function validateToken()
{
global $xoopsSecurity;
if (class_exists('XoopsMultiTokenHandler')) {
if (!XoopsMultiTokenHandler::quickValidate(XOOPS_TOKEN_DEFAULT)) {
return false;
}
} elseif (is_object($xoopsSecurity)) {
if (!$xoopsSecurity->validateToken()) {
return false;
}
}
return true;
}
function validateToken($tokenValue = false, $clearIfValid = true)
{
if (false !== $tokenValue) {
$handler = new XoopsSingleTokenHandler();
$token =& $handler->fetch(XOOPS_TOKEN_DEFAULT);
if ($token->validate($tokenValue)) {
if ($clearIfValid) {
$handler->unregister($token);
}
return true;
} else {
$this->setErrors('No token found');
return false;
}
}
return XoopsMultiTokenHandler::quickValidate(XOOPS_TOKEN_DEFAULT, $clearIfValid);
}
if ($rank_special == 1) {
$sql = "INSERT INTO " . $db->prefix("ranks") . " (rank_id, rank_title, rank_min, rank_max, rank_special, rank_image) VALUES ({$newid}, " . $db->quoteString($rank_title) . ", -1, -1, 1, " . $db->quoteString($rank_image) . ")";
} else {
$sql = "INSERT INTO " . $db->prefix("ranks") . " (rank_id, rank_title, rank_min, rank_max, rank_special, rank_image) VALUES ({$newid}, " . $db->quoteString($rank_title) . ", " . intval($_POST['rank_min']) . " , " . intval($_POST['rank_max']) . " , 0, " . $db->quoteString($rank_image) . ")";
}
if (!$db->query($sql)) {
xoops_cp_header();
xoops_error('Failed storing rank data into the database');
xoops_cp_footer();
} else {
redirect_header("admin.php?fct=userrank&op=RankForumAdmin", 1, _AM_DBUPDATED);
}
break;
case "RankForumSave":
$rank_id = isset($_POST['rank_id']) ? intval($_POST['rank_id']) : 0;
if ($rank_id <= 0 || !XoopsMultiTokenHandler::quickValidate('userrank_RankForumSave')) {
redirect_header("admin.php?fct=userrank");
}
$db =& Database::getInstance();
$myts =& MyTextSanitizer::getInstance();
$rank_special = isset($_POST['rank_special']) && intval($_POST['rank_special']) ? 1 : 0;
$rank_title = $myts->stripSlashesGPC($_POST['rank_title']);
$delete_old_image = false;
include_once XOOPS_ROOT_PATH . '/class/uploader.php';
$uploader = new XoopsMediaUploader(XOOPS_UPLOAD_PATH, array('image/gif', 'image/jpeg', 'image/pjpeg', 'image/x-png'), 100000, 120, 120);
$uploader->setAllowedExtensions(array('gif', 'jpeg', 'jpg', 'png'));
$uploader->setPrefix('rank');
if ($uploader->fetchMedia($_POST['xoops_upload_file'][0])) {
if ($uploader->upload()) {
$rank_image = $uploader->getSavedFileName();
$delete_old_image = true;
unset($avatar_weight[$i]);
unset($avatar_display[$i]);
}
if (count($error) > 0) {
xoops_cp_header();
foreach ($error as $err) {
echo $err . '<br />';
}
xoops_cp_footer();
exit;
}
}
redirect_header('admin.php?fct=avatars', 2, _MD_AM_DBUPDATED);
}
if ($op == 'addfile') {
if (!XoopsMultiTokenHandler::quickValidate('avatars_addfile')) {
xoops_cp_header();
xoops_error('Ticket Error');
xoops_cp_footer();
exit;
}
include_once XOOPS_ROOT_PATH . '/class/uploader.php';
$uploader = new XoopsMediaUploader(XOOPS_UPLOAD_PATH, array('image/gif', 'image/jpeg', 'image/pjpeg', 'image/x-png', 'image/png'), 500000);
$uploader->setAllowedExtensions(array('gif', 'jpeg', 'jpg', 'png'));
$uploader->setPrefix('savt');
$err = array();
$ucount = count($_POST['xoops_upload_file']);
for ($i = 0; $i < $ucount; $i++) {
if ($uploader->fetchMedia($_POST['xoops_upload_file'][$i])) {
if (!$uploader->upload()) {
$err[] = $uploader->getErrors();
$areaObject =& $areaHandler->create();
$areaObject->setFormVars($_POST, '');
if (!$areaHandler->insert($areaObject, false, true)) {
include XOOPS_ROOT_PATH . '/header.php';
$areaObject->setFormVars($_POST, '');
$areaObject->defineFormElementsForGMap();
