API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Jul 14th, 2017
205
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 21.35 KB | None | 0 0
raw download clone embed print report
  1. PHP Notice: Undefined variable: check in add.inc
  2.  
  3. if ($settings['fckeditor'] != 1) {
  4. $check['content'] = wordwrap_utf8(trim($check['content']), 30);
  5. $check['content'] = str_replace("r", "", $check['content']);
  6. $check['content'] = str_replace("n", "<br />", $check['content']);
  7. }
  8.  
  9. } else {
  10. $check['content'] = trim(str_replace("<br />", "n", $check['content']));
  11. //upd1702090
  12. $check['content'] = stripslashes($check['content']);
  13. }
  14.  
  15.  
  16. if (count($check) > 0) {
  17. echo "n<script>nn";
  18. foreach ($check as $k => $v) {
  19. if (is_array($v) && count($v) > 0) {
  20. echo "fields['" . $k . "'] = new Array();n";
  21. foreach ($v as $kk => $vv) {
  22. echo "fields['" . $k . "'][" . $kk . "] = '" . $vv . "';n";
  23. }
  24. }
  25.  
  26. <?php //477
  27. /*
  28. Скрипт доски объявлений
  29. Elite-Board 2
  30. Тихомиров Юрий
  31. Санкт-Петербург
  32. 2009 - 2010
  33.  
  34. версия модуля: 260110
  35. */
  36. if (!$exe) {
  37.  
  38.  
  39. include(COREPATH . 'admin/inc/services_list.php');
  40.  
  41. if (isset($_GET['region'])) if (is_numeric($_GET['region'])) $check['region'] = $_GET['region'];
  42. if (isset($_GET['category'])) if (is_numeric($_GET['category'])) $check['cat'] = $_GET['category'];
  43.  
  44. $editable = false;
  45. if (!isset($_POST['submit'])) $_POST['submit'] = "";
  46. if ($_POST['submit'] != "") {
  47. setcookie('user_id', md5(rand(0, 10000000)), (time() + 86400), "/");
  48. }
  49.  
  50.  
  51. function get_childres_first_level($id, $cats)
  52. {
  53. $return = array();
  54. if (count($cats) > 0) {
  55. foreach ($cats as $v) {
  56. if ($v['parent'] == $id && $v['id'] != "") {
  57. $return[] = $v['id'];
  58. }
  59. }
  60. }
  61. return $return;
  62. }
  63.  
  64. function echo_parents($id, $cats, $cats_id, $select_id = 'none', $noselect2 = false)
  65. {
  66. global $locale;
  67. static $html = array();
  68. $temp = "";
  69. $noselect = false;
  70. if ($id == "") {
  71. $id = 0;
  72. }
  73.  
  74. $childres = get_childres_first_level($id, $cats);
  75.  
  76. if (count($childres) > 0) {
  77. $temp .= "n<div class='select-form'><select size='1' onChange='loadPage(this)' class='add' style='margin-bottom:3px;'>n";
  78. $temp .= "<option value='0'>" . $locale[81] . "</option>n";
  79. foreach ($childres as $v) {
  80. $temp .= "<option value='" . $v . "'";
  81. if ($v == $select_id && !$noselect2) {
  82. $temp .= " selected ";
  83. }
  84. $temp .= ">" . $cats_id[$v]['name'] . "</option>n";
  85. }
  86. $temp .= "n</select></div>n";
  87. } elseif (!$noselect) {
  88. if (!isset($_GET['search'])) $_GET['search'] = "";
  89. if ($_GET['search'] != "true") {
  90. $temp .= '<center><div class="selected">' . $locale[82] . '</div></center>';
  91. }
  92. $temp .= '<script>top.document.add.add_' . $_GET['cat'][2] . '.value="' . $id . '";</script>';
  93.  
  94. if ($_GET['cat'][2] == "cat") {
  95. $temp .= '<script>top.loadFields("' . $id . '");</script>';
  96. }
  97. }
  98. if (($id != 0 && $id != "") and (!$noselect || count($childres) == 0)) {
  99. echo_parents($cats_id[$id]['parent'], $cats, $cats_id, $id, $noselect);
  100.  
