function set_value(&$all_values, $sanitize = true) { if ($sanitize) { $this->value = remove_banned_words(sanitize_and_format_gpc($all_values, $this->config['dbfield'], TYPE_STRING, $GLOBALS['__field2format'][FIELD_TEXTFIELD], $this->empty_value['edit'])); } elseif (isset($all_values[$this->config['dbfield']])) { $this->value = $all_values[$this->config['dbfield']]; } return true; }
function admin_processor() { $error = false; $my_input = array(); if ($this->is_search) { $my_input['search_default'] = array('min' => sanitize_and_format_gpc($_POST, 'search_start', TYPE_INT, 0, 0), 'max' => sanitize_and_format_gpc($_POST, 'search_end', TYPE_INT, 0, 0)); return $my_input; } return $error; }
function set_value(&$all_values, $sanitize = true) { $this->value = $this->empty_value['edit']; if ($sanitize) { $this->value['zip'] = sanitize_and_format_gpc($all_values, $this->config['dbfield'] . '_zip', TYPE_STRING, $GLOBALS['__field2format'][FIELD_TEXTFIELD], $this->empty_value['edit']['zip']); $this->value['dist'] = sanitize_and_format_gpc($all_values, $this->config['dbfield'] . '_dist', TYPE_INT, 0, $this->empty_value['edit']['dist']); } else { if (isset($all_values[$this->config['dbfield'] . '_zip'])) { $this->value['zip'] = $all_values[$this->config['dbfield'] . '_zip']; } elseif (isset($this->config['default_value']['zip'])) { $this->value['zip'] = $this->config['default_value']['zip']; } if (isset($all_values[$this->config['dbfield'] . '_dist'])) { $this->value['dist'] = (int) $all_values[$this->config['dbfield'] . '_dist']; } elseif (isset($this->config['default_value']['dist'])) { $this->value['dist'] = (int) $this->config['default_value']['dist']; } } return true; }
function set_value(&$all_values, $sanitize = true) { $this->value = $this->empty_value['edit']; if ($sanitize) { $this->value['min'] = sanitize_and_format_gpc($all_values, $this->config['dbfield'] . '_min', TYPE_INT, 0, $this->empty_value['edit']['min']); $this->value['max'] = sanitize_and_format_gpc($all_values, $this->config['dbfield'] . '_max', TYPE_INT, 0, $this->empty_value['edit']['max']); } else { if (isset($all_values[$this->config['dbfield'] . '_min'])) { $this->value['min'] = (int) $all_values[$this->config['dbfield'] . '_min']; } if (isset($all_values[$this->config['dbfield'] . '_max'])) { $this->value['max'] = (int) $all_values[$this->config['dbfield'] . '_max']; } } if ($this->value['min'] > $this->value['max']) { $temp = $this->value['max']; $this->value['max'] = $this->value['min']; $this->value['min'] = $temp; } return true; }
******************************************************************************* * See the "docs/licenses/etano.txt" file for license. * ******************************************************************************/ require '../includes/common.inc.php'; require _BASEPATH_ . '/includes/user_functions.inc.php'; require _BASEPATH_ . '/includes/field_functions.inc.php'; check_login_member('auth'); $error = false; $qs = ''; $qs_sep = ''; $topass = array(); $nextpage = 'my_profile.php'; if ($_SERVER['REQUEST_METHOD'] == 'POST') { $input = array(); // get the input we need and sanitize it $pcat_id = sanitize_and_format_gpc($_POST, 'pcat_id', TYPE_INT, 0, 0); if (isset($_pcats[$pcat_id]) && count($_pcats[$pcat_id]['fields']) > 0) { $config = get_site_option(array('manual_profile_approval'), 'core'); $on_changes = array(); $changes_status = array(); foreach ($_pcats[$pcat_id]['fields'] as $field_id) { $field =& $_pfields[$field_id]; if ($field->config['editable']) { $field->set_value($_POST, true); // check for input errors if (true !== ($temp = $field->validation_server())) { $error = true; $topass['message']['type'] = MESSAGE_ERROR; if (empty($temp['text'])) { $topass['message']['text'] = $GLOBALS['_lang'][69]; } else {
function search_results($search, $my_membership = 1) { global $dbtable_prefix; global $_pfields; $myreturn = array(); $input['acclevel_code'] = 'search_advanced'; // default access level is the one for advanced search!!!! $search_fields = array(); $continue = false; // for searches not based on search_fields $select = "a.`fk_user_id`"; $from = "`{$dbtable_prefix}user_profiles` a"; $where = ' a.`status`=' . STAT_APPROVED . ' AND a.`del`=0'; $orderby = "ORDER BY a.`score` DESC"; if (isset($search['min_user_id'])) { $where .= " AND a.`fk_user_id`>" . $search['min_user_id']; } // if (!empty($_SESSION[_LICENSE_KEY_]['user']['user_id'])) { // $where.=" AND a.`fk_user_id`<>'".$_SESSION[_LICENSE_KEY_]['user']['user_id']."'"; // } // define here all search types // you can either add fields to be read into $search_fields or build the query directly if (isset($search['st'])) { switch ($search['st']) { case 'basic': $input['acclevel_code'] = 'search_basic'; $search_fields = $GLOBALS['basic_search_fields']; if (isset($search['wphoto'])) { $where .= " AND a.`_photo`!