function fb_content() { //edit by tsikara global $registry; if ($_SERVER['REQUEST_URI'] == '/com/competition') { ?> <meta property="fb:app_id" content="966242223397117" /> <meta property="og:url" content="http://funtime.ge/fotokonkursi" /> <meta property="og:type" content="website" /> <meta property="og:title" content="ფოტოკონკურსი მოყვარული ფოტოგრაფებისათვის" /> <meta property="og:description" content="<p>ფოტოკონკურსი მოყვარული ფოტოგრაფებისათვის</p>" /> <meta property="og:image" content="http://funtime.ge/theme/funtime/images/competition_og.png" /> <?php } else { $out = ' <meta property="fb:app_id" content="1391061841189461" /> <meta property="og:title" content="' . $registry['title'] . '" /> <meta property="og:type" content="website" /> <meta property="og:url" content="' . $registry['url'] . '" /> <meta property="og:image" content="' . $registry['ogim'] . '" /> <meta property="og:site_name" content="Funtime.ge"/> <meta property="og:description" content="' . PHP_slashes(htmlspecialchars(strip_tags($registry['desc']))) . '"/>'; return $out; } }
} ?> " onkeypress="return makeGeo(this,event);" onkeyup="countSymbols('#title',200)" onpaste="setTimeout(function(){return countSymbols('#title',200);},100)" id="title" type="text" name="title" value="<?php echo PHP_slashes(htmlspecialchars(strip_tags($_POST['title']))) ? stripslashes(PHP_slashes(htmlspecialchars(strip_tags($_POST['title'])))) : $num['title']; ?> " maxlength="200" /> <br><i class="right">200</i></td></tr> <tr><td class="td1">ქვესათაური </td><td><a class="convert" onClick='convertText("#title_short")'>Convert AcadNusx to Sylfaen</a><input class="inputbox" style="margin-top:5px; <?php if ($user->get_property('gid') != 24 && $user->get_property('gid') != 25) { ?> color:#000 !important;font-size:22px !important;<?php } ?> " onkeypress="return makeGeo(this,event);" onkeyup="countSymbols('#title_short',200)" onpaste="setTimeout(function(){return countSymbols('#title_short',200);},100)" type="text" id="title_short" name="title_short" value="<?php echo PHP_slashes(htmlspecialchars(strip_tags($_POST['title_short']))) ? stripslashes(PHP_slashes(htmlspecialchars(strip_tags($_POST['title_short'])))) : $num['title_short']; ?> " maxlength="200" /><br><i class="right">200</i></td></tr> <?php if ($user->get_property('gid') == 24 or $user->get_property('gid') == 25) { ?> <tr> <td class="td1">ვიქტორინის მიმაგრება</td> <td> <select name="victo"> <option value="0">--</option> <?php foreach ($registry['victo'] as $vic) { ?> <option value="<?php echo $vic['id'];
$time_hh = 23; } if ($time_hh < 0) { $time_hh = 0; } if ($time_mm > 59) { $time_mm = 59; } if ($time_mm < 0) { $time_mm = 0; } $date = mktime($time_hh, $time_mm, 0, $date_mm, $date_dd, $date_yy); $url = PHP_slashes(htmlspecialchars(strip_tags($_POST['url']))); $banner = PHP_slashes(htmlspecialchars(strip_tags($_POST['banner']))); $filter_cat = intval($_POST['filter-cat']); $title = PHP_slashes(htmlspecialchars(strip_tags($_POST['title']))); if (!empty($filter_cat)) { if (!empty($banner)) { $sum = $DB->getOne("SELECT count(id) FROM #__banners WHERE cat_id='{$filter_cat}'"); if ($sum < 5) { if ($sum > 2) { $bw = 230; $bh = 600; } else { $bw = 800; $bh = 100; } if ($DB->execute("INSERT INTO #__banners (date,url,cat_id,banner,width,height,position) VALUES ('{$date}','{$url}','{$filter_cat}','{$banner}','{$bw}','{$bh}','{$title}')")) { clear_cache(); header('location:/apanel/index.php?component=banners'); }
$read_sql = date('Y-m') . '/' . $name . '.jpg'; move_uploaded_file($_FILES['img']['tmp_name'], '../img/uploads/news/read/' . $read_sql); if ($px[0] > $size[0] && $px[1] > $size[1]) { crop('../img/uploads/news/read/' . $read_sql, $_POST['left'], $_POST['top'], $size[0], $size[1]); } $SQL_IMG = '`img` = "' . $read_sql . '",'; $SQL_STYLE = "`style` = '{$style}',"; } } } } } } $fb_sql = ''; if (!empty($_POST['fbf']) && $_FILES['fb']['size'] < 0) { $fb_sql = PHP_slashes(htmlspecialchars(strip_tags($_POST['fbf']))); } else { if ($_FILES['fb']['size'] > 0) { $px = @GetImageSize($_FILES['fb']['tmp_name']); if ($px[0] == 470 && $px[1] == 247) { $rand = rand(100, 99999); $name = time() . '_' . $rand; $fb_sql = date('Y-m') . '/' . $name . '.jpg'; $imgdir = '../img/uploads/news/fb/' . $fb_sql; move_uploaded_file($_FILES['fb']['tmp_name'], $imgdir); } else { $error[0] = "Facebook ფოტოს ზომა: 470x247"; } } } }
