Hacking(); } } else { Hacking(); } break; //################### Сохранение отредактированых ###################// //################### Сохранение отредактированых ###################// case "save": NoAjaxQuery(); if ($user_group[$user_info['user_group']]['addnews']) { //Подключаем парсер include ENGINE_DIR . '/classes/parse.php'; $parse = new parse(); $title = ajax_utf8(textFilter($_POST['title'], false, true)); $text = $parse->BBparse(ajax_utf8(textFilter($_POST['text']))); $id = intval($_POST['id']); function BBimg($source) { return "<img src=\"{$source}\" alt=\"\" />"; } $text = preg_replace("#\\[img\\](.*?)\\[/img\\]#ies", "\\BBimg('\\1')", $text); if (isset($title) and !empty($title) and isset($text) and !empty($text)) { $db->query("UPDATE `" . PREFIX . "_blog` SET title = '{$title}', story = '{$text}' WHERE id = '{$id}'"); } } die; break; //################### Загрузка фотографии ###################// //################### Загрузка фотографии ###################// case "upload":
$row = $db->super_query("SELECT duser_id, ddownload_name FROM `" . PREFIX . "_doc` WHERE did = '{$did}'"); if ($row['duser_id'] == $user_id) { @unlink(ROOT_DIR . "/uploads/doc/{$user_id}/" . $row['ddownload_name']); $db->query("DELETE FROM `" . PREFIX . "_doc` WHERE did = '{$did}'"); //Обновляем кол-во док. у юзера $db->query("UPDATE `" . PREFIX . "_users` SET user_doc_num = user_doc_num-1 WHERE user_id = '{$user_id}'"); mozg_mass_clear_cache_file("user_{$user_id}/profile_{$user_id}|user_{$user_id}/docs"); } exit; break; //################### Сохранение отред.данных ###################// //################### Сохранение отред.данных ###################// case "editsave": NoAjaxQuery(); $did = intval($_POST['did']); $name = ajax_utf8(textFilter($_POST['name'], false, true)); $strLn = strlen($name); if ($strLn > 50) { $name = substr($name, 0, 50); } $row = $db->super_query("SELECT duser_id FROM `" . PREFIX . "_doc` WHERE did = '{$did}'"); if ($row['duser_id'] == $user_id and isset($name) and !empty($name)) { $db->query("UPDATE `" . PREFIX . "_doc`SET dname = '{$name}' WHERE did = '{$did}'"); mozg_mass_clear_cache_file("user_{$user_id}/profile_{$user_id}|user_{$user_id}/docs"); } exit; break; //################### Скачивание документа с сервера ###################// //################### Скачивание документа с сервера ###################// case "download": NoAjaxQuery();
<?php /* Appointment: Статус File: status.php */ if (!defined('MOZG')) { die('Hacking attempt!'); } NoAjaxQuery(); if ($logged) { $user_id = $user_info['user_id']; $text = ajax_utf8(textFilter($_POST['text'], false, true)); $db->query("UPDATE `" . PREFIX . "_users` SET user_status = '{$text}' WHERE user_id = '{$user_id}'"); echo stripslashes(stripslashes(textFilter(ajax_utf8($_POST['text'])))); //Чистим кеш mozg_clear_cache_file('user_' . $user_id . '/profile_' . $user_id); mozg_clear_cache(); } die;
if ($new_pass == $new_pass2) { $db->query("UPDATE `" . PREFIX . "_users` SET user_password = '******' WHERE user_id = '{$user_id}'"); } else { echo '2'; } } else { echo '1'; } die; break; //################### Изменение имени ###################// //################### Изменение имени ###################// case "newname": NoAjaxQuery(); $user_name = ajax_utf8(textFilter($_POST['name'])); $user_lastname = ajax_utf8(textFilter(ucfirst($_POST['lastname']))); //Проверка имени if (isset($user_name)) { if (strlen($user_name) >= 2) { if (!preg_match("/^[a-zA-Zа-яА-Я]+\$/", $user_name)) { $errors = 3; } } else { $errors = 2; } } else { $errors = 1; } //Проверка фамилии if (isset($user_lastname)) { if (strlen($user_lastname) >= 2) {
$wall = new wall(); $wall->query("SELECT SQL_CALC_FOUND_ROWS tb1.id, text, public_id, add_date, fasts_num, attach, likes_num, likes_users, tell_uid, public, tell_date, tell_comm, tb2.title, photo, comments FROM `" . PREFIX . "_communities_wall` tb1, `" . PREFIX . "_communities` tb2 WHERE tb1.public_id = '{$id}' AND tb1.public_id = tb2.id AND fast_comm_id = 0 ORDER by `add_date` DESC LIMIT 0, {$limit_select}"); $wall->template('groups/record.tpl'); $wall->compile('content'); $wall->select($public_admin, $server_time); AjaxTpl(); } die; break; //################### Добавление комментария к записи ###################// //################### Добавление комментария к записи ###################// case "wall_send_comm": NoAjaxQuery(); $rec_id = intval($_POST['rec_id']); $public_id = intval($_POST['public_id']); $wall_text = ajax_utf8(textFilter($_POST['wall_text'])); //Проверка на админа и проверяем включены ли комменты $row = $db->super_query("SELECT tb1.fasts_num, tb2.admin, comments FROM `" . PREFIX . "_communities_wall` tb1, `" . PREFIX . "_communities` tb2 WHERE tb1.public_id = tb2.id AND tb1.id = '{$rec_id}'"); if ($row['comments'] or stripos($row['admin'], "u{$user_id}|") !