} return $r; } } function convert($from, $to, $string) { if (function_exists('iconv')) { return @iconv($from, $to, $string); } else { return $string; } } $news_id = intval($_REQUEST['news_id']); $rss_id = intval($_REQUEST['rss_id']); $link = parse_url(urldecode($_REQUEST['link'])); $parse = new ParseFilter(array(), array(), 1, 1); $parse->leech_mode = true; $rss = $db->super_query("SELECT * FROM " . PREFIX . "_rss WHERE id='{$rss_id}'"); $rss['cookie'] = str_replace("\n", "; ", str_replace("\r", "", stripslashes(rtrim($rss['cookie'])))); $content = get_content($link['scheme'], $link['host'], $link['path'], $link['query'], $rss['cookie']); $rss['search'] = addcslashes(stripslashes($rss['search']), "[]!-.?*\\()|"); $rss['search'] = str_replace("{get}", "(.*)", $rss['search']); $rss['search'] = str_replace("{skip}", ".*", $rss['search']); $rss['search'] = preg_replace("![\n\r\t]!s", "", $rss['search']); $rss['search'] = preg_replace("!>[ ]{1,}<!s", "><", $rss['search']); if ($rss['search'] != "" && preg_match("!" . $rss['search'] . "!Us", $content, $found)) { $temp = array(); for ($i = 1; $i < sizeof($found); $i++) { $temp[] = $found[$i]; } $content = implode("", $temp);
public function Add($values_array) { if (!in_array($this->member['group'], $this->config['user_int_allow_no_code'])) { $sec_code_session = $_SESSION['sec_code_session'] != '' ? $_SESSION['sec_code_session'] : false; $_SESSION['sec_code_session'] = false; if ($_POST['sec_code'] != $sec_code_session or !$sec_code_session) { $this->Errors[] = $this->lang['error_code']; } } if (!$GLOBALS['is_logged'] && $this->config['general_allow_reg']) { $parse = new ParseFilter(array(), array(), 1, 1); $password1 = $this->base->EscapeString($parse->process($_POST['password1'])); $password2 = $this->base->EscapeString($parse->process($_POST['password2'])); $name = $this->base->EscapeString($parse->process(htmlspecialchars(trim($_POST['name'])))); $email = $this->base->EscapeString($parse->process(htmlspecialchars(trim($_POST['email'])))); $member_id = $GLOBALS['db']->super_query("SELECT * FROM " . USERPREFIX . "_users where name='{$name}' and password='******'"); if ($member_id) { $this->LoginIn($password1); $GLOBALS['member_id'] = $member_id; $this->member['id'] = $member_id['user_id']; $this->member['name'] = $member_id['name']; $this->member['group'] = $member_id['user_group']; $this->member['ip'] = $member_id['logged_ip']; $this->guest_session = ''; } else { auto_check_reg($name, $email, $password1, $password2); } } $this->values = $values_array; $this->CheckError(); require_once ENGINE_DIR . '/car-market/classes/Fields.php'; $xfields = new Fields($this->base, $this); $this->values['xfields'] = $xfields->EncodeFields($this->values); $this->Errors = $this->Errors + $xfields->getErrors(); if ($this->Errors) { return false; } if (!$GLOBALS['is_logged'] && $this->config['general_allow_reg']) { if (intval($GLOBALS['config']['reg_group']) < 3) { $GLOBALS['config']['reg_group'] = 4; } $regpassword = md5(md5($password1)); $GLOBALS['db']->query("INSERT INTO " . USERPREFIX . "_users (name, password, email, reg_date, lastdate, user_group, info, signature, favorites, xfields, logged_ip) VALUES ('{$name}', '{$regpassword}', '{$email}', '{$this->base->timer->cur_time}', '{$this->base->timer->cur_time}', '" . $GLOBALS['config']['reg_group'] . "', '', '', '', '', '" . $this->member['ip'] . "')"); $this->member['id'] = $GLOBALS['db']->insert_id(); $this->member['name'] = $name; $this->member['group'] = $GLOBALS['config']['reg_group']; $guest_session = $this->guest_session; $this->guest_session = ''; $this->LoginIn($password1); } // if ($this->values['capacity_motor'] > 1000) // { // $this->values['capacity_motor'] = $this->values['capacity_motor']/1000; // } $this->PreparationValues(); if (in_array($this->member['group'], $this->config['user_int_allow_change_exp'])) { if ($this->values['count_day']) { $this->values['exp_date'] = $this->base->timer->cur_time + (int) $this->values['count_day'] * 24 * 60 * 60; } else { $this->values['exp_date'] = 0; } } elseif ($this->config['user_int_default_day_count']) { $this->values['exp_date'] = $this->base->timer->cur_time + (int) $this->config['user_int_default_day_count'] * 24 * 60 * 60; } else { $this->values['exp_date'] = 0; } if (in_array($this->member['group'], $this->config['user_int_allow_no_moder'])) { $this->values['allow_site'] = 1; } $this->values['guest_session'] = $this->guest_session; $this->values['add_date'] = $this->values['update_date'] = $this->base->timer->cur_time; $this->values['author'] = $this->member['name']; $this->values['author_id'] = $this->member['id']; $this->values['author_ip'] = $this->member['ip']; $id = $this->base->Insert('auto_autos', $this->values); if (!empty($this->values['images'])) { $this->values['images'] = array_slice($this->values['images'], 0, $this->config['count_photo'][$this->member['group']]); if ($this->values['images']) { $this->base->SetWhere('id', $this->values['images'], 'IN', 'auto_images'); if ($this->member['id']) { $this->base->Update('auto_images', array('auto_id' => $id), array('auto_id' => 0, 'user_id' => $this->member['id'])); } else { if (!empty($guest_session)) { $this->base->Update('auto_images', array('auto_id' => $id, 'user_id' => $this->member['id'], 'guest_session' => ''), array('auto_id' => 0, 'guest_session' => $guest_session)); } else { $this->base->Update('auto_images', array('auto_id' => $id), array('auto_id' => 0, 'guest_session' => $this->guest_session)); } } if (!