static function auth($login, $password) { $login = functions::check($login); $password = functions::check($password); $error = ""; if (!empty($login) && !empty($password)) { $user = users::getUser(1, $login, $password); if ($user->id > 0) { $_SESSION["s_user"] = $user->toArray(); } else { $error = "Вы ввели не верные логин или пароль"; } } else { $error = "Необходимо заполнить все поля"; } return $error; }
*/ defined('_IN_JOHNCMS') or die('Error: restricted access'); require_once '../incfiles/head.php'; echo '<div class="phdr"><a href="index.php"><b>' . $lng['downloads'] . '</b></a> | ' . $lng['search'] . '</div>'; if (!empty($_GET['srh'])) { $srh = functions::check($_GET['srh']); } else { if ($_POST['srh'] == "") { echo functions::display_error($lng_dl['search_string_empty'], '<a href="index.php">' . $lng['back'] . '</a>'); require_once '../incfiles/end.php'; exit; } $srh = functions::check($_POST['srh']); } if (!empty($_GET['srh'])) { $srh = functions::check($_GET['srh']); } $psk = mysql_query("select * from `download` where type='file' ;"); if (empty($_GET['start'])) { $start = 0; } else { $start = $_GET['start']; } while ($array = mysql_fetch_array($psk)) { if (stristr($array['name'], $srh)) { $res[] = $lng_dl['found_by_name'] . ":<br/><a href='?act=view&file=" . $array['id'] . "'>{$array['name']}</a><br/>"; } if (stristr($array['text'], $srh)) { $res[] = $lng_dl['found_by_description'] . ":<br/><a href='?act=view&file=" . $array['id'] . "'>{$array['name']}</a><br/>{$array['text']}<br/>"; } }
defined('_IN_JOHNCMS') or die('Error: restricted access'); require_once "../incfiles/head.php"; if ($rights == 4 || $rights >= 6) { if (empty($_GET['cat'])) { $loaddir = $loadroot; } else { $cat = intval($_GET['cat']); provcat($cat); $cat1 = mysql_query("select * from `download` where type = 'cat' and id = '" . $cat . "';"); $adrdir = mysql_fetch_array($cat1); $loaddir = "{$adrdir['adres']}/{$adrdir['name']}"; } if (isset($_POST['submit'])) { $url = trim($_POST['url']); $opis = functions::check($_POST['opis']); $newn = functions::check($_POST['newn']); $tipf = functions::format($url); if (eregi("[^a-z0-9.()+_-]", $newn)) { echo "В новом названии файла <b>{$newn}</b> присутствуют недопустимые символы<br/>Разрешены только латинские символы, цифры и некоторые знаки ( .()+_- )<br /><a href='?act=import&cat=" . $cat . "'>Повторить</a><br/>"; require_once '../incfiles/end.php'; exit; } $import = "{$loaddir}/{$newn}.{$tipf}"; $files = file("{$import}"); if (!$files) { if (copy($url, $import)) { $ch = "{$newn}.{$tipf}"; echo "Файл успешно загружен<br/>"; mysql_query("insert into `download` values(0,'{$cat}','" . mysql_real_escape_string($loaddir) . "','" . time() . "','" . mysql_real_escape_string($ch) . "','file','','','','" . $opis . "','');"); } else { echo "Загрузка файла не удалась!<br/>";
if (!empty($_SESSION['uid'])) { if (!empty($_GET['act'])) { $act = $_GET['act']; } switch ($act) { case "add": echo '<div class="phdr">' . $lng_pm['add_to_ignor'] . '</div>'; echo "<form action='ignor.php?act=edit&add=1' method='post'>" . $lng_pm['enter_nick'] . "<br/>"; echo "<input type='text' name='nik' value='' /><br/><input type='submit' value='" . $lng['add'] . "' /></form>"; echo '<a href="ignor.php">' . $lng['back'] . '</a><br/>'; break; case "edit": if (!empty($_POST['nik'])) { $nik = functions::check($_POST['nik']); } elseif (!empty($_GET['nik'])) { $nik = functions::check($_GET['nik']); } else { if (empty($_GET['id'])) { echo "ERROR!<br/><a href='ignor.php'>Back</a><br/>"; require_once '../incfiles/end.php'; exit; } $nk = mysql_query("select * from `users` where id='" . $id . "';"); $nk1 = mysql_fetch_array($nk); $nik = $nk1['name']; } if (!empty($_GET['add'])) { $add = intval($_GET['add']); } $adc = mysql_query("select * from `privat` where me='" . $login . "' and ignor='" . $nik . "';"); $adc1 = mysql_num_rows($adc);
// Проверка на флуд $flood = functions::antiflood(); if ($flood) { require '../incfiles/head.php'; echo functions::display_error($lng['error_flood'] . ' ' . $flood . $lng['sec'] . ', <a href="index.php?id=' . $id . '&start=' . $start . '">' . $lng['back'] . '</a>'); require '../incfiles/end.php'; exit; } $req_r = mysql_query("SELECT * FROM `forum` WHERE `id` = '{$id}' AND `type` = 'r' LIMIT 1"); if (!mysql_num_rows($req_r)) { require '../incfiles/head.php'; echo functions::display_error($lng['error_wrong_data']); require '../incfiles/end.php'; exit; } $th = isset($_POST['th']) ? functions::check(mb_substr(trim($_POST['th']), 0, 100)) : ''; $msg = isset($_POST['msg']) ? functions::checkin(trim($_POST['msg'])) : ''; $buzz_prefix = $_POST['tiento']; if (isset($_POST['msgtrans'])) { $th = functions::trans($th); $msg = functions::trans($msg); } $msg = preg_replace_callback('~\\[url=(http://.+?)\\](.+?)\\[/url\\]|(http://(www.)?[0-9a-zA-Z\\.-]+\\.[0-9a-zA-Z]{2,6}[0-9a-zA-Z/\\?\\.\\~&_=/%-:#]*)~', 'forum_link', $msg); if (isset($_POST['submit']) && isset($_POST['token']) && isset($_SESSION['token']) && $_POST['token'] == $_SESSION['token']) { $error = array(); if (empty($th)) { $error[] = $lng_forum['error_topic_name']; } if (mb_strlen($th) < 2) { $error[] = $lng_forum['error_topic_name_lenght']; }
