<city></city> </user> XML; } $resp .= "</profiles>"; break; // Отправляем ПМ // Отправляем ПМ case "sendmessage": require_once ENGINE_DIR . '/classes/parse.class.php'; $parse = new ParseFilter(); $parse->safe_mode = true; $uid = intval($_GET['uid']); $sender_id = intval($_GET['sender_id']); $message = convert_unicode($_GET['message'], $config['charset']); $message = $parse->BB_Parse($parse->process($message), false); $subj = strip_tags($db->safesql($nextgame['subj_pm'], $config['charset'])); if ($_GET['type'] == 'user') { $user = $db->super_query("SELECT user_id,name from " . USERPREFIX . "_users where user_id='{$sender_id}'"); } else { $user['name'] = "NexGame Aplication"; } $time = time() + $config['date_adjust'] * 60; $db->query("INSERT INTO " . USERPREFIX . "_pm (subj, text, user, user_from, date, pm_read, folder) values ('{$subj}', '{$message}', '{$uid}', '{$user['name']}', '{$time}', 'no', 'inbox')"); $db->query("UPDATE " . USERPREFIX . "_users set pm_all=pm_all+1, pm_unread=pm_unread+1 where user_id='{$uid}'"); $resp = "<msg><uid>{$uid}</uid><delivered>1</delivered></msg>"; break; case 'sendinvite': /// Инвайт отправим. if (empty($_GET['uid']) or intval($_GET['sender_id']) == 0 or intval($_GET['app_id']) == 0) { die;
public function Add($values_array) { if (!in_array($this->member['group'], $this->config['user_int_allow_no_code'])) { $sec_code_session = $_SESSION['sec_code_session'] != '' ? $_SESSION['sec_code_session'] : false; $_SESSION['sec_code_session'] = false; if ($_POST['sec_code'] != $sec_code_session or !$sec_code_session) { $this->Errors[] = $this->lang['error_code']; } } if (!$GLOBALS['is_logged'] && $this->config['general_allow_reg']) { $parse = new ParseFilter(array(), array(), 1, 1); $password1 = $this->base->EscapeString($parse->process($_POST['password1'])); $password2 = $this->base->EscapeString($parse->process($_POST['password2'])); $name = $this->base->EscapeString($parse->process(htmlspecialchars(trim($_POST['name'])))); $email = $this->base->EscapeString($parse->process(htmlspecialchars(trim($_POST['email'])))); $member_id = $GLOBALS['db']->super_query("SELECT * FROM " . USERPREFIX . "_users where name='{$name}' and password='******'"); if ($member_id) { $this->LoginIn($password1); $GLOBALS['member_id'] = $member_id; $this->member['id'] = $member_id['user_id']; $this->member['name'] = $member_id['name']; $this->member['group'] = $member_id['user_group']; $this->member['ip'] = $member_id['logged_ip']; $this->guest_session = ''; } else { auto_check_reg($name, $email, $password1, $password2); } } $this->values = $values_array; $this->CheckError(); require_once ENGINE_DIR . '/car-market/classes/Fields.php'; $xfields = new Fields($this->base, $this); $this->values['xfields'] = $xfields->EncodeFields($this->values); $this->Errors = $this->Errors + $xfields->getErrors(); if ($this->Errors) { return false; } if (!$GLOBALS['is_logged'] && $this->config['general_allow_reg']) { if (intval($GLOBALS['config']['reg_group']) < 3) { $GLOBALS['config']['reg_group'] = 4; } $regpassword = md5(md5($password1)); $GLOBALS['db']->query("INSERT INTO " . USERPREFIX . "_users (name, password, email, reg_date, lastdate, user_group, info, signature, favorites, xfields, logged_ip) VALUES ('{$name}', '{$regpassword}', '{$email}', '{$this->base->timer->cur_time}', '{$this->base->timer->cur_time}', '" . $GLOBALS['config']['reg_group'] . "', '', '', '', '', '" . $this->member['ip'] . "')"); $this->member['id'] = $GLOBALS['db']->insert_id(); $this->member['name'] = $name; $this->member['group'] = $GLOBALS['config']['reg_group']; $guest_session = $this->guest_session; $this->guest_session = ''; $this->LoginIn($password1); } // if ($this->values['capacity_motor'] > 1000) // { // $this->values['capacity_motor'] = $this->values['capacity_motor']/1000; // } $this->PreparationValues(); if (in_array($this->member['group'], $this->config['user_int_allow_change_exp'])) { if ($this->values['count_day']) { $this->values['exp_date'] = $this->base->timer->cur_time + (int) $this->values['count_day'] * 24 * 60 * 60; } else { $this->values['exp_date'] = 0; } } elseif ($this->config['user_int_default_day_count']) { $this->values['exp_date'] = $this->base->timer->cur_time + (int) $this->config['user_int_default_day_count'] * 24 * 60 * 60; } else { $this->values['exp_date'] = 0; } if (in_array($this->member['group'], $this->config['user_int_allow_no_moder'])) { $this->values['allow_site'] = 1; } $this->values['guest_session'] = $this->guest_session; $this->values['add_date'] = $this->values['update_date'] = $this->base->timer->cur_time; $this->values['author'] = $this->member['name']; $this->values['author_id'] = $this->member['id']; $this->values['author_ip'] = $this->member['ip']; $id = $this->base->Insert('auto_autos', $this->values); if (!empty($this->values['images'])) { $this->values['images'] = array_slice($this->values['images'], 0, $this->config['count_photo'][$this->member['group']]); if ($this->values['images']) { $this->base->SetWhere('id', $this->values['images'], 'IN', 'auto_images'); if ($this->member['id']) { $this->base->Update('auto_images', array('auto_id' => $id), array('auto_id' => 0, 'user_id' => $this->member['id'])); } else { if (!empty($guest_session)) { $this->base->Update('auto_images', array('auto_id' => $id, 'user_id' => $this->member['id'], 'guest_session' => ''), array('auto_id' => 0, 'guest_session' => $guest_session)); } else { $this->base->Update('auto_images', array('auto_id' => $id), array('auto_id' => 0, 'guest_session' => $this->guest_session)); } } if (!