function show($e_code, $pages = 1)
{
global $_CONF;
$errmsg = array("0001" => "Could not connect to the forums database.", "0002" => "The forum you selected does not exist. Please go back and try again.", "0003" => "Password Incorrect.", "0004" => "Could not query the topics database.", "0005" => "Error getting messages from the database.", "0006" => "Please enter the Nickname and the Password.", "0007" => "You are not the Moderator of this forum therefore you can't perform this function.", "0008" => "You did not enter the correct password, please go back and try again.", "0009" => "Could not remove posts from the database.", "0010" => "Could not move selected topic to selected forum. Please go back and try again.", "0011" => "Could not lock the selected topic. Please go back and try again.", "0012" => "Could not unlock the selected topic. Please go back and try again.", "0013" => "Could not query the database. <BR>Error: " . DB_error() . "", "0014" => "No such user or post in the database.", "0015" => "Search Engine was unable to query the forums database.", "0016" => "That user does not exist. Please go back and search again.", "0017" => "You must type a subject to post. You can't post an empty subject. Go back and enter the subject", "0018" => "You must choose message icon to post. Go back and choose message icon.", "0019" => "You must type a message to post. You can't post an empty message. Go back and enter a message.", "0020" => "Could not enter data into the database. Please go back and try again.", "0021" => "Can't delete the selected message.", "0022" => "An error ocurred while querying the database.", "0023" => "Selected message was not found in the forum database.", "0024" => "You can't reply to that message. It wasn't sent to you.", "0025" => "You can't post a reply to this topic, it has been locked. Contact the administrator if you have any question.", "0026" => "The forum or topic you are attempting to post to does not exist. Please try again.", "0027" => "You must enter your username and password. Go back and do so.", "0028" => "You have entered an incorrect password. Go back and try again.", "0029" => "Couldn't update post count.", "0030" => "The forum you are attempting to post to does not exist. Please try again.", "0031" => "Unknown Error", "0035" => "You can't edit a post that's not yours.", "0036" => "You do not have permission to edit this post.", "0037" => "You did not supply the correct password or do not have permission to edit this post. Please go back and try again.", "1001" => "Please enter value for Title.", "1002" => "Please enter value for Phone.", "1003" => "Please enter value for Summary.", "1004" => "Please enter value for Address.", "1005" => "Please enter value for City.", "1006" => "Please enter value for State/Province.", "1007" => "Please enter value for Zipcode.", "1008" => "Please enter value for Description.", "1009" => "Vote for the selected resource only once.<br>All votes are logged and reviewed.", "1010" => "You cannot vote on the resource you submitted.<br>All votes are logged and reviewed.", "1011" => "No rating selected - no vote tallied.", "1013" => "Please enter a search query.", "1016" => "Please enter value for Filename.", "1017" => "The file was not uploaded - reported filesize of 0 bytes.", "1101" => "Upload approval Error: The temporary file was not found. Check error.log", "1102" => "Upload submit Error: The temporary filestore file was not created. Check error.log", "1103" => "The download info you provided is already in the database!", "1104" => "The download info was not complete - Need to enter a title for the new file", "1105" => "The download info was not complete - Need to enter a description for the new file", "1106" => "Upload Add Error: The new file was not created. Check error.log", "1107" => "Upload Add Error: The temporary file was not found. Check error.log", "1108" => "Duplicate file - already existing in filestore", "1109" => "File type not allowed", "1110" => "You must define and select a category for the uploaded file", "9999" => "Unknown Error");
// determine the destination of this request
$destination = COM_getCurrentURL();
// validate the destination is not blank and is part of our site...
if ($destination == '') {
$destination = $_CONF['site_url'] . '/filemgmt/index.php';
}
if (substr($destination, 0, strlen($_CONF['site_url'])) != $_CONF['site_url']) {
$destination = $_CONF['site_url'] . '/filemgmt/index.php';
}
$errorno = array_keys($errmsg);
if (!in_array($e_code, $errorno)) {
$e_code = '9999';
}
include_once $_CONF['path'] . 'plugins/filemgmt/include/header.php';
$display = COM_siteHeader('menu');
$display .= '<table width="100%" class="plugin" border="0" cellspacing="0" cellpadding="1">';
$display .= '<tr><td class="pluginAlert" style="text-align:right;padding:5px;">File Management Plugin</td>';
$display .= "<td class=\"pluginAlert\" width=\"50%\" style=\"padding:5px 0px 5px 10px;\">Error Code: {$e_code}</td></tr>";
$display .= "<tr><td colspan=\"2\" class=\"pluginInfo\"><b>ERROR:</b> {$errmsg[$e_code]}</td></tr>";
$display .= '<tr><td colspan="2" class="pluginInfo" style="text-align:center;padding:10px;">';
$display .= '[ <a href="' . $destination . '">Go Back</a> ]</td></tr></table>';
$display .= COM_siteFooter();
echo $display;
die("");
}
function ZERO_alertMessage($alertText = '')
{
global $_CONF, $_ZZ_CONF, $LANG_ZZ00;
$display = COM_siteHeader('menu', $LANG_ZZ00['title']);
$T = new Template($_CONF['path'] . 'plugins/zero/templates/');
$T->set_file(array('message' => 'zero_alertmsg.thtml'));
$T->set_var(array('alert_title' => $LANG_ZZ00['title'] . $LANG_ZZ00['error'], 'alert_text' => $alertText));
$T->parse('output', 'message');
$display .= $T->finish($T->get_var('output'));
$display .= COM_siteFooter();
echo $display;
return;
}
function SERVICE_CMSOPEN_geeklog($authenticate_only)
{
global $_USER;
// Let's get this users username
$username = $_USER['username'];
if ($username == "") {
$username = "******";
}
// Ok, now let's authenticate this user
userAuthenticate($username);
// Now let's see if we only wanted the user access
if ($authenticate_only == true) {
return;
}
echo COM_siteHeader();
}
function gf_siteHeader($subject = '')
{
global $CONF_FORUM;
// Display Common headers
if (!isset($CONF_FORUM['showblocks'])) {
$CONF_FORUM['showblocks'] = 'leftblocks';
}
if (!isset($CONF_FORUM['usermenu'])) {
$CONF_FORUM['usermenu'] = 'blockmenu';
}
if ($CONF_FORUM['showblocks'] == 'noblocks' or $CONF_FORUM['showblocks'] == 'rightblocks') {
echo COM_siteHeader('none', $subject);
} elseif ($CONF_FORUM['showblocks'] == 'leftblocks' or $CONF_FORUM['showblocks'] == 'allblocks') {
if ($CONF_FORUM['usermenu'] == 'blockmenu') {
echo COM_siteHeader(array('custom_showBlocks', $CONF_FORUM['leftblocks']), $subject);
} else {
echo COM_siteHeader('menu', $subject);
}
} else {
echo COM_siteHeader('menu', $subject);
}
}
function show($e_code, $pages = 1)
{
global $_CONF;
