function __construct($skin = '')
{
if (empty($skin)) {
$skin = get_my_skin();
}
$this->skin = $skin;
$this->cache = new Cache_Lite($GLOBALS['_cache_config']);
}
function __construct()
{
require_once _BASEPATH_ . '/skins_site/' . get_my_skin() . '/lang/photos.inc.php';
$this->_init();
if (func_num_args() == 1) {
$more_args = func_get_arg(0);
$this->config = array_merge($this->config, $more_args);
}
}
function __construct()
{
require_once _BASEPATH_ . '/skins_site/' . get_my_skin() . '/lang/plugins/widget/osignal_feed/osignal_feed.class.php';
$this->_init();
if (func_num_args() == 1) {
$more_args = func_get_arg(0);
$this->config = array_merge($this->config, $more_args);
}
}
<?php
/******************************************************************************
Etano
===============================================================================
File: processors/ipn.php
$Revision$
Software by: DateMill (http://www.datemill.com)
Copyright by: DateMill (http://www.datemill.com)
Support at: http://www.datemill.com/forum
*******************************************************************************
* See the "docs/licenses/etano.txt" file for license. *
******************************************************************************/
require '../includes/common.inc.php';
require _BASEPATH_ . '/includes/user_functions.inc.php';
require _BASEPATH_ . '/skins_site/' . get_my_skin() . '/lang/payment.inc.php';
$module_code = preg_replace('[^a-zA-Z0-9_]', '', sanitize_and_format_gpc($_REQUEST, 'p', TYPE_STRING, $__field2format[FIELD_TEXTFIELD], ''));
if (!empty($module_code)) {
if (is_file(_BASEPATH_ . '/plugins/payment/' . $module_code . '/' . $module_code . '.class.php')) {
include _BASEPATH_ . '/plugins/payment/' . $module_code . '/' . $module_code . '.class.php';
$class = 'payment_' . $module_code;
$pay = new $class();
$pay->ipn();
} else {
require _BASEPATH_ . '/includes/classes/log_error.class.php';
new log_error(array('module_name' => 'ipn', 'text' => 'Received a payment IPN for unexisting module: $_REQUEST:' . var_export($_REQUEST, true)));
}
} else {
require _BASEPATH_ . '/includes/classes/log_error.class.php';
new log_error(array('module_name' => 'ipn', 'text' => 'Received a payment IPN without module code: $_REQUEST:' . var_export($_REQUEST, true)));
}
<?php
/******************************************************************************
Etano
===============================================================================
File: processors/comment_delete.php
$Revision$
Software by: DateMill (http://www.datemill.com)
Copyright by: DateMill (http://www.datemill.com)
Support at: http://www.datemill.com/forum
*******************************************************************************
* See the "docs/licenses/etano.txt" file for license. *
******************************************************************************/
require '../includes/common.inc.php';
require _BASEPATH_ . '/includes/user_functions.inc.php';
require _BASEPATH_ . '/skins_site/' . get_my_skin() . '/lang/comments.inc.php';
check_login_member('auth');
if (is_file(_BASEPATH_ . '/events/processors/comment_delete.php')) {
include _BASEPATH_ . '/events/processors/comment_delete.php';
}
$topass = array();
$comment_id = isset($_GET['comment_id']) ? (int) $_GET['comment_id'] : 0;
if (!empty($comment_id)) {
$comment_type = isset($_GET['comment_type']) ? $_GET['comment_type'] : '';
switch ($comment_type) {
case 'blog':
$table = "{$dbtable_prefix}comments_blog";
$parent_table = "{$dbtable_prefix}blog_posts";
$parent_key = "post_id";
break;
case 'photo':
<?php
/******************************************************************************
Etano
===============================================================================
File: processors/search_delete.php
$Revision$
Software by: DateMill (http://www.datemill.com)
Copyright by: DateMill (http://www.datemill.com)
Support at: http://www.datemill.com/forum
*******************************************************************************
* See the "docs/licenses/etano.txt" file for license. *
******************************************************************************/
require '../includes/common.inc.php';
require _BASEPATH_ . '/includes/user_functions.inc.php';
require _BASEPATH_ . '/skins_site/' . get_my_skin() . '/lang/my_searches.inc.php';
check_login_member('save_searches');
$topass = array();
$search_id = isset($_GET['sid']) ? (int) $_GET['sid'] : 0;
$query = "DELETE FROM `{$dbtable_prefix}user_searches` WHERE `search_id`={$search_id} AND `fk_user_id`='" . $_SESSION[_LICENSE_KEY_]['user']['user_id'] . "'";
if (!($res = @mysql_query($query))) {
trigger_error(mysql_error(), E_USER_ERROR);
}
$topass['message']['type'] = MESSAGE_INFO;
$topass['message']['text'] = $GLOBALS['_lang'][101];
$nextpage = 'my_searches.php';
if (!empty($_GET['return'])) {
$input['return'] = sanitize_and_format_gpc($_GET, 'return', TYPE_STRING, $__field2format[FIELD_TEXTFIELD], '');
$nextpage = $input['return'];
}
$nextpage = _BASEURL_ . '/' . $nextpage;