=''"; } break; case 'adv': $input['acclevel_code'] = 'search_advanced'; // for advanced search we get all fields foreach ($_pfields as $field_id => $field) { if (!empty($field->config['searchable'])) { $search_fields[] = $field_id; } } if (isset($search['wphoto'])) { $where .= " AND a.`_photo`!=''"; } break; case 'user': $input['acclevel_code'] = 'search_advanced'; $continue = true; $input['user'] = sanitize_and_format_gpc($search, 'user', TYPE_STRING, $GLOBALS['__field2format'][FIELD_TEXTFIELD], ''); if (strlen($input['user']) <= 3) { // $topass['message']['text']=$GLOBALS['_lang'][8]; // $topass['message']['type']=MESSAGE_ERROR; $where = ''; // force no results returned. } else { $where .= " AND a.`_user` LIKE '" . $input['user'] . "%'"; } break; case 'net': $input['acclevel_code'] = 'search_basic'; $continue = true; $input['fk_user_id'] = sanitize_and_format_gpc($search, 'uid', TYPE_INT, 0, 0); $input['fk_net_id'] = sanitize_and_format_gpc($search, 'nid', TYPE_INT, 0, 0); $select = "b.`fk_user_id_other`"; $from = "`{$dbtable_prefix}user_networks` b," . $from; $where = "b.`fk_user_id`=" . $input['fk_user_id'] . " AND b.`fk_net_id`=" . $input['fk_net_id'] . " AND b.`nconn_status`=1 AND b.`fk_user_id_other`=a.`fk_user_id` AND " . $where; break; case 'new': $input['acclevel_code'] = 'search_basic'; $continue = true; $orderby = "ORDER BY a.`date_added` DESC"; break; case 'online': $input['acclevel_code'] = 'search_basic'; $continue = true; $from = "`{$dbtable_prefix}online` b," . $from; $where .= " AND b.`fk_user_id` IS NOT NULL AND b.`fk_user_id`=a.`fk_user_id`"; $orderby = "GROUP BY b.`fk_user_id` " . $orderby; break; case 'vote': case 'views': case 'comm': // TODO break; default: break; } } if (allow_at_level($input['acclevel_code'], $my_membership)) { for ($i = 0; isset($search_fields[$i]); ++$i) { $field = $_pfields[$search_fields[$i]]->search(); $field->set_value($search); $where .= $field->query_search(); $input = array_merge($input, $field->get_value(true)); } if (!empty($where)) { // if $where is empty then a condition above prevents us from searching. $query = "SELECT {$select} FROM {$from} WHERE {$where} {$orderby}"; if (!($res = @mysql_query($query))) { trigger_error(mysql_error(), E_USER_ERROR); } for ($i = 0; $i < mysql_num_rows($res); ++$i) { $myreturn[] = mysql_result($res, $i, 0); } } } return $myreturn; }
* See the "docs/licenses/etano.txt" file for license. * ******************************************************************************/ require_once '../includes/common.inc.php'; require_once '../includes/admin_functions.inc.php'; require_once '../includes/tables/site_news.inc.php'; allow_dept(DEPT_ADMIN); $tpl = new phemplate('skin/', 'remove_nonjs'); $output = $site_news_default['defaults']; if (isset($_SESSION['topass']['input'])) { $output = $_SESSION['topass']['input']; } elseif (!empty($_GET['news_id'])) { $news_id = (int) $_GET['news_id']; $query = "SELECT * FROM `{$dbtable_prefix}site_news` WHERE `news_id`='{$news_id}'"; if (!($res = @mysql_query($query))) { trigger_error(mysql_error(), E_USER_ERROR); } if (mysql_num_rows($res)) { $output = mysql_fetch_assoc($res); $output['news_title'] = sanitize_and_format($output['news_title'], TYPE_STRING, $__field2format[TEXT_DB2EDIT]); $output['news_body'] = sanitize_and_format($output['news_body'], TYPE_STRING, $__field2format[TEXT_DB2EDIT]); } } $output['return2'] = sanitize_and_format_gpc($_GET, 'return', TYPE_STRING, $__field2format[FIELD_TEXTFIELD], ''); $output['return'] = rawurlencode($output['return2']); $tpl->set_file('content', 'site_news_addedit.html'); $tpl->set_var('output', $output); $tpl->process('content', 'content'); $tplvars['title'] = 'Site News Management'; $tplvars['css'] = 'site_news_addedit.css'; $tplvars['page'] = 'site_news_addedit'; include 'frame.php';
if (empty($input['astat'])) { unset($input['astat']); } $input['pstat'] = sanitize_and_format_gpc($_GET, 'pstat', TYPE_INT, 0, 0); if (empty($input['pstat'])) { unset($input['pstat']); } $input['membership'] = sanitize_and_format_gpc($_GET, 'membership', TYPE_INT, 0, 0); if (empty($input['membership'])) { unset($input['membership']); } $input['photo'] = sanitize_and_format_gpc($_GET, 'photo', TYPE_INT, 0, 0); if (empty($input['photo'])) { unset($input['photo']); } $input['album'] = sanitize_and_format_gpc($_GET, 'album', TYPE_INT, 0, 0); if (empty($input['album'])) { unset($input['album']); } } // we build the query but run it only if this is a first run, otherwise we already know the results // we need the query though for the md5 $where = "a.`fk_user_id`=b.`" . USER_ACCOUNT_ID . "`"; $from = "`{$dbtable_prefix}user_profiles` a,`" . USER_ACCOUNTS_TABLE . "` b"; if (isset($input['user'])) { $where .= " AND a.`_user` LIKE '" . $input['user'] . "%'"; } if (isset($input['pstat'])) { // profile status $where .= " AND a.`status`=" . $input['pstat']; }
