function delete_images($image_ids, $delfromserver = 1) { global $site_db, $lang, $ids; if (empty($image_ids)) { echo $lang['no_search_results']; return false; } $error_log = array(); echo "<br />"; $sql = "SELECT image_id, cat_id, user_id, image_name, image_media_file, image_thumb_file\n FROM " . IMAGES_TABLE . "\n WHERE image_id IN ({$image_ids})"; $image_result = $site_db->query($sql); while ($image_row = $site_db->fetch_array($image_result)) { $sql = "DELETE FROM " . IMAGES_TABLE . "\n WHERE image_id = " . $image_row['image_id']; if ($site_db->query($sql)) { echo "<b>" . $lang['image_delete_success'] . "</b> " . $image_row['image_name'] . " (ID: " . $image_row['image_id'] . ")<br />\n"; $ids[] = $image_row['image_id']; } else { $error_log[] = "<b>" . $lang['image_delete_error'] . "</b> " . $image_row['image_name'] . " (ID: " . $image_row['image_id'] . ")<br />"; } if ($delfromserver) { if (!is_remote($image_row['image_media_file']) && !is_local_file($image_row['image_media_file'])) { if (@unlink(MEDIA_PATH . "/" . $image_row['cat_id'] . "/" . $image_row['image_media_file'])) { echo " " . $lang['file_delete_success'] . " (" . $image_row['image_media_file'] . ")<br />\n"; } else { $error_log[] = "<b>" . $lang['file_delete_error'] . " (" . $image_row['image_media_file'] . ")<br />"; } } if (!empty($image_row['image_thumb_file']) && !is_remote($image_row['image_thumb_file']) && !is_local_file($image_row['image_thumb_file'])) { if (@unlink(THUMB_PATH . "/" . $image_row['cat_id'] . "/" . $image_row['image_thumb_file'])) { echo " " . $lang['thumb_delete_success'] . " (" . $image_row['image_thumb_file'] . ")<br />\n"; } else { $error_log[] = "<b>" . $lang['thumb_delete_error'] . " (" . $image_row['image_thumb_file'] . ")<br />\n"; } } if (@unlink(MEDIA_PATH . "/" . $image_row['cat_id'] . "/big/" . $image_row['image_media_file'])) { echo " " . $lang['file_delete_success'] . " (big/" . $image_row['image_media_file'] . ")<br />\n"; } else { echo " No Original Found <br />\n"; } } if (!empty($user_table_fields['user_comments'])) { $sql = "SELECT user_id\n FROM " . COMMENTS_TABLE . "\n WHERE image_id = " . $image_row['image_id'] . " AND user_id <> " . GUEST; $result = $site_db->query($sql); while ($row = $site_db->fetch_array($result)) { $sql = "UPDATE " . USERS_TABLE . "\n SET " . get_user_table_field("", "user_comments") . " = " . get_user_table_field("", "user_comments") . " - 1\n WHERE " . get_user_table_field("", "user_id") . " = " . $row['user_id']; $site_db->query($sql); } } $sql = "DELETE FROM " . COMMENTS_TABLE . "\n WHERE image_id = " . $image_row['image_id']; if ($site_db->query($sql)) { echo $lang['comments_delete_success'] . "<br />\n"; } else { $error_log[] = "<b>" . $lang['comments_delete_success'] . "</b> " . $image_row['image_name'] . ", (ID: " . $image_row['image_id'] . ")<br />\n"; } echo "<br />\n"; } remove_searchwords($image_ids); return $error_log; }
$link_arg = $site_sess->url(ROOT_PATH . "search.php?show_result=1"); include ROOT_PATH . 'includes/paging.php'; $getpaging = new Paging($page, $perpage, $num_rows_all, $link_arg); $offset = $getpaging->get_offset(); $site_template->register_vars(array("paging" => $getpaging->get_paging(), "paging_stats" => $getpaging->get_paging_stats())); $imgtable_width = ceil(intval($config['image_table_width']) / $config['image_cells']); if (substr($config['image_table_width'], -1) == "%") { $imgtable_width .= "%"; } $additional_sql = ""; if (!empty($additional_image_fields)) { foreach ($additional_image_fields as $key => $val) { $additional_sql .= ", i." . $key; } } $sql = "SELECT i.image_id, i.cat_id, i.user_id, i.image_name, i.image_description, i.image_keywords, i.image_date, i.image_active, i.image_media_file, i.image_thumb_file, i.image_download_url, i.image_allow_comments, i.image_comments, i.image_downloads, i.image_votes, i.image_rating, i.image_hits" . $additional_sql . ", c.cat_name" . get_user_table_field(", u.", "user_name") . "\n FROM (" . IMAGES_TABLE . " i, " . CATEGORIES_TABLE . " c)\n LEFT JOIN " . USERS_TABLE . " u ON (" . get_user_table_field("u.", "user_id") . " = i.user_id)\n WHERE i.image_active = 1\n {$sql_where_query}\n AND c.cat_id = i.cat_id {$cat_id_sql}\n ORDER BY " . $config['image_order'] . " " . $config['image_sort'] . ", image_id " . $config['image_sort'] . "\n LIMIT {$offset}, {$perpage}"; $result = $site_db->query($sql); $thumbnails = "<table width=\"" . $config['image_table_width'] . "\" border=\"0\" cellpadding=\"" . $config['image_table_cellpadding'] . "\" cellspacing=\"" . $config['image_table_cellspacing'] . "\">\n"; $count = 0; $bgcounter = 0; while ($image_row = $site_db->fetch_array($result)) { if ($count == 0) { $row_bg_number = $bgcounter++ % 2 == 0 ? 1 : 2; $thumbnails .= "<tr class=\"imagerow" . $row_bg_number . "\">\n"; } $thumbnails .= "<td width=\"" . $imgtable_width . "\" valign=\"top\">\n"; show_image($image_row, "search"); $thumbnails .= $site_template->parse_template("thumbnail_bit"); $thumbnails .= "\n</td>\n"; $count++; if ($count == $config['image_cells']) {
