if (ini_get('zlib.output_compression')) {
ini_set('zlib.output_compression', 'Off');
}
header('Content-Type: application/force-download');
header('Content-Disposition: attachment; filename="' . basename($file) . '"');
header('Content-Transfer-Encoding: binary');
header('Accept-Ranges: bytes');
header('Cache-control: private');
header('Pragma: private');
header('Expires: Mon, 26 Jul 1997 05:00:00 GMT');
header('Content-Length: ' . filesize($file));
readfile($file);
exit;
} else {
VRedirect::go($config['BASE_URL'] . '/error');
}
} else {
VRedirect::go($config['BASE_URL'] . '/error');
}
}
if ($new_permisions['sd_downloads'] == 0 && !$_SESSION['uid']) {
$_SESSION['error'] = $lang['download.error'];
VRedirect::go($config['BASE_URL'] . '/signup');
}
if ($new_permisions['sd_downloads'] == 0 && $_SESSION['uid'] && $_SESSION['uid_premium'] == 0) {
VRedirect::go($config['BASE_URL'] . '/error/download_free');
}
if ($new_permisions['sd_downloads'] == 0 && $_SESSION['uid_premium']) {
VRedirect::go($config['BASE_URL'] . '/error/download_premium');
}
die;
public static function check($ip, $size)
{
global $config, $conn, $lang, $user_limit_bandwidth, $type_of_user;
$limit = $user_limit_bandwidth * 1024 * 1024;
$sql = "SELECT guest_id, bandwidth\n FROM guests\n WHERE guest_ip = " . $ip . "\n LIMIT 1";
$rs = $conn->execute($sql);
if ($conn->Affected_Rows() === 1) {
$guest_id = $rs->fields['guest_id'];
$guest_bandwidth = $rs->fields['bandwidth'];
if ($guest_bandwidth > $limit) {
if ($type_of_user == 'guest') {
$_SESSION['error'] = $lang['guest.limit'];
VRedirect::go($config['BASE_URL'] . '/signup');
} elseif ($type_of_user == 'free') {
VRedirect::go($config['BASE_URL'] . '/error/free_limit_reached');
} elseif ($type_of_user == 'premium') {
VRedirect::go($config['BASE_URL'] . '/error/premium_limit_reached');
}
} else {
$sql = "UPDATE guests\n SET bandwidth = bandwidth + " . $size . ",\n last_login = '******'Y-m-d h:i:s') . "'\n WHERE guest_id = " . $guest_id . "\n LIMIT 1";
$conn->execute($sql);
}
} else {
$sql = "INSERT INTO guests (guest_ip, last_login, bandwidth)\n VALUES (" . $ip . ", '" . date('Y-m-d h:i:s') . "', " . $size . ")";
$conn->execute($sql);
}
return false;
}
public function confirm()
{
global $config;
if ($config['email_verification'] == '0') {
return true;
}
if (isset($_SESSION['uid']) && isset($_SESSION['email'])) {
if (isset($_SESSION['emailverified']) && $_SESSION['emailverified'] == 'yes') {
return true;
}
}
$_SESSION['redirect'] = isset($_SERVER['REQUEST_URI']) ? $_SERVER['REQUEST_URI'] : $config['BASE_URL'];
VRedirect::go($config['BASE_URL'] . '/confirm');
}
} elseif (strlen($title) > 299) {
$errors[] = 'Notice title field cannot contain more then 299 characters!';
} else {
$notice['title'] = $title;
}
if ($category == '0' or $category == '') {
$errors[] = 'Please select a notice category!';
} else {
$notice['category'] = $category;
}
if ($content == '') {
$errors[] = 'Notice content cannot be blank!';
} else {
$notice['content'] = $content;
}
if (!$errors) {
$sql = "SELECT UID FROM signup WHERE username = '******' LIMIT 1";
$rs = $conn->execute($sql);
$uid = $rs->fields['UID'];
$sql = "INSERT INTO notice (UID, category, title, content, addtime, adddate)\n VALUES (" . intval($uid) . ", " . intval($category) . ", '" . mysql_real_escape_string($title) . "',\n '" . mysql_real_escape_string($content) . "', " . time() . ", '" . date('Y-m-d') . "')";
$conn->execute($sql);
$_SESSION['message'] = 'Notice was successfully added!';
VRedirect::go($config['BASE_URL'] . '/siteadmin/notices.php?m=list');
}
}
