Hacking();
}
} else {
Hacking();
}
break;
//################### Сохранение отредактированых ###################//
//################### Сохранение отредактированых ###################//
case "save":
NoAjaxQuery();
if ($user_group[$user_info['user_group']]['addnews']) {
//Подключаем парсер
include ENGINE_DIR . '/classes/parse.php';
$parse = new parse();
$title = ajax_utf8(textFilter($_POST['title'], false, true));
$text = $parse->BBparse(ajax_utf8(textFilter($_POST['text'])));
$id = intval($_POST['id']);
function BBimg($source)
{
return "<img src=\"{$source}\" alt=\"\" />";
}
$text = preg_replace("#\\[img\\](.*?)\\[/img\\]#ies", "\\BBimg('\\1')", $text);
if (isset($title) and !empty($title) and isset($text) and !empty($text)) {
$db->query("UPDATE `" . PREFIX . "_blog` SET title = '{$title}', story = '{$text}' WHERE id = '{$id}'");
}
}
die;
break;
//################### Загрузка фотографии ###################//
//################### Загрузка фотографии ###################//
case "upload":
$row = $db->super_query("SELECT duser_id, ddownload_name FROM `" . PREFIX . "_doc` WHERE did = '{$did}'");
if ($row['duser_id'] == $user_id) {
@unlink(ROOT_DIR . "/uploads/doc/{$user_id}/" . $row['ddownload_name']);
$db->query("DELETE FROM `" . PREFIX . "_doc` WHERE did = '{$did}'");
//Обновляем кол-во док. у юзера
$db->query("UPDATE `" . PREFIX . "_users` SET user_doc_num = user_doc_num-1 WHERE user_id = '{$user_id}'");
mozg_mass_clear_cache_file("user_{$user_id}/profile_{$user_id}|user_{$user_id}/docs");
}
exit;
break;
//################### Сохранение отред.данных ###################//
//################### Сохранение отред.данных ###################//
case "editsave":
NoAjaxQuery();
$did = intval($_POST['did']);
$name = ajax_utf8(textFilter($_POST['name'], false, true));
$strLn = strlen($name);
if ($strLn > 50) {
$name = substr($name, 0, 50);
}
$row = $db->super_query("SELECT duser_id FROM `" . PREFIX . "_doc` WHERE did = '{$did}'");
if ($row['duser_id'] == $user_id and isset($name) and !empty($name)) {
$db->query("UPDATE `" . PREFIX . "_doc`SET dname = '{$name}' WHERE did = '{$did}'");
mozg_mass_clear_cache_file("user_{$user_id}/profile_{$user_id}|user_{$user_id}/docs");
}
exit;
break;
//################### Скачивание документа с сервера ###################//
//################### Скачивание документа с сервера ###################//
case "download":
NoAjaxQuery();
<?php
/*
Appointment: Статус
File: status.php
*/
if (!defined('MOZG')) {
die('Hacking attempt!');
}
NoAjaxQuery();
if ($logged) {
$user_id = $user_info['user_id'];
$text = ajax_utf8(textFilter($_POST['text'], false, true));
$db->query("UPDATE `" . PREFIX . "_users` SET user_status = '{$text}' WHERE user_id = '{$user_id}'");
echo stripslashes(stripslashes(textFilter(ajax_utf8($_POST['text']))));
//Чистим кеш
mozg_clear_cache_file('user_' . $user_id . '/profile_' . $user_id);
mozg_clear_cache();
}
die;
if ($new_pass == $new_pass2) {
$db->query("UPDATE `" . PREFIX . "_users` SET user_password = '******' WHERE user_id = '{$user_id}'");
} else {
echo '2';
}
} else {
echo '1';
}
die;
break;
//################### Изменение имени ###################//
//################### Изменение имени ###################//
case "newname":
NoAjaxQuery();
$user_name = ajax_utf8(textFilter($_POST['name']));
$user_lastname = ajax_utf8(textFilter(ucfirst($_POST['lastname'])));
//Проверка имени
if (isset($user_name)) {
if (strlen($user_name) >= 2) {
if (!preg_match("/^[a-zA-Zа-яА-Я]+\$/", $user_name)) {
$errors = 3;
}
} else {
$errors = 2;
}
} else {
$errors = 1;
}
//Проверка фамилии
if (isset($user_lastname)) {
if (strlen($user_lastname) >= 2) {
$wall = new wall();
$wall->query("SELECT SQL_CALC_FOUND_ROWS tb1.id, text, public_id, add_date, fasts_num, attach, likes_num, likes_users, tell_uid, public, tell_date, tell_comm, tb2.title, photo, comments FROM `" . PREFIX . "_communities_wall` tb1, `" . PREFIX . "_communities` tb2 WHERE tb1.public_id = '{$id}' AND tb1.public_id = tb2.id AND fast_comm_id = 0 ORDER by `add_date` DESC LIMIT 0, {$limit_select}");
$wall->template('groups/record.tpl');
$wall->compile('content');
$wall->select($public_admin, $server_time);
AjaxTpl();
}
die;
break;
//################### Добавление комментария к записи ###################//
//################### Добавление комментария к записи ###################//
case "wall_send_comm":
NoAjaxQuery();
$rec_id = intval($_POST['rec_id']);
$public_id = intval($_POST['public_id']);
$wall_text = ajax_utf8(textFilter($_POST['wall_text']));
//Проверка на админа и проверяем включены ли комменты
$row = $db->super_query("SELECT tb1.fasts_num, tb2.admin, comments FROM `" . PREFIX . "_communities_wall` tb1, `" . PREFIX . "_communities` tb2 WHERE tb1.public_id = tb2.id AND tb1.id = '{$rec_id}'");
if ($row['comments'] or stripos($row['admin'], "u{$user_id}|") !== false and isset($wall_text) and !empty($wall_text)) {
//Вставляем саму запись в БД
