I need help with the following script

112
.
Добавлено: 24.06.2017 / 00:29
<?php
/*
 * JohnCMS NEXT Mobile Content Management System (http://johncms.com)
 *
 * For copyright and license information, please see the LICENSE.md
 * Installing the system or redistributions of files must retain the above copyright notice.
 *
 * @link        http://johncms.com JohnCMS Project
 * @copyright   Copyright (C) JohnCMS Community
 * @license     GPL-3
 */

define('_IN_JOHNCMS', 1);

require('../system/bootstrap.php');

$id = isset($_REQUEST['id']) ? abs(intval($_REQUEST['id'])) : 0;
$act = isset($_GET['act']) ? trim($_GET['act']) : '';

/** @var Psr\Container\ContainerInterface $container */
$container = App::getContainer();

/** @var PDO $db */
$db = $container->get(PDO::class);

/** @var Johncms\Api\UserInterface $systemUser */
$systemUser = $container->get(Johncms\Api\UserInterface::class);

/** @var Johncms\Api\ToolsInterface $tools */
$tools = $container->get(Johncms\Api\ToolsInterface::class);

/** @var Johncms\Api\ToolsInterface $bbcode */
$bbcode = $container->get(Johncms\Api\BbcodeInterface::class);

/** @var Johncms\Api\ConfigInterface $config */
$config = $container->get(Johncms\Api\ConfigInterface::class);

/** @var Johncms\Counters $counters */
$counters = App::getContainer()->get('counters');

/** @var Zend\I18n\Translator\Translator $translator */
$translator = $container->get(Zend\I18n\Translator\Translator::class);
$translator->addTranslationFilePattern('gettext', __DIR__ . '/locale', '/%s/default.mo');


$textl = _t('Advertise Website');
$headmod = 'friendssite';
require('../system/head.php');

if (!$systemUser->isValid()) {
    echo 'You are not logged in';
    require ('../system/end.php');
    exit;
}
$maxsite = 1000; //?a?ce?y? ca?o?a
$adddate = 6; //:ec?? a?e? ??c?e peae a?y a?aaa?e?ey ca?oa
$userssite = 3; //:ec?? pacpe|e??ux ca?o?a ca?y ?a??a?  cepa
switch ($act) {
case 'delete':
// Oaa?e?ee ca?oa
$req = mysql_query("SELECT * FROM `friendssite` WHERE id='$id' LIMIT 1");
if ($rights >= 6 && $db->query($req)->rowcount()) {
if (isset($_GET['yes'])) {
mysql_query("DELETE FROM `friendssite`  WHERE `id`='$id' LIMIT 1");
header('location: ' . preg_replace('/(page|start)\=[0-9]+/', '', $_SESSION['prd']));
exit;
} else {
$_SESSION['prd'] = htmlspecialchars(getenv("HTTP_REFERER"));
echo '<div class="orange"><p>Are you sure want to delete site from list..??!<br/><a href="friendssite.php?act=delete&amp;id=' . $id . '&amp;yes">Yes</a> | <a href="' . htmlspecialchars(getenv("HTTP_REFERER")) . '">No</a></p></div>';
}
}
break;

case 'edit':
// Peaa?oep?aa?ee ca?oa
$req = mysql_query("SELECT * FROM `friendssite` WHERE id='$id' LIMIT 1");
if ($rights >= 6 && mysql_num_rows($req)) {
if (isset($_POST['submit'])) {
$adres = isset($_POST['adres']) ? parse_url(trim($_POST['adres'])) : array();
$adres = mb_substr($adres['host'], 0, 25);
$name = isset($_POST['name']) ? mb_substr(trim($_POST['name']), 0, 50) : '';
$opis = isset($_POST['opis']) ? mb_substr(trim($_POST['opis']), 0, 200) : '';
$count = isset($_POST['count']) ? abs(intval($_POST['count'])) : 0;
$error = array();
if (empty($adres) || empty($name) || empty($opis))
$error[] = 'Field not used..!!';
else if (preg_match("/[^\da-zA-Z\.\-\/\?\:\_]+/", $adres))
$error[] = 'Site url not valid..!!';
if($error) {
echo functions::display_error($error, '<a href="friendssite.php?act=edit&amp;id=' . $id . '">Try again..!!</a>');
require_once("../incfiles/end.php");
exit;
}
mysql_query("UPDATE `friendssite` SET `name`='" . $db->quote($name) . "', `opis`='" . $db->quote($opis) . "', `site`='http://" . $db->quote($adres) . "', `count`='$count' WHERE `id`='$id' LIMIT 1");
header('location: ' . preg_replace('/(page|start)\=[0-9]+/', '', $_SESSION['prd']));
exit;
} else {
$_SESSION['prd'] = htmlspecialchars(getenv("HTTP_REFERER"));
$res = mysql_fetch_array($req);
echo '<div class="mainblok"><div class="phdr"><b>Change site</b></div>' .
'<div class="menu"><form action="friendssite.php?act=edit&amp;id=' . $id . '" method="post">' .
'Url&nbsp;-&nbsp;max. 25:<br/><input type="text" size="17" name="adres" maxlength="25" value="' . functions::checkout($res['site']) . '"/><br/> ' .
'nama&nbsp;-&nbsp;max. 50:<br/><input type="text" name="name" maxlength="50" value="' . functions::checkout($res['name']) . '"/><br/>' .
'Description&nbsp;-&nbsp;max. 200:<br/><textarea cols="17" rows="2" name="opis">' . htmlentities($res['opis'], ENT_QUOTES, 'UTF-8') . '</textarea><br/>' .
'Views:<br/><input type="text" size="17" name="count" maxlength="50"  value="' . $res['count'] . '"/><br />' .
'<input name="submit" type="submit" title="click to add site" value="Save"/></form>' .
'</div><div class="phdr"><a href="' . $_SESSION['prd'] . '">Back</a></div></div>';
}
}
break;