******************************************************************************* * See the "docs/licenses/etano.txt" file for license. * ******************************************************************************/ require_once '../includes/common.inc.php'; db_connect(_DBHOST_, _DBUSER_, _DBPASS_, _DBNAME_); require_once '../includes/admin_functions.inc.php'; require_once '../includes/classes/fileop.class.php'; require_once '../includes/classes/etano_package.class.php'; allow_dept(DEPT_ADMIN); set_time_limit(0); ignore_user_abort(true); $error = false; $tpl = new phemplate('skin/', 'remove_nonjs'); $output = array(); $fileop = new fileop(); $file = sanitize_and_format_gpc($_GET, 'f', TYPE_STRING, $__field2format[FIELD_TEXTFIELD] | FORMAT_RUDECODE, ''); if (substr($file, 0, 7) == 'http://') { // save it in tmp/packages and rename $file to filename.zip require_once '../includes/classes/package_downloader.class.php'; $p = new package_downloader($file); if ($p->download()) { $file = $p->file_name; } else { $file = ''; $error = true; $topass['message']['type'] = MESSAGE_ERROR; $topass['message']['text'] = $p->error_text; } } $install_index = 0; $ui_request = false;
$tplvars['page_title'] = $GLOBALS['_lang'][104]; //$orderby="a.`date_posted` DESC"; // default break; case 'views': $tplvars['page_title'] = $GLOBALS['_lang'][105]; $input['acclevel_code'] = 'search_blog'; $orderby = "a.`stat_views` DESC"; break; case 'comm': $tplvars['page_title'] = $GLOBALS['_lang'][106]; $input['acclevel_code'] = 'search_blog'; $orderby = "a.`stat_comments` DESC"; break; case 'uid': $input['acclevel_code'] = 'search_blog'; $input['uid'] = sanitize_and_format_gpc($_GET, 'uid', TYPE_INT, 0, 0); $tplvars['page_title'] = sprintf($GLOBALS['_lang'][108], get_user_by_userid($input['uid'])); $where = "a.`fk_user_id`=" . $input['uid'] . " AND " . $where; $orderby = "a.`post_id` DESC"; break; case 'tag': $tplvars['page_title'] = $GLOBALS['_lang'][107]; $input['acclevel_code'] = 'search_blog'; $input['tags'] = isset($_GET['tags']) ? $_GET['tags'] : ''; // remove extra spaces and words with less than 3 chars $input['tags'] = trim(preg_replace(array("/\\s\\s+/", "/\\b[^\\s]{1,3}\\b/"), array(' ', ''), $input['tags'])); $input['tags'] = sanitize_and_format($input['tags'], TYPE_STRING, $__field2format[FIELD_TEXTFIELD]); if (!empty($input['tags'])) { $select .= ",MATCH (a.`title`,a.`post_content`) AGAINST ('" . $input['tags'] . "' IN BOOLEAN MODE) as `match_score`"; $where .= " AND MATCH (a.`title`,a.`post_content`) AGAINST ('" . $input['tags'] . "' IN BOOLEAN MODE)"; $orderby = "`match_score` DESC";
require _BASEPATH_ . '/includes/tables/message_filters.inc.php'; require _BASEPATH_ . '/skins_site/' . get_my_skin() . '/lang/mailbox.inc.php'; check_login_member('manage_folders'); if (is_file(_BASEPATH_ . '/events/processors/filters_addedit.php')) { include _BASEPATH_ . '/events/processors/filters_addedit.php'; } $error = false; $qs = ''; $qs_sep = ''; $topass = array(); $nextpage = 'filters.php'; $input = array(); if ($_SERVER['REQUEST_METHOD'] == 'POST') { // get the input we need and sanitize it foreach ($message_filters_default['types'] as $k => $v) { $input[$k] = sanitize_and_format_gpc($_POST, $k, $__field2type[$v], $__field2format[$v], $message_filters_default['defaults'][$k]); } $input['fk_user_id'] = $_SESSION[_LICENSE_KEY_]['user']['user_id']; switch ($input['filter_type']) { case FILTER_SENDER: if (!($input['field_value'] = get_userid_by_user($input['field_value']))) { $error = true; $topass['message']['type'] = MESSAGE_ERROR; $topass['message']['text'] = sprintf($GLOBALS['_lang'][41], $input['field_value']); } break; case FILTER_SENDER_PROFILE: case FILTER_MESSAGE: default: break; }
require _BASEPATH_ . '/includes/user_functions.inc.php'; require _BASEPATH_ . '/skins_site/' . get_my_skin() . '/lang/my_searches.inc.php'; check_login_member('save_searches'); if (is_file(_BASEPATH_ . '/events/processors/my_searches.php')) { include _BASEPATH_ . '/events/processors/my_searches.php'; } $error = false; $qs = ''; $qs_sep = ''; $topass = array(); $nextpage = 'my_searches.php'; if ($_SERVER['REQUEST_METHOD'] == 'POST') { $input = array(); // get the input we need and sanitize it $input['is_default'] = sanitize_and_format_gpc($_POST, 'is_default', TYPE_INT, 0, 0); $input['alert'] = sanitize_and_format_gpc($_POST, 'alert', TYPE_INT, 0, array()); // make sure $input['alert'] is an array if (!is_array($input['alert']) && !empty($input['alert'])) { $input['alert'] = array($input['alert']); } if (!$error) { if (isset($_on_before_update)) { for ($i = 0; isset($_on_before_update[$i]); ++$i) { call_user_func($_on_before_update[$i]); } } $query = "UPDATE `{$dbtable_prefix}user_searches` SET `is_default`=0,`alert`=0 WHERE `fk_user_id`='" . $_SESSION[_LICENSE_KEY_]['user']['user_id'] . "'"; if (!($res = @mysql_query($query))) { trigger_error(mysql_error(), E_USER_ERROR); } if (!empty($input['is_default'])) {
