/**
* Apply a basic filter
*
* @param string|array $var
* @param bool $isNumeric
* @return string|array
*/
public static function applyFilter($var, $isNumeric = false)
{
if (is_array($var)) {
return array_map(__METHOD__, $var);
}
if (is_callable('COM_applyBasicFilter')) {
$var = COM_applyBasicFilter($var);
} else {
// Simulate COM_applyBasicFilter
$var = \GLText::remove4byteUtf8Chars($var);
$var = strip_tags($var);
if (is_callable('COM_killJS')) {
$var = COM_killJS($var);
// doesn't help a lot right now, but still ...
} else {
$var = preg_replace('/(\\s)+[oO][nN](\\w*) ?=/', '\\1in\\2=', $var);
}
if ($isNumeric) {
// Note: PHP's is_numeric() accepts values like 4e4 as numeric
if (!is_numeric($var) || preg_match('/^-?\\d+$/', $var) == 0) {
$var = 0;
}
} else {
$var = preg_replace('/\\/\\*.*/', '', $var);
$var = explode("'", $var);
$var = explode('"', $var[0]);
$var = explode('`', $var[0]);
$var = explode(';', $var[0]);
$var = explode(',', $var[0]);
$var = explode('\\', $var[0]);
$var = $var[0];
}
}
return $var;
}
function ppApplyFilter($parameter, $isnumeric = false, $returnzero = true)
{
$p = COM_stripslashes($parameter);
$p = strip_tags($p);
$p = COM_killJS($p);
if ($isnumeric) {
// Note: PHP's is_numeric() accepts values like 4e4 as numeric
// Strip out any common number formatting characters
$p = preg_replace('/[\\s-\\(\\)]+/', '', $p);
if (!is_numeric($p) || preg_match('/^([0-9]+)$/', $p) == 0) {
if ($returnzero) {
$p = 0;
} else {
$p = '';
}
}
} else {
$pa = explode("'", $p);
$pa = explode('"', $pa['0']);
$pa = explode('`', $pa['0']);
$p = $pa['0'];
}
return $p;
}
/**
* Shows a profile for a user
*
* This grabs the user profile for a given user and displays it
*
* @param int $user User ID of profile to get
* @param int $msg Message to display (if != 0)
* @return string HTML for user profile page
*
*/
function userprofile($user, $msg = 0)
{
global $_CONF, $_TABLES, $_USER, $LANG01, $LANG04, $LANG09, $LANG_LOGIN;
$retval = '';
if (empty($_USER['username']) && ($_CONF['loginrequired'] == 1 || $_CONF['profileloginrequired'] == 1)) {
$retval .= COM_siteHeader('menu');
$retval .= COM_startBlock($LANG_LOGIN[1], '', COM_getBlockTemplate('_msg_block', 'header'));
$login = new Template($_CONF['path_layout'] . 'submit');
$login->set_file(array('login' => 'submitloginrequired.thtml'));
$login->set_var('xhtml', XHTML);
$login->set_var('login_message', $LANG_LOGIN[2]);
$login->set_var('site_url', $_CONF['site_url']);
$login->set_var('site_admin_url', $_CONF['site_admin_url']);
$login->set_var('layout_url', $_CONF['layout_url']);
$login->set_var('lang_login', $LANG_LOGIN[3]);
$login->set_var('lang_newuser', $LANG_LOGIN[4]);
$login->parse('output', 'login');
$retval .= $login->finish($login->get_var('output'));
$retval .= COM_endBlock(COM_getBlockTemplate('_msg_block', 'footer'));
$retval .= COM_siteFooter();
return $retval;
}
$result = DB_query("SELECT {$_TABLES['users']}.uid,username,fullname,regdate,homepage,about,location,pgpkey,photo,email FROM {$_TABLES['userinfo']},{$_TABLES['users']} WHERE {$_TABLES['userinfo']}.uid = {$_TABLES['users']}.uid AND {$_TABLES['users']}.uid = {$user}");
$nrows = DB_numRows($result);
if ($nrows == 0) {
// no such user
return COM_refresh($_CONF['site_url'] . '/index.php');
}
$A = DB_fetchArray($result);
$display_name = COM_getDisplayName($user, $A['username'], $A['fullname']);
// format date/time to user preference
$curtime = COM_getUserDateTimeFormat($A['regdate']);
$A['regdate'] = $curtime[0];
$user_templates = new Template($_CONF['path_layout'] . 'users');
$user_templates->set_file(array('profile' => 'profile.thtml', 'row' => 'commentrow.thtml', 'strow' => 'storyrow.thtml'));
$user_templates->set_var('xhtml', XHTML);
$user_templates->set_var('site_url', $_CONF['site_url']);
$user_templates->set_var('start_block_userprofile', COM_startBlock($LANG04[1] . ' ' . $display_name));
$user_templates->set_var('end_block', COM_endBlock());
$user_templates->set_var('lang_username', $LANG04[2]);
if ($_CONF['show_fullname'] == 1) {
$user_templates->set_var('username', $A['fullname']);
$user_templates->set_var('user_fullname', $A['username']);
} else {
$user_templates->set_var('username', $A['username']);
$user_templates->set_var('user_fullname', $A['fullname']);
}
if (SEC_hasRights('user.edit')) {
global $_IMAGE_TYPE, $LANG_ADMIN;
$edit_icon = '<img src="' . $_CONF['layout_url'] . '/images/edit.' . $_IMAGE_TYPE . '" alt="' . $LANG_ADMIN['edit'] . '" title="' . $LANG_ADMIN['edit'] . '"' . XHTML . '>';
$edit_link_url = COM_createLink($edit_icon, "{$_CONF['site_admin_url']}/user.php?mode=edit&uid={$A['uid']}");
$user_templates->set_var('edit_link', $edit_link_url);
}
$photo = USER_getPhoto($user, $A['photo'], $A['email'], -1);
$user_templates->set_var('user_photo', $photo);
$user_templates->set_var('lang_membersince', $LANG04[67]);
$user_templates->set_var('user_regdate', $A['regdate']);
$user_templates->set_var('lang_email', $LANG04[5]);
$user_templates->set_var('user_id', $user);
$user_templates->set_var('lang_sendemail', $LANG04[81]);
$user_templates->set_var('lang_homepage', $LANG04[6]);
$user_templates->set_var('user_homepage', COM_killJS($A['homepage']));
$user_templates->set_var('lang_location', $LANG04[106]);
$user_templates->set_var('user_location', strip_tags($A['location']));
$user_templates->set_var('lang_bio', $LANG04[7]);
$user_templates->set_var('user_bio', nl2br(stripslashes($A['about'])));
$user_templates->set_var('lang_pgpkey', $LANG04[8]);
$user_templates->set_var('user_pgp', nl2br($A['pgpkey']));
$user_templates->set_var('start_block_last10stories', COM_startBlock($LANG04[82] . ' ' . $display_name));
$user_templates->set_var('start_block_last10comments', COM_startBlock($LANG04[10] . ' ' . $display_name));
$user_templates->set_var('start_block_postingstats', COM_startBlock($LANG04[83] . ' ' . $display_name));
$user_templates->set_var('lang_title', $LANG09[16]);
$user_templates->set_var('lang_date', $LANG09[17]);
// for alternative layouts: use these as headlines instead of block titles
$user_templates->set_var('headline_last10stories', $LANG04[82]);
$user_templates->set_var('headline_last10comments', $LANG04[10]);
$user_templates->set_var('headline_postingstats', $LANG04[83]);
$result = DB_query("SELECT tid FROM {$_TABLES['topics']}" . COM_getPermSQL());
$nrows = DB_numRows($result);
$tids = array();
for ($i = 0; $i < $nrows; $i++) {
$T = DB_fetchArray($result);
$tids[] = $T['tid'];
}
$topics = "'" . implode("','", $tids) . "'";
// list of last 10 stories by this user
if (count($tids) > 0) {
$sql = "SELECT sid,title,UNIX_TIMESTAMP(date) AS unixdate FROM {$_TABLES['stories']} WHERE (uid = {$user}) AND (draft_flag = 0) AND (date <= NOW()) AND (tid IN ({$topics}))" . COM_getPermSQL('AND');
$sql .= " ORDER BY unixdate DESC LIMIT 10";
$result = DB_query($sql);
$nrows = DB_numRows($result);
} else {
$nrows = 0;
}
if ($nrows > 0) {
for ($i = 0; $i < $nrows; $i++) {
$C = DB_fetchArray($result);
$user_templates->set_var('cssid', $i % 2 + 1);
$user_templates->set_var('row_number', $i + 1 . '.');
$articleUrl = COM_buildUrl($_CONF['site_url'] . '/article.php?story=' . $C['sid']);
$user_templates->set_var('article_url', $articleUrl);
$C['title'] = str_replace('$', '$', $C['title']);
$user_templates->set_var('story_title', COM_createLink(stripslashes($C['title']), $articleUrl, array('class' => 'b')));
$storytime = COM_getUserDateTimeFormat($C['unixdate']);
$user_templates->set_var('story_date', $storytime[0]);
$user_templates->parse('story_row', 'strow', true);
}
} else {
$user_templates->set_var('story_row', '<tr><td>' . $LANG01[37] . '</td></tr>');
}
// list of last 10 comments by this user
$sidArray = array();
if (count($tids) > 0) {
// first, get a list of all stories the current visitor has access to
$sql = "SELECT sid FROM {$_TABLES['stories']} WHERE (draft_flag = 0) AND (date <= NOW()) AND (tid IN ({$topics}))" . COM_getPermSQL('AND');
$result = DB_query($sql);
$numsids = DB_numRows($result);
for ($i = 1; $i <= $numsids; $i++) {
$S = DB_fetchArray($result);
$sidArray[] = $S['sid'];
}
}
$sidList = implode("', '", $sidArray);
$sidList = "'{$sidList}'";
// then, find all comments by the user in those stories
$sql = "SELECT sid,title,cid,UNIX_TIMESTAMP(date) AS unixdate FROM {$_TABLES['comments']} WHERE (uid = {$user}) GROUP BY sid,title,cid,UNIX_TIMESTAMP(date)";
// SQL NOTE: Using a HAVING clause is usually faster than a where if the
// field is part of the select
// if (!empty ($sidList)) {
// $sql .= " AND (sid in ($sidList))";
// }
if (!empty($sidList)) {
$sql .= " HAVING sid in ({$sidList})";
}
$sql .= " ORDER BY unixdate DESC LIMIT 10";
$result = DB_query($sql);
$nrows = DB_numRows($result);
if ($nrows > 0) {
for ($i = 0; $i < $nrows; $i++) {
$C = DB_fetchArray($result);
$user_templates->set_var('cssid', $i % 2 + 1);
$user_templates->set_var('row_number', $i + 1 . '.');
$comment_url = $_CONF['site_url'] . '/comment.php?mode=view&cid=' . $C['cid'];
$C['title'] = str_replace('$', '$', $C['title']);
$user_templates->set_var('comment_title', COM_createLink(stripslashes($C['title']), $comment_url, array('class' => 'b')));
$commenttime = COM_getUserDateTimeFormat($C['unixdate']);
$user_templates->set_var('comment_date', $commenttime[0]);
$user_templates->parse('comment_row', 'row', true);
}
} else {
$user_templates->set_var('comment_row', '<tr><td>' . $LANG01[29] . '</td></tr>');
}
// posting stats for this user
$user_templates->set_var('lang_number_stories', $LANG04[84]);
$sql = "SELECT COUNT(*) AS count FROM {$_TABLES['stories']} WHERE (uid = {$user}) AND (draft_flag = 0) AND (date <= NOW())" . COM_getPermSQL('AND');
$result = DB_query($sql);
$N = DB_fetchArray($result);
$user_templates->set_var('number_stories', COM_numberFormat($N['count']));
$user_templates->set_var('lang_number_comments', $LANG04[85]);
$sql = "SELECT COUNT(*) AS count FROM {$_TABLES['comments']} WHERE (uid = {$user})";
if (!empty($sidList)) {
$sql .= " AND (sid in ({$sidList}))";
}
$result = DB_query($sql);
$N = DB_fetchArray($result);
$user_templates->set_var('number_comments', COM_numberFormat($N['count']));
$user_templates->set_var('lang_all_postings_by', $LANG04[86] . ' ' . $display_name);
// Call custom registration function if enabled and exists
if ($_CONF['custom_registration'] && function_exists('CUSTOM_userDisplay')) {
$user_templates->set_var('customfields', CUSTOM_userDisplay($user));
}
PLG_profileVariablesDisplay($user, $user_templates);
$user_templates->parse('output', 'profile');
$retval .= $user_templates->finish($user_templates->get_var('output'));
$retval .= PLG_profileBlocksDisplay($user);
return $retval;
}
/**
* Filter parameters
*
* NOTE: Use this function instead of COM_applyFilter for parameters
* _not_ coming in through a GET or POST request.
*
* @param string $parameter the parameter to test
* @param boolean $isnumeric true if $parameter is supposed to be numeric
* @return string the filtered parameter (may now be empty or 0)
* @see COM_applyFilter
*
*/
function COM_applyBasicFilter($parameter, $isnumeric = false)
{
$log_manipulation = false;
// set to true to log when the filter applied
$p = strip_tags($parameter);
$p = COM_killJS($p);
// doesn't help a lot right now, but still ...
if ($isnumeric) {
// Note: PHP's is_numeric() accepts values like 4e4 as numeric
if (!is_numeric($p) || preg_match('/^-?\\d+$/', $p) == 0) {
$p = 0;
}
} else {
$p = preg_replace('/\\/\\*.*/', '', $p);
$pa = explode("'", $p);
$pa = explode('"', $pa[0]);
$pa = explode('`', $pa[0]);
$pa = explode(';', $pa[0]);
$pa = explode(',', $pa[0]);
$pa = explode('\\', $pa[0]);
$p = $pa[0];
}
if ($log_manipulation) {
if (strcmp($p, $parameter) != 0) {
COM_errorLog("Filter applied: >> {$parameter} << filtered to {$p} [IP {$_SERVER['REMOTE_ADDR']}]", 1);
}
}
return $p;
}
function MG_getFile($filename, $file, $album_id, $opt = array())
{
global $_CONF, $_MG_CONF, $_USER, $_TABLES, $LANG_MG00, $LANG_MG01, $LANG_MG02, $_SPECIAL_IMAGES_MIMETYPE, $new_media_id;
$caption = isset($opt['caption']) ? $opt['caption'] : '';
$description = isset($opt['description']) ? $opt['description'] : '';
$upload = isset($opt['upload']) ? $opt['upload'] : 1;
$purgefiles = isset($opt['purgefiles']) ? $opt['purgefiles'] : 0;
$filetype = isset($opt['filetype']) ? $opt['filetype'] : '';
$atttn = isset($opt['atttn']) ? $opt['atttn'] : 0;
$thumbnail = isset($opt['thumbnail']) ? $opt['thumbnail'] : '';
$keywords = isset($opt['keywords']) ? $opt['keywords'] : '';
$category = isset($opt['category']) ? $opt['category'] : 0;
$dnc = isset($opt['dnc']) ? $opt['dnc'] : 0;
$replace = isset($opt['replace']) ? $opt['replace'] : 0;
$artist = '';
$musicAlbum = '';
$genre = '';
$video_attached_thumbnail = 0;
$successfulWatermark = 0;
$dnc = 1;
// What is this?
$errors = 0;
$errMsg = '';
require_once $_CONF['path'] . 'plugins/mediagallery/include/classAlbum.php';
$album = new mgAlbum($album_id);
$root_album = new mgAlbum(0);
if ($_MG_CONF['verbose']) {
COM_errorLog("MG Upload: *********** Beginning media upload process...");
COM_errorLog("Filename to process: " . $filename);
COM_errorLog("UID=" . $_USER['uid']);
COM_errorLog("album access=" . $album->access);
COM_errorLog("album owner_id=" . $album->owner_id);
COM_errorLog("member_uploads=" . $album->member_uploads);
}
clearstatcache();
if (!file_exists($filename)) {
$errMsg = $LANG_MG02['upload_not_found'];
return array(false, $errMsg);
}
if (!is_readable($filename)) {
$errMsg = $LANG_MG02['upload_not_readable'];
return array(false, $errMsg);
}
// make sure we have the proper permissions to upload to this album....
if (!isset($album->id)) {
$errMsg = $LANG_MG02['album_nonexist'];
// "Album does not exist, unable to process uploads";
return array(false, $errMsg);
}
if ($album->access != 3 && !$root_album->owner_id && $album->member_uploads == 0) {
COM_errorLog("Someone has tried to illegally upload to an album in Media Gallery. " . "User id: {$_USER['uid']}, Username: {$_USER['username']}, IP: " . $_SERVER['REMOTE_ADDR'], 1);
return array(false, $LANG_MG00['access_denied_msg']);
}
sleep(0.1);
// We do this to make sure we don't get dupe sid's
/*
* The following section of code will generate a unique name for a temporary
* file and copy the uploaded file to the Media Gallery temp directory.
* We do this to prevent any SAFE MODE issues when we later open the
* file to determine the mime type.