$area_form = $areaObject->renderEditForm("New", "gareaedit", XOOPS_URL . "/modules/mygmap/area.php", 1);
showAreaForm($area_form, floatval($_POST['mygmap_area_lat']), floatval($_POST['mygmap_area_lng']), intval($_POST['mygmap_area_zoom']), $areaHandler->getErrors());
include XOOPS_ROOT_PATH . '/footer.php';
}
redirect_header(XOOPS_URL . "/modules/mygmap/", 1, '');
exit;
break;
case 'save':
if (class_exists('XoopsMultiTokenHandler')) {
if (!XoopsMultiTokenHandler::quickValidate('gareaedit_save')) {
redirect_header(XOOPS_URL . "/modules/mygmap/", 1, 'Token Error');
}
}
if (isset($_POST['mygmap_area_id'])) {
$area_id = intval($_POST['mygmap_area_id']);
if ($areaObject =& $areaHandler->get($area_id)) {
$areaObject->setFormVars($_POST, '');
if (!$areaHandler->insert($areaObject, false, true)) {
include XOOPS_ROOT_PATH . '/header.php';
$areaObject->setFormVars($_POST, '');
$areaObject->defineFormElementsForGMap();
$area_form = $areaObject->renderEditForm("Edit", "gareaedit", XOOPS_URL . "/modules/mygmap/area.php", 1);
showAreaForm($area_form, floatval($_POST['mygmap_area_lat']), floatval($_POST['mygmap_area_lng']), intval($_POST['mygmap_area_zoom']), $areaHandler->getErrors());
include XOOPS_ROOT_PATH . '/footer.php';
exit;
function xoops_confirm_validate()
{
return XoopsMultiTokenHandler::quickValidate(XOOPS_TOKEN_DEFAULT);
}
}
if (!isset($_POST['op']) || $_POST['op'] == "sendform") {
$token =& XoopsMultiTokenHandler::quickCreate('misc_sendform');
$yname = $xoopsUser->getVar("uname", 'e');
$ymail = $xoopsUser->getVar("email", 'e');
$fname = "";
$fmail = "";
printCheckForm();
echo '</head><body>
<form action="' . XOOPS_URL . '/misc.php" method="post" onsubmit="return checkForm();"><table width="100%" class="outer" cellspacing="1"><tr><th colspan="2">' . _MSC_RECOMMENDSITE . '</th></tr>';
echo $token->getHtml();
echo "<tr><td class='head'>\n <input type='hidden' name='op' value='sendsite' />\n <input type='hidden' name='action' value='showpopups' />\n <input type='hidden' name='type' value='friend' />\n";
echo _MSC_YOURNAMEC . "</td><td class='even'><input type='text' name='yname' value='{$yname}' id='yname' /></td></tr>\n <tr><td class='head'>" . _MSC_YOUREMAILC . "</td><td class='odd'><input type='text' name='ymail' value='" . $ymail . "' id='ymail' /></td></tr>\n <tr><td class='head'>" . _MSC_FRIENDNAMEC . "</td><td class='even'><input type='text' name='fname' value='{$fname}' id='fname' /></td></tr>\n <tr><td class='head'>" . _MSC_FRIENDEMAILC . "</td><td class='odd'><input type='text' name='fmail' value='{$fmail}' id='fmail' /></td></tr>\n <tr><td class='head'> </td><td class='even'><input type='submit' value='" . _SEND . "' /> <input value='" . _CLOSE . "' type='button' onclick='javascript:window.close();' /></td></tr>\n </table></form>\n";
$closebutton = 0;
} elseif ($_POST['op'] == "sendsite") {
if (!XoopsMultiTokenHandler::quickValidate('misc_sendform')) {
exit;
}
$myts =& MyTextsanitizer::getInstance();
$ymail = $xoopsUser->getVar("email");
if (!isset($_POST['yname']) || trim($_POST['yname']) == "" || $ymail == '' || !isset($_POST['fname']) || trim($_POST['fname']) == "" || !isset($_POST['fmail']) || trim($_POST['fmail']) == '') {
redirect_header(XOOPS_URL . "/misc.php?action=showpopups&type=friend&op=sendform", 2, _MSC_NEEDINFO);
exit;
}
$yname = $myts->stripSlashesGPC(trim($_POST['yname']));
$fname = $myts->stripSlashesGPC(trim($_POST['fname']));
$fmail = $myts->stripSlashesGPC(trim($_POST['fmail']));
if (!checkEmail($fmail) || !checkEmail($ymail) || preg_match("/[\\0-\\31]/", $yname)) {
$errormessage = _MSC_INVALIDEMAIL1 . "<br />" . _MSC_INVALIDEMAIL2 . "";
