if (!$tag) {
msg("error", $lang['index_denied'], $lang['links_err'], "?mod=links");
}
$db->query("INSERT INTO " . USERPREFIX . "_admin_logs (name, date, ip, action, extras) values ('" . $db->safesql($member_id['name']) . "', '{$_TIME}', '{$_IP}', '93', '{$tag}')");
$db->query("INSERT INTO " . PREFIX . "_links (word, link, only_one) values ('{$tag}', '{$url}', '{$onlyone}')");
@unlink(ENGINE_DIR . '/cache/system/links.php');
clear_cache();
header("Location: ?mod=links");
die;
}
if ($_GET['action'] == "edit") {
if ($_REQUEST['user_hash'] == "" or $_REQUEST['user_hash'] != $dle_login_hash) {
die("Hacking attempt! User not found");
}
$tag = convert_unicode(urldecode($_GET['tag']), $config['charset']);
$url = convert_unicode(urldecode($_GET['url']), $config['charset']);
$onlyone = intval($_GET['onlyone']);
$tag = @$db->safesql(htmlspecialchars(strip_tags(stripslashes(trim($tag))), ENT_COMPAT, $config['charset']));
$url = @$db->safesql(htmlspecialchars(strip_tags(stripslashes(trim($url))), ENT_QUOTES, $config['charset']));
$url = str_ireplace("document.cookie", "document.cookie", $url);
$url = preg_replace("/javascript:/i", "javascript:", $url);
$url = preg_replace("/data:/i", "data:", $url);
$id = intval($_GET['id']);
if (!$tag) {
msg("error", $lang['index_denied'], $lang['links_err'], "?mod=links&start_from={$start_from}");
}
$db->query("INSERT INTO " . USERPREFIX . "_admin_logs (name, date, ip, action, extras) values ('" . $db->safesql($member_id['name']) . "', '{$_TIME}', '{$_IP}', '94', '{$tag}')");
$db->query("UPDATE " . PREFIX . "_links SET word='{$tag}', link='{$url}', only_one='{$onlyone}' WHERE id='{$id}'");
@unlink(ENGINE_DIR . '/cache/system/links.php');
clear_cache();
header("Location: ?mod=links&start_from={$start_from}");
// Instead of week number show the date for the first day in the week
// on the week scale
$graph->scale->week->SetStyle(WEEKSTYLE_FIRSTDAY);
// Make the week scale font smaller than the default
if (isset($gantt_title_font_family)) {
$graph->scale->week->SetFont(constant($gantt_title_font_family), FS_NORMAL, 9);
$graph->scale->month->SetFont(constant($gantt_title_font_family), FS_NORMAL, 9);
}
// Use the short name of the month together with a 2 digit year
// on the month scale
$graph->scale->month->SetStyle(MONTHSTYLE_SHORTNAMEYEAR2);
$rows = count($pt_arr);
for ($i = 0; $i < $rows; $i++) {
// Format the bar for the first activity
// ($row,$title,$startdate,$enddate)
$activity[$i] = new GanttBar($i, convert_unicode($pt_arr[$i]->getSummary()), date('Y-m-d', $pt_arr[$i]->getStartDate()), date('Y-m-d', $pt_arr[$i]->getEndDate() - 86400));
// Yellow diagonal line pattern on a red background
$activity[$i]->SetPattern(BAND_RDIAG, "yellow");
$activity[$i]->SetFillColor("red");
$activity[$i]->progress->Set($pt_arr[$i]->getPercentComplete() ? $pt_arr[$i]->getPercentComplete() / 100 : 0);
$activity[$i]->progress->SetPattern(BAND_RDIAG, "blue");
if (isset($gantt_task_font_family)) {
$activity[$i]->title->SetFont(constant($gantt_task_font_family), constant($gantt_task_font_style), $gantt_task_font_size);
}
// Finally add the bar to the graph
$graph->Add($activity[$i]);
}
//echo $rows;
$todayline = new GanttVLine(date('Y-m-d', time()), "Today");
$todayline->SetDayOffset(0.5);
$graph->Add($todayline);
$newpostedxfields = array();
$filecontents = array();
foreach ($category as $cats_explode) {
foreach ($xfields as $name => $value) {
if ($value[2] != "" and !in_array($cats_explode, explode(",", $value[2]))) {
continue;
}
if ($value[5] == 0 and $postedxfields[$value[0]] == "") {
if ($add_module == "yes") {
$stop .= $lang['xfield_xerr1'];
} else {
msg("error", "error", "{$lang['xfield_xerr1']}<br /><a href=\"javascript:history.go(-1)\">{$lang['func_msg']}</a>");
}
}
if ($ajax_edit == "yes") {
$postedxfields[$value[0]] = convert_unicode($postedxfields[$value[0]], $config['charset']);
}
if ($value[3] == "select") {
$options = explode("\r\n", $value[4]);
$postedxfields[$value[0]] = $options[$_POST['xfield'][$value[0]]];
}
if (($value[3] == "text" or $value[3] == "select") and $postedxfields[$value[0]] != "") {
$newpostedxfields[$value[0]] = trim(htmlspecialchars(strip_tags(stripslashes($postedxfields[$value[0]])), ENT_QUOTES));
