function Lenses_pntables() { // Initialize return variable. $pntable = array(); // Prefix for tables. Or in the case of the main // lens table, the entire table name. $lenses_table = pnConfigGetVar('prefix') . '_lenses'; // Define lenses table and columns. $pntable['lenses'] = $lenses_table; $pntable['lenses_column'] = array('tid' => 'pn_tid', 'name' => 'pn_name', 'aliases' => 'pn_aliases', 'comp_id' => 'pn_comp_id', 'poly_id' => 'pn_poly_id', 'visitint' => 'pn_visitint', 'ew' => 'pn_ew', 'ct' => 'pn_ct', 'dk' => 'pn_dk', 'oz' => 'pn_oz', 'process_text' => 'pn_process_text', 'process_simple' => 'pn_process_simple', 'qty' => 'pn_qty', 'replace_simple' => 'pn_replace_simple', 'replace_text' => 'pn_replace_text', 'wear' => 'pn_wear', 'price' => 'pn_price', 'markings' => 'pn_markings', 'fitting_guide' => 'pn_fitting_guide', 'website' => 'pn_website', 'image' => 'pn_image', 'other_info' => 'pn_other_info', 'discontinued' => 'pn_discontinued', 'display' => 'pn_display', 'redirect' => 'pn_redirect', 'bc_simple' => 'pn_bc_simple', 'bc_all' => 'pn_bc_all', 'max_plus' => 'pn_max_plus', 'max_minus' => 'pn_max_minus', 'max_diam' => 'pn_max_diam', 'min_diam' => 'pn_min_diam', 'diam_1' => 'pn_diam_1', 'base_curves_1' => 'pn_base_curves_1', 'powers_1' => 'pn_powers_1', 'diam_2' => 'pn_diam_2', 'base_curves_2' => 'pn_base_curves_2', 'powers_2' => 'pn_powers_2', 'diam_3' => 'pn_diam_3', 'base_curves_3' => 'pn_base_curves_3', 'powers_3' => 'pn_powers_3', 'sph_notes' => 'pn_sph_notes', 'toric' => 'pn_toric', 'toric_type' => 'pn_toric_type', 'toric_type_simple' => 'pn_toric_type_simple', 'cyl_power' => 'pn_cyl_power', 'max_cyl_power' => 'pn_max_cyl_power', 'cyl_axis' => 'pn_cyl_axis', 'cyl_axis_steps' => 'pn_cyl_axis_steps', 'oblique' => 'pn_oblique', 'cyl_notes' => 'pn_cyl_notes', 'bifocal' => 'pn_bifocal', 'bifocal_type' => 'pn_bifocal_type', 'add_text' => 'pn_add_text', 'max_add' => 'pn_max_add', 'cosmetic' => 'pn_cosmetic', 'enh_names' => 'pn_enh_names', 'enh_names_simple' => 'pn_enh_names_simple', 'opaque_names' => 'pn_opaque_names', 'opaque_names_simple' => 'pn_opaque_names_simple', 'updated' => 'pn_updated'); // Define companies table and columns. $pntable['lenses_companies'] = $lenses_table . '_companies'; $pntable['lenses_companies_column'] = array('comp_tid' => 'pn_comp_tid', 'comp_name' => 'pn_comp_name', 'logo' => 'pn_logo', 'phone' => 'pn_phone', 'address' => 'pn_address', 'city' => 'pn_city', 'state' => 'pn_state', 'zip' => 'pn_zip', 'url' => 'pn_url', 'email' => 'pn_email', 'comp_desc' => 'pn_comp_desc'); // Define polymers table and columns. $pntable['lenses_polymers'] = $lenses_table . '_polymers'; $pntable['lenses_polymers_column'] = array('poly_tid' => 'pn_poly_tid', 'fda_grp' => 'pn_fda_grp', 'h2o' => 'pn_h2o', 'poly_name' => 'pn_poly_name', 'poly_desc' => 'pn_poly_desc'); // Define stats table and columns $pntable['lenses_stats'] = $lenses_table . '_stats'; $pntable['lenses_stats_column'] = array('id' => 'pn_id', 'total' => 'pn_total', 'last_month' => 'pn_last_month', 'this_month' => 'pn_this_month', 'month' => 'pn_month'); // Define zero results table and columns $pntable['lenses_zero'] = $lenses_table . '_zero'; $pntable['lenses_zero_column'] = array('id' => 'pn_id', 'phrase' => 'pn_phrase', 'total' => 'pn_total', 'last_month' => 'pn_last_month', 'this_month' => 'pn_this_month', 'month' => 'pn_month'); // Return entire tables array. return $pntable; }
function foot() { global $index, $pnconfig, $pndebug, $dbg, $debug_sqlcalls, $dbg_starttime; // modification .71 multisites mouzaia /* it should not be necessary here, since config.php is in a table. if (!isset($index)) { include(WHERE_IS_PERSO."config.php"); } */ themefooter(); /** * DebugXHTML will place a link at the bottom of all pages which directs * the page to w3.org's validator server. This will allow all * module developers and theme writers to check their code for XHTML * compliance. Transitional XHTML is hard-coded till the next major * release. */ $debugxhtml = -1; if (pnConfigGetVar('supportxhtml')) { if ($debugxhtml) { xhtml_display_test(); } } // show time to render $mtime = explode(" ", microtime()); $dbg_endtime = $mtime[1] + $mtime[0]; $dbg_totaltime = $dbg_endtime - $dbg_starttime; //printf("<center><font class=\"pn-sub\">Page created in %f seconds.</font></center>", $dbg_totaltime); if ($pndebug['debug']) { $dbg->v($dbg_totaltime, "Page created in (seconds)"); $dbg->v($debug_sqlcalls, "Number of SQL Calls"); } echo "</body>\n</html>"; }
function blocks_ephem_block($row) { list($dbconn) = pnDBGetConn(); $pntable = pnDBGetTables(); $currentlang = pnUserGetLang(); if (!pnSecAuthAction(0, 'Ephemeridsblock::', "{$row['title']}::", ACCESS_READ)) { return; } if (pnConfigGetVar('multilingual') == 1) { $column =& $pntable['ephem_column']; $querylang = "AND ({$column['elanguage']}='" . pnVarPrepForStore($currentlang) . "' OR {$column['elanguage']}='')"; } else { $querylang = ""; } $today = getdate(); $eday = $today['mday']; $emonth = $today['mon']; $column =& $pntable['ephem_column']; $result = $dbconn->Execute("SELECT {$column['yid']}, {$column['content']}\n FROM {$pntable['ephem']}\n WHERE {$column['did']}='" . pnVarPrepForStore($eday) . "' AND {$column['mid']}='" . pnVarPrepForStore($emonth) . "' {$querylang}"); $boxstuff = '<span class="pn-normal"><b>' . _ONEDAY . '</b></span><br />'; while (list($yid, $content) = $result->fields) { $result->MoveNext(); $boxstuff .= '<br /><br />'; $boxstuff .= '<b>' . pnVarPrepForDisplay($yid) . '</b><br />' . pnVarPrepHTMLDisplay(nl2br($content)) . ''; } if (empty($row['title'])) { $row['title'] = _EPHEMERIDS; } $row['content'] = $boxstuff; return themesideblock($row); }
/** * Function to display banners in all pages */ function pnBannerDisplay($type = 0) { // test on config settings if (pnConfigGetVar('banners') != 1) { return ' '; } // added check for numeric type - markwest if (!is_numeric($type)) { return ' '; } $dbconn =& pnDBGetConn(true); $pntable =& pnDBGetTables(); $column =& $pntable['banner_column']; $bresult =& $dbconn->Execute("SELECT count(*) AS count FROM {$pntable['banner']}\n\t\t\t\t\t\t\t\tWHERE {$column['type']} = '" . (int) pnVarPrepForStore($type) . "'"); list($numrows) = $bresult->fields; // we no longer need this, free the resources $bresult->Close(); /* Get a random banner if exist any. */ /* More efficient random stuff, thanks to Cristian Arroyo from http://www.planetalinux.com.ar */ if ($numrows > 1) { $numrows = $numrows - 1; mt_srand((double) microtime() * 1000000); $bannum = mt_rand(0, $numrows); } else { $bannum = 0; } $column =& $pntable['banner_column']; //$query = buildSimpleQuery ('banner', array ('bid', 'imageurl','clickurl'), "$column[type] = $type", '', 1, $bannum); $query = "SELECT {$column['bid']}, {$column['imageurl']}, {$column['clickurl']}\n\t\t\t\tFROM {$pntable['banner']}\n\t\t\t\tWHERE {$column['type']} = '" . (int) pnVarPrepForStore($type) . "'"; $bresult2 =& $dbconn->SelectLimit($query, 1, $bannum); list($bid, $imageurl, $clickurl) = $bresult2->fields; // we no longer need this, free the resources $bresult2->Close(); $myIP = pnConfigGetVar('myIP'); $myhost = pnServerGetVar("REMOTE_ADDR"); if (!empty($myIP) && substr($myhost, 0, strlen($myIP)) == $myIP) { // itevo, MNA: added temporary variable to check when inserting a finished banner (insert only when variable is not set) $ignore_bannerfinish = 1; } else { $dbconn->Execute("UPDATE {$pntable['banner']}\n SET {$column['impmade']}={$column['impmade']}+1\n WHERE {$column['bid']}=" . (int) pnVarPrepForStore($bid) . ""); } if ($numrows > 0) { $aborrar =& $dbconn->Execute("SELECT {$column['cid']},{$column['imptotal']},\n {$column['impmade']}, {$column['clicks']},\n {$column['date']}\n FROM {$pntable['banner']}\n WHERE {$column['bid']}=" . (int) pnVarPrepForStore($bid) . ""); list($cid, $imptotal, $impmade, $clicks, $date) = $aborrar->fields; $aborrar->Close(); /* Check if this impression is the last one and print the banner */ if ($imptotal == $impmade && !isset($ignore_bannerfinish)) { $column =& $pntable['bannerfinish_column']; $dbconn->Execute("INSERT INTO {$pntable['bannerfinish']}\n ( {$column['bid']}, {$column['cid']}, {$column['impressions']}, {$column['clicks']}, {$column['datestart']}, {$column['dateend']} )\n VALUES (NULL, '" . pnVarPrepForStore($cid) . "', '" . pnVarPrepForStore($impmade) . "', '" . pnVarPrepForStore($clicks) . "', '" . pnVarPrepForStore($date) . "', now())"); $dbconn->Execute("DELETE FROM {$pntable['banner']} WHERE {$column['bid']}=" . (int) pnVarPrepForStore($bid) . ""); } list($bid, $clickurl, $imageurl) = pnVarPrepForDisplay($bid, $clickurl, $imageurl); if ($type == 1 or $type == 2 or $type == 0) { echo "<a href=\"banners.php?op=click&bid={$bid}\" title=\"{$clickurl}\"><img src=\"{$imageurl}\" alt=\"{$clickurl}\" /></a>"; } else { $content = "<a href=\"banners.php?op=click&bid={$bid}\" title=\"{$clickurl}\"><img src=\"{$imageurl}\" alt=\"{$clickurl}\" /></a>"; return $content; } } }
function mediashare_vfs_db_dump() { $fileref = $_GET['ref']; // Retrieve image information if (!($media = pnModAPIFunc('mediashare', 'vfs_db', 'getMedia', array('fileref' => $fileref)))) { return false; } // Check access if (!mediashareAccessAlbum($media['albumId'], mediashareAccessRequirementView, null)) { return LogUtil::registerPermissionError(); } // Some Mediashare users have reported this to make their setup work. The buffer may contain something // due to a buggy template or block while (@ob_end_clean()) { } if (pnConfigGetVar('UseCompression') == 1) { // With the "while (@ob_end_clean());" stuff above we are guranteed that no z-buffering is done // But(!) the "ob_start("ob_gzhandler");" made by pnAPI.php means a "Content-Encoding: gzip" is set. // So we need to reset this header since no compression is done header("Content-Encoding: identity"); } // Check cached versus modified date $lastModifiedDate = date('D, d M Y H:i:s T', $media['modifiedDate']); $currentETag = $media['modifiedDate']; global $HTTP_SERVER_VARS; $cachedDate = isset($HTTP_SERVER_VARS['HTTP_IF_MODIFIED_SINCE']) ? $HTTP_SERVER_VARS['HTTP_IF_MODIFIED_SINCE'] : null; $cachedETag = isset($HTTP_SERVER_VARS['HTTP_IF_NONE_MATCH']) ? $HTTP_SERVER_VARS['HTTP_IF_NONE_MATCH'] : null; // If magic quotes are on then all query/post variables are escaped - so strip slashes to make a compare possible // - only cachedETag is expected to contain quotes if (get_magic_quotes_gpc()) { $cachedETag = stripslashes($cachedETag); } if ((empty($cachedDate) || $lastModifiedDate == $cachedDate) && '"' . $currentETag . '"' == $cachedETag) { header("HTTP/1.1 304 Not Modified"); header("Status: 304 Not Modified"); header("Expires: " . date('D, d M Y H:i:s T', time() + 180 * 24 * 3600)); // My PHP insists on Expires in 1981 as default! header('Pragma: cache'); // My PHP insists on putting a pragma "no-cache", so this is an attempt to avoid that header('Cache-Control: public'); header("ETag: \"{$media['modifiedDate']}\""); return true; } header("Expires: " . date('D, d M Y H:i:s T', time() + 180 * 24 * 3600)); // My PHP insists on Expires in 1981 as default! header('Pragma: cache'); // My PHP insists on putting a pragma "no-cache", so this is an attempt to avoid that header('Cache-Control: public'); header("ETag: \"{$media['modifiedDate']}\""); // Ensure correct content-type and a filename for eventual download header("Content-Type: {$media['mimeType']}"); header("Content-Disposition: inline; filename=\"{$media['title']}\""); header("Last-Modified: {$lastModifiedDate}"); header("Content-Length: " . strlen($media['data'])); echo $media['data']; return true; }
/** * Function to display banners in all pages */ function pnBannerDisplay($type = 0) { // test on config settings if (pnConfigGetVar('banners') != 1) { return ' '; } // added check for numeric type - markwest if (!is_numeric($type)) { return ' '; } list($dbconn) = pnDBGetConn(); $pntable = pnDBGetTables(); $column =& $pntable['banner_column']; $bresult = $dbconn->Execute("SELECT count(*) AS count FROM {$pntable['banner']}\n\t\t\t\t\t\t\t\tWHERE {$column['type']} = {$type}"); list($numrows) = $bresult->fields; // we no longer need this, free the resources $bresult->Close(); /* Get a random banner if exist any. */ /* More efficient random stuff, thanks to Cristian Arroyo from http://www.planetalinux.com.ar */ if ($numrows > 1) { $numrows = $numrows - 1; mt_srand((double) microtime() * 1000000); $bannum = mt_rand(0, $numrows); } else { $bannum = 0; } $column =& $pntable['banner_column']; $query = buildSimpleQuery('banner', array('bid', 'imageurl', 'clickurl'), "{$column['type']} = {$type}", '', 1, $bannum); $bresult2 = $dbconn->Execute($query); list($bid, $imageurl, $clickurl) = $bresult2->fields; // we no longer need this, free the resources $bresult2->Close(); $myIP = pnConfigGetVar('myIP'); $myhost = getenv("REMOTE_ADDR"); if ($myIP == $myhost) { // do nothing } else { $dbconn->Execute("UPDATE {$pntable['banner']}\n SET {$column['impmade']}={$column['impmade']}+1\n WHERE {$column['bid']}=" . pnVarPrepForStore($bid) . ""); } if ($numrows > 0) { $aborrar = $dbconn->Execute("SELECT {$column['cid']},{$column['imptotal']},\n {$column['impmade']}, {$column['clicks']},\n {$column['date']}\n FROM {$pntable['banner']}\n WHERE {$column['bid']}=" . pnVarPrepForStore($bid) . ""); list($cid, $imptotal, $impmade, $clicks, $date) = $aborrar->fields; $aborrar->Close(); /* Check if this impression is the last one and print the banner */ if ($imptotal == $impmade) { $column =& $pntable['bannerfinish_column']; $dbconn->Execute("INSERT INTO {$pntable['bannerfinish']}\n ( {$column['bid']}, {$column['cid']}, {$column['impressions']}, {$column['clicks']}, {$column['datestart']}, {$column['dateend']} )\n VALUES (NULL, '" . pnVarPrepForStore($cid) . "', '" . pnVarPrepForStore($impmade) . "', '" . pnVarPrepForStore($clicks) . "', '" . pnVarPrepForStore($date) . "', now())"); $dbconn->Execute("DELETE FROM {$pntable['banner']} WHERE {$column['bid']}=" . pnVarPrepForStore($bid) . ""); } if ($type == 1 or $type == 2 or $type == 0) { echo "<a href=\"banners.php?op=click&bid={$bid}\" target=\"_blank\" title=\"{$clickurl}\"><img src=\"{$imageurl}\" border=\"0\" alt=\"" . _CLICK . "\"></a>"; } else { $content = "<a href=\"banners.php?op=click&bid={$bid}\" target=\"_blank\" title=\"{$clickurl}\"><img src=\"{$imageurl}\" border=\"0\" alt=\"" . _CLICK . "\"></a>"; return $content; } } }
