$compose = array('receiver' => '', 'friend' => '', 'subject' => $subject, 'body' => '', 'save_outbox' => 1, 'send_self' => 0); if (isset($query['1']) && $query['1'] != '') { $valid = new VValidation(); if ($valid->usernameExists($query['1'])) { $compose['receiver'] = $query['1']; } } if (isset($_POST['send_mail'])) { $valid = new VValidation(); $receiver = $filter->get('receiver'); $friend = $filter->get('receiver_friend'); $subject = $filter->get('subject'); $body = $filter->process(trim($_POST['body']), array('a'), array('href')); if ($receiver == '') { if ($friend != '') { if (!$valid->usernameExists($friend)) { $errors[] = translate('mail.compose_user_invalid', $config['site_name']); } else { $sql = "SELECT UID FROM signup WHERE username = '******' LIMIT 1"; $rs = $conn->execute($sql); $fuid = intval($rs->fields['UID']); $sql = "SELECT UID FROM friends WHERE UID = " . $uid . " AND FID = " . $fuid . " AND status = 'Confirmed' LIMIT 1"; $conn->execute($sql); if ($conn->Affected_Rows() === 1) { $receiver = $friend; $compose['friend'] = $friend; } else { $errors[] = translate('mail.compose_user_missing', htmlspecialchars($friend, ENT_QUOTES, 'UTF-8')); } } }
$to = ereg_replace('[^ 0-9a-zA-Z,@.]', '', $to); $to = str_replace(',', '', $to); $to = preg_replace('/\\s\\s+/', ' ', $to); $to = str_replace("\r", '', $to); $to = str_replace("\n", '', $to); $to = explode(' ', $to); if (!$to) { $data['msg'] = $lang['ajax.share_recipient']; } else { $emails = array(); $users = array(); $valid = new VValidation(); foreach ($to as $key => $value) { if ($valid->email($value)) { $emails[] = $value; } elseif ($valid->usernameExists($value)) { $users[] = $value; } } if ($users) { $sql_add = array(); foreach ($users as $user) { $sql_add[] = "'" . mysql_real_escape_string($user) . "'"; } $sql = "SELECT email FROM signup WHERE username IN (" . implode(',', $sql_add) . ")"; $rs = $conn->execute($sql); $users_emails = $rs->getrows(); foreach ($users_emails as $user) { $emails[] = $user['email']; } }
require_once 'editor_files/editor_class.php'; $editor = new wysiwygPro(); $editor->usexhtml(true); $notice = array('username' => '', 'title' => '', 'category' => '', 'content' => ''); if (isset($_POST['submit_add_notice'])) { require $config['BASE_DIR'] . '/classes/filter.class.php'; require $config['BASE_DIR'] . '/classes/validation.class.php'; $filter = new VFilter(); $valid = new VValidation(); $username = $filter->get('username'); $title = $filter->get('title'); $content = trim($_POST['htmlCode']); $category = $filter->get('category', 'INTEGER'); if ($username == '') { $errors[] = 'Username field cannot be blank!'; } elseif (!$valid->usernameExists($username)) { $errors[] = 'Username does not exist!'; } else { $notice['username'] = $username; } if ($title == '') { $errors[] = 'Notice title field cannot be blank!'; } elseif (strlen($title) > 299) { $errors[] = 'Notice title field cannot contain more then 299 characters!'; } else { $notice['title'] = $title; } if ($category == '0' or $category == '') { $errors[] = 'Please select a notice category!'; } else { $notice['category'] = $category;
<?php define('_VALID', true); require 'include/config.php'; require 'classes/auth.class.php'; require 'include/function_global.php'; require 'include/function_smarty.php'; require 'classes/pagination.class.php'; require 'classes/validation.class.php'; Auth::check(); $username = isset($_GET['u']) && VValidation::username($_GET['u']) && VValidation::usernameExists($_GET['u']) ? $_GET['u'] : 'all'; $table = isset($_GET['t']) && ctype_alpha($_GET['t']) ? $_GET['t'] : 'all'; $tables_allowed = array('all' => 1, 'videos' => 1, 'games' => 1, 'blogs' => 1, 'albums' => 1, 'photos' => 1); if ($table != 'all' && !isset($tables_allowed[$table])) { VRedirect::go($config['BASE_URL'] . '/error'); } $uid = intval($_SESSION['uid']); $sql = "SELECT s.UID, u.username\n FROM video_subscribe AS s, signup AS u\n WHERE s.SUID = " . $uid . "\n AND s.UID = u.UID"; $rs = $conn->execute($sql); $subscriptions = $rs->getrows(); $feeds = array(); $page_link = NULL; if ($subscriptions) { $photo_approve = $config['approve_photos'] == '1' ? " AND a.status = '1'" : NULL; $game_approve = $config['approve_games'] == '1' ? " AND g.status = '1'" : NULL; $blog_approve = $config['approve_blogs'] == '1' ? " AND b.status = '1'" : NULL; if ($username == 'all') { $suids = array(); foreach ($subscriptions as $subscription) { $suids[] = $subscription['UID']; }