function check_comment(&$str)
{
global $CONFIG, $lang_bad_words;
// convert some entities
$str = str_replace(array('&', '"', '<', '>', ' ', '''), array('&', '"', '<', '>', ' ', "'"), $str);
// if '<' is no start of a tag (e.g. a lower than + equal), convert it to entity to prevent strip_tags() to clip the comment wrongly
$str = preg_replace("/<([0-9<>=])/", '<\\1', $str);
// strip tags and cut to max allowed length
$str = trim(substr(strip_tags($str), 0, $CONFIG['max_com_size']));
// re convert some entities
$str = str_replace(array('"', '<', '>', "'"), array('"', '<', '>', '''), $str);
if ($CONFIG['filter_bad_words']) {
$ercp = array();
foreach ($lang_bad_words as $word) {
$ercp[] = '/' . ($word[0] == '*' ? '' : '\\b') . str_replace('*', '', $word) . ($word[strlen($word) - 1] == '*' ? '' : '\\b') . '/i';
}
$str = preg_replace($ercp, '(...)', $str);
}
$com_words = explode(' ', strip_tags(bb_decode($str)));
$replacements = array();
foreach ($com_words as $key => $word) {
if (utf_strlen($word) > $CONFIG['max_com_wlength']) {
$replacements[] = $word;
}
}
$str = str_replace($replacements, '(...)', $str);
}
function check_comment(&$str)
{
global $CONFIG, $lang_bad_words, $queries;
// Added according to Andi's proposal: optimization of strip-Tags and max. comment length
// convert some entities
$str = str_replace(array('&', '"', '<', '>', ' ', '''), array('&', '"', '<', '>', ' ', "'"), $str);
// strip tags and cut to max allowed length
$str = trim(substr(strip_tags($str), 0, $CONFIG['max_com_size']));
// re convert some entities
$str = str_replace(array('"', '<', '>', "'"), array('"', '<', '>', '''), $str);
if ($CONFIG['filter_bad_words']) {
$ercp = array();
foreach ($lang_bad_words as $word) {
$ercp[] = '/' . ($word[0] == '*' ? '' : '\\b') . str_replace('*', '', $word) . ($word[strlen($word) - 1] == '*' ? '' : '\\b') . '/i';
}
$str = preg_replace($ercp, '(...)', $str);
}
$com_words = explode(' ', strip_tags(bb_decode($str)));
$replacements = array();
foreach ($com_words as $key => $word) {
if (utf_strlen($word) > $CONFIG['max_com_wlength']) {
$replacements[] = $word;
}
}
$str = str_replace($replacements, '(...)', $str);
}
function check_comment(&$str)
{
global $CONFIG, $lang_bad_words, $queries;
if ($CONFIG['filter_bad_words']) {
$ercp = array();
foreach ($lang_bad_words as $word) {
$ercp[] = '/' . ($word[0] == '*' ? '' : '\\b') . str_replace('*', '', $word) . ($word[strlen($word) - 1] == '*' ? '' : '\\b') . '/i';
}
$str = preg_replace($ercp, '(...)', $str);
}
$com_words = explode(' ', strip_tags(bb_decode($str)));
$replacements = array();
foreach ($com_words as $key => $word) {
if (utf_strlen($word) > $CONFIG['max_com_wlength']) {
$replacements[] = $word;
}
}
$str = str_replace($replacements, '(...)', $str);
}
############################################################################################
############################################################################################
## Редактирование сообщения ##
############################################################################################
case 'editpost':
$uid = check($_GET['uid']);
$pid = abs(intval($_GET['pid']));
$msg = check($_POST['msg']);
if (isset($_POST['delfile'])) {
$del = intar($_POST['delfile']);
} else {
$del = 0;
}
if (is_user()) {
if ($uid == $_SESSION['token']) {
if (utf_strlen($msg) >= 5 && utf_strlen($msg) <= $config['forumtextlength']) {
$post = DB::run()->queryFetch("SELECT `posts`.*, `topics`.`topics_closed` FROM `posts` LEFT JOIN `topics` ON `posts`.`posts_topics_id`=`topics`.`topics_id` WHERE `posts_id`=? AND `posts_user`=? LIMIT 1;", array($pid, $log));
if (!empty($post)) {
if (empty($post['topics_closed'])) {
if ($post['posts_time'] + 600 > SITETIME) {
$msg = antimat($msg);
DB::run()->query("UPDATE `posts` SET `posts_text`=?, `posts_edit`=?, `posts_edit_time`=? WHERE `posts_id`=?;", array($msg, $log, SITETIME, $pid));
// ------ Удаление загруженных файлов -------//
if (!empty($del)) {
$del = implode(',', $del);
$queryfiles = DB::run()->query("SELECT * FROM `files_forum` WHERE `file_posts_id`=? AND `file_id` IN (" . $del . ");", array($pid));
$files = $queryfiles->fetchAll();
if (!empty($files)) {
foreach ($files as $file) {
if (file_exists(BASEDIR . '/upload/forum/' . $file['file_topics_id'] . '/' . $file['file_hash'])) {
unlink(BASEDIR . '/upload/forum/' . $file['file_topics_id'] . '/' . $file['file_hash']);
# Made by : VANTUZ #
# E-mail : visavi.net@mail.ru #
# Site : http://pizdec.ru #
# WAP-Site : http://visavi.net #
# ICQ : 36-44-66 #
# Вы не имеете право вносить изменения в код скрипта #
# для его дальнейшего распространения #
#-----------------------------------------------------#
require_once "../includes/start.php";
require_once "../includes/functions.php";
require_once "../includes/header.php";
include_once "../themes/" . $config['themes'] . "/index.php";
$msg = check($_POST['msg']);
show_title('partners.gif', 'Добавление сообщения');
if (is_user()) {
if (utf_strlen(trim($msg)) > 3 && utf_strlen($msg) < 1000) {
antiflood("Location: index.php?isset=antiflood&" . SID);
karantin($udata[6], "Location: index.php?isset=karantin&" . SID);
statistics(8);
$msg = no_br($msg, '<br />');
$msg = antimat($msg);
$msg = smiles($msg);
$file = file(DATADIR . "chat.dat");
$data = explode("|", end($file));
$text = no_br($msg . '|' . $log . '||' . SITETIME . '|' . $brow . '|' . $ip . '|0|' . $data[7] . '|' . $data[8] . '|');
write_files(DATADIR . "chat.dat", "{$text}\r\n");
$countstr = counter_string(DATADIR . "chat.dat");
if ($countstr >= $config['maxpostchat']) {
delete_lines(DATADIR . "chat.dat", array(0, 1, 2, 3, 4));
}
change_profil($log, array(14 => $ip, 12 => $udata[12] + 1, 36 => $udata[36] + 1, 41 => $udata[41] + 1));
############################################################################################
## Редактирование статьи ##
############################################################################################
############################################################################################
## Редактирование статьи ##
############################################################################################
case 'addeditblog':
$uid = check($_GET['uid']);
$title = check($_POST['title']);
$text = check($_POST['text']);
$user = check($_POST['user']);
$tags = check($_POST['tags']);
if ($uid == $_SESSION['token']) {
if (utf_strlen($title) >= 5 && utf_strlen($title) <= 50) {
if (utf_strlen($text) >= 100 && utf_strlen($text) <= $config['maxblogpost']) {
if (utf_strlen($tags) >= 2 && utf_strlen($tags) <= 50) {
if (preg_match('|^[a-z0-9\\-]+$|i', $user)) {
$queryblog = DB::run()->querySingle("SELECT `blogs_id` FROM `blogs` WHERE `blogs_id`=? LIMIT 1;", array($id));
if (!empty($queryblog)) {
DB::run()->query("UPDATE `blogs` SET `blogs_title`=?, `blogs_text`=?, `blogs_user`=?, `blogs_tags`=? WHERE `blogs_id`=?;", array($title, $text, $user, $tags, $id));
$_SESSION['note'] = 'Статья успешно отредактирована!';
redirect("blog.php?act=blog&cid={$cid}&start={$start}");
} else {
show_error('Ошибка! Данной статьи не существует!');
}
} else {
show_error('Ошибка! Недопустимые символы в логине! Разрешены только знаки латинского алфавита и цифры!');
}
} else {
show_error('Ошибка! Слишком длинные или короткие метки статьи (от 2 до 50 символов)!');
}
function check_user_info(&$error)
{
global $CONFIG;