if ($rights == 4 || $rights >= 6) { if (!empty($_GET['cat'])) { $cat = intval($_GET['cat']); } if (isset($_POST['submit'])) { if (empty($cat)) { $droot = $loadroot; } else { $cat = intval(trim($cat)); provcat($cat); $cat1 = mysql_query("select * from `download` where type = 'cat' and id = '" . $cat . "';"); $adrdir = mysql_fetch_array($cat1); $droot = "{$adrdir['adres']}/{$adrdir['name']}"; } $drn = functions::check($_POST['drn']); $rusn = functions::check($_POST['rusn']); $mk = mkdir("{$droot}/{$drn}", 0777); if ($mk == true) { chmod("{$droot}/{$drn}", 0777); echo "Папка создана<br/>"; mysql_query("insert into `download` values(0,'" . $cat . "','" . $droot . "','" . time() . "','" . $drn . "','cat','','','','" . $rusn . "','');"); $categ = mysql_query("select * from `download` where type = 'cat' and name='{$drn}' and refid = '" . $cat . "';"); $newcat = mysql_fetch_array($categ); echo "»<a href='?cat=" . $newcat[id] . "'>В папку</a><br/>"; } else { echo "ERROR<br/>"; } } else { echo "<form action='?act=makdir&cat=" . intval($_GET['cat']) . "' method='post'>\n <p>" . $lng_dl['folder_name'] . "<br />\n <input type='text' name='drn'/></p>\n <p>" . $lng_dl['folder_name_for_list'] . ":<br/>\n <input type='text' name='rusn'/></p>\n <p><input type='submit' name='submit' value='Создать'/></p>\n </form>"; } }
$ms = mysql_fetch_assoc($typ); if ($ms[type] != "t") { require '../incfiles/head.php'; echo functions::display_error($lng['error_wrong_data']); require '../incfiles/end.php'; exit; } if (isset($_POST['submit'])) { $nn = isset($_POST['nn']) ? functions::check($_POST['nn']) : false; if (!$nn) { require '../incfiles/head.php'; echo functions::display_error($lng_forum['error_topic_name'], '<a href="index.php?act=ren&id=' . $id . '">' . $lng['repeat'] . '</a>'); require '../incfiles/end.php'; exit; } $bz = isset($_POST['bz']) ? functions::check($_POST['bz']) : false; if (!$bz) { require '../incfiles/head.php'; echo functions::display_error($lng_forum['error_topic_name'], '<a href="index.php?act=ren&id=' . $id . '">' . $lng['repeat'] . '</a>'); require '../incfiles/end.php'; exit; } // Periksa apakah ada topik dengan nama yang sama? $pt = mysql_query("SELECT * FROM `forum` WHERE `type` = 't' AND `refid` = '" . $ms['refid'] . "' and text='{$nn}' LIMIT 1"); if (mysql_num_rows($pt) != 0) { require '../incfiles/head.php'; echo functions::display_error($lng_forum['error_topic_exists'], '<a href="index.php?act=ren&id=' . $id . '">' . $lng['repeat'] . '</a>'); require '../incfiles/end.php'; exit; } mysql_query("update `forum` set text='" . $nn . "',tiento='" . $bz . "' where id='" . $id . "';");
if (isset($_POST['submit'])) { // Проверка на флуд $flood = functions::antiflood(); if ($flood) { require_once '../incfiles/head.php'; echo functions::display_error('Вы не можете так часто добавлять сообщения<br />Пожалуйста, подождите ' . $flood . ' сек.', '<a href="index.php?act=komm&id=' . $id . '">Назад</a>'); require_once '../incfiles/end.php'; exit; } if ($_POST['msg'] == "") { require_once "../incfiles/head.php"; echo "Вы не ввели сообщение!<br/><a href='?act=komm&id=" . $id . "'>К комментариям</a><br/>"; require_once '../incfiles/end.php'; exit; } $msg = functions::check($_POST['msg']); if ($_POST[msgtrans] == 1) { $msg = functions::trans($msg); } $msg = mb_substr($msg, 0, 500); $agn = strtok($agn, ' '); mysql_query("insert into `download` values(0,'{$id}','','" . time() . "','','komm','{$login}','" . long2ip($ip) . "','" . $agn . "','" . $msg . "','');"); $fpst = $datauser['komm'] + 1; mysql_query("UPDATE `users` SET\n\t\t`komm`='" . $fpst . "',\n\t\t`lastpost` = '" . time() . "'\n\t\tWHERE `id`='" . $user_id . "'"); header("Location: index.php?act=komm&id={$id}"); } else { require_once "../incfiles/head.php"; echo "Напишите комментарий<br/><br/><form action='?act=addkomm&id=" . $id . "' method='post'>\nCообщение(max. 500)<br/>\n<textarea rows='3' title='Введите комментарий' name='msg' ></textarea><br/><br/>\n<input type='checkbox' name='msgtrans' value='1' title='Поставьте флажок для транслитерации сообщения' /> Транслит<br/>\n<input type='submit' title='Нажмите для отправки' name='submit' value='добавить' />\n </form><br/>"; echo '<a href="index.php?act=trans">Транслит</a><br /><a href="../str/smile.php">' . $lng['smileys'] . '</a><br/>'; } } else {