File: admin/processors/login.php $Revision$ Software by: DateMill (http://www.datemill.com) Copyright by: DateMill (http://www.datemill.com) Support at: http://www.datemill.com/forum ******************************************************************************* * See the "docs/licenses/etano.txt" file for license. * ******************************************************************************/ require_once '../../includes/common.inc.php'; require_once '../../includes/admin_functions.inc.php'; $topass = array(); $qs = ''; $qs_sep = ''; if ($_SERVER['REQUEST_METHOD'] == 'POST') { $username = strtolower(sanitize_and_format_gpc($_POST, 'username', TYPE_STRING, $__field2format[FIELD_TEXTFIELD], '')); $password = sanitize_and_format_gpc($_POST, 'password', TYPE_STRING, $__field2format[FIELD_TEXTFIELD], ''); if (!empty($username) && !empty($password)) { $query = "SELECT `admin_id`,`name`,`dept_id`,`status` FROM `{$dbtable_prefix}admin_accounts` WHERE `user`='{$username}' AND `pass`=md5('{$password}')"; if (!($res = @mysql_query($query))) { trigger_error(mysql_error(), E_USER_ERROR); } if (mysql_num_rows($res)) { $admin = mysql_fetch_assoc($res); if ($admin['status'] == ASTAT_ACTIVE) { $_SESSION[_LICENSE_KEY_]['admin'] = array_merge(isset($_SESSION[_LICENSE_KEY_]['admin']) ? $_SESSION[_LICENSE_KEY_]['admin'] : array(), $admin); $_SESSION[_LICENSE_KEY_]['admin']['def_skin'] = get_default_skin_dir(); if (isset($_SESSION[_LICENSE_KEY_]['admin']['timedout']['url'])) { $next = $_SESSION[_LICENSE_KEY_]['admin']['timedout']; unset($_SESSION[_LICENSE_KEY_]['admin']['timedout']); if ($next['method'] == 'GET') { if (!empty($next['qs'])) {
} } // no need to sanitize // $output=sanitize_and_format($output,TYPE_STRING,$__field2format[TEXT_DB2EDIT]); if ($output['message_type'] == MESS_FLIRT) { $output['flirt_reply'] = true; } } else { trigger_error($GLOBALS['_lang'][120], E_USER_ERROR); } $output['lang_263'] = sanitize_and_format($GLOBALS['_lang'][263], TYPE_STRING, $__field2format[TEXT_DB2DISPLAY]); $output['lang_264'] = sanitize_and_format($GLOBALS['_lang'][264], TYPE_STRING, $__field2format[TEXT_DB2DISPLAY]); $output['lang_196'] = sanitize_and_format($GLOBALS['_lang'][196], TYPE_STRING, $__field2format[TEXT_DB2DISPLAY]); $output['lang_197'] = sanitize_and_format($GLOBALS['_lang'][197], TYPE_STRING, $__field2format[TEXT_DB2DISPLAY]); if (!isset($output['return']) && isset($_GET['return'])) { $output['return'] = sanitize_and_format_gpc($_GET, 'return', TYPE_STRING, $__field2format[FIELD_TEXTFIELD] | FORMAT_RUENCODE, ''); } $output['bbcode_message'] = get_site_option('bbcode_message', 'core'); if (empty($output['bbcode_message'])) { unset($output['bbcode_message']); } $tpl->set_file('content', 'message_send.html'); $tpl->set_var('output', $output); $tpl->process('content', 'content', TPL_OPTIONAL); $tplvars['page_title'] = sprintf($GLOBALS['_lang'][137], $output['_user_other']); $tplvars['title'] = $tplvars['page_title']; $tplvars['page'] = 'message_send'; $tplvars['css'] = 'message_send.css'; if (is_file('message_send_left.php')) { include 'message_send_left.php'; }
=============================================================================== File: admin/processors/site_skins_delete.php $Revision$ Software by: DateMill (http://www.datemill.com) Copyright by: DateMill (http://www.datemill.com) Support at: http://www.datemill.com/forum ******************************************************************************* * See the "docs/licenses/etano.txt" file for license. * ******************************************************************************/ require_once '../../includes/common.inc.php'; require_once '../../includes/admin_functions.inc.php'; allow_dept(DEPT_ADMIN); $qs = ''; $qs_sep = ''; $topass = array(); $module_code = sanitize_and_format_gpc($_GET, 'module_code', TYPE_STRING, $__field2format[FIELD_TEXTFIELD], ''); $query = "SELECT count(*) FROM `{$dbtable_prefix}modules` WHERE `module_type`=" . MODULE_SKIN; if (!($res = @mysql_query($query))) { trigger_error(mysql_error(), E_USER_ERROR); } if (mysql_result($res, 0, 0) > 1) { $config = get_site_option(array('is_default', 'skin_dir'), $module_code); $query = "DELETE FROM `{$dbtable_prefix}site_options3` WHERE `fk_module_code`='{$module_code}'"; if (!($res = @mysql_query($query))) { trigger_error(mysql_error(), E_USER_ERROR); } $query = "DELETE FROM `{$dbtable_prefix}modules` WHERE `module_code`='{$module_code}'"; if (!($res = @mysql_query($query))) { trigger_error(mysql_error(), E_USER_ERROR); } $query = "DELETE FROM `{$dbtable_prefix}lang_strings` WHERE `skin`='{$module_code}'";