redirect_header(XOOPS_URL . "/misc.php?action=showpopups&type=friend&op=sendform", 2, $errormessage);
exit;
require_once dirname(dirname(__FILE__)) . '/include/gtickets.php';
require_once XOOPS_ROOT_PATH . '/class/xoopslists.php';
require_once XOOPS_ROOT_PATH . '/class/template.php';
require_once XOOPS_ROOT_PATH . '/class/pagenav.php';
require_once XOOPS_ROOT_PATH . '/class/xoopsform/grouppermform.php';
require_once dirname(dirname(__FILE__)) . '/class/bulletin.php';
require_once dirname(dirname(__FILE__)) . '/class/bulletinTopic.php';
// Sanitizer
$myts =& MyTextSanitizer::getInstance();
// Template
$tpl = new XoopsTpl();
// Determine the operation
$op = isset($_REQUEST['op']) ? $_REQUEST['op'] : 'default';
// Ticket confirmation
if ($op == 'preview' || $op == 'save') {
if (!XoopsMultiTokenHandler::quickValidate('news_admin_submit')) {
$op = 'newarticle';
}
}
// If there are no topics
if ($op == 'form') {
$BTopic = new BulletinTopic($mydirname);
if (!$BTopic->topicExists()) {
redirect_header('index.php?op=topicsmanager', 3, _AM_NO_TOPICS);
exit;
}
}
switch ($op) {
case 'default':
case 'list':
default:
function executeDeleteokOp()
{
if (class_exists('XoopsMultiTokenHandler') && !XoopsMultiTokenHandler::quickValidate(XOOPS_TOKEN_DEFAULT)) {
$this->mErrorMsg = $this->__e('Token Error');
return NBFRAME_ACTION_ERROR;
}
if (!($keys = $this->_requestKeyValue())) {
$this->mErrorMsg = $this->__e('Invalid Request');
return NBFRAME_ACTION_ERROR;
}
$object =& $this->mObjectHandler->get($keys);
if (!is_object($object)) {
$this->mErrorMsg = $this->__e('No Record is found');
return NBFRAME_ACTION_ERROR;
}
if (!$object->checkGroupPerm('write', $this->mBypassAdminCheck)) {
$this->mErrorMsg = $this->__e('Permission Error');
return NBFRAME_ACTION_ERROR;
}
if ($this->mObjectHandler->delete($object)) {
return NBFRAME_ACTION_SUCCESS;
} else {
$this->mErrorMsg = $this->__e('Record Delete Error');
return NBFRAME_ACTION_ERROR;
}
}
function getConfirmView()
{
global $xoopsModuleConfig, $xoopsDB;
$myts =& MyTextSanitizer::getInstance();
if (isset($_POST['cancel'])) {
$base_url = XMOBILE_URL . '/?act=pmessage&sess=' . $this->sessionHandler->getSessionID();
header('Location: ' . $base_url);
exit;
}
// XOOPS Cube 2.1 の場合送信先入力方法を反映する
$send_type = 0;
if (preg_match("/^XOOPS Cube/", XOOPS_VERSION)) {
$module_handler =& xoops_gethandler('module');
$pm_module =& $module_handler->getByDirName('pm');
if (is_object($pm_module)) {
$pm_mid = $pm_module->getVar('mid');
}
$config_handler =& xoops_gethandler('config');
$pm_moduleConfig =& $config_handler->getConfigsByCat(0, $pm_mid);
$send_type = $pm_moduleConfig['send_type'];
}
$this->controller->render->template->assign('send_type', $send_type);
// XOOPS Cube 2.1 の場合送信先入力方法を反映する
$this->controller->render->template->assign('show_edit', true);
$op = $myts->makeTboxData4Show($this->utils->getGetPost('op', ''));
$reply = intval($this->utils->getGetPost('reply', 0));
$delete = intval($this->utils->getGetPost('delete', 0));
$send = intval($this->utils->getGetPost('send', 0));
$send2 = intval($this->utils->getGetPost('send2', 0));
$to_userid = intval($this->utils->getGetPost('to_userid', ''));
$msg_id = intval($this->utils->getGetPost('msg_id', 0));
$subject = $myts->makeTboxData4Save($this->utils->getPost('subject', ''));
$msg_text = $myts->makeTareaData4Save($this->utils->getPost('msg_text', ''), 0, 1, 1);
$session_id = $this->sessionHandler->getSessionID();
$uid = $this->sessionHandler->getUid();
if (isset($_POST['reply'])) {
$reply = 1;
}
if (isset($_POST['delete'])) {
$delete = 1;
}
// 不要?