<?php /** * * CMS osRealty 2.1.x * Autor: Roman Chernyshov * E-mail: support@osRealty.ru * URL: www.osRealty.ru * */ defined('_JEXEC') or die('Restricted access'); $err = ''; if ($_POST['add'] == 1) { if (!empty($_POST['alert']) and email_check($_POST['email'])) { $text = PHP_slashes(htmlspecialchars(markhtml($_POST['alert']))); $email = htmlspecialchars($_POST['email']); $idd = intval($_POST['idd']); $sql = "INSERT INTO `#__alert` (`fore`, `text`, `email`) VALUES \r\n\t\t\t('{$idd}','{$text}','{$email}')"; $DB->execute($sql); $err = 'oke'; } else { $err = 'pub1'; } } ?> <div class="fore-old-call"> <img src="/<?php echo $theme; ?> images/alert.png" width="279" height="22" border="0" alt="Пожаловаться на прогноз" title="Пожаловаться на прогноз"/> <div class="border"></div>
$file_unique = $_SERVER['DOCUMENT_ROOT'].'/cache/ip/'.$date.'/unique_visitors'; $current = file_get_contents($file_unique); $cr = explode(',',$current); if(count($cr) > 0){ if(strpos($current,getIP()."|".$registry["post"][0]["id"]."|".$registry['post'][0]['cat']."|".$registry['post'][0]['user']."|".$date) == false){ $current = $current . getIP()."|".$registry["post"][0]["id"]."|".$registry['post'][0]['cat']."|".$registry['post'][0]['user']."|".$date.","; file_put_contents($file_unique, $current); } } } //$check_visitor = $DB->getOne('SELECT id FROM #__unique_visitors WHERE news_id="'.$registry["post"][0]["id"].'" and ip="'.getIP().'" and date="'.$date.'"'); $DB->execute('INSERT INTO #__unique_visitors (news_id,cat,user,ip,date) VALUES ("'.$registry["post"][0]["id"].'","'.$registry['post'][0]['cat'].'","'.$registry['post'][0]['user'].'","'.getIP().'","'.$date.'")'); }*/ if (!file_exists($_SERVER['DOCUMENT_ROOT'] . '/cache/ip/' . $date . '/' . getIP() . '-' . $registry["post"][0]["id"])) { $DB->execute('INSERT INTO #__unique_visitors (news_id,cat,user,ip,date) VALUES ("' . $registry["post"][0]["id"] . '","' . $registry['post'][0]['cat'] . '","' . $registry['post'][0]['user'] . '","' . getIP() . '","' . $date . '")'); } $check_visitor = getOnecache('SELECT id FROM #__unique_visitors WHERE news_id="' . $registry["post"][0]["id"] . '" and ip="' . getIP() . '" and date="' . $date . '"', 86400, 'ip/' . $date . '/' . getIP() . '-' . $registry["post"][0]["id"]); } } if (isset($_GET['dcat'])) { $registry['doctype'] = 'category'; $title = PHP_slashes(htmlspecialchars(strip_tags($_GET['dcat']))); $registry['posts'] = getAllcache('SELECT #__news.*,#__category.name,#__users.realname,#__category.cat_chpu,#__category.id as cat_id FROM #__news LEFT JOIN #__category ON #__category.id = #__news.cat LEFT JOIN #__users ON #__users.id = #__news.user WHERE #__category.cat_chpu = "' . $title . '" and #__category.section = "post" and #__news.moderate=1 and #__news.date <= ' . $time . ' order by #__news.date DESC LIMIT 14', 600, $_GET['dcat']); $registry['title'] = $registry['posts'][0]['name']; }
<?php /** * * CMS It-Solutions 0.1 * Author: Vati Child * E-mail: vatia0@gmail.com * URL: www.it-solutions.ge * */ unset($message); if ((isset($_POST['add']) or isset($_POST['edit'])) and get_access('admin', 'alert', 'edit', false)) { $status = intval($_POST['status']); $id = intval($_POST['id']); $phone = PHP_slashes(htmlspecialchars(strip_tags($_POST['phone']))); $fio = PHP_slashes(htmlspecialchars(strip_tags($_POST['fio']))); $date_dd1 = intval($_POST['date_dd1']); $date_mm1 = intval($_POST['date_mm1']); $date_yy1 = intval($_POST['date_yy1']); $date_dd2 = intval($_POST['date_dd2']); $date_mm2 = intval($_POST['date_mm2']); $date_yy2 = intval($_POST['date_yy2']); if ($date_dd1 > 31) { $date_dd1 = 31; } if ($date_dd1 < 1) { $date_dd1 = 1; } if ($date_mm1 > 12) { $date_mm1 = 12; }
$numm = $DB->getOne("SELECT `num` FROM `#__profile` ORDER BY `num` DESC") + 1; } $DB->execute("INSERT INTO `#__profile` (`desc` ,`type`,`num`) \r\n\t\t\t\t\tVALUES ('" . PHP_slashes(htmlspecialchars($_POST['desc'])) . "','{$typet}','" . $numm . "');"); $massage = 'Новое поле успешно добавлено '; } if (!empty($_GET['delete'])) { $DB->execute("DELETE FROM `#__profile` WHERE `#__profile`.`id` =" . intval($_GET['delete'])); $message = 'Запись удалена'; header("Location: ?component=profile"); } if (!empty($_GET['edit'])) { $anket = $DB->getAll("SELECT * FROM #__profile WHERE id=" . intval($_GET['edit'])); } if ($_POST['event'] == 'update' and intval($_POST['id']) > 0) { //$registry->set('error','Запись успешно обновлена'); $DB->execute("UPDATE `#__profile` SET `desc` = '" . PHP_slashes(htmlspecialchars($_POST['desc'])) . "', \r\n\t\t\t\t\t\t `num` = '" . intval($_POST['num']) . "'\r\n\t\t\t\t\tWHERE `#__profile`.