$sql = "SELECT category_id, name FROM notice_categories\n WHERE status = '1' ORDER BY name DESC";
$rs = $conn->execute($sql);
$categories = $rs->getrows();
$editor->set_code($notice['content']);
$smarty->assign('editor_wysiswyg', $editor->return_editor('100%', 350));
$smarty->assign('categories', $categories);
$file = $config['BASE_DIR'] . '/media/photos/' . $value['PID'] . '.jpg';
if (file_exists($file)) {
@chmod($file, 0777);
@unlink($file);
}
$file = $config['BASE_DIR'] . '/media/photos/tmb/' . $value['PID'] . '.jpg';
if (file_exists($file)) {
@chmod($file, 0777);
@unlink($file);
}
}
$sql = "DELETE FROM photos WHERE AID = " . $aid;
$conn->execute($sql);
} else {
$sql = "SELECT UID FROM signup WHERE username = '******' LIMIT 1";
$rs = $conn->execute($sql);
$anon = intval($rs->fields['UID']);
$sql = "UPDATE albums SET UID = " . $anon . " WHERE AID = " . $aid . " LIMIT 1";
$conn->execute($sql);
$sql = "UPDATE signup SET total_albums = total_albums+1 WHERE UID = " . $anon . " LIMIT 1";
$conn->execute($sql);
}
$sql = "UPDATE signup SET total_albums = total_albums-1 WHERE UID = " . $uid . " LIMIT 1";
$conn->execute($sql);
$_SESSION['message'] = $lang['album.delete_msg'] . '!';
header('Location: ' . $config['BASE_URL'] . '/albums');
die;
}
if (isset($_POST['delete_no'])) {
VRedirect::go($config['BASE_URL'] . '/albums');
}
$mail->Body = nl2br($body);
$mail->AddAddress($email);
$mail->Send();
$mail->ClearAddresses();
$sql = "SELECT email_subject, email_path FROM emailinfo\n WHERE email_id = 'welcome' LIMIT 1";
$rs = $conn->execute($sql);
$email_subject = str_replace('{$site_title}', $config['site_title'], $rs->fields['email_subject']);
$email_path = $rs->fields['email_path'];
$body = $smarty->fetch($config['BASE_DIR'] . '/templates/' . $email_path);
$mail->Subject = $email_subject;
$mail->AltBody = $body;
$mail->Body = nl2br($body);
$mail->AddAddress($email);
$mail->Send();
$_SESSION['message'] = $lang['signup.msg'];
VRedirect::go($config['BASE_URL']);
}
}
$smarty->assign('errors', $errors);
$smarty->assign('err', $err);
$smarty->assign('messages', $messages);
$smarty->assign('menu', 'home');
$smarty->assign('signup', $signup);
$smarty->assign('self_title', $seo['signup_title']);
$smarty->assign('self_description', $seo['signup_desc']);
$smarty->assign('self_keywords', $seo['signup_keywords']);
$smarty->display('header.tpl');
$smarty->display('errors.tpl');
$smarty->display('messages.tpl');
$smarty->display('signup.tpl');
$smarty->display('footer.tpl');
$sql = "SELECT VID FROM video WHERE VID = " . $vid . " LIMIT 1";
$conn->execute($sql);
if ($conn->Affected_Rows()) {
$file = $config['BASE_DIR'] . '/media/videos/flv/' . $vid . '.flv';
if (file_exists($file) && is_file($file) && is_readable($file)) {
$conn->execute("UPDATE video SET download_num = download_num+1 WHERE VID = " . $vid . " LIMIT 1");
@ob_end_clean();
if (ini_get('zlib.output_compression')) {
ini_set('zlib.output_compression', 'Off');
}
header('Content-Type: application/force-download');
header('Content-Disposition: attachment; filename="' . basename($file) . '"');
header('Content-Transfer-Encoding: binary');
header('Accept-Ranges: bytes');
header('Cache-control: private');
header('Pragma: private');
header('Expires: Mon, 26 Jul 1997 05:00:00 GMT');
header('Content-Length: ' . filesize($file));
readfile($file);
exit;
} else {
VRedirect::go($config['BASE_URL'] . '/error');
}
} else {
VRedirect::go($config['BASE_URL'] . '/error');
}
} else {
$_SESSION['error'] = $lang['download.error'];
VRedirect::go($config['BASE_URL'] . '/signup');
}
die;
