From 9d6f25670a9d9fc2494677f5d6eee8c394b7fd86 Mon Sep 17 00:00:00 2001
From: xiaomlove <i353856593@163.com>
Date: Sun, 28 Feb 2021 02:15:11 +0800
Subject: [PATCH] fix invite.php

---
 include/functions.php  |  2 +-
 public/invite.php      | 24 ++++++++++++------------
 public/modtask.php     |  4 ++--
 public/usercp.php      |  2 +-
 public/userdetails.php |  1 +
 5 files changed, 17 insertions(+), 16 deletions(-)
diff --git a/include/functions.php b/include/functions.php
index 2daa8fd2..7454b720 100644
--- a/include/functions.php
+++ b/include/functions.php
@@ -626,7 +626,7 @@ function get_elapsed_time($ts,$shortunit = false)
 	$months -= $years * 12;
 	$t = "";
 	if ($years > 0)
-	return $years.($shortunit ? $lang_functions['text_short_year'] : $lang_functions['text_year'] . add_s($year)) ."&nbsp;".$months.($shortunit ? $lang_functions['text_short_month'] : $lang_functions['text_month'] . add_s($months));
+	return $years.($shortunit ? $lang_functions['text_short_year'] : $lang_functions['text_year'] . add_s($years)) ."&nbsp;".$months.($shortunit ? $lang_functions['text_short_month'] : $lang_functions['text_month'] . add_s($months));
 	if ($months > 0)
 	return $months.($shortunit ?  $lang_functions['text_short_month'] : $lang_functions['text_month'] . add_s($months)) ."&nbsp;".$days2.($shortunit ? $lang_functions['text_short_day'] : $lang_functions['text_day'] . add_s($days2));
 	if ($days > 0)
diff --git a/public/invite.php b/public/invite.php
index 0cad1676..64b9e9b9 100644
--- a/public/invite.php
+++ b/public/invite.php
@@ -36,18 +36,18 @@ if ($inv["invites"] != 1){
 }
 
 if ($type == 'new'){
-	if ($CURUSER[invites] <= 0) {
+	if ($CURUSER['invites'] <= 0) {
 		stdmsg($lang_invite['std_sorry'],$lang_invite['std_no_invites_left'].
-		"<a class=altlink href=invite.php?id=$CURUSER[id]>".$lang_invite['here_to_go_back'],false);
+		"<a class=altlink href=invite.php?id={$CURUSER['id']}>".$lang_invite['here_to_go_back'],false);
 		print("</td></tr></table>");
 		stdfoot();
 		die;
 	}
-	$invitation_body =  $lang_invite['text_invitation_body'].$CURUSER[username];
+	$invitation_body =  $lang_invite['text_invitation_body'].$CURUSER['username'];
 	//$invitation_body_insite = str_replace("<br />","\n",$invitation_body);
 	print("<form method=post action=takeinvite.php?id=".htmlspecialchars($id).">".
 	"<table border=1 width=737 cellspacing=0 cellpadding=5>".
-	"<tr align=center><td colspan=2><b>".$lang_invite['text_invite_someone']."$SITENAME ($inv[invites]".$lang_invite['text_invitation'].$_s.$lang_invite['text_left'] .")</b></td></tr>".
+	"<tr align=center><td colspan=2><b>".$lang_invite['text_invite_someone']."$SITENAME ({$inv['invites']}".$lang_invite['text_invitation'].$_s.$lang_invite['text_left'] .")</b></td></tr>".
 	"<tr><td class=\"rowhead nowrap\" valign=\"top\" align=\"right\">".$lang_invite['text_email_address']."</td><td align=left><input type=text size=40 name=email><br /><font align=left class=small>".$lang_invite['text_email_address_note']."</font>".($restrictemaildomain == 'yes' ? "<br />".$lang_invite['text_email_restriction_note'].allowedemails() : "")."</td></tr>".
 	"<tr><td class=\"rowhead nowrap\" valign=\"top\" align=\"right\">".$lang_invite['text_message']."</td><td align=left><textarea name=body rows=8 cols=120>" .$invitation_body.
 	"</textarea></td></tr>".
@@ -71,14 +71,14 @@ if ($type == 'new'){
 	} else {
 
