if (!$tag) { msg("error", $lang['index_denied'], $lang['links_err'], "?mod=links"); } $db->query("INSERT INTO " . USERPREFIX . "_admin_logs (name, date, ip, action, extras) values ('" . $db->safesql($member_id['name']) . "', '{$_TIME}', '{$_IP}', '93', '{$tag}')"); $db->query("INSERT INTO " . PREFIX . "_links (word, link, only_one) values ('{$tag}', '{$url}', '{$onlyone}')"); @unlink(ENGINE_DIR . '/cache/system/links.php'); clear_cache(); header("Location: ?mod=links"); die; } if ($_GET['action'] == "edit") { if ($_REQUEST['user_hash'] == "" or $_REQUEST['user_hash'] != $dle_login_hash) { die("Hacking attempt! User not found"); } $tag = convert_unicode(urldecode($_GET['tag']), $config['charset']); $url = convert_unicode(urldecode($_GET['url']), $config['charset']); $onlyone = intval($_GET['onlyone']); $tag = @$db->safesql(htmlspecialchars(strip_tags(stripslashes(trim($tag))), ENT_COMPAT, $config['charset'])); $url = @$db->safesql(htmlspecialchars(strip_tags(stripslashes(trim($url))), ENT_QUOTES, $config['charset'])); $url = str_ireplace("document.cookie", "document.cookie", $url); $url = preg_replace("/javascript:/i", "javascript:", $url); $url = preg_replace("/data:/i", "data:", $url); $id = intval($_GET['id']); if (!$tag) { msg("error", $lang['index_denied'], $lang['links_err'], "?mod=links&start_from={$start_from}"); } $db->query("INSERT INTO " . USERPREFIX . "_admin_logs (name, date, ip, action, extras) values ('" . $db->safesql($member_id['name']) . "', '{$_TIME}', '{$_IP}', '94', '{$tag}')"); $db->query("UPDATE " . PREFIX . "_links SET word='{$tag}', link='{$url}', only_one='{$onlyone}' WHERE id='{$id}'"); @unlink(ENGINE_DIR . '/cache/system/links.php'); clear_cache(); header("Location: ?mod=links&start_from={$start_from}");
// Instead of week number show the date for the first day in the week // on the week scale $graph->scale->week->SetStyle(WEEKSTYLE_FIRSTDAY); // Make the week scale font smaller than the default if (isset($gantt_title_font_family)) { $graph->scale->week->SetFont(constant($gantt_title_font_family), FS_NORMAL, 9); $graph->scale->month->SetFont(constant($gantt_title_font_family), FS_NORMAL, 9); } // Use the short name of the month together with a 2 digit year // on the month scale $graph->scale->month->SetStyle(MONTHSTYLE_SHORTNAMEYEAR2); $rows = count($pt_arr); for ($i = 0; $i < $rows; $i++) { // Format the bar for the first activity // ($row,$title,$startdate,$enddate) $activity[$i] = new GanttBar($i, convert_unicode($pt_arr[$i]->getSummary()), date('Y-m-d', $pt_arr[$i]->getStartDate()), date('Y-m-d', $pt_arr[$i]->getEndDate() - 86400)); // Yellow diagonal line pattern on a red background $activity[$i]->SetPattern(BAND_RDIAG, "yellow"); $activity[$i]->SetFillColor("red"); $activity[$i]->progress->Set($pt_arr[$i]->getPercentComplete() ? $pt_arr[$i]->getPercentComplete() / 100 : 0); $activity[$i]->progress->SetPattern(BAND_RDIAG, "blue"); if (isset($gantt_task_font_family)) { $activity[$i]->title->SetFont(constant($gantt_task_font_family), constant($gantt_task_font_style), $gantt_task_font_size); } // Finally add the bar to the graph $graph->Add($activity[$i]); } //echo $rows; $todayline = new GanttVLine(date('Y-m-d', time()), "Today"); $todayline->SetDayOffset(0.5); $graph->Add($todayline);
$newpostedxfields = array(); $filecontents = array(); foreach ($category as $cats_explode) { foreach ($xfields as $name => $value) { if ($value[2] != "" and !in_array($cats_explode, explode(",", $value[2]))) { continue; } if ($value[5] == 0 and $postedxfields[$value[0]] == "") { if ($add_module == "yes") { $stop .= $lang['xfield_xerr1']; } else { msg("error", "error", "{$lang['xfield_xerr1']}<br /><a href=\"javascript:history.go(-1)\">{$lang['func_msg']}</a>"); } } if ($ajax_edit == "yes") { $postedxfields[$value[0]] = convert_unicode($postedxfields[$value[0]], $config['charset']); } if ($value[3] == "select") { $options = explode("\r\n", $value[4]); $postedxfields[$value[0]] = $options[$_POST['xfield'][$value[0]]]; } if (($value[3] == "text" or $value[3] == "select") and $postedxfields[$value[0]] != "") { $newpostedxfields[$value[0]] = trim(htmlspecialchars(strip_tags(stripslashes($postedxfields[$value[0]])), ENT_QUOTES)); } elseif ($postedxfields[$value[0]] != "") { if ($add_module == "yes") { if ($config['allow_site_wysiwyg'] == "yes" or $allow_br != '1') { $newpostedxfields[$value[0]] = $parse->BB_Parse($parse->process($postedxfields[$value[0]])); } else { $newpostedxfields[$value[0]] = $parse->BB_Parse($parse->process($postedxfields[$value[0]]), false); } } else {
