<city></city>
</user>
XML;
}
$resp .= "</profiles>";
break;
// Отправляем ПМ
// Отправляем ПМ
case "sendmessage":
require_once ENGINE_DIR . '/classes/parse.class.php';
$parse = new ParseFilter();
$parse->safe_mode = true;
$uid = intval($_GET['uid']);
$sender_id = intval($_GET['sender_id']);
$message = convert_unicode($_GET['message'], $config['charset']);
$message = $parse->BB_Parse($parse->process($message), false);
$subj = strip_tags($db->safesql($nextgame['subj_pm'], $config['charset']));
if ($_GET['type'] == 'user') {
$user = $db->super_query("SELECT user_id,name from " . USERPREFIX . "_users where user_id='{$sender_id}'");
} else {
$user['name'] = "NexGame Aplication";
}
$time = time() + $config['date_adjust'] * 60;
$db->query("INSERT INTO " . USERPREFIX . "_pm (subj, text, user, user_from, date, pm_read, folder) values ('{$subj}', '{$message}', '{$uid}', '{$user['name']}', '{$time}', 'no', 'inbox')");
$db->query("UPDATE " . USERPREFIX . "_users set pm_all=pm_all+1, pm_unread=pm_unread+1 where user_id='{$uid}'");
$resp = "<msg><uid>{$uid}</uid><delivered>1</delivered></msg>";
break;
case 'sendinvite':
/// Инвайт отправим.
if (empty($_GET['uid']) or intval($_GET['sender_id']) == 0 or intval($_GET['app_id']) == 0) {
die;
public function Add($values_array)
{
if (!in_array($this->member['group'], $this->config['user_int_allow_no_code'])) {
$sec_code_session = $_SESSION['sec_code_session'] != '' ? $_SESSION['sec_code_session'] : false;
$_SESSION['sec_code_session'] = false;
if ($_POST['sec_code'] != $sec_code_session or !$sec_code_session) {
$this->Errors[] = $this->lang['error_code'];
}
}
if (!$GLOBALS['is_logged'] && $this->config['general_allow_reg']) {
$parse = new ParseFilter(array(), array(), 1, 1);
$password1 = $this->base->EscapeString($parse->process($_POST['password1']));
$password2 = $this->base->EscapeString($parse->process($_POST['password2']));
$name = $this->base->EscapeString($parse->process(htmlspecialchars(trim($_POST['name']))));
$email = $this->base->EscapeString($parse->process(htmlspecialchars(trim($_POST['email']))));
$member_id = $GLOBALS['db']->super_query("SELECT * FROM " . USERPREFIX . "_users where name='{$name}' and password='******'");
if ($member_id) {
$this->LoginIn($password1);
$GLOBALS['member_id'] = $member_id;
$this->member['id'] = $member_id['user_id'];
$this->member['name'] = $member_id['name'];
$this->member['group'] = $member_id['user_group'];
$this->member['ip'] = $member_id['logged_ip'];
$this->guest_session = '';
} else {
auto_check_reg($name, $email, $password1, $password2);
}
}
$this->values = $values_array;
$this->CheckError();
require_once ENGINE_DIR . '/car-market/classes/Fields.php';
$xfields = new Fields($this->base, $this);
$this->values['xfields'] = $xfields->EncodeFields($this->values);
$this->Errors = $this->Errors + $xfields->getErrors();
if ($this->Errors) {
return false;
}
if (!$GLOBALS['is_logged'] && $this->config['general_allow_reg']) {
if (intval($GLOBALS['config']['reg_group']) < 3) {
$GLOBALS['config']['reg_group'] = 4;
}
$regpassword = md5(md5($password1));
$GLOBALS['db']->query("INSERT INTO " . USERPREFIX . "_users (name, password, email, reg_date, lastdate, user_group, info, signature, favorites, xfields, logged_ip) VALUES ('{$name}', '{$regpassword}', '{$email}', '{$this->base->timer->cur_time}', '{$this->base->timer->cur_time}', '" . $GLOBALS['config']['reg_group'] . "', '', '', '', '', '" . $this->member['ip'] . "')");
$this->member['id'] = $GLOBALS['db']->insert_id();
$this->member['name'] = $name;
$this->member['group'] = $GLOBALS['config']['reg_group'];
$guest_session = $this->guest_session;
$this->guest_session = '';
$this->LoginIn($password1);
}
// if ($this->values['capacity_motor'] > 1000)
// {
// $this->values['capacity_motor'] = $this->values['capacity_motor']/1000;
// }
$this->PreparationValues();
if (in_array($this->member['group'], $this->config['user_int_allow_change_exp'])) {
if ($this->values['count_day']) {
$this->values['exp_date'] = $this->base->timer->cur_time + (int) $this->values['count_day'] * 24 * 60 * 60;
} else {
$this->values['exp_date'] = 0;
}
} elseif ($this->config['user_int_default_day_count']) {
$this->values['exp_date'] = $this->base->timer->cur_time + (int) $this->config['user_int_default_day_count'] * 24 * 60 * 60;
} else {
$this->values['exp_date'] = 0;
}
if (in_array($this->member['group'], $this->config['user_int_allow_no_moder'])) {
$this->values['allow_site'] = 1;
}
$this->values['guest_session'] = $this->guest_session;
$this->values['add_date'] = $this->values['update_date'] = $this->base->timer->cur_time;
$this->values['author'] = $this->member['name'];
$this->values['author_id'] = $this->member['id'];
$this->values['author_ip'] = $this->member['ip'];
$id = $this->base->Insert('auto_autos', $this->values);
if (!empty($this->values['images'])) {
$this->values['images'] = array_slice($this->values['images'], 0, $this->config['count_photo'][$this->member['group']]);
if ($this->values['images']) {
$this->base->SetWhere('id', $this->values['images'], 'IN', 'auto_images');
if ($this->member['id']) {
$this->base->Update('auto_images', array('auto_id' => $id), array('auto_id' => 0, 'user_id' => $this->member['id']));
} else {
if (!empty($guest_session)) {
$this->base->Update('auto_images', array('auto_id' => $id, 'user_id' => $this->member['id'], 'guest_session' => ''), array('auto_id' => 0, 'guest_session' => $guest_session));
} else {
$this->base->Update('auto_images', array('auto_id' => $id), array('auto_id' => 0, 'guest_session' => $this->guest_session));
}
}
if (!(int) $this->values['main_photo']) {
$this->values['main_photo'] = reset($this->values['images']);
}
$this->base->Update('auto_autos', array('photo' => $this->values['main_photo'], 'photo_count' => count($this->values['images'])), array('id' => $id));
