* Main
*/
$display = '';
$mode = '';
if (isset($_POST['save'])) {
$mode = 'save';
}
if (isset($_POST['cancel'])) {
$mode = 'cancel';
}
$T = new Template($_MG_CONF['template_path'] . '/admin');
$T->set_file('admin', 'administration.thtml');
$T->set_var(array('site_admin_url' => $_CONF['site_admin_url'], 'site_url' => $_MG_CONF['site_url'], 'mg_navigation' => MG_navigation(), 'lang_admin' => $LANG_MG00['admin'], 'version' => $_MG_CONF['pi_version']));
if ($mode == 'save' && SEC_checkToken()) {
$T->set_var(array('admin_body' => MG_saveConfig(), 'mg_navigation' => MG_navigation()));
} elseif ($mode == 'cancel') {
echo COM_refresh($_MG_CONF['admin_url'] . 'index.php');
exit;
} elseif ($mode == $LANG_MG01['continue']) {
COM_setMessage(2);
echo COM_refresh($_MG_CONF['admin_url'] . 'index.php');
exit;
} else {
$T->set_var(array('admin_body' => MG_editConfig(), 'title' => $LANG_MG01['system_options'], 'lang_help' => '<img src="' . MG_getImageFile('button_help.png') . '" style="border:none;" alt="?" />', 'help_url' => $_MG_CONF['site_url'] . '/docs/usage.html#System_Options'));
}
$T->parse('output', 'admin');
$display = COM_siteHeader('menu', '');
$display .= $T->finish($T->get_var('output'));
$display .= COM_siteFooter();
echo $display;
exit;
/**
* Delete a user
*
* @param int $uid id of user to delete
* @return string HTML redirect
*
*/
function USER_delete($uid)
{
global $_CONF;
if (!USER_deleteAccount($uid)) {
return COM_refresh($_CONF['site_admin_url'] . '/user.php');
}
CACHE_remove_instance('mbmenu');
COM_setMessage(22);
return COM_refresh($_CONF['site_admin_url'] . '/user.php');
}
/**
* Remove a plugin that is sitting in the public/private tree.
* If they exist, the following directories are deleted recursively:
*
* 1. public_html/admin/plugins/{pi_name}
* 2. public_html/{pi_name}
* 3. private/plugins/{pi_name}
*
* @param pi_name string name of the plugin to remove
* @return string HTML for error or success message
*
*/
function PLUGINS_remove($pi_name)
{
global $_CONF, $LANG32;
$retval = '';
if (strlen($pi_name) == 0) {
$retval .= COM_showMessageText($LANG32[12], $LANG32[13], true);
COM_errorLog($LANG32[12]);
return $retval;
}
COM_errorLog("Removing the {$pi_name} plugin file structure");
$msg = '';
if (PLG_remove($pi_name)) {
COM_errorLog("Plugin removal was successful.");
$msg = 116;
$retval .= COM_showMessage(116);
} else {
COM_errorLog("Error removing the plugin file structure - the web server may not have sufficient permissions");
$msg = 95;
$retval .= COM_showMessage(95);
}
CTL_clearCache();
if ($msg != '') {
COM_setMessage($msg);
$refreshURL = $_CONF['site_admin_url'] . '/plugins.php';
} else {
$refreshURL = $_CONF['site_admin_url'] . '/plugins.php';
}
echo COM_refresh($refreshURL);
exit;
}
/**
* Delete a group
*
* @param int $grp_id id of group to delete
* @return string HTML redirect
*
*/
function GROUP_delete($grp_id)
{
global $_CONF, $_TABLES, $_USER;
if (!SEC_inGroup('Root') && DB_getItem($_TABLES['groups'], 'grp_name', "grp_id = {$grp_id}") == 'Root') {
COM_accessLog("User {$_USER['username']} tried to delete the Root group with insufficient privileges.");
return COM_refresh($_CONF['site_admin_url'] . '/group.php');
}
$GroupAdminGroups = SEC_getUserGroups();
if (!in_array($grp_id, $GroupAdminGroups) && !SEC_groupIsRemoteUserAndHaveAccess($grp_id, $GroupAdminGroups)) {
COM_accessLog("User {$_USER['username']} tried to delete group {$grp_id} with insufficient privileges.");
return COM_refresh($_CONF['site_admin_url'] . '/group.php');
}
DB_delete($_TABLES['access'], 'acc_grp_id', $grp_id);
DB_delete($_TABLES['group_assignments'], 'ug_grp_id', $grp_id);
DB_delete($_TABLES['group_assignments'], 'ug_main_grp_id', $grp_id);
DB_delete($_TABLES['groups'], 'grp_id', $grp_id);
PLG_groupChanged($grp_id, 'delete');
COM_setMessage(50);
$url = $_CONF['site_admin_url'] . '/group.php';
$url .= isset($_REQUEST['chk_showall']) && $_REQUEST['chk_showall'] == 1 ? '?chk_showall=1' : '';
return COM_refresh($url);
}
/**
* Delete a feed.
