function gf_createHTMLDocument(&$content = '', $subject = '')
{
global $CONF_FORUM;
// Display Common headers
if (!isset($CONF_FORUM['showblocks'])) {
$CONF_FORUM['showblocks'] = 'leftblocks';
}
if (!isset($CONF_FORUM['usermenu'])) {
$CONF_FORUM['usermenu'] = 'blockmenu';
}
$information = array();
$information['pagetitle'] = $subject;
$information['what'] = 'menu';
$information['rightblock'] = false;
if ($CONF_FORUM['showblocks'] == 'noblocks' or $CONF_FORUM['showblocks'] == 'rightblocks') {
$information['what'] = 'none';
} elseif ($CONF_FORUM['showblocks'] == 'leftblocks' or $CONF_FORUM['showblocks'] == 'allblocks') {
if ($CONF_FORUM['usermenu'] == 'blockmenu') {
$CONF_FORUM['add_forum_menu_check'] = 1;
}
}
if ($CONF_FORUM['showblocks'] == 'rightblocks') {
$information['rightblock'] = true;
if ($CONF_FORUM['usermenu'] == 'blockmenu') {
$CONF_FORUM['add_forum_menu_check'] = 1;
}
} elseif ($CONF_FORUM['showblocks'] == 'allblocks') {
$information['rightblock'] = true;
}
return COM_createHTMLDocument($content, $information);
}
function CUSTOM_handle404($alternate_url = '')
{
global $_CONF, $_USER, $LANG_404;
// send 404 in any case
header('HTTP/1.1 404 Not Found');
header('Status: 404 Not Found');
$display .= COM_startBlock($LANG_404[1]);
if (isset($_SERVER['SCRIPT_URI'])) {
$url = strip_tags($_SERVER['SCRIPT_URI']);
} else {
$request = $_SERVER['REQUEST_URI'];
$url = 'http://' . $_SERVER['HTTP_HOST'] . strip_tags($request);
}
// Add log stuff
if (isset($_USER['uid'])) {
$byuser = $_USER['uid'] . '@' . $_SERVER['REMOTE_ADDR'];
} else {
$byuser = '******' . $_SERVER['REMOTE_ADDR'];
}
$refurl = $_SERVER['HTTP_REFERER'];
$remoteaddress = $_SERVER['REMOTE_ADDR'];
$timestamp = @strftime('%c');
$logentry = "404 Error generated by {$byuser} for url: {$url} - Referring url: {$refurl}";
$logfile = $_CONF['path_log'] . '404.log';
if (!($file = fopen($logfile, 'a'))) {
} else {
fputs($file, "{$timestamp} - {$logentry} \n");
}
$display .= CUSTOM_getStaticpage('404');
$display .= sprintf($LANG_404[2], $url);
if ($alternate_url != '') {
$display .= sprintf($LANG_404[4], $alternate_url);
} else {
$display .= $LANG_404[3];
}
$display .= COM_endBlock();
// $display = COM_createHTMLDocument($display, array('pagetitle' => $LANG_404[1]));
$display = COM_createHTMLDocument($display, array('what' => 'none', 'pagetitle' => $LANG_404[1], 'rightblock' => false));
COM_output($display);
exit;
// Do not want to go any further
}
function show($e_code, $pages = 1)
{
global $_CONF;
$errmsg = array("0001" => "Could not connect to the forums database.", "0002" => "The forum you selected does not exist. Please go back and try again.", "0003" => "Password Incorrect.", "0004" => "Could not query the topics database.", "0005" => "Error getting messages from the database.", "0006" => "Please enter the Nickname and the Password.", "0007" => "You are not the Moderator of this forum therefore you can't perform this function.", "0008" => "You did not enter the correct password, please go back and try again.", "0009" => "Could not remove posts from the database.", "0010" => "Could not move selected topic to selected forum. Please go back and try again.", "0011" => "Could not lock the selected topic. Please go back and try again.", "0012" => "Could not unlock the selected topic. Please go back and try again.", "0013" => "Could not query the database. <br" . XHTML . ">Error: " . mysql_error(), "0014" => "No such user or post in the database.", "0015" => "Search Engine was unable to query the forums database.", "0016" => "That user does not exist. Please go back and search again.", "0017" => "You must type a subject to post. You can't post an empty subject. Go back and enter the subject", "0018" => "You must choose message icon to post. Go back and choose message icon.", "0019" => "You must type a message to post. You can't post an empty message. Go back and enter a message.", "0020" => "Could not enter data into the database. Please go back and try again.", "0021" => "Can't delete the selected message.", "0022" => "An error ocurred while querying the database.", "0023" => "Selected message was not found in the forum database.", "0024" => "You can't reply to that message. It wasn't sent to you.", "0025" => "You can't post a reply to this topic, it has been locked. Contact the administrator if you have any question.", "0026" => "The forum or topic you are attempting to post to does not exist. Please try again.", "0027" => "You must enter your username and password. Go back and do so.", "0028" => "You have entered an incorrect password. Go back and try again.", "0029" => "Couldn't update post count.", "0030" => "The forum you are attempting to post to does not exist. Please try again.", "0031" => "Unknown Error", "0035" => "You can't edit a post that's not yours.", "0036" => "You do not have permission to edit this post.", "0037" => "You did not supply the correct password or do not have permission to edit this post. Please go back and try again.", "1001" => "Please enter value for Title.", "1002" => "Please enter value for Phone.", "1003" => "Please enter value for Summary.", "1004" => "Please enter value for Address.", "1005" => "Please enter value for City.", "1006" => "Please enter value for State/Province.", "1007" => "Please enter value for Zipcode.", "1008" => "Please enter value for Description.", "1009" => "Vote for the selected resource only once.<br" . XHTML . ">All votes are logged and reviewed.", "1010" => "You cannot vote on the resource you submitted.<br" . XHTML . ">All votes are logged and reviewed.", "1011" => "No rating selected - no vote tallied.", "1013" => "Please enter a search query.", "1016" => "Please enter value for Filename.", "1017" => "The file was not uploaded - reported filesize of 0 bytes.", "1101" => "Upload approval Error: The temporary file was not found. Check error.log", "1102" => "Upload submit Error: The temporary filestore file was not created. Check error.log", "1103" => "The download info you provided is already in the database!", "1104" => "The download info was not complete - Need to enter a title for the new file", "1105" => "The download info was not complete - Need to enter a description for the new file", "1106" => "Upload Add Error: The new file was not created. Check error.log", "1107" => "Upload Add Error: The temporary file was not found. Check error.log", "1108" => "Duplicate file - already existing in filestore", "9999" => "OOPS! God Knows");
$errorno = array_keys($errmsg);
if (!in_array($e_code, $errorno)) {
$e_code = '9999';
}
include_once $_CONF[path_html] . "filemgmt/include/header.php";
$display = '';
$display .= '<table class="plugin" border="0" cellspacing="0" cellpadding="1" style="width:100%;">';
$display .= '<tr><td class="pluginAlert" style="text-align:right; padding:5px;">File Management Plugin</td>';
$display .= '<td class="pluginAlert" style="width:50%; padding:5px 0px 5px 10px;">Error Code: ' . $e_code . '</td></tr>';
$display .= '<tr><td colspan="2" class="pluginInfo"><b>ERROR:</b> ' . $errmsg[$e_code] . '</td></tr>';
$display .= '<tr><td colspan="2" class="pluginInfo" style="text-align:center;padding:10px;">';
$display .= '[ <a href="javascript:history.go(-' . $pages . ')">Go Back</a> ]</td></tr></table>';
if (function_exists('COM_createHTMLDocument')) {
$display = COM_createHTMLDocument($display);
} else {
$display = COM_siteHeader() . $display . COM_siteFooter();
}
COM_output($display);
die("");
}
/**
* Upload new topic icon, replaces previous icon if one exists
*
* @param string $tid ID of topic to prepend to filename
* @return string filename of new photo (empty = no new photo)
*/
function handleIconUpload($tid)
{
global $_CONF, $_TABLES, $LANG27;
$upload = new Upload();
if (!empty($_CONF['image_lib'])) {
if ($_CONF['image_lib'] == 'imagemagick') {
// Using imagemagick
$upload->setMogrifyPath($_CONF['path_to_mogrify']);
} elseif ($_CONF['image_lib'] == 'netpbm') {
// using netPBM
$upload->setNetPBM($_CONF['path_to_netpbm']);
} elseif ($_CONF['image_lib'] == 'gdlib') {
// using the GD library
$upload->setGDLib();
}
$upload->setAutomaticResize(true);
if (isset($_CONF['debug_image_upload']) && $_CONF['debug_image_upload']) {
$upload->setLogFile($_CONF['path'] . 'logs/error.log');
$upload->setDebug(true);
}
if (isset($_CONF['jpeg_quality'])) {
$upload->setJpegQuality($_CONF['jpeg_quality']);
}
}
$upload->setAllowedMimeTypes(array('image/gif' => '.gif', 'image/jpeg' => '.jpg,.jpeg', 'image/pjpeg' => '.jpg,.jpeg', 'image/x-png' => '.png', 'image/png' => '.png'));
if (!$upload->setPath($_CONF['path_images'] . 'topics')) {
$display = COM_showMessageText($upload->printErrors(false), $LANG27[29]);
$display = COM_createHTMLDocument($display, array('pagetitle' => $LANG27[29]));
COM_output($display);
exit;
// don't return
}
$filename = '';
// see if user wants to upload a (new) icon
$newIcon = $_FILES['newicon'];
if (!empty($newIcon['name'])) {
$pos = strrpos($newIcon['name'], '.') + 1;
$fExtension = substr($newIcon['name'], $pos);
$filename = 'topic_' . $tid . '.' . $fExtension;
}
// do the upload
if (!empty($filename)) {
$upload->setFileNames($filename);
$upload->setPerms('0644');
if ($_CONF['max_topicicon_width'] > 0 && $_CONF['max_topicicon_height'] > 0) {
$upload->setMaxDimensions($_CONF['max_topicicon_width'], $_CONF['max_topicicon_height']);
} else {
$upload->setMaxDimensions($_CONF['max_image_width'], $_CONF['max_image_height']);
}
if ($_CONF['max_topicicon_size'] > 0) {
$upload->setMaxFileSize($_CONF['max_topicicon_size']);
} else {
$upload->setMaxFileSize($_CONF['max_image_size']);
}
$upload->uploadFiles();
if ($upload->areErrors()) {
$display = COM_showMessageText($upload->printErrors(false), $LANG27[29]);
$display = COM_createHTMLDocument($display, array('pagetitle' => $LANG27[29]));
COM_output($display);
exit;
// don't return
}
if (strpos($_CONF['path_images'], $_CONF['path_html']) === 0) {
$filename = substr($_CONF['path_images'], strlen($_CONF['path_html']) - 1) . 'topics/' . $filename;
} else {
/**
* Not really used when the 'path_images' is outside of the webroot.
* Let's at least extract the name of the images directory then.