(int) $this->values['main_photo']) { $this->values['main_photo'] = reset($this->values['images']); } $this->base->Update('auto_autos', array('photo' => $this->values['main_photo'], 'photo_count' => count($this->values['images'])), array('id' => $id)); } } if (!empty($_FILES['photo']['name'][0]) && $this->UploadPhoto($id)) { $this->base->Update('auto_autos', array('photo' => $this->values['photo'], 'photo_count' => $this->values['photo_count']), array('id' => $id)); } if (!empty($this->values['allow_site'])) { $this->IncrementCounter($this->values['mark_id'], $this->values['model_id']); Cache::ClearAllCache(); } if ($this->config['general_inform'] && $this->config['general_email']) { if ($data = @file_get_contents(ENGINE_DIR . "/car-market/mail.txt")) { include_once DLE_CLASSES . 'mail.class.php'; $mail = new dle_mail($GLOBALS['config']); $mail->from = $GLOBALS['config']['admin_mail']; $data = str_replace("{%site_url%}", $GLOBALS['config']['http_home_url'], $data); $data = str_replace("{%auto_link%}", $this->tpl->GetUrl(array("action" => 'auto', "id" => $id)), $data); $mail->send($this->config['general_email'], $this->lang['mail_subj'], $data); } } return $id; }
$user_group[$row['id']] = array(); foreach ($row as $key => $value) { $user_group[$row['id']][$key] = stripslashes($value); } } set_vars("usergroup", $user_group); $db->free(); } @header("Content-type: text/html; charset=" . $config['charset']); $parse = new ParseFilter(); $parse->safe_mode = true; $parse->allow_url = $user_group[$member_id['user_group']]['allow_url']; $parse->allow_image = $user_group[$member_id['user_group']]['allow_image']; $id = intval($_POST['id']); $text = convert_unicode($_POST['text'], $config['charset']); $text = $parse->BB_Parse($parse->process(trim($text)), false); if ($config['allow_complaint_mail']) { include_once ENGINE_DIR . '/classes/mail.class.php'; $mail = new dle_mail($config); $lang['mail_complaint_1'] = str_replace("{site}", $config['http_home_url'], $lang['mail_complaint_1']); } if ($_POST['action'] == "pm") { if (!$is_logged) { die("error"); } if (!$id or !$text) { die("error"); } $row = $db->super_query("SELECT id, text, user, user_from FROM " . USERPREFIX . "_pm WHERE id='{$id}'"); if ($row['user'] != $member_id['user_id'] or !$row['id']) { die("Operation not Allowed");
die("error"); } if ($config['allow_comments_wysiwyg']) { $parse->wysiwyg = true; $use_html = true; $parse->ParseFilter(array('div', 'span', 'p', 'br', 'strong', 'em', 'ul', 'li', 'ol', 'b', 'u', 'i', 's'), array(), 0, 1); if ($user_group[$member_id['user_group']]['allow_url']) { $parse->tagsArray[] = 'a'; } if ($user_group[$member_id['user_group']]['allow_image']) { $parse->tagsArray[] = 'img'; } } else { $use_html = false; } $comm_txt = trim($parse->BB_Parse($parse->process(convert_unicode($_POST['comm_txt'], $config['charset'])), $use_html)); if ($parse->not_allowed_tags) { die("error"); } if ($parse->not_allowed_text) { die("error"); } if (dle_strlen($comm_txt, $config['charset']) > $config['comments_maxlen']) { die("error"); } if ($comm_txt == "") { die("error"); } if (intval($config['comments_minlen']) and dle_strlen($comm_txt, $config['charset']) < $config['comments_minlen']) { die("error"); }
$allow_list = explode(',', $user_group[$member_id['user_group']]['cat_add']); foreach ($category as $selected) { if ($allow_list[0] != "all" and !in_array($selected, $allow_list) and $member_id['user_group'] != 1) { $approve = 0; } } if (!$user_group[$member_id['user_group']]['moderation']) { $approve = 0; } $allow_list = explode(',', $user_group[$member_id['user_group']]['cat_allow_addnews']); foreach ($category as $selected) { if ($allow_list[0] != "all" and !in_array($selected, $allow_list) and $ifdelete != "yes") { msg("error", $lang['addnews_error'], $lang['news_err_41'], "javascript:history.go(-1)"); } } $title = $parse->process(trim(strip_tags($_POST['title']))); if (!$user_group[$member_id['user_group']]['allow_html']) { $_POST['short_story'] = strip_tags($_POST['short_story']); $_POST['full_story'] = strip_tags($_POST['full_story']); } if ($config['allow_admin_wysiwyg']) { $parse->allow_code = false; } $full_story = $parse->process($_POST['full_story']); $short_story = $parse->process($_POST['short_story']); if ($config['allow_admin_wysiwyg'] or $allow_br != '1') { $full_story = $db->safesql($parse->BB_Parse($full_story)); $short_story = $db->safesql($parse->BB_Parse($short_story)); } else { $full_story = $db->safesql($parse->BB_Parse($full_story, false)); $short_story = $db->safesql($parse->BB_Parse($short_story, false));
</table> </div></form> HTML; echofooter(); exit; } elseif ($_POST['action'] == "do_mass_move_to_ban") { include_once ENGINE_DIR . '/classes/parse.class.php'; $parse = new ParseFilter(); foreach ($selected_users as $id) { $id = intval($id); $row = $db->super_query("SELECT name, user_group FROM " . USERPREFIX . "_users WHERE user_id='{$id}'"); if ($member_id['user_group'] != 1 and $row['user_group'] == 1) { msg("error", $lang['mass_error'], $lang['edit_not_admin'], "?mod=editusers&action=list"); } $db->query("INSERT INTO " . USERPREFIX . "_admin_logs (name, date, ip, action, extras) values ('" . $db->safesql($member_id['name']) . "', '{$_TIME}', '{$_IP}', '44', '{$row['name']}')"); $banned_descr = $db->safesql($parse->BB_Parse($parse->process($_POST['banned_descr']), false)); $this_time = time() + $config['date_adjust'] * 60; $banned_date = intval($_POST['banned_date']); $this_time = $banned_date ? $this_time + $banned_date * 60 * 60 * 24 : 0; $row = $db->super_query("SELECT users_id, days FROM " . USERPREFIX . "_banned WHERE users_id = '{$id}'"); if (!$row['users_id']) { $db->query("INSERT INTO " . USERPREFIX . "_banned (users_id, descr, date, days) values ('{$id}', '{$banned_descr}', '{$this_time}', '{$banned_date}')"); } else { if ($row['days'] != $banned_date) { $db->query("UPDATE " . USERPREFIX . "_banned SET descr='{$banned_descr}', days='{$banned_date}', date='{$this_time}' WHERE users_id = '{$id}'"); } else { $db->query("UPDATE " . USERPREFIX . "_banned set descr='{$banned_descr}' WHERE users_id = '{$id}'"); } } @unlink(ENGINE_DIR . '/cache/system/banned.php'); $db->query("UPDATE " . USERPREFIX . "_users SET banned='yes' WHERE user_id ='{$id}'");
