function check_comment(&$str) { global $CONFIG, $lang_bad_words; // convert some entities $str = str_replace(array('&', '"', '<', '>', ' ', '''), array('&', '"', '<', '>', ' ', "'"), $str); // if '<' is no start of a tag (e.g. a lower than + equal), convert it to entity to prevent strip_tags() to clip the comment wrongly $str = preg_replace("/<([0-9<>=])/", '<\\1', $str); // strip tags and cut to max allowed length $str = trim(substr(strip_tags($str), 0, $CONFIG['max_com_size'])); // re convert some entities $str = str_replace(array('"', '<', '>', "'"), array('"', '<', '>', '''), $str); if ($CONFIG['filter_bad_words']) { $ercp = array(); foreach ($lang_bad_words as $word) { $ercp[] = '/' . ($word[0] == '*' ? '' : '\\b') . str_replace('*', '', $word) . ($word[strlen($word) - 1] == '*' ? '' : '\\b') . '/i'; } $str = preg_replace($ercp, '(...)', $str); } $com_words = explode(' ', strip_tags(bb_decode($str))); $replacements = array(); foreach ($com_words as $key => $word) { if (utf_strlen($word) > $CONFIG['max_com_wlength']) { $replacements[] = $word; } } $str = str_replace($replacements, '(...)', $str); }
function check_comment(&$str) { global $CONFIG, $lang_bad_words, $queries; // Added according to Andi's proposal: optimization of strip-Tags and max. comment length // convert some entities $str = str_replace(array('&', '"', '<', '>', ' ', '''), array('&', '"', '<', '>', ' ', "'"), $str); // strip tags and cut to max allowed length $str = trim(substr(strip_tags($str), 0, $CONFIG['max_com_size'])); // re convert some entities $str = str_replace(array('"', '<', '>', "'"), array('"', '<', '>', '''), $str); if ($CONFIG['filter_bad_words']) { $ercp = array(); foreach ($lang_bad_words as $word) { $ercp[] = '/' . ($word[0] == '*' ? '' : '\\b') . str_replace('*', '', $word) . ($word[strlen($word) - 1] == '*' ? '' : '\\b') . '/i'; } $str = preg_replace($ercp, '(...)', $str); } $com_words = explode(' ', strip_tags(bb_decode($str))); $replacements = array(); foreach ($com_words as $key => $word) { if (utf_strlen($word) > $CONFIG['max_com_wlength']) { $replacements[] = $word; } } $str = str_replace($replacements, '(...)', $str); }
function check_comment(&$str) { global $CONFIG, $lang_bad_words, $queries; if ($CONFIG['filter_bad_words']) { $ercp = array(); foreach ($lang_bad_words as $word) { $ercp[] = '/' . ($word[0] == '*' ? '' : '\\b') . str_replace('*', '', $word) . ($word[strlen($word) - 1] == '*' ? '' : '\\b') . '/i'; } $str = preg_replace($ercp, '(...)', $str); } $com_words = explode(' ', strip_tags(bb_decode($str))); $replacements = array(); foreach ($com_words as $key => $word) { if (utf_strlen($word) > $CONFIG['max_com_wlength']) { $replacements[] = $word; } } $str = str_replace($replacements, '(...)', $str); }
############################################################################################ ############################################################################################ ## Редактирование сообщения ## ############################################################################################ case 'editpost': $uid = check($_GET['uid']); $pid = abs(intval($_GET['pid'])); $msg = check($_POST['msg']); if (isset($_POST['delfile'])) { $del = intar($_POST['delfile']); } else { $del = 0; } if (is_user()) { if ($uid == $_SESSION['token']) { if (utf_strlen($msg) >= 5 && utf_strlen($msg) <= $config['forumtextlength']) { $post = DB::run()->queryFetch("SELECT `posts`.*, `topics`.`topics_closed` FROM `posts` LEFT JOIN `topics` ON `posts`.`posts_topics_id`=`topics`.`topics_id` WHERE `posts_id`=? AND `posts_user`=? LIMIT 1;", array($pid, $log)); if (!empty($post)) { if (empty($post['topics_closed'])) { if ($post['posts_time'] + 600 > SITETIME) { $msg = antimat($msg); DB::run()->query("UPDATE `posts` SET `posts_text`=?, `posts_edit`=?, `posts_edit_time`=? WHERE `posts_id`=?;", array($msg, $log, SITETIME, $pid)); // ------ Удаление загруженных файлов -------// if (!empty($del)) { $del = implode(',', $del); $queryfiles = DB::run()->query("SELECT * FROM `files_forum` WHERE `file_posts_id`=? AND `file_id` IN (" . $del . ");", array($pid)); $files = $queryfiles->fetchAll(); if (!empty($files)) { foreach ($files as $file) { if (file_exists(BASEDIR . '/upload/forum/' . $file['file_topics_id'] . '/' . $file['file_hash'])) { unlink(BASEDIR . '/upload/forum/' . $file['file_topics_id'] . '/' . $file['file_hash']);
# Made by : VANTUZ # # E-mail : visavi.net@mail.ru # # Site : http://pizdec.ru # # WAP-Site : http://visavi.net # # ICQ : 36-44-66 # # Вы не имеете право вносить изменения в код скрипта # # для его дальнейшего распространения # #-----------------------------------------------------# require_once "../includes/start.php"; require_once "../includes/functions.php"; require_once "../includes/header.php"; include_once "../themes/" . $config['themes'] . "/index.php"; $msg = check($_POST['msg']); show_title('partners.gif', 'Добавление сообщения'); if (is_user()) { if (utf_strlen(trim($msg)) > 3 && utf_strlen($msg) < 1000) { antiflood("Location: index.php?isset=antiflood&" . SID); karantin($udata[6], "Location: index.php?isset=karantin&" . SID); statistics(8); $msg = no_br($msg, '<br />'); $msg = antimat($msg); $msg = smiles($msg); $file = file(DATADIR . "chat.dat"); $data = explode("|", end($file)); $text = no_br($msg . '|' . $log . '||' . SITETIME . '|' . $brow . '|' . $ip . '|0|' . $data[7] . '|' . $data[8] . '|'); write_files(DATADIR . "chat.dat", "{$text}\r\n"); $countstr = counter_string(DATADIR . "chat.dat"); if ($countstr >= $config['maxpostchat']) { delete_lines(DATADIR . "chat.dat", array(0, 1, 2, 3, 4)); } change_profil($log, array(14 => $ip, 12 => $udata[12] + 1, 36 => $udata[36] + 1, 41 => $udata[41] + 1));
############################################################################################ ## Редактирование статьи ## ############################################################################################ ############################################################################################ ## Редактирование статьи ## ############################################################################################ case 'addeditblog': $uid = check($_GET['uid']); $title = check($_POST['title']); $text = check($_POST['text']); $user = check($_POST['user']); $tags = check($_POST['tags']); if ($uid == $_SESSION['token']) { if (utf_strlen($title) >= 5 && utf_strlen($title) <= 50) { if (utf_strlen($text) >= 100 && utf_strlen($text) <= $config['maxblogpost']) { if (utf_strlen($tags) >= 2 && utf_strlen($tags) <= 50) { if (preg_match('|^[a-z0-9\\-]+$|i', $user)) { $queryblog = DB::run()->querySingle("SELECT `blogs_id` FROM `blogs` WHERE `blogs_id`=? LIMIT 1;", array($id)); if (!empty($queryblog)) { DB::run()->query("UPDATE `blogs` SET `blogs_title`=?, `blogs_text`=?, `blogs_user`=?, `blogs_tags`=? WHERE `blogs_id`=?;", array($title, $text, $user, $tags, $id)); $_SESSION['note'] = 'Статья успешно отредактирована!'; redirect("blog.php?act=blog&cid={$cid}&start={$start}"); } else { show_error('Ошибка! Данной статьи не существует!'); } } else { show_error('Ошибка! Недопустимые символы в логине! Разрешены только знаки латинского алфавита и цифры!'); } } else { show_error('Ошибка! Слишком длинные или короткие метки статьи (от 2 до 50 символов)!'); }
