function load($tpl_name, $menu = 'log')
{
$url = @parse_url($tpl_name);
$file_path = dirname($this->clear_url_dir($url['path']));
$tpl_name = pathinfo($url['path']);
$tpl_name = totranslit($tpl_name['basename']);
$tpl = file_get_contents(ROOT_DIR . "/templates/" . $this->config_dle['skin'] . "/billing/" . $tpl_name . ".tpl");
if (!$tpl) {
return $this->lang['cabinet_theme_error'] . "{$tpl_name}.tpl";
}
foreach ($this->elements as $key => $value) {
$tpl = str_replace($key, $value, $tpl);
}
foreach ($this->element_block as $key => $value) {
$tpl = preg_replace("'\\[" . $key . "\\].*?\\[/" . $key . "\\]'si", $value, $tpl);
}
/* Plugins menu */
$tpl_plugin = $this->T_preg_match($tpl, '~\\[plugin\\](.*?)\\[/plugin\\]~is');
$plugins_list = $this->T_plugins();
$plugins = "";
if (count($plugins_list)) {
foreach ($plugins_list as $name => $pl_config) {
$time_plugins_theme = $tpl_plugin;
$time_plugins_theme = str_replace("{plugin_link}", $name, $time_plugins_theme);
$time_plugins_theme = str_replace("{plugin_name}", $pl_config['name'], $time_plugins_theme);
$time_plugins_theme = $menu == $name ? str_replace("{plugin_active}", "_active", $time_plugins_theme) : str_replace("{plugin_active}", "", $time_plugins_theme);
$time_plugins_theme = str_replace("{URL_CABINET}", $this->config_dle['http_home_url'] . $this->config['page'] . ".html", $time_plugins_theme);
$plugins .= $time_plugins_theme;
}
}
$tpl = str_replace("{URL_CABINET}", $this->config_dle['http_home_url'] . $this->config['page'] . ".html", $tpl);
$tpl = str_replace("{THEME}", $this->config_dle['http_home_url'] . "templates/" . $this->config_dle['skin'] . "/billing", $tpl);
$tpl = str_replace("[active]" . $menu . "[/active]", "_active", $tpl);
$tpl = str_replace("{BALANCE}", $this->member_id[$this->config['fname']] . " " . $this->pay_api->bf_declOfNum($this->config['currency']), $tpl);
$tpl = preg_replace("'\\[active\\].*?\\[/active\\]'si", '', $tpl);
$tpl = preg_replace("'\\[plugin\\].*?\\[/plugin\\]'si", $plugins, $tpl);
$elements = array();
return $tpl;
}
}
require_once ENGINE_DIR . '/modules/sitelogin.php';
if (!$is_logged or !$user_group[$member_id['user_group']]['allow_admin']) {
die("error");
}
$buffer = "";
if ($_REQUEST['action'] == "clearCache") {
if ($member_id['user_group'] != 1) {
die("error");
}
$dle_api->clean_cache("stream-info");
$dle_api->clean_cache("stream-info-key");
$dle_api->clean_cache("stream-info-block");
$buffer = "Кеш стрима успешно очищен.";
} elseif ($_REQUEST['action'] == 'setTitle') {
$login = totranslit($_POST['login']);
$error = array();
$service = $_POST['service'];
switch ($service) {
case "twitch":
$titleTW = gettwitch($login, true);
if ($titleTW['status'] == '404') {
$setTitle = false;
$error = array("status" => inv("Данного логина не существует в этом сервисе стримминга. Проверьте правильность веденного логина пользователя."), "code" => 404);
} else {
$setTitle = $titleTW['status'];
}
break;
case "goodgame":
$titleGG = setTitleGG($login);
if (!$titleGG) {
@ini_set('error_reporting', E_ALL ^ E_WARNING ^ E_NOTICE);
define('DATALIFEENGINE', true);
define('ROOT_DIR', substr(dirname(__FILE__), 0, -12));
define('ENGINE_DIR', ROOT_DIR . '/engine');
include ENGINE_DIR . '/data/config.php';
date_default_timezone_set($config['date_adjust']);
if ($config['http_home_url'] == "") {
$config['http_home_url'] = explode("engine/ajax/complaint.php", $_SERVER['PHP_SELF']);
$config['http_home_url'] = reset($config['http_home_url']);
$config['http_home_url'] = "http://" . $_SERVER['HTTP_HOST'] . $config['http_home_url'];
}
require_once ENGINE_DIR . '/classes/mysql.php';
require_once ENGINE_DIR . '/data/dbconfig.php';
require_once ENGINE_DIR . '/modules/functions.php';
dle_session();
$_COOKIE['dle_skin'] = trim(totranslit($_COOKIE['dle_skin'], false, false));
$_TIME = time();
if ($_COOKIE['dle_skin']) {
if (@is_dir(ROOT_DIR . '/templates/' . $_COOKIE['dle_skin'])) {
$config['skin'] = $_COOKIE['dle_skin'];
}
}
if ($config["lang_" . $config['skin']]) {
if (file_exists(ROOT_DIR . '/language/' . $config["lang_" . $config['skin']] . '/website.lng')) {
@(include_once ROOT_DIR . '/language/' . $config["lang_" . $config['skin']] . '/website.lng');
} else {
die("Language file not found");
}
} else {
include_once ROOT_DIR . '/language/' . $config['langs'] . '/website.lng';
}
\t{$gallery}
//-->
</script>
HTML;
}
if ($config['allow_share'] and ($dle_module == "showfull" or $dle_module == "static")) {
if (preg_match("/(msie)/i", $_SERVER['HTTP_USER_AGENT'])) {
$js_array[] = "engine/classes/masha/ierange.js";
$js_array[] = "engine/classes/masha/masha.js";
} else {
$js_array[] = "engine/classes/masha/masha.js";
}
}
$js_array = build_js($js_array, $config);
if ($allow_comments_ajax and ($config['allow_comments_wysiwyg'] or $config['allow_quick_wysiwyg'])) {
$lang['wysiwyg_language'] = totranslit($lang['wysiwyg_language'], false, false);
if ($config['allow_quick_wysiwyg'] == "2" or $config['allow_comments_wysiwyg'] == "2") {
$js_array .= "\n<script type=\"text/javascript\" src=\"{$config['http_home_url']}engine/editor/jscripts/tiny_mce/jquery.tinymce.js\"></script>";
}
if ($config['allow_quick_wysiwyg'] == "1" or $config['allow_comments_wysiwyg'] == "1") {
$js_array .= "\n<script type=\"text/javascript\" src=\"{$config['http_home_url']}engine/editor/scripts/language/{$lang['wysiwyg_language']}/editor_lang.js\"></script>";
