define('_IN_JOHNCMS', 1);
$rootpath = '';
require 'incfiles/core.php';
$textl = $lng['registration'];
$headmod = 'registration';
require 'incfiles/head.php';
$lng_reg = core::load_lng('registration');
// Если регистрация закрыта, выводим предупреждение
if (core::$deny_registration || !$set['mod_reg']) {
echo '<p>' . $lng_reg['registration_closed'] . '</p>';
require 'incfiles/end.php';
exit;
}
$captcha = isset($_POST['captcha']) ? trim($_POST['captcha']) : NULL;
$reg_nick = isset($_POST['nick']) ? trim($_POST['nick']) : '';
$lat_nick = functions::rus_lat(mb_strtolower($reg_nick));
$reg_pass = isset($_POST['password']) ? trim($_POST['password']) : '';
$reg_name = isset($_POST['imname']) ? trim($_POST['imname']) : '';
$reg_about = isset($_POST['about']) ? trim($_POST['about']) : '';
$reg_sex = isset($_POST['sex']) ? functions::check(mb_substr(trim($_POST['sex']), 0, 2)) : '';
echo '<div class="phdr"><b>' . $lng['registration'] . '</b></div>';
if (isset($_POST['submit'])) {
// Принимаем переменные
$error = array();
// Проверка Логина
if (empty($reg_nick)) {
$error['login'][] = $lng_reg['error_nick_empty'];
} elseif (mb_strlen($reg_nick) < 2 || mb_strlen($reg_nick) > 15) {
$error['login'][] = $lng_reg['error_nick_lenght'];
}
if (preg_match('/[^\\da-z\\-\\@\\*\\(\\)\\?\\!\\~\\_\\=\\[\\]]+/', $lat_nick)) {
-----------------------------------------------------------------
*/
$error = array();
if (!empty($search) && (mb_strlen($search) < 2 || mb_strlen($search) > 20)) {
$error[] = $lng['nick'] . ': ' . $lng['error_wrong_lenght'];
}
if (preg_match("/[^1-9a-z\\-\\@\\*\\(\\)\\?\\!\\~\\_\\=\\[\\]]+/", functions::rus_lat(mb_strtolower($search)))) {
$error[] = $lng['nick'] . ': ' . $lng['error_wrong_symbols'];
}
if ($search && !$error) {
/*
-----------------------------------------------------------------
Выводим результаты поиска
-----------------------------------------------------------------
*/
$search_db = functions::rus_lat(mb_strtolower($search));
$search_db = strtr($search_db, array('_' => '\\_', '%' => '\\%'));
$search_db = '%' . $search_db . '%';
$total = mysql_result(mysql_query("SELECT COUNT(*) FROM `users` WHERE `name_lat` LIKE '" . mysql_real_escape_string($search_db) . "'"), 0);
echo '<div class="phdr"><b>' . $lng['search_results'] . '</b></div>';
if ($total > $kmess) {
echo '<div class="topmenu">' . functions::display_pagination('search.php?search=' . urlencode($search) . '&', $start, $total, $kmess) . '</div>';
}
if ($total > 0) {
$req = mysql_query("SELECT * FROM `users` WHERE `name_lat` LIKE '" . mysql_real_escape_string($search_db) . "' ORDER BY `name` ASC LIMIT {$start}, {$kmess}");
$i = 0;
while ($res = mysql_fetch_assoc($req)) {
echo $i % 2 ? '<div class="list2">' : '<div class="list1">';
$res['name'] = mb_strlen($search) < 2 ? $res['name'] : preg_replace('|(' . preg_quote($search, '/') . ')|siu', '<span style="background-color: #FFFF33">$1</span>', $res['name']);
echo functions::display_user($res);
echo '</div>';
$user['www'] = isset($_POST['www']) ? functions::check(mb_substr($_POST['www'], 0, 40)) : '';
// Данные юзера (для Администраторов)
$user['name'] = isset($_POST['name']) ? functions::check(mb_substr($_POST['name'], 0, 20)) : $user['name'];
$user['status'] = isset($_POST['status']) ? functions::check(mb_substr($_POST['status'], 0, 50)) : '';
$user['karma_off'] = isset($_POST['karma_off']);
$user['sex'] = isset($_POST['sex']) && $_POST['sex'] == 'm' ? 'm' : 'zh';
$user['rights'] = isset($_POST['rights']) ? abs(intval($_POST['rights'])) : $user['rights'];
// Проводим необходимые проверки
if ($user['rights'] > $rights || $user['rights'] > 9 || $user['rights'] < 0) {
$user['rights'] = 0;
}
if ($rights >= 7) {
if (mb_strlen($user['name']) < 2 || mb_strlen($user['name']) > 20) {
$error[] = $lng_profile['error_nick_lenght'];
}
$lat_nick = functions::rus_lat(mb_strtolower($user['name']));
if (preg_match("/[^0-9a-z\\-\\@\\*\\(\\)\\?\\!\\~\\_\\=\\[\\]]+/", $lat_nick)) {
$error[] = $lng_profile['error_nick_symbols'];