} elseif ($postedxfields[$value[0]] != "") {
if ($add_module == "yes") {
if ($config['allow_site_wysiwyg'] == "yes" or $allow_br != '1') {
$newpostedxfields[$value[0]] = $parse->BB_Parse($parse->process($postedxfields[$value[0]]));
} else {
$newpostedxfields[$value[0]] = $parse->BB_Parse($parse->process($postedxfields[$value[0]]), false);
}
} else {
die("error");
}
if ($config['allow_comments_wysiwyg']) {
$parse->wysiwyg = true;
$use_html = true;
$parse->ParseFilter(array('div', 'span', 'p', 'br', 'strong', 'em', 'ul', 'li', 'ol', 'b', 'u', 'i', 's'), array(), 0, 1);
if ($user_group[$member_id['user_group']]['allow_url']) {
$parse->tagsArray[] = 'a';
}
if ($user_group[$member_id['user_group']]['allow_image']) {
$parse->tagsArray[] = 'img';
}
} else {
$use_html = false;
}
$comm_txt = trim($parse->BB_Parse($parse->process(convert_unicode($_POST['comm_txt'], $config['charset'])), $use_html));
if ($parse->not_allowed_tags) {
die("error");
}
if ($parse->not_allowed_text) {
die("error");
}
if (dle_strlen($comm_txt, $config['charset']) > $config['comments_maxlen']) {
die("error");
}
if ($comm_txt == "") {
die("error");
}
if (intval($config['comments_minlen']) and dle_strlen($comm_txt, $config['charset']) < $config['comments_minlen']) {
die("error");
}
}
//################# Определение групп пользователей
$user_group = get_vars("usergroup");
if (!$user_group) {
$user_group = array();
$db->query("SELECT * FROM " . USERPREFIX . "_usergroups ORDER BY id ASC");
while ($row = $db->get_row()) {
$user_group[$row['id']] = array();
foreach ($row as $key => $value) {
$user_group[$row['id']][$key] = stripslashes($value);
}
}
set_vars("usergroup", $user_group);
$db->free();
}
$txt = trim(convert_unicode($_POST['txt'], $config['charset']));
if (function_exists("get_magic_quotes_gpc") && get_magic_quotes_gpc()) {
$txt = stripslashes($txt);
}
require_once ENGINE_DIR . '/classes/typograf.class.php';
if ($config['charset'] == "windows-1251") {
$typo = new typographus();
} else {
$typo = new typographus($config['charset']);
}
$txt = $typo->process($txt);
$find = array('/data:/i', '/about:/i', '/vbscript:/i', '/onclick/i', '/onload/i', '/onunload/i', '/onabort/i', '/onerror/i', '/onblur/i', '/onchange/i', '/onfocus/i', '/onreset/i', '/onsubmit/i', '/ondblclick/i', '/onkeydown/i', '/onkeypress/i', '/onkeyup/i', '/onmousedown/i', '/onmouseup/i', '/onmouseover/i', '/onmouseout/i', '/onselect/i', '/javascript/i', '/onmouseenter/i', '/onwheel/i', '/onshow/i');
$replace = array("data:", "about:", "vbscript<b></b>:", "onclick", "onload", "onunload", "onabort", "onerror", "onblur", "onchange", "onfocus", "onreset", "onsubmit", "ondblclick", "onkeydown", "onkeypress", "onkeyup", "onmousedown", "onmouseup", "onmouseover", "onmouseout", "onselect", "javascript", 'onmouseenter', 'onwheel', 'onshow');
$txt = preg_replace($find, $replace, $txt);
$txt = preg_replace("#<iframe#i", "<iframe", $txt);
$txt = preg_replace("#<script#i", "<script", $txt);
@unlink(ENGINE_DIR . '/cache/system/' . $file);
}
}
clear_cache();
$buffer = "<font color=\"green\">" . $lang['clear_cache'] . "</font>";
}
if ($_REQUEST['action'] == "clearsubscribe") {
if ($member_id['user_group'] != 1) {
die("error");
}
$db->query("TRUNCATE TABLE " . PREFIX . "_subscribe");
$buffer = "<font color=\"green\">" . $lang['clear_subscribe'] . "</font>";
}
if ($_REQUEST['action'] == "sendnotice") {
$row = $db->super_query("SELECT id FROM " . PREFIX . "_notice WHERE user_id = '{$member_id['user_id']}'");
$notice = $db->safesql(convert_unicode($_POST['notice'], $config['charset']));
if ($row['id']) {
$db->query("UPDATE " . PREFIX . "_notice SET notice='{$notice}' WHERE user_id = '{$member_id['user_id']}'");
} else {
$db->query("INSERT INTO " . PREFIX . "_notice (user_id, notice) values ('{$member_id['user_id']}', '{$notice}')");
}
$buffer = "<font color=\"green\">" . $lang['saved'] . "</font>";
}
if ($_REQUEST['action'] == "deletemodules") {
if ($member_id['user_group'] != 1) {
die("error");
}
$id = intval($_REQUEST['id']);
if ($id) {
$db->query("DELETE FROM " . PREFIX . "_admin_sections WHERE id = '{$id}'");
