] . "!Us", $content, $found)) {
$temp = array();
for ($i = 1; $i < sizeof($found); $i++) {
$temp[] = $found[$i];
}
$content = implode("", $temp);
public function Add($values_array)
{
if (!in_array($this->member['group'], $this->config['user_int_allow_no_code'])) {
$sec_code_session = $_SESSION['sec_code_session'] != '' ? $_SESSION['sec_code_session'] : false;
$_SESSION['sec_code_session'] = false;
if ($_POST['sec_code'] != $sec_code_session or !$sec_code_session) {
$this->Errors[] = $this->lang['error_code'];
}
}
if (!$GLOBALS['is_logged'] && $this->config['general_allow_reg']) {
$parse = new ParseFilter(array(), array(), 1, 1);
$password1 = $this->base->EscapeString($parse->process($_POST['password1']));
$password2 = $this->base->EscapeString($parse->process($_POST['password2']));
$name = $this->base->EscapeString($parse->process(htmlspecialchars(trim($_POST['name']))));
$email = $this->base->EscapeString($parse->process(htmlspecialchars(trim($_POST['email']))));
$member_id = $GLOBALS['db']->super_query("SELECT * FROM " . USERPREFIX . "_users where name='{$name}' and password='******'");
if ($member_id) {
$this->LoginIn($password1);
$GLOBALS['member_id'] = $member_id;
$this->member['id'] = $member_id['user_id'];
$this->member['name'] = $member_id['name'];
$this->member['group'] = $member_id['user_group'];
$this->member['ip'] = $member_id['logged_ip'];
$this->guest_session = '';
} else {
auto_check_reg($name, $email, $password1, $password2);
}
}
$this->values = $values_array;
$this->CheckError();
require_once ENGINE_DIR . '/car-market/classes/Fields.php';
$xfields = new Fields($this->base, $this);
$this->values['xfields'] = $xfields->EncodeFields($this->values);
$this->Errors = $this->Errors + $xfields->getErrors();
if ($this->Errors) {
return false;
}
if (!$GLOBALS['is_logged'] && $this->config['general_allow_reg']) {
if (intval($GLOBALS['config']['reg_group']) < 3) {
$GLOBALS['config']['reg_group'] = 4;
}
$regpassword = md5(md5($password1));
$GLOBALS['db']->query("INSERT INTO " . USERPREFIX . "_users (name, password, email, reg_date, lastdate, user_group, info, signature, favorites, xfields, logged_ip) VALUES ('{$name}', '{$regpassword}', '{$email}', '{$this->base->timer->cur_time}', '{$this->base->timer->cur_time}', '" . $GLOBALS['config']['reg_group'] . "', '', '', '', '', '" . $this->member['ip'] . "')");
$this->member['id'] = $GLOBALS['db']->insert_id();
$this->member['name'] = $name;
$this->member['group'] = $GLOBALS['config']['reg_group'];
$guest_session = $this->guest_session;
$this->guest_session = '';
$this->LoginIn($password1);
}
// if ($this->values['capacity_motor'] > 1000)
// {
// $this->values['capacity_motor'] = $this->values['capacity_motor']/1000;
// }
$this->PreparationValues();
if (in_array($this->member['group'], $this->config['user_int_allow_change_exp'])) {
if ($this->values['count_day']) {
$this->values['exp_date'] = $this->base->timer->cur_time + (int) $this->values['count_day'] * 24 * 60 * 60;
} else {
$this->values['exp_date'] = 0;
}
} elseif ($this->config['user_int_default_day_count']) {
$this->values['exp_date'] = $this->base->timer->cur_time + (int) $this->config['user_int_default_day_count'] * 24 * 60 * 60;
} else {
$this->values['exp_date'] = 0;
}
if (in_array($this->member['group'], $this->config['user_int_allow_no_moder'])) {
$this->values['allow_site'] = 1;
}
$this->values['guest_session'] = $this->guest_session;
$this->values['add_date'] = $this->values['update_date'] = $this->base->timer->cur_time;
$this->values['author'] = $this->member['name'];
$this->values['author_id'] = $this->member['id'];
$this->values['author_ip'] = $this->member['ip'];
$id = $this->base->Insert('auto_autos', $this->values);
if (!empty($this->values['images'])) {
$this->values['images'] = array_slice($this->values['images'], 0, $this->config['count_photo'][$this->member['group']]);
if ($this->values['images']) {
$this->base->SetWhere('id', $this->values['images'], 'IN', 'auto_images');
if ($this->member['id']) {
$this->base->Update('auto_images', array('auto_id' => $id), array('auto_id' => 0, 'user_id' => $this->member['id']));
} else {
if (!empty($guest_session)) {
$this->base->Update('auto_images', array('auto_id' => $id, 'user_id' => $this->member['id'], 'guest_session' => ''), array('auto_id' => 0, 'guest_session' => $guest_session));
} else {
$this->base->Update('auto_images', array('auto_id' => $id), array('auto_id' => 0, 'guest_session' => $this->guest_session));
}
}
if (!(int) $this->values['main_photo']) {
$this->values['main_photo'] = reset($this->values['images']);
}
$this->base->Update('auto_autos', array('photo' => $this->values['main_photo'], 'photo_count' => count($this->values['images'])), array('id' => $id));
}
}
if (!empty($_FILES['photo']['name'][0]) && $this->UploadPhoto($id)) {
$this->base->Update('auto_autos', array('photo' => $this->values['photo'], 'photo_count' => $this->values['photo_count']), array('id' => $id));
}
if (!empty($this->values['allow_site'])) {
$this->IncrementCounter($this->values['mark_id'], $this->values['model_id']);
Cache::ClearAllCache();
}