}
}
if (!empty($_FILES['photo']['name'][0]) && $this->UploadPhoto($id)) {
$this->base->Update('auto_autos', array('photo' => $this->values['photo'], 'photo_count' => $this->values['photo_count']), array('id' => $id));
}
if (!empty($this->values['allow_site'])) {
$this->IncrementCounter($this->values['mark_id'], $this->values['model_id']);
Cache::ClearAllCache();
}
if ($this->config['general_inform'] && $this->config['general_email']) {
if ($data = @file_get_contents(ENGINE_DIR . "/car-market/mail.txt")) {
include_once DLE_CLASSES . 'mail.class.php';
$mail = new dle_mail($GLOBALS['config']);
$mail->from = $GLOBALS['config']['admin_mail'];
$data = str_replace("{%site_url%}", $GLOBALS['config']['http_home_url'], $data);
$data = str_replace("{%auto_link%}", $this->tpl->GetUrl(array("action" => 'auto', "id" => $id)), $data);
$mail->send($this->config['general_email'], $this->lang['mail_subj'], $data);
}
}
return $id;
}
$user_group[$row['id']] = array();
foreach ($row as $key => $value) {
$user_group[$row['id']][$key] = stripslashes($value);
}
}
set_vars("usergroup", $user_group);
$db->free();
}
@header("Content-type: text/html; charset=" . $config['charset']);
$parse = new ParseFilter();
$parse->safe_mode = true;
$parse->allow_url = $user_group[$member_id['user_group']]['allow_url'];
$parse->allow_image = $user_group[$member_id['user_group']]['allow_image'];
$id = intval($_POST['id']);
$text = convert_unicode($_POST['text'], $config['charset']);
$text = $parse->BB_Parse($parse->process(trim($text)), false);
if ($config['allow_complaint_mail']) {
include_once ENGINE_DIR . '/classes/mail.class.php';
$mail = new dle_mail($config);
$lang['mail_complaint_1'] = str_replace("{site}", $config['http_home_url'], $lang['mail_complaint_1']);
}
if ($_POST['action'] == "pm") {
if (!$is_logged) {
die("error");
}
if (!$id or !$text) {
die("error");
}
$row = $db->super_query("SELECT id, text, user, user_from FROM " . USERPREFIX . "_pm WHERE id='{$id}'");
if ($row['user'] != $member_id['user_id'] or !$row['id']) {
die("Operation not Allowed");
die("error");
}
if ($config['allow_comments_wysiwyg']) {
$parse->wysiwyg = true;
$use_html = true;
$parse->ParseFilter(array('div', 'span', 'p', 'br', 'strong', 'em', 'ul', 'li', 'ol', 'b', 'u', 'i', 's'), array(), 0, 1);
if ($user_group[$member_id['user_group']]['allow_url']) {
$parse->tagsArray[] = 'a';
}
if ($user_group[$member_id['user_group']]['allow_image']) {
$parse->tagsArray[] = 'img';
}
} else {
$use_html = false;
}
$comm_txt = trim($parse->BB_Parse($parse->process(convert_unicode($_POST['comm_txt'], $config['charset'])), $use_html));
if ($parse->not_allowed_tags) {
die("error");
}
if ($parse->not_allowed_text) {
die("error");
}
if (dle_strlen($comm_txt, $config['charset']) > $config['comments_maxlen']) {
die("error");
}
if ($comm_txt == "") {
die("error");
}
if (intval($config['comments_minlen']) and dle_strlen($comm_txt, $config['charset']) < $config['comments_minlen']) {
die("error");
}
$allow_list = explode(',', $user_group[$member_id['user_group']]['cat_add']);
foreach ($category as $selected) {
if ($allow_list[0] != "all" and !in_array($selected, $allow_list) and $member_id['user_group'] != 1) {
$approve = 0;
}
}
if (!$user_group[$member_id['user_group']]['moderation']) {
$approve = 0;
}
$allow_list = explode(',', $user_group[$member_id['user_group']]['cat_allow_addnews']);
foreach ($category as $selected) {
if ($allow_list[0] != "all" and !in_array($selected, $allow_list) and $ifdelete != "yes") {
msg("error", $lang['addnews_error'], $lang['news_err_41'], "javascript:history.go(-1)");
}
}
$title = $parse->process(trim(strip_tags($_POST['title'])));
if (!$user_group[$member_id['user_group']]['allow_html']) {
$_POST['short_story'] = strip_tags($_POST['short_story']);
$_POST['full_story'] = strip_tags($_POST['full_story']);
}
if ($config['allow_admin_wysiwyg']) {
$parse->allow_code = false;
}
$full_story = $parse->process($_POST['full_story']);
$short_story = $parse->process($_POST['short_story']);
if ($config['allow_admin_wysiwyg'] or $allow_br != '1') {
$full_story = $db->safesql($parse->BB_Parse($full_story));
$short_story = $db->safesql($parse->BB_Parse($short_story));
} else {
$full_story = $db->safesql($parse->BB_Parse($full_story, false));
$short_story = $db->safesql($parse->BB_Parse($short_story, false));
</table>
</div></form>
HTML;
echofooter();
exit;
} elseif ($_POST['action'] == "do_mass_move_to_ban") {
include_once ENGINE_DIR . '/classes/parse.class.php';
$parse = new ParseFilter();
foreach ($selected_users as $id) {
$id = intval($id);
$row = $db->super_query("SELECT name, user_group FROM " . USERPREFIX . "_users WHERE user_id='{$id}'");
if ($member_id['user_group'] != 1 and $row['user_group'] == 1) {
msg("error", $lang['mass_error'], $lang['edit_not_admin'], "?mod=editusers&action=list");
}
$db->query("INSERT INTO " . USERPREFIX . "_admin_logs (name, date, ip, action, extras) values ('" . $db->safesql($member_id['name']) . "', '{$_TIME}', '{$_IP}', '44', '{$row['name']}')");
$banned_descr = $db->safesql($parse->BB_Parse($parse->process($_POST['banned_descr']), false));
$this_time = time() + $config['date_adjust'] * 60;
$banned_date = intval($_POST['banned_date']);
$this_time = $banned_date ? $this_time + $banned_date * 60 * 60 * 24 : 0;
$row = $db->super_query("SELECT users_id, days FROM " . USERPREFIX . "_banned WHERE users_id = '{$id}'");
if (!$row['users_id']) {
$db->query("INSERT INTO " . USERPREFIX . "_banned (users_id, descr, date, days) values ('{$id}', '{$banned_descr}', '{$this_time}', '{$banned_date}')");
} else {
if ($row['days'] != $banned_date) {
$db->query("UPDATE " . USERPREFIX . "_banned SET descr='{$banned_descr}', days='{$banned_date}', date='{$this_time}' WHERE users_id = '{$id}'");