function blocks_thelang_block($row) { $currentlang = pnUserGetLang(); if (!pnSecAuthAction(0, 'Languageblock::', "{$row['title']}::", ACCESS_OVERVIEW)) { return; } if (!pnConfigGetVar('multilingual')) { return; } $currentURL = $_SERVER['REQUEST_URI']; if ($currentURL === "") { $currentURL = "index.php"; } $pattern = '/\\?newlang=.../'; $currentURL = preg_replace($pattern, '', $currentURL); $pattern = '/\\&newlang=.../'; $currentURL = pnVarPrepForDisplay(preg_replace($pattern, '', $currentURL)); $append = "&"; if (strpos($currentURL, '?') === false) { $append = "?"; } $lang = languagelist(); $handle = opendir('language'); while ($f = readdir($handle)) { if (is_dir("language/{$f}") && !empty($lang[$f])) { $langlist[$f] = $lang[$f]; $sel_lang[$f] = ''; } } asort($langlist); $content = '<center><font class="pn-normal">' . _SELECTGUILANG . '</font><br><br>'; if (pnConfigGetVar('useflags')) { $i = 1; foreach ($langlist as $k => $v) { if ($i > 3) { $content .= "<br>\n"; $i = 1; } $imgsize = @getimagesize("images/flags/flag-{$k}.png"); $content .= "<a href=\"{$currentURL}" . $append . "newlang={$k}\"><img src=\"images/flags/flag-{$k}.png\" border=\"0\" alt=\"{$lang[$k]}\" hspace=\"3\" vspace=\"3\" {$imgsize['3']}></a>"; $i++; } $content .= '</center>'; } else { $content .= '<form method="post" action="index.php"><select class="pn-text" name="newlanguage" onChange="top.location.href=this.options[this.selectedIndex].value">'; $sel_lang[$currentlang] = ' selected'; foreach ($langlist as $k => $v) { $content .= "<option value=\"{$currentURL}" . $append . "newlang={$k}\"{$sel_lang[$k]}>{$v}</option>\n"; } $content .= '</select></form></center>'; } if (empty($row['title'])) { $row['title'] = _SELECTLANGUAGE; } $row['content'] = $content; return themesideblock($row); }
function blocks_login_block($row) { global $HTTP_SERVER_VARS; if (empty($row['title'])) { $row['title'] = 'Login'; } if (!pnSecAuthAction(0, 'Loginblock::', "{$row['title']}::", ACCESS_READ)) { return; } // code taken pnGetBaseURI to fix issue with IIS not passing request_uri // markwest // Start of with REQUEST_URI if (isset($HTTP_SERVER_VARS['REQUEST_URI'])) { $path = $HTTP_SERVER_VARS['REQUEST_URI']; } else { $path = getenv('REQUEST_URI'); } if (empty($path) || substr($path, -1, 1) == '/') { // REQUEST_URI was empty or pointed to a path // Try looking at PATH_INFO $path = getenv('PATH_INFO'); if (empty($path)) { // No luck there either // Try SCRIPT_NAME if (isset($HTTP_SERVER_VARS['SCRIPT_NAME'])) { $path = $HTTP_SERVER_VARS['SCRIPT_NAME']; } else { $path = getenv('SCRIPT_NAME'); } } } if (!pnUserLoggedIn()) { // prettified a little with a table for inputs and button to avoid bugs like #493456 (Andy Varganov) $boxstuff = '<form action="user.php" method="post">'; $boxstuff .= '<table border="0" width="100%" cellspacing="0" cellpadding="1"><tr><td>'; $boxstuff .= '<span class="pn-normal"> ' . _BLOCKNICKNAME . '</span></td></tr><tr><td>'; $boxstuff .= '<input type="text" name="uname" size="14" maxlength="25"></td></tr><tr><td>'; $boxstuff .= '<span class="pn-normal"> ' . _BLOCKPASSWORD . '</span></td></tr><tr><td>'; $boxstuff .= '<input type="password" name="pass" size="14" maxlength="20"></td></tr><tr><td>'; if (pnConfigGetVar('seclevel') != 'High') { $boxstuff .= '<input type="checkbox" value="1" name="rememberme" />'; $boxstuff .= '<span class="pn-normal"> ' . _REMEMBERME . '</span></td></tr><tr><td>'; } $boxstuff .= '<br>'; $boxstuff .= '<input type="hidden" name="module" value="NS-User" />'; $boxstuff .= '<input type="hidden" name="op" value="login" />'; $boxstuff .= '<input type="hidden" name="url" value="' . pnVarPrepForDisplay($path) . '" />'; $boxstuff .= '<input type="submit" value="' . _LOGIN . '" /></td></tr><tr><td>'; $boxstuff .= '<br /><span class="pn-normal">' . _ASREGISTERED . '</span></td></tr><tr><td></table></form>'; if (empty($row['title'])) { $row['title'] = _LOGIN; } $row['content'] = $boxstuff; return themesideblock($row); } }
function blocks_topic_block($row) { //global $topic, $catid; list($dbconn) = pnDBGetConn(); $pntable = pnDBGetTables(); $currentlang = pnUserGetLang(); if (!pnSecAuthAction(0, 'Topicblock::', "{$row['title']}::", ACCESS_READ)) { return; } $language = pnConfigGetVar('language'); $topic = ""; $catid = ""; if (pnConfigGetVar('multilingual') == 1) { $column =& $pntable['stories_column']; $querylang = "AND ({$column['alanguage']}='{$currentlang}' OR {$column['alanguage']}='')"; /* the OR is needed to display stories who are posted to ALL languages */ } else { $querylang = ''; } $column =& $pntable['topics_column']; $result = $dbconn->Execute("SELECT {$column['topicid']} AS topicid, {$column['topicname']} as topicname FROM {$pntable['topics']} ORDER BY topicname"); if ($result->EOF) { return; } else { $boxstuff = '<span class="pn-normal">'; if ($topic == "") { $boxstuff .= "<strong><big>·</big></strong> <b><a href=\"modules.php?op=modload&name=Topics&file=index\">" . _ALL_TOPICS . "</a></b><br>"; } else { $boxstuff .= "<strong><big>·</big></strong> <a href=\"modules.php?op=modload&name=News&file=index&catid={$catid}\">" . _ALL_TOPICS . "</a><br>"; } while (!$result->EOF) { $srow = $result->GetRowAssoc(false); $result->MoveNext(); if (pnSecAuthAction(0, 'Topics::Topic', "{$srow['topicname']}::{$srow['topicid']}", ACCESS_READ)) { $column =& $pntable['stories_column']; $result2 = $dbconn->Execute("SELECT {$column['time']} AS unixtime FROM {$pntable['stories']} WHERE {$column['topic']}={$srow['topicid']} {$querylang} ORDER BY {$column['time']} DESC"); if (!$result2->EOF) { $story = $result2->GetRowAssoc(false); $story['unixtime'] = $result2->UnixTimeStamp($story['unixtime']); $sdate = ml_ftime(_DATEBRIEF, $story['unixtime']); if ($topic == $srow['topicid']) { $boxstuff .= "<strong><big>·</big></strong> <span class=\"pn-title\"><b>{$srow['topicname']}</b></span> <span class=\"pn-sub\">({$sdate})</span><br>"; } else { $boxstuff .= "<strong><big>·</big></strong> <a class=\"pn-normal\" href=\"modules.php?op=modload&name=News&file=index&catid={$catid}&topic={$srow['topicid']}\">{$srow['topicname']}</a> <span class=\"pn-sub\">({$sdate})</span><br>"; } } } } } $boxstuff .= '</span>'; if (empty($row['title'])) { $row['title'] = _TOPICS; } $row['content'] = $boxstuff; return themesideblock($row); }
function admin_menu($help_file = '') { $pntable = pnDBGetTables(); list($newsubs) = db_select_one_row("SELECT count(*) FROM {$pntable['queue']}"); if (!pnSecAuthAction(0, "::", '::', ACCESS_EDIT)) { // suppress admin display - return to index. pnRedirect('index.php'); } else { menu_title('admin.php', _ADMINMENU); menu_graphic(pnConfigGetVar('admingraphic')); if ($help_file != '') { menu_help($help_file, _ONLINEMANUAL); } $mods = pnModGetAdminMods(); if ($mods == false) { // there aren't admin modules return; } foreach ($mods as $mod) { // Hack until the new news module comes into being // TODO - remove this at appropriate time if ($mod['name'] == 'AddStory') { $mod['name'] = 'Stories'; } if (pnSecAuthAction(0, "{$mod['name']}::", '::', ACCESS_EDIT)) { if (file_exists("modules/" . pnVarPrepForOS($mod['directory']) . "/pnadmin.php")) { $file = "modules/" . pnVarPrepForOS($mod['directory']) . "/pnimages/admin."; if (file_exists($file . 'gif')) { $imgfile = $file . 'gif'; } elseif (file_exists($file . 'jpg')) { $imgfile = $file . 'jpg'; } elseif (file_exists($file . 'png')) { $imgfile = $file . 'png'; } else { $imgfile = 'modules/NS-Admin/images/default.gif'; } menu_add_option(pnVarPrepForDisplay(pnModURL($mod['name'], 'admin')), $mod['displayname'], $imgfile); } else { $file = "modules/" . pnVarPrepForOS($mod['directory']) . "/images/admin."; if (file_exists($file . 'gif')) { $imgfile = $file . 'gif'; } elseif (file_exists($file . 'jpg')) { $imgfile = $file . 'jpg'; } elseif (file_exists($file . 'png')) { $imgfile = $file . 'png'; } else { $imgfile = 'modules/NS-Admin/images/default.gif'; } menu_add_option("admin.php?module={$mod['directory']}&op=main", $mod['displayname'], $imgfile); } } } } }