`id` = '" . intval($_POST['id']) . "' LIMIT 1 ;"); header("Location: ?component=profile"); } if (empty($_GET['edit'])) { $profile = $DB->getAll("SELECT * FROM #__profile ORDER BY num ASC"); $count = 0; foreach ($profile as $val) { $count++; $type = explode('|', $val['type']); if ($type[0] == 'input') { $form[] = '<input type="text" name="profile[' . $val['id'] . ']" value="' . $value . '" />'; } if ($type[0] == 'textarea') { $form[] = ' <script type="text/javascript"> WYSIWYG.attach(\'' . $count . 'textar\', prof); // default setup </script><textarea id="' . $count . 'textar" name="profile[' . $val['id'] . ']">' . $value . '</textarea>';
<?php /** * * CMS osRealty 2.1.x * Autor: Roman Chernyshov * E-mail: support@osRealty.ru * URL: www.osRealty.ru * */ defined('_JEXEC') or die('Restricted access'); if (!empty($_GET['dcat'])) { $where = 'WHERE `#__category`.`cat_chpu`=\'' . PHP_slashes(htmlspecialchars($_GET['dcat'])) . '\''; } else { $where = ''; } $news = $DB->getAll('SELECT `#__news`.*, `#__category`.`name`, `#__category`.`cat_chpu` FROM `#__news` LEFT JOIN `#__category` ON `#__news`.`cat`=`#__category`.`id` ' . $where . ' ORDER BY `#__news`.`date` DESC LIMIT 10'); if (count($news) == 0) { header("Location: /"); } $config['domen'] = $_SERVER['HTTP_HOST']; $config['site_title'] = $DB->getOne('SELECT `#__setting`.`value` FROM `#__setting` WHERE `#__setting`.`name`=\'site_title\' LIMIT 1'); $rss = new rss('utf-8'); $rss->channel('RSS - ' . $news[0]['name'], 'http://' . $config['domen'], $config['site_title']); $rss->language('ru-RU'); $rss->copyright('Copyright by ' . $config['domen'] . ' ' . date('Y')); $rss->managingEditor('support@' . str_replace('www.', '', $config['domen'])); $rss->category($news[0]['name']); $rss->startRSS(); foreach ($news as $ne) {
<?php /** * * CMS osRealty 2.1.x * Autor: Roman Chernyshov * E-mail: support@osRealty.ru * URL: www.osRealty.ru * */ defined('_JEXEC') or die('Restricted access'); if ($user->get_property('userID') == 1 or $user->get_property('gid') == 25) { if ($_POST['update'] == 1) { if ($err == 0) { foreach ($_POST as $key => $val) { $key = PHP_slashes($key); $sql = "UPDATE `#__setting` SET `value` = '" . PHP_slashes(htmlspecialchars($val)) . "' WHERE `name`='{$key}' LIMIT 1; "; $DB->execute($sql); } $message[0] = 'valid'; $message[1] = 'Настройки сайта успешно обновлены'; @unlink('../cache/registry'); } } $sql = "SELECT `#__setting`.* FROM `#__setting`"; $tmp_registry = $DB->getAll($sql); foreach ($tmp_registry as $tmp) { $registry[$tmp['name']] = $tmp['value']; } }
<?php defined('_JEXEC') or die('Restricted access'); if ($user->get_property('userID') == 1 or $user->get_property('gid') >= 22) { if (!empty($_GET['delete'])) { $sql = "DELETE FROM `#__status` WHERE `#__status`.`id` = " . intval($_GET['delete']) . " LIMIT 1"; $DB->execute($sql); $t = 3; header('location: ?component=status&status=error&t=' . $t); } if ($_POST['update'] == 1 or $_POST['add'] == 1) { if ($err == 0) { $cat = intval($_POST['cat']); $text = PHP_slashes($_POST['textarea1']); $date = time(); if ($_POST['update'] == 1) { $sql = "UPDATE `#__status` SET \n\t\t\t\t`text` = '{$text}',\n\t\t\t\t`cat`='{$cat}'\n\t\t\t\tWHERE `id`='" . intval($_POST['id']) . "' LIMIT 1; "; $DB->execute($sql); $t = 2; } if ($_POST['add'] == 1) { $sql = "INSERT INTO `#__status` (`id` ,`user`, `cat`, `text`, `rate`,`date`) VALUES \n\t\t\t\t('', '" . $user->get_property('userID') . "','{$cat}','{$text}','0','{$date}')"; $DB->execute($sql); $t = 1; } header('Location: index.php?component=status&status=valid&t=' . $t); } } $filter_p = ''; if ((!empty($_POST['filter-cat']) or !empty($_COOKIE['filter-cat'])) and $_POST['filter-cat'] !== 'none') { if (!empty($_POST['filter-cat'])) {
function addStar($args = array()) { if ($args['user'] == 11 && $args['id'] == 4863) { die; } $ip = ip2long(getIP()); $br = get_browser(null, true); $br['http_referer'] = PHP_slashes(htmlspecialchars(strip_tags($args['ref']))); if (empty($br['http_referer'])) { die; } $browser = base64_encode(serialize($br)); if ($this->get_country_code() == 'GE') { if ($ip > 0 && $args['star'] > 0 && $args['user'] > 0 && $args['id'] > 0) { $expire = time() + 3600 * 24 * 10; $check = $this->DB->getOne("SELECT id FROM osr_news_gallery_votes WHERE news_id='" . $args['id'] . "' and uid='" . $args['user'] . "' and (ip='" . ip2long(getIP()) . "' or cookie='" . bigintval($_COOKIE["guestv_" . $args["id"] . "_" . $args['user']]) . "')"); if (!$check && $check <= 0) { setcookie("guestv_" . $args["id"] . "_" . $args['user'], '1' . $ip . $args['user'] . $args['star'], $expire, '/'); if ($this->DB->execute("INSERT INTO osr_news_gallery_votes (news_id,uid,browser,star,ip,cookie) VALUES ('" . intval($args["id"]) . "','" . intval($args["user"]) . "','" . $browser . "','" . intval($args["star"]) . "','" . $ip . "','1" . $ip . $args['user'] . $args['star'] . "')")) { echo $args['star']; } else { echo 0; } } else { echo 0; } //echo $ip.",".$args['star'].",".$args['user'].",".$args['id'].",".$args['cid']; } } die; }
