Hacking(); } } else { Hacking(); } break; //################### Сохранение отредактированых ###################// //################### Сохранение отредактированых ###################// case "save": NoAjaxQuery(); if ($user_group[$user_info['user_group']]['addnews']) { //Подключаем парсер include ENGINE_DIR . '/classes/parse.php'; $parse = new parse(); $title = ajax_utf8(textFilter($_POST['title'], false, true)); $text = $parse->BBparse(ajax_utf8(textFilter($_POST['text']))); $id = intval($_POST['id']); function BBimg($source) { return "<img src=\"{$source}\" alt=\"\" />"; } $text = preg_replace("#\\[img\\](.*?)\\[/img\\]#ies", "\\BBimg('\\1')", $text); if (isset($title) and !empty($title) and isset($text) and !empty($text)) { $db->query("UPDATE `" . PREFIX . "_blog` SET title = '{$title}', story = '{$text}' WHERE id = '{$id}'"); } } die; break; //################### Загрузка фотографии ###################// //################### Загрузка фотографии ###################// case "upload":
} //Если добавляем if (isset($_POST['save'])) { $ban_date = intval($_POST['days']); $this_time = $ban_date ? $server_time + $ban_date * 60 * 60 * 24 : 0; if ($this_time) { $always = 1; } else { $always = 0; } if (isset($_POST['ip'])) { $ip = $db->safesql(htmlspecialchars(strip_tags(trim($_POST['ip'])))); } else { $ip = ""; } $descr = textFilter($_POST['descr']); if ($ip) { $row = $db->super_query("SELECT id FROM `" . PREFIX . "_banned` WHERE ip ='" . $ip . "'"); if ($row) { msgbox('Ошибка', 'Этот IP уже добавлен под фильтр', '?mod=ban'); } else { $db->query("INSERT INTO `" . PREFIX . "_banned` SET descr = '" . $descr . "', date = '" . $this_time . "', always = '" . $always . "', ip = '" . $ip . "'"); @unlink(ENGINE_DIR . '/cache/system/banned.php'); header("Location: ?mod=ban"); } } else { msgbox('Ошибка', 'Укажите IP который нужно добавить под фильтр', 'javascript:history.go(-1)'); } } else { echoheader(); //Разблокировка
} else { msgbox('Ошибка', 'Сообщество не найдено', '?mod=groups'); } die; } echoheader(); $se_uid = intval($_GET['se_uid']); if (!$se_uid) { $se_uid = ''; } $se_user_id = intval($_GET['se_user_id']); if (!$se_user_id) { $se_user_id = ''; } $sort = intval($_GET['sort']); $se_name = textFilter($_GET['se_name'], false, true); if ($se_uid or $sort or $se_name or $se_user_id or $_GET['ban'] or $_GET['delet']) { if ($se_uid) { $where_sql .= "AND id = '" . $se_uid . "' "; } if ($se_user_id) { $where_sql .= "AND real_admin = '" . $se_user_id . "' "; } $query = strtr($se_name, array(' ' => '%')); //Замеянем пробелы на проценты чтоб тоиск был точнее if ($se_name) { $where_sql .= "AND title LIKE '%" . $query . "%' "; } if ($_GET['ban']) { $where_sql .= "AND ban = 1 "; $checked_ban = "checked";
$wall = new wall(); $wall->query("SELECT SQL_CALC_FOUND_ROWS tb1.id, text, public_id, add_date, fasts_num, attach, likes_num, likes_users, tell_uid, public, tell_date, tell_comm, tb2.title, photo, comments FROM `" . PREFIX . "_communities_wall` tb1, `" . PREFIX . "_communities` tb2 WHERE tb1.public_id = '{$id}' AND tb1.public_id = tb2.id AND fast_comm_id = 0 ORDER by `add_date` DESC LIMIT 0, {$limit_select}"); $wall->template('groups/record.tpl'); $wall->compile('content'); $wall->select($public_admin, $server_time); AjaxTpl(); } die; break; //################### Добавление комментария к записи ###################// //################### Добавление комментария к записи ###################// case "wall_send_comm": NoAjaxQuery(); $rec_id = intval($_POST['rec_id']); $public_id = intval($_POST['public_id']); $wall_text = ajax_utf8(textFilter($_POST['wall_text'])); //Проверка на админа и проверяем включены ли комменты $row = $db->super_query("SELECT tb1.fasts_num, tb2.admin, comments FROM `" . PREFIX . "_communities_wall` tb1, `" . PREFIX . "_communities` tb2 WHERE tb1.public_id = tb2.id AND tb1.id = '{$rec_id}'"); if ($row['comments'] or stripos($row['admin'], "u{$user_id}|") !== false and isset($wall_text) and !empty($wall_text)) { //Вставляем саму запись в БД $db->query("INSERT INTO `" . PREFIX . "_communities_wall` SET public_id = '{$user_id}', text = '{$wall_text}', add_date = '{$server_time}', fast_comm_id = '{$rec_id}'"); $db->query("UPDATE `" . PREFIX . "_communities_wall` SET fasts_num = fasts_num+1 WHERE id = '{$rec_id}'"); $row['fasts_num'] = $row['fasts_num'] + 1; if ($row['fasts_num'] > 3) { $comments_limit = $row['fasts_num'] - 3; } else { $comments_limit = 0; } $sql_comments = $db->super_query("SELECT SQL_CALC_FOUND_ROWS tb1.id, public_id, text, add_date, tb2.user_photo, user_search_pref FROM `" . PREFIX . "_communities_wall` tb1, `" . PREFIX . "_users` tb2 WHERE tb1.public_id = tb2.user_id AND tb1.fast_comm_id = '{$rec_id}' ORDER by `add_date` ASC LIMIT {$comments_limit}, 3", 1); //Загружаем кнопку "Показать N запсии" $tpl->load_template('groups/record.tpl');
