Hacking();
}
} else {
Hacking();
}
break;
//################### Сохранение отредактированых ###################//
//################### Сохранение отредактированых ###################//
case "save":
NoAjaxQuery();
if ($user_group[$user_info['user_group']]['addnews']) {
//Подключаем парсер
include ENGINE_DIR . '/classes/parse.php';
$parse = new parse();
$title = ajax_utf8(textFilter($_POST['title'], false, true));
$text = $parse->BBparse(ajax_utf8(textFilter($_POST['text'])));
$id = intval($_POST['id']);
function BBimg($source)
{
return "<img src=\"{$source}\" alt=\"\" />";
}
$text = preg_replace("#\\[img\\](.*?)\\[/img\\]#ies", "\\BBimg('\\1')", $text);
if (isset($title) and !empty($title) and isset($text) and !empty($text)) {
$db->query("UPDATE `" . PREFIX . "_blog` SET title = '{$title}', story = '{$text}' WHERE id = '{$id}'");
}
}
die;
break;
//################### Загрузка фотографии ###################//
//################### Загрузка фотографии ###################//
case "upload":
}
//Если добавляем
if (isset($_POST['save'])) {
$ban_date = intval($_POST['days']);
$this_time = $ban_date ? $server_time + $ban_date * 60 * 60 * 24 : 0;
if ($this_time) {
$always = 1;
} else {
$always = 0;
}
if (isset($_POST['ip'])) {
$ip = $db->safesql(htmlspecialchars(strip_tags(trim($_POST['ip']))));
} else {
$ip = "";
}
$descr = textFilter($_POST['descr']);
if ($ip) {
$row = $db->super_query("SELECT id FROM `" . PREFIX . "_banned` WHERE ip ='" . $ip . "'");
if ($row) {
msgbox('Ошибка', 'Этот IP уже добавлен под фильтр', '?mod=ban');
} else {
$db->query("INSERT INTO `" . PREFIX . "_banned` SET descr = '" . $descr . "', date = '" . $this_time . "', always = '" . $always . "', ip = '" . $ip . "'");
@unlink(ENGINE_DIR . '/cache/system/banned.php');
header("Location: ?mod=ban");
}
} else {
msgbox('Ошибка', 'Укажите IP который нужно добавить под фильтр', 'javascript:history.go(-1)');
}
} else {
echoheader();
//Разблокировка
} else {
msgbox('Ошибка', 'Сообщество не найдено', '?mod=groups');
}
die;
}
echoheader();
$se_uid = intval($_GET['se_uid']);
if (!$se_uid) {
$se_uid = '';
}
$se_user_id = intval($_GET['se_user_id']);
if (!$se_user_id) {
$se_user_id = '';
}
$sort = intval($_GET['sort']);
$se_name = textFilter($_GET['se_name'], false, true);
if ($se_uid or $sort or $se_name or $se_user_id or $_GET['ban'] or $_GET['delet']) {
if ($se_uid) {
$where_sql .= "AND id = '" . $se_uid . "' ";
}
if ($se_user_id) {
$where_sql .= "AND real_admin = '" . $se_user_id . "' ";
}
$query = strtr($se_name, array(' ' => '%'));
//Замеянем пробелы на проценты чтоб тоиск был точнее
if ($se_name) {
$where_sql .= "AND title LIKE '%" . $query . "%' ";
}
if ($_GET['ban']) {
$where_sql .= "AND ban = 1 ";
$checked_ban = "checked";
$wall = new wall();
$wall->query("SELECT SQL_CALC_FOUND_ROWS tb1.id, text, public_id, add_date, fasts_num, attach, likes_num, likes_users, tell_uid, public, tell_date, tell_comm, tb2.title, photo, comments FROM `" . PREFIX . "_communities_wall` tb1, `" . PREFIX . "_communities` tb2 WHERE tb1.public_id = '{$id}' AND tb1.public_id = tb2.id AND fast_comm_id = 0 ORDER by `add_date` DESC LIMIT 0, {$limit_select}");
$wall->template('groups/record.tpl');
$wall->compile('content');
$wall->select($public_admin, $server_time);
AjaxTpl();
}
die;
break;
//################### Добавление комментария к записи ###################//
//################### Добавление комментария к записи ###################//
case "wall_send_comm":
NoAjaxQuery();
$rec_id = intval($_POST['rec_id']);
$public_id = intval($_POST['public_id']);
$wall_text = ajax_utf8(textFilter($_POST['wall_text']));
//Проверка на админа и проверяем включены ли комменты
$row = $db->super_query("SELECT tb1.fasts_num, tb2.admin, comments FROM `" . PREFIX . "_communities_wall` tb1, `" . PREFIX . "_communities` tb2 WHERE tb1.public_id = tb2.id AND tb1.id = '{$rec_id}'");
if ($row['comments'] or stripos($row['admin'], "u{$user_id}|") !== false and isset($wall_text) and !empty($wall_text)) {
//Вставляем саму запись в БД
$db->query("INSERT INTO `" . PREFIX . "_communities_wall` SET public_id = '{$user_id}', text = '{$wall_text}', add_date = '{$server_time}', fast_comm_id = '{$rec_id}'");