die("error"); } if ($config['allow_comments_wysiwyg']) { $parse->wysiwyg = true; $use_html = true; $parse->ParseFilter(array('div', 'span', 'p', 'br', 'strong', 'em', 'ul', 'li', 'ol', 'b', 'u', 'i', 's'), array(), 0, 1); if ($user_group[$member_id['user_group']]['allow_url']) { $parse->tagsArray[] = 'a'; } if ($user_group[$member_id['user_group']]['allow_image']) { $parse->tagsArray[] = 'img'; } } else { $use_html = false; } $comm_txt = trim($parse->BB_Parse($parse->process(convert_unicode($_POST['comm_txt'], $config['charset'])), $use_html)); if ($parse->not_allowed_tags) { die("error"); } if ($parse->not_allowed_text) { die("error"); } if (dle_strlen($comm_txt, $config['charset']) > $config['comments_maxlen']) { die("error"); } if ($comm_txt == "") { die("error"); } if (intval($config['comments_minlen']) and dle_strlen($comm_txt, $config['charset']) < $config['comments_minlen']) { die("error"); }
} //################# Определение групп пользователей $user_group = get_vars("usergroup"); if (!$user_group) { $user_group = array(); $db->query("SELECT * FROM " . USERPREFIX . "_usergroups ORDER BY id ASC"); while ($row = $db->get_row()) { $user_group[$row['id']] = array(); foreach ($row as $key => $value) { $user_group[$row['id']][$key] = stripslashes($value); } } set_vars("usergroup", $user_group); $db->free(); } $txt = trim(convert_unicode($_POST['txt'], $config['charset'])); if (function_exists("get_magic_quotes_gpc") && get_magic_quotes_gpc()) { $txt = stripslashes($txt); } require_once ENGINE_DIR . '/classes/typograf.class.php'; if ($config['charset'] == "windows-1251") { $typo = new typographus(); } else { $typo = new typographus($config['charset']); } $txt = $typo->process($txt); $find = array('/data:/i', '/about:/i', '/vbscript:/i', '/onclick/i', '/onload/i', '/onunload/i', '/onabort/i', '/onerror/i', '/onblur/i', '/onchange/i', '/onfocus/i', '/onreset/i', '/onsubmit/i', '/ondblclick/i', '/onkeydown/i', '/onkeypress/i', '/onkeyup/i', '/onmousedown/i', '/onmouseup/i', '/onmouseover/i', '/onmouseout/i', '/onselect/i', '/javascript/i', '/onmouseenter/i', '/onwheel/i', '/onshow/i'); $replace = array("data:", "about:", "vbscript<b></b>:", "onclick", "onload", "onunload", "onabort", "onerror", "onblur", "onchange", "onfocus", "onreset", "onsubmit", "ondblclick", "onkeydown", "onkeypress", "onkeyup", "onmousedown", "onmouseup", "onmouseover", "onmouseout", "onselect", "javascript", 'onmouseenter', 'onwheel', 'onshow'); $txt = preg_replace($find, $replace, $txt); $txt = preg_replace("#<iframe#i", "<iframe", $txt); $txt = preg_replace("#<script#i", "<script", $txt);
@unlink(ENGINE_DIR . '/cache/system/' . $file); } } clear_cache(); $buffer = "<font color=\"green\">" . $lang['clear_cache'] . "</font>"; } if ($_REQUEST['action'] == "clearsubscribe") { if ($member_id['user_group'] != 1) { die("error"); } $db->query("TRUNCATE TABLE " . PREFIX . "_subscribe"); $buffer = "<font color=\"green\">" . $lang['clear_subscribe'] . "</font>"; } if ($_REQUEST['action'] == "sendnotice") { $row = $db->super_query("SELECT id FROM " . PREFIX . "_notice WHERE user_id = '{$member_id['user_id']}'"); $notice = $db->safesql(convert_unicode($_POST['notice'], $config['charset'])); if ($row['id']) { $db->query("UPDATE " . PREFIX . "_notice SET notice='{$notice}' WHERE user_id = '{$member_id['user_id']}'"); } else { $db->query("INSERT INTO " . PREFIX . "_notice (user_id, notice) values ('{$member_id['user_id']}', '{$notice}')"); } $buffer = "<font color=\"green\">" . $lang['saved'] . "</font>"; } if ($_REQUEST['action'] == "deletemodules") { if ($member_id['user_group'] != 1) { die("error"); } $id = intval($_REQUEST['id']); if ($id) { $db->query("DELETE FROM " . PREFIX . "_admin_sections WHERE id = '{$id}'"); $buffer = 'ok';