function save_thumbnail($image, $size, $save_path, $save_name, $config = array())
{
$myreturn = false;
$size = array($size, $size);
if (empty($config['padding_type'])) {
$config['padding_type'] = PAD_1SIDE;
}
if (empty($config['quality'])) {
$config['quality'] = 90;
}
if ($imginfo = getimagesize($image)) {
$orig_size = array($imginfo[0], $imginfo[1]);
if ($orig_size[0] / $size[0] < $orig_size[1] / $size[1]) {
$relevant_length = 1;
} else {
$relevant_length = 0;
}
if ($imginfo[2] == IMAGETYPE_GIF && function_exists('imagecreatefromgif')) {
//gif
$myimg = @imagecreatefromgif($image);
} elseif ($imginfo[2] == IMAGETYPE_JPEG && function_exists('imagecreatefromjpeg')) {
//jpg
ob_start();
$myimg = @imagecreatefromjpeg($image);
ob_end_flush();
} elseif ($imginfo[2] == IMAGETYPE_PNG && function_exists('imagecreatefrompng')) {
//png
$myimg = @imagecreatefrompng($image);
}
if (!empty($myimg)) {
$new_size = array();
$mynewimg = '';
if ($orig_size[$relevant_length] > $size[$relevant_length]) {
// scale down
$new_size[$relevant_length] = $size[$relevant_length];
$new_size[1 - $relevant_length] = (int) ($orig_size[1 - $relevant_length] * ($size[$relevant_length] / $orig_size[$relevant_length]));
if ($config['padding_type'] == PAD_1SIDE || $config['padding_type'] == PAD_2SIDES) {
// $size=$size; // this is actually just PAD_1SIDE and the photo will be square
} else {
$size = $new_size;
// no padding here, photo has original proportions
}
} else {
// picture is smaller than the needed size
$new_size = $orig_size;
if ($config['padding_type'] == PAD_2SIDES) {
//pad in both directions. square and big
// $size=array($size,$size);
} elseif ($config['padding_type'] == PAD_1SIDE) {
// padding in one direction only. square but smaller
$size = $orig_size[$relevant_length];
$size = array($size, $size);
} else {
// no padding. original proportions
$size = $orig_size;
}
}
$mynewimg = @imagecreatetruecolor($size[0], $size[1]);
imagefilledrectangle($mynewimg, 0, 0, $size[0], $size[1], 0xffffff);
$x = (int) (($size[0] - $new_size[0]) / 2);
$y = (int) (($size[1] - $new_size[1]) / 2);
if (defined('BICUBIC_RESAMPLE')) {
imagecopyresamplebicubic($mynewimg, $myimg, $x, $y, 0, 0, $new_size[0], $new_size[1], $orig_size[0], $orig_size[1]);
} else {
fastimagecopyresampled($mynewimg, $myimg, $x, $y, 0, 0, $new_size[0], $new_size[1], $orig_size[0], $orig_size[1]);
}
if (!empty($config['watermark_text']) && function_exists('imagettftext')) {
$config['watermark_text_color'] = str_pad($config['watermark_text_color'], 6, '0', STR_PAD_RIGHT);
$text_color = imagecolorallocate($mynewimg, hexdec(substr($config['watermark_text_color'], 0, 2)), hexdec(substr($config['watermark_text_color'], 2, 2)), hexdec(substr($config['watermark_text_color'], 4, 2)));
$text_color2 = imagecolorallocate($mynewimg, 255 - hexdec(substr($config['watermark_text_color'], 0, 2)), 255 - hexdec(substr($config['watermark_text_color'], 2, 2)), 255 - hexdec(substr($config['watermark_text_color'], 4, 2)));
$font_size = 15;
do {
--$font_size;
$text_box = imagettfbbox($font_size, 0, _BASEPATH_ . '/includes/fonts/arial.ttf', $config['watermark_text']);
$textlen = $text_box[2] - $text_box[0] + 5;
} while ($textlen > $new_size[0]);
$watermark_x = (int) (($size[0] - $new_size[0]) / 2) + 5;
$watermark_y = $new_size[1] + (int) (($size[1] - $new_size[1]) / 2) - 20;
//shadow first
imagettftext($mynewimg, $font_size, 0, $watermark_x, $watermark_y, $text_color2, _BASEPATH_ . '/includes/fonts/arial.ttf', $config['watermark_text']);
//text second
imagettftext($mynewimg, $font_size, 0, $watermark_x + 1, $watermark_y + 1, $text_color, _BASEPATH_ . '/includes/fonts/arial.ttf', $config['watermark_text']);
}
if (!empty($config['watermark_image']) && is_file($config['watermark_image'])) {
$wm_image = @imagecreatefrompng($config['watermark_image']);
$wm_image_width = imagesx($wm_image);
$wm_image_height = imagesy($wm_image);
$wm_image_x = (int) (($size[0] - $new_size[0]) / 2) + 5;
$wm_image_y = $new_size[1] + (int) (($size[1] - $new_size[1]) / 2) - $wm_image_height;
if (defined('BICUBIC_RESAMPLE')) {
imagecopyresamplebicubic($mynewimg, $wm_image, $wm_image_x, $wm_image_y, 0, 0, $wm_image_width, $wm_image_height, $wm_image_width, $wm_image_height);
} else {
fastimagecopyresampled($mynewimg, $wm_image, $wm_image_x, $wm_image_y, 0, 0, $wm_image_width, $wm_image_height, $wm_image_width, $wm_image_height);
}
}
if (!empty($config['round_corners'])) {
$skin = get_my_skin();
imagealphablending($mynewimg, true);
// put the corners
$corner = @imagecreatefrompng(_BASEPATH_ . '/skins_site/' . $skin . '/images/corner_tl.png');
imagecopy($mynewimg, $corner, 0, 0, 0, 0, 7, 7);
$corner = @imagecreatefrompng(_BASEPATH_ . '/skins_site/' . $skin . '/images/corner_tr.png');
imagecopy($mynewimg, $corner, $size[0] - 7, 0, 0, 0, 7, 7);
$corner = @imagecreatefrompng(_BASEPATH_ . '/skins_site/' . $skin . '/images/corner_bl.png');
imagecopy($mynewimg, $corner, 0, $size[1] - 7, 0, 0, 7, 7);
