/** * Star/Unstar private messages * * @param array $message_id messages ids * * @return bool true if action sucsessfull * @global CotDB $db */ function cot_star_pm($message_id) { global $db, $usr, $db_pm, $cfg; if (!is_array($message_id)) { return false; } foreach ($message_id as $k => $v) { $msg[] = (int) cot_import($k, 'D', 'INT'); } if (count($msg) > 0) { $msg = '(' . implode(',', $msg) . ')'; $sql = $db->query("SELECT * FROM {$db_pm} WHERE pm_id IN {$msg}"); while ($row = $sql->fetch()) { $id = $row['pm_id']; if ($row['pm_fromuserid'] == $usr['id'] && $row['pm_touserid'] == $usr['id']) { $fromstate = $row['pm_fromstate'] == 2 ? 1 : 2; $sql2 = $db->update($db_pm, array('pm_tostate' => (int) $fromstate, 'pm_fromstate' => (int) $fromstate), "pm_id = {$id}"); } elseif ($row['pm_touserid'] == $usr['id']) { $tostate = $row['pm_tostate'] == 2 ? 1 : 2; $sql2 = $db->update($db_pm, array('pm_tostate' => (int) $tostate), "pm_id = {$id}"); } elseif ($row['pm_fromuserid'] == $usr['id']) { $fromstate = $row['pm_fromstate'] == 2 ? 1 : 2; $sql2 = $db->update($db_pm, array('pm_fromstate' => (int) $fromstate), "pm_id = {$id}"); } } $sql->closeCursor(); } return true; }
public function indexAction() { global $structure; if (!cot_module_active('rss')) { cot_die_message(404, TRUE); } $c = cot_import('c', 'G', 'TXT'); if (!empty($c)) { if (!isset($structure['advboard'][$c])) { cot_die_message(404, TRUE); } list(cot::$usr['auth_read'], cot::$usr['auth_write'], cot::$usr['isadmin']) = cot_auth('advboard', $c); cot_block(cot::$usr['auth_read']); } $rss_title = cot::$L['advboard_rss_feed'] . cot::$cfg['maintitle']; $rss_link = cot::$cfg['mainurl']; $rss_description = cot::$cfg['subtitle']; $domain = cot::$sys['domain']; $condition = array(array('state', advboard_model_Advert::PUBLISHED), array('begin', cot::$sys['now'], '<='), array('SQL', "expire = 0 OR expire > " . cot::$sys['now'])); if (!empty($c)) { $rss_title = cot::$L['advboard_rss_feed'] . $structure['advboard'][$c]['title'] . ' - ' . cot::$cfg['maintitle']; $condition[] = array('category', $c); } $advertisement = advboard_model_Advert::find($condition, cot::$cfg['rss']['rss_maxitems'], 0, array(array('sort', 'desc'))); $t = new XTemplate(cot_tplfile('rss')); $now = cot::$sys['now']; $now += cot::$usr['timezone'] * 3600; $t->assign(array('RSS_ENCODING' => cot::$cfg['rss']['rss_charset'], 'RSS_TITLE' => htmlspecialchars($rss_title), 'RSS_LINK' => $rss_link, 'RSS_LANG' => cot::$cfg['defaultlang'], 'RSS_DESCRIPTION' => htmlspecialchars($rss_description), 'RSS_DATE' => $this->fixPubDate(date("r", $now)))); if (!empty($advertisement)) { foreach ($advertisement as $advert) { $url = $advert->url; if (!cot_url_check($url)) { $url = COT_ABSOLUTE_URL . $url; } $date = ''; if (!empty($advert->created)) { $date = strtotime($advert->created); $date += cot::$usr['timezone'] * 3600; $date = date('r', $date); $date = $this->fixPubDate($date); } $text = $advert->text; $textlength = intval(cot::$cfg['rss']['rss_pagemaxsymbols']); if ($textlength > 0 && mb_strlen($text) > $textlength) { $text = cot_string_truncate($text, $textlength, true, false, cot::$R['advboard_cuttext']); } $t->assign(array('RSS_ROW_TITLE' => htmlspecialchars($advert->title), 'RSS_ROW_DESCRIPTION' => $this->convertRelativeUrls($text), 'RSS_ROW_DATE' => $date, 'RSS_ROW_LINK' => $url)); $t->parse('MAIN.ITEM_ROW'); } } $t->parse('MAIN'); // ob_clean(); header('Content-type: text/xml; charset=UTF-8'); echo $t->text('MAIN'); exit; }
/** * Validates captcha input * * @param int $res User result * @return bool */ function mcaptcha_validate($res) { global $cfg; // Check anti-hammer if (time() - $_SESSION['mcaptcha_time'] > $cfg['plugin']['mcaptcha']['delay']) { // Check salt (form-to-session tie) if (cot_import('mcaptcha_salt', 'POST', 'ALP') == $_SESSION['mcaptcha_salt']) { // Check per-result counter if ($_SESSION['mcaptcha_count'] == 0) { // Check the result if ($res == $_SESSION['mcaptcha_res']) { return TRUE; } } } } $_SESSION['mcaptcha_count']++; return FALSE; }