== false and isset($wall_text) and !empty($wall_text)) { //Вставляем саму запись в БД $db->query("INSERT INTO `" . PREFIX . "_communities_wall` SET public_id = '{$user_id}', text = '{$wall_text}', add_date = '{$server_time}', fast_comm_id = '{$rec_id}'"); $db->query("UPDATE `" . PREFIX . "_communities_wall` SET fasts_num = fasts_num+1 WHERE id = '{$rec_id}'"); $row['fasts_num'] = $row['fasts_num'] + 1; if ($row['fasts_num'] > 3) { $comments_limit = $row['fasts_num'] - 3; } else { $comments_limit = 0; } $sql_comments = $db->super_query("SELECT SQL_CALC_FOUND_ROWS tb1.id, public_id, text, add_date, tb2.user_photo, user_search_pref FROM `" . PREFIX . "_communities_wall` tb1, `" . PREFIX . "_users` tb2 WHERE tb1.public_id = tb2.user_id AND tb1.fast_comm_id = '{$rec_id}' ORDER by `add_date` ASC LIMIT {$comments_limit}, 3", 1); //Загружаем кнопку "Показать N запсии" $tpl->load_template('groups/record.tpl');
$tpl->set('{privacy-text}', strtr($album_privacy[0], array('1' => 'Все пользователи', '2' => 'Только друзья', '3' => 'Только я'))); $tpl->set('{privacy-comment}', $album_privacy[1]); $tpl->set('{privacy-comment-text}', strtr($album_privacy[1], array('1' => 'Все пользователи', '2' => 'Только друзья', '3' => 'Только я'))); $tpl->compile('content'); AjaxTpl(); } die; break; //################### Сохранение настроек альбома ###################// //################### Сохранение настроек альбома ###################// case "save_album": NoAjaxQuery(); $id = intval($_POST['id']); $user_id = $user_info['user_id']; $name = ajax_utf8(textFilter($_POST['name'], false, true)); $descr = ajax_utf8(textFilter($_POST['descr'])); $privacy = intval($_POST['privacy']); $privacy_comm = intval($_POST['privacy_comm']); if ($privacy <= 0 or $privacy > 3) { $privacy = 1; } if ($privacy_comm <= 0 or $privacy_comm > 3) { $privacy_comm = 1; } $sql_privacy = $privacy . '|' . $privacy_comm; //Проверка на существование юзера $chekc_user = $db->super_query("SELECT privacy FROM `" . PREFIX . "_albums` WHERE aid = '{$id}' AND user_id = '{$user_id}'"); if ($chekc_user) { if (isset($name) and !empty($name)) { $db->query("UPDATE `" . PREFIX . "_albums` SET name = '{$name}', descr = '{$descr}', privacy = '{$sql_privacy}' WHERE aid = '{$id}'"); echo stripslashes($name) . '|#|||#row#|||#|' . stripslashes($descr);
$fid = intval($_POST['fid']); $row = $db->super_query("SELECT fuser_id, public_id FROM `" . PREFIX . "_communities_forum` WHERE fid = '{$fid}'"); $row2 = $db->super_query("SELECT admin, discussion FROM `" . PREFIX . "_communities` WHERE id = '{$row['public_id']}'"); if (stripos($row2['admin'], "u{$user_id}|") !== false) { $public_admin = true; } else { $public_admin = false; } if ($user_info['user_group'] == 1 or $public_admin or $row['fuser_id'] == $user_id and $row2['discussion']) { //Голосование $vote_title = ajax_utf8(textFilter($_POST['vote_title'], false, true)); $vote_answer_1 = ajax_utf8(textFilter($_POST['vote_answer_1'], false, true)); $ansers_list = array(); if (isset($vote_title) and !empty($vote_title) and isset($vote_answer_1) and !empty($vote_answer_1)) { for ($vote_i = 1; $vote_i <= 10; $vote_i++) { $vote_answer = ajax_utf8(textFilter($_POST['vote_answer_' . $vote_i], false, true)); $vote_answer = str_replace('|', '|', $vote_answer); if ($vote_answer) { $ansers_list[] = $vote_answer; } } $sql_answers_list = implode('|', $ansers_list); //Вставляем голосование в БД $db->query("INSERT INTO `" . PREFIX . "_votes` SET title = '{$vote_title}', answers = '{$sql_answers_list}'"); $db->query("UPDATE `" . PREFIX . "_communities_forum` SET vote = '{$db->insert_id()}' WHERE fid = '{$fid}'"); } } exit; break; //################### Просмотр темы ###################// //################### Просмотр темы ###################//