$errmsg = array("0001" => "Could not connect to the forums database.", "0002" => "The forum you selected does not exist. Please go back and try again.", "0003" => "Password Incorrect.", "0004" => "Could not query the topics database.", "0005" => "Error getting messages from the database.", "0006" => "Please enter the Nickname and the Password.", "0007" => "You are not the Moderator of this forum therefore you can't perform this function.", "0008" => "You did not enter the correct password, please go back and try again.", "0009" => "Could not remove posts from the database.", "0010" => "Could not move selected topic to selected forum. Please go back and try again.", "0011" => "Could not lock the selected topic. Please go back and try again.", "0012" => "Could not unlock the selected topic. Please go back and try again.", "0013" => "Could not query the database. <br" . XHTML . ">Error: " . mysql_error(), "0014" => "No such user or post in the database.", "0015" => "Search Engine was unable to query the forums database.", "0016" => "That user does not exist. Please go back and search again.", "0017" => "You must type a subject to post. You can't post an empty subject. Go back and enter the subject", "0018" => "You must choose message icon to post. Go back and choose message icon.", "0019" => "You must type a message to post. You can't post an empty message. Go back and enter a message.", "0020" => "Could not enter data into the database. Please go back and try again.", "0021" => "Can't delete the selected message.", "0022" => "An error ocurred while querying the database.", "0023" => "Selected message was not found in the forum database.", "0024" => "You can't reply to that message. It wasn't sent to you.", "0025" => "You can't post a reply to this topic, it has been locked. Contact the administrator if you have any question.", "0026" => "The forum or topic you are attempting to post to does not exist. Please try again.", "0027" => "You must enter your username and password. Go back and do so.", "0028" => "You have entered an incorrect password. Go back and try again.", "0029" => "Couldn't update post count.", "0030" => "The forum you are attempting to post to does not exist. Please try again.", "0031" => "Unknown Error", "0035" => "You can't edit a post that's not yours.", "0036" => "You do not have permission to edit this post.", "0037" => "You did not supply the correct password or do not have permission to edit this post. Please go back and try again.", "1001" => "Please enter value for Title.", "1002" => "Please enter value for Phone.", "1003" => "Please enter value for Summary.", "1004" => "Please enter value for Address.", "1005" => "Please enter value for City.", "1006" => "Please enter value for State/Province.", "1007" => "Please enter value for Zipcode.", "1008" => "Please enter value for Description.", "1009" => "Vote for the selected resource only once.<br" . XHTML . ">All votes are logged and reviewed.", "1010" => "You cannot vote on the resource you submitted.<br" . XHTML . ">All votes are logged and reviewed.", "1011" => "No rating selected - no vote tallied.", "1013" => "Please enter a search query.", "1016" => "Please enter value for Filename.", "1017" => "The file was not uploaded - reported filesize of 0 bytes.", "1101" => "Upload approval Error: The temporary file was not found. Check error.log", "1102" => "Upload submit Error: The temporary filestore file was not created. Check error.log", "1103" => "The download info you provided is already in the database!", "1104" => "The download info was not complete - Need to enter a title for the new file", "1105" => "The download info was not complete - Need to enter a description for the new file", "1106" => "Upload Add Error: The new file was not created. Check error.log", "1107" => "Upload Add Error: The temporary file was not found. Check error.log", "1108" => "Duplicate file - already existing in filestore", "9999" => "OOPS! God Knows");
$errorno = array_keys($errmsg);
if (!in_array($e_code, $errorno)) {
$e_code = '9999';
}
include_once $_CONF[path_html] . "filemgmt/include/header.php";
$display = '';
$display .= '<table class="plugin" border="0" cellspacing="0" cellpadding="1" style="width:100%;">';
$display .= '<tr><td class="pluginAlert" style="text-align:right; padding:5px;">File Management Plugin</td>';
$display .= '<td class="pluginAlert" style="width:50%; padding:5px 0px 5px 10px;">Error Code: ' . $e_code . '</td></tr>';
$display .= '<tr><td colspan="2" class="pluginInfo"><b>ERROR:</b> ' . $errmsg[$e_code] . '</td></tr>';
$display .= '<tr><td colspan="2" class="pluginInfo" style="text-align:center;padding:10px;">';
$display .= '[ <a href="javascript:history.go(-' . $pages . ')">Go Back</a> ]</td></tr></table>';
if (function_exists('COM_createHTMLDocument')) {
$display = COM_createHTMLDocument($display);
} else {
$display = COM_siteHeader() . $display . COM_siteFooter();
}
COM_output($display);
die("");
}
function FF_siteHeader($subject = '', $headercode = '')
{
global $_FF_CONF;
$retval = '';
// Display Common headers
if (!isset($_FF_CONF['showblocks'])) {
$_FF_CONF['showblocks'] = 'leftblocks';
}
if (!isset($_FF_CONF['usermenu'])) {
$_FF_CONF['usermenu'] = 'blockmenu';
}
if ($_FF_CONF['showblocks'] == 'noblocks' or $_FF_CONF['showblocks'] == 'rightblocks') {
$retval .= COM_siteHeader('none', $subject, $headercode);
} elseif ($_FF_CONF['showblocks'] == 'leftblocks' or $_FF_CONF['showblocks'] == 'allblocks') {
if ($_FF_CONF['usermenu'] == 'blockmenu') {
$retval .= COM_siteHeader(array('forum_showBlocks', $_FF_CONF['leftblocks']), $subject, $headercode);
} else {
$retval .= COM_siteHeader('menu', $subject, $headercode);
}
} else {
$retval .= COM_siteHeader('menu', $subject, $headercode);
}
return $retval;
}
/**
* Mails the contents of the contact form to that user
*
* @param int $uid User ID of person to send email to
* @param string $author The name of the person sending the email
* @param string $authoremail Email address of person sending the email
* @param string $subject Subject of email
* @param string $message Text of message to send
* @return string Meta redirect or HTML for the contact form
*/
function contactemail($uid, $author, $authoremail, $subject, $message)
{
global $_CONF, $_TABLES, $_USER, $LANG04, $LANG08;
$retval = '';
// check for correct $_CONF permission
if (COM_isAnonUser() && ($_CONF['loginrequired'] == 1 || $_CONF['emailuserloginrequired'] == 1) && $uid != 2) {
return COM_refresh($_CONF['site_url'] . '/index.php?msg=85');
}
// check for correct 'to' user preferences
$result = DB_query("SELECT emailfromadmin,emailfromuser FROM {$_TABLES['userprefs']} WHERE uid = '{$uid}'");
$P = DB_fetchArray($result);
if (SEC_inGroup('Root') || SEC_hasRights('user.mail')) {
$isAdmin = true;
} else {
$isAdmin = false;
}
if ($P['emailfromadmin'] != 1 && $isAdmin || $P['emailfromuser'] != 1 && !$isAdmin) {
return COM_refresh($_CONF['site_url'] . '/index.php?msg=85');
}
// check mail speedlimit
COM_clearSpeedlimit($_CONF['speedlimit'], 'mail');
if (COM_checkSpeedlimit('mail') > 0) {
return COM_refresh($_CONF['site_url'] . '/index.php?msg=85');
}
if (!empty($author) && !empty($subject) && !empty($message)) {
if (COM_isemail($authoremail) && strpos($authoremail, '@') === false) {
$result = DB_query("SELECT username,fullname,email FROM {$_TABLES['users']} WHERE uid = {$uid}");
$A = DB_fetchArray($result);
// Append the user's signature to the message
$sig = '';
if (!COM_isAnonUser()) {
$sig = DB_getItem($_TABLES['users'], 'sig', "uid={$_USER['uid']}");
if (!empty($sig)) {
$sig = strip_tags(COM_stripslashes($sig));
$sig = "\n\n-- \n" . $sig;
}
}
$subject = COM_stripslashes($subject);
$message = COM_stripslashes($message);
// do a spam check with the unfiltered message text and subject
$mailtext = $subject . "\n" . $message . $sig;
$result = PLG_checkforSpam($mailtext, $_CONF['spamx']);
if ($result > 0) {
COM_updateSpeedlimit('mail');
COM_displayMessageAndAbort($result, 'spamx', 403, 'Forbidden');
}
$msg = PLG_itemPreSave('contact', $message);
if (!empty($msg)) {
$retval .= COM_siteHeader('menu', '') . COM_errorLog($msg, 2) . contactform($uid, $subject, $message) . COM_siteFooter();
return $retval;
}
$subject = strip_tags($subject);
$subject = substr($subject, 0, strcspn($subject, "\r\n"));
$message = strip_tags($message) . $sig;
if (!empty($A['fullname'])) {
$to = COM_formatEmailAddress($A['fullname'], $A['email']);
} else {
$to = COM_formatEmailAddress($A['username'], $A['email']);
}
$from = COM_formatEmailAddress($author, $authoremail);
$sent = COM_mail($to, $subject, $message, $from);
if ($sent && isset($_POST['cc']) && $_POST['cc'] == 'on') {
$ccmessage = sprintf($LANG08[38], COM_getDisplayName($uid, $A['username'], $A['fullname']));
$ccmessage .= "\n------------------------------------------------------------\n\n" . $message;
$sent = COM_mail($from, $subject, $ccmessage, $from);
}
COM_updateSpeedlimit('mail');
$retval .= COM_refresh($_CONF['site_url'] . '/users.php?mode=profile&uid=' . $uid . '&msg=' . ($sent ? '27' : '85'));
} else {
$subject = strip_tags($subject);