global $lang_register_php, $lang_common, $lang_register_approve_email;
global $lang_register_user_login, $lang_errors;
$superCage = Inspekt::makeSuperCage();
$user_name = trim(get_post_var('username'));
$password = trim(get_post_var('password'));
$password_again = trim(get_post_var('password_verification'));
$email = trim(get_post_var('email'));
$profile1 = $superCage->post->getEscaped('user_profile1');
$profile2 = $superCage->post->getEscaped('user_profile2');
$profile3 = $superCage->post->getEscaped('user_profile3');
$profile4 = $superCage->post->getEscaped('user_profile4');
$profile5 = $superCage->post->getEscaped('user_profile5');
$profile6 = $superCage->post->getEscaped('user_profile6');
$agree_disclaimer = $superCage->post->getEscaped('agree');
$captcha_confirmation = $superCage->post->getEscaped('confirmCode');
$sql = "SELECT null FROM {$CONFIG['TABLE_USERS']} WHERE user_name = '{$user_name}'";
$result = cpg_db_query($sql);
if (mysql_num_rows($result)) {
$error = '<li style="list-style-image:url(images/icons/stop.png)">' . $lang_register_php['err_user_exists'] . '</li>';
return false;
}
mysql_free_result($result);
if (utf_strlen($user_name) < 2) {
$error .= '<li style="list-style-image:url(images/icons/stop.png)">' . $lang_register_php['username_warning2'] . '</li>';
}
if (!empty($CONFIG['global_registration_pw'])) {
$global_registration_pw = get_post_var('global_registration_pw');
if ($global_registration_pw != $CONFIG['global_registration_pw']) {
$error .= '<li style="list-style-image:url(images/icons/stop.png)">' . $lang_register_php['err_global_pw'] . '</li>';
} elseif ($password == $CONFIG['global_registration_pw']) {
$error .= '<li style="list-style-image:url(images/icons/stop.png)">' . $lang_register_php['err_global_pass_same'] . '</li>';
}
}
if (utf_strlen($password) < 2) {
$error .= '<li style="list-style-image:url(images/icons/stop.png)">' . $lang_register_php['password_warning1'] . '</li>';
}
if ($password == $user_name) {
$error .= '<li style="list-style-image:url(images/icons/stop.png)">' . $lang_register_php['password_warning2'] . '</li>';
}
if ($password != $password_again) {
$error .= '<li style="list-style-image:url(images/icons/stop.png)">' . $lang_register_php['password_verification_warning1'] . '</li>';
}
if (!Inspekt::isEmail($email)) {
$error .= '<li style="list-style-image:url(images/icons/stop.png)">' . $lang_register_php['email_warning2'] . '</li>';
}
if ($CONFIG['user_registration_disclaimer'] == 2 && $agree_disclaimer != 1) {
$error .= '<li style="list-style-image:url(images/icons/stop.png)">' . $lang_register_php['err_disclaimer'] . '</li>';
}
// Perform the ban check against email address and username
$result = cpg_db_query("SELECT null FROM {$CONFIG['TABLE_BANNED']} WHERE user_name = '{$user_name}' AND brute_force = 0 LIMIT 1");
if (mysql_num_rows($result)) {
$error .= '<li style="list-style-image:url(images/icons/stop.png)">' . $lang_register_php['user_name_banned'] . '</li>';
}
mysql_free_result($result);
$result = cpg_db_query("SELECT null FROM {$CONFIG['TABLE_BANNED']} WHERE email = '{$email}' AND brute_force = 0 LIMIT 1");
if (mysql_num_rows($result)) {
$error .= '<li style="list-style-image:url(images/icons/stop.png)">' . $lang_register_php['email_address_banned'] . '</li>';
}
mysql_free_result($result);
// check captcha
if ($CONFIG['registration_captcha'] != 0) {
if (!captcha_plugin_enabled('register')) {
require "include/captcha.inc.php";
if (!PhpCaptcha::Validate($captcha_confirmation)) {
$error .= '<li style="list-style-image:url(images/icons/stop.png)">' . $lang_errors['captcha_error'] . '</li>';
}
} else {
$error = CPGPluginAPI::filter('captcha_register_validate', $error);
}
}
if (!$CONFIG['allow_duplicate_emails_addr']) {
$sql = "SELECT null FROM {$CONFIG['TABLE_USERS']} WHERE user_email = '{$email}'";
$result = cpg_db_query($sql);
if (mysql_num_rows($result)) {
$error = '<li style="list-style-image:url(images/icons/stop.png)">' . $lang_register_php['err_duplicate_email'] . '</li>';
}
mysql_free_result($result);
}
$error = CPGPluginAPI::filter('register_form_validate', $error);
if ($error != '') {
return false;
}
if ($CONFIG['reg_requires_valid_email'] || $CONFIG['admin_activation']) {
$active = 'NO';
list($usec, $sec) = explode(' ', microtime());
$seed = (double) $sec + (double) $usec * 100000;
srand($seed);
$act_key = md5(uniqid(rand(), 1));
} else {
$active = 'YES';
$act_key = '';
}
$encpassword = md5($password);
$user_language = $CONFIG['lang'];
$sql = "INSERT INTO {$CONFIG['TABLE_USERS']} (user_regdate, user_active, user_actkey, user_name, user_password, user_email, user_profile1, user_profile2, user_profile3, user_profile4, user_profile5, user_profile6, user_language) VALUES (NOW(), '{$active}', '{$act_key}', '{$user_name}', '{$encpassword}', '{$email}', '{$profile1}', '{$profile2}', '{$profile3}', '{$profile4}', '{$profile5}', '{$profile6}', '{$user_language}')";
$result = cpg_db_query($sql);
$user_array = array();
$user_array['user_id'] = mysql_insert_id();
$user_array['user_name'] = $user_name;
$user_array['user_email'] = $email;
$user_array['user_active'] = $active;
CPGPluginAPI::action('register_form_submit', $user_array);
if ($CONFIG['log_mode']) {
log_write('New user "' . $user_name . '" registered', CPG_ACCESS_LOG);
}
// Create a personal album if corresponding option is enabled
if ($CONFIG['personal_album_on_registration'] == 1) {
$user_id = mysql_insert_id();
$catid = $user_id + FIRST_USER_CAT;
cpg_db_query("INSERT INTO {$CONFIG['TABLE_ALBUMS']} (`title`, `category`, `owner`) VALUES ('{$user_name}', {$catid}, {$user_id})");
}
// Registrations must be activated/verified by the user clicking a link in an email
if ($CONFIG['reg_requires_valid_email']) {
// Mail the user the activation/verification link
$act_link = rtrim($CONFIG['site_url'], '/') . '/register.php?activate=' . $act_key;
$template_vars = array('{SITE_NAME}' => $CONFIG['gallery_name'], '{USER_NAME}' => $user_name, '{ACT_LINK}' => $act_link);
if (!cpg_mail($email, sprintf($lang_register_php['confirm_email_subject'], $CONFIG['gallery_name']), nl2br(strtr($lang_register_php['confirm_email'], $template_vars)))) {
cpg_die(CRITICAL_ERROR, $lang_register_php['failed_sending_email'], __FILE__, __LINE__);
}
msg_box($lang_register_php['information'], $lang_register_php['thank_you'], $lang_common['continue'], 'index.php');
} else {
if ($CONFIG['admin_activation']) {
// We need admin activation only
msg_box($lang_register_php['information'], $lang_register_php['thank_you_admin_activation'], $lang_common['continue'], 'index.php');
} else {
// No activation required, account is ready for login
msg_box($lang_register_php['information'], $lang_register_php['acct_active'], $lang_common['continue'], 'index.php');
}
}
// email notification or actication link to admin
if ($CONFIG['reg_notify_admin_email'] || $CONFIG['admin_activation'] && !$CONFIG['reg_requires_valid_email']) {
if (UDB_INTEGRATION == 'coppermine') {
// get default language in which to inform the admins
$result = cpg_db_query("SELECT user_id, user_email, user_language FROM {$CONFIG['TABLE_USERS']} WHERE user_group = 1");
while ($row = mysql_fetch_assoc($result)) {
if (!empty($row['user_email'])) {
$admins[$row['user_id']] = array('email' => $row['user_email'], 'lang' => $row['user_language']);
}
}
} else {
//@todo: is it possible to get the language from bridged installs?
