Example #1
0
/**
* Add "root" category and fix categories
*
*/
function links_update_set_categories()
{
    global $_TABLES, $_LI_CONF;
    if (empty($_LI_CONF['root'])) {
        $_LI_CONF['root'] = 'site';
    }
    $root = DB_escapeString($_LI_CONF['root']);
    DB_query("INSERT INTO {$_TABLES['linkcategories']} (cid, pid, category, description, tid, created, modified, group_id, owner_id, perm_owner, perm_group, perm_members, perm_anon) VALUES ('{$root}', 'root', 'Root', 'Website root', NULL, NOW(), NOW(), 5, 2, 3, 3, 2, 2)");
    // get Links admin group number
    $group_id = DB_getItem($_TABLES['groups'], 'grp_id', "grp_name = 'Links Admin'");
    // loop through adding to category table, then update links table with cids
    $result = DB_query("SELECT DISTINCT cid AS category FROM {$_TABLES['links']}");
    $nrows = DB_numRows($result);
    for ($i = 0; $i < $nrows; $i++) {
        $A = DB_fetchArray($result);
        $category = DB_escapeString($A['category']);
        $cid = $category;
        DB_query("INSERT INTO {$_TABLES['linkcategories']} (cid,pid,category,description,tid,owner_id,group_id,created,modified) VALUES ('{$cid}','{$root}','{$category}','{$category}','all',2,'{$group_id}',NOW(),NOW())", 1);
        if ($cid != $category) {
            // still experimenting ...
            DB_query("UPDATE {$_TABLES['links']} SET cid='{$cid}' WHERE cid='{$category}'", 1);
        }
        if (DB_error()) {
            echo "Error inserting categories into linkcategories table";
            return false;
        }
    }
}
Example #2
0
 function doValidLogin($login)
 {
     global $_CONF, $_TABLES, $status, $uid;
     // Remote auth precludes usersubmission,
     // and integrates user activation, see?;
     $status = USER_ACCOUNT_ACTIVE;
     // PHP replaces "." with "_"
     $openid_identity = DB_escapeString($this->query['openid_identity']);
     $openid_nickname = '';
     if (isset($this->query['openid_sreg_nickname'])) {
         $openid_nickname = $this->query['openid_sreg_nickname'];
     }
     // Check if that account is already registered.
     $result = DB_query("SELECT uid FROM {$_TABLES['users']} WHERE remoteusername = '******' AND remoteservice = 'openid'");
     $tmp = DB_error();
     $nrows = DB_numRows($result);
     if (!($tmp == 0) || !($nrows == 1)) {
         // First time login with this OpenID, creating account...
         if ($_CONF['disable_new_user_registration']) {
             // not strictly correct - just to signal a failed login attempt
             $status = USER_ACCOUNT_DISABLED;
             $uid = 0;
             return;
         }
         if (empty($openid_nickname)) {
             $openid_nickname = $this->makeUsername($this->query['openid_identity']);
         }
         // we simply can't accept empty usernames ...
         if (empty($openid_nickname)) {
             COM_errorLog('Got an empty username for ' . $openid_identity);
             // not strictly correct - just to signal a failed login attempt
             $status = USER_ACCOUNT_DISABLED;
             $uid = 0;
             return;
         }
         // Ensure that remoteusername is unique locally.
         $openid_nickname = USER_uniqueUsername($openid_nickname);
         $openid_sreg_email = '';
         if (isset($this->query['openid_sreg_email'])) {
             $openid_sreg_email = $this->query['openid_sreg_email'];
         }
         $openid_sreg_fullname = '';
         if (isset($this->query['openid_sreg_fullname'])) {
             $openid_sreg_fullname = $this->query['openid_sreg_fullname'];
         }
         USER_createAccount($openid_nickname, $openid_sreg_email, '', $openid_sreg_fullname, '', $this->query['openid_identity'], 'openid');
         $uid = DB_getItem($_TABLES['users'], 'uid', "remoteusername = '******' AND remoteservice = 'openid'");
         // Store full remote account name:
         DB_query("UPDATE {$_TABLES['users']} SET remoteusername = '******', remoteservice = 'openid', status = 3 WHERE uid = {$uid}");
         // Add to remote users:
         $remote_grp = DB_getItem($_TABLES['groups'], 'grp_id', "grp_name = 'Remote Users'");
         DB_query("INSERT INTO {$_TABLES['group_assignments']} (ug_main_grp_id, ug_uid) VALUES ({$remote_grp}, {$uid})");
     } else {
         $result = DB_query("SELECT uid,status FROM {$_TABLES['users']} WHERE remoteusername = '******' AND remoteservice = 'openid'");
         list($uid, $status) = DB_fetchArray($result);
     }
 }
 /**
  * Updates statistics of an spamx entry
  *
  * @param    string    $name    plugin name
  * @param    string    $value   data
  **/
 protected function updateStat($name, $value)
 {
     global $_TABLES;
     $name = DB_escapeString($name);
     $value = DB_escapeString($value);
     $timestamp = DB_escapeString(date('Y-m-d H:i:s'));
     $sql = "UPDATE {$_TABLES['spamx']} " . "SET counter = counter + 1, regdate = '{$timestamp}' " . "WHERE name='{$name}' AND value='{$value}' ";
     DB_query($sql, 1);
 }
Example #4
0
/**
* Replace the old $_STATES array with a free-form text field
*
*/
function calendar_update_move_states()
{
    global $_TABLES, $_STATES;
    if (isset($_STATES) && is_array($_STATES)) {
        $tables = array($_TABLES['events'], $_TABLES['eventsubmission'], $_TABLES['personal_events']);
        foreach ($_STATES as $key => $state) {
            foreach ($tables as $table) {
                DB_change($table, 'state', DB_escapeString($state), 'state', DB_escapeString($key));
            }
        }
    }
}
 /**
  * Constructor
  */
 function display()
 {
     global $_CONF, $_TABLES, $LANG_SX00;
     $action = '';
     if (isset($_GET['action'])) {
         $action = $_GET['action'];
     } elseif (isset($_POST['paction'])) {
         $action = $_POST['paction'];
     }
     if ($action == 'delete' && SEC_checkToken()) {
         $entry = $_GET['entry'];
         if (!empty($entry)) {
             $dbentry = DB_escapeString($entry);
             DB_delete($_TABLES['spamx'], array('name', 'value'), array('HTTPHeader', $dbentry));
         }
     } elseif ($action == $LANG_SX00['addentry'] && SEC_checkToken()) {
         $entry = '';
         $name = COM_applyFilter($_REQUEST['header-name']);
         $n = explode(':', $name);
         $name = $n[0];
         $value = $_REQUEST['header-value'];
         if (!empty($name) && !empty($value)) {
             $entry = $name . ': ' . $value;
         }
         $dbentry = DB_escapeString($entry);
         if (!empty($entry)) {
             $result = DB_query("INSERT INTO {$_TABLES['spamx']} VALUES ('HTTPHeader','{$dbentry}')");
         }
     }
     $token = SEC_createToken();
     $display = '<hr' . XHTML . '>' . LB . '<p><b>';
     $display .= $LANG_SX00['headerblack'];
     $display .= '</b></p>' . LB . '<ul>' . LB;
     $result = DB_query("SELECT value FROM {$_TABLES['spamx']} WHERE name='HTTPHeader' ORDER BY value");
     $nrows = DB_numRows($result);
     for ($i = 0; $i < $nrows; $i++) {
         list($e) = DB_fetchArray($result);
         $display .= '<li>' . COM_createLink(htmlspecialchars($e), $_CONF['site_admin_url'] . '/plugins/spamx/index.php?command=EditHeader&amp;action=delete&amp;entry=' . urlencode($e) . '&amp;' . CSRF_TOKEN . '=' . $token) . '</li>' . LB;
     }
     $display .= '</ul>' . LB . '<p>' . $LANG_SX00['e1'] . '</p>' . LB;
     $display .= '<p>' . $LANG_SX00['e2'] . '</p>' . LB;
     $display .= '<form method="post" action="' . $_CONF['site_admin_url'] . '/plugins/spamx/index.php?command=EditHeader">' . LB;
     $display .= '<table border="0" width="100%">' . LB;
     $display .= '<tr><td align="right"><b>Header:</b></td>' . LB;
     $display .= '<td><input type="text" size="40" name="header-name"' . XHTML . '> e.g. <tt>User-Agent</tt></td></tr>' . LB;
     $display .= '<tr><td align="right"><b>Content:</b></td>' . LB;
     $display .= '<td><input type="text" size="40" name="header-value"' . XHTML . '> e.g. <tt>Mozilla</tt></td></tr>' . LB;
     $display .= '</table>' . LB;
     $display .= '<p><input type="submit" name="paction" value="' . $LANG_SX00['addentry'] . '"' . XHTML . '></p>';
     $display .= '<input type="hidden" name="' . CSRF_TOKEN . "\" value=\"{$token}\"" . XHTML . '>' . LB;
     $display .= '</form>' . LB;
     return $display;
 }
Example #6
0
function initMenu($menuname, $skipCache = false)
{
    global $_GROUPS, $_TABLES, $_USER;
    $menu = NULL;
    $cacheInstance = 'menuobject_' . $menuname . '_' . CACHE_security_hash() . '__data';
    if ($skipCache == false) {
        $retval = CACHE_check_instance($cacheInstance, 0);
        if ($retval) {
            $menu = unserialize($retval);
            return $menu;
        }
    }
    $mbadmin = SEC_hasRights('menu.admin');
    $root = SEC_inGroup('Root');
    if (COM_isAnonUser()) {
        $uid = 1;
    } else {
        $uid = $_USER['uid'];
    }
    $result = DB_query("SELECT * FROM {$_TABLES['menu']} WHERE menu_active=1 AND menu_name='" . DB_escapeString($menuname) . "'", 1);
    $menuRow = DB_fetchArray($result);
    if ($menuRow) {
        $menu = new menu();
        $menu->id = $menuRow['id'];
        $menu->name = $menuRow['menu_name'];
        $menu->type = $menuRow['menu_type'];
        $menu->active = $menuRow['menu_active'];
        $menu->group_id = $menuRow['group_id'];
        if ($mbadmin || $root) {
            $menu->permission = 3;
        } else {
            if ($menuRow['group_id'] == 998) {
                if (COM_isAnonUser()) {
                    $menu->permission = 3;
                } else {
                    $menu->permission = 0;
                    return NULL;
                }
            } else {
                if (in_array($menuRow['group_id'], $_GROUPS)) {
                    $menu->permission = 3;
                } else {
                    return NULL;
                }
            }
        }
        $menu->getElements();
        $cacheMenu = serialize($menu);
        CACHE_create_instance($cacheInstance, $cacheMenu, 0);
    }
    return $menu;
}
Example #7
0
 public function Load($code)
 {
     global $_TABLES;
     static $currencies = array();
     if (!isset($currencies[$code])) {
         $currencies[$code] = FALSE;
         $res = DB_query("SELECT * FROM {$_TABLES['paypal.currency']}\n                    WHERE code = '" . DB_escapeString($code) . "'");
         if ($res) {
             $currencies[$code] = DB_fetchArray($res, false);
         }
     }
     return $currencies[$code];
 }
/**
 * Add new config options
 *
 */
function update_ConfValues()
{
    global $_CONF, $_TABLES;
    require_once $_CONF['path_system'] . 'classes/config.class.php';
    // remove pdf_enabled option; this also makes room for new search options
    DB_delete($_TABLES['conf_values'], 'name', 'pdf_enabled');
    // move num_search_results options
    DB_query("UPDATE {$_TABLES['conf_values']} SET sort_order = 651 WHERE sort_order = 670");
    // change default for num_search_results
    $thirty = DB_escapeString(serialize(30));
    DB_query("UPDATE {$_TABLES['conf_values']} SET value = '{$thirty}', default_value = '{$thirty}' WHERE name = 'num_search_results'");
    // fix censormode dropdown