if ($this->config['general_inform'] && $this->config['general_email']) {
if ($data = @file_get_contents(ENGINE_DIR . "/car-market/mail.txt")) {
include_once DLE_CLASSES . 'mail.class.php';
$mail = new dle_mail($GLOBALS['config']);
$mail->from = $GLOBALS['config']['admin_mail'];
$data = str_replace("{%site_url%}", $GLOBALS['config']['http_home_url'], $data);
$data = str_replace("{%auto_link%}", $this->tpl->GetUrl(array("action" => 'auto', "id" => $id)), $data);
$mail->send($this->config['general_email'], $this->lang['mail_subj'], $data);
}
}
return $id;
}
//################# Определение групп пользователей
$user_group = get_vars("usergroup");
if (!$user_group) {
$user_group = array();
$db->query("SELECT * FROM " . USERPREFIX . "_usergroups ORDER BY id ASC");
while ($row = $db->get_row()) {
$user_group[$row['id']] = array();
foreach ($row as $key => $value) {
$user_group[$row['id']][$key] = stripslashes($value);
}
}
set_vars("usergroup", $user_group);
$db->free();
}
@header("Content-type: text/html; charset=" . $config['charset']);
$parse = new ParseFilter();
$parse->safe_mode = true;
$parse->allow_url = $user_group[$member_id['user_group']]['allow_url'];
$parse->allow_image = $user_group[$member_id['user_group']]['allow_image'];
$id = intval($_POST['id']);
$text = convert_unicode($_POST['text'], $config['charset']);
$text = $parse->BB_Parse($parse->process(trim($text)), false);
if ($config['allow_complaint_mail']) {
include_once ENGINE_DIR . '/classes/mail.class.php';
$mail = new dle_mail($config);
$lang['mail_complaint_1'] = str_replace("{site}", $config['http_home_url'], $lang['mail_complaint_1']);
}
if ($_POST['action'] == "pm") {
if (!$is_logged) {
die("error");
}
}
} else {
include_once ROOT_DIR . '/language/' . $config['langs'] . '/website.lng';
}
$config['charset'] = $lang['charset'] != '' ? $lang['charset'] : $config['charset'];
require_once ENGINE_DIR . '/classes/parse.class.php';
require_once ENGINE_DIR . '/modules/sitelogin.php';
$area = totranslit($_REQUEST['area'], true, false);
if (!$area) {
$area = "news";
}
$allowed_areas = array('news' => array('comments_table' => 'comments'), 'ajax' => array('comments_table' => 'comments'), 'lastcomments' => array('comments_table' => 'comments'));
if (!is_array($allowed_areas[$area])) {
die("error");
}
$parse = new ParseFilter();
$parse->safe_mode = true;
if (!$is_logged) {
die("error");
}
$id = intval($_REQUEST['id']);
if (!$id) {
die("error");
}
//################# Определение групп пользователей
$user_group = get_vars("usergroup");
if (!$user_group) {
$user_group = array();
$db->query("SELECT * FROM " . USERPREFIX . "_usergroups ORDER BY id ASC");
while ($row = $db->get_row()) {
$user_group[$row['id']] = array();
$ifdelete = $_REQUEST['ifdelete'];
} else {
$ifdelete = "";
}
if (isset($_REQUEST['news_fixed'])) {
$news_fixed = $_REQUEST['news_fixed'];
} else {
$news_fixed = "";
}
if (isset($_REQUEST['search_cat'])) {
$search_cat = intval($_REQUEST['search_cat']);
} else {
$search_cat = "";
}
include_once ENGINE_DIR . '/classes/parse.class.php';
$parse = new ParseFilter(array(), array(), 1, 1);
if ($action == "list") {
$_SESSION['admin_referrer'] = $_SERVER['REQUEST_URI'];
$js_array[] = "engine/skins/calendar.js";
echoheader("editnews", $lang['edit_head']);
$search_field = $db->safesql(trim(htmlspecialchars(stripslashes(urldecode($_REQUEST['search_field'])), ENT_QUOTES, $config['charset'])));
$search_author = $db->safesql(trim(htmlspecialchars(stripslashes(urldecode($_REQUEST['search_author'])), ENT_QUOTES, $config['charset'])));
$fromnewsdate = $db->safesql(trim(htmlspecialchars(stripslashes($_REQUEST['fromnewsdate']), ENT_QUOTES, $config['charset'])));
$tonewsdate = $db->safesql(trim(htmlspecialchars(stripslashes($_REQUEST['tonewsdate']), ENT_QUOTES, $config['charset'])));
$start_from = intval($_REQUEST['start_from']);
$news_per_page = intval($_REQUEST['news_per_page']);
$gopage = intval($_REQUEST['gopage']);
$_REQUEST['news_status'] = intval($_REQUEST['news_status']);
$news_status_sel = array('0' => '', '1' => '', '2' => '');
$news_status_sel[$_REQUEST['news_status']] = 'selected="selected"';
if (!$news_per_page or $news_per_page < 1) {
$row = $db->insert_id();
$db->query("INSERT INTO " . PREFIX . "_post_extras (news_id, allow_rate, votes, user_id) VALUES('{$row}', '{$allow_rating}', '0', '{$member_id['user_id']}')");
$db->query("UPDATE " . USERPREFIX . "_users set news_num=news_num+1 where user_id='{$member_id['user_id']}'");
$db->query("INSERT INTO " . USERPREFIX . "_admin_logs (name, date, ip, action, extras) values ('" . $db->safesql($member_id['name']) . "', '{$_TIME}', '{$_IP}', '1', '{$title}')");
}
if ($id and $lastdate) {
$db->query("UPDATE " . PREFIX . "_rss SET lastdate='{$lastdate}' WHERE id='{$id}'");
}
clear_cache();
msg("info", $lang['addnews_ok'], $lang['rss_added'], "?mod=rss");
}
msg("error", $lang['addnews_error'], $lang['rss_notadded'], "?mod=rss");
} elseif ($_REQUEST['action'] == "news" and $id) {
include_once ENGINE_DIR . '/classes/rss.class.php';
include_once ENGINE_DIR . '/classes/parse.class.php';
$parse = new ParseFilter(array(), array(), 1, 1);