$js_array .= "\n<script type=\"text/javascript\" src=\"{$config['http_home_url']}engine/editor/scripts/innovaeditor.js\"></script>";
}
}
if ($config['allow_admin_wysiwyg'] == "1" or $config['allow_site_wysiwyg'] == "1" or $config['allow_static_wysiwyg'] == "1") {
$js_array .= "\n<script type=\"text/javascript\" src=\"http://ajax.googleapis.com/ajax/libs/webfont/1/webfont.js\"></script>";
$js_array .= "\n<script type=\"text/javascript\" src=\"{$config['http_home_url']}engine/editor/scripts/webfont.js\"></script>";
$js_array .= "\n<link media=\"screen\" href=\"{$config['http_home_url']}engine/editor/css/default.css\" type=\"text/css\" rel=\"stylesheet\" />";
}
if (strpos($tpl->result['content'], "<video") !== false) {
$js_array .= "\n<link media=\"screen\" href=\"{$config['http_home_url']}engine/editor/scripts/common/mediaelement/mediaelementplayer.min.css\" type=\"text/css\" rel=\"stylesheet\" />";
$descr = $lang['rules_edit'];
} else {
$name = trim(totranslit($_POST['name'], true, false));
$descr = trim($db->safesql(htmlspecialchars($_POST['description'])));
if (!count($_POST['grouplevel'])) {
$_POST['grouplevel'] = array("all");
}
$grouplevel = $db->safesql(implode(',', $_POST['grouplevel']));
}
$disable_index = isset($_POST['disable_index']) ? intval($_POST['disable_index']) : 0;
$template = $db->safesql($template);
$allow_template = intval($_POST['allow_template']);
$allow_count = intval($_POST['allow_count']);
$allow_sitemap = intval($_POST['allow_sitemap']);
$tpl = trim(totranslit($_POST['static_tpl']));
$skin_name = trim(totranslit($_POST['skin_name'], false, false));
$newdate = $_POST['newdate'];
if (isset($_POST['allow_date'])) {
$allow_date = $_POST['allow_date'];
} else {
$allow_date = "";
}
if (isset($_POST['allow_now'])) {
$allow_now = $_POST['allow_now'];
} else {
$allow_now = "";
}
// Обработка даты и времени
$added_time = time() + $config['date_adjust'] * 60;
$newsdate = strtotime($newdate);
if ($allow_date != "yes") {
@ini_set('error_reporting', E_ALL ^ E_WARNING ^ E_NOTICE);
define('DATALIFEENGINE', true);
define('ROOT_DIR', substr(dirname(__FILE__), 0, -12));
define('ENGINE_DIR', ROOT_DIR . '/engine');
include ENGINE_DIR . '/data/config.php';
if ($config['http_home_url'] == "") {
$config['http_home_url'] = explode("engine/ajax/profile.php", $_SERVER['PHP_SELF']);
$config['http_home_url'] = reset($config['http_home_url']);
$config['http_home_url'] = "http://" . $_SERVER['HTTP_HOST'] . $config['http_home_url'];
}
require_once ENGINE_DIR . '/classes/mysql.php';
require_once ENGINE_DIR . '/data/dbconfig.php';
require_once ENGINE_DIR . '/modules/functions.php';
dle_session();
require_once ENGINE_DIR . '/classes/templates.class.php';
$_REQUEST['skin'] = trim(totranslit($_REQUEST['skin'], false, false));
$_TIME = time() + $config['date_adjust'] * 60;
if ($_REQUEST['skin'] == "" or !@is_dir(ROOT_DIR . '/templates/' . $_REQUEST['skin'])) {
die("Hacking attempt!");
}
//################# Определение групп пользователей
$user_group = get_vars("usergroup");
if (!$user_group) {
$user_group = array();
$db->query("SELECT * FROM " . USERPREFIX . "_usergroups ORDER BY id ASC");
while ($row = $db->get_row()) {
$user_group[$row['id']] = array();
foreach ($row as $key => $value) {
$user_group[$row['id']][$key] = stripslashes($value);
}
}
//Проверка на админа
$row = $db->super_query("SELECT admin, del, ban FROM `" . PREFIX . "_communities` WHERE id = '{$id}'");
if (stripos($row['admin'], "u{$user_id}|") !== false and isset($wall_text) and !empty($wall_text) or isset($attach_files) and !empty($attach_files) and $row['del'] == 0 and $row['ban'] == 0) {
//Оприделение изображения к ссылке
if (stripos($attach_files, 'link|') !== false) {
$attach_arr = explode('||', $attach_files);
$cnt_attach_link = 1;
foreach ($attach_arr as $attach_file) {
$attach_type = explode('|', $attach_file);
if ($attach_type[0] == 'link' and preg_match('/http:\\/\\/(.*?)+$/i', $attach_type[1]) and $cnt_attach_link == 1) {
$domain_url_name = explode('/', $attach_type[1]);
$rdomain_url_name = str_replace('http://', '', $domain_url_name[2]);
$rImgUrl = $attach_type[4];
$rImgUrl = str_replace("\\", "/", $rImgUrl);
$img_name_arr = explode(".", $rImgUrl);
$img_format = totranslit(end($img_name_arr));
$image_name = substr(md5($server_time . md5($rImgUrl)), 0, 15);
//Разришенные форматы
$allowed_files = array('jpg', 'jpeg', 'jpe', 'png', 'gif');
//Загружаем картинку на сайт
if (in_array(strtolower($img_format), $allowed_files) and preg_match("/http:\\/\\/(.*?)(.jpg|.png|.gif|.jpeg|.jpe)/i", $rImgUrl)) {
//Директория загрузки фото
$upload_dir = ROOT_DIR . '/uploads/attach/' . $user_id;
//Если нет папки юзера, то создаём её
if (!is_dir($upload_dir)) {
@mkdir($upload_dir, 0777);
@chmod($upload_dir, 0777);
}
//Подключаем класс для фотографий
include ENGINE_DIR . '/classes/images.php';
if (@copy($rImgUrl, $upload_dir . '/' . $image_name . '.' . $img_format)) {
$short_story = $db->safesql($parse->BB_Parse($parse->process($_POST['short_story']), false));
$allow_br = 1;
}
if ($parse->not_allowed_text) {
$stop .= "<li>" . $lang['news_err_39'] . "</li>";
}
$title = $db->safesql($parse->process(trim(strip_tags($_POST['title']))));
$alt_name = trim($parse->process(stripslashes($_POST['alt_name'])));
$add_module = "yes";
$xfieldsaction = "init";
$category = $catlist;
include ENGINE_DIR . '/inc/xfields.php';
if ($alt_name == "" or !$alt_name) {
$alt_name = totranslit(stripslashes($title), true, false);
} else {