Редактирование выбранной категории, или раздела ----------------------------------------------------------------- */ if (!$id) { echo functions::display_error($lng['error_wrong_data'], '<a href="index.php?act=forum">' . $lng_forum['forum_management'] . '</a>'); require '../incfiles/end.php'; exit; } $req = mysql_query("SELECT * FROM `forum` WHERE `id` = '{$id}'"); if (mysql_num_rows($req)) { $res = mysql_fetch_assoc($req); if ($res['type'] == 'f' || $res['type'] == 'r') { if (isset($_POST['submit'])) { // Принимаем данные $name = isset($_POST['name']) ? functions::check($_POST['name']) : ''; $desc = isset($_POST['desc']) ? functions::check($_POST['desc']) : ''; $category = isset($_POST['category']) ? intval($_POST['category']) : 0; // проверяем на ошибки $error = array(); if ($res['type'] == 'r' && !$category) { $error[] = $lng_forum['error_category_select']; } elseif ($res['type'] == 'r' && !mysql_result(mysql_query("SELECT COUNT(*) FROM `forum` WHERE `id` = '{$category}' AND `type` = 'f'"), 0)) { $error[] = $lng_forum['error_category_select']; } if (!$name) { $error[] = $lng['error_empty_title']; } if ($name && (mb_strlen($name) < 2 || mb_strlen($name) > 30)) { $error[] = $lng['title'] . ': ' . $lng['error_wrong_lenght']; } if ($desc && mb_strlen($desc) < 2) {
echo functions::display_error($lng['error_wrong_data']); require_once '../incfiles/end.php'; exit; } mysql_query("UPDATE `cms_counters` SET\n `name` = '" . functions::check($name) . "',\n `link1` = '" . mysql_real_escape_string($link1) . "',\n `link2` = '" . mysql_real_escape_string($link2) . "',\n `mode` = '{$mode}'\n WHERE `id` = '{$id}'"); } else { // Получаем значение сортировки $req = mysql_query("SELECT `sort` FROM `cms_counters` ORDER BY `sort` DESC LIMIT 1"); if (mysql_num_rows($req) > 0) { $res = mysql_fetch_array($req); $sort = $res['sort'] + 1; } else { $sort = 1; } // Режим добавления mysql_query("INSERT INTO `cms_counters` SET\n `name` = '" . functions::check($name) . "',\n `sort` = '{$sort}',\n `link1` = '" . mysql_real_escape_string($link1) . "',\n `link2` = '" . mysql_real_escape_string($link2) . "',\n `mode` = '{$mode}'"); } echo '<div class="gmenu"><p>' . ($id ? $lng['counter_edit_conf'] : $lng['counter_add_conf']) . '</p></div>'; break; default: /* ----------------------------------------------------------------- Вывод списка счетчиков ----------------------------------------------------------------- */ echo '<div class="phdr"><a href="index.php"><b>' . $lng['admin_panel'] . '</b></a> | ' . $lng['counters'] . '</div>'; $req = mysql_query("SELECT * FROM `cms_counters` ORDER BY `sort` ASC"); if (mysql_num_rows($req)) { $i = 0; while ($res = mysql_fetch_assoc($req)) { echo $i % 2 ? '<div class="list2">' : '<div class="list1">';
require_once "../incfiles/head.php"; if ($rights == 4 || $rights >= 6) { if ($_GET['file'] == "") { echo $lng_dl['file_not_selected'] . "<br/><a href='?'>" . $lng['back'] . "</a><br/>"; require_once '../incfiles/end.php'; exit; } $file = intval($_GET['file']); $file1 = mysql_query("SELECT * FROM `download` WHERE `type` = 'file' AND `id` = '" . $file . "';"); $file2 = mysql_num_rows($file1); $adrfile = mysql_fetch_array($file1); if ($file1 == 0 || !is_file("{$adrfile['adres']}/{$adrfile['name']}")) { echo $lng_dl['file_not_selected'] . "<br/><a href='?'>" . $lng['back'] . "</a><br/>"; require_once '../incfiles/end.php'; exit; } $stt = "{$adrfile['text']}"; if (isset($_POST['submit'])) { $newt = functions::check($_POST['newt']); mysql_query("update `download` set `text`='" . $newt . "' where `id`='" . $file . "';"); echo $lng_dl['description_changed'] . "<br/>"; } else { $str = str_replace("<br/>", "\r\n", $adrfile['text']); echo "<form action='?act=opis&file=" . $file . "' method='post'>"; echo $lng['description'] . ':<br/><textarea rows="4" name="newt">' . $str . '</textarea><br/>'; echo "<input type='submit' name='submit' value='Изменить'/></form><br/>"; } } else { echo "Нет доступа!"; } echo "<p><a href='?act=view&file=" . $file . "'>" . $lng['back'] . "</a></p>";