(int) $this->values['main_photo']) { $this->values['main_photo'] = reset($this->values['images']); } $this->base->Update('auto_autos', array('photo' => $this->values['main_photo'], 'photo_count' => count($this->values['images'])), array('id' => $id)); } } if (!empty($_FILES['photo']['name'][0]) && $this->UploadPhoto($id)) { $this->base->Update('auto_autos', array('photo' => $this->values['photo'], 'photo_count' => $this->values['photo_count']), array('id' => $id)); } if (!empty($this->values['allow_site'])) { $this->IncrementCounter($this->values['mark_id'], $this->values['model_id']); Cache::ClearAllCache(); } if ($this->config['general_inform'] && $this->config['general_email']) { if ($data = @file_get_contents(ENGINE_DIR . "/car-market/mail.txt")) { include_once DLE_CLASSES . 'mail.class.php'; $mail = new dle_mail($GLOBALS['config']); $mail->from = $GLOBALS['config']['admin_mail']; $data = str_replace("{%site_url%}", $GLOBALS['config']['http_home_url'], $data); $data = str_replace("{%auto_link%}", $this->tpl->GetUrl(array("action" => 'auto', "id" => $id)), $data); $mail->send($this->config['general_email'], $this->lang['mail_subj'], $data); } } return $id; }
//################# Определение групп пользователей $user_group = get_vars("usergroup"); if (!$user_group) { $user_group = array(); $db->query("SELECT * FROM " . USERPREFIX . "_usergroups ORDER BY id ASC"); while ($row = $db->get_row()) { $user_group[$row['id']] = array(); foreach ($row as $key => $value) { $user_group[$row['id']][$key] = stripslashes($value); } } set_vars("usergroup", $user_group); $db->free(); } @header("Content-type: text/html; charset=" . $config['charset']); $parse = new ParseFilter(); $parse->safe_mode = true; $parse->allow_url = $user_group[$member_id['user_group']]['allow_url']; $parse->allow_image = $user_group[$member_id['user_group']]['allow_image']; $id = intval($_POST['id']); $text = convert_unicode($_POST['text'], $config['charset']); $text = $parse->BB_Parse($parse->process(trim($text)), false); if ($config['allow_complaint_mail']) { include_once ENGINE_DIR . '/classes/mail.class.php'; $mail = new dle_mail($config); $lang['mail_complaint_1'] = str_replace("{site}", $config['http_home_url'], $lang['mail_complaint_1']); } if ($_POST['action'] == "pm") { if (!$is_logged) { die("error"); }
} } else { include_once ROOT_DIR . '/language/' . $config['langs'] . '/website.lng'; } $config['charset'] = $lang['charset'] != '' ? $lang['charset'] : $config['charset']; require_once ENGINE_DIR . '/classes/parse.class.php'; require_once ENGINE_DIR . '/modules/sitelogin.php'; $area = totranslit($_REQUEST['area'], true, false); if (!$area) { $area = "news"; } $allowed_areas = array('news' => array('comments_table' => 'comments'), 'ajax' => array('comments_table' => 'comments'), 'lastcomments' => array('comments_table' => 'comments')); if (!is_array($allowed_areas[$area])) { die("error"); } $parse = new ParseFilter(); $parse->safe_mode = true; if (!$is_logged) { die("error"); } $id = intval($_REQUEST['id']); if (!$id) { die("error"); } //################# Определение групп пользователей $user_group = get_vars("usergroup"); if (!$user_group) { $user_group = array(); $db->query("SELECT * FROM " . USERPREFIX . "_usergroups ORDER BY id ASC"); while ($row = $db->get_row()) { $user_group[$row['id']] = array();
$ifdelete = $_REQUEST['ifdelete']; } else { $ifdelete = ""; } if (isset($_REQUEST['news_fixed'])) { $news_fixed = $_REQUEST['news_fixed']; } else { $news_fixed = ""; } if (isset($_REQUEST['search_cat'])) { $search_cat = intval($_REQUEST['search_cat']); } else { $search_cat = ""; } include_once ENGINE_DIR . '/classes/parse.class.php'; $parse = new ParseFilter(array(), array(), 1, 1); if ($action == "list") { $_SESSION['admin_referrer'] = $_SERVER['REQUEST_URI']; $js_array[] = "engine/skins/calendar.js"; echoheader("editnews", $lang['edit_head']); $search_field = $db->safesql(trim(htmlspecialchars(stripslashes(urldecode($_REQUEST['search_field'])), ENT_QUOTES, $config['charset']))); $search_author = $db->safesql(trim(htmlspecialchars(stripslashes(urldecode($_REQUEST['search_author'])), ENT_QUOTES, $config['charset']))); $fromnewsdate = $db->safesql(trim(htmlspecialchars(stripslashes($_REQUEST['fromnewsdate']), ENT_QUOTES, $config['charset']))); $tonewsdate = $db->safesql(trim(htmlspecialchars(stripslashes($_REQUEST['tonewsdate']), ENT_QUOTES, $config['charset']))); $start_from = intval($_REQUEST['start_from']); $news_per_page = intval($_REQUEST['news_per_page']); $gopage = intval($_REQUEST['gopage']); $_REQUEST['news_status'] = intval($_REQUEST['news_status']); $news_status_sel = array('0' => '', '1' => '', '2' => ''); $news_status_sel[$_REQUEST['news_status']] = 'selected="selected"'; if (!$news_per_page or $news_per_page < 1) {
