Exemplo n.º 1
0
function fb_content()
{
    //edit by tsikara
    global $registry;
    if ($_SERVER['REQUEST_URI'] == '/com/competition') {
        ?>
    <meta property="fb:app_id" content="966242223397117" />
    <meta property="og:url" content="http://funtime.ge/fotokonkursi" /> 
    <meta property="og:type" content="website" /> 
    <meta property="og:title" content="ფოტოკონკურსი მოყვარული ფოტოგრაფებისათვის" /> 
    <meta property="og:description" content="<p>ფოტოკონკურსი მოყვარული ფოტოგრაფებისათვის</p>" /> 
    <meta property="og:image" content="http://funtime.ge/theme/funtime/images/competition_og.png" /> 
    <?php 
    } else {
        $out = '
         <meta property="fb:app_id" content="1391061841189461" />
         <meta property="og:title" content="' . $registry['title'] . '" />
         <meta property="og:type" content="website" />
         <meta property="og:url" content="' . $registry['url'] . '" />
         <meta property="og:image" content="' . $registry['ogim'] . '" />
         <meta property="og:site_name" content="Funtime.ge"/>
         <meta property="og:description" content="' . PHP_slashes(htmlspecialchars(strip_tags($registry['desc']))) . '"/>';
        return $out;
    }
}
Exemplo n.º 2
0
                }
                ?>
" onkeypress="return makeGeo(this,event);" onkeyup="countSymbols('#title',200)" onpaste="setTimeout(function(){return countSymbols('#title',200);},100)" id="title"  type="text" name="title" value="<?php 
                echo PHP_slashes(htmlspecialchars(strip_tags($_POST['title']))) ? stripslashes(PHP_slashes(htmlspecialchars(strip_tags($_POST['title'])))) : $num['title'];
                ?>
" maxlength="200" />

                            <br><i class="right">200</i></td></tr>
                    <tr><td class="td1">ქვესათაური </td><td><a class="convert" onClick='convertText("#title_short")'>Convert AcadNusx to Sylfaen</a><input class="inputbox" style="margin-top:5px; <?php 
                if ($user->get_property('gid') != 24 && $user->get_property('gid') != 25) {
                    ?>
color:#000 !important;font-size:22px !important;<?php 
                }
                ?>
" onkeypress="return makeGeo(this,event);" onkeyup="countSymbols('#title_short',200)" onpaste="setTimeout(function(){return countSymbols('#title_short',200);},100)" type="text" id="title_short"  name="title_short" value="<?php 
                echo PHP_slashes(htmlspecialchars(strip_tags($_POST['title_short']))) ? stripslashes(PHP_slashes(htmlspecialchars(strip_tags($_POST['title_short'])))) : $num['title_short'];
                ?>
" maxlength="200" /><br><i class="right">200</i></td></tr>
                    <?php 
                if ($user->get_property('gid') == 24 or $user->get_property('gid') == 25) {
                    ?>
                        <tr>
                            <td class="td1">ვიქტორინის მიმაგრება</td>
                            <td>
                                <select name="victo">
                                    <option value="0">--</option>
                                    <?php 
                    foreach ($registry['victo'] as $vic) {
                        ?>
                                        <option value="<?php 
                        echo $vic['id'];
Exemplo n.º 3
0
     $time_hh = 23;
 }
 if ($time_hh < 0) {
     $time_hh = 0;
 }
 if ($time_mm > 59) {
     $time_mm = 59;
 }
 if ($time_mm < 0) {
     $time_mm = 0;
 }
 $date = mktime($time_hh, $time_mm, 0, $date_mm, $date_dd, $date_yy);
 $url = PHP_slashes(htmlspecialchars(strip_tags($_POST['url'])));
 $banner = PHP_slashes(htmlspecialchars(strip_tags($_POST['banner'])));
 $filter_cat = intval($_POST['filter-cat']);
 $title = PHP_slashes(htmlspecialchars(strip_tags($_POST['title'])));
 if (!empty($filter_cat)) {
     if (!empty($banner)) {
         $sum = $DB->getOne("SELECT count(id) FROM #__banners WHERE cat_id='{$filter_cat}'");
         if ($sum < 5) {
             if ($sum > 2) {
                 $bw = 230;
                 $bh = 600;
             } else {
                 $bw = 800;
                 $bh = 100;
             }
             if ($DB->execute("INSERT INTO #__banners (date,url,cat_id,banner,width,height,position) VALUES ('{$date}','{$url}','{$filter_cat}','{$banner}','{$bw}','{$bh}','{$title}')")) {
                 clear_cache();
                 header('location:/apanel/index.php?component=banners');
             }
Exemplo n.º 4
0
                             $read_sql = date('Y-m') . '/' . $name . '.jpg';
                             move_uploaded_file($_FILES['img']['tmp_name'], '../img/uploads/news/read/' . $read_sql);
                             if ($px[0] > $size[0] && $px[1] > $size[1]) {
                                 crop('../img/uploads/news/read/' . $read_sql, $_POST['left'], $_POST['top'], $size[0], $size[1]);
                             }
                             $SQL_IMG = '`img` = "' . $read_sql . '",';
                             $SQL_STYLE = "`style` = '{$style}',";
                         }
                     }
                 }
             }
         }
     }
     $fb_sql = '';
     if (!empty($_POST['fbf']) && $_FILES['fb']['size'] < 0) {
         $fb_sql = PHP_slashes(htmlspecialchars(strip_tags($_POST['fbf'])));
     } else {
         if ($_FILES['fb']['size'] > 0) {
             $px = @GetImageSize($_FILES['fb']['tmp_name']);
             if ($px[0] == 470 && $px[1] == 247) {
                 $rand = rand(100, 99999);
                 $name = time() . '_' . $rand;
                 $fb_sql = date('Y-m') . '/' . $name . '.jpg';
                 $imgdir = '../img/uploads/news/fb/' . $fb_sql;
                 move_uploaded_file($_FILES['fb']['tmp_name'], $imgdir);
             } else {
                 $error[0] = "Facebook ფოტოს ზომა: 470x247";
             }
         }
     }
 }
Exemplo n.º 5
0
<?php