$db->query("UPDATE `" . PREFIX . "_communities_wall` SET fasts_num = fasts_num+1 WHERE id = '{$rec_id}'");
$row['fasts_num'] = $row['fasts_num'] + 1;
if ($row['fasts_num'] > 3) {
$comments_limit = $row['fasts_num'] - 3;
} else {
$comments_limit = 0;
}
$sql_comments = $db->super_query("SELECT SQL_CALC_FOUND_ROWS tb1.id, public_id, text, add_date, tb2.user_photo, user_search_pref FROM `" . PREFIX . "_communities_wall` tb1, `" . PREFIX . "_users` tb2 WHERE tb1.public_id = tb2.user_id AND tb1.fast_comm_id = '{$rec_id}' ORDER by `add_date` ASC LIMIT {$comments_limit}, 3", 1);
//Загружаем кнопку "Показать N запсии"
$tpl->load_template('groups/record.tpl');
/*
Appointment: Личные настройки
File: mysettings.php
*/
if (!defined('MOZG')) {
die('Hacking attempt!');
}
$row = $db->super_query("SELECT user_email, user_name, user_lastname, user_password FROM `" . PREFIX . "_users` WHERE user_id = '" . $user_info['user_id'] . "'");
//Если сохраянем
if (isset($_POST['save'])) {
$old_pass = md5(md5(GetVar($_POST['old_pass'])));
$new_pass = md5(md5(GetVar($_POST['new_pass'])));
$user_name = textFilter($_POST['name'], false, true);
$user_lastname = textFilter($_POST['lastname'], false, true);
$user_email = textFilter($_POST['email'], false, true);
$errors = array();
//Проверка имени
if (isset($user_name)) {
if (strlen($user_name) >= 2) {
if (!preg_match("/^[a-zA-Zа-яА-Я]+\$/", $user_name)) {
$errors[] = 'Введите имя';
}
} else {
$errors[] = 'Введите имя';
}
} else {
$errors[] = 'Введите имя';
}
//Проверка фамилии
if (isset($user_lastname)) {
$fid = intval($_POST['fid']);
$row = $db->super_query("SELECT fuser_id, public_id FROM `" . PREFIX . "_communities_forum` WHERE fid = '{$fid}'");
$row2 = $db->super_query("SELECT admin, discussion FROM `" . PREFIX . "_communities` WHERE id = '{$row['public_id']}'");
if (stripos($row2['admin'], "u{$user_id}|") !== false) {
$public_admin = true;
} else {
$public_admin = false;
}
if ($user_info['user_group'] == 1 or $public_admin or $row['fuser_id'] == $user_id and $row2['discussion']) {
//Голосование
$vote_title = ajax_utf8(textFilter($_POST['vote_title'], false, true));
$vote_answer_1 = ajax_utf8(textFilter($_POST['vote_answer_1'], false, true));
$ansers_list = array();
if (isset($vote_title) and !empty($vote_title) and isset($vote_answer_1) and !empty($vote_answer_1)) {
for ($vote_i = 1; $vote_i <= 10; $vote_i++) {
$vote_answer = ajax_utf8(textFilter($_POST['vote_answer_' . $vote_i], false, true));
$vote_answer = str_replace('|', '|', $vote_answer);
if ($vote_answer) {
$ansers_list[] = $vote_answer;
}
}
$sql_answers_list = implode('|', $ansers_list);
//Вставляем голосование в БД
$db->query("INSERT INTO `" . PREFIX . "_votes` SET title = '{$vote_title}', answers = '{$sql_answers_list}'");
$db->query("UPDATE `" . PREFIX . "_communities_forum` SET vote = '{$db->insert_id()}' WHERE fid = '{$fid}'");
}
}
exit;
break;
//################### Просмотр темы ###################//
//################### Просмотр темы ###################//
/*
Appointment: Пользователи
File: users.php
*/
if (!defined('MOZG')) {
die('Hacking attempt!');
}
echoheader();
$se_uid = intval($_GET['se_uid']);
if (!$se_uid) {
$se_uid = '';
}
$sort = intval($_GET['sort']);
$se_name = textFilter($_GET['se_name'], false, true);
$se_email = textFilter($_GET['se_email'], false, true);
$ban = $_GET['ban'];
$delet = $_GET['delet'];
if ($se_uid or $sort or $se_name or $se_email or $ban or $delet or $_GET['regdate']) {
$where_sql .= "WHERE user_email != ''";
if ($se_uid) {
$where_sql .= "AND user_id = '" . $se_uid . "' ";
}
if ($se_name) {
$where_sql .= "AND user_search_pref LIKE '%" . $se_name . "%' ";
}
if ($se_email) {
$where_sql .= "AND user_email LIKE '%" . $se_email . "%' ";
}
if ($ban) {
$where_sql .= "AND user_ban = 1 ";
$db->query("DELETE FROM `" . PREFIX . "_static` WHERE id = '" . $id . "'");
header("Location: ?mod=static");
}
//Редактирование
if ($_GET['act'] == 'edit') {
$id = intval($_GET['id']);
$row = $db->super_query("SELECT title, alt_name, text FROM `" . PREFIX . "_static` WHERE id = '" . $id . "'");
if ($row) {
//Сохраняем
if (isset($_POST['save_edit'])) {
//Подключаем парсер
