public function do_login($redirect, $force_retry = false)
{
global $config, $user;
// If user is already logged in and granted our application, we don't need to redirect him to facebook
$user_fb_id = $this->client->getUser();
if (!empty($user_fb_id)) {
return $this->retrieve_user_basic_data($user_fb_id);
}
$confirm = request_get_var('confirm', 0);
if ($confirm != 1 || $force_retry) {
// Build the social network return url
$current_page = extract_current_page(IP_ROOT_PATH);
$return_url = (!empty($_SERVER['HTTPS']) ? 'https' : 'http') . '://';
$return_url .= extract_current_hostname() . $current_page['script_path'] . $current_page['page'];
$return_url .= (strpos($return_url, '?') ? '&' : '?') . 'redirect=' . $redirect . '&confirm=1';
$return_url .= !empty($_GET['admin']) ? '&admin=1' : '';
$params = array('scope' => $this->scope, 'redirect_uri' => $return_url);
$login_url = $this->client->getLoginUrl($params);
header('Location: ' . $login_url);
exit;
} else {
$token = '';
$user_fb_data = array();
try {
$token = $this->client->getAccessToken();
$user_fb_data = $this->client->api('/me');
} catch (OAuthException $e) {
// Retry on failure
return $this->do_login(true);
}
return $this->retrieve_user_id($user_fb_data['id']);
}
}
function setupConfig()
{
global $config, $db, $status_message, $lang;
$configList = array('aprvmArchive', 'aprvmVersion', 'aprvmView', 'aprvmRows', 'aprvmIP');
$configLangs = array('aprvmArchive' => $lang['Archive_Feature'], 'aprvmVersion' => $lang['Version'], 'aprvmView' => $lang['PM_View_Type'], 'aprvmRows' => $lang['Rows_Per_Page'], 'aprvmIP' => $lang['Show_IP']);
$configDefaults = array('0', $this->modVersion, '0', '25', '1');
//off, version, inline, 25, yes
//Check for an update config command
//Also do an array check to make sure our config is in our config list array to update
$config_name = request_get_var('config_name', '');
$config_value = request_get_var('config_value', '');
if (!empty($config_name) && in_array($config_name, $configList)) {
set_config($config_name, $config_value);
$status_message .= sprintf($lang['Updated_Config'], $configLangs[$config_name]);
}
//Loop through and see if a config name is set, if not set up a default
foreach ($configList as $num => $val) {
if (!isset($config[$val])) {
set_config($val, $configDefaults[$num]);
$status_message .= sprintf($lang['Inserted_Default_Value'], $configLangs[$val]);
}
}
//If archive is enabled, check to see if the archive table exists
if ($config['aprvmArchive']) {
$sql = "SELECT privmsgs_id FROM " . PRIVMSGS_TABLE . $this->archiveText;
$db->sql_return_on_error(true);
$result = $db->sql_query($sql);
$db->sql_return_on_error(false);
if (!$result) {
//Cheap way for checking if the archive table exists
$errorMessage = $db->sql_error();
if (strpos($errorMessage['message'], 'exist') !== false) {
$this->doArchiveTable();
}
}
}
//Check to see if board_config has the right version we are running
if ($config['aprvmVersion'] != $this->modVersion) {
$sql = 'UPDATE ' . CONFIG_TABLE . "\n\t\t\t\t\tset config_value = '{$this->modVersion}'\n\t\t\t\t\tWHERE config_name = 'aprvmVersion'";
$db->sql_query($sql);
$config['aprvmVersion'] = $this->modVersion;
$status_message .= sprintf($lang['Updated_Config'], $configLangs['aprvmVersion']);
}
}
$redirect = request_var('redirect', '', true);
$redirect_url = (!empty($redirect) ? urldecode(str_replace(array('&', '?', PHP_EXT . '&'), array('&', '&', PHP_EXT . '?'), $redirect)) : CMS_LOGIN_REDIRECT_PAGE);
if (strstr($redirect_url, "\n") || strstr($redirect_url, "\r") || strstr($redirect_url, ';url'))
{
message_die(GENERAL_ERROR, 'Tried to redirect to potentially insecure url.');
}
$available_networks = array();
if ($config['enable_social_connect'])
{
include_once(IP_ROOT_PATH . 'includes/class_social_connect.' . PHP_EXT);
$available_networks = SocialConnect::get_available_networks();
$login_admin = request_get_var('admin', 0);
$social_network = request_var('social_network', '');
$social_network_link = request_var('social_network_link', '');
// Logging in via social network
if (!empty($social_network) && !empty($available_networks[$social_network]))
{
$social_network = $available_networks[$social_network];
$user_data = $social_network->do_login($return_url);
if ($user_data !== null && $user_data['user_id'] > 0)
{
$admin = ($login_admin == 1 && $user_data['user_level'] == ADMIN) ? 1 : 0;
$user->session_create($user_data['user_id'], $admin, 1, 1);
$redirect_url = empty($redirect_url) ? CMS_LOGIN_REDIRECT_PAGE : $redirect_url;
function show_coppa()
{
global $config, $user, $template, $lang;
// Load the appropriate Rules file
$lang_file = 'lang_rules';
$l_title = $lang['BoardRules'];
// Include the rules settings
setup_extra_lang(array($lang_file));
//
// Pull the array data from the lang pack
//
$j = 0;
$counter = 0;
$counter_2 = 0;
$rules_block = array();
$rules_block_titles = array();
for ($i = 0; $i < sizeof($rules); $i++) {
if ($rules[$i][0] != '--') {
$rules_block[$j][$counter]['id'] = $counter_2;
$rules_block[$j][$counter]['question'] = $rules[$i][0];
$rules_block[$j][$counter]['answer'] = $rules[$i][1];
$counter++;
$counter_2++;
} else {