$row = $db->insert_id(); $db->query("INSERT INTO " . PREFIX . "_post_extras (news_id, allow_rate, votes, user_id) VALUES('{$row}', '{$allow_rating}', '0', '{$member_id['user_id']}')"); $db->query("UPDATE " . USERPREFIX . "_users set news_num=news_num+1 where user_id='{$member_id['user_id']}'"); $db->query("INSERT INTO " . USERPREFIX . "_admin_logs (name, date, ip, action, extras) values ('" . $db->safesql($member_id['name']) . "', '{$_TIME}', '{$_IP}', '1', '{$title}')"); } if ($id and $lastdate) { $db->query("UPDATE " . PREFIX . "_rss SET lastdate='{$lastdate}' WHERE id='{$id}'"); } clear_cache(); msg("info", $lang['addnews_ok'], $lang['rss_added'], "?mod=rss"); } msg("error", $lang['addnews_error'], $lang['rss_notadded'], "?mod=rss"); } elseif ($_REQUEST['action'] == "news" and $id) { include_once ENGINE_DIR . '/classes/rss.class.php'; include_once ENGINE_DIR . '/classes/parse.class.php'; $parse = new ParseFilter(array(), array(), 1, 1); $parse->leech_mode = true; $rss = $db->super_query("SELECT * FROM " . PREFIX . "_rss WHERE id='{$id}'"); $xml = new xmlParser(stripslashes($rss['url']), $rss['max_news']); $xml->pre_lastdate = $rss['lastdate']; $xml->pre_parse($rss['date']); $i = 0; foreach ($xml->content as $content) { if ($rss['text_type']) { $xml->content[$i]['title'] = $parse->decodeBBCodes($xml->content[$i]['title'], false); $xml->content[$i]['description'] = $parse->decodeBBCodes($xml->content[$i]['description'], false); $xml->content[$i]['date'] = date("Y-m-d H:i:s", $xml->content[$i]['date']); } else { $xml->content[$i]['title'] = $parse->decodeBBCodes($xml->content[$i]['title'], false); $xml->content[$i]['description'] = $parse->decodeBBCodes($xml->content[$i]['description'], true, "yes"); $xml->content[$i]['date'] = date("Y-m-d H:i:s", $xml->content[$i]['date']);
===================================================== Данный код защищен авторскими правами ===================================================== Файл: addcomments.php ----------------------------------------------------- Назначение: Добавление комментариев в базу данных ===================================================== */ if (!defined('DATALIFEENGINE') or !$config['allow_comments']) { die("Hacking attempt!"); } require_once ENGINE_DIR . '/classes/parse.class.php'; if ($config['allow_comments_wysiwyg'] > 0) { $parse = new ParseFilter(array('div', 'span', 'p', 'br', 'strong', 'em', 'ul', 'li', 'ol', 'b', 'u', 'i', 's'), array(), 0, 1); } else { $parse = new ParseFilter(); } $parse->safe_mode = true; $parse->allow_url = $user_group[$member_id['user_group']]['allow_url']; $parse->allow_image = $user_group[$member_id['user_group']]['allow_image']; $_TIME = time(); $_IP = get_ip(); $name = $db->safesql($parse->process(trim($_POST['name']))); $not_allow_symbol = array("\"", "`", "\t", '\\n', '\\r', "\n", "\r", '\\', ",", "/", "¬", "#", ";", ":", "~", "[", "]", "{", "}", ")", "(", "*", "^", "%", "\$", "<", ">", "?", "!", '"', "'", " ", "&"); $mail = $db->safesql(trim(str_replace($not_allow_symbol, '', strip_tags(stripslashes($_POST['mail']))))); $post_id = intval($_POST['post_id']); $stop = array(); $added_comments_id = 0; if ($is_logged) { $name = $db->safesql($member_id['name']); $mail = $db->safesql($member_id['email']);
\t</div>\t </div> </div> </div> HTML; $message = stripslashes($message); echo <<<HTML <pre style="display:none;" id="title">{$title}</pre> <pre style="display:none;" id="message">{$message}</pre> </body> </html> HTML; } elseif ($action == "preview") { include_once ENGINE_DIR . '/classes/parse.class.php'; $parse = new ParseFilter(array(), array(), 1, 1); $title = strip_tags(stripslashes($parse->process($_POST['title']))); $message = stripslashes($parse->process($_POST['message'])); if ($editor == "wysiwyg") { $message = $parse->BB_Parse($message); } else { $message = $parse->BB_Parse($message, false); } echo <<<HTML <html><title>{$title}</title> <meta content="text/html; charset={$config['charset']}" http-equiv=Content-Type> <style type="text/css"> html,body{ height:100%; margin:0px; padding: 0px;
$parse->allow_code = false; $full_story = $db->safesql($parse->BB_Parse($parse->process($_POST['full_story']))); $short_story = $db->safesql($parse->BB_Parse($parse->process($_POST['short_story']))); $allow_br = 0; } else { $full_story = $db->safesql($parse->BB_Parse($parse->process($_POST['full_story']), false)); $short_story = $db->safesql($parse->BB_Parse($parse->process($_POST['short_story']), false)); $allow_br = 1; } if ($parse->not_allowed_text) { $stop .= "<li>" . $lang['news_err_39'] . "</li>"; } $parse->ParseFilter(); $title = $db->safesql($parse->process(trim(strip_tags($_POST['title'])))); $alt_name = trim($parse->process(stripslashes($_POST['alt_name']))); $parse = new ParseFilter(array(), array(), 1, 1); $add_module = "yes"; $xfieldsaction = "init"; $category = $catlist; include ENGINE_DIR . '/inc/xfields.php'; if ($alt_name == "" or !$alt_name) { $alt_name = totranslit(stripslashes($title), true, false); } else { $alt_name = totranslit($alt_name, true, false); } if ($title == "" or !$title) { $stop .= $lang['add_err_1']; } if (dle_strlen($title, $config['charset']) > 200) { $stop .= $lang['add_err_2']; }