    DB_query("UPDATE {$_TABLES['conf_values']} SET selectionArray = 18 WHERE name = 'censormode'");
    $c = config::get_instance();
    // new options
    $c->add('jpeg_quality', 75, 'text', 5, 23, NULL, 1495, FALSE);
    $c->add('advanced_html', array('img' => array('width' => 1, 'height' => 1, 'src' => 1, 'align' => 1, 'valign' => 1, 'border' => 1, 'alt' => 1)), '**placeholder', 7, 34, NULL, 1721, TRUE);
    // squeeze search options between 640 (lastlogin) and 680 (loginrequired)
    $c->add('fs_search', NULL, 'fieldset', 0, 6, NULL, 0, TRUE);
    $c->add('search_style', 'google', 'select', 0, 6, 19, 644, TRUE);
    $c->add('search_limits', '10,15,25,30', 'text', 0, 6, NULL, 647, TRUE);
    // see above: $c->add('num_search_results',30,'text',0,6,NULL,651,TRUE);
    $c->add('search_show_limit', TRUE, 'select', 0, 6, 1, 654, TRUE);
    $c->add('search_show_sort', TRUE, 'select', 0, 6, 1, 658, TRUE);
    $c->add('search_show_num', TRUE, 'select', 0, 6, 1, 661, TRUE);
    $c->add('search_show_type', TRUE, 'select', 0, 6, 1, 665, TRUE);
    $c->add('search_separator', ' &gt; ', 'text', 0, 6, NULL, 668, TRUE);
    $c->add('search_def_keytype', 'phrase', 'select', 0, 6, 20, 672, TRUE);
    $c->add('search_use_fulltext', FALSE, 'hidden', 0, 6);
    // 675
    // filename mask for db backup files
    $c->add('mysqldump_filename_mask', 'geeklog_db_backup_%Y_%m_%d_%H_%M_%S.sql', 'text', 0, 5, NULL, 185, TRUE);
    // DOCTYPE declaration, for {doctype} in header.thtml
    $c->add('doctype', 'html401strict', 'select', 2, 10, 21, 195, TRUE);
    // new comment options
    $c->add('comment_edit', 0, 'select', 4, 21, 0, 1680, TRUE);
    $c->add('commentsubmission', 0, 'select', 4, 21, 0, 1682, TRUE);
    $c->add('comment_edittime', 1800, 'text', 4, 21, NULL, 1684, TRUE);
    $c->add('article_comment_close_days', 30, 'text', 4, 21, NULL, 1686, TRUE);
    $c->add('comment_close_rec_stories', 0, 'text', 4, 21, NULL, 1688, TRUE);
    $c->add('allow_reply_notifications', 0, 'select', 4, 21, 0, 1689, TRUE);
    // cookie to store name of anonymous commenters
    $c->add('cookie_anon_name', 'anon_name', 'text', 7, 30, NULL, 577, TRUE);
    // enable/disable clickable links
    $c->add('clickable_links', 1, 'select', 7, 31, 1, 1753, TRUE);
    // experimental: compress output before sending it to the browser
    $c->add('compressed_output', 0, 'select', 7, 31, 1, 1756, TRUE);
    // for the X-FRAME-OPTIONS header (Clickjacking protection)
    $c->add('frame_options', 'DENY', 'select', 7, 31, 22, 1758, TRUE);
    return true;
}
 /**
  * Constructor
  */
 function display()
 {
     global $_CONF, $_TABLES, $LANG_SX00;
     $action = '';
     if (isset($_GET['action'])) {
         $action = $_GET['action'];
     } elseif (isset($_POST['paction'])) {
         $action = $_POST['paction'];
     }
     $entry = '';
     if (isset($_GET['entry'])) {
         $entry = COM_stripslashes($_GET['entry']);
     } elseif (isset($_POST['pentry'])) {
         $entry = COM_stripslashes($_POST['pentry']);
     }
     if ($action == 'delete' && SEC_checkToken()) {
         $entry = DB_escapeString($entry);
         DB_delete($_TABLES['spamx'], array('name', 'value'), array('Personal', $entry));
     } elseif ($action == $LANG_SX00['addentry'] && SEC_checkToken()) {
         if (!empty($entry)) {
             $entry = DB_escapeString($entry);
             $result = DB_query("INSERT INTO {$_TABLES['spamx']} VALUES ('Personal', '{$entry}')");
         }
     } elseif ($action == $LANG_SX00['addcen'] && SEC_checkToken()) {
         foreach ($_CONF['censorlist'] as $entry) {
             $entry = DB_escapeString($entry);
             $result = DB_query("INSERT INTO {$_TABLES['spamx']} VALUES ('Personal', '{$entry}')");
         }
     }
     $token = SEC_createToken();
     $display = '<hr' . XHTML . '>' . LB . '<p><b>';
     $display .= $LANG_SX00['pblack'];
     $display .= '</b></p>' . LB . '<ul>' . LB;
     $result = DB_query("SELECT value FROM {$_TABLES['spamx']} WHERE name = 'Personal'");
     $nrows = DB_numRows($result);
     for ($i = 0; $i < $nrows; $i++) {
         $A = DB_fetchArray($result);
         $e = $A['value'];
         $display .= '<li>' . COM_createLink(htmlspecialchars($e), $_CONF['site_admin_url'] . '/plugins/spamx/index.php?command=EditBlackList&amp;action=delete&amp;entry=' . urlencode($e) . '&amp;' . CSRF_TOKEN . '=' . $token) . '</li>' . LB;
     }
     $display .= '</ul>' . LB . '<p>' . $LANG_SX00['e1'] . '</p>' . LB;
     $display .= '<p>' . $LANG_SX00['e2'] . '</p>' . LB;
     $display .= '<form method="post" action="' . $_CONF['site_admin_url'] . '/plugins/spamx/index.php?command=EditBlackList">' . LB;
     $display .= '<div><input type="text" size="30" name="pentry"' . XHTML . '>&nbsp;&nbsp;&nbsp;';
     $display .= '<input type="submit" name="paction" value="' . $LANG_SX00['addentry'] . '"' . XHTML . '>' . LB;
     $display .= '<p>' . $LANG_SX00['e3'] . '</p>&nbsp;&nbsp;&nbsp;';
     $display .= '<input type="submit" name="paction" value="' . $LANG_SX00['addcen'] . '"' . XHTML . '>' . LB;
     $display .= '<input type="hidden" name="' . CSRF_TOKEN . "\" value=\"{$token}\"" . XHTML . '>' . LB;
     $display .= '</div></form>' . LB;
     return $display;
 }
Example #10
0
 function parse($p1, $p2, $fulltag)
 {
     global $_TABLES, $_CONF;
     $topic = DB_getItem($_TABLES['topics'], 'topic', "tid = '" . DB_escapeString($p1) . "'" . COM_getTopicSQL('AND'));
     if (empty($topic)) {
         return "<b>Unknown Topic</b>";
     }
     if (!empty($p2) && $p2 != $p1) {
         $topic = $p2;
     } else {
         $topic = $topic;
     }
     return '<a href="' . $_CONF['site_url'] . '/index.php?topic=' . urlencode($p1) . '">' . htmlspecialchars($topic) . '</a>';
 }
Example #11
0
 /**
  *   Perform the file upload
  *
  *   Calls the parent function to upload the files, then calls
  *   MakeThumbs() to create thumbnails.
  */
 public function uploadFiles()
 {
     global $_TABLES;
     // Perform the actual upload
     parent::uploadFiles();
     // Seed image cache with thumbnails
     $this->MakeThumbs();
     foreach ($this->goodfiles as $filename) {
         $sql = "INSERT INTO {$_TABLES['paypal.images']}\n                    (product_id, filename)\n                VALUES (\n                    '{$this->product_id}', '" . DB_escapeString($filename) . "'\n                )";
         $result = DB_query($sql);
         if (!$result) {
             $this->addError("uploadFiles() : Failed to insert {$filename}");
         }
     }
 }
/**
 * Add new config options
 *
 */
function update_ConfValuesFor161()
{
    global $_CONF, $_TABLES;
    require_once $_CONF['path_system'] . 'classes/config.class.php';
    $c = config::get_instance();
    // meta tag config options.
    $c->add('meta_tags', 0, 'select', 0, 0, 23, 2000, TRUE);
    $c->add('meta_description', 'Geeklog, the open source content management system designed with security in mind.', 'text', 0, 0, NULL, 2010, TRUE);
    $c->add('meta_keywords', 'Geeklog, Blog, Content Management System, CMS, Open Source, Security', 'text', 0, 0, NULL, 2020, TRUE);
    // new option to enable / disable closing of comments after x days
    $c->add('article_comment_close_enabled', 0, 'select', 4, 21, 0, 1685, TRUE);
    // the timezone config option is a dropdown now
    $utc = DB_escapeString(serialize('UTC'));
    // change default timezone to UTC
    DB_query("UPDATE {$_TABLES['conf_values']} SET type = 'select', selectionArray = -1, default_value = '{$utc}' WHERE name = 'timezone' AND group_name = 'Core'");
    return true;
}
Example #13
0
function MG_adminEXIFsave()
{
    global $_MG_CONF, $_TABLES, $_CONF, $LANG_MG01;
    $numItems = count($_POST['sel']);
    for ($i = 0; $i < $numItems; $i++) {
        $exif[$i]['tag'] = $_POST['tag'][$i];
        $exif[$i]['sel'] = $_POST['sel'][$i];
    }
    DB_query("UPDATE {$_TABLES['mg_exif_tags']} set selected=0");
    // resets all to 0
    for ($i = 0; $i < $numItems; $i++) {
        $sql = "UPDATE {$_TABLES['mg_exif_tags']} set selected=1 WHERE name='" . DB_escapeString($exif[$i]['sel']) . "'";
        DB_query($sql);
    }
    echo COM_refresh($_MG_CONF['admin_url'] . 'index.php?msg=3');
    exit;
}
Example #14
0
/**
* Hook up pollquestions with polltopics
*
*/
function polls_update_polltopics()
{
    global $_TABLES;
    $P_SQL = array();
    $move_sql = "SELECT pid, topic FROM {$_TABLES['polltopics']}";
    $move_rst = DB_query($move_sql);
    $count_move = DB_numRows($move_rst);
    for ($i = 0; $i < $count_move; $i++) {
        $A = DB_fetchArray($move_rst);
        $A[1] = DB_escapeString($A[1]);
        $P_SQL[] = "INSERT INTO {$_TABLES['pollquestions']} (pid, question) VALUES ('{$A[0]}','{$A[1]}');";
    }
    foreach ($P_SQL as $sql) {
        $rst = DB_query($sql);
        if (DB_error()) {
            echo "There was an error upgrading the polls, SQL: {$sql}<br>";
            return false;
        }
    }
}
Example #15
0
    /**
     * Return replacements for a given email address
     *
     * @param  string $address
     * @return array
     */
    public function getReplacementsFor($address)
    {
        global $_CONF, $_TABLES;
        $retval = array();
        $address = DB_escapeString($address);
        $sql = <<<SQL
          SELECT u.*, i.location, i.lastgranted, i.lastlogin FROM {$_TABLES['users']} AS u 
            LEFT JOIN {$_TABLES['userinfo']} AS i 
              ON u.uid = i.uid
            WHERE u.email = '{$address}' 
SQL;
        $resultSet = DB_query($sql);
        if (!DB_error()) {
            $A = DB_fetchArray($resultSet, false);
            if (is_array($A) && count($A) > 0) {
                $retval = array('{uid}' => $A['uid'], '{username}' => $A['username'], '{fullname}' => $A['fullname'], '{email}' => $A['email'], '{homepage}' => $A['homepage'], '{theme}' => $A['theme'], '{language}' => $A['language'], '{location}' => $A['location'], '{lastgranted}' => $A['lastgranted'], '{lastlogin}' => $A['lastlogin'], '{site_url}' => $_CONF['site_url'], '{site_name}' => $_CONF['site_name'], '{site_slogan}' => $_CONF['site_slogan'], '{owner_name}' => $_CONF['owner_name'], '{copyrightyear}' => $_CONF['copyrightyear'], '{site_mail}' => $_CONF['site_mail'], '{noreply_mail}' => $_CONF['noreply_mail']);
            }
        }
        return $retval;
    }
Example #16
0
/**
 * Fix site_url in content
 * If the site's URL changed due to the migration, this function will replace
 * the old URL with the new one in text content of the given tables.
 *
 * @param    string $oldUrl    the site's previous URL
 * @param    string $newUrl    the site's new URL after the migration
 * @param    array  $tableSpec (optional) list of tables to patch
 *                             The $tablespec is an array of tablename => fieldlist pairs, where the field
 *                             list contains the text fields to be searched and the table's index field
 *                             as the first(!) entry.
 *                             NOTE: This function may be used by plugins during PLG_migrate. Changes should
 *                             ensure backward compatibility.
