/** * Execute the SQL statement to perform a version upgrade. * An empty SQL parameter will return success. * * @param string $version Version being upgraded to * @param array $sql SQL statement to execute * @return integer Zero on success, One on failure. */ function EXP_upgrade_sql($version = 'Undefined', $sql = '') { global $_TABLES, $_CONF_EXP; // We control this, so it shouldn't happen, but just to be safe... if ($version == 'Undefined') { COM_errorLog("Error updating {$_CONF_EXP['pi_name']} - Undefined Version"); return 1; } // If no sql statements passed in, return success if (!is_array($sql)) { return 0; } // Execute SQL now to perform the upgrade COM_errorLOG("--Updating External Pages to version {$version}"); for ($i = 1; $i <= count($sql); $i++) { COM_errorLOG("External Pages Plugin {$version} update: Executing SQL => " . current($sql)); DB_query(current($sql), '1'); if (DB_error()) { COM_errorLog("SQL Error during External Pages plugin update", 1); return 1; break; } next($sql); } return 0; }
function plugin_upgrade_quiz() { global $_TABLES, $_CONF; require_once $_CONF['path'] . 'plugins/quiz/sql/updates/mysql_0.5_to_0.7.php'; COM_errorLOG("Begin processing {$_CONF['path']}plugins/quiz/sql/updates/mysql_0.5_0.7.php\nRecord Count is:" . count($_SQL)); for ($i = 1; $i <= count($_SQL); $i++) { $progress .= "executing " . current($_SQL) . "<br>\n"; COM_errorLOG("executing " . current($_SQL)); DB_query(current($_SQL)); next($_SQL); } return true; }
/** * Actually perform any sql updates. * * @param string $version Version being upgraded TO * @param array $sql Array of SQL statement(s) to execute */ function LGLIB_do_upgrade_sql($version) { global $_TABLES, $_LGLIB_CONF, $_UPGRADE_SQL; // If no sql statements passed in, return success if (!isset($_UPGRADE_SQL[$version]) || !is_array($_UPGRADE_SQL[$version])) { return 0; } // Execute SQL now to perform the upgrade COM_errorLOG("--Updating lgLib to version {$version}"); foreach ($_UPGRADE_SQL[$version] as $q) { COM_errorLOG("lgLib Plugin {$version} update: Executing SQL => {$q}"); DB_query($q, '1'); if (DB_error()) { COM_errorLog("SQL Error during lgLib plugin update: {$q}", 1); return 1; break; } } return 0; }
$categorySelectHTML .= "{$title} *"; } else { $categorySelectHTML .= "{$title}"; } $categorySelectHTML .= "</option>\n"; $arr = $mytree->getChildTreeArray($cid); foreach ($arr as $option) { $option['prefix'] = str_replace(".", "--", $option['prefix']); $catpath = $option['prefix'] . " " . $myts->makeTboxData4Show($option[2]); $categorySelectHTML .= '<option value="' . $option[$mytree->id] . '">'; if (!SEC_inGroup($option[5])) { $categorySelectHTML .= "{$catpath} *"; } else { $categorySelectHTML .= "{$catpath}"; } $categorySelectHTML .= "</option>\n"; } } $T->set_var(array('lang_submitnotice' => _MD_SUBMITONCE, 'lang_allpending' => _MD_ALLPENDING, 'lang_dontabuse' => _MD_DONTABUSE, 'lang_takedays' => _MD_TAKEDAYS, 'lang_required' => _MD_REQUIRED, 'lang_filetitle' => _MD_FILETITLE, 'lang_filename' => _MD_DLFILENAME, 'lang_category' => _MD_CATEGORY, 'lang_approve' => _MD_APPROVEREQ, 'lang_homepage' => _MD_HOMEPAGEC, 'lang_version' => _MD_VERSIONC, 'lang_desc' => _MD_DESCRIPTIONC, 'lang_screenshot' => _MD_SHOTIMAGE, 'lang_commentoption' => _MD_COMMENTOPTION, 'lang_no' => _MD_NO, 'lang_yes' => _MD_YES, 'lang_submit' => _MD_SUBMIT, 'lang_cancel' => _MD_CANCEL, 'token_name' => CSRF_TOKEN, 'security_token' => SEC_createToken(), 'cat_select_options' => $categorySelectHTML, 'uid' => $uid)); $display .= FM_siteHeader(); $display .= COM_startBlock("<b>" . _MD_UPLOADTITLE . "</b>"); $T->parse('output', 'page'); $display .= $T->finish($T->get_var('output')); $display .= COM_endBlock(); $display .= FM_siteFooter(); echo $display; } } else { COM_errorLOG("Submit.php => FileMgmt Plugin Access denied. Attempted user upload of a file, Remote address is:{$_SERVER['REMOTE_ADDR']}"); redirect_header($_CONF['site_url'] . "/index.php", 1, _GL_ERRORNOUPLOAD); }
// | This program is distributed in the hope that it will be useful, | // | but WITHOUT ANY WARRANTY; without even the implied warranty of | // | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | // | GNU General Public License for more details. | // | | // | You should have received a copy of the GNU General Public License | // | along with this program; if not, write to the Free Software Foundation, | // | Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. | // | | // +--------------------------------------------------------------------------+ require_once '../lib-common.php'; include_once $_CONF['path'] . 'plugins/filemgmt/include/header.php'; include_once $_CONF['path'] . 'plugins/filemgmt/include/functions.php'; // Comment out the following security check if you want general filemgmt users access to this report if (!SEC_hasRights("filemgmt.edit")) { COM_errorLOG("Downloadhistory.php => Filemgmt Plugin Access denied. Attempted access for file ID:{$lid}, Remote address is:{$_SERVER['REMOTE_ADDR']}"); redirect_header($_CONF['site_url'] . "/index.php", 1, _GL_ERRORNOADMIN); exit; } $lid = COM_applyFilter($_GET['lid'], true); $result = DB_query("SELECT title FROM {$_TABLES['filemgmt_filedetail']} WHERE lid='" . DB_escapeString($lid) . "'"); list($dtitle) = DB_fetchARRAY($result); $result = DB_query("SELECT date,uid,remote_ip FROM {$_TABLES['filemgmt_history']} WHERE lid='" . DB_escapeString($lid) . "'"); $display = COM_siteHeader('none'); $display .= "<table width='100%' border='0' cellspacing='1' cellpadding='4' class='plugin'><tr>"; $display .= "<td colspan='3'><center><H2>" . $LANG_FILEMGMT['DownloadReport'] . "</H2></center></td></tr><tr>"; $display .= "<td colspan='3'><H4>File: " . $dtitle . "</H4></td></tr><tr>"; $display .= "<td bgcolor='#000000' width='20%'><b><center><font color='#ffffff' size='3'>Date</font></center></b></td>"; $display .= "<td bgcolor='#000000' width='20%'><b><center><font color='#ffffff' size='3'>User</font></center></b></td>"; $display .= "<td bgcolor='#000000' width='20%'><b><center><font color='#ffffff' size='3'>Remote IP</font></center></b></td>"; $display .= "</tr>";
$asql .= ')'; } else { $asql .= ' OR statuscode = ' . STORY_ARCHIVE_ON_EXPIRE . ") AND tid != '" . DB_escapeString($archivetid) . "'"; } $expiresql = DB_query($asql); while (list($sid, $expiretopic, $title, $expire, $statuscode) = DB_fetchArray($expiresql)) { if ($statuscode == STORY_ARCHIVE_ON_EXPIRE) { if (!empty($archivetid)) { COM_errorLOG("Archive Story: {$sid}, Topic: {$archivetid}, Title: {$title}, Expired: {$expire}"); DB_query("UPDATE {$_TABLES['stories']} SET tid = '" . DB_escapeString($archivetid) . "', frontpage = '0', featured = '0' WHERE sid='" . DB_escapeString($sid) . "'"); CACHE_remove_instance('story_' . $sid); CACHE_remove_instance('whatsnew'); } } else { if ($statuscode == STORY_DELETE_ON_EXPIRE) { COM_errorLOG("Delete Story and comments: {$sid}, Topic: {$expiretopic}, Title: {$title}, Expired: {$expire}"); STORY_deleteImages($sid); DB_query("DELETE FROM {$_TABLES['comments']} WHERE sid='" . DB_escapeString($sid) . "' AND type = 'article'"); DB_query("DELETE FROM {$_TABLES['stories']} WHERE sid='" . DB_escapeString($sid) . "'"); CACHE_remove_instance('story_' . $sid); CACHE_remove_instance('whatsnew'); } } } } $sql = " (date <= NOW()) AND (draft_flag = 0)"; if (empty($topic)) { $sql .= COM_getLangSQL('tid', 'AND', 's'); } // if a topic was provided only select those stories. if (!empty($topic)) {
/** * Actually perform any sql updates. * Gets the sql statements from the $UPGRADE array defined (maybe) * in the SQL installation file. * * @since version 0.4.0 * @param string $version Version being upgraded TO * @param boolean $ignore_error True to ignore SQL errors. * @param array $sql Array of SQL statement(s) to execute */ function PAYPAL_do_upgrade_sql($version, $ignore_error = false) { global $_TABLES, $_PP_CONF, $PP_UPGRADE; // If no sql statements passed in, return success if (!is_array($PP_UPGRADE[$version])) { return true; } // Execute SQL now to perform the upgrade COM_errorLog("--- Updating Paypal to version {$version}", 1); foreach ($PP_UPGRADE[$version] as $sql) { COM_errorLOG("Paypal Plugin {$version} update: Executing SQL => {$sql}"); DB_query($sql, '1'); if (DB_error()) { COM_errorLog("SQL Error during Paypal Plugin update", 1); if (!$ignore_error) { return false; } } } COM_errorLog("--- Paypal plugin SQL update to version {$version} done", 1); return true; }
function MG_upgrade_170() { global $_TABLES, $_CONF, $_DB_table_prefix; require_once $_CONF['path'] . 'plugins/mediagallery/install_defaults.php'; mediagallery_update_ConfValues_1_7_0(); $_SQL = array(); $name_src = $_DB_table_prefix . 'mg_postcard'; $_SQL[] = "DROP TABLE `{$name_src}`"; $name_src = $_DB_table_prefix . 'mg_config'; $_SQL[] = "DROP TABLE `{$name_src}`"; $name_src = $_DB_table_prefix . 'mg_albums'; $_SQL[] = "ALTER TABLE `{$name_src}` DROP `enable_shutterfly`"; $name_src = $_DB_table_prefix . 'mg_media_queue'; $name_dest = $_DB_table_prefix . 'mg_mediaqueue'; $_SQL[] = "ALTER TABLE `{$name_src}` RENAME TO `{$name_dest}`"; $name_src = $_DB_table_prefix . 'mg_batch_sessions'; $name_dest = $_DB_table_prefix . 'mg_sessions'; $_SQL[] = "ALTER TABLE `{$name_src}` RENAME TO `{$name_dest}`"; $name_src = $_DB_table_prefix . 'mg_batch_session_log'; $name_dest = $_DB_table_prefix . 'mg_session_log'; $_SQL[] = "ALTER TABLE `{$name_src}` RENAME TO `{$name_dest}`"; $name_src = $_DB_table_prefix . 'mg_batch_session_items'; $name_dest = $_DB_table_prefix . 'mg_session_items'; $_SQL[] = "ALTER TABLE `{$name_src}` RENAME TO `{$name_dest}`"; $name_src = $_DB_table_prefix . 'mg_batch_session_items2'; $_SQL[] = "DROP TABLE `{$name_src}`"; $skins = array('border', 'default', 'mgAlbum', 'mgShadow', 'new_border', 'new_shadow', 'none'); $sql = "SELECT * FROM {$_TABLES['mg_albums']}"; $result = DB_query($sql); while ($A = DB_fetchArray($result)) { $_SQL[] = "UPDATE {$_TABLES['mg_albums']} " . "SET skin='default' " . "WHERE album_id=" . $A['album_id']; if (!in_array($A['image_skin'], $skins)) { $_SQL[] = "UPDATE {$_TABLES['mg_albums']} " . "SET image_skin='default' " . "WHERE album_id=" . $A['album_id']; } if (!in_array($A['display_skin'], $skins)) { $_SQL[] = "UPDATE {$_TABLES['mg_albums']} " . "SET display_skin='default' " . "WHERE album_id=" . $A['album_id']; } if (!in_array($A['album_skin'], $skins)) { $_SQL[] = "UPDATE {$_TABLES['mg_albums']} " . "SET album_skin='default' " . "WHERE album_id=" . $A['album_id']; } } /* Execute SQL now to perform the upgrade */ for ($i = 1; $i <= count($_SQL); $i++) { COM_errorLOG("Media Gallery plugin 1.7.0 update: Executing SQL => " . current($_SQL)); DB_query(current($_SQL), 1); if (DB_error()) { COM_errorLog("SQL Error during Media Gallery plugin update", 1); return 1; } next($_SQL); } return 0; }
