/**
* Saves the site social memberships
*
* @return none
*
*/
function SI_save_site()
{
global $_CONF, $_TABLES;
$retval = '';
$uid = -1;
// use -1 for site items
$cfg =& config::get_instance();
// run through the POST vars to see which ones are set.
$social_services = SOC_followMeProfile($uid);
foreach ($social_services as $service) {
$service_input = $service['service'] . '_username';
if (isset($_POST['$service_input'])) {
$_POST[$service_input] = strip_tags($_POST[$service_input]);
}
}
foreach ($social_services as $service) {
$service_input = $service['service'] . '_username';
$_POST[$service_input] = DB_escapeString($_POST[$service_input]);
if ($_POST[$service_input] != '') {
$sql = "REPLACE INTO {$_TABLES['social_follow_user']} (ssid,uid,ss_username) ";
$sql .= " VALUES (" . (int) $service['service_id'] . "," . $uid . ",'" . $_POST[$service_input] . "');";
DB_query($sql, 1);
} else {
$sql = "DELETE FROM {$_TABLES['social_follow_user']} WHERE ssid = " . (int) $service['service_id'] . " AND uid=" . (int) $uid;
DB_query($sql, 1);
}
}
if (isset($_POST['extra'])) {
$extra = $_POST['extra'];
$cfg->set('social_site_extra', $extra, 'social_internal');
}
CACHE_remove_instance('social_site');
return $retval;
}
/**
* Config Option has changed. (use plugin api)
*
* @return void
*/
function plugin_configchange_article($group, $changes = array())
{
global $_TABLES, $_CONF;
// If trim length changes then need to redo all related url's for articles
if ($group == 'Core' && in_array('whats_related_trim', $changes)) {
$sql = "SELECT sid, introtext, bodytext FROM {$_TABLES['stories']}";
$result = DB_query($sql);
$nrows = DB_numRows($result);
if ($nrows > 0) {
for ($x = 0; $x < $nrows; $x++) {
$A = DB_fetchArray($result);
// Should maybe retrieve through story service but just grab from database and apply any autotags
// This is all the related story column should really need
$fulltext = PLG_replaceTags($A['introtext']) . ' ' . PLG_replaceTags($A['bodytext']);
$related = DB_escapeString(implode("\n", STORY_extractLinks($fulltext, $_CONF['whats_related_trim'])));
if (!empty($related)) {
DB_query("UPDATE {$_TABLES['stories']} SET related = '{$related}' WHERE sid = '{$A['sid']}'");
}
}
}
// For if any articles are being cached
} elseif ($group == 'Core' && (in_array('site_name', $changes) || in_array('contributedbyline', $changes) || in_array('allow_user_photo', $changes) || in_array('article_image_align', $changes) || in_array('related_topics', $changes) || in_array('related_topics_max', $changes) || in_array('allow_page_breaks', $changes) || in_array('page_break_comments', $changes) || in_array('url_rewrite', $changes) || in_array('url_routing', $changes) || in_array('hideviewscount', $changes) || in_array('hideemailicon', $changes) || in_array('loginrequired', $changes) || in_array('emailstoryloginrequired', $changes) || in_array('hideprintericon', $changes))) {
// If any Article options changed then delete all article cache
$cacheInstance = 'article__';
CACHE_remove_instance($cacheInstance);
}
}
/**
* Recursivly deletes all elements and child elements
*
*/
function MB_deleteChildElements($id, $menu_id)
{
global $_CONF, $_TABLES, $_USER;
$sql = "SELECT * FROM {$_TABLES['menu_elements']} WHERE pid=" . (int) $id . " AND menu_id=" . (int) $menu_id;
$aResult = DB_query($sql);
$rowCount = DB_numRows($aResult);
for ($z = 0; $z < $rowCount; $z++) {
$row = DB_fetchArray($aResult);
MB_deleteChildElements($row['id'], $menu_id);
}
$sql = "DELETE FROM " . $_TABLES['menu_elements'] . " WHERE id=" . (int) $id;
DB_query($sql);
CACHE_remove_instance('menu');
}
function saveAlbum()
{
global $_TABLES, $MG_albums;
$this->album_disk_usage = (int) $this->album_disk_usage;
$this->last_update = (int) $this->last_update;
$this->views = (int) $this->views;
$this->enable_keywords = (int) $this->enable_keywords;
$this->title = DB_escapeString($this->title);
$this->description = DB_escapeString($this->description);
$sqlFieldList = 'album_id,album_title,album_desc,album_parent,album_order,skin,hidden,album_cover,album_cover_filename,media_count,album_disk_usage,last_update,album_views,display_album_desc,enable_album_views,image_skin,album_skin,display_skin,enable_comments,exif_display,enable_rating,playback_type,tn_attached,enable_slideshow,enable_random,enable_shutterfly,enable_views,enable_keywords,enable_sort,enable_rss,enable_postcard,albums_first,allow_download,full_display,tn_size,max_image_height,max_image_width,max_filesize,display_image_size,display_rows,display_columns,valid_formats,filename_title,shopping_cart,wm_auto,wm_id,opacity,wm_location,album_sort_order,member_uploads,moderate,email_mod,featured,cbposition,cbpage,owner_id,group_id,mod_group_id,perm_owner,perm_group,perm_members,perm_anon,podcast,mp3ribbon,tnheight,tnwidth,usealternate,rsschildren';
$sqlDataValues = "{$this->id},'{$this->title}','{$this->description}',{$this->parent},{$this->order},'{$this->skin}',{$this->hidden},'{$this->cover}','{$this->cover_filename}',{$this->media_count},{$this->album_disk_usage},{$this->last_update},{$this->views},{$this->display_album_desc},{$this->enable_album_views},'{$this->image_skin}','{$this->album_skin}','{$this->display_skin}',{$this->enable_comments},{$this->exif_display},{$this->enable_rating},{$this->playback_type},{$this->tn_attached},{$this->enable_slideshow},{$this->enable_random},{$this->enable_shutterfly},{$this->enable_views},{$this->enable_keywords},{$this->enable_sort},{$this->enable_rss},{$this->enable_postcard},{$this->albums_first},{$this->allow_download},{$this->full},{$this->tn_size},{$this->max_image_height},{$this->max_image_width},{$this->max_filesize},{$this->display_image_size},{$this->display_rows},{$this->display_columns},{$this->valid_formats},{$this->filename_title},{$this->shopping_cart},{$this->wm_auto},{$this->wm_id},{$this->wm_opacity},{$this->wm_location},{$this->album_sort_order},{$this->member_uploads},{$this->moderate},{$this->email_mod},{$this->featured},{$this->cbposition},'{$this->cbpage}',{$this->owner_id},{$this->group_id},{$this->mod_group_id},{$this->perm_owner},{$this->perm_group},{$this->perm_members},{$this->perm_anon},{$this->podcast},{$this->mp3ribbon},{$this->tnHeight},{$this->tnWidth},{$this->useAlternate},{$this->rssChildren}";
DB_save($_TABLES['mg_albums'], $sqlFieldList, $sqlDataValues);
CACHE_remove_instance('whatsnew');
}
function approve()
{
global $_TABLES, $_TABLES, $_CONF, $myts, $eh, $filemgmt_FileStore, $filemgmt_SnapStore, $filemgmt_Emailoption, $filemgmtFilePermissions;
$lid = (int) COM_applyFilter($_POST['lid'], true);
$title = $_POST['title'];
$cid = intval($_POST['cid']);
if (empty($cid)) {
$cid = 0;
}
$homepage = $_POST['homepage'];
$version = $_POST['version'];
$size = isset($_POST['size']) ? COM_applyFilter($_POST['size'], true) : 0;
$description = $_POST['description'];
if ($_POST['url'] || $_POST['url'] != '') {
$name = $myts->makeTboxData4Save($_POST['url']);
$url = rawurlencode($name);
}
if ($_POST['logourl'] || $_POST['logourl'] != '') {
$shotname = $myts->makeTboxData4Save($_POST['logourl']);
$logourl = $myts->makeTboxData4Save(rawurlencode($_POST['logourl']));
} else {
$logourl = '';
$shotname = '';
}
$result = DB_query("SELECT COUNT(*) FROM {$_TABLES['filemgmt_filedetail']} WHERE url='{$url}' and status=1");
list($numrows) = DB_fetchArray($result);
// Comment out this check if you want to allow duplicate filelistings for same file in the repository
// Check for duplicate files of the same filename (actual filename in repository)
if ($numrows > 0) {
$eh->show("1108");
}
$title = $myts->makeTboxData4Save($title);
$homepage = $myts->makeTboxData4Save($homepage);
$version = $myts->makeTboxData4Save($_POST['version']);
$size = $myts->makeTboxData4Save($size);
$description = $myts->makeTareaData4Save($description);
$commentoption = (int) COM_applyFilter($_POST["commentoption"], true);
// Move file from tmp directory under the document filestore to the main file directory
// Now to extract the temporary names for both the file and optional thumbnail. I've used th platform field which I'm not using now for anything.
$tmpnames = explode(";", DB_getItem($_TABLES['filemgmt_filedetail'], 'platform', "lid='{$lid}'"));
$tmpfilename = $tmpnames[0];
if (isset($tmpnames[1])) {
$tmpshotname = $tmpnames[1];
} else {
$tmpshotname = '';
}
$tmp = $filemgmt_FileStore . "tmp/" . $tmpfilename;
if (file_exists($tmp) && !is_dir($tmp)) {
// if this temporary file was really uploaded?
$newfile = $filemgmt_FileStore . $name;
COM_errorLOG("File move from " . $tmp . " to " . $newfile);
$rename = @rename($tmp, $newfile);
COM_errorLOG("Results of rename is: " . $rename);
$chown = @chmod($newfile, $filemgmtFilePermissions);
if (!file_exists($newfile)) {
COM_errorLOG("Filemgmt upload approve error: New file does not exist after move of tmp file: '" . $newfile . "'");
$AddNewFile = false;
// Set false again - in case it was set true above for actual file
$eh->show("1101");
} else {
$AddNewFile = true;
}
} else {
COM_errorLOG("Filemgmt upload approve error: Temporary file does not exist: '" . $tmp . "'");
$eh->show("1101");
}
if ($tmpshotname != "") {
$tmp = $filemgmt_SnapStore . "tmp/" . $tmpshotname;
if (file_exists($tmp) && !is_dir($tmp)) {
// if this temporary Thumbnail was really uploaded?
$newfile = $filemgmt_SnapStore . $shotname;
$rename = @rename($tmp, $newfile);
$chown = @chmod($newfile, $filemgmtFilePermissions);
if (!file_exists($newfile)) {
COM_errorLOG("Filemgmt upload approve error: New file does not exist after move of tmp file: '" . $newfile . "'");
$AddNewFile = false;
// Set false again - in case it was set true above for actual file
$eh->show("1101");
}
} else {
COM_errorLOG("Filemgmt upload approve error: Temporary file does not exist: '" . $tmp . "'");
$eh->show("1101");
}
}
if ($AddNewFile) {
DB_query("UPDATE {$_TABLES['filemgmt_filedetail']} SET cid='{$cid}', title='{$title}', url='{$url}', homepage='{$homepage}', version='{$version}', logourl='{$logourl}', status=1, date=" . time() . ", comments={$commentoption} where lid='{$lid}'");
DB_query("UPDATE {$_TABLES['filemgmt_filedesc']} SET description='{$description}' where lid='{$lid}'");
PLG_itemSaved($lid, 'filemgmt');
CACHE_remove_instance('whatsnew');
// Send a email to submitter notifying them that file was approved
if ($filemgmt_Emailoption) {
$result = DB_query("SELECT username, email FROM {$_TABLES['users']} a, {$_TABLES['filemgmt_filedetail']} b WHERE a.uid=b.submitter and b.lid='{$lid}'");
list($submitter_name, $emailaddress) = DB_fetchArray($result);
$mailtext = sprintf(_MD_HELLO, $submitter_name);
$mailtext .= ",\n\n" . _MD_WEAPPROVED . " " . $title . " \n" . _MD_THANKSSUBMIT . "\n\n";
$mailtext .= "{$_CONF["site_name"]}\n";
$mailtext .= "{$_CONF['site_url']}\n";
//COM_errorLOG("email: ".$emailaddress.", text: ".$mailtext);
$to = array();
$to = COM_formatEmailAddress($submitter_name, $emailaddress);
COM_mail($to, _MD_APPROVED, $mailtext);
}
}
CACHE_remove_instance('whatsnew');
redirect_header("{$_CONF['site_admin_url']}/plugins/filemgmt/index.php?op=listNewDownloads", 2, _MD_NEWDLADDED);
exit;
}
/**
* Delete a user
*
* @param int $uid id of user to delete
* @return string HTML redirect
*
*/
function USER_delete($uid)
{
global $_CONF;
if (!USER_deleteAccount($uid)) {
return COM_refresh($_CONF['site_admin_url'] . '/user.php');
}
CACHE_remove_instance('mbmenu');
COM_setMessage(22);
return COM_refresh($_CONF['site_admin_url'] . '/user.php');
}
function MG_saveEnroll()
{
global $_CONF, $_MG_CONF, $_MG_USERPREFS, $_TABLES, $_USER, $LANG_MG03;
if ($_MG_CONF['member_albums'] != 1) {
echo COM_refresh($_MG_CONF['site_url'] . '/index.php');
exit;
}
if (!isset($_MG_CONF['member_quota'])) {
$_MG_CONF['member_quota'] = 0;
}
$sql = "SELECT album_id FROM {$_TABLES['mg_albums']} WHERE owner_id=" . (int) $_USER['uid'] . " AND album_parent=" . $_MG_CONF['member_album_root'];
$result = DB_query($sql);
$nRows = DB_numRows($result);
if ($nRows > 0) {
$display = MG_siteHeader();
$display .= COM_showMessageText($LANG_MG03['existing_member_album'], '', true);
$display .= MG_siteFooter();
echo $display;
exit;
}
$uid = (int) $_USER['uid'];
$aid = plugin_user_create_mediagallery($uid, 1);
$result = DB_query("UPDATE {$_TABLES['mg_userprefs']} SET member_gallery=1,quota=" . $_MG_CONF['member_quota'] . " WHERE uid=" . $uid, 1);
$affected = DB_affectedRows($result);
if (DB_error()) {
$sql = "INSERT INTO {$_TABLES['mg_userprefs']} (uid, active, display_rows, display_columns, mp3_player, playback_mode, tn_size, quota, member_gallery) VALUES (" . $uid . ",1,0,0,-1,-1,-1," . $_MG_CONF['member_quota'] . ",1)";
DB_query($sql, 1);
}
CACHE_remove_instance('menu');
echo COM_refresh($_MG_CONF['site_url'] . '/album.php?aid=' . $aid);
exit;
}
/**
* Delete a topic
*
* @param string $tid Topic ID
* @return string HTML redirect
*
*/
function TOPIC_delete($tid)
{
global $_CONF, $_TABLES, $_USER;
$result = DB_query("SELECT owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon FROM {$_TABLES['topics']} WHERE tid ='{$tid}'");
$A = DB_fetchArray($result);
if (SEC_inGroup('Topic Admin')) {
$access = 3;
} else {
$access = SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']);
}
if ($access < 3) {
COM_accessLog("User {$_USER['username']} tried to illegally delete topic {$tid}.");
return COM_refresh($_CONF['site_admin_url'] . '/topic.php');
}
// don't delete topic blocks - assign them to 'all' and disable them
DB_query("UPDATE {$_TABLES['blocks']} SET tid = 'all', is_enabled = 0 WHERE tid = '{$tid}'");
// same with feeds
DB_query("UPDATE {$_TABLES['syndication']} SET topic = '::all', is_enabled = 0 WHERE topic = '{$tid}'");
// remove any alternate topics
DB_query("UPDATE {$_TABLES['stories']} SET alternate_tid = NULL WHERE alternate_tid = '{$tid}'");
// delete comments, trackbacks, images associated with stories in this topic
$result = DB_query("SELECT sid FROM {$_TABLES['stories']} WHERE tid = '{$tid}'");
$numStories = DB_numRows($result);
for ($i = 0; $i < $numStories; $i++) {
$A = DB_fetchArray($result);
STORY_deleteImages($A['sid']);
DB_query("DELETE FROM {$_TABLES['comments']} WHERE sid = '{$A['sid']}' AND type = 'article'");
DB_query("DELETE FROM {$_TABLES['trackback']} WHERE sid = '{$A['sid']}' AND type = 'article'");
}
// delete these
DB_delete($_TABLES['stories'], 'tid', $tid);
DB_delete($_TABLES['storysubmission'], 'tid', $tid);
DB_delete($_TABLES['topics'], 'tid', $tid);
TOPIC_reorderTopics();
// update feed(s) and Older Stories block
COM_rdfUpToDateCheck('article');
COM_olderStuff();
CACHE_remove_instance('stmenu');
COM_setMessage(14);
return COM_refresh($_CONF['site_admin_url'] . '/topic.php');
}
/**
* To be called (eventually) whenever Geeklog removes an item from the database.