$corner = @imagecreatefrompng(_BASEPATH_ . '/skins_site/' . $skin . '/images/corner_br.png');
imagecopy($mynewimg, $corner, $size[0] - 7, $size[1] - 7, 0, 0, 7, 7);
// draw the border lines
$border_color = imagecolorallocate($mynewimg, 0xcc, 0xcc, 0xcc);
imageline($mynewimg, 7, 0, $size[0] - 8, 0, $border_color);
//tl->tr
imageline($mynewimg, $size[0] - 1, 7, $size[0] - 1, $size[1] - 8, $border_color);
//tr->br
imageline($mynewimg, 7, $size[1] - 1, $size[0] - 8, $size[1] - 1, $border_color);
//bl->br
imageline($mynewimg, 0, 7, 0, $size[1] - 8, $border_color);
//tl->bl
}
$myreturn = imagejpeg($mynewimg, $save_path . '/' . $save_name . '.jpg', $config['quality']);
} else {
$myreturn = false;
}
} else {
$myreturn = false;
}
if (!empty($myimg)) {
imagedestroy($myimg);
}
if (!empty($mynewimg)) {
imagedestroy($mynewimg);
}
return $myreturn;
}
File: my_networks.php
$Revision$
Software by: DateMill (http://www.datemill.com)
Copyright by: DateMill (http://www.datemill.com)
Support at: http://www.datemill.com/forum
*******************************************************************************
* See the "docs/licenses/etano.txt" file for license. *
******************************************************************************/
require 'includes/common.inc.php';
require _BASEPATH_ . '/includes/user_functions.inc.php';
require _BASEPATH_ . '/includes/network_functions.inc.php';
require _BASEPATH_ . '/skins_site/' . get_my_skin() . '/lang/net.inc.php';
check_login_member('manage_networks');
$tpl = new phemplate(_BASEPATH_ . '/skins_site/' . get_my_skin() . '/', 'remove_nonjs');
require _BASEPATH_ . '/includes/classes/user_cache.class.php';
$user_cache = new user_cache(get_my_skin());
$query = "SELECT `net_id`,`network` FROM `{$dbtable_prefix}networks`";
if (!($res = @mysql_query($query))) {
trigger_error(mysql_error(), E_USER_ERROR);
}
$networks = array();
$i = 0;
while ($rsrow = mysql_fetch_assoc($res)) {
$rsrow['network'] = sanitize_and_format($rsrow['network'], TYPE_STRING, $__field2format[TEXT_DB2DISPLAY]);
$net_members = get_network_members($_SESSION[_LICENSE_KEY_]['user']['user_id'], $rsrow['net_id'], 4);
if (!empty($net_members)) {
$rsrow['members'] = $user_cache->get_cache_tpl($net_members, 'result_user');
}
if (!empty($rsrow['members'])) {
$rsrow['see_all'] = true;
$networks[] = $rsrow;
$input['error_email'] = 'red_border';
}
if (!$error) {
$query = "SELECT `" . USER_ACCOUNT_ID . "` FROM `" . USER_ACCOUNTS_TABLE . "` WHERE `email`='" . $input['email'] . "' LIMIT 1";
if (!($res = @mysql_query($query))) {
trigger_error(mysql_error(), E_USER_ERROR);
}
if (mysql_num_rows($res)) {
$error = true;
$topass['message']['type'] = MESSAGE_ERROR;
$topass['message']['text'][] = sprintf($GLOBALS['_lang'][204], $input['email']);
$input['error_email'] = 'red_border';
}
}
if (!$error) {
$query = "REPLACE INTO `{$dbtable_prefix}user_settings2` SET `fk_user_id`='" . $_SESSION[_LICENSE_KEY_]['user']['user_id'] . "',`config_option`='new_email',`config_value`='" . $input['email'] . "'";
if (!($res = @mysql_query($query))) {
trigger_error(mysql_error(), E_USER_ERROR);
}
$input['email2'] = rawurlencode($input['email']);
send_template_email($input['email'], sprintf($GLOBALS['_lang'][40], _SITENAME_), 'email_change_confirm.html', get_my_skin(), $input);
$topass['message']['type'] = MESSAGE_INFO;
$topass['message']['text'][] = $GLOBALS['_lang'][39];
} else {
// you must re-read all textareas from $_POST like this:
// $input['x']=addslashes_mq($_POST['x']);
$input = sanitize_and_format($input, TYPE_STRING, FORMAT_HTML2TEXT_FULL | FORMAT_STRIPSLASH);
$topass['input'] = $input;
}
}
redirect2page($nextpage, $topass, $qs);
<?php
/******************************************************************************
Etano
===============================================================================
File: processors/login.php
$Revision$
Software by: DateMill (http://www.datemill.com)
Copyright by: DateMill (http://www.datemill.com)
Support at: http://www.datemill.com/forum
*******************************************************************************
* See the "docs/licenses/etano.txt" file for license. *
******************************************************************************/
require '../includes/common.inc.php';
require _BASEPATH_ . '/includes/user_functions.inc.php';
require _BASEPATH_ . '/skins_site/' . get_my_skin() . '/lang/login.inc.php';
if (is_file(_BASEPATH_ . '/events/processors/login.php')) {
include _BASEPATH_ . '/events/processors/login.php';
}
$score_threshold = 600;
// seconds
$error = false;
$topass = array();
$nextpage = 'login.php';
$qs = '';
$qssep = '';
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
$user = strtolower(sanitize_and_format_gpc($_POST, 'user', TYPE_STRING, $__field2format[FIELD_TEXTFIELD], ''));
$pass = sanitize_and_format_gpc($_POST, 'pass', TYPE_STRING, $__field2format[FIELD_TEXTFIELD], '');
if (!empty($user) && !empty($pass)) {
$log['level'] = 'login';
}
}
if (!$error) {
if ($input['page'] == 1) {
$input['temp_pass'] = md5(gen_pass(6));
