Пример #1
0
function search_blog()
{
    global $database, $url, $results_per_page, $p, $search_text, $t, $search_objects, $results, $total_results;
    // CONSTRUCT QUERY
    $sql = "\r\n    SELECT\r\n      se_blogentries.blogentry_id,\r\n      se_blogentries.blogentry_title,\r\n      se_blogentries.blogentry_body,\r\n      se_users.user_id,\r\n      se_users.user_username,\r\n      se_users.user_photo,\r\n      se_users.user_fname,\r\n      se_users.user_lname\r\n    FROM\r\n      se_blogentries,\r\n      se_users,\r\n      se_levels\r\n    WHERE\r\n      se_blogentries.blogentry_user_id=se_users.user_id &&\r\n      se_users.user_level_id=se_levels.level_id &&\r\n      (\r\n        se_blogentries.blogentry_search='1' ||\r\n        se_levels.level_blog_search='0'\r\n      ) \r\n  ";
    $sql .= " && MATCH (`blogentry_title`, `blogentry_body`) AGAINST ('{$search_text}' IN BOOLEAN MODE)";
    /*
    $sql .= " && (
          blogentry_title LIKE '%$search_text%' ||
          blogentry_body LIKE '%$search_text%'
        )
    ";
    */
    // GET TOTAL ENTRIES
    $sql2 = $sql . " LIMIT 201";
    $resource = $database->database_query($sql2);
    $total_entries = $database->database_num_rows($resource);
    // IF NOT TOTAL ONLY
    if ($t == "blog") {
        // MAKE BLOG PAGES
        $start = ($p - 1) * $results_per_page;
        $limit = $results_per_page + 1;
        // SEARCH BLOGS
        $sql3 = $sql . " ORDER BY blogentry_id DESC LIMIT {$start}, {$limit}";
        $resource = $database->database_query($sql3);
        while ($blogentry_info = $database->database_fetch_assoc($resource)) {
            // CREATE AN OBJECT FOR AUTHOR
            $profile = new se_user();
            $profile->user_info['user_id'] = $blogentry_info['user_id'];
            $profile->user_info['user_username'] = $blogentry_info['user_username'];
            $profile->user_info['user_photo'] = $blogentry_info['user_photo'];
            $profile->user_info['user_fname'] = $blogentry_info['user_fname'];
            $profile->user_info['user_lname'] = $blogentry_info['user_lname'];
            $profile->user_displayname();
            // IF EMPTY TITLE
            if (!trim($blogentry_info['blogentry_title'])) {
                $blogentry_info['blogentry_title'] = SE_Language::get(589);
            }
            $blogentry_info['blogentry_body'] = cleanHTML($blogentry_info['blogentry_body'], '');
            // IF BODY IS LONG
            if (strlen($blogentry_info['blogentry_body']) > 150) {
                $blogentry_info['blogentry_body'] = substr($blogentry_info['blogentry_body'], 0, 147) . "...";
            }
            $result_url = $url->url_create('blog_entry', $blogentry_info['user_username'], $blogentry_info['blogentry_id']);
            $result_name = 1500118;
            $result_desc = 1500119;
            $results[] = array('result_url' => $result_url, 'result_icon' => './images/icons/blog_blog48.gif', 'result_name' => $result_name, 'result_name_1' => $blogentry_info['blogentry_title'], 'result_desc' => $result_desc, 'result_desc_1' => $url->url_create('profile', $blogentry_info['user_username']), 'result_desc_2' => $profile->user_displayname, 'result_desc_3' => $blogentry_info['blogentry_body']);
        }
        // SET TOTAL RESULTS
        $total_results = $total_entries;
    }
    // SET ARRAY VALUES
    SE_Language::_preload_multi(1500118, 1500119, 1500120);
    if ($total_albums > 200) {
        $total_albums = "200+";
    }
    $search_objects[] = array('search_type' => 'blog', 'search_lang' => 1500120, 'search_total' => $total_entries);
}
Пример #2
0
function cleanString($data, $ishtml = false, $allowadv = false, $dbo = false)
{
    if (!$ishtml) {
        $data = str_replace("<", "&lt;", str_replace(">", "&gt;", $data));
    } else {
        $data = cleanHTML($data, $allowadv);
    }
    $data = addslashes_EX($data, $ishtml, $dbo);
    return $data;
}
Пример #3
0
function convertString($str)
{
    // convert to utf8, if necessary
    if (!is_utf8($str)) {
        $str = utf8_encode($str);
    }
    // clean up the html
    $str = cleanHTML($str);
    // return the url encoded string
    return urlencode($str);
}
Пример #4
0
function getPosts($topicUrl)
{
    $posts = array();
    $pageCount = 0;
    while ($topicUrl != "" && $pageCount < 5) {
        $topicPage = getCURLOutput($topicUrl);
        $topicPage = cleanHTML($topicPage);
        $topicXpath = getDOMXPath($topicPage);
        $textNodes = $topicXpath->query('//*[contains(@class, "txt-msg") and contains(@class ,"text-enrichi-forum")]');
        $userNodes = $topicXpath->query('//*[contains(@class, "bloc-pseudo-msg") and contains(@class, "text-user")]/text()');
        for ($i = 0; $i < $textNodes->length; $i++) {
            $post = (object) array('user' => $userNodes->item($i)->nodeValue, 'text' => $textNodes->item($i)->nodeValue);
            $posts[] = $post;
        }
        if (strstr($topicPage, $pageCount + 1 . "-0-1-0") != false && strstr($topicPage, "Page suivante") != false) {
            $topicUrl = str_replace($pageCount . "-0-1-0", $pageCount + 1 . "-0-1-0", $topicUrl);
            $pageCount++;
        } else {
            $topicUrl = "";
        }
    }
    return $posts;
}
Пример #5
0
if (4 & ~(int) $user->level_info['level_poll_allow']) {
    header("Location: user_home.php");
    exit;
}
// CREATE POLL OBJECT
$poll = new se_poll($user->user_info['user_id']);
// ADD A NEW POLL
if ($task == "doadd") {
    // HTML SUPPORT
    $poll_title = censor(cleanHTML(htmlspecialchars_decode($poll_title), $setting['setting_poll_html']));
    $poll_desc = censor(cleanHTML(htmlspecialchars_decode($poll_desc), $setting['setting_poll_html']));
    // REMOVE EMPTY OPTIONS
    $poll_options = array_filter($poll_options);
    // GET POLL OPTIONS AND POST POLL
    foreach ($poll_options as $poll_option_index => $poll_option_label) {
        $poll_options[$poll_option_index] = censor(cleanHTML(htmlspecialchars_decode($poll_option_label), $setting['setting_poll_html']));
    }
    // MAKE SURE TITLE IS PROVIDED
    if (!trim($poll_title)) {
        $is_error = 2500123;
    }
    // MAKE SURE AT LEAST TWO OPTIONS ARE PROVIDED
    if (!$is_error && count($poll_options) < 2) {
        $is_error = 2500124;
    }
    // MAKE SURE NUMBER OF OPTIONS DOESNT EXCEED 20
    if (!$is_error && count($poll_options) > 20) {
        $is_error = 2500125;
        $is_error_sprintf_1 = 20;
    }
    // POST POLL
Пример #6
0
 function filter($text, $filter = false)
 {
     if (is_null($text)) {
         return false;
     }
     if ($text === true) {
         return true;
     } elseif ($filter === true) {
         $text = cleanHTML($text);
     } elseif ($filter === "remove") {
         $text = str_replace("\\'", "", $text);
         $text = str_replace('\\"', "", $text);
         $text = str_replace("'", "", $text);
         $text = str_replace('"', "", $text);
     }
     $text = str_replace("<", "", $text);
     $text = str_replace(">", "", $text);
     $text = str_replace("%27", "", $text);
     $text = str_replace("%22", "", $text);
     $text = str_replace("%20", "", $text);
     $text = str_replace("indexphp", "index.php", $text);
     return $text;
 }
Пример #7
0
    if ($is_subscribed) {
        $database->database_query("\r\n      DELETE FROM\r\n        se_notifys\r\n      USING\r\n        se_notifys\r\n      LEFT JOIN\r\n        se_notifytypes\r\n        ON se_notifys.notify_notifytype_id=se_notifytypes.notifytype_id\r\n      WHERE\r\n        se_notifys.notify_user_id='{$user->user_info['user_id']}' AND\r\n        se_notifytypes.notifytype_name='newblogsubscriptionentry' AND\r\n        notify_object_id='{$blogentry_id}'\r\n    ");
    }
    if ($user->user_info['user_id'] == $owner->user_info['user_id']) {
        $database->database_query("\r\n      DELETE FROM\r\n        se_notifys\r\n      USING\r\n        se_notifys\r\n      LEFT JOIN\r\n        se_notifytypes\r\n        ON se_notifys.notify_notifytype_id=se_notifytypes.notifytype_id\r\n      WHERE\r\n        se_notifys.notify_user_id='{$owner->user_info['user_id']}' AND\r\n        se_notifytypes.notifytype_name='blogcomment' AND\r\n        notify_object_id='{$blogentry_id}'\r\n    ");
    }
    // SET SEO STUFF
    $global_page_content = $blogentry_info['blogentry_title'];
    $global_page_content = cleanHTML(str_replace('>', '> ', $global_page_content), NULL);
    if (strlen($global_page_content) > 255) {
        $global_page_content = substr($global_page_content, 0, 251) . '...';
    }
    $global_page_content = addslashes(trim(preg_replace('/\\s+/', ' ', $global_page_content)));
    $global_page_title = array(1500125, $owner->user_displayname, $global_page_content);
    $global_page_content = $blogentry_info['blogentry_body'];
    $global_page_content = cleanHTML(str_replace('>', '> ', $global_page_content), NULL);
    if (strlen($global_page_content) > 255) {
        $global_page_content = substr($global_page_content, 0, 251) . '...';
    }
    $global_page_content = addslashes(trim(preg_replace('/\\s+/', ' ', $global_page_content)));
    $global_page_description = array(1500125, $owner->user_displayname, $global_page_content);
    // ASSIGN
    $smarty->assign('total_comments', $total_comments);
    $smarty->assign('allowed_to_comment', $allowed_to_comment);
    $smarty->assign('trackback_rdf', $trackback_rdf);
    $smarty->assign('trackback_total', $trackback_total);
    $smarty->assign_by_ref('trackback_list', $trackback_list);
    $smarty->assign_by_ref('blogentry_info', $blogentry_info);
} else {
    // SET SEO STUFF
    $global_page_title = array(1500124, $owner->user_displayname);
Пример #8
0
 public function frameResponse(\FrameResponseObject $frameResponseObject)
 {
     if (isset($this->id)) {
         $object = \steam_factory::get_object($GLOBALS["STEAM"]->get_id(), $this->id);
         if ($object instanceof \steam_document) {
             $mimetype = $object->get_attribute(DOC_MIME_TYPE);
             $objName = $object->get_name();
             $objDesc = trim($object->get_attribute(OBJ_DESC));
             if ($objDesc === 0 || $objDesc === "") {
                 $name = $objName;
             } else {
                 $name = $objDesc . " (" . $objName . ")";
             }
             $actionBar = new \Widgets\ActionBar();
             if ($mimetype == "text/html") {
                 $actionBar->setActions(array(array("name" => "Anzeigen", "link" => PATH_URL . "Explorer/ViewDocument/" . $this->id . "/"), array("name" => "Quelltext", "link" => PATH_URL . "Explorer/CodeEditDocument/" . $this->id . "/"), array("name" => "Eigenschaften", "ajax" => array("onclick" => array("command" => "properties", "params" => array("id" => $this->id), "requestType" => "popup"))), array("name" => "Rechte", "ajax" => array("onclick" => array("command" => "Sanctions", "params" => array("id" => $this->id), "requestType" => "popup")))));
             } else {
                 $actionBar->setActions(array(array("name" => "Anzeigen", "link" => PATH_URL . "Explorer/ViewDocument/" . $this->id . "/"), array("name" => "Eigenschaften", "ajax" => array("onclick" => array("command" => "properties", "params" => array("id" => $this->id), "requestType" => "popup"))), array("name" => "Rechte", "ajax" => array("onclick" => array("command" => "Sanctions", "params" => array("id" => $this->id), "requestType" => "popup")))));
             }
             $contentText = new \Widgets\Textarea();
             $contentText->setWidth(945);
             $contentText->setheight(400);
             $contentText->setData($object);
             $contentText->setTextareaClass("mce-full");
             if ($mimetype !== "text/html") {
                 $contentText->setTextareaClass("plain");
             }
             $html = cleanHTML($object->get_content());
             $dirname = dirname($object->get_path()) . "/";
             preg_match_all('/src="([%a-z0-9.\\-_\\/]*)"/iU', $html, $matches);
             $orig_matches = $matches[0];
             $path_matches = $matches[1];
             foreach ($path_matches as $key => $path) {
                 $path = urldecode($path);
                 if (parse_url($path, PHP_URL_SCHEME) != null) {
                     continue;
                 }
                 $ref_object = \steam_factory::get_object_by_name($GLOBALS["STEAM"]->get_id(), $dirname . $path);
                 if ($ref_object instanceof \steam_object) {
                     $new_path = PATH_URL . "Download/Document/" . $ref_object->get_id();
                 } else {
                     $new_path = PATH_URL . "styles/standard/images/404.jpg";
                 }
                 $html = str_replace($orig_matches[$key], "src=\"{$new_path}\" data-mce-src=\"{$path}\"", $html);
             }
             $contentText->setContentProvider(\Widgets\DataProvider::contentProvider($html));
             $clearer = new \Widgets\Clearer();
             // 				$html = "";
             // 				if ($mimetype == "image/png" || $mimetype == "image/jpeg" || $mimetype == "image/gif") {  // Image
             // 					$html = "<div style=\"text-align:center\"><img style=\"max-width:100%\" title=\"{$name}\" alt=\"Bild: {$name}\" src=\"" . PATH_URL . "Download/Document/" . $this->id . "/\"></div>";
             // 				} else if ($mimetype == "text/html") {
             // 					$html = strip_tags($object->get_content(),"<h1><h2><h3><h4><h5><p><a><div><style><b><i><strong><img>");
             // 				} else if (strstr($mimetype, "text")) {
             // 					$html = "<pre>{$object->get_content()}</pre>";
             // 				} else {
             // 					header("location: " . PATH_URL . "Download/Document/" . $this->id . "/");
             // 				}
             // 				$rawHtml = new \Widgets\RawHtml();
             // 				$rawHtml->setHtml($html);
             //$rawHtml->addWidget($breadcrumb);
             //$rawHtml->addWidget($environment);
             //$rawHtml->addWidget($loader);
             $frameResponseObject->setTitle($name);
             $frameResponseObject->addWidget($actionBar);
             //$frameResponseObject->addWidget($rawHtml);
             $frameResponseObject->addWidget($contentText);
             $frameResponseObject->addWidget($clearer);
             return $frameResponseObject;
         }
     } else {
         ExtensionMaster::getInstance()->send404Error();
     }
 }
Пример #9
0
/**
 * Returns truncated html formatted content
 *
 * @param string $articlecontent the source string
 * @param int $shorten new size
 * @param string $shortenindicator
 * @param bool $forceindicator set to true to include the indicator no matter what
 * @return string
 */
function shortenContent($articlecontent, $shorten, $shortenindicator, $forceindicator = false)
{
    global $_user_tags;
    if ($shorten && ($forceindicator || mb_strlen($articlecontent) > $shorten)) {
        $allowed_tags = getAllowedTags('allowed_tags');
        //remove script to be replaced later
        $articlecontent = preg_replace('~<script.*?/script>~is', '', $articlecontent);
        //remove HTML comments
        $articlecontent = preg_replace('~<!--.*?-->~is', '', $articlecontent);
        $short = mb_substr($articlecontent, 0, $shorten);
        $short2 = kses($short . '</p>', $allowed_tags);
        if (($l2 = mb_strlen($short2)) < $shorten) {
            $c = 0;
            $l1 = $shorten;
            $delta = $shorten - $l2;
            while ($l2 < $shorten && $c++ < 5) {
                $open = mb_strrpos($short, '<');
                if ($open > mb_strrpos($short, '>')) {
                    $l1 = mb_strpos($articlecontent, '>', $l1 + 1) + $delta;
                } else {
                    $l1 = $l1 + $delta;
                }
                $short = mb_substr($articlecontent, 0, $l1);
                preg_match_all('/(<p>)/', $short, $open);
                preg_match_all('/(<\\/p>)/', $short, $close);
                if (count($open) > count($close)) {
                    $short .= '</p>';
                }
                $short2 = kses($short, $allowed_tags);
                $l2 = mb_strlen($short2);
            }
            $shorten = $l1;
        }
        $short = truncate_string($articlecontent, $shorten, '');
        if ($short != $articlecontent) {
            //	we actually did remove some stuff
            // drop open tag strings
            $open = mb_strrpos($short, '<');
            if ($open > mb_strrpos($short, '>')) {
                $short = mb_substr($short, 0, $open);
            }
            if (class_exists('tidy')) {
                $tidy = new tidy();
                $tidy->parseString($short . $shortenindicator, array('show-body-only' => true), 'utf8');
                $tidy->cleanRepair();
                $short = trim($tidy);
            } else {
                $short = trim(cleanHTML($short . $shortenindicator));
            }
        }
        $articlecontent = $short;
    }
    if (isset($matches)) {
        //replace the script text
        foreach ($matches[0] as $script) {
            $articlecontent = $script . $articlecontent;
        }
    }
    return $articlecontent;
}
Пример #10
0
Файл: post.php Проект: x17x2a/ff
 private function filterHTML($value, $pattern)
 {
     if (!isset($pattern)) {
         return $value;
     }
     if (gettype($value) != "string") {
         throw new Exception("Only strings can be filtered" . " with " . $pattern);
     }
     #
     return cleanHTML($value, $pattern);
 }
Пример #11
0
function cleanMeta($s)
{
    return cleanHTML(str_replace(array('\\n', '\\r'), '', $s));
}
Пример #12
0
 function forum_bbcode_parse_clean($string)
 {
     // FIX LINE BREAKS
     $string = htmlspecialchars_decode($string, ENT_QUOTES);
     $string = censor($string);
     if (!preg_match('/<[^>]+>/', $string)) {
         $string = preg_replace(array("/\\r\\n/", "/\\r/", "/\\n/"), array("[br]", "[br]", "[br]"), $string);
     }
     // CLEAN HTML
     $allowed_html = "ol,ul,li,strong,em,u,strike,p,br,a,embed,img";
     $string = cleanHTML($string, $allowed_html, array("style"));
     // FIX LINE BREAKS
     $string = str_replace("[br]", "<br>", $string);
     $string = preg_replace('/\\s+<br>\\s+/i', '<br>', $string);
     $string = preg_replace('/(<br>){3,}/is', '<br><br>', $string);