*
* @param int $fid feed id
* @return string HTML redirect
*
*/
function FEED_delete($fid)
{
global $_CONF, $_TABLES;
if ($fid > 0) {
$feedfile = DB_getItem($_TABLES['syndication'], 'filename', "fid = {$fid}");
if (!empty($feedfile)) {
@unlink(SYND_getFeedPath($feedfile));
}
DB_delete($_TABLES['syndication'], 'fid', $fid);
CACHE_remove_instance('story');
COM_setMessage(59);
return COM_refresh($_CONF['site_admin_url'] . '/syndication.php');
}
return COM_refresh($_CONF['site_admin_url'] . '/syndication.php');
}
function MG_saveAVDefaults()
{
global $_CONF, $_MG_CONF, $_TABLES, $_USER, $_POST;
$asf_autostart = COM_applyFilter($_POST['asf_autostart'], true);
$asf_enablecontextmenu = COM_applyFilter($_POST['asf_enablecontextmenu'], true);
$asf_stretchtofit = COM_applyFilter($_POST['asf_stretchtofit'], true);
$asf_showstatusbar = COM_applyFilter($_POST['asf_showstatusbar'], true);
$asf_uimode = COM_applyFilter($_POST['asf_uimode']);
$asf_playcount = COM_applyFilter($_POST['asf_playcount'], true);
$asf_height = COM_applyFilter($_POST['asf_height'], true);
$asf_width = COM_applyFilter($_POST['asf_width'], true);
$asf_bgcolor = COM_applyFilter($_POST['asf_bgcolor']);
$mov_autoref = COM_applyFilter($_POST['mov_autoref'], true);
$mov_autoplay = COM_applyFilter($_POST['mov_autoplay'], true);
$mov_controller = COM_applyFilter($_POST['mov_controller'], true);
$mov_kioskmode = COM_applyFilter($_POST['mov_kioskmode'], true);
$mov_scale = COM_applyFilter($_POST['mov_scale']);
$mov_loop = COM_applyFilter($_POST['mov_loop'], true);
$mov_height = COM_applyFilter($_POST['mov_height'], true);
$mov_width = COM_applyFilter($_POST['mov_width'], true);
$mov_bgcolor = COM_applyFilter($_POST['mov_bgcolor']);
$mp3_autostart = COM_applyFilter($_POST['mp3_autostart'], true);
$mp3_enablecontextmenu = COM_applyFilter($_POST['mp3_enablecontextmenu'], true);
$mp3_showstatusbar = COM_applyFilter($_POST['mp3_showstatusbar'], true);
$mp3_loop = COM_applyFilter($_POST['mp3_loop'], true);
$mp3_uimode = COM_applyFilter($_POST['mp3_uimode']);
$swf_play = COM_applyFilter($_POST['swf_play'], true);
$swf_menu = COM_applyFilter($_POST['swf_menu'], true);
$swf_loop = COM_applyFilter($_POST['swf_loop'], true);
$swf_quality = COM_applyFilter($_POST['swf_quality']);
$swf_scale = COM_applyFilter($_POST['swf_scale']);
$swf_wmode = COM_applyFilter($_POST['swf_wmode']);
$swf_asa = COM_applyFilter($_POST['swf_allowscriptaccess']);
$swf_flashvars = COM_applyFilter($_POST['swf_flashvars']);
$swf_version = COM_applyFilter($_POST['swf_version'], true);
$swf_height = COM_applyFilter($_POST['swf_height'], true);
$swf_width = COM_applyFilter($_POST['swf_width'], true);
$swf_bgcolor = COM_applyFilter($_POST['swf_bgcolor']);
// put any error checking / validation here
DB_save($_TABLES['mg_config'], "config_name, config_value", "'asf_autostart','{$asf_autostart}'");
DB_save($_TABLES['mg_config'], "config_name, config_value", "'asf_enablecontextmenu','{$asf_enablecontextmenu}'");
DB_save($_TABLES['mg_config'], "config_name, config_value", "'asf_stretchtofit','{$asf_stretchtofit}'");
DB_save($_TABLES['mg_config'], "config_name, config_value", "'asf_showstatusbar','{$asf_showstatusbar}'");
DB_save($_TABLES['mg_config'], "config_name, config_value", "'asf_uimode','{$asf_uimode}'");
DB_save($_TABLES['mg_config'], "config_name, config_value", "'asf_playcount','{$asf_playcount}'");
DB_save($_TABLES['mg_config'], "config_name, config_value", "'asf_height','{$asf_height}'");
DB_save($_TABLES['mg_config'], "config_name, config_value", "'asf_width','{$asf_width}'");
DB_save($_TABLES['mg_config'], "config_name, config_value", "'asf_bgcolor','{$asf_bgcolor}'");
DB_save($_TABLES['mg_config'], "config_name, config_value", "'mov_autoref','{$mov_autoref}'");
DB_save($_TABLES['mg_config'], "config_name, config_value", "'move_autoplay','{$mov_autoplay}'");
DB_save($_TABLES['mg_config'], "config_name, config_value", "'mov_controller','{$mov_controller}'");
DB_save($_TABLES['mg_config'], "config_name, config_value", "'mov_kioskmode','{$mov_kioskmode}'");