} else {
$db->query("UPDATE " . USERPREFIX . "_banned set descr='{$banned_descr}' WHERE users_id = '{$id}'");
}
}
@unlink(ENGINE_DIR . '/cache/system/banned.php');
$db->query("UPDATE " . USERPREFIX . "_users SET banned='yes' WHERE user_id ='{$id}'");
*/
if (!defined('DATALIFEENGINE') or !$config['allow_comments']) {
die("Hacking attempt!");
}
require_once ENGINE_DIR . '/classes/parse.class.php';
if ($config['allow_comments_wysiwyg'] > 0) {
$parse = new ParseFilter(array('div', 'span', 'p', 'br', 'strong', 'em', 'ul', 'li', 'ol', 'b', 'u', 'i', 's'), array(), 0, 1);
} else {
$parse = new ParseFilter();
}
$parse->safe_mode = true;
$parse->allow_url = $user_group[$member_id['user_group']]['allow_url'];
$parse->allow_image = $user_group[$member_id['user_group']]['allow_image'];
$_TIME = time();
$_IP = get_ip();
$name = $db->safesql($parse->process(trim($_POST['name'])));
$not_allow_symbol = array("\"", "`", "\t", '\\n', '\\r', "\n", "\r", '\\', ",", "/", "¬", "#", ";", ":", "~", "[", "]", "{", "}", ")", "(", "*", "^", "%", "\$", "<", ">", "?", "!", '"', "'", " ", "&");
$mail = $db->safesql(trim(str_replace($not_allow_symbol, '', strip_tags(stripslashes($_POST['mail'])))));
$post_id = intval($_POST['post_id']);
$stop = array();
$added_comments_id = 0;
if ($is_logged) {
$name = $db->safesql($member_id['name']);
$mail = $db->safesql($member_id['email']);
}
if ($user_group[$member_id['user_group']]['spamfilter']) {
$row = $db->super_query("SELECT * FROM " . PREFIX . "_spam_log WHERE ip = '{$_IP}'");
if (!$row['id'] or !$row['email']) {
include_once ENGINE_DIR . '/classes/stopspam.class.php';
$sfs = new StopSpam($config['spam_api_key'], $user_group[$member_id['user_group']]['spamfilter']);
$args = array('ip' => $_IP, 'email' => $mail);
if ($_REQUEST['user_hash'] == "" or $_REQUEST['user_hash'] != $dle_login_hash) {
die("Hacking attempt! User not found");
}
if ($config['allow_comments_wysiwyg']) {
$parse->wysiwyg = true;
$use_html = true;
$parse->ParseFilter(array('div', 'a', 'span', 'p', 'br'), array(), 0, 1);
} else {
$use_html = false;
}
if (!$_POST['selected_comments']) {
msg("error", $lang['mass_error'], $lang['mass_acomm'], "?mod=cmoderation");
}
foreach ($_POST['selected_comments'] as $c_id) {
$c_id = intval($c_id);
$comments = $db->safesql($parse->BB_Parse($parse->process($_POST['selected_text'][$c_id]), $use_html));
$post_id = intval($_POST['post_id'][$c_id]);
$db->query("UPDATE " . PREFIX . "_comments SET text='{$comments}', approve='1' WHERE id='{$c_id}'");
$db->query("UPDATE " . PREFIX . "_post SET comm_num=comm_num+1 WHERE id='{$post_id}'");
}
$db->query("INSERT INTO " . USERPREFIX . "_admin_logs (name, date, ip, action, extras) values ('" . $db->safesql($member_id['name']) . "', '{$_TIME}', '{$_IP}', '19', '')");
clear_cache();
msg("info", $lang['mass_head'], $lang['mass_approve_ok'], "?mod=cmoderation");
}
if ($action == "mass_delete") {
if ($_REQUEST['user_hash'] == "" or $_REQUEST['user_hash'] != $dle_login_hash) {
die("Hacking attempt! User not found");
}
if (!$_POST['selected_comments']) {
msg("error", $lang['mass_error'], $lang['mass_dcomm'], "?mod=cmoderation");
}
$parse = new ParseFilter(array(), array(), 1, 1);
$allow_br = intval($_POST['allow_br']);
if ($_POST['preview_mode'] == "static") {
if ($member_id['user_group'] != 1 and $allow_br > 1) {
$allow_br = 1;
}
if ($allow_br == 2) {
if (function_exists("get_magic_quotes_gpc") && get_magic_quotes_gpc()) {
$_POST['template'] = stripslashes($_POST['template']);
}
$template = trim(addslashes($_POST['template']));
} else {
if ($config['allow_static_wysiwyg']) {
$parse->allow_code = false;
}
$template = $parse->process($_POST['template']);
if ($config['allow_static_wysiwyg'] or $allow_br != '1') {
$template = $parse->BB_Parse($template);
} else {
$template = $parse->BB_Parse($template, false);
}
}
$descr = trim(htmlspecialchars(stripslashes($_POST['description']), ENT_QUOTES, $config['charset']));
if ($_GET['page'] == "rules") {
$descr = $lang['rules_edit'];
}
if ($_POST['allow_template']) {
$dle_module = "static";
if ($_POST['static_tpl'] == "") {
if (@is_file($tpl->dir . "/preview.tpl")) {
$tpl->load_template('preview.tpl');
if ($resp->is_valid) {
$sec_code = 1;
$sec_code_session = 1;
}
}
} else {
$sec_code = $_POST['sec_code'];
$sec_code_session = $_SESSION['sec_code_session'] != '' ? $_SESSION['sec_code_session'] : false;
}
} else {
$sec_code = 1;
$sec_code_session = 1;
}
$password1 = $_POST['password1'];
$password2 = $_POST['password2'];
$name = $db->safesql($parse->process(htmlspecialchars(trim($_POST['name']), ENT_COMPAT, $config['charset'])));
$name = preg_replace('#\\s+#i', ' ', $name);
$not_allow_symbol = array("\"", "`", "\t", '\\n', '\\r', "\n", "\r", '\\', ",", "/", "¬", "#", ";", ":", "~", "[", "]", "{", "}", ")", "(", "*", "^", "%", "\$", "<", ">", "?", "!", '"', "'", " ", "&");
$email = $db->safesql(trim(str_replace($not_allow_symbol, '', strip_tags(stripslashes($_POST['email'])))));
$reg_error = check_reg($name, $email, $password1, $password2, $sec_code, $sec_code_session);
if ($config['reg_question']) {
if (intval($_SESSION['question'])) {
$answer = $db->super_query("SELECT id, answer FROM " . PREFIX . "_question WHERE id='" . intval($_SESSION['question']) . "'");
$answers = explode("\n", $answer['answer']);
$pass_answer = false;
if (function_exists('mb_strtolower')) {
$question_answer = trim(mb_strtolower($_POST['question_answer'], $config['charset']));
} else {
$question_answer = trim(strtolower($_POST['question_answer']));
}
if (count($answers) and $question_answer) {
$allow_list = explode(',', $user_group[$member_id['user_group']]['cat_allow_addnews']);
if ($allow_list[0] != "all") {
foreach ($catlist as $selected) {
if (!in_array($selected, $allow_list) and $member_id['user_group'] != "1") {