     // RE-ENCODE
     $string = htmlspecialchars($string, ENT_QUOTES);
     return $string;
 }
Пример #13
0
 function event_edit(&$event_title, &$event_desc, &$event_eventcat_id, $event_date_start, $event_date_end, &$event_host, &$event_location, $event_field_query)
 {
     global $database, $user, $actions;
     // VALIDATE OWNER
     if ($this->event_exists && $this->user_rank < 2) {
         $this->is_error = 3000248;
         return FALSE;
     }
     // INIT VARS
     $event_id = !empty($this->event_info['event_id']) ? $this->event_info['event_id'] : NULL;
     $event_title = censor($event_title);
     $event_desc = censor(str_replace("\r\n", "<br />", html_entity_decode($event_desc, ENT_QUOTES)));
     $event_desc = security(cleanHTML($event_desc, $user->level_info['level_event_html']));
     $event_host = censor($event_host);
     $event_location = censor(str_replace("\r\n", "<br />", $event_location));
     $time = time();
     // CHECK TO MAKE SURE TITLE HAS BEEN ENTERED
     if (!trim($event_title)) {
         $this->is_error = 3000246;
         return FALSE;
     }
     // CHECK TO MAKE SURE CATEGORY HAS BEEN SELECTED
     if (!$event_eventcat_id) {
         $this->is_error = 3000247;
         return FALSE;
     }
     // CHECK TO MAKE SURE END DATE IS AFTER START DATE (IF END DATE IS SET)
     if ($event_date_end && $event_date_end < $event_date_start) {
         $this->is_error = 3000249;
         return FALSE;
     }
     // CHECK TO MAKE SURE THAT START DATE IS IN THE FUTURE IF BACKDATING NOT ALLOWED
     if (!$user->level_info['level_event_backdate'] && $event_date_start < time()) {
         // IF CREATING, ERROR
         if (!$this->event_exists) {
             $this->is_error = 3000250;
             return FALSE;
         } elseif ($event_date_start != $this->event_info['event_date_start'] || $event_date_end != $this->event_info['event_date_end']) {
             $this->is_error = 3000250;
             return FALSE;
         }
     }
     // CREATE
     if (!$event_id) {
         // ADD ROW TO EVENTS TABLE
         $sql = "\r\n        INSERT INTO se_events (\r\n          event_user_id,\r\n          event_eventcat_id,\r\n          event_title,\r\n          event_desc,\r\n          event_date_start,\r\n          event_date_end,\r\n          event_host,\r\n          event_location,\r\n          event_datecreated\r\n        ) VALUES (\r\n          '{$this->user_id}',\r\n          '{$event_eventcat_id}',\r\n          '{$event_title}',\r\n          '{$event_desc}',\r\n          '{$event_date_start}',\r\n          '{$event_date_end}',\r\n          '{$event_host}',\r\n          '{$event_location}',\r\n          '{$time}'\r\n        )\r\n      ";
         $resource = $database->database_query($sql);
         $event_id = $database->database_insert_id();
         // MAKE EVENT EXIST
         if ($event_id) {
             $this->event_exists = TRUE;
             $this->is_member = TRUE;
             $this->user_rank = 3;
             $this->event_info['event_id'] = $event_id;
             $this->event_info['event_user_id'] = $this->user_id;
             $this->eventowner_level_info =& $user->level_info;
         }
         // MAKE CREATOR A MEMBER
         $sql = "INSERT INTO se_eventmembers (eventmember_user_id, eventmember_event_id, eventmember_status, eventmember_approved, eventmember_rank) VALUES ('{$this->user_id}', '{$event_id}', '1', '1', '3')";
         $resource = $database->database_query($sql);
         // ADD EVENT STYLES ROW
         $sql = "INSERT INTO se_eventstyles (eventstyle_event_id) VALUES ('{$event_id}')";
         $resource = $database->database_query($sql);
         // ADD EVENT VALUES ROW
         $sql = "INSERT INTO se_eventvalues (eventvalue_event_id) VALUES ('{$event_id}')";
         $resource = $database->database_query($sql);
         // ADD EVENT ALBUM
         $sql = "\r\n        INSERT INTO se_eventalbums\r\n          (eventalbum_event_id, eventalbum_datecreated, eventalbum_dateupdated, eventalbum_title, eventalbum_desc, eventalbum_search, eventalbum_privacy, eventalbum_comments)\r\n        VALUES\r\n          ('{$event_id}', '{$time}', '{$time}', '', '', '{$this->event_info['event_search']}', '{$this->event_info['event_privacy']}', '{$this->event_info['event_comments']}')\r\n      ";
         $resource = $database->database_query($sql);
         // INSERT ACTION
         $event_title = $this->event_info['event_title'];
         if (strlen($event_title) > 100) {
             $event_title = substr($event_title, 0, 97) . "...";
         }
         $actions->actions_add($user, "newevent", array($user->user_info['user_username'], $user->user_displayname, $this->event_info['event_id'], $event_title), NULL, NULL, FALSE, "event", $event_id, $this->event_info['event_privacy']);
     } else {
         // IF NEW INVITE ONLY SETTING IS CHANGED TO 0, APPROVE ALL REQUESTS FOR INVITATION
         if (!$event_inviteonly) {
             $sql = "UPDATE se_eventmembers SET eventmember_status='1' WHERE eventmember_event_id='{$this->event_info['event_id']}' AND eventmember_status='0'";
             $resource = $database->database_query($sql);
         }
         // UPDATE EVENT
         $sql = "\r\n        UPDATE\r\n          se_events\r\n        SET\r\n          event_title='{$event_title}',\r\n          event_eventcat_id='{$event_eventcat_id}',\r\n          event_desc='{$event_desc}',\r\n          event_date_start='{$event_date_start}',\r\n          event_date_end='{$event_date_end}',\r\n          event_host='{$event_host}',\r\n          event_location='{$event_location}',\r\n          event_dateupdated={$time}\r\n        WHERE\r\n          event_id='{$event_id}'\r\n        LIMIT\r\n          1\r\n      ";
         $resource = $database->database_query($sql);
     }
     // TODO: UPDATE EVENT VALUES $event_field_query
     if (!empty($event_field_query)) {
         $sql = " UPDATE se_eventvalues SET {$event_field_query} WHERE eventvalue_event_id='{$event_id}' LIMIT 1";
         $resource = $database->database_query($sql);
     }
     // ADD EVENT DIRECTORY
     $event_directory = $this->event_dir($event_id);
     $event_path_array = explode("/", $event_directory);
     array_pop($event_path_array);
     array_pop($event_path_array);
     $subdir = implode("/", $event_path_array) . "/";
     if (!is_dir($subdir)) {
         mkdir($subdir, 0777);
         chmod($subdir, 0777);
         if ($handle = fopen($subdir . "index.php", 'x+')) {
             fclose($handle);
         }
     }
     if (!is_dir($event_directory)) {
         mkdir($event_directory, 0777);
         chmod($event_directory, 0777);
         if ($handle = fopen($event_directory . "/index.php", 'x+')) {
             fclose($event_directory);
         }
     }
     return $event_id;
 }
Пример #14
0
 public function ajaxResponse(\AjaxResponseObject $ajaxResponseObject)
 {
     $data = array();
     if (isset($this->params["attribute"]) && isset($this->params["value"])) {
         $oldValue = self::getAttributeValue($this->object, $this->params["attribute"]);
         try {
             self::setAttributeValue($this->object, $this->params["attribute"], $this->params["value"]);
         } catch (steam_exception $e) {
             $data["oldValue"] = $oldValue;
             $data["error"] = $e->get_message();
             $data["undo"] = false;
             $ajaxResponseObject->setStatus("ok");
             $ajaxResponseObject->setData($data);
             return $ajaxResponseObject;
         }
         $ajaxResponseObject->setStatus("ok");
         $newValue = self::getAttributeValue($this->object, $this->params["attribute"]);
         if ($newValue === $this->params["value"]) {
             $data["oldValue"] = $oldValue;
             $data["newValue"] = $newValue;
             $data["error"] = "none";
             $data["undo"] = true;
         } else {
             $data["oldValue"] = $oldValue;
             $data["error"] = "Data could not be saved.";
             $data["undo"] = false;
         }
         $ajaxResponseObject->setData($data);
     } else {
         if (isset($this->params["value"]) && !isset($this->params["attribute"]) && $this->object instanceof steam_document) {
             $oldValue = $this->object->get_content();
             try {
                 $this->object->set_content(cleanHTML($this->params["value"]));
             } catch (steam_exception $e) {
                 $data["oldValue"] = $oldValue;
                 $data["error"] = $e->get_message();
                 $data["undo"] = false;
                 $ajaxResponseObject->setStatus("ok");
                 $ajaxResponseObject->setData($data);
                 return $ajaxResponseObject;
             }
             $ajaxResponseObject->setStatus("ok");
             $newValue = $this->object->get_content();
             //if ($newValue === $this->params["value"]) {
             $data["oldValue"] = $oldValue;
             $data["newValue"] = $newValue;
             $data["error"] = "none";
             $data["undo"] = true;
             // 			 } else {
             // 			 	$data["oldValue"] = $oldValue;
             // 			 	$data["error"] = "Data could not be saved.";
             // 				$data["undo"] = false;
             // 			 }
             $ajaxResponseObject->setData($data);
         } else {
             if (isset($this->params["annotate"])) {
                 $newValue = $this->params["annotate"];
                 $oldValue = "";
                 try {
                     $annotation = \steam_factory::create_document($GLOBALS["STEAM"]->get_id(), "Annotation", $newValue, "text/plain");
                     $this->object->add_annotation($annotation);
                     $data["oldValue"] = "";
                     $data["newValue"] = "";
                     $data["error"] = "none";
                     $data["undo"] = false;
                 } catch (steam_exception $e) {
                     $data["oldValue"] = "";
                     $data["error"] = $e->get_message();
                     $data["undo"] = false;
                 }
                 $ajaxResponseObject->setStatus("ok");
                 $ajaxResponseObject->setData($data);
                 return $ajaxResponseObject;
             } else {
                 $ajaxResponseObject->setStatus("error");
             }
         }
     }
     return $ajaxResponseObject;
 }
Пример #15
0
    header("Location: user_poll.php");
    exit;
}
// GET CURRENT POLL DATA
$poll_title = $poll->poll_info['poll_title'];
$poll_desc = $poll->poll_info['poll_desc'];
// EDIT THIS POLL
if ($task == "doedit") {
    $poll_title = $_POST['poll_title'];
    $poll_desc = $_POST['poll_desc'];
    $poll_search = $_POST['poll_search'];
    $poll_privacy = $_POST['poll_privacy'];
    $poll_comments = $_POST['poll_comments'];
    // HTML SUPPORT
    $poll_title = censor(cleanHTML(htmlspecialchars_decode($poll_title), $setting['setting_poll_html']));
    $poll_desc = censor(cleanHTML(htmlspecialchars_decode($poll_desc), $setting['setting_poll_html']));
    // MAKE SURE TITLE IS PROVIDED
    if (!trim($poll_title)) {
        $is_error = 2500123;
    }
    // EDIT POLL
    if (!$is_error) {
        $poll->poll_edit($poll_title, $poll_desc, $poll_search, $poll_privacy, $poll_comments);
        header("Location: user_poll.php");
        exit;
    }
}
// GET PREVIOUS PRIVACY SETTINGS
$level_poll_privacy = unserialize($user->level_info['level_poll_privacy']);
rsort($level_poll_privacy);
for ($c = 0; $c < count($level_poll_privacy); $c++) {
Пример #16
0
function _TooltipPlanet($Row, $Galaxy, $System, $Planet, $PlanetType)
{
    global $lang, $dpath, $user, $HavePhalanx, $CurrentSystem, $CurrentGalaxy;
    if ($Row && $Row["destruyed"] == 0 && $Row["id_planet"] != 0) {
        if ($HavePhalanx != 0) {
            if ($Row['id'] != $user['id']) {
                if ($Row["galaxy"] == $CurrentGalaxy) {
                    $Range = GetPhalanxRange($HavePhalanx);
                    if ($SystemLimitMin < 1) {
                        $SystemLimitMin = 1;
                    }
                    $SystemLimitMax = $CurrentSystem + $Range;
                    if ($System <= $SystemLimitMax) {
                        if ($System >= $SystemLimitMin) {
                            $PhalanxTypeLink = "<a href=# onclick=fenster(&#039;phalanx.php?galaxy=" . $Galaxy . "&amp;system=" . $System . "&amp;planet=" . $Planet . "&amp;planettype=" . $PlanetType . "&#039;) >" . $lang['gl_phalanx'] . "</a><br />";
                        } else {
                            $PhalanxTypeLink = "";
                        }
                    } else {
                        $PhalanxTypeLink = "";
                    }
                } else {
                    $PhalanxTypeLink = "";
                }
            } else {
                $PhalanxTypeLink = "";
            }
        } else {
            $PhalanxTypeLink = "";
        }
        if ($Row['id'] != $user['id']) {
            $MissionType6Link = "<a href=# onclick=&#039javascript:pada_galaxy(6, " . $Galaxy . ", " . $System . ", " . $Planet . ", " . $PlanetType . ", " . $user["spio_anz"] . ");&#039 >" . $lang['type_mission'][6] . "</a><br /><br />";
        } elseif ($Row['id'] == $user['id']) {
            $MissionType6Link = "";
        }
        if ($Row['id'] != $user['id']) {
            $MissionType1Link = "<a href=fleet.php?galaxy=" . $Galaxy . "&amp;system=" . $System . "&amp;planet=" . $Planet . "&amp;planettype=" . $PlanetType . "&amp;target_mission=1>" . $lang['type_mission'][1] . "</a><br />";
        } elseif ($Row['id'] == $user['id']) {
            $MissionType1Link = "";
        }
        if ($Row['id'] != $user['id']) {
            $MissionType5Link = "<a href=fleet.php?galaxy=" . $Galaxy . "&system=" . $System . "&planet=" . $Planet . "&planettype=" . $PlanetType . "&target_mission=5>" . $lang['type_mission'][5] . "</a><br />";
        } elseif ($Row['id'] == $user['id']) {
            $MissionType5Link = "";
        }
        if ($Row['id'] == $user['id']) {
            $MissionType4Link = "<a href=fleet.php?galaxy=" . $Galaxy . "&system=" . $System . "&planet=" . $Planet . "&planettype=" . $PlanetType . "&target_mission=4>" . $lang['type_mission'][4] . "</a><br />";
        } elseif ($Row['id'] != $user['id']) {
            $MissionType4Link = "";
        }
        $MissionType3Link = "<a href=fleet.php?galaxy=" . $Galaxy . "&system=" . $System . "&planet=" . $Planet . "&planettype=" . $PlanetType . "&target_mission=3>" . $lang['type_mission'][3] . "</a>";
        $Result .= "<a style=\"cursor: pointer;\"";
        $Result .= " onmouseover='return overlib(\"";
        $Result .= "<table width=240>";
        $Result .= "<tr>";
        $Result .= "<td class=c colspan=2>";
        $Result .= $lang['gl_planet'] . " " . cleanHTML($Row['planet_name']) . " [" . $Galaxy . ":" . $System . ":" . $Planet . "]";
        $Result .= "</td>";
        $Result .= "</tr>";
        $Result .= "<tr>";
        $Result .= "<th width=80>";
        $Result .= "<img src=" . $dpath . "planeten/small/s_" . $Row["image"] . ".jpg height=75 width=75 />";
        $Result .= "</th>";
        $Result .= "<th align=left>";
        $Result .= $MissionType6Link;
        $Result .= $PhalanxTypeLink;
        $Result .= $MissionType1Link;
        $Result .= $MissionType5Link;
        $Result .= $MissionType4Link;
        $Result .= $MissionType3Link;
        $Result .= "</th>";
        $Result .= "</tr>";
        $Result .= "</table>\"";
        $Result .= ", STICKY, MOUSEOFF, DELAY, 750, CENTER, OFFSETX, -40, OFFSETY, -40 );'";
        $Result .= " onmouseout='return nd();'>";
        $Result .= "<img src=" . $dpath . "planeten/small/s_" . $Row["image"] . ".jpg height=30 width=30>";
        $Result .= "</a>";
    }
    return $Result;
}
Пример #17
0
function show_edit_form($posttype, $set, $postid, $edit_id)
{
    $objSrcUser =& $GLOBALS["objSrcUser"];
    $userid = $objSrcUser->get_userid();
    $sql = "SELECT poster_id,poster_kd,post,title,parent_id FROM forum ";
    $sql .= "WHERE post_id = {$edit_id}";
    $edit = mysql_fetch_array(mysql_query($sql));
    if ($userid != $edit['poster_id']) {
        echo '<div class="center">' . "Sorry, you can't edit this post." . '</div>';
        include_game_down();
        exit;
    }
    $post = cleanHTML($edit['post']);
    $post = str_replace("<br />", "", $post);
    $post = strip_tags($post);
    // remove <code></code>
    $post = rtrim($post);
    // to remove odd break-rows at end of a post
    $title = cleanHTML($edit['title']);
    if ($edit_id != $postid) {
        $strTitleInput = '<input type="hidden" name="title" value="' . $title . '" />';
    } else {
        $strTitleInput = '<label for="i1">Topic:</label>' . '<br /><input type="text" name="title" size="40" ' . 'maxlength="30" value="' . $title . '" id="i1" /><br /><br />';
    }
    $strEditPostForm = '<div id="textMedium">' . '<h2>Edit post</h2>' . '<form action="main.php?cat=game&amp;page=forums&amp;set=' . $set . '&amp;action=edit" method="post">' . $strTitleInput . '<label for="i2">Your Message</label>: ' . '<br /><textarea name="text" rows="8" cols="44" id="i2">' . $post . '</textarea>' . '<br /><br />' . '<input type="submit" value="Save changes" />' . '<br /><br />' . '<input type="checkbox" name="formatted" value="yes" id="i3" /> ' . '<label for="i3">With Tabs</label> (Sometimes this can make a copied table look great.)' . '<input type="hidden" name="edit_id" value="' . $edit_id . '" />' . '<input type="hidden" name="postid" value="' . $postid . '" />' . '</form>' . '</div>';
    echo $strEditPostForm;
}
Пример #18
0
 public function saveComments()
 {
     $this->ID_Application = POST("ID_Application");
     $this->ID_Record = POST("ID_Record");
     $this->comment = POST("comment", "clean", FALSE);
     $this->email = POST("email");
     $this->website = POST("website");
     $this->name = SESSION("ZanUser") ? NULL : POST("name");
     $this->username = SESSION("ZanUser") ? SESSION("ZanUser") : NULL;
     $this->ID_User = SESSION("ZanUserID") ? (int) SESSION("ZanUserID") : 0;
     $this->state = "Active";
     $this->date1 = now(4);
     $this->date2 = now(2);
     $this->year = date("Y");
     $this->month = date("m");
