post_only(); if ($hc_cfg[1] == 0) { exit; } include HCPATH . HCINC . '/functions/events.php'; include HCLANG . '/config.php'; include HCLANG . '/public/submit.php'; $proof = $challenge = ''; if ($hc_cfg[65] == 1) { $proof = isset($_POST['proof']) ? $_POST['proof'] : NULL; $challenge = isset($_SESSION['hc_cap']) ? $_SESSION['hc_cap'] : NULL; } elseif ($hc_cfg[65] == 2) { $proof = isset($_POST["recaptcha_response_field"]) ? $_POST["recaptcha_response_field"] : NULL; $challenge = isset($_POST["recaptcha_challenge_field"]) ? $_POST["recaptcha_challenge_field"] : NULL; } spamIt($proof, $challenge, 1); $newPkID = 0; $dates = array(); $appStatus = user_check_status() && $_SESSION['UserLevel'] == 2 ? 1 : 2; $pubDate = $appStatus == 1 ? "'" . SYSDATE . ' ' . SYSTIME . "'" : 'NULL'; $filter = array('/onclick=["\'][^"\']+["\']/i', '/ondblclick=["\'][^"\']+["\']/i', '/onkeydown=["\'][^"\']+["\']/i', '/onkeypress=["\'][^"\']+["\']/i', '/onkeyup=["\'][^"\']+["\']/i', '/onmousedown=["\'][^"\']+["\']/i', '/onmousemove=["\'][^"\']+["\']/i', '/onmouseout=["\'][^"\']+["\']/i', '/onmouseover=["\'][^"\']+["\']/i', '/onmouseup=["\'][^"\']+["\']/i', '/onmousemove=["\'][^"\']+["\']/i', '/onfocus=["\'][^"\']+["\']/i', '/onblur=["\'][^"\']+["\']/i'); $eID = $tbd = $stop = 0; $subName = isset($_POST['submitName']) ? htmlspecialchars(strip_tags($_POST['submitName'])) : NULL; $subEmail = isset($_POST['submitEmail']) ? htmlspecialchars(strip_tags($_POST['submitEmail'])) : NULL; $subID = isset($_POST['submitID']) ? htmlspecialchars(strip_tags($_POST['submitID'])) : NULL; $eventTitle = isset($_POST['eventTitle']) ? htmlspecialchars(cleanQuotes(strip_tags($_POST['eventTitle']))) : NULL; $eventDesc = isset($_POST['eventDescription']) ? cleanQuotes(strip_tags($_POST['eventDescription'], '<abbr><acronym><blockquote><br><caption><center><cite><dd><del><dfn><dir><div><dl><dt><em><i><font><hr><img><legend><li><menu><ol><p><pre><listing><plaintext><q><small><span><strike><strong><b><style><sub><sup><table><td><tr><tt><u><ul><var>'), 0) : NULL; $eventDesc = preg_replace($filter, '', $eventDesc); $locID = isset($_POST['locPreset']) ? htmlspecialchars(strip_tags($_POST['locPreset'])) : NULL; $contactName = isset($_POST['contactName']) ? htmlspecialchars(strip_tags($_POST['contactName'])) : NULL; $contactEmail = isset($_POST['contactEmail']) ? htmlspecialchars(strip_tags($_POST['contactEmail'])) : NULL;
*/ define('isHC', true); define('isAction', true); include dirname(__FILE__) . '/loader.php'; action_headers(); post_only(); include HCLANG . '/public/rsvp.php'; $proof = $challenge = ''; if ($hc_cfg[65] == 1) { $proof = isset($_POST['proof']) ? $_POST['proof'] : NULL; $challenge = isset($_SESSION['hc_cap']) ? $_SESSION['hc_cap'] : NULL; } elseif ($hc_cfg[65] == 2) { $proof = isset($_POST["recaptcha_response_field"]) ? $_POST["recaptcha_response_field"] : NULL; $challenge = isset($_POST["recaptcha_challenge_field"]) ? $_POST["recaptcha_challenge_field"] : NULL; } spamIt($proof, $challenge, 3); $eID = isset($_POST['eID']) && is_numeric($_POST['eID']) ? cIn(strip_tags($_POST['eID'])) : 0; $regName = isset($_POST['hc_f1']) ? cIn(strip_tags(cleanBreaks($_POST['hc_f1']))) : ''; $regEmail = isset($_POST['hc_f2']) ? cIn(strip_tags(cleanBreaks($_POST['hc_f2']))) : ''; $phone = isset($_POST['hc_f3']) ? cIn(strip_tags($_POST['hc_f3'])) : ''; $address = isset($_POST['hc_f4']) ? cIn(strip_tags($_POST['hc_f4'])) : ''; $address2 = isset($_POST['hc_f5']) ? cIn(strip_tags($_POST['hc_f5'])) : ''; $city = isset($_POST['hc_f6']) ? cIn(strip_tags($_POST['hc_f6'])) : ''; $state = isset($_POST['locState']) ? cIn(strip_tags($_POST['locState'])) : ''; $country = isset($_POST['hc_f9']) ? cIn(strip_tags($_POST['hc_f9'])) : ''; $zip = isset($_POST['hc_f8']) ? cIn(strip_tags($_POST['hc_f8'])) : ''; $partySize = is_numeric($_POST['hc_f7']) ? cIn(strip_tags($_POST['hc_f7'])) + 1 : 0; $result = doQuery("SELECT PkID FROM " . HC_TblPrefix . "registrants WHERE Email = '" . $regEmail . "' AND EventID = '" . $eID . "'"); if (hasRows($result)) { header("Location: " . CalRoot . "/index.php?com=rsvp&eID=" . $eID . "&msg=1"); } else {
define('isAction', true); include dirname(__FILE__) . '/loader.php'; action_headers(); post_only(); include HCLANG . '/public/news.php'; if (!isset($_POST['dID'])) { $target = '/index.php?com=edit&msg=2'; $proof = $challenge = ''; if ($hc_cfg[65] == 1) { $proof = isset($_POST['proof']) ? $_POST['proof'] : NULL; $challenge = isset($_SESSION['hc_cap']) ? $_SESSION['hc_cap'] : NULL; } elseif ($hc_cfg[65] == 2) { $proof = isset($_POST["recaptcha_response_field"]) ? $_POST["recaptcha_response_field"] : NULL; $challenge = isset($_POST["recaptcha_challenge_field"]) ? $_POST["recaptcha_challenge_field"] : NULL; } spamIt($proof, $challenge, 4); $email = isset($_POST['hc_fz']) ? cIn(strip_tags($_POST['hc_fz'])) : ''; $do = isset($_POST['hc_fy']) ? cIn($_POST['hc_fy']) : ''; $stop = preg_match('/^([a-zA-Z0-9_\\.\\-])+\\@(([a-zA-Z0-9\\-])+\\.)+([a-zA-Z0-9]{2,4})+$/', $email) == 1 ? 0 : 1; $stop = is_numeric($do) ? 0 : 1; if ($stop == 0) { $result = doQuery("SELECT PkID FROM " . HC_TblPrefix . "subscribers WHERE email = '" . $email . "' && IsConfirm = 1"); if (hasRows($result)) { doQuery("UPDATE " . HC_TblPrefix . "subscribers SET GUID = MD5(CONCAT(rand(UNIX_TIMESTAMP()) * (RAND()*1000000),'" . $email . "')) WHERE email = '" . $email . "'"); $result = doQuery("SELECT FirstName, LastName, GUID FROM " . HC_TblPrefix . "subscribers WHERE email = '" . $email . "'"); $GUID = hasRows($result) ? mysql_result($result, 0, 2) : ''; if ($GUID != '') { $link = $do == 0 ? CalRoot . '/index.php?com=signup&u=' . $GUID : CalRoot . '/index.php?com=signup&d=' . $GUID; $doMsg = $do == 0 ? 'Edit' : 'Delete'; $subject = $hc_lang_news[$doMsg . 'Subject'] . ' - ' . CalName; $message = '<p>' . $hc_lang_news[$doMsg . 'EmailA'] . ' <a href="' . $link . '">' . $link . '</a></p>';
