function seccheck($numberarray, $single) { $check = null; foreach ($numberarray as $number => $key) { if (cleanit($number) == $single) { $check = true; } } return $check; }
function users_extra_fields_profile_save() { global $user, $users_extra_fields_field; if ($users_extra_fields_field) { foreach ($users_extra_fields_field as $thefield) { foreach ($thefield as $x => $y) { if ($thefield['show_to_user'] == true) { $user->extra[$thefield['name']] = cleanit($_POST[$thefield['name']]); } } } } }
if (empty($pageURL)) { $pageURL = 'http'; if (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on') { $pageURL .= 's'; } $pageURL .= '://'; if ($_SERVER['SERVER_PORT'] != '80') { $pageURL .= $_SERVER['SERVER_NAME'] . ':' . $_SERVER['SERVER_PORT'] . $_SERVER['REQUEST_URI']; } else { $pageURL .= $_SERVER['SERVER_NAME'] . $_SERVER['REQUEST_URI']; } } return $pageURL; } if (is_numeric($_REQUEST['pid'])) { $pid = intval(cleanit($_REQUEST['pid'])); STemplate::assign('pid', $pid); } else { $error = $lang['138']; } if ($error == "") { if (does_post_exist($pid)) { $query = "SELECT * FROM posts_comments WHERE PID='" . mysql_real_escape_string($pid) . "' ORDER BY CID desc"; $executequery = $conn->execute($query); $parray = $executequery->getarray(); $newArr = sancomment($parray); STemplate::assign('comments', $newArr); STemplate::assign('totComments', count($newArr)); $query = "SELECT A.*, B.username, B.profilepicture FROM posts A, members B WHERE A.PID='" . mysql_real_escape_string($pid) . "' AND A.USERID=B.USERID"; $executequery = $conn->execute($query); $parray = $executequery->getarray();
if ($email3 != "") { if (!verify_valid_email($email3)) { $error = $lang['199']; } } $email4 = cleanit($_REQUEST['email4']); if ($email4 != "") { if (!verify_valid_email($email4)) { $error = $lang['200']; } } if ($email1 == "" && $email2 == "" && $email3 == "" && $email4 == "") { $error = $lang['201']; } if ($error == "") { $comment = cleanit($_REQUEST['message']); if ($email1 != "") { $sendto = $email1; $sendername = $config['site_name']; $from = $config['site_email']; $subject = $lang['203'] . " " . $sendername; $sendmailbody = stripslashes($email1) . ",<br><br>"; $sendmailbody .= $lang['203'] . " " . $sendername . "<br>"; $sendmailbody .= $lang['205'] . ":<br>"; $sendmailbody .= "<a href=" . $config['baseurl'] . ">" . $config['baseurl'] . "</a><br><br>"; if ($comment != "") { $sendmailbody .= $lang['207'] . ":<br>"; $sendmailbody .= stripslashes($comment) . "<br><br>"; } $sendmailbody .= $lang['206'] . ",<br>" . stripslashes($sendername); mailme($sendto, $sendername, $from, $subject, $sendmailbody, $bcc = "");
} if (empty($error)) { $imagesize = getimagesize($mytmpfile); $width = $imagesize[0]; $height = $imagesize[1]; $idname = $_POST["idname"]; if (!is_numeric($idname)) { die; } $imagename = $idname . "_original.jpg"; $newimage = $user_image_path . $imagename; $result = @move_uploaded_file($_FILES['image_file']['tmp_name'], $newimage); if (empty($result)) { $error["result"] = "There was an error moving the uploaded file."; } else { $avatar_source = cleanit($_POST['avatarsource']); $sql = "UPDATE " . table_groups . " set group_avatar='uploaded' WHERE group_id={$idname}"; $db->query($sql); $main_smarty->assign('Avatar_uploaded', 'Avatar uploaded successfully!'); /*if($avatar_source != "" && $avatar_source != "useruploaded"){ loghack('Updating profile, avatar source is not one of the list options.', 'username: '******'|email: '.$_POST["email"]); $avatar_source == ""; }*/ //$user->avatar_source=$avatar_source; //$user->store(); } } // create large avatar include mnminclude . "class.pThumb.php"; $img = new pThumb(); $img->pSetSize(group_avatar_size_width, group_avatar_size_height);
/************************************************************************************************** | PinMe Script by Scriptolution.com | http://www.pinmescript.com | webmaster@pinmescript.com | |************************************************************************************************** | | By using this software you agree that you have read and acknowledged our End-User License | Agreement available at http://www.pinmescript.com/eula.html and to be bound by it. | | Copyright (c) PinMeScript.com. All rights reserved. |**************************************************************************************************/ include "include/config.php"; include "include/functions/import.php"; $thebaseurl = $config['baseurl']; $seo = cleanit($_REQUEST['category']); if ($seo != "") { $query1 = "select name, CATID from categories WHERE