/** * Actually perform any sql updates. * Gets the sql statements from the $UPGRADE array defined (maybe) * in the SQL installation file. * * @since version 1.3.4 * @param string $version Version being upgraded TO */ function EVLIST_do_upgrade_sql($version = '') { global $_TABLES, $_EV_CONF, $_EV_UPGRADE; $error = 0; // If no sql statements passed in, return success if (!is_array($_EV_UPGRADE[$version])) { return $error; } // Execute SQL now to perform the upgrade COM_errorLOG("--Updating EvList to version {$version}"); foreach ($_EV_UPGRADE[$version] as $sql) { COM_errorLOG("EvList Plugin {$version} update: Executing SQL => {$sql}"); DB_query($sql, '1'); if (DB_error()) { COM_errorLog("SQL Error during EvList Plugin update", 1); $error = 1; break; } } return $error; }
function glfusion_117() { global $_TABLES, $_FM_TABLES, $_CONF; $_SQL = array(); // new tables for ratings $_SQL[] = "CREATE TABLE IF NOT EXISTS {$_TABLES['rating']} (\n `id` int(11) unsigned NOT NULL AUTO_INCREMENT,\n `type` varchar(254) NOT NULL DEFAULT '',\n `item_id` varchar(40) NOT NULL,\n `votes` int(11) NOT NULL,\n `rating` decimal(4,2) NOT NULL,\n KEY `id` (`id`)\n ) ENGINE=MyISAM;"; $_SQL[] = "CREATE TABLE IF NOT EXISTS {$_TABLES['rating_votes']} (\n `id` int(11) unsigned NOT NULL AUTO_INCREMENT,\n `type` varchar(254) NOT NULL DEFAULT '',\n `item_id` varchar(40) NOT NULL,\n `uid` mediumint(8) NOT NULL,\n `ip_address` varchar(14) NOT NULL,\n `ratingdate` int(11) NOT NULL,\n PRIMARY KEY (`id`),\n KEY `uid` (`uid`),\n KEY `ip_address` (`ip_address`),\n KEY `type` (`type`)\n ) ENGINE=MyISAM;"; /* Execute SQL now to perform the upgrade */ for ($i = 1; $i <= count($_SQL); $i++) { COM_errorLOG("glFusion 1.1.7 Development update: Executing SQL => " . current($_SQL)); DB_query(current($_SQL), 1); next($_SQL); } DB_query("ALTER TABLE {$_TABLES['rating_votes']} ADD rating INT NOT NULL DEFAULT '0' AFTER item_id ", 1); // new config options require_once $_CONF['path_system'] . 'classes/config.class.php'; $c = config::get_instance(); $c->add('rating_enabled', 1, 'select', 1, 7, 24, 1237, TRUE); // - new CAPTCHA settings $c->add('publickey', '', 'text', 0, 0, 0, 42, true, 'captcha'); $c->add('privatekey', '', 'text', 0, 0, 0, 44, true, 'captcha'); $c->add('recaptcha_theme', 'white', 'select', 0, 0, 6, 46, true, 'captcha'); DB_query("UPDATE {$_TABLES['plugins']} SET pi_version='3.2.4' WHERE pi_name='captcha'"); // -- *** NEED TO ADD RATING SPEED LIMIT *** // - option to turn on rating in filemgmt // new fields in story table to hold rating / votes $_SQL = array(); $_SQL[] = "ALTER TABLE {$_TABLES['stories']} ADD `rating` float NOT NULL DEFAULT '0' AFTER hits"; $_SQL[] = "ALTER TABLE {$_TABLES['stories']} ADD `votes` int(11) NOT NULL DEFAULT '0' AFTER rating"; /* Execute SQL now to perform the upgrade */ for ($i = 1; $i <= count($_SQL); $i++) { COM_errorLOG("glFusion 1.1.7 Development update: Executing SQL => " . current($_SQL)); DB_query(current($_SQL), 1); next($_SQL); } // convert the existing filemgmt ratings to new rating system... $fm_version = DB_getItem($_TABLES['plugins'], 'pi_version', 'pi_name="filemgmt"'); if ($fm_version != '1.7.5') { DB_query("UPDATE {$_FM_TABLES['filemgmt_filedetail']} set rating = rating / 2", 1); $result = DB_query("SELECT * FROM {$_FM_TABLES['filemgmt_filedetail']} WHERE votes > 0"); while ($F = DB_fetchArray($result)) { $item_id = $F['lid']; $votes = $F['votes']; $rating = $F['rating']; DB_query("INSERT INTO {$_TABLES['rating']} (type,item_id,votes,rating) VALUES ('filemgmt','" . $item_id . "',{$votes},{$rating});", 1); } $result = DB_query("SELECT * FROM {$_FM_TABLES['filemgmt_votedata']}"); while ($H = DB_fetchArray($result)) { $item_id = $H['lid']; $user_id = $H['ratinguser']; $ip = $H['ratinghostname']; $time = $H['ratingtimestamp']; $rating = $H['rating'] / 2; DB_query("INSERT INTO {$_TABLES['rating_votes']} (type,item_id,rating,uid,ip_address,ratingdate) VALUES ('filemgmt','" . $item_id . "',{$rating},{$user_id},'" . $ip . "',{$time});"); } DB_query("UPDATE {$_TABLES['plugins']} SET pi_version='1.7.5' WHERE pi_name='filemgmt'"); } // convert the existing Media Gallery ratings to new rating system... $mg_version = DB_getItem($_TABLES['plugins'], 'pi_version', 'pi_name="mediagallery"'); if ($fm_version != '1.6.8') { DB_query("UPDATE {$_TABLES['mg_media']} set media_rating = media_rating / 2", 1); $result = DB_query("SELECT * FROM {$_TABLES['mg_media']} WHERE media_votes > 0"); while ($F = DB_fetchArray($result)) { $item_id = $F['media_id']; $votes = $F['media_votes']; $rating = $F['media_rating']; DB_query("INSERT INTO {$_TABLES['rating']} (type,item_id,votes,rating) VALUES ('mediagallery','" . $item_id . "',{$votes},{$rating});", 1); } $result = DB_query("SELECT * FROM {$_TABLES['mg_rating']}"); while ($H = DB_fetchArray($result)) { $item_id = $H['media_id']; $user_id = $H['uid']; $ip = $H['ip_address']; $time = $H['ratingdate']; DB_query("INSERT INTO {$_TABLES['rating_votes']} (type,item_id,uid,ip_address,ratingdate) VALUES ('mediagallery','" . $item_id . "',{$user_id},'" . $ip . "',{$time});"); } DB_query("UPDATE {$_TABLES['plugins']} SET pi_version='1.6.8' WHERE pi_name='mediagallery'"); } DB_query("INSERT INTO {$_TABLES['vars']} SET value='1.1.7',name='glfusion'", 1); DB_query("UPDATE {$_TABLES['vars']} SET value='1.1.7' WHERE name='glfusion'", 1); }
/** * Puts the datastructures for this plugin into the Geeklog database * * Note: Corresponding uninstall routine is in functions.inc * * @return boolean True if successful False otherwise * */ function plugin_install_now() { global $pi_name, $pi_version, $gl_version, $pi_url, $NEWTABLE, $DEFVALUES, $NEWFEATURE; global $_TABLES, $_CONF, $_ENV; COM_errorLog("Attempting to install the {$pi_name} Plugin", 1); $uninstall_plugin = 'plugin_uninstall_' . $pi_name; // Create the Plugins Tables require_once $_CONF['path'] . 'plugins/messenger/sql/messenger_install_1.0.php'; for ($i = 1; $i <= count($_SQL); $i++) { $progress .= "executing " . current($_SQL) . "<br>\n"; COM_errorLOG("executing " . current($_SQL)); DB_query(current($_SQL)); if (DB_error()) { COM_errorLog("Error Creating {$table} table", 1); $uninstall_plugin('DeletePlugin'); return false; exit; } next($_SQL); } COM_errorLog("Success - Created {$table} table", 1); // Insert Default Data foreach ($DEFVALUES as $table => $sql) { COM_errorLog("Inserting default data into {$table} table", 1); DB_query($sql, 1); if (DB_error()) { COM_errorLog("Error inserting default data into {$table} table", 1); $uninstall_plugin(); return false; exit; } COM_errorLog("Success - inserting data into {$table} table", 1); } // Create the plugin admin security group COM_errorLog("Attempting to create {$pi_name} admin group", 1); DB_query("INSERT INTO {$_TABLES['groups']} (grp_name, grp_descr) " . "VALUES ('{$pi_name} Admin', 'Users in this group can administer the {$pi_name} plugin')", 1); if (DB_error()) { plugin_install_now(); return false; exit; } COM_errorLog('...success', 1); $group_id = DB_insertId(); // Save the grp id for later uninstall COM_errorLog('About to save group_id to vars table for use during uninstall', 1); DB_query("INSERT INTO {$_TABLES['vars']} VALUES ('{$pi_name}_admin', {$group_id})", 1); if (DB_error()) { $uninstall_plugin(); return false; exit; } COM_errorLog('...success', 1); // Add plugin Features foreach ($NEWFEATURE as $feature => $desc) { COM_errorLog("Adding {$feature} feature", 1); DB_query("INSERT INTO {$_TABLES['features']} (ft_name, ft_descr) " . "VALUES ('{$feature}','{$desc}')", 1); if (DB_error()) { COM_errorLog("Failure adding {$feature} feature", 1); $uninstall_plugin(); return false; exit; } $feat_id = DB_insertId(); COM_errorLog("Success", 1); COM_errorLog("Adding {$feature} feature to admin group", 1); DB_query("INSERT INTO {$_TABLES['access']} (acc_ft_id, acc_grp_id) VALUES ({$feat_id}, {$group_id})"); if (DB_error()) { COM_errorLog("Failure adding {$feature} feature to admin group", 1); $uninstall_plugin(); return false; exit; } COM_errorLog("Success", 1); } // OK, now give Root users access to this plugin now! NOTE: Root group should always be 1 COM_errorLog("Attempting to give all users in Root group access to {$pi_name} admin group", 1); DB_query("INSERT INTO {$_TABLES['group_assignments']} VALUES ({$group_id}, NULL, 1)"); if (DB_error()) { $uninstall_plugin(); return false; exit; } // Register the plugin with Geeklog COM_errorLog("Registering {$pi_name} plugin with Geeklog", 1); DB_delete($_TABLES['plugins'], 'pi_name', 'messenger'); DB_query("INSERT INTO {$_TABLES['plugins']} (pi_name, pi_version, pi_gl_version, pi_homepage, pi_enabled) " . "VALUES ('{$pi_name}', '{$pi_version}', '{$gl_version}', '{$pi_url}', 1)"); if (DB_error()) { $uninstall_plugin(); return false; exit; } DB_query("INSERT INTO {$_TABLES['vars']} VALUES ('{$pi_name}_status', 1)", 1); /* DO NOT REMOVE OR CHANGE THE FOLLOWING CODE UNDER ANY CONDITION */ /* This Plugin requires a license to be installed and information collected is ONLY used to track that license */ /* Blaine Lang: glmessenger author */ $message = 'Completed plugin install: ' . date('m d Y', time()) . " AT " . date('H:i', time()) . "\n"; $message .= 'Site: ' . $_CONF['site_url'] . ' and Sitename: ' . $_CONF['site_name'] . "\n"; $message .= 'Admin: ' . $_CONF['site_mail'] . "\n"; $message .= 'Hostname: ' . $_ENV['HOSTNAME'] . ' and RemoteAddress: ' . $_ENV['REMOTE_ADDR']; @mail('*****@*****.**', 'glMessenger Install successfull', $message); COM_errorLog("Succesfully installed the {$pi_name} Plugin!", 1); return true; }