case 'redirect':
// &#1056;
$req = mysql_query("SELECT `site` FROM `friendssite` WHERE `id`='$id' AND `type`='1'");
if(mysql_num_rows($req)) {
$res = mysql_fetch_assoc($req);
if (!$_SESSION['fr_site_' . $id]) {
mysql_query("UPDATE `friendssite` SET `count` = (`count`+1) WHERE `id` = '$id' LIMIT 1");
$_SESSION['fr_site_' . $id] = true;
}
header('location:' . $res['site']);
exit;
}
break;

case 'mass_del':
// Macc?a?e yaa?e?ee ca?o?a
if ($rights >= 6) {
if (isset($_GET['yes'])) {
foreach ($_SESSION['dc'] as $delid) {
mysql_query("DELETE FROM `friendssite`  WHERE `id`='" . intval($delid) . "';");
}
header('location: ' . preg_replace('/(page|start)\=[0-9]+/', '', $_SESSION['prd']));
exit;
} else {
if (empty($_POST['delch'])) {
echo functions::display_error('you not choose for delete', '<a href="' . htmlspecialchars(getenv("HTTP_REFERER")) . '">Back</a>');
require_once ("../incfiles/end.php");
exit;
}
foreach ($_POST['delch'] as $v) {
$dc[] = intval($v);
}
$_SESSION['dc'] = $dc;
$_SESSION['prd'] = htmlspecialchars(getenv("HTTP_REFERER"));
echo '<div class="orange"><p>Are you sure want delete this site..??!<br/><a href="?act=mass_del&amp;yes">Yes</a> | <a href="' . htmlspecialchars(getenv("HTTP_REFERER")) . '">No</a></p></div>';
}
}
break;