*/
$images = 'images';
$parts = explode('/', $_CONF['path_images']);
if (count($parts) > 1) {
$cnt = count($parts);
// e.g. from /path/to/myimages/ would extract "myimages"
if (empty($parts[$cnt - 1]) && !empty($parts[$cnt - 2])) {
$images = $parts[$cnt - 2];
}
$filename = '/' . $images . '/topics/' . $filename;
}
}
}
return $filename;
}
*/
require_once '../lib-common.php';
/**
* Security check to ensure user even belongs on this page
*/
require_once 'auth.inc.php';
// MAIN
if (isset($_GET['mode']) && $_GET['mode'] == 'logout') {
print COM_refresh($_CONF['site_url'] . '/users.php?mode=logout');
}
/**
* Display a reminder to execute the security check script
*
* @return string HTML for security reminder (or empty string)
*/
function security_check_reminder()
{
global $_CONF, $_TABLES, $_IMAGE_TYPE, $MESSAGE;
$retval = '';
if (!SEC_inGroup('Root')) {
return $retval;
}
$done = DB_getItem($_TABLES['vars'], 'value', "name = 'security_check'");
if ($done != 1) {
$retval .= COM_showMessage(92);
}
return $retval;
}
$display = COM_showMessageFromParameter() . security_check_reminder() . COM_commandControl();
$display = COM_createHTMLDocument($display, array('pagetitle' => $LANG29[34]));
COM_output($display);
/**
* Save a route into database
*
* @param int $rid
* @param int $method
* @param string $rule
* @param string $route
* @param int $priority
* @return string
*/
function saveRoute($rid, $method, $rule, $route, $priority)
{
global $_CONF, $_TABLES, $MESSAGE, $LANG_ROUTER;
$messageText = '';
$rid = intval($rid, 10);
$method = intval($method, 10);
$rule = trim($rule);
$route = trim($route);
$priority = intval($priority, 10);
if ($method < Router::HTTP_REQUEST_GET || $method > Router::HTTP_REQUEST_HEAD) {
$messageText = $LANG_ROUTER[12];
} elseif ($rule === '') {
$messageText = $LANG_ROUTER[13];
} elseif ($route === '') {
$messageText = $LANG_ROUTER[14];
} elseif (substr_count($rule, '@') !== substr_count($route, '@')) {
$messageText = $LANG_ROUTER[15];
}
// If a rule doesn't begin with a slash, then add one silently
if (strpos($rule, '/') !== 0) {
$rule = '/' . $rule;
}
// If a rule starts with "/index.php", then remove it silently
if (stripos($rule, '/index.php') === 0) {
$rule = preg_replace('|^/index\\.php|i', '', $rule);
}
// If a route doesn't begin with a slash, then add one silently
if (strpos($route, '/') !== 0) {
$route = '/' . $route;
}
// If a route starts with "/index.php/", then make it an error to prevent the script
// from going an infinite loop
if (stripos($route, '/index.php/') === 0) {
$messageText = $LANG_ROUTER[16];
}
// Replace & with &
$rule = str_ireplace('&', '&', $rule);
$route = str_ireplace('&', '&', $route);
// Check if placeholders are the same
$numPlaceHoldersInRule = preg_match_all(Router::PLACEHOLDER_MATCH, $rule, $matchesRule, PREG_SET_ORDER);
$numPlaceHoldersInRoute = preg_match_all(Router::PLACEHOLDER_MATCH, $route, $matchesRoute, PREG_SET_ORDER);
if ($numPlaceHoldersInRule === $numPlaceHoldersInRoute) {
if ($numPlaceHoldersInRule > 0) {
array_shift($matchesRule);
array_shift($matchesRoute);
foreach ($matchesRule as $r) {
if (!in_array($r, $matchesRoute)) {
$messageText = $LANG_ROUTER[15];
break;
}
}
}
} else {
$messageText = $LANG_ROUTER[15];
}
// If priority is out of range, then fix it silently
if ($priority < 1 || $priority > 65535) {
$priority = Router::DEFAULT_PRIORITY;
}
if ($messageText !== '') {
$content = COM_showMessageText($messageText, $MESSAGE[122]) . getRouteEditor($rid);
$retval = COM_createHTMLDocument($content, array('pagetitle' => $MESSAGE[122]));
return $retval;
}
// Save data into database
$rid = DB_escapeString($rid);
$method = DB_escapeString($method);
$rule = DB_escapeString($rule);
$route = DB_escapeString($route);
$priority = DB_escapeString($priority);
$count = intval(DB_count($_TABLES['routes'], 'rid', $rid), 10);
if ($count === 0) {
$sql = "INSERT INTO {$_TABLES['routes']} (rid, method, rule, route, priority) " . "VALUES (NULL, {$method}, '{$rule}', '{$route}', {$priority})";
} else {
$sql = "UPDATE {$_TABLES['routes']} " . "SET method = {$method}, rule = '{$rule}', route = '{$route}', priority = {$priority} " . "WHERE rid = {$rid} ";
}
for ($i = 0; $i < 5; $i++) {
DB_query($sql);
if (!DB_error()) {
reorderRoutes();
return COM_refresh($_CONF['site_admin_url'] . '/router.php?msg=121');
}
// Retry
}
$content = COM_showMessageText($LANG_ROUTER[17], DB_error()) . getRouteEditor($rid);
$retval = COM_createHTMLDocument($content, array('pagetitle' => $MESSAGE[122]));
return $retval;
}
}
closedir($dir);
}
$header_arr = array(array('text' => $LANG_SX00['plugin'], 'field' => 'title'), array('text' => $LANG33[30], 'field' => 'regdate'), array('text' => $LANG_SX00['action'], 'field' => 'edit'));
$data_arr = array();
foreach ($files as $file) {
require_once $_CONF['path'] . 'plugins/spamx/' . $file . '.Admin.class.php';
$CM = new $file();
$action = 'Edit';
$link = $CM->linkText;
$regdate = '-';
if (strpos($link, 'Edit ') !== false) {
$link = substr($link, 5);
$regdate = DB_getItem($_TABLES['spamx'], 'regdate', "name = '{$CM->moduleName}' ORDER BY regdate DESC ");
} else {
$action = 'View';
}
$data_arr[] = array('title' => $link, 'regdate' => $regdate, 'edit' => COM_createLink($LANG_SX00[strtolower($action)], $_CONF['site_admin_url'] . '/plugins/spamx/index.php?command=' . $file));
}
$data_arr[] = array('title' => $LANG_SX00['documentation'], 'regdate' => '-', 'edit' => COM_createLink($LANG_SX00['view'], plugin_getdocumentationurl_spamx('index')));
$display .= ADMIN_simpleList(null, $header_arr, null, $data_arr);
if (isset($_REQUEST['command'])) {
$cmd = COM_applyFilter($_REQUEST['command']);
if (!empty($cmd) && in_array($cmd, $files)) {
$CM = new $cmd();
$display .= $CM->display();
}
}
$display .= COM_endBlock(COM_getBlockTemplate('_admin_block', 'footer'));
$display = COM_createHTMLDocument($display, array('pagetitle' => $LANG_SX00['plugin_name']));
COM_output($display);
if (SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']) == 3 && SEC_hasRights('calendarjp.edit')) {
$editurl = $_CONF['site_admin_url'] . '/plugins/calendarjp/index.php?mode=edit&eid=' . $A['eid'];
$cal_templates->set_var('event_edit', COM_createLink($LANG01[4], $editurl));
$img = '<img src="' . $_CONF['layout_url'] . '/images/edit.' . $_IMAGE_TYPE . '" alt="' . $LANG01[4] . '" title="' . $LANG01[4] . '"' . XHTML . '>';
$cal_templates->set_var('edit_icon', COM_createLink($img, $editurl));
$cal_templates->set_var('hits_admin', COM_numberFormat($A['hits']));
$cal_templates->set_var('lang_hits_admin', $LANG10[30]);
} else {
$cal_templates->set_var('event_edit', '');
$cal_templates->set_var('edit_icon', '');
}
}
if ($mode == 'personal') {
// personal events don't have a hits counter
$cal_templates->set_var('lang_hits', '');
$cal_templates->set_var('hits', '');
} else {
$cal_templates->set_var('lang_hits', $LANG10[30]);
$cal_templates->set_var('hits', COM_numberFormat($A['hits']));
}
$cal_templates->parse('event_details', 'details', true);
}
}
$cal_templates->parse('output', 'events');
$display .= $cal_templates->finish($cal_templates->get_var('output'));
}
$display .= COM_endBlock();
$display = COM_createHTMLDocument($display, array('pagetitle' => $pagetitle));
}
// end switch
COM_output($display);
/**
* Submit a new or updated story. The story is updated if it exists, or a new one is created
*
* @param array args Contains all the data provided by the client
* @param string &output OUTPUT parameter containing the returned text
* @return int Response code as defined in lib-plugins.php
*/
function service_submit_story($args, &$output, &$svc_msg)
{
global $_CONF, $_TABLES, $_USER, $LANG24, $MESSAGE, $_GROUPS;
if (!SEC_hasRights('story.edit')) {
$output .= COM_showMessageText($MESSAGE[29], $MESSAGE[30]);
$output = COM_createHTMLDocument($output, array('pagetitle' => $MESSAGE[30]));
return PLG_RET_AUTH_FAILED;
}
require_once $_CONF['path_system'] . 'lib-comment.php';
if (!$_CONF['disable_webservices']) {
require_once $_CONF['path_system'] . 'lib-webservices.php';
}
$gl_edit = false;
if (isset($args['gl_edit'])) {
$gl_edit = $args['gl_edit'];
}
if ($gl_edit) {
/* This is EDIT mode, so there should be an old sid */
if (empty($args['old_sid'])) {
if (!empty($args['id'])) {
$args['old_sid'] = $args['id'];
} else {
return PLG_RET_ERROR;
}
if (empty($args['sid'])) {
$args['sid'] = $args['old_sid'];
}
}
} else {
if (empty($args['sid']) && !empty($args['id'])) {
$args['sid'] = $args['id'];
}
}
// Store the first CATEGORY as the Topic ID
if (!empty($args['category'][0])) {
$args['tid'] = $args['category'][0];
}
$content = '';
if (!empty($args['content'])) {
$content = $args['content'];
} else {
if (!empty($args['summary'])) {
$content = $args['summary'];
}
}
if (!empty($content)) {
$parts = explode('[page_break]', $content);
if (count($parts) == 1) {
$args['introtext'] = $content;
$args['bodytext'] = '';
} else {
$args['introtext'] = array_shift($parts);
$args['bodytext'] = implode('[page_break]', $parts);
}
}
// Apply filters to the parameters passed by the webservice
if ($args['gl_svc']) {
if (isset($args['mode'])) {
$args['mode'] = COM_applyBasicFilter($args['mode']);
}
if (isset($args['editopt'])) {
$args['editopt'] = COM_applyBasicFilter($args['editopt']);
}
}
// - START: Set all the defaults -
/*
if (empty($args['tid'])) {
// see if we have a default topic
$topic = DB_getItem($_TABLES['topics'], 'tid',
'is_default = 1' . COM_getPermSQL('AND'));
if (!empty($topic)) {
$args['tid'] = $topic;
} else {
// otherwise, just use the first one
$o = array();
$s = array();
if (service_getTopicList_story(array('gl_svc' => true), $o, $s) == PLG_RET_OK) {
$args['tid'] = $o[0];
} else {
$svc_msg['error_desc'] = 'No topics available';
return PLG_RET_ERROR;
}
}
} */
/* This is a solution for above but the above has issues
if (!TOPIC_checkTopicSelectionControl()) {
$svc_msg['error_desc'] = 'No topics selected or available';
return PLG_RET_ERROR;
}
*/
if (empty($args['owner_id'])) {
$args['owner_id'] = $_USER['uid'];
}
if (empty($args['group_id'])) {
$args['group_id'] = SEC_getFeatureGroup('story.edit', $_USER['uid']);
}
if (empty($args['postmode'])) {
$args['postmode'] = $_CONF['postmode'];
if (!empty($args['content_type'])) {
if ($args['content_type'] == 'text') {
$args['postmode'] = 'text';
} else {
if ($args['content_type'] == 'html' || $args['content_type'] == 'xhtml') {
$args['postmode'] = 'html';
}
}
}
}
if ($args['gl_svc']) {
// Permissions
if (!isset($args['perm_owner'])) {
$args['perm_owner'] = $_CONF['default_permissions_story'][0];
} else {
$args['perm_owner'] = COM_applyBasicFilter($args['perm_owner'], true);
}
if (!isset($args['perm_group'])) {
$args['perm_group'] = $_CONF['default_permissions_story'][1];
} else {
$args['perm_group'] = COM_applyBasicFilter($args['perm_group'], true);
}
if (!isset($args['perm_members'])) {
$args['perm_members'] = $_CONF['default_permissions_story'][2];
} else {
$args['perm_members'] = COM_applyBasicFilter($args['perm_members'], true);
}
if (!isset($args['perm_anon'])) {
$args['perm_anon'] = $_CONF['default_permissions_story'][3];