seo='" . mysql_real_escape_string($seo) . "' limit 1"; $executequery1 = $conn->execute($query1); $CATID = intval($executequery1->fields['CATID']); $showcatname = $executequery1->fields['name']; STemplate::assign('showcatname', $showcatname); if ($CATID > 0) { $query = "select A.PID, A.ptitle, A.pic, A.pkey, A.price, A.youtube, B.USERID, B.username, B.fname, B.lname, B.profilepicture, C.bname from posts A, members B, boards C WHERE A.active='1' AND A.USERID=B.USERID AND A.BID=C.BID AND C.CATID='" . mysql_real_escape_string($CATID) . "' order by A.PID desc limit 50"; $results = $conn->execute($query); $pins = $results->getrows(); if (count($pins) >= 50) { STemplate::assign('more', 1); STemplate::assign('CATID', $CATID); } }
| Agreement available at http://www.gagclonescript.com/eula.html and to be bound by it. | | Copyright (c) GagCloneScript.com. All rights reserved. |**************************************************************************************************/ include "include/config.php"; include "include/functions/import.php"; $thebaseurl = $config['baseurl']; if ($_REQUEST['msgsub'] == "1") { $topic = cleanit($_REQUEST['topic']); $subject = cleanit($_REQUEST['subject']); $msg = cleanit($_REQUEST['msg']); $name = cleanit($_REQUEST['name']); $email = cleanit($_REQUEST['email']); $username = cleanit($_REQUEST['username']); $os = cleanit($_REQUEST['os']); $imagecode = cleanit($_REQUEST['imagecode']); STemplate::assign('topic', $topic); STemplate::assign('subject', $subject); STemplate::assign('msg', $msg); STemplate::assign('name', $name); STemplate::assign('email', $email); STemplate::assign('username', $username); STemplate::assign('os', $os); if ($topic == "") { $error = $lang['243']; } elseif ($subject == "") { $error = $lang['244']; } elseif ($msg == "") { $error = $lang['245']; } elseif ($name == "") { $error = $lang['246'];
<?php include "include/config.php"; include "include/functions/import.php"; $redirect = stripslashes($_REQUEST['redirect']); $r = base64_decode($redirect); STemplate::assign('r', $r); if ($_SESSION['USERID'] != "" && $redirect != "") { header("Location:{$redirect}"); exit; } if ($_REQUEST['logsub'] != "") { $username = cleanit($_REQUEST['username']); $password = cleanit($_REQUEST['password']); $passwordc = cleanit($_REQUEST['passwordc']); $email = cleanit($_REQUEST['email']); //$user_captcha_solution = cleanit($_REQUEST['user_captcha_solution']); $user_captcha_solution = false; // by rudem if ($username == "") { $error = $lang['4']; } elseif (strlen($username) < 2) { $error = $lang['8']; } elseif (!verify_email_username($username)) { $error = $lang['6']; } elseif ($password == "") { $error = $lang['5']; } elseif ($passwordc == "") { $error = $lang['294']; } elseif ($password != $passwordc) { $error = $lang['295'];
} else { header("Location:{$config['baseurl']}/"); exit; } } } else { if ($_REQUEST['jsub'] != "1") { $user_username = $screen_name; $user_fname = $f_name; $user_lname = $l_name; } else { $user_email = cleanit($_REQUEST['user_email']); $user_username = cleanit($_REQUEST['user_username']); $user_fname = cleanit($_REQUEST['user_fname']); $user_lname = cleanit($_REQUEST['user_lname']); $user_password = cleanit($_REQUEST['user_password']); if ($user_username == "") { $error = $lang['19']; } elseif (strlen($user_username) < 3) { $error = $lang['20']; } elseif (!preg_match("/^[a-zA-Z0-9]*\$/i", $user_username)) { $error = $lang['21']; } elseif (!verify_email_username($user_username)) { $error = $lang['14']; } elseif ($user_fname == "") { $error = $lang['103']; } elseif ($user_lname == "") { $error = $lang['104']; } elseif ($user_email == "") { $error = $lang['35']; } elseif (!verify_valid_email($user_email)) {
/************************************************************************************************** | PinMe Script by Scriptolution.com | http://www.pinmescript.com | webmaster@pinmescript.com | |************************************************************************************************** | | By using this software you agree that you have read and acknowledged our End-User License | Agreement available at http://www.pinmescript.com/eula.html and to be bound by it. | | Copyright (c) PinMeScript.com. All rights reserved. |**************************************************************************************************/ include "include/config.php"; include "include/functions/import.php"; $thebaseurl = $config['baseurl']; $q = intval(cleanit($_REQUEST['params']['q'])); STemplate::assign('q', $q); if ($q > 0) { $addme = "AND D.USERID ='" . mysql_real_escape_string($q) . "'"; $offset = intval($_REQUEST['offset']); $query = "select A.PID, A.ptitle, A.pic, A.pkey, A.price, A.youtube, A.USERID, C.bname from posts A, boards C, posts_fav D WHERE A.active='1' AND A.BID=C.BID AND A.PID=D.PID {$addme} order by A.points desc, A.viewcount desc, A.PID desc limit {$offset}, 10"; $results = $conn->execute($query); $pins = $results->getrows(); STemplate::assign('pins', $pins); $pcount = count($pins); $html = STemplate::fetch('more_owner_likes.tpl'); $arr = array('count' => $pcount, 'lastPage' => false, 'html' => $html); header("Content-Type: application/json"); echo json_encode($arr); }