 */
function INST_updateSiteUrl($oldUrl, $newUrl, array $tableSpec = array())
{
    global $_TABLES;
    // standard tables to update if no $tablespec given
    $tables = array('stories' => 'sid, introtext, bodytext, related', 'storysubmission' => 'sid, introtext, bodytext', 'comments' => 'cid, comment', 'trackback' => 'cid, excerpt, url', 'blocks' => 'bid, content');
    if (count($tableSpec) === 0) {
        $tableSpec = $tables;
    }
    if (empty($oldUrl) || empty($newUrl) || $oldUrl === $newUrl) {
        return;
    }
    foreach ($tableSpec as $table => $fieldList) {
        $fields = explode(',', str_replace(' ', '', $fieldList));
        $index = array_shift($fields);
        if (empty($_TABLES[$table]) || !DB_checkTableExists($table)) {
            COM_errorLog("Table {$table} does not exist - skipping migration");
            continue;
        }
        $result = DB_query("SELECT {$fieldList} FROM {$_TABLES[$table]}");
        $numRows = DB_numRows($result);
        for ($i = 0; $i < $numRows; $i++) {
            $A = DB_fetchArray($result);
            $changed = false;
            foreach ($fields as $field) {
                $newText = str_replace($oldUrl, $newUrl, $A[$field]);
                if ($newText != $A[$field]) {
                    $A[$field] = $newText;
                    $changed = true;
                }
            }
            if ($changed) {
                $sql = "UPDATE {$_TABLES[$table]} SET ";
                foreach ($fields as $field) {
                    $sql .= "{$field} = '" . DB_escapeString($A[$field]) . "', ";
                }
                $sql = substr($sql, 0, -2);
                DB_query($sql . " WHERE {$index} = '" . DB_escapeString($A[$index]) . "'");
            }
        }
    }
}
Example #17
0
function MG_rotateMedia($album_id, $media_id, $direction, $actionURL = '')
{
    global $_TABLES, $_MG_CONF;
    $sql = "SELECT * FROM " . $_TABLES['mg_media'] . " WHERE media_id='" . DB_escapeString($media_id) . "'";
    $result = DB_query($sql);
    $numRows = DB_numRows($result);
    if ($numRows == 0) {
        $sql = "SELECT * FROM " . $_TABLES['mg_mediaqueue'] . " WHERE media_id='" . DB_escapeString($media_id) . "'";
        $result = DB_query($sql);
        $numRows = DB_numRows($result);
    }
    if ($numRows == 0) {
        COM_errorLog("MG_rotateMedia: Unable to retrieve media object data");
        if ($actionURL == '') {
            return false;
        }
        echo COM_refresh($actionURL);
        exit;
    }
    $row = DB_fetchArray($result);
    $filename = $row['media_filename'];
    $media_size = false;
    foreach ($_MG_CONF['validExtensions'] as $ext) {
        if (file_exists($_MG_CONF['path_mediaobjects'] . 'tn/' . $filename[0] . '/' . $filename . $ext)) {
            $tn = $_MG_CONF['path_mediaobjects'] . 'tn/' . $filename[0] . '/' . $filename . $ext;
            $disp = $_MG_CONF['path_mediaobjects'] . 'disp/' . $filename[0] . '/' . $filename . $ext;
            break;
        }
    }
    $orig = $_MG_CONF['path_mediaobjects'] . 'orig/' . $filename[0] . '/' . $filename . '.' . $row['media_mime_ext'];
    list($rc, $msg) = IMG_rotateImage($tn, $direction);
    list($rc, $msg) = IMG_rotateImage($disp, $direction);
    list($rc, $msg) = IMG_rotateImage($orig, $direction);
    if ($actionURL == -1 || $actionURL == '') {
        return true;
    }
    echo COM_refresh($actionURL . '&t=' . time());
    exit;
}
Example #18
0
 /**
  * Returns array of (
  *   'id'        => $id (string),
  *   'title'     => $title (string),
  *   'uri'       => $uri (string),
  *   'date'      => $date (int: Unix timestamp),
  *   'image_uri' => $image_uri (string),
  *   'raw_data'  => raw data of the item (stripslashed)
  * )
  *
  *   @return array   Array described above
  */
 function getItemById($id, $all_langs = false)
 {
     global $_CONF, $_TABLES;
     $retval = array();
     $sql = "SELECT e.date_start1, d.*\n\t\t        FROM {$_TABLES['evlist_events']} e\n                LEFT JOIN {$_TABLES['evlist_detail']} d\n                    ON e.det_id = d.det_id\n\t\t\t    WHERE (e.id = '" . DB_escapeString($id) . "') ";
     if ($this->uid > 0) {
         $sql .= COM_getPermSql('AND', $this->uid, 'e');
     }
     $result = DB_query($sql);
     if (DB_error()) {
         return $retval;
     }
     if (DB_numRows($result) == 1) {
         $A = DB_fetchArray($result, false);
         $retval['id'] = $id;
         $retval['title'] = $A['title'];
         $retval['uri'] = COM_buildURL($_CONF['site_url'] . '/evlist/event.php?eid=' . rawurlencode($id));
         $retval['date'] = strtotime($A['date_start1']);
         $retval['image_uri'] = false;
         $retval['raw_data'] = $A;
     }
     return $retval;
 }
Example #19
0
function migrate_deletestory($sid)
{
    global $_TABLES, $_CONF;
    $result = DB_query("SELECT ai_filename FROM {$_TABLES['article_images']} WHERE ai_sid='" . DB_escapeString($sid) . "'");
    $nrows = DB_numRows($result);
    for ($i = 1; $i <= $nrows; $i++) {
        $A = DB_fetchArray($result);
        $filename = $_CONF['path_html'] . 'images/articles/' . $A['ai_filename'];
        if (!@unlink($filename)) {
            // log the problem but don't abort the script
            COM_errorLog('Unable to remove the following image from the article: ' . $filename);
        }
        // remove unscaled image, if it exists
        $lFilename_large = substr_replace($A['ai_filename'], '_original.', strrpos($A['ai_filename'], '.'), 1);
        $lFilename_large_complete = $_CONF['path_html'] . 'images/articles/' . $lFilename_large;
        if (file_exists($lFilename_large_complete)) {
            if (!@unlink($lFilename_large_complete)) {
                // ;og the problem but don't abort the script
                COM_errorLog('Unable to remove the following image from the article: ' . $lFilename_large_complete);
            }
        }
    }
    DB_delete($_TABLES['article_images'], 'ai_sid', DB_escapeString($sid));
    DB_delete($_TABLES['comments'], 'sid', DB_escapeString($sid));
    DB_delete($_TABLES['stories'], 'sid', DB_escapeString($sid));
    // update RSS feed and Older Stories block
    COM_rdfUpToDateCheck();
    COM_olderStuff();
    return;
}
Example #20
0
 /**
  * Performs search on all stories
  *
  * @return object plugin object
  *
  */
 private function _searchStories()
 {
     global $_TABLES, $_DB_dbms, $LANG09;
     // Make sure the query is SQL safe
     $query = trim(DB_escapeString($this->_query));
     $sql = 'SELECT s.sid AS id, s.title AS title, s.introtext AS description, ';
     $sql .= 'UNIX_TIMESTAMP(s.date) AS date, s.uid AS uid, s.hits AS hits, ';
     $sql .= 'CONCAT(\'/article.php?story=\',s.sid) AS url ';
     $sql .= 'FROM ' . $_TABLES['stories'] . ' AS s, ' . $_TABLES['users'] . ' AS u, ' . $_TABLES['topic_assignments'] . ' AS ta ';
     $sql .= 'WHERE (draft_flag = 0) AND (date <= NOW()) AND (u.uid = s.uid) ';
     $sql .= 'AND ta.type = \'article\' AND ta.id = sid ';
     $sql .= COM_getPermSQL('AND') . COM_getTopicSQL('AND', 0, 'ta') . COM_getLangSQL('sid', 'AND') . ' ';
     if (!empty($this->_topic)) {
         // Retrieve list of inherited topics
         if ($this->_topic == TOPIC_ALL_OPTION) {
             // Stories do not have an all option so just return all stories that meet the requirements and permissions
             //$sql .= "AND (ta.inherit = 1 OR (ta.inherit = 0 AND ta.tid = '".$this->_topic."')) ";
         } else {
             $tid_list = TOPIC_getChildList($this->_topic);
             $sql .= "AND (ta.tid IN({$tid_list}) AND (ta.inherit = 1 OR (ta.inherit = 0 AND ta.tid = '" . $this->_topic . "'))) ";
         }
     }
     if (!empty($this->_author)) {
         $sql .= 'AND (s.uid = \'' . $this->_author . '\') ';
     }
     $search_s = new SearchCriteria('stories', $LANG09[65]);
     $columns = array('title' => 'title', 'introtext', 'bodytext');
     $sql .= $search_s->getDateRangeSQL('AND', 'date', $this->_dateStart, $this->_dateEnd);
     list($sql, $ftsql) = $search_s->buildSearchSQL($this->_keyType, $query, $columns, $sql);
     $sql .= " GROUP BY s.sid";
     $search_s->setSQL($sql);
     $search_s->setFTSQL($ftsql);
     $search_s->setRank(5);
     $search_s->setURLRewrite(true);
     // Search Story Comments
     $sql = 'SELECT c.cid AS id, c.title AS title, c.comment AS description, ';
     $sql .= 'UNIX_TIMESTAMP(c.date) AS date, c.uid AS uid, \'0\' AS hits, ';
     // MSSQL has a problem when concatenating numeric values
     if ($_DB_dbms == 'mssql') {
         $sql .= '\'/comment.php?mode=view&amp;cid=\' + CAST(c.cid AS varchar(10)) AS url ';
     } else {
         $sql .= 'CONCAT(\'/comment.php?mode=view&amp;cid=\',c.cid) AS url ';
     }
     $sql .= 'FROM ' . $_TABLES['users'] . ' AS u, ' . $_TABLES['topic_assignments'] . ' AS ta, ' . $_TABLES['comments'] . ' AS c ';
     $sql .= 'LEFT JOIN ' . $_TABLES['stories'] . ' AS s ON ((s.sid = c.sid) ';
     $sql .= COM_getPermSQL('AND', 0, 2, 's') . COM_getLangSQL('sid', 'AND', 's') . ') ';
     $sql .= 'WHERE (u.uid = c.uid) AND (s.draft_flag = 0) AND (s.commentcode >= 0) AND (s.date <= NOW()) ';
     $sql .= 'AND ta.type = \'article\' AND ta.id = s.sid ' . COM_getTopicSQL('AND', 0, 'ta');
     if (!empty($this->_topic)) {
         if ($this->_topic == TOPIC_ALL_OPTION) {
             // Stories do not have an all option so just return all story comments that meet the requirements and permissions
             //$sql .= "AND (ta.inherit = 1 OR (ta.inherit = 0 AND ta.tid = '".$this->_topic."')) ";
         } else {
             $sql .= "AND (ta.tid IN({$tid_list}) AND (ta.inherit = 1 OR (ta.inherit = 0 AND ta.tid = '" . $this->_topic . "'))) ";
         }
     }
     if (!empty($this->_author)) {
         $sql .= 'AND (c.uid = \'' . $this->_author . '\') ';
     }
     $search_c = new SearchCriteria('comments', array($LANG09[65], $LANG09[66]));
     $columns = array('title' => 'c.title', 'comment');
     $sql .= $search_c->getDateRangeSQL('AND', 'c.date', $this->_dateStart, $this->_dateEnd);
     list($sql, $ftsql) = $search_c->buildSearchSQL($this->_keyType, $query, $columns, $sql);
     $sql .= " GROUP BY id";
     $search_c->setSQL($sql);
     $search_c->setFTSQL($ftsql);
     $search_c->setRank(2);
     return array($search_s, $search_c);
 }
Example #21
0
 /**
  * Perform database upgrades
  *
  * @param   string $currentGlVersion Current Geeklog version
  * @return  bool                     True if successful
  */
 private function doDatabaseUpgrades($currentGlVersion)
 {
     global $_TABLES, $_CONF, $_SP_CONF, $_DB, $_DB_dbms, $_DB_table_prefix;
     $_DB->setDisplayError(true);
     // Because the upgrade sql syntax can vary from dbms-to-dbms we are
     // leaving that up to each Geeklog database driver
     $done = false;
     $progress = '';
     $_SQL = array();
     while (!$done) {
         switch ($currentGlVersion) {
             case '1.2.5-1':
                 // Get DMBS-specific update sql
                 require_once $_CONF['path'] . 'sql/updates/' . $_DB_dbms . '_1.2.5-1_to_1.3.php';
                 $this->updateDB($_SQL, $progress);
                 // OK, now we need to add all users except anonymous to the All Users group and Logged in users group
                 // I can hard-code these group numbers because the group table was JUST created with these numbers
                 $result = DB_query("SELECT uid FROM {$_TABLES['users']} WHERE uid <> 1");
                 $numRows = DB_numRows($result);
                 for ($i = 1; $i <= $numRows; $i++) {
                     $U = DB_fetchArray($result);
                     DB_query("INSERT INTO {$_TABLES['group_assignments']} VALUES (2, {$U['uid']}, NULL)");
                     DB_query("INSERT INTO {$_TABLES['group_assignments']} VALUES (13, {$U['uid']}, NULL)");
                 }
                 // Now take care of any orphans off the user table...and let me curse MySQL lack for supporting foreign
                 // keys at this time ;-)
                 $result = DB_query("SELECT MAX(uid) FROM {$_TABLES['users']}");
                 $ITEM = DB_fetchArray($result);
                 $max_uid = $ITEM[0];
                 if (!empty($max_uid) && $max_uid != 0) {
                     DB_query("DELETE FROM {$_TABLES['userindex']} WHERE uid > {$max_uid}");
                     DB_query("DELETE FROM {$_TABLES['userinfo']} WHERE uid > {$max_uid}");
                     DB_query("DELETE FROM {$_TABLES['userprefs']} WHERE uid > {$max_uid}");
                     DB_query("DELETE FROM {$_TABLES['usercomment']} WHERE uid > {$max_uid}");
                 }
                 $currentGlVersion = '1.3';
                 $_SQL = array();
                 break;
             case '1.3':
                 require_once $_CONF['path'] . 'sql/updates/' . $_DB_dbms . '_1.3_to_1.3.1.php';
                 $this->updateDB($_SQL, $progress);
                 $currentGlVersion = '1.3.1';
                 $_SQL = array();
                 break;
             case '1.3.1':
                 require_once $_CONF['path'] . 'sql/updates/' . $_DB_dbms . '_1.3.1_to_1.3.2.php';
                 $this->updateDB($_SQL, $progress);
                 $currentGlVersion = '1.3.2-1';
                 $_SQL = array();
                 break;
             case '1.3.2':
             case '1.3.2-1':
                 require_once $_CONF['path'] . 'sql/updates/' . $_DB_dbms . '_1.3.2-1_to_1.3.3.php';
                 $this->updateDB($_SQL, $progress);
                 // Now we need to switch how user blocks are stored.  Right now we only store the blocks the
                 // user wants.  This will switch it to store the ones they don't want which allows us to add
                 // new blocks and ensure they are shown to the user.
