if (!$access) { VRedirect::go($_URL); } require $config['BASE_DIR'] . '/classes/filter.class.php'; require $config['BASE_DIR'] . '/classes/validation.class.php'; $filter = new VFilter(); $subject = $filter->get('s', 'STRING', 'GET'); $compose = array('receiver' => '', 'friend' => '', 'subject' => $subject, 'body' => '', 'save_outbox' => 1, 'send_self' => 0); if (isset($query['1']) && $query['1'] != '') { $valid = new VValidation(); if ($valid->usernameExists($query['1'])) { $compose['receiver'] = $query['1']; } } if (isset($_POST['send_mail'])) { $valid = new VValidation(); $receiver = $filter->get('receiver'); $friend = $filter->get('receiver_friend'); $subject = $filter->get('subject'); $body = $filter->process(trim($_POST['body']), array('a'), array('href')); if ($receiver == '') { if ($friend != '') { if (!$valid->usernameExists($friend)) { $errors[] = translate('mail.compose_user_invalid', $config['site_name']); } else { $sql = "SELECT UID FROM signup WHERE username = '******' LIMIT 1"; $rs = $conn->execute($sql); $fuid = intval($rs->fields['UID']); $sql = "SELECT UID FROM friends WHERE UID = " . $uid . " AND FID = " . $fuid . " AND status = 'Confirmed' LIMIT 1"; $conn->execute($sql); if ($conn->Affected_Rows() === 1) {
$countries_twocode = $country->twocountry; $countries = array(); foreach ($countries_twocode as $code => $value) { $countries[] = $value; } $user = array(); $UID = isset($_GET['UID']) && is_numeric($_GET['UID']) ? intval(trim($_GET['UID'])) : NULL; if (!$UID) { $errors[] = 'Invalid user ID!'; } if (!$errors) { if (isset($_POST['edit_user'])) { require $config['BASE_DIR'] . '/classes/filter.class.php'; require $config['BASE_DIR'] . '/classes/validation.class.php'; $filter = new VFilter(); $valid = new VValidation(); $email = $filter->get('email'); $fname = $filter->get('fname'); $lname = $filter->get('lname'); $town = $filter->get('town'); $city = $filter->get('city'); $zip = $filter->get('zip'); $aboutme = $filter->get('aboutme'); $fav_movies = $filter->get('fav_movie_show'); $fav_music = $filter->get('fav_music'); $fav_books = $filter->get('fav_book'); $occupation = $filter->get('occupation'); $interests = $filter->get('interest_hobby'); $company = $filter->get('company'); $school = $filter->get('school'); $website = $filter->get('website');
} if ($_SESSION['captcha_code'] != strtoupper($code)) { $errors[] = $lang['global.verif_invalid']; } if ($message == '') { $errors[] = $lang['global.message_empty']; } elseif (strlen($message) > 999) { $errors[] = translate($lang['global.message_length'], '999'); } else { $invite['message'] = $message; } if (!$emails) { $errors[] = $lang['invite.emails_empty']; } if (!$errors) { $valid = new VValidation(); $index = 0; foreach ($emails as $email) { if (!$valid->email($email)) { $emails[$index] = ''; } ++$index; } if (!$emails) { $errors[] = $lang['invite.emails_invalid']; } if (!$errors) { $sql = "SELECT email_subject, email_path FROM emailinfo\n WHERE email_id = 'invite_friends_email' LIMIT 1"; $rs = $conn->execute($sql); $email_subject = str_replace('{$sender_name}', $name, $rs->fields['email_subject']); $email_path = $rs->fields['email_path'];
<?php defined('_VALID') or die('Restricted Access!'); Auth::checkAdmin(); require_once 'editor_files/editor_functions.php'; require_once 'editor_files/config.php'; require_once 'editor_files/editor_class.php'; $editor = new wysiwygPro(); $editor->usexhtml(true); $notice = array('username' => '', 'title' => '', 'category' => '', 'content' => ''); if (isset($_POST['submit_add_notice'])) { require $config['BASE_DIR'] . '/classes/filter.class.php'; require $config['BASE_DIR'] . '/classes/validation.class.php'; $filter = new VFilter(); $valid = new VValidation(); $username = $filter->get('username'); $title = $filter->get('title'); $content = trim($_POST['htmlCode']); $category = $filter->get('category', 'INTEGER'); if ($username == '') { $errors[] = 'Username field cannot be blank!'; } elseif (!$valid->usernameExists($username)) { $errors[] = 'Username does not exist!'; } else { $notice['username'] = $username; } if ($title == '') { $errors[] = 'Notice title field cannot be blank!'; } elseif (strlen($title) > 299) { $errors[] = 'Notice title field cannot contain more then 299 characters!'; } else {