/** * Импортировать файл */ function brs_importFile($inputname, $oldvalue = '') { global $lang, $cot_translit, $brs_allowed_ext, $brs_files_dir, $cfg; $import = !empty($_FILES[$inputname]) ? $_FILES[$inputname] : array(); $import['delete'] = cot_import('del_' . $inputname, 'P', 'BOL') ? 1 : 0; // Если пришел файл или надо удалить существующий if (is_array($import) && !$import['error'] && !empty($import['name'])) { $fname = mb_substr($import['name'], 0, mb_strrpos($import['name'], '.')); $ext = mb_strtolower(mb_substr($import['name'], mb_strrpos($import['name'], '.') + 1)); if (!file_exists($brs_files_dir)) { mkdir($brs_files_dir); } //check extension if (empty($brs_allowed_ext) || in_array($ext, $brs_allowed_ext)) { if ($lang != 'en') { require_once cot_langfile('translit', 'core'); $fname = is_array($cot_translit) ? strtr($fname, $cot_translit) : ''; } $fname = str_replace(' ', '_', $fname); $fname = preg_replace('#[^a-zA-Z0-9\\-_\\.\\ \\+]#', '', $fname); $fname = str_replace('..', '.', $fname); $fname = empty($fname) ? cot_unique() : $fname; $fname .= file_exists("{$brs_files_dir}/{$fname}.{$ext}") && $oldvalue != $fname . '.' . $ext ? date("YmjGis") : ''; $fname .= '.' . $ext; $file['old'] = !empty($oldvalue) && ($import['delete'] || $import['tmp_name']) ? $oldvalue : ''; $file['tmp'] = !$import['delete'] ? $import['tmp_name'] : ''; $file['new'] = !$import['delete'] ? $brs_files_dir . $fname : ''; if (!empty($file['old']) && file_exists($file['old'])) { unlink($file['old']); } if (!empty($file['tmp']) && !empty($file['tmp'])) { move_uploaded_file($file['tmp'], $file['new']); } return $file['new']; } else { cot_error(cot::$L['brs_err_inv_file_type'], $inputname); return ''; } } }
/* ======== System messages ======== */ /* ======== System messages ======== */ case '916': $rd = 2; $ru = cot_url('admin'); break; case '920': if (!empty($m)) { // Load module or plugin langfile if (file_exists(cot_langfile($m, 'module'))) { include cot_langfile($m, 'module'); } elseif (file_exists(cot_langfile($m, 'plug'))) { include cot_langfile($m, 'plug'); } } $lng = cot_import('lng', 'G', 'ALP'); if (!empty($lng)) { // Assign custom message if (isset($L[$lng])) { $body = $L[$lng]; } } $rc = '920'; break; case '930': if ($usr['id'] > 0) { break; } $rd = 2; if (!empty($redirect)) { $uri_redirect = base64_decode($redirect);
* [END_COT_EXT] */ /** * Robox billing Plugin * * @package roboxbilling * @version 1.0 * @author CMSWorks Team * @copyright Copyright (c) CMSWorks.ru * @license BSD */ defined('COT_CODE') && defined('COT_PLUG') or die('Wrong URL'); require_once cot_incfile('roboxbilling', 'plug'); require_once cot_incfile('payments', 'module'); $m = cot_import('m', 'G', 'ALP'); $pid = cot_import('pid', 'G', 'INT'); if (empty($m)) { // Получаем информацию о заказе if (!empty($pid) && ($pinfo = cot_payments_payinfo($pid))) { cot_block($pinfo['pay_status'] == 'new' || $pinfo['pay_status'] == 'process'); $url = $cfg['plugin']['roboxbilling']['testmode'] ? 'http://test.robokassa.ru/Index.aspx' : 'https://merchant.roboxchange.com/Index.aspx'; $mrh_login = $cfg['plugin']['roboxbilling']['mrh_login']; $mrh_pass1 = $cfg['plugin']['roboxbilling']['mrh_pass1']; $inv_id = $pid; $shp_item = !empty($pinfo['pay_code']) ? $pinfo['pay_area'] . '_' . $pinfo['pay_code'] : $pinfo['pay_area']; $inv_desc = $pinfo['pay_desc']; $in_curr = ''; $culture = "ru"; $out_summ = $pinfo['pay_summ'] * $cfg['plugin']['roboxbilling']['rate']; if ($cfg['plugin']['roboxbilling']['testmode']) { $test_string = "&IsTest=1";
<?php /** * mavatars for Cotonti CMF * * @version 1.00 * @author esclkm * @copyright (c) 2013 esclkm */ defined('COT_CODE') or die('Wrong URL'); $ext = cot_import('ext', 'G', 'TXT'); $cat = cot_import('cat', 'G', 'TXT'); $code = cot_import('code', 'G', 'TXT'); $id = cot_import('id', 'G', 'INT'); $width = cot_import('width', 'G', 'INT'); $height = cot_import('height', 'G', 'INT'); $resize = cot_import('resize', 'G', 'TXT'); $filter = cot_import('filter', 'G', 'TXT'); $quality = cot_import('quality', 'G', 'INT'); if (empty($quality)) { $quality = 85; } if (empty($resize)) { $resize = 'crop'; } $mavatar = new mavatar($ext, $cat, $code, $id); $mavatars_tags = $mavatar->tags(); $image = $mavatar->thumb($mavatars_tags[1], $width, $height, $resize, $filter, $quality); header('Content-Type: image/jpeg'); readfile($image); exit;