/*
if(empty($_GET['refresh'] ) && isset($_POST['op']) && $_POST['op'] != 'submit')
{
// $jumpの値はgetLinkUrl()でhtmlspecialchars()を掛けられるので&ではなく&と記述しておく
$jump = '';
if($send == 1)
{
$jump .= 'send='.$send.'';
}
elseif($send2 == 1)
{
$jump .= 'send2='.$send2.'&to_userid='.$to_userid.'';
}
elseif($reply == 1)
{
$jump .= 'reply='.$reply.'&msg_id='.$msg_id.'';
}
$base_url = $this->utils->getLinkUrl($this->controller->getActionState(),null,null,$this->sessionHandler->getSessionID(),$jump);
$this->controller->render->redirectHeader($message,5,$base_url);
exit();
}
*/
if ($uid) {
if ($op == 'submit' && XoopsMultiTokenHandler::quickValidate('pm')) {
$res = $xoopsDB->query('SELECT COUNT(*) FROM ' . $xoopsDB->prefix('users') . ' WHERE uid=' . $to_userid);
list($count) = $xoopsDB->fetchRow($res);
if ($count != 1) {
$base_url = $this->utils->getLinkUrl('pmessage', null, null, $this->sessionHandler->getSessionID());
$this->controller->render->redirectHeader(_MD_XMOBILE_USERNOEXIST . '<br />' . _MD_XMOBILE_PLZTRYAGAIN, 5, $base_url);
exit;
} else {
$pm_handler =& xoops_gethandler('privmessage');
$pm =& $pm_handler->create();
$pm->setVar('subject', $subject);
$pm->setVar('msg_text', $msg_text);
$pm->setVar('to_userid', $to_userid);
$pm->setVar('from_userid', $uid);
if (!$pm_handler->insert($pm)) {
$base_url = $this->utils->getLinkUrl('pmessage', null, null, $this->sessionHandler->getSessionID());
$this->controller->render->redirectHeader($pm->getHtmlErrors(), 5, $base_url);
exit;
} else {
$base_url = $this->utils->getLinkUrl('pmessage', null, null, $this->sessionHandler->getSessionID());
$this->controller->render->redirectHeader(_MD_XMOBILE_PM_MESSAGEPOSTED, 5, $base_url);
exit;
}
}
} elseif ($delete == 1 && XoopsMultiTokenHandler::quickValidate('pm')) {
$pm_handler =& xoops_gethandler('privmessage');
$pm =& $pm_handler->get($msg_id);
if (!is_object($pm) || $pm->getVar('to_userid') != $uid || !$pm_handler->delete($pm)) {
$base_url = $this->utils->getLinkUrl($this->controller->getActionState(), null, null, $this->sessionHandler->getSessionID());
$this->controller->render->redirectHeader(_MD_XMOBILE_DELETE_FAILED, 5, $base_url);
exit;
} else {
$base_url = $this->utils->getLinkUrl($this->controller->getActionState(), null, null, $this->sessionHandler->getSessionID());
$this->controller->render->redirectHeader(_MD_XMOBILE_PM_DELETED, 3, $base_url);
exit;
}
} elseif ($reply == 1 || $send == 1 || $send2 == 1) {
$token =& XoopsMultiTokenHandler::quickCreate('pm');
$pm_uid = '';
$pm_uname = '';
$msg_text = '';
include_once XOOPS_ROOT_PATH . '/include/xoopscodes.php';
if ($reply == 1) {
$pm_handler =& xoops_gethandler('privmessage');
$pm =& $pm_handler->get($msg_id);
if ($pm->getVar('to_userid') == $uid) {
$pm_uname = XoopsUser::getUnameFromId($pm->getVar('from_userid'));
$msg_text = '>' . $pm->getVar('msg_text', 'E');
} else {
unset($pm);
$reply = $send2 = 0;
}
}
if ($reply == 1) {
$pm_uid = $pm->getVar('from_userid');
} elseif ($send2 == 1) {
$pm_uid = $to_userid;
$pm_uname = XoopsUser::getUnameFromId($to_userid);
} else {
$pm_uids = array();
$i = 0;
$result = $xoopsDB->query('SELECT uid, uname FROM ' . $xoopsDB->prefix('users') . ' WHERE level > 0 ORDER BY uname');
while (list($ftouid, $ftouname) = $xoopsDB->fetchRow($result)) {
$pm_uids[$i]['uid'] = $ftouid;
$pm_uids[$i]['uname'] = $myts->makeTboxData4Show($ftouname);
$i++;
}
$this->controller->render->template->assign('pm_uids', $pm_uids);
}
$subject = '';
if ($reply == 1) {
$subject = $pm->getVar('subject', 'E');
if (!preg_match('/^Re:/i', $subject)) {
$subject = 'Re: ' . $subject;
}
}