// we're just displaying a congratulatory message. // echo "Congratulations: you are a human!"; } else { // This happens if the user does not pass the game. // echo "Sorry, but we were not able to verify you as human. Please try again."; $errors[] = $lang['signup.captcha']; $err['captcha'] = 1; } } $areyh = $ayah->getPublisherHTML(); $smarty->assign('areyh', $areyh); } $signup = array('username' => '', 'email' => '', 'age' => '', 'terms' => '', 'gender' => ''); if (isset($_POST['submit_signup'])) { $filter = new VFilter(); $valid = new VValidation(); $username = $filter->get('username'); $password = $filter->get('password'); $password_confirm = $filter->get('password_confirm'); $email = $filter->get('email'); $vcode = $filter->get('verification'); $age = $filter->get('age'); $terms = $filter->get('terms'); $gender = $filter->get('gender'); if ($username == '') { $errors[] = $lang['signup.username_empty']; $err['username'] = 1; } elseif (strlen($username) > 15) { $errors[] = $lang['signup.username_length']; $err['username'] = 1; } elseif (!$valid->username($username)) {
$birth_month = date("m", strtotime($bday)); $birth_day = date("d", strtotime($bday)); $birth_year = date("Y", strtotime($bday)); $sql_add = NULL; if ($password != '') { if ($password != $password_confirm) { $errors[] = $lang['signup.password_mismatch']; $err['password'] = 1; } else { $password = md5($password); $sql_add .= ", pwd = '" . mysql_real_escape_string($password) . "'"; } } if ($birth_month != '' && $birth_day != '' && $birth_year != '') { require $config['BASE_DIR'] . '/classes/validation.class.php'; $valid = new VValidation(); if (!$valid->date($birth_month, $birth_day, $birth_year)) { $errors[] = $lang['user.birthdate_invalid']; $err['bday'] = 1; } else { $birth_date = $birth_year . '-' . $birth_month . '-' . $birth_day; $sql_add .= ", bdate = '" . mysql_real_escape_string($birth_date) . "'"; } } if (!$errors) { $sql = "UPDATE signup SET fname = '" . mysql_real_escape_string($fname) . "', lname = '" . mysql_real_escape_string($lname) . "',\n gender = '" . mysql_real_escape_string($gender) . "', relation = '" . mysql_real_escape_string($relation) . "',\n interested = '" . mysql_real_escape_string($interested) . "', website = '" . mysql_real_escape_string($website) . "',\n town = '" . mysql_real_escape_string($town) . "', city = '" . mysql_real_escape_string($city) . "',\n country = '" . mysql_real_escape_string($country) . "', aboutme = '" . mysql_real_escape_string($aboutme) . "',\n fav_movie_show = '" . mysql_real_escape_string($fav_movie_show) . "', fav_music = '" . mysql_real_escape_string($fav_music) . "',\n fav_book = '" . mysql_real_escape_string($fav_book) . "', turnon = '" . mysql_real_escape_string($turnon) . "',\n turnoff = '" . mysql_real_escape_string($turnoff) . "', occupation = '" . mysql_real_escape_string($occupation) . "',\n company = '" . mysql_real_escape_string($company) . "', school = '" . mysql_real_escape_string($school) . "',\n interest_hobby = '" . mysql_real_escape_string($interest_hobby) . "'" . $sql_add . "\n WHERE username = '******' LIMIT 1"; $conn->execute($sql); $messages[] = 'Profile was successfully updated!'; } } $sql = "SELECT fname, lname, bdate, relation, interested, town, city, country, occupation, company, school,\n aboutme, interest_hobby, fav_movie_show, fav_music, fav_book, turnon, turnoff, website\n FROM signup WHERE username = '******' LIMIT 1";