$subject = substr($subject, 0, strcspn($subject, "\r\n"));
$subject = htmlspecialchars(trim($subject), ENT_QUOTES);
$retval .= COM_siteHeader('menu', $LANG04[81]) . COM_errorLog($LANG08[3], 2) . contactform($uid, $subject, $message) . COM_siteFooter();
}
} else {
$subject = strip_tags($subject);
$subject = substr($subject, 0, strcspn($subject, "\r\n"));
$subject = htmlspecialchars(trim($subject), ENT_QUOTES);
$retval .= COM_siteHeader('menu', $LANG04[81]) . COM_errorLog($LANG08[4], 2) . contactform($uid, $subject, $message) . COM_siteFooter();
}
return $retval;
}
// | modify it under the terms of the GNU General Public License |
// | as published by the Free Software Foundation; either version 2 |
// | of the License, or (at your option) any later version. |
// | |
// | This program is distributed in the hope that it will be useful, |
// | but WITHOUT ANY WARRANTY; without even the implied warranty of |
// | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
// | GNU General Public License for more details. |
// | |
// | You should have received a copy of the GNU General Public License |
// | along with this program; if not, write to the Free Software Foundation, |
// | Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. |
// | |
// +---------------------------------------------------------------------------+
/**
* @package Test
*/
require_once '../lib-common.php';
// take user back to the homepage if the plugin is not active
if (!in_array('test', $_PLUGINS)) {
echo COM_refresh($_CONF['site_url'] . '/index.php');
exit;
}
$display = '';
// MAIN
$display .= COM_siteHeader('menu', $LANG_TEST_1['plugin_name']);
$display .= COM_startBlock($LANG_TEST_1['plugin_name']);
$display .= '<p>Welcome to the ' . $LANG_TEST_1['plugin_name'] . ' plugin, ' . $_USER['username'] . '!</p>';
$display .= COM_endBlock();
$display .= COM_siteFooter();
echo $display;
// | but WITHOUT ANY WARRANTY; without even the implied warranty of |
// | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
// | GNU General Public License for more details. |
// | |
// | You should have received a copy of the GNU General Public License |
// | along with this program; if not, write to the Free Software Foundation, |
// | Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. |
// | |
// +--------------------------------------------------------------------------+
require_once '../../../lib-common.php';
require_once $_CONF['path'] . '/plugins/calendar/autoinstall.php';
USES_lib_install();
if (!SEC_inGroup('Root')) {
// Someone is trying to illegally access this page
COM_errorLog("Someone has tried to illegally access the Calendar install/uninstall page. User id: {$_USER['uid']}, Username: {$_USER['username']}, IP: {$REMOTE_ADDR}", 1);
$display = COM_siteHeader('menu', $LANG_ACCESS['accessdenied']) . COM_startBlock($LANG_ACCESS['accessdenied']) . $LANG_ACCESS['plugin_access_denied_msg'] . COM_endBlock() . COM_siteFooter();
echo $display;
exit;
}
/**
* Main Function
*/
if (SEC_checkToken()) {
$action = COM_applyFilter($_GET['action']);
if ($action == 'install') {
if (plugin_install_calendar()) {
// Redirects to the plugin editor
echo COM_refresh($_CONF['site_admin_url'] . '/plugins.php?msg=44');
exit;
} else {
echo COM_refresh($_CONF['site_admin_url'] . '/plugins.php?msg=72');
* Main
*/
$display = '';
$mode = '';
if (isset($_POST['save'])) {
$mode = 'save';
}
if (isset($_POST['cancel'])) {
$mode = 'cancel';
}
$T = new Template($_MG_CONF['template_path'] . '/admin');
$T->set_file('admin', 'administration.thtml');
$T->set_var(array('site_admin_url' => $_CONF['site_admin_url'], 'site_url' => $_MG_CONF['site_url'], 'mg_navigation' => MG_navigation(), 'lang_admin' => $LANG_MG00['admin'], 'version' => $_MG_CONF['pi_version']));
if ($mode == 'save' && SEC_checkToken()) {
$T->set_var(array('admin_body' => MG_saveConfig(), 'mg_navigation' => MG_navigation()));
} elseif ($mode == 'cancel') {
echo COM_refresh($_MG_CONF['admin_url'] . 'index.php');
exit;
} elseif ($mode == $LANG_MG01['continue']) {
COM_setMessage(2);
echo COM_refresh($_MG_CONF['admin_url'] . 'index.php');
exit;
} else {
$T->set_var(array('admin_body' => MG_editConfig(), 'title' => $LANG_MG01['system_options'], 'lang_help' => '<img src="' . MG_getImageFile('button_help.png') . '" style="border:none;" alt="?" />', 'help_url' => $_MG_CONF['site_url'] . '/docs/usage.html#System_Options'));
}
$T->parse('output', 'admin');
$display = COM_siteHeader('menu', '');
$display .= $T->finish($T->get_var('output'));
$display .= COM_siteFooter();
echo $display;
exit;
/**
* Get an existing static page
*
* @param array args Contains all the data provided by the client
* @param string &output OUTPUT parameter containing the returned text
* @param string &svc_msg OUTPUT parameter containing any service messages
* @return int Response code as defined in lib-plugins.php
*/
function service_get_staticpages($args, &$output, &$svc_msg)
{
global $_CONF, $_TABLES, $LANG_ACCESS, $LANG12, $LANG_STATIC, $LANG_LOGIN, $_SP_CONF;
$output = '';
$svc_msg['output_fields'] = array('sp_hits', 'sp_format', 'owner_id', 'group_id', 'perm_owner', 'perm_group', 'perm_members', 'perm_anon', 'sp_help', 'sp_php', 'sp_inblock', 'commentcode');
if (empty($args['sp_id']) && !empty($args['id'])) {
$args['sp_id'] = $args['id'];
}
if ($args['gl_svc']) {
if (isset($args['sp_id'])) {
$args['sp_id'] = COM_applyBasicFilter($args['sp_id']);
}
if (isset($args['mode'])) {
$args['mode'] = COM_applyBasicFilter($args['mode']);
}
if (empty($args['sp_id'])) {
$svc_msg['gl_feed'] = true;
} else {
$svc_msg['gl_feed'] = false;
}
} else {
$svc_msg['gl_feed'] = false;
}
if (!$svc_msg['gl_feed']) {
$page = '';
if (isset($args['sp_id'])) {
$page = $args['sp_id'];
}
$mode = '';
if (isset($args['mode'])) {
$mode = $args['mode'];
}
$error = 0;
if ($page == '') {
$error = 1;
}
$perms = SP_getPerms();
if (!empty($perms)) {
$perms = ' AND ' . $perms;
}
$sql = "SELECT sp_title,sp_content,sp_hits,sp_date,sp_format," . "commentcode,sp_uid,owner_id,group_id,perm_owner,perm_group," . "perm_members,perm_anon,sp_tid,sp_help,sp_php," . "sp_inblock FROM {$_TABLES['staticpage']} " . "WHERE (sp_id = '{$page}') AND (sp_status = 1)" . $perms;
$result = DB_query($sql);
$count = DB_numRows($result);
if ($count == 0 || $count > 1) {
$error = 1;
}
if (!$error) {
$output = DB_fetchArray($result, false);
// WE ASSUME $output doesn't have any confidential fields
if ($mode !== 'autotag') {
$_CONF['pagetitle'] = $output['sp_title'];
}
} else {
// an error occured (page not found, access denied, ...)
if (empty($page)) {
$failflg = 0;
} else {
$failflg = DB_getItem($_TABLES['staticpage'], 'sp_nf', "sp_id='{$page}'");
}
if ($failflg) {
if ($mode !== 'autotag') {
$output = COM_siteHeader('menu');
}
$output .= SEC_loginRequiredForm();
if ($mode !== 'autotag') {
$output .= COM_siteFooter();
}
} else {
if ($mode !== 'autotag') {
COM_404();
}
}
return PLG_RET_ERROR;
}
if ($args['gl_svc']) {
// This date format is PHP 5 only,
// but only the web-service uses the value
$output['published'] = date('c', strtotime($output['sp_date']));
$output['updated'] = date('c', strtotime($output['sp_date']));
$output['id'] = $page;
$output['title'] = $output['sp_title'];
$output['category'] = array($output['sp_tid']);
$output['content'] = $output['sp_content'];
$output['content_type'] = 'html';
$output['author_name'] = DB_getItem($_TABLES['users'], 'username', 'uid=' . (int) $output['owner_id']);
$output['link_edit'] = $page;
}
} else {
$output = array();
$mode = '';
if (isset($args['mode'])) {
$mode = $args['mode'];
}
$perms = SP_getPerms();
if (!empty($perms)) {
$perms = ' AND ' . $perms;
}
$offset = 0;
if (isset($args['offset'])) {
$offset = COM_applyBasicFilter($args['offset'], true);
}
$max_items = $_SP_CONF['atom_max_items'] + 1;
$limit = " LIMIT {$offset}, {$max_items}";
$order = " ORDER BY sp_date DESC";
$sql = "SELECT sp_id,sp_title,sp_content,sp_hits,sp_date,sp_format,owner_id," . "group_id,perm_owner,perm_group,perm_members,perm_anon,sp_tid,sp_help,sp_php," . "sp_inblock FROM {$_TABLES['staticpage']} WHERE (sp_status = 1)" . $perms . $order . $limit;