function blocks_category_block($row) { global $topic, $catid; list($dbconn) = pnDBGetConn(); $pntable = pnDBGetTables(); if (!pnSecAuthAction(0, 'Categoryblock::', "{$row['title']}::", ACCESS_READ)) { return; } if (pnConfigGetVar('multilingual') == 1) { $column =& $pntable['stories_column']; $querylang = "AND ({$column['alanguage']}='" . pnVarPrepForStore(pnUserGetLang()) . "' OR {$column['alanguage']}='')"; /* the OR is needed to display stories who are posted to ALL languages */ } else { $querylang = ''; } $column =& $pntable['stories_cat_column']; $result = $dbconn->Execute("SELECT {$column['catid']} as catid, {$column['title']} as title FROM {$pntable['stories_cat']} ORDER BY {$column['title']}"); if ($result->EOF) { return; } else { $boxstuff = '<span class="pn-normal">'; if ($catid == "") { // $boxstuff .= '<strong><big>·</big></strong> <b>'._ALL_CATEGORIES.'</b><br />'; $boxstuff .= ""; } else { $boxstuff .= "<strong><big>·</big></strong> <a href=\"modules.php?op=modload&name=News&file=index&topic={$topic}\">" . _ALL_CATEGORIES . "</a><br />"; } for (; !$result->EOF; $result->MoveNext()) { $srow = $result->GetRowAssoc(false); if (pnSecAuthAction(0, 'Stories::Category', "{$srow['title']}::{$srow['catid']}", ACCESS_READ)) { $column =& $pntable['stories_column']; $result2 = $dbconn->Execute("SELECT {$column['time']} AS unixtime\n FROM {$pntable['stories']}\n WHERE {$column['catid']}=" . pnVarPrepForStore($srow['catid']) . " {$querylang}\n ORDER BY {$column['time']} DESC"); if (!$result2->EOF) { $story = $result2->GetRowAssoc(false); $story['unixtime'] = $result2->UnixTimeStamp($story['unixtime']); $sdate = ml_ftime(_DATEBRIEF, $story['unixtime']); if ($catid == $srow['catid']) { $boxstuff .= "<strong><big>·</big></strong> <span class=\"pn-title\"><b>" . pnVarPrepForDisplay($srow['title']) . "</b></span> <span class=\"pn-sub\">(" . pnVarPrepForDisplay($sdate) . ")</span><br />"; } else { $boxstuff .= "<strong><big>·</big></strong> <a class=\"pn-normal\" href=\"modules.php?op=modload&name=News&file=index&catid={$srow['catid']}&topic={$topic}\">" . pnVarPrepForDisplay($srow['title']) . "</a> <span class=\"pn-sub\">(" . pnVarPrepForDisplay($sdate) . ")</span><br />"; } } } } } $boxstuff .= '</span>'; if (empty($row['title'])) { $row['title'] = _CATEGORIES; } $row['content'] = $boxstuff; return themesideblock($row); }
/** * This function is called internally by the core whenever the module is * loaded. It adds in the information */ function template_pntables() { // Initialise table array $pntable = array(); // Get the name for the template item table. This is not necessary // but helps in the following statements and keeps them readable $template = pnConfigGetVar('prefix') . '_template'; // Set the table name $pntable['template'] = $template; // Set the column names. Note that the array has been formatted // on-screen to be very easy to read by a user. $pntable['template_column'] = array('tid' => $template . '.pn_tid', 'name' => $template . '.pn_name', 'number' => $template . '.pn_number'); // Return the table information return $pntable; }
function themeheader() { $sitename = pnConfigGetVar('sitename'); $banners = pnConfigGetVar('banners'); echo "</head>"; echo "<body>" . "<br>"; if (pnModAvailable('Banners')) { pnBannerDisplay(); } echo "<br>" . "<table border=\"0\" cellpadding=\"4\" cellspacing=\"0\" width=\"100%\" align=\"center\"><tr><td bgcolor=\"{$GLOBALS['bgcolor1']}\">" . "<table border=\"0\" cellspacing=\"0\" cellpadding=\"3\" width=\"100%\" bgcolor=\"{$GLOBALS['bgcolor1']}\"><tr><td>" . "<a href=\"index.php\"><img src=\"" . WHERE_IS_PERSO . "images/logo.gif\" Alt=\"" . _WELCOMETO . " {$sitename}\" border=\"0\"></a>" . "</td><td align=\"right\">" . '<form action="modules.php" method="post">' . '<input type="hidden" name="name" value="Search">' . '<input type="hidden" name="file" value="index">' . '<input type="hidden" name="op" value="modload">' . '<input type="hidden" name="action" value="search">' . '<input type="hidden" name="overview" value="1">' . '<input type="hidden" name="active_stories" value="1">' . '<input type="hidden" name="bool" value="AND">' . '<input type="hidden" name="stories_cat" value="">' . '<input type="hidden" name="stories_topics" value="">' . '<div align="right"><font class="pn-normal">' . _SEARCH . ' </font>' . "<input class=\"pn-text\" NAME=\"q\" TYPE=\"text\" VALUE=\"\"> \n" . '</div>' . '</form>' . "</td></tr></table></td></tr><tr><td valign=\"top\" width=\"100%\" bgcolor=\"{$GLOBALS['bgcolor1']}\">" . "<table border=\"0\" cellspacing=\"0\" cellpadding=\"2\" width=\"100%\">\n <tr><td valign=\"top\" width=\"150\" bgcolor=\"{$GLOBALS['bgcolor1']}\">"; blocks('left'); echo "<img src=\"images/global/pix.gif\" border=\"0\" width=\"100%\" height=\"1\" alt=\"\">\n </td>\n <td> </td>\n <td valign=\"top\">"; if ($GLOBALS['index'] == 1) { blocks('centre'); } }
/** * This function is called internally by the core whenever the module is * loaded. It adds in the information */ function postcalendar_pntables() { // Initialise table array $pntable = array(); $prefix = pnConfigGetVar('prefix'); //$prefix = 'Rogue'; $pc_events = $prefix . '_postcalendar_events'; $pntable['postcalendar_events'] = $pc_events; $pntable['postcalendar_events_column'] = array('eid' => 'pc_eid', 'catid' => 'pc_catid', 'lid' => 'pc_lid', 'aid' => 'pc_aid', 'title' => 'pc_title', 'time' => 'pc_time', 'hometext' => 'pc_hometext', 'comments' => 'pc_comments', 'counter' => 'pc_counter', 'topic' => 'pc_topic', 'informant' => 'pc_informant', 'eventDate' => 'pc_eventDate', 'duration' => 'pc_duration', 'endDate' => 'pc_endDate', 'recurrtype' => 'pc_recurrtype', 'recurrspec' => 'pc_recurrspec', 'recurrfreq' => 'pc_recurrfreq', 'startTime' => 'pc_startTime', 'endTime' => 'pc_endTime', 'alldayevent' => 'pc_alldayevent', 'location' => 'pc_location', 'conttel' => 'pc_conttel', 'contname' => 'pc_contname', 'contemail' => 'pc_contemail', 'website' => 'pc_website', 'fee' => 'pc_fee', 'eventstatus' => 'pc_eventstatus', 'sharing' => 'pc_sharing', 'language' => 'pc_language'); // @since version 3.1 // new category table $pc_categories = $prefix . '_postcalendar_categories'; $pntable['postcalendar_categories'] = $pc_categories; $pntable['postcalendar_categories_column'] = array('catid' => 'pc_catid', 'catname' => 'pc_catname', 'catcolor' => 'pc_catcolor', 'catdesc' => 'pc_catdesc', 'recurrtype' => 'pc_recurrtype', 'recurrspec' => 'pc_recurrspec', 'recurrfreq' => 'pc_recurrfreq', 'duration' => 'pc_duration', 'limit' => 'pc_dailylimit'); $pc_limit = $prefix . '_postcalendar_limits'; $pntable['postcalendar_limits'] = $pc_limit; $pntable['postcalendar_limits_column'] = array('limitid' => 'pc_limitid', 'catid' => 'pc_catid', 'starttime' => 'pc_starttime', 'endtime' => 'pc_endtime', 'limit' => 'pc_limit'); return $pntable; }
function send_email() { $adminmail = pnConfigGetVar('adminmail'); $subject = "" . _ERROR404_MAILSUBJECT . ""; $sitename = pnConfigGetVar('sitename'); $remote_addr = pnServerGetVar('REMOTE_ADDR'); $http_referer = pnServerGetVar('HTTP_REFERER'); $redirect_url = pnServerGetVar('REDIRECT_URL'); $server = pnServerGetVar('HTTP_HOST'); $errordoc = "http://{$server}{$redirect_url}"; $errortime = ml_ftime(_DATETIMEBRIEF, date(time())); $message = "{$subject}\n\n"; $message .= "TIME: {$errortime}\n"; $message .= "REMOTE_ADDR: {$remote_addr}\n"; $message .= "ERRORDOC: " . pnVarPrepForDisplay($errordoc) . "\n"; $message .= "HTTP_REFERER: {$http_referer}\n"; pnMail($adminmail, $subject, $message, "From: \"{$sitename}\" <{$adminmail}>\nX-Mailer: PHP/" . phpversion()); echo "<br /><br /><strong>" . _ERROR404_MAILED . "</strong>\n"; }
