protected static function fetchPreviews($count = 3) { $query = sprintf("SELECT * FROM nodes_catalog WHERE visible = 1 LIMIT %s OFFSET 0", $count); $result = engine::mysql($query); $return = []; while ($data = mysql_fetch_array($result, MYSQL_ASSOC)) { $return[] = $data; } return $return; }
private function getProductsFormDb($page, $perPage, array $whereConditions = []) { $results = []; $whereConditionString = ''; if (!empty($whereConditions)) { $whereConditionString = 'WHERE '; foreach ($whereConditions as $key => $value) { $whereConditionString .= strtr(json_encode($whereConditions), ['{' => '', '}' => '', ':' => '=', ',' => ' AND ', '"' => '']); } } $query = sprintf("SELECT * FROM products %s LIMIT %s OFFSET %s", $whereConditionString, $perPage, $perPage * $page); $query_result = engine::mysql($query); while ($data = mysql_fetch_array($query_result)) { $results[] = $data; } return $results; }
function search_class($site) { $this->site = $site; $this->engine = $this->site->engine; if (!empty($site->get[3])) { $site->content = engine::error(); return; } $urls = array(); $site->title = urldecode($site->get[1]) . ' - ' . $site->title; $site->content .= $GLOBALS["Lang"]["Search results by request"] . '<br/><br/><h1> "' . urldecode($site->get[1]) . '"</h1><br/><br/>'; $query = 'SELECT * FROM `nodes_content` WHERE `text` LIKE "%' . urldecode($site->get[1]) . '%"'; $res = engine::mysql($query); while ($data = mysql_fetch_array($res)) { require_once "engine/functions/print_preview.php"; $site->content .= print_preview($data); array_push($urls, "/" . $data["url"]); } }
function refresh_catch($jQuery = 0) { $html = engine::curl_post_query($_SERVER["HTTP_HOST"] . $_SERVER["SCRIPT_URI"], "nocatch=1"); $c = explode('<!DOCTYPE', $html); preg_match('/<title>(.*?)<\\/title>.*?<\\!-- content -->(.*?)<\\!-- \\/content -->/sim', $html, $m); $title = trim($m[1]); $content = trim($m[2]); if (!empty($content)) { $fout = '<!DOCTYPE' . str_replace('<content/>', $content, $c[1]); } else { $fout = '<!DOCTYPE' . $c[1]; } $query = 'UPDATE `nodes_catch` SET `html` = "' . str_replace('"', '\\"', $html) . '", `date` = "' . date("U") . '", `title` = "' . $title . '", `content` = "' . str_replace('"', '\\"', trim($content)) . '" WHERE `url` = "' . $_SERVER["SCRIPT_URI"] . '"'; engine::mysql($query); if (!$jQuery) { die($fout . "\n<!-- Refreshing catch. Time loading: " . (microtime() - $GLOBALS["time"]) . " -->"); } else { die($content . "\n<!-- Refreshing catch and return content. Time loading: " . (microtime() - $GLOBALS["time"]) . " -->"); } }
* */ header('location: /account/finances'); die('<script>window.location = "/account/finances";</script>'); } else { if ($_GET["mode"] == "cancel") { if (!$test) { $query = 'UPDATE `nodes_transactions` SET `status` = "-1" WHERE `id` = "' . $payment->getId() . '"'; } else { $query = 'UPDATE `nodes_transactions` SET `status` = "-1" WHERE `id` = "' . $_REQUEST["id"] . '"'; } $_SESSION["payment_id"] = ''; engine::mysql($query); header('location: /account/finances'); die('<script>window.location = "/account/finances";</script>'); } else { if (!$test) { $query = 'UPDATE `nodes_transactions` SET `status` = "-1" WHERE `id` = "' . $payment->getId() . '"'; } else { $query = 'UPDATE `nodes_transactions` SET `status` = "-1" WHERE `id` = "' . $_REQUEST["id"] . '"'; } $_SESSION["payment_id"] = ''; engine::mysql($query); header('location: /account/finances'); die('<script>window.location = "/account/finances";</script>'); } } } } else { engine::error(); }