* Plugins can define their own 'itemdeleted' function to be notified whenever
* an item is deleted.
*
* @param string $id ID of the item
* @param string $type type of the item, e.g. 'article'
* @return void
* @since Geeklog 1.6.0
*
*/
function plugin_itemdeleted_template($id, $type)
{
// See if uses what's new block then delete cache of whatsnew
// This will not catch everything though like trackbacks, comments, and
// plugins that do not use itemsaved but let's delete the cache when we can
// Also delete cache for topics block and topic_tree when topic or article is updated or deleted
// Also delete article cache on article save and delete
$article = false;
$block = false;
$whatsnew = false;
$olderstories = false;
$topicsblock = false;
$topic_tree = false;
if ($type == 'article' or $type == 'story') {
$article = true;
$whatsnew = true;
$olderstories = true;
$topicsblock = true;
} elseif ($type == 'topic') {
$topicsblock = true;
$topic_tree = true;
// These items use topics and may display info about topics
$article = true;
$block = true;
} else {
// hack to see if plugin supports what's new
$fn_head = 'plugin_whatsnewsupported_' . $type;
if (function_exists($fn_head)) {
if (is_array($fn_head())) {
// if array then supported
$whatsnew = true;
}
}
}
if ($article) {
$cacheInstance = 'article__' . $id;
// remove all article instances
CACHE_remove_instance($cacheInstance);
}
if ($block) {
$cacheInstance = 'block__' . $id;
// remove all block instances
CACHE_remove_instance($cacheInstance);
}
if ($whatsnew) {
$cacheInstance = 'whatsnew__';
// remove all whatsnew instances
CACHE_remove_instance($cacheInstance);
}
if ($olderstories) {
$cacheInstance = 'olderarticles__';
// remove all olderarticles instances
CACHE_remove_instance($cacheInstance);
}
if ($topicsblock) {
$cacheInstance = 'topicsblock__';
CACHE_remove_instance($cacheInstance);
}
if ($topic_tree) {
$cacheInstance = 'topic_tree__';
CACHE_remove_instance($cacheInstance);
}
}
function _MG_getFile($filename, $file, $albums, $caption = '', $description = '', $upload = 1, $purgefiles = 0, $filetype, $atttn, $thumbnail, $keywords = '', $category = 0, $dnc = 0, $replace = 0, $userid)
{
global $MG_albums, $_CONF, $_MG_CONF, $_USER, $_TABLES, $LANG_MG00, $LANG_MG01, $LANG_MG02, $new_media_id;
$artist = '';
$musicAlbum = '';
$genre = '';
$video_attached_thumbnail = 0;
$successfulWatermark = 0;
$dnc = 1;
$errors = 0;
$errMsg = '';
clearstatcache();
if (!file_exists($filename)) {
$errMsg = $LANG_MG02['upload_not_found'];
return array(false, $errMsg);
}
clearstatcache();
if (!is_readable($filename)) {
$errMsg = $LANG_MG02['upload_not_readable'];
return array(false, $errMsg);
}
// make sure we have the proper permissions to upload to this album....
if (!isset($MG_albums[$albums]->id)) {
$errMsg = $LANG_MG02['album_nonexist'];
// "Album does not exist, unable to process uploads";
return array(false, $errMsg);
}
sleep(1);
// We do this to make sure we don't get dupe sid's
/*
* The following section of code will generate a unique name for a temporary
* file and copy the uploaded file to the Media Gallery temp directory.
* We do this to prevent any SAFE MODE issues when we later open the
* file to determine the mime type.
*/
if (empty($_USER['username']) || $_USER['username'] == '') {
$_USER['username'] = '******';
}
$tmpPath = $_MG_CONF['tmp_path'] . '/' . $_USER['username'] . COM_makesid() . '.tmp';
if ($upload) {
$rc = @move_uploaded_file($filename, $tmpPath);
} else {
$rc = @copy($filename, $tmpPath);
$importSource = $filename;
}
if ($rc != 1) {
$errors++;
$errMsg .= sprintf($LANG_MG02['move_error'], $filename);
@unlink($tmpPath);
return array(false, $errMsg);
}
$filename = $tmpPath;
if ($replace > 0) {
$new_media_id = $replace;
} else {
$new_media_id = COM_makesid();
}
$media_time = time();
$media_upload_time = time();
$media_user_id = $userid;
$mimeInfo = IMG_getMediaMetaData($filename);
$mimeExt = strtolower(substr(strrchr($file, "."), 1));
$mimeInfo['type'] = $mimeExt;
if (!isset($mimeInfo['mime_type']) || $mimeInfo['mime_type'] == '') {
$mimeInfo['mime_type'] = $filetype;
}
$gotTN = 0;
if (isset($mimeInfo['id3v2']['APIC'][0]['mime']) && $mimeInfo['id3v2']['APIC'][0]['mime'] == 'image/jpeg') {
$mp3AttachdedThumbnail = $mimeInfo['id3v2']['APIC'][0]['data'];
$gotTN = 1;
}
if ($mimeExt == '' || $mimeInfo['mime_type'] == 'application/octet-stream' || $mimeInfo['mime_type'] == '') {
// assume format based on file upload info...
switch ($filetype) {
case 'audio/mpeg':
$mimeInfo['type'] = 'mp3';
$mimeInfo['mime_type'] = 'audio/mpeg';
$mimeExt = 'mp3';
break;
case 'image/tga':
$mimeInfo['type'] = 'tga';
$mimeInfo['mime_type'] = 'image/tga';
$mimeExt = 'tga';
break;
case 'image/psd':
$mimeInfo['type'] = 'psd';
$mimeInfo['mime_type'] = 'image/psd';
$mimeExt = 'psd';
break;
case 'image/gif':
$mimeInfo['type'] = 'gif';
$mimeInfo['mime_type'] = 'image/gif';
$mimeExt = 'gif';
break;
case 'image/jpeg':
case 'image/jpg':
$mimeInfo['type'] = 'jpg';
$mimeInfo['mime_type'] = 'image/jpeg';
$mimeExt = 'jpg';
break;
case 'image/png':
$mimeInfo['type'] = 'png';
$mimeInfo['mime_type'] = 'image/png';
$mimeExt = 'png';
break;
case 'image/bmp':
$mimeInfo['type'] = 'bmp';
$mimeInfo['mime_type'] = 'image/bmp';
$mimeExt = 'bmp';
break;
case 'application/x-shockwave-flash':
$mimeInfo['type'] = 'swf';
$mimeInfo['mime_type'] = 'application/x-shockwave-flash';
$mimeExt = 'swf';
break;
case 'application/zip':
$mimeInfo['type'] = 'zip';
$mimeInfo['mime_type'] = 'application/zip';
$mimeExt = 'zip';
break;
case 'audio/mpeg':
$mimeInfo['type'] = 'mp3';
$mimeInfo['mime_type'] = 'audio/mpeg';
$mimeExt = 'mp3';
break;
case 'video/quicktime':
$mimeInfo['type'] = 'mov';
$mimeInfo['mime_type'] = 'video/quicktime';
$mimeExt = 'mov';
break;
case 'video/x-m4v':
$mimeInfo['type'] = 'mov';
$mimeInfo['mime_type'] = 'video/x-m4v';
$mimeExt = 'mov';
break;
case 'video/x-flv':
$mimeInfo['type'] = 'flv';
$mimeInfo['mime_type'] = 'video/x-flv';
$mimeExt = 'flv';
break;
case 'audio/x-ms-wma':
$mimeInfo['type'] = 'wma';
$mimeInfo['mime_type'] = 'audio/x-ms-wma';
$mimeExt = 'wma';
break;
default:
$file_extension = strtolower(substr(strrchr($file, "."), 1));
switch ($file_extension) {
case 'flv':
$mimeInfo['type'] = 'flv';
$mimeInfo['mime_type'] = 'video/x-flv';
$mimeExt = 'flv';
break;
case 'wma':
$mimeInfo['type'] = 'wma';
$mimeInfo['mime_type'] = 'audio/x-ms-wma';
$mimeExt = 'wma';
break;
default:
$mimeInfo['type'] = 'file';
if ($filetype != '') {
$mimeInfo['mime_type'] = $filetype;
} else {
$mimeInfo['mime_type'] = 'application/octet-stream';
}
$mimeExt = $file_extension;
break;
}
}
}
switch ($mimeInfo['mime_type']) {
case 'audio/mpeg':
$format_type = MG_MP3;
break;
case 'image/gif':
$format_type = MG_GIF;
break;
case 'image/jpeg':
case 'image/jpg':
$format_type = MG_JPG;
break;
case 'image/png':
$format_type = MG_PNG;
break;
case 'image/bmp':
$format_type = MG_BMP;
break;
case 'application/x-shockwave-flash':
$format_type = MG_SWF;
break;
case 'application/zip':
$format_type = MG_ZIP;
break;
case 'video/mpeg':
case 'video/x-motion-jpeg':
case 'video/quicktime':
case 'video/mpeg':
case 'video/x-mpeg':
case 'video/x-mpeq2a':
case 'video/x-qtc':
case 'video/x-m4v':
$format_type = MG_MOV;
break;
case 'video/x-flv':
$format_type = MG_FLV;
break;
case 'image/tiff':
$format_type = MG_TIF;
break;
case 'image/x-targa':
case 'image/tga':
$format_type = MG_TGA;
break;
case 'image/psd':
$format_type = MG_PSD;
break;
case 'application/ogg':
$format_type = MG_OGG;
break;
case 'audio/x-ms-wma':
case 'audio/x-ms-wax':
case 'audio/x-ms-wmv':
case 'video/x-ms-asf':
case 'video/x-ms-asf-plugin':
case 'video/avi':
case 'video/msvideo':
case 'video/x-msvideo':
case 'video/avs-video':
case 'video/x-ms-wmv':
case 'video/x-ms-wvx':
case 'video/x-ms-wm':
case 'application/x-troff-msvideo':
case 'application/x-ms-wmz':
case 'application/x-ms-wmd':
$format_type = MG_ASF;
break;
case 'application/pdf':
$format_type = MG_OTHER;
break;
default:
$format_type = MG_OTHER;
break;
}
$mimeType = $mimeInfo['mime_type'];
if ($filetype == 'video/x-m4v') {
$mimeType = 'video/x-m4v';
$mimeInfo['mime_type'] = 'video/x-m4v';
}
if (!($MG_albums[$albums]->valid_formats & $format_type)) {
return array(false, $LANG_MG02['format_not_allowed']);
}
if ($replace > 0) {
$sql = "SELECT * FROM {$_TABLES['mg_media']} WHERE media_id='" . DB_escapeString($replace) . "'";
$result = DB_query($sql);
$row = DB_fetchArray($result);
$media_filename = $row['media_filename'];
} else {
if ($_MG_CONF['preserve_filename'] == 1) {
$loopCounter = 0;
$digitCounter = 1;
$file_name = stripslashes($file);
$file_name = MG_replace_accents($file_name);
$file_name = preg_replace("#[ ]#", "_", $file_name);
// change spaces to underscore
$file_name = preg_replace('#[^\\.\\-,\\w]#', '_', $file_name);
//only parenthesis, underscore, letters, numbers, comma, hyphen, period - others to underscore
$file_name = preg_replace('#(_)+#', '_', $file_name);
//eliminate duplicate underscore
$pos = strrpos($file_name, '.');
if ($pos === false) {
$basefilename = $file_name;
} else {
$basefilename = strtolower(substr($file_name, 0, $pos));
}
do {
clearstatcache();
$media_filename = substr(md5(uniqid(rand())), 0, $digitCounter) . '_' . $basefilename;
$loopCounter++;
if ($loopCounter > 16) {
$digitCounter++;
$loopCounter = 0;
}
} while (MG_file_exists($media_filename));
} else {
do {
clearstatcache();
$media_filename = md5(uniqid(rand()));
} while (MG_file_exists($media_filename));
}
}
// replace a few mime extentions here...