/** * Module table references. */ function Meds_pntables() { // Initialize the return variable. $pntable = array(); // Get database table prefix. $prefix = pnConfigGetVar('prefix'); // Define main module-table name. $meds = $prefix . '_rx'; $pntable['rx_preserve'] = $meds . '_preserve'; $pntable['rx_preserve_column'] = array('pres_id' => 'pn_pres_id', 'name' => 'pn_name', 'comments' => 'pn_comments'); // Assign another table name. $pntable['rx_company'] = $meds . '_company'; $pntable['rx_company_column'] = array('comp_id' => 'pn_comp_id', 'name' => 'pn_name', 'phone' => 'pn_phone', 'street' => 'pn_street', 'city' => 'pn_city', 'state' => 'pn_state', 'zip' => 'pn_zip', 'email' => 'pn_email', 'url' => 'pn_url', 'comments' => 'pn_comments'); // Assign another table name. $pntable['rx_chem'] = $meds . '_chem'; $pntable['rx_chem_column'] = array('chem_id' => 'pn_chem_id', 'name' => 'pn_name', 'moa_id' => 'pn_moa_id'); // Assign another table name. $pntable['rx_moa'] = $meds . '_moa'; $pntable['rx_moa_column'] = array('moa_id' => 'pn_moa_id', 'name' => 'pn_name', 'comments' => 'pn_comments'); $pntable['rx_meds'] = $meds . '_meds'; $pntable['rx_meds_column'] = array('med_id' => 'pn_med_id', 'trade' => 'pn_trade', 'comp_id' => 'pn_comp_id', 'medType1' => 'pn_medType1', 'medType2' => 'pn_medType2', 'preg' => 'pn_preg', 'schedule' => 'pn_schedule', 'generic' => 'pn_generic', 'image1' => 'pn_image1', 'image2' => 'pn_image2', 'dose' => 'pn_dose', 'peds' => 'pn_peds', 'ped_text' => 'pn_ped_text', 'nurse' => 'pn_nurse', 'pres_id1' => 'pn_pres_id1', 'pres_id2' => 'pn_pres_id2', 'comments' => 'pn_comments', 'rxInfo' => 'pn_rxInfo', 'med_url' => 'pn_med_url', 'updated' => 'pn_updated', 'display' => 'pn_display', 'conc1' => 'pn_conc1', 'chem_id1' => 'pn_chem_id1', 'moa_id1' => 'pn_moa_id1', 'conc2' => 'pn_conc2', 'chem_id2' => 'pn_chem_id2', 'moa_id2' => 'pn_moa_id2', 'conc3' => 'pn_conc3', 'chem_id3' => 'pn_chem_id3', 'moa_id3' => 'pn_moa_id3', 'conc4' => 'pn_conc4', 'chem_id4' => 'pn_chem_id4', 'moa_id4' => 'pn_moa_id4', 'form1' => 'pn_form1', 'size1' => 'pn_size1', 'cost1' => 'pn_cost1', 'form2' => 'pn_form2', 'size2' => 'pn_size2', 'cost2' => 'pn_cost2', 'form3' => 'pn_form3', 'size3' => 'pn_size3', 'cost3' => 'pn_cost3', 'form4' => 'pn_form4', 'size4' => 'pn_size4', 'cost4' => 'pn_cost4'); // Return tables array. return $pntable; }
function pnMailHackAttempt($detecting_file = "(no filename available)", $detecting_line = "(no line number available)", $hack_type = "(no type given)", $message = "(no message given)") { # Backwards compatibility fix with php 4.0.x and 4.1.x or greater Neo if (phpversion() >= "4.2.0") { $_pv = $_POST; $_gv = $_GET; $_rv = $_REQUEST; $_sv = $_SERVER; $_ev = $_ENV; $_cv = $_COOKIE; $_fv = $_FILES; $_snv = $_SESSION; } else { global $HTTP_POST_VARS, $HTTP_GET_VARS, $HTTP_SERVER_VARS, $HTTP_ENV_VARS, $HTTP_COOKIE_VARS, $HTTP_POST_FILES, $HTTP_SESSION_VARS; $_pv = $HTTP_POST_VARS; $_gv = $HTTP_GET_VARS; $_rv = array(); $_sv = $HTTP_SERVER_VARS; $_ev = $HTTP_ENV_VARS; $_cv = $HTTP_COOKIE_VARS; $_fv = $HTTP_POST_FILES; $_snv = $HTTP_SESSION_VARS; } $output = "Attention site admin of " . pnConfigGetVar('sitename') . ",\n"; $output .= "On " . ml_ftime(_DATEBRIEF, GetUserTime(time())); $output .= " at " . ml_ftime(_TIMEBRIEF, GetUserTime(time())); $output .= " the Postnuke code has detected that somebody tried to" . " send information to your site that may have been intended" . " as a hack. Do not panic, it may be harmless: maybe this" . " detection was triggered by something you did! Anyway, it" . " was detected and blocked. \n"; $output .= "The suspicious activity was recognized in {$detecting_file} " . "on line {$detecting_line}, and is of the type {$hack_type}. \n"; $output .= "Additional information given by the code which detected this: " . $message; $output .= "\n\nBelow you will find a lot of information obtained about " . "this attempt, that may help you to find what happened and " . "maybe who did it.\n\n"; $output .= "\n=====================================\n"; $output .= "Information about this user:\n"; $output .= "=====================================\n"; if (!pnUserLoggedIn()) { $output .= "This person is not logged in.\n"; } else { $output .= "Postnuke username: "******"\n" . "Registered email of this Postnuke user: "******"\n" . "Registered real name of this Postnuke user: "******"\n"; } $output .= "IP numbers: [note: when you are dealing with a real cracker " . "these IP numbers might not be from the actual computer he is " . "working on]" . "\n\t IP according to HTTP_CLIENT_IP: " . getenv('HTTP_CLIENT_IP') . "\n\t IP according to REMOTE_ADDR: " . getenv('REMOTE_ADDR') . "\n\t IP according to GetHostByName(\$REMOTE_ADDR): " . GetHostByName($REMOTE_ADDR) . "\n\n"; $output .= "\n=====================================\n"; $output .= "Information in the \$_REQUEST array\n"; $output .= "=====================================\n"; while (list($key, $value) = each($_rv)) { $output .= "REQUEST * {$key} : {$value}\n"; } $output .= "\n=====================================\n"; $output .= "Information in the \$_GET array\n"; $output .= "This is about variables that may have been "; $output .= "in the URL string or in a 'GET' type form.\n"; $output .= "=====================================\n"; while (list($key, $value) = each($_gv)) { $output .= "GET * {$key} : {$value}\n"; } $output .= "\n=====================================\n"; $output .= "Information in the \$_POST array\n"; $output .= "This is about visible and invisible form elements.\n"; $output .= "=====================================\n"; while (list($key, $value) = each($_pv)) { $output .= "POST * {$key} : {$value}\n"; } $output .= "\n=====================================\n"; $output .= "Browser information\n"; $output .= "=====================================\n"; global $HTTP_USER_AGENT; $output .= "HTTP_USER_AGENT: " . $HTTP_USER_AGENT . "\n"; $browser = (array) get_browser(); while (list($key, $value) = each($browser)) { $output .= "BROWSER * {$key} : {$value}\n"; } $output .= "\n=====================================\n"; $output .= "Information in the \$_SERVER array\n"; $output .= "=====================================\n"; while (list($key, $value) = each($_sv)) { $output .= "SERVER * {$key} : {$value}\n"; } $output .= "\n=====================================\n"; $output .= "Information in the \$_ENV array\n"; $output .= "=====================================\n"; while (list($key, $value) = each($_ev)) { $output .= "ENV * {$key} : {$value}\n"; } $output .= "\n=====================================\n"; $output .= "Information in the \$_COOKIE array\n"; $output .= "=====================================\n"; while (list($key, $value) = each($_cv)) { $output .= "COOKIE * {$key} : {$value}\n"; } $output .= "\n=====================================\n"; $output .= "Information in the \$_FILES array\n"; $output .= "=====================================\n"; while (list($key, $value) = each($_fv)) { $output .= "FILES * {$key} : {$value}\n"; } $output .= "\n=====================================\n"; $output .= "Information in the \$_SESSION array\n"; $output .= "This is session info. The variables\n"; $output .= " starting with PNSV are PostNukeSessionVariables.\n"; $output .= "=====================================\n"; while (list($key, $value) = each($_snv)) { $output .= "SESSION * {$key} : {$value}\n"; } $sitename = pnConfigGetVar('sitename'); $adminmail = pnConfigGetVar('adminmail'); $headers = "From: {$sitename} <{$adminmail}>\n" . "X-Priority: 1 (Highest)\n"; pnMail($adminmail, 'Attempted hack on your site? (type: ' . $hack_type . ')', $output, $headers); return; }