/**
 *
 * CMS osRealty 2.1.x
 * Autor: Roman Chernyshov
 * E-mail: support@osRealty.ru
 * URL: www.osRealty.ru
 *
 */
defined('_JEXEC') or die('Restricted access');
$err = '';
if ($_POST['add'] == 1) {
    if (!empty($_POST['alert']) and email_check($_POST['email'])) {
        $text = PHP_slashes(htmlspecialchars(markhtml($_POST['alert'])));
        $email = htmlspecialchars($_POST['email']);
        $idd = intval($_POST['idd']);
        $sql = "INSERT INTO `#__alert` (`fore`, `text`, `email`) VALUES \r\n\t\t\t('{$idd}','{$text}','{$email}')";
        $DB->execute($sql);
        $err = 'oke';
    } else {
        $err = 'pub1';
    }
}
?>
<div class="fore-old-call">
<img src="/<?php 
echo $theme;
?>
images/alert.png" width="279" height="22" border="0" alt="Пожаловаться на прогноз" title="Пожаловаться на прогноз"/>
<div class="border"></div>
Exemplo n.º 6
0
                         $file_unique = $_SERVER['DOCUMENT_ROOT'].'/cache/ip/'.$date.'/unique_visitors';
        
                         $current = file_get_contents($file_unique);
                         $cr = explode(',',$current);
                         if(count($cr) > 0){
                             if(strpos($current,getIP()."|".$registry["post"][0]["id"]."|".$registry['post'][0]['cat']."|".$registry['post'][0]['user']."|".$date) == false){
                                 $current = $current . getIP()."|".$registry["post"][0]["id"]."|".$registry['post'][0]['cat']."|".$registry['post'][0]['user']."|".$date.",";
                                 file_put_contents($file_unique, $current);
                             }
                         }
                     }
        
                        //$check_visitor = $DB->getOne('SELECT id FROM #__unique_visitors WHERE news_id="'.$registry["post"][0]["id"].'" and ip="'.getIP().'" and date="'.$date.'"');
        
                         $DB->execute('INSERT INTO #__unique_visitors (news_id,cat,user,ip,date) VALUES ("'.$registry["post"][0]["id"].'","'.$registry['post'][0]['cat'].'","'.$registry['post'][0]['user'].'","'.getIP().'","'.$date.'")');
                      }*/
        if (!file_exists($_SERVER['DOCUMENT_ROOT'] . '/cache/ip/' . $date . '/' . getIP() . '-' . $registry["post"][0]["id"])) {
            $DB->execute('INSERT INTO #__unique_visitors (news_id,cat,user,ip,date) VALUES ("' . $registry["post"][0]["id"] . '","' . $registry['post'][0]['cat'] . '","' . $registry['post'][0]['user'] . '","' . getIP() . '","' . $date . '")');
        }
        $check_visitor = getOnecache('SELECT id FROM #__unique_visitors WHERE news_id="' . $registry["post"][0]["id"] . '" and ip="' . getIP() . '" and date="' . $date . '"', 86400, 'ip/' . $date . '/' . getIP() . '-' . $registry["post"][0]["id"]);
    }
}
if (isset($_GET['dcat'])) {
    $registry['doctype'] = 'category';
    $title = PHP_slashes(htmlspecialchars(strip_tags($_GET['dcat'])));
    $registry['posts'] = getAllcache('SELECT #__news.*,#__category.name,#__users.realname,#__category.cat_chpu,#__category.id as cat_id FROM #__news
                                         LEFT JOIN #__category ON #__category.id = #__news.cat
                                         LEFT JOIN #__users ON #__users.id = #__news.user
                                         WHERE #__category.cat_chpu = "' . $title . '" and #__category.section = "post" and #__news.moderate=1 and #__news.date <= ' . $time . ' order by #__news.date DESC LIMIT 14', 600, $_GET['dcat']);
    $registry['title'] = $registry['posts'][0]['name'];
}
Exemplo n.º 7
0
<?php

/**
 *
 * CMS It-Solutions 0.1
 * Author: Vati Child
 * E-mail: vatia0@gmail.com
 * URL: www.it-solutions.ge
 *
 */
unset($message);
if ((isset($_POST['add']) or isset($_POST['edit'])) and get_access('admin', 'alert', 'edit', false)) {
    $status = intval($_POST['status']);
    $id = intval($_POST['id']);
    $phone = PHP_slashes(htmlspecialchars(strip_tags($_POST['phone'])));
    $fio = PHP_slashes(htmlspecialchars(strip_tags($_POST['fio'])));
    $date_dd1 = intval($_POST['date_dd1']);
    $date_mm1 = intval($_POST['date_mm1']);
    $date_yy1 = intval($_POST['date_yy1']);
    $date_dd2 = intval($_POST['date_dd2']);
    $date_mm2 = intval($_POST['date_mm2']);
    $date_yy2 = intval($_POST['date_yy2']);
    if ($date_dd1 > 31) {
        $date_dd1 = 31;
    }
    if ($date_dd1 < 1) {
        $date_dd1 = 1;
    }
    if ($date_mm1 > 12) {
        $date_mm1 = 12;
    }
Exemplo n.º 8
0
            $numm = $DB->getOne("SELECT `num` FROM `#__profile` ORDER BY `num` DESC") + 1;
        }
        $DB->execute("INSERT INTO `#__profile` (`desc` ,`type`,`num`) \r\n\t\t\t\t\tVALUES ('" . PHP_slashes(htmlspecialchars($_POST['desc'])) . "','{$typet}','" . $numm . "');");
        $massage = 'Новое поле успешно добавлено ';
    }
    if (!empty($_GET['delete'])) {
        $DB->execute("DELETE FROM `#__profile` WHERE `#__profile`.`id` =" . intval($_GET['delete']));
        $message = 'Запись удалена';
        header("Location: ?component=profile");
    }
    if (!empty($_GET['edit'])) {
        $anket = $DB->getAll("SELECT * FROM #__profile WHERE id=" . intval($_GET['edit']));
    }
    if ($_POST['event'] == 'update' and intval($_POST['id']) > 0) {
        //$registry->set('error','Запись успешно обновлена');
        $DB->execute("UPDATE `#__profile` SET `desc` = '" . PHP_slashes(htmlspecialchars($_POST['desc'])) . "', \r\n\t\t\t\t\t\t   `num` = '" . intval($_POST['num']) . "'\r\n\t\t\t\t\tWHERE `#__profile`.`id` = '" . intval($_POST['id']) . "' LIMIT 1 ;");
        header("Location: ?component=profile");
    }
    if (empty($_GET['edit'])) {
        $profile = $DB->getAll("SELECT * FROM #__profile ORDER BY num ASC");
        $count = 0;
        foreach ($profile as $val) {
            $count++;
            $type = explode('|', $val['type']);
            if ($type[0] == 'input') {
                $form[] = '<input type="text" name="profile[' . $val['id'] . ']" value="' . $value . '" />';
            }
            if ($type[0] == 'textarea') {
                $form[] = ' <script type="text/javascript">
				  WYSIWYG.attach(\'' . $count . 'textar\', prof); // default setup
				  </script><textarea id="' . $count . 'textar" name="profile[' . $val['id'] . ']">' . $value . '</textarea>';
Exemplo n.º 9
0
<?php