} else {
$args['perm_anon'] = COM_applyBasicFilter($args['perm_anon'], true);
}
if (!isset($args['draft_flag'])) {
$args['draft_flag'] = $_CONF['draft_flag'];
}
if (empty($args['frontpage'])) {
$args['frontpage'] = $_CONF['frontpage'];
}
if (empty($args['show_topic_icon'])) {
$args['show_topic_icon'] = $_CONF['show_topic_icon'];
}
}
// - END: Set all the defaults -
// TEST CODE
/* foreach ($args as $k => $v) {
if (!is_array($v)) {
echo "$k => $v\r\n";
} else {
echo "$k => $v\r\n";
foreach ($v as $k1 => $v1) {
echo " $k1 => $v1\r\n";
}
}
}*/
// exit ();
// END TEST CODE
if (!isset($args['sid'])) {
$args['sid'] = '';
}
$args['sid'] = COM_sanitizeID($args['sid']);
if (!$gl_edit) {
if (strlen($args['sid']) > STORY_MAX_ID_LENGTH) {
$slug = '';
if (isset($args['slug'])) {
$slug = $args['slug'];
}
if (function_exists('WS_makeId')) {
$args['sid'] = WS_makeId($slug, STORY_MAX_ID_LENGTH);
} else {
$args['sid'] = COM_makeSid();
}
}
}
$story = new Story();
$gl_edit = false;
if (isset($args['gl_edit'])) {
$gl_edit = $args['gl_edit'];
}
if ($gl_edit && !empty($args['gl_etag'])) {
// First load the original story to check if it has been modified
$result = $story->loadFromDatabase($args['sid']);
if ($result == STORY_LOADED_OK) {
if ($args['gl_etag'] != date('c', $story->_date)) {
$svc_msg['error_desc'] = 'A more recent version of the story is available';
return PLG_RET_PRECONDITION_FAILED;
}
} else {
$svc_msg['error_desc'] = 'Error loading story';
return PLG_RET_ERROR;
}
}
// This function is also doing the security checks
$result = $story->loadFromArgsArray($args);
$sid = $story->getSid();
// Check if topics selected if not prompt required field
if ($result == STORY_LOADED_OK) {
if (!TOPIC_checkTopicSelectionControl()) {
$result = STORY_EMPTY_REQUIRED_FIELDS;
}
}
switch ($result) {
case STORY_DUPLICATE_SID:
$output .= COM_errorLog($LANG24[24], 2);
if (!$args['gl_svc']) {
$output .= storyeditor($sid);
}
$output = COM_createHTMLDocument($output, array('pagetitle' => $LANG24[5]));
return PLG_RET_ERROR;
break;
case STORY_EXISTING_NO_EDIT_PERMISSION:
$output .= COM_showMessageText($MESSAGE[29], $MESSAGE[30]);
$output = COM_createHTMLDocument($output, array('pagetitle' => $MESSAGE[30]));
COM_accessLog("User {$_USER['username']} tried to illegally submit or edit story {$sid}.");
return PLG_RET_PERMISSION_DENIED;
break;
case STORY_NO_ACCESS_PARAMS:
$output .= COM_showMessageText($MESSAGE[29], $MESSAGE[30]);
$output = COM_createHTMLDocument($output, array('pagetitle' => $MESSAGE[30]));
COM_accessLog("User {$_USER['username']} tried to illegally submit or edit story {$sid}.");
return PLG_RET_PERMISSION_DENIED;
break;
case STORY_EMPTY_REQUIRED_FIELDS:
$output .= COM_errorLog($LANG24[31], 2);
if (!$args['gl_svc']) {
$output .= storyeditor($sid);
}
$output = COM_createHTMLDocument($output);
return PLG_RET_ERROR;
break;
default:
break;
}
/* Image upload is not supported by the web-service at present */
if (!$args['gl_svc']) {
// Delete any images if needed
if (array_key_exists('delete', $args)) {
$delete = count($args['delete']);
for ($i = 1; $i <= $delete; $i++) {
$ai_filename = DB_getItem($_TABLES['article_images'], 'ai_filename', "ai_sid = '{$sid}' AND ai_img_num = " . key($args['delete']));
STORY_deleteImage($ai_filename);
DB_query("DELETE FROM {$_TABLES['article_images']} WHERE ai_sid = '{$sid}' AND ai_img_num = " . key($args['delete']));
next($args['delete']);
}
}
// OK, let's upload any pictures with the article
if (DB_count($_TABLES['article_images'], 'ai_sid', $sid) > 0) {
$index_start = DB_getItem($_TABLES['article_images'], 'max(ai_img_num)', "ai_sid = '{$sid}'") + 1;
} else {
$index_start = 1;
}
if (count($_FILES) > 0 && $_CONF['maximagesperarticle'] > 0) {
require_once $_CONF['path_system'] . 'classes/upload.class.php';
$upload = new Upload();
if (isset($_CONF['debug_image_upload']) && $_CONF['debug_image_upload']) {
$upload->setLogFile($_CONF['path'] . 'logs/error.log');
$upload->setDebug(true);
}
$upload->setMaxFileUploads($_CONF['maximagesperarticle']);
if (!empty($_CONF['image_lib'])) {
if ($_CONF['image_lib'] == 'imagemagick') {
// Using imagemagick
$upload->setMogrifyPath($_CONF['path_to_mogrify']);
} elseif ($_CONF['image_lib'] == 'netpbm') {
// using netPBM
$upload->setNetPBM($_CONF['path_to_netpbm']);
} elseif ($_CONF['image_lib'] == 'gdlib') {
// using the GD library
$upload->setGDLib();
}
$upload->setAutomaticResize(true);
if ($_CONF['keep_unscaled_image'] == 1) {
$upload->keepOriginalImage(true);
} else {
$upload->keepOriginalImage(false);
}
if (isset($_CONF['jpeg_quality'])) {
$upload->setJpegQuality($_CONF['jpeg_quality']);
}
}
$upload->setAllowedMimeTypes(array('image/gif' => '.gif', 'image/jpeg' => '.jpg,.jpeg', 'image/pjpeg' => '.jpg,.jpeg', 'image/x-png' => '.png', 'image/png' => '.png'));
if (!$upload->setPath($_CONF['path_images'] . 'articles')) {
$output = COM_showMessageText($upload->printErrors(false), $LANG24[30]);
$output = COM_createHTMLDocument($output, array('pagetitle' => $LANG24[30]));
echo $output;
exit;
}
// NOTE: if $_CONF['path_to_mogrify'] is set, the call below will
// force any images bigger than the passed dimensions to be resized.
// If mogrify is not set, any images larger than these dimensions
// will get validation errors
$upload->setMaxDimensions($_CONF['max_image_width'], $_CONF['max_image_height']);
$upload->setMaxFileSize($_CONF['max_image_size']);
// size in bytes, 1048576 = 1MB
// Set file permissions on file after it gets uploaded (number is in octal)
$upload->setPerms('0644');
$filenames = array();
$end_index = $index_start + $upload->numFiles() - 1;
for ($z = $index_start; $z <= $end_index; $z++) {
$curfile = current($_FILES);
if (!empty($curfile['name'])) {
$pos = strrpos($curfile['name'], '.') + 1;
$fextension = substr($curfile['name'], $pos);
$filenames[] = $sid . '_' . $z . '.' . $fextension;
}
next($_FILES);
}
$upload->setFileNames($filenames);
reset($_FILES);
$upload->uploadFiles();
if ($upload->areErrors()) {
$retval = COM_showMessageText($upload->printErrors(false), $LANG24[30]);
$output = COM_createHTMLDocument($output, array('pagetitle' => $LANG24[30]));
echo $retval;
exit;
}
reset($filenames);
for ($z = $index_start; $z <= $end_index; $z++) {
DB_query("INSERT INTO {$_TABLES['article_images']} (ai_sid, ai_img_num, ai_filename) VALUES ('{$sid}', {$z}, '" . current($filenames) . "')");
next($filenames);
}
}
if ($_CONF['maximagesperarticle'] > 0) {
$errors = $story->checkAttachedImages();
if (count($errors) > 0) {
$output .= COM_startBlock($LANG24[54], '', COM_getBlockTemplate('_msg_block', 'header'));
$output .= $LANG24[55] . LB . '<ul>' . LB;
foreach ($errors as $err) {
$output .= '<li>' . $err . '</li>' . LB;
}
$output .= '</ul>' . LB;
$output .= COM_endBlock(COM_getBlockTemplate('_msg_block', 'footer'));
$output .= storyeditor($sid);
$output = COM_createHTMLDocument($output, array('pagetitle' => $LANG24[54]));
echo $output;
exit;
}
}
}
$result = $story->saveToDatabase();
if ($result == STORY_SAVED) {
// see if any plugins want to act on that story
if (!empty($args['old_sid']) && $args['old_sid'] != $sid) {
PLG_itemSaved($sid, 'article', $args['old_sid']);
} else {
PLG_itemSaved($sid, 'article');
}
// update feed(s)
COM_rdfUpToDateCheck('article', $story->DisplayElements('tid'), $sid);
COM_rdfUpToDateCheck('comment');
STORY_updateLastArticlePublished();
CMT_updateCommentcodes();
if ($story->type == 'submission') {
$output = COM_refresh($_CONF['site_admin_url'] . '/moderation.php?msg=9');
} else {
$output = PLG_afterSaveSwitch($_CONF['aftersave_story'], COM_buildURL("{$_CONF['site_url']}/article.php?story={$sid}"), 'story', 9);
}
/* @TODO Set the object id here */
$svc_msg['id'] = $sid;
return PLG_RET_OK;
}
}
/**
* Saves a block
*
* @param string $bid Block ID
* @param string $title Block title
* @param string $type Type of block
* @param int $blockorder Order block appears relative to the others
* @param string $content Content of block
* @param string $tid Ids of topics block is assigned to
* @param string $rdfurl URL to headline feed for portal blocks
* @param string $rdfupdated Date RSS/RDF feed was last updated
* @param string $rdflimit max. number of entries to import from feed
* @param string $phpblockfn Name of php function to call to get content
* @param int $onleft Flag indicates if block shows up on left or right
* @param int $owner_id ID of owner
* @param int $group_id ID of group block belongs to
* @param array $perm_owner Permissions the owner has on the object
* @param array $perm_group Permissions the group has on the object
* @param array $perm_members Permissions the logged in members have
* @param array $perm_anon Permissinos anonymous users have
* @param int $is_enabled Flag, indicates if block is enabled or not
* @return string HTML redirect or error message
*
*/
function saveblock($bid, $name, $title, $help, $type, $blockorder, $content, $rdfurl, $rdfupdated, $rdflimit, $phpblockfn, $onleft, $owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon, $is_enabled, $allow_autotags, $cache_time)
{
global $_CONF, $_TABLES, $LANG01, $LANG21, $MESSAGE, $_USER;
$retval = '';
$title = DB_escapeString(COM_stripslashes(strip_tags($title)));
$phpblockfn = DB_escapeString(COM_stripslashes(trim($phpblockfn)));
if (empty($title) || !TOPIC_checkTopicSelectionControl()) {
$retval .= COM_showMessageText($LANG21[64], $LANG21[63]) . editblock($bid);
$retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG21[63]));
return $retval;
}
// Convert array values to numeric permission values
list($perm_owner, $perm_group, $perm_members, $perm_anon) = SEC_getPermissionValues($perm_owner, $perm_group, $perm_members, $perm_anon);
$access = 0;
if ($bid > 0 && DB_count($_TABLES['blocks'], 'bid', $bid) > 0) {
$result = DB_query("SELECT owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon FROM {$_TABLES['blocks']} WHERE bid = '{$bid}'");
$A = DB_fetchArray($result);
$access = SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']);
} else {
$access = SEC_hasAccess($owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon);
}
if ($access < 3 || !TOPIC_hasMultiTopicAccess('topic') || !SEC_inGroup($group_id)) {
$retval .= COM_showMessageText($MESSAGE[29], $MESSAGE[30]);
$retval = COM_createHTMLDocument($retval, array('pagetitle' => $MESSAGE[30]));
COM_accessLog("User {$_USER['username']} tried to illegally create or edit block {$bid}.");
return $retval;
} elseif (!empty($name) and ($type == 'normal' && !empty($title) && !empty($content) or $type == 'portal' && !empty($title) && !empty($rdfurl) or $type == 'phpblock' && !empty($phpblockfn) && !empty($title) or $type == 'gldefault' && strlen($blockorder) > 0)) {
if ($is_enabled == 'on') {
$is_enabled = 1;
} else {
$is_enabled = 0;
}
if ($allow_autotags == 'on') {
$allow_autotags = 1;
} else {
$allow_autotags = 0;
}
if ($cache_time < -1 or $cache_time == "") {
$cache_time = $_CONF['default_cache_time_block'];
}
if ($type == 'portal') {
$content = '';
$rdfupdated = '';
$phpblockfn = '';
// get rid of possible extra prefixes (e.g. "feed://http://...")