$suids = array();
foreach ($subscriptions as $subscription) {
$suids[] = $subscription['UID'];
}
$sql_add = " AND PREFIX.UID IN (" . implode(",", $suids) . ")";
} else {
$sql = "SELECT UID FROM signup WHERE username = '******' LIMIT 1";
$rs = $conn->execute($sql);
if (!$conn->Affected_Rows() === 1) {
VRedirect::go($config['BASE_URL'] . '/error/user_missing');
}
$UID = intval($rs->fields['UID']);
$sql = "SELECT SUID FROM video_subscribe WHERE UID = " . $uid . " AND SUID = " . $UID . " LIMIT 1";
$conn->execute($sql);
if (!$conn->Affected_Rows() === 1) {
VRedirect::go($config['BASE_URL'] . '/error');
}
$sql_add = " AND PREFIX.UID = " . $UID;
}
$total_feeds = 0;
if ($table == 'videos' || $table == 'all') {
$video_approve = $config['approve'] == '1' ? " AND v.active = '1'" : NULL;
$sql_count_videos = "SELECT COUNT(v.VID) AS total_videos\n FROM video AS v\n WHERE v.type = 'public'" . $video_approve . str_replace('PREFIX', 'v', $sql_add);
$rs = $conn->execute($sql_count_videos);
$total_videos = $rs->fields['total_videos'];
$total_feeds = $total_feeds + $total_videos;
$pagination = new Pagination(10);
$limit = $pagination->getLimit($total_videos);
$sql_videos = "SELECT v.VID, v.title, v.addtime, s.username\n FROM video AS v, signup AS s\n WHERE v.type = 'public'\n AND v.UID = s.UID" . $video_approve . str_replace('PREFIX', 'v', $sql_add) . "\n ORDER BY v.VID DESC LIMIT " . $limit;
$rs = $conn->execute($sql_videos);
$videos = $rs->getrows();
<?php
define('_VALID', true);
require 'include/config.php';
require 'include/function_global.php';
require 'include/function_smarty.php';
$vid = intval($_GET['id']);
if (isset($vid)) {
$sql = "SELECT server, ipod_filename FROM video WHERE VID = '" . mysql_real_escape_string($vid) . "' AND active = '1' LIMIT 1";
$rs = $conn->execute($sql);
if ($conn->Affected_Rows() == 1) {
$server = $rs->fields['server'];
$mobile_filename = $rs->fields['ipod_filename'];
}
}
if ($mobile_filename) {
if ($config['multi_server'] == '1' && $server != '') {
$MOBILE_URL = $server . '/iphone/' . $mobile_filename;
} else {
$MOBILE_URL = $config['BASE_URL'] . '/media/videos/iphone/' . $mobile_filename;
}
} else {
$MOBILE_URL = $config['BASE_URL'] . '/media/videos/iphone/no-video.mp4';
}
VRedirect::go($MOBILE_URL);
die;
define('_VALID', true);
define('_ADMIN', true);
include '../include/config.php';
$err = NULL;
$msg = NULL;
if (isset($_POST['submit_login'])) {
$username = trim($_POST['username']);
$password = trim($_POST['password']);
if ($username == '' or $password == '') {
$err = 'Please provide a username and password!';
} else {
if ($username == $config['admin_name'] && $password == $config['admin_pass']) {
$_SESSION['AUID'] = $config['admin_name'];
$_SESSION['APASSWORD'] = $config['admin_pass'];
VRedirect::go($config['BASE_URL'] . '/siteadmin/index.php');
} else {
$err = 'Invalid username and/or password!';
}
}
}
if (isset($_POST['submit_forgot'])) {
if (!isset($_SESSION['email_forgot'])) {
$_SESSION['email_forgot'] = 1;
}
if ($_SESSION['email_forgot'] == 3) {
$err = 'Please try again later!';
}
if ($err == '') {
require '../classes/email.class.php';
$mail = new VMail();
$is_friend = true;
if ($album['type'] == 'private') {
$UID = isset($_SESSION['uid']) ? intval($_SESSION['uid']) : NULL;
if ($UID) {
if ($UID != $album['UID']) {
$sql = "SELECT FID FROM friends \n WHERE ((UID = " . $uid . " AND FID = " . $UID . ")\n OR (UID = " . $UID . " AND FID = " . $uid . "))\n AND status = 'Confirmed'\n LIMIT 1";
$conn->execute($sql);
if ($conn->Affected_Rows() == 0) {
$is_friend = false;
}
}
} else {
$is_friend = false;