     $this->day = date("d");
     $this->URL = POST("URL");
     if ($this->ID_Application === "3") {
         if ($this->comment === NULL) {
             return getAlert("Empty Comment");
         }
         if (isSPAM($this->comment) === TRUE) {
             return getAlert("STOP, SPAM");
         }
         if (isVulgar($this->comment) === TRUE) {
             return getAlert("STOP, The Comment is Vulgar");
         }
         if (isInjection($this->comment) === TRUE) {
             return getAlert("STOP, Injection");
         } else {
             cleanHTML($this->comment);
         }
         if ($this->ID_User > 0) {
             $this->Db->table($this->table);
             $repost = $this->Db->findBySQL("Comment = '{$this->comment}' AND Year = '{$this->year}' AND Month = '{$this->month}' AND Day = '{$this->day}' AND Name = '{$this->name}'");
             if (is_array($repost)) {
                 return getAlert("This Comment has been posted yet");
             }
             $fields = "ID_User, Username, Comment, Start_Date, Text_Date, Year, Month, Day, State";
             $values = "'{$this->ID_User}', '{$this->username}', '{$this->comment}', '{$this->date1}', '{$this->date2}', '{$this->year}', '{$this->month}', '{$this->day}', '{$this->state}'";
             $this->Db->table($this->table, $fields);
             $this->Db->values($values);
             $this->insertID1 = $this->Db->save();
             $fields = "ID_Application, ID_Comment";
             $values = "'3', '{$this->insertID1}'";
             $this->Db->table("comments2applications", $fields);
             $this->Db->values($values);
             $this->insertID2 = $this->Db->save();
             $fields = "ID_Comment2Application, ID_Record";
             $values = "'{$this->insertID2}', '{$this->ID_Record}'";
             $this->Db->table("comments2records", $fields);
             $this->Db->values($values);
             $this->insertID3 = $this->Db->save();
         } else {
             $this->Db->table($this->table);
             $repost = $this->Db->findBySQL("ID_User = '******' AND Comment = '{$this->comment}' AND Year = '{$this->year}' AND Month = '{$this->month}' AND Day = '{$this->day}'");
             if (is_array($repost)) {
                 return getAlert("This Comment has been posted yet");
             }
             if ($this->name === NULL) {
                 return getAlert("Empty Name");
             }
             if (isVulgar($this->name) === TRUE) {
                 return getAlert("STOP, Vulgar Name");
             }
             if (isInjection($this->name) === TRUE) {
                 return getAlert("STOP, Injection");
             } else {
                 cleanHTML($this->comment);
             }
             if ($this->email === NULL) {
                 return getAlert("Empty Email");
             }
             if (isEmail($this->email) === FALSE) {
                 return getAlert("Invalid Email");
             }
             if (isset($this->website) and ping($this->website) === FALSE) {
                 if (isInjection($this->website) === TRUE) {
                     return getAlert("STOP, Injection");
                 } else {
                     cleanHTML($this->website);
                 }
                 return getAlert("Invalid Website");
             }
             $fields = "ID_User, Comment, Start_Date, Text_Date, Year, Month, Day, Name, Email, Website, State";
             $values = "'{$this->ID_User}', '{$this->comment}', '{$this->date1}', '{$this->date2}', '{$this->year}', '{$this->month}', '{$this->day}', '{$this->name}', '{$this->email}', '{$this->website}', '{$this->state}'";
             $this->Db->table($this->table, $fields);
             $this->Db->values($values);
             $this->insertID1 = $this->Db->save();
             $fields = "ID_Application, ID_Comment";
             $values = "'3', '{$this->insertID1}'";
             $this->Db->table("comments2applications", $fields);
             $this->Db->values($values);
             $this->insertID2 = $this->Db->save();
             $fields = "ID_Comment2Application, ID_Record";
             $values = "'{$this->insertID2}', '{$this->ID_Record}'";
             $this->Db->table("comments2records", $fields);
             $this->Db->values($values);
             $this->insertID3 = $this->Db->save();
         }
         if ($this->insertID1 === "rollback" or $this->insertID2 === "rollback" or $this->insertID3 === "rollback") {
             $this->Db->rollBack();
             return getAlert("Insert error");
         } else {
             $this->Db->commit();
             return getAlert("The comment has been saved correctly", "success");
         }
     }
 }
Пример #19
0
 function field_list($validate = 0, $format = 0, $search = 0, $field_where = "")
 {
     global $database, $datetime, $setting;
     // GET NON DEPENDENT FIELDS IN CAT IF NECESSARY
     $field_count = 0;
     $this->fields = array();
     $field_query = "SELECT " . $this->type . "field_id AS field_id, " . $this->type . "field_order AS field_order, " . $this->type . "field_title AS field_title, " . $this->type . "field_desc AS field_desc, " . $this->type . "field_signup AS field_signup, " . $this->type . "field_error AS field_error, " . $this->type . "field_type AS field_type, " . $this->type . "field_style AS field_style, " . $this->type . "field_maxlength AS field_maxlength, " . $this->type . "field_link AS field_link, " . $this->type . "field_options AS field_options, " . $this->type . "field_required AS field_required, " . $this->type . "field_regex AS field_regex, " . $this->type . "field_special AS field_special, " . $this->type . "field_html AS field_html, " . $this->type . "field_search AS field_search, " . $this->type . "field_display AS field_display FROM se_" . $this->type . "fields WHERE " . $this->type . "field_dependency='0'";
     if ($field_where != "") {
         $field_query .= " AND ({$field_where})";
     }
     $field_query .= " ORDER BY " . $this->type . "field_order";
     $fields = $database->database_query($field_query);
     while ($field_info = $database->database_fetch_assoc($fields)) {
         // SET FIELD VARS
         $is_field_error = 0;
         $field_value = "";
         $field_value_formatted = "";
         $field_value_min = "";
         $field_value_max = "";
         $field_options = array();
         // FIELD TYPE SWITCH
         switch ($field_info[field_type]) {
             case 1:
                 // TEXT FIELD
             // TEXT FIELD
             case 2:
                 // TEXTAREA
                 // VALIDATE POSTED FIELD VALUE
                 if ($validate == 1) {
                     // RETRIEVE POSTED FIELD VALUE AND FILTER FOR ADMIN-SPECIFIED HTML TAGS
                     $var = "field_" . $field_info[field_id];
                     $field_value = security(cleanHTML(censor($_POST[$var]), $field_info[field_html]));
                     if ($field_info[field_type] == 2) {
                         $field_value = str_replace("\r\n", "<br>", $field_value);
                     }
                     // CHECK FOR REQUIRED
                     if ($field_info[field_required] != 0 && trim($field_value) == "") {
                         $this->is_error = 96;
                         $is_field_error = 1;
                     }
                     // RUN PREG MATCH (ONLY FOR TEXT FIELDS)
                     if ($field_info[field_regex] != "" && trim($field_value) != "") {
                         if (!preg_match($field_info[field_regex], $field_value)) {
                             $this->is_error = 97;
                             $is_field_error = 1;
                         }
                     }
                     // UPDATE SAVE VALUE QUERY
                     if ($this->field_query != "") {
                         $this->field_query .= ", ";
                     }
                     if ($field_info[field_special] == 2 || $field_info[field_special] == 3) {
                         $field_value = ucwords($field_value);
                     }
                     $this->field_query .= $this->type . "value_{$field_info['field_id']}='{$field_value}'";
                     // CREATE A SEARCH QUERY FROM POSTED FIELD VALUE
                 } elseif ($search == 1) {
                     if ($field_info[field_search] == 2) {
                         $var1 = "field_" . $field_info[field_id] . "_min";
                         if (isset($_POST[$var1])) {
                             $field_value_min = $_POST[$var1];
                         } elseif (isset($_GET[$var1])) {
                             $field_value_min = $_GET[$var1];
                         } else {
                             $field_value_min = "";
                         }
                         $var2 = "field_" . $field_info[field_id] . "_max";
                         if (isset($_POST[$var2])) {
                             $field_value_max = $_POST[$var2];
                         } elseif (isset($_GET[$var2])) {
                             $field_value_max = $_GET[$var2];
                         } else {
                             $field_value_max = "";
                         }
                         if ($field_value_min != "") {
                             if ($this->field_query != "") {
                                 $this->field_query .= " AND ";
                             }
                             $this->field_query .= $this->type . "value_{$field_info['field_id']} >= {$field_value_min}";
                             $this->url_string .= $var1 . "=" . urlencode($field_value_min) . "&";
                         }
                         if ($field_value_max != "") {
                             if ($this->field_query != "") {
                                 $this->field_query .= " AND ";
                             }
                             $this->field_query .= $this->type . "value_{$field_info['field_id']} <= {$field_value_max}";
                             $this->url_string .= $var2 . "=" . urlencode($field_value_max) . "&";
                         }
                     } elseif ($field_info[field_search] == 1) {
                         $var = "field_" . $field_info[field_id];
                         if (isset($_POST[$var])) {
                             $field_value = $_POST[$var];
                         } elseif (isset($_GET[$var])) {
                             $field_value = $_GET[$var];
                         } else {
                             $field_value = "";
                         }
                         if ($field_value != "") {
                             if ($this->field_query != "") {
                                 $this->field_query .= " AND ";
                             }
                             $this->field_query .= $this->type . "value_{$field_info['field_id']} LIKE '%{$field_value}%'";
                             $this->url_string .= $var . "=" . urlencode($field_value) . "&";
                         }
                     } else {
                         $field_value = "";
                     }
                     // DO NOT VALIDATE FIELD VALUE AND DON'T CREATE SEARCH VALUE
                 } else {
                     // RETRIEVE DATABASE FIELD VALUE
                     if ($this->value_info != "") {
                         $value_column = $this->type . "value_" . $field_info[field_id];
                         $field_value = $this->value_info[$value_column];
                     }
                 }
                 // FORMAT VALUE FOR DISPLAY
                 if ($format == 1 && $field_info[field_display] != 0) {
                     // LINK BROWSABLE FIELD VALUES IF NECESSARY
                     if ($field_info[field_display] == 2) {
                         $br_exploded_field_values = explode("<br>", trim($field_value));
                         $exploded_field_values = array();
                         foreach ($br_exploded_field_values as $key => $value) {
                             $comma_exploded_field_values = explode(",", trim($value));
                             array_walk($comma_exploded_field_values, 'link_field_values', array($field_info[field_id], "", $field_info[field_link], $field_info[field_display]));
                             $exploded_field_values[$key] = implode(", ", $comma_exploded_field_values);
                         }
                         $field_value_formatted = implode("<br>", $exploded_field_values);
                         // MAKE SURE TO LINK FIELDS WITH A LINK TAG
                     } else {
                         $exploded_field_values = array(trim($field_value));
                         array_walk($exploded_field_values, 'link_field_values', array($field_info[field_id], "", $field_info[field_link], $field_info[field_display]));
                         $field_value_formatted = implode("", $exploded_field_values);
                     }
                     // DECODE TO MAKE HTML TAGS FOR FIELDS VALID
                     $field_value_formatted = htmlspecialchars_decode($field_value_formatted, ENT_QUOTES);
                     // FORMAT VALUE FOR FORM
                 } else {
                     if ($field_info[field_type] == 1) {
                         $options = unserialize($field_info[field_options]);
                         for ($i = 0, $max = count($options); $i < $max; $i++) {
                             SE_Language::_preload_multi($options[$i][label]);
                             SE_Language::load();
                             $field_options[] = array('label' => SE_Language::_get($options[$i][label]));
                         }
                     }
                     if ($field_info[field_type] == 2) {
                         $field_value = str_replace("<br>", "\r\n", $field_value);
                     }
                 }
                 break;
             case 3:
                 // SELECT BOX
             // SELECT BOX
             case 4:
                 // RADIO BUTTON
                 // VALIDATE POSTED FIELD
                 if ($validate == 1) {
                     // RETRIEVE POSTED FIELD VALUE
                     $var = "field_" . $field_info[field_id];
                     $field_value = censor($_POST[$var]);
                     // CHECK FOR REQUIRED
                     if ($field_info[field_required] != 0 && ($field_value == "-1" || $field_value == "")) {
                         $this->is_error = 96;
                         $is_field_error = 1;
                     }
                     // UPDATE SAVE VALUE QUERY
                     if ($this->field_query != "") {
                         $this->field_query .= ", ";
                     }
                     $this->field_query .= $this->type . "value_{$field_info['field_id']}='{$field_value}'";
                     // CREATE A SEARCH QUERY FROM POSTED FIELD VALUE
                 } elseif ($search == 1) {
                     if ($field_info[field_search] == 2) {
                         $var1 = "field_" . $field_info[field_id] . "_min";
                         if (isset($_POST[$var1])) {
                             $field_value_min = $_POST[$var1];
                         } elseif (isset($_GET[$var1])) {
                             $field_value_min = $_GET[$var1];
                         } else {
                             $field_value_min = "";
                         }
                         $var2 = "field_" . $field_info[field_id] . "_max";
                         if (isset($_POST[$var2])) {
                             $field_value_max = $_POST[$var2];
                         } elseif (isset($_GET[$var2])) {
                             $field_value_max = $_GET[$var2];
                         } else {
                             $field_value_max = "";
                         }
                         if ($field_value_min != "" && $field_value_min != "-1") {
                             if ($this->field_query != "") {
                                 $this->field_query .= " AND ";
                             }
                             $this->field_query .= $this->type . "value_{$field_info['field_id']} >= {$field_value_min}";
                             $this->url_string .= $var1 . "=" . urlencode($field_value_min) . "&";
                         }
                         if ($field_value_max != "" && $field_value_max != "-1") {
                             if ($this->field_query != "") {
                                 $this->field_query .= " AND ";
                             }
                             $this->field_query .= $this->type . "value_{$field_info['field_id']} <= {$field_value_max}";
                             $this->url_string .= $var2 . "=" . urlencode($field_value_max) . "&";
                         }
                     } elseif ($field_info[field_search] == 1) {
                         $var = "field_" . $field_info[field_id];
                         if (isset($_POST[$var])) {
                             $field_value = $_POST[$var];
                         } elseif (isset($_GET[$var])) {
                             $field_value = $_GET[$var];
                         } else {
                             $field_value = "";
                         }
                         if ($field_value != "-1" && $field_value != "") {
                             if ($this->field_query != "") {
                                 $this->field_query .= " AND ";
                             }
                             $this->field_query .= $this->type . "value_{$field_info['field_id']}='{$field_value}'";
                             $this->url_string .= $var . "=" . urlencode($field_value) . "&";
                         }
                     } else {
                         $field_value = "";
                     }
                     // DO NOT VALIDATE FIELD VALUE AND DON'T CREATE SEARCH VALUE
                 } else {
                     // RETRIEVE DATABASE FIELD VALUE
                     if ($this->value_info != "") {
                         $value_column = $this->type . "value_" . $field_info[field_id];
                         $field_value = $this->value_info[$value_column];
                     }
                 }