//
$mimeExtLower = strtolower($mimeExt);
if ($mimeExtLower == 'php') {
$mimeExt = 'phps';
} else {
if ($mimeExtLower == 'pl') {
$mimeExt = 'txt';
} else {
if ($mimeExtLower == 'cgi') {
$mimeExt = 'txt';
} else {
if ($mimeExtLower == 'py') {
$mimeExt = 'txt';
} else {
if ($mimeExtLower == 'sh') {
$mimeExt = 'txt';
} else {
if ($mimeExtLower == 'rb') {
$mimeExt = 'txt';
}
}
}
}
}
}
$disp_media_filename = $media_filename . '.' . $mimeExt;
switch ($mimeType) {
case 'image/psd':
case 'image/x-targa':
case 'image/tga':
case 'image/photoshop':
case 'image/x-photoshop':
case 'image/psd':
case 'application/photoshop':
case 'application/psd':
case 'image/tiff':
case 'image/gif':
case 'image/jpeg':
case 'image/jpg':
case 'image/png':
case 'image/bmp':
if ($mimeType == 'image/psd' || $mimeType == 'image/x-targa' || $mimeType == 'image/tga' || $mimeType == 'image/photoshop' || $mimeType == 'image/x-photoshop' || $mimeType == 'image/psd' || $mimeType == 'application/photoshop' || $mimeType == 'application/psd' || $mimeType == 'image/tiff') {
$media_orig = $_MG_CONF['path_mediaobjects'] . 'orig/' . $media_filename[0] . '/' . $media_filename . "." . $mimeExt;
$media_disp = $_MG_CONF['path_mediaobjects'] . 'disp/' . $media_filename[0] . '/' . $media_filename . ".jpg";
$media_tn = $_MG_CONF['path_mediaobjects'] . 'tn/' . $media_filename[0] . '/' . $media_filename . ".jpg";
} else {
$media_orig = $_MG_CONF['path_mediaobjects'] . 'orig/' . $media_filename[0] . '/' . $media_filename . "." . $mimeExt;
$media_disp = $_MG_CONF['path_mediaobjects'] . 'disp/' . $media_filename[0] . '/' . $media_filename . "." . $mimeExt;
$media_tn = $_MG_CONF['path_mediaobjects'] . 'tn/' . $media_filename[0] . '/' . $media_filename . "." . $mimeExt;
}
$mimeType = $mimeInfo['mime_type'];
// process image file
$media_time = getOriginationTimestamp($filename);
if ($media_time == null || $media_time < 0) {
$media_time = time();
}
$rc = @copy($filename, $media_orig);
if ($rc != 1) {
$errors++;
$errMsg .= sprintf($LANG_MG02['move_error'], $filename);
} else {
if ($purgefiles) {
@unlink($importSource);
}
@chmod($media_orig, 0644);
list($rc, $msg) = MG_convertImage($media_orig, $media_tn, $media_disp, $mimeExt, $mimeType, $albums, $media_filename, $dnc);
if ($rc == false) {
$errors++;
$errMsg .= $msg;
// sprintf($LANG_MG02['convert_error'],$filename);
} else {
$mediaType = 0;
if ($_MG_CONF['discard_original'] == 1 && ($mimeType == 'image/jpeg' || $mimeType == 'image/jpg' || $mimeType == 'image/png' || $mimeType == 'image/bmp' || $mimeType == 'image/gif')) {
if ($_MG_CONF['jhead_enabled'] && ($mimeType == 'image/jpeg' || $mimeType == 'image/jpg')) {
$rc = MG_execWrapper('"' . $_MG_CONF['jhead_path'] . "/jhead" . '"' . " -te " . $media_orig . " " . $media_disp);
}
@unlink($media_orig);
}
if ($MG_albums[$albums]->wm_auto) {
if ($_MG_CONF['discard_original'] == 1) {
$rc = MG_watermark($media_disp, $albums, 1);
if ($rc == TRUE) {
$successfulWatermark = 1;
}
} else {
$rc1 = MG_watermark($media_orig, $albums, 1);
$rc2 = MG_watermark($media_disp, $albums, 0);
if ($rc1 == TRUE && $rc2 == TRUE) {
$successfulWatermark = 1;
}
}
}
if ($dnc != 1) {
if ($mimeType != 'image/tga' && $mimeType != 'image/x-targa' && $mimeType != 'image/tiff') {
if ($mimeType != 'image/photoshop' && $mimeType != 'image/x-photoshop' && $mimeType != 'image/psd' && $mimeType != 'application/photoshop' && $mimeType != 'application/psd') {
$mimeExt = 'jpg';
$mimeType = 'image/jpeg';
}
}
}
}
}
break;
case 'video/quicktime':
case 'video/mpeg':
case 'video/x-flv':
case 'video/x-ms-asf':
case 'video/x-ms-asf-plugin':
case 'video/avi':
case 'video/msvideo':
case 'video/x-msvideo':
case 'video/avs-video':
case 'video/x-ms-wmv':
case 'video/x-ms-wvx':
case 'video/x-ms-wm':
case 'application/x-troff-msvideo':
case 'application/x-shockwave-flash':
case 'video/mp4':
case 'video/x-m4v':
$mimeType = $mimeInfo['mime_type'];
if ($filetype == 'video/mp4') {
$mimeExt = 'mp4';
}
// process video format
$media_orig = $_MG_CONF['path_mediaobjects'] . 'orig/' . $media_filename[0] . '/' . $media_filename . '.' . $mimeExt;
$rc = @copy($filename, $media_orig);
if ($rc != 1) {
$errors++;
$errMsg .= sprintf($LANG_MG02['move_error'], $filename);
} else {
if ($purgefiles) {
@unlink($importSource);
}
@chmod($media_orig, 0644);
$mediaType = 1;
}
$video_attached_thumbnail = MG_videoThumbnail($albums, $media_orig, $media_filename);
break;
case 'application/ogg':
case 'audio/mpeg':
case 'audio/x-ms-wma':
case 'audio/x-ms-wax':
case 'audio/x-ms-wmv':
$mimeType = $mimeInfo['mime_type'];
// process audio format
$media_orig = $_MG_CONF['path_mediaobjects'] . 'orig/' . $media_filename[0] . '/' . $media_filename . '.' . $mimeExt;
$rc = @copy($filename, $media_orig);
if (isset($mimeInfo['tags']['id3v1']['title'][0])) {
if ($caption == '') {
$caption = $mimeInfo['tags']['id3v1']['title'][0];
}
}
if (isset($mimeInfo['tags']['id3v1']['artist'][0])) {
$artist = DB_escapeString($mimeInfo['tags']['id3v1']['artist'][0]);
}
if (isset($mimeInfo['tags']['id3v2']['genre'][0])) {
$genre = DB_escapeString($mimeInfo['tags']['id3v2']['genre'][0]);
}
if (isset($mimeInfo['tags']['id3v1']['album'][0])) {
$musicAlbum = DB_escapeString($mimeInfo['tags']['id3v1']['album'][0]);
}
if ($rc != 1) {
$errors++;
$errMsg .= sprintf($LANG_MG02['move_error'], $filename);
} else {
if ($purgefiles) {
@unlink($importSource);
}
$mediaType = 2;
}
break;
case 'zip':
case 'application/zip':
if ($_MG_CONF['zip_enabled']) {
$errMsg .= MG_processZip($filename, $albums, $purgefiles, $media_filename);
break;
}
// NO BREAK HERE, fall through if enable zip isn't allowed
// NO BREAK HERE, fall through if enable zip isn't allowed
default:
$media_orig = $_MG_CONF['path_mediaobjects'] . 'orig/' . $media_filename[0] . '/' . $media_filename . "." . $mimeExt;
$mimeType = $mimeInfo['mime_type'];
$rc = @copy($filename, $media_orig);
if ($rc != 1) {
$errors++;
$errMsg .= sprintf($LANG_MG02['move_error'], $filename);
} else {
if ($purgefiles) {
@unlink($importSource);
}
$mediaType = 4;
}
$mediaType = 4;
break;
}
// update quota
$quota = $MG_albums[$albums]->album_disk_usage;
if ($_MG_CONF['discard_original'] == 1) {
$quota += @filesize($_MG_CONF['path_mediaobjects'] . 'orig/' . $media_filename[0] . '/' . $media_filename . '.' . $mimeExt);
$quota += @filesize($_MG_CONF['path_mediaobjects'] . 'disp/' . $media_filename[0] . '/' . $media_filename . '.jpg');
} else {
$quota += @filesize($_MG_CONF['path_mediaobjects'] . 'orig/' . $media_filename[0] . '/' . $media_filename . '.' . $mimeExt);
}
DB_query("UPDATE {$_TABLES['mg_albums']} SET album_disk_usage=" . $quota . " WHERE album_id=" . $albums);
if ($errors) {
@unlink($tmpPath);
return array(false, $errMsg);
}
if (($mimeType != 'application/zip' || $_MG_CONF['zip_enabled'] == 0) && $errors == 0) {
// Now we need to process an uploaded thumbnail
if ($gotTN == 1) {
$mp3TNFilename = $_MG_CONF['tmp_path'] . '/mp3tn' . time() . '.jpg';
$fn = fopen($mp3TNFilename, "w");
fwrite($fn, $mp3AttachdedThumbnail);
fclose($fn);
$saveThumbnailName = $_MG_CONF['path_mediaobjects'] . 'tn/' . $media_filename[0] . '/tn_' . $media_filename;
MG_attachThumbnail($albums, $mp3TNFilename, $saveThumbnailName);
@unlink($mp3TNFilename);
$atttn = 1;
} else {
if ($atttn == 1) {
$saveThumbnailName = $_MG_CONF['path_mediaobjects'] . 'tn/' . $media_filename[0] . '/tn_' . $media_filename;
MG_attachThumbnail($albums, $thumbnail, $saveThumbnailName);
}
}
if ($video_attached_thumbnail) {
$atttn = 1;
}
if ($MG_albums[$albums]->enable_html != 1) {
// if ($_MG_CONF['htmlallowed'] != 1 ) {
$media_desc = DB_escapeString(htmlspecialchars(strip_tags(COM_checkWords(COM_killJS($description)))));
$media_caption = DB_escapeString(htmlspecialchars(strip_tags(COM_checkWords(COM_killJS($caption)))));
$media_keywords = DB_escapeString(htmlspecialchars(strip_tags(COM_checkWords(COM_killJS($keywords)))));
} else {
$media_desc = DB_escapeString(COM_checkHTML(COM_killJS($description)));
$media_caption = DB_escapeString(COM_checkHTML(COM_killJS($caption)));
$media_keywords = DB_escapeString(COM_checkHTML(COM_killJS($keywords)));
}
// Check and see if moderation is on. If yes, place in mediasubmission
if ($MG_albums[$albums]->moderate == 1 && !$MG_albums[0]->owner_id) {
$tableMedia = $_TABLES['mg_mediaqueue'];
$tableMediaAlbum = $_TABLES['mg_media_album_queue'];
$queue = 1;
} else {
$tableMedia = $_TABLES['mg_media'];
$tableMediaAlbum = $_TABLES['mg_media_albums'];
$queue = 0;
}
$original_filename = DB_escapeString($file);
if ($MG_albums[$albums]->filename_title) {
if ($media_caption == '') {
$pos = strrpos($original_filename, '.');
if ($pos === false) {
$media_caption = $original_filename;
} else {
$media_caption = substr($original_filename, 0, $pos);
}
}
}
$resolution_x = 0;
$resolution_y = 0;
// try to find a resolution if video...
if ($mediaType == 1) {
switch ($mimeType) {
case 'application/x-shockwave-flash':
case 'video/quicktime':
case 'video/mpeg':
case 'video/x-m4v':
if (isset($mimeInfo['video']['resolution_x']) && isset($mimeInfo['video']['resolution_x'])) {
$resolution_x = $mimeInfo['video']['resolution_x'];
$resolution_y = $mimeInfo['video']['resolution_y'];
} else {
$resolution_x = -1;
$resolution_y = -1;
}
break;
case 'video/x-flv':
if ($mimeInfo['video']['resolution_x'] < 1 || $mimeInfo['video']['resolution_y'] < 1) {
if (isset($mimeInfo['meta']['onMetaData']['width']) && isset($mimeInfo['meta']['onMetaData']['height'])) {
$resolution_x = $mimeInfo['meta']['onMetaData']['width'];
$resolution_y = $mimeInfo['meta']['onMetaData']['height'];
} else {
$resolution_x = -1;
$resolution_y = -1;
}
} else {
$resolution_x = $mimeInfo['video']['resolution_x'];
$resolution_y = $mimeInfo['video']['resolution_y'];
}
break;
case 'video/x-ms-asf':
case 'video/x-ms-asf-plugin':
case 'video/avi':
case 'video/msvideo':
case 'video/x-msvideo':
case 'video/avs-video':
case 'video/x-ms-wmv':
case 'video/x-ms-wvx':
case 'video/x-ms-wm':
case 'application/x-troff-msvideo':
if (isset($mimeInfo['video']['streams']['2']['resolution_x']) && isset($mimeInfo['video']['streams']['2']['resolution_y'])) {
$resolution_x = $mimeInfo['video']['streams']['2']['resolution_x'];
$resolution_y = $mimeInfo['video']['streams']['2']['resolution_y'];
} else {
$resolution_x = -1;
$resolution_y = -1;
}
break;
}
}
if ($replace > 0) {
$sql = "UPDATE " . $tableMedia . " SET\n\t \t\t\t\t\tmedia_filename='" . DB_escapeString($media_filename) . "',\n\t \t\t\t\t\tmedia_original_filename='{$original_filename}',\n\t \t\t\t\t\tmedia_mime_ext='" . DB_escapeString($mimeExt) . "',\n\t \t\t\t\t\tmime_type='" . DB_escapeString($mimeType) . "',\n\t \t\t\t\t\tmedia_time='" . DB_escapeString($media_time) . "',\n\t \t\t\t\t\tmedia_user_id='" . DB_escapeString($media_user_id) . "',\n\t \t\t\t\t\tmedia_type='" . DB_escapeString($mediaType) . "',\n\t \t\t\t\t\tmedia_upload_time='" . DB_escapeString($media_upload_time) . "',\n\t \t\t\t\t\tmedia_watermarked='" . DB_escapeString($successfulWatermark) . "',\n\t \t\t\t\t\tmedia_resolution_x='" . DB_escapeString($resolution_x) . "',\n\t \t\t\t\t\tmedia_resolution_y='" . DB_escapeString($resolution_y) . "'\n\t \t\t\t\t\tWHERE media_id='" . DB_escapeString($replace) . "'";
DB_query($sql);
} else {
$sql = "INSERT INTO " . $tableMedia . " (media_id,media_filename,media_original_filename,media_mime_ext,media_exif,mime_type,media_title,media_desc,media_keywords,media_time,media_views,media_comments,media_votes,media_rating,media_tn_attached,media_tn_image,include_ss,media_user_id,media_user_ip,media_approval,media_type,media_upload_time,media_category,media_watermarked,v100,maint,media_resolution_x,media_resolution_y,remote_media,remote_url,artist,album,genre)\n\t VALUES ('{$new_media_id}','{$media_filename}','{$original_filename}','{$mimeExt}','1','{$mimeType}','{$media_caption}','{$media_desc}','{$media_keywords}','{$media_time}','0','0','0','0.00','{$atttn}','','1','{$media_user_id}','','0','{$mediaType}','{$media_upload_time}','{$category}','{$successfulWatermark}','0','0',{$resolution_x},{$resolution_y},0,'','{$artist}','{$musicAlbum}','{$genre}');";
DB_query($sql);
$x = 0;
$sql = "SELECT MAX(media_order) + 10 AS media_seq FROM " . $_TABLES['mg_media_albums'] . " WHERE album_id = " . $albums;
$result = DB_query($sql);
$row = DB_fetchArray($result);
$media_seq = $row['media_seq'];
if ($media_seq < 10) {
$media_seq = 10;
}
$sql = "INSERT INTO " . $tableMediaAlbum . " (media_id, album_id, media_order) VALUES ('{$new_media_id}', {$albums}, {$media_seq} )";
DB_query($sql);
if ($mediaType == 1 && $resolution_x > 0 && $resolution_y > 0 && $_MG_CONF['use_default_resolution'] == 0) {
DB_save($_TABLES['mg_playback_options'], 'media_id,option_name,option_value', "'{$new_media_id}','width', '{$resolution_x}'");
DB_save($_TABLES['mg_playback_options'], 'media_id,option_name,option_value', "'{$new_media_id}','height', '{$resolution_y}'");
}
// update the media count for the album, only if no moderation...
