コード例 #1
0
ファイル: blogs.server.php プロジェクト: Nikitian/fl-ru-damp
function openlevel($thread, $mod, $begin, $end, $thispage, $blog_thread, $lastlink, $ord)
{
    require_once $_SERVER['DOCUMENT_ROOT'] . "/classes/blogs.php";
    global $session;
    session_start();
    $uid = $_SESSION['uid'];
    $objResponse = new xajaxResponse();
    $blog = new blogs();
    $ret = '';
    $cur_user_msgs = array();
    list($gr_name, $gr_id, $gr_base) = $blog->GetThread($thread, $err, $mod, get_uid(false));
    $blog->GetThreeId($begin, $threearr, 0);
    $parent_login = $blog->login;
    while ($blog->GetNext()) {
        $stopwrite = true;
        foreach ($threearr as $temp) {
            if ($blog->id == $temp) {
                $stopwrite = false;
                break;
            }
        }
        if ($stopwrite) {
            continue;
        }
        $msg_num++;
        $allow_del = 0;
        if ($last_id == $blog->id) {
            print "<a name=\"post\" id=\"post\"></a>";
        }
        if ($blog->id == $edit_id && $blog->login == $_SESSION['login']) {
            print "<a name=\"edit\" id=\"edit\"></a>";
        }
        if ($blog->attach) {
            $str = viewattachLeft($blog->login, $blog->attach, "upload", $file, 1000, 600, 307200, !$blog->small, $blog->small == 2 ? 1 : 0);
        }
        $padding = $blog->level > 19 ? 380 : $blog->level * 20;
        if (in_array($blog->reply, $cur_user_msgs)) {
            $allow_del = 1;
        }
        if ($blog->login == $_SESSION['login']) {
            $cur_user_msgs[] = $blog->id;
        }
        $ret .= '<table width="100%" border="0" cellspacing="0" cellpadding="0">
		<tr valign="top" ';
        $ret .= '><td style="';
        if ($blog->level) {
            $ret .= 'padding-left: ' . $padding . 'px;';
        }
        $ret .= 'padding-right: 10px;">' . view_avatar($blog->login, $blog->photo) . '
			</td>
			<td class="bl_text" width="100%">';
        if ($winner == $blog->id) {
            $ret .= '<a name="winner" id="winner"></a> ';
        }
        if ($blog->payed) {
            $ret .= view_pro();
        }
        $ret .= $session->view_online_status($blog->login);
        $ret .= '<font class="' . $blog->cnt_role . 'name11"><a href="/users/' . $blog->login . '" class="' . $blog->cnt_role . 'name11" title="' . ($blog->uname . " " . $blog->usurname) . '">' . ($blog->uname . " " . $blog->usurname) . '</a> [<a href="/users/' . $blog->login . '" class="' . $blog->cnt_role . 'name11" title="' . $blog->login . '">' . $blog->login . '</a>]</font>&nbsp;&nbsp;' . date("[d.m.Y | H:i]", strtotimeEx($blog->post_time));
        if ($blog->deleted) {
            if (isset($blog->thread) && is_array($blog->thread) && count($blog->thread) > 0) {
                $buser_id = $blog->thread;
                $buser_id = array_pop($buser_id);
                $buser_id = $buser_id['fromuser_id'];
            }
            if ($blog->deluser_id == $blog->fromuser_id) {
                $ret .= '<br><br>Комментарий удален автором ' . date("[d.m.Y | H:i]", strtotimeEx($blog->deleted));
            } elseif ($blog->deluser_id == $buser_id) {
                $ret .= '<br><br>Комментарий удален автором темы ' . date("[d.m.Y | H:i]", strtotimeEx($blog->deleted));
            } else {
                $ret .= '<br><br>Комментарий удален модератором';
                if (!$mod) {
                    $ret .= '( ';
                    $del_user = $user->GetName($blog->deluser_id, $err);
                    $ret .= $del_user['login'] . ' : ' . $del_user['usurname'] . ' ' . $del_user['uname'];
                    $ret .= ' ) ';
                }
                $ret .= date("[d.m.Y | H:i]", strtotimeEx($blog->deleted));
            }
            $ret .= '<br><br>';
        } else {
            if ($blog->modified) {
                $ret .= '&nbsp; &nbsp;';
                if ($blog->modified_id == $blog->fromuser_id) {
                    $ret .= '[внесены изменения: ' . date("d.m.Y | H:i]", strtotimeEx($blog->modified));
                } else {
                    $ret .= 'Отредактировано модератором';