$stop .= "<li>" . $lang['news_err_41'] . "</li>";
}
}
}
if (!$user_group[$member_id['user_group']]['allow_html']) {
$config['allow_site_wysiwyg'] = "no";
$_POST['short_story'] = strip_tags($_POST['short_story']);
$_POST['full_story'] = strip_tags($_POST['full_story']);
}
if ($config['allow_site_wysiwyg'] == "yes") {
$parse->allow_code = false;
$full_story = $db->safesql($parse->BB_Parse($parse->process($_POST['full_story'])));
$short_story = $db->safesql($parse->BB_Parse($parse->process($_POST['short_story'])));
$allow_br = 0;
} else {
$full_story = $db->safesql($parse->BB_Parse($parse->process($_POST['full_story']), false));
$short_story = $db->safesql($parse->BB_Parse($parse->process($_POST['short_story']), false));
$allow_br = 1;
}
if ($parse->not_allowed_text) {
$stop .= "<li>" . $lang['news_err_39'] . "</li>";
}
$parse->ParseFilter();
$title = $db->safesql($parse->process(trim(strip_tags($_POST['title']))));
$alt_name = trim($parse->process(stripslashes($_POST['alt_name'])));
if ($config['safe_xfield']) {
$parse->ParseFilter();
protected function _create_dle_account()
{
$member_id['email'] = $this->user['email'];
$member_id['icq'] = $this->user['icq'];
if (VB_CHARSET && VB_CHARSET != DLE_CHARSET) {
$member_id['email'] = iconv(VB_CHARSET, DLE_CHARSET, $this->user['email']);
$member_id['icq'] = iconv(VB_CHARSET, DLE_CHARSET, $this->user['icq']);
}
$member_id['user_group'] = $GLOBALS['config']['reg_group'];
$member_id['name'] = $_POST['login_name'];
$add = array();
$add['name'] = $this->db->safesql($_POST['login_name']);
$add['password'] = md5($_POST['login_password']);
$add['email'] = $this->db->safesql($this->user['email']);
$add['icq'] = $this->db->safesql($member_id['icq']);
$add['reg_date'] = TIMENOW + $GLOBALS['config']['date_adjust'] * 60;
$add['lastdate'] = TIMENOW + $GLOBALS['config']['date_adjust'] * 60;
$add['logged_ip'] = $this->db->safesql(IPADRESS);
$update_fields = array();
$this->_init_parse();
foreach ($this->config['fields'] as $dle_field => $vb_field_id) {
if ($vb_field_id) {
if ($vb_field_id < 0) {
$vb_field = array_search($vb_field_id, $this->user_vb_field);
} else {
$vb_field = 'field' . $vb_field_id;
}
if (empty($this->user[$vb_field])) {
continue;
} else {
$value = $this->user[$vb_field];
}
if (VB_CHARSET && VB_CHARSET != DLE_CHARSET) {
$value = iconv(VB_CHARSET, DLE_CHARSET, $value);
}
if (in_array($dle_field, array('info', 'land', 'fullname'))) {
$member_id[$dle_field] = $add[$dle_field] = $this->db->safesql($value);
} else {
$value = $this->_parse->BB_Parse($this->_parse->process($value));
$value = str_replace("|", "|", $value);
$update_fields[] = $this->db->safesql($dle_field . "|" . $value);
}
}
}
$add['user_group'] = $GLOBALS['config']['reg_group'];
$add['favorites'] = '';
$add['signature'] = '';
if ($update_fields) {
$add['xfields'] = implode("||", $update_fields);
}
$this->db->query("INSERT INTO " . USERPREFIX . "_users (" . implode(", ", array_keys($add)) . ") VALUES ('" . implode("', '", $add) . "')");
$member_id['user_id'] = $this->db->insert_id();
$member_id['logged_ip'] = $_SERVER['REMOTE_ADDR'];
$member_id['reg_date'] = $member_id['lastdate'] = time() + $GLOBALS['config']['date_adjust'] * 60;
set_cookie("dle_user_id", $member_id['user_id'], 365);
set_cookie("dle_password", $_POST['login_password'], 365);
$_SESSION['dle_user_id'] = $member_id['user_id'];
$_SESSION['dle_password'] = $_POST['login_password'];
$_SESSION['member_lasttime'] = $member_id['lastdate'];
$_SESSION['dle_log'] = 0;
$GLOBALS['dle_login_hash'] = md5(strtolower($_SERVER['HTTP_HOST'] . $member_id['name'] . $_POST['login_password'] . $GLOBALS['config']['key'] . date("Ymd")));
if ($GLOBALS['config']['log_hash']) {
$hash = md5(uniqid(time()) . time());
$this->db->query("UPDATE " . USERPREFIX . "_users set hash='" . $hash . "' WHERE user_id='{$member_id['user_id']}'");
set_cookie("dle_hash", $hash, 365);
$_COOKIE['dle_hash'] = $hash;
$member_id['hash'] = $hash;
}
$GLOBALS['member_id'] = $member_id;
$GLOBALS['is_logged'] = true;
if ($this->user['avatarid']) {
$avatarid = $this->_db_connect()->super_query("SELECT avatarpath FROM " . VB_PREFIX . "avatar WHERE avatarid=" . $this->user['avatarid']);
if ($avatarid) {
$this->_db_disconnect();
$this->UpdateDLEAvatar(array('username' => $this->user['username'], 'avatarurl' => $avatarid['avatarurl']));
}
} else {
if ($this->vb_config['usefileavatar'] && $this->user['avatarrevision']) {
$this->UpdateDLEAvatar(array('username' => $this->user['username'], 'avatarurl' => $this->vb_config['bburl'] . "/" . $this->vb_config['avatarurl'] . "/avatar" . $this->user['userid'] . "_" . $this->user['avatarrevision'] . ".gif"));
}
}
return $member_id;
}
$save_con['allow_social'] = intval($save_con['allow_social']);
$save_con['auth_only_social'] = intval($save_con['auth_only_social']);
$save_con['allow_comments_rating'] = intval($save_con['allow_comments_rating']);
$save_con['tree_comments'] = intval($save_con['tree_comments']);
$save_con['tree_comments_level'] = intval($save_con['tree_comments_level']);
$save_con['simple_reply'] = intval($save_con['simple_reply']);
if ($save_con['adminlog_maxdays'] < 30) {
$save_con['adminlog_maxdays'] = 30;
}
if (substr($save_con['http_home_url'], -1, 1) != '/') {
$save_con['http_home_url'] = $save_con['http_home_url'] . "/";
}
include_once ENGINE_DIR . '/classes/parse.class.php';
$parse = new ParseFilter();
$parse->safe_mode = true;
$save_con['offline_reason'] = $parse->process(stripslashes(trim($save_con['offline_reason'])));
$save_con['offline_reason'] = str_replace('"', '"', $parse->BB_Parse($save_con['offline_reason'], false));
$save_con['admin_allowed_ip'] = str_replace("\r", "", trim($save_con['admin_allowed_ip']));
$save_con['admin_allowed_ip'] = str_replace("\n", "|", $save_con['admin_allowed_ip']);