*/ if (!defined('DATALIFEENGINE') or !$config['allow_comments']) { die("Hacking attempt!"); } require_once ENGINE_DIR . '/classes/parse.class.php'; if ($config['allow_comments_wysiwyg'] > 0) { $parse = new ParseFilter(array('div', 'span', 'p', 'br', 'strong', 'em', 'ul', 'li', 'ol', 'b', 'u', 'i', 's'), array(), 0, 1); } else { $parse = new ParseFilter(); } $parse->safe_mode = true; $parse->allow_url = $user_group[$member_id['user_group']]['allow_url']; $parse->allow_image = $user_group[$member_id['user_group']]['allow_image']; $_TIME = time(); $_IP = get_ip(); $name = $db->safesql($parse->process(trim($_POST['name']))); $not_allow_symbol = array("\"", "`", "\t", '\\n', '\\r', "\n", "\r", '\\', ",", "/", "¬", "#", ";", ":", "~", "[", "]", "{", "}", ")", "(", "*", "^", "%", "\$", "<", ">", "?", "!", '"', "'", " ", "&"); $mail = $db->safesql(trim(str_replace($not_allow_symbol, '', strip_tags(stripslashes($_POST['mail']))))); $post_id = intval($_POST['post_id']); $stop = array(); $added_comments_id = 0; if ($is_logged) { $name = $db->safesql($member_id['name']); $mail = $db->safesql($member_id['email']); } if ($user_group[$member_id['user_group']]['spamfilter']) { $row = $db->super_query("SELECT * FROM " . PREFIX . "_spam_log WHERE ip = '{$_IP}'"); if (!$row['id'] or !$row['email']) { include_once ENGINE_DIR . '/classes/stopspam.class.php'; $sfs = new StopSpam($config['spam_api_key'], $user_group[$member_id['user_group']]['spamfilter']); $args = array('ip' => $_IP, 'email' => $mail);
if ($_REQUEST['user_hash'] == "" or $_REQUEST['user_hash'] != $dle_login_hash) { die("Hacking attempt! User not found"); } if ($config['allow_comments_wysiwyg']) { $parse->wysiwyg = true; $use_html = true; $parse->ParseFilter(array('div', 'a', 'span', 'p', 'br'), array(), 0, 1); } else { $use_html = false; } if (!$_POST['selected_comments']) { msg("error", $lang['mass_error'], $lang['mass_acomm'], "?mod=cmoderation"); } foreach ($_POST['selected_comments'] as $c_id) { $c_id = intval($c_id); $comments = $db->safesql($parse->BB_Parse($parse->process($_POST['selected_text'][$c_id]), $use_html)); $post_id = intval($_POST['post_id'][$c_id]); $db->query("UPDATE " . PREFIX . "_comments SET text='{$comments}', approve='1' WHERE id='{$c_id}'"); $db->query("UPDATE " . PREFIX . "_post SET comm_num=comm_num+1 WHERE id='{$post_id}'"); } $db->query("INSERT INTO " . USERPREFIX . "_admin_logs (name, date, ip, action, extras) values ('" . $db->safesql($member_id['name']) . "', '{$_TIME}', '{$_IP}', '19', '')"); clear_cache(); msg("info", $lang['mass_head'], $lang['mass_approve_ok'], "?mod=cmoderation"); } if ($action == "mass_delete") { if ($_REQUEST['user_hash'] == "" or $_REQUEST['user_hash'] != $dle_login_hash) { die("Hacking attempt! User not found"); } if (!$_POST['selected_comments']) { msg("error", $lang['mass_error'], $lang['mass_dcomm'], "?mod=cmoderation"); }
$parse = new ParseFilter(array(), array(), 1, 1); $allow_br = intval($_POST['allow_br']); if ($_POST['preview_mode'] == "static") { if ($member_id['user_group'] != 1 and $allow_br > 1) { $allow_br = 1; } if ($allow_br == 2) { if (function_exists("get_magic_quotes_gpc") && get_magic_quotes_gpc()) { $_POST['template'] = stripslashes($_POST['template']); } $template = trim(addslashes($_POST['template'])); } else { if ($config['allow_static_wysiwyg']) { $parse->allow_code = false; } $template = $parse->process($_POST['template']); if ($config['allow_static_wysiwyg'] or $allow_br != '1') { $template = $parse->BB_Parse($template); } else { $template = $parse->BB_Parse($template, false); } } $descr = trim(htmlspecialchars(stripslashes($_POST['description']), ENT_QUOTES, $config['charset'])); if ($_GET['page'] == "rules") { $descr = $lang['rules_edit']; } if ($_POST['allow_template']) { $dle_module = "static"; if ($_POST['static_tpl'] == "") { if (@is_file($tpl->dir . "/preview.tpl")) { $tpl->load_template('preview.tpl');
if ($resp->is_valid) { $sec_code = 1; $sec_code_session = 1; } } } else { $sec_code = $_POST['sec_code']; $sec_code_session = $_SESSION['sec_code_session'] != '' ? $_SESSION['sec_code_session'] : false; } } else { $sec_code = 1; $sec_code_session = 1; } $password1 = $_POST['password1']; $password2 = $_POST['password2']; $name = $db->safesql($parse->process(htmlspecialchars(trim($_POST['name']), ENT_COMPAT, $config['charset']))); $name = preg_replace('#\\s+#i', ' ', $name); $not_allow_symbol = array("\"", "`", "\t", '\\n', '\\r', "\n", "\r", '\\', ",", "/", "¬", "#", ";", ":", "~", "[", "]", "{", "}", ")", "(", "*", "^", "%", "\$", "<", ">", "?", "!", '"', "'", " ", "&"); $email = $db->safesql(trim(str_replace($not_allow_symbol, '', strip_tags(stripslashes($_POST['email']))))); $reg_error = check_reg($name, $email, $password1, $password2, $sec_code, $sec_code_session); if ($config['reg_question']) { if (intval($_SESSION['question'])) { $answer = $db->super_query("SELECT id, answer FROM " . PREFIX . "_question WHERE id='" . intval($_SESSION['question']) . "'"); $answers = explode("\n", $answer['answer']); $pass_answer = false; if (function_exists('mb_strtolower')) { $question_answer = trim(mb_strtolower($_POST['question_answer'], $config['charset'])); } else { $question_answer = trim(strtolower($_POST['question_answer'])); } if (count($answers) and $question_answer) {