function print_usimg_page() { $this->caption = $GLOBALS["Lang"]["Images"]; if (!empty($_POST["file"])) { $file = $_POST["file"]; $caption1 = $_POST["caption"]; $query = 'INSERT INTO `nodes_img`(name, caption, date) VALUES("' . $file . '", "' . $caption1 . '", "' . date("U") . '")'; engine::mysql($query); $query = 'SELECT * FROM `nodes_img` WHERE `name` = "' . $file . '" AND `caption` = "' . $caption1 . '" ORDER BY `id` DESC LIMIT 0, 1'; $fres = engine::mysql($query); $fimg = mysql_fetch_array($fres); array_push($imgs, $fimg["id"]); } for ($i = 1; $i < 6; $i++) { if (!empty($_POST["file" . $i])) { $file = $_POST["file" . $i]; $caption1 = $_POST["caption" . $i]; $query = 'INSERT INTO `nodes_img`(name, caption, date) VALUES("' . $file . '", "' . $caption1 . '", "' . date("U") . '")'; engine::mysql($query); $query = 'SELECT * FROM `nodes_img` WHERE `name` = "' . $file . '" AND `caption` = "' . $caption1 . '" ORDER BY `id` DESC LIMIT 0, 1'; $fres = engine::mysql($query); $fimg = mysql_fetch_array($fres); array_push($imgs, $fimg["id"]); } } if (!empty($_GET["num"])) { $query = 'SELECT * FROM `nodes_img` WHERE `id` = "' . htmlspecialchars($_GET["num"]) . '"'; $res = engine::mysql($query); $data = mysql_fetch_array($res); $images = "/img/data/big/" . $data['name']; if (is_file($images)) { @unlink($images); } $images = "/img/data/thumb/" . $data['name']; if (is_file($images)) { @unlink($images); } $query = 'DELETE FROM `nodes_img` WHERE `id` = "' . htmlspecialchars($_GET["num"]) . '"'; $result = engine::mysql($query) or die; } $p = 0; if (!empty($_GET["page"])) { $p = intval(trim(str_replace("\$", "", $_GET["page"]))); } $query = 'SELECT * FROM `nodes_img` ORDER BY `id` DESC LIMIT ' . $p * 18 . ', 18'; $res = engine::mysql($query); $fout = ' <table width=650 cellpadding=0 cellspacing=10 height=100%> <tr> '; $i = 0; while ($data = mysql_fetch_array($res)) { $i++; if ($i > 6) { $i = 1; $fout .= '</tr><tr>'; } $fout .= '<td width=100 style="border: #c0c0c0 1px solid; border-radius: 3px; background: #fefefe;" align=center valign=middle><a href="/img/data/big/' . $data["name"] . '">' . '<img src="/img/data/thumb/' . $data["name"] . '" alt="' . $data["caption"] . '" title="' . $data["caption"] . '" style="border-bottom: #c0c0c0 1px solid; max-width: 100px; max-height: 100px;"></a><br/>' . '<div style="margin-top:-3px; padding: 3px;">' . $data["caption"] . ' <div style="float:right;"><a href="/admin/mode=usimg&num=' . $data["id"] . '"><img src="/img/cms/close_button.png" width=12></a></div></div></td>'; } while (++$i < 7) { $fout .= '<td> </td>'; } $fout .= ' </tr> <tr> <td colspan=6>'; $query = 'SELECT COUNT(*) FROM `nodes_img`'; $res = engine::mysql($query); $d = mysql_fetch_array($res); $fout .= '<div style="width: 550px; border: 0px solid; text-align: center; float: left; padding-top: 10px; padding-bottom: 10px;">'; if ($p > 0) { if ($p > 1) { $fout .= '<a href="/admin/mode=usimg&page=' . ($p - 1) . '">< ' . $GLOBALS["Lang"]["Previous page"] . '</a>'; } else { $fout .= '<a href="/admin/mode=usimg">< ' . $GLOBALS["Lang"]["Previous page"] . '</a>'; } } if (($p + 1) * 18 < intval($d[0])) { if ($p > 0) { $fout .= ' | '; } $fout .= '<a href="/admin/mode=usimg&page=' . ($p + 1) . '">' . $GLOBALS["Lang"]["Next page"] . ' ></a>'; } $fout .= '</div>'; $fout .= ' </td> </tr> <tr> <td colspan=6> <form method="POST">'; $uploading_count = 6; require_once "engine/functions/print_uploader.php"; $fout .= print_uploder(); $fout .= ' <div style="clear:both;"></div> <input type="submit" value="' . $GLOBALS["Lang"]["Save uploaded images"] . '" class="btn" style="width:200px;"> </form> </td> </tr> </table> '; return $fout; }