include_once ENGINE_DIR . '/classes/parse.php';
$parse = new parse();
$title = textFilter($_POST['title'], false, true);
$alt_name = totranslit($_POST['alt_name']);
$text = $parse->BBparse(textFilter($_POST['text']));
if (isset($title) and !empty($title) and isset($text) and !empty($text) and isset($alt_name) and !empty($alt_name)) {
$db->query("UPDATE`" . PREFIX . "_static` SET alt_name = '" . $alt_name . "', title = '" . $title . "', text = '" . $text . "' WHERE id = '" . $id . "'");
header("Location: ?mod=static");
} else {
msgbox('Ошибка', 'Все поля обязательны к заполнению', 'javascript:history.go(-1)');
}
die;
}
echoheader();
$row['title'] = stripslashes($row['title']);
//Подключаем парсер
include_once ENGINE_DIR . '/classes/parse.php';
$parse = new parse();
$row['text'] = $parse->BBdecode(myBrRn(stripslashes($row['text'])));
echohtmlstart('Редактирование страницы');
if (!$user_usr) {
$user_usr = $l_anonymous;
}
if (trim($_POST['topicTitle']) == '' and trim($_POST['postText']) == '') {
$action = 'vtopic';
return;
} elseif (trim($_POST['topicTitle']) == '') {
$errorMSG = $l_topiccannotempty;
$correctErr = $backErrorLink;
$title .= $l_topiccannotempty;
echo load_header();
echo ParseTpl(makeUp('main_warning'));
return;
} else {
$TT = $_POST['topicTitle'];
$topicTitle = textFilter($_POST['topicTitle'], $topic_max_length, $post_word_maxlength, 0, 1, 0, $user_id);
}
$poster_ip = getIP();
if (db_simpleSelect(0, $Tf, 'forum_id', 'forum_id', '=', $forum)) {
if ($postRange == 0) {
$antiSpam = 0;
} else {
if ($user_id == 0) {
$fields = array('poster_ip', $poster_ip);
} else {
$fields = array('poster_id', $user_id);
}
if ($antiSpam = db_simpleSelect(0, $Tp, 'count(*)', $fields[0], '=', $fields[1], '', '', 'now()-post_time', '<', $postRange)) {
$antiSpam = $antiSpam[0];
} else {
$antiSpam = 1;
*/
if (!defined('MOZG')) {
die('Hacking attempt!');
}
//Проверяем была ли нажата кнопка, если нет, то делаем редирект на главную
if (!$logged) {
NoAjaxQuery();
//Код безопасности
$session_sec_code = $_SESSION['sec_code'];
$sec_code = $_POST['sec_code'];
//Если код введные юзером совпадает, то пропускаем, иначе выводим ошибку
if ($sec_code == $session_sec_code) {
//Входные POST Данные
$user_name = ajax_utf8(textFilter($_POST['name'], false, true));
$user_lastname = ajax_utf8(textFilter($_POST['lastname'], false, true));
$user_email = ajax_utf8(textFilter($_POST['email'], false, true));
$user_name = ucfirst($user_name);
$user_lastname = ucfirst($user_lastname);
$user_sex = intval($_POST['sex']);
if ($user_sex < 0 or $user_sex > 2) {
$user_sex = 0;
}
$user_day = intval($_POST['day']);
if ($user_day < 0 or $user_day > 31) {
$user_day = 0;
}
$user_month = intval($_POST['month']);
if ($user_month < 0 or $user_month > 12) {
$user_month = 0;
}
$user_year = intval($_POST['year']);
}
if ($public_admin) {
$db->query("INSERT INTO `" . PREFIX . "_communities_audio` SET public_id = '{$pid}', url = '" . $db->safesql($check['url']) . "', artist = '" . $db->safesql($check['artist']) . "', name = '" . $db->safesql($check['name']) . "', adate = '{$server_time}'");
$db->query("UPDATE `" . PREFIX . "_communities` SET audio_num = audio_num+1 WHERE id = '{$pid}'");
mozg_clear_cache_file("groups/audio{$pid}");
}
exit;
break;
//################### Сохранение отредактированых данных ###################//
//################### Сохранение отредактированых данных ###################//
case "editsave":
NoAjaxQuery();
$aid = intval($_POST['aid']);
$pid = intval($_POST['pid']);
$artist = ajax_utf8(textFilter($_POST['artist'], false, true));
$name = ajax_utf8(textFilter($_POST['name'], false, true));
if (isset($artist) and empty($artist)) {
$artist = 'Неизвестный исполнитель';
}
if (isset($name) and empty($name)) {
$name = 'Без названия';
}
$infoGroup = $db->super_query("SELECT admin FROM `" . PREFIX . "_communities` WHERE id = '{$pid}'");
if (stripos($infoGroup['admin'], "u{$user_id}|") !== false) {
$public_admin = true;
} else {
$public_admin = false;
}
if ($public_admin) {
$db->query("UPDATE `" . PREFIX . "_communities_audio` SET artist = '{$artist}', name = '{$name}' WHERE aid = '{$aid}'");
mozg_clear_cache_file("groups/audio{$pid}");
<?php
/*