function MG_upgrade_160() { global $_TABLES, $_CONF, $_MG_CONF; $_SQL = array(); if ($_DB_dbms == 'mssql') { $_SQL[] = "ALTER TABLE {$_TABLES['mg_albums']} ADD `tnheight` SMALLINT NOT NULL DEFAULT '0'"; $_SQL[] = "ALTER TABLE {$_TABLES['mg_albums']} ADD `tnwidth` SMALLINT NOT NULL DEFAULT '0'"; $_SQL[] = "ALTER TABLE {$_TABLES['mg_albums']} ADD `usealternate` SMALLINT NOT NULL DEFAULT '0'"; $_SQL[] = "ALTER TABLE {$_TABLES['mg_albums']} ADD `skin` VARCHAR( 255 ) NOT NULL DEFAULT 'default'"; $_SQL[] = "ALTER TABLE {$_TABLES['mg_albums']} ADD `rsschildren` SMALLINT NOT NULL DEFAULT '0'"; $_SQL[] = "ALTER TABLE {$_TABLES['mg_albums']} ADD `mp3ribbon` SMALLINT NOT NULL DEFAULT '0'"; $_SQL[] = "ALTER TABLE {$_TABLES['mg_media']} ADD `artist` VARCHAR(255) NULL"; $_SQL[] = "ALTER TABLE {$_TABLES['mg_media']} ADD `album` VARCHAR(255) NULL"; $_SQL[] = "ALTER TABLE {$_TABLES['mg_media']} ADD `genre` VARCHAR(255) NULL"; $_SQL[] = "ALTER TABLE {$_TABLES['mg_mediaqueue']} ADD `artist` VARCHAR(255) NULL"; $_SQL[] = "ALTER TABLE {$_TABLES['mg_mediaqueue']} ADD `album` VARCHAR(255) NULL"; $_SQL[] = "ALTER TABLE {$_TABLES['mg_mediaqueue']} ADD `genre` VARCHAR(255) NULL"; $_SQL[] = "ALTER TABLE {$_TABLES['mg_sort']} ADD `referer` VARCHAR(255) NOT NULL DEFAULT ''"; $_SQL[] = "ALTER TABLE {$_TABLES['mg_sort']} ADD `keywords` VARCHAR(255) NOT NULL DEFAULT ''"; $_SQL[] = "CREATE TABLE [dbo].[{$_TABLES['mg_rating']}] (\n [id] [int] PRIMARY KEY CLUSTERED,\n [ip_address] [varchar] (14) NOT NULL DEFAULT ('0'),\n [uid] [int] NOT NULL DEFAULT ('0'),\n [media_id] [varchar] (40) NOT NULL DEFAULT ('0'),\n [ratingdate] [int] NOT NULL DEFAULT ('0'),\n [owner_id] [int] NOT NULL default ('2')\n ) ON [PRIMARY]\n "; $_SQL[] = "CREATE NONCLUSTERED INDEX [IX_mg_rating_owner_id] ON [dbo].[{$_TABLES['mg_rating']}]\n (\n \t[owner_id] ASC\n ) ON [PRIMARY]\n "; $_SQL[] = "INSERT INTO {$_TABLES['mg_config']} VALUES ('random_skin','mgShadow')"; $_SQL[] = "INSERT INTO {$_TABLES['mg_config']} VALUES ('at_border','1')"; $_SQL[] = "INSERT INTO {$_TABLES['mg_config']} VALUES ('at_align','auto')"; $_SQL[] = "INSERT INTO {$_TABLES['mg_config']} VALUES ('at_width','0')"; $_SQL[] = "INSERT INTO {$_TABLES['mg_config']} VALUES ('at_height','0')"; $_SQL[] = "INSERT INTO {$_TABLES['mg_config']} VALUES ('at_src','tn')"; $_SQL[] = "INSERT INTO {$_TABLES['mg_config']} VALUES ('at_autoplay','0')"; $_SQL[] = "INSERT INTO {$_TABLES['mg_config']} VALUES ('at_enable_link','1')"; $_SQL[] = "INSERT INTO {$_TABLES['mg_config']} VALUES ('at_delay','5')"; $_SQL[] = "INSERT INTO {$_TABLES['mg_config']} VALUES ('at_showtitle','0')"; $_SQL[] = "INSERT INTO {$_TABLES['mg_config']} VALUES ('use_flowplayer','0')"; $_SQL[] = "INSERT INTO {$_TABLES['mg_config']} VALUES ('search_columns','3')"; $_SQL[] = "INSERT INTO {$_TABLES['mg_config']} VALUES ('search_rows','4')"; $_SQL[] = "INSERT INTO {$_TABLES['mg_config']} VALUES ('search_playback_type','0')"; $_SQL[] = "INSERT INTO {$_TABLES['mg_config']} VALUES ('search_enable_views','1')"; $_SQL[] = "INSERT INTO {$_TABLES['mg_config']} VALUES ('search_enable_rating','1')"; $_SQL[] = "INSERT INTO {$_TABLES['mg_config']} VALUES ('gallery_only','0')"; $_SQL[] = "INSERT INTO {$_TABLES['mg_config']} VALUES ('ad_tn_height','200')"; $_SQL[] = "INSERT INTO {$_TABLES['mg_config']} VALUES ('ad_tn_width','200')"; $_SQL[] = "INSERT INTO {$_TABLES['mg_config']} VALUES ('gallery_tn_height','200')"; $_SQL[] = "INSERT INTO {$_TABLES['mg_config']} VALUES ('gallery_tn_width','200')"; } else { $_SQL[] = "ALTER TABLE {$_TABLES['mg_albums']} ADD `tnheight` INT NOT NULL DEFAULT '0' AFTER `tn_attached`"; $_SQL[] = "ALTER TABLE {$_TABLES['mg_albums']} ADD `tnwidth` INT NOT NULL DEFAULT '0' AFTER `tnheight`"; $_SQL[] = "ALTER TABLE {$_TABLES['mg_albums']} ADD `usealternate` TINYINT NOT NULL DEFAULT '0' AFTER `playback_type`"; $_SQL[] = "ALTER TABLE {$_TABLES['mg_albums']} ADD `skin` VARCHAR( 255 ) NOT NULL DEFAULT 'default' AFTER `album_order`"; $_SQL[] = "ALTER TABLE {$_TABLES['mg_albums']} ADD `rsschildren` TINYINT NOT NULL DEFAULT '0' AFTER `shopping_cart`"; $_SQL[] = "ALTER TABLE {$_TABLES['mg_albums']} ADD `mp3ribbon` TINYINT NOT NULL DEFAULT '0' AFTER `podcast`"; $_SQL[] = "ALTER TABLE {$_TABLES['mg_media']} ADD `artist` VARCHAR(255) NULL AFTER `media_watermarked`"; $_SQL[] = "ALTER TABLE {$_TABLES['mg_media']} ADD `album` VARCHAR(255) NULL AFTER `artist`"; $_SQL[] = "ALTER TABLE {$_TABLES['mg_media']} ADD `genre` VARCHAR(255) NULL AFTER `album`"; $_SQL[] = "ALTER TABLE {$_TABLES['mg_mediaqueue']} ADD `artist` VARCHAR(255) NULL AFTER `media_watermarked`"; $_SQL[] = "ALTER TABLE {$_TABLES['mg_mediaqueue']} ADD `album` VARCHAR(255) NULL AFTER `artist`"; $_SQL[] = "ALTER TABLE {$_TABLES['mg_mediaqueue']} ADD `genre` VARCHAR(255) NULL AFTER `album`"; $_SQL[] = "ALTER TABLE {$_TABLES['mg_sort']} ADD `referer` VARCHAR(255) NOT NULL DEFAULT '' AFTER `sort_datetime`"; $_SQL[] = "ALTER TABLE {$_TABLES['mg_sort']} ADD `keywords` VARCHAR(255) NOT NULL DEFAULT '' AFTER `referer`"; $_SQL[] = "CREATE TABLE {$_TABLES['mg_rating']} ( " . "`id` int(11) unsigned NOT NULL default '0', " . "`ip_address` varchar(14) NOT NULL, " . "`uid` mediumint(8) NOT NULL, " . "`media_id` varchar(40) NOT NULL, " . "`ratingdate` int(11) NOT NULL, " . "`owner_id` mediumint(8) NOT NULL default '2', " . "PRIMARY KEY (`id`), " . "KEY `owner_id` (`owner_id`));"; $_SQL[] = "INSERT INTO {$_TABLES['mg_config']} VALUES ('random_skin','mgShadow')"; $_SQL[] = "INSERT INTO {$_TABLES['mg_config']} VALUES ('at_border','1')"; $_SQL[] = "INSERT INTO {$_TABLES['mg_config']} VALUES ('at_align','auto')"; $_SQL[] = "INSERT INTO {$_TABLES['mg_config']} VALUES ('at_width','0')"; $_SQL[] = "INSERT INTO {$_TABLES['mg_config']} VALUES ('at_height','0')"; $_SQL[] = "INSERT INTO {$_TABLES['mg_config']} VALUES ('at_src','tn')"; $_SQL[] = "INSERT INTO {$_TABLES['mg_config']} VALUES ('at_autoplay','0')"; $_SQL[] = "INSERT INTO {$_TABLES['mg_config']} VALUES ('at_enable_link','1')"; $_SQL[] = "INSERT INTO {$_TABLES['mg_config']} VALUES ('at_delay','5')"; $_SQL[] = "INSERT INTO {$_TABLES['mg_config']} VALUES ('at_showtitle','0')"; $_SQL[] = "INSERT INTO {$_TABLES['mg_config']} VALUES ('use_flowplayer','0')"; $_SQL[] = "INSERT INTO {$_TABLES['mg_config']} VALUES ('search_columns','3')"; $_SQL[] = "INSERT INTO {$_TABLES['mg_config']} VALUES ('search_rows','4')"; $_SQL[] = "INSERT INTO {$_TABLES['mg_config']} VALUES ('search_playback_type','0')"; $_SQL[] = "INSERT INTO {$_TABLES['mg_config']} VALUES ('search_enable_views','1')"; $_SQL[] = "INSERT INTO {$_TABLES['mg_config']} VALUES ('search_enable_rating','1')"; $_SQL[] = "INSERT INTO {$_TABLES['mg_config']} VALUES ('gallery_only','0')"; $_SQL[] = "INSERT INTO {$_TABLES['mg_config']} VALUES ('ad_tn_height','200')"; $_SQL[] = "INSERT INTO {$_TABLES['mg_config']} VALUES ('ad_tn_width','200')"; $_SQL[] = "INSERT INTO {$_TABLES['mg_config']} VALUES ('gallery_tn_height','200')"; $_SQL[] = "INSERT INTO {$_TABLES['mg_config']} VALUES ('gallery_tn_width','200')"; } /* Execute SQL now to perform the upgrade */ for ($i = 1; $i <= count($_SQL); $i++) { COM_errorLOG("Media Gallery plugin 1.6.0 update: Executing SQL => " . current($_SQL)); DB_query(current($_SQL), 1); if (DB_error()) { COM_errorLog("SQL Error during Media Gallery plugin update", 1); return 1; } next($_SQL); } return 0; }
/** * Move blocks UP, Down and Switch Sides - Left and Right * */ function BLOCK_move($bid, $where) { global $_CONF, $_TABLES, $LANG21; $retval = ''; // if the block id exists if (DB_count($_TABLES['blocks'], "bid", $bid) == 1) { switch ($where) { case "up": $q = "UPDATE " . $_TABLES['blocks'] . " SET blockorder = blockorder-11 WHERE bid = '" . $bid . "'"; DB_query($q); break; case "dn": $q = "UPDATE " . $_TABLES['blocks'] . " SET blockorder = blockorder+11 WHERE bid = '" . $bid . "'"; DB_query($q); break; case "0": $q = "UPDATE " . $_TABLES['blocks'] . " SET onleft = '1', blockorder = blockorder-1 WHERE bid = '" . $bid . "'"; DB_query($q); break; case "1": $q = "UPDATE " . $_TABLES['blocks'] . " SET onleft = '0',blockorder = blockorder-1 WHERE bid = '" . $bid . "'"; DB_query($q); break; } } else { COM_errorLOG("block admin error: Attempt to move an non existing block id: {$bid}"); } echo COM_refresh($_CONF['site_admin_url'] . "/block.php"); return $retval; }
/** * Puts the datastructures for this plugin into the Geeklog database * * Note: Corresponding uninstall routine is in functions.inc * * @return boolean True if successful False otherwise * */ function plugin_install_now() { global $pi_name, $pi_version, $gl_version, $pi_url, $NEWTABLE, $DEFVALUES, $NEWFEATURE; global $_TABLES, $_CONF; COM_errorLog("Attempting to install the {$pi_name} Plugin", 1); $uninstall_plugin = 'plugin_uninstall_' . $pi_name; // Create the Plugins Tables require_once $_CONF['path'] . 'plugins/forum/sql/mysql_install_3.0.php'; for ($i = 1; $i <= count($_SQL); $i++) { $progress .= "executing " . current($_SQL) . "<br>\n"; COM_errorLOG("executing " . current($_SQL)); DB_query(current($_SQL), '1'); if (DB_error()) { COM_errorLog("Error Creating {$table} table", 1); $uninstall_plugin('DeletePlugin'); return false; exit; } next($_SQL); } COM_errorLog("Success - Created {$table} table", 1); // Insert Default Data foreach ($DEFVALUES as $table => $sql) { COM_errorLog("Inserting default data into {$table} table", 1); DB_query($sql, 1); if (DB_error()) { COM_errorLog("Error inserting default data into {$table} table", 1); $uninstall_plugin(); return false; exit; } COM_errorLog("Success - inserting data into {$table} table", 1); } // Create the plugin admin security group COM_errorLog("Attempting to create {$pi_name} admin group", 1); DB_query("INSERT INTO {$_TABLES['groups']} (grp_name, grp_descr) " . "VALUES ('{$pi_name} Admin', 'Users in this group can administer the {$pi_name} plugin')", 1); if (DB_error()) { $uninstall_plugin(); return false; exit; } COM_errorLog('...success', 1); $query = DB_query("SELECT max(grp_id) FROM {$_TABLES['groups']} "); list($group_id) = DB_fetchArray($query); // Save the grp id for later uninstall COM_errorLog('About to save group_id to vars table for use during uninstall', 1); DB_query("INSERT INTO {$_TABLES['vars']} VALUES ('{$pi_name}_admin', {$group_id})", 1); if (DB_error()) { $uninstall_plugin(); return false; exit; } COM_errorLog('...success', 1); // Add plugin Features foreach ($NEWFEATURE as $feature => $desc) { COM_errorLog("Adding {$feature} feature", 1); DB_query("INSERT INTO {$_TABLES['features']} (ft_name, ft_descr) " . "VALUES ('{$feature}','{$desc}')", 1); if (DB_error()) { COM_errorLog("Failure adding {$feature} feature", 1); $uninstall_plugin(); return false; exit; } $query = DB_query("SELECT max(ft_id) FROM {$_TABLES['features']} "); list($feat_id) = DB_fetchArray($query); COM_errorLog("Success", 1); COM_errorLog("Adding {$feature} feature to admin group", 1); DB_query("INSERT INTO {$_TABLES['access']} (acc_ft_id, acc_grp_id) VALUES ({$feat_id}, {$group_id})"); if (DB_error()) { COM_errorLog("Failure adding {$feature} feature to admin group", 1); $uninstall_plugin(); return false; exit; } COM_errorLog("Success", 1); } // OK, now give Root users access to this plugin now! NOTE: Root group should always be 1 COM_errorLog("Attempting to give all users in Root group access to {$pi_name} admin group", 1); DB_query("INSERT INTO {$_TABLES['group_assignments']} VALUES ({$group_id}, NULL, 1)"); if (DB_error()) { $uninstall_plugin(); return false; exit; } // Register the plugin with Geeklog COM_errorLog("Registering {$pi_name} plugin with Geeklog", 1); DB_delete($_TABLES['plugins'], 'pi_name', $pi_name); DB_query("INSERT INTO {$_TABLES['plugins']} (pi_name, pi_version, pi_gl_version, pi_homepage, pi_enabled) " . "VALUES ('{$pi_name}', '{$pi_version}', '{$gl_version}', '{$pi_url}', 1)"); if (DB_error()) { $uninstall_plugin(); return false; exit; } COM_errorLog("Succesfully installed the {$pi_name} Plugin!", 1); return true; }