if ($queue == 0) {
$MG_albums[$albums]->media_count++;
DB_query("UPDATE " . $_TABLES['mg_albums'] . " SET media_count=" . $MG_albums[$albums]->media_count . ",last_update=" . $media_upload_time . " WHERE album_id='" . $MG_albums[$albums]->id . "'");
if ($_MG_CONF['update_parent_lastupdated'] == 1) {
$currentAID = $MG_albums[$albums]->parent;
while ($MG_albums[$currentAID]->id != 0) {
DB_query("UPDATE " . $_TABLES['mg_albums'] . " SET last_update=" . $media_upload_time . " WHERE album_id='" . $MG_albums[$currentAID]->id . "'");
$currentAID = $MG_albums[$currentAID]->parent;
}
}
if ($MG_albums[$albums]->cover == -1 && ($mediaType == 0 || $atttn == 1)) {
if ($atttn == 1) {
$covername = 'tn_' . $media_filename;
} else {
$covername = $media_filename;
}
DB_query("UPDATE {$_TABLES['mg_albums']} SET album_cover_filename='" . $covername . "'" . " WHERE album_id='" . $MG_albums[$albums]->id . "'");
}
}
$x++;
}
}
if ($queue) {
$errMsg .= $LANG_MG01['successful_upload_queue'];
// ' successfully placed in Moderation queue';
} else {
$errMsg .= $LANG_MG01['successful_upload'];
// ' successfully uploaded to album';
}
if ($queue == 0) {
require_once $_CONF['path'] . 'plugins/mediagallery/include/rssfeed.php';
MG_buildFullRSS();
MG_buildAlbumRSS($albums);
CACHE_remove_instance('whatsnew');
}
@unlink($tmpPath);
return array(true, $errMsg);
}
/**
* Delete a trackback comment
* Note: Permission checks have to be done by the caller.
*
* @param int $cid ID of the trackback comment
* @return void
*/
function TRB_deleteTrackbackComment($cid)
{
global $_TABLES;
$cid = DB_escapeString($cid);
DB_delete($_TABLES['trackback'], 'cid', $cid);
CACHE_remove_instance('whatsnew');
}
function MB_changeActiveStatusMenu($menu_arr)
{
global $_CONF, $_TABLES;
// disable all menus
$sql = "UPDATE {$_TABLES['menu']} SET menu_active = '0'";
DB_query($sql);
if (isset($menu_arr)) {
foreach ($menu_arr as $menu => $side) {
$menu = COM_applyFilter($menu, true);
// the enable those in the array
$sql = "UPDATE {$_TABLES['menu']} SET menu_active = '1' WHERE id=" . (int) $menu;
DB_query($sql);
}
}
CACHE_remove_instance('menu');
return;
}
function FF_saveTopic($forumData, $postData, $action)
{
global $_CONF, $_TABLES, $_FF_CONF, $_USER, $LANG03, $LANG_GF01, $LANG_GF02;
$retval = '';
$uploadErrors = '';
$msg = '';
$errorMessages = '';
$email = '';
$forumfiles = array();
$okToSave = true;
$dt = new Date('now', $_USER['tzid']);
$date = $dt->toUnix();
$REMOTE_ADDR = $_SERVER['REMOTE_ADDR'];
if (COM_isAnonUser()) {
$uid = 1;
} else {
$uid = $_USER['uid'];
}
// verify postmode is allowed
if (strtolower($postData['postmode']) == 'html') {
if ($_FF_CONF['allow_html'] || SEC_inGroup('Root') || SEC_hasRights('forum.html')) {
$postData['postmode'] = 'html';
} else {
$postData['postmode'] = 'text';
}
}
// is forum readonly?
if ($forumData['is_readonly'] == 1) {
// Check if this user has moderation rights now to allow a post to a locked topic
if (!forum_modPermission($forumData['forum'], $uid, 'mod_edit')) {
_ff_accessError();
}
}
if ($action == 'saveedit') {
// does the forum match the forum id of the posted data?
if ($forumData['forum'] != 0 && $forumData['forum'] != $postData['forum']) {
_ff_accessError();
}
$editid = COM_applyFilter($postData['editid'], true);
$forum = COM_applyFilter($postData['forum'], true);
$editAllowed = false;
if (forum_modPermission($forumData['forum'], $_USER['uid'], 'mod_edit')) {
$editAllowed = true;
} else {
if ($_FF_CONF['allowed_editwindow'] > 0) {
$t1 = DB_getItem($_TABLES['ff_topic'], 'date', "id=" . (int) $postData['id']);
$t2 = $_FF_CONF['allowed_editwindow'];
$time = time();
if (time() - $t2 < $t1) {
$editAllowed = true;
}
} else {
$editAllowed = true;
}
}
if ($postData['editpid'] < 1 && trim($postData['subject']) == '') {
$retval .= FF_BlockMessage('', $LANG_GF02['msg18'], false);
$okToSave = false;
} elseif (!$editAllowed) {
$link = $_CONF['site_url'] . '/forum/viewtopic.php?showtopic=' . (int) $postData['$id'];
$retval .= _ff_alertMessage('', $LANG_GF02['msg189'], sprintf($LANG_GF02['msg187'], $link));
$okToSave = false;
}
} else {
if (!COM_isAnonUser() && $_FF_CONF['use_sfs']) {
$email = isset($_USER['email']) ? $_USER['email'] : '';
}
}
if (isset($postData['name']) && $postData['name'] != '') {
$name = _ff_preparefordb(@htmlspecialchars(strip_tags(trim(COM_checkWords(USER_sanitizeName($postData['name'])))), ENT_QUOTES, COM_getEncodingt()), 'text');
$name = urldecode($name);
} else {
$okToSave = false;
$errorMessages .= $LANG_GF02['invalid_name'] . '<br />';
}
// speed limit check
if (!SEC_hasRights('forum.edit')) {
COM_clearSpeedlimit($_FF_CONF['post_speedlimit'], 'forum');
$last = COM_checkSpeedlimit('forum');
if ($last > 0) {
$errorMessages .= sprintf($LANG_GF01['SPEEDLIMIT'], $last, $_FF_CONF['post_speedlimit']) . '<br/>';
$okToSave = false;
}
}
// standard edit checks
if (strlen(trim($postData['name'])) < $_FF_CONF['min_username_length'] || strlen(trim($postData['subject'])) < $_FF_CONF['min_subject_length'] || strlen(trim($postData['comment'])) < $_FF_CONF['min_comment_length']) {
$errorMessages .= $LANG_GF02['msg18'] . '<br/>';
$okToSave = false;
}
// CAPTCHA check
if (function_exists('plugin_itemPreSave_captcha') && $okToSave == true) {
if (!isset($postData['captcha'])) {
$postData['captcha'] = '';
}
$msg = plugin_itemPreSave_captcha('forum', $postData['captcha']);
if ($msg != '') {
$errorMessages .= $msg . '<br/>';
$okToSave = false;
}
}
// spamx check
if ($_FF_CONF['use_spamx_filter'] == 1 && $okToSave == true) {
// Check for SPAM
$spamcheck = '<h1>' . $postData['subject'] . '</h1><p>' . $postData['comment'] . '</p>';
$result = PLG_checkforSpam($spamcheck, $_CONF['spamx']);
// Now check the result and redirect to index.php if spam action was taken
if ($result > 0) {
// then tell them to get lost ...
$errorMessages .= $LANG_GF02['spam_detected'];
$okToSave = false;
}
}
if ($_FF_CONF['use_sfs'] == 1 && COM_isAnonUser() && function_exists('plugin_itemPreSave_spamx')) {
$spamCheckData = array('username' => $postData['name'], 'email' => $email, 'ip' => $REMOTE_ADDR);
$msg = plugin_itemPreSave_spamx('forum', $spamCheckData);
if ($msg) {
$errorMessages .= $msg;
$okToSave = false;
}
}
if ($okToSave == false) {
$retval .= _ff_alertMessage($errorMessages, $LANG_GF01['ERROR'], ' ');
return array(false, $retval);
}
if ($okToSave == true) {
if (!isset($postData['postmode_switch'])) {
$postData['postmode_switch'] = 0;
}
$postmode = _ff_chkpostmode($postData['postmode'], $postData['postmode_switch']);
// validate postmode
if ($postmode == 'html' || $postmode == 'HTML') {
if ($_FF_CONF['allow_html'] || SEC_inGroup('Root') || SEC_hasRights('forum.html')) {
$postmode = 'html';
} else {
$postmode = 'text';
}
}
$subject = _ff_preparefordb(strip_tags($postData['subject']), 'text');
$comment = _ff_preparefordb($postData['comment'], $postmode);
$mood = isset($postData['mood']) ? COM_applyFilter($postData['mood']) : '';
$id = COM_applyFilter($postData['id'], true);
$forum = COM_applyFilter($postData['forum'], true);
$notify = isset($postData['notify']) ? COM_applyFilter($postData['notify']) : '';
$status = 0;
if (isset($postData['disable_bbcode']) && $postData['disable_bbcode'] == 1) {
$status += DISABLE_BBCODE;
}
if (isset($postData['disable_smilies']) && $postData['disable_smilies'] == 1) {
$status += DISABLE_SMILIES;
}
if (isset($postData['disable_urlparse']) && $postData['disable_urlparse'] == 1) {
$status += DISABLE_URLPARSE;
}
// If user has moderator edit rights only
$locked = 0;
$sticky = 0;
if (isset($postData['modedit']) && $postData['modedit'] == 1) {
if (isset($postData['locked_switch']) && $postData['locked_switch'] == 1) {
$locked = 1;
}
if (isset($postData['sticky_switch']) && $postData['sticky_switch'] == 1) {
$sticky = 1;
}
}
if ($action == 'savetopic') {
$fields = "forum,name,email,date,lastupdated,subject,comment,postmode,ip,mood,uid,pid,sticky,locked,status";
$sql = "INSERT INTO {$_TABLES['ff_topic']} ({$fields}) ";
$sql .= "VALUES (" . (int) $forum . "," . "'" . DB_escapeString($name) . "'," . "'" . DB_escapeString($email) . "'," . "'" . DB_escapeString($date) . "'," . "'" . DB_escapeString($date) . "'," . "'" . $subject . "'," . "'" . $comment . "'," . "'" . DB_escapeString($postmode) . "'," . "'" . DB_escapeString($REMOTE_ADDR) . "'," . "'" . DB_escapeString($mood) . "'," . (int) $uid . "," . "0," . (int) $sticky . "," . (int) $locked . "," . (int) $status . ")";
DB_query($sql);
// Find the id of the last inserted topic
list($lastid) = DB_fetchArray(DB_query("SELECT max(id) FROM {$_TABLES['ff_topic']} "));
$savedPostID = $lastid;
$topicPID = $lastid;
/* Check for any uploaded files - during add of new topic */
$uploadErrors = _ff_check4files($lastid);
// Check and see if there are no [file] bbcode tags in content and reset the show_inline value
// This is needed in case user had used the file bbcode tag and then removed it
$imagerecs = '';
$imagerecs = implode(',', $forumfiles);
$sql = "UPDATE {$_TABLES['ff_attachments']} SET show_inline = 0 WHERE topic_id=" . (int) $lastid . " ";
if ($imagerecs != '') {
$sql .= "AND id NOT IN ({$imagerecs})";
}
DB_query($sql);
// Update forums record
DB_query("UPDATE {$_TABLES['ff_forums']} SET post_count=post_count+1, topic_count=topic_count+1, last_post_rec=" . (int) $lastid . " WHERE forum_id=" . (int) $forum);
if (DB_Count($_TABLES['ff_attachments'], 'topic_id', (int) $lastid)) {
DB_query("UPDATE {$_TABLES['ff_topic']} SET attachments=1 WHERE id=" . (int) $lastid);
}
DB_query("DELETE FROM {$_TABLES['ff_log']} WHERE topic=" . (int) $topicPID . " and time > 0");
} else {
if ($action == 'savereply') {
$fields = "name,email,date,subject,comment,postmode,ip,mood,uid,pid,forum,status";
$sql = "INSERT INTO {$_TABLES['ff_topic']} ({$fields}) ";
$sql .= "VALUES (" . "'" . DB_escapeString($name) . "'," . "'" . DB_escapeString($email) . "'," . "'" . DB_escapeString($date) . "'," . "'{$subject}'," . "'{$comment}'," . "'" . DB_escapeString($postmode) . "'," . "'" . DB_escapeString($REMOTE_ADDR) . "'," . "'" . DB_escapeString($mood) . "'," . (int) $uid . "," . (int) $id . "," . (int) $forum . "," . (int) $status . ")";
DB_query($sql);
// Find the id of the last inserted topic
list($lastid) = DB_fetchArray(DB_query("SELECT max(id) FROM {$_TABLES['ff_topic']} "));
$savedPostID = $lastid;
$topicPID = $id;
/* Check for any uploaded files - during adding reply post */
$uploadErrors = _ff_check4files($lastid);
// Check and see if there are no [file] bbcode tags in content and reset the show_inline value
