function buildVariableEnv($uid, $gid, $tid, &$vardisp, &$bounds, &$privilege, &$tree, &$condensed, &$autoDisplay) { $result = sqlquery("SELECT view_row.name AS user_name, variable.name AS var_name, path, warning_bound, error_bound, alarm_order, view_row.filter as varfilter, view_table.filter as viewfilter, display, auto_display, view_row.vid AS vid " . "FROM variable, view_row, view_table " . "WHERE variable.command='variable' AND (view_table.uid='{$uid}' OR view_table.uid='{$gid}') AND view_table.tid='{$tid}' AND view_row.tid='{$tid}' AND variable.vid=view_row.vid ORDER BY view_row.ordering"); while ($result && ($arr = sqlfetch($result))) { $vid = $arr["vid"]; if (!hasAccessToVariable($vid)) { continue; } $path = $arr["path"]; if ($arr["varfilter"] != "" && ($path = filterPath($path, $arr["varfilter"])) == "") { continue; } if ($arr["viewfilter"] != "" && ($path = filterPath($path, $arr["viewfilter"])) == "") { continue; } $condensed = $arr["display"] == "condensed"; $autoDisplay = $arr["auto_display"] == "auto"; $varName = getVarName($path); $vardisp[$varName] = $arr["user_name"]; $bounds[$varName] = array($arr["warning_bound"], $arr["error_bound"], $arr["alarm_order"]); $privilege[$varName] = getVariableRight($vid); $address = explode(".", $path); //echo "add to tree address $path<br>\n"; if (!isset($numsteps)) { $numsteps = count($address); } if ($numsteps != count($address)) { echo "Invalid table <b>{$tid}</b>, contains different variable path length (typically, mixed shard/server/service variables with entity variables)\n"; return; } addToNode($tree, $address, 0); } }
function getShardLockState() { global $shardLockState, $uid, $REMOTE_ADDR, $enablelock, $shardList; global $ASHost, $ASPort; $shardLockState = array(); if (count($shardList) > 0) { foreach ($shardList as $shard => $s) { $shardLockState[$shard]['lock_state'] = $enablelock ? 0 : 1; } } $result = sqlquery("SELECT * FROM shard_annotation"); while ($result && ($arr = sqlfetch($result))) { if ($enablelock) { if ($arr['lock_user'] == 0) { $lockState = 0; // unlocked } else { if ($arr['lock_user'] == $uid && $arr['lock_ip'] == $REMOTE_ADDR) { $lockState = 1; // locked by user } else { $lockState = 2; // locked by another user } } } else { $lockState = 1; } $shardLockState[$arr['shard']] = array('user_annot' => $arr['user'], 'annot' => htmlentities($arr['annotation'], ENT_QUOTES), 'post_date' => $arr['post_date'], 'lock_user' => $arr['lock_user'], 'lock_ip' => $arr['lock_ip'], 'lock_date' => $arr['lock_date'], 'lock_state' => $lockState, 'ASAddr' => $arr['ASAddr'], 'alias' => $arr['alias']); } }
static function getForm($id) { $id = sqlescape($id); $form = sqlfetch(sqlquery("SELECT * FROM btx_form_builder_forms WHERE id = '{$id}'")); if (!$form) { return false; } $fields = array(); $object_count = 0; $field_query = sqlquery("SELECT * FROM btx_form_builder_fields WHERE form = '{$id}' AND `column` = '0' ORDER BY position DESC, id ASC"); while ($field = sqlfetch($field_query)) { $object_count++; if ($field["type"] == "column") { // Get left column $column_fields = array(); $column_query = sqlquery("SELECT * FROM btx_form_builder_fields WHERE `column` = '" . $field["id"] . "' AND `alignment` = 'left' ORDER BY position DESC, id ASC"); while ($sub_field = sqlfetch($column_query)) { $column_fields[] = $sub_field; $object_count++; } $field["fields"] = $column_fields; $fields[] = $field; // Get right column $column_fields = array(); $column_query = sqlquery("SELECT * FROM btx_form_builder_fields WHERE `column` = '" . $field["id"] . "' AND `alignment` = 'right' ORDER BY position DESC, id ASC"); while ($sub_field = sqlfetch($column_query)) { $column_fields[] = $sub_field; $object_count++; } $field["fields"] = $column_fields; $fields[] = $field; // Column start/end count as objects so we add 3 since there's two columns $object_count += 3; } else { $fields[] = $field; } } $form["fields"] = $fields; $form["object_count"] = $object_count - 1; // We start at 0 return $form; }