/* Appointment: Личные настройки File: mysettings.php */ if (!defined('MOZG')) { die('Hacking attempt!'); } $row = $db->super_query("SELECT user_email, user_name, user_lastname, user_password FROM `" . PREFIX . "_users` WHERE user_id = '" . $user_info['user_id'] . "'"); //Если сохраянем if (isset($_POST['save'])) { $old_pass = md5(md5(GetVar($_POST['old_pass']))); $new_pass = md5(md5(GetVar($_POST['new_pass']))); $user_name = textFilter($_POST['name'], false, true); $user_lastname = textFilter($_POST['lastname'], false, true); $user_email = textFilter($_POST['email'], false, true); $errors = array(); //Проверка имени if (isset($user_name)) { if (strlen($user_name) >= 2) { if (!preg_match("/^[a-zA-Zа-яА-Я]+\$/", $user_name)) { $errors[] = 'Введите имя'; } } else { $errors[] = 'Введите имя'; } } else { $errors[] = 'Введите имя'; } //Проверка фамилии if (isset($user_lastname)) {
$fid = intval($_POST['fid']); $row = $db->super_query("SELECT fuser_id, public_id FROM `" . PREFIX . "_communities_forum` WHERE fid = '{$fid}'"); $row2 = $db->super_query("SELECT admin, discussion FROM `" . PREFIX . "_communities` WHERE id = '{$row['public_id']}'"); if (stripos($row2['admin'], "u{$user_id}|") !== false) { $public_admin = true; } else { $public_admin = false; } if ($user_info['user_group'] == 1 or $public_admin or $row['fuser_id'] == $user_id and $row2['discussion']) { //Голосование $vote_title = ajax_utf8(textFilter($_POST['vote_title'], false, true)); $vote_answer_1 = ajax_utf8(textFilter($_POST['vote_answer_1'], false, true)); $ansers_list = array(); if (isset($vote_title) and !empty($vote_title) and isset($vote_answer_1) and !empty($vote_answer_1)) { for ($vote_i = 1; $vote_i <= 10; $vote_i++) { $vote_answer = ajax_utf8(textFilter($_POST['vote_answer_' . $vote_i], false, true)); $vote_answer = str_replace('|', '|', $vote_answer); if ($vote_answer) { $ansers_list[] = $vote_answer; } } $sql_answers_list = implode('|', $ansers_list); //Вставляем голосование в БД $db->query("INSERT INTO `" . PREFIX . "_votes` SET title = '{$vote_title}', answers = '{$sql_answers_list}'"); $db->query("UPDATE `" . PREFIX . "_communities_forum` SET vote = '{$db->insert_id()}' WHERE fid = '{$fid}'"); } } exit; break; //################### Просмотр темы ###################// //################### Просмотр темы ###################//
/* Appointment: Пользователи File: users.php */ if (!defined('MOZG')) { die('Hacking attempt!'); } echoheader(); $se_uid = intval($_GET['se_uid']); if (!$se_uid) { $se_uid = ''; } $sort = intval($_GET['sort']); $se_name = textFilter($_GET['se_name'], false, true); $se_email = textFilter($_GET['se_email'], false, true); $ban = $_GET['ban']; $delet = $_GET['delet']; if ($se_uid or $sort or $se_name or $se_email or $ban or $delet or $_GET['regdate']) { $where_sql .= "WHERE user_email != ''"; if ($se_uid) { $where_sql .= "AND user_id = '" . $se_uid . "' "; } if ($se_name) { $where_sql .= "AND user_search_pref LIKE '%" . $se_name . "%' "; } if ($se_email) { $where_sql .= "AND user_email LIKE '%" . $se_email . "%' "; } if ($ban) { $where_sql .= "AND user_ban = 1 ";
$db->query("DELETE FROM `" . PREFIX . "_static` WHERE id = '" . $id . "'"); header("Location: ?mod=static"); } //Редактирование if ($_GET['act'] == 'edit') { $id = intval($_GET['id']); $row = $db->super_query("SELECT title, alt_name, text FROM `" . PREFIX . "_static` WHERE id = '" . $id . "'"); if ($row) { //Сохраняем if (isset($_POST['save_edit'])) { //Подключаем парсер include_once ENGINE_DIR . '/classes/parse.php'; $parse = new parse(); $title = textFilter($_POST['title'], false, true); $alt_name = totranslit($_POST['alt_name']); $text = $parse->BBparse(textFilter($_POST['text'])); if (isset($title) and !empty($title) and isset($text) and !empty($text) and isset($alt_name) and !empty($alt_name)) { $db->query("UPDATE`" . PREFIX . "_static` SET alt_name = '" . $alt_name . "', title = '" . $title . "', text = '" . $text . "' WHERE id = '" . $id . "'"); header("Location: ?mod=static"); } else { msgbox('Ошибка', 'Все поля обязательны к заполнению', 'javascript:history.go(-1)'); } die; } echoheader(); $row['title'] = stripslashes($row['title']); //Подключаем парсер include_once ENGINE_DIR . '/classes/parse.php'; $parse = new parse(); $row['text'] = $parse->BBdecode(myBrRn(stripslashes($row['text']))); echohtmlstart('Редактирование страницы');