*/
if (empty($_USER['username'])) {
$_USER['username'] = '******';
}
$tmpPath = $_MG_CONF['tmp_path'] . $_USER['username'] . COM_makesid() . '.tmp';
if ($upload) {
$rc = @move_uploaded_file($filename, $tmpPath);
} else {
$rc = @copy($filename, $tmpPath);
$importSource = $filename;
}
if ($rc != 1) {
COM_errorLog("Media Upload - Error moving uploaded file in generic processing....");
COM_errorLog("Media Upload - Unable to copy file to: " . $tmpPath);
$errors++;
$errMsg .= sprintf($LANG_MG02['move_error'], $filename);
@unlink($tmpPath);
COM_errorLog("MG Upload: Problem uploading a media object");
return array(false, $errMsg);
}
$filename = $tmpPath;
$new_media_id = $replace > 0 ? $replace : COM_makesid();
$media_time = time();
$media_upload_time = $media_time;
if (!isset($_USER['uid']) || $_USER['uid'] < 1) {
$media_user_id = 1;
} else {
$media_user_id = $_USER['uid'];
}
$mimeInfo = MG_getMediaMetaData($filename);
$mimeExt = strtolower(substr(strrchr($file, '.'), 1));
$mimeInfo['type'] = $mimeExt;
// override the determination for some filetypes
$filetype = MG_getFileTypeFromExt($mimeExt, $filetype);
if (empty($mimeInfo['mime_type'])) {
COM_errorLog("MG Upload: getID3 was unable to detect mime type - using PHP detection");
$mimeInfo['mime_type'] = $filetype;
}
$gotTN = 0;
if ($mimeInfo['id3v2']['APIC'][0]['mime'] == 'image/jpeg') {
$mp3AttachdedThumbnail = $mimeInfo['id3v2']['APIC'][0]['data'];
$gotTN = 1;
}
if ($_MG_CONF['verbose']) {
COM_errorLog("MG Upload: found mime type of " . $mimeInfo['type']);
}
if ($mimeExt == '' || $mimeInfo['mime_type'] == 'application/octet-stream' || $mimeInfo['mime_type'] == '') {
// assume format based on file upload info...
switch ($filetype) {
case 'audio/mpeg':
$mimeInfo['type'] = 'mp3';
$mimeInfo['mime_type'] = 'audio/mpeg';
$mimeExt = 'mp3';
break;
case 'image/tga':
$mimeInfo['type'] = 'tga';
$mimeInfo['mime_type'] = 'image/tga';
$mimeExt = 'tga';
break;
case 'image/psd':
$mimeInfo['type'] = 'psd';
$mimeInfo['mime_type'] = 'image/psd';
$mimeExt = 'psd';
break;
case 'image/gif':
$mimeInfo['type'] = 'gif';
$mimeInfo['mime_type'] = 'image/gif';
$mimeExt = 'gif';
break;
case 'image/jpeg':
case 'image/jpg':
$mimeInfo['type'] = 'jpg';
$mimeInfo['mime_type'] = 'image/jpeg';
$mimeExt = 'jpg';
break;
case 'image/png':
$mimeInfo['type'] = 'png';
$mimeInfo['mime_type'] = 'image/png';
$mimeExt = 'png';
break;
case 'image/bmp':
$mimeInfo['type'] = 'bmp';
$mimeInfo['mime_type'] = 'image/bmp';
$mimeExt = 'bmp';
break;
case 'application/x-shockwave-flash':
$mimeInfo['type'] = 'swf';
$mimeInfo['mime_type'] = 'application/x-shockwave-flash';
$mimeExt = 'swf';
break;
case 'application/zip':
$mimeInfo['type'] = 'zip';
$mimeInfo['mime_type'] = 'application/zip';
$mimeExt = 'zip';
break;
case 'audio/mpeg':
$mimeInfo['type'] = 'mp3';
$mimeInfo['mime_type'] = 'audio/mpeg';
$mimeExt = 'mp3';
break;
case 'video/quicktime':
$mimeInfo['type'] = 'mov';
$mimeInfo['mime_type'] = 'video/quicktime';
$mimeExt = 'mov';
break;
case 'video/x-m4v':
$mimeInfo['type'] = 'mov';
$mimeInfo['mime_type'] = 'video/x-m4v';
$mimeExt = 'mov';
break;
case 'video/x-flv':
$mimeInfo['type'] = 'flv';
$mimeInfo['mime_type'] = 'video/x-flv';
$mimeExt = 'flv';
break;
case 'audio/x-ms-wma':
$mimeInfo['type'] = 'wma';
$mimeInfo['mime_type'] = 'audio/x-ms-wma';
$mimeExt = 'wma';
break;
default:
switch ($mimeExt) {
case 'flv':
$mimeInfo['type'] = 'flv';
$mimeInfo['mime_type'] = 'video/x-flv';
break;
case 'wma':
$mimeInfo['type'] = 'wma';
$mimeInfo['mime_type'] = 'audio/x-ms-wma';
break;
default:
$mimeInfo['type'] = 'file';
$mimeInfo['mime_type'] = 'application/octet-stream';
if ($filetype != '') {
$mimeInfo['mime_type'] = $filetype;
}
break;
}
break;
}
if ($_MG_CONF['verbose']) {
COM_errorLog("MG Upload: override mime type to: " . $mimeInfo['type'] . ' based upon file extension of: ' . $filetype);
}
}
switch ($mimeInfo['mime_type']) {
case 'audio/mpeg':
$format_type = MG_MP3;
break;
case 'image/gif':
$format_type = MG_GIF;
break;
case 'image/jpeg':
case 'image/jpg':
$format_type = MG_JPG;
break;
case 'image/png':
$format_type = MG_PNG;
break;
case 'image/bmp':
$format_type = MG_BMP;
break;
case 'application/x-shockwave-flash':
$format_type = MG_SWF;
break;
case 'application/zip':
$format_type = MG_ZIP;
break;
case 'video/mpeg':
case 'video/x-motion-jpeg':
case 'video/quicktime':
case 'video/mpeg':
case 'video/x-mpeg':
case 'video/x-mpeq2a':
case 'video/x-qtc':
case 'video/x-m4v':
$format_type = MG_MOV;
break;
case 'video/x-flv':
$format_type = MG_FLV;
break;
case 'image/tiff':
$format_type = MG_TIF;
break;
case 'image/x-targa':
case 'image/tga':
$format_type = MG_TGA;
break;
case 'image/psd':
$format_type = MG_PSD;
break;
case 'application/ogg':
$format_type = MG_OGG;
break;
case 'audio/x-ms-wma':
case 'audio/x-ms-wax':
case 'audio/x-ms-wmv':
case 'video/x-ms-asf':
case 'video/x-ms-asf-plugin':
case 'video/avi':
case 'video/msvideo':
case 'video/x-msvideo':
case 'video/avs-video':
case 'video/x-ms-wmv':
case 'video/x-ms-wvx':
case 'video/x-ms-wm':
case 'application/x-troff-msvideo':
case 'application/x-ms-wmz':
case 'application/x-ms-wmd':
$format_type = MG_ASF;
break;
case 'application/pdf':
$format_type = MG_OTHER;
break;
default:
$format_type = MG_OTHER;
break;
}
if (!($album->valid_formats & $format_type)) {
return array(false, $LANG_MG02['format_not_allowed']);
}
$mimeType = $mimeInfo['mime_type'];
if ($_MG_CONF['verbose']) {
COM_errorLog("MG Upload: PHP detected mime type is : " . $filetype);
}
if ($filetype == 'video/x-m4v') {
$mimeType = 'video/x-m4v';
$mimeInfo['mime_type'] = 'video/x-m4v';
}
if ($replace > 0) {
$sql = "SELECT * FROM {$_TABLES['mg_media']} WHERE media_id='" . addslashes($replace) . "'";
$result = DB_query($sql);
$row = DB_fetchArray($result);
$media_filename = $row['media_filename'];
} else {
if ($_MG_CONF['preserve_filename'] == 1) {
$loopCounter = 0;
$digitCounter = 1;
$file_name = stripslashes($file);
$file_name = MG_replace_accents($file_name);
$file_name = preg_replace("#[ ]#", "_", $file_name);
// change spaces to underscore
$file_name = preg_replace('#[^\\.\\-,\\w]#', '_', $file_name);
//only parenthesis, underscore, letters, numbers, comma, hyphen, period - others to underscore
$file_name = preg_replace('#(_)+#', '_', $file_name);
//eliminate duplicate underscore
$pos = strrpos($file_name, '.');
if ($pos === false) {
$basefilename = $file_name;
} else {
$basefilename = strtolower(substr($file_name, 0, $pos));
}
do {
clearstatcache();
$media_filename = substr(md5(uniqid(rand())), 0, $digitCounter) . '_' . $basefilename;
$loopCounter++;
if ($loopCounter > 16) {
$digitCounter++;
$loopCounter = 0;
}
} while (MG_file_exists($media_filename));
} else {
do {
clearstatcache();
$media_filename = md5(uniqid(rand()));
} while (MG_file_exists($media_filename));
}
}
// replace a few mime extentions here...
//
if ($mimeExt == 'php') {
$mimeExt = 'phps';
}
if (in_array($mimeExt, array('pl', 'cgi', 'py', 'sh', 'rb'))) {
$mimeExt = 'txt';
}
$disp_media_filename = $media_filename . '.' . $mimeExt;
if ($_MG_CONF['verbose']) {
COM_errorLog("MG Upload: Stored filename is : " . $disp_media_filename);
COM_errorLog("MG Upload: Mime Type: " . $mimeType);
}
switch ($mimeType) {
case 'image/psd':
case 'image/x-targa':
case 'image/tga':
case 'image/photoshop':
case 'image/x-photoshop':
case 'image/psd':
case 'application/photoshop':
case 'application/psd':
case 'image/tiff':
case 'image/gif':
case 'image/jpeg':
case 'image/jpg':
case 'image/png':
case 'image/bmp':
$dispExt = $mimeExt;
if (in_array($mimeType, $_SPECIAL_IMAGES_MIMETYPE)) {
$dispExt = 'jpg';
}
$media_orig = MG_getFilePath('orig', $media_filename, $mimeExt);
$media_disp = MG_getFilePath('disp', $media_filename, $dispExt);
$media_tn = MG_getFilePath('tn', $media_filename, $dispExt);
$mimeType = $mimeInfo['mime_type'];
// process image file
$media_time = getOriginationTimestamp($filename);
if ($media_time == null || $media_time < 0) {
$media_time = time();
}
if ($_MG_CONF['verbose']) {
COM_errorLog("MG Upload: About to move/copy file");
}
$rc = @copy($filename, $media_orig);
if ($rc != 1) {
COM_errorLog("Media Upload - Error moving uploaded file....");
COM_errorLog("Media Upload - Unable to copy file to: " . $media_orig);
$errors++;
$errMsg .= sprintf($LANG_MG02['move_error'], $filename);
} else {
if ($purgefiles) {
@unlink($importSource);
}
@chmod($media_orig, 0644);
list($rc, $msg) = MG_convertImage($media_orig, $media_tn, $media_disp, $mimeExt, $mimeType, $album_id, $media_filename, $dnc);
if ($rc == false) {
$errors++;
$errMsg .= $msg;
// sprintf($LANG_MG02['convert_error'],$filename);
} else {
$mediaType = 0;
if ($_MG_CONF['discard_original'] == 1 && ($mimeType == 'image/jpeg' || $mimeType == 'image/jpg' || $mimeType == 'image/png' || $mimeType == 'image/bmp' || $mimeType == 'image/gif')) {
if ($_MG_CONF['jhead_enabled'] && ($mimeType == 'image/jpeg' || $mimeType == 'image/jpg')) {
$rc = MG_execWrapper('"' . $_MG_CONF['jhead_path'] . "/jhead" . '"' . " -te " . $media_orig . " " . $media_disp);
}
@unlink($media_orig);
}
if ($album->wm_auto) {
if ($_MG_CONF['discard_original'] == 1) {
$rc = MG_watermark($media_disp, $album_id, 1);
if ($rc == true) {
$successfulWatermark = 1;
}
} else {
$rc1 = MG_watermark($media_orig, $album_id, 1);
$rc2 = MG_watermark($media_disp, $album_id, 0);
if ($rc1 == ture && $rc2 == true) {
$successfulWatermark = 1;
}
}
}
if ($dnc != 1) {
if (!in_array($mimeType, $_SPECIAL_IMAGES_MIMETYPE)) {
$mimeExt = 'jpg';
$mimeType = 'image/jpeg';
}
}
}
}
break;
case 'video/quicktime':
case 'video/mpeg':
case 'video/x-flv':
case 'video/x-ms-asf':
case 'video/x-ms-asf-plugin':
case 'video/avi':
case 'video/msvideo':
case 'video/x-msvideo':
case 'video/avs-video':
case 'video/x-ms-wmv':
case 'video/x-ms-wvx':
case 'video/x-ms-wm':
case 'application/x-troff-msvideo':
case 'application/x-shockwave-flash':
case 'video/mp4':
case 'video/x-m4v':
$mimeType = $mimeInfo['mime_type'];
if ($filetype == 'video/mp4') {
$mimeExt = 'mp4';
}
// process video format
$media_orig = MG_getFilePath('orig', $media_filename, $mimeExt);
$rc = @copy($filename, $media_orig);
if ($rc != 1) {
COM_errorLog("MG Upload: Error moving uploaded file in video processing....");
COM_errorLog("Media Upload - Unable to copy file to: " . $media_orig);
$errors++;
$errMsg .= sprintf($LANG_MG02['move_error'], $filename);
} else {
if ($purgefiles) {
@unlink($importSource);
}
@chmod($media_orig, 0644);
$mediaType = 1;
}
$video_attached_thumbnail = MG_videoThumbnail($album_id, $media_orig, $media_filename);
break;
case 'application/ogg':
case 'audio/mpeg':
case 'audio/x-ms-wma':
case 'audio/x-ms-wax':
case 'audio/x-ms-wmv':
$mimeType = $mimeInfo['mime_type'];
// process audio format
$media_orig = MG_getFilePath('orig', $media_filename, $mimeExt);
$rc = @copy($filename, $media_orig);
COM_errorLog("MG Upload: Extracting audio meta data");
if (isset($mimeInfo['tags']['id3v1']['title'][0])) {
if ($caption == '') {
$caption = $mimeInfo['tags']['id3v1']['title'][0];
}
}
if (isset($mimeInfo['tags']['id3v1']['artist'][0])) {
$artist = addslashes($mimeInfo['tags']['id3v1']['artist'][0]);
}
if (isset($mimeInfo['tags']['id3v2']['genre'][0])) {
$genre = addslashes($mimeInfo['tags']['id3v2']['genre'][0]);
}
if (isset($mimeInfo['tags']['id3v1']['album'][0])) {
$musicAlbum = addslashes($mimeInfo['tags']['id3v1']['album'][0]);
}
if ($rc != 1) {
COM_errorLog("Media Upload - Error moving uploaded file in audio processing....");
COM_errorLog("Media Upload - Unable to copy file to: " . $media_orig);
$errors++;
$errMsg .= sprintf($LANG_MG02['move_error'], $filename);
} else {
if ($purgefiles) {
@unlink($importSource);
}
$mediaType = 2;
}
break;
case 'zip':
case 'application/zip':
if ($_MG_CONF['zip_enabled']) {
$errMsg .= MG_processZip($filename, $album_id, $purgefiles, $media_filename);
break;
}
// NO BREAK HERE, fall through if enable zip isn't allowed
// NO BREAK HERE, fall through if enable zip isn't allowed
default:
$media_orig = MG_getFilePath('orig', $media_filename, $mimeExt);
$mimeType = $mimeInfo['mime_type'];
$rc = @copy($filename, $media_orig);
if ($rc != 1) {
COM_errorLog("Media Upload - Error moving uploaded file in generic processing....");
COM_errorLog("Media Upload - Unable to copy file to: " . $media_orig);
$errors++;
$errMsg .= sprintf($LANG_MG02['move_error'], $filename);
} else {
if ($purgefiles) {
@unlink($importSource);
}
$mediaType = 4;
}
$mediaType = 4;
break;
}
// update quota
$quota = $album->album_disk_usage;
$quota += @filesize(MG_getFilePath('orig', $media_filename, $mimeExt));
if ($_MG_CONF['discard_original'] == 1) {
$quota += @filesize(MG_getFilePath('disp', $media_filename, 'jpg'));
}
DB_change($_TABLES['mg_albums'], 'album_disk_usage', $quota, 'album_id', intval($album_id));
if ($errors) {
@unlink($tmpPath);
COM_errorLog("MG Upload: Problem uploading a media object");
return array(false, $errMsg);
}
if (($mimeType != 'application/zip' || $_MG_CONF['zip_enabled'] == 0) && $errors == 0) {
// Now we need to process an uploaded thumbnail
if ($gotTN == 1) {
$mp3TNFilename = $_MG_CONF['tmp_path'] . 'mp3tn' . time() . '.jpg';
$fn = fopen($mp3TNFilename, "w");
fwrite($fn, $mp3AttachdedThumbnail);
fclose($fn);
$saveThumbnailName = $_MG_CONF['path_mediaobjects'] . 'tn/' . $media_filename[0] . '/tn_' . $media_filename;
MG_attachThumbnail($album_id, $mp3TNFilename, $saveThumbnailName);
@unlink($mp3TNFilename);
$atttn = 1;
} else {
if ($atttn == 1) {
$saveThumbnailName = $_MG_CONF['path_mediaobjects'] . 'tn/' . $media_filename[0] . '/tn_' . $media_filename;
MG_attachThumbnail($album_id, $thumbnail, $saveThumbnailName);
}
}
if ($video_attached_thumbnail) {
$atttn = 1;
}
if ($_MG_CONF['verbose']) {
COM_errorLog("MG Upload: Building SQL and preparing to enter database");
}
if ($_MG_CONF['htmlallowed'] != 1) {
$media_desc = addslashes(htmlspecialchars(strip_tags(COM_checkWords(COM_killJS($description)))));
$media_caption = addslashes(htmlspecialchars(strip_tags(COM_checkWords(COM_killJS($caption)))));
$media_keywords = addslashes(htmlspecialchars(strip_tags(COM_checkWords(COM_killJS($keywords)))));
} else {
$media_desc = addslashes(COM_checkHTML(COM_killJS($description)));
$media_caption = addslashes(COM_checkHTML(COM_killJS($caption)));
$media_keywords = addslashes(COM_checkHTML(COM_killJS($keywords)));
}
// Check and see if moderation is on. If yes, place in mediasubmission
if ($album->moderate == 1 && !$root_album->owner_id) {
$tableMedia = $_TABLES['mg_mediaqueue'];
$tableMediaAlbum = $_TABLES['mg_media_album_queue'];
$queue = 1;
} else {
$tableMedia = $_TABLES['mg_media'];
$tableMediaAlbum = $_TABLES['mg_media_albums'];
$queue = 0;
}
$original_filename = addslashes($file);
if ($album->filename_title) {
if ($media_caption == '') {
$pos = strrpos($original_filename, '.');
if ($pos === false) {
$media_caption = $original_filename;
} else {
$media_caption = substr($original_filename, 0, $pos);
}
}
}
if ($_MG_CONF['verbose']) {
COM_errorLog("MG Upload: Inserting media record into mg_media");
}
$resolution_x = 0;
$resolution_y = 0;
// try to find a resolution if video...
if ($mediaType == 1) {
switch ($mimeType) {
case 'application/x-shockwave-flash':
case 'video/quicktime':
case 'video/mpeg':
case 'video/x-m4v':
$resolution_x = -1;
$resolution_y = -1;
if (isset($mimeInfo['video']['resolution_x']) && isset($mimeInfo['video']['resolution_x'])) {
$resolution_x = $mimeInfo['video']['resolution_x'];
$resolution_y = $mimeInfo['video']['resolution_y'];
}
break;
case 'video/x-flv':
if ($mimeInfo['video']['resolution_x'] < 1 || $mimeInfo['video']['resolution_y'] < 1) {
$resolution_x = -1;
$resolution_y = -1;
if (isset($mimeInfo['meta']['onMetaData']['width']) && isset($mimeInfo['meta']['onMetaData']['height'])) {
$resolution_x = $mimeInfo['meta']['onMetaData']['width'];
$resolution_y = $mimeInfo['meta']['onMetaData']['height'];
}
} else {
$resolution_x = $mimeInfo['video']['resolution_x'];
$resolution_y = $mimeInfo['video']['resolution_y'];
}
break;
case 'video/x-ms-asf':
case 'video/x-ms-asf-plugin':
case 'video/avi':
case 'video/msvideo':
case 'video/x-msvideo':
case 'video/avs-video':
case 'video/x-ms-wmv':
case 'video/x-ms-wvx':
case 'video/x-ms-wm':
case 'application/x-troff-msvideo':
$resolution_x = -1;
$resolution_y = -1;
if (isset($mimeInfo['video']['streams']['2']['resolution_x']) && isset($mimeInfo['video']['streams']['2']['resolution_y'])) {
$resolution_x = $mimeInfo['video']['streams']['2']['resolution_x'];
$resolution_y = $mimeInfo['video']['streams']['2']['resolution_y'];
}
break;
}
}
if ($replace > 0) {
$sql = "UPDATE " . $tableMedia . " SET " . "media_filename='" . addslashes($media_filename) . "'," . "media_original_filename='" . $original_filename . "'," . "media_mime_ext='" . addslashes($mimeExt) . "'," . "mime_type='" . addslashes($mimeType) . "'," . "media_time='" . addslashes($media_time) . "'," . "media_user_id='" . addslashes($media_user_id) . "'," . "media_type='" . addslashes($mediaType) . "'," . "media_upload_time='" . addslashes($media_upload_time) . "'," . "media_watermarked='" . addslashes($successfulWatermark) . "'," . "media_resolution_x='" . intval($resolution_x) . "'," . "media_resolution_y='" . intval($resolution_y) . "' " . "WHERE media_id='" . addslashes($replace) . "'";
DB_query($sql);
} else {
$sql = "INSERT INTO " . $tableMedia . " (media_id,media_filename,media_original_filename,media_mime_ext," . "media_exif,mime_type,media_title,media_desc,media_keywords,media_time," . "media_views,media_comments,media_votes,media_rating,media_tn_attached," . "media_tn_image,include_ss,media_user_id,media_user_ip,media_approval," . "media_type,media_upload_time,media_category,media_watermarked,v100," . "maint,media_resolution_x,media_resolution_y,remote_media,remote_url," . "artist,album,genre) " . "VALUES ('" . addslashes($new_media_id) . "','" . addslashes($media_filename) . "','" . $original_filename . "','" . addslashes($mimeExt) . "','1','" . addslashes($mimeType) . "','" . addslashes($media_caption) . "','" . addslashes($media_desc) . "','" . addslashes($media_keywords) . "','" . addslashes($media_time) . "','0','0','0','0.00','" . addslashes($atttn) . "','','1','" . addslashes($media_user_id) . "','','0','" . addslashes($mediaType) . "','" . addslashes($media_upload_time) . "','" . addslashes($category) . "','" . addslashes($successfulWatermark) . "','0','0'," . intval($resolution_x) . "," . intval($resolution_y) . ",0,'','" . addslashes($artist) . "','" . addslashes($musicAlbum) . "','" . addslashes($genre) . "');";
DB_query($sql);
if ($_MG_CONF['verbose']) {
COM_errorLog("MG Upload: Updating Album information");
}
$x = 0;
$sql = "SELECT MAX(media_order) + 10 AS media_seq FROM {$_TABLES['mg_media_albums']} WHERE album_id = " . intval($album_id);
$result = DB_query($sql);
$row = DB_fetchArray($result);
$media_seq = $row['media_seq'];
if ($media_seq < 10) {
$media_seq = 10;
}
$sql = "INSERT INTO " . $tableMediaAlbum . " (media_id, album_id, media_order) " . "VALUES ('" . addslashes($new_media_id) . "', " . intval($album_id) . ", " . intval($media_seq) . ")";
DB_query($sql);
if ($mediaType == 1 && $resolution_x > 0 && $resolution_y > 0 && $_MG_CONF['use_default_resolution'] == 0) {
DB_save($_TABLES['mg_playback_options'], 'media_id,option_name,option_value', "'{$new_media_id}','width', '{$resolution_x}'");
DB_save($_TABLES['mg_playback_options'], 'media_id,option_name,option_value', "'{$new_media_id}','height','{$resolution_y}'");
}
PLG_itemSaved($new_media_id, 'mediagallery');
// update the media count for the album, only if no moderation...