$temp_array = explode("|", $save_con['admin_allowed_ip']);
$allowed_ip = array();
if (count($temp_array)) {
foreach ($temp_array as $value) {
$value1 = str_replace("*", "0", trim($value));
$value1 = explode('/', $value1);
$value1 = ip2long($value1[0]);
if ($value1 != -1 and $value1 !== FALSE) {
$allowed_ip[] = trim($value);
}
}
}
protected function PreparationValues()
{
if (!class_exists('ParseFilter')) {
throw new ExceptionAllError('Не найден класс ParseFilter');
}
$parse = new ParseFilter(array(), array(), 1, 1);
foreach ($this->checkbox_fields as $box_name => $name) {
if (!empty($this->values[$box_name])) {
$this->values[$box_name] = 1;
} else {
$this->values[$box_name] = 0;
}
}
if (empty($this->values['cost'])) {
$this->values['cost'] = 0;
} else {
$this->values['cost'] = str_replace(",", ".", str_replace(" ", "", $this->values['cost']));
}
if (empty($this->values['currency'])) {
$this->values['currency'] = "USD";
}
$this->values['cost_search'] = $this->values['cost'] / $this->config['currency'][$this->values['currency']];
if (!empty($this->values['auction']) && $this->values['cost']) {
$this->values['auction'] = 1;
} else {
$this->values['auction'] = 0;
}
if (!empty($this->values['allow_site'])) {
$this->values['allow_site'] = 1;
} else {
$this->values['allow_site'] = 0;
}
if (!empty($this->values['allow_block'])) {
$this->values['allow_block'] = 1;
if (!empty($this->values['block_date'])) {
$this->values['block_date'] = strtotime($this->values['block_date']);
} else {
$this->values['block_date'] = 0;
}
} else {
$this->values['block_date'] = 0;
$this->values['allow_block'] = 0;
}
if (!empty($this->values['exp_date'])) {
$this->values['exp_date'] = strtotime($this->values['exp_date']);
} else {
$this->values['exp_date'] = 0;
}
$this->values['city_other'] = $parse->process(trim($this->values['city_other']));
$this->values['model_other'] = $parse->process(trim($this->values['model_other']));
$this->values['phone'] = $parse->process(trim($this->values['phone']));
$this->values['contact_person'] = $parse->process(trim($this->values['contact_person']));
$this->values['description'] = $parse->BB_Parse($this->values['description'], false);
if ($this->values['model_other']) {
$this->values['model_id'] = 0;
}
if ($this->values['city_other']) {
$this->values['city_id'] = 0;
}
}
$short_story = $db->safesql($parse->BB_Parse($short_story));
} else {
$full_story = $db->safesql($parse->BB_Parse($full_story, false));
$short_story = $db->safesql($parse->BB_Parse($short_story, false));
}
if ($row['xfields'] != "") {
$xfields = xfieldsload();
$postedxfields = xfieldsdataload($row['xfields']);
$filecontents = array();
$newpostedxfields = array();
if (!empty($postedxfields)) {
foreach ($xfields as $name => $value) {
if ($value[3] == "textarea" and $postedxfields[$value[0]] != "") {
if ($config['allow_admin_wysiwyg'] == "yes" or $row['allow_br'] != '1') {
$postedxfields[$value[0]] = $parsexf->decodeBBCodes($postedxfields[$value[0]], true, "yes");
$newpostedxfields[$value[0]] = $parsexf->BB_Parse($parsexf->process($postedxfields[$value[0]]));
} else {
$postedxfields[$value[0]] = $parsexf->decodeBBCodes($postedxfields[$value[0]], false);
$newpostedxfields[$value[0]] = $parsexf->BB_Parse($parsexf->process($postedxfields[$value[0]]), false);
}
} elseif ($postedxfields[$value[0]] != "") {
$newpostedxfields[$value[0]] = $parsexf->process(stripslashes($postedxfields[$value[0]]));
}
}
if (count($newpostedxfields)) {
foreach ($newpostedxfields as $xfielddataname => $xfielddatavalue) {
if ($xfielddatavalue == "") {
continue;
}
$xfielddatavalue = str_replace("|", "|", $xfielddatavalue);
$filecontents[] = $db->safesql("{$xfielddataname}|{$xfielddatavalue}");
$parse->filter_mode = false;
// ********************************************************************************
// Добавление слова
// ********************************************************************************
if ($action == "add") {
if ($_REQUEST['user_hash'] == "" or $_REQUEST['user_hash'] != $dle_login_hash) {
die("Hacking attempt! User not found");
}
$word_find = trim(strip_tags(stripslashes($_POST['word_find'])));
if ($word_find == "") {
msg("error", $lang['word_error'], $lang['word_word'], "?mod=wordfilter");
}
if ($word_replace == "({$lang['word_del']})") {
$word_replace = "";
}
$word_replace = stripslashes($parse->BB_Parse($parse->process($_POST['word_replace']), false));
$word_id = time();
$all_items = file(ENGINE_DIR . '/data/wordfilter.db.php');
foreach ($all_items as $item_line) {
$item_arr = explode("|", $item_line);
if ($item_arr[0] == $word_id) {
$word_id++;
}
}
foreach ($all_items as $word_line) {
$word_arr = explode("|", $word_line);
if ($word_arr[1] == $word_find) {
msg("error", $lang['word_error'], $lang['word_ar'], "?mod=wordfilter");
}
}
$new_words = fopen(ENGINE_DIR . '/data/wordfilter.db.php', "a");
}
if (!$have_perm) {
die("Access it is refused");
}
$allow_br = intval($_REQUEST['allow_br']);
if ($user_group[$member_id['user_group']]['moderation']) {
$approve = 1;
} else {
$approve = 0;
}
if ($allow_br) {
$use_html = false;
} else {
$use_html = true;
}
$_POST['title'] = $db->safesql($parse->process(trim(strip_tags(convert_unicode($_POST['title'], $config['charset'])))));
if ($config['allow_quick_wysiwyg']) {
$parse->allow_code = false;
}
$_POST['news_txt'] = convert_unicode($_POST['news_txt'], $config['charset']);
$_POST['full_txt'] = convert_unicode($_POST['full_txt'], $config['charset']);
if (!$user_group[$member_id['user_group']]['allow_html']) {
$_POST['news_txt'] = strip_tags($_POST['news_txt']);
$_POST['full_txt'] = strip_tags($_POST['full_txt']);
}
$news_txt = $db->safesql($parse->BB_Parse($parse->process($_POST['news_txt']), $use_html));
$full_txt = $db->safesql($parse->BB_Parse($parse->process($_POST['full_txt']), $use_html));