                 $result = DB_query("SELECT {$_TABLES['users']}.uid,boxes FROM {$_TABLES['users']},{$_TABLES['userindex']} WHERE boxes IS NOT NULL AND boxes <> '' AND {$_TABLES['users']}.uid = {$_TABLES['userindex']}.uid");
                 $numRows = DB_numRows($result);
                 for ($i = 1; $i <= $numRows; $i++) {
                     $row = DB_fetchArray($result);
                     $uBlocks = str_replace(' ', ',', $row['boxes']);
                     $result2 = DB_query("SELECT bid,name FROM {$_TABLES['blocks']} WHERE bid NOT IN ({$uBlocks})");
                     $newBlocks = '';
                     for ($x = 1; $x <= DB_numRows($result2); $x++) {
                         $currentBlock = DB_fetchArray($result2);
                         if ($currentBlock['name'] !== 'user_block' && $currentBlock['name'] !== 'admin_block' && $currentBlock['name'] !== 'section_block') {
                             $newBlocks .= $currentBlock['bid'];
                             if ($x != DB_numRows($result2)) {
                                 $newBlocks .= ' ';
                             }
                         }
                     }
                     DB_query("UPDATE {$_TABLES['userindex']} SET boxes = '{$newBlocks}' WHERE uid = {$row['uid']}");
                 }
                 $currentGlVersion = '1.3.3';
                 $_SQL = array();
                 break;
             case '1.3.3':
                 require_once $_CONF['path'] . 'sql/updates/' . $_DB_dbms . '_1.3.3_to_1.3.4.php';
                 $this->updateDB($_SQL, $progress);
                 $currentGlVersion = '1.3.4';
                 $_SQL = array();
                 break;
             case '1.3.4':
                 require_once $_CONF['path'] . 'sql/updates/' . $_DB_dbms . '_1.3.4_to_1.3.5.php';
                 $this->updateDB($_SQL, $progress);
                 $result = DB_query("SELECT ft_id FROM {$_TABLES['features']} WHERE ft_name = 'user.mail'");
                 $row = DB_fetchArray($result);
                 $mail_ft = $row['ft_id'];
                 $result = DB_query("SELECT grp_id FROM {$_TABLES['groups']} WHERE grp_name = 'Mail Admin'");
                 $row = DB_fetchArray($result);
                 $group_id = $row['grp_id'];
                 DB_query("INSERT INTO {$_TABLES['access']} (acc_grp_id, acc_ft_id) VALUES ({$group_id}, {$mail_ft})");
                 $currentGlVersion = '1.3.5';
                 $_SQL = array();
                 break;
             case '1.3.5':
                 require_once $_CONF['path'] . 'sql/updates/' . $_DB_dbms . '_1.3.5_to_1.3.6.php';
                 $this->updateDB($_SQL, $progress);
                 if (!empty($_DB_table_prefix)) {
                     DB_query("RENAME TABLE staticpage TO {$_TABLES['staticpage']}");
                 }
                 $currentGlVersion = '1.3.6';
                 $_SQL = array();
                 break;
             case '1.3.6':
                 // fix wrong permissions value
                 DB_query("UPDATE {$_TABLES['topics']} SET perm_anon = 2 WHERE perm_anon = 3");
                 // check for existence of 'date' field in gl_links table
                 DB_query("SELECT date FROM {$_TABLES['links']}", 1);
                 if (strpos(DB_error(), 'date') > 0) {
                     DB_query("ALTER TABLE {$_TABLES['links']} ADD date datetime default NULL");
                 }
                 // Fix primary key so that more than one user can add an event
                 // to his/her personal calendar.
                 DB_query("ALTER TABLE {$_TABLES['personal_events']} DROP PRIMARY KEY, ADD PRIMARY KEY (eid,uid)");
                 $currentGlVersion = '1.3.7';
                 $_SQL = array();
                 break;
             case '1.3.7':
                 require_once $_CONF['path'] . 'sql/updates/' . $_DB_dbms . '_1.3.7_to_1.3.8.php';
                 $this->updateDB($_SQL, $progress);
                 // upgrade Static Pages plugin
                 $spVersion = $this->getStaticPagesVersion();
                 if ($spVersion == 1) {
                     // original version
                     DB_query("ALTER TABLE {$_TABLES['staticpage']} " . "ADD COLUMN group_id mediumint(8) unsigned DEFAULT '1'," . "ADD COLUMN owner_id mediumint(8) unsigned DEFAULT '1'," . "ADD COLUMN perm_owner tinyint(1) unsigned DEFAULT '3'," . "ADD COLUMN perm_group tinyint(1) unsigned DEFAULT '2'," . "ADD COLUMN perm_members tinyint(1) unsigned DEFAULT '2'," . "ADD COLUMN perm_anon tinyint(1) unsigned DEFAULT '2'," . "ADD COLUMN sp_php tinyint(1) unsigned DEFAULT '0'," . "ADD COLUMN sp_nf tinyint(1) unsigned DEFAULT '0'," . "ADD COLUMN sp_centerblock tinyint(1) unsigned NOT NULL default '0'," . "ADD COLUMN sp_tid varchar(20) NOT NULL default 'none'," . "ADD COLUMN sp_where tinyint(1) unsigned NOT NULL default '1'");
                     DB_query("INSERT INTO {$_TABLES['features']} (ft_name, ft_descr) VALUES ('staticpages.PHP','Ability to use PHP in static pages')");
                     $php_id = DB_insertId();
                     $group_id = DB_getItem($_TABLES['groups'], 'grp_id', "grp_name = 'Static Page Admin'");
                     DB_query("INSERT INTO {$_TABLES['access']} (acc_ft_id, acc_grp_id) VALUES ({$php_id}, {$group_id})");
                 } elseif ($spVersion == 2) {
                     // extended version by Phill or Tom
                     DB_query("ALTER TABLE {$_TABLES['staticpage']} " . "DROP COLUMN sp_pos," . "DROP COLUMN sp_search_keywords," . "ADD COLUMN sp_nf tinyint(1) unsigned DEFAULT '0'," . "ADD COLUMN sp_centerblock tinyint(1) unsigned NOT NULL default '0'," . "ADD COLUMN sp_tid varchar(20) NOT NULL default 'none'," . "ADD COLUMN sp_where tinyint(1) unsigned NOT NULL default '1'");
                 }
                 if ($spVersion > 0) {
                     // update plugin version number
                     DB_query("UPDATE {$_TABLES['plugins']} SET pi_version = '1.3', pi_gl_version = '1.3.8' WHERE pi_name = 'staticpages'");
                     // remove Static Pages 'lock' flag
                     DB_query("DELETE FROM {$_TABLES['vars']} WHERE name = 'staticpages'");
                     // remove Static Pages Admin group id
                     DB_query("DELETE FROM {$_TABLES['vars']} WHERE name = 'sp_group_id'");
                     if ($spVersion == 1) {
                         $result = DB_query("SELECT DISTINCT sp_uid FROM {$_TABLES['staticpage']}");
                         $authors = DB_numRows($result);
                         for ($i = 0; $i < $authors; $i++) {
                             $A = DB_fetchArray($result);
                             DB_query("UPDATE {$_TABLES['staticpage']} SET owner_id = '{$A['sp_uid']}' WHERE sp_uid = '{$A['sp_uid']}'");
                         }
                     }
                     $result = DB_query("SELECT sp_label FROM {$_TABLES['staticpage']} WHERE sp_title = 'Frontpage'");
                     if (DB_numRows($result) > 0) {
                         $A = DB_fetchArray($result);
                         if ($A['sp_label'] == 'nonews') {
                             DB_query("UPDATE {$_TABLES['staticpage']} SET sp_centerblock = 1, sp_where = 0 WHERE sp_title = 'Frontpage'");
                         } elseif (!empty($A['sp_label'])) {
                             DB_query("UPDATE {$_TABLES['staticpage']} SET sp_centerblock = 1, sp_title = '{$A['sp_label']}' WHERE sp_title = 'Frontpage'");
                         } else {
                             DB_query("UPDATE {$_TABLES['staticpage']} SET sp_centerblock = 1 WHERE sp_title = 'Frontpage'");
                         }
                     }
                 }
                 $currentGlVersion = '1.3.8';
                 $_SQL = array();
                 break;
             case '1.3.8':
                 require_once $_CONF['path'] . 'sql/updates/' . $_DB_dbms . '_1.3.8_to_1.3.9.php';
                 $this->updateDB($_SQL, $progress);
                 $pos = strrpos($_CONF['rdf_file'], '/');
                 $filename = substr($_CONF['rdf_file'], $pos + 1);
                 $siteName = DB_escapeString($_CONF['site_name']);
                 $siteSlogan = DB_escapeString($_CONF['site_slogan']);
                 DB_query("INSERT INTO {$_TABLES['syndication']} (title, description, limits, content_length, filename, charset, language, is_enabled, updated, update_info) VALUES ('{$siteName}', '{$siteSlogan}', '{$_CONF['rdf_limit']}', {$_CONF['rdf_storytext']}, '{$filename}', '{$_CONF['default_charset']}', '{$_CONF['rdf_language']}', {$_CONF['backend']}, CURRENT_TIMESTAMP, NULL)");
                 // upgrade static pages plugin
                 $spVersion = $this->getStaticPagesVersion();
                 if ($spVersion > 0) {
                     if ($spVersion < 4) {
                         if (!isset($_SP_CONF['in_block'])) {
                             $_SP_CONF['in_block'] = 1;
                         } elseif ($_SP_CONF['in_block'] > 1) {
                             $_SP_CONF['in_block'] = 1;
                         } elseif ($_SP_CONF['in_block'] < 0) {
                             $_SP_CONF['in_block'] = 0;
                         }
                         DB_query("ALTER TABLE {$_TABLES['staticpage']} ADD COLUMN sp_inblock tinyint(1) unsigned DEFAULT '{$_SP_CONF['in_block']}'");
                     }
                     DB_query("UPDATE {$_TABLES['plugins']} SET pi_version = '1.4', pi_gl_version = '1.3.9' WHERE pi_name = 'staticpages'");
                 }
                 // recreate 'date' field for old links
                 $result = DB_query("SELECT lid FROM {$_TABLES['links']} WHERE date IS NULL");
                 $num = DB_numRows($result);
                 if ($num > 0) {
                     for ($i = 0; $i < $num; $i++) {
                         $A = DB_fetchArray($result);
                         $myYear = substr($A['lid'], 0, 4);
                         $myMonth = substr($A['lid'], 4, 2);
                         $myDay = substr($A['lid'], 6, 2);
                         $myHour = substr($A['lid'], 8, 2);
                         $myMin = substr($A['lid'], 10, 2);
                         $mySec = substr($A['lid'], 12, 2);
                         $mTime = mktime($myHour, $myMin, $mySec, $myMonth, $myDay, $myYear);
                         $date = date('Y-m-d H:i:s', $mTime);
                         DB_query("UPDATE {$_TABLES['links']} SET date = '{$date}' WHERE lid = '{$A['lid']}'");
                     }
                 }
                 // remove unused entries left over from deleted groups
                 $result = DB_query("SELECT grp_id FROM {$_TABLES['groups']}");
                 $num = DB_numRows($result);
                 $groups = array();
                 for ($i = 0; $i < $num; $i++) {
                     $A = DB_fetchArray($result);
                     $groups[] = $A['grp_id'];
                 }