$db->query("INSERT INTO `" . PREFIX . "_communities_wall` SET public_id = '{$user_id}', text = '{$wall_text}', add_date = '{$server_time}', fast_comm_id = '{$rec_id}'");
$db->query("UPDATE `" . PREFIX . "_communities_wall` SET fasts_num = fasts_num+1 WHERE id = '{$rec_id}'");
$row['fasts_num'] = $row['fasts_num'] + 1;
if ($row['fasts_num'] > 3) {
$comments_limit = $row['fasts_num'] - 3;
} else {
$comments_limit = 0;
}
$sql_comments = $db->super_query("SELECT SQL_CALC_FOUND_ROWS tb1.id, public_id, text, add_date, tb2.user_photo, user_search_pref FROM `" . PREFIX . "_communities_wall` tb1, `" . PREFIX . "_users` tb2 WHERE tb1.public_id = tb2.user_id AND tb1.fast_comm_id = '{$rec_id}' ORDER by `add_date` ASC LIMIT {$comments_limit}, 3", 1);
//Загружаем кнопку "Показать N запсии"
$tpl->load_template('groups/record.tpl');
$tpl->set('{privacy-text}', strtr($album_privacy[0], array('1' => 'Все пользователи', '2' => 'Только друзья', '3' => 'Только я')));
$tpl->set('{privacy-comment}', $album_privacy[1]);
$tpl->set('{privacy-comment-text}', strtr($album_privacy[1], array('1' => 'Все пользователи', '2' => 'Только друзья', '3' => 'Только я')));
$tpl->compile('content');
AjaxTpl();
}
die;
break;
//################### Сохранение настроек альбома ###################//
//################### Сохранение настроек альбома ###################//
case "save_album":
NoAjaxQuery();
$id = intval($_POST['id']);
$user_id = $user_info['user_id'];
$name = ajax_utf8(textFilter($_POST['name'], false, true));
$descr = ajax_utf8(textFilter($_POST['descr']));
$privacy = intval($_POST['privacy']);
$privacy_comm = intval($_POST['privacy_comm']);
if ($privacy <= 0 or $privacy > 3) {
$privacy = 1;
}
if ($privacy_comm <= 0 or $privacy_comm > 3) {
$privacy_comm = 1;
}
$sql_privacy = $privacy . '|' . $privacy_comm;
//Проверка на существование юзера
$chekc_user = $db->super_query("SELECT privacy FROM `" . PREFIX . "_albums` WHERE aid = '{$id}' AND user_id = '{$user_id}'");
if ($chekc_user) {
if (isset($name) and !empty($name)) {
$db->query("UPDATE `" . PREFIX . "_albums` SET name = '{$name}', descr = '{$descr}', privacy = '{$sql_privacy}' WHERE aid = '{$id}'");
echo stripslashes($name) . '|#|||#row#|||#|' . stripslashes($descr);
$fid = intval($_POST['fid']);
$row = $db->super_query("SELECT fuser_id, public_id FROM `" . PREFIX . "_communities_forum` WHERE fid = '{$fid}'");
$row2 = $db->super_query("SELECT admin, discussion FROM `" . PREFIX . "_communities` WHERE id = '{$row['public_id']}'");
if (stripos($row2['admin'], "u{$user_id}|") !== false) {
$public_admin = true;
} else {
$public_admin = false;
}
if ($user_info['user_group'] == 1 or $public_admin or $row['fuser_id'] == $user_id and $row2['discussion']) {
//Голосование
$vote_title = ajax_utf8(textFilter($_POST['vote_title'], false, true));
$vote_answer_1 = ajax_utf8(textFilter($_POST['vote_answer_1'], false, true));
$ansers_list = array();
if (isset($vote_title) and !empty($vote_title) and isset($vote_answer_1) and !empty($vote_answer_1)) {
for ($vote_i = 1; $vote_i <= 10; $vote_i++) {
$vote_answer = ajax_utf8(textFilter($_POST['vote_answer_' . $vote_i], false, true));
$vote_answer = str_replace('|', '|', $vote_answer);
if ($vote_answer) {
$ansers_list[] = $vote_answer;
}
}
$sql_answers_list = implode('|', $ansers_list);
//Вставляем голосование в БД
$db->query("INSERT INTO `" . PREFIX . "_votes` SET title = '{$vote_title}', answers = '{$sql_answers_list}'");
$db->query("UPDATE `" . PREFIX . "_communities_forum` SET vote = '{$db->insert_id()}' WHERE fid = '{$fid}'");
}
}
exit;
break;
//################### Просмотр темы ###################//
//################### Просмотр темы ###################//
$img = '/uploads/apps/no.gif';
} else {
$img = '/uploads/apps/' . $sql['id'] . '/' . $sql['img'];
}
$text = $sex . ' приложение <a href="/apps?i=' . $sql['id'] . '" onclick="apps.view(\'' . $attach_type[1] . '\', this.href, \' \'); return false;">' . $sql['title'] . '</a>. Присоединяйся!';
$attach = 'apps|' . $sql['id'] . '|' . $sql['img'] . '||';
$db->query("INSERT INTO `" . PREFIX . "_wall` (author_user_id,add_date,text,attach,for_user_id) VALUES ('" . $user_id . "','" . $server_time . "','" . $text . "','" . $attach . "','" . $user_id . "')");
$db->query("UPDATE `" . PREFIX . "_users` SET user_wall_num = user_wall_num+1 WHERE user_id = '{$user_id}'");
//Чистим кеш
mozg_clear_cache_file('user_' . $user_id . '/profile_' . $user_id);
mozg_clear_cache();
break;
//############### Поиск по приложениям ##################
//############### Поиск по приложениям ##################
case "search":
$application = $db->safesql(ajax_utf8(strip_data(urldecode($_POST['query_application']))));
$application = strtr($application, array(' ' => '%'));
$sql = $db->super_query("SELECT * FROM `" . PREFIX . "_apps` WHERE title LIKE '%{$application}%'", 1);
foreach ($sql as $row_app) {
$num = $row_app['cols'];
//Если нету Изображение Приложения то ставим стандарт..