$allow_list = explode(',', $user_group[$member_id['user_group']]['cat_allow_addnews']); if ($allow_list[0] != "all") { foreach ($catlist as $selected) { if (!in_array($selected, $allow_list) and $member_id['user_group'] != "1") { $stop .= "<li>" . $lang['news_err_41'] . "</li>"; } } } if (!$user_group[$member_id['user_group']]['allow_html']) { $config['allow_site_wysiwyg'] = "no"; $_POST['short_story'] = strip_tags($_POST['short_story']); $_POST['full_story'] = strip_tags($_POST['full_story']); } if ($config['allow_site_wysiwyg'] == "yes") { $parse->allow_code = false; $full_story = $db->safesql($parse->BB_Parse($parse->process($_POST['full_story']))); $short_story = $db->safesql($parse->BB_Parse($parse->process($_POST['short_story']))); $allow_br = 0; } else { $full_story = $db->safesql($parse->BB_Parse($parse->process($_POST['full_story']), false)); $short_story = $db->safesql($parse->BB_Parse($parse->process($_POST['short_story']), false)); $allow_br = 1; } if ($parse->not_allowed_text) { $stop .= "<li>" . $lang['news_err_39'] . "</li>"; } $parse->ParseFilter(); $title = $db->safesql($parse->process(trim(strip_tags($_POST['title'])))); $alt_name = trim($parse->process(stripslashes($_POST['alt_name']))); if ($config['safe_xfield']) { $parse->ParseFilter();
protected function _create_dle_account() { $member_id['email'] = $this->user['email']; $member_id['icq'] = $this->user['icq']; if (VB_CHARSET && VB_CHARSET != DLE_CHARSET) { $member_id['email'] = iconv(VB_CHARSET, DLE_CHARSET, $this->user['email']); $member_id['icq'] = iconv(VB_CHARSET, DLE_CHARSET, $this->user['icq']); } $member_id['user_group'] = $GLOBALS['config']['reg_group']; $member_id['name'] = $_POST['login_name']; $add = array(); $add['name'] = $this->db->safesql($_POST['login_name']); $add['password'] = md5($_POST['login_password']); $add['email'] = $this->db->safesql($this->user['email']); $add['icq'] = $this->db->safesql($member_id['icq']); $add['reg_date'] = TIMENOW + $GLOBALS['config']['date_adjust'] * 60; $add['lastdate'] = TIMENOW + $GLOBALS['config']['date_adjust'] * 60; $add['logged_ip'] = $this->db->safesql(IPADRESS); $update_fields = array(); $this->_init_parse(); foreach ($this->config['fields'] as $dle_field => $vb_field_id) { if ($vb_field_id) { if ($vb_field_id < 0) { $vb_field = array_search($vb_field_id, $this->user_vb_field); } else { $vb_field = 'field' . $vb_field_id; } if (empty($this->user[$vb_field])) { continue; } else { $value = $this->user[$vb_field]; } if (VB_CHARSET && VB_CHARSET != DLE_CHARSET) { $value = iconv(VB_CHARSET, DLE_CHARSET, $value); } if (in_array($dle_field, array('info', 'land', 'fullname'))) { $member_id[$dle_field] = $add[$dle_field] = $this->db->safesql($value); } else { $value = $this->_parse->BB_Parse($this->_parse->process($value)); $value = str_replace("|", "|", $value); $update_fields[] = $this->db->safesql($dle_field . "|" . $value); } } } $add['user_group'] = $GLOBALS['config']['reg_group']; $add['favorites'] = ''; $add['signature'] = ''; if ($update_fields) { $add['xfields'] = implode("||", $update_fields); } $this->db->query("INSERT INTO " . USERPREFIX . "_users (" . implode(", ", array_keys($add)) . ") VALUES ('" . implode("', '", $add) . "')"); $member_id['user_id'] = $this->db->insert_id(); $member_id['logged_ip'] = $_SERVER['REMOTE_ADDR']; $member_id['reg_date'] = $member_id['lastdate'] = time() + $GLOBALS['config']['date_adjust'] * 60; set_cookie("dle_user_id", $member_id['user_id'], 365); set_cookie("dle_password", $_POST['login_password'], 365); $_SESSION['dle_user_id'] = $member_id['user_id']; $_SESSION['dle_password'] = $_POST['login_password']; $_SESSION['member_lasttime'] = $member_id['lastdate']; $_SESSION['dle_log'] = 0; $GLOBALS['dle_login_hash'] = md5(strtolower($_SERVER['HTTP_HOST'] . $member_id['name'] . $_POST['login_password'] . $GLOBALS['config']['key'] . date("Ymd"))); if ($GLOBALS['config']['log_hash']) { $hash = md5(uniqid(time()) . time()); $this->db->query("UPDATE " . USERPREFIX . "_users set hash='" . $hash . "' WHERE user_id='{$member_id['user_id']}'"); set_cookie("dle_hash", $hash, 365); $_COOKIE['dle_hash'] = $hash; $member_id['hash'] = $hash; } $GLOBALS['member_id'] = $member_id; $GLOBALS['is_logged'] = true; if ($this->user['avatarid']) { $avatarid = $this->_db_connect()->super_query("SELECT avatarpath FROM " . VB_PREFIX . "avatar WHERE avatarid=" . $this->user['avatarid']); if ($avatarid) { $this->_db_disconnect(); $this->UpdateDLEAvatar(array('username' => $this->user['username'], 'avatarurl' => $avatarid['avatarurl'])); } } else { if ($this->vb_config['usefileavatar'] && $this->user['avatarrevision']) { $this->UpdateDLEAvatar(array('username' => $this->user['username'], 'avatarurl' => $this->vb_config['bburl'] . "/" . $this->vb_config['avatarurl'] . "/avatar" . $this->user['userid'] . "_" . $this->user['avatarrevision'] . ".gif")); } } return $member_id; }
$save_con['allow_social'] = intval($save_con['allow_social']); $save_con['auth_only_social'] = intval($save_con['auth_only_social']); $save_con['allow_comments_rating'] = intval($save_con['allow_comments_rating']); $save_con['tree_comments'] = intval($save_con['tree_comments']); $save_con['tree_comments_level'] = intval($save_con['tree_comments_level']); $save_con['simple_reply'] = intval($save_con['simple_reply']); if ($save_con['adminlog_maxdays'] < 30) { $save_con['adminlog_maxdays'] = 30; } if (substr($save_con['http_home_url'], -1, 1) != '/') { $save_con['http_home_url'] = $save_con['http_home_url'] . "/"; } include_once ENGINE_DIR . '/classes/parse.class.php'; $parse = new ParseFilter(); $parse->safe_mode = true; $save_con['offline_reason'] = $parse->process(stripslashes(trim($save_con['offline_reason']))); $save_con['offline_reason'] = str_replace('"', '"', $parse->BB_Parse($save_con['offline_reason'], false)); $save_con['admin_allowed_ip'] = str_replace("\r", "", trim($save_con['admin_allowed_ip'])); $save_con['admin_allowed_ip'] = str_replace("\n", "|", $save_con['admin_allowed_ip']); $temp_array = explode("|", $save_con['admin_allowed_ip']); $allowed_ip = array(); if (count($temp_array)) { foreach ($temp_array as $value) { $value1 = str_replace("*", "0", trim($value)); $value1 = explode('/', $value1); $value1 = ip2long($value1[0]); if ($value1 != -1 and $value1 !== FALSE) { $allowed_ip[] = trim($value); } } }