Appointment: Отправка массовых сообщений
File: mail.php
*/
if (!defined('MOZG')) {
die('Hacking attempt!');
}
$act = $_GET['act'];
switch ($act) {
//################### Начало рассылки ###################//
case "send":
$limit = intval($_POST['limit']);
$lastid = intval($_POST['lastid']);
$title = textFilter(ajax_utf8($_POST['title']), false, true);
$_POST['text'] = ajax_utf8($_POST['text']);
$sql_ = $db->super_query("SELECT SQL_CALC_FOUND_ROWS user_search_pref, user_email FROM `" . PREFIX . "_users` ORDER by `user_id` ASC LIMIT " . $lastid . ", " . $limit, 1);
if ($sql_) {
include_once ENGINE_DIR . '/classes/mail.php';
$mail = new dle_mail($config, true);
foreach ($sql_ as $row) {
$find = array('/data:/i', '/about:/i', '/vbscript:/i', '/onclick/i', '/onload/i', '/onunload/i', '/onabort/i', '/onerror/i', '/onblur/i', '/onchange/i', '/onfocus/i', '/onreset/i', '/onsubmit/i', '/ondblclick/i', '/onkeydown/i', '/onkeypress/i', '/onkeyup/i', '/onmousedown/i', '/onmouseup/i', '/onmouseover/i', '/onmouseout/i', '/onselect/i', '/javascript/i', '/javascript/i');
$replace = array("data:", "about:", "vbscript<b></b>:", "onclick", "onload", "onunload", "onabort", "onerror", "onblur", "onchange", "onfocus", "onreset", "onsubmit", "ondblclick", "onkeydown", "onkeypress", "onkeyup", "onmousedown", "onmouseup", "onmouseover", "onmouseout", "onselect", "javascript");
$message_send = preg_replace($find, $replace, $_POST['text']);
$message_send = preg_replace("#<iframe#i", "<iframe", $message_send);
$message_send = preg_replace("#<script#i", "<script", $message_send);
$message_send = str_replace("<?", "<?", $message_send);
$message_send = str_replace("?>", "?>", $message_send);
$message_send = $db->safesql($message_send);
$message_send = str_replace("{%user-name%}", $row['user_search_pref'], $_POST['text']);
$type = strtolower(end(explode(".", $file_name)));
// формат файла
if ($type == 'mp3' and $config['audio_mod_add'] == 'yes' and $file_size < 10000000) {
$audio_dir = ROOT_DIR . '/uploads/audio/' . $user_id . '/';
if (!is_dir($audio_dir)) {
@mkdir($audio_dir, 0777);
@chmod($audio_dir, 0777);
}
$res_type = '.' . $type;
if (move_uploaded_file($file_tmp, $audio_dir . $file_rename . $res_type)) {
//Узнаем исполнителя и название песни по id3
include ENGINE_DIR . "/classes/id3v2.php";
$id3v2 = new Id3v2();
$res = $id3v2->read(ROOT_DIR . '/uploads/audio/' . $user_id . '/' . $file_rename . $res_type);
$artist = ajax_utf8(textFilter($res['Artist'], false, true));
$name = ajax_utf8(textFilter($res['Title'], false, true));
if (isset($artist) and empty($artist)) {
$artist = 'Неизвестный исполнитель';
}
if (isset($name) and empty($name)) {
$name = 'Без названия';
}
$lnk = $config['home_url'] . 'uploads/audio/' . $user_id . '/' . $file_rename . $res_type;
$db->query("INSERT INTO `" . PREFIX . "_audio` SET auser_id = '" . $user_id . "', url = '" . $lnk . "', artist = '" . $artist . "', name = '" . $name . "', adate = '" . $server_time . "'");
$db->query("UPDATE `" . PREFIX . "_users` SET user_audio = user_audio+1 WHERE user_id = '" . $user_id . "'");
mozg_mass_clear_cache_file('user_' . $user_id . '/audios_profile|user_' . $user_id . '/profile_' . $user_id);
} else {
echo 1;
}
} else {
echo 1;
if (strlen($TT) > 0 and strlen($TT) < $post_text_minlength) {
$TT = '';
}
if ($TT == '' and trim($_POST['postText']) == '') {
$action = 'vtopic';
return;
} elseif ($TT == '' or $TT == '#GET#') {
$errorMSG = $l_topiccannotempty;
$correctErr = $backErrorLink;
$title .= $l_topiccannotempty;
echo load_header();
echo ParseTpl(makeUp('main_warning'));
return;
} else {
$TT = str_replace(array(' ', ' '), '', $TT);
$topicTitle = textFilter($TT, $topic_max_length, $post_word_maxlength, 0, 1, 0, $user_id, 255);
}
$poster_ip = getIP();
if (db_simpleSelect(0, $Tf, 'forum_id', 'forum_id', '=', $forum)) {
if ($postRange == 0) {
$antiSpam = 0;
} else {
if ($user_id == 0) {
$fields = array('poster_ip', $poster_ip);
} else {
$fields = array('poster_id', $user_id);
}
if ($asTime = db_simpleSelect(0, $Tp, 'post_time', $fields[0], '=', $fields[1], 'post_id DESC', '1')) {
$asTime = time() - strtotime($asTime[0]);
if ($asTime <= $postRange) {
$antiSpam = 1;
<?