$_POST['news_txt'] = strip_tags($_POST['news_txt']); $_POST['full_txt'] = strip_tags($_POST['full_txt']); } $news_txt = $db->safesql($parse->BB_Parse($parse->process($_POST['news_txt']), $use_html)); $full_txt = $db->safesql($parse->BB_Parse($parse->process($_POST['full_txt']), $use_html)); if ($config['safe_xfield']) { $parse->ParseFilter(); $parse->safe_mode = true; } $add_module = "yes"; $ajax_edit = "yes"; $stop = ""; $category = $cat_list; $xfieldsaction = "init"; include ENGINE_DIR . '/inc/xfields.php'; $editreason = $db->safesql(htmlspecialchars(strip_tags(stripslashes(trim(convert_unicode($_POST['reason'], $config['charset'])))), ENT_QUOTES)); if ($editreason != "") { $view_edit = 1; } else { $view_edit = 0; } $added_time = time() + $config['date_adjust'] * 60; if (!trim($_POST['title'])) { die($lang['add_err_7']); } if ($parse->not_allowed_text) { die($lang['news_err_39']); } $db->query("UPDATE " . PREFIX . "_post SET title='{$_POST['title']}', short_story='{$news_txt}', full_story='{$full_txt}', xfields='{$filecontents}', approve='{$approve}', allow_br='{$allow_br}' WHERE id = '{$id}'"); $db->query("UPDATE " . PREFIX . "_post_extras SET editdate='{$added_time}', editor='{$member_id['name']}', reason='{$editreason}', view_edit='{$view_edit}' WHERE news_id = '{$id}'"); if ($user_group[$member_id['user_group']]['allow_admin']) {
// Определение категорий и их параметры //#################################################################################################################### $cat_info = get_vars("category"); if (!is_array($cat_info)) { $cat_info = array(); $db->query("SELECT * FROM " . PREFIX . "_category ORDER BY posi ASC"); while ($row = $db->get_row()) { $cat_info[$row['id']] = array(); foreach ($row as $key => $value) { $cat_info[$row['id']][$key] = stripslashes($value); } } set_vars("category", $cat_info); $db->free(); } $title = $db->safesql(trim(convert_unicode($_POST['title'], $config['charset']))); if ($title == "") { die; } $buffer = ""; $id = intval($_POST['id']); if ($id) { $where = " AND id != '" . $id . "'"; } else { $where = ""; } $db->query("SELECT id, title, date, category, alt_name, MATCH (title, short_story, full_story, xfields) AGAINST ('{$title}') as score FROM " . PREFIX . "_post WHERE MATCH (title, short_story, full_story, xfields) AGAINST ('{$title}') AND approve='1'" . $where . " ORDER BY score DESC, date DESC LIMIT 5"); while ($related = $db->get_row()) { $related['date'] = strtotime($related['date']); $related['category'] = intval($related['category']); $news_date = date('d-m-Y', $related['date']);
$empfanger = array(); $temp = explode(",", $_POST['empfanger']); foreach ($temp as $value) { $empfanger[] = intval($value); } $empfanger = implode("','", $empfanger); $empfanger = "user_group IN ('" . $empfanger . "')"; } else { $empfanger = false; } $type = $_POST['type']; $a_mail = intval($_POST['a_mail']); $limit = intval($_POST['limit']); $step = 0; $title = convert_unicode($_POST['title'], $config['charset']); $message = convert_unicode($_POST['message'], $config['charset']); $find = array('/data:/i', '/about:/i', '/vbscript:/i', '/onclick/i', '/onload/i', '/onunload/i', '/onabort/i', '/onerror/i', '/onblur/i', '/onchange/i', '/onfocus/i', '/onreset/i', '/onsubmit/i', '/ondblclick/i', '/onkeydown/i', '/onkeypress/i', '/onkeyup/i', '/onmousedown/i', '/onmouseup/i', '/onmouseover/i', '/onmouseout/i', '/onselect/i', '/javascript/i', '/onmouseenter/i', '/onwheel/i', '/onshow/i'); $replace = array("data:", "about:", "vbscript<b></b>:", "onclick", "onload", "onunload", "onabort", "onerror", "onblur", "onchange", "onfocus", "onreset", "onsubmit", "ondblclick", "onkeydown", "onkeypress", "onkeyup", "onmousedown", "onmouseup", "onmouseover", "onmouseout", "onselect", "javascript", 'onmouseenter', 'onwheel', 'onshow'); $message = preg_replace($find, $replace, $message); $message = preg_replace("#<iframe#i", "<iframe", $message); $message = preg_replace("#<script#i", "<script", $message); $message = str_replace("<?", "<?", $message); $message = str_replace("?>", "?>", $message); $title = preg_replace($find, $replace, $title); $title = preg_replace("#<iframe#i", "<iframe", $title); $title = preg_replace("#<script#i", "<script", $title); $title = str_replace("<", "<", $title); $title = str_replace(">", ">", $title); if (!$title or !$message or !$limit) { die("error"); }