if (substr($rdfurl, 0, 4) == 'rss:') {
$rdfurl = substr($rdfurl, 4);
} elseif (substr($rdfurl, 0, 5) == 'feed:') {
$rdfurl = substr($rdfurl, 5);
}
if (substr($rdfurl, 0, 2) == '//') {
$rdfurl = substr($rdfurl, 2);
}
$rdfurl = COM_sanitizeUrl($rdfurl, array('http', 'https'));
}
if ($type == 'gldefault') {
$content = '';
$rdfurl = '';
$rdfupdated = '';
$rdflimit = 0;
$phpblockfn = '';
}
if ($type == 'phpblock') {
// NOTE: PHP Blocks must be within a function and the function
// must start with phpblock_ as the prefix. This will prevent
// the arbitrary execution of code
if (!stristr($phpblockfn, 'phpblock_')) {
$retval .= COM_showMessageText($LANG21[38], $LANG21[37]) . editblock($bid);
$retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG21[37]));
return $retval;
}
$content = '';
$rdfurl = '';
$rdfupdated = '';
$rdflimit = 0;
}
if ($type == 'normal') {
$rdfurl = '';
$rdfupdated = '';
$rdflimit = 0;
$phpblockfn = '';
if ($allow_autotags == 1) {
// Remove any autotags the user doesn't have permission to use
$content = PLG_replaceTags($content, '', true);
}
$content = DB_escapeString($content);
}
if ($rdflimit < 0) {
$rdflimit = 0;
}
if (!empty($rdfurl)) {
$rdfurl = DB_escapeString($rdfurl);
}
if (empty($rdfupdated)) {
$rdfupdated = '0000-00-00 00:00:00';
}
if ($bid > 0) {
DB_save($_TABLES['blocks'], 'bid,name,title,help,type,blockorder,content,rdfurl,rdfupdated,rdflimit,phpblockfn,onleft,owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon,is_enabled,allow_autotags,cache_time,rdf_last_modified,rdf_etag', "{$bid},'{$name}','{$title}','{$help}','{$type}','{$blockorder}','{$content}','{$rdfurl}','{$rdfupdated}','{$rdflimit}','{$phpblockfn}',{$onleft},{$owner_id},{$group_id},{$perm_owner},{$perm_group},{$perm_members},{$perm_anon},{$is_enabled},{$allow_autotags},{$cache_time},NULL,NULL");
} else {
$sql = array();
$sql['mysql'] = $sql['mssql'] = "INSERT INTO {$_TABLES['blocks']} " . '(name,title,help,type,blockorder,content,rdfurl,rdfupdated,rdflimit,phpblockfn,onleft,owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon,is_enabled,allow_autotags,cache_time) ' . "VALUES ('{$name}','{$title}','{$help}','{$type}','{$blockorder}','{$content}','{$rdfurl}','{$rdfupdated}','{$rdflimit}','{$phpblockfn}',{$onleft},{$owner_id},{$group_id},{$perm_owner},{$perm_group},{$perm_members},{$perm_anon},{$is_enabled},{$allow_autotags},{$cache_time})";
$sql['pgsql'] = "INSERT INTO {$_TABLES['blocks']} " . '(bid,name,title,help,type,blockorder,content,rdfurl,rdfupdated,rdflimit,phpblockfn,onleft,owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon,is_enabled,allow_autotags,cache_time) ' . "VALUES ((SELECT NEXTVAL('{$_TABLES['blocks']}_bid_seq')),'{$name}','{$title}','{$help}','{$type}','{$blockorder}','{$content}','{$rdfurl}','1970-01-01','{$rdflimit}','{$phpblockfn}',{$onleft},{$owner_id},{$group_id},{$perm_owner},{$perm_group},{$perm_members},{$perm_anon},{$is_enabled},{$allow_autotags},{$cache_time})";
DB_query($sql);
$bid = DB_insertId();
}
TOPIC_saveTopicSelectionControl('block', $bid);
$cacheInstance = 'block__' . $bid . '__';
// remove any of this blocks instances if exists
CACHE_remove_instance($cacheInstance);
return COM_refresh($_CONF['site_admin_url'] . '/block.php?msg=11');
} else {
if (empty($name)) {
// empty block name
$msgtxt = $LANG21[50];
} elseif ($type == 'portal') {
// Portal block is missing fields
$msgtxt = $LANG21[33];
} elseif ($type == 'phpblock') {
// PHP Block is missing field
$msgtxt = $LANG21[34];
} elseif ($type == 'normal') {
// Normal block is missing field
$msgtxt = $LANG21[35];
} elseif ($type == 'gldefault') {
// Default geeklog field missing
$msgtxt = $LANG21[42];
} else {
// Layout block missing content
$msgtxt = $LANG21[36];
}
$retval .= COM_showMessageText($msgtxt, $LANG21[32]) . editblock($bid);
$retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG21[32]));
}
return $retval;
}
$lang = $checked[$type] ? 'ja' : 'en';
JAPANIZE_execute($type, $lang);
$msgs[] = JAPANIZE_str('msg_' . $lang . '_' . $type);
}
}
} else {
$new = $current;
}
if (count($msgs) > 0) {
$li_style = ' style="margin: 0 0 0 2em; padding: 0;"';
$msgs = '<ol style="background-color: #ccff99; padding: 3px; border: solid 1px #33ccff;">' . '<li' . $li_style . '>' . implode('</li><li' . $li_style . '>', $msgs) . '</li></ol>';
} else {
$msgs = '';
}
if (DB_getItem($_TABLES['vars'], 'COUNT(*)', "name='japanize_plugin'") == 1) {
$sql = "UPDATE {$_TABLES['vars']} " . "SET value = '" . DB_escapeString($new) . "' " . "WHERE (name = 'japanize_plugin') ";
} else {
$sql = "INSERT INTO {$_TABLES['vars']} (name, value) " . "VALUES ('japanize_plugin', '" . DB_escapeString($new) . "') ";
}
DB_query($sql);
$T = new Template($_CONF['path'] . 'plugins/japanize/templates/admin');
$T->set_file('admin', 'index.thtml');
$T->set_var(array('checked1' => $checked[1] ? ' checked="checked"' : '', 'checked2' => $checked[2] ? ' checked="checked"' : '', 'checked3' => $checked[3] ? ' checked="checked"' : '', 'checked4' => $checked[4] ? ' checked="checked"' : '', 'checked5' => $checked[5] ? ' checked="checked"' : '', 'checked6' => $checked[6] ? ' checked="checked"' : '', 'icon_url' => plugin_geticon_japanize(), 'lang_cancel' => JAPANIZE_str('cancel'), 'lang_execute' => JAPANIZE_str('execute'), 'lang_japanize_all' => JAPANIZE_str('japanize_all'), 'lang_piname' => JAPANIZE_str('piname'), 'lang_restore_all' => JAPANIZE_str('restore_all'), 'msgs' => $msgs, 'site_admin_url' => $_CONF['site_admin_url'], 'token_name' => CSRF_TOKEN, 'token_value' => SEC_createToken(), 'xhtml' => XHTML));
$T->parse('output', 'admin');
$content = $T->finish($T->get_var('output'));
$display = is_callable('COM_createHTMLDocument') ? COM_createHTMLDocument($content) : COM_siteHeader() . $content . COM_siteFooter();
if (is_callable('COM_output')) {
COM_output($display);
} else {
echo $display;
}
case 'msg':
if (PLG_getItemInfo('staticpages', $_CONTACT_CONF['contact_page'], 'id') == $_CONTACT_CONF['contact_page']) {
$display .= PLG_getItemInfo('staticpages', $_CONTACT_CONF['contact_page'], 'excerpt');
}
$display .= '<div id="contactform" class="contactform">' . CONTACT_message($_GET['msg']) . '</div>';
if ($_CONTACT_CONF['contact_page_footer'] != '') {
if (PLG_getItemInfo('staticpages', $_CONTACT_CONF['contact_page_footer'], 'id') == $_CONTACT_CONF['contact_page_footer']) {
$display .= PLG_getItemInfo('staticpages', $_CONTACT_CONF['contact_page_footer'], 'excerpt');
}
}
break;
default:
if (PLG_getItemInfo('staticpages', $_CONTACT_CONF['contact_page'], 'id') == $_CONTACT_CONF['contact_page']) {
$display .= PLG_getItemInfo('staticpages', $_CONTACT_CONF['contact_page'], 'excerpt');
}
if ($_CONTACT_CONF['use_contact_form'] == 1) {
$display .= CONTACT_contactform($uid, true, $subject);
}
if ($_CONTACT_CONF['contact_page_footer'] != '') {
if (PLG_getItemInfo('staticpages', $_CONTACT_CONF['contact_page_footer'], 'id') == $_CONTACT_CONF['contact_page_footer']) {
$display .= PLG_getItemInfo('staticpages', $_CONTACT_CONF['contact_page_footer'], 'excerpt');
}
}
break;
}
if (!defined("CONTACT_TITLE")) {
define("CONTACT_TITLE", $LANG_CONTACT_1['plugin_name']);
}
$information = array('what' => CONTACT_MENU, 'pagetitle' => CONTACT_TITLE, 'breadcrumbs' => '', 'headercode' => '', 'rightblock' => CONTACT_FOOTER);
$display = COM_createHTMLDocument($display, $information);
COM_output($display);
/**
* Save a group to the database
*
* @param string $grp_id ID of group to save
* @param string $grp_name Group Name
* @param string $grp_descr Description of group
* @param boolean $grp_admin Flag that indicates this is an admin use group
* @param boolean $grp_gl_core Flag that indicates if this is a core Geeklog group
* @param boolean $grp_default Flag that indicates if this is a default group
* @param boolean $grp_applydefault Flag that indicates whether to apply a change in $grp_default to all existing user accounts
* @param array $features Features the group has access to
* @param array $groups Groups this group will belong to
* @return string HTML refresh or error message
*
*/
function savegroup($grp_id, $grp_name, $grp_descr, $grp_admin, $grp_gl_core, $grp_default, $grp_applydefault, $features, $groups)
{
global $_CONF, $_TABLES, $_USER, $LANG_ACCESS, $_GROUP_VERBOSE;
$retval = '';
if (!empty($grp_name) && !empty($grp_descr)) {
$GroupAdminGroups = SEC_getUserGroups();
if (!empty($grp_id) && $grp_id > 0 && !in_array($grp_id, $GroupAdminGroups) && !SEC_groupIsRemoteUserAndHaveAccess($grp_id, $GroupAdminGroups)) {
COM_accessLog("User {$_USER['username']} tried to edit group '{$grp_name}' ({$grp_id}) with insufficient privileges.");
return COM_refresh($_CONF['site_admin_url'] . '/group.php');
}
if ($grp_gl_core == 1 and !is_array($features)) {
COM_errorLog("Sorry, no valid features were passed to this core group ({$grp_id}) and saving could cause problem...bailing.");
return COM_refresh($_CONF['site_admin_url'] . '/group.php');
}
// group names have to be unique, so check if this one exists already
$g_id = DB_getItem($_TABLES['groups'], 'grp_id', "grp_name = '{$grp_name}'");
if ($g_id > 0) {
if (empty($grp_id) || $grp_id != $g_id) {
// there already is a group with that name - complain
$retval .= COM_showMessageText($LANG_ACCESS['groupexistsmsg'], $LANG_ACCESS['groupexists']) . editgroup($grp_id);
$retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG_ACCESS['groupeditor']));
return $retval;
}
}
$grp_descr = COM_stripslashes($grp_descr);