$sortby = "CATID"; $sort = " order by CATID"; $add1 = "&sortby=CATID"; } if ($_REQUEST['sorthow'] == "desc") { $sorthow = "desc"; $add1 .= "&sorthow=desc"; } else { $sorthow = "asc"; $add1 .= "&sorthow=asc"; } //Search $fromid = intval($_REQUEST['fromid']); $toid = intval($_REQUEST['toid']); $name = cleanit($_REQUEST['name']); $details = cleanit($_REQUEST['details']); $add1 .= "&fromid={$fromid}&toid={$toid}&name={$name}&details={$details}"; if ($_POST['submitform'] == "1" || ($_REQUEST['fromid'] != "" || $toid > 0 || $name != "" || $details != "")) { if ($fromid > 0) { $addtosql = "WHERE CATID>='" . mysql_real_escape_string($fromid) . "'"; Stemplate::assign('fromid', $fromid); } else { $addtosql = "WHERE CATID>'" . mysql_real_escape_string($fromid) . "'"; } if ($toid > 0) { $addtosql .= "AND CATID<='" . mysql_real_escape_string($toid) . "'"; Stemplate::assign('toid', $toid); } if ($name != "") { $addtosql .= "AND name like'%" . mysql_real_escape_string($name) . "%'"; Stemplate::assign('name', $name);
} } } } } } else { $post_type = cleanit($_REQUEST['post_type']); if ($post_type == "Photo") { $nsfw = intval(cleanit($_REQUEST['nsfw'])); $source = cleanit($_REQUEST['source']); $tags = cleanit($_REQUEST['tags']); $title = cleanit($_REQUEST['title']); $title = str_replace("#", "#", $title); findHashDeleteCache($title); $url = cleanit($_REQUEST['url']); $category = intval(cleanit($_REQUEST['category'])); if ($url == "") { $error = $lang['96']; } elseif ($title == "") { $error = $lang['95']; } else { $pos = strrpos($url, "."); $ph = strtolower(substr($url, $pos + 1, strlen($url) - $pos)); if ($ph == "jpg" || $ph == "jpeg" || $ph == "png" || $ph == "gif") { $query = "INSERT INTO posts SET USERID='" . mysql_real_escape_string($SID) . "', story='" . mysql_real_escape_string($title) . "', tags='" . mysql_real_escape_string($tags) . "', source='" . mysql_real_escape_string($source) . "', category='" . mysql_real_escape_string($category) . "', nsfw='" . mysql_real_escape_string($nsfw) . "', url='" . mysql_real_escape_string($url) . "', time_added='" . time() . "', date_added='" . date("Y-m-d") . "', active='0', pip='" . $_SERVER['REMOTE_ADDR'] . "'"; $result = $conn->execute($query); $pid = mysql_insert_id(); $uploadedimage = $config['pdir'] . '/' . $pid . '-temp.' . $ph; if (!download_photo($url, $uploadedimage)) { $error = $lang['97']; $query = "DELETE FROM posts WHERE PID='" . mysql_real_escape_string($pid) . "'";
$results = $conn->execute($query); $returnthis = $results->getrows(); return $returnthis; } function insert_get_all_cats() { global $config, $conn; $query = "select CATID,name from categories order by name asc"; $results = $conn->execute($query); $returnthis = $results->getrows(); return $returnthis; } $BID = intval($_REQUEST['BID']); if ($_POST['submitform'] == "1") { if ($BID > 0) { $bname = cleanit($_REQUEST['bname']); if ($bname == "") { $error = $lang['80']; } elseif (!preg_match("/^[a-zA-Z0-9 ]*\$/i", $bname)) { $error = $lang['105']; } elseif ($bname == $lang['82']) { $error = $lang['80']; } elseif (strlen($bname) > 100) { $error = $lang['238']; } else { $USERID = intval($_REQUEST['USERID']); $CATID = intval($_REQUEST['CATID']); $sql = "update boards set bname='" . mysql_real_escape_string($bname) . "', USERID='" . mysql_real_escape_string($USERID) . "', CATID='" . mysql_real_escape_string($CATID) . "' where BID='" . mysql_real_escape_string($BID) . "'"; $conn->execute($sql); $message = "Board Successfully Edited."; Stemplate::assign('message', $message);