function upgrade_30() { global $_TABLES; $_SQL = array(); $_SQL[] = "CREATE TABLE IF NOT EXISTS {$_TABLES['ff_bookmarks']} (\n uid mediumint(8) NOT NULL,\n topic_id int(11) NOT NULL,\n pid int(11) NOT NULL default '0',\n KEY topic_id (`topic_id`),\n KEY pid (pid),\n KEY uid (uid)\n ) ENGINE=MyISAM ;"; $_SQL[] = "CREATE TABLE IF NOT EXISTS {$_TABLES['ff_attachments']} (\n id` int(11) NOT NULL auto_increment,\n topic_id int(11) NOT NULL,\n repository_id int(11) default NULL,\n filename varchar(255) NOT NULL,\n tempfile tinyint(1) NOT NULL default '0',\n show_inline tinyint(4) NOT NULL default '0',\n PRIMARY KEY (id),\n KEY topic_id (topic_id)\n ) ENGINE=MyISAM;"; // Set default access to use attachments to be the Root group $_SQL[] = "ALTER TABLE {$_TABLES['ff_forums']} ADD use_attachment_grpid mediumint(8) DEFAULT '1' NOT NULL AFTER grp_id"; /* Execute SQL now to perform the upgrade */ for ($i = 1; $i <= count($_SQL); $i++) { COM_errorLOG("Forum Plugin 3.0 update: Executing SQL => " . current($_SQL)); DB_query(current($_SQL), '1'); if (DB_error()) { COM_errorLog("SQL Error during Forum plugin update", 1); return 1; break; } next($_SQL); } COM_errorLog("Success - Completed Forum plugin version 3.0 update", 1); return 0; }
function updateMenuRecord($mode) { global $_CONF, $CONF_NEXMENU, $_TABLES, $id, $idCurrent; $parent = ppPrepareForDB($_POST['menu_parent']); $order = ppPrepareForDB($_POST['menu_order']); $label = addslashes(ppPrepareForDB(htmlspecialchars($_POST['menu_label'], ENT_QUOTES, $CONF_NEXMENU['charset']))); $image = ppPrepareForDB($_POST['menu_image']); $menutype = ppPrepareForDB($_POST['menutype']); $menu_location = ppPrepareForDB($_POST['menu_location']); $coremenutype = ppPrepareForDB($_POST['coremenutype']); $phpfunction = ppPrepareForDB($_POST['phpfunction']); $grp_access = ppPrepareForDB($_POST['grp_access']); $is_enabled = isset($_POST['menu_status']) ? 1 : 0; if ($label == '') { $GLOBALS['statusmsg'] = 'Error adding or updating Record. Label can not be blank'; return; } switch ($menutype) { case 1: $url = $_POST['menu_url']; break; case 2: $url = $_POST['menu_url']; break; case 3: $url = ''; break; case 4: $url = $CONF_NEXMENU['coremenu'][$coremenutype]; break; case 5: $url = $phpfunction; break; } if ($mode == 'add') { if ($order < 1) { $query = DB_query("SELECT MAX(menuorder) FROM {$_TABLES['nexmenu']} WHERE pid={$parent}"); list($order) = DB_fetchArray($query); $order++; } $sql = "INSERT INTO {$_TABLES['nexmenu']} (pid,menutype,location,menuorder,label,url,grp_access,image,is_enabled) "; $sql .= "VALUES ('{$parent}','{$menutype}','{$menu_location}','{$order}','{$label}','{$url}','{$grp_access}','{$image}','{$is_enabled}')"; DB_query($sql); $GLOBALS['id'] = DB_insertID(); $GLOBALS['statusmsg'] = 'Record Added'; $idCurrent = DB_insertID(); // Make the new record the current record foreach ($_POST['alternatelabel'] as $langid => $languagelabel) { if (trim($languagelabel) != '') { if (DB_count($_TABLES['nexmenu_language'], array('menuitem', 'language'), array($id, $langid))) { DB_query("UPDATE {$_TABLES['nexmenu_language']} SET label = '{$languagelabel}' WHERE menuitem={$idCurrent} AND language={$langid} "); } else { DB_query("INSERT INTO {$_TABLES['nexmenu_language']} (menuitem,language,label) VALUES ({$idCurrent},{$langid},'{$languagelabel}')"); } } } } elseif (DB_count($_TABLES['nexmenu'], "id", $id) == 1) { if ($order < 1) { $query = DB_query("SELECT MAX(menuorder) FROM {$_TABLES['nexmenu']} WHERE pid={$parent}"); list($order) = DB_fetchArray($query); $order++; } /* Check if this is a menu and the location has changed (header or block location of menu */ $curLocation = DB_getItem($_TABLES['nexmenu'], "location", "id='{$id}'"); if ($menutype == 3 and $menu_location != '$curlocation') { /* update any menuitems or submenus as well - need to move them all */ updateFolderLocation($id, $menu_location); } $sql = "UPDATE {$_TABLES['nexmenu']} SET pid='{$parent}',menutype='{$menutype}',location='{$menu_location}', image='{$image}', "; $sql .= "menuorder='{$order}',label='{$label}', url='{$url}',grp_access='{$grp_access}',is_enabled='{$is_enabled}' WHERE id='{$id}'"; DB_query($sql); foreach ($_POST['alternatelabel'] as $langid => $languagelabel) { if (trim($languagelabel) != '') { if (DB_count($_TABLES['nexmenu_language'], array('menuitem', 'language'), array($id, $langid))) { DB_query("UPDATE {$_TABLES['nexmenu_language']} SET label = '{$languagelabel}' WHERE menuitem={$id} AND language={$langid} "); } else { DB_query("INSERT INTO {$_TABLES['nexmenu_language']} (menuitem,language,label) VALUES ({$id},{$langid},'{$languagelabel}')"); } } } $GLOBALS['statusmsg'] = 'Record Updated'; } else { COM_errorLOG("nexmenu Plugin: Admin Error updating Record"); $GLOBALS['statusmsg'] = 'Error adding or updating Record'; } }
/** * Creates an <option> list from a database list for use in forms * * Creates option list form field using given arguments * * @param string $mode modes are edit,read,options, or alist. * 'edit' returns a HTML selectbox, * 'read' just the value * 'fread' just read the value, but take into account any functions * 'options' returns the select options without the <select> </select> HTML * 'alist' an array of values. * @param string $varname Fieldname to use for the formated HTML * @param string $listid ID of the nexlist List Definition to get data from * @param string $fieldnum Fieldnum from the list to be used in for the selectbox options. * @param string/array $selected Value(s) (from $selection) to set to SELECTED or default * @param string $where Optional Value(s) to use in where clause. * Format 'fieldnum:match,fieldnum:match' - can be 1 match or multiple * @param integer $classname Option value used by Dynamic Selectbox Javascript to show a filtered list of options $ @param boolean $noDefault If set true then don't add the <option value=0>Select Value</option> * @return string Formated HTML of option values * * Examples: $mktgMgrUid = nexlistOptionList('read','',43, 2, '',"0:$division,1:$product"); * Read from list 43 - get list field 3 where field1 matches the division and field2 matches the product * Returns a single value * */ function nexlistOptionList($mode, $varname, $listid, $fieldnum = 0, $selected = '', $where = '', $classvalue = -1, $noDefault = false, $sortOrder = '') { global $_TABLES; $retval = ''; $options = array(); //check to see if this field uses a function, and if so, which function $used_lists = array(); //keep track of lists used to stop possible infinate loop while (1) { if (!in_array("{$listid},{$fieldnum}", $used_lists)) { $used_lists[] = "{$listid},{$fieldnum}"; $res = DB_query("SELECT value_by_function FROM {$_TABLES['nexlistfields']} WHERE lid={$listid}"); $i = -1; while ($i != $fieldnum and $R = DB_fetchArray($res)) { $func = $R['value_by_function']; $i++; } if (strpos($func, '[list:') !== false) { $values = str_replace('[list:', '', $func); $values = str_replace(']', '', $values); $v_arr = explode(',', $values); $listid = $v_arr[0]; $fieldnum = $v_arr[1]; } else { break; } } else { break; } } // Check if where option is passed in and valid - ie has 2 parms $whereoption = false; $whereoptions = explode(',', $where); if (count($whereoptions) > 0) { $whereparms = array(); foreach ($whereoptions as $whereclause) { if ($whereclause != '' and strpos($whereclause, ':') > 0) { // Break out the two parms in where clause - List Field ID and Value $parms = explode(':', $whereclause); if (count($parms) == 2) { $whereparms[$parms['0']] = $parms['1']; $whereoption = true; } } } } if ($CONF_LL['debug']) { COM_errorLOG("nexlistOptionList -> mode:{$mode}, varname:{$varname},listid:{$listid},fieldnum:{$fieldnum}, selected:{$selected}"); } // Get field id for the selected field $q1 = DB_query("SELECT fieldname FROM {$_TABLES['nexlistfields']} WHERE lid='{$listid}' ORDER BY id"); if (DB_numRows($q1) == 0) { return ''; } $q2 = DB_query("SELECT id, value FROM {$_TABLES['nexlistitems']} WHERE lid='{$listid}' ORDER BY itemorder asc, id asc"); while (list($id, $values) = DB_fetchArray($q2)) { $avalues = explode(',', $values); if ($whereoption) { $match = false; // Cycle thru the Where fields and look for a match - Array key is the list Field ID $match = 0; foreach ($whereparms as $key => $matchvalue) { if ($avalues[$key] == $matchvalue) { $match++; } } if ($match == count($whereparms)) { if (function_exists($func) and $mode != 'read') { $options[$id] = $func('view', '', $options[$id]); } else { $options[$id] = $avalues[$fieldnum]; } } } else { if (function_exists($func) and $mode != 'read') { $options[$id] = $func('view', '', $avalues[$fieldnum]); } else { $options[$id] = $avalues[$fieldnum]; } } } //sort the array if ($sortOrder == 'asc') { asort($options); } else { if ($sortOrder == 'desc') { arsort($options); } } if ($mode == 'edit') { $retval = '<select id="' . $varname . '" name="' . $varname . '">'; if (!$noDefault) { $retval .= '<option value="0">Select Value</option>'; } foreach ($options as $key => $label) { if ($classvalue != -1) { $A = explode(',', DB_getItem($_TABLES['nexlistitems'], 'value', "id={$key}")); $class = "class=\"{$A[$classvalue]}\" "; } if ($key == $selected) { $retval .= '<option ' . $class . 'value="' . $key . '" SELECTED>' . $label . '</option>'; } else { $retval .= '<option ' . $class . 'value="' . $key . '">' . $label . '</option>'; } } $retval .= '</select>'; } elseif ($mode == 'options') { if (!$noDefault) { $retval .= '<option value="0">Select Value</option>'; } foreach ($options as $key => $label) { if ($classvalue != -1) { $A = explode(',', DB_getItem($_TABLES['nexlistitems'], 'value', "id={$key}")); $class = "class=\"{$A[$classvalue]}\" "; } $aselected = array(); if (!is_array($selected)) { $aselected[] = $selected; } else { $aselected = $selected; } if (in_array($key, $aselected)) { $retval .= '<option ' . $class . 'value="' . $key . '" SELECTED>' . $label . '</option>'; } else { $retval .= '<option ' . $class . 'value="' . $key . '">' . $label . '</option>'; } } } elseif ($mode == 'alist') { if ($classvalue != -1) { $classOptions = array(); foreach ($options as $key => $label) { $A = explode(',', DB_getItem($_TABLES['nexlistitems'], 'value', "id={$key}")); $class = "class={$A[$classvalue]} "; $classOptions[$key] = "{$label},{$class}"; } return $classOptions; } else { return $options; } } else { if ($selected != '' and count($options) > 1) { return $options[$selected]; } else { return current($options); } } return $retval; }