$admins[] = array('email' => $CONFIG['gallery_admin_email'], 'lang' => 'english');
}
foreach ($admins as $admin) {
//check if the admin language is available
if (file_exists("lang/{$admin['lang']}.php")) {
$lang_register_php_def = cpg_get_default_lang_var('lang_register_php', $admin['lang']);
$lang_register_approve_email_def = cpg_get_default_lang_var('lang_register_approve_email', $admin['lang']);
} else {
$lang_register_php_def = cpg_get_default_lang_var('lang_register_php');
$lang_register_approve_email_def = cpg_get_default_lang_var('lang_register_approve_email');
}
// if the admin has to activate the login, give them the link to do so; but only if users don't have to verify their email address
if ($CONFIG['admin_activation'] && !$CONFIG['reg_requires_valid_email']) {
$act_link = rtrim($CONFIG['site_url'], '/') . '/register.php?activate=' . $act_key;
$template_vars = array('{SITE_NAME}' => $CONFIG['gallery_name'], '{USER_NAME}' => $user_name, '{ACT_LINK}' => $act_link);
cpg_mail($admin['email'], sprintf($lang_register_php_def['notify_admin_request_email_subject'], $CONFIG['gallery_name']), nl2br(strtr($lang_register_approve_email_def, $template_vars)));
} elseif ($CONFIG['reg_notify_admin_email']) {
// otherwise, email is for information only
cpg_mail($admin['email'], sprintf($lang_register_php_def['notify_admin_email_subject'], $CONFIG['gallery_name']), sprintf($lang_register_php_def['notify_admin_email_body'], $user_name));
}
}
}
return true;
}
## Изменение описания ##
############################################################################################
############################################################################################
## Изменение описания ##
############################################################################################
case 'change':
$uid = isset($_GET['uid']) ? check($_GET['uid']) : '';
$title = isset($_POST['title']) ? check($_POST['title']) : '';
$text = isset($_POST['text']) ? check($_POST['text']) : '';
$types = empty($_POST['types']) ? 0 : 1;
$closed = empty($_POST['closed']) ? 0 : 1;
if ($uid == $_SESSION['token']) {
$queryoff = DB::run()->queryFetch("SELECT * FROM `offers` WHERE `offers_id`=? LIMIT 1;", array($id));
if (!empty($queryoff)) {
if (utf_strlen($title) >= 5 && utf_strlen($title) <= 50) {
if (utf_strlen($text) >= 5 && utf_strlen($text) <= 1000) {
$title = antimat($title);
$text = antimat($text);
DB::run()->query("UPDATE `offers` SET `offers_type`=?, `offers_closed`=?, `offers_title`=?, `offers_text`=? WHERE `offers_id`=?;", array($types, $closed, $title, $text, $id));
$_SESSION['note'] = 'Данные успешно отредактированы!';
redirect("offers.php?act=view&id={$id}");
} else {
show_error('Ошибка! Слишком длинное или короткое описание (От 5 до 1000 символов)!');
}
} else {
show_error('Ошибка! Слишком длинный или короткий заголовок (От 5 до 50 символов)!');
}
} else {
show_error('Ошибка! Данного предложения или проблемы не существует!');
}
} else {
function check_user_info(&$error)
{
global $CONFIG;
//, $PHP_SELF;
global $lang_register_php, $lang_register_confirm_email, $lang_continue, $lang_register_approve_email, $lang_register_activated_email, $lang_register_user_login;
//$CONFIG['admin_activation'] = FALSE;
//$CONFIG['admin_activation'] = TRUE;
$user_name = trim(get_post_var('username'));
$password = trim(get_post_var('password'));
$password_again = trim(get_post_var('password_verification'));
$email = trim(get_post_var('email'));
$profile1 = addslashes($_POST['user_profile1']);
$profile2 = addslashes($_POST['user_profile2']);
$profile3 = addslashes($_POST['user_profile3']);
$profile4 = addslashes($_POST['user_profile4']);
$profile5 = addslashes($_POST['user_profile5']);
$profile6 = addslashes($_POST['user_profile6']);
$sql = "SELECT user_id " . "FROM {$CONFIG['TABLE_USERS']} " . "WHERE user_name = '" . addslashes($user_name) . "'";
$result = cpg_db_query($sql);
if (mysql_num_rows($result)) {
$error = '<li>' . $lang_register_php['err_user_exists'];
return false;
}
mysql_free_result($result);
if (utf_strlen($user_name) < 2) {
$error .= '<li>' . $lang_register_php['err_uname_short'];
}
if (utf_strlen($password) < 2) {
$error .= '<li>' . $lang_register_php['err_password_short'];
}
if ($password == $user_name) {
$error .= '<li>' . $lang_register_php['err_uname_pass_diff'];
}
if ($password != $password_again) {
$error .= '<li>' . $lang_register_php['err_password_mismatch'];
}
if (!eregi("^[_\\.0-9a-z\\-]+@([0-9a-z][0-9a-z-]+\\.)+[a-z]{2,6}\$", $email)) {
$error .= '<li>' . $lang_register_php['err_invalid_email'];
}
if ($error != '') {
return false;
}
if (!$CONFIG['allow_duplicate_emails_addr']) {
$sql = "SELECT user_id " . "FROM {$CONFIG['TABLE_USERS']} " . "WHERE user_email = '" . addslashes($email) . "'";
$result = cpg_db_query($sql);
if (mysql_num_rows($result)) {
$error = '<li>' . $lang_register_php['err_duplicate_email'];
return false;
}
mysql_free_result($result);
}
if ($CONFIG['reg_requires_valid_email'] || $CONFIG['admin_activation']) {
$active = 'NO';
list($usec, $sec) = explode(' ', microtime());
$seed = (double) $sec + (double) $usec * 100000;
srand($seed);
$act_key = md5(uniqid(rand(), 1));
} else {
$active = 'YES';
$act_key = '';
}
if ($CONFIG['enable_encrypted_passwords']) {
$encpassword = md5($password);
} else {
$encpassword = $password;
}
$sql = "INSERT INTO {$CONFIG['TABLE_USERS']} " . "(user_regdate, user_active, user_actkey, user_name, user_password, user_email, user_profile1, user_profile2, user_profile3, user_profile4, user_profile5, user_profile6) " . "VALUES (NOW(), '{$active}', '{$act_key}', '" . addslashes($user_name) . "', '" . addslashes($encpassword) . "', '" . addslashes($email) . "', '{$profile1}', '{$profile2}', '{$profile3}', '{$profile4}', '{$profile5}', '{$profile6}')";
if ($CONFIG['log_mode']) {
log_write('New user "' . addslashes($user_name) . '" created on ' . date("F j, Y, g:i a"), CPG_ACCESS_LOG);
}
$result = cpg_db_query($sql);
if ($CONFIG['reg_requires_valid_email']) {
if (!$CONFIG['admin_activation'] == 1) {
//user gets activation email
$act_link = rtrim($CONFIG['site_url'], '/') . '/register.php?activate=' . $act_key;
$template_vars = array('{SITE_NAME}' => $CONFIG['gallery_name'], '{USER_NAME}' => $user_name, '{ACT_LINK}' => $act_link);
if (!cpg_mail($email, sprintf($lang_register_php['confirm_email_subject'], $CONFIG['gallery_name']), nl2br(strtr($lang_register_confirm_email, $template_vars)))) {
cpg_die(CRITICAL_ERROR, $lang_register_php['failed_sending_email'], __FILE__, __LINE__);
}
}
if ($CONFIG['admin_activation'] == 1) {
msg_box($lang_register_php['information'], $lang_register_php['thank_you_admin_activation'], $lang_continue, 'index.php');
} else {
msg_box($lang_register_php['information'], $lang_register_php['thank_you'], $lang_continue, 'index.php');
}
} else {
msg_box($lang_register_php['information'], $lang_register_php['acct_active'], $lang_continue, 'index.php');
}
// email notification to admin
if ($CONFIG['reg_notify_admin_email']) {
// get default language in which to inform the admin
$lang_register_php_def = cpg_get_default_lang_var('lang_register_php');
$lang_register_approve_email_def = cpg_get_default_lang_var('lang_register_approve_email');
if ($CONFIG['admin_activation'] == 1) {
$act_link = rtrim($CONFIG['site_url'], '/') . '/register.php?activate=' . $act_key;
$template_vars = array('{SITE_NAME}' => $CONFIG['gallery_name'], '{USER_NAME}' => $user_name, '{ACT_LINK}' => $act_link);
cpg_mail('admin', sprintf($lang_register_php_def['notify_admin_request_email_subject'], $CONFIG['gallery_name']), nl2br(strtr($lang_register_approve_email_def, $template_vars)));
} else {
cpg_mail('admin', sprintf($lang_register_php_def['notify_admin_email_subject'], $CONFIG['gallery_name']), sprintf($lang_register_php_def['notify_admin_email_body'], $user_name));
}
}
return true;
}
## Поиск ##
############################################################################################
case 'search':
$find = check(strval($_GET['find']));
$type = abs(intval($_GET['type']));
$where = abs(intval($_GET['where']));
$period = abs(intval($_GET['period']));
$section = abs(intval($_GET['section']));
if (!is_utf($find)) {
$find = win_to_utf($find);
}
if (utf_strlen($find) >= 3 && utf_strlen($find) <= 50) {
$findmewords = explode(" ", utf_lower($find));
$arrfind = array();
foreach ($findmewords as $val) {
if (utf_strlen($val) >= 3) {
$arrfind[] = empty($type) ? '+' . $val . '*' : $val . '*';
}
}
$findme = implode(" ", $arrfind);
if ($type == 2 && count($findmewords) > 1) {
$findme = "\"{$find}\"";
}
$config['newtitle'] = $find . ' - Результаты поиска';
$wheres = empty($where) ? 'topics' : 'posts';
$forumfind = $type . $wheres . $period . $section . $find;
// ----------------------------- Поиск в темах -------------------------------//