function check_user_info(&$error) { global $CONFIG; global $lang_register_php, $lang_common, $lang_register_approve_email; global $lang_register_user_login, $lang_errors; $superCage = Inspekt::makeSuperCage(); $user_name = trim(get_post_var('username')); $password = trim(get_post_var('password')); $password_again = trim(get_post_var('password_verification')); $email = trim(get_post_var('email')); $profile1 = $superCage->post->getEscaped('user_profile1'); $profile2 = $superCage->post->getEscaped('user_profile2'); $profile3 = $superCage->post->getEscaped('user_profile3'); $profile4 = $superCage->post->getEscaped('user_profile4'); $profile5 = $superCage->post->getEscaped('user_profile5'); $profile6 = $superCage->post->getEscaped('user_profile6'); $agree_disclaimer = $superCage->post->getEscaped('agree'); $captcha_confirmation = $superCage->post->getEscaped('confirmCode'); $sql = "SELECT null FROM {$CONFIG['TABLE_USERS']} WHERE user_name = '{$user_name}'"; $result = cpg_db_query($sql); if (mysql_num_rows($result)) { $error = '<li style="list-style-image:url(images/icons/stop.png)">' . $lang_register_php['err_user_exists'] . '</li>'; return false; } mysql_free_result($result); if (utf_strlen($user_name) < 2) { $error .= '<li style="list-style-image:url(images/icons/stop.png)">' . $lang_register_php['username_warning2'] . '</li>'; } if (!empty($CONFIG['global_registration_pw'])) { $global_registration_pw = get_post_var('global_registration_pw'); if ($global_registration_pw != $CONFIG['global_registration_pw']) { $error .= '<li style="list-style-image:url(images/icons/stop.png)">' . $lang_register_php['err_global_pw'] . '</li>'; } elseif ($password == $CONFIG['global_registration_pw']) { $error .= '<li style="list-style-image:url(images/icons/stop.png)">' . $lang_register_php['err_global_pass_same'] . '</li>'; } } if (utf_strlen($password) < 2) { $error .= '<li style="list-style-image:url(images/icons/stop.png)">' . $lang_register_php['password_warning1'] . '</li>'; } if ($password == $user_name) { $error .= '<li style="list-style-image:url(images/icons/stop.png)">' . $lang_register_php['password_warning2'] . '</li>'; } if ($password != $password_again) { $error .= '<li style="list-style-image:url(images/icons/stop.png)">' . $lang_register_php['password_verification_warning1'] . '</li>'; } if (!Inspekt::isEmail($email)) { $error .= '<li style="list-style-image:url(images/icons/stop.png)">' . $lang_register_php['email_warning2'] . '</li>'; } if ($CONFIG['user_registration_disclaimer'] == 2 && $agree_disclaimer != 1) { $error .= '<li style="list-style-image:url(images/icons/stop.png)">' . $lang_register_php['err_disclaimer'] . '</li>'; } // Perform the ban check against email address and username $result = cpg_db_query("SELECT null FROM {$CONFIG['TABLE_BANNED']} WHERE user_name = '{$user_name}' AND brute_force = 0 LIMIT 1"); if (mysql_num_rows($result)) { $error .= '<li style="list-style-image:url(images/icons/stop.png)">' . $lang_register_php['user_name_banned'] . '</li>'; } mysql_free_result($result); $result = cpg_db_query("SELECT null FROM {$CONFIG['TABLE_BANNED']} WHERE email = '{$email}' AND brute_force = 0 LIMIT 1"); if (mysql_num_rows($result)) { $error .= '<li style="list-style-image:url(images/icons/stop.png)">' . $lang_register_php['email_address_banned'] . '</li>'; } mysql_free_result($result); // check captcha if ($CONFIG['registration_captcha'] != 0) { if (!captcha_plugin_enabled('register')) { require "include/captcha.inc.php"; if (!PhpCaptcha::Validate($captcha_confirmation)) { $error .= '<li style="list-style-image:url(images/icons/stop.png)">' . $lang_errors['captcha_error'] . '</li>'; } } else { $error = CPGPluginAPI::filter('captcha_register_validate', $error); } } if (!$CONFIG['allow_duplicate_emails_addr']) { $sql = "SELECT null FROM {$CONFIG['TABLE_USERS']} WHERE user_email = '{$email}'"; $result = cpg_db_query($sql); if (mysql_num_rows($result)) { $error = '<li style="list-style-image:url(images/icons/stop.png)">' . $lang_register_php['err_duplicate_email'] . '</li>'; } mysql_free_result($result); } $error = CPGPluginAPI::filter('register_form_validate', $error); if ($error != '') { return false; } if ($CONFIG['reg_requires_valid_email'] || $CONFIG['admin_activation']) { $active = 'NO'; list($usec, $sec) = explode(' ', microtime()); $seed = (double) $sec + (double) $usec * 100000; srand($seed); $act_key = md5(uniqid(rand(), 1)); } else { $active = 'YES'; $act_key = ''; } $encpassword = md5($password); $user_language = $CONFIG['lang']; $sql = "INSERT INTO {$CONFIG['TABLE_USERS']} (user_regdate, user_active, user_actkey, user_name, user_password, user_email, user_profile1, user_profile2, user_profile3, user_profile4, user_profile5, user_profile6, user_language) VALUES (NOW(), '{$active}', '{$act_key}', '{$user_name}', '{$encpassword}', '{$email}', '{$profile1}', '{$profile2}', '{$profile3}', '{$profile4}', '{$profile5}', '{$profile6}', '{$user_language}')"; $result = cpg_db_query($sql); $user_array = array(); $user_array['user_id'] = mysql_insert_id(); $user_array['user_name'] = $user_name; $user_array['user_email'] = $email; $user_array['user_active'] = $active; CPGPluginAPI::action('register_form_submit', $user_array); if ($CONFIG['log_mode']) { log_write('New user "' . $user_name . '" registered', CPG_ACCESS_LOG); } // Create a personal album if corresponding option is enabled if ($CONFIG['personal_album_on_registration'] == 1) { $user_id = mysql_insert_id(); $catid = $user_id + FIRST_USER_CAT; cpg_db_query("INSERT INTO {$CONFIG['TABLE_ALBUMS']} (`title`, `category`, `owner`) VALUES ('{$user_name}', {$catid}, {$user_id})"); } // Registrations must be activated/verified by the user clicking a link in an email if ($CONFIG['reg_requires_valid_email']) { // Mail the user the activation/verification link $act_link = rtrim($CONFIG['site_url'], '/') . '/register.php?activate=' . $act_key; $template_vars = array('{SITE_NAME}' => $CONFIG['gallery_name'], '{USER_NAME}' => $user_name, '{ACT_LINK}' => $act_link); if (!cpg_mail($email, sprintf($lang_register_php['confirm_email_subject'], $CONFIG['gallery_name']), nl2br(strtr($lang_register_php['confirm_email'], $template_vars)))) { cpg_die(CRITICAL_ERROR, $lang_register_php['failed_sending_email'], __FILE__, __LINE__); } msg_box($lang_register_php['information'], $lang_register_php['thank_you'], $lang_common['continue'], 'index.php'); } else { if ($CONFIG['admin_activation']) { // We need admin activation only msg_box($lang_register_php['information'], $lang_register_php['thank_you_admin_activation'], $lang_common['continue'], 'index.php'); } else { // No activation required, account is ready for login msg_box($lang_register_php['information'], $lang_register_php['acct_active'], $lang_common['continue'], 'index.php'); } } // email notification or actication link to admin if ($CONFIG['reg_notify_admin_email'] || $CONFIG['admin_activation'] && !$CONFIG['reg_requires_valid_email']) { if (UDB_INTEGRATION == 'coppermine') { // get default language in which to inform the admins $result = cpg_db_query("SELECT user_id, user_email, user_language FROM {$CONFIG['TABLE_USERS']} WHERE user_group = 1"); while ($row = mysql_fetch_assoc($result)) { if (!empty($row['user_email'])) { $admins[$row['user_id']] = array('email' => $row['user_email'], 'lang' => $row['user_language']); } } } else { //@todo: is it possible to get the language from bridged installs? $admins[] = array('email' => $CONFIG['gallery_admin_email'], 'lang' => 'english'); } foreach ($admins as $admin) { //check if the admin language is available if (file_exists("lang/{$admin['lang']}.php")) { $lang_register_php_def = cpg_get_default_lang_var('lang_register_php', $admin['lang']); $lang_register_approve_email_def = cpg_get_default_lang_var('lang_register_approve_email', $admin['lang']); } else { $lang_register_php_def = cpg_get_default_lang_var('lang_register_php'); $lang_register_approve_email_def = cpg_get_default_lang_var('lang_register_approve_email'); } // if the admin has to activate the login, give them the link to do so; but only if users don't have to verify their email address if ($CONFIG['admin_activation'] && !$CONFIG['reg_requires_valid_email']) { $act_link = rtrim($CONFIG['site_url'], '/') . '/register.php?activate=' . $act_key; $template_vars = array('{SITE_NAME}' => $CONFIG['gallery_name'], '{USER_NAME}' => $user_name, '{ACT_LINK}' => $act_link); cpg_mail($admin['email'], sprintf($lang_register_php_def['notify_admin_request_email_subject'], $CONFIG['gallery_name']), nl2br(strtr($lang_register_approve_email_def, $template_vars))); } elseif ($CONFIG['reg_notify_admin_email']) { // otherwise, email is for information only cpg_mail($admin['email'], sprintf($lang_register_php_def['notify_admin_email_subject'], $CONFIG['gallery_name']), sprintf($lang_register_php_def['notify_admin_email_body'], $user_name)); } } } return true; }
