/** * send "tell a friend" email */ function SendTellFriend($iSenderID = 0) { global $profileID; $sRecipient = clear_xss($_POST['friends_emails']); $sSenderName = clear_xss($_POST['name']); $sSenderEmail = clear_xss($_POST['email']); if (strlen(trim($sRecipient)) <= 0) { return 0; } if (strlen(trim($sSenderEmail)) <= 0) { return 0; } $sLinkAdd = $iSenderID > 0 ? 'idFriend=' . $iSenderID : ''; $rEmailTemplate = new BxDolEmailTemplates(); if ($profileID) { $aTemplate = $rEmailTemplate->getTemplate('t_TellFriendProfile', $profileID); $Link = getProfileLink($profileID, $sLinkAdd); } else { $aTemplate = $rEmailTemplate->getTemplate('t_TellFriend'); $Link = BX_DOL_URL_ROOT; if (strlen($sLinkAdd) > 0) { $Link .= '?' . $sLinkAdd; } } $aPlus = array('Link' => $Link, 'FromName' => $sSenderName); return sendMail($sRecipient, $aTemplate['Subject'], $aTemplate['Body'], '', $aPlus); }
/** * send "tell a friend" email */ function SendTellFriend($iSenderID = 0) { global $profileID; $sSenderEmail = clear_xss(bx_get('sender_email')); if (strlen(trim($sSenderEmail)) <= 0) { return 0; } $sSenderName = clear_xss(bx_get('sender_name')); $sSenderLink = $iSenderID != 0 ? getProfileLink($iSenderID) : BX_DOL_URL_ROOT; $sRecipientEmail = clear_xss(bx_get('recipient_email')); if (strlen(trim($sRecipientEmail)) <= 0) { return 0; } $sLinkAdd = $iSenderID > 0 ? 'idFriend=' . $iSenderID : ''; $rEmailTemplate = new BxDolEmailTemplates(); if ($profileID) { $aTemplate = $rEmailTemplate->getTemplate('t_TellFriendProfile', getLoggedId()); $Link = getProfileLink($profileID, $sLinkAdd); } else { $aTemplate = $rEmailTemplate->getTemplate('t_TellFriend', getLoggedId()); $Link = BX_DOL_URL_ROOT; if (strlen($sLinkAdd) > 0) { $Link .= '?' . $sLinkAdd; } } return sendMail($sRecipientEmail, $aTemplate['Subject'], $aTemplate['Body'], '', array('Link' => $Link, 'SenderName' => $sSenderName, 'SenderLink' => $sSenderLink)); }
function actionGetImage($sParamValue, $sParamValue1) { $sParamValue = clear_xss($sParamValue); $sParamValue1 = clear_xss($sParamValue1); $iPointPos = strrpos($sParamValue1, '.'); $sKey = substr($sParamValue1, 0, $iPointPos); $iId = $this->_oDb->getIdByHash($sKey); if ($iId > 0) { $sExt = substr($sParamValue1, $iPointPos + 1); switch ($sExt) { case 'png': $sCntType = 'image/x-png'; break; case 'gif': $sCntType = 'image/gif'; break; default: $sCntType = 'image/jpeg'; } $sPath = $this->_oConfig->getFilesPath() . $iId . str_replace('{ext}', $sExt, $this->_oConfig->aFilePostfix[$sParamValue]); $sAdd = ''; if ($this->iHeaderCacheTime > 0) { $iLastModTime = filemtime($sPath); $sAdd = ", max-age={$this->iHeaderCacheTime}, Last-Modified: " . gmdate("D, d M Y H:i:s", $iLastModTime) . " GMT"; } header("Cache-Control: must-revalidate, post-check=0, pre-check=0" . $sAdd); header("Content-Type:" . $sCntType); header("Content-Length: " . filesize($sPath)); readfile($sPath); } else { header("HTTP/1.0 404 Not Found"); echo _t('_sys_request_page_not_found_cpt'); } exit; }
/** * page code function */ function PageCompPageMainCode($iID, $sConfCode) { global $site; $ID = (int) $iID; $ConfCode = clear_xss($sConfCode); $p_arr = getProfileInfo($ID); if (!$p_arr) { $_page['header'] = _t("_Error"); $_page['header_text'] = _t("_Profile Not found"); return MsgBox(_t('_Profile Not found Ex')); } $aCode = array('message_status' => '', 'message_info' => '', 'bx_if:form' => array('condition' => false, 'content' => array('form' => '')), 'bx_if:next' => array('condtion' => false, 'content' => array('next_url' => ''))); if ($p_arr['Status'] == 'Unconfirmed') { $ConfCodeReal = base64_encode(base64_encode(crypt($p_arr[Email], CRYPT_EXT_DES ? "secret_co" : "se"))); if (strcmp($ConfCode, $ConfCodeReal) != 0) { $aForm = array('form_attrs' => array('action' => BX_DOL_URL_ROOT . 'profile_activate.php', 'method' => 'post', 'name' => 'form_change_status'), 'inputs' => array('conf_id' => array('type' => 'hidden', 'name' => 'ConfID', 'value' => $ID), 'conf_code' => array('type' => 'text', 'name' => 'ConfCode', 'value' => '', 'caption' => _t("_Confirmation code")), 'submit' => array('type' => 'submit', 'name' => 'submit', 'value' => _t("_Submit")))); $oForm = new BxTemplFormView($aForm); $aCode['message_status'] = _t("_Profile activation failed"); $aCode['message_info'] = _t("_EMAIL_CONF_FAILED_EX"); $aCode['bx_if:form']['condition'] = true; $aCode['bx_if:form']['content']['form'] = $oForm->getCode(); } else { $aCode['bx_if:next']['condition'] = true; $aCode['bx_if:next']['content']['next_url'] = BX_DOL_URL_ROOT . 'member.php'; $send_act_mail = false; if (getParam('autoApproval_ifJoin') == 'on' && !(getParam('sys_dnsbl_enable') && 'approval' == getParam('sys_dnsbl_behaviour') && bx_is_ip_dns_blacklisted('', 'join'))) { $status = 'Active'; $send_act_mail = true; $aCode['message_info'] = _t("_PROFILE_CONFIRM"); } else { $status = 'Approval'; $aCode['message_info'] = _t("_EMAIL_CONF_SUCCEEDED", $site['title']); } $update = bx_admin_profile_change_status($ID, $status, $send_act_mail); // Promotional membership if (getParam('enable_promotion_membership') == 'on') { $memership_days = getParam('promotion_membership_days'); setMembership($p_arr['ID'], MEMBERSHIP_ID_PROMOTION, $memership_days, true); } // check couple profile; if ($p_arr['Couple']) { $update = bx_admin_profile_change_status($p_arr['Couple'], $status); //Promotional membership if (getParam('enable_promotion_membership') == 'on') { $memership_days = getParam('promotion_membership_days'); setMembership($p_arr['Couple'], MEMBERSHIP_ID_PROMOTION, $memership_days, true); } } if (getParam('newusernotify')) { $oEmailTemplates = new BxDolEmailTemplates(); $aTemplate = $oEmailTemplates->getTemplate('t_UserConfirmed', $p_arr['ID']); sendMail($site['email_notify'], $aTemplate['Subject'], $aTemplate['Body'], $p_arr['ID']); } } } else { $aCode['message_info'] = _t('_ALREADY_ACTIVATED'); } return $GLOBALS['oSysTemplate']->parseHtmlByName('profile_activate.html', $aCode); }
function getFileConcept($iFileId, $aExtra = array()) { $sOverride = false; $oAlert = new BxDolAlerts($this->_oConfig->getMainPrefix(), 'display_player', $iFileId, getLoggedId(), array('extra' => $aExtra, 'override' => &$sOverride)); $oAlert->alert(); if ($sOverride) { return $sOverride; } $iFileId = (int) $iFileId; return '<div class="viewFile" style="width:100%">' . getApplicationContent('mp3', 'player', array('id' => $iFileId, 'user' => (int) $_COOKIE['memberID'], 'password' => clear_xss($_COOKIE['memberPassword'])), true) . '</div>'; }