function account_class($site) { $this->site = $site; $this->engine = $this->site->engine; if (!empty($site->get[3])) { $site->content = engine::error(); return; } if (!empty($_SESSION["user"]["id"])) { if (!empty($site->get[1])) { if ($site->get[1] == "settings") { if (!empty($_POST["name"])) { $name = mysql_real_escape_string($_POST["name"]); $email = strtolower(mysql_real_escape_string($_POST["email"])); $query = 'UPDATE `nodes_users` SET `name` = "' . $name . '", `email` = "' . $email . '" WHERE `id` = "' . $_SESSION["user"]["id"] . '"'; engine::mysql($query); $_SESSION["user"]["name"] = $name; $_SESSION["user"]["email"] = $email; if (!empty($_FILES["img"]["tmp_name"])) { $file = engine::upload_photo("img", "img/pic", 50, 50); if ($file != "error") { $file = "/img/pic/" . $file; $query = 'UPDATE `nodes_users` SET `photo` = "' . $file . '" WHERE `id` = "' . $_SESSION["user"]["id"] . '"'; engine::mysql($query); $_SESSION["user"]["photo"] = $file; } } } if (!empty($_POST["pass"])) { $password = md5(trim($_POST["pass"])); $query = 'UPDATE `nodes_users` SET `pass` = "' . $password . '" WHERE `id` = "' . $_SESSION["user"]["id"] . '"'; engine::mysql($query); } $site->title = $GLOBALS["Lang"]["Settings"] . ' - ' . $site->title; $site->content = '<h1 style="padding: 5px;">' . $GLOBALS["Lang"]["Settings"] . '</h1>'; if (empty($_SESSION["user"]["email"])) { $site->content .= '<p>' . $GLOBALS["Lang"]["Enter your email and password to continue"] . '</p>'; } $site->content .= '<br/><form method="POST" enctype="multipart/form-data"> <div style="width: 300px; margin:auto; text-align:center;"> <table> <tr> <td style="padding-bottom: 10px; width: 70px;padding-right: 5px;" align=right><img src="' . $_SESSION["user"]["photo"] . '" width=50 style="border: #d0d0d0 4px solid; border-radius: 4px; margin-top: -5px;" /></td> <td style="padding-bottom: 0px;" valign=top><div style="float:left; text-align:left; padding-left: 5px;">' . $GLOBALS["Lang"]["Change picture"] . ':<br/><input type="file" name="img" class="input" style="width: 200px;margin-top: 5px;" /></div></td> </tr> <tr> <td align=right style="padding-bottom: 10px; width: 70px; padding-right: 5px;">' . $GLOBALS["Lang"]["Name"] . ':</td> <td style="padding-bottom: 10px;" ><input type="text" name="name" value="' . $_SESSION["user"]["name"] . '" class="input" style="width: 200px;" /></td> </tr>'; if (!empty($_SESSION["user"]["email"])) { $site->content .= ' <tr> <td align=right style="padding-bottom: 10px; width: 70px; padding-right: 5px;">' . $GLOBALS["Lang"]["Email"] . ':</td> <td style="padding-bottom: 10px;" ><input type="text" name="email" value="' . $_SESSION["user"]["email"] . '" class="input" style="width: 200px;" /></td> </tr> <tr> <td align=right style="padding-bottom: 10px; width: 70px; padding-right: 5px;">' . $GLOBALS["Lang"]["Password"] . ':</td> <td style="padding-bottom: 10px;" ><input type="password" name="pass" value="" placeHolder="' . $GLOBALS["Lang"]["New password"] . '" class="input" style="width: 200px;" /></td> </tr>'; } else { $site->content .= ' <tr> <td align=right style="padding-bottom: 10px; width: 70px; padding-right: 5px;">' . $GLOBALS["Lang"]["Email"] . ':</td> <td style="padding-bottom: 10px;" ><input required type="text" name="email" placeHolder="' . $GLOBALS["Lang"]["Enter your email"] . '" class="input" style="width: 200px;" /></td> </tr> <tr> <td align=right style="padding-bottom: 10px; width: 70px; padding-right: 5px;">' . $GLOBALS["Lang"]["Password"] . ':</td> <td style="padding-bottom: 10px;" ><input required type="password" name="pass" value="" placeHolder="' . $GLOBALS["Lang"]["Enter your password"] . '" class="input" style="width: 200px;" /></td> </tr>'; } $site->content .