                    if (!$mod) {
                        $ret .= '( ';
                        $mod_user = $user->GetName($blog->modified_id, $err);
                        $ret .= $mod_user['login'] . ' : ' . $mod_user['usurname'] . ' ' . $mod_user['uname'];
                        $ret .= ' ) ';
                    }
                    $ret .= ' ' . date("[d.m.Y | H:i]", strtotimeEx($blog->modified));
                }
            }
            $ret .= '<br>';
            if ($winner == $blog->id) {
                $ret .= '<font color="#000099" style="font-size:20px">Победитель</font>';
            }
            $ret .= '<br>';
            if ($blog->new == 't') {
                $ret .= '<img src="/images/ico_new_blog.gif" alt="" width="44" height="12" border="0"><br>';
            }
            if ($blog->title) {
                $ret .= ' <font class="bl_name">';
                if ($blog->login == "Anonymous") {
                    list($name, $mail) = sscanf($blog->title, "%s @@@: %s");
                    $ret .= $name . " " . $mail;
                } else {
                    $ret .= reformat($blog->title, 30);
                }
                $ret .= '</font><br>';
            }
            $ret .= reformat($blog->msgtext, 50) . '<br>';
            if ($blog->attach) {
                if ($file) {
                    $ret .= "<br>" . $str . "<br>";
                } else {
                    $ret .= "</td></tr><tr class=\"qpr\"><td colspan=\"2\"><br>" . $str;
                }
            }
            $ret .= '<br>';
            if ($gr_base == 5 && !$winner && $parent_login == $_SESSION['login']) {
                $ret .= "<input type=\"submit\" name=\"btn\" value=\"Это победитель\" onClick=\"if (warning(0)) window.location.replace('./view.php?tr=" . $thread . "&ord='.{$ord}.'&winner=" . $blog->id . "'); else return false;\">";
            }
            $ret .= '<div style="color: #D75A29;font-size:9px;';
            if ($blog->attach && !$file) {
                $ret .= ' padding-left: ' . ($padding + 60) . 'px;';
            }
            $ret .= '">';
            if ($blog->login == $_SESSION['login'] || $parent_login == $_SESSION['login'] || $allow_del || !$mod) {
                $ret .= ' <a href="' . $form_uri . '?id=' . $blog->id . '&amp;action=delete&ord=' . $ord . '" style="color: #D75A29;" onclick="return warning(1);">Удалить</a> |';
            }
            if ($blog->login == $_SESSION['login'] || !$mod) {
                $ret .= '<a href="' . $form_uri . '?id=' . $blog->id . '&amp;action=edit&ord=' . $ord . '&amp;tr=' . $thread . '" style="color: #D75A29;">Редактировать</a> |';
            }
            $ret .= "<a href=\"javascript: void(0);\" onclick=\"javascript: answer('" . $blog->id . "', '" . ($blog->attach ? $blog->attach : '') . "', '" . get_login($_SESSION["uid"]) . "'); document.getElementById('frm').olduser.value = '" . $_SESSION["uid"] . "'; \" ";
            $ret .= 'style="color: #D75A29">Комментировать</a> |
  			<a href="/blogs/view.php' . "?tr=" . $blog_thread . ($thispage ? "&pagefrom=" . $thispage : "") . "&openlevel=" . $blog->id . "&ord=" . $ord . "#o" . $blog->id . '" style="color: #D75A29">Ссылка</a> 
  			</div>
						</td>
		</tr>
		<tr';
            if (!$blog->level || $lastlink == $blog->id) {
                $ret .= ' class="qpr"';
            }
            $ret .= '><td colspan="2" ><br></td></tr>
		</table>
		<table width="100%" border="0" cellspacing="0" cellpadding="0">
		<tr class="n_qpr"><td colspan="3" id="form' . $blog->id . '">';
            if ($blog->id == $edit_id && ($blog->login == $_SESSION['login'] || !$mod)) {
                $ret .= "\n\t\t\t<script language=\"JavaScript\" type=\"text/javascript\">\n\t\t\t<!--\n\t\t\tanswer(" . $blog->id . ", '" . ($blog->attach ? $blog->attach : '') . "', '" . get_login($_SESSION["uid"]) . "');\n\t\t\tdocument.getElementById('frm').olduser.value = '" . $_SESSION["uid"] . "';\n\t\t\tdocument.getElementById('frm').msg_name.value = '" . $error_flag ? input_ref_scr($msg_name) : input_ref_scr($blog->title) . "';\n\t\t\tdocument.getElementById('frm').msg.value = '" . $error_flag ? input_ref_scr($msg) : input_ref_scr($blog->msgtext) . "';\n\t\t\tdocument.getElementById('frm').btn.value = 'Сохранить';\n\t\t\tdocument.getElementById('frm').action.value = 'change';\n\t\t\t//-->\n\t\t\t</script>";