/************************************************************************************************** | PinMe Script by Scriptolution.com | http://www.pinmescript.com | webmaster@pinmescript.com | |************************************************************************************************** | | By using this software you agree that you have read and acknowledged our End-User License | Agreement available at http://www.pinmescript.com/eula.html and to be bound by it. | | Copyright (c) PinMeScript.com. All rights reserved. |**************************************************************************************************/ include "include/config.php"; include "include/functions/import.php"; $thebaseurl = $config['baseurl']; $q = cleanit($_REQUEST['params']['q']); STemplate::assign('q', $q); if ($q != "") { $addme = "AND A.source like '%" . mysql_real_escape_string($q) . "%'"; } $offset = intval($_REQUEST['offset']); $query = "select A.PID, A.ptitle, A.pic, A.pkey, A.price, A.youtube, B.USERID, B.username, B.fname, B.lname, B.profilepicture, C.bname from posts A, members B, boards C WHERE A.active='1' AND A.USERID=B.USERID AND A.BID=C.BID {$addme} order by A.points desc, A.viewcount desc, A.PID desc limit {$offset}, 10"; $results = $conn->execute($query); $pins = $results->getrows(); STemplate::assign('pins', $pins); $pcount = count($pins); $html = STemplate::fetch('more.tpl'); $arr = array('count' => $pcount, 'lastPage' => false, 'html' => $html); header("Content-Type: application/json"); echo json_encode($arr);
| webmaster@pinmescript.com | |************************************************************************************************** | | By using this software you agree that you have read and acknowledged our End-User License | Agreement available at http://www.pinmescript.com/eula.html and to be bound by it. | | Copyright (c) PinMeScript.com. All rights reserved. |**************************************************************************************************/ include "include/config.php"; include "include/functions/import.php"; $thebaseurl = $config['baseurl']; $SID = intval($_SESSION['USERID']); $subpin = intval(cleanit($_REQUEST['subpin'])); $board_id = intval(cleanit($_REQUEST['board_id'])); $comment = cleanit($_REQUEST['comment']); $iname = $_FILES['iurl']['name']; if ($SID > 0) { if ($subpin > 0) { if ($board_id == "0") { $arr = array('error' => true, 'msg' => $lang['87']); } elseif ($comment == "") { $arr = array('error' => true, 'msg' => $lang['88']); } elseif (strlen($comment) > 500) { $arr = array('error' => true, 'msg' => $lang['237']); } elseif ($iname == "") { $arr = array('error' => true, 'msg' => $lang['168']); } else { $pos = strrpos($iname, "."); $ph = strtolower(substr($iname, $pos + 1, strlen($iname) - $pos)); if ($ph == "jpg" || $ph == "jpeg" || $ph == "png" || $ph == "gif") {
| Copyright (c) PinMeScript.com. All rights reserved. |**************************************************************************************************/ include "include/config.php"; include "include/functions/import.php"; $thebaseurl = $config['baseurl']; $SID = intval($_SESSION['USERID']); if ($SID > 0) { $ido = intval(cleanit($_REQUEST['id'])); if ($ido > 0) { $query = "select BID from boards WHERE BID='" . mysql_real_escape_string($ido) . "' AND USERID='" . mysql_real_escape_string($SID) . "'"; $executequery = $conn->execute($query); $id = $executequery->fields['BID']; if ($id > 0) { if ($_REQUEST['esub'] == "1") { $bname = cleanit($_REQUEST['bname']); $cat = intval(cleanit($_REQUEST['cat'])); if ($bname == "") { $error = $lang['80']; } elseif (!preg_match("/^[a-zA-Z0-9 ]*\$/i", $bname)) { $error = $lang['105']; } elseif (strlen($bname) > 100) { $error = $lang['238']; } elseif ($cat == "0") { $error = $lang['81']; } else { $query = "UPDATE boards SET bname='" . mysql_real_escape_string($bname) . "', CATID='" . mysql_real_escape_string($cat) . "' WHERE USERID='" . mysql_real_escape_string($SID) . "' AND BID='" . mysql_real_escape_string($id) . "' limit 1"; $conn->execute($query); $query = "UPDATE activity SET bname='" . mysql_real_escape_string($bname) . "' WHERE atype='folb' AND FOLB='" . mysql_real_escape_string($id) . "'"; $conn->execute($query); $msg = $lang['241']; }
<?php include "include/config.php"; include "include/functions/import.php"; $PID = intval(cleanit($_REQUEST['id'])); $SID = intval(cleanit($_SESSION['USERID'])); if ($SID > 0) { if ($PID > 0) { //dem $cacheName = $config['basedir'] . '/themes/cache/' . $PID . '.txt'; if (file_exists($cacheName)) { $json = (array) json_decode(file_get_contents($cacheName)); } $favsta = scriptolution_fav_status($PID); if ($favsta == "1") { $query = "DELETE FROM posts_favorited WHERE PID='" . mysql_real_escape_string($PID) . "' AND USERID='" . mysql_real_escape_string($SID) . "'"; $result = $conn->execute($query); } else { $query = "INSERT INTO posts_favorited SET PID='" . mysql_real_escape_string($PID) . "', USERID='" . mysql_real_escape_string($SID) . "'"; $result = $conn->execute($query); } } } $fav_scripto_count = scriptolution_fav_count($PID); echo $fav_scripto_count;