$grp_descr = DB_escapeString($grp_descr);
$grp_applydefault_add = true;
if (empty($grp_id)) {
DB_save($_TABLES['groups'], 'grp_name,grp_descr,grp_gl_core,grp_default', "'{$grp_name}','{$grp_descr}',{$grp_gl_core},{$grp_default}");
$grp_id = DB_getItem($_TABLES['groups'], 'grp_id', "grp_name = '{$grp_name}'");
$new_group = true;
} else {
if ($grp_applydefault == 1) {
// check if $grp_default changed
$old_default = DB_getItem($_TABLES['groups'], 'grp_default', "grp_id = {$grp_id}");
if ($old_default == $grp_default) {
// no change required
$grp_applydefault = 0;
} elseif ($old_default == 1) {
$grp_applydefault_add = false;
}
}
DB_save($_TABLES['groups'], 'grp_id,grp_name,grp_descr,grp_gl_core,grp_default', "{$grp_id},'{$grp_name}','{$grp_descr}',{$grp_gl_core},{$grp_default}");
$new_group = false;
}
if (empty($grp_id) || $grp_id < 1) {
// "this shouldn't happen"
COM_errorLog("Internal error: invalid group id");
$retval .= COM_showMessage(95);
$retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG_ACCESS['groupeditor']));
return $retval;
}
// Use the field grp_gl_core to indicate if this non-core GL Group
// is an Admin related group
if ($grp_gl_core != 1 and $grp_id > 1) {
if ($grp_admin == 1) {
DB_query("UPDATE {$_TABLES['groups']} SET grp_gl_core=2 WHERE grp_id={$grp_id}");
} else {
DB_query("UPDATE {$_TABLES['groups']} SET grp_gl_core=0 WHERE grp_id={$grp_id}");
}
}
// now save the features
DB_delete($_TABLES['access'], 'acc_grp_id', $grp_id);
$num_features = count($features);
if (SEC_inGroup('Root')) {
foreach ($features as $f) {
DB_query("INSERT INTO {$_TABLES['access']} (acc_ft_id,acc_grp_id) VALUES ({$f},{$grp_id})");
}
} else {
$GroupAdminFeatures = SEC_getUserPermissions();
$availableFeatures = explode(',', $GroupAdminFeatures);
foreach ($features as $f) {
if (in_array($f, $availableFeatures)) {
DB_query("INSERT INTO {$_TABLES['access']} (acc_ft_id,acc_grp_id) VALUES ({$f},{$grp_id})");
}
}
}
if ($_GROUP_VERBOSE) {
COM_errorLog('groups = ' . $groups);
COM_errorLog("deleting all group_assignments for group {$grp_id}/{$grp_name}", 1);
}
DB_delete($_TABLES['group_assignments'], 'ug_grp_id', $grp_id);
if (!empty($groups)) {
foreach ($groups as $g) {
if (in_array($g, $GroupAdminGroups)) {
if ($_GROUP_VERBOSE) {
COM_errorLog("adding group_assignment {$g} for {$grp_name}", 1);
}
$sql = "INSERT INTO {$_TABLES['group_assignments']} (ug_main_grp_id, ug_grp_id) VALUES ({$g},{$grp_id})";
DB_query($sql);
}
}
}
// Make sure Root group belongs to any new group
if (DB_getItem($_TABLES['group_assignments'], 'COUNT(*)', "ug_main_grp_id = {$grp_id} AND ug_grp_id = 1") == 0) {
DB_query("INSERT INTO {$_TABLES['group_assignments']} (ug_main_grp_id, ug_grp_id) VALUES ({$grp_id}, 1)");
}
// make sure this Group Admin belongs to the new group
if (!SEC_inGroup('Root')) {
if (DB_count($_TABLES['group_assignments'], 'ug_uid', "(ug_uid = {$_USER['uid']}) AND (ug_main_grp_id = {$grp_id})") == 0) {
DB_query("INSERT INTO {$_TABLES['group_assignments']} (ug_main_grp_id, ug_uid) VALUES ({$grp_id},{$_USER['uid']})");
}
}
if ($grp_applydefault == 1) {
applydefaultgroup($grp_id, $grp_applydefault_add);
}
if ($new_group) {
PLG_groupChanged($grp_id, 'new');
} else {
PLG_groupChanged($grp_id, 'edit');
}
if (isset($_REQUEST['chk_showall']) && $_REQUEST['chk_showall'] == 1) {
return COM_refresh($_CONF['site_admin_url'] . '/group.php?msg=49&chk_showall=1');
} else {
return COM_refresh($_CONF['site_admin_url'] . '/group.php?msg=49');
}
} else {
$retval .= COM_showMessageText($LANG_ACCESS['missingfieldsmsg'], $LANG_ACCESS['missingfields']) . editgroup($grp_id);
$retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG_ACCESS['groupeditor']));
return $retval;
}
}
/**
* Saves link to the database
*
* @param string $lid ID for link
* @param string $old_lid old ID for link
* @param string $cid cid of category link belongs to
* @param string $categorydd Category links belong to
* @param string $url URL of link to save
* @param string $description Description of link
* @param string $title Title of link
* @param int $hits Number of hits for link
* @param int $owner_id ID of owner
* @param int $group_id ID of group link belongs to
* @param int $perm_owner Permissions the owner has
* @param int $perm_group Permissions the group has
* @param int $perm_members Permissions members have
* @param int $perm_anon Permissions anonymous users have
* @return string HTML redirect or error message
* @global array core config vars
* @global array core group data
* @global array core table data
* @global array core user data
* @global array core msg data
* @global array links plugin lang admin vars
*
*/
function savelink($lid, $old_lid, $cid, $categorydd, $url, $description, $title, $hits, $owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon)
{
global $_CONF, $_GROUPS, $_TABLES, $_USER, $MESSAGE, $LANG_LINKS_ADMIN, $_LI_CONF;
$retval = '';
// Convert array values to numeric permission values
if (is_array($perm_owner) or is_array($perm_group) or is_array($perm_members) or is_array($perm_anon)) {
list($perm_owner, $perm_group, $perm_members, $perm_anon) = SEC_getPermissionValues($perm_owner, $perm_group, $perm_members, $perm_anon);
}
// Remove any autotags the user doesn't have permission to use
$description = PLG_replaceTags($description, '', true);
// clean 'em up
$description = DB_escapeString(COM_checkHTML(COM_checkWords($description), 'links.edit'));
$title = DB_escapeString(strip_tags(COM_checkWords($title)));
$cid = DB_escapeString($cid);
if (empty($owner_id)) {
// this is new link from admin, set default values
$owner_id = $_USER['uid'];
if (isset($_GROUPS['Links Admin'])) {
$group_id = $_GROUPS['Links Admin'];
} else {
$group_id = SEC_getFeatureGroup('links.edit');
}
$perm_owner = 3;
$perm_group = 2;
$perm_members = 2;
$perm_anon = 2;
}
$lid = COM_sanitizeID($lid);
$old_lid = COM_sanitizeID($old_lid);
if (empty($lid)) {
if (empty($old_lid)) {
$lid = COM_makeSid();
} else {
$lid = $old_lid;
}
}
// check for link id change
if (!empty($old_lid) && $lid != $old_lid) {
// check if new lid is already in use
if (DB_count($_TABLES['links'], 'lid', $lid) > 0) {
// TBD: abort, display editor with all content intact again
$lid = $old_lid;
// for now ...
}
}
$access = 0;
$old_lid = DB_escapeString($old_lid);
if (DB_count($_TABLES['links'], 'lid', $old_lid) > 0) {
$result = DB_query("SELECT owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon FROM {$_TABLES['links']} WHERE lid = '{$old_lid}'");
$A = DB_fetchArray($result);
$access = SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']);
} else {
$access = SEC_hasAccess($owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon);
}
if ($access < 3 || !SEC_inGroup($group_id)) {
$display .= COM_showMessageText($MESSAGE[29], $MESSAGE[30]);
$display = COM_createHTMLDocument($display, array('pagetitle' => $MESSAGE[30]));
COM_accessLog("User {$_USER['username']} tried to illegally submit or edit link {$lid}.");
COM_output($display);
exit;
} elseif (!empty($title) && !empty($description) && !empty($url)) {
if ($categorydd != $LANG_LINKS_ADMIN[7] && !empty($categorydd)) {
$cid = DB_escapeString($categorydd);
} else {
if ($categorydd != $LANG_LINKS_ADMIN[7]) {
echo COM_refresh($_CONF['site_admin_url'] . '/plugins/links/index.php');
}
}
DB_delete($_TABLES['linksubmission'], 'lid', $old_lid);
DB_delete($_TABLES['links'], 'lid', $old_lid);
DB_save($_TABLES['links'], 'lid,cid,url,description,title,date,hits,owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon', "'{$lid}','{$cid}','{$url}','{$description}','{$title}',NOW(),'{$hits}',{$owner_id},{$group_id},{$perm_owner},{$perm_group},{$perm_members},{$perm_anon}");
if (empty($old_lid) || $old_lid == $lid) {
PLG_itemSaved($lid, 'links');
} else {
PLG_itemSaved($lid, 'links', $old_lid);
}
// Get category for rdf check
$category = DB_getItem($_TABLES['linkcategories'], "category", "cid='{$cid}'");
COM_rdfUpToDateCheck('links', $category, $lid);
return PLG_afterSaveSwitch($_LI_CONF['aftersave'], COM_buildURL("{$_CONF['site_url']}/links/portal.php?what=link&item={$lid}"), 'links', 2);
} else {
// missing fields
$retval .= COM_errorLog($LANG_LINKS_ADMIN[10], 2);
if (DB_count($_TABLES['links'], 'lid', $old_lid) > 0) {
$retval .= editlink('edit', $old_lid);
} else {
$retval .= editlink('edit', '');
}
$retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG_LINKS_ADMIN[1]));
return $retval;
}
}
/**
* Saves the user's information back to the database
*
* @param array $A User's data
* @return string HTML error message or meta redirect
*
*/
function saveuser($A)
{
global $_CONF, $_TABLES, $_USER, $LANG04, $LANG24, $_US_VERBOSE;
if ($_US_VERBOSE) {
COM_errorLog('**** Inside saveuser in usersettings.php ****', 1);
}
$reqid = DB_getItem($_TABLES['users'], 'pwrequestid', "uid = {$_USER['uid']}");
if ($reqid != $A['uid']) {
DB_change($_TABLES['users'], 'pwrequestid', "NULL", 'uid', $_USER['uid']);
COM_accessLog("An attempt was made to illegally change the account information of user {$_USER['uid']}.");
return COM_refresh($_CONF['site_url'] . '/index.php');
}
if (!isset($A['cooktime'])) {
// If not set or possibly removed from template - set to default
$A['cooktime'] = $_CONF['default_perm_cookie_timeout'];
} else {
$A['cooktime'] = COM_applyFilter($A['cooktime'], true);
}
// If empty or invalid - set to user default
// So code after this does not fail the user password required test
if ($A['cooktime'] < 0) {
// note that == 0 is allowed!