}
}
$ids = array();
$sql = "SELECT PID, caption FROM photos WHERE AID = " . $aid . " AND status = '1' ORDER BY PID ASC";
$rs = $conn->execute($sql);
$photos = $rs->getrows();
if ($conn->Affected_Rows() === 1) {
VRedirect::go($config['BASE_URL'] . '/photo/' . $photos['0']['PID']);
} else {
foreach ($photos as $photo) {
$ids[] = $photo['PID'];
}
$ids = 'var ids = new Array(' . implode(',', $ids) . ');';
}
$smarty->assign('slider', true);
$smarty->assign('photos', $photos);
$smarty->assign('ids', $ids);
$smarty->assign('is_friend', $is_friend);
<?php
defined('_VALID') or die('Restricted Access!');
require $config['BASE_DIR'] . '/classes/auth.class.php';
require $config['BASE_DIR'] . '/classes/filter.class.php';
Auth::check();
$uid = intval($_SESSION['uid']);
if (isset($_POST['delete_yes']) && $_POST['delete_yes'] == 'Yes') {
$sql = "DELETE FROM blog WHERE UID = " . $uid . " AND BID = " . $bid . " LIMIT 1";
$conn->execute($sql);
if ($conn->Affected_Rows() == 1) {
$_SESSION['message'] = $lang['blog.delete_msg'];
VRedirect::go($config['BASE_URL'] . '/user/' . $username . '/blog');
} else {
$errors[] = $lang['blog.delete_err'];
}
}
if (isset($_POST['delete_no']) && $_POST['delete_no'] == 'No') {
VRedirect::go($config['BASE_URL'] . '/user/' . $username . '/blog');
}
$smarty->assign('blog', $blog);
} else {
$sql = "SELECT CHID FROM channel WHERE name = '" . mysql_real_escape_string($name) . "' LIMIT 1";
$conn->execute($sql);
if ($conn->Affected_Rows() > 0) {
$errors[] = 'Category name \'' . htmlspecialchars($name, ENT_QUOTES, 'UTF-8') . ' is already used. Please choose another name!';
} else {
$channel['name'] = $name;
}
}
if ($_FILES['picture']['tmp_name'] == '') {
$errors[] = 'Please provide a category image!';
}
if (!$errors) {
$sql = "INSERT INTO channel (name) VALUES ('" . mysql_real_escape_string($name) . "')";
$conn->execute($sql);
$chid = $conn->Insert_ID();
require $config['BASE_DIR'] . '/classes/image.class.php';
$image = new VImageConv();
$image->process($_FILES['picture']['tmp_name'], $chimg . '/' . $chid . '.jpg', 'MAX_WIDTH', 140, 105);
$image->canvas(140, 105, '000000', true);
if ($errors) {
$sql = "DELETE FROM channel WHERE CHID = '" . mysql_real_escape_string($chid) . "' LIMIT 1";
$conn->execute($sql);
}
}
if (!$errors) {
$msg = 'Category Successfuly added!';
VRedirect::go('channels.php?msg=' . $msg);
}
}
$smarty->assign('channel', $channel);
$self_keywords = implode(', ', $video['keyword']) . $seo['video_keywords'];
if (is_numeric($new_permisions['bandwidth']) && $new_permisions['bandwidth'] != '-1') {
$user_limit_bandwidth = $new_permisions['bandwidth'];
$remote_ip = ip2long($remote_ip);
require $config['BASE_DIR'] . '/classes/bandwidth.class.php';
$guest_limit = VBandwidth::check($remote_ip, intval($video['space']));
}
if ($new_permisions['watch_normal_videos'] == 0) {
// nu are voie sa vada filme normale
if ($type_of_user == 'guest') {
$_SESSION['error'] = 'You need to register in order to watch videos';
VRedirect::go($config['BASE_URL'] . '/signup');
} elseif ($type_of_user == 'free') {
VRedirect::go($config['BASE_URL'] . '/error/free_watch_permission');
} elseif ($type_of_user == 'premium') {
VRedirect::go($config['BASE_URL'] . '/error/premium_watch_permission');
}
}
$smarty->assign('errors', $errors);
$smarty->assign('messages', $messages);
$smarty->assign('menu', 'videos');
$smarty->assign('submenu', '');
$smarty->assign('view', true);
$smarty->assign('autoheight', $autoheight);
$smarty->assign('player_width', $player_width);
$smarty->assign('video_width', $video_width);
