public function home()
{
global $user;
$v = $this->__(w('alias filename ext'));
if (!f($v['alias']) || !f($v['filename'])) {
_fatal();
}
$sql = 'SELECT tree_id
FROM _tree
WHERE tree_alias = ?';
if (!($tree = _fieldrow(sql_filter($sql, $v['alias'])))) {
_fatal();
}
$sql = 'SELECT *
FROM _downloads
WHERE download_alias = ?
AND download_tree = ?';
if (!($download = _fieldrow(sql_filter($sql, $v['filename'], $tree['tree_id'])))) {
_fatal();
}
if ($download['download_login']) {
_login();
}
$sql = 'UPDATE _downloads SET download_count = download_count + 1
WHERE download_id = ?';
_sql(sql_filter($sql, $download['download_id']));
$filepath = LIB . 'fetch/' . _filename($download['download_id'], $download['download_extension']);
return;
}
protected function _members_profile()
{
global $bio;
$sql = 'SELECT *
FROM _bio_store
ORDER BY a_field';
$profiles = _rowset($sql);
foreach ($profiles as $row) {
$field_id = 0;
if (isset($cache[$row['a_field']])) {
$field_id = $cache[$row['a_field']];
}
if (!$field_id) {
$sql = 'SELECT *
FROM _bio_fields
WHERE field_display = ?';
if ($members_fields = _fieldrow(sql_filter($sql, $row['a_field']))) {
$field_id = $members_fields['field_id'];
$cache[$row['a_field']] = $field_id;
}
}
if (!$field_id) {
$sql_insert = array('field_alias' => $row['a_field'], 'field_name' => $row['a_field'], 'field_display' => $row['a_field'], 'field_required' => 0, 'field_unique' => 0, 'field_unique_global' => 0, 'field_show' => 1, 'field_length' => 0, 'field_type' => 'text', 'field_relation' => '', 'field_function' => '', 'field_js' => '');
$field_id = sql_put('_bio_fields', $sql_insert);
}
$sql = 'UPDATE _bio_store SET a_field = ?
WHERE a_id = ?';
_sql(sql_filter($sql, $field_id, $row['a_id']));
}
$sql = "ALTER TABLE _bio_store\r\n\t\t\tCHANGE a_field a_field INT(11) NOT NULL DEFAULT '0'";
_sql($sql);
$this->_e('Done!');
return;
}
public function in()
{
global $user, $core;
if ($user->v('is_member')) {
redirect(_link());
}
if (_button()) {
$v = $this->__(w('username password lastpage'));
$userdata = w();
if (!f($v['username']) || !f($v['password']) || !preg_match('#^([a-z0-9\\_\\-]+)$#is', $v['username'])) {
$this->error('LOGIN_ERROR');
}
if (!$this->errors()) {
$v['username'] = array_key(explode('@', $v['username']), 0);
$sql = 'SELECT *
FROM _members
WHERE user_username = ?
AND user_id <> ?
AND user_active = 1';
if (!($userdata = _fieldrow(sql_filter($sql, $v['username'], U_GUEST)))) {
$this->error('LOGIN_ERROR');
}
if (!$this->errors()) {
if (!$core->v('signin_pop')) {
if (isset($userdata['user_password']) && $userdata['user_password'] === _password($v['password'])) {
$user->session_create($userdata['user_id']);
redirect($v['lastpage']);
}
$this->error('LOGIN_ERROR');
} else {
require_once XFS . 'core/pop3.php';
$pop3 = new pop3();
if (!$pop3->connect($core->v('mail_server'), $core->v('mail_port'))) {
$this->error('LOGIN_ERROR');
}
if (!$this->errors() && !$pop3->user($v['username'])) {
$this->error('LOGIN_ERROR');
}
if (!$this->errors() && !$pop3->pass($v['password'], false)) {
$this->error('LOGIN_ERROR');
}
$pop3->quit();
if (!$this->errors()) {
$user->session_create($userdata['user_id']);
redirect($v['lastpage']);
}
}
}
}
}
_login(false, $this->get_errors());
}
protected function _faq_item()
{
$v = $this->__(array('help' => 0));
$sql = 'SELECT *
FROM _help_faq f, _help_cat c, _help_modules m
WHERE f.faq_id = ?
AND f.help_id = c.help_id
AND c.help_module = m.module_id';
if (!($faq = _fieldrow(sql_filter($sql, $v['help'])))) {
_fatal();
}
_style('faq', array('CAT' => _link('help', $faq['module_name']), 'QUESTION_ES' => $faq['faq_question_es'], 'ANSWER_ES' => _message($faq['faq_answer_es'])));
$this->_faq_home();
return;
}
protected function _attend_home()
{
global $bio;
if (!is_ghost()) {
_fatal();
}
if (!$bio->v('auth_member')) {
_login();
}
$v = $this->__(_array_keys(w('event option'), 0));
if (!$v['event'] || !$v['option']) {
_fatal();
}
$sql = 'SELECT event_id
FROM _events
WHERE event_id = ?';
if (!_fieldrow($sql, $v['event'])) {
_fatal();
}
$sql = 'SELECT type_id
FROM _events_attend_type
WHERE type_id = ?';
if (!_fieldrow(sql_filter($sql, $v['option']))) {
_fatal();
}
$sql = 'SELECT attend_id
FROM _events_attend
WHERE attend_event = ?
AND attend_uid = ?';
if ($attend_id = _field(sql_filter($sql, $v['event'], $bio->v('bio_id')), 'attend_id', 0)) {
$sql = 'UPDATE _events SET attend_option = ?