} $where = array(); $order = array(); $where['state'] = "item_state=0"; if (!empty($c)) { $catsub = cot_structure_children('market', $c); $where['cat'] = "item_cat IN ('" . implode("','", $catsub) . "')"; } if (!empty($sq)) { $words = explode(' ', preg_replace("'\\s+'", " ", $sq)); $sqlsearch = '%' . implode('%', $words) . '%'; $where['search'] = "(item_title LIKE '" . $db->prep($sqlsearch) . "' OR item_text LIKE '" . $db->prep($sqlsearch) . "')"; } // Extra fields foreach ($cot_extrafields[$db_market] as $exfld) { $fld_value = cot_import($exfld['field_name'], 'G', 'TXT'); $fld_value = $db->prep($fld_value); if (!empty($shfld[$exfld['field_name']])) { $where[$exfld['field_name']] = "item_" . $exfld['field_name'] . " LIKE '%" . $fld_value . "%'"; } } switch ($sort) { case 'costasc': $order['cost'] = 'item_cost ASC'; break; case 'costdesc': $order['cost'] = 'item_cost DESC'; break; default: $order['date'] = 'item_date DESC'; break;
Hooks=tools [END_COT_EXT] ==================== */ /** * Admin interface for Contact plugin * * @package Contact * @copyright (c) Cotonti Team * @license https://github.com/Cotonti/Cotonti/blob/master/License.txt */ defined('COT_CODE') or die('Wrong URL'); require_once cot_incfile('contact', 'plug'); $a = cot_import('a', 'G', 'TXT'); $id = (int) cot_import('id', 'G', 'INT'); list($pg, $d, $durl) = cot_import_pagenav('d', $cfg['maxrowsperpage']); $rtext = cot_import('rtext', 'P', 'TXT'); if ($a == 'del') { $sql_contact_delete = $db->query("SELECT * FROM {$db_contact} WHERE contact_id={$id} LIMIT 1"); if ($row_contact_delete = $sql_contact_delete->fetch()) { $db->delete($db_contact, "contact_id = {$id}"); foreach ($cot_extrafields[$db_contact] as $exfld) { cot_extrafield_unlinkfiles($row_contact_delete['contact_' . $exfld['field_name']], $exfld); } cot_message('Deleted'); } } elseif ($a == 'val') { $db->update($db_contact, array('contact_val' => 1), "contact_id = {$id}"); cot_message('Updated'); } elseif ($a == 'unval') { $db->update($db_contact, array('contact_val' => 0), "contact_id = {$id}"); cot_message('Updated');
/** * folio module * * @package folio * @version 2.5.2 * @author CMSWorks Team * @copyright Copyright (c) CMSWorks.ru, littledev.ru * @license BSD */ defined('COT_CODE') or die('Wrong URL'); list($usr['auth_read'], $usr['auth_write'], $usr['isadmin']) = cot_auth('folio', 'any', 'RWA'); cot_block($usr['auth_read']); $id = cot_import('id', 'G', 'INT'); $al = $db->prep(cot_import('al', 'G', 'TXT')); $c = cot_import('c', 'G', 'TXT'); /* === Hook === */ foreach (cot_getextplugins('folio.first') as $pl) { include $pl; } /* ===== */ if ($id > 0 || !empty($al)) { $where = !empty($al) ? "item_alias='" . $al . "'" : 'item_id=' . $id; $sql = $db->query("SELECT f.*, u.* FROM {$db_folio} AS f \n\t\tLEFT JOIN {$db_users} AS u ON u.user_id=f.item_userid WHERE {$where} LIMIT 1"); } if (!$id && empty($al) || !$sql || $sql->rowCount() == 0) { cot_die_message(404, TRUE); } $item = $sql->fetch(); list($usr['auth_read'], $usr['auth_write'], $usr['isadmin']) = cot_auth('folio', $item['item_cat'], 'RWA'); cot_block($usr['auth_read']);
* 3 - deleted message */ /* === Hook === */ foreach (cot_getextplugins('pm.list.first') as $pl) { include $pl; } /* ===== */ if (!empty($a)) { $id = cot_import('id', 'G', 'INT'); // Message id if ((int) $id > 0) { $msg[$id] = $id; } } else { $msg = cot_import('msg', 'P', 'ARR'); $a = cot_import('action', 'P', 'TXT'); } if (count($msg) > 0) { if ($a == 'delete') { cot_check_xg(); cot_remove_pm($msg); } elseif (!empty($a)) { cot_star_pm($msg); if (COT_AJAX && (int) $id > 0) { die; } } } list($totalsentbox, $totalinbox) = cot_message_count($usr['id']); $title[] = array(cot_url('pm'), $L['Private_Messages']); if ($f == 'sentbox') {