$query = "INSERT IGNORE INTO `" . USER_ACCOUNTS_TABLE . "` SET `" . USER_ACCOUNT_USER . "`='" . $input['user'] . "',`" . USER_ACCOUNT_PASS . "`=md5('" . $input['pass'] . "'),`email`='" . $input['email'] . "',`membership`=2,`status`=" . ASTAT_UNVERIFIED . ",`temp_pass`='" . $input['temp_pass'] . "'";
if (!($res = @mysql_query($query))) {
trigger_error(mysql_error(), E_USER_ERROR);
}
$_SESSION[_LICENSE_KEY_]['user']['reg_id'] = mysql_insert_id();
$_SESSION[_LICENSE_KEY_]['user']['user'] = $input['user'];
// for `dsb_payments`
$_SESSION[_LICENSE_KEY_]['user']['email'] = $input['email'];
// for info_signup.html
$input['uid'] = $_SESSION[_LICENSE_KEY_]['user']['reg_id'];
send_template_email($input['email'], sprintf($GLOBALS['_lang'][70], _SITENAME_), 'confirm_reg.html', get_my_skin(), $input);
}
$query = "SELECT `fk_user_id` FROM `{$dbtable_prefix}user_profiles` WHERE `fk_user_id`=" . $_SESSION[_LICENSE_KEY_]['user']['reg_id'];
if (!($res = @mysql_query($query))) {
trigger_error(mysql_error(), E_USER_ERROR);
}
$is_update = false;
if (mysql_num_rows($res)) {
$is_update = true;
}
$now = gmdate('YmdHis');
if ($is_update) {
$query = "UPDATE `{$dbtable_prefix}user_profiles` SET `last_changed`='{$now}'";
} else {
$query = "INSERT INTO `{$dbtable_prefix}user_profiles` SET `fk_user_id`='" . $_SESSION[_LICENSE_KEY_]['user']['reg_id'] . "',`last_changed`='{$now}',`date_added`='{$now}',`score`='" . add_member_score(0, 'join', 1, true) . "'";
}
Etano
===============================================================================
File: profile.php
$Revision$
Software by: DateMill (http://www.datemill.com)
Copyright by: DateMill (http://www.datemill.com)
Support at: http://www.datemill.com/forum
*******************************************************************************
* See the "docs/licenses/etano.txt" file for license. *
******************************************************************************/
//define('CACHE_LIMITER','private');
require_once 'includes/common.inc.php';
require_once 'includes/user_functions.inc.php';
require_once 'includes/network_functions.inc.php';
check_login_member('profile_view');
$tpl = new phemplate(_BASEPATH_ . '/skins_site/' . get_my_skin() . '/', 'remove_nonjs');
$uid = 0;
if (!empty($_GET['uid'])) {
$uid = (string) (int) $_GET['uid'];
} elseif (isset($_GET['user'])) {
$user = sanitize_and_format($_GET['user'], TYPE_STRING, $__field2format[FIELD_TEXTFIELD]);
$uid = get_userid_by_user($user);
} elseif (!empty($_SESSION[_LICENSE_KEY_]['user']['user_id'])) {
$uid = (string) $_SESSION[_LICENSE_KEY_]['user']['user_id'];
} else {
redirect2page('index.php');
}
if (!empty($_SESSION[_LICENSE_KEY_]['user']['user_id']) && $_SESSION[_LICENSE_KEY_]['user']['user_id'] == $uid) {
redirect2page('my_profile.php');
}
$output = array();
<?php
/******************************************************************************
Etano
===============================================================================
File: processors/contact.php
$Revision$
Software by: DateMill (http://www.datemill.com)
Copyright by: DateMill (http://www.datemill.com)
Support at: http://www.datemill.com/forum
*******************************************************************************
* See the "docs/licenses/etano.txt" file for license. *
******************************************************************************/
require '../includes/common.inc.php';
require _BASEPATH_ . '/includes/user_functions.inc.php';
require _BASEPATH_ . '/skins_site/' . get_my_skin() . '/lang/contact.inc.php';
check_login_member('contact');
if (is_file(_BASEPATH_ . '/events/processors/contact.php')) {
include _BASEPATH_ . '/events/processors/contact.php';
}
$error = false;
$qs = '';
$qs_sep = '';
$topass = array();
$nextpage = 'contact.php';
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
$input = array();
// get the input we need and sanitize it
$input['fk_user_id'] = !empty($_SESSION[_LICENSE_KEY_]['user']['user_id']) ? $_SESSION[_LICENSE_KEY_]['user']['user_id'] : 0;
$input['subject'] = sanitize_and_format_gpc($_POST, 'subject', TYPE_STRING, $__field2format[FIELD_TEXTFIELD], '');
$input['name'] = sanitize_and_format_gpc($_POST, 'name', TYPE_STRING, $__field2format[FIELD_TEXTFIELD], '');
Support at: http://www.datemill.com/forum
*******************************************************************************
* See the "docs/licenses/etano.txt" file for license. *
******************************************************************************/
if (!defined('_LICENSE_KEY_')) {
die('Hacking attempt');
}
include _BASEPATH_ . '/includes/logs.inc.php';
include _BASEPATH_ . '/includes/site_bans.inc.php';
$_access_level = array();
require _BASEPATH_ . '/includes/access_levels.inc.php';
require_once _BASEPATH_ . '/includes/general_functions.inc.php';
$tplvars['tplurl'] = _BASEURL_ . '/skins_site/' . get_my_skin();
$tplvars['tplrelpath'] = $GLOBALS['relative_path'] . 'skins_site/' . get_my_skin();
$GLOBALS['_lang'] = array();
require _BASEPATH_ . '/skins_site/' . get_my_skin() . '/lang/global.inc.php';