print_r($_GET); print_r($_SESSION); die; */ //print_r($_SESSION); // start PN pnInit(); // Get variables list($module, $func, $op, $name, $file, $type, ) = pnVarCleanFromInput('module', 'func', 'op', 'name', 'file', 'type'); // Defaults for variables if (isset($catid)) { pnVarCleanFromInput('catid'); } // check requested module and set to start module if not present if (empty($name)) { $name = pnConfigGetVar('startpage'); // fixed for the new style of loading modules and set start page for them [class007] if (empty($module)) { $module = $name; } } // get module information $modinfo = pnModGetInfo(pnModGetIDFromName($module)); if ($modinfo['type'] == 2) { // New-new style of loading modules if (empty($type)) { $type = 'user'; } if (empty($func)) { $func = "main"; }
/** * display block */ function admin_messages_messagesblock_display($row) { list($dbconn) = pnDBGetConn(); $pntable = pnDBGetTables(); if (!isset($row['title'])) { $row['title'] = ''; } if (!pnSecAuthAction(0, 'Admin Messages:Messagesblock:', "{$row['title']}::", ACCESS_READ)) { return; } $messagestable = $pntable['message']; $messagescolumn =& $pntable['message_column']; if (pnConfigGetVar('multilingual') == 1) { $currentlang = pnUserGetLang(); $querylang = "AND ({$messagescolumn['mlanguage']}='{$currentlang}' OR {$messagescolumn['mlanguage']}='')"; } else { $querylang = ''; } $sql = "SELECT {$messagescolumn['mid']},\n {$messagescolumn['title']},\n {$messagescolumn['content']},\n {$messagescolumn['date']},\n {$messagescolumn['view']}\n FROM {$messagestable}\n WHERE {$messagescolumn['active']} = 1 \n AND ( {$messagescolumn['expire']} > unix_timestamp(now())\n OR {$messagescolumn['expire']} = 0)\n {$querylang}\n ORDER by {$messagescolumn['mid']} DESC"; $result = $dbconn->Execute($sql); if ($dbconn->ErrorNo() != 0) { return; } $output = new pnHTML(); while (list($mid, $title, $content, $date, $view) = $result->fields) { $result->MoveNext(); $show = 0; if (pnSecAuthAction(0, 'Admin Messages:Messagesblock:', "{$row['title']}::{$mid}", ACCESS_READ)) { switch ($view) { case 1: // Message for everyone $show = 1; break; case 2: // Message for users if (pnUserLoggedIn()) { $show = 1; } break; case 3: // Messages for non-users if (!pnUserLoggedIn()) { $show = 1; } break; case 4: // Messages for administrators of any description if (pnSecAuthAction(0, '::', '::', ACCESS_ADMIN)) { $show = 1; } break; } } if ($show) { list($title, $content) = pnModCallHooks('item', 'transform', '', array($title, $content)); $output->TableStart('', '', 0); $output->SetInputMode(_PNH_VERBATIMINPUT); $output->SetOutputMode(_PNH_RETURNOUTPUT); $ttitle = $output->Linebreak(); $ttitle .= $output->Text($title); $ttitle .= $output->Linebreak(2); $output->SetOutputMode(_PNH_KEEPOUTPUT); $output->TableAddRow(array("<font class=\"pn-title\">" . pnVarPrepHTMLDisplay($ttitle) . "</font>"), 'center'); $output->TableAddRow(array("<font class=\"pn-normal\">" . pnVarPrepHTMLDisplay($content) . "</font>"), 'left'); $output->SetInputMode(_PNH_PARSEINPUT); $output->TableEnd(); } } if ($output->output != "") { // Don't want a title $row['title'] = ''; $row['content'] = $output->GetOutput(); return themesideblock($row); } }
function check_words($Message) { global $EditedMessage; $CensorMode = pnConfigGetVar('CensorMode'); $CensorList = pnConfigGetVar('CensorList'); $CensorReplace = pnConfigGetVar('CensorReplace'); $EditedMessage = $Message; if ($CensorMode != 0) { if (is_array($CensorList)) { $Replace = $CensorReplace; if ($CensorMode == 1) { for ($i = 0; $i < count($CensorList); $i++) { $EditedMessage = eregi_replace("{$CensorList[$i]}([^a-zA-Z0-9])", "{$Replace}\\1", $EditedMessage); } } elseif ($CensorMode == 2) { for ($i = 0; $i < count($CensorList); $i++) { $EditedMessage = eregi_replace("(^|[^[:alnum:]]){$CensorList[$i]}", "\\1{$Replace}", $EditedMessage); } } elseif ($CensorMode == 3) { for ($i = 0; $i < count($CensorList); $i++) { $EditedMessage = eregi_replace("{$CensorList[$i]}", "{$Replace}", $EditedMessage); } } } } return $EditedMessage; }
function &postcalendar_today($format = '%Y%m%d') { $time = time(); if (pnUserLoggedIn()) { $time += (pnUserGetVar('timezone_offset') - pnConfigGetVar('timezone_offset')) * 3600; } return strftime($format, $time); }
/** * load a module * @param name - name of module to load * @param type - type of functions to load * @returns string * @return name of module loaded, or false on failure */ function pnModLoad($modname, $type = 'user') { static $loaded = array(); if (empty($modname)) { return false; } list($dbconn) = pnDBGetConn(); $pntable = pnDBGetTables(); $modulestable = $pntable['modules']; $modulescolumn =& $pntable['modules_column']; if (!empty($loaded["{$modname}{$type}"])) { // Already loaded from somewhere else return $modname; } $query = "SELECT {$modulescolumn['directory']},\n {$modulescolumn['state']}\n FROM {$modulestable}\n WHERE {$modulescolumn['name']} = '" . pnVarPrepForStore($modname) . "'"; $result = $dbconn->Execute($query); if ($dbconn->ErrorNo() != 0) { return; } if ($result->EOF) { return false; } list($directory, $state) = $result->fields; $result->Close(); // Load the module and module language files list($osdirectory, $ostype) = pnVarPrepForOS($directory, $type); $osfile = "modules/{$osdirectory}/pn{$ostype}.php"; if (!file_exists($osfile)) { // File does not exist return false; } // Load file include $osfile; $loaded["{$modname}{$type}"] = 1; $defaultlang = pnConfigGetVar('language'); if (empty($defaultlang)) { $defaultlang = 'eng'; } $currentlang = pnUserGetLang(); if (file_exists("modules/{$osdirectory}/pnlang/{$currentlang}/{$ostype}.php")) { include "modules/{$osdirectory}/pnlang/" . pnVarPrepForOS($currentlang) . "/{$ostype}.php"; } elseif (file_exists("modules/{$directory}/pnlang/{$defaultlang}/{$ostype}.php")) { include "modules/{$osdirectory}/pnlang/" . pnVarPrepForOS($defaultlang) . "/{$ostype}.php"; } // Load datbase info pnModDBInfoLoad($modname, $directory); // Return the module name return $modname; }
/** * get the user's language * * @public <br> * jgm - the language parameter should be a user variable, not a * session variable * @return string the name of the user's language */ function pnUserGetLang() { $lang = pnSessionGetVar('lang'); if (!empty($lang)) { return $lang; } else { return pnConfigGetVar('language'); } }