if ($row_app['img']) {
$application_img = $config['home_url'] . 'uploads/apps/' . $row_app['id'] . '/' . $row_app['img'];
} else {
$application_img = '/images/no_apps.gif';
}
$search_aps .= '
<div class="apps_application apps_application2 apps_last_new" id="{id}">
<a class="apps_mr" href="/apps?i=' . $row_app['id'] . '" onClick="apps.view(\'' . $row_app['id'] . '\', this.href, \'/apps\'); return false">
$type = strtolower(end(explode(".", $file_name)));
// формат файла
if ($type == 'mp3' and $config['audio_mod_add'] == 'yes' and $file_size < 10000000) {
$audio_dir = ROOT_DIR . '/uploads/audio/' . $user_id . '/';
if (!is_dir($audio_dir)) {
@mkdir($audio_dir, 0777);
@chmod($audio_dir, 0777);
}
$res_type = '.' . $type;
if (move_uploaded_file($file_tmp, $audio_dir . $file_rename . $res_type)) {
//Узнаем исполнителя и название песни по id3
include ENGINE_DIR . "/classes/id3v2.php";
$id3v2 = new Id3v2();
$res = $id3v2->read(ROOT_DIR . '/uploads/audio/' . $user_id . '/' . $file_rename . $res_type);
$artist = ajax_utf8(textFilter($res['Artist'], false, true));
$name = ajax_utf8(textFilter($res['Title'], false, true));
if (isset($artist) and empty($artist)) {
$artist = 'Неизвестный исполнитель';
}
if (isset($name) and empty($name)) {
$name = 'Без названия';
}
$lnk = $config['home_url'] . 'uploads/audio/' . $user_id . '/' . $file_rename . $res_type;
$db->query("INSERT INTO `" . PREFIX . "_audio` SET auser_id = '" . $user_id . "', url = '" . $lnk . "', artist = '" . $artist . "', name = '" . $name . "', adate = '" . $server_time . "'");
$db->query("UPDATE `" . PREFIX . "_users` SET user_audio = user_audio+1 WHERE user_id = '" . $user_id . "'");
mozg_mass_clear_cache_file('user_' . $user_id . '/audios_profile|user_' . $user_id . '/profile_' . $user_id);
} else {
echo 1;
}
} else {
echo 1;
$db->query("INSERT INTO `" . PREFIX . "_photos_mark` SET muser_id = '" . $muser_id . "', mphoto_id = '" . $photo_id . "', mdate = '" . $server_time . "', msettings_pos = '" . $msettings_pos . "', mapprove = '" . $approve . "', mmark_user_id = '" . $user_id . "'");
if ($user_id != $muser_id) {
$db->query("UPDATE `" . PREFIX . "_users` SET user_new_mark_photos = user_new_mark_photos+1 WHERE user_id = '" . $muser_id . "'");
}
} else {
$db->query("INSERT INTO `" . PREFIX . "_photos_mark` SET muser_id = '" . rand(0, 100000) . "', mphoto_id = '" . $photo_id . "', mdate = '" . $server_time . "', msettings_pos = '" . $msettings_pos . "', mphoto_name = '" . $mphoto_name . "', mmark_user_id = '" . $user_id . "', mapprove = 1");
}
}
mozg_clear_cache_file('photos_mark/p' . $photo_id);
break;
//################### Удаление отметки ###################//
//################### Удаление отметки ###################//
case "mark_del":
$photo_id = intval($_POST['photo_id']);
$muser_id = intval($_POST['user_id']);
$mphoto_name = ajax_utf8(strip_data(textFilter($_POST['user_name'], false, true)));
$row = $db->super_query("SELECT user_id FROM `" . PREFIX . "_photos` WHERE id = '" . $photo_id . "'");
if ($mphoto_name and $muser_id == 0) {
$row_mark = $db->super_query("SELECT mmark_user_id FROM `" . PREFIX . "_photos_mark` WHERE mphoto_id = '" . $photo_id . "' AND mphoto_name = '" . $mphoto_name . "'");
} else {
$row_mark = $db->super_query("SELECT mmark_user_id, mapprove FROM `" . PREFIX . "_photos_mark` WHERE mphoto_id = '" . $photo_id . "' AND muser_id = '" . $muser_id . "'");
}
if ($row['user_id'] == $user_id or $user_id == $muser_id or $user_id == $row_mark['mmark_user_id']) {
if ($mphoto_name and $muser_id == 0) {
$db->query("DELETE FROM `" . PREFIX . "_photos_mark` WHERE mphoto_id = '" . $photo_id . "' AND mphoto_name = '" . $mphoto_name . "'");
} else {
$db->query("DELETE FROM `" . PREFIX . "_photos_mark` WHERE mphoto_id = '" . $photo_id . "' AND muser_id = '" . $muser_id . "' AND mphoto_name = ''");
if (!$row_mark['mapprove']) {
$db->query("UPDATE `" . PREFIX . "_users` SET user_new_mark_photos = user_new_mark_photos-1 WHERE user_id = '" . $muser_id . "'");
}
}
case "create_ads":
//top tabs bar
$tpl->load_template('ads/ads_top.tpl');
$tpl->set('[create_ads]', '');
$tpl->set('[/create_ads]', '');
$tpl->set_block("'\\[ads_view_all\\](.*?)\\[/ads_view_all\\]'si", "");
$tpl->set_block("'\\[ads_view_my\\](.*?)\\[/ads_view_my\\]'si", "");
$tpl->compile('info');
$tpl->load_template('ads/ads_create.tpl');
$tpl->compile('content');
break;
//Записываем все данные в базу данных
//Записываем все данные в базу данных
case "add_ads":
$title = ajax_utf8(textFilter($_POST['title']));