$types[$rsrow['fk_module_code']][$rsrow['config_option']] = $rsrow['option_type']; switch ($rsrow['option_type']) { case FIELD_CHECKBOX: $input[$rsrow['fk_module_code']][$rsrow['config_option']] = sanitize_and_format_gpc($_POST, $rsrow['fk_module_code'] . '_' . $rsrow['config_option'], TYPE_STRING, $__field2format[FIELD_TEXTFIELD], 0); break; case FIELD_TEXTFIELD: $input[$rsrow['fk_module_code']][$rsrow['config_option']] = sanitize_and_format_gpc($_POST, $rsrow['fk_module_code'] . '_' . $rsrow['config_option'], TYPE_STRING, $__field2format[FIELD_TEXTFIELD], ''); break; case FIELD_INT: $input[$rsrow['fk_module_code']][$rsrow['config_option']] = sanitize_and_format_gpc($_POST, $rsrow['fk_module_code'] . '_' . $rsrow['config_option'], TYPE_INT, 0, 0); break; case FIELD_TEXTAREA: $input[$rsrow['fk_module_code']][$rsrow['config_option']] = sanitize_and_format_gpc($_POST, $rsrow['fk_module_code'] . '_' . $rsrow['config_option'], TYPE_STRING, $__field2format[FIELD_TEXTAREA], ''); break; case FIELD_SELECT: $input[$rsrow['fk_module_code']][$rsrow['config_option']] = sanitize_and_format_gpc($_POST, $rsrow['fk_module_code'] . '_' . $rsrow['config_option'], TYPE_INT, 0, 0); break; } } foreach ($input as $module_code => $v) { foreach ($v as $config_option => $config_value) { // with this if() we target date_format because an empty date_format // could break all dates on the site. if ($types[$module_code][$config_option] != FIELD_TEXTFIELD || !empty($config_value)) { $query = "REPLACE INTO `{$dbtable_prefix}user_settings2` SET `fk_user_id`='" . $_SESSION[_LICENSE_KEY_]['user']['user_id'] . "',`config_option`='{$config_option}',`config_value`='{$config_value}',`fk_module_code`='{$module_code}'"; if (isset($_on_before_update)) { for ($i = 0; isset($_on_before_update[$i]); ++$i) { call_user_func($_on_before_update[$i]); } } if (!($res = @mysql_query($query))) {
$continue = true; $input['user'] = sanitize_and_format_gpc($_GET, 'user', TYPE_STRING, $__field2format[FIELD_TEXTFIELD], ''); if (strlen($input['user']) <= 3) { $topass['message']['text'] = $GLOBALS['_lang'][8]; $topass['message']['type'] = MESSAGE_ERROR; $where = ''; // force no results returned. } else { $where .= " AND a.`_user` LIKE '" . $input['user'] . "%'"; } break; case 'net': $input['acclevel_code'] = 'search_basic'; $continue = true; $input['fk_user_id'] = sanitize_and_format_gpc($_GET, 'uid', TYPE_INT, 0, 0); $input['fk_net_id'] = sanitize_and_format_gpc($_GET, 'nid', TYPE_INT, 0, 0); $select = "b.`fk_user_id_other`"; $from = "`{$dbtable_prefix}user_networks` b," . $from; $where = "b.`fk_user_id`=" . $input['fk_user_id'] . " AND b.`fk_net_id`=" . $input['fk_net_id'] . " AND b.`nconn_status`=1 AND b.`fk_user_id_other`=a.`fk_user_id` AND " . $where; break; case 'new': $input['acclevel_code'] = 'search_basic'; $continue = true; $orderby = "ORDER BY a.`date_added` DESC"; break; case 'online': $input['acclevel_code'] = 'search_basic'; $continue = true; $where .= " AND a.`fk_user_id` IN ('" . join("','", array_keys($_list_of_online_members)) . "')"; $skip_cache = true; break;
$Revision$ Software by: DateMill (http://www.datemill.com) Copyright by: DateMill (http://www.datemill.com) Support at: http://www.datemill.com/forum ******************************************************************************* * See the "docs/licenses/etano.txt" file for license. * ******************************************************************************/ define('NO_SESSION', 1); require_once '../../includes/common.inc.php'; require_once '../../includes/admin_functions.inc.php'; set_error_handler('general_error'); set_time_limit(0); ignore_user_abort(true); ob_end_flush(); if (isset($_SERVER['REMOTE_ADDR'])) { $lk = sanitize_and_format_gpc($_GET, 'lk', TYPE_STRING, $__field2format[FIELD_TEXTFIELD], ''); if ($lk == _LICENSE_KEY_) { if (!empty($_GET['run'])) { include_once dirname(__FILE__) . '/jobs/' . $_GET['run']; } else { $day = (int) date('d'); $weekday = (int) date('w'); //0 for sunday $hour = (int) date('H'); $minute = (int) date('i'); $minute = $minute - $minute % 5; // allow 4 minutes and 59 seconds run delay print "time: {$hour}:{$minute}<br>"; $jobs = array(); // every 5 minutes if ($minute % 5 == 0) {
$input['error_email'] = 'red_border'; } if (!$error) { $query = "SELECT `" . USER_ACCOUNT_ID . "` FROM `" . USER_ACCOUNTS_TABLE . "` WHERE `email`='" . $input['email'] . "' LIMIT 1"; if (!($res = @mysql_query($query))) { trigger_error(mysql_error(), E_USER_ERROR); } if (mysql_num_rows($res)) { $error = true; $topass['message']['type'] = MESSAGE_ERROR; $topass['message']['text'][] = sprintf($GLOBALS['_lang'][67], $input['email']); $input['error_email'] = 'red_border'; } } if (get_site_option('use_captcha', 'core')) { $captcha = sanitize_and_format_gpc($_POST, 'captcha', TYPE_STRING, $__field2format[FIELD_TEXTFIELD], ''); if (!$error && (!isset($_SESSION['captcha_word']) || strcasecmp($captcha, $_SESSION['captcha_word']) != 0)) { $error = true; $topass['message']['type'] = MESSAGE_ERROR; $topass['message']['text'][] = $GLOBALS['_lang'][24]; $input['error_captcha'] = 'red_border'; } } unset($_SESSION['captcha_word']); if (!$error && empty($input['agree'])) { $error = true; $topass['message']['type'] = MESSAGE_ERROR; $topass['message']['text'][] = $GLOBALS['_lang'][68]; $input['error_agree'] = 'red_border'; } }