  101. }
  102. $html[] = $temp;
  103. return $html;
  104. }
  105.  
  106. $settings['title'] = $locale[69];
  107.  
  108. if ($freetail > 0 && $_POST['submit'] == "") {
  109. $settings['title'] .= ' (' . $locale[821] . ': ' . $freetail . ')';
  110. }
  111.  
  112. if (!isset($_GET['cat'][1])) $_GET['cat'][1] = "";
  113. if (!isset($_GET['cat'][2])) $_GET['cat'][2] = "";
  114.  
  115. $act = $_GET['cat'][1];
  116. $act2 = $_GET['cat'][2];
  117.  
  118. $title_normal[1] = array('link' => $settings['patch'] . $cat . '/', 'name' => $settings['title']);
  119.  
  120. if ($act == "select" && ($act2 == "cat" || $act2 == "region")) {
  121. //include('includes/funct-tree.php');
  122. if (!isset($_GET['i'])) $_GET['i'] = "";
  123. $cat = $_GET['i'];
  124.  
  125. if ($act2 == 'cat') {
  126. $_cat_array = $cats;
  127. $_cat_id_array = $cats_id;
  128.  
  129. } elseif ($act2 == 'region') {
  130. $_cat_array = $regions;
  131. $_cat_id_array = $regions_id_;
  132. }
  133. if (is_numeric($cat) || $cat == "") {
  134. setcookie('add_' . $act2, $cat, (time() + 10800), '/');
  135. $select_array = echo_parents($cat, $_cat_array, $_cat_id_array);
  136. $smarty->assign('act2', $act2);
  137. $smarty->assign('select_array', $select_array);
  138. $smarty->display('add_select.html');
  139. }
  140. die();
  141. }
  142.  
  143. if (!isset($_POST['form_id'])) $_POST['form_id'] = "";
  144. if ($_POST['form_id'] == "") {
  145. $form_id = md5(make_password(32));
  146. } else {
  147. $form_id = $_POST['form_id'];
  148. }
  149. $smarty->assign('form_id', $form_id);
  150.  
  151. $emailstatus = 0;
  152. if ($settings['sms'] == 1) {
  153. $emailstatus = 1;
  154. }
  155.  
  156. $ExistedUserError = false;
  157. $ExistedUserErrorNoEmail = false;
  158. $RegisteredUser = false;
  159. $WriteNewUser = false;
  160. if ($_POST['submit'] != "" && !$settings['user'] && $_POST['password1'] != "" && $_POST['email'] != "" && email_check($_POST['email'])) {
  161. $pass = md5($_POST['password1']);
  162. $dat = dbarray(dbquery("SELECT * FROM " . PREF . "users WHERE email='" . $_POST['email'] . "'"));
  163.  
  164. if ($dat) {
  165. if ($dat['pass'] == $pass) {
  166. if ($dat['email_status'] != 1) {
  167. $ExistedUserErrorNoEmail = $_POST['email'];
  168. } else {
  169. setcookie('userid', $dat['id'], ($settings['time'] + $settings['cookie_time']), "/");
  170. setcookie('pass', $pass, ($settings['time'] + $settings['cookie_time']), "/");
  171. $settings['user'] = $dat;
  172. }
  173. } else {
  174. $ExistedUser = true;
  175. }
  176. } elseif ($_POST['password1'] == $_POST['password2'] && strlen($_POST['password1']) > 5 && email_check($_POST['email'])) {
  177.  
  178. if ($settings['default_user_balance'] == "")
  179. $settings['default_user_balance'] = 0;
  180.  
  181.  
  182. dbquery("INSERT INTO " . PREF . "users SET email = '" . $_POST['email'] .
  183. "', name='" . $_POST['name'] . "', pass='" . $pass . "', status='" . $settings['default_user_status'] .