// Modules capitalized for early 0.711 naming convention include 'includes/pnAPI.php'; pnInit(); // currently un-used - maybe in the future ? //pnThemeLoad(); header("Content-Type: text/xml"); $title = pnVarPrepForDisplay(pnConfigGetVar('sitename')); $link = pnVarPrepForDisplay(pnGetBaseURL()); $description = pnVarPrepForDisplay(pnConfigGetVar('backend_title')); $backend_language = pnVarPrepForDisplay(pnConfigGetVar('backend_language')); $headline_limit = 10; // Allow administrator to change how many headlines are selected $webmaster = pnVarPrepForDisplay(pnConfigGetVar('adminmail')); $managingeditor = ""; // RSS Parsers sometimes use this, format: emailaddress (Full Name) $image_url = $link . 'images/' . pnVarPrepForDisplay(pnConfigGetVar('site_logo')); $image_title = $title; // RSS parsers usually use this for the ALT tag on the image $image_link = $link; // RSS parsers usually use this as the link when users click on the image // show_content controls whether hometext is included in the RSS feed. This can only be done // for text-only. RSS chokes on HTML.... $show_content = 0; // Decide if you want to include the hometext in the RSS feed (1=yes, 0=no) // fixed bug 482633 (frontpage only) & also get hometext for display // $sql = "SELECT pn_sid, pn_title FROM $pntable[stories] ORDER BY pn_sid DESC"; $sql = "SELECT pn_sid, pn_title, pn_ihome, pn_hometext FROM {$pntable['stories']} WHERE pn_ihome = 0 ORDER BY pn_sid DESC"; $result = $dbconn->SelectLimit($sql, $headline_limit); /* fifers - no need for a count var. just use a while loop */ // fifers - should we spit out an error XML doc? if ($result === false) {
/** * Timezone Function * * @author Fred B (fredb86) */ function ml_ftime($datefmt, $timestamp = -1) { if (!isset($datefmt)) { return null; } if ($timestamp < 0) { $timestamp = time(); } $day_of_week_short = explode(' ', _DAY_OF_WEEK_SHORT); $month_short = explode(' ', _MONTH_SHORT); $day_of_week_long = explode(' ', _DAY_OF_WEEK_LONG); $month_long = explode(' ', _MONTH_LONG); $ml_date = ereg_replace('%a', $day_of_week_short[(int) strftime('%w', $timestamp)], $datefmt); $ml_date = ereg_replace('%A', $day_of_week_long[(int) strftime('%w', $timestamp)], $ml_date); $ml_date = ereg_replace('%b', $month_short[(int) strftime('%m', $timestamp) - 1], $ml_date); $ml_date = ereg_replace('%B', $month_long[(int) strftime('%m', $timestamp) - 1], $ml_date); if (pnUserLoggedIn()) { $thezone = pnUserGetVar('timezone_offset'); } else { $thezone = pnConfigGetVar('timezone_offset'); } $timezone_all = explode(' ', _TIMEZONES); $offset_all = explode(' ', _TZOFFSETS); $indexofzone = 0; for ($i = 0; $i < sizeof($offset_all); $i++) { if ($offset_all[$i] == $thezone) { $indexofzone = $i; } } $ml_date = ereg_replace('%Z', $timezone_all[$indexofzone], $ml_date); return strftime($ml_date, $timestamp); }
function postcalendar_admin_testSystem() { global $bgcolor1, $bgcolor2; if (!PC_ACCESS_ADMIN) { return _POSTCALENDAR_NOAUTH; } $modinfo = pnModGetInfo(pnModGetIDFromName(__POSTCALENDAR__)); $pcDir = pnVarPrepForOS($modinfo['directory']); $version = $modinfo['version']; unset($modinfo); $tpl = new pcSmarty(); $infos = array(); if (phpversion() >= '4.1.0') { $__SERVER =& $_SERVER; $__ENV =& $_ENV; } else { $__SERVER =& $HTTP_SERVER_VARS; $__ENV =& $HTTP_ENV_VARS; } if (defined('_PN_VERSION_NUM')) { $pnVersion = _PN_VERSION_NUM; } else { $pnVersion = pnConfigGetVar('Version_Num'); } array_push($infos, array('CMS Version', $pnVersion)); array_push($infos, array('Sitename', pnConfigGetVar('sitename'))); array_push($infos, array('url', pnGetBaseURL())); array_push($infos, array('PHP Version', phpversion())); if ((bool) ini_get('safe_mode')) { $safe_mode = "On"; } else { $safe_mode = "Off"; } array_push($infos, array('PHP safe_mode', $safe_mode)); if ((bool) ini_get('safe_mode_gid')) { $safe_mode_gid = "On"; } else { $safe_mode_gid = "Off"; } array_push($infos, array('PHP safe_mode_gid', $safe_mode_gid)); $base_dir = ini_get('open_basedir'); if (!empty($base_dir)) { $open_basedir = "{$base_dir}"; } else { $open_basedir = "NULL"; } array_push($infos, array('PHP open_basedir', $open_basedir)); array_push($infos, array('SAPI', php_sapi_name())); array_push($infos, array('OS', php_uname())); array_push($infos, array('WebServer', $__SERVER['SERVER_SOFTWARE'])); array_push($infos, array('Module dir', "modules/{$pcDir}")); $modversion = array(); include "modules/{$pcDir}/pnversion.php"; $error = ''; if ($modversion['version'] != $version) { $error = '<br /><div style=\\"color: red;\\">'; $error .= "new version {$modversion['version']} installed but not updated!"; $error .= '</div>'; } array_push($infos, array('Module version', $version . " {$error}")); array_push($infos, array('smarty version', $tpl->_version)); array_push($infos, array('smarty location', SMARTY_DIR)); array_push($infos, array('smarty template dir', $tpl->template_dir)); $info = $tpl->compile_dir; $error = ''; if (!file_exists($tpl->compile_dir)) { $error .= " compile dir doesn't exist! [{$tpl->compile_dir}]<br />"; } else { // dir exists -> check if it's writeable if (!is_writeable($tpl->compile_dir)) { $error .= " compile dir not writeable! [{$tpl->compile_dir}]<br />"; } } if (strlen($error) > 0) { $info .= "<br /><div style=\"color: red;\">{$error}</div>"; } array_push($infos, array('smarty compile dir', $info)); $info = $tpl->cache_dir; $error = ""; if (!file_exists($tpl->cache_dir)) { $error .= " cache dir doesn't exist! [{$tpl->cache_dir}]<br />"; } else { // dir exists -> check if it's writeable if (!is_writeable($tpl->cache_dir)) { $error .= " cache dir not writeable! [{$tpl->cache_dir}]<br />"; } } if (strlen($error) > 0) { $info .= "<br /><div style=\"color: red;\">{$error}</div>"; } array_push($infos, array('smarty cache dir', $info)); $header = <<<EOF \t<html> \t<head></head> \t<body bgcolor= EOF; $header .= '"' . $GLOBALS['style']['BGCOLOR2'] . '">'; $output .= $header; $output = postcalendar_adminmenu(); $output .= '<table border="1" cellpadding="3" cellspacing="1">'; $output .= ' <tr><th align="left">Name</th><th align="left">Value</th>'; $output .= '</tr>'; foreach ($infos as $info) { $output .= '<tr><td ><b>' . pnVarPrepHTMLDisplay($info[0]) . '</b></td>'; $output .= '<td>' . pnVarPrepHTMLDisplay($info[1]) . '</td></tr>'; } $output .= '</table>'; $output .= '<br /><br />'; $output .= postcalendar_admin_modifyconfig('', false); $output .= "</body></html>"; return $output; }
/** * PHP function to garbage collect session information * @private */ function pnSessionGC($maxlifetime) { list($dbconn) = pnDBGetConn(); $pntable = pnDBGetTables(); $sessioninfocolumn =& $pntable['session_info_column']; $sessioninfotable = $pntable['session_info']; switch (pnConfigGetVar('seclevel')) { case 'Low': // Low security - delete session info if user decided not to // remember themself $where = "WHERE {$sessioninfocolumn['vars']} NOT LIKE '%PNSVrememberme|%'\n AND {$sessioninfocolumn['lastused']} < " . (time() - pnConfigGetVar('secinactivemins') * 60); break; case 'Medium': // Medium security - delete session info if session cookie has // expired or user decided not to remember // themself $where = "WHERE ({$sessioninfocolumn['vars']} NOT LIKE '%PNSVrememberme|%'\n AND {$sessioninfocolumn['lastused']} < " . (time() - pnConfigGetVar('secinactivemins') * 60) . ")\n OR {$sessioninfocolumn['firstused']} < " . (time() - pnConfigGetVar('secmeddays') * 86400); break; case 'High': default: // High security - delete session info if user is inactive $where = "WHERE {$sessioninfocolumn['lastused']} < " . (time() - pnConfigGetVar('secinactivemins') * 60); break; } $query = "DELETE FROM {$sessioninfotable} {$where}"; $dbconn->Execute($query); if ($dbconn->ErrorNo() != 0) { return false; } return true; }