/*
Author: Andrey Goglev
VK: https://vk.com/ru151
*/
ajax_only();
$logged or die('{"err":"nolog"}');
$act = $_POST['act'];
switch($act){
case 'list':
$q = textFilter($_POST['val']);
$doload = intval($_POST['doload']);
$s_w = $q ? "AND CONCAT(name, ' ', lname) LIKE '%{$q}%'" : '';
$limit = 20;
$page = isset($_POST['page']) ? intval($_POST['page'])*$limit : 0;
$sql_ = mysql_query("SELECT uid, name, lname FROM `users` WHERE uid != '{$uid}' {$s_w} ORDER by uid LIMIT {$page}, {$limit}", 1);
$res = '';
if($sql_){
$friend = new Memcache;
$friend->addServer('localhost', FR1_PORT);
foreach($sql_ as $row){
}else{
$counts[$peer] += 1;
if($ids) $ids_res[$peer][] = $new_messages[$i];
}
}
return array('all' => $new_messages[0], 'peers' => $counts, 'unicue' => count($counts), 'ids' => $ids_res);
}
switch($act){
case 'send':
ajax_only();
$peer = intval($_POST['peer']);
$msg = textFilter($_POST['msg']);
if(!$msg) echo json_encode(array('err' => 1));
$bayes = new Memcache;
$bayes->addServer('localhost', BAY_PORT);
$random_tag = mt_rand(1111111, 9999999);
$bayes->set("current_text{$random_tag}", "\x1uid\x20{$uid}\t\x1out\x201\t".$msg);
$test_spam = $bayes->get("test{$random_tag}");
$random_tag2 = mt_rand(1111111, 9999999);
$bayes->set("current_text{$random_tag2}", "\x1uid\x20{$peer}\t".$msg);
$test_spam2 = $bayes->get("test{$random_tag2}");
if($test_spam == 'spam' || $test_spam2 == 'spam'){
$tpl->set('{privacy-text}', strtr($album_privacy[0], array('1' => 'Все пользователи', '2' => 'Только друзья', '3' => 'Только я')));
$tpl->set('{privacy-comment}', $album_privacy[1]);
$tpl->set('{privacy-comment-text}', strtr($album_privacy[1], array('1' => 'Все пользователи', '2' => 'Только друзья', '3' => 'Только я')));
$tpl->compile('content');
AjaxTpl();
}
die;
break;
//################### Сохранение настроек альбома ###################//
//################### Сохранение настроек альбома ###################//
case "save_album":
NoAjaxQuery();
$id = intval($_POST['id']);
$user_id = $user_info['user_id'];
$name = ajax_utf8(textFilter($_POST['name'], false, true));
$descr = ajax_utf8(textFilter($_POST['descr']));
$privacy = intval($_POST['privacy']);
$privacy_comm = intval($_POST['privacy_comm']);
if ($privacy <= 0 or $privacy > 3) {
$privacy = 1;
}
if ($privacy_comm <= 0 or $privacy_comm > 3) {
$privacy_comm = 1;
}
$sql_privacy = $privacy . '|' . $privacy_comm;
//Проверка на существование юзера
$chekc_user = $db->super_query("SELECT privacy FROM `" . PREFIX . "_albums` WHERE aid = '{$id}' AND user_id = '{$user_id}'");
if ($chekc_user) {
if (isset($name) and !empty($name)) {
$db->query("UPDATE `" . PREFIX . "_albums` SET name = '{$name}', descr = '{$descr}', privacy = '{$sql_privacy}' WHERE aid = '{$id}'");
echo stripslashes($name) . '|#|||#row#|||#|' . stripslashes($descr);
<?php
/*
Appointment: Статус
File: status.php
*/
if (!defined('MOZG')) {
die('Hacking attempt!');
}
NoAjaxQuery();
if ($logged) {
$user_id = $user_info['user_id'];
$text = ajax_utf8(textFilter($_POST['text'], false, true));
$db->query("UPDATE `" . PREFIX . "_users` SET user_status = '{$text}' WHERE user_id = '{$user_id}'");
echo stripslashes(stripslashes(textFilter(ajax_utf8($_POST['text']))));
//Чистим кеш
mozg_clear_cache_file('user_' . $user_id . '/profile_' . $user_id);
mozg_clear_cache();
}
die;
$user_info = array();
$logged = false;
}
//Если юзер нажимает "Главная" то скидываем на его стр.
$host_site = $_SERVER['QUERY_STRING'];
if ($logged and !$host_site) {
header('Location: /id' . $user_info['user_id']);
}
} else {
$user_info = array();
$logged = false;
}
//Если данные поступили через пост и пользователь не авторизован
if (isset($_POST['log_in']) and !$logged) {
//Приготавливаем данные
$email = textFilter(strip_tags($_POST['email']));
$password = md5(md5(GetVar($_POST['password'])));
//Проверяем правильность e-mail
if (!preg_match('/^(("[\\w-\\s]+")|([\\w-]+(?:\\.[\\w-]+)*)|("[\\w-\\s]+")([\\w-]+(?:\\.[\\w-]+)*))(@((?:[\\w-]+\\.)*\\w[\\w-]{0,66})\\.([a-z]{2,6}(?:\\.[a-z]{2})?)$)|(@\\[?((25[0-5]\\.|2[0-4][0-9]\\.|1[0-9]{2}\\.|[0-9]{1,2}\\.))((25[0-5]|2[0-4][0-9]|1[0-9]{2}|[0-9]{1,2})\\.){2}(25[0-5]|2[0-4][0-9]|1[0-9]{2}|[0-9]{1,2})\\]?$)/i', $email)) {
msgbox('', $lang['not_loggin'] . '<br /><a href="/restore" onClick="Page.Go(this.href); return false">Забыли пароль?</a>', 'info_red');
} else {
//Считаем кол-во символов в пароле и email
if (isset($email) and !empty($email)) {
$check_user = $db->super_query("SELECT user_id FROM `" . PREFIX . "_users` WHERE user_email = '" . $email . "' AND user_password = '******'");
//Если есть юзер то пропускаем
if ($check_user) {
//Hash ID
$hid = $password . md5(md5($_IP));
//Обновляем хэш входа