$size = 0; echo "<td width=\"16%\"><b>" . $lang['media_directory'] . "</b></td><td width=\"16%\">" . format_file_size(get_dir_size(MEDIA_PATH)) . "</td>\n"; echo "</tr>"; //2 echo "<tr class=\"" . get_row_bg() . "\">\n"; $sql = "SELECT COUNT(*) as temp_images\n FROM " . IMAGES_TEMP_TABLE; $row = $site_db->query_firstrow($sql); $awaiting_validation = preg_replace("/" . $site_template->start . "num_images" . $site_template->end . "/siU", $row['temp_images'], $lang['images_awaiting_validation']); $awaiting_validation = sprintf("<a href=\"" . $site_sess->url("validateimages.php?action=validateimages") . "\">%s</a>", $awaiting_validation); echo "<td width=\"16%\"><b>" . $lang['images'] . "</b></td><td width=\"16%\">" . $total_images . " / " . $awaiting_validation . "</td>\n"; $size = 0; echo "<td width=\"16%\"><b>" . $lang['thumb_directory'] . "</b></td><td width=\"16%\">" . format_file_size(get_dir_size(THUMB_PATH)) . "</td>\n"; echo "</tr>"; //3 echo "<tr class=\"" . get_row_bg() . "\">\n"; $sql = "SELECT COUNT(*) as users\n FROM " . USERS_TABLE . "\n WHERE " . get_user_table_field("", "user_id") . " <> " . GUEST; $row = $site_db->query_firstrow($sql); echo "<td width=\"16%\"><b>" . $lang['users'] . "</b></td><td width=\"16%\">" . $row['users'] . "</td>\n"; echo "<td width=\"16%\"><b>" . $lang['database'] . "</b></td><td width=\"16%\">"; include ROOT_PATH . 'includes/db_utils.php'; get_database_size(); if (!empty($global_info['database_size']['total'])) { if (!empty($global_info['database_size']['4images'])) { $db_status = $lang['homestats_total'] . " <b>" . format_file_size($global_info['database_size']['total']) . "</b> / "; $db_status .= "4images: <b>" . format_file_size($global_info['database_size']['4images']) . "</b>"; } else { $db_status = format_file_size(!empty($global_info['database_size']['total'])); } } else { $db_status = "n/a"; }
$user_profile_link = !empty($url_show_profile) ? preg_replace("/{user_id}/", $top_list[$i]['user_id'], $url_show_profile) : ROOT_PATH . "member.php?action=showprofile&" . URL_USER_ID . "=" . $top_list[$i]['user_id']; $register_array['image_hits_user_' . $i] = "<a href=\"" . $site_sess->url($user_profile_link) . "\">" . format_text($top_list[$i][$user_table_fields['user_name']]) . "</a>"; } else { $register_array['image_hits_user_' . $i] = $lang['userlevel_guest']; } $register_array['image_hits_cat_' . $i] = "<a href=\"" . $site_sess->url(ROOT_PATH . "categories.php?" . URL_CAT_ID . "=" . $top_list[$i]['cat_id']) . "\">" . format_text($top_list[$i]['cat_name']) . "</a>"; $register_array['image_hits_number_' . $i] = "<b>" . $top_list[$i]['image_hits'] . "</b>"; } else { $register_array['image_hits_' . $i] = "--"; $register_array['image_hits_user_' . $i] = "--"; $register_array['image_hits_cat_' . $i] = "--"; $register_array['image_hits_number_' . $i] = "--"; } } // Downloads $sql = "SELECT i.image_id, i.user_id, i.cat_id, i.image_name, i.image_downloads, c.cat_name" . get_user_table_field(", u.", "user_name") . "\n FROM (" . IMAGES_TABLE . " i, " . CATEGORIES_TABLE . " c)\n LEFT JOIN " . USERS_TABLE . " u ON (" . get_user_table_field("u.", "user_id") . " = i.user_id)\n WHERE i.image_active = 1 AND i.cat_id NOT IN ({$cat_id_sql}) AND i.cat_id = c.cat_id\n {$cat_match_sql}\n ORDER BY i.image_downloads DESC, i.image_name ASC\n LIMIT 10"; $result = $site_db->query($sql); $top_list = array(); $i = 1; while ($row = $site_db->fetch_array($result)) { $top_list[$i] = $row; $i++; } $site_db->free_result(); for ($i = 1; $i <= 10; $i++) { if (isset($top_list[$i])) { $register_array['image_downloads_' . $i] = check_permission("auth_viewimage", $top_list[$i]['cat_id']) ? "<a href=\"" . $site_sess->url(ROOT_PATH . "details.php?" . URL_IMAGE_ID . "=" . $top_list[$i]['image_id']) . "\">" . format_text($top_list[$i]['image_name']) . "</a>" : format_text($top_list[$i]['image_name']); $register_array['image_downloads_openwindow_' . $i] = check_permission("auth_viewimage", $top_list[$i]['cat_id']) ? "<a