  184. "', balance=" . $settings['default_user_balance'] . ", email_status=" . $emailstatus .
  185. ", date=" . $settings['time']);
  186. $RegisteredUser = true;
  187. $userid = mysql_insert_id_u();
  188.  
  189.  
  190. if ($userid) {
  191. $WriteNewUser = array();
  192. $WriteNewUser['id'] = $userid;
  193. $WriteNewUser['pass'] = $pass;
  194. $WriteNewUser['name'] = $_POST['name'];
  195.  
  196. $dat = dbarray(dbquery("SELECT * FROM " . PREF . "users WHERE id='" . $userid . "'"));
  197. setcookie('userid', $userid, ($settings['time'] + $settings['cookie_time']), "/");
  198. setcookie('pass', $pass, ($settings['time'] + $settings['cookie_time']), "/");
  199. $settings['user'] = $dat;
  200.  
  201. }
  202.  
  203.  
  204. }
  205. }
  206.  
  207. } else {
  208. echo "
  209. <script>
  210. var form_id = '" . $form_id . "';
  211.  
  212. </script>
  213. ";
  214.  
  215. if ($act == "") {
  216. include(COREPATH . 'fields.php');
  217.  
  218. $res = dbquery("SELECT * FROM " . PREF . "timing order by sort");
  219. $timing = array();
  220. while ($dat = dbarray($res)) {
  221. $timing[] = $dat;
  222. $timing_id[$dat['id']] = $dat;
  223. }
  224.  
  225.  
  226. if ($_POST['submit'] != "") {
  227. $err = array();
  228.  
  229.  
  230. $redirect = false;
  231.  
  232. if (!isset($_POST['password1'])) $_POST['password1'] = "";
  233.  
  234. if ($_POST['password1'] != "") {
  235. if (!$settings['user']) {
  236. if ($ExistedUser) {
  237. $err[] = $locale[989];
  238. } elseif ($_POST['password1'] != $_POST['password2']) {
  239. $err[] = $locale[38];
  240. } elseif (strlen($_POST['password1']) < 6) {
  241. $err[] = $locale[990];
  242. } elseif (isset($ExistedUserErrorNoEmail)) { // && $settings['active_service'] != 1
  243. $err[] = $locale[1043] . '. <a href="' . PATH . 'email_confirmation/?show_notice&email=' . base64_encode($_POST['email']) . '">' . $locale[1047] . '</a>';
  244. }
  245. }
  246. } elseif ($settings['unreg'] != 1 && !$settings['user']) {
  247. $err[] = $locale[987];
  248. }
  249.  
  250.  
  251. if (ADMINSTATUS || @in_array('edit', $settings['user']['actions'])) {
  252. $__text = $__POST['content'];
  253. $__POST['content'] = 'nocheck';
  254. }
  255. //
  256. if ($settings['active_service'] == 1) {
  257. $_POST['timing'] = $timing[0]['id'];
  258. }
  259.  
  260.  
  261. $bemail = "";
  262. if (isset($_POST['email'])) {
  263. if ($_POST['email'] != "") {
  264. $bemail = $_POST['email'];
  265. }
  266. }
  267.  
  268. $bsql = "SELECT * FROM " . PREF . "blacklist WHERE (v='" . $settings['ip'] . "' AND k='i')";
  269. if ($settings['user']) {
  270. $bsql .= " OR (k='u' AND v='" . $settings['user']['id'] . "')";
  271. $bemail = $settings['user']['email'];
  272. }
  273. if ($bemail != "") {
  274. $bsql .= " OR (k='e' AND v='" . $bemail . "')";
  275. }
  276. $bsql = dbarray(dbquery($bsql));
  277.  
  278. if (isset($bsql['id'])) {
  279. $err[] = "<b>" . $locale[914] . "</b>";
  280. }
  281.  
  282. if (count($err) == 0) {
  283. $btext = array();
  284. $res = dbquery("SELECT v FROM " . PREF . "blacklist WHERE k='t'");
  285. while ($dat = dbarray($res)) {
  286. if (strstr($_POST['content'], $dat['v']) || strstr($_POST['title'], $dat['v'])) {
  287. $err[] = "<b>" . $locale[915] . "</b>";
  288. break;
  289. }
  290. }
  291. }
  292.  