$alt_name = totranslit($alt_name, true, false);
}
if ($title == "" or !$title) {
$stop .= $lang['add_err_1'];
}
if (dle_strlen($title, $config['charset']) > 200) {
$stop .= $lang['add_err_2'];
}
if ($config['create_catalog']) {
$catalog_url = $db->safesql(dle_substr(htmlspecialchars(strip_tags(stripslashes(trim($title))), ENT_QUOTES, $config['charset']), 0, 1, $config['charset']));
} else {
$catalog_url = "";
}
if ($user_group[$member_id['user_group']]['disable_news_captcha'] and $member_id['news_num'] >= $user_group[$member_id['user_group']]['disable_news_captcha']) {
$user_group[$member_id['user_group']]['news_question'] = false;
$user_group[$member_id['user_group']]['news_sec_code'] = false;
header("Location: {$_SERVER['REQUEST_URI']}");
}
}
if ($_POST['banned']) {
$banned = "yes";
}
if (!$user_group[$editlevel]['time_limit']) {
$time_limit = "";
}
$image = $_FILES['image']['tmp_name'];
$image_name = $_FILES['image']['name'];
$image_size = $_FILES['image']['size'];
$img_name_arr = explode(".", $image_name);
$type = totranslit(end($img_name_arr));
if ($image_name != "") {
$image_name = totranslit(stripslashes($img_name_arr[0])) . "." . $type;
}
if (stripos($image_name, "php") !== false) {
die("Hacking attempt!");
}
if (is_uploaded_file($image)) {
if ($image_size < 100000) {
$allowed_extensions = array("jpg", "png", "jpe", "jpeg", "gif");
if (in_array($type, $allowed_extensions) and $image_name) {
include_once ENGINE_DIR . '/classes/thumb.class.php';
$res = @move_uploaded_file($image, ROOT_DIR . "/uploads/fotos/" . $id . "." . $type);
if ($res) {
@chmod(ROOT_DIR . "/uploads/fotos/" . $id . "." . $type, 0666);
$thumb = new thumbnail(ROOT_DIR . "/uploads/fotos/" . $id . "." . $type);
if ($thumb->size_auto($user_group[$member_id['user_group']]['max_foto'])) {
$thumb->jpeg_quality($config['jpeg_quality']);
private function check_filename($filename)
{
if ($filename != "") {
$filename = str_replace("\\", "/", $filename);
$filename = str_replace("..", "", $filename);
$filename = str_replace("/", "", $filename);
$filename_arr = explode(".", $filename);
$type = totranslit(end($filename_arr));
$curr_key = key($filename_arr);
unset($filename_arr[$curr_key]);
$filename = totranslit(implode(".", $filename_arr), false) . "." . $type;
} else {
return false;
}
$filename = str_replace("..", ".", $filename);
$filename = str_ireplace("php", "", $filename);
if (stripos($filename, "php") !== false) {
return false;
}
if (stripos($filename, "phtm") !== false) {
return false;
}
if (stripos($filename, "shtm") !== false) {
return false;
}
if (stripos($filename, ".htaccess") !== false) {
return false;
}
if (stripos($filename, ".cgi") !== false) {
return false;
}
if (stripos($filename, ".html") !== false) {
return false;
}
if (stripos($filename, ".ini") !== false) {
return false;
}
if (stripos($filename, ".") === 0) {
return false;
}
if (stripos($filename, ".") === false) {
return false;
}
return $filename;
}
function sub_load_template($tpl_name)
{
$tpl_name = str_replace(chr(0), '', $tpl_name);
$url = @parse_url($tpl_name);
$file_path = dirname($this->clear_url_dir($url['path']));
$tpl_name = pathinfo($url['path']);
$tpl_name = totranslit($tpl_name['basename']);
$type = explode(".", $tpl_name);
$type = strtolower(end($type));
if ($type != "tpl") {
return "Not Allowed Template Name: " . $tpl_name;
}
if ($file_path and $file_path != ".") {
$tpl_name = $file_path . "/" . $tpl_name;
}
if (strpos($tpl_name, '/templates/') === 0) {
$tpl_name = str_replace('/templates/', '', $tpl_name);
$templatefile = ROOT_DIR . '/templates/' . $tpl_name;
} else {
$templatefile = $this->dir . "/" . $tpl_name;
}
if ($tpl_name == '' || !file_exists($templatefile)) {
$templatefile = str_replace(ROOT_DIR, '', $templatefile);
return "Template not found: " . $templatefile;
return false;
}
if (stripos($templatefile, ".php") !== false) {
return "Not Allowed Template Name: " . $tpl_name;
}
$template = file_get_contents($templatefile);
$template = $this->check_module($template);
if (strpos($template, "[group=") !== false or strpos($template, "[not-group=") !== false) {
$template = $this->check_group($template);
}
if (strpos($template, "[page-count=") !== false) {
$template = preg_replace_callback("#\\[(page-count)=(.+?)\\](.*?)\\[/page-count\\]#is", array(&$this, 'check_page'), $template);
}
if (strpos($template, "[not-page-count=") !== false) {
$template = preg_replace_callback("#\\[(not-page-count)=(.+?)\\](.*?)\\[/not-page-count\\]#is", array(&$this, 'check_page'), $template);
}
if (strpos($template, "[tags=") !== false) {
$template = preg_replace_callback("#\\[(tags)=(.+?)\\](.*?)\\[/tags\\]#is", array(&$this, 'check_tag'), $template);
}
if (strpos($template, "[not-tags=") !== false) {
$template = preg_replace_callback("#\\[(not-tags)=(.+?)\\](.*?)\\[/not-tags\\]#is", array(&$this, 'check_tag'), $template);
}
if (strpos($template, "[news=") !== false) {
$template = preg_replace_callback("#\\[(news)=(.+?)\\](.*?)\\[/news\\]#is", array(&$this, 'check_tag'), $template);
}
if (strpos($template, "[not-news=") !== false) {
$template = preg_replace_callback("#\\[(not-news)=(.+?)\\](.*?)\\[/not-news\\]#is", array(&$this, 'check_tag'), $template);
}
if (strpos($template, "[smartphone]") !== false) {
$template = preg_replace_callback("#\\[(smartphone)\\](.*?)\\[/smartphone\\]#is", array(&$this, 'check_device'), $template);
}
if (strpos($template, "[not-smartphone]") !== false) {