href=\"" . $site_sess->url(ROOT_PATH . "details.php?" . URL_IMAGE_ID . "=" . $top_list[$i]['image_id']) . "\" onclick=\"opendetailwindow()\" target=\"detailwindow\">" . format_text($top_list[$i]['image_name']) . "</a>" : format_text($top_list[$i]['image_name']); if (isset($top_list[$i][$user_table_fields['user_name']]) && $top_list[$i]['user_id'] != GUEST) { $user_profile_link = !empty($url_show_profile) ? preg_replace("/{user_id}/", $top_list[$i]['user_id'], $url_show_profile) : ROOT_PATH . "member.php?action=showprofile&" . URL_USER_ID . "=" . $top_list[$i]['user_id']; $register_array['image_downloads_user_' . $i] = "<a href=\"" . $site_sess->url($user_profile_link) . "\">" . format_text($top_list[$i][$user_table_fields['user_name']]) . "</a>";
function load_user_info($user_id = GUEST) { global $site_db, $user_table_fields, $additional_user_fields; if ($user_id != GUEST) { $sql = "SELECT u.*, l.*\n FROM " . USERS_TABLE . " u, " . LIGHTBOXES_TABLE . " l\n WHERE " . get_user_table_field("u.", "user_id") . " = {$user_id} AND l.user_id = " . get_user_table_field("u.", "user_id"); $user_info = $site_db->query_firstrow($sql); if (!$user_info) { $sql = "SELECT *\n FROM " . USERS_TABLE . "\n WHERE " . get_user_table_field("", "user_id") . " = {$user_id}"; $user_info = $site_db->query_firstrow($sql); if ($user_info) { $lightbox_id = get_random_key(LIGHTBOXES_TABLE, "lightbox_id"); $sql = "INSERT INTO " . LIGHTBOXES_TABLE . "\n (lightbox_id, user_id, lightbox_lastaction, lightbox_image_ids)\n VALUES\n ('{$lightbox_id}', " . $user_info[$user_table_fields['user_id']] . ", {$this->current_time}, '')"; $site_db->query($sql); $user_info['lightbox_lastaction'] = $this->current_time; $user_info['lightbox_image_ids'] = ""; } } } if (empty($user_info[$user_table_fields['user_id']])) { $user_info = array(); $user_info['user_id'] = GUEST; $user_info['user_level'] = GUEST; $user_info['user_lastaction'] = $this->current_time; $user_info['user_lastvisit'] = $this->read_cookie_data("lastvisit") ? $this->read_cookie_data("lastvisit") : $this->current_time; } foreach ($user_table_fields as $key => $val) { if (isset($user_info[$val])) { $user_info[$key] = $user_info[$val]; } elseif (!isset($user_info[$key])) { $user_info[$key] = ""; } } foreach ($additional_user_fields as $key => $val) { if (!isset($user_info[$key])) { $user_info[$key] = ""; } } return $user_info; }
} $error = 0; $current_user_password = trim($HTTP_POST_VARS['current_user_password']); $user_password = trim($HTTP_POST_VARS['user_password']); $user_password2 = trim($HTTP_POST_VARS['user_password2']); if (!compare_passwords($current_user_password, $user_info['user_password'])) { $msg .= ($msg != "" ? "<br />" : "") . $lang['update_password_error']; $error = 1; } if ($user_password != $user_password2 || $user_password == "") { $msg .= ($msg != "" ? "<br />" : "") . $lang['update_password_confirm_error']; $error = 1; } if (!$error) { $user_password_hashed = salted_hash($user_password); $sql = "UPDATE " . USERS_TABLE . "\n SET " . get_user_table_field("", "user_password") . " = '" . $user_password_hashed . "'\n WHERE " . get_user_table_field("", "user_id") . " = " . $user_info['user_id']; $site_db->query($sql); $msg = $lang['update_password_success']; $user_info = $site_sess->load_user_info($user_info['user_id']); } $action = "editprofile"; } if ($action == "editprofile") { $txt_clickstream = $lang['control_panel']; if ($user_info['user_level'] == GUEST) { show_error_page($lang['no_permission']); exit; } $user_name = $user_info['user_name']; if (!$update_process) { $user_email = $user_info['user_email'];
function get_user_info($user_id = 0) { global $site_db, $user_table_fields; $user_info = 0; if ($user_id != 0 && $user_id != GUEST) { $sql = "SELECT *\n FROM " . USERS_TABLE . "\n WHERE " . get_user_table_field("", "user_id") . " = {$user_id}"; if ($user_info = $site_db->query_firstrow($sql)) { foreach ($user_table_fields as $key => $val) { if (isset($user_info[$val])) { $user_info[$key] = $user_info[$val]; } elseif (!isset($user_info[$key])) { $user_info[$key] = ""; } } } } return $user_info; }