$parse->leech_mode = true;
$rss = $db->super_query("SELECT * FROM " . PREFIX . "_rss WHERE id='{$id}'");
$xml = new xmlParser(stripslashes($rss['url']), $rss['max_news']);
$xml->pre_lastdate = $rss['lastdate'];
$xml->pre_parse($rss['date']);
$i = 0;
foreach ($xml->content as $content) {
if ($rss['text_type']) {
$xml->content[$i]['title'] = $parse->decodeBBCodes($xml->content[$i]['title'], false);
$xml->content[$i]['description'] = $parse->decodeBBCodes($xml->content[$i]['description'], false);
$xml->content[$i]['date'] = date("Y-m-d H:i:s", $xml->content[$i]['date']);
} else {
$xml->content[$i]['title'] = $parse->decodeBBCodes($xml->content[$i]['title'], false);
$xml->content[$i]['description'] = $parse->decodeBBCodes($xml->content[$i]['description'], true, "yes");
$xml->content[$i]['date'] = date("Y-m-d H:i:s", $xml->content[$i]['date']);
=====================================================
Данный код защищен авторскими правами
=====================================================
Файл: addcomments.php
-----------------------------------------------------
Назначение: Добавление комментариев в базу данных
=====================================================
*/
if (!defined('DATALIFEENGINE') or !$config['allow_comments']) {
die("Hacking attempt!");
}
require_once ENGINE_DIR . '/classes/parse.class.php';
if ($config['allow_comments_wysiwyg'] > 0) {
$parse = new ParseFilter(array('div', 'span', 'p', 'br', 'strong', 'em', 'ul', 'li', 'ol', 'b', 'u', 'i', 's'), array(), 0, 1);
} else {
$parse = new ParseFilter();
}
$parse->safe_mode = true;
$parse->allow_url = $user_group[$member_id['user_group']]['allow_url'];
$parse->allow_image = $user_group[$member_id['user_group']]['allow_image'];
$_TIME = time();
$_IP = get_ip();
$name = $db->safesql($parse->process(trim($_POST['name'])));
$not_allow_symbol = array("\"", "`", "\t", '\\n', '\\r', "\n", "\r", '\\', ",", "/", "¬", "#", ";", ":", "~", "[", "]", "{", "}", ")", "(", "*", "^", "%", "\$", "<", ">", "?", "!", '"', "'", " ", "&");
$mail = $db->safesql(trim(str_replace($not_allow_symbol, '', strip_tags(stripslashes($_POST['mail'])))));
$post_id = intval($_POST['post_id']);
$stop = array();
$added_comments_id = 0;
if ($is_logged) {
$name = $db->safesql($member_id['name']);
$mail = $db->safesql($member_id['email']);
\t</div>\t
</div>
</div>
</div>
HTML;
$message = stripslashes($message);
echo <<<HTML
<pre style="display:none;" id="title">{$title}</pre>
<pre style="display:none;" id="message">{$message}</pre>
</body>
</html>
HTML;
} elseif ($action == "preview") {
include_once ENGINE_DIR . '/classes/parse.class.php';
$parse = new ParseFilter(array(), array(), 1, 1);
$title = strip_tags(stripslashes($parse->process($_POST['title'])));
$message = stripslashes($parse->process($_POST['message']));
if ($editor == "wysiwyg") {
$message = $parse->BB_Parse($message);
} else {
$message = $parse->BB_Parse($message, false);
}
echo <<<HTML
<html><title>{$title}</title>
<meta content="text/html; charset={$config['charset']}" http-equiv=Content-Type>
<style type="text/css">
html,body{
height:100%;
margin:0px;
padding: 0px;
$parse->allow_code = false;
$full_story = $db->safesql($parse->BB_Parse($parse->process($_POST['full_story'])));
$short_story = $db->safesql($parse->BB_Parse($parse->process($_POST['short_story'])));
$allow_br = 0;
} else {
$full_story = $db->safesql($parse->BB_Parse($parse->process($_POST['full_story']), false));
$short_story = $db->safesql($parse->BB_Parse($parse->process($_POST['short_story']), false));
$allow_br = 1;
}
if ($parse->not_allowed_text) {
$stop .= "<li>" . $lang['news_err_39'] . "</li>";
}
$parse->ParseFilter();
$title = $db->safesql($parse->process(trim(strip_tags($_POST['title']))));
$alt_name = trim($parse->process(stripslashes($_POST['alt_name'])));
$parse = new ParseFilter(array(), array(), 1, 1);
$add_module = "yes";
$xfieldsaction = "init";
$category = $catlist;
include ENGINE_DIR . '/inc/xfields.php';
if ($alt_name == "" or !$alt_name) {
$alt_name = totranslit(stripslashes($title), true, false);
} else {
$alt_name = totranslit($alt_name, true, false);
}
if ($title == "" or !$title) {
$stop .= $lang['add_err_1'];
}
if (dle_strlen($title, $config['charset']) > 200) {
$stop .= $lang['add_err_2'];
}
=====================================================
Файл: wordfilter.php
-----------------------------------------------------
Назначение: фильтр слов
=====================================================
*/
if (!defined('DATALIFEENGINE') or !defined('LOGGED_IN')) {
die("Hacking attempt!");
}
if (!$user_group[$member_id['user_group']]['admin_wordfilter']) {
msg("error", $lang['index_denied'], $lang['index_denied']);
}
$result = "";
$word_id = intval($_REQUEST['word_id']);
include_once ENGINE_DIR . '/classes/parse.class.php';
$parse = new ParseFilter(array(), array(), 1, 1);
$parse->filter_mode = false;
// ********************************************************************************
// Добавление слова
// ********************************************************************************
if ($action == "add") {