if (!$user_usr) { $user_usr = $l_anonymous; } if (trim($_POST['topicTitle']) == '' and trim($_POST['postText']) == '') { $action = 'vtopic'; return; } elseif (trim($_POST['topicTitle']) == '') { $errorMSG = $l_topiccannotempty; $correctErr = $backErrorLink; $title .= $l_topiccannotempty; echo load_header(); echo ParseTpl(makeUp('main_warning')); return; } else { $TT = $_POST['topicTitle']; $topicTitle = textFilter($_POST['topicTitle'], $topic_max_length, $post_word_maxlength, 0, 1, 0, $user_id); } $poster_ip = getIP(); if (db_simpleSelect(0, $Tf, 'forum_id', 'forum_id', '=', $forum)) { if ($postRange == 0) { $antiSpam = 0; } else { if ($user_id == 0) { $fields = array('poster_ip', $poster_ip); } else { $fields = array('poster_id', $user_id); } if ($antiSpam = db_simpleSelect(0, $Tp, 'count(*)', $fields[0], '=', $fields[1], '', '', 'now()-post_time', '<', $postRange)) { $antiSpam = $antiSpam[0]; } else { $antiSpam = 1;
*/ if (!defined('MOZG')) { die('Hacking attempt!'); } //Проверяем была ли нажата кнопка, если нет, то делаем редирект на главную if (!$logged) { NoAjaxQuery(); //Код безопасности $session_sec_code = $_SESSION['sec_code']; $sec_code = $_POST['sec_code']; //Если код введные юзером совпадает, то пропускаем, иначе выводим ошибку if ($sec_code == $session_sec_code) { //Входные POST Данные $user_name = ajax_utf8(textFilter($_POST['name'], false, true)); $user_lastname = ajax_utf8(textFilter($_POST['lastname'], false, true)); $user_email = ajax_utf8(textFilter($_POST['email'], false, true)); $user_name = ucfirst($user_name); $user_lastname = ucfirst($user_lastname); $user_sex = intval($_POST['sex']); if ($user_sex < 0 or $user_sex > 2) { $user_sex = 0; } $user_day = intval($_POST['day']); if ($user_day < 0 or $user_day > 31) { $user_day = 0; } $user_month = intval($_POST['month']); if ($user_month < 0 or $user_month > 12) { $user_month = 0; } $user_year = intval($_POST['year']);
} if ($public_admin) { $db->query("INSERT INTO `" . PREFIX . "_communities_audio` SET public_id = '{$pid}', url = '" . $db->safesql($check['url']) . "', artist = '" . $db->safesql($check['artist']) . "', name = '" . $db->safesql($check['name']) . "', adate = '{$server_time}'"); $db->query("UPDATE `" . PREFIX . "_communities` SET audio_num = audio_num+1 WHERE id = '{$pid}'"); mozg_clear_cache_file("groups/audio{$pid}"); } exit; break; //################### Сохранение отредактированых данных ###################// //################### Сохранение отредактированых данных ###################// case "editsave": NoAjaxQuery(); $aid = intval($_POST['aid']); $pid = intval($_POST['pid']); $artist = ajax_utf8(textFilter($_POST['artist'], false, true)); $name = ajax_utf8(textFilter($_POST['name'], false, true)); if (isset($artist) and empty($artist)) { $artist = 'Неизвестный исполнитель'; } if (isset($name) and empty($name)) { $name = 'Без названия'; } $infoGroup = $db->super_query("SELECT admin FROM `" . PREFIX . "_communities` WHERE id = '{$pid}'"); if (stripos($infoGroup['admin'], "u{$user_id}|") !== false) { $public_admin = true; } else { $public_admin = false; } if ($public_admin) { $db->query("UPDATE `" . PREFIX . "_communities_audio` SET artist = '{$artist}', name = '{$name}' WHERE aid = '{$aid}'"); mozg_clear_cache_file("groups/audio{$pid}");
<?php /* Appointment: Отправка массовых сообщений File: mail.php */ if (!defined('MOZG')) { die('Hacking attempt!'); } $act = $_GET['act']; switch ($act) { //################### Начало рассылки ###################// case "send": $limit = intval($_POST['limit']); $lastid = intval($_POST['lastid']); $title = textFilter(ajax_utf8($_POST['title']), false, true); $_POST['text'] = ajax_utf8($_POST['text']); $sql_ = $db->super_query("SELECT SQL_CALC_FOUND_ROWS user_search_pref, user_email FROM `" . PREFIX . "_users` ORDER by `user_id` ASC LIMIT " . $lastid . ", " . $limit, 1); if ($sql_) { include_once ENGINE_DIR . '/classes/mail.php'; $mail = new dle_mail($config, true); foreach ($sql_ as $row) { $find = array('/data:/i', '/about:/i', '/vbscript:/i', '/onclick/i', '/onload/i', '/onunload/i', '/onabort/i', '/onerror/i', '/onblur/i', '/onchange/i', '/onfocus/i', '/onreset/i', '/onsubmit/i', '/ondblclick/i', '/onkeydown/i', '/onkeypress/i', '/onkeyup/i', '/onmousedown/i', '/onmouseup/i', '/onmouseover/i', '/onmouseout/i', '/onselect/i', '/javascript/i', '/javascript/i'); $replace = array("data:", "about:", "vbscript<b></b>:", "onclick", "onload", "onunload", "onabort", "onerror", "onblur", "onchange", "onfocus", "onreset", "onsubmit", "ondblclick", "onkeydown", "onkeypress", "onkeyup", "onmousedown", "onmouseup", "onmouseover", "onmouseout", "onselect", "javascript"); $message_send = preg_replace($find, $replace, $_POST['text']); $message_send = preg_replace("#<iframe#i", "<iframe", $message_send); $message_send = preg_replace("#<script#i", "<script", $message_send); $message_send = str_replace("<?", "<?", $message_send); $message_send = str_replace("?>", "?>", $message_send); $message_send = $db->safesql($message_send); $message_send = str_replace("{%user-name%}", $row['user_search_pref'], $_POST['text']);
$type = strtolower(end(explode(".", $file_name))); // формат файла if ($type == 'mp3' and $config['audio_mod_add'] == 'yes' and $file_size < 10000000) { $audio_dir = ROOT_DIR . '/uploads/audio/' . $user_id . '/'; if (!is_dir($audio_dir)) { @mkdir($audio_dir, 0777); @chmod($audio_dir, 0777); } $res_type = '.' . $type; if (move_uploaded_file($file_tmp, $audio_dir . $file_rename . $res_type)) { //Узнаем исполнителя и название песни по id3 include ENGINE_DIR . "/classes/id3v2.php"; $id3v2 = new Id3v2(); $res = $id3v2->read(ROOT_DIR . '/uploads/audio/' . $user_id . '/' . $file_rename . $res_type); $artist = ajax_utf8(textFilter($res['Artist'], false, true)); $name = ajax_utf8(textFilter($res['Title'], false, true)); if (isset($artist) and empty($artist)) { $artist = 'Неизвестный исполнитель'; } if (isset($name) and empty($name)) { $name = 'Без названия'; } $lnk = $config['home_url'] . 'uploads/audio/' . $user_id . '/' . $file_rename . $res_type; $db->query("INSERT INTO `" . PREFIX . "_audio` SET auser_id = '" . $user_id . "', url = '" . $lnk . "', artist = '" . $artist . "', name = '" . $name . "', adate = '" . $server_time . "'"); $db->query("UPDATE `" . PREFIX . "_users` SET user_audio = user_audio+1 WHERE user_id = '" . $user_id . "'"); mozg_mass_clear_cache_file('user_' . $user_id . '/audios_profile|user_' . $user_id . '/profile_' . $user_id); } else { echo 1; } } else { echo 1;
if (strlen($TT) > 0 and strlen($TT) < $post_text_minlength) { $TT = ''; } if ($TT == '' and trim($_POST['postText']) == '') { $action = 'vtopic'; return; } elseif ($TT == '' or $TT == '#GET#') { $errorMSG = $l_topiccannotempty; $correctErr = $backErrorLink; $title .= $l_topiccannotempty; echo load_header(); echo ParseTpl(makeUp('main_warning')); return; } else { $TT = str_replace(array(' ', ' '), '', $TT); $topicTitle = textFilter($TT, $topic_max_length, $post_word_maxlength, 0, 1, 0, $user_id, 255); } $poster_ip = getIP(); if (db_simpleSelect(0, $Tf, 'forum_id', 'forum_id', '=', $forum)) { if ($postRange == 0) { $antiSpam = 0; } else { if ($user_id == 0) { $fields = array('poster_ip', $poster_ip); } else { $fields = array('poster_id', $user_id); } if ($asTime = db_simpleSelect(0, $Tp, 'post_time', $fields[0], '=', $fields[1], 'post_id DESC', '1')) { $asTime = time() - strtotime($asTime[0]); if ($asTime <= $postRange) { $antiSpam = 1;
<? /* Author: Andrey Goglev VK: https://vk.com/ru151 */ ajax_only(); $logged or die('{"err":"nolog"}'); $act = $_POST['act']; switch($act){ case 'list': $q = textFilter($_POST['val']); $doload = intval($_POST['doload']); $s_w = $q ? "AND CONCAT(name, ' ', lname) LIKE '%{$q}%'" : ''; $limit = 20; $page = isset($_POST['page']) ? intval($_POST['page'])*$limit : 0; $sql_ = mysql_query("SELECT uid, name, lname FROM `users` WHERE uid != '{$uid}' {$s_w} ORDER by uid LIMIT {$page}, {$limit}", 1); $res = ''; if($sql_){ $friend = new Memcache; $friend->addServer('localhost', FR1_PORT); foreach($sql_ as $row){
}else{ $counts[$peer] += 1; if($ids) $ids_res[$peer][] = $new_messages[$i]; } } return array('all' => $new_messages[0], 'peers' => $counts, 'unicue' => count($counts), 'ids' => $ids_res); } switch($act){ case 'send': ajax_only(); $peer = intval($_POST['peer']); $msg = textFilter($_POST['msg']); if(!$msg) echo json_encode(array('err' => 1)); $bayes = new Memcache; $bayes->addServer('localhost', BAY_PORT); $random_tag = mt_rand(1111111, 9999999); $bayes->set("current_text{$random_tag}", "\x1uid\x20{$uid}\t\x1out\x201\t".$msg); $test_spam = $bayes->get("test{$random_tag}"); $random_tag2 = mt_rand(1111111, 9999999); $bayes->set("current_text{$random_tag2}", "\x1uid\x20{$peer}\t".$msg); $test_spam2 = $bayes->get("test{$random_tag2}"); if($test_spam == 'spam' || $test_spam2 == 'spam'){