/**
 *
 * CMS osRealty 2.1.x
 * Autor: Roman Chernyshov
 * E-mail: support@osRealty.ru
 * URL: www.osRealty.ru
 *
 */
defined('_JEXEC') or die('Restricted access');
if (!empty($_GET['dcat'])) {
    $where = 'WHERE `#__category`.`cat_chpu`=\'' . PHP_slashes(htmlspecialchars($_GET['dcat'])) . '\'';
} else {
    $where = '';
}
$news = $DB->getAll('SELECT `#__news`.*, `#__category`.`name`, `#__category`.`cat_chpu` FROM `#__news` LEFT JOIN `#__category` ON `#__news`.`cat`=`#__category`.`id`
			' . $where . ' ORDER BY `#__news`.`date` DESC LIMIT 10');
if (count($news) == 0) {
    header("Location: /");
}
$config['domen'] = $_SERVER['HTTP_HOST'];
$config['site_title'] = $DB->getOne('SELECT `#__setting`.`value` FROM `#__setting` WHERE `#__setting`.`name`=\'site_title\' LIMIT 1');
$rss = new rss('utf-8');
$rss->channel('RSS - ' . $news[0]['name'], 'http://' . $config['domen'], $config['site_title']);
$rss->language('ru-RU');
$rss->copyright('Copyright by ' . $config['domen'] . ' ' . date('Y'));
$rss->managingEditor('support@' . str_replace('www.', '', $config['domen']));
$rss->category($news[0]['name']);
$rss->startRSS();
foreach ($news as $ne) {
Exemplo n.º 10
0
<?php

/**
 *
 * CMS osRealty 2.1.x
 * Autor: Roman Chernyshov
 * E-mail: support@osRealty.ru
 * URL: www.osRealty.ru
 *
 */
defined('_JEXEC') or die('Restricted access');
if ($user->get_property('userID') == 1 or $user->get_property('gid') == 25) {
    if ($_POST['update'] == 1) {
        if ($err == 0) {
            foreach ($_POST as $key => $val) {
                $key = PHP_slashes($key);
                $sql = "UPDATE `#__setting` SET `value` = '" . PHP_slashes(htmlspecialchars($val)) . "' WHERE `name`='{$key}' LIMIT 1; ";
                $DB->execute($sql);
            }
            $message[0] = 'valid';
            $message[1] = 'Настройки сайта успешно обновлены';
            @unlink('../cache/registry');
        }
    }
    $sql = "SELECT `#__setting`.* FROM `#__setting`";
    $tmp_registry = $DB->getAll($sql);
    foreach ($tmp_registry as $tmp) {
        $registry[$tmp['name']] = $tmp['value'];
    }
}
Exemplo n.º 11
0
<?php

defined('_JEXEC') or die('Restricted access');
if ($user->get_property('userID') == 1 or $user->get_property('gid') >= 22) {
    if (!empty($_GET['delete'])) {
        $sql = "DELETE FROM `#__status` WHERE `#__status`.`id` = " . intval($_GET['delete']) . " LIMIT 1";
        $DB->execute($sql);
        $t = 3;
        header('location: ?component=status&status=error&t=' . $t);
    }
    if ($_POST['update'] == 1 or $_POST['add'] == 1) {
        if ($err == 0) {
            $cat = intval($_POST['cat']);
            $text = PHP_slashes($_POST['textarea1']);
            $date = time();
            if ($_POST['update'] == 1) {
                $sql = "UPDATE `#__status` SET \n\t\t\t\t`text` = '{$text}',\n\t\t\t\t`cat`='{$cat}'\n\t\t\t\tWHERE `id`='" . intval($_POST['id']) . "' LIMIT 1; ";
                $DB->execute($sql);
                $t = 2;
            }
            if ($_POST['add'] == 1) {
                $sql = "INSERT INTO `#__status` (`id` ,`user`, `cat`, `text`, `rate`,`date`) VALUES \n\t\t\t\t('', '" . $user->get_property('userID') . "','{$cat}','{$text}','0','{$date}')";
                $DB->execute($sql);
                $t = 1;
            }
            header('Location: index.php?component=status&status=valid&t=' . $t);
        }
    }
    $filter_p = '';
    if ((!empty($_POST['filter-cat']) or !empty($_COOKIE['filter-cat'])) and $_POST['filter-cat'] !== 'none') {
        if (!empty($_POST['filter-cat'])) {
Exemplo n.º 12
0
 function addStar($args = array())
 {
     if ($args['user'] == 11 && $args['id'] == 4863) {
         die;
     }
     $ip = ip2long(getIP());
     $br = get_browser(null, true);
     $br['http_referer'] = PHP_slashes(htmlspecialchars(strip_tags($args['ref'])));
     if (empty($br['http_referer'])) {
         die;
     }
     $browser = base64_encode(serialize($br));
     if ($this->get_country_code() == 'GE') {
         if ($ip > 0 && $args['star'] > 0 && $args['user'] > 0 && $args['id'] > 0) {
             $expire = time() + 3600 * 24 * 10;
             $check = $this->DB->getOne("SELECT id FROM osr_news_gallery_votes WHERE news_id='" . $args['id'] . "' and uid='" . $args['user'] . "' and (ip='" . ip2long(getIP()) . "' or cookie='" . bigintval($_COOKIE["guestv_" . $args["id"] . "_" . $args['user']]) . "')");
             if (!$check && $check <= 0) {
                 setcookie("guestv_" . $args["id"] . "_" . $args['user'], '1' . $ip . $args['user'] . $args['star'], $expire, '/');
                 if ($this->DB->execute("INSERT INTO osr_news_gallery_votes (news_id,uid,browser,star,ip,cookie) VALUES ('" . intval($args["id"]) . "','" . intval($args["user"]) . "','" . $browser . "','" . intval($args["star"]) . "','" . $ip . "','1" . $ip . $args['user'] . $args['star'] . "')")) {
                     echo $args['star'];
                 } else {
                     echo 0;
                 }
             } else {
                 echo 0;
             }
             //echo $ip.",".$args['star'].",".$args['user'].",".$args['id'].",".$args['cid'];
         }
     }
     die;
 }
Exemplo n.º 13
0
<?php