$img = '/uploads/apps/no.gif'; } else { $img = '/uploads/apps/' . $sql['id'] . '/' . $sql['img']; } $text = $sex . ' приложение <a href="/apps?i=' . $sql['id'] . '" onclick="apps.view(\'' . $attach_type[1] . '\', this.href, \' \'); return false;">' . $sql['title'] . '</a>. Присоединяйся!'; $attach = 'apps|' . $sql['id'] . '|' . $sql['img'] . '||'; $db->query("INSERT INTO `" . PREFIX . "_wall` (author_user_id,add_date,text,attach,for_user_id) VALUES ('" . $user_id . "','" . $server_time . "','" . $text . "','" . $attach . "','" . $user_id . "')"); $db->query("UPDATE `" . PREFIX . "_users` SET user_wall_num = user_wall_num+1 WHERE user_id = '{$user_id}'"); //Чистим кеш mozg_clear_cache_file('user_' . $user_id . '/profile_' . $user_id); mozg_clear_cache(); break; //############### Поиск по приложениям ################## //############### Поиск по приложениям ################## case "search": $application = $db->safesql(ajax_utf8(strip_data(urldecode($_POST['query_application'])))); $application = strtr($application, array(' ' => '%')); $sql = $db->super_query("SELECT * FROM `" . PREFIX . "_apps` WHERE title LIKE '%{$application}%'", 1); foreach ($sql as $row_app) { $num = $row_app['cols']; //Если нету Изображение Приложения то ставим стандарт.. if ($row_app['img']) { $application_img = $config['home_url'] . 'uploads/apps/' . $row_app['id'] . '/' . $row_app['img']; } else { $application_img = '/images/no_apps.gif'; } $search_aps .= ' <div class="apps_application apps_application2 apps_last_new" id="{id}"> <a class="apps_mr" href="/apps?i=' . $row_app['id'] . '" onClick="apps.view(\'' . $row_app['id'] . '\', this.href, \'/apps\'); return false">
$type = strtolower(end(explode(".", $file_name))); // формат файла if ($type == 'mp3' and $config['audio_mod_add'] == 'yes' and $file_size < 10000000) { $audio_dir = ROOT_DIR . '/uploads/audio/' . $user_id . '/'; if (!is_dir($audio_dir)) { @mkdir($audio_dir, 0777); @chmod($audio_dir, 0777); } $res_type = '.' . $type; if (move_uploaded_file($file_tmp, $audio_dir . $file_rename . $res_type)) { //Узнаем исполнителя и название песни по id3 include ENGINE_DIR . "/classes/id3v2.php"; $id3v2 = new Id3v2(); $res = $id3v2->read(ROOT_DIR . '/uploads/audio/' . $user_id . '/' . $file_rename . $res_type); $artist = ajax_utf8(textFilter($res['Artist'], false, true)); $name = ajax_utf8(textFilter($res['Title'], false, true)); if (isset($artist) and empty($artist)) { $artist = 'Неизвестный исполнитель'; } if (isset($name) and empty($name)) { $name = 'Без названия'; } $lnk = $config['home_url'] . 'uploads/audio/' . $user_id . '/' . $file_rename . $res_type; $db->query("INSERT INTO `" . PREFIX . "_audio` SET auser_id = '" . $user_id . "', url = '" . $lnk . "', artist = '" . $artist . "', name = '" . $name . "', adate = '" . $server_time . "'"); $db->query("UPDATE `" . PREFIX . "_users` SET user_audio = user_audio+1 WHERE user_id = '" . $user_id . "'"); mozg_mass_clear_cache_file('user_' . $user_id . '/audios_profile|user_' . $user_id . '/profile_' . $user_id); } else { echo 1; } } else { echo 1;
$db->query("INSERT INTO `" . PREFIX . "_photos_mark` SET muser_id = '" . $muser_id . "', mphoto_id = '" . $photo_id . "', mdate = '" . $server_time . "', msettings_pos = '" . $msettings_pos . "', mapprove = '" . $approve . "', mmark_user_id = '" . $user_id . "'"); if ($user_id != $muser_id) { $db->query("UPDATE `" . PREFIX . "_users` SET user_new_mark_photos = user_new_mark_photos+1 WHERE user_id = '" . $muser_id . "'"); } } else { $db->query("INSERT INTO `" . PREFIX . "_photos_mark` SET muser_id = '" . rand(0, 100000) . "', mphoto_id = '" . $photo_id . "', mdate = '" . $server_time . "', msettings_pos = '" . $msettings_pos . "', mphoto_name = '" . $mphoto_name . "', mmark_user_id = '" . $user_id . "', mapprove = 1"); } } mozg_clear_cache_file('photos_mark/p' . $photo_id); break; //################### Удаление отметки ###################// //################### Удаление отметки ###################// case "mark_del": $photo_id = intval($_POST['photo_id']); $muser_id = intval($_POST['user_id']); $mphoto_name = ajax_utf8(strip_data(textFilter($_POST['user_name'], false, true))); $row = $db->super_query("SELECT user_id FROM `" . PREFIX . "_photos` WHERE id = '" . $photo_id . "'"); if ($mphoto_name and $muser_id == 0) { $row_mark = $db->super_query("SELECT mmark_user_id FROM `" . PREFIX . "_photos_mark` WHERE mphoto_id = '" . $photo_id . "' AND mphoto_name = '" . $mphoto_name . "'"); } else { $row_mark = $db->super_query("SELECT mmark_user_id, mapprove FROM `" . PREFIX . "_photos_mark` WHERE mphoto_id = '" . $photo_id . "' AND muser_id = '" . $muser_id . "'"); } if ($row['user_id'] == $user_id or $user_id == $muser_id or $user_id == $row_mark['mmark_user_id']) { if ($mphoto_name and $muser_id == 0) { $db->query("DELETE FROM `" . PREFIX . "_photos_mark` WHERE mphoto_id = '" . $photo_id . "' AND mphoto_name = '" . $mphoto_name . "'"); } else { $db->query("DELETE FROM `" . PREFIX . "_photos_mark` WHERE mphoto_id = '" . $photo_id . "' AND muser_id = '" . $muser_id . "' AND mphoto_name = ''"); if (!$row_mark['mapprove']) { $db->query("UPDATE `" . PREFIX . "_users` SET user_new_mark_photos = user_new_mark_photos-1 WHERE user_id = '" . $muser_id . "'"); } }