= ' <tr> '; if (empty($_SESSION["user"]["url"])) { $site->content .= '<td colspan=2 style="padding: 5px;">'; $query = 'SELECT * FROM `nodes_config` WHERE `name` = "vk_id"'; $res = engine::mysql($query); $vk = mysql_fetch_array($res); $query = 'SELECT * FROM `nodes_config` WHERE `name` = "fb_id"'; $res = engine::mysql($query); $fb_id = mysql_fetch_array($res); $query = 'SELECT * FROM `nodes_config` WHERE `name` = "tw_key"'; $res = engine::mysql($query); $tw_key = mysql_fetch_array($res); $query = 'SELECT * FROM `nodes_config` WHERE `name` = "gp_id"'; $res = engine::mysql($query); $gp_id = mysql_fetch_array($res); if (!empty($fb_id["value"]) || !empty($tw_key["value"]) || !empty($gp_id["value"]) || !empty($vk["value"])) { $site->content .= '<div style="padding: 5px; border: #eee 1px solid; border-radius: 5px;">Connect with social network<br/><br/>'; if (!empty($fb_id["value"])) { $site->content .= '<a rel="nofollow" target="_blank" href=\'https://www.facebook.com/dialog/oauth?client_id=' . $fb_id["value"] . '&redirect_uri=' . urlencode("http://" . $_SERVER["HTTP_HOST"] . "/account.php?mode=social&method=fb") . '\' style="margin: 15px; margin-left: 0px; cursor: pointer;"><img src="/img/social/fb.png" title="Facebook"/></a>'; } if (!empty($tw_key["value"])) { $site->content .= '<a rel="nofollow" target="_blank" href="http://' . $_SERVER["HTTP_HOST"] . '/account.php?mode=social&method=tw" style="margin: 15px;"><img src="/img/social/tw.png" title="Twitter"/></a>'; } if (!empty($gp_id["value"])) { $site->content .= '<a rel="nofollow" target="_blank" href="http://' . $_SERVER["HTTP_HOST"] . '/account.php?mode=social&method=gp" style="margin: 15px;"><img src="/img/social/gp.png" title="Google+"/></a>'; } if (!empty($vk["value"])) { $site->content .= '<a rel="nofollow" target="_blank" href="https://oauth.vk.com/authorize?client_id=' . $vk["value"] . '&scope=notify&redirect_uri=' . urlencode("http://" . $_SERVER["HTTP_HOST"] . '/account.php?mode=social&method=vk') . '&display=page&response_type=token" style="margin: 15px; margin-right: 0px;"><img src="/img/social/vk.png" title="VK"/></a>'; } $site->content .= '</div>'; } } else { $site->content .= ' <td align=right style="padding-bottom: 10px; width: 70px; padding-right: 5px;">' . $GLOBALS["Lang"]["Site"] . ':</td> <td align=left style="padding-left: 7px;"><div style="overflow:hidden; height: 14px; width: 200px;"><a href="' . $_SESSION["user"]["url"] . '" target="_blank">' . str_replace('/', ' / ', str_replace("http://", '', $_SESSION["user"]["url"])) . '</a></div><br/>'; } $site->content .= '<br/> </td> </tr> <tr> <td style="padding-top: 20px;" colspan=2> <input type="submit" class="btn" style="width: 280px;" value="' . $GLOBALS["Lang"]["Save changes"] . '" /><br/><br/> <a href="/account"><input type="button" class="btn btnSmall" style="width: 280px;" value="' . $GLOBALS["Lang"]["Back to account"] . '" /></a><br/><br/> </td> </tr> </table> </div> </form>'; } else { if ($site->get[1] == "inbox") { if (!empty($site->get[3])) { $site->content = engine::error(); return; } $site->title = $GLOBALS["Lang"]["Messages"] . ' - ' . $site->title; $site->content .= '<h1 style="padding: 5px;">' . $GLOBALS["Lang"]["Messages"] . '</h1><br/>'; if (empty($site->get[2])) { $site->content .