if (strpos($file, "site/extensions/{$id}/") === 0) { BigTree::copyFile(SERVER_ROOT . $file, SERVER_ROOT . "extensions/{$id}/public/" . str_replace("site/extensions/{$id}/", "", $file)); // Move into the site/extensions/ folder and then copy into /public/ } else { BigTree::moveFile(SERVER_ROOT . $file, SITE_ROOT . "extensions/{$id}/" . substr($file, 5)); BigTree::copyFile(SITE_ROOT . "extensions/{$id}/" . substr($file, 5), SERVER_ROOT . "extensions/{$id}/public/" . substr($file, 5)); } } // If we have a place to move it to, move it. if ($d) { BigTree::moveFile(SERVER_ROOT . $file, SERVER_ROOT . "extensions/{$id}/" . $d); } } } // If this package already exists, we need to do a diff of the tables, increment revision numbers, and add SQL statements. $existing = sqlfetch(sqlquery("SELECT * FROM bigtree_extensions WHERE id = '" . sqlescape($id) . "' AND type = 'extension'")); if ($existing) { $existing_json = json_decode($existing["manifest"], true); // Increment revision numbers $revision = $package["revision"] = intval($existing_json["revision"]) + 1; $package["sql_revisions"] = (array) $existing_json["sql_revisions"]; $package["sql_revisions"][$revision] = array(); // Diff the old tables foreach ($existing_json["components"]["tables"] as $table => $create_statement) { // If the table exists in the new manifest, we're going to see if they're identical if (isset($package["components"]["tables"][$table])) { // We're going to create a temporary table of the old structure to compare to the current table $create_statement = preg_replace("/CREATE TABLE `([^`]*)`/i", "CREATE TABLE `bigtree_extension_temp`", $create_statement); $create_statement = preg_replace("/CONSTRAINT `([^`]*)`/i", "", $create_statement); sqlquery("DROP TABLE IF EXISTS `bigtree_extension_temp`"); sqlquery($create_statement);
function updatePageParent($page, $parent) { $page = sqlescape($page); $parent = sqlescape($parent); if ($this->Level < 1) { $this->stop("You are not allowed to move pages."); } // Get the existing path so we can create a route history $current = sqlfetch(sqlquery("SELECT path FROM bigtree_pages WHERE id = '{$page}'")); $old_path = sqlescape($current["path"]); sqlquery("UPDATE bigtree_pages SET parent = '{$parent}' WHERE id = '{$page}'"); $path = sqlescape($this->getFullNavigationPath($page)); // Set the route history sqlquery("DELETE FROM bigtree_route_history WHERE old_route = '{$path}' OR old_route = '{$old_path}'"); sqlquery("INSERT INTO bigtree_route_history (`old_route`,`new_route`) VALUES ('{$old_path}','{$path}')"); // Update the page with its new path. sqlquery("UPDATE bigtree_pages SET path = '{$path}' WHERE id = '{$page}'"); // Update the paths of any child pages. $this->updateChildPagePaths($page); }
echo "{\n"; echo "\treturn true;\n"; echo "}\n"; echo "\n"; echo "//--></script>\n"; // input variables : // - $preselServ : preselected service address // - $execCommand : executed command on preselected service, like a normal service // echo "<br><br>\n"; echo "<table border=0><tr valign=top>\n"; echo "<form method=post action='" . $_SERVER['PHP_SELF'] . "' name='cmdform'>\n"; echo "<td>\n"; $result = sqlquery("SELECT DISTINCT shard FROM service ORDER BY shard"); echo "<select multiple size=" . sqlnumrows($result) . " name='selshards[]'>"; while ($result && ($arr = sqlfetch($result))) { $selected = isset($selshards) && in_array($arr["shard"], $selshards) || (isset($admfilter_shard) && $admfilter_shard != "" && strstr($arr["shard"], $admfilter_shard) || $admfilter_shard == "" && !isset($selshards)); if ($selected) { $selected_shards[] = $arr["shard"]; } echo "<option value='" . $arr["shard"] . "'" . ($selected ? " selected" : "") . ">" . $arr["shard"]; } echo "</select>\n"; echo "</td>\n"; echo "<td width=30> </td>\n"; echo "<td>\n"; echo "<table border=0>\n"; echo "<tr><th align=left>Player/Character name</th></tr>\n"; echo "<tr><td><input name=char_name value='" . stripslashes($char_name) . "' size=50 maxlength=20480></td>\n"; echo "<td><input type=submit value='Locate'></td></tr>\n"; echo "</form></table>\n";
<?php require_once '../lib-core.php'; require_once '../lib-auth.php'; $polrauth = new polrauth(); $baseval = $mysqli->real_escape_string($_POST['baseval']); $userinfo = $polrauth->islogged(); if (!is_array($userinfo)) { //not logged in die('401 Unauthorized (not logged in)'); } $role = $userinfo['role']; $user = $mysqli->real_escape_string($userinfo['username']); $date = $mysqli->real_escape_string(time()); if ($role != 'adm') { die('401 Unauthorized (not admin)'); } //if all works out $orig = $mysqli->real_escape_string(sqlfetch('redirinfo', 'rurl', 'baseval', $baseval)); $query = "UPDATE redirinfo SET rurl='disabled', etc2='Disabled by {$user} on UNIXDATE {$date}', etc='{$orig}' WHERE baseval='{$baseval}';"; $result = $mysqli->query($query) or die('error'); echo 'success'; die; //all works out :)