if (isset($_GET['tid'])) { $lid = COM_applyFilter($_GET['tid'], true); $tempFile = 1; $status = ' status = 0'; } if ($tempFile == 1 && !SEC_hasRights('filemgmt.edit')) { exit; } $REMOTE_ADDR = $_SERVER['REMOTE_ADDR']; $groupsql = filemgmt_buildAccessSql(); $sql = "SELECT COUNT(*) FROM {$_TABLES['filemgmt_filedetail']} a "; $sql .= "LEFT JOIN {$_TABLES['filemgmt_cat']} b ON a.cid=b.cid "; $sql .= "WHERE a.lid='" . DB_escapeString($lid) . "' {$groupsql}"; list($testaccess_cnt) = DB_fetchArray(DB_query($sql)); if ($testaccess_cnt == 0 or DB_count($_TABLES['filemgmt_filedetail'], "lid", DB_escapeString($lid)) == 0) { COM_errorLOG("filemgmt visit.php ERROR: Invalid attempt to download a file. User:{$_USER['username']}, File ID:{$lid}"); echo COM_refresh($_CONF['site_url'] . '/filemgmt/index.php'); exit; } else { $result = DB_query("SELECT url,platform FROM {$_TABLES['filemgmt_filedetail']} WHERE lid='" . DB_escapeString($lid) . "' AND " . $status); list($url, $tmpnames) = DB_fetchArray($result); if ($tempFile == 1) { $tmpfilenames = explode(";", $tmpnames); $tempfilepath = $filemgmt_FileStore . 'tmp/' . $tmpfilenames[0]; } else { DB_query("INSERT INTO {$_TABLES['filemgmt_history']} (uid, lid, remote_ip, date) VALUES ({$uid}, '" . DB_escapeString($lid) . "', '" . DB_escapeString($_SERVER['REMOTE_ADDR']) . "', NOW())") or $eh->show("0013"); DB_query("UPDATE {$_TABLES['filemgmt_filedetail']} SET hits=hits+1 WHERE lid='" . DB_escapeString($lid) . "' AND status>0"); } $allowed_protocols = array('http', 'https', 'ftp'); $found_it = false; COM_accessLog("Visit.php => Download File:{$url}, User ID is:{$uid}");
function approve() { global $_TABLES, $_TABLES, $_CONF, $myts, $eh, $filemgmt_FileStore, $filemgmt_SnapStore, $filemgmt_Emailoption, $filemgmtFilePermissions; $lid = (int) COM_applyFilter($_POST['lid'], true); $title = $_POST['title']; $cid = intval($_POST['cid']); if (empty($cid)) { $cid = 0; } $homepage = $_POST['homepage']; $version = $_POST['version']; $size = isset($_POST['size']) ? COM_applyFilter($_POST['size'], true) : 0; $description = $_POST['description']; if ($_POST['url'] || $_POST['url'] != '') { $name = $myts->makeTboxData4Save($_POST['url']); $url = rawurlencode($name); } if ($_POST['logourl'] || $_POST['logourl'] != '') { $shotname = $myts->makeTboxData4Save($_POST['logourl']); $logourl = $myts->makeTboxData4Save(rawurlencode($_POST['logourl'])); } else { $logourl = ''; $shotname = ''; } $result = DB_query("SELECT COUNT(*) FROM {$_TABLES['filemgmt_filedetail']} WHERE url='{$url}' and status=1"); list($numrows) = DB_fetchArray($result); // Comment out this check if you want to allow duplicate filelistings for same file in the repository // Check for duplicate files of the same filename (actual filename in repository) if ($numrows > 0) { $eh->show("1108"); } $title = $myts->makeTboxData4Save($title); $homepage = $myts->makeTboxData4Save($homepage); $version = $myts->makeTboxData4Save($_POST['version']); $size = $myts->makeTboxData4Save($size); $description = $myts->makeTareaData4Save($description); $commentoption = (int) COM_applyFilter($_POST["commentoption"], true); // Move file from tmp directory under the document filestore to the main file directory // Now to extract the temporary names for both the file and optional thumbnail. I've used th platform field which I'm not using now for anything. $tmpnames = explode(";", DB_getItem($_TABLES['filemgmt_filedetail'], 'platform', "lid='{$lid}'")); $tmpfilename = $tmpnames[0]; if (isset($tmpnames[1])) { $tmpshotname = $tmpnames[1]; } else { $tmpshotname = ''; } $tmp = $filemgmt_FileStore . "tmp/" . $tmpfilename; if (file_exists($tmp) && !is_dir($tmp)) { // if this temporary file was really uploaded? $newfile = $filemgmt_FileStore . $name; COM_errorLOG("File move from " . $tmp . " to " . $newfile); $rename = @rename($tmp, $newfile); COM_errorLOG("Results of rename is: " . $rename); $chown = @chmod($newfile, $filemgmtFilePermissions); if (!file_exists($newfile)) { COM_errorLOG("Filemgmt upload approve error: New file does not exist after move of tmp file: '" . $newfile . "'"); $AddNewFile = false; // Set false again - in case it was set true above for actual file $eh->show("1101"); } else { $AddNewFile = true; } } else { COM_errorLOG("Filemgmt upload approve error: Temporary file does not exist: '" . $tmp . "'"); $eh->show("1101"); } if ($tmpshotname != "") { $tmp = $filemgmt_SnapStore . "tmp/" . $tmpshotname; if (file_exists($tmp) && !is_dir($tmp)) { // if this temporary Thumbnail was really uploaded? $newfile = $filemgmt_SnapStore . $shotname; $rename = @rename($tmp, $newfile); $chown = @chmod($newfile, $filemgmtFilePermissions); if (!file_exists($newfile)) { COM_errorLOG("Filemgmt upload approve error: New file does not exist after move of tmp file: '" . $newfile . "'"); $AddNewFile = false; // Set false again - in case it was set true above for actual file $eh->show("1101"); } } else { COM_errorLOG("Filemgmt upload approve error: Temporary file does not exist: '" . $tmp . "'"); $eh->show("1101"); } } if ($AddNewFile) { DB_query("UPDATE {$_TABLES['filemgmt_filedetail']} SET cid='{$cid}', title='{$title}', url='{$url}', homepage='{$homepage}', version='{$version}', logourl='{$logourl}', status=1, date=" . time() . ", comments={$commentoption} where lid='{$lid}'"); DB_query("UPDATE {$_TABLES['filemgmt_filedesc']} SET description='{$description}' where lid='{$lid}'"); PLG_itemSaved($lid, 'filemgmt'); CACHE_remove_instance('whatsnew'); // Send a email to submitter notifying them that file was approved if ($filemgmt_Emailoption) { $result = DB_query("SELECT username, email FROM {$_TABLES['users']} a, {$_TABLES['filemgmt_filedetail']} b WHERE a.uid=b.submitter and b.lid='{$lid}'"); list($submitter_name, $emailaddress) = DB_fetchArray($result); $mailtext = sprintf(_MD_HELLO, $submitter_name); $mailtext .= ",\n\n" . _MD_WEAPPROVED . " " . $title . " \n" . _MD_THANKSSUBMIT . "\n\n"; $mailtext .= "{$_CONF["site_name"]}\n"; $mailtext .= "{$_CONF['site_url']}\n"; //COM_errorLOG("email: ".$emailaddress.", text: ".$mailtext); $to = array(); $to = COM_formatEmailAddress($submitter_name, $emailaddress); COM_mail($to, _MD_APPROVED, $mailtext); } } CACHE_remove_instance('whatsnew'); redirect_header("{$_CONF['site_admin_url']}/plugins/filemgmt/index.php?op=listNewDownloads", 2, _MD_NEWDLADDED); exit; }
/** * nexform_showFormFields: Main function that generates the HTML for the fields * Called from function nexform_showform() * * @param string $formid Required: form id to generate html for * @param object $template Required: Passed by reference the template object being used * @parm string $resultid Optional: Result Record ID if we need to show the posted results * @param string $mode Optional: Valid values are 'view,edit','print' * @param string $linked_formnum Optional: Used when multiple forms are linked * Example: form 1 of 3, this function will be called 3 times, this parm will be 1 . 2 and then 3 * Used to not show multiple submit buttons but allow a subform to be called on it's own if need. * $param boolean $dynamic Optional: Set to integer value to indicate dynamic form instance. * @return mixed returns formatted HTML for all fields * **/ function nexform_showFormFields($formid, $form_action, &$template, $resultid = 0, $mode = 'view', $linked_formnum = 1, $dynamic = '') { global $_CONF, $_TABLES, $_STATES, $CONF_FE, $LANG_FEMSG; $lines = 5; $i = 1; // Used to count the number of fields $fields = 'id,formid,tfid,field_name,type,fieldorder,label,style,col_width,col_padding,label_padding,'; $fields .= 'is_vertical,is_newline,is_mandatory,is_searchfield,is_resultsfield,is_reverseorder,field_help,'; $fields .= 'field_attributes,field_values,value_by_function,validation,javascript,is_internaluse,hidelabel'; $fieldquery = DB_query("SELECT {$fields} FROM {$_TABLES['nxform_fields']} WHERE formid='{$formid}' ORDER BY fieldorder"); $prevnewline = false; $is_lastfield = false; $is_firstfield = true; $cssid = 1; $groupEditAccess = DB_getItem($_TABLES['nxform_definitions'], 'perms_edit', "id='{$formid}'"); if ($mode != 'print' and DB_getItem($_TABLES['nxform_definitions'], 'show_mandatory_note', "id='{$formid}'") == 1) { $show_mandatory = true; } else { $show_mandatory = false; } /* Un-encode the fieldset definitions and display them as records if any exist */ $ofieldset = DB_getItem($_TABLES['nxform_definitions'], 'fieldsets', "id='{$formid}'"); if (trim($ofieldset != '')) { $afieldsets = unserialize($ofieldset); // Array of fieldset definitions } $fieldset_mode = false; while (list($fieldID, $formID, $tfid, $field_name, $type, $fieldorder, $label, $style, $col_width, $col_padding, $label_padding, $is_vertical, $newline, $mandatory, $searchfield, $reportfield, $is_reverseorder, $field_help, $field_attributes, $field_value, $use_function, $validation, $javascript, $is_internaluse, $hidelabel) = DB_fetchArray($fieldquery)) { if ($is_internaluse == 0 or $is_internaluse == 1 and SEC_inGroup($groupEditAccess)) { $javascript = nexform_replaceFieldTags($formid, $dynamic, $javascript); $label = stripslashes($label); $field_attributes = stripslashes($field_attributes); $nextfieldquery = DB_query("SELECT is_newline,type FROM {$_TABLES['nxform_fields']} WHERE formid='{$formid}' AND fieldorder > {$fieldorder} AND type NOT IN ('cancel','submit','hidden') ORDER BY fieldorder LIMIT 1"); if (DB_numRows($nextfieldquery) == 0) { $is_lastfield = true; } list($nextfield_linetype, $nextfield_type) = DB_fetchArray($nextfieldquery); //echo "<br>Field: $label, Order:$fieldorder => Current linetype:$newline and Next linetype:$nextfield_linetype"; //echo "<br>Fieldvalue: $field_value, ResultID:$resultid"; if ($newline and $nextfield_linetype or $parsedLastRecordline and $is_lastfield) { $recStyle = 'recstyle1'; } else { $recStyle = 'recstyle2'; } $template->set_var("cssid", $cssid); if ($is_firstfield) { $parsedLastRecordline = true; } if (is_numeric($col_width)) { $template->set_var('field_width', "width:{$col_width}%;"); } elseif (isset($CONF_FE['field_defaultspacing']) and $CONF_FE['fiel1_defaultspacing'] > 0) { $template->set_var('field_width', "width:{{$CONF_FE['field_defaultspacing']}}%;"); } elseif ($type == 'textarea2') { $template->set_var('field_width', 'width:99%;'); } else { $template->set_var('field_width', ''); } if (is_numeric($col_padding)) { $template->set_var('cell_padding', $col_padding); } else { $template->set_var('cell_padding', $CONF_FE['field_defaultrightpadding']); } if (is_numeric($label_padding)) { $template->set_var('label_padding', $label_padding); } else { $template->set_var('label_padding', $CONF_FE['field_defaultlabelpadding']); } if (trim($field_help) != '') { $template->set_var('help_message', $field_help); $template->parse('field_help', 'fieldhelp'); } else { $template->set_var('field_help', ''); } if ($is_lastfield or $is_firstfield and $nextfield_linetype) { $parseRecord = 1; $cssid = $cssid == 2 ? 