$j = $counter != 0 ? $j + 1 : 0;
$rules_block_titles[$j] = $rules[$i][1];
$counter = 0;
}
}
$template->set_filenames(array('body' => 'agreement.tpl'));
if (!function_exists('language_select')) {
@(include_once IP_ROOT_PATH . 'includes/functions_selects.' . PHP_EXT);
}
$available_networks = array();
$social_connect_append = '';
$social_network = request_get_var('social_network', '');
if ($config['enable_social_connect']) {
include_once IP_ROOT_PATH . 'includes/class_social_connect.' . PHP_EXT;
$available_networks = SocialConnect::get_available_networks();
$login_admin = request_get_var('admin', 0);
$redirect_url = CMS_LOGIN_REDIRECT_PAGE;
$template->assign_var('SOCIAL_CONNECT', true);
foreach ($available_networks as $social_network_item) {
$template->assign_block_vars('social_connect_button', array('L_SOCIAL_CONNECT' => sprintf($lang['SOCIAL_CONNECT_LOGIN'], $social_network_item->get_name()), 'U_SOCIAL_CONNECT' => append_sid(CMS_PAGE_LOGIN . '?social_network=' . $social_network_item->get_name_clean() . '&redirect=' . urlencode($redirect_url) . '&admin=' . $login_admin), 'IMG_SOCIAL_CONNECT' => '<img src="' . IP_ROOT_PATH . 'images/social_connect/' . $social_network_item->get_name_clean() . '_button_connect.png" alt="" title="" />'));
}
if (!empty($social_network)) {
if (!empty($available_networks[$social_network])) {
$social_connect_append = '&social_network=' . $social_network;
}
}
}
$template->assign_vars(array('L_PAGE_TITLE' => $lang['Registration'], 'REGISTRATION' => $lang['Registration'], 'AGREEMENT' => $lang['Reg_agreement'], 'L_AGREEMENT' => $lang['Agreement'], 'L_PRIVACY_DISCLAIMER' => $lang['PrivacyDisclaimer'], 'AGREE_OVER_13' => $lang['Agree_over_13'], 'AGREE_UNDER_13' => $lang['Agree_under_13'], 'DO_NOT_AGREE' => $lang['Agree_not'], 'AGREE_CHECKBOX' => $lang['Agree_checkbox'], 'S_LANG_CHANGE_ACTION' => append_sid(CMS_PAGE_PROFILE . '?mode=register' . $social_connect_append), 'LANGUAGE_SELECT' => language_select('l', $config['default_lang']), 'L_RULES_TITLE' => $l_title, 'L_BACK_TO_TOP' => $lang['Back_to_top'], 'S_AGREE_ACTION' => append_sid(CMS_PAGE_PROFILE . '?mode=register&agreed=true' . $social_connect_append), 'U_AGREE_OVER13' => append_sid(CMS_PAGE_PROFILE . '?mode=register&agreed=true' . $social_connect_append), 'U_AGREE_UNDER13' => append_sid(CMS_PAGE_PROFILE . '?mode=register&agreed=true&coppa=true' . $social_connect_append)));
for ($i = 0; $i < sizeof($rules_block); $i++) {
if (sizeof($rules_block[$i])) {
$template->assign_block_vars('rules_block', array('BLOCK_TITLE' => $rules_block_titles[$i]));
$template->assign_block_vars('rules_block_link', array('BLOCK_TITLE' => $rules_block_titles[$i]));
for ($j = 0; $j < sizeof($rules_block[$i]); $j++) {
$row_class = !($j % 2) ? $theme['td_class1'] : $theme['td_class2'];
$template->assign_block_vars('rules_block.rules_row', array('ROW_CLASS' => $row_class, 'RULES_QUESTION' => $rules_block[$i][$j]['question'], 'RULES_ANSWER' => $rules_block[$i][$j]['answer'], 'U_RULES_ID' => $rules_block[$i][$j]['id']));
$template->assign_block_vars('rules_block_link.rules_row_link', array('ROW_CLASS' => $row_class, 'RULES_LINK' => $rules_block[$i][$j]['question'], 'U_RULES_LINK' => '#' . $rules_block[$i][$j]['id']));
}
}
}
$template->pparse('body');
}
if ($option == 'select' && isset($_POST['insert_position'])) {
set_config('smilies_insert', $insert_position);
$cache->destroy('_smileys');
$db->clear_cache('smileys_');
}
if ($config['smilies_insert'] == TOP_LIST) {
$pos_top_checked = ' selected="selected"';
$pos_bot_checked = '';
} else {
$pos_top_checked = '';
$pos_bot_checked = ' selected="selected"';
}
$position_select = '<select name="insert_position"><option value="' . TOP_LIST . '"' . $pos_top_checked . '>' . $lang['before'] . '</option><option value="' . BOTTOM_LIST . '"' . $pos_bot_checked . '>' . $lang['after'] . '</option></select>';
$move = request_get_var('move', '');
$send = request_get_var('send', '');
$id = request_get_var('id', 0);
if (isset($_GET['move']) && isset($_GET['id'])) {
$moveit = $move == 'up' ? -15 : 15;
$sql = "UPDATE " . SMILIES_TABLE . "\n\t\t\tSET smilies_order = smilies_order + {$moveit}\n\t\t\tWHERE smilies_id = " . $id;
$result = $db->sql_query($sql);
$i = 10;
$inc = 10;
$sql = "SELECT *\n\t\t\tFROM " . SMILIES_TABLE . "\n\t\t\tORDER BY smilies_order";
$result = $db->sql_query($sql);
while ($row = $db->sql_fetchrow($result)) {
if ($row['smilies_order'] != $i) {
$sql = "UPDATE " . SMILIES_TABLE . "\n\t\t\t\t\tSET smilies_order = {$i}\n\t\t\t\t\tWHERE smilies_id = " . $row['smilies_id'];
$db->sql_query($sql);
}
$i += $inc;
}
* @version $Id$
* @copyright (c) 2008 Icy Phoenix
* @license http://opensource.org/licenses/gpl-license.php GNU Public License
*
*/
define('IN_ICYPHOENIX', true);
if (!defined('IP_ROOT_PATH')) {
define('IP_ROOT_PATH', './');
}
if (!defined('PHP_EXT')) {
define('PHP_EXT', substr(strrchr(__FILE__, '.'), 1));
}
include IP_ROOT_PATH . 'common.' . PHP_EXT;
include IP_ROOT_PATH . 'includes/functions_validate.' . PHP_EXT;
$mode = request_get_var('mode', '');
$verify = request_get_var('verify', '', true);
if ($mode == 'username') {
$result_validation = validate_username($verify);