= '<center><iframe id="message_frame" src="/messages.php?id=' . $_SESSION["user"]["id"] . '" width=100% height=390 style="max-width: 700px;" ></iframe></center>' . '<a href="/account"><input type="button" class="btn btnSmall" style="width: 280px;" value="' . $GLOBALS["Lang"]["Back to account"] . '" /></a>'; } else { $site->content .= '<center><iframe id="message_frame" src="/messages.php?mode=dialog&id=' . $_SESSION["user"]["id"] . '&target=' . $site->get[2] . '" width=100% height=390 style="max-width: 700px;" ></iframe></center>' . '<a href="/account"><input type="button" class="btn btnSmall" style="width: 280px;" value="' . $GLOBALS["Lang"]["Back to account"] . '" /></a>'; } } else { $site->content = engine::error(); return; } } } else { $site->title = $GLOBALS["Lang"]["My Account"] . ' - ' . $site->title; $site->content = '<h1 style="padding: 5px;">' . $GLOBALS["Lang"]["My Account"] . '</h1><br/><br/>'; if ($_SESSION["user"]["id"] == "1") { $site->content .= '<a href="/admin"><input type="button" class="btn btnSmall" style="width: 280px;" value="' . $GLOBALS["Lang"]["Admin"] . '" /></a><br/><br/>'; } $site->content .= '<a href="/account/inbox"><input type="button" class="btn btnSmall" style="width: 280px;" value="' . $GLOBALS["Lang"]["Messages"] . '" /></a><br/><br/>' . '<a href="/account/settings"><input type="button" class="btn btnSmall" style="width: 280px;" value="' . $GLOBALS["Lang"]["Settings"] . '" /></a><br/><br/>' . '<input type="button" class="btn btnSmall" style="width: 280px;" value="' . $GLOBALS["Lang"]["Logout"] . '" onClick="logout();" /><br/><br/>'; } } else { $site->title = $GLOBALS["Lang"]["Access denied"] . ' - ' . $site->title; $site->content = '<h3 style="padding-top: 100px;">' . $GLOBALS["Lang"]["Access denied"] . '</h3><br/>'; } }
@mysql_query("SET NAMES utf8"); $res = mysql_query($query) or die(mysql_error()); $message = mysql_fetch_array($res); if (empty($message)) { $query = 'SELECT * FROM `nodes_users` WHERE `id` = "' . intval($_GET["target"]) . '"'; @mysql_query("SET NAMES utf8"); $res = mysql_query($query) or die(mysql_error()); $target = mysql_fetch_array($res); $query = 'INSERT INTO `nodes_message`(`from`, `to`, `text`, `date`) VALUES("' . intval($_GET["id"]) . '", "' . intval($_GET["target"]) . '", "' . $text . '", "' . date("U") . '")'; @mysql_query("SET NAMES utf8"); mysql_query($query); $query = 'SELECT * FROM `nodes_config` WHERE `name` = "send_message_email"'; $r_conf = engine::mysql($query); $d_conf = mysql_fetch_array($r_conf); $query = 'SELECT * FROM `nodes_config` WHERE `name` = " email_signature"'; $r_sign = engine::mysql($query); $d_sign = mysql_fetch_array($r_sign); if ($d_conf["value"]) { if ($target["online"] < date("U") - 300) { $message = 'User ' . $_SESSION["user"]["name"] . ' sent a message for you!<br/><br/>' . '<a href="http://' . $_SERVER["HTTP_HOST"] . '/inbox/' . $_SESSION["user"]["id"] . '">http://' . $_SERVER["HTTP_HOST"] . '/inbox/' . $_SESSION["user"]["id"] . '</a>' . $d_sign["value"]; engine::send_mail($target["email"], "no-reply@" . $_SERVER["HTTP_HOST"], "New message at " . $_SERVER["HTTP_HOST"], $message); } } } } $query = 'SELECT * FROM `nodes_message` WHERE (`from` = ' . $_GET["id"] . ' AND `to` = ' . $_GET["target"] . ') OR (`from` = ' . $_GET["target"] . ' AND `to` = ' . $_GET["id"] . ') ORDER BY `date` ASC'; @mysql_query("SET NAMES utf8"); $res = mysql_query($query) or die(mysql_error()); $fout = '<div id="chat">' . '<table style="width: 100%; padding-top: 10px; padding-bottom: 10px;" border=0 >'; while ($data = mysql_fetch_array($res)) { if ($data["from"] == $_GET['id']) {