if ($queue == 0) {
$album->media_count++;
DB_change($_TABLES['mg_albums'], 'media_count', $album->media_count, 'album_id', $album->id);
MG_updateAlbumLastUpdate($album->id);
if ($album->cover == -1 && ($mediaType == 0 || $atttn == 1)) {
if ($atttn == 1) {
$covername = 'tn_' . $media_filename;
} else {
$covername = $media_filename;
}
DB_change($_TABLES['mg_albums'], 'album_cover_filename', $covername, 'album_id', $album->id);
}
// MG_resetAlbumCover($album->id);
}
$x++;
}
}
if ($queue) {
$errMsg .= $LANG_MG01['successful_upload_queue'];
// ' successfully placed in Moderation queue';
} else {
$errMsg .= $LANG_MG01['successful_upload'];
// ' successfully uploaded to album';
}
if ($queue == 0) {
require_once $_CONF['path'] . 'plugins/mediagallery/include/rssfeed.php';
MG_buildFullRSS();
MG_buildAlbumRSS($album_id);
}
COM_errorLog("MG Upload: Successfully uploaded a media object");
@unlink($tmpPath);
return array(true, $errMsg);
}
/**
* Shows the user's current settings
*
*/
function edituser()
{
global $_CONF, $_TABLES, $_USER, $LANG_MYACCOUNT, $LANG04, $LANG_ADMIN, $_SCRIPTS;
$result = DB_query("SELECT fullname,cookietimeout,email,homepage,sig,emailstories,about,location,pgpkey,photo,remoteservice FROM {$_TABLES['users']},{$_TABLES['userprefs']},{$_TABLES['userinfo']} WHERE {$_TABLES['users']}.uid = {$_USER['uid']} AND {$_TABLES['userprefs']}.uid = {$_USER['uid']} AND {$_TABLES['userinfo']}.uid = {$_USER['uid']}");
$A = DB_fetchArray($result);
$preferences = COM_newTemplate($_CONF['path_layout'] . 'preferences');
$preferences->set_file(array('profile' => 'profile.thtml', 'photo' => 'userphoto.thtml', 'username' => 'username.thtml', 'password' => 'password.thtml', 'current_password' => 'current_password.thtml', 'resynch' => 'resynch.thtml', 'deleteaccount' => 'deleteaccount.thtml'));
include $_CONF['path_system'] . 'classes/navbar.class.php';
$navbar = new navbar();
$cnt = 0;
foreach ($LANG_MYACCOUNT as $id => $label) {
$navbar->add_menuitem($label, 'showhideProfileEditorDiv("' . $id . '",' . $cnt . ');return false;', true);
$cnt++;
}
$navbar->set_selected($LANG_MYACCOUNT['pe_namepass']);
$preferences->set_var('navbar', $navbar->generate());
//$preferences->set_var ('no_javascript_warning', $LANG04[150]);
$preferences->set_var('noscript', COM_getNoScript());
$preferences->set_var('cssid1', 1);
$preferences->set_var('cssid2', 2);
$preferences->set_var('preview', USER_showProfile($_USER['uid'], true));
$preferences->set_var('prefs', editpreferences());
// Add JavaScript
$_SCRIPTS->setJavaScriptFile('profile_editor', '/javascript/profile_editor.js');
$js = '<!-- JS Functions which will execute only if JS enabled will un-hide the special features that enhance the profile editor -->
<script type="text/JavaScript">
//<![CDATA[
/* Initially the navbar is hidden - in case JS is disabled. Enable it now */
document.getElementById("pe_navbar").style.display="";
/* Now cycle through the profile tabs as the number in the template could have been modified (personalized)
If you add custom panels, just ensure you use the class jsenabled_hide or jsenabled_show
Build an object that can then be referenced in the functon showhideProfileEditorDiv
*/
var profilepanels = new Object;
var el;
el=document.getElementsByTagName("div");
for(i=0;i<el.length;i++) {
var divname = el[i].id
if(el[i].className == "jsenabled_show"){
el[i].style.display = "";
profilepanels[divname] = "show";
} else if(el[i].className == "jsenabled_hide"){
el[i].style.display = "none";
profilepanels[divname] = "hidden";
}
}
//]]>
</script>';
$_SCRIPTS->setJavaScript($js);
// some trickery to ensure alternating colors with the available options ...
if ($_CONF['allow_username_change'] == 1) {
$first = 1;
$second = 2;
} else {
$first = 2;
$second = 1;
}
$preferences->set_var('cssid1u', $first);
$preferences->set_var('cssid2u', $second);
if ($_CONF['allow_user_photo'] == 1) {
$tmp = $first;
$first = $second;
$second = $tmp;
}
$preferences->set_var('cssid1p', $first);
$preferences->set_var('cssid2p', $second);
$preferences->set_var('lang_fullname', $LANG04[3]);
$preferences->set_var('lang_fullname_text', $LANG04[34]);
$preferences->set_var('lang_username', $LANG04[2]);
$preferences->set_var('lang_username_text', $LANG04[87]);
$preferences->set_var('lang_password_help_title', $LANG04[146]);
$preferences->set_var('lang_password_help', $LANG04[147]);
$preferences->set_var('lang_password', $LANG04[4]);
$preferences->set_var('lang_password_text', $LANG04[35]);
$preferences->set_var('lang_password_conf', $LANG04[108]);
$preferences->set_var('lang_password_text_conf', $LANG04[109]);
$preferences->set_var('lang_old_password', $LANG04[110]);
$preferences->set_var('lang_old_password_text', $LANG04[111]);
$preferences->set_var('lang_cooktime', $LANG04[68]);
$preferences->set_var('lang_cooktime_text', $LANG04[69]);
$preferences->set_var('lang_email', $LANG04[5]);
$preferences->set_var('lang_email_text', $LANG04[33]);
$preferences->set_var('lang_email_conf', $LANG04[124]);
$preferences->set_var('lang_email_conf_text', $LANG04[126]);
$preferences->set_var('lang_userinfo_help_title', $LANG04[148]);
$preferences->set_var('lang_userinfo_help', $LANG04[149]);
$preferences->set_var('lang_homepage', $LANG04[6]);
$preferences->set_var('lang_homepage_text', $LANG04[36]);
$preferences->set_var('lang_location', $LANG04[106]);
$preferences->set_var('lang_location_text', $LANG04[107]);
$preferences->set_var('lang_signature', $LANG04[32]);
$preferences->set_var('lang_signature_text', $LANG04[37]);
$preferences->set_var('lang_userphoto', $LANG04[77]);
$preferences->set_var('lang_userphoto_text', $LANG04[78]);
$preferences->set_var('lang_about', $LANG04[7]);
$preferences->set_var('lang_about_text', $LANG04[38]);
$preferences->set_var('lang_pgpkey', $LANG04[8]);
$preferences->set_var('lang_pgpkey_text', $LANG04[39]);
$preferences->set_var('lang_submit', $LANG04[9]);
$preferences->set_var('lang_cancel', $LANG_ADMIN['cancel']);
$preferences->set_var('lang_preview_title', $LANG04[145]);
$preferences->set_var('lang_enter_current_password', $LANG04[127]);
$preferences->set_var('lang_name_legend', $LANG04[128]);
$preferences->set_var('lang_password_email_legend', $LANG04[129]);
$preferences->set_var('lang_personal_info_legend', $LANG04[130]);
$preferences->set_var('lang_resynch', $LANG04[166]);
$display_name = COM_getDisplayName($_USER['uid']);
//$preferences->set_var ('start_block_profile',
// COM_startBlock ($LANG04[1] . ' ' . $display_name));
//$preferences->set_var ('end_block', COM_endBlock ());
$preferences->set_var('profile_headline', $LANG04[1] . ' ' . $display_name);
if ($_CONF['allow_user_photo'] == 1) {
$preferences->set_var('enctype', 'enctype="multipart/form-data"');
} else {
$preferences->set_var('enctype', '');
}
$preferences->set_var('fullname_value', htmlspecialchars($A['fullname']));
$preferences->set_var('new_username_value', htmlspecialchars($_USER['username']));
if ($A['remoteservice'] == '') {
$preferences->set_var('password_value', '');
$preferences->parse('password_option', 'password', true);
$preferences->parse('current_password_option', 'current_password', true);
$preferences->set_var('resynch_option', '');
} else {
$preferences->set_var('password_option', '');
$preferences->set_var('current_password_option', '');
if ($_CONF['user_login_method']['oauth'] && strpos($_USER['remoteservice'], 'oauth.') === 0) {
// OAuth only supports re-synch at the moment
$preferences->set_var('resynch_checked', '');
$preferences->parse('resynch_option', 'resynch', true);
} else {
$preferences->set_var('resynch_option', '');
}
}
if ($_CONF['allow_username_change'] == 1) {
$preferences->parse('username_option', 'username', true);
} else {
$preferences->set_var('username_option', '');
}
$selection = '<select id="cooktime" name="cooktime">' . LB;
$selection .= COM_optionList($_TABLES['cookiecodes'], 'cc_value,cc_descr', $A['cookietimeout'], 0);
$selection .= '</select>';
$preferences->set_var('cooktime_selector', $selection);
$preferences->set_var('email_value', htmlspecialchars($A['email']));
$preferences->set_var('homepage_value', htmlspecialchars(COM_killJS($A['homepage'])));
$preferences->set_var('location_value', htmlspecialchars(strip_tags($A['location'])));
$preferences->set_var('signature_value', htmlspecialchars($A['sig']));
if ($_CONF['allow_user_photo'] == 1) {
$photo = USER_getPhoto($_USER['uid'], $A['photo'], $A['email'], -1);
if (empty($photo)) {
$preferences->set_var('display_photo', '');
} else {
if (empty($A['photo'])) {
// external avatar
$photo = '<br' . XHTML . '>' . $photo;
} else {
// uploaded photo - add delete option
$photo = '<br' . XHTML . '>' . $photo . '<br' . XHTML . '>' . $LANG04[79] . ' <input type="checkbox" name="delete_photo"' . XHTML . '>' . LB;
}
$preferences->set_var('display_photo', $photo);
}
if (empty($_CONF['image_lib'])) {
$scaling = $LANG04[162];
} else {
$scaling = $LANG04[161];
}
$preferences->set_var('photo_max_dimensions', sprintf($LANG04[160], $_CONF['max_photo_width'], $_CONF['max_photo_height'], $_CONF['max_photo_size'], $scaling));
$preferences->parse('userphoto_option', 'photo', true);
} else {
$preferences->set_var('userphoto_option', '');
}
$result = DB_query("SELECT about,pgpkey FROM {$_TABLES['userinfo']} WHERE uid = {$_USER['uid']}");
$A = DB_fetchArray($result);
$reqid = substr(md5(uniqid(rand(), 1)), 1, 16);
DB_change($_TABLES['users'], 'pwrequestid', $reqid, 'uid', $_USER['uid']);
$preferences->set_var('about_value', htmlspecialchars($A['about']));
$preferences->set_var('pgpkey_value', htmlspecialchars($A['pgpkey']));
$preferences->set_var('uid_value', $reqid);
$preferences->set_var('username_value', htmlspecialchars($_USER['username']));
if ($_CONF['allow_account_delete'] == 1) {
$preferences->set_var('lang_deleteaccount', $LANG04[156]);
$preferences->set_var('delete_text', $LANG04[95]);
$preferences->set_var('lang_button_delete', $LANG04[96]);
$preferences->set_var('delete_mode', 'confirmdelete');
$preferences->set_var('account_id', $reqid);
if (isset($LANG04[157])) {
$preferences->set_var('lang_deleteoption', $LANG04[157]);
} else {
$preferences->set_var('lang_deleteoption', $LANG04[156]);
}
$preferences->parse('delete_account_option', 'deleteaccount', false);
} else {
$preferences->set_var('delete_account_option', '');
}
// Call custom account form and edit function if enabled and exists
if ($_CONF['custom_registration'] and function_exists('CUSTOM_userEdit')) {
$preferences->set_var('customfields', CUSTOM_userEdit($_USER['uid']));
}
PLG_profileVariablesEdit($_USER['uid'], $preferences);
$retval = $preferences->finish($preferences->parse('output', 'profile'));
$retval .= PLG_profileBlocksEdit($_USER['uid']);
return $retval;
}
function USER_userinfoPanel($U, $newuser = 0)
{
global $_CONF, $_SYSTEM, $_TABLES, $_USER, $LANG_MYACCOUNT, $LANG04;
$uid = $U['uid'];
// set template
$userform = new Template($_CONF['path_layout'] . 'admin/user/');
$userform->set_file('user', 'userinfopanel.thtml');
$userform->set_var(array('lang_personal_info_legend' => $LANG04[130], 'lang_userinfo_help_title' => $LANG04[148], 'lang_userinfo_help' => $LANG04[149], 'lang_homepage' => $LANG04[6], 'lang_location' => $LANG04[106], 'lang_signature' => $LANG04[32], 'lang_about' => $LANG04[7], 'lang_pgpkey' => $LANG04[8], 'lang_social_follow' => $LANG04[198], 'lang_social_info' => $LANG04[199], 'lang_social_service' => $LANG04[200], 'lang_social_username' => $LANG04[201]));
$follow_me = SOC_followMeProfile($uid);
if (is_array($follow_me) && count($follow_me) > 0) {
$userform->set_block('user', 'social_links', 'sl');
$userform->set_var('social_followme_enabled', true);
foreach ($follow_me as $service) {
$userform->set_var('service_display_name', $service['service_display_name']);
$userform->set_var('service', $service['service']);
$userform->set_var('service_username', $service['service_username']);
$userform->parse('sl', 'social_links', true);
}
} else {
$userform->unset_var('social_followme_enabled');
}
if ($_CONF['allow_user_photo'] == 1) {
$userform->set_var('lang_userphoto', $LANG04[77]);
}
$userform->set_var('homepage_value', @htmlspecialchars(COM_killJS($U['homepage']), ENT_NOQUOTES, COM_getEncodingt()));
$userform->set_var('location_value', @htmlspecialchars(strip_tags($U['location']), ENT_NOQUOTES, COM_getEncodingt()));
$userform->set_var('signature_value', @htmlspecialchars($U['sig'], ENT_NOQUOTES, COM_getEncodingt()));
$userform->set_var('about_value', @htmlspecialchars($U['about'], ENT_NOQUOTES, COM_getEncodingt()));
$userform->set_var('pgpkey_value', @htmlspecialchars($U['pgpkey'], ENT_NOQUOTES, COM_getEncodingt()));
if ($_CONF['allow_user_photo'] == 1) {
if (!empty($uid) && $uid > 1) {
$photo = USER_getPhoto($uid, $U['photo'], $U['email'], -1);
if (empty($photo)) {
$userform->set_var('display_photo', '');
} else {
if (empty($U['photo'])) {
// external avatar
$photo = '<br/>' . $photo;
} else {
// uploaded photo - add delete option
$photo = '<br/>' . $photo . '<br/>' . $LANG04[79] . ' <input type="checkbox" name="delete_photo"/>' . LB;
}
$userform->set_var('display_photo', $photo);
}
} else {
$userform->set_var('display_photo', '');
}
}
if (!empty($uid) && $uid > 1) {
$userform->set_var('plugin_userinfo_personalinfo', PLG_profileEdit($uid, 'userinfo', 'personalinfo'));
$userform->set_var('plugin_userinfo', PLG_profileEdit($uid, 'userinfo'));
if ($_CONF['custom_registration'] && function_exists('CUSTOM_userEdit')) {
$userform->set_var('customfields', CUSTOM_userEdit($uid));
}
}
$retval = $userform->finish($userform->parse('output', 'user'));
return $retval;
}
function MG_saveCategory($cat_id)
{
global $_USER, $_CONF, $_TABLES, $_MG_CONF, $LANG_MG00, $LANG_MG01, $_POST;
$update = 0;
$A['cat_id'] = COM_applyFilter($_POST['cat_id'], true);
// if ($_MG_CONF['htmlallowed'] == 1 ) {
// $A['cat_name'] = DB_escapeString(COM_checkHTML(COM_killJS($_POST['cat_name'])));
// $A['cat_description'] = DB_escapeString(COM_checkHTML(COM_killJS($_POST['cat_desc'])));
// } else {
$A['cat_name'] = DB_escapeString(htmlspecialchars(strip_tags(COM_checkWords(COM_killJS($_POST['cat_name'])))));
$A['cat_description'] = DB_escapeString(htmlspecialchars(strip_tags(COM_checkWords(COM_killJS($_POST['cat_desc'])))));
// }
if ($A['cat_name'] == "") {
return MG_errorHandler($LANG_MG01['category_error']);
}
$sql = "SELECT MAX(cat_order) + 1 AS nextcat_order FROM " . $_TABLES['mg_category'];
$result = DB_query($sql);
$row = DB_fetchArray($result);
if ($row == NULL || $result == NULL) {
$A['cat_order'] = 10;
} else {
$A['cat_order'] = $row['nextcat_order'];
if ($A['cat_order'] < 0) {
$A['cat_order'] = 10;
}
}
if ($A['cat_order'] == NULL) {
$A['cat_order'] = 10;
}
//
// -- Let's make sure we don't have any SQL overflows...