if ($result_validation['error']) {
echo '1';
} else {
echo '2';
}
} elseif ($mode == 'password') {
$result_validation = validate_password($verify);
if ($result_validation['error']) {
echo '1';
} else {
echo '2';
}
} elseif ($mode == 'email') {
$cms_page_id_tmp = 'ajax_chat_archive';
$cms_page['page_nav'] = isset($cms_page['page_nav']) ? $cms_page['page_nav'] : true;
$cms_page['global_blocks'] = isset($cms_page['global_blocks']) ? $cms_page['global_blocks'] : false;
$cms_auth_level_tmp = isset($cms_config_layouts[$cms_page_id_tmp]['view']) ? $cms_config_layouts[$cms_page_id_tmp]['view'] : AUTH_ALL;
check_page_auth($cms_page_id_tmp, $cms_auth_level_tmp);
$breadcrumbs['bottom_right_links'] = ($ajax_chat_link == true ? '<a href="' . append_sid('ajax_chat.' . PHP_EXT) . '">' . $lang['Ajax_Chat'] . '</a> ' . MENU_SEP_CHAR . ' ' : '') . '<a href="' . append_sid('ajax_chat.' . PHP_EXT . '?mode=archive') . '">' . $lang['Ajax_Archive'] . '</a>';
$template_to_parse = 'ajax_chat_archive.tpl';
include_once IP_ROOT_PATH . 'includes/functions_ajax_chat.' . PHP_EXT;
// Include Post functions and BBCodes
include_once IP_ROOT_PATH . 'includes/bbcode.' . PHP_EXT;
include_once IP_ROOT_PATH . 'includes/functions_post.' . PHP_EXT;
// Make Pagination and collect some extra data
$sql = "SELECT COUNT(s.shout_id) as stored_shouts, MAX(s.shout_id) as total_shouts\n\t\t\t\t\tFROM " . AJAX_SHOUTBOX_TABLE . " s " . (!empty($chat_room_all) ? "" : " WHERE " . $chat_room_sql);
$result = $db->sql_query($sql);
$num_items = $db->sql_fetchrow($result);
$start = request_get_var('start', 0);
$start = $start < 0 ? 0 : $start;
$template->assign_vars(array('PAGINATION' => generate_pagination('ajax_chat.' . PHP_EXT . '?mode=archive&chat_room=' . $chat_room, $num_items['stored_shouts'], $config['posts_per_page'], $start)));
// Get my shouts
$sql = "SELECT COUNT(s.shout_id) as count\n\t\t\tFROM " . AJAX_SHOUTBOX_TABLE . " s\n\t\t\tWHERE s.user_id = " . $user->data['user_id'] . (!empty($chat_room_all) ? "" : " AND " . $chat_room_sql);
$result = $db->sql_query($sql);
$myshouts = $db->sql_fetchrow($result);
// Get the shouts count for the last 24 hours
$yesterday = time() - 24 * 60 * 60;
$sql = "SELECT COUNT(s.shout_id) as count\n\t\t\tFROM " . AJAX_SHOUTBOX_TABLE . " s\n\t\t\tWHERE s.shout_time >= " . $yesterday . (!empty($chat_room_all) ? "" : " AND " . $chat_room_sql);
$result = $db->sql_query($sql);
$today = $db->sql_fetchrow($result);
$template->assign_vars(array('L_PAGE_TITLE' => $lang['Ajax_Archive'], 'L_AUTHOR' => $lang['Author'], 'L_SHOUTS' => $lang['Shouts'], 'L_STATS' => $lang['Statistics'], 'L_ARCHIVE' => $lang['Ajax_Archive'], 'L_CONFIRM' => $lang['Confirm_delete_pm'], 'L_UNABLE' => $lang['Shoutbox_unable'], 'L_TIMEOUT' => $lang['Shoutbox_timeout'], 'TOTAL_SHOUTS' => $num_items['total_shouts'], 'L_TOTAL_SHOUTS' => $lang['Total_shouts'], 'STORED_SHOUTS' => $num_items['stored_shouts'], 'L_STORED_SHOUTS' => $lang['Stored_shouts'], 'MY_SHOUTS' => $myshouts['count'], 'L_MY_SHOUTS' => $lang['My_shouts'], 'TODAY_SHOUTS' => $today['count'], 'L_TODAY_SHOUTS' => $lang['Today_shouts'], 'L_POSTED' => $lang['Posted'], 'L_WIO' => $lang['Who_is_Chatting'], 'L_GUESTS' => $lang['Online_guests'], 'L_TOTAL' => $lang['Online_total'], 'L_USERS' => $lang['Online_registered'], 'L_TOP_SHOUTERS' => $lang['Top_Ten_Shouters'], 'L_SHOUTBOX_ONLINE_EXPLAIN' => $lang['Shoutbox_online_explain'], 'L_SHOUT_PREFIX' => 'shout_', 'L_USER_PREFIX' => 'user_', 'L_ROOM_PREFIX' => 'room_', 'PRIVATE_USERS' => '{ }'));
$template->assign_block_vars('view_shoutbox', array('REFRESH_TIME' => (int) $config['ajax_chat_msgs_refresh'] * 1000, 'RESPONSE_TYPE' => $response_type, 'CHAT_ROOM' => $chat_room, 'UPDATE_MODE' => 'archive', 'U_ACTION' => append_sid(IP_ROOT_PATH . CMS_PAGE_AJAX_SHOUTBOX)));
$admin_mode = false;
if ($user->data['user_level'] == ADMIN) {
include IP_ROOT_PATH . 'common.' . PHP_EXT;
$config['jquery_ui'] = true;
// Start session management
$user->session_begin();
$auth->acl($user->data);
$user->setup();
// End session management
// FORM CLASS - BEGIN
include IP_ROOT_PATH . 'includes/class_form.' . PHP_EXT;
$class_form = new class_form();
// FORM CLASS - END
include_once IP_ROOT_PATH . 'includes/functions_jr_admin.' . PHP_EXT;
if (!$user->data['session_logged_in']) {
$redirect_append = '?redirect=' . urlencode(ADM . '/' . 'index.' . PHP_EXT) . '&admin=1';
redirect(append_sid(IP_ROOT_PATH . CMS_PAGE_LOGIN . $redirect_append, true));
} elseif (!jr_admin_secure(basename($_SERVER['REQUEST_URI']))) {
message_die(GENERAL_ERROR, $lang['Error_Module_ID'], '', __LINE__, __FILE__);
}
$session_id = request_get_var('sid', '');
if ($session_id != $user->data['session_id']) {
redirect('index.' . PHP_EXT . '?sid=' . $user->data['session_id']);
}
if (empty($user->data['session_admin'])) {
$redirect_append = '?redirect=' . urlencode(ADM . '/' . 'index.' . PHP_EXT) . '&admin=1';
redirect(append_sid(IP_ROOT_PATH . CMS_PAGE_LOGIN . $redirect_append, true));
}
include_once IP_ROOT_PATH . 'includes/functions_admin_phpbb3.' . PHP_EXT;
if (empty($no_page_header)) {
// Not including the pageheader can be neccesarry if META tags are needed in the calling script.