if (defined('ALLOW_users_search') && ALLOW_users_search == true) { require_once ENGINE_DIR . '/modules/users/search.php'; } else { stop(); } break; case 'searchstudent': $thispage .= ": Поиск"; if (defined('ALLOW_users_search') && ALLOW_students_search == true) { require_once ENGINE_DIR . '/modules/users/search.student.form.php'; } else { stop(); } break; case 'searchstudentpost': $thispage .= ": Поиск " . convert_unicode($_POST['data']); if (defined('ALLOW_users_search') && ALLOW_students_search == true) { require_once ENGINE_DIR . '/modules/users/search.student.php'; } else { stop(); } break; case 'students': if (defined('ALLOW_students_search') && ALLOW_students_list == true) { require_once ENGINE_DIR . '/modules/users/list_students.php'; } else { stop(); } break; case 'searchcosmos': if (defined('ALLOW_cosmos_search') && ALLOW_cosmos_search == true) {
function my_unescape($ar) { if (is_array($ar)) { foreach ($ar as $i => $v) { $ar[$i] = my_unescape($v); } } else { $ar = convert_unicode($ar); } return $ar; }
//$graph->SetScale( "linlog"); //$graph ->SetYScale("log"); if ($area == 'tracker') { // Create the tracker open plot $ydata =& $report->getTrackerOpened(); $lineplot = new LinePlot($ydata); $lineplot->SetColor("black"); $graph->Add($lineplot); // Create the tracker close plot $ydata2 =& $report->getTrackerClosed(); $lineplot2 = new LinePlot($ydata2); $lineplot2->SetColor("blue"); $graph->Add($lineplot2); // Legends $lineplot->SetLegend(convert_unicode(_('Tracker Items Opened'))); $lineplot2->SetLegend(convert_unicode(_('Tracker Items Closed'))); } elseif ($area == 'forum') { // Create the forum plot $ydata3 =& $report->getForum(); $lineplot3 = new LinePlot($ydata3); $lineplot3->SetColor("orange"); $graph->Add($lineplot3); // Legends $lineplot3->SetLegend("Forum"); } elseif ($area == 'docman') { // Create the Docman plot $ydata4 =& $report->getDocs(); $lineplot4 = new LinePlot($ydata4); $lineplot4->SetColor("red"); $graph->Add($lineplot4); // Legends
return; } $db->super_query("CREATE TABLE IF NOT EXISTS `" . USERPREFIX . "_ulogin` (\n `id` int(10) unsigned NOT NULL AUTO_INCREMENT,\n `user_id` int(10) unsigned NOT NULL,\n `ident` char(255) NOT NULL,\n `email` char(255) DEFAULT NULL,\n `seed` int(10) unsigned NOT NULL,\n PRIMARY KEY (`id`)\n ) ENGINE=MyISAM;"); $ulogin_id = $db->super_query("SELECT user_id,seed FROM " . USERPREFIX . "_ulogin where ident='" . $db->safesql($user['identity']) . "'"); $member_id = FALSE; if ($ulogin_id) { $password = md5($user['identity'] . $ulogin_id['seed']); $member_id = $db->super_query("SELECT user_id FROM " . USERPREFIX . "_users where user_id=" . $ulogin_id['user_id']); } if ($member_id) { login_ulogin_user($member_id['user_id'], $password); } else { $fullname = $config['charset'] != 'utf-8' ? convert_unicode($user['first_name'] . ' ' . $user['last_name'], $config['charset']) : $user['first_name'] . ' ' . $user['last_name']; $fullname = $db->safesql($parse->process($fullname)); $login = isset($user['nickname']) ? $user['nickname'] : $user['first_name']; $login = $config['charset'] != 'utf-8' ? convert_unicode($login) : $login; $login = $db->safesql($parse->process(htmlspecialchars(trim($login)))); $login = preg_replace('#\\s+#i', ' ', $login); $not_allow_symbol = array("\"", "`", "\t", '\\n', '\\r', "\n", "\r", '\\', ",", "/", "¬", "#", ";", ":", "~", "[", "]", "{", "}", ")", "(", "*", "^", "%", "\$", "<", ">", "?", "!", '"', "'", " "); $email = $user['email']; $email = $db->safesql(trim(str_replace($not_allow_symbol, '', strip_tags(stripslashes($email))))); if (isset($user['photo'])) { $photo = $user['photo']; } else { $photo = ""; } $idx = 0; $email_parts = explode('@', $email); $test_login = $login; while ($reg_error = check_ulogin_register($test_login, $email)) { $idx++;