if ($config['safe_xfield']) {
$parse->ParseFilter();
$parse->safe_mode = true;
}
</div>
</div>
</div>
HTML;
$message = stripslashes($message);
echo <<<HTML
<pre style="display:none;" id="title">{$title}</pre>
<pre style="display:none;" id="message">{$message}</pre>
</body>
</html>
HTML;
} elseif ($action == "preview") {
include_once ENGINE_DIR . '/classes/parse.class.php';
$parse = new ParseFilter(array(), array(), 1, 1);
$title = strip_tags(stripslashes($parse->process($_POST['title'])));
$message = stripslashes($parse->process($_POST['message']));
if ($editor == "wysiwyg") {
$message = $parse->BB_Parse($message);
} else {
$message = $parse->BB_Parse($message, false);
}
echo <<<HTML
<html><title>{$title}</title>
<meta content="text/html; charset={$config['charset']}" http-equiv=Content-Type>
<style type="text/css">
html,body{
height:100%;
margin:0px;
padding: 0px;
font-size: 11px;
$news_fixed = 0;
$allow_br = intval($_POST['text_type']);
$lastdate = intval($_POST['lastdate']);
if (count($_POST['content'])) {
foreach ($_POST['content'] as $content) {
$approve = intval($content['approve']);
if (!count($content['category'])) {
$content['category'] = array();
$content['category'][] = '0';
}
$category_list = array();
foreach ($content['category'] as $value) {
$category_list[] = intval($value);
}
$category_list = $db->safesql(implode(',', $category_list));
$full_story = $parse->process($content['full']);
$short_story = $parse->process($content['short']);
$title = $parse->process(trim(strip_tags($content['title'])));
$_POST['title'] = $title;
$alt_name = totranslit(stripslashes($title));
$title = $db->safesql($title);
if (!$allow_br) {
$full_story = $db->safesql($parse->BB_Parse($full_story));
$short_story = $db->safesql($parse->BB_Parse($short_story));
} else {
$full_story = $db->safesql($parse->BB_Parse($full_story, false));
$short_story = $db->safesql($parse->BB_Parse($short_story, false));
}
$metatags = create_metatags($short_story . $full_story);
$thistime = date("Y-m-d H:i:s", strtotime($content['date']));
if (trim($title) == "") {
}
$banned_info = get_vars("banned");
if (!is_array($banned_info)) {
$banned_info = array();
$db->query("SELECT * FROM " . USERPREFIX . "_banned");
while ($row = $db->get_row()) {
if ($row['users_id']) {
$banned_info['users_id'][$row['users_id']] = array('users_id' => $row['users_id'], 'descr' => stripslashes($row['descr']), 'date' => $row['date']);
} else {
if (count(explode(".", $row['ip'])) == 4) {
$banned_info['ip'][$row['ip']] = array('ip' => $row['ip'], 'descr' => stripslashes($row['descr']), 'date' => $row['date']);
} elseif (strpos($row['ip'], "@") !== false) {
$banned_info['email'][$row['ip']] = array('email' => $row['ip'], 'descr' => stripslashes($row['descr']), 'date' => $row['date']);
} else {
$banned_info['name'][$row['ip']] = array('name' => $row['ip'], 'descr' => stripslashes($row['descr']), 'date' => $row['date']);
}
}
}
set_vars("banned", $banned_info);
$db->free();
}
$name = $db->safesql(trim(htmlspecialchars($parse->process(convert_unicode($_POST['name'], $config['charset'])), ENT_QUOTES, $config['charset'])));
$name = preg_replace('#\\s+#i', ' ', $name);
$allow = check_name($name);
if (!$allow) {
$buffer = "<font color=\"green\">" . $lang['reg_ok_ajax'] . "</font>";
} else {
$buffer = "<font color=\"red\">" . $allow . "</font>";
}
@header("Content-type: text/html; charset=" . $config['charset']);
echo $buffer;
$category = $db->safesql(implode(',', $category_list));
$grouplevel = $_POST['grouplevel'];
if (!count($grouplevel)) {
$grouplevel = array();
$grouplevel[] = 'all';
}
$g_list = array();
foreach ($grouplevel as $value) {
if ($value == "all") {
$g_list[] = $value;
} else {
$g_list[] = intval($value);
}
}
$grouplevel = $db->safesql(implode(',', $g_list));
$title = $db->safesql($parse->BB_Parse($parse->process($_POST['title']), false));
$body = $db->safesql($parse->BB_Parse($parse->process($_POST['body']), false));
$db->query("INSERT INTO " . PREFIX . "_vote (category, vote_num, date, title, body, approve, start, end, grouplevel) VALUES ('{$category}', 0, CURRENT_DATE(), '{$title}', '{$body}', '1', '{$start_date}', '{$end_date}', '{$grouplevel}')");
@unlink(ENGINE_DIR . '/cache/system/vote.php');
$db->query("INSERT INTO " . USERPREFIX . "_admin_logs (name, date, ip, action, extras) values ('" . $db->safesql($member_id['name']) . "', '{$_TIME}', '{$_IP}', '2', '{$title}')");
msg("info", $lang['vote_str_3'], $lang['vote_str_3'], "?mod=editvote");
} elseif ($_GET['action'] == "update") {
if ($_REQUEST['user_hash'] == "" or $_REQUEST['user_hash'] != $dle_login_hash) {
die("Hacking attempt! User not found");
}
if (trim($_POST['start_date'])) {
$start_date = @strtotime($_POST['start_date']);
if ($start_date === -1 or !$start_date) {
$start_date = "";
}
} else {
} else {
msgbox($lang['comm_err_2'], $lang['comm_err_3']);
}
} elseif ($id and $action == "comm_edit" and $subaction == "addcomment") {
$row = $db->super_query("SELECT * FROM " . PREFIX . "_{$allowed_areas[$area]['comments_table']} where id = '{$id}'");
$have_perm = 0;
$row['date'] = strtotime($row['date']);
if ($row['autor'] and $is_logged and ($member_id['name'] == $row['autor'] and $row['is_register'] and $user_group[$member_id['user_group']]['allow_editc'] or $member_id['user_group'] == '1' or $user_group[$member_id['user_group']]['edit_allc'])) {
$have_perm = 1;
}
if ($user_group[$member_id['user_group']]['edit_limit'] and $row['date'] + $user_group[$member_id['user_group']]['edit_limit'] * 60 < $_TIME) {
$have_perm = 0;
}
if ($have_perm) {
if ($config['allow_comments_wysiwyg'] != "yes") {
$comments = $parse->BB_Parse($parse->process($_POST['comments']), false);
} else {
$parse->wysiwyg = true;