$smarty->assign('video_height', $video_height);
$smarty->assign('embed_width', $embed_width);
$smarty->assign('embed_auto_height', $embed_auto_height);
$smarty->assign('hd', $hd);
$smarty->assign('video', $video);
} else {
$sql = "SELECT category_id FROM game_categories\n WHERE category_name = '" . mysql_real_escape_string($name) . "' LIMIT 1";
$conn->execute($sql);
if ($conn->Affected_Rows() > 0) {
$errors[] = 'Category name \'' . htmlspecialchars($name, ENT_QUOTES, 'UTF-8') . ' is already used. Please choose another name!';
} else {
$channel['name'] = $name;
}
}
if ($_FILES['picture']['tmp_name'] == '') {
$errors[] = 'Please provide a category image!';
}
if (!$errors) {
$sql = "INSERT INTO game_categories (category_name) VALUES ('" . mysql_real_escape_string($name) . "')";
$conn->execute($sql);
$chid = $conn->Insert_ID();
require $config['BASE_DIR'] . '/classes/image.class.php';
$image = new VImageConv();
$image->process($_FILES['picture']['tmp_name'], $chimg . '/' . $chid . '.jpg', 'MAX_WIDTH', 384, 216);
$image->canvas(384, 216, '000000', true);
if ($errors) {
$sql = "DELETE FROM game_categories WHERE category_id = '" . mysql_real_escape_string($chid) . "' LIMIT 1";
$conn->execute($sql);
}
}
if (!$errors) {
$msg = 'Category Successfuly added!';
VRedirect::go('channels.php?m=listgame&msg=' . $msg);
}
}
$smarty->assign('channel', $channel);
break;
case 'duration':
if (file_exists($config['HD_DIR'] . '/' . $VID . '.mp4')) {
$duration = get_video_duration($config['HD_DIR'] . '/' . $VID . '.mp4', $VID);
} elseif (file_exists($config['FLV_DIR'] . '/' . $VID . '.flv')) {
$duration = get_video_duration($config['FLV_DIR'] . '/' . $VID . '.flv', $VID);
} elseif (file_exists($config['FLV_DIR'] . '/' . $VID . '.mp4')) {
$duration = get_video_duration($config['FLV_DIR'] . '/' . $VID . '.mp4', $VID);
} else {
$duration = get_video_duration($config['IPHONE_DIR'] . '/' . $VID . '.mp4', $VID);
}
$sql = "UPDATE video SET duration = " . $duration . " WHERE VID = " . $VID . " LIMIT 1";
$conn->execute($sql);
$_SESSION['message'] = 'Duration regenerated successfuly!';
$remove = '&=duration&VID=' . $VID;
VRedirect::go('videos.php?m=' . $module_keep . '&page=' . $page);
break;
}
} else {
$err = 'Invalid video id. Video does not exist!?';
}
}
$query = constructQuery($module_keep);
$sql = $query['count'];
$rs = $conn->execute($sql);
$total_videos = $rs->fields['total_videos'];
$pagination = new Pagination($query['page_items']);
$limit = $pagination->getLimit($total_videos);
$paging = $pagination->getAdminPagination($remove);
$sql = $query['select'] . " LIMIT " . $limit;
$rs = $conn->execute($sql);
defined('_VALID') or die('Restricted Access!');
$access = true;
if ($config['private_msgs'] == 'friends') {
$sql = "SELECT FID FROM friends WHERE UID = " . $uid . " LIMIT 1";
$conn->execute($sql);
if ($conn->Affected_Rows() != 1) {
$access = false;
$_URL = $config['BASE_URL'] . '/error/private_messages_friends';
}
} elseif ($config['private_msgs'] == 'disabled') {
$access = false;
$_URL = $config['BASE_URL'] . '/error/private_messages_disabled';
}
if (!$access) {
VRedirect::go($_URL);
}
require $config['BASE_DIR'] . '/classes/filter.class.php';
require $config['BASE_DIR'] . '/classes/validation.class.php';
$filter = new VFilter();
$subject = $filter->get('s', 'STRING', 'GET');
$compose = array('receiver' => '', 'friend' => '', 'subject' => $subject, 'body' => '', 'save_outbox' => 1, 'send_self' => 0);
if (isset($query['1']) && $query['1'] != '') {
$valid = new VValidation();
if ($valid->usernameExists($query['1'])) {