                 $groupList = '(' . implode(',', $groups) . ')';
                 DB_query("DELETE FROM {$_TABLES['group_assignments']} WHERE (ug_main_grp_id NOT IN {$groupList}) OR (ug_grp_id NOT IN {$groupList})");
                 $currentGlVersion = '1.3.9';
                 $_SQL = array();
                 break;
             case '1.3.9':
                 require_once $_CONF['path'] . 'sql/updates/' . $_DB_dbms . '_1.3.9_to_1.3.10.php';
                 $this->updateDB($_SQL, $progress);
                 commentsToPreorderTree();
                 $result = DB_query("SELECT sid,introtext,bodytext FROM {$_TABLES['stories']}");
                 $numStories = DB_numRows($result);
                 for ($i = 0; $i < $numStories; $i++) {
                     $A = DB_fetchArray($result);
                     $related = DB_escapeString(implode("\n", UPDATE_extractLinks($A['introtext'] . ' ' . $A['bodytext'])));
                     if (empty($related)) {
                         DB_query("UPDATE {$_TABLES['stories']} SET related = NULL WHERE sid = '{$A['sid']}'");
                     } else {
                         DB_query("UPDATE {$_TABLES['stories']} SET related = '{$related}' WHERE sid = '{$A['sid']}'");
                     }
                 }
                 $spVersion = $this->getStaticPagesVersion();
                 if ($spVersion > 0) {
                     // no database changes this time, but set new version number
                     DB_query("UPDATE {$_TABLES['plugins']} SET pi_version = '1.4.1', pi_gl_version = '1.3.10' WHERE pi_name = 'staticpages'");
                 }
                 // install SpamX plugin
                 // (also handles updates from version 1.0)
                 install_spamx_plugin();
                 $currentGlVersion = '1.3.10';
                 $_SQL = array();
                 break;
             case '1.3.10':
                 require_once $_CONF['path'] . 'sql/updates/' . $_DB_dbms . '_1.3.10_to_1.3.11.php';
                 $this->updateDB($_SQL, $progress);
                 $currentGlVersion = '1.3.11';
                 $_SQL = array();
                 break;
             case '1.3.11':
                 require_once $_CONF['path'] . 'sql/updates/' . $_DB_dbms . '_1.3.11_to_1.4.0.php';
                 $this->updateDB($_SQL, $progress);
                 upgrade_addFeature();
                 upgrade_uniqueGroupNames();
                 $currentGlVersion = '1.4.0';
                 $_SQL = array();
                 break;
             case '1.4.0':
                 require_once $_CONF['path'] . 'sql/updates/' . $_DB_dbms . '_1.4.0_to_1.4.1.php';
                 $this->updateDB($_SQL, $progress);
                 upgrade_addSyndicationFeature();
                 upgrade_ensureLastScheduledRunFlag();
                 upgrade_plugins_141();
                 $currentGlVersion = '1.4.1';
                 $_SQL = array();
                 break;
             case '1.4.1':
                 require_once $_CONF['path'] . 'sql/updates/' . $_DB_dbms . '_1.4.1_to_1.5.0.php';
                 $this->updateDB($_SQL, $progress);
                 upgrade_addWebservicesFeature();
                 create_ConfValues();
                 require_once $_CONF['path_system'] . 'classes/config.class.php';
                 $config = config::get_instance();
                 if (file_exists($_CONF['path'] . 'config.php')) {
                     // Read the values from config.php and use them to populate conf_values
                     $tempPath = $_CONF['path'];
                     // We'll need this to remember what the correct path is.
                     // Including config.php will overwrite all our $_CONF values.
                     require $tempPath . 'config.php';
                     // Load some important values from config.php into conf_values
                     foreach ($_CONF as $key => $val) {
                         $config->set($key, $val);
                     }
                     if (!$this->setDefaultCharset($this->env['siteconfig_path'], $_CONF['default_charset'])) {
                         exit($this->LANG['INSTALL'][26] . ' ' . $this->env['siteconfig_path'] . $this->LANG['INSTALL'][58]);
                     }
                     require $this->env['siteconfig_path'];
                     require $this->env['dbconfig_path'];
                 }
                 // Update the GL configuration with the correct paths.
                 $config->set('path_html', $this->env['html_path']);
                 $config->set('path_log', $_CONF['path'] . 'logs/');
                 $config->set('path_language', $_CONF['path'] . 'language/');
                 $config->set('backup_path', $_CONF['path'] . 'backups/');
                 $config->set('path_data', $_CONF['path'] . 'data/');
                 $config->set('path_images', $this->env['html_path'] . 'images/');
                 $config->set('path_themes', $this->env['html_path'] . 'layout/');
                 $config->set('path_editors', $this->env['html_path'] . 'editors/');
                 $config->set('rdf_file', $this->env['html_path'] . 'backend/geeklog.rss');
                 $config->set('path_pear', $_CONF['path_system'] . 'pear/');
                 // core plugin updates are done in the plugins themselves
                 $currentGlVersion = '1.5.0';
                 $_SQL = array();
                 break;
             case '1.5.0':
                 require_once $_CONF['path'] . 'sql/updates/' . $_DB_dbms . '_1.5.0_to_1.5.1.php';
                 $this->updateDB($_SQL, $progress);
                 $currentGlVersion = '1.5.1';
                 $_SQL = array();
                 break;
             case '1.5.1':
                 // there were no core database changes in 1.5.2
                 $currentGlVersion = '1.5.2';
                 $_SQL = array();
                 break;
             case '1.5.2':
                 require_once $_CONF['path'] . 'sql/updates/' . $_DB_dbms . '_1.5.2_to_1.6.0.php';
                 $this->updateDB($_SQL, $progress);
                 update_ConfValues();
                 upgrade_addNewPermissions();
                 upgrade_addIsoFormat();
                 $this->fixOptionalConfig();
                 $currentGlVersion = '1.6.0';
                 $_SQL = array();
                 break;
             case '1.6.0':
                 require_once $_CONF['path'] . 'sql/updates/' . $_DB_dbms . '_1.6.0_to_1.6.1.php';
                 $this->updateDB($_SQL, $progress);
                 update_ConfValuesFor161();
                 $currentGlVersion = '1.6.1';
                 $_SQL = array();
                 break;
             case '1.6.1':
                 require_once $_CONF['path'] . 'sql/updates/' . $_DB_dbms . '_1.6.1_to_1.7.0.php';
                 $this->updateDB($_SQL, $progress);
                 update_ConfValuesFor170();
                 $currentGlVersion = '1.7.0';
                 $_SQL = array();
                 break;
             case '1.7.0':
                 $currentGlVersion = '1.7.2';
                 // skip ahead
                 $_SQL = array();
                 break;
             case '1.7.1':
                 // there were no database changes in 1.7.1
             // there were no database changes in 1.7.1
             case '1.7.2':
                 require_once $_CONF['path'] . 'sql/updates/' . $_DB_dbms . '_1.7.2_to_1.8.0.php';
                 $this->updateDB($_SQL, $progress);
                 update_ConfValuesFor180();
                 update_ConfigSecurityFor180();
                 update_UsersFor180();
                 $currentGlVersion = '1.8.0';
                 $_SQL = array();
                 break;
             case '1.8.0':
             case '1.8.1':
             case '1.8.2':
                 // there were no database changes in 1.8.x
                 require_once $_CONF['path'] . 'sql/updates/' . $_DB_dbms . '_1.8.2_to_2.0.0.php';
                 $this->updateDB($_SQL, $progress);
                 update_ConfValuesFor200();
                 update_BlockTopicAssignmentsFor200();
                 update_StoryTopicAssignmentsFor200();
                 $currentGlVersion = '2.0.0';
                 $_SQL = array();
                 break;
             case '2.0.0':
                 require_once $_CONF['path'] . 'sql/updates/' . $_DB_dbms . '_2.0.0_to_2.1.0.php';
                 $this->updateDB($_SQL, $progress);
                 update_addFilemanager();
                 update_ConfValuesFor210();
                 $currentGlVersion = '2.1.0';
                 $_SQL = array();
                 break;
             case '2.1.1':
                 require_once $_CONF['path'] . 'sql/updates/' . $_DB_dbms . '_2.1.1_to_2.1.2.php';
                 $this->updateDB($_SQL, $progress);
                 update_ConfValuesFor212();
                 $currentGlVersion = '2.1.2';
                 $_SQL = array();
                 break;
             default:
                 $done = true;
         }
     }
     $this->setVersion($this->env['siteconfig_path']);
     // delete the security check flag on every update to force the user
     // to run admin/sectest.php again
     DB_delete($_TABLES['vars'], 'name', 'security_check');
     return true;
 }
Example #22
0
/**
 * Extract story ID (sid) from the URL
 * Accepts rewritten and old-style URLs. Also checks permissions.
 *
 * @param    string $url targetURI, a URL on our site
 * @return   string          story ID or empty string for error
 */
function PNB_getSid($url)
{
    global $_CONF, $_TABLES;
    $retval = '';
    $sid = '';
    $params = substr($url, strlen($_CONF['site_url'] . '/article.php'));
    if (substr($params, 0, 1) === '?') {
        // old-style URL
        $pos = strpos($params, 'story=');
        if ($pos !== false) {
            $part = substr($params, $pos + strlen('story='));
            $parts = explode('&', $part);
            $sid = $parts[0];
        }
    } elseif (substr($params, 0, 1) == '/') {
        // rewritten URL
        $parts = explode('/', substr($params, 1));
        $sid = $parts[0];
    }
    if (!empty($sid)) {
        $parts = explode('#', $sid);
        $sid = $parts[0];
    }
    // okay, so we have a SID - but are they allowed to access the story?
    if (!empty($sid)) {
        $testsid = DB_escapeString($sid);
        $result = DB_query("SELECT trackbackcode FROM {$_TABLES['stories']}, {$_TABLES['topic_assignments']} ta WHERE ta.type = 'article' AND ta.id = sid AND sid = '{$testsid}'" . COM_getPermSql('AND') . COM_getTopicSql('AND', 0, ta));
        if (DB_numRows($result) == 1) {
            $A = DB_fetchArray($result);
            if ($A['trackbackcode'] == 0) {
                $retval = $sid;
            }
        }
    }
    return $retval;
}
Example #23
0
/**
* Copies and installs new style plugins
*
* Copies all files the proper place and runs the automated installer
* or upgrade.