* [END_COT_EXT] */ /** * market module * * @package market * @version 2.5.2 * @author CMSWorks Team * @copyright Copyright (c) CMSWorks.ru, littledev.ru * @license BSD */ defined('COT_CODE') or die('Wrong URL'); require_once cot_incfile('market', 'module'); list($usr['auth_read'], $usr['auth_write'], $usr['isadmin']) = cot_auth('market', 'any', 'RWA'); $tab = cot_import('tab', 'G', 'ALP'); $category = $tab == 'market' ? cot_import('cat', 'G', 'TXT') : ''; list($pg, $d, $durl) = cot_import_pagenav('dmarket', $cfg['market']['cat___default']['maxrowsperpage']); //маркет вкладка $t1 = new XTemplate(cot_tplfile(array('market', 'userdetails'), 'module')); $t1->assign(array("ADDPRD_URL" => cot_url('market', 'm=add'), "PRD_ADDPRD_URL" => cot_url('market', 'm=add'), "ADDPRD_SHOWBUTTON" => $usr['auth_write'] ? true : false, "RPD_ADDPRD_SHOWBUTTON" => $usr['auth_write'] ? true : false)); $where = array(); $order = array(); if ($usr['id'] == 0 || $usr['id'] != $urr['user_id'] && !$usr['isadmin']) { $where['state'] = "item_state=0"; } if ($category) { $where['cat'] = 'item_cat=' . $db->quote($category); } $where['owner'] = "item_userid=" . $urr['user_id']; $order['date'] = "item_date DESC"; $wherecount = $where;
<?php /** * pagecattree Plugin for Cotonti CMF * * @version 2.0.0 * @author esclkm, http://www.littledev.ru * @copyright (c) 2008-2011 esclkm, http://www.littledev.ru */ defined('COT_CODE') or die('Wrong URL.'); $tree = $cot_structure->build_tree(); // max //str_pad if ($id > 0) { require_once cot_incfile('cateditor', 'plug', 'admin.edit'); $editor = form_structure_editor($id); } else { $parentid = cot_import('parentid', 'G', 'INT'); require_once cot_incfile('cateditor', 'plug', 'admin.new'); $editor = form_structure_new($parentid); } $t->assign(array('NEWCATEGORY_URL' => cot_url('admin', 'm=other&p=cateditor&n=' . $n . '&parentid=' . $id), 'RESYNC_URL' => cot_url('admin', 'm=other&p=cateditor&n=' . $n . '&a=resyncall&' . cot_xg()), 'TREE' => $tree, 'EDITOR' => $editor));
<?php /** * [BEGIN_COT_EXT] * Hooks=users.details.tags * [END_COT_EXT] */ /** * Reviews plugin * * @package reviews * @version 2.0.0 * @author CMSWorks Team * @copyright Copyright (c) CMSWorks.ru, littledev.ru * @license BSD */ defined('COT_CODE') or die('Wrong URL.'); $tab = cot_import('tab', 'G', 'ALP'); $t->assign('REVIEWS', cot_reviews_list($urr['user_id'], 'users', '', 'users', "m=details&id=" . $urr['user_id'] . "&u=" . $urr['user_name'] . "&tab=reviews", '', $cfg['plugin']['reviews']['userall'])); if (!$cfg['plugin']['reviews']['userall']) { $sqlarea = " AND item_area='users'"; } $user_reviews_count = $db->query("SELECT COUNT(*) FROM {$db_reviews} WHERE item_touserid=" . (int) $urr['user_id'] . " {$sqlarea}")->fetchColumn(); $t->assign(array('USERS_DETAILS_REVIEWS_COUNT' => $user_reviews_count, "USERS_DETAILS_REVIEWS_URL" => cot_url('users', 'm=details&id=' . $urr['user_id'] . '&u=' . $urr['user_name'] . '&tab=reviews')));
session_start(); // Getting the server-relative path $url = parse_url($cfg['mainurl']); $sys['secure'] = $url['scheme'] == 'https' ? true : false; $sys['scheme'] = $url['scheme']; $sys['site_uri'] = $url['path']; $sys['host'] = $url['host']; $sys['domain'] = preg_replace('#^www\\.#', '', $url['host']); if ($sys['site_uri'][mb_strlen($sys['site_uri']) - 1] != '/') { $sys['site_uri'] .= '/'; } $sys['port'] = empty($url['port']) ? '' : ':' . $url['port']; $sys['abs_url'] = $url['scheme'] . '://' . $sys['host'] . $sys['port'] . $sys['site_uri']; // Installer language selection support if (empty($_SESSION['cot_inst_lang'])) { $lang = cot_import('lang', 'P', 'ALP'); if (empty($lang)) { $lang = cot_lang_determine(); } } else { $lang = $_SESSION['cot_inst_lang']; } require_once cot_langfile('main', 'core'); require_once $cfg['system_dir'] . '/resources.rc.php'; } else { $branch = 'siena'; $prev_branch = 'genoa'; require_once $cfg['system_dir'] . '/database.php'; $dbc_port = empty($cfg['mysqlport']) ? '' : ';port=' . $cfg['mysqlport']; $db = new CotDB('mysql:host=' . $cfg['mysqlhost'] . $dbc_port . ';dbname=' . $cfg['mysqldb'], $cfg['mysqluser'], $cfg['mysqlpassword']); cot::init();
/** * Saves updated values of config list in DB * * @param string $name Extension or Section name config belongs to * @param array $optionslist Option list as return by cot_config_list() * @param mixed $is_module Flag indicating if it is module or plugin config * @param string $update_new_only Update changes values only * @param string $source Source of imported data * @return boolean|number Number of updated values */ function cot_config_update_options($name, &$optionslist, $is_module = false, $update_new_only = true, $source = 'POST') { global $cot_import_filters; if (!is_array($optionslist)) { return false; } $new_options = array(); //$cfg_var = $val; foreach ($optionslist as $cfg_name => $cfg_var) { // Visual separator/fieldset have no value if ($cfg_var['config_type'] == COT_CONFIG_TYPE_SEPARATOR) { continue; } $filtered = FALSE; $builtin_filter = FALSE; $data = $raw_input = cot_import($cfg_name, $source, 'NOC'); $custom_type = $cfg_var['config_type'] == COT_CONFIG_TYPE_CUSTOM && $cfg_var['config_variants'] && preg_match('#^(\\w+)\\((.