$parse->ParseFilter(array('div', 'span', 'p', 'br', 'strong', 'em', 'ul', 'li', 'ol', 'b', 'u', 'i', 's'), array(), 0, 1);
if ($user_group[$member_id['user_group']]['allow_url']) {
$parse->tagsArray[] = 'a';
}
if ($user_group[$member_id['user_group']]['allow_image']) {
$parse->tagsArray[] = 'img';
}
$comments = $parse->BB_Parse($parse->process($_POST['comments']));
}
//* Автоперенос длинных слов
if (intval($config['auto_wrap'])) {
$comments = preg_split('((>)|(<))', $comments, -1, PREG_SPLIT_DELIM_CAPTURE);
$n = count($comments);
die("Hacking attempt! User not found");
}
$allow_br = intval($_POST['allow_br']);
if ($member_id['user_group'] != 1 and $allow_br > 1) {
$allow_br = 1;
}
if ($allow_br == 2) {
if (function_exists("get_magic_quotes_gpc") && get_magic_quotes_gpc()) {
$_POST['template'] = stripslashes($_POST['template']);
}
$template = trim(addslashes($_POST['template']));
} else {
if ($config['allow_static_wysiwyg'] == "yes") {
$parse->allow_code = false;
}
$template = $parse->process($_POST['template']);
if ($config['allow_static_wysiwyg'] == "yes" or $allow_br != '1') {
$template = $parse->BB_Parse($template);
} else {
$template = $parse->BB_Parse($template, false);
}
}
$disable_index = isset($_POST['disable_index']) ? intval($_POST['disable_index']) : 0;
$metatags = create_metatags($template);
$name = trim(totranslit($_POST['name'], true, false));
$descr = trim($db->safesql(htmlspecialchars($_POST['description'])));
$template = $db->safesql($template);
$tpl = trim(totranslit($_POST['static_tpl']));
$skin_name = trim(totranslit($_POST['skin_name'], false, false));
$newdate = $_POST['newdate'];
if (isset($_POST['allow_now'])) {
} else {
$parse = new ParseFilter();
$parse->safe_mode = true;
function del_tpl($read)
{
global $tpl;
$read = str_replace('\\"', '"', str_replace("&", "&", $read));
$tpl->copy_template = $read;
}
$tpl = new dle_template();
$tpl->dir = ROOT_DIR . '/templates/' . $_REQUEST['skin'];
define('TEMPLATE_DIR', $tpl->dir);
$_POST['name'] = convert_unicode($_POST['name'], $config['charset']);
$_POST['subj'] = convert_unicode($_POST['subj'], $config['charset']);
$_POST['text'] = convert_unicode($_POST['text'], $config['charset']);
$name = $parse->process(trim($_POST['name']));
$subj = $parse->process(trim($_POST['subj']));
if ($config['allow_comments_wysiwyg'] != "yes") {
$text = $parse->BB_Parse($parse->process($_POST['text']), false);
} else {
$parse->wysiwyg = true;
$parse->ParseFilter(array('div', 'span', 'p', 'br', 'strong', 'em', 'ul', 'li', 'ol'), array(), 0, 1);
$text = $parse->BB_Parse($parse->process($_POST['text']));
}
$tpl->load_template('pm.tpl');
preg_replace("'\\[readpm\\](.*?)\\[/readpm\\]'ies", "del_tpl('\\1')", $tpl->copy_template);
if (strpos($tpl->copy_template, "[xfvalue_") !== false) {
$xfound = true;
} else {
$xfound = false;
}
/* Helpers classes */
require_once ENGINE_DIR . '/classes/parse.class.php';
require_once MODULE_PATH . '/helpers/user.models.php';
require_once MODULE_PATH . '/helpers/user.theme.php';
require_once MODULE_PATH . '/lang/cabinet.php';
require_once MODULE_DATA . '/mail.php';
/* Install */
if (!file_exists(MODULE_DATA . '/config.php')) {
header('Refresh: 0; url=' . $config['http_home_url']);
die;
}
require_once MODULE_PATH . '/pay.api.php';
/* Pointer controller */
$parse = new ParseFilter();
$start = explode("/", $billing_config['start']);
$c = $_GET['c'] ? $db->safesql($parse->process(trim($_GET['c']))) : $start[0];
$m = $_GET['m'] ? $db->safesql($parse->process(trim($_GET['m']))) : $start[1];
$p = $_GET['p'] ? $db->safesql($parse->process(trim($_GET['p']))) : $start[2];
/* OFF */
if (!$billing_config['status'] and $member_id['user_group'] != 1) {
echo $billing_lang['cabinet_off'];
} else {
/* Load controller - Core */
if (file_exists(MODULE_PATH . "/controllers/user." . $c . ".php")) {
require_once MODULE_PATH . '/controllers/user.' . $c . '.php';
} elseif (file_exists(MODULE_PATH . "/plugins/" . $c . "/user.main.php")) {
require_once MODULE_PATH . '/plugins/' . $c . '/user.main.php';
} else {
echo str_replace("{c}", $c, $billing_lang['cabinet_controller_error']);
}
}
$row = $db->super_query("SELECT user_id, name, user_group, email FROM " . USERPREFIX . "_users WHERE user_id = '{$id}'");
if (!$row['user_id']) {
die("User not found");
}
if ($member_id['user_group'] != 1 and $row['user_group'] == 1) {
die($lang['edit_not_admin']);
}
$editlevel = intval($_POST['editlevel']);
if ($member_id['user_group'] != 1 and $editlevel < 2) {
die($lang['admin_not_access']);
}
$db->query("INSERT INTO " . USERPREFIX . "_admin_logs (name, date, ip, action, extras) values ('" . $db->safesql($member_id['name']) . "', '{$_TIME}', '{$_IP}', '64', '{$row['name']}')");
include_once ENGINE_DIR . '/classes/parse.class.php';
$parse = new ParseFilter();
$parse->safe_mode = true;
$editlogin = $db->safesql($parse->process($_POST['editlogin']));
$editfullname = $db->safesql($parse->process($_POST['editfullname']));
if ($_POST['editicq']) {
$editicq = intval($_POST['editicq']);
} else {
$editicq = "";
}
$editland = $db->safesql($parse->process($_POST['editland']));
$editinfo = $db->safesql($parse->BB_Parse($parse->process($_POST['editinfo']), false));
$editsignature = $db->safesql($parse->BB_Parse($parse->process($_POST['editsignature']), false));
$time_limit = trim($_POST['time_limit']) ? strtotime($_POST['time_limit']) : "";
$not_allow_symbol = array("\"", "`", "\t", '\\n', '\\r', "\n", "\r", '\\', ",", "/", "¬", "#", ";", ":", "~", "[", "]", "{", "}", ")", "(", "*", "^", "%", "\$", "<", ">", "?", "!", '"', "'", " ");
$editmail = $db->safesql(trim(str_replace($not_allow_symbol, '', strip_tags(stripslashes($_POST['editmail'])))));
if (empty($editmail) or strlen($editmail) > 50 or @count(explode("@", $editmail)) != 2) {
die("E-mail not correct");
}
@ini_set('display_errors', true);
