/**
  * Performs basic setup and then calls __init
  *
  * Note that all data received via $_POST have magic quotes removed.
  */
 function installbase()
 {
     stringHandler::removeMagicQuotes($_POST);
     Smarty::Smarty();
     $this->_steps = array('prescan', 'install', 'postscan', 'upgrade');
     $this->assign('version', LOQ_CUR_VERSION);
     $this->template_dir = LOQ_INSTALLER . '/templates';
     $this->setCompileDir();
     $this->loadconfiguration();
     $this->__init();
 }
function save_configuration(&$mc)
{
    $curr['CAPTCHA_ENABLE'] = isset($_POST['enable_captcha']) ? 'true' : 'false';
    $curr['CAPTCHA_WIDTH'] = isset($_POST['captcha_width']) ? intval($_POST['captcha_width']) : 200;
    $curr['CAPTCHA_HEIGHT'] = isset($_POST['captcha_height']) ? intval($_POST['captcha_height']) : 50;
    $curr['CAPTCHA_CHARACTERS'] = isset($_POST['captcha_characters']) ? intval($_POST['captcha_characters']) : 5;
    $curr['CAPTCHA_LINES'] = isset($_POST['captcha_lines']) ? intval($_POST['captcha_lines']) : 70;
    $curr['CAPTCHA_ENABLE_SHADOWS'] = isset($_POST['captcha_enable_shadows']) ? 'true' : 'false';
    $curr['CAPTCHA_OWNER_TEXT'] = isset($_POST['captcha_owner_text']) ? 'true' : 'false';
    $curr['CAPTCHA_CHARACTER_SET'] = isset($_POST['captcha_character_set']) ? stringHandler::clean($_POST['captcha_character_set']) : '';
    $curr['CAPTCHA_CASE_INSENSITIVE'] = isset($_POST['captcha_case_insensitive']) ? 'true' : 'false';
    $curr['CAPTCHA_BACKGROUND'] = isset($_POST['captcha_background']) ? $_POST['captcha_background'] : '';
    $curr['CAPTCHA_MIN_FONT'] = isset($_POST['captcha_min_font']) ? intval($_POST['captcha_min_font']) : 16;
    $curr['CAPTCHA_MAX_FONT'] = isset($_POST['captcha_max_font']) ? intval($_POST['captcha_max_font']) : 25;
    $curr['CAPTCHA_USE_COLOR'] = isset($_POST['captcha_use_color']) ? 'true' : 'false';
    $curr['CAPTCHA_GRAPHIC_TYPE'] = isset($_POST['captcha_graphic_type']) ? $_POST['captcha_graphic_type'] : 'jpg';
    $mc->saveConfiguration($curr);
}
 /**
  * Authenticate the user
  * 
  * @param string $user Username
  * @param string $pass Password
  * @param bool   $setcookie If true, set a cookie
  */
 function userauth($user, $pass, $setcookie = FALSE)
 {
     $query = "SELECT `id` FROM `" . T_AUTHORS . "` WHERE `nickname`='" . stringHandler::removeMagicQuotes($user) . "' AND `password`='" . stringHandler::removeMagicQuotes(passwordManager::toSHA1($pass)) . "'";
     $rs = $this->_adb->GetRow($query);
     if ($rs) {
         $_SESSION['user_id'] = $rs[0];
         return true;
     } else {
         return false;
     }
 }
 /**
  * Returns a string cleaned of script tags
  *
  * @access public
  * @param mixed $var Can be a string or an array of strings
  * @return string
  */
 function removeJs($var)
 {
     if (isset($var)) {
         if (!is_array($var)) {
             $search = "/<script[^>]*?>.*?<\\/script\\s*>/i";
             $replace = '';
             $clean = preg_replace($search, $replace, $var);
         } else {
             $clean = array_map(array('stringHandler', 'removeJs'), $var);
         }
     }
     return stringHandler::trimWhitespace($clean);
 }
 *
 * @version $Revision$
 */
if (!defined('IN_LOQUACITY')) {
    include_once './config.php';
}
if ($_SERVER['REQUEST_METHOD'] === 'POST' && $_SERVER['CONTENT_TYPE'] === 'application/x-www-form-urlencoded') {
    $post = null;
    $comment = null;
    if (defined('CLEANURLS')) {
        $url = explode('/', $_SERVER['REQUEST_URI']);
        $num = count($url);
        if ($url[$num - 3] === 'trackback') {
            //a comment id is included
            $post = stringHandler::removeMagicQuotes($url[$num - 2]);
            $comment = stringHandler::removeMagicQuotes($url[$num - 1]);
        } else {
            $post = stringHandler::removeMagicQuotes($url[$num - 1]);
        }
    } else {