$tpl->set('{privacy-text}', strtr($album_privacy[0], array('1' => 'Все пользователи', '2' => 'Только друзья', '3' => 'Только я'))); $tpl->set('{privacy-comment}', $album_privacy[1]); $tpl->set('{privacy-comment-text}', strtr($album_privacy[1], array('1' => 'Все пользователи', '2' => 'Только друзья', '3' => 'Только я'))); $tpl->compile('content'); AjaxTpl(); } die; break; //################### Сохранение настроек альбома ###################// //################### Сохранение настроек альбома ###################// case "save_album": NoAjaxQuery(); $id = intval($_POST['id']); $user_id = $user_info['user_id']; $name = ajax_utf8(textFilter($_POST['name'], false, true)); $descr = ajax_utf8(textFilter($_POST['descr'])); $privacy = intval($_POST['privacy']); $privacy_comm = intval($_POST['privacy_comm']); if ($privacy <= 0 or $privacy > 3) { $privacy = 1; } if ($privacy_comm <= 0 or $privacy_comm > 3) { $privacy_comm = 1; } $sql_privacy = $privacy . '|' . $privacy_comm; //Проверка на существование юзера $chekc_user = $db->super_query("SELECT privacy FROM `" . PREFIX . "_albums` WHERE aid = '{$id}' AND user_id = '{$user_id}'"); if ($chekc_user) { if (isset($name) and !empty($name)) { $db->query("UPDATE `" . PREFIX . "_albums` SET name = '{$name}', descr = '{$descr}', privacy = '{$sql_privacy}' WHERE aid = '{$id}'"); echo stripslashes($name) . '|#|||#row#|||#|' . stripslashes($descr);
<?php /* Appointment: Статус File: status.php */ if (!defined('MOZG')) { die('Hacking attempt!'); } NoAjaxQuery(); if ($logged) { $user_id = $user_info['user_id']; $text = ajax_utf8(textFilter($_POST['text'], false, true)); $db->query("UPDATE `" . PREFIX . "_users` SET user_status = '{$text}' WHERE user_id = '{$user_id}'"); echo stripslashes(stripslashes(textFilter(ajax_utf8($_POST['text'])))); //Чистим кеш mozg_clear_cache_file('user_' . $user_id . '/profile_' . $user_id); mozg_clear_cache(); } die;
$user_info = array(); $logged = false; } //Если юзер нажимает "Главная" то скидываем на его стр. $host_site = $_SERVER['QUERY_STRING']; if ($logged and !$host_site) { header('Location: /id' . $user_info['user_id']); } } else { $user_info = array(); $logged = false; } //Если данные поступили через пост и пользователь не авторизован if (isset($_POST['log_in']) and !$logged) { //Приготавливаем данные $email = textFilter(strip_tags($_POST['email'])); $password = md5(md5(GetVar($_POST['password']))); //Проверяем правильность e-mail if (!preg_match('/^(("[\\w-\\s]+")|([\\w-]+(?:\\.[\\w-]+)*)|("[\\w-\\s]+")([\\w-]+(?:\\.[\\w-]+)*))(@((?:[\\w-]+\\.)*\\w[\\w-]{0,66})\\.([a-z]{2,6}(?:\\.[a-z]{2})?)$)|(@\\[?((25[0-5]\\.|2[0-4][0-9]\\.|1[0-9]{2}\\.|[0-9]{1,2}\\.))((25[0-5]|2[0-4][0-9]|1[0-9]{2}|[0-9]{1,2})\\.){2}(25[0-5]|2[0-4][0-9]|1[0-9]{2}|[0-9]{1,2})\\]?$)/i', $email)) { msgbox('', $lang['not_loggin'] . '<br /><a href="/restore" onClick="Page.Go(this.href); return false">Забыли пароль?</a>', 'info_red'); } else { //Считаем кол-во символов в пароле и email if (isset($email) and !empty($email)) { $check_user = $db->super_query("SELECT user_id FROM `" . PREFIX . "_users` WHERE user_email = '" . $email . "' AND user_password = '******'"); //Если есть юзер то пропускаем if ($check_user) { //Hash ID $hid = $password . md5(md5($_IP)); //Обновляем хэш входа $db->query("UPDATE `" . PREFIX . "_users` SET user_hid = '" . $hid . "' WHERE user_id = '" . $check_user['user_id'] . "'"); //Удаляем все рание события
$eMatch = $_POST['eMatch']; } elseif (isset($_GET['exact'])) { $exact = $_GET['exact']; } if ((preg_match("/^([A-Z]{1,2})([0-9]{1,2}[A-Z]?) *([0-9])([A-Z]{0,2})\$/", strtoupper($searchFor)) || preg_match("/^([a-zA-Z]{1,3}) ?(\\d{2,5})[ \\.]?(\\d{2,5})\$/", $searchFor)) && ($searchForum == 0 || $searchForum == $CONF['forum_gridsquare'])) { header("Location:http://{$_SERVER['HTTP_HOST']}/discuss/search.php?q={$searchFor}"); print "<a href=\"http://{$_SERVER['HTTP_HOST']}/discuss/search.php?q={$searchFor}\">View Search Results</a>"; exit; } $searchWhere += 0; $searchHow += 0; $searchForum += 0; $word = 0; $min = 2; $i = 0; $searchFor = textFilter($searchFor, 100, $post_word_maxlength, 0, 1, 0, 0); $days = substr($days, 0, 4) + 0; $sCA = array($Tp . ',' . $Tt, $Tt, $Tp); $sTA = array($Tp, $Tt, $Tp); $sTTA = array('post_time', 'topic_time', 'post_time'); if ($searchWhere == 0) { $whereGenAr = array($Tp . '.post_text', $Tt . '.topic_title'); } elseif ($searchWhere == 1) { $whereGenAr = array('topic_title', ''); } elseif ($searchWhere == 2) { $whereGenAr = array($Tp . '.poster_name', ''); } if (isset($eMatch) && $eMatch == 'on' || isset($exact) && $exact) { $exact = 1; $eMatch = 'checked'; } else {