                 // LOOP OVER FIELD OPTIONS
                 $options = unserialize($field_info[field_options]);
                 for ($i = 0, $max = count($options); $i < $max; $i++) {
                     $dep_field_info = "";
                     $dep_field_value = "";
                     $dep_field_options = "";
                     // OPTION HAS DEPENDENCY
                     if ($options[$i][dependency] == "1") {
                         $dep_field_query = "SELECT " . $this->type . "field_id AS field_id, " . $this->type . "field_type AS field_type, " . $this->type . "field_title AS field_title, " . $this->type . "field_style AS field_style, " . $this->type . "field_options AS field_options, " . $this->type . "field_maxlength AS field_maxlength, " . $this->type . "field_link AS field_link, " . $this->type . "field_required AS field_required, " . $this->type . "field_regex AS field_regex, " . $this->type . "field_display AS field_display FROM se_" . $this->type . "fields WHERE " . $this->type . "field_id='" . $options[$i][dependent_id] . "' AND " . $this->type . "field_dependency='{$field_info['field_id']}'";
                         $dep_field = $database->database_query($dep_field_query);
                         if ($database->database_num_rows($dep_field) != "1") {
                             $options[$i][dependency] = 0;
                         } else {
                             $dep_field_info = $database->database_fetch_assoc($dep_field);
                             // VALIDATE POSTED FIELD VALUE
                             if ($validate == 1) {
                                 // OPTION SELECTED
                                 if ($field_value == $options[$i][value]) {
                                     $dep_var = "field_" . $dep_field_info[field_id];
                                     $dep_field_value = censor($_POST[$dep_var]);
                                     // DEP FIELD TYPE
                                     switch ($dep_field_info[field_type]) {
                                         // TEXT FIELD
                                         case "1":
                                             // CHECK FOR REQUIRED
                                             if ($dep_field_info[field_required] != 0 && trim($dep_field_value) == "") {
                                                 $this->is_error = 96;
                                                 $is_field_error = 1;
                                             }
                                             // RUN PREG MATCH
                                             if ($dep_field_info[field_regex] != "" && trim($dep_field_value) != "") {
                                                 if (!preg_match($dep_field_info[field_regex], $dep_field_value)) {
                                                     $this->is_error = 97;
                                                     $is_field_error = 1;
                                                 }
                                             }
                                             break;
                                             // SELECT BOX
                                         // SELECT BOX
                                         case "3":
                                             // CHECK FOR REQUIRED
                                             if ($dep_field_info['field_required'] != 0 && ($dep_field_value == "-1" || $dep_field_value == "")) {
                                                 $this->is_error = 96;
                                                 $is_field_error = 1;
                                             }
                                             break;
                                     }
                                     // OPTION NOT SELECTED
                                 } else {
                                     $dep_field_value = "";
                                 }
                                 // UPDATE SAVE VALUE QUERY
                                 if ($this->field_query != "") {
                                     $this->field_query .= ", ";
                                 }
                                 $this->field_query .= $this->type . "value_{$dep_field_info['field_id']}='{$dep_field_value}'";
                                 // DO NOT VALIDATE POSTED FIELD VALUE
                             } else {
                                 // RETRIEVE DATABASE FIELD VALUE
                                 if ($this->value_info != "") {
                                     $value_column = $this->type . "value_" . $dep_field_info[field_id];
                                     $dep_field_value = $this->value_info[$value_column];
                                 }
                             }
                             // RETRIEVE DEP FIELD OPTIONS
                             $dep_options = unserialize($dep_field_info[field_options]);
                             for ($i2 = 0, $max2 = count($dep_options); $i2 < $max2; $i2++) {
                                 SE_Language::_preload($dep_options[$i2][label]);
                                 $dep_field_options[] = array('value' => $dep_options[$i2][value], 'label' => $dep_options[$i2][label]);
                                 if ($dep_options[$i2][value] == $dep_field_value) {
                                     $dep_field_value_formatted = $dep_options[$i2][label];
                                 }
                             }
                         }
                     }
                     // FORMAT VALUE FOR DISPLAY IF OPTION IS SELECTED
                     if ($format == 1 && $field_value == $options[$i][value] && $field_info[field_display] != 0) {
                         SE_Language::_preload_multi($dep_field_info[field_title], $options[$i][label]);
                         SE_Language::load();
                         $field_value_formatted = SE_Language::_get($options[$i][label]);
                         // LINK FIELD VALUES IF NECESSARY
                         if ($field_info[field_display] == 2) {
                             link_field_values($field_value_formatted, "", array($field_info[field_id], $options[$i][value], "", $field_info[field_display]));
                         }
                         // ADD DEPENDENT VALUE TO FIELD VALUE
                         if ($dep_field_value != "" && $dep_field_info[field_display] != 0) {
                             if ($dep_field_info[field_type] == 3) {
                                 $dep_field_value_formatted = SE_Language::_get($dep_field_value_formatted);
                             } else {
                                 $dep_field_value_formatted = $dep_field_value;
                             }
                             link_field_values($dep_field_value_formatted, "", array($dep_field_info[field_id], $dep_field_value, $dep_field_info[field_link], $dep_field_info[field_display]));
                             $field_value_formatted .= " " . SE_Language::_get($dep_field_info[field_title]) . " " . $dep_field_value_formatted;
                         }
                     }
                     // SET OPTIONS ARRAY
                     SE_Language::_preload_multi($dep_field_info[field_title], $options[$i][label]);
                     $field_options[] = array('value' => $options[$i][value], 'label' => $options[$i][label], 'dependency' => $options[$i][dependency], 'dep_field_id' => $dep_field_info[field_id], 'dep_field_title' => $dep_field_info[field_title], 'dep_field_type' => $dep_field_info[field_type], 'dep_field_required' => $dep_field_info[field_required], 'dep_field_maxlength' => $dep_field_info[field_maxlength], 'dep_field_options' => $dep_field_options, 'dep_field_style' => $dep_field_info[field_style], 'dep_field_value' => $dep_field_value, 'dep_field_error' => $dep_field_error);
                 }
                 break;
             case 5:
                 // DATE FIELD
                 // SET MONTH, DAY, AND YEAR FORMAT FROM SETTINGS
                 switch ($setting[setting_dateformat]) {
                     case "n/j/Y":
                     case "n.j.Y":
                     case "n-j-Y":
                         $month_format = "n";
                         $day_format = "j";
                         $year_format = "Y";
                         $date_order = "mdy";
                         break;
                     case "Y/n/j":
                     case "Ynj":
                         $month_format = "n";
                         $day_format = "j";
                         $year_format = "Y";
                         $date_order = "ymd";
                         break;
                     case "Y-n-d":
                         $month_format = "n";
                         $day_format = "d";
                         $year_format = "Y";
                         $date_order = "ymd";
                         break;
                     case "Y-m-d":
                         $month_format = "m";
                         $day_format = "d";
                         $year_format = "Y";
                         $date_order = "ymd";
                         break;
                     case "j/n/Y":
                     case "j.n.Y":
                         $month_format = "n";
                         $day_format = "j";
                         $year_format = "Y";
                         $date_order = "dmy";
                         break;
                     case "M. j, Y":
                         $month_format = "M";
                         $day_format = "j";
                         $year_format = "Y";
                         $date_order = "mdy";
                         break;
                     case "F j, Y":
                     case "l, F j, Y":
                         $month_format = "F";
                         $day_format = "j";
                         $year_format = "Y";
                         $date_order = "mdy";
                         break;
                     case "j F Y":
                     case "D j F Y":
                     case "l j F Y":
                         $month_format = "F";
                         $day_format = "j";
                         $year_format = "Y";
                         $date_order = "dmy";
                         break;
                     case "D-j-M-Y":
                     case "D j M Y":
                     case "j-M-Y":
                         $month_format = "M";
                         $day_format = "j";
                         $year_format = "Y";
                         $date_order = "dmy";
                         break;
                     case "Y-M-j":
                         $month_format = "M";
                         $day_format = "j";
                         $year_format = "Y";
                         $date_order = "ymd";
                         break;
                 }
                 // VALIDATE POSTED VALUE
                 if ($validate == 1) {
                     // RETRIEVE POSTED FIELD VALUE
                     $var1 = "field_" . $field_info[field_id] . "_1";
                     $var2 = "field_" . $field_info[field_id] . "_2";
                     $var3 = "field_" . $field_info[field_id] . "_3";
                     $field_1 = $_POST[$var1];
                     $field_2 = $_POST[$var2];
                     $field_3 = $_POST[$var3];
                     // ORDER DATE VALUES PROPERLY
                     switch ($date_order) {
                         case "mdy":
                             $month = $field_1;
                             $day = $field_2;
                             $year = $field_3;
                             break;
                         case "ymd":
                             $year = $field_1;
                             $month = $field_2;
                             $day = $field_3;
                             break;
                         case "dmy":
                             $day = $field_1;
                             $month = $field_2;
                             $year = $field_3;
                             break;
                     }
                     // CONSTRUCT FIELD VALUE
                     $field_value = str_pad($year, 4, '0', STR_PAD_LEFT) . "-" . str_pad($month, 2, '0', STR_PAD_LEFT) . '-' . str_pad($day, 2, '0', STR_PAD_LEFT);
                     // CHECK FOR REQUIRED
                     if ($field_info['field_required'] && ($month == "00" || $day == "00" || $year == "00")) {
                         $this->is_error = 96;
                         $is_field_error = 1;
                     }
                     // UPDATE SAVE VALUE QUERY
                     if ($this->field_query != "") {
                         $this->field_query .= ", ";
                     }
                     $this->field_query .= $this->type . "value_{$field_info['field_id']}='{$field_value}'";
                     // CREATE A SEARCH QUERY FROM POSTED FIELD VALUE
                 } elseif ($search == 1) {
                     // DATE IS A BIRTHDAY
                     if ($field_info[field_special] == 1) {
                         // RESET DATE ORDER SO MONTH IS LAST
                         $date_order = "mdy";
                         // RETRIEVE MIN/MAX YEARS
                         $var3_min = "field_" . $field_info[field_id] . "_3_min";
                         $var3_max = "field_" . $field_info[field_id] . "_3_max";
                         if (isset($_POST[$var3_min])) {
                             $field_3_min = $_POST[$var3_min];
                         } elseif (isset($_GET[$var3_min])) {
                             $field_3_min = $_GET[$var3_min];
                         } else {
                             $field_3_min = "";
                         }
                         if (isset($_POST[$var3_max])) {
                             $field_3_max = $_POST[$var3_max];
                         } elseif (isset($_GET[$var3_max])) {
                             $field_3_max = $_GET[$var3_max];
                         } else {
                             $field_3_max = "";
                         }
                         $this->url_string .= $var3_min . "=" . urlencode($field_3_min) . "&";
                         $this->url_string .= $var3_max . "=" . urlencode($field_3_max) . "&";
                         // CONSTRUCT SEARCH VALUES (MIN YEAR)
                         // IMPORTANT NOTE - BECAUSE IT DISPLAYS THE AGE (NOT THE YEAR) TO THE SEARCHER, THIS ACTUALLY CORRESPONDS TO THE MINIMUM AGE (MAXIMUM YEAR)
                         $field_value_min = str_pad($field_3_min, 4, '0', STR_PAD_LEFT);
                         if ($field_value_min != "0000") {
                             if ($this->field_query != "") {
                                 $this->field_query .= " AND ";
                             }
                             $this->field_query .= $this->type . "value_{$field_info['field_id']}<='{$field_value_min}-" . date('m', time()) . "-" . date('d', time()) . "'";
                         }
                         // CONSTRUCT SEARCH VALUES (MAX YEAR)
                         // IMPORTANT NOTE - BECAUSE IT DISPLAYS THE AGE (NOT THE YEAR) TO THE SEARCHER, THIS ACTUALLY CORRESPONDS TO THE MAXIMUM AGE (MINIMUM YEAR)
                         $field_value_max = str_pad($field_3_max, 4, '0', STR_PAD_LEFT);
                         if ($field_value_max != "0000") {
                             if ($this->field_query != "") {
                                 $this->field_query .= " AND ";
                             }
                             $this->field_query .= $this->type . "value_{$field_info['field_id']}>=DATE_ADD('" . ($field_value_max - 1) . "-" . date('m', time()) . "-" . date('d', time()) . "', INTERVAL 1 DAY)";
                         }
                         // EXCLUDE USERS WHO HAVE NOT ENTERED A BIRTH YEAR
                         if ($field_value_min != "0000" || $field_value_max != "0000") {
                             if ($this->field_query != "") {
                                 $this->field_query .= " AND ";
                             }
                             $this->field_query .= "YEAR(" . $this->type . "value_{$field_info['field_id']})<>'0000'";
                         }
                         // DATE IS NOT A BIRTHDAY
                     } else {
                         // RETRIEVE VALUES
                         $var1 = "field_" . $field_info[field_id] . "_1";
                         $var2 = "field_" . $field_info[field_id] . "_2";
                         $var3 = "field_" . $field_info[field_id] . "_3";
                         if (isset($_POST[$var1])) {
                             $field_1 = $_POST[$var1];
                         } elseif (isset($_GET[$var1])) {
                             $field_1 = $_GET[$var1];
                         } else {
                             $field_1 = "";
                         }
                         if (isset($_POST[$var2])) {
                             $field_2 = $_POST[$var2];
                         } elseif (isset($_GET[$var2])) {
                             $field_2 = $_GET[$var2];
                         } else {
                             $field_2 = "";
                         }
                         if (isset($_POST[$var3])) {
                             $field_3 = $_POST[$var3];
                         } elseif (isset($_GET[$var3])) {
                             $field_3 = $_GET[$var3];
                         } else {
                             $field_3 = "";
                         }
                         $this->url_string .= $var1 . "=" . urlencode($field_1) . "&";
                         $this->url_string .= $var2 . "=" . urlencode($field_2) . "&";
                         $this->url_string .= $var3 . "=" . urlencode($field_3) . "&";
                         // ORDER DATE VALUES PROPERLY
                         switch ($date_order) {
                             case "mdy":
                                 $month = str_pad($field_1, 2, '0', STR_PAD_LEFT);
                                 $day = str_pad($field_2, 2, '0', STR_PAD_LEFT);
                                 $year = str_pad($field_3, 4, '0', STR_PAD_LEFT);