$base_url = $this->utils->getLinkUrl('pmessage', 'confirm', null, $this->controller->sessionHandler->getSessionID());
$base_url = preg_replace('/&/i', '&', $base_url);
$this->controller->render->template->assign('base_url', $base_url);
$this->controller->render->template->assign('ticket_html', $token->getHtml());
$this->controller->render->template->assign('session_name', session_name());
$this->controller->render->template->assign('session_id', session_id());
$this->controller->render->template->assign('referer_url', $this->getBaseUrl());
$this->controller->render->template->assign('msg_text', $msg_text);
$this->controller->render->template->assign('reply', $reply);
$this->controller->render->template->assign('send2', $send2);
$this->controller->render->template->assign('pm_uid', $pm_uid);
$this->controller->render->template->assign('pm_uname', $pm_uname);
$this->controller->render->template->assign('subject', $subject);
$this->controller->render->template->assign('tarea_cols', $xoopsModuleConfig['tarea_cols']);
$this->controller->render->template->assign('tarea_rows', $xoopsModuleConfig['tarea_rows']);
}
} else {
$base_url = $this->utils->getLinkUrl('register', null, null, $this->sessionHandler->getSessionID());
$message = _MD_XMOBILE_PM_SORRY . '<br /><a href="' . $base_url . '">' . _MD_XMOBILE_REGISTERNOW . '</a>.';
$this->controller->render->redirectHeader($message, 5, $base_url);
}
}
case "addUser":
if (!XoopsMultiTokenHandler::quickValidate('groups_User')) {
system_groups_error("Ticket Error");
}
$member_handler =& xoops_gethandler('member');
$groupid = intval($_POST['groupid']);
if ($groupid > 0) {
$size = count($_POST['uids']);
for ($i = 0; $i < $size; $i++) {
$member_handler->addUserToGroup($_POST['groupid'], $_POST['uids'][$i]);
}
}
redirect_header("admin.php?fct=groups&op=modify&g_id=" . $groupid, 0, _AM_DBUPDATED);
break;
case "delUser":
if (!XoopsMultiTokenHandler::quickValidate('groups_User')) {
system_groups_error("Ticket Error");
}
$groupid = !empty($_POST['groupid']) ? intval($_POST['groupid']) : 0;
if ($groupid > 0) {
$member_handler =& xoops_gethandler('member');
$memstart = isset($_POST['memstart']) ? intval($_POST['memstart']) : 0;
if ($groupid == XOOPS_GROUP_ADMIN) {
if ($member_handler->getUserCountByGroup($groupid) > count($_POST['uids'])) {
$member_handler->removeUsersFromGroup($groupid, $_POST['uids']);
}
} else {
$member_handler->removeUsersFromGroup($groupid, $_POST['uids']);
}
redirect_header('admin.php?fct=groups&op=modify&g_id=' . $groupid . '&memstart=' . $memstart, 0, _AM_DBUPDATED);
}
if (!empty($_POST['pass'])) {
$pass = $myts->stripslashesGPC(trim($_POST['pass']));
}
if (!empty($_POST['url'])) {
$url = $myts->stripslashesGPC(trim($_POST['url']));
}
if (!empty($_POST['bid'])) {
$bid = intval($_POST['bid']);
}
if (!empty($_POST['cid'])) {
$cid = intval($_POST['cid']);
}
change_banner_url_by_client($login, $pass, $cid, $bid, $url);
break;
case "EmailStats":
if (!XoopsMultiTokenHandler::quickValidate('banner_EmailStats')) {
redirect_header("banners.php");
exit;
}
$login = $pass = '';
$bid = $cid = 0;
if (!empty($_GET['login'])) {
$login = $myts->stripslashesGPC(trim($_GET['login']));
}
if (!empty($_GET['pass'])) {
$pass = $myts->stripslashesGPC(trim($_GET['pass']));
}
if (!empty($_GET['bid'])) {
$bid = intval($_GET['bid']);
}
if (!empty($_GET['cid'])) {
$sql = "INSERT INTO " . $db->prefix('group_permission') . " (gperm_groupid, gperm_itemid, gperm_name, gperm_modid) VALUES (" . $groups[$i] . ", " . $newid . ", 'block_read', 1)";
$db->query($sql);
}
redirect_header('admin.php?fct=blocksadmin&t=' . time(), 1, _AM_DBUPDATED);
exit;
}
if ($op == "update") {
$bid = !empty($_POST['bid']) ? intval($_POST['bid']) : 0;