case "create_ads": //top tabs bar $tpl->load_template('ads/ads_top.tpl'); $tpl->set('[create_ads]', ''); $tpl->set('[/create_ads]', ''); $tpl->set_block("'\\[ads_view_all\\](.*?)\\[/ads_view_all\\]'si", ""); $tpl->set_block("'\\[ads_view_my\\](.*?)\\[/ads_view_my\\]'si", ""); $tpl->compile('info'); $tpl->load_template('ads/ads_create.tpl'); $tpl->compile('content'); break; //Записываем все данные в базу данных //Записываем все данные в базу данных case "add_ads": $title = ajax_utf8(textFilter($_POST['title'])); $description = ajax_utf8(textFilter($_POST['description'])); $link_photos = textFilter2($_POST['link_photos']); $link_site = textFilter2($_POST['link_site']); $category = numFilter2($_POST['category']); $transitions = numFilter2($_POST['transitions']); $ubalance = $db->super_query("SELECT user_balance FROM `" . PREFIX . "_users` WHERE user_id = '{$user_id}'"); if ($transitions <= $ubalance['user_balance']) { if ($title and $link_photos and $link_site and $transitions and $description) { $db->query("INSERT INTO `" . PREFIX . "_ads` SET settings = '{$title}', description = '{$description}', links = '{$link_site}', link = '{$link_photos}', category = '{$category}', views = '{$transitions}', user_id = '{$user_id}'"); $db->query("UPDATE `" . PREFIX . "_users` SET user_balance=user_balance-'{$transitions}' WHERE user_id='{$user_id}'"); echo '1'; } else { echo '2'; } } else { echo '3';
NoAjaxQuery(); $qid = intval($_POST['qid']); if ($user_info['user_group'] == 4) { $row = $db->super_query("SELECT COUNT(*) AS cnt FROM `" . PREFIX . "_support` WHERE id = '{$qid}'"); if ($row['cnt']) { $db->query("UPDATE `" . PREFIX . "_support` SET sfor_user_id = 0 WHERE id = '{$qid}'"); } } die; break; //################### Отправка ответа ###################// //################### Отправка ответа ###################// case "answer": NoAjaxQuery(); $qid = intval($_POST['qid']); $answer = ajax_utf8(textFilter($_POST['answer'])); $check = $db->super_query("SELECT suser_id FROM `" . PREFIX . "_support` WHERE id = '{$qid}'"); if ($check['suser_id'] == $user_id or $user_info['user_group'] == 4 and isset($answer) and !empty($answer)) { if ($user_info['user_group'] == 4) { $auser_id = 0; $db->query("UPDATE `" . PREFIX . "_users` SET user_support = user_support+1 WHERE user_id = '{$check['suser_id']}'"); } else { $auser_id = $user_id; } $answer = preg_replace('`(http(?:s)?://\\w+[^\\s\\[\\]\\<]+)`i', '<!--link:$1--><a href="$1" target="_blank">$1</a><!--/link-->', $answer); $db->query("INSERT INTO `" . PREFIX . "_support_answers` SET qid = '{$qid}', auser_id = '{$auser_id}', adate = '{$server_time}', answer = '{$answer}'"); $db->query("UPDATE `" . PREFIX . "_support` SET sfor_user_id = '{$auser_id}', sdate = '{$server_time}' WHERE id = '{$qid}'"); $row = $db->super_query("SELECT user_search_pref, user_photo FROM `" . PREFIX . "_users` WHERE user_id = '{$user_id}'"); $tpl->load_template('support/answer.tpl'); if (!$auser_id) { $tpl->set('{name}', 'Агент поддержки');
} $row = $db->super_query("SELECT user_balance FROM `" . PREFIX . "_users` WHERE user_id = '{$user_id}'"); echo "<style>#box_bottom_left_text{padding-top:6px;float:left}</style><script>\$('#box_bottom_left_text').html('У Вас <b>{$row['user_balance']} голос.</b>');</script>"; die; break; //################### Отправка подарка в БД ###################// //################### Отправка подарка в БД ###################// case "send": NoAjaxQuery(); $for_user_id = intval($_POST['for_user_id']); $gift = intval($_POST['gift']); $privacy = intval($_POST['privacy']); if ($privacy < 0 or $privacy > 3) { $privacy = 1; } $msg = ajax_utf8(textFilter($_POST['msg'])); $gifts = $db->super_query("SELECT price FROM `" . PREFIX . "_gifts_list` WHERE img = '" . $gift . "'"); //Выводим текущий баланс свой $row = $db->super_query("SELECT user_balance FROM `" . PREFIX . "_users` WHERE user_id = '{$user_id}'"); if ($gifts['price'] and $user_id != $for_user_id) { if ($row['user_balance'] >= $gifts['price']) { $db->query("INSERT INTO `" . PREFIX . "_gifts` SET uid = '{$for_user_id}', gift = '{$gift}', msg = '{$msg}', privacy = '{$privacy}', gdate = '{$server_time}', from_uid = '{$user_id}', status = 1"); $db->query("UPDATE `" . PREFIX . "_users` SET user_balance = user_balance-{$gifts['price']} WHERE user_id = '{$user_id}'"); $db->query("UPDATE `" . PREFIX . "_users` SET user_gifts = user_gifts+1 WHERE user_id = '{$for_user_id}'"); //Вставляем событие в моментальные оповещания $row_owner = $db->super_query("SELECT user_last_visit FROM `" . PREFIX . "_users` WHERE user_id = '{$for_user_id}'"); $update_time = $server_time - 70; if ($row_owner['user_last_visit'] >= $update_time) { $action_update_text = "<img src=\"/uploads/gifts/{$gift}.png\" align=\"right\" width=\"50\">"; $db->query("INSERT INTO `" . PREFIX . "_updates` SET for_user_id = '{$for_user_id}', from_user_id = '{$user_info['user_id']}', type = '7', date = '{$server_time}', text = '{$action_update_text}', user_photo = '{$user_info['user_photo']}', user_search_pref = '{$user_info['user_search_pref']}', lnk = '/gifts{$user_info['user_id']}'"); mozg_create_cache("user_{$for_user_id}/updates", 1);