case 'mod_site':
// Ca?ou ?a ??aepaoee
if ($rights >= 6) {
if (isset($_GET['pr'])) {
mysql_query("UPDATE `friendssite` SET `type` = '1' WHERE `id` = '$id' LIMIT 1");
$total = $db->exec(mysql_query("SELECT COUNT(*) FROM `friendssite` WHERE `type`='1'"), 0);
if ($total > $maxsite)
mysql_query("DELETE FROM `friendssite` where `type`='1' ORDER BY `vr` ASC LIMIT 1");
header("location: friendssite.php?act=mod_site");
exit;
}
elseif (isset($_GET['vs'])) {
$total = $db->exec(mysql_query("SELECT COUNT(*) FROM `friendssite` WHERE `type`='1'"), 0);
if ($total > $maxsite) {
$total_mod = $db->exec(mysql_query("SELECT COUNT(*) FROM `friendssite` WHERE `type`='2'"), 0);
mysql_query("DELETE FROM `friendssite` where `type`='1' ORDER BY `vr` ASC LIMIT $total_mod");
}
mysql_query("UPDATE `friendssite` SET `type` = '1' WHERE `type` = '2'");
header("location: friendssite.php?act=mod_site");
exit;
} else {
echo '<div class="mainblok"><div class="phdr"><b><a href="friendssite.php">Link Exchange</a></b> | Check site</div>';
$req = mysql_query("SELECT `friendssite`.*, `users`.`name` AS `nick` FROM `friendssite` LEFT JOIN `users` ON `friendssite`.`iduser` = `users`.`id` WHERE `friendssite`.`type`='2'");
if(mysql_num_rows($req)) {
echo '<form action="friendssite.php?act=mass_del" method="post">';
while ($res = mysql_fetch_assoc($req)) {
echo $i % 2 ? '<div class="list2">' : '<div class="list1">';
echo '<a href="friendssite.php?act=redirect&amp;id=' . $res['id'] . '"><b>' . functions::checkout($res['name']) . '</b></a><br />' . functions::checkout($res['opis'], 1, 1);
echo '<br/><small>Add <a href="../users/profile.php?user=' . $res['iduser'] . '">' . $res['nick'] . '</a>, ' . functions::display_date($res['vr']) . '</small>';
echo '<div class="sub"><input type="checkbox" name="delch[]" value="' . $res["id"] . '"/>&nbsp;<a href="friendssite.php?act=delete&amp;id=' . $res["id"] . '"><span class="red">Delete</span></a> | <a href="friendssite.php?act=mod_site&amp;id=' . $res["id"] . '&amp;pr">Confirm</a> | <a href="friendssite.php?act=edit&amp;id=' . $res["id"] . '">Change</a></div></div>';
++$i;
}
echo '<div class="orange"><input type="submit" value="delete check it"/></div></form>' .
'<div class="gmenu"><a href="friendssite.php?act=mod_site&amp;vs">Confirm all</a></div>';
}
else
echo '<div class="menu"><p>Empty list..!!</p></div>';
echo '<div class="phdr"><a href="friendssite.php">Back</a></div></div>';
}
}
break;

case 'add_site':
// &#1056;"&#1056;
if (!$user_id || $ban['1'] || $ban['11']) {
header('location: ../index.php');
exit;
}
elseif ($user_id) {
$total_site = $db->exec(mysql_query("SELECT COUNT(*) FROM `friendssite` WHERE `iduser`='$user_id'"), 0);
$error = array();
if ($total_site >= $userssite && $rights < 6)
$error[] = 'user only allowed add one ' . $userssite . ' site..!!';
$flood = functions::antiflood();
if ($flood)
$error[] = 'antiflood..!! Please,wait ' . $flood . ' second..!?';
if ($error) {
echo '<div class="orange">';
echo display_error($error, '<a href="friendssite.php">Please wait..</a>');
echo '</div>';
require_once("../incfiles/end.php");
exit;
}
if (isset($_POST['submit'])) {
$adres = isset($_POST['adres']) ? parse_url(trim($_POST['adres'])) : array();
$adres = mb_substr($adres['host'], 0, 25);
$name = isset($_POST['name']) ? mb_substr(trim($_POST['name']), 0, 50) : '';
$opis = isset($_POST['opis']) ? mb_substr(trim($_POST['opis']), 0, 200) : '';
$type = $rights >= 0 ? 2 : 2;
if (empty($adres) || empty($name) || empty($opis))
$error[] = 'All field must not empty..!!';
else if (preg_match("/[^\da-zA-Z\.\-\/\?\:\_]+/", $adres))
$error[] = 'Url site does not valid..!!';
if (!$error) {
$total = $db->exec(mysql_query("SELECT COUNT(*) FROM `friendssite` WHERE `name`='" . $db->quote($name) . "' OR  `site`='http://" . $db->quote($adres) . "'"), 0);
if ($total >= 1)
$error[] = 'This site url already exist..!!';
}
if ($error) {
echo '<div class="orange">';
echo functions::display_error($error, '<a href="friendssite.php?act=add_site">Try again..!!</a>');
echo '</div>';
require_once("../incfiles/end.php");
exit;
}
mysql_query("INSERT INTO `friendssite` SET `vr`='" . time() . "', `iduser`='$user_id', `type`='$type', `name`='" . $db->quote($name) . "', `opis`='" . $db->quote($opis) . "', `site`='http://" . $db->quote($adres) . "'");
mysql_query("UPDATE `users` SET `lastpost` = '" . time() . "' WHERE `id` = '$user_id'");
echo '<div class="orange">site has added' . ($rights >= 6 ? '' : ' your site gonna show up on list after get verification') . '<br/><a href="friendssite.php">Sites list</a></div>';
} else {
echo '<div class="mainblok"><div class="phdr"><b><a href="friendssite.php">Link Exchange</a></b> &bull; Add site</div>' .
'<div class="bmenu">Only allowed direct link else gonna be cut..!!</div><div class="menu">' .
'<form action="friendssite.php?act=add_site" method="post">' .
'Url&nbsp;-&nbsp;max. 25:<br/><input type="text" size="17" name="adres" maxlength="25" value="http://"/><br/> ' .
'Name&nbsp;-&nbsp;max. 50:<br/><input type="text" size="17" name="name" maxlength="50"/><br/>' .
'Description&nbsp;-&nbsp;max. 200:<br/><textarea cols="17" rows="2" name="opis"></textarea><br/>' .
'<input name="submit" type="submit" title="click to add site" value="Add site"/></form>' .
'</div><div class="phdr"><a href="friendssite.php">Link Exchange</a></div></div>';
}
} else {
header('location: ../index.php');
exit;
}
break;