if ($bid <= 0) {
exit;
}
$bcachetime = isset($_POST['bcachetime']) ? intval($_POST['bcachetime']) : 0;
$options = isset($_POST['options']) ? $_POST['options'] : array();
$bcontent = isset($_POST['bcontent']) ? $_POST['bcontent'] : '';
$bctype = isset($_POST['bctype']) ? $_POST['bctype'] : '';
if (empty($_POST['bmodule']) || !XoopsMultiTokenHandler::quickValidate('block')) {
xoops_cp_header();
xoops_error(sprintf(_AM_NOTSELNG, _AM_VISIBLEIN));
xoops_cp_footer();
exit;
}
$myblock = new XoopsBlock($bid);
$myblock->setVar('side', $_POST['bside']);
$myblock->setVar('weight', $_POST['bweight']);
$myblock->setVar('visible', $_POST['bvisible']);
$myblock->setVar('title', $_POST['btitle']);
$myblock->setVar('content', $bcontent);
$myblock->setVar('bcachetime', $bcachetime);
$options_count = count($options);
if ($options_count > 0) {
//Convert array values to comma-separated
redirect_header('admin.php?fct=smilies&op=SmilesAdmin', 2, _AM_DBUPDATED);
} else {
xoops_cp_header();
xoops_error($err);
xoops_cp_footer();
}
break;
case "SmilesEdit":
$id = isset($_GET['id']) ? intval($_GET['id']) : 0;
if ($id > 0) {
SmilesEdit($id);
}
break;
case "SmilesSave":
$id = isset($_POST['id']) ? intval($_POST['id']) : 0;
if ($id <= 0 || !XoopsMultiTokenHandler::quickValidate('smilies_SmilesSave')) {
redirect_header('admin.php?fct=smilies', 3, "Ticket Error");
}
$myts =& MyTextSanitizer::getInstance();
$smile_code = $myts->stripSlashesGPC($_POST['smile_code']);
$smile_desc = $myts->stripSlashesGPC($_POST['smile_desc']);
$smile_display = intval($_POST['smile_display']) > 0 ? 1 : 0;
$db =& Database::getInstance();
if (!empty($_POST['smile_url'])) {
include_once XOOPS_ROOT_PATH . '/class/uploader.php';
$uploader = new XoopsMediaUploader(XOOPS_UPLOAD_PATH, array('image/gif', 'image/jpeg', 'image/pjpeg', 'image/x-png'), 100000, 120, 120);
$uploader->setAllowedExtensions(array('gif', 'jpeg', 'jpg', 'png'));
$uploader->setPrefix('smil');
if ($uploader->fetchMedia($_POST['xoops_upload_file'][0])) {
if (!$uploader->upload()) {
$err = $uploader->getErrors();
}
$hidden = new XoopsFormHidden('conf_ids[]', $config[$i]->getVar('conf_id'));
$form->addElement($ele);
$form->addElement($hidden);
unset($ele);
unset($hidden);
}
$form->addElement(new XoopsFormHidden('op', 'save'));
$form->addElement(new XoopsFormButton('', 'button', _GO, 'submit'));
xoops_cp_header();
$form->display();
xoops_cp_footer();
exit;
}
if ($op == 'save') {
if (!XoopsMultiTokenHandler::quickValidate('preferences')) {
xoops_cp_header();
xoops_error("Token Error");
xoops_cp_footer();
}
require_once XOOPS_ROOT_PATH . '/class/template.php';
$xoopsTpl = new XoopsTpl();
$xoopsTpl->clear_all_cache();
// regenerate admin menu file
xoops_module_write_admin_menu(xoops_module_get_admin_menu());
$count = count($_POST['conf_ids']);
$conf_ids = $_POST['conf_ids'];
$tpl_updated = false;
$theme_updated = false;
$startmod_updated = false;
$lang_updated = false;
if (!empty($_POST['groups'])) {
foreach ($_POST['groups'] as $groupid) {
$member_handler->addUserToGroup(intval($groupid), $newuser->getVar('uid'));
}
}
redirect_header("admin.php?fct=users", 1, _AM_DBUPDATED);
exit;
}
}
}
xoops_cp_header();
xoops_error($adduser_errormsg);
xoops_cp_footer();
break;
case "synchronize":
if (!XoopsMultiTokenHandler::quickValidate('users_synchronize')) {
system_users_error("Ticket Error");
}
synchronize($_POST['id'], $_POST['type']);
break;
case "reactivate":
if (!xoops_confirm_validate()) {
system_users_error("Ticket Error");
}
$uid = !empty($_POST['uid']) ? intval($_POST['uid']) : 0;
if ($uid > 0) {
$result = $xoopsDB->query("UPDATE " . $xoopsDB->prefix("users") . " SET level=1 WHERE uid=" . $uid);