$db->query("INSERT INTO `" . PREFIX . "_communities_wall` SET public_id = '{$sel_group}', text = '{$row['text']}', attach = '{$row['attach']}', add_date = '{$server_time}', tell_uid = '{$tell_uid}', tell_date = '{$tell_date}', public = '{$row['public']}', tell_comm = '{$comm}'"); $dbid = $db->insert_id(); $db->query("UPDATE `" . PREFIX . "_communities` SET rec_num = rec_num+1 WHERE id = '{$sel_group}'"); //Вставляем в ленту новотсей $db->query("INSERT INTO `" . PREFIX . "_news` SET ac_user_id = '{$sel_group}', action_type = 11, action_text = '{$row['text']}', obj_id = '{$dbid}', action_time = '{$server_time}'"); } else { echo 1; } die; break; //################### Если выбрано " Отправить личным сообщением" ###################// //################### Если выбрано " Отправить личным сообщением" ###################// case "message": NoAjaxQuery(); $for_user_id = intval($_POST['for_user_id']); $tell_comm = ajax_utf8(textFilter($_POST['comm'])); $rid = intval($_POST['rec_id']); if ($user_id != $for_user_id) { //Проверка на существование получателя $row = $db->super_query("SELECT user_privacy FROM `" . PREFIX . "_users` WHERE user_id = '{$for_user_id}'"); if ($row) { //Приватность $user_privacy = xfieldsdataload($row['user_privacy']); //ЧС $CheckBlackList = CheckBlackList($for_user_id); //Проверка естьли запрашиваемый юзер в друзьях у юзера который смотрит стр if ($user_privacy['val_msg'] == 2) { $check_friend = CheckFriends($for_user_id); } if (!$CheckBlackList and $user_privacy['val_msg'] == 1 or $user_privacy['val_msg'] == 2 and $check_friend) { $xPrivasy = 1;
$newpostedxfields[$value[0]] = $postedxfields[$value[0]]; if ($value[2] == "select") { $options = explode("\r\n", $value[3]); $newpostedxfields[$value[0]] = $options[$postedxfields[$value[0]]] . '|1'; } } $postedxfields = $newpostedxfields; foreach ($postedxfields as $xfielddataname => $xfielddatavalue) { if (!$xfielddatavalue) { continue; } $expxfielddatavalue = explode('|', $xfielddatavalue); if ($expxfielddatavalue[1]) { $xfielddatavalue = str_replace('|1', '', textFilter($xfielddatavalue)); } else { $xfielddatavalue = ajax_utf8(textFilter($xfielddatavalue)); } $xfielddataname = $db->safesql($xfielddataname); if (isset($xfielddatavalue) and !empty($xfielddatavalue)) { $xfielddataname = str_replace("|", "|", $xfielddataname); $xfielddatavalue = str_replace("|", "|", $xfielddatavalue); $filecontents[] = "{$xfielddataname}|{$xfielddatavalue}"; } } if ($filecontents) { $filecontents = implode("||", $filecontents); } else { $filecontents = ''; } $db->query("UPDATE `" . PREFIX . "_users` SET xfields = '{$filecontents}' WHERE user_id = '{$user_info['user_id']}'"); mozg_clear_cache_file('user_' . $user_info['user_id'] . '/profile_' . $user_info['user_id']);
/* Appointment: Отправка массовых сообщений File: mail.php */ if (!defined('MOZG')) { die('Hacking attempt!'); } $act = $_GET['act']; switch ($act) { //################### Начало рассылки ###################// case "send": $limit = intval($_POST['limit']); $lastid = intval($_POST['lastid']); $title = textFilter(ajax_utf8($_POST['title']), false, true); $_POST['text'] = ajax_utf8($_POST['text']); $sql_ = $db->super_query("SELECT SQL_CALC_FOUND_ROWS user_search_pref, user_email FROM `" . PREFIX . "_users` ORDER by `user_id` ASC LIMIT " . $lastid . ", " . $limit, 1); if ($sql_) { include_once ENGINE_DIR . '/classes/mail.php'; $mail = new dle_mail($config, true); foreach ($sql_ as $row) { $find = array('/data:/i', '/about:/i', '/vbscript:/i', '/onclick/i', '/onload/i', '/onunload/i', '/onabort/i', '/onerror/i', '/onblur/i', '/onchange/i', '/onfocus/i', '/onreset/i', '/onsubmit/i', '/ondblclick/i', '/onkeydown/i', '/onkeypress/i', '/onkeyup/i', '/onmousedown/i', '/onmouseup/i', '/onmouseover/i', '/onmouseout/i', '/onselect/i', '/javascript/i', '/javascript/i'); $replace = array("data:", "about:", "vbscript<b></b>:", "onclick", "onload", "onunload", "onabort", "onerror", "onblur", "onchange", "onfocus", "onreset", "onsubmit", "ondblclick", "onkeydown", "onkeypress", "onkeyup", "onmousedown", "onmouseup", "onmouseover", "onmouseout", "onselect", "javascript"); $message_send = preg_replace($find, $replace, $_POST['text']); $message_send = preg_replace("#<iframe#i", "<iframe", $message_send); $message_send = preg_replace("#<script#i", "<script", $message_send); $message_send = str_replace("<?", "<?", $message_send); $message_send = str_replace("?>", "?>", $message_send); $message_send = $db->safesql($message_send); $message_send = str_replace("{%user-name%}", $row['user_search_pref'], $_POST['text']); $mail->send($row['user_email'], $title, $message_send);