<?php /** * * CMS It-Solutions 0.1 * Author: Vati Child * E-mail: vatia0@gmail.com * URL: www.it-solutions.ge * */ defined('_JEXEC') or die('Restricted access'); if ($_POST['submit']) { $name = PHP_slashes(htmlspecialchars(strip_tags($_POST['name']))); if ($_FILES['img']['size'] > 0) { $filename = time(); $path = save_image_on_server($_FILES['img'], '../img/uploads/styles/', $registry['img']); $DB->execute('INSERT INTO #__news_style (name,img) VALUES ("' . $name . '","' . $path[1] . '")'); } }
<?php /** * Created by IT-SOLUTIONS. * IS CMS * User: Vati Child * Date: 3/7/15 * Time: 11:09 PM */ defined('_JEXEC') or die; if (get_access('admin', 'contact', 'edit', false)) { if ($_POST['save']) { $address_ge = PHP_slashes(htmlspecialchars(strip_tags($_POST['address_ge']))); $reclam = PHP_slashes(htmlspecialchars(strip_tags($_POST['reclam']))); $phone1 = PHP_slashes(htmlspecialchars(strip_tags($_POST['phone1']))); $phone2 = PHP_slashes(htmlspecialchars(strip_tags($_POST['phone2']))); $email = PHP_slashes(htmlspecialchars(strip_tags($_POST['email']))); $coords = PHP_slashes(htmlspecialchars(strip_tags($_POST['coords']))); if ($DB->execute("UPDATE #__contact SET address_ge='{$address_ge}',reclam='{$reclam}',phone1='{$phone1}',phone2='{$phone2}',email='{$email}',coords='{$coords}' WHERE id=1")) { header('location:/apanel/index.php?component=contact'); } } $registry['contact'] = $DB->getAll("SELECT * FROM #__contact WHERE id=1"); }
if (get_access('admin', 'comments', 'del', false)) { if (!empty($_GET['delete'])) { $sql = "DELETE FROM `#__comments` WHERE `#__comments`.`id` = " . intval($_GET['delete']) . " LIMIT 1"; $DB->execute($sql); $t = 3; header('location: ?component=comment&status=error&t=' . $t); } } if (get_access('admin', 'comments', 'edit', false)) { if ($_POST['update'] == 1 or $_POST['add'] == 1) { if ($_POST['message'] == '') { $err = 8; $message = 'Комментарий не может быть пустым'; } if ($err == 0) { $message = PHP_slashes(htmlspecialchars(strip_tags($_POST['message']))); if ($_POST['update'] == 1) { $sql = "UPDATE `#__comments` SET \r\n\t\t\t\t`message` = '{$message}'\r\n\t\t\t\tWHERE `id`='" . intval($_POST['id']) . "' LIMIT 1; "; $DB->execute($sql); $t = 2; } header('Location: index.php?component=comment&status=valid&t=' . $t); } } } if (get_access('admin', 'comments', 'view', false)) { $filter_p = ''; if ((!empty($_POST['filter-cat']) or !empty($_COOKIE['filter-cat'])) and $_POST['filter-cat'] !== 'none') { if (!empty($_POST['filter-cat'])) { $val = intval($_POST['filter-cat']); setcookie('filter-cat', $val, time() + 36000, '/');
$size_y = intval($_POST['size_y']); $desc = PHP_slashes(htmlspecialchars(strip_tags($_POST['description']))); $validator = validator(['company', 'info|person', 'info|phone', 'cat', 'title', 'contact_at'], ['კომპანიის დასახელება', 'საკონტაქტო პირი', 'ტელეფონის ნომერი', 'რუბრიკის დასახელება', 'საბანერო ადგილი', 'დაკავშირების თარიღი']); if (count($validator) <= 0) { if ($_POST['add']) { if ($_POST['info_num'] > 0) { $info_num = array(); $err = array(0, 0, 0); for ($i = 1; $i <= $_POST['info_num']; $i++) { $info_num['cat'] = intval($_POST['cat_' . $i]); $info_num['title'] = PHP_slashes(htmlspecialchars(strip_tags($_POST['title_' . $i]))); $info_num['contact_at'] = PHP_slashes(htmlspecialchars(strip_tags($_POST['contact_at_' . $i]))); $info_num['contact_at'] = dateFormat($info_num['contact_at'], 'd/m/Y'); $info_num['size_x'] = intval($_POST['size_x_' . $i]); $info_num['size_y'] = intval($_POST['size_y_' . $i]); $info_num['desc'] = PHP_slashes(htmlspecialchars(strip_tags($_POST['description_' . $i]))); $info_num['other'] = intval($_POST['other_' . $i]); if ($info_num['other'] > 0) { $validator = validator(['cat_' . $i, 'contact_at_' . $i], ['რუბრიკის დასახელება (ბლოკი ' . ($i + 1) . ')', 'დაკავშირების თარიღი (ბლოკი ' . ($i + 1) . ')']); if (count($validator) <= 0) { $DB->execute("INSERT