$description = ajax_utf8(textFilter($_POST['description']));
$link_photos = textFilter2($_POST['link_photos']);
$link_site = textFilter2($_POST['link_site']);
$category = numFilter2($_POST['category']);
$transitions = numFilter2($_POST['transitions']);
$ubalance = $db->super_query("SELECT user_balance FROM `" . PREFIX . "_users` WHERE user_id = '{$user_id}'");
if ($transitions <= $ubalance['user_balance']) {
if ($title and $link_photos and $link_site and $transitions and $description) {
$db->query("INSERT INTO `" . PREFIX . "_ads` SET settings = '{$title}', description = '{$description}', links = '{$link_site}', link = '{$link_photos}', category = '{$category}', views = '{$transitions}', user_id = '{$user_id}'");
$db->query("UPDATE `" . PREFIX . "_users` SET user_balance=user_balance-'{$transitions}' WHERE user_id='{$user_id}'");
echo '1';
} else {
echo '2';
}
} else {
echo '3';
NoAjaxQuery();
$qid = intval($_POST['qid']);
if ($user_info['user_group'] == 4) {
$row = $db->super_query("SELECT COUNT(*) AS cnt FROM `" . PREFIX . "_support` WHERE id = '{$qid}'");
if ($row['cnt']) {
$db->query("UPDATE `" . PREFIX . "_support` SET sfor_user_id = 0 WHERE id = '{$qid}'");
}
}
die;
break;
//################### Отправка ответа ###################//
//################### Отправка ответа ###################//
case "answer":
NoAjaxQuery();
$qid = intval($_POST['qid']);
$answer = ajax_utf8(textFilter($_POST['answer']));
$check = $db->super_query("SELECT suser_id FROM `" . PREFIX . "_support` WHERE id = '{$qid}'");
if ($check['suser_id'] == $user_id or $user_info['user_group'] == 4 and isset($answer) and !empty($answer)) {
if ($user_info['user_group'] == 4) {
$auser_id = 0;
$db->query("UPDATE `" . PREFIX . "_users` SET user_support = user_support+1 WHERE user_id = '{$check['suser_id']}'");
} else {
$auser_id = $user_id;
}
$answer = preg_replace('`(http(?:s)?://\\w+[^\\s\\[\\]\\<]+)`i', '<!--link:$1--><a href="$1" target="_blank">$1</a><!--/link-->', $answer);
$db->query("INSERT INTO `" . PREFIX . "_support_answers` SET qid = '{$qid}', auser_id = '{$auser_id}', adate = '{$server_time}', answer = '{$answer}'");
$db->query("UPDATE `" . PREFIX . "_support` SET sfor_user_id = '{$auser_id}', sdate = '{$server_time}' WHERE id = '{$qid}'");
$row = $db->super_query("SELECT user_search_pref, user_photo FROM `" . PREFIX . "_users` WHERE user_id = '{$user_id}'");
$tpl->load_template('support/answer.tpl');
if (!$auser_id) {
$tpl->set('{name}', 'Агент поддержки');
}
$row = $db->super_query("SELECT user_balance FROM `" . PREFIX . "_users` WHERE user_id = '{$user_id}'");
echo "<style>#box_bottom_left_text{padding-top:6px;float:left}</style><script>\$('#box_bottom_left_text').html('У Вас <b>{$row['user_balance']} голос.</b>');</script>";
die;
break;
//################### Отправка подарка в БД ###################//
//################### Отправка подарка в БД ###################//
case "send":
NoAjaxQuery();
$for_user_id = intval($_POST['for_user_id']);
$gift = intval($_POST['gift']);
$privacy = intval($_POST['privacy']);
if ($privacy < 0 or $privacy > 3) {
$privacy = 1;
}
$msg = ajax_utf8(textFilter($_POST['msg']));
$gifts = $db->super_query("SELECT price FROM `" . PREFIX . "_gifts_list` WHERE img = '" . $gift . "'");
//Выводим текущий баланс свой
$row = $db->super_query("SELECT user_balance FROM `" . PREFIX . "_users` WHERE user_id = '{$user_id}'");
if ($gifts['price'] and $user_id != $for_user_id) {
if ($row['user_balance'] >= $gifts['price']) {
$db->query("INSERT INTO `" . PREFIX . "_gifts` SET uid = '{$for_user_id}', gift = '{$gift}', msg = '{$msg}', privacy = '{$privacy}', gdate = '{$server_time}', from_uid = '{$user_id}', status = 1");
$db->query("UPDATE `" . PREFIX . "_users` SET user_balance = user_balance-{$gifts['price']} WHERE user_id = '{$user_id}'");
$db->query("UPDATE `" . PREFIX . "_users` SET user_gifts = user_gifts+1 WHERE user_id = '{$for_user_id}'");
//Вставляем событие в моментальные оповещания
$row_owner = $db->super_query("SELECT user_last_visit FROM `" . PREFIX . "_users` WHERE user_id = '{$for_user_id}'");
$update_time = $server_time - 70;
if ($row_owner['user_last_visit'] >= $update_time) {
$action_update_text = "<img src=\"/uploads/gifts/{$gift}.png\" align=\"right\" width=\"50\">";
$db->query("INSERT INTO `" . PREFIX . "_updates` SET for_user_id = '{$for_user_id}', from_user_id = '{$user_info['user_id']}', type = '7', date = '{$server_time}', text = '{$action_update_text}', user_photo = '{$user_info['user_photo']}', user_search_pref = '{$user_info['user_search_pref']}', lnk = '/gifts{$user_info['user_id']}'");