===================================================== Файл: wordfilter.php ----------------------------------------------------- Назначение: фильтр слов ===================================================== */ if (!defined('DATALIFEENGINE') or !defined('LOGGED_IN')) { die("Hacking attempt!"); } if (!$user_group[$member_id['user_group']]['admin_wordfilter']) { msg("error", $lang['index_denied'], $lang['index_denied']); } $result = ""; $word_id = intval($_REQUEST['word_id']); include_once ENGINE_DIR . '/classes/parse.class.php'; $parse = new ParseFilter(array(), array(), 1, 1); $parse->filter_mode = false; // ******************************************************************************** // Добавление слова // ******************************************************************************** if ($action == "add") { if ($_REQUEST['user_hash'] == "" or $_REQUEST['user_hash'] != $dle_login_hash) { die("Hacking attempt! User not found"); } $word_find = trim(strip_tags(stripslashes($_POST['word_find']))); if ($word_find == "") { msg("error", $lang['word_error'], $lang['word_word'], "?mod=wordfilter"); } if ($word_replace == "({$lang['word_del']})") { $word_replace = ""; }
<td><img src="engine/skins/images/tl_lu.gif" width="4" height="6" border="0"></td> <td background="engine/skins/images/tl_ub.gif"><img src="engine/skins/images/tl_ub.gif" width="1" height="6" border="0"></td> <td><img src="engine/skins/images/tl_ru.gif" width="6" height="6" border="0"></td> </tr> </table> </div></form> \t<script type="text/javascript"> jQuery(document).ready(function(\$){ \tinitTabs('dle_tabView1',Array('{$lang['tabs_news']}','{$lang['tabs_vote']}','{$lang['tabs_extra']}','{$lang['tabs_perm']}'),0, '100%'); }); \t</script> HTML; echofooter(); } elseif ($action == "doaddnews") { include_once ENGINE_DIR . '/classes/parse.class.php'; $parse = new ParseFilter(array(), array(), 1, 1); $allow_comm = isset($_POST['allow_comm']) ? intval($_POST['allow_comm']) : 0; $approve = isset($_POST['approve']) ? intval($_POST['approve']) : 0; $allow_rating = isset($_POST['allow_rating']) ? intval($_POST['allow_rating']) : 0; $news_fixed = isset($_POST['news_fixed']) ? intval($_POST['news_fixed']) : 0; $allow_br = isset($_POST['allow_br']) ? intval($_POST['allow_br']) : 0; $category = $_POST['category']; $disable_index = isset($_POST['disable_index']) ? intval($_POST['disable_index']) : 0; if ($user_group[$member_id['user_group']]['allow_main']) { $allow_main = intval($_POST['allow_main']); } else { $allow_main = 0; } if ($member_id['user_group'] > 2) { $disable_index = 0; }
\t\titem = document.all[id]; \t } else if (document.layers){ \t\titem = document.layers[id]; \t } \t if (!item) { \t } \t else if (item.style) { \t\tif (item.style.display == "none"){ item.style.display = ""; } \t\telse {item.style.display = "none"; } \t }else{ item.visibility = "show"; } }; //--> </script> HTML; include_once ENGINE_DIR . '/classes/parse.class.php'; $parse = new ParseFilter(array(), array(), 1, 1); $allow_br = intval($_POST['allow_br']); if ($_POST['preview_mode'] == "static") { if ($member_id['user_group'] != 1 and $allow_br > 1) { $allow_br = 1; } if ($allow_br == 2) { if (function_exists("get_magic_quotes_gpc") && get_magic_quotes_gpc()) { $_POST['template'] = stripslashes($_POST['template']); } $template = trim(addslashes($_POST['template'])); } else { if ($config['allow_static_wysiwyg']) { $parse->allow_code = false; } $template = $parse->process($_POST['template']);
===================================================== Данный код защищен авторскими правами ===================================================== Файл: cmoderation.php ----------------------------------------------------- Назначение: Модерация комментариев ===================================================== */ if (!defined('DATALIFEENGINE') or !defined('LOGGED_IN')) { die("Hacking attempt!"); } if (!$user_group[$member_id['user_group']]['admin_comments']) { msg("error", $lang['index_denied'], $lang['index_denied'], "?mod=main"); } include_once ENGINE_DIR . '/classes/parse.class.php'; $parse = new ParseFilter(); $parse->safe_mode = true; $parse->allow_url = $user_group[$member_id['user_group']]['allow_url']; $parse->allow_image = $user_group[$member_id['user_group']]['allow_image']; if ($action == "mass_approve") { if ($_REQUEST['user_hash'] == "" or $_REQUEST['user_hash'] != $dle_login_hash) { die("Hacking attempt! User not found"); } if ($config['allow_comments_wysiwyg']) { $parse->wysiwyg = true; $use_html = true; $parse->ParseFilter(array('div', 'a', 'span', 'p', 'br'), array(), 0, 1); } else { $use_html = false; } if (!$_POST['selected_comments']) {
$row = $db->super_query("SELECT * FROM " . PREFIX . "_comments where id = '{$c_id}'"); $author = $row['autor']; $is_reg = $row['is_register']; $post_id = $row['post_id']; $db->query("DELETE FROM " . PREFIX . "_comments WHERE id = '{$c_id}'"); if ($is_reg) { $db->query("UPDATE " . USERPREFIX . "_users SET comm_num=comm_num-1 where name ='{$author}'"); } $db->query("UPDATE " . PREFIX . "_post SET comm_num=comm_num-1 where id='{$post_id}'"); } clear_cache(array('news_', 'full_', 'comm_', 'rss')); $db->query("INSERT INTO " . USERPREFIX . "_admin_logs (name, date, ip, action, extras) values ('" . $db->safesql($member_id['name']) . "', '{$_TIME}', '{$_IP}', '21', '')"); msg("info", $lang['mass_head'], $lang['mass_delokc'], "{$PHP_SELF}?mod=comments&action=edit&id={$id}"); } elseif ($action == "edit") { include_once ENGINE_DIR . '/classes/parse.class.php'; $parse = new ParseFilter(); $parse->safe_mode = true; if ($id) { $where = "post_id = '{$id}' AND "; } else { $where = ""; } $start_from = intval($_GET['start_from']); if ($start_from < 0) { $start_from = 0; } $news_per_page = 50; $i = $start_from; $gopage = intval($_GET['gopage']); if ($gopage > 0) { $start_from = ($gopage - 1) * $news_per_page;
