function saveuser($uid, $name, $uname, $email, $femail, $url, $pass, $vpass, $bio, $user_avatar, $user_icq, $user_occ, $user_from, $user_intrest, $user_sig, $user_viewemail, $user_aim, $user_yim, $user_msnm, $attach, $usend_email, $uis_visible, $user_lnl, $C1, $C2, $C3, $C4, $C5, $C6, $C7, $C8, $M1, $M2, $T1, $T2, $B1, $MAX_FILE_SIZE, $raz_avatar) { global $NPDS_Prefix; global $user, $userinfo, $system, $minpass; $cookie = cookiedecode($user); $check = $cookie[1]; $result = sql_query("SELECT uid, email FROM " . $NPDS_Prefix . "users WHERE uname='{$check}'"); list($vuid, $vemail) = sql_fetch_row($result); if ($check == $uname and $uid == $vuid) { if (isset($pass) && "{$pass}" != "{$vpass}") { message_error("<i class=\"fa fa-exclamation\"></i> " . translate("Both passwords are different. They need to be identical.") . "<br /><br />", ""); } elseif ($pass != "" && strlen($pass) < $minpass) { message_error("<i class=\"fa fa-exclamation\"></i> " . translate("Sorry, your password must be at least") . " <strong>{$minpass}</strong> " . translate("characters long") . "<br /><br />", ""); } else { $stop = userCheck("edituser", $email); if (!$stop) { if ($bio) { $bio = FixQuotes(strip_tags($bio)); } if ($attach) { $t = 1; } else { $t = 0; } if ($user_viewemail) { $a = 1; } else { $a = 0; } if ($usend_email) { $u = 1; } else { $u = 0; } if ($uis_visible) { $v = 0; } else { $v = 1; } if ($user_lnl) { $w = 1; } else { $w = 0; } if ($url != "") { if (!substr_count($url, "http://")) { $url = "http://" . $url; } if (trim($url) == "http://") { $url = ""; } } include_once "modules/upload/upload.conf.php"; global $avatar_size; if (!$avatar_size) { $avatar_size = "80*100"; } $avatar_limit = explode("*", $avatar_size); if ($DOCUMENTROOT != "") { $rep = $DOCUMENTROOT; } else { global $DOCUMENT_ROOT; if ($DOCUMENT_ROOT) { $rep = $DOCUMENT_ROOT; } else { $rep = $_SERVER['DOCUMENT_ROOT']; } } if ($B1 != "none") { global $language; include_once "modules/upload/lang/upload.lang-{$language}.php"; include_once "modules/upload/clsUpload.php"; $upload = new Upload(); $upload->maxupload_size = $MAX_FILE_SIZE; $field1_filename = trim($upload->getFileName("B1")); $suffix = strtoLower(substr(strrchr($field1_filename, '.'), 1)); if ($suffix == "gif" or $suffix == "jpg" or $suffix == "png") { $field1_filename = removeHack(preg_replace('#[/\\\\:\\*\\?"<>|]#i', '', rawurldecode($field1_filename))); $field1_filename = preg_replace('#\\.{2}|config.php|/etc#i', '', $field1_filename); if ($field1_filename) { if ($autorise_upload_p) { $user_dir = $racine . "/users_private/" . $uname . "/"; if (!is_dir($rep . $user_dir)) { @umask("0000"); if (@mkdir($rep . $user_dir, 0777)) { $fp = fopen($rep . $user_dir . "index.html", 'w'); fclose($fp); } else { $user_dir = $racine . "/users_private/"; } } } else { $user_dir = $racine . "/users_private/"; } if ($upload->saveAs($uname . "." . $suffix, $rep . $user_dir, "B1", true)) { $old_user_avatar = $user_avatar; $user_avatar = $user_dir . $uname . "." . $suffix; $img_size = @getimagesize($rep . $user_avatar); if ($img_size[0] > $avatar_limit[0] or $img_size[1] > $avatar_limit[1]) { $raz_avatar = true; } if ($racine == "") { $user_avatar = substr($user_avatar, 1); } } } } } if ($raz_avatar) { if (strstr($user_avatar, "/users_private")) { @unlink($rep . $user_avatar); @unlink($rep . $old_user_avatar); } $user_avatar = "blank.gif"; } if ($pass != '') { cookiedecode($user); if (!