$name = $member_id['name']; $email = $member_id['email']; } else { $_POST['name'] = convert_unicode($_POST['name'], $config['charset']); $_POST['email'] = convert_unicode($_POST['email'], $config['charset']); $name = $db->safesql(strip_tags($_POST['name'])); $not_allow_symbol = array("\"", "`", "\t", '\\n', '\\r', "\n", "\r", '\\', ",", "/", "¬", "#", ";", ":", "~", "[", "]", "{", "}", ")", "(", "*", "^", "%", "\$", "<", ">", "?", "!", '"', "'"); $email = $db->safesql(trim(str_replace($not_allow_symbol, '', strip_tags(stripslashes($_POST['email']))))); $db->query("SELECT name FROM " . USERPREFIX . "_users WHERE name = '" . $name . "' OR email = '" . $email . "'"); if ($db->num_rows() > 0) { $stop = $lang['news_err_7']; } $name = strip_tags(stripslashes($_POST['name'])); } $subject = trim(strip_tags(stripslashes(convert_unicode($_POST['subject'], $config['charset'])))); $message = trim(stripslashes(convert_unicode($_POST['message'], $config['charset']))); $recip = intval($_POST['recip']); if (!$user_group[$member_id['user_group']]['allow_feed']) { $recipient = $db->super_query("SELECT name, email, fullname FROM " . USERPREFIX . "_users WHERE user_id='" . $recip . "' AND user_group = '1'"); } else { $recipient = $db->super_query("SELECT name, email, fullname FROM " . USERPREFIX . "_users WHERE user_id='" . $recip . "' AND allow_mail = '1'"); } if (!$recipient['fullname']) { $recipient['fullname'] = $recipient['name']; } if (!$recipient['name']) { $stop .= $lang['feed_err_8']; } if ($user_group[$member_id['user_group']]['max_mail_day']) { $this_time = time() + $config['date_adjust'] * 60 - 86400; $db->query("DELETE FROM " . PREFIX . "_sendlog WHERE date < '{$this_time}' AND flag='2'");
} $banned_info = get_vars("banned"); if (!is_array($banned_info)) { $banned_info = array(); $db->query("SELECT * FROM " . USERPREFIX . "_banned"); while ($row = $db->get_row()) { if ($row['users_id']) { $banned_info['users_id'][$row['users_id']] = array('users_id' => $row['users_id'], 'descr' => stripslashes($row['descr']), 'date' => $row['date']); } else { if (count(explode(".", $row['ip'])) == 4) { $banned_info['ip'][$row['ip']] = array('ip' => $row['ip'], 'descr' => stripslashes($row['descr']), 'date' => $row['date']); } elseif (strpos($row['ip'], "@") !== false) { $banned_info['email'][$row['ip']] = array('email' => $row['ip'], 'descr' => stripslashes($row['descr']), 'date' => $row['date']); } else { $banned_info['name'][$row['ip']] = array('name' => $row['ip'], 'descr' => stripslashes($row['descr']), 'date' => $row['date']); } } } set_vars("banned", $banned_info); $db->free(); } $name = $db->safesql(trim(htmlspecialchars($parse->process(convert_unicode($_POST['name'], $config['charset'])), ENT_QUOTES, $config['charset']))); $name = preg_replace('#\\s+#i', ' ', $name); $allow = check_name($name); if (!$allow) { $buffer = "<font color=\"green\">" . $lang['reg_ok_ajax'] . "</font>"; } else { $buffer = "<font color=\"red\">" . $allow . "</font>"; } @header("Content-type: text/html; charset=" . $config['charset']); echo $buffer;
$file_path = dirname(clear_url_dir($url['path'])); $file_name = pathinfo($url['path']); $file_name = totranslit($file_name['basename'], false, true); $type = explode(".", $file_name); $type = totranslit(end($type)); if (!in_array($type, $allowed_extensions)) { die("error"); } if (!file_exists($root . $file_path . "/" . $file_name)) { die("error"); } if (!is_writable($root . $file_path . "/" . $file_name)) { echo " <font color=\"red\">" . $lang['template_edit_fail'] . "</font>"; die; } $_POST['content'] = convert_unicode($_POST['content'], $config['charset']); if (function_exists("get_magic_quotes_gpc") && get_magic_quotes_gpc()) { $_POST['content'] = stripslashes($_POST['content']); } $db->query("INSERT INTO " . USERPREFIX . "_admin_logs (name, date, ip, action, extras) values ('" . $db->safesql($member_id['name']) . "', '{$_TIME}', '{$_IP}', '70', '{$file_path}/{$file_name}')"); $handle = fopen($root . $file_path . "/" . $file_name, "w"); fwrite($handle, $_POST['content']); fclose($handle); clear_cache(); echo "ok"; die; } elseif ($_POST['action'] == "load") { if ($_REQUEST['user_hash'] == "" or $_REQUEST['user_hash'] != $dle_login_hash) { die("error"); } $_POST['file'] = trim(str_replace("..", "", urldecode($_POST['file'])));