mozg_create_cache("user_{$for_user_id}/updates", 1);
$db->query("INSERT INTO `" . PREFIX . "_communities_wall` SET public_id = '{$sel_group}', text = '{$row['text']}', attach = '{$row['attach']}', add_date = '{$server_time}', tell_uid = '{$tell_uid}', tell_date = '{$tell_date}', public = '{$row['public']}', tell_comm = '{$comm}'");
$dbid = $db->insert_id();
$db->query("UPDATE `" . PREFIX . "_communities` SET rec_num = rec_num+1 WHERE id = '{$sel_group}'");
//Вставляем в ленту новотсей
$db->query("INSERT INTO `" . PREFIX . "_news` SET ac_user_id = '{$sel_group}', action_type = 11, action_text = '{$row['text']}', obj_id = '{$dbid}', action_time = '{$server_time}'");
} else {
echo 1;
}
die;
break;
//################### Если выбрано " Отправить личным сообщением" ###################//
//################### Если выбрано " Отправить личным сообщением" ###################//
case "message":
NoAjaxQuery();
$for_user_id = intval($_POST['for_user_id']);
$tell_comm = ajax_utf8(textFilter($_POST['comm']));
$rid = intval($_POST['rec_id']);
if ($user_id != $for_user_id) {
//Проверка на существование получателя
$row = $db->super_query("SELECT user_privacy FROM `" . PREFIX . "_users` WHERE user_id = '{$for_user_id}'");
if ($row) {
//Приватность
$user_privacy = xfieldsdataload($row['user_privacy']);
//ЧС
$CheckBlackList = CheckBlackList($for_user_id);
//Проверка естьли запрашиваемый юзер в друзьях у юзера который смотрит стр
if ($user_privacy['val_msg'] == 2) {
$check_friend = CheckFriends($for_user_id);
}
if (!$CheckBlackList and $user_privacy['val_msg'] == 1 or $user_privacy['val_msg'] == 2 and $check_friend) {
$xPrivasy = 1;
$newpostedxfields[$value[0]] = $postedxfields[$value[0]];
if ($value[2] == "select") {
$options = explode("\r\n", $value[3]);
$newpostedxfields[$value[0]] = $options[$postedxfields[$value[0]]] . '|1';
}
}
$postedxfields = $newpostedxfields;
foreach ($postedxfields as $xfielddataname => $xfielddatavalue) {
if (!$xfielddatavalue) {
continue;
}
$expxfielddatavalue = explode('|', $xfielddatavalue);
if ($expxfielddatavalue[1]) {
$xfielddatavalue = str_replace('|1', '', textFilter($xfielddatavalue));
} else {
$xfielddatavalue = ajax_utf8(textFilter($xfielddatavalue));
}
$xfielddataname = $db->safesql($xfielddataname);
if (isset($xfielddatavalue) and !empty($xfielddatavalue)) {
$xfielddataname = str_replace("|", "|", $xfielddataname);
$xfielddatavalue = str_replace("|", "|", $xfielddatavalue);
$filecontents[] = "{$xfielddataname}|{$xfielddatavalue}";
}
}
if ($filecontents) {
$filecontents = implode("||", $filecontents);
} else {
$filecontents = '';
}
$db->query("UPDATE `" . PREFIX . "_users` SET xfields = '{$filecontents}' WHERE user_id = '{$user_info['user_id']}'");
mozg_clear_cache_file('user_' . $user_info['user_id'] . '/profile_' . $user_info['user_id']);
/*
Appointment: Отправка массовых сообщений
File: mail.php
*/
if (!defined('MOZG')) {
die('Hacking attempt!');
}
$act = $_GET['act'];
switch ($act) {
//################### Начало рассылки ###################//
case "send":
$limit = intval($_POST['limit']);
$lastid = intval($_POST['lastid']);
$title = textFilter(ajax_utf8($_POST['title']), false, true);
$_POST['text'] = ajax_utf8($_POST['text']);
$sql_ = $db->super_query("SELECT SQL_CALC_FOUND_ROWS user_search_pref, user_email FROM `" . PREFIX . "_users` ORDER by `user_id` ASC LIMIT " . $lastid . ", " . $limit, 1);
if ($sql_) {
include_once ENGINE_DIR . '/classes/mail.php';
$mail = new dle_mail($config, true);
foreach ($sql_ as $row) {
$find = array('/data:/i', '/about:/i', '/vbscript:/i', '/onclick/i', '/onload/i', '/onunload/i', '/onabort/i', '/onerror/i', '/onblur/i', '/onchange/i', '/onfocus/i', '/onreset/i', '/onsubmit/i', '/ondblclick/i', '/onkeydown/i', '/onkeypress/i', '/onkeyup/i', '/onmousedown/i', '/onmouseup/i', '/onmouseover/i', '/onmouseout/i', '/onselect/i', '/javascript/i', '/javascript/i');
$replace = array("data:", "about:", "vbscript<b></b>:", "onclick", "onload", "onunload", "onabort", "onerror", "onblur", "onchange", "onfocus", "onreset", "onsubmit", "ondblclick", "onkeydown", "onkeypress", "onkeyup", "onmousedown", "onmouseup", "onmouseover", "onmouseout", "onselect", "javascript");
$message_send = preg_replace($find, $replace, $_POST['text']);
$message_send = preg_replace("#<iframe#i", "<iframe", $message_send);
$message_send = preg_replace("#<script#i", "<script", $message_send);