function content_class($site) { $this->site = $site; $this->engine = $this->site->engine; $query = 'SELECT * FROM `nodes_catalog` WHERE `visible` = 1'; $res = $site->engine->mysql($query); if ($site->get[0] != "content") { $site->menu .= '<a href="/content">' . $GLOBALS["Lang"]["Content"] . '</a> '; } else { $site->menu .= '<a href="/content"><b>' . $GLOBALS["Lang"]["Content"] . '</b></a> '; } if ($site->get[0] != "content") { $link = $site->get[0]; if (!empty($site->get[1])) { $site->content = engine::error(); return; } } else { if (!empty($site->get[2])) { $site->content = engine::error(); return; } $link = $site->get[1]; } $flag = 0; while ($data = mysql_fetch_array($res)) { $flag = 1; if ($link == $data["url"]) { $site->menu .= '<a href="/' . $data["url"] . '"><b>' . $data["caption"] . '</b></a> '; } else { $site->menu .= '<a href="/' . $data["url"] . '">' . $data["caption"] . '</a> '; } } if (!$flag) { $site->menu = ''; } if ($site->get[0] != "content" || !empty($site->get[1]) && $site->get[0] == "content") { // print catalog $query = 'SELECT * FROM `nodes_catalog` WHERE `url` = "' . $link . '"'; $res = $site->engine->mysql($query); $data = mysql_fetch_array($res); if (!empty($data)) { $site->title = $data["caption"] . ' - ' . $site->title; $site->description = strip_tags($data["text"]); if (!empty($data["img"])) { $site->img = "/img/data/big/" . $data["img"]; } $query = 'SELECT * FROM `nodes_content` WHERE `cat_id` = "' . $data["id"] . '"'; $res = $site->engine->mysql($query); if (!$data["visible"]) { $site->menu = ''; } $site->content .= '<h1>' . $data["caption"] . '</h1><br/>' . '<br/>'; $flag = 0; // print articles while ($d = mysql_fetch_array($res)) { $flag = 1; require_once "engine/functions/print_preview.php"; $site->content .= print_preview($d); } if ($flag) { $site->content .= '<div style="clear:both;"></div>'; } else { // print catalog if (!empty($data["img"])) { $site->content .= '<div id="article"> <div style="float:left; margin-right: 10px; margin-left: 10px;"> <img src="/img/data/big/' . $data["img"] . '" class="img" /> </div> <div class="text"> ' . $data["text"] . ' </div> </div>'; } else { $site->content .= '<div id="article"> <div class="text"> ' . $data["text"] . ' </div> </div>'; } $site->content .= '<div style="clear:both;"></div>'; } } else { $query = 'SELECT * FROM `nodes_content` WHERE `url` = "' . $link . '"'; $res = $site->engine->mysql($query); $data = mysql_fetch_array($res); if (empty($data)) { $query = 'UPDATE `nodes_catch` SET `interval` = "-2" WHERE `url` = "' . $_SERVER["SCRIPT_URI"] . '"'; $site->engine->mysql($query); $site->engine->error(); exit; } else { require_once "engine/functions/print_content.php"; $site->title = $data["caption"] . ' - ' . $site->title; $site->description = strip_tags($data["text"]); if (!empty($data["img"])) { $site->img = "/img/data/big/" . $data["img"]; } $query = 'SELECT * FROM `nodes_catalog` WHERE `id` = "' . $data["cat_id"] . '"'; $r = engine::mysql($query); $d = mysql_fetch_array($r); $site->content .= '<h1>' . $data["caption"] . '</h1><br/>'; $site->content .= print_content($data); $site->content .= ' <div style="clear:both;"></div> <br/> '; require_once "engine/functions/print_preview.php"; $query = 'SELECT * FROM `nodes_content` WHERE `cat_id` = "' . $data["cat_id"] . '" AND `id` <> "' . $data["id"] . '" ORDER BY `date` DESC LIMIT 0, 3'; $res = $site->engine->mysql($query); $count = 0; while ($d = mysql_fetch_array($res)) { $count++; $site->content .