$class = 'tejs'; } $check_file = count(explode('.', $file)) - 1; if ($check_file) { $tpls .= '<div class="' . $class . '" onClick="temp.loadTpl(\'' . $template . '\', \'' . $folder . '/' . $file . '\'); return false">' . $file . '</div>'; } } } } echo $tpls; die; break; //################### Сохранение файла ###################// //################### Сохранение файла ###################// case "save": $content = convert_unicode($_POST['content']); if (function_exists("get_magic_quotes_gpc") && get_magic_quotes_gpc()) { $content = stripslashes($content); } $folder = strip_data($_POST['folder']); $file_include = $_POST['tpl']; $file_include = str_replace(array('..', '...', '/../', '//', './', '\\..', '\\.'), '', $file_include); $temp_dir = ROOT_DIR . '/templates/' . $folder; $file_open = $temp_dir . '/' . $file_include; $format_file = strtolower(end(explode('.', $file_open))); if (is_writable($file_open) && in_array($format_file, $allowed_extensions) && file_exists($file_open)) { $file = fopen($file_open, "r+"); file_put_contents($file_open, ''); fputs($file, $content); fclose($file); echo 'Файл шаблона был успешно сохранён!';
<script type="text/javascript"> <!-- onCategoryChange(\$('#category')); // --> </script> HTML; } break; case "init": $postedxfields = $_POST['xfield']; $newpostedxfields = array(); $filecontents = array(); if ($ajax_edit == "yes") { foreach ($_POST['xfield'] as $key => $val) { $postedxfields[$key] = convert_unicode($val, $config['charset']); } } foreach ($category as $cats_explode) { foreach ($xfields as $name => $value) { if ($value[2] != "" and !in_array($cats_explode, explode(",", $value[2]))) { continue; } if ($value[5] == 0 and $postedxfields[$value[0]] == "" and $value[3] != "select") { if ($add_module == "yes") { $stop .= $lang['xfield_xerr1']; } else { msg("error", "error", $lang['xfield_xerr1'], "javascript:history.go(-1)"); } } if ($value[3] == "select") {
require_once ENGINE_DIR . '/modules/sitelogin.php'; } if (!$is_logged) { $member_id['user_group'] = 5; } if (check_ip($banned_info['ip'])) { die("error"); } $tpl = new dle_template(); $tpl->dir = ROOT_DIR . '/templates/' . $_REQUEST['skin']; define('TEMPLATE_DIR', $tpl->dir); $ajax_adds = true; $_POST['name'] = convert_unicode($_POST['name'], $config['charset']); $_POST['mail'] = convert_unicode($_POST['mail'], $config['charset']); $_POST['comments'] = convert_unicode($_POST['comments'], $config['charset']); $_POST['question_answer'] = convert_unicode($_POST['question_answer'], $config['charset']); require_once ENGINE_DIR . '/modules/addcomments.php'; if ($CN_HALT != TRUE) { include_once ENGINE_DIR . '/classes/comments.class.php'; $comments = new DLE_Comments($db, 1, 1); $comments->query = "SELECT " . PREFIX . "_comments.id, post_id, " . PREFIX . "_comments.user_id, date, autor as gast_name, " . PREFIX . "_comments.email as gast_email, text, ip, is_register, name, " . USERPREFIX . "_users.email, news_num, comm_num, user_group, lastdate, reg_date, signature, foto, fullname, land, icq, xfields FROM " . PREFIX . "_comments LEFT JOIN " . USERPREFIX . "_users ON " . PREFIX . "_comments.user_id=" . USERPREFIX . "_users.user_id WHERE " . PREFIX . "_comments.post_id = '{$post_id}' order by id DESC"; $comments->build_comments('comments.tpl', 'ajax'); } if ($_POST['editor_mode'] == "wysiwyg") { $clear_value = "oUtil.obj.focus();oUtil.obj.loadHTML('');"; } else { $clear_value = "form.comments.value = '';"; } if ($user_group[$member_id['user_group']]['comments_question']) { $qs = $db->super_query("SELECT id, question FROM " . PREFIX . "_question ORDER BY RAND() LIMIT 1"); $qs['question'] = htmlspecialchars(stripslashes($qs['question']), ENT_QUOTES);