1 : 2; } elseif (!$newline and !$nextfield_linetype or $newline and !$nextfield_linetype) { $parseRecord = 0; } else { $parseRecord = 1; $cssid = $cssid == 2 ? 1 : 2; } // Check if this field is not part of a fieldset definition if (!$fieldset_mode) { //echo "<br>Field $tfid. Set fset template vars to blanks"; $template->set_var('fset_begin', ''); $template->set_var('fset_end', ''); } if (is_array($afieldsets)) { $lines += 1; foreach ($afieldsets as $fset_id => $fieldset) { $fset = explode('::', $afieldsets[$i]); if ($mode != 'print') { if ($tfid == $fieldset['begin']) { $template->set_var('fset_label', $fieldset['label']); $template->parse('fset_begin', 'fieldsetbegin'); $fieldset_mode = true; } if ($tfid == $fieldset['end']) { $template->parse('fset_end', 'fieldsetend'); } } else { if ($tfid == $fieldset['begin']) { $template->set_var('fset_label', $fieldset['label']); $template->parse('fset_begin', 'printfieldsetbegin'); $fieldset_mode = true; } if ($tfid == $fieldset['end']) { $template->parse('fset_end', 'printfieldsetend'); } } } } if ($is_vertical == 1) { if ($recStyle == 'recstyle1') { if ($is_reverseorder) { $fieldStyle = 'fieldstyle2R'; } else { $fieldStyle = 'fieldstyle2'; } } else { if ($is_reverseorder) { $fieldStyle = 'fieldstyle3R'; } else { $fieldStyle = 'fieldstyle3'; } } } else { if ($is_reverseorder) { $fieldStyle = 'fieldstyle1R'; } else { $fieldStyle = 'fieldstyle1'; } } if ($type == 'mfile') { //$fieldStyle = 'fieldstyle4'; if ($resultid == 0 or $mode == 'edit') { $template->set_var('showfilectl', ''); } else { $template->set_var('showfilectl', 'none'); } } elseif ($type == 'mtxt') { if ($is_vertical == 1) { $fieldStyle = 'fieldstyle5R'; } else { $fieldStyle = 'fieldstyle5'; } if ($resultid == 0 or $mode == 'edit') { $template->set_var('showfieldctl', ''); } else { $template->set_var('showfieldctl', 'none'); } } //echo "<br>FormID: $formid, Field: $fieldID, Name:$field_name, Label: $label, Type:$type"; //echo "<br>value:$field_value, Next Fieldtype:$nextfield_type, parseRecord is: $parseRecord"; //echo "<br> Template ID:$tfid, Type:$type, fieldStyle:$fieldStyle, recStyle:$recStyle, "; //echo " parseRecord is: $parseRecord, parsedLastRecord:$parsedLastRecordline, ReverseLabel:$is_reverseorder "; //echo "<br> FieldID:$fieldID, FieldAttributes: $field_attributes,fieldset_mode:$fieldset_mode"; //echo "Labelclass:" . $CONF_FE['fieldstyles'][$style][1]; if ($type != 'hidden' and $type != 'heading') { $template->set_var('hidelabel', ''); if ($mandatory) { if (!$hidelabel) { if ($show_mandatory) { $template->set_var('label', "{$label}<span style=\"color:red;padding-left:5px;\">*</span>"); } else { $template->set_var('label', "{$label}"); } } else { $template->set_var("label", ''); $template->set_var('hidelabel', 'none'); } if ($type == 'radio' or $type == 'checkbox' or $type == 'multicheck') { $validatetag = "required=\"1\" Realname=\"{$label}\""; } elseif ($type == 'select') { $validatetag = "required=\"1\" exclude=\"-1\" {$validation} minlength=\"1\" Realname=\"{$label}\""; } elseif ($type == 'mfile') { $validatetag = "required=\"1\" callback=\"validate_mfile_field\""; } else { $validatetag = "required=\"1\" {$validation} minlength=\"1\" Realname=\"{$label}\""; } } else { $validatetag = ''; if (!$hidelabel) { $template->set_var('label', "{$label}"); } else { $template->set_var("label", ''); $template->set_var('hidelabel', 'none'); } } $fieldLableStyle = $CONF_FE['fieldstyles'][$style]; next($fieldLableStyle); $template->set_var('labelclass', key($fieldLableStyle)); $field_attributes = str_replace(',', ' ', $field_attributes); } else { $template->set_var('labelclass', ''); $template->set_var('label', ''); } if ($mode == 'print' and $CONF_FE['fieldstyles'][$style][1] == 'frm_label1') { $template->set_var('cell_padding', '20'); } if (DB_getItem($_TABLES['nxform_definitions'], 'post_method', "id='{$formid}'") == 'posturl') { $customfieldmode = true; } else { $customfieldmode = false; } $field_html = ''; if ($type != 'hidden' and $resultid > 0) { // Viewing detail of a previous posted form data - retrieve the field value switch ($type) { case 'textarea1': case 'textarea2': $field_value = DB_getItem($_TABLES['nxform_restext'], 'field_data', "result_id='{$resultid}' AND field_id='{$fieldID}'"); $field_value = stripslashes($field_value); break; case 'file': // generate link to uploaded file $field_value = DB_getItem($_TABLES['nxform_resdata'], 'field_data', "result_id='{$resultid}' AND field_id='{$fieldID}'"); $filename = explode(':', $field_value); //echo "<br>fieldid:$fieldID, result id:$resultid, field_value:$field_value"; if (!empty($field_value)) { $field_html = "<a href=\"{$CONF_FE['public_url']}/download.php?id={$fieldID}&rid={$resultid}\" target=\"_new\">{$filename[1]}</a>"; } else { $field_html = 'N/A'; } break; case 'mfile': // generate link to uploaded file $mquery = DB_query("SELECT id,field_data FROM {$_TABLES['nxform_resdata']} WHERE result_id='{$resultid}' AND field_id='{$fieldID}'"); if ($CONF_FE['debug']) { COM_errorLOG("Displaying form result:{$resultid} - field:{$fieldID}"); } $usetable = false; if (DB_numRows($mquery) > 0) { if ($CONF_FE['debug']) { COM_errorLog("Displaying form result:{$resultid} - found files"); } $field_html = '<table border="0"><tr style="vertical-align:top;">'; $usetable = true; $i = 0; } if (is_array($dynamic)) { $inputfilename = "mfile_frm{$dynamic['0']}_{$dynamic['1']}_{$fieldID}_{$dynamic['2']}"; } elseif ($customfieldmode and $field_name != '') { $inputfilename = "{$field_name}"; } else { $inputfilename = "mfile_frm{$formID}_{$fieldID}"; } while (list($rec, $field_value) = DB_fetchArray($mquery)) { $field_html .= '<td align="left">'; $filename = explode(':', $field_value); if (!empty($field_value)) { $field_html .= '<table border="0"><tr><td align="left"> '; $field_html .= "<a href=\"{$CONF_FE['public_url']}/download.php?id={$rec}\" target=\"_new\">"; $field_html .= "<img src=\"{$CONF_FE['image_url']}/document_sm.gif\" border=\"0\">{$filename[1]}</a> "; if ($mode == 'edit') { $field_html .= "<a href=\"#\" onClick='ajaxDeleteFile({$fieldID},{$rec},\"{$inputfilename}\"); return false;'>"; $field_html .= "<img src=\"{$CONF_FE['image_url']}/delete.gif\" border=\"0\"></a> "; } $field_html .= "</td></tr></table>"; } else { $field_html = 'N/A '; } $field_html .= '</td>'; $i++; $field_html .= '</tr><tr style="vertical-align:top;">'; } $mfile_count = $i; if ($usetable) { $field_html .= '</tr></table>'; } break; case 'submit': case 'cancel': break; default: // Check if custom field - if so then data is in text field table if (array_key_exists($type, $CONF_FE['customfieldmap'])) { $field_value = DB_getItem($_TABLES['nxform_restext'], 'field_data', "result_id='{$resultid}' AND field_id='{$fieldID}'"); } else { $field_value = DB_getItem($_TABLES['nxform_resdata'], 'field_data', "result_id='{$resultid}' AND field_id='{$fieldID}'"); } break; } // switch } /* Code to handle assigning a value to field by Function */ $function_datavalues = ''; $setresult = false; if ($use_function) { if ($resultid > 0) { $fvalue = DB_getItem($_TABLES['nxform_fields'], "field_values", "id='{$fieldID}'"); // Check if autotag is being used for value if (strpos($fvalue, '[' === FALSE)) { $function = explode(':', $fvalue); if (function_exists($function[0])) { $function_datavalues = $function[0]($function[1], $fieldID); } } else { // - Assume autotag is being used = if [ is in value like the autotag format $function_datavalues = nexform_getAutotagValues($fvalue, $type, $field_value, $fieldID); } } else { // Check if autotag is being used for value - assume so if [ is in value like the autotag format if (strpos($field_value, '[') === FALSE) { /* Not an autotag so assume a function has been defined with parms in () * Example: userprofile(name) // Show the user's name * userprofile(location) // Show the user's location * capitalreq(deptcodes) // Show a list of department billing codes * Any number of parms can be in the definition - up to your function to sort out */ $function = explode('(', $field_value); $function[1] = str_replace(')', '', $function[1]); // Strip out trailing ) in the parms value if (function_exists($function[0])) { $function_datavalues = $function[0]($function[1], $fieldID); } } else { // - Assume autotag is being used = if [ is in value like the autotag format $function_datavalues = nexform_getAutotagValues($field_value, $type, '', $fieldID); } } if (!is_array($function_datavalues)) { $function_datavalues = stripslashes($function_datavalues); } } $is_firstfield = false; if ($mode == 'print') { if (!is_array($dynamic)) { $resultid = COM_applyFilter($_GET['result'], true); } //if not saved in database yet - show current values if ($resultid == 0) { switch ($type) { case 'date1': if ($_POST[$field_name] == '') { $field_name = str_replace('da1_ftm', 'da1_frm', $field_name); } $field_value = $_POST[$field_name]; break; case 'mtxt': $field_value = implode('|', $_POST[$field_name]); break; case 'multicheck': if (get_magic_quotes_gpc()) { if (is_array($_POST[$field_name])) { foreach ($_POST[$field_name] as $key => $value) { $_POST[$field_name][$key] = stripslashes($_POST[$field_name][$key]); } } } break; case 'file': case 'mfile': $tmpid = COM_applyFilter($_GET['rid'], true); $resultid = $tmpid != 0 ? $tmpid : $resultid; break; default: if (strpos($field_name, 'cust') !