if ($_REQUEST['user_hash'] == "" or $_REQUEST['user_hash'] != $dle_login_hash) {
die("Hacking attempt! User not found");
}
$word_find = trim(strip_tags(stripslashes($_POST['word_find'])));
if ($word_find == "") {
msg("error", $lang['word_error'], $lang['word_word'], "?mod=wordfilter");
}
if ($word_replace == "({$lang['word_del']})") {
$word_replace = "";
}
<td><img src="engine/skins/images/tl_lu.gif" width="4" height="6" border="0"></td>
<td background="engine/skins/images/tl_ub.gif"><img src="engine/skins/images/tl_ub.gif" width="1" height="6" border="0"></td>
<td><img src="engine/skins/images/tl_ru.gif" width="6" height="6" border="0"></td>
</tr>
</table>
</div></form>
\t<script type="text/javascript">
jQuery(document).ready(function(\$){
\tinitTabs('dle_tabView1',Array('{$lang['tabs_news']}','{$lang['tabs_vote']}','{$lang['tabs_extra']}','{$lang['tabs_perm']}'),0, '100%');
});
\t</script>
HTML;
echofooter();
} elseif ($action == "doaddnews") {
include_once ENGINE_DIR . '/classes/parse.class.php';
$parse = new ParseFilter(array(), array(), 1, 1);
$allow_comm = isset($_POST['allow_comm']) ? intval($_POST['allow_comm']) : 0;
$approve = isset($_POST['approve']) ? intval($_POST['approve']) : 0;
$allow_rating = isset($_POST['allow_rating']) ? intval($_POST['allow_rating']) : 0;
$news_fixed = isset($_POST['news_fixed']) ? intval($_POST['news_fixed']) : 0;
$allow_br = isset($_POST['allow_br']) ? intval($_POST['allow_br']) : 0;
$category = $_POST['category'];
$disable_index = isset($_POST['disable_index']) ? intval($_POST['disable_index']) : 0;
if ($user_group[$member_id['user_group']]['allow_main']) {
$allow_main = intval($_POST['allow_main']);
} else {
$allow_main = 0;
}
if ($member_id['user_group'] > 2) {
$disable_index = 0;
}
\t\titem = document.all[id];
\t } else if (document.layers){
\t\titem = document.layers[id];
\t }
\t if (!item) {
\t }
\t else if (item.style) {
\t\tif (item.style.display == "none"){ item.style.display = ""; }
\t\telse {item.style.display = "none"; }
\t }else{ item.visibility = "show"; }
};
//-->
</script>
HTML;
include_once ENGINE_DIR . '/classes/parse.class.php';
$parse = new ParseFilter(array(), array(), 1, 1);
$allow_br = intval($_POST['allow_br']);
if ($_POST['preview_mode'] == "static") {
if ($member_id['user_group'] != 1 and $allow_br > 1) {
$allow_br = 1;
}
if ($allow_br == 2) {
if (function_exists("get_magic_quotes_gpc") && get_magic_quotes_gpc()) {
$_POST['template'] = stripslashes($_POST['template']);
}
$template = trim(addslashes($_POST['template']));
} else {
if ($config['allow_static_wysiwyg']) {
$parse->allow_code = false;
}
$template = $parse->process($_POST['template']);
=====================================================
Данный код защищен авторскими правами
=====================================================
Файл: cmoderation.php
-----------------------------------------------------
Назначение: Модерация комментариев
=====================================================
*/
if (!defined('DATALIFEENGINE') or !defined('LOGGED_IN')) {
die("Hacking attempt!");
}
if (!$user_group[$member_id['user_group']]['admin_comments']) {
msg("error", $lang['index_denied'], $lang['index_denied'], "?mod=main");
}
include_once ENGINE_DIR . '/classes/parse.class.php';
$parse = new ParseFilter();
$parse->safe_mode = true;
$parse->allow_url = $user_group[$member_id['user_group']]['allow_url'];
$parse->allow_image = $user_group[$member_id['user_group']]['allow_image'];
if ($action == "mass_approve") {
if ($_REQUEST['user_hash'] == "" or $_REQUEST['user_hash'] != $dle_login_hash) {
die("Hacking attempt! User not found");
}
if ($config['allow_comments_wysiwyg']) {
$parse->wysiwyg = true;
$use_html = true;
$parse->ParseFilter(array('div', 'a', 'span', 'p', 'br'), array(), 0, 1);
} else {
$use_html = false;
}
if (!$_POST['selected_comments']) {
$row = $db->super_query("SELECT * FROM " . PREFIX . "_comments where id = '{$c_id}'");
$author = $row['autor'];
$is_reg = $row['is_register'];
$post_id = $row['post_id'];
$db->query("DELETE FROM " . PREFIX . "_comments WHERE id = '{$c_id}'");
if ($is_reg) {
$db->query("UPDATE " . USERPREFIX . "_users SET comm_num=comm_num-1 where name ='{$author}'");
}
$db->query("UPDATE " . PREFIX . "_post SET comm_num=comm_num-1 where id='{$post_id}'");
}
clear_cache(array('news_', 'full_', 'comm_', 'rss'));
$db->query("INSERT INTO " . USERPREFIX . "_admin_logs (name, date, ip, action, extras) values ('" . $db->safesql($member_id['name']) . "', '{$_TIME}', '{$_IP}', '21', '')");
msg("info", $lang['mass_head'], $lang['mass_delokc'], "{$PHP_SELF}?mod=comments&action=edit&id={$id}");
} elseif ($action == "edit") {
include_once ENGINE_DIR . '/classes/parse.class.php';
$parse = new ParseFilter();
$parse->safe_mode = true;
if ($id) {
$where = "post_id = '{$id}' AND ";
} else {
$where = "";
}
$start_from = intval($_GET['start_from']);
if ($start_from < 0) {
$start_from = 0;
}
$news_per_page = 50;
$i = $start_from;
$gopage = intval($_GET['gopage']);
if ($gopage > 0) {
$start_from = ($gopage - 1) * $news_per_page;
</td>
<td background="engine/skins/images/tl_rb.gif"><img src="engine/skins/images/tl_rb.gif" width="6" height="1" border="0"></td>
