function sc_admin_msg($parm) { if (ADMIN) { global $ns; ob_start(); if (!FILE_UPLOADS) { echo message_handler('ADMIN_MESSAGE', LAN_HEADER_02, __LINE__, __FILE__); } /* if(OPEN_BASEDIR){ echo message_handler('ADMIN_MESSAGE', LAN_HEADER_03, __LINE__, __FILE__); } */ $message_text = ob_get_contents(); ob_end_clean(); return $message_text; } }
$sql->db_Delete("links", "link_url='upload.php' "); } if ($admin_log->logArrayDiffs($temp, $pref, 'UPLOAD_02')) { save_prefs(); // Only save if changes $message = UPLLAN_2; } else { $message = UPLLAN_4; } } if (isset($message)) { require_once e_HANDLER . 'message_handler.php'; message_handler("ADMIN_MESSAGE", $message); } if (!FILE_UPLOADS) { message_handler("ADMIN_MESSAGE", UPLLAN_41); } switch ($action) { case 'filetypes': if (!getperms('0')) { exit; } $definition_source = LAN_DEFAULT; $source_file = ''; $edit_upload_list = varset($_POST['upload_do_edit'], FALSE); if (isset($_POST['generate_filetypes_xml'])) { // Write back edited data to filetypes_.xml $file_text = "<e107Filetypes>\n"; foreach ($_POST['file_class_select'] as $k => $c) { if (!isset($_POST['file_line_delete_' . $c]) && vartrue($_POST['file_type_list'][$k])) { // echo "Key: {$k} Class: {$c} Delete: {$_POST['file_line_delete'][$k]} List: {$_POST['file_type_list'][$k]} Size: {$_POST['file_maxupload'][$k]}<br />";
/** * @return text string relating to error (empty string if no error) * @param unknown $from * @desc Calling method from within this class * @access private */ function dbError($from) { $this->mySQLlastErrNum = mysql_errno(); $this->mySQLlastErrText = ''; if ($this->mySQLlastErrNum == 0) { return ''; } $this->mySQLlastErrText = mysql_error(); // Get the error text. if ($this->mySQLerror == TRUE) { message_handler('ADMIN_MESSAGE', '<b>mySQL Error!</b> Function: ' . $from . '. [' . $this->mySQLlastErrNum . ' - ' . $this->mySQLlastErrText . ']', __LINE__, __FILE__); } return $this->mySQLlastErrText; }
private function resendEmail() { global $userMethods; $ns = e107::getRender(); $tp = e107::getParser(); $sql = e107::getDb(); // Action user's submitted information // 'resend_email' - user name or email address actually used to sign up // 'resend_newemail' - corrected email address // 'resend_password' - password (required if changing email address) $clean_email = $tp->toDB($_POST['resend_email']); if (!check_email($clean_email)) { $clean_email = "xxx"; } $new_email = $tp->toDB(varset($_POST['resend_newemail'], '')); if (!check_email($new_email)) { $new_email = FALSE; } // Account already activated if ($_POST['resend_email'] && !$new_email && $clean_email && $sql->gen("SELECT * FROM #user WHERE user_ban=0 AND user_sess='' AND (`user_loginname`= '" . $clean_email . "' OR `user_name` = '" . $clean_email . "' OR `user_email` = '" . $clean_email . "' ) ")) { $ns->tablerender(LAN_SIGNUP_40, LAN_SIGNUP_41 . "<br />"); return false; } // Start by looking up the user if (!$sql->select("user", "*", "(`user_loginname` = '" . $clean_email . "' OR `user_name` = '" . $clean_email . "' OR `user_email` = '" . $clean_email . "' ) AND `user_ban`=" . USER_REGISTERED_NOT_VALIDATED . " AND `user_sess` !='' LIMIT 1")) { message_handler("ALERT", LAN_SIGNUP_64 . ': ' . $clean_email); // email (or other info) not valid. return false; } $row = $sql->fetch(); // We should have a user record here if (trim($_POST['resend_password']) != "" && $new_email) { if ($userMethods->CheckPassword($_POST['resend_password'], $row['user_loginname'], $row['user_password']) === TRUE) { if ($sql->select('user', 'user_id, user_email', "user_email='" . $new_email . "'")) { // Email address already used by someone message_handler("ALERT", LAN_SIGNUP_106); // Duplicate email return false; } if ($sql->update("user", "user_email='" . $new_email . "' WHERE user_id = '" . $row['user_id'] . "' LIMIT 1 ")) { $row['user_email'] = $new_email; } } else { message_handler("ALERT", LAN_SIGNUP_52); // Incorrect Password. return false; } } // Now send the email - got some valid info $editPassword = e107::getPref('signup_option_password', 2); if (empty($editPassword)) { $row['user_password'] = $userMethods->resetPassword($row['user_id']); } else { $row['user_password'] = '******'; // Don't know the real one } $row['activation_url'] = SITEURL . "signup.php?activate." . $row['user_id'] . "." . $row['user_sess']; $eml = $this->render_email($row); $eml['e107_header'] = $row['user_id']; if ($this->testMode == true) { echo e107::getEmail()->preview($eml); e107::getMessage()->setTitle(LAN_SIGNUP_43, E_MESSAGE_SUCCESS)->addSuccess(LAN_SIGNUP_44 . " " . $row['user_email'] . " - " . LAN_SIGNUP_45); $ns->tablerender(null, e107::getMessage()->render()); e107::getMessage()->setTitle(LAN_ERROR, E_MESSAGE_ERROR)->addError(LAN_SIGNUP_42); $ns->tablerender(null, e107::getMessage()->render()); return true; } $result = e107::getEmail()->sendEmail($row['user_email'], $row['user_name'], $eml, false); if (!