DB_save($_TABLES['mg_config'], "config_name, config_value", "'mov_scale','{$mov_scale}'");
DB_save($_TABLES['mg_config'], "config_name, config_value", "'mov_loop','{$mov_loop}'");
DB_save($_TABLES['mg_config'], "config_name, config_value", "'mov_height','{$mov_height}'");
DB_save($_TABLES['mg_config'], "config_name, config_value", "'mov_width','{$mov_width}'");
DB_save($_TABLES['mg_config'], "config_name, config_value", "'mov_bgcolor','{$mov_bgcolor}'");
DB_save($_TABLES['mg_config'], "config_name, config_value", "'mp3_autostart','{$mp3_autostart}'");
DB_save($_TABLES['mg_config'], "config_name, config_value", "'mp3_enablecontextmenu','{$mp3_enablecontextmenu}'");
DB_save($_TABLES['mg_config'], "config_name, config_value", "'mp3_showstatusbar','{$mp3_showstatusbar}'");
DB_save($_TABLES['mg_config'], "config_name, config_value", "'mp3_loop','{$mp3_loop}'");
DB_save($_TABLES['mg_config'], "config_name, config_value", "'mp3_uimode','{$mp3_uimode}'");
DB_save($_TABLES['mg_config'], "config_name, config_value", "'swf_play','{$swf_play}'");
DB_save($_TABLES['mg_config'], "config_name, config_value", "'swf_menu','{$swf_menu}'");
DB_save($_TABLES['mg_config'], "config_name, config_value", "'swf_loop','{$swf_loop}'");
DB_save($_TABLES['mg_config'], "config_name, config_value", "'swf_quality','{$swf_quality}'");
DB_save($_TABLES['mg_config'], "config_name, config_value", "'swf_scale','{$swf_scale}'");
DB_save($_TABLES['mg_config'], "config_name, config_value", "'swf_wmode','{$swf_wmode}'");
DB_save($_TABLES['mg_config'], "config_name, config_value", "'swf_allowscriptaccess','{$swf_asa}'");
DB_save($_TABLES['mg_config'], "config_name, config_value", "'swf_flashvars','{$swf_flashvars}'");
DB_save($_TABLES['mg_config'], "config_name, config_value", "'swf_version','{$swf_version}'");
DB_save($_TABLES['mg_config'], "config_name, config_value", "'swf_height','{$swf_height}'");
DB_save($_TABLES['mg_config'], "config_name, config_value", "'swf_width','{$swf_width}'");
DB_save($_TABLES['mg_config'], "config_name, config_value", "'swf_bgcolor','{$swf_bgcolor}'");
COM_setMessage(5);
echo COM_refresh($_MG_CONF['admin_url'] . 'index.php');
exit;
}
/**
* Delete a topic
*
* @param string $tid Topic ID
* @return string HTML redirect
*
*/
function TOPIC_delete($tid)
{
global $_CONF, $_TABLES, $_USER;
$result = DB_query("SELECT owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon FROM {$_TABLES['topics']} WHERE tid ='{$tid}'");
$A = DB_fetchArray($result);
if (SEC_inGroup('Topic Admin')) {
$access = 3;
} else {
$access = SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']);
}
if ($access < 3) {
COM_accessLog("User {$_USER['username']} tried to illegally delete topic {$tid}.");
return COM_refresh($_CONF['site_admin_url'] . '/topic.php');
}
// don't delete topic blocks - assign them to 'all' and disable them
DB_query("UPDATE {$_TABLES['blocks']} SET tid = 'all', is_enabled = 0 WHERE tid = '{$tid}'");
// same with feeds
DB_query("UPDATE {$_TABLES['syndication']} SET topic = '::all', is_enabled = 0 WHERE topic = '{$tid}'");
// remove any alternate topics
DB_query("UPDATE {$_TABLES['stories']} SET alternate_tid = NULL WHERE alternate_tid = '{$tid}'");
// delete comments, trackbacks, images associated with stories in this topic
$result = DB_query("SELECT sid FROM {$_TABLES['stories']} WHERE tid = '{$tid}'");
$numStories = DB_numRows($result);
for ($i = 0; $i < $numStories; $i++) {
$A = DB_fetchArray($result);
STORY_deleteImages($A['sid']);
DB_query("DELETE FROM {$_TABLES['comments']} WHERE sid = '{$A['sid']}' AND type = 'article'");
DB_query("DELETE FROM {$_TABLES['trackback']} WHERE sid = '{$A['sid']}' AND type = 'article'");
}
// delete these
DB_delete($_TABLES['stories'], 'tid', $tid);
DB_delete($_TABLES['storysubmission'], 'tid', $tid);
DB_delete($_TABLES['topics'], 'tid', $tid);
TOPIC_reorderTopics();
// update feed(s) and Older Stories block
COM_rdfUpToDateCheck('article');
COM_olderStuff();
CACHE_remove_instance('stmenu');
COM_setMessage(14);