$compose['receiver'] = $query['1'];
}
}
if (isset($_POST['send_mail'])) {
$valid = new VValidation();
$receiver = $filter->get('receiver');
VRedirect::go($config['BASE_URL'] . '/error/user_missing');
}
$user = $rs->getrows();
$user = $user['0'];
$username = strtoupper($user['username']);
$module = NULL;
$modules = array('default', 'video', 'photo', 'game');
$request = isset($_SERVER['REQUEST_URI']) ? $_SERVER['REQUEST_URI'] : NULL;
$request = isset($_SERVER['QUERY_STRING']) ? str_replace('?' . $_SERVER['QUERY_STRING'], '', $request) : $request;
$query = explode('/', $request);
if (is_array($query)) {
foreach ($query as $key => $value) {
if ($value == 'upload') {
$module = isset($query[$key + 1]) ? $query[$key + 1] : 'default';
if (!in_array($module, $modules)) {
VRedirect::go($config['BASE_URL'] . '/error/missing');
}
}
}
}
function getAnonymousUID()
{
global $conn;
$sql = "SELECT UID FROM signup WHERE username = '******' LIMIT 1";
$rs = $conn->execute($sql);
return intval($rs->fields['UID']);
}
if ($module == 'default') {
$module_template = 'upload.tpl';
} else {
$module_template = 'upload_' . $module . '.tpl';
$errors[] = $_SESSION['error'];
unset($_SESSION['error']);
}
$remote_ip = isset($_SERVER['REMOTE_ADDR']) && long2ip(ip2long($_SERVER['REMOTE_ADDR'])) ? $_SERVER['REMOTE_ADDR'] : NULL;
if (isset($_SESSION['uid'])) {
$sid = intval($_SESSION['uid']);
if ($remote_ip) {
$sql = "UPDATE signup SET user_ip = '" . mysql_real_escape_string($remote_ip) . "' WHERE UID = " . $sid . " LIMIT 1";
$conn->execute($sql);
}
}
if ($remote_ip) {
$sql = "SELECT ban_id FROM bans WHERE ban_ip = '" . mysql_real_escape_string($remote_ip) . "' LIMIT 1";
$conn->execute($sql);
if ($conn->Affected_Rows() > 0) {
VRedirect::go($config['BASE_URL'] . '?msg=You are banned from this site!');
}
}
if ($config['user_remember'] == '1') {
Remember::check();
}
require 'smarty.php';
if ($config['submenu_tag_scroller'] == '1') {
$tags = array();
$sql = "SELECT keyword FROM video WHERE active = '1' ORDER BY viewnumber LIMIT 10";
$rs = $conn->execute($sql);
$rows = $rs->getrows();
foreach ($rows as $row) {
$tag_arr = explode(' ', $row['keyword']);
foreach ($tag_arr as $tag) {
if (strlen($tag) > 3 && !in_array($tag, $tags)) {
$image->process($avatar_tmp, $dst, 'MAX_HEIGHT', 240, 200);
$image->resize(true);
if (file_exists($dst) && filesize($dst) > 100) {
$_SESSION['message'] = $lang['user.avatar_upload_msg'];
$_SESSION['uploaded'] = true;
VRedirect::go($config['BASE_URL'] . '/user/avatar');
}
}
}
}
if (isset($_POST['avatar_crop_submit'])) {
$filter = new VFilter();
$x = $filter->get('x1', 'INTEGER');
$y = $filter->get('y1', 'INTEGER');
$width = $filter->get('width', 'INTEGER');
$height = $filter->get('height', 'INTEGER');
$uid = $user['UID'];
$src = $config['BASE_DIR'] . '/media/users/orig/' . $uid . '.jpg';
$dst = $config['BASE_DIR'] . '/media/users/' . $uid . '.jpg';
$image = new VImageConv();
$image->process($src, $dst, 'EXACT', 100, 120);
$image->crop($x, $y, $width, $height, true);
if (file_exists($dst) && filesize($dst) > 100) {
$sql = "UPDATE signup SET photo = '" . intval($user['UID']) . ".jpg' WHERE UID = " . intval($uid) . " LIMIT 1";
$conn->execute($sql);
$_SESSION['message'] = $lang['user.avatar_crop_msg'];
VRedirect::go($config['BASE_URL'] . '/user/avatar');
}
}
$smarty->assign('crop', $crop);
$smarty->assign('uploaded', $uploaded);
<?php
defined('_VALID') or die('Restricted Access!');
require $config['BASE_DIR'] . '/classes/auth.class.php';
$auth = new Auth();
$auth->check();
// we dont cache anything here...needed for the album avatar update!