$result) { e107::getMessage()->setTitle(LAN_SIGNUP_43, E_MESSAGE_ERROR)->addError(LAN_SIGNUP_42); $ns->tablerender(null, e107::getMessage()->render()); $do_log['signup_result'] = LAN_SIGNUP_62; } else { e107::getMessage()->setTitle(LAN_ERROR, E_MESSAGE_SUCCESS)->addSuccess(LAN_SIGNUP_44 . " " . $row['user_email'] . " - " . LAN_SIGNUP_45); $ns->tablerender(null, e107::getMessage()->render()); $do_log['signup_result'] = LAN_SIGNUP_61; } // Now log this (log will ignore if its disabled) $do_log['signup_action'] = LAN_SIGNUP_63; e107::getLog()->user_audit(USER_AUDIT_PW_RES, $do_log, $row['user_id'], $row['user_name']); }
/** * Insert a new thread or a reply/quoted reply. */ function insertPost() { $postInfo = array(); $threadInfo = array(); $threadOptions = array(); $fp = new floodprotect(); if (isset($_POST['newthread']) && trim($_POST['subject']) == '' || trim($_POST['post']) == '') { message_handler('ALERT', 5); } else { if ($fp->flood('forum_thread', 'thread_datestamp') == false && !ADMIN) { echo "<script type='text/javascript'>document.location.href='" . e_BASE . "index.php'</script>\n"; exit; } $hasPoll = $this->action == 'nt' && varset($_POST['poll_title']) && $_POST['poll_option'][0] != '' && $_POST['poll_option'][1] != ''; if (USER) { $postInfo['post_user'] = USERID; $threadInfo['thread_lastuser'] = USERID; $threadInfo['thread_user'] = USERID; $threadInfo['thread_lastuser_anon'] = ''; } else { $postInfo['post_user_anon'] = $_POST['anonname']; $threadInfo['thread_lastuser_anon'] = $_POST['anonname']; $threadInfo['thread_user_anon'] = $_POST['anonname']; } $time = time(); $postInfo['post_entry'] = $_POST['post']; $postInfo['post_forum'] = $this->data['forum_id']; $postInfo['post_datestamp'] = $time; $postInfo['post_ip'] = e107::getIPHandler()->getIP(FALSE); $threadInfo['thread_lastpost'] = $time; if (isset($_POST['no_emote'])) { $postInfo['post_options'] = serialize(array('no_emote' => 1)); } //If we've successfully uploaded something, we'll have to edit the post_entry and post_attachments $newValues = array(); if ($uploadResult = $this->processAttachments()) { foreach ($uploadResult as $ur) { //$postInfo['post_entry'] .= $ur['txt']; // $_tmp = $ur['type'].'*'.$ur['file']; // if($ur['thumb']) { $_tmp .= '*'.$ur['thumb']; } // if($ur['fname']) { $_tmp .= '*'.$ur['fname']; } $type = $ur['type']; $newValues[$type][] = $ur['file']; // $attachments[] = $_tmp; } // $postInfo['_FIELD_TYPES']['post_attachments'] = 'array'; $postInfo['post_attachments'] = e107::serialize($newValues); //FIXME XXX - broken encoding when saved to DB. } // var_dump($uploadResult); switch ($this->action) { // Reply only. Add the post, update thread record with latest post info. // Update forum with latest post info case 'rp': $postInfo['post_thread'] = $this->id; $newPostId = $this->forumObj->postAdd($postInfo); break; // New thread started. Add the thread info (with lastest post info), add the post. // Update forum with latest post info // New thread started. Add the thread info (with lastest post info), add the post. // Update forum with latest post info case 'nt': $threadInfo['thread_sticky'] = MODERATOR ? (int) $_POST['threadtype'] : 0; $threadInfo['thread_name'] = $_POST['subject']; $threadInfo['thread_forum_id'] = $this->id; $threadInfo['thread_active'] = 1; $threadInfo['thread_datestamp'] = $time; if ($hasPoll) { $threadOptions['poll'] = '1'; } if (is_array($threadOptions) && count($threadOptions)) { $threadInfo['thread_options'] = serialize($threadOptions); } else { $threadInfo['thread_options'] = ''; } if ($postResult = $this->forumObj->threadAdd($threadInfo, $postInfo)) { $newPostId = $postResult['postid']; $newThreadId = $postResult['threadid']; $this->data['thread_id'] = $newThreadId; // $this->data['thread_sef'] = $postResult['threadsef']; $this->data['thread_sef'] = eHelper::title2sef($threadInfo['thread_name'], 'dashl'); if ($_POST['email_notify']) { $this->forumObj->track('add', USERID, $newThreadId); } } break; } e107::getMessage()->addDebug(print_a($postInfo, true)); // e107::getMessage()->addDebug(print_a($this,true)); if ($postResult === -1 || $newPostId === -1) { require_once HEADERF; $message = LAN_FORUM_3006 . "<br ><a class='btn btn-default' href='" . $_SERVER['HTTP_REFERER'] . "'>Return</a>"; $text = e107::getMessage()->addError($message)->render(); e107::getRender()->tablerender(LAN_PLUGIN_FORUM_NAME, $text); // change to forum-title pref. require_once FOOTERF; exit; } $threadId = $this->action == 'nt' ? $newThreadId : $this->id; //If a poll was submitted, let's add it to the poll db if ($this->action == 'nt' && varset($_POST['poll_title']) && $_POST['poll_option'][0] != '' && $_POST['poll_option'][1] != '') { require_once e_PLUGIN . 