$buffer = 'ok';
$_POST['news_txt'] = strip_tags($_POST['news_txt']);
$_POST['full_txt'] = strip_tags($_POST['full_txt']);
}
$news_txt = $db->safesql($parse->BB_Parse($parse->process($_POST['news_txt']), $use_html));
$full_txt = $db->safesql($parse->BB_Parse($parse->process($_POST['full_txt']), $use_html));
if ($config['safe_xfield']) {
$parse->ParseFilter();
$parse->safe_mode = true;
}
$add_module = "yes";
$ajax_edit = "yes";
$stop = "";
$category = $cat_list;
$xfieldsaction = "init";
include ENGINE_DIR . '/inc/xfields.php';
$editreason = $db->safesql(htmlspecialchars(strip_tags(stripslashes(trim(convert_unicode($_POST['reason'], $config['charset'])))), ENT_QUOTES));
if ($editreason != "") {
$view_edit = 1;
} else {
$view_edit = 0;
}
$added_time = time() + $config['date_adjust'] * 60;
if (!trim($_POST['title'])) {
die($lang['add_err_7']);
}
if ($parse->not_allowed_text) {
die($lang['news_err_39']);
}
$db->query("UPDATE " . PREFIX . "_post SET title='{$_POST['title']}', short_story='{$news_txt}', full_story='{$full_txt}', xfields='{$filecontents}', approve='{$approve}', allow_br='{$allow_br}' WHERE id = '{$id}'");
$db->query("UPDATE " . PREFIX . "_post_extras SET editdate='{$added_time}', editor='{$member_id['name']}', reason='{$editreason}', view_edit='{$view_edit}' WHERE news_id = '{$id}'");
if ($user_group[$member_id['user_group']]['allow_admin']) {
// Определение категорий и их параметры
//####################################################################################################################
$cat_info = get_vars("category");
if (!is_array($cat_info)) {
$cat_info = array();
$db->query("SELECT * FROM " . PREFIX . "_category ORDER BY posi ASC");
while ($row = $db->get_row()) {
$cat_info[$row['id']] = array();
foreach ($row as $key => $value) {
$cat_info[$row['id']][$key] = stripslashes($value);
}
}
set_vars("category", $cat_info);
$db->free();
}
$title = $db->safesql(trim(convert_unicode($_POST['title'], $config['charset'])));
if ($title == "") {
die;
}
$buffer = "";
$id = intval($_POST['id']);
if ($id) {
$where = " AND id != '" . $id . "'";
} else {
$where = "";
}
$db->query("SELECT id, title, date, category, alt_name, MATCH (title, short_story, full_story, xfields) AGAINST ('{$title}') as score FROM " . PREFIX . "_post WHERE MATCH (title, short_story, full_story, xfields) AGAINST ('{$title}') AND approve='1'" . $where . " ORDER BY score DESC, date DESC LIMIT 5");
while ($related = $db->get_row()) {
$related['date'] = strtotime($related['date']);
$related['category'] = intval($related['category']);
$news_date = date('d-m-Y', $related['date']);
$empfanger = array();
$temp = explode(",", $_POST['empfanger']);
foreach ($temp as $value) {
$empfanger[] = intval($value);
}
$empfanger = implode("','", $empfanger);
$empfanger = "user_group IN ('" . $empfanger . "')";
} else {
$empfanger = false;
}
$type = $_POST['type'];
$a_mail = intval($_POST['a_mail']);
$limit = intval($_POST['limit']);
$step = 0;
$title = convert_unicode($_POST['title'], $config['charset']);
$message = convert_unicode($_POST['message'], $config['charset']);
$find = array('/data:/i', '/about:/i', '/vbscript:/i', '/onclick/i', '/onload/i', '/onunload/i', '/onabort/i', '/onerror/i', '/onblur/i', '/onchange/i', '/onfocus/i', '/onreset/i', '/onsubmit/i', '/ondblclick/i', '/onkeydown/i', '/onkeypress/i', '/onkeyup/i', '/onmousedown/i', '/onmouseup/i', '/onmouseover/i', '/onmouseout/i', '/onselect/i', '/javascript/i', '/onmouseenter/i', '/onwheel/i', '/onshow/i');
$replace = array("data:", "about:", "vbscript<b></b>:", "onclick", "onload", "onunload", "onabort", "onerror", "onblur", "onchange", "onfocus", "onreset", "onsubmit", "ondblclick", "onkeydown", "onkeypress", "onkeyup", "onmousedown", "onmouseup", "onmouseover", "onmouseout", "onselect", "javascript", 'onmouseenter', 'onwheel', 'onshow');
$message = preg_replace($find, $replace, $message);
$message = preg_replace("#<iframe#i", "<iframe", $message);
$message = preg_replace("#<script#i", "<script", $message);
$message = str_replace("<?", "<?", $message);
$message = str_replace("?>", "?>", $message);
$title = preg_replace($find, $replace, $title);
