function show($e_code, $pages = 1) { global $_CONF; $errmsg = array("0001" => "Could not connect to the forums database.", "0002" => "The forum you selected does not exist. Please go back and try again.", "0003" => "Password Incorrect.", "0004" => "Could not query the topics database.", "0005" => "Error getting messages from the database.", "0006" => "Please enter the Nickname and the Password.", "0007" => "You are not the Moderator of this forum therefore you can't perform this function.", "0008" => "You did not enter the correct password, please go back and try again.", "0009" => "Could not remove posts from the database.", "0010" => "Could not move selected topic to selected forum. Please go back and try again.", "0011" => "Could not lock the selected topic. Please go back and try again.", "0012" => "Could not unlock the selected topic. Please go back and try again.", "0013" => "Could not query the database. <BR>Error: " . DB_error() . "", "0014" => "No such user or post in the database.", "0015" => "Search Engine was unable to query the forums database.", "0016" => "That user does not exist. Please go back and search again.", "0017" => "You must type a subject to post. You can't post an empty subject. Go back and enter the subject", "0018" => "You must choose message icon to post. Go back and choose message icon.", "0019" => "You must type a message to post. You can't post an empty message. Go back and enter a message.", "0020" => "Could not enter data into the database. Please go back and try again.", "0021" => "Can't delete the selected message.", "0022" => "An error ocurred while querying the database.", "0023" => "Selected message was not found in the forum database.", "0024" => "You can't reply to that message. It wasn't sent to you.", "0025" => "You can't post a reply to this topic, it has been locked. Contact the administrator if you have any question.", "0026" => "The forum or topic you are attempting to post to does not exist. Please try again.", "0027" => "You must enter your username and password. Go back and do so.", "0028" => "You have entered an incorrect password. Go back and try again.", "0029" => "Couldn't update post count.", "0030" => "The forum you are attempting to post to does not exist. Please try again.", "0031" => "Unknown Error", "0035" => "You can't edit a post that's not yours.", "0036" => "You do not have permission to edit this post.", "0037" => "You did not supply the correct password or do not have permission to edit this post. Please go back and try again.", "1001" => "Please enter value for Title.", "1002" => "Please enter value for Phone.", "1003" => "Please enter value for Summary.", "1004" => "Please enter value for Address.", "1005" => "Please enter value for City.", "1006" => "Please enter value for State/Province.", "1007" => "Please enter value for Zipcode.", "1008" => "Please enter value for Description.", "1009" => "Vote for the selected resource only once.<br>All votes are logged and reviewed.", "1010" => "You cannot vote on the resource you submitted.<br>All votes are logged and reviewed.", "1011" => "No rating selected - no vote tallied.", "1013" => "Please enter a search query.", "1016" => "Please enter value for Filename.", "1017" => "The file was not uploaded - reported filesize of 0 bytes.", "1101" => "Upload approval Error: The temporary file was not found. Check error.log", "1102" => "Upload submit Error: The temporary filestore file was not created. Check error.log", "1103" => "The download info you provided is already in the database!", "1104" => "The download info was not complete - Need to enter a title for the new file", "1105" => "The download info was not complete - Need to enter a description for the new file", "1106" => "Upload Add Error: The new file was not created. Check error.log", "1107" => "Upload Add Error: The temporary file was not found. Check error.log", "1108" => "Duplicate file - already existing in filestore", "1109" => "File type not allowed", "1110" => "You must define and select a category for the uploaded file", "9999" => "Unknown Error"); // determine the destination of this request $destination = COM_getCurrentURL(); // validate the destination is not blank and is part of our site... if ($destination == '') { $destination = $_CONF['site_url'] . '/filemgmt/index.php'; } if (substr($destination, 0, strlen($_CONF['site_url'])) != $_CONF['site_url']) { $destination = $_CONF['site_url'] . '/filemgmt/index.php'; } $errorno = array_keys($errmsg); if (!in_array($e_code, $errorno)) { $e_code = '9999'; } include_once $_CONF['path'] . 'plugins/filemgmt/include/header.php'; $display = COM_siteHeader('menu'); $display .= '<table width="100%" class="plugin" border="0" cellspacing="0" cellpadding="1">'; $display .= '<tr><td class="pluginAlert" style="text-align:right;padding:5px;">File Management Plugin</td>'; $display .= "<td class=\"pluginAlert\" width=\"50%\" style=\"padding:5px 0px 5px 10px;\">Error Code: {$e_code}</td></tr>"; $display .= "<tr><td colspan=\"2\" class=\"pluginInfo\"><b>ERROR:</b> {$errmsg[$e_code]}</td></tr>"; $display .= '<tr><td colspan="2" class="pluginInfo" style="text-align:center;padding:10px;">'; $display .= '[ <a href="' . $destination . '">Go Back</a> ]</td></tr></table>'; $display .= COM_siteFooter(); echo $display; die(""); }
function ZERO_alertMessage($alertText = '') { global $_CONF, $_ZZ_CONF, $LANG_ZZ00; $display = COM_siteHeader('menu', $LANG_ZZ00['title']); $T = new Template($_CONF['path'] . 'plugins/zero/templates/'); $T->set_file(array('message' => 'zero_alertmsg.thtml')); $T->set_var(array('alert_title' => $LANG_ZZ00['title'] . $LANG_ZZ00['error'], 'alert_text' => $alertText)); $T->parse('output', 'message'); $display .= $T->finish($T->get_var('output')); $display .= COM_siteFooter(); echo $display; return; }
function SERVICE_CMSOPEN_geeklog($authenticate_only) { global $_USER; // Let's get this users username $username = $_USER['username']; if ($username == "") { $username = "******"; } // Ok, now let's authenticate this user userAuthenticate($username); // Now let's see if we only wanted the user access if ($authenticate_only == true) { return; } echo COM_siteHeader(); }
function gf_siteHeader($subject = '') { global $CONF_FORUM; // Display Common headers if (!isset($CONF_FORUM['showblocks'])) { $CONF_FORUM['showblocks'] = 'leftblocks'; } if (!isset($CONF_FORUM['usermenu'])) { $CONF_FORUM['usermenu'] = 'blockmenu'; } if ($CONF_FORUM['showblocks'] == 'noblocks' or $CONF_FORUM['showblocks'] == 'rightblocks') { echo COM_siteHeader('none', $subject); } elseif ($CONF_FORUM['showblocks'] == 'leftblocks' or $CONF_FORUM['showblocks'] == 'allblocks') { if ($CONF_FORUM['usermenu'] == 'blockmenu') { echo COM_siteHeader(array('custom_showBlocks', $CONF_FORUM['leftblocks']), $subject); } else { echo COM_siteHeader('menu', $subject); } } else { echo COM_siteHeader('menu', $subject); } }