*
* @return   string              Formatted HTML containing the page body
*
*/
function post_uploadProcess()
{
    global $_CONF, $_PLUGINS, $_TABLES, $autotagData, $LANG32, $_DB_dbms, $_DB_table_prefix;
    $retval = '';
    $upgrade = false;
    $masterErrorCount = 0;
    $masterErrorMsg = '';
    $autotagData = array();
    $autotagData['id'] = COM_applyFilter($_POST['pi_name']);
    $autotagData['name'] = $autotagData['id'];
    $autotagData['version'] = COM_applyFilter($_POST['pi_version']);
    $autotagData['glfusionversion'] = COM_applyFilter($_POST['pi_gl_version']);
    $tdir = COM_applyFilter($_POST['temp_dir']);
    $tdir = preg_replace('/[^a-zA-Z0-9\\-_\\.]/', '', $tdir);
    $tdir = str_replace('..', '', $tdir);
    $tmp = $_CONF['path_data'] . $tdir;
    $autotagData = array();
    $rc = _at_parseXML($tmp);
    if ($rc == -1) {
        // no xml file found
        return _at_errorBox($LANG32[74]);
    }
    clearstatcache();
    $permError = 0;
    $permErrorList = '';
    // copy to proper directories
    if (defined('DEMO_MODE')) {
        _pi_deleteDir($tmp);
        echo COM_refresh($_CONF['site_admin_url'] . '/autotag.php?msg=503');
        exit;
    }
    if (function_exists('set_time_limit')) {
        @set_time_limit(30);
    }
    $autotagData['id'] = preg_replace('/[^a-zA-Z0-9\\-_\\.]/', '', $autotagData['id']);
    $rc = _pi_file_copy($tmp . '/' . $autotagData['id'] . '.class.php', $_CONF['path_system'] . 'autotags/');
    if ($rc === false) {
        $errorMessage = '<h2>' . $LANG32[42] . '</h2>' . $LANG32[43] . $permErrorList . '<br />' . $LANG32[44];
        _pi_deleteDir($tmp);
        return _at_errorBox($errorMessage);
    }
    // copy template files, if any
    if (isset($autotagData['template']) && is_array($autotagData['template'])) {
        foreach ($autotagData['template'] as $filename) {
            $rc = _pi_file_copy($tmp . '/' . $filename, $_CONF['path_system'] . 'autotags/');
            if ($rc === false) {
                @unlink($_CONF['path_system'] . $autotagData['id'] . '.class.php');
                $errorMessage = '<h2>' . $LANG32[42] . '</h2>' . $LANG32[43] . $permErrorList . '<br />' . $LANG32[44];
                _pi_deleteDir($tmp);
                return _at_errorBox($errorMessage);
            }
        }
    }
    $tag = DB_escapeString($autotagData['id']);
    $desc = DB_escapeString($autotagData['description']);
    $is_enabled = 1;
    $is_function = 1;
    $replacement = '';
    DB_query("REPLACE INTO {$_TABLES['autotags']} (tag,description,is_enabled,is_function,replacement) VALUES ('" . $tag . "','" . $desc . "'," . $is_enabled . "," . $is_function . ",'')");
    _pi_deleteDir($tmp);
    CTL_clearCache();
    // show status (success or fail)
    return $retval;
}
Example #24
0
/**
 * Save topic to the database
 *
 * @param    string $tid              Topic ID
 * @param    string $topic            Name of topic (what the user sees)
 * @param    int    $inherit          whether to inherit
 * @param    int    $hidden           whether to hide
 * @param    string $parent_id        Parent ID
 * @param    string $imageUrl         (partial) URL to topic image
 * @param    string $meta_description Topic meta description
 * @param    string $meta_keywords    Topic meta keywords
 * @param    int    $sortNum          number for sort order in "Topics" block
 * @param    int    $limitNews        number of stories per page for this topic
 * @param    int    $owner_id         ID of owner
 * @param    int    $group_id         ID of group topic belongs to
 * @param    int    $perm_owner       Permissions the owner has
 * @param    int    $perm_group       Permissions the group has
 * @param    int    $perm_members     Permissions members have
 * @param    int    $perm_anon        Permissions anonymous users have
 * @param    string $is_default       'on' if this is the default topic
 * @param    string $is_archive       'on' if this is the archive topic
 * @return   string                   HTML redirect or error message
 */
function savetopic($tid, $topic, $inherit, $hidden, $parent_id, $imageUrl, $meta_description, $meta_keywords, $sortNum, $limitNews, $owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon, $is_default, $is_archive)
{
    global $_CONF, $_TABLES, $_USER, $LANG27, $MESSAGE;
    $retval = '';
    // Convert array values to numeric permission values
    list($perm_owner, $perm_group, $perm_members, $perm_anon) = SEC_getPermissionValues($perm_owner, $perm_group, $perm_members, $perm_anon);
    $tid = COM_sanitizeID($tid);
    // Check if tid is a restricted name
    $restricted_tid = false;
    if (!strcasecmp($tid, TOPIC_ALL_OPTION) || !strcasecmp($tid, TOPIC_NONE_OPTION) || !strcasecmp($tid, TOPIC_HOMEONLY_OPTION) || !strcasecmp($tid, TOPIC_SELECTED_OPTION) || !strcasecmp($tid, TOPIC_ROOT)) {
        $restricted_tid = true;
    }
    // Check if tid is used by another topic
    $duplicate_tid = false;
    $old_tid = '';
    if (isset($_POST['old_tid'])) {
        $old_tid = COM_applyFilter($_POST['old_tid']);
        if (!empty($old_tid)) {
            $old_tid = COM_sanitizeID($old_tid);
            // See if new topic id
            if (strcasecmp($tid, $old_tid)) {
                if (!strcasecmp($tid, DB_getItem($_TABLES['topics'], 'tid', "tid = '{$tid}'"))) {
                    $duplicate_tid = true;
                }
            }
        } else {
            if (!strcasecmp($tid, DB_getItem($_TABLES['topics'], 'tid', "tid = '{$tid}'"))) {
                $duplicate_tid = true;
            }
        }
    }
    // Make sure parent id exists
    $parent_id_found = false;
    if ($parent_id == DB_getItem($_TABLES['topics'], 'tid', "tid = '{$parent_id}'") || $parent_id == TOPIC_ROOT) {
        $parent_id_found = true;
    }
    // Check if parent archive topic, if so bail
    $archive_parent = false;
    $archive_tid = DB_getItem($_TABLES['topics'], 'tid', 'archive_flag = 1');
    if ($parent_id == $archive_tid) {
        $archive_parent = true;
    }
    // If archive topic, make sure no child topics else bail
    $archive_child = false;
    $is_archive = $is_archive == 'on' ? 1 : 0;
    if ($is_archive) {
        if ($tid == DB_getItem($_TABLES['topics'], 'parent_id', "parent_id = '{$tid}'")) {
            $archive_child = true;
        }
    }
    if (DB_count($_TABLES['topics'], 'tid', $tid) > 0) {
        $result = DB_query("SELECT owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon FROM {$_TABLES['topics']} WHERE tid = '{$tid}'");
        $A = DB_fetchArray($result);
        $access = SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']);
    } else {
        $access = SEC_hasAccess($owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon);
    }
    if ($access < 3 || !SEC_inGroup($group_id)) {
        $retval .= COM_showMessageText($MESSAGE[29], $MESSAGE[30]);
        $retval = COM_createHTMLDocument($retval, array('pagetitle' => $MESSAGE[30]));
        COM_accessLog("User {$_USER['username']} tried to illegally create or edit topic {$tid}.");
    } else {
        // Now check access to parent topic
        if ($parent_id != TOPIC_ROOT) {
            if (DB_count($_TABLES['topics'], 'tid', $parent_id) > 0) {
                $result = DB_query("SELECT owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon FROM {$_TABLES['topics']} WHERE tid = '{$parent_id}'");
                $A = DB_fetchArray($result);
                $access = SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']);
            }
            $in_Group = SEC_inGroup($A['group_id']);
        } else {
            $access = 3;
            $in_Group = true;
        }
        if ($access < 3 || !$in_Group) {
            $retval .= COM_showMessageText($MESSAGE[29], $MESSAGE[30]);
            $retval = COM_createHTMLDocument($retval, array('pagetitle' => $MESSAGE[30]));
            COM_accessLog("User {$_USER['username']} tried to illegally assign topic {$tid} to {$parent_id}.");
        } elseif (!empty($tid) && !empty($topic) && !$restricted_tid && !$duplicate_tid && !$archive_parent && !$archive_child && $parent_id_found) {
            if ($imageUrl === '/images/topics/') {
                $imageUrl = '';
            }
            $topic = GLText::remove4byteUtf8Chars(strip_tags($topic));
            $topic = DB_escapeString($topic);
            $meta_description = GLText::remove4byteUtf8Chars(strip_tags($meta_description));
            $meta_description = DB_escapeString($meta_description);
            $meta_keywords = GLText::remove4byteUtf8Chars(strip_tags($meta_keywords));
            $meta_keywords = DB_escapeString($meta_keywords);
            if ($is_default == 'on') {
                $is_default = 1;
                DB_query("UPDATE {$_TABLES['topics']} SET is_default = 0 WHERE is_default = 1");
            } else {
                $is_default = 0;
            }
            if ($is_archive) {
                // $tid is the archive topic
                // - if it wasn't already, mark all its stories "archived" now
                if ($archive_tid != $tid) {
                    $sql = "UPDATE {$_TABLES['stories']} s, {$_TABLES['topic_assignments']} ta\n                            SET s.featured = 0, s.frontpage = 0, s.statuscode = " . STORY_ARCHIVE_ON_EXPIRE . "\n                            WHERE ta.type = 'article' AND ta.tid = '{$tid}' AND ta.id = s.sid";
                    DB_query($sql);
                    $sql = "UPDATE {$_TABLES['topics']} SET archive_flag = 0 WHERE archive_flag = 1";
                    DB_query($sql);
                }
                // Set hidden and inherit to false since archive topic now
                $inherit = '';
                $hidden = '';
            } else {
                // $tid is not the archive topic
                // - if it was until now, reset the "archived" status of its stories
                if ($archive_tid == $tid) {
                    $sql = "UPDATE {$_TABLES['stories']} s, {$_TABLES['topic_assignments']} ta\n                            SET s.statuscode = 0\n                            WHERE ta.type = 'article' AND ta.tid = '{$tid}' AND ta.id = s.sid";
                    DB_query($sql);
                    $sql = "UPDATE {$_TABLES['topics']} SET archive_flag = 0 WHERE archive_flag = 1";
                    DB_query($sql);
                }
            }
            $inherit = $inherit == 'on' ? 1 : 0;
            $hidden = $hidden == 'on' ? 1 : 0;
            // Cannot hide root topics so switch if needed
            if ($parent_id == TOPIC_ROOT && $hidden == 1) {
                $hidden = 0;
            }
            // If not a new topic and id change then...
