Pastebin.com - Printed Paste ID: https://pastebin.com/

1. <?php
2. ############################################
3. ######## ESSENTIAL CORE HEAD START #########
4. ############################################
5. $child_dir = get_stylesheet_directory();
6. $child_fn_dir = get_stylesheet_directory() . '/library/functions/';
7. if (file_exists($child_dir.'/child.txt')) {
8. $ct_on=1;
9. } else{$ct_on=0;}
10.  
11. if(isset($_REQUEST['ajax']) && $_REQUEST['ajax'] != '')
12. {
13. include_once(TEMPLATEPATH.'/ajax_queries.php');exit;
14. }else
15. if(isset($_REQUEST['export']) && $_REQUEST['export'] != '')
16. {
17. include_once(TEMPLATEPATH.'/export.php');exit;
18. }else
19. if(isset($_REQUEST['pay_mobile']) && $_REQUEST['pay_mobile'] != '')
20. {
21. include_once(TEMPLATEPATH.'/app/paypal_mobile_response.php');exit;
22. }else
23. if(isset($_REQUEST['api']) && $_REQUEST['api'] != '')
24. {
25. include_once(TEMPLATEPATH.'/app/api_get_markers.php');exit;
26. }else
27. if(isset($_REQUEST['ptype']) && $_REQUEST['ptype'] == 'get_markers')
28. {
29. if($ct_on && file_exists($child_dir.'/library/map/get_markers.php')){include_once($child_dir.'/library/map/get_markers.php');exit;}
30. else{include_once (TEMPLATEPATH . '/library/map/get_markers.php');exit;}
31. }else
32. if(isset($_REQUEST['ptype']) && $_REQUEST['ptype'] == 'ga')
33. {
34. if($ct_on && file_exists($child_dir.'/library/includes/google_analytics.php')){include_once ($child_dir.'/library/includes/google_analytics.php');}
35. else{include_once (TEMPLATEPATH . '/library/includes/google_analytics.php');}exit;
36. }else
37. if(isset($_REQUEST['ptype']) && $_REQUEST['ptype'] == 'calendar')
38. {
39. if($ct_on && file_exists($child_dir.'/library/calendar/calendar.php')){include_once ($child_dir.'/library/calendar/calendar.php');}
40. else{include_once (TEMPLATEPATH . '/library/calendar/calendar.php');}exit;
41. }else
42. if(isset($_REQUEST['ptype']) && $_REQUEST['ptype'] == 'favorite')
43. {
44. if(isset($_REQUEST['action']) && $_REQUEST['action']=='add')
45. {
46. add_to_favorite($_REQUEST['pid']);
47. }else{
48. remove_from_favorite($_REQUEST['pid']);
49. }
50. }else
51. if(isset($_REQUEST['ptype']) && $_REQUEST['ptype']=='profile')
52. {
53. global $current_user;
54. if(!$current_user->data->ID)
55. {
56. wp_redirect(site_url().'/?ptype=login');
57. exit;
58. }
59. if($ct_on && file_exists($child_dir.'/library/includes/profile.php')){include_once ($child_dir.'/library/includes/profile.php');}
60. else{include_once (TEMPLATEPATH . '/library/includes/profile.php');}exit;
61. }elseif(isset($_REQUEST['ptype']) && $_REQUEST['ptype'] == 'phpinfo')
62. { echo 'Access Denied!'; // Added by Stiofan
63. //echo phpinfo();exit; // removed by Stiofan hebtech.co.uk ### Not a security risk by it's self but a window in to your server for the baddies ###
64. }elseif(isset($_REQUEST['ptype']) && $_REQUEST['ptype'] == 'csvdl')
65. {
66. if($ct_on && file_exists($child_dir."/library/includes/csvdl.php")){include_once ($child_dir."/library/includes/csvdl.php");}
67. else{include_once (TEMPLATEPATH . "/library/includes/csvdl.php");}
68. }
69. elseif(isset($_REQUEST['ptype']) && ($_REQUEST['ptype'] == 'register' || $_REQUEST['ptype'] == 'login'))
70. {
71. if($ct_on && file_exists($child_dir."/library/includes/registration.php")){include_once ($child_dir."/library/includes/registration.php");}
72. else{include_once (TEMPLATEPATH . "/library/includes/registration.php");}
73. }
74. elseif(isset($_REQUEST['ptype']) && $_REQUEST['ptype'] == 'verify')
75. {
76. if($ct_on && file_exists($child_dir."/library/includes/claim_listing_verify.php")){include_once ($child_dir."/library/includes/claim_listing_verify.php");}
77. else{include_once (TEMPLATEPATH . "/library/includes/claim_listing_verify.php");}
78. }
79. elseif(isset($_REQUEST['ptype']) && $_REQUEST['ptype']=='post_listing' && $_REQUEST['pid']){
80. $id = $_REQUEST['pid'];
81. if(get_edit_post_link($id)){
82. if($ct_on && file_exists($child_dir.'/submit_place.php')){include_once ($child_dir.'/submit_place.php');}