$message_send = str_replace("<?", "<?", $message_send);
$message_send = str_replace("?>", "?>", $message_send);
$message_send = $db->safesql($message_send);
$message_send = str_replace("{%user-name%}", $row['user_search_pref'], $_POST['text']);
$mail->send($row['user_email'], $title, $message_send);
/*
Appointment: Просмотр фотографии
File: photo.php
*/
if (!defined('MOZG')) {
die('Hacking attempt!');
}
if ($logged) {
$act = $_GET['act'];
$user_id = $user_info['user_id'];
switch ($act) {
//################### Добавления комментария ###################//
case "addcomm":
NoAjaxQuery();
$pid = intval($_POST['pid']);
$comment = ajax_utf8(textFilter($_POST['comment']));
$date = date('Y-m-d H:i:s', $server_time);
$hash = md5($user_id . $server_time . $_IP . $user_info['user_email'] . rand(0, 1000000000)) . $comment . $pid;
$check_photo = $db->super_query("SELECT album_id, user_id, photo_name FROM `" . PREFIX . "_photos` WHERE id = '{$pid}'");
//Проверка естьли запрашиваемый юзер в друзьях у юзера который смотрит стр
if ($user_info['user_id'] != $check_photo['user_id']) {
$check_friend = CheckFriends($check_photo['user_id']);
$row_album = $db->super_query("SELECT privacy FROM `" . PREFIX . "_albums` WHERE aid = '{$check_photo['album_id']}'");
$album_privacy = explode('|', $row_album['privacy']);
}
//ЧС
$CheckBlackList = CheckBlackList($check_photo['user_id']);
//Проверка на существование фотки и приватность
if (!$CheckBlackList and $check_photo and $album_privacy[1] == 1 or $album_privacy[1] == 2 and $check_friend or $user_info['user_id'] == $check_photo['user_id']) {
$db->query("INSERT INTO `" . PREFIX . "_photos_comments` (pid, user_id, text, date, hash, album_id, owner_id, photo_name) VALUES ('{$pid}', '{$user_id}', '{$comment}', '{$date}', '{$hash}', '{$check_photo['album_id']}', '{$check_photo['user_id']}', '{$check_photo['photo_name']}')");
$id = $db->insert_id();
mozg_clear_cache_file("groups/audio{$pid}");
}
exit;
break;
//################### Поиск ###################//
//################### Поиск ###################//
case "search":
NoAjaxQuery();
$sql_limit = 20;
if ($_POST['page'] > 0) {
$page_cnt = intval($_POST['page']) * $sql_limit;
} else {
$page_cnt = 0;
}
$pid = intval($_POST['pid']);
$query = $db->safesql(ajax_utf8(strip_data($_POST['query'])));
$query = strtr($query, array(' ' => '%'));
//Замеянем пробелы на проценты чтоб тоиск был точнее
$adres = strip_tags($_POST['adres']);
$row_count = $db->super_query("SELECT COUNT(*) AS cnt FROM `" . PREFIX . "_audio` WHERE MATCH (name, artist) AGAINST ('%{$query}%') OR artist LIKE '%{$query}%' OR name LIKE '%{$query}%'");
$sql_ = $db->super_query("SELECT SQL_CALC_FOUND_ROWS " . PREFIX . "_audio.aid, url, artist, name, auser_id, " . PREFIX . "_users.user_search_pref FROM " . PREFIX . "_audio LEFT JOIN " . PREFIX . "_users ON " . PREFIX . "_audio.auser_id = " . PREFIX . "_users.user_id WHERE MATCH (name, artist) AGAINST ('%{$query}%') OR artist LIKE '%{$query}%' OR name LIKE '%{$query}%' ORDER by `adate` DESC LIMIT {$page_cnt}, {$sql_limit}", 1);
$infoGroup = $db->super_query("SELECT admin FROM `" . PREFIX . "_communities` WHERE id = '{$pid}'");
if (stripos($infoGroup['admin'], "u{$user_id}|") !== false) {
$public_admin = true;
} else {
$public_admin = false;
}
$tpl->load_template('public_audio/search_result.tpl');
$jid = intval($page_cnt);
if ($sql_) {
if (!$page_cnt) {
} else {
$tpl->set('{my-ava}', '/images/no_ava_50.png');
}
$tpl->compile('content');
}
AjaxTpl();
die;
break;
//################### Обновление диалогов ###################//
//################### Обновление диалогов ###################//
case "upDialogs":
NoAjaxQuery();
$update = mozg_cache('user_' . $user_id . '/im_update');
if ($update) {
$sql_ = $db->super_query("SELECT SQL_CALC_FOUND_ROWS tb1.msg_num, im_user_id FROM `" . PREFIX . "_im` tb1, `" . PREFIX . "_users` tb2 WHERE tb1.iuser_id = '" . $user_id . "' AND tb1.im_user_id = tb2.user_id AND msg_num > 0 ORDER by `idate` DESC LIMIT 0, 50", 1);
foreach ($sql_ as $row) {
$res .= '$("#upNewMsg' . $row['im_user_id'] . '").html(\'<div class="im_new fl_l" id="msg_num' . $row['im_user_id'] . '">' . $row['msg_num'] . '</div>\').show();';
}
if ($user_info['user_pm_num']) {
$user_pm_num_2 = "+" . $user_info['user_pm_num'];
$doc_title = 'document.title = \'(' . $user_info['user_pm_num'] . ') Новые сообщения\';';
} else {
$doc_title = 'document.title = \'Диалоги\';';
mozg_create_cache('user_' . $user_id . '/im_update', '0');
}
echo '<script type="text/javascript">