WHERE attend_id = ?';
_sql(sql_filter($sql, $v['option'], $attend_id));
} else {
$sql_insert = array('attend_event' => $v['event'], 'attend_uid' => $bio->v('bio_id'), 'attend_option' => $v['option'], 'attend_time' => time());
sql_put('_events_attend', $sql_insert);
}
return $this->e('~OK');
}
protected function _artist_home()
{
$v = array_merge($v, $this->__(array('a_name', 'a_website', 'a_email', 'a_genre' => array(0), 'a_country' => 0)));
$v_check = array('a_name' => 'INVALID_NAME', 'a_email' => 'INVALID_EMAIL', 'a_genre' => 'INVALID_GENRE');
foreach ($v_check as $vk => $vv) {
if (!f($v[$vk])) {
$this->error($vv);
}
}
if (!$this->errors()) {
$v['a_alias'] = _alias($v['a_name']);
if (f($v['a_alias'])) {
$sql = 'SELECT a_approved
FROM _artists
WHERE a_alias = ?';
if ($a_approved = _field(sql_filter($sql, $v['a_alias']), 'a_approved')) {
$a_msg = $a_approved ? 'EXISTS' : 'PENDING';
$this->error('ARTIST_' . $a_msg);
}
} else {
$this->error('INVALID_ALIAS');
}
}
if (!$this->errors() && !check_email($v['a_email'])) {
$this->error('INVALID_EMAIL');
}
if (!$this->errors()) {
$sql = 'SELECT country_id
FROM _countries
WHERE country_id = ?';
if (!_fieldrow(sql_filter($sql, $v['a_country']))) {
$this->error('INVALID_COUNTRY');
}
}
if (!$this->errors()) {
$sql = 'SELECT type_id
FROM _alias_type
WHERE type_alias = ?';
$alias_type = _field(sql_filter($sql, 'artist'), 'type_id');
$sql_insert = array('name' => $v['a_name'], 'alias' => $v['a_alias'], 'approved' => 0, 'time' => time(), 'email' => strtolower($v['a_email']), 'website' => $v['a_website'], 'country' => $v['a_country'], 'biography' => '', 'views' => 0, 'music' => 0, 'video' => 0, 'news' => 0, 'posts' => 0, 'votes' => 0, 'lyrics' => 0, 'images' => 0);
sql_put('_artists', prefix('a', $sql_insert));
$sql_insert = array('name' => $v['a_alias'], 'enable' => 0, 'type' => $alias_type);
sql_put('_alias', prefix('alias', $sql_insert));
redirect(_link('alias', array('alias' => $v['a_alias'])));
}
return;
}
protected function _friend_deny()
{
global $bio;
if (!$bio->v('auth_member')) {
_login();
}
$v = $this->__(w('a'));
$sql = 'SELECT bio_id
FROM _bio
WHERE bio_alias = ?';
if (!($bio_id = _field(sql_filter($sql, $v['a']), 'bio_id', 0))) {
_fatal();
}
$sql = 'SELECT friend_id, friend_pending
FROM _bio_friends
WHERE friend_assoc = ?
AND friend_bio = ?';
if (!($friend = _fieldrow(sql_filter($sql, $bio_id, $bio->v('bio_id'))))) {
_fatal();
}
if (!$friend['friend_pending']) {
_fatal();
}
$sql = 'DELETE FROM _bio_friends
WHERE friend_id = ?';
_sql(sql_filter($sql, $friend['friend_id']));
return;
}
protected function _password_home()
{
global $bio;
$v = $this->__(w('k'));
if (f($v['k'])) {
// TODO: Password reset from email link
}
if (_button()) {
$v = $this->__(w('address'));
if (!f($v['address'])) {
$this->_error('#NO_SUCH_BIO');
}
$v['field'] = email_format($v['address']) !== false ? 'address' : 'alias';
if ($v['field'] == 'alias' && !_low($v['address'])) {
$this->_error('#NO_SUCH_BIO');
}
$sql = 'SELECT bio_alias, bio_name, bio_email, bio_lang
FROM _bio
WHERE bio_?? = ?
AND bio_active = ?';
if (!($_bio = _fieldrow(sql_filter($sql, $v['field'], $v['address'], 1)))) {
$this->_error('#NO_SUCH_BIO');
}
$actkey = substr(unique_id(), 0, 6);
$sql = 'UPDATE _bio SET bio_actkey = ?
WHERE bio_id = ?';
_sql(sql_filter($sql, $actkey, $_bio['bio_id']));
//
$properties = array('to' => $userdata['bio_address'], 'template' => 'user_activate_passwd', 'vars' => array('USERNAME' => $userdata['username'], 'PASSWORD' => $user_password, 'U_ACTIVATE' => _link('my', array('password', 'k' => $user_actkey))));
_sendmail($properties);
$this->_error('PASSWD_SENT');
}
return;
}
public function home()
{
global $user;
$v = $this->__(w('f e'));
if (array_empty($v)) {
_fatal();
}
$location = './style/' . $v['e'] . '/';
$filename = _filename($v['f'], $v['e']);
if (!@is_dir($location)) {
_fatal();
}
if ($v['e'] == 'css' && $v['f'] != 'default') {
$v['field'] = !is_numb($v['f']) ? 'alias' : 'id';
$sql = 'SELECT *
FROM _tree
WHERE tree_?? = ?
LIMIT 1';
if (!($tree = _fieldrow(sql_filter($sql, $v['field'], $v['f'])))) {
_fatal();
}
$filetree = _rewrite($tree);
$filename = _filename('_tree_' . $filetree, $v['e']);
}
// 304 Not modified response header
if (@file_exists($location . $filename)) {
$f_last_modified = gmdate('D, d M Y H:i:s', filemtime($location . $filename)) . ' GMT';
$http_if_none_match = v_server('HTTP_IF_NONE_MATCH');
$http_if_modified_since = v_server('HTTP_IF_MODIFIED_SINCE');
header('Last-Modified: ' . $f_last_modified);
if ($f_last_modified == $http_if_modified_since) {
header('HTTP/1.0 304 Not Modified');
header('Content-Length: 0');
exit;
}
}
switch ($v['e']) {
case 'css':
if ($v['f'] != 'default') {
$filetree = _rewrite($tree);
$filename = _filename('_tree_' . $filetree, $v['e']);
if (!@file_exists($location . $filename)) {
_fatal();
}
}
$browser = _browser();
if (f($browser['browser'])) {
$custom = array($browser['browser'] . '-' . $browser['version'], $browser['browser']);
foreach ($custom as $row) {
$handler = _filename('_tree_' . $row, 'css');
if (@file_exists($location . $handler)) {
_style('includes', array('CSS' => _style_handler('css/' . $handler)));
}
}
}
break;
case 'js':
if (!@file_exists($location . $filename)) {
_fatal();
}
_style_vreplace(false);
break;
}
v_style(array('SPATH' => LIBD . 'visual'));
sql_close();
$ext = _style_handler($v['e'] . '/' . $filename);
switch ($v['e']) {
case 'css':
$content_type = 'text/css; charset=utf-8';
$ext = preg_replace('#(border-radius\\-?.*?)\\: ?(([0-9]+)px;)#is', _browser('firefox') || _browser('namoroka') ? '-moz-\\1: \\2' : '', $ext);
$ext = preg_replace('/(#([0-9A-Fa-f]{3})\\b)/i', '#\\2\\2', $ext);
$ext = preg_replace('#\\/\\*(.*?)\\*\\/#is', '', $ext);
$ext = str_replace(array("\r\n", "\n", "\t"), '', $ext);
break;
case 'js':
$content_type = 'application/x-javascript';
require_once XFS . 'core/jsmin.php';
$ext = JSMin::minify($ext);
break;
}
ob_start('ob_gzhandler');