$title = preg_replace("#<iframe#i", "<iframe", $title);
$title = preg_replace("#<script#i", "<script", $title);
$title = str_replace("<", "<", $title);
$title = str_replace(">", ">", $title);
if (!$title or !$message or !$limit) {
die("error");
}
if (defined('ALLOW_users_search') && ALLOW_users_search == true) {
require_once ENGINE_DIR . '/modules/users/search.php';
} else {
stop();
}
break;
case 'searchstudent':
$thispage .= ": Поиск";
if (defined('ALLOW_users_search') && ALLOW_students_search == true) {
require_once ENGINE_DIR . '/modules/users/search.student.form.php';
} else {
stop();
}
break;
case 'searchstudentpost':
$thispage .= ": Поиск " . convert_unicode($_POST['data']);
if (defined('ALLOW_users_search') && ALLOW_students_search == true) {
require_once ENGINE_DIR . '/modules/users/search.student.php';
} else {
stop();
}
break;
case 'students':
if (defined('ALLOW_students_search') && ALLOW_students_list == true) {
require_once ENGINE_DIR . '/modules/users/list_students.php';
} else {
stop();
}
break;
case 'searchcosmos':
if (defined('ALLOW_cosmos_search') && ALLOW_cosmos_search == true) {
function my_unescape($ar)
{
if (is_array($ar)) {
foreach ($ar as $i => $v) {
$ar[$i] = my_unescape($v);
}
} else {
$ar = convert_unicode($ar);
}
return $ar;
}
//$graph->SetScale( "linlog");
//$graph ->SetYScale("log");
if ($area == 'tracker') {
// Create the tracker open plot
$ydata =& $report->getTrackerOpened();
$lineplot = new LinePlot($ydata);
$lineplot->SetColor("black");
$graph->Add($lineplot);
// Create the tracker close plot
$ydata2 =& $report->getTrackerClosed();
$lineplot2 = new LinePlot($ydata2);
$lineplot2->SetColor("blue");
$graph->Add($lineplot2);
// Legends
$lineplot->SetLegend(convert_unicode(_('Tracker Items Opened')));
$lineplot2->SetLegend(convert_unicode(_('Tracker Items Closed')));
} elseif ($area == 'forum') {
// Create the forum plot
$ydata3 =& $report->getForum();
$lineplot3 = new LinePlot($ydata3);
$lineplot3->SetColor("orange");
$graph->Add($lineplot3);
// Legends
$lineplot3->SetLegend("Forum");
} elseif ($area == 'docman') {
// Create the Docman plot
$ydata4 =& $report->getDocs();
$lineplot4 = new LinePlot($ydata4);
$lineplot4->SetColor("red");
$graph->Add($lineplot4);
// Legends
return;
}
$db->super_query("CREATE TABLE IF NOT EXISTS `" . USERPREFIX . "_ulogin` (\n `id` int(10) unsigned NOT NULL AUTO_INCREMENT,\n `user_id` int(10) unsigned NOT NULL,\n `ident` char(255) NOT NULL,\n `email` char(255) DEFAULT NULL,\n `seed` int(10) unsigned NOT NULL,\n PRIMARY KEY (`id`)\n ) ENGINE=MyISAM;");
$ulogin_id = $db->super_query("SELECT user_id,seed FROM " . USERPREFIX . "_ulogin where ident='" . $db->safesql($user['identity']) . "'");
$member_id = FALSE;
if ($ulogin_id) {
$password = md5($user['identity'] . $ulogin_id['seed']);
$member_id = $db->super_query("SELECT user_id FROM " . USERPREFIX . "_users where user_id=" . $ulogin_id['user_id']);
}
if ($member_id) {
login_ulogin_user($member_id['user_id'], $password);
} else {
$fullname = $config['charset'] != 'utf-8' ? convert_unicode($user['first_name'] . ' ' . $user['last_name'], $config['charset']) : $user['first_name'] . ' ' . $user['last_name'];
$fullname = $db->safesql($parse->process($fullname));
$login = isset($user['nickname']) ? $user['nickname'] : $user['first_name'];
$login = $config['charset'] != 'utf-8' ? convert_unicode($login) : $login;
$login = $db->safesql($parse->process(htmlspecialchars(trim($login))));
$login = preg_replace('#\\s+#i', ' ', $login);
$not_allow_symbol = array("\"", "`", "\t", '\\n', '\\r', "\n", "\r", '\\', ",", "/", "¬", "#", ";", ":", "~", "[", "]", "{", "}", ")", "(", "*", "^", "%", "\$", "<", ">", "?", "!", '"', "'", " ");
$email = $user['email'];
$email = $db->safesql(trim(str_replace($not_allow_symbol, '', strip_tags(stripslashes($email)))));
if (isset($user['photo'])) {
$photo = $user['photo'];
} else {
$photo = "";
}
$idx = 0;
$email_parts = explode('@', $email);
$test_login = $login;
while ($reg_error = check_ulogin_register($test_login, $email)) {
$idx++;
$name = $member_id['name'];
$email = $member_id['email'];
} else {
$_POST['name'] = convert_unicode($_POST['name'], $config['charset']);