</td> <td background="engine/skins/images/tl_rb.gif"><img src="engine/skins/images/tl_rb.gif" width="6" height="1" border="0"></td> </tr> <tr> <td><img src="engine/skins/images/tl_lu.gif" width="4" height="6" border="0"></td> <td background="engine/skins/images/tl_ub.gif"><img src="engine/skins/images/tl_ub.gif" width="1" height="6" border="0"></td> <td><img src="engine/skins/images/tl_ru.gif" width="6" height="6" border="0"></td> </tr> </table> </div></form> HTML; echofooter(); exit; } elseif ($_POST['action'] == "do_mass_move_to_ban") { include_once ENGINE_DIR . '/classes/parse.class.php'; $parse = new ParseFilter(); foreach ($selected_users as $id) { $id = intval($id); $row = $db->super_query("SELECT name, user_group FROM " . USERPREFIX . "_users WHERE user_id='{$id}'"); if ($member_id['user_group'] != 1 and $row['user_group'] == 1) { msg("error", $lang['mass_error'], $lang['edit_not_admin'], "?mod=editusers&action=list"); } $db->query("INSERT INTO " . USERPREFIX . "_admin_logs (name, date, ip, action, extras) values ('" . $db->safesql($member_id['name']) . "', '{$_TIME}', '{$_IP}', '44', '{$row['name']}')"); $banned_descr = $db->safesql($parse->BB_Parse($parse->process($_POST['banned_descr']), false)); $this_time = time() + $config['date_adjust'] * 60; $banned_date = intval($_POST['banned_date']); $this_time = $banned_date ? $this_time + $banned_date * 60 * 60 * 24 : 0; $row = $db->super_query("SELECT users_id, days FROM " . USERPREFIX . "_banned WHERE users_id = '{$id}'"); if (!$row['users_id']) { $db->query("INSERT INTO " . USERPREFIX . "_banned (users_id, descr, date, days) values ('{$id}', '{$banned_descr}', '{$this_time}', '{$banned_date}')"); } else {
$is_logged = false; $member_id = array(); if ($config['allow_registration'] == "yes") { require_once ENGINE_DIR . '/modules/sitelogin.php'; } if (!$is_logged) { $member_id['user_group'] = 5; } if ($is_logged and $member_id['banned'] == "yes") { die("error"); } $id = intval($_GET['id']); if (!$id) { die("error"); } $parse = new ParseFilter(); $parse->safe_mode = true; $row = $db->super_query("SELECT autor, text FROM " . PREFIX . "_comments WHERE id = '{$id}'"); if (!$row['text']) { die("error"); } if (!$config['allow_comments_wysiwyg']) { $text = $parse->decodeBBCodes($row['text'], false); $text = str_replace(""", '"', $text); $text = str_replace("'", "'", $text); } else { $text = $parse->decodeBBCodes($row['text'], TRUE, $config['allow_comments_wysiwyg']); $text = preg_replace('/<p[^>]*>/', '', $text); $text = str_replace("</p>", "<br />", $text); $text = preg_replace('/<div[^>]*>/', '', $text); $text = str_replace("</div>", "<br />", $text);
----------------------------------------------------- Copyright (c) 2004,2015 SoftNews Media Group ===================================================== Данный код защищен авторскими правами ===================================================== Файл: addnews.php ----------------------------------------------------- Назначение: Добавление новости посетителем ===================================================== */ if (!defined('DATALIFEENGINE')) { die("Hacking attempt!"); } $allow_addnews = true; include_once ENGINE_DIR . '/classes/parse.class.php'; $parse = new ParseFilter(array(), array(), 1, 1); if ($config['max_moderation'] and !$user_group[$member_id['user_group']]['moderation']) { $stats_approve = $db->super_query("SELECT COUNT(*) as count FROM " . PREFIX . "_post WHERE approve != '1'"); $stats_approve = $stats_approve['count']; if ($stats_approve >= $config['max_moderation']) { $allow_addnews = false; } } if ($is_logged and $config['news_restricted'] and $_TIME - $member_id['reg_date'] < $config['news_restricted'] * 86400) { $lang['add_err_9'] = str_replace('{days}', intval($config['news_restricted']), $lang['news_info_7']); $allow_addnews = false; } if ($member_id['restricted'] and $member_id['restricted_days'] and $member_id['restricted_date'] < $_TIME) { $member_id['restricted'] = 0; $db->query("UPDATE LOW_PRIORITY " . USERPREFIX . "_users SET restricted='0', restricted_days='0', restricted_date='' WHERE user_id='{$member_id['user_id']}'"); }
$config['skin'] = $_COOKIE['dle_skin']; } } if ($config["lang_" . $config['skin']]) { if (file_exists(ROOT_DIR . '/language/' . $config["lang_" . $config['skin']] . '/website.lng')) { include_once ROOT_DIR . '/language/' . $config["lang_" . $config['skin']] . '/website.lng'; } else { die("Language file not found"); } } else { include_once ROOT_DIR . '/language/' . $config['langs'] . '/website.lng'; } $config['charset'] = $lang['charset'] != '' ? $lang['charset'] : $config['charset']; require_once ENGINE_DIR . '/modules/functions.php'; require_once ENGINE_DIR . '/classes/parse.class.php'; $parse = new ParseFilter(); function check_name($name) { global $lang, $db, $banned_info, $relates_word, $config; $stop = ''; $name = urldecode($name); if (dle_strlen($name, $config['charset']) > 30 or dle_strlen(trim($name), $config['charset']) < 3) { $stop .= $lang['reg_err_3']; } if (preg_match("/[\\||\\'|\\<|\\>|\\[|\\]|\"|\\!|\\?|\$|\\@|\\/|\\\\|\\&\\~\\*\\{\\+]/", $name)) { $stop .= $lang['reg_err_4']; } if (stripos(urlencode($name), "%AD") !== false) { $stop .= $lang['reg_err_4']; } if (strpos(strtolower($name), '.php') !== false) {
