Файл: Kagao-v3.0/upload/load.php
Строк: 181
<?php
/*
* @package package.kogao.loader
* @copyright kogaoscript.com
*/
include "inc/language.php";
if($_POST){
require('classes/config.php');
include "inc/db.php";
$sk = htmlspecialchars ( $_POST['sk'] );
switch($sk){
case 'sendmessage':
session_start();
$get = $e->query('SELECT * FROM user WHERE id = "'.intval($_SESSION['login']).'"');
$row = $e->fetch_assoc($get);
$e->free_result($get);
if(!empty($_POST['touid'])){
$touid = $_POST['touid'];
$get_ = $e->query('SELECT email FROM user WHERE id = "'.$_POST['touid'].'"');
$row_ = $e->fetch_assoc($get_);
//$e->sendmail($row_['email'], 'Antwort von ' . $row['a_name'], 'Du hast eine neue Nachricht', $row['email']);
}else{
$touid = 0;
//email senden
$e->sendmail($_POST['tomail'], 'Antwort von ' . $row['a_name'], $_POST['m'], $row['email']);
}
$e->query('INSERT INTO messages SET
message_code = "'.$_POST['code'].'",
message_text = "'.$_POST['m'].'",
fromuid = "'.$_SESSION['login'].'",
touid = "'.$touid.'",
datum = "'.time().'",
message_read = "1",
email = "'.$row['email'].'",
name = "'.$row['a_name'].'",
aid = "'.$_POST['aid'].'"
');
die;
break;
case 'editprofile':
if( !empty($_POST['impressum']) ){
$impressum = 'impressum = "'.htmlspecialchars($_POST['impressum']).'"';
}else{
$impressum = 'impressum = impressum';
}
$e->query('
UPDATE
user
SET
rank = "'.$_POST['rank'].'",
a_name = "'.htmlspecialchars($_POST['a_name']).'",
a_street = "'.htmlspecialchars($_POST['a_street']).'",
a_plz = "'.htmlspecialchars($_POST['a_plz']).'",
'.$impressum.',
i_wieder = "'.htmlspecialchars($_POST['i_wieder']).'",
i_verzicht = "'.htmlspecialchars($_POST['i_verzicht']).'",
i_energie = "'.htmlspecialchars($_POST['i_energie']).'",
i_adressen = "'.htmlspecialchars($_POST['i_adressen']).'",
i_impressum = "'.htmlspecialchars($_POST['i_impressum']).'"
WHERE
id = "'.$_SESSION['login'].'"
');
//passwort->new
if( $_POST['oldpw'] ){
$get = $e->query('SELECT id FROM user WHERE pass = "'.md5( $_POST['oldpw'] ).'" and id = "'.$_SESSION['login'].'"');
$row = $e->fetch_assoc($get);
$e->free_result($get);
if(!empty($row['id'])){
if(empty($_POST['newpw'])){
$e->location('profile?error=3');
die;
}else{
if($_POST['newpw'] == $_POST['newpw2']){
$e->query('
UPDATE
user
SET
pass = "'.md5($_POST['newpw']).'"
WHERE
id = "'.$_SESSION['login'].'"
');
$e->location('profile?ok=1');
die;
}else{
$e->location('profile?error=2');
die;
}
}
}else{
$e->location('profile?error=1');
die;
}
}
$e->location('profile?ok=2');
die;
break;
case 'pwforget':
$email = htmlspecialchars( $_POST['user'] );
$get = $e->query('SELECT id, passrec FROM user WHERE email = "'.$email.'"');
$row = $e->fetch_assoc($get);
$e->free_result($get);
if( empty( $email ) ){
$e->location('recover?error=mail');
die;
}else if( empty( $row['id'] ) ){
$e->location('recover?error=dontmail&lastmail=' . $email);
die;
}else{
$passwort = base64_decode($row['passrec']);
$text = 'Ihr Passwort lautet: ' . $passwort;
$from = $e->getSupportMail();
$e->sendmail($email, 'Ihr Passwort von ' . $_init['copyrightname'], $text, $from);
$e->location('recover?ok=1');
die;
}
break;
case 'support':
function supportQuestion($int){
switch($int){
case 1: return 'Allgemeine Frage'; break;
case 2: return 'Frage zur Topanzeige'; break;
case 3: return 'Allgemeines Probleme'; break;
case 4: return 'Zahlungsproblem'; break;
}
}
$betreff = $_POST['betreff'];
$email = $_POST['email'];
$text = $_POST['text'];
if( empty( $email ) or empty( $text ) ){
$e->location('support?error=1');
die;
}else{
$empfaenger = $e->getSupportMail();
$betreff = supportQuestion( $betreff );
$from = "From: <$email>";
$text = htmlspecialchars( $text );
if( mail($empfaenger, $betreff, $text, $from)){
$e->location('support?ok=1');
}else{
$e->location('support?error=2');
}
die;
}
break;
