function referral()
{
global $lang;
global $timezone;
$url = $GLOBALS['site_url'];
$domain = trim(str_replace('www.', "", $url));
if (isset($_SERVER['HTTP_REFERER'])) {
$referral = $_SERVER['HTTP_REFERER'];
} else {
$referral = $lang['unknown_referrer'];
}
if (isset($GLOBALS['pixie_user'])) {
$uname = $GLOBALS['pixie_user'];
} else {
$uname = 'Visitor';
}
$ip = $_SERVER['REMOTE_ADDR'];
$uname = sterilise_txt($uname, TRUE);
if (!preg_match('/^[0-9\\.]+$/', $ip)) {
$ip = sterilise($ip, TRUE);
$referral = sterilise($referral, TRUE);
}
if ($referral and !strstr($referral, $domain)) {
safe_insert('pixie_log', "user_id = '{$uname}', \n\t\t\t\t\t\t\t\t\t user_ip = '{$ip}', \n\t\t\t\t\t\t\t\t \t log_time = utc_timestamp(),\n\t\t\t\t\t\t\t\t \t log_type = 'referral',\n\t\t\t\t\t\t\t\t \t log_icon = 'referral',\n\t\t\t\t\t\t\t\t \t log_message = '{$referral}'");
}
}
// lets check to see if the refferal is from the current site
if (strpos($_SERVER['HTTP_REFERER'], $site_url) != FALSE) {
die;
}
// lets check to see if our bot catcher has been filled in
if ($iam) {
die;
}
if (isset($uemail)) {
$domain = explode('@', $uemail);
if (preg_match('#^[\\w.-]+@[\\w.-]+\\.[a-zA-Z]{2,6}$#', $uemail) && checkdnsrr($domain[1])) {
if (isset($subject)) {
if ($message) {
$message = sterilise($message);
$subject = sterilise($subject);
$uemail = sterilise($uemail);
$to = safe_field('email', 'pixie_users', "user_id = '{$contact}' limit 0,1");
$eol = "\r\n";
$headers .= "From: {$uemail} <{$uemail}>" . $eol;
$headers .= "Reply-To: {$uemail} <{$uemail}>" . $eol;
$headers .= "Return-Path: {$uemail} <{$uemail}>" . $eol;
} else {
$error = 'Please enter a message.';
}
} else {
$error = 'Please provide a subject.';
}
} else {
$error = 'Please provide a valid email adress.';
}
} else {
* @copyright 2008-2010 Scott Evans
* @author Scott Evans
* @author Sam Collett
* @author Tony White
* @author Isa Worcs
* @link http://www.getpixie.co.uk
* @license http://www.gnu.org/licenses/gpl-3.0.html GNU General Public License v3
* @todo Tag release for Pixie 1.04
*
*/
if (isset($login_forgotten)) {
sleep(3);
if (!isset($username)) {
$username = NULL;
}
$username = sterilise($username, TRUE);
$r1 = safe_field('email', 'pixie_users', "email='{$username}'");
$r2 = safe_field('user_name', 'pixie_users', "user_name='{$username}'");
if ($r1 or $r2) {
if ($r1) {
$rs = $r1;
} else {
$rs = safe_field('email', 'pixie_users', "user_name='{$username}'");
}
if ($rs) {
$password = generate_password(8);
$nonce = md5(uniqid(rand(), TRUE));
$sql = "pass = password(lower('{$password}')), nonce = '{$nonce}'";
$ok = safe_update('pixie_users', "{$sql}", "email = '{$rs}'");
if (isset($rs) && $ok) {
$email = $rs;
$error = $lang['comment_throttle_error'];
}
$comment = strip_tags($comment, '<strong><em><a>');
$comment = nl2br($comment);
$comment = str_replace('<a', "<a rel=\"external nofollow\"", $comment);
$name = strip_tags($name);
if (isset($email)) {
$email = strip_tags($email);
}
$web = strip_tags($web);
$post = strip_tags($post);
$scomment = sterilise($comment);
$sweb = sterilise($web);
$sname = sterilise($name);
if (isset($email)) {
$semail = sterilise($email);
}
$scream = array();
if (!$name) {
if (isset($error)) {
} else {
$error = NULL;
}
$error .= $lang['comment_name_error'] . ' ';
$scream[] = 'name';
}
if (!$comment) {