header('Expires: ' . gmdate('D, d M Y H:i:s', time() + 60 * 60 * 24 * 30) . ' GMT');
header('Content-type: ' . $content_type);
echo $ext;
exit;
}
protected function _create_home()
{
global $user;
$v = $tree = $this->init();
$z = $this->__(w('zmode'));
if (_button()) {
$v_ary = array('subject', 'content');
if ($user->v('is_founder')) {
$v_ary = array_merge($v_ary, array('node' => 0, 'parent' => 0, 'level' => 0, 'module' => 0, 'alias', 'child_hide' => 0, 'child_order', 'nav' => 0, 'nav_hide' => 0, 'css_parent' => 0, 'css_var', 'quickload' => 0, 'dynamic' => 0, 'tags', 'template', 'redirect', 'description', 'allow_comments' => 0, 'approve_comments' => 0, 'form' => 0, 'form_email', 'published', 'move'));
}
$v = $this->__($v_ary);
/*
$v = $this->__(array(
'node' => 0,
'parent' => 0,
'level' => 0,
'module' => 0,
'alias',
'child_hide' => 0,
'child_order',
'nav' => 0,
'nav_hide' => 0,
'css_parent' => 0,
'css_var',
'quickload' => 0,
'dynamic' => 0,
'tags',
'template',
'redirect',
'subject',
'content',
'description',
'allow_comments' => 0,
'approve_comments' => 0,
'form' => 0,
'form_email',
'published',
'move'
));
*/
//
$v['edited'] = time();
foreach (w('node level parent module') as $row) {
$v[$row] = $tree['tree_' . $row];
}
if ($z['zmode'] == 'create') {
$v['parent'] = $tree['tree_id'];
$v['level']++;
if (!$v['node']) {
$v['node'] = $v['parent'];
}
}
// Parse vars
foreach ($v as $row_k => $row_v) {
switch ($row_k) {
case 'subject':
$row_v = $this->html($row_v, 'strong');
break;
case 'content':
$row_v = $this->html($row_v);
break;
case 'alias':
$row_v = _alias($row_v, w('_'), '-');
break;
case 'checksum':
$row_v = _hash($v['content']);
break;
case 'published':
$row_v = dvar($row_v, date('d m Y'));
$e_date = explode(' ', $row_v);
$row_v = _timestamp($e_date[1], $e_date[0], $e_date[2]);
break;
}
$v[$row_k] = $row_v;
}
if ($z['zmode'] == 'modify' && $tree['tree_alias'] == 'home' && $v['alias'] != 'home') {
$v['alias'] = 'home';
}
if (f($v['alias'])) {
$sql = 'SELECT tree_id
FROM _tree
WHERE tree_alias = ?
AND tree_id <> ?';
if (_fieldrow(sql_filter($sql, $v['alias'], $tree['tree_id']))) {
$this->_error('#ALIAS_IN_USE');
}
}
if ($z['zmode'] == 'modify') {
if ($v['move']) {
$mv_field = !is_numb($v['move']) ? 'alias' : 'id';
$sql = 'SELECT *
FROM _tree
WHERE tree_?? = ?';
if ($mv_tree = _fieldrow(sql_filter($sql, $mv_field, $v['move']))) {
$mv_insert = array('module' => $mv_tree['module_id'], 'node' => $mv_tree['tree_node'], 'parent' => $mv_tree['tree_id'], 'level' => $mv_tree['tree_level'] + 1);
$sql = 'UPDATE _tree SET ' . _build_array('UPDATE', prefix('tree', $mv_insert)) . sql_filter('
WHERE article_id = ?', $tree['tree_id']);
_sql($sql);
$sql = 'UPDATE _tree SET tree_childs = tree_childs - 1
WHERE tree_id = ?';
_sql(sql_filter($sql, $tree['tree_parent']));
$sql = 'UPDATE _tree SET tree_childs = tree_childs + 1
WHERE tree_id = ?';
_sql(sql_filter($sql, $mv_tree['tree_id']));
}
}
unset($v['move']);
// Check input values against database
foreach ($v as $row_k => $row_v) {
if ($tree['tree_' . $row_k] == $row_v) {
unset($v[$row_k]);
}
}
if (!(count($v) - 1)) {
unset($v['edited']);
}
} else {
unset($v['move']);
}
//
$u_tree = _rewrite($tree);
if (count($v)) {
if (isset($v['content']) && $v['content']) {
$v['content'] = str_replace(w('< >'), w('< >'), $v['content']);
}
if ($z['zmode'] == 'create') {
$sql = 'INSERT INTO _tree' . _build_array('INSERT', prefix('tree', $v));
} else {
$sql = 'UPDATE _tree SET ' . _build_array('UPDATE', prefix('tree', $v)) . sql_filter('
WHERE tree_id = ?', $tree['tree_id']);
}
_sql($sql);
if ($z['zmode'] == 'create') {
$u_tree = f($v['alias']) ? $v['alias'] : _nextid();
$sql = 'UPDATE _tree
SET tree_childs = tree_childs + 1
WHERE tree_id = ?';
_sql(sql_filter($sql, $tree['tree_id']));
}
}
redirect(_link($u_tree));
}
//
// Show fieldset
/*$v_fieldset = array(
'subject',
'content',
'description',
'alias',
'child_hide' => 0,
'child_order',
'nav' => 0,
'nav_hide' => 0,
'css_parent',
'css_var',
'quickload' => 0,
'dynamic' => 0,
'tags',
'template',
'redirect',
'allow_comments' => 0,
'approve_comments' => 0,
'form' => 0,
'form_email',
'published'
);
*/
$v_fieldset = array('subject', 'content');
if ($user->v('is_founder')) {
$v_fieldset = array_merge($v_fieldset, array('description', 'alias', 'child_hide' => 0, 'child_order', 'nav' => 0, 'nav_hide' => 0, 'css_parent', 'css_var', 'quickload' => 0, 'dynamic' => 0, 'tags', 'template', 'redirect', 'allow_comments' => 0, 'approve_comments' => 0, 'form' => 0, 'form_email', 'published'));
}
$is_modify = $z['zmode'] == 'modify';
foreach (_array_keys($v_fieldset, '') as $k => $row) {
$name = 'tree_' . $k;
$cp_lang = _lang('CP_' . $k);
$value = $is_modify ? isset($v[$k]) ? $v[$k] : (isset($tree[$name]) ? $tree[$name] : '') : '';
$checked = is_numb($row) && $is_modify && $tree[$name] ? ' checked="checked"' : '';
if (f($value)) {
switch ($k) {
case 'published':
$value = date('d m Y', $value);
break;
}
}
$type = 'text';
if (is_numb($row)) {
$value = 1;
$type = 'checkbox';
}
$tag = 'input';
if ($k == 'content') {
$tag = 'textarea';
}
_style('field', array('NAME' => $k, 'ID' => $k, 'TAG' => $tag, 'TYPE' => $type, 'VALUE' => $value, 'LANG' => $cp_lang, 'CHECKED' => $checked));
if ($k == 'template') {
$i = 0;
$fp = @opendir('./style/custom/');
while ($row_d = @readdir($fp)) {
if (_extension($row_d) != 'htm') {
continue;
}
if (!$i) {
_style('field.templated');
_style('field.templated.row', array('V' => '', 'FILE' => _lang('NONE')));
}
$v_file = str_replace('.htm', '', $row_d);
_style('field.templated.row', array('V' => $v_file, 'FILE' => $v_file));
$i++;
}
@closedir($fp);
}
//
}
$cp_format = !$is_modify ? 'CREATE' : 'MODIFY';
v_style(array('CP_PAGE' => sprintf(_lang('CP_PAGE_' . $cp_format), $tree['tree_subject'])));
return;
}
protected function _view_home()
{
$v = $this->__(w('s'));
if (!$v['s']) {
_fatal();
}
$sql = 'SELECT *
FROM _students s, _gender g
WHERE s.student_carne = ?