INTO `#__banner_orders` (cat_id,description,company,info,contact_at,other) VALUES ('" . $info_num['cat'] . "','" . $info_num['desc'] . "','{$company}','{$info}','" . $info_num['contact_at'] . "','1')"); $arr[$i] = 0; } else { $arr[$i] = 1; $message[0] = 'error'; $message[1] = 'თქვენ გამოგრჩათ რუბრიკა, დაკავშირების თარიღი ' . ($i + 1) . ' ბლოკში (სხვა შეთავაზება)'; } } else { $validator = validator(['cat_' . $i, 'title_' . $i, 'contact_at_' . $i], ['რუბრიკის დასახელება (ბლოკი ' . ($i + 1) . ')', 'საბანერო ადგილი (ბლოკი ' . ($i + 1) . ')', 'დაკავშირების თარიღი (ბლოკი ' . ($i + 1) . ')']); if (count($validator) <= 0) { $DB->execute("INSERT INTO `#__banner_orders` (cat_id,title,description,company,size_x,size_y,info,contact_at) VALUES ('" . $info_num['cat'] . "','" . $info_num['title'] . "','" . $info_num['desc'] . "','{$company}','" . $info_num['size_x'] . "','" . $info_num['size_y'] . "','{$info}','" . $info_num['contact_at'] . "')");
function saveComments() { $name = trim(strip_tags($_POST['nameComment'])); $email = trim($_POST['emailComment']); $text = PHP_slashes(htmlspecialchars(markhtml(trim(rawurldecode($_POST['textComment']))))); $post_url = htmlspecialchars(trim($_POST['posturlComment'])); $urlOpen = htmlspecialchars(trim($_POST['posturlOpenComment'])); $error = false; $login = intval($_POST['loginComment']); $replyComment = intval($_POST['replyComment']); $cap = $_POST['nameCommentCap']; if ($this->capcha) { if ($_SESSION['captha_text'] != $_POST['capcha']) { echo 'ERR5'; exit; } } if ($login == 1) { $persona = intval($_POST['personaComment']); $checked = htmlspecialchars(trim($_POST['checkedComment'])); if ($persona > 0 and $checked > '') { $sql = "SELECT rche_users.* FROM rche_users\n\t\t\t\tWHERE rche_users.userID='{$persona}' LIMIT 1"; $user = $this->registry['DB']->getAll($sql); if (md5($user[0]['password'] . $this->key) == $checked) { $this->login = true; $this->user = $user[0]; } } else { echo 'ERR4'; exit; } } if (!$this->login) { if (strlen($name) < 3) { $error = true; $msg = 1; } if (!$this->emailCheck($email) or strlen($name) > 100) { $error = true; $msg = 2; } $img = 'images/boy48.gif'; } else { $img = $this->user['photo']; $im = explode('/', $img); $img = '/images/' . $this->user['userID'] . '/48/48/1/' . $im['4']; $name = $this->user['username']; $user = $this->user['userid']; } if (strlen($text) == 0) { $error = true; $msg = 3; } if (strlen($post_url) > 50 or strlen($post_url) < 10) { $error = true; $msg = 4; } if ($error) { echo 'ERR' . $msg; exit; } $pass = $this->generate_password(8); $date = $this->get_Date(); $time = time(); if ($cap == '') { $sql = "INSERT INTO {$this->prefix}{$this->table} (`reply`,`user`,`name`,`email`,`comment`,`date`,`url`,`pass`,`urlOpen`)\n\t\t\tVALUE ('{$replyComment}','{$this->user['userID']}','{$name}','{$email}','{$text}','{$time}','{$post_url}','{$pass}','{$urlOpen}')"; $this->registry['DB']->execute($sql); } $lastId = $this->registry['DB']->id; setcookie('comment' . $lastId, $pass, $time + 120, '/'); if (intval($_POST['noAjax']) != 1) { echo $this->itemComments($name, $date, html_entity_decode($text), $img, $lastId, true, $user); exit; } }
$SQL_PHOTO = " `photo` = '{$path}', "; } else { $message = 'Ошибка: неудалось загрузить фото на сервер. Код: 0197838'; } } else { $err = 4; $message = "Ошибка: Разрешение фото не может превышать: {$max_image_width} x {$max_image_height}"; } } } else { $SQL_PHOTO = ''; } } $profile = $_POST['profile']; foreach ($profile as $key => $val) { $save_data[$key] = PHP_slashes(htmlspecialchars($val)); } $profile = serialize($save_data); $sql = "UPDATE `#__users` SET\r\n\t\t`family` = '" . $_POST['fam'] . "', \r\n\t\t`name` = '" . $_POST['name'] . "',\r\n\t\t`name_two` = '" . $_POST['sr'] . "', \r\n\t\t{$SQL_PWD} {$SQL_PHOTO} \r\n\t\t`wm` = '" . $_POST['wm'] . "', \r\n\t\t`desc` = '" . htmlspecialchars($_POST['desc']) . "',\r\n\t\t`profile` = '" . $profile . "'\r\n\t \tWHERE `id` ='" . $user->get_property('userID') . "' LIMIT 1 ;"; $DB->execute($sql); $message = 'Данные профиля успешно обновлены'; } } $all = $DB->getAll('SELECT * FROM #__users WHERE userID=' . $user->get_property('userID')); $profile = $DB->getAll("SELECT * FROM #__profile ORDER BY num ASC"); $profile_val = $all[0]['profile']; $profile_val = unserialize($profile_val); foreach ($profile as $val) { $type = explode('|', $val['type']); if ($type[0] == 'input') { $form[] = '<input class="inputbox" type="text" name="profile[' . $val['id'] . ']" value="' . $profile_val[$val['id']] . '" />';