return COM_refresh($_CONF['site_admin_url'] . '/topic.php');
}
/**
* Calls the plugins update routines
*
* @param string Plugin name
* @return string Formatted HTML containing the page body
*
*/
function pi_update($pi_name)
{
global $_CONF, $LANG32, $LANG08, $MESSAGE, $_IMAGE_TYPE;
$retval = '';
if (strlen($pi_name) == 0) {
$retval .= COM_showMessageText($LANG32[12], $LANG32[13], true);
COM_errorLog($LANG32[12]);
return $retval;
}
$result = PLG_upgrade($pi_name);
if ($result > 0) {
if ($result === TRUE) {
// Catch returns that are just true/false
COM_setMessage(60);
$retval .= COM_refresh($_CONF['site_admin_url'] . '/plugins.php');
} else {
// Plugin returned a message number
COM_setMessage($result);
$retval = COM_refresh($_CONF['site_admin_url'] . '/plugins.php?plugin=' . $pi_name);
}
} else {
// Plugin function returned a false
$retval .= COM_showMessage(95);
}
CACHE_remove_instance('stmenu');
return $retval;
}
// | |
// | You should have received a copy of the GNU General Public License |
// | along with this program; if not, write to the Free Software Foundation, |
// | Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. |
// | |
// +--------------------------------------------------------------------------+
require_once '../lib-common.php';
$display = '';
if (!SEC_inGroup('Root')) {
$display .= COM_siteHeader('menu');
$display .= COM_showMessageText($LANG20[6], $LANG20[1], true);
$display .= COM_siteFooter();
echo $display;
exit;
}
/*
* Main processing
*/
// validate the referer here - just to be safe....
$dirty_referer = isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : $_CONF['site_url'];
if ($dirty_referer == '') {
$dirty_referer = $_CONF['site_url'];
}
$referer = COM_sanitizeUrl($dirty_referer);
$sLength = strlen($_CONF['site_url']);
if (substr($referer, 0, $sLength) != $_CONF['site_url']) {
$referer = $_CONF['site_url'];
}
CTL_clearCache();
COM_setMessage(500);
echo COM_refresh($referer);
/**
* Delete an existing story
*
* @param array args Contains all the data provided by the client
* @param string &output OUTPUT parameter containing the returned text
* @return int Response code as defined in lib-plugins.php
*/
function service_delete_story($args, &$output, &$svc_msg)
{
global $_CONF, $_TABLES, $_USER;
if (empty($args['sid']) && !empty($args['id'])) {
$args['sid'] = $args['id'];
}
if ($args['gl_svc']) {
$args['sid'] = COM_applyBasicFilter($args['sid']);
}
$sid = $args['sid'];
$result = DB_query("SELECT tid,owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon FROM {$_TABLES['stories']} WHERE sid = '" . DB_escapeString($sid) . "'");
$A = DB_fetchArray($result);
$access = SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']);
$access = min($access, SEC_hasTopicAccess($A['tid']));
if ($access < 3) {
COM_accessLog("User {$_USER['username']} tried to illegally delete story {$sid}.");
$output = COM_refresh($_CONF['site_admin_url'] . '/story.php');
if ($_USER['uid'] > 1) {
return PLG_RET_PERMISSION_DENIED;
} else {
return PLG_RET_AUTH_FAILED;
}
}
STORY_deleteImages($sid);
DB_query("DELETE FROM {$_TABLES['comments']} WHERE sid = '" . DB_escapeString($sid) . "' AND type = 'article'");
DB_delete($_TABLES['stories'], 'sid', DB_escapeString($sid));
// delete Trackbacks
DB_query("DELETE FROM {$_TABLES['trackback']} WHERE sid = '" . DB_escapeString($sid) . "' AND type = 'article';");
PLG_itemDeleted($sid, 'article');
// update RSS feed and Older Stories block
COM_rdfUpToDateCheck();
COM_olderStuff();
COM_setMessage(10);
$output = COM_refresh($_CONF['site_admin_url'] . '/story.php');
return PLG_RET_OK;
}
/**
* Saves a block
*
* @param string $bid Block ID
* @param string $name Block name
* @param string $title Block title
* @param string $type Type of block
* @param int $blockorder Order block appears relative to the others
* @param string $content Content of block
* @param string $tid Topic block should appear in
* @param string $rdfurl URL to headline feed for portal blocks
* @param string $rdfupdated Date RSS/RDF feed was last updated