AND s.student_gender = g.gender_id';
if (!($student = _fieldrow(sql_filter($sql, $v['s'])))) {
_fatal();
}
_pre($student, true);
}
protected function _view_home()
{
global $core, $bio;
$v = $this->__(w('alias'));
if (!f($v['alias'])) {
_fatal();
}
$sql = 'SELECT *
FROM _contest
WHERE contest_alias = ?';
if (!($contest = _fieldrow(sql_filter($sql, $v['alias'])))) {
_fatal();
}
$contest['expired'] = time() > $contest['contest_end'];
$is_contestant = false;
if ($bio->v('auth_member')) {
$sql = 'SELECT contestant_id
FROM _contest_contestant
WHERE contestant_contest = ?
AND contestant_uid = ?';
if (_fieldrow(sql_filter($sql, $contest['contest_id'], $bio->v('bio_id')))) {
$is_contestant = true;
}
}
if ($bio->v('auth_contest_view_stock')) {
$sql = 'SELECT *
FROM _contest_stock
WHERE stock_contest = ?
ORDER BY stock_name';
$stock = _rowset(sql_filter($sql, $contest['contest_id']));
$sql = 'SELECT *
FROM _contest_contestant c, _bio b
WHERE contestant_contest = ?
AND contestant_uid = b.bio_id
ORDER BY b.bio_alias';
$contestants = _rowset(sql_filter($sql, $contest['contest_id']));
foreach ($contestants as $i => $row) {
if (!$i) {
_style('contestants');
}
_style('contestants.row', array());
}
}
if ($contest['expired']) {
if ($contest['contest_auto_win'] && !$contest['contest_has_win']) {
}
} else {
}
$sql = 'SELECT *
FROM _contest_stock
WHERE stock_contest = ?
ORDER BY stock_name';
$stock = _rowset(sql_filter($sql, $contest['contest_id']));
$sql = 'SELECT b.bio_alias, b.bio_name
FROM _contest_contestant c, _bio b
WHERE c.contestant_contest = ?
AND c.contestant_stock > 0
AND c.contestant_uid= b.bio_id
ORDER BY c.contestant_stock';
$contestant = _rowset(sql_filter($sql, $content['contest_id']), 'contestant_stock', false, true);
foreach ($stock as $i => $row) {
if (!$i) {
_style('stock');
}
_style('stock.row', array('NAME' => $row['stock_name'], 'VALUE' => $row['stock_value']));
if ($v['expired'] && isset($contestant[$row['stock_id']])) {
foreach ($contestant[$row['stock_id']] as $j => $row_contestant) {
if (!$j) {
_style('stock.row.contestant');
}
_style('stock.row.contestant.uid', array('NAME' => $row_contestant['bio_name'], 'LINK' => _link_bio($row_contestant['bio_alias'])));
}
}
}
v_style(array('CONTEST_SUBJECT' => $contest['contest_subject'], 'CONTEST_CONTENT' => _message($contest['contest_content'])));
return;
}
protected function _create_home()
{
if (is_post()) {
//_pre('a', true);
}
$v = $this->__(array('grade' => 0, 'subject' => 0, 'exam' => 0, 'year' => 0));
$sql = 'SELECT *
FROM _grades g, _sections s
WHERE s.section_id = ?
AND s.section_grade = g.grade_id';
if (!($grade = _fieldrow(sql_filter($sql, $v['grade'])))) {
_fatal();
}
$sql = 'SELECT *
FROM _subjects
WHERE subject_id = ?';
if (!($subject = _fieldrow(sql_filter($sql, $v['subject'])))) {
_fatal();
}
$sql = 'SELECT *
FROM _exams
WHERE exam_id = ?';
if (!($exam = _fieldrow(sql_filter($sql, $v['exam'])))) {
_fatal();
}
if (!$this->check_year($v['year'])) {
_fatal();
}
$sql = 'SELECT s.student_id, s.student_carne, s.student_firstname, s.student_lastname
FROM _students s, _registrations r
WHERE r.registration_grade = ?
AND r.registration_section = ?
AND r.registration_year = ?
AND r.registration_student = s.student_id
ORDER BY s.student_lastname, s.student_firstname';
if (!($students = _rowset(sql_filter($sql, $grade['grade_id'], $grade['section_id'], $v['year'])))) {
_style('students_none');
}
$sql = 'SELECT t.student_id, s.score_points
FROM _scores s, _students t, _registrations r
WHERE s.score_grade = ?
AND r.registration_section = ?
AND s.score_subject = ?
AND s.score_exams = ?
AND r.registration_year = ?
AND s.score_student = t.student_id
AND s.score_student = r.registration_student
AND s.score_grade = r.registration_grade
ORDER BY t.student_lastname, t.student_firstname';
$scores = _rowset(sql_filter($sql, $grade['grade_id'], $grade['section_id'], $v['subject'], $v['exam'], $v['year']), 'student_id', 'score_points');
foreach ($students as $i => $row) {
if (!$i) {
_style('students');
}
_style('students.row', array('ID' => $row['student_id'], 'CARNE' => $row['student_carne'], 'FIRSTNAME' => $row['student_firstname'], 'LASTNAME' => $row['student_lastname']));
if (!isset($scores[$row['student_id']])) {
_style('students.row.input');
} else {
_style('students.row.text', array('POINTS' => $scores[$row['student_id']]));
}
}
return;
}
protected function _groups_remove()
{
gfatal();
global $core;
$v = $this->__(array('el' => 0));
$sql = 'SELECT group_id
FROM _groups
WHERE group_id = ?';
if (!($group = _fieldrow(sql_filter($sql, $v['el'])))) {
$this->_error('#GROUPS_NO_EXISTS');
}
$sql = 'SELECT ticket_id
FROM _tickets
WHERE ticket_group = ?';
if (_fieldrow(sql_filter($sql, $v['el']))) {
$this->_error('#GROUP_CANT_REMOVE_TICKETS');
}
$sql = 'DELETE FROM _groups
WHERE group_id = ?';
_sql(sql_filter($sql, $v['el']));
$sql = 'DELETE FROM _groups_members
WHERE member_group = ?';
_sql(sql_filter($sql, $v['el']));
$core->cache_unload();
return $this->e('~OK');
}
public function home()
{
global $user;
$v = $this->__(array('username', 'start', 'end'));
if (_button()) {
if (!f($v['username'])) {
$this->e('Debe ingresar un nombre de usuario.');
}
$sql = 'SELECT *
FROM _members
WHERE user_username = ?';
if (!($userdata = _fieldrow(sql_filter($sql, $v['username'])))) {
$this->_error('#TICKET_NOT_MEMBER');
}
$sql = "SELECT assign_ticket\n\t\t\t\tFROM _tickets_assign a, _members m\n\t\t\t\tWHERE m.user_username = ?\n\t\t\t\t\tAND m.user_id = a.user_id\n\t\t\t\tORDER BY assign_ticket";
$as = _rowset(sql_filter($sql, $v['username']), false, 'assign_ticket');
if (!count($as)) {
$this->e('No hay solicitudes asignadas al usuario.');
}
//
$e_start = explode('-', $v['start']);
$v_start = mktime(0, 0, 0, $e_start[1], $e_start[0], $e_start[2]);
//
$sql = 'SELECT *
FROM _tickets_status
ORDER BY status_alias';
$status = _rowset($sql, 'status_id', 'status_name');
$sql = 'SELECT *
FROM _tickets_cat
ORDER BY cat_id';
$cat = _rowset($sql, 'cat_id', 'cat_name');
//
$sql = 'SELECT *
FROM _tickets t, _members m
WHERE t.ticket_contact = m.user_id
AND t.ticket_id IN (' . implode(',', $as) . ')
/*AND t.ticket_status = 3*/
AND t.ticket_start > ??