/************************************************************************************************** | PinMe Script by Scriptolution.com | http://www.pinmescript.com | webmaster@pinmescript.com | |************************************************************************************************** | | By using this software you agree that you have read and acknowledged our End-User License | Agreement available at http://www.pinmescript.com/eula.html and to be bound by it. | | Copyright (c) PinMeScript.com. All rights reserved. |**************************************************************************************************/ include "include/config.php"; include "include/functions/import.php"; $iurl = cleanit($_REQUEST['url']); if ($iurl != "") { $ytpos = strpos($iurl, "http://www.youtube.com/watch?v="); $ytposb = strpos($iurl, "http://www.youtu.be/"); $ytposc = strpos($iurl, "http://youtu.be/"); if ($ytpos === false) { if ($ytposb === false) { if ($ytposc === false) { $yskip = "1"; $ypro = "0"; } else { $ypro = "3"; } } else { $ypro = "2"; }
include "include/config.php"; include "include/functions/import.php"; $thebaseurl = $config['baseurl']; $r = cleanit(stripslashes($_REQUEST['r'])); STemplate::assign('r', $r); if ($config['invite_mode'] == "1") { $templateselect = "signup2.tpl"; } else { if ($_REQUEST['jsub'] == "1") { $user_email = cleanit($_REQUEST['user_email']); $user_username = cleanit($_REQUEST['user_username']); $user_fname = cleanit($_REQUEST['user_fname']); $user_lname = cleanit($_REQUEST['user_lname']); $user_password = cleanit($_REQUEST['user_password']); $user_password2 = cleanit($_REQUEST['user_password2']); $user_captcha_solution = cleanit($_REQUEST['user_captcha_solution']); if ($user_username == "") { $error = $lang['19']; } elseif (strlen($user_username) < 3) { $error = $lang['20']; } elseif (!preg_match("/^[a-zA-Z0-9]*\$/i", $user_username)) { $error = $lang['21']; } elseif (!verify_email_username($user_username)) { $error = $lang['14']; } elseif ($user_fname == "") { $error = $lang['103']; } elseif ($user_lname == "") { $error = $lang['104']; } elseif ($user_email == "") { $error = $lang['35']; } elseif (!verify_valid_email($user_email)) {
| |************************************************************************************************** | | By using this software you agree that you have read and acknowledged our End-User License | Agreement available at http://www.gagclonescript.com/eula.html and to be bound by it. | | Copyright (c) GagCloneScript.com. All rights reserved. |**************************************************************************************************/ include "../include/config.php"; include_once "../include/functions/import.php"; verify_login_admin(); if ($_POST['submitform'] == "1") { $details = cleanit($_POST['details']); $code = $_POST['c']; $nsfwcode = cleanit($_POST['nsfwcode']); $active = intval(cleanit($_POST['active'])); if ($details == "") { $error = "Error: Please enter a description."; } elseif ($code == "") { $error = "Error: Please enter your Safe Mode On advertisement code."; } elseif ($nsfwcode == "") { $error = "Error: Please enter your Safe Mode Off advertisement code."; } else { $sql = "insert advertisements set description='" . mysql_real_escape_string($details) . "', code='" . mysql_real_escape_string($code) . "', nsfwcode='" . mysql_real_escape_string($nsfwcode) . "', active='" . mysql_real_escape_string($active) . "'"; $conn->execute($sql); $message = "Advertisement Successfully Added."; Stemplate::assign('message', $message); } } $mainmenu = "11"; $submenu = "1";
include "include/config.php"; include "include/functions/import.php"; $thebaseurl = $config['baseurl']; $cseo = cleanit($_REQUEST['cid']); if ($cseo != "") { $query = "SELECT * FROM categories WHERE seo='" . mysql_real_escape_string($cseo) . "' limit 1"; $executequery = $conn->execute($query); $CATID = $executequery->fields['CATID']; $CATID = intval($CATID); if ($CATID > 0) { $seo = $executequery->fields['seo']; $cname = $executequery->fields['name']; STemplate::assign('cname', $cname); STemplate::assign('seo', $seo); STemplate::assign('CATID', $CATID); $page = intval(cleanit($_REQUEST['page'])); if ($page == "") { $page = "1"; } $currentpage = $page; if ($page >= 2) { $pagingstart = ($page - 1) * $config['items_per_page']; } else { $pagingstart = "0"; } $query1 = "SELECT count(*) as total from posts A, members B where A.active='1' AND A.USERID=B.USERID AND A.category='" . mysql_real_escape_string($CATID) . "' order by A.PID desc limit {$config['maximum_results']}"; $query2 = "SELECT A.*, B.username from posts A, members B where A.active='1' AND A.USERID=B.USERID AND A.category='" . mysql_real_escape_string($CATID) . "' order by A.PID desc limit {$pagingstart}, {$config['items_per_page']}"; $executequery1 = $conn->Execute($query1); $totalvideos = $executequery1->fields['total']; $infinity_paging = $config['infinity_paging']; if ($infinity_paging == "1") {