function handle404($url) { $url = sqlescape(htmlspecialchars(strip_tags(rtrim($url, "/")))); $f = sqlfetch(sqlquery("SELECT * FROM bigtree_404s WHERE broken_url = '{$url}'")); if (!$url) { return true; } if ($f["redirect_url"]) { if ($f["redirect_url"] == "/") { $f["redirect_url"] = ""; } if (substr($f["redirect_url"], 0, 7) == "http://" || substr($f["redirect_url"], 0, 8) == "https://") { $redirect = $f["redirect_url"]; } else { $redirect = WWW_ROOT . str_replace(WWW_ROOT, "", $f["redirect_url"]); } sqlquery("UPDATE bigtree_404s SET requests = (requests + 1) WHERE id = '" . $f["id"] . "'"); BigTree::redirect($redirect, "301"); return false; } else { header($_SERVER["SERVER_PROTOCOL"] . " 404 Not Found"); if ($f) { sqlquery("UPDATE bigtree_404s SET requests = (requests + 1) WHERE id = '" . $f["id"] . "'"); } else { sqlquery("INSERT INTO bigtree_404s (`broken_url`,`requests`) VALUES ('{$url}','1')"); } define("BIGTREE_DO_NOT_CACHE", true); return true; } }
static function updatePendingItemField($id, $field, $value) { $id = sqlescape($id); $item = sqlfetch(sqlquery("SELECT * FROM bigtree_pending_changes WHERE id = '{$id}'")); $changes = json_decode($item["changes"], true); if (is_array($value)) { $value = BigTree::translateArray($value); } $changes[$field] = $value; $changes = sqlescape(json_encode($changes)); sqlquery("UPDATE bigtree_pending_changes SET changes = '{$changes}' WHERE id = '{$id}'"); }
static function tableContents($table) { $inserts = array(); // Figure out which columns are binary and need to be pulled as hex $description = BigTree::describeTable($table); $column_query = array(); $binary_columns = array(); foreach ($description["columns"] as $key => $column) { if ($column["type"] == "tinyblob" || $column["type"] == "blob" || $column["type"] == "mediumblob" || $column["type"] == "longblob" || $column["type"] == "binary" || $column["type"] == "varbinary") { $column_query[] = "HEX(`{$key}`) AS `{$key}`"; $binary_columns[] = $key; } else { $column_query[] = "`{$key}`"; } } // Get the rows out of the table $qq = sqlquery("SELECT " . implode(", ", $column_query) . " FROM `{$table}`"); while ($ff = sqlfetch($qq)) { $keys = array(); $vals = array(); foreach ($ff as $key => $val) { $keys[] = "`{$key}`"; if ($val === null) { $vals[] = "NULL"; } else { if (in_array($key, $binary_columns)) { $vals[] = "X'" . str_replace("\n", "\\n", sqlescape($val)) . "'"; } else { $vals[] = "'" . str_replace("\n", "\\n", sqlescape($val)) . "'"; } } } $inserts[] = "INSERT INTO `{$table}` (" . implode(",", $keys) . ") VALUES (" . implode(",", $vals) . ")"; } return $inserts; }
foreach ($modules as $m) { // Get all auto module view actions for this module. $actions = $admin->getModuleActions($m); foreach ($actions as $action) { if ($action["view"]) { $view = BigTreeAutoModule::getView($action["view"]); $m_results = array(); $table_description = BigTree::describeTable($view["table"]); $qparts = array(); foreach ($table_description["columns"] as $column => $data) { $qparts[] = "`{$column}` LIKE {$w}"; } // Get matching results $qs = sqlquery("SELECT * FROM `" . $view["table"] . "` WHERE " . implode(" OR ", $qparts)); // Ignore SQL failures because we might have bad collation. while ($r = sqlfetch($qs, true)) { foreach ($r as &$piece) { $piece = $cms->replaceInternalPageLinks($piece); } unset($piece); $m_results[] = $r; $total_results++; } if (count($m_results)) { $results[$m["name"]][] = array("view" => $view, "results" => $m_results, "module" => $m); } } } } ?> <form class="adv_search" method="get" action="<?php