}
}
if ($user['dayb'] || $user['monthb'] || $user['yearofbirth']) {
if ($user['dayb'] < 1 || $user['dayb'] > 31 || $user['monthb'] < 1 || $user['monthb'] > 12) {
$error[] = $lng_profile['error_birth'];
}
}
if ($user['icq'] && ($user['icq'] < 10000 || $user['icq'] > 999999999)) {
$error[] = $lng_profile['error_icq'];
}
if (!$error) {
mysql_query("UPDATE `users` SET\n `imname` = '" . $user['imname'] . "',\n `live` = '" . $user['live'] . "',\n `dayb` = '" . $user['dayb'] . "',\n `monthb` = '" . $user['monthb'] . "',\n `yearofbirth` = '" . $user['yearofbirth'] . "',\n `about` = '" . $user['about'] . "',\n `mibile` = '" . $user['mibile'] . "',\n `mail` = '" . $user['mail'] . "',\n `mailvis` = '" . $user['mailvis'] . "',\n `icq` = '" . $user['icq'] . "',\n `skype` = '" . $user['skype'] . "',\n `jabber` = '" . $user['jabber'] . "',\n `www` = '" . $user['www'] . "'\n WHERE `id` = '" . $user['id'] . "'\n ");
if ($rights >= 7) {
{
$vals = "abcdefghijklmnopqrstuvwxyz0123456789";
$result = '';
for ($i = 1; $i <= $length; $i++) {
$result .= $vals[rand(0, strlen($vals))];
}
return $result;
}
switch ($act) {
case 'sent':
/*
-----------------------------------------------------------------
Отправляем E-mail с инструкциями по восстановлению пароля
-----------------------------------------------------------------
*/
$nick = isset($_POST['nick']) ? functions::rus_lat(mb_strtolower(functions::check($_POST['nick']))) : '';
$email = isset($_POST['email']) ? htmlspecialchars(trim($_POST['email'])) : '';
$code = isset($_POST['code']) ? trim($_POST['code']) : '';
$check_code = md5(rand(1000, 9999));
$error = false;
if (!$nick || !$email || !$code) {
$error = $lng['error_empty_fields'];
} elseif (!isset($_SESSION['code']) || mb_strlen($code) < 4 || $code != $_SESSION['code']) {
$error = $lng_pass['error_code'];
}
unset($_SESSION['code']);
if (!$error) {
// Проверяем данные по базе
$req = mysql_query("SELECT * FROM `users` WHERE `name_lat` = '{$nick}' LIMIT 1");
if (mysql_num_rows($req) == 1) {
$res = mysql_fetch_array($req);
case 'upload':
$c = '../images/smileys/user/' . $do . '/';
if (!is_dir($c)) {
echo functions::display_error($lng['error_wrong_data']);
echo '<p><a href="index.php">' . $lng['admin_panel'] . '</a></p>';
require_once '../incfiles/end.php';
exit;
}
$name_cat = $lng_smileys[$do] ? $lng_smileys[$do] : $do;
echo '<div class="mainblok"><div class="phdr"><a href="?act=smileys&do=' . $do . '&mod=show_cat"><b>' . htmlspecialchars($name_cat) . '</b></a>
| Upload</div>';
if (isset($_POST['submit'])) {
$format = functions::format($_FILES['smiley']['name']);
$_FILES['smiley']['name'] = str_replace('.' . $format, '', strtolower($_FILES['smiley']['name']));
$name = $_POST['name'] ? $_POST['name'] : $_FILES['smiley']['name'];
$name = functions::rus_lat($name);
$name = preg_replace('/[^_a-z0-9]/i', '', $name);
$glob = glob('../images/smileys/user/*/*.{gif,jpg,png}', GLOB_BRACE);
foreach ($glob as $val) {
$val = explode('/', $val);
$val = array_pop($val);
$val = str_replace('.' . $format, '', $val);
if ($val == $name) {
$i = 1;
}
}
if ($i) {
$error[] = 'Smile with the same name already exists.';
}
if ($error) {
echo functions::display_error($error);
echo functions::display_error($lng_forum['error_file_uploaded']);
require '../incfiles/end.php';
exit;
}
if (isset($_POST['submit'])) {
/*
-----------------------------------------------------------------
Проверка, был ли выгружен файл и с какого браузера
-----------------------------------------------------------------
*/
$do_file = false;
$file = '';
if ($_FILES['fail']['size'] > 0) {
// Проверка загрузки с обычного браузера
$do_file = true;
$file = functions::rus_lat(mb_strtolower($_FILES['fail']['name']));
$fsize = $_FILES['fail']['size'];
}
/*
-----------------------------------------------------------------
Обработка файла (если есть), проверка на ошибки
-----------------------------------------------------------------
*/
if ($do_file) {
// Список допустимых расширений файлов.