/* Appointment: Просмотр фотографии File: photo.php */ if (!defined('MOZG')) { die('Hacking attempt!'); } if ($logged) { $act = $_GET['act']; $user_id = $user_info['user_id']; switch ($act) { //################### Добавления комментария ###################// case "addcomm": NoAjaxQuery(); $pid = intval($_POST['pid']); $comment = ajax_utf8(textFilter($_POST['comment'])); $date = date('Y-m-d H:i:s', $server_time); $hash = md5($user_id . $server_time . $_IP . $user_info['user_email'] . rand(0, 1000000000)) . $comment . $pid; $check_photo = $db->super_query("SELECT album_id, user_id, photo_name FROM `" . PREFIX . "_photos` WHERE id = '{$pid}'"); //Проверка естьли запрашиваемый юзер в друзьях у юзера который смотрит стр if ($user_info['user_id'] != $check_photo['user_id']) { $check_friend = CheckFriends($check_photo['user_id']); $row_album = $db->super_query("SELECT privacy FROM `" . PREFIX . "_albums` WHERE aid = '{$check_photo['album_id']}'"); $album_privacy = explode('|', $row_album['privacy']); } //ЧС $CheckBlackList = CheckBlackList($check_photo['user_id']); //Проверка на существование фотки и приватность if (!$CheckBlackList and $check_photo and $album_privacy[1] == 1 or $album_privacy[1] == 2 and $check_friend or $user_info['user_id'] == $check_photo['user_id']) { $db->query("INSERT INTO `" . PREFIX . "_photos_comments` (pid, user_id, text, date, hash, album_id, owner_id, photo_name) VALUES ('{$pid}', '{$user_id}', '{$comment}', '{$date}', '{$hash}', '{$check_photo['album_id']}', '{$check_photo['user_id']}', '{$check_photo['photo_name']}')"); $id = $db->insert_id();
mozg_clear_cache_file("groups/audio{$pid}"); } exit; break; //################### Поиск ###################// //################### Поиск ###################// case "search": NoAjaxQuery(); $sql_limit = 20; if ($_POST['page'] > 0) { $page_cnt = intval($_POST['page']) * $sql_limit; } else { $page_cnt = 0; } $pid = intval($_POST['pid']); $query = $db->safesql(ajax_utf8(strip_data($_POST['query']))); $query = strtr($query, array(' ' => '%')); //Замеянем пробелы на проценты чтоб тоиск был точнее $adres = strip_tags($_POST['adres']); $row_count = $db->super_query("SELECT COUNT(*) AS cnt FROM `" . PREFIX . "_audio` WHERE MATCH (name, artist) AGAINST ('%{$query}%') OR artist LIKE '%{$query}%' OR name LIKE '%{$query}%'"); $sql_ = $db->super_query("SELECT SQL_CALC_FOUND_ROWS " . PREFIX . "_audio.aid, url, artist, name, auser_id, " . PREFIX . "_users.user_search_pref FROM " . PREFIX . "_audio LEFT JOIN " . PREFIX . "_users ON " . PREFIX . "_audio.auser_id = " . PREFIX . "_users.user_id WHERE MATCH (name, artist) AGAINST ('%{$query}%') OR artist LIKE '%{$query}%' OR name LIKE '%{$query}%' ORDER by `adate` DESC LIMIT {$page_cnt}, {$sql_limit}", 1); $infoGroup = $db->super_query("SELECT admin FROM `" . PREFIX . "_communities` WHERE id = '{$pid}'"); if (stripos($infoGroup['admin'], "u{$user_id}|") !== false) { $public_admin = true; } else { $public_admin = false; } $tpl->load_template('public_audio/search_result.tpl'); $jid = intval($page_cnt); if ($sql_) { if (!$page_cnt) {
} else { $tpl->set('{my-ava}', '/images/no_ava_50.png'); } $tpl->compile('content'); } AjaxTpl(); die; break; //################### Обновление диалогов ###################// //################### Обновление диалогов ###################// case "upDialogs": NoAjaxQuery(); $update = mozg_cache('user_' . $user_id . '/im_update'); if ($update) { $sql_ = $db->super_query("SELECT SQL_CALC_FOUND_ROWS tb1.msg_num, im_user_id FROM `" . PREFIX . "_im` tb1, `" . PREFIX . "_users` tb2 WHERE tb1.iuser_id = '" . $user_id . "' AND tb1.im_user_id = tb2.user_id AND msg_num > 0 ORDER by `idate` DESC LIMIT 0, 50", 1); foreach ($sql_ as $row) { $res .= '$("#upNewMsg' . $row['im_user_id'] . '").html(\'<div class="im_new fl_l" id="msg_num' . $row['im_user_id'] . '">' . $row['msg_num'] . '</div>\').show();'; } if ($user_info['user_pm_num']) { $user_pm_num_2 = "+" . $user_info['user_pm_num']; $doc_title = 'document.title = \'(' . $user_info['user_pm_num'] . ') Новые сообщения\';'; } else { $doc_title = 'document.title = \'Диалоги\';'; mozg_create_cache('user_' . $user_id . '/im_update', '0'); } echo '<script type="text/javascript"> ' . $doc_title . ' $(\'#new_msg\').html(\'' . $user_pm_num_2 . '\'); ' . $res . ' </script>'; }