*?)\\)$#', $cfg_var['config_variants'], $mt); if ($custom_type) { $custom_func = $mt[1]; $custom_filter_func = $custom_func . '_filter'; // use addition custom function for filtration if exists if (function_exists($custom_filter_func)) { $callback_params = preg_split('#\\s*,\\s*#', $mt[2]); if (count($callback_params) > 0 && !empty($callback_params[0])) { for ($i = 0; $i < count($callback_params); $i++) { $callback_params[$i] = str_replace(array("'", '"'), array('', ''), $callback_params[$i]); } } /** * Filters Value with custom function * @param string $data User input value * @param array $cfg_var Config Variable data * ... other callback params defined for function * @return NULL|mixed Filtered Value or NULL in case Value can not be filtered. * @see cot_config_type_int_filter() as example */ $filtered = call_user_func_array($custom_filter_func, array_merge(array(&$raw_input, $cfg_var), $callback_params)); } else { // last part of custom function name may treats as built-in filter type list($base_filter) = array_reverse(explode('_', strtoupper($custom_func))); if (in_array(strtoupper($base_filter), array('INT', 'BOL', 'PSW', 'ALP', 'TXT', 'NUM')) || sizeof($cot_import_filters[$base_filter])) { $filtered = cot_config_import($cfg_name, $source, $base_filter); $builtin_filter = true; } } } if (is_null($filtered)) { $optionslist[$cfg_name]['config_value'] = $builtin_filter ? '' : $raw_input; } else { if (false !== $filtered) { $data = $filtered; } if (is_array($data)) { $data = serialize($data); } if ($data != $cfg_var['config_value'] || !$update_new_only) { $new_options[$cfg_name] = $data; } $optionslist[$cfg_name]['config_value'] = $data; } } return sizeof($new_options) ? cot_config_set($name, $new_options, $is_module) : 0; }
<?php /** * projects module * * @package projects * @version 2.5.2 * @author CMSWorks Team * @copyright Copyright (c) CMSWorks.ru, littledev.ru * @license BSD */ defined('COT_CODE') or die('Wrong URL'); $id = cot_import('id', 'G', 'INT'); $r = cot_import('r', 'G', 'ALP'); list($usr['auth_read'], $usr['auth_write'], $usr['isadmin']) = cot_auth('projects', 'any', 'RWA'); cot_block($usr['auth_write']); $item = $db->query("SELECT p.*, u.* FROM {$db_projects} AS p LEFT JOIN {$db_users} AS u ON u.user_id=p.item_userid WHERE item_id=" . (int) $id)->fetch(); if ($item['item_id'] != (int) $id) { cot_die_message(404, TRUE); } list($usr['auth_read'], $usr['auth_write'], $usr['isadmin']) = cot_auth('projects', $item['item_cat']); cot_block($usr['isadmin'] || $usr['auth_write'] && $usr['id'] == $item['item_userid']); /* === Hook === */ foreach (cot_getextplugins('projects.preview.first') as $pl) { include $pl; } /* ===== */ if ($a == 'save') { cot_check_xg(); /* === Hook === */ foreach (cot_getextplugins('projects.preview.save.first') as $pl) {
<?php /* ==================== [BEGIN_COT_EXT] Hooks=ajax [END_COT_EXT] ==================== */ /** * Simple AJAX previewer for MarkItUp! * * @package MarItUp * @copyright (c) Cotonti Team * @license https://github.com/Cotonti/Cotonti/blob/master/License.txt */ defined('COT_CODE') or die('Wrong URL'); // Preview contents $text = cot_import('text', 'P', 'HTM'); $style = '<link rel="stylesheet" type="text/css" href="' . $cfg['themes_dir'] . '/' . $theme . '/' . $theme . '.css" />' . "\n"; cot_sendheaders(); echo $style . '<body class="preview">' . cot_parse($text) . '</body>';