                                 break;
                             case "ymd":
                                 $year = str_pad($field_1, 4, '0', STR_PAD_LEFT);
                                 $month = str_pad($field_2, 2, '0', STR_PAD_LEFT);
                                 $day = str_pad($field_3, 2, '0', STR_PAD_LEFT);
                                 break;
                             case "dmy":
                                 $day = str_pad($field_1, 2, '0', STR_PAD_LEFT);
                                 $month = str_pad($field_2, 2, '0', STR_PAD_LEFT);
                                 $year = str_pad($field_3, 4, '0', STR_PAD_LEFT);
                                 break;
                         }
                         // CONSTRUCT FIELD VALUE
                         $field_value = $year . "-" . $month . '-' . $day;
                         if ($month != "00") {
                             if ($this->field_query != "") {
                                 $this->field_query .= " AND ";
                             }
                             $this->field_query .= "MONTH(" . $this->type . "value_{$field_info['field_id']})='{$month}'";
                         }
                         if ($day != "00") {
                             if ($this->field_query != "") {
                                 $this->field_query .= " AND ";
                             }
                             $this->field_query .= "DAY(" . $this->type . "value_{$field_info['field_id']})='{$day}'";
                         }
                         if ($year != "0000") {
                             if ($this->field_query != "") {
                                 $this->field_query .= " AND ";
                             }
                             $this->field_query .= "YEAR(" . $this->type . "value_{$field_info['field_id']})='{$year}'";
                         }
                     }
                     // DO NOT VALIDATE FIELD VALUE AND DON'T CREATE SEARCH VALUE
                 } else {
                     // RETRIEVE DATABASE FIELD VALUE
                     if ($this->value_info != "") {
                         $value_column = $this->type . "value_" . $field_info[field_id];
                         $field_value = $this->value_info[$value_column];
                     } else {
                         $field_value = "0000-00-00";
                     }
                 }
                 $year = substr($field_value, 0, 4);
                 $month = substr($field_value, 5, 2);
                 $day = substr($field_value, 8, 2);
                 // FORMAT VALUE FOR DISPLAY
                 if ($format == 1 && $field_info[field_display] != 0) {
                     if ($field_value != "0000-00-00") {
                         if ($year == "0000") {
                             $year = "";
                         }
                         if ($month == "00") {
                             $month = "";
                         } else {
                             $month = $datetime->cdate("F", mktime(0, 0, 0, $month, 1, 1990));
                         }
                         if ($day == "00") {
                             $day = "";
                         } else {
                             $day = $datetime->cdate("{$day_format}", mktime(0, 0, 0, 1, $day, 1990));
                         }
                         switch ($date_order) {
                             case "mdy":
                                 $field_value_formatted = "{$month} {$day} {$year}";
                                 break;
                             case "ymd":
                                 $field_value_formatted = "{$year} {$month} {$day}";
                                 break;
                             case "dmy":
                                 $field_value_formatted = "{$day} {$month} {$year}";
                                 break;
                         }
                         if ($field_info[field_display] == 2) {
                             link_field_values($field_value_formatted, "", array($field_info[field_id], $field_value, "", $field_info[field_display]));
                         }
                     }
                     // FORMAT VALUE FOR FORM
                 } else {
                     // GET LANGUAGE VARS
                     SE_Language::_preload_multi(579, 580, 581);
                     // CONSTRUCT MONTH ARRAY
                     $month_array = array();
                     $month_array[0] = array('name' => "579", 'value' => "0", 'selected' => "");
                     for ($m = 1; $m <= 12; $m++) {
                         if ($month == $m) {
                             $selected = " SELECTED";
                         } else {
                             $selected = "";
                         }
                         $month_array[$m] = array('name' => $datetime->cdate("{$month_format}", mktime(0, 0, 0, $m, 1, 1990)), 'value' => $m, 'selected' => $selected);
                     }
                     // CONSTRUCT DAY ARRAY
                     $day_array = array();
                     $day_array[0] = array('name' => "580", 'value' => "0", 'selected' => "");
                     for ($d = 1; $d <= 31; $d++) {
                         if ($day == $d) {
                             $selected = " SELECTED";
                         } else {
                             $selected = "";
                         }
                         $day_array[$d] = array('name' => $datetime->cdate("{$day_format}", mktime(0, 0, 0, 1, $d, 1990)), 'value' => $d, 'selected' => $selected);
                     }
                     // CONSTRUCT YEAR ARRAY
                     $year_array = array();
                     $year_count = 1;
                     $current_year = $datetime->cdate("Y", time());
                     $year_array[0] = array('name' => "581", 'value' => "0", 'selected' => "");
                     for ($y = $current_year; $y >= 1920; $y--) {
                         if ($year == $y) {
                             $selected = " SELECTED";
                         } else {
                             $selected = "";
                         }
                         $year_array[$year_count] = array('name' => $y, 'value' => $y, 'selected' => $selected);
                         $year_count++;
                     }
                     // ORDER DATE ARRAYS PROPERLY
                     switch ($date_order) {
                         case "mdy":
                             $date_array1 = $month_array;
                             $date_array2 = $day_array;
                             $date_array3 = $year_array;
                             break;
                         case "ymd":
                             $date_array1 = $year_array;
                             $date_array2 = $month_array;
                             $date_array3 = $day_array;
                             break;
                         case "dmy":
                             $date_array1 = $day_array;
                             $date_array2 = $month_array;
                             $date_array3 = $year_array;
                             break;
                     }
                 }
                 break;
             case 6:
                 // CHECKBOXES
                 // VALIDATE POSTED FIELD
                 if ($validate == 1) {
                     // RETRIEVE POSTED FIELD VALUE
                     $var = "field_" . $field_info[field_id];
                     $field_value = $_POST[$var];
                     // CHECK FOR REQUIRED
                     if ($field_info[field_required] != 0 && count($field_value) == 0) {
                         $this->is_error = 96;
                         $is_field_error = 1;
                     }
                     // UPDATE SAVE VALUE QUERY
                     if ($this->field_query != "") {
                         $this->field_query .= ", ";
                     }
                     $this->field_query .= $this->type . "value_{$field_info['field_id']}='" . implode(",", $field_value) . "'";
                     // CREATE A SEARCH QUERY FROM POSTED FIELD VALUE
                 } elseif ($search == 1) {
                     $var = "field_" . $field_info[field_id];
                     if (isset($_POST[$var])) {
                         $field_value = $_POST[$var];
                     } elseif (isset($_GET[$var])) {
                         $field_value = $_GET[$var];
                     } else {
                         $field_value = "";
                     }
                     if (count($field_value) != 0 && $field_value != "") {
                         for ($o = 0; $o < count($field_value); $o++) {
                             if ($this->field_query != "") {
                                 $this->field_query .= " AND ";
                             }
                             $this->field_query .= "FIND_IN_SET('" . $field_value[$o] . "', " . $this->type . "value_{$field_info['field_id']})";
                             $this->url_string .= $var . "[]=" . urlencode($field_value[$o]) . "&";
                         }
                     }
                     // DO NOT VALIDATE FIELD VALUE AND DON'T CREATE SEARCH VALUE
                 } else {
                     // RETRIEVE DATABASE FIELD VALUE
                     if ($this->value_info != "") {
                         $value_column = $this->type . "value_" . $field_info[field_id];
                         $field_value = explode(",", $this->value_info[$value_column]);
                     }
                 }
                 // LOOP OVER FIELD OPTIONS
                 $options = unserialize($field_info[field_options]);
                 for ($i = 0, $max = count($options); $i < $max; $i++) {
                     $dep_field_info = "";
                     $dep_field_value = "";
                     $dep_field_options = "";
                     // OPTION HAS DEPENDENCY
                     if ($options[$i][dependency] == "1") {
                         $dep_field_query = "SELECT " . $this->type . "field_id AS field_id, " . $this->type . "field_type AS field_type, " . $this->type . "field_title AS field_title, " . $this->type . "field_style AS field_style, " . $this->type . "field_options AS field_options, " . $this->type . "field_maxlength AS field_maxlength, " . $this->type . "field_link AS field_link, " . $this->type . "field_required AS field_required, " . $this->type . "field_regex AS field_regex, " . $this->type . "field_display AS field_display FROM se_" . $this->type . "fields WHERE " . $this->type . "field_id='" . $options[$i][dependent_id] . "' AND " . $this->type . "field_dependency='{$field_info['field_id']}'";
                         $dep_field = $database->database_query($dep_field_query);
                         if ($database->database_num_rows($dep_field) != "1") {
                             $options[$i][dependency] = 0;
                         } else {
                             $dep_field_info = $database->database_fetch_assoc($dep_field);
                             // VALIDATE POSTED FIELD VALUE
                             if ($validate == 1) {
                                 // OPTION SELECTED
                                 if (in_array($options[$i][value], $field_value)) {
                                     $dep_var = "field_" . $dep_field_info[field_id];
                                     $dep_field_value = censor($_POST[$dep_var]);
                                     // DEP FIELD TYPE
                                     switch ($dep_field_info[field_type]) {
                                         // TEXT FIELD
                                         case "1":
                                             // CHECK FOR REQUIRED
                                             if ($dep_field_info[field_required] != 0 && trim($dep_field_value) == "") {
                                                 $this->is_error = 96;
                                                 $is_field_error = 1;
                                             }
                                             // RUN PREG MATCH
                                             if ($dep_field_info[field_regex] != "" && trim($dep_field_value) != "") {
                                                 if (!preg_match($dep_field_info[field_regex], $dep_field_value)) {
                                                     $this->is_error = 97;
                                                     $is_field_error = 1;
                                                 }
                                             }
                                             break;
                                             // SELECT BOX
                                         // SELECT BOX
                                         case "3":
                                             // CHECK FOR REQUIRED
                                             if ($dep_field_info['field_required'] != 0 && ($dep_field_value == "-1" || $dep_field_value == "")) {
                                                 $this->is_error = 96;
                                                 $is_field_error = 1;
                                             }
                                             break;
                                     }
                                     // OPTION NOT SELECTED
                                 } else {
                                     $dep_field_value = "";
                                 }
                                 // UPDATE SAVE VALUE QUERY
                                 if ($this->field_query != "") {
                                     $this->field_query .= ", ";
                                 }
                                 $this->field_query .= $this->type . "value_{$dep_field_info['field_id']}='{$dep_field_value}'";
                                 // DO NOT VALIDATE POSTED FIELD VALUE
                             } else {
                                 // RETRIEVE DATABASE FIELD VALUE
                                 if ($this->value_info != "") {
                                     $value_column = $this->type . "value_" . $dep_field_info[field_id];
                                     $dep_field_value = $this->value_info[$value_column];
                                 }
                             }
                             // RETRIEVE DEP FIELD OPTIONS
                             $dep_options = unserialize($dep_field_info[field_options]);
                             for ($i2 = 0, $max2 = count($dep_options); $i2 < $max2; $i2++) {
                                 SE_Language::_preload($dep_options[$i2][label]);
                                 $dep_field_options[] = array('value' => $dep_options[$i2][value], 'label' => $dep_options[$i2][label]);
                                 if ($dep_options[$i2][value] == $dep_field_value) {
                                     $dep_field_value_formatted = $dep_options[$i2][label];
                                 }
                             }
                         }
                     }
                     // FORMAT VALUE FOR DISPLAY IF OPTION IS SELECTED
                     if ($format == 1 && in_array($options[$i][value], $field_value) && $field_info[field_display] != 0) {
                         SE_Language::_preload_multi($dep_field_info[field_title], $options[$i][label]);
                         SE_Language::load();
                         $formatted_prelim = SE_Language::_get($options[$i][label]);
                         // LINK FIELD VALUES IF NECESSARY
                         if ($field_info[field_display] == 2) {
                             link_field_values($formatted_prelim, "", array($field_info[field_id], $options[$i][value], "", $field_info[field_display]));
                         }
                         // ADD DEPENDENT VALUE TO FIELD VALUE
                         if ($dep_field_value != "" && $dep_field_info[field_display] != 0) {
                             if ($dep_field_info[field_type] == 3) {
                                 $dep_field_value_formatted = SE_Language::_get($dep_field_value_formatted);
                             } else {
                                 $dep_field_value_formatted = $dep_field_value;
                             }
                             link_field_values($dep_field_value_formatted, "", array($dep_field_info[field_id], $dep_field_value, $dep_field_info[field_link], $dep_field_info[field_display]));
                             $field_value_formatted .= " " . SE_Language::_get($dep_field_info[field_title]) . " " . $dep_field_value_formatted;
                         }
                         if (trim($field_value_formatted) != "") {
                             $field_value_formatted .= ", ";
                         }
                         $field_value_formatted .= $formatted_prelim;
                     }
                     // SET OPTIONS ARRAY
                     SE_Language::_preload_multi($dep_field_info[field_title], $options[$i][label]);
                     $field_options[] = array('value' => $options[$i][value], 'label' => $options[$i][label], 'dependency' => $options[$i][dependency], 'dep_field_id' => $dep_field_info[field_id], 'dep_field_title' => $dep_field_info[field_title], 'dep_field_type' => $dep_field_info[field_type], 'dep_field_required' => $dep_field_info[field_required], 'dep_field_maxlength' => $dep_field_info[field_maxlength], 'dep_field_options' => $dep_field_options, 'dep_field_style' => $dep_field_info[field_style], 'dep_field_value' => $dep_field_value, 'dep_field_error' => $dep_field_error);
                 }
                 break;
         }
         // SET FIELD ERROR IF ERROR OCCURRED
         if ($is_field_error == 1) {
             $field_error = $field_info[field_error];
         } else {
             $field_error = 0;
         }
         // SET FIELD VALUE ARRAY FOR LATER USE
         // FIX THIS FOR CHECKBOXES (USED FOR SUBNETS?)
         $this->fields_new[$this->type . "value_" . $field_info[field_id]] = $field_value;
         // SET SPECIAL FIELDS, IF NECESSARY
         if ($field_info[field_special] != 0) {