header('Expires: Mon, 26 Jul 1997 05:00:00 GMT');
header('Cache-Control: no-store, no-cache, must-revalidate');
header('Cache-Control: post-check=0, pre-check=0', false);
header('Pragma: no-cache');
if (isset($_SESSION['uid']) && $uid != $_SESSION['uid']) {
VRedirect::go($config['BASE_URL'] . '/error/album_permission');
}
if (isset($_POST['submit_album_edit'])) {
require $config['BASE_DIR'] . '/classes/filter.class.php';
require $config['BASE_DIR'] . '/classes/image.class.php';
$filter = new VFilter();
$name = $filter->get('album_name');
$category = $filter->get('album_category');
$tags = $filter->get('album_tags');
$type = $filter->get('album_type');
$x = $filter->get('x1', 'INTEGER');
$y = $filter->get('y1', 'INTEGER');
$width = $filter->get('width', 'INTEGER');
$height = $filter->get('height', 'INTEGER');
$pid = $filter->get('photo', 'INTEGER');
$random = $filter->get('random');
if ($width < 50 || $width > 580 || $height != $width) {
$x = $filter->get('x1-i', 'INTEGER');
$y = $filter->get('y1-i', 'INTEGER');
<?php
define('_VALID', true);
require 'include/config.php';
require 'include/function_global.php';
require 'include/function_smarty.php';
require 'classes/pagination.class.php';
if ($config['game_module'] == '0') {
VRedirect::go($config['BASE_URL'] . '/error/page_invalid');
}
$sql = "SELECT * FROM game_categories WHERE status = '1' ORDER BY category_name ASC";
$rs = $conn->execute($sql);
$categories = $rs->getrows();
$type = isset($_GET['type']) && ($_GET['type'] == 'private' or $_GET['type'] == 'public') ? $_GET['type'] : NULL;
$category = isset($_GET['c']) ? intval($_GET['c']) : 0;
$orders = array('bp', 'mr', 'mp', 'tr', 'md', 'tf');
$order = isset($_GET['o']) && in_array($_GET['o'], $orders) ? $_GET['o'] : 'bp';
$timeframes = array('t', 'w', 'm', 'a');
$timeframe = isset($_GET['t']) && in_array($_GET['t'], $timeframes) ? $_GET['t'] : 'a';
$sql_add = NULL;
$sql_add_count = NULL;
$sql_delim = ' WHERE ';
$title_t = NULL;
$title_c = NULL;
$title_o = NULL;
$title_p = NULL;
if ($type != '') {
$title_p = ' ' . ucfirst($type == 'private' ? $lang['global.private'] : $lang['global.public']);
$sql_add = $sql_delim . " type = '" . $type . "'";
$sql_add_count = $sql_delim . " type = '" . $type . "'";
$sql_delim = ' AND';
<?php
define('_VALID', true);
require 'include/config.php';
require 'include/function_global.php';
require 'include/function_smarty.php';
require 'classes/filter.class.php';
require 'classes/pagination.class.php';
$filter = new VFilter();
$search_query = $filter->get('search_query', 'STRING', 'GET');
$search_type = $filter->get('search_type', 'STRING', 'GET');
$search_types = array('videos', 'photos', 'users', 'games');
if (!in_array($search_type, $search_types)) {
VRedirect::go($config['BASE_URL'] . '/error/invalid_search_type');
}
$module = 'modules/search/' . $search_type . '.php';
$module_template = 'search_' . $search_type . '.tpl';
require $module;
$self_title = strtoupper($search_type) . " - " . str_replace('{#search_query#}', $search_query, $seo['search_title']);
$smarty->assign('errors', $errors);
$smarty->assign('messages', $messages);