$template = preg_replace_callback("#\\[(not-smartphone)\\](.*?)\\[/not-smartphone\\]#is", array(&$this, 'check_device'), $template);
}
if (strpos($template, "[tablet]") !== false) {
$template = preg_replace_callback("#\\[(tablet)\\](.*?)\\[/tablet\\]#is", array(&$this, 'check_device'), $template);
}
if (strpos($template, "[not-tablet]") !== false) {
$template = preg_replace_callback("#\\[(not-tablet)\\](.*?)\\[/not-tablet\\]#is", array(&$this, 'check_device'), $template);
}
if (strpos($template, "[desktop]") !== false) {
$template = preg_replace_callback("#\\[(desktop)\\](.*?)\\[/desktop\\]#is", array(&$this, 'check_device'), $template);
}
if (strpos($template, "[not-desktop]") !== false) {
$template = preg_replace_callback("#\\[(not-desktop)\\](.*?)\\[/not-desktop\\]#is", array(&$this, 'check_device'), $template);
}
return $template;
}
$PHP_SELF = $_SERVER['PHP_SELF'];
$_IP = $db->safesql($_SERVER['REMOTE_ADDR']);
$_TIME = time() + $config['date_adjust'] * 60;
require_once ENGINE_DIR . '/skins/default.skin.php';
if (isset($_POST['action'])) {
$action = $_POST['action'];
} else {
$action = $_GET['action'];
}
if (isset($_POST['mod'])) {
$mod = $_POST['mod'];
} else {
$mod = $_GET['mod'];
}
$mod = totranslit($mod, true, false);
$action = totranslit($action, false, false);
$user_group = get_vars("usergroup");
if (!$user_group) {
$user_group = array();
$db->query("SELECT * FROM " . USERPREFIX . "_usergroups ORDER BY id ASC");
while ($row = $db->get_row()) {
$user_group[$row['id']] = array();
foreach ($row as $key => $value) {
$user_group[$row['id']][$key] = stripslashes($value);
}
}
set_vars("usergroup", $user_group);
$db->free();
}
$cat_info = get_vars("category");
if (!is_array($cat_info)) {
$db->query("INSERT INTO " . USERPREFIX . "_admin_logs (name, date, ip, action, extras) values ('" . $db->safesql($member_id['name']) . "', '{$_TIME}', '{$_IP}', '4', '{$banner_tag}')");
clear_cache();
header("Location: " . $_SERVER['PHP_SELF'] . "?mod=banners");
}
if ($_POST['action'] == "doedit") {
if ($_REQUEST['user_hash'] == "" or $_REQUEST['user_hash'] != $dle_login_hash) {
die("Hacking attempt! User not found");
}
if (!$id) {
msg("error", "ID not valid", "ID not valid");
}
if (function_exists("get_magic_quotes_gpc") && get_magic_quotes_gpc()) {
$_POST['banner_descr'] = stripslashes($_POST['banner_descr']);
$_POST['banner_code'] = stripslashes($_POST['banner_code']);
}
$banner_tag = totranslit(strip_tags(trim($_POST['banner_tag'])));
$banner_descr = $db->safesql(strip_tags(trim($_POST['banner_descr'])));
$banner_code = $db->safesql(trim($_POST['banner_code']));
$approve = intval($_REQUEST['approve']);
$short_place = intval($_REQUEST['short_place']);
$bstick = intval($_REQUEST['bstick']);
$main = intval($_REQUEST['main']);
$fpage = intval($_REQUEST['fpage']);
$category = $_POST['category'];
if (!count($category)) {
$category = array();
$category[] = '0';
}
$category_list = array();
foreach ($category as $value) {
$category_list[] = intval($value);
} elseif ($action == "doedit") {
if ($_REQUEST['user_hash'] == "" or $_REQUEST['user_hash'] != $dle_login_hash) {
die("Hacking attempt! User not found");
}
$quotes = array("'", "\"", "`", "\t", "\n", "\r", '"');
$cat_name = $db->safesql(htmlspecialchars(strip_tags(stripslashes($_POST['cat_name'])), ENT_QUOTES));
$skin_name = trim(totranslit($_POST['skin_name'], false, false));
$cat_icon = $db->safesql(htmlspecialchars(strip_tags(stripslashes($_POST['cat_icon'])), ENT_QUOTES));
$alt_cat_name = totranslit(stripslashes($_POST['alt_cat_name']), true, false);
$catid = intval($_POST['catid']);
$parentid = intval($_POST['parentid']);
$meta_title = $db->safesql(htmlspecialchars(strip_tags(stripslashes($_POST['meta_title']))));
$description = $db->safesql(dle_substr(strip_tags(stripslashes($_POST['descr'])), 0, 200, $config['charset']));
$keywords = $db->safesql(str_replace($quotes, " ", strip_tags(stripslashes($_POST['keywords']))));
$short_tpl = totranslit(stripslashes(trim($_POST['short_tpl'])));
$full_tpl = totranslit(stripslashes(trim($_POST['full_tpl'])));
if (in_array($_POST['news_sort'], array("date", "rating", "news_read", "title"))) {
$news_sort = $db->safesql($_POST['news_sort']);
} else {
$news_sort = "";
}
if (in_array($_POST['news_msort'], array("ASC", "DESC"))) {
$news_msort = $db->safesql($_POST['news_msort']);
} else {
$news_msort = "";
}
if ($_POST['news_number'] > 0) {
$news_number = intval($_POST['news_number']);
} else {
$news_number = 0;
}
$short_story = $parse->process($_POST['short_story']);
if ($config['allow_admin_wysiwyg'] or $allow_br != '1') {
$full_story = $db->safesql($parse->BB_Parse($full_story));
$short_story = $db->safesql($parse->BB_Parse($short_story));
} else {
$full_story = $db->safesql($parse->BB_Parse($full_story, false));
$short_story = $db->safesql($parse->BB_Parse($short_story, false));
}
if ($parse->not_allowed_text) {
msg("error", $lang['addnews_error'], $lang['news_err_39'], "javascript:history.go(-1)");
}
$alt_name = $_POST['alt_name'];
if (trim($alt_name) == "" or !$alt_name) {
$alt_name = totranslit(stripslashes($title), true, false);
} else {
$alt_name = totranslit(stripslashes($alt_name), true, false);
}
$title = $db->safesql($title);
$metatags = create_metatags($short_story . $full_story);
$catalog_url = $db->safesql(dle_substr(htmlspecialchars(strip_tags(stripslashes(trim($_POST['catalog_url']))), ENT_QUOTES, $config['charset']), 0, 3, $config['charset']));