// This is needed in case user had used the file bbcode tag and then removed it
$imagerecs = '';
$imagerecs = implode(',', $forumfiles);
$sql = "UPDATE {$_TABLES['ff_attachments']} SET show_inline = 0 WHERE topic_id=" . (int) $lastid;
if ($imagerecs != '') {
$sql .= " AND id NOT IN ({$imagerecs})";
}
DB_query($sql);
DB_query("UPDATE {$_TABLES['ff_topic']} SET replies=replies+1, lastupdated='" . DB_escapeString($date) . "',last_reply_rec=" . (int) $lastid . " WHERE id=" . (int) $id);
DB_query("UPDATE {$_TABLES['ff_forums']} SET post_count=post_count+1, last_post_rec=" . (int) $lastid . " WHERE forum_id=" . (int) $forum);
if (DB_Count($_TABLES['ff_attachments'], 'topic_id', (int) $lastid)) {
DB_query("UPDATE {$_TABLES['ff_topic']} SET attachments=1 WHERE id=" . (int) $id);
}
DB_query("DELETE FROM {$_TABLES['ff_log']} WHERE topic=" . (int) $topicPID . " and time > 0");
} elseif ($action == 'saveedit') {
$sql = "UPDATE {$_TABLES['ff_topic']} SET " . "subject='{$subject}'," . "comment='{$comment}'," . "postmode='" . DB_escapeString($postmode) . "'," . "mood='" . DB_escapeString($mood) . "'," . "sticky=" . (int) $sticky . "," . "locked=" . (int) $locked . "," . "status=" . (int) $status . " " . "WHERE (id=" . (int) $editid . ")";
DB_query($sql);
/* Check for any uploaded files - during save of edit */
$uploadErrors = _ff_check4files($editid);
// Check and see if there are no [file] bbcode tags in content and reset the show_inline value
// This is needed in case user had used the file bbcode tag and then removed it
$imagerecs = '';
$imagerecs = implode(',', $forumfiles);
$sql = "UPDATE {$_TABLES['ff_attachments']} SET show_inline = 0 WHERE topic_id=" . (int) $editid . " ";
if ($imagerecs != '') {
$sql .= "AND id NOT IN ({$imagerecs})";
}
DB_query($sql);
$topicPID = DB_getITEM($_TABLES['ff_topic'], "pid", "id=" . (int) $editid);
if ($topicPID == 0) {
$topicPID = $editid;
}
$savedPostID = $editid;
if ($postData['silentedit'] != 1) {
DB_query("UPDATE {$_TABLES['ff_topic']} SET lastupdated='" . DB_escapeString($date) . "' WHERE id=" . (int) $topicPID);
//Remove any lastviewed records in the log so that the new updated topic indicator will appear
DB_query("DELETE FROM {$_TABLES['ff_log']} WHERE topic=" . (int) $topicPID . " and time > 0");
}
if (DB_Count($_TABLES['ff_attachments'], 'topic_id', (int) $editid)) {
DB_query("UPDATE {$_TABLES['ff_topic']} SET attachments=1 WHERE id=" . (int) $topicPID);
}
$topicparent = $topicPID;
}
}
COM_updateSpeedLimit('forum');
PLG_itemSaved($savedPostID, 'forum');
CACHE_remove_instance('forumcb');
if (!COM_isAnonUser()) {
//NOTIFY - Checkbox variable in form set to "on" when checked and they don't already have subscribed to forum or topic
$nid = -$topicPID;
$currentForumNotifyRecID = (int) DB_getItem($_TABLES['subscriptions'], 'sub_id', "type='forum' AND category='" . DB_escapeString($forum) . "' AND id=0 AND uid=" . (int) $uid);
$currentTopicNotifyRecID = (int) DB_getItem($_TABLES['subscriptions'], 'sub_id', "type='forum' AND category='" . DB_escapeString($forum) . "' AND id='" . DB_escapeString($topicPID) . "' AND uid=" . (int) $uid);
$currentTopicUnNotifyRecID = (int) DB_getItem($_TABLES['subscriptions'], 'sub_id', "type='forum' AND category='" . DB_escapeString($forum) . "' AND id='" . DB_escapeString($nid) . "' AND uid=" . (int) $uid);
$forum_name = DB_getItem($_TABLES['ff_forums'], 'forum_name', 'forum_id=' . (int) $forum);
$topic_name = $subject;
if ($notify == 'on' and ($currentForumNotifyRecID < 1 and $currentTopicNotifyRecID < 1)) {
$sql = "INSERT INTO {$_TABLES['subscriptions']} (type,category,category_desc,id,id_desc,uid,date_added) ";
$sql .= "VALUES ('forum','" . DB_escapeString($forum) . "','" . DB_escapeString($forum_name) . "','" . DB_escapeString($topicPID) . "','" . $subject . "'," . (int) $uid . ",now() )";
DB_query($sql);
} elseif ($notify == 'on' and $currentTopicUnNotifyRecID > 1) {
// Had un-subcribed to topic and now wants to subscribe
DB_query("DELETE FROM {$_TABLES['subscriptions']} WHERE sub_id=" . (int) $currentTopicUnNotifyRecID);
} elseif ($notify == '' and $currentTopicNotifyRecID > 1) {
// Subscribed to topic - but does not want to be notified anymore
DB_query("DELETE FROM {$_TABLES['subscriptions']} WHERE type='forum' AND uid=" . (int) $uid . " AND category='" . DB_escapeString($forum) . "' and id = '" . DB_escapeString($topicPID) . "'");
} elseif ($notify == '' and $currentForumNotifyRecID > 1) {
// Subscribed to forum - but does not want to be notified about this topic
DB_query("DELETE FROM {$_TABLES['subscriptions']} WHERE type='forum' AND uid=" . (int) $uid . " AND category='" . DB_escapeString($forum) . "' and id = '" . DB_escapeString($topicPID) . "'");
DB_query("DELETE FROM {$_TABLES['subscriptions']} WHERE type='forum' AND uid=" . (int) $uid . " AND category='" . DB_escapeString($forum) . "' and id = '" . DB_escapeString($nid) . "'");
DB_query("INSERT INTO {$_TABLES['subscriptions']} (type,category,category_desc,id,id_desc,uid,date_added) VALUES ('forum','" . DB_escapeString($forum) . "','" . DB_escapeString($forum_name) . "','" . DB_escapeString($nid) . "','" . $subject . "'," . (int) $uid . ",now() )");
}
}
if ($action != 'saveedit') {
_ff_chknotifications($forum, $savedPostID, $uid);
}
$link = $_CONF['site_url'] . '/forum/viewtopic.php?showtopic=' . $topicPID . '&topic=' . $savedPostID . '#' . $savedPostID;
if ($uploadErrors != '') {
$autorefresh = false;
} else {
$autorefresh = true;
}
$retval .= FF_statusMessage($uploadErrors . $LANG_GF02['msg19'], $link, $LANG_GF02['msg19'], false, '', $autorefresh);
} else {
$retval .= _ff_alertMessage($LANG_GF02['msg18']);
}
return array(true, $retval);
}
/**
* Saves the story in it's final state to the database.
*
* Handles all the SID magic etc.
* @return Integer status result from a constant list.
*/
function saveToDatabase()
{
global $_TABLES, $_CONF;
if (DB_getItem($_TABLES['topics'], 'tid', "archive_flag=1") == $this->_tid) {
$this->_featured = 0;
$this->_frontpage = 0;
$this->_statuscode = STORY_ARCHIVE_ON_EXPIRE;
}
if ($this->_featured != 1) {
$this->_featured = 0;
}
if ($this->_statuscode == '') {
$this->_statuscode = 0;
}
if ($this->_owner_id == '') {
$this->_owner_id = 1;
}
/* if a featured, non-draft, that goes live straight away, unfeature
* other stories in same topic:
*/
if ($this->_featured == '1') {
// there can only be one non-draft featured story
if ($this->_draft_flag == 0 and $this->_date <= time()) {
if ($this->_frontpage == 1) {
// un-feature any featured frontpage story
DB_query("UPDATE {$_TABLES['stories']} SET featured = 0 WHERE featured = 1 AND draft_flag = 0 AND frontpage = 1 AND date <= NOW()");
}
// un-feature any featured story in the same topic
DB_query("UPDATE {$_TABLES['stories']} SET featured = 0 WHERE featured = 1 AND draft_flag = 0 AND tid = '{$this->_tid}' AND date <= NOW()");
}
}
$oldArticleExists = false;
$currentSidExists = false;
/* Fix up old sid => new sid stuff */
if ($this->_sid != $this->_originalSid) {
/* The sid has changed. Load from request will have
* ensured that if the new sid exists an error has
* been thrown, but we need to know if the old sid
* actually existed (as opposed to being a generated
* sid that was then thrown away) to reduce the sheer
* number of SQL queries we do.
*/
$checksid = DB_escapeString($this->_originalSid);
$newsid = DB_escapeString($this->_sid);
$sql = "SELECT 1 FROM {$_TABLES['stories']} WHERE sid='{$checksid}'";
$result = DB_query($sql);
if ($result && DB_numRows($result) > 0) {
$oldArticleExists = true;
}
if ($oldArticleExists) {
/* Move Comments */
$sql = "UPDATE {$_TABLES['comments']} SET sid='{$newsid}' WHERE type='article' AND sid='{$checksid}'";
DB_query($sql);
/* Move Images */
$sql = "UPDATE {$_TABLES['article_images']} SET ai_sid = '{$newsid}' WHERE ai_sid = '{$checksid}'";
DB_query($sql);
/* Move trackbacks */
$sql = "UPDATE {$_TABLES['trackback']} SET sid='{$newsid}' WHERE sid='{$checksid}' AND type='article'";
DB_query($sql);
/* Move ratings */
$sql = "UPDATE {$_TABLES['rating']} SET item_id='{$newsid}' WHERE item_id='{$checksid}' AND type='article'";
DB_query($sql);
$sql = "UPDATE {$_TABLES['rating_votes']} SET item_id='{$newsid}' WHERE item_id='{$checksid}' AND type='article'";
DB_query($sql);
CACHE_remove_instance('story_' . $this->_originalSid);
}
}
/* Acquire Comment Count */
$sql = "SELECT count(1) FROM {$_TABLES['comments']} WHERE type='article' AND sid='" . DB_escapeString($this->_sid) . "'";
$result = DB_query($sql);
if ($result && DB_numRows($result) == 1) {
$array = DB_fetchArray($result);
$this->_comments = $array[0];
} else {
$this->_comments = 0;
}
/* Acquire Rating / Votes */
list($rating_id, $rating, $votes) = RATING_getRating('article', $this->_sid);
$this->_rating = $rating;
$this->_votes = $votes;
//@TODO - remove this call on save
// Get the related URLs
$this->_related = implode("\n", STORY_extractLinks("{$this->_introtext} {$this->_bodytext}"));
$sql = 'REPLACE INTO ' . $_TABLES['stories'] . ' (';
$values = ' VALUES (';
$fields = '';
reset($this->_dbFields);
/* This uses the database field array to generate a SQL Statement. This
* means that when adding new fields to save and load, all we need to do
* is add the field name to the array, and the code will magically cope.
*/
while (list($fieldname, $save) = each($this->_dbFields)) {
if ($save === 1) {
$varname = '_' . $fieldname;
$sql .= $fieldname . ', ';
if ($fieldname == 'date' || $fieldname == 'expire' || $fieldname == 'comment_expire') {
// let the DB server do this conversion
if (!empty($this->{$varname})) {
$values .= 'FROM_UNIXTIME(' . $this->{$varname} . '), ';
} else {
$values .= "'0000-00-00 00:00:00', ";
}
} else {
$values .= '\'' . DB_escapeString($this->{$varname}) . '\', ';
}
}
}
$sql = substr($sql, 0, strlen($sql) - 2);
$values = substr($values, 0, strlen($values) - 2);
$sql .= ') ' . $values . ')';
DB_query($sql);
CACHE_remove_instance('story_' . $this->_sid);
/* Clean up the old story */
if ($oldArticleExists && !empty($checksid)) {
$sql = "DELETE FROM {$_TABLES['stories']} WHERE sid='{$checksid}'";
DB_query($sql);
CACHE_remove_instance('story_' . $this->_originalSid);
}
if ($this->type == 'submission') {
if (!empty($checksid)) {
DB_delete($_TABLES['storysubmission'], 'sid', $checksid);
} else {
DB_delete($_TABLES['storysubmission'], 'sid', DB_escapeString($this->_sid));
}
}
CACHE_remove_instance('whatsnew');
CACHE_remove_instance('stmenu');
return STORY_SAVED;
}
/**
* This function is called when a user's information
* (profile or preferences) has changed.