include 'page_header_admin.' . PHP_EXT;
}
$xs_news_dateformat_select .= '</select>';
$xs_news_dateformat_select = str_replace("value=\"" . $new['xs_news_dateformat'] . "\">", "value=\"" . $new['xs_news_dateformat'] . "\" selected=\"selected\">»", $xs_news_dateformat_select);
$template->set_filenames(array('body' => XS_TPL_PATH . 'news_config_body.tpl'));
$s_hidden_fields = '<input type="hidden" name="mode" value="' . $newmode . '" />';
$template->assign_vars(array('S_FORUM_ACTION' => append_sid('admin_xs_news.' . PHP_EXT), 'S_HIDDEN_FIELDS' => $s_hidden_fields, 'S_SUBMIT_VALUE' => $buttonvalue, 'L_PAGE_TITLE' => $lang['n_config_title'], 'L_PAGE_TITLE_EXPLAIN' => $lang['n_config_title_explain'], 'L_NEWS_SETTINGS' => $l_title, 'L_XS_NEWS_SETTINGS' => $lang['xs_news_settings'], 'L_XS_SHOW_NEWS' => $lang['xs_news_show'], 'L_XS_NEWS_DATEFORMAT' => $lang['xs_news_dateformat'], 'L_XS_SHOW_TICKER' => $lang['xs_news_show_ticker'], 'L_XS_SHOW_TICKER_EXPLAIN' => $lang['xs_news_show_ticker_explain'], 'L_XS_SHOW_TICKER_SUBTITLE' => $lang['xs_news_show_ticker_subtitle'], 'L_XS_SHOW_TICKER_SUBTITLE_EXPLAIN' => $lang['xs_news_show_ticker_subtitle_explain'], 'L_XS_SHOW_NEWS_SUBTITLE' => $lang['xs_news_show_news_subtitle'], 'L_XS_SHOW_NEWS_SUBTITLE_EXPLAIN' => $lang['xs_news_show_news_subtitle_explain'], 'XS_NEWS_DATEFORMAT' => $xs_news_dateformat_select, 'XS_SHOWNEWS_YES' => $show_xs_news_yes, 'XS_SHOWNEWS_NO' => $show_xs_news_no, 'XS_SHOWTICKER_YES' => $show_xs_ticker_yes, 'XS_SHOWTICKER_NO' => $show_xs_ticker_no, 'XS_SHOWTICKER_SUBT_YES' => $show_xs_ticker_subtitle_yes, 'XS_SHOWTICKER_SUBT_NO' => $show_xs_ticker_subtitle_no, 'XS_SHOWNEWS_SUBT_YES' => $show_xs_news_subtitle_yes, 'XS_SHOWNEWS_SUBT_NO' => $show_xs_news_subtitle_no));
$template->pparse('body');
break;
case 'addnews':
case 'editnews':
// Show form to create/modify a news item
if ($mode == 'editnews') {
// $newmode determines if we are going to INSERT or UPDATE after posting?
$l_title = $lang['n_edit_header'];
$newmode = 'modnews';
$buttonvalue = $lang['Update'];
$news_id = request_get_var('id', 0);
$row = xsm_get_info('news', $news_id);
$news_id = $row['news_id'];
$news_date = create_date($date_format_ae, $row['news_date'], $config['board_timezone']);
$news_item = xsm_unprepare_message($row['news_text']);
$news_display_yes = $row['news_display'] ? 'checked="checked"' : '';
$news_display_no = !$row['news_display'] ? 'checked="checked"' : '';
$news_smilies_yes = $row['news_smilies'] ? 'checked="checked"' : '';
$news_smilies_no = !$row['news_smilies'] ? 'checked="checked"' : '';
} else {
$l_title = $lang['n_add_header'];
$newmode = 'createnews';
$buttonvalue = $lang['n_create_item'];
$news_date = create_date($date_format_ae, time(), $config['board_timezone']);
$news_item = '';
$news_display_yes = 'checked="checked"';
$menu_item_id_list = build_menu_item_id_list($m_id);
$m_count = sizeof($menu_item_id_list);
for ($i = 0; $i < $m_count; $i++) {
$m_active = empty($menu_upd) ? 0 : (in_array($menu_item_id_list[$i], $menu_upd) ? 1 : 0);
$sql = "UPDATE " . CMS_NAV_MENU_TABLE . "\n\t\t\t\t\t\t\t\tSET menu_status = '" . $m_active . "'\n\t\t\t\t\t\t\t\tWHERE menu_item_id = '" . $menu_item_id_list[$i] . "'";
$result = $db->sql_query($sql);
}
$message = '<br /><br />' . $lang['Menu_updated'] . '<br /><br />' . sprintf($lang['Click_Return_CMS_Menu'], '<a href="' . append_sid('cms_menu.' . PHP_EXT . '?mode=menu_block&m_id=' . $m_id) . '">', '</a>') . '<br />';
message_die(GENERAL_MESSAGE, $message);
}
$move = isset($_GET['move']) ? $_GET['move'] : -1;
if ($move == '0' || $move == '1') {
if ($item_type == 'category_item') {
change_cat_order($mi_id, $m_id, $move);
} else {
$cat_parent_id = request_get_var('cat_parent_id', 0);
if ($cat_parent_id != 0) {
change_item_order($mi_id, $cat_parent_id, $m_id, $move);
}
}
}
$sql = "SELECT * FROM " . CMS_NAV_MENU_TABLE . "\n\t\t\t\t\t\tWHERE menu_parent_id = '" . $m_id . "'\n\t\t\t\t\t\tORDER BY cat_parent_id ASC, menu_order ASC";
$result = $db->sql_query($sql);
$template_to_parse = CMS_TPL . 'cms_menu_block_list_body.tpl';
$template->assign_var('CMS_PAGE_TITLE', $lang['CMS_MENU_PAGE']);
$menu_cat = array();
$cat_item = array();
$menu_item = array();
$cat_item_parsed = false;
$menu_item_parsed = false;
while ($menu_item = $db->sql_fetchrow($result)) {
$mode = check_var_value($mode, array('pack', 'key'), '');
$level = request_var('level', 'normal');
$level = check_var_value($level, array('normal', 'admin'));
// pack file
$pack_file = request_post_var('pack_file', '');
$pack_file = empty($pack_file) ? request_get_var('pack', '') : $pack_file;