if ($ajax == 'yes') { NoAjaxQuery(); } if ($logged) { $act = $_GET['act']; $user_id = $user_info['user_id']; switch ($act) { //################### Отправка сообщения ###################// case "send": NoAjaxQuery(); $for_user_id = intval($_POST['for_user_id']); $msg = ajax_utf8(textFilter($_POST['msg'])); $attach_files = ajax_utf8(textFilter($_POST['attach_files'])); $my_ava = ajax_utf8(textFilter($_POST['my_ava'], false, true)); $my_name = ajax_utf8(textFilter($_POST['my_name'], false, true)); $attach_files = ajax_utf8(textFilter($_POST['attach_files'], false, true)); $attach_files = str_replace('vote|', 'hack|', $attach_files); if ($user_id != $for_user_id and $for_user_id and isset($msg) and !empty($msg) or isset($attach_files) or !empty($attach_files)) { //Проверка на существование получателя $row = $db->super_query("SELECT user_privacy FROM `" . PREFIX . "_users` WHERE user_id = '" . $for_user_id . "'"); if ($row) { //Приватность $user_privacy = xfieldsdataload($row['user_privacy']); //ЧС $CheckBlackList = CheckBlackList($for_user_id); //Проверка естьли запрашиваемый юзер в друзьях у юзера который смотрит стр if ($user_privacy['val_msg'] == 2) { $check_friend = CheckFriends($for_user_id); } if (!$CheckBlackList and $user_privacy['val_msg'] == 1 or $user_privacy['val_msg'] == 2 and $check_friend) { $xPrivasy = 1;
$newpostedxfields[$value[0]] = $postedxfields[$value[0]]; if ($value[2] == "select") { $options = explode("\r\n", $value[3]); $newpostedxfields[$value[0]] = $options[$postedxfields[$value[0]]] . '|1'; } } $postedxfields = $newpostedxfields; foreach ($postedxfields as $xfielddataname => $xfielddatavalue) { if (!$xfielddatavalue) { continue; } $expxfielddatavalue = explode('|', $xfielddatavalue); if ($expxfielddatavalue[1]) { $xfielddatavalue = str_replace('|1', '', textFilter($xfielddatavalue)); } else { $xfielddatavalue = ajax_utf8(textFilter($xfielddatavalue)); } $xfielddataname = $db->safesql($xfielddataname); if (isset($xfielddatavalue) and !empty($xfielddatavalue)) { $xfielddataname = str_replace("|", "|", $xfielddataname); $xfielddatavalue = str_replace("|", "|", $xfielddatavalue); $filecontents[] = "{$xfielddataname}|{$xfielddatavalue}"; } } if ($filecontents) { $filecontents = implode("||", $filecontents); } else { $filecontents = ''; } $db->query("UPDATE `" . PREFIX . "_users` SET xfields = '{$filecontents}' WHERE user_id = '{$user_info['user_id']}'"); mozg_clear_cache_file('user_' . $user_info['user_id'] . '/profile_' . $user_info['user_id']);
<?php /* Appointment: ∆алобы File: report.php */ if (!defined('MOZG')) { die('Hacking attempt!'); } NoAjaxQuery(); if ($logged) { $act = textFilter($_POST['act']); $mid = intval($_POST['id']); $type_report = intval($_POST['type_report']); $text_report = ajax_utf8(textFilter($_POST['text_report'])); $arr_act = array('photo', 'video', 'note', 'wall'); if ($act == 'wall') { $type_report = 6; } if (in_array($act, $arr_act) and $mid and $type_report <= 6 and $type_report > 0) { $check = $db->super_query("SELECT COUNT(*) AS cnt FROM `" . PREFIX . "_report` WHERE ruser_id = '" . $user_info['user_id'] . "' AND mid = '" . $mid . "' AND act = '" . $act . "'"); if (!$check['cnt']) { $db->query("INSERT INTO `" . PREFIX . "_report` SET act = '" . $act . "', type = '" . $type_report . "', text = '" . $text_report . "', mid = '" . $mid . "', date = '" . $server_time . "', ruser_id = '" . $user_info['user_id'] . "'"); } } } die;