' . $doc_title . '
$(\'#new_msg\').html(\'' . $user_pm_num_2 . '\');
' . $res . '
</script>';
}
if ($ajax == 'yes') {
NoAjaxQuery();
}
if ($logged) {
$act = $_GET['act'];
$user_id = $user_info['user_id'];
switch ($act) {
//################### Отправка сообщения ###################//
case "send":
NoAjaxQuery();
$for_user_id = intval($_POST['for_user_id']);
$msg = ajax_utf8(textFilter($_POST['msg']));
$attach_files = ajax_utf8(textFilter($_POST['attach_files']));
$my_ava = ajax_utf8(textFilter($_POST['my_ava'], false, true));
$my_name = ajax_utf8(textFilter($_POST['my_name'], false, true));
$attach_files = ajax_utf8(textFilter($_POST['attach_files'], false, true));
$attach_files = str_replace('vote|', 'hack|', $attach_files);
if ($user_id != $for_user_id and $for_user_id and isset($msg) and !empty($msg) or isset($attach_files) or !empty($attach_files)) {
//Проверка на существование получателя
$row = $db->super_query("SELECT user_privacy FROM `" . PREFIX . "_users` WHERE user_id = '" . $for_user_id . "'");
if ($row) {
//Приватность
$user_privacy = xfieldsdataload($row['user_privacy']);
//ЧС
$CheckBlackList = CheckBlackList($for_user_id);
//Проверка естьли запрашиваемый юзер в друзьях у юзера который смотрит стр
if ($user_privacy['val_msg'] == 2) {
$check_friend = CheckFriends($for_user_id);
}
if (!$CheckBlackList and $user_privacy['val_msg'] == 1 or $user_privacy['val_msg'] == 2 and $check_friend) {
$xPrivasy = 1;
<?php
/*
Appointment: ∆алобы
File: report.php
*/
if (!defined('MOZG')) {
die('Hacking attempt!');
}
NoAjaxQuery();
if ($logged) {
$act = textFilter($_POST['act']);
$mid = intval($_POST['id']);
$type_report = intval($_POST['type_report']);
$text_report = ajax_utf8(textFilter($_POST['text_report']));
$arr_act = array('photo', 'video', 'note', 'wall');
if ($act == 'wall') {
$type_report = 6;
}
if (in_array($act, $arr_act) and $mid and $type_report <= 6 and $type_report > 0) {
$check = $db->super_query("SELECT COUNT(*) AS cnt FROM `" . PREFIX . "_report` WHERE ruser_id = '" . $user_info['user_id'] . "' AND mid = '" . $mid . "' AND act = '" . $act . "'");
if (!$check['cnt']) {
$db->query("INSERT INTO `" . PREFIX . "_report` SET act = '" . $act . "', type = '" . $type_report . "', text = '" . $text_report . "', mid = '" . $mid . "', date = '" . $server_time . "', ruser_id = '" . $user_info['user_id'] . "'");
}
}
}
die;
$user_month = 0;
}
$user_year = intval($_POST['year']);
if ($user_year < 1930 or $user_year > 2007) {
$user_year = 0;
}
$user_country = intval($_POST['country']);
if ($user_country < 0 or $user_country > 10) {
$user_country = 0;
}
$user_city = intval($_POST['city']);
if ($user_city < 0 or $user_city > 1587) {
$user_city = 0;
}
$_POST['password_first'] = ajax_utf8($_POST['password_first']);
$_POST['password_second'] = ajax_utf8($_POST['password_second']);
$password_first = GetVar($_POST['password_first']);
$password_second = GetVar($_POST['password_second']);
//$password_reg = GetVar($_POST['password_second']);
$password_reg = '';
$user_birthday = $user_year . '-' . $user_month . '-' . $user_day;
$errors = array();
//Проверка имени
if (preg_match("/^[a-zA-Zа-яА-Я]+\$/", $user_name) and strlen($user_name) >= 2) {
$errors[] = 0;
}
//Проверка фамилии
if (preg_match("/^[a-zA-Zа-яА-Я]+\$/", $user_lastname) and strlen($user_lastname) >= 2) {
$errors[] = 0;
}
//Проверка E-mail
$db->query("UPDATE `" . PREFIX . "_restore` SET hash = '{$newhash}' WHERE email = '{$row['email']}'");
$tpl->compile('content');
} else {
$speedbar = $lang['no_infooo'];
msgbox('', $lang['restore_badlink'], 'info');
}
break;
//################### Смена пароля ###################//
//################### Смена пароля ###################//
case "finish":
NoAjaxQuery();
$hash = $db->safesql(strip_data($_POST['hash']));
$row = $db->super_query("SELECT email FROM `" . PREFIX . "_restore` WHERE hash = '{$hash}' AND ip = '{$_IP}'");
if ($row) {
$_POST['new_pass'] = ajax_utf8($_POST['new_pass']);
$_POST['new_pass2'] = ajax_utf8($_POST['new_pass2']);
$new_pass = md5(md5($_POST['new_pass']));
$new_pass2 = md5(md5($_POST['new_pass2']));
if (strlen($new_pass) >= 6 and $new_pass == $new_pass2) {
$db->query("UPDATE `" . PREFIX . "_users` SET user_password = '******' WHERE user_email = '{$row['email']}'");
$db->query("DELETE FROM `" . PREFIX . "_restore` WHERE email = '{$row['email']}'");
}
}
die;
break;
default:
$tpl->load_template('restore/main.tpl');
$tpl->compile('content');
}
$tpl->clear();
$db->free();
}
} else {
echo 1;
}