protected function PreparationValues() { if (!class_exists('ParseFilter')) { throw new ExceptionAllError('Не найден класс ParseFilter'); } $parse = new ParseFilter(array(), array(), 1, 1); foreach ($this->checkbox_fields as $box_name => $name) { if (!empty($this->values[$box_name])) { $this->values[$box_name] = 1; } else { $this->values[$box_name] = 0; } } if (empty($this->values['cost'])) { $this->values['cost'] = 0; } else { $this->values['cost'] = str_replace(",", ".", str_replace(" ", "", $this->values['cost'])); } if (empty($this->values['currency'])) { $this->values['currency'] = "USD"; } $this->values['cost_search'] = $this->values['cost'] / $this->config['currency'][$this->values['currency']]; if (!empty($this->values['auction']) && $this->values['cost']) { $this->values['auction'] = 1; } else { $this->values['auction'] = 0; } if (!empty($this->values['allow_site'])) { $this->values['allow_site'] = 1; } else { $this->values['allow_site'] = 0; } if (!empty($this->values['allow_block'])) { $this->values['allow_block'] = 1; if (!empty($this->values['block_date'])) { $this->values['block_date'] = strtotime($this->values['block_date']); } else { $this->values['block_date'] = 0; } } else { $this->values['block_date'] = 0; $this->values['allow_block'] = 0; } if (!empty($this->values['exp_date'])) { $this->values['exp_date'] = strtotime($this->values['exp_date']); } else { $this->values['exp_date'] = 0; } $this->values['city_other'] = $parse->process(trim($this->values['city_other'])); $this->values['model_other'] = $parse->process(trim($this->values['model_other'])); $this->values['phone'] = $parse->process(trim($this->values['phone'])); $this->values['contact_person'] = $parse->process(trim($this->values['contact_person'])); $this->values['description'] = $parse->BB_Parse($this->values['description'], false); if ($this->values['model_other']) { $this->values['model_id'] = 0; } if ($this->values['city_other']) { $this->values['city_id'] = 0; } }
$short_story = $db->safesql($parse->BB_Parse($short_story)); } else { $full_story = $db->safesql($parse->BB_Parse($full_story, false)); $short_story = $db->safesql($parse->BB_Parse($short_story, false)); } if ($row['xfields'] != "") { $xfields = xfieldsload(); $postedxfields = xfieldsdataload($row['xfields']); $filecontents = array(); $newpostedxfields = array(); if (!empty($postedxfields)) { foreach ($xfields as $name => $value) { if ($value[3] == "textarea" and $postedxfields[$value[0]] != "") { if ($config['allow_admin_wysiwyg'] == "yes" or $row['allow_br'] != '1') { $postedxfields[$value[0]] = $parsexf->decodeBBCodes($postedxfields[$value[0]], true, "yes"); $newpostedxfields[$value[0]] = $parsexf->BB_Parse($parsexf->process($postedxfields[$value[0]])); } else { $postedxfields[$value[0]] = $parsexf->decodeBBCodes($postedxfields[$value[0]], false); $newpostedxfields[$value[0]] = $parsexf->BB_Parse($parsexf->process($postedxfields[$value[0]]), false); } } elseif ($postedxfields[$value[0]] != "") { $newpostedxfields[$value[0]] = $parsexf->process(stripslashes($postedxfields[$value[0]])); } } if (count($newpostedxfields)) { foreach ($newpostedxfields as $xfielddataname => $xfielddatavalue) { if ($xfielddatavalue == "") { continue; } $xfielddatavalue = str_replace("|", "|", $xfielddatavalue); $filecontents[] = $db->safesql("{$xfielddataname}|{$xfielddatavalue}");
$parse->filter_mode = false; // ******************************************************************************** // Добавление слова // ******************************************************************************** if ($action == "add") { if ($_REQUEST['user_hash'] == "" or $_REQUEST['user_hash'] != $dle_login_hash) { die("Hacking attempt! User not found"); } $word_find = trim(strip_tags(stripslashes($_POST['word_find']))); if ($word_find == "") { msg("error", $lang['word_error'], $lang['word_word'], "?mod=wordfilter"); } if ($word_replace == "({$lang['word_del']})") { $word_replace = ""; } $word_replace = stripslashes($parse->BB_Parse($parse->process($_POST['word_replace']), false)); $word_id = time(); $all_items = file(ENGINE_DIR . '/data/wordfilter.db.php'); foreach ($all_items as $item_line) { $item_arr = explode("|", $item_line); if ($item_arr[0] == $word_id) { $word_id++; } } foreach ($all_items as $word_line) { $word_arr = explode("|", $word_line); if ($word_arr[1] == $word_find) { msg("error", $lang['word_error'], $lang['word_ar'], "?mod=wordfilter"); } } $new_words = fopen(ENGINE_DIR . '/data/wordfilter.db.php', "a");
} if (!$have_perm) { die("Access it is refused"); } $allow_br = intval($_REQUEST['allow_br']); if ($user_group[$member_id['user_group']]['moderation']) { $approve = 1; } else { $approve = 0; } if ($allow_br) { $use_html = false; } else { $use_html = true; } $_POST['title'] = $db->safesql($parse->process(trim(strip_tags(convert_unicode($_POST['title'], $config['charset']))))); if ($config['allow_quick_wysiwyg']) { $parse->allow_code = false; } $_POST['news_txt'] = convert_unicode($_POST['news_txt'], $config['charset']); $_POST['full_txt'] = convert_unicode($_POST['full_txt'], $config['charset']); if (!$user_group[$member_id['user_group']]['allow_html']) { $_POST['news_txt'] = strip_tags($_POST['news_txt']); $_POST['full_txt'] = strip_tags($_POST['full_txt']); } $news_txt = $db->safesql($parse->BB_Parse($parse->process($_POST['news_txt']), $use_html)); $full_txt = $db->safesql($parse->BB_Parse($parse->process($_POST['full_txt']), $use_html)); if ($config['safe_xfield']) { $parse->ParseFilter(); $parse->safe_mode = true; }