$result = DB_query($sql);
$count = 0;
while (($output_item = DB_fetchArray($result, false)) !== false) {
// WE ASSUME $output doesn't have any confidential fields
$count += 1;
if ($count == $max_items) {
$svc_msg['offset'] = $offset + $_SP_CONF['atom_max_items'];
break;
}
if ($args['gl_svc']) {
// This date format is PHP 5 only, but only the web-service uses the value
$output_item['published'] = date('c', strtotime($output_item['sp_date']));
$output_item['updated'] = date('c', strtotime($output_item['sp_date']));
$output_item['id'] = $output_item['sp_id'];
$output_item['title'] = $output_item['sp_title'];
$output_item['category'] = array($output_item['sp_tid']);
$output_item['content'] = $output_item['sp_content'];
$output_item['content_type'] = 'html';
$output_item['author_name'] = DB_getItem($_TABLES['users'], 'username', 'uid=' . (int) $output['owner_id']);
}
$output[] = $output_item;
}
}
return PLG_RET_OK;
}
/**
* Create the banner list depending on the category given
*
* @param array $message message(s) to display
* @return string the banner page
*
*/
function banner_list($message)
{
global $_CONF, $_TABLES, $_BAN_CONF, $LANG_BANNER_ADMIN, $LANG_BANNER, $LANG_BANNER_STATS;
$cid = $_BAN_CONF['root'];
$display = '';
if (isset($_GET['category'])) {
$cid = strip_tags(COM_stripslashes($_GET['category']));
} elseif (isset($_POST['category'])) {
$cid = strip_tags(COM_stripslashes($_POST['category']));
}
$cat = addslashes($cid);
$page = 0;
if (isset($_GET['page'])) {
$page = COM_applyFilter($_GET['page'], true);
}
if ($page == 0) {
$page = 1;
}
if (empty($cid)) {
if ($page > 1) {
$page_title = sprintf($LANG_BANNER[114] . ' (%d)', $page);
} else {
$page_title = $LANG_BANNER[114];
}
} else {
if ($cid == $_BAN_CONF['root']) {
$category = $LANG_BANNER['root'];
} else {
$category = DB_getItem($_TABLES['bannercategories'], 'category', "cid = '{$cat}'");
}
if ($page > 1) {
$page_title = sprintf($LANG_BANNER[114] . ': %s (%d)', $category, $page);
} else {
$page_title = sprintf($LANG_BANNER[114] . ': %s', $category);
}
}
// Check has access to this category
if ($cid != $_BAN_CONF['root']) {
$result = DB_query("SELECT owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon FROM {$_TABLES['bannercategories']} WHERE cid='{$cat}'");
$A = DB_fetchArray($result);
if (SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']) < 2) {
$display .= COM_siteHeader('menu', $page_title);
$display .= COM_showMessage(5, 'banner');
$display .= COM_siteFooter();
echo $display;
exit;
}
}
$display .= COM_siteHeader('menu', $page_title);
if (is_array($message) && !empty($message[0])) {
$display .= COM_startBlock($message[0], '', COM_getBlockTemplate('_msg_block', 'header'));
$display .= $message[1];
$display .= COM_endBlock(COM_getBlockTemplate('_msg_block', 'footer'));
} else {
if (isset($_REQUEST['msg'])) {
$msg = COM_applyFilter($_REQUEST['msg'], true);
if ($msg > 0) {
$display .= COM_showMessage($msg, 'banner');
}
}
}
$bannerlist = new Template($_CONF['path'] . 'plugins/banner/templates/');
$bannerlist->set_file(array('bannerlist' => 'banner.thtml', 'catbanner' => 'categorybanner.thtml', 'banner' => 'bannerdetails.thtml', 'catnav' => 'categorynavigation.thtml', 'catrow' => 'categoryrow.thtml', 'catcol' => 'categorycol.thtml', 'actcol' => 'categoryactivecol.thtml', 'pagenav' => 'pagenavigation.thtml', 'catdrop' => 'categorydropdown.thtml'));
$bannerlist->set_var('xhtml', XHTML);
$bannerlist->set_var('blockheader', COM_startBlock($LANG_BANNER[114]));
$bannerlist->set_var('layout_url', $_CONF['layout_url']);
if ($_BAN_CONF['bannercols'] > 0) {
// Create breadcrumb trail
$bannerlist->set_var('breadcrumbs', banner_breadcrumbs($_BAN_CONF['root'], $cid));
// Set dropdown for category jump
$bannerlist->set_var('lang_go', $LANG_BANNER[124]);
$bannerlist->set_var('banner_dropdown', banner_select_box(2, $cid));
// Show categories
$sql = "SELECT cid,pid,category,description FROM {$_TABLES['bannercategories']} WHERE pid='{$cat}'";
$sql .= COM_getLangSQL('cid', 'AND');
$sql .= COM_getPermSQL('AND') . " ORDER BY category";
$result = DB_query($sql);
$nrows = DB_numRows($result);
if ($nrows > 0) {
$bannerlist->set_var('lang_categories', $LANG_BANNER_ADMIN[14]);
for ($i = 1; $i <= $nrows; $i++) {
$C = DB_fetchArray($result);
// Get number of child banner user can see in this category
$ccid = addslashes($C['cid']);
$result1 = DB_query("SELECT COUNT(*) AS count FROM {$_TABLES['banner']} WHERE cid='{$ccid}'" . COM_getPermSQL('AND'));
$D = DB_fetchArray($result1);
// Get number of child categories user can see in this category
$result2 = DB_query("SELECT COUNT(*) AS count FROM {$_TABLES['bannercategories']} WHERE pid='{$ccid}'" . COM_getPermSQL('AND'));
$E = DB_fetchArray($result2);
// Format numbers for display
$display_count = '';
// don't show zeroes
if ($E['count'] > 0) {
$display_count = COM_numberFormat($E['count']);
}
if ($E['count'] > 0 && $D['count'] > 0) {
$display_count .= ', ';
}
if ($D['count'] > 0) {
$display_count .= COM_numberFormat($D['count']);
}
// add brackets if child items exist
if ($display_count != '') {
$display_count = '(' . $display_count . ')';
}
$bannerlist->set_var('category_name', $C['category']);
if ($_BAN_CONF['show_category_descriptions']) {
$bannerlist->set_var('category_description', $C['description']);
} else {
$bannerlist->set_var('category_description', '');
}
$bannerlist->set_var('category_link', $_CONF['site_url'] . '/banner/index.php?category=' . urlencode($C['cid']));
$bannerlist->set_var('category_count', $display_count);
$bannerlist->set_var('width', floor(100 / $_BAN_CONF['bannercols']));
if (!empty($cid) && $cid == $C['cid']) {
$bannerlist->parse('category_col', 'actcol', true);
} else {
$bannerlist->parse('category_col', 'catcol', true);
}
if ($i % $_BAN_CONF['bannercols'] == 0) {
$bannerlist->parse('category_row', 'catrow', true);
$bannerlist->set_var('category_col', '');
}
}
if ($nrows % $_BAN_CONF['bannercols'] != 0) {
$bannerlist->parse('category_row', 'catrow', true);
}
$bannerlist->parse('category_navigation', 'catnav', true);
} else {
$bannerlist->set_var('category_navigation', '');
}
} else {
$bannerlist->set_var('category_navigation', '');
}
if ($_BAN_CONF['bannercols'] == 0) {
$bannerlist->set_var('category_dropdown', '');
} else {
$bannerlist->parse('category_dropdown', 'catdrop', true);
}
$bannerlist->set_var('site_url', $_CONF['site_url']);
$bannerlist->set_var('cid', $cid);
$bannerlist->set_var('cid_plain', $cid);
$bannerlist->set_var('cid_encoded', urlencode($cid));
$bannerlist->set_var('lang_addabanner', $LANG_BANNER[116]);
// Build SQL for banner
$sql = 'SELECT bid,cid,url,description,title,hits,owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon';
$from_where = " FROM {$_TABLES['banner']}";
if ($_BAN_CONF['bannercols'] > 0) {
if (!empty($cid)) {
$from_where .= " WHERE cid='" . addslashes($cid) . "'";
} else {
$from_where .= " WHERE cid=''";
}
$from_where .= ' AND (publishstart IS NULL OR publishstart < NOW()) and (publishend IS NULL OR publishend > NOW())';
$from_where .= COM_getPermSQL('AND');
} else {
$from_where .= COM_getPermSQL();
}
$order = ' ORDER BY cid ASC,title';
$limit = '';
if ($_BAN_CONF['bannerperpage'] > 0) {
if ($page < 1) {
$start = 0;
} else {
$start = ($page - 1) * $_BAN_CONF['bannerperpage'];
}
$limit = ' LIMIT ' . $start . ',' . $_BAN_CONF['bannerperpage'];
}
$result = DB_query($sql . $from_where . $order . $limit);
$nrows = DB_numRows($result);
if ($nrows == 0) {
if ($cid == $_BAN_CONF['root'] && $page <= 1 && $_BAN_CONF['show_top10']) {
$result = DB_query("SELECT bid,url,title,description,hits,owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon FROM {$_TABLES['banner']} WHERE (hits > 0) AND (publishstart IS NULL OR publishstart < NOW()) and (publishend IS NULL OR publishend > NOW())" . COM_getPermSQL('AND') . " ORDER BY hits DESC LIMIT 10");
$nrows = DB_numRows($result);
if ($nrows > 0) {
$bannerlist->set_var('banner_details', '');
$bannerlist->set_var('banner_category', $LANG_BANNER_STATS['stats_headline']);
for ($i = 0; $i < $nrows; $i++) {