$A['cooktime'] = $_USER['cookietimeout'];
}
// to change the password, email address, or cookie timeout,
// we need the user's current password
$service = DB_getItem($_TABLES['users'], 'remoteservice', "uid = {$_USER['uid']}");
if ($service == '') {
if (!empty($A['passwd']) || $A['email'] != $_USER['email'] || $A['cooktime'] != $_USER['cookietimeout']) {
// verify password
if (empty($A['old_passwd']) || SEC_encryptUserPassword($A['old_passwd'], $_USER['uid']) < 0) {
return COM_refresh($_CONF['site_url'] . '/usersettings.php?msg=83');
} elseif ($_CONF['custom_registration'] && function_exists('CUSTOM_userCheck')) {
$ret = CUSTOM_userCheck($A['username'], $A['email']);
if (!empty($ret)) {
// Need a numeric return for the default message handler
// - if not numeric use default message
if (!is_numeric($ret['number'])) {
$ret['number'] = 400;
}
return COM_refresh("{$_CONF['site_url']}/usersettings.php?msg={$ret['number']}");
}
}
} elseif ($_CONF['custom_registration'] && function_exists('CUSTOM_userCheck')) {
$ret = CUSTOM_userCheck($A['username'], $A['email']);
if (!empty($ret)) {
// Need a numeric return for the default message handler
// - if not numeric use default message
if (!is_numeric($ret['number'])) {
$ret['number'] = 400;
}
return COM_refresh("{$_CONF['site_url']}/usersettings.php?msg={$ret['number']}");
}
}
} else {
if ($A['email'] != $_USER['email'] || $A['cooktime'] != $_USER['cookietimeout']) {
// re athenticate remote user again for these changes to take place
// Can't just be done here since user may have to relogin to his service which then sends us back here and we lose his changes
}
}
// no need to filter the password as it's encoded anyway
if ($_CONF['allow_username_change'] == 1) {
$A['new_username'] = COM_applyFilter($A['new_username']);
if (!empty($A['new_username']) && $A['new_username'] != $_USER['username']) {
$A['new_username'] = DB_escapeString($A['new_username']);
if (DB_count($_TABLES['users'], 'username', $A['new_username']) == 0) {
if ($_CONF['allow_user_photo'] == 1) {
$photo = DB_getItem($_TABLES['users'], 'photo', "uid = {$_USER['uid']}");
if (!empty($photo)) {
$newphoto = preg_replace('/' . $_USER['username'] . '/', $A['new_username'], $photo, 1);
$imgpath = $_CONF['path_images'] . 'userphotos/';
if (rename($imgpath . $photo, $imgpath . $newphoto) === false) {
$display = COM_errorLog('Could not rename userphoto "' . $photo . '" to "' . $newphoto . '".');
$display = COM_createHTMLDocument($display, array('pagetitle' => $LANG04[21]));
return $display;
}
DB_change($_TABLES['users'], 'photo', DB_escapeString($newphoto), "uid", $_USER['uid']);
}
}
DB_change($_TABLES['users'], 'username', $A['new_username'], "uid", $_USER['uid']);
} else {
return COM_refresh($_CONF['site_url'] . '/usersettings.php?msg=51');
}
}
}
// a quick spam check with the unfiltered field contents
$profile = '<h1>' . $LANG04[1] . ' ' . $_USER['username'] . '</h1><p>';
// this is a hack, for some reason remoteservice links made SPAMX SLV check barf
if (empty($service)) {
$profile .= COM_createLink($A['homepage'], $A['homepage']) . '<br' . XHTML . '>';
}
$profile .= $A['location'] . '<br' . XHTML . '>' . $A['sig'] . '<br' . XHTML . '>' . $A['about'] . '<br' . XHTML . '>' . $A['pgpkey'] . '</p>';
$result = PLG_checkforSpam($profile, $_CONF['spamx']);
if ($result > 0) {
COM_displayMessageAndAbort($result, 'spamx', 403, 'Forbidden');
}
$A['email'] = COM_applyFilter($A['email']);
$A['email_conf'] = COM_applyFilter($A['email_conf']);
$A['homepage'] = COM_applyFilter($A['homepage']);
// basic filtering only
$A['fullname'] = strip_tags(COM_stripslashes($A['fullname']));
$A['location'] = strip_tags(COM_stripslashes($A['location']));
$A['sig'] = strip_tags(COM_stripslashes($A['sig']));
$A['about'] = strip_tags(COM_stripslashes($A['about']));
$A['pgpkey'] = strip_tags(COM_stripslashes($A['pgpkey']));
if (!COM_isEmail($A['email'])) {
return COM_refresh($_CONF['site_url'] . '/usersettings.php?msg=52');
} else {
if ($A['email'] !== $A['email_conf']) {
return COM_refresh($_CONF['site_url'] . '/usersettings.php?msg=78');
} else {
if (emailAddressExists($A['email'], $_USER['uid'])) {
return COM_refresh($_CONF['site_url'] . '/usersettings.php?msg=56');
} else {
$passwd = '';
if ($service == '') {
if (!empty($A['passwd'])) {
if ($A['passwd'] == $A['passwd_conf'] && SEC_encryptUserPassword($A['old_passwd'], $_USER['uid']) == 0) {
SEC_updateUserPassword($A['passwd'], $_USER['uid']);
if ($A['cooktime'] > 0) {
$cooktime = $A['cooktime'];
} else {
$cooktime = -1000;
}
SEC_setCookie($_CONF['cookie_password'], $passwd, time() + $cooktime);
} elseif (SEC_encryptUserPassword($A['old_passwd'], $_USER['uid']) < 0) {
return COM_refresh($_CONF['site_url'] . '/usersettings.php?msg=68');
} elseif ($A['passwd'] != $A['passwd_conf']) {
return COM_refresh($_CONF['site_url'] . '/usersettings.php?msg=67');
}
}
} else {
// Cookie
if ($A['cooktime'] > 0) {
$cooktime = $A['cooktime'];
} else {
$cooktime = -1000;
}
SEC_setCookie($_CONF['cookie_password'], $passwd, time() + $cooktime);
}
if ($_US_VERBOSE) {
COM_errorLog('cooktime = ' . $A['cooktime'], 1);
}
if ($A['cooktime'] <= 0) {
$cooktime = 1000;
SEC_setCookie($_CONF['cookie_name'], $_USER['uid'], time() - $cooktime);
} else {
SEC_setCookie($_CONF['cookie_name'], $_USER['uid'], time() + $A['cooktime']);
}
if ($_CONF['allow_user_photo'] == 1) {
$delete_photo = '';
if (isset($A['delete_photo'])) {
$delete_photo = $A['delete_photo'];
}
$filename = handlePhotoUpload($delete_photo);
}
if (!empty($A['homepage'])) {
$pos = MBYTE_strpos($A['homepage'], ':');
if ($pos === false) {
$A['homepage'] = 'http://' . $A['homepage'];
} else {
$prot = substr($A['homepage'], 0, $pos + 1);
if ($prot != 'http:' && $prot != 'https:') {
$A['homepage'] = 'http:' . substr($A['homepage'], $pos + 1);
}
}
$A['homepage'] = DB_escapeString($A['homepage']);
}
$A['fullname'] = DB_escapeString($A['fullname']);
$A['email'] = DB_escapeString($A['email']);
$A['location'] = DB_escapeString($A['location']);
$A['sig'] = DB_escapeString($A['sig']);
$A['about'] = DB_escapeString($A['about']);
$A['pgpkey'] = DB_escapeString($A['pgpkey']);
if (!empty($filename)) {
if (!file_exists($_CONF['path_images'] . 'userphotos/' . $filename)) {
$filename = '';
}
}
DB_query("UPDATE {$_TABLES['users']} SET fullname='{$A['fullname']}',email='{$A['email']}',homepage='{$A['homepage']}',sig='{$A['sig']}',cookietimeout={$A['cooktime']},photo='{$filename}' WHERE uid={$_USER['uid']}");
DB_query("UPDATE {$_TABLES['userinfo']} SET pgpkey='{$A['pgpkey']}',about='{$A['about']}',location='{$A['location']}' WHERE uid={$_USER['uid']}");
// Call custom registration save function if enabled and exists
if ($_CONF['custom_registration'] and function_exists('CUSTOM_userSave')) {
CUSTOM_userSave($_USER['uid']);
}
PLG_userInfoChanged($_USER['uid']);
// at this point, the user information has been saved, but now we're going to check to see if
// the user has requested resynchronization with their remoteservice account
$msg = 5;
// default msg = Your account information has been successfully saved
if (isset($A['resynch'])) {
if ($_CONF['user_login_method']['oauth'] && strpos($_USER['remoteservice'], 'oauth.') === 0) {
$modules = SEC_collectRemoteOAuthModules();
$active_service = count($modules) == 0 ? false : in_array(substr($_USER['remoteservice'], 6), $modules);
if (!$active_service) {
$status = -1;
$msg = 115;
// Remote service has been disabled.
} else {
require_once $_CONF['path_system'] . 'classes/oauthhelper.class.php';
$service = substr($_USER['remoteservice'], 6);
$consumer = new OAuthConsumer($service);
$callback_url = $_CONF['site_url'];
$consumer->setRedirectURL($callback_url);
$user = $consumer->authenticate_user();
$consumer->doSynch($user);
}
}
if ($msg != 5) {
$msg = 114;
// Account saved but re-synch failed.