//
$A['cat_name'] = substr($A['cat_name'], 0, 254);
if ($A['cat_id'] == 0) {
COM_errorLog("Media Gallery Internal Error - cat_id = 0 - Contact support@glfusion.org ");
return MG_genericError($LANG_MG00['access_denied_msg']);
}
DB_save($_TABLES['mg_category'], "cat_id,cat_name,cat_description,cat_order", "'{$A['cat_id']}','{$A['cat_name']}','{$A['cat_description']}',{$A['cat_order']}");
echo COM_refresh($_MG_CONF['admin_url'] . 'category.php');
exit;
}
/**
* Shows a profile for a user
*
* This grabs the user profile for a given user and displays it
*
* @return string HTML for user profile page
*
*/
function userprofile()
{
global $_CONF, $_TABLES, $_USER, $LANG01, $LANG04, $LANG09, $LANG28, $LANG_LOGIN;
// @param int $user User ID of profile to get
// @param int $msg Message to display (if != 0)
// @param string $plugin optional plugin name for message
$retval = '';
if (COM_isAnonUser() && ($_CONF['loginrequired'] == 1 || $_CONF['profileloginrequired'] == 1)) {
$retval .= SEC_loginRequiredForm();
return $retval;
}
if (isset($_GET['uid'])) {
$user = COM_applyFilter($_GET['uid'], true);
if (!is_numeric($user) || $user < 2) {
echo COM_refresh($_CONF['site_url'] . '/index.php');
}
} else {
if (isset($_GET['username'])) {
$username = $_GET['username'];
if (!USER_validateUsername($username, 1)) {
echo COM_refresh($_CONF['site_url'] . '/index.php');
}
if (empty($username) || $username == '') {
echo COM_refresh($_CONF['site_url'] . '/index.php');
}
$username = DB_escapeString($username);
$user = DB_getItem($_TABLES['users'], 'uid', "username = '******'");
if ($user < 2) {
echo COM_refresh($_CONF['site_url'] . '/index.php');
}
} else {
echo COM_refresh($_CONF['site_url'] . '/index.php');
}
}
$msg = 0;
if (isset($_GET['msg'])) {
$msg = COM_applyFilter($_GET['msg'], true);
}
$plugin = '';
if ($msg > 0 && isset($_GET['plugin'])) {
$plugin = COM_applyFilter($_GET['plugin']);
}
$result = DB_query("SELECT {$_TABLES['users']}.uid,username,fullname,regdate,lastlogin,homepage,about,location,pgpkey,photo,email,status,emailfromadmin,emailfromuser,showonline FROM {$_TABLES['userinfo']},{$_TABLES['userprefs']},{$_TABLES['users']} WHERE {$_TABLES['userinfo']}.uid = {$_TABLES['users']}.uid AND {$_TABLES['userinfo']}.uid = {$_TABLES['userprefs']}.uid AND {$_TABLES['users']}.uid = " . (int) $user);
$nrows = DB_numRows($result);
if ($nrows == 0) {
// no such user
echo COM_refresh($_CONF['site_url'] . '/index.php');
}
$A = DB_fetchArray($result);
if ($A['status'] == USER_ACCOUNT_DISABLED && !SEC_hasRights('user.edit')) {
COM_displayMessageAndAbort(30, '', 403, 'Forbidden');
}
$display_name = @htmlspecialchars(COM_getDisplayName($user, $A['username'], $A['fullname']), ENT_COMPAT, COM_getEncodingt());
if ($msg > 0) {
$retval .= COM_showMessage($msg, $plugin, '', 0, 'info');
}
// format date/time to user preference
$curtime = COM_getUserDateTimeFormat($A['regdate']);
$A['regdate'] = $curtime[0];
$user_templates = new Template($_CONF['path_layout'] . 'users');
$user_templates->set_file(array('profile' => 'profile.thtml', 'email' => 'email.thtml', 'row' => 'commentrow.thtml', 'strow' => 'storyrow.thtml'));
$user_templates->set_var('layout_url', $_CONF['layout_url']);
$user_templates->set_var('start_block_userprofile', COM_startBlock($LANG04[1] . ' ' . $display_name));
$user_templates->set_var('end_block', COM_endBlock());
$user_templates->set_var('lang_username', $LANG04[2]);
$user_templates->set_var('tooltip', COM_getTooltipStyle());
if ($_CONF['show_fullname'] == 1) {
if (empty($A['fullname'])) {
$username = $A['username'];
$fullname = '';
} else {
$username = $A['fullname'];
$fullname = $A['username'];
}
} else {
$username = $A['username'];
$fullname = '';
}
$username = @htmlspecialchars($username, ENT_COMPAT, COM_getEncodingt());
$fullname = @htmlspecialchars($fullname, ENT_COMPAT, COM_getEncodingt());
if ($A['status'] == USER_ACCOUNT_DISABLED) {
$username = sprintf('%s - %s', $username, $LANG28[42]);
if (!empty($fullname)) {
$fullname = sprintf('% - %s', $fullname, $LANG28[42]);
}
}
$user_templates->set_var('username', $username);
$user_templates->set_var('user_fullname', $fullname);
if (SEC_hasRights('user.edit') || isset($_USER['uid']) && $_USER['uid'] == $A['uid']) {
global $_IMAGE_TYPE, $LANG_ADMIN;
$edit_icon = '<img src="' . $_CONF['layout_url'] . '/images/edit.' . $_IMAGE_TYPE . '" alt="' . $LANG_ADMIN['edit'] . '" title="' . $LANG_ADMIN['edit'] . '" />';
if ($_USER['uid'] == $A['uid']) {
$edit_url = "{$_CONF['site_url']}/usersettings.php";
} else {
$edit_url = "{$_CONF['site_admin_url']}/user.php?edit=x&uid={$A['uid']}";
}
$edit_link_url = COM_createLink($edit_icon, $edit_url);
$user_templates->set_var('edit_icon', $edit_icon);
$user_templates->set_var('edit_link', $edit_link_url);
$user_templates->set_var('user_edit', $edit_url);
} else {
$user_templates->set_var('user_edit', '');
}
if (isset($A['photo']) && empty($A['photo'])) {
$A['photo'] = '(none)';
// user does not have a photo
}
$lastlogin = $A['lastlogin'];
$lasttime = COM_getUserDateTimeFormat($lastlogin);
$photo = USER_getPhoto($user, $A['photo'], $A['email'], -1, 0);
$user_templates->set_var('user_photo', $photo);
$user_templates->set_var('lang_membersince', $LANG04[67]);
$user_templates->set_var('user_regdate', $A['regdate']);
if ($_CONF['lastlogin'] && $A['showonline']) {
$user_templates->set_var('lang_lastlogin', $LANG28[35]);
if (!empty($lastlogin)) {
$user_templates->set_var('user_lastlogin', $lasttime[0]);
} else {
$user_templates->set_var('user_lastlogin', $LANG28[36]);
}
}
if ($A['showonline']) {
if (DB_count($_TABLES['sessions'], 'uid', (int) $user)) {
$user_templates->set_var('online', 'online');
}
}
$user_templates->set_var('lang_email', $LANG04[5]);
$user_templates->set_var('user_id', $user);
if ($A['email'] == '' || $A['emailfromuser'] == 0) {
$user_templates->set_var('email_option', '');
} else {
$user_templates->set_var('lang_sendemail', $LANG04[81]);
$user_templates->parse('email_option', 'email', true);
}
$user_templates->set_var('lang_homepage', $LANG04[6]);
$user_templates->set_var('user_homepage', COM_killJS($A['homepage']));
$user_templates->set_var('lang_location', $LANG04[106]);
$user_templates->set_var('user_location', strip_tags($A['location']));
$user_templates->set_var('lang_online', $LANG04[160]);
$user_templates->set_var('lang_bio', $LANG04[7]);
$user_templates->set_var('user_bio', nl2br($A['about']));
$user_templates->set_var('follow_me', SOC_getFollowMeIcons($user, 'follow_user_profile.thtml'));
$user_templates->set_var('lang_pgpkey', $LANG04[8]);
$user_templates->set_var('user_pgp', nl2br($A['pgpkey']));
$user_templates->set_var('start_block_last10stories', COM_startBlock($LANG04[82] . ' ' . $display_name));
if (!isset($_CONF['comment_engine']) || $_CONF['comment_engine'] == 'internal') {
$user_templates->set_var('start_block_last10comments', COM_startBlock($LANG04[10] . ' ' . $display_name));
}
$user_templates->set_var('start_block_postingstats', COM_startBlock($LANG04[83] . ' ' . $display_name));
$user_templates->set_var('lang_title', $LANG09[16]);
$user_templates->set_var('lang_date', $LANG09[17]);
// for alternative layouts: use these as headlines instead of block titles
$user_templates->set_var('headline_last10stories', $LANG04[82] . ' ' . $display_name);
if (!isset($_CONF['comment_engine']) || $_CONF['comment_engine'] == 'internal') {
$user_templates->set_var('headline_last10comments', $LANG04[10] . ' ' . $display_name);
}
$user_templates->set_var('headline_postingstats', $LANG04[83] . ' ' . $display_name);
$result = DB_query("SELECT tid FROM {$_TABLES['topics']}" . COM_getPermSQL());
$nrows = DB_numRows($result);
$tids = array();
for ($i = 0; $i < $nrows; $i++) {
$T = DB_fetchArray($result);
$tids[] = $T['tid'];
}
$topics = "'" . implode("','", $tids) . "'";
// list of last 10 stories by this user
if (sizeof($tids) > 0) {
$sql = "SELECT sid,title,UNIX_TIMESTAMP(date) AS unixdate FROM {$_TABLES['stories']} WHERE (uid = '" . (int) $user . "') AND (draft_flag = 0) AND (date <= NOW()) AND (tid IN ({$topics}))" . COM_getPermSQL('AND');
$sql .= " ORDER BY unixdate DESC LIMIT 10";
$result = DB_query($sql);
$nrows = DB_numRows($result);
} else {
$nrows = 0;
}
if ($nrows > 0) {
for ($i = 0; $i < $nrows; $i++) {
$C = DB_fetchArray($result);
$user_templates->set_var('cssid', $i % 2 + 1);
$user_templates->set_var('row_number', $i + 1 . '.');
$articleUrl = COM_buildUrl($_CONF['site_url'] . '/article.php?story=' . $C['sid']);
$user_templates->set_var('article_url', $articleUrl);
$C['title'] = str_replace('$', '$', $C['title']);
$user_templates->set_var('story_title', COM_createLink($C['title'], $articleUrl, array('class' => '')));
$storytime = COM_getUserDateTimeFormat($C['unixdate']);
$user_templates->set_var('story_date', $storytime[0]);
$user_templates->parse('story_row', 'strow', true);
}
} else {
$user_templates->set_var('story_row', '<tr><td>' . $LANG01[37] . '</td></tr>');
}
if (!isset($_CONF['comment_engine']) || $_CONF['comment_engine'] == 'internal') {
// list of last 10 comments by this user
$sidArray = array();
if (sizeof($tids) > 0) {
// first, get a list of all stories the current visitor has access to
$sql = "SELECT sid FROM {$_TABLES['stories']} WHERE (draft_flag = 0) AND (date <= NOW()) AND (tid IN ({$topics}))" . COM_getPermSQL('AND');
$result = DB_query($sql);
$numsids = DB_numRows($result);
for ($i = 1; $i <= $numsids; $i++) {
$S = DB_fetchArray($result);
$sidArray[] = $S['sid'];
}
}
$sidList = implode("', '", $sidArray);
$sidList = "'{$sidList}'";
// then, find all comments by the user in those stories
$sql = "SELECT sid,title,cid,UNIX_TIMESTAMP(date) AS unixdate FROM {$_TABLES['comments']} WHERE (uid = '" . (int) $user . "') GROUP BY sid,title,cid,UNIX_TIMESTAMP(date)";
// SQL NOTE: Using a HAVING clause is usually faster than a where if the
// field is part of the select
// if (!empty ($sidList)) {
// $sql .= " AND (sid in ($sidList))";
// }
if (!empty($sidList)) {
$sql .= " HAVING sid in ({$sidList})";
}
$sql .= " ORDER BY unixdate DESC LIMIT 10";
$result = DB_query($sql);
$nrows = DB_numRows($result);
if ($nrows > 0) {
for ($i = 0; $i < $nrows; $i++) {
$C = DB_fetchArray($result);
$user_templates->set_var('cssid', $i % 2 + 1);
$user_templates->set_var('row_number', $i + 1 . '.');
$C['title'] = str_replace('$', '$', $C['title']);
$comment_url = $_CONF['site_url'] . '/comment.php?mode=view&cid=' . $C['cid'];
$user_templates->set_var('comment_title', COM_createLink($C['title'], $comment_url, array('class' => '')));
$commenttime = COM_getUserDateTimeFormat($C['unixdate']);
$user_templates->set_var('comment_date', $commenttime[0]);
$user_templates->parse('comment_row', 'row', true);
}
} else {
$user_templates->set_var('comment_row', '<tr><td>' . $LANG01[29] . '</td></tr>');
}
}
// posting stats for this user
$user_templates->set_var('lang_number_stories', $LANG04[84]);
$sql = "SELECT COUNT(*) AS count FROM {$_TABLES['stories']} WHERE (uid = " . (int) $user . ") AND (draft_flag = 0) AND (date <= NOW())" . COM_getPermSQL('AND');
$result = DB_query($sql);
$N = DB_fetchArray($result);
$user_templates->set_var('number_stories', COM_numberFormat($N['count']));
if (!isset($_CONF['comment_engine']) || $_CONF['comment_engine'] == 'internal') {
$user_templates->set_var('lang_number_comments', $LANG04[85]);
$sql = "SELECT COUNT(*) AS count FROM {$_TABLES['comments']} WHERE (uid = " . (int) $user . ")";
if (!empty($sidList)) {
$sql .= " AND (sid in ({$sidList}))";
}
$result = DB_query($sql);
$N = DB_fetchArray($result);
$user_templates->set_var('number_comments', COM_numberFormat($N['count']));
$user_templates->set_var('lang_all_postings_by', $LANG04[86] . ' ' . $display_name);
}
// hook to the profile icon display
$profileIcons = PLG_profileIconDisplay($user);
if (is_array($profileIcons) && count($profileIcons) > 0) {
$user_templates->set_block('profile', 'profileicon', 'pi');
for ($x = 0; $x < count($profileIcons); $x++) {
if (isset($profileIcons[$x]['url']) && $profileIcons[$x]['url'] != '' && isset($profileIcons[$x]['icon']) && $profileIcons[$x]['icon'] != '') {
$user_templates->set_var('profile_icon_url', $profileIcons[$x]['url']);
$user_templates->set_var('profile_icon_icon', $profileIcons[$x]['icon']);
$user_templates->set_var('profile_icon_text', $profileIcons[$x]['text']);
$user_templates->parse('pi', 'profileicon', true);
}
}
}
// Call custom registration function if enabled and exists
if ($_CONF['custom_registration'] && function_exists('CUSTOM_userDisplay')) {
$user_templates->set_var('customfields', CUSTOM_userDisplay($user));
}
PLG_profileVariablesDisplay($user, $user_templates);
$user_templates->parse('output', 'profile');
$retval .= $user_templates->finish($user_templates->get_var('output'));
$retval .= PLG_profileBlocksDisplay($user);
return $retval;
}
/**
* saves the specified album information
*
* @param int album_id album_id to edit
* @return string HTML
*
*/
function MG_saveAlbum($album_id, $actionURL = '')
{
global $_DB_dbms, $MG_albums, $_USER, $_CONF, $_TABLES, $_MG_CONF, $LANG_MG00, $LANG_MG01, $_POST;
$update = 0;
if (isset($_POST['album_id'])) {
$aid = COM_applyFilter($_POST['album_id'], true);
} else {
$aid = 0;
}
if (isset($_POST['force_child_update'])) {
$forceChildPermUpdate = COM_applyFilter($_POST['force_child_update'], true);
} else {
$forceChildPermUpdate = 0;
}
$thumb = $_FILES['thumbnail'];
$thumbnail = $thumb['tmp_name'];
if (isset($_POST['attach_tn'])) {
$att = COM_applyFilter($_POST['attach_tn']);
} else {
$att = 0;
}
if ($aid > 0) {
// should be 0 or negative 1 for create
$album = $MG_albums[$aid];
$oldparent = $album->parent;
$old_tn_attached = $album->tn_attached;
$old_featured = $album->featured;
$update = 1;
} else {
$album = new mgAlbum();
$album->id = $aid;
$update = 0;
$old_tn_attached = 0;
}
if ($_MG_CONF['htmlallowed'] == 1) {
$album->title = COM_checkHTML(COM_killJS($_POST['album_name']));
$album->description = COM_checkHTML(COM_killJS($_POST['album_desc']));
} else {
$album->title = htmlspecialchars(strip_tags(COM_checkWords(COM_killJS($_POST['album_name']))));
$album->description = htmlspecialchars(strip_tags(COM_checkWords(COM_killJS($_POST['album_desc']))));
}
if ($album->title == "") {
return MG_errorHandler("You must enter an Album Name");
}
$album->parent = COM_applyFilter($_POST['parentaid'], true);
// we should not need this
if (isset($_POST['hidden'])) {
$album->hidden = COM_applyFilter($_POST['hidden'], true);
} else {
$album->hidden = 0;
}
$album->cover = COM_applyFilter($_POST['cover']);
$album->cover_filename = COM_applyFilter($_POST['album_cover_filename']);
if (isset($_POST['enable_album_views'])) {
$album->enable_album_views = COM_applyFilter($_POST['enable_album_views'], true);
} else {
$album->enable_album_views = 0;
}
$album->image_skin = COM_applyFilter($_POST['skin']);
$album->album_skin = COM_applyFilter($_POST['askin']);
$album->display_skin = COM_applyFilter($_POST['dskin']);
if (isset($_POST['display_album_desc'])) {
$album->display_album_desc = COM_applyFilter($_POST['display_album_desc'], true);
} else {
$album->display_album_desc = 0;
}
if (isset($_POST['enable_comments'])) {
$album->enable_comments = COM_applyFilter($_POST['enable_comments'], true);
} else {
$album->enable_comments = 0;
}
$album->exif_display = COM_applyFilter($_POST['enable_exif'], true);
if (isset($_POST['enable_rating'])) {
$album->enable_rating = COM_applyFilter($_POST['enable_rating'], true);
} else {
$album->enable_rating = 0;
}
$album->playback_type = COM_applyFilter($_POST['playback_type'], true);
$album->tn_attached = isset($_POST['attach_tn']) ? COM_applyFilter($_POST['attach_tn'], true) : 0;
$album->enable_slideshow = COM_applyFilter($_POST['enable_slideshow'], true);
if (isset($_POST['enable_random'])) {
$album->enable_random = COM_applyFilter($_POST['enable_random'], true);
} else {
$album->enable_random = 0;
}
if (isset($_POST['enable_shutterfly'])) {
$album->enable_shutterfly = COM_applyFilter($_POST['enable_shutterfly'], true);
} else {
$album->enable_shutterfly = 0;
}
if (isset($_POST['enable_views'])) {
$album->enable_views = COM_applyFilter($_POST['enable_views'], true);
} else {
$album->enable_views = 0;
}
if (isset($_POST['enable_keywords'])) {
$album->enable_keywords = COM_applyFilter($_POST['enable_keywords'], true);
} else {
$album->enable_keywords = 0;
}
if (isset($_POST['enable_sort'])) {
$album->enable_sort = COM_applyFilter($_POST['enable_sort'], true);
} else {
$album->enable_sort = 0;
}
if (isset($_POST['enable_rss'])) {
$album->enable_rss = COM_applyFilter($_POST['enable_rss'], true);
} else {
$album->enable_rss = 0;
}
$album->enable_postcard = COM_applyFilter($_POST['enable_postcard'], true);
if (isset($_POST['albums_first'])) {
$album->albums_first = COM_applyFilter($_POST['albums_first'], true);
} else {
$album->albums_first = 0;
}
if (isset($_POST['allow_download'])) {
$album->allow_download = COM_applyFilter($_POST['allow_download'], true);
} else {
$album->allow_download = 0;
}
if (isset($_POST['usealternate'])) {
$album->useAlternate = COM_applyFilter($_POST['usealternate'], true);
} else {
$album->useAlternate = 0;
}
$album->full = COM_applyFilter($_POST['full_display'], true);
$album->tn_size = COM_applyFilter($_POST['tn_size'], true);
$album->max_image_height = COM_applyFilter($_POST['max_image_height'], true);
$album->max_image_width = COM_applyFilter($_POST['max_image_width'], true);
$album->max_filesize = COM_applyFilter($_POST['max_filesize'], true);
if ($album->max_filesize != 0) {
$album->max_filesize = $album->max_filesize * 1024;
}
$album->display_image_size = COM_applyFilter($_POST['display_image_size'], true);
$album->display_rows = COM_applyFilter($_POST['display_rows'], true);
$album->display_columns = COM_applyFilter($_POST['display_columns'], true);
$album->skin = COM_applyFilter($_POST['album_theme']);
if (isset($_POST['filename_title'])) {
$album->filename_title = COM_applyFilter($_POST['filename_title'], true);
} else {
$album->filename_title = 0;
}
$album->shopping_cart = 0;
if (isset($_POST['wm_auto'])) {
$album->wm_auto = COM_applyFilter($_POST['wm_auto'], true);
} else {
$album->wm_auto = 0;
}
$album->wm_id = COM_applyFilter($_POST['wm_id']);
$album->wm_opacity = COM_applyFilter($_POST['wm_opacity'], true);
$album->wm_location = COM_applyFilter($_POST['wm_location'], true);
$album->album_sort_order = COM_applyFilter($_POST['album_sort_order'], true);
if (isset($_POST['uploads'])) {
$album->member_uploads = COM_applyFilter($_POST['uploads'], true);
} else {
$album->member_uploads = 0;
}
if (isset($_POST['moderate'])) {
$album->moderate = COM_applyFilter($_POST['moderate'], true);
} else {
$album->moderate = 0;
}
if (isset($_POST['email_mod'])) {
$album->email_mod = COM_applyFilter($_POST['email_mod'], true);
} else {
$album->email_mod = 0;
}
if (isset($_POST['podcast'])) {
$album->podcast = COM_applyFilter($_POST['podcast'], true);
} else {
$album->podcast = 0;
}
if (isset($_POST['mp3ribbon'])) {
$album->mp3ribbon = COM_applyFilter($_POST['mp3ribbon'], true);
} else {
$album->mp3ribbon = 0;
}
if (isset($_POST['rsschildren'])) {
$album->rssChildren = COM_applyFilter($_POST['rsschildren'], true);
} else {
$album->rssChildren = 0;
}
if (isset($_POST['tnheight'])) {
$album->tnHeight = COM_applyFilter($_POST['tnheight'], true);
if ($album->tnHeight == 0) {
$album->tnHeight = 200;
}
} else {
$album->tnHeight = 200;
}
if (isset($_POST['tnwidth'])) {
$album->tnWidth = COM_applyFilter($_POST['tnwidth'], true);
if ($album->tnWidth == 0) {
$album->tnWidth = 200;
}
} else {
$album->tnWidth = 200;
}
if (SEC_hasRights('mediagallery.admin')) {
$format_jpg = isset($_POST['format_jpg']) ? COM_applyFilter($_POST['format_jpg'], true) : 0;
$format_png = isset($_POST['format_png']) ? COM_applyFilter($_POST['format_png'], true) : 0;
$format_tif = isset($_POST['format_tif']) ? COM_applyFilter($_POST['format_tif'], true) : 0;
$format_gif = isset($_POST['format_gif']) ? COM_applyFilter($_POST['format_gif'], true) : 0;
$format_bmp = isset($_POST['format_bmp']) ? COM_applyFilter($_POST['format_bmp'], true) : 0;
$format_tga = isset($_POST['format_tga']) ? COM_applyFilter($_POST['format_tga'], true) : 0;
$format_psd = isset($_POST['format_psd']) ? COM_applyFilter($_POST['format_psd'], true) : 0;
$format_mp3 = isset($_POST['format_mp3']) ? COM_applyFilter($_POST['format_mp3'], true) : 0;
$format_ogg = isset($_POST['format_ogg']) ? COM_applyFilter($_POST['format_ogg'], true) : 0;
$format_asf = isset($_POST['format_asf']) ? COM_applyFilter($_POST['format_asf'], true) : 0;
$format_swf = isset($_POST['format_swf']) ? COM_applyFilter($_POST['format_swf'], true) : 0;
$format_mov = isset($_POST['format_mov']) ? COM_applyFilter($_POST['format_mov'], true) : 0;
$format_mp4 = isset($_POST['format_mp4']) ? COM_applyFilter($_POST['format_mp4'], true) : 0;
$format_mpg = isset($_POST['format_mpg']) ? COM_applyFilter($_POST['format_mpg'], true) : 0;
$format_zip = isset($_POST['format_zip']) ? COM_applyFilter($_POST['format_zip'], true) : 0;
$format_other = isset($_POST['format_other']) ? COM_applyFilter($_POST['format_other'], true) : 0;
$format_flv = isset($_POST['format_flv']) ? COM_applyFilter($_POST['format_flv'], true) : 0;
$format_rflv = isset($_POST['format_rflv']) ? COM_applyFilter($_POST['format_rflv'], true) : 0;
$format_emb = isset($_POST['format_emb']) ? COM_applyFilter($_POST['format_emb'], true) : 0;
$album->valid_formats = $format_jpg + $format_png + $format_tif + $format_gif + $format_bmp + $format_tga + $format_psd + $format_mp3 + $format_ogg + $format_asf + $format_swf + $format_mov + $format_mp4 + $format_mpg + $format_zip + $format_other + $format_flv + $format_rflv + $format_emb;
if (isset($_POST['featured'])) {
$album->featured = COM_applyFilter($_POST['featured'], true);
// admin only
} else {
$album->featured = 0;
}
$album->cbposition = COM_applyFilter($_POST['featureposition'], true);
// admin only
$album->cbpage = COM_applyFilter($_POST['featurepage']);
// admin only
$album->group_id = isset($_POST['group_id']) ? COM_applyFilter($_POST['group_id']) : 0;
// admin only
$album->mod_group_id = isset($_POST['mod_id']) ? COM_applyFilter($_POST['mod_id'], true) : 0;
// admin only
$perm_owner = isset($_POST['perm_owner']) ? $_POST['perm_owner'] : 0;
// admin only
$perm_group = isset($_POST['perm_group']) ? $_POST['perm_group'] : 0;
// admin only
$perm_members = isset($_POST['perm_members']) ? $_POST['perm_members'] : 0;
$perm_anon = isset($_POST['perm_anon']) ? $_POST['perm_anon'] : 0;
list($album->perm_owner, $album->perm_group, $album->perm_members, $album->perm_anon) = SEC_getPermissionValues($perm_owner, $perm_group, $perm_members, $perm_anon);
} else {
$perm_owner = $album->perm_owner;
// already set by existing album?