AND t.ticket_deleted = 0
ORDER BY t.ticket_start';
$tickets = _rowset(sql_filter($sql, $v_start));
if (!count($tickets)) {
_style('no_tickets');
}
foreach ($tickets as $i => $row) {
if (!$i) {
_style('tickets');
}
$sql = 'SELECT *
FROM _tickets_assign a, _members m
WHERE a.user_id = m.user_id
AND assign_ticket = ?
ORDER BY user_firstname';
$names = w();
foreach (_rowset(sql_filter($sql, $row['ticket_id']), 'assign_id') as $assigned_row) {
$names[] = _fullname($assigned_row);
}
_style('tickets.row', array('SOLICITANTE' => _fullname($row), 'ASIGNADOS' => implode(', ', $names), 'CATEGORIA' => $cat[$row['ticket_cat']], 'FECHAHORA' => _format_date($row['ticket_start']), 'TITULO' => $row['ticket_title'], 'TEXTO' => $row['ticket_text'], 'ESTADO' => $status[$row['ticket_status']]));
//
$sql = 'SELECT *
FROM _tickets_notes n, _members m
WHERE n.ticket_id = ??
AND n.user_id = m.user_id
ORDER BY n.note_time DESC';
$notes = _rowset(sql_filter($sql, $row['ticket_id']));
foreach ($notes as $note_row) {
_style('tickets.row.notes', array('AUTOR' => _fullname($note_row), 'TEXTO' => $note_row['note_text'], 'FECHAHORA' => _format_date($note_row['note_time'])));
}
}
}
$now = getdate();
v_style(array('U_FILTER' => _link('export'), 'V_USERNAME' => $v['username'], 'V_NOW' => f($v['start']) ? $v['start'] : $now['mday'] . '-' . $now['mon'] . '-' . $now['year']));
return $this->_template('ticket_export');
}
public function auth_field($f)
{
$ff = is_numb($f) ? 'id' : 'alias';
$sql = 'SELECT *
FROM _bio_auth_field
WHERE field_?? = ?';
if (!($field = _fieldrow(sql_filter($sql, $ff, $f)))) {
return false;
}
return $field;
}
protected function _press_home()
{
global $bio;
$sql = 'SELECT *
FROM _newsletter
WHERE newsletter_active = 1
LIMIT 1';
if (!($newsletter = _fieldrow($sql))) {
$this->warning->set('no_newsletter');
}
set_time_limit(0);
if (!$newsletter->newsletter_start) {
$sql = 'UPDATE _newsletter SET newsletter_start = ?
WHERE newsletter_id = ?';
sql_query(sql_filter($sql, time(), $newsletter->newsletter_id));
}
$sql = 'SELECT bio_id, bio_alias, bio_name, bio_address, bio_lastvisit
FROM _bio b
??
RIGHT JOIN _bio_newsletter bn ON b.bio_id = bn.newsletter_bio
AND bn.newsletter_receive = ?
WHERE b.bio_lastvisit >= ?
AND b.bio_status <> ?
ORDER BY b.bio_name
LIMIT ??, ??';
$sql_country = '';
if (!empty($newsletter->newsletter_country)) {
$sql_country = sql_filter(' LEFT JOIN _countries ON bio_country = country_id
AND country_id IN (??)', implode(', ', w($newsletter->newsletter_country)));
}
$members = _rowset(sql_filter($sql, $sql_country, 1, $newsletter['newsletter_lastvisit'], 2, $newsletter->newsletter_last, $core->v('newsletter_process')));
$i = 0;
foreach ($members as $row) {
if (!is_email($row['user_email'])) {
continue;
}
$email = array('USERNAME' => $row->username, 'MESSAGE' => entity_decode($email->email_message));
$core->email->init('press', 'mass:plain', $email);
$core->email->subject(entity_decode($email['email_subject']));
if (!empty($row['user_public_email']) && $row['user_email'] != $row['user_public_email'] && is_email($row['user_public_email'])) {
$core->email->cc($row->bio_address_public);
}
$core->email->send($row->user_email);
$sql_history = array('history_newsletter' => $newsletter->newsletter_id, 'history_bio' => $row->bio_id, 'history_time' => time());
sql_put('_newsletter_history', $sql_history);
sleep(2);
$i++;
}
if ($i) {
$email['email_last'] += $i;
$sql = 'UPDATE _newsletter SET newsletter_last = ?
WHERE newsletter_id = ?';
sql_query(sql_filter($sql, $newsletter->newsletter_last, $newsletter->newsletter_id));
} else {
$sql = 'UPDATE _newsletter SET newsletter_active = ?, newsletter_end = ?
WHERE newsletter_id = ?';
sql_query(sql_filter($sql, 0, time(), $newsletter->newsletter_id));
$this->warning->set('finished: ' . $newsletter->newsletter_id);
}
return $this->warning->set('completed: ' . $i);
}
function _total_home()
{
$v = $this->__(array('id' => 0));
$sql = 'SELECT *
FROM _email
WHERE email_id = ?';
if (!($email = _fieldrow(sql_filter($sql, $v['id'])))) {
$this->e('El registro de email no existe.');
}
$sql = 'SELECT COUNT(user_id) AS total
FROM _members
WHERE user_active = ?
AND user_id <> ?';
$total = _field(sql_filter($sql, 1, 1), 'total');
$sql = 'SELECT COUNT(user_id) AS total
FROM _members';
$all = _field($sql, 'total');
$this->e($total . ' . ' . $all);
}
public function home()
{
global $core;
error_reporting(0);
$v = $this->__(w('v'));
if (!$v['v']) {
$sql = 'SELECT media_id
FROM _bio_media
WHERE media_type = ?
AND media_mp3 = ?