$from = $filter->get('from'); $to = $filter->get('to'); $message = $filter->get('message'); $from = ereg_replace('[^ 0-9a-zA-Z,@.]', '', $from); $to = ereg_replace('[^ 0-9a-zA-Z,@.]', '', $to); $to = str_replace(',', '', $to); $to = preg_replace('/\\s\\s+/', ' ', $to); $to = str_replace("\r", '', $to); $to = str_replace("\n", '', $to); $to = explode(' ', $to); if (!$to) { $data['msg'] = $lang['ajax.share_recipient']; } else { $emails = array(); $users = array(); $valid = new VValidation(); foreach ($to as $key => $value) { if ($valid->email($value)) { $emails[] = $value; } elseif ($valid->usernameExists($value)) { $users[] = $value; } } if ($users) { $sql_add = array(); foreach ($users as $user) { $sql_add[] = "'" . mysql_real_escape_string($user) . "'"; } $sql = "SELECT email FROM signup WHERE username IN (" . implode(',', $sql_add) . ")"; $rs = $conn->execute($sql); $users_emails = $rs->getrows();
<?php define('_VALID', true); require 'include/config.php'; require 'classes/auth.class.php'; require 'include/function_global.php'; require 'include/function_smarty.php'; require 'classes/pagination.class.php'; require 'classes/validation.class.php'; Auth::check(); $username = isset($_GET['u']) && VValidation::username($_GET['u']) && VValidation::usernameExists($_GET['u']) ? $_GET['u'] : 'all'; $table = isset($_GET['t']) && ctype_alpha($_GET['t']) ? $_GET['t'] : 'all'; $tables_allowed = array('all' => 1, 'videos' => 1, 'games' => 1, 'blogs' => 1, 'albums' => 1, 'photos' => 1); if ($table != 'all' && !isset($tables_allowed[$table])) { VRedirect::go($config['BASE_URL'] . '/error'); } $uid = intval($_SESSION['uid']); $sql = "SELECT s.UID, u.username\n FROM video_subscribe AS s, signup AS u\n WHERE s.SUID = " . $uid . "\n AND s.UID = u.UID"; $rs = $conn->execute($sql); $subscriptions = $rs->getrows(); $feeds = array(); $page_link = NULL; if ($subscriptions) { $photo_approve = $config['approve_photos'] == '1' ? " AND a.status = '1'" : NULL; $game_approve = $config['approve_games'] == '1' ? " AND g.status = '1'" : NULL; $blog_approve = $config['approve_blogs'] == '1' ? " AND b.status = '1'" : NULL; if ($username == 'all') { $suids = array(); foreach ($subscriptions as $subscription) { $suids[] = $subscription['UID']; }
} elseif (strlen($admin_name) < 5) { $errors[] = 'Admin name (used for siteadmin login) must be at least 6 characters long!'; } if ($admin_pass == '') { $errors[] = 'Admin pass (used for siteadmin login) cannot be blank!'; } elseif (strlen($admin_pass) < 5) { $errors[] = 'Admin pass (used for siteadmin login) must be at least 6 characters long!'; } if ($admin_email == '') { $errors[] = 'Admin email field cannot be blank!'; } elseif (!VValidation::email($admin_email)) { $errors[] = 'Admin email field is not a valid email address!'; } if ($noreply_email == '') { $errors[] = 'Noreply email field cannot be blank!'; } elseif (!VValidation::email($noreply_email)) { $errors[] = 'Noreply email field is not a valid email address!'; } if ($approve != '1' && $approve != '0') { $errors[] = 'Video approve field can only be yes/no!'; } if ($downloads != '1' && $downloads != '0') { $errors[] = 'Video downloads field can only be yes/no!'; } if ($captcha != '1' && $captcha != '0') { $errors[] = 'Signup captcha field can only be yes/no!'; } if ($gzip_encoding != '1' && $gzip_encoding != '0') { $errors[] = 'GZIP Encoding field can only be yes/no!'; } if ($videos_per_page == '' || $videos_per_page == '0') {