<?php /* Appointment: Города File: city.php */ if (!defined('MOZG')) { die('Hacking attempt!'); } //Добавление if (isset($_POST['add'])) { $country = intval($_POST['country']); $city = textFilter($_POST['city'], false, true); if (isset($city) and !empty($city) and $country) { $row = $db->super_query("SELECT COUNT(*) AS cnt FROM `" . PREFIX . "_city` WHERE name = '" . $city . "' AND id_country = '" . $country . "'"); if (!$row['cnt']) { $db->query("INSERT INTO `" . PREFIX . "_city` SET name = '" . $city . "', id_country = '" . $country . "'"); system_mozg_clear_cache_file('country_city_' . $country); msgbox('Информация', 'Город успешно добавлен', '?mod=city'); } else { msgbox('Ошибка', 'Такой город уже добавлен', 'javascript:history.go(-1)'); } } else { msgbox('Ошибка', 'Все поля объязательны', 'javascript:history.go(-1)'); } die; } //Удаление if ($_GET['act'] == 'del') { $id = intval($_GET['id']); $row = $db->super_query("SELECT id_country FROM `" . PREFIX . "_city` WHERE id = '" . $id . "'");
if ($check['user_photo']) { $check['user_photo'] = "/uploads/users/{$check['user_id']}/50_{$check['user_photo']}"; } else { $check['user_photo'] = "{theme}/images/no_ava_50.png"; } echo $check['user_search_pref'] . "|" . $check['user_photo']; } else { echo 'no_user'; } die; break; //################### Отправка данных на почту на воостановления ###################// //################### Отправка данных на почту на воостановления ###################// case "send": NoAjaxQuery(); $email = ajax_utf8(textFilter($_POST['email'])); $check = $db->super_query("SELECT user_name FROM `" . PREFIX . "_users` WHERE user_email = '{$email}'"); if ($check) { //Удаляем все предыдущие запросы на воостановление $db->query("DELETE FROM `" . PREFIX . "_restore` WHERE email = '{$email}'"); $salt = "abchefghjkmnpqrstuvwxyz0123456789"; for ($i = 0; $i < 15; $i++) { $rand_lost .= $salt[rand(0, 33)]; } $hash = md5($server_time . $email . rand(0, 100000) . $rand_lost . $check['user_name']); //Вставляем в базу $db->query("INSERT INTO `" . PREFIX . "_restore` SET email = '{$email}', hash = '{$hash}', ip = '{$_IP}'"); //Отправляем письмо на почту для воостановления include_once ENGINE_DIR . '/classes/mail.php'; $mail = new dle_mail($config); $message = <<<HTML
<?php if (isset($_POST['prevForm']) and trim($_POST['postText']) != '') { require $pathToFiles . 'bb_func_txt.php'; $logged_admin = $user_id == 1 ? 1 : 0; $disbbcode = (isset($_POST['disbbcode']) and $_POST['disbbcode'] == 1 ? 1 : 0); $topicTitle2 = stripslashes(textFilter($_POST['topicTitle'], $topic_max_length, $post_word_maxlength, 0, 1, 0, 0)); $postText2 = stripslashes(textFilter($_POST['postText'], $post_text_maxlength, $post_word_maxlength, 1, $disbbcode, 1, $logged_admin)); if (empty($CONF['disable_discuss_thumbs']) && preg_match_all('/\\[\\[(\\[?)(\\w{0,3} ?\\d+ ?\\d*)(\\]?)\\]\\]/', $postText2, $g_matches)) { $thumb_count = 0; foreach ($g_matches[2] as $i => $g_id) { if (is_numeric($g_id)) { if ($global_thumb_count > $CONF['global_thumb_limit'] || $thumb_count > $CONF['post_thumb_limit']) { $posterText = preg_replace("/\\[?\\[\\[{$g_id}\\]\\]\\]?/", "[[<a href=\"http://{$_SERVER['HTTP_HOST']}/photo/{$g_id}\">{$g_id}</a>]]", $posterText); } else { if (!isset($g_image)) { require_once 'geograph/gridimage.class.php'; require_once 'geograph/gridsquare.class.php'; $g_image = new GridImage(); } $ok = $g_image->loadFromId($g_id); if ($ok && $g_image->moderation_status == 'rejected' && (!isset($userRanks[$cc]) || $userRanks[$cc] == 'Member')) { $ok = false; } if ($ok) { if ($g_matches[1][$i]) { $g_img = $g_image->getThumbnail(120, 120, false, true); #$g_img = preg_replace('/alt="(.*?)"/','alt="'.$g_image->grid_reference.' : \1 by '.$g_image->realname.'"',$g_img); $g_title = $g_image->grid_reference . ' : ' . htmlentities($g_image->title) . ' by ' . $g_image->realname; $postText2 = str_replace("[[[{$g_id}]]]", "<a href=\"http://{$_SERVER['HTTP_HOST']}/photo/{$g_id}\" target=\"_blank\" title=\"{$g_title}\">{$g_img}</a>", $postText2); } else {
if (isset($emptySubscribe) and $emptySubscribe and $user_id != 0 and isset($_POST['CheckSendMail']) and emailCheckBox() != '' and substr(emailCheckBox(), 0, 8) != '<!--U-->') { $ae = db_simpleSelect(0, $Ts, 'count(*)', 'user_id', '=', $user_id, '', '', 'topic_id', '=', $topic); $ae = $ae[0]; if ($ae == 0) { $topic_id = $topic; insertArray(array('user_id', 'topic_id'), $Ts); } } return; } if (!isset($_POST['disbbcode'])) { $disbbcode = FALSE; } else { $disbbcode = TRUE; } $postText = textFilter($postText, $post_text_maxlength, $post_word_maxlength, 1, $disbbcode, 1, $user_id); $poster_ip = getIP(); //Posting query with anti-spam protection if ($row = db_simpleSelect(0, $Tt, 'topic_id', 'forum_id', '=', $forum, '', '', 'topic_id', '=', $topic)) { if ($postRange == 0) { $antiSpam = 0; } else { if ($user_id == 0) { $fields = array('poster_ip', $poster_ip); } else { $fields = array('poster_id', $user_id); } if ($antiSpam = db_simpleSelect(0, $Tp, 'count(*)', $fields[0], '=', $fields[1], '', '', 'now()-post_time', '<', $postRange)) { $antiSpam = $antiSpam[0]; } else { $antiSpam = 1;