if ($wheres == 'topics') {
if (empty($_SESSION['forumfindres']) || $forumfind != $_SESSION['forumfind']) {
$searchsec = $section > 0 ? "`topics_forums_id`=" . $section . " AND" : '';
$searchper = $period > 0 ? "`topics_last_time`>" . (SITETIME - $period * 24 * 60 * 60) . " AND" : '';
function check_user_info(&$error)
{
// function check_user_info - start
global $CONFIG;
//, $PHP_SELF;
global $lang_register_php, $lang_register_confirm_email, $lang_common, $lang_register_approve_email;
global $lang_register_activated_email, $lang_register_user_login, $lang_errors;
$superCage = Inspekt::makeSuperCage();
//$CONFIG['admin_activation'] = FALSE;
//$CONFIG['admin_activation'] = TRUE;
$user_name = trim(get_post_var('username'));
$password = trim(get_post_var('password'));
$password_again = trim(get_post_var('password_verification'));
$email = trim(get_post_var('email'));
$profile1 = $superCage->post->getEscaped('user_profile1');
$profile2 = $superCage->post->getEscaped('user_profile2');
$profile3 = $superCage->post->getEscaped('user_profile3');
$profile4 = $superCage->post->getEscaped('user_profile4');
$profile5 = $superCage->post->getEscaped('user_profile5');
$profile6 = $superCage->post->getEscaped('user_profile6');
$agree_disclaimer = $superCage->post->getEscaped('agree');
$captcha_confirmation = $superCage->post->getEscaped('confirmCode');
$sql = "SELECT user_id " . "FROM {$CONFIG['TABLE_USERS']} " . "WHERE user_name = '" . $user_name . "'";
$result = cpg_db_query($sql);
if (mysql_num_rows($result)) {
$error = '<li>' . $lang_register_php['err_user_exists'] . '</li>';
return false;
}
mysql_free_result($result);
if (utf_strlen($user_name) < 2) {
$error .= '<li>' . $lang_register_php['err_uname_short'] . '</li>';
}
if (!empty($CONFIG['global_registration_pw'])) {
$global_registration_pw = get_post_var('global_registration_pw');
if ($global_registration_pw != $CONFIG['global_registration_pw']) {
$error .= '<li>' . $lang_register_php['err_global_pw'] . '</li>';
} elseif ($password == $CONFIG['global_registration_pw']) {
$error .= '<li>' . $lang_register_php['err_global_pass_same'] . '</li>';
}
}
if (utf_strlen($password) < 2) {
$error .= '<li>' . $lang_register_php['err_password_short'] . '</li>';
}
if ($password == $user_name) {
$error .= '<li>' . $lang_register_php['err_uname_pass_diff'] . '</li>';
}
if ($password != $password_again) {
$error .= '<li>' . $lang_register_php['err_password_mismatch'] . '</li>';
}
if (!eregi("^[_\\.0-9a-z\\-]+@([0-9a-z][0-9a-z-]+\\.)+[a-z]{2,6}\$", $email)) {
$error .= '<li>' . $lang_register_php['err_invalid_email'] . '</li>';
}
if ($CONFIG['user_registration_disclaimer'] == 2 && $agree_disclaimer != 1) {
$error .= '<li>' . $lang_register_php['err_disclaimer'] . '</li>';
}
// check captcha
if ($CONFIG['registration_captcha'] != 0) {
require "include/captcha.inc.php";
if (!PhpCaptcha::Validate($captcha_confirmation)) {
$error .= '<li>' . $lang_errors['captcha_error'] . '</li>';
}
}
if ($error != '') {
return false;
}
if (!$CONFIG['allow_duplicate_emails_addr']) {
$sql = "SELECT user_id " . "FROM {$CONFIG['TABLE_USERS']} " . "WHERE user_email = '" . addslashes($email) . "'";
$result = cpg_db_query($sql);
if (mysql_num_rows($result)) {
$error = '<li>' . $lang_register_php['err_duplicate_email'] . '</li>';
return false;
}
mysql_free_result($result);
}
if ($CONFIG['reg_requires_valid_email'] || $CONFIG['admin_activation']) {
$active = 'NO';
list($usec, $sec) = explode(' ', microtime());
$seed = (double) $sec + (double) $usec * 100000;
srand($seed);
$act_key = md5(uniqid(rand(), 1));
} else {
$active = 'YES';
$act_key = '';
}
if ($CONFIG['enable_encrypted_passwords']) {
$encpassword = md5($password);
} else {
$encpassword = $password;
}
$sql = "INSERT INTO {$CONFIG['TABLE_USERS']} " . "(user_regdate, user_active, user_actkey, user_name, user_password, user_email, user_profile1, user_profile2, user_profile3, user_profile4, user_profile5, user_profile6) " . "VALUES (NOW(), '{$active}', '{$act_key}', '{$user_name}', '{$encpassword}', '{$email}', '{$profile1}', '{$profile2}', '{$profile3}', '{$profile4}', '{$profile5}', '{$profile6}')";
if ($CONFIG['log_mode']) {
log_write('New user "$user_name" created on ' . date("F j, Y, g:i a"), CPG_ACCESS_LOG);
}
$result = cpg_db_query($sql);
// Create a personal album if corresponding option is enabled
if ($CONFIG['personal_album_on_registration'] == 1) {
print 'sub<br />';
$catid = mysql_insert_id() + FIRST_USER_CAT;
print $catid;
cpg_db_query("INSERT INTO {$CONFIG['TABLE_ALBUMS']} (`title`, `category`) VALUES ('{$user_name}', {$catid})");
print "INSERT INTO {$CONFIG['TABLE_ALBUMS']} (`title`, `category`) VALUES ('{$user_name}', {$catid})";
}
if ($CONFIG['reg_requires_valid_email']) {
if (!$CONFIG['admin_activation'] == 1) {
//user gets activation email
$act_link = rtrim($CONFIG['site_url'], '/') . '/register.php?activate=' . $act_key;
$template_vars = array('{SITE_NAME}' => $CONFIG['gallery_name'], '{USER_NAME}' => $user_name, '{ACT_LINK}' => $act_link);
if (!cpg_mail($email, sprintf($lang_register_php['confirm_email_subject'], $CONFIG['gallery_name']), nl2br(strtr($lang_register_confirm_email, $template_vars)))) {
cpg_die(CRITICAL_ERROR, $lang_register_php['failed_sending_email'], __FILE__, __LINE__);
}
}
if ($CONFIG['admin_activation'] == 1) {
msg_box($lang_register_php['information'], $lang_register_php['thank_you_admin_activation'], $lang_common['continue'], 'index.php');
} else {
msg_box($lang_register_php['information'], $lang_register_php['thank_you'], $lang_common['continue'], 'index.php');
}
} else {
msg_box($lang_register_php['information'], $lang_register_php['acct_active'], $lang_common['continue'], 'index.php');
}
// email notification to admin
if ($CONFIG['reg_notify_admin_email']) {
// get default language in which to inform the admin
$lang_register_php_def = cpg_get_default_lang_var('lang_register_php');
$lang_register_approve_email_def = cpg_get_default_lang_var('lang_register_approve_email');
if ($CONFIG['admin_activation'] == 1) {
$act_link = rtrim($CONFIG['site_url'], '/') . '/register.php?activate=' . $act_key;
$template_vars = array('{SITE_NAME}' => $CONFIG['gallery_name'], '{USER_NAME}' => $user_name, '{ACT_LINK}' => $act_link);
cpg_mail('admin', sprintf($lang_register_php_def['notify_admin_request_email_subject'], $CONFIG['gallery_name']), nl2br(strtr($lang_register_approve_email_def, $template_vars)));
} else {
cpg_mail('admin', sprintf($lang_register_php_def['notify_admin_email_subject'], $CONFIG['gallery_name']), sprintf($lang_register_php_def['notify_admin_email_body'], $user_name));
}
}
return true;
}
/**
* build_caption()
*
* @param array $rowset by reference
* @param array $must_have
**/
function build_caption(&$rowset, $must_have = array())
{
global $CONFIG, $THEME_DIR;
global $album_date_fmt, $lastcom_date_fmt, $lastup_date_fmt, $lasthit_date_fmt, $cat;
global $lang_get_pic_data, $lang_meta_album_names, $lang_errors;
foreach ($rowset as $key => $row) {
$caption = '';
if ($CONFIG['display_filename']) {
$caption .= '<span class="thumb_filename">' . $row['filename'] . '</span>';
}
$caption .= $row['title'] ? '<span class="thumb_title">' . $row['title'] . '</span>' : '';
if ($CONFIG['views_in_thumbview'] || in_array('hits', $must_have)) {
$caption .= '<span class="thumb_title">' . sprintf($lang_get_pic_data['n_views'], $row['hits']) . '</span>';
}
if ($CONFIG['caption_in_thumbview']) {
$caption .= $row['caption'] ? "<span class=\"thumb_caption\">" . strip_tags(bb_decode($row['caption'])) . "</span>" : '';
}
if ($CONFIG['display_comment_count']) {
$comments_nr = count_pic_comments($row['pid']);
if ($comments_nr > 0) {
$caption .= "<span class=\"thumb_num_comments\">" . sprintf($lang_get_pic_data['n_comments'], $comments_nr) . "</span>";
}
}
if ($CONFIG['display_uploader']) {
$caption .= $row['owner_id'] && $row['owner_name'] ? '<span class="thumb_title"><a href ="profile.php?uid=' . $row['owner_id'] . '">' . $row['owner_name'] . '</a></span>' : '';
}
if (in_array('msg_date', $must_have)) {
$caption .= '<span class="thumb_caption">' . localised_date($row['msg_date'], $lastcom_date_fmt) . '</span>';
}
if (in_array('msg_body', $must_have)) {
$msg_body = strip_tags(bb_decode($row['msg_body']));
// I didn't want to fully bb_decode the message where report to admin isn't available. -donnoman
$msg_body = utf_strlen($msg_body) > 50 ? utf_substr($msg_body, 0, 50) . '...' : $msg_body;
if ($CONFIG['enable_smilies']) {
$msg_body = process_smilies($msg_body);
}
if ($row['author_id']) {
$caption .= '<span class="thumb_caption"><a href ="profile.php?uid=' . $row['author_id'] . '">' . $row['msg_author'] . '</a>: ' . $msg_body . '</span>';
} else {
$caption .= '<span class="thumb_caption">' . $row['msg_author'] . ': ' . $msg_body . '</span>';
}
}
if (in_array('ctime', $must_have)) {