http://dle-news.ru/ ----------------------------------------------------- Copyright (c) 2004,2013 SoftNews Media Group ===================================================== Данный код защищен авторскими правами ===================================================== Файл: pm.php ----------------------------------------------------- Назначение: персональные сообщения ===================================================== */ if (!defined('DATALIFEENGINE')) { die("Hacking attempt!"); } require_once ENGINE_DIR . '/classes/parse.class.php'; $parse = new ParseFilter(); $parse->safe_mode = true; $parse->allow_url = $user_group[$member_id['user_group']]['allow_url']; $parse->allow_image = $user_group[$member_id['user_group']]['allow_image']; $stop_pm = FALSE; if (isset($_REQUEST['doaction'])) { $doaction = $_REQUEST['doaction']; } else { $doaction = ""; } if (!$is_logged or !$user_group[$member_id['user_group']]['allow_pm']) { msgbox($lang['all_err_1'], $lang['pm_err_1']); $stop_pm = TRUE; } if ($user_group[$member_id['user_group']]['max_pm'] and $member_id['pm_all'] >= $user_group[$member_id['user_group']]['max_pm'] and !$stop_pm) { msgbox($lang['all_info'], $lang['pm_err_9']);
echo $lang['ignore_error_2']; die; } $db->query("INSERT INTO " . USERPREFIX . "_ignore_list (user, user_from) values ('{$row['user']}', '{$row['user_from']}')"); echo $lang['ignore_ok']; } elseif ($_GET['action'] == "del_ignore") { $id = intval($_GET['id']); $row = $db->super_query("SELECT * FROM " . USERPREFIX . "_ignore_list WHERE id='{$id}'"); if ($row['id'] and ($row['user'] == $member_id['user_id'] or $member_id['user_group'] == 1)) { $db->query("DELETE FROM " . USERPREFIX . "_ignore_list WHERE id = '{$row['id']}'"); echo $lang['ignore_del_ok']; die; } die("Operation not Allowed"); } else { $parse = new ParseFilter(); $parse->safe_mode = true; function del_tpl($read) { global $tpl; $read = str_replace('\\"', '"', str_replace("&", "&", $read)); $tpl->copy_template = $read; } $tpl = new dle_template(); $tpl->dir = ROOT_DIR . '/templates/' . $_REQUEST['skin']; define('TEMPLATE_DIR', $tpl->dir); $_POST['name'] = convert_unicode($_POST['name'], $config['charset']); $_POST['subj'] = convert_unicode($_POST['subj'], $config['charset']); $_POST['text'] = convert_unicode($_POST['text'], $config['charset']); $name = $parse->process(trim($_POST['name'])); $subj = $parse->process(trim($_POST['subj']));
Назначение: Управление опросами ===================================================== */ if (!defined('DATALIFEENGINE') or !defined('LOGGED_IN')) { die("Hacking attempt!"); } if (!$user_group[$member_id['user_group']]['admin_editvote']) { msg("error", $lang['index_denied'], $lang['index_denied']); } if (isset($_REQUEST['id'])) { $id = intval($_REQUEST['id']); } else { $id = ""; } include_once ENGINE_DIR . '/classes/parse.class.php'; $parse = new ParseFilter(); $parse->filter_mode = false; $stop = false; if ($_GET['action'] == "delete") { if ($_REQUEST['user_hash'] == "" or $_REQUEST['user_hash'] != $dle_login_hash) { die("Hacking attempt! User not found"); } $db->query("DELETE FROM " . PREFIX . "_vote WHERE id='{$id}'"); $db->query("DELETE FROM " . PREFIX . "_vote_result WHERE vote_id='{$id}'"); $db->query("INSERT INTO " . USERPREFIX . "_admin_logs (name, date, ip, action, extras) values ('" . $db->safesql($member_id['name']) . "', '{$_TIME}', '{$_IP}', '27', '{$id}')"); @unlink(ENGINE_DIR . '/cache/system/vote.php'); msg("info", $lang['vote_str_2'], $lang['vote_str_2'], "?mod=editvote"); } if ($_GET['action'] == "clear") { if ($_REQUEST['user_hash'] == "" or $_REQUEST['user_hash'] != $dle_login_hash) { die("Hacking attempt! User not found");
die("Hacking attempt! User not found"); } $row = $db->super_query("SELECT user_id, name, user_group, email FROM " . USERPREFIX . "_users WHERE user_id = '{$id}'"); if (!$row['user_id']) { die("User not found"); } if ($member_id['user_group'] != 1 and $row['user_group'] == 1) { die($lang['edit_not_admin']); } $editlevel = intval($_POST['editlevel']); if ($member_id['user_group'] != 1 and $editlevel < 2) { die($lang['admin_not_access']); } $db->query("INSERT INTO " . USERPREFIX . "_admin_logs (name, date, ip, action, extras) values ('" . $db->safesql($member_id['name']) . "', '{$_TIME}', '{$_IP}', '64', '{$row['name']}')"); include_once ENGINE_DIR . '/classes/parse.class.php'; $parse = new ParseFilter(); $parse->safe_mode = true; $editlogin = $db->safesql($parse->process($_POST['editlogin'])); $editfullname = $db->safesql($parse->process($_POST['editfullname'])); if ($_POST['editicq']) { $editicq = intval($_POST['editicq']); } else { $editicq = ""; } $editland = $db->safesql($parse->process($_POST['editland'])); $editinfo = $db->safesql($parse->BB_Parse($parse->process($_POST['editinfo']), false)); $editsignature = $db->safesql($parse->BB_Parse($parse->process($_POST['editsignature']), false)); $time_limit = trim($_POST['time_limit']) ? strtotime($_POST['time_limit']) : ""; $not_allow_symbol = array("\"", "`", "\t", '\\n', '\\r', "\n", "\r", '\\', ",", "/", "¬", "#", ";", ":", "~", "[", "]", "{", "}", ")", "(", "*", "^", "%", "\$", "<", ">", "?", "!", '"', "'", " "); $editmail = $db->safesql(trim(str_replace($not_allow_symbol, '', strip_tags(stripslashes($_POST['editmail']))))); if (empty($editmail) or strlen($editmail) > 50 or @count(explode("@", $editmail)) != 2) {