if ($config['create_catalog'] and !$catalog_url) {
$catalog_url = $db->safesql(dle_substr(htmlspecialchars(strip_tags(stripslashes(trim($title))), ENT_QUOTES, $config['charset']), 0, 1, $config['charset']));
}
if (@preg_match("/[\\||\\<|\\>|\"|\\!|\\?|\$|\\@|\\/|\\\\|\\&\\~\\*\\+]/", $_POST['tags'])) {
$_POST['tags'] = "";
} else {
$_POST['tags'] = @$db->safesql(htmlspecialchars(strip_tags(stripslashes(trim($_POST['tags']))), ENT_COMPAT, $config['charset']));
}
if ($_POST['tags']) {
$temp_array = array();
$tags_array = array();
if (!isset($xfieldsindex)) {
msgbox('Информация', 'Выберите поле, которое хотите сдвинуть!', 'javascript:history.go(-1)');
exit;
}
array_move($xfields, $xfieldsindex, +1);
@profilesave($xfields);
}
//**************** Редактирование поля ****************** //
if ($_GET['act'] == 'edit') {
$xfieldsindex = intval($_GET['id']);
$editedxfield = $xfields[$xfieldsindex];
//**************** Если нажали кнопку "Сохранить" ****************** //
if (isset($_POST['edit_save'])) {
$editedxfield = $_POST['editedxfield'];
if (strlen(trim($editedxfield[0])) > 0 and strlen(trim($editedxfield[1])) > 0) {
$editedxfield[0] = totranslit(trim($editedxfield[0]));
$editedxfield[0] = str_replace('-', '_', $editedxfield[0]);
$editedxfield[1] = htmlspecialchars(trim($editedxfield[1]));
foreach ($xfields as $name => $value) {
if ($name != $xfieldsindex and $value[0] == $editedxfield[0]) {
msgbox('Информация', 'Полe с таким названием уже существует!', 'javascript:history.go(-1)');
exit;
}
}
if ($editedxfield[3] == "select") {
$options = array();
foreach (explode("\r\n", $editedxfield["6_select"]) as $name => $value) {
$value = trim($value);
if (!in_array($value, $options)) {
$options[] = $value;
}
@ini_set('error_reporting', E_ALL ^ E_WARNING ^ E_NOTICE);
define('DATALIFEENGINE', true);
define('ROOT_DIR', substr(dirname(__FILE__), 0, -12));
define('ENGINE_DIR', ROOT_DIR . '/engine');
include ENGINE_DIR . '/data/config.php';
date_default_timezone_set($config['date_adjust']);
if ($config['http_home_url'] == "") {
$config['http_home_url'] = explode("engine/ajax/rating.php", $_SERVER['PHP_SELF']);
$config['http_home_url'] = reset($config['http_home_url']);
$config['http_home_url'] = "http://" . $_SERVER['HTTP_HOST'] . $config['http_home_url'];
}
require_once ENGINE_DIR . '/classes/mysql.php';
require_once ENGINE_DIR . '/data/dbconfig.php';
require_once ENGINE_DIR . '/modules/functions.php';
dle_session();
$_REQUEST['skin'] = totranslit($_REQUEST['skin'], false, false);
if ($_REQUEST['skin']) {
if (@is_dir(ROOT_DIR . '/templates/' . $_REQUEST['skin'])) {
$config['skin'] = $_REQUEST['skin'];
} else {
die("Hacking attempt!");
}
}
if ($config["lang_" . $config['skin']]) {
if (file_exists(ROOT_DIR . '/language/' . $config["lang_" . $config['skin']] . '/website.lng')) {
include_once ROOT_DIR . '/language/' . $config["lang_" . $config['skin']] . '/website.lng';
} else {
die("Language file not found");
}
} else {
include_once ROOT_DIR . '/language/' . $config['langs'] . '/website.lng';
} else {
$stop .= $lang['news_err_14'];
}
} else {
$stop .= $lang['news_err_15'];
}
} else {
$stop .= $lang['news_err_16'];
}
} else {
$stop .= $lang['news_err_32'];
}
@unlink(ROOT_DIR . "/uploads/fotos/" . $row['user_id'] . "." . $type);
}
if ($_POST['del_foto'] == "yes" and !$stop) {
@unlink(ROOT_DIR . "/uploads/fotos/" . totranslit($row['foto']));
$db->query("UPDATE " . USERPREFIX . "_users set foto='' WHERE user_id = '{$id}'");
}
if (strlen($password1) > 0) {
$altpass = md5($altpass);
if ($altpass != $member_id['password']) {
$stop .= $lang['news_err_17'];
}
if ($password1 != $password2) {
$stop .= $lang['news_err_18'];
}
if (strlen($password1) < 6) {
$stop .= $lang['news_err_19'];
}
if ($member_id['user_id'] == $row['user_id'] and $user_group[$member_id['user_group']]['admin_editusers']) {
$stop .= $lang['news_err_42'];
foreach ($_POST['content'] as $content) {
$approve = intval($content['approve']);
if (!count($content['category'])) {
$content['category'] = array();
$content['category'][] = '0';
}
$category_list = array();
foreach ($content['category'] as $value) {
$category_list[] = intval($value);
}
$category_list = $db->safesql(implode(',', $category_list));
$full_story = $parse->process($content['full']);
$short_story = $parse->process($content['short']);
$title = $parse->process(trim(strip_tags($content['title'])));
$_POST['title'] = $title;
$alt_name = totranslit(stripslashes($title));
$title = $db->safesql($title);
if (!$allow_br) {
$full_story = $db->safesql($parse->BB_Parse($full_story));
$short_story = $db->safesql($parse->BB_Parse($short_story));
} else {
$full_story = $db->safesql($parse->BB_Parse($full_story, false));
$short_story = $db->safesql($parse->BB_Parse($short_story, false));
}
$metatags = create_metatags($short_story . $full_story);
$thistime = date("Y-m-d H:i:s", strtotime($content['date']));
if (trim($title) == "") {
msg("error", $lang['addnews_error'], $lang['addnews_ertitle'], "javascript:history.go(-1)");
}
if (trim($short_story) == "") {
msg("error", $lang['addnews_error'], $lang['addnews_erstory'], "javascript:history.go(-1)");
$_SERVER['HTTP_REFERER'] = reset_url($_SERVER['HTTP_REFERER']);
$_SERVER['HTTP_HOST'] = reset_url($_SERVER['HTTP_HOST']);
if ($_SERVER['HTTP_HOST'] != $_SERVER['HTTP_REFERER']) {
@header('Location: ' . $config['http_home_url']);
