$compose = array('receiver' => '', 'friend' => '', 'subject' => $subject, 'body' => '', 'save_outbox' => 1, 'send_self' => 0);
if (isset($query['1']) && $query['1'] != '') {
$valid = new VValidation();
if ($valid->usernameExists($query['1'])) {
$compose['receiver'] = $query['1'];
}
}
if (isset($_POST['send_mail'])) {
$valid = new VValidation();
$receiver = $filter->get('receiver');
$friend = $filter->get('receiver_friend');
$subject = $filter->get('subject');
$body = $filter->process(trim($_POST['body']), array('a'), array('href'));
if ($receiver == '') {
if ($friend != '') {
if (!$valid->usernameExists($friend)) {
$errors[] = translate('mail.compose_user_invalid', $config['site_name']);
} else {
$sql = "SELECT UID FROM signup WHERE username = '******' LIMIT 1";
$rs = $conn->execute($sql);
$fuid = intval($rs->fields['UID']);
$sql = "SELECT UID FROM friends WHERE UID = " . $uid . " AND FID = " . $fuid . " AND status = 'Confirmed' LIMIT 1";
$conn->execute($sql);
if ($conn->Affected_Rows() === 1) {
$receiver = $friend;
$compose['friend'] = $friend;
} else {
$errors[] = translate('mail.compose_user_missing', htmlspecialchars($friend, ENT_QUOTES, 'UTF-8'));
}
}
}
$to = ereg_replace('[^ 0-9a-zA-Z,@.]', '', $to);
$to = str_replace(',', '', $to);
$to = preg_replace('/\\s\\s+/', ' ', $to);
$to = str_replace("\r", '', $to);
$to = str_replace("\n", '', $to);
$to = explode(' ', $to);
if (!$to) {
$data['msg'] = $lang['ajax.share_recipient'];
} else {
$emails = array();
$users = array();
$valid = new VValidation();
foreach ($to as $key => $value) {
if ($valid->email($value)) {
$emails[] = $value;
} elseif ($valid->usernameExists($value)) {
$users[] = $value;
}
}
if ($users) {
$sql_add = array();
foreach ($users as $user) {
$sql_add[] = "'" . mysql_real_escape_string($user) . "'";
}
$sql = "SELECT email FROM signup WHERE username IN (" . implode(',', $sql_add) . ")";
$rs = $conn->execute($sql);
$users_emails = $rs->getrows();
foreach ($users_emails as $user) {
$emails[] = $user['email'];
}
}
require_once 'editor_files/editor_class.php';
$editor = new wysiwygPro();
$editor->usexhtml(true);
$notice = array('username' => '', 'title' => '', 'category' => '', 'content' => '');
if (isset($_POST['submit_add_notice'])) {
require $config['BASE_DIR'] . '/classes/filter.class.php';
require $config['BASE_DIR'] . '/classes/validation.class.php';
$filter = new VFilter();
$valid = new VValidation();
$username = $filter->get('username');
$title = $filter->get('title');
$content = trim($_POST['htmlCode']);
$category = $filter->get('category', 'INTEGER');
if ($username == '') {
$errors[] = 'Username field cannot be blank!';
} elseif (!$valid->usernameExists($username)) {
$errors[] = 'Username does not exist!';
} else {
$notice['username'] = $username;
}
if ($title == '') {
$errors[] = 'Notice title field cannot be blank!';
} elseif (strlen($title) > 299) {
$errors[] = 'Notice title field cannot contain more then 299 characters!';
} else {
$notice['title'] = $title;
}
if ($category == '0' or $category == '') {
$errors[] = 'Please select a notice category!';
} else {
$notice['category'] = $category;
<?php
define('_VALID', true);
require 'include/config.php';
require 'classes/auth.class.php';
require 'include/function_global.php';
require 'include/function_smarty.php';
require 'classes/pagination.class.php';
require 'classes/validation.class.php';
Auth::check();
$username = isset($_GET['u']) && VValidation::username($_GET['u']) && VValidation::usernameExists($_GET['u']) ? $_GET['u'] : 'all';
$table = isset($_GET['t']) && ctype_alpha($_GET['t']) ? $_GET['t'] : 'all';
$tables_allowed = array('all' => 1, 'videos' => 1, 'games' => 1, 'blogs' => 1, 'albums' => 1, 'photos' => 1);
if ($table != 'all' && !isset($tables_allowed[$table])) {
VRedirect::go($config['BASE_URL'] . '/error');
}
$uid = intval($_SESSION['uid']);
$sql = "SELECT s.UID, u.username\n FROM video_subscribe AS s, signup AS u\n WHERE s.SUID = " . $uid . "\n AND s.UID = u.UID";
$rs = $conn->execute($sql);
$subscriptions = $rs->getrows();
$feeds = array();
$page_link = NULL;
if ($subscriptions) {
$photo_approve = $config['approve_photos'] == '1' ? " AND a.status = '1'" : NULL;
$game_approve = $config['approve_games'] == '1' ? " AND g.status = '1'" : NULL;
$blog_approve = $config['approve_blogs'] == '1' ? " AND b.status = '1'" : NULL;
if ($username == 'all') {
$suids = array();
foreach ($subscriptions as $subscription) {
$suids[] = $subscription['UID'];
}