* @param string $rdflimit max. number of entries to import from feed
* @param string $phpblockfn Name of php function to call to get content
* @param int $onleft Flag indicates if block shows up on left or right
* @param int $owner_id ID of owner
* @param int $group_id ID of group block belongs to
* @param array $perm_owner Permissions the owner has on the object
* @param array $perm_group Permissions the group has on the object
* @param array $perm_members Permissions the logged in members have
* @param array $perm_anon Permissinos anonymous users have
* @param int $is_enabled Flag, indicates if block is enabled or not
* @param int $allow_autotags Flag, indicates if autotags are enabed or not
* @return string HTML redirect or error message
*
*/
function BLOCK_save($bid, $name, $title, $help, $type, $blockorder, $content, $tid, $rdfurl, $rdfupdated, $rdflimit, $phpblockfn, $onleft, $owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon, $is_enabled, $allow_autotags)
{
global $_CONF, $_TABLES, $LANG01, $LANG21, $MESSAGE;
$retval = '';
$B['bid'] = (int) $bid;
$B['name'] = $name;
$B['title'] = $title;
$B['type'] = $type;
$B['blockorder'] = $blockorder;
$B['content'] = $content;
$B['tid'] = $tid;
$B['rdfurl'] = $rdfurl;
$B['rdfupdated'] = $rdfupdated;
$B['rdflimit'] = $rdflimit;
$B['phpblockfn'] = $phpblockfn;
$B['onleft'] = $onleft;
$B['owner_id'] = $owner_id;
$B['group_id'] = $group_id;
$B['perm_owner'] = $perm_owner;
$B['perm_group'] = $perm_group;
$B['perm_members'] = $perm_members;
$B['perm_anon'] = $perm_anon;
$B['is_enabled'] = $is_enabled;
$B['allow_autotags'] = $allow_autotags;
$bid = (int) $bid;
$MenuElementAllowedHTML = "i[class|style],div[class|style],span[class|style],img[src|class|style],em,strong,del,ins,q,abbr,dfn,small";
$filter = sanitizer::getInstance();
$allowedElements = $filter->makeAllowedElements($MenuElementAllowedHTML);
$filter->setAllowedElements($allowedElements);
$filter->setPostmode('html');
$title = $filter->filterHTML($title);
$title = DB_escapeString($title);
$phpblockfn = DB_escapeString(trim($phpblockfn));
if (empty($title) || !BLOCK_validateName($name)) {
if (empty($title)) {
$msg = $LANG21[64];
} else {
$msg = $LANG21[70];
}
SEC_setCookie($_CONF['cookie_name'] . 'adveditor', SEC_createTokenGeneral('advancededitor'), time() + 1200, $_CONF['cookie_path'], $_CONF['cookiedomain'], $_CONF['cookiesecure'], false);
$retval .= COM_siteHeader('menu', $LANG21[63]) . COM_showMessageText($msg, $LANG21[63], true) . BLOCK_edit($bid, $B) . COM_siteFooter();
return $retval;
}
// Convert array values to numeric permission values
list($perm_owner, $perm_group, $perm_members, $perm_anon) = SEC_getPermissionValues($perm_owner, $perm_group, $perm_members, $perm_anon);
$access = 0;
if ($bid > 0 && DB_count($_TABLES['blocks'], 'bid', $bid) > 0) {
$result = DB_query("SELECT owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon FROM {$_TABLES['blocks']} WHERE bid = '{$bid}'");
$A = DB_fetchArray($result);
$access = SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']);
} else {
$access = SEC_hasAccess($owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon);
}
if ($access < 3 || !BLOCK_hasTopicAccess($tid) || !SEC_inGroup($group_id)) {
$retval .= COM_siteHeader('menu', $MESSAGE[30]);
$retval .= COM_showMessageText($MESSAGE[33], $MESSAGE[30], true);
$retval .= COM_siteFooter();
COM_accessLog("User {$_USER['username']} tried to illegally create or edit block {$bid}.");
return $retval;
} elseif ($type == 'normal' && !empty($title) && !empty($content) or $type == 'portal' && !empty($title) && !empty($rdfurl) or $type == 'gldefault' && strlen($blockorder) > 0 or $type == 'phpblock' && !empty($phpblockfn) && !empty($title)) {
if ($is_enabled == 'on') {
$is_enabled = 1;
} else {
$is_enabled = 0;
}
if ($allow_autotags == 1) {
$allow_autotags = 1;
} else {
$allow_autotags = 0;
}
if ($type == 'portal') {
$content = '';
$rdfupdated = '';
$phpblockfn = '';
// get rid of possible extra prefixes (e.g. "feed://http://...")