$caption .= '<span class="thumb_caption">' . localised_date($row['ctime'], $lastup_date_fmt) . '</span>';
}
if (in_array('pic_rating', $must_have)) {
if (defined('THEME_HAS_RATING_GRAPHICS')) {
$prefix = $THEME_DIR;
} else {
$prefix = '';
}
$caption .= "<span class=\"thumb_caption\">" . '<img src="' . $prefix . 'images/rating' . round($row['pic_rating'] / 2000) . '.gif" alt=""/>' . '<br />' . sprintf($lang_get_pic_data['n_votes'], $row['votes']) . '</span>';
}
if (in_array('mtime', $must_have)) {
$caption .= "<span class=\"thumb_caption\">" . localised_date($row['mtime'], $lasthit_date_fmt);
if (GALLERY_ADMIN_MODE) {
$caption .= "<br/>" . $row['lasthit_ip'];
}
$caption .= '</span>';
}
$rowset[$key]['caption_text'] = $caption;
}
$rowset = CPGPluginAPI::filter('thumb_caption', $rowset);
}
$money = intval($_POST['money']);
$status = check($_POST['status']);
$avatar = check($_POST['avatar']);
$posrating = intval($_POST['posrating']);
$negrating = intval($_POST['negrating']);
if ($uid == $_SESSION['token']) {
$user = DB::run()->queryFetch("SELECT * FROM `users` WHERE `users_login`=? LIMIT 1;", array($uz));
if (!empty($user)) {
if ($log == $config['nickname'] || $log == $user['users_login'] || ($user['users_level'] < 101 || $user['users_level'] > 105)) {
if (empty($pass) || preg_match('|^[a-z0-9\\-]+$|i', $pass)) {
if (preg_match('#^([a-z0-9_\\-\\.])+\\@([a-z0-9_\\-\\.])+(\\.([a-z0-9])+)+$#', $email) || empty($email)) {
if (preg_match('#^http://([а-яa-z0-9_\\-\\.])+(\\.([а-яa-z0-9\\/])+)+$#u', $site) || empty($site)) {
if (preg_match('#^[0-9]{2}+\\.[0-9]{2}+\\.[0-9]{4}$#', $joined)) {
if (preg_match('#^[0-9]{2}+\\.[0-9]{2}+\\.[0-9]{4}$#', $birthday) || empty($birthday)) {
if ($gender == 1 || $gender == 2) {
if (utf_strlen($info) <= 1000) {
if ($log == $config['nickname']) {
$access = $level;
} else {
$access = $user['users_level'];
}
if (!empty($pass)) {
echo '<b><span style="color:#ff0000">Внимание! Вы изменили пароль пользователя!</span></b><br />';
echo 'Не забудьте ему напомнить его новый пароль: <b>' . $pass . '</b><br /><br />';
$mdpass = md5(md5($pass));
} else {
$mdpass = $user['users_pass'];
}
list($uday, $umonth, $uyear) = explode(".", $joined);
$joined = mktime('0', '0', '0', $umonth, $uday, $uyear);
$name = utf_substr($name, 0, 20);
############################################################################################
############################################################################################
## Изменение ссылки ##
############################################################################################
case 'change':
if (isset($_GET['id'])) {
$id = abs(intval($_GET['id']));
} else {
$id = 0;
}
$uid = check($_GET['uid']);
$link = check(utf_lower($_POST['link']));
$name = check($_POST['name']);
if ($uid == $_SESSION['token']) {
if (utf_strlen($link) >= 10 && utf_strlen($link) <= 50) {
if (utf_strlen($name) >= 5 && utf_strlen($name) <= 25) {
if (preg_match('#^http://([а-яa-z0-9_\\-\\.])+(\\.([а-яa-z0-9\\/])+)+$#u', $link)) {
$querypyr = DB::run()->querySingle("SELECT `pyramid_id` FROM `pyramid` WHERE `pyramid_id`=? LIMIT 1;", array($id));
if (!empty($querypyr)) {
DB::run()->query("UPDATE `pyramid` SET `pyramid_link`=?, `pyramid_name`=? WHERE`pyramid_id`=?;", array($link, $name, $id));
$_SESSION['note'] = 'Рекламная ссылка успешно изменена!';
redirect("pyramid.php");
} else {
show_error('Ошибка! Данной ссылки нет в списке!');
}
} else {
show_error('Ошибка! Недопустимый адрес сайта! (http://sitename.domen)!');
}
} else {
show_error('Ошибка! Слишком длинное или короткое название. Не менее 5 и не более 25 символов!');
}
if (file_exists(DATADIR . "dataforum/mainforum.dat")) {
$fileforum = file(DATADIR . "dataforum/mainforum.dat");
$total = count($fileforum);
if ($total > 0) {
foreach ($fileforum as $forumval) {
$forum = explode("|", $forumval);
echo '<div class="b"><img src="/images/img/forums.gif" alt="image" /> ';
echo '<b><a href="forum.php?fid=' . $forum[0] . '&' . SID . '">' . $forum[1] . '</a></b> (' . $forum[2] . '/' . $forum[3] . ')</div>';
$totalforum = counter_string(DATADIR . "dataforum/topic" . $forum[0] . ".dat");
if ($totalforum > 0) {
$filetopic = file(DATADIR . "dataforum/topic" . $forum[0] . ".dat");
$topic = explode("|", end($filetopic));
if (file_exists(DATADIR . 'dataforum/' . $forum[0] . '-' . $topic[0] . '.dat')) {
$filepost = file(DATADIR . 'dataforum/' . $forum[0] . '-' . $topic[0] . '.dat');
$post = explode("|", end($filepost));
if (utf_strlen($topic[3]) > 35) {
$topic[3] = utf_substr($topic[3], 0, 30);
$topic[3] .= "...";
}
echo '<div>Тема: <a href="topic.php?act=end&fid=' . $forum[0] . '&id=' . $topic[0] . '&' . SID . '">' . $topic[3] . '</a><br />';
echo 'Сообщение: ' . nickname($post[2]) . ' (' . date_fixed($post[6]) . ')</div>';
} else {
echo 'Последняя тема не найдена!';
}
} else {
echo 'Раздел пустой! Темы еще не созданы!';
}
}
echo '<br />Всего разделов: <b>' . $total . '</b><br /><br />';
} else {
show_error('Форум пустой! Разделы еще не созданы!');
############################################################################################
## Изменение ссылки ##
############################################################################################
if ($action == "edit") {
$uid = check($_GET['uid']);
$urlrek = check($_POST['urlrek']);
$namerek = check($_POST['namerek']);
if (isset($_GET['id'])) {
$id = (int) $_GET['id'];
} else {
$id = "";
}
if ($uid == $_SESSION['token']) {
if ($id !== "") {
if (strlen($urlrek) <= 50) {
if (utf_strlen(trim($namerek)) >= 10 && utf_strlen($namerek) <= 35) {
if (preg_match('#^http://([a-z0-9_\\-\\.])+(\\.([a-z0-9\\/])+)+$#', $urlrek)) {
$string = search_string(DATADIR . "reklama.dat", $log, 3);
if ($string) {
if ($id == $string['line']) {
$text = no_br('|' . $urlrek . '|' . $namerek . '|' . $log . '|');
replace_lines(DATADIR . "reklama.dat", $id, $text);
header("Location: reklama.php?isset=mp_editreklama&" . SID);
exit;
} else {
echo '<b>Ошибка! Нельзя изменять чужую ссылку!</b><br />';
}
} else {
echo '<b>Ошибка! Вашей ссылки нет в списке!</b><br />';
}
} else {
## Добавление заметки ##
############################################################################################
############################################################################################
## Добавление заметки ##
############################################################################################
case 'editnote':
$uid = check($_GET['uid']);
$msg = check($_POST['msg']);
if (isset($_GET['id'])) {
$id = abs(intval($_GET['id']));
} else {
$id = 0;
}
if ($uid == $_SESSION['token']) {
if ($id > 0) {
if (utf_strlen($msg) < 1000) {
DB::run()->query("UPDATE contact SET contact_text=? WHERE contact_id=? AND contact_user=?;", array($msg, $id, $log));
$_SESSION['note'] = 'Заметка успешно отредактирована!';
redirect("contact.php?start={$start}");
} else {
show_error('Ошибка! Слишком длинная заметка (не более 1000 символов)!');
}
} else {
show_error('Ошибка! Не выбран пользователь для добавления заметки!');
}
} else {
show_error('Ошибка! Неверный идентификатор сессии, повторите действие!');
}
echo '<img src="/images/img/back.gif" alt="image" /> <a href="contact.php?act=note&id=' . $id . '&start=' . $start . '">Вернуться</a><br />';
echo '<img src="/images/img/reload.gif" alt="image" /> <a href="contact.php?start=' . $start . '">К спискам</a><br />';
break;
## Создание новой темы ##
############################################################################################
case 'create':
$config['newtitle'] = 'Создание новой темы';
$uid = check($_GET['uid']);
$fid = abs(intval($_POST['fid']));
$forum = search_string(DATADIR . "dataforum/mainforum.dat", $fid, 0);
if ($forum) {
if (is_user()) {
if ($uid == $_SESSION['token']) {
$title = check($_POST['title']);
$msg = check($_POST['msg']);
if (is_flood($log)) {
if (is_quarantine($log)) {
if (utf_strlen(trim($title)) >= 5 && utf_strlen($title) <= 50) {
if (utf_strlen(trim($msg)) >= 5 && utf_strlen($msg) <= 3000) {
statistics(1);
statistics(2);
$title = no_br($title);
$title = antimat($title);
$msg = no_br($msg, '<br />');
$msg = antimat($msg);
$msg = smiles($msg);
$id = unifile(DATADIR . "dataforum/topic{$fid}.dat", 0);
// Создание темы в списке тем
$text = $id . '|' . $fid . '|' . $log . '|' . $title . '|' . SITETIME . '|0|0|';
write_files(DATADIR . "dataforum/topic{$fid}.dat", "{$text}\r\n", 0, 0666);
// Создание файла темы и запись сообщения
$topictext = $id . '|' . $fid . '|' . $log . '|' . $msg . '|' . $brow . ', ' . $ip . '|' . SITETIME . '|';
write_files(DATADIR . 'dataforum/' . $fid . '-' . $id . '.dat', "{$topictext}\r\n", 1, 0666);
// Обновление mainforum
/**
* Find position of first occurance of a string in another string
* Compatible with mb_strpos(), an UTF-8 friendly replacement for strpos()
*/