$pack_file = urldecode($pack_file);
if (!isset($packs[$pack_file])) {
$pack_file = '';
$mode = '';
}
// keys
$key_main = request_post_var('key_main', '');
$key_main = empty($key_main) ? request_get_var('key', '') : $key_main;
$key_sub = request_post_var('key_sub', '');
$key_sub = empty($key_sub) ? request_get_var('sub', '') : $key_sub;
if (empty($key_main)) {
$key_sub = '';
}
if (!isset($entries['admin'][$key_main][$key_sub])) {
$key_main = '';
$key_sub = '';
}
// buttons
$submit = isset($_POST['submit']);
$delete = isset($_POST['delete']);
$cancel = isset($_POST['cancel']);
$add = isset($_POST['add']);
if ($add || $delete) {
$mode = 'key';
}
{
$kb_mode = true;
$kb_mode_append = '&kb=on';
$kb_mode_append_red = '&kb=on';
}
$download = request_get_var('download', '');
if (empty($topic_id) && empty($post_id))
{
if (!defined('STATUS_404')) define('STATUS_404', true);
message_die(GENERAL_MESSAGE, 'NO_TOPIC');
}
// Find topic id if user requested a newer or older topic
$view = request_get_var('view', '');
if (!empty($view) && empty($post_id))
{
if ($view == 'newest')
{
if (isset($_COOKIE[$config['cookie_name'] . '_sid']) || !empty($sid))
{
$session_id = isset($_COOKIE[$config['cookie_name'] . '_sid']) ? $_COOKIE[$config['cookie_name'] . '_sid'] : $sid;
if (!preg_match('/^[A-Za-z0-9]*$/', $session_id))
{
$session_id = '';
}
if ($session_id)
{
$sql = "SELECT p.post_id
$batchwait = request_post_var('batchwait', $def_wait);
$mass_pm = request_var('mass_pm', 0);
$email_format = request_var('email_format', 0);
$group_id = request_var(POST_GROUPS_URL, 0);
$mail_session_id = md5(uniqid(''));
$sql = "INSERT INTO " . MEGAMAIL_TABLE . " (mailsession_id, mass_pm, user_id, group_id, email_subject, email_body, email_format, batch_start, batch_size, batch_wait, status)\n\t\t\tVALUES ('" . $mail_session_id . "', " . $mass_pm . ", " . $user->data['user_id'] . ", " . $group_id . ", '" . $db->sql_escape($subject) . "', '" . $db->sql_escape($message) . "', " . $email_format . ", 0, " . $batchsize . "," . $batchwait . ", 0)";
$result = $db->sql_query($sql);
$mail_id = $db->sql_nextid();
$url = append_sid('admin_megamail.' . PHP_EXT . '?mail_id=' . $mail_id . '&mail_session_id=' . $mail_session_id);
$redirect_url = ADM . '/' . $url;
meta_refresh($batchwait, $redirect_url);
$message = sprintf($lang['megamail_created_message'], '<a href="' . $url . '">', '</a>');
message_die(GENERAL_MESSAGE, $message);
}
$mail_id = request_get_var('mail_id', 0);
$mail_session_id = request_get_var('mail_session_id', '');
if (!empty($mail_id) && !empty($mail_session_id)) {
@ignore_user_abort(true);
// Let's see if that session exists
$sql = "SELECT *\n\t\t\tFROM " . MEGAMAIL_TABLE . "\n\t\t\tWHERE mail_id = '" . $mail_id . "'\n\t\t\t\tAND mailsession_id LIKE '" . $db->sql_escape($mail_session_id) . "'";
$result = $db->sql_query($sql);
$mail_data = $db->sql_fetchrow($result);
if (!$mail_data) {
message_die(GENERAL_MESSAGE, 'Mail ID and Mail Session ID do not match.', '', __LINE__, __FILE__, $sql);
}
//Ok, the session exists
$subject = $mail_data['email_subject'];
$message = $mail_data['email_body'];
// Store the clean version of the message for PM
$pm_message = $message;
$group_id = $mail_data['group_id'];
if (!defined('IN_ICYPHOENIX')) {
die('Hacking attempt');
}
$var_menu = request_get_var('menu', 0);
$var_menu_id = request_post_var('menu_id', 0);
$menu_id = 0;
if (!empty($var_menu) || !empty($var_menu_id)) {
$menu_id = !empty($var_menu_id) ? $var_menu_id : $var_menu;
}
$var_mod = request_get_var('mod', 0);
$var_mod_id = request_post_var('mod_id', 0);
$mod_id = 0;
if (!empty($var_mod) || !empty($var_mod_id)) {
$mod_id = !empty($var_mod_id) ? $var_mod_id : $var_mod;
}
$var_sub = request_get_var('msub', 0);
$var_sub_id = request_post_var('sub_id', 0);
$sub_id = 0;
if (!empty($var_sub) || !empty($var_sub_id)) {
$sub_id = !empty($var_sub_id) ? $var_sub_id : $var_sub;
}
$settings_modules_array = $class_settings->process_settings_modules($acp_modules, true, false);
// fix menu id
if ($menu_id > sizeof($settings_modules_array['menu_keys'])) {
$menu_id = 0;
}
// fix mod id
if ($mod_id > sizeof($settings_modules_array['mod_keys'][$menu_id])) {
$mod_id = 0;
}
// fix sub id
* @copyright (c) 2008 Icy Phoenix
* @license http://opensource.org/licenses/gpl-license.php GNU Public License
*
*/
/**
*
* @Extra credits for this file
* AmigaLink
*
*/
if (!defined('IN_ICYPHOENIX')) {
die('Hacking attempt');
exit;
}
// Do we have an id? No, then just exit
$confirm_id = request_get_var('confirm_id', '');
if (empty($confirm_id)) {
exit;
}
// Define available charset