$system) { $pass = crypt($pass, $pass); } sql_query("UPDATE " . $NPDS_Prefix . "users SET name='{$name}', email='{$email}', femail='" . removeHack($femail) . "', url='" . removeHack($url) . "', pass='******', bio='" . removeHack($bio) . "', user_avatar='{$user_avatar}', user_icq='" . removeHack($user_icq) . "', user_occ='" . removeHack($user_occ) . "', user_from='" . removeHack($user_from) . "', user_intrest='" . removeHack($user_intrest) . "', user_sig='" . removeHack($user_sig) . "', user_aim='" . removeHack($user_aim) . "', user_yim='" . removeHack($user_yim) . "', user_msnm='" . removeHack($user_msnm) . "', user_viewemail='{$a}', send_email='{$u}', is_visible='{$v}', user_lnl='{$w}' WHERE uid='{$uid}'"); $result = sql_query("SELECT uid, uname, pass, storynum, umode, uorder, thold, noscore, ublockon, theme FROM " . $NPDS_Prefix . "users WHERE uname='{$uname}' AND pass='******'"); if (sql_num_rows($result) == 1) { $userinfo = sql_fetch_assoc($result); docookie($userinfo['uid'], $userinfo['uname'], $userinfo['pass'], $userinfo['storynum'], $userinfo['umode'], $userinfo['uorder'], $userinfo['thold'], $userinfo['noscore'], $userinfo['ublockon'], $userinfo['theme'], $userinfo['commentmax'], ""); } } else { sql_query("UPDATE " . $NPDS_Prefix . "users SET name='{$name}', email='{$email}', femail='" . removeHack($femail) . "', url='" . removeHack($url) . "', bio='" . removeHack($bio) . "', user_avatar='{$user_avatar}', user_icq='" . removeHack($user_icq) . "', user_occ='" . removeHack($user_occ) . "', user_from='" . removeHack($user_from) . "', user_intrest='" . removeHack($user_intrest) . "', user_sig='" . removeHack($user_sig) . "', user_aim='" . removeHack($user_aim) . "', user_yim='" . removeHack($user_yim) . "', user_msnm='" . removeHack($user_msnm) . "', user_viewemail='{$a}', send_email='{$u}', is_visible='{$v}', user_lnl='{$w}' WHERE uid='{$uid}'"); } sql_query("UPDATE " . $NPDS_Prefix . "users_status SET attachsig='{$t}' WHERE uid='{$uid}'"); $result = sql_query("SELECT uid FROM " . $NPDS_Prefix . "users_extend WHERE uid='{$uid}'"); if (sql_num_rows($result) == 1) { sql_query("UPDATE " . $NPDS_Prefix . "users_extend SET C1='" . removeHack($C1) . "', C2='" . removeHack($C2) . "', C3='" . removeHack($C3) . "', C4='" . removeHack($C4) . "', C5='" . removeHack($C5) . "', C6='" . removeHack($C6) . "', C7='" . removeHack($C7) . "', C8='" . removeHack($C8) . "', M1='" . removeHack($M1) . "', M2='" . removeHack($M2) . "', T1='" . removeHack($T1) . "', T2='" . removeHack($T2) . "', B1='{$B1}' WHERE uid='{$uid}'"); } else { $result = sql_query("INSERT INTO " . $NPDS_Prefix . "users_extend VALUES ('{$uid}','" . removeHack($C1) . "', '" . removeHack($C2) . "', '" . removeHack($C3) . "', '" . removeHack($C4) . "', '" . removeHack($C5) . "', '" . removeHack($C6) . "', '" . removeHack($C7) . "', '" . removeHack($C8) . "', '" . removeHack($M1) . "', '" . removeHack($M2) . "', '" . removeHack($T1) . "', '" . removeHack($T2) . "', '{$B1}')"); } if ($pass != "") { logout(); } else { header("location: user.php?op=edituser"); } } else { message_error($stop, ""); } } } else { Header("Location: index.php"); } }
function AddImgs($imgscat, $newcard1, $newdesc1, $newcard2, $newdesc2, $newcard3, $newdesc3, $newcard4, $newdesc4, $newcard5, $newdesc5) { global $language, $MaxSizeImg, $MaxSizeThumb, $ModPath, $ModStart, $NPDS_Prefix; include_once "modules/upload/lang/upload.lang-{$language}.php"; include_once "modules/upload/clsUpload.php"; $year = date("Y"); $month = date("m"); $day = date("d"); $hour = date("H"); $min = date("i"); $sec = date("s"); $i = 1; while ($i <= 5) { $img = "newcard{$i}"; $tit = "newdesc{$i}"; if (!empty(${$img})) { $newimg = stripslashes(removeHack(${$img})); if (!empty(${$tit})) { $newtit = addslashes(removeHack(${$tit})); } else { $newtit = ""; } $upload = new Upload(); $upload->maxupload_size = 200000 * 100; $origin_filename = trim($upload->getFileName("newcard" . $i)); $filename_ext = strtolower(substr(strrchr($origin_filename, "."), 1)); if ($filename_ext == "jpg" or $filename_ext == "gif" or $filename_ext == "png") { $newfilename = $year . $month . $day . $hour . $min . $sec . "-" . $i . "." . $filename_ext; if ($upload->saveAs($newfilename, "modules/{$ModPath}/imgs/", "newcard" . $i, true)) { if (function_exists('gd_info') or extension_loaded('gd')) { @CreateThumb($newfilename, "modules/{$ModPath}/imgs/", "modules/{$ModPath}/imgs/", $MaxSizeImg, $filename_ext); @CreateThumb($newfilename, "modules/{$ModPath}/imgs/", "modules/{$ModPath}/mini/", $MaxSizeThumb, $filename_ext); } if (sql_query("INSERT INTO " . $NPDS_Prefix . "tdgal_img VALUES ('','{$imgscat}','{$newfilename}','{$newtit}','','0','0')")) { echo '<p class="lead"><i class="fa fa-info-circle"></i> ' . gal_trans("Image ajoutée avec succès") . '</p>'; } else { echo '<p class="lead text-danger">' . gal_trans("Impossible d'ajouter l'image en BDD") . '</p>'; @unlink("modules/{$ModPath}/imgs/{$newfilename}"); @unlink("modules/{$ModPath}/mini/{$newfilename}"); } } else { echo '<p class="lead text-danger">' . $upload->errors . '</p>'; } } else { if ($filename_ext != "") { echo '<p class="lead text-danger">' . gal_trans("Ce fichier n'est pas un fichier jpg ou gif") . '</p>'; } } } $i++; } }
include_once "modules/upload/upload.conf.php"; settype($op, 'string'); switch ($op) { case "upload": if ($ficcmd_fma[0]) { if ($userfile != "none") { global $language; include_once "modules/upload/lang/upload.lang-{$language}.php"; include_once "modules/upload/clsUpload.php"; $upload = new Upload(); $filename = trim($upload->getFileName("userfile")); if ($filename) { $upload->maxupload_size = $max_size; $auto = fma_filter('f', $filename, $obj->Extension); if ($auto[0]) { if (!$upload->saveAs($auto[2], $base . '/', 'userfile', true)) { $Err = $upload->errors; } else { Ecr_Log("security", "Upload File", $log_dir . "/" . $filename . " IP=>" . getip()); } } else { $Err = $auto[1]; } } } } break; // Répertoires // Répertoires case "createdir": if ($dircmd_fma[0]) {
include_once "modules/upload/upload.conf.php"; settype($op, 'string'); switch ($op) { case "upload": if ($ficcmd_fma[0]) { if ($userfile != "none") { global $language; include_once "modules/upload/lang/upload.lang-{$language}.php"; include_once "modules/upload/clsUpload.php"; $upload = new Upload(); $filename = trim($upload->getFileName("userfile")); if ($filename) { $upload->maxupload_size = $max_size; $auto = fma_filter("f", $filename, $obj->Extension); if ($auto[0]) { if (!$upload->saveAs($auto[2], $base . "/", "userfile", true)) { $Err = $upload->errors; } else { Ecr_Log("security", "Upload File", $log_dir . "/" . $filename . " IP=>" . getip()); } } else { $Err = $auto[1]; } } } } break; // Répertoires // Répertoires case "createdir": if ($dircmd_fma[0]) {
array_walk($allowed_files, 'array_trim'); while (list($field, $values) = each($_FILES)) { ${$field} = ''; if ($upload->getFilename($field) == '') { continue; } $file_name = $upload->getFilename($field); ${$field} = $file_name; $upload_suffix = create_random(20); $file_extension = trim(substr($file_name, strrpos($file_name, '.') + 1)); reset($allowed_files); while (list($ext_key, $ext_val) = each($allowed_files)) { if (preg_match('#' . preg_quote($ext_val) . '#i', $file_extension) <= 0) { continue; } if ($upload->saveAs($file_name . '_' . $upload_suffix, $configuration['temp_folder'], $field, true)) { $attachment_file_names[] = array('new' => $configuration['temp_folder'] . $file_name . '_' . $upload_suffix, 'old' => $file_name); $form_output_file_names[$field] = $file_name; $form_output_suffix[$field] = $upload_suffix; } } } // debug_mode($upload->errors, 'Upload'); // print_a($attachment_file_names); } // ----------------------------------------------------------------------------- /** * Redirect to error page */ if (isset($limit_message) and !empty($limit_message) and isset($_POST['limit_error_page']) and !empty($_POST['limit_error_page'])) { if ($debug_mode != 'on') {