function logUser($uid, $act, $prefix = "") { global $HTTP_USER_AGENT, $REMOTE_ADDR, $userlogpath; $result = sqlquery("SELECT login FROM user WHERE uid='{$uid}'"); if ($result && ($result = sqlfetch($result))) { $login = $result["login"]; $filename = $userlogpath . "/" . $login . ".log"; $file = fopen($filename, "a"); if ($file) { fwrite($file, ($prefix != "" ? $prefix . " " : "") . date("Y/m/d H:i:s") . " {$uid}:{$login}:{$HTTP_USER_AGENT}:{$REMOTE_ADDR} {$act}\n"); fclose($file); } } else { $filename = $userlogpath . "/unreferenced_user.log"; $file = fopen($filename, "a"); if ($file) { fwrite($file, date("Y/m/d H:i:s") . " {$uid}:<unknown login>:{$HTTP_USER_AGENT}:{$REMOTE_ADDR} {$act}\n"); fclose($file); } } /* $result = sqlquery("SELECT http_agent, remote_address, act FROM user_log WHERE uid='$uid' ORDER BY log_date DESC LIMIT 1"); if (!$result || !($arr=mysql_fetch_array($result)) || $arr["http_agent"]!=$HTTP_USER_AGENT || $arr["remote_address"]!=$REMOTE_ADDR || $arr["act"]!=$act) { sqlquery("INSERT INTO user_log SET uid='$uid', http_agent='$HTTP_USER_AGENT', remote_address='$REMOTE_ADDR', log_date=NOW(), act='$act'"); } */ }
function _local_bigtree_update_102() { sqlquery("ALTER TABLE bigtree_field_types ADD COLUMN `use_cases` TEXT NOT NULL AFTER `name`"); sqlquery("ALTER TABLE bigtree_field_types ADD COLUMN `self_draw` CHAR(2) NULL AFTER `use_cases`"); $q = sqlquery("SELECT * FROM bigtree_field_types"); while ($f = sqlfetch($q)) { $use_cases = sqlescape(json_encode(array("templates" => $f["pages"], "modules" => $f["modules"], "callouts" => $f["callouts"], "settings" => $f["settings"]))); sqlquery("UPDATE bigtree_field_types SET use_cases = '{$use_cases}' WHERE id = '" . sqlescape($f["id"]) . "'"); } sqlquery("ALTER TABLE bigtree_field_types DROP `pages`, DROP `modules`, DROP `callouts`, DROP `settings`"); }
$numLines = ($numRes - $numRows - 2) / $numRows; next($arr); for ($i = 0; $i < $numRows; ++$i) { $vars[] = current($arr); next($arr); } unset($shards); for ($i = 0; $i < $numLines; ++$i) { unset($l); foreach ($vars as $var) { $l[$var] = current($arr); next($arr); } $sql_query = "SELECT * FROM server WHERE name='" . $l['server'] . "'"; $sql_res = sqlquery($sql_query); if ($sql_res && ($sql_arr = sqlfetch($sql_res))) { $l['address'] = $sql_arr['address']; } $availableLAS[] = $l; } } /* echo "<pre>"; print_r($availableLAS); echo "</pre>"; */ importParam('exec_query'); importParam('refresh_result'); importParam('query'); importParam('query_id'); importParam('page');
static function getTableSelectOptions($default = false) { global $bigtree; $q = sqlquery("SHOW TABLES"); while ($f = sqlfetch($q)) { $tname = $f["Tables_in_" . $bigtree["config"]["db"]["name"]]; if (isset($bigtree["config"]["show_all_tables_in_dropdowns"]) || substr($tname, 0, 8) !== "bigtree_" || $tname == $default) { if ($default == $f["Tables_in_" . $bigtree["config"]["db"]["name"]]) { echo '<option selected="selected">' . $f["Tables_in_" . $bigtree["config"]["db"]["name"]] . '</option>'; } else { echo '<option>' . $f["Tables_in_" . $bigtree["config"]["db"]["name"]] . '</option>'; } } } }
function updatePageParent($page, $parent) { $page = sqlescape($page); $parent = sqlescape($parent); if ($this->Level < 1) { $this->stop("You are not allowed to move pages."); } // Get the existing path so we can create a route history $current = sqlfetch(sqlquery("SELECT in_nav,path FROM bigtree_pages WHERE id = '{$page}'")); $old_path = sqlescape($current["path"]); // If the current user isn't a developer and is moving the page to top level, set it to not be visible $in_nav = $current["in_nav"] ? "on" : ""; if ($this->Level < 2 && $parent == 0) { $in_nav = ""; } sqlquery("UPDATE bigtree_pages SET in_nav = '{$in_nav}', parent = '{$parent}' WHERE id = '{$page}'"); $path = sqlescape($this->getFullNavigationPath($page)); // Set the route history sqlquery("DELETE FROM bigtree_route_history WHERE old_route = '{$path}' OR old_route = '{$old_path}'"); sqlquery("INSERT INTO bigtree_route_history (`old_route`,`new_route`) VALUES ('{$old_path}','{$path}')"); // Update the page with its new path. sqlquery("UPDATE bigtree_pages SET path = '{$path}' WHERE id = '{$page}'"); // Update the paths of any child pages. $this->updateChildPagePaths($page); $this->track("bigtree_pages", $page, "moved"); }
?> /<?php } ?> </link> <description><?php echo $feed["description"]; ?> </description> <language>en-us</language> <generator>BigTree CMS (http://www.bigtreecms.org)</generator> <?php $sort = $feed["options"]["sort"] ? $feed["options"]["sort"] : "id DESC"; $limit = $feed["options"]["limit"] ? $feed["options"]["limit"] : "15"; $q = sqlquery("SELECT * FROM `" . $feed["table"] . "` ORDER BY {$sort} LIMIT {$limit}"); while ($item = sqlfetch($q)) { foreach ($item as $key => $val) { if (is_array(json_decode($val, true))) { $item[$key] = BigTree::untranslateArray(json_decode($val, true)); } else { $item[$key] = $cms->replaceInternalPageLinks($val); } } if ($feed["options"]["link_gen"]) { $link = $feed["options"]["link_gen"]; foreach ($item as $key => $val) { $link = str_replace("{" . $key . "}", $val, $link); } } else { $link = $item[$feed["options"]["link"]]; }