===================================================== Данный код защищен авторскими правами ===================================================== Файл: static.php ----------------------------------------------------- Назначение: редактирование статистических страниц ===================================================== */ if (!defined('DATALIFEENGINE') or !defined('LOGGED_IN')) { die("Hacking attempt!"); } if (!$user_group[$member_id['user_group']]['admin_static']) { msg("error", $lang['index_denied'], $lang['index_denied']); } include_once ENGINE_DIR . '/classes/parse.class.php'; $parse = new ParseFilter(array(), array(), 1, 1); function SelectSkin($skin) { global $lang; $templates_list = array(); $handle = opendir('./templates'); while (false !== ($file = readdir($handle))) { if (is_dir("./templates/{$file}") and ($file != "." and $file != "..")) { $templates_list[] = $file; } } closedir($handle); $skin_list = "<select name=skin_name>"; $skin_list .= "<option value=\"\">" . $lang['cat_skin_sel'] . "</option>"; foreach ($templates_list as $single_template) { if ($single_template == $skin) {
http://dle-news.ru/ ----------------------------------------------------- Copyright (c) 2004,2012 SoftNews Media Group ===================================================== Данный код защищен авторскими правами ===================================================== Файл: profile.php ----------------------------------------------------- Назначение: Профиль пользователя ===================================================== */ if (!defined('DATALIFEENGINE')) { die("Hacking attempt!"); } include_once ENGINE_DIR . '/classes/parse.class.php'; $parse = new ParseFilter(); $parse->safe_mode = true; //#################################################################################################################### // Обновление информации о пользователе //#################################################################################################################### if ($allow_userinfo and $doaction == "adduserinfo") { $stop = false; $id = intval($_POST['id']); if (!$is_logged or $_POST['dle_allow_hash'] == "" or $_POST['dle_allow_hash'] != $dle_login_hash or !$id) { die("Hacking attempt! User ID not valid"); } if ($member_id['user_id'] != $id and $member_id['user_group'] != 1) { die("Hacking attempt!"); } $row = $db->super_query("SELECT * FROM " . USERPREFIX . "_users WHERE user_id = '{$id}'"); if (!$is_logged or !($member_id['user_id'] == $row['user_id'] or $member_id['user_group'] == 1)) {
define('MODULE_PATH', ENGINE_DIR . "/modules/billing"); define('MODULE_DATA', ENGINE_DIR . "/data/billing"); /* Helpers classes */ require_once ENGINE_DIR . '/classes/parse.class.php'; require_once MODULE_PATH . '/helpers/user.models.php'; require_once MODULE_PATH . '/helpers/user.theme.php'; require_once MODULE_PATH . '/lang/cabinet.php'; require_once MODULE_DATA . '/mail.php'; /* Install */ if (!file_exists(MODULE_DATA . '/config.php')) { header('Refresh: 0; url=' . $config['http_home_url']); die; } require_once MODULE_PATH . '/pay.api.php'; /* Pointer controller */ $parse = new ParseFilter(); $start = explode("/", $billing_config['start']); $c = $_GET['c'] ? $db->safesql($parse->process(trim($_GET['c']))) : $start[0]; $m = $_GET['m'] ? $db->safesql($parse->process(trim($_GET['m']))) : $start[1]; $p = $_GET['p'] ? $db->safesql($parse->process(trim($_GET['p']))) : $start[2]; /* OFF */ if (!$billing_config['status'] and $member_id['user_group'] != 1) { echo $billing_lang['cabinet_off']; } else { /* Load controller - Core */ if (file_exists(MODULE_PATH . "/controllers/user." . $c . ".php")) { require_once MODULE_PATH . '/controllers/user.' . $c . '.php'; } elseif (file_exists(MODULE_PATH . "/plugins/" . $c . "/user.main.php")) { require_once MODULE_PATH . '/plugins/' . $c . '/user.main.php'; } else { echo str_replace("{c}", $c, $billing_lang['cabinet_controller_error']);
} else { $template = $db->safesql($parse->BB_Parse($template, false)); } $db->query("UPDATE " . PREFIX . "_static SET template='{$template}' WHERE id='{$row['id']}'"); $step++; } $rebuildcount = $startfrom + $step; $buffer = "{\"status\": \"ok\",\"rebuildcount\": {$rebuildcount}}"; echo $buffer; } else { $parse = new ParseFilter(array(), array(), 1, 1); $parse->edit_mode = false; if ($config['allow_admin_wysiwyg'] == "yes") { $parse->allow_code = false; } $parsexf = new ParseFilter(array(), array(), 1, 1); $parsexf->edit_mode = false; if ($config['allow_admin_wysiwyg'] == "yes") { $parsexf->allow_code = false; } if ($config['safe_xfield']) { $parsexf->ParseFilter(); $parsexf->safe_mode = true; $parsexf->edit_mode = false; } $result = $db->query("SELECT p.id, p.short_story, p.full_story, p.xfields, p.title, p.allow_br, e.news_id FROM " . PREFIX . "_post p LEFT JOIN " . PREFIX . "_post_extras e ON (p.id=e.news_id) LIMIT " . $startfrom . ", " . $count_per_step); while ($row = $db->get_row($result)) { if ($row['allow_br'] != '1' or $config['allow_admin_wysiwyg'] == "yes") { $row['short_story'] = $parse->decodeBBCodes($row['short_story'], true, $config['allow_admin_wysiwyg']); $row['full_story'] = $parse->decodeBBCodes($row['full_story'], true, $config['allow_admin_wysiwyg']); } else {