} } } else { $message[0] = 'error'; $message[1] = 'ბანერის განთავსების ვადა არასწორია!'; } } else { $message[0] = 'error'; } } } if ($_GET['section'] == 'ajax') { if ($_POST['action'] == 'get_positions') { $time = time(); if (isset($_POST['edit']) && $_POST['edit'] == 1) { $edit_sql = " title='" . PHP_slashes(htmlspecialchars(strip_tags($_POST['title']))) . "')"; } $last_options = array(); $positions = $DB->getAll("SELECT title,id,finished_at FROM #__banner_place WHERE cat_id='" . intval($_POST['id']) . "' GROUP by title order by title ASC"); if (count($positions) > 0) { foreach ($positions as $item) { $new_options[$item['title']]['title'] = $item['title']; $new_options[$item['title']]['id'] = $item['id']; } $i = 0; foreach ($new_options as $item) { $last_options[$i]['title'] = $item['title']; $last_options[$i]['id'] = $item['id']; $i++; } }
} if ($_POST['add'] == 1 or $_POST['update'] == 1) { $id = intval($_POST['id']); $block = intval($_POST['block']); $linktype = intval($_POST['linktype']); $show = intval($_POST['show']); if ($linktype == 1) { $ankor = PHP_slashes(htmlspecialchars(strip_tags($_POST['ankor']))); } if ($linktype == 1 or $linktype == 2) { $url = PHP_slashes(htmlspecialchars(strip_tags($_POST['url']))); $noindex = intval($_POST['noindex']); $nofollow = intval($_POST['nofollow']); } if ($linktype == 3) { $ankor = PHP_slashes($_POST['html']); } if ($linktype == 2) { if ($_FILES["photo"]["size"] > 0) { $imgpath = save_image_on_server($_FILES["photo"], '../img/uploads/banner/', $registry['img']); if (!empty($imgpath[1])) { $path = $imgpath[1]; //str_replace('../','',$imgpath[1]).'|'; if ($_POST['update'] == 1) { $SQL_PHOTO = " `photo` = '{$path}', "; } if ($_POST['add'] == 1) { $SQL_PHOTO = $path; } } }
$DB->execute($sql); $lastid = $DB->id; } if (isset($_POST['edit'])) { $sql = "SELECT * FROM #__menu WHERE `id`<>'{$id}' and `comand` LIKE '{$comand}%' ORDER BY id DESC LIMIT 1"; $test = $DB->getAll($sql); if (count($test) > 0) { $comand = $comand . ($test[0]['id'] + 1); } $sql = "UPDATE #__menu SET `name`='{$name}',`comand`='{$comand}' WHERE `id`='{$id}' LIMIT 1"; $DB->execute($sql); $lastid = $id; } foreach ($item as $it) { $it['ankor'] = PHP_slashes(strip_tags($it['ankor'])); $it['url'] = PHP_slashes(strip_tags($it['url'])); $it['pos'] = intval($it['pos']); $it['id'] = intval($it['id']); if ($it['id'] > 0) { $sql = "UPDATE #__menu_link SET \r\n\t\t\t\t\t`ankor`='{$it['ankor']}',\r\n\t\t\t\t\t`url`='{$it['url']}',\r\n\t\t\t\t\t`pos`='{$it['pos']}'\r\n\t\t\t\t\t WHERE `id`='{$it['id']}' and `menuid`='{$lastid}' LIMIT 1"; } else { $sql = "INSERT INTO #__menu_link (`menuid`,`ankor`,`url`,`pos`) \r\n\t\t\t\t\tVALUE ('{$lastid}','{$it['ankor']}','{$it['url']}','{$it['pos']}')"; } $DB->execute($sql); } $message[0] = 'valid'; $message[1] = "Новое меню успешно добавлено"; } } } if (get_access('admin', 'tools', 'del', false)) {
if (!empty($_POST['options']) or !empty($_COOKIE['options'])) { if (!empty($_POST['options'])) { $sql_order = PHP_slashes(htmlspecialchars(strip_tags($_POST['options']))); setcookie('options', $sql_order, time() + 36000, '/'); } else { $sql_order = PHP_slashes(htmlspecialchars(strip_tags($_COOKIE['options']))); } } else { $sql_order = 'views'; } if ((!empty($_POST['sort']) or !empty($_COOKIE['sort'])) and $_POST['sort'] !== 0) { if (!empty($_POST['sort'])) { $sql_sort = PHP_slashes(htmlspecialchars(strip_tags($_POST['sort']))); setcookie('sort', $sql_sort, time() + 36000, '/'); } else { $sql_sort = PHP_slashes(htmlspecialchars(strip_tags($_COOKIE['sort']))); } } else { $sql_sort = 'desc'; } if ($user->get_property('gid') == 21) { $redaqtor2 = ' and #__category.id = 116'; $rcache = '-redactor'; } if (intval($_GET['author']) > 0) { $sql_author = 'and `#__news`.`user`="' . intval($_GET['author']) . '"'; $link = '&author=' . intval($_GET['author']); } if (intval($_GET['cat']) > 0) { $sql_author = 'and `#__news`.`cat`=' . intval($_GET['cat']); $link = '&cat=' . intval($_GET['cat']);