$al_ext = array_merge($ext_win, $ext_java, $ext_sis, $ext_doc, $ext_pic, $ext_arch, $ext_video, $ext_audio, $ext_other);
$ext = explode(".", $file);
$error = array();
// Проверка на допустимый размер файла
if ($fsize > 1024 * $set['flsz']) {
$error[] = $lng_forum['error_file_size'] . ' ' . $set['flsz'] . 'kb.';
$user_code = isset($_POST['code']) ? trim($_POST['code']) : NULL;
if ($user_pass && !$user_login && !$id) {
$error[] = $lng['error_login_empty'];
}
if (($user_login || $id) && !$user_pass) {
$error[] = $lng['error_empty_password'];
}
if ($user_login && (mb_strlen($user_login) < 2 || mb_strlen($user_login) > 20)) {
$error[] = $lng['nick'] . ': ' . $lng['error_wrong_lenght'];
}
if ($user_pass && (mb_strlen($user_pass) < 3 || mb_strlen($user_pass) > 15)) {
$error[] = $lng['password'] . ': ' . $lng['error_wrong_lenght'];
}
if (!$error && $user_pass && ($user_login || $id)) {
// Query database bagi pengguna
$sql = $id ? "`id` = '{$id}'" : "`name_lat`='" . functions::rus_lat(mb_strtolower($user_login)) . "'";
$req = mysql_query("SELECT * FROM `users` WHERE {$sql} LIMIT 1");
if (mysql_num_rows($req)) {
$user = mysql_fetch_assoc($req);
if ($user['failed_login'] > 2) {
if ($user_code) {
if (mb_strlen($user_code) > 3 && $user_code == $_SESSION['code']) {
// Jika kode keamanan benar
unset($_SESSION['code']);
$captcha = TRUE;
} else {
// Jika kode keamanan salah
unset($_SESSION['code']);
$error[] = $lng['error_wrong_captcha'];
}
} else {
</form>
</div>';
}
echo '<div class="phdr"><a href="index.php?act=write&id=' . $id . '">' . $lng['back'] . '</a></div>';
echo '<p><a href="../users/profile.php?act=office">' . $lng['personal'] . '</a></p>';
require_once '../incfiles/end.php';
exit;
}
}
if (empty($_SESSION['error'])) {
$_SESSION['error'] = '';
}
$out .= '<div class="phdr"><b>' . $lng['mail'] . '</b></div>';
if (isset($_POST['submit']) && empty($ban['1']) && empty($ban['3']) && !functions::is_ignor($id)) {
if (!$id) {
$name = isset($_POST['nick']) ? functions::rus_lat(mb_strtolower(trim($_POST['nick']))) : '';
}
$text = isset($_POST['text']) ? trim($_POST['text']) : '';
if ($set_user['translit'] && isset($_POST['msgtrans'])) {
$text = functions::trans($text);
}
$newfile = '';
$sizefile = 0;
$do_file = FALSE;
$do_file_mini = FALSE;
$error = array();
if (!$id && empty($name)) {
$error[] = $lng_mail['indicate_login_grantee'];
}
if (empty($text)) {
$error[] = $lng_mail['message_not_empty'];