$perm_group = $album->perm_group;
// already set by existing album?
if ($update == 0) {
if (isset($MG_albums[$album->parent]->group_id)) {
$grp_id = $MG_albums[$album->parent]->group_id;
$album->group_id = $grp_id;
} else {
$gresult = DB_query("SELECT grp_id FROM {$_TABLES['groups']} WHERE grp_name LIKE 'mediagallery Admin'");
$grow = DB_fetchArray($gresult);
$grp_id = $grow['grp_id'];
$album->group_id = $grp_id;
// only do these two if create....
}
$album->mod_group_id = $_MG_CONF['member_mod_group_id'];
if ($album->mod_group_id == '' || $album->mod_group_id < 1) {
$album->mod_group_id = $grp_id;
}
}
$perm_members = $_POST['perm_members'];
$perm_anon = $_POST['perm_anon'];
list($junk1, $junk2, $album->perm_members, $album->perm_anon) = SEC_getPermissionValues($perm_owner, $perm_group, $perm_members, $perm_anon);
}
if (isset($_POST['owner_id'])) {
$album->owner_id = COM_applyFilter($_POST['owner_id']);
} else {
$album->owner_id = 2;
}
// simple check to see if we can create off the album root...
if (!SEC_hasRights('mediagallery.admin')) {
if ($album->parent == $_MG_CONF['member_album_root'] && $update == 0) {
if ($_MG_CONF['member_create_new'] == 0) {
return MG_errorHandler("Cannot create a new album off the member root, please select a new parent album");
}
}
}
// final permission check to make sure we have the proper rights to create here....
if ($album->parent == 0 && $update == 0 && !$_MG_CONF['member_albums'] == 1 && !$_MG_CONF['member_album_root'] == 0) {
// see if we are mediagallery.admin
if (!SEC_hasRights('mediagallery.admin')) {
COM_errorLog("MediaGallery: Someone has tried to illegally save a Media Gallery Album in Root. User id: {$_USER['uid']}, Username: {$_USER['username']}, IP: {$REMOTE_ADDR}", 1);
return MG_genericError($LANG_MG00['access_denied_msg']);
}
} elseif ($album->parent != 0) {
if (!isset($MG_albums[$album->parent]->id)) {
// does not exist...
COM_errorLog("MediaGallery: Someone has tried to save a album to non-existent parent album. User id: {$_USER['uid']}, Username: {$_USER['username']}, IP: {$REMOTE_ADDR}", 1);
return MG_genericError($LANG_MG00['access_denied_msg']);
} else {
if ($MG_albums[$album->parent]->access != 3 && !SEC_hasRights('mediagallery.admin') && !$_MG_CONF['member_albums'] && !($_MG_CONF['member_album_root'] == $MG_album[$album->parent]->id)) {
COM_errorLog("MediaGallery: Someone has tried to illegally save a Media Gallery Album. User id: {$_USER['uid']}, Username: {$_USER['username']}, IP: {$REMOTE_ADDR}", 1);
return MG_genericError($LANG_MG00['access_denied_msg']);
}
}
}
if ($old_tn_attached == 0 && $album->tn_attached == 1 && $thumb['tmp_name'] == '') {
$album->tn_attached = 0;
}
if ($old_tn_attached == 1 && $album->tn_attached == 0) {
$remove_old_tn = 1;
} else {
$remove_old_tn = 0;
}
if ($thumb['tmp_name'] != '' && $album->tn_attached == 1) {
$thumbnail = $thumb['tmp_name'];
$attachtn = 1;
} else {
$attachtn = 0;
}
// pull the watermark id associated with the filename...
if ($album->wm_id == 'blank.png') {
$wm_id = 0;
} else {
$wm_id = DB_getItem($_TABLES['mg_watermarks'], 'wm_id', 'filename="' . DB_escapeString($album->wm_id) . '"');
}
if ($wm_id == '') {
$wm_id = 0;
}
if ($wm_id == 0) {
$album->wm_auto = 0;
}
$album->wm_id = $wm_id;
// handle new featured albums
if (SEC_hasRights('mediagallery.admin')) {
if ($album->featured) {
// check for other featured albums, we can only have one
$sql = "SELECT album_id FROM {$_TABLES['mg_albums']} WHERE featured=1 AND cbpage='" . DB_escapeString($album->cbpage) . "'";
$result = DB_query($sql);
$nRows = DB_numRows($result);
if ($nRows > 0) {
$row = DB_fetchArray($result);
$sql = "UPDATE {$_TABLES['mg_albums']} SET featured=0 WHERE album_id=" . $row['album_id'];
DB_query($sql);
}
}
} else {
// if a new album, set the member album defaults since we are a non-admin
if ($album->isMemberAlbum() && update == 0) {
$album->perm_owner = $_MG_CONF['member_perm_owner'];
$album->perm_group = $_MG_CONF['member_perm_group'];
$album->enable_random = $_MG_CONF['member_enable_random'];
$album->max_image_height = $_MG_CONF['member_max_height'];
$album->max_image_width = $_MG_CONF['member_max_width'];
$album->max_filesize = $_MG_CONF['member_max_filesize'];
$album->member_uploads = $_MG_CONF['member_uploads'];
$album->moderate = $_MG_CONF['member_moderate'];
$album->email_mod = $_MG_CONF['member_email_mod'];
$album->valid_formats = $_MG_CONF['member_valid_formats'];
}
}
$album->title = substr($album->title, 0, 254);
if ($_DB_dbms == "mssql") {
$album->description = substr($album->description, 0, 1500);
}
if ($album->last_update == '') {
$album->last_update = 0;
}
$album->last_update = intval($album->last_update);
if ($album->id < 1) {
$album->id = $album->createAlbumID();
$aid = $album->id;
$album->order = $album->getNextSortOrder();
}
if ($album->id == 0) {
COM_errorLog("MediaGallery: Internal Error - album_id = 0 - Contact mark@glfusion.org ");
return MG_genericError($LANG_MG00['access_denied_msg']);
}
$album->saveAlbum();
$album->updateChildPermissions($forceChildPermUpdate);
// now handle the attached cover...
if ($attachtn == 1) {
if (!function_exists('MG_getFile')) {
require_once $_CONF['path'] . 'plugins/mediagallery/include/lib-upload.php';
}
$media_filename = $_MG_CONF['path_mediaobjects'] . 'covers/cover_' . $album->id;
MG_attachThumbnail($album->id, $thumbnail, $media_filename);
}
if ($remove_old_tn == 1) {
foreach ($_MG_CONF['validExtensions'] as $ext) {
if (file_exists($_MG_CONF['path_mediaobjects'] . 'covers/cover_' . $album->id . $ext)) {
@unlink($_MG_CONF['path_mediaobjects'] . 'covers/cover_' . $album->id . $ext);
break;
}
}
}
MG_initAlbums(1);
// do any album sorting here...
if (isset($MG_albums[$aid]) && $MG_albums[$aid]->parent == 0) {
switch ($MG_albums[$aid]->album_sort_order) {
case 0:
break;
case 3:
// upload, asc
MG_staticSortAlbum($aid, 2, 1, 0);
break;
case 4:
// upload, desc
MG_staticSortAlbum($aid, 2, 0, 0);
break;
case 5:
// title, asc
MG_staticSortAlbum($aid, 0, 1, 0);
break;
case 6:
// title, desc
MG_staticSortAlbum($aid, 0, 0, 0);
break;
case 7:
// rating, desc
MG_staticSortAlbum($aid, 3, 0, 0);
break;
case 8:
// rating, desc
MG_staticSortAlbum($aid, 3, 1, 0);
break;
default:
// skip it...
break;
}
} else {
// not a root album...
switch ($MG_albums[$MG_albums[$aid]->parent]->album_sort_order) {
case 0:
break;
case 3:
// upload, asc
MG_staticSortAlbum($MG_albums[$aid]->parent, 2, 1, 0);
break;
case 4:
// upload, desc
MG_staticSortAlbum($MG_albums[$aid]->parent, 2, 0, 0);
break;
case 5:
// title, asc
MG_staticSortAlbum($MG_albums[$aid]->parent, 0, 1, 0);
break;
case 6:
// title, desc
MG_staticSortAlbum($MG_albums[$aid]->parent, 0, 0, 0);
break;
case 7:
// rating, desc
MG_staticSortAlbum($MG_albums[$aid]->parent, 3, 0, 0);
break;
case 8:
// rating, desc
MG_staticSortAlbum($MG_albums[$aid]->parent, 3, 1, 0);
break;
default:
// skip it...
break;
}
// now call it for myself to sort my subs
switch ($MG_albums[$aid]->album_sort_order) {
case 0:
break;
case 3:
// upload, asc
MG_staticSortAlbum($aid, 2, 1, 0);
break;
case 4:
// upload, desc
MG_staticSortAlbum($aid, 2, 0, 0);
break;
case 5:
// title, asc
MG_staticSortAlbum($aid, 0, 1, 0);
break;
case 6:
// title, desc
MG_staticSortAlbum($aid, 0, 0, 0);
break;
case 7:
// rating, desc
MG_staticSortAlbum($aid, 3, 0, 0);
break;
case 8:
// rating, desc
MG_staticSortAlbum($aid, 3, 1, 0);
break;
default:
// skip it...