## Изменение описания ## ############################################################################################ ############################################################################################ ## Изменение описания ## ############################################################################################ case 'change': $uid = isset($_GET['uid']) ? check($_GET['uid']) : ''; $title = isset($_POST['title']) ? check($_POST['title']) : ''; $text = isset($_POST['text']) ? check($_POST['text']) : ''; $types = empty($_POST['types']) ? 0 : 1; $closed = empty($_POST['closed']) ? 0 : 1; if ($uid == $_SESSION['token']) { $queryoff = DB::run()->queryFetch("SELECT * FROM `offers` WHERE `offers_id`=? LIMIT 1;", array($id)); if (!empty($queryoff)) { if (utf_strlen($title) >= 5 && utf_strlen($title) <= 50) { if (utf_strlen($text) >= 5 && utf_strlen($text) <= 1000) { $title = antimat($title); $text = antimat($text); DB::run()->query("UPDATE `offers` SET `offers_type`=?, `offers_closed`=?, `offers_title`=?, `offers_text`=? WHERE `offers_id`=?;", array($types, $closed, $title, $text, $id)); $_SESSION['note'] = 'Данные успешно отредактированы!'; redirect("offers.php?act=view&id={$id}"); } else { show_error('Ошибка! Слишком длинное или короткое описание (От 5 до 1000 символов)!'); } } else { show_error('Ошибка! Слишком длинный или короткий заголовок (От 5 до 50 символов)!'); } } else { show_error('Ошибка! Данного предложения или проблемы не существует!'); } } else {
function check_user_info(&$error) { global $CONFIG; //, $PHP_SELF; global $lang_register_php, $lang_register_confirm_email, $lang_continue, $lang_register_approve_email, $lang_register_activated_email, $lang_register_user_login; //$CONFIG['admin_activation'] = FALSE; //$CONFIG['admin_activation'] = TRUE; $user_name = trim(get_post_var('username')); $password = trim(get_post_var('password')); $password_again = trim(get_post_var('password_verification')); $email = trim(get_post_var('email')); $profile1 = addslashes($_POST['user_profile1']); $profile2 = addslashes($_POST['user_profile2']); $profile3 = addslashes($_POST['user_profile3']); $profile4 = addslashes($_POST['user_profile4']); $profile5 = addslashes($_POST['user_profile5']); $profile6 = addslashes($_POST['user_profile6']); $sql = "SELECT user_id " . "FROM {$CONFIG['TABLE_USERS']} " . "WHERE user_name = '" . addslashes($user_name) . "'"; $result = cpg_db_query($sql); if (mysql_num_rows($result)) { $error = '<li>' . $lang_register_php['err_user_exists']; return false; } mysql_free_result($result); if (utf_strlen($user_name) < 2) { $error .= '<li>' . $lang_register_php['err_uname_short']; } if (utf_strlen($password) < 2) { $error .= '<li>' . $lang_register_php['err_password_short']; } if ($password == $user_name) { $error .= '<li>' . $lang_register_php['err_uname_pass_diff']; } if ($password != $password_again) { $error .= '<li>' . $lang_register_php['err_password_mismatch']; } if (!eregi("^[_\\.0-9a-z\\-]+@([0-9a-z][0-9a-z-]+\\.)+[a-z]{2,6}\$", $email)) { $error .= '<li>' . $lang_register_php['err_invalid_email']; } if ($error != '') { return false; } if (!$CONFIG['allow_duplicate_emails_addr']) { $sql = "SELECT user_id " . "FROM {$CONFIG['TABLE_USERS']} " . "WHERE user_email = '" . addslashes($email) . "'"; $result = cpg_db_query($sql); if (mysql_num_rows($result)) { $error = '<li>' . $lang_register_php['err_duplicate_email']; return false; } mysql_free_result($result); } if ($CONFIG['reg_requires_valid_email'] || $CONFIG['admin_activation']) { $active = 'NO'; list($usec, $sec) = explode(' ', microtime()); $seed = (double) $sec + (double) $usec * 100000; srand($seed); $act_key = md5(uniqid(rand(), 1)); } else { $active = 'YES'; $act_key = ''; } if ($CONFIG['enable_encrypted_passwords']) { $encpassword = md5($password); } else { $encpassword = $password; } $sql = "INSERT INTO {$CONFIG['TABLE_USERS']} " . "(user_regdate, user_active, user_actkey, user_name, user_password, user_email, user_profile1, user_profile2, user_profile3, user_profile4, user_profile5, user_profile6) " . "VALUES (NOW(), '{$active}', '{$act_key}', '" . addslashes($user_name) . "', '" . addslashes($encpassword) . "', '" . addslashes($email) . "', '{$profile1}', '{$profile2}', '{$profile3}', '{$profile4}', '{$profile5}', '{$profile6}')"; if ($CONFIG['log_mode']) { log_write('New user "' . addslashes($user_name) . '" created on ' . date("F j, Y, g:i a"), CPG_ACCESS_LOG); } $result = cpg_db_query($sql); if ($CONFIG['reg_requires_valid_email']) { if (!$CONFIG['admin_activation'] == 1) { //user gets activation email $act_link = rtrim($CONFIG['site_url'], '/') . '/register.php?activate=' . $act_key; $template_vars = array('{SITE_NAME}' => $CONFIG['gallery_name'], '{USER_NAME}' => $user_name, '{ACT_LINK}' => $act_link); if (!cpg_mail($email, sprintf($lang_register_php['confirm_email_subject'], $CONFIG['gallery_name']), nl2br(strtr($lang_register_confirm_email, $template_vars)))) { cpg_die(CRITICAL_ERROR, $lang_register_php['failed_sending_email'], __FILE__, __LINE__); } } if ($CONFIG['admin_activation'] == 1) { msg_box($lang_register_php['information'], $lang_register_php['thank_you_admin_activation'], $lang_continue, 'index.php'); } else { msg_box($lang_register_php['information'], $lang_register_php['thank_you'], $lang_continue, 'index.php'); } } else { msg_box($lang_register_php['information'], $lang_register_php['acct_active'], $lang_continue, 'index.php'); } // email notification to admin if ($CONFIG['reg_notify_admin_email']) { // get default language in which to inform the admin $lang_register_php_def = cpg_get_default_lang_var('lang_register_php'); $lang_register_approve_email_def = cpg_get_default_lang_var('lang_register_approve_email'); if ($CONFIG['admin_activation'] == 1) { $act_link = rtrim($CONFIG['site_url'], '/') . '/register.php?activate=' . $act_key; $template_vars = array('{SITE_NAME}' => $CONFIG['gallery_name'], '{USER_NAME}' => $user_name, '{ACT_LINK}' => $act_link); cpg_mail('admin', sprintf($lang_register_php_def['notify_admin_request_email_subject'], $CONFIG['gallery_name']), nl2br(strtr($lang_register_approve_email_def, $template_vars))); } else { cpg_mail('admin', sprintf($lang_register_php_def['notify_admin_email_subject'], $CONFIG['gallery_name']), sprintf($lang_register_php_def['notify_admin_email_body'], $user_name)); } } return true; }
## Поиск ## ############################################################################################ case 'search': $find = check(strval($_GET['find'])); $type = abs(intval($_GET['type'])); $where = abs(intval($_GET['where'])); $period = abs(intval($_GET['period'])); $section = abs(intval($_GET['section'])); if (!is_utf($find)) { $find = win_to_utf($find); } if (utf_strlen($find) >= 3 && utf_strlen($find) <= 50) { $findmewords = explode(" ", utf_lower($find)); $arrfind = array(); foreach ($findmewords as $val) { if (utf_strlen($val) >= 3) { $arrfind[] = empty($type) ? '+' . $val . '*' : $val . '*'; } } $findme = implode(" ", $arrfind); if ($type == 2 && count($findmewords) > 1) { $findme = "\"{$find}\""; } $config['newtitle'] = $find . ' - Результаты поиска'; $wheres = empty($where) ? 'topics' : 'posts'; $forumfind = $type . $wheres . $period . $section . $find; // ----------------------------- Поиск в темах -------------------------------// if ($wheres == 'topics') { if (empty($_SESSION['forumfindres']) || $forumfind != $_SESSION['forumfind']) { $searchsec = $section > 0 ? "`topics_forums_id`=" . $section . " AND" : ''; $searchper = $period > 0 ? "`topics_last_time`>" . (SITETIME - $period * 24 * 60 * 60) . " AND" : '';
function check_user_info(&$error) { // function check_user_info - start global $CONFIG; //, $PHP_SELF; global $lang_register_php, $lang_register_confirm_email, $lang_common, $lang_register_approve_email; global $lang_register_activated_email, $lang_register_user_login, $lang_errors; $superCage = Inspekt::makeSuperCage(); //$CONFIG['admin_activation'] = FALSE; //$CONFIG['admin_activation'] = TRUE; $user_name = trim(get_post_var('username')); $password = trim(get_post_var('password')); $password_again = trim(get_post_var('password_verification')); $email = trim(get_post_var('email')); $profile1 = $superCage->post->getEscaped('user_profile1'); $profile2 = $superCage->post->getEscaped('user_profile2'); $profile3 = $superCage->post->getEscaped('user_profile3'); $profile4 = $superCage->post->getEscaped('user_profile4'); $profile5 = $superCage->post->getEscaped('user_profile5'); $profile6 = $superCage->post->getEscaped('user_profile6'); $agree_disclaimer = $superCage->post->getEscaped('agree'); $captcha_confirmation = $superCage->post->getEscaped('confirmCode'); $sql = "SELECT user_id " . "FROM {$CONFIG['TABLE_USERS']} " . "WHERE user_name = '" . $user_name . "'"; $result = cpg_db_query($sql); if (mysql_num_rows($result)) { $error = '<li>' . $lang_register_php['err_user_exists'] . '</li>'; return false; } mysql_free_result($result); if (utf_strlen($user_name) < 2) { $error .= '<li>' . $lang_register_php['err_uname_short'] . '</li>'; } if (!empty($CONFIG['global_registration_pw'])) { $global_registration_pw = get_post_var('global_registration_pw'); if ($global_registration_pw != $CONFIG['global_registration_pw']) { $error .