function strpos($haystack, $needle, $offset = 0)
{
$comp = 0;
while (!isset($length) || $length < $offset) {
$pos = strpos($haystack, $needle, $offset + $comp);
if ($pos === false) {
return false;
}
$length = utf_strlen(substr($haystack, 0, $pos));
if ($length < $offset) {
$comp = $pos - $length;
}
}
return $length;
}
show_error('Совпадений не найдено!');
}
} else {
show_error('Ошибка! Не выбраны критерии поиска пользователей!');
}
echo '<img src="/images/img/back.gif" alt="image" /> <a href="searchuser.php">Вернуться</a><br />';
break;
############################################################################################
## Поиск пользователя ##
############################################################################################
############################################################################################
## Поиск пользователя ##
############################################################################################
case 'search':
$find = check(strtolower($_POST['find']));
if (utf_strlen($find) >= 3 && utf_strlen($find) <= 20) {
$querysearch = DB::run()->query("SELECT `users_login`, `users_point` FROM `users` WHERE lower(`users_login`) LIKE ? OR `users_nickname` LIKE ? ORDER BY `users_point` DESC LIMIT " . $config['usersearch'] . ";", array('%' . $find . '%', '%' . $find . '%'));
$result = $querysearch->fetchAll();
$total = count($result);
if ($total > 0) {
foreach ($result as $value) {
echo user_gender($value['users_login']);
if ($find == $value['users_login']) {
echo '<b><big>' . profile($value['users_login'], '#ff0000') . '</big></b> ' . user_online($value['users_login']) . ' (' . points($value['users_point']) . ')<br />';
} else {
echo '<b>' . profile($value['users_login']) . '</b> ' . user_online($value['users_login']) . ' (' . points($value['users_point']) . ')<br />';
}
}
echo '<br />Найдено совпадений: <b>' . $total . '</b><br /><br />';
} else {
show_error('По вашему запросу ничего не найдено');
## Редактирование ##
############################################################################################
case 'edit':
$uid = check($_GET['uid']);
$cid = abs(intval($_POST['cid']));
$title = check($_POST['title']);
$text = check($_POST['text']);
$author = check($_POST['author']);
$site = $_POST['site'] != 'http://' ? check($_POST['site']) : '';
$link = check(strtolower($_POST['link']));
$notice = check($_POST['notice']);
$app = empty($_POST['app']) ? 0 : 1;
if ($uid == $_SESSION['token']) {
if (utf_strlen($title) >= 5 && utf_strlen($title) < 50) {
if (utf_strlen($text) >= 10 && utf_strlen($text) < 5000) {
if (utf_strlen($author) <= 50) {
if (empty($site) || preg_match('#^http://([а-яa-z0-9_\\-\\.])+(\\.([а-яa-z0-9\\/])+)+$#u', $site)) {
if (strlen($link) <= 50) {
if (!preg_match('/\\.(php|pl|cgi|phtml|htaccess)/i', $link)) {
$new = DB::run()->queryFetch("SELECT `downs`.*, `cats`.`folder` FROM `downs` LEFT JOIN `cats` ON `downs`.`downs_cats_id`=`cats`.`cats_id` WHERE `downs_id`=? LIMIT 1;", array($id));
$folder = $new['folder'] ? $new['folder'] . '/' : '';
if (!empty($new)) {
if (empty($new['downs_active'])) {
$downs = DB::run()->querySingle("SELECT `cats_id` FROM `cats` WHERE `cats_id`=? LIMIT 1;", array($cid));
if (!empty($downs)) {
$downlink = DB::run()->querySingle("SELECT `downs_link` FROM `downs` WHERE `downs_link`=? AND `downs_id`<>? LIMIT 1;", array($link, $id));
if (empty($downlink)) {
$newtitle = DB::run()->querySingle("SELECT `downs_title` FROM `downs` WHERE `downs_title`=? AND `downs_id`<>? LIMIT 1;", array($title, $id));
if (empty($newtitle)) {
if (!empty($link) && $link != $new['downs_link'] && file_exists(BASEDIR . '/load/files/' . $folder . $new['downs_link'])) {
$oldext = getExtension($new['downs_link']);
function update_user($user_id)
{
global $CONFIG;
//, $PHP_SELF;
global $lang_usermgr_php, $lang_register_php, $lang_send_login_data_email;
$user_name = addslashes(trim($_POST['user_name']));
$user_password = addslashes(trim($_POST['user_password']));
$user_email = addslashes(trim($_POST['user_email']));
$profile1 = addslashes($_POST['user_profile1']);
$profile2 = addslashes($_POST['user_profile2']);
$profile3 = addslashes($_POST['user_profile3']);
$profile4 = addslashes($_POST['user_profile4']);
$profile5 = addslashes($_POST['user_profile5']);
$profile6 = addslashes($_POST['user_profile6']);
$user_active = $_POST['user_active'];
$user_group = $_POST['user_group'];
$group_list = isset($_POST['group_list']) ? $_POST['group_list'] : '';
$sql = "SELECT user_id " . "FROM {$CONFIG['TABLE_USERS']} " . "WHERE user_name = '" . addslashes($user_name) . "' AND user_id != {$user_id}";
$result = cpg_db_query($sql);
if (mysql_num_rows($result)) {
cpg_die(ERROR, $lang_register_php['err_user_exists'], __FILE__, __LINE__);
return false;
}
mysql_free_result($result);
if (utf_strlen($user_name) < 2) {
cpg_die(ERROR, $lang_register_php['err_uname_short'], __FILE__, __LINE__);
}
if ($user_password && utf_strlen($user_password) < 2) {
cpg_die(ERROR, $lang_register_php['err_password_short'], __FILE__, __LINE__);
}
if (is_array($group_list)) {
$user_group_list = '';
foreach ($group_list as $group) {
$user_group_list .= $group != $user_group ? $group . ',' : '';
}
$user_group_list = substr($user_group_list, 0, -1);
} else {
$user_group_list = '';
}
$sql_update = "UPDATE {$CONFIG['TABLE_USERS']} SET " . "user_name = '{$user_name}', " . "user_email = '{$user_email}', " . "user_active = '{$user_active}', " . "user_group = '{$user_group}', " . "user_profile1 = '{$profile1}', " . "user_profile2 = '{$profile2}', " . "user_profile3 = '{$profile3}', " . "user_profile4 = '{$profile4}', " . "user_profile5 = '{$profile5}', " . "user_profile6 = '{$profile6}', " . "user_group_list = '{$user_group_list}'";
if (!empty($user_password)) {
$sql_update .= ", user_password = '******'enable_encrypted_passwords'] ? md5($user_password) : $user_password) . "'";
}
$sql_update .= " WHERE user_id = '{$user_id}'";
cpg_db_query($sql_update);
// If send login data checkbox is checked then send the username and password to the user in an email
if (isset($_POST['send_login_data']) && trim($_POST['user_email'])) {
require 'include/mailer.inc.php';
$template_vars = array('{SITE_NAME}' => $CONFIG['gallery_name'], '{SITE_LINK}' => $CONFIG['site_url'], '{USER_NAME}' => trim($_POST['user_name']), '{USER_PASS}' => trim($_POST['user_password']));
if (!cpg_mail(trim($_POST['user_email']), $lang_usermgr_php['send_login_email_subject'], nl2br(strtr($lang_send_login_data_email, $template_vars)))) {
cpg_die(CRITICAL_ERROR, $lang_usermgr_php['failed_sending_email'], __FILE__, __LINE__);
}
}
}
echo '<input value="Отправить" name="do" type="submit" /></form></div><br />';
echo 'Если модер вас забанил по ошибке или вы считаете, что бан не заслужен, то вы можете написать объяснение своего нарушения<br />';
echo 'В случае если ваше объяснение будет рассмотрено и удовлетворено, то возможно вас и разбанят<br /><br />';
}
break;
############################################################################################
## Отправка объяснения ##
############################################################################################
############################################################################################
## Отправка объяснения ##
############################################################################################
case 'send':
$msg = check($_POST['msg']);
if ($config['addbansend'] == 1) {
if ($udata['users_explainban'] == 1) {
if (utf_strlen($msg) >= 5 && utf_strlen($msg) < 1000) {
$queryuser = DB::run()->querySingle("SELECT `users_id` FROM `users` WHERE `users_login`=? LIMIT 1;", array($udata['users_loginsendban']));
if (!empty($queryuser)) {
$msg = antimat($msg);
$textpriv = 'Объяснение нарушения: ' . $msg;
DB::run()->query("INSERT INTO `inbox` (`inbox_user`, `inbox_author`, `inbox_text`, `inbox_time`) VALUES (?, ?, ?, ?);", array($udata['users_loginsendban'], $log, $textpriv, SITETIME));
DB::run()->query("UPDATE `users` SET `users_explainban`=? WHERE `users_login`=?;", array(0, $log));
DB::run()->query("UPDATE `users` SET `users_newprivat`=`users_newprivat`+1 WHERE `users_login`=?;", array($udata['users_loginsendban']));
$_SESSION['note'] = 'Объяснение успешно отправлено!';
redirect("ban.php");
} else {
show_error('Ошибка! Пользователь который вас забанил не найден!');
}
} else {
show_error('Ошибка! Слишком длинное или короткое объяснение!');
}
############################################################################################
############################################################################################
## Редактирование файла ##
############################################################################################
case 'changedown':
$uid = check($_GET['uid']);
$title = check($_POST['title']);
$text = check($_POST['text']);