$_POST['email'] = convert_unicode($_POST['email'], $config['charset']);
$name = $db->safesql(strip_tags($_POST['name']));
$not_allow_symbol = array("\"", "`", "\t", '\\n', '\\r', "\n", "\r", '\\', ",", "/", "¬", "#", ";", ":", "~", "[", "]", "{", "}", ")", "(", "*", "^", "%", "\$", "<", ">", "?", "!", '"', "'");
$email = $db->safesql(trim(str_replace($not_allow_symbol, '', strip_tags(stripslashes($_POST['email'])))));
$db->query("SELECT name FROM " . USERPREFIX . "_users WHERE name = '" . $name . "' OR email = '" . $email . "'");
if ($db->num_rows() > 0) {
$stop = $lang['news_err_7'];
}
$name = strip_tags(stripslashes($_POST['name']));
}
$subject = trim(strip_tags(stripslashes(convert_unicode($_POST['subject'], $config['charset']))));
$message = trim(stripslashes(convert_unicode($_POST['message'], $config['charset'])));
$recip = intval($_POST['recip']);
if (!$user_group[$member_id['user_group']]['allow_feed']) {
$recipient = $db->super_query("SELECT name, email, fullname FROM " . USERPREFIX . "_users WHERE user_id='" . $recip . "' AND user_group = '1'");
} else {
$recipient = $db->super_query("SELECT name, email, fullname FROM " . USERPREFIX . "_users WHERE user_id='" . $recip . "' AND allow_mail = '1'");
}
if (!$recipient['fullname']) {
$recipient['fullname'] = $recipient['name'];
}
if (!$recipient['name']) {
$stop .= $lang['feed_err_8'];
}
if ($user_group[$member_id['user_group']]['max_mail_day']) {
$this_time = time() + $config['date_adjust'] * 60 - 86400;
$db->query("DELETE FROM " . PREFIX . "_sendlog WHERE date < '{$this_time}' AND flag='2'");
}
$banned_info = get_vars("banned");
if (!is_array($banned_info)) {
$banned_info = array();
$db->query("SELECT * FROM " . USERPREFIX . "_banned");
while ($row = $db->get_row()) {
if ($row['users_id']) {
$banned_info['users_id'][$row['users_id']] = array('users_id' => $row['users_id'], 'descr' => stripslashes($row['descr']), 'date' => $row['date']);
} else {
if (count(explode(".", $row['ip'])) == 4) {
$banned_info['ip'][$row['ip']] = array('ip' => $row['ip'], 'descr' => stripslashes($row['descr']), 'date' => $row['date']);
} elseif (strpos($row['ip'], "@") !== false) {
$banned_info['email'][$row['ip']] = array('email' => $row['ip'], 'descr' => stripslashes($row['descr']), 'date' => $row['date']);
} else {
$banned_info['name'][$row['ip']] = array('name' => $row['ip'], 'descr' => stripslashes($row['descr']), 'date' => $row['date']);
}
}
}
set_vars("banned", $banned_info);
$db->free();
}
$name = $db->safesql(trim(htmlspecialchars($parse->process(convert_unicode($_POST['name'], $config['charset'])), ENT_QUOTES, $config['charset'])));
$name = preg_replace('#\\s+#i', ' ', $name);
$allow = check_name($name);
if (!$allow) {
$buffer = "<font color=\"green\">" . $lang['reg_ok_ajax'] . "</font>";
} else {
$buffer = "<font color=\"red\">" . $allow . "</font>";
}
@header("Content-type: text/html; charset=" . $config['charset']);
echo $buffer;
$file_path = dirname(clear_url_dir($url['path']));
$file_name = pathinfo($url['path']);
$file_name = totranslit($file_name['basename'], false, true);
$type = explode(".", $file_name);
$type = totranslit(end($type));
if (!in_array($type, $allowed_extensions)) {
die("error");
}
if (!file_exists($root . $file_path . "/" . $file_name)) {
die("error");
}
if (!is_writable($root . $file_path . "/" . $file_name)) {
echo " <font color=\"red\">" . $lang['template_edit_fail'] . "</font>";
die;
}
$_POST['content'] = convert_unicode($_POST['content'], $config['charset']);
if (function_exists("get_magic_quotes_gpc") && get_magic_quotes_gpc()) {
$_POST['content'] = stripslashes($_POST['content']);
}
$db->query("INSERT INTO " . USERPREFIX . "_admin_logs (name, date, ip, action, extras) values ('" . $db->safesql($member_id['name']) . "', '{$_TIME}', '{$_IP}', '70', '{$file_path}/{$file_name}')");
$handle = fopen($root . $file_path . "/" . $file_name, "w");
fwrite($handle, $_POST['content']);
fclose($handle);
clear_cache();
echo "ok";
die;
} elseif ($_POST['action'] == "load") {
if ($_REQUEST['user_hash'] == "" or $_REQUEST['user_hash'] != $dle_login_hash) {
die("error");
}
$_POST['file'] = trim(str_replace("..", "", urldecode($_POST['file'])));