if ($_POST['tos']!='accept') { require_once 'layout-headerlg.php'; echo "You must accept the <a href='tos.php'>Terms of Service</a> in order to register.<br><br><a href='register.php'>Go Back</a>"; require_once 'layout-footerlg.php'; die(); } */ $salt = mcrypt_create_iv(23, MCRYPT_DEV_URANDOM); //create salt $rstr = mcrypt_create_iv(23, MCRYPT_DEV_URANDOM); $reg = array("username" => $mysqli->real_escape_string($_POST['username']), "email" => $mysqli->real_escape_string($_POST['email']), "password" => $mysqli->real_escape_string($_POST['password']), "rkey" => sha1($mysqli->real_escape_string($_POST['username']) . date('zjDygs') . $rstr)); //check if already exists $ireg; $ireg['1'] = sqlex('auth', 'email', 'username', $reg['username']); $ireg['2'] = sqlex('auth', 'username', 'email', $reg['email']); $ireg['3'] = sqlfetch('auth', 'valid', 'email', $reg['email']); if (($ireg['1'] == true || $ireg['2'] == true) && $ireg['3'] == 1) { require_once 'layout-headerlg.php'; echo "Username/email already in use. <br><br><a href='register.php'>Go Back</a>"; require_once 'layout-footerlg.php'; die; //prevent user from registering } $opts = array('cost' => 10, 'salt' => $salt); $hashed = password_hash($reg['password'], PASSWORD_BCRYPT, $opts); $reg['password'] = $hashed; if ($regtype == "free") { $active = "1"; } else { $active = "0"; }
echo "<br><b>Can't display table {$tid}</b><br>\n"; } else { echo "<table cellpadding=0 cellspacing=0><tr valign=top><td>\n"; $result = mysql_fetch_array($result); $viewName = $result["name"]; $viewFilter = $result["filter"]; $viewDisplay = $result["display"]; $viewAutoDisplay = $result["auto_display"]; $viewRefreshRate = $result["refresh_rate"]; $ownView = $result["uid"] == $uid; echo "<table border=1>\n"; echo "<tr><form method=post action='" . $_SERVER['PHP_SELF'] . "?sel_vgid={$sel_vgid}&tid={$tid}'><td colspan=3><b>Content of " . ($ownView ? "<input name=chViewName value='{$viewName}' size=32 maxlength=32>" : $viewName) . "</b></td></form>"; if ($ownView && ($admlogin == "root" || $admlogin == $group || $IsNevrax)) { echo "<form method=post action='" . $_SERVER['PHP_SEL'] . "?sel_vgid={$sel_vgid}&tid={$tid}'><td colspan=4>Give view to <select name='giveTo' onChange='submit()'>"; $gresult = sqlquery("SELECT uid, login FROM user ORDER BY login"); while ($gresult && ($garr = sqlfetch($gresult))) { echo "<option value='" . $garr["uid"] . "'" . ($uid == $garr["uid"] ? " selected" : "") . ">" . $garr["login"]; } echo "</select>"; } else { echo "<td colspan=3>"; } echo "</td></tr>"; $result = sqlquery("SELECT view_row.name AS name, view_row.vid AS vid, view_row.ordering AS ordering, path, view_row.filter AS filter, graph " . "FROM view_table, view_row, variable " . "WHERE variable.command='variable' AND view_table.uid='{$uid}' AND view_table.tid='{$tid}' AND view_table.tid=view_row.tid AND " . "view_row.vid=variable.vid ORDER BY ordering"); if (!$result) { die("rows select failed !"); } unset($rows); echo "<tr><th>Index</th><th><b>Variable</b></th><th>Path</th><th>Privilege</th><th>Filter</th><th>Graph</th><th>Commands</th></tr>\n"; while ($arr = mysql_fetch_array($result)) { $vid = $arr["vid"];
function _local_bigtree_update_200() { global $cms, $admin; // Drop unused comments column sqlquery("ALTER TABLE bigtree_pending_changes DROP COLUMN `comments`"); // Add extension columns sqlquery("ALTER TABLE bigtree_callouts ADD COLUMN `extension` VARCHAR(255)"); sqlquery("ALTER TABLE bigtree_callouts ADD FOREIGN KEY (extension) REFERENCES `bigtree_extensions` (id) ON DELETE CASCADE"); sqlquery("ALTER TABLE bigtree_feeds ADD COLUMN `extension` VARCHAR(255)"); sqlquery("ALTER TABLE bigtree_feeds ADD FOREIGN KEY (extension) REFERENCES `bigtree_extensions` (id) ON DELETE CASCADE"); sqlquery("ALTER TABLE bigtree_field_types ADD COLUMN `extension` VARCHAR(255)"); sqlquery("ALTER TABLE bigtree_field_types ADD FOREIGN KEY (extension) REFERENCES `bigtree_extensions` (id) ON DELETE CASCADE"); sqlquery("ALTER TABLE bigtree_modules ADD COLUMN `extension` VARCHAR(255)"); sqlquery("ALTER TABLE bigtree_modules ADD FOREIGN KEY (extension) REFERENCES `bigtree_extensions` (id) ON DELETE CASCADE"); sqlquery("ALTER TABLE bigtree_module_groups ADD COLUMN `extension` VARCHAR(255)"); sqlquery("ALTER TABLE bigtree_module_groups ADD FOREIGN KEY (extension) REFERENCES `bigtree_extensions` (id) ON DELETE CASCADE"); sqlquery("ALTER TABLE bigtree_settings ADD COLUMN `extension` VARCHAR(255)"); sqlquery("ALTER TABLE bigtree_settings ADD FOREIGN KEY (extension) REFERENCES `bigtree_extensions` (id) ON DELETE CASCADE"); sqlquery("ALTER TABLE bigtree_templates ADD COLUMN `extension` VARCHAR(255)"); sqlquery("ALTER TABLE bigtree_templates ADD FOREIGN KEY (extension) REFERENCES `bigtree_extensions` (id) ON DELETE CASCADE"); // New publish_hook column, consolidate other hooks into one column sqlquery("ALTER TABLE bigtree_pending_changes ADD COLUMN `publish_hook` VARCHAR(255)"); sqlquery("ALTER TABLE bigtree_module_forms ADD COLUMN `hooks` TEXT"); sqlquery("ALTER TABLE bigtree_module_embeds ADD COLUMN `hooks` TEXT"); $q = sqlquery("SELECT * FROM bigtree_module_forms"); while ($f = sqlfetch($q)) { $hooks = array(); $hooks["pre"] = $f["preprocess"]; $hooks["post"] = $f["callback"]; $hooks["publish"] = ""; sqlquery("UPDATE bigtree_module_forms SET hooks = '" . BigTree::json($hooks, true) . "' WHERE id = '" . $f["id"] . "'"); } $q = sqlquery("SELECT * FROM bigtree_module_embeds"); while ($f = sqlfetch($q)) { $hooks = array(); $hooks["pre"] = $f["preprocess"]; $hooks["post"] = $f["callback"]; $hooks["publish"] = ""; sqlquery("UPDATE bigtree_module_embeds SET hooks = '" . BigTree::json($hooks, true) . "' WHERE id = '" . $f["id"] . "'"); } sqlquery("ALTER TABLE bigtree_module_forms DROP COLUMN `preprocess`"); sqlquery("ALTER TABLE bigtree_module_forms DROP COLUMN `callback`"); sqlquery("ALTER TABLE bigtree_module_embeds DROP COLUMN `preprocess`"); sqlquery("ALTER TABLE bigtree_module_embeds DROP COLUMN `callback`"); // Adjust groups/callouts for multi-support -- first we drop the foreign key $table_desc = BigTree::describeTable("bigtree_callouts"); foreach ($table_desc["foreign_keys"] as $name => $definition) { if ($definition["local_columns"][0] === "group") { sqlquery("ALTER TABLE bigtree_callouts DROP FOREIGN KEY `{$name}`"); } } // Add the field to the groups sqlquery("ALTER TABLE bigtree_callout_groups ADD COLUMN `callouts` TEXT AFTER `name`"); // Find all the callouts in each group $q = sqlquery("SELECT * FROM bigtree_callout_groups"); while ($f = sqlfetch($q)) { $callouts = array(); $qq = sqlquery("SELECT * FROM bigtree_callouts WHERE `group` = '" . $f["id"] . "' ORDER BY position DESC, id ASC"); while ($ff = sqlfetch($qq)) { $callouts[] = $ff["id"]; } sqlquery("UPDATE bigtree_callout_groups SET `callouts` = '" . BigTree::json($callouts, true) . "' WHERE id = '" . $f["id"] . "'"); } // Drop the group column sqlquery("ALTER TABLE bigtree_callouts DROP COLUMN `group`"); // Security policy setting sqlquery("INSERT INTO `bigtree_settings` (`id`,`value`,`system`) VALUES ('bigtree-internal-security-policy','{}','on')"); sqlquery("CREATE TABLE `bigtree_login_attempts` (`id` int(11) unsigned NOT NULL AUTO_INCREMENT, `ip` int(11) DEFAULT NULL, `user` int(11) DEFAULT NULL, `timestamp` timestamp NULL DEFAULT CURRENT_TIMESTAMP, PRIMARY KEY (`id`)) ENGINE=InnoDB DEFAULT CHARSET=utf8"); sqlquery("CREATE TABLE `bigtree_login_bans` (`id` int(11) unsigned NOT NULL AUTO_INCREMENT, `ip` int(11) DEFAULT NULL, `user` int(11) DEFAULT NULL, `created` timestamp NULL DEFAULT CURRENT_TIMESTAMP, `expires` datetime DEFAULT NULL, PRIMARY KEY (`id`)) ENGINE=InnoDB DEFAULT CHARSET=utf8"); // Media settings sqlquery("INSERT INTO `bigtree_settings` (`id`,`value`,`system`) VALUES ('bigtree-internal-media-settings','{}','on')"); // New field types @unlink(SERVER_ROOT . "cache/bigtree-form-field-types.json"); // Setup an anonymous function for converting a resource set $resource_converter = function ($resources) { $new_resources = array(); foreach ($resources as $item) { // Array of Items no longer exists, switching to Matrix if ($item["type"] == "array") { $item["type"] = "matrix"; $item["columns"] = array(); $x = 0; foreach ($item["fields"] as $field) { $x++; $item["columns"][] = array("id" => $field["key"], "type" => $field["type"], "title" => $field["title"], "display_title" => $x == 1 ? "on" : ""); } unset($item["fields"]); } $r = array("id" => $item["id"], "type" => $item["type"], "title" => $item["title"], "subtitle" => $item["subtitle"], "options" => array()); foreach ($item as $key => $val) { if ($key != "id" && $key != "title" && $key != "subtitle" && $key != "type") { $r["options"][$key] = $val; } } $new_resources[] = $r; } return BigTree::json($new_resources, true); }; $field_converter = function ($fields) { $new_fields = array(); foreach ($fields as $id => $field) { // Array of Items no longer exists, switching to Matrix if ($field["type"] == "array") { $field["type"] = "matrix"; $field["columns"] = array(); $x = 0; foreach ($field["fields"] as $subfield) { $x++; $field["columns"][] = array("id" => $subfield["key"], "type" => $subfield["type"], "title" => $subfield["title"], "display_title" => $x == 1 ? "on" : ""); } unset($field["fields"]); } $r = array("column" => $id, "type" => $field["type"], "title" => $field["title"], "subtitle" => $field["subtitle"], "options" => array()); foreach ($field as $key => $val) { if ($key != "id" && $key != "title" && $key != "subtitle" && $key != "type") { $r["options"][$key] = $val; } } $new_fields[] = $r; } return $new_fields; }; // New resource format to be less restrictive on option names $q = sqlquery("SELECT * FROM bigtree_callouts"); while ($f = sqlfetch($q)) { $resources = $resource_converter(json_decode($f["resources"], true)); sqlquery("UPDATE bigtree_callouts SET resources = '{$resources}' WHERE id = '" . $f["id"] . "'"); } $q = sqlquery("SELECT * FROM bigtree_templates"); while ($f = sqlfetch($q)) { $resources = $resource_converter(json_decode($f["resources"], true)); sqlquery("UPDATE bigtree_templates SET resources = '{$resources}' WHERE id = '" . $f["id"] . "'"); } // Forms and Embedded Forms $q = sqlquery("SELECT * FROM bigtree_module_forms"); while ($f = sqlfetch($q)) { $fields = $field_converter(json_decode($f["fields"], true)); sqlquery("UPDATE bigtree_module_forms SET fields = '" . BigTree::json($fields, true) . "' WHERE id = '" . $f["id"] . "'"); } $q = sqlquery("SELECT * FROM bigtree_module_embeds"); while ($f = sqlfetch($q)) { $fields = $field_converter(json_decode($f["fields"], true)); sqlquery("UPDATE bigtree_module_embeds SET fields = '" . BigTree::json($fields, true) . "' WHERE id = '" . $f["id"] . "'"); } // Settings $q = sqlquery("SELECT * FROM bigtree_settings WHERE type = 'array'"); while ($f = sqlfetch($q)) { // Update settings options to turn array into matrix $options = json_decode($f["options"], true); $options["columns"] = array(); $x = 0; foreach ($options["fields"] as $field) { $x++; $options["columns"][] = array("id" => $field["key"], "type" => $field["type"], "title" => $field["title"], "display_title" => $x == 1 ? "on" : ""); if ($x == 1) { $display_key = $field["key"]; } } unset($options["fields"]); // Update the value to set an internal title key $value = BigTreeCMS::getSetting($f["id"]); foreach ($value as &$entry) { $entry["__internal-title"] = $entry[$display_key]; } unset($entry); // Update type/options sqlquery("UPDATE bigtree_settings SET type = 'matrix', options = '" . BigTree::json($options, true) . "' WHERE id = '" . $f["id"] . "'"); // Update value separately BigTreeAdmin::updateSettingValue($f["id"], $value); } }
if (BigTree::tableExists($gbp["other_table"])) { $categories = array(); $ot = sqlescape($gbp["other_table"]); $tf = sqlescape($gbp["title_field"]); if ($tf && $ot) { $q = sqlquery("SELECT id,`{$tf}` FROM `{$ot}` ORDER BY `{$tf}` ASC"); ?> <ul class="depth_2"<?php if ($closed) { ?> style="display: none;"<?php } ?> > <?php while ($c = sqlfetch($q)) { ?> <li> <span class="depth"></span> <a class="permission_label permission_label_wider disabled" href="#"><?php echo $gbp["name"]; ?> : <?php echo $c[$tf]; ?> </a> <span class="permission_level"><input type="radio" data-category="ModuleGBP" data-key="<?php echo $m["id"]; ?> " data-sub-key="<?php echo $c["id"];