} if (empty($style) && $operation != 2) { if ($_POST['cat_type'] <= 0) { $error[0] = "გთხოვთ აირჩიოთ დიზაინი"; } } else { if ($_POST['style'] == 100) { $size = array(0 => 695, 1 => 445); $sizex = '695x445'; } else { $sizex = $DB->getOne("SELECT size FROM #__news_style WHERE id='" . $style . "'"); $size = explode('x', $sizex); } $SQL_STYLE = "`style` = '{$style}',"; if (!empty($_POST['desimg']) && $_FILES['img']['size'] <= 0 && $_POST['imgsz'] == $sizex) { $img = PHP_slashes(htmlspecialchars(strip_tags($_POST['desimg']))); $SQL_IMG = '`img` = "' . $img . '",'; } else { if ($style != 12) { if ($_FILES['img']['size'] > 0) { $px = @GetImageSize($_FILES['img']['tmp_name']); if ($px[0] >= $size[0] && $px[1] >= $size[1]) { if ($_FILES['img']['type'] == 'image/jpeg' or $_FILES['img']['type'] == 'image/gif' or $_FILES['img']['type'] == 'image/png') { $rand = rand(100, 99999); $name = time() . '_' . $rand; $read_sql = date('Y-m') . '/' . $name . '.jpg'; move_uploaded_file($_FILES['img']['tmp_name'], '../img/uploads/news/read/' . $read_sql); if ($px[0] > $size[0] && $px[1] > $size[1]) { crop('../img/uploads/news/read/' . $read_sql, $_POST['left'], $_POST['top'], $size[0], $size[1]); } $SQL_IMG = '`img` = "' . $read_sql . '",';
$friends = intval($_POST['friends2']); $where = "`punbb_users`.`id`='{$friends}'"; } if ($recipient == 3) { $friends = PHP_slashes(htmlspecialchars($_POST['friends3'])); $where = "`#__users`.`username`='{$friends}'"; } if ($err == 0) { $test_user = $DB->getAll('SELECT `#__users`.`id` as `userID`,`#__users`.`username`,`#__users`.`email` FROM `#__users` WHERE ' . $where); if (count($test_user) == 0 or count($test_user) > 1) { $err = 1; $message = "Ошибка: Вы указали несуществующего получателя"; } if ($err == 0) { $subject = PHP_slashes(utf8_substr(htmlspecialchars(strip_tags($_POST['title'])), 0, 250)); $mess = PHP_slashes(utf8_substr(htmlspecialchars(markhtml($_POST['textarea1'])), 0, 2000)); if (empty($subject)) { $err = 1; $message = "Ошибка: Вы не указали тему сообщения"; } if (empty($mess)) { $err = 1; $message = "Ошибка: Вы не указали текс сообщения"; } if ($err == 0) { $sql = "\tINSERT INTO `#__message` (`from`, `to`, `date`,`subject`,`message`,`view`,`tresh`) \r\n\t\t\t\t\tVALUES ('" . $user->get_property('userID') . "', '" . $test_user[0]['userID'] . "','" . time() . "',\r\n\t\t\t\t\t\t'{$subject}','{$mess}','0','0')"; $DB->execute($sql); $message = "Ваше сообщение успешно отправлено пользователю " . $test_user[0]['username']; $sql = "SELECT LAST_INSERT_ID()"; $last_id = $DB->getOne($sql); $emailsup = $DB->getOne('SELECT `#__setting`.`value`
} if ($date_yy < 2011) { $date_yy = 2011; } $time_hh = intval($_POST['time_hh']); $time_mm = intval($_POST['time_mm']); if ($time_hh > 23) { $time_hh = 23; } if ($time_hh < 0) { $time_hh = 0; } if ($time_mm > 59) { $time_mm = 59; } if ($time_mm < 0) { $time_mm = 0; } $date = mktime($time_hh, $time_mm, 0, $date_mm, $date_dd, $date_yy); $url = PHP_slashes(htmlspecialchars(strip_tags($_POST['url']))); $banner = PHP_slashes(htmlspecialchars(strip_tags($_POST['banner']))); $id = intval($_POST['id']); if (!empty($banner) or !empty($url)) { $DB->execute("UPDATE #__banners SET date='{$date}',url='{$url}',banner='{$banner}' WHERE id='{$id}' "); header('location:/apanel/index.php?component=banners§ion=edit&edit=' . $id . '&message=1'); } else { $message[0] = "error"; $message[1] = "გთხოვთ აირჩიოთ ბანერი ან ჩაწეროთ ბმული."; } } }
} } else { $message[0] = 'error'; $message[1] = "Ошибка: Разрешение фото не может превышать: {$registry['img']['max_image_width']} x {$registry['img']['max_image_height']}"; } } } } $profile = serialize($save_data); $title = PHP_slashes(htmlspecialchars($_POST['title'])); $realname = PHP_slashes(htmlspecialchars($_POST['realname'])); $icq = PHP_slashes(htmlspecialchars($_POST['icq'])); $url = PHP_slashes(htmlspecialchars($_POST['url'])); $vip = intval($_POST['vip']); $email = PHP_slashes(htmlspecialchars($_POST['email'])); $phone = PHP_slashes(htmlspecialchars($_POST['phone'])); $DB->execute("UPDATE `#__users` SET \n\t\t`realname` = '{$realname}', \n\t\t`title` = '{$title}', \n\t\t`url` = '{$url}', \n\t\t`icq` = '{$icq}',\n\t\t`email` = '{$email}',\n\t\t`phone` = '{$phone}',\n\t\t`vip` = '{$vip}'\n\t\tWHERE `id` =" . $idd . " LIMIT 1 ;"); $message[0] = 'valid'; if (!empty($message[1])) { $message[1] .= '<br/>'; } $message[1] .= 'Данные профиля "<b>' . $upd[0]['username'] . '"</b> успешно обновлены'; } } if (!empty($_GET['edit'])) { $profile = $DB->getAll("SELECT * FROM #__profile ORDER BY num ASC"); $profile_val = $DB->getOne("SELECT profile FROM #__users WHERE id=" . intval($_GET['edit'])); $profile_val = unserialize($profile_val); foreach ($profile as $val) { $type = explode('|', $val['type']); if ($type[0] == 'input') {