 		print("<tr><td class=colhead><b>".$lang_invite['text_username']."</b></td><td class=colhead><b>".$lang_invite['text_email']."</b></td><td class=colhead><b>".$lang_invite['text_uploaded']."</b></td><td class=colhead><b>".$lang_invite['text_downloaded']."</b></td><td class=colhead><b>".$lang_invite['text_ratio']."</b></td><td class=colhead><b>".$lang_invite['text_status']."</b></td>");
-		if ($CURUSER[id] == $id || get_user_class() >= UC_SYSOP)
+		if ($CURUSER['id'] == $id || get_user_class() >= UC_SYSOP)
 		print("<td class=colhead><b>".$lang_invite['text_confirm']."</b></td>");
 
 		print("</tr>");
 		for ($i = 0; $i < $num; ++$i)
 		{
 			$arr = mysql_fetch_assoc($ret);
-			$user = "<td class=rowfollow>" . get_username($arr[id]) . "</td>";
+			$user = "<td class=rowfollow>" . get_username($arr['id']) . "</td>";
 
 			if ($arr["downloaded"] > 0) {
 				$ratio = number_format($arr["uploaded"] / $arr["downloaded"], 3);
@@ -92,15 +92,15 @@ if ($type == 'new'){
 				}
 			}
 			if ($arr["status"] == 'confirmed')
-			$status = "<a href=userdetails.php?id=$arr[id]><font color=#1f7309>".$lang_invite['text_confirmed']."</font></a>";
+			$status = "<a href=userdetails.php?id={$arr['id']}><font color=#1f7309>".$lang_invite['text_confirmed']."</font></a>";
 			else
-			$status = "<a href=checkuser.php?id=$arr[id]><font color=#ca0226>".$lang_invite['text_pending']."</font></a>";
+			$status = "<a href=checkuser.php?id={$arr['id']}><font color=#ca0226>".$lang_invite['text_pending']."</font></a>";
 
-			print("<tr class=rowfollow>$user<td>$arr[email]</td><td class=rowfollow>" . mksize($arr[uploaded]) . "</td><td class=rowfollow>" . mksize($arr[downloaded]) . "</td><td class=rowfollow>$ratio</td><td class=rowfollow>$status</td>");
-			if ($CURUSER[id] == $id || get_user_class() >= UC_SYSOP){
+			print("<tr class=rowfollow>$user<td>$arr[email]</td><td class=rowfollow>" . mksize($arr['uploaded']) . "</td><td class=rowfollow>" . mksize($arr[downloaded]) . "</td><td class=rowfollow>$ratio</td><td class=rowfollow>$status</td>");
+			if ($CURUSER['id'] == $id || get_user_class() >= UC_SYSOP){
 				print("<td>");
 				if ($arr[status] == 'pending')
-				print("<input type=\"checkbox\" name=\"conusr[]\" value=\"" . $arr[id] . "\" />");
+				print("<input type=\"checkbox\" name=\"conusr[]\" value=\"" . $arr['id'] . "\" />");
 				print("</td>");
 			}
 
@@ -111,7 +111,7 @@ if ($type == 'new'){
 	if ($CURUSER['id'] == $id || get_user_class() >= UC_SYSOP)
 	{
 
-		$pendingcount = number_format(get_row_count("users", "WHERE  status='pending' AND invited_by=$CURUSER[id]"));
+		$pendingcount = number_format(get_row_count("users", "WHERE  status='pending' AND invited_by={$CURUSER['id']}"));
 		if ($pendingcount){
 		print("<input type=hidden name=email value=$arr[email]>");
 		print("<tr><td colspan=7 align=right><input type=submit style='height: 20px' value=".$lang_invite['submit_confirm_users']."></td></tr>");
diff --git a/public/modtask.php b/public/modtask.php
index ff021091..676659e7 100644
--- a/public/modtask.php
+++ b/public/modtask.php
@@ -173,7 +173,7 @@ if ($action == "edituser")
 			$passupdate=true;
 	}
 	