<?php /****************************************************************************** Etano =============================================================================== File: admin/ajax/get_reject_reason.php $Revision$ Software by: DateMill (http://www.datemill.com) Copyright by: DateMill (http://www.datemill.com) Support at: http://www.datemill.com/forum ******************************************************************************* * See the "docs/licenses/etano.txt" file for license. * ******************************************************************************/ require_once dirname(__FILE__) . '/../../includes/common.inc.php'; require_once dirname(__FILE__) . '/../../includes/admin_functions.inc.php'; allow_dept(DEPT_ADMIN); $amtpl_id = sanitize_and_format_gpc($_POST, 'amtpl_id', TYPE_INT, 0, 0); $output = ''; $query = "SELECT `subject`,`message_body` FROM `{$dbtable_prefix}admin_mtpls` WHERE `amtpl_id`={$amtpl_id}"; if (!($res = @mysql_query($query))) { trigger_error(mysql_error(), E_USER_ERROR); } if (mysql_num_rows($res)) { $output .= '<reason_title>' . rawurlencode(mysql_result($res, 0, 0)) . '</reason_title>'; $output .= '<reject_reason>' . rawurlencode(mysql_result($res, 0, 1)) . '</reject_reason>'; } header('Content-type: text/xml'); echo '<result>' . $output . '</result>';
$Revision$ Software by: DateMill (http://www.datemill.com) Copyright by: DateMill (http://www.datemill.com) Support at: http://www.datemill.com/forum ******************************************************************************* * See the "docs/licenses/etano.txt" file for license. * ******************************************************************************/ require_once '../includes/common.inc.php'; require_once '../includes/admin_functions.inc.php'; require_once '../includes/classes/advgraph4.class.php'; allow_dept(DEPT_ADMIN | DEPT_MODERATOR); $dot_types = array('num_users', 'online_users', 'paid_members'); $type = sanitize_and_format_gpc($_GET, 't', TYPE_STRING, 0, ''); $start_date = sanitize_and_format_gpc($_GET, 'start', TYPE_INT, 0, 0); // unix time $end_date = sanitize_and_format_gpc($_GET, 'end', TYPE_INT, 0, 0); // unix time $forced_end = false; if (empty($end_date)) { $end_date = mktime(0, 0, 0, date('m'), date('d'), date('Y')); $forced_end = true; } if (in_array($type, $dot_types)) { if (!is_file(_BASEPATH_ . '/tmp/admin/' . $type . $start_date . $end_date . '.png') || isset($_GET['refresh'])) { $query = "SELECT `value`,UNIX_TIMESTAMP(`time`) as `time` FROM `{$dbtable_prefix}stats_dot` WHERE `dataset`='{$type}'"; if (!empty($start_date)) { $query .= " AND `time`>='" . date('Ymd', $start_date) . "'"; } if (!$forced_end) { $query .= " AND `time`<='" . date('Ymd', $end_date) . "'"; }
require _BASEPATH_ . '/includes/user_functions.inc.php'; require _BASEPATH_ . '/skins_site/' . get_my_skin() . '/lang/blogs.inc.php'; check_login_member('read_blogs'); $tpl = new phemplate(_BASEPATH_ . '/skins_site/' . get_my_skin() . '/', 'remove_nonjs'); $blog = array(); $output = array(); $loop = array(); $blog_id = ''; if (!empty($_GET['bid'])) { $blog_id = (string) (int) $_GET['bid']; if (is_file(_CACHEPATH_ . '/blogs/' . $blog_id[0] . '/' . $blog_id . '/blog.inc.php')) { include _CACHEPATH_ . '/blogs/' . $blog_id[0] . '/' . $blog_id . '/blog.inc.php'; } $output = $blog; $year = sanitize_and_format_gpc($_GET, 'y', TYPE_INT, 0, 0); $month = sanitize_and_format_gpc($_GET, 'm', TYPE_INT, 0, 0); if (empty($year)) { $query = "SELECT YEAR(`date_posted`),MONTH(`date_posted`) FROM `{$dbtable_prefix}blog_posts` WHERE `fk_blog_id`={$blog_id} ORDER BY `date_posted` DESC LIMIT 1"; if (!($res = @mysql_query($query))) { trigger_error(mysql_error(), E_USER_ERROR); } if (mysql_num_rows($res)) { list($year, $month) = mysql_fetch_row($res); } } elseif (empty($month)) { $query = "SELECT YEAR(`date_posted`),MONTH(`date_posted`) FROM `{$dbtable_prefix}blog_posts` WHERE `fk_blog_id`={$blog_id} AND YEAR(`date_posted`)='{$year}' ORDER BY `date_posted` DESC LIMIT 1"; if (!($res = @mysql_query($query))) { trigger_error(mysql_error(), E_USER_ERROR); } if (mysql_num_rows($res)) { list($year, $month) = mysql_fetch_row($res);
function admin_processor() { $error = false; $my_input = array(); global $input, $__field2format, $dbtable_prefix, $default_skin_code; if (!$this->is_search) { $my_input['use_bbcode'] = sanitize_and_format_gpc($_POST, 'use_bbcode', TYPE_INT, 0, 0); $my_input['use_smilies'] = sanitize_and_format_gpc($_POST, 'use_smilies', TYPE_INT, 0, 0); $my_input['changes_status'] = sanitize_and_format_gpc($_POST, 'changes_status', TYPE_INT, 0, 0); $my_input['ta_len'] = sanitize_and_format_gpc($_POST, 'ta_len', TYPE_INT, 0, 0); $input['custom_config'] = sanitize_and_format(serialize($my_input), TYPE_STRING, FORMAT_ADDSLASH); } else { return array(); } return $error; }