'poll/poll_class.php'; $_POST['iid'] = $threadId; $poll = new poll(); $poll->submit_poll(2); } e107::getCache()->clear('newforumposts'); // $postInfo = $this->forumObj->postGet($newPostId, 'post'); // $forumInfo = $this->forumObj->forumGet($postInfo['post_forum']); // $threadLink = e107::getUrl()->create('forum/thread/last', $postInfo); // $forumLink = e107::getUrl()->create('forum/forum/view', $forumInfo); $threadLink = e107::url('forum', 'topic', $this->data, 'full') . "&last=1"; $forumLink = e107::url('forum', 'forum', $this->data); if ($this->forumObj->prefs->get('redirect')) { $this->redirect($threadLink); // header('location:'.e107::getUrl()->create('forum/thread/last', $postInfo, array('encode' => false, 'full' => true))); exit; } else { require_once HEADERF; $template = $this->getTemplate('posted'); $SHORTCODES = array('THREADLINK' => $threadLink, 'FORUMLINK' => $forumLink); $txt = isset($_POST['newthread']) ? $template['thread'] : $template['reply']; $txt = e107::getParser()->parseTemplate($txt, true, $SHORTCODES); e107::getRender()->tablerender('Forums', e107::getMessage()->render() . $txt); require_once FOOTERF; exit; } } }
$send_to_name = $row['user_name']; } else { $send_to = SITEADMINEMAIL; $send_to_name = ADMIN; } require_once e_HANDLER . "mail.php"; $message = sendemail($send_to, "[" . SITENAME . "] " . $subject, $body, $send_to_name, $sender, $sender_name) ? LANCONTACT_09 : LANCONTACT_10; if (isset($pref['contact_emailcopy']) && $pref['contact_emailcopy'] && $_POST['email_copy'] == 1) { sendemail($sender, "[" . SITENAME . "] " . $subject, $body, ADMIN, $sender, $sender_name); } $ns->tablerender('', $message); require_once FOOTERF; exit; } else { require_once e_HANDLER . "message_handler.php"; message_handler("P_ALERT", $error); } } if (SITECONTACTINFO && $CONTACT_INFO) { $text = $tp->parseTemplate($CONTACT_INFO, TRUE, $contact_shortcodes); $ns->tablerender(LANCONTACT_01, $text, "contact"); } if (isset($pref['sitecontacts']) && $pref['sitecontacts'] != 255) { // require_once(e_CORE."shortcodes/batch/contact_shortcodes.php"); $contact_shortcodes = e107::getScBatch('contact'); $text = $tp->parseTemplate($CONTACT_FORM, TRUE, $contact_shortcodes); if (trim($text) != "") { $ns->tablerender(LANCONTACT_02, $text, "contact"); } } require_once FOOTERF;
function listPages($chapt = 0) { $sql = e107::getDb(); $tp = e107::getParser(); if (!e107::getPref('listPages', false)) { message_handler("MESSAGE", LAN_PAGE_1); } else { if (!$sql->db_Select("page", "*", "page_theme='' AND page_chapter=" . $chapt . " AND page_class IN (" . USERCLASS_LIST . ") ORDER BY page_order ASC ")) { $text = LAN_PAGE_2; } else { $pageArray = $sql->db_getList(); foreach ($pageArray as $page) { $url = e107::getUrl()->create('page/view', $page, 'allow=page_id,page_sef'); $text .= $this->bullet . " <a href='" . $url . "'>" . $tp->toHtml($page['page_title']) . "</a><br />"; //XXX Better to use <ul> and <li> ?? } // $caption = ($title !='')? $title: LAN_PAGE_11; // e107::getRender()->tablerender($caption, $text,"cpage_list"); } } return $text; }
define('FLOODPROTECT', TRUE); define('FLOODTIMEOUT', max(varset($pref['antiflood_timeout'], 10), 3)); } else { /** * @ignore */ define('FLOODPROTECT', FALSE); } $layout = isset($layout) ? $layout : '_default'; define('HEADERF', e_CORE . "templates/header{$layout}.php"); define('FOOTERF', e_CORE . "templates/footer{$layout}.php"); if (!file_exists(HEADERF)) { message_handler('CRITICAL_ERROR', 'Unable to find file: ' . HEADERF, __LINE__ - 2, __FILE__); } if (!file_exists(FOOTERF)) { message_handler('CRITICAL_ERROR', 'Unable to find file: ' . FOOTERF, __LINE__ - 2, __FILE__); } //define('LOGINMESSAGE', ''); - not needed, breaks login messages define('OPEN_BASEDIR', ini_get('open_basedir') ? true : false); define('SAFE_MODE', ini_get('safe_mode') ? true : false); define('FILE_UPLOADS', ini_get('file_uploads') ? true : false); define('INIT', true); if (isset($_SERVER['HTTP_REFERER'])) { $tmp = explode("?", $_SERVER['HTTP_REFERER']); define('e_REFERER_SELF', $tmp[0] == e_REQUEST_SELF); unset($tmp); } else { /** * @ignore */ define('e_REFERER_SELF', FALSE);