<?php /** * [BEGIN_COT_EXT] * Hooks=tools * [END_COT_EXT] */ defined('COT_CODE') or die('Wrong URL.'); require_once cot_langfile('paytop', 'plug'); $pt_cfg = cot_cfg_paytop(); $t = new XTemplate(cot_tplfile('paytop.admin', 'plug', true)); $id = cot_import('id', 'G', 'INT'); if ($a == 'add') { $username = cot_import('username', 'P', 'TXT', 100, TRUE); $area = cot_import('area', 'P', 'ALP'); $times = cot_import('times', 'P', 'INT'); $urr_id = $db->query("SELECT user_id FROM {$db_users} WHERE user_name='" . $username . "'")->fetchColumn(); cot_check(empty($username), 'paytop_error_username'); cot_check(empty($urr_id), 'paytop_error_userempty'); cot_check(empty($times), 'paytop_error_timesempty'); cot_check(empty($area), 'paytop_error_areaempty'); if (!cot_error_found()) { cot_payments_userservice('paytop.' . $area, $urr_id, $times * $pt_cfg[$area]['period']); /* === Hook === */ foreach (cot_getextplugins('paytop.done') as $pl) { include $pl; } /* ===== */ /* === Hook === */ foreach (cot_getextplugins('paytop.' . $area . '.done') as $pl) { include $pl;
* [BEGIN_COT_EXT] * Hooks=ajax * [END_COT_EXT] */ /** * Location Selector for Cotonti * * @package locationselector * @version 2.0.0 * @author CMSWorks Team * @copyright Copyright (c) CMSWorks.ru, littledev.ru * @license BSD */ defined('COT_CODE') or die('Wrong URL.'); $country = cot_import('country', 'R', 'TXT'); $region = cot_import('region', 'R', 'INT'); cot_sendheaders(); if (isset($_REQUEST['country'])) { $regions = array(); if ($country != '0') { $regions = cot_getregions($country); } $region_selectbox = array('regions' => array(0 => $L['select_region']) + $regions, 'disabled' => empty($country) || count($regions) == 0 ? 1 : 0); echo json_encode($region_selectbox); exit; } else { $cities = !empty($region) ? cot_getcities($region) : array(); $city_selectbox = array('cities' => array(0 => $L['select_city']) + $cities, 'disabled' => !$region || count($cities) == 0 ? 1 : 0); echo json_encode($city_selectbox); exit; }
<?php /** * [BEGIN_COT_EXT] * Hooks=users.register.add.validate * [END_COT_EXT] */ /** * plugin User Group Selector for Cotonti Siena * * @package usergroupselector * @version 1.0.0 * @author CMSWorks Team * @copyright Copyright (c) CMSWorks.ru, littledev.ru * @license BSD * */ defined('COT_CODE') or die('Wrong URL.'); require_once cot_langfile('usergroupselector', 'plug'); $usergroup = cot_import('usergroup', 'G', 'ALP'); if (cot_error_found() && !empty($usergroup)) { cot_redirect(cot_url('users', 'm=register&usergroup=' . $usergroup, '', true)); }
list($pg, $d, $durl) = cot_import_pagenav('d', $maxperpage); $dt = (int) cot_import('dt', 'G', 'INT'); // Tags displayed per page in standalone cloud $perpage = $cfg['plugin']['tags']['perpage']; // Array to register areas with tag functions provided $tag_areas = array(); if (cot_module_active('page')) { require_once cot_incfile('page', 'module'); $tag_areas[] = 'pages'; } if (cot_module_active('forums')) { require_once cot_incfile('forums', 'module'); $tag_areas[] = 'forums'; } // Sorting order $o = cot_import('order', 'P', 'ALP'); if (empty($o)) { $o = mb_strtolower($cfg['plugin']['tags']['sort']); } $tag_order = ''; $tag_orders = array('Title', 'Date', 'Category'); foreach ($tag_orders as $order) { $ord = mb_strtolower($order); $selected = $ord == $o ? 'selected="selected"' : ''; $tag_order .= cot_rc('input_option', array('value' => $ord, 'selected' => $selected, 'title' => $L[$order])); } /* == Hook for the plugins == */ foreach (cot_getextplugins('tags.first') as $pl) { include $pl; } /* ===== */
$rstructure['structure_icon'] = cot_import('rstructureicon', 'P', 'TXT'); $rstructure['structure_locked'] = cot_import('rstructurelocked', 'P', 'BOL') ? 1 : 0; $rstructure['structure_area'] = $n; $rtplmode = cot_import('rtplmode', 'P', 'INT'); $rtplquick = cot_import('rtplquick', 'P', 'TXT'); foreach ($cot_extrafields[$db_structure] as $exfld) { $rstructure['structure_' . $exfld['field_name']] = cot_import_extrafields('rstructure' . $exfld['field_name'], $exfld); } $rstructure['structure_code'] != 'all' || cot_error('adm_structure_code_reserved', 'rstructurecode'); $rstructure['structure_code'] || cot_error('adm_structure_code_required', 'rstructurecode'); $rstructure['structure_path'] || cot_error('adm_structure_path_required', 'rstructurepath'); $rstructure['structure_title'] || cot_error('adm_structure_title_required', 'rstructuretitle'); if (!empty($rtplquick)) { $rstructure['structure_tpl'] = $rtplquick; } elseif ($rtplmode == 3) { $rstructure['structure_tpl'] = cot_import('rtplforced', 'P', 'TXT'); } elseif ($rtplmode == 2) { $rstructure['structure_tpl'] = 'same_as_parent'; } else { $rstructure['structure_tpl'] = ''; } /* === Hook === */ foreach (cot_getextplugins('admin.structure.add.first') as $pl) { include $pl; } /* ===== */ if (!cot_error_found()) { $res = cot_structure_add($n, $rstructure, $is_module); if ($res === true) { cot_extrafield_movefiles(); /* === Hook === */