$accepted_months = array($GLOBALS['_lang'][166], $GLOBALS['_lang'][167], $GLOBALS['_lang'][168], $GLOBALS['_lang'][169], $GLOBALS['_lang'][170], $GLOBALS['_lang'][171], $GLOBALS['_lang'][172], $GLOBALS['_lang'][173], $GLOBALS['_lang'][174], $GLOBALS['_lang'][175], $GLOBALS['_lang'][176], $GLOBALS['_lang'][177], $GLOBALS['_lang'][178]);
$_pfields = array();
$_pcats = array();
require _BASEPATH_ . '/includes/fields.inc.php';
if (!empty($_SESSION[_LICENSE_KEY_]['user']['user_id'])) {
$_SESSION[_LICENSE_KEY_]['user']['user_id'] = (int) $_SESSION[_LICENSE_KEY_]['user']['user_id'];
$tplvars['user_logged'] = true;
} else {
$_SESSION[_LICENSE_KEY_]['user']['user'] = '******';
$_SESSION[_LICENSE_KEY_]['user']['membership'] = 1;
}
$tplvars['myself'] = $_SESSION[_LICENSE_KEY_]['user'];
$GLOBALS['_list_of_online_members'] = get_online_ids();
$GLOBALS['page_last_modified_time'] = isset($_SESSION[_LICENSE_KEY_]['user']['loginout']) ? $_SESSION[_LICENSE_KEY_]['user']['loginout'] : 0;
// need this for cache control - the Last-Modified header
<?php
/******************************************************************************
Etano
===============================================================================
File: processors/pass_change.php
$Revision$
Software by: DateMill (http://www.datemill.com)
Copyright by: DateMill (http://www.datemill.com)
Support at: http://www.datemill.com/forum
*******************************************************************************
* See the "docs/licenses/etano.txt" file for license. *
******************************************************************************/
require '../includes/common.inc.php';
require _BASEPATH_ . '/includes/user_functions.inc.php';
require _BASEPATH_ . '/skins_site/' . get_my_skin() . '/lang/pass_change.inc.php';
if (is_file(_BASEPATH_ . '/events/processors/pass_change.php')) {
include _BASEPATH_ . '/events/processors/pass_change.php';
}
$error = false;
$qs = '';
$qs_sep = '';
$topass = array();
$nextpage = 'my_settings.php';
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
$input = array();
// get the input we need and sanitize it
$input['pass'] = sanitize_and_format_gpc($_POST, 'pass', TYPE_STRING, $__field2format[FIELD_TEXTFIELD], '');
$input['pass2'] = sanitize_and_format_gpc($_POST, 'pass2', TYPE_STRING, $__field2format[FIELD_TEXTFIELD], '');
if ($input['pass'] != $input['pass2']) {
$error = true;
<?php
/******************************************************************************
Etano
===============================================================================
File: ajax/rate_item.php
$Revision: 610 $
Software by: DateMill (http://www.datemill.com)
Copyright by: DateMill (http://www.datemill.com)
Support at: http://www.datemill.com/forum
*******************************************************************************
* See the "docs/licenses/etano.txt" file for license. *
******************************************************************************/
require_once dirname(__FILE__) . '/../includes/common.inc.php';
require_once dirname(__FILE__) . '/../includes/user_functions.inc.php';
require_once _BASEPATH_ . '/skins_site/' . get_my_skin() . '/lang/rating.inc.php';
$output = '';
$error = false;
$id = 0;
$qs = '';
$vote_type = '';
$topass = array();
if (!empty($_SESSION[_LICENSE_KEY_]['user']['user_id'])) {
if (!empty($_REQUEST['t']) && !empty($_REQUEST['id']) && !empty($_REQUEST['vote'])) {
$vote_type = $_REQUEST['t'];
$id = (int) $_REQUEST['id'];
$vote = (int) $_REQUEST['vote'];
if ($vote_type == 'photo') {
$parent_field = "photo_id";
$parent_table = "{$dbtable_prefix}user_photos";
$table = "{$dbtable_prefix}rating_photo";
function __construct()
{
require_once _BASEPATH_ . '/skins_site/' . get_my_skin() . '/lang/payment.inc.php';
$this->_init();
}
/******************************************************************************
Etano
===============================================================================
File: processors/filters_addedit.php
$Revision$
Software by: DateMill (http://www.datemill.com)
Copyright by: DateMill (http://www.datemill.com)
Support at: http://www.datemill.com/forum
*******************************************************************************
* See the "docs/licenses/etano.txt" file for license. *
******************************************************************************/
require '../includes/common.inc.php';
require _BASEPATH_ . '/includes/user_functions.inc.php';
require _BASEPATH_ . '/includes/tables/message_filters.inc.php';
require _BASEPATH_ . '/skins_site/' . get_my_skin() . '/lang/mailbox.inc.php';
check_login_member('manage_folders');
if (is_file(_BASEPATH_ . '/events/processors/filters_addedit.php')) {
include _BASEPATH_ . '/events/processors/filters_addedit.php';
}
$error = false;
$qs = '';
$qs_sep = '';
$topass = array();
$nextpage = 'filters.php';
$input = array();
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
// get the input we need and sanitize it