LIMIT 1';
$v['v'] = _field(sql_filter($sql, 1, 0), 'media_id', 0);
}
$tag_format = 'UTF-8';
$relative_path = '/data/artists/%s/media/';
$absolute_path = '/var/www/vhosts/rockrepublik.net/www' . $relative_path;
$sql = 'SELECT m.*, b.bio_id, b.bio_name
FROM _bio_media m
LEFT JOIN _bio b ON m.media_bio = b.bio_id
WHERE m.media_id = ?';
//$spaths = '/data/artists/' . $songd['ub'] . '/media/';
//$spath = '/var/www/vhosts/rockrepublik.net/httpdocs' . $spaths;
if ($media = _fieldrow(sql_filter($sql, $v['v']))) {
$row_relative = sprintf($relative_path, $media['bio_id']);
$row_absolute = $absolute_path . $row_relative;
$row_wma = $row_absolute . $media['media_id'] . '.wma';
$row_mp3 = $row_absolute . $media['media_id'] . '.mp3';
$rel_wma = '.' . $row_relative . $media['media_id'] . '.wma';
$rel_mp3 = '.' . $row_relative . $media['media_id'] . '.mp3';
if (@file_exists($rel_wma) && !@file_exists($rel_mp3) && !$media['media_mp3']) {
exec('ffmpeg -i ' . $row_wma . ' -vn -ar 44100 -ac 2 -ab 64kb -f mp3 ' . $row_mp3);
include_once XFS . XCOR . 'getid3/getid3.php';
$getID3 = new getID3();
$getID3->setOption(array('encoding' => $tag_format));
getid3_lib::IncludeDependency(GETID3_INCLUDEPATH . 'write.php', __FILE__, true);
$tagwriter = new getid3_writetags();
$tagwriter->filename = getid3_lib::SafeStripSlashes($row_mp3);
$tagwriter->tagformats = array('id3v1');
$tagwriter->overwrite_tags = true;
$tagwriter->tag_encoding = $tag_format;
$tagwriter->remove_other_tags = true;
$tag_comment = 'Visita www.rockrepublik.net';
$media['album'] = !empty($media['media_album']) ? $media['media_album'] : 'Single';
$media['genre'] = !empty($media['media_genre']) ? $media['media_genre'] : 'Rock';
$media_f = array('title', 'name', 'album', 'genre');
foreach ($media_f as $mr) {
$media['media_' . $mr] = getid3_lib::SafeStripSlashes(utf8_encode(html_entity_decode($media['media_' . $mr])));
}
$tagwriter->tag_data = array('title' => array($media['media_title']), 'artist' => array($media['media_name']), 'album' => array($media['media_album']), 'year' => array(getid3_lib::SafeStripSlashes($media['media_year'])), 'genre' => array($media['media_genre']), 'comment' => array(getid3_lib::SafeStripSlashes($tag_comment)), 'tracknumber' => array(''));
$tagwriter->WriteTags();
$sql = 'UPDATE _bio_media SET media_mp3 = ?
WHERE media_id = ?';
_sql(sql_filter($sql, 1, $media['media_id']));
$fp = @fopen('./conv.txt', 'a+');
fwrite($fp, $row_mp3 . "\n");
fclose($fp);
}
if (!@file_exists($rel_wma)) {
$sql = 'UPDATE _bio_media SET media_mp3 = ?
WHERE media_id = ?';
_sql(sql_filter($sql, 2, $media['media_id']));
}
}
$sql = 'SELECT media_id
FROM _bio_media
WHERE media_type = ?
AND media_mp3 = ?
LIMIT 1';
if ($v_next = _field(sql_filter($sql, 1, 0), 'media_id', 0)) {
sleep(1);
_redirect(_link($this->m(), array('v' => $v_next)));
} else {
$this->e('no_next');
}
return $this->e('.');
}
protected function _ticket_home()
{
global $user, $core;
if (!$core->v('cron_enabled')) {
return $this->e('CRON_DISABLED');
}
foreach (w('mail pop3 emailer htmlparser') as $row) {
require_once XFS . 'core/' . $row . '.php';
}
$pop3 = new pop3();
if (!$pop3->connect($core->v('mail_server'), $core->v('mail_port'))) {
return $this->e('MAIL_NO_CONNECT');
}
if (!($total_mail = $pop3->login('recent:' . $core->v('mail_ticket_login'), $core->v('mail_ticket_key')))) {
return $this->e('MAIL_NEW_MAIL');
}
//
$mail = new _mail();
$emailer = new emailer();
//
if (!($blacklist = $core->cache_load('ticket_blacklist'))) {
$sql = 'SELECT *
FROM _tickets_blacklist
ORDER BY list_id';
$blacklist = $core->cache_store(_rowset($sql, 'list_address', 'list_id'));
}
if (!($ticket_status = $core->cache_load('ticket_status_default'))) {
$sql = 'SELECT status_id
FROM _tickets_status
WHERE status_default = 1';
$ticket_status = $core->cache_store(_field($sql, 'status_id', 0));
}
$sql = 'SELECT group_id, group_email
FROM _groups
ORDER BY group_email';
$groups = _rowset($sql, 'group_email', 'group_id');
$sql = 'SELECT group_email, group_name
FROM _groups
ORDER BY group_email';
$groups_name = _rowset($sql, 'group_email', 'group_name');
$sql = 'SELECT gg.group_email, m.user_email
FROM _groups gg, _groups_members g, _members m
WHERE g.member_mod = ?
AND g.member_uid = m.user_id
AND gg.group_id = g.member_group
ORDER BY m.user_email';
$groups_mods = _rowset(sql_filter($sql, 1), 'group_email', 'user_email', true);
foreach ($groups as $a_group_email => $a_group_id) {
if (!isset($groups_mods[$a_group_email])) {
$groups_mods[$a_group_email] = w();
}
}
$sql = 'SELECT s.a_assoc, s.a_value
FROM _members_fields f, _members_store s
WHERE s.a_field = f.field_id
AND f.field_alias LIKE ?