function getFileConcept($iFileId, $aExtra = array()) { $iFileId = (int) $iFileId; if (empty($aExtra['ext'])) { $sPlayer = getApplicationContent('video', 'player', array('id' => $iFileId, 'user' => $this->iViewer, 'password' => clear_xss($_COOKIE['memberPassword'])), true); } else { $sPlayer = str_replace("#video#", $aExtra['ext'], YOUTUBE_VIDEO_PLAYER); $sPlayer = str_replace("#wmode#", getWMode(), $sPlayer); $sPlayer = str_replace("#autoplay#", getSettingValue("video", "autoPlay") == TRUE_VAL ? "1" : "0", $sPlayer); } $iWidth = (int) $this->_oConfig->getGlParam('file_width'); return '<div class="viewFile" style="width: ' . ($iWidth + 2) . 'px;">' . $sPlayer . '</div>'; }
protected function _testClearXss($isAdmin, $sCalled) { // create mock object instance of HTMLPurifier class require_once BX_DIRECTORY_PATH_PLUGINS . 'htmlpurifier/HTMLPurifier.standalone.php'; $GLOBALS['oHtmlPurifier'] = $this->getMock('HTMLPurifier'); // set admin or not admin user $GLOBALS['logged']['admin'] = $isAdmin; // check if we have instance of correct class $this->assertInstanceOf('HTMLPurifier', $GLOBALS['oHtmlPurifier']); // we expect that 'purify' method should be called once(or never) when we call clear_xss function $GLOBALS['oHtmlPurifier']->expects($this->{$sCalled}())->method('purify'); // call tested function clear_xss('test'); }
function PageCodeEdit() { $aForm = array('form_attrs' => array('id' => 'adm-css-edit', 'name' => 'adm-css-edit', 'action' => $GLOBALS['site']['url_admin'] . 'css_file.php', 'method' => 'post', 'enctype' => 'multipart/form-data'), 'params' => array('db' => array('table' => '', 'key' => '', 'uri' => '', 'uri_title' => '', 'submit_name' => 'adm-css-save')), 'inputs' => array('css_file' => array('type' => 'select', 'name' => 'css_file', 'caption' => _t('_adm_txt_css_file'), 'value' => '', 'values' => array(), 'attrs' => array('onchange' => "javascript:document.forms['adm-css-edit'].submit();")), 'content' => array('type' => 'textarea', 'name' => 'content', 'caption' => _t('_adm_txt_css_content', $sFileName), 'value' => '', 'db' => array('pass' => 'XssHtml')), 'adm-css-save' => array('type' => 'submit', 'name' => 'adm-css-save', 'value' => _t('_adm_btn_css_save')))); //--- Get CSS files ---// $aItems = array(); $sBasePath = BX_DIRECTORY_PATH_ROOT . "templates/tmpl_" . $GLOBALS['oSysTemplate']->getCode() . "/css/"; $rHandle = opendir($sBasePath); while (($sFile = readdir($rHandle)) !== false) { if (is_file($sBasePath . $sFile) && substr($sFile, -3) == 'css') { $aItems[] = array('key' => $sFile, 'value' => $sFile); } } closedir($rHandle); $sCurrentFile = isset($_POST['css_file']) && preg_match("/^\\w+\\.css\$/", $_POST['css_file']) ? $_POST['css_file'] : $aItems[0]['key']; $aForm['inputs']['css_file']['value'] = $sCurrentFile; $aForm['inputs']['css_file']['values'] = $aItems; //--- Get CSS file's content ---// $sContent = ''; $sAbsolutePath = $sBasePath . $sCurrentFile; if (strlen($sCurrentFile) > 0 && is_file($sAbsolutePath)) { $rHandle = fopen($sAbsolutePath, 'r'); while (!feof($rHandle)) { $sContent .= fgets($rHandle, 4096); } fclose($rHandle); } //$aForm['inputs']['content']['value'] = isset($_POST['content']) ? $_POST['content'] : $sContent; $aForm['inputs']['content']['value'] = $sContent; $oForm = new BxTemplFormView($aForm); $oForm->initChecker(); if ($oForm->isSubmittedAndValid()) { if (file_exists($sAbsolutePath) && isRWAccessible($sAbsolutePath)) { $rHandle = fopen($sAbsolutePath, 'w'); if ($rHandle) { fwrite($rHandle, clear_xss($_POST['content'])); fclose($rHandle); $mixedResult = '_adm_txt_css_success_save'; } else { $mixedResult = '_adm_txt_css_failed_save'; } } else { $mixedResult = '_adm_txt_css_cannot_write'; } } $sResult = $GLOBALS['oAdmTemplate']->parseHtmlByName('design_box_content.html', array('content' => $oForm->getCode())); if ($mixedResult !== true && !empty($mixedResult)) { $sResult = MsgBox(_t($mixedResult, $sCurrentFile), 3) . $sResult; } return $sResult; }
function getFileConcept($iFileId, $aExtra = array()) { $sOverride = false; $oAlert = new BxDolAlerts($this->_oConfig->getMainPrefix(), 'display_player', $iFileId, getLoggedId(), array('extra' => $aExtra, 'override' => &$sOverride)); $oAlert->alert(); if ($sOverride) { return $sOverride; } $iFileId = (int) $iFileId; if (empty($aExtra['ext'])) { $sPlayer = getApplicationContent('video', 'player', array('id' => $iFileId, 'user' => $this->iViewer, 'password' => clear_xss($_COOKIE['memberPassword'])), true); } else { $sPlayer = str_replace("#video#", $aExtra['ext'], YOUTUBE_VIDEO_PLAYER); $sPlayer = str_replace("#wmode#", getWMode(), $sPlayer); $sPlayer = str_replace("#autoplay#", getSettingValue("video", "autoPlay") == TRUE_VAL ? "&autoplay=1" : "", $sPlayer); } return '<div class="viewFile" style="width:100%;">' . $sPlayer . '</div>'; }
function getProfilePhoto($aParams) { $iProfileId = !empty($aParams['profile_id']) ? (int) $aParams['profile_id'] : 0; $sAlbum = !empty($aParams['album']) ? $aParams['album'] : 'profile_album_name'; $sType = !empty($aParams['type']) ? $aParams['type'] : 'icon'; $sReturnType = !empty($aParams['return_type']) ? $aParams['return_type'] : 'link'; $aDefaultAlbums = $this->oModule->_oConfig->getDefaultAlbums(); if (!empty($sAlbum) && in_array($sAlbum, $aDefaultAlbums)) { bx_import('BxDolAlbums'); $sAlbum = BxDolAlbums::getAbumUri($this->oModule->_oConfig->getGlParam($sAlbum), $iProfileId); } $oAlbum = new BxDolAlbums('bx_photos'); $aAlbumInfo = $oAlbum->getAlbumInfo(array('fileUri' => $sAlbum, 'owner' => $iProfileId), array('ID')); if (!$this->oModule->oAlbumPrivacy->check('album_view', $aAlbumInfo['ID'], getLoggedId())) { return ''; } $sKeywordGet = $sKeywordPost = null; if (isset($_GET['keyword'])) { $sKeywordGet = $_GET['keyword']; unset($_GET['keyword']); } elseif (isset($_POST['keyword'])) { $sKeywordPost = $_POST['keyword']; unset($_POST['keyword']); } $aSavePaginate = array(); if (isset($_GET['page'], $_GET['per_page'])) { $aSavePaginate = array($_GET['page'], $_GET['per_page']); } unset($_GET['page']); unset($_GET['per_page']); $this->aCurrent['paginate']['perPage'] = 1; $this->aCurrent['paginate']['page'] = 1; $this->aCurrent['restriction']['owner']['value'] = $iProfileId; $this->aCurrent['sorting'] = 'album_order'; $this->aCurrent['restriction']['album'] = array('value' => $sAlbum, 'field' => 'Uri', 'operator' => '=', 'paramName' => 'albumUri', 'table' => 'sys_albums'); $aFilesList = $this->getSearchData(); if (!empty($aSavePaginate)) { list($_GET['page'], $_GET['per_page']) = $aSavePaginate; } if (!is_null($sKeywordGet)) { $_GET['keyword'] = clear_xss($sKeywordGet); } elseif (!is_null($sKeywordPost)) { $_POST['keyword'] = clear_xss($sKeywordPost); } if (!$this->aCurrent['paginate']['totalNum']) { return ''; } $aFile = array_pop($aFilesList); $aFile['file_url'] = $this->getImgUrl($aFile['Hash'], $sType); $aFile['view_url'] = BX_DOL_URL_ROOT . $this->oModule->_oConfig->getBaseUri() . 'view/' . $aFile['uri']; if ($sReturnType == 'full') { return $aFile; } return $aFile['file_url']; }