= print_preview($d); } if ($count < 3) { $query = 'SELECT * FROM `nodes_content` WHERE `cat_id` <> "' . $data["cat_id"] . '" ORDER BY `date` DESC LIMIT 0, 3'; $res = $site->engine->mysql($query); while ($d = mysql_fetch_array($res)) { if ($count++ > 3) { break; } $site->content .= print_preview($d); } } $site->content .= ' <div style="clear:both;"></div> '; } } } else { require_once "engine/functions/print_preview.php"; $site->title = $GLOBALS["Lang"]["Content"] . ' - ' . $site->title; $site->content .= '<h1>' . $GLOBALS["Lang"]["Content"] . '</h1><br/><br/>'; $query = 'SELECT * FROM `nodes_content` ORDER BY `date` DESC'; $res = engine::mysql($query); $flag = 0; while ($data = mysql_fetch_array($res)) { $flag = 1; $site->content .= print_preview($data); } if ($flag) { $site->content .= '<div style="clear:both;"></div>'; } else { $site->content = '<div style="padding-top: 70px; padding-bottom: 70px;">' . $GLOBALS["Lang"]["No articles found"] . '<div>'; } } }
function print_comments($url) { $url = trim(str_replace('"', "'", urldecode($url))); if (!empty($_POST["comment"])) { $text = str_replace('"', "'", htmlspecialchars(strip_tags($_POST["comment"]))); $text = str_replace("\n", "<br/>", $text); $query = 'SELECT * FROM `nodes_comments` WHERE `text` LIKE "' . $text . '" AND `url` LIKE "' . $url . '" AND `user_id` = "' . $_SESSION["user"]["id"] . '"'; $res = engine::mysql($query); $data = mysql_fetch_array($res); if (empty($data) && intval($_SESSION["user"]["id"] > 0)) { $query = 'INSERT INTO `nodes_comments` (`url`, `reply`, `user_id`, `text`, `date`) ' . 'VALUES("' . $url . '", "' . intval($_POST["reply"]) . '", "' . $_SESSION["user"]["id"] . '", "' . $text . '", "' . date("U") . '")'; engine::mysql($query); $query = 'SELECT * FROM `nodes_config` WHERE `name` = "send_comments_email"'; $r_conf = engine::mysql($query); $d_conf = mysql_fetch_array($r_conf); if (intval($d_conf["value"])) { $query = 'SELECT * FROM `nodes_config` WHERE `name` = "email"'; $r_email = engine::mysql($query); $d_email = mysql_fetch_array($r_email); $message = 'User ' . $_SESSION["user"]["name"] . ' add new comment!<br/>' . '<a href="' . $_SERVER["SCRIPT_URI"] . '">' . $_SERVER["SCRIPT_URI"] . '</a><br/>' . '<br/>Comment:<br/>-----------------------------<br/>' . $text; engine::send_mail($d_email["value"], "no-reply@" . $_SERVER["HTTP_HOST"], "New comment at " . $_SERVER["HTTP_HOST"], $message); } $fout .= ' <script>alert("' . $GLOBALS["Lang"]["Comment submited!"] . '");</script> '; } } $flag = 0; $fout1 .= '<table align=center style="width: 100%; max-width: 500px; font-size: 14px;">'; $query = 'SELECT * FROM `nodes_comments` WHERE `url` LIKE "' . $url . '"'; $res = engine::mysql($query); while ($data = mysql_fetch_array($res)) { if (intval($data["id"]) > 0) { $fout1 .= print_comment($data["id"]); $flag = 1; } } $fout1 .= '</table><br/>'; if (!empty($_SESSION["user"])) { if (!$flag) { $fout .= $GLOBALS["Lang"]["There is no comments"] . '<br/><br/>'; } else { $fout .= $fout1; } $fout .= ' <form method="POST"> <div id="new_comment" style="display:none;"> <h2 style="font-size: 21px;">' . $GLOBALS["Lang"]["Add new comment"] . '</h2><br/><br/> <textarea name="comment" cols=50 style="height: 80px; width: 100%; max-width: 500px;"></textarea><br/><br/> <center><input type="submit" class="btn" value="' . $GLOBALS["Lang"]["Submit comment"] . '" style="width: 280px;" /></center> </div> <input type="button" class="btn" value="' . $GLOBALS["Lang"]["Add comment"] . '" style="width: 280px;" onClick=\'document.getElementById("new_comment").style.display="block";this.style.display="none";\' /> </form> '; } return $fout; }