}
redirect_header("admin.php?fct=users&op=modifyUser&uid=" . $uid, 1, _AM_DBUPDATED);
break;
case "mod_users":
$form->addElement(new XoopsFormFile(_IMAGEFILE, 'image_file', $imgcat->getVar('imgcat_maxsize')), true);
$form->addElement(new XoopsFormLabel(_IMGMAXSIZE, $imgcat->getVar('imgcat_maxsize')));
$form->addElement(new XoopsFormLabel(_IMGMAXWIDTH, $imgcat->getVar('imgcat_maxwidth')));
$form->addElement(new XoopsFormLabel(_IMGMAXHEIGHT, $imgcat->getVar('imgcat_maxheight')));
$form->addElement(new XoopsFormHidden('imgcat_id', $imgcat_id));
$form->addElement(new XoopsFormHidden('op', 'doupload'));
$form->addElement(new XoopsFormToken(XoopsMultiTokenHandler::quickCreate('imagemanager')));
$form->addElement(new XoopsFormHidden('target', $target));
$form->addElement(new XoopsFormButton('', 'img_button', _SUBMIT, 'submit'));
$form->assign($xoopsTpl);
$xoopsTpl->assign('lang_close', _CLOSE);
$xoopsTpl->display('db:system_imagemanager2.html');
exit;
}
if ($op == 'doupload') {
if (!XoopsMultiTokenHandler::quickValidate('imagemanager')) {
exit;
}
$image_nicename = isset($_POST['image_nicename']) ? $_POST['image_nicename'] : '';
$xoops_upload_file = isset($_POST['xoops_upload_file']) ? $_POST['xoops_upload_file'] : array();
$target = isset($_POST['target']) ? $_POST['target'] : '';
$imgcat_id = isset($_POST['imgcat_id']) ? intval($_POST['imgcat_id']) : 0;
include_once XOOPS_ROOT_PATH . '/class/uploader.php';
$imgcat_handler =& xoops_gethandler('imagecategory');
$imgcat =& $imgcat_handler->get($imgcat_id);
$error = false;
if (!is_object($imgcat)) {
$error = true;
} else {
$imgcatperm_handler =& xoops_gethandler('groupperm');
if (is_object($xoopsUser)) {
preview_window = openWithSelfMain("", "xoops_system_template_preview", 680, 450, true);
';
$lines = preg_split("/(\r\n|\r|\n)( *)/", $xoopsTpl->fetch('file:' . XOOPS_CACHE_PATH . '/' . $dummyfile));
$xoopsTpl->clear_compiled_tpl('file:' . XOOPS_CACHE_PATH . '/' . $dummyfile);
unlink(XOOPS_CACHE_PATH . '/' . $dummyfile);
foreach ($lines as $line) {
echo 'preview_window.document.writeln("' . str_replace('"', '\\"', $line) . '");';
}
echo '
preview_window.document.close();
//-->
</script>';
}
break;
case 'update':
if (!XoopsMultiTokenHandler::quickValidate('tplsets_update')) {
redirect_header('admin.php?fct=tplsets', 3, 'Ticket Error');
}
$tplset = isset($_POST['tplset']) ? $myts->stripslashesGPC(trim($_POST['tplset'])) : '';
$moddir = $_POST['moddir'];
include_once XOOPS_ROOT_PATH . '/class/uploader.php';
$uploader = new XoopsMediaUploader(XOOPS_UPLOAD_PATH, array('text/html', 'application/x-cdf'), 200000);
$uploader->setAllowedExtensions(array('html', 'htm'));
$uploader->setPrefix('tmp');
$msg = array();
foreach ($_POST['xoops_upload_file'] as $upload_file) {
// '.' is converted to '_' when upload
$upload_file2 = str_replace('.', '_', $upload_file);
if ($uploader->fetchMedia($upload_file2)) {
if (!$uploader->upload()) {
$msg[] = $uploader->getErrors();
$jump = "pmlite.php?refresh=" . time() . "";
if ($send == 1) {
$jump .= "&send=" . $send . "";
} elseif ($send2 == 1) {
$jump .= "&send2=" . $send2 . "&to_userid=" . $to_userid . "";
} elseif ($reply == 1) {
$jump .= "&reply=" . $reply . "&msg_id=" . $msg_id . "";
} else {
}
echo "<html><head><meta http-equiv='Refresh' content='0; url=" . $jump . "' /></head><body></body></html>";
exit;
}
xoops_header();
if ($xoopsUser) {
$myts =& MyTextSanitizer::getInstance();
if (isset($_POST['op']) && $_POST['op'] == "submit" && XoopsMultiTokenHandler::quickValidate('pm')) {
$res = $xoopsDB->query("SELECT COUNT(*) FROM " . $xoopsDB->prefix("users") . " WHERE uid=" . intval($_POST['to_userid']) . "");