foreach ($message_filters_default['types'] as $k => $v) {
$input[$k] = sanitize_and_format_gpc($_POST, $k, $__field2type[$v], $__field2format[$v], $message_filters_default['defaults'][$k]);
}
}
}
unset($_SESSION['captcha_word']);
if (!$error) {
$query = "SELECT `" . USER_ACCOUNT_ID . "` as `uid`,`" . USER_ACCOUNT_USER . "` as `user`,`email` FROM `" . USER_ACCOUNTS_TABLE . "` WHERE `email`='" . $input['email'] . "' LIMIT 1";
if (!($res = @mysql_query($query))) {
trigger_error(mysql_error(), E_USER_ERROR);
}
if (mysql_num_rows($res)) {
$input = mysql_fetch_assoc($res);
$input['temp_pass'] = md5(gen_pass(6));
$input['ipaddr'] = $_SERVER['REMOTE_ADDR'];
$query = "UPDATE `" . USER_ACCOUNTS_TABLE . "` SET `temp_pass`='" . $input['temp_pass'] . "' WHERE `" . USER_ACCOUNT_ID . "`=" . $input['uid'];
if (!($res = @mysql_query($query))) {
trigger_error(mysql_error(), E_USER_ERROR);
}
send_template_email($input['email'], sprintf($GLOBALS['_lang'][225], _SITENAME_), 'pass_reset.html', get_my_skin(), $input);
$topass['message']['type'] = MESSAGE_INFO;
$topass['message']['text'] = $GLOBALS['_lang'][89];
} else {
$topass['message']['type'] = MESSAGE_ERROR;
$topass['message']['text'] = $GLOBALS['_lang'][90];
}
} else {
// you must re-read all textareas from $_POST like this:
// $input['x']=addslashes_mq($_POST['x']);
$input = sanitize_and_format($input, TYPE_STRING, FORMAT_HTML2TEXT_FULL | FORMAT_STRIPSLASH);
$topass['input'] = $input;
}
}
redirect2page($nextpage, $topass, $qs);
/******************************************************************************
Etano
===============================================================================
File: processors/photo_settings.php
$Revision$
Software by: DateMill (http://www.datemill.com)
Copyright by: DateMill (http://www.datemill.com)
Support at: http://www.datemill.com/forum
*******************************************************************************
* See the "docs/licenses/etano.txt" file for license. *
******************************************************************************/
require '../includes/common.inc.php';
require _BASEPATH_ . '/includes/user_functions.inc.php';
require _BASEPATH_ . '/includes/tables/user_photos.inc.php';
require _BASEPATH_ . '/skins_site/' . get_my_skin() . '/lang/photos.inc.php';
check_login_member('upload_photos');
if (is_file(_BASEPATH_ . '/events/processors/photo_settings.php')) {
include _BASEPATH_ . '/events/processors/photo_settings.php';
}
$error = false;
$qs = '';
$qs_sep = '';
$topass = array();
$nextpage = 'my_photos.php';
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
$input = array();
// get the input we need and sanitize it
foreach ($user_photos_default['types'] as $k => $v) {
$input[$k] = sanitize_and_format_gpc($_POST, $k, $__field2type[$v], $__field2format[$v], array());
}
function process(&$input, $type)
{
global $dbtable_prefix, $tpl;
if (!isset($tpl)) {
$tpl = new phemplate(_BASEPATH_ . '/skins_site/' . get_my_skin() . '/', 'remove_nonjs');
}
// require_once _BASEPATH_.'/includes/classes/log_error.class.php';
// new log_error(array('module_name'=>get_class($this),'text'=>$type.': new notif from paypal: $_POST:'.var_export($_POST,true).' $_GET:'.var_export($_GET,true).' $input:'.var_export($input,true)));
if (strcasecmp($input['business'], $this->config['paypal_email']) == 0 || strcasecmp($input['receiver_email'], $this->config['paypal_email']) == 0) {
// some transformations
parse_str($input['custom'], $temp);
if (!empty($temp['uid'])) {
$input['user_id'] = $temp['uid'];
}
$input['dm_item_type'] = $temp['dit'];
$input['business'] = strtolower($input['business']);
$input['receiver_email'] = strtolower($input['receiver_email']);
$input['first_name'] = ucwords(strtolower($input['first_name']));
$input['last_name'] = ucwords(strtolower($input['last_name']));
$query = "SELECT get_lock('" . $input['txn_id'] . "',10)";
if (!($res = @mysql_query($query))) {
trigger_error(mysql_error(), E_USER_ERROR);
}
if (mysql_result($res, 0, 0) == 1) {
$query = "SELECT `payment_id`,`is_subscr`,`name`,`is_suspect` FROM `{$dbtable_prefix}payments` WHERE `gw_txn`='" . $input['txn_id'] . "' AND `date`>=now()-INTERVAL 1 DAY";
if (!($res = @mysql_query($query))) {
trigger_error(mysql_error(), E_USER_ERROR);
}
if (mysql_num_rows($res)) {
// the other process already did the job. Let's release the lock
if ($type == 'pdt') {
$output = mysql_fetch_assoc($res);
// tell member that he will receive everything by email
if ($output['is_subscr']) {
if ($output['is_suspect']) {
$tpl->set_file('gateway_text', 'thankyou_subscr_nok.html');
} else {
$tpl->set_file('gateway_text', 'thankyou_subscr_ok.html');
}
} else {
$tpl->set_file('gateway_text', 'thankyou_prod_nok.html');
}
$tpl->set_var('output', $output);
$tpl->process('gateway_text', 'gateway_text', TPL_OPTIONAL);
}
$query = "SELECT release_lock('" . $input['txn_id'] . "')";
if (!($res = @mysql_query($query))) {
trigger_error(mysql_error(), E_USER_ERROR);
}
} else {
// we arrived before the other process, let's do the dirty work...