= '<li>' . $lang_register_php['err_global_pw'] . '</li>'; } elseif ($password == $CONFIG['global_registration_pw']) { $error .= '<li>' . $lang_register_php['err_global_pass_same'] . '</li>'; } } if (utf_strlen($password) < 2) { $error .= '<li>' . $lang_register_php['err_password_short'] . '</li>'; } if ($password == $user_name) { $error .= '<li>' . $lang_register_php['err_uname_pass_diff'] . '</li>'; } if ($password != $password_again) { $error .= '<li>' . $lang_register_php['err_password_mismatch'] . '</li>'; } if (!eregi("^[_\\.0-9a-z\\-]+@([0-9a-z][0-9a-z-]+\\.)+[a-z]{2,6}\$", $email)) { $error .= '<li>' . $lang_register_php['err_invalid_email'] . '</li>'; } if ($CONFIG['user_registration_disclaimer'] == 2 && $agree_disclaimer != 1) { $error .= '<li>' . $lang_register_php['err_disclaimer'] . '</li>'; } // check captcha if ($CONFIG['registration_captcha'] != 0) { require "include/captcha.inc.php"; if (!PhpCaptcha::Validate($captcha_confirmation)) { $error .= '<li>' . $lang_errors['captcha_error'] . '</li>'; } } if ($error != '') { return false; } if (!$CONFIG['allow_duplicate_emails_addr']) { $sql = "SELECT user_id " . "FROM {$CONFIG['TABLE_USERS']} " . "WHERE user_email = '" . addslashes($email) . "'"; $result = cpg_db_query($sql); if (mysql_num_rows($result)) { $error = '<li>' . $lang_register_php['err_duplicate_email'] . '</li>'; return false; } mysql_free_result($result); } if ($CONFIG['reg_requires_valid_email'] || $CONFIG['admin_activation']) { $active = 'NO'; list($usec, $sec) = explode(' ', microtime()); $seed = (double) $sec + (double) $usec * 100000; srand($seed); $act_key = md5(uniqid(rand(), 1)); } else { $active = 'YES'; $act_key = ''; } if ($CONFIG['enable_encrypted_passwords']) { $encpassword = md5($password); } else { $encpassword = $password; } $sql = "INSERT INTO {$CONFIG['TABLE_USERS']} " . "(user_regdate, user_active, user_actkey, user_name, user_password, user_email, user_profile1, user_profile2, user_profile3, user_profile4, user_profile5, user_profile6) " . "VALUES (NOW(), '{$active}', '{$act_key}', '{$user_name}', '{$encpassword}', '{$email}', '{$profile1}', '{$profile2}', '{$profile3}', '{$profile4}', '{$profile5}', '{$profile6}')"; if ($CONFIG['log_mode']) { log_write('New user "$user_name" created on ' . date("F j, Y, g:i a"), CPG_ACCESS_LOG); } $result = cpg_db_query($sql); // Create a personal album if corresponding option is enabled if ($CONFIG['personal_album_on_registration'] == 1) { print 'sub<br />'; $catid = mysql_insert_id() + FIRST_USER_CAT; print $catid; cpg_db_query("INSERT INTO {$CONFIG['TABLE_ALBUMS']} (`title`, `category`) VALUES ('{$user_name}', {$catid})"); print "INSERT INTO {$CONFIG['TABLE_ALBUMS']} (`title`, `category`) VALUES ('{$user_name}', {$catid})"; } if ($CONFIG['reg_requires_valid_email']) { if (!$CONFIG['admin_activation'] == 1) { //user gets activation email $act_link = rtrim($CONFIG['site_url'], '/') . '/register.php?activate=' . $act_key; $template_vars = array('{SITE_NAME}' => $CONFIG['gallery_name'], '{USER_NAME}' => $user_name, '{ACT_LINK}' => $act_link); if (!cpg_mail($email, sprintf($lang_register_php['confirm_email_subject'], $CONFIG['gallery_name']), nl2br(strtr($lang_register_confirm_email, $template_vars)))) { cpg_die(CRITICAL_ERROR, $lang_register_php['failed_sending_email'], __FILE__, __LINE__); } } if ($CONFIG['admin_activation'] == 1) { msg_box($lang_register_php['information'], $lang_register_php['thank_you_admin_activation'], $lang_common['continue'], 'index.php'); } else { msg_box($lang_register_php['information'], $lang_register_php['thank_you'], $lang_common['continue'], 'index.php'); } } else { msg_box($lang_register_php['information'], $lang_register_php['acct_active'], $lang_common['continue'], 'index.php'); } // email notification to admin if ($CONFIG['reg_notify_admin_email']) { // get default language in which to inform the admin $lang_register_php_def = cpg_get_default_lang_var('lang_register_php'); $lang_register_approve_email_def = cpg_get_default_lang_var('lang_register_approve_email'); if ($CONFIG['admin_activation'] == 1) { $act_link = rtrim($CONFIG['site_url'], '/') . '/register.php?activate=' . $act_key; $template_vars = array('{SITE_NAME}' => $CONFIG['gallery_name'], '{USER_NAME}' => $user_name, '{ACT_LINK}' => $act_link); cpg_mail('admin', sprintf($lang_register_php_def['notify_admin_request_email_subject'], $CONFIG['gallery_name']), nl2br(strtr($lang_register_approve_email_def, $template_vars))); } else { cpg_mail('admin', sprintf($lang_register_php_def['notify_admin_email_subject'], $CONFIG['gallery_name']), sprintf($lang_register_php_def['notify_admin_email_body'], $user_name)); } } return true; }
/** * build_caption() * * @param array $rowset by reference * @param array $must_have **/ function build_caption(&$rowset, $must_have = array()) { global $CONFIG, $THEME_DIR; global $album_date_fmt, $lastcom_date_fmt, $lastup_date_fmt, $lasthit_date_fmt, $cat; global $lang_get_pic_data, $lang_meta_album_names, $lang_errors; foreach ($rowset as $key => $row) { $caption = ''; if ($CONFIG['display_filename']) { $caption .= '<span class="thumb_filename">' . $row['filename'] . '</span>'; } $caption .= $row['title'] ? '<span class="thumb_title">' . $row['title'] . '</span>' : ''; if ($CONFIG['views_in_thumbview'] || in_array('hits', $must_have)) { $caption .= '<span class="thumb_title">' . sprintf($lang_get_pic_data['n_views'], $row['hits']) . '</span>'; } if ($CONFIG['caption_in_thumbview']) { $caption .= $row['caption'] ? "<span class=\"thumb_caption\">" . strip_tags(bb_decode($row['caption'])) . "</span>" : ''; } if ($CONFIG['display_comment_count']) { $comments_nr = count_pic_comments($row['pid']); if ($comments_nr > 0) { $caption .= "<span class=\"thumb_num_comments\">" . sprintf($lang_get_pic_data['n_comments'], $comments_nr) . "</span>"; } } if ($CONFIG['display_uploader']) { $caption .= $row['owner_id'] && $row['owner_name'] ? '<span class="thumb_title"><a href ="profile.php?uid=' . $row['owner_id'] . '">' . $row['owner_name'] . '</a></span>' : ''; } if (in_array('msg_date', $must_have)) { $caption .= '<span class="thumb_caption">' . localised_date($row['msg_date'], $lastcom_date_fmt) . '</span>'; } if (in_array('msg_body', $must_have)) { $msg_body = strip_tags(bb_decode($row['msg_body'])); // I didn't want to fully bb_decode the message where report to admin isn't available. -donnoman $msg_body = utf_strlen($msg_body) > 50 ? utf_substr($msg_body, 0, 50) . '...' : $msg_body; if ($CONFIG['enable_smilies']) { $msg_body = process_smilies($msg_body); } if ($row['author_id']) { $caption .= '<span class="thumb_caption"><a href ="profile.php?uid=' . $row['author_id'] . '">' . $row['msg_author'] . '</a>: ' . $msg_body . '</span>'; } else { $caption .= '<span class="thumb_caption">' . $row['msg_author'] . ': ' . $msg_body . '</span>'; } } if (in_array('ctime', $must_have)) { $caption .= '<span class="thumb_caption">' . localised_date($row['ctime'], $lastup_date_fmt) . '</span>'; } if (in_array('pic_rating', $must_have)) { if (defined('THEME_HAS_RATING_GRAPHICS')) { $prefix = $THEME_DIR; } else { $prefix = ''; } $caption .= "<span class=\"thumb_caption\">" . '<img src="' . $prefix . 'images/rating' . round($row['pic_rating'] / 2000) . '.gif" alt=""/>' . '<br />' . sprintf($lang_get_pic_data['n_votes'], $row['votes']) . '</span>'; } if (in_array('mtime', $must_have)) { $caption .= "<span class=\"thumb_caption\">" . localised_date($row['mtime'], $lasthit_date_fmt); if (GALLERY_ADMIN_MODE) { $caption .= "<br/>" . $row['lasthit_ip']; } $caption .= '</span>'; } $rowset[$key]['caption_text'] = $caption; } $rowset = CPGPluginAPI::filter('thumb_caption', $rowset); }