$class = 'tejs';
}
$check_file = count(explode('.', $file)) - 1;
if ($check_file) {
$tpls .= '<div class="' . $class . '" onClick="temp.loadTpl(\'' . $template . '\', \'' . $folder . '/' . $file . '\'); return false">' . $file . '</div>';
}
}
}
}
echo $tpls;
die;
break;
//################### Сохранение файла ###################//
//################### Сохранение файла ###################//
case "save":
$content = convert_unicode($_POST['content']);
if (function_exists("get_magic_quotes_gpc") && get_magic_quotes_gpc()) {
$content = stripslashes($content);
}
$folder = strip_data($_POST['folder']);
$file_include = $_POST['tpl'];
$file_include = str_replace(array('..', '...', '/../', '//', './', '\\..', '\\.'), '', $file_include);
$temp_dir = ROOT_DIR . '/templates/' . $folder;
$file_open = $temp_dir . '/' . $file_include;
$format_file = strtolower(end(explode('.', $file_open)));
if (is_writable($file_open) && in_array($format_file, $allowed_extensions) && file_exists($file_open)) {
$file = fopen($file_open, "r+");
file_put_contents($file_open, '');
fputs($file, $content);
fclose($file);
echo 'Файл шаблона был успешно сохранён!';
<script type="text/javascript">
<!--
onCategoryChange(\$('#category'));
// -->
</script>
HTML;
}
break;
case "init":
$postedxfields = $_POST['xfield'];
$newpostedxfields = array();
$filecontents = array();
if ($ajax_edit == "yes") {
foreach ($_POST['xfield'] as $key => $val) {
$postedxfields[$key] = convert_unicode($val, $config['charset']);
}
}
foreach ($category as $cats_explode) {
foreach ($xfields as $name => $value) {
if ($value[2] != "" and !in_array($cats_explode, explode(",", $value[2]))) {
continue;
}
if ($value[5] == 0 and $postedxfields[$value[0]] == "" and $value[3] != "select") {
if ($add_module == "yes") {
$stop .= $lang['xfield_xerr1'];
} else {
msg("error", "error", $lang['xfield_xerr1'], "javascript:history.go(-1)");
}
}
if ($value[3] == "select") {
require_once ENGINE_DIR . '/modules/sitelogin.php';
}
if (!$is_logged) {
$member_id['user_group'] = 5;
}
if (check_ip($banned_info['ip'])) {
die("error");
}
$tpl = new dle_template();
$tpl->dir = ROOT_DIR . '/templates/' . $_REQUEST['skin'];
define('TEMPLATE_DIR', $tpl->dir);
$ajax_adds = true;
$_POST['name'] = convert_unicode($_POST['name'], $config['charset']);
$_POST['mail'] = convert_unicode($_POST['mail'], $config['charset']);
$_POST['comments'] = convert_unicode($_POST['comments'], $config['charset']);
$_POST['question_answer'] = convert_unicode($_POST['question_answer'], $config['charset']);
require_once ENGINE_DIR . '/modules/addcomments.php';
if ($CN_HALT != TRUE) {
include_once ENGINE_DIR . '/classes/comments.class.php';
$comments = new DLE_Comments($db, 1, 1);
$comments->query = "SELECT " . PREFIX . "_comments.id, post_id, " . PREFIX . "_comments.user_id, date, autor as gast_name, " . PREFIX . "_comments.email as gast_email, text, ip, is_register, name, " . USERPREFIX . "_users.email, news_num, comm_num, user_group, lastdate, reg_date, signature, foto, fullname, land, icq, xfields FROM " . PREFIX . "_comments LEFT JOIN " . USERPREFIX . "_users ON " . PREFIX . "_comments.user_id=" . USERPREFIX . "_users.user_id WHERE " . PREFIX . "_comments.post_id = '{$post_id}' order by id DESC";
$comments->build_comments('comments.tpl', 'ajax');
}
if ($_POST['editor_mode'] == "wysiwyg") {
$clear_value = "oUtil.obj.focus();oUtil.obj.loadHTML('');";
} else {
$clear_value = "form.comments.value = '';";
}
if ($user_group[$member_id['user_group']]['comments_question']) {
$qs = $db->super_query("SELECT id, question FROM " . PREFIX . "_question ORDER BY RAND() LIMIT 1");
$qs['question'] = htmlspecialchars(stripslashes($qs['question']), ENT_QUOTES);
@ini_set('error_reporting', E_ALL ^ E_WARNING ^ E_NOTICE);
define('DATALIFEENGINE', true);
define('ROOT_DIR', substr(dirname(__FILE__), 0, -12));
define('ENGINE_DIR', ROOT_DIR . '/engine');
include ENGINE_DIR . '/data/config.php';
date_default_timezone_set($config['date_adjust']);
if ($config['http_home_url'] == "") {
$config['http_home_url'] = explode("engine/ajax/find_tags.php", $_SERVER['PHP_SELF']);
$config['http_home_url'] = reset($config['http_home_url']);