if ($input['dm_item_type'] == 'subscr') {
$query = "SELECT `" . USER_ACCOUNT_ID . "` as `user_id`,`" . USER_ACCOUNT_USER . "` as `user` FROM `" . USER_ACCOUNTS_TABLE . "` WHERE `" . USER_ACCOUNT_ID . "`=" . $input['user_id'];
if (!($res = @mysql_query($query))) {
trigger_error(mysql_error(), E_USER_ERROR);
}
if (mysql_num_rows($res)) {
$real_user = mysql_fetch_assoc($res);
if (strcasecmp($input['txn_type'], 'web_accept') == 0 || strcasecmp($input['txn_type'], 'send_money') == 0 || strcasecmp($input['txn_type'], 'subscr_payment') == 0) {
if (strcasecmp($input['payment_status'], 'Completed') == 0) {
$query = "SELECT `subscr_id`,`price`,`m_value_to`,`duration` FROM `{$dbtable_prefix}subscriptions` WHERE `subscr_id`=" . $input['item_number'] . " AND `is_visible`=1";
if (!($res = @mysql_query($query))) {
trigger_error(mysql_error(), E_USER_ERROR);
}
if (mysql_num_rows($res)) {
$real_subscr = mysql_fetch_assoc($res);
if (number_format($real_subscr['price'], 2) == number_format($input['mc_gross'], 2)) {
if ($input['test_ipn'] != 1 || $this->config['demo_mode'] == 1 && $input['test_ipn'] == 1) {
require_once _BASEPATH_ . '/includes/iso31661a2.inc.php';
if (isset($GLOBALS['iso31661a2'][$input['residence_country']])) {
$input['country'] = $GLOBALS['iso31661a2'][$input['residence_country']];
$input['email'] = $input['payer_email'];
$this->check_fraud($input);
} else {
$this->is_fraud = true;
$this->fraud_reason = 'Invalid country code received from paypal. Please contact administrator.';
require_once _BASEPATH_ . '/includes/classes/log_error.class.php';
new log_error(array('module_name' => get_class($this), 'text' => 'country code received from paypal not found in iso31661a2.inc.php file' . array2qs($_POST)));
}
if (!empty($real_subscr['duration'])) {
// if the old subscription is not over yet, we need to extend the new one with some days
$query = "SELECT a.`payment_id`,UNIX_TIMESTAMP(a.`paid_until`) as `paid_until`,b.`price`,b.`duration` FROM `{$dbtable_prefix}payments` a LEFT JOIN `{$dbtable_prefix}subscriptions` b ON a.`fk_subscr_id`=b.`subscr_id` WHERE a.`fk_user_id`=" . $real_user['user_id'] . " AND a.`refunded`=0 AND a.`is_active`=1 AND a.`is_subscr`=1 AND a.`m_value_to`>2 ORDER BY a.`paid_until` DESC LIMIT 1";
if (!($res = @mysql_query($query))) {
trigger_error(mysql_error(), E_USER_ERROR);
}
if (mysql_num_rows($res)) {
$rsrow = mysql_fetch_assoc($res);
$time = mktime(gmdate('H'), gmdate('i'), gmdate('s'), gmdate('m'), gmdate('d'), gmdate('Y'));
if ((int) $rsrow['paid_until'] > (int) $time) {
$remaining_days = ((int) $rsrow['paid_until'] - (int) $time) / 86400;
//86400 seconds in a day
if ($remaining_days > 0) {
$remaining_value = (int) $rsrow['price'] / (int) $rsrow['duration'] * $remaining_days;
$day_value_new = (int) $real_subscr['price'] / (int) $real_subscr['duration'];
$days_append = round($remaining_value / $day_value_new);
$real_subscr['duration'] = (int) $real_subscr['duration'];
$real_subscr['duration'] += $days_append;
}
}
}
}
$now = gmdate('Ymd');
// all old active subscriptions end now!
$query = "UPDATE `{$dbtable_prefix}payments` SET `paid_until`='{$now}',`is_active`=0 WHERE `fk_user_id`=" . $real_user['user_id'] . " AND `is_active`=1 AND `is_subscr`=1";
if (!($res = @mysql_query($query))) {
trigger_error(mysql_error(), E_USER_ERROR);
}
// insert the new subscription
$query = "INSERT INTO `{$dbtable_prefix}payments` SET `is_active`=1,`fk_user_id`=" . $real_user['user_id'] . ",`_user`='" . $real_user['user'] . "',`gateway`='" . $this->module_code . "',`is_subscr`=1,`fk_subscr_id`=" . $real_subscr['subscr_id'] . ",`gw_txn`='" . $input['txn_id'] . "',`name`='" . $input['first_name'] . ' ' . $input['last_name'] . "',`country`='" . $input['country'] . "',`email`='" . $input['payer_email'] . "',`m_value_to`=" . $real_subscr['m_value_to'] . ",`amount_paid`='" . $input['mc_gross'] . "',`is_suspect`=" . (int) $this->is_fraud . ",`suspect_reason`='" . $this->fraud_reason . "',`paid_from`='{$now}',`date`=now()";
if (!empty($real_subscr['duration'])) {
$query .= ",`paid_until`='{$now}'+INTERVAL " . $real_subscr['duration'] . ' DAY';
}
if (!($res = @mysql_query($query))) {
trigger_error(mysql_error(), E_USER_ERROR);
}
if (!$this->is_fraud) {
$query = "UPDATE `" . USER_ACCOUNTS_TABLE . "` SET `membership`=" . $real_subscr['m_value_to'] . " WHERE `" . USER_ACCOUNT_ID . "`=" . $real_user['user_id'];
if (!($res = @mysql_query($query))) {
trigger_error(mysql_error(), E_USER_ERROR);
}
$myreturn = true;
add_member_score($real_user['user_id'], 'payment');
if ($type == 'pdt') {
$tpl->set_file('gateway_text', 'thankyou_subscr_ok.html');
}
} else {
if ($type == 'pdt') {
$output['name'] = $input['card_holder_name'];