83. else{include_once (TEMPLATEPATH . '/submit_place.php');}exit;
84. }else echo 'Access Denied!';
85. }elseif(isset($_REQUEST['ptype']) && $_REQUEST['ptype']=='post_listing')
86. {
87. if($_REQUEST['ptype']=='post_listing' && get_option('is_user_addevent')=='0'){wp_redirect(site_url());exit;}
88. if($ct_on && file_exists($child_dir.'/submit_place.php')){include_once ($child_dir.'/submit_place.php');}
89. else{include_once (TEMPLATEPATH . '/submit_place.php');}exit;
90. }elseif(isset($_REQUEST['ptype']) && $_REQUEST['ptype']=='post_event')
91. {
92. if($_REQUEST['ptype']=='post_event' && get_option('is_user_eventlist')=='0' && $_REQUEST['pid']==''){wp_redirect(site_url());exit;}
93. if($ct_on && file_exists($child_dir.'/submit_event.php')){include_once ($child_dir.'/submit_event.php');}
94. else{include_once (TEMPLATEPATH . '/submit_event.php');}exit;
95. }
96. elseif(isset($_REQUEST['ptype']) && $_REQUEST['ptype'] == 'preview')
97. {
98. if($_REQUEST['pid']) //SECURITY FIX BY STIOFAN HEBTECH.CO.UK - CHECK IF USER HAS PERMISION TO VIEW DELETE LISTING PAGE
99. {
100. $id = $_REQUEST['pid'];
101. if(get_edit_post_link($id)){
102. if($ct_on && file_exists($child_dir."/library/includes/preview.php")){include_once ($child_dir."/library/includes/preview.php");}
103. else{include_once (TEMPLATEPATH . "/library/includes/preview.php");}
104. }elseif($_REQUEST['alook']){
105. if($ct_on && file_exists($child_dir."/library/includes/preview.php")){include_once ($child_dir."/library/includes/preview.php");}
106. else{include_once (TEMPLATEPATH . "/library/includes/preview.php");}
107. }
108. else echo 'Access Denied!';
109.  
110. }else {if($ct_on && file_exists($child_dir."/library/includes/preview.php")){include_once ($child_dir."/library/includes/preview.php");}
111. else{include_once (TEMPLATEPATH . "/library/includes/preview.php");}}
112. }
113. elseif(isset($_REQUEST['ptype']) && $_REQUEST['ptype'] == 'preview_event')
114. {
115. if($_REQUEST['pid']) //SECURITY FIX BY STIOFAN HEBTECH.CO.UK - CHECK IF USER HAS PERMISION TO VIEW DELETE LISTING PAGE
116. {
117. $id = $_REQUEST['pid'];
118. if(get_edit_post_link($id)){
119. if($ct_on && file_exists($child_dir."/library/includes/preview_event.php")){include_once ($child_dir."/library/includes/preview_event.php");}
120. else{include_once (TEMPLATEPATH . "/library/includes/preview_event.php");}
121. }elseif($_REQUEST['alook']){if($ct_on && file_exists($child_dir."/library/includes/preview_event.php")){include_once ($child_dir."/library/includes/preview_event.php");}
122. else{include_once (TEMPLATEPATH . "/library/includes/preview_event.php");}}
123.  
124. else echo 'Access Denied!';
125.  
126. }else {if($ct_on && file_exists($child_dir."/library/includes/preview_event.php")){include_once ($child_dir."/library/includes/preview_event.php");}
127. else{include_once (TEMPLATEPATH . "/library/includes/preview_event.php");}}
128. }
129. elseif(isset($_REQUEST['ptype']) && $_REQUEST['ptype'] == 'paynow')
130. {
131. if($ct_on && file_exists($child_dir."/library/includes/paynow.php")){include_once ($child_dir."/library/includes/paynow.php");}
132. else{include_once (TEMPLATEPATH . "/library/includes/paynow.php");}
133. }elseif(isset($_REQUEST['ptype']) && $_REQUEST['ptype'] == 'paynow_event')
134. {
135. if($ct_on && file_exists($child_dir."/library/includes/paynow_event.php")){include_once ($child_dir."/library/includes/paynow_event.php");}
136. else{include_once (TEMPLATEPATH . "/library/includes/paynow_event.php");}
137. }
138. elseif(isset($_REQUEST['ptype']) && $_REQUEST['ptype'] == 'cancel_return')
139. {
140. if($ct_on && file_exists($child_dir.'/library/includes/cancel.php')){include_once ($child_dir.'/library/includes/cancel.php');}
141. else{include_once (TEMPLATEPATH . '/library/includes/cancel.php');}
142. exit;
143. }
144. elseif(isset($_GET['ptype']) && ($_GET['ptype'] == 'return' || $_GET['ptype'] == 'payment_success')) // PAYMENT GATEWAY RETURN
145. {
146. if($ct_on && file_exists($child_dir.'/library/includes/return.php')){include_once ($child_dir.'/library/includes/return.php');}
