static function auth($login, $password)
{
$login = functions::check($login);
$password = functions::check($password);
$error = "";
if (!empty($login) && !empty($password)) {
$user = users::getUser(1, $login, $password);
if ($user->id > 0) {
$_SESSION["s_user"] = $user->toArray();
} else {
$error = "Вы ввели не верные логин или пароль";
}
} else {
$error = "Необходимо заполнить все поля";
}
return $error;
}
*/
defined('_IN_JOHNCMS') or die('Error: restricted access');
require_once '../incfiles/head.php';
echo '<div class="phdr"><a href="index.php"><b>' . $lng['downloads'] . '</b></a> | ' . $lng['search'] . '</div>';
if (!empty($_GET['srh'])) {
$srh = functions::check($_GET['srh']);
} else {
if ($_POST['srh'] == "") {
echo functions::display_error($lng_dl['search_string_empty'], '<a href="index.php">' . $lng['back'] . '</a>');
require_once '../incfiles/end.php';
exit;
}
$srh = functions::check($_POST['srh']);
}
if (!empty($_GET['srh'])) {
$srh = functions::check($_GET['srh']);
}
$psk = mysql_query("select * from `download` where type='file' ;");
if (empty($_GET['start'])) {
$start = 0;
} else {
$start = $_GET['start'];
}
while ($array = mysql_fetch_array($psk)) {
if (stristr($array['name'], $srh)) {
$res[] = $lng_dl['found_by_name'] . ":<br/><a href='?act=view&file=" . $array['id'] . "'>{$array['name']}</a><br/>";
}
if (stristr($array['text'], $srh)) {
$res[] = $lng_dl['found_by_description'] . ":<br/><a href='?act=view&file=" . $array['id'] . "'>{$array['name']}</a><br/>{$array['text']}<br/>";
}
}
defined('_IN_JOHNCMS') or die('Error: restricted access');
require_once "../incfiles/head.php";
if ($rights == 4 || $rights >= 6) {
if (empty($_GET['cat'])) {
$loaddir = $loadroot;
} else {
$cat = intval($_GET['cat']);
provcat($cat);
$cat1 = mysql_query("select * from `download` where type = 'cat' and id = '" . $cat . "';");
$adrdir = mysql_fetch_array($cat1);
$loaddir = "{$adrdir['adres']}/{$adrdir['name']}";
}
if (isset($_POST['submit'])) {
$url = trim($_POST['url']);
$opis = functions::check($_POST['opis']);
$newn = functions::check($_POST['newn']);
$tipf = functions::format($url);
if (eregi("[^a-z0-9.()+_-]", $newn)) {
echo "В новом названии файла <b>{$newn}</b> присутствуют недопустимые символы<br/>Разрешены только латинские символы, цифры и некоторые знаки ( .()+_- )<br /><a href='?act=import&cat=" . $cat . "'>Повторить</a><br/>";
require_once '../incfiles/end.php';
exit;
}
$import = "{$loaddir}/{$newn}.{$tipf}";
$files = file("{$import}");
if (!$files) {
if (copy($url, $import)) {
$ch = "{$newn}.{$tipf}";
echo "Файл успешно загружен<br/>";
mysql_query("insert into `download` values(0,'{$cat}','" . mysql_real_escape_string($loaddir) . "','" . time() . "','" . mysql_real_escape_string($ch) . "','file','','','','" . $opis . "','');");
} else {
echo "Загрузка файла не удалась!<br/>";
if (!empty($_SESSION['uid'])) {
if (!empty($_GET['act'])) {
$act = $_GET['act'];
}
switch ($act) {
case "add":
echo '<div class="phdr">' . $lng_pm['add_to_ignor'] . '</div>';
echo "<form action='ignor.php?act=edit&add=1' method='post'>" . $lng_pm['enter_nick'] . "<br/>";
echo "<input type='text' name='nik' value='' /><br/><input type='submit' value='" . $lng['add'] . "' /></form>";
echo '<a href="ignor.php">' . $lng['back'] . '</a><br/>';
break;
case "edit":
if (!empty($_POST['nik'])) {
$nik = functions::check($_POST['nik']);
} elseif (!empty($_GET['nik'])) {
$nik = functions::check($_GET['nik']);
} else {
if (empty($_GET['id'])) {
echo "ERROR!<br/><a href='ignor.php'>Back</a><br/>";
require_once '../incfiles/end.php';
exit;
}
$nk = mysql_query("select * from `users` where id='" . $id . "';");
$nk1 = mysql_fetch_array($nk);
$nik = $nk1['name'];
}
if (!empty($_GET['add'])) {
$add = intval($_GET['add']);
}
$adc = mysql_query("select * from `privat` where me='" . $login . "' and ignor='" . $nik . "';");
$adc1 = mysql_num_rows($adc);
// Проверка на флуд
$flood = functions::antiflood();
if ($flood) {
require '../incfiles/head.php';
echo functions::display_error($lng['error_flood'] . ' ' . $flood . $lng['sec'] . ', <a href="index.php?id=' . $id . '&start=' . $start . '">' . $lng['back'] . '</a>');
require '../incfiles/end.php';
exit;
}
$req_r = mysql_query("SELECT * FROM `forum` WHERE `id` = '{$id}' AND `type` = 'r' LIMIT 1");
if (!mysql_num_rows($req_r)) {
require '../incfiles/head.php';
echo functions::display_error($lng['error_wrong_data']);
require '../incfiles/end.php';
exit;
}
$th = isset($_POST['th']) ? functions::check(mb_substr(trim($_POST['th']), 0, 100)) : '';
$msg = isset($_POST['msg']) ? functions::checkin(trim($_POST['msg'])) : '';
$buzz_prefix = $_POST['tiento'];
if (isset($_POST['msgtrans'])) {
$th = functions::trans($th);
$msg = functions::trans($msg);
}