</tr>
<tr>
<td><img src="engine/skins/images/tl_lu.gif" width="4" height="6" border="0"></td>
<td background="engine/skins/images/tl_ub.gif"><img src="engine/skins/images/tl_ub.gif" width="1" height="6" border="0"></td>
<td><img src="engine/skins/images/tl_ru.gif" width="6" height="6" border="0"></td>
</tr>
</table>
</div></form>
HTML;
echofooter();
exit;
} elseif ($_POST['action'] == "do_mass_move_to_ban") {
include_once ENGINE_DIR . '/classes/parse.class.php';
$parse = new ParseFilter();
foreach ($selected_users as $id) {
$id = intval($id);
$row = $db->super_query("SELECT name, user_group FROM " . USERPREFIX . "_users WHERE user_id='{$id}'");
if ($member_id['user_group'] != 1 and $row['user_group'] == 1) {
msg("error", $lang['mass_error'], $lang['edit_not_admin'], "?mod=editusers&action=list");
}
$db->query("INSERT INTO " . USERPREFIX . "_admin_logs (name, date, ip, action, extras) values ('" . $db->safesql($member_id['name']) . "', '{$_TIME}', '{$_IP}', '44', '{$row['name']}')");
$banned_descr = $db->safesql($parse->BB_Parse($parse->process($_POST['banned_descr']), false));
$this_time = time() + $config['date_adjust'] * 60;
$banned_date = intval($_POST['banned_date']);
$this_time = $banned_date ? $this_time + $banned_date * 60 * 60 * 24 : 0;
$row = $db->super_query("SELECT users_id, days FROM " . USERPREFIX . "_banned WHERE users_id = '{$id}'");
if (!$row['users_id']) {
$db->query("INSERT INTO " . USERPREFIX . "_banned (users_id, descr, date, days) values ('{$id}', '{$banned_descr}', '{$this_time}', '{$banned_date}')");
} else {
$is_logged = false;
$member_id = array();
if ($config['allow_registration'] == "yes") {
require_once ENGINE_DIR . '/modules/sitelogin.php';
}
if (!$is_logged) {
$member_id['user_group'] = 5;
}
if ($is_logged and $member_id['banned'] == "yes") {
die("error");
}
$id = intval($_GET['id']);
if (!$id) {
die("error");
}
$parse = new ParseFilter();
$parse->safe_mode = true;
$row = $db->super_query("SELECT autor, text FROM " . PREFIX . "_comments WHERE id = '{$id}'");
if (!$row['text']) {
die("error");
}
if (!$config['allow_comments_wysiwyg']) {
$text = $parse->decodeBBCodes($row['text'], false);
$text = str_replace(""", '"', $text);
$text = str_replace("'", "'", $text);
} else {
$text = $parse->decodeBBCodes($row['text'], TRUE, $config['allow_comments_wysiwyg']);
$text = preg_replace('/<p[^>]*>/', '', $text);
$text = str_replace("</p>", "<br />", $text);
$text = preg_replace('/<div[^>]*>/', '', $text);
$text = str_replace("</div>", "<br />", $text);
-----------------------------------------------------
Copyright (c) 2004,2015 SoftNews Media Group
=====================================================
Данный код защищен авторскими правами
=====================================================
Файл: addnews.php
-----------------------------------------------------
Назначение: Добавление новости посетителем
=====================================================
*/
if (!defined('DATALIFEENGINE')) {
die("Hacking attempt!");
}
$allow_addnews = true;
include_once ENGINE_DIR . '/classes/parse.class.php';
$parse = new ParseFilter(array(), array(), 1, 1);
if ($config['max_moderation'] and !$user_group[$member_id['user_group']]['moderation']) {
$stats_approve = $db->super_query("SELECT COUNT(*) as count FROM " . PREFIX . "_post WHERE approve != '1'");
$stats_approve = $stats_approve['count'];
if ($stats_approve >= $config['max_moderation']) {
$allow_addnews = false;
}
}
if ($is_logged and $config['news_restricted'] and $_TIME - $member_id['reg_date'] < $config['news_restricted'] * 86400) {
$lang['add_err_9'] = str_replace('{days}', intval($config['news_restricted']), $lang['news_info_7']);
$allow_addnews = false;
}
if ($member_id['restricted'] and $member_id['restricted_days'] and $member_id['restricted_date'] < $_TIME) {
$member_id['restricted'] = 0;
$db->query("UPDATE LOW_PRIORITY " . USERPREFIX . "_users SET restricted='0', restricted_days='0', restricted_date='' WHERE user_id='{$member_id['user_id']}'");
}
$config['skin'] = $_COOKIE['dle_skin'];
}
}
if ($config["lang_" . $config['skin']]) {
if (file_exists(ROOT_DIR . '/language/' . $config["lang_" . $config['skin']] . '/website.lng')) {
include_once ROOT_DIR . '/language/' . $config["lang_" . $config['skin']] . '/website.lng';
} else {
die("Language file not found");
}
} else {
include_once ROOT_DIR . '/language/' . $config['langs'] . '/website.lng';
}
$config['charset'] = $lang['charset'] != '' ? $lang['charset'] : $config['charset'];
require_once ENGINE_DIR . '/modules/functions.php';
require_once ENGINE_DIR . '/classes/parse.class.php';
$parse = new ParseFilter();
function check_name($name)
{
global $lang, $db, $banned_info, $relates_word, $config;
$stop = '';
$name = urldecode($name);
if (dle_strlen($name, $config['charset']) > 30 or dle_strlen(trim($name), $config['charset']) < 3) {
$stop .= $lang['reg_err_3'];
}
if (preg_match("/[\\||\\'|\\<|\\>|\\[|\\]|\"|\\!|\\?|\$|\\@|\\/|\\\\|\\&\\~\\*\\{\\+]/", $name)) {
$stop .= $lang['reg_err_4'];
}
if (stripos(urlencode($name), "%AD") !== false) {
$stop .= $lang['reg_err_4'];
}
