acceptrequest('sitename,siteurl,sitelogo,siteintro'); if ($config['applylinkvalidation'] == 1) { acceptrequest('securitycode'); if ($db_defaultsessdir != 1) { session_save_path("./{$db_tmpdir}"); } session_cache_limiter("private, must-revalidate"); session_start(); if ($securitycode == '' || strtolower($securitycode) != strtolower($_SESSION['code'])) { catcherror($lnc[165]); } } $sitename = safe_convert(trimplus($sitename)); $siteurl = safe_convert(trimplus($siteurl)); $sitelogo = safe_convert(trimplus($sitelogo)); $siteintro = safe_convert(trimplus($siteintro)); if (!$sitename || !$siteurl) { catcherror($lnc[179]); } $siteurl = urlconvert($siteurl); $sitelogo = urlconvert($sitelogo); $siteid = time() . rand(0, 10); if (preg_search($sitename, $forbidden['banword']) || preg_search($siteintro, $forbidden['banword']) || preg_search($siteurl, $forbidden['banword']) || preg_search($sitename, $forbidden['suspect']) || preg_search($siteintro, $forbidden['suspect']) || preg_search($siteurl, $forbidden['suspect'])) { catcherror($lnc[214]); } $addline = "<?PHP exit();?><|>{$siteid}<|>{$sitename}<|>{$siteurl}<|>{$sitelogo}<|>{$siteintro}<|>\n"; $filename = "data/cache_applylinks.php"; $oldcontent = @readfromfile($filename); $content = $addline . $oldcontent; if (!writetofile($filename, $content)) { catcherror($lnc[7] . $filename);
acceptrequest('job,selid'); if ($selid) { $repid = $selid; } else { $repid = $itemid; } if (empty($job)) { $job = 'default'; } if ($job == 'addadminreply' || $job == 'editadminreply') { if ($permission['ReplyReply'] != 1) { $cancel = $lna[345]; } catcherror($cancel); acceptrequest('adminreplycontent'); $adminreplycontent = trimplus($adminreplycontent); if ($adminreplycontent == '') { catcherror($lna[346]); } $adminreplycontent = safe_convert($adminreplycontent); $currenttime = time(); if ($logstat == 0) { $userdetail['username'] = $lna[901]; } if ($job == 'editadminreply') { $queryplus = "`adminrepeditorid`='{$userdetail['userid']}', `adminrepeditor`='{$userdetail['username']}', `adminrepedittime`='{$currenttime}'"; } else { $queryplus = "`adminreplier`='{$userdetail['username']}', `adminrepid`='{$userdetail['userid']}',`adminreptime`='{$currenttime}'"; } $blog->query("UPDATE `{$db_prefix}replies` SET `adminrepcontent`='{$adminreplycontent}' , {$queryplus} WHERE `repid`='{$repid}'"); if ($ajax != 'on') {
if ($p['newpsw'] != $p['confirmpsw']) { catcherror($lna[496]); } $password = "******" . md5($p['newpsw']) . "', "; } else { $password = ""; } } $email = strtolower(trimplus(safe_convert($p['email']))); $homepage = trimplus(safe_convert($p['homepage'])); $gender = floor($p['gender']); $qq = floor($p['qq']); $msn = trimplus(safe_convert($p['msn'])); $skype = trimplus(safe_convert($p['skype'])); $from = trimplus(safe_convert($p['from'])); $intro = trimplus(safe_convert($p['intro'])); $musergroup = floor($p['usergroup']); if ($job == 'savenewuser') { $currentuserid = $maxrecord['maxuserid'] + 1; $imajikan = time(); $blog->query("INSERT INTO `{$db_prefix}user` VALUES ('{$currentuserid}', '{$username}', '{$password}', '{$imajikan}', '{$musergroup}', '{$email}', '{$homepage}', '{$qq}', '{$msn}', '{$intro}', '{$gender}', '{$skype}', '{$from}', '0', '{$userdetail['ip']}', '')"); $blog->query("UPDATE `{$db_prefix}maxrec` SET `maxuserid`=`maxuserid`+1"); $blog->query("UPDATE `{$db_prefix}counter` SET `users`=`users`+1"); } else { $blog->query("UPDATE `{$db_prefix}user` SET {$password} `usergroup`='{$musergroup}', `email`='{$email}', homepage='{$homepage}', qq='{$qq}', msn='{$msn}', intro='{$intro}', gender='{$gender}', skype='{$skype}', `fromplace`='{$from}' WHERE `userid`='{$p['userid']}'"); recache_adminlist(); } catchsuccess($finishok2, array($backtouseradmin, $backtoaddnew)); } if ($job == 'deluser') { if ($itemid === '') {
$lastpost = $_COOKIE['lastpost']; if ($nowtime['timestamp'] - $lastpost < $permission['MinPostInterval']) { catcherror($lnc[210]); } $findintable = $job == 'openidaddreply' ? 'replies' : 'messages'; $findreplies = $blog->getbyquery("SELECT * FROM `{$db_prefix}{$findintable}` WHERE `repip`='{$userdetail['ip']}' ORDER BY `reptime` DESC LIMIT 1"); if ($findreplies['repip'] == $userdetail['ip']) { if ($nowtime['timestamp'] - $findreplies['reptime'] < $permission['MinPostInterval']) { catcherror($lnc[210]); } } acceptrequest('openid_url,stat_html,stat_ubb,stat_emot,stat_property,v_content,v_id,v_security,onetimecounter'); if (!$openid_url) { catcherror($lnc[212]); } $v_id = intval(trimplus($v_id)); if ($job == 'openidaddreply') { checkpermission('Reply'); if ($permission['SeeHiddenEntry'] != 1) { $limitmore = "AND `property`<>2"; } $originblog = $blog->getbyquery("SELECT * FROM `{$db_prefix}blogs` WHERE `blogid`='{$v_id}' AND `property`<>1 AND `property`<>3 {$limitmore}"); if ($originblog['blogid'] != $v_id) { $cancel = $lnc[211]; } else { $allowedgp = @explode('|', $originblog['permitgp']); if ($originblog['permitgp'] != '' && !@in_array($userdetail['usergroup'], $allowedgp)) { $cancel = $lnc[211]; } } } else {
$replierid = $userchecker['userid']; @setcookie('userid', $userchecker['userid']); @setcookie('userpsw', $v_password); } else { if ($userchecker['username']) { $cancel = $lnc[308]; } if (@in_iarray($v_replier, $adminlist)) { $cancel = $lnc[212]; } $replier = $v_replier; $replierid = -1; } } } $v_content = safe_convert(trimplus($v_content), $html); if ($v_content == '') { $cancel = $lnc[214]; } if (strlen($v_content) > $permission['MaxPostLength']) { $cancel = $lnc[214]; } if (preg_search($v_content, $forbidden['banword'])) { $cancel = $lnc[214]; } catcherror($cancel); if ($mbcon['censorall'] == '1') { $suspectspam = 1; } elseif ($mbcon['antispam'] == '1' && $permission['NoSpam'] != 1) { //If the post contains more than X links, it may be a spam if (substr_count($v_content, 'http://') >= $mbcon['susurlnum']) {