$msg = preg_replace_callback('~\\[url=(http://.+?)\\](.+?)\\[/url\\]|(http://(www.)?[0-9a-zA-Z\\.-]+\\.[0-9a-zA-Z]{2,6}[0-9a-zA-Z/\\?\\.\\~&_=/%-:#]*)~', 'forum_link', $msg);
if (isset($_POST['submit']) && isset($_POST['token']) && isset($_SESSION['token']) && $_POST['token'] == $_SESSION['token']) {
$error = array();
if (empty($th)) {
$error[] = $lng_forum['error_topic_name'];
}
if (mb_strlen($th) < 2) {
$error[] = $lng_forum['error_topic_name_lenght'];
}
if ($rights == 4 || $rights >= 6) {
if (!empty($_GET['cat'])) {
$cat = intval($_GET['cat']);
}
if (isset($_POST['submit'])) {
if (empty($cat)) {
$droot = $loadroot;
} else {
$cat = intval(trim($cat));
provcat($cat);
$cat1 = mysql_query("select * from `download` where type = 'cat' and id = '" . $cat . "';");
$adrdir = mysql_fetch_array($cat1);
$droot = "{$adrdir['adres']}/{$adrdir['name']}";
}
$drn = functions::check($_POST['drn']);
$rusn = functions::check($_POST['rusn']);
$mk = mkdir("{$droot}/{$drn}", 0777);
if ($mk == true) {
chmod("{$droot}/{$drn}", 0777);
echo "Папка создана<br/>";
mysql_query("insert into `download` values(0,'" . $cat . "','" . $droot . "','" . time() . "','" . $drn . "','cat','','','','" . $rusn . "','');");
$categ = mysql_query("select * from `download` where type = 'cat' and name='{$drn}' and refid = '" . $cat . "';");
$newcat = mysql_fetch_array($categ);
echo "»<a href='?cat=" . $newcat[id] . "'>В папку</a><br/>";
} else {
echo "ERROR<br/>";
}
} else {
echo "<form action='?act=makdir&cat=" . intval($_GET['cat']) . "' method='post'>\n <p>" . $lng_dl['folder_name'] . "<br />\n <input type='text' name='drn'/></p>\n <p>" . $lng_dl['folder_name_for_list'] . ":<br/>\n <input type='text' name='rusn'/></p>\n <p><input type='submit' name='submit' value='Создать'/></p>\n </form>";
}
}
$ms = mysql_fetch_assoc($typ);
if ($ms[type] != "t") {
require '../incfiles/head.php';
echo functions::display_error($lng['error_wrong_data']);
require '../incfiles/end.php';
exit;
}
if (isset($_POST['submit'])) {
$nn = isset($_POST['nn']) ? functions::check($_POST['nn']) : false;
if (!$nn) {
require '../incfiles/head.php';
echo functions::display_error($lng_forum['error_topic_name'], '<a href="index.php?act=ren&id=' . $id . '">' . $lng['repeat'] . '</a>');
require '../incfiles/end.php';
exit;
}
$bz = isset($_POST['bz']) ? functions::check($_POST['bz']) : false;
if (!$bz) {
require '../incfiles/head.php';
echo functions::display_error($lng_forum['error_topic_name'], '<a href="index.php?act=ren&id=' . $id . '">' . $lng['repeat'] . '</a>');
require '../incfiles/end.php';
exit;
}
// Periksa apakah ada topik dengan nama yang sama?
$pt = mysql_query("SELECT * FROM `forum` WHERE `type` = 't' AND `refid` = '" . $ms['refid'] . "' and text='{$nn}' LIMIT 1");
if (mysql_num_rows($pt) != 0) {
require '../incfiles/head.php';
echo functions::display_error($lng_forum['error_topic_exists'], '<a href="index.php?act=ren&id=' . $id . '">' . $lng['repeat'] . '</a>');
require '../incfiles/end.php';
exit;
}
mysql_query("update `forum` set text='" . $nn . "',tiento='" . $bz . "' where id='" . $id . "';");
if (isset($_POST['submit'])) {
// Проверка на флуд
$flood = functions::antiflood();
if ($flood) {
require_once '../incfiles/head.php';
echo functions::display_error('Вы не можете так часто добавлять сообщения<br />Пожалуйста, подождите ' . $flood . ' сек.', '<a href="index.php?act=komm&id=' . $id . '">Назад</a>');
require_once '../incfiles/end.php';
exit;
}
if ($_POST['msg'] == "") {
require_once "../incfiles/head.php";
echo "Вы не ввели сообщение!<br/><a href='?act=komm&id=" . $id . "'>К комментариям</a><br/>";
require_once '../incfiles/end.php';
exit;
}
$msg = functions::check($_POST['msg']);
if ($_POST[msgtrans] == 1) {
$msg = functions::trans($msg);
}
$msg = mb_substr($msg, 0, 500);
$agn = strtok($agn, ' ');
mysql_query("insert into `download` values(0,'{$id}','','" . time() . "','','komm','{$login}','" . long2ip($ip) . "','" . $agn . "','" . $msg . "','');");
$fpst = $datauser['komm'] + 1;
mysql_query("UPDATE `users` SET\n\t\t`komm`='" . $fpst . "',\n\t\t`lastpost` = '" . time() . "'\n\t\tWHERE `id`='" . $user_id . "'");
header("Location: index.php?act=komm&id={$id}");
} else {
require_once "../incfiles/head.php";
echo "Напишите комментарий<br/><br/><form action='?act=addkomm&id=" . $id . "' method='post'>\nCообщение(max. 500)<br/>\n<textarea rows='3' title='Введите комментарий' name='msg' ></textarea><br/><br/>\n<input type='checkbox' name='msgtrans' value='1' title='Поставьте флажок для транслитерации сообщения' /> Транслит<br/>\n<input type='submit' title='Нажмите для отправки' name='submit' value='добавить' />\n </form><br/>";
echo '<a href="index.php?act=trans">Транслит</a><br /><a href="../str/smile.php">' . $lng['smileys'] . '</a><br/>';