@ini_set('display_errors', true); @ini_set('html_errors', false); @ini_set('error_reporting', E_ALL ^ E_WARNING ^ E_NOTICE); define('DATALIFEENGINE', true); define('ROOT_DIR', substr(dirname(__FILE__), 0, -12)); define('ENGINE_DIR', ROOT_DIR . '/engine'); include ENGINE_DIR . '/data/config.php'; if ($config['http_home_url'] == "") { $config['http_home_url'] = explode("engine/ajax/keywords.php", $_SERVER['PHP_SELF']); $config['http_home_url'] = reset($config['http_home_url']); $config['http_home_url'] = "http://" . $_SERVER['HTTP_HOST'] . $config['http_home_url']; } require_once ENGINE_DIR . '/classes/mysql.php'; require_once ENGINE_DIR . '/data/dbconfig.php'; require_once ROOT_DIR . '/language/' . $config['langs'] . '/adminpanel.lng'; require_once ENGINE_DIR . '/inc/include/functions.inc.php'; require_once ENGINE_DIR . '/classes/parse.class.php'; dle_session(); $config['charset'] = $lang['charset'] != '' ? $lang['charset'] : $config['charset']; @header("Content-type: text/html; charset=" . $config['charset']); $parse = new ParseFilter(); $full_story = $parse->BB_Parse($parse->process(convert_unicode($_REQUEST['full_txt'], $config['charset'])), false); $short_story = $parse->BB_Parse($parse->process(convert_unicode($_REQUEST['short_txt'], $config['charset'])), false); $metatags = create_metatags($short_story . $full_story); $metatags['description'] = trim($metatags['description']); $metatags['keywords'] = trim($metatags['keywords']); if ($_REQUEST['key'] == 1) { echo stripslashes($metatags['description']); } else { echo stripslashes($metatags['keywords']); }
} } if ($config["lang_" . $config['skin']]) { if (file_exists(ROOT_DIR . '/language/' . $config["lang_" . $config['skin']] . '/website.lng')) { include_once ROOT_DIR . '/language/' . $config["lang_" . $config['skin']] . '/website.lng'; } else { die("Language file not found"); } } else { include_once ROOT_DIR . '/language/' . $config['langs'] . '/website.lng'; } $config['charset'] = $lang['charset'] != '' ? $lang['charset'] : $config['charset']; @header("Content-type: text/html; charset=" . $config['charset']); require_once ENGINE_DIR . '/classes/parse.class.php'; require_once ENGINE_DIR . '/modules/sitelogin.php'; $parse = new ParseFilter(array(), array(), 1, 1); if (!$is_logged) { die("error"); } $id = intval($_REQUEST['id']); if (!$id) { die("error"); } //################# Определение групп пользователей $user_group = get_vars("usergroup"); if (!$user_group) { $user_group = array(); $db->query("SELECT * FROM " . USERPREFIX . "_usergroups ORDER BY id ASC"); while ($row = $db->get_row()) { $user_group[$row['id']] = array(); foreach ($row as $key => $value) {
while ($row = $db->get_row()) { $user_group[$row['id']] = array(); foreach ($row as $key => $value) { $user_group[$row['id']][$key] = stripslashes($value); } } set_vars("usergroup", $user_group); $db->free(); } if (!$is_logged) { die("error"); } if (!$user_group[$member_id['user_group']]['allow_all_edit']) { die("error"); } $parse = new ParseFilter(); $parse->safe_mode = true; $parse->allow_url = $user_group[$member_id['user_group']]['allow_url']; $parse->allow_image = $user_group[$member_id['user_group']]['allow_image']; $id = intval($_POST['id']); $text = convert_unicode($_POST['text'], $config['charset']); if (!$id or !$text) { die("error"); } $row = $db->super_query("SELECT id, title, autor FROM " . PREFIX . "_post WHERE id='{$id}'"); if (!$row['id']) { die("error"); } $title = stripslashes($row['title']); $row['autor'] = $db->safesql($row['autor']); $row = $db->super_query("SELECT email, name, user_id FROM " . USERPREFIX . "_users WHERE name = '{$row['autor']}'");
http://dle-news.ru/ ----------------------------------------------------- Copyright (c) 2004,2013 SoftNews Media Group ===================================================== Данный код защищен авторскими правами ===================================================== Файл: register.php ----------------------------------------------------- Назначение: регистрация посетителя ===================================================== */ if (!defined('DATALIFEENGINE')) { die("Hacking attempt!"); } require_once ENGINE_DIR . '/classes/parse.class.php'; $parse = new ParseFilter(); $parse->safe_mode = true; $parse->allow_url = false; $parse->allow_image = false; $stopregistration = FALSE; $_IP = get_ip(); if (isset($_REQUEST['doaction'])) { $doaction = $_REQUEST['doaction']; } else { $doaction = ""; } $config['reg_group'] = intval($config['reg_group']) ? intval($config['reg_group']) : 4; function check_reg($name, $email, $password1, $password2, $sec_code = 1, $sec_code_session = 1) { global $lang, $db, $banned_info, $relates_word, $config; $stop = "";