$error .= $lang['comment_comment_error'] . ' ';
$scream[] = 'comment';
}
$check = new Validator();
function sterilise_txt($txt, $is_sql = FALSE)
{
if (!preg_match('/^[a-zA-ZÀÁÂÃÄÅĀĄĂÆÇĆČĈĊĎĐÐÈÉÊËĒĘĚĔĖĜĞĠĢĤĦÌÍÎÏĪĨĬĮİIJĴĶŁĽĹĻĿÑŃŇŅŊÒÓÔÕÖØŌŐŎŒŔŘŖŚŠŞŜȘŤŢŦȚÙÚÛÜŪŮŰŬŨŲŴÝŶŸŹŽŻÞÞàáâãäåāąăæçćčĉċďđðèéêëēęěĕėƒĝğġģĥħìíîïīĩĭįıijĵķĸłľĺļŀñńňņʼnŋòóôõöøōőŏœŕřŗšùúûüūůűŭũųŵýÿŷžżźþßſАБВГДЕЁЖЗИЙКЛМНОПРСТУФХЦЧШЩЪЫЭЮЯабвгдеёжзийклмнопрстуфхцчшщъыэюя0-9\\_]+$/', $txt)) {
return sterilise($txt, $is_sql);
}
return $txt;
}
$email = sterilise($email, TRUE);
$biography = mysql_real_escape_string($biography);
$link_1 = sterilise($link_1, TRUE);
$link_2 = sterilise($link_2, TRUE);
$link_3 = sterilise($link_3, TRUE);
$occupation = sterilise($occupation, TRUE);
$website = sterilise($website, TRUE);
$street = sterilise($street, TRUE);
$town = sterilise($town, TRUE);
$street = sterilise($street, TRUE);
$town = sterilise($town, TRUE);
$county = sterilise($county, TRUE);
$country = sterilise($country, TRUE);
$post_code = sterilise($post_code, TRUE);
$telephone = sterilise($telephone, TRUE);
$user_id = sterilise($user_id, TRUE);
$sql = "realname = '{$realname}', email = '{$email}', biography = '{$biography}', link_1 = '{$link_1}', link_2 = '{$link_2}', \r\n\t\t\t\t\tlink_3 = '{$link_3}', occupation = '{$occupation}', website = '{$website}', street = '{$street}', town = '{$town}', \r\n\t\t\t\t\tcounty = '{$county}', country = '{$country}', post_code = '{$post_code}', telephone = '{$telephone}'";
$ok = safe_update('pixie_users', "{$sql}", "user_id = '{$user_id}'");
if (!$ok) {
if (isset($table_name)) {
safe_optimize("{$table_name}");
safe_repair("{$table_name}");
}
$message = $lang['unknown_error'];
} else {
$messageok = $lang['profile_ok'];
}
} else {
$err = explode('|', $error);
$message = $err[0];
}
function admin_overview($table_name, $condition, $order_by, $asc_desc, $exclude = array(NULL), $view_number, $type)
{
global $page, $message, $s, $m, $x, $messageok, $search_submit, $field, $search_words, $tag, $lang;
$table_name = adjust_prefix($table_name);
$searchwords = trim($search_words);
if ($page) {
$searchwords = $search_submit;
}
if ($search_submit && isset($table_name)) {
$searchwords = sterilise($searchwords, FALSE);
//build search sql
$r2 = safe_query("show fields from {$table_name}");
for ($j = 0; $j < mysql_num_rows($r2); $j++) {
if ($F = mysql_fetch_array($r2)) {
$an[$j] = $F['Field'];
}
if (last_word($an[$j]) != 'id') {
if ($an[$j] != 'posted') {
if ($an[$j] != 'author') {
if ($an[$j] != 'comments') {
if ($an[$j] != 'public') {
if (first_word($an[$j]) != 'last') {
if ($an[$j] != 'date') {
$search_sql .= $an[$j] . " like '%" . $searchwords . "%' OR ";
}
}
}
}
}
}
}
}
$search_sql = substr($search_sql, 0, strlen($search_sql) - 3) . "";
//echo $search_sql;
}
if (isset($tag)) {
$tag = squash_slug($tag);
}
if (isset($table_name)) {
if ($search_submit) {
if ($m == 'dynamic') {
$page_id = get_page_id($x);
$r1 = safe_query("select * from {$table_name} where page_id = '{$page_id}' and (" . $search_sql . ") order by {$order_by} {$asc_desc}");
} else {
$r1 = safe_query("select * from {$table_name} where " . $search_sql . " order by {$order_by} {$asc_desc}");
}
} else {
if (isset($tag) && $tag) {
$r1 = safe_query("select * from {$table_name} where tags REGEXP '[[:<:]]" . $tag . "[[:>:]]' order by {$order_by} {$asc_desc}");