            if (!empty($old_tid)) {
                if ($tid != $old_tid) {
                    changetopicid($tid, $old_tid);
                    $old_tid = DB_escapeString($old_tid);
                    DB_delete($_TABLES['topics'], 'tid', $old_tid);
                }
            }
            DB_save($_TABLES['topics'], 'tid, topic, inherit, hidden, parent_id, imageurl, meta_description, meta_keywords, sortnum, limitnews, is_default, archive_flag, owner_id, group_id, perm_owner, perm_group, perm_members, perm_anon', "'{$tid}', '{$topic}', {$inherit}, {$hidden}, '{$parent_id}', '{$imageUrl}', '{$meta_description}', '{$meta_keywords}','{$sortNum}','{$limitNews}',{$is_default},'{$is_archive}',{$owner_id},{$group_id},{$perm_owner},{$perm_group},{$perm_members},{$perm_anon}");
            if ($old_tid != $tid) {
                PLG_itemSaved($tid, 'topic', $old_tid);
            } else {
                PLG_itemSaved($tid, 'topic');
            }
            // Reorder Topics, Delete topic cache and reload topic tree
            reorderTopics();
            // update feed(s)
            COM_rdfUpToDateCheck('article', $tid);
            COM_redirect($_CONF['site_admin_url'] . '/topic.php?msg=13');
        } elseif ($restricted_tid) {
            $retval .= COM_errorLog($LANG27[31], 2);
            $retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG27[1]));
        } elseif ($duplicate_tid) {
            $retval .= COM_errorLog($LANG27[49], 2);
            $retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG27[1]));
        } elseif ($archive_parent) {
            $retval .= COM_errorLog($LANG27[46], 2);
            $retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG27[1]));
        } elseif ($archive_child) {
            $retval .= COM_errorLog($LANG27[47], 2);
            $retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG27[1]));
        } elseif (!$parent_id_found) {
            $retval .= COM_errorLog($LANG27[48], 2);
            $retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG27[1]));
        } else {
            $retval .= COM_errorLog($LANG27[7], 2);
            $retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG27[1]));
        }
    }
    return $retval;
}
Example #25
0
function MB_saveEditMenuElement()
{
    global $_CONF, $_TABLES, $MenuElementAllowedHTML;
    $filter = sanitizer::getInstance();
    $allowedElements = $filter->makeAllowedElements($MenuElementAllowedHTML);
    $filter->setAllowedElements($allowedElements);
    $filter->setPostmode('html');
    $id = COM_applyFilter($_POST['id'], true);
    $menu_id = COM_applyFilter($_POST['menu']);
    $pid = COM_applyFilter($_POST['pid'], true);
    $label = DB_escapeString($filter->filterHTML($_POST['menulabel']));
    $type = COM_applyFilter($_POST['menutype'], true);
    $target = COM_applyFilter($_POST['urltarget']);
    $menu = menu::getInstance($menu_id);
    if ($type == 0) {
        $type = 1;
    }
    switch ($type) {
        case 2:
            $subtype = COM_applyFilter($_POST['glfunction']);
            break;
        case 3:
            $subtype = COM_applyFilter($_POST['gltype'], true);
            break;
        case 4:
            $subtype = COM_applyFilter($_POST['pluginname']);
            break;
        case 5:
            $subtype = COM_applyFilter($_POST['spname']);
            break;
        case 6:
            $subtype = COM_applyFilter($_POST['menuurl']);
            if (strpos($subtype, "http") !== 0 && strpos($subtype, "%site") === false && $subtype[0] != '#' && rtrim($subtype) != '') {
                $subtype = 'http://' . $subtype;
            }
            break;
        case 7:
            $subtype = COM_applyFilter($_POST['phpfunction']);
            break;
        case 9:
            $subtype = COM_applyFIlter($_POST['topicname']);
            break;
        default:
            $subtype = '';
            break;
    }
    $active = COM_applyFilter($_POST['menuactive'], true);
    $url = '';
    if (isset($_POST['menuurl']) && $_POST['menuurl'] != '') {
        $url = trim(DB_escapeString(COM_applyFilter($_POST['menuurl'])));
        if (strpos($url, "http") !== 0 && strpos($url, "%site") === false && $url[0] != '#' && rtrim($url) != '') {
            $url = 'http://' . $url;
        }
    }
    $group_id = COM_applyFilter($_POST['group'], true);
    $aid = COM_applyFilter($_POST['menuorder'], true);
    $aorder = DB_getItem($_TABLES['menu_elements'], 'element_order', 'id=' . $aid);
    $neworder = $aorder + 1;
    $sql = "UPDATE {$_TABLES['menu_elements']} SET pid=" . (int) $pid . ", element_order=" . (int) $neworder . ", element_label='{$label}', element_type='{$type}', element_subtype='{$subtype}', element_active={$active}, element_url='{$url}', element_target='" . DB_escapeString($target) . "', group_id=" . (int) $group_id . " WHERE id=" . (int) $id;
    DB_query($sql);
    $menu->reorderMenu($pid);
}
Example #26
0
$album_id = COM_applyFilter($_GET['aid'], true);
$media_id = COM_applyFilter($_GET['mid']);
$T = new Template(MG_getTemplatePath($album_id));
$T->set_file('page', 'view_image.thtml');
$T->set_var('header', $LANG_MG00['plugin']);
$T->set_var('site_url', $_CONF['site_url']);
$T->set_var('plugin', 'mediagallery');
//
// -- Verify that image really does belong to this album
//
$sql = "SELECT * FROM " . $_TABLES['mg_media_albums'] . " WHERE media_id='" . DB_escapeString($mid) . "' AND album_id='" . intval($aid) . "'";
$result = DB_query($sql);
if (DB_numRows($result) < 1) {
    die("ERROR #2");
}
// Get Album Info...
$sql = "SELECT * FROM " . $_TABLES['mg_albums'] . " WHERE album_id=" . intval($album_id);
$result = DB_query($sql);
$row = DB_fetchArray($result);
// Check access rights
$access = SEC_hasAccess($row['owner_id'], $row['group_id'], $row['perm_owner'], $row['perm_group'], $row['perm_members'], $row['perm_anon']);
if ($access == 0) {
    $display .= COM_siteHeader('menu') . COM_showMessageText($LANG_MG00['access_denied_msg'], $LANG_ACCESS['accessdenied'], true) . COM_siteFooter();
    echo $display;
    exit;
}
$sql = "SELECT * FROM " . $_TABLES['mg_media'] . " WHERE media_id='" . DB_escapeString($media_id) . "'";
$result = DB_query($sql);
$row = DB_fetchArray($result);
echo '<img src="' . $_MG_CONF['mediaobjects_url'] . '/disp/' . $row['media_filename'][0] . '/' . $row['media_filename'] . '.jpg' . '">';
exit;
Example #27
0
/**
 * Submit static page. The page is updated if it exists, or a new one is created
 *
 * @param   array   args     Contains all the data provided by the client
 * @param   string  &output  OUTPUT parameter containing the returned text
 * @param   string  &svc_msg OUTPUT parameter containing any service messages
 * @return  int		     Response code as defined in lib-plugins.php
 */
function service_submit_staticpages($args, &$output, &$svc_msg)
{
    global $_CONF, $_TABLES, $_USER, $LANG_ACCESS, $LANG12, $LANG_STATIC, $LANG_LOGIN, $_GROUPS, $_SP_CONF;
    $output = '';
    if (!SEC_hasRights('staticpages.edit')) {
        $output = COM_siteHeader('menu', $LANG_STATIC['access_denied']);
        $output .= COM_showMessageText($LANG_STATIC['access_denied_msg'], $LANG_STATIC['access_denied'], true);
        $output .= COM_siteFooter();
        return PLG_RET_AUTH_FAILED;
    }
    if (defined('DEMO_MODE')) {
        $output = COM_siteHeader('menu');
        $output .= COM_showMessageText('Option disabled in Demo Mode', 'Option disabled in Demo Mode', true);
        $output .= COM_siteFooter();
        return PLG_REG_AUTH_FAILED;
    }
    $gl_edit = false;
    if (isset($args['gl_edit'])) {
        $gl_edit = $args['gl_edit'];
    }
    if ($gl_edit) {
        // This is EDIT mode, so there should be an sp_old_id
        if (empty($args['sp_old_id'])) {
            if (!empty($args['id'])) {
                $args['sp_old_id'] = $args['id'];
            } else {
                return PLG_RET_ERROR;
            }
            if (empty($args['sp_id'])) {
                $args['sp_id'] = $args['sp_old_id'];
            }
        }
    } else {
        if (empty($args['sp_id']) && !empty($args['id'])) {
            $args['sp_id'] = $args['id'];
        }
    }
    if (empty($args['sp_uid'])) {
        $args['sp_uid'] = $_USER['uid'];
    }
    if (empty($args['sp_title']) && !empty($args['title'])) {
        $args['sp_title'] = $args['title'];
    }
    if (empty($args['sp_content']) && !empty($args['content'])) {
        $args['sp_content'] = $args['content'];
    }
    if (isset($args['category']) && is_array($args['category']) && !empty($args['category'][0])) {
        $args['sp_tid'] = $args['category'][0];
    }
    if (!isset($args['owner_id'])) {
        $args['owner_id'] = $_USER['uid'];
    }
    if (empty($args['group_id'])) {
        $args['group_id'] = SEC_getFeatureGroup('staticpages.edit', $_USER['uid']);
    }
    $args['sp_id'] = COM_sanitizeID($args['sp_id']);
    if (!$gl_edit) {
        if (strlen($args['sp_id']) > STATICPAGE_MAX_ID_LENGTH) {
            if (function_exists('WS_makeId')) {
                $args['sp_id'] = WS_makeId($slug, STATICPAGE_MAX_ID_LENGTH);
            } else {
                $args['sp_id'] = COM_makeSid();
            }
        }
    }
    // Apply filters to the parameters passed by the webservice
    if ($args['gl_svc']) {
        $par_str = array('mode', 'sp_id', 'sp_old_id', 'sp_tid', 'sp_format', 'postmode');
        $par_num = array('sp_uid', 'sp_hits', 'owner_id', 'group_id', 'sp_where', 'sp_php', 'commentcode', 'sp_search', 'sp_status');
        foreach ($par_str as $str) {
            if (isset($args[$str])) {
                $args[$str] = COM_applyBasicFilter($args[$str]);
            } else {
                $args[$str] = '';
            }
        }
        foreach ($par_num as $num) {
            if (isset($args[$num])) {
                $args[$num] = COM_applyBasicFilter($args[$num], true);
            } else {
                $args[$num] = 0;
            }
        }
    }
    // START: Staticpages defaults
    if ($args['sp_status'] != 1) {
        $args['sp_status'] = 0;
    }
    if (empty($args['sp_format'])) {
        $args['sp_format'] = 'allblocks';
    }
    if (empty($args['sp_tid'])) {
        $args['sp_tid'] = 'all';
    }
    if ($args['sp_where'] < 0 || $args['sp_where'] > 4) {
        $args['sp_where'] = 0;
    }
    if ($args['sp_php'] < 0 || $args['sp_php'] > 2) {
        $args['sp_php'] = 0;
    }
    if ($args['commentcode'] < -1 || $args['commentcode'] > 1) {
        $args['commentcode'] = $_CONF['comment_code'];
    }
    if ($args['sp_search'] != 1) {
        $args['sp_search'] = 0;
    }
    if ($args['gl_svc']) {
        // Permissions
        if (!isset($args['perm_owner'])) {
            $args['perm_owner'] = $_SP_CONF['default_permissions'][0];
        } else {
            $args['perm_owner'] = COM_applyBasicFilter($args['perm_owner'], true);
        }
        if (!isset($args['perm_group'])) {
            $args['perm_group'] = $_SP_CONF['default_permissions'][1];
        } else {
            $args['perm_group'] = COM_applyBasicFilter($args['perm_group'], true);
        }
        if (!isset($args['perm_members'])) {
            $args['perm_members'] = $_SP_CONF['default_permissions'][2];
        } else {
            $args['perm_members'] = COM_applyBasicFilter($args['perm_members'], true);
        }
        if (!isset($args['perm_anon'])) {
            $args['perm_anon'] = $_SP_CONF['default_permissions'][3];
        } else {
            $args['perm_anon'] = COM_applyBasicFilter($args['perm_anon'], true);
        }
        if (!isset($args['sp_onmenu'])) {
            $args['sp_onmenu'] = '';
        } else {
            if ($args['sp_onmenu'] == 'on' && empty($args['sp_label'])) {
                $svc_msg['error_desc'] = 'Menu label missing';
                return PLG_RET_ERROR;
            }
        }
        if (empty($args['sp_content'])) {
            $svc_msg['error_desc'] = 'No content';
            return PLG_RET_ERROR;
        }
        if (empty($args['sp_inblock']) && $_SP_CONF['in_block'] == '1') {
            $args['sp_inblock'] = 'on';
        }
        if (empty($args['sp_centerblock'])) {
            $args['sp_centerblock'] = '';
        }
    }
    // END: Staticpages defaults
    $sp_id = $args['sp_id'];
    $sp_status = $args['sp_status'];
    $sp_uid = $args['sp_uid'];
    $sp_title = $args['sp_title'];
    $sp_content = $args['sp_content'];
    $sp_hits = $args['sp_hits'];
    $sp_format = $args['sp_format'];
    $sp_onmenu = $args['sp_onmenu'];
    $sp_label = '';
    if (!empty($args['sp_label'])) {
        $sp_label = $args['sp_label'];
    }
    $commentcode = $args['commentcode'];
    $owner_id = $args['owner_id'];
    $group_id = $args['group_id'];
    $perm_owner = $args['perm_owner'];
    $perm_group = $args['perm_group'];
    $perm_members = $args['perm_members'];
    $perm_anon = $args['perm_anon'];
    $sp_php = $args['sp_php'];
    $sp_nf = '';
    if (!empty($args['sp_nf'])) {
        $sp_nf = $args['sp_nf'];
    }
    $sp_old_id = $args['sp_old_id'];
    $sp_centerblock = $args['sp_centerblock'];
    $sp_help = '';
    if (!empty($args['sp_help'])) {
        $sp_help = $args['sp_help'];
    }
    $sp_tid = $args['sp_tid'];
    $sp_where = $args['sp_where'];
    $sp_inblock = $args['sp_inblock'];
    $postmode = $args['postmode'];
    $sp_search = $args['sp_search'];
    if ($gl_edit && !empty($args['gl_etag'])) {
        // First load the original staticpage to check if it has been modified
        $o = array();
        $s = array();
        $r = service_get_staticpages(array('sp_id' => $sp_old_id, 'gl_svc' => true), $o, $s);
        if ($r == PLG_RET_OK) {
            if ($args['gl_etag'] != $o['updated']) {
                $svc_msg['error_desc'] = 'A more recent version of the staticpage is available';
                return PLG_RET_PRECONDITION_FAILED;
            }
        } else {
            $svc_msg['error_desc'] = 'The requested staticpage no longer exists';
            return PLG_RET_ERROR;
        }
    }
    // Check for unique page ID
    $duplicate_id = false;
    $delete_old_page = false;
    if (DB_count($_TABLES['staticpage'], 'sp_id', $sp_id) > 0) {
        if ($sp_id != $sp_old_id) {
            $duplicate_id = true;
        }
    } elseif (!empty($sp_old_id)) {
        if ($sp_id != $sp_old_id) {
            $delete_old_page = true;
        }
    }
    if ($duplicate_id) {
        $output .= COM_siteHeader('menu', $LANG_STATIC['staticpageeditor']);
        $output .= COM_errorLog($LANG_STATIC['duplicate_id'], 2);
        if (!$args['gl_svc']) {
            $output .= PAGE_edit($sp_id);
        }
        $output .= COM_siteFooter();
        $svc_msg['error_desc'] = 'Duplicate ID';
        return PLG_RET_ERROR;
    } elseif (!empty($sp_title) && !empty($sp_content)) {
        if (empty($sp_hits)) {
            $sp_hits = 0;
        }
        if ($sp_onmenu == 'on') {
            $sp_onmenu = 1;
        } else {
            $sp_onmenu = 0;
        }
        if ($sp_nf == 'on') {
            $sp_nf = 1;
        } else {
            $sp_nf = 0;
        }
        if ($sp_centerblock == 'on') {
            $sp_centerblock = 1;
        } else {
            $sp_centerblock = 0;
        }
        if ($sp_inblock == 'on') {
            $sp_inblock = 1;
        } else {
            $sp_inblock = 0;
        }
        // Clean up the text
        if ($_SP_CONF['censor'] == 1) {
            $sp_content = COM_checkWords($sp_content);
            $sp_title = COM_checkWords($sp_title);
        }
        if ($_SP_CONF['filter_html'] == 1) {
            $sp_content = COM_checkHTML($sp_content, 'staticpages.edit');
        }
        $sp_title = strip_tags($sp_title);
        $sp_label = strip_tags($sp_label);
        $sp_content = DB_escapeString($sp_content);
        $sp_title = DB_escapeString($sp_title);
        $sp_label = DB_escapeString($sp_label);
        // If user does not have php edit perms, then set php flag to 0.
