$oldumask = umask(0);
if (@mkdir($useruploadpath, 0777)) {
if (!@move_uploaded_file($_FILES["file"]["tmp_name"], $usernewfile)) {
$file_error["upload"] = $BL['be_fprivup_err3'] . ' (2)';
}
} else {
$file_error["upload"] = $BL['be_fprivup_err4'];
}
umask($oldumask);
}
if (is_file($usernewfile)) {
@chmod($usernewfile, 0666);
}
if (empty($file_error["upload"])) {
// store tags
_dbSaveCategories($file_tags, 'file', $new_fileId, ',');
//after successful upload go back to clear post (form) var
headerRedirect(PHPWCMS_URL . 'phpwcms.php?' . get_token_get_string('csrftoken') . '&do=files&f=0&uploaded=1');
} else {
echo $file_error["upload"] . "<br />";
$file_error["upload"] = str_replace('{VAL}', $phpwcms["admin_email"], $BL['be_fprivup_err6']);
mysql_query("DELETE FROM " . DB_PREPEND . "phpwcms_file WHERE f_id=" . $new_fileId . " AND f_uid=" . $_SESSION["wcs_user_id"] . ";", $db);
}
}
}
if (!ini_get('safe_mode') && function_exists('set_time_limit')) {
set_time_limit(30);
}
}
?>
<form action="phpwcms.php?do=files&f=0" method="post" enctype="multipart/form-data" name="uploadfile" id="uploadfile">
$result = _dbQuery($sql, 'INSERT');
if (isset($result['INSERT_ID'])) {
$new_fileId = $result['INSERT_ID'];
//Festlegen der aktuellen File-ID
$_file_extension = $file_ext ? '.' . $file_ext : '';
$wcs_newfilename = $file_hash . $_file_extension;
// changed for using hashed file names
$userftppath = PHPWCMS_ROOT . $phpwcms["ftp_path"];
$useruploadpath = PHPWCMS_ROOT . $phpwcms["file_path"];
$usernewfile = $useruploadpath . $wcs_newfilename;
$oldumask = umask(0);
if ($dir = @opendir($useruploadpath)) {
if (@copy($userftppath . $file, $usernewfile)) {
@unlink($userftppath . $file);
// store tags
_dbSaveCategories($ftp["tags"], 'file', $new_fileId, ',');
} else {
$file_error["upload"] = "Error while writing file to storage (1).";
}
}
} elseif (mysql_error()) {
$file_error["upload"] = 'MySQL Error while insert to DB: ' . mysql_error();
}
if (empty($file_error["upload"])) {
// now try to find 1st file having same named and replace it if related mark is set
if ($ftp["replace"]) {
$rsql = "SELECT * FROM " . DB_PREPEND . "phpwcms_file WHERE ";
$rsql .= "f_name=" . _dbEscape($file_name) . " AND f_kid=1 ";
$rsql .= "AND f_pid=" . $ftp["dir"] . " AND f_trash=0 AND f_id != " . $new_fileId . " LIMIT 1";
$rrow = _dbQuery($rsql);
if (isset($rrow[0]['f_id'])) {
$file_error["name"] = 1;
} else {
//Wenn Dateiname keine Erweiterung hat, dann Extension anhängen
if (trim(strtolower(FileExtension($file_name))) != trim($file_ext)) {
$file_name .= "." . $file_ext;
}
}
//Eintragen der aktualisierten Verzeichnisinfos
if (!isset($file_error)) {
$sql = "UPDATE " . DB_PREPEND . "phpwcms_file SET " . "f_name='" . aporeplace($file_name) . "', " . "f_pid=" . $file_pid . ", " . "f_aktiv=" . $file_aktiv . ", " . "f_public=" . $file_public . ", " . "f_shortinfo='" . aporeplace($file_shortinfo) . "', " . "f_longinfo='" . aporeplace($file_longinfo) . "', " . "f_keywords='" . $file_keys . "', " . "f_created='" . time() . "', " . "f_copyright='" . aporeplace($file_copyright) . "', " . "f_tags='" . aporeplace($file_tags) . "', " . "f_granted=" . $file_granted . ", " . "f_gallerystatus=" . $file_gallerydownload . ", " . (isset($file_vars) ? 'f_vars=' . _dbEscape(serialize($file_vars)) . ',' : '') . "f_sort=" . $file_sort . " " . "WHERE f_kid=1 AND f_id=" . $file_id;
if (empty($_SESSION["wcs_user_admin"])) {
$sql .= " AND f_uid=" . intval($_SESSION["wcs_user_id"]);
}
if ($result = mysql_query($sql, $db)) {
// store tags
_dbSaveCategories($file_tags, 'file', $file_id, ',');
//headerRedirect(PHPWCMS_URL."phpwcms.php?do=files&f=0");
} else {
$file_error["save_failed"] = 1;
}
}
}
//Ende Auswerten Formular