$start = $limitstart + 1; } echo $lang['found'] . " <b>" . $countimages['images'] . "</b> " . $lang['showing'] . " <b>{$start}</b>-"; if ($limitfinish > $countimages['images'] == 0) { echo "<b>" . $limitfinish . "</b>."; } else { echo "<b>" . $countimages['images'] . "</b>."; } echo "<br />" . $lang['no_image_found']; show_form_header("validateimages.php", "saveimages", "form"); $bgcounter = 0; echo "<table cellpadding=\"0\" cellspacing=\"0\" border=\"0\" width=\"100%\" align=\"center\"><tr><td class=\"tableborder\">\n<table cellpadding=\"3\" cellspacing=\"1\" border=\"0\" width=\"100%\">\n"; if ($countimages['images'] > 0) { echo "<tr class=\"tableseparator\">\n"; echo "<td class=\"tableseparator\">" . $lang['validate'] . "</td>\n<td class=\"tableseparator\">" . $lang['delete'] . "</td>\n<td class=\"tableseparator\"> </td>\n<td class=\"tableseparator\">" . $lang['field_image_name'] . "</td>\n<td class=\"tableseparator\">" . $lang['field_category'] . "</td>\n<td class=\"tableseparator\">" . $lang['field_username'] . "</td>\n<td class=\"tableseparator\">" . $lang['field_date'] . "</td>\n<td class=\"tableseparator\">" . $lang['options'] . "</td>\n</tr>\n"; $sql = "SELECT i.image_id, i.cat_id, i.user_id, i.image_name, i.image_date, i.image_media_file" . get_user_table_field(", u.", "user_name") . "\n FROM " . IMAGES_TEMP_TABLE . " i\n LEFT JOIN " . USERS_TABLE . " u ON (" . get_user_table_field("u.", "user_id") . " = i.user_id)\n WHERE {$condition}\n ORDER BY {$orderby} {$direction}\n LIMIT {$limitstart}, {$limitnumber}"; $result = $site_db->query($sql); while ($image_row = $site_db->fetch_array($result)) { echo "<tr class=\"" . get_row_bg() . "\">"; $image_path = is_remote($image_row['image_media_file']) ? $image_row['image_media_file'] : MEDIA_TEMP_PATH . "/" . $image_row['image_media_file']; $file_src = get_file_path($image_row['image_media_file'], "media", 0, 1); echo "<td><input type=\"radio\" name=\"image_list[" . $image_row['image_id'] . "]\" value=\"1\"></td>"; echo "<td><input type=\"radio\" name=\"image_list[" . $image_row['image_id'] . "]\" value=\"0\"></td>"; echo "<td><a href=\"" . $image_path . "\" target=\"_blank\"><img src=\"" . $file_src . "\" border=\"1\" height=\"50\"></a></td>"; echo "<td><b><a href=\"" . $image_path . "\" target=\"_blank\">" . format_text($image_row['image_name'], 2) . "</a></b> (" . $image_row['image_media_file']; if (!get_file_path($image_row['image_media_file'], "media", 0, 0, 0)) { echo " <b class=\"marktext\">!</b>"; } echo ")</td>\n"; echo "<td><a href=\"" . $site_sess->url(ROOT_PATH . "categories.php?" . URL_CAT_ID . "=" . $image_row['cat_id']) . "\" target=\"_blank\">" . format_text($cat_cache[$image_row['cat_id']]['cat_name'], 2) . "</a></td>\n"; $show_user_name = format_text($image_row[$user_table_fields['user_name']], 2);
function delete_images($image_ids, $delfromserver = 1) { global $site_db, $lang; if (empty($image_ids)) { echo $lang['no_search_results']; return false; } $error_log = array(); echo "<br />"; $sql = "SELECT i.image_id, i.cat_id, i.user_id, i.image_name, i.image_media_file, i.image_thumb_file, l.lightbox_image_ids\n FROM " . IMAGES_TABLE . " i\n LEFT JOIN " . LIGHTBOXES_TABLE . " l ON (l.user_id = i.user_id)\n WHERE i.image_id IN ({$image_ids})"; $image_result = $site_db->query($sql); while ($image_row = $site_db->fetch_array($image_result)) { if ($image_row['user_id'] != GUEST) { $lightbox_array = explode(" ", $image_row['lightbox_image_ids']); foreach ($lightbox_array as $key => $val) { if ($val == $image_row['image_id']) { unset($lightbox_array[$key]); } } $lightbox_image_ids = trim(implode(" ", $lightbox_array)); $sql = "UPDATE " . LIGHTBOXES_TABLE . "\n SET lightbox_image_ids = '" . $lightbox_image_ids . "'\n WHERE user_id = " . $image_row['user_id']; $site_db->query($sql); } $sql = "DELETE FROM " . IMAGES_TABLE . "\n WHERE image_id = " . $image_row['image_id']; if ($site_db->query($sql)) { echo "<b>" . $lang['image_delete_success'] . "</b> " . format_text($image_row['image_name'], 2) . " (ID: " . $image_row['image_id'] . ")<br />\n"; } else { $error_log[] = "<b>" . $lang['image_delete_error'] . "</b> " . format_text($image_row['image_name'], 2) . " (ID: " . $image_row['image_id'] . ")<br />"; } if ($delfromserver) { if (!is_remote($image_row['image_media_file']) && !is_local_file($image_row['image_media_file'])) { if (@unlink(MEDIA_PATH . "/" . $image_row['cat_id'] . "/" . $image_row['image_media_file'])) { echo " " . $lang['file_delete_success'] . " (" . $image_row['image_media_file'] . ")<br />\n"; } else { $error_log[] = "<b>" . $lang['file_delete_error'] . " (" . $image_row['image_media_file'] . ")<br />"; } } if (!empty($image_row['image_thumb_file']) && !is_remote($image_row['image_thumb_file']) && !is_local_file($image_row['image_thumb_file'])) { if (@unlink(THUMB_PATH . "/" . $image_row['cat_id'] . "/" . $image_row['image_thumb_file'])) { echo " " . $lang['thumb_delete_success'] . " (" . $image_row['image_thumb_file'] . ")<br />\n"; } else { $error_log[] = "<b>" . $lang['thumb_delete_error'] . " (" . $image_row['image_thumb_file'] . ")<br />\n"; } } } if (!empty($user_table_fields['user_comments'])) { $sql = "SELECT user_id\n FROM " . COMMENTS_TABLE . "\n WHERE image_id = " . $image_row['image_id'] . " AND user_id <> " . GUEST; $result = $site_db->query($sql); while ($row = $site_db->fetch_array($result)) { $sql = "UPDATE " . USERS_TABLE . "\n SET " . get_user_table_field("", "user_comments") . " = " . get_user_table_field("", "user_comments") . " - 1\n WHERE " . get_user_table_field("", "user_id") . " = " . $row['user_id']; $site_db->query($sql); } } $sql = "DELETE FROM " . COMMENTS_TABLE . "\n WHERE image_id = " . $image_row['image_id']; if ($site_db->query($sql)) { echo $lang['comments_delete_success'] . "<br />\n"; } else { $error_log[] = "<b>" . $lang['comments_delete_success'] . "</b> " . format_text($image_row['image_name'], 2) . ", (ID: " . $image_row['image_id'] . ")<br />\n"; } echo "<br />\n"; } remove_searchwords($image_ids); return $error_log; }
show_text_link($lang['back'], "javascript:history.back(1)"); } else { $msg = sprintf("<span class=\"marktext\">%s</span>", $lang['lostfield_error']); $action = "emailusers"; } } if ($action == "emailusers") { if ($msg != "") { printf("<b>%s</b>\n", $msg); } show_form_header("email.php", "sendemails"); show_table_header($lang['send_emails'], 2); show_input_row($lang['send_emails_subject'], "subject", "", 45); show_textarea_row($lang['send_emails_message'], "message", "", 60, 20); $select = "<select name=\"emails[]\" size=\"15\" multiple=\"multiple\">\n"; $sql = "SELECT " . get_user_table_field("", "user_id") . get_user_table_field(", ", "user_level") . get_user_table_field(", ", "user_name") . get_user_table_field(", ", "user_email") . "\n FROM " . USERS_TABLE . "\n WHERE " . get_user_table_field("", "user_id") . " <> " . GUEST . " AND " . get_user_table_field("", "user_allowemails") . " = 1\n ORDER BY " . get_user_table_field("", "user_level") . " DESC"; $result = $site_db->query($sql); $level = 1000; while ($row = $site_db->fetch_array($result)) { $user_level = $row[$user_table_fields['user_level']]; if ($level != $user_level && $user_level == ADMIN) { $select .= "<option value=\"0\">__________________________</option>\n"; $select .= "<option value=\"0\" class=\"dropdownmarker\">" . $lang['userlevel_admin'] . "</option>\n"; } elseif ($level != $user_level && $user_level == USER) { $select .= "<option value=\"0\">__________________________</option>\n"; $select .= "<option value=\"0\" class=\"dropdownmarker\">" . $lang['userlevel_registered'] . "</option>\n"; } elseif ($level != $user_level && $user_level == USER_AWAITING) { $select .= "<option value=\"0\">__________________________</option>\n"; $select .= "<option value=\"0\" class=\"dropdownmarker\">" . $lang['userlevel_registered_awaiting'] . "</option>\n"; } $user_email = $row[$user_table_fields['user_email']];
function delete_users($user_ids, $delcomments = 1, $delimages = 1) { global $site_db, $lang, $user_table_fields; if (empty($user_ids)) { echo $lang['no_search_results']; return false; } $error_log = array(); echo "<br />"; $sql = "SELECT " . get_user_table_field("", "user_id") . get_user_table_field(", ", "user_name") . "\n FROM " . USERS_TABLE . "\n WHERE " . get_user_table_field("", "user_id") . " IN ({$user_ids})"; $user_result = $site_db->query($sql); $image_ids_sql = ""; while ($user_row = $site_db->fetch_array($user_result)) { $user_id = $user_row[$user_table_fields['user_id']]; $user_name = $user_row[$user_table_fields['user_name']]; $sql = "DELETE FROM " . GROUP_MATCH_TABLE . "\n WHERE user_id = {$user_id}"; $site_db->query($sql); $sql = "SELECT group_id\n FROM " . GROUPS_TABLE . "\n WHERE group_name = '" . addslashes($user_name) . "' AND group_type = " . GROUPTYPE_SINGLE; if ($groups_row = $site_db->query_firstrow($sql)) { $sql = "DELETE FROM " . GROUPS_TABLE . "\n WHERE group_id = " . $groups_row['group_id'] . " AND group_type = " . GROUPTYPE_SINGLE; $site_db->query($sql); $sql = "DELETE FROM " . GROUP_ACCESS_TABLE . "\n WHERE group_id = " . $groups_row['group_id']; $site_db->query($sql); } $sql = "DELETE FROM " . LIGHTBOXES_TABLE . "\n WHERE user_id = {$user_id}"; $site_db->query($sql); if (!defined("USER_INTEGRATION") || defined("USER_INTEGRATION") && USER_INTEGRATION == "NONE") { $sql = "DELETE FROM " . USERS_TABLE . "\n WHERE " . get_user_table_field("", "user_id") . " = {$user_id}"; if ($site_db->query($sql)) { echo "<b>" . $lang['user_delete_success'] . "</b> " . format_text($user_name, 2) . " (ID: {$user_id})<br />\n"; } else { $error_log[] = "<b>" . $lang['user_delete_error'] . "</b> " . format_text($user_name, 2) . " (ID: {$user_id})<br />\n"; } } else { echo "<b>" . $lang['user_integration_delete_msg'] . "</b> " . format_text($user_name, 2) . " (ID: {$user_id})<br />\n"; } if ($delimages) { $sql = "SELECT image_id, cat_id, image_media_file, image_thumb_file\n FROM " . IMAGES_TABLE . "\n WHERE user_id = {$user_id}"; $result = $site_db->query($sql); while ($row = $site_db->fetch_array($result)) { if (file_exists(MEDIA_PATH . "/" . $row['cat_id'] . "/" . $row['image_media_file'])) { unlink(MEDIA_PATH . "/" . $row['cat_id'] . "/" . $row['image_media_file']); } if (file_exists(THUMB_PATH . "/" . $row['cat_id'] . "/" . $row['image_thumb_file']) && !empty($row['image_thumb_file'])) { unlink(THUMB_PATH . "/" . $row['cat_id'] . "/" . $row['image_thumb_file']); } $image_ids_sql .= ($image_ids_sql != "" ? ", " : "") . $row['image_id']; } $sql = "DELETE FROM " . IMAGES_TABLE . "\n WHERE user_id = {$user_id}"; if ($site_db->query($sql)) { echo " " . $lang['images_delete_success'] . "<br />\n"; } else { $error_log[] = $lang['images_delete_error'] . ": " . format_text($user_name, 2); } } else { //Update Images $sql = "UPDATE " . IMAGES_TABLE . "\n SET user_id = " . GUEST . "\n WHERE user_id = {$user_id}"; if ($site_db->query($sql)) { echo " " . $lang['user_images_update_success'] . "<br />\n"; } else { $error_log[] = $lang['user_images_update_error'] . ": " . format_text($user_name, 2); } } if ($delcomments) { $sql = "SELECT i.image_id, COUNT(c.comment_id) AS count\n FROM " . IMAGES_TABLE . " i\n LEFT JOIN " . COMMENTS_TABLE . " c ON c.image_id = i.image_id\n WHERE c.user_id = " . $user_id . "\n GROUP BY i.image_id"; $result = $site_db->query($sql); while ($row = $site_db->fetch_array($result)) { $sql = "UPDATE " . IMAGES_TABLE . "\n SET image_comments = image_comments - " . $row['count'] . "\n WHERE image_id = " . $row['image_id']; $site_db->query($sql); } $sql = "DELETE FROM " . COMMENTS_TABLE . "\n WHERE user_id = {$user_id}"; if ($site_db->query($sql)) { echo " " . $lang['comments_delete_success'] . "<br />\n"; } else { $error_log[] = $lang['comments_delete_error'] . ": " . format_text($user_name, 2); } } else { //Update Comments $sql = "UPDATE " . COMMENTS_TABLE . "\n SET user_id = " . GUEST . ", user_name = '{$user_name}'\n WHERE user_id = {$user_id}"; if ($site_db->query($sql)) { echo " " . $lang['user_comments_update_success'] . "<br />\n"; } else { $error_log[] = $lang['user_comments_update_error'] . ": " . format_text($user_name, 2); } } echo "<br />\n"; } include_once ROOT_PATH . 'includes/search_utils.php'; remove_searchwords($image_ids_sql); return $error_log; }
if (isset($HTTP_GET_VARS[URL_POSTCARD_ID]) || isset($HTTP_POST_VARS[URL_POSTCARD_ID])) { $postcard_id = isset($HTTP_GET_VARS[URL_POSTCARD_ID]) ? trim($HTTP_GET_VARS[URL_POSTCARD_ID]) : trim($HTTP_POST_VARS[URL_POSTCARD_ID]); } else { $postcard_id = 0; } if ($action == "") { $action = $postcard_id ? "showcard" : "createcard"; } if (isset($HTTP_GET_VARS['modifycard']) || isset($HTTP_POST_VARS['modifycard'])) { $action = "modifycard"; } $main_template = $action == "createcard" || $action == "modifycard" ? "postcard_create" : ($action == "previewcard" ? "postcard_create" : "postcard_send"); include ROOT_PATH . 'includes/page_header.php'; $sendprocess = 0; if ($action != "showcard") { $sql = "SELECT i.cat_id, i.image_name, i.image_media_file, i.image_thumb_file, c.cat_name" . get_user_table_field(", u.", "user_name") . "\n FROM (" . IMAGES_TABLE . " i, " . CATEGORIES_TABLE . " c)\n LEFT JOIN " . USERS_TABLE . " u ON (" . get_user_table_field("u.", "user_id") . " = i.user_id)\n WHERE i.image_id = {$image_id}"; $image_row = $site_db->query_firstrow($sql); if (!$image_row) { redirect($url); } $cat_id = $image_row['cat_id']; $image_row['user_name'] = $image_row[$user_table_fields['user_name']]; if (!check_permission("auth_viewcat", $cat_id) || !check_permission("auth_viewimage", $cat_id) || !check_permission("auth_sendpostcard", $cat_id)) { redirect($url); } } if ($action == "sendcard") { $expiry = time() - 60 * 60 * 24 * POSTCARD_EXPIRY; $sql = "DELETE FROM " . POSTCARDS_TABLE . "\n WHERE (postcard_date < {$expiry})"; $site_db->query($sql); $bg_color = un_htmlspecialchars(trim($HTTP_POST_VARS['bg_color']));