case 'suche':
$get = $e->query('SELECT id, name FROM kategorie_under1 WHERE name LIKE "'.htmlspecialchars( $_POST['q'] ).'%"');
$row = $e->fetch_assoc($get);
if( $row['id'] ){
$get2 = $e->query('SELECT name FROM kategorie_under2 WHERE bigid = "'.$row['id'].'" LIMIT 10');
while($row2 = $e->fetch_assoc($get2)){
?>
<div class="searchKey" onClick="jQuery('input[name=suche]').val('<?php echo $row['name']; ?> <?php echo $row2['name']; ?>'); jQuery('.searchHTML').hide();">
<b><?php echo $row['name']; ?></b> <?php echo utf8_encode($row2['name']); ?>
</div>
<?php
}
$e->free_result($get2);
}
$e->free_result($get);
die;
break;
case 'carmodel':
$modelid = intval( $_POST['model'] );
$loadModel = $e->query('SELECT id, name FROM kategorie_under2 WHERE bigid = "'.$modelid.'"');
?>
<select name="id3" class="basicupdate" style="width:100px;" data-custom-id="custom" data-custom-class="custom">
<?php
while($loadData = $e->fetch_assoc($loadModel)){
?>
<option value="<?php echo $loadData['id']; ?>"><?php echo $loadData['name']; ?></option>
<?php
}
?>
</select>
<?php
$e->free_result($loadModel);
die;
break;
}
}
$loadSettingsPackage = $e->settings();
//module->settings
$_init = array(
"baseurl" => $baseurl_setting,
"immobilien" => $loadSettingsPackage['is_immo'],
"automarkt" => $loadSettingsPackage['is_auto'],
//showMenu
"kategorienModul" => true,
//home->produkte
"allproducts" => true,
"newcars" => $loadSettingsPackage['is_auto'],
"newimmo" => $loadSettingsPackage['is_immo'],
//create
"maxuploadphotos" => $loadSettingsPackage['maxuploadphotos'],
//name->data
"copyrightname" => $loadSettingsPackage['copyrightname']
);
#::Search->Cars
if( $_init['automarkt'] == true ){
//get->cars->category
//module => 2
$cars = $e->query('SELECT id FROM kategorie_big WHERE module = "2"');
$carsrow = $e->fetch_assoc($cars);
$cars_marken = $e->query('SELECT id, name FROM kategorie_under1 WHERE bigid = "'.$carsrow['id'].'"');
while( $cars_data = $e->fetch_assoc($cars_marken) ){ $dataPackage_cars[] = $cars_data; }
$e->free_result($cars_marken);
$e->free_result($cars);
$tpl->assign("car_marken", $dataPackage_cars);
}
#::Search->Immobilien
if( $_init['immobilien'] == true ){
//get->immobilien->category
//module => 1
$immobilien = $e->query('SELECT id FROM kategorie_big WHERE module = "1"');
$immobilienrow = $e->fetch_assoc($immobilien);
$immobilien_category = $e->query('SELECT id, name FROM kategorie_under WHERE bigid = "'.$immobilienrow['id'].'" ORDER by name DESC');
while($immobilien_data = $e->fetch_assoc($immobilien_category)){ $dataPackage[] = $immobilien_data; }
$e->free_result($immobilien);
$e->free_result($immobilien_category);
$tpl->assign("immobilienkates", $dataPackage);
}
if($_SESSION['login']){
$tpl->assign($e->getMessageNum());
$tpl->assign($e->getMerklistNum());
}
//60Days->interval
$push_request_days = 'SELECT id FROM produkte WHERE erstellung < '.strtotime('now - 60 days').'';
$push_request_days = $e->query($push_request_days);
while( $row_push_days = $e->fetch_assoc($push_request_days) ){
$e->query('UPDATE produkte SET statuscode = "2" WHERE id = "'.$row_push_days['id'].'"');
}
$e->free_result($push_request_days);
$tpl->assign($e->settings());
$tpl->assign("partnerlinks", $e->getPartnerLinks());
$tpl->assign($_init);
$tpl->assign(array(
'modul_beo' => module_beo,
'modul_sup' => module_support,
'modul_mes' => module_nachrichten,
'modul_sal' => module_rechnung,
'modul_pho' => module_mobile,
'is_cookie' => $_SESSION['cookie_true'] ? true : false
));
$tpl->assign($languagepackage);
include "inc/boot.php";
$settings = new settings;
$tpl->assign($settings->load());
function addMonth($time){
$time = $time;
$time = strtotime('+1 month', $time);
return date('d.m.Y', $time);
}
//Top-Anzeigen
include "classes/ad.php";
$tpl->assign( $requestTopAnzeigen );
?>