//Wenn ID angegeben, dann -> oder aber Root Verzeichnis
if ($file_id) {
$sql = "SELECT * FROM " . DB_PREPEND . "phpwcms_file WHERE f_id=" . $file_id;
if (empty($_SESSION["wcs_user_admin"])) {
$sql .= " AND f_uid=" . intval($_SESSION["wcs_user_id"]);
}
$sql .= " AND f_trash=0 AND f_kid=1 LIMIT 1";
if ($result = mysql_query($sql, $db) or die("error while reading file information")) {
} else {
$result = false;
}
} else {
// Update article summary data
$sql = "UPDATE " . DB_PREPEND . "phpwcms_article SET " . "article_cid=" . $article["article_catid"] . "," . "article_title=" . _dbEscape($article["article_title"]) . ", " . "article_alias=" . _dbEscape($article["article_alias"]) . ", " . "article_keyword=" . _dbEscape($article["article_keyword"]) . ", " . "article_aktiv=" . $article["article_aktiv"] . ", " . "article_begin=" . _dbEscape($article["article_begin"]) . ", " . "article_end=" . _dbEscape($article["article_end"]) . ", " . "article_subtitle=" . _dbEscape($article["article_subtitle"]) . ", " . "article_summary=" . _dbEscape($article["article_summary"]) . ", " . "article_redirect=" . _dbEscape($article["article_redirect"]) . ", " . "article_sort=" . _dbEscape($article["article_sort"]) . ", " . "article_username="******"article_username"]) . ", " . "article_notitle=" . $article["article_notitle"] . ", " . "article_hidesummary=" . $article["article_hidesummary"] . ", " . "article_image=" . _dbEscape(serialize($article['image'])) . ", " . "article_cache=" . _dbEscape($article["article_timeout"]) . ", " . "article_nosearch=" . _dbEscape($article['article_nosearch']) . ", " . "article_nositemap=" . $article['article_nositemap'] . ", " . "article_aliasid=" . $article['article_aliasid'] . ", " . "article_headerdata=" . $article['article_headerdata'] . ", " . "article_morelink=" . $article['article_morelink'] . ", " . "article_noteaser=" . $article['article_noteaser'] . ", " . "article_pagetitle=" . _dbEscape($article['article_pagetitle']) . ", " . "article_paginate=" . $article['article_paginate'] . ", " . "article_priorize=" . $article['article_priorize'] . ", " . "article_norss=" . $article['article_norss'] . ", " . "article_archive_status=" . $article['article_archive_status'] . ", " . "article_menutitle=" . _dbEscape($article["article_menutitle"]) . "," . "article_description=" . _dbEscape($article["article_description"]) . ", " . "article_lang=" . _dbEscape($article["article_lang"]) . ", " . "article_lang_type=" . _dbEscape($article["article_lang_type"]) . ", " . "article_lang_id=" . _dbEscape($article["article_lang_id"]) . ", " . "article_opengraph=" . $article["article_opengraph"] . ', ' . "article_canonical=" . _dbEscape($article["article_canonical"]);
if ($_SESSION["wcs_user_admin"]) {
$sql .= ", article_uid=" . $article["article_uid"];
}
$sql .= " WHERE article_id=" . $article["article_id"];
$result = _dbQuery($sql, 'UPDATE');
}
if ($result) {
update_cache();
// set cache timeout = 0
_dbSaveCategories($article["article_keyword"], 'article', $article["article_id"], ',');
$update = isset($_POST['updatesubmit']) ? '&aktion=1' : '';
headerRedirect(PHPWCMS_URL . 'phpwcms.php?do=articles&p=2&s=1' . $update . '&id=' . $article["article_id"]);
}
} else {
set_status_message($BL['be_admin_usr_err'] . ': ' . implode(', ', $article_err), 'warning');
}
}
// check if it is recommend to overwrite template defaults
if (!isset($article["acat_overwrite"])) {
if ($article['article_catid']) {
$article["acat_overwrite"] = _dbGet('phpwcms_articlecat', 'acat_overwrite', 'acat_trash != 9 AND acat_id = ' . $article['article_catid'], '', '', 1);
$article["acat_overwrite"] = empty($article["acat_overwrite"][0]['acat_overwrite']) ? '' : $article["acat_overwrite"][0]['acat_overwrite'];