$chars = array('A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'I', 'J', 'K', 'L', 'M', 'N', 'O', 'P', 'Q', 'R', 'S', 'T', 'U', 'V', 'W', 'X', 'Y', 'Z', '1', '2', '3', '4', '5', '6', '7', '8', '9');
if (!defined('CAPTCHA_FONTS_PATH')) {
define('CAPTCHA_FONTS_PATH', 'images/fonts/');
}
if (!defined('CAPTCHA_PICS_PATH')) {
define('CAPTCHA_PICS_PATH', 'images/pics/');
}
//if (!preg_match('/^[A-Za-z0-9]+$/', $confirm_id))
if (!preg_match('/^[[:alnum:]]+$/', $confirm_id)) {
$confirm_id = '';
}
}
if ($link_id) {
$sql = "UPDATE " . AUTOLINKS . "\n\t\t\t\tSET link_keyword = '" . $db->sql_escape($keyword) . "', link_title = '" . $db->sql_escape($title) . "', link_url = '" . $db->sql_escape($url) . "', link_comment = '" . $db->sql_escape($comment) . "', link_style = '" . $db->sql_escape($style) . "', link_forum = '" . $forum . "', link_int = '" . $internal . "'\n\t\t\t\tWHERE link_id = " . $link_id;
$message = $lang['Autolink_updated'];
} else {
$sql = "INSERT INTO " . AUTOLINKS . " (link_keyword, link_title, link_url, link_comment, link_style, link_forum, link_int)\n\t\t\t\tVALUES ('" . $db->sql_escape($keyword) . "', '" . $db->sql_escape($title) . "', '" . $db->sql_escape($url) . "', '" . $db->sql_escape($comment) . "', '" . $db->sql_escape($style) . "', {$forum}, {$internal})";
$message = $lang['Autolink_added'];
}
$result = $db->sql_query($sql);
$db->clear_cache('autolinks_', TOPICS_CACHE_FOLDER);
$message .= '<br /><br />' . sprintf($lang['Click_return_autolinkadmin'], '<a href="' . append_sid('admin_autolinks.' . PHP_EXT) . '">', '</a>') . '<br /><br />' . sprintf($lang['Click_return_admin_index'], '<a href="' . append_sid('index.' . PHP_EXT . '?pane=right') . '">', '</a>');
message_die(GENERAL_MESSAGE, $message);
}
} else {
$link_id_edit = request_get_var('id', 0);
$forum_id = request_get_var('forum_id', 0);
$template->set_filenames(array('body' => ADM_TPL . 'autolinks_body.tpl'));
$sql = "SELECT forum_id, forum_name\n\t\tFROM " . FORUMS_TABLE . "\n\t\tWHERE forum_type = " . FORUM_POST . "\n\t\tORDER BY parent_id, forum_order ASC";
$result = $db->sql_query($sql);
$forum_ids = array();
$forum_names = array();
$forum_ids[0] = '0';
$forum_names[0] = $lang['Select_all_forums'];
while ($row = $db->sql_fetchrow($result)) {
$forum_ids[] = $row['forum_id'];
$forum_names[] = $row['forum_name'];
}
$forum_list = '<select name="link_forum"><option value="0">' . $lang['Select_a_Forum'] . '</option>';
$forum_list .= '<option value="0"> </option>';
if ($link_id_edit) {
$sql = "SELECT *\n\t\t\tFROM " . AUTOLINKS . "\n\t\t\tWHERE link_id = " . $link_id_edit;
function jr_admin_secure($file)
{
global $db, $user, $lang;
/* Debugging in this function causes changes to the way ADMIN users are interpreted. You are warned */
$debug = false;
// We need this for regular expressions... to avoid errors!!!
$phpEx = PHP_EXT;
$jr_admin_userdata = jr_admin_get_user_info($user->data['user_id']);
$selected_module = request_get_var('module', '');
$sid = request_var('sid', '');
if ($debug) {
if (!preg_match("/^index.{$phpEx}/", $file)) {
print '<pre><span class="gen"><span class="text_red">DEBUG - File Accessed - ';
print $file;
print '</pre></span></span><br />';
}
}
if ($user->data['user_level'] == ADMIN && !$debug) {
//Admin always has access
return true;
} elseif (empty($jr_admin_userdata['user_jr_admin'])) {
//This user has no modules and no business being here
return false;
} elseif (preg_match("/^index.{$phpEx}/", $file)) {
//We are at the index file, which is already secure pretty much
return true;
} elseif (!empty($selected_module) && in_array($selected_module, explode(EXPLODE_SEPARATOR_CHAR, $jr_admin_userdata['user_jr_admin']))) {
//The user has access for sure by module_id security from GET vars only
return true;
} elseif (!!empty($selected_module) && sizeof($_POST)) {
//This user likely entered a post form, so let's use some checking logic
//to make sure they are doing it from where they should be!
//Get the filename without any arguments
$file = preg_replace("/\\?.+=.*\$/", '', $file);
//Return the check to make sure the user has access to what they are submitting
return jr_admin_check_file_hashes($file);
} elseif (!!empty($selected_module) && !empty($sid)) {
//This user has clicked on a url that specified items
if ($sid != $user->data['session_id']) {
return false;
} else {
//Get the filename without any arguments
$file = preg_replace("/\\?.+=.*\$/", '', $file);
//Return the check to make sure the user has access to what they are submitting
return jr_admin_check_file_hashes($file);
}
} else {
//Something came up that shouldn't have!