/* === Hook === */ foreach (cot_getextplugins('projects.offers.refuse') as $pl) { include $pl; } /* ===== */ } cot_redirect(cot_url('projects', 'm=show&id=' . $id, '', true)); exit; } if ($a == 'addpost') { cot_shield_protect(); $offer_post['post_pid'] = (int) $id; $offer_post['post_oid'] = (int) cot_import('oid', 'G', 'INT'); $offer_post['post_userid'] = (int) $usr['id']; $offer_post['post_date'] = (int) $sys['now']; $offer_post['post_text'] = cot_import('posttext', 'P', 'TXT'); $offer = $db->query("SELECT * FROM {$db_projects_offers} AS o \n\t\tLEFT JOIN {$db_users} AS u ON u.user_id=o.offer_userid\n\t\tWHERE offer_id=" . $offer_post['post_oid'] . " LIMIT 1")->fetch(); /* === Hook === */ foreach (cot_getextplugins('projects.offers.addpost.error') as $pl) { include $pl; } /* ===== */ if (!empty($offer_post['post_text']) && (in_array($usr['id'], array($offer['offer_userid'], $item['item_userid'])) || $usr['isadmin']) && !cot_error_found()) { $db->insert($db_projects_posts, $offer_post); if ($usr['id'] == $offer['offer_userid']) { $urlparams = empty($item['item_alias']) ? array('c' => $item['item_cat'], 'id' => $item['item_id']) : array('c' => $item['item_cat'], 'al' => $item['item_alias']); $rsubject = cot_rc($L['project_added_post_header'], array('prtitle' => $item['item_title'])); $rbody = cot_rc($L['project_added_post_body'], array('user_name' => $item['user_name'], 'postuser_name' => $usr['profile']['user_name'], 'prj_name' => $item['item_title'], 'sitename' => $cfg['maintitle'], 'link' => COT_ABSOLUTE_URL . cot_url('projects', $urlparams, '', true))); cot_mail($item['user_email'], $rsubject, $rbody); } else { $urlparams = empty($item['item_alias']) ? array('c' => $item['item_cat'], 'id' => $item['item_id']) : array('c' => $item['item_cat'], 'al' => $item['item_alias']);
<?php /* ==================== [BEGIN_COT_EXT] Hooks=ajax [END_COT_EXT] ==================== */ /** * news admin usability modification * * @package news * @version 0.7.0 * @author Cotonti Team * @copyright Copyright (c) Cotonti Team 2008-2012 * @license BSD */ defined('COT_CODE') or die('Wrong URL'); $m = cot_import('m', 'G', 'TXT'); // Mode choice if (!in_array($m, array('thumb'))) { $m = 'upload'; } require_once cot_incfile('mavatars', 'plug', $m);
if ($a == 'add') { cot_shield_protect(); $ruser = array(); /* === Hook for the plugins === */ foreach (cot_getextplugins('users.register.add.first') as $pl) { include $pl; } /* ===== */ $ruser['user_name'] = cot_import('rusername', 'P', 'TXT', 100, TRUE); $ruser['user_email'] = cot_import('ruseremail', 'P', 'TXT', 64, TRUE); $rpassword1 = cot_import('rpassword1', 'P', 'HTM', 32); $rpassword2 = cot_import('rpassword2', 'P', 'HTM', 32); $ruser['user_country'] = cot_import('rcountry', 'P', 'TXT'); $ruser['user_timezone'] = cot_import('rusertimezone', 'P', 'TXT'); $ruser['user_timezone'] = !$ruser['user_timezone'] ? $cfg['defaulttimezone'] : $ruser['user_timezone']; $ruser['user_gender'] = cot_import('rusergender', 'P', 'TXT'); $ruser['user_email'] = mb_strtolower($ruser['user_email']); // Extra fields if (!empty(cot::$extrafields[cot::$db->users])) { foreach (cot::$extrafields[cot::$db->users] as $exfld) { $ruser['user_' . $exfld['field_name']] = cot_import_extrafields('ruser' . $exfld['field_name'], $exfld, 'P', '', 'user_'); } } $ruser['user_birthdate'] = cot_import_date('ruserbirthdate', false); if (!is_null($ruser['user_birthdate']) && $ruser['user_birthdate'] > cot::$sys['now']) { cot_error('pro_invalidbirthdate', 'ruserbirthdate'); } $user_exists = (bool) cot::$db->query("SELECT user_id FROM " . cot::$db->users . " WHERE user_name = ? LIMIT 1", array($ruser['user_name']))->fetch(); $email_exists = (bool) cot::$db->query("SELECT user_id FROM " . cot::$db->users . " WHERE user_email = ? LIMIT 1", array($ruser['user_email']))->fetch(); if (preg_match('/&#\\d+;/', $ruser['user_name']) || preg_match('/[<>#\'"\\/]/', $ruser['user_name'])) { cot_error('aut_invalidloginchars', 'rusername');