break;
}
}
if (!function_exists('MG_buildFullRSS')) {
require_once $_CONF['path'] . 'plugins/mediagallery/include/rssfeed.php';
}
MG_buildFullRSS();
MG_buildAlbumRSS($album->id);
$actionURL = $_MG_CONF['site_url'] . '/album.php?aid=' . $album->id;
echo COM_refresh($actionURL);
exit;
}
function ppFilterText($parameter)
{
// Need to call addslashes again as COM_checkHTML stips it out
$var = COM_checkHTML($parameter);
$var = COM_checkWords($var);
$var = COM_killJS($var);
$var = addslashes($var);
return $var;
}
/**
* Shows a profile for a user
* This grabs the user profile for a given user and displays it
*
* @param int $uid User ID of profile to get
* @param boolean $preview whether being called as preview from My Account
* @param int $msg Message to display (if != 0)
* @param string $plugin optional plugin name for message
* @return string HTML for user profile page
*/
function USER_showProfile($uid, $preview = false, $msg = 0, $plugin = '')
{
global $_CONF, $_TABLES, $_USER, $_IMAGE_TYPE, $LANG01, $LANG04, $LANG09, $LANG28, $LANG_LOGIN, $LANG_ADMIN;
$retval = '';
if (COM_isAnonUser() && ($_CONF['loginrequired'] == 1 || $_CONF['profileloginrequired'] == 1)) {
$retval .= SEC_loginRequiredForm();
$retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG_LOGIN[1]));
return $retval;
}
$result = DB_query("SELECT {$_TABLES['users']}.uid,username,fullname,regdate,homepage,about,location,pgpkey,photo,email,status FROM {$_TABLES['userinfo']},{$_TABLES['users']} WHERE {$_TABLES['userinfo']}.uid = {$_TABLES['users']}.uid AND {$_TABLES['users']}.uid = {$uid}");
$numRows = DB_numRows($result);
if ($numRows == 0) {
// no such user
COM_handle404();
}
$A = DB_fetchArray($result);
if ($A['status'] == USER_ACCOUNT_DISABLED && !SEC_hasRights('user.edit')) {
COM_displayMessageAndAbort(30, '', 403, 'Forbidden');
}
if ($A['status'] != USER_ACCOUNT_ACTIVE && !SEC_hasRights('user.edit')) {
COM_handle404();
}
$display_name = COM_getDisplayName($uid, $A['username'], $A['fullname']);
$display_name = htmlspecialchars($display_name);
if (!$preview) {
if ($msg > 0) {
$retval .= COM_showMessage($msg, $plugin);
}
}
// format date/time to user preference
$currentTime = COM_getUserDateTimeFormat($A['regdate']);
$A['regdate'] = $currentTime[0];
$user_templates = COM_newTemplate($_CONF['path_layout'] . 'users');
$user_templates->set_file(array('profile' => 'profile.thtml', 'email' => 'email.thtml', 'row' => 'commentrow.thtml', 'strow' => 'storyrow.thtml'));
$user_templates->set_var('start_block_userprofile', COM_startBlock($LANG04[1] . ' ' . $display_name));
$user_templates->set_var('end_block', COM_endBlock());
$user_templates->set_var('lang_username', $LANG04[2]);
if ($_CONF['show_fullname'] == 1) {
if (empty($A['fullname'])) {
$userName = $A['username'];
$fullName = '';
} else {
$userName = $A['fullname'];
$fullName = $A['username'];
}
} else {
$userName = $A['username'];
$fullName = $A['fullname'];
}
$userName = htmlspecialchars($userName);
$fullName = htmlspecialchars($fullName);
if ($A['status'] == USER_ACCOUNT_DISABLED) {
$userName = sprintf('<s title="%s">%s</s>', $LANG28[42], $userName);
if (!empty($fullName)) {
$fullName = sprintf('<s title="%s">%s</s>', $LANG28[42], $fullName);
}
}
$user_templates->set_var('username', $userName);
$user_templates->set_var('user_fullname', $fullName);
if ($preview) {
$user_templates->set_var('edit_icon', '');
$user_templates->set_var('edit_link', '');
$user_templates->set_var('user_edit', '');
} elseif (!COM_isAnonUser() && $_USER['uid'] == $uid) {
$edit_icon = '<img src="' . $_CONF['layout_url'] . '/images/edit.' . $_IMAGE_TYPE . '" alt="' . $LANG01[48] . '" title="' . $LANG01[48] . '"' . XHTML . '>';
$edit_link_url = COM_createLink($edit_icon, $_CONF['site_url'] . '/usersettings.php');
$user_templates->set_var('edit_icon', $edit_icon);
$user_templates->set_var('edit_link', $edit_link_url);
$user_templates->set_var('user_edit', $edit_link_url);
} elseif (SEC_hasRights('user.edit')) {
$edit_icon = '<img src="' . $_CONF['layout_url'] . '/images/edit.' . $_IMAGE_TYPE . '" alt="' . $LANG_ADMIN['edit'] . '" title="' . $LANG_ADMIN['edit'] . '"' . XHTML . '>';
$edit_link_url = COM_createLink($edit_icon, "{$_CONF['site_admin_url']}/user.php?mode=edit&uid={$A['uid']}");
$user_templates->set_var('edit_icon', $edit_icon);
$user_templates->set_var('edit_link', $edit_link_url);
$user_templates->set_var('user_edit', $edit_link_url);
}
if (isset($A['photo']) && empty($A['photo'])) {
$A['photo'] = '(none)';
// user does not have a photo
}
$photo = USER_getPhoto($uid, $A['photo'], $A['email'], -1);
$user_templates->set_var('user_photo', $photo);
$user_templates->set_var('lang_membersince', $LANG04[67]);
$user_templates->set_var('user_regdate', $A['regdate']);
$user_templates->set_var('lang_email', $LANG04[5]);
$user_templates->set_var('user_id', $uid);
$user_templates->set_var('uid', $uid);
if ($A['email'] != '') {
$user_templates->set_var('lang_sendemail', $LANG04[81]);
$user_templates->parse('email_option', 'email', true);
} else {
$user_templates->set_var('email_option', '');
}
$user_templates->set_var('lang_homepage', $LANG04[6]);
$user_templates->set_var('user_homepage', COM_killJS($A['homepage']));
$user_templates->set_var('lang_location', $LANG04[106]);
$user_templates->set_var('user_location', strip_tags($A['location']));
$user_templates->set_var('lang_bio', $LANG04[7]);
$user_templates->set_var('user_bio', COM_nl2br(stripslashes($A['about'])));
$user_templates->set_var('lang_pgpkey', $LANG04[8]);
$user_templates->set_var('user_pgp', COM_nl2br($A['pgpkey']));
$user_templates->set_var('start_block_last10stories', COM_startBlock($LANG04[82] . ' ' . $display_name));
$user_templates->set_var('start_block_last10comments', COM_startBlock($LANG04[10] . ' ' . $display_name));
$user_templates->set_var('start_block_postingstats', COM_startBlock($LANG04[83] . ' ' . $display_name));
$user_templates->set_var('lang_title', $LANG09[16]);
$user_templates->set_var('lang_date', $LANG09[17]);
// for alternative layouts: use these as headlines instead of block titles
$user_templates->set_var('headline_last10stories', $LANG04[82]);
$user_templates->set_var('headline_last10comments', $LANG04[10]);
$user_templates->set_var('headline_postingstats', $LANG04[83]);
$tids = TOPIC_getList(0, true, false);
$topics = "'" . implode("','", $tids) . "'";
// list of last 10 stories by this user
if (count($tids) > 0) {
$sql = "SELECT sid,title,UNIX_TIMESTAMP(date) AS unixdate\n FROM {$_TABLES['stories']}, {$_TABLES['topic_assignments']} ta\n WHERE (uid = {$uid}) AND (draft_flag = 0) AND (date <= NOW()) AND (tid IN ({$topics}))" . COM_getPermSQL('AND') . "\n AND ta.type = 'article' AND ta.id = sid AND ta.tdefault = 1\n ORDER BY unixdate DESC LIMIT 10";
$result = DB_query($sql);
$numRows = DB_numRows($result);
} else {
$numRows = 0;
}
if ($numRows > 0) {
for ($i = 0; $i < $numRows; $i++) {
$C = DB_fetchArray($result);
$user_templates->set_var('cssid', $i % 2 + 1);
$user_templates->set_var('row_number', $i + 1 . '.');
$articleUrl = COM_buildURL($_CONF['site_url'] . '/article.php?story=' . $C['sid']);
$user_templates->set_var('article_url', $articleUrl);
$C['title'] = str_replace('$', '$', $C['title']);
$user_templates->set_var('story_title', COM_createLink(stripslashes($C['title']), $articleUrl, array('class' => 'b')));
$storyTime = COM_getUserDateTimeFormat($C['unixdate']);
$user_templates->set_var('story_date', $storyTime[0]);
$user_templates->parse('story_row', 'strow', true);
}
} else {
$story_row = $LANG01[37];
if ($_CONF['supported_version_theme'] == '1.8.1') {
$story_row = '<tr><td>' . $story_row . '</td></tr>';
}
$user_templates->set_var('story_row', $story_row);
}
// list of last 10 comments by this user
$new_plugin_comments = PLG_getWhatsNewComment('', 10, $uid);
if (!empty($new_plugin_comments)) {
// Sort array by element lastdate newest to oldest
foreach ($new_plugin_comments as $k => $v) {
$b[$k] = strtolower($v['unixdate']);
}
arsort($b);
foreach ($b as $key => $val) {
$temp[] = $new_plugin_comments[$key];
}
$new_plugin_comments = $temp;
$i = 0;
foreach ($new_plugin_comments as $C) {
$i = $i + 1;
$user_templates->set_var('cssid', $i % 2);
$user_templates->set_var('row_number', $i . '.');
$C['title'] = str_replace('$', '$', $C['title']);
$comment_url = $_CONF['site_url'] . '/comment.php?mode=view&cid=' . $C['cid'];
$user_templates->set_var('comment_title', COM_createLink(stripslashes($C['title']), $comment_url, array('class' => 'b')));
$commentTime = COM_getUserDateTimeFormat($C['unixdate']);
$user_templates->set_var('comment_date', $commentTime[0]);
$user_templates->parse('comment_row', 'row', true);
if ($i == 10) {
break;
}
}
} else {
$comment_row = $LANG01[29];
if ($_CONF['supported_version_theme'] == '1.8.1') {
$comment_row = '<tr><td>' . $comment_row . '</td></tr>';
}
$user_templates->set_var('comment_row', $comment_row);
}
// posting stats for this user
$user_templates->set_var('lang_number_stories', $LANG04[84]);
$sql = "SELECT COUNT(*) AS count FROM {$_TABLES['stories']} WHERE (uid = {$uid}) AND (draft_flag = 0) AND (date <= NOW())" . COM_getPermSQL('AND');
$result = DB_query($sql);
$N = DB_fetchArray($result);
$user_templates->set_var('number_stories', COM_numberFormat($N['count']));
$user_templates->set_var('lang_number_comments', $LANG04[85]);
$sql = "SELECT COUNT(*) AS count FROM {$_TABLES['comments']} WHERE (uid = {$uid})";
$result = DB_query($sql);
$N = DB_fetchArray($result);
$user_templates->set_var('number_comments', COM_numberFormat($N['count']));
$user_templates->set_var('lang_all_postings_by', $LANG04[86] . ' ' . $display_name);
// Call custom registration function if enabled and exists
if ($_CONF['custom_registration'] && function_exists('CUSTOM_userDisplay')) {
$user_templates->set_var('customfields', CUSTOM_userDisplay($uid));
}
PLG_profileVariablesDisplay($uid, $user_templates);
$user_templates->parse('output', 'profile');
$retval .= $user_templates->finish($user_templates->get_var('output'));
$retval .= PLG_profileBlocksDisplay($uid);
if (!$preview) {
$retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG04[1] . ' ' . $display_name));
}
return $retval;
}
function _MG_getFile($filename, $file, $albums, $caption = '', $description = '', $upload = 1, $purgefiles = 0, $filetype, $atttn, $thumbnail, $keywords = '', $category = 0, $dnc = 0, $replace = 0, $userid)
{
global $MG_albums, $_CONF, $_MG_CONF, $_USER, $_TABLES, $LANG_MG00, $LANG_MG01, $LANG_MG02, $new_media_id;
$artist = '';
$musicAlbum = '';
$genre = '';
$video_attached_thumbnail = 0;
$successfulWatermark = 0;
$dnc = 1;
$errors = 0;
$errMsg = '';
clearstatcache();
if (!file_exists($filename)) {
$errMsg = $LANG_MG02['upload_not_found'];
return array(false, $errMsg);
}
clearstatcache();
if (!is_readable($filename)) {
$errMsg = $LANG_MG02['upload_not_readable'];
return array(false, $errMsg);
}
// make sure we have the proper permissions to upload to this album....
if (!isset($MG_albums[$albums]->id)) {
$errMsg = $LANG_MG02['album_nonexist'];
// "Album does not exist, unable to process uploads";
return array(false, $errMsg);
}
sleep(1);
// We do this to make sure we don't get dupe sid's
/*
* The following section of code will generate a unique name for a temporary
* file and copy the uploaded file to the Media Gallery temp directory.
* We do this to prevent any SAFE MODE issues when we later open the
* file to determine the mime type.
*/
if (empty($_USER['username']) || $_USER['username'] == '') {
$_USER['username'] = '******';
}
$tmpPath = $_MG_CONF['tmp_path'] . '/' . $_USER['username'] . COM_makesid() . '.tmp';
if ($upload) {
$rc = @move_uploaded_file($filename, $tmpPath);
} else {
$rc = @copy($filename, $tmpPath);
$importSource = $filename;
}
if ($rc != 1) {
$errors++;
$errMsg .= sprintf($LANG_MG02['move_error'], $filename);
@unlink($tmpPath);
return array(false, $errMsg);
}
$filename = $tmpPath;
if ($replace > 0) {
$new_media_id = $replace;
} else {
$new_media_id = COM_makesid();
}
$media_time = time();
$media_upload_time = time();
$media_user_id = $userid;
$mimeInfo = IMG_getMediaMetaData($filename);
$mimeExt = strtolower(substr(strrchr($file, "."), 1));
$mimeInfo['type'] = $mimeExt;
if (!isset($mimeInfo['mime_type']) || $mimeInfo['mime_type'] == '') {
$mimeInfo['mime_type'] = $filetype;
}
$gotTN = 0;
if (isset($mimeInfo['id3v2']['APIC'][0]['mime']) && $mimeInfo['id3v2']['APIC'][0]['mime'] == 'image/jpeg') {
$mp3AttachdedThumbnail = $mimeInfo['id3v2']['APIC'][0]['data'];
$gotTN = 1;
}
if ($mimeExt == '' || $mimeInfo['mime_type'] == 'application/octet-stream' || $mimeInfo['mime_type'] == '') {
// assume format based on file upload info...
switch ($filetype) {
case 'audio/mpeg':
$mimeInfo['type'] = 'mp3';
$mimeInfo['mime_type'] = 'audio/mpeg';
$mimeExt = 'mp3';
break;
case 'image/tga':
$mimeInfo['type'] = 'tga';
$mimeInfo['mime_type'] = 'image/tga';
$mimeExt = 'tga';
break;
case 'image/psd':
$mimeInfo['type'] = 'psd';
$mimeInfo['mime_type'] = 'image/psd';
$mimeExt = 'psd';
break;
case 'image/gif':
$mimeInfo['type'] = 'gif';
$mimeInfo['mime_type'] = 'image/gif';
$mimeExt = 'gif';
break;
case 'image/jpeg':
case 'image/jpg':
$mimeInfo['type'] = 'jpg';
$mimeInfo['mime_type'] = 'image/jpeg';
$mimeExt = 'jpg';
break;
case 'image/png':
$mimeInfo['type'] = 'png';
$mimeInfo['mime_type'] = 'image/png';
$mimeExt = 'png';
break;
case 'image/bmp':
$mimeInfo['type'] = 'bmp';
$mimeInfo['mime_type'] = 'image/bmp';
$mimeExt = 'bmp';
break;
case 'application/x-shockwave-flash':
$mimeInfo['type'] = 'swf';
$mimeInfo['mime_type'] = 'application/x-shockwave-flash';
$mimeExt = 'swf';
break;
case 'application/zip':
$mimeInfo['type'] = 'zip';
$mimeInfo['mime_type'] = 'application/zip';
$mimeExt = 'zip';
break;
case 'audio/mpeg':
$mimeInfo['type'] = 'mp3';
$mimeInfo['mime_type'] = 'audio/mpeg';
$mimeExt = 'mp3';
break;
case 'video/quicktime':
$mimeInfo['type'] = 'mov';
$mimeInfo['mime_type'] = 'video/quicktime';
$mimeExt = 'mov';
break;
case 'video/x-m4v':
$mimeInfo['type'] = 'mov';
$mimeInfo['mime_type'] = 'video/x-m4v';
$mimeExt = 'mov';
break;
case 'video/x-flv':
$mimeInfo['type'] = 'flv';
$mimeInfo['mime_type'] = 'video/x-flv';
$mimeExt = 'flv';
break;
case 'audio/x-ms-wma':
$mimeInfo['type'] = 'wma';
$mimeInfo['mime_type'] = 'audio/x-ms-wma';
$mimeExt = 'wma';
break;
default:
$file_extension = strtolower(substr(strrchr($file, "."), 1));
switch ($file_extension) {
case 'flv':
$mimeInfo['type'] = 'flv';
$mimeInfo['mime_type'] = 'video/x-flv';
$mimeExt = 'flv';
break;
case 'wma':
$mimeInfo['type'] = 'wma';
$mimeInfo['mime_type'] = 'audio/x-ms-wma';
$mimeExt = 'wma';
break;
default:
$mimeInfo['type'] = 'file';
if ($filetype != '') {
$mimeInfo['mime_type'] = $filetype;
} else {
$mimeInfo['mime_type'] = 'application/octet-stream';
}
$mimeExt = $file_extension;
break;
}
}
}
switch ($mimeInfo['mime_type']) {
case 'audio/mpeg':
$format_type = MG_MP3;
break;
case 'image/gif':
$format_type = MG_GIF;
break;
case 'image/jpeg':
case 'image/jpg':
$format_type = MG_JPG;
break;
case 'image/png':
$format_type = MG_PNG;
break;
case 'image/bmp':
$format_type = MG_BMP;
break;
case 'application/x-shockwave-flash':
$format_type = MG_SWF;
break;
case 'application/zip':
$format_type = MG_ZIP;
break;
case 'video/mpeg':
case 'video/x-motion-jpeg':
case 'video/quicktime':
case 'video/mpeg':
case 'video/x-mpeg':
case 'video/x-mpeq2a':
case 'video/x-qtc':
case 'video/x-m4v':
$format_type = MG_MOV;
break;
case 'video/x-flv':
$format_type = MG_FLV;
break;
case 'image/tiff':
$format_type = MG_TIF;
break;
case 'image/x-targa':
case 'image/tga':
$format_type = MG_TGA;
break;
case 'image/psd':
$format_type = MG_PSD;
break;
case 'application/ogg':
$format_type = MG_OGG;
break;
case 'audio/x-ms-wma':
case 'audio/x-ms-wax':
case 'audio/x-ms-wmv':
case 'video/x-ms-asf':
case 'video/x-ms-asf-plugin':
case 'video/avi':
case 'video/msvideo':
case 'video/x-msvideo':
case 'video/avs-video':
case 'video/x-ms-wmv':
case 'video/x-ms-wvx':
case 'video/x-ms-wm':
case 'application/x-troff-msvideo':
case 'application/x-ms-wmz':
case 'application/x-ms-wmd':
$format_type = MG_ASF;
break;
case 'application/pdf':
$format_type = MG_OTHER;
break;
default:
$format_type = MG_OTHER;
break;
}
$mimeType = $mimeInfo['mime_type'];
if ($filetype == 'video/x-m4v') {
$mimeType = 'video/x-m4v';
$mimeInfo['mime_type'] = 'video/x-m4v';
}
if (!($MG_albums[$albums]->valid_formats & $format_type)) {
return array(false, $LANG_MG02['format_not_allowed']);
}
if ($replace > 0) {
$sql = "SELECT * FROM {$_TABLES['mg_media']} WHERE media_id='" . DB_escapeString($replace) . "'";
$result = DB_query($sql);
$row = DB_fetchArray($result);
$media_filename = $row['media_filename'];
} else {
if ($_MG_CONF['preserve_filename'] == 1) {
$loopCounter = 0;
$digitCounter = 1;
$file_name = stripslashes($file);
$file_name = MG_replace_accents($file_name);
$file_name = preg_replace("#[ ]#", "_", $file_name);
// change spaces to underscore
$file_name = preg_replace('#[^\\.\\-,\\w]#', '_', $file_name);
//only parenthesis, underscore, letters, numbers, comma, hyphen, period - others to underscore
$file_name = preg_replace('#(_)+#', '_', $file_name);
//eliminate duplicate underscore
$pos = strrpos($file_name, '.');
if ($pos === false) {
$basefilename = $file_name;
} else {
$basefilename = strtolower(substr($file_name, 0, $pos));
}
do {
clearstatcache();
$media_filename = substr(md5(uniqid(rand())), 0, $digitCounter) . '_' . $basefilename;
$loopCounter++;
if ($loopCounter > 16) {
$digitCounter++;
$loopCounter = 0;
}
} while (MG_file_exists($media_filename));
} else {
do {
clearstatcache();
$media_filename = md5(uniqid(rand()));
} while (MG_file_exists($media_filename));
}
}
// replace a few mime extentions here...