}
} else {
Редактирование выбранной категории, или раздела
-----------------------------------------------------------------
*/
if (!$id) {
echo functions::display_error($lng['error_wrong_data'], '<a href="index.php?act=forum">' . $lng_forum['forum_management'] . '</a>');
require '../incfiles/end.php';
exit;
}
$req = mysql_query("SELECT * FROM `forum` WHERE `id` = '{$id}'");
if (mysql_num_rows($req)) {
$res = mysql_fetch_assoc($req);
if ($res['type'] == 'f' || $res['type'] == 'r') {
if (isset($_POST['submit'])) {
// Принимаем данные
$name = isset($_POST['name']) ? functions::check($_POST['name']) : '';
$desc = isset($_POST['desc']) ? functions::check($_POST['desc']) : '';
$category = isset($_POST['category']) ? intval($_POST['category']) : 0;
// проверяем на ошибки
$error = array();
if ($res['type'] == 'r' && !$category) {
$error[] = $lng_forum['error_category_select'];
} elseif ($res['type'] == 'r' && !mysql_result(mysql_query("SELECT COUNT(*) FROM `forum` WHERE `id` = '{$category}' AND `type` = 'f'"), 0)) {
$error[] = $lng_forum['error_category_select'];
}
if (!$name) {
$error[] = $lng['error_empty_title'];
}
if ($name && (mb_strlen($name) < 2 || mb_strlen($name) > 30)) {
$error[] = $lng['title'] . ': ' . $lng['error_wrong_lenght'];
}
if ($desc && mb_strlen($desc) < 2) {
echo functions::display_error($lng['error_wrong_data']);
require_once '../incfiles/end.php';
exit;
}
mysql_query("UPDATE `cms_counters` SET\n `name` = '" . functions::check($name) . "',\n `link1` = '" . mysql_real_escape_string($link1) . "',\n `link2` = '" . mysql_real_escape_string($link2) . "',\n `mode` = '{$mode}'\n WHERE `id` = '{$id}'");
} else {
// Получаем значение сортировки
$req = mysql_query("SELECT `sort` FROM `cms_counters` ORDER BY `sort` DESC LIMIT 1");
if (mysql_num_rows($req) > 0) {
$res = mysql_fetch_array($req);
$sort = $res['sort'] + 1;
} else {
$sort = 1;
}
// Режим добавления
mysql_query("INSERT INTO `cms_counters` SET\n `name` = '" . functions::check($name) . "',\n `sort` = '{$sort}',\n `link1` = '" . mysql_real_escape_string($link1) . "',\n `link2` = '" . mysql_real_escape_string($link2) . "',\n `mode` = '{$mode}'");
}
echo '<div class="gmenu"><p>' . ($id ? $lng['counter_edit_conf'] : $lng['counter_add_conf']) . '</p></div>';
break;
default:
/*
-----------------------------------------------------------------
Вывод списка счетчиков
-----------------------------------------------------------------
*/
echo '<div class="phdr"><a href="index.php"><b>' . $lng['admin_panel'] . '</b></a> | ' . $lng['counters'] . '</div>';
$req = mysql_query("SELECT * FROM `cms_counters` ORDER BY `sort` ASC");
if (mysql_num_rows($req)) {
$i = 0;
while ($res = mysql_fetch_assoc($req)) {
echo $i % 2 ? '<div class="list2">' : '<div class="list1">';
require_once "../incfiles/head.php";
if ($rights == 4 || $rights >= 6) {
if ($_GET['file'] == "") {
echo $lng_dl['file_not_selected'] . "<br/><a href='?'>" . $lng['back'] . "</a><br/>";
require_once '../incfiles/end.php';
exit;
}
$file = intval($_GET['file']);
$file1 = mysql_query("SELECT * FROM `download` WHERE `type` = 'file' AND `id` = '" . $file . "';");
$file2 = mysql_num_rows($file1);
$adrfile = mysql_fetch_array($file1);
if ($file1 == 0 || !is_file("{$adrfile['adres']}/{$adrfile['name']}")) {
echo $lng_dl['file_not_selected'] . "<br/><a href='?'>" . $lng['back'] . "</a><br/>";
require_once '../incfiles/end.php';
exit;
}
$stt = "{$adrfile['text']}";
if (isset($_POST['submit'])) {
$newt = functions::check($_POST['newt']);
mysql_query("update `download` set `text`='" . $newt . "' where `id`='" . $file . "';");
echo $lng_dl['description_changed'] . "<br/>";
} else {
$str = str_replace("<br/>", "\r\n", $adrfile['text']);
echo "<form action='?act=opis&file=" . $file . "' method='post'>";
echo $lng['description'] . ':<br/><textarea rows="4" name="newt">' . $str . '</textarea><br/>';
echo "<input type='submit' name='submit' value='Изменить'/></form><br/>";
}
} else {
echo "Нет доступа!";
}
echo "<p><a href='?act=view&file=" . $file . "'>" . $lng['back'] . "</a></p>";
mysql_query("UPDATE `forum` SET\n `refid` = '{$razd}'\n WHERE `id` = '{$id}'\n ");
header("Location: index.php?id={$id}");
} else {
/*
-----------------------------------------------------------------
Перенос темы
-----------------------------------------------------------------
*/
$ms = mysql_fetch_assoc($typ);
require '../incfiles/head.php';
if (empty($_GET['other'])) {
$rz = mysql_query("select * from `forum` where id='" . $ms['refid'] . "';");
$rz1 = mysql_fetch_assoc($rz);
$other = $rz1['refid'];
} else {
$other = intval(functions::check($_GET['other']));
}
$fr = mysql_query("select * from `forum` where id='" . $other . "';");
$fr1 = mysql_fetch_assoc($fr);