if (substr($rdfurl, 0, 4) == 'rss:') {
$rdfurl = substr($rdfurl, 4);
} else {
if (substr($rdfurl, 0, 5) == 'feed:') {
$rdfurl = substr($rdfurl, 5);
}
}
if (substr($rdfurl, 0, 2) == '//') {
$rdfurl = substr($rdfurl, 2);
}
$rdfurl = COM_sanitizeUrl($rdfurl, array('http', 'https'));
}
if ($type == 'gldefault') {
if ($name != 'older_stories') {
$content = '';
}
$rdfurl = '';
$rdfupdated = '';
$rdflimit = 0;
$phpblockfn = '';
}
if ($type == 'phpblock') {
// NOTE: PHP Blocks must be within a function and the function
// must start with phpblock_ as the prefix. This will prevent
// the arbitrary execution of code
if (!stristr($phpblockfn, 'phpblock_')) {
$retval .= COM_siteHeader('menu', $LANG21[37]) . COM_showMessageText($LANG21[38], $LANG21[37], true) . BLOCK_edit($bid, $B) . COM_siteFooter();
return $retval;
}
$content = '';
$rdfurl = '';
$rdfupdated = '';
$rdflimit = 0;
}
if ($type == 'normal') {
$rdfurl = '';
$rdfupdated = '';
$rdflimit = 0;
$phpblockfn = '';
$content = DB_escapeString($content);
}
if ($rdflimit < 0) {
$rdflimit = 0;
}
if (!empty($rdfurl)) {
$rdfurl = DB_escapeString($rdfurl);
}
if (empty($rdfupdated)) {
$rdfupdated = '1000-01-01 00:00:00';
}
$name = DB_escapeString($name);
if ($bid > 0) {
DB_save($_TABLES['blocks'], 'bid,name,title,help,type,blockorder,content,tid,rdfurl,rdfupdated,rdflimit,phpblockfn,onleft,owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon,is_enabled,allow_autotags,rdf_last_modified,rdf_etag', "{$bid},'{$name}','{$title}','{$help}','{$type}','{$blockorder}','{$content}','{$tid}','{$rdfurl}','{$rdfupdated}','{$rdflimit}','{$phpblockfn}',{$onleft},{$owner_id},{$group_id},{$perm_owner},{$perm_group},{$perm_members},{$perm_anon},{$is_enabled},{$allow_autotags},NULL,NULL");
} else {
$sql = "INSERT INTO {$_TABLES['blocks']} " . '(name,title,help,type,blockorder,content,tid,rdfurl,rdfupdated,rdflimit,phpblockfn,onleft,owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon,is_enabled,allow_autotags) ' . "VALUES ('{$name}','{$title}','{$help}','{$type}','{$blockorder}','{$content}','{$tid}','{$rdfurl}','{$rdfupdated}','{$rdflimit}','{$phpblockfn}',{$onleft},{$owner_id},{$group_id},{$perm_owner},{$perm_group},{$perm_members},{$perm_anon},{$is_enabled},{$allow_autotags})";
DB_query($sql);
$bid = DB_insertId();
}
if ($type == 'gldefault' && $name == 'older_stories') {
COM_olderStuff();
}
CTL_clearCache();
COM_setMessage(11);
return COM_refresh($_CONF['site_admin_url'] . '/block.php');
} else {
SEC_setCookie($_CONF['cookie_name'] . 'adveditor', SEC_createTokenGeneral('advancededitor'), time() + 1200, $_CONF['cookie_path'], $_CONF['cookiedomain'], $_CONF['cookiesecure'], false);
$retval .= COM_siteHeader('menu', $LANG21[32]);
if ($type == 'portal') {
// Portal block is missing fields
$msg = $LANG21[33];
} else {
if ($type == 'phpblock') {
// PHP Block is missing field
$msg = $LANG21[34];
} else {
if ($type == 'normal') {
// Normal block is missing field
$msg = $LANG21[35];
} else {
if ($type == 'gldefault') {
// Default glFusion field missing
$msg = $LANG21[42];
} else {
// Layout block missing content
$msg = $LANG21[36];
}
}
}
}
$retval .= COM_showMessageText($msg, $LANG21[32], true);
$retval .= BLOCK_edit($bid, $B);
$retval .= COM_siteFooter();
}
return $retval;
}
function applyPreferences()
{
global $_CONF, $_TABLES;
$retval = '';
$users_sql = '';
$prefs_sql = '';
$index_sql = '';
$comment_sql = '';
$users_first = 0;
$prefs_first = 0;
$index_first = 0;
$comment_first = 0;
$enabledOptions = array();
$enabledOptions = isset($_POST['enabled']) ? $_POST['enabled'] : array();
if (is_array($enabledOptions)) {
foreach ($enabledOptions as $attribute) {
switch ($attribute) {
case 'cooktime':
// users - cookietimeout
if (isset($_POST['cooktime'])) {
$cooktime = COM_applyFilter($_POST['cooktime'], true);
if ($users_first) {
$users_sql .= ',';
} else {
$users_first++;
}
$users_sql .= 'cookietimeout=' . $cooktime;