/**
 *
 * CMS It-Solutions 0.1
 * Author: Vati Child
 * E-mail: vatia0@gmail.com
 * URL: www.it-solutions.ge
 *
 */
defined('_JEXEC') or die('Restricted access');
if ($_POST['submit']) {
    $name = PHP_slashes(htmlspecialchars(strip_tags($_POST['name'])));
    if ($_FILES['img']['size'] > 0) {
        $filename = time();
        $path = save_image_on_server($_FILES['img'], '../img/uploads/styles/', $registry['img']);
        $DB->execute('INSERT INTO #__news_style (name,img) VALUES ("' . $name . '","' . $path[1] . '")');
    }
}
Exemplo n.º 14
0
<?php

/**
 * Created by IT-SOLUTIONS.
 * IS CMS
 * User: Vati Child
 * Date: 3/7/15
 * Time: 11:09 PM
 */
defined('_JEXEC') or die;
if (get_access('admin', 'contact', 'edit', false)) {
    if ($_POST['save']) {
        $address_ge = PHP_slashes(htmlspecialchars(strip_tags($_POST['address_ge'])));
        $reclam = PHP_slashes(htmlspecialchars(strip_tags($_POST['reclam'])));
        $phone1 = PHP_slashes(htmlspecialchars(strip_tags($_POST['phone1'])));
        $phone2 = PHP_slashes(htmlspecialchars(strip_tags($_POST['phone2'])));
        $email = PHP_slashes(htmlspecialchars(strip_tags($_POST['email'])));
        $coords = PHP_slashes(htmlspecialchars(strip_tags($_POST['coords'])));
        if ($DB->execute("UPDATE #__contact SET address_ge='{$address_ge}',reclam='{$reclam}',phone1='{$phone1}',phone2='{$phone2}',email='{$email}',coords='{$coords}' WHERE id=1")) {
            header('location:/apanel/index.php?component=contact');
        }
    }
    $registry['contact'] = $DB->getAll("SELECT * FROM #__contact WHERE id=1");
}
Exemplo n.º 15
0
if (get_access('admin', 'comments', 'del', false)) {
    if (!empty($_GET['delete'])) {
        $sql = "DELETE FROM `#__comments` WHERE `#__comments`.`id` = " . intval($_GET['delete']) . " LIMIT 1";
        $DB->execute($sql);
        $t = 3;
        header('location: ?component=comment&status=error&t=' . $t);
    }
}
if (get_access('admin', 'comments', 'edit', false)) {
    if ($_POST['update'] == 1 or $_POST['add'] == 1) {
        if ($_POST['message'] == '') {
            $err = 8;
            $message = 'Комментарий не может быть пустым';
        }
        if ($err == 0) {
            $message = PHP_slashes(htmlspecialchars(strip_tags($_POST['message'])));
            if ($_POST['update'] == 1) {
                $sql = "UPDATE `#__comments` SET \r\n\t\t\t\t`message` = '{$message}'\r\n\t\t\t\tWHERE `id`='" . intval($_POST['id']) . "' LIMIT 1; ";
                $DB->execute($sql);
                $t = 2;
            }
            header('Location: index.php?component=comment&status=valid&t=' . $t);
        }
    }
}
if (get_access('admin', 'comments', 'view', false)) {
    $filter_p = '';
    if ((!empty($_POST['filter-cat']) or !empty($_COOKIE['filter-cat'])) and $_POST['filter-cat'] !== 'none') {
        if (!empty($_POST['filter-cat'])) {
            $val = intval($_POST['filter-cat']);
            setcookie('filter-cat', $val, time() + 36000, '/');
Exemplo n.º 16
0
 $size_y = intval($_POST['size_y']);
 $desc = PHP_slashes(htmlspecialchars(strip_tags($_POST['description'])));
 $validator = validator(['company', 'info|person', 'info|phone', 'cat', 'title', 'contact_at'], ['კომპანიის დასახელება', 'საკონტაქტო პირი', 'ტელეფონის ნომერი', 'რუბრიკის დასახელება', 'საბანერო ადგილი', 'დაკავშირების თარიღი']);
 if (count($validator) <= 0) {
     if ($_POST['add']) {
         if ($_POST['info_num'] > 0) {
             $info_num = array();
             $err = array(0, 0, 0);
             for ($i = 1; $i <= $_POST['info_num']; $i++) {
                 $info_num['cat'] = intval($_POST['cat_' . $i]);
                 $info_num['title'] = PHP_slashes(htmlspecialchars(strip_tags($_POST['title_' . $i])));
                 $info_num['contact_at'] = PHP_slashes(htmlspecialchars(strip_tags($_POST['contact_at_' . $i])));
                 $info_num['contact_at'] = dateFormat($info_num['contact_at'], 'd/m/Y');
                 $info_num['size_x'] = intval($_POST['size_x_' . $i]);
                 $info_num['size_y'] = intval($_POST['size_y_' . $i]);
                 $info_num['desc'] = PHP_slashes(htmlspecialchars(strip_tags($_POST['description_' . $i])));
                 $info_num['other'] = intval($_POST['other_' . $i]);
                 if ($info_num['other'] > 0) {
                     $validator = validator(['cat_' . $i, 'contact_at_' . $i], ['რუბრიკის დასახელება (ბლოკი ' . ($i + 1) . ')', 'დაკავშირების თარიღი (ბლოკი ' . ($i + 1) . ')']);
                     if (count($validator) <= 0) {
                         $DB->execute("INSERT INTO `#__banner_orders` (cat_id,description,company,info,contact_at,other) VALUES ('" . $info_num['cat'] . "','" . $info_num['desc'] . "','{$company}','{$info}','" . $info_num['contact_at'] . "','1')");
                         $arr[$i] = 0;
                     } else {
                         $arr[$i] = 1;
                         $message[0] = 'error';
                         $message[1] = 'თქვენ გამოგრჩათ რუბრიკა, დაკავშირების თარიღი ' . ($i + 1) . ' ბლოკში (სხვა შეთავაზება)';
                     }
                 } else {
                     $validator = validator(['cat_' . $i, 'title_' . $i, 'contact_at_' . $i], ['რუბრიკის დასახელება (ბლოკი ' . ($i + 1) . ')', 'საბანერო ადგილი (ბლოკი ' . ($i + 1) . ')', 'დაკავშირების თარიღი (ბლოკი ' . ($i + 1) . ')']);
                     if (count($validator) <= 0) {