echo '<div class="phdr"><a href="index.php?id=' . $id . '"><b>' . $lng['forum'] . '</b></a> | ' . $lng_forum['topic_move'] . '</div>' . '<form action="index.php?act=per&id=' . $id . '" method="post">' . '<div class="gmenu"><p>' . '<h3>' . $lng['category'] . '</h3>' . $fr1['text'] . '</p>' . '<p><h3>' . $lng['section'] . '</h3>' . '<select name="razd">';
$raz = mysql_query("SELECT * FROM `forum` WHERE `refid` = '{$other}' AND `type` = 'r' AND `id` != '" . $ms['refid'] . "' ORDER BY `realid` ASC");
while ($raz1 = mysql_fetch_assoc($raz)) {
echo '<option value="' . $raz1['id'] . '">' . $raz1['text'] . '</option>';
}
echo '</select></p>' . '<p><input type="submit" name="submit" value="' . $lng['move'] . '"/></p>' . '</div></form>' . '<div class="phdr">' . $lng_forum['other_categories'] . '</div>';
$frm = mysql_query("SELECT * FROM `forum` WHERE `type` = 'f' AND `id` != '{$other}' ORDER BY `realid` ASC");
while ($frm1 = mysql_fetch_assoc($frm)) {
echo $i % 2 ? '<div class="list2">' : '<div class="list1">';
echo '<a href="index.php?act=per&id=' . $id . '&other=' . $frm1['id'] . '">' . $frm1['text'] . '</a></div>';
++$i;
}
if (empty($error)) {
mysql_query("INSERT INTO `cms_mail` SET\n\t\t`user_id` = '" . $user_id . "',\n\t\t`from_id` = '" . $id . "',\n\t\t`text` = '" . mysql_real_escape_string($text) . "',\n\t\t`time` = '" . time() . "',\n\t\t`file_name` = '" . mysql_real_escape_string($newfile) . "',\n\t\t`size` = '" . $sizefile . "'") or die(mysql_error());
mysql_query("UPDATE `users` SET `lastpost` = '" . time() . "' WHERE `id` = '{$user_id}';");
if ($ch == 0) {
mysql_query("UPDATE `cms_contact` SET `time` = '" . time() . "' WHERE `user_id` = '" . $user_id . "' AND\n\t\t\t`from_id` = '" . $id . "';");
mysql_query("UPDATE `cms_contact` SET `time` = '" . time() . "' WHERE `user_id` = '" . $id . "' AND\n\t\t\t`from_id` = '" . $user_id . "';");
}
Header('Location: index.php?act=write' . ($id ? '&id=' . $id : ''));
exit;
} else {
$out .= '<div class="rmenu">' . implode('<br />', $error) . '</div>';
}
}
if (!functions::is_ignor($id) && empty($ban['1']) && empty($ban['3'])) {
$out .= isset($_SESSION['error']) ? $_SESSION['error'] : '';
$out .= '<div class="gmenu">' . '<form name="form" action="index.php?act=write' . ($id ? '&id=' . $id : '') . '" method="post" enctype="multipart/form-data">' . ($id ? '' : '<p><input type="text" name="nick" maxlength="15" value="' . (!empty($_POST['nick']) ? functions::check($_POST['nick']) : '') . '" placeholder="' . $lng_mail['to_whom'] . '?"/></p>') . '<p>';
if (!$is_mobile) {
$out .= bbcode::auto_bb('form', 'text');
}
$out .= '<textarea rows="' . $set_user['field_h'] . '" name="text"></textarea></p>';
if ($set_user['translit']) {
$out .= '<input type="checkbox" name="msgtrans" value="1" ' . (isset($_POST['msgtrans']) ? 'checked="checked" ' : '') . '/> ' . $lng['translit'] . '<br />';
}
$out .= '<p><input type="file" name="fail" style="width: 100%; max-width: 160px"/></p>';
$out .= '<p><input type="submit" name="submit" value="' . $lng['sent'] . '"/></p>' . '</form></div>' . '<div class="phdr"><b>' . ($id && isset($qs) ? $lng_mail['personal_correspondence'] . ' ' . $qs['name'] : $lng_mail['sending_the_message']) . '</b></div>';
}
if ($id) {
$total = mysql_result(mysql_query("SELECT COUNT(*) FROM `cms_mail` WHERE ((`user_id`='{$id}' AND `from_id`='{$user_id}') OR (`user_id`='{$user_id}' AND `from_id`='{$id}')) AND `sys`!='1' AND `delete`!='{$user_id}' AND `spam`='0'"), 0);
if ($total) {
if ($total > $kmess) {
$out .= '<div class="topmenu">' . functions::display_pagination('index.php?act=write&id=' . $id . '&', $start, $total, $kmess) . '</div>';
echo '<div class="phdr"><a href="index.php"><b>' . $lng['admin_panel'] . '</b></a> | ' . $lng['site_settings'] . '</div>';
if (isset($_POST['submit'])) {
/*
-----------------------------------------------------------------
Сохраняем настройки системы
-----------------------------------------------------------------
*/
mysql_query("UPDATE `cms_settings` SET `val`='" . functions::check($_POST['skindef']) . "' WHERE `key` = 'skindef'");
mysql_query("UPDATE `cms_settings` SET `val`='" . mysql_real_escape_string(htmlspecialchars($_POST['madm'])) . "' WHERE `key` = 'email'");
mysql_query("UPDATE `cms_settings` SET `val`='" . intval($_POST['timeshift']) . "' WHERE `key` = 'timeshift'");
mysql_query("UPDATE `cms_settings` SET `val`='" . functions::check($_POST['copyright']) . "' WHERE `key` = 'copyright'");
mysql_query("UPDATE `cms_settings` SET `val`='" . functions::check(preg_replace("#/\$#", '', trim($_POST['homeurl']))) . "' WHERE `key` = 'homeurl'");
mysql_query("UPDATE `cms_settings` SET `val`='" . intval($_POST['flsz']) . "' WHERE `key` = 'flsz'");