/** * Cange story */ function MemberEditStory() { global $max_l; global $max_h; global $member; global $ADMIN; $story_id = (int) $_POST['edit_id']; $story_text = strlen($_POST['text']) > $max_l ? "LEFT ( '" . addslashes(clear_xss(process_pass_data($_POST['text']))) . "', {$max_l} )" : "'" . addslashes(clear_xss(process_pass_data($_POST['text']))) . "'"; $story_header = strlen($_POST['header']) > $max_h ? "LEFT ( '" . process_db_input($_POST['header']) . "', {$max_h} )" : "'" . process_db_input($_POST['header']) . "'"; $story_sender = $ADMIN ? (int) $_POST['sender'] : $member['ID']; $story_active_add = $ADMIN ? '' : ", `active`=''"; //if admin logged, don't update status. if member - set inactive $sQuery = "UPDATE `Stories` SET `Date` = NOW(), `Header` = {$story_header}, `Text` = {$story_text} {$story_active_add} WHERE `ID` = {$story_id} AND `Sender` = {$story_sender}"; $res = db_res($sQuery); return $res; }
/** * Audio Player */ function serviceResponseAudioPlayer($oAlert) { if (!($iFileId = (int) $oAlert->iObject)) { return false; } if (!($aFile = $this->_oDb->getRow("SELECT * FROM `RayMp3Files` WHERE `ID` = {$iFileId}"))) { return false; } global $sIncPath; global $sModulesPath; global $sModule; global $sFilesPath; global $sFilesPathMp3; global $oDb; require_once $sIncPath . 'db.inc.php'; $sModule = "mp3"; $sModulePath = $sModulesPath . $sModule . '/inc/'; require_once $sModulesPath . $sModule . '/inc/header.inc.php'; require_once $sModulesPath . $sModule . '/inc/constants.inc.php'; require_once $sModulesPath . $sModule . '/inc/functions.inc.php'; require_once $sModulesPath . $sModule . '/inc/customFunctions.inc.php'; $sOverride = false; switch ($aFile['Status']) { case STATUS_PENDING: case STATUS_PROCESSING: $sOverride = $this->_oTemplate->addCss(array('default.css', 'common.css', 'general.css'), true) . MsgBox(_t('_sys_media_processing')); break; case STATUS_DISAPPROVED: if (!isAdmin()) { $sOverride = $this->_oTemplate->addCss(array('default.css', 'common.css', 'general.css'), true) . MsgBox(_t('_sys_media_disapproved')); break; } case STATUS_APPROVED: if (file_exists($GLOBALS['sFilesPathMp3'] . $iFileId . MP3_EXTENSION)) { $sToken = getMp3Token($iFileId); if (file_exists($GLOBALS['sFilesPathMp3'] . $iFileId . '.ogg')) { $sSourceOgg = '<source type=\'audio/ogg; codecs="vorbis"\' src="' . BX_DOL_URL_ROOT . "flash/modules/mp3/get_file.php?id=" . $iFileId . "&token=" . $sToken . '&ext=ogg" />'; } $sFlash = getApplicationContent('mp3', 'player', array('id' => $iFileId, 'user' => getLoggedId(), 'password' => clear_xss($_COOKIE['memberPassword'])), true); $sId = 'bx-media-' . genRndPwd(8, false); $sJs = $sSourceOgg ? '' : ' var eMedia = document.createElement("audio"); if (eMedia.canPlayType && !eMedia.canPlayType("audio/mpeg")) { var sReplace = "' . bx_js_string(BX_H5AV_FALLBACK ? $sFlash : '<b>Your browser doesn\'t support this media playback.</b>', BX_ESCAPE_STR_QUOTE) . '"; $("#' . $sId . '").replaceWith(sReplace); }'; $sJs .= $aFile['Time'] ? '' : ' eFile.on("canplay", function (e) { $.post("' . BX_DOL_URL_ROOT . 'flash/XML.php", { module: "mp3", action: "updateFileTime", id: ' . $iFileId . ', time: parseInt(this.duration * 1000) }); });'; $sAutoPlay = TRUE_VAL == getSettingValue('mp3', 'autoPlay') && class_exists('BxSoundsPageView') ? 'autoplay' : ''; $sOverride = ' <audio controls ' . $sAutoPlay . ' preload="auto" autobuffer style="width:100%" id="' . $sId . '"> <source type=\'audio/mpeg; codecs="mp3"\' src="' . BX_DOL_URL_ROOT . "flash/modules/mp3/get_file.php?id=" . $iFileId . "&token=" . $sToken . '" /> ' . $sSourceOgg . ' ' . (BX_H5AV_FALLBACK ? $sFlash : '<b>Can not playback media - your browser doesn\'t support HTML5 audio/video tag.</b>') . ' </audio> <script> var eFile = $("#' . $sId . '"); eFile.on("play", function () { var ePlaying = this; $("audio").each(function () { if (this != ePlaying) this.pause(); }); }); ' . $sJs . ' </script>'; break; } case STATUS_FAILED: default: $sOverride = $this->_oTemplate->addCss(array('default.css', 'common.css', 'general.css'), true) . MsgBox(_t('_sys_media_not_found')); break; } $oAlert->aExtras['override'] = $sOverride; return true; }
function getFileConcept($iFileId, $aExtra = array()) { $iFileId = (int) $iFileId; $iWidth = (int) $this->_oConfig->getGlParam('file_width'); return '<div class="viewFile" style="width: ' . ($iWidth + 2) . 'px;">' . getApplicationContent('mp3', 'player', array('id' => $iFileId, 'user' => (int) $_COOKIE['memberID'], 'password' => clear_xss($_COOKIE['memberPassword'])), true) . '</div>'; }
function process_db_input($text, $strip_tags = 0, $addslashes = 0) { if (is_array($text)) { foreach ($text as $k => $v) { $text[$k] = process_db_input($v, $strip_tags, $addslashes); } return $text; } if (get_magic_quotes_gpc() && $addslashes == BX_SLASHES_AUTO || $addslashes == BX_SLASHES_STRIP) { $text = stripslashes($text); } elseif ($addslashes == BX_SLASHES_ADD) { $text = addslashes($text); } switch ($strip_tags) { case BX_TAGS_STRIP_AND_NL2BR: return mysql_real_escape_string(nl2br(strip_tags($text))); case BX_TAGS_STRIP: return mysql_real_escape_string(strip_tags($text)); case BX_TAGS_SPECIAL_CHARS: return mysql_real_escape_string(htmlspecialchars($text, ENT_QUOTES, 'UTF-8')); case BX_TAGS_VALIDATE: return mysql_real_escape_string(clear_xss($text)); case BX_TAGS_NO_ACTION: default: return mysql_real_escape_string($text); } }