*/ define('isHC', true); define('isAction', true); include dirname(__FILE__) . '/loader.php'; action_headers(); post_only(); include HCLANG . '/public/send.php'; $proof = $challenge = ''; if ($hc_cfg[65] == 1) { $proof = isset($_POST['proof']) ? $_POST['proof'] : NULL; $challenge = isset($_SESSION['hc_cap']) ? $_SESSION['hc_cap'] : NULL; } elseif ($hc_cfg[65] == 2) { $proof = isset($_POST["recaptcha_response_field"]) ? $_POST["recaptcha_response_field"] : NULL; $challenge = isset($_POST["recaptcha_challenge_field"]) ? $_POST["recaptcha_challenge_field"] : NULL; } spamIt($proof, $challenge, 2); $myName = cIn(strip_tags(cleanBreaks($_POST['hc_fx1']))); $myEmail = cIn(strip_tags(cleanBreaks($_POST['hc_fx2']))); $friendName = cIn(strip_tags(cleanBreaks($_POST['hc_fx3']))); $friendEmail = cIn(strip_tags(cleanBreaks($_POST['hc_fx4']))); $sendMsg = cleanBreaks(nl2br(strip_tags($_POST['hc_fx5']))); $eID = isset($_POST['eID']) && is_numeric($_POST['eID']) ? cIn(strip_tags($_POST['eID'])) : 0; $tID = isset($_POST['tID']) && is_numeric($_POST['tID']) ? cIn(strip_tags($_POST['tID'])) : 0; if ($tID == 0) { $result = doQuery("SELECT Title, StartDate, StartTime, TBD FROM " . HC_TblPrefix . "events WHERE PkID = '" . $eID . "'"); } else { $result = doQuery("SELECT Name, Address, Address2, City, State, Zip, Country FROM " . HC_TblPrefix . "locations WHERE PkID = '" . $eID . "'"); } if (hasRows($result) && $myName != '' && $myEmail != '' && $friendName != '' && $friendEmail != '') { $message = '<p>' . cOut($sendMsg) . '</p>'; $message .= '<p><b>' . mysql_result($result, 0, 0) . '</b><br />';
define('hcAdmin', true); include '../loader.php'; action_headers(); post_only(); $token = isset($_POST['token']) ? cIn(strip_tags($_POST['token'])) : ''; if (!check_form_token($token)) { go_home(); } include HCLANG . '/admin/login.php'; $proof = $challenge = ''; if ($hc_cfg[65] == 1) { $proof = isset($_POST['proof']) ? $_POST['proof'] : NULL; $challenge = isset($_SESSION['hc_cap']) ? $_SESSION['hc_cap'] : NULL; } elseif ($hc_cfg[65] == 2) { $proof = isset($_POST["recaptcha_response_field"]) ? $_POST["recaptcha_response_field"] : NULL; $challenge = isset($_POST["recaptcha_challenge_field"]) ? $_POST["recaptcha_challenge_field"] : NULL; } spamIt($proof, $challenge, 0); $email = isset($_POST['email']) ? cIn($_POST['email']) : ''; $result = doQuery("SELECT FirstName, LastName, Email, Passwrd FROM " . HC_TblPrefix . "admin WHERE email = '" . $email . "' AND IsActive = 1"); if (hasRows($result)) { $pwKey = md5(date("U") . md5(date("U"))); doQuery("UPDATE " . HC_TblPrefix . "admin SET PCKey = '" . cIn($pwKey) . "' WHERE Email = '" . $email . "'"); $subject = CalName . ' ' . $hc_lang_login['LoginSubject']; $message = '<a href="' . AdminRoot . '/index.php?lp=2&k=' . $pwKey . '">' . AdminRoot . '/index.php?lp=2&k=' . $pwKey . '</a>'; $message .= '<br /><br />' . $hc_lang_login['LoginEmail'] . ' <b>' . strip_tags($_SERVER["REMOTE_ADDR"]) . "</b>"; reMail(trim(mysql_result($result, 0, 0) . ' ' . mysql_result($result, 0, 1)), mysql_result($result, 0, 2), $subject, $message, $hc_cfg[79], $hc_cfg[78]); header('Location: ' . AdminRoot . '/?lmsg=3'); } else { header('Location: ' . AdminRoot . '/'); }