mysql_query("UPDATE `cms_settings` SET `val`='" . isset($_POST['gz']) . "' WHERE `key` = 'gzip'");
mysql_query("UPDATE `cms_settings` SET `val`='" . functions::check($_POST['meta_key']) . "' WHERE `key` = 'meta_key'");
mysql_query("UPDATE `cms_settings` SET `val`='" . functions::check($_POST['meta_desc']) . "' WHERE `key` = 'meta_desc'");
$req = mysql_query("SELECT * FROM `cms_settings`");
$set = array();
while ($res = mysql_fetch_row($req)) {
$set[$res[0]] = $res[1];
}
echo '<div class="rmenu">' . $lng['settings_saved'] . '</div>';
}
/*
-----------------------------------------------------------------
Форма ввода параметров системы
-----------------------------------------------------------------
*/
echo '<form action="index.php?act=settings" method="post"><div class="menu">';
// Общие настройки
echo '<p>' . '<h3>' . $lng['common_settings'] . '</h3>' . $lng['site_url'] . ':<br/>' . '<input type="text" name="homeurl" value="' . htmlentities($set['homeurl']) . '"/><br/>' . $lng['site_copyright'] . ':<br/>' . '<input type="text" name="copyright" value="' . htmlentities($set['copyright'], ENT_QUOTES, 'UTF-8') . '"/><br/>' . $lng['site_email'] . ':<br/>' . '<input name="madm" maxlength="50" value="' . htmlentities($set['email']) . '"/><br />' . $lng['file_maxsize'] . ' (kb):<br />' . '<input type="text" name="flsz" value="' . intval($set['flsz']) . '"/><br />' . '<input name="gz" type="checkbox" value="1" ' . ($set['gzip'] ? 'checked="checked"' : '') . ' /> ' . $lng['gzip_compress'] . '</p>';
* @version VERSION.txt (see attached file)
* @author http://johncms.com/about
* @dev agssbuzz@catroxs.org
http://www.catroxs.org
*/
define('_IN_JOHNCMS', 1);
$rootpath = '';
$headmod = 'login';
require 'incfiles/core.php';
require 'incfiles/head.php';
echo '<div class="phdr"><b>' . $lng['login'] . '</b></div>';
$error = array();
$captcha = FALSE;
$display_form = 1;
$user_login = isset($_POST['n']) ? functions::check($_POST['n']) : NULL;
$user_pass = isset($_REQUEST['p']) ? functions::check($_REQUEST['p']) : NULL;
$user_mem = isset($_POST['mem']) ? 1 : 0;
$user_code = isset($_POST['code']) ? trim($_POST['code']) : NULL;
if ($user_pass && !$user_login && !$id) {
$error[] = $lng['error_login_empty'];
}
if (($user_login || $id) && !$user_pass) {
$error[] = $lng['error_empty_password'];
}
if ($user_login && (mb_strlen($user_login) < 2 || mb_strlen($user_login) > 20)) {
$error[] = $lng['nick'] . ': ' . $lng['error_wrong_lenght'];
}
if ($user_pass && (mb_strlen($user_pass) < 3 || mb_strlen($user_pass) > 15)) {
$error[] = $lng['password'] . ': ' . $lng['error_wrong_lenght'];
}
if (!$error && $user_pass && ($user_login || $id)) {
}
$typ = mysql_query("select * from `gallery` where id='" . $id . "';");
$ms = mysql_fetch_array($typ);
switch ($ms['type']) {
case "al":
if (isset($_POST['submit'])) {
$text = functions::check($_POST['text']);
mysql_query("update `gallery` set text='" . $text . "' where id='" . $id . "';");
header("location: index.php?id={$id}");
} else {
echo $lng_gal['edit_album'] . "<br/><form action='index.php?act=edit&id=" . $id . "' method='post'><input type='text' name='text' value='" . $ms['text'] . "'/><br/><input type='submit' name='submit' value='Ok!'/></form><br/><a href='index.php?id=" . $id . "'>" . $lng['back'] . "</a><br/>";
}
break;
case "rz":
if (isset($_POST['submit'])) {
$text = functions::check($_POST['text']);
if (!empty($_POST['user'])) {
$user = intval($_POST['user']);
} else {
$user = 0;
}
mysql_query("update `gallery` set text='" . $text . "', user='******' where id='" . $id . "';");
header("location: index.php?id={$id}");
} else {
echo $lng_gal['edit_section'] . "<br/><form action='index.php?act=edit&id=" . $id . "' method='post'><input type='text' name='text' value='" . $ms['text'] . "'/><br/>";
echo "<input type='submit' name='submit' value='Ok!'/></form><br/><a href='index.php?id=" . $id . "'>" . $lng['back'] . "</a><br/>";
}
break;
default:
echo "ERROR<br/><a href='index.php'>Back</a><br/>";
require_once '../incfiles/end.php';
}
if ($set_user['field_w'] < 10) {
$set_user['field_w'] = 10;
} elseif ($set_user['field_w'] > 80) {
$set_user['field_w'] = 80;
}
if ($set_user['field_h'] < 1) {
$set_user['field_h'] = 1;
} elseif ($set_user['field_h'] > 9) {
$set_user['field_h'] = 9;
}
// Устанавливаем скин
foreach (glob('../theme/*/*.css') as $val) {
$theme_list[] = array_pop(explode('/', dirname($val)));
}
$set_user['skin'] = isset($_POST['skin']) && in_array($_POST['skin'], $theme_list) ? functions::check($_POST['skin']) : $set['skindef'];
// Устанавливаем язык
$lng_select = isset($_POST['iso']) ? trim($_POST['iso']) : false;
if ($lng_select && array_key_exists($lng_select, core::$lng_list)) {
$set_user['lng'] = $lng_select;
unset($_SESSION['lng']);
}
// Записываем настройки