******************************************************************************/ require_once '../../includes/common.inc.php'; require_once '../../includes/admin_functions.inc.php'; allow_dept(DEPT_ADMIN); set_time_limit(0); ignore_user_abort(true); $error = false; $qs = ''; $qs_sep = ''; $topass = array(); $nextpage = 'admin/package_install.php'; if ($_SERVER['REQUEST_METHOD'] == 'POST') { $input = array(); $input['package_path'] = sanitize_and_format_gpc($_POST, 'package_path', TYPE_STRING, $__field2format[FIELD_TEXTFIELD], ''); $input['install_index'] = isset($_POST['install_index']) ? (int) $_POST['install_index'] : -1; $input['processor'] = sanitize_and_format_gpc($_POST, 'processor', TYPE_STRING, $__field2format[FIELD_TEXTFIELD], ''); $temp = explode('/', $input['package_path']); $zip_name = $temp[count($temp) - 1] . '.zip'; $qs .= $qs_sep . 'f=' . $zip_name; $qs_sep = '&'; if (empty($input['package_path'])) { $error = true; $topass['message']['type'] = MESSAGE_ERROR; $topass['message']['text'][] = 'Required parameter \'package_path\' not received from user input!'; } if ($input['install_index'] == -1) { $error = true; $topass['message']['type'] = MESSAGE_ERROR; $topass['message']['text'][] = 'Required parameter \'install_index\' not received from user input!'; } if (empty($input['processor'])) {
require_once '../../includes/admin_functions.inc.php'; require_once '../../includes/tables/admin_accounts.inc.php'; allow_dept(DEPT_ADMIN); $error = false; $qs = ''; $qs_sep = ''; $topass = array(); $nextpage = 'admin/admin_accounts.php'; if ($_SERVER['REQUEST_METHOD'] == 'POST') { $input = array(); // get the input we need and sanitize it foreach ($admin_accounts_default['types'] as $k => $v) { $input[$k] = sanitize_and_format_gpc($_POST, $k, $__field2type[$v], $__field2format[$v], $admin_accounts_default['defaults'][$k]); } $pass2 = sanitize_and_format_gpc($_POST, 'pass2', TYPE_STRING, $__field2format[FIELD_TEXTFIELD], ''); $input['change_pass'] = sanitize_and_format_gpc($_POST, 'change_pass', TYPE_INT, 0, 0); $input['user'] = strtolower($input['user']); // check for input errors if (empty($input['user'])) { $error = true; $topass['message']['type'] = MESSAGE_ERROR; $topass['message']['text'] = 'Please enter the user'; $input['error_user'] = '******'; } if (empty($input['name'])) { $error = true; $topass['message']['type'] = MESSAGE_ERROR; $topass['message']['text'] = 'Please enter the name'; $input['error_name'] = 'red_border'; } if ($input['change_pass'] || empty($input['admin_id'])) {
require_once '../includes/admin_functions.inc.php'; allow_dept(DEPT_MODERATOR | DEPT_ADMIN); $tpl = new phemplate('skin/', 'remove_nonjs'); $returned = false; $output = array(); if (isset($_SESSION['topass']['input'])) { $output = $_SESSION['topass']['input']; // our 'return' here was decoded in the processor $output['return'] = rawurlencode($output['return']); $returned = true; } else { $output['t'] = sanitize_and_format_gpc($_GET, 't', TYPE_INT, 0, 0); $output['id'] = sanitize_and_format_gpc($_GET, 'id', TYPE_INT, 0, 0); $output['return2'] = sanitize_and_format_gpc($_GET, 'return', TYPE_STRING, $__field2format[FIELD_TEXTFIELD], ''); $output['return'] = rawurlencode($output['return2']); $output['m'] = sanitize_and_format_gpc($_GET, 'm', TYPE_STRING, 0, ''); } $query = "SELECT `amtpl_id`,`amtpl_name`,`subject`,`message_body` FROM `{$dbtable_prefix}admin_mtpls` WHERE `amtpl_type`=" . $output['t']; if (!($res = @mysql_query($query))) { trigger_error(mysql_error(), E_USER_ERROR); } $amtpls = array(); $i = 0; while ($rsrow = mysql_fetch_assoc($res)) { $rsrow = sanitize_and_format($rsrow, TYPE_STRING, $__field2format[TEXT_DB2EDIT]); $amtpls[$rsrow['amtpl_id']] = $rsrow['amtpl_name']; if ($i == 0 && !$returned) { $output['reason_title'] = $rsrow['subject']; $output['reject_reason'] = $rsrow['message_body']; } $i++;
Support at: http://www.datemill.com/forum ******************************************************************************* * See the "docs/licenses/etano.txt" file for license. * ******************************************************************************/ require '../includes/common.inc.php'; require _BASEPATH_ . '/includes/admin_functions.inc.php'; allow_dept(DEPT_MODERATOR | DEPT_ADMIN); // cleanup after an 'impersonate user' action if (isset($_GET['clean_user_session'])) { $_SESSION[_LICENSE_KEY_]['user'] = array(); unset($_SESSION[_LICENSE_KEY_]['user']); } $tpl = new phemplate('skin/', 'remove_nonjs'); $output = array('_user' => ''); // needed for the title $output['search_md5'] = sanitize_and_format_gpc($_GET, 'search', TYPE_STRING, $__field2format[FIELD_TEXTFIELD], ''); $uid = 0; if (!empty($_GET['uid'])) { $uid = (int) $_GET['uid']; if (!empty($output['search_md5']) && isset($_GET['go']) && ($_GET['go'] == 1 || $_GET['go'] == -1)) { $query = "SELECT `results` FROM `{$dbtable_prefix}site_searches` WHERE `search_md5`='" . $output['search_md5'] . "'"; if (!($res = @mysql_query($query))) { trigger_error(mysql_error(), E_USER_ERROR); } if (mysql_num_rows($res)) { $user_ids = mysql_result($res, 0, 0); $user_ids = explode(',', $user_ids); $key = array_search($uid, $user_ids) + $_GET['go']; if (isset($user_ids[$key])) { $uid = (int) $user_ids[$key]; }