  293.  
  294. include(COREPATH . 'check_form.php');
  295.  
  296. $approved = 0;
  297. if (ADMINSTATUS || @in_array('edit', $settings['user']['actions'])) {
  298. $check['content'] = addslashes($__text);
  299. $approved = 1;
  300. }
  301. if ($settings['active_service'] == 1) {
  302. $count = $_POST['active_service'];
  303. $service = $services['a'];
  304. if ($count == "") {
  305. $err[] = $locale[636];
  306. } elseif ($_POST['active_days'] < $service['min']) {
  307. $err[] = $locale[638];
  308. } elseif ($_POST['active_days'] > $service['max']) {
  309. $err[] = $locale[637];
  310. } elseif ($settings['user'] && $settings['user']['balance'] < $count) {
  311. //$err[] = $locale[180];
  312. }
  313. $check['active_service'] = $count;
  314. $check['active_days'] = $_POST['active_days'];
  315. $days = round($count / $service['price']);
  316.  
  317.  
  318. if (count($err) == 0) {
  319. $date_del = $settings['time'] + 86400 * $days;
  320. }
  321. }
  322.  
  323.  
  324. if (count($err) == 0) {
  325.  
  326.  
  327. if ($settings['fckeditor'] != 1) {
  328. $check['content'] = wordwrap_utf8(trim($check['content']), 30);
  329. $check['content'] = str_replace("r", "", $check['content']);
  330. $check['content'] = str_replace("n", "<br />", $check['content']);
  331. }
  332. if ($settings['user']) {
  333. $check['name'] = "";
  334. $check['email'] = "";
  335. }
  336. $sstatus = $settings['default_message_status'];
  337. if ($settings['active_service'] == '1') $sstatus = 2;
  338. if ($WriteNewUser) $sstatus = 2;
  339. $sql = "INSERT INTO " . PREF . "db SET
  340. uid='" . $form_id . "',
  341. ip='" . $settings['ip'] . "',
  342. cat='" . $check['cat'] . "',
  343. user='" . $check['name'] . "',
  344. region='" . $check['region'] . "',
  345. date_add='" . $settings['time'] . "',
  346. date_del='" . $date_del . "',
  347. user_id='" . $settings['user']['id'] . "',
  348. status='" . $sstatus . "',
  349. sendmail='0',
  350. email='" . $check['email'] . "',
  351. title='" . wordwrap_utf8(trim($check['title']), 50) . "',
  352. text='" . $check['content'] . "',
  353. marked='0',
  354. approved='" . $approved . "',
  355. raised='0'" . $write_fields;
  356.  
  357. dbquery($sql);
  358.  
  359. $save_id = mysql_insert_id_u();
  360.  
  361. if ($WriteNewUser) dbquery("INSERT INTO " . PREF . "db_disabled SET message='" . $save_id . "', user='" . $WriteNewUser['id'] . "'");
  362.  
  363. if ($settings['default_message_status'] == '1') {
  364. edit_cat_counter('+1', $check['cat'], $check['region'], $save_id);
  365. }
  366.  
  367. $smarty->assign('save_id', $save_id);
  368.  
  369. $link = "";
  370.  
  371. $smarty->assign('save_id', $save_id);
  372.  
  373. $link = "";
  374. if (count($_GET['region']) > 0) {
  375. $newregion = "";
  376. $newregion1 = get_array_linenav($check['region'], $regions_id_);
  377. foreach ($newregion1 as $v) {
  378. $newregion .= $v['uri'] . '/';
  379. }
  380. $link = $settings['path'] . $newregion . MESSAGES . '/' . $save_id . '-' . cpu($check['title'], $locale['symb']) . '.html';
  381. } else {
  382. $link = $settings['path'] . MESSAGES . '/' . $save_id . '-' . cpu($check['title'], $locale['symb']) . '.html';
  383. }
  384. $smarty->assign('link', $link);
  385.  