mysql_query("UPDATE `forum` SET\n `refid` = '{$razd}'\n WHERE `id` = '{$id}'\n "); header("Location: index.php?id={$id}"); } else { /* ----------------------------------------------------------------- Перенос темы ----------------------------------------------------------------- */ $ms = mysql_fetch_assoc($typ); require '../incfiles/head.php'; if (empty($_GET['other'])) { $rz = mysql_query("select * from `forum` where id='" . $ms['refid'] . "';"); $rz1 = mysql_fetch_assoc($rz); $other = $rz1['refid']; } else { $other = intval(functions::check($_GET['other'])); } $fr = mysql_query("select * from `forum` where id='" . $other . "';"); $fr1 = mysql_fetch_assoc($fr); echo '<div class="phdr"><a href="index.php?id=' . $id . '"><b>' . $lng['forum'] . '</b></a> | ' . $lng_forum['topic_move'] . '</div>' . '<form action="index.php?act=per&id=' . $id . '" method="post">' . '<div class="gmenu"><p>' . '<h3>' . $lng['category'] . '</h3>' . $fr1['text'] . '</p>' . '<p><h3>' . $lng['section'] . '</h3>' . '<select name="razd">'; $raz = mysql_query("SELECT * FROM `forum` WHERE `refid` = '{$other}' AND `type` = 'r' AND `id` != '" . $ms['refid'] . "' ORDER BY `realid` ASC"); while ($raz1 = mysql_fetch_assoc($raz)) { echo '<option value="' . $raz1['id'] . '">' . $raz1['text'] . '</option>'; } echo '</select></p>' . '<p><input type="submit" name="submit" value="' . $lng['move'] . '"/></p>' . '</div></form>' . '<div class="phdr">' . $lng_forum['other_categories'] . '</div>'; $frm = mysql_query("SELECT * FROM `forum` WHERE `type` = 'f' AND `id` != '{$other}' ORDER BY `realid` ASC"); while ($frm1 = mysql_fetch_assoc($frm)) { echo $i % 2 ? '<div class="list2">' : '<div class="list1">'; echo '<a href="index.php?act=per&id=' . $id . '&other=' . $frm1['id'] . '">' . $frm1['text'] . '</a></div>'; ++$i; }
if (empty($error)) { mysql_query("INSERT INTO `cms_mail` SET\n\t\t`user_id` = '" . $user_id . "',\n\t\t`from_id` = '" . $id . "',\n\t\t`text` = '" . mysql_real_escape_string($text) . "',\n\t\t`time` = '" . time() . "',\n\t\t`file_name` = '" . mysql_real_escape_string($newfile) . "',\n\t\t`size` = '" . $sizefile . "'") or die(mysql_error()); mysql_query("UPDATE `users` SET `lastpost` = '" . time() . "' WHERE `id` = '{$user_id}';"); if ($ch == 0) { mysql_query("UPDATE `cms_contact` SET `time` = '" . time() . "' WHERE `user_id` = '" . $user_id . "' AND\n\t\t\t`from_id` = '" . $id . "';"); mysql_query("UPDATE `cms_contact` SET `time` = '" . time() . "' WHERE `user_id` = '" . $id . "' AND\n\t\t\t`from_id` = '" . $user_id . "';"); } Header('Location: index.php?act=write' . ($id ? '&id=' . $id : '')); exit; } else { $out .= '<div class="rmenu">' . implode('<br />', $error) . '</div>'; } } if (!functions::is_ignor($id) && empty($ban['1']) && empty($ban['3'])) { $out .= isset($_SESSION['error']) ? $_SESSION['error'] : ''; $out .= '<div class="gmenu">' . '<form name="form" action="index.php?act=write' . ($id ? '&id=' . $id : '') . '" method="post" enctype="multipart/form-data">' . ($id ? '' : '<p><input type="text" name="nick" maxlength="15" value="' . (!empty($_POST['nick']) ? functions::check($_POST['nick']) : '') . '" placeholder="' . $lng_mail['to_whom'] . '?"/></p>') . '<p>'; if (!$is_mobile) { $out .= bbcode::auto_bb('form', 'text'); } $out .= '<textarea rows="' . $set_user['field_h'] . '" name="text"></textarea></p>'; if ($set_user['translit']) { $out .= '<input type="checkbox" name="msgtrans" value="1" ' . (isset($_POST['msgtrans']) ? 'checked="checked" ' : '') . '/> ' . $lng['translit'] . '<br />'; } $out .= '<p><input type="file" name="fail" style="width: 100%; max-width: 160px"/></p>'; $out .= '<p><input type="submit" name="submit" value="' . $lng['sent'] . '"/></p>' . '</form></div>' . '<div class="phdr"><b>' . ($id && isset($qs) ? $lng_mail['personal_correspondence'] . ' ' . $qs['name'] : $lng_mail['sending_the_message']) . '</b></div>'; } if ($id) { $total = mysql_result(mysql_query("SELECT COUNT(*) FROM `cms_mail` WHERE ((`user_id`='{$id}' AND `from_id`='{$user_id}') OR (`user_id`='{$user_id}' AND `from_id`='{$id}')) AND `sys`!='1' AND `delete`!='{$user_id}' AND `spam`='0'"), 0); if ($total) { if ($total > $kmess) { $out .= '<div class="topmenu">' . functions::display_pagination('index.php?act=write&id=' . $id . '&', $start, $total, $kmess) . '</div>';
echo '<div class="phdr"><a href="index.php"><b>' . $lng['admin_panel'] . '</b></a> | ' . $lng['site_settings'] . '</div>'; if (isset($_POST['submit'])) { /* ----------------------------------------------------------------- Сохраняем настройки системы ----------------------------------------------------------------- */ mysql_query("UPDATE `cms_settings` SET `val`='" . functions::check($_POST['skindef']) . "' WHERE `key` = 'skindef'"); mysql_query("UPDATE `cms_settings` SET `val`='" . mysql_real_escape_string(htmlspecialchars($_POST['madm'])) . "' WHERE `key` = 'email'"); mysql_query("UPDATE `cms_settings` SET `val`='" . intval($_POST['timeshift']) . "' WHERE `key` = 'timeshift'"); mysql_query("UPDATE `cms_settings` SET `val`='" . functions::check($_POST['copyright']) . "' WHERE `key` = 'copyright'"); mysql_query("UPDATE `cms_settings` SET `val`='" . functions::check(preg_replace("#/\$#", '', trim($_POST['homeurl']))) . "' WHERE `key` = 'homeurl'"); mysql_query("UPDATE `cms_settings` SET `val`='" . intval($_POST['flsz']) . "' WHERE `key` = 'flsz'"); mysql_query("UPDATE `cms_settings` SET `val`='" . isset($_POST['gz']) . "' WHERE `key` = 'gzip'"); mysql_query("UPDATE `cms_settings` SET `val`='" . functions::check($_POST['meta_key']) . "' WHERE `key` = 'meta_key'"); mysql_query("UPDATE `cms_settings` SET `val`='" . functions::check($_POST['meta_desc']) . "' WHERE `key` = 'meta_desc'"); $req = mysql_query("SELECT * FROM `cms_settings`"); $set = array(); while ($res = mysql_fetch_row($req)) { $set[$res[0]] = $res[1]; } echo '<div class="rmenu">' . $lng['settings_saved'] . '</div>'; } /* ----------------------------------------------------------------- Форма ввода параметров системы ----------------------------------------------------------------- */ echo '<form action="index.php?act=settings" method="post"><div class="menu">'; // Общие настройки echo '<p>' . '<h3>' . $lng['common_settings'] . '</h3>' . $lng['site_url'] . ':<br/>' . '<input type="text" name="homeurl" value="' . htmlentities($set['homeurl']) . '"/><br/>' . $lng['site_copyright'] . ':<br/>' . '<input type="text" name="copyright" value="' . htmlentities($set['copyright'], ENT_QUOTES, 'UTF-8') . '"/><br/>' . $lng['site_email'] . ':<br/>' . '<input name="madm" maxlength="50" value="' . htmlentities($set['email']) . '"/><br />' . $lng['file_maxsize'] . ' (kb):<br />' . '<input type="text" name="flsz" value="' . intval($set['flsz']) . '"/><br />' . '<input name="gz" type="checkbox" value="1" ' . ($set['gzip'] ? 'checked="checked"' : '') . ' /> ' . $lng['gzip_compress'] . '</p>';
* @version VERSION.txt (see attached file) * @author http://johncms.com/about * @dev agssbuzz@catroxs.org http://www.catroxs.org */ define('_IN_JOHNCMS', 1); $rootpath = ''; $headmod = 'login'; require 'incfiles/core.php'; require 'incfiles/head.php'; echo '<div class="phdr"><b>' . $lng['login'] . '</b></div>'; $error = array(); $captcha = FALSE; $display_form = 1; $user_login = isset($_POST['n']) ? functions::check($_POST['n']) : NULL; $user_pass = isset($_REQUEST['p']) ? functions::check($_REQUEST['p']) : NULL; $user_mem = isset($_POST['mem']) ? 1 : 0; $user_code = isset($_POST['code']) ? trim($_POST['code']) : NULL; if ($user_pass && !$user_login && !$id) { $error[] = $lng['error_login_empty']; } if (($user_login || $id) && !$user_pass) { $error[] = $lng['error_empty_password']; } if ($user_login && (mb_strlen($user_login) < 2 || mb_strlen($user_login) > 20)) { $error[] = $lng['nick'] . ': ' . $lng['error_wrong_lenght']; } if ($user_pass && (mb_strlen($user_pass) < 3 || mb_strlen($user_pass) > 15)) { $error[] = $lng['password'] . ': ' . $lng['error_wrong_lenght']; } if (!$error && $user_pass && ($user_login || $id)) {
} $typ = mysql_query("select * from `gallery` where id='" . $id . "';"); $ms = mysql_fetch_array($typ); switch ($ms['type']) { case "al": if (isset($_POST['submit'])) { $text = functions::check($_POST['text']); mysql_query("update `gallery` set text='" . $text . "' where id='" . $id . "';"); header("location: index.php?id={$id}"); } else { echo $lng_gal['edit_album'] . "<br/><form action='index.php?act=edit&id=" . $id . "' method='post'><input type='text' name='text' value='" . $ms['text'] . "'/><br/><input type='submit' name='submit' value='Ok!'/></form><br/><a href='index.php?id=" . $id . "'>" . $lng['back'] . "</a><br/>"; } break; case "rz": if (isset($_POST['submit'])) { $text = functions::check($_POST['text']); if (!empty($_POST['user'])) { $user = intval($_POST['user']); } else { $user = 0; } mysql_query("update `gallery` set text='" . $text . "', user='******' where id='" . $id . "';"); header("location: index.php?id={$id}"); } else { echo $lng_gal['edit_section'] . "<br/><form action='index.php?act=edit&id=" . $id . "' method='post'><input type='text' name='text' value='" . $ms['text'] . "'/><br/>"; echo "<input type='submit' name='submit' value='Ok!'/></form><br/><a href='index.php?id=" . $id . "'>" . $lng['back'] . "</a><br/>"; } break; default: echo "ERROR<br/><a href='index.php'>Back</a><br/>"; require_once '../incfiles/end.php';
} if ($set_user['field_w'] < 10) { $set_user['field_w'] = 10; } elseif ($set_user['field_w'] > 80) { $set_user['field_w'] = 80; } if ($set_user['field_h'] < 1) { $set_user['field_h'] = 1; } elseif ($set_user['field_h'] > 9) { $set_user['field_h'] = 9; } // Устанавливаем скин foreach (glob('../theme/*/*.css') as $val) { $theme_list[] = array_pop(explode('/', dirname($val))); } $set_user['skin'] = isset($_POST['skin']) && in_array($_POST['skin'], $theme_list) ? functions::check($_POST['skin']) : $set['skindef']; // Устанавливаем язык $lng_select = isset($_POST['iso']) ? trim($_POST['iso']) : false; if ($lng_select && array_key_exists($lng_select, core::$lng_list)) { $set_user['lng'] = $lng_select; unset($_SESSION['lng']); } // Записываем настройки mysql_query("UPDATE `users` SET `set_user` = '" . mysql_real_escape_string(serialize($set_user)) . "' WHERE `id` = '{$user_id}'"); $_SESSION['set_ok'] = 1; header('Location: profile.php?act=settings'); exit; } elseif (isset($_GET['reset']) || empty($set_user)) { /* ----------------------------------------------------------------- Задаем настройки по-умолчанию