$db->query("UPDATE `" . PREFIX . "_users` SET user_hid = '" . $hid . "' WHERE user_id = '" . $check_user['user_id'] . "'");
//Удаляем все рание события
$eMatch = $_POST['eMatch'];
} elseif (isset($_GET['exact'])) {
$exact = $_GET['exact'];
}
if ((preg_match("/^([A-Z]{1,2})([0-9]{1,2}[A-Z]?) *([0-9])([A-Z]{0,2})\$/", strtoupper($searchFor)) || preg_match("/^([a-zA-Z]{1,3}) ?(\\d{2,5})[ \\.]?(\\d{2,5})\$/", $searchFor)) && ($searchForum == 0 || $searchForum == $CONF['forum_gridsquare'])) {
header("Location:http://{$_SERVER['HTTP_HOST']}/discuss/search.php?q={$searchFor}");
print "<a href=\"http://{$_SERVER['HTTP_HOST']}/discuss/search.php?q={$searchFor}\">View Search Results</a>";
exit;
}
$searchWhere += 0;
$searchHow += 0;
$searchForum += 0;
$word = 0;
$min = 2;
$i = 0;
$searchFor = textFilter($searchFor, 100, $post_word_maxlength, 0, 1, 0, 0);
$days = substr($days, 0, 4) + 0;
$sCA = array($Tp . ',' . $Tt, $Tt, $Tp);
$sTA = array($Tp, $Tt, $Tp);
$sTTA = array('post_time', 'topic_time', 'post_time');
if ($searchWhere == 0) {
$whereGenAr = array($Tp . '.post_text', $Tt . '.topic_title');
} elseif ($searchWhere == 1) {
$whereGenAr = array('topic_title', '');
} elseif ($searchWhere == 2) {
$whereGenAr = array($Tp . '.poster_name', '');
}
if (isset($eMatch) && $eMatch == 'on' || isset($exact) && $exact) {
$exact = 1;
$eMatch = 'checked';
} else {
if ($ajax == 'yes') {
NoAjaxQuery();
}
if ($logged) {
$act = $_GET['act'];
$user_id = $user_info['user_id'];
switch ($act) {
//################### Отправка сообщения ###################//
case "send":
NoAjaxQuery();
$for_user_id = intval($_POST['for_user_id']);
$msg = ajax_utf8(textFilter($_POST['msg']));
$attach_files = ajax_utf8(textFilter($_POST['attach_files']));
$my_ava = ajax_utf8(textFilter($_POST['my_ava'], false, true));
$my_name = ajax_utf8(textFilter($_POST['my_name'], false, true));
$attach_files = ajax_utf8(textFilter($_POST['attach_files'], false, true));
$attach_files = str_replace('vote|', 'hack|', $attach_files);
if ($user_id != $for_user_id and $for_user_id and isset($msg) and !empty($msg) or isset($attach_files) or !empty($attach_files)) {
//Проверка на существование получателя
$row = $db->super_query("SELECT user_privacy FROM `" . PREFIX . "_users` WHERE user_id = '" . $for_user_id . "'");
if ($row) {
//Приватность
$user_privacy = xfieldsdataload($row['user_privacy']);
//ЧС
$CheckBlackList = CheckBlackList($for_user_id);
//Проверка естьли запрашиваемый юзер в друзьях у юзера который смотрит стр
if ($user_privacy['val_msg'] == 2) {
$check_friend = CheckFriends($for_user_id);
}
if (!$CheckBlackList and $user_privacy['val_msg'] == 1 or $user_privacy['val_msg'] == 2 and $check_friend) {
$xPrivasy = 1;
$newpostedxfields[$value[0]] = $postedxfields[$value[0]];
if ($value[2] == "select") {
$options = explode("\r\n", $value[3]);
$newpostedxfields[$value[0]] = $options[$postedxfields[$value[0]]] . '|1';
}
}
$postedxfields = $newpostedxfields;
foreach ($postedxfields as $xfielddataname => $xfielddatavalue) {
if (!$xfielddatavalue) {
continue;
}
$expxfielddatavalue = explode('|', $xfielddatavalue);
if ($expxfielddatavalue[1]) {
$xfielddatavalue = str_replace('|1', '', textFilter($xfielddatavalue));
} else {
$xfielddatavalue = ajax_utf8(textFilter($xfielddatavalue));
}
$xfielddataname = $db->safesql($xfielddataname);
if (isset($xfielddatavalue) and !empty($xfielddatavalue)) {
$xfielddataname = str_replace("|", "|", $xfielddataname);
$xfielddatavalue = str_replace("|", "|", $xfielddatavalue);
$filecontents[] = "{$xfielddataname}|{$xfielddatavalue}";
}
}
if ($filecontents) {
$filecontents = implode("||", $filecontents);
} else {
$filecontents = '';
}
$db->query("UPDATE `" . PREFIX . "_users` SET xfields = '{$filecontents}' WHERE user_id = '{$user_info['user_id']}'");
mozg_clear_cache_file('user_' . $user_info['user_id'] . '/profile_' . $user_info['user_id']);
<?php
/*
Appointment: ∆алобы
File: report.php
*/
if (!defined('MOZG')) {
die('Hacking attempt!');
}
NoAjaxQuery();
if ($logged) {
$act = textFilter($_POST['act']);
$mid = intval($_POST['id']);
$type_report = intval($_POST['type_report']);
$text_report = ajax_utf8(textFilter($_POST['text_report']));
$arr_act = array('photo', 'video', 'note', 'wall');
if ($act == 'wall') {
$type_report = 6;
}
if (in_array($act, $arr_act) and $mid and $type_report <= 6 and $type_report > 0) {
$check = $db->super_query("SELECT COUNT(*) AS cnt FROM `" . PREFIX . "_report` WHERE ruser_id = '" . $user_info['user_id'] . "' AND mid = '" . $mid . "' AND act = '" . $act . "'");
if (!$check['cnt']) {
$db->query("INSERT INTO `" . PREFIX . "_report` SET act = '" . $act . "', type = '" . $type_report . "', text = '" . $text_report . "', mid = '" . $mid . "', date = '" . $server_time . "', ruser_id = '" . $user_info['user_id'] . "'");