function show($e_code, $pages = 1) { global $_CONF; $errmsg = array("0001" => "Could not connect to the forums database.", "0002" => "The forum you selected does not exist. Please go back and try again.", "0003" => "Password Incorrect.", "0004" => "Could not query the topics database.", "0005" => "Error getting messages from the database.", "0006" => "Please enter the Nickname and the Password.", "0007" => "You are not the Moderator of this forum therefore you can't perform this function.", "0008" => "You did not enter the correct password, please go back and try again.", "0009" => "Could not remove posts from the database.", "0010" => "Could not move selected topic to selected forum. Please go back and try again.", "0011" => "Could not lock the selected topic. Please go back and try again.", "0012" => "Could not unlock the selected topic. Please go back and try again.", "0013" => "Could not query the database. <br" . XHTML . ">Error: " . mysql_error(), "0014" => "No such user or post in the database.", "0015" => "Search Engine was unable to query the forums database.", "0016" => "That user does not exist. Please go back and search again.", "0017" => "You must type a subject to post. You can't post an empty subject. Go back and enter the subject", "0018" => "You must choose message icon to post. Go back and choose message icon.", "0019" => "You must type a message to post. You can't post an empty message. Go back and enter a message.", "0020" => "Could not enter data into the database. Please go back and try again.", "0021" => "Can't delete the selected message.", "0022" => "An error ocurred while querying the database.", "0023" => "Selected message was not found in the forum database.", "0024" => "You can't reply to that message. It wasn't sent to you.", "0025" => "You can't post a reply to this topic, it has been locked. Contact the administrator if you have any question.", "0026" => "The forum or topic you are attempting to post to does not exist. Please try again.", "0027" => "You must enter your username and password. Go back and do so.", "0028" => "You have entered an incorrect password. Go back and try again.", "0029" => "Couldn't update post count.", "0030" => "The forum you are attempting to post to does not exist. Please try again.", "0031" => "Unknown Error", "0035" => "You can't edit a post that's not yours.", "0036" => "You do not have permission to edit this post.", "0037" => "You did not supply the correct password or do not have permission to edit this post. Please go back and try again.", "1001" => "Please enter value for Title.", "1002" => "Please enter value for Phone.", "1003" => "Please enter value for Summary.", "1004" => "Please enter value for Address.", "1005" => "Please enter value for City.", "1006" => "Please enter value for State/Province.", "1007" => "Please enter value for Zipcode.", "1008" => "Please enter value for Description.", "1009" => "Vote for the selected resource only once.<br" . XHTML . ">All votes are logged and reviewed.", "1010" => "You cannot vote on the resource you submitted.<br" . XHTML . ">All votes are logged and reviewed.", "1011" => "No rating selected - no vote tallied.", "1013" => "Please enter a search query.", "1016" => "Please enter value for Filename.", "1017" => "The file was not uploaded - reported filesize of 0 bytes.", "1101" => "Upload approval Error: The temporary file was not found. Check error.log", "1102" => "Upload submit Error: The temporary filestore file was not created. Check error.log", "1103" => "The download info you provided is already in the database!", "1104" => "The download info was not complete - Need to enter a title for the new file", "1105" => "The download info was not complete - Need to enter a description for the new file", "1106" => "Upload Add Error: The new file was not created. Check error.log", "1107" => "Upload Add Error: The temporary file was not found. Check error.log", "1108" => "Duplicate file - already existing in filestore", "9999" => "OOPS! God Knows"); $errorno = array_keys($errmsg); if (!in_array($e_code, $errorno)) { $e_code = '9999'; } include_once $_CONF[path_html] . "filemgmt/include/header.php"; $display = ''; $display .= '<table class="plugin" border="0" cellspacing="0" cellpadding="1" style="width:100%;">'; $display .= '<tr><td class="pluginAlert" style="text-align:right; padding:5px;">File Management Plugin</td>'; $display .= '<td class="pluginAlert" style="width:50%; padding:5px 0px 5px 10px;">Error Code: ' . $e_code . '</td></tr>'; $display .= '<tr><td colspan="2" class="pluginInfo"><b>ERROR:</b> ' . $errmsg[$e_code] . '</td></tr>'; $display .= '<tr><td colspan="2" class="pluginInfo" style="text-align:center;padding:10px;">'; $display .= '[ <a href="javascript:history.go(-' . $pages . ')">Go Back</a> ]</td></tr></table>'; if (function_exists('COM_createHTMLDocument')) { $display = COM_createHTMLDocument($display); } else { $display = COM_siteHeader() . $display . COM_siteFooter(); } COM_output($display); die(""); }
function FF_siteHeader($subject = '', $headercode = '') { global $_FF_CONF; $retval = ''; // Display Common headers if (!isset($_FF_CONF['showblocks'])) { $_FF_CONF['showblocks'] = 'leftblocks'; } if (!isset($_FF_CONF['usermenu'])) { $_FF_CONF['usermenu'] = 'blockmenu'; } if ($_FF_CONF['showblocks'] == 'noblocks' or $_FF_CONF['showblocks'] == 'rightblocks') { $retval .= COM_siteHeader('none', $subject, $headercode); } elseif ($_FF_CONF['showblocks'] == 'leftblocks' or $_FF_CONF['showblocks'] == 'allblocks') { if ($_FF_CONF['usermenu'] == 'blockmenu') { $retval .= COM_siteHeader(array('forum_showBlocks', $_FF_CONF['leftblocks']), $subject, $headercode); } else { $retval .= COM_siteHeader('menu', $subject, $headercode); } } else { $retval .= COM_siteHeader('menu', $subject, $headercode); } return $retval; }
/** * Mails the contents of the contact form to that user * * @param int $uid User ID of person to send email to * @param string $author The name of the person sending the email * @param string $authoremail Email address of person sending the email * @param string $subject Subject of email * @param string $message Text of message to send * @return string Meta redirect or HTML for the contact form */ function contactemail($uid, $author, $authoremail, $subject, $message) { global $_CONF, $_TABLES, $_USER, $LANG04, $LANG08; $retval = ''; // check for correct $_CONF permission if (COM_isAnonUser() && ($_CONF['loginrequired'] == 1 || $_CONF['emailuserloginrequired'] == 1) && $uid != 2) { return COM_refresh($_CONF['site_url'] . '/index.php?msg=85'); } // check for correct 'to' user preferences $result = DB_query("SELECT emailfromadmin,emailfromuser FROM {$_TABLES['userprefs']} WHERE uid = '{$uid}'"); $P = DB_fetchArray($result); if (SEC_inGroup('Root') || SEC_hasRights('user.mail')) { $isAdmin = true; } else { $isAdmin = false; } if ($P['emailfromadmin'] != 1 && $isAdmin || $P['emailfromuser'] != 1 && !$isAdmin) { return COM_refresh($_CONF['site_url'] . '/index.php?msg=85'); } // check mail speedlimit COM_clearSpeedlimit($_CONF['speedlimit'], 'mail'); if (COM_checkSpeedlimit('mail') > 0) { return COM_refresh($_CONF['site_url'] . '/index.php?msg=85'); } if (!empty($author) && !empty($subject) && !empty($message)) { if (COM_isemail($authoremail) && strpos($authoremail, '@') === false) { $result = DB_query("SELECT username,fullname,email FROM {$_TABLES['users']} WHERE uid = {$uid}"); $A = DB_fetchArray($result); // Append the user's signature to the message $sig = ''; if (!COM_isAnonUser()) { $sig = DB_getItem($_TABLES['users'], 'sig', "uid={$_USER['uid']}"); if (!empty($sig)) { $sig = strip_tags(COM_stripslashes($sig)); $sig = "\n\n-- \n" . $sig; } } $subject = COM_stripslashes($subject); $message = COM_stripslashes($message); // do a spam check with the unfiltered message text and subject $mailtext = $subject . "\n" . $message . $sig; $result = PLG_checkforSpam($mailtext, $_CONF['spamx']); if ($result > 0) { COM_updateSpeedlimit('mail'); COM_displayMessageAndAbort($result, 'spamx', 403, 'Forbidden'); } $msg = PLG_itemPreSave('contact', $message); if (!empty($msg)) { $retval .= COM_siteHeader('menu', '') . COM_errorLog($msg, 2) . contactform($uid, $subject, $message) . COM_siteFooter(); return $retval; } $subject = strip_tags($subject); $subject = substr($subject, 0, strcspn($subject, "\r\n")); $message = strip_tags($message) . $sig; if (!empty($A['fullname'])) { $to = COM_formatEmailAddress($A['fullname'], $A['email']); } else { $to = COM_formatEmailAddress($A['username'], $A['email']); } $from = COM_formatEmailAddress($author, $authoremail); $sent = COM_mail($to, $subject, $message, $from); if ($sent && isset($_POST['cc']) && $_POST['cc'] == 'on') { $ccmessage = sprintf($LANG08[38], COM_getDisplayName($uid, $A['username'], $A['fullname'])); $ccmessage .= "\n------------------------------------------------------------\n\n" . $message; $sent = COM_mail($from, $subject, $ccmessage, $from); } COM_updateSpeedlimit('mail'); $retval .= COM_refresh($_CONF['site_url'] . '/users.php?mode=profile&uid=' . $uid . '&msg=' . ($sent ? '27' : '85')); } else { $subject = strip_tags($subject); $subject = substr($subject, 0, strcspn($subject, "\r\n")); $subject = htmlspecialchars(trim($subject), ENT_QUOTES); $retval .= COM_siteHeader('menu', $LANG04[81]) . COM_errorLog($LANG08[3], 2) . contactform($uid, $subject, $message) . COM_siteFooter(); } } else { $subject = strip_tags($subject); $subject = substr($subject, 0, strcspn($subject, "\r\n")); $subject = htmlspecialchars(trim($subject), ENT_QUOTES); $retval .= COM_siteHeader('menu', $LANG04[81]) . COM_errorLog($LANG08[4], 2) . contactform($uid, $subject, $message) . COM_siteFooter(); } return $retval; }