function checkMemAction($iFileOwner, $sAction = 'view') { $iFileOwner = (int) $iFileOwner; $sAction = clear_xss($sAction); if ($this->oModule->isAdmin($this->oModule->_iProfileId) || $iFileOwner == $this->oModule->_iProfileId) { return true; } $this->oModule->_defineActions(); $aCheck = checkAction($this->oModule->_iProfileId, $this->oModule->_defineActionName($sAction)); if ($aCheck[CHECK_ACTION_RESULT] != CHECK_ACTION_RESULT_ALLOWED) { return false; } return true; }
function actionUpload($sType, $aFile, $aFtpInfo) { $sLogin = htmlspecialchars_adv(clear_xss($aFtpInfo['login'])); $sPassword = htmlspecialchars_adv(clear_xss($aFtpInfo['password'])); $sPath = htmlspecialchars_adv(clear_xss($aFtpInfo['path'])); setParam('sys_ftp_login', $sLogin); setParam('sys_ftp_password', $sPassword); setParam('sys_ftp_dir', $sPath); $sErrMsg = false; $sName = mktime(); $sAbsolutePath = BX_DIRECTORY_PATH_ROOT . "tmp/" . $sName . '.zip'; $sPackageRootFolder = false; if (!class_exists('ZipArchive')) { $sErrMsg = '_adm_txt_modules_zip_not_available'; } if (!$sErrMsg && $this->_isArchive($aFile['type']) && move_uploaded_file($aFile['tmp_name'], $sAbsolutePath)) { // extract uploaded zip package into tmp folder $oZip = new ZipArchive(); if ($oZip->open($sAbsolutePath) !== TRUE) { $sErrMsg = '_adm_txt_modules_cannot_unzip_package'; } if (!$sErrMsg) { $sPackageRootFolder = $oZip->numFiles > 0 ? $oZip->getNameIndex(0) : false; if (file_exists(BX_DIRECTORY_PATH_ROOT . 'tmp/' . $sPackageRootFolder)) { // remove existing tmp folder with the same name bx_rrmdir(BX_DIRECTORY_PATH_ROOT . 'tmp/' . $sPackageRootFolder); } if ($sPackageRootFolder && !$oZip->extractTo(BX_DIRECTORY_PATH_ROOT . 'tmp/')) { $sErrMsg = '_adm_txt_modules_cannot_unzip_package'; } $oZip->close(); } // upload files to the correct folder via FTP if (!$sErrMsg && $sPackageRootFolder) { $oFtp = new BxDolFtp($_SERVER['HTTP_HOST'], $sLogin, $sPassword, $sPath); if (!$oFtp->connect()) { $sErrMsg = '_adm_txt_modules_cannot_connect_to_ftp'; } if (!$sErrMsg && !$oFtp->isDolphin()) { $sErrMsg = '_adm_txt_modules_destination_not_valid'; } if (!$sErrMsg) { $sConfigPath = BX_DIRECTORY_PATH_ROOT . "tmp/" . $sPackageRootFolder . $this->_aTypesConfig[$sType]['configfile']; if (file_exists($sConfigPath)) { include $sConfigPath; $sConfigVar = !empty($this->_aTypesConfig[$sType]['configvarindex']) ? ${$this->_aTypesConfig[$sType]['configvar']}[$this->_aTypesConfig[$sType]['configvarindex']] : ${$this->_aTypesConfig[$sType]['configvar']}; $sSubfolder = $this->_aTypesConfig[$sType]['subfolder']; $sSubfolder = str_replace('{configvar}', $sConfigVar, $sSubfolder); $sSubfolder = str_replace('{packagerootfolder}', $sPackageRootFolder, $sSubfolder); if (!$oFtp->copy(BX_DIRECTORY_PATH_ROOT . "tmp/" . $sPackageRootFolder . '/', $this->_aTypesConfig[$sType]['folder'] . $sSubfolder)) { $sErrMsg = '_adm_txt_modules_ftp_copy_failed'; } } else { $sErrMsg = '_adm_txt_modules_wrong_package_format'; } } } else { $sErrMsg = '_adm_txt_modules_cannot_unzip_package'; } // remove temporary files bx_rrmdir(BX_DIRECTORY_PATH_ROOT . 'tmp/' . $sPackageRootFolder); unlink($sAbsolutePath); } else { $sErrMsg = '_adm_txt_modules_cannot_upload_package'; } return $sErrMsg ? $sErrMsg : '_adm_txt_modules_success_upload'; }
/** * @param $aProfileInfo - remote profile info * @param $sAlternativeName - suffix to add to NickName to make it unique * @return profile array info, ready for the local database */ protected function _convertRemoteFields($aProfileInfo, $sAlternativeName = '') { // process the date of birth if (isset($aProfileInfo['birthday'])) { $aProfileInfo['birthday'] = isset($aProfileInfo['birthday']) ? date('Y-m-d', strtotime($aProfileInfo['birthday'])) : ''; } // define user's country and city $aLocation = array(); if (isset($aProfileInfo['location']['name'])) { $aLocation = $aProfileInfo['location']['name']; } elseif (isset($aProfileInfo['hometown']['name'])) { $aLocation = $aProfileInfo['hometown']['name']; } if ($aLocation) { $aCountryInfo = explode(',', $aLocation); $sCountry = $this->_oDb->getCountryCode(trim($aCountryInfo[1])); $sCity = trim($aCountryInfo[0]); //set default country name, especially for American brothers if ($sCity && !$sCountry) { $sCountry = $this->_oConfig->sDefaultCountryCode; } } // try define the user's email $sEmail = !empty($aProfileInfo['email']) ? $aProfileInfo['email'] : $aProfileInfo['proxied_email']; // fill array with all needed values $aProfileFields = array('NickName' => $aProfileInfo['nick_name'] . $sAlternativeName, 'Email' => $sEmail, 'Sex' => isset($aProfileInfo['gender']) ? $aProfileInfo['gender'] : '', 'DateOfBirth' => $aProfileInfo['birthday'], 'Password' => $aProfileInfo['password'], 'FullName' => (isset($aProfileInfo['first_name']) ? $aProfileInfo['first_name'] : '') . (isset($aProfileInfo['last_name']) ? ' ' . $aProfileInfo['last_name'] : ''), 'DescriptionMe' => clear_xss(isset($aProfileInfo['bio']) ? $aProfileInfo['bio'] : ''), 'Interests' => isset($aProfileInfo['interests']) ? $aProfileInfo['interests'] : '', 'Religion' => isset($aProfileInfo['religion']) ? $aProfileInfo['religion'] : '', 'Country' => $sCountry, 'City' => $sCity); return $aProfileFields; }
/** * Create new profile; * * @param : $aProfileInfo (array) - some profile's information; * @see : $this -> aFacebookProfileFields; * * @param : $sAlternativeName (string) - profiles alternative nickname; * @return : error string or error or profile info array on success */ function _createProfileRaw($aProfileInfo, $sAlternativeName = '', $isAutoFriends = true, $isSetLoggedIn = true) { $sCountry = ''; $sCity = ''; //-- join by invite only --// if (getParam('reg_by_inv_only') == 'on' && (!isset($_COOKIE['idFriend']) || getID($_COOKIE['idFriend']) == 0)) { return _t('_registration by invitation only'); } //-- // process the date of birth; if (isset($aProfileInfo['birthday'])) { $aProfileInfo['birthday'] = isset($aProfileInfo['birthday']) ? date('Y-m-d', strtotime($aProfileInfo['birthday'])) : ''; } // generate new password for profile; $sNewPassword = genRndPwd(); $sPasswordSalt = genRndSalt(); $aProfileInfo['password'] = encryptUserPwd($sNewPassword, $sPasswordSalt); //-- define user's country and city --// $aLocation = array(); if (isset($aProfileInfo['location']['name'])) { $aLocation = $aProfileInfo['location']['name']; } else { if (isset($aProfileInfo['hometown']['name'])) { $aLocation = $aProfileInfo['hometown']['name']; } } if ($aLocation) { $aCountryInfo = explode(',', $aLocation); $sCountry = $this->_oDb->getCountryCode(trim($aCountryInfo[1])); $sCity = trim($aCountryInfo[0]); //set default country name, especially for American brothers if ($sCity && !