-	if ($passupdate) {
+	if (isset($passupdate) && $passupdate) {
 		$sec = mksecret();
 		$passhash = md5($sec . $chpassword . $sec);
 		$updateset[] = "secret = " . sqlesc($sec);
@@ -267,7 +267,7 @@ if ($action == "edituser")
 	if ($privacy == "low" OR $privacy == "normal" OR $privacy == "strong")
 		$updateset[] = "privacy = " . sqlesc($privacy);
 	
-	if ($_POST["resetkey"] == "yes")
+	if (isset($_POST["resetkey"]) && $_POST["resetkey"] == "yes")
 	{
 		$newpasskey = md5($arr['username'].date("Y-m-d H:i:s").$arr['passhash']);
 		$updateset[] = "passkey = ".sqlesc($newpasskey);
diff --git a/public/usercp.php b/public/usercp.php
index bd96bf05..abd9d32a 100644
--- a/public/usercp.php
+++ b/public/usercp.php
@@ -254,7 +254,7 @@ tr($lang_usercp['row_school'], "<select name=school>$schools</select>", 1);
 				if ($inclbookmarked)
 					$notifs .= "[inclbookmarked=".$inclbookmarked."]";
 				$stylesheet = $_POST["stylesheet"];
-				$caticon = $_POST["caticon"];
+//				$caticon = $_POST["caticon"];
 				$sitelanguage = $_POST["sitelanguage"];
 				$fontsize = $_POST["fontsize"];
 				if ($fontsize == 'large')
diff --git a/public/userdetails.php b/public/userdetails.php
index 2b4b9dd9..c531fb98 100644
--- a/public/userdetails.php
+++ b/public/userdetails.php
@@ -290,6 +290,7 @@ else
 {
 	print("<tr><td align=\"left\" colspan=\"2\" class=\"text\"><font color=\"blue\">".$lang_userdetails['text_public_access_denied'].$user['username'].$lang_userdetails['text_user_wants_privacy']."</font></td></tr>\n");
 }
+$showpmbutton = 0;
 if ($CURUSER["id"] != $user["id"])
 if (get_user_class() >= $staffmem_class)
 $showpmbutton = 1;

".$lang_invite['text_invite_someone']."$SITENAME ($inv[invites]".$lang_invite['text_invitation'].$_s.$lang_invite['text_left'] .")
".$lang_invite['text_invite_someone']."$SITENAME ({$inv['invites']}".$lang_invite['text_invitation'].$_s.$lang_invite['text_left'] .")
".$lang_invite['text_email_address']."	".$lang_invite['text_email_address_note']."".($restrictemaildomain == 'yes' ? " ".$lang_invite['text_email_restriction_note'].allowedemails() : "")."
".$lang_invite['text_message']."	" .$invitation_body. "
".$lang_invite['text_username']."	".$lang_invite['text_email']."	".$lang_invite['text_uploaded']."	".$lang_invite['text_downloaded']."	".$lang_invite['text_ratio']."	".$lang_invite['text_status']."	".$lang_invite['text_confirm']."
" . get_username($arr[id]) . "	" . get_username($arr['id']) . "
$arr[email]	" . mksize($arr[uploaded]) . "	" . mksize($arr[downloaded]) . "	$ratio	$status
$arr[email]	" . mksize($arr['uploaded']) . "	" . mksize($arr[downloaded]) . "	$ratio	$status	"); if ($arr[status] == 'pending') - print(""); + print(""); print("

".$lang_userdetails['text_public_access_denied'].$user['username'].$lang_userdetails['text_user_wants_privacy']."