$money = intval($_POST['money']); $status = check($_POST['status']); $avatar = check($_POST['avatar']); $posrating = intval($_POST['posrating']); $negrating = intval($_POST['negrating']); if ($uid == $_SESSION['token']) { $user = DB::run()->queryFetch("SELECT * FROM `users` WHERE `users_login`=? LIMIT 1;", array($uz)); if (!empty($user)) { if ($log == $config['nickname'] || $log == $user['users_login'] || ($user['users_level'] < 101 || $user['users_level'] > 105)) { if (empty($pass) || preg_match('|^[a-z0-9\\-]+$|i', $pass)) { if (preg_match('#^([a-z0-9_\\-\\.])+\\@([a-z0-9_\\-\\.])+(\\.([a-z0-9])+)+$#', $email) || empty($email)) { if (preg_match('#^http://([а-яa-z0-9_\\-\\.])+(\\.([а-яa-z0-9\\/])+)+$#u', $site) || empty($site)) { if (preg_match('#^[0-9]{2}+\\.[0-9]{2}+\\.[0-9]{4}$#', $joined)) { if (preg_match('#^[0-9]{2}+\\.[0-9]{2}+\\.[0-9]{4}$#', $birthday) || empty($birthday)) { if ($gender == 1 || $gender == 2) { if (utf_strlen($info) <= 1000) { if ($log == $config['nickname']) { $access = $level; } else { $access = $user['users_level']; } if (!empty($pass)) { echo '<b><span style="color:#ff0000">Внимание! Вы изменили пароль пользователя!</span></b><br />'; echo 'Не забудьте ему напомнить его новый пароль: <b>' . $pass . '</b><br /><br />'; $mdpass = md5(md5($pass)); } else { $mdpass = $user['users_pass']; } list($uday, $umonth, $uyear) = explode(".", $joined); $joined = mktime('0', '0', '0', $umonth, $uday, $uyear); $name = utf_substr($name, 0, 20);
############################################################################################ ############################################################################################ ## Изменение ссылки ## ############################################################################################ case 'change': if (isset($_GET['id'])) { $id = abs(intval($_GET['id'])); } else { $id = 0; } $uid = check($_GET['uid']); $link = check(utf_lower($_POST['link'])); $name = check($_POST['name']); if ($uid == $_SESSION['token']) { if (utf_strlen($link) >= 10 && utf_strlen($link) <= 50) { if (utf_strlen($name) >= 5 && utf_strlen($name) <= 25) { if (preg_match('#^http://([а-яa-z0-9_\\-\\.])+(\\.([а-яa-z0-9\\/])+)+$#u', $link)) { $querypyr = DB::run()->querySingle("SELECT `pyramid_id` FROM `pyramid` WHERE `pyramid_id`=? LIMIT 1;", array($id)); if (!empty($querypyr)) { DB::run()->query("UPDATE `pyramid` SET `pyramid_link`=?, `pyramid_name`=? WHERE`pyramid_id`=?;", array($link, $name, $id)); $_SESSION['note'] = 'Рекламная ссылка успешно изменена!'; redirect("pyramid.php"); } else { show_error('Ошибка! Данной ссылки нет в списке!'); } } else { show_error('Ошибка! Недопустимый адрес сайта! (http://sitename.domen)!'); } } else { show_error('Ошибка! Слишком длинное или короткое название. Не менее 5 и не более 25 символов!'); }
if (file_exists(DATADIR . "dataforum/mainforum.dat")) { $fileforum = file(DATADIR . "dataforum/mainforum.dat"); $total = count($fileforum); if ($total > 0) { foreach ($fileforum as $forumval) { $forum = explode("|", $forumval); echo '<div class="b"><img src="/images/img/forums.gif" alt="image" /> '; echo '<b><a href="forum.php?fid=' . $forum[0] . '&' . SID . '">' . $forum[1] . '</a></b> (' . $forum[2] . '/' . $forum[3] . ')</div>'; $totalforum = counter_string(DATADIR . "dataforum/topic" . $forum[0] . ".dat"); if ($totalforum > 0) { $filetopic = file(DATADIR . "dataforum/topic" . $forum[0] . ".dat"); $topic = explode("|", end($filetopic)); if (file_exists(DATADIR . 'dataforum/' . $forum[0] . '-' . $topic[0] . '.dat')) { $filepost = file(DATADIR . 'dataforum/' . $forum[0] . '-' . $topic[0] . '.dat'); $post = explode("|", end($filepost)); if (utf_strlen($topic[3]) > 35) { $topic[3] = utf_substr($topic[3], 0, 30); $topic[3] .= "..."; } echo '<div>Тема: <a href="topic.php?act=end&fid=' . $forum[0] . '&id=' . $topic[0] . '&' . SID . '">' . $topic[3] . '</a><br />'; echo 'Сообщение: ' . nickname($post[2]) . ' (' . date_fixed($post[6]) . ')</div>'; } else { echo 'Последняя тема не найдена!'; } } else { echo 'Раздел пустой! Темы еще не созданы!'; } } echo '<br />Всего разделов: <b>' . $total . '</b><br /><br />'; } else { show_error('Форум пустой! Разделы еще не созданы!');
############################################################################################ ## Изменение ссылки ## ############################################################################################ if ($action == "edit") { $uid = check($_GET['uid']); $urlrek = check($_POST['urlrek']); $namerek = check($_POST['namerek']); if (isset($_GET['id'])) { $id = (int) $_GET['id']; } else { $id = ""; } if ($uid == $_SESSION['token']) { if ($id !== "") { if (strlen($urlrek) <= 50) { if (utf_strlen(trim($namerek)) >= 10 && utf_strlen($namerek) <= 35) { if (preg_match('#^http://([a-z0-9_\\-\\.])+(\\.([a-z0-9\\/])+)+$#', $urlrek)) { $string = search_string(DATADIR . "reklama.dat", $log, 3); if ($string) { if ($id == $string['line']) { $text = no_br('|' . $urlrek . '|' . $namerek . '|' . $log . '|'); replace_lines(DATADIR . "reklama.dat", $id, $text); header("Location: reklama.php?isset=mp_editreklama&" . SID); exit; } else { echo '<b>Ошибка! Нельзя изменять чужую ссылку!</b><br />'; } } else { echo '<b>Ошибка! Вашей ссылки нет в списке!</b><br />'; } } else {
## Добавление заметки ## ############################################################################################ ############################################################################################ ## Добавление заметки ## ############################################################################################ case 'editnote': $uid = check($_GET['uid']); $msg = check($_POST['msg']); if (isset($_GET['id'])) { $id = abs(intval($_GET['id'])); } else { $id = 0; } if ($uid == $_SESSION['token']) { if ($id > 0) { if (utf_strlen($msg) < 1000) { DB::run()->query("UPDATE contact SET contact_text=? WHERE contact_id=? AND contact_user=?;", array($msg, $id, $log)); $_SESSION['note'] = 'Заметка успешно отредактирована!'; redirect("contact.php?start={$start}"); } else { show_error('Ошибка! Слишком длинная заметка (не более 1000 символов)!'); } } else { show_error('Ошибка! Не выбран пользователь для добавления заметки!'); } } else { show_error('Ошибка! Неверный идентификатор сессии, повторите действие!'); } echo '<img src="/images/img/back.gif" alt="image" /> <a href="contact.php?act=note&id=' . $id . '&start=' . $start . '">Вернуться</a><br />'; echo '<img src="/images/img/reload.gif" alt="image" /> <a href="contact.php?start=' . $start . '">К спискам</a><br />'; break;
## Создание новой темы ## ############################################################################################ case 'create': $config['newtitle'] = 'Создание новой темы'; $uid = check($_GET['uid']); $fid = abs(intval($_POST['fid'])); $forum = search_string(DATADIR . "dataforum/mainforum.dat", $fid, 0); if ($forum) { if (is_user()) { if ($uid == $_SESSION['token']) { $title = check($_POST['title']); $msg = check($_POST['msg']); if (is_flood($log)) { if (is_quarantine($log)) { if (utf_strlen(trim($title)) >= 5 && utf_strlen($title) <= 50) { if (utf_strlen(trim($msg)) >= 5 && utf_strlen($msg) <= 3000) { statistics(1); statistics(2); $title = no_br($title); $title = antimat($title); $msg = no_br($msg, '<br />'); $msg = antimat($msg); $msg = smiles($msg); $id = unifile(DATADIR . "dataforum/topic{$fid}.dat", 0); // Создание темы в списке тем $text = $id . '|' . $fid . '|' . $log . '|' . $title . '|' . SITETIME . '|0|0|'; write_files(DATADIR . "dataforum/topic{$fid}.dat", "{$text}\r\n", 0, 0666); // Создание файла темы и запись сообщения $topictext = $id . '|' . $fid . '|' . $log . '|' . $msg . '|' . $brow . ', ' . $ip . '|' . SITETIME . '|'; write_files(DATADIR . 'dataforum/' . $fid . '-' . $id . '.dat', "{$topictext}\r\n", 1, 0666); // Обновление mainforum
/** * Find position of first occurance of a string in another string * Compatible with mb_strpos(), an UTF-8 friendly replacement for strpos() */ function strpos($haystack, $needle, $offset = 0) { $comp = 0; while (!isset($length) || $length < $offset) { $pos = strpos($haystack, $needle, $offset + $comp); if ($pos === false) { return false; } $length = utf_strlen(substr($haystack, 0, $pos)); if ($length < $offset) { $comp = $pos - $length; } } return $length; }