             $this->field_special[$field_info[field_special]] = $field_value;
         }
         // SAVE FORMATTED FIELD VALUE IN ARRAY
         if ($field_value_formatted != "") {
             $this->field_values[] = $field_value_formatted;
         }
         // SET FIELD ARRAY AND INCREMENT FIELD COUNT
         if ($format == 0 && $search == 0 || $format == 1 && $field_value_formatted != "" || $search == 1 && $field_info[field_search] != 0) {
             SE_Language::_preload_multi($field_info[field_title], $field_info[field_desc], $field_info[field_error]);
             $this->fields[] = $this->fields_all[] = array('field_id' => $field_info[field_id], 'field_title' => $field_info[field_title], 'field_desc' => $field_info[field_desc], 'field_type' => $field_info[field_type], 'field_required' => $field_info[field_required], 'field_style' => $field_info[field_style], 'field_maxlength' => $field_info[field_maxlength], 'field_special' => $field_info[field_special], 'field_signup' => $field_info[field_signup], 'field_search' => $field_info[field_search], 'field_options' => $field_options, 'field_value' => $field_value, 'field_value_formatted' => $field_value_formatted, 'field_value_min' => $field_value_min, 'field_value_max' => $field_value_max, 'field_error' => $field_error, 'date_array1' => $date_array1, 'date_array2' => $date_array2, 'date_array3' => $date_array3);
             $field_count++;
         }
     }
 }
Пример #20
0
                print '<div class="news-wrapper">';
            }
            $URL = _webBase . _sh . _webLang . _sh . _blog . _sh;
            if (isset($post["categories"][0]["Title"])) {
                $category = '<span class="new-category">' . a($post["categories"][0]["Title"], $URL . _category . _sh . $post["categories"][0]["Slug"]) . '</span> ';
            } else {
                $category = NULL;
            }
            $URL = _webBase . _sh . _webLang . _sh . _blog . _sh . $post["post"]["Year"] . _sh . $post["post"]["Month"] . _sh . $post["post"]["Day"] . _sh;
            print '<div class="new">';
            print $category;
            if ($post["post"]["Image_Medium"] !== "") {
                print a(img(_webURL . _sh . $post["post"]["Image_Medium"], $post["categories"][0]["Title"], "new-image"), $URL . $post["post"]["Slug"]) . "<br />";
            } else {
                print '<br />';
            }
            print '<span class="new-title">' . a(cut($post["post"]["Title"], 10), $URL . $post["post"]["Slug"]) . '</span><br />';
            print cut(cleanHTML($post["post"]["Content"]), 16) . " <br /> " . a(__("Read more"), $URL . $post["post"]["Slug"]);
            print '</div>';
            if ($i === 2 or $j === $total) {
                print '<div class="clear"></div>';
                print '</div>';
                $i = 0;
            } else {
                $i++;
            }
            $j++;
        }
    }
}
print '</div>';
Пример #21
0
/**
 * filter
 * 
 * Cleans a string
 *
 * @param string $text
 * @param string $cleanHTML = FALSE
 * @return string $text
 */
function filter($text, $filter = FALSE)
{
    if (is_null($text)) {
        return FALSE;
    }
    if ($text === TRUE) {
        return TRUE;
    } elseif ($filter === TRUE) {
        $text = cleanHTML($text);
    } else {
        $text = addslashes($text);
    }
    $text = str_replace("<", "", $text);
    $text = str_replace(">", "", $text);
    $text = str_replace("%27", "", $text);
    $text = str_replace("%22", "", $text);
    $text = str_replace("%20", "+", $text);
    $text = str_replace("indexphp", "index.php", $text);
    return $text;
}
Пример #22
0
/**
 * filter
 * 
 * Cleans a string
 *
 * @param string $text
 * @param string $cleanHTML = FALSE
 * @return string $text
 */
function filter($text, $filter = FALSE)
{
    if (is_null($text) or !is_string($text)) {
        return FALSE;
    }
    if ($filter === TRUE) {
        $text = cleanHTML($text);
    } elseif ($filter === "escape") {
        $text = addslashes($text);
    } else {
        $text = str_replace("'", "", $text);
        $text = str_replace('"', "", $text);
        $text = str_replace("\\", "", $text);
    }
    $text = str_replace("<", "", $text);
    $text = str_replace(">", "", $text);
    $text = str_replace("%27", "", $text);
    $text = str_replace("%22", "", $text);
    $text = str_replace("%20", "", $text);
    $text = str_replace("indexphp", "index.php", $text);
    return $text;
}
Пример #23
0
 public function frameResponse(\FrameResponseObject $frameResponseObject)
 {
     /*	if (isset($this->params[1])) {
     			$object = \steam_factory::get_object($GLOBALS["STEAM"]->get_id(), $this->id);
     			$parent = $object->get_environment();
     			if ($parent instanceof \steam_container) {
     				$doc = $parent->get_object_by_name($this->params[1]);
     				if ($doc instanceof \steam_document) {
     					header("location: " . PATH_URL . "Download/Document/" . $doc->get_id());
     					exit;
     				}
     			}
     			\ExtensionMaster::getInstance()->send404Error();
     			exit;
     		}*/
     if (isset($this->id)) {
         $object = \steam_factory::get_object($GLOBALS["STEAM"]->get_id(), $this->id);
         $objName = $object->get_name();
         if ($object instanceof \steam_docextern) {
             $actionBar = new \Widgets\ActionBar();
             $actionBar->setActions(array(array("name" => "URL in neuem Fenster öffnen", "link" => "javascript:window.open('{$object->get_attribute("DOC_EXTERN_URL")}');")));
             $rawHtml = new \Widgets\RawHtml();
             $rawHtml->setHtml("<iframe height=\"800px\" width=\"100%\" src=\"{$object->get_attribute("DOC_EXTERN_URL")}\" scrolling=\"yes\"></iframe>");
             $frameResponseObject->setTitle($objName);
             $frameResponseObject->addWidget($actionBar);
             $frameResponseObject->addWidget($rawHtml);
             return $frameResponseObject;
         } else {
             if ($object instanceof \steam_document) {
                 $mimetype = $object->get_attribute(DOC_MIME_TYPE);
                 $objDesc = trim($object->get_attribute(OBJ_DESC));
                 $actionBar = new \Widgets\ActionBar();
                 $actionBar->setActions(array(array("name" => "Herunterladen", "link" => PATH_URL . "Download/Document/" . $this->id . "/" . $objName), array("name" => "Eigenschaften", "ajax" => array("onclick" => array("command" => "properties", "params" => array("id" => $this->id), "requestType" => "popup"))), array("name" => "Rechte", "ajax" => array("onclick" => array("command" => "Sanctions", "params" => array("id" => $this->id), "requestType" => "popup")))));
                 if ($objDesc === 0 || $objDesc === "") {
                     $name = $objName;
                 } else {
                     $name = $objDesc . " (" . $objName . ")";
                 }
                 $html = "";
                 if ($mimetype == "image/png" || $mimetype == "image/jpeg" || $mimetype == "image/jpg" || $mimetype == "image/gif") {
                     // Image
                     $html = "<div style=\"text-align:center\"><img style=\"max-width:100%\" title=\"{$name}\" alt=\"Bild: {$name}\" src=\"" . PATH_URL . "Download/Document/" . $this->id . "/\"></div>";
                 } else {
                     if ($mimetype == "text/html") {
                         $actionBar->setActions(array(array("name" => "Bearbeiten", "link" => PATH_URL . "Explorer/EditDocument/" . $this->id . "/"), array("name" => "Quelltext", "link" => PATH_URL . "Explorer/CodeEditDocument/" . $this->id . "/"), array("name" => "Eigenschaften", "ajax" => array("onclick" => array("command" => "properties", "params" => array("id" => $this->id), "requestType" => "popup"))), array("name" => "Rechte", "ajax" => array("onclick" => array("command" => "Sanctions", "params" => array("id" => $this->id), "requestType" => "popup")))));
                         //$html = "<B>Hello</I> How are <U> you?</B>";
                         $html = cleanHTML($object->get_content());
                         $dirname = dirname($object->get_path()) . "/";
                         preg_match_all('/href="([%a-z0-9.-_\\/]*)"/iU', $html, $matches);
                         $orig_matches = $matches[0];
                         $path_matches = $matches[1];
                         foreach ($path_matches as $key => $path) {
                             $path = urldecode($path);
                             if (parse_url($path, PHP_URL_SCHEME) != null) {
                                 continue;
                             }
                             $ref_object = \steam_factory::get_object_by_name($GLOBALS["STEAM"]->get_id(), $dirname . $path);
                             if ($ref_object instanceof \steam_object) {
                                 $new_path = PATH_URL . "explorer/index/" . $ref_object->get_id();
                             } else {
                                 $new_path = PATH_URL . "404/";
                             }
                             $html = str_replace($orig_matches[$key], "href=\"" . $new_path . "\"", $html);
                         }
                         preg_match_all('/src="([%a-z0-9.\\-_\\/]*)"/iU', $html, $matches);
                         $orig_matches = $matches[0];
                         $path_matches = $matches[1];
                         foreach ($path_matches as $key => $path) {
                             $path = urldecode($path);
                             if (parse_url($path, PHP_URL_SCHEME) != null) {
                                 continue;
                             }
                             $ref_object = \steam_factory::get_object_by_name($GLOBALS["STEAM"]->get_id(), $dirname . $path);
                             if ($ref_object instanceof \steam_object) {
                                 $new_path = PATH_URL . "Download/Document/" . $ref_object->get_id();
                             } else {
                                 $new_path = PATH_URL . "styles/standard/images/404.jpg";
                             }
                             $html = str_replace($orig_matches[$key], "src=\"" . $new_path . "\"", $html);
                         }
                         //	die;
                         //	$html = preg_replace('/href="([a-z0-9.-_\/]*)"/iU', 'href="' . $config_webserver_ip . '/tools/get.php?object=' . $current_path . '$1"', $html);
                         //	$html = preg_replace('/src="([a-z0-9.\-_\/]*)"/iU', 'src="' . $config_webserver_ip . '/tools/get.php?object=' . $current_path . '$1"', $html);
                     } else {
                         if (strstr($mimetype, "text")) {
                             $bidDokument = new \BidDocument($object);
                             $actionBar->setActions(array(array("name" => "Bearbeiten", "link" => PATH_URL . "Explorer/EditDocument/" . $this->id . "/"), array("name" => "Herunterladen", "link" => PATH_URL . "Download/Document/" . $this->id . "/"), array("name" => "Eigenschaften", "ajax" => array("onclick" => array("command" => "properties", "params" => array("id" => $this->id), "requestType" => "popup"))), array("name" => "Rechte", "ajax" => array("onclick" => array("command" => "Sanctions", "params" => array("id" => $this->id), "requestType" => "popup")))));
                             //$html = "<pre>{$object->get_content()}</pre>";
                             $html = $bidDokument->get_content();
                         } else {
                             header("location: " . PATH_URL . "Download/Document/" . $this->id . "/");
                         }
                     }
                 }
                 $rawHtml = new \Widgets\RawHtml();
                 $rawHtml->setHtml($html);
                 //$rawHtml->addWidget($breadcrumb);
                 //$rawHtml->addWidget($environment);
                 //$rawHtml->addWidget($loader);
                 $frameResponseObject->setTitle($name);
                 $frameResponseObject->addWidget($actionBar);
                 $frameResponseObject->addWidget($rawHtml);
                 return $frameResponseObject;
             }
         }
     } else {
         header("location: " . PATH_URL . "404/");
     }
 }
Пример #24
0
 function user_message_send($to, $subject, $message, $convo_id = NULL)
 {
     global $database, $notify, $url;
     $recipients = array();
     $recipients_full = array();
     // VALIDATE CONVERSATION ID
     if (!$convo_id || !is_numeric($convo_id)) {
         $convo_id = 0;
     }
     // CHECK TO SEE IF MESSAGE IS EMPTY
     if (!trim($message)) {
         $this->is_error = 796;
     }
     // NEW MESSAGE
     if (!$convo_id) {
         // ORGANIZE RECIPIENTS
         $tos = array_filter(preg_split('/[\\s,;]+?/', $to));
         array_splice($tos, $this->level_info['level_message_recipients']);
         // LOOP OVER RECIPIENTS
         foreach ($tos as $to_username) {
             // CANT SEND TO SELF
             if (strtolower($to_username) == strtolower($this->user_info['user_username'])) {
                 continue;
             }
             // GET TO USER OBJECT
             $to_user = new SEUser(array(NULL, $to_username));
             // CANT SEND TO NON EXISTENT USER. BLOCKED USER, OR USERS NOT ALLOWED TO USE MESSAGES
             if (!$to_user->user_exists) {
                 continue;
             }
             if ($to_user->user_blocked($this->user_info['user_id'])) {
                 continue;
             }
             if (!$this->level_info['level_message_allow']) {
                 continue;
             }
             // CHECK MESSAGE TYPES AND ADD RECIPIENT
             if ($this->level_info['level_message_allow'] == 2 || $this->level_info['level_message_allow'] == 1 && $this->user_friended($to_user->user_info['user_id'])) {
                 $recipients_full[$to_user->user_info['user_id']] =& $to_user;
                 $recipients[] = $to_user->user_info['user_id'];
             }
         }
         // ENSURE THERE ARE RECIPIENTS
         if (empty($recipients)) {
             $this->is_error = 795;
         }
         // IF NO ERROR, CREATE CONVERSATION
         if (!$this->is_error) {
             // CREATE CONVO
             $sql = "INSERT INTO se_pmconvos (pmconvo_subject, pmconvo_recipients) VALUES ('" . addslashes($subject) . "', '" . (count($recipients) + 1) . "')";
             $resource = $database->database_query($sql);
             $convo_id = $database->database_insert_id();
             // CREATE CONVOOPS
             $sql = "\r\n          INSERT INTO se_pmconvoops\r\n            (pmconvoop_pmconvo_id, pmconvoop_user_id, pmconvoop_deleted_outbox, pmconvoop_deleted_inbox)\r\n          VALUES\r\n            ('{$convo_id}', '{$this->user_info['user_id']}', 0, 1)";
             //$is_first = TRUE;
             foreach ($recipients as $to_user_id) {
                 $sql .= ", ('{$convo_id}', '{$to_user_id}', 1, 0)";
             }
             // EXECUTE QUERY
             $resource = $database->database_query($sql);
         }
     } else {
         $sql = "SELECT pmconvoop_user_id FROM se_pmconvoops WHERE pmconvoop_pmconvo_id='{$convo_id}'";
         $resource = $database->database_query($sql);
         $unauthorized = TRUE;
         while ($pmconvoop_info = $database->database_fetch_assoc($resource)) {
             if ($pmconvoop_info['pmconvoop_user_id'] != $this->user_info['user_id']) {
                 $recipients[] = $pmconvoop_info['pmconvoop_user_id'];
             } else {
                 $unauthorized = FALSE;
             }
         }
         // USER WAS NOT IN CONVERSATION
         if ($unauthorized) {
             $this->is_error = 39;
         }
         // FIX THIS CODE RANDOM NUMBER TEMP
     }
     // IF NO ERROR, ADD MESSAGE TO CONVERSATION
     if (!$this->is_error) {
         // LINK ALL LINKS
         $message = ereg_replace("http://([.]?[a-zA-Z0-9_/-])*", "<a href=\"\\0\" target=\"_blank\">\\0</a>", $message);
         $message = ereg_replace("(^| |\n)(www([.]?[a-zA-Z0-9_/-])*)", "\\1<a href=\"http://\\2\" target=\"_blank\">\\2</a>", $message);
         // RUN SECURITY ON THE MESSAGE TO ENSURE NO XSS ATTACKS WITH LINKS
         $message = cleanHTML($message, "a");
         // REPLACE NEWLINES IN BODY WITH BREAKS
         $message = str_replace("\n", "<br>", $message);
         $message = str_replace("'", "\\'", $message);
         // INSERT MESSAGE
         $pm_date = time();
         $sql = "\r\n        INSERT INTO se_pms\r\n          (pm_authoruser_id, pm_pmconvo_id, pm_date, pm_body)\r\n        VALUES\r\n          ('{$this->user_info['user_id']}', '{$convo_id}', '{$pm_date}', '{$message}')\r\n      ";
         $resource = $database->database_query($sql);
         // UPDATE PMCONVOOPS
         $sql = "UPDATE se_pmconvoops SET pmconvoop_deleted_outbox=0, pmconvoop_pmdate='{$pm_date}' WHERE pmconvoop_pmconvo_id='{$convo_id}' && pmconvoop_user_id='{$this->user_info['user_id']}'";
         $resource = $database->database_query($sql);
         $sql = "UPDATE se_pmconvoops SET pmconvoop_deleted_inbox=0, pmconvoop_read=0, pmconvoop_pmdate='{$pm_date}' WHERE pmconvoop_pmconvo_id='{$convo_id}' && pmconvoop_user_id!='{$this->user_info['user_id']}'";
         $resource = $database->database_query($sql);
         // INSERT/SEND NOTIFICATIONS FOR RECIPIENTS
         // GET RECIPIENTS IF NOT INITIAL MESSAGE
         foreach ($recipients as $recipient_user_id) {
             //if( empty($recipients_full[$recipient_user_id]) )
             //{
             $recipients_full[$recipient_user_id] = new SEUser(array($recipient_user_id));
             //}
             $current_recipient =& $recipients_full[$recipient_user_id];
             // NOT A USER
             if (!is_object($current_recipient) || !$current_recipient->user_exists) {
                 continue;
             }
             // ADD NOTIFICATION
             $notify->notify_add($current_recipient->user_info['user_id'], 'message', $convo_id, array(), array(), TRUE);
             // SEND EMAIL
             $current_recipient->user_settings('usersetting_notify_message');
             if ($current_recipient->usersetting_info['usersetting_notify_message']) {