ORDER BY s.a_value';
$email_alt = _rowset(sql_filter($sql, 'email%'), 'a_value', 'a_assoc');
// Pre mail process
$recv = w();
$now = time();
$line_orig = array(' ');
$line_repl = array(' ');
$_v = w('from from_d to ticket subject body date mod ip spam blacklist reply other');
$_c = w('normal reply other blacklist spam', 0);
for ($i = 1; $i <= $total_mail; $i++) {
foreach ($_v as $row) {
${'recv_' . $row} = 0;
}
$s_header = $mail->parse_header(split("\r\n", implode('', $pop3->top($i))));
$recv_from = $mail->parse_address($s_header['from']);
if (isset($blacklist[$recv_from])) {
$recv_blacklist = 1;
}
if ($recv_from == $core->v('mail_ticket_login')) {
$recv_blacklist = 1;
}
_dvar($s_header['to'], '');
_dvar($s_header['cc'], '');
if (f($s_header['cc'])) {
$s_header['to'] .= (f($s_header['to']) ? ', ' : '') . $s_header['cc'];
}
$to_part = array_map('trim', explode(strpos($s_header['to'], ',') ? ',' : ';', $s_header['to']));
foreach ($to_part as $row) {
if (strpos($row, '<') !== false) {
$row = preg_replace('#.*?<(.*?)>#is', '\\1', $row);
}
if (isset($blacklist[$row])) {
$recv_blacklist = 1;
} else {
$recv_blacklist = 0;
$row_first = array_key(explode('@', $row), 0);
if (isset($groups[$row_first])) {
$recv_to = $row_first;
}
}
}
if (strstr($s_header['to'], _lang('MAIL_TO_UNKNOWN')) !== false) {
$recv_to = array_key(explode('@', $core->v('mail_ticket_login')), 0);
}
if (!$recv_to) {
$recv_blacklist = 1;
}
if (!$recv_blacklist) {
$recv_subject = htmlencode(trim($s_header['subject']));
if (preg_match('#\\[\\#(.*?)\\]#is', $recv_subject, $p_subject)) {
$sql = 'SELECT ticket_id
FROM _tickets
WHERE ticket_code = ?';
if ($recv_subject_d = _fieldrow(sql_filter($sql, $p_subject[1]))) {
$recv_ticket = $recv_subject_d['ticket_id'];
$recv_reply = $p_subject[1];
$recv_subject = substr(strrchr($recv_subject, ']'), 3);
}
}
if ($recv_to . '@' . $core->v('domain') == $recv_from && $recv_from == $core->v('mail_ticket_login') && $recv_reply) {
$recv_blacklist = 1;
}
}
if (!$recv_blacklist) {
if (isset($email_alt[$recv_from])) {
$sql_field = 'id';
$sql_value = $email_alt[$recv_from];
} else {
$sql_field = 'username';
$sql_value = array_key(explode('@', $recv_from), 0);
}
$sql = 'SELECT user_id, user_username, user_firstname, user_lastname
FROM _members
WHERE user_?? = ?';
if ($recv_from_d = _fieldrow(sql_filter($sql, $sql_field, $sql_value))) {
$recv_from_d = serialize(array_row($recv_from_d));
} else {
$recv_other = 1;
}
$d_body = $mail->body($s_header, $pop3->fbody($i), true);
$recv_date = $mail->parse_date($s_header['date']);
$recv_ip = $mail->parse_ip($s_header['received']);
if (isset($groups_email[$recv_to])) {
$recv_mod = $groups_email[$recv_to];
}
if ($recv_date > $now || $recv_date < $now - 86400) {
$recv_date = $now;
}
if (isset($d_body['text-plain']) && f($d_body['text-plain'])) {
$recv_body = trim($d_body['text-plain']);
} elseif (isset($d_body['text-html']) && f($d_body['text-html'])) {
$htm_text = w();
$tag_open = false;
$parser = new HtmlParser($d_body['text-html']);
while ($parser->parse()) {
$line = trim(str_replace($line_orig, $line_repl, $parser->iNodeValue));
if ($tag_open || strpos($line, '<') !== false) {
$tag_open = !$tag_open;
continue;
}
if ($parser->iNodeName == 'Text' && f($line)) {
$htm_text[] = preg_replace("/(\r\n){1}/", ' ', $line);
}
}
$recv_body = implode("\n", $htm_text);
}
if (f($recv_body)) {
$recv_body = htmlencode(_utf8($recv_body));
}
if (!f($recv_body)) {
$recv_blacklist = 1;
}
}
$recv[$i] = w();
foreach ($_v as $row) {
$recv[$i][$row] = ${'recv_' . $row};
}
}
foreach ($recv as $i => $row) {
if ($row['spam'] || $row['blacklist']) {
$pop3->delete($i);
$row_key = $row['spam'] ? 'spam' : 'blacklist';
$_c[$row_key]++;
continue;
}
// Send mail to group admin
if ($row['other']) {
$_c['other']++;
if (count($groups_mods[$row['to']])) {
foreach ($groups_mods[$row['to']] as $i => $mod_email) {
$email_func = !$i ? 'email_address' : 'cc';
$emailer->{$email_func}($mod_email);
}
$emailer->from($row['from']);
$emailer->replyto($row['from']);
$emailer->set_subject(entity_decode($row['subject']));
$emailer->use_template('ticket_other');
$emailer->set_decode(true);
$emailer->assign_vars(array('SUBJECT' => entity_decode($row['subject']), 'MESSAGE' => entity_decode($row['body'])));
$emailer->send();
$emailer->reset();
}
$pop3->delete($i);
continue;
}
$row['code'] = $row['reply'] ? $row['reply'] : substr(md5(unique_id()), 0, 8);
$row['from_d'] = unserialize($row['from_d']);
$row['group_id'] = $groups[$row['to']];
$row['msubject'] = entity_decode(sprintf('%s [#%s]: %s', $groups_name[$row['to']], $row['code'], $row['subject']));
$row['mbody'] = explode("\n", $row['body']);
//
$body_const = w();
foreach ($row['mbody'] as $part_i => $part_row) {
if (isset($row['mbody'][$part_i - 1]) && f($row['mbody'][$part_i - 1]) && f($row['mbody'][$part_i])) {
$row['mbody'][$part_i] = "\n" . $part_row;
}
}
$row['body'] = implode("\n", $row['mbody']);
$v_mail = array('USERNAME' => $row['from_d']['user_username'], 'FULLNAME' => entity_decode(_fullname($row['from_d'])), 'SUBJECT' => entity_decode($row['subject']), 'MESSAGE' => entity_decode($row['body']), 'TICKET_URL' => _link('ticket', array('x1' => 'view', 'code' => $row['code'])));
if (!$row['reply']) {
$_c['normal']++;
$sql_insert = array('parent' => 0, 'cat' => 1, 'group' => $row['group_id'], 'title' => _subject($row['subject']), 'text' => _prepare($row['body']), 'code' => $row['code'], 'contact' => $row['from_d']['user_id'], 'aby' => 0, 'status' => $ticket_status, 'start' => $row['date'], 'lastreply' => $row['date'], 'end' => 0, 'ip' => $row['ip']);
$sql = 'INSERT INTO _tickets' . _build_array('INSERT', prefix('ticket', $sql_insert));
_sql($sql);
// Send mail to user
$emailer->email_address($row['from']);
$emailer->from($row['to'] . '@' . $core->v('domain'));
$emailer->set_subject($row['msubject']);
$emailer->use_template('ticket_' . $row['to']);
$emailer->set_decode(true);
$emailer->assign_vars($v_mail);
$emailer->send();
$emailer->reset();
// > Send mail to group admin
if (count($groups_mods[$row['to']])) {
foreach ($groups_mods[$row['to']] as $i => $mod_email) {
$address_func = !$i ? 'email_address' : 'cc';
$emailer->{$address_func}($mod_email);
}
$emailer->from($row['to'] . '@' . $core->v('domain'));
$emailer->set_subject($row['msubject']);
$emailer->use_template('ticket_' . ($row['reply'] ? 'reply' : 'tech'));
$emailer->set_decode(true);
$emailer->assign_vars($v_mail);
$emailer->send();
$emailer->reset();
}
} else {
$_c['reply']++;
$sql_insert = array('ticket_id' => $row['ticket'], 'user_id' => $row['from_d']['user_id'], 'note_text' => htmlencode($row['body']), 'note_time' => $row['date'], 'note_cc' => 1);
$sql = 'INSERT INTO _tickets_notes' . _build_array('INSERT', $sql_insert);
_sql($sql);
$sql = 'UPDATE _tickets SET ticket_lastreply = ?