$A = DB_fetchArray($result);
prepare_banner_item($A, $bannerlist);
$bannerlist->parse('banner_details', 'banner', true);
}
$bannerlist->parse('category_banner', 'catbanner', true);
}
}
$bannerlist->set_var('page_navigation', '');
} else {
$currentcid = '';
for ($i = 0; $i < $nrows; $i++) {
$A = DB_fetchArray($result);
if (strcasecmp($A['cid'], $currentcid) != 0) {
// print the category and banner
if ($i > 0) {
$bannerlist->parse('category_banner', 'catbanner', true);
$bannerlist->set_var('banner_details', '');
}
$currentcid = $A['cid'];
$currentcategory = DB_getItem($_TABLES['bannercategories'], 'category', "cid = '" . addslashes($currentcid) . "'");
$bannerlist->set_var('banner_category', $currentcategory);
}
prepare_banner_item($A, $bannerlist);
$bannerlist->parse('banner_details', 'banner', true);
}
$bannerlist->parse('category_banner', 'catbanner', true);
$result = DB_query('SELECT COUNT(*) AS count ' . $from_where);
list($numbanner) = DB_fetchArray($result);
$pages = 0;
if ($_BAN_CONF['bannerperpage'] > 0) {
$pages = (int) ($numbanner / $_BAN_CONF['bannerperpage']);
if ($numbanner % $_BAN_CONF['bannerperpage'] > 0) {
$pages++;
}
}
if ($pages > 0) {
if ($_BAN_CONF['bannercols'] > 0 && !empty($currentcid)) {
$catbanner = '?category=' . urlencode($currentcid);
} else {
$catbanner = '';
}
$bannerlist->set_var('page_navigation', COM_printPageNavigation($_CONF['site_url'] . '/banner/index.php' . $catbanner, $page, $pages));
} else {
$bannerlist->set_var('page_navigation', '');
}
}
$bannerlist->set_var('blockfooter', COM_endBlock());
$bannerlist->parse('output', 'bannerlist');
$display .= $bannerlist->finish($bannerlist->get_var('output'));
return $display;
}
} elseif (isset($_GET[$provided])) {
$action = $provided;
}
}
switch ($action) {
case 'banbutton_x':
if (SEC_checkToken()) {
$msg = SFS_banUsers();
$pageBody .= COM_showMessageText($msg) . SFS_adminList();
} else {
COM_accessLog('User ' . $_USER['username'] . ' tried to ban users and failed CSRF checks.');
echo COM_refresh($_CONF['site_admin_url'] . '/index.php');
}
break;
case 'delbutton_x':
if (SEC_checkToken()) {
$msg = SFS_delUsers();
$pageBody .= COM_showMessageText($msg) . SFS_adminList();
} else {
COM_accessLog('User ' . $_USER['username'] . ' tried to del users and failed CSRF checks.');
echo COM_refresh($_CONF['site_admin_url'] . '/index.php');
}
break;
default:
$pageBody .= SFS_adminList();
break;
}
$display = COM_siteHeader('menu', $LANG_SFS['title']);
$display .= $pageBody;
$display .= COM_siteFooter();
echo $display;
COM_output($display);
} else {
if ($mode == $LANG_ADMIN['save'] && !empty($LANG_ADMIN['save']) && SEC_checkToken()) {
submitstory();
} else {
// 'cancel' or no mode at all
$type = '';
if (isset($_POST['type'])) {
$type = COM_applyFilter($_POST['type']);
}
if ($mode == $LANG24[10] && !empty($LANG24[10]) && $type == 'submission') {
$display = COM_refresh($_CONF['site_admin_url'] . '/moderation.php');
} else {
$current_topic = '';
if (empty($mode)) {
if (!empty($_GET['tid'])) {
$current_topic = COM_applyFilter($_GET['tid']);
} elseif (!empty($_POST['tid'])) {
$current_topic = COM_applyFilter($_POST['tid']);
}
}
$display .= COM_siteHeader('menu', $LANG24[22]);
$display .= COM_showMessageFromParameter();
$display .= liststories($current_topic);
$display .= COM_siteFooter();
}
COM_output($display);
}
}
}
}
$lid = COM_applyFilter($_GET['lid'], true);
}
$display = '';
$display .= COM_startBlock("<b>" . _MD_RATEFILETITLE . "</b>");
$result = DB_query("SELECT title FROM {$_FM_TABLES['filemgmt_filedetail']} WHERE lid='{$lid}'");
list($title) = DB_fetchArray($result);
$title = $myts->makeTboxData4Show($title);
$display .= '<table border="0" cellpadding="1" cellspacing="0" width="80%" class="plugin"><tr>';
$display .= '<td class="pluginHeader">' . _MD_FILE . ': ' . $title . '</td></tr>';
$display .= '<tr><td style="padding:10px;"><ul>';
$display .= '<li>' . _MD_VOTEONCE . '</li>';
$display .= '<li>' . _MD_RATINGSCALE . '</li>';
$display .= '<li>' . _MD_BEOBJECTIVE . '</li>';
$display .= '<li>' . _MD_DONOTVOTE . '</li>';
$display .= "\n </ul></td></tr><tr><td style=\"text-align:center;\">\n <form method=\"post\" action=\"ratefile.php\"><div>\n <input type=\"hidden\" name=\"lid\" value=\"{$lid}\"" . XHTML . ">\n <select name=\"rating\"><option>--</option>";
for ($i = 10; $i > 0; $i--) {
$display .= "<option value=\"" . $i . "\">" . $i . "</option>\n";
}
$display .= "</select><br" . XHTML . "><br" . XHTML . ">";
$display .= "<input type=\"submit\" name=\"submit\" value=\"" . _MD_RATEIT . "\"" . XHTML . ">\n";
$display .= " <input type=\"button\" value=\"" . _MD_CANCEL;
$display .= "\" onclick=\"javascript:history.go(-1)\"" . XHTML . ">\n";
$display .= "</div></form></td></tr></table>";
$display .= COM_endBlock();
if (function_exists('COM_createHTMLDocument')) {
$display = COM_createHTMLDocument($display);
} else {
$display = COM_siteHeader() . $display . COM_siteFooter();
}
COM_output($display);
}
case 'edit':
echo COM_refresh($_CONF['site_url'] . "/admin/plugins/maps/marker_edit.php");
exit;
break;
//Edit marker sumission
//Edit marker sumission
case 'editsubmission':
$id = $_REQUEST['id'];
echo COM_refresh($_CONF['site_url'] . "/admin/plugins/maps/marker_edit.php?mode=editsubmission&mkid={$id}");
exit;
break;
case 'setgeolocation':
MAPS_setGeoLocation();
echo COM_refresh($_CONF['site_url'] . "/admin/plugins/maps/index.php?msg=" . urlencode($LANG_MAPS_1['set_geo_location']));
exit;
break;
default:
$display = COM_siteHeader('menu', $LANG_MAPS_1['plugin_name']);
$display .= MAPS_admin_menu();
if (!empty($_REQUEST['msg'])) {
$display .= COM_startBlock($LANG_MAPS_1['message'], '', 'blockheader-message.thtml');
$display .= $_REQUEST['msg'];
$display .= COM_endBlock('blockfooter-message.thtml');
}
$display .= '<img src="' . $_CONF['site_admin_url'] . '/plugins/maps/images/maps.png" alt="" align="left" hspace="5">' . '<p>' . $LANG_MAPS_1['plugin_doc'] . ' <a href="http://geeklog.fr/downloads/index.php/maps" target="_blank">' . $LANG_MAPS_1['online'] . '</a>.</p>';
$display .= '<br /><h1>' . $LANG_MAPS_1['maps_list'] . '</h1>';
$display .= '<p>' . $LANG_MAPS_1['you_can'] . '<a href="' . $_CONF['site_url'] . '/admin/plugins/maps/map_edit.php">' . $LANG_MAPS_1['create_map'] . '</a>.</p><p> </p>';
$display .= MAPS_listmaps();
$display .= COM_siteFooter(0);
}
COM_output($display);
$tables = explode('|', $_POST['groupmembers']);
$items['lglib_dbback_exclude'] = DB_escapeString(@serialize($tables));
$items['lglib_dbback_files'] = (int) $_POST['db_backup_maxfiles'];
if (isset($_POST['disable_cron'])) {
$str = '-1';
} else {
$str = (int) $_POST['db_backup_interval'];
}
$items['lglib_dbback_cron'] = $str;
$items['lglib_dbback_gzip'] = isset($_POST['use_gzip']) ? 1 : 0;
foreach ($items as $name => $value) {
$sql = "INSERT INTO {$_TABLES['vars']} (name, value)\n VALUES ('{$name}', '{$value}')\n ON DUPLICATE KEY UPDATE value='{$value}'";
DB_query($sql);
}
break;
}
switch ($view) {
case 'config':
$content .= DBADMIN_configBackup();
break;
case 'none':
break;
default:
SEC_createToken();
$content .= DBADMIN_list();
break;
}
$display .= COM_siteHeader('menu', $pi_title);
$display .= $content;
$display .= COM_siteFooter();
echo $display;
/**
* This will save a submission
*
* @param string $type Type of submission we are dealing with
* @param array $A Data for that submission
*
*/
function savesubmission($type, $A)
{
global $_CONF, $_TABLES, $_USER, $LANG12;
$retval = COM_siteHeader();
COM_clearSpeedlimit($_CONF['speedlimit'], 'submit');
$last = COM_checkSpeedlimit('submit');
if ($last > 0) {
$retval .= COM_startBlock($LANG12[26], '', COM_getBlockTemplate('_msg_block', 'header')) . $LANG12[30] . $last . $LANG12[31] . COM_endBlock(COM_getBlockTemplate('_msg_block', 'footer')) . COM_siteFooter();
return $retval;
}
if (!empty($type) && $type != 'story') {
// Update the submitspeedlimit for user - assuming Plugin approves
// submission record
COM_updateSpeedlimit('submit');
// see if this is a submission that needs to be handled by a plugin