// | modify it under the terms of the GNU General Public License | // | as published by the Free Software Foundation; either version 2 | // | of the License, or (at your option) any later version. | // | | // | This program is distributed in the hope that it will be useful, | // | but WITHOUT ANY WARRANTY; without even the implied warranty of | // | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | // | GNU General Public License for more details. | // | | // | You should have received a copy of the GNU General Public License | // | along with this program; if not, write to the Free Software Foundation, | // | Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. | // | | // +---------------------------------------------------------------------------+ /** * @package Test */ require_once '../lib-common.php'; // take user back to the homepage if the plugin is not active if (!in_array('test', $_PLUGINS)) { echo COM_refresh($_CONF['site_url'] . '/index.php'); exit; } $display = ''; // MAIN $display .= COM_siteHeader('menu', $LANG_TEST_1['plugin_name']); $display .= COM_startBlock($LANG_TEST_1['plugin_name']); $display .= '<p>Welcome to the ' . $LANG_TEST_1['plugin_name'] . ' plugin, ' . $_USER['username'] . '!</p>'; $display .= COM_endBlock(); $display .= COM_siteFooter(); echo $display;
// | but WITHOUT ANY WARRANTY; without even the implied warranty of | // | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | // | GNU General Public License for more details. | // | | // | You should have received a copy of the GNU General Public License | // | along with this program; if not, write to the Free Software Foundation, | // | Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. | // | | // +--------------------------------------------------------------------------+ require_once '../../../lib-common.php'; require_once $_CONF['path'] . '/plugins/calendar/autoinstall.php'; USES_lib_install(); if (!SEC_inGroup('Root')) { // Someone is trying to illegally access this page COM_errorLog("Someone has tried to illegally access the Calendar install/uninstall page. User id: {$_USER['uid']}, Username: {$_USER['username']}, IP: {$REMOTE_ADDR}", 1); $display = COM_siteHeader('menu', $LANG_ACCESS['accessdenied']) . COM_startBlock($LANG_ACCESS['accessdenied']) . $LANG_ACCESS['plugin_access_denied_msg'] . COM_endBlock() . COM_siteFooter(); echo $display; exit; } /** * Main Function */ if (SEC_checkToken()) { $action = COM_applyFilter($_GET['action']); if ($action == 'install') { if (plugin_install_calendar()) { // Redirects to the plugin editor echo COM_refresh($_CONF['site_admin_url'] . '/plugins.php?msg=44'); exit; } else { echo COM_refresh($_CONF['site_admin_url'] . '/plugins.php?msg=72');
* Main */ $display = ''; $mode = ''; if (isset($_POST['save'])) { $mode = 'save'; } if (isset($_POST['cancel'])) { $mode = 'cancel'; } $T = new Template($_MG_CONF['template_path'] . '/admin'); $T->set_file('admin', 'administration.thtml'); $T->set_var(array('site_admin_url' => $_CONF['site_admin_url'], 'site_url' => $_MG_CONF['site_url'], 'mg_navigation' => MG_navigation(), 'lang_admin' => $LANG_MG00['admin'], 'version' => $_MG_CONF['pi_version'])); if ($mode == 'save' && SEC_checkToken()) { $T->set_var(array('admin_body' => MG_saveConfig(), 'mg_navigation' => MG_navigation())); } elseif ($mode == 'cancel') { echo COM_refresh($_MG_CONF['admin_url'] . 'index.php'); exit; } elseif ($mode == $LANG_MG01['continue']) { COM_setMessage(2); echo COM_refresh($_MG_CONF['admin_url'] . 'index.php'); exit; } else { $T->set_var(array('admin_body' => MG_editConfig(), 'title' => $LANG_MG01['system_options'], 'lang_help' => '<img src="' . MG_getImageFile('button_help.png') . '" style="border:none;" alt="?" />', 'help_url' => $_MG_CONF['site_url'] . '/docs/usage.html#System_Options')); } $T->parse('output', 'admin'); $display = COM_siteHeader('menu', ''); $display .= $T->finish($T->get_var('output')); $display .= COM_siteFooter(); echo $display; exit;
/** * Get an existing static page * * @param array args Contains all the data provided by the client * @param string &output OUTPUT parameter containing the returned text * @param string &svc_msg OUTPUT parameter containing any service messages * @return int Response code as defined in lib-plugins.php */ function service_get_staticpages($args, &$output, &$svc_msg) { global $_CONF, $_TABLES, $LANG_ACCESS, $LANG12, $LANG_STATIC, $LANG_LOGIN, $_SP_CONF; $output = ''; $svc_msg['output_fields'] = array('sp_hits', 'sp_format', 'owner_id', 'group_id', 'perm_owner', 'perm_group', 'perm_members', 'perm_anon', 'sp_help', 'sp_php', 'sp_inblock', 'commentcode'); if (empty($args['sp_id']) && !empty($args['id'])) { $args['sp_id'] = $args['id']; } if ($args['gl_svc']) { if (isset($args['sp_id'])) { $args['sp_id'] = COM_applyBasicFilter($args['sp_id']); } if (isset($args['mode'])) { $args['mode'] = COM_applyBasicFilter($args['mode']); } if (empty($args['sp_id'])) { $svc_msg['gl_feed'] = true; } else { $svc_msg['gl_feed'] = false; } } else { $svc_msg['gl_feed'] = false; } if (!$svc_msg['gl_feed']) { $page = ''; if (isset($args['sp_id'])) { $page = $args['sp_id']; } $mode = ''; if (isset($args['mode'])) { $mode = $args['mode']; } $error = 0; if ($page == '') { $error = 1; } $perms = SP_getPerms(); if (!empty($perms)) { $perms = ' AND ' . $perms; } $sql = "SELECT sp_title,sp_content,sp_hits,sp_date,sp_format," . "commentcode,sp_uid,owner_id,group_id,perm_owner,perm_group," . "perm_members,perm_anon,sp_tid,sp_help,sp_php," . "sp_inblock FROM {$_TABLES['staticpage']} " . "WHERE (sp_id = '{$page}') AND (sp_status = 1)" . $perms; $result = DB_query($sql); $count = DB_numRows($result); if ($count == 0 || $count > 1) { $error = 1; } if (!$error) { $output = DB_fetchArray($result, false); // WE ASSUME $output doesn't have any confidential fields if ($mode !== 'autotag') { $_CONF['pagetitle'] = $output['sp_title']; } } else { // an error occured (page not found, access denied, ...) if (empty($page)) { $failflg = 0; } else { $failflg = DB_getItem($_TABLES['staticpage'], 'sp_nf', "sp_id='{$page}'"); } if ($failflg) { if ($mode !== 'autotag') { $output = COM_siteHeader('menu'); } $output .= SEC_loginRequiredForm(); if ($mode !== 'autotag') { $output .= COM_siteFooter(); } } else { if ($mode !== 'autotag') { COM_404(); } } return PLG_RET_ERROR; } if ($args['gl_svc']) { // This date format is PHP 5 only, // but only the web-service uses the value $output['published'] = date('c', strtotime($output['sp_date'])); $output['updated'] = date('c', strtotime($output['sp_date'])); $output['id'] = $page; $output['title'] = $output['sp_title']; $output['category'] = array($output['sp_tid']); $output['content'] = $output['sp_content']; $output['content_type'] = 'html'; $output['author_name'] = DB_getItem($_TABLES['users'], 'username', 'uid=' . (int) $output['owner_id']); $output['link_edit'] = $page; } } else { $output = array(); $mode = ''; if (isset($args['mode'])) { $mode = $args['mode']; } $perms = SP_getPerms(); if (!empty($perms)) { $perms = ' AND ' . $perms; } $offset = 0; if (isset($args['offset'])) { $offset = COM_applyBasicFilter($args['offset'], true); } $max_items = $_SP_CONF['atom_max_items'] + 1; $limit = " LIMIT {$offset}, {$max_items}"; $order = " ORDER BY sp_date DESC"; $sql = "SELECT sp_id,sp_title,sp_content,sp_hits,sp_date,sp_format,owner_id," . "group_id,perm_owner,perm_group,perm_members,perm_anon,sp_tid,sp_help,sp_php," . "sp_inblock FROM {$_TABLES['staticpage']} WHERE (sp_status = 1)" . $perms . $order . $limit; $result = DB_query($sql); $count = 0; while (($output_item = DB_fetchArray($result, false)) !