</div> </div> </div> HTML; $message = stripslashes($message); echo <<<HTML <pre style="display:none;" id="title">{$title}</pre> <pre style="display:none;" id="message">{$message}</pre> </body> </html> HTML; } elseif ($action == "preview") { include_once ENGINE_DIR . '/classes/parse.class.php'; $parse = new ParseFilter(array(), array(), 1, 1); $title = strip_tags(stripslashes($parse->process($_POST['title']))); $message = stripslashes($parse->process($_POST['message'])); if ($editor == "wysiwyg") { $message = $parse->BB_Parse($message); } else { $message = $parse->BB_Parse($message, false); } echo <<<HTML <html><title>{$title}</title> <meta content="text/html; charset={$config['charset']}" http-equiv=Content-Type> <style type="text/css"> html,body{ height:100%; margin:0px; padding: 0px; font-size: 11px;
$news_fixed = 0; $allow_br = intval($_POST['text_type']); $lastdate = intval($_POST['lastdate']); if (count($_POST['content'])) { foreach ($_POST['content'] as $content) { $approve = intval($content['approve']); if (!count($content['category'])) { $content['category'] = array(); $content['category'][] = '0'; } $category_list = array(); foreach ($content['category'] as $value) { $category_list[] = intval($value); } $category_list = $db->safesql(implode(',', $category_list)); $full_story = $parse->process($content['full']); $short_story = $parse->process($content['short']); $title = $parse->process(trim(strip_tags($content['title']))); $_POST['title'] = $title; $alt_name = totranslit(stripslashes($title)); $title = $db->safesql($title); if (!$allow_br) { $full_story = $db->safesql($parse->BB_Parse($full_story)); $short_story = $db->safesql($parse->BB_Parse($short_story)); } else { $full_story = $db->safesql($parse->BB_Parse($full_story, false)); $short_story = $db->safesql($parse->BB_Parse($short_story, false)); } $metatags = create_metatags($short_story . $full_story); $thistime = date("Y-m-d H:i:s", strtotime($content['date'])); if (trim($title) == "") {
} $banned_info = get_vars("banned"); if (!is_array($banned_info)) { $banned_info = array(); $db->query("SELECT * FROM " . USERPREFIX . "_banned"); while ($row = $db->get_row()) { if ($row['users_id']) { $banned_info['users_id'][$row['users_id']] = array('users_id' => $row['users_id'], 'descr' => stripslashes($row['descr']), 'date' => $row['date']); } else { if (count(explode(".", $row['ip'])) == 4) { $banned_info['ip'][$row['ip']] = array('ip' => $row['ip'], 'descr' => stripslashes($row['descr']), 'date' => $row['date']); } elseif (strpos($row['ip'], "@") !== false) { $banned_info['email'][$row['ip']] = array('email' => $row['ip'], 'descr' => stripslashes($row['descr']), 'date' => $row['date']); } else { $banned_info['name'][$row['ip']] = array('name' => $row['ip'], 'descr' => stripslashes($row['descr']), 'date' => $row['date']); } } } set_vars("banned", $banned_info); $db->free(); } $name = $db->safesql(trim(htmlspecialchars($parse->process(convert_unicode($_POST['name'], $config['charset'])), ENT_QUOTES, $config['charset']))); $name = preg_replace('#\\s+#i', ' ', $name); $allow = check_name($name); if (!$allow) { $buffer = "<font color=\"green\">" . $lang['reg_ok_ajax'] . "</font>"; } else { $buffer = "<font color=\"red\">" . $allow . "</font>"; } @header("Content-type: text/html; charset=" . $config['charset']); echo $buffer;
$category = $db->safesql(implode(',', $category_list)); $grouplevel = $_POST['grouplevel']; if (!count($grouplevel)) { $grouplevel = array(); $grouplevel[] = 'all'; } $g_list = array(); foreach ($grouplevel as $value) { if ($value == "all") { $g_list[] = $value; } else { $g_list[] = intval($value); } } $grouplevel = $db->safesql(implode(',', $g_list)); $title = $db->safesql($parse->BB_Parse($parse->process($_POST['title']), false)); $body = $db->safesql($parse->BB_Parse($parse->process($_POST['body']), false)); $db->query("INSERT INTO " . PREFIX . "_vote (category, vote_num, date, title, body, approve, start, end, grouplevel) VALUES ('{$category}', 0, CURRENT_DATE(), '{$title}', '{$body}', '1', '{$start_date}', '{$end_date}', '{$grouplevel}')"); @unlink(ENGINE_DIR . '/cache/system/vote.php'); $db->query("INSERT INTO " . USERPREFIX . "_admin_logs (name, date, ip, action, extras) values ('" . $db->safesql($member_id['name']) . "', '{$_TIME}', '{$_IP}', '2', '{$title}')"); msg("info", $lang['vote_str_3'], $lang['vote_str_3'], "?mod=editvote"); } elseif ($_GET['action'] == "update") { if ($_REQUEST['user_hash'] == "" or $_REQUEST['user_hash'] != $dle_login_hash) { die("Hacking attempt! User not found"); } if (trim($_POST['start_date'])) { $start_date = @strtotime($_POST['start_date']); if ($start_date === -1 or !$start_date) { $start_date = ""; } } else {
} else { msgbox($lang['comm_err_2'], $lang['comm_err_3']); } } elseif ($id and $action == "comm_edit" and $subaction == "addcomment") { $row = $db->super_query("SELECT * FROM " . PREFIX . "_{$allowed_areas[$area]['comments_table']} where id = '{$id}'"); $have_perm = 0; $row['date'] = strtotime($row['date']); if ($row['autor'] and $is_logged and ($member_id['name'] == $row['autor'] and $row['is_register'] and $user_group[$member_id['user_group']]['allow_editc'] or $member_id['user_group'] == '1' or $user_group[$member_id['user_group']]['edit_allc'])) { $have_perm = 1; } if ($user_group[$member_id['user_group']]['edit_limit'] and $row['date'] + $user_group[$member_id['user_group']]['edit_limit'] * 60 < $_TIME) { $have_perm = 0; } if ($have_perm) { if ($config['allow_comments_wysiwyg'] != "yes") { $comments = $parse->BB_Parse($parse->process($_POST['comments']), false); } else { $parse->wysiwyg = true; $parse->ParseFilter(array('div', 'span', 'p', 'br', 'strong', 'em', 'ul', 'li', 'ol', 'b', 'u', 'i', 's'), array(), 0, 1); if ($user_group[$member_id['user_group']]['allow_url']) { $parse->tagsArray[] = 'a'; } if ($user_group[$member_id['user_group']]['allow_image']) { $parse->tagsArray[] = 'img'; } $comments = $parse->BB_Parse($parse->process($_POST['comments'])); } //* Автоперенос длинных слов if (intval($config['auto_wrap'])) { $comments = preg_split('((>)|(<))', $comments, -1, PREG_SPLIT_DELIM_CAPTURE); $n = count($comments);