        $url = array();
        parse_str(substr($_SERVER['REQUEST_URI'], strpos($_SERVER['REQUEST_URI'], '?') + 1), $url);
        $post = stringHandler::removeMagicQuotes($url['tbpost']);
        if (isset($url['cid'])) {
            $comment = stringHandler::removeMagicQuotes($url['cid']);
        }
    }
    include_once 'includes/trackbackhandler.class.php';
    $th = new trackbackhandler($loq->_adb, $post);
    $th->receiveTrackback($_SERVER['REMOTE_ADDR'], $_POST, $comment);
}
// include  needed files
include_once SMARTY_DIR . 'Smarty.class.php';
include_once LOQ_APP_ROOT . '3rdparty/adodb/adodb.inc.php';
include_once LOQ_APP_ROOT . 'includes/stringhandler.class.php';
include_once LOQ_APP_ROOT . 'includes/confighandler.class.php';
include_once LOQ_APP_ROOT . 'includes/posthandler.class.php';
include_once LOQ_APP_ROOT . 'includes/commenthandler.class.php';
include_once LOQ_APP_ROOT . 'includes/sectionhandler.class.php';
include_once LOQ_APP_ROOT . 'includes/Loquacity.class.php';
include_once LOQ_APP_ROOT . 'includes/templates.php';
//Remove magic quotes
foreach ($_POST as $key => $val) {
    $_POST[$key] = stringHandler::removeMagicQuotes($val);
}
foreach ($_GET as $key => $val) {
    $_GET[$key] = stringHandler::removeMagicQuotes($val);
}
unset($key);
unset($val);
$loq = new Loquacity();
if (defined(C_CAPTCHA_ENABLE) && C_CAPTCHA_ENABLE == 'true') {
    include_once LOQ_APP_ROOT . '3rdparty/captcha/php-captcha.inc.php';
}
/* $mtime = explode(" ",microtime());
$loq->begintime = $mtime[1] + $mtime[0]; */
/* $loq->template_dir = LOQ_APP_ROOT.'templates/'.C_TEMPLATE;
$loq->compile_dir = LOQ_APP_ROOT.'generated/templates/'; */
if (defined('IN_BBLOG_ADMIN')) {
    $loq->compile_id = 'admin';
    $loq->template_dir = LOQ_APP_ROOT . 'includes/admin_templates';
} else {
 /**
  * Performs various transformations on text. Hyperlinks have
  * the redirector added and are wrapped in A tags (if not already wrapped).
  * Special characters are transformed into HTML entities.
  *
  * @param string $comment Comment text
  * @return string
  */
 function processCommentText($comment)
 {
     //Policy: only a, b, i, strong, code, acrynom, blockquote, abbr are allowed
     $comment = stringHandler::removeTags($comment, '<a><b><i><strong><code><acronym><blockquote><abbr>');
     /*if(stringHandler::containsLinks($comment)){
     			$comment = stringHandler::transformLinks($comment);
     		}*/
     //Policy: translate HTML special characters to their HTML entities
     $comment = $this->encodeHTML($comment);
     //Policy: line breaks converted automatically
     return nl2br($comment);
 }
 /**
  * Prepare trackback data for storage in the database
  *
  * @param int   $commentid If supplied, the id of the comment being replied to
  * @return array
  */
 function prepFieldsForDB($commentid = null)
 {
     $replyto = is_null($commentid) ? $commentid : 0;
     /*
      * According to the spec, only URL is required, all else is optional
      */
     $vars['posterwebsite'] = $this->_tbdata['url'];
     /**
      * Policy:
      *   In the interests of spam-blocking, the only hypertext we allow is the
      *   URL of the poster. This is the only deviance from comment handling. This means no URL transformation is performed
      */
     $vars['title'] = isset($this->_tbdata['title']) ? stringHandler::clean($this->_tbdata['title']) : '';
     $vars['commenttext'] = isset($this->_tbdata['excerpt']) ? stringHandler::clean($this->_tbdata['excerpt']) : '';
     $vars['postername'] = isset($this->_tbdata['blog_name']) ? stringHandler::clean($this->_tbdata['blog_name']) : '';
     $vars['posttime'] = strtotime(gmdate("M d Y H:i:s"));
     $vars['ip'] = $this->_ip;
     $vars['postid'] = $this->_post;
     if ($replyto > 0) {
         $vars['parentid'] = $replyto;
     }
     /*
      * Added check for moderation.