== false) { // WE ASSUME $output doesn't have any confidential fields $count += 1; if ($count == $max_items) { $svc_msg['offset'] = $offset + $_SP_CONF['atom_max_items']; break; } if ($args['gl_svc']) { // This date format is PHP 5 only, but only the web-service uses the value $output_item['published'] = date('c', strtotime($output_item['sp_date'])); $output_item['updated'] = date('c', strtotime($output_item['sp_date'])); $output_item['id'] = $output_item['sp_id']; $output_item['title'] = $output_item['sp_title']; $output_item['category'] = array($output_item['sp_tid']); $output_item['content'] = $output_item['sp_content']; $output_item['content_type'] = 'html'; $output_item['author_name'] = DB_getItem($_TABLES['users'], 'username', 'uid=' . (int) $output['owner_id']); } $output[] = $output_item; } } return PLG_RET_OK; }
/** * Create the banner list depending on the category given * * @param array $message message(s) to display * @return string the banner page * */ function banner_list($message) { global $_CONF, $_TABLES, $_BAN_CONF, $LANG_BANNER_ADMIN, $LANG_BANNER, $LANG_BANNER_STATS; $cid = $_BAN_CONF['root']; $display = ''; if (isset($_GET['category'])) { $cid = strip_tags(COM_stripslashes($_GET['category'])); } elseif (isset($_POST['category'])) { $cid = strip_tags(COM_stripslashes($_POST['category'])); } $cat = addslashes($cid); $page = 0; if (isset($_GET['page'])) { $page = COM_applyFilter($_GET['page'], true); } if ($page == 0) { $page = 1; } if (empty($cid)) { if ($page > 1) { $page_title = sprintf($LANG_BANNER[114] . ' (%d)', $page); } else { $page_title = $LANG_BANNER[114]; } } else { if ($cid == $_BAN_CONF['root']) { $category = $LANG_BANNER['root']; } else { $category = DB_getItem($_TABLES['bannercategories'], 'category', "cid = '{$cat}'"); } if ($page > 1) { $page_title = sprintf($LANG_BANNER[114] . ': %s (%d)', $category, $page); } else { $page_title = sprintf($LANG_BANNER[114] . ': %s', $category); } } // Check has access to this category if ($cid != $_BAN_CONF['root']) { $result = DB_query("SELECT owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon FROM {$_TABLES['bannercategories']} WHERE cid='{$cat}'"); $A = DB_fetchArray($result); if (SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']) < 2) { $display .= COM_siteHeader('menu', $page_title); $display .= COM_showMessage(5, 'banner'); $display .= COM_siteFooter(); echo $display; exit; } } $display .= COM_siteHeader('menu', $page_title); if (is_array($message) && !empty($message[0])) { $display .= COM_startBlock($message[0], '', COM_getBlockTemplate('_msg_block', 'header')); $display .= $message[1]; $display .= COM_endBlock(COM_getBlockTemplate('_msg_block', 'footer')); } else { if (isset($_REQUEST['msg'])) { $msg = COM_applyFilter($_REQUEST['msg'], true); if ($msg > 0) { $display .= COM_showMessage($msg, 'banner'); } } } $bannerlist = new Template($_CONF['path'] . 'plugins/banner/templates/'); $bannerlist->set_file(array('bannerlist' => 'banner.thtml', 'catbanner' => 'categorybanner.thtml', 'banner' => 'bannerdetails.thtml', 'catnav' => 'categorynavigation.thtml', 'catrow' => 'categoryrow.thtml', 'catcol' => 'categorycol.thtml', 'actcol' => 'categoryactivecol.thtml', 'pagenav' => 'pagenavigation.thtml', 'catdrop' => 'categorydropdown.thtml')); $bannerlist->set_var('xhtml', XHTML); $bannerlist->set_var('blockheader', COM_startBlock($LANG_BANNER[114])); $bannerlist->set_var('layout_url', $_CONF['layout_url']); if ($_BAN_CONF['bannercols'] > 0) { // Create breadcrumb trail $bannerlist->set_var('breadcrumbs', banner_breadcrumbs($_BAN_CONF['root'], $cid)); // Set dropdown for category jump $bannerlist->set_var('lang_go', $LANG_BANNER[124]); $bannerlist->set_var('banner_dropdown', banner_select_box(2, $cid)); // Show categories $sql = "SELECT cid,pid,category,description FROM {$_TABLES['bannercategories']} WHERE pid='{$cat}'"; $sql .= COM_getLangSQL('cid', 'AND'); $sql .= COM_getPermSQL('AND') . " ORDER BY category"; $result = DB_query($sql); $nrows = DB_numRows($result); if ($nrows > 0) { $bannerlist->set_var('lang_categories', $LANG_BANNER_ADMIN[14]); for ($i = 1; $i <= $nrows; $i++) { $C = DB_fetchArray($result); // Get number of child banner user can see in this category $ccid = addslashes($C['cid']); $result1 = DB_query("SELECT COUNT(*) AS count FROM {$_TABLES['banner']} WHERE cid='{$ccid}'" . COM_getPermSQL('AND')); $D = DB_fetchArray($result1); // Get number of child categories user can see in this category $result2 = DB_query("SELECT COUNT(*) AS count FROM {$_TABLES['bannercategories']} WHERE pid='{$ccid}'" . COM_getPermSQL('AND')); $E = DB_fetchArray($result2); // Format numbers for display $display_count = ''; // don't show zeroes if ($E['count'] > 0) { $display_count = COM_numberFormat($E['count']); } if ($E['count'] > 0 && $D['count'] > 0) { $display_count .= ', '; } if ($D['count'] > 0) { $display_count .= COM_numberFormat($D['count']); } // add brackets if child items exist if ($display_count != '') { $display_count = '(' . $display_count . ')'; } $bannerlist->set_var('category_name', $C['category']); if ($_BAN_CONF['show_category_descriptions']) { $bannerlist->set_var('category_description', $C['description']); } else { $bannerlist->set_var('category_description', ''); } $bannerlist->set_var('category_link', $_CONF['site_url'] . '/banner/index.php?category=' . urlencode($C['cid'])); $bannerlist->set_var('category_count', $display_count); $bannerlist->set_var('width', floor(100 / $_BAN_CONF['bannercols'])); if (!empty($cid) && $cid == $C['cid']) { $bannerlist->parse('category_col', 'actcol', true); } else { $bannerlist->parse('category_col', 'catcol', true); } if ($i % $_BAN_CONF['bannercols'] == 0) { $bannerlist->parse('category_row', 'catrow', true); $bannerlist->set_var('category_col', ''); } } if ($nrows % $_BAN_CONF['bannercols'] != 0) { $bannerlist->parse('category_row', 'catrow', true); } $bannerlist->parse('category_navigation', 'catnav', true); } else { $bannerlist->set_var('category_navigation', ''); } } else { $bannerlist->set_var('category_navigation', ''); } if ($_BAN_CONF['bannercols'] == 0) { $bannerlist->set_var('category_dropdown', ''); } else { $bannerlist->parse('category_dropdown', 'catdrop', true); } $bannerlist->set_var('site_url', $_CONF['site_url']); $bannerlist->set_var('cid', $cid); $bannerlist->set_var('cid_plain', $cid); $bannerlist->set_var('cid_encoded', urlencode($cid)); $bannerlist->set_var('lang_addabanner', $LANG_BANNER[116]); // Build SQL for banner $sql = 'SELECT bid,cid,url,description,title,hits,owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon'; $from_where = " FROM {$_TABLES['banner']}"; if ($_BAN_CONF['bannercols'] > 0) { if (!empty($cid)) { $from_where .= " WHERE cid='" . addslashes($cid) . "'"; } else { $from_where .= " WHERE cid=''"; } $from_where .= ' AND (publishstart IS NULL OR publishstart < NOW()) and (publishend IS NULL OR publishend > NOW())'; $from_where .= COM_getPermSQL('AND'); } else { $from_where .