Etano =============================================================================== File: admin/file_edit.php $Revision$ Software by: DateMill (http://www.datemill.com) Copyright by: DateMill (http://www.datemill.com) Support at: http://www.datemill.com/forum ******************************************************************************* * See the "docs/licenses/etano.txt" file for license. * ******************************************************************************/ require_once '../includes/common.inc.php'; require_once '../includes/admin_functions.inc.php'; allow_dept(DEPT_ADMIN); $tpl = new phemplate('skin/', 'remove_nonjs'); $output = array(); $output['file'] = str_replace('..', '', preg_replace('~[^a-zA-Z0-9\\._/-]~', '', sanitize_and_format_gpc($_GET, 'f', TYPE_STRING, $__field2format[FIELD_TEXTFIELD], ''))); if (!empty($output['file']) && $output['file'][0] == '/') { $output['file'] = substr($output['file'], 1); } $file = _BASEPATH_ . '/' . $output['file']; $mode = isset($_GET['m']) ? (int) $_GET['m'] : 1; if (is_file($file)) { $output['file_content'] = str_replace(array('{', '}'), array('{', '}'), sanitize_and_format(file_get_contents($file), TYPE_STRING, $__field2format[TEXT_DB2EDIT])); } $tpl->set_file('content', 'file_edit.html'); $output['path'] = urlencode(pathinfo($output['file'], PATHINFO_DIRNAME)); $tpl->set_var('output', $output); $tpl->process('content', 'content', TPL_OPTIONAL); $tplvars['title'] = 'File editor'; $tplvars['css'] = 'file_edit.css'; $tplvars['page'] = 'file_edit';
$error = false; $qs = ''; $qs_sep = ''; $topass = array(); $nextpage = 'my_photos.php'; if ($_SERVER['REQUEST_METHOD'] == 'POST') { $input = array(); // get the input we need and sanitize it foreach ($user_photos_default['types'] as $k => $v) { $input[$k] = sanitize_and_format_gpc($_POST, $k, $__field2type[$v], $__field2format[$v], array()); } if (empty($input['is_main'])) { $input['is_main'] = 0; } if (!empty($_POST['return'])) { $input['return'] = sanitize_and_format_gpc($_POST, 'return', TYPE_STRING, $__field2format[FIELD_TEXTFIELD] | FORMAT_RUDECODE, ''); $nextpage = $input['return']; } if (isset($_on_after_post)) { for ($i = 0; isset($_on_after_post[$i]); ++$i) { call_user_func($_on_after_post[$i]); } } if (!$error) { $input['caption'] = remove_banned_words($input['caption']); $query = "SELECT `photo_id`,`caption`,`is_main`,`photo`,`status` FROM `{$dbtable_prefix}user_photos` WHERE `photo_id` IN ('" . join("','", array_keys($input['caption'])) . "') AND `fk_user_id`='" . $_SESSION[_LICENSE_KEY_]['user']['user_id'] . "'"; if (!($res = @mysql_query($query))) { trigger_error(mysql_error(), E_USER_ERROR); } $old_captions = array(); $old_main = 0;
File: admin/ajax/search_custom_config.php $Revision: 610 $ Software by: DateMill (http://www.datemill.com) Copyright by: DateMill (http://www.datemill.com) Support at: http://www.datemill.com/forum ******************************************************************************* * See the "docs/licenses/etano.txt" file for license. * ******************************************************************************/ require_once dirname(__FILE__) . '/../../includes/common.inc.php'; require_once dirname(__FILE__) . '/../../includes/admin_functions.inc.php'; allow_dept(DEPT_ADMIN); $towrite = ''; if ($_SERVER['REQUEST_METHOD'] == 'POST') { $output = array(); $pfield_id = sanitize_and_format_gpc($_POST, 'pfield_id', TYPE_INT, 0, 0); $search_type = sanitize_and_format_gpc($_POST, 'search_type', TYPE_STRING, $__field2format[FIELD_TEXTFIELD], ''); if (!empty($pfield_id)) { $query = "SELECT `pfield_id`,`fk_lk_id_label`,`field_type`,`searchable`,`search_type`,`for_basic`,`fk_lk_id_search`,`at_registration`,`reg_page`,`required`,`editable`,`visible`,`dbfield`,`fk_lk_id_help`,`fk_pcat_id`,`custom_config`,`fn_on_change`,`order_num` FROM `{$dbtable_prefix}profile_fields2` WHERE `pfield_id`={$pfield_id}"; if (!($res = @mysql_query($query))) { trigger_error(mysql_error(), E_USER_ERROR); } if (mysql_num_rows($res)) { $output = mysql_fetch_assoc($res); $temp = unserialize($output['custom_config']); unset($output['custom_config']); if (is_array($temp)) { $output = array_merge($output, $temp); } } } // we need this as a global var because it is used by $search_field->edit_admin()