            }
        }
        $ret .= "</td></tr>\n\t\t</table>";
    }
    $objResponse->assign($begin, "innerHTML", $ret);
    return $objResponse;
}
コード例 #2
0
ファイル: header_note.php プロジェクト: kapai69/fl-ru-damp
          <form action="">
             <input type="hidden" name="rating" id="note_rating" value="<?php 
echo (int) $aNote['rating'];
?>
">
                 <div class="b-textarea">
                  <textarea class="b-textarea__textarea" id="header_note" name="header_note" cols="70" rows="5" onkeyup="(checknote(this))"></textarea>
                 </div>
                 <div class="b-buttons b-buttons_padtop_10">
                  <a href="javascript:void(0);" onclick="xajax_saveHeaderNote('<?php 
echo $name;
?>
',$('header_note').get('value'), $('note_rating').get('value'));" class="b-button b-button_flat b-button_flat_grey">Сохранить</a>
                  &#160;&#160; или &#160;<a href="javascript:void(0);" onclick="headerNoteText();" class="b-layout__link b-layout__link_fontsize_11">отменить</a>
                  </div>
          </form>
    </div>
    
    
<script type="text/javascript">
<?php 
// !!! тут нужен htmlspecialchars_decode - эта переменная хранит исходный код заметки который в текстарию подставляется
// !!! изза htmlspecialchars_decode на странице появляется XSS см. http://beta.free-lance.ru/mantis/view.php?id=12887
// @todo Необходимо привести все заметки на сайте к общей системе отображения, сохранения
?>
var headerNote = '<?php 
echo input_ref_scr($aNote['n_text']);
?>
';
</script>
コード例 #3
0
ファイル: notes.server.php プロジェクト: Nikitian/fl-ru-damp
function EditNote($login, $action, $text, $rating = 0)
{
    session_start();
    $objResponse = new xajaxResponse();
    $nuid = get_uid(false);
    //$text = str_replace('&', '&amp;', $text);
    //$text = stripslashes($text);
    $text = strip_only(trim($text), '<script>');
    $text = change_q_x($text, FALSE, TRUE, "", false, false);
    // !! кол-во символов также указано в /scripts/note.js
    if (strlen($text) > 200) {
        $text = substr($text, 0, 200);
    }
    switch ($action) {
        case "add":
            if ($text) {
                $error = notes::Add($nuid, $login, $text, 0, "?");
            }
            break;
        case "update":
            if ($text) {
                $error = notes::Update($nuid, $login, $text, $rating, "?");
            } else {
                $error = notes::DeleteNote($nuid, $login, "?");
                $action = 'delete';
            }
            break;
    }
    if ($error) {
        return false;
    }
    $text_src = input_ref_scr(stripslashes($text));
    $text_src = str_replace('&', '&amp;', $text_src);
    $text = reformat($text, 54, 0, 0, 1, 54);
    //$text = addslashes($text);
    switch ($action) {
        case 'add':
        case 'update':
            if (is_empty_html($text)) {
                $s = "\n                    document.getElement('div.form-templ').setStyle('display', 'none');\n                    document.getElement('div.form-templ input').set('disabled', false);\n                    cancelNote();\n                ";
                break;
            }
            $s = "\n                n = \$('note_{$login}');\n                n.getElement('.uprj-note-cnt>p').set('html', '{$text}');\n                n.setStyle('display', 'block');\n\n                document.getElement('div.form-templ').setStyle('display', 'none');\n                document.getElement('div.form-templ input').set('disabled', false);\n\n                if(\$('team_{$login}')) \$('team_{$login}').getElement('.uprj-st3').setStyle('display', 'none');\n                cancelNote();\n            ";
            break;
        case 'delete':