                         $DB->execute("INSERT INTO `#__banner_orders` (cat_id,title,description,company,size_x,size_y,info,contact_at) VALUES ('" . $info_num['cat'] . "','" . $info_num['title'] . "','" . $info_num['desc'] . "','{$company}','" . $info_num['size_x'] . "','" . $info_num['size_y'] . "','{$info}','" . $info_num['contact_at'] . "')");
Exemplo n.º 17
0
 function saveComments()
 {
     $name = trim(strip_tags($_POST['nameComment']));
     $email = trim($_POST['emailComment']);
     $text = PHP_slashes(htmlspecialchars(markhtml(trim(rawurldecode($_POST['textComment'])))));
     $post_url = htmlspecialchars(trim($_POST['posturlComment']));
     $urlOpen = htmlspecialchars(trim($_POST['posturlOpenComment']));
     $error = false;
     $login = intval($_POST['loginComment']);
     $replyComment = intval($_POST['replyComment']);
     $cap = $_POST['nameCommentCap'];
     if ($this->capcha) {
         if ($_SESSION['captha_text'] != $_POST['capcha']) {
             echo 'ERR5';
             exit;
         }
     }
     if ($login == 1) {
         $persona = intval($_POST['personaComment']);
         $checked = htmlspecialchars(trim($_POST['checkedComment']));
         if ($persona > 0 and $checked > '') {
             $sql = "SELECT rche_users.* FROM rche_users\n\t\t\t\tWHERE rche_users.userID='{$persona}' LIMIT 1";
             $user = $this->registry['DB']->getAll($sql);
             if (md5($user[0]['password'] . $this->key) == $checked) {
                 $this->login = true;
                 $this->user = $user[0];
             }
         } else {
             echo 'ERR4';
             exit;
         }
     }
     if (!$this->login) {
         if (strlen($name) < 3) {
             $error = true;
             $msg = 1;
         }
         if (!$this->emailCheck($email) or strlen($name) > 100) {
             $error = true;
             $msg = 2;
         }
         $img = 'images/boy48.gif';
     } else {
         $img = $this->user['photo'];
         $im = explode('/', $img);
         $img = '/images/' . $this->user['userID'] . '/48/48/1/' . $im['4'];
         $name = $this->user['username'];
         $user = $this->user['userid'];
     }
     if (strlen($text) == 0) {
         $error = true;
         $msg = 3;
     }
     if (strlen($post_url) > 50 or strlen($post_url) < 10) {
         $error = true;
         $msg = 4;
     }
     if ($error) {
         echo 'ERR' . $msg;
         exit;
     }
     $pass = $this->generate_password(8);
     $date = $this->get_Date();
     $time = time();
     if ($cap == '') {
         $sql = "INSERT INTO {$this->prefix}{$this->table} (`reply`,`user`,`name`,`email`,`comment`,`date`,`url`,`pass`,`urlOpen`)\n\t\t\tVALUE ('{$replyComment}','{$this->user['userID']}','{$name}','{$email}','{$text}','{$time}','{$post_url}','{$pass}','{$urlOpen}')";
         $this->registry['DB']->execute($sql);
     }
     $lastId = $this->registry['DB']->id;
     setcookie('comment' . $lastId, $pass, $time + 120, '/');
     if (intval($_POST['noAjax']) != 1) {
         echo $this->itemComments($name, $date, html_entity_decode($text), $img, $lastId, true, $user);
         exit;
     }
 }
Exemplo n.º 18
0
                             $SQL_PHOTO = " `photo` = '{$path}', ";
                         } else {
                             $message = 'Ошибка: неудалось загрузить фото на сервер. Код: 0197838';
                         }
                     } else {
                         $err = 4;
                         $message = "Ошибка: Разрешение фото не может превышать: {$max_image_width} x {$max_image_height}";
                     }
                 }
             } else {
                 $SQL_PHOTO = '';
             }
         }
         $profile = $_POST['profile'];
         foreach ($profile as $key => $val) {
             $save_data[$key] = PHP_slashes(htmlspecialchars($val));
         }
         $profile = serialize($save_data);
         $sql = "UPDATE `#__users` SET\r\n\t\t`family` = '" . $_POST['fam'] . "', \r\n\t\t`name` = '" . $_POST['name'] . "',\r\n\t\t`name_two` = '" . $_POST['sr'] . "', \r\n\t\t{$SQL_PWD} {$SQL_PHOTO} \r\n\t\t`wm` = '" . $_POST['wm'] . "', \r\n\t\t`desc` = '" . htmlspecialchars($_POST['desc']) . "',\r\n\t\t`profile` = '" . $profile . "'\r\n\t \tWHERE `id` ='" . $user->get_property('userID') . "' LIMIT 1 ;";
         $DB->execute($sql);
         $message = 'Данные профиля успешно обновлены';
     }
 }
 $all = $DB->getAll('SELECT * FROM #__users WHERE userID=' . $user->get_property('userID'));
 $profile = $DB->getAll("SELECT * FROM #__profile ORDER BY num ASC");
 $profile_val = $all[0]['profile'];
 $profile_val = unserialize($profile_val);
 foreach ($profile as $val) {
     $type = explode('|', $val['type']);
     if ($type[0] == 'input') {
         $form[] = '<input class="inputbox" type="text" name="profile[' . $val['id'] . ']" value="' . $profile_val[$val['id']] . '" />';
Exemplo n.º 19
0
                    }
                }
            } else {
                $message[0] = 'error';
                $message[1] = 'ბანერის განთავსების ვადა არასწორია!';
            }
        } else {
            $message[0] = 'error';
        }
    }
}
if ($_GET['section'] == 'ajax') {
    if ($_POST['action'] == 'get_positions') {
        $time = time();
        if (isset($_POST['edit']) && $_POST['edit'] == 1) {
            $edit_sql = " title='" . PHP_slashes(htmlspecialchars(strip_tags($_POST['title']))) . "')";