@ini_set('error_reporting', E_ALL ^ E_WARNING ^ E_NOTICE); define('DATALIFEENGINE', true); define('ROOT_DIR', substr(dirname(__FILE__), 0, -12)); define('ENGINE_DIR', ROOT_DIR . '/engine'); include ENGINE_DIR . '/data/config.php'; date_default_timezone_set($config['date_adjust']); if ($config['http_home_url'] == "") { $config['http_home_url'] = explode("engine/ajax/find_tags.php", $_SERVER['PHP_SELF']); $config['http_home_url'] = reset($config['http_home_url']); $config['http_home_url'] = "http://" . $_SERVER['HTTP_HOST'] . $config['http_home_url']; } require_once ENGINE_DIR . '/classes/mysql.php'; require_once ENGINE_DIR . '/data/dbconfig.php'; require_once ENGINE_DIR . '/modules/functions.php'; dle_session(); $term = convert_unicode($_GET['term'], $config['charset']); if (preg_match("/[\\||\\<|\\>|\"|\\!|\\?|\$|\\@|\\/|\\\\|\\&\\~\\*\\+]/", $term)) { $term = ""; } else { $term = $db->safesql(htmlspecialchars(strip_tags(stripslashes(trim($term))), ENT_QUOTES, $config['charset'])); } if ($term == "") { die("[]"); } $buffer = "[]"; $tags = array(); $db->query("SELECT tag, COUNT(*) AS count FROM " . PREFIX . "_tags WHERE `tag` like '{$term}%' GROUP BY tag ORDER by count DESC LIMIT 15"); while ($row = $db->get_row()) { $tags[] = $row['tag']; } if (count($tags)) {
return ''; } $name = convert_unicode($_REQUEST['q'], $config['charset']); $name = addcslashes($dbase->EscapeString($name), '_%'); $resourse = $dbase->DirectQuery('SELECT name FROM ' . USERPREFIX . "_users WHERE name LIKE '{$name}%'"); while ($row = $dbase->FetchArray($resourse)) { echo $row['name'] . "\n"; } exit; break; case "specialty": header('Content-Type: text/html; charset="' . $config['charset'] . '"'); if (empty($_REQUEST['term'])) { return ''; } $name = convert_unicode($_REQUEST['term'], $config['charset']); $sphere = empty($_REQUEST['sphere']) ? 0 : intval($_REQUEST['sphere']); $name = addcslashes($dbase->EscapeString($name), '_%'); $dbase->SetWhere('name', $name, 'LIKE', 'job_specialties'); if ($sphere) { $dbase->SetWhere('sphere_id', $sphere, '=', 'job_specialties'); } $resourse = $dbase->Select('job_specialties', array('name')); $return = array(); while ($row = $dbase->FetchArray($resourse)) { $return[] = mb_convert_encoding($row['name'], "UTF-8", 'windows-1251'); // $return[] = convert_unicode($row['name'], "utf-8"); // echo $row['name'] . "\n"; } print json_encode($return); exit;
$db->query("INSERT INTO " . PREFIX . "_tags (news_id, tag) VALUES " . $tagcloud); } } $db->query("DELETE FROM " . PREFIX . "_tags WHERE tag = '{$_GET['name']}'"); $db->query("INSERT INTO " . USERPREFIX . "_admin_logs (name, date, ip, action, extras) values ('" . $db->safesql($member_id['name']) . "', '{$_TIME}', '{$_IP}', '61', '{$_GET['name']}')"); } clear_cache(); header("Location: ?mod=tagscloud&start_from={$start_from}"); die; } if ($_GET['action'] == "edit") { if ($_REQUEST['user_hash'] == "" or $_REQUEST['user_hash'] != $dle_login_hash) { die("Hacking attempt! User not found"); } $_GET['oldname'] = convert_unicode(urldecode($_GET['oldname']), $config['charset']); $_GET['newname'] = convert_unicode(urldecode($_GET['newname']), $config['charset']); if (@preg_match("/[\\||\\'|\\<|\\>|\"|\\!|\\?|\$|\\@|\\/|\\\\|\\&\\~\\*\\+]/", $_GET['oldname'])) { $_GET['oldname'] = ""; } else { $_GET['oldname'] = @$db->safesql(htmlspecialchars(strip_tags(stripslashes(trim($_GET['oldname']))), ENT_QUOTES)); } if (@preg_match("/[\\||\\'|\\<|\\>|\"|\\!|\\?|\$|\\@|\\/|\\\\|\\&\\~\\*\\+]/", $_GET['newname'])) { $_GET['newname'] = ""; } else { $_GET['newname'] = @$db->safesql(htmlspecialchars(strip_tags(stripslashes(trim($_GET['newname']))), ENT_QUOTES)); } $_GET['newname'] = str_replace(",", " ", $_GET['newname']); if (!$_GET['oldname'] or !$_GET['newname']) { header("Location: ?mod=tagscloud"); die; }
@ini_set('display_errors', true); @ini_set('html_errors', false); @ini_set('error_reporting', E_ALL ^ E_WARNING ^ E_NOTICE); define('DATALIFEENGINE', true); define('ROOT_DIR', substr(dirname(__FILE__), 0, -12)); define('ENGINE_DIR', ROOT_DIR . '/engine'); include ENGINE_DIR . '/data/config.php'; if ($config['http_home_url'] == "") { $config['http_home_url'] = explode("engine/ajax/keywords.php", $_SERVER['PHP_SELF']); $config['http_home_url'] = reset($config['http_home_url']); $config['http_home_url'] = "http://" . $_SERVER['HTTP_HOST'] . $config['http_home_url']; } require_once ENGINE_DIR . '/classes/mysql.php'; require_once ENGINE_DIR . '/data/dbconfig.php'; require_once ROOT_DIR . '/language/' . $config['langs'] . '/adminpanel.lng'; require_once ENGINE_DIR . '/inc/include/functions.inc.php'; require_once