*
* @param int $uid user id
* @return void
*
*/
function plugin_user_changed_topic($uid)
{
global $_CONF;
// Wipe out user's session variable for last_topic_update (if it exists) since their
// security may have changed and the topic tree should be updated again
$cacheInstance = 'topic_tree__' . CACHE_security_hash();
CACHE_remove_instance($cacheInstance);
}
/**
* Handles a comment delete
*
* @copyright Vincent Furia 2005
* @author Vincent Furia <vinny01 AT users DOT sourceforge DOT net>
* @return string HTML (possibly a refresh)
*/
function handleDelete()
{
global $_CONF, $_TABLES, $_USER, $_PLUGINS;
$retval = '';
$cid = 0;
$type = COM_applyFilter($_REQUEST['type']);
$sid = COM_sanitizeID(COM_applyFilter($_REQUEST['sid']));
if (isset($_REQUEST['cid'])) {
$cid = COM_applyFilter($_REQUEST['cid'], true);
}
if ($type != 'article') {
if (!in_array($type, $_PLUGINS)) {
$type = '';
}
}
if (!($retval = PLG_commentDelete($type, $cid, $sid))) {
CACHE_remove_instance('whatsnew');
echo COM_refresh($_CONF['site_url'] . '/index.php');
exit;
}
return $retval;
}
function MG_saveMemberDefaults()
{
global $_CONF, $_MG_CONF, $_TABLES, $_USER, $_POST;
$member_albums = isset($_POST['member_albums']) ? COM_applyFilter($_POST['member_albums'], true) : 0;
$member_quota = COM_applyFilter($_POST['member_quota'], true) * 1048576;
$auto_create = isset($_POST['auto_create']) ? COM_applyFilter($_POST['auto_create'], true) : 0;
$allow_create = isset($_POST['allow_create']) ? COM_applyFilter($_POST['allow_create'], true) : 0;
$member_use_fullname = isset($_POST['member_use_fullname']) ? COM_applyFilter($_POST['member_use_fullname'], true) : 0;
$feature_member_album = isset($_POST['feature_member_album']) ? COM_applyFilter($_POST['feature_member_album'], true) : 0;
$allow_remote = isset($_POST['allow_remote']) ? COM_applyFilter($_POST['allow_remote'], true) : 0;
$member_root = isset($_POST['member_root']) ? COM_applyFilter($_POST['member_root'], true) : 0;
$member_archive = isset($_POST['member_archive']) ? COM_applyFilter($_POST['member_archive'], true) : 0;
$enable_random = isset($_POST['enable_random']) ? COM_applyFilter($_POST['enable_random'], true) : 0;
$max_image_width = COM_applyFilter($_POST['max_image_width'], true);
$max_image_height = COM_applyFilter($_POST['max_image_height'], true);
$max_filesize = COM_applyFilter($_POST['max_filesize'], true) * 1024;
$uploads = isset($_POST['uploads']) ? COM_applyFilter($_POST['uploads'], true) : 0;
$moderate = isset($_POST['moderate']) ? COM_applyFilter($_POST['moderate'], true) : 0;
$mod_id = COM_applyFilter($_POST['mod_id'], true);
$email_mod = isset($_POST['email_mod']) ? COM_applyFilter($_POST['email_mod'], true) : 0;
$tperm_owner = isset($_POST['perm_owner']) ? $_POST['perm_owner'] : 0;
$tperm_group = isset($_POST['perm_group']) ? $_POST['perm_group'] : 0;
$tperm_members = isset($_POST['perm_members']) ? $_POST['perm_members'] : 0;
$tperm_anon = isset($_POST['perm_anon']) ? $_POST['perm_anon'] : 0;
list($perm_owner, $perm_group, $perm_members, $perm_anon) = SEC_getPermissionValues($tperm_owner, $tperm_group, $tperm_members, $tperm_anon);
// valid media formats....
$format_jpg = isset($_POST['format_jpg']) ? COM_applyFilter($_POST['format_jpg'], true) : 0;
$format_png = isset($_POST['format_png']) ? COM_applyFilter($_POST['format_png'], true) : 0;
$format_tif = isset($_POST['format_tif']) ? COM_applyFilter($_POST['format_tif'], true) : 0;
$format_gif = isset($_POST['format_gif']) ? COM_applyFilter($_POST['format_gif'], true) : 0;
$format_bmp = isset($_POST['format_bmp']) ? COM_applyFilter($_POST['format_bmp'], true) : 0;
$format_tga = isset($_POST['format_tga']) ? COM_applyFilter($_POST['format_tga'], true) : 0;
$format_psd = isset($_POST['format_psd']) ? COM_applyFilter($_POST['format_psd'], true) : 0;
$format_mp3 = isset($_POST['format_mp3']) ? COM_applyFilter($_POST['format_mp3'], true) : 0;
$format_ogg = isset($_POST['format_ogg']) ? COM_applyFilter($_POST['format_ogg'], true) : 0;
$format_asf = isset($_POST['format_asf']) ? COM_applyFilter($_POST['format_asf'], true) : 0;
$format_swf = isset($_POST['format_swf']) ? COM_applyFilter($_POST['format_swf'], true) : 0;
$format_mov = isset($_POST['format_mov']) ? COM_applyFilter($_POST['format_mov'], true) : 0;
$format_mp4 = isset($_POST['format_mp4']) ? COM_applyFilter($_POST['format_mp4'], true) : 0;
$format_mpg = isset($_POST['format_mpg']) ? COM_applyFilter($_POST['format_mpg'], true) : 0;
$format_zip = isset($_POST['format_zip']) ? COM_applyFilter($_POST['format_zip'], true) : 0;
$format_other = isset($_POST['format_other']) ? COM_applyFilter($_POST['format_other'], true) : 0;
$format_flv = isset($_POST['format_flv']) ? COM_applyFilter($_POST['format_flv'], true) : 0;
$format_rflv = isset($_POST['format_rflv']) ? COM_applyFilter($_POST['format_rflv'], true) : 0;
$format_emb = isset($_POST['format_emb']) ? COM_applyFilter($_POST['format_emb'], true) : 0;
$member_valid_formats = $format_jpg + $format_png + $format_tif + $format_gif + $format_bmp + $format_tga + $format_psd + $format_mp3 + $format_ogg + $format_asf + $format_swf + $format_mov + $format_mp4 + $format_mpg + $format_zip + $format_other + $format_flv + $format_rflv + $format_emb;
// put any error checking / validation here
DB_save($_TABLES['mg_config'], "config_name, config_value", "'member_albums','{$member_albums}'");
DB_save($_TABLES['mg_config'], "config_name, config_value", "'member_use_fullname','{$member_use_fullname}'");
DB_save($_TABLES['mg_config'], "config_name, config_value", "'feature_member_album','{$feature_member_album}'");
DB_save($_TABLES['mg_config'], "config_name, config_value", "'allow_remote','{$allow_remote}'");
DB_save($_TABLES['mg_config'], "config_name, config_value", "'member_quota','{$member_quota}'");
DB_save($_TABLES['mg_config'], "config_name, config_value", "'member_auto_create','{$auto_create}'");
DB_save($_TABLES['mg_config'], "config_name, config_value", "'member_create_new','{$allow_create}'");
DB_save($_TABLES['mg_config'], "config_name, config_value", "'member_album_root','{$member_root}'");
DB_save($_TABLES['mg_config'], "config_name, config_value", "'member_album_archive','{$member_archive}'");
DB_save($_TABLES['mg_config'], "config_name, config_value", "'member_enable_random','{$enable_random}'");
DB_save($_TABLES['mg_config'], "config_name, config_value", "'member_max_width','{$max_image_width}'");
DB_save($_TABLES['mg_config'], "config_name, config_value", "'member_max_height','{$max_image_height}'");
DB_save($_TABLES['mg_config'], "config_name, config_value", "'member_max_filesize','{$max_filesize}'");
DB_save($_TABLES['mg_config'], "config_name, config_value", "'member_uploads','{$uploads}'");
DB_save($_TABLES['mg_config'], "config_name, config_value", "'member_moderate','{$moderate}'");
DB_save($_TABLES['mg_config'], "config_name, config_value", "'member_mod_group_id','{$mod_id}'");
DB_save($_TABLES['mg_config'], "config_name, config_value", "'member_email_mod','{$email_mod}'");
DB_save($_TABLES['mg_config'], "config_name, config_value", "'member_perm_owner','{$perm_owner}'");
DB_save($_TABLES['mg_config'], "config_name, config_value", "'member_perm_group','{$perm_group}'");
DB_save($_TABLES['mg_config'], "config_name, config_value", "'member_perm_members','{$perm_members}'");
DB_save($_TABLES['mg_config'], "config_name, config_value", "'member_perm_anon','{$perm_anon}'");
DB_save($_TABLES['mg_config'], "config_name, config_value", "'member_valid_formats','{$member_valid_formats}'");
CACHE_remove_instance('stmenu');
echo COM_refresh($_MG_CONF['admin_url'] . 'index.php?msg=12');
exit;
}
/**
* Moves comment from submission table to comments table
*
* @param int cid comment id
* @copyright Jared Wenerd 2008
* @author Jared Wenerd, wenerd87 AT gmail DOT com
* @param string $cid comment id
* @return string of story id
*/
function CMT_approveModeration($cid)
{
global $_CONF, $_TABLES;
$result = DB_query("SELECT type, sid, date, title, comment, uid, name, pid, ipaddress FROM {$_TABLES['commentsubmissions']} WHERE cid = '{$cid}'");
$A = DB_fetchArray($result);
if ($A['pid'] > 0) {
// get indent+1 of parent
$indent = DB_getItem($_TABLES['comments'], 'indent+1', "cid = '{$A['pid']}'");
if (empty($indent)) {
$indent = 0;
}
} else {
$indent = 0;
}
$A['title'] = DB_escapeString($A['title']);
$A['comment'] = DB_escapeString($A['comment']);
if (isset($A['name'])) {
// insert data
$A['name'] = DB_escapeString($A['name']);
DB_save($_TABLES['comments'], 'type,sid,date,title,comment,uid,name,pid,ipaddress,indent', "'{$A['type']}','{$A['sid']}','{$A['date']}','{$A['title']}','{$A['comment']}','{$A['uid']}'," . "'{$A['name']}','{$A['pid']}','{$A['ipaddress']}',{$indent}");
} else {
// insert data, null automatically goes into name column
DB_save($_TABLES['comments'], 'type,sid,date,title,comment,uid,pid,ipaddress,indent', "'{$A['type']}','{$A['sid']}','{$A['date']}','{$A['title']}','{$A['comment']}','{$A['uid']}'," . "'{$A['pid']}','{$A['ipaddress']}',{$indent}");
}
$newcid = DB_insertId('', 'comments_cid_seq');
DB_delete($_TABLES['commentsubmissions'], 'cid', $cid);
DB_change($_TABLES['commentnotifications'], 'cid', $newcid, 'mid', $cid);
// notify of new published comment
if ($_CONF['allow_reply_notifications'] == 1 && $A['pid'] > 0) {
// $sql = "SELECT cid, uid, deletehash FROM {$_TABLES['commentnotifications']} WHERE cid = $pid"; // Used in Geeklog 2.0.0 and before. Notification sent only if someone directly replies to the comment (not a reply of a reply)
$sql = "SELECT cn.cid, cn.uid, cn.deletehash " . "FROM {$_TABLES['comments']} AS c, {$_TABLES['comments']} AS c2, " . "{$_TABLES['commentnotifications']} AS cn " . "WHERE c2.cid = cn.cid AND (c.lft >= c2.lft AND c.lft <= c2.rht) " . "AND c.cid = {$A['pid']} GROUP BY cn.uid";
$result = DB_query($sql);
$B = DB_fetchArray($result);
if ($B !== false) {
CMT_sendReplyNotification($B);
}
}
// Update Comment Feeds
COM_rdfUpToDateCheck('comment');
// Delete What's New block cache so it can get updated again
if ($_CONF['whatsnew_cache_time'] > 0 and !$_CONF['hidenewcomments']) {
$cacheInstance = 'whatsnew__';
// remove all whatsnew instances
CACHE_remove_instance($cacheInstance);
}
return $A['sid'];
}
/**
* Delete a block
*
* @param string $bid id of block to delete
* @return string HTML redirect or error message
*
*/
function deleteBlock($bid)
{
global $_CONF, $_TABLES, $_USER;
$result = DB_query("SELECT owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon FROM {$_TABLES['blocks']} WHERE bid ='{$bid}'");
$A = DB_fetchArray($result);
$access = SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']);
if ($access < 3 || TOPIC_hasMultiTopicAccess('block', $bid) < 3) {
COM_accessLog("User {$_USER['username']} tried to illegally delete block {$bid}.");
return COM_refresh($_CONF['site_admin_url'] . '/block.php');
}
TOPIC_deleteTopicAssignments('block', $bid);
DB_delete($_TABLES['blocks'], 'bid', $bid);
$cacheInstance = 'block__' . $bid . '__';
// remove any of this blocks instances if exists
CACHE_remove_instance($cacheInstance);
return COM_refresh($_CONF['site_admin_url'] . '/block.php?msg=12');
}
/**
* Delete a feed.
*
* @param int $fid feed id
* @return string HTML redirect
*
*/
function FEED_delete($fid)
{
global $_CONF, $_TABLES;
if ($fid > 0) {
$feedfile = DB_getItem($_TABLES['syndication'], 'filename', "fid = {$fid}");
if (!empty($feedfile)) {
@unlink(SYND_getFeedPath($feedfile));
}
DB_delete($_TABLES['syndication'], 'fid', $fid);
CACHE_remove_instance('story');
COM_setMessage(59);
return COM_refresh($_CONF['site_admin_url'] . '/syndication.php');
}
return COM_refresh($_CONF['site_admin_url'] . '/syndication.php');
}
function MG_saveMediaEdit($album_id, $media_id, $actionURL)
{
global $_USER, $_CONF, $_TABLES, $_MG_CONF, $LANG_MG00, $LANG_MG01, $LANG_MG03, $_POST, $_FILES;
$back = COM_applyFilter($_POST['rpath']);
if ($back != '') {
$sLength = strlen($_CONF['site_url']);
if (substr($back, 0, $sLength) != $_CONF['site_url']) {
$back = $_CONF['site_url'];
}
$actionURL = $back;
}
$queue = COM_applyFilter($_POST['queue'], true);
if (isset($_POST['replacefile'])) {
$replacefile = COM_applyFilter($_POST['replacefile']);
} else {
$replacefile = 0;
}
if ($replacefile == 1) {
require_once $_CONF['path'] . 'plugins/mediagallery/include/lib-upload.php';
$repfilename = $_FILES['repfilename'];
$filename = $repfilename['name'];
$file = $repfilename['tmp_name'];
list($rc, $msg) = MG_getFile($file, $filename, $album_id, '', '', 1, 0, '', 0, '', '', 0, 0, $media_id);
COM_errorLog($msg);
}
// see if we had an attached thumbnail before...