/** * Utility routine to handle the messages returned by process_uploaded_files(). * @param array $upload_array is the list of uploaded files (as returned by process_uploaded_files()) * @param boolean $errors_only - if TRUE, no message is shown for a successful upload. * @param boolean $use_handler - if TRUE, message_handler is used to display the message. * @return string - a list of all accumulated messages. (Non-destructive call, so can be called several times with different options). */ function handle_upload_messages(&$upload_array, $errors_only = TRUE, $use_handler = FALSE) { // Display error messages, accumulate FMESSAGE // Write as a separate routine - returns all messages displayed. Option to only display failures. $f_message = ''; foreach ($upload_array as $k => $r) { if (!$errors_only || $r['error']) { if ($use_handler) { require_once e_HANDLER . "message_handler.php"; message_handler("MESSAGE", $r['message'], $r['line'], $r['file']); } $f_message[] = $r['message']; } } return implode("<br />", $f_message); }
} else { if ($postemail == '-witheld-') { $postemail = ''; } $_POST['file_description'] = $tp->toDB($_POST['file_description']); $file_time = time(); $sql->db_Insert("upload", "0, '" . $poster . "', '" . $postemail . "', '" . $tp->toDB($_POST['file_website']) . "', '" . $file_time . "', '" . $tp->toDB($_POST['file_name']) . "', '" . $tp->toDB($_POST['file_version']) . "', '" . $file . "', '" . $image . "', '" . $tp->toDB($_POST['file_description']) . "', '" . $tp->toDB($_POST['file_demo']) . "', '" . $filesize . "', 0, '" . $downloadCategory . "'"); $edata_fu = array("upload_user" => $poster, "upload_email" => $postemail, "upload_name" => $tp->toDB($_POST['file_name']), "upload_file" => $file, "upload_version" => $_POST['file_version'], "upload_description" => $tp->toDB($_POST['file_description']), "upload_size" => $filesize, "upload_category" => $downloadCategory, "upload_website" => $tp->toDB($_POST['file_website']), "upload_image" => $image, "upload_demo" => $tp->toDB($_POST['file_demo']), "upload_time" => $file_time); $e_event->trigger("fileupload", $edata_fu); $message .= "<br />" . LAN_404; } } } else { // Error - missing data require_once e_HANDLER . "message_handler.php"; message_handler("ALERT", 5); } } if ($message) { $text = "<div style=\"text-align:center\"><b>" . $message . "</b></div>"; $ns->tablerender("", $text); require_once FOOTERF; exit; } $text = "<div style='text-align:center'>\n\t<form enctype='multipart/form-data' method='post' onsubmit='return frmVerify()' action='" . e_SELF . "'>\n\t<table style='" . USER_WIDTH . "' class='fborder'>\n\t<colgroup>\n\t<col style='width:30%' />\n\t<col style='width:70%' />\n\t</colgroup>\n\t<tr>\n\t<td class='forumheader3'>" . DOWLAN_11 . ":</td>\n\t<td class='forumheader3'>"; require_once e_CORE . "shortcodes/batch/download_shortcodes.php"; $dlparm = isset($download_category) ? $download_category : ""; $text .= $tp->parseTemplate("{DOWNLOAD_CATEGORY_SELECT={$dlparm}}", true, $download_shortcodes); $text .= "\n\t</td>\n\t</tr>\n\n\t<tr>\n\t<td style='text-align:center' colspan='2' class='forumheader3'>"; $text .= "<b>" . LAN_406 . "</b><br />" . LAN_419 . ":"; require_once e_HANDLER . 'upload_handler.php';
} unset($_POST); } if ($error) { require_once e_HANDLER . 'message_handler.php'; $temp = array(); if (count($extraErrors)) { $temp[] = implode('<br />', $extraErrors); } if (count($allData['errors'])) { $temp[] = validatorClass::makeErrorList($allData, 'USER_ERR_', '%n - %x - %t: %v', '<br />', $userMethods->userVettingInfo); } if (varsettrue($eufVals['errors'])) { $temp[] = '<br />' . validatorClass::makeErrorList($eufVals, 'USER_ERR_', '%n - %x - %t: %v', '<br />', NULL); } message_handler('P_ALERT', implode('<br />', $temp)); // $adref = $_POST['adminreturn']; } // --- User data has been updated here if appropriate --- $testSessionMessage = e107::getMessage()->get(E_MESSAGE_SUCCESS, 'default', true); // only success in the session if ($testSessionMessage) { $message = implode('<br />', $testSessionMessage); } // we got raw message - array if (isset($message)) { $ns->tablerender($caption, $message); } $uuid = $_uid ? $_uid : USERID; // If $_uid is set, its an admin changing another user's data if ($promptPassword) {