}
}
}
die;
<?php
/*
Appointment: Города
File: city.php
*/
if (!defined('MOZG')) {
die('Hacking attempt!');
}
//Добавление
if (isset($_POST['add'])) {
$country = intval($_POST['country']);
$city = textFilter($_POST['city'], false, true);
if (isset($city) and !empty($city) and $country) {
$row = $db->super_query("SELECT COUNT(*) AS cnt FROM `" . PREFIX . "_city` WHERE name = '" . $city . "' AND id_country = '" . $country . "'");
if (!$row['cnt']) {
$db->query("INSERT INTO `" . PREFIX . "_city` SET name = '" . $city . "', id_country = '" . $country . "'");
system_mozg_clear_cache_file('country_city_' . $country);
msgbox('Информация', 'Город успешно добавлен', '?mod=city');
} else {
msgbox('Ошибка', 'Такой город уже добавлен', 'javascript:history.go(-1)');
}
} else {
msgbox('Ошибка', 'Все поля объязательны', 'javascript:history.go(-1)');
}
die;
}
//Удаление
if ($_GET['act'] == 'del') {
$id = intval($_GET['id']);
$row = $db->super_query("SELECT id_country FROM `" . PREFIX . "_city` WHERE id = '" . $id . "'");
if ($check['user_photo']) {
$check['user_photo'] = "/uploads/users/{$check['user_id']}/50_{$check['user_photo']}";
} else {
$check['user_photo'] = "{theme}/images/no_ava_50.png";
}
echo $check['user_search_pref'] . "|" . $check['user_photo'];
} else {
echo 'no_user';
}
die;
break;
//################### Отправка данных на почту на воостановления ###################//
//################### Отправка данных на почту на воостановления ###################//
case "send":
NoAjaxQuery();
$email = ajax_utf8(textFilter($_POST['email']));
$check = $db->super_query("SELECT user_name FROM `" . PREFIX . "_users` WHERE user_email = '{$email}'");
if ($check) {
//Удаляем все предыдущие запросы на воостановление
$db->query("DELETE FROM `" . PREFIX . "_restore` WHERE email = '{$email}'");
$salt = "abchefghjkmnpqrstuvwxyz0123456789";
for ($i = 0; $i < 15; $i++) {
$rand_lost .= $salt[rand(0, 33)];
}
$hash = md5($server_time . $email . rand(0, 100000) . $rand_lost . $check['user_name']);
//Вставляем в базу
$db->query("INSERT INTO `" . PREFIX . "_restore` SET email = '{$email}', hash = '{$hash}', ip = '{$_IP}'");
//Отправляем письмо на почту для воостановления
include_once ENGINE_DIR . '/classes/mail.php';
$mail = new dle_mail($config);
$message = <<<HTML
<?php
if (isset($_POST['prevForm']) and trim($_POST['postText']) != '') {
require $pathToFiles . 'bb_func_txt.php';
$logged_admin = $user_id == 1 ? 1 : 0;
$disbbcode = (isset($_POST['disbbcode']) and $_POST['disbbcode'] == 1 ? 1 : 0);
$topicTitle2 = stripslashes(textFilter($_POST['topicTitle'], $topic_max_length, $post_word_maxlength, 0, 1, 0, 0));
$postText2 = stripslashes(textFilter($_POST['postText'], $post_text_maxlength, $post_word_maxlength, 1, $disbbcode, 1, $logged_admin));
if (empty($CONF['disable_discuss_thumbs']) && preg_match_all('/\\[\\[(\\[?)(\\w{0,3} ?\\d+ ?\\d*)(\\]?)\\]\\]/', $postText2, $g_matches)) {
$thumb_count = 0;
foreach ($g_matches[2] as $i => $g_id) {
if (is_numeric($g_id)) {
if ($global_thumb_count > $CONF['global_thumb_limit'] || $thumb_count > $CONF['post_thumb_limit']) {
$posterText = preg_replace("/\\[?\\[\\[{$g_id}\\]\\]\\]?/", "[[<a href=\"http://{$_SERVER['HTTP_HOST']}/photo/{$g_id}\">{$g_id}</a>]]", $posterText);
} else {
if (!isset($g_image)) {
require_once 'geograph/gridimage.class.php';
require_once 'geograph/gridsquare.class.php';
$g_image = new GridImage();
}
$ok = $g_image->loadFromId($g_id);
if ($ok && $g_image->moderation_status == 'rejected' && (!isset($userRanks[$cc]) || $userRanks[$cc] == 'Member')) {
$ok = false;
}
if ($ok) {
if ($g_matches[1][$i]) {
$g_img = $g_image->getThumbnail(120, 120, false, true);
#$g_img = preg_replace('/alt="(.*?)"/','alt="'.$g_image->grid_reference.' : \1 by '.$g_image->realname.'"',$g_img);
$g_title = $g_image->grid_reference . ' : ' . htmlentities($g_image->title) . ' by ' . $g_image->realname;
$postText2 = str_replace("[[[{$g_id}]]]", "<a href=\"http://{$_SERVER['HTTP_HOST']}/photo/{$g_id}\" target=\"_blank\" title=\"{$g_title}\">{$g_img}</a>", $postText2);
} else {
if (isset($emptySubscribe) and $emptySubscribe and $user_id != 0 and isset($_POST['CheckSendMail']) and emailCheckBox() != '' and substr(emailCheckBox(), 0, 8) != '<!--U-->') {
$ae = db_simpleSelect(0, $Ts, 'count(*)', 'user_id', '=', $user_id, '', '', 'topic_id', '=', $topic);
$ae = $ae[0];
if ($ae == 0) {
$topic_id = $topic;
insertArray(array('user_id', 'topic_id'), $Ts);
}
}
return;
}
if (!isset($_POST['disbbcode'])) {
$disbbcode = FALSE;
} else {
$disbbcode = TRUE;
}
$postText = textFilter($postText, $post_text_maxlength, $post_word_maxlength, 1, $disbbcode, 1, $user_id);