@ini_set('html_errors', false);
@ini_set('error_reporting', E_ALL ^ E_WARNING ^ E_NOTICE);
define('DATALIFEENGINE', true);
define('ROOT_DIR', substr(dirname(__FILE__), 0, -12));
define('ENGINE_DIR', ROOT_DIR . '/engine');
include ENGINE_DIR . '/data/config.php';
if ($config['http_home_url'] == "") {
$config['http_home_url'] = explode("engine/ajax/keywords.php", $_SERVER['PHP_SELF']);
$config['http_home_url'] = reset($config['http_home_url']);
$config['http_home_url'] = "http://" . $_SERVER['HTTP_HOST'] . $config['http_home_url'];
}
require_once ENGINE_DIR . '/classes/mysql.php';
require_once ENGINE_DIR . '/data/dbconfig.php';
require_once ROOT_DIR . '/language/' . $config['langs'] . '/adminpanel.lng';
require_once ENGINE_DIR . '/inc/include/functions.inc.php';
require_once ENGINE_DIR . '/classes/parse.class.php';
dle_session();
$config['charset'] = $lang['charset'] != '' ? $lang['charset'] : $config['charset'];
@header("Content-type: text/html; charset=" . $config['charset']);
$parse = new ParseFilter();
$full_story = $parse->BB_Parse($parse->process(convert_unicode($_REQUEST['full_txt'], $config['charset'])), false);
$short_story = $parse->BB_Parse($parse->process(convert_unicode($_REQUEST['short_txt'], $config['charset'])), false);
$metatags = create_metatags($short_story . $full_story);
$metatags['description'] = trim($metatags['description']);
$metatags['keywords'] = trim($metatags['keywords']);
if ($_REQUEST['key'] == 1) {
echo stripslashes($metatags['description']);
} else {
echo stripslashes($metatags['keywords']);
}
}
$row = $db->super_query("SELECT * FROM " . USERPREFIX . "_users WHERE user_id = '{$id}'");
if (!$is_logged or !($member_id['user_id'] == $row['user_id'] or $member_id['user_group'] == 1)) {
$stop = $lang['news_err_13'];
} else {
$parse->allow_url = $user_group[$member_id['user_group']]['allow_url'];
$parse->allow_image = $user_group[$member_id['user_group']]['allow_image'];
$password1 = $_POST['password1'];
$password2 = $_POST['password2'];
if ($_POST['allow_mail']) {
$allow_mail = 0;
} else {
$allow_mail = 1;
}
$altpass = md5($_POST['altpass']);
$info = $db->safesql($parse->BB_Parse($parse->process($_POST['info']), false));
$not_allow_symbol = array("\"", "`", "\t", '\\n', '\\r', "\n", "\r", '\\', ",", "/", "¬", "#", ";", ":", "~", "[", "]", "{", "}", ")", "(", "*", "^", "%", "\$", "<", ">", "?", "!", '"', "'", " ");
$email = $db->safesql(trim(str_replace($not_allow_symbol, '', strip_tags(stripslashes($_POST['email'])))));
$fullname = $db->safesql($parse->process($_POST['fullname']));
$land = $db->safesql($parse->process($_POST['land']));
$icq = intval(str_replace("-", "", $_POST['icq']));
if (!$icq) {
$icq = "";
}
if ($_POST['allowed_ip']) {
$_POST['allowed_ip'] = str_replace("\r", "", trim($_POST['allowed_ip']));
$allowed_ip = str_replace("\n", "|", $_POST['allowed_ip']);
$temp_array = explode("|", $allowed_ip);
$allowed_ip = array();
if (count($temp_array)) {
foreach ($temp_array as $value) {
{$lang['message_pm_6']}
[quote]{$text}[/quote]
HTML;
} else {
$message = <<<HTML
[b]{$row['name']}[/b],
{$lang['message_pm_1']} "{$title}" {$lang['message_pm_2']} [b]{$member_id['name']}[/b].
{$lang['message_pm_3']}
[quote]{$text}[/quote]
HTML;
}
$message = $db->safesql($parse->BB_Parse($parse->process(trim($message)), false));
$time = time() + $config['date_adjust'] * 60;
$member_id['name'] = $db->safesql($member_id['name']);
$db->query("INSERT INTO " . USERPREFIX . "_pm (subj, text, user, user_from, date, pm_read, folder) values ('{$lang['message_pm']}', '{$message}', '{$row['user_id']}', '{$member_id['name']}', '{$time}', 'no', 'inbox')");
$db->query("UPDATE " . USERPREFIX . "_users SET pm_all=pm_all+1, pm_unread=pm_unread+1 WHERE user_id='{$row['user_id']}'");
if ($config['mail_pm']) {
include_once ENGINE_DIR . '/classes/mail.class.php';
$mail = new dle_mail($config);
$mail_template = $db->super_query("SELECT template FROM " . PREFIX . "_email WHERE name='pm' LIMIT 0,1");
$mail_template['template'] = stripslashes($mail_template['template']);
$mail_template['template'] = str_replace("{%username%}", $row['name'], $mail_template['template']);
$mail_template['template'] = str_replace("{%date%}", langdate("j F Y H:i", $time), $mail_template['template']);
$mail_template['template'] = str_replace("{%fromusername%}", $member_id['name'], $mail_template['template']);
$mail_template['template'] = str_replace("{%title%}", $lang['message_pm'], $mail_template['template']);
$body = str_replace('\\n', "", $message);
$body = str_replace('\\r', "", $body);
define('MODULE_DATA', ENGINE_DIR . "/data/billing");
/* Need install */
if (!file_exists(MODULE_DATA . '/config.php')) {
require_once MODULE_PATH . '/helpers/install.php';
die;
}
/* Helpers classes */
require_once ENGINE_DIR . '/classes/parse.class.php';
require_once MODULE_PATH . '/helpers/user.models.php';
require_once MODULE_PATH . '/helpers/adm.theme.php';
require_once MODULE_DATA . '/config.php';
require_once MODULE_PATH . '/lang/admin.php';
require_once MODULE_PATH . '/pay.api.php';
/* Pointer controller */
$parse = new ParseFilter();
$c = $_GET['c'] ? $db->safesql($parse->process(trim($_GET['c']))) : "main";
$m = $_GET['m'] ? $db->safesql($parse->process(trim($_GET['m']))) : "main";
$p = $_GET['p'] ? $db->safesql($parse->process(trim($_GET['p']))) : "";
/* Load controller - Core */
if (file_exists(MODULE_PATH . "/controllers/adm." . $c . ".php")) {
require_once MODULE_PATH . '/controllers/adm.' . $c . '.php';
} elseif (file_exists(MODULE_PATH . "/plugins/" . $c . "/adm.main.php")) {
require_once MODULE_PATH . '/plugins/' . $c . '/adm.main.php';
} else {
die("Controller Error - 404");
}
/* Load controller function */
$adm = new ADMIN();
$adm->config = $billing_config;
$adm->config_dle = $config;
$adm->hash = $dle_login_hash;