$user['imname'] = isset($_POST['imname']) ? functions::check(mb_substr($_POST['imname'], 0, 25)) : ''; $user['live'] = isset($_POST['live']) ? functions::check(mb_substr($_POST['live'], 0, 50)) : ''; $user['dayb'] = isset($_POST['dayb']) ? intval($_POST['dayb']) : 0; $user['monthb'] = isset($_POST['monthb']) ? intval($_POST['monthb']) : 0; $user['yearofbirth'] = isset($_POST['yearofbirth']) ? intval($_POST['yearofbirth']) : 0; $user['about'] = isset($_POST['about']) ? functions::check(mb_substr($_POST['about'], 0, 500)) : ''; $user['mibile'] = isset($_POST['mibile']) ? functions::check(mb_substr($_POST['mibile'], 0, 40)) : ''; $user['mail'] = isset($_POST['mail']) ? functions::check(mb_substr($_POST['mail'], 0, 40)) : ''; $user['mailvis'] = isset($_POST['mailvis']) ? 1 : 0; $user['icq'] = isset($_POST['icq']) ? intval($_POST['icq']) : 0; $user['skype'] = isset($_POST['skype']) ? functions::check(mb_substr($_POST['skype'], 0, 40)) : ''; $user['jabber'] = isset($_POST['jabber']) ? functions::check(mb_substr($_POST['jabber'], 0, 40)) : ''; $user['www'] = isset($_POST['www']) ? functions::check(mb_substr($_POST['www'], 0, 40)) : ''; // Данные юзера (для Администраторов) $user['name'] = isset($_POST['name']) ? functions::check(mb_substr($_POST['name'], 0, 20)) : $user['name']; $user['status'] = isset($_POST['status']) ? functions::check(mb_substr($_POST['status'], 0, 50)) : ''; $user['karma_off'] = isset($_POST['karma_off']); $user['sex'] = isset($_POST['sex']) && $_POST['sex'] == 'm' ? 'm' : 'zh'; $user['rights'] = isset($_POST['rights']) ? abs(intval($_POST['rights'])) : $user['rights']; // Проводим необходимые проверки if ($user['rights'] > $rights || $user['rights'] > 9 || $user['rights'] < 0) { $user['rights'] = 0; } if ($rights >= 7) { if (mb_strlen($user['name']) < 2 || mb_strlen($user['name']) > 20) { $error[] = $lng_profile['error_nick_lenght']; } $lat_nick = functions::rus_lat(mb_strtolower($user['name'])); if (preg_match("/[^0-9a-z\\-\\@\\*\\(\\)\\?\\!\\~\\_\\=\\[\\]]+/", $lat_nick)) { $error[] = $lng_profile['error_nick_symbols']; }
if (!in_array($file1, $drt)) { if (is_dir("{$loadroot}/{$file1}")) { mysql_query("insert into `download` values(0,'','" . $loadroot . "','" . time() . "','" . $file1 . "','cat','','','','" . $file1 . "','');"); } } } } $obn = mysql_query("select * from `download` where type = 'cat' ;"); while ($obn1 = mysql_fetch_array($obn)) { $dirop = "{$obn1['adres']}/{$obn1['name']}"; if (is_dir("{$dirop}")) { $diropen = opendir("{$dirop}"); while ($file = readdir($diropen)) { if ($file != "." && $file != ".." && $file != "index.php") { $pap = "{$obn1['adres']}/{$obn1['name']}"; $obn2 = mysql_query("select * from `download` where name = '" . functions::check($file) . "' and adres = '" . $pap . "' ;"); while ($obndir = mysql_fetch_array($obn2)) { $fod[] = $obndir[name]; } if (!in_array($file, $fod)) { if (is_dir("{$dirop}/{$file}")) { mysql_query("insert into `download` values(0,'" . $obn1[id] . "','" . $pap . "','" . time() . "','" . $file . "','cat','','','','" . $file . "','');"); } if (is_file("{$dirop}/{$file}")) { mysql_query("insert into `download` values(0,'" . $obn1[id] . "','" . $pap . "','" . time() . "','" . $file . "','file','','','','','');"); } } $fod = array(); ########## 7.02.08 } }
$error['password'][] = $lng['error_wrong_symbols']; } // Проверка пола if ($reg_sex != 'm' && $reg_sex != 'zh') { $error['sex'] = $lng_reg['error_sex']; } // Проверка кода CAPTCHA if (!$captcha || !isset($_SESSION['code']) || mb_strlen($captcha) < 4 || $captcha != $_SESSION['code']) { $error['captcha'] = $lng['error_wrong_captcha']; } unset($_SESSION['code']); // Проверка переменных if (empty($error)) { $pass = md5(md5($reg_pass)); $reg_name = functions::check(mb_substr($reg_name, 0, 20)); $reg_about = functions::check(mb_substr($reg_about, 0, 500)); // Проверка, занят ли ник $req = mysql_query("SELECT * FROM `users` WHERE `name_lat`='" . mysql_real_escape_string($lat_nick) . "'"); if (mysql_num_rows($req) != 0) { $error['login'][] = $lng_reg['error_nick_occupied']; } } if (empty($error)) { $preg = $set['mod_reg'] > 1 ? 1 : 0; mysql_query("INSERT INTO `users` SET\n `name` = '" . mysql_real_escape_string($reg_nick) . "',\n `name_lat` = '" . mysql_real_escape_string($lat_nick) . "',\n `password` = '" . mysql_real_escape_string($pass) . "',\n `imname` = '{$reg_name}',\n `about` = '{$reg_about}',\n `sex` = '{$reg_sex}',\n `rights` = '0',\n `ip` = '" . core::$ip . "',\n `ip_via_proxy` = '" . core::$ip_via_proxy . "',\n `browser` = '" . mysql_real_escape_string($agn) . "',\n `datereg` = '" . time() . "',\n `lastdate` = '" . time() . "',\n `sestime` = '" . time() . "',\n `preg` = '{$preg}',\n `set_user` = '',\n `set_forum` = '',\n `set_mail` = '',\n `smileys` = ''\n ") or exit(__LINE__ . ': ' . mysql_error()); $usid = mysql_insert_id(); // Отправка системного сообщения $set_mail = unserialize($set['setting_mail']); if (!isset($set_mail['message_include'])) { $set_mail['message_include'] = 0; }