return false;
}
}
while ($file = @readdir($dir)) {
if (!is_file(@phpbb_realpath(IP_ROOT_PATH . 'templates/' . $file)) && !is_link(phpbb_realpath(IP_ROOT_PATH . 'templates/' . $file)) && $file != '.' && $file != '..' && $file != 'common' && $file != 'default') {
$s_template_select .= '<option value="' . $file . '">' . $file . '</option>' . "\n";
}
}
$s_template_select .= '</select>';
} else {
message_die(GENERAL_MESSAGE, $lang['No_template_dir']);
}
@closedir($dir);
$template->assign_vars(array('L_STYLE_EXPORTER' => $lang['Export_themes'], 'L_EXPORTER_EXPLAIN' => $lang['Export_explain'], 'L_TEMPLATE_SELECT' => $lang['Select_template'], 'L_SUBMIT' => $lang['Submit'], 'S_EXPORTER_ACTION' => append_sid('admin_styles.' . PHP_EXT . '?mode=export'), 'S_TEMPLATE_SELECT' => $s_template_select));
$template->pparse('body');
}
break;
case 'delete':
$style_id = request_get_var('style_id', 0);
if (!$confirm) {
if ($style_id == $config['default_style']) {
message_die(GENERAL_MESSAGE, $lang['Cannot_remove_style']);
}
$hidden_fields = '<input type="hidden" name="mode" value="' . $mode . '" /><input type="hidden" name="style_id" value="' . $style_id . '" />';
// Set template files
$template->set_filenames(array('confirm' => ADM_TPL . 'confirm_body.tpl'));
$template->assign_vars(array('MESSAGE_TITLE' => $lang['Confirm'], 'MESSAGE_TEXT' => $lang['Confirm_delete_style'], 'L_YES' => $lang['Yes'], 'L_NO' => $lang['No'], 'S_CONFIRM_ACTION' => append_sid('admin_styles.' . PHP_EXT), 'S_HIDDEN_FIELDS' => $hidden_fields));
$template->pparse('confirm');
} else {
//
// The user has confirmed the delete. Remove the style, the style element
// names and update any users who might be using this style
//
$sql = "DELETE FROM " . THEMES_TABLE . " WHERE themes_id = " . $style_id;
@rmdir($str);
} else {
@unlink($str);
}
}
}
closedir($res);
}
$template->assign_block_vars('nav_left', array('ITEM' => '» <a href="' . append_sid('xs_uninstall.' . PHP_EXT) . '">' . $lang['xs_uninstall_styles'] . '</a>'));
$lang['xs_uninstall_back'] = str_replace('{URL}', append_sid('xs_uninstall.' . PHP_EXT), $lang['xs_uninstall_back']);
$lang['xs_goto_default'] = str_replace('{URL}', append_sid('xs_styles.' . PHP_EXT), $lang['xs_goto_default']);
// uninstall style
$remove_id = request_var('remove', 0);
$remove_dir = request_get_var('dir', '');
$remove_tpl = request_post_var('remove', '');
$nocfg = request_get_var('nocfg', '');
if (!empty($remove_id) && !defined('DEMO_MODE')) {
if ($config['default_style'] == $remove_id) {
xs_error(str_replace('{URL}', append_sid('xs_styles.' . PHP_EXT), $lang['xs_uninstall_default']) . '<br /><br />' . $lang['xs_uninstall_back']);
}
$sql = "SELECT themes_id, template_name, style_name FROM " . THEMES_TABLE . " WHERE themes_id='{$remove_id}'";
$db->sql_return_on_error(true);
$result = $db->sql_query($sql);
$db->sql_return_on_error(false);
if (!$result) {
xs_error($lang['xs_no_style_info'] . '<br /><br />' . $lang['xs_uninstall_back'], __LINE__, __FILE__);
}
$row = $db->sql_fetchrow($result);
if (empty($row['themes_id'])) {
xs_error($lang['xs_no_style_info'] . '<br /><br />' . $lang['xs_uninstall_back'], __LINE__, __FILE__);
}
*/
$fid = request_var(POST_FORUM_URL, '');
if (!empty($fid)) {
$f_type = substr($fid, 0, 1);
if ($f_type == POST_FORUM_URL) {
$forum_id = intval(substr($fid, 1));
$forum_sql = " WHERE forum_id = '" . $forum_id . "'";
} else {
unset($forum_id);
$forum_sql = '';
}
} else {
unset($forum_id);
$forum_sql = '';
}
$adv = request_get_var('adv', 0);
// Start program proper
if (isset($_POST['submit'])) {
$sql = '';
if (!empty($forum_id)) {
if (isset($_POST['simpleauth'])) {
$simple_ary = $simple_auth_ary[intval($_POST['simpleauth'])];
for ($i = 0; $i < sizeof($simple_ary); $i++) {
$sql .= ($sql != '' ? ', ' : '') . $forum_auth_fields[$i] . ' = ' . $simple_ary[$i];
}
if (is_array($simple_ary)) {
$sql = "UPDATE " . FORUMS_TABLE . " SET {$sql} WHERE forum_id = {$forum_id}";
}
} else {
for ($i = 0; $i < sizeof($forum_auth_fields); $i++) {
$value = intval($_POST[$forum_auth_fields[$i]]);
if (!$num && !$num_error) {
if (!empty($clear)) {
$data .= str_replace('{TPL}', $clear, $lang['xs_cache_log_nothing']) . "<br />\n";
} else {
$data .= $lang['xs_cache_log_nothing2'] . "<br />\n";
}
} else {
$data .= str_replace('{NUM}', $num, $lang['xs_cache_log_count']) . "<br />\n";
if ($num_error) {
$data .= str_replace('{NUM}', $num_error, $lang['xs_cache_log_count2']) . "<br />\n";
}
}
}
}
// compile cache
$tpl = request_get_var('compile', '');
if (isset($_GET['compile']) && !defined('DEMO_MODE')) {
@set_time_limit(XS_MAX_TIMEOUT);
$num_errors = 0;
$num_compiled = 0;
if (!empty($tpl)) {
$dir = $template->tpldir . $tpl . '/';
compile_cache($dir, '', $tpl);
} else {
$res = opendir('../templates');
while (($file = readdir($res)) !== false) {
if ($file !== '.' && $file !== '..' && is_dir('../templates/' . $file) && @file_exists('../templates/' . $file . '/overall_header.tpl')) {
compile_cache('../templates/' . $file . '/', '', $file);
}
}
closedir($res);
}
if (!defined('PHP_EXT')) {
define('PHP_EXT', substr(strrchr(__FILE__, '.'), 1));
}
$no_page_header = true;
require 'pagestart.' . PHP_EXT;
define('IN_XS', true);
include_once 'xs_include.' . PHP_EXT;
$template->assign_block_vars('nav_left', array('ITEM' => '» <a href="' . append_sid('xs_install.' . PHP_EXT) . '">' . $lang['xs_install_styles'] . '</a>'));
$lang['xs_install_back'] = str_replace('{URL}', append_sid('xs_install.' . PHP_EXT), $lang['xs_install_back']);
$lang['xs_goto_default'] = str_replace('{URL}', append_sid('xs_styles.' . PHP_EXT), $lang['xs_goto_default']);
// remove timeout. useful for forum with 100+ styles
@set_time_limit(XS_MAX_TIMEOUT);
// install style
$style = request_get_var('style', '', true);
$num = request_get_var('num', 0);
if (!empty($style) && !defined('DEMO_MODE')) {
$res = xs_install_style($style, $num);
if (defined('REFRESH_NAVBAR')) {
$template->assign_block_vars('left_refresh', array('ACTION' => append_sid('index.' . PHP_EXT . '?pane=left')));
}
if ($res) {
$db->clear_cache('styles_');
xs_message($lang['Information'], $lang['xs_install_installed'] . '<br /><br />' . $lang['xs_install_back'] . '<br /><br />' . $lang['xs_goto_default']);
}
xs_error($lang['xs_install_error'] . '<br /><br />' . $lang['xs_install_back']);
}
// install styles
$total = request_var('total', 0);
if (!empty($total) && !defined('DEMO_MODE')) {
$tpl = array();
* @copyright (c) 2008 Icy Phoenix
* @license http://opensource.org/licenses/gpl-license.php GNU Public License
*
*/
/**
*
* @Icy Phoenix is based on phpBB
* @copyright (c) 2008 phpBB Group
*
*/
if (!defined('IN_ICYPHOENIX')) {
die('Hacking attempt');
exit;
}
$show_extra_stats = request_get_var('stats', 0);
$target_user_id = request_get_var(POST_USERS_URL, ANONYMOUS);
if (empty($target_user_id) || $target_user_id == ANONYMOUS) {
if (!defined('STATUS_404')) {
define('STATUS_404', true);
}
message_die(GENERAL_MESSAGE, 'NO_USER');
}
$profiledata = get_userdata($target_user_id);
if (empty($profiledata) || empty($profiledata['user_id'])) {
if (!defined('STATUS_404')) {
define('STATUS_404', true);
}
message_die(GENERAL_MESSAGE, 'NO_USER');
}
// We force the user to be active to show its profile... or we require the viewer to be admin!