show_error('Совпадений не найдено!'); } } else { show_error('Ошибка! Не выбраны критерии поиска пользователей!'); } echo '<img src="/images/img/back.gif" alt="image" /> <a href="searchuser.php">Вернуться</a><br />'; break; ############################################################################################ ## Поиск пользователя ## ############################################################################################ ############################################################################################ ## Поиск пользователя ## ############################################################################################ case 'search': $find = check(strtolower($_POST['find'])); if (utf_strlen($find) >= 3 && utf_strlen($find) <= 20) { $querysearch = DB::run()->query("SELECT `users_login`, `users_point` FROM `users` WHERE lower(`users_login`) LIKE ? OR `users_nickname` LIKE ? ORDER BY `users_point` DESC LIMIT " . $config['usersearch'] . ";", array('%' . $find . '%', '%' . $find . '%')); $result = $querysearch->fetchAll(); $total = count($result); if ($total > 0) { foreach ($result as $value) { echo user_gender($value['users_login']); if ($find == $value['users_login']) { echo '<b><big>' . profile($value['users_login'], '#ff0000') . '</big></b> ' . user_online($value['users_login']) . ' (' . points($value['users_point']) . ')<br />'; } else { echo '<b>' . profile($value['users_login']) . '</b> ' . user_online($value['users_login']) . ' (' . points($value['users_point']) . ')<br />'; } } echo '<br />Найдено совпадений: <b>' . $total . '</b><br /><br />'; } else { show_error('По вашему запросу ничего не найдено');
## Редактирование ## ############################################################################################ case 'edit': $uid = check($_GET['uid']); $cid = abs(intval($_POST['cid'])); $title = check($_POST['title']); $text = check($_POST['text']); $author = check($_POST['author']); $site = $_POST['site'] != 'http://' ? check($_POST['site']) : ''; $link = check(strtolower($_POST['link'])); $notice = check($_POST['notice']); $app = empty($_POST['app']) ? 0 : 1; if ($uid == $_SESSION['token']) { if (utf_strlen($title) >= 5 && utf_strlen($title) < 50) { if (utf_strlen($text) >= 10 && utf_strlen($text) < 5000) { if (utf_strlen($author) <= 50) { if (empty($site) || preg_match('#^http://([а-яa-z0-9_\\-\\.])+(\\.([а-яa-z0-9\\/])+)+$#u', $site)) { if (strlen($link) <= 50) { if (!preg_match('/\\.(php|pl|cgi|phtml|htaccess)/i', $link)) { $new = DB::run()->queryFetch("SELECT `downs`.*, `cats`.`folder` FROM `downs` LEFT JOIN `cats` ON `downs`.`downs_cats_id`=`cats`.`cats_id` WHERE `downs_id`=? LIMIT 1;", array($id)); $folder = $new['folder'] ? $new['folder'] . '/' : ''; if (!empty($new)) { if (empty($new['downs_active'])) { $downs = DB::run()->querySingle("SELECT `cats_id` FROM `cats` WHERE `cats_id`=? LIMIT 1;", array($cid)); if (!empty($downs)) { $downlink = DB::run()->querySingle("SELECT `downs_link` FROM `downs` WHERE `downs_link`=? AND `downs_id`<>? LIMIT 1;", array($link, $id)); if (empty($downlink)) { $newtitle = DB::run()->querySingle("SELECT `downs_title` FROM `downs` WHERE `downs_title`=? AND `downs_id`<>? LIMIT 1;", array($title, $id)); if (empty($newtitle)) { if (!empty($link) && $link != $new['downs_link'] && file_exists(BASEDIR . '/load/files/' . $folder . $new['downs_link'])) { $oldext = getExtension($new['downs_link']);
function update_user($user_id) { global $CONFIG; //, $PHP_SELF; global $lang_usermgr_php, $lang_register_php, $lang_send_login_data_email; $user_name = addslashes(trim($_POST['user_name'])); $user_password = addslashes(trim($_POST['user_password'])); $user_email = addslashes(trim($_POST['user_email'])); $profile1 = addslashes($_POST['user_profile1']); $profile2 = addslashes($_POST['user_profile2']); $profile3 = addslashes($_POST['user_profile3']); $profile4 = addslashes($_POST['user_profile4']); $profile5 = addslashes($_POST['user_profile5']); $profile6 = addslashes($_POST['user_profile6']); $user_active = $_POST['user_active']; $user_group = $_POST['user_group']; $group_list = isset($_POST['group_list']) ? $_POST['group_list'] : ''; $sql = "SELECT user_id " . "FROM {$CONFIG['TABLE_USERS']} " . "WHERE user_name = '" . addslashes($user_name) . "' AND user_id != {$user_id}"; $result = cpg_db_query($sql); if (mysql_num_rows($result)) { cpg_die(ERROR, $lang_register_php['err_user_exists'], __FILE__, __LINE__); return false; } mysql_free_result($result); if (utf_strlen($user_name) < 2) { cpg_die(ERROR, $lang_register_php['err_uname_short'], __FILE__, __LINE__); } if ($user_password && utf_strlen($user_password) < 2) { cpg_die(ERROR, $lang_register_php['err_password_short'], __FILE__, __LINE__); } if (is_array($group_list)) { $user_group_list = ''; foreach ($group_list as $group) { $user_group_list .= $group != $user_group ? $group . ',' : ''; } $user_group_list = substr($user_group_list, 0, -1); } else { $user_group_list = ''; } $sql_update = "UPDATE {$CONFIG['TABLE_USERS']} SET " . "user_name = '{$user_name}', " . "user_email = '{$user_email}', " . "user_active = '{$user_active}', " . "user_group = '{$user_group}', " . "user_profile1 = '{$profile1}', " . "user_profile2 = '{$profile2}', " . "user_profile3 = '{$profile3}', " . "user_profile4 = '{$profile4}', " . "user_profile5 = '{$profile5}', " . "user_profile6 = '{$profile6}', " . "user_group_list = '{$user_group_list}'"; if (!empty($user_password)) { $sql_update .= ", user_password = '******'enable_encrypted_passwords'] ? md5($user_password) : $user_password) . "'"; } $sql_update .= " WHERE user_id = '{$user_id}'"; cpg_db_query($sql_update); // If send login data checkbox is checked then send the username and password to the user in an email if (isset($_POST['send_login_data']) && trim($_POST['user_email'])) { require 'include/mailer.inc.php'; $template_vars = array('{SITE_NAME}' => $CONFIG['gallery_name'], '{SITE_LINK}' => $CONFIG['site_url'], '{USER_NAME}' => trim($_POST['user_name']), '{USER_PASS}' => trim($_POST['user_password'])); if (!cpg_mail(trim($_POST['user_email']), $lang_usermgr_php['send_login_email_subject'], nl2br(strtr($lang_send_login_data_email, $template_vars)))) { cpg_die(CRITICAL_ERROR, $lang_usermgr_php['failed_sending_email'], __FILE__, __LINE__); } } }
echo '<input value="Отправить" name="do" type="submit" /></form></div><br />'; echo 'Если модер вас забанил по ошибке или вы считаете, что бан не заслужен, то вы можете написать объяснение своего нарушения<br />'; echo 'В случае если ваше объяснение будет рассмотрено и удовлетворено, то возможно вас и разбанят<br /><br />'; } break; ############################################################################################ ## Отправка объяснения ## ############################################################################################ ############################################################################################ ## Отправка объяснения ## ############################################################################################ case 'send': $msg = check($_POST['msg']); if ($config['addbansend'] == 1) { if ($udata['users_explainban'] == 1) { if (utf_strlen($msg) >= 5 && utf_strlen($msg) < 1000) { $queryuser = DB::run()->querySingle("SELECT `users_id` FROM `users` WHERE `users_login`=? LIMIT 1;", array($udata['users_loginsendban'])); if (!empty($queryuser)) { $msg = antimat($msg); $textpriv = 'Объяснение нарушения: ' . $msg; DB::run()->query("INSERT INTO `inbox` (`inbox_user`, `inbox_author`, `inbox_text`, `inbox_time`) VALUES (?, ?, ?, ?);", array($udata['users_loginsendban'], $log, $textpriv, SITETIME)); DB::run()->query("UPDATE `users` SET `users_explainban`=? WHERE `users_login`=?;", array(0, $log)); DB::run()->query("UPDATE `users` SET `users_newprivat`=`users_newprivat`+1 WHERE `users_login`=?;", array($udata['users_loginsendban'])); $_SESSION['note'] = 'Объяснение успешно отправлено!'; redirect("ban.php"); } else { show_error('Ошибка! Пользователь который вас забанил не найден!'); } } else { show_error('Ошибка! Слишком длинное или короткое объяснение!'); }
############################################################################################ ############################################################################################ ## Редактирование файла ## ############################################################################################ case 'changedown': $uid = check($_GET['uid']); $title = check($_POST['title']); $text = check($_POST['text']); $author = !empty($_POST['author']) ? check($_POST['author']) : ''; $site = $_POST['site'] != 'http://' ? check($_POST['site']) : ''; $loadfile = check(strtolower($_POST['loadfile'])); if ($uid == $_SESSION['token']) { if (utf_strlen($title) >= 5 && utf_strlen($title) <= 50) { if (utf_strlen($text) >= 10 && utf_strlen($text) <= 5000) { if (utf_strlen($author) <= 50) { if (utf_strlen($site) <= 50) { if (empty($site) || preg_match('#^http://([а-яa-z0-9_\\-\\.])+(\\.([а-яa-z0-9\\/])+)+$#u', $site)) { if (strlen($loadfile) <= 50) { if (!preg_match('/\\.(php|pl|cgi|phtml|htaccess)/i', $loadfile)) { $new = DB::run()->queryFetch("SELECT `downs`.*, `cats`.* FROM `downs` LEFT JOIN `cats` ON `downs`.`downs_cats_id`=`cats`.`cats_id` WHERE `downs_id`=? LIMIT 1;", array($id)); if (!empty($new)) { $folder = $new['folder'] ? $new['folder'] . '/' : ''; $downlink = DB::run()->querySingle("SELECT `downs_link` FROM `downs` WHERE `downs_link`=? AND `downs_id`<>? LIMIT 1;", array($loadfile, $id)); if (empty($downlink)) { $downtitle = DB::run()->querySingle("SELECT `downs_title` FROM `downs` WHERE `downs_title`=? AND `downs_id`<>? LIMIT 1;", array($title, $id)); if (empty($downtitle)) { if (!empty($loadfile) && $loadfile != $new['downs_link'] && file_exists(BASEDIR . '/load/files/' . $folder . $new['downs_link'])) { $oldext = getExtension($new['downs_link']); $newext = getExtension($loadfile); if ($oldext == $newext) { $screen = $new['downs_screen'];