header("Content-type: text/html; charset=utf-8;"); header("Content-Transfer-Encoding: utf-8;"); ini_set("display_errors", "on"); error_reporting(E_ALL); @session_start(); require_once "include/models/users.php"; require_once "include/functions.php"; // =================================== if (!empty($_GET["module"])) { $modules = functions::check($_GET["module"]); } else { $modules = "subscribe"; } if (!empty($_GET["action"])) { $action = functions::check($_GET["action"]); } else { $action = "index"; } if (!empty($_POST["login"]) || !empty($_POST["password"])) { $error = functions::auth($_POST["login"], $_POST["password"]); } if ($action == "logout") { functions::logout(); } // =================================== functions::DBConnect(); include "template/header.php"; if (!empty($_SESSION["s_user"]) && $_SESSION["s_user"]["id"] > 0) { if ($modules == "subscribe") { include "modules/subscribe.php";
require_once "../incfiles/head.php"; if ($_GET['id'] == "") { echo "ERROR<br/><a href='index.php?'>Back</a><br/>"; require_once '../incfiles/end.php'; exit; } $id = intval(trim($_GET['id'])); $typ = mysql_query("select * from `download` where id='" . $id . "';"); $ms = mysql_fetch_array($typ); if ($ms[type] != "file") { echo "ERROR<br/><a href='index.php?'>Back</a><br/>"; require_once '../incfiles/end.php'; exit; } if ($_SESSION['rat'] == $id) { echo $lng_dl['already_rated'] . "<br/><a href='index.php?act=view&file=" . $id . "'>" . $lng['back'] . "</a><br/>"; require_once '../incfiles/end.php'; exit; } $rat = intval(functions::check($_POST['rat'])); if (!empty($ms[soft])) { $rt = explode(",", $ms[soft]); $rt1 = $rt[0] + $rat; $rt2 = $rt[1] + 1; $rat1 = "{$rt1},{$rt2}"; } else { $rat1 = "{$rat},1"; } $_SESSION['rat'] = $id; mysql_query("update `download` set soft = '" . $rat1 . "' where id = '" . $id . "';"); echo $lng_dl['vote_adopted'] . "<br/><a href='index.php?act=view&file=" . $id . "'>" . $lng['back'] . "</a><br/>";
} else { echo "Ошибка при загрузке файла<br/>"; } } if (!empty($_POST['fail1'])) { $uploadedfile = $_POST['fail1']; if (strlen($uploadedfile) > 0) { $array = explode('file=', $uploadedfile); $tmp_name = $array[0]; $filebase64 = $array[1]; } $ftip = functions::format($tmp_name); if (empty($_POST['newname'])) { $newname = str_replace(".{$ftip}", "", $tmp_name); } else { $newname = functions::check($_POST['newname']); } if (!empty($_POST['screens1'])) { $uploaddir1 = "{$screenroot}"; $uploadedfile1 = $_POST['screens1']; if (strlen($uploadedfile1) > 0) { $array1 = explode('file=', $uploadedfile1); $tmp_name1 = $array1[0]; $filebas64 = $array1[1]; } if (eregi("[^a-z0-9.()+_-]", $tmp_name1)) { echo "В названии файла <b>{$tmp_name1}</b> присутствуют недопустимые символы<br/>Разрешены только латинские символы, цифры и некоторые знаки ( .()+_- )<br /><a href='?act=select&cat=" . $cat . "'>Повторить</a></div>"; require_once '../incfiles/end.php'; exit; } $ffot = strtolower($tmp_name1);
require_once '../incfiles/end.php'; exit; } $article = mysql_fetch_array($req); // Запрос числа каментов $req = mysql_query("SELECT COUNT(*) FROM `lib` WHERE `type` = 'komm' AND `refid` = '" . $id . "'"); $countm = mysql_result($req, 0); echo '<div class="phdr">' . $lng_lib['comment_article'] . ':<br /><b>' . htmlentities($article['name'], ENT_QUOTES, 'UTF-8') . '</b></div>'; if ($user_id && !$ban['1'] && !$ban['10']) { echo '<div class="gmenu"><a href="index.php?act=addkomm&id=' . $id . '">' . $lng['write'] . '</a></div>'; } // Запрос списка комментариев $mess = mysql_query("SELECT * FROM `lib` WHERE `type` = 'komm' AND `refid` = '" . $id . "' ORDER BY `time` DESC LIMIT " . $start . "," . $kmess); for ($i = 0; $mass = mysql_fetch_array($mess); ++$i) { echo $i % 2 ? '<div class="list2">' : '<div class="list1">'; $uz = mysql_query("select * from `users` where name='" . functions::check($mass['avtor']) . "';"); $mass1 = mysql_fetch_array($uz); if (!empty($_SESSION['uid']) && $_SESSION['uid'] != $mass1['id']) { echo "<a href='../users/profile.php?user="******"'>{$mass['avtor']}</a>"; } else { echo $mass['avtor']; } switch ($mass1['rights']) { case 7: echo ' Adm '; break; case 6: echo ' Smd '; break; case 5: echo ' Mod ';