} elseif ($article['article_catid'] === 0 && !empty($indexpage['acat_overwrite'])) {
$article["acat_overwrite"] = $indexpage['acat_overwrite'];
} else {
$sql .= $plugin['data']['calendar_allday'] . ", ";
$sql .= $plugin['data']['calendar_range'] . ", ";
$sql .= "'" . aporeplace($plugin['data']['calendar_range_start']) . "', ";
$sql .= "'" . aporeplace($plugin['data']['calendar_range_end']) . "', ";
$sql .= "'" . aporeplace($plugin['data']['calendar_title']) . "', ";
$sql .= "'" . aporeplace($plugin['data']['calendar_where']) . "', ";
$sql .= "'" . aporeplace($plugin['data']['calendar_teaser']) . "', ";
$sql .= "'" . aporeplace($plugin['data']['calendar_text']) . "', ";
$sql .= "'" . aporeplace($plugin['data']['calendar_tag']) . "', ";
$sql .= "'" . aporeplace(serialize($plugin['data']['calendar_object'])) . "', ";
$sql .= "'" . aporeplace($plugin['data']['calendar_refid']) . "', ";
$sql .= "'" . aporeplace($plugin['data']['calendar_lang']) . "'";
$sql .= ')';
if ($sql = @_dbQuery($sql, 'INSERT')) {
$plugin['data']['calendar_id'] = $sql['INSERT_ID'];
_dbSaveCategories($plugin['data']['calendar_tag'], 'calendar', $plugin['data']['calendar_id'], ',');
if (isset($_POST['save'])) {
headerRedirect(decode_entities(MODULE_HREF));
} else {
headerRedirect(decode_entities(MODULE_HREF) . '&edit=' . $plugin['data']['calendar_id']);
}
} else {
$plugin['error']['update'] = mysql_error();
}
}
}
}
// try to read entry from database
if ($plugin['id'] && !isset($plugin['error'])) {
$sql = 'SELECT *, ';
$sql .= "DATE_FORMAT(calendar_start, '%d" . $BLM['date_delimiter'] . "%m" . $BLM['date_delimiter'] . "%Y') AS calendar_start_date, ";
function edit()
{
$this->newsId = intval($_GET['cntid']);
$this->data = array();
if (isset($_GET['status'])) {
$status = intval($_GET['status']);
switch ($status) {
case 0:
case 1:
case 9:
_dbUpdate('phpwcms_content', array('cnt_status' => $status), 'cnt_id=' . $this->newsId);
set_status_message($status == 9 ? $this->BL['be_action_deleted'] : $this->BL['be_action_status'], 'success', array('ID' => $this->newsId));
break;
default:
set_status_message($this->BL['be_action_notvalid'], 'warning');
}
headerRedirect($this->base_url_decoded);
}
$start_date = 0;
$end_date = 0;
$this->data = array('cnt_id' => 0, 'cnt_pid' => 0, 'cnt_status' => intval($this->phpwcms['set_news_active']), 'cnt_livedate' => '0000-00-00 00:00:00', 'cnt_killdate' => '0000-00-00 00:00:00', 'cnt_archive_status' => 1, 'cnt_alias' => '', 'cnt_name' => '', 'cnt_title' => '', 'cnt_subtitle' => '', 'cnt_editor' => '', 'cnt_place' => '', 'cnt_teasertext' => '', 'cnt_text' => '', 'cnt_duplicate' => 0, 'cnt_lang' => '', 'cnt_prio' => 0, 'cnt_readmore' => 1, 'cnt_image' => array('id' => 0, 'name' => '', 'zoom' => 0, 'lightbox' => 0, 'caption' => '', 'link' => ''), 'cnt_files' => array('id' => array(), 'caption' => '', 'gallery' => 0, 'gallery_download' => 0), 'cnt_link' => '', 'cnt_linktext' => '', 'cnt_category' => '', 'cnt_livedate' => '', 'cnt_killdate' => '', 'cnt_sort' => 0, 'cnt_opengraph' => empty($this->phpwcms['set_sociallink']['news']) ? 0 : 1, 'cnt_textformat' => 'plain', 'cnt_searchoff' => 0);
// check form post
if (isset($_POST['cnt_name'])) {
$post = $this->getPostData();
$post_error = false;
if (!empty($_POST['cnt_duplicate'])) {
$this->newsId = 0;
$duplicate = 1;
$post['cnt_created'] = now();
} else {
$duplicate = 0;
}
// 1st check if we have a name because it's mandatory
if ($post['cnt_name'] == '') {
$post_error = true;
set_status_message($this->BL['be_news_name_mandatory'], 'warning');
$post['cnt_duplicate'] = $duplicate;
}
// do db work
if ($post_error === false) {
$values = $post;
$values['cnt_object'] = serialize($values['cnt_object']);