die("Access denied!!!<br /><br />Please visit <a href=\"{$config['http_home_url']}\">{$config['http_home_url']}</a>");
}
}
$id = intval($_REQUEST['id']);
if ($_REQUEST['area'] == "static") {
$row = $db->super_query("SELECT name, onserver FROM " . PREFIX . "_static_files WHERE id ='{$id}'");
} else {
$row = $db->super_query("SELECT name, onserver FROM " . PREFIX . "_files WHERE id ='{$id}'");
}
if (!$row) {
die("Access denied");
}
$config['files_max_speed'] = intval($config['files_max_speed']);
$row['onserver'] = totranslit($row['onserver'], false);
$file = new download(FILE_DIR . $row['onserver'], $row['name'], $config['files_force'], $config['files_max_speed']);
if ($_REQUEST['area'] == "static") {
if ($config['files_count'] == "yes" and !$file->range) {
$db->query("UPDATE " . PREFIX . "_static_files SET dcount=dcount+1 WHERE id ='{$id}'");
}
} else {
if ($config['files_count'] == "yes" and !$file->range) {
$db->query("UPDATE " . PREFIX . "_files SET dcount=dcount+1 WHERE id ='{$id}'");
}
}
$db->close();
session_write_close();
$file->download_file();
define('DATALIFEENGINE', true);
define('ROOT_DIR', substr(dirname(__FILE__), 0, -12));
define('ENGINE_DIR', ROOT_DIR . '/engine');
include ENGINE_DIR . '/data/config.php';
if ($config['http_home_url'] == "") {
$config['http_home_url'] = explode("engine/ajax/antivirus.php", $_SERVER['PHP_SELF']);
$config['http_home_url'] = reset($config['http_home_url']);
$config['http_home_url'] = "http://" . $_SERVER['HTTP_HOST'] . $config['http_home_url'];
}
require_once ENGINE_DIR . '/classes/mysql.php';
require_once ENGINE_DIR . '/data/dbconfig.php';
require_once ENGINE_DIR . '/inc/include/functions.inc.php';
dle_session();
$selected_language = $config['langs'];
if (isset($_COOKIE['selected_language'])) {
$_COOKIE['selected_language'] = trim(totranslit($_COOKIE['selected_language'], false, false));
if ($_COOKIE['selected_language'] != "" and @is_dir(ROOT_DIR . '/language/' . $_COOKIE['selected_language'])) {
$selected_language = $_COOKIE['selected_language'];
}
}
if (file_exists(ROOT_DIR . '/language/' . $selected_language . '/adminpanel.lng')) {
require_once ROOT_DIR . '/language/' . $selected_language . '/adminpanel.lng';
} else {
die("Language file not found");
}
$config['charset'] = $lang['charset'] != '' ? $lang['charset'] : $config['charset'];
require_once ENGINE_DIR . '/modules/sitelogin.php';
if ($member_id['user_group'] != 1) {
die("error");
}
require_once ENGINE_DIR . '/classes/antivirus.class.php';
-----------------------------------------------------
http://dle-news.ru/
-----------------------------------------------------
Copyright (c) 2004,2013 SoftNews Media Group
=====================================================
Данный код защищен авторскими правами
=====================================================
Файл: static.php
-----------------------------------------------------
Назначение: вывод статистических страниц
=====================================================
*/
if (!defined('DATALIFEENGINE')) {
die("Hacking attempt!");
}
$name = @$db->safesql(trim(totranslit($_GET['page'], true, false)));
if (!$static_result['id']) {
$static_result = $db->super_query("SELECT * FROM " . PREFIX . "_static WHERE name='{$name}'");
} else {
$static_result['id'] = intval($static_result['id']);
}
if ($static_result['id']) {
if ($static_result['allow_count']) {
$db->query("UPDATE " . PREFIX . "_static SET views=views+1 WHERE id='{$static_result['id']}'");
}
$static_result['grouplevel'] = explode(',', $static_result['grouplevel']);
if ($static_result['date']) {
$_DOCUMENT_DATE = $static_result['date'];
}
$disable_index = $static_result['disable_index'];
if ($static_result['grouplevel'][0] != "all" and !in_array($member_id['user_group'], $static_result['grouplevel'])) {
$config['skin'] = $_COOKIE['dle_skin'];
}
}
if ($config["lang_" . $config['skin']]) {
if (file_exists(ROOT_DIR . '/language/' . $config["lang_" . $config['skin']] . '/website.lng')) {
@(include_once ROOT_DIR . '/language/' . $config["lang_" . $config['skin']] . '/website.lng');
} else {
die("Language file not found");
}
} else {
include_once ROOT_DIR . '/language/' . $config['langs'] . '/website.lng';
}
$config['charset'] = $lang['charset'] != '' ? $lang['charset'] : $config['charset'];
require_once ENGINE_DIR . '/classes/parse.class.php';
require_once ENGINE_DIR . '/modules/sitelogin.php';
$area = totranslit($_REQUEST['area'], true, false);
if (!$area) {
$area = "news";
}
$allowed_areas = array('news' => array('comments_table' => 'comments'), 'ajax' => array('comments_table' => 'comments'), 'lastcomments' => array('comments_table' => 'comments'));
if (!is_array($allowed_areas[$area])) {
die("error");
}
$parse = new ParseFilter();
$parse->safe_mode = true;
if (!$is_logged) {
die("error");
}
$id = intval($_REQUEST['id']);
if (!$id) {
die("error");
$profile_link = $config['http_home_url'] . "user/" . urlencode($member_id['name']) . "/";
$options = array();
$options['config'] = array(array('name' => $lang['opt_all'], 'url' => "?mod=options&action=syscon", 'mod' => "options", 'access' => "admin"), array('name' => $lang['opt_cat'], 'url' => "?mod=categories", 'mod' => "categories", 'access' => $user_group[$member_id['user_group']]['admin_categories']), array('name' => $lang['opt_db'], 'url' => "?mod=dboption", 'mod' => "dboption", 'access' => "admin"), array('name' => $lang['opt_vconf'], 'url' => "?mod=videoconfig", 'mod' => "videoconfig", 'access' => "admin"), array('name' => $lang['opt_xfil'], 'url' => "?mod=xfields&xfieldsaction=configure", 'mod' => "xfields", 'access' => $user_group[$member_id['user_group']]['admin_xfields']), array('name' => $lang['opt_question'], 'url' => "?mod=question", 'mod' => "question", 'access' => "admin"));