function dbLinkCreate($mode = '') { global $ns, $tp, $qs, $sql, $e107cache, $e_event, $linkspage_pref, $admin_log; $edata_ls = array('link_category' => intval($_POST['cat_id']), 'link_name' => $tp->toDB($_POST['link_name']), 'link_url' => $tp->toDB($_POST['link_url']), 'link_description' => $tp->toDB($_POST['link_description']), 'link_button' => $tp->toDB($_POST['link_but'])); if (!$edata_ls['link_name'] || !$edata_ls['link_url'] || !$edata_ls['link_description']) { message_handler("ALERT", 5); return; } if ($edata_ls['link_url'] && !strstr($edata_ls['link_url'], "http")) { $edata_ls['link_url'] = "http://" . $edata_ls['link_url']; } //create link, submit area, tmp table if (isset($mode) && $mode == "submit") { $edata_ls['username'] = defined('USERNAME') ? USERNAME : LAN_LINKS_3; $submitted_link = implode('^', $edata_ls); $sql->db_Insert("tmp", "'submitted_link', '" . time() . "', '{$submitted_link}' "); $edata_ls['submitted_link'] = $submitted_link; $e_event->trigger("linksub", $edata_ls); //header("location:".e_SELF."?s"); js_location(e_SELF . "?s"); } else { // Admin-entered link $link_t = $sql->db_Count("links_page", "(*)", "WHERE link_category='" . intval($_POST['cat_id']) . "'"); $time = $_POST['update_datestamp'] ? time() : ($_POST['link_datestamp'] != "0" ? $_POST['link_datestamp'] : time()); $edata_ls['link_open'] = intval($_POST['linkopentype']); $edata_ls['link_class'] = intval(varset($_POST['link_class'])); $edata_ls['link_author'] = USERID; // Default //update link if (is_numeric($qs[2]) && $qs[1] != "sn") { if ($qs[1] !== "manage") { $edata_ls['link_author'] = $_POST['link_author'] && $_POST['link_author'] != '' ? $tp->toDB($_POST['link_author']) : USERID; } $edata_ls['link_datestamp'] = $time; $sql->db_UpdateArray("links_page", $edata_ls, " WHERE link_id='" . intval($qs[2]) . "'"); $msg = LCLAN_ADMIN_3; $data = array('method' => 'update', 'table' => 'links_page', 'id' => $qs[2], 'plugin' => 'links_page', 'function' => 'dbLinkCreate'); $msg .= $e_event->triggerHook($data); $admin_log->logArrayAll('LINKS_14', $edata_ls); $e107cache->clear("sitelinks"); $this->show_message($msg); //create link } else { $edata_ls['link_datestamp'] = time(); $edata_ls['link_order'] = $link_t + 1; $sql->db_Insert("links_page", $edata_ls); $msg = LCLAN_ADMIN_2; $id = mysql_insert_id(); $data = array('method' => 'create', 'table' => 'links_page', 'id' => $id, 'plugin' => 'links_page', 'function' => 'dbLinkCreate'); $msg .= $e_event->triggerHook($data); $admin_log->logArrayAll('LINKS_13', $edata_ls); $e107cache->clear("sitelinks"); $this->show_message($msg); } //delete from tmp table after approval if (is_numeric($qs[2]) && $qs[1] == "sn") { $sql->db_Delete("tmp", "tmp_time=" . intval($qs[2])); } } }
function dbLinkCreate($mode = '') { global $tp, $qs, $e107cache, $e_event; $db = e107::getDb('links_page'); $mes = e107::getMessage(); $link_name = $tp->toDB($_POST['link_name']); $link_url = $tp->toDB($_POST['link_url']); $link_description = $tp->toDB($_POST['link_description']); $link_button = $tp->toDB($_POST['link_button']); if (!$link_name || !$link_url || !$link_description) { message_handler("ALERT", 5); return; } if ($link_url && !strstr($link_url, "http")) { $link_url = "http://" . $link_url; } //create link, submit area , not allowed direct post if (isset($mode) && $mode == "submit") { $username = defined('USERNAME') ? USERNAME : LAN_LINKS_3; $insert = array('link_id' => NULL, 'link_name' => $link_name, 'link_url' => $link_url, 'link_description' => $link_description, 'link_button' => $link_button, 'link_category' => intval($_POST['cat_id']), 'link_order' => $link_t + 1, 'link_refer' => 0, 'link_open' => intval($_POST['linkopentype']), 'link_class' => intval($_POST['link_class']), 'link_datestamp' => time(), 'link_author' => USERID, 'link_active' => 0); if ($db->insert("links_page", $insert)) { $mes->addSuccess(LAN_LINKS_29); $mes->render(); } $edata_ls = array("link_category" => $_POST['cat_id'], "link_name" => $link_name, "link_url" => $link_url, "link_description" => $link_description, "link_button" => $link_button, "username" => $username, "submitted_link" => $submitted_link); $e_event->trigger("linksub", $edata_ls); $url = e107::url('links_page', 'submitted', 'full'); //jsx_location($url); e107::getRedirect()->go($url); } elseif (isset($mode) && $mode == "edit") { if (is_numeric($qs[2]) && $qs[1] != "sn") { $link_class = $_POST['link_class']; if ($qs[1] == "manage") { $link_author = USERID; } else { // not needed anymore, left for future $link_author = $_POST['link_author'] && $_POST['link_author'] != '' ? $tp->toDB($_POST['link_author']) : USERID; } $id = intval($qs[2]); $where = 'link_id = ' . $id; $update = array('link_name' => $link_name, 'link_url' => $link_url, 'link_description' => $link_description, 'link_button' => $link_button, 'link_category' => intval($_POST['cat_id']), 'link_open' => intval($_POST['linkopentype']), 'link_class' => intval($link_class), 'link_datestamp' => intval($time), 'link_author' => $link_author, 'link_active' => 0, 'WHERE' => $where); if ($db->update('links_page', $update)) { $mes->addSuccess(LCLAN_ADMIN_3 . ' ' . LAN_LINKS_29); echo $mes->render(); } $e107cache->clear("sitelinks"); } else { e107::getMessage()->addError('Something went wrong. Contact admin.'); echo e107::getMessage()->render(); } } else { $link_t = $db->count("links_page", "(*)", "WHERE link_category='" . intval($_POST['cat_id']) . "'"); $time = $_POST['update_datestamp'] ? time() : ($_POST['link_datestamp'] != "0" ? $_POST['link_datestamp'] : time()); //update link if (is_numeric($qs[2]) && $qs[1] != "sn") { $link_class = $_POST['link_class']; if ($qs[1] == "manage") { $link_author = USERID; } else { $link_author = $_POST['link_author'] && $_POST['link_author'] != '' ? $tp->toDB($_POST['link_author']) : USERID; } $update = array('link_name' => $link_name, 'link_url' => $link_url, 'link_description' => $link_description, 'link_button' => $link_button, 'link_category' => intval($_POST['cat_id']), 'link_open' => intval($_POST['linkopentype']), 'link_class' => intval($link_class), 'link_datestamp' => intval($time), 'link_author' => $link_author, 'link_active' => 1, 'WHERE' => $where); $e107cache->clear("sitelinks"); if ($db->update('links_page', $update)) { $mes->addSuccess(LCLAN_ADMIN_3); echo $mes->render(); } //create link } else { $insert = array('link_id' => NULL, 'link_name' => $link_name, 'link_url' => $link_url, 'link_description' => $link_description, 'link_button' => $link_button, 'link_category' => intval($_POST['cat_id']), 'link_order' => $link_t + 1, 'link_refer' => 0, 'link_open' => intval($_POST['linkopentype']), 'link_class' => intval($_POST['link_class']), 'link_datestamp' => time(), 'link_author' => USERID, 'link_active' => 1); if ($db->insert("links_page", $insert)) { $mes->addSuccess(LCLAN_ADMIN_2); $mes->render(); } $e107cache->clear("sitelinks"); $mes->addSuccess(LCLAN_ADMIN_2); echo $mes->render(); } } }
$num++; // Send fake header to avoid timeout, got this trick from phpMyAdmin $time1 = time(); if ($time1 >= $time0 + 30) { $time0 = $time1; header('X-bpPing: Pong'); } } // EOWHILE $pdf_code = $pdf->output(); $fname = BATCH_PDF_DIR . BATCH_PDF_FILE; if ($fp = fopen($fname, 'w')) { fwrite($fp, $pdf_code); fclose($fp); } else { message_handler('FAILED_TO_OPEN'); } // changed below to cause pdf to open in a new window $message = SUCCESS_1 . $num . SUCCESS_2 . '<a href="' . $fname . '" target="_blank"><b>' . SUCCESS_3 . '</b></a>' . SUCCESS_4; case 0: require BATCH_PRINT_INC . 'batch_print_header.php'; require BATCH_PRINT_INC . 'batch_print_body.php'; require BATCH_PRINT_INC . 'batch_print_footer.php'; break; default: message_handler(); } //EOSWITCH } else { message_handler('ERROR_INVALID_INPUT'); }
function Calibrate($tObject, $count = 10) { if (!defined("E107_DBG_TRAFFIC") || !E107_DBG_TRAFFIC) { return; } if ($tObject != $this) { message_handler("CRITICAL_ERROR", "Bad traffic object", __LINE__ - 2, __FILE__); } if ($count <= 0) { return; } // no calibration $this->calPassBoth = $this->calPassOne = 0.0; for ($i = 0; $i < $count; $i++) { $b = microtime(); $e = microtime(); $tObject->Bump('TRAF_CAL1', $b, $e); // emulate the normal non-insider call $b = microtime(); $tObject->Bump('TRAF_CAL2', $b); } $t = $tObject->aTrafficTimed['TRAF_CAL1']; $this->calPassBoth = $t['Time'] / $t['Count']; $t = $tObject->aTrafficTimed['TRAF_CAL2']; $this->calPassOne = $t['Time'] / $t['Count']; }
/** * Add a comment to an item * e-token POST value should be always valid when using this method. * * @param string|array $data - $author_name or array of all values. * @param unknown_type $comment * @param unknown_type $table * @param integer $id - reference of item in source table to which comment is linked * @param unknown_type $pid - parent comment id when it's a reply to a specific comment. t * @param unknown_type $subject * @param unknown_type $rateindex */ function enter_comment($data, $comment = '', $table = '', $id = '', $pid = '', $subject = '', $rateindex = FALSE) { //rateindex : the posted value from the rateselect box (without the urljump) (see function rateselect()) if ($this->engine != 'e107') { return; } if (is_array($data)) { $table = $data['comment_type']; $id = intval($data['comment_item_id']); $pid = intval($data['comment_pid']); $subject = $data['comment_subject']; $comment = $data['comment_comment']; $author_name = $data['comment_author_name']; $comment_share = intval($data['comment_share']); $comment_datestamp = $data['comment_datestamp']; } else { $author_name = $data; //BC Fix. } global $e107, $rater; $sql = e107::getDb(); $sql2 = e107::getDb('sql2'); $tp = e107::getParser(); $pref = e107::getPref(); if ($this->getCommentPermissions() != 'rw') { return; } if ($user_func = e107::getOverride()->check($this, 'enter_comment')) { return call_user_func($user_func, array('data' => $data, 'comment' => $comment, 'table' => $table, 'id' => $id, 'pid' => $pid, 'subject' => $subject, 'rateindex' => $rateindex)); } if (!isset($_POST['e-token'])) { $_POST['e-token'] = ''; } // check posted token if (!e107::getSession()->check(false)) { return false; } // This will return false on error if (isset($_GET['comment']) && $_GET['comment'] == 'edit') { $eaction = 'edit'; $editpid = $_GET['comment_id']; } elseif (strstr(e_QUERY, "edit")) { $eaction = "edit"; $tmp = explode(".", e_QUERY); $count = 0; foreach ($tmp as $t) { if ($t == "edit") { $editpid = $tmp[$count + 1]; break; } $count++; } } $type = $this->getCommentType($table); $comment = $tp->toDB($comment); $subject = $tp->toDB($subject); $cuser_id = 0; $cuser_name = 'Anonymous'; // Preset as an anonymous comment if (!