        }
        $last_options = array();
        $positions = $DB->getAll("SELECT title,id,finished_at FROM #__banner_place WHERE cat_id='" . intval($_POST['id']) . "' GROUP by title order by title ASC");
        if (count($positions) > 0) {
            foreach ($positions as $item) {
                $new_options[$item['title']]['title'] = $item['title'];
                $new_options[$item['title']]['id'] = $item['id'];
            }
            $i = 0;
            foreach ($new_options as $item) {
                $last_options[$i]['title'] = $item['title'];
                $last_options[$i]['id'] = $item['id'];
                $i++;
            }
        }
Exemplo n.º 20
0
 }
 if ($_POST['add'] == 1 or $_POST['update'] == 1) {
     $id = intval($_POST['id']);
     $block = intval($_POST['block']);
     $linktype = intval($_POST['linktype']);
     $show = intval($_POST['show']);
     if ($linktype == 1) {
         $ankor = PHP_slashes(htmlspecialchars(strip_tags($_POST['ankor'])));
     }
     if ($linktype == 1 or $linktype == 2) {
         $url = PHP_slashes(htmlspecialchars(strip_tags($_POST['url'])));
         $noindex = intval($_POST['noindex']);
         $nofollow = intval($_POST['nofollow']);
     }
     if ($linktype == 3) {
         $ankor = PHP_slashes($_POST['html']);
     }
     if ($linktype == 2) {
         if ($_FILES["photo"]["size"] > 0) {
             $imgpath = save_image_on_server($_FILES["photo"], '../img/uploads/banner/', $registry['img']);
             if (!empty($imgpath[1])) {
                 $path = $imgpath[1];
                 //str_replace('../','',$imgpath[1]).'|';
                 if ($_POST['update'] == 1) {
                     $SQL_PHOTO = " `photo` = '{$path}', ";
                 }
                 if ($_POST['add'] == 1) {
                     $SQL_PHOTO = $path;
                 }
             }
         }
Exemplo n.º 21
0
                $DB->execute($sql);
                $lastid = $DB->id;
            }
            if (isset($_POST['edit'])) {
                $sql = "SELECT * FROM #__menu WHERE `id`<>'{$id}' and `comand` LIKE '{$comand}%' ORDER BY id DESC LIMIT 1";
                $test = $DB->getAll($sql);
                if (count($test) > 0) {
                    $comand = $comand . ($test[0]['id'] + 1);
                }
                $sql = "UPDATE #__menu SET `name`='{$name}',`comand`='{$comand}' WHERE `id`='{$id}' LIMIT 1";
                $DB->execute($sql);
                $lastid = $id;
            }
            foreach ($item as $it) {
                $it['ankor'] = PHP_slashes(strip_tags($it['ankor']));
                $it['url'] = PHP_slashes(strip_tags($it['url']));
                $it['pos'] = intval($it['pos']);
                $it['id'] = intval($it['id']);
                if ($it['id'] > 0) {
                    $sql = "UPDATE #__menu_link SET \r\n\t\t\t\t\t`ankor`='{$it['ankor']}',\r\n\t\t\t\t\t`url`='{$it['url']}',\r\n\t\t\t\t\t`pos`='{$it['pos']}'\r\n\t\t\t\t\t WHERE `id`='{$it['id']}' and `menuid`='{$lastid}' LIMIT 1";
                } else {
                    $sql = "INSERT INTO #__menu_link (`menuid`,`ankor`,`url`,`pos`) \r\n\t\t\t\t\tVALUE ('{$lastid}','{$it['ankor']}','{$it['url']}','{$it['pos']}')";
                }
                $DB->execute($sql);
            }
            $message[0] = 'valid';
            $message[1] = "Новое меню успешно добавлено";
        }
    }
}
if (get_access('admin', 'tools', 'del', false)) {
Exemplo n.º 22
0
 if (!empty($_POST['options']) or !empty($_COOKIE['options'])) {
     if (!empty($_POST['options'])) {
         $sql_order = PHP_slashes(htmlspecialchars(strip_tags($_POST['options'])));
         setcookie('options', $sql_order, time() + 36000, '/');
     } else {
         $sql_order = PHP_slashes(htmlspecialchars(strip_tags($_COOKIE['options'])));
     }
 } else {
     $sql_order = 'views';
 }
 if ((!empty($_POST['sort']) or !empty($_COOKIE['sort'])) and $_POST['sort'] !== 0) {
     if (!empty($_POST['sort'])) {
         $sql_sort = PHP_slashes(htmlspecialchars(strip_tags($_POST['sort'])));
         setcookie('sort', $sql_sort, time() + 36000, '/');
     } else {
         $sql_sort = PHP_slashes(htmlspecialchars(strip_tags($_COOKIE['sort'])));
     }
 } else {
     $sql_sort = 'desc';
 }
 if ($user->get_property('gid') == 21) {
     $redaqtor2 = ' and #__category.id = 116';
     $rcache = '-redactor';
 }
 if (intval($_GET['author']) > 0) {
     $sql_author = 'and `#__news`.`user`="' . intval($_GET['author']) . '"';
     $link = '&author=' . intval($_GET['author']);
 }
 if (intval($_GET['cat']) > 0) {
     $sql_author = 'and `#__news`.`cat`=' . intval($_GET['cat']);
     $link = '&cat=' . intval($_GET['cat']);
Exemplo n.º 23
0
 }
 if (empty($style) && $operation != 2) {
     if ($_POST['cat_type'] <= 0) {
         $error[0] = "გთხოვთ აირჩიოთ დიზაინი";
     }
 } else {
     if ($_POST['style'] == 100) {
         $size = array(0 => 695, 1 => 445);
         $sizex = '695x445';
     } else {
         $sizex = $DB->getOne("SELECT size FROM #__news_style WHERE id='" . $style . "'");
         $size = explode('x', $sizex);
     }
     $SQL_STYLE = "`style` = '{$style}',";
     if (!empty($_POST['desimg']) && $_FILES['img']['size'] <= 0 && $_POST['imgsz'] == $sizex) {
         $img = PHP_slashes(htmlspecialchars(strip_tags($_POST['desimg'])));
         $SQL_IMG = '`img` = "' . $img . '",';
     } else {