* @package TrashCan * @copyright (c) Cotonti Team * @license https://github.com/Cotonti/Cotonti/blob/master/License.txt */ defined('COT_CODE') && defined('COT_ADMIN') or die('Wrong URL.'); list($usr['auth_read'], $usr['auth_write'], $usr['isadmin']) = cot_auth('plug', 'trashcan'); cot_block($usr['isadmin']); require_once cot_incfile('users', 'module'); cot_module_active('page') && (require_once cot_incfile('page', 'module')); cot_module_active('forums') && (require_once cot_incfile('forums', 'module')); $cfg['comments'] && (require_once cot_incfile('comments', 'plug')); require_once cot_incfile('trashcan', 'plug'); require_once cot_langfile('trashcan', 'plug'); $adminhelp = $L['adm_help_trashcan']; $adminsubtitle = $L['Trashcan']; $id = cot_import('id', 'G', 'INT'); $maxperpage = $cfg['maxrowsperpage'] && is_numeric($cfg['maxrowsperpage']) && $cfg['maxrowsperpage'] > 0 ? $cfg['maxrowsperpage'] : 15; list($pg, $d, $durl) = cot_import_pagenav('d', $maxperpage); $info = $a == 'info' ? 1 : 0; /* === Hook === */ foreach (cot_getextplugins('trashcan.admin.first') as $pl) { include $pl; } /* ===== */ if ($a == 'wipe') { cot_check_xg(); /* === Hook === */ foreach (cot_getextplugins('trashcan.admin.wipe') as $pl) { include $pl; } /* ===== */
<?php /* ==================== [BEGIN_COT_EXT] Hooks=admin.users.add.first [END_COT_EXT] ==================== */ /** * Users admin edit tags * * @package PFS * @copyright (c) Cotonti Team * @license https://github.com/Cotonti/Cotonti/blob/master/License.txt */ defined('COT_CODE') or die('Wrong URL.'); $rgroups['grp_pfs_maxfile'] = (int) min(cot_import('rmaxfile', 'P', 'INT'), cot_get_uploadmax()); $rgroups['grp_pfs_maxtotal'] = (int) cot_import('rmaxtotal', 'P', 'INT');
cot_display_messages($t); /* === Hook === */ foreach (cot_getextplugins('i18n.page.translate.tags') as $pl) { include $pl; } /* =============*/ } elseif ($a == 'edit' && $pag_i18n && ($i18n_admin || $i18n_edit || $usr['id'] == $pag_i18n['ipage_translatorid'])) { if ($_SERVER['REQUEST_METHOD'] == 'POST') { // Update the translation $pag_i18n['ipage_date'] = $sys['now']; $pag_i18n['ipage_title'] = cot_import('title', 'P', 'TXT'); if (mb_strlen($pag_i18n['ipage_title']) < 2) { cot_error('page_titletooshort', 'rpagetitle'); } $pag_i18n['ipage_desc'] = cot_import('desc', 'P', 'TXT'); $pag_i18n['ipage_text'] = cot_import('translate_text', 'P', 'HTM'); if (cot_error_found()) { cot_redirect(cot_url('plug', "e=i18n&m=page&a=edit&id={$id}&l={$i18n_locale}", '', true)); exit; } $db->update($db_i18n_pages, $pag_i18n, "ipage_id = ? AND ipage_locale = ?", array($id, $i18n_locale)); /* === Hook === */ foreach (cot_getextplugins('i18n.page.edit.update') as $pl) { include $pl; } /* =============*/ cot_message('Updated'); $page_urlp = empty($pag['page_alias']) ? 'c=' . $pag['page_cat'] . "&id={$id}&l={$i18n_locale}" : 'c=' . $pag['page_cat'] . '&al=' . $pag['page_alias'] . '&l=' . $i18n_locale; cot_redirect(cot_url('page', $page_urlp, '', true, false, true)); } $out['subtitle'] = $L['i18n_editing'];
/** * Poll function * @global CotDB $db */ function cot_poll_vote() { global $db, $cfg, $db_polls, $db_polls_options, $db_polls_voters, $usr; $vote = cot_import('vote', 'P', 'ARR'); $id = (int) cot_import('poll_id', 'P', 'INT'); if (count($vote) > 0) { $alreadyvoted = 0; $sql = $db->query("SELECT * FROM {$db_polls} WHERE poll_id = {$id}"); if ($row = $sql->fetch()) { if ($cfg['polls']['ip_id_polls'] == 'id' && $usr['id'] > 0) { $where = "pv_userid = '" . $usr['id'] . "'"; } else { $where = $usr['id'] > 0 ? "(pv_userid = '" . $usr['id'] . "' OR pv_userip = '" . $usr['ip'] . "')" : "pv_userip = '" . $usr['ip'] . "'"; } $sql2 = $db->query("SELECT pv_id FROM {$db_polls_voters} WHERE pv_pollid = {$id} AND {$where} LIMIT 1"); $alreadyvoted = $sql2->rowCount() == 1 ? 1 : 0; if ($alreadyvoted != 1 && !($cfg['polls']['ip_id_polls'] == 'id' && $usr['id'] == 0)) { foreach ($vote as $val) { $sql2 = $db->query("UPDATE {$db_polls_options} SET po_count = po_count+1 WHERE po_pollid = {$id} AND po_id = '" . (int) $val . "'"); } if ($db->affectedRows > 0) { $db->insert($db_polls_voters, array('pv_pollid' => $id, 'pv_userid' => (int) $usr['id'], 'pv_userip' => $usr['ip'])); } } } } }