die("Hacking attempt! User not found"); } $allow_br = intval($_POST['allow_br']); if ($member_id['user_group'] != 1 and $allow_br > 1) { $allow_br = 1; } if ($allow_br == 2) { if (function_exists("get_magic_quotes_gpc") && get_magic_quotes_gpc()) { $_POST['template'] = stripslashes($_POST['template']); } $template = trim(addslashes($_POST['template'])); } else { if ($config['allow_static_wysiwyg'] == "yes") { $parse->allow_code = false; } $template = $parse->process($_POST['template']); if ($config['allow_static_wysiwyg'] == "yes" or $allow_br != '1') { $template = $parse->BB_Parse($template); } else { $template = $parse->BB_Parse($template, false); } } $disable_index = isset($_POST['disable_index']) ? intval($_POST['disable_index']) : 0; $metatags = create_metatags($template); $name = trim(totranslit($_POST['name'], true, false)); $descr = trim($db->safesql(htmlspecialchars($_POST['description']))); $template = $db->safesql($template); $tpl = trim(totranslit($_POST['static_tpl'])); $skin_name = trim(totranslit($_POST['skin_name'], false, false)); $newdate = $_POST['newdate']; if (isset($_POST['allow_now'])) {
} else { $parse = new ParseFilter(); $parse->safe_mode = true; function del_tpl($read) { global $tpl; $read = str_replace('\\"', '"', str_replace("&", "&", $read)); $tpl->copy_template = $read; } $tpl = new dle_template(); $tpl->dir = ROOT_DIR . '/templates/' . $_REQUEST['skin']; define('TEMPLATE_DIR', $tpl->dir); $_POST['name'] = convert_unicode($_POST['name'], $config['charset']); $_POST['subj'] = convert_unicode($_POST['subj'], $config['charset']); $_POST['text'] = convert_unicode($_POST['text'], $config['charset']); $name = $parse->process(trim($_POST['name'])); $subj = $parse->process(trim($_POST['subj'])); if ($config['allow_comments_wysiwyg'] != "yes") { $text = $parse->BB_Parse($parse->process($_POST['text']), false); } else { $parse->wysiwyg = true; $parse->ParseFilter(array('div', 'span', 'p', 'br', 'strong', 'em', 'ul', 'li', 'ol'), array(), 0, 1); $text = $parse->BB_Parse($parse->process($_POST['text'])); } $tpl->load_template('pm.tpl'); preg_replace("'\\[readpm\\](.*?)\\[/readpm\\]'ies", "del_tpl('\\1')", $tpl->copy_template); if (strpos($tpl->copy_template, "[xfvalue_") !== false) { $xfound = true; } else { $xfound = false; }
/* Helpers classes */ require_once ENGINE_DIR . '/classes/parse.class.php'; require_once MODULE_PATH . '/helpers/user.models.php'; require_once MODULE_PATH . '/helpers/user.theme.php'; require_once MODULE_PATH . '/lang/cabinet.php'; require_once MODULE_DATA . '/mail.php'; /* Install */ if (!file_exists(MODULE_DATA . '/config.php')) { header('Refresh: 0; url=' . $config['http_home_url']); die; } require_once MODULE_PATH . '/pay.api.php'; /* Pointer controller */ $parse = new ParseFilter(); $start = explode("/", $billing_config['start']); $c = $_GET['c'] ? $db->safesql($parse->process(trim($_GET['c']))) : $start[0]; $m = $_GET['m'] ? $db->safesql($parse->process(trim($_GET['m']))) : $start[1]; $p = $_GET['p'] ? $db->safesql($parse->process(trim($_GET['p']))) : $start[2]; /* OFF */ if (!$billing_config['status'] and $member_id['user_group'] != 1) { echo $billing_lang['cabinet_off']; } else { /* Load controller - Core */ if (file_exists(MODULE_PATH . "/controllers/user." . $c . ".php")) { require_once MODULE_PATH . '/controllers/user.' . $c . '.php'; } elseif (file_exists(MODULE_PATH . "/plugins/" . $c . "/user.main.php")) { require_once MODULE_PATH . '/plugins/' . $c . '/user.main.php'; } else { echo str_replace("{c}", $c, $billing_lang['cabinet_controller_error']); } }
$row = $db->super_query("SELECT user_id, name, user_group, email FROM " . USERPREFIX . "_users WHERE user_id = '{$id}'"); if (!$row['user_id']) { die("User not found"); } if ($member_id['user_group'] != 1 and $row['user_group'] == 1) { die($lang['edit_not_admin']); } $editlevel = intval($_POST['editlevel']); if ($member_id['user_group'] != 1 and $editlevel < 2) { die($lang['admin_not_access']); } $db->query("INSERT INTO " . USERPREFIX . "_admin_logs (name, date, ip, action, extras) values ('" . $db->safesql($member_id['name']) . "', '{$_TIME}', '{$_IP}', '64', '{$row['name']}')"); include_once ENGINE_DIR . '/classes/parse.class.php'; $parse = new ParseFilter(); $parse->safe_mode = true; $editlogin = $db->safesql($parse->process($_POST['editlogin'])); $editfullname = $db->safesql($parse->process($_POST['editfullname'])); if ($_POST['editicq']) { $editicq = intval($_POST['editicq']); } else { $editicq = ""; } $editland = $db->safesql($parse->process($_POST['editland'])); $editinfo = $db->safesql($parse->BB_Parse($parse->process($_POST['editinfo']), false)); $editsignature = $db->safesql($parse->BB_Parse($parse->process($_POST['editsignature']), false)); $time_limit = trim($_POST['time_limit']) ? strtotime($_POST['time_limit']) : ""; $not_allow_symbol = array("\"", "`", "\t", '\\n', '\\r', "\n", "\r", '\\', ",", "/", "¬", "#", ";", ":", "~", "[", "]", "{", "}", ")", "(", "*", "^", "%", "\$", "<", ">", "?", "!", '"', "'", " "); $editmail = $db->safesql(trim(str_replace($not_allow_symbol, '', strip_tags(stripslashes($_POST['editmail']))))); if (empty($editmail) or strlen($editmail) > 50 or @count(explode("@", $editmail)) != 2) { die("E-mail not correct"); }