147. else{include_once (TEMPLATEPATH . '/library/includes/return.php');}
148. exit;
149. }
150. elseif(isset($_GET['ptype']) && $_GET['ptype'] == 'success') // PAYMENT GATEWAY RETURN
151. {
152. if($ct_on && file_exists($child_dir.'/library/includes/success.php')){include_once ($child_dir.'/library/includes/success.php');}
153. else{include_once (TEMPLATEPATH . '/library/includes/success.php');}
154. exit;
155. }
156. elseif(isset($_GET['ptype']) && $_GET['ptype'] == 'notifyurl') // PAYMENT GATEWAY NOTIFY URL
157. {
158. if(isset($_GET['pmethod']) && $_GET['pmethod'] == 'paypal')
159. {
160. if($ct_on && file_exists($child_dir.'/library/includes/ipn_process.php')){include_once ($child_dir.'/library/includes/ipn_process.php');}
161. else{include_once (TEMPLATEPATH . '/library/includes/ipn_process.php');}
162. }elseif(isset($_GET['pmethod']) && $_GET['pmethod'] == '2co')
163. {
164. if($ct_on && file_exists($child_dir.'/library/includes/ipn_process_2co.php')){include_once ($child_dir.'/library/includes/ipn_process_2co.php');}
165. else{include_once (TEMPLATEPATH . '/library/includes/ipn_process_2co.php');}
166. }
167. exit;
168. }
169. elseif(isset($_REQUEST['ptype']) && $_REQUEST['ptype'] == 'sort_image')
170. {
171. global $wpdb;
172. //echo $_REQUEST['pid'];
173. $arr_pid = explode(',',$_REQUEST['pid']);
174. for($j=0;$j<count($arr_pid);$j++)
175. {
176. $media_id = $arr_pid[$j];
177. if(strstr($media_id,'div_'))
178. {
179. $media_id = str_replace('div_','',$arr_pid[$j]);
180. }
181. $wpdb->query('update '.$wpdb->posts.' set menu_order = "'.$j.'" where ID = "'.$media_id.'" ');
182. }
183. echo 'Image order saved successfully';
184. }
185. elseif(isset($_REQUEST['ptype']) && $_REQUEST['ptype'] == 'delete')
186. {
187. global $current_user;
188. if($_REQUEST['pid']) //SECURITY FIX BY STIOFAN HEBTECH.CO.UK - CHECK IF USER HAS PERMISION TO DELETE LISTING
189. {$pid = $_REQUEST['pid'];
190. if(get_edit_post_link($pid)){
191. wp_delete_post($_REQUEST['pid']);
192. wp_redirect(get_author_link($echo = false, $current_user->data->ID));
193. }else echo 'Access Denied!'; // Added by Stiofan
194. } else echo 'Access Denied!'; // Added by Stiofan
195. }
196. elseif(isset($_REQUEST['ptype']) && $_REQUEST['ptype'] == 'att_delete')
197. {
198. if($_REQUEST['remove'] == 'temp')
199. {
200.  
201. if($_SESSION["file_info"])
202. {
203. $tmp_file_info = array();
204. foreach($_SESSION["file_info"] as $image_id=>$val)
205. {
206. if($image_id == $_REQUEST['pid'])
207. {
208. @unlink(ABSPATH."/".$upload_folder_path."tmp/".$_REQUEST['pid'].".jpg");
209. }else{
210. $tmp_file_info[$image_id] = $val;
211. }
212.  
213. }
214. $_SESSION["file_info"] = $tmp_file_info;
215. }
216.  
217.  
218. }else{
219. wp_delete_attachment($_REQUEST['pid']);
220. }
221. }
222. else
223. {
224. ############################################
225. ######## ESSENTIAL CORE HEAD STOP ##########
226. ############################################
227. get_header(); ?>
228. <div id="wrapper" class="clearfix">
229. <div id="inner_pages" class="clearfix" >
230. <h1><?php the_title(); ?></h1>
231. <div class="breadcrumb clearfix"> <?php if ( get_option( 'ptthemes_breadcrumbs' )) { ?>
232.  
233. <div class="breadcrumb_in"><?php if(function_exists('bcn_display')){bcn_display();} ?></div>
234.  
235. <?php } ?> </div>
236. <div class="clearfix"></div>
237. <div id="content" class="content_index clearfix">
238. <?php if(have_posts()) : ?>
239. <?php while(have_posts()) : the_post() ?>
240. <?php $pagedesc = get_post_meta($post->ID, 'pagedesc', $single = true); ?>
241. <div id="post-<?php the_ID(); ?>" >
242. <div class="entry">
243. <?php the_content(); ?>
244. </div>
245. </div><!--/post-->
246. <?php endwhile; else : ?>
247. <div class="posts">
248. <div class="entry-head"><h2><?php echo ERROR_404_NAME; ?></h2></div>
249. <div class="entry-content"><p><?php echo SOLUTION_404_NAME; ?></p></div>
250. </div>
251. <?php endif; ?>
252. </div> <!-- content #end -->
253.  
254. <?php get_sidebar(); ?>
255. </div>
256. <?php get_footer(); ?>
257. <?php }?>