function show_user_select_row($title, $user_id, $i = 0) { global $error, $lang, $HTTP_POST_VARS, $site_db, $user_table_fields, $user_select_row_cache; if (empty($user_select_row_cache)) { $sql = "SELECT " . get_user_table_field("", "user_id") . get_user_table_field(", ", "user_name") . "\n FROM " . USERS_TABLE . "\n WHERE " . get_user_table_field("", "user_id") . " <> " . GUEST . "\n ORDER BY " . get_user_table_field("", "user_name") . " ASC"; $result = $site_db->query($sql); $user_select_row_cache = array(); while ($row = $site_db->fetch_array($result)) { $user_select_row_cache[$row[$user_table_fields['user_id']]] = $row[$user_table_fields['user_name']]; } } if (isset($error['user_id_' . $i]) || isset($error['user_id'])) { $title = sprintf("<span class=\"marktext\">%s *</span>", $title); } if (isset($HTTP_POST_VARS['user_id_' . $i])) { $user_id = $HTTP_POST_VARS['user_id_' . $i]; } elseif (isset($HTTP_POST_VARS['user_id'])) { $user_id = $HTTP_POST_VARS['user_id']; } $i = $i ? "_" . $i : ""; echo "<tr class=\"" . get_row_bg() . "\">\n<td><p class=\"rowtitle\">" . $title . "</p></td>\n"; echo "<td>\n"; echo "<select name=\"user_id" . $i . "\" class=\"categoryselect\">\n"; echo "<option value=\"" . GUEST . "\">" . $lang['userlevel_guest'] . "</option>\n"; echo "<option value=\"" . GUEST . "\">-------------------------------</option>\n"; foreach ($user_select_row_cache as $key => $val) { echo "<option value=\"" . $key . "\""; if ($key == $user_id) { echo " selected=\"selected\""; } echo ">" . format_text($val, 2) . "</option>\n"; } echo "</select>\n"; echo "</td>\n</tr>\n"; }
$user_email = $row[$user_table_fields['user_email']]; } } $rss_items[] = array('title' => format_rss_text($row['comment_headline']), 'link' => $site_sess->url($script_url . "/details.php?" . URL_IMAGE_ID . "=" . $image_id . "#comment" . $row['comment_id']), 'pubDate' => $row['comment_date'], 'desc' => format_rss_text($row['comment_text']), 'category' => array('name' => $rss_title, 'domain' => $rss_link), 'author' => array('name' => $user_name, 'email' => $user_email)); } break; case 'images': default: $cat_sql = ""; if ($cat_id && isset($cat_cache[$cat_id])) { $rss_title .= " - " . format_rss_text($cat_cache[$cat_id]['cat_name']); $rss_link = $site_sess->url($script_url . "/categories.php?" . URL_CAT_ID . "=" . $cat_id); $rss_desc = format_rss_html($cat_cache[$cat_id]['cat_description']); $cat_sql = "AND i.cat_id = {$cat_id}"; } $sql = "SELECT i.image_id, i.cat_id, i.user_id, i.image_name, i.image_description, i.image_keywords, i.image_date, i.image_active, i.image_media_file, i.image_thumb_file, i.image_download_url, i.image_allow_comments, i.image_comments, i.image_downloads, i.image_votes, i.image_rating, i.image_hits, c.cat_name" . get_user_table_field(", u.", "user_name") . "\n FROM (" . IMAGES_TABLE . " i, " . CATEGORIES_TABLE . " c)\n LEFT JOIN " . USERS_TABLE . " u ON (" . get_user_table_field("u.", "user_id") . " = i.user_id)\n WHERE i.image_active = 1\n {$cat_sql}\n AND c.cat_id = i.cat_id\n AND i.cat_id NOT IN (" . get_auth_cat_sql("auth_viewcat", "NOTIN") . ")\n ORDER BY i.image_date DESC, i.image_id DESC\n LIMIT {$num_items}"; $result = $site_db->query($sql); while ($row = $site_db->fetch_array($result)) { $user_name = format_rss_text($lang['userlevel_guest']); $user_email = "*****@*****.**"; if (isset($row[$user_table_fields['user_name']]) && $row['user_id'] != GUEST) { $user_name = format_rss_text($row[$user_table_fields['user_name']]); if (!empty($row[$user_table_fields['user_email']]) && (!isset($row[$user_table_fields['user_showemail']]) || isset($row[$user_table_fields['user_showemail']]) && $row[$user_table_fields['user_showemail']] == 1)) { $user_email = $row[$user_table_fields['user_email']]; } } $rss_items[] = array('title' => format_rss_text($row['image_name']), 'link' => $site_sess->url($script_url . "/details.php?" . URL_IMAGE_ID . "=" . $row['image_id']), 'pubDate' => $row['image_date'], 'desc' => format_rss_html($row['image_description']), 'category' => array('name' => format_rss_text($cat_cache[$row['cat_id']]['cat_name']), 'domain' => $site_sess->url($script_url . "/categories.php?" . URL_CAT_ID . "=" . $row['cat_id'])), 'enclosure' => get_rss_enclosure($row['image_thumb_file'], "thumb", $row['cat_id']), 'author' => array('name' => $user_name, 'email' => $user_email), 'comments' => $site_sess->url($script_url . "/details.php?" . URL_IMAGE_ID . "=" . $row['image_id'] . "#comments")); } break; } $items = '';