}
die;
break;
//################### Парсер информации о ссылке ###################//
//################### Парсер информации о ссылке ###################//
case "parse_link":
$lnk = 'http://' . str_replace('http://', '', trim($_POST['lnk']));
$check_url = @get_headers(stripslashes($lnk));
if (strpos($check_url[0], '200')) {
$open_lnk = @file_get_contents($lnk);
if (stripos(strtolower($open_lnk), 'charset=utf-8') or stripos(strtolower($check_url[2]), 'charset=utf-8')) {
$open_lnk = ajax_utf8($open_lnk);
}
preg_match("/<meta property=(\"|')og:title(\"|') content=(\"|')(.*?)(\"|')(.*?)>/is", $open_lnk, $parse_title);
if (!$parse_title[4]) {
preg_match("/<meta name=(\"|')title(\"|') content=(\"|')(.*?)(\"|')(.*?)>/is", $open_lnk, $parse_title);
}
$res_title = $parse_title[4];
if (!$res_title) {
preg_match_all('`(<title>[^\\[]+\\</title>)`si', $open_lnk, $parse);
$res_title = str_replace(array('<title>', '</title>'), '', $parse[1][0]);
}
preg_match("/<meta property=(\"|')og:description(\"|') content=(\"|')(.*?)(\"|')(.*?)>/is", $open_lnk, $parse_descr);
if (!$parse_descr[4]) {
preg_match("/<meta name=(\"|')description(\"|') content=(\"|')(.*?)(\"|')(.*?)>/is", $open_lnk, $parse_descr);
}
$res_descr = strip_tags($parse_descr[4]);
}
break;
default:
//################### Вывод всех полученных сообщений ###################//
if ($user_info['user_msg_type'] == 1) {
$spBar = false;
include ENGINE_DIR . '/modules/im.php';
} else {
$metatags['title'] = $lang['msg_inbox'];
$user_speedbar = $lang['msg_inbox'];
//Вывод информации после отправки сообщения
if ($_GET['info'] == 1) {
msgbox('', '<script type="text/javascript">setTimeout(\'$(".err_yellow").fadeOut()\', 1500);</script>Ваше сообщение успешно отправлено.', 'info');
}
//Для поиска
$se_query = $db->safesql(ajax_utf8(strip_data(urldecode($_GET['se_query']))));
if (isset($se_query) and !empty($se_query)) {
$search_sql = "AND tb2.user_search_pref LIKE '%{$se_query}%'";
$query_string = '&se_query=' . strip_data($_GET['se_query']);
} else {
$se_query = 'Поиск по полученным сообщениям';
$search_sql = '';
}
//Запрос в БД на вывод сообщений
$query = "SELECT SQL_CALC_FOUND_ROWS tb1.id, theme, text, for_user_id, from_user_id, date, pm_read, attach, tb2.user_search_pref, user_photo, user_last_visit FROM `" . PREFIX . "_messages` tb1, `" . PREFIX . "_users` tb2 WHERE tb1.for_user_id = '{$user_id}' AND tb1.folder = 'inbox' AND tb1.from_user_id = tb2.user_id {$search_sql} ORDER by `date` DESC LIMIT {$limit_page}, {$gcount}";
$sql_ = $db->super_query($query, 1);
//Если есть ответ из БД, то считаем кол-вот ответа
if ($sql_) {
$msg_count = $db->super_query("SELECT COUNT(id) AS cnt FROM `" . PREFIX . "_messages` tb1, `" . PREFIX . "_users` tb2 WHERE tb1.for_user_id = '{$user_id}' AND tb1.folder = 'inbox' AND tb1.from_user_id = tb2.user_id {$search_sql}");
}
//header сообщений
if ($row['owner_user_id'] == $user_id) {
$db->query("DELETE FROM `" . PREFIX . "_notes` WHERE id = '{$note_id}'");
$db->query("DELETE FROM `" . PREFIX . "_notes_comments` WHERE note_id = '{$note_id}'");
$db->query("UPDATE `" . PREFIX . "_users` SET user_notes_num = user_notes_num-1 WHERE user_id = '{$user_id}'");
//Чистим кеш владельцу заметки и заметок на его стр
mozg_clear_cache_file('user_' . $user_id . '/profile_' . $user_id);
mozg_clear_cache_file('user_' . $user_id . '/notes_user_' . $user_id);
}
die;
break;
//################### Добавления комментария ###################//
//################### Добавления комментария ###################//
case "addcomment":
NoAjaxQuery();
$note_id = intval($_POST['note_id']);
$textcom = ajax_utf8(textFilter($_POST['textcom']));
//Проверка на существование заметки
$check = $db->super_query("SELECT owner_user_id FROM `" . PREFIX . "_notes` WHERE id = '{$note_id}'");
$CheckBlackList = CheckBlackList($check['owner_user_id']);
if (!$CheckBlackList and $check and isset($textcom) and !empty($textcom)) {
if ($check) {
$db->query("INSERT INTO `" . PREFIX . "_notes_comments` SET note_id = '{$note_id}', from_user_id = '{$user_id}', text = '{$textcom}', add_date = NOW()");
$db_id = $db->insert_id();
$db->query("UPDATE `" . PREFIX . "_notes` SET comm_num = comm_num+1 WHERE id = '{$note_id}'");
$tpl->load_template('notes/comment.tpl');
$tpl->set('{author}', $user_info['user_search_pref']);
if ($user_info['user_photo']) {
$tpl->set('{ava}', $config['home_url'] . 'uploads/users/' . $user_id . '/50_' . $user_info['user_photo']);
} else {
$tpl->set('{ava}', '{theme}/images/no_ava_50.png');
}