{ $vals = "abcdefghijklmnopqrstuvwxyz0123456789"; $result = ''; for ($i = 1; $i <= $length; $i++) { $result .= $vals[rand(0, strlen($vals))]; } return $result; } switch ($act) { case 'sent': /* ----------------------------------------------------------------- Отправляем E-mail с инструкциями по восстановлению пароля ----------------------------------------------------------------- */ $nick = isset($_POST['nick']) ? functions::rus_lat(mb_strtolower(functions::check($_POST['nick']))) : ''; $email = isset($_POST['email']) ? htmlspecialchars(trim($_POST['email'])) : ''; $code = isset($_POST['code']) ? trim($_POST['code']) : ''; $check_code = md5(rand(1000, 9999)); $error = false; if (!$nick || !$email || !$code) { $error = $lng['error_empty_fields']; } elseif (!isset($_SESSION['code']) || mb_strlen($code) < 4 || $code != $_SESSION['code']) { $error = $lng_pass['error_code']; } unset($_SESSION['code']); if (!$error) { // Проверяем данные по базе $req = mysql_query("SELECT * FROM `users` WHERE `name_lat` = '{$nick}' LIMIT 1"); if (mysql_num_rows($req) == 1) { $res = mysql_fetch_array($req);
} else { // Форма ввода IP адреса для Бана echo '<form action="index.php?act=ipban&mod=new" method="post">' . '<div class="menu"><p><h3>' . $lng['ip_address'] . ':</h3>' . ' <input type="text" name="ip"/></p>' . '<p><h3>' . $lng['ban_type'] . ':</h3>' . '<input name="term" type="radio" value="1" checked="checked" />' . $lng['blocking'] . '<br />' . '<input name="term" type="radio" value="3" />' . $lng['registration'] . '<br />' . '<input name="term" type="radio" value="2" />' . $lng['redirect'] . '<br /></p>' . '<p><h3>' . $lng['redirect_url'] . '</h3>' . ' <input type="text" name="url"/><br />' . '<small> ' . $lng['not_mandatory_field'] . '<br /> ' . $lng['url_help'] . '</small></p>' . '<p><h3>' . $lng['reason'] . '</h3>' . ' <textarea rows="' . core::$user_set['field_h'] . '" name="reason"></textarea>' . '<br /><small> ' . $lng['not_mandatory_field'] . '</small></p>' . '<p><input type="submit" name="submit" value=" ' . $lng['ban_do'] . ' "/></p></div>' . '<div class="phdr"><small>' . $lng['ip_ban_help'] . '</small></div>' . '</form>' . '<p><a href="index.php?act=ipban">' . $lng['cancel'] . '</a><br /><a href="index.php">' . $lng['admin_panel'] . '</a></p>'; } break; case 'insert': /* ----------------------------------------------------------------- Проверяем адрес и вставляем в базу ----------------------------------------------------------------- */ $ip1 = isset($_POST['ip1']) ? intval($_POST['ip1']) : ''; $ip2 = isset($_POST['ip2']) ? intval($_POST['ip2']) : ''; $ban_term = isset($_POST['term']) ? intval($_POST['term']) : 1; $ban_url = isset($_POST['url']) ? functions::check($_POST['url']) : ''; $reason = isset($_POST['reason']) ? functions::check($_POST['reason']) : ''; if (!$ip1 || !$ip2) { echo functions::display_error($lng['error_address'], '<a href="index.php?act=ipban&mod=new">' . $lng['back'] . '</a>'); require_once '../incfiles/end.php'; exit; } mysql_query("INSERT INTO `cms_ban_ip` SET\n `ip1` = '{$ip1}',\n `ip2` = '{$ip2}',\n `ban_type` = '{$ban_term}',\n `link` = '{$ban_url}',\n `who` = '{$login}',\n `reason` = '{$reason}',\n `date` = '" . time() . "'"); header('Location: index.php?act=ipban'); break; case 'clear': /* ----------------------------------------------------------------- Очистка таблицы банов по IP ----------------------------------------------------------------- */ if (isset($_GET['yes'])) {
//////////////////////////////////////////////////////////////////////////////// */ defined('_IN_JOHNCMS') or die('Error: restricted access'); require_once "../incfiles/head.php"; if ($rights == 4 || $rights >= 6) { if (empty($_GET['cat'])) { echo "ERROR<br /><a href='?'>Back</a><br/>"; require_once '../incfiles/end.php'; exit; } $cat = intval(trim($_GET['cat'])); provcat($cat); $cat1 = mysql_query("select * from `download` where type = 'cat' and id = '" . $cat . "';"); $adrdir = mysql_fetch_array($cat1); $namedir = "{$adrdir['adres']}/{$adrdir['name']}"; if (isset($_POST['submit'])) { if (!empty($_POST['newrus'])) { $newrus = functions::check($_POST['newrus']); } else { $newrus = "{$adrdir['text']}"; } if (mysql_query("update `download` set text='" . $newrus . "' where id='" . $cat . "';")) { echo '<p>' . $lng_dl['name_changed'] . '</p>'; } } else { echo "<form action='?act=ren&cat=" . $cat . "' method='post'><p>"; echo $lng_dl['folder_name_for_list'] . "<br/><input type='text' name='newrus' value='" . $adrdir[text] . "'/></p>"; echo "<p><input type='submit' name='submit' value='" . $lng_dl['change'] . "'/></p></form>"; } } echo "<p><a href='?cat=" . $cat . "'>" . $lng['back'] . "</a></p>";