$sCountry) { $sCountry = $this->_oConfig->sDefaultCountryCode; } } //-- //try define the user's email $sEmail = !empty($aProfileInfo['email']) ? $aProfileInfo['email'] : $aProfileInfo['proxied_email']; //-- fill array with all needed values --// $aProfileFields = array('NickName' => $aProfileInfo['nick_name'] . $sAlternativeName, 'Email' => $sEmail, 'Sex' => isset($aProfileInfo['gender']) ? $aProfileInfo['gender'] : '', 'DateOfBirth' => $aProfileInfo['birthday'], 'Password' => $aProfileInfo['password'], 'FullName' => (isset($aProfileInfo['first_name']) ? $aProfileInfo['first_name'] : '') . (isset($aProfileInfo['last_name']) ? ' ' . $aProfileInfo['last_name'] : ''), 'DescriptionMe' => clear_xss(isset($aProfileInfo['bio']) ? $aProfileInfo['bio'] : ''), 'Interests' => isset($aProfileInfo['interests']) ? $aProfileInfo['interests'] : '', 'Religion' => isset($aProfileInfo['religion']) ? $aProfileInfo['religion'] : '', 'Country' => $sCountry, 'City' => $sCity); //-- bx_import('BxDolStopForumSpam'); $oBxDolStopForumSpam = new BxDolStopForumSpam(); if (2 == getParam('ipBlacklistMode') && bx_is_ip_blocked()) { return _t('_Sorry, your IP been banned'); } elseif ('on' == getParam('sys_dnsbl_enable') && 'block' == getParam('sys_dnsbl_behaviour') && bx_is_ip_dns_blacklisted('', 'join facebook') || $oBxDolStopForumSpam->isSpammer(array('email' => $aProfileFields['Email'], 'ip' => getVisitorIP(false)), 'join facebook')) { return sprintf(_t('_sys_spam_detected'), BX_DOL_URL_ROOT . 'contact.php'); } // check fields existence; foreach ($aProfileFields as $sKey => $mValue) { if (!$this->_oDb->isFieldExist($sKey)) { // (field not existence) remove from array; unset($aProfileFields[$sKey]); } } //-- add some system values --// $aProfileFields['Role'] = BX_DOL_ROLE_MEMBER; $aProfileFields['DateReg'] = date('Y-m-d H:i:s'); // set current date; $aProfileFields['Salt'] = $sPasswordSalt; //-- $iExistingProfileId = $this->_oDb->isEmailExisting($sEmail); //check redirect page if ('join' == $this->_oConfig->sRedirectPage && !$iExistingProfileId) { return array('profile_info_fb' => $aProfileInfo, 'profile_fields' => $aProfileFields, 'join_page_redirect' => true); } // create new profile; if ($iExistingProfileId) { $iProfileId = $iExistingProfileId; } else { $iProfileId = $this->_oDb->createProfile($aProfileFields); } $oProfileFields = new BxDolProfilesController(); //remember FB uid for created member $this->_oDb->saveFbUid($iProfileId, $aProfileInfo['id']); // check profile status; if (!$iExistingProfileId) { if (getParam('autoApproval_ifNoConfEmail') == 'on') { if (getParam('autoApproval_ifJoin') == 'on') { $sProfileStatus = 'Active'; if (!empty($aProfileInfo['email'])) { $oProfileFields->sendActivationMail($iProfileId); } } else { $sProfileStatus = 'Approval'; if (!empty($aProfileInfo['email'])) { $oProfileFields->sendApprovalMail($iProfileId); } } } else { if (!empty($aProfileInfo['email'])) { $oProfileFields->sendConfMail($iProfileId); $sProfileStatus = 'Unconfirmed'; } else { if (getParam('autoApproval_ifJoin') == 'on') { $sProfileStatus = 'Active'; } else { $sProfileStatus = 'Approval'; } } } // update profile's status; $this->_oDb->updateProfileStatus($iProfileId, $sProfileStatus); $oProfileFields->createProfileCache($iProfileId); if (!empty($aProfileInfo['email'])) { //-- send email notification --// $oEmailTemplate = new BxDolEmailTemplates(); $aTemplate = $oEmailTemplate->getTemplate('t_fb_connect_password_generated', $iProfileId); $aNewProfileInfo = getProfileInfo($iProfileId); $aPlus = array('NickName' => getNickName($aNewProfileInfo['ID']), 'NewPassword' => $sNewPassword); sendMail($aNewProfileInfo['Email'], $aTemplate['Subject'], $aTemplate['Body'], '', $aPlus); } //-- if (BxDolModule::getInstance('BxWmapModule')) { BxDolService::call('wmap', 'response_entry_add', array('profiles', $iProfileId)); } // create system event $oZ = new BxDolAlerts('profile', 'join', $iProfileId); $oZ->alert(); } bx_member_ip_store($iProfileId); // auto-friend members if they are already friends on Facebook if ($isAutoFriends) { $this->_makeFriends($iProfileId); } // set logged if ($isSetLoggedIn) { $aProfile = getProfileInfo($iProfileId); $this->setLogged($iProfileId, $aProfile['Password'], '', false); } return array('profile_info_fb' => $aProfileInfo, 'profile_id' => $iProfileId, 'existing_profile' => $iExistingProfileId ? true : false); }
function process_html_db_input($sText) { return addslashes(clear_xss(trim(process_pass_data($sText)))); }
function fillGroupArrByPostValues(&$arrGroup) { foreach ($arrGroup as $fieldName => $arrField) { switch ($arrField['Type']) { case 'text': case 'dropdown': $arrGroup[$fieldName]['Value'] = trim(process_pass_data($_POST[$fieldName])); break; case 'html': $arrGroup[$fieldName]['Value'] = clear_xss(trim(process_pass_data($_POST[$fieldName]))); break; case 'bool': $arrGroup[$fieldName]['Value'] = (bool) ($_POST[$fieldName] == 'yes'); break; } } }
/** * Send message */ function MemberSendMessage($member, $recipient, $must_use_credits = false) { global $site; $en_dest_choice = getParam("enable_msg_dest_choice"); $max_message_size = getParam("max_inbox_message_size"); $max_messages = getParam("max_inbox_messages"); // Check if recipient is active if ('Active' != $recipient['Status']) { return 10; } // Check if member is blocked if (db_arr("SELECT `ID`, `Profile` FROM `BlockList` WHERE `Profile` = {$member['ID']} AND `ID` = '{$recipient['ID']}';")) { return 5; } // If must use credits then check for enough amount if ($must_use_credits && getProfileCredits($member['ID']) < (double) $msg_credits) { return 21; } // antispam )) if (db_arr("SELECT `ID` FROM `Messages` WHERE `Sender` = {$member[ID]} AND date_add(`Date`, INTERVAL 1 MINUTE) > Now()")) { return 3; } // Get sender info $sender = getProfileInfo($member['ID']); $aPlus = array(); $aPlus['ProfileReference'] = $sender ? '<a href="' . getProfileLink($member['ID']) . '">' . $sender['NickName'] . '</a> (' . getProfileLink($member['ID']) . ') ' : '<b>' . _t("_Visitor") . '</b>'; // Don't send notification if message is sending to email if ($_POST['notify'] && !