$eid = pnVarCleanFromInput('eid'); $Date = pnVarCleanFromInput('Date'); $print = pnVarCleanFromInput('print'); $uid = pnUserGetVar('uid'); $pc_username = pnVarCleanFromInput('pc_username'); $output =& new pnHTML(); $output->SetInputMode(_PNH_VERBATIMINPUT); if (!pnModAPILoad('postcalendar', 'user')) { die('Could not load PostCalendar user API'); } $theme = pnUserGetTheme(); if (!pnThemeLoad($theme)) { die('Could not load theme'); } $output->Text('<html><head>'); $output->Text("<title>" . pnConfigGetVar('sitename') . ' :: ' . pnConfigGetVar('slogan') . "</title>\n"); $output->Text('<link rel="StyleSheet" href="themes/' . $theme . '/style/styleNN.css" type="text/css" />'); $output->Text('<style type="text/css">@import url("themes/' . $theme . '/style/style.css"); </style>'); $output->Text('</head>'); $output->Text('<body bgcolor="#ffffff">'); // setup our cache id $cacheid = md5($Date . $viewtype . $tplview . _SETTING_TEMPLATE . $eid . $print . $uid . $pc_username . $theme); // display the correct view switch ($viewtype) { case 'details': $output->Text(pnModAPIFunc('PostCalendar', 'user', 'eventDetail', array('eid' => $eid, 'Date' => $Date, 'print' => $print, 'cacheid' => $cacheid))); break; default: $output->Text(pnModAPIFunc('postcalendar', 'user', 'buildView', array('Date' => $Date, 'viewtype' => $viewtype, 'cacheid' => $cacheid))); break; }
function blocks_online_block($row) { list($dbconn) = pnDBGetConn(); $pntable = pnDBGetTables(); if (!pnSecAuthAction(0, 'Onlineblock::', "{$row['title']}::", ACCESS_READ)) { return; } $sessioninfocolumn =& $pntable['session_info_column']; $sessioninfotable = $pntable['session_info']; $sessioninfocolumn =& $pntable['session_info_column']; $sessioninfotable = $pntable['session_info']; $activetime = time() - pnConfigGetVar('secinactivemins') * 60; $query = "SELECT count( 1 )\n FROM {$sessioninfotable}\n WHERE {$sessioninfocolumn['lastused']} > {$activetime} AND {$sessioninfocolumn['uid']} >0\n\t\t GROUP BY {$sessioninfocolumn['uid']}\n\t\t "; $result = $dbconn->Execute($query); $numusers = $result->RecordCount(); $result->Close(); $query2 = "SELECT count( 1 )\n FROM {$sessioninfotable}\n WHERE {$sessioninfocolumn['lastused']} > {$activetime} AND {$sessioninfocolumn['uid']} = '0'\n\t\t\t GROUP BY {$sessioninfocolumn['ipaddr']}\n\t\t\t "; $result2 = $dbconn->Execute($query2); $numguests = $result2->RecordCount(); $result2->Close(); // Pluralise if ($numguests == 1) { $guests = _GUEST; } else { $guests = _GUESTS; } if ($numusers == 1) { $users = _MEMBER; } else { $users = _MEMBERS; } $content = "<span class=\"pn-normal\">" . _CURRENTLY . " " . pnVarPrepForDisplay($numguests) . " " . pnVarPrepForDisplay($guests) . " " . _AND . " " . pnVarPrepForDisplay($numusers) . " " . pnVarPrepForDisplay($users) . " " . _ONLINE . "<br />\n"; if (pnUserLoggedIn()) { $content .= '<br />' . _YOUARELOGGED . ' <b>' . pnUserGetVar('uname') . '</b>.<br />'; if (pnModAvailable('Messages')) { // display private messages only when module is active $column =& $pntable['priv_msgs_column']; $result2 = $dbconn->Execute("SELECT count(*) FROM {$pntable['priv_msgs']} WHERE {$column['to_userid']}=" . pnUserGetVar('uid')); list($numrow) = $result2->fields; // get unread messages $result3 = $dbconn->Execute("SELECT count(*) FROM {$pntable['priv_msgs']} WHERE {$column['to_userid']}=" . pnUserGetVar('uid') . " AND {$column['read_msg']}='0'"); list($unreadrow) = $result3->fields; if ($numrow == 0) { $content .= '<br /></span>'; } else { $content .= "<br />" . _YOUHAVE . " (<a class=\"pn-normal\" href=\"modules.php?op=modload&name=Messages&file=index\" title=\"" . _PRIVATEMSGS . "\">" . pnVarPrepForDisplay($numrow) . "</a>|<a class=\"pn-normal\" href=\"modules.php?op=modload&name=Messages&file=index\" title=\"" . _PRIVATEMSGNEW . "\">" . pnVarPrepForDisplay($unreadrow) . "</a>) "; if ($numrow == 1) { $content .= _PRIVATEMSG; } elseif ($numrow > 1) { $content .= _PRIVATEMSGS; } $content .= "</span><br />"; } } } else { $content .= '<br />' . _YOUAREANON . '</span><br />'; } if (empty($row['title'])) { $row['title'] = _WHOSONLINE; } $row['content'] = $content; return themesideblock($row); }
/** * View items in slideshow */ function mediashare_user_slideshow($args) { $albumId = mediashareGetIntUrl('aid', $args, 1); $mediaId = mediashareGetIntUrl('mid', $args, 0); $delay = mediashareGetIntUrl('delay', $args, 5); $mode = mediashareGetStringUrl('mode', $args, 'stopped'); $viewkey = FormUtil::getPassedValue('viewkey'); $center = isset($args['center']) ? '_center' : ''; $back = mediashareGetIntUrl('back', $args, 0); // Check access to album (media ID won't do a difference if not from this album) if (!mediashareAccessAlbum($albumId, mediashareAccessRequirementViewSomething)) { return LogUtil::registerPermissionError(); } // Fetch current album if (!($album = pnModAPIFunc('mediashare', 'user', 'getAlbum', array('albumId' => $albumId)))) { return false; } if ($album === true) { return LogUtil::registerError(__('Unknown album.', $dom)); } // Fetch media items if (($items = pnModAPIFunc('mediashare', 'user', 'getMediaItems', array('albumId' => $albumId))) === false) { return false; } // Find current, previous and next items if ($mediaId == 0 && count($items) > 0) { $mediaId = $items[0]['id']; } $mediaItem = null; if (count($items) > 0) { $prevMediaId = $items[count($items) - 1]['id']; $nextMediaId = $items[0]['id']; foreach ($items as $item) { if ($mediaItem != null) { // Media-Current item found, so this must be next $nextMediaId = $item['id']; break; } if ($item['id'] == $mediaId) { $mediaItem = $item; } else { // Media-item not found, so this must become prev $prevMediaId = $item['id']; } } } else { $prevMediaId = -1; $nextMediaId = -1; } // Add media display HTML $mediadir = pnModAPIFunc('mediashare', 'user', 'getRelativeMediadir'); for ($i = 0, $cou = count($items); $i < $cou; ++$i) { if (!($handler = pnModAPIFunc('mediashare', 'mediahandler', 'loadHandler', array('handlerName' => $items[$i]['mediaHandler'])))) { return false; } $result = $handler->getMediaDisplayHtml($mediadir . $items[$i]['originalRef'], null, null, 'mediaItem', array()); $items[$i]['html'] = str_replace(array("\r", "\n"), array(' ', ' '), $result); } $viewUrl = pnModUrl('mediashare', 'user', 'slideshow', array('mid' => $mediaItem['id'])); if ($back) { SessionUtil::setVar('mediashareQuitUrl', isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : null); } $quitUrl = SessionUtil::getVar('mediashareQuitUrl'); if ($quitUrl == null) { $quitUrl = pnModUrl('mediashare', 'user', 'view', array('aid' => $album['id'])); } // Build the output $render =& pnRender::getInstance('mediashare', false); $render->assign('viewUrl', $viewUrl); $render->assign('mediaId', $mediaId); $render->assign('mediaItem', $mediaItem); $render->assign('prevMediaId', $prevMediaId); $render->assign('nextMediaId', $nextMediaId); $render->assign('mediaItems', $items); $render->assign('album', $album); $render->assign('albumId', $albumId); $render->assign('delay', $delay); $render->assign('mode', $mode); $render->assign('thumbnailSize', pnModGetVar('mediashare', 'thumbnailSize')); $render->assign('theme', pnUserGetTheme()); $render->assign('templateName', "slideshow{$center}.html"); $render->assign('quitUrl', $quitUrl); // Add the access array if (!mediashareAddAccess($render, $album)) { return false; } $render->load_filter('output', 'pagevars_notcombined'); if (pnConfigGetVar('shorturls')) { $render->load_filter('output', 'shorturls'); } $render->display('mediashare_user_slideshow.html'); return true; }