$success = false;
// store new dataset
if ($this->newsId == 0) {
$result = _dbInsert('phpwcms_content', $values);
if (isset($result['INSERT_ID'])) {
$this->newsId = $result['INSERT_ID'];
$success = true;
set_status_message($this->BL['be_successfully_saved'] . LF . $post['cnt_name'], 'success');
}
// update existing dataset
} else {
$result = _dbUpdate('phpwcms_content', $values, 'cnt_id=' . $this->newsId);
if ($result != false) {
$success = true;
set_status_message($this->BL['be_successfully_updated'] . LF . $post['cnt_name'], 'success');
}
}
// if success
if ($success) {
// save categories
if ($this->newsId) {
_dbSaveCategories($post['cnt_object']['cnt_category'], 'news', $this->newsId, ',');
}
// redirect to form again
if ($this->newsId && isset($_POST['submit'])) {
headerRedirect($this->base_url_decoded . '&cntid=' . $this->newsId . '&action=edit');
// back to listing
} else {
headerRedirect($this->base_url_decoded);
}
// error while storing data
} else {
set_status_message($BL['be_error_while_save'] . trim(html(' ' . mysql_errno() . ': ' . mysql_error())), 'warning');
}
}
$this->data = array_merge($this->data, $post);
} elseif ($this->newsId > 0) {
$result = _dbGet('phpwcms_content', '*', 'cnt_status!=9 AND cnt_id=' . $this->newsId, '', '', '1');
if (isset($result[0])) {
$result[0]['cnt_object'] = @unserialize($result[0]['cnt_object']);
if (is_array($result[0]['cnt_object']['cnt_image'])) {
$result[0]['cnt_image'] = array_merge($this->data['cnt_image'], $result[0]['cnt_object']['cnt_image']);
}
if (is_array($result[0]['cnt_object']['cnt_files'])) {
$result[0]['cnt_files'] = array_merge($this->data['cnt_files'], $result[0]['cnt_object']['cnt_files']);
}
if (isset($result[0]['cnt_object']['cnt_link'])) {
$result[0]['cnt_link'] = $result[0]['cnt_object']['cnt_link'];
}
if (isset($result[0]['cnt_object']['cnt_linktext'])) {
$result[0]['cnt_linktext'] = $result[0]['cnt_object']['cnt_linktext'];
}
if (isset($result[0]['cnt_object']['cnt_category'])) {
$result[0]['cnt_category'] = $result[0]['cnt_object']['cnt_category'];
}
if (isset($result[0]['cnt_object']['cnt_readmore'])) {
$result[0]['cnt_readmore'] = $result[0]['cnt_object']['cnt_readmore'];
}
if (isset($result[0]['cnt_object']['cnt_textformat'])) {
$result[0]['cnt_textformat'] = $result[0]['cnt_object']['cnt_textformat'];
}
if (isset($result[0]['cnt_object']['cnt_searchoff'])) {
$result[0]['cnt_searchoff'] = $result[0]['cnt_object']['cnt_searchoff'];
}
$this->data = array_merge($this->data, $result[0]);
} else {
set_status_message($this->BL['be_data_select_failed'], 'warning');
headerRedirect($this->base_url_decoded);
}
}
$start_date = strtotime($this->data['cnt_livedate']);
$end_date = strtotime($this->data['cnt_killdate']);
$sort_date = intval($this->data['cnt_sort']);
if ($start_date <= 0) {
$this->data['cnt_livedate'] = '0000-00-00 00:00:00';
$this->data['cnt_date_start'] = '';
$this->data['cnt_time_start'] = '';
} else {
$this->data['cnt_date_start'] = date($this->BL['default_date'], $start_date);
$this->data['cnt_time_start'] = date($this->BL['default_time'], $start_date);
}
if ($end_date <= 0) {
$this->data['cnt_killdate'] = '0000-00-00 00:00:00';
$this->data['cnt_date_end'] = '';
$this->data['cnt_time_end'] = '';
} else {
$this->data['cnt_date_end'] = date($this->BL['default_date'], $end_date);
$this->data['cnt_time_end'] = date($this->BL['default_time'], $end_date);
}
// sort date
if ($sort_date <= 0) {
$this->data['cnt_sort'] = 0;
$this->data['cnt_sort_date'] = '';
$this->data['cnt_sort_time'] = '';
} else {
$this->data['cnt_sort_date'] = date($this->BL['default_date'], $sort_date);
$this->data['cnt_sort_time'] = date($this->BL['default_time'], $sort_date);
}
}