($_POST['sendto'] == "email" || $_POST['sendto'] == "both")) { $message_text = getParam("t_Compose"); $subject = getParam('t_Compose_subject'); $aPlus['senderNickName'] = $sender ? $sender['NickName'] : _t("_Visitor"); $notify_res = sendMail($recipient['Email'], $subject, $message_text, $recipient['ID'], $aPlus); if (!$notify_res) { echo "<div class=\"err\">" . _t("_Notification send failed") . "</div><br />\n"; } } // Send message to email if ($en_dest_choice && ($_POST['sendto'] == "email" || $_POST['sendto'] == "both")) { $message_text = getParam("t_Message"); $subject = process_pass_data($_POST['mes_subject']); $aPlus['MessageText'] = strmaxtextlen(clear_xss(replace_full_uris(process_pass_data($_POST['text']))), $max_message_size); $result = sendMail($recipient['Email'], $subject, $message_text, $recipient['ID'], $aPlus); } // Send message to communicator if ($_POST['sendto'] == "lovemail" || $_POST['sendto'] == "both") { // Restrict with total messages count $messages_count = db_arr("SELECT COUNT(*) AS `mess_count` FROM `Messages` WHERE `Recipient` = '{$recipient['ID']}'"); $messages_count = $messages_count['mess_count']; if ($messages_count - 1 > $max_messages) { $del_res = db_res("SELECT `ID` FROM `Messages` WHERE `Recipient` = '{$recipient['ID']}' ORDER BY `Date` ASC LIMIT " . ($messages_count - $max_messages + 1)); while ($del_arr = mysql_fetch_array($del_res)) { db_res("DELETE FROM `Messages` WHERE `ID` = {$del_arr['ID']}"); } } // Insert message into database $message_text = strmaxtextlen(addslashes(clear_xss(process_pass_data($_POST['text']))), $max_message_size); $message_subject = strmaxwordlen(process_db_input($_POST['mes_subject']), 30); $result = db_res("INSERT INTO `Messages` ( `Date`, `Sender`, `Recipient`, `Text`, `Subject`, `New` ) VALUES ( NOW(), {$member['ID']}, {$recipient['ID']}, '{$message_text}', '{$message_subject}', '1' )"); } // If sending successful then mark as performed action if ($result) { checkAction($member['ID'], ACTION_ID_SEND_MESSAGE, true); if ($must_use_credits) { decProfileCredits($member['ID'], $msg_credits); } } else { return 1; } return 0; }
function actionGetList($sMode = '', $sOwnerId = '', $sAdd = '', $sAdd1 = '', $sAdd2 = '') { //input values $sMode = clear_xss($sMode); $iOwnerId = (int) $sOwnerId; $aAdd = array($sAddParam, $sAddParam1, $sAddParam2); bx_import('SearchUnit', $this->_aModule); $oTmpAdsSearch = new BxAdsSearchUnit(); $oTmpAdsSearch->bShowCheckboxes = false; $oTmpAdsSearch->aCurrent['paginate']['perPage'] = 10; $oTmpAdsSearch->aCurrent['restriction']['owner']['value'] = $iOwnerId; switch ($sMode) { case 'manage': $oTmpAdsSearch->bShowCheckboxes = true; $oTmpAdsSearch->aCurrent['restriction']['activeStatus']['value'] = 'active'; $oTmpAdsSearch->aCurrent['second_restr'] = 'manage'; break; case 'pending': $oTmpAdsSearch->aCurrent['restriction']['activeStatus']['value'] = 'new'; $oTmpAdsSearch->aCurrent['second_restr'] = 'outtime'; break; case 'expired': $oTmpAdsSearch->aCurrent['restriction']['activeStatus']['value'] = 'active'; $oTmpAdsSearch->aCurrent['second_restr'] = 'expired'; break; case 'disapproved': $oTmpAdsSearch->aCurrent['restriction']['activeStatus']['value'] = 'inactive'; $oTmpAdsSearch->aCurrent['second_restr'] = 'outtime'; break; case 'view': default: $oTmpAdsSearch->aCurrent['second_restr'] = 'manage'; } $sCode = $oTmpAdsSearch->displayResultBlock(); $sPgn = ''; if ($oTmpAdsSearch->aCurrent['paginate']['totalNum'] == 0) { $sCode = MsgBox(_t('_Empty')); } else { bx_import('BxDolPaginate'); $sBoxId = 'ads_' . $iOwnerId . '_' . $sMode; $sLink = BX_DOL_URL_ROOT . $this->_oConfig->getBaseUri() . 'get_list/' . $sMode . '/' . $iOwnerId; $oPgn = new BxDolPaginate(array('page_url' => 'javascript:void();', 'count' => $oTmpAdsSearch->aCurrent['paginate']['totalNum'], 'per_page' => $oTmpAdsSearch->aCurrent['paginate']['perPage'], 'page' => $oTmpAdsSearch->aCurrent['paginate']['page'], 'on_change_page' => 'getHtmlData(\'' . $sBoxId . '\', \'' . $sLink . '&page={page}&per_page={per_page}\');', 'on_change_per_page' => 'getHtmlData(\'' . $sBoxId . '\', \'' . $sLink . '&page=1&per_page=\' + this.value);')); $sPgn = '<div class="clear_both"></div>' . $oPgn->getPaginate(); } header('Content-Type: text/xml; charset=UTF-8'); echo $sCode . $sPgn; exit; }
/** * check html message, remove unknown tags, chech for xhtml errors */ function cleanPost(&$s) { if (get_magic_quotes_gpc()) { $s = stripslashes($s); } $s = clear_xss($s); }
function _updateLanguage($bInstall, $aLanguage, $iCategoryId = 0) { global $MySQL; $sPath = $this->_sHomePath . 'install/langs/' . $aLanguage['name'] . '.php'; if (!file_exists($sPath)) { return false; } include $sPath; //--- Process delete ---// if (isset($aLangContentDelete) && is_array($aLangContentDelete)) { foreach ($aLangContentDelete as $sKey) { $MySQL->query("DELETE FROM `sys_localization_keys`, `sys_localization_strings` USING `sys_localization_keys`, `sys_localization_strings` WHERE `sys_localization_keys`.`ID`=`sys_localization_strings`.`IDKey` AND `sys_localization_keys`.`Key`='" . $sKey . "' AND `sys_localization_strings`.`IDLanguage`='" . $aLanguage['id'] . "'"); } } //--- Process add ---// if (isset($aLangContentAdd) && is_array($aLangContentAdd)) { foreach ($aLangContentAdd as $sKey => $sValue) { $mixedResult = $MySQL->query("INSERT IGNORE INTO `sys_localization_keys`(`IDCategory`, `Key`) VALUES('" . $iCategoryId . "', '" . $sKey . "')"); if ($mixedResult === false || $mixedResult <= 0) { continue; } $iLangKeyId = (int) $MySQL->lastId(); $MySQL->query("INSERT INTO `sys_localization_strings`(`IDKey`, `IDLanguage`, `String`) VALUES('" . $iLangKeyId . "', '" . $aLanguage['id'] . "', '" . addslashes($sValue) . "')"); } } //--- Process Update ---// if (isset($aLangContentUpdate) && is_array($aLangContentUpdate)) { foreach ($aLangContentUpdate as $sKey => $sValue) { $iLangKeyId = (int) $MySQL->getOne("SELECT `ID` FROM `sys_localization_keys` WHERE `Key`='" . $sKey . "'"); if ($iLangKeyId == 0) { continue; } $MySQL->query("UPDATE `sys_localization_strings` SET `String`='" . addslashes(clear_xss($sValue)) . "' WHERE `IDKey`='" . $iLangKeyId . "' AND `IDLanguage`='" . $aLanguage['id'] . "'"); } } return true; }