default:
// C?ec?? ca?o?a
echo '<div class="mainblok"><div class="phdr"><b>Link Exchange</b></div>';
$total_site = $db->exec(mysql_query("SELECT COUNT(*) FROM `friendssite` WHERE `iduser`='$user_id'"), 0);
if (!$user_id || $ban['1'] || $ban['11']) {
#FOR MEMBERS ONLY
}
elseif ($user_id && ($total_site < $userssite || $rights >= 0) && ((time()  - $datauser['datereg']) > ($adddate * 86400) || $rights >= 6)) {
echo '<div class="gmenu"><a href="friendssite.php?act=add_site">Add site</a></div>';
}
if ($rights >= 6) {
$total_mod = $db->exec(mysql_query("SELECT COUNT(*) FROM `friendssite` WHERE `type`='2'"), 0);
if($total_mod)
echo '<div class="orange"><a href="friendssite.php?act=mod_site">sites for moderation</a> ' . $total_mod . '</div>';
}
$total = $db->exec(mysql_query("SELECT COUNT(*) FROM `friendssite` WHERE `type`='1'"), 0);
if($total) {
$req = mysql_query("SELECT `friendssite`.*, `users`.`name` AS `nick` FROM `friendssite` LEFT JOIN `users` ON `friendssite`.`iduser` = `users`.`id` WHERE `friendssite`.`type`='1' ORDER BY `friendssite`.`count` DESC LIMIT $start, $kmess");
if ($rights >= 6)
echo '<form action="friendssite.php?act=mass_del" method="post">';
while ($res = $db->query($req)-> fetch ()) {
echo $i % 2 ? '<div class="list2">' : '<div class="list1">';
echo '<a href="friendssite.php?act=redirect&amp;id=' . $res['id'] . '"><b>' . functions::checkout($res['name']) . '</b></a> (' . $res['count'] . ')<br />' . functions::checkout($res['opis'], 1, 1);
echo '<br/><small>Added by <a href="../users/profile.php?user=' . $res['iduser'] . '">' . $res['nick'] . '</a>, ' . functions::display_date($res['vr']) . '</small>';
if ($rights >= 6)
echo '<div class="sub"><input type="checkbox" name="delch[]" value="' . $res["id"] . '"/>&nbsp;<a href="friendssite.php?act=delete&amp;id=' . $res["id"] . '"><span class="red">Delete</span></a> &bull; <a href="friendssite.php?act=edit&amp;id=' . $res["id"] . '">Change</a></div>';
echo '</div>';
++$i;
}
if ($rights >= 6)
echo '<div class="orange"><input type="submit" value="delete check it"/></form></div>';
}
else
echo '<div class="menu"><p>Empty list..!!</p></div>';
echo '<div class="phdr">Total site:&nbsp;' . $total . '</div>';
if ($total > $kmess) {
echo '<div class="topmenu">' . functions::display_pagination('friendssite.php?', $start, $total, $kmess) . '<br/>';
echo '<form action="friendssite.php" method="get"><input type="text" name="page" size="2"/><input type="submit" value="Go to page &gt;&gt;"/></form></div>';
}
echo '</div>';
}
require_once("../incfiles/end.php");
?>


Добавлено: 24.06.2017 / 00:32
@Gabriel, @koenig and @jimy convert to v7.x.x please am a beginner, but am hook up here, please. I own http://kinsvilla.com.ng
.
(\/)____o_O____(\/)
Добавлено: 24.06.2017 / 10:12
citybooks, see code example and replace warning code
mysql_query -> $db->query
mysql_num_rows use method rowCount()
all function::name() use $tools->name()
and other

Добавлено: 24.06.2017 / 10:29
old v6 https://github.com/john-cms/jo ... x.php
new v7 https://github.com/john-cms/jo ... x.php
see changes

Добавлено: 24.06.2017 / 10:32
On a rolling stone moss does not grow ;)
Всего: 2
Фильтр по автору
Скачать тему