/************************************************************************************************** | Gag Clone Script | http://www.gagclonescript.com | webmaster@gagclonescript.com | |************************************************************************************************** | | By using this software you agree that you have read and acknowledged our End-User License | Agreement available at http://www.gagclonescript.com/eula.html and to be bound by it. | | Copyright (c) GagCloneScript.com. All rights reserved. |**************************************************************************************************/ include "include/config.php"; include "include/functions/import.php"; $thebaseurl = $config['baseurl']; $USERID = intval(cleanit($_REQUEST['UID'])); if ($USERID > 0) { $page = intval($_REQUEST['page']); if ($page == "") { $page = "1"; } $currentpage = $page; STemplate::assign('page', $page); if ($page >= 2) { $pagingstart = ($page - 1) * $config['items_per_page']; } else { $pagingstart = "0"; } $query1 = "SELECT count(*) as total from posts A, members B where A.active='1' AND A.USERID=B.USERID AND A.USERID='" . mysql_real_escape_string($USERID) . "' order by A.PID desc limit {$config['maximum_results']}"; $query2 = "SELECT A.*, B.username from posts A, members B where A.active='1' AND A.USERID=B.USERID AND A.USERID='" . mysql_real_escape_string($USERID) . "' order by A.PID desc limit {$pagingstart}, {$config['items_per_page']}"; $executequery1 = $conn->Execute($query1);
<?php /************************************************************************************************** | PinMe Script by Scriptolution.com | http://www.pinmescript.com | webmaster@pinmescript.com | |************************************************************************************************** | | By using this software you agree that you have read and acknowledged our End-User License | Agreement available at http://www.pinmescript.com/eula.html and to be bound by it. | | Copyright (c) PinMeScript.com. All rights reserved. |**************************************************************************************************/ include "include/config.php"; include "include/functions/import.php"; $thebaseurl = $config['baseurl']; $SID = intval(cleanit($_SESSION['USERID'])); if ($SID > 0) { $COMID = intval(cleanit($_REQUEST['id'])); if ($COMID > 0) { $query = "DELETE FROM comments WHERE USERID='" . mysql_real_escape_string($SID) . "' AND COMID='" . mysql_real_escape_string($COMID) . "'"; $result = $conn->execute($query); $query = "DELETE FROM activity WHERE atype='com' AND COMID='" . mysql_real_escape_string($COMID) . "'"; $result = $conn->execute($query); } }
| webmaster@gagclonescript.com | |************************************************************************************************** | | By using this software you agree that you have read and acknowledged our End-User License | Agreement available at http://www.gagclonescript.com/eula.html and to be bound by it. | | Copyright (c) GagCloneScript.com. All rights reserved. |**************************************************************************************************/ $lskip = "1"; include "include/config.php"; include "include/functions/import.php"; $SID = intval($_SESSION['USERID']); if ($SID > 0) { if ($_REQUEST['jlog'] == "1") { $user_username = cleanit($_REQUEST['username']); if ($user_username == "") { $error = $lang['4']; } elseif (strlen($user_username) < 2) { $error = $lang['8']; } elseif (!preg_match("/^[a-zA-Z0-9]*\$/i", $user_username)) { $error = $lang['7']; } elseif (!verify_email_username($user_username)) { $error = $lang['6']; } if ($error == "") { $query = "UPDATE members SET username='******' WHERE USERID='" . mysql_real_escape_string($SID) . "'"; $result = $conn->execute($query); $_SESSION['USERNAME'] = $user_username; header("Location:{$config['baseurl']}/settings"); exit;