if($xxmmll=="") $xxmmll = time().".xml"; file_put_contents(plugin_dir_path(__FILE__)."/../xml/".$xxmmll, PHP_slashes($xml, "strip")); mysql_query("update `".$table."` set `title` = '".$ptitle."', `description` = '".$description."', `url` = '".$url."', `size` = '".$size."', `xml` = '".$xxmmll."', `sandbox`='1', `width`='".$width."', `height`='".$height."', `logo`='".$logo."', `playlistmod`='".$playlistmod."', `autoNext`='".$autoNext."', `shuffle`='".$shuffle."', `loop`='".$loop."', `scrollMode`='".$scrollMode."', `theme`='".$theme."', `adddate` = now() where id = '".$docdata['id']."' "); $iiid = $docdata['id']; } else { $xxmmll = time().".xml"; file_put_contents(plugin_dir_path(__FILE__)."/../xml/".$xxmmll, PHP_slashes($xml, "strip")); mysql_query("insert into `".$table."` set `title` = '".$ptitle."', `description` = '".$description."', `url` = '".$url."', `size` = '".$size."', `xml` = '".$xxmmll."', `sandbox`='1', `width`='".$width."', `height`='".$height."', `logo`='".$logo."', `playlistmod`='".$playlistmod."', `autoNext`='".$autoNext."', `shuffle`='".$shuffle."', `loop`='".$loop."', `scrollMode`='".$scrollMode."', `theme`='".$theme."', `adddate` = now() "); $iiid = mysql_insert_id(); } ?> <script language="javascript"> document.location = "<?php echo get_bloginfo('url')."/wp-admin/admin.php?page=html5video_playlist&isuccess=Playlist saved successfully"; ?>"; </script>
$message[0] = 'error'; $message[1] = 'Вы не заполнили поля "заголовок".'; } if (empty($message[0])) { $max_img_size_art_prev = $DB->getOne("SELECT `value` FROM `#__setting` WHERE `name`='max_img_size_art_prev' LIMIT 1;"); $max_img_width_art_prev = $DB->getOne("SELECT `value` FROM `#__setting` WHERE `name`='max_img_width_art_prev' LIMIT 1;"); $max_img_height_art_prev = $DB->getOne("SELECT `value` FROM `#__setting` WHERE `name`='max_img_height_art_prev' LIMIT 1;"); $max_img_size_art_prev = $max_img_size_art_prev * 1024; $title = PHP_slashes(htmlspecialchars(strip_tags($_POST['title']))); $chpu = PHP_slashes(htmlspecialchars(strip_tags($_POST['chpu']))); if ($chpu == '') { $chpu = generate_chpu($title); } $cat = intval($_POST['cat']); $comments = intval($_POST['comments']); $text = PHP_slashes(markhtml($_POST['textarea1'])); $date = time(); $show_date = intval($_POST['show_date']); $original_url = htmlspecialchars(strip_tags($_POST['original_url'])); $tags = $tags_ru = htmlspecialchars(strip_tags($_POST['tags'])); $tags = explode(',', $tags); $tags_en = ''; foreach ($tags as $tag) { $t_en = generate_chpu($tag); if (empty($tags_en)) { $tags_en = $t_en; } else { $tags_en = $tags_en . ', ' . $t_en; } $DB->show_err = FALSE; $sql = "\tINSERT INTO `#__tags` (`name_rus`, `name_eng`, `count`) \r\n\t\t\t\t\tVALUES ('" . strtolower($tag) . "', '" . $t_en . "','0')";
<?php /** * * CMS It-Solutions 0.1 * Author: Vati Child * E-mail: vatia0@gmail.com * URL: www.it-solutions.ge * */ defined('_JEXEC') or die('Restricted access'); $time = time(); $value = PHP_slashes(htmlspecialchars(strip_tags($_GET['text']))); if ($value == 'archive') { $sql_search = ''; } else { $sql_search = '(#__news.title LIKE "%' . $value . '%" or #__news.text LIKE "%' . $value . '%" or #__news.text_short LIKE "%' . $value . '%") and'; } $registry['search'] = $DB->getAll('SELECT #__news.*,#__category.name,#__users.realname,#__category.cat_chpu,#__category.id as cat_id FROM #__news LEFT JOIN #__category ON #__category.id = #__news.cat LEFT JOIN #__users ON #__users.id = #__news.user WHERE ' . $sql_search . ' #__news.moderate=1 and #__category.section="post" and #__news.date <= ' . $time . ' order by #__news.date DESC LIMIT 21'); $registry['title'] = $value;
$san = intval($item[16]); } $lift = intval($arrSel[$item[17]]); if ($lift == 0) { $lift = intval($item[17]); } $detail = str_replace('[br]', "\n", PHP_slashes(htmlspecialchars(strip_tags($item[18])))); $hotenable = intval($arrSel2[$item[19]]); if ($hotenable == 0) { $hotenable = intval($item[19]); } $hottitle = str_replace('[br]', "\n", PHP_slashes(htmlspecialchars(strip_tags($item[20])))); $hotdesc = str_replace('[br]', "\n", PHP_slashes(htmlspecialchars(strip_tags($item[21])))); $title = str_replace('[br]', "\n", PHP_slashes(htmlspecialchars(strip_tags($item[22])))); $metak = str_replace('[br]', "\n", PHP_slashes(htmlspecialchars(strip_tags($item[23])))); $metad = str_replace('[br]', "\n", PHP_slashes(htmlspecialchars(strip_tags($item[24])))); if ($deal == 0) { $deal = intval($arrDeal[$item[1]]); } if ($tip == 0) { $continue++; continue; } if ($ryn == 0) { $ryn = intval($arrRyn[$item[3]]); } if ($ryn == 0) { $ryn = 1; } if ($id > 0) { $update++;