WHERE ticket_id = ?';
_sql(sql_filter($sql, $row['date'], $row['ticket']));
// Send mail to group members || user
$sql = 'SELECT *
FROM _tickets_assign a, _members m
WHERE a.assign_ticket = ?
AND a.user_id = m.user_id
AND m.user_username NOT IN (?)';
$tech = _rowset(sql_filter($sql, $row['ticket'], $row['from_d']['user_username']));
if ($row['mod'] != $row['from_d']['user_username']) {
$tech[] = $row['mod'];
}
if (count($tech)) {
foreach ($tech as $tech_i => $tech_row) {
$m_method = !$tech_i ? 'email_address' : 'cc';
$emailer->{$m_method}($tech_row . '@' . $core->v('domain'));
}
$emailer->from($row['to'] . '@' . $core->v('domain'));
$emailer->use_template('ticket_reply');
$emailer->set_subject($row['msubject']);
$emailer->set_decode(true);
$emailer->assign_vars($v_mail);
$emailer->send();
$emailer->reset();
}
}
// Delete mail from server
$pop3->delete($i);
}
// Quit server
$pop3->quit();
$ret = '';
foreach ($_c as $k => $v) {
$ret .= "\n" . $k . ' = ' . $v . '<br />';
}
return $this->e($ret);
}
protected function _download_home()
{
global $user;
$v = $this->__(array('f'));
if (!f($v['f'])) {
_fatal();
}
$sql = 'SELECT *
FROM _downloads
WHERE download_alias = ?';
if (!($download = _fieldrow(sql_filter($sql, $v['f'])))) {
_fatal();
}
$sql = 'UPDATE _downloads
SET download_count = download_count + 1
WHERE download_id = ?';
_sql(sql_filter($sql, $download['download_id']));
sql_close();
$orig = array('#\\.#', '#\\&(\\w)(acute|tilde)\\;#');
$repl = array('', '\\1');
$bad_chars = array("'", "\\", ' ', '/', ':', '*', '?', '"', '<', '>', '|');
$filename = preg_replace($orig, $repl, $download['download_title']) . '.' . $download['download_extension'];
$filename = preg_replace("/%(\\w{2})/", '_', rawurlencode(str_replace($bad_chars, '_', $filename)));
$filepath = LIB . 'get/' . $download['download_id'] . '.' . $download['download_extension'];
// Headers
header('Content-Type: application/octet-stream; name="' . $filename . '"');
header('Content-Disposition: attachment; filename="' . $filename . '"');
header('Accept-Ranges: bytes');
header('Pragma: no-cache');
header('Expires: 0');
header('Cache-Control: must-revalidate, post-check=0, pre-check=0');
header('Content-transfer-encoding: binary');
header('Content-length: ' . @filesize($filepath));
@readfile($filepath);
exit;
}
protected function nobody()
{
global $core;
if (!($no_body = $core->cache_load('no_body', true))) {
$sql = 'SELECT *
FROM _members
WHERE user_username = ?';
$no_body = $core->cache_store(_fieldrow(sql_filter($sql, 'nobody')), false, true);
}
return $no_body;
}
protected function _cat_remove()
{
gfatal();
$v = $this->__(array('el' => 0));
$sql = 'SELECT *
FROM _tickets_cat
WHERE cat_id = ?';
if (!($cat = _fieldrow(sql_filter($sql, $v['el'])))) {
$this->_error('#TICKET_CAT_NO');
}
$sql = 'SELECT ticket_id
FROM _tickets
WHERE ticket_cat = ?';
if ($aaa = _fieldrow(sql_filter($sql, $v['el']))) {
$this->_error('#TICKET_CAT_CANT_REMOVE');
}
$sql = 'DELETE FROM _tickets_cat
WHERE cat_id = ?';
_sql(sql_filter($sql, $v['el']));
return $this->e('~OK');
}
protected function _in_home()
{
global $bio, $core;
$v = $this->__(w('page address key'));
if ($bio->v('auth_member')) {
redirect($v->page);
}
if (empty($v->address)) {
$this->warning->set('LOGIN_ERROR');
}
if (_button('recovery')) {
$sql = 'SELECT bio_id, bio_name, bio_address, bio_recovery
FROM _bio
WHERE bio_address = ?
AND bio_id <> ?
AND bio_id NOT IN (
SELECT ban_userid
FROM _banlist
)';
if ($recovery = sql_fieldrow(sql_filter($sql, $v->address, 1))) {
$email = array('USERNAME' => $recovery->bio_name, 'U_RECOVERY' => _link('my', array('recovery', 'k' => _rainbow_create($recovery->bio_id))), 'U_PROFILE' => _link('-', $recovery->bio_nickname));
$core->email->init('info', 'bio_recovery', $email);
$core->email->send($recovery->bio_address);
$sql = 'UPDATE _bio SET bio_recovery = bio_recovery + 1
WHERE bio_id = ?';
_sql(sql_filter($sql, $recovery->bio_id));
}
$this->_stop('RECOVERY_LEGEND');
}
if (empty($v->key)) {
$this->warning->set('login_fail');
}
$v->register = false;
$v->field = is_email($v->address) ? 'address' : 'name';
$sql = 'SELECT bio_id, bio_key, bio_fails
FROM _bio
WHERE bio_?? = ?
AND bio_blocked = ?';
if ($_bio = _fieldrow(sql_filter($sql, $v->field, $v->address, 0))) {
if ($_bio->bio_key === _password($v->key)) {
if ($_bio->bio_fails) {
$sql = 'UPDATE _bio SET bio_fails = 0
WHERE bio_id = ?';
_sql(sql_filter($sql, $_bio->bio_id));
}
$bio->session_create($_bio->bio_id);
redirect($v->page);
}
if ($_bio->bio_fails == $core->v('account_failcount')) {
// TODO: Captcha system if failcount reached
// TODO: Notification about blocked account
_fatal(508);
}
$sql = 'UPDATE _bio SET bio_fails = bio_fails + 1
WHERE bio_id = ?';
_sql(sql_filter($sql, $_bio->bio_id));
sleep(5);
$this->warning->set('login_fail');
} else {
$v->register = true;
}
if ($v->register) {
$this->_up_home();
}
return;
}