function search_text_in_db($searchstr, $base_sql, $where_search, $add_where = array(), $strict = false) { global $db, $config; //$stopword_array = @file($root_path . 'languages/lang_' . $config['default_lang'] . '/search_stopwords.txt'); //$synonym_array = @file($root_path . 'languages/lang_' . $config['default_lang'] . '/search_synonyms.txt'); $match_types = array('or', 'not', 'and'); $add_where = sizeof($add_where) ? ' AND ' . implode(' AND ', $add_where) : ''; $cleansearchstr = searchfield($searchstr); $lower_searchstr = utf_strtolower($searchstr); if ($strict) { $split_search = array($lower_searchstr); } else { $split_search = split_words($cleansearchstr); if ($lower_searchstr != $searchstr) { $search_full_string = true; foreach ($match_types as $_null => $match_type) { if (strpos($lower_searchstr, $match_type) !== false) { $search_full_string = false; } } if ($search_full_string) { $split_search[] = $lower_searchstr; } } } $word_count = 0; $current_match_type = 'and'; $word_match = array(); $result_list = array(); for ($i = 0; $i < sizeof($split_search); $i++) { if (utf_strlen(str_replace(array('*', '%'), '', trim($split_search[$i]))) < $config['search_min_chars'] && !in_array($split_search[$i], $match_types)) { $split_search[$i] = ''; continue; } switch ($split_search[$i]) { case 'and': $current_match_type = 'and'; break; case 'or': $current_match_type = 'or'; break; case 'not': $current_match_type = 'not'; break; default: if (!empty($search_terms)) { $current_match_type = 'and'; } if ($strict) { $search = $where_search . ' = \'' . sqlesc($split_search[$i]) . '\'' . $add_where; } else { $match_word = str_replace('*', '%', $split_search[$i]); $search = $where_search . ' LIKE \'%' . sqlesc($match_word) . '%\'' . $add_where; //$search = $where_search . ' REGEXP \'[[:<:]]' . $db->sql_escape($match_word) . '[[:>:]]\'' . $add_where; } $sql = $base_sql . ' WHERE ' . $search; $result = sql_query($sql); $row = array(); while ($temp_row = mysqli_fetch_row($result)) { $row[$temp_row['id']] = 1; if (!$word_count) { $result_list[$temp_row['id']] = 1; } else { if ($current_match_type == 'or') { $result_list[$temp_row['id']] = 1; } else { if ($current_match_type == 'not') { $result_list[$temp_row['id']] = 0; } } } } if ($current_match_type == 'and' && $word_count) { @reset($result_list); foreach ($result_list as $id => $match_count) { if (!isset($row[$id]) || !$row[$id]) { //$result_list[$id] = 0; @($result_list[$id] -= 1); } else { @($result_list[$id] += 1); } } } $word_count++; mysqli_fetch_assoc($result); } } @reset($result_list); $search_ids = array(); foreach ($result_list as $id => $matches) { if ($matches > 0) { //if ( $matches ) { $search_ids[] = $id; } } unset($result_list); return $search_ids; }
} //------------------------------------------------------// $files = array_reverse($files); $total = count($files); if ($total > 0) { if ($start < 0 || $start >= $total) { $start = 0; } if ($total < $start + $config['boardspost']) { $end = $total; } else { $end = $start + $config['boardspost']; } for ($i = $start; $i < $end; $i++) { $data = explode("|", $files[$i]); if (utf_strlen($data[2]) > 100) { $data[2] = utf_substr($data[2], 0, 100); $data[2] .= "..."; } echo '<div class="b">'; echo '<img src="../images/img/forums.gif" alt="image" /> ' . ($i + 1) . '. '; echo '<b><a href="index.php?action=view&id=' . $id . '&bid=' . $data[5] . '&start=' . $start . '&' . SID . '">' . $data[0] . '</a></b> '; echo '<small>(' . date_fixed($data[3]) . ')</small></div>'; echo 'Текст объявления: ' . $data[2] . '<br />'; echo 'Автор объявления: <a href="../pages/anketa.php?uz=' . $data[1] . '&' . SID . '">' . nickname($data[1]) . '</a><br />'; } page_jumpnavigation('index.php?action=board&id=' . $id . '&', $config['boardspost'], $start, $total); page_strnavigation('index.php?action=board&id=' . $id . '&', $config['boardspost'], $start, $total); echo '<br />Всего объявлений: <b>' . (int) $total . '</b><br />'; } else { show_error('Объявлений еще нет, будь первым!');
pageheader($title, "<META http-equiv=\"refresh\" content=\"3;url={$redirect}\">"); msg_box($lang_common['error'], $error, $lang_common['back'], $redirect); } pagefooter(); exit; } if ($superCage->post->keyExists('change_password') && USER_ID && UDB_INTEGRATION == 'coppermine') { //!defined('UDB_INTEGRATION')) { //Check if the form token is valid if (!checkFormToken()) { cpg_die(ERROR, $lang_errors['invalid_form_token'], __FILE__, __LINE__); } $current_pass = get_post_var('current_pass'); $new_pass = get_post_var('new_pass'); $new_pass_again = get_post_var('new_pass_again'); if (utf_strlen($new_pass) < 2) { cpg_die(ERROR, $lang_register_php['password_warning1'], __FILE__, __LINE__); } if ($new_pass != $new_pass_again) { cpg_die(ERROR, $lang_register_php['password_verification_warning1'], __FILE__, __LINE__); } $new_pass = md5($new_pass); $current_pass = md5($current_pass); $sql = "UPDATE {$CONFIG['TABLE_USERS']} SET user_password = '******' WHERE user_id = '" . USER_ID . "' AND BINARY user_password = '******'"; $result = cpg_db_query($sql); if (!mysql_affected_rows($CONFIG['LINK_ID'])) { cpg_die(ERROR, $lang_register_php['pass_chg_error'], __FILE__, __LINE__); } $title = sprintf($lang_register_php['x_s_profile'], stripslashes(USER_NAME)); $redirect = $CPG_PHP_SELF . "?op=edit_profile"; cpgRedirectPage($redirect, $title, $lang_register_php['pass_chg_success'], 3, 'success');
/** * build_caption() * * @param array $rowset by reference * @param array $must_have **/ function build_caption(&$rowset, $must_have = array(), $mode = 'files') { global $CONFIG, $THEME_DIR, $lang_date, $lang_get_pic_data, $cpg_udb; foreach ($rowset as $key => $row) { $caption = ''; if ($CONFIG['display_filename']) { $caption .= '<span class="thumb_filename">' . $row['filename'] . '</span>'; } if (!empty($row['title'])) { $caption .= '<span class="thumb_title thumb_title_title">' . $row['title'] . '</span>'; } if ($CONFIG['views_in_thumbview'] || in_array('hits', $must_have)) { $views = $mode == 'albums' ? $row['alb_hits'] : $row['hits']; $caption .= '<span class="thumb_title thumb_title_views">' . sprintf($lang_get_pic_data['n_views'], $views) . '</span>'; } if ($CONFIG['caption_in_thumbview'] && !empty($row['caption'])) { $caption .= '<span class="thumb_caption thumb_caption_caption">' . strip_tags(bb_decode($row['caption'])) . '</span>'; } if ($CONFIG['display_comment_count'] && $row['pid']) { $comments_nr = count_pic_comments($row['pid']); if ($comments_nr > 0) { $caption .= '<span class="thumb_num_comments">' . sprintf($lang_get_pic_data['n_comments'], $comments_nr) . '</span>'; } } if ($CONFIG['display_uploader']) { if ($row['owner_id']) { $caption .= '<span class="thumb_title thumb_title_owner"><a href="profile.php?uid=' . $row['owner_id'] . '">' . $cpg_udb->get_user_name($row['owner_id']) . '</a></span>'; } } if (in_array('msg_date', $must_have)) { $caption .= '<span class="thumb_caption thumb_caption_msg_date">' . localised_date($row['msg_date'], $lang_date['lastcom']) . '</span>'; } if (in_array('msg_body', $must_have)) { $msg_body = strip_tags(bb_decode($row['msg_body'])); // I didn't want to fully bb_decode the message where report to admin isn't available. -donnoman $msg_body = utf_strlen($msg_body) > 50 ? utf_substr($msg_body, 0, 50) . '...' : $msg_body; if ($CONFIG['enable_smilies']) { $msg_body = process_smilies($msg_body); } if ($row['author_id']) { $caption .= '<span class="thumb_caption thumb_caption_author"><a href="profile.php?uid=' . $row['author_id'] . '">' . $row['msg_author'] . '</a>: ' . $msg_body . '</span>'; } else { $caption .= '<span class="thumb_caption thumb_caption_author">' . $row['msg_author'] . ': ' . $msg_body . '</span>'; } } if (in_array('ctime', $must_have)) { $caption .= '<span class="thumb_caption thumb_caption_ctime">' . localised_date($row['ctime'], $lang_date['lastup']) . '</span>'; } if (in_array('pic_rating', $must_have)) { if (defined('THEME_HAS_RATING_GRAPHICS')) { $prefix = $THEME_DIR; } else { $prefix = ''; } //calculate required amount of stars in picinfo $rating = round($row['pic_rating'] / 2000 / (5 / $CONFIG['rating_stars_amount'])); $rating_images = ''; for ($i = 1; $i <= $CONFIG['rating_stars_amount']; $i++) { if ($i <= $rating) { $rating_images .= '<img src="' . $prefix . 'images/rate_full.png" alt="' . $rating . '"/>'; } else { $rating_images .= '<img src="' . $prefix . 'images/rate_empty.png" alt="' . $rating . '"/>'; } } $caption .= '<span class="thumb_caption thumb_caption_rating">' . $rating_images . '<br />' . sprintf($lang_get_pic_data['n_votes'], $row['votes']) . '</span>'; } if (in_array('mtime', $must_have)) { $caption .= '<span class="thumb_caption thumb_caption_mtime">' . localised_date($row['mtime'], $lang_date['lasthit']); if (GALLERY_ADMIN_MODE) { $caption .= '<br />' . $row['lasthit_ip']; } $caption .= '</span>'; } $rowset[$key]['caption_text'] = $caption; } $rowset = CPGPluginAPI::filter('thumb_caption', $rowset); }