$tpl->set_file('gateway_text', 'thankyou_subscr_nok.html');
$tpl->set_var('output', $output);
$tpl->process('gateway_text', 'gateway_text', TPL_OPTIONAL);
}
// DEPT_ADMIN from includes/admin_functions.inc.php is hardcoded below as 4
$query = "SELECT `email` FROM `{$dbtable_prefix}admin_accounts` WHERE `dept_id`=4 ORDER BY `admin_id` DESC LIMIT 1";
if (!($res = @mysql_query($query))) {
trigger_error(mysql_error(), E_USER_ERROR);
}
if (mysql_num_rows($res)) {
send_template_email(mysql_result($res, 0, 0), 'Possible fraud detected on ' . _SITENAME_ . ', please investigate', '', '', array(), $this->module_code . ' TXN: ' . $input['txn_id'] . ': ' . $this->fraud_reason);
}
}
} else {
// a demo transaction when we're not in demo mode
if ($type == 'pdt') {
$tpl->set_var('gateway_text', $GLOBALS['_lang'][187]);
}
require_once _BASEPATH_ . '/includes/classes/log_error.class.php';
new log_error(array('module_name' => get_class($this), 'text' => 'Demo transaction when demo is not enabled: ' . array2qs($_POST)));
}
} else {
// paid price doesn't match the subscription price
if ($type == 'pdt') {
$tpl->set_var('gateway_text', $GLOBALS['_lang'][188]);
}
require_once _BASEPATH_ . '/includes/classes/log_error.class.php';
new log_error(array('module_name' => get_class($this), 'text' => 'Invalid amount paid: ' . array2qs($_POST)));
}
} else {
// if the subscr_id was not found
if ($type == 'pdt') {
$tpl->set_var('gateway_text', $GLOBALS['_lang'][189]);
}
require_once _BASEPATH_ . '/includes/classes/log_error.class.php';
new log_error(array('module_name' => get_class($this), 'text' => 'Invalid subscr_id received after payment: ' . array2qs($_POST)));
}
} else {
if ($type == 'pdt') {
$tpl->set_var('gateway_text', $GLOBALS['_lang'][190]);
}
require_once _BASEPATH_ . '/includes/classes/log_error.class.php';
new log_error(array('module_name' => get_class($this), 'text' => 'Payment status not Completed: ' . $input['payment_status'] . "\n" . array2qs($_POST)));
}
} elseif (strcasecmp($input['txn_type'], 'subscr_eot') == 0) {
$query = "SELECT `payment_id` FROM `{$dbtable_prefix}payments` WHERE `fk_user_id`=" . $real_user['user_id'] . " AND `fk_subscr_id`=" . $input['item_number'] . " AND `is_active`=1 ORDER BY `payment_id` DESC LIMIT 1";
if (!($res = @mysql_query($query))) {
trigger_error(mysql_error(), E_USER_ERROR);
}
if (mysql_num_rows($res)) {
$payment_id = mysql_result($res, 0, 0);
$now = gmdate('Ymd');
$query = "UPDATE `{$dbtable_prefix}payments` SET `paid_until`='{$now}' WHERE `payment_id`={$payment_id}";
if (!($res = @mysql_query($query))) {
trigger_error(mysql_error(), E_USER_ERROR);
}
} else {
// invalid eot.
require_once _BASEPATH_ . '/includes/classes/log_error.class.php';
new log_error(array('module_name' => get_class($this), 'text' => 'Received End of Term notification for a subscription but subscription doesn\'t exist or not active. Maybe this member has 2 running subscriptions? ' . array2qs($_POST)));
}
} else {
// unhandled txn_type
if ($type == 'pdt') {
$tpl->set_var('gateway_text', $GLOBALS['_lang'][191]);
}
require_once _BASEPATH_ . '/includes/classes/log_error.class.php';
new log_error(array('module_name' => get_class($this), 'text' => 'Unhandled txn_type (probably not an error): ' . $input['txn_type'] . "\n" . array2qs($_POST)));
}
} else {
// if the user_id was not found
if ($type == 'pdt') {
$tpl->set_var('gateway_text', $GLOBALS['_lang'][192]);
}
require_once _BASEPATH_ . '/includes/classes/log_error.class.php';
new log_error(array('module_name' => get_class($this), 'text' => 'Invalid user_id received after payment: ' . array2qs($_POST)));
}
} elseif ($input['dm_item_type'] == 'prod') {
// no product support for now in Etano
require_once _BASEPATH_ . '/includes/classes/log_error.class.php';
new log_error(array('module_name' => get_class($this), 'text' => 'Received dm_item_type=prod but we are not selling products: ' . array2qs($_POST)));
} else {
// dm_item_type is neither 'prod' nor 'subscr'
if ($type == 'pdt') {
$tpl->set_var('gateway_text', $GLOBALS['_lang'][193]);
}
require_once _BASEPATH_ . '/includes/classes/log_error.class.php';
new log_error(array('module_name' => get_class($this), 'text' => 'Invalid dm_item_type: ' . array2qs($_POST)));
}
// job done, release the lock
$query = "SELECT release_lock('" . $input['txn_id'] . "')";
if (!($res = @mysql_query($query))) {
trigger_error(mysql_error(), E_USER_ERROR);
}
}
} else {
// we could not obtain the lock.
// The other process is taking too long but at least this should mean that it is handling this
}
} else {
require_once _BASEPATH_ . '/includes/classes/log_error.class.php';
new log_error(array('module_name' => get_class($this), 'text' => 'Payment was not made into our account: ' . array2qs($_POST)));
}
}