if (empty($profiledata['user_active']) && $user->data['user_level'] != ADMIN) {
$result = $db->sql_query($sql);
$db->sql_return_on_error(false);
if (!$result) {
$total_users = 0;
} else {
$total = $db->sql_fetchrow($result);
$total_users = $total['total'];
}
$template->assign_vars(array('U_SCRIPT' => 'xs_styles.' . PHP_EXT, 'NUM_DEFAULT' => $num_default));
if ($total_users > $num_users) {
// fix problem
$sql = 'UPDATE ' . USERS_TABLE . ' SET user_style = NULL WHERE user_style NOT IN (' . implode(', ', $style_ids) . ')';
$db->sql_query($sql);
}
// get list of users
$user_style_id = request_get_var('list', 0);
if (!empty($user_style_id)) {
$template->assign_block_vars('list_users', array());
$sql = "SELECT user_id, username FROM " . USERS_TABLE . " WHERE user_style = '{$user_style_id}' ORDER BY username ASC";
$db->sql_return_on_error(true);
$result = $db->sql_query($sql);
$db->sql_return_on_error(false);
if (!$result) {
xs_error('Could not get users list!', __LINE__, __FILE__);
}
$rowset = $db->sql_fetchrowset($result);
for ($i = 0; $i < sizeof($rowset); $i++) {
$template->assign_block_vars('list_users.user', array('NUM' => $i + 1, 'ID' => $rowset[$i]['user_id'], 'NAME' => htmlspecialchars($rowset[$i]['username'])));
}
}
$template->set_filenames(array('body' => XS_TPL_PATH . 'styles.tpl'));
$cms_admin->b_id = 0;
}
if ($cms_admin->action == 'add' || $cms_admin->action == 'edit') {
$template_to_parse = CMS_TPL . 'cms_block_content_body.tpl';
$cms_admin->manage_block();
} elseif ($cms_admin->action == 'save') {
$cms_admin->save_block();
} elseif ($cms_admin->action == 'delete') {
$cms_admin->delete_block();
} elseif ($cms_admin->id_var_value != 0 || $cms_admin->action == 'editglobal') {
if (isset($_POST['action_update'])) {
$cms_admin->update_blocks();
}
$template_to_parse = CMS_TPL . 'cms_blocks_list_body.tpl';
$template->assign_var('CMS_PAGE_TITLE', $lang['BLOCKS_TITLE']);
$move = request_get_var('move', -1);
if ($cms_admin->mode == 'blocks' && ($move == '0' || $move == '1')) {
$cms_admin->move_block($move);
}
$template->assign_vars(array('S_BLOCKS_ACTION' => append_sid($cms_admin->root), 'S_HIDDEN_FIELDS' => $cms_admin->s_hidden_fields));
// Old Version...
/*
if ($cms_admin->mode_layout_name == 'layouts_special')
{
$cms_admin->show_blocks_list();
}
else
{
*/
$result = $cms_admin->show_blocks_list_ajax();
if (is_array($result)) {
$location['url'] = CMS_PAGE_VIEWFORUM . '?' . POST_FORUM_URL . '=' . $forum_id;
}
else
{
$location = get_online_page($row['session_page']);
}
}
$location['url'] = append_sid(IP_ROOT_PATH . $location['url']);
$row_class = ($$which_counter % 2) ? $theme['td_class1'] : $theme['td_class2'];
// Start Advanced IP Tools Pack MOD
$mode = htmlspecialchars($_GET['mode']);
$test_ip = request_get_var('ip', '');
if ((($user->data['user_level'] == ADMIN) || ($user->data['user_level'] == MOD)) && ($mode == 'lookup') && isset($_GET['ip']) && ($row['session_ip'] == $test_ip))
{
$ip = gethostbyaddr($row['session_ip']);
}
else
{
$ip = $row['session_ip'];
$mode = 'ip';
}
// End Advanced IP Tools Pack MOD
$template->assign_block_vars("$which_row", array(
// Start Advanced IP Tools Pack MOD
'IP' => htmlspecialchars($ip),
'USER_AGENT' => htmlspecialchars($row['session_browser']) . '<br />' . htmlspecialchars($row['session_page']),
'U_HOSTNAME_LOOKUP' => ($mode != 'lookup') ? append_sid(CMS_PAGE_VIEWONLINE . '?mode=lookup&ip=' . htmlspecialchars(urlencode($row['session_ip']))) : append_sid(CMS_PAGE_VIEWONLINE . '?mode=ip&ip=' . htmlspecialchars(urlencode($row['session_ip']))),