$config['http_home_url'] = "http://" . $_SERVER['HTTP_HOST'] . $config['http_home_url'];
}
require_once ENGINE_DIR . '/classes/mysql.php';
require_once ENGINE_DIR . '/data/dbconfig.php';
require_once ENGINE_DIR . '/modules/functions.php';
dle_session();
$term = convert_unicode($_GET['term'], $config['charset']);
if (preg_match("/[\\||\\<|\\>|\"|\\!|\\?|\$|\\@|\\/|\\\\|\\&\\~\\*\\+]/", $term)) {
$term = "";
} else {
$term = $db->safesql(htmlspecialchars(strip_tags(stripslashes(trim($term))), ENT_QUOTES, $config['charset']));
}
if ($term == "") {
die("[]");
}
$buffer = "[]";
$tags = array();
$db->query("SELECT tag, COUNT(*) AS count FROM " . PREFIX . "_tags WHERE `tag` like '{$term}%' GROUP BY tag ORDER by count DESC LIMIT 15");
while ($row = $db->get_row()) {
$tags[] = $row['tag'];
}
if (count($tags)) {
return '';
}
$name = convert_unicode($_REQUEST['q'], $config['charset']);
$name = addcslashes($dbase->EscapeString($name), '_%');
$resourse = $dbase->DirectQuery('SELECT name FROM ' . USERPREFIX . "_users WHERE name LIKE '{$name}%'");
while ($row = $dbase->FetchArray($resourse)) {
echo $row['name'] . "\n";
}
exit;
break;
case "specialty":
header('Content-Type: text/html; charset="' . $config['charset'] . '"');
if (empty($_REQUEST['term'])) {
return '';
}
$name = convert_unicode($_REQUEST['term'], $config['charset']);
$sphere = empty($_REQUEST['sphere']) ? 0 : intval($_REQUEST['sphere']);
$name = addcslashes($dbase->EscapeString($name), '_%');
$dbase->SetWhere('name', $name, 'LIKE', 'job_specialties');
if ($sphere) {
$dbase->SetWhere('sphere_id', $sphere, '=', 'job_specialties');
}
$resourse = $dbase->Select('job_specialties', array('name'));
$return = array();
while ($row = $dbase->FetchArray($resourse)) {
$return[] = mb_convert_encoding($row['name'], "UTF-8", 'windows-1251');
// $return[] = convert_unicode($row['name'], "utf-8");
// echo $row['name'] . "\n";
}
print json_encode($return);
exit;
$db->query("INSERT INTO " . PREFIX . "_tags (news_id, tag) VALUES " . $tagcloud);
}
}
$db->query("DELETE FROM " . PREFIX . "_tags WHERE tag = '{$_GET['name']}'");
$db->query("INSERT INTO " . USERPREFIX . "_admin_logs (name, date, ip, action, extras) values ('" . $db->safesql($member_id['name']) . "', '{$_TIME}', '{$_IP}', '61', '{$_GET['name']}')");
}
clear_cache();
header("Location: ?mod=tagscloud&start_from={$start_from}");
die;
}
if ($_GET['action'] == "edit") {
if ($_REQUEST['user_hash'] == "" or $_REQUEST['user_hash'] != $dle_login_hash) {
die("Hacking attempt! User not found");
}
$_GET['oldname'] = convert_unicode(urldecode($_GET['oldname']), $config['charset']);
$_GET['newname'] = convert_unicode(urldecode($_GET['newname']), $config['charset']);
if (@preg_match("/[\\||\\'|\\<|\\>|\"|\\!|\\?|\$|\\@|\\/|\\\\|\\&\\~\\*\\+]/", $_GET['oldname'])) {
$_GET['oldname'] = "";
} else {
$_GET['oldname'] = @$db->safesql(htmlspecialchars(strip_tags(stripslashes(trim($_GET['oldname']))), ENT_QUOTES));
}
if (@preg_match("/[\\||\\'|\\<|\\>|\"|\\!|\\?|\$|\\@|\\/|\\\\|\\&\\~\\*\\+]/", $_GET['newname'])) {
$_GET['newname'] = "";
} else {
$_GET['newname'] = @$db->safesql(htmlspecialchars(strip_tags(stripslashes(trim($_GET['newname']))), ENT_QUOTES));
}
$_GET['newname'] = str_replace(",", " ", $_GET['newname']);
if (!$_GET['oldname'] or !$_GET['newname']) {
header("Location: ?mod=tagscloud");
die;
}
@ini_set('display_errors', true);
@ini_set('html_errors', false);
@ini_set('error_reporting', E_ALL ^ E_WARNING ^ E_NOTICE);
define('DATALIFEENGINE', true);
define('ROOT_DIR', substr(dirname(__FILE__), 0, -12));
define('ENGINE_DIR', ROOT_DIR . '/engine');
include ENGINE_DIR . '/data/config.php';
if ($config['http_home_url'] == "") {
$config['http_home_url'] = explode("engine/ajax/keywords.php", $_SERVER['PHP_SELF']);
$config['http_home_url'] = reset($config['http_home_url']);
$config['http_home_url'] = "http://" . $_SERVER['HTTP_HOST'] . $config['http_home_url'];
}
require_once ENGINE_DIR . '/classes/mysql.php';
require_once ENGINE_DIR . '/data/dbconfig.php';
require_once ROOT_DIR . '/language/' . $config['langs'] . '/adminpanel.lng';
require_once ENGINE_DIR . '/inc/include/functions.inc.php';