                 send_systememail('message', $current_recipient->user_info[user_email], array($current_recipient->user_displayname, $this->user_displayname, "<a href=\"{$url->url_base}login.php\">{$url->url_base}login.php</a>"));
             }
             // CLEAN OUT THEM OLD MESSAGES
             $num_inbox = $current_recipient->user_message_total(0, 0);
             $num_outbox = $current_recipient->user_message_total(1, 0);
             $num_inbox_delete = $num_inbox - $current_recipient->level_info['level_message_inbox'];
             $num_outbox_delete = $num_outbox - $current_recipient->level_info['level_message_outbox'];
             // CLEAN OUT INBOX
             if ($num_inbox_delete > 0) {
                 $sql = "\r\n            SELECT\r\n              se_pmconvoops.pmconvoop_pmconvo_id AS pmconvo_id\r\n            FROM\r\n              se_pmconvoops\r\n            LEFT JOIN\r\n              se_pmconvos\r\n              ON se_pmconvos.pmconvo_id=se_pmconvoops.pmconvoop_pmconvo_id\r\n            LEFT JOIN\r\n              se_pms\r\n              ON se_pms.pm_pmconvo_id=se_pmconvos.pmconvo_id\r\n            WHERE\r\n              se_pmconvoops.pmconvoop_user_id='{$current_recipient->user_info['user_id']}' &&\r\n              se_pmconvoops.pmconvoop_deleted_inbox=0 &&\r\n              se_pms.pm_id=(SELECT MAX(pm_id) FROM se_pms WHERE pm_pmconvo_id=se_pmconvoops.pmconvoop_pmconvo_id)\r\n            ORDER BY\r\n              se_pms.pm_date ASC\r\n            LIMIT\r\n              {$num_inbox_delete}\r\n          ";
                 $resource = $database->database_query($sql);
                 while ($result = $database->database_fetch_assoc($resource)) {
                     $delete_array[] = $result['pmconvo_id'];
                 }
                 // DELETE
                 $current_recipient->user_message_delete_selected($delete_array, 0);
             }
             // CLEAN OUT OUTBOX
             if ($num_outbox_delete > 0) {
                 $sql = "\r\n            SELECT\r\n              se_pmconvoops.pmconvoop_pmconvo_id AS pmconvo_id\r\n            FROM\r\n              se_pmconvoops\r\n            LEFT JOIN\r\n              se_pmconvos\r\n              ON se_pmconvos.pmconvo_id=se_pmconvoops.pmconvoop_pmconvo_id\r\n            LEFT JOIN\r\n              se_pms\r\n              ON se_pms.pm_pmconvo_id=se_pmconvos.pmconvo_id\r\n            WHERE\r\n              se_pmconvoops.pmconvoop_user_id='{$current_recipient->user_info['user_id']}' &&\r\n              se_pmconvoops.pmconvoop_deleted_outbox=0 &&\r\n              se_pms.pm_id=(SELECT MAX(pm_id) FROM se_pms WHERE pm_pmconvo_id=se_pmconvoops.pmconvoop_pmconvo_id)\r\n            ORDER BY\r\n              se_pms.pm_date ASC\r\n            LIMIT\r\n              {$num_outbox_delete}\r\n          ";
                 $resource = $database->database_query($sql);
                 while ($result = $database->database_fetch_assoc($resource)) {
                     $delete_array[] = $result['pmconvo_id'];
                 }
                 // DELETE
                 $current_recipient->user_message_delete_selected($delete_array, 1);
             }
             // CLEAR INACTIVE CONVERSATIONS
             $this->user_message_cleanup();
         }
     }
     return $convo_id;
 }
Пример #25
0
 */
foreach ($node_list as $node => $visits) {
    if (key_exists($node, $events)) {
        $name = $events[$node]->description;
        $url = '';
        $label = "<<TABLE BORDER=\"0\">" . "<TR><TD>{$name}</TD></TR>" . "</TABLE>>";
    } else {
        $loId = new LOId($node);
        $lo = $adaptor->createLO($loId);
        $loType = Intuitel::getIDFactory()->getType($lo->loId);
        if ($supress_course && $loType == 'course') {
            continue;
        }
        $name = str_replace('"', '', $lo->loName);
        $node = loId_escape($lo->loId);
        list($imgurl, $url) = cleanHTML(block_intuitel_generateHtmlModuleLink(Intuitel::getIDFactory()->getIdfromLoId($loId)));
        //$img = "<IMG SRC=\"$imgurl\"/>";
        $use_data = $adaptor->getUseData($lo, $userid);
        $label_grade_row = '';
        if (isset($use_data['grade'])) {
            $label_grade_row = '<FONT POINT-SIZE="10">Final grade:' . number_format($use_data['grade']) . '/' . number_format($use_data['grademax']) . '</FONT>';
        }
        if ($label_grade_row) {
            $label = "<<TABLE BORDER=\"0\">" . "<TR><TD ROWSPAN=\"2\">{$name}</TD><TD ALIGN=\"LEFT\"><FONT POINT-SIZE=\"10\">{$visits} visits</FONT></TD></TR><TR><TD>{$label_grade_row}</TD></TR>" . "</TABLE>>";
        } else {
            $label = "<<TABLE BORDER=\"0\">" . "<TR><TD>{$name}</TD></TR><TR><TD><FONT POINT-SIZE=\"10\">{$visits} visits</FONT></TD></TR>" . "</TABLE>>";
        }
    }
    //$label = "\"$name\"";
    $line = "\t{$node} [ label={$label} , URL=\"{$url}\" {$node_style} ];\n";
    $node_lines = $node_lines . $line;
Пример #26
0
function sendMail($mailto, $subject, &$mail, $mailfrom = "", $header = "", $isHTML = true, $attach = "")
{
    # mailto = destination mail, accepts extended version (name <mail>) and comma delimited list
    # subject = subject line
    # mail = template with the fill mail >>>OBJECT<<<
    # mailfrom = "from" mail
    # header (optional) = headers, you might or might not fill a Content-Type
    # isHTML = if true, adds proper Content-Type
    # attach = filename for attachment
    $subject = str_replace("\n", "", $subject);
    // bye exploit
    $subject = str_replace("\r", "", $subject);
    // bye exploit
    if (preg_match('!\\S!u', $subject) !== 0) {
        $subject = '=?UTF-8?B?' . base64_encode($subject) . '?=';
    }
    if ($mailfrom == "" && strpos($mailto, ",") === false) {
        $mailfrom = $mailto;
    }
    // no mailfrom, use mailti
    if ($header != "" && $header[strlen($header) - 1] != "\n") {
        $header .= "\n";
    }
    // add \n at the end of the last line of pre-defined header
    $mailfrom = str_replace("\n", "", $mailfrom);
    // bye exploit
    if (strpos(strtoupper($header), "RETURN-PATH:") === false && isMail($mailfrom, true)) {
        // no R-P, add if possible
        $header .= "Return-path: {$mailfrom}\n";
    }
    if (strpos(strtoupper($header), "REPLY-TO:") === false && isMail($mailfrom, true)) {
        // no R-T, add if possible
        $header .= "Reply-To: {$mailfrom}\n";
    }
    if (strpos(strtoupper($header), "FROM:") === false && isMail($mailfrom, true)) {
        // no FROM, add if possible
        $header .= "From: {$mailfrom}\n";
    }
    if ($isHTML || $attach != "") {
        // HTML mode with attachment
        $isHTML = true;
        $bound = "--=XYZ_" . md5(date("dmYis")) . "_ZYX";
        $bnext = "--=NextPart_XYZ_" . md5(date("dm")) . ".E0_PART";
        $header .= "Content-Type:multipart/" . ($attach != "" ? "mixed" : "alternative") . "; boundary=\"{$bound}\"\n";
    } else {
        // not HTML nor with attachment
        $header .= "Content-Type:text/plain; charset=utf-8\n";
    }
    $header .= "MIME-Version: 1.0\n";
    $header .= "x-mailer: PresciaMailer\n";
    $mail->assign("IP", CONS_IP);
    $mail->assign("HOUR", date("H:i"));
    $mail->assign("DATA", date("d/m/Y"));
    $mail->assign("DATE", date("m/d/Y"));
    $corpo = $mail->techo();
    if ($attach != "" && is_file($attach)) {
        // deal with attachment
        //Open file and convert to base64
        $fOpen = fopen($attach, "rb");
        $fAtach = fread($fOpen, filesize($attach));
        $ext = explode(".", $attach);
        $ext = array_pop($ext);
        $fAtach = base64_encode($fAtach);
        fclose($fOpen);
        $fAtach = chunk_split($fAtach);
        $corpoplain = preg_replace("/( ){2,}/", " ", cleanHTML($corpo));
        // Add multipart message
        $sBody = "This is a multipart MIME message.\n\n";
        $sBody .= "--{$bound}\n";
        $sBody .= "Content-Type: multipart/alternative; boundary=\"{$bnext}\"\n\n\n";
        $sBody .= "--{$bnext}\n" . "Content-Type: text/plain; charset=utf-8\n\n" . $corpoplain . "\n\n" . "--{$bnext}\n";
        $sBody .= "Content-Type:text/html; charset=utf-8\n\n";
        $sBody .= "{$corpo} \n\n";
        $sBody .= "--{$bnext}--\n\n";
        $sBody .= "--{$bound}\n";
        $fname = explode("/", str_replace("\\", "/", $attach));
        $sBody .= "Content-Disposition: attachment; filename=" . array_pop($fname) . "\n";
        if (!function_exists("getMime")) {
            include_once CONS_PATH_INCLUDE . "getMime.php";
        }
        $sBody .= "Content-Type: " . getMime($ext) . "\n";
        $sBody .= "Content-Transfer-Encoding: base64\n\n{$fAtach}\n";
        $sBody .= "--{$bound}--\n\n";
    } else {
        if ($isHTML) {
            $corpoplain = preg_replace("/( ){2,}/", " ", stripHTML($corpo));
            $sBody = "This is a multipart MIME message.\n\n";
            $sBody .= "--{$bound}\n" . "Content-Type: text/plain; charset=utf-8\n\n" . $corpoplain . "\n\n" . "--{$bound}\n" . "Content-Type: text/html; charset=utf-8\n\n" . $corpo . "\n\n" . "--{$bound}--\n";
        } else {
            $sBody = $corpo;
        }
    }
    if (substr($subject, 0, 3) == "NS:") {
        $sBody .= chr(0);
    }
    // Newsletter character flag
    if (preg_match('@^([^<]*)<([^>]*)>(.?)$@i', $mailfrom, $matches) == 1) {
        $mailfrom = $matches[2];
    }
    // removes expanded mail mode
    $ok = false;
    // will return false ONLY if ALL submissions fail
    $mailto = explode(",", $mailto);
    foreach ($mailto as $mt) {
        $mt = trim($mt);
        // Subject: =?UTF-8?B?".base64_encode($subject)."?=
        if (!@mail($mt, $subject, $sBody, $header, '-f' . $mailfrom)) {
            $ok = @mail($mt, $subject, $sBody, $header, '-r' . $mailfrom) || $ok;
        } else {
            $ok = true;
        }
    }
    return $ok;
}
Пример #27
0
function include_mail_text()
{
    global $Host, $d_stats, $tribe, $mid, $subject, $set, $type, $action, $userid, $submit, $kingdom, $userid, $message, $inputBody, $orkTime, $local_stats, $connection, $posts, $replyid;
    include_once 'inc/functions/forums.php';
    require_once 'inc/functions/mail.php';
    $objSrcUser =& $GLOBALS['objSrcUser'];
    $local_stats = $objSrcUser->get_stats();
    if (!$set) {
        $set = "view";
    }
    if (!$kingdom) {
        $kingdom = $local_stats['kingdom'];
    }
    $count = '0';
    $topLinks = '<div class="center">' . "| " . "<a href=\"main.php?cat=game&amp;page=mail&amp;set=compose\">" . "Compose Mail" . "</a>" . " | " . "<a href=\"main.php?cat=game&amp;page=mail&amp;set=view\">" . "View Inbox" . "</a>" . " | " . "<a href=\"main.php?cat=game&amp;page=mail&amp;set=outbox\">" . "View Outbox" . "</a>" . " | " . "<a href=\"main.php?cat=game&amp;page=message&amp;tribe=1&amp;alliance=1\">" . "Send a Report" . "</a>" . " | " . "<a href=\"main.php?cat=game&amp;page=mail&amp;set=block\">" . "Block Mail" . "</a>";
    if ($local_stats['type'] == 'elder') {
        $topLinks .= " | " . "<a href=\"main.php?cat=game&amp;page=mail&amp;set=eldermail\">" . "Alliance Mail" . "</a>";
    }
    $topLinks .= " |</div>";
    echo $topLinks;
    if ($set == "sendmail") {
        send_mail($userid, $tribe, $subject, $message);
        //changed to use send_mail function - AI 10/12/2006
    }
    if ($set == "eldermailsend") {
        $message = safeHTML($message);
        $subject = safeHTML($subject);
        $message = "{$message}<br /><br />Your elder: " . $local_stats['name'];
        if (!$subject) {
            $subject = "No Subject";
        }
        $query = mysql_query("SELECT id FROM stats WHERE kingdom = {$local_stats['kingdom']}");
        while ($datas = mysql_fetch_array($query)) {
            if ($datas["id"] != $userid) {
                $create['message'] = mysql_query("INSERT INTO messages (id, for_user, from_user, date, subject, text, new, action) VALUES ('', '" . $datas['id'] . "', '" . $userid . "', '" . $orkTime . "', '" . $subject . "', '" . $message . "', 'new', 'received')");
                $update['timestamp'] = mysql_query("UPDATE preferences SET last_m ='{$orkTime}' WHERE id= {$tribe}");
            }
        }
        $create['message'] = mysql_query("INSERT INTO messages (id, for_user, from_user, date, subject, text, new, action) VALUES ('', '0', '" . $userid . "', '" . $orkTime . "', '" . $subject . "', '" . $message . "', 'old', 'sent')");
        $set = "eldermail";
        echo '<div class="center">' . "<h3>Message sent to all your alliance members.</h3></div>";
    }
    if ($set == "eldermail") {
        $eldermail = '<div id="textBig">' . "<h2>Mail your alliance</h2>" . "<form action=\"main.php?cat=game&amp;page=mail&amp;set=eldermailsend\" method=\"post\">" . "<br />" . "Subject: <input type=\"text\" name=\"subject\" size=\"30\" />" . "<br />" . "<textarea name=\"message\" rows=\"10\" cols=\"70\" wrap=\"on\"></textarea>" . "<br />" . "<input type=\"submit\" value=\"Send Message\" />" . "</form>" . "</div>";
        echo $eldermail;
    }
    if ($set == "compose") {
        $sendMailTargets = "<option value=\"spacer\">";
        if (isset($_GET['aid']) && !empty($_GET['aid'])) {
            $kingdom = intval($_GET['aid']);
        }
        if (isset($_GET['tribe']) && !empty($_GET['tribe'])) {
            $replyid = intval($_GET['tribe']);
        }
        $result = mysql_query("SELECT * FROM stats WHERE kingdom = {$kingdom} ORDER BY tribe");
        while ($kdstats = mysql_fetch_array($result, MYSQL_ASSOC)) {
            $kdstats["tribe"] = stripslashes($kdstats["tribe"]);
            if ($kdstats["id"] == $replyid) {
                $sendMailTargets .= "<option value=\"" . $kdstats['id'] . "\" selected>" . $kdstats['tribe'];
            } else {
                $sendMailTargets .= "<option value=\"" . $kdstats['id'] . "\">" . $kdstats['tribe'];
            }
        }
        $compose = "<br />" . "<table cellspacing=\"0\" cellpadding=\"0\" class=\"small\">" . "<tr class=\"header\">" . "<th colspan=\"2\">" . "Compose Mail" . "</th>" . "</tr>" . "<tr class=\"subheader\">" . "<th colspan=\"2\" class=\"center\">" . "Select Target" . "</th>" . "</tr>" . "<tr class=\"data\">" . "<form action=\"main.php?cat=game&amp;page=mail&amp;set=compose\" method=\"post\">" . "<th>" . "Alliance:" . "</th>" . "<td>" . "<input maxlength=\"4\" size=\"3\" name=\"kingdom\" value=\"{$kingdom}\" />" . "<input type=\"submit\" value=\"Change\" />" . "</td>" . "</form>" . "</tr>" . "<form id=\"center\" action=\"main.php?cat=game&amp;page=mail&amp;set=sendmail\" method=\"post\">" . "<tr class=\"data\">" . "<th>" . "Tribe:" . "</th>" . "<td>" . "<select name=\"tribe\">" . $sendMailTargets . "</select>" . "</td>" . "</tr>" . "</table>" . "<br />" . '<div class="center">' . "Subject: <input type=\"text\" name=\"subject\" size=\"30\" />" . "<br />" . "<textarea name=\"message\" rows=\"10\" cols=\"70\" wrap=\"on\"></textarea>" . "<br />" . "<input type=\"submit\" value=\"Send Message\" />" . "</form>" . "</div>";
        echo $compose;
    }
    if ($set == "view") {
        $result = mysql_query("SELECT * from messages WHERE for_user ='******' AND action = 'received' AND new != 'deleted' ORDER BY date DESC") or die(mysql_error());
        $num_mail = mysql_num_rows($result);
        if ($num_mail <= "0") {
            echo "You have no mail in your inbox.<br />";
            include_game_down();
            exit;
        }
        $update['timestamp'] = mysql_query("UPDATE preferences SET last_m_check ='{$orkTime}' WHERE id= {$userid}");
        $updated['timestamp'] = mysql_query($update['timestamp'], $connection);
        $inbox = "<form id=\"center\" name=\"mail\" method=\"post\" action=\"main.php?cat=game&amp;page=mail&amp;set=delete2\">" . "<table cellpadding=\"0\" cellspacing=\"0\" class=\"big\">" . "<tr class=\"header\">" . "<th colspan=\"5\">" . "Inbox" . "</th>" . "</tr>" . "<tr class=\"subheader\">" . "<th>" . "Subject" . "</th>" . "<td class=\"left\">" . "From" . "</td>" . "<td class=\"left\">" . "Date" . "</td>" . "<td class=\"left\">" . "Status" . "</td>" . "<td class=\"center\">" . "Delete" . "</td>" . "</tr>";
        while ($mail = mysql_fetch_array($result)) {
            $count++;
            if ($count == '1') {
                $class = "";
            } else {
                $class = "bsup";
            }
            mysql_grab($mail['from_user'], 'd', 'stats');
            if (empty($mail['subject'])) {
                $mail['subject'] = 'No Subject';
            }
            $inbox .= "<tr class=\"data\">" . "<th class=\"" . $class . "\">" . "<a href=\"main.php?cat=game&amp;page=mail&amp;set=read&amp;mid=" . $mail['id'] . "\">" . cleanHTML($mail['subject']) . "</a>" . "</th>" . "<td class=\"" . $class . " left\">" . cleanHTML($d_stats['tribe']) . "(#" . $d_stats['kingdom'] . ")</td>" . "<td class=\"" . $class . " left\">" . $mail['date'] . "</td>" . "<td class=\"" . $class . " left\">" . $mail['new'] . "</td>" . "<td class=\"" . $class . " center\">" . "<input name=\"posts[]\" type=\"checkbox\" value=\"" . $mail['id'] . "\" />" . "</td>" . "</tr>";
        }
        $inbox .= "</table>" . '<br /><div class="center">' . "| <a href='#' onclick=\"var posts=document.getElementsByName('mail')[0]['posts[]']; for(var i=0,len=posts.length;i<len;i++) posts[i].checked=true;\">Check All</a>" . " | <a href='#' onclick=\"var posts=document.getElementsByName('mail')[0]['posts[]']; for(var i=0,len=posts.length;i<len;i++) posts[i].checked=false;\">Uncheck All</a> |" . "</div><br />" . "<input type=\"submit\" name=\"submit\" value=\"Delete\" />" . "</form>";
        echo $inbox;
    }
    if ($set == "outbox") {
        $result = mysql_query("SELECT * from messages WHERE from_user ='******' AND action = 'sent' AND new != 'deleted' ORDER BY date DESC") or die(mysql_error());
        $num_mail = mysql_num_rows($result);
        if ($num_mail <= "0") {
            echo "<div class=\"center\">You have no mail in your outbox.</div>";
            include_game_down();
            exit;
        }
        $outbox = "<form id=\"center\" name=\"mail\" method=\"post\" action=\"main.php?cat=game&amp;page=mail&amp;set=deleteout2\">" . "<table cellpadding=\"0\" cellspacing=\"0\" class=\"big\">" . "<tr class=\"header\">" . "<th colspan=\"5\">" . "Outbox" . "</th>" . "</tr>" . "<tr class=\"subheader\">" . "<th>" . "Subject" . "</th>" . "<td class=\"left\">" . "To" . "</td>" . "<td class=\"left\">" . "Date" . "</td>" . "<td class=\"left\">" . "Status" . "</td>" . "<td class=\"center\">" . "Delete" . "</td>" . "</tr>";