  386. if (count($_GET['region']) > 0) {
  387. $newregion = "";
  388. $newregion1 = get_array_linenav($check['region'], $regions_id_);
  389. foreach ($newregion1 as $v) {
  390. $newregion .= $v['uri'] . '/';
  391. }
  392. $link = $settings['path'] . $newregion . MESSAGES . '/' . $save_id . '-' . cpu($check['title'], $locale['symb']) . '.html';
  393. } else {
  394. $link = $settings['path'] . MESSAGES . '/' . $save_id . '-' . cpu($check['title'], $locale['symb']) . '.html';
  395. }
  396. $smarty->assign('link', $link);
  397.  
  398. include(COREPATH . 'save_files.php');
  399. include(COREPATH . 'save_tags.php');
  400.  
  401. if (count($sql_values) > 0) {
  402. $sql = array();
  403. foreach ($sql_values as $k => $v) {
  404. if (!is_array($v['value'])) {
  405. if (trim($v['value']) != "") {
  406. $sql[] = "(" . $save_id . ", " . $v['field'] . ", '" . $v['value'] . "')";
  407. }
  408. } elseif (count($v['value'] > 0)) {
  409. foreach ($v['value'] as $kk => $vv) {
  410. $sql[] = "(" . $save_id . ", " . $v['field'] . ", '" . $kk . "')";
  411. }
  412. }
  413. }
  414. if (count($sql) > 0) {
  415. $sql = "INSERT INTO " . PREF . "db_fields (message, field, value)nVALUESn" . implode(",n", $sql);
  416. dbquery($sql);
  417. }
  418. }
  419.  
  420.  
  421. //upd1701270
  422. if ($settings['subscribe'] == 1 && $sstatus == 1) {
  423. include(COREPATH . 'subscribe.php');
  424. }
  425.  
  426. $redirect = $save_id;
  427.  
  428. if ($settings['active_service'] == 1) {
  429. if ($settings['user']) {
  430. $user_id = $settings['user']['id'];
  431. } else {
  432. $user_id = 0;
  433. }
  434. $payment_id = make_payment($count, 0, $save_id, 'a');
  435. $smarty->assign('payment_id', $payment_id);
  436. $smarty->assign('count', $count);
  437. }
  438.  
  439. if ($WriteNewUser) {
  440. $link = $settings['http'] . "://" . $settings['site_address'] . $settings['patch'] .
  441. "users/email_confirmation/?user_id=" . $WriteNewUser['id'] . "&key=" . md5($WriteNewUser['id'] .
  442. $WriteNewUser['pass'] . $settings['rand']);
  443. $vars['title'] = TITLE;
  444. $vars['user'] = $WriteNewUser['name'];
  445. $vars['link'] = "<a href='" . $link . "'>" . $link . "</a>";
  446.  
  447.  
  448. if ($emailstatus == 0) {
  449. send_mail($_POST['email'], TITLE . ' / ' . $locale[49], $board_msg['reg_check'], $vars);
  450. } else {
  451. cms_syncusers();
  452. }
  453. }
  454. } else {
  455. if ($WriteNewUser) {
  456. dbquery("DELETE FROM " . PREF . "users WHERE id='" . $WriteNewUser['id'] . "'");
  457. $check['user'] = $_POST['name'];
  458. $check['email'] = $_POST['email'];
  459. }
  460. }
  461.  
  462. }
  463.  