$thumb = $_FILES['attthumb'];
$thumbnail = $thumb['tmp_name'];
$att = isset($_POST['attachtn']) ? COM_applyFilter($_POST['attachtn'], true) : 0;
if ($att == 1) {
$attachtn = 1;
} else {
$attachtn = 0;
}
if ($queue) {
$old_attached_tn = DB_getItem($_TABLES['mg_mediaqueue'], 'media_tn_attached', 'media_id="' . DB_escapeString($media_id) . '"');
} else {
$old_attached_tn = DB_getItem($_TABLES['mg_media'], 'media_tn_attached', 'media_id="' . DB_escapeString($media_id) . '"');
}
if ($old_attached_tn == 0 && $att == 1 && $thumbnail == '') {
$attachtn = 0;
}
if ($old_attached_tn == 1 && $attachtn == 0) {
$remove_old_tn = 1;
} else {
$remove_old_tn = 0;
}
if ($queue) {
$remote_media = DB_getItem($_TABLES['mg_mediaqueue'], 'remote_media', 'media_id="' . DB_escapeString($media_id) . '"');
} else {
$remote_media = DB_getItem($_TABLES['mg_media'], 'remote_media', 'media_id="' . DB_escapeString($media_id) . '"');
}
if ($remote_media) {
$remote_url = isset($_POST['remoteurl']) ? DB_escapeString($_POST['remoteurl']) : '';
} else {
$remote_url = '';
}
if ($_MG_CONF['htmlallowed']) {
$media_title = COM_checkWords($_POST['media_title']);
$media_desc = COM_checkWords($_POST['media_desc']);
} else {
$media_title = htmlspecialchars(strip_tags(COM_checkWords($_POST['media_title'])));
$media_desc = htmlspecialchars(strip_tags(COM_checkWords($_POST['media_desc'])));
}
$media_time_month = COM_applyFilter($_POST['media_month']);
$media_time_day = COM_applyFilter($_POST['media_day']);
$media_time_year = COM_applyFilter($_POST['media_year']);
$media_time_hour = COM_applyFilter($_POST['media_hour']);
$media_time_minute = COM_applyFilter($_POST['media_minute']);
$original_filename = COM_applyFilter($_POST['original_filename']);
if ($replacefile == 1) {
$original_filename = $filename;
}
$cat_id = COM_applyFilter($_POST['cat_id'], true);
$media_keywords = $_POST['media_keywords'];
$media_keywords_safe = substr($media_keywords, 0, 254);
$media_keywords = DB_escapeString(htmlspecialchars(strip_tags(COM_checkWords($media_keywords_safe))));
$artist = isset($_POST['artist']) ? DB_escapeString(COM_applyFilter($_POST['artist'])) : '';
$musicalbum = isset($_POST['musicalbum']) ? DB_escapeString(COM_applyFilter($_POST['musicalbum'])) : '';
$genre = isset($_POST['genre']) ? DB_escapeString(COM_applyFilter($_POST['genre'])) : '';
$dtObject = new Date('now', $_USER['tzid']);
$dtObject->setDateTimestamp($media_time_year, $media_time_month, $media_time_day, $media_time_hour, $media_time_minute, 0);
$media_time = $dtObject->toUnix();
if (isset($_POST['owner_name'])) {
$owner_id = COM_applyFilter($_POST['owner_name'], true);
$owner_sql = ',media_user_id=' . $owner_id . ' ';
} else {
$owner_sql = '';
}
$sql = "UPDATE " . ($queue ? $_TABLES['mg_mediaqueue'] : $_TABLES['mg_media']) . "\n SET media_title='" . DB_escapeString($media_title) . "',\n media_desc='" . DB_escapeString($media_desc) . "',\n media_original_filename='" . DB_escapeString($original_filename) . "',\n media_time=" . $media_time . ",\n media_tn_attached=" . $attachtn . ",\n media_category=" . intval($cat_id) . ",\n media_keywords='" . $media_keywords . "',\n artist='" . $artist . "',\n album='" . $musicalbum . "',\n genre='" . $genre . "',\n remote_url='" . $remote_url . "' " . $owner_sql . "WHERE media_id='" . DB_escapeString($media_id) . "'";
DB_query($sql);
if (DB_error() != 0) {
echo COM_errorLog("Media Gallery: ERROR Updating image in media database");
}
PLG_itemSaved($media_id, 'mediagallery');
$media_id_db = DB_escapeString($media_id);
// process playback options if any...
if (isset($_POST['autostart'])) {
// asf
$playback_option['autostart'] = intval(COM_applyFilter($_POST['autostart'], true));
$playback_option['enablecontextmenu'] = intval(COM_applyFilter($_POST['enablecontextmenu'], true));
$playback_option['stretchtofit'] = isset($_POST['stretchtofit']) ? intval(COM_applyFilter($_POST['stretchtofit'], true)) : 0;
$playback_option['showstatusbar'] = COM_applyFilter($_POST['showstatusbar'], true);
$playback_option['uimode'] = COM_applyFilter($_POST['uimode']);
$playback_option['height'] = isset($_POST['height']) ? COM_applyFilter($_POST['height'], true) : 0;
$playback_option['width'] = isset($_POST['width']) ? COM_applyFilter($_POST['width'], true) : 0;
$playback_option['bgcolor'] = isset($_POST['bgcolor']) ? COM_applyFilter($_POST['bgcolor']) : 0;
$playback_option['playcount'] = isset($_POST['playcount']) ? COM_applyFilter($_POST['playcount'], true) : 0;
$playback_option['loop'] = isset($_POST['loop']) ? COM_applyFilter($_POST['loop'], true) : 0;
if ($playback_option['playcount'] < 1) {
$playback_option['playcount'] = 1;
}
DB_save($_TABLES['mg_playback_options'], 'media_id,option_name,option_value', "'{$media_id_db}','autostart',{$playback_option['autostart']}");
DB_save($_TABLES['mg_playback_options'], 'media_id,option_name,option_value', "'{$media_id_db}','enablecontextmenu',{$playback_option['enablecontextmenu']}");
if ($playback_option['stretchtofit'] != '') {
DB_save($_TABLES['mg_playback_options'], 'media_id,option_name,option_value', "'{$media_id_db}','stretchtofit',{$playback_option['stretchtofit']}");
}
DB_save($_TABLES['mg_playback_options'], 'media_id,option_name,option_value', "'{$media_id_db}','showstatusbar',{$playback_option['showstatusbar']}");
DB_save($_TABLES['mg_playback_options'], 'media_id,option_name,option_value', "'{$media_id_db}','uimode', '{$playback_option['uimode']}'");
DB_save($_TABLES['mg_playback_options'], 'media_id,option_name,option_value', "'{$media_id_db}','height',{$playback_option['height']}");
DB_save($_TABLES['mg_playback_options'], 'media_id,option_name,option_value', "'{$media_id_db}','width',{$playback_option['width']}");
DB_save($_TABLES['mg_playback_options'], 'media_id,option_name,option_value', "'{$media_id_db}','bgcolor','{$playback_option['bgcolor']}'");
DB_save($_TABLES['mg_playback_options'], 'media_id,option_name,option_value', "'{$media_id_db}','playcount','{$playback_option['playcount']}'");
DB_save($_TABLES['mg_playback_options'], 'media_id,option_name,option_value', "'{$media_id_db}','loop','{$playback_option['loop']}'");
}
if (isset($_POST['play'])) {
//swf
$playback_option['play'] = COM_applyFilter($_POST['play'], true);
$playback_option['menu'] = isset($_POST['menu']) ? COM_applyFilter($_POST['menu'], true) : '';
$playback_option['quality'] = isset($_POST['quality']) ? DB_escapeString(COM_applyFilter($_POST['quality'])) : '';
$playback_option['flashvars'] = isset($_POST['flashvars']) ? DB_escapeString(COM_applyFilter($_POST['flashvars'])) : '';
$playback_option['height'] = COM_applyFilter($_POST['height'], true);
$playback_option['width'] = COM_applyFilter($_POST['width'], true);
$playback_option['loop'] = isset($_POST['loop']) ? COM_applyFilter($_POST['loop'], true) : 0;
$playback_option['scale'] = isset($_POST['scale']) ? DB_escapeString(COM_applyFilter($_POST['scale'])) : '';
$playback_option['wmode'] = isset($_POST['wmode']) ? DB_escapeString(COM_applyFilter($_POST['wmode'])) : '';
$playback_option['allowscriptaccess'] = isset($_POST['allowscriptaccess']) ? DB_escapeString(COM_applyFilter($_POST['allowscriptaccess'])) : '';
$playback_option['bgcolor'] = isset($_POST['bgcolor']) ? DB_escapeString(COM_applyFilter($_POST['bgcolor'])) : '';
$playback_option['swf_version'] = isset($_POST['swf_version']) ? COM_applyFilter($_POST['swf_version'], true) : 9;
DB_save($_TABLES['mg_playback_options'], 'media_id,option_name,option_value', "'{$media_id_db}','play', {$playback_option['play']}");
if ($playback_option['menu'] != '') {
DB_save($_TABLES['mg_playback_options'], 'media_id,option_name,option_value', "'{$media_id_db}','menu', {$playback_option['menu']}");
}
DB_save($_TABLES['mg_playback_options'], 'media_id,option_name,option_value', "'{$media_id_db}','quality', '{$playback_option['quality']}'");
DB_save($_TABLES['mg_playback_options'], 'media_id,option_name,option_value', "'{$media_id_db}','height', {$playback_option['height']}");
DB_save($_TABLES['mg_playback_options'], 'media_id,option_name,option_value', "'{$media_id_db}','width', {$playback_option['width']}");
DB_save($_TABLES['mg_playback_options'], 'media_id,option_name,option_value', "'{$media_id_db}','flashvars', '{$playback_option['flashvars']}'");
DB_save($_TABLES['mg_playback_options'], 'media_id,option_name,option_value', "'{$media_id_db}','scale', '{$playback_option['scale']}'");
DB_save($_TABLES['mg_playback_options'], 'media_id,option_name,option_value', "'{$media_id_db}','wmode', '{$playback_option['wmode']}'");
DB_save($_TABLES['mg_playback_options'], 'media_id,option_name,option_value', "'{$media_id_db}','loop', '{$playback_option['loop']}'");
DB_save($_TABLES['mg_playback_options'], 'media_id,option_name,option_value', "'{$media_id_db}','allowscriptaccess','{$playback_option['allowscriptaccess']}'");
DB_save($_TABLES['mg_playback_options'], 'media_id,option_name,option_value', "'{$media_id_db}','bgcolor', '{$playback_option['bgcolor']}'");
DB_save($_TABLES['mg_playback_options'], 'media_id,option_name,option_value', "'{$media_id}','swf_version', '{$playback_option['swf_version']}'");
}
if (isset($_POST['autoplay'])) {
//quicktime
$playback_option['autoplay'] = COM_applyFilter($_POST['autoplay'], true);
$playback_option['autoref'] = COM_applyFilter($_POST['autoref'], true);
$playback_option['controller'] = COM_applyFilter($_POST['controller'], true);
$playback_option['kioskmode'] = COM_applyFilter($_POST['kioskmode'], true);
$playback_option['scale'] = DB_escapeString(COM_applyFilter($_POST['scale']));
$playback_option['height'] = COM_applyFilter($_POST['height'], true);
$playback_option['width'] = COM_applyFilter($_POST['width'], true);
$playback_option['bgcolor'] = COM_applyFilter($_POST['bgcolor']);
$playback_option['loop'] = COM_applyFilter($_POST['loop'], true);
DB_save($_TABLES['mg_playback_options'], 'media_id,option_name,option_value', "'{$media_id_db}','autoref',{$playback_option['autoref']}");
DB_save($_TABLES['mg_playback_options'], 'media_id,option_name,option_value', "'{$media_id_db}','autoplay',{$playback_option['autoplay']}");
DB_save($_TABLES['mg_playback_options'], 'media_id,option_name,option_value', "'{$media_id_db}','controller',{$playback_option['controller']}");
DB_save($_TABLES['mg_playback_options'], 'media_id,option_name,option_value', "'{$media_id_db}','kioskmode',{$playback_option['kioskmode']}");
DB_save($_TABLES['mg_playback_options'], 'media_id,option_name,option_value', "'{$media_id_db}','scale','{$playback_option['scale']}'");
DB_save($_TABLES['mg_playback_options'], 'media_id,option_name,option_value', "'{$media_id_db}','height',{$playback_option['height']}");
DB_save($_TABLES['mg_playback_options'], 'media_id,option_name,option_value', "'{$media_id_db}','width',{$playback_option['width']}");
DB_save($_TABLES['mg_playback_options'], 'media_id,option_name,option_value', "'{$media_id_db}','bgcolor','{$playback_option['bgcolor']}'");
DB_save($_TABLES['mg_playback_options'], 'media_id,option_name,option_value', "'{$media_id_db}','loop','{$playback_option['loop']}'");
}
if ($attachtn == 1 && $thumbnail != '') {
require_once $_CONF['path'] . 'plugins/mediagallery/include/lib-upload.php';
$media_filename = DB_getItem($_TABLES['mg_media'], 'media_filename', 'media_id="' . $media_id . '"');
$thumbFilename = $_MG_CONF['path_mediaobjects'] . 'tn/' . $media_filename[0] . '/tn_' . $media_filename;
MG_attachThumbnail($album_id, $thumbnail, $thumbFilename);
}
if ($remove_old_tn == 1) {
$media_filename = DB_getItem($_TABLES['mg_media'], 'media_filename', 'media_id="' . $media_id . '"');
foreach ($_MG_CONF['validExtensions'] as $ext) {
if (file_exists($_MG_CONF['path_mediaobjects'] . 'tn/' . $media_filename[0] . '/tn_' . $media_filename . $ext)) {
@unlink($_MG_CONF['path_mediaobjects'] . 'tn/' . $media_filename[0] . '/tn_' . $media_filename . $ext);
break;
}
}
}
if ($queue) {
echo COM_refresh($_MG_CONF['site_url'] . '/admin.php?album_id=' . $album_id . '&mode=moderate');
} else {
require_once $_CONF['path'] . 'plugins/mediagallery/include/rssfeed.php';
MG_buildAlbumRSS($album_id);
CACHE_remove_instance('whatsnew');
echo COM_refresh($actionURL);
}
exit;
}
/**
* deletes specified album and moves contents if target_id not 0
*
* @param int album_id album_id to delete
* @param int target_id album id of where to move the delted albums contents
* @return string HTML
*
*/
function MG_deleteAlbum($album_id, $target_id, $actionURL = '')
{
global $MG_albums, $_USER, $_CONF, $_TABLES, $_MG_CONF, $LANG_MG00, $LANG_MG01;
if ($actionURL == '') {
$actionURL = $_CONF['site_admin_url'] . '/plugins/mediagallery/index.php';
}
// need to check perms here...
if ($MG_albums[$album_id]->access != 3) {
COM_errorLog("MediaGallery: Someone has tried to illegally delete an album in Media Gallery. User id: {$_USER['uid']}, Username: {$_USER['username']}, IP: {$REMOTE_ADDR}", 1);
return MG_genericError($LANG_MG00['access_denied_msg']);
}
if ($target_id == 0) {
// Delete all images -- need to recurse through all sub-albums...
MG_deleteChildAlbums($album_id);
} else {
// move the stuff to another album...