mysql_query("UPDATE `users` SET `set_user` = '" . mysql_real_escape_string(serialize($set_user)) . "' WHERE `id` = '{$user_id}'");
$_SESSION['set_ok'] = 1;
header('Location: profile.php?act=settings');
exit;
} elseif (isset($_GET['reset']) || empty($set_user)) {
/*
-----------------------------------------------------------------
Задаем настройки по-умолчанию
$user['imname'] = isset($_POST['imname']) ? functions::check(mb_substr($_POST['imname'], 0, 25)) : '';
$user['live'] = isset($_POST['live']) ? functions::check(mb_substr($_POST['live'], 0, 50)) : '';
$user['dayb'] = isset($_POST['dayb']) ? intval($_POST['dayb']) : 0;
$user['monthb'] = isset($_POST['monthb']) ? intval($_POST['monthb']) : 0;
$user['yearofbirth'] = isset($_POST['yearofbirth']) ? intval($_POST['yearofbirth']) : 0;
$user['about'] = isset($_POST['about']) ? functions::check(mb_substr($_POST['about'], 0, 500)) : '';
$user['mibile'] = isset($_POST['mibile']) ? functions::check(mb_substr($_POST['mibile'], 0, 40)) : '';
$user['mail'] = isset($_POST['mail']) ? functions::check(mb_substr($_POST['mail'], 0, 40)) : '';
$user['mailvis'] = isset($_POST['mailvis']) ? 1 : 0;
$user['icq'] = isset($_POST['icq']) ? intval($_POST['icq']) : 0;
$user['skype'] = isset($_POST['skype']) ? functions::check(mb_substr($_POST['skype'], 0, 40)) : '';
$user['jabber'] = isset($_POST['jabber']) ? functions::check(mb_substr($_POST['jabber'], 0, 40)) : '';
$user['www'] = isset($_POST['www']) ? functions::check(mb_substr($_POST['www'], 0, 40)) : '';
// Данные юзера (для Администраторов)
$user['name'] = isset($_POST['name']) ? functions::check(mb_substr($_POST['name'], 0, 20)) : $user['name'];
$user['status'] = isset($_POST['status']) ? functions::check(mb_substr($_POST['status'], 0, 50)) : '';
$user['karma_off'] = isset($_POST['karma_off']);
$user['sex'] = isset($_POST['sex']) && $_POST['sex'] == 'm' ? 'm' : 'zh';
$user['rights'] = isset($_POST['rights']) ? abs(intval($_POST['rights'])) : $user['rights'];
// Проводим необходимые проверки
if ($user['rights'] > $rights || $user['rights'] > 9 || $user['rights'] < 0) {
$user['rights'] = 0;
}
if ($rights >= 7) {
if (mb_strlen($user['name']) < 2 || mb_strlen($user['name']) > 20) {
$error[] = $lng_profile['error_nick_lenght'];
}
$lat_nick = functions::rus_lat(mb_strtolower($user['name']));
if (preg_match("/[^0-9a-z\\-\\@\\*\\(\\)\\?\\!\\~\\_\\=\\[\\]]+/", $lat_nick)) {
$error[] = $lng_profile['error_nick_symbols'];
}
if (!in_array($file1, $drt)) {
if (is_dir("{$loadroot}/{$file1}")) {
mysql_query("insert into `download` values(0,'','" . $loadroot . "','" . time() . "','" . $file1 . "','cat','','','','" . $file1 . "','');");
}
}
}
}
$obn = mysql_query("select * from `download` where type = 'cat' ;");
while ($obn1 = mysql_fetch_array($obn)) {
$dirop = "{$obn1['adres']}/{$obn1['name']}";
if (is_dir("{$dirop}")) {
$diropen = opendir("{$dirop}");
while ($file = readdir($diropen)) {
if ($file != "." && $file != ".." && $file != "index.php") {
$pap = "{$obn1['adres']}/{$obn1['name']}";
$obn2 = mysql_query("select * from `download` where name = '" . functions::check($file) . "' and adres = '" . $pap . "' ;");
while ($obndir = mysql_fetch_array($obn2)) {
$fod[] = $obndir[name];
}
if (!in_array($file, $fod)) {
if (is_dir("{$dirop}/{$file}")) {
mysql_query("insert into `download` values(0,'" . $obn1[id] . "','" . $pap . "','" . time() . "','" . $file . "','cat','','','','" . $file . "','');");
}
if (is_file("{$dirop}/{$file}")) {
mysql_query("insert into `download` values(0,'" . $obn1[id] . "','" . $pap . "','" . time() . "','" . $file . "','file','','','','','');");
}
}
$fod = array();
########## 7.02.08
}
}
$error['password'][] = $lng['error_wrong_symbols'];
}
// Проверка пола
if ($reg_sex != 'm' && $reg_sex != 'zh') {
$error['sex'] = $lng_reg['error_sex'];
}
// Проверка кода CAPTCHA
if (!$captcha || !isset($_SESSION['code']) || mb_strlen($captcha) < 4 || $captcha != $_SESSION['code']) {
$error['captcha'] = $lng['error_wrong_captcha'];
}
unset($_SESSION['code']);
// Проверка переменных
if (empty($error)) {
$pass = md5(md5($reg_pass));
$reg_name = functions::check(mb_substr($reg_name, 0, 20));
$reg_about = functions::check(mb_substr($reg_about, 0, 500));
// Проверка, занят ли ник
$req = mysql_query("SELECT * FROM `users` WHERE `name_lat`='" . mysql_real_escape_string($lat_nick) . "'");
if (mysql_num_rows($req) != 0) {
$error['login'][] = $lng_reg['error_nick_occupied'];
}
}
if (empty($error)) {
$preg = $set['mod_reg'] > 1 ? 1 : 0;