$options['user'] = array(array('name' => $lang['opt_user'], 'url' => "?mod=editusers&action=list", 'mod' => "editusers", 'access' => $user_group[$member_id['user_group']]['admin_editusers']), array('name' => $lang['opt_xprof'], 'url' => "?mod=userfields&xfieldsaction=configure", 'mod' => "userfields", 'access' => $user_group[$member_id['user_group']]['admin_userfields']), array('name' => $lang['opt_group'], 'url' => "?mod=usergroup", 'mod' => "usergroup", 'access' => "admin"), array('name' => $lang['opt_social'], 'url' => "?mod=social", 'mod' => "social", 'access' => "admin"));
$options['templates'] = array(array('name' => $lang['opt_t'], 'url' => "?mod=templates&user_hash=" . $dle_login_hash, 'mod' => "templates", 'access' => "admin"), array('name' => $lang['opt_email'], 'url' => "?mod=email", 'mod' => "email", 'access' => "admin"));
$options['filter'] = array(array('name' => $lang['opt_fil'], 'url' => "?mod=wordfilter", 'mod' => "wordfilter", 'access' => $user_group[$member_id['user_group']]['admin_wordfilter']), array('name' => $lang['opt_ipban'], 'url' => "?mod=blockip", 'mod' => "blockip", 'access' => $user_group[$member_id['user_group']]['admin_blockip']), array('name' => $lang['opt_iptools'], 'url' => "?mod=iptools", 'mod' => "iptools", 'access' => $user_group[$member_id['user_group']]['admin_iptools']), array('name' => $lang['opt_sfind'], 'url' => "?mod=search", 'mod' => "search", 'access' => "admin"), array('name' => $lang['opt_srebuild'], 'url' => "?mod=rebuild", 'mod' => "rebuild", 'access' => "admin"), array('name' => $lang['opt_complaint'], 'url' => "?mod=complaint", 'mod' => "complaint", 'access' => $user_group[$member_id['user_group']]['admin_complaint']), array('name' => $lang['opt_check'], 'url' => "?mod=check", 'mod' => "check", 'access' => "admin"), array('name' => $lang['opt_links'], 'url' => "?mod=links", 'mod' => "links", 'access' => "admin"));
$options['others'] = array(array('name' => $lang['opt_rules'], 'url' => "?mod=static&action=doedit&page=rules", 'mod' => "rules", 'access' => $user_group[$member_id['user_group']]['admin_static']), array('name' => $lang['opt_static'], 'url' => "?mod=static", 'mod' => "static", 'access' => $user_group[$member_id['user_group']]['admin_static']), array('name' => $lang['opt_clean'], 'url' => "?mod=clean", 'mod' => "clean", 'access' => "admin"), array('name' => $lang['main_newsl'], 'url' => "?mod=newsletter", 'mod' => "newsletter", 'access' => $user_group[$member_id['user_group']]['admin_newsletter']), array('name' => $lang['opt_vote'], 'url' => "?mod=editvote", 'mod' => "editvote", 'access' => $user_group[$member_id['user_group']]['admin_editvote']), array('name' => $lang['opt_img'], 'url' => "?mod=files", 'mod' => "files", 'access' => "admin"), array('name' => $lang['opt_banner'], 'url' => "?mod=banners&action=list", 'mod' => "banners", 'access' => $user_group[$member_id['user_group']]['admin_banners']), array('name' => $lang['opt_google'], 'url' => "?mod=googlemap", 'mod' => "googlemap", 'access' => $user_group[$member_id['user_group']]['admin_googlemap']), array('name' => $lang['opt_rss'], 'url' => "?mod=rss", 'mod' => "rss", 'access' => $user_group[$member_id['user_group']]['admin_rss']), array('name' => $lang['opt_rssinform'], 'url' => "?mod=rssinform", 'mod' => "rssinform", 'access' => $user_group[$member_id['user_group']]['admin_rssinform']), array('name' => $lang['opt_tagscloud'], 'url' => "?mod=tagscloud", 'mod' => "tagscloud", 'access' => $user_group[$member_id['user_group']]['admin_tagscloud']), array('name' => $lang['opt_logs'], 'url' => "?mod=logs", 'mod' => "logs", 'access' => "admin"));
$db->query("SELECT * FROM " . PREFIX . "_admin_sections");
while ($row = $db->get_array()) {
if ($row['allow_groups'] != "all") {
$groups = explode(",", $row['allow_groups']);
if (!in_array($member_id['user_group'], $groups) and $member_id['user_group'] != 1) {
continue;
}
}
$row['name'] = totranslit($row['name'], true, false);
$row['title'] = strip_tags(stripslashes($row['title']));
$options['admin_sections'][] = array('name' => $row['title'], 'url' => "?mod={$row['name']}", 'mod' => "{$row['name']}", 'access' => 1);
}
foreach ($options as $sub_options => $value) {
$count_options = count($value);
for ($i = 0; $i < $count_options; $i++) {
if ($member_id['user_group'] == 1) {
continue;
}
if ($member_id['user_group'] != 1 and $value[$i]['access'] == "admin") {
unset($options[$sub_options][$i]);
}
if (!$value[$i]['access']) {
unset($options[$sub_options][$i]);
}
@unlink(ROOT_DIR . "/uploads/posts/" . $folder_prefix . $dataimages);
@unlink(ROOT_DIR . "/uploads/posts/" . $folder_prefix . "thumbs/" . $dataimages);
}
}
$db->query("DELETE FROM " . PREFIX . "_images WHERE news_id = '{$item_db['0']}'");
$db->query("SELECT id, onserver FROM " . PREFIX . "_files WHERE news_id = '{$item_db['0']}'");
while ($row = $db->get_row()) {
$url = explode("/", $row['onserver']);
if (count($url) == 2) {
$folder_prefix = $url[0] . "/";
$file = $url[1];
} else {
$folder_prefix = "";
$file = $url[0];
}
$file = totranslit($file, false);
if (trim($file) == ".htaccess") {
die("Hacking attempt!");
}