COM_errorLog($MESSAGE[$msg]);
}
}
if ($_US_VERBOSE) {
COM_errorLog('**** Leaving saveuser in usersettings.php ****', 1);
}
return COM_refresh($_CONF['site_url'] . '/users.php?mode=profile&uid=' . $_USER['uid'] . '&msg=' . $msg);
}
}
}
}
$mode = COM_applyFilter($_POST['mode']);
$bquota = COM_applyFilter($_POST['bquota'], true);
$bquota = $bquota * 1048576;
$numItems = count($_POST['uid']);
for ($i = 0; $i < $numItems; $i++) {
DB_change($_TABLES['mg_userprefs'], 'quota', $bquota, 'uid', $_POST['uid'][$i]);
if (DB_error()) {
$sql = "INSERT INTO {$_TABLES['mg_userprefs']} (uid, active, display_rows, display_columns, mp3_player, playback_mode, tn_size, quota, member_gallery) " . "VALUES (" . $uid . ",1,0,0,-1,-1,-1," . $bquota . ",0)";
DB_query($sql, 1);
}
}
}
$page = isset($_GET['page']) ? COM_applyFilter($_GET['page'], true) : 0;
if ($page <= 0) {
$page = 0;
} else {
$page--;
}
$quota = isset($_POST['quota']) ? COM_applyFilter($_POST['quota'], true) : 0;
$used = isset($_POST['used']) ? COM_applyFilter($_POST['used'], true) : 0;
$T = new Template($_MG_CONF['template_path']);
$T->set_file('admin', 'administration.thtml');
$T->set_var(array('site_admin_url' => $_MG_CONF['admin_url'], 'site_url' => $_MG_CONF['site_url'], 'lang_admin' => $LANG_MG00['admin'], 'xhtml' => XHTML));
$T->set_var(array('admin_body' => MG_quotaReport($page, $quota, $used), 'title' => $LANG_MG01['quota_report'], 'lang_help' => '<img src="' . MG_getImageFile('button_help.png') . '" border="0" alt="?">', 'help_url' => $_MG_CONF['site_url'] . '/docs/usage.html#Member_Album_User_list'));
$T->parse('output', 'admin');
$display = COM_startBlock($LANG_MG00['admin'], '', COM_getBlockTemplate('_admin_block', 'header'));
$display .= MG_showAdminMenu('member_albums');
$display .= $T->finish($T->get_var('output'));
$display .= COM_endBlock(COM_getBlockTemplate('_admin_block', 'footer'));
$display = COM_createHTMLDocument($display, array('pagetitle' => $LANG_MG01['quota_report']));
COM_output($display);
} elseif ($mode == $LANG_ADMIN['save'] && !empty($LANG_ADMIN['save']) && SEC_checkToken()) {
$msg = links_save_category($_POST['cid'], $_POST['old_cid'], $_POST['pid'], $_POST['category'], $_POST['description'], COM_applyFilter($_POST['tid']), COM_applyFilter($_POST['owner_id'], true), COM_applyFilter($_POST['group_id'], true), $_POST['perm_owner'], $_POST['perm_group'], $_POST['perm_members'], $_POST['perm_anon']);
$display .= COM_showMessage($msg, 'links');
$display .= links_list_categories($root);
$display = COM_createHTMLDocument($display, array('pagetitle' => $LANG_LINKS_ADMIN[11]));
// edit category
} else {
if ($mode == 'edit') {
$pid = '';
if (isset($_GET['pid'])) {
$pid = strip_tags(COM_stripslashes($_GET['pid']));
}
$cid = '';
if (isset($_GET['cid'])) {
$cid = strip_tags(COM_stripslashes($_GET['cid']));
}
$display .= links_edit_category($cid, $pid);
$display = COM_createHTMLDocument($display, array('pagetitle' => $LANG_LINKS_ADMIN[56]));
// nothing, so list categories
} else {
if (isset($_REQUEST['msg'])) {
$msg = COM_applyFilter($_REQUEST['msg'], true);
if ($msg > 0) {
$display .= COM_showMessage($msg, 'links');
}
}
$display .= links_list_categories($root);
$display = COM_createHTMLDocument($display, array('pagetitle' => $LANG_LINKS_ADMIN[11]));
}
}
COM_output($display);
if (count($categories) == 0) {
list($num_items, $items) = MYCALJP_buildItems($driver, $driver_name, false);
$T->set_var('category_list', $items);
} else {
$cats = '';
foreach ($categories as $category) {
list($num_cat, $cat) = MYCALJP_buildCategory($driver, $driver_name, $category);
if ($num_cat > 0) {
$cats .= $cat;
}
$num_items += $num_cat;
}
$T->set_var('categories', $cats);
$T->parse('category_list', 't_category_list');
}
if ($num_items > 0) {
$T->set_var('num_items', $num_items);
if ($content == 'stories' && $_MYCALJP2_CONF['showstoriesintro']) {
$T->set_var('contents', MYCALJP_showStoriesIntro());
$T->parse('data_sources', 't_data_source_no_hr', true);
} else {
$T->parse('data_sources', 't_data_source', true);
}
}
}
$T->set_var('lang_site_calendar_result', $LANG_MYCALJP['pickup_title']);
// ハードコード
$T->parse('output', 't_index');
$display = $T->finish($T->get_var('output'));
$display = COM_createHTMLDocument($display, array('rightblock' => $_MYCALJP2_CONF['enablesrblocks']));
COM_output($display);
}
$retval['errorCode'] = 0;
$return["json"] = json_encode($retval);
echo json_encode($return);
exit;
break;
case 'convertdbcomplete':
$engine = COM_applyFilter($_POST['engine']);
DBADMIN_ajaxFinishCvt($engine);
$retval['errorCode'] = 0;
$return["json"] = json_encode($retval);
echo json_encode($return);
exit;
break;
case 'dbbackup_init':
DBADMIN_backupAjax();
break;
case 'dbbackup_table':
DBADMIN_backupTableAjax();
break;
case 'dbbackup_complete':
DBADMIN_backupCompleteAjax();
break;
}
break;
default:
$page = DBADMIN_list();
break;
}
$display = COM_createHTMLDocument($page, array('pagetitle' => $LANG_DB_BACKUP['database_admin']));
COM_output($display);
}
if (!isset($_POST['sp_inblock'])) {
$_POST['sp_inblock'] = '';
}
if (!isset($_POST['postmode'])) {
$_POST['postmode'] = '';
}
if (!isset($_POST['draft_flag'])) {
$_POST['draft_flag'] = '';
}
if (!isset($_POST['cache_time'])) {
$_POST['cache_time'] = $_SP_CONF['default_cache_time'];
}
if (!isset($_POST['template_flag'])) {
$_POST['template_flag'] = '';
}
$display .= submitstaticpage($sp_id, $_POST['sp_title'], $_POST['sp_page_title'], $_POST['sp_content'], COM_applyFilter($_POST['sp_hits'], true), COM_applyFilter($_POST['sp_format']), $_POST['sp_onmenu'], $_POST['sp_label'], COM_applyFilter($_POST['commentcode'], true), COM_applyFilter($_POST['owner_id'], true), COM_applyFilter($_POST['group_id'], true), $_POST['perm_owner'], $_POST['perm_group'], $_POST['perm_members'], $_POST['perm_anon'], $_POST['sp_php'], $_POST['sp_nf'], COM_applyFilter($_POST['sp_old_id']), $_POST['sp_centerblock'], $sp_help, COM_applyFilter($_POST['sp_where'], true), $_POST['sp_inblock'], COM_applyFilter($_POST['postmode']), $_POST['meta_description'], $_POST['meta_keywords'], $_POST['draft_flag'], $_POST['template_flag'], $_POST['template_id'], COM_applyFilter($_POST['cache_time'], true));
} else {
$display = COM_refresh($_CONF['site_admin_url'] . '/index.php');
}
} else {
if (isset($_REQUEST['msg'])) {
$msg = COM_applyFilter($_REQUEST['msg'], true);
if ($msg > 0) {
$display .= COM_showMessage($msg, 'staticpages');
}
}
$display .= liststaticpages();
$display = COM_createHTMLDocument($display, array('pagetitle' => $LANG_STATIC['staticpagelist']));
}
COM_output($display);
/**
* This will save a submission
*
* @param string $type Type of submission we are dealing with
* @param array $A Data for that submission
*
*/
function savesubmission($type, $A)
{
global $_CONF, $_TABLES, $LANG12;
COM_clearSpeedlimit($_CONF['speedlimit'], 'submit');
$last = COM_checkSpeedlimit('submit');
if ($last > 0) {
$retval = COM_showMessageText($LANG12[30] . $last . $LANG12[31], $LANG12[26]);
$retval = COM_createHTMLDocument($retval);
return $retval;
}
if (!empty($type) && $type !== 'story') {
// Update the submitspeedlimit for user - assuming Plugin approves
// submission record
COM_updateSpeedlimit('submit');
// see if this is a submission that needs to be handled by a plugin
// and should include its own redirect
$retval = PLG_saveSubmission($type, $A);
if ($retval === false) {
COM_errorLog("Could not save your submission. Bad type: {$type}");
} elseif (empty($retval)) {
// plugin should include its own redirect - but in case handle
// it here and redirect to the main page
PLG_submissionSaved($type);
COM_redirect($_CONF['site_url'] . '/index.php');
} else {
PLG_submissionSaved($type);
return $retval;
}
}
if (!empty($A['title']) && !empty($A['introtext']) && TOPIC_checkTopicSelectionControl()) {
$retval = savestory($A);
PLG_submissionSaved($type);
} else {
$retval = COM_showMessageText($LANG12[23], $LANG12[22]) . submissionform($type);
$retval = COM_createHTMLDocument($retval);
}
return $retval;
}
$log = 'error.log';
}
$display = '';
$menu_arr = array(array('url' => $_CONF['site_admin_url'], 'text' => $LANG_ADMIN['admin_home']));
$display = COM_startBlock($LANG_LOGVIEW['log_viewer'], '', COM_getBlockTemplate('_admin_block', 'header')) . ADMIN_createMenu($menu_arr, $LANG_LOGVIEW['info'], $_CONF['layout_url'] . '/images/icons/log_viewer.' . $_IMAGE_TYPE);
$display .= '<form method="post" action="' . $_CONF['site_admin_url'] . '/logviewer.php" class="uk-form"><div>' . $LANG_LOGVIEW['logs'] . ': ' . '<select name="log">';
foreach (glob($_CONF['path_log'] . '*.log') as $file) {
$file = basename($file);
$display .= '<option value="' . $file . '"';
if ($log === $file) {
$display .= ' selected="selected"';
}
$display .= '>' . $file . '</option>';
}
$display .= '</select> ' . '<button type="submit" name="viewlog" value="' . $LANG_LOGVIEW['view'] . '" class="uk-button">' . $LANG_LOGVIEW['view'] . '</button>' . ' ' . '<button type="submit" name="clearlog" value="' . $LANG_LOGVIEW['clear'] . '" class="uk-button" onclick="return confirm(\'' . $MESSAGE[76] . '\');">' . $LANG_LOGVIEW['clear'] . '</button>' . '</div></form>';
if (isset($_POST['clearlog'])) {
if (@unlink($_CONF['path_log'] . $log)) {
$timestamp = strftime("%c");
@file_put_contents($_CONF['path_log'] . $log, "{$timestamp} - Log File Cleared " . PHP_EOL, FILE_APPEND);
$_POST['viewlog'] = 1;
}
}
if (isset($_POST['viewlog'])) {
$display .= '<p><strong>' . $LANG_LOGVIEW['log_file'] . ': ' . $log . '</strong></p>' . '<div style="margin:10px 0 5px;border-bottom:1px solid #cccccc;"></div>' . '<pre style="overflow:scroll; height:500px;">' . htmlentities(file_get_contents($_CONF['path_log'] . $log), ENT_NOQUOTES, COM_getEncodingt()) . '</pre>';
}
$display .= COM_endBlock(COM_getBlockTemplate('_admin_block', 'footer'));
$output = COM_createHTMLDocument($display, array('pagetitle' => $LANG_LOGVIEW['log_viewer']));
header('Content-Type: text/html; charset=' . COM_getEncodingt());
header('X-XSS-Protection: 1; mode=block');
header('X-Content-Type-Options: nosniff');
COM_output($output);
// +--------------------------------------------------------------------------+
// | |
// | This program is free software; you can redistribute it and/or |
// | modify it under the terms of the GNU General Public License |
// | as published by the Free Software Foundation; either version 2 |
// | of the License, or (at your option) any later version. |
// | |
// | This program is distributed in the hope that it will be useful, |
// | but WITHOUT ANY WARRANTY; without even the implied warranty of |
// | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
// | GNU General Public License for more details. |
// | |
// | You should have received a copy of the GNU General Public License |
// | along with this program; if not, write to the Free Software Foundation, |
// | Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. |
// | |
// +--------------------------------------------------------------------------+
require_once '../lib-common.php';
$display = '';
if (!SEC_inGroup('Root')) {
$display .= COM_showMessageText($MESSAGE[29], $MESSAGE[30]);
$display = COM_createHTMLDocument($display, array('pagetitle' => $MESSAGE[30]));
COM_accessLog("User {$_USER['username']} tried to illegally access the clear cache.");
COM_output($display);
exit;
}
/*
* Main processing
*/
CTL_clearCache();
COM_redirect($_CONF['site_admin_url'] . '/index.php?msg=500');
/**
* Display weblog directory service editor
*
* @param int $pid ID of the service or 0 for new service
* @param string $msg an error message to display
* @param string $new_name name of the service
* @param string $new_site_url URL of the service's site
* @param string $new_ping_url URL to ping at the service
* @param string $new_method ping method to use
* @param int $new_enabled service is enabled (1) / disabled (0)
* @return string HTML for the editor
*
*/
function editServiceForm($pid, $msg = '', $new_name = '', $new_site_url = '', $new_ping_url = '', $new_method = '', $new_enabled = -1)
{
global $_CONF, $_TABLES, $LANG_TRB, $LANG_ADMIN, $MESSAGE;
$retval = '';
if ($pid > 0) {
$result = DB_query("SELECT * FROM {$_TABLES['pingservice']} WHERE pid = '{$pid}'");
$A = DB_fetchArray($result);
} else {
$A['is_enabled'] = 1;
$A['method'] = 'weblogUpdates.ping';
}
if (!empty($new_name)) {
$A['name'] = $new_name;
}
if (!empty($new_site_url)) {
$A['site_url'] = $new_site_url;
}
if (!empty($new_ping_url)) {
$A['ping_url'] = $new_ping_url;
}
if (!empty($new_method)) {
$A['method'] = $new_method;
}
if ($new_enabled >= 0) {
$A['is_enabled'] = $new_enabled;
}
if (!empty($msg)) {
$retval .= showTrackbackMessage('Error', $msg);
}
$token = SEC_createToken();
$retval .= COM_startBlock($LANG_TRB['edit_service'], getHelpUrl() . '#ping', COM_getBlockTemplate('_admin_block', 'header'));
$retval .= SEC_getTokenExpiryNotice($token);
$template = COM_newTemplate($_CONF['path_layout'] . 'admin/trackback');
$template->set_file(array('editor' => 'serviceeditor.thtml'));
$template->set_var('max_url_length', 255);
$template->set_var('method_ping', 'weblogUpdates.ping');
$template->set_var('method_ping_extended', 'weblogUpdates.extendedPing');
$template->set_var('lang_name', $LANG_TRB['service']);
$template->set_var('lang_site_url', $LANG_TRB['service_website']);
$template->set_var('lang_ping_url', $LANG_TRB['service_ping_url']);
$template->set_var('lang_enabled', $LANG_ADMIN['enabled']);
$template->set_var('lang_method', $LANG_TRB['ping_method']);
$template->set_var('lang_method_standard', $LANG_TRB['ping_standard']);
$template->set_var('lang_method_extended', $LANG_TRB['ping_extended']);
$template->set_var('lang_save', $LANG_ADMIN['save']);
$template->set_var('lang_cancel', $LANG_ADMIN['cancel']);
if ($pid > 0) {
$delbutton = '<input type="submit" value="' . $LANG_ADMIN['delete'] . '" name="servicemode[2]"%s' . XHTML . '>';
$jsconfirm = ' onclick="return confirm(\'' . $MESSAGE[76] . '\');"';
$template->set_var('delete_option', sprintf($delbutton, $jsconfirm));
$template->set_var('delete_option_no_confirmation', sprintf($delbutton, ''));
} else {
$template->set_var('delete_option', '');
}
if (isset($A['pid'])) {
$template->set_var('service_id', $A['pid']);
} else {
$template->set_var('service_id', '');
}
if (isset($A['name'])) {
$template->set_var('service_name', $A['name']);
} else {
$template->set_var('service_name', '');
}
if (isset($A['site_url'])) {
$template->set_var('service_site_url', $A['site_url']);
} else {
$template->set_var('service_site_url', '');
}
if (isset($A['ping_url'])) {
$template->set_var('service_ping_url', $A['ping_url']);
} else {
$template->set_var('service_ping_url', '');
}
if ($A['is_enabled'] == 1) {
$template->set_var('is_enabled', 'checked="checked"');
} else {
$template->set_var('is_enabled', '');
}
if ($A['method'] == 'weblogUpdates.ping') {
$template->set_var('standard_is_checked', 'checked="checked"');
$template->set_var('extended_is_checked', '');
} else {
$template->set_var('standard_is_checked', '');
$template->set_var('extended_is_checked', 'checked="checked"');
}
$template->set_var('gltoken_name', CSRF_TOKEN);
$template->set_var('gltoken', $token);
$template->parse('output', 'editor');
$retval .= $template->finish($template->get_var('output'));
$retval .= COM_endBlock(COM_getBlockTemplate('_admin_block', 'footer'));
$retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG_TRB['edit_service']));
return $retval;
}
/**
* Check a security token.