}
break;
case 'language':
// users - lanaguage
if (isset($_POST['language'])) {
$language = COM_applyFilter($_POST['language']);
if ($users_first) {
$users_sql .= ',';
} else {
$users_first++;
}
$users_sql .= 'language="' . DB_escapeString($language) . '" ';
}
break;
case 'theme':
// users - theme
if (isset($_POST['theme'])) {
$theme = COM_applyFilter($_POST['theme']);
if ($users_first) {
$users_sql .= ',';
} else {
$users_first++;
}
$users_sql .= 'theme="' . DB_escapeString($theme) . '" ';
}
break;
case 'noicons':
// userprefs - noicons
if (isset($_POST['noicons']) && $_POST['noicons'] == 'on') {
$noicons = 1;
} else {
$noicons = 0;
}
if ($prefs_first) {
$prefs_sql .= ',';
} else {
$prefs_first++;
}
$prefs_sql .= 'noicons=' . $noicons;
break;
case 'noboxes':
// userindex - noboxes
if (isset($_POST['noboxes']) && $_POST['noboxes'] == 'on') {
$noboxes = 1;
} else {
$noboxes = 0;
}
if ($index_first) {
$index_sql .= ',';
} else {
$index_first++;
}
$index_sql .= 'noboxes=' . $noboxes;
break;
case 'maxstories':
// userindex - maxstories
if (isset($_POST['maxstories'])) {
$maxstories = COM_applyFilter($_POST['maxstories'], true);
if ($index_first) {
$index_sql .= ',';
} else {
$index_first++;
}
$index_sql .= 'maxstories=' . $maxstories;
}
break;
case 'tzid':
// userprefs - tzid
if (isset($_POST['tzid'])) {
$tzid = COM_applyFilter($_POST['tzid']);
if ($prefs_first) {
$prefs_sql .= ',';
} else {
$prefs_first++;
}
$prefs_sql .= 'tzid="' . DB_escapeString($tzid) . '"';
}
break;
case 'dfid':
// userprefs - dfid
if (isset($_POST['dfid'])) {
$dfid = COM_applyFilter($_POST['dfid'], true);
if ($prefs_first) {
$prefs_sql .= ',';
} else {
$prefs_first++;
}
$prefs_sql .= 'dfid=' . $dfid;
}
break;
case 'search_result_format':
// userprefs - search_result_format
if (isset($_POST['search_result_format'])) {
$format = $_POST['search_result_format'];
$search_result_format = $format == 'google' ? 'google' : 'table';
if ($prefs_first) {
$prefs_sql .= ',';
} else {
$prefs_first++;
}
$prefs_sql .= 'search_result_format="' . DB_escapeString($search_result_format) . '"';
}
break;
case 'commentmode':
//usercomment - commentmode
if (isset($_POST['commentmode'])) {
$commentmode = COM_applyFilter($_POST['commentmode']);
if ($comment_first) {
$comment_sql .= ',';
} else {
$comment_first++;
}
$comment_sql .= 'commentmode="' . DB_escapeString($commentmode) . '"';
}
break;
case 'commentorder':
// usercomment - commentorder
if (isset($_POST['commentorder'])) {
$commentorder = $_POST['commentorder'] == 'ASC' ? 'ASC' : 'DESC';
if ($comment_first) {
$comment_sql .= ',';
} else {
$comment_first++;
}
$comment_sql .= 'commentorder="' . DB_escapeString($commentorder) . '"';
}
break;
case 'commentlimit':
// usercomment - commentlimit
if (isset($_POST['commentlimit'])) {
$commentlimit = COM_applyFilter($_POST['commentlimit'], true);
if ($commentlimit < 1) {
$commentlimit = 1;
}
if ($comment_first) {
$comment_sql .= ',';
} else {
$comment_first++;
}
$comment_sql .= 'commentlimit=' . $commentlimit;
}
break;
case 'emailfromuser':
// userprefs - emailfromuser
if (isset($_POST['emailfromuser']) && $_POST['emailfromuser'] == 'on') {
$emailfromuser = 1;
} else {
$emailfromuser = 0;
}
if ($prefs_first) {
$prefs_sql .= ',';
} else {
$prefs_first++;
}
$prefs_sql .= 'emailfromuser='******'emailfromadmin':
// userprefs - emailfromadmin
if (isset($_POST['emailfromadmin']) && $_POST['emailfromadmin'] == 'on') {
$emailfromadmin = 1;
} else {
$emailfromadmin = 0;
}
if ($prefs_first) {
$prefs_sql .= ',';
} else {
$prefs_first++;
}
$prefs_sql .= 'emailfromadmin=' . $emailfromadmin;
break;
case 'showonline':
// userprefs - showonline
if (isset($_POST['showonline']) && $_POST['showonline'] == 'on') {
$showonline = 1;
} else {
$showonline = 0;
}
if ($prefs_first) {
$prefs_sql .= ',';
} else {
$prefs_first++;
}
$prefs_sql .= 'showonline=' . $showonline;
break;
}
}
}
// now execute the queries...