= COM_getPermSQL(); } $order = ' ORDER BY cid ASC,title'; $limit = ''; if ($_BAN_CONF['bannerperpage'] > 0) { if ($page < 1) { $start = 0; } else { $start = ($page - 1) * $_BAN_CONF['bannerperpage']; } $limit = ' LIMIT ' . $start . ',' . $_BAN_CONF['bannerperpage']; } $result = DB_query($sql . $from_where . $order . $limit); $nrows = DB_numRows($result); if ($nrows == 0) { if ($cid == $_BAN_CONF['root'] && $page <= 1 && $_BAN_CONF['show_top10']) { $result = DB_query("SELECT bid,url,title,description,hits,owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon FROM {$_TABLES['banner']} WHERE (hits > 0) AND (publishstart IS NULL OR publishstart < NOW()) and (publishend IS NULL OR publishend > NOW())" . COM_getPermSQL('AND') . " ORDER BY hits DESC LIMIT 10"); $nrows = DB_numRows($result); if ($nrows > 0) { $bannerlist->set_var('banner_details', ''); $bannerlist->set_var('banner_category', $LANG_BANNER_STATS['stats_headline']); for ($i = 0; $i < $nrows; $i++) { $A = DB_fetchArray($result); prepare_banner_item($A, $bannerlist); $bannerlist->parse('banner_details', 'banner', true); } $bannerlist->parse('category_banner', 'catbanner', true); } } $bannerlist->set_var('page_navigation', ''); } else { $currentcid = ''; for ($i = 0; $i < $nrows; $i++) { $A = DB_fetchArray($result); if (strcasecmp($A['cid'], $currentcid) != 0) { // print the category and banner if ($i > 0) { $bannerlist->parse('category_banner', 'catbanner', true); $bannerlist->set_var('banner_details', ''); } $currentcid = $A['cid']; $currentcategory = DB_getItem($_TABLES['bannercategories'], 'category', "cid = '" . addslashes($currentcid) . "'"); $bannerlist->set_var('banner_category', $currentcategory); } prepare_banner_item($A, $bannerlist); $bannerlist->parse('banner_details', 'banner', true); } $bannerlist->parse('category_banner', 'catbanner', true); $result = DB_query('SELECT COUNT(*) AS count ' . $from_where); list($numbanner) = DB_fetchArray($result); $pages = 0; if ($_BAN_CONF['bannerperpage'] > 0) { $pages = (int) ($numbanner / $_BAN_CONF['bannerperpage']); if ($numbanner % $_BAN_CONF['bannerperpage'] > 0) { $pages++; } } if ($pages > 0) { if ($_BAN_CONF['bannercols'] > 0 && !empty($currentcid)) { $catbanner = '?category=' . urlencode($currentcid); } else { $catbanner = ''; } $bannerlist->set_var('page_navigation', COM_printPageNavigation($_CONF['site_url'] . '/banner/index.php' . $catbanner, $page, $pages)); } else { $bannerlist->set_var('page_navigation', ''); } } $bannerlist->set_var('blockfooter', COM_endBlock()); $bannerlist->parse('output', 'bannerlist'); $display .= $bannerlist->finish($bannerlist->get_var('output')); return $display; }
} elseif (isset($_GET[$provided])) { $action = $provided; } } switch ($action) { case 'banbutton_x': if (SEC_checkToken()) { $msg = SFS_banUsers(); $pageBody .= COM_showMessageText($msg) . SFS_adminList(); } else { COM_accessLog('User ' . $_USER['username'] . ' tried to ban users and failed CSRF checks.'); echo COM_refresh($_CONF['site_admin_url'] . '/index.php'); } break; case 'delbutton_x': if (SEC_checkToken()) { $msg = SFS_delUsers(); $pageBody .= COM_showMessageText($msg) . SFS_adminList(); } else { COM_accessLog('User ' . $_USER['username'] . ' tried to del users and failed CSRF checks.'); echo COM_refresh($_CONF['site_admin_url'] . '/index.php'); } break; default: $pageBody .= SFS_adminList(); break; } $display = COM_siteHeader('menu', $LANG_SFS['title']); $display .= $pageBody; $display .= COM_siteFooter(); echo $display;
COM_output($display); } else { if ($mode == $LANG_ADMIN['save'] && !empty($LANG_ADMIN['save']) && SEC_checkToken()) { submitstory(); } else { // 'cancel' or no mode at all $type = ''; if (isset($_POST['type'])) { $type = COM_applyFilter($_POST['type']); } if ($mode == $LANG24[10] && !empty($LANG24[10]) && $type == 'submission') { $display = COM_refresh($_CONF['site_admin_url'] . '/moderation.php'); } else { $current_topic = ''; if (empty($mode)) { if (!empty($_GET['tid'])) { $current_topic = COM_applyFilter($_GET['tid']); } elseif (!empty($_POST['tid'])) { $current_topic = COM_applyFilter($_POST['tid']); } } $display .= COM_siteHeader('menu', $LANG24[22]); $display .= COM_showMessageFromParameter(); $display .= liststories($current_topic); $display .= COM_siteFooter(); } COM_output($display); } } } }
$lid = COM_applyFilter($_GET['lid'], true); } $display = ''; $display .= COM_startBlock("<b>" . _MD_RATEFILETITLE . "</b>"); $result = DB_query("SELECT title FROM {$_FM_TABLES['filemgmt_filedetail']} WHERE lid='{$lid}'"); list($title) = DB_fetchArray($result); $title = $myts->makeTboxData4Show($title); $display .= '<table border="0" cellpadding="1" cellspacing="0" width="80%" class="plugin"><tr>'; $display .= '<td class="pluginHeader">' . _MD_FILE . ': ' . $title . '</td></tr>'; $display .= '<tr><td style="padding:10px;"><ul>'; $display .= '<li>' . _MD_VOTEONCE . '</li>'; $display .= '<li>' . _MD_RATINGSCALE . '</li>'; $display .= '<li>' . _MD_BEOBJECTIVE . '</li>'; $display .= '<li>' . _MD_DONOTVOTE . '</li>'; $display .= "\n </ul></td></tr><tr><td style=\"text-align:center;\">\n <form method=\"post\" action=\"ratefile.php\"><div>\n <input type=\"hidden\" name=\"lid\" value=\"{$lid}\"" . XHTML . ">\n <select name=\"rating\"><option>--</option>"; for ($i = 10; $i > 0; $i--) { $display .= "<option value=\"" . $i . "\">" . $i . "</option>\n"; } $display .= "</select><br" . XHTML . "><br" . XHTML . ">"; $display .= "<input type=\"submit\" name=\"submit\" value=\"" . _MD_RATEIT . "\"" . XHTML . ">\n"; $display .= " <input type=\"button\" value=\"" . _MD_CANCEL; $display .= "\" onclick=\"javascript:history.go(-1)\"" . XHTML . ">\n"; $display .= "</div></form></td></tr></table>"; $display .= COM_endBlock(); if (function_exists('COM_createHTMLDocument')) { $display = COM_createHTMLDocument($display); } else { $display = COM_siteHeader() . $display . COM_siteFooter(); } COM_output($display); }
case 'edit': echo COM_refresh($_CONF['site_url'] . "/admin/plugins/maps/marker_edit.php"); exit; break; //Edit marker sumission //Edit marker sumission case 'editsubmission': $id = $_REQUEST['id']; echo COM_refresh($_CONF['site_url'] . "/admin/plugins/maps/marker_edit.php?mode=editsubmission&mkid={$id}"); exit; break; case 'setgeolocation': MAPS_setGeoLocation(); echo COM_refresh($_CONF['site_url'] . "/admin/plugins/maps/index.php?msg=" . urlencode($LANG_MAPS_1['set_geo_location'])); exit; break; default: $display = COM_siteHeader('menu', $LANG_MAPS_1['plugin_name']); $display .= MAPS_admin_menu(); if (!empty($_REQUEST['msg'])) { $display .= COM_startBlock($LANG_MAPS_1['message'], '', 'blockheader-message.thtml'); $display .= $_REQUEST['msg']; $display .= COM_endBlock('blockfooter-message.thtml'); } $display .= '<img src="' . $_CONF['site_admin_url'] . '/plugins/maps/images/maps.png" alt="" align="left" hspace="5">' . '<p>' . $LANG_MAPS_1['plugin_doc'] . ' <a href="http://geeklog.fr/downloads/index.php/maps" target="_blank">' . $LANG_MAPS_1['online'] . '</a>.</p>'; $display .= '<br /><h1>' . $LANG_MAPS_1['maps_list'] . '</h1>'; $display .= '<p>' . $LANG_MAPS_1['you_can'] . '<a href="' . $_CONF['site_url'] . '/admin/plugins/maps/map_edit.php">' . $LANG_MAPS_1['create_map'] . '</a>.</p><p> </p>'; $display .= MAPS_listmaps(); $display .= COM_siteFooter(0); } COM_output($display);
$tables = explode('|', $_POST['groupmembers']); $items['lglib_dbback_exclude'] = DB_escapeString(@serialize($tables)); $items['lglib_dbback_files'] = (int) $_POST['db_backup_maxfiles']; if (isset($_POST['disable_cron'])) { $str = '-1'; } else { $str = (int) $_POST['db_backup_interval']; } $items['lglib_dbback_cron'] = $str; $items['lglib_dbback_gzip'] = isset($_POST['use_gzip']) ? 1 : 0; foreach ($items as $name => $value) { $sql = "INSERT INTO {$_TABLES['vars']} (name, value)\n VALUES ('{$name}', '{$value}')\n ON DUPLICATE KEY UPDATE value='{$value}'"; DB_query($sql); } break; } switch ($view) { case 'config': $content .= DBADMIN_configBackup(); break; case 'none': break; default: SEC_createToken(); $content .= DBADMIN_list(); break; } $display .= COM_siteHeader('menu', $pi_title); $display .= $content; $display .= COM_siteFooter(); echo $display;