$poster_ip = getIP();
//Posting query with anti-spam protection
if ($row = db_simpleSelect(0, $Tt, 'topic_id', 'forum_id', '=', $forum, '', '', 'topic_id', '=', $topic)) {
if ($postRange == 0) {
$antiSpam = 0;
} else {
if ($user_id == 0) {
$fields = array('poster_ip', $poster_ip);
} else {
$fields = array('poster_id', $user_id);
}
if ($antiSpam = db_simpleSelect(0, $Tp, 'count(*)', $fields[0], '=', $fields[1], '', '', 'now()-post_time', '<', $postRange)) {
$antiSpam = $antiSpam[0];
} else {
$antiSpam = 1;
/*
Appointment: Просмотр фотографии
File: photo.php
*/
if (!defined('MOZG')) {
die('Hacking attempt!');
}
if ($logged) {
$act = $_GET['act'];
$user_id = $user_info['user_id'];
switch ($act) {
//################### Добавления комментария ###################//
case "addcomm":
NoAjaxQuery();
$pid = intval($_POST['pid']);
$comment = ajax_utf8(textFilter($_POST['comment']));
$date = date('Y-m-d H:i:s', $server_time);
$hash = md5($user_id . $server_time . $_IP . $user_info['user_email'] . rand(0, 1000000000)) . $comment . $pid;
$check_photo = $db->super_query("SELECT album_id, user_id, photo_name FROM `" . PREFIX . "_photos` WHERE id = '{$pid}'");
//Проверка естьли запрашиваемый юзер в друзьях у юзера который смотрит стр
if ($user_info['user_id'] != $check_photo['user_id']) {
$check_friend = CheckFriends($check_photo['user_id']);
$row_album = $db->super_query("SELECT privacy FROM `" . PREFIX . "_albums` WHERE aid = '{$check_photo['album_id']}'");
$album_privacy = explode('|', $row_album['privacy']);
}
//ЧС
$CheckBlackList = CheckBlackList($check_photo['user_id']);
//Проверка на существование фотки и приватность
if (!$CheckBlackList and $check_photo and $album_privacy[1] == 1 or $album_privacy[1] == 2 and $check_friend or $user_info['user_id'] == $check_photo['user_id']) {
$db->query("INSERT INTO `" . PREFIX . "_photos_comments` (pid, user_id, text, date, hash, album_id, owner_id, photo_name) VALUES ('{$pid}', '{$user_id}', '{$comment}', '{$date}', '{$hash}', '{$check_photo['album_id']}', '{$check_photo['user_id']}', '{$check_photo['photo_name']}')");
$id = $db->insert_id();
$user_id = $user_info['user_id'];
if ($_GET['page'] > 0) {
$page = intval($_GET['page']);
} else {
$page = 1;
}
$gcount = 20;
$limit_page = ($page - 1) * $gcount;
switch ($act) {
//################### Отправка сообщения ###################//
case "send":
NoAjaxQuery();
$for_user_id = intval($_POST['for_user_id']);
$theme = ajax_utf8(textFilter(strip_tags($_POST['theme'])));
$msg = ajax_utf8(textFilter($_POST['msg']));
$attach_files = ajax_utf8(textFilter($_POST['attach_files']));
$attach_files = str_replace('vote|', 'hack|', $attach_files);
if (!$theme) {
$theme = '...';
}
if ($user_id != $for_user_id and $for_user_id and isset($msg) and !empty($msg) or isset($attach_files) or !empty($attach_files)) {
//Проверка на существование получателя
$row = $db->super_query("SELECT user_privacy FROM `" . PREFIX . "_users` WHERE user_id = '{$for_user_id}'");
if ($row) {
//Приватность
$user_privacy = xfieldsdataload($row['user_privacy']);
//ЧС
$CheckBlackList = CheckBlackList($for_user_id);
//Проверка естьли запрашиваемый юзер в друзьях у юзера который смотрит стр
if ($user_privacy['val_msg'] == 2) {
$check_friend = CheckFriends($for_user_id);
case "create_ads":
//top tabs bar
$tpl->load_template('ads/ads_top.tpl');
$tpl->set('[create_ads]', '');
$tpl->set('[/create_ads]', '');
$tpl->set_block("'\\[ads_view_all\\](.*?)\\[/ads_view_all\\]'si", "");
$tpl->set_block("'\\[ads_view_my\\](.*?)\\[/ads_view_my\\]'si", "");
$tpl->compile('info');
$tpl->load_template('ads/ads_create.tpl');
$tpl->compile('content');
break;
//Записываем все данные в базу данных
//Записываем все данные в базу данных
case "add_ads":
$title = ajax_utf8(textFilter($_POST['title']));
$description = ajax_utf8(textFilter($_POST['description']));
$link_photos = textFilter2($_POST['link_photos']);
$link_site = textFilter2($_POST['link_site']);
$category = numFilter2($_POST['category']);
$transitions = numFilter2($_POST['transitions']);
$ubalance = $db->super_query("SELECT user_balance FROM `" . PREFIX . "_users` WHERE user_id = '{$user_id}'");
if ($transitions <= $ubalance['user_balance']) {
if ($title and $link_photos and $link_site and $transitions and $description) {
$db->query("INSERT INTO `" . PREFIX . "_ads` SET settings = '{$title}', description = '{$description}', links = '{$link_site}', link = '{$link_photos}', category = '{$category}', views = '{$transitions}', user_id = '{$user_id}'");
$db->query("UPDATE `" . PREFIX . "_users` SET user_balance=user_balance-'{$transitions}' WHERE user_id='{$user_id}'");
echo '1';
} else {
echo '2';
}
} else {
echo '3';