// add a check to make sure we have edit rights to the target album...
$sql = "SELECT * FROM {$_TABLES['mg_albums']} WHERE album_id=" . $target_id;
$result = DB_query($sql);
$nRows = DB_numRows($result);
if ($nRows > 0) {
$row = DB_fetchArray($result);
$access = SEC_hasAccess($row['owner_id'], $row['group_id'], $row['perm_owner'], $row['perm_group'], $row['perm_members'], $row['perm_anon']);
if ($access == 3 || SEC_hasRights('mediagallery.admin')) {
$sql = "UPDATE " . $_TABLES['mg_media_albums'] . " SET album_id = " . $target_id . " WHERE album_id = " . $album_id;
DB_query($sql);
$sql = "UPDATE " . $_TABLES['mg_albums'] . " SET album_parent = " . $target_id . " WHERE album_parent=" . $album_id;
DB_query($sql);
$sql = "DELETE FROM " . $_TABLES['mg_albums'] . " WHERE album_id = " . $album_id;
DB_query($sql);
// now we need to update the last_update, media_count and thumbnail image for this album....
$dbCount = DB_count($_TABLES['mg_media_albums'], 'album_id', $target_id);
DB_query("UPDATE " . $_TABLES['mg_albums'] . " SET media_count=" . $dbCount . " WHERE album_id=" . $target_id);
// now pull last_update and new thumbnail
if ($MG_albums[$target_id]->album_cover == -1) {
$result = DB_query("SELECT media_filename FROM {$_TABLES['mg_media']} AS m LEFT JOIN {$_TABLES['mg_media_albums']} AS ma ON m.media_id=ma.media_id WHERE ma.album_id=" . $target_id . " AND m.media_type=0 ORDER BY m.media_upload_time DESC LIMIT 1");
$nRows = DB_numRows($result);
if ($nRows > 0) {
$row = DB_fetchArray($result);
$filename = $row['media_filename'];
$sql = "UPDATE " . $_TABLES['mg_albums'] . " SET album_cover = '-1', album_cover_filename='" . $filename . "' WHERE album_id = " . $target_id;
DB_query($sql);
} else {
$sql = "UPDATE " . $_TABLES['mg_albums'] . " SET album_cover = '-1', album_cover_filename='' WHERE album_id = " . $target_id;
DB_query($sql);
}
}
} else {
COM_errorLog("MediaGallery: User attempting to move to a album that user does not have privelges too!");
return MG_genericError($LANG_MG00['access_denied_msg']);
}
} else {
COM_errorLog("MediaGallery: Deleting Album - ERROR - Target albums does not exist");
return MG_genericError($LANG_MG00['access_denied_msg']);
}
}
// check and see if we need to reset the member_gallery flag...
if ($_MG_CONF['member_albums'] == 1 && $MG_albums[$album_id]->parent == $_MG_CONF['member_album_root']) {
$result = DB_query("SELECT * FROM {$_TABLES['mg_albums']} WHERE owner_id=" . $MG_albums[$album_id]->owner_id . " AND album_parent=" . $MG_albums[$album_id]->parent);
$numRows = DB_numRows($result);
if ($numRows == 0) {
DB_query("UPDATE {$_TABLES['mg_userprefs']} SET member_gallery=0 WHERE uid=" . $MG_albums[$album_id]->owner_id, 1);
}
}
require_once $_CONF['path'] . 'plugins/mediagallery/include/rssfeed.php';
MG_buildFullRSS();
if ($target_id != 0) {
MG_buildAlbumRSS($target_id);
}
CACHE_remove_instance('whatsnew');
echo COM_refresh($actionURL);
exit;
}
/**
* Saves a Static Page to the database
*
* @param sp_id string ID of static page
* @param sp_uid string ID of user that created page
* @param sp_title string title of page
* @param sp_content string page content
* @param sp_hits int Number of page views
* @param sp_format string HTML or plain text
* @param sp_onmenu string Flag to place entry on menu
* @param sp_label string Menu Entry
* @param commentcode int Comment Code
* @param owner_id int Permission bits
* @param group_id int
* @param perm_owner int
* @param perm_members int
* @param perm_anon int
* @param sp_php int Flag to indicate PHP usage
* @param sp_nf string Flag to indicate type of not found message
* @param sp_old_id string original ID of this static page
* @param sp_centerblock string Flag to indicate display as a center block
* @param sp_help string Help URL that displays in the block
* @param sp_tid string topid id (for center block)
* @param sp_where int position of center block
* @param sp_inblock string Flag: wrap page in a block (or not)
*
*/
function PAGE_submit($sp_id, $sp_status, $sp_uid, $sp_title, $sp_content, $sp_hits, $sp_format, $sp_onmenu, $sp_label, $commentcode, $owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon, $sp_php, $sp_nf, $sp_old_id, $sp_centerblock, $sp_help, $sp_tid, $sp_where, $sp_inblock, $postmode, $sp_search)
{
global $_CONF, $_TABLES, $LANG12, $LANG_STATIC, $_SP_CONF;
$retval = '';
$args = array('sp_id' => $sp_id, 'sp_status' => $sp_status, 'sp_uid' => $sp_uid, 'sp_title' => $sp_title, 'sp_content' => $sp_content, 'sp_hits' => $sp_hits, 'sp_format' => $sp_format, 'sp_onmenu' => $sp_onmenu, 'sp_label' => $sp_label, 'commentcode' => $commentcode, 'owner_id' => $owner_id, 'group_id' => $group_id, 'perm_owner' => $perm_owner, 'perm_group' => $perm_group, 'perm_members' => $perm_members, 'perm_anon' => $perm_anon, 'sp_php' => $sp_php, 'sp_nf' => $sp_nf, 'sp_old_id' => $sp_old_id, 'sp_centerblock' => $sp_centerblock, 'sp_help' => $sp_help, 'sp_tid' => $sp_tid, 'sp_where' => $sp_where, 'sp_inblock' => $sp_inblock, 'postmode' => $postmode, 'sp_search' => $sp_search);
PLG_invokeService('staticpages', 'submit', $args, $retval, $svc_msg);
CACHE_remove_instance('stmenu');
return $retval;
}
/**
* Delete a link
*
* @param string $lid id of link to delete
* @param string $type 'submission' when attempting to delete a submission
* @return string HTML redirect
*
*/
function LINK_delete($lid, $type = '')
{
global $_CONF, $_TABLES, $_USER;
if (empty($type)) {
// delete regular link
$result = DB_query("SELECT owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon FROM {$_TABLES['links']} WHERE lid ='{$lid}'");
$A = DB_fetchArray($result);
$access = SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']);
if ($access < 3) {
COM_accessLog("User {$_USER['username']} tried to illegally delete link {$lid}.");
return COM_refresh($_CONF['site_admin_url'] . '/plugins/links/index.php');
}
DB_delete($_TABLES['links'], 'lid', $lid);
PLG_itemDeleted($lid, 'links');
CACHE_remove_instance('whatsnew');
return COM_refresh($_CONF['site_admin_url'] . '/plugins/links/index.php?msg=3');
} elseif ($type == 'submission') {
if (plugin_ismoderator_links()) {
DB_delete($_TABLES['linksubmission'], 'lid', $lid);
return COM_refresh($_CONF['site_admin_url'] . '/moderation.php');
} else {
COM_accessLog("User {$_USER['username']} tried to illegally delete link submission {$lid}.");
}
} else {
COM_errorLog("User {$_USER['username']} tried to illegally delete link {$lid} of type {$type}.");
}
return COM_refresh($_CONF['site_admin_url'] . '/plugins/links/index.php');
}
switch ($action) {
case 'media':
require_once $_CONF['path'] . 'plugins/mediagallery/include/batch.php';
$retval .= MG_batchDeleteMedia($album_id, $_MG_CONF['site_url'] . '/album.php?aid=' . $album_id);
CACHE_remove_instance('whatsnew');
break;
case 'album':
require_once $_CONF['path'] . 'plugins/mediagallery/include/batch.php';
$retval .= MG_deleteAlbumConfirm($album_id, $_MG_CONF['site_url'] . '/admin.php');
break;
case 'confalbum':
if (isset($_POST['target'])) {
require_once $_CONF['path'] . 'plugins/mediagallery/include/batch.php';
$target_id = COM_applyFilter($_POST['target'], true);
$retval .= MG_deleteAlbum($album_id, $target_id, $_MG_CONF['site_url'] . '/index.php');
CACHE_remove_instance('whatsnew');
} else {
$retval .= MG_errorHandler($LANG_MG02['no_target_album']);
}
break;
case 'watermark':
require_once $_CONF['path'] . 'plugins/mediagallery/include/lib-upload.php';
require_once $_CONF['path'] . 'plugins/mediagallery/include/lib-watermark.php';
$retval .= MG_watermarkDelete();
break;
}
} else {
$retval .= MG_invalidRequest();
}
$display = MG_siteHeader();
$display .= $retval;
/**
* Delete an existing static page
*
* @param array args Contains all the data provided by the client
* @param string &output OUTPUT parameter containing the returned text
* @param string &svc_msg OUTPUT parameter containing any service messages
* @return int Response code as defined in lib-plugins.php
*/
function service_delete_staticpages($args, &$output, &$svc_msg)
{
global $_CONF, $_TABLES, $_USER, $LANG_ACCESS, $LANG12, $LANG_STATIC;
$output = COM_refresh($_CONF['site_admin_url'] . '/plugins/staticpages/index.php?msg=20');
if (empty($args['sp_id']) && !empty($args['id'])) {
$args['sp_id'] = $args['id'];
}
// Apply filters to the parameters passed by the webservice
if ($args['gl_svc']) {
$args['sp_id'] = COM_applyBasicFilter($args['sp_id']);
$args['mode'] = COM_applyBasicFilter($args['mode']);
}
$sp_id = $args['sp_id'];
if (!SEC_hasRights('staticpages.delete')) {
$output .= COM_showMessageText($LANG_STATIC['access_denied_msg'], $LANG_STATIC['access_denied']);
$output = COM_createHTMLDocument($output, array('pagetitle' => $LANG_STATIC['access_denied']));
if ($_USER['uid'] > 1) {
return PLG_RET_PERMISSION_DENIED;
} else {
return PLG_RET_AUTH_FAILED;
}
}
// If a staticpage template, remove any use of the file
if (DB_getItem($_TABLES['staticpage'], 'template_flag', "sp_id = '{$sp_id}'") == 1) {
$sql = "UPDATE {$_TABLES['staticpage']} SET template_id = '' WHERE template_id = '{$sp_id}'";
$result = DB_query($sql);
}
DB_delete($_TABLES['staticpage'], 'sp_id', $sp_id);
DB_delete($_TABLES['comments'], array('sid', 'type'), array($sp_id, 'staticpages'));
TOPIC_deleteTopicAssignments('staticpages', $sp_id);
PLG_itemDeleted($sp_id, 'staticpages');
// Clear Cache
$cacheInstance = 'staticpage__' . $sp_id . '__';
CACHE_remove_instance($cacheInstance);
return PLG_RET_OK;
}
function SFS_delUsers()
{
global $_USER, $_CONF, $_TABLES, $LANG_SFS, $LANG28;
$msg = '';
if (isset($_POST['actionitem']) and is_array($_POST['actionitem'])) {
foreach ($_POST['actionitem'] as $actionitem) {
$uid = COM_applyFilter($actionitem);
if ($uid != 2 && $uid != $_USER['uid']) {
if (defined('DVLP_VERSION')) {
print "We would delete userid " . $uid . " here<br />";
} else {
if (!USER_deleteAccount($uid)) {
$msg .= "<strong>{$LANG28[2]} {$delitem} {$LANG28[70]}</strong><br/>\n";
}
}
}
}
}
CACHE_remove_instance('mbmenu');
return $LANG_SFS['confirmation_del'] . '<br />' . $msg;
}
function fncchangeDraft($id)
{
$pi_name = "userbox";
global $_TABLES;
global $_USER;
$id = COM_applyFilter($id, true);
$uuid = $_USER['uid'];
$sql = "UPDATE {$_TABLES['USERBOX_base']} set ";
if (DB_getItem($_TABLES['USERBOX_base'], "draft_flag", "id={$id}")) {
$sql .= " draft_flag = '0'";
} else {
$sql .= " draft_flag = '1'";
}
$sql .= ",uuid='{$uuid}' WHERE id={$id}";
DB_query($sql);
$cacheInstance = 'userbox__' . $id . '__';
CACHE_remove_instance($cacheInstance);
return;
}
/**
* Re-order all topics in steps of 10
*
* @return void
*/
function reorderTopics()
{
global $_TABLES, $_TOPICS;
$order = 0;
$A = getTopicChildTreeArray();
foreach ($A as $B) {
$order += 10;
if ($B['sortnum'] != $order) {
DB_query("UPDATE {$_TABLES['topics']} SET sortnum = '{$order}' WHERE tid = '{$B['tid']}'");
}
}
// Delete topic cache info since topics have changed
$cacheInstance = 'topicsblock__';
CACHE_remove_instance($cacheInstance);
$cacheInstance = 'topic_tree__';
CACHE_remove_instance($cacheInstance);
// Update Topics Array to reflect any changes since not sure what is called after
$_TOPICS = TOPIC_buildTree(TOPIC_ROOT, true);
}
/**
* article: delete a comment
*
* @param int $cid Comment to be deleted
* @param string $id Item id to which $cid belongs
* @return mixed false for failure, HTML string (redirect?) for success
*/
function plugin_deletecomment_article($cid, $id)
{
global $_CONF, $_TABLES, $_USER;
$retval = '';
$has_editPermissions = SEC_hasRights('story.edit');
$result = DB_query("SELECT owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon " . "FROM {$_TABLES['stories']} WHERE sid = '" . DB_escapeString($id) . "'");
$A = DB_fetchArray($result);
if ($has_editPermissions && SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']) == 3) {
CMT_deleteComment($cid, $id, 'article');
$comments = DB_count($_TABLES['comments'], 'sid', DB_escapeString($id));
DB_change($_TABLES['stories'], 'comments', $comments, 'sid', DB_escapeString($id));
CACHE_remove_instance('whatsnew');
$retval .= COM_refresh(COM_buildUrl($_CONF['site_url'] . "/article.php?story={$id}") . '#comments');
} else {
COM_errorLog("User {$_USER['username']} " . "did not have permissions to delete comment {$cid} from {$id}");
$retval .= COM_refresh($_CONF['site_url'] . '/index.php');
}
return $retval;
}