            $s = "\n                n = \$('note_{$login}');\n                n.getElement('.uprj-note-cnt>p').set('html', '');\n                n.setStyle('display', 'none');\n\n                if(\$('team_{$login}')) \$('team_{$login}').getElement('.uprj-st3').setStyle('display', 'inline-block');\n                document.getElement('div.uprj-note.form-templ').store('action', false);\n                cancelNote();\n            ";
            break;
    }
    $objResponse->script($s);
    return $objResponse;
}
コード例 #4
0
        ?>
";
  _frm2.v_pcost.value = "<?php 
        echo $cost;
        ?>
";
  _frm2.v_ptime.value = "<?php 
        echo $time_value;
        ?>
";
  _frm2.v_ptimeei.value = "<?php 
        echo $time_type;
        ?>
";
  _frm2.v_video_link.value = "<?php 
        echo str_replace('"', '\\"', input_ref_scr($video_link));
        ?>
";
  _frm2.v_descr.value = "<?php 
        echo str_replace('"', '\\"', htmlspecialchars_decode(str_replace("\n", '\\n', $descr)));
        ?>
";


  if(<?php 
        echo $in_shop;
        ?>
==1) {
    _frm.in_shop.checked = true;
  } else {
    _frm.in_shop.checked = false;
コード例 #5
0
prjid = new Array();
prjprevtype = new Array();

prof_ids = new Array();
profnames = new Array();
prjinprof = new Array();


<?php 
    $ilast = $i = 0;
    $lastprof = -1;
    $j = 0;
    if ($prjs) {
        foreach ($prjs as $ikey => $prj) {
            if ($prj['id']) {
                print 'prjn[' . $prj['id'] . "] = '" . $i . "';\nprjid[{$i}] = '" . $prj['id'] . "';\nprjname[{$i}] = '" . input_ref_scr($prj['name']) . "';\nprjlink[{$i}] = '" . input_ref_scr($prj['link']) . "';\nprjdescr[{$i}] = '" . input_ref_scr($prj['descr']) . "';\nprjprevtype[{$i}] = '" . $prj['prj_prev_type'] . "';\n\n";
                ++$i;
            }
            $curprof = $prj['prof_id'];
            if ($lastprof != $curprof) {
                if ($lastprof != -1 && $i - $ilast > 1) {
                    print 'prjinprof[' . ($j - 1) . "] = '" . ($i - $ilast) . "';\n";
                }
                print "prof_ids[{$j}] = '" . $prof['prof_id'] . "';\nprofnames[{$j}] = '" . $prof['name'] . "';\n\n";
                ++$j;
                $ilast = $i;
                $lastprof = $curprof;
            }
        }
    }
    if ($i - $ilast > 0) {
コード例 #6
0
ファイル: view_cnt.php プロジェクト: Nikitian/fl-ru-damp
    ?>
, '');
answer(<?php 
    echo $reply;
    ?>
, null, '');
document.getElementById('frm').msg_name.value = "<?php 
    echo stripslashes(input_ref_scr($msg_name));
    ?>
";
document.getElementById('frm').msg.value = "<?php 
    echo input_ref_scr($msg);
    ?>
";
if(document.getElementById('frm').yt_link != undefined) document.getElementById('frm').yt_link.value = "<?php 
    echo preg_replace("/\\//", '\\/', stripslashes(input_ref_scr($yt_link)));
    ?>
";
<?php 
    if ($yt_link) {
        ?>
yt_link = true;
if(document.getElementById('frm').yt_link != undefined) $('yt_link').style.display = 'block';
<?php 
    } else {
        ?>
yt_link = false;
if(document.getElementById('frm').yt_link != undefined) $('yt_link').style.display = 'none';
<?php 
    }
    ?>
コード例 #7
0
ファイル: header.php プロジェクト: Nikitian/fl-ru-damp
}
// срок окончания ПРО - только для админов
if (hasPermissions('users') && $user->is_pro === 't') {
    $proLast = payed::ProLast($user->login);
    $proDate = $proLast['cnt'] ? date('d-m-Y в h:i', strtotime($proLast['cnt'])) : null;
}
$access_favorite = $_SESSION['login'] && $user->login != $_SESSION['login'];
$access_contacts = ($user->isCurrent() || is_view_contacts($user->uid) || hasPermissions('users')) && is_contacts_not_empty($user);
$show_contacts_col = $access_favorite || $access_contacts;
?>
    <?php 
if ($user->login == $_SESSION['login'] || hasPermissions('users')) {
    ?>
        <script type="text/javascript">
            statusTxt="<?php 
    echo ref_scr(input_ref_scr($user->status_text));
    ?>
";
            statusTxtSrc= <?php 
    echo json_encode(array('data' => iconv('CP1251', 'UTF8', $user->status_text)));
    ?>
;
            statusType=<?php 
    echo $user->status_type;
    ?>
;
            statstr=new Array();
        <?php 
    for ($i = -1; $ststr = $user->statusToStr($i); $i++) {
        ?>
                statstr[<?php