/** * This will save a submission * * @param string $type Type of submission we are dealing with * @param array $A Data for that submission * */ function savesubmission($type, $A) { global $_CONF, $_TABLES, $_USER, $LANG12; $retval = COM_siteHeader(); COM_clearSpeedlimit($_CONF['speedlimit'], 'submit'); $last = COM_checkSpeedlimit('submit'); if ($last > 0) { $retval .= COM_startBlock($LANG12[26], '', COM_getBlockTemplate('_msg_block', 'header')) . $LANG12[30] . $last . $LANG12[31] . COM_endBlock(COM_getBlockTemplate('_msg_block', 'footer')) . COM_siteFooter(); return $retval; } if (!empty($type) && $type != 'story') { // Update the submitspeedlimit for user - assuming Plugin approves // submission record COM_updateSpeedlimit('submit'); // see if this is a submission that needs to be handled by a plugin // and should include its own redirect $retval = PLG_saveSubmission($type, $A); if ($retval === false) { COM_errorLog("Could not save your submission. Bad type: {$type}"); } elseif (empty($retval)) { // plugin should include its own redirect - but in case handle // it here and redirect to the main page return COM_refresh($_CONF['site_url'] . '/index.php'); } else { return $retval; } } if (!empty($A['title']) && !empty($A['introtext'])) { $retval = savestory($A); } else { $retval .= COM_startBlock($LANG12[22], '', COM_getBlockTemplate('_msg_block', 'header')) . $LANG12[23] . COM_endBlock(COM_getBlockTemplate('_msg_block', 'footer')) . submissionform($type) . COM_siteFooter(); } return $retval; }
/** * Show main plugin screen: installed and uninstalled plugins, upload form * * @param string $message (optional) message to display * @param string $token an optional csrf token * @return string HTML for the plugin screen * */ function plugin_main($message = '', $token = '') { global $LANG32; $retval = ''; $retval .= COM_siteHeader('menu', $LANG32[5]); if (!empty($message)) { $retval .= COM_showMessageText($message); } else { $retval .= COM_showMessageFromParameter(); } if (empty($token)) { $token = SEC_createToken(); } $retval .= listplugins($token); if (SEC_hasRights('plugin.install')) { $retval .= show_newplugins($token); } // Show the upload form or an error message $retval .= plugin_show_uploadform($token); $retval .= COM_siteFooter(); return $retval; }
if ($topic) { $header = '<link rel="microsummary" href="' . $_CONF['site_url'] . '/index.php?display=microsummary&topic=' . urlencode($topic) . '" title="Microsummary"' . XHTML . '>'; // Meta Tags if ($_CONF['meta_tags'] > 0) { $result = DB_query("SELECT meta_description, meta_keywords FROM {$_TABLES['topics']} WHERE tid = '{$topic}'"); $A = DB_fetchArray($result); $meta_description = stripslashes($A['meta_description']); $meta_keywords = stripslashes($A['meta_keywords']); //$meta_description = stripslashes( DB_getItem( $_TABLES['topics'], 'meta_description', "tid = '$topic'" )); //$meta_keywords = stripslashes( DB_getItem( $_TABLES['topics'], 'meta_keywords', "tid = '$topic'" )); $header .= COM_createMetaTags($meta_description, $meta_keywords); } } else { $header = '<link rel="microsummary" href="' . $_CONF['site_url'] . '/index.php?display=microsummary" title="Microsummary"' . XHTML . '>'; } $display .= COM_siteHeader('menu', '', $header); if (isset($_GET['msg'])) { $plugin = ''; if (isset($_GET['plugin'])) { $plugin = COM_applyFilter($_GET['plugin']); } $display .= COM_showMessage(COM_applyFilter($_GET['msg'], true), $plugin); } if (SEC_inGroup('Root') && $page == 1) { $done = DB_getItem($_TABLES['vars'], 'value', "name = 'security_check'"); if ($done != 1) { /** * we don't have the path to the admin directory, so try to figure it * out from $_CONF['site_admin_url'] * @todo FIXME: this duplicates some code from admin/sectest.php */
$album_id = COM_applyFilter($_GET['aid'], true); $media_id = COM_applyFilter($_GET['mid']); $T = new Template(MG_getTemplatePath($album_id)); $T->set_file('page', 'view_image.thtml'); $T->set_var('header', $LANG_MG00['plugin']); $T->set_var('site_url', $_CONF['site_url']); $T->set_var('plugin', 'mediagallery'); // // -- Verify that image really does belong to this album // $sql = "SELECT * FROM " . $_TABLES['mg_media_albums'] . " WHERE media_id='" . DB_escapeString($mid) . "' AND album_id='" . intval($aid) . "'"; $result = DB_query($sql); if (DB_numRows($result) < 1) { die("ERROR #2"); } // Get Album Info... $sql = "SELECT * FROM " . $_TABLES['mg_albums'] . " WHERE album_id=" . intval($album_id); $result = DB_query($sql); $row = DB_fetchArray($result); // Check access rights $access = SEC_hasAccess($row['owner_id'], $row['group_id'], $row['perm_owner'], $row['perm_group'], $row['perm_members'], $row['perm_anon']); if ($access == 0) { $display .= COM_siteHeader('menu') . COM_showMessageText($LANG_MG00['access_denied_msg'], $LANG_ACCESS['accessdenied'], true) . COM_siteFooter(); echo $display; exit; } $sql = "SELECT * FROM " . $_TABLES['mg_media'] . " WHERE media_id='" . DB_escapeString($media_id) . "'"; $result = DB_query($sql); $row = DB_fetchArray($result); echo '<img src="' . $_MG_CONF['mediaobjects_url'] . '/disp/' . $row['media_filename'][0] . '/' . $row['media_filename'] . '.jpg' . '">'; exit;
/** * Get an existing static page * * @param array args Contains all the data provided by the client * @param string &output OUTPUT parameter containing the returned text * @param string &svc_msg OUTPUT parameter containing any service messages * @return int Response code as defined in lib-plugins.php */ function service_get_staticpages($args, &$output, &$svc_msg) { global $_CONF, $_TABLES, $LANG_ACCESS, $LANG12, $LANG_STATIC, $_SP_CONF; $output = ''; $svc_msg['output_fields'] = array('sp_hits', 'sp_format', 'draft_flag', 'owner_id', 'group_id', 'perm_owner', 'perm_group', 'perm_members', 'perm_anon', 'sp_help', 'sp_php', 'sp_inblock', 'commentcode'); if (empty($args['sp_id']) && !empty($args['id'])) { $args['sp_id'] = $args['id']; } if ($args['gl_svc']) { if (isset($args['sp_id'])) { $args['sp_id'] = COM_applyBasicFilter($args['sp_id']); } if (isset($args['mode'])) { $args['mode'] = COM_applyBasicFilter($args['mode']); } if (empty($args['sp_id'])) { $svc_msg['gl_feed'] = true; } else { $svc_msg['gl_feed'] = false; } } else { $svc_msg['gl_feed'] = false; } if (!$svc_msg['gl_feed']) { $page = ''; if (isset($args['sp_id'])) { $page = $args['sp_id']; } $mode = ''; if (isset($args['mode'])) { $mode = $args['mode']; } $error = 0; if ($page == '') { $error = 1; } $perms = SP_getPerms(); if (!SEC_hasRights('staticpages.edit')) { if (!empty($perms)) { $perms .= ' AND'; } $perms .= '(draft_flag = 0)'; } if (!empty($perms)) { $perms = ' AND ' . $perms; } $sql = array(); $sql['mysql'] = "SELECT sp_title,sp_page_title,sp_content,sp_hits,created,modified,sp_format," . "commentcode,meta_description,meta_keywords,template_flag,template_id,draft_flag," . "owner_id,group_id,perm_owner,perm_group," . "perm_members,perm_anon,sp_tid,sp_help,sp_php," . "sp_inblock FROM {$_TABLES['staticpage']} " . "WHERE (sp_id = '{$page}')" . $perms; $sql['mssql'] = "SELECT sp_title,sp_page_title," . "CAST(sp_content AS text) AS sp_content,sp_hits," . "created,modified,sp_format,commentcode," . "CAST(meta_description AS text) AS meta_description," . "CAST(meta_keywords AS text) AS meta_keywords,template_flag,template_id,draft_flag," . "owner_id,group_id,perm_owner,perm_group,perm_members," . "perm_anon,sp_tid,sp_help,sp_php,sp_inblock " . "FROM {$_TABLES['staticpage']} WHERE (sp_id = '{$page}')" . $perms; $sql['pgsql'] = "SELECT sp_title,sp_page_title,sp_content,sp_hits," . "created,modified,sp_format," . "commentcode,meta_description,meta_keywords,template_flag,template_id,draft_flag," . "owner_id,group_id,perm_owner,perm_group," . "perm_members,perm_anon,sp_tid,sp_help,sp_php," . "sp_inblock FROM {$_TABLES['staticpage']} " . "WHERE (sp_id = '{$page}')" . $perms; $result = DB_query($sql); $count = DB_numRows($result); if ($count == 0 || $count > 1) { $error = 1; } if (!