list($count) = $xoopsDB->fetchRow($res);
if ($count != 1) {
echo "<br /><br /><div><h4>" . _PM_USERNOEXIST . "<br />";
echo _PM_PLZTRYAGAIN . "</h4><br />";
echo "[ <a href='javascript:history.go(-1)'>" . _PM_GOBACK . "</a> ]</div>";
} else {
$pm_handler =& xoops_gethandler('privmessage');
$pm =& $pm_handler->create();
$pm->setVar("subject", $_POST['subject']);
$pm->setVar("msg_text", $_POST['message']);
$pm->setVar("to_userid", $_POST['to_userid']);
$pm->setVar("from_userid", $xoopsUser->getVar("uid"));
if (!$pm_handler->insert($pm)) {
echo $pm->getHtmlErrors();
}
$db =& Database::getInstance();
$sql = sprintf("DELETE FROM %s WHERE bid = %u", $db->prefix("banner"), $bid);
$db->query($sql);
redirect_header("admin.php?fct=banners&op=BannersAdmin#top", 1, _AM_DBUPDATED);
break;
case "BannerEdit":
$bid = isset($_GET['bid']) ? intval($_GET['bid']) : 0;
if ($bid > 0) {
BannerEdit($bid);
}
break;
case "BannerChange":
$bid = isset($_POST['bid']) ? intval($_POST['bid']) : 0;
$cid = isset($_POST['cid']) ? intval($_POST['cid']) : 0;
if ($cid <= 0 || $bid <= 0 || !XoopsMultiTokenHandler::quickValidate('banners_BannerChange')) {
redirect_header("admin.php?fct=banners&op=BannersAdmin#top");
}
$imageurl = isset($_POST['imageurl']) ? trim($_POST['imageurl']) : '';
$clickurl = isset($_POST['clickurl']) ? trim($_POST['clickurl']) : '';
$imptotal = isset($_POST['imptotal']) ? intval($_POST['imptotal']) : 0;
$impadded = isset($_POST['impadded']) ? intval($_POST['impadded']) : 0;
$htmlbanner = isset($_POST['htmlbanner']) ? intval($_POST['htmlbanner']) : 0;
$htmlcode = isset($_POST['htmlcode']) ? trim($_POST['htmlcode']) : '';
$db =& Database::getInstance();
$myts =& MyTextSanitizer::getInstance();
$sql = sprintf("UPDATE %s SET cid = %d, imptotal = %d, imageurl = %s, clickurl = %s, htmlbanner = %d, htmlcode = %s WHERE bid = %d", $db->prefix("banner"), $cid, $imptotal + $impadded, $db->quoteString($myts->stripSlashesGPC($imageurl)), $db->quoteString($myts->stripSlashesGPC($clickurl)), $htmlbanner, $db->quoteString($myts->stripSlashesGPC($htmlcode)), $bid);
$db->query($sql);
redirect_header("admin.php?fct=banners&op=BannersAdmin#top", 1, _AM_DBUPDATED);
break;
case "BannerClientDelete":
// Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA //
// ------------------------------------------------------------------------ //
// Author: Kazumi Ono (AKA onokazu) //
// URL: http://www.myweb.ne.jp/, http://www.xoops.org/, http://jp.xoops.org/ //
// Project: The XOOPS Project //
// ------------------------------------------------------------------------- //
include 'header.php';
foreach (array('forum', 'topic_id', 'post_id', 'order', 'pid') as $getint) {
${$getint} = isset($_POST[$getint]) ? intval($_POST[$getint]) : 0;
}
$viewmode = isset($_POST['viewmode']) && $_POST['viewmode'] != 'flat' ? 'thread' : 'flat';
if (empty($forum)) {
redirect_header("index.php", 2, _MD_ERRORFORUM);
exit;
} else {
if (!XoopsMultiTokenHandler::quickValidate('newbb_post')) {
redirect_header('index.php', 2, _MD_ERROROCCURED);
exit;
}
$sql = "SELECT forum_type, forum_name, forum_access, allow_html, allow_sig, posts_per_page, hot_threshold, topics_per_page FROM " . $xoopsDB->prefix("bb_forums") . " WHERE forum_id = " . $forum;
if (!($result = $xoopsDB->query($sql))) {
redirect_header('index.php', 2, _MD_ERROROCCURED);
exit;
}
$forumdata = $xoopsDB->fetchArray($result);
if (empty($forumdata['allow_html'])) {
$_POST['nohtml'] = 1;
}
if ($forumdata['forum_type'] == 1) {
// To get here, we have a logged-in user. So, check whether that user is allowed to view
// this private forum.