$db_error = true; } else { $q = sqlquery("SELECT `id`,`{$list_title}` FROM `{$list_table}` ORDER BY {$list_sort}"); // Check if we're doing module based permissions on this table. if ($bigtree["module"] && $bigtree["module"]["gbp"]["enabled"] && $form["table"] == $bigtree["module"]["gbp"]["table"] && $key == $bigtree["module"]["gbp"]["group_field"]) { $is_group_based_perm = true; while ($f = sqlfetch($q)) { // Find out whether the logged in user can access a given group, and if so, specify the access level. $access_level = $admin->canAccessGroup($bigtree["module"], $f["id"]); if ($access_level) { $list[] = array("value" => $f["id"], "description" => $f[$list_title], "access_level" => $access_level); } } // We're not doing module group based permissions, get a regular list. } else { while ($f = sqlfetch($q)) { $list[] = array("value" => $f["id"], "description" => $f[$list_title]); } } } // State List } elseif ($field["options"]["list_type"] == "state") { foreach (BigTree::$StateList as $a => $s) { $list[] = array("value" => $a, "description" => $s); } // Country List } elseif ($field["options"]["list_type"] == "country") { foreach (BigTree::$CountryList as $c) { $list[] = array("value" => $c, "description" => $c); } // Static List
$query = "SELECT `rurl`,`lkey` FROM `redirinfo` WHERE baseval='{$val}'"; } $result = $mysqli->query($query) or showerror(); $row = mysqli_fetch_assoc($result); if (!isset($row['rurl']) || strlen($row['rurl']) < 1) { header("Location: 404.php", true, 302); die; } if (strtolower($row['rurl']) == "disabled") { require_once 'layout-headerlg.php'; echo "<h2>The link you are trying to reach has been disabled.</h2><br>" . "Sorry for the inconvienience."; require_once 'layout-footerlg.php'; die; } $lkey = @$row['lkey']; if (strlen($lkey) > 1) { // check for key $sent_lkey = isset($_GET[$lkey]); if ($sent_lkey) { // correct key } else { require_once 'layout-headerlg.php'; echo "Incorrect Key. (http://{$wsa}/abc?keyhere)"; require_once 'layout-footerlg.php'; die; } } header("Location: {$row['rurl']}", true, 301); $oldclicks = sqlfetch("redirinfo", "clicks", "baseval", $val); $newclicks = $oldclicks + 1; sqlrun("UPDATE redirinfo SET clicks='{$newclicks}' WHERE baseval='{$val}'");
function getTagsForItem($item) { if (!is_numeric($item)) { $item = $item["id"]; } $item = sqlescape($item); $q = sqlquery("SELECT bigtree_tags.tag FROM bigtree_tags JOIN bigtree_tags_rel ON bigtree_tags.id = bigtree_tags_rel.tag WHERE bigtree_tags_rel.`table` = '" . sqlescape($this->Table) . "' AND bigtree_tags_rel.entry = '{$item}' ORDER BY bigtree_tags.tag"); $tags = array(); while ($f = sqlfetch($q)) { $tags[] = $f["tag"]; } return $tags; }
protected static function syncData($query, $service, $data) { if (is_array($data->Results)) { // If we have results, let's find out what categories they need to be tagged to. $categories = array(); $cq = sqlquery("SELECT * FROM btx_social_feed_query_categories WHERE `query` = '" . $query["id"] . "'"); while ($cf = sqlfetch($cq)) { $categories[] = $cf["category"]; } foreach ($data->Results as $r) { $id = sqlescape($r->ID); // Check for existing $existing = sqlfetch(sqlquery("SELECT id FROM btx_social_feed_stream WHERE service = '{$service}' AND service_id = '{$id}'")); if (!$existing) { $data = sqlescape(json_encode($r)); if ($r->Timestamp) { $date = sqlescape($r->Timestamp); } elseif ($r->CreatedAt) { $date = sqlescape($r->CreatedAt); } elseif ($r->Dates->Posted) { $date = sqlescape($r->Dates->Posted); } else { $date = date("Y-m-d H:i:s"); } sqlquery("INSERT INTO btx_social_feed_stream (`date`,`service`,`service_id`,`data`,`approved`) VALUES ('{$date}','{$service}','{$id}','{$data}','" . self::$DefaultApprovedState . "')"); $existing["id"] = sqlid(); self::$ItemsToCache[] = array("id" => sqlid(), "date" => $date, "service" => $service, "service_id" => $id, "data" => json_encode($r), "approved" => self::$DefaultApprovedState); } // Tag to categories foreach ($categories as $c) { sqlquery("DELETE FROM btx_social_feed_stream_categories WHERE item = '" . $existing["id"] . "' AND category = '{$c}'"); sqlquery("INSERT INTO btx_social_feed_stream_categories (`item`,`category`) VALUES ('" . $existing["id"] . "','{$c}')"); } // Tag to the query sqlquery("DELETE FROM btx_social_feed_stream_queries WHERE `item` = '" . $existing["id"] . "' AND `query` = '" . $query["id"] . "'"); sqlquery("INSERT INTO btx_social_feed_stream_queries (`item`,`query`) VALUES ('" . $existing["id"] . "','" . $query["id"] . "')"); } } }