$author = !empty($_POST['author']) ? check($_POST['author']) : '';
$site = $_POST['site'] != 'http://' ? check($_POST['site']) : '';
$loadfile = check(strtolower($_POST['loadfile']));
if ($uid == $_SESSION['token']) {
if (utf_strlen($title) >= 5 && utf_strlen($title) <= 50) {
if (utf_strlen($text) >= 10 && utf_strlen($text) <= 5000) {
if (utf_strlen($author) <= 50) {
if (utf_strlen($site) <= 50) {
if (empty($site) || preg_match('#^http://([а-яa-z0-9_\\-\\.])+(\\.([а-яa-z0-9\\/])+)+$#u', $site)) {
if (strlen($loadfile) <= 50) {
if (!preg_match('/\\.(php|pl|cgi|phtml|htaccess)/i', $loadfile)) {
$new = DB::run()->queryFetch("SELECT `downs`.*, `cats`.* FROM `downs` LEFT JOIN `cats` ON `downs`.`downs_cats_id`=`cats`.`cats_id` WHERE `downs_id`=? LIMIT 1;", array($id));
if (!empty($new)) {
$folder = $new['folder'] ? $new['folder'] . '/' : '';
$downlink = DB::run()->querySingle("SELECT `downs_link` FROM `downs` WHERE `downs_link`=? AND `downs_id`<>? LIMIT 1;", array($loadfile, $id));
if (empty($downlink)) {
$downtitle = DB::run()->querySingle("SELECT `downs_title` FROM `downs` WHERE `downs_title`=? AND `downs_id`<>? LIMIT 1;", array($title, $id));
if (empty($downtitle)) {
if (!empty($loadfile) && $loadfile != $new['downs_link'] && file_exists(BASEDIR . '/load/files/' . $folder . $new['downs_link'])) {
$oldext = getExtension($new['downs_link']);
$newext = getExtension($loadfile);
if ($oldext == $newext) {
$screen = $new['downs_screen'];
function search_text_in_db($searchstr, $base_sql, $where_search, $add_where = array(), $strict = false)
{
global $db, $config;
//$stopword_array = @file($root_path . 'languages/lang_' . $config['default_lang'] . '/search_stopwords.txt');
//$synonym_array = @file($root_path . 'languages/lang_' . $config['default_lang'] . '/search_synonyms.txt');
$match_types = array('or', 'not', 'and');
$add_where = sizeof($add_where) ? ' AND ' . implode(' AND ', $add_where) : '';
$cleansearchstr = searchfield($searchstr);
$lower_searchstr = utf_strtolower($searchstr);
if ($strict) {
$split_search = array($lower_searchstr);
} else {
$split_search = split_words($cleansearchstr);
if ($lower_searchstr != $searchstr) {
$search_full_string = true;
foreach ($match_types as $_null => $match_type) {
if (strpos($lower_searchstr, $match_type) !== false) {
$search_full_string = false;
}
}
if ($search_full_string) {
$split_search[] = $lower_searchstr;
}
}
}
$word_count = 0;
$current_match_type = 'and';
$word_match = array();
$result_list = array();
for ($i = 0; $i < sizeof($split_search); $i++) {
if (utf_strlen(str_replace(array('*', '%'), '', trim($split_search[$i]))) < $config['search_min_chars'] && !in_array($split_search[$i], $match_types)) {
$split_search[$i] = '';
continue;
}
switch ($split_search[$i]) {
case 'and':
$current_match_type = 'and';
break;
case 'or':
$current_match_type = 'or';
break;
case 'not':
$current_match_type = 'not';
break;
default:
if (!empty($search_terms)) {
$current_match_type = 'and';
}
if ($strict) {
$search = $where_search . ' = \'' . sqlesc($split_search[$i]) . '\'' . $add_where;
} else {
$match_word = str_replace('*', '%', $split_search[$i]);
$search = $where_search . ' LIKE \'%' . sqlesc($match_word) . '%\'' . $add_where;
//$search = $where_search . ' REGEXP \'[[:<:]]' . $db->sql_escape($match_word) . '[[:>:]]\'' . $add_where;
}
$sql = $base_sql . ' WHERE ' . $search;
$result = sql_query($sql);
$row = array();
while ($temp_row = mysqli_fetch_row($result)) {
$row[$temp_row['id']] = 1;
if (!$word_count) {
$result_list[$temp_row['id']] = 1;
} else {
if ($current_match_type == 'or') {
$result_list[$temp_row['id']] = 1;
} else {
if ($current_match_type == 'not') {
$result_list[$temp_row['id']] = 0;
}
}
}
}
if ($current_match_type == 'and' && $word_count) {
@reset($result_list);
foreach ($result_list as $id => $match_count) {
if (!isset($row[$id]) || !$row[$id]) {
//$result_list[$id] = 0;
@($result_list[$id] -= 1);
} else {
@($result_list[$id] += 1);
}
}
}
$word_count++;
mysqli_fetch_assoc($result);
}
}
@reset($result_list);
$search_ids = array();
foreach ($result_list as $id => $matches) {
if ($matches > 0) {
//if ( $matches ) {
$search_ids[] = $id;
}
}
unset($result_list);
return $search_ids;
}
}
//------------------------------------------------------//
$files = array_reverse($files);
$total = count($files);
if ($total > 0) {
if ($start < 0 || $start >= $total) {
$start = 0;
}
if ($total < $start + $config['boardspost']) {
$end = $total;
} else {
$end = $start + $config['boardspost'];
}
for ($i = $start; $i < $end; $i++) {
$data = explode("|", $files[$i]);
if (utf_strlen($data[2]) > 100) {
$data[2] = utf_substr($data[2], 0, 100);
$data[2] .= "...";
}
echo '<div class="b">';
echo '<img src="../images/img/forums.gif" alt="image" /> ' . ($i + 1) . '. ';
echo '<b><a href="index.php?action=view&id=' . $id . '&bid=' . $data[5] . '&start=' . $start . '&' . SID . '">' . $data[0] . '</a></b> ';
echo '<small>(' . date_fixed($data[3]) . ')</small></div>';
echo 'Текст объявления: ' . $data[2] . '<br />';
echo 'Автор объявления: <a href="../pages/anketa.php?uz=' . $data[1] . '&' . SID . '">' . nickname($data[1]) . '</a><br />';
}
page_jumpnavigation('index.php?action=board&id=' . $id . '&', $config['boardspost'], $start, $total);
page_strnavigation('index.php?action=board&id=' . $id . '&', $config['boardspost'], $start, $total);
echo '<br />Всего объявлений: <b>' . (int) $total . '</b><br />';
} else {
show_error('Объявлений еще нет, будь первым!');
pageheader($title, "<META http-equiv=\"refresh\" content=\"3;url={$redirect}\">");
msg_box($lang_common['error'], $error, $lang_common['back'], $redirect);
}
pagefooter();
exit;
}
if ($superCage->post->keyExists('change_password') && USER_ID && UDB_INTEGRATION == 'coppermine') {
//!defined('UDB_INTEGRATION')) {
//Check if the form token is valid
if (!checkFormToken()) {
cpg_die(ERROR, $lang_errors['invalid_form_token'], __FILE__, __LINE__);
}
$current_pass = get_post_var('current_pass');
$new_pass = get_post_var('new_pass');
$new_pass_again = get_post_var('new_pass_again');
if (utf_strlen($new_pass) < 2) {
cpg_die(ERROR, $lang_register_php['password_warning1'], __FILE__, __LINE__);
}
if ($new_pass != $new_pass_again) {
cpg_die(ERROR, $lang_register_php['password_verification_warning1'], __FILE__, __LINE__);
}
$new_pass = md5($new_pass);
$current_pass = md5($current_pass);
$sql = "UPDATE {$CONFIG['TABLE_USERS']} SET user_password = '******' WHERE user_id = '" . USER_ID . "' AND BINARY user_password = '******'";
$result = cpg_db_query($sql);
if (!mysql_affected_rows($CONFIG['LINK_ID'])) {
cpg_die(ERROR, $lang_register_php['pass_chg_error'], __FILE__, __LINE__);
}
$title = sprintf($lang_register_php['x_s_profile'], stripslashes(USER_NAME));
$redirect = $CPG_PHP_SELF . "?op=edit_profile";
cpgRedirectPage($redirect, $title, $lang_register_php['pass_chg_success'], 3, 'success');
/**
* build_caption()
*
* @param array $rowset by reference
* @param array $must_have
**/
function build_caption(&$rowset, $must_have = array(), $mode = 'files')
{
global $CONFIG, $THEME_DIR, $lang_date, $lang_get_pic_data, $cpg_udb;
foreach ($rowset as $key => $row) {
$caption = '';
if ($CONFIG['display_filename']) {
$caption .= '<span class="thumb_filename">' . $row['filename'] . '</span>';
}
if (!empty($row['title'])) {
$caption .= '<span class="thumb_title thumb_title_title">' . $row['title'] . '</span>';
}
if ($CONFIG['views_in_thumbview'] || in_array('hits', $must_have)) {
$views = $mode == 'albums' ? $row['alb_hits'] : $row['hits'];
$caption .= '<span class="thumb_title thumb_title_views">' . sprintf($lang_get_pic_data['n_views'], $views) . '</span>';
}
if ($CONFIG['caption_in_thumbview'] && !empty($row['caption'])) {
$caption .= '<span class="thumb_caption thumb_caption_caption">' . strip_tags(bb_decode($row['caption'])) . '</span>';
}
if ($CONFIG['display_comment_count'] && $row['pid']) {
$comments_nr = count_pic_comments($row['pid']);
if ($comments_nr > 0) {
$caption .= '<span class="thumb_num_comments">' . sprintf($lang_get_pic_data['n_comments'], $comments_nr) . '</span>';
}
}
if ($CONFIG['display_uploader']) {
if ($row['owner_id']) {
$caption .= '<span class="thumb_title thumb_title_owner"><a href="profile.php?uid=' . $row['owner_id'] . '">' . $cpg_udb->get_user_name($row['owner_id']) . '</a></span>';
}
}
if (in_array('msg_date', $must_have)) {
$caption .= '<span class="thumb_caption thumb_caption_msg_date">' . localised_date($row['msg_date'], $lang_date['lastcom']) . '</span>';
}
if (in_array('msg_body', $must_have)) {
$msg_body = strip_tags(bb_decode($row['msg_body']));
// I didn't want to fully bb_decode the message where report to admin isn't available. -donnoman
$msg_body = utf_strlen($msg_body) > 50 ? utf_substr($msg_body, 0, 50) . '...' : $msg_body;
if ($CONFIG['enable_smilies']) {