      * Follow the same rules as for comments
      */
     $vars['commenttext'] = stringHandler::clean($vars['commenttext']);
     $vars['onhold'] = $this->needsModeration($vars['commenttext']) ? 1 : 0;
     $vars['type'] = 'trackback';
     return $vars;
 }
function admin_plugin_links_run(&$loq)
{
    if (isset($_GET['linkdo'])) {
        $linkdo = $_GET['linkdo'];
    } elseif (isset($_POST['linkdo'])) {
        $linkdo = $_POST['linkdo'];
    } else {
        $linkdo = '';
    }
    $linkdo = strtolower($linkdo);
    switch ($linkdo) {
        case "new":
            $link_name = $_POST['nicename'];
            $link_url = $_POST['url'];
            $link_cat = intval($_POST['category']);
            if (strlen($link_name) > 0 && strlen($link_url) > 0 && $link_cat > 0) {
                $maxposition = $loq->_adb->GetOne("select MAX(position) from `" . T_LINKS . "`");
                $position = $maxposition + 10;
                $stmt = $loq->_adb->Prepare('INSERT INTO `' . T_LINKS . '` VALUES(null, ?, ?, ?, ?)');
                $loq->_adb->Execute($stmt, array($link_name, $link_url, $link_cat, $postition));
            }
            break;
        case "delete":
            // delete link
            $loq->_adb->Execute("delete from " . T_LINKS . " where linkid=" . $_POST['linkid']);
            break;
        case "save":
            // update an existing link
            $loq->_adb->Execute("update " . T_LINKS . "\n                set nicename='" . stringHandler::removeMagicQuotes($_POST['nicename']) . "',\n                url='" . stringHandler::removeMagicQuotes($_POST['url']) . "',\n                category='" . stringHandler::removeMagicQuotes($_POST['category']) . "'\n                where linkid=" . $_POST['linkid']);
            break;
        case "up":
            $loq->_adb->Execute("update " . T_LINKS . " set position=position-15 where linkid=" . $_POST['linkid']);
            reorder_links();
            break;
        case "down":
            $loq->_adb->Execute("update " . T_LINKS . " set position=position+15 where linkid=" . $_POST['linkid']);
            reorder_links();
            break;
        default:
            // show form
            break;
    }
    if (isset($_GET['catdo'])) {
        $catdo = $_GET['catdo'];
    } elseif (isset($_POST['catdo'])) {
        $catdo = $_POST['catdo'];
    } else {
        $catdo = '';
    }
    $catod = strtolower($catdo);
    switch ($catdo) {
        case "new":
            // add new category
            $cat_name = $_POST['name'];
            if (strlen($cat_name) > 0) {
                $stmt = $loq->_adb->Prepare('INSERT INTO `' . T_CATEGORIES . '` VALUES(null, ?)');
                $loq->_adb->Execute($stmt, array($cat_name));
            }
            break;
        case "delete":
            // delete category
            // have to remove all references to the category in the links
            $loq->_adb->Execute("update " . T_LINKS . "\n                set linkid=0 where linkid=" . $_POST['categoryid']);
            // delete the category
            $loq->_adb->Execute("delete from " . T_CATEGORIES . " where categoryid=" . $_POST['categoryid']);
            break;
        case "save":
            // update an existing category
            $loq->_adb->Execute("update " . T_CATEGORIES . "\n                set name='" . $_POST['name'] . "'\n                where categoryid=" . $_POST['categoryid']);
            break;
        default:
            // show form
            break;
    }
    $rs = $loq->_adb->Execute("select * from " . T_CATEGORIES);
    if ($rs !== false && !$rs->EOF) {
        $loq->assign('ecategories', $rs->GetRows(-1));
    }
    $rs = $loq->_adb->GetAll("select * from " . T_LINKS . " order by position");
    if (is_array($rs)) {
        $loq->assign('elinks', $rs);
    }
}
}
$loq->get_modifiers();
$optionformrows = array();
$options = get_options();
if (isset($_POST['submit']) && $_POST['submit'] == 'Save Options') {
    // saving options..
    $updatevars = array();
    foreach ($options as $option) {
        if (!isset($_POST[$option['name']])) {
            break;
        }
        switch ($option['type']) {
            case "text":
            case "email":
            case "url":
                $updatevars[] = array("name" => $option['name'], "value" => stringHandler::clean($_POST[$option['name']]));
                break;
            case "password":
                if ($_POST[$option['name']] != '') {
                    $updatevars[] = array("name" => $option['name'], "value" => md5($_POST[$option['name']]));
                }
                break;
            case "templateselect":
                // make sure we're not being poked.
                if (ereg('^[[:alnum:]]+$', $_POST[$option['name']])) {
                    $updatevars[] = array("name" => $option['name'], "value" => strtolower($_POST[$option['name']]));
                }
                break;
            case "statusselect":
                if ($_POST[$option['name']] == 'live') {
                    $updatevars[] = array("name" => $option['name'], "value" => 'live');