//
$mimeExtLower = strtolower($mimeExt);
if ($mimeExtLower == 'php') {
$mimeExt = 'phps';
} else {
if ($mimeExtLower == 'pl') {
$mimeExt = 'txt';
} else {
if ($mimeExtLower == 'cgi') {
$mimeExt = 'txt';
} else {
if ($mimeExtLower == 'py') {
$mimeExt = 'txt';
} else {
if ($mimeExtLower == 'sh') {
$mimeExt = 'txt';
} else {
if ($mimeExtLower == 'rb') {
$mimeExt = 'txt';
}
}
}
}
}
}
$disp_media_filename = $media_filename . '.' . $mimeExt;
switch ($mimeType) {
case 'image/psd':
case 'image/x-targa':
case 'image/tga':
case 'image/photoshop':
case 'image/x-photoshop':
case 'image/psd':
case 'application/photoshop':
case 'application/psd':
case 'image/tiff':
case 'image/gif':
case 'image/jpeg':
case 'image/jpg':
case 'image/png':
case 'image/bmp':
if ($mimeType == 'image/psd' || $mimeType == 'image/x-targa' || $mimeType == 'image/tga' || $mimeType == 'image/photoshop' || $mimeType == 'image/x-photoshop' || $mimeType == 'image/psd' || $mimeType == 'application/photoshop' || $mimeType == 'application/psd' || $mimeType == 'image/tiff') {
$media_orig = $_MG_CONF['path_mediaobjects'] . 'orig/' . $media_filename[0] . '/' . $media_filename . "." . $mimeExt;
$media_disp = $_MG_CONF['path_mediaobjects'] . 'disp/' . $media_filename[0] . '/' . $media_filename . ".jpg";
$media_tn = $_MG_CONF['path_mediaobjects'] . 'tn/' . $media_filename[0] . '/' . $media_filename . ".jpg";
} else {
$media_orig = $_MG_CONF['path_mediaobjects'] . 'orig/' . $media_filename[0] . '/' . $media_filename . "." . $mimeExt;
$media_disp = $_MG_CONF['path_mediaobjects'] . 'disp/' . $media_filename[0] . '/' . $media_filename . "." . $mimeExt;
$media_tn = $_MG_CONF['path_mediaobjects'] . 'tn/' . $media_filename[0] . '/' . $media_filename . "." . $mimeExt;
}
$mimeType = $mimeInfo['mime_type'];
// process image file
$media_time = getOriginationTimestamp($filename);
if ($media_time == null || $media_time < 0) {
$media_time = time();
}
$rc = @copy($filename, $media_orig);
if ($rc != 1) {
$errors++;
$errMsg .= sprintf($LANG_MG02['move_error'], $filename);
} else {
if ($purgefiles) {
@unlink($importSource);
}
@chmod($media_orig, 0644);
list($rc, $msg) = MG_convertImage($media_orig, $media_tn, $media_disp, $mimeExt, $mimeType, $albums, $media_filename, $dnc);
if ($rc == false) {
$errors++;
$errMsg .= $msg;
// sprintf($LANG_MG02['convert_error'],$filename);
} else {
$mediaType = 0;
if ($_MG_CONF['discard_original'] == 1 && ($mimeType == 'image/jpeg' || $mimeType == 'image/jpg' || $mimeType == 'image/png' || $mimeType == 'image/bmp' || $mimeType == 'image/gif')) {
if ($_MG_CONF['jhead_enabled'] && ($mimeType == 'image/jpeg' || $mimeType == 'image/jpg')) {
$rc = MG_execWrapper('"' . $_MG_CONF['jhead_path'] . "/jhead" . '"' . " -te " . $media_orig . " " . $media_disp);
}
@unlink($media_orig);
}
if ($MG_albums[$albums]->wm_auto) {
if ($_MG_CONF['discard_original'] == 1) {
$rc = MG_watermark($media_disp, $albums, 1);
if ($rc == TRUE) {
$successfulWatermark = 1;
}
} else {
$rc1 = MG_watermark($media_orig, $albums, 1);
$rc2 = MG_watermark($media_disp, $albums, 0);
if ($rc1 == TRUE && $rc2 == TRUE) {
$successfulWatermark = 1;
}
}
}
if ($dnc != 1) {
if ($mimeType != 'image/tga' && $mimeType != 'image/x-targa' && $mimeType != 'image/tiff') {
if ($mimeType != 'image/photoshop' && $mimeType != 'image/x-photoshop' && $mimeType != 'image/psd' && $mimeType != 'application/photoshop' && $mimeType != 'application/psd') {
$mimeExt = 'jpg';
$mimeType = 'image/jpeg';
}
}
}
}
}
break;
case 'video/quicktime':
case 'video/mpeg':
case 'video/x-flv':
case 'video/x-ms-asf':
case 'video/x-ms-asf-plugin':
case 'video/avi':
case 'video/msvideo':
case 'video/x-msvideo':
case 'video/avs-video':
case 'video/x-ms-wmv':
case 'video/x-ms-wvx':
case 'video/x-ms-wm':
case 'application/x-troff-msvideo':
case 'application/x-shockwave-flash':
case 'video/mp4':
case 'video/x-m4v':
$mimeType = $mimeInfo['mime_type'];
if ($filetype == 'video/mp4') {
$mimeExt = 'mp4';
}
// process video format
$media_orig = $_MG_CONF['path_mediaobjects'] . 'orig/' . $media_filename[0] . '/' . $media_filename . '.' . $mimeExt;
$rc = @copy($filename, $media_orig);
if ($rc != 1) {
$errors++;
$errMsg .= sprintf($LANG_MG02['move_error'], $filename);
} else {
if ($purgefiles) {
@unlink($importSource);
}
@chmod($media_orig, 0644);
$mediaType = 1;
}
$video_attached_thumbnail = MG_videoThumbnail($albums, $media_orig, $media_filename);
break;
case 'application/ogg':
case 'audio/mpeg':
case 'audio/x-ms-wma':
case 'audio/x-ms-wax':
case 'audio/x-ms-wmv':
$mimeType = $mimeInfo['mime_type'];
// process audio format
$media_orig = $_MG_CONF['path_mediaobjects'] . 'orig/' . $media_filename[0] . '/' . $media_filename . '.' . $mimeExt;
$rc = @copy($filename, $media_orig);
if (isset($mimeInfo['tags']['id3v1']['title'][0])) {
if ($caption == '') {
$caption = $mimeInfo['tags']['id3v1']['title'][0];
}
}
if (isset($mimeInfo['tags']['id3v1']['artist'][0])) {
$artist = DB_escapeString($mimeInfo['tags']['id3v1']['artist'][0]);
}
if (isset($mimeInfo['tags']['id3v2']['genre'][0])) {
$genre = DB_escapeString($mimeInfo['tags']['id3v2']['genre'][0]);
}
if (isset($mimeInfo['tags']['id3v1']['album'][0])) {
$musicAlbum = DB_escapeString($mimeInfo['tags']['id3v1']['album'][0]);
}
if ($rc != 1) {
$errors++;
$errMsg .= sprintf($LANG_MG02['move_error'], $filename);
} else {
if ($purgefiles) {
@unlink($importSource);
}
$mediaType = 2;
}
break;
case 'zip':
case 'application/zip':
if ($_MG_CONF['zip_enabled']) {
$errMsg .= MG_processZip($filename, $albums, $purgefiles, $media_filename);
break;
}
// NO BREAK HERE, fall through if enable zip isn't allowed
// NO BREAK HERE, fall through if enable zip isn't allowed
default:
$media_orig = $_MG_CONF['path_mediaobjects'] . 'orig/' . $media_filename[0] . '/' . $media_filename . "." . $mimeExt;
$mimeType = $mimeInfo['mime_type'];
$rc = @copy($filename, $media_orig);
if ($rc != 1) {
$errors++;
$errMsg .= sprintf($LANG_MG02['move_error'], $filename);
} else {
if ($purgefiles) {
@unlink($importSource);
}
$mediaType = 4;
}
$mediaType = 4;
break;
}
// update quota
$quota = $MG_albums[$albums]->album_disk_usage;
if ($_MG_CONF['discard_original'] == 1) {
$quota += @filesize($_MG_CONF['path_mediaobjects'] . 'orig/' . $media_filename[0] . '/' . $media_filename . '.' . $mimeExt);
$quota += @filesize($_MG_CONF['path_mediaobjects'] . 'disp/' . $media_filename[0] . '/' . $media_filename . '.jpg');
} else {
$quota += @filesize($_MG_CONF['path_mediaobjects'] . 'orig/' . $media_filename[0] . '/' . $media_filename . '.' . $mimeExt);
}
DB_query("UPDATE {$_TABLES['mg_albums']} SET album_disk_usage=" . $quota . " WHERE album_id=" . $albums);
if ($errors) {
@unlink($tmpPath);
return array(false, $errMsg);
}
if (($mimeType != 'application/zip' || $_MG_CONF['zip_enabled'] == 0) && $errors == 0) {
// Now we need to process an uploaded thumbnail
if ($gotTN == 1) {
$mp3TNFilename = $_MG_CONF['tmp_path'] . '/mp3tn' . time() . '.jpg';
$fn = fopen($mp3TNFilename, "w");
fwrite($fn, $mp3AttachdedThumbnail);
fclose($fn);
$saveThumbnailName = $_MG_CONF['path_mediaobjects'] . 'tn/' . $media_filename[0] . '/tn_' . $media_filename;
MG_attachThumbnail($albums, $mp3TNFilename, $saveThumbnailName);
@unlink($mp3TNFilename);
$atttn = 1;
} else {
if ($atttn == 1) {
$saveThumbnailName = $_MG_CONF['path_mediaobjects'] . 'tn/' . $media_filename[0] . '/tn_' . $media_filename;
MG_attachThumbnail($albums, $thumbnail, $saveThumbnailName);
}
}
if ($video_attached_thumbnail) {
$atttn = 1;
}
if ($MG_albums[$albums]->enable_html != 1) {
// if ($_MG_CONF['htmlallowed'] != 1 ) {
$media_desc = DB_escapeString(htmlspecialchars(strip_tags(COM_checkWords(COM_killJS($description)))));
$media_caption = DB_escapeString(htmlspecialchars(strip_tags(COM_checkWords(COM_killJS($caption)))));
$media_keywords = DB_escapeString(htmlspecialchars(strip_tags(COM_checkWords(COM_killJS($keywords)))));
} else {
$media_desc = DB_escapeString(COM_checkHTML(COM_killJS($description)));
$media_caption = DB_escapeString(COM_checkHTML(COM_killJS($caption)));
$media_keywords = DB_escapeString(COM_checkHTML(COM_killJS($keywords)));
}
// Check and see if moderation is on. If yes, place in mediasubmission
if ($MG_albums[$albums]->moderate == 1 && !$MG_albums[0]->owner_id) {
$tableMedia = $_TABLES['mg_mediaqueue'];
$tableMediaAlbum = $_TABLES['mg_media_album_queue'];
$queue = 1;
} else {
$tableMedia = $_TABLES['mg_media'];
$tableMediaAlbum = $_TABLES['mg_media_albums'];
$queue = 0;
}
$original_filename = DB_escapeString($file);
if ($MG_albums[$albums]->filename_title) {
if ($media_caption == '') {
$pos = strrpos($original_filename, '.');
if ($pos === false) {
$media_caption = $original_filename;
} else {
$media_caption = substr($original_filename, 0, $pos);
}
}
}
$resolution_x = 0;
$resolution_y = 0;
// try to find a resolution if video...
if ($mediaType == 1) {
switch ($mimeType) {
case 'application/x-shockwave-flash':
case 'video/quicktime':
case 'video/mpeg':
case 'video/x-m4v':
if (isset($mimeInfo['video']['resolution_x']) && isset($mimeInfo['video']['resolution_x'])) {
$resolution_x = $mimeInfo['video']['resolution_x'];
$resolution_y = $mimeInfo['video']['resolution_y'];
} else {
$resolution_x = -1;
$resolution_y = -1;
}
break;
case 'video/x-flv':
if ($mimeInfo['video']['resolution_x'] < 1 || $mimeInfo['video']['resolution_y'] < 1) {
if (isset($mimeInfo['meta']['onMetaData']['width']) && isset($mimeInfo['meta']['onMetaData']['height'])) {
$resolution_x = $mimeInfo['meta']['onMetaData']['width'];
$resolution_y = $mimeInfo['meta']['onMetaData']['height'];
} else {
$resolution_x = -1;
$resolution_y = -1;
}
} else {
$resolution_x = $mimeInfo['video']['resolution_x'];
$resolution_y = $mimeInfo['video']['resolution_y'];
}
break;
case 'video/x-ms-asf':
case 'video/x-ms-asf-plugin':
case 'video/avi':
case 'video/msvideo':
case 'video/x-msvideo':
case 'video/avs-video':
case 'video/x-ms-wmv':
case 'video/x-ms-wvx':
case 'video/x-ms-wm':
case 'application/x-troff-msvideo':
if (isset($mimeInfo['video']['streams']['2']['resolution_x']) && isset($mimeInfo['video']['streams']['2']['resolution_y'])) {
$resolution_x = $mimeInfo['video']['streams']['2']['resolution_x'];
$resolution_y = $mimeInfo['video']['streams']['2']['resolution_y'];
} else {
$resolution_x = -1;
$resolution_y = -1;
}
break;
}
}
if ($replace > 0) {
$sql = "UPDATE " . $tableMedia . " SET\n\t \t\t\t\t\tmedia_filename='" . DB_escapeString($media_filename) . "',\n\t \t\t\t\t\tmedia_original_filename='{$original_filename}',\n\t \t\t\t\t\tmedia_mime_ext='" . DB_escapeString($mimeExt) . "',\n\t \t\t\t\t\tmime_type='" . DB_escapeString($mimeType) . "',\n\t \t\t\t\t\tmedia_time='" . DB_escapeString($media_time) . "',\n\t \t\t\t\t\tmedia_user_id='" . DB_escapeString($media_user_id) . "',\n\t \t\t\t\t\tmedia_type='" . DB_escapeString($mediaType) . "',\n\t \t\t\t\t\tmedia_upload_time='" . DB_escapeString($media_upload_time) . "',\n\t \t\t\t\t\tmedia_watermarked='" . DB_escapeString($successfulWatermark) . "',\n\t \t\t\t\t\tmedia_resolution_x='" . DB_escapeString($resolution_x) . "',\n\t \t\t\t\t\tmedia_resolution_y='" . DB_escapeString($resolution_y) . "'\n\t \t\t\t\t\tWHERE media_id='" . DB_escapeString($replace) . "'";
DB_query($sql);
} else {
$sql = "INSERT INTO " . $tableMedia . " (media_id,media_filename,media_original_filename,media_mime_ext,media_exif,mime_type,media_title,media_desc,media_keywords,media_time,media_views,media_comments,media_votes,media_rating,media_tn_attached,media_tn_image,include_ss,media_user_id,media_user_ip,media_approval,media_type,media_upload_time,media_category,media_watermarked,v100,maint,media_resolution_x,media_resolution_y,remote_media,remote_url,artist,album,genre)\n\t VALUES ('{$new_media_id}','{$media_filename}','{$original_filename}','{$mimeExt}','1','{$mimeType}','{$media_caption}','{$media_desc}','{$media_keywords}','{$media_time}','0','0','0','0.00','{$atttn}','','1','{$media_user_id}','','0','{$mediaType}','{$media_upload_time}','{$category}','{$successfulWatermark}','0','0',{$resolution_x},{$resolution_y},0,'','{$artist}','{$musicAlbum}','{$genre}');";
DB_query($sql);
$x = 0;
$sql = "SELECT MAX(media_order) + 10 AS media_seq FROM " . $_TABLES['mg_media_albums'] . " WHERE album_id = " . $albums;
$result = DB_query($sql);
$row = DB_fetchArray($result);
$media_seq = $row['media_seq'];
if ($media_seq < 10) {
$media_seq = 10;
}
$sql = "INSERT INTO " . $tableMediaAlbum . " (media_id, album_id, media_order) VALUES ('{$new_media_id}', {$albums}, {$media_seq} )";
DB_query($sql);
if ($mediaType == 1 && $resolution_x > 0 && $resolution_y > 0 && $_MG_CONF['use_default_resolution'] == 0) {
DB_save($_TABLES['mg_playback_options'], 'media_id,option_name,option_value', "'{$new_media_id}','width', '{$resolution_x}'");
DB_save($_TABLES['mg_playback_options'], 'media_id,option_name,option_value', "'{$new_media_id}','height', '{$resolution_y}'");
}
// update the media count for the album, only if no moderation...
if ($queue == 0) {
$MG_albums[$albums]->media_count++;
DB_query("UPDATE " . $_TABLES['mg_albums'] . " SET media_count=" . $MG_albums[$albums]->media_count . ",last_update=" . $media_upload_time . " WHERE album_id='" . $MG_albums[$albums]->id . "'");
if ($_MG_CONF['update_parent_lastupdated'] == 1) {
$currentAID = $MG_albums[$albums]->parent;
while ($MG_albums[$currentAID]->id != 0) {
DB_query("UPDATE " . $_TABLES['mg_albums'] . " SET last_update=" . $media_upload_time . " WHERE album_id='" . $MG_albums[$currentAID]->id . "'");
$currentAID = $MG_albums[$currentAID]->parent;
}
}
if ($MG_albums[$albums]->cover == -1 && ($mediaType == 0 || $atttn == 1)) {
if ($atttn == 1) {
$covername = 'tn_' . $media_filename;
} else {
$covername = $media_filename;
}
DB_query("UPDATE {$_TABLES['mg_albums']} SET album_cover_filename='" . $covername . "'" . " WHERE album_id='" . $MG_albums[$albums]->id . "'");
}
}
$x++;
}
}
if ($queue) {
$errMsg .= $LANG_MG01['successful_upload_queue'];
// ' successfully placed in Moderation queue';
} else {
$errMsg .= $LANG_MG01['successful_upload'];
// ' successfully uploaded to album';
}
if ($queue == 0) {
require_once $_CONF['path'] . 'plugins/mediagallery/include/rssfeed.php';
MG_buildFullRSS();
MG_buildAlbumRSS($albums);
CACHE_remove_instance('whatsnew');
}
@unlink($tmpPath);
return array(true, $errMsg);
}
function MG_saveCategory($cat_id)
{
global $_USER, $_CONF, $_TABLES, $_MG_CONF, $LANG_MG00, $LANG_MG01, $LANG_MG02;
$update = 0;
$A['cat_id'] = COM_applyFilter($_POST['cat_id'], true);
if ($_MG_CONF['htmlallowed'] == 1) {
$A['cat_name'] = addslashes(COM_checkHTML(COM_killJS($_POST['cat_name'])));
$A['cat_description'] = addslashes(COM_checkHTML(COM_killJS($_POST['cat_desc'])));
} else {
$A['cat_name'] = addslashes(htmlspecialchars(strip_tags(COM_checkWords(COM_killJS($_POST['cat_name'])))));
$A['cat_description'] = addslashes(htmlspecialchars(strip_tags(COM_checkWords(COM_killJS($_POST['cat_desc'])))));
}
if (empty($A['cat_name'])) {
return COM_showMessageText($LANG_MG01['category_error'] . ' [ <a href=\'javascript:history.go(-1)\'>' . $LANG_MG02['go_back'] . '</a> ]');
}
$sql = "SELECT MAX(cat_order) + 1 AS nextcat_order FROM " . $_TABLES['mg_category'];
$result = DB_query($sql);
$row = DB_fetchArray($result);
if ($row == NULL || $result == NULL) {
$A['cat_order'] = 10;
} else {
$A['cat_order'] = $row['nextcat_order'];
if ($A['cat_order'] < 0) {
$A['cat_order'] = 10;
}
}
if ($A['cat_order'] == NULL) {
$A['cat_order'] = 10;
}
//
// -- Let's make sure we don't have any SQL overflows...
//
$A['cat_name'] = substr($A['cat_name'], 0, 254);
if ($A['cat_id'] == 0) {
COM_errorLog("Media Gallery Internal Error - cat_id = 0 - Contact mark@gllabs.org ");
return COM_showMessageText($LANG_MG00['access_denied_msg']);
}
DB_save($_TABLES['mg_category'], "cat_id,cat_name,cat_description,cat_order", "'{$A['cat_id']}','{$A['cat_name']}','{$A['cat_description']}',{$A['cat_order']}");
echo COM_refresh($_MG_CONF['admin_url'] . 'category.php');
exit;
}
function MG_watermarkUploadSave()
{
global $_USER, $_CONF, $_TABLES, $_MG_CONF, $LANG_MG00, $LANG_MG01, $LANG_MG02, $LANG_MG03;
// ok, we just check the type, we will accept png,jpg for now...