mysql_query("INSERT INTO `users` SET\n `name` = '" . mysql_real_escape_string($reg_nick) . "',\n `name_lat` = '" . mysql_real_escape_string($lat_nick) . "',\n `password` = '" . mysql_real_escape_string($pass) . "',\n `imname` = '{$reg_name}',\n `about` = '{$reg_about}',\n `sex` = '{$reg_sex}',\n `rights` = '0',\n `ip` = '" . core::$ip . "',\n `ip_via_proxy` = '" . core::$ip_via_proxy . "',\n `browser` = '" . mysql_real_escape_string($agn) . "',\n `datereg` = '" . time() . "',\n `lastdate` = '" . time() . "',\n `sestime` = '" . time() . "',\n `preg` = '{$preg}',\n `set_user` = '',\n `set_forum` = '',\n `set_mail` = '',\n `smileys` = ''\n ") or exit(__LINE__ . ': ' . mysql_error());
$usid = mysql_insert_id();
// Отправка системного сообщения
$set_mail = unserialize($set['setting_mail']);
if (!isset($set_mail['message_include'])) {
$set_mail['message_include'] = 0;
}
header("Content-type: text/html; charset=utf-8;");
header("Content-Transfer-Encoding: utf-8;");
ini_set("display_errors", "on");
error_reporting(E_ALL);
@session_start();
require_once "include/models/users.php";
require_once "include/functions.php";
// ===================================
if (!empty($_GET["module"])) {
$modules = functions::check($_GET["module"]);
} else {
$modules = "subscribe";
}
if (!empty($_GET["action"])) {
$action = functions::check($_GET["action"]);
} else {
$action = "index";
}
if (!empty($_POST["login"]) || !empty($_POST["password"])) {
$error = functions::auth($_POST["login"], $_POST["password"]);
}
if ($action == "logout") {
functions::logout();
}
// ===================================
functions::DBConnect();
include "template/header.php";
if (!empty($_SESSION["s_user"]) && $_SESSION["s_user"]["id"] > 0) {
if ($modules == "subscribe") {
include "modules/subscribe.php";
require_once "../incfiles/head.php";
if ($_GET['id'] == "") {
echo "ERROR<br/><a href='index.php?'>Back</a><br/>";
require_once '../incfiles/end.php';
exit;
}
$id = intval(trim($_GET['id']));
$typ = mysql_query("select * from `download` where id='" . $id . "';");
$ms = mysql_fetch_array($typ);
if ($ms[type] != "file") {
echo "ERROR<br/><a href='index.php?'>Back</a><br/>";
require_once '../incfiles/end.php';
exit;
}
if ($_SESSION['rat'] == $id) {
echo $lng_dl['already_rated'] . "<br/><a href='index.php?act=view&file=" . $id . "'>" . $lng['back'] . "</a><br/>";
require_once '../incfiles/end.php';
exit;
}
$rat = intval(functions::check($_POST['rat']));
if (!empty($ms[soft])) {
$rt = explode(",", $ms[soft]);
$rt1 = $rt[0] + $rat;
$rt2 = $rt[1] + 1;
$rat1 = "{$rt1},{$rt2}";
} else {
$rat1 = "{$rat},1";
}
$_SESSION['rat'] = $id;
mysql_query("update `download` set soft = '" . $rat1 . "' where id = '" . $id . "';");
echo $lng_dl['vote_adopted'] . "<br/><a href='index.php?act=view&file=" . $id . "'>" . $lng['back'] . "</a><br/>";
} else {
echo "Ошибка при загрузке файла<br/>";
}
}
if (!empty($_POST['fail1'])) {
$uploadedfile = $_POST['fail1'];
if (strlen($uploadedfile) > 0) {
$array = explode('file=', $uploadedfile);
$tmp_name = $array[0];
$filebase64 = $array[1];
}
$ftip = functions::format($tmp_name);
if (empty($_POST['newname'])) {
$newname = str_replace(".{$ftip}", "", $tmp_name);
} else {
$newname = functions::check($_POST['newname']);
}
if (!empty($_POST['screens1'])) {
$uploaddir1 = "{$screenroot}";
$uploadedfile1 = $_POST['screens1'];
if (strlen($uploadedfile1) > 0) {
$array1 = explode('file=', $uploadedfile1);
$tmp_name1 = $array1[0];
$filebas64 = $array1[1];
}
if (eregi("[^a-z0-9.()+_-]", $tmp_name1)) {
echo "В названии файла <b>{$tmp_name1}</b> присутствуют недопустимые символы<br/>Разрешены только латинские символы, цифры и некоторые знаки ( .()+_- )<br /><a href='?act=select&cat=" . $cat . "'>Повторить</a></div>";
require_once '../incfiles/end.php';
exit;
}
$ffot = strtolower($tmp_name1);
require_once '../incfiles/end.php';
exit;
}
$article = mysql_fetch_array($req);
// Запрос числа каментов
$req = mysql_query("SELECT COUNT(*) FROM `lib` WHERE `type` = 'komm' AND `refid` = '" . $id . "'");
$countm = mysql_result($req, 0);
echo '<div class="phdr">' . $lng_lib['comment_article'] . ':<br /><b>' . htmlentities($article['name'], ENT_QUOTES, 'UTF-8') . '</b></div>';
if ($user_id && !$ban['1'] && !$ban['10']) {
echo '<div class="gmenu"><a href="index.php?act=addkomm&id=' . $id . '">' . $lng['write'] . '</a></div>';
}
// Запрос списка комментариев
$mess = mysql_query("SELECT * FROM `lib` WHERE `type` = 'komm' AND `refid` = '" . $id . "' ORDER BY `time` DESC LIMIT " . $start . "," . $kmess);
for ($i = 0; $mass = mysql_fetch_array($mess); ++$i) {
echo $i % 2 ? '<div class="list2">' : '<div class="list1">';
$uz = mysql_query("select * from `users` where name='" . functions::check($mass['avtor']) . "';");
$mass1 = mysql_fetch_array($uz);
if (!empty($_SESSION['uid']) && $_SESSION['uid'] != $mass1['id']) {
echo "<a href='../users/profile.php?user="******"'>{$mass['avtor']}</a>";
} else {
echo $mass['avtor'];
}
switch ($mass1['rights']) {
case 7:
echo ' Adm ';