$sql->select("comments", "*", "comment_comment='" . $comment . "' AND comment_item_id='" . intval($id) . "' AND comment_type='" . $tp->toDB($type, true) . "' ")) { if ($_POST['comment']) { if (USER == TRUE) { $cuser_id = USERID; $cuser_name = USERNAME; $cuser_mail = USEREMAIL; } elseif ($_POST['author_name'] != '') { if ($sql2->select("user", "*", "user_name='" . $tp->toDB($_POST['author_name']) . "' ")) { if ($sql2->select("user", "*", "user_name='" . $tp->toDB($_POST['author_name']) . "' AND user_ip='" . $tp->toDB($ip, true) . "' ")) { //list($cuser_id, $cuser_name) = $sql2->db_Fetch(); $tmp = $sql2->fetch(); $cuser_id = $tmp['user_id']; $cuser_name = $tmp['user_name']; $cuser_mail = $tmp['user_email']; } else { define("emessage", COMLAN_310); } } else { $cuser_name = $tp->toDB($author_name); } } if (!defined("emessage")) { $ip = $e107->getip(); // Store IP 'in the raw' - could be IPv4 or IPv6. Its always returned in a normalised form $_t = time(); if ($editpid) { $comment .= "\n[ " . COMLAN_319 . " [time=short]" . time() . "[/time] ]"; $sql->update("comments", "comment_comment='{$comment}' WHERE comment_id='" . intval($editpid) . "' "); e107::getCache()->clear("comment"); return; } //FIXME - don't sanitize, pass raw data to e_event, use DB array (inner db sanitize) $edata_li = array('comment_pid' => intval($pid), 'comment_item_id' => $id, 'comment_subject' => $subject, 'comment_author_id' => $cuser_id, 'comment_author_name' => $cuser_name, 'comment_author_email' => $tp->toDB($cuser_mail), 'comment_datestamp' => $_t, 'comment_comment' => $comment, 'comment_blocked' => $this->moderateComment($pref['comments_moderate']) ? 2 : 0, 'comment_ip' => $ip, 'comment_type' => $tp->toDB($type, true), 'comment_lock' => 0, 'comment_share' => $comment_share); //SecretR: new event 'prepostcomment' - allow plugin hooks - e.g. Spam Check $edata_li_hook = array_merge($edata_li, array('comment_nick' => $cuser_id . '.' . $cuser_name, 'comment_time' => $_t)); if (e107::getEvent()->trigger("prepostcomment", $edata_li_hook)) { return false; //3rd party code interception } //allow 3rd party code to modify insert data if (is_array($edata_li_hook)) { foreach (array_keys($edata_li) as $k) { if (isset($edata_li_hook[$k])) { $edata_li[$k] = $edata_li_hook[$k]; //sanitize? continue; } if ($k === 'break') { $break = $edata_li_hook[$k]; } } } unset($edata_li_hook); if (!($inserted_id = $sql->insert("comments", $edata_li))) { //echo "<b>".COMLAN_323."</b> ".COMLAN_11; if (e_AJAX_REQUEST) { return "Error"; } e107::getMessage()->addStack(COMLAN_11, 'postcomment', E_MESSAGE_ERROR); } else { if (USER == true) { $sql->update("user", "user_comments=user_comments+1, user_lastpost='" . time() . "' WHERE user_id='" . USERID . "' "); } // Next item for backward compatibility $edata_li["comment_nick"] = $cuser_id . '.' . $cuser_name; $edata_li["comment_time"] = $_t; $edata_li["comment_id"] = $inserted_id; //Why? /*unset($edata_li['comment_pid']); unset($edata_li['comment_author_email']); unset($edata_li['comment_ip']);*/ e107::getEvent()->trigger("postcomment", $edata_li); e107::getCache()->clear("comment"); if ((empty($type) || $type == "news") && !$this->moderateComment($pref['comments_moderate'])) { $sql->update("news", "news_comment_total=news_comment_total+1 WHERE news_id=" . intval($id)); } //if rateindex is posted, enter the rating from this user // if ($rateindex) // { // $rater->enterrating($rateindex); // } return $inserted_id; // return the ID number so it can be used. true; } } } } else { define("emessage", COMLAN_312); } if (defined("emessage")) { if (e_AJAX_REQUEST) { return emessage; } message_handler("ALERT", emessage); } return false; }