$error) { $output = DB_fetchArray($result, false); // WE ASSUME $output doesn't have any confidential fields if ($output['template_id'] != '') { $retval = ''; $mode = ''; $xmlObject = simplexml_load_string($output['sp_content']); // create array of XML data $tag = array(); foreach ($xmlObject->variable as $variable) { $key = $variable["name"] . ''; $value = $variable->data; $tag[$key] = $value; } // Loop through variables to replace any autotags first foreach ($tag as &$value) { $value = PLG_replaceTags($value); } $args = array('sp_id' => $output['template_id'], 'mode' => $mode, 'gl_svc' => ''); $svc_msg = array(); if (PLG_invokeService('staticpages', 'get', $args, $retval, $svc_msg) == PLG_RET_OK) { $retval['sp_content'] = str_replace(array_keys($tag), array_values($tag), $retval['sp_content']); $output['sp_content'] = $retval['sp_content']; } } } else { // an error occured (page not found, access denied, ...) /** * if the user has edit permissions and the page does not exist, * send them to the editor so they can create it "wiki style" */ $create_page = false; if ($mode !== 'autotag' && $count == 0 && SEC_hasRights('staticpages.edit')) { // check again without permissions if (DB_count($_TABLES['staticpage'], 'sp_id', $page) == 0) { $url = $_CONF['site_admin_url'] . '/plugins/staticpages/index.php?mode=edit&sp_new_id=' . $page . '&msg=21'; $output = COM_refresh($url); $create_page = true; } } if (!$create_page) { if (empty($page)) { $failflg = 0; } else { $failflg = DB_getItem($_TABLES['staticpage'], 'sp_nf', "sp_id = '{$page}'"); } if ($failflg) { if ($mode !== 'autotag') { $output = COM_siteHeader('menu'); } $output .= SEC_loginRequiredForm(); if ($mode !== 'autotag') { $output .= COM_siteFooter(true); } } else { if ($mode !== 'autotag') { $output = COM_siteHeader('menu'); } $output .= COM_startBlock($LANG_ACCESS['accessdenied'], '', COM_getBlockTemplate('_msg_block', 'header')); $output .= $LANG_STATIC['deny_msg']; $output .= COM_endBlock(COM_getBlockTemplate('_msg_block', 'footer')); if ($mode !== 'autotag') { $output .= COM_siteFooter(true); } } } return PLG_RET_ERROR; } if ($args['gl_svc']) { // This date format is PHP 5 only, // but only the web-service uses the value $output['published'] = date('c', strtotime($output['created'])); $output['updated'] = date('c', strtotime($output['modified'])); $output['id'] = $page; $output['title'] = $output['sp_title']; $output['page_title'] = $output['sp_page_title']; $output['category'] = array($output['sp_tid']); $output['content'] = $output['sp_content']; $output['content_type'] = 'html'; $owner_data = SESS_getUserDataFromId($output['owner_id']); $output['author_name'] = $owner_data['username']; $output['link_edit'] = $page; } } else { $output = array(); $mode = ''; if (isset($args['mode'])) { $mode = $args['mode']; } $perms = SP_getPerms(); if (!empty($perms)) { $perms = ' WHERE ' . $perms; } $offset = 0; if (isset($args['offset'])) { $offset = COM_applyBasicFilter($args['offset'], true); } $max_items = $_SP_CONF['atom_max_items'] + 1; $limit = " LIMIT {$offset}, {$max_items}"; $order = " ORDER BY modified DESC"; $sql = array(); $sql['mysql'] = "SELECT sp_id,sp_title,sp_page_title,sp_content,sp_hits,created,modified,sp_format,meta_description,meta_keywords,template_flag,template_id,draft_flag,owner_id," . "group_id,perm_owner,perm_group,perm_members,perm_anon,sp_tid,sp_help,sp_php," . "sp_inblock FROM {$_TABLES['staticpage']}" . $perms . $order . $limit; $sql['mssql'] = "SELECT sp_id,sp_title,sp_page_title,CAST(sp_content AS text) AS sp_content,sp_hits," . "created,modified,sp_format,CAST(meta_description AS text) AS meta_description,CAST(meta_keywords AS text) AS meta_keywords,template_flag,template_id,draft_flag,owner_id,group_id,perm_owner,perm_group,perm_members," . "perm_anon,sp_tid,sp_help,sp_php,sp_inblock FROM {$_TABLES['staticpage']}" . $perms . $order . $limit; $sql['pgsql'] = "SELECT sp_id,sp_title,sp_page_title,sp_content,sp_hits,created,modified,sp_format,meta_description,meta_keywords,template_flag,template_id,draft_flag,owner_id," . "group_id,perm_owner,perm_group,perm_members,perm_anon,sp_tid,sp_help,sp_php," . "sp_inblock FROM {$_TABLES['staticpage']}" . $perms . $order . $limit; $result = DB_query($sql); $count = 0; while (($output_item = DB_fetchArray($result, false)) !== false) { // WE ASSUME $output doesn't have any confidential fields $count += 1; if ($count == $max_items) { $svc_msg['offset'] = $offset + $_SP_CONF['atom_max_items']; break; } if ($args['gl_svc']) { // This date format is PHP 5 only, but only the web-service uses the value $output_item['published'] = date('c', strtotime($output_item['created'])); $output_item['updated'] = date('c', strtotime($output_item['modified'])); $output_item['id'] = $output_item['sp_id']; $output_item['title'] = $output_item['sp_title']; $output_item['page_title'] = $output_item['sp_page_title']; $output_item['category'] = array($output_item['sp_tid']); $output_item['content'] = $output_item['sp_content']; $output_item['content_type'] = 'html'; $owner_data = SESS_getUserDataFromId($output_item['owner_id']); $output_item['author_name'] = $owner_data['username']; } $output[] = $output_item; } } return PLG_RET_OK; }
global $_CONF, $_DB, $_TABLES, $_USER, $_GUS_VARS; $_DB->setDisplayError(TRUE); require_once $_CONF['path'] . 'plugins/gus/sql/gus.php'; // build tables foreach ($_SQL as $sql) { DB_query($sql); } // insert data foreach ($_DATA as $data) { DB_query($data); } } /* * Main Function */ $display = COM_siteHeader() . COM_startBlock($LANG_GUS00['install_header']); $action = isset($_GET['action']) ? COM_applyFilter($_GET['action']) : ''; if ($action === 'install') { if (plugin_install_gus()) { $img_url = $_CONF['site_url'] . '/gus/images/' . $_GUS_IMG_name; $blockManager = $_CONF['site_admin_url'] . '/block.php'; $admin_url = $_CONF['site_admin_url'] . '/plugins/gus/index.php'; $import_url = $_CONF['site_admin_url'] . '/plugins/gus/import.php'; $readme_url = $_CONF['site_admin_url'] . '/plugins/gus/readme.html'; $display .= "<img align=left src=\"{$img_url}\" alt='GUS Icon' width=48 height=48>" . '<p>I have created all the necessary tables and activated the Who\'s Online block. ' . "If you do not want to use it, then you may disable it by changing the GUS config.php file located in the plugins/gus directory. " . "<p>To configure GUS, go to the <a href=\"{$admin_url}\">admin page</a>.\n\t\t\tInformation about the various configuration options\tmay be found in the \n\t\t\t<a href=\"{$readme_url}#config\">README file</a>." . "<p>If you would like to support development of this plugin, there are some suggestions in the \n\t\t\t<a href=\"{$readme_url}#you\">README file</a>."; // check for old stats to see if we should add an import link if ($_ST_plugin_name != '') { $stats_version = DB_getItem($_TABLES['plugins'], 'pi_version', "pi_name = '{$_ST_plugin_name}'"); $display .= "<hr>I notice you have the stats plugin version {$stats_version} installed as '{$_ST_plugin_name}'. "; if ($stats_version !== '1.3') { $display .= "<p>If you had version 1.3 installed, I could import its data. \n\t\t\t\t\tIf you update this in the future, you can import its data from \n\t\t\t\t\tthe <a href=\"{$admin_url}\">admin page</a>.";
$display .= COM_showMessage($msg, 'links'); $display .= links_list_categories($root); $display .= COM_siteFooter(); // edit category } else { if ($mode == 'edit') { $display .= COM_siteHeader('menu', $LANG_LINKS_ADMIN[56]); $pid = ''; if (isset($_GET['pid'])) { $pid = strip_tags(COM_stripslashes($_GET['pid'])); } $cid = ''; if (isset($_GET['cid'])) { $cid = strip_tags(COM_stripslashes($_GET['cid'])); } $display .= links_edit_category($cid, $pid); $display .= COM_siteFooter(); // nothing, so list categories } else { $display .= COM_siteHeader('menu', $LANG_LINKS_ADMIN[11]); if (isset($_REQUEST['msg'])) { $msg = COM_applyFilter($_REQUEST['msg'], true); if ($msg > 0) { $display .= COM_showMessage($msg, 'links'); } } $display .= links_list_categories($root); $display .= COM_siteFooter(); } } COM_output($display);