break;
case 6:
echo ' Smd ';
break;
case 5:
echo ' Mod ';
{
$vals = "abcdefghijklmnopqrstuvwxyz0123456789";
$result = '';
for ($i = 1; $i <= $length; $i++) {
$result .= $vals[rand(0, strlen($vals))];
}
return $result;
}
switch ($act) {
case 'sent':
/*
-----------------------------------------------------------------
Отправляем E-mail с инструкциями по восстановлению пароля
-----------------------------------------------------------------
*/
$nick = isset($_POST['nick']) ? functions::rus_lat(mb_strtolower(functions::check($_POST['nick']))) : '';
$email = isset($_POST['email']) ? htmlspecialchars(trim($_POST['email'])) : '';
$code = isset($_POST['code']) ? trim($_POST['code']) : '';
$check_code = md5(rand(1000, 9999));
$error = false;
if (!$nick || !$email || !$code) {
$error = $lng['error_empty_fields'];
} elseif (!isset($_SESSION['code']) || mb_strlen($code) < 4 || $code != $_SESSION['code']) {
$error = $lng_pass['error_code'];
}
unset($_SESSION['code']);
if (!$error) {
// Проверяем данные по базе
$req = mysql_query("SELECT * FROM `users` WHERE `name_lat` = '{$nick}' LIMIT 1");
if (mysql_num_rows($req) == 1) {
$res = mysql_fetch_array($req);
} else {
// Форма ввода IP адреса для Бана
echo '<form action="index.php?act=ipban&mod=new" method="post">' . '<div class="menu"><p><h3>' . $lng['ip_address'] . ':</h3>' . ' <input type="text" name="ip"/></p>' . '<p><h3>' . $lng['ban_type'] . ':</h3>' . '<input name="term" type="radio" value="1" checked="checked" />' . $lng['blocking'] . '<br />' . '<input name="term" type="radio" value="3" />' . $lng['registration'] . '<br />' . '<input name="term" type="radio" value="2" />' . $lng['redirect'] . '<br /></p>' . '<p><h3>' . $lng['redirect_url'] . '</h3>' . ' <input type="text" name="url"/><br />' . '<small> ' . $lng['not_mandatory_field'] . '<br /> ' . $lng['url_help'] . '</small></p>' . '<p><h3>' . $lng['reason'] . '</h3>' . ' <textarea rows="' . core::$user_set['field_h'] . '" name="reason"></textarea>' . '<br /><small> ' . $lng['not_mandatory_field'] . '</small></p>' . '<p><input type="submit" name="submit" value=" ' . $lng['ban_do'] . ' "/></p></div>' . '<div class="phdr"><small>' . $lng['ip_ban_help'] . '</small></div>' . '</form>' . '<p><a href="index.php?act=ipban">' . $lng['cancel'] . '</a><br /><a href="index.php">' . $lng['admin_panel'] . '</a></p>';
}
break;
case 'insert':
/*
-----------------------------------------------------------------
Проверяем адрес и вставляем в базу
-----------------------------------------------------------------
*/
$ip1 = isset($_POST['ip1']) ? intval($_POST['ip1']) : '';
$ip2 = isset($_POST['ip2']) ? intval($_POST['ip2']) : '';
$ban_term = isset($_POST['term']) ? intval($_POST['term']) : 1;
$ban_url = isset($_POST['url']) ? functions::check($_POST['url']) : '';
$reason = isset($_POST['reason']) ? functions::check($_POST['reason']) : '';
if (!$ip1 || !$ip2) {
echo functions::display_error($lng['error_address'], '<a href="index.php?act=ipban&mod=new">' . $lng['back'] . '</a>');
require_once '../incfiles/end.php';
exit;
}
mysql_query("INSERT INTO `cms_ban_ip` SET\n `ip1` = '{$ip1}',\n `ip2` = '{$ip2}',\n `ban_type` = '{$ban_term}',\n `link` = '{$ban_url}',\n `who` = '{$login}',\n `reason` = '{$reason}',\n `date` = '" . time() . "'");
header('Location: index.php?act=ipban');
break;
case 'clear':
/*
-----------------------------------------------------------------
Очистка таблицы банов по IP
-----------------------------------------------------------------
*/
if (isset($_GET['yes'])) {
////////////////////////////////////////////////////////////////////////////////
*/
defined('_IN_JOHNCMS') or die('Error: restricted access');
require_once "../incfiles/head.php";
if ($rights == 4 || $rights >= 6) {
if (empty($_GET['cat'])) {
echo "ERROR<br /><a href='?'>Back</a><br/>";
require_once '../incfiles/end.php';
exit;
}
$cat = intval(trim($_GET['cat']));
provcat($cat);
$cat1 = mysql_query("select * from `download` where type = 'cat' and id = '" . $cat . "';");
$adrdir = mysql_fetch_array($cat1);
$namedir = "{$adrdir['adres']}/{$adrdir['name']}";
if (isset($_POST['submit'])) {
if (!empty($_POST['newrus'])) {
$newrus = functions::check($_POST['newrus']);
} else {
$newrus = "{$adrdir['text']}";
}
if (mysql_query("update `download` set text='" . $newrus . "' where id='" . $cat . "';")) {
echo '<p>' . $lng_dl['name_changed'] . '</p>';
}
} else {
echo "<form action='?act=ren&cat=" . $cat . "' method='post'><p>";
echo $lng_dl['folder_name_for_list'] . "<br/><input type='text' name='newrus' value='" . $adrdir[text] . "'/></p>";
echo "<p><input type='submit' name='submit' value='" . $lng_dl['change'] . "'/></p></form>";
}
}
echo "<p><a href='?cat=" . $cat . "'>" . $lng['back'] . "</a></p>";