@ini_set('display_errors', true); @ini_set('html_errors', false); @ini_set('error_reporting', E_ALL ^ E_WARNING ^ E_NOTICE); define('DATALIFEENGINE', true); define('ROOT_DIR', substr(dirname(__FILE__), 0, -12)); define('ENGINE_DIR', ROOT_DIR . '/engine'); include ENGINE_DIR . '/data/config.php'; if ($config['http_home_url'] == "") { $config['http_home_url'] = explode("engine/ajax/keywords.php", $_SERVER['PHP_SELF']); $config['http_home_url'] = reset($config['http_home_url']); $config['http_home_url'] = "http://" . $_SERVER['HTTP_HOST'] . $config['http_home_url']; } require_once ENGINE_DIR . '/classes/mysql.php'; require_once ENGINE_DIR . '/data/dbconfig.php'; require_once ROOT_DIR . '/language/' . $config['langs'] . '/adminpanel.lng'; require_once ENGINE_DIR . '/inc/include/functions.inc.php'; require_once ENGINE_DIR . '/classes/parse.class.php'; dle_session(); $config['charset'] = $lang['charset'] != '' ? $lang['charset'] : $config['charset']; @header("Content-type: text/html; charset=" . $config['charset']); $parse = new ParseFilter(); $full_story = $parse->BB_Parse($parse->process(convert_unicode($_REQUEST['full_txt'], $config['charset'])), false); $short_story = $parse->BB_Parse($parse->process(convert_unicode($_REQUEST['short_txt'], $config['charset'])), false); $metatags = create_metatags($short_story . $full_story); $metatags['description'] = trim($metatags['description']); $metatags['keywords'] = trim($metatags['keywords']); if ($_REQUEST['key'] == 1) { echo stripslashes($metatags['description']); } else { echo stripslashes($metatags['keywords']); }
} $row = $db->super_query("SELECT * FROM " . USERPREFIX . "_users WHERE user_id = '{$id}'"); if (!$is_logged or !($member_id['user_id'] == $row['user_id'] or $member_id['user_group'] == 1)) { $stop = $lang['news_err_13']; } else { $parse->allow_url = $user_group[$member_id['user_group']]['allow_url']; $parse->allow_image = $user_group[$member_id['user_group']]['allow_image']; $password1 = $_POST['password1']; $password2 = $_POST['password2']; if ($_POST['allow_mail']) { $allow_mail = 0; } else { $allow_mail = 1; } $altpass = md5($_POST['altpass']); $info = $db->safesql($parse->BB_Parse($parse->process($_POST['info']), false)); $not_allow_symbol = array("\"", "`", "\t", '\\n', '\\r', "\n", "\r", '\\', ",", "/", "¬", "#", ";", ":", "~", "[", "]", "{", "}", ")", "(", "*", "^", "%", "\$", "<", ">", "?", "!", '"', "'", " "); $email = $db->safesql(trim(str_replace($not_allow_symbol, '', strip_tags(stripslashes($_POST['email']))))); $fullname = $db->safesql($parse->process($_POST['fullname'])); $land = $db->safesql($parse->process($_POST['land'])); $icq = intval(str_replace("-", "", $_POST['icq'])); if (!$icq) { $icq = ""; } if ($_POST['allowed_ip']) { $_POST['allowed_ip'] = str_replace("\r", "", trim($_POST['allowed_ip'])); $allowed_ip = str_replace("\n", "|", $_POST['allowed_ip']); $temp_array = explode("|", $allowed_ip); $allowed_ip = array(); if (count($temp_array)) { foreach ($temp_array as $value) {
{$lang['message_pm_6']} [quote]{$text}[/quote] HTML; } else { $message = <<<HTML [b]{$row['name']}[/b], {$lang['message_pm_1']} "{$title}" {$lang['message_pm_2']} [b]{$member_id['name']}[/b]. {$lang['message_pm_3']} [quote]{$text}[/quote] HTML; } $message = $db->safesql($parse->BB_Parse($parse->process(trim($message)), false)); $time = time() + $config['date_adjust'] * 60; $member_id['name'] = $db->safesql($member_id['name']); $db->query("INSERT INTO " . USERPREFIX . "_pm (subj, text, user, user_from, date, pm_read, folder) values ('{$lang['message_pm']}', '{$message}', '{$row['user_id']}', '{$member_id['name']}', '{$time}', 'no', 'inbox')"); $db->query("UPDATE " . USERPREFIX . "_users SET pm_all=pm_all+1, pm_unread=pm_unread+1 WHERE user_id='{$row['user_id']}'"); if ($config['mail_pm']) { include_once ENGINE_DIR . '/classes/mail.class.php'; $mail = new dle_mail($config); $mail_template = $db->super_query("SELECT template FROM " . PREFIX . "_email WHERE name='pm' LIMIT 0,1"); $mail_template['template'] = stripslashes($mail_template['template']); $mail_template['template'] = str_replace("{%username%}", $row['name'], $mail_template['template']); $mail_template['template'] = str_replace("{%date%}", langdate("j F Y H:i", $time), $mail_template['template']); $mail_template['template'] = str_replace("{%fromusername%}", $member_id['name'], $mail_template['template']); $mail_template['template'] = str_replace("{%title%}", $lang['message_pm'], $mail_template['template']); $body = str_replace('\\n', "", $message); $body = str_replace('\\r', "", $body);
define('MODULE_DATA', ENGINE_DIR . "/data/billing"); /* Need install */ if (!file_exists(MODULE_DATA . '/config.php')) { require_once MODULE_PATH . '/helpers/install.php'; die; } /* Helpers classes */ require_once ENGINE_DIR . '/classes/parse.class.php'; require_once MODULE_PATH . '/helpers/user.models.php'; require_once MODULE_PATH . '/helpers/adm.theme.php'; require_once MODULE_DATA . '/config.php'; require_once MODULE_PATH . '/lang/admin.php'; require_once MODULE_PATH . '/pay.api.php'; /* Pointer controller */ $parse = new ParseFilter(); $c = $_GET['c'] ? $db->safesql($parse->process(trim($_GET['c']))) : "main"; $m = $_GET['m'] ? $db->safesql($parse->process(trim($_GET['m']))) : "main"; $p = $_GET['p'] ? $db->safesql($parse->process(trim($_GET['p']))) : ""; /* Load controller - Core */ if (file_exists(MODULE_PATH . "/controllers/adm." . $c . ".php")) { require_once MODULE_PATH . '/controllers/adm.' . $c . '.php'; } elseif (file_exists(MODULE_PATH . "/plugins/" . $c . "/adm.main.php")) { require_once MODULE_PATH . '/plugins/' . $c . '/adm.main.php'; } else { die("Controller Error - 404"); } /* Load controller function */ $adm = new ADMIN(); $adm->config = $billing_config; $adm->config_dle = $config; $adm->hash = $dle_login_hash;