if ($ajax == 'yes') { NoAjaxQuery(); } if ($logged) { $act = $_GET['act']; $user_id = $user_info['user_id']; switch ($act) { //################### Отправка сообщения ###################// case "send": NoAjaxQuery(); $for_user_id = intval($_POST['for_user_id']); $msg = ajax_utf8(textFilter($_POST['msg'])); $attach_files = ajax_utf8(textFilter($_POST['attach_files'])); $my_ava = ajax_utf8(textFilter($_POST['my_ava'], false, true)); $my_name = ajax_utf8(textFilter($_POST['my_name'], false, true)); $attach_files = ajax_utf8(textFilter($_POST['attach_files'], false, true)); $attach_files = str_replace('vote|', 'hack|', $attach_files); if ($user_id != $for_user_id and $for_user_id and isset($msg) and !empty($msg) or isset($attach_files) or !empty($attach_files)) { //Проверка на существование получателя $row = $db->super_query("SELECT user_privacy FROM `" . PREFIX . "_users` WHERE user_id = '" . $for_user_id . "'"); if ($row) { //Приватность $user_privacy = xfieldsdataload($row['user_privacy']); //ЧС $CheckBlackList = CheckBlackList($for_user_id); //Проверка естьли запрашиваемый юзер в друзьях у юзера который смотрит стр if ($user_privacy['val_msg'] == 2) { $check_friend = CheckFriends($for_user_id); } if (!$CheckBlackList and $user_privacy['val_msg'] == 1 or $user_privacy['val_msg'] == 2 and $check_friend) { $xPrivasy = 1;
<?php /* Appointment: ∆алобы File: report.php */ if (!defined('MOZG')) { die('Hacking attempt!'); } NoAjaxQuery(); if ($logged) { $act = textFilter($_POST['act']); $mid = intval($_POST['id']); $type_report = intval($_POST['type_report']); $text_report = ajax_utf8(textFilter($_POST['text_report'])); $arr_act = array('photo', 'video', 'note', 'wall'); if ($act == 'wall') { $type_report = 6; } if (in_array($act, $arr_act) and $mid and $type_report <= 6 and $type_report > 0) { $check = $db->super_query("SELECT COUNT(*) AS cnt FROM `" . PREFIX . "_report` WHERE ruser_id = '" . $user_info['user_id'] . "' AND mid = '" . $mid . "' AND act = '" . $act . "'"); if (!$check['cnt']) { $db->query("INSERT INTO `" . PREFIX . "_report` SET act = '" . $act . "', type = '" . $type_report . "', text = '" . $text_report . "', mid = '" . $mid . "', date = '" . $server_time . "', ruser_id = '" . $user_info['user_id'] . "'"); } } } die;
$user_month = 0; } $user_year = intval($_POST['year']); if ($user_year < 1930 or $user_year > 2007) { $user_year = 0; } $user_country = intval($_POST['country']); if ($user_country < 0 or $user_country > 10) { $user_country = 0; } $user_city = intval($_POST['city']); if ($user_city < 0 or $user_city > 1587) { $user_city = 0; } $_POST['password_first'] = ajax_utf8($_POST['password_first']); $_POST['password_second'] = ajax_utf8($_POST['password_second']); $password_first = GetVar($_POST['password_first']); $password_second = GetVar($_POST['password_second']); //$password_reg = GetVar($_POST['password_second']); $password_reg = ''; $user_birthday = $user_year . '-' . $user_month . '-' . $user_day; $errors = array(); //Проверка имени if (preg_match("/^[a-zA-Zа-яА-Я]+\$/", $user_name) and strlen($user_name) >= 2) { $errors[] = 0; } //Проверка фамилии if (preg_match("/^[a-zA-Zа-яА-Я]+\$/", $user_lastname) and strlen($user_lastname) >= 2) { $errors[] = 0; } //Проверка E-mail
$db->query("UPDATE `" . PREFIX . "_restore` SET hash = '{$newhash}' WHERE email = '{$row['email']}'"); $tpl->compile('content'); } else { $speedbar = $lang['no_infooo']; msgbox('', $lang['restore_badlink'], 'info'); } break; //################### Смена пароля ###################// //################### Смена пароля ###################// case "finish": NoAjaxQuery(); $hash = $db->safesql(strip_data($_POST['hash'])); $row = $db->super_query("SELECT email FROM `" . PREFIX . "_restore` WHERE hash = '{$hash}' AND ip = '{$_IP}'"); if ($row) { $_POST['new_pass'] = ajax_utf8($_POST['new_pass']); $_POST['new_pass2'] = ajax_utf8($_POST['new_pass2']); $new_pass = md5(md5($_POST['new_pass'])); $new_pass2 = md5(md5($_POST['new_pass2'])); if (strlen($new_pass) >= 6 and $new_pass == $new_pass2) { $db->query("UPDATE `" . PREFIX . "_users` SET user_password = '******' WHERE user_email = '{$row['email']}'"); $db->query("DELETE FROM `" . PREFIX . "_restore` WHERE email = '{$row['email']}'"); } } die; break; default: $tpl->load_template('restore/main.tpl'); $tpl->compile('content'); } $tpl->clear(); $db->free();