function getResultCodeArray(&$oSearch, $sCode) { $aCode = array('code' => MsgBox(_t('_Empty')), 'paginate' => ''); $iCount = $oSearch->aCurrent['paginate']['totalNum']; if ($iCount > 0) { $aCode['code'] = $GLOBALS['oFunctions']->centerContent($sCode, '.sys_file_search_unit'); $sLink = BX_DOL_URL_ROOT . $this->_oConfig->getBaseUri() . 'administration/home/' . $oSearch->aCurrent['restriction']['activeStatus']['value']; $sKeyWord = bx_get('keyword'); if ($sKeyWord !== false) { $sLink .= '&keyword=' . clear_xss($sKeyWord); } $aExclude = array('r'); $aLinkAddon = $oSearch->getLinkAddByPrams($aExclude); $oPaginate = new BxDolPaginate(array('page_url' => $sLink, 'count' => $iCount, 'per_page' => $oSearch->aCurrent['paginate']['perPage'], 'page' => $oSearch->aCurrent['paginate']['page'], 'on_change_page' => 'return !loadDynamicBlock(' . $oSearch->id . ', \'' . $sLink . $aLinkAddon['params'] . $aLinkAddon['paginate'] . '\');', 'on_change_per_page' => 'return !loadDynamicBlock(' . $oSearch->id . ', \'' . $sLink . $aLinkAddon['params'] . '&page=1&per_page=\' + this.value);')); $aCode['paginate'] = $oPaginate->getPaginate(); } return $aCode; }
/** * Functions to process user input. * DON'T use to process data before passing to SQL query - use db prepare instead @see BxDolDb::prepare. * It is ok to use bx_process_input and then db prepare. * @param $mixedData data to process * @param $iDataType how to handle data, possible valies: * BX_DATA_INT - integer value * BX_DATA_FLOAT - float values * BX_DATA_CHECKBOX - 'on' or empty string * BX_DATA_TEXT - text data, single line (default) * BX_DATA_TEXT_MULTILINE - text data, multiple lines * BX_DATA_HTML - HTML data * BX_DATA_DATE - date data type stored as yyyy-mm-dd * BX_DATA_DATE_TS' - date data type stored as unixtimestamp * BX_DATA_DATETIME_TS - date/time data type stored as unixtimestamp * @param $mixedParams optional parameters to pass for validation * @return the filtered data, or FALSE if the filter fails. */ function bx_process_input($mixedData, $iDataType = BX_DATA_TEXT, $mixedParams = false, $isCheckMagicQuotes = true) { if (is_array($mixedData)) { foreach ($mixedData as $k => $v) { $mixedData[$k] = bx_process_input($v, $iDataType, $mixedParams); } return $mixedData; } if (get_magic_quotes_gpc() && $isCheckMagicQuotes) { $mixedData = stripslashes($mixedData); } switch ($iDataType) { case BX_DATA_INT: return filter_var(trim($mixedData), FILTER_VALIDATE_INT); case BX_DATA_FLOAT: return filter_var(trim($mixedData), FILTER_VALIDATE_FLOAT); case BX_DATA_CHECKBOX: return 'on' == trim($mixedData) ? 'on' : ''; case BX_DATA_DATE: // maybe consider using strtotime $mixedData = trim($mixedData); if (!preg_match('/^\\d{4}-\\d{1,2}-\\d{1,2}$/', $mixedData)) { return false; } list($iYear, $iMonth, $iDay) = explode('-', $mixedData); // 1985-10-28 $iDay = intval($iDay); $iMonth = intval($iMonth); $iYear = intval($iYear); return sprintf("%04d-%02d-%02d", $iYear, $iMonth, $iDay); case BX_DATA_DATE_TS: $mixedData = trim($mixedData); if (!preg_match('/^\\d{4}-\\d{1,2}-\\d{1,2}$/', $mixedData)) { return false; } list($iYear, $iMonth, $iDay) = explode('-', $mixedData); $iDay = intval($iDay); $iMonth = intval($iMonth); $iYear = intval($iYear); $iRet = mktime(0, 0, 0, $iMonth, $iDay, $iYear); return $iRet > 0 ? $iRet : false; case BX_DATA_DATETIME_TS: if (!preg_match('#(\\d+)\\-(\\d+)\\-(\\d+)[\\sT]{1}(\\d+):(\\d+):(\\d+)#', $mixedData, $m) && !preg_match('#(\\d+)\\-(\\d+)\\-(\\d+)[\\sT]{1}(\\d+):(\\d+)#', $mixedData, $m)) { return bx_process_input($mixedData, BX_DATA_DATE_TS, $mixedParams, $isCheckMagicQuotes); } $iDay = $m[3]; $iMonth = $m[2]; $iYear = $m[1]; $iH = $m[4]; $iM = $m[5]; $iS = isset($m[6]) ? $m[6] : 0; $iRet = mktime($iH, $iM, $iS, $iMonth, $iDay, $iYear); return $iRet > 0 ? $iRet : false; case BX_DATA_HTML: return clear_xss($mixedData); case BX_DATA_TEXT_MULTILINE: return nl2br(htmlspecialchars_adv($mixedData)); case BX_DATA_TEXT: default: return $mixedData; } }
/** * Perform admin or moderator actions * * @param $sAction string * @param $iViewerId integer * @param $iTargetId integer * @return mixed - HTML code or FALSE */ function PageListControl($sAction, $iViewerId, $iTargetId) { $sAction = clear_xss($sAction); $iViewerId = (int) $iViewerId; $iTargetId = (int) $iTargetId; $mixedRes = FALSE; $sMsg = '_Error'; if (isAdmin($iViewerId) or isModerator($iViewerId) and $iViewerId != $iTargetId) { switch ($sAction) { case 'activate': case 'deactivate': $mixedRes = _setStatus($iTargetId, $sAction); break; case 'ban': if (bx_admin_profile_ban_control($iTargetId)) { $sMsg = '_Success'; } $mixedRes = MsgBox(_t($sMsg)); break; case 'unban': if (bx_admin_profile_ban_control($iTargetId, FALSE)) { $sMsg = '_Success'; } $mixedRes = MsgBox(_t($sMsg)); break; case 'featured': case 'unfeatured': $mixedRes = _setFeature($iTargetId, $sAction); break; case 'delete': profile_delete($iTargetId); $mixedRes = MsgBox(_t('_Success')) . genAjaxyPopupJS($iTargetId, 'ajaxy_popup_result_div', BX_DOL_URL_ROOT . 'browse.php'); break; case 'delete_spam': profile_delete($iTargetId, TRUE); $mixedRes = MsgBox(_t('_Success')) . genAjaxyPopupJS($iTargetId, 'ajaxy_popup_result_div', BX_DOL_URL_ROOT . 'browse.php'); break; default: } } return $mixedRes; }
function AddRecord() { global $record_maxlength; global $period; global $record_limit; global $logged; $ret = ""; $record_text = addslashes(clear_xss(process_pass_data($_POST['newrecord']))); $record_sender = strlen($_COOKIE['memberID']) ? (int) $_COOKIE['memberID'] : ""; $record_recipient = (int) $_REQUEST['owner']; $ip = getenv('HTTP_CLIENT_IP') ? getenv('HTTP_CLIENT_IP') : getenv('REMOTE_ADDR'); if (!$record_recipient) { return $ret; } // Test if IP is defined if (!$ip) { $ret .= "<br />\r\n\t\t\t<table width=\"100%\" cellpadding=\"1\" cellspacing=\"1\" border=\"0\">\r\n\t\t\t\t<tr>\r\n\t\t\t\t\t<td class=\"text\" align=\"center\">\r\n\t\t\t\t\t\t<br />" . _t_err("_sorry, i can not define you ip adress. IT'S TIME TO COME OUT !") . "<br />\r\n\t\t\t\t\t</td>\r\n\t\t\t\t</tr>\r\n\t\t\t</table>\n"; return $ret; } // Test if last message is old enough $last_count = db_arr("SELECT COUNT( * ) AS `last_count` FROM `Guestbook` WHERE `IP` = '{$ip}' AND (UNIX_TIMESTAMP(NOW()) - UNIX_TIMESTAMP(`Date`) < {$period}*60)"); if ($last_count['last_count'] != 0) { $ret .