* Checks the POST and GET data for a security token, if one exists, validates
* that it's for this user and URL. If the token is not valid, it asks the user
* to re-authenticate and resends the request if authentication was successful.
*
* @return boolean true if the token is valid; does not return if not!
* @see SECINT_checkToken
* @link http://wiki.geeklog.net/index.php/Re-Authentication_for_expired_Tokens
*/
function SEC_checkToken()
{
global $_CONF, $LANG20, $LANG_ADMIN;
if (SECINT_checkToken()) {
// if this was a recreated request, recreate $_FILES array, too
SECINT_recreateFilesArray();
return true;
}
/**
* Token not valid (probably expired): Ask user to authenticate again
*/
$returnurl = COM_getCurrentUrl();
$method = strtoupper($_SERVER['REQUEST_METHOD']);
$postdata = serialize($_POST);
$getdata = serialize($_GET);
$files = '';
if (!empty($_FILES)) {
// rescue uploaded files
foreach ($_FILES as $key => $f) {
if (!empty($f['name'])) {
$filename = basename($f['tmp_name']);
move_uploaded_file($f['tmp_name'], $_CONF['path_data'] . $filename);
$_FILES[$key]['tmp_name'] = $filename;
// drop temp. dir
}
}
$files = serialize($_FILES);
}
$display = COM_showMessageText($LANG_ADMIN['token_expired']) . SECINT_authform($returnurl, $method, $postdata, $getdata, $files);
$display = COM_createHTMLDocument($display, array('pagetitle' => $LANG20[1]));
COM_output($display);
exit;
// we don't return from here
}
$directory = DIR_displayAll($template, $dir_topic);
$page_navigation = '';
$block_title = $LANG_DIR['title'];
$val_year = 0;
$val_month = 0;
if ($conf_list_current_month) {
$currentTime = time();
$currentYear = date('Y', $currentTime);
$currentMonth = date('n', $currentTime);
$thisMonth = COM_startBlock($LANG_MONTH[$currentMonth]) . DIR_displayMonth($template, $dir_topic, $currentYear, $currentMonth) . COM_endBlock();
if (TEMPLATE_EXISTS) {
$template->set_var('current_month', $thisMonth);
} else {
$display .= $thisMonth;
}
}
}
if (TEMPLATE_EXISTS) {
$topic_list = TOPIC_getTopicListSelect($dir_topic, 2, true);
$template->set_var(array('url' => $_CONF['site_url'] . '/' . THIS_SCRIPT, 'topic_list' => $topic_list, 'blockheader' => COM_startBlock($block_title), 'val_year' => $val_year, 'val_month' => $val_month, 'directory' => $directory, 'page_navigation' => $page_navigation, 'blockfooter' => COM_endBlock()));
$template->parse('output', 't_directory');
$display .= $template->finish($template->get_var('output'));
} else {
$display .= COM_startBlock($block_title);
$display .= DIR_topicList($dir_topic, $val_year, $val_month) . LB;
$display .= $directory;
$display .= '<div class="pagenav">' . $page_navigation . '</div>' . LB;
$display .= COM_endBlock();
}
$display = COM_createHTMLDocument($display, array('pagetitle' => $title, 'headercode' => $headerCode));
COM_output($display);
/**
* Display "batch add" (import) form
*
* @return string HTML for import form
*
*/
function display_batchAddform()
{
global $_CONF, $LANG28, $LANG_ADMIN, $_IMAGE_TYPE;
require_once $_CONF['path_system'] . 'lib-admin.php';
$retval = '';
$token = SEC_createToken();
$retval .= COM_startBlock($LANG28[24], '', COM_getBlockTemplate('_admin_block', 'header'));
$menu_arr = array(array('url' => $_CONF['site_admin_url'] . '/user.php', 'text' => $LANG28[11]), array('url' => $_CONF['site_admin_url'] . '/user.php?mode=batchdelete', 'text' => $LANG28[54]), array('url' => $_CONF['site_admin_url'], 'text' => $LANG_ADMIN['admin_home']));
$desc = '<p>' . $LANG28[25] . '</p>';
$icon = $_CONF['layout_url'] . '/images/icons/user.' . $_IMAGE_TYPE;
$retval .= ADMIN_createMenu($menu_arr, $desc, $icon);
$retval .= '<form action="' . $_CONF['site_admin_url'] . '/user.php" method="post" enctype="multipart/form-data"><div>' . $LANG28[29] . ': <input type="file" dir="ltr" name="importfile" size="40"' . XHTML . '>' . '<input type="hidden" name="mode" value="import"' . XHTML . '>' . '<input type="submit" name="submit" value="' . $LANG28[30] . '"' . XHTML . '><input type="hidden" name="' . CSRF_TOKEN . "\" value=\"{$token}\"" . XHTML . '></div></form>' . LB;
$retval .= COM_endBlock(COM_getBlockTemplate('_admin_block', 'footer'));
$retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG28[24]));
return $retval;
}
$retval .= "</select> ";
$retval .= "<input type=\"submit\" name=\"action\" value=\"{$LANG_CP00['view_file']}\"" . XHTML . ">";
$retval .= " ";
$retval .= "<input type=\"submit\" name=\"action\" value=\"{$LANG_CP00['clear_file']}\"" . XHTML . ">";
$retval .= "</form>";
$action = COM_applyFilter($_REQUEST['action']);
if ($action == $LANG_CP00['clear_file']) {
@unlink($_CONF['path_log'] . $log);
$timestamp = strftime("%c");
$fd = fopen($_CONF['path_log'] . $log, 'a');
fputs($fd, "{$timestamp} - {$LANG_CP00['file_cleared']} \n");
fclose($fd);
$action = $LANG_CP00['view_file'];
}
if ($action == $LANG_CP00['view_file']) {
$retval .= "<hr" . XHTML . "><p><b>{$LANG_CP00['file']} " . $log . "</b></p><div class=\"captcha_logview\">";
if (file_exists($_CONF['path_log'] . $log)) {
$retval .= implode('<br' . XHTML . '><br' . XHTML . '>', file($_CONF['path_log'] . $log));
}
$retval .= "</div>";
}
$T->set_var(array('admin_body' => $retval, 'title' => $LANG_CP00['log_viewer']));
$T->parse('output', 'admin');
$display .= $T->finish($T->get_var('output')) . COM_endBlock();
//Output
if (function_exists("COM_createHTMLDocument")) {
//Geeklog 2.0+
COM_output(COM_createHTMLDocument($display));
} else {
COM_output(COM_siteHeader() . $display . COM_siteFooter(true));
}
if (isset($_GET['mode'])) {
$mode = COM_applyFilter($_GET['mode']);
}
}
$T = new Template($_MG_CONF['template_path']);
$T->set_file('admin', 'administration.thtml');
$T->set_var(array('site_admin_url' => $_CONF['site_admin_url'], 'site_url' => $_MG_CONF['site_url'], 'lang_admin' => $LANG_MG00['admin'], 'xhtml' => XHTML));
if ($mode == $LANG_MG01['save'] && !empty($LANG_MG01['save'])) {
MG_createUsers();
exit;
} elseif ($mode == $LANG_MG01['cancel']) {
echo COM_refresh($_MG_CONF['admin_url'] . 'index.php');
exit;
} else {
if (isset($_REQUEST['page'])) {
$page = COM_applyFilter($_REQUEST['page'], true) - 1;
if ($page < 0) {
$page = 0;
}
} else {
$page = 0;
}
$T->set_var(array('admin_body' => MG_selectUsers($page), 'title' => $LANG_MG01['batch_create_members'], 'lang_help' => '<img src="' . MG_getImageFile('button_help.png') . '" style="border:none;" alt="?"' . XHTML . '>', 'help_url' => $_MG_CONF['site_url'] . '/docs/usage.html#Batch_Create_Member_Albums'));
}
$T->parse('output', 'admin');
$display = COM_startBlock($LANG_MG00['admin'], '', COM_getBlockTemplate('_admin_block', 'header'));
$display .= MG_showAdminMenu('member_albums');
$display .= $T->finish($T->get_var('output'));
$display .= COM_endBlock(COM_getBlockTemplate('_admin_block', 'footer'));
$display = COM_createHTMLDocument($display);
COM_output($display);
// poll doesn't exist or user doesn't have access
COM_handle404($_CONF['site_url'] . '/polls/index.php');
} else {
// Meta Tags
$headercode = '';
if ($_PO_CONF['meta_tags'] > 0) {
$headercode = LB . PLG_getMetaTags('poll', $pid, array(array('name' => 'description', 'content' => stripslashes($A['meta_description'])), array('name' => 'keywords', 'content' => stripslashes($A['meta_keywords']))));
}
if ($msg > 0) {
$display .= COM_showMessage($msg, 'polls');
}
if (isset($_POST['aid'])) {
$display .= COM_showMessageText($LANG_POLLS['answer_all'] . ' "' . $polltopic . '"', $LANG_POLLS['not_saved']);
}
if (DB_getItem($_TABLES['polltopics'], 'is_open', "pid = '{$pid}'") != 1) {
$aid = -1;
// poll closed - show result
}
if (!isset($_COOKIE['poll-' . $pid]) && !POLLS_ipAlreadyVoted($pid) && $aid != -1) {
$display .= POLLS_pollVote($pid, true, 0, $order, $mode, $page);
} else {
$display .= POLLS_pollResults($pid, 400, $order, $mode, $page);
}
$display = COM_createHTMLDocument($display, array('pagetitle' => $polltopic, 'headercode' => $headercode));
}
} else {
$display .= polllist();
$display = COM_createHTMLDocument($display, array('pagetitle' => $LANG_POLLS['pollstitle']));
}
}
COM_output($display);