| http://www.pinmescript.com | webmaster@pinmescript.com | |************************************************************************************************** | | By using this software you agree that you have read and acknowledged our End-User License | Agreement available at http://www.pinmescript.com/eula.html and to be bound by it. | | Copyright (c) PinMeScript.com. All rights reserved. |**************************************************************************************************/ include "include/config.php"; include "include/functions/import.php"; $thebaseurl = $config['baseurl']; $SID = intval(cleanit($_SESSION['USERID'])); if ($SID > 0) { $USERID = intval(cleanit($_REQUEST['user_id'])); if ($USERID > 0) { $query = "DELETE FROM followm WHERE USERID='" . mysql_real_escape_string($SID) . "' AND ISFOL='" . mysql_real_escape_string($USERID) . "'"; $result = $conn->execute($query); $query2 = "select BID from boards WHERE USERID='" . mysql_real_escape_string($USERID) . "'"; $results2 = $conn->execute($query2); $bp = $results2->getrows(); foreach ($bp as &$value) { $BID = $value['BID']; $query = "DELETE FROM followb WHERE USERID='" . mysql_real_escape_string($SID) . "' AND ISFOLBID='" . mysql_real_escape_string($BID) . "'"; $result = $conn->execute($query); } $query = "DELETE FROM activity WHERE atype='folm' AND USERID='" . mysql_real_escape_string($SID) . "' AND FOLM='" . mysql_real_escape_string($USERID) . "'"; $result = $conn->execute($query); } }
function save_profile() { global $user, $current_user, $db; if (!isset($_POST['save_profile']) || !isset($_POST['process']) || $_POST['user_id'] != $current_user->user_id) { return; } if (!check_email(cleanit($_POST['email']))) { echo '<p class="form-error">' . _(PLIGG_Visual_Profile_BadEmail) . '</p>'; } else { $user->email = cleanit($_POST['email']); } $user->url = cleanit($_POST['url']); $user->public_email = cleanit($_POST['public_email']); $user->location = cleanit($_POST['location']); $user->occupation = cleanit($_POST['occupation']); $user->aim = cleanit($_POST['aim']); $user->msn = cleanit($_POST['msn']); $user->yahoo = cleanit($_POST['yahoo']); $user->gtalk = cleanit($_POST['gtalk']); $user->skype = cleanit($_POST['skype']); $user->irc = cleanit($_POST['irc']); $user->names = cleanit($_POST['names']); check_actions('profile_save'); $avatar_source = cleanit($_POST['avatarsource']); if ($avatar_source != "" && $avatar_source != "useruploaded") { loghack('Updating profile, avatar source is not one of the list options.', 'username: '******'|email: ' . $_POST["email"]); $avatar_source == ""; } $user->avatar_source = $avatar_source; if (!empty($_POST['password']) || !empty($_POST['password2'])) { $oldpass = $_POST['oldpassword']; $userX = $db->get_row("SELECT user_id, user_pass, user_login FROM " . table_users . " WHERE user_login = '******'"); $saltedpass = generateHash($oldpass, substr($userX->user_pass, 0, SALT_LENGTH)); if ($userX->user_pass == $saltedpass) { if ($_POST['password'] !== $_POST['password2']) { $msg = '<p align=center><span class=error>' . _(PLIGG_Visual_Profile_BadPass) . '</span></p>'; return $msg; } else { $user->pass = trim($_POST['password']); $msg = '<p align=center><span class=error>' . _(PLIGG_Visual_Profile_PassUpdated) . '</span></p>'; } } else { $msg = '<p align=center><span class=error>' . PLIGG_Visual_Profile_BadOldPass . '</span></p>'; return $msg; } } $user->store(); $user->read(); $current_user->Authenticate($user->username, $user->pass); if (!$msg) { $msg = '<p align=center><span class=error>' . _(PLIGG_Visual_Profile_DataUpdated) . '</span></p>'; } return $msg; }
/************************************************************************************************** | PinMe Script by Scriptolution.com | http://www.pinmescript.com | webmaster@pinmescript.com | |************************************************************************************************** | | By using this software you agree that you have read and acknowledged our End-User License | Agreement available at http://www.pinmescript.com/eula.html and to be bound by it. | | Copyright (c) PinMeScript.com. All rights reserved. |**************************************************************************************************/ include "include/config.php"; include "include/functions/import.php"; $thebaseurl = $config['baseurl']; $q = cleanit($_REQUEST['q']); STemplate::assign('q', $q); if ($q != "") { $query = "select A.PID, A.ptitle, A.pic, A.pkey, A.price, A.youtube, B.USERID, B.username, B.fname, B.lname, B.profilepicture, C.bname from posts A, members B, boards C WHERE A.active='1' AND A.USERID=B.USERID AND A.BID=C.BID AND A.source like'%" . mysql_real_escape_string($q) . "%' order by A.points desc, A.viewcount desc, A.PID desc limit 50"; $results = $conn->execute($query); $pins = $results->getrows(); if (count($pins) >= 50) { STemplate::assign('more', 1); } } STemplate::assign('pagetitle', stripslashes($q)); //TEMPLATES BEGIN STemplate::assign('pins', $pins); STemplate::display('header.tpl'); STemplate::display('source.tpl'); STemplate::display('footer.tpl');