function AddImgs($imgscat, $newcard1, $newdesc1, $newcard2, $newdesc2, $newcard3, $newdesc3, $newcard4, $newdesc4, $newcard5, $newdesc5, $user_connecte) { global $language, $MaxSizeImg, $MaxSizeThumb, $ModPath, $ModStart, $NPDS_Prefix, $ThisFile, $adminmail, $nuke_url, $notif_admin; include_once "modules/upload/lang/upload.lang-{$language}.php"; include_once "modules/upload/clsUpload.php"; $newdesc1 = $newdesc1 . gal_trans(" proposé par ") . $user_connecte; $newdesc2 = $newdesc2 . gal_trans(" proposé par ") . $user_connecte; $newdesc3 = $newdesc3 . gal_trans(" proposé par ") . $user_connecte; $newdesc4 = $newdesc4 . gal_trans(" proposé par ") . $user_connecte; $newdesc5 = $newdesc5 . gal_trans(" proposé par ") . $user_connecte; $year = date("Y"); $month = date("m"); $day = date("d"); $hour = date("H"); $min = date("i"); $sec = date("s"); echo '<h4 class="breadcrumb"><a href="' . $ThisFile . '">' . gal_trans("Accueil") . '</a></h4>'; echo '<p>' . gal_trans("Proposer des images") . '</p>'; echo "<ul>"; $soumission = false; $i = 1; while ($i <= 5) { $img = "newcard{$i}"; $tit = "newdesc{$i}"; if (!empty(${$img})) { $newimg = stripslashes(removeHack(${$img})); if (!empty(${$tit})) { $newtit = addslashes(removeHack(${$tit})); } else { $newtit = ""; } $upload = new Upload(); $upload->maxupload_size = 200000 * 100; $origin_filename = trim($upload->getFileName("newcard" . $i)); $filename_ext = strtolower(substr(strrchr($origin_filename, "."), 1)); if ($filename_ext == "jpg" or $filename_ext == "gif") { $newfilename = $year . $month . $day . $hour . $min . $sec . "-" . $i . "." . $filename_ext; if ($upload->saveAs($newfilename, "modules/{$ModPath}/imgs/", "newcard" . $i, true)) { if (function_exists('gd_info') or extension_loaded('gd')) { @CreateThumb($newfilename, "modules/{$ModPath}/imgs/", "modules/{$ModPath}/imgs/", $MaxSizeImg, $filename_ext); @CreateThumb($newfilename, "modules/{$ModPath}/imgs/", "modules/{$ModPath}/mini/", $MaxSizeThumb, $filename_ext); } if (sql_query("INSERT INTO " . $NPDS_Prefix . "tdgal_img VALUES ('','{$imgscat}','{$newfilename}','{$newtit}','','0','1')")) { echo "<li>" . gal_trans("Photo envoyée avec succès, elle sera traitée par le webmaster") . " : {$origin_filename}</li>"; $soumission = true; } else { echo "<li><span class=\"text-danger\">" . gal_trans("Impossible d'ajouter l'image en BDD") . " : {$origin_filename}</span></li>"; @unlink("modules/{$ModPath}/imgs/{$newfilename}"); @unlink("modules/{$ModPath}/mini/{$newfilename}"); } } else { echo "<li><span class=\"text-danger\">" . $upload->errors . "</span></li>"; } } else { if ($filename_ext != "") { echo "<li><span class=\"text-danger\">" . gal_trans("Ce fichier n'est pas un fichier jpg ou gif") . " : {$origin_filename}</span></li>"; } } } $i++; } echo "</ul>"; if ($notif_admin and $soumission) { $subject = gal_trans("Nouvelle soumission de Photos"); $message = gal_trans("Des photos viennent d'être proposées dans la galerie photo du site ") . $nuke_url . gal_trans(" par ") . $user_connecte; send_email($adminmail, $subject, $message, "", true, "html"); } }