         if ($style != 12) {
             if ($_FILES['img']['size'] > 0) {
                 $px = @GetImageSize($_FILES['img']['tmp_name']);
                 if ($px[0] >= $size[0] && $px[1] >= $size[1]) {
                     if ($_FILES['img']['type'] == 'image/jpeg' or $_FILES['img']['type'] == 'image/gif' or $_FILES['img']['type'] == 'image/png') {
                         $rand = rand(100, 99999);
                         $name = time() . '_' . $rand;
                         $read_sql = date('Y-m') . '/' . $name . '.jpg';
                         move_uploaded_file($_FILES['img']['tmp_name'], '../img/uploads/news/read/' . $read_sql);
                         if ($px[0] > $size[0] && $px[1] > $size[1]) {
                             crop('../img/uploads/news/read/' . $read_sql, $_POST['left'], $_POST['top'], $size[0], $size[1]);
                         }
                         $SQL_IMG = '`img` = "' . $read_sql . '",';
Exemplo n.º 24
0
     $friends = intval($_POST['friends2']);
     $where = "`punbb_users`.`id`='{$friends}'";
 }
 if ($recipient == 3) {
     $friends = PHP_slashes(htmlspecialchars($_POST['friends3']));
     $where = "`#__users`.`username`='{$friends}'";
 }
 if ($err == 0) {
     $test_user = $DB->getAll('SELECT `#__users`.`id` as `userID`,`#__users`.`username`,`#__users`.`email` FROM `#__users` WHERE ' . $where);
     if (count($test_user) == 0 or count($test_user) > 1) {
         $err = 1;
         $message = "Ошибка: Вы указали несуществующего получателя";
     }
     if ($err == 0) {
         $subject = PHP_slashes(utf8_substr(htmlspecialchars(strip_tags($_POST['title'])), 0, 250));
         $mess = PHP_slashes(utf8_substr(htmlspecialchars(markhtml($_POST['textarea1'])), 0, 2000));
         if (empty($subject)) {
             $err = 1;
             $message = "Ошибка: Вы не указали тему сообщения";
         }
         if (empty($mess)) {
             $err = 1;
             $message = "Ошибка: Вы не указали текс сообщения";
         }
         if ($err == 0) {
             $sql = "\tINSERT INTO `#__message` (`from`, `to`, `date`,`subject`,`message`,`view`,`tresh`) \r\n\t\t\t\t\tVALUES ('" . $user->get_property('userID') . "', '" . $test_user[0]['userID'] . "','" . time() . "',\r\n\t\t\t\t\t\t'{$subject}','{$mess}','0','0')";
             $DB->execute($sql);
             $message = "Ваше сообщение успешно отправлено пользователю " . $test_user[0]['username'];
             $sql = "SELECT LAST_INSERT_ID()";
             $last_id = $DB->getOne($sql);
             $emailsup = $DB->getOne('SELECT `#__setting`.`value` 
Exemplo n.º 25
0
        }
        if ($date_yy < 2011) {
            $date_yy = 2011;
        }
        $time_hh = intval($_POST['time_hh']);
        $time_mm = intval($_POST['time_mm']);
        if ($time_hh > 23) {
            $time_hh = 23;
        }
        if ($time_hh < 0) {
            $time_hh = 0;
        }
        if ($time_mm > 59) {
            $time_mm = 59;
        }
        if ($time_mm < 0) {
            $time_mm = 0;
        }
        $date = mktime($time_hh, $time_mm, 0, $date_mm, $date_dd, $date_yy);
        $url = PHP_slashes(htmlspecialchars(strip_tags($_POST['url'])));
        $banner = PHP_slashes(htmlspecialchars(strip_tags($_POST['banner'])));
        $id = intval($_POST['id']);
        if (!empty($banner) or !empty($url)) {
            $DB->execute("UPDATE #__banners SET date='{$date}',url='{$url}',banner='{$banner}' WHERE id='{$id}' ");
            header('location:/apanel/index.php?component=banners&section=edit&edit=' . $id . '&message=1');
        } else {
            $message[0] = "error";
            $message[1] = "გთხოვთ აირჩიოთ ბანერი ან ჩაწეროთ ბმული.";
        }
    }
}
Exemplo n.º 26
0
                         }
                     } else {
                         $message[0] = 'error';
                         $message[1] = "Ошибка: Разрешение фото не может превышать: {$registry['img']['max_image_width']} x {$registry['img']['max_image_height']}";
                     }
                 }
             }
         }
         $profile = serialize($save_data);
         $title = PHP_slashes(htmlspecialchars($_POST['title']));
         $realname = PHP_slashes(htmlspecialchars($_POST['realname']));
         $icq = PHP_slashes(htmlspecialchars($_POST['icq']));
         $url = PHP_slashes(htmlspecialchars($_POST['url']));
         $vip = intval($_POST['vip']);
         $email = PHP_slashes(htmlspecialchars($_POST['email']));
         $phone = PHP_slashes(htmlspecialchars($_POST['phone']));
         $DB->execute("UPDATE `#__users` SET \n\t\t`realname` = '{$realname}', \n\t\t`title` = '{$title}', \n\t\t`url` = '{$url}', \n\t\t`icq` = '{$icq}',\n\t\t`email` = '{$email}',\n\t\t`phone` = '{$phone}',\n\t\t`vip` = '{$vip}'\n\t\tWHERE `id` =" . $idd . " LIMIT 1 ;");
         $message[0] = 'valid';
         if (!empty($message[1])) {
             $message[1] .= '<br/>';
         }
         $message[1] .= 'Данные профиля "<b>' . $upd[0]['username'] . '"</b> успешно обновлены';
     }
 }
 if (!empty($_GET['edit'])) {
     $profile = $DB->getAll("SELECT * FROM #__profile ORDER BY num ASC");
     $profile_val = $DB->getOne("SELECT profile FROM #__users WHERE id=" . intval($_GET['edit']));
     $profile_val = unserialize($profile_val);
     foreach ($profile as $val) {
         $type = explode('|', $val['type']);
         if ($type[0] == 'input') {
Exemplo n.º 27
0
	  
