// PHPmotion http://www.phpmotion.com // /////////////////////////////////////////////////////////////////////////////////////// // License: You are not to sell or distribute this software without permission // // Help and support please visit http://www.phpmotion.com // // Copyright reserved // /////////////////////////////////////////////////////////////////////////////////////// include_once '../classes/config.php'; include_once '../classes/permissions.php'; $word_length = $config['max_tag_word_length']; $id = (int) mysql_real_escape_string($_GET['id']); if (!empty($_POST)) { $id = (int) mysql_real_escape_string($_POST['id']); } // check if uid is in the requesting url if ($id == '') { ErrorDisplay1($config['invalid_request']); die; } //______PERMISSIONS CHECK _____________________________________________________________________________ $usercheck = new LoadPermissions('', $id, 'blogs'); //($user_id, $content_id, $content_type); $usercheck->CheckPermissions(); $usercheck->ActionsCheck('edit'); //Can be ( edit, delete, both ) dies if user does not have permissions //_____________________________________________________________________________________________________ // Some basic presets $show_notification = 0; $show_success = 0; $show_warning = 0; // update mysql database if (isset($_POST['submit'])) {
<?php include_once '../classes/config.php'; include_once '../classes/permissions.php'; $id = mysql_real_escape_string($_GET['id']); if (!empty($_POST)) { $id = mysql_real_escape_string($_POST['id']); } // check if uid is in the requesting url if ($id == "") { ErrorDisplay1($config["invalid_request"]); die; } //check permissions again ///////////////////////// $usercheck = new LoadPermissions('', $id, 'image_album'); //($user_id, $content_id, $content_type); $usercheck->CheckPermissions(); $usercheck->ActionsCheck('edit'); //Can be ( edit, delete, both ) this returns error and dies if user does not have permissions // Some basic presets $show_notification = 0; /////////////////////// //update mysql database /////////////////////// if ($_POST["submitted"] == "yes") { //get form post (no mysql_real_escapE) so that it can be checked for full completion $title = $_POST["title"]; $description = $_POST["description"]; $tags = $_POST["tags"]; //check if form filled in fully
/////////////////////////////////// $sql_1 = "SELECT * FROM member_profile WHERE user_id = {$user_id}"; $result_1 = @mysql_fetch_array(@mysql_query($sql_1)); $my_real_name = $result_1['first_name']; //if the member has not yet updated their profile to show real name then use their username and email instead if ($my_real_name == "") { $my_real_name = $user_name . ' (' . $result_1['email_address'] . ')'; //this will create something like: inmotion (me@gmail.com) } //send email --------resuable------------------------------------->> //>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> $email_template = 'email_templates/invitemessage_internal.htm'; $subject = $config['invite_email_subject']; $to = $friends_email; $from = $config['notifications_from_email']; $template = $email_template; $TBS = new clsTinyButStrong(); $TBS->NoErr = true; $TBS->LoadTemplate("{$template}"); $TBS->tbs_show(TBS_NOTHING); $message = $TBS->Source; //load postage.php include 'includes/postage.php'; //>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> } //Show Success /////////////// ErrorDisplay1($config['error_4']); //invitation sent out die; //END