// and should include its own redirect
$retval = PLG_saveSubmission($type, $A);
if ($retval === false) {
COM_errorLog("Could not save your submission. Bad type: {$type}");
} elseif (empty($retval)) {
// plugin should include its own redirect - but in case handle
// it here and redirect to the main page
return COM_refresh($_CONF['site_url'] . '/index.php');
} else {
return $retval;
}
}
if (!empty($A['title']) && !empty($A['introtext'])) {
$retval = savestory($A);
} else {
$retval .= COM_startBlock($LANG12[22], '', COM_getBlockTemplate('_msg_block', 'header')) . $LANG12[23] . COM_endBlock(COM_getBlockTemplate('_msg_block', 'footer')) . submissionform($type) . COM_siteFooter();
}
return $retval;
}
/**
* Show main plugin screen: installed and uninstalled plugins, upload form
*
* @param string $message (optional) message to display
* @param string $token an optional csrf token
* @return string HTML for the plugin screen
*
*/
function plugin_main($message = '', $token = '')
{
global $LANG32;
$retval = '';
$retval .= COM_siteHeader('menu', $LANG32[5]);
if (!empty($message)) {
$retval .= COM_showMessageText($message);
} else {
$retval .= COM_showMessageFromParameter();
}
if (empty($token)) {
$token = SEC_createToken();
}
$retval .= listplugins($token);
if (SEC_hasRights('plugin.install')) {
$retval .= show_newplugins($token);
}
// Show the upload form or an error message
$retval .= plugin_show_uploadform($token);
$retval .= COM_siteFooter();
return $retval;
}
if ($topic) {
$header = '<link rel="microsummary" href="' . $_CONF['site_url'] . '/index.php?display=microsummary&topic=' . urlencode($topic) . '" title="Microsummary"' . XHTML . '>';
// Meta Tags
if ($_CONF['meta_tags'] > 0) {
$result = DB_query("SELECT meta_description, meta_keywords FROM {$_TABLES['topics']} WHERE tid = '{$topic}'");
$A = DB_fetchArray($result);
$meta_description = stripslashes($A['meta_description']);
$meta_keywords = stripslashes($A['meta_keywords']);
//$meta_description = stripslashes( DB_getItem( $_TABLES['topics'], 'meta_description', "tid = '$topic'" ));
//$meta_keywords = stripslashes( DB_getItem( $_TABLES['topics'], 'meta_keywords', "tid = '$topic'" ));
$header .= COM_createMetaTags($meta_description, $meta_keywords);
}
} else {
$header = '<link rel="microsummary" href="' . $_CONF['site_url'] . '/index.php?display=microsummary" title="Microsummary"' . XHTML . '>';
}
$display .= COM_siteHeader('menu', '', $header);
if (isset($_GET['msg'])) {
$plugin = '';
if (isset($_GET['plugin'])) {
$plugin = COM_applyFilter($_GET['plugin']);
}
$display .= COM_showMessage(COM_applyFilter($_GET['msg'], true), $plugin);
}
if (SEC_inGroup('Root') && $page == 1) {
$done = DB_getItem($_TABLES['vars'], 'value', "name = 'security_check'");
if ($done != 1) {
/**
* we don't have the path to the admin directory, so try to figure it
* out from $_CONF['site_admin_url']
* @todo FIXME: this duplicates some code from admin/sectest.php
*/
$album_id = COM_applyFilter($_GET['aid'], true);
$media_id = COM_applyFilter($_GET['mid']);
$T = new Template(MG_getTemplatePath($album_id));
$T->set_file('page', 'view_image.thtml');
$T->set_var('header', $LANG_MG00['plugin']);
$T->set_var('site_url', $_CONF['site_url']);
$T->set_var('plugin', 'mediagallery');
//
// -- Verify that image really does belong to this album
//
$sql = "SELECT * FROM " . $_TABLES['mg_media_albums'] . " WHERE media_id='" . DB_escapeString($mid) . "' AND album_id='" . intval($aid) . "'";
$result = DB_query($sql);
if (DB_numRows($result) < 1) {
die("ERROR #2");
}
// Get Album Info...
$sql = "SELECT * FROM " . $_TABLES['mg_albums'] . " WHERE album_id=" . intval($album_id);
$result = DB_query($sql);
$row = DB_fetchArray($result);
// Check access rights
$access = SEC_hasAccess($row['owner_id'], $row['group_id'], $row['perm_owner'], $row['perm_group'], $row['perm_members'], $row['perm_anon']);
if ($access == 0) {
$display .= COM_siteHeader('menu') . COM_showMessageText($LANG_MG00['access_denied_msg'], $LANG_ACCESS['accessdenied'], true) . COM_siteFooter();
echo $display;
exit;
}
$sql = "SELECT * FROM " . $_TABLES['mg_media'] . " WHERE media_id='" . DB_escapeString($media_id) . "'";
$result = DB_query($sql);
$row = DB_fetchArray($result);
echo '<img src="' . $_MG_CONF['mediaobjects_url'] . '/disp/' . $row['media_filename'][0] . '/' . $row['media_filename'] . '.jpg' . '">';
exit;
/**
* Get an existing static page
*
* @param array args Contains all the data provided by the client
* @param string &output OUTPUT parameter containing the returned text
* @param string &svc_msg OUTPUT parameter containing any service messages
* @return int Response code as defined in lib-plugins.php
*/
function service_get_staticpages($args, &$output, &$svc_msg)
{
global $_CONF, $_TABLES, $LANG_ACCESS, $LANG12, $LANG_STATIC, $_SP_CONF;
$output = '';
$svc_msg['output_fields'] = array('sp_hits', 'sp_format', 'draft_flag', 'owner_id', 'group_id', 'perm_owner', 'perm_group', 'perm_members', 'perm_anon', 'sp_help', 'sp_php', 'sp_inblock', 'commentcode');
if (empty($args['sp_id']) && !empty($args['id'])) {
$args['sp_id'] = $args['id'];
}
if ($args['gl_svc']) {
if (isset($args['sp_id'])) {
$args['sp_id'] = COM_applyBasicFilter($args['sp_id']);
}
if (isset($args['mode'])) {
$args['mode'] = COM_applyBasicFilter($args['mode']);
}
if (empty($args['sp_id'])) {
$svc_msg['gl_feed'] = true;
} else {
$svc_msg['gl_feed'] = false;
}
} else {
$svc_msg['gl_feed'] = false;
}
if (!$svc_msg['gl_feed']) {
$page = '';
if (isset($args['sp_id'])) {
$page = $args['sp_id'];
}
$mode = '';
if (isset($args['mode'])) {
$mode = $args['mode'];
}
$error = 0;
if ($page == '') {
$error = 1;
}
$perms = SP_getPerms();
if (!SEC_hasRights('staticpages.edit')) {
if (!empty($perms)) {
$perms .= ' AND';
}
$perms .= '(draft_flag = 0)';
}
if (!empty($perms)) {
$perms = ' AND ' . $perms;
}
$sql = array();
$sql['mysql'] = "SELECT sp_title,sp_page_title,sp_content,sp_hits,created,modified,sp_format," . "commentcode,meta_description,meta_keywords,template_flag,template_id,draft_flag," . "owner_id,group_id,perm_owner,perm_group," . "perm_members,perm_anon,sp_tid,sp_help,sp_php," . "sp_inblock FROM {$_TABLES['staticpage']} " . "WHERE (sp_id = '{$page}')" . $perms;
$sql['mssql'] = "SELECT sp_title,sp_page_title," . "CAST(sp_content AS text) AS sp_content,sp_hits," . "created,modified,sp_format,commentcode," . "CAST(meta_description AS text) AS meta_description," . "CAST(meta_keywords AS text) AS meta_keywords,template_flag,template_id,draft_flag," . "owner_id,group_id,perm_owner,perm_group,perm_members," . "perm_anon,sp_tid,sp_help,sp_php,sp_inblock " . "FROM {$_TABLES['staticpage']} WHERE (sp_id = '{$page}')" . $perms;
$sql['pgsql'] = "SELECT sp_title,sp_page_title,sp_content,sp_hits," . "created,modified,sp_format," . "commentcode,meta_description,meta_keywords,template_flag,template_id,draft_flag," . "owner_id,group_id,perm_owner,perm_group," . "perm_members,perm_anon,sp_tid,sp_help,sp_php," . "sp_inblock FROM {$_TABLES['staticpage']} " . "WHERE (sp_id = '{$page}')" . $perms;
$result = DB_query($sql);
$count = DB_numRows($result);
if ($count == 0 || $count > 1) {
$error = 1;
}
if (!$error) {
$output = DB_fetchArray($result, false);
// WE ASSUME $output doesn't have any confidential fields
if ($output['template_id'] != '') {
$retval = '';
$mode = '';
$xmlObject = simplexml_load_string($output['sp_content']);
// create array of XML data
$tag = array();
foreach ($xmlObject->variable as $variable) {
$key = $variable["name"] . '';
$value = $variable->data;
$tag[$key] = $value;
}
// Loop through variables to replace any autotags first
foreach ($tag as &$value) {
$value = PLG_replaceTags($value);
}
$args = array('sp_id' => $output['template_id'], 'mode' => $mode, 'gl_svc' => '');
$svc_msg = array();
if (PLG_invokeService('staticpages', 'get', $args, $retval, $svc_msg) == PLG_RET_OK) {
$retval['sp_content'] = str_replace(array_keys($tag), array_values($tag), $retval['sp_content']);
$output['sp_content'] = $retval['sp_content'];
}
}
} else {
// an error occured (page not found, access denied, ...)