$msg_body = process_smilies($msg_body);
}
if ($row['author_id']) {
$caption .= '<span class="thumb_caption thumb_caption_author"><a href="profile.php?uid=' . $row['author_id'] . '">' . $row['msg_author'] . '</a>: ' . $msg_body . '</span>';
} else {
$caption .= '<span class="thumb_caption thumb_caption_author">' . $row['msg_author'] . ': ' . $msg_body . '</span>';
}
}
if (in_array('ctime', $must_have)) {
$caption .= '<span class="thumb_caption thumb_caption_ctime">' . localised_date($row['ctime'], $lang_date['lastup']) . '</span>';
}
if (in_array('pic_rating', $must_have)) {
if (defined('THEME_HAS_RATING_GRAPHICS')) {
$prefix = $THEME_DIR;
} else {
$prefix = '';
}
//calculate required amount of stars in picinfo
$rating = round($row['pic_rating'] / 2000 / (5 / $CONFIG['rating_stars_amount']));
$rating_images = '';
for ($i = 1; $i <= $CONFIG['rating_stars_amount']; $i++) {
if ($i <= $rating) {
$rating_images .= '<img src="' . $prefix . 'images/rate_full.png" alt="' . $rating . '"/>';
} else {
$rating_images .= '<img src="' . $prefix . 'images/rate_empty.png" alt="' . $rating . '"/>';
}
}
$caption .= '<span class="thumb_caption thumb_caption_rating">' . $rating_images . '<br />' . sprintf($lang_get_pic_data['n_votes'], $row['votes']) . '</span>';
}
if (in_array('mtime', $must_have)) {
$caption .= '<span class="thumb_caption thumb_caption_mtime">' . localised_date($row['mtime'], $lang_date['lasthit']);
if (GALLERY_ADMIN_MODE) {
$caption .= '<br />' . $row['lasthit_ip'];
}
$caption .= '</span>';
}
$rowset[$key]['caption_text'] = $caption;
}
$rowset = CPGPluginAPI::filter('thumb_caption', $rowset);
}
function update_user($user_id)
{
global $CONFIG;
global $lang_usermgr_php, $lang_register_php, $icon_array;
$superCage = Inspekt::makeSuperCage();
$user_name = $superCage->post->getEscaped('user_name');
$user_password = $superCage->post->getEscaped('user_password');
$user_email = $superCage->post->getEscaped('user_email');
$profile1 = $superCage->post->getEscaped('user_profile1');
$profile2 = $superCage->post->getEscaped('user_profile2');
$profile3 = $superCage->post->getEscaped('user_profile3');
$profile4 = $superCage->post->getEscaped('user_profile4');
$profile5 = $superCage->post->getEscaped('user_profile5');
$profile6 = $superCage->post->getEscaped('user_profile6');
$user_active = $superCage->post->getAlpha('user_active');
$user_group = $superCage->post->getInt('user_group');
$group_list = $superCage->post->keyExists('group_list') ? $superCage->post->getInt('group_list') : '';
if ($user_id == 'new_user') {
cpg_db_query("INSERT INTO {$CONFIG['TABLE_USERS']} (user_regdate, user_profile6) VALUES (NOW(), '')");
$user_id = mysql_insert_id();
log_write('New user "' . $user_name . '" created', CPG_ACCESS_LOG);
// Create a personal album if corresponding option is enabled
if ($CONFIG['personal_album_on_registration'] == 1) {
$catid = $user_id + FIRST_USER_CAT;
cpg_db_query("INSERT INTO {$CONFIG['TABLE_ALBUMS']} (`title`, `category`) VALUES ('{$user_name}', {$catid})");
}
}
$sql = "SELECT user_id FROM {$CONFIG['TABLE_USERS']} WHERE user_name = '{$user_name}' AND user_id != {$user_id}";
$result = cpg_db_query($sql);
if (mysql_num_rows($result)) {
cpg_die(ERROR, $lang_register_php['err_user_exists'], __FILE__, __LINE__);
return false;
}
mysql_free_result($result);
if (utf_strlen($user_name) < 2) {
cpg_die(ERROR, $lang_register_php['username_warning2'], __FILE__, __LINE__);
}
if ($user_password && utf_strlen($user_password) < 2) {
cpg_die(ERROR, $lang_register_php['password_warning1'], __FILE__, __LINE__);
}
// Save old user data (we need it later to determine if we need to send the activation confirmation email)
$user_data = mysql_fetch_assoc(cpg_db_query("SELECT user_name, user_active, user_email, user_actkey FROM {$CONFIG['TABLE_USERS']} WHERE user_id = '{$user_id}'"));
if (is_array($group_list)) {
$user_group_list = '';
foreach ($group_list as $group) {
$user_group_list .= $group != $user_group ? $group . ',' : '';
}
$user_group_list = substr($user_group_list, 0, -1);
} else {
$user_group_list = '';
}
$sql_update = "UPDATE {$CONFIG['TABLE_USERS']} SET " . "user_name = '{$user_name}', " . "user_email = '{$user_email}', " . "user_active = '{$user_active}', " . "user_group = '{$user_group}', " . "user_profile1 = '{$profile1}', " . "user_profile2 = '{$profile2}', " . "user_profile3 = '{$profile3}', " . "user_profile4 = '{$profile4}', " . "user_profile5 = '{$profile5}', " . "user_profile6 = '{$profile6}', " . "user_group_list = '{$user_group_list}'";
if (!empty($user_password)) {
require 'include/passwordhash.inc.php';
$sql_update .= ', ' . cpg_password_create_update_string($user_password);
}
if ($user_active == 'YES') {
$sql_update .= ", user_actkey = ''";
}
$sql_update .= " WHERE user_id = '{$user_id}'";
cpg_db_query($sql_update);
// Update comments' author name
cpg_db_query("UPDATE {$CONFIG['TABLE_COMMENTS']} SET msg_author = '{$user_name}' WHERE author_id = {$user_id}");
// If send login data checkbox is checked then send the username and password to the user in an email
if ($superCage->post->keyExists('send_login_data') && trim($user_email)) {
require 'include/mailer.inc.php';
$template_vars = array('{SITE_NAME}' => $CONFIG['gallery_name'], '{SITE_LINK}' => $CONFIG['site_url'], '{USER_NAME}' => trim($user_name), '{USER_PASS}' => trim($user_password));
if (!cpg_mail(trim($user_email), $lang_usermgr_php['send_login_email_subject'], nl2br(strtr($lang_usermgr_php['send_login_data_email'], $template_vars)))) {
cpg_die(CRITICAL_ERROR, $lang_usermgr_php['failed_sending_email'], __FILE__, __LINE__);
}
} elseif ($user_data['user_actkey'] && $user_data['user_active'] == 'NO' && $user_active == 'YES') {
// send activation confirmation email (only once)
require 'include/mailer.inc.php';
$template_vars = array('{SITE_LINK}' => $CONFIG['site_url'], '{USER_NAME}' => $user_data['user_name'], '{SITE_NAME}' => $CONFIG['gallery_name']);
cpg_mail($user_data['user_email'], sprintf($lang_register_php['notify_user_email_subject'], $CONFIG['gallery_name']), nl2br(strtr($lang_register_php['activated_email'], $template_vars)));
}
}
echo '</select><br />';
echo 'Комментарий: <br /><textarea cols="25" rows="5" name="text"></textarea><br />';
echo '<input type="submit" value="Продолжить" /></form></div><br />';
break;
############################################################################################
## Изменение авторитета ##
############################################################################################
############################################################################################
## Изменение авторитета ##
############################################################################################
case 'change':
$uid = isset($_GET['uid']) ? check($_GET['uid']) : '';
$text = isset($_POST['text']) ? check($_POST['text']) : '';
$vote = empty($_POST['vote']) ? 0 : 1;
if ($uid == $_SESSION['token']) {
if (utf_strlen($text) >= 3 && utf_strlen($text) <= 250) {
############################################################################################
## Увеличение авторитета ##
############################################################################################
if ($vote == 1) {
$text = antimat($text);
DB::run()->query("INSERT INTO `rating` (`rating_user`, `rating_login`, `rating_text`, `rating_vote`, `rating_time`) VALUES (?, ?, ?, ?, ?);", array($log, $uz, $text, 1, SITETIME));
DB::run()->query("DELETE FROM `rating` WHERE `rating_user`=? AND `rating_time` < (SELECT MIN(`rating_time`) FROM (SELECT `rating_time` FROM `rating` WHERE `rating_user`=? ORDER BY `rating_time` DESC LIMIT 20) AS del);", array($log, $log));
DB::run()->query("UPDATE `users` SET `users_newprivat`=`users_newprivat`+1, `users_rating`=CAST(`users_posrating`AS SIGNED)-CAST(`users_negrating`AS SIGNED)+1, `users_posrating`=`users_posrating`+1 WHERE `users_login`=? LIMIT 1;", array($uz));
$uzdata = DB::run()->queryFetch("SELECT `users_rating`, `users_posrating`, `users_negrating` FROM `users` WHERE `users_login`=? LIMIT 1;", array($uz));
// ------------------------------Уведомление по привату------------------------//
$textpriv = '<img src="/images/img/thumb-up.gif" alt="plus" /> Пользователь [b]' . nickname($log) . '[/b] поставил вам плюс! (Ваш рейтинг: ' . $uzdata['users_rating'] . ')' . PHP_EOL . 'Комментарий: ' . $text;
DB::run()->query("INSERT INTO `inbox` (`inbox_user`, `inbox_author`, `inbox_text`, `inbox_time`) VALUES (?, ?, ?, ?);", array($uz, $log, $textpriv, SITETIME));
echo '<img src="/images/img/open.gif" alt="Плюс" /> Ваш положительный голос за пользователя <b>' . nickname($uz) . '</b> успешно оставлен!<br />';
echo 'В данный момент его авторитет: ' . $uzdata['users_rating'] . '<br />';
echo 'Всего положительных голосов: ' . $uzdata['users_posrating'] . '<br />';