if (strpos(strtolower($name), '.php') !== false) {
http://dle-news.ru/
-----------------------------------------------------
Copyright (c) 2004,2013 SoftNews Media Group
=====================================================
Данный код защищен авторскими правами
=====================================================
Файл: pm.php
-----------------------------------------------------
Назначение: персональные сообщения
=====================================================
*/
if (!defined('DATALIFEENGINE')) {
die("Hacking attempt!");
}
require_once ENGINE_DIR . '/classes/parse.class.php';
$parse = new ParseFilter();
$parse->safe_mode = true;
$parse->allow_url = $user_group[$member_id['user_group']]['allow_url'];
$parse->allow_image = $user_group[$member_id['user_group']]['allow_image'];
$stop_pm = FALSE;
if (isset($_REQUEST['doaction'])) {
$doaction = $_REQUEST['doaction'];
} else {
$doaction = "";
}
if (!$is_logged or !$user_group[$member_id['user_group']]['allow_pm']) {
msgbox($lang['all_err_1'], $lang['pm_err_1']);
$stop_pm = TRUE;
}
if ($user_group[$member_id['user_group']]['max_pm'] and $member_id['pm_all'] >= $user_group[$member_id['user_group']]['max_pm'] and !$stop_pm) {
msgbox($lang['all_info'], $lang['pm_err_9']);
echo $lang['ignore_error_2'];
die;
}
$db->query("INSERT INTO " . USERPREFIX . "_ignore_list (user, user_from) values ('{$row['user']}', '{$row['user_from']}')");
echo $lang['ignore_ok'];
} elseif ($_GET['action'] == "del_ignore") {
$id = intval($_GET['id']);
$row = $db->super_query("SELECT * FROM " . USERPREFIX . "_ignore_list WHERE id='{$id}'");
if ($row['id'] and ($row['user'] == $member_id['user_id'] or $member_id['user_group'] == 1)) {
$db->query("DELETE FROM " . USERPREFIX . "_ignore_list WHERE id = '{$row['id']}'");
echo $lang['ignore_del_ok'];
die;
}
die("Operation not Allowed");
} else {
$parse = new ParseFilter();
$parse->safe_mode = true;
function del_tpl($read)
{
global $tpl;
$read = str_replace('\\"', '"', str_replace("&", "&", $read));
$tpl->copy_template = $read;
}
$tpl = new dle_template();
$tpl->dir = ROOT_DIR . '/templates/' . $_REQUEST['skin'];
define('TEMPLATE_DIR', $tpl->dir);
$_POST['name'] = convert_unicode($_POST['name'], $config['charset']);
$_POST['subj'] = convert_unicode($_POST['subj'], $config['charset']);
$_POST['text'] = convert_unicode($_POST['text'], $config['charset']);
$name = $parse->process(trim($_POST['name']));
$subj = $parse->process(trim($_POST['subj']));
Назначение: Управление опросами
=====================================================
*/
if (!defined('DATALIFEENGINE') or !defined('LOGGED_IN')) {
die("Hacking attempt!");
}
if (!$user_group[$member_id['user_group']]['admin_editvote']) {
msg("error", $lang['index_denied'], $lang['index_denied']);
}
if (isset($_REQUEST['id'])) {
$id = intval($_REQUEST['id']);
} else {
$id = "";
}
include_once ENGINE_DIR . '/classes/parse.class.php';
$parse = new ParseFilter();
$parse->filter_mode = false;
$stop = false;
if ($_GET['action'] == "delete") {
if ($_REQUEST['user_hash'] == "" or $_REQUEST['user_hash'] != $dle_login_hash) {
die("Hacking attempt! User not found");
}
$db->query("DELETE FROM " . PREFIX . "_vote WHERE id='{$id}'");
$db->query("DELETE FROM " . PREFIX . "_vote_result WHERE vote_id='{$id}'");
$db->query("INSERT INTO " . USERPREFIX . "_admin_logs (name, date, ip, action, extras) values ('" . $db->safesql($member_id['name']) . "', '{$_TIME}', '{$_IP}', '27', '{$id}')");
@unlink(ENGINE_DIR . '/cache/system/vote.php');
msg("info", $lang['vote_str_2'], $lang['vote_str_2'], "?mod=editvote");
}
if ($_GET['action'] == "clear") {
if ($_REQUEST['user_hash'] == "" or $_REQUEST['user_hash'] != $dle_login_hash) {
die("Hacking attempt! User not found");
die("Hacking attempt! User not found");
}
$row = $db->super_query("SELECT user_id, name, user_group, email FROM " . USERPREFIX . "_users WHERE user_id = '{$id}'");
if (!$row['user_id']) {
die("User not found");
}
if ($member_id['user_group'] != 1 and $row['user_group'] == 1) {
die($lang['edit_not_admin']);
}
$editlevel = intval($_POST['editlevel']);
if ($member_id['user_group'] != 1 and $editlevel < 2) {
die($lang['admin_not_access']);
}
$db->query("INSERT INTO " . USERPREFIX . "_admin_logs (name, date, ip, action, extras) values ('" . $db->safesql($member_id['name']) . "', '{$_TIME}', '{$_IP}', '64', '{$row['name']}')");
include_once ENGINE_DIR . '/classes/parse.class.php';
$parse = new ParseFilter();
$parse->safe_mode = true;
$editlogin = $db->safesql($parse->process($_POST['editlogin']));
$editfullname = $db->safesql($parse->process($_POST['editfullname']));
if ($_POST['editicq']) {
$editicq = intval($_POST['editicq']);
} else {
$editicq = "";
}
$editland = $db->safesql($parse->process($_POST['editland']));
$editinfo = $db->safesql($parse->BB_Parse($parse->process($_POST['editinfo']), false));
$editsignature = $db->safesql($parse->BB_Parse($parse->process($_POST['editsignature']), false));
$time_limit = trim($_POST['time_limit']) ? strtotime($_POST['time_limit']) : "";