} else {
$r1 = safe_query("select * from {$table_name} {$condition} order by {$order_by} {$asc_desc}");
}
}
}
if ($r1) {
$total = mysql_num_rows($r1);
if (!isset($page) && isset($table_name)) {
$lo = 0;
$page = 1;
if ($search_submit) {
if ($m == 'dynamic') {
$page_id = get_page_id($x);
$r = safe_query("select * from {$table_name} where page_id = '{$page_id}' and (" . $search_sql . ") order by {$order_by} {$asc_desc}");
} else {
$r = safe_query("select * from {$table_name} where " . $search_sql . " order by {$order_by} {$asc_desc}");
}
} else {
if (isset($tag) && $tag) {
$r = safe_query("select * from {$table_name} where tags REGEXP '[[:<:]]" . $tag . "[[:>:]]' order by {$order_by} {$asc_desc}");
} else {
$r = safe_query("select * from {$table_name} {$condition} order by {$order_by} {$asc_desc} limit {$lo},{$view_number}");
}
}
} else {
if (isset($table_name)) {
$lo = ($page - 1) * $view_number;
if ($search_submit) {
if ($m == 'dynamic') {
$page_id = get_page_id($x);
$r = safe_query("select * from {$table_name} where page_id = '{$page_id}' and (" . $search_sql . ") order by {$order_by} {$asc_desc}");
} else {
$r = safe_query("select * from {$table_name} where " . $search_sql . " order by {$order_by} {$asc_desc}");
}
} else {
if (isset($tag) && $tag) {
$r = safe_query("select * from {$table_name} where tags REGEXP '[[:<:]]" . $tag . "[[:>:]]' order by {$order_by} {$asc_desc}");
} else {
$r = safe_query("select * from {$table_name} {$condition} order by {$order_by} {$asc_desc} limit {$lo},{$view_number}");
}
}
}
}
if ($r) {
$rows = mysql_num_rows($r);
$hi = $lo + $view_number;
if ($hi > $total) {
$finalmax = $total - $lo;
$hi = $total;
}
$pages = ceil($total / $view_number);
if ($pages < 1) {
$pages = 1;
}
}
/* Was : */
/* $a = &new Paginator_html($page, $total); */
/* but it's providing a "Assigning the return value of new by reference is deprecated" message. */
$a = new Paginator_html($page, $total);
$a->set_Limit($view_number);
$a->set_Links(4);
$whereami = "?s={$s}&m={$m}&x={$x}";
if (isset($tag) && $tag) {
$whereami = "?s={$s}&m={$m}&x={$x}&tag={$tag}";
}
if ($search_submit) {
$whereami = "?s={$s}&m={$m}&x={$x}&search_submit={$searchwords}";
}
echo "\n\t\t\t\t\t<div class=\"admin_table_holder pcontent\">\n\t\t\t\t\t";
$wheream = "?s={$s}&m={$m}&x={$x}&page={$page}";
if (isset($table_name) && $rows) {
if (isset($finalmax) && $finalmax) {
} else {
$finalmax = NULL;
}
$Table = new ShowTable($r, $exclude, $table_name, $view_number, $lo, $finalmax, $wheream, $type, $s);
$Table->DrawBody();
$loprint = $lo + 1;
echo "\n\t\t\t\t\t\t<div id=\"admin_table_overview\">\n\t\t\t\t\t\t\t<p>" . $lang['total_records'] . ": {$total} (" . $lang['showing_from_record'] . " {$loprint} " . $lang['to'] . " {$hi}) {$pages} " . $lang['page(s)'] . ".</p>\n\t\t\t\t\t\t</div>\n\n\t\t\t\t\t\t<div id=\"admin_table_pages\">\n\t\t\t\t\t\t\t";
echo "<p>";
$a->previousNext($whereami);
echo "</p>";
echo "\n\t\t\t\t\t\t</div>";
} else {
if ($search_submit or isset($tag) && $tag) {
echo "<div class=\"helper\"><h3>" . $lang['help'] . "</h3><p>" . $lang['helper_search'] . "</p></div>";
} else {
echo "<div class=\"helper\"><h3>" . $lang['help'] . "</h3><p>" . $lang['helper_nocontent'] . "</p></div>";
}
echo "\n\t\t\t\t\t</div>\n";
}
if ($rows) {
echo "\n\t\t\t\t\t</div>\n";
}
}
}