if ($_POST['address']) { if ($_POST['address'] == "billing") { $billing = true; } else { $billing = false; } } else { $billing = false; } if ($_POST['endpos']) { $endpos = $_POST['endpos']; } else { $endpos = NUM_LABELS_PER_PAGE; } if (!tep_db_num_rows($orders_query) > 0) { message_handler('NO_ORDERS'); } change_color(GENERAL_FONT_COLOR); for ($y = $pdf->ez['pageHeight'] - STARTY; $y > LABEL_HEIGHT - STARTY; $y -= LABEL_HEIGHT) { for ($x = STARTX; $x < STARTX + NUM_COLUMNS * LABEL_WIDTH; $x += LABEL_WIDTH) { if ($startpos <= $pos && $num < $endpos) { if (print_address($x, $y, $num)) { $num++; } } $pos++; } // Send fake header to avoid timeout, got this trick from phpMyAdmin $time1 = time(); if ($time1 >= $time0 + 30) { $time0 = $time1;
if ($error) { require_once e_HANDLER . "message_handler.php"; $temp = array(); if (count($extraErrors)) { $temp[] = implode('<br />', $extraErrors); } if (count($allData['errors'])) { $temp[] = validatorClass::makeErrorList($allData, 'USER_ERR_', '%n - %x - %t: %v', '<br />', $userMethods->userVettingInfo); } if (varsettrue($eufVals['errors'])) { $temp[] = validatorClass::makeErrorList($eufVals, 'USER_ERR_', '%n - %t: %v', '<br />'); } message_handler('P_ALERT', implode('<br />', $temp)); } } else { message_handler('P_ALERT', implode('<br />', $extraErrors)); // Workaround for image-code errors. } // ========== End of verification.. ============== // If no errors, we can enter the new member in the DB // At this point we have two data arrays: // $allData['data'] - the 'core' user data // $eufVals['data'] - any extended user fields if (!$error) { $error_message = ''; $fp = new floodprotect(); if ($fp->flood("user", "user_join") == FALSE) { header("location:" . e_BASE . "index.php"); exit; } if ($_POST['email'] && $sql->db_Select("user", "*", "user_email='" . $_POST['email'] . "' AND user_ban='" . USER_BANNED . "'")) {
} } if ($submitnews_error === FALSE) { $sql->insert("submitnews", "0, '{$submitnews_user}', '{$submitnews_email}', '{$submitnews_title}', '" . intval($_POST['cat_id']) . "', '{$submitnews_item}', '" . time() . "', '{$ip}', '0', '" . implode(',', $submitnews_filearray) . "' "); $edata_sn = array("user" => $submitnews_user, "email" => $submitnews_email, "itemtitle" => $submitnews_title, "catid" => intval($_POST['cat_id']), "item" => $submitnews_item, "image" => $submitnews_file, "ip" => $ip); e107::getEvent()->trigger("subnews", $edata_sn); // bc e107::getEvent()->trigger("user_news_submit", $edata_sn); $mes = e107::getMessage(); $mes->addSuccess(LAN_134); echo $mes->render(); // $ns->tablerender(LAN_133, "<div style='text-align:center'>".LAN_134."</div>"); require_once FOOTERF; exit; } else { message_handler("P_ALERT", $message); } } $text = ""; if (!defined("USER_WIDTH")) { define("USER_WIDTH", "width:95%"); } if (!empty($pref['news_subheader'])) { $text .= "\n\t <div class='alert alert-block alert-info '>\n\t " . $tp->toHTML($pref['news_subheader'], true, "BODY") . "\n\t </div>"; } $text .= "\n<div>\n <form id='dataform' method='post' action='" . e_SELF . "' enctype='multipart/form-data' onsubmit='return frmVerify()'>\n <table class='table fborder'>"; if (!USER) { $text .= "\n\t <tr>\n\t <td style='width:20%' class='forumheader3'>" . LAN_7 . "</td>\n\t <td style='width:80%' class='forumheader3'>\n\t <input class='tbox' type='text' name='submitnews_name' size='60' value='" . $tp->toHTML($submitnews_user, FALSE, 'USER_TITLE') . "' maxlength='100' required />\n\t </td>\n\t </tr>\n\t <tr>\n\t <td style='width:20%' class='forumheader3'>" . LAN_112 . "</td>\n\t <td style='width:80%' class='forumheader3'>\n\t <input class='tbox' type='text' name='submitnews_email' size='60' value='" . $tp->toHTML($submitnews_email, FALSE, 'LINKTEXT') . "' maxlength='100' required />\n\t </td>\n\t </tr>"; } $text .= "\n<tr>\n <td style='width:20%' class='forumheader3'>" . NWSLAN_6 . ": </td>\n\t<td style='width:80%' class='forumheader3'>"; if (!$sql->select("news_category")) {
} $eaction = true; } else { if ($action == 'quote') { $action = 'reply'; $eaction = false; } } } if (isset($_POST['newthread']) || isset($_POST['reply'])) { $postInfo = array(); $threadInfo = array(); $postOptions = array(); $threadOptions = array(); if (isset($_POST['newthread']) && trim($_POST['subject']) == '' || trim($_POST['post']) == '') { message_handler('ALERT', 5); } else { if ($fp->flood('forum_thread', 'thread_datestamp') == false && !ADMIN) { echo "<script type='text/javascript'>document.location.href='" . e_BASE . "index.php'</script>\n"; exit; } $hasPoll = $action == 'nt' && varset($_POST['poll_title']) && $_POST['poll_option'][0] != '' && $_POST['poll_option'][1] != ''; $postInfo['post_ip'] = e107::getIPHandler()->getIP(FALSE); if (USER) { $postInfo['post_user'] = USERID; $threadInfo['thread_lastuser'] = USERID; $threadInfo['thread_user'] = USERID; $threadInfo['thread_lastuser_anon'] = ''; } else { $postInfo['post_user_anon'] = $_POST['anonname']; $threadInfo['thread_lastuser_anon'] = $_POST['anonname'];