        while ($mail = mysql_fetch_array($result)) {
            $count++;
            if ($count == '1') {
                $class = "";
            } else {
                $class = "bsup";
            }
            if ($mail['for_user'] == "0") {
                $receiver = "Your Alliance";
            } else {
                $foruser = mysql_query("SELECT tribe, kingdom FROM stats WHERE id = {$mail['for_user']}");
                $foruser = mysql_fetch_array($foruser);
                $receiver = cleanHTML($foruser['tribe']) . "(#{$foruser['kingdom']})";
            }
            if (empty($mail['subject'])) {
                $mail['subject'] = 'No Subject';
            }
            $outbox .= "<tr class=\"data\">" . "<th class=\"" . $class . "\">" . "<a href=\"main.php?cat=game&amp;page=mail&amp;set=readout&amp;mid=" . $mail['id'] . "\">" . cleanHTML($mail['subject']) . "</a>" . "</th>" . "<td class=\"" . $class . " left\">" . $receiver . "</td>" . "<td class=\"" . $class . " left\">" . $mail['date'] . "</td>" . "<td class=\"" . $class . " left\">" . $mail['new'] . "</td>" . "<td class=\"" . $class . " center\">" . "<input name=\"posts[]\" type=\"checkbox\" value=\"" . $mail['id'] . "\" />" . "</td>" . "</tr>";
        }
        $outbox .= "</table>" . "<br /><br />" . "| <a href='#' onclick=\"var posts=document.getElementsByName('mail')[0]['posts[]']; for(var i=0,len=posts.length;i<len;i++) posts[i].checked=true;\">Check All</a>" . " | <a href='#' onclick=\"var posts=document.getElementsByName('mail')[0]['posts[]']; for(var i=0,len=posts.length;i<len;i++) posts[i].checked=false;\">Uncheck All</a> |" . "<br /><br />" . "<input type=\"submit\" name=\"submit\" value=\"Delete\" />" . "</form>";
        echo $outbox;
    }
    if ($set == "readout") {
        $result = mysql_query("SELECT * from messages WHERE from_user ='******' AND id = '{$mid}' AND action = 'sent' AND new != 'deleted'");
        $read = mysql_fetch_array($result);
        $read['subject'] = stripslashes(stripslashes($read['subject']));
        $read['text'] = stripslashes(stripslashes($read['text']));
        if ($read['for_user'] == "0") {
            $receiver = "Your Alliance";
        } else {
            $foruser = mysql_query("SELECT tribe, kingdom FROM stats WHERE id = {$read['for_user']}");
            $foruser = mysql_fetch_array($foruser);
            $receiver = "{$foruser['tribe']}(#{$foruser['kingdom']})";
        }
        $readout = "<table cellpadding=\"0\" cellspacing=\"0\" class=\"medium\">" . "<tr class=\"header\">" . "<th>" . "Message to: " . $receiver . "</th>" . "</tr>" . "<tr class=\"subheader\">" . "<th>" . "Subject: " . cleanHTML($read['subject']) . "</th>" . "</tr>" . "<tr class=\"message\">" . "<td>" . "<br />" . cleanHTML($read['text']) . "<br />" . "</td>" . "</tr>" . "</table>" . "<br />" . '<div class="center">' . "| <a href=main.php?cat=game&page=mail&set=deleteout&mid={$mid}>Delete</a> | " . "<a href=main.php?cat=game&page=mail&set=outbox>Return To Outbox</a> |</div>";
        echo $readout;
    }
    if ($set == "read") {
        $result = mysql_query("SELECT * from messages WHERE for_user ='******' AND id = '{$mid}' AND action = 'received' AND new != 'deleted'");
        $read = mysql_fetch_array($result);
        mysql_grab($read['from_user'], 'd', 'stats');
        $read['subject'] = stripslashes(stripslashes($read['subject']));
        $read['text'] = stripslashes(stripslashes($read['text']));
        $readin = "<br /><table cellpadding=\"0\" cellspacing=\"0\" class=\"medium\">" . "<tr class=\"header\">" . "<th>" . "Message from: " . stripslashes($d_stats['name']) . "</th>" . "</tr>" . "<tr class=\"subheader\">" . "<th>" . "Subject: " . cleanHTML($read['subject']) . "</th>" . "</tr>" . "<tr class=\"message\">" . "<td>" . "<br />" . cleanHTML($read['text']) . "<br />" . "</td>" . "</tr>" . "</table>" . "<br />" . '<div class="center">' . "| <a href=main.php?cat=game&page=mail&set=reply&mid={$mid}>Reply</a> | " . "<a href=main.php?cat=game&page=mail&set=delete&mid={$mid}>Delete</a> | " . "<a href=main.php?cat=game&page=mail&set=view&mid={$d_stats['id']}>Return To Inbox</a> | " . '</div>';
        echo $readin;
        $old = mysql_query("UPDATE messages SET new ='old' WHERE id ='{$mid}'");
        $mid2 = $mid + 1;
        $select = mysql_query("SELECT action FROM messages WHERE id = '{$mid2}'");
        $select = mysql_fetch_array($select);
        if ($select['action'] == 'sent') {
            $old = mysql_query("UPDATE messages SET new ='old' WHERE id ='{$mid2}'");
        }
    }
    if ($set == "delete") {
        $email_name = "UPDATE messages SET new = 'deleted' WHERE id ='{$mid}' AND for_user = '******' AND action = 'received'";
        $delete = mysql_query($email_name, $connection);
        echo '<div id="textMedium"><p>' . "The message has been deleted.<br /><br />";
        echo "<a href=main.php?cat=game&page=mail&set=view>Return To Inbox</a></p>" . '</div';
    }
    if ($set == "delete2") {
        $sql = "UPDATE messages SET new = 'deleted' WHERE for_user = '******' AND action = 'received' ";
        $sql .= " AND id IN (";
        $posts = $_POST["posts"];
        $postcount = count($posts);
        for ($i = 0; $i < $postcount; $i++) {
            $sql .= "{$posts[$i]}";
            if ($i != $postcount - 1) {
                $sql .= ",";
            }
        }
        $sql .= ")";
        $delete = mysql_query($sql, $connection);
        echo '<div id="textMedium"><p>' . "The selected messages are deleted.<br /><br />";
        echo "<a href=main.php?cat=game&page=mail&set=view>Return To Inbox</a></p>" . '</div';
    }
    if ($set == "deleteout") {
        $email_name = "UPDATE messages SET new = 'deleted' WHERE id ='{$mid}' AND from_user = '******' AND action = 'sent'";
        $delete = mysql_query($email_name, $connection);
        echo '<div id="textMedium"><p>' . "The message has been deleted.<br /><br />";
        echo "<a href=main.php?cat=game&page=mail&set=outbox>Return To Outbox</a></p>" . '</div';
    }
    if ($set == "deleteout2") {
        $sql = "UPDATE messages SET new = 'deleted' WHERE from_user = '******' AND action = 'sent' ";
        $sql .= " AND id IN (";
        $posts = $_POST["posts"];
        $postcount = count($posts);
        for ($i = 0; $i < $postcount; $i++) {
            $sql .= "{$posts[$i]}";
            if ($i != $postcount - 1) {
                $sql .= ",";
            }
        }
        $sql .= ")";
        $delete = mysql_query($sql, $connection);
        echo '<div id="textMedium"><p>' . "The selected messages are deleted.<br /><br />";
        echo "<a href=main.php?cat=game&page=mail&set=outbox>Return To Outbox</a></p>" . '</div';
    }
    if ($set == "reply") {
        if ($action != "post") {
            $result = mysql_query("SELECT * from messages WHERE for_user ='******' AND id = '{$mid}' AND action = 'received'");
            $reply = mysql_fetch_array($result);
            $subject = "Re: " . cleanHTML($reply['subject']) . " ";
            $replyText = "<form action=\"main.php?cat=game&amp;page=mail&amp;set=reply&amp;mid={$mid}&amp;action=post\" method=\"post\">" . "<br />" . "Subject: <input type=\"text\" name=\"subject\" size=\"30\" value=\"" . $subject . "\" />" . "<br />" . "<textarea name=\"message\" rows=\"10\" cols=\"70\" wrap=\"virtual\"></textarea>" . "<br />" . "<input type=\"submit\" name=\"submit\" value=\"Send Message\" />" . "</form>";
            echo $replyText;
        }
        if ($action == "post") {
            $result = mysql_query("SELECT * from messages WHERE for_user ='******' AND id = '{$mid}' AND action = 'received'");
            $reply = mysql_fetch_array($result);
            send_mail($userid, $reply['from_user'], $subject, $message);
            echo "<a href=main.php?cat=game&page=mail>Return To Mailbox</a>";
        }
    }
    if ($set == "block") {
        if (isset($_POST['tribe']) && $_POST['tribe'] != 'spacer' && $action == "block") {
            $blocker_id = $objSrcUser->get_userid();
            $blocked_id = quote_smart($_POST['tribe']);
            $objTrgUser = new clsUser($blocked_id);
            $blocked_name = $objTrgUser->get_stat(TRIBE);
            echo '<br /><div class="center">' . "You have blocked {$blocked_name} from sending you any more mail.</div>";
            block_mail($blocker_id, $blocked_id);
        }
        if (isset($_GET['id']) && $_GET['id'] > 0 && $action == "unblock") {
            $blocker_id = $objSrcUser->get_userid();
            $blocked_id = quote_smart($_GET['id']);
            $objTrgUser = new clsUser($blocked_id);
            $blocked_name = $objTrgUser->get_stat(TRIBE);
            echo '<br /><div class="center">' . "You have unblocked {$blocked_name}, they can send you mail again.</div>";
            unblock_mail($blocker_id, $blocked_id);
        }
        $tribes = mysql_query("select tribe,id from stats where kingdom = {$kingdom} order by tribe");
        $blockTargets = "<option value=\"spacer\"></option";
        while ($allistats = mysql_fetch_assoc($tribes)) {
            $tribe = stripslashes($allistats['tribe']);
            $id = $allistats['id'];
            $blockTargets .= "<option value=\"{$id}\">{$tribe}</option>";
        }
        echo "<br /><table cellspacing=\"0\" cellpadding=\"0\" class=\"small\">" . "<tr class=\"header\"><th colspan=\"2\">Block Mail</th></tr>" . "<tr class=\"subheader\"><th colspan=\"2\" class=\"center\">Select spammer</th></tr>" . "<tr class=\"data\"><form action=\"main.php?cat=game&amp;page=mail&amp;set=block\" method=\"post\">" . "<th>Alliance:</th><td><input maxlength=\"4\" size=\"3\" name=\"kingdom\" value=\"{$kingdom}\" />" . "<input type=\"submit\" value=\"Change\" /></td></form></tr>" . "<form action=\"main.php?cat=game&amp;page=mail&amp;set=block&amp;action=block\" method=\"post\">" . "<tr class=\"data\"><th>Tribe:</th><td><select name=\"tribe\">{$blockTargets}</select>" . "<input type=\"submit\" value=\"Block\" name=\"Block\" /></td></tr></form>" . "</table><br /><br />";
        $blocked_users = get_blocks_mail($objSrcUser->get_userid());
        echo "<table cellspacing=\"0\" cellpadding=\"0\" class=\"small\">" . "<tr class=\"header\"><th colspan=\"2\">Blocked users</th></tr>" . "<tr class=\"subheader\"><th colspan=\"2\" class=\"center\">Remove?</th></tr>";
        foreach ($blocked_users as $blocked_user) {
            echo "<tr class=\"data\"><th>{$blocked_user['tribe']}</th>" . "<td><a href=\"main.php?cat=game&amp;page=mail&amp;set=block&amp;" . "action=unblock&amp;id={$blocked_user['blocked_id']}\">Remove?</td></tr>";
        }
        echo "</table>";
    }
}
Пример #28
0
 function blog_trackback_receive()
 {
     global $database, $user, $setting;
     $is_error = FALSE;
     // Create trackback class instance
     $trackback = new Trackback(NULL, NULL, "UTF-8");
     // Prepare data
     $trackback_eid = $trackback->e_id;
     $trackback_url = trim($trackback->url);
     $trackback_title = trim($trackback->title);
     $trackback_excerpt = trim($trackback->excerpt);
     $trackback_bname = trim($trackback->bname);
     $trackback_ip = $_SERVER['REMOTE_ADDR'];
     $trackback_time = time();
     $trackback_excerpthash = md5($trackback_excerpt);
     // Clean body
     $trackback_excerpt = str_replace("\r\n", "<br />", cleanHTML(censor(htmlspecialchars_decode($trackback_excerpt)), $setting['setting_comment_html']));
     // Trackbacks not allowed
     if (!$user->level_info['level_blog_trackbacks_allow']) {
         $is_error = 1500013;
     }
     // No ID specified
     if (!$trackback_eid) {
         $is_error = 1500008;
     }
     // Trackback URL is empty
     if (!$trackback_url) {
         $is_error = 1500009;
     }
     // Get entry info. TODO: switch to SELECT NULL?
     if (!$is_error) {
         $sql = "\r\n        SELECT\r\n          NULL\r\n        FROM\r\n          se_blogentries\r\n        WHERE\r\n          se_blogentries.blogentry_id='{$trackback_eid}'\r\n        LIMIT\r\n          1\r\n      ";
         $resource = $database->database_query($sql);
         // Entry not found
         if (!$database->database_num_rows($resource)) {
             $is_error = 1500010;
         }
     }
     // See if trackback has already been received
     if (!$is_error) {
         $sql = "\r\n        SELECT\r\n          NULL\r\n        FROM\r\n          se_blogtrackbacks\r\n        WHERE\r\n          blogtrackback_blogentry_id='{$trackback_eid}' &&\r\n          blogtrackback_name='{$trackback_bname}' &&\r\n          blogtrackback_excerpthash='{$trackback_excerpthash}'\r\n        LIMIT\r\n          1\r\n      ";
         $resource = $database->database_query($sql);
         // Already tracked
         if ($database->database_num_rows($resource)) {
             $is_error = 1500011;
         }
     }
     // Only 1/15 seconds
     if (!$is_error) {
         $trackback_timeout = 15;
         $sql = "\r\n        SELECT\r\n          NULL\r\n        FROM\r\n          se_blogtrackbacks\r\n        WHERE\r\n          blogtrackback_ip='{$trackback_ip}' &&\r\n          blogtrackback_date>" . ($trackback_time - $trackback_timeout) . "\r\n        LIMIT\r\n          1\r\n      ";
         $resource = $database->database_query($sql);
         if ($database->database_num_rows($resource)) {
             $is_error = 1500012;
         }
     }
     // TODO: antispam
     // INSERT
     if (!$is_error) {
         $sql = "\r\n        INSERT INTO se_blogtrackbacks\r\n        (\r\n          blogtrackback_blogentry_id,\r\n          blogtrackback_name,\r\n          blogtrackback_title,\r\n          blogtrackback_excerpt,\r\n          blogtrackback_excerpthash,\r\n          blogtrackback_url,\r\n          blogtrackback_ip,\r\n          blogtrackback_date\r\n        ) VALUES (\r\n          '{$trackback_eid}',\r\n          '{$trackback_bname}',\r\n          '{$trackback_title}',\r\n          '{$trackback_excerpt}',\r\n          '{$trackback_excerpthash}',\r\n          '{$trackback_url}',\r\n          '{$trackback_ip}',\r\n          '{$trackback_time}'\r\n        )\r\n      ";
         $resource = $database->database_query($sql);
         if (!$database->database_affected_rows($resource)) {
             $is_error = 1500013;
         }
         // UPDATE TRACKBACK COUNT
         $sql = "UPDATE se_blogentries SET blogentry_totaltrackbacks=blogentry_totaltrackbacks+1 WHERE blogentry_id='{$trackback_eid}' LIMIT 1";
         $database->database_query($sql);
     }
     // LOG
     if (empty($blogentry_url) && !empty($_SERVER['HTTP_REFERER'])) {
         $blogentry_url = $_SERVER['HTTP_REFERER'];
     }
     if (empty($blogentry_url) && !empty($_SERVER['REMOTE_ADDR'])) {
         $blogentry_url = $_SERVER['REMOTE_ADDR'];
     }
     $sql = "\r\n      INSERT INTO se_blogpings\r\n      (\r\n        blogping_blogentry_id,\r\n        blogping_target_url,\r\n        blogping_source_url,\r\n        blogping_status,\r\n        blogping_type,\r\n        blogping_ip\r\n      ) VALUES (\r\n        '{$trackback_eid}',\r\n        '" . $database->database_real_escape_string($_SERVER['REQUEST_URI']) . "',\r\n        '" . $database->database_real_escape_string($blogentry_url) . "',\r\n        '1',\r\n        '2',\r\n        '{$_SERVER['REMOTE_ADDR']}'\r\n      )\r\n    ";
     $resource = $database->database_query($sql);
     // GET ERROR MESSAGE
     SE_Language::_preload($is_error ? $is_error : 1500014);
     SE_Language::load();
     $message = SE_Language::_get($is_error ? $is_error : 1500014);
     return $trackback->recieve(!$is_error, $message);
 }
Пример #29
0
 function comment_edit($comment_id, $comment_body)
 {
     global $database, $user, $setting;
     // MAKE SURE COMMENT BODY IS NOT EMPTY - ADD BREAKS AND CENSOR
     $comment_body = str_replace("\r\n", "<br>", cleanHTML(censor($comment_body), $setting['setting_comment_html']));
     $comment_body = preg_replace('/(<br>){3,}/is', '<br><br>', $comment_body);
     $comment_body = str_replace("'", "\\'", $comment_body);
     // EDIT COMMENT IF NO ERROR
     if (trim($comment_body)) {
         $database->database_query("\r\n        UPDATE\r\n          `se_{$this->comment_type}comments`\r\n        SET\r\n          `{$this->comment_type}comment_body`='{$comment_body}'\r\n        WHERE\r\n          `{$this->comment_type}comment_{$this->comment_identifier}`='{$this->comment_identifying_value}' &&\r\n          `{$this->comment_type}comment_id`='{$comment_id}' &&\r\n          `{$this->comment_type}comment_authoruser_id`='{$user->user_info['user_id']}'\r\n        LIMIT\r\n          1\r\n      ");
     }
 }
Пример #30
0
     $core->action = "preview";
     // send me to preview screen (same for both)
     $_POST['fmessage'] = cleanHTML($_POST['fmessage'], false);
     // not as complete as parseHTML, but lightweight, just a preview anyway
     return;
     break;
 case 'preview':
     // preview a post
     if (!$core->queryOk(array("#id_forumthread", "#id_forum", "fmessage"))) {
         $core->action = "index";
         $core->log[] = "Error on preview";
         break;
     }
     $core->action = "preview";
     // send me to preview screen (same for both)
     $_POST['fmessage'] = cleanHTML($_POST['fmessage'], false);
     // not as complete as parseHTML, but lightweight, just a preview anyway
     return;
     break;
 case 'tpost':
     // post thread
     if (!$core->queryOk(array("#id_forum", "ttitle", "fmessage"))) {
         $core->action = "index";
         $core->log[] = "Error on post";
         break;
     }
     $postData = array('id_forum' => $_POST['id_forum'], 'title' => $_POST['ttitle'], 'video' => isset($_POST['video']) ? $_POST['video'] : '', 'tags' => isset($_POST['tags']) ? $_POST['tags'] : '', 'id_author' => $_SESSION[CONS_SESSION_ACCESS_USER]['id']);
     $threadobj = $core->loaded('forumthread');
     if (!isset($_REQUEST['operationmode'])) {
         // UDM could have filled this for us
         $_REQUEST['operationmode'] = $core->dbo->fetch("SELECT operationmode FROM " . $threadobj->dbname . " WHERE id=" . $_POST['id_forum']);