ENGINE_DIR . '/classes/parse.class.php'; dle_session(); $config['charset'] = $lang['charset'] != '' ? $lang['charset'] : $config['charset']; @header("Content-type: text/html; charset=" . $config['charset']); $parse = new ParseFilter(); $full_story = $parse->BB_Parse($parse->process(convert_unicode($_REQUEST['full_txt'], $config['charset'])), false); $short_story = $parse->BB_Parse($parse->process(convert_unicode($_REQUEST['short_txt'], $config['charset'])), false); $metatags = create_metatags($short_story . $full_story); $metatags['description'] = trim($metatags['description']); $metatags['keywords'] = trim($metatags['keywords']); if ($_REQUEST['key'] == 1) { echo stripslashes($metatags['description']); } else { echo stripslashes($metatags['keywords']); }
// Определение категорий и их параметры //#################################################################################################################### $cat_info = get_vars("category"); if (!is_array($cat_info)) { $cat_info = array(); $db->query("SELECT * FROM " . PREFIX . "_category ORDER BY posi ASC"); while ($row = $db->get_row()) { $cat_info[$row['id']] = array(); foreach ($row as $key => $value) { $cat_info[$row['id']][$key] = stripslashes($value); } } set_vars("category", $cat_info); $db->free(); } $query = $db->safesql(htmlspecialchars(trim(strip_tags(convert_unicode($_POST['query'], $config['charset']))), ENT_QUOTES, $config['charset'])); if ($query == "") { die; } $buffer = ""; $_TIME = time() + $config['date_adjust'] * 60; $this_date = date("Y-m-d H:i:s", $_TIME); if ($config['no_date'] and !$config['news_future']) { $this_date = " AND " . PREFIX . "_post.date < '" . $this_date . "'"; } else { $this_date = ""; } $db->query("SELECT id, short_story, title, date, alt_name, category FROM " . PREFIX . "_post WHERE " . PREFIX . "_post.approve=1" . $this_date . " AND (short_story LIKE '%{$query}%' OR full_story LIKE '%{$query}%' OR xfields LIKE '%{$query}%' OR title LIKE '%{$query}%') ORDER by date DESC LIMIT 5"); while ($row = $db->get_row()) { $row['date'] = strtotime($row['date']); $row['category'] = intval($row['category']);
} set_vars("usergroup", $user_group); $db->free(); } if (!$is_logged) { die("error"); } if (!$user_group[$member_id['user_group']]['allow_all_edit']) { die("error"); } $parse = new ParseFilter(); $parse->safe_mode = true; $parse->allow_url = $user_group[$member_id['user_group']]['allow_url']; $parse->allow_image = $user_group[$member_id['user_group']]['allow_image']; $id = intval($_POST['id']); $text = convert_unicode($_POST['text'], $config['charset']); if (!$id or !$text) { die("error"); } $row = $db->super_query("SELECT id, title, autor FROM " . PREFIX . "_post WHERE id='{$id}'"); if (!$row['id']) { die("error"); } $title = stripslashes($row['title']); $row['autor'] = $db->safesql($row['autor']); $row = $db->super_query("SELECT email, name, user_id FROM " . USERPREFIX . "_users WHERE name = '{$row['autor']}'"); if (!$row['user_id']) { die("User not found"); } if ($_POST['allowdelete'] == "no") { $lang['message_pm'] = $lang['message_pm_4'];
@unlink(ENGINE_DIR . '/cache/system/' . $file); } } clear_cache(); $buffer = $lang['clear_cache']; } if ($_REQUEST['action'] == "clearsubscribe") { if ($member_id['user_group'] != 1) { die("error"); } $db->query("TRUNCATE TABLE " . PREFIX . "_subscribe"); $buffer = $lang['clear_subscribe']; } if ($_REQUEST['action'] == "sendnotice") { $row = $db->super_query("SELECT id FROM " . PREFIX . "_notice WHERE user_id = '{$member_id['user_id']}'"); $notice = convert_unicode($_POST['notice'], $config['charset']); if (function_exists("get_magic_quotes_gpc") && get_magic_quotes_gpc()) { $notice = stripslashes($notice); } $notice = $db->safesql($notice); if ($row['id']) { $db->query("UPDATE " . PREFIX . "_notice SET notice='{$notice}' WHERE user_id = '{$member_id['user_id']}'"); } else { $db->query("INSERT INTO " . PREFIX . "_notice (user_id, notice) values ('{$member_id['user_id']}', '{$notice}')"); } $buffer = "<font color=\"green\">" . $lang['saved'] . "</font>"; } if ($_REQUEST['action'] == "deletemodules") { if ($member_id['user_group'] != 1) { die("error"); }