$not_allow_symbol = array("\"", "`", "\t", '\\n', '\\r', "\n", "\r", '\\', ",", "/", "¬", "#", ";", ":", "~", "[", "]", "{", "}", ")", "(", "*", "^", "%", "\$", "<", ">", "?", "!", '"', "'", " ");
$editmail = $db->safesql(trim(str_replace($not_allow_symbol, '', strip_tags(stripslashes($_POST['editmail'])))));
if (empty($editmail) or strlen($editmail) > 50 or @count(explode("@", $editmail)) != 2) {
=====================================================
Данный код защищен авторскими правами
=====================================================
Файл: static.php
-----------------------------------------------------
Назначение: редактирование статистических страниц
=====================================================
*/
if (!defined('DATALIFEENGINE') or !defined('LOGGED_IN')) {
die("Hacking attempt!");
}
if (!$user_group[$member_id['user_group']]['admin_static']) {
msg("error", $lang['index_denied'], $lang['index_denied']);
}
include_once ENGINE_DIR . '/classes/parse.class.php';
$parse = new ParseFilter(array(), array(), 1, 1);
function SelectSkin($skin)
{
global $lang;
$templates_list = array();
$handle = opendir('./templates');
while (false !== ($file = readdir($handle))) {
if (is_dir("./templates/{$file}") and ($file != "." and $file != "..")) {
$templates_list[] = $file;
}
}
closedir($handle);
$skin_list = "<select name=skin_name>";
$skin_list .= "<option value=\"\">" . $lang['cat_skin_sel'] . "</option>";
foreach ($templates_list as $single_template) {
if ($single_template == $skin) {
http://dle-news.ru/
-----------------------------------------------------
Copyright (c) 2004,2012 SoftNews Media Group
=====================================================
Данный код защищен авторскими правами
=====================================================
Файл: profile.php
-----------------------------------------------------
Назначение: Профиль пользователя
=====================================================
*/
if (!defined('DATALIFEENGINE')) {
die("Hacking attempt!");
}
include_once ENGINE_DIR . '/classes/parse.class.php';
$parse = new ParseFilter();
$parse->safe_mode = true;
//####################################################################################################################
// Обновление информации о пользователе
//####################################################################################################################
if ($allow_userinfo and $doaction == "adduserinfo") {
$stop = false;
$id = intval($_POST['id']);
if (!$is_logged or $_POST['dle_allow_hash'] == "" or $_POST['dle_allow_hash'] != $dle_login_hash or !$id) {
die("Hacking attempt! User ID not valid");
}
if ($member_id['user_id'] != $id and $member_id['user_group'] != 1) {
die("Hacking attempt!");
}
$row = $db->super_query("SELECT * FROM " . USERPREFIX . "_users WHERE user_id = '{$id}'");
if (!$is_logged or !($member_id['user_id'] == $row['user_id'] or $member_id['user_group'] == 1)) {
define('MODULE_PATH', ENGINE_DIR . "/modules/billing");
define('MODULE_DATA', ENGINE_DIR . "/data/billing");
/* Helpers classes */
require_once ENGINE_DIR . '/classes/parse.class.php';
require_once MODULE_PATH . '/helpers/user.models.php';
require_once MODULE_PATH . '/helpers/user.theme.php';
require_once MODULE_PATH . '/lang/cabinet.php';
require_once MODULE_DATA . '/mail.php';
/* Install */
if (!file_exists(MODULE_DATA . '/config.php')) {
header('Refresh: 0; url=' . $config['http_home_url']);
die;
}
require_once MODULE_PATH . '/pay.api.php';
/* Pointer controller */
$parse = new ParseFilter();
$start = explode("/", $billing_config['start']);
$c = $_GET['c'] ? $db->safesql($parse->process(trim($_GET['c']))) : $start[0];
$m = $_GET['m'] ? $db->safesql($parse->process(trim($_GET['m']))) : $start[1];
$p = $_GET['p'] ? $db->safesql($parse->process(trim($_GET['p']))) : $start[2];
/* OFF */
if (!$billing_config['status'] and $member_id['user_group'] != 1) {
echo $billing_lang['cabinet_off'];
} else {
/* Load controller - Core */
if (file_exists(MODULE_PATH . "/controllers/user." . $c . ".php")) {
require_once MODULE_PATH . '/controllers/user.' . $c . '.php';
} elseif (file_exists(MODULE_PATH . "/plugins/" . $c . "/user.main.php")) {
require_once MODULE_PATH . '/plugins/' . $c . '/user.main.php';
} else {
echo str_replace("{c}", $c, $billing_lang['cabinet_controller_error']);
} else {
$template = $db->safesql($parse->BB_Parse($template, false));
}
$db->query("UPDATE " . PREFIX . "_static SET template='{$template}' WHERE id='{$row['id']}'");
$step++;
}
$rebuildcount = $startfrom + $step;
$buffer = "{\"status\": \"ok\",\"rebuildcount\": {$rebuildcount}}";
echo $buffer;
} else {
$parse = new ParseFilter(array(), array(), 1, 1);
$parse->edit_mode = false;
if ($config['allow_admin_wysiwyg'] == "yes") {
$parse->allow_code = false;
}
$parsexf = new ParseFilter(array(), array(), 1, 1);
$parsexf->edit_mode = false;
if ($config['allow_admin_wysiwyg'] == "yes") {
$parsexf->allow_code = false;
}
if ($config['safe_xfield']) {
$parsexf->ParseFilter();
$parsexf->safe_mode = true;
$parsexf->edit_mode = false;
}
$result = $db->query("SELECT p.id, p.short_story, p.full_story, p.xfields, p.title, p.allow_br, e.news_id FROM " . PREFIX . "_post p LEFT JOIN " . PREFIX . "_post_extras e ON (p.id=e.news_id) LIMIT " . $startfrom . ", " . $count_per_step);