@unlink(ROOT_DIR . "/uploads/files/" . $folder_prefix . $file);
}
$db->query("DELETE FROM " . PREFIX . "_files WHERE news_id = '{$item_db['0']}'");
}
} else {
$no_permission = TRUE;
}
}
clear_cache(array('news_', 'full_' . $item_db[0], 'comm_' . $item_db[0], 'tagscloud_', 'archives_', 'calendar_', 'rss'));
if (!$_SESSION['admin_referrer']) {
$_SESSION['admin_referrer'] = "?mod=editnews&action=list";
}
$where_date = " AND date < '" . $thisdate . "'";
} else {
$where_date = "";
}
$this_month = date('m', $_TIME);
$this_year = date('Y', $_TIME);
$sql = "";
if ($year != '' and $month != '') {
$cache_id = $config['skin'] . $month . $year;
} else {
$cache_id = $config['skin'] . $this_month . $this_year;
}
$tpl->result['calendar'] = dle_cache("calendar", $cache_id);
if (!$tpl->result['calendar']) {
if ($year != '' and $month != '') {
$month = totranslit($month, true, false);
if ($year == $this_year and $month < $this_month or $year < $this_year) {
$where_date = "";
$approve = "";
} else {
$approve = " AND approve=1";
}
$sql = "SELECT DISTINCT DAYOFMONTH(date) as day FROM " . PREFIX . "_post WHERE date >= '{$year}-{$month}-01' AND date < '{$year}-{$month}-01' + INTERVAL 1 MONTH" . $approve . $where_date;
$this_month = $month;
$this_year = $year;
} else {
$sql = "SELECT DISTINCT DAYOFMONTH(date) as day FROM " . PREFIX . "_post WHERE date >= '{$this_year}-{$this_month}-01' AND date < '{$this_year}-{$this_month}-01' + INTERVAL 1 MONTH AND approve=1" . $where_date;
}
if ($sql != "") {
$db->query($sql);
while ($row = $db->get_row()) {
} else {
$user = '';
}
$category = '';
if (isset($_REQUEST['do'])) {
$do = totranslit($_REQUEST['do']);
} else {
$do = "";
}
if (isset($_REQUEST['subaction'])) {
$subaction = totranslit($_REQUEST['subaction']);
} else {
$subaction = "";
}
if (isset($_REQUEST['doaction'])) {
$doaction = totranslit($_REQUEST['doaction']);
} else {
$doaction = "";
}
if ($do == "tags" and !$_GET['tag']) {
$do = "alltags";
}
$dle_module = $do;
if ($do == "" and !$subaction and $year) {
$dle_module = "date";
} elseif ($do == "" and $catalog) {
$dle_module = "catalog";
} elseif ($do == "") {
$dle_module = $subaction;
}
if ($subaction == '' and $newsid) {
function setTitleGG($login)
{
$stream_goodgame = file_get_contents("http://goodgame.ru/api/getchannelstatus?id=" . totranslit($login) . "&fmt=json");
$stream_goodgame = json_decode($stream_goodgame, true);
$idXml = getgoodgame(totranslit($login));
$id = explode("=>", $idXml->stream->stream_id);
return $stream_goodgame[$id[0]];
}
$img_info = @getimagesize($config_path_image_upload . $file);
$total_size += $this_size;
echo "\n\t <tr>\n\t <td><a target=_blank href=\"" . $config['http_home_url'] . "uploads/" . $userdir . $sub_dir . "{$file}\">{$file}</a></td>\n\t <td>{$img_info['0']}x{$img_info['1']}</td>\n\t <td>" . formatsize($this_size) . "</td>\n\t <td><input type=\"checkbox\" name=\"images[{$file}]\" value=\"{$file}\" style=\"border: 0; background: transparent;\"></td>\n\t </tr>";
}
}
if (!$total_size) {
echo "<tr><td colspan=\"4\" align=\"center\" height=\"40\">" . $lang['files_head_4'] . "</td></tr>";
}
echo "</tbody></table><div class=\"box-footer padded\">\n\t\t<div id=\"file-uploader\" style=\"width:210px;float:left;\"></div>{$lang['images_listdir']} {$folder_list}\n\t\t<div style=\"float:right;\">{$lang['images_size']} " . formatsize($total_size) . " <input class=\"btn btn-red\" type=\"submit\" value=\" {$lang['images_del']} \"><input type=\"hidden\" name=\"action\" value=\"doimagedelete\"><input type=\"hidden\" name=\"user_hash\" value=\"{$dle_login_hash}\" /></div>\n\t</div>";
if ($_GET['userdir']) {
$userdir = totranslit($_GET['userdir'], true, false);
} else {
$userdir = "";
}
if ($_GET['sub_dir']) {
$subdir = totranslit($_GET['sub_dir'], true, false);
} else {
$subdir = "";
}
echo <<<HTML
</div>
</div>
</form>
<script type="text/javascript">
jQuery(document).ready(function (\$) {
\tvar totaladded = 0;
\tvar totaluploaded = 0;
\tvar uploader = new qq.FileUploader({
\t\telement: document.getElementById('file-uploader'),
//Если нажали "Добавить"
if (isset($_POST['save'])) {
$price = intval($_POST['price']);
//Разришенные форматы
$allowed_files = array('jpg', 'png');
//Получаем данные о фотографии ОРИГИНАЛ
$image_tmp = $_FILES['original']['tmp_name'];
$image_name = totranslit($_FILES['original']['name']);
// оригинальное название для оприделения формата
$image_size = $_FILES['original']['size'];
// размер файла
$type = end(explode(".", $image_name));
// формат файла
//Получаем данные о фотографии КОПИЯ
$image_tmp_2 = $_FILES['thumbnail']['tmp_name'];
$image_name_2 = totranslit($_FILES['thumbnail']['name']);
// оригинальное название для оприделения формата
$image_size_2 = $_FILES['thumbnail']['size'];
// размер файла
$type_2 = end(explode(".", $image_name_2));
// формат файла
//Проверям если, формат верный то пропускаем
if ($price) {
if (in_array(strtolower($type), $allowed_files) and in_array(strtolower($type_2), $allowed_files)) {
if ($image_size < 200000) {
if ($image_size_2 < 100000) {
$rand_name = rand(0, 1000);
move_uploaded_file($image_tmp, ROOT_DIR . '/uploads/gifts/' . $rand_name . '.' . $type);
move_uploaded_file($image_tmp_2, ROOT_DIR . '/uploads/gifts/' . $rand_name . '.' . $type_2);
$db->query("INSERT INTO `" . PREFIX . "_gifts_list` SET img = '" . $rand_name . "', price = '" . $price . "'");
msgbox('Информация', 'Подарок успешно добавлен', '?mod=gifts');