= "<br />\r\n\t\t\t<table width=\"100%\" cellpadding=\"1\" cellspacing=\"1\" border=\"0\">\r\n\t\t\t\t<tr>\r\n\t\t\t\t\t<td class=\"text\" align=\"center\">\r\n\t\t\t\t\t\t<br />" . _t_err("_You have to wait for PERIOD minutes before you can write another message!", $period) . "<br />\r\n\t\t\t\t\t</td>\r\n\t\t\t\t</tr>\r\n\t\t\t</table>\n"; return $ret; } // Restrict with total records count $total_count = db_arr("SELECT COUNT(*) AS `total_count` FROM `Guestbook` WHERE `Recipient` = '{$record_recipient}'"); if ($total_count['total_count'] - 1 > $record_limit) { $del_res = db_res("SELECT `ID` FROM `Guestbook` WHERE `Recipient` = '{$record_recipient}' ORDER BY `Date` ASC LIMIT " . ($total_count['total_count'] - $record_limit + 1)); while ($del_arr = mysql_fetch_array($del_res)) { db_res("DELETE FROM `Guestbook` WHERE `ID` = {$del_arr['ID']}"); } } // Perform insertion db_res("INSERT INTO `Guestbook` SET `Date` = NOW(), `IP` = '{$ip}', `Sender` = '{$record_sender}', `Recipient` = '{$record_recipient}', `Text` = '{$record_text}', `New` = '1'"); return $ret; }
function processPostValues($bCouple, &$aValues, &$aErrors, $iPage = 0, $iProfileID = 0, $iBlockOnly = 0) { $iHumans = $bCouple ? 2 : 1; // number of members in profile (single/couple), made for double arrays if ($this->iAreaID == 1) { // join $this->aBlocks = $this->aArea[$iPage]; } foreach ($this->aBlocks as $iBlockID => $aBlock) { if ($iBlockOnly > 0 and $iBlockOnly != $iBlockID) { continue; } $aItems = $aBlock['Items']; foreach ($aItems as $iItemID => $aItem) { $sItemName = $aItem['Name']; for ($iHuman = 0; $iHuman < $iHumans; $iHuman++) { if ($iHuman == 1 and in_array($sItemName, $this->aCoupleMutual)) { continue; } $mValue = null; switch ($aItem['Type']) { case 'text': case 'area': case 'pass': case 'select_one': if (isset($_POST[$sItemName]) and isset($_POST[$sItemName][$iHuman])) { $mValue = process_pass_data($_POST[$sItemName][$iHuman]); } break; case 'html_area': if (isset($_POST[$sItemName]) and isset($_POST[$sItemName][$iHuman])) { $mValue = clear_xss(process_pass_data($_POST[$sItemName][$iHuman])); } break; case 'bool': if (isset($_POST[$sItemName]) and isset($_POST[$sItemName][$iHuman]) and $_POST[$sItemName][$iHuman] == 'yes') { $mValue = true; } else { $mValue = false; } break; case 'num': if (isset($_POST[$sItemName]) and isset($_POST[$sItemName][$iHuman]) and trim($_POST[$sItemName][$iHuman]) !== '') { $mValue = (int) trim($_POST[$sItemName][$iHuman]); } break; case 'date': if (isset($_POST[$sItemName]) and isset($_POST[$sItemName][$iHuman]) and trim($_POST[$sItemName][$iHuman]) !== '') { list($iYear, $iMonth, $iDay) = explode('-', $_POST[$sItemName][$iHuman]); // 1985-10-28 $iDay = intval($iDay); $iMonth = intval($iMonth); $iYear = intval($iYear); $mValue = sprintf("%04d-%02d-%02d", $iYear, $iMonth, $iDay); } break; case 'select_set': $mValue = array(); if (isset($_POST[$sItemName]) and isset($_POST[$sItemName][$iHuman]) and is_array($_POST[$sItemName][$iHuman])) { foreach ($_POST[$sItemName][$iHuman] as $sValue) { $mValue[] = process_pass_data($sValue); } } break; case 'range': if (isset($_POST[$sItemName]) and isset($_POST[$sItemName][$iHuman])) { if (is_array($_POST[$sItemName][$iHuman])) { $aRange = $_POST[$sItemName][$iHuman]; } else { $aRange = explode('-', $_POST[$sItemName][$iHuman], 2); } $mValue = array(null, null); $aRange[0] = isset($aRange[0]) ? trim($aRange[0]) : ''; $aRange[1] = isset($aRange[1]) ? trim($aRange[1]) : ''; if ($aRange[0] !== '') { $mValue[0] = (int) $aRange[0]; } if ($aRange[1] !== '') { $mValue[1] = (int) $aRange[1]; } } break; case 'system': switch ($aItem['Name']) { case 'Couple': case 'TermsOfUse': case 'Featured': //they are boolean if (isset($_POST[$sItemName]) and $_POST[$sItemName] == 'yes') { $mValue = true; } else { $mValue = false; } break; case 'Captcha': case 'Status': // they are select_one if (isset($_POST[$sItemName])) { $mValue = process_pass_data($_POST[$sItemName]); } break; case 'ProfilePhoto': if (isset($_FILES['ProfilePhoto'])) { if ($_FILES['ProfilePhoto']['error'] == UPLOAD_ERR_OK) { $sTmpName = tempnam($GLOBALS['dir']['tmp'], 'pphot'); if (move_uploaded_file($_FILES['ProfilePhoto']['tmp_name'], $sTmpName)) { $mValue = basename($sTmpName); } } } elseif (isset($_POST['ProfilePhoto']) && trim($_POST['ProfilePhoto'])) { $mValue = preg_replace('/[^a-zA-Z0-9\\.]/', '', $_POST['ProfilePhoto']); } break; } break; } $rRes = $this->checkPostValue($iBlockID, $iItemID, $mValue, $iHuman, $iProfileID); if ($rRes !== true) { $aErrors[$iHuman][$sItemName] = $rRes; } //it is returned error text //if password on edit page if ($aItem['Type'] == 'pass' and ($this->iAreaID == 2 or $this->iAreaID == 3 or $this->iAreaID == 4)) { if (empty($mValue)) { $mValue = $aValues[$iHuman][$sItemName]; } else { $mValue = encryptUserPwd($mValue, $aValues[$iHuman]['Salt']); } } $aValues[$iHuman][$sItemName] = $mValue; } } } }
function addComment($profileID) { global $logged; global $oProfile; if ($logged['member']) { $record_sender = (int) $_COOKIE['memberID']; } else { return; } $period = 1; // time period before user can add another record (in minutes) $record_maxlength = 1600; // max length of record // Test if IP is defined $ip = getVisitorIP(); if ($ip == '0.0.0.0') { return _t_err("_sorry, i can not define you ip adress. IT'S TIME TO COME OUT !"); } // get record text $record_text = addslashes(clear_xss(trim(process_pass_data($_POST['commenttext'])))); if (strlen($record_text) < 2) { return _t_err("_enter_message_text"); } // Test if last message is old enough $last_count = db_value("SELECT COUNT(*) FROM `ProfilesComments` WHERE `IP` = '{$ip}' AND (UNIX_TIMESTAMP(NOW()) - UNIX_TIMESTAMP(`Date`) < {$period}*60)"); if ($last_count != 0) { return _t_err("_You have to wait for PERIOD minutes before you can write another message!", $period); } $replyTO = (int) $_POST['replyTO']; // Perform insertion $query = "\n\t\tINSERT INTO `ProfilesComments` SET\n\t\t\t`Date` = NOW(),\n\t\t\t`IP` = '{$ip}',\n\t\t\t`Sender` = {$record_sender},\n\t\t\t`Recipient` = {$oProfile->_iProfileID},\n\t\t\t`Text` = '{$record_text}',\n\t\t\t`New` = '1',\n\t\t\t`ReplyTO` = {$replyTO}\n\t\t"; db_res($query); }