== false) { foreach ($_POST as $var => $value) { $parts = explode('_', $var); $fieldtype = $parts[0]; $field_id = (int) $parts[2]; if (is_array($value) and $fieldtype == 'cust') { $subfield = $parts[3]; foreach ($value as $subfield_value) { $subfield_value = stripslashes($subfield_value); $custom_fields[$field_id][$subfield][] = $subfield_value; } } } if (count($custom_fields) > 0) { foreach ($custom_fields as $field_id => $value) { $_POST[$field_name] = serialize($value); } } } else { $field_value = $_POST[$field_name]; } break; } $field_value = stripslashes($field_value); } } switch ($type) { case 'hidden': if (is_array($dynamic)) { $fieldname = "hid_frm{$dynamic['0']}_{$dynamic['1']}_{$fieldID}_{$dynamic['2']}"; } elseif ($customfieldmode and $field_name != '') { $fieldname = $field_name; } else { $fieldname = "hid_frm{$formID}_{$fieldID}"; } $field_html = "<input type=\"hidden\" id=\"{$fieldname}\" name=\"{$fieldname}\" value=\"{$field_value}\" >"; $template->set_var('field', "{$field_html}"); if ($parsedLastRecordline) { $template->parse('fields', $fieldStyle); } else { $template->parse('fields', $fieldStyle, true); } if ($parseRecord) { $template->parse('form_records', $recStyle, true); $parsedLastRecordline = true; } else { $parsedLastRecordline = false; } break; case 'date1': if ($mode != 'print') { if (is_array($dynamic)) { $fieldname = "da1_frm{$dynamic['0']}_{$dynamic['1']}_{$fieldID}_{$dynamic['2']}"; } elseif ($customfieldmode and $field_name != '') { $fieldname = $field_name; } else { $fieldname = "da1_frm{$formID}_{$fieldID}"; } $field_html = "<input type=\"text\" id=\"{$fieldname}\" name=\"{$fieldname}\" "; if ($resultid == 0 and $function_datavalues != '') { $field_html .= "value=\"{$function_datavalues}\" "; } else { $field_html .= "value=\"{$field_value}\" "; } if (!empty($field_attributes)) { $field_html .= html_entity_decode($field_attributes); } elseif (!empty($CONF_FE['defaultattributes']['date1'])) { $field_html .= html_entity_decode(key($CONF_FE['defaultattributes']['date1'])); } $field_html .= " {$validatetag} "; $field_html .= html_entity_decode($javascript); if ($mode == 'review') { $field_html .= ' READONLY'; } $field_html .= '>'; } else { $field_html .= $field_value; } $template->set_var('field', "{$field_html}"); if ($parsedLastRecordline) { $template->parse('fields', $fieldStyle); } else { $template->parse('fields', $fieldStyle, true); } if ($parseRecord) { $template->parse('form_records', $recStyle, true); $parsedLastRecordline = true; } else { $parsedLastRecordline = false; } break; case 'date2': // Date Field with Popup DHTML Calendar if ($mode != 'print') { if (is_array($dynamic)) { $fieldname = "da2_frm{$dynamic['0']}_{$dynamic['1']}_{$fieldID}_{$dynamic['2']}"; } elseif ($customfieldmode and $field_name != '') { $fieldname = $field_name; } else { $fieldname = "da2_frm{$formID}_{$fieldID}"; } $field_html = "<input type=\"text\" id=\"{$fieldname}\" name=\"{$fieldname}\" "; if ($resultid == 0 and $function_datavalues != '') { $field_html .= "value=\"{$function_datavalues}\" "; } else { $field_html .= "value=\"{$field_value}\" "; } if (!empty($field_attributes)) { $field_html .= html_entity_decode($field_attributes); } elseif (!empty($CONF_FE['defaultattributes']['date2'])) { $field_html .= html_entity_decode(key($CONF_FE['defaultattributes']['date2'])); } $field_html .= " {$validatetag} "; $field_html .= html_entity_decode($javascript); if ($mode == 'review') { $field_html .= ' READONLY'; $field_html .= '>'; } else { $field_html .= "onMouseOver=\"setupCalendar('{$fieldname}', '%m/%d/%Y', false);\" >"; } } else { $field_html .= $field_value; } $template->set_var('field', "{$field_html}"); if ($parsedLastRecordline) { $template->parse('fields', $fieldStyle); } else { $template->parse('fields', $fieldStyle, true); } if ($parseRecord) { $template->parse('form_records', $recStyle, true); $parsedLastRecordline = true; } else { $parsedLastRecordline = false; } break; case 'datetime': // Date Field with Popup DHTML Calendar if ($mode != 'print') { if (is_array($dynamic)) { $fieldname = "time_frm{$dynamic['0']}_{$dynamic['1']}_{$fieldID}_{$dynamic['2']}"; } elseif ($customfieldmode and $field_name != '') { $fieldname = $field_name; } else { $fieldname = "time_frm{$formID}_{$fieldID}"; } $field_html = "<input type=\"text\" id=\"{$fieldname}\" name=\"{$fieldname}\" "; if ($resultid == 0 and $function_datavalues != '') { $field_html .= "value=\"{$function_datavalues}\" "; } else { $field_html .= "value=\"{$field_value}\" "; } if (!empty($field_attributes)) { $field_html .= html_entity_decode($field_attributes); } elseif (!empty($CONF_FE['defaultattributes']['datetime'])) { $field_html .= html_entity_decode(key($CONF_FE['defaultattributes']['datetime'])); } $field_html .= " {$validatetag} "; $field_html .= html_entity_decode($javascript); if ($mode == 'review') { $field_html .= ' READONLY'; $field_html .= '>'; } else { $field_html .= "onMouseOver=\"setupCalendar('{$fieldname}', '%m/%d/%Y %H:%M', true);\" >"; } } else { $field_html .= $field_value; } $template->set_var('field', "{$field_html}"); if ($parsedLastRecordline) { $template->parse('fields', $fieldStyle); } else { $template->parse('fields', $fieldStyle, true); } if ($parseRecord) { $template->parse('form_records', $recStyle, true); $parsedLastRecordline = true; } else { $parsedLastRecordline = false; } break; case 'text': if ($mode != 'print') { if (is_array($dynamic)) { $fieldname = "txt_frm{$dynamic['0']}_{$dynamic['1']}_{$fieldID}_{$dynamic['2']}"; } elseif ($customfieldmode and $field_name != '') { $fieldname = $field_name; } else { $fieldname = "txt_frm{$formID}_{$fieldID}"; } $field_html = "<input type=\"text\" id=\"{$fieldname}\" name=\"{$fieldname}\" "; if ($function_datavalues != '') { $function_datavalues = trim($function_datavalues); $field_html .= "value=\"{$function_datavalues}\" "; } else { $field_html .= "value=\"{$field_value}\" "; } if (!empty($field_attributes)) { $field_html .= html_entity_decode($field_attributes); } elseif (!empty($CONF_FE['defaultattributes']['text'])) { $field_html .= html_entity_decode(key($CONF_FE['defaultattributes']['text'])); } $field_html .= " {$validatetag} "; $field_html .= html_entity_decode($javascript); if ($mode == 'review') { $field_html .= ' READONLY'; } $field_html .= '>'; } else { if ($function_datavalues != '' and $mode != 'print' and $resultid != 0) { $field_value = $function_datavalues; } $field_html = $field_value; } $template->set_var('field', "{$field_html}"); if ($parsedLastRecordline) { $template->parse('fields', $fieldStyle); } else { $template->parse('fields', $fieldStyle, true); } if ($parseRecord) { $template->parse('form_records', $recStyle, true); $parsedLastRecordline = true; } else { $parsedLastRecordline = false; } break; case 'mtxt': $template->set_var('field_id', $fieldID); // Extra variables for mtext field template $template->set_var('sform_id', $formID); $template->set_var('sfield_id', '0'); if (is_array($dynamic)) { $fieldname = "mtxt_frm{$dynamic['0']}_{$dynamic['1']}_{$fieldID}_{$dynamic['2']}[]"; $mtxt_id = "mtxt_frm{$dynamic['0']}_{$dynamic['1']}_{$fieldID}_{$dynamic['2']}"; $template->set_var('field_id', $fieldID); // Extra variables for mtext field template $template->set_var('sform_id', $dynamic[0]); $template->set_var('sfield_id', $dynamic[1]); $template->set_var('mtxt_instance', $dynamic[2]); } elseif ($customfieldmode and $field_name != '') { $fieldname = "{$field_name}[]"; $mtxt_id = "{$field_name}"; } else { $fieldname = "mtxt_frm{$formID}_{$fieldID}[]"; $mtxt_id = "mtxt_frm{$formID}_{$fieldID}"; } // Need to create as many text fields as there are data elements in the varible text field value $mtxt_values = explode('|', $field_value); $field_html = ''; $i = 0; $closetable = false; foreach ($mtxt_values as $val) { if ($i > 0) { $field_html .= '<td width="120">'; } $field_html .= "<input type=\"text\" id=\"{$mtxt_id}_{$i}\" name=\"{$fieldname}\" size=\"20\" "; $field_html .= "value=\"{$val}\" "; if (!empty($field_attributes)) { $field_html .= html_entity_decode($field_attributes); } elseif (!empty($CONF_FE['defaultattributes']['mtxt'])) { $field_html .= html_entity_decode(key($CONF_FE['defaultattributes']['mtxt'])); } $field_html .= " {$validatetag} "; $field_html .= html_entity_decode($javascript); if ($mode == 'review') { $field_html .= ' READONLY'; } $field_html .= '>'; if ($i > 0) { $field_html .= '</td>'; } if ($i % 4 == 3) { $field_html .= '</tr><tr>'; $closetable = true; } $i++; } if ($closetable) { $field_html .= '</tr>'; } $template->set_var('mtxt_fieldname', $mtxt_id); $template->set_var('mtxt_counter', $i); $template->set_var('mtxt_counter_id', str_replace('_', '-', $mtxt_id)); $template->set_var('field_id', $fieldID); // Extra variables for mtext field template $template->set_var('form_id', $formID); $template->set_var('field', "{$field_html}"); if ($parsedLastRecordline) { $template->parse('fields', $fieldStyle); } else { $template->parse('fields', $fieldStyle, true); } if ($parseRecord) { $template->parse('form_records', $recStyle, true); $parsedLastRecordline = true; } else { $parsedLastRecordline = false; } break; case 'select': if ($mode != 'print') { if (is_array($dynamic)) { $fieldname = "sel_frm{$dynamic['0']}_{$dynamic['1']}_{$fieldID}_{$dynamic['2']}"; } elseif ($customfieldmode and $field_name != '') { $fieldname = $field_name; } else { $fieldname = "sel_frm{$formID}_{$fieldID}"; } $field_html = "<select id=\"{$fieldname}\" name=\"{$fieldname}\" "; if (!empty($field_attributes)) { $field_html .= html_entity_decode($field_attributes); } elseif (!empty($CONF_FE['defaultattributes']['select'])) { $field_html .= html_entity_decode(key($CONF_FE['defaultattributes']['select'])); } $field_html .= " {$validatetag} "; $field_html .= html_entity_decode($javascript); if ($mode == 'review') { $field_html .= ' DISABLED'; } $field_html .= '>'; $field_html .= '<option value="-1">' . $LANG_FEMSG[1] . '</option>'; // Check if this field is using a function to generate the select options // It could be a simple list or an array of options example [alist:xx] if ($function_datavalues != '' and is_array($function_datavalues)) { // Check and see if passed in array contains a key to indicate the selected item if (array_key_exists('selected', $function_datavalues)) { $field_value = $function_datavalues['selected']; // Now remove this item from the array of results to use an select options unset($function_datavalues['selected']); $setresult = true; } else { $setresult = false; } // Jan 9/2006 (BL) Updated to now add the class=xxx for the dynamic select feature $dynamicSelect = false; // Cycle thru the array of values to set the dropdown options foreach ($function_datavalues as $optval => $optitem) { $optitem = explode(',', $optitem); $field_html .= '<option value="' . $optval . '"'; if (isset($optitem[1])) { $field_html .= ' ' . $optitem[1]; $dynamicSelect = true; } if (($resultid > 0 or $setresult) and $field_value == $optval) { $field_html .= ' SELECTED '; } $field_html .