$site_db->query($sql); } if (!isset($HTTP_GET_VARS['activationkey'])) { $msg = $lang['missing_activationkey']; } else { if ($config['account_activation'] == 2 && $user_info['user_level'] != ADMIN) { show_error_page($lang['no_permission']); exit; } $activationkey = trim($HTTP_GET_VARS['activationkey']); $sql = "SELECT " . get_user_table_field("", "user_name") . get_user_table_field(", ", "user_email") . get_user_table_field(", ", "user_activationkey") . "\n FROM " . USERS_TABLE . "\n WHERE " . get_user_table_field("", "user_activationkey") . " = '{$activationkey}'"; $row = $site_db->query_firstrow($sql); if (!$row) { $msg = $lang['invalid_activationkey']; } else { $sql = "UPDATE " . USERS_TABLE . "\n SET " . get_user_table_field("", "user_level") . " = " . USER . "\n WHERE " . get_user_table_field("", "user_activationkey") . " = '{$activationkey}'"; $site_db->query($sql); $msg = $lang['activation_success']; if ($config['account_activation'] == 2) { include ROOT_PATH . 'includes/email.php'; $site_email = new Email(); $site_email->set_to($row[$user_table_fields['user_email']]); $site_email->set_subject($lang['activation_success_emailsubject']); $site_email->register_vars(array("user_name" => $row[$user_table_fields['user_name']], "site_name" => $config['site_name'])); $site_email->set_body("activation_success", $config['language_dir']); $site_email->send_email(); } } } } //-----------------------------------------------------
} } unset($row); unset($spam_row); } //----------------------------------------------------- //--- Show Comments ----------------------------------- //----------------------------------------------------- if ($msgdetails = $site_sess->get_session_var("msgdetails")) { $msg .= ($msg !== "" ? "<br />" : "") . $msgdetails; unset($msgdetails); $site_sess->drop_session_var("msgdetails"); } if ($image_allow_comments == 1) { $site_template->register_vars(array("has_rss" => true, "rss_title" => "RSS Feed: " . $image_name . " (" . str_replace(':', '', $lang['comments']) . ")", "rss_url" => $script_url . "/rss.php?action=comments&" . URL_IMAGE_ID . "=" . $image_id)); $sql = "SELECT c.comment_id, c.image_id, c.user_id, c.user_name AS comment_user_name, c.comment_headline, c.comment_text, c.comment_ip, c.comment_date" . get_user_table_field(", u.", "user_level") . get_user_table_field(", u.", "user_name") . get_user_table_field(", u.", "user_email") . get_user_table_field(", u.", "user_showemail") . get_user_table_field(", u.", "user_invisible") . get_user_table_field(", u.", "user_joindate") . get_user_table_field(", u.", "user_lastaction") . get_user_table_field(", u.", "user_comments") . get_user_table_field(", u.", "user_homepage") . get_user_table_field(", u.", "user_icq") . "\n FROM " . COMMENTS_TABLE . " c\n LEFT JOIN " . USERS_TABLE . " u ON (" . get_user_table_field("u.", "user_id") . " = c.user_id)\n WHERE c.image_id = {$image_id}\n ORDER BY c.comment_date ASC"; $result = $site_db->query($sql); $comment_row = array(); while ($row = $site_db->fetch_array($result)) { $comment_row[] = $row; } $site_db->free_result($result); $num_comments = sizeof($comment_row); if (!$num_comments) { $comments = "<tr><td class=\"commentrow1\" colspan=\"2\">" . $lang['no_comments'] . "</td></tr>"; } else { $comments = ""; $bgcounter = 0; for ($i = 0; $i < $num_comments; $i++) { $row_bg_number = $bgcounter++ % 2 == 0 ? 1 : 2; $comment_user_email = "";
function update_single_usergroup($user_id) { global $site_db, $user_table_fields; $sql = "SELECT " . get_user_table_field("", "user_name") . "\n FROM " . USERS_TABLE . "\n WHERE " . get_user_table_field("", "user_id") . " = {$user_id}"; $row = $site_db->query_firstrow($sql); if (!$row) { return false; } else { $group_name = $row[$user_table_fields['user_name']]; unset($row); } $sql = "SELECT group_id\n FROM " . GROUPS_TABLE . "\n WHERE group_name = '" . addslashes($group_name) . "' AND group_type = " . GROUPTYPE_SINGLE; $row = $site_db->query_firstrow($sql); if (!$row) { $sql = "INSERT INTO " . GROUPS_TABLE . "\n (group_name, group_type)\n VALUES\n ('" . addslashes($group_name) . "', " . GROUPTYPE_SINGLE . ")"; $site_db->query($sql); $group_id = $site_db->get_insert_id(); } else { $group_id = $row['group_id']; } $sql = "SELECT group_id\n FROM " . GROUP_MATCH_TABLE . "\n WHERE group_id = {$group_id} AND user_id = {$user_id}"; if ($site_db->is_empty($sql)) { $sql = "INSERT INTO " . GROUP_MATCH_TABLE . "\n (group_id, user_id, groupmatch_startdate, groupmatch_enddate)\n VALUES\n ({$group_id}, {$user_id}, 0, 0)"; $site_db->query($sql); } return array("group_id" => $group_id, "group_name" => $group_name); }