} } else { echo 1; } } die; break; //################### Парсер информации о ссылке ###################// //################### Парсер информации о ссылке ###################// case "parse_link": $lnk = 'http://' . str_replace('http://', '', trim($_POST['lnk'])); $check_url = @get_headers(stripslashes($lnk)); if (strpos($check_url[0], '200')) { $open_lnk = @file_get_contents($lnk); if (stripos(strtolower($open_lnk), 'charset=utf-8') or stripos(strtolower($check_url[2]), 'charset=utf-8')) { $open_lnk = ajax_utf8($open_lnk); } preg_match("/<meta property=(\"|')og:title(\"|') content=(\"|')(.*?)(\"|')(.*?)>/is", $open_lnk, $parse_title); if (!$parse_title[4]) { preg_match("/<meta name=(\"|')title(\"|') content=(\"|')(.*?)(\"|')(.*?)>/is", $open_lnk, $parse_title); } $res_title = $parse_title[4]; if (!$res_title) { preg_match_all('`(<title>[^\\[]+\\</title>)`si', $open_lnk, $parse); $res_title = str_replace(array('<title>', '</title>'), '', $parse[1][0]); } preg_match("/<meta property=(\"|')og:description(\"|') content=(\"|')(.*?)(\"|')(.*?)>/is", $open_lnk, $parse_descr); if (!$parse_descr[4]) { preg_match("/<meta name=(\"|')description(\"|') content=(\"|')(.*?)(\"|')(.*?)>/is", $open_lnk, $parse_descr); } $res_descr = strip_tags($parse_descr[4]);
} break; default: //################### Вывод всех полученных сообщений ###################// if ($user_info['user_msg_type'] == 1) { $spBar = false; include ENGINE_DIR . '/modules/im.php'; } else { $metatags['title'] = $lang['msg_inbox']; $user_speedbar = $lang['msg_inbox']; //Вывод информации после отправки сообщения if ($_GET['info'] == 1) { msgbox('', '<script type="text/javascript">setTimeout(\'$(".err_yellow").fadeOut()\', 1500);</script>Ваше сообщение успешно отправлено.', 'info'); } //Для поиска $se_query = $db->safesql(ajax_utf8(strip_data(urldecode($_GET['se_query'])))); if (isset($se_query) and !empty($se_query)) { $search_sql = "AND tb2.user_search_pref LIKE '%{$se_query}%'"; $query_string = '&se_query=' . strip_data($_GET['se_query']); } else { $se_query = 'Поиск по полученным сообщениям'; $search_sql = ''; } //Запрос в БД на вывод сообщений $query = "SELECT SQL_CALC_FOUND_ROWS tb1.id, theme, text, for_user_id, from_user_id, date, pm_read, attach, tb2.user_search_pref, user_photo, user_last_visit FROM `" . PREFIX . "_messages` tb1, `" . PREFIX . "_users` tb2 WHERE tb1.for_user_id = '{$user_id}' AND tb1.folder = 'inbox' AND tb1.from_user_id = tb2.user_id {$search_sql} ORDER by `date` DESC LIMIT {$limit_page}, {$gcount}"; $sql_ = $db->super_query($query, 1); //Если есть ответ из БД, то считаем кол-вот ответа if ($sql_) { $msg_count = $db->super_query("SELECT COUNT(id) AS cnt FROM `" . PREFIX . "_messages` tb1, `" . PREFIX . "_users` tb2 WHERE tb1.for_user_id = '{$user_id}' AND tb1.folder = 'inbox' AND tb1.from_user_id = tb2.user_id {$search_sql}"); } //header сообщений
if ($row['owner_user_id'] == $user_id) { $db->query("DELETE FROM `" . PREFIX . "_notes` WHERE id = '{$note_id}'"); $db->query("DELETE FROM `" . PREFIX . "_notes_comments` WHERE note_id = '{$note_id}'"); $db->query("UPDATE `" . PREFIX . "_users` SET user_notes_num = user_notes_num-1 WHERE user_id = '{$user_id}'"); //Чистим кеш владельцу заметки и заметок на его стр mozg_clear_cache_file('user_' . $user_id . '/profile_' . $user_id); mozg_clear_cache_file('user_' . $user_id . '/notes_user_' . $user_id); } die; break; //################### Добавления комментария ###################// //################### Добавления комментария ###################// case "addcomment": NoAjaxQuery(); $note_id = intval($_POST['note_id']); $textcom = ajax_utf8(textFilter($_POST['textcom'])); //Проверка на существование заметки $check = $db->super_query("SELECT owner_user_id FROM `" . PREFIX . "_notes` WHERE id = '{$note_id}'"); $CheckBlackList = CheckBlackList($check['owner_user_id']); if (!$CheckBlackList and $check and isset($textcom) and !empty($textcom)) { if ($check) { $db->query("INSERT INTO `" . PREFIX . "_notes_comments` SET note_id = '{$note_id}', from_user_id = '{$user_id}', text = '{$textcom}', add_date = NOW()"); $db_id = $db->insert_id(); $db->query("UPDATE `" . PREFIX . "_notes` SET comm_num = comm_num+1 WHERE id = '{$note_id}'"); $tpl->load_template('notes/comment.tpl'); $tpl->set('{author}', $user_info['user_search_pref']); if ($user_info['user_photo']) { $tpl->set('{ava}', $config['home_url'] . 'uploads/users/' . $user_id . '/50_' . $user_info['user_photo']); } else { $tpl->set('{ava}', '{theme}/images/no_ava_50.png'); }