	  if($xxmmll=="") $xxmmll = time().".xml";
	  
      file_put_contents(plugin_dir_path(__FILE__)."/../xml/".$xxmmll, PHP_slashes($xml, "strip"));
	  
	  mysql_query("update `".$table."` set `title` = '".$ptitle."', `description` = '".$description."', `url` = '".$url."', `size` = '".$size."', `xml` = '".$xxmmll."', `sandbox`='1', `width`='".$width."', `height`='".$height."', `logo`='".$logo."', `playlistmod`='".$playlistmod."', `autoNext`='".$autoNext."', `shuffle`='".$shuffle."', `loop`='".$loop."', `scrollMode`='".$scrollMode."', `theme`='".$theme."', `adddate` = now() where id = '".$docdata['id']."' ");
	  
	  $iiid = $docdata['id'];
	
	}
	else
	{
	
	  $xxmmll = time().".xml";

      file_put_contents(plugin_dir_path(__FILE__)."/../xml/".$xxmmll, PHP_slashes($xml, "strip"));
	
	  mysql_query("insert into `".$table."` set  `title` = '".$ptitle."', `description` = '".$description."', `url` = '".$url."', `size` = '".$size."', `xml` = '".$xxmmll."', `sandbox`='1', `width`='".$width."', `height`='".$height."', `logo`='".$logo."', `playlistmod`='".$playlistmod."', `autoNext`='".$autoNext."', `shuffle`='".$shuffle."', `loop`='".$loop."', `scrollMode`='".$scrollMode."', `theme`='".$theme."',  `adddate` = now() ");
	  
	  $iiid = mysql_insert_id();	
	
	}
	
	?>
    
    <script language="javascript">
    
	document.location = "<?php echo get_bloginfo('url')."/wp-admin/admin.php?page=html5video_playlist&isuccess=Playlist saved successfully"; ?>";
	
	</script>
    
Exemplo n.º 28
0
     $message[0] = 'error';
     $message[1] = 'Вы не заполнили поля "заголовок".';
 }
 if (empty($message[0])) {
     $max_img_size_art_prev = $DB->getOne("SELECT `value` FROM `#__setting` WHERE `name`='max_img_size_art_prev' LIMIT 1;");
     $max_img_width_art_prev = $DB->getOne("SELECT `value` FROM `#__setting` WHERE `name`='max_img_width_art_prev' LIMIT 1;");
     $max_img_height_art_prev = $DB->getOne("SELECT `value` FROM `#__setting` WHERE `name`='max_img_height_art_prev' LIMIT 1;");
     $max_img_size_art_prev = $max_img_size_art_prev * 1024;
     $title = PHP_slashes(htmlspecialchars(strip_tags($_POST['title'])));
     $chpu = PHP_slashes(htmlspecialchars(strip_tags($_POST['chpu'])));
     if ($chpu == '') {
         $chpu = generate_chpu($title);
     }
     $cat = intval($_POST['cat']);
     $comments = intval($_POST['comments']);
     $text = PHP_slashes(markhtml($_POST['textarea1']));
     $date = time();
     $show_date = intval($_POST['show_date']);
     $original_url = htmlspecialchars(strip_tags($_POST['original_url']));
     $tags = $tags_ru = htmlspecialchars(strip_tags($_POST['tags']));
     $tags = explode(',', $tags);
     $tags_en = '';
     foreach ($tags as $tag) {
         $t_en = generate_chpu($tag);
         if (empty($tags_en)) {
             $tags_en = $t_en;
         } else {
             $tags_en = $tags_en . ', ' . $t_en;
         }
         $DB->show_err = FALSE;
         $sql = "\tINSERT INTO `#__tags` (`name_rus`, `name_eng`, `count`) \r\n\t\t\t\t\tVALUES ('" . strtolower($tag) . "', '" . $t_en . "','0')";
Exemplo n.º 29
0
<?php

/**
 *
 * CMS It-Solutions 0.1
 * Author: Vati Child
 * E-mail: vatia0@gmail.com
 * URL: www.it-solutions.ge
 *
 */
defined('_JEXEC') or die('Restricted access');
$time = time();
$value = PHP_slashes(htmlspecialchars(strip_tags($_GET['text'])));
if ($value == 'archive') {
    $sql_search = '';
} else {
    $sql_search = '(#__news.title LIKE "%' . $value . '%" or #__news.text LIKE "%' . $value . '%" or #__news.text_short LIKE "%' . $value . '%") and';
}
$registry['search'] = $DB->getAll('SELECT #__news.*,#__category.name,#__users.realname,#__category.cat_chpu,#__category.id as cat_id FROM #__news
                                         LEFT JOIN #__category ON #__category.id = #__news.cat
                                         LEFT JOIN #__users ON #__users.id = #__news.user
                                         WHERE ' . $sql_search . ' #__news.moderate=1 and #__category.section="post" and #__news.date <= ' . $time . ' order by #__news.date DESC LIMIT 21');
$registry['title'] = $value;
Exemplo n.º 30
0
     $san = intval($item[16]);
 }
 $lift = intval($arrSel[$item[17]]);
 if ($lift == 0) {
     $lift = intval($item[17]);
 }
 $detail = str_replace('[br]', "\n", PHP_slashes(htmlspecialchars(strip_tags($item[18]))));
 $hotenable = intval($arrSel2[$item[19]]);
 if ($hotenable == 0) {
     $hotenable = intval($item[19]);
 }
 $hottitle = str_replace('[br]', "\n", PHP_slashes(htmlspecialchars(strip_tags($item[20]))));
 $hotdesc = str_replace('[br]', "\n", PHP_slashes(htmlspecialchars(strip_tags($item[21]))));
 $title = str_replace('[br]', "\n", PHP_slashes(htmlspecialchars(strip_tags($item[22]))));
 $metak = str_replace('[br]', "\n", PHP_slashes(htmlspecialchars(strip_tags($item[23]))));
 $metad = str_replace('[br]', "\n", PHP_slashes(htmlspecialchars(strip_tags($item[24]))));
 if ($deal == 0) {
     $deal = intval($arrDeal[$item[1]]);
 }
 if ($tip == 0) {
     $continue++;
     continue;
 }
 if ($ryn == 0) {
     $ryn = intval($arrRyn[$item[3]]);
 }
 if ($ryn == 0) {
     $ryn = 1;
 }
 if ($id > 0) {
     $update++;