$retval = '<h2>' . $LANG_MG03['upload_results'] . '</h2>';
$T = COM_newTemplate(MG_getTemplatePath(0));
$T->set_file('mupload', 'useruploadstatus.thtml');
$statusMsg = '';
$errors = 0;
$file = array();
$file = $_FILES['newmedia'];
$public = isset($_POST['wm_public']) ? COM_applyFilter($_POST['wm_public'], true) : 0;
foreach ($file['name'] as $key => $name) {
$filename = $file['name'][$key];
$filetype = $file['type'][$key];
$filesize = $file['size'][$key];
$filetmp = $file['tmp_name'][$key];
$error = $file['error'][$key];
$description = $_POST['description'][$key];
if ($filesize > 65536) {
// right now we hard coded 64kb
COM_errorLog("MG Upload: File " . $filename . " exceeds maximum allowed filesize for this album");
$tmpmsg = sprintf($LANG_MG02['upload_exceeds_max_filesize'], $filename);
$statusMsg .= $tmpmsg . '<br' . XHTML . '>';
continue;
}
if ($error != UPLOAD_ERR_OK) {
switch ($error) {
case 1:
$tmpmsg = sprintf($LANG_MG02['upload_too_big'], $filename);
$statusMsg .= $tmpmsg . '<br' . XHTML . '>';
COM_errorLog('Media Gallery Error - ' . $tmpmsg);
break;
case 2:
$tmpmsg = sprintf($LANG_MG02['upload_too_big_html'], $filename);
$statusMsg .= $tmpmsg . '<br' . XHTML . '>';
COM_errorLog('Media Gallery Error - ' . $tmpmsg);
break;
case 3:
$tmpmsg = sprintf($LANG_MG02['partial_upload'], $filename);
$statusMsg .= $tmpmsg . '<br' . XHTML . '>';
COM_errorLog('Media Gallery Error - ' . $tmpmsg);
break;
case 4:
$tmpmsg = $LANG_MG02['no_file_uploaded'];
$statusMsg .= $tmpmsg . '<br' . XHTML . '>';
COM_errorLog('Media Gallery Error - ' . $tmpmsg);
break;
case 6:
$statusMsg .= $LANG_MG02['missing_tmp'] . '<br' . XHTML . '>';
break;
case 7:
$statusMsg .= $LANG_MG02['disk_fail'] . '<br' . XHTML . '>';
break;
default:
$statusMsg .= $LANG_MG02['unknown_err'] . '<br' . XHTML . '>';
break;
}
continue;
}
$uid = $_USER['uid'];
if ($public == 1) {
$uid = 0;
}
//This will set the Content-Type to the appropriate setting for the file
$file_extension = strtolower(substr(strrchr($filename, "."), 1));
switch ($file_extension) {
case "png":
$filetype = "image/png";
break;
case "jpg":
$filetype = "image/jpeg";
break;
case "gif":
$filetype = "image/gif";
break;
default:
$statusMsg .= $filename . $LANG_MG02['unsupported_wm_type'];
continue;
break;
}
$sql = "SELECT MAX(wm_id) + 1 AS nextwm_id FROM " . $_TABLES['mg_watermarks'];
$result = DB_query($sql);
$row = DB_fetchArray($result);
$wm_id = $row['nextwm_id'];
if ($wm_id < 1) {
$wm_id = 1;
}
if ($wm_id == 0) {
COM_errorLog("Media Gallery Error - Returned 0 as wm_id");
$wm_id = 1;
}
$wm_filename = $_MG_CONF['path_html'] . 'watermarks/' . $uid . '_' . $filename;
if (file_exists($wm_filename)) {
$statusMsg .= sprintf($LANG_MG02['wm_already_exists'], $filename);
} else {
$rc = move_uploaded_file($filetmp, $wm_filename);
if ($rc != 1) {
COM_errorLog("Media Upload - Error moving uploaded file....rc = " . $rc);
$statusMsg .= sprintf($LANG_MG02['move_error'], $filename);
} else {
chmod($wm_filename, 0644);
$media_title_safe = substr($description, 0, 254);
if ($_MG_CONF['htmlallowed'] != 1) {
$media_title = addslashes(htmlspecialchars(strip_tags(COM_checkWords(COM_killJS($media_title_safe)))));
} else {
$media_title = addslashes(htmlspecialchars(COM_checkHTML(COM_checkWords(COM_killJS($media_title_safe)))));
}
$saveFileName = addslashes($uid . '_' . $filename);
$sql = "INSERT INTO {$_TABLES['mg_watermarks']} (wm_id,owner_id,filename,description)\n VALUES ({$wm_id},'{$uid}','{$saveFileName}','{$media_title}')";
DB_query($sql);
if ($_MG_CONF['verbose']) {
COM_errorLog("MG Upload: Updating Album information");
}
if (DB_error()) {
COM_errorLog("MediaGallery: Error inserting watermark data into database");
@unlink($wm_filename);
$statusMsg .= $filename . " - " . DB_error();
} else {
$statusMsg .= $filename . $LANG_MG02['wm_success'];
}
}
}
}
$T->set_var('status_message', $statusMsg);
$tmp = $_MG_CONF['site_url'] . '/admin.php?album_id=0&mode=wmmanage';
$redirect = sprintf($LANG_MG01['watermark_redirect'], $tmp);
$T->set_var('redirect', $redirect);
$retval .= $T->finish($T->parse('output', 'mupload'));
return $retval;
}
private function _applyFilter($parameter, $isnumeric = false)
{
$p = COM_stripslashes($parameter);
$p = strip_tags($p);
$p = COM_killJS($p);
// doesn't help a lot right now, but still ...
if ($isnumeric) {
// Note: PHP's is_numeric() accepts values like 4e4 as numeric
if (!is_numeric($p) || preg_match('/^-?\\d+$/', $p) == 0) {
$p = 0;
}
} else {
if ($this->_checkwords) {
$p = COM_checkWords($p);
}
$p = preg_replace('/\\/\\*.*/', '', $p);
$pa = explode("'", $p);
$pa = explode('"', $pa[0]);
$pa = explode('`', $pa[0]);
$pa = explode(';', $pa[0]);
//$pa = explode( ',', $pa[0] );
$pa = explode('\\', $pa[0]);
$p = $pa[0];
if ($this->_prepfordb) {
$p = addslashes($p);
} elseif ($this->_prepforweb) {
$p = stripslashes($p);
}
}
if ($this->_maxlength > 0) {
$p = substr($p, 0, $this->_maxlength);
}
if ($this->_logmode) {
if (strcmp($p, $parameter) != 0) {
COM_errorLog("Filter applied: >> {$parameter} << filtered to {$p} [IP {$_SERVER['REMOTE_ADDR']}]", 1);
}
}
return $p;
}
function MG_getRemote($URL, $mimeType, $albumId, $caption, $description, $keywords, $category, $attachedThumbnail, $thumbnail, $resolution_x, $resolution_y)
{
global $MG_albums, $_CONF, $_MG_CONF, $_USER, $_TABLES, $LANG_MG00, $LANG_MG01, $LANG_MG02, $new_media_id;
if ($_MG_CONF['verbose']) {
COM_errorLog("MG Upload: Entering MG_getRemote()");
COM_errorLog("MG Upload: URL to process: " . htmlentities($URL));
}
$resolution_x = 0;
$resolution_y = 0;
$urlArray = array();
$urlArray = parse_url($URL);
// make sure we have the proper permissions to upload to this album....
$sql = "SELECT * FROM {$_TABLES['mg_albums']} WHERE album_id=" . intval($albumId);
$aResult = DB_query($sql);
$aRows = DB_numRows($aResult);
if ($aRows != 1) {
$errMsg = $LANG_MG02['album_nonexist'];
// "Album does not exist, unable to process uploads";
return array(false, $errMsg);
}
$albumInfo = DB_fetchArray($aResult);
$access = SEC_hasAccess($albumInfo['owner_id'], $albumInfo['group_id'], $albumInfo['perm_owner'], $albumInfo['perm_group'], $albumInfo['perm_members'], $albumInfo['perm_anon']);
if ($access != 3 && !$MG_albums[0]->owner_id && $albumInfo['member_uploads'] == 0) {
COM_errorLog("Someone has tried to illegally upload to an album in Media Gallery. User id: {$_USER['uid']}, Username: {$_USER['username']}, IP: {$_SERVER['REMOTE_ADDR']}", 1);
return array(false, $LANG_MG00['access_denied_msg']);
}
$errors = 0;
$errMsg = '';
sleep(1);
// We do this to make sure we don't get dupe sid's
$new_media_id = COM_makesid();
$media_time = time();
$media_upload_time = time();
$media_user_id = $_USER['uid'];
// we expect the mime type (player type) to be passed to this function
// - Image
// - Video - Windows Media
// - Video - QuickTime
// - Video - Flash Video
// - Audio - Windows Media
// - Audio - QuickTime
// - Audio - MP3
// - Embed - YouTube/Google/etc...
switch ($mimeType) {
case 'embed':
$format_type = MG_EMB;
$mimeExt = 'flv';
$mediaType = 5;
break;
case 'image/gif':
$format_type = MG_GIF;
$mimeExt = 'gif';
$mediaType = 0;
break;
case 'image/jpg':
$format_type = MG_JPG;
$mimeExt = 'jpg';
$mediaType = 0;
break;
case 'image/png':
$format_type = MG_PNG;
$mimeExt = 'png';
$mediaType = 0;
break;
case 'image/bmp':
$format_type = MG_BMP;
$mimeExt = 'bmp';
$mediaType = 0;
break;
case 'application/x-shockwave-flash':
$format_type = MG_SWF;
$mimeExt = 'swf';
$mediaType = 1;
break;
case 'video/quicktime':
$format_type = MG_MOV;
$mimeExt = 'mov';
$mediaType = 1;
break;
case 'video/x-flv':
$format_type = MG_RFLV;
$mimeExt = 'flv';
$mediaType = 1;
break;
case 'video/x-ms-asf':
$format_type = MG_ASF;
$mimeExt = 'asf';
$mediaType = 1;
break;
case 'audio/mpeg':
$format_type = MG_MP3;
$mimeExt = 'mp3';
$mediaType = 2;
break;
case 'audio/x-ms-wma':
$format_type = MG_ASF;
$mimeExt = 'wma';
$mediaType = 2;
break;
}
if (!($MG_albums[$albumId]->valid_formats & $format_type)) {
return array(false, $LANG_MG02['format_not_allowed']);
}
// create the unique filename to store this under
do {
clearstatcache();
$media_filename = md5(uniqid(rand()));
} while (MG_file_exists($media_filename));
$disp_media_filename = $media_filename . '.' . $mimeExt;
// for remote files this will be a 0 byte file
if ($_MG_CONF['verbose']) {
COM_errorLog("MG Upload: Stored filename is : " . $disp_media_filename);
}
if ($_MG_CONF['verbose']) {
COM_errorLog("MG Upload: Mime Type: " . $mimeType);
}
// now we pretent to process the file
$media_orig = $_MG_CONF['path_mediaobjects'] . 'orig/' . $media_filename[0] . '/' . $media_filename . "." . $mimeExt;
$media_time = time();
// create a 0 byte file in the orig directory...
touch($media_orig);
if ($errors) {
COM_errorLog("MG Upload: Problem uploading a media object");
return array(false, $errMsg);
}
// Now we need to process an uploaded thumbnail
if ($_MG_CONF['verbose']) {
COM_errorLog("MG Upload: attachedThumbnail: " . $attachedThumbnail);
COM_errorLog("MG Upload: thumbnail: " . $thumbnail);
}
if ($attachedThumbnail == 1 && $thumbnail != '') {
// see if it is remote, if yes go get it...
if (preg_match("/http/i", $thumbnail)) {
$tmp_thumbnail = $_MG_CONF['tmp_path'] . '/' . $media_filename . '.jpg';
$rc = MG_getRemoteThumbnail($thumbnail, $tmp_thumbnail);
$tmp_image_size = @getimagesize($tmp_thumbnail);
if ($tmp_image_size != false) {
$resolution_x = $tmp_image_size[0];
$resolution_y = $tmp_image_size[1];
}
$thumbnail = $tmp_thumbnail;
} else {
$rc = true;
}
if ($rc == true) {
$saveThumbnailName = $_MG_CONF['path_mediaobjects'] . 'tn/' . $media_filename[0] . '/tn_' . $media_filename;
MG_attachThumbnail($albumId, $thumbnail, $saveThumbnailName);
}
}
if ($_MG_CONF['verbose']) {
COM_errorLog("MG Upload: Building SQL and preparing to enter database");
}
if ($_MG_CONF['htmlallowed'] != 1) {
$media_desc = DB_escapeString(htmlspecialchars(strip_tags(COM_checkWords(COM_killJS($description)))));
$media_caption = DB_escapeString(htmlspecialchars(strip_tags(COM_checkWords(COM_killJS($caption)))));
$media_keywords = DB_escapeString(htmlspecialchars(strip_tags(COM_checkWords(COM_killJS($keywords)))));
} else {
$media_desc = DB_escapeString(COM_checkHTML(COM_killJS($description)));
$media_caption = DB_escapeString(COM_checkHTML(COM_killJS($caption)));
$media_keywords = DB_escapeString(COM_checkHTML(COM_killJS($keywords)));
}
// Check and see if moderation is on. If yes, place in mediasubmission
if ($albumInfo['moderate'] == 1 && !$MG_albums[0]->owner_id) {
// && !SEC_hasRights('mediagallery.create')) {
$tableMedia = $_TABLES['mg_mediaqueue'];
$tableMediaAlbum = $_TABLES['mg_media_album_queue'];
$queue = 1;
} else {
$tableMedia = $_TABLES['mg_media'];
$tableMediaAlbum = $_TABLES['mg_media_albums'];
$queue = 0;
}
$pathParts = array();
$pathParts = explode('/', $urlArray['path']);
$ppCount = count($pathParts);
$pPath = '';
for ($i = 1; $i < $ppCount - 1; $i++) {
$pPath .= '/' . $pathParts[$i];
}
$videoFile = $pathParts[$ppCount - 1];
if ($mediaType != 5) {
$original_filename = $videoFile;
} else {
$original_filename = '';
}
if ($_MG_CONF['verbose']) {
COM_errorLog("MG Upload: Inserting media record into mg_media");
}
if (($resolution_x == 0 || $resolution_y == 0) && $mediaType != 0) {
$resolution_x = 320;
$resolution_y = 240;
}
$remoteURL = DB_escapeString($URL);
$sql = "INSERT INTO " . $tableMedia . " (media_id,media_filename,media_original_filename,media_mime_ext,media_exif,mime_type,media_title,media_desc,media_keywords,media_time,media_views,media_comments,media_votes,media_rating,media_tn_attached,media_tn_image,include_ss,media_user_id,media_user_ip,media_approval,media_type,media_upload_time,media_category,media_watermarked,v100,maint,media_resolution_x,media_resolution_y,remote_media,remote_url)\n VALUES ('" . DB_escapeString($new_media_id) . "','" . DB_escapeString($media_filename) . "','" . DB_escapeString($original_filename) . "','" . DB_escapeString($mimeExt) . "','1','" . DB_escapeString($mimeType) . "','{$media_caption}','{$media_desc}','{$media_keywords}','" . DB_escapeString($media_time) . "','0','0','0','0.00','" . DB_escapeString($attachedThumbnail) . "','','1','" . intval($media_user_id) . "','','0','" . DB_escapeString($mediaType) . "','" . DB_escapeString($media_upload_time) . "','" . DB_escapeString($category) . "','0','0','0',{$resolution_x},{$resolution_y},1,'{$remoteURL}');";
DB_query($sql);
if ($_MG_CONF['verbose']) {
COM_errorLog("MG Upload: Updating Album information");
}
$sql = "SELECT MAX(media_order) + 10 AS media_seq FROM " . $_TABLES['mg_media_albums'] . " WHERE album_id = " . intval($albumId);
$result = DB_query($sql);
$row = DB_fetchArray($result);
$media_seq = $row['media_seq'];
if ($media_seq < 10) {
$media_seq = 10;
}
$sql = "INSERT INTO " . $tableMediaAlbum . " (media_id, album_id, media_order) VALUES ('" . DB_escapeString($new_media_id) . "', " . intval($albumId) . ", {$media_seq} )";
DB_query($sql);
if ($mediaType == 1 && $resolution_x > 0 && $resolution_y > 0) {
DB_save($_TABLES['mg_playback_options'], 'media_id,option_name,option_value', "'{$new_media_id}','width', '{$resolution_x}'");
DB_save($_TABLES['mg_playback_options'], 'media_id,option_name,option_value', "'{$new_media_id}','height', '{$resolution_y}'");
}
// update the media count for the album, only if no moderation...
if ($queue == 0) {
$media_count = $albumInfo['media_count'] + 1;
DB_query("UPDATE " . $_TABLES['mg_albums'] . " SET media_count=" . $media_count . ",last_update=" . $media_upload_time . " WHERE album_id='" . $albumInfo['album_id'] . "'");
if ($albumInfo['album_cover'] == -1 && ($mediaType == 0 || $attachedThumbnail == 1)) {
if ($attachedThumbnail == 1) {
$covername = 'tn_' . $media_filename;
} else {
$covername = $media_filename;
}
if ($_MG_CONF['verbose']) {
COM_errorLog("MG Upload: Setting album cover filename to " . $covername);
}
DB_query("UPDATE {$_TABLES['mg_albums']} SET album_cover_filename='" . $covername . "'" . " WHERE album_id='" . $albumInfo['album_id'] . "'");
}
}
if ($queue) {
$errMsg .= $LANG_MG01['successful_upload_queue'];
// ' successfully placed in Moderation queue';
} else {
$errMsg .= $LANG_MG01['successful_upload'];
// ' successfully uploaded to album';
}
if ($queue == 0) {
require_once $_CONF['path'] . 'plugins/mediagallery/include/rssfeed.php';
MG_buildFullRSS();
MG_buildAlbumRSS($albumId);
}
COM_errorLog("MG Upload: Successfully uploaded a media object");
return array(true, $errMsg);
}
$templateID = COM_applyFilter($_POST['templateID'], true);
if ($templateID == 0) {
$templateID = COM_applyFilter($_GET['templateID'], true);
}
$taskID = COM_applyFilter($_POST['taskID'], true);
$editid = COM_applyFilter($_POST['templateTaskID'], true);
$lID = COM_applyFilter($_POST['logicalID'], true);
$handlerID = COM_applyFilter($_POST['idhandler'], true);
$stepID = COM_applyFilter($_POST['idstepType'], true);
//$taskName = ppPrepareForDB($_POST['taskName'],true);
if (!get_magic_quotes_gpc()) {
$taskName = addslashes($_POST['taskName']);
} else {
$taskName = $_POST['taskName'];
}
$taskName = COM_killJS($taskName);
$op = COM_applyFilter($_POST['operation'], false);
$moveop = COM_applyFilter($_POST['moveoperation'], false);
$regen = COM_applyFilter($_POST['regenerate'], true);
$regenAllTasks = COM_applyFilter($_POST['regenerateAllLive'], true);
$taskassigntype = COM_applyFilter($_POST['taskassigntype']);
$retval = '';
echo COM_siteHeader('menu');
$navbar = new navbar();
$navbar->add_menuitem('My Tasks', $CONF_NF['TaskConsole_URL']);
if ($templateID > 0) {
$navbar->add_menuitem('Edit Template', $_CONF['site_admin_url'] . '/plugins/nexflow/index.php?templateID=' . $templateID);
$navbar->set_selected('Edit Template');
}
$navbar->add_menuitem('View Templates', $_CONF['site_admin_url'] . '/plugins/nexflow/templates.php');
$navbar->add_menuitem('Edit Handlers', $_CONF['site_admin_url'] . '/plugins/nexflow/handlers.php');
function nexform_emailresults()
{
global $_USER, $_TABLES, $_CONF, $_POST, $form_id;
$date = time();
if (!isset($_USER['uid'])) {
$username = '******';
} else {
$username = DB_getItem($_TABLES['users'], 'fullname', "uid={$_USER['uid']}");
}
$date = COM_getUserDateTimeFormat();
$formname = DB_getItem($_TABLES['nxform_definitions'], 'name', "id='{$form_id}'");
$heading = 'Results from submitted form => Form name: ' . $formname;
$page = new Template($_CONF['path_layout'] . 'nexform');
$page->set_file(array('page' => 'emailform.thtml', 'records' => 'emailrecords.thtml'));
$page->set_var('LANG_date', 'Date');
$page->set_var('date', $date[0]);
$page->set_var('heading', $heading);
$page->set_var('LANG_postedby', 'Submitted By');
$page->set_var('postedby_name', $username);
$page->set_var('begin_data', '=============SUBMITTED DATA FROM FORM =============');
$page->set_var('end_data', '==================== END OF DATA ====================');
foreach ($_POST as $var => $value) {
if ($var != 'form_id' and $var != 'formhandler') {
/* The variable names contain the fieldtype and fieldid */
/* XXX_form{formid}_{fieldid} - where XXX is the fieldtype */
$parts = explode('_', $var);
$fieldtype = $parts[0];
$field_id = (int) $parts[2];
/* Check if this field is a textarea field */
if ($fieldtype == 'ta1' or $fieldtype == 'ta2') {
if ($fieldtype == 'ta1') {
$value = COM_checkWords(COM_checkHTML(COM_killJS($value)));
} else {
$value = COM_checkWords(COM_killJS($value));
}
$label = DB_getItem($_TABLES['nxform_fields'], 'label', "id='{$field_id}'");
$page->set_var('label', $label);
$page->set_var('field_value', $value);
$page->parse('email_records', 'records', true);
} elseif ($fieldtype == 'mchk') {
if (is_array($value)) {
$value = implode(',', $value);
}
$label = DB_getItem($_TABLES['nxform_fields'], 'label', "id='{$field_id}'");
$page->set_var('label', $label);
$page->set_var('field_value', $value);
$page->parse('email_records', 'records', true);
} elseif ($fieldtype != 'sub' and $fieldtype != 'btn') {
$value = COM_checkWords(COM_checkHTML(COM_killJS($value)));
$label = DB_getItem($_TABLES['nxform_fields'], 'label', "id='{$field_id}'");
$page->set_var('label', $label);
$page->set_var('field_value', $value);
$page->parse('email_records', 'records', true);
}
}
}
/* Check for any uploaded files */
$filelinks = nexform_check4files();
if ($filelinks != '') {
$page->set_var('label', 'Attachments');
$page->set_var('field_value', $filelinks);
$page->parse('email_records', 'records', true);
}
$page->parse('output', 'page');
$message = $page->finish($page->get_var('output'));
//echo "<br>Send message:<br>$message";
$to = DB_getItem($_TABLES['nxform_definitions'], 'post_option', "id='{$form_id}'");
COM_mail($to, $heading, $message);
}