/* Appointment: Просмотр фотографии File: photo.php */ if (!defined('MOZG')) { die('Hacking attempt!'); } if ($logged) { $act = $_GET['act']; $user_id = $user_info['user_id']; switch ($act) { //################### Добавления комментария ###################// case "addcomm": NoAjaxQuery(); $pid = intval($_POST['pid']); $comment = ajax_utf8(textFilter($_POST['comment'])); $date = date('Y-m-d H:i:s', $server_time); $hash = md5($user_id . $server_time . $_IP . $user_info['user_email'] . rand(0, 1000000000)) . $comment . $pid; $check_photo = $db->super_query("SELECT album_id, user_id, photo_name FROM `" . PREFIX . "_photos` WHERE id = '{$pid}'"); //Проверка естьли запрашиваемый юзер в друзьях у юзера который смотрит стр if ($user_info['user_id'] != $check_photo['user_id']) { $check_friend = CheckFriends($check_photo['user_id']); $row_album = $db->super_query("SELECT privacy FROM `" . PREFIX . "_albums` WHERE aid = '{$check_photo['album_id']}'"); $album_privacy = explode('|', $row_album['privacy']); } //ЧС $CheckBlackList = CheckBlackList($check_photo['user_id']); //Проверка на существование фотки и приватность if (!$CheckBlackList and $check_photo and $album_privacy[1] == 1 or $album_privacy[1] == 2 and $check_friend or $user_info['user_id'] == $check_photo['user_id']) { $db->query("INSERT INTO `" . PREFIX . "_photos_comments` (pid, user_id, text, date, hash, album_id, owner_id, photo_name) VALUES ('{$pid}', '{$user_id}', '{$comment}', '{$date}', '{$hash}', '{$check_photo['album_id']}', '{$check_photo['user_id']}', '{$check_photo['photo_name']}')"); $id = $db->insert_id();
$user_id = $user_info['user_id']; if ($_GET['page'] > 0) { $page = intval($_GET['page']); } else { $page = 1; } $gcount = 20; $limit_page = ($page - 1) * $gcount; switch ($act) { //################### Отправка сообщения ###################// case "send": NoAjaxQuery(); $for_user_id = intval($_POST['for_user_id']); $theme = ajax_utf8(textFilter(strip_tags($_POST['theme']))); $msg = ajax_utf8(textFilter($_POST['msg'])); $attach_files = ajax_utf8(textFilter($_POST['attach_files'])); $attach_files = str_replace('vote|', 'hack|', $attach_files); if (!$theme) { $theme = '...'; } if ($user_id != $for_user_id and $for_user_id and isset($msg) and !empty($msg) or isset($attach_files) or !empty($attach_files)) { //Проверка на существование получателя $row = $db->super_query("SELECT user_privacy FROM `" . PREFIX . "_users` WHERE user_id = '{$for_user_id}'"); if ($row) { //Приватность $user_privacy = xfieldsdataload($row['user_privacy']); //ЧС $CheckBlackList = CheckBlackList($for_user_id); //Проверка естьли запрашиваемый юзер в друзьях у юзера который смотрит стр if ($user_privacy['val_msg'] == 2) { $check_friend = CheckFriends($for_user_id);
case "create_ads": //top tabs bar $tpl->load_template('ads/ads_top.tpl'); $tpl->set('[create_ads]', ''); $tpl->set('[/create_ads]', ''); $tpl->set_block("'\\[ads_view_all\\](.*?)\\[/ads_view_all\\]'si", ""); $tpl->set_block("'\\[ads_view_my\\](.*?)\\[/ads_view_my\\]'si", ""); $tpl->compile('info'); $tpl->load_template('ads/ads_create.tpl'); $tpl->compile('content'); break; //Записываем все данные в базу данных //Записываем все данные в базу данных case "add_ads": $title = ajax_utf8(textFilter($_POST['title'])); $description = ajax_utf8(textFilter($_POST['description'])); $link_photos = textFilter2($_POST['link_photos']); $link_site = textFilter2($_POST['link_site']); $category = numFilter2($_POST['category']); $transitions = numFilter2($_POST['transitions']); $ubalance = $db->super_query("SELECT user_balance FROM `" . PREFIX . "_users` WHERE user_id = '{$user_id}'"); if ($transitions <= $ubalance['user_balance']) { if ($title and $link_photos and $link_site and $transitions and $description) { $db->query("INSERT INTO `" . PREFIX . "_ads` SET settings = '{$title}', description = '{$description}', links = '{$link_site}', link = '{$link_photos}', category = '{$category}', views = '{$transitions}', user_id = '{$user_id}'"); $db->query("UPDATE `" . PREFIX . "_users` SET user_balance=user_balance-'{$transitions}' WHERE user_id='{$user_id}'"); echo '1'; } else { echo '2'; } } else { echo '3';