require_once ENGINE_DIR . '/classes/parse.class.php';
dle_session();
$config['charset'] = $lang['charset'] != '' ? $lang['charset'] : $config['charset'];
@header("Content-type: text/html; charset=" . $config['charset']);
$parse = new ParseFilter();
$full_story = $parse->BB_Parse($parse->process(convert_unicode($_REQUEST['full_txt'], $config['charset'])), false);
$short_story = $parse->BB_Parse($parse->process(convert_unicode($_REQUEST['short_txt'], $config['charset'])), false);
$metatags = create_metatags($short_story . $full_story);
$metatags['description'] = trim($metatags['description']);
$metatags['keywords'] = trim($metatags['keywords']);
if ($_REQUEST['key'] == 1) {
echo stripslashes($metatags['description']);
} else {
echo stripslashes($metatags['keywords']);
}
// Определение категорий и их параметры
//####################################################################################################################
$cat_info = get_vars("category");
if (!is_array($cat_info)) {
$cat_info = array();
$db->query("SELECT * FROM " . PREFIX . "_category ORDER BY posi ASC");
while ($row = $db->get_row()) {
$cat_info[$row['id']] = array();
foreach ($row as $key => $value) {
$cat_info[$row['id']][$key] = stripslashes($value);
}
}
set_vars("category", $cat_info);
$db->free();
}
$query = $db->safesql(htmlspecialchars(trim(strip_tags(convert_unicode($_POST['query'], $config['charset']))), ENT_QUOTES, $config['charset']));
if ($query == "") {
die;
}
$buffer = "";
$_TIME = time() + $config['date_adjust'] * 60;
$this_date = date("Y-m-d H:i:s", $_TIME);
if ($config['no_date'] and !$config['news_future']) {
$this_date = " AND " . PREFIX . "_post.date < '" . $this_date . "'";
} else {
$this_date = "";
}
$db->query("SELECT id, short_story, title, date, alt_name, category FROM " . PREFIX . "_post WHERE " . PREFIX . "_post.approve=1" . $this_date . " AND (short_story LIKE '%{$query}%' OR full_story LIKE '%{$query}%' OR xfields LIKE '%{$query}%' OR title LIKE '%{$query}%') ORDER by date DESC LIMIT 5");
while ($row = $db->get_row()) {
$row['date'] = strtotime($row['date']);
$row['category'] = intval($row['category']);
}
set_vars("usergroup", $user_group);
$db->free();
}
if (!$is_logged) {
die("error");
}
if (!$user_group[$member_id['user_group']]['allow_all_edit']) {
die("error");
}
$parse = new ParseFilter();
$parse->safe_mode = true;
$parse->allow_url = $user_group[$member_id['user_group']]['allow_url'];
$parse->allow_image = $user_group[$member_id['user_group']]['allow_image'];
$id = intval($_POST['id']);
$text = convert_unicode($_POST['text'], $config['charset']);
if (!$id or !$text) {
die("error");
}
$row = $db->super_query("SELECT id, title, autor FROM " . PREFIX . "_post WHERE id='{$id}'");
if (!$row['id']) {
die("error");
}
$title = stripslashes($row['title']);
$row['autor'] = $db->safesql($row['autor']);
$row = $db->super_query("SELECT email, name, user_id FROM " . USERPREFIX . "_users WHERE name = '{$row['autor']}'");
if (!$row['user_id']) {
die("User not found");
}
if ($_POST['allowdelete'] == "no") {
$lang['message_pm'] = $lang['message_pm_4'];
@unlink(ENGINE_DIR . '/cache/system/' . $file);
}
}
clear_cache();
$buffer = $lang['clear_cache'];
}
if ($_REQUEST['action'] == "clearsubscribe") {
if ($member_id['user_group'] != 1) {
die("error");
}
$db->query("TRUNCATE TABLE " . PREFIX . "_subscribe");
$buffer = $lang['clear_subscribe'];
}
if ($_REQUEST['action'] == "sendnotice") {
$row = $db->super_query("SELECT id FROM " . PREFIX . "_notice WHERE user_id = '{$member_id['user_id']}'");
$notice = convert_unicode($_POST['notice'], $config['charset']);
if (function_exists("get_magic_quotes_gpc") && get_magic_quotes_gpc()) {
$notice = stripslashes($notice);
}
$notice = $db->safesql($notice);
if ($row['id']) {
$db->query("UPDATE " . PREFIX . "_notice SET notice='{$notice}' WHERE user_id = '{$member_id['user_id']}'");
} else {
$db->query("INSERT INTO " . PREFIX . "_notice (user_id, notice) values ('{$member_id['user_id']}', '{$notice}')");
}
$buffer = "<font color=\"green\">" . $lang['saved'] . "</font>";
}
if ($_REQUEST['action'] == "deletemodules") {
if ($member_id['user_group'] != 1) {
die("error");
}