$handlerID = COM_applyFilter($_POST['idhandler'], true); $stepID = COM_applyFilter($_POST['idstepType'], true); //$taskName = ppPrepareForDB($_POST['taskName'],true); if (!get_magic_quotes_gpc()) { $taskName = addslashes($_POST['taskName']); } else { $taskName = $_POST['taskName']; } $taskName = COM_killJS($taskName); $op = COM_applyFilter($_POST['operation'], false); $moveop = COM_applyFilter($_POST['moveoperation'], false); $regen = COM_applyFilter($_POST['regenerate'], true); $regenAllTasks = COM_applyFilter($_POST['regenerateAllLive'], true); $taskassigntype = COM_applyFilter($_POST['taskassigntype']); $retval = ''; echo COM_siteHeader('menu'); $navbar = new navbar(); $navbar->add_menuitem('My Tasks', $CONF_NF['TaskConsole_URL']); if ($templateID > 0) { $navbar->add_menuitem('Edit Template', $_CONF['site_admin_url'] . '/plugins/nexflow/index.php?templateID=' . $templateID); $navbar->set_selected('Edit Template'); } $navbar->add_menuitem('View Templates', $_CONF['site_admin_url'] . '/plugins/nexflow/templates.php'); $navbar->add_menuitem('Edit Handlers', $_CONF['site_admin_url'] . '/plugins/nexflow/handlers.php'); echo $navbar->generate(); if ($taskID == 0) { $taskID = null; } // lets check the incoming operation.. if its save, then save either the existing data // or create a new entry. if ($moveop != '' || $moveop != null) {
/** * Display message after a login error * * @param int $msg message number for custom handler * @param string $message_title title for the message box * @param string $message_text text of the message box * @return void function does not return! * */ function displayLoginErrorAndAbort($msg, $message_title, $message_text) { global $_CONF; if ($_CONF['custom_registration'] && function_exists('CUSTOM_loginErrorHandler')) { // Typically this will be used if you have a custom main site page // and need to control the login process CUSTOM_loginErrorHandler($msg); } else { @header($_SERVER['SERVER_PROTOCOL'] . ' 403 Forbidden'); @header('Status: 403 Forbidden'); $retval = COM_siteHeader('menu', $message_title) . COM_showMessageText($message_text, $message_title, false, 'error') . COM_siteFooter(); echo $retval; } // don't return exit; }
// | of the License, or (at your option) any later version. | // | | // | This program is distributed in the hope that it will be useful, | // | but WITHOUT ANY WARRANTY; without even the implied warranty of | // | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | // | GNU General Public License for more details. | // | | // | You should have received a copy of the GNU General Public License | // | along with this program; if not, write to the Free Software Foundation, | // | Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. | // | | // +--------------------------------------------------------------------------+ require_once '../../../lib-common.php'; require_once '../../auth.inc.php'; if (!SEC_hasRights('forum.edit')) { $display = COM_siteHeader(); $display .= COM_startBlock($LANG_GF00['access_denied']); $display .= $LANG_GF00['admin_only']; $display .= COM_endBlock(); $display .= COM_siteFooter(true); echo $display; exit; } USES_forum_functions(); USES_forum_format(); USES_forum_admin(); if (isset($_POST['migrate']) && $_POST['migrate'] == $LANG_GF01['MIGRATE_NOW'] and $_POST['selforum'] != "select" and !empty($_POST['cb_chkentry'])) { $num_stories = 0; $num_posts = 0; $forum = COM_applyFilter($_POST['selforum']); foreach ($_POST['cb_chkentry'] as $sid) {
if (!empty($_CONF['ip_lookup'])) { $iplookup = str_replace('*', $A['ip'], $_CONF['ip_lookup']); $templates->set_var('start_ip_lookup_anchortag', '<a href="' . $iplookup . '" title="' . $LANG_BAD_BEHAVIOR['title_lookup_ip'] . '">'); $templates->set_var('end_ip_lookup_anchortag', '</a>'); } else { $templates->set_var('start_ip_lookup_anchortag', ''); $templates->set_var('end_ip_lookup_anchortag', ''); } $templates->parse('output', 'entry'); $retval .= $templates->finish($templates->get_var('output')); $retval .= COM_endBlock(COM_getBlockTemplate('_admin_block', 'footer')); return $retval; } // MAIN $rightblocks = false; $display .= COM_siteHeader('menu', $LANG_BAD_BEHAVIOR['page_title']); if (isset($_GET['mode'])) { $mode = COM_applyFilter($_GET['mode']); } else { $mode = 'list'; } if ($mode == 'list') { $page = isset($_GET['page']) ? COM_applyFilter($_GET['page'], true) : 0; $display .= _bb_listEntries($page); } else { if ($mode == 'view') { $id = isset($_GET['id']) ? COM_applyFilter($_GET['id'], true) : 0; $page = isset($_GET['page']) ? COM_applyFilter($_GET['page'], true) : 0; $display .= _bb_viewEntry($id, $page); } else { $page = isset($_GET['page']) ? COM_applyFilter($_GET['page'], true) : 0;
// | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | // | GNU General Public License for more details. | // | | // | You should have received a copy of the GNU General Public License | // | along with this program; if not, write to the Free Software Foundation, | // | Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. | // | | // +---------------------------------------------------------------------------+ // include_once 'gf_functions.php'; require_once $_CONF['path'] . 'plugins/forum/debug.php'; // Common Debug Code $ip = COM_applyFilter($_REQUEST['ip']); $forum = COM_applyFilter($_REQUEST['forum'], true); $op = COM_applyFilter($_REQUEST['op']); echo COM_siteHeader(); echo COM_startBlock($LANG_GF96['gfipman']); echo ppNavbar($navbarMenu, $LANG_GF06['7']); if ($op == 'banip' && $ip != '') { if ($_POST['sure'] == 'yes') { DB_query("INSERT INTO {$_TABLES['gf_banned_ip']} (host_ip) VALUES ('{$ip}')"); forum_statusMessage($LANG_GF96['ipbanned'], $_CONF['site_admin_url'] . '/plugins/forum/ips.php', $LANG_GF96['ipbanned']); echo COM_endBlock(); echo adminfooter(); echo COM_siteFooter(); exit; } if ($_POST['sure'] != 'yes') { $ips_unban = new Template($_CONF['path_layout'] . 'forum/layout/admin'); $ips_unban->set_file(array('ips_unban' => 'ips_unban.thtml')); $ips_unban->set_var('phpself', $_CONF['site_admin_url'] . '/plugins/forum/ips.php');
$result = DB_query("SELECT COUNT(*) AS num_pages FROM {$temp_table['name']} WHERE DAYOFMONTH( date ) = {$day}"); $row = DB_fetchArray($result, FALSE); $pages += $row['num_pages']; $T->set_var('pages', $row['num_pages']); $date_compare = GUS_get_date_comparison('date', $year, $month, $day); $result = DB_query("SELECT COUNT(*) AS num_stories FROM {$_TABLES['stories']} WHERE {$date_compare}"); $row = DB_fetchArray($result, FALSE); $stories += $row['num_stories']; $T->set_var('stories', $row['num_stories']); $result = DB_query("SELECT COUNT(*) AS num_comments FROM {$_TABLES['comments']} WHERE {$date_compare}"); $row = DB_fetchArray($result, FALSE); $comments += $row['num_comments']; $T->set_var('comments', $row['num_comments']); $result = DB_query("SELECT COUNT(*) AS num_links FROM {$temp_table['name']}\n\t\t\t\t\t\t\t\tWHERE page LIKE '%portal.php' AND query_string <> '' AND DAYOFMONTH( date ) = {$day}"); $row = DB_fetchArray($result, FALSE); $linksf += $row['num_links']; $T->set_var('linksf', $row['num_links']); $T->Parse('ABlock', 'ROW', TRUE); } } $T->set_var(array('period' => $LANG_GUS00['total'], 'anon' => $anon, 'reg' => $reg, 'pages' => $pages, 'stories' => $stories, 'comments' => $comments, 'linksf' => $linksf, 'google_paging' => $navlinks)); $title = date('F Y - ', mktime(0, 0, 0, $month, 1, $year)) . $LANG_GUS00['daily_title']; $display = GUS_template_finish($T, $title); if ($_GUS_cache and date('Yn') !== $year . $month) { GUS_writecache($display); } GUS_remove_temp_table($temp_table); } echo COM_siteHeader($_GUS_CONF['show_left_blocks']); echo $display; echo COM_siteFooter($_GUS_CONF['show_right_blocks']);