if ($users_sql != '') {
$sql = "UPDATE {$_TABLES['users']} SET " . $users_sql . " WHERE uid > 1";
DB_query($sql);
}
if ($prefs_sql != '') {
$sql = "UPDATE {$_TABLES['userprefs']} SET " . $prefs_sql . " WHERE uid > 1";
DB_query($sql);
}
if ($index_sql != '') {
$sql = "UPDATE {$_TABLES['userindex']} SET " . $index_sql . " WHERE uid > 1";
DB_query($sql);
}
if ($comment_sql != '') {
$sql = "UPDATE {$_TABLES['usercomment']} SET " . $comment_sql . " WHERE uid > 1";
DB_query($sql);
}
COM_setMessage(501);
echo COM_refresh($_CONF['site_admin_url'] . '/user.php');
exit;
}
// | of the License, or (at your option) any later version. |
// | |
// | This program is distributed in the hope that it will be useful, |
// | but WITHOUT ANY WARRANTY; without even the implied warranty of |
// | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
// | GNU General Public License for more details. |
// | |
// | You should have received a copy of the GNU General Public License |
// | along with this program; if not, write to the Free Software Foundation, |
// | Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. |
// | |
// +--------------------------------------------------------------------------+
require_once '../lib-common.php';
$display = '';
if (!SEC_isModerator()) {
COM_setMessage(200);
$display = COM_refresh($_CONF['site_url']);
echo $display;
exit;
}
require_once 'auth.inc.php';
USES_lib_admin();
USES_lib_user();
USES_lib_story();
/**
* Returns the number of user submissions
*
* Similar to plugin_submissioncount_{plugin} for object type = user
*
*/
function MODERATE_submissioncount_user()
/**
* Save information of a weblog directory service
*
* @param int $pid ID of service or 0 for new entry
* @param string $name name of the service
* @param string $site_url Homepage URL of the service
* @param string $ping_url URL to ping at the service
* @param string $method method used for the ping
* @param string $enabled 'on' when enabled
* @return string HTML redirect or service editor
*
*/
function TRACKBACK_saveService($pid, $name, $site_url, $ping_url, $method, $enabled)
{
global $_CONF, $_TABLES, $LANG_TRB;
$enabled = $enabled == 'on' ? 1 : 0;
if ($method == 'extended') {
$method = 'weblogUpdates.extendedPing';
} else {
$method = 'weblogUpdates.ping';
}
$name = strip_tags($name);
$site_url = strip_tags($site_url);
$ping_url = strip_tags($ping_url);
$errormsg = '';
if (empty($name)) {
$errormsg = $LANG_TRB['error_site_name'];
} else {
// all URLs must start with http: or https:
$parts = explode(':', $site_url);
if ($parts[0] != 'http' && $parts[0] != 'https') {
$errormsg = $LANG_TRB['error_site_url'];
} else {
$parts = explode(':', $ping_url);
if ($parts[0] != 'http' && $parts[0] != 'https') {
$errormsg = $LANG_TRB['error_ping_url'];
}
}
}
if (!empty($errormsg)) {
return TRACKBACK_editService($pid, $errormsg, $name, $site_url, $ping_url, $method, $enabled);
}
$name = DB_escapeString($name);
$site_url = DB_escapeString($site_url);
$ping_url = DB_escapeString($ping_url);
if ($pid > 0) {
DB_save($_TABLES['pingservice'], 'pid,name,site_url,ping_url,method,is_enabled', "'{$pid}','{$name}','{$site_url}','{$ping_url}','{$method}','{$enabled}'");
} else {
DB_save($_TABLES['pingservice'], 'name,site_url,ping_url,method,is_enabled', "'{$name}','{$site_url}','{$ping_url}','{$method}','{$enabled}'");
}
COM_setMessage(65);
return COM_refresh($_CONF['site_admin_url'] . '/trackback.php?mode=listservice');
}