  464. if ($settings['fckeditor'] == 1) {
  465. /*
  466. include(FULLPATCH.'fckeditor/fckeditor.php');
  467. $sBasePath = $settings['patch'].'fckeditor/' ;
  468. $oFCKeditor = new FCKeditor('content') ;
  469. $oFCKeditor->BasePath = $sBasePath ;
  470. //$oFCKeditor->Height = '100%' ;
  471. if($settings['editable'])
  472. {
  473. $oFCKeditor->ToolbarSet = 'Board_Admin';
  474. }
  475. else
  476. {
  477. $oFCKeditor->ToolbarSet = 'Board_Add';
  478. }
  479. if(!isset($check['content'])) $check['content'] = "";
  480. $oFCKeditor->Value = $check['content'] ;
  481. $fck = $oFCKeditor->Create() ;
  482. $smarty->assign('fckeditor', $fck);
  483. */
  484. } else {
  485. $check['content'] = trim(str_replace("<br />", "n", $check['content']));
  486. //upd1702090
  487. $check['content'] = stripslashes($check['content']);
  488. }
  489.  
  490.  
  491. if (count($check) > 0) {
  492. echo "n<script>nn";
  493. foreach ($check as $k => $v) {
  494. if (is_array($v) && count($v) > 0) {
  495. echo "fields['" . $k . "'] = new Array();n";
  496. foreach ($v as $kk => $vv) {
  497. echo "fields['" . $k . "'][" . $kk . "] = '" . $vv . "';n";
  498. }
  499. }
  500. if ($k != 'content' && !is_array($v)) {
  501. $check[$k] = trim(str_replace('<br />', "n", $check[$k]));
  502. if (substr($k, 0, 2) == 'f_') {
  503. if (isset($fields[$k]['type'])) {
  504. if ($fields[$k]['type'] == 'y') {
  505. if (strpos($check[$k], '/') === FALSE && $check[$k] != "") {
  506. $check[$k] = 'https://www.youtube.com/watch?v=' . $check[$k];
  507. }
  508. }
  509. }
  510. //upd1702090
  511. $vl = encode_for_js($check[$k]);
  512.  
  513. echo "fields['" . $k . "'] = '" . $vl . "';n";
  514. }
  515. }
  516. if (isset($fields[$k]['type'])) {
  517. if ($fields[$k]['type'] == 'j') {
  518. echo "yamaps['" . $k . "'] = '" . $v . "';n";;
  519. }
  520. }
  521. }
  522. echo "n</script>n";
  523. }
  524.  
  525. if ($settings['active_service'] == 1) {
  526. if ($check['active_service'] > $settings['user']['balance']) {
  527. $err[] = '<a href="' . $settings['path'] . 'users/pay/" target="_blank">' . $locale[180] . '</a>';
  528. $redirect = false;
  529. }
  530. }
  531.  
  532.  
  533. if (!isset($redirect)) {
  534. $redirect = false;
  535. }
  536. if (!isset($err)) {
  537. $err = array();
  538. }
  539. $smarty->assign('editable', $editable);
  540. $smarty->assign('redirect', $redirect);
  541. $smarty->assign('err', $err);
  542. $smarty->assign('check', $check);
  543. $smarty->assign('timing', $timing);
  544. $smarty->assign('fields', $fields);
  545. $smarty->assign('RegisteredUser', $RegisteredUser);
  546.  
  547. if ($settings['active_service'] == 1 && $_POST['submit'] != "" && count($err) == 0) {
  548.  
  549. $smarty->display('add2.html');
  550. } elseif ($settings['sms'] == 1 && $settings['user']['phone'] == '') {
  551. echo '
  552. <div align="center" style="margin:50px;"><a href="' . $settings['path'] . 'users/info/">' . $locale[871] . '</a></div>
  553. ';
  554. } else {
  555. $smarty->display('add.html');
  556. }
  557. } elseif ($act == 'debit' && is_numeric($_GET['payment_id'])) {
  558. $res = dbquery("SELECT amount FROM " . PREF . "payments WHERE status=0 AND id=" . $_GET['payment_id']);
  559. $dat = dbarray($res);
  560.  
  561. if ($dat) {
  562. update_balance($settings['user']['id'], 'o', $dat['amount'], $locale[291]);
  563. make_order($_GET['payment_id'], '');
  564. $smarty->assign('ok', true);
  565. $smarty->display('add2.html');
  566. }
  567.  
  568. }
  569. }
  570.  
  571. ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!