/**
* if the user has edit permissions and the page does not exist,
* send them to the editor so they can create it "wiki style"
*/
$create_page = false;
if ($mode !== 'autotag' && $count == 0 && SEC_hasRights('staticpages.edit')) {
// check again without permissions
if (DB_count($_TABLES['staticpage'], 'sp_id', $page) == 0) {
$url = $_CONF['site_admin_url'] . '/plugins/staticpages/index.php?mode=edit&sp_new_id=' . $page . '&msg=21';
$output = COM_refresh($url);
$create_page = true;
}
}
if (!$create_page) {
if (empty($page)) {
$failflg = 0;
} else {
$failflg = DB_getItem($_TABLES['staticpage'], 'sp_nf', "sp_id = '{$page}'");
}
if ($failflg) {
if ($mode !== 'autotag') {
$output = COM_siteHeader('menu');
}
$output .= SEC_loginRequiredForm();
if ($mode !== 'autotag') {
$output .= COM_siteFooter(true);
}
} else {
if ($mode !== 'autotag') {
$output = COM_siteHeader('menu');
}
$output .= COM_startBlock($LANG_ACCESS['accessdenied'], '', COM_getBlockTemplate('_msg_block', 'header'));
$output .= $LANG_STATIC['deny_msg'];
$output .= COM_endBlock(COM_getBlockTemplate('_msg_block', 'footer'));
if ($mode !== 'autotag') {
$output .= COM_siteFooter(true);
}
}
}
return PLG_RET_ERROR;
}
if ($args['gl_svc']) {
// This date format is PHP 5 only,
// but only the web-service uses the value
$output['published'] = date('c', strtotime($output['created']));
$output['updated'] = date('c', strtotime($output['modified']));
$output['id'] = $page;
$output['title'] = $output['sp_title'];
$output['page_title'] = $output['sp_page_title'];
$output['category'] = array($output['sp_tid']);
$output['content'] = $output['sp_content'];
$output['content_type'] = 'html';
$owner_data = SESS_getUserDataFromId($output['owner_id']);
$output['author_name'] = $owner_data['username'];
$output['link_edit'] = $page;
}
} else {
$output = array();
$mode = '';
if (isset($args['mode'])) {
$mode = $args['mode'];
}
$perms = SP_getPerms();
if (!empty($perms)) {
$perms = ' WHERE ' . $perms;
}
$offset = 0;
if (isset($args['offset'])) {
$offset = COM_applyBasicFilter($args['offset'], true);
}
$max_items = $_SP_CONF['atom_max_items'] + 1;
$limit = " LIMIT {$offset}, {$max_items}";
$order = " ORDER BY modified DESC";
$sql = array();
$sql['mysql'] = "SELECT sp_id,sp_title,sp_page_title,sp_content,sp_hits,created,modified,sp_format,meta_description,meta_keywords,template_flag,template_id,draft_flag,owner_id," . "group_id,perm_owner,perm_group,perm_members,perm_anon,sp_tid,sp_help,sp_php," . "sp_inblock FROM {$_TABLES['staticpage']}" . $perms . $order . $limit;
$sql['mssql'] = "SELECT sp_id,sp_title,sp_page_title,CAST(sp_content AS text) AS sp_content,sp_hits," . "created,modified,sp_format,CAST(meta_description AS text) AS meta_description,CAST(meta_keywords AS text) AS meta_keywords,template_flag,template_id,draft_flag,owner_id,group_id,perm_owner,perm_group,perm_members," . "perm_anon,sp_tid,sp_help,sp_php,sp_inblock FROM {$_TABLES['staticpage']}" . $perms . $order . $limit;
$sql['pgsql'] = "SELECT sp_id,sp_title,sp_page_title,sp_content,sp_hits,created,modified,sp_format,meta_description,meta_keywords,template_flag,template_id,draft_flag,owner_id," . "group_id,perm_owner,perm_group,perm_members,perm_anon,sp_tid,sp_help,sp_php," . "sp_inblock FROM {$_TABLES['staticpage']}" . $perms . $order . $limit;
$result = DB_query($sql);
$count = 0;
while (($output_item = DB_fetchArray($result, false)) !== false) {
// WE ASSUME $output doesn't have any confidential fields
$count += 1;
if ($count == $max_items) {
$svc_msg['offset'] = $offset + $_SP_CONF['atom_max_items'];
break;
}
if ($args['gl_svc']) {
// This date format is PHP 5 only, but only the web-service uses the value
$output_item['published'] = date('c', strtotime($output_item['created']));
$output_item['updated'] = date('c', strtotime($output_item['modified']));
$output_item['id'] = $output_item['sp_id'];
$output_item['title'] = $output_item['sp_title'];
$output_item['page_title'] = $output_item['sp_page_title'];
$output_item['category'] = array($output_item['sp_tid']);
$output_item['content'] = $output_item['sp_content'];
$output_item['content_type'] = 'html';
$owner_data = SESS_getUserDataFromId($output_item['owner_id']);
$output_item['author_name'] = $owner_data['username'];
}
$output[] = $output_item;
}
}
return PLG_RET_OK;
}
global $_CONF, $_DB, $_TABLES, $_USER, $_GUS_VARS;
$_DB->setDisplayError(TRUE);
require_once $_CONF['path'] . 'plugins/gus/sql/gus.php';
// build tables
foreach ($_SQL as $sql) {
DB_query($sql);
}
// insert data
foreach ($_DATA as $data) {
DB_query($data);
}
}
/*
* Main Function
*/
$display = COM_siteHeader() . COM_startBlock($LANG_GUS00['install_header']);
$action = isset($_GET['action']) ? COM_applyFilter($_GET['action']) : '';
if ($action === 'install') {
if (plugin_install_gus()) {
$img_url = $_CONF['site_url'] . '/gus/images/' . $_GUS_IMG_name;
$blockManager = $_CONF['site_admin_url'] . '/block.php';
$admin_url = $_CONF['site_admin_url'] . '/plugins/gus/index.php';
$import_url = $_CONF['site_admin_url'] . '/plugins/gus/import.php';
$readme_url = $_CONF['site_admin_url'] . '/plugins/gus/readme.html';
$display .= "<img align=left src=\"{$img_url}\" alt='GUS Icon' width=48 height=48>" . '<p>I have created all the necessary tables and activated the Who\'s Online block. ' . "If you do not want to use it, then you may disable it by changing the GUS config.php file located in the plugins/gus directory. " . "<p>To configure GUS, go to the <a href=\"{$admin_url}\">admin page</a>.\n\t\t\tInformation about the various configuration options\tmay be found in the \n\t\t\t<a href=\"{$readme_url}#config\">README file</a>." . "<p>If you would like to support development of this plugin, there are some suggestions in the \n\t\t\t<a href=\"{$readme_url}#you\">README file</a>.";
// check for old stats to see if we should add an import link
if ($_ST_plugin_name != '') {
$stats_version = DB_getItem($_TABLES['plugins'], 'pi_version', "pi_name = '{$_ST_plugin_name}'");
$display .= "<hr>I notice you have the stats plugin version {$stats_version} installed as '{$_ST_plugin_name}'. ";
if ($stats_version !== '1.3') {
$display .= "<p>If you had version 1.3 installed, I could import its data. \n\t\t\t\t\tIf you update this in the future, you can import its data from \n\t\t\t\t\tthe <a href=\"{$admin_url}\">admin page</a>.";
$display .= COM_showMessage($msg, 'links');
$display .= links_list_categories($root);
$display .= COM_siteFooter();
// edit category
} else {
if ($mode == 'edit') {
$display .= COM_siteHeader('menu', $LANG_LINKS_ADMIN[56]);
$pid = '';
if (isset($_GET['pid'])) {
$pid = strip_tags(COM_stripslashes($_GET['pid']));
}
$cid = '';
if (isset($_GET['cid'])) {
$cid = strip_tags(COM_stripslashes($_GET['cid']));
}
$display .= links_edit_category($cid, $pid);
$display .= COM_siteFooter();
// nothing, so list categories
} else {
$display .= COM_siteHeader('menu', $LANG_LINKS_ADMIN[11]);
if (isset($_REQUEST['msg'])) {
$msg = COM_applyFilter($_REQUEST['msg'], true);
if ($msg > 0) {
$display .= COM_showMessage($msg, 'links');
}
}
$display .= links_list_categories($root);
$display .= COM_siteFooter();
}
}
COM_output($display);
$handlerID = COM_applyFilter($_POST['idhandler'], true);
$stepID = COM_applyFilter($_POST['idstepType'], true);
//$taskName = ppPrepareForDB($_POST['taskName'],true);
if (!get_magic_quotes_gpc()) {
$taskName = addslashes($_POST['taskName']);
} else {
$taskName = $_POST['taskName'];
}
$taskName = COM_killJS($taskName);
$op = COM_applyFilter($_POST['operation'], false);
$moveop = COM_applyFilter($_POST['moveoperation'], false);
$regen = COM_applyFilter($_POST['regenerate'], true);
$regenAllTasks = COM_applyFilter($_POST['regenerateAllLive'], true);
$taskassigntype = COM_applyFilter($_POST['taskassigntype']);
$retval = '';
echo COM_siteHeader('menu');
$navbar = new navbar();
$navbar->add_menuitem('My Tasks', $CONF_NF['TaskConsole_URL']);
if ($templateID > 0) {
$navbar->add_menuitem('Edit Template', $_CONF['site_admin_url'] . '/plugins/nexflow/index.php?templateID=' . $templateID);
$navbar->set_selected('Edit Template');
}
$navbar->add_menuitem('View Templates', $_CONF['site_admin_url'] . '/plugins/nexflow/templates.php');
$navbar->add_menuitem('Edit Handlers', $_CONF['site_admin_url'] . '/plugins/nexflow/handlers.php');
echo $navbar->generate();
if ($taskID == 0) {
$taskID = null;
}
// lets check the incoming operation.. if its save, then save either the existing data
// or create a new entry.