while ($row = $db->get_row($result)) {
if ($row['allow_br'] != '1' or $config['allow_admin_wysiwyg'] == "yes") {
$row['short_story'] = $parse->decodeBBCodes($row['short_story'], true, $config['allow_admin_wysiwyg']);
$row['full_story'] = $parse->decodeBBCodes($row['full_story'], true, $config['allow_admin_wysiwyg']);
} else {
@ini_set('display_errors', true);
@ini_set('html_errors', false);
@ini_set('error_reporting', E_ALL ^ E_WARNING ^ E_NOTICE);
define('DATALIFEENGINE', true);
define('ROOT_DIR', substr(dirname(__FILE__), 0, -12));
define('ENGINE_DIR', ROOT_DIR . '/engine');
include ENGINE_DIR . '/data/config.php';
if ($config['http_home_url'] == "") {
$config['http_home_url'] = explode("engine/ajax/keywords.php", $_SERVER['PHP_SELF']);
$config['http_home_url'] = reset($config['http_home_url']);
$config['http_home_url'] = "http://" . $_SERVER['HTTP_HOST'] . $config['http_home_url'];
}
require_once ENGINE_DIR . '/classes/mysql.php';
require_once ENGINE_DIR . '/data/dbconfig.php';
require_once ROOT_DIR . '/language/' . $config['langs'] . '/adminpanel.lng';
require_once ENGINE_DIR . '/inc/include/functions.inc.php';
require_once ENGINE_DIR . '/classes/parse.class.php';
dle_session();
$config['charset'] = $lang['charset'] != '' ? $lang['charset'] : $config['charset'];
@header("Content-type: text/html; charset=" . $config['charset']);
$parse = new ParseFilter();
$full_story = $parse->BB_Parse($parse->process(convert_unicode($_REQUEST['full_txt'], $config['charset'])), false);
$short_story = $parse->BB_Parse($parse->process(convert_unicode($_REQUEST['short_txt'], $config['charset'])), false);
$metatags = create_metatags($short_story . $full_story);
$metatags['description'] = trim($metatags['description']);
$metatags['keywords'] = trim($metatags['keywords']);
if ($_REQUEST['key'] == 1) {
echo stripslashes($metatags['description']);
} else {
echo stripslashes($metatags['keywords']);
}
}
}
if ($config["lang_" . $config['skin']]) {
if (file_exists(ROOT_DIR . '/language/' . $config["lang_" . $config['skin']] . '/website.lng')) {
include_once ROOT_DIR . '/language/' . $config["lang_" . $config['skin']] . '/website.lng';
} else {
die("Language file not found");
}
} else {
include_once ROOT_DIR . '/language/' . $config['langs'] . '/website.lng';
}
$config['charset'] = $lang['charset'] != '' ? $lang['charset'] : $config['charset'];
@header("Content-type: text/html; charset=" . $config['charset']);
require_once ENGINE_DIR . '/classes/parse.class.php';
require_once ENGINE_DIR . '/modules/sitelogin.php';
$parse = new ParseFilter(array(), array(), 1, 1);
if (!$is_logged) {
die("error");
}
$id = intval($_REQUEST['id']);
if (!$id) {
die("error");
}
//################# Определение групп пользователей
$user_group = get_vars("usergroup");
if (!$user_group) {
$user_group = array();
$db->query("SELECT * FROM " . USERPREFIX . "_usergroups ORDER BY id ASC");
while ($row = $db->get_row()) {
$user_group[$row['id']] = array();
foreach ($row as $key => $value) {
while ($row = $db->get_row()) {
$user_group[$row['id']] = array();
foreach ($row as $key => $value) {
$user_group[$row['id']][$key] = stripslashes($value);
}
}
set_vars("usergroup", $user_group);
$db->free();
}
if (!$is_logged) {
die("error");
}
if (!$user_group[$member_id['user_group']]['allow_all_edit']) {
die("error");
}
$parse = new ParseFilter();
$parse->safe_mode = true;
$parse->allow_url = $user_group[$member_id['user_group']]['allow_url'];
$parse->allow_image = $user_group[$member_id['user_group']]['allow_image'];
$id = intval($_POST['id']);
$text = convert_unicode($_POST['text'], $config['charset']);
if (!$id or !$text) {
die("error");
}
$row = $db->super_query("SELECT id, title, autor FROM " . PREFIX . "_post WHERE id='{$id}'");
if (!$row['id']) {
die("error");
}
$title = stripslashes($row['title']);
$row['autor'] = $db->safesql($row['autor']);
$row = $db->super_query("SELECT email, name, user_id FROM " . USERPREFIX . "_users WHERE name = '{$row['autor']}'");
http://dle-news.ru/
-----------------------------------------------------
Copyright (c) 2004,2013 SoftNews Media Group
=====================================================
Данный код защищен авторскими правами
=====================================================
Файл: register.php
-----------------------------------------------------
Назначение: регистрация посетителя
=====================================================
*/
if (!defined('DATALIFEENGINE')) {
die("Hacking attempt!");
}
require_once ENGINE_DIR . '/classes/parse.class.php';
$parse = new ParseFilter();
$parse->safe_mode = true;
$parse->allow_url = false;
$parse->allow_image = false;
$stopregistration = FALSE;
$_IP = get_ip();
if (isset($_REQUEST['doaction'])) {
$doaction = $_REQUEST['doaction'];
} else {
$doaction = "";
}
$config['reg_group'] = intval($config['reg_group']) ? intval($config['reg_group']) : 4;
function check_reg($name, $email, $password1, $password2, $sec_code = 1, $sec_code_session = 1)
{
global $lang, $db, $banned_info, $relates_word, $config;
$stop = "";