$smarty->assign('menu', 'home');
$smarty->assign('search_query', $search_query);
$smarty->assign('search_type', $search_type);
$smarty->assign('self_title', $self_title);
$smarty->assign('self_description', $seo['search_desc']);
$smarty->assign('self_keywords', $seo['search_keywords']);
$smarty->display('header.tpl');
$smarty->display('errors.tpl');
$smarty->display('messages.tpl');
$smarty->display($module_template);
<?php
define('_VALID', true);
require 'include/config.php';
require 'include/function_global.php';
require 'include/function_smarty.php';
require 'include/function_notice.php';
require 'classes/pagination.class.php';
$NID = get_request_arg('notice');
if (!$NID) {
VRedirect::go($config['BASE_URL'] . '/error');
}
$sql = "SELECT n.NID, n.UID, n.title, n.content, n.total_comments, n.addtime, s.username\n FROM notice AS n, signup AS s WHERE status ='1' AND n.UID = s.UID AND n.NID = " . $NID . " LIMIT 1";
$rs = $conn->execute($sql);
if ($conn->Affected_Rows() != 1) {
VRedirect::go($config['BASE_URL'] . '/error/invalid_notice');
}
$notice = $rs->getrows();
$notice = $notice['0'];
$sql = "UPDATE notice SET total_views = total_views+1 WHERE NID = " . $NID . " LIMIT 1";
$conn->execute($sql);
$sql = "SELECT COUNT(CID) AS total_comments FROM notice_comments WHERE NID = " . $NID . " AND status = '1'";
$rsc = $conn->execute($sql);
$total = $rsc->fields['total_comments'];
$pagination = new Pagination(10);
$limit = $pagination->getLimit($total);
$sql = "SELECT c.CID, c.UID, c.comment, c.addtime, s.username, s.photo, s.gender\n FROM notice_comments AS c, signup AS s \n WHERE c.NID = " . $NID . " AND c.status = '1' AND c.UID = s.UID\n ORDER BY c.addtime DESC LIMIT " . $limit;
$rs = $conn->execute($sql);
$comments = $rs->getrows();
$page_link = $pagination->getPagination('notice/' . $NID, 'p_notice_comments_' . $NID . '_');
$page_link_b = $pagination->getPagination('notice/' . $NID, 'pp_notice_comments_' . $NID . '_');
}
if ($content == '') {
$errors[] = $lang['blog.edit_content_empty'];
$err['content'] = 1;
} elseif (strlen($content) > 3000) {
$errors[] = $lang['blog.edit_content_big'];
$err['title'] = 1;
} else {
$blog_content = $content;
}
if (!$errors) {
$content = strip_tags($content);
$sql = "UPDATE blog SET title = '" . mysql_real_escape_string($blog_title) . "', \n content = '" . mysql_real_escape_string($content) . "'\n WHERE BID = " . $bid . " AND UID = " . $uid . " LIMIT 1";
$conn->execute($sql);
$_SESSION['message'] = 'Blog was sucessfully updated!';
VRedirect::go($config['BASE_URL'] . '/blog/' . $bid);
}
}
$sql = "SELECT title, content FROM blog WHERE BID = " . $bid . " LIMIT 1";
$rs = $conn->execute($sql);
$blog_title = $rs->fields['title'];
$blog_base_url = str_replace('/', '\\/', $config['BASE_URL']);
$blog_content = $rs->fields['content'];
$sql = "SELECT * FROM signup WHERE UID = " . $uid . " LIMIT 1";
$rs = $conn->execute($sql);
$user = $rs->getrows();
$user = $user['0'];
$smarty->assign('editor', true);
$smarty->assign('bid', $bid);
$smarty->assign('blog_title', $blog_title);
$smarty->assign('blog_content', $blog_content);