if ($moveop != '' || $moveop != null) {
/**
* Display message after a login error
*
* @param int $msg message number for custom handler
* @param string $message_title title for the message box
* @param string $message_text text of the message box
* @return void function does not return!
*
*/
function displayLoginErrorAndAbort($msg, $message_title, $message_text)
{
global $_CONF;
if ($_CONF['custom_registration'] && function_exists('CUSTOM_loginErrorHandler')) {
// Typically this will be used if you have a custom main site page
// and need to control the login process
CUSTOM_loginErrorHandler($msg);
} else {
@header($_SERVER['SERVER_PROTOCOL'] . ' 403 Forbidden');
@header('Status: 403 Forbidden');
$retval = COM_siteHeader('menu', $message_title) . COM_showMessageText($message_text, $message_title, false, 'error') . COM_siteFooter();
echo $retval;
}
// don't return
exit;
}
// | of the License, or (at your option) any later version. |
// | |
// | This program is distributed in the hope that it will be useful, |
// | but WITHOUT ANY WARRANTY; without even the implied warranty of |
// | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
// | GNU General Public License for more details. |
// | |
// | You should have received a copy of the GNU General Public License |
// | along with this program; if not, write to the Free Software Foundation, |
// | Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. |
// | |
// +--------------------------------------------------------------------------+
require_once '../../../lib-common.php';
require_once '../../auth.inc.php';
if (!SEC_hasRights('forum.edit')) {
$display = COM_siteHeader();
$display .= COM_startBlock($LANG_GF00['access_denied']);
$display .= $LANG_GF00['admin_only'];
$display .= COM_endBlock();
$display .= COM_siteFooter(true);
echo $display;
exit;
}
USES_forum_functions();
USES_forum_format();
USES_forum_admin();
if (isset($_POST['migrate']) && $_POST['migrate'] == $LANG_GF01['MIGRATE_NOW'] and $_POST['selforum'] != "select" and !empty($_POST['cb_chkentry'])) {
$num_stories = 0;
$num_posts = 0;
$forum = COM_applyFilter($_POST['selforum']);
foreach ($_POST['cb_chkentry'] as $sid) {
if (!empty($_CONF['ip_lookup'])) {
$iplookup = str_replace('*', $A['ip'], $_CONF['ip_lookup']);
$templates->set_var('start_ip_lookup_anchortag', '<a href="' . $iplookup . '" title="' . $LANG_BAD_BEHAVIOR['title_lookup_ip'] . '">');
$templates->set_var('end_ip_lookup_anchortag', '</a>');
} else {
$templates->set_var('start_ip_lookup_anchortag', '');
$templates->set_var('end_ip_lookup_anchortag', '');
}
$templates->parse('output', 'entry');
$retval .= $templates->finish($templates->get_var('output'));
$retval .= COM_endBlock(COM_getBlockTemplate('_admin_block', 'footer'));
return $retval;
}
// MAIN
$rightblocks = false;
$display .= COM_siteHeader('menu', $LANG_BAD_BEHAVIOR['page_title']);
if (isset($_GET['mode'])) {
$mode = COM_applyFilter($_GET['mode']);
} else {
$mode = 'list';
}
if ($mode == 'list') {
$page = isset($_GET['page']) ? COM_applyFilter($_GET['page'], true) : 0;
$display .= _bb_listEntries($page);
} else {
if ($mode == 'view') {
$id = isset($_GET['id']) ? COM_applyFilter($_GET['id'], true) : 0;
$page = isset($_GET['page']) ? COM_applyFilter($_GET['page'], true) : 0;
$display .= _bb_viewEntry($id, $page);
} else {
$page = isset($_GET['page']) ? COM_applyFilter($_GET['page'], true) : 0;
// | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
// | GNU General Public License for more details. |
// | |
// | You should have received a copy of the GNU General Public License |
// | along with this program; if not, write to the Free Software Foundation, |
// | Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. |
// | |
// +---------------------------------------------------------------------------+
//
include_once 'gf_functions.php';
require_once $_CONF['path'] . 'plugins/forum/debug.php';
// Common Debug Code
$ip = COM_applyFilter($_REQUEST['ip']);
$forum = COM_applyFilter($_REQUEST['forum'], true);
$op = COM_applyFilter($_REQUEST['op']);
echo COM_siteHeader();
echo COM_startBlock($LANG_GF96['gfipman']);
echo ppNavbar($navbarMenu, $LANG_GF06['7']);
if ($op == 'banip' && $ip != '') {
if ($_POST['sure'] == 'yes') {
DB_query("INSERT INTO {$_TABLES['gf_banned_ip']} (host_ip) VALUES ('{$ip}')");
forum_statusMessage($LANG_GF96['ipbanned'], $_CONF['site_admin_url'] . '/plugins/forum/ips.php', $LANG_GF96['ipbanned']);
echo COM_endBlock();
echo adminfooter();
echo COM_siteFooter();
exit;
}
if ($_POST['sure'] != 'yes') {
$ips_unban = new Template($_CONF['path_layout'] . 'forum/layout/admin');
$ips_unban->set_file(array('ips_unban' => 'ips_unban.thtml'));
$ips_unban->set_var('phpself', $_CONF['site_admin_url'] . '/plugins/forum/ips.php');
$result = DB_query("SELECT COUNT(*) AS num_pages FROM {$temp_table['name']} WHERE DAYOFMONTH( date ) = {$day}");
$row = DB_fetchArray($result, FALSE);
$pages += $row['num_pages'];
$T->set_var('pages', $row['num_pages']);
$date_compare = GUS_get_date_comparison('date', $year, $month, $day);
$result = DB_query("SELECT COUNT(*) AS num_stories FROM {$_TABLES['stories']} WHERE {$date_compare}");
$row = DB_fetchArray($result, FALSE);
$stories += $row['num_stories'];
$T->set_var('stories', $row['num_stories']);
$result = DB_query("SELECT COUNT(*) AS num_comments FROM {$_TABLES['comments']} WHERE {$date_compare}");
$row = DB_fetchArray($result, FALSE);
$comments += $row['num_comments'];
$T->set_var('comments', $row['num_comments']);
$result = DB_query("SELECT COUNT(*) AS num_links FROM {$temp_table['name']}\n\t\t\t\t\t\t\t\tWHERE page LIKE '%portal.php' AND query_string <> '' AND DAYOFMONTH( date ) = {$day}");
$row = DB_fetchArray($result, FALSE);
$linksf += $row['num_links'];
$T->set_var('linksf', $row['num_links']);
$T->Parse('ABlock', 'ROW', TRUE);
}
}
$T->set_var(array('period' => $LANG_GUS00['total'], 'anon' => $anon, 'reg' => $reg, 'pages' => $pages, 'stories' => $stories, 'comments' => $comments, 'linksf' => $linksf, 'google_paging' => $navlinks));
$title = date('F Y - ', mktime(0, 0, 0, $month, 1, $year)) . $LANG_GUS00['daily_title'];
$display = GUS_template_finish($T, $title);
if ($_GUS_cache and date('Yn') !== $year . $month) {
GUS_writecache($display);
}
GUS_remove_temp_table($temp_table);
}
echo COM_siteHeader($_GUS_CONF['show_left_blocks']);
echo $display;
echo COM_siteFooter($_GUS_CONF['show_right_blocks']);