function update_user($user_id) { global $CONFIG; global $lang_usermgr_php, $lang_register_php, $icon_array; $superCage = Inspekt::makeSuperCage(); $user_name = $superCage->post->getEscaped('user_name'); $user_password = $superCage->post->getEscaped('user_password'); $user_email = $superCage->post->getEscaped('user_email'); $profile1 = $superCage->post->getEscaped('user_profile1'); $profile2 = $superCage->post->getEscaped('user_profile2'); $profile3 = $superCage->post->getEscaped('user_profile3'); $profile4 = $superCage->post->getEscaped('user_profile4'); $profile5 = $superCage->post->getEscaped('user_profile5'); $profile6 = $superCage->post->getEscaped('user_profile6'); $user_active = $superCage->post->getAlpha('user_active'); $user_group = $superCage->post->getInt('user_group'); $group_list = $superCage->post->keyExists('group_list') ? $superCage->post->getInt('group_list') : ''; if ($user_id == 'new_user') { cpg_db_query("INSERT INTO {$CONFIG['TABLE_USERS']} (user_regdate, user_profile6) VALUES (NOW(), '')"); $user_id = mysql_insert_id(); log_write('New user "' . $user_name . '" created', CPG_ACCESS_LOG); // Create a personal album if corresponding option is enabled if ($CONFIG['personal_album_on_registration'] == 1) { $catid = $user_id + FIRST_USER_CAT; cpg_db_query("INSERT INTO {$CONFIG['TABLE_ALBUMS']} (`title`, `category`) VALUES ('{$user_name}', {$catid})"); } } $sql = "SELECT user_id FROM {$CONFIG['TABLE_USERS']} WHERE user_name = '{$user_name}' AND user_id != {$user_id}"; $result = cpg_db_query($sql); if (mysql_num_rows($result)) { cpg_die(ERROR, $lang_register_php['err_user_exists'], __FILE__, __LINE__); return false; } mysql_free_result($result); if (utf_strlen($user_name) < 2) { cpg_die(ERROR, $lang_register_php['username_warning2'], __FILE__, __LINE__); } if ($user_password && utf_strlen($user_password) < 2) { cpg_die(ERROR, $lang_register_php['password_warning1'], __FILE__, __LINE__); } // Save old user data (we need it later to determine if we need to send the activation confirmation email) $user_data = mysql_fetch_assoc(cpg_db_query("SELECT user_name, user_active, user_email, user_actkey FROM {$CONFIG['TABLE_USERS']} WHERE user_id = '{$user_id}'")); if (is_array($group_list)) { $user_group_list = ''; foreach ($group_list as $group) { $user_group_list .= $group != $user_group ? $group . ',' : ''; } $user_group_list = substr($user_group_list, 0, -1); } else { $user_group_list = ''; } $sql_update = "UPDATE {$CONFIG['TABLE_USERS']} SET " . "user_name = '{$user_name}', " . "user_email = '{$user_email}', " . "user_active = '{$user_active}', " . "user_group = '{$user_group}', " . "user_profile1 = '{$profile1}', " . "user_profile2 = '{$profile2}', " . "user_profile3 = '{$profile3}', " . "user_profile4 = '{$profile4}', " . "user_profile5 = '{$profile5}', " . "user_profile6 = '{$profile6}', " . "user_group_list = '{$user_group_list}'"; if (!empty($user_password)) { require 'include/passwordhash.inc.php'; $sql_update .= ', ' . cpg_password_create_update_string($user_password); } if ($user_active == 'YES') { $sql_update .= ", user_actkey = ''"; } $sql_update .= " WHERE user_id = '{$user_id}'"; cpg_db_query($sql_update); // Update comments' author name cpg_db_query("UPDATE {$CONFIG['TABLE_COMMENTS']} SET msg_author = '{$user_name}' WHERE author_id = {$user_id}"); // If send login data checkbox is checked then send the username and password to the user in an email if ($superCage->post->keyExists('send_login_data') && trim($user_email)) { require 'include/mailer.inc.php'; $template_vars = array('{SITE_NAME}' => $CONFIG['gallery_name'], '{SITE_LINK}' => $CONFIG['site_url'], '{USER_NAME}' => trim($user_name), '{USER_PASS}' => trim($user_password)); if (!cpg_mail(trim($user_email), $lang_usermgr_php['send_login_email_subject'], nl2br(strtr($lang_usermgr_php['send_login_data_email'], $template_vars)))) { cpg_die(CRITICAL_ERROR, $lang_usermgr_php['failed_sending_email'], __FILE__, __LINE__); } } elseif ($user_data['user_actkey'] && $user_data['user_active'] == 'NO' && $user_active == 'YES') { // send activation confirmation email (only once) require 'include/mailer.inc.php'; $template_vars = array('{SITE_LINK}' => $CONFIG['site_url'], '{USER_NAME}' => $user_data['user_name'], '{SITE_NAME}' => $CONFIG['gallery_name']); cpg_mail($user_data['user_email'], sprintf($lang_register_php['notify_user_email_subject'], $CONFIG['gallery_name']), nl2br(strtr($lang_register_php['activated_email'], $template_vars))); } }
echo '</select><br />'; echo 'Комментарий: <br /><textarea cols="25" rows="5" name="text"></textarea><br />'; echo '<input type="submit" value="Продолжить" /></form></div><br />'; break; ############################################################################################ ## Изменение авторитета ## ############################################################################################ ############################################################################################ ## Изменение авторитета ## ############################################################################################ case 'change': $uid = isset($_GET['uid']) ? check($_GET['uid']) : ''; $text = isset($_POST['text']) ? check($_POST['text']) : ''; $vote = empty($_POST['vote']) ? 0 : 1; if ($uid == $_SESSION['token']) { if (utf_strlen($text) >= 3 && utf_strlen($text) <= 250) { ############################################################################################ ## Увеличение авторитета ## ############################################################################################ if ($vote == 1) { $text = antimat($text); DB::run()->query("INSERT INTO `rating` (`rating_user`, `rating_login`, `rating_text`, `rating_vote`, `rating_time`) VALUES (?, ?, ?, ?, ?);", array($log, $uz, $text, 1, SITETIME)); DB::run()->query("DELETE FROM `rating` WHERE `rating_user`=? AND `rating_time` < (SELECT MIN(`rating_time`) FROM (SELECT `rating_time` FROM `rating` WHERE `rating_user`=? ORDER BY `rating_time` DESC LIMIT 20) AS del);", array($log, $log)); DB::run()->query("UPDATE `users` SET `users_newprivat`=`users_newprivat`+1, `users_rating`=CAST(`users_posrating`AS SIGNED)-CAST(`users_negrating`AS SIGNED)+1, `users_posrating`=`users_posrating`+1 WHERE `users_login`=? LIMIT 1;", array($uz)); $uzdata = DB::run()->queryFetch("SELECT `users_rating`, `users_posrating`, `users_negrating` FROM `users` WHERE `users_login`=? LIMIT 1;", array($uz)); // ------------------------------Уведомление по привату------------------------// $textpriv = '<img src="/images/img/thumb-up.gif" alt="plus" /> Пользователь [b]' . nickname($log) . '[/b] поставил вам плюс! (Ваш рейтинг: ' . $uzdata['users_rating'] . ')' . PHP_EOL . 'Комментарий: ' . $text; DB::run()->query("INSERT INTO `inbox` (`inbox_user`, `inbox_author`, `inbox_text`, `inbox_time`) VALUES (?, ?, ?, ?);", array($uz, $log, $textpriv, SITETIME)); echo '<img src="/images/img/open.gif" alt="Плюс" /> Ваш положительный голос за пользователя <b>' . nickname($uz) . '</b> успешно оставлен!<br />'; echo 'В данный момент его авторитет: ' . $uzdata['users_rating'] . '<br />'; echo 'Всего положительных голосов: ' . $uzdata['users_posrating'] . '<br />';