        if ($_SP_CONF['allow_php'] != 1 || !SEC_hasRights('staticpages.PHP')) {
            $sp_php = 0;
        }
        // make sure there's only one "entire page" static page per topic
        if ($sp_centerblock == 1 && $sp_where == 0) {
            $sql = "UPDATE {$_TABLES['staticpage']} SET sp_centerblock = 0 WHERE sp_centerblock = 1 AND sp_where = 0 AND sp_tid = '" . DB_escapeString($sp_tid) . "'";
            // multi-language configuration - allow one entire page
            // centerblock for all or none per language
            if (!empty($_CONF['languages']) && !empty($_CONF['language_files']) && ($sp_tid == 'all' || $sp_tid == 'none')) {
                $ids = explode('_', $sp_id);
                if (count($ids) > 1) {
                    $lang_id = array_pop($ids);
                    $sql .= " AND sp_id LIKE '%\\_" . DB_escapeString($lang_id) . "'";
                }
            }
            DB_query($sql);
        }
        $formats = array('allblocks', 'blankpage', 'leftblocks', 'rightblocks', 'noblocks');
        if (!in_array($sp_format, $formats)) {
            $sp_format = 'allblocks';
        }
        if (!$args['gl_svc']) {
            list($perm_owner, $perm_group, $perm_members, $perm_anon) = SEC_getPermissionValues($perm_owner, $perm_group, $perm_members, $perm_anon);
        }
        DB_save($_TABLES['staticpage'], 'sp_id,sp_status,sp_uid,sp_title,sp_content,sp_date,sp_hits,sp_format,sp_onmenu,sp_label,commentcode,owner_id,group_id,' . 'perm_owner,perm_group,perm_members,perm_anon,sp_php,sp_nf,sp_centerblock,sp_help,sp_tid,sp_where,sp_inblock,postmode,sp_search', "'{$sp_id}',{$sp_status}, {$sp_uid},'{$sp_title}','{$sp_content}',NOW(),{$sp_hits},'{$sp_format}',{$sp_onmenu},'{$sp_label}','{$commentcode}',{$owner_id},{$group_id}," . "{$perm_owner},{$perm_group},{$perm_members},{$perm_anon},'{$sp_php}','{$sp_nf}',{$sp_centerblock},'{$sp_help}','{$sp_tid}',{$sp_where}," . "'{$sp_inblock}','{$postmode}',{$sp_search}");
        if ($delete_old_page && !empty($sp_old_id)) {
            DB_delete($_TABLES['staticpage'], 'sp_id', $sp_old_id);
            DB_change($_TABLES['comments'], 'sid', DB_escapeString($sp_id), array('sid', 'type'), array(DB_escapeString($sp_old_id), 'staticpages'));
            PLG_itemDeleted($sp_old_id, 'staticpages');
        }
        PLG_itemSaved($sp_id, 'staticpages');
        $url = COM_buildURL($_CONF['site_url'] . '/page.php?page=' . $sp_id);
        $output .= PLG_afterSaveSwitch($_SP_CONF['aftersave'], $url, 'staticpages');
        $svc_msg['id'] = $sp_id;
        return PLG_RET_OK;
    } else {
        $output .= COM_siteHeader('menu', $LANG_STATIC['staticpageeditor']);
        $output .= COM_errorLog($LANG_STATIC['no_title_or_content'], 2);
        if (!$args['gl_svc']) {
            $output .= PAGE_edit($sp_id);
        }
        $output .= COM_siteFooter();
        return PLG_RET_ERROR;
    }
}
Example #28
0
 function INSTALLER_uninstall($A)
 {
     global $_TABLES;
     $reverse = array_reverse($A);
     $plugin = array();
     foreach ($reverse as $step) {
         if ($step['type'] == 'feature') {
             $ft_name = DB_escapeString($step['feature']);
             $ft_id = DB_getItem($_TABLES['features'], 'ft_id', "ft_name = '{$ft_name}'");
             COM_errorLog("AutoInstall: Removing feature {$step['feature']}....");
             DB_query("DELETE FROM {$_TABLES['access']} WHERE acc_ft_id = {$ft_id}", 1);
             DB_query("DELETE FROM {$_TABLES['features']} WHERE ft_id = {$ft_id}", 1);
         } else {
             if ($step['type'] == 'group') {
                 $grp_name = DB_escapeString($step['group']);
                 $grp_id = DB_getItem($_TABLES['groups'], 'grp_id', "grp_name = '{$grp_name}'");
                 COM_errorLog("AutoInstall: Removing group {$step['group']}....");
                 DB_query("DELETE FROM {$_TABLES['access']} WHERE acc_grp_id = {$grp_id}", 1);
                 DB_query("DELETE FROM {$_TABLES['group_assignments']} WHERE ug_main_grp_id = {$grp_id} OR ug_grp_id = {$grp_id}", 1);
                 DB_query("DELETE FROM {$_TABLES['groups']} WHERE grp_id = {$grp_id}", 1);
             } else {
                 if ($step['type'] == 'table') {
                     COM_errorLog("AutoInstall: Dropping table {$step['table']}....");
                     DB_query("DROP TABLE {$step['table']}", 1);
                 } else {
                     if ($step['type'] == 'block') {
                         COM_errorLog("AutoInstall: Removing block {$step['name']}....");
                         DB_query("DELETE FROM {$_TABLES['blocks']} WHERE name = '{$step['name']}'", 1);
                     } else {
                         if ($step['type'] == 'sql') {
                             if (isset($step['rev_log'])) {
                                 COM_errorLog("AutoInstall: " . $step['rev_log']);
                             }
                             if (isset($step['rev'])) {
                                 DB_query($step['rev'], 1);
                             }
                         } else {
                             if (array_key_exists('type', $step)) {
                                 $function = 'INSTALLER_uninstall_' . $step['type'];
                                 if (function_exists($function)) {
                                     $function($step);
                                 }
                             }
                         }
                     }
                 }
             }
         }
     }
     if (array_key_exists('plugin', $A)) {
         $plugin = $A['plugin'];
         COM_errorLog("AutoInstall: Removing plugin {$plugin['name']} from plugins table", 1);
         DB_query("DELETE FROM {$_TABLES['plugins']} WHERE pi_name = '{$plugin['name']}'", 1);
     }
     COM_errorLog("AutoInstall: Uninstall complete");
     return true;
 }
Example #29
0
 /**
  * Performs search on all comments
  *
  * @author Tony Bibbs <tony AT geeklog DOT net>
  *         Sami Barakat <s.m.barakat AT gmail DOT com>
  * @access private
  * @return object plugin object
  *
  */
 function _searchComments()
 {
     global $_CONF, $_TABLES, $_DB_dbms, $LANG09;
     // Make sure the query is SQL safe
     $query = trim(DB_escapeString(htmlspecialchars($this->_query)));
     $sql = "SELECT s.sid AS id, c.title AS title, c.comment AS description, UNIX_TIMESTAMP(c.date) AS date, c.uid AS uid, '0' AS hits, ";
     if ($_CONF['url_rewrite']) {
         $sql .= "CONCAT('/article.php/',s.sid,'#comments') AS url ";
     } else {
         $sql .= "CONCAT('/article.php?story=',s.sid,'#comments') AS url ";
     }
     $sql .= "FROM {$_TABLES['users']} AS u, {$_TABLES['comments']} AS c ";
     $sql .= "LEFT JOIN {$_TABLES['stories']} AS s ON ((s.sid = c.sid) ";
     $sql .= COM_getPermSQL('AND', 0, 2, 's') . COM_getTopicSQL('AND', 0, 's') . COM_getLangSQL('sid', 'AND', 's') . ") ";
     $sql .= "WHERE (u.uid = c.uid) AND (s.draft_flag = 0) AND (s.commentcode >= 0) AND (s.date <= NOW()) ";
     if (!empty($this->_topic)) {
         $sql .= "AND (s.tid = '" . DB_escapeString($this->_topic) . "') ";
     }
     if (!empty($this->_author)) {
         $sql .= "AND (c.uid = " . (int) $this->_author . ") ";
     }
     $search = new SearchCriteria('comments', $LANG09[65] . ' > ' . $LANG09[66]);
     $columns = array('comment', 'c.title');
     $sql .= $search->getDateRangeSQL('AND', 'UNIX_TIMESTAMP(c.date)', $this->_dateStart, $this->_dateEnd);
     list($sql, $ftsql) = $search->buildSearchSQL($this->_keyType, $query, $columns, $sql);
     $search->setSQL($sql);
     $search->setFTSQL($ftsql);
     $search->setRank(2);
     return $search;
 }
Example #30
0
 }
 if ($order == $prevorder) {
     $direction = $direction == "DESC" ? "ASC" : "DESC";
 } else {
     $direction = $direction == "ASC" ? "ASC" : "DESC";
 }
 $returnPostfix = '';
 // need to grab referer
 if ($forum != 0) {
     $returnPostfix = '?forum=' . $forum;
 }
 if ($dCat != 0) {
     $returnPostfix = '?cat=' . $dCat;
 }
 $html_query = strip_tags($_REQUEST['query']);
 $query = DB_escapeString($_REQUEST['query']);
 $report->set_var(array('form_action' => $_CONF['site_url'] . '/forum/index.php?op=search', 'LANG_TITLE' => $LANG_GF02['msg119'] . ' ' . @htmlentities($html_query, ENT_QUOTES, COM_getEncodingt()), 'returnlink' => $_CONF['site_url'] . '/forum/index.php' . $returnPostfix, 'LANG_return' => $LANG_GF02['msg175'], 'LANG_Heading1' => $LANG_GF01['SUBJECT'], 'LANG_Heading2' => $LANG_GF01['REPLIES'], 'LANG_Heading3' => $LANG_GF01['VIEWS'], 'LANG_Heading4' => $LANG_GF01['DATE'], 'op' => "&amp;op=search&amp;query=" . @htmlentities($html_query, ENT_QUOTES, COM_getEncodingt()), 'prevorder' => $order, 'direction' => $direction, 'page' => '1'));
 if ($_FF_CONF['usermenu'] == 'navbar') {
     $report->set_var('navmenu', FF_NavbarMenu());
 } else {
     $report->set_var('navmenu', '');
 }
 if ($forum != 0) {
     $inforum = "AND (forum = " . (int) $forum . ")";
 } else {
     $inforum = "";
 }
 $sql = "SELECT * FROM {$_TABLES['ff_topic']} WHERE (subject LIKE '%{$query}%') {$inforum} OR ";
 $sql .= "(comment LIKE '%{$query}%') {$inforum} GROUP BY {$orderby} ORDER BY {$orderby} {$direction} LIMIT 100";
 $result = DB_query($sql);
 $nrows = DB_numRows($result);