| | By using this software you agree that you have read and acknowledged our End-User License | Agreement available at http://www.gagclonescript.com/eula.html and to be bound by it. | | Copyright (c) GagCloneScript.com. All rights reserved. |**************************************************************************************************/ include "../include/config.php"; include_once "../include/functions/import.php"; verify_login_admin(); if ($_POST['submitform'] == "1") { $name = htmlentities(strip_tags($_REQUEST['name']), ENT_COMPAT, "UTF-8"); $seo = htmlentities(strip_tags($_REQUEST['seo']), ENT_COMPAT, "UTF-8"); $seo = str_replace("\\/", "", $seo); $seo = str_replace("/", "-", $seo); $seo = str_replace("&", "", $seo); $seo = str_replace("&", "", $seo); $seo = str_replace(" ", "", $seo); $parent = "0"; $details = cleanit($_POST['details']); $sql = "insert categories set name='" . mysql_real_escape_string($name) . "', seo='" . mysql_real_escape_string($seo) . "', parent='" . mysql_real_escape_string($parent) . "', details='" . mysql_real_escape_string($details) . "'"; $conn->execute($sql); $message = "Category Successfully Added."; Stemplate::assign('message', $message); } $mainmenu = "3"; $submenu = "1"; Stemplate::assign('mainmenu', $mainmenu); Stemplate::assign('submenu', $submenu); STemplate::display("administrator/global_header.tpl"); STemplate::display("administrator/cat_add.tpl"); STemplate::display("administrator/global_footer.tpl");
/************************************************************************************************** | PinMe Script by Scriptolution.com | http://www.pinmescript.com | webmaster@pinmescript.com | |************************************************************************************************** | | By using this software you agree that you have read and acknowledged our End-User License | Agreement available at http://www.pinmescript.com/eula.html and to be bound by it. | | Copyright (c) PinMeScript.com. All rights reserved. |**************************************************************************************************/ include "include/config.php"; include "include/functions/import.php"; $thebaseurl = $config['baseurl']; $uname = cleanit($_REQUEST['uname']); if ($uname != "") { $query = "select USERID, username, fname, lname, profilepicture, description, gender, website, location from members where username='******' AND status='1'"; $executequery = $conn->execute($query); $u = $executequery->getrows(); STemplate::assign('u', $u[0]); $USERID = intval($u[0]['USERID']); if ($USERID > 0) { if ($config['use_username'] == "1") { $seo = stripslashes($u[0]['username']); } else { $seo = stripslashes($u[0]['fname']) . " " . stripslashes($u[0]['lname']); } STemplate::assign('pagetitle', $seo); $query = "select A.USERID, A.username, B.bname, B.BID, B.pincount from members A, boards B WHERE A.USERID=B.USERID AND A.status='1' AND B.USERID='" . mysql_real_escape_string($USERID) . "' order by pincount desc limit 100"; $results = $conn->execute($query);
<?php /************************************************************************************************** | Gag Clone Script | http://www.gagclonescript.com | webmaster@gagclonescript.com | |************************************************************************************************** | | By using this software you agree that you have read and acknowledged our End-User License | Agreement available at http://www.gagclonescript.com/eula.html and to be bound by it. | | Copyright (c) GagCloneScript.com. All rights reserved. |**************************************************************************************************/ include "include/config.php"; include "include/functions/import.php"; $pid = intval(cleanit($_REQUEST['id'])); $reasons = intval(cleanit($_REQUEST['value'])); if ($pid > 0) { if ($reasons > 0) { $query = "INSERT INTO posts_reports SET PID='" . mysql_real_escape_string($pid) . "', reason='" . mysql_real_escape_string($reasons) . "', time='" . time() . "', ip='" . $_SERVER['REMOTE_ADDR'] . "'"; $result = $conn->execute($query); } } echo $lang['288'];