= '>' . $optitem[0] . '</option>'; } if ($dynamicSelect) { $CONF_FE['dynamicSelect'] = true; $template->parse('dynamic_select_function_calls', 'dselect_field', true); } } else { // List of options separated by commas if ($function_datavalues != '') { $options = explode(',', $function_datavalues); } else { $default_value = DB_getItem($_TABLES['nxform_fields'], 'field_values', "id='{$fieldID}'"); $options = explode(',', $default_value); } foreach ($options as $option) { if ($resultid > 0 and $field_value == $option) { $field_html .= '<option value="' . $option . '" SELECTED>' . $option . '</option>'; } else { $field_html .= '<option value="' . $option . '">' . $option . '</option>'; } } } $field_html .= '</select>'; } elseif (trim($field_value) != '') { if ($function_datavalues != '' and is_array($function_datavalues)) { // Filter out class attribute in value if this is a dynamic select field if (strpos($function_datavalues[$field_value], 'class=') > 0) { $fieldDisplayValue = explode(',', $function_datavalues[$field_value]); $field_html .= $fieldDisplayValue[0]; } else { $field_html .= $function_datavalues[$field_value]; } } else { $field_html .= $field_value; } } $template->set_var('field', "{$field_html}"); if ($parsedLastRecordline) { $template->parse('fields', $fieldStyle); } else { $template->parse('fields', $fieldStyle, true); } if ($parseRecord) { $template->parse('form_records', $recStyle, true); $parsedLastRecordline = true; } else { $parsedLastRecordline = false; } break; case 'passwd': if (is_array($dynamic)) { $fieldname = "pwd_frm{$dynamic['0']}_{$dynamic['1']}_{$fieldID}_{$dynamic['2']}"; } elseif ($customfieldmode and $field_name != '') { $fieldname = $field_name; } else { $fieldname = "pwd_frm{$formID}_{$fieldID}"; } $field_html = "<input type=\"password\" id=\"{$fieldname}\" name=\"{$fieldname}\" value=\"{$field_value}\" "; if (!empty($field_attributes)) { $field_html .= html_entity_decode($field_attributes); } elseif (!empty($CONF_FE['defaultattributes']['passwd'])) { $field_html .= html_entity_decode(key($CONF_FE['defaultattributes']['passwd'])); } $field_html .= " {$validatetag} "; $field_html .= html_entity_decode($javascript); if ($mode == 'review') { $field_html .= ' READONLY'; } $field_html .= '>'; $template->set_var('field', "{$field_html}"); if ($parsedLastRecordline) { $template->parse('fields', $fieldStyle); } else { $template->parse('fields', $fieldStyle, true); } if ($parseRecord) { $template->parse('form_records', $recStyle, true); $parsedLastRecordline = true; } else { $parsedLastRecordline = false; } break; case 'file': if ($resultid == 0) { // Don't show hidden fields when viewing results if (is_array($dynamic)) { $fieldname = "file_frm{$dynamic['0']}_{$dynamic['1']}_{$fieldID}_{$dynamic['2']}"; } elseif ($customfieldmode and $field_name != '') { $fieldname = $field_name; } else { $fieldname = "file_frm{$formID}_{$fieldID}"; } $field_html = "<input type=\"file\" id=\"{$fieldname}\" name=\"{$fieldname}\" value=\"{$field_value}\" "; if (!empty($field_attributes)) { $field_html .= html_entity_decode($field_attributes); } elseif (!empty($CONF_FE['defaultattributes']['file'])) { $field_html .= html_entity_decode(key($CONF_FE['defaultattributes']['file'])); } $field_html .= " {$validatetag} "; $field_html .= html_entity_decode($javascript) . '>'; } $template->set_var('field', "{$field_html}"); if ($parsedLastRecordline) { $template->parse('fields', $fieldStyle); } else { $template->parse('fields', $fieldStyle, true); } if ($parseRecord) { $template->parse('form_records', $recStyle, true); $parsedLastRecordline = true; } else { $parsedLastRecordline = false; } break; case 'mfile': if (is_array($dynamic)) { $fieldname = "mfile_frm{$dynamic['0']}_{$dynamic['1']}_{$fieldID}_{$dynamic['2']}[]"; $file_id = "mfile_frm{$dynamic['0']}_{$dynamic['1']}_{$fieldID}_{$dynamic['2']}"; } elseif ($customfieldmode and $field_name != '') { $fieldname = "{$field_name}[]"; $file_id = "{$field_name}"; } else { $fieldname = "mfile_frm{$formID}_{$fieldID}[]"; $file_id = "mfile_frm{$formID}_{$fieldID}"; } if ($resultid == 0) { if ($function_datavalues != '') { $field_html = $function_datavalues; } } $file_input1 = "<input type=\"file\" name=\""; $file_input2 = $fieldname; $file_input3 = "\" id=\"{$file_id}\" value=\"{$field_value}\" "; if (!empty($field_attributes)) { $file_input3 .= html_entity_decode($field_attributes); } elseif (!empty($CONF_FE['defaultattributes']['mfile'])) { $file_input3 .= html_entity_decode(key($CONF_FE['defaultattributes']['mfile'])); } $file_input3 .= " {$validatetag} "; $file_input3 .= html_entity_decode($javascript) . '>'; $mfile_count = $mfile_count == '' ? 0 : $mfile_count; $template->set_var('upload_field_name', str_replace('[]', '', $fieldname)); $template->set_var('file_input1', $file_input1); $template->set_var('file_input2', $file_input2); $template->set_var('file_input3', $file_input3); $template->set_var('field_id', $fieldID); $template->set_var('mfile_count', $mfile_count); $template->set_var('mfile_count_name', str_replace('_', '-', $file_id)); $template->set_var('form_id', $formID); $template->set_var('mfield_html', "{$field_html}"); if ($mode == 'print' or $mode == 'review') { $template->set_var('show_addremove', 'none'); } else { $template->set_var('show_addremove', ''); } $template->parse('field', 'mfile_field'); if ($parsedLastRecordline) { $template->parse('fields', $fieldStyle); } else { $template->parse('fields', $fieldStyle, true); } if ($parseRecord) { $template->parse('form_records', $recStyle, true); $parsedLastRecordline = true; } else { $parsedLastRecordline = false; } break; case 'checkbox': if (is_array($dynamic)) { $fieldname = "chk_frm{$dynamic['0']}_{$dynamic['1']}_{$fieldID}_{$dynamic['2']}"; } elseif ($customfieldmode and $field_name != '') { $fieldname = $field_name; } else { $fieldname = "chk_frm{$formID}_{$fieldID}"; } //support pullform values if ($function_datavalues != '') { $field_value = $function_datavalues; } $default_value = DB_getItem($_TABLES['nxform_fields'], 'field_values', "id='{$fieldID}'"); if ($default_value == '') { $default_value = 1; } $field_html = "<input type=\"checkbox\" id=\"{$fieldname}\" name=\"{$fieldname}\" value=\"1\""; if ($field_value == '1' or $field_value == 'yes') { $field_html .= ' CHECKED=CHECKED '; } $field_html .= " {$validatetag} "; if (!empty($field_attributes)) { $field_html .= html_entity_decode($field_attributes); } elseif (!empty($CONF_FE['defaultattributes']['checkbox'])) { $field_html .= html_entity_decode(key($CONF_FE['defaultattributes']['checkbox'])); } $field_html .= ' ' . html_entity_decode($javascript); if ($mode == 'review') { $field_html .= ' DISABLED'; } $field_html .= '>'; $template->set_var('field', "{$field_html}"); if ($parsedLastRecordline) { $template->parse('fields', $fieldStyle); } else { $template->parse('fields', $fieldStyle, true); } if ($parseRecord) { $template->parse('form_records', $recStyle, true); $parsedLastRecordline = true; } else { $parsedLastRecordline = false; } break; case 'multicheck': if (is_array($dynamic)) { $fieldname = "mchk_frm{$dynamic['0']}_{$dynamic['1']}_{$fieldID}_{$dynamic['2']}[]"; $mcheck_id = "mchk_frm{$dynamic['0']}_{$dynamic['1']}_{$fieldID}_{$dynamic['2']}_%s"; } elseif ($customfieldmode and $field_name != '') { if (strpos('[]', $field_name) == 0) { $fieldname = "{$field_name}[]"; $mcheck_id = "{$field_name}_%s"; } else { $fieldname = $field_name; $tmp_fieldname = str_replace('[]', '', $field_name); $mcheck_id = "{$tmp_fieldname}_%s"; } } else { $fieldname = "mchk_frm{$formID}_{$fieldID}[]"; $mcheck_id = "mchk_frm{$formID}_{$fieldID}_%s"; } $setresult = false; if ($function_datavalues != '') { if (is_array($function_datavalues)) { // Tested with AIM [pullform] autotag functions // Array of Options and selected Checkboxes $setresult = true; } else { $default_values = explode(',', $function_datavalues); } } else { $default_values = explode(',', DB_getItem($_TABLES['nxform_fields'], 'field_values', "id='{$fieldID}'")); } if ($resultid > 0) { $result_values = explode(',', $field_value); } $field_html = ''; if ($setresult) { $i = 0; foreach ($function_datavalues as $chkoption => $seloption) { $tmp_fieldname = sprintf($mcheck_id, $i); $field_html .= "{$chkoption} <input type=\"checkbox\" id=\"{$tmp_fieldname}\" name=\"{$fieldname}\" value=\"{$chkoption}\" "; if ($seloption == 1 or is_array($result_values) and in_array($chkoption, $result_values)) { $field_html .= 'CHECKED=CHECKED '; } $field_html .= " {$validatetag} "; if (!empty($field_attributes)) { $field_html .= html_entity_decode($field_attributes); } elseif (!empty($CONF_FE['defaultattributes']['multicheck'])) { $field_html .= html_entity_decode(key($CONF_FE['defaultattributes']['multicheck'])); } $field_html .= ' ' . html_entity_decode($javascript); if ($mode == 'review') { $field_html .= ' DISABLED'; } $field_html .= '> '; $i++; } } else { for ($a = 0; $a < count($default_values); $a++) { $tmp_fieldname = sprintf($mcheck_id, $a); $field_html .= "{$default_values[$a]} <input type=\"checkbox\" id=\"{$tmp_fieldname}\" name=\"{$fieldname}\" value=\"{$default_values[$a]}\" "; if ($mode == 'print' and $resultid == 0) { if ($seloption == 1 or is_array($_POST[$field_name]) and in_array($default_values[$a], $_POST[$field_name])) { $field_html .= 'CHECKED=CHECKED '; } } else { if ($resultid > 0 and in_array($default_values[$a], $result_values)) { $field_html .= 'CHECKED=CHECKED '; } } $field_html .= " {$validatetag} "; if (!empty($field_attributes)) { $field_html .= html_entity_decode($field_attributes); } elseif (!empty($CONF_FE['defaultattributes']['multicheck'])) { $field_html .= html_entity_decode(key($CONF_FE['defaultattributes']['multicheck'])); } $field_html .= ' ' . html_entity_decode($javascript); if ($mode == 'review') { $field_html .= ' DISABLED'; } $field_html .= '> '; } } $template->set_var('field', "{$field_html}"); if ($parsedLastRecordline) { $template->parse('fields', $fieldStyle); } else { $template->parse('fields', $fieldStyle, true); } if ($parseRecord) { $template->parse('form_records', $recStyle, true); $parsedLastRecordline = true; } else { $parsedLastRecordline = false; } break; case 'radio': if (is_array($dynamic)) { $fieldname = "rad_frm{$dynamic['0']}_{$dynamic['1']}_{$fieldID}_{$dynamic['2']}"; } elseif ($customfieldmode and $field_name != '') { $fieldname = $field_name; } else { $fieldname = "rad_frm{$formID}_{$fieldID}"; } if ($function_datavalues != '') { if (is_array($function_datavalues)) { // Tested with AIM [pullform] autotag functions // Array of Options and selected Checkboxes $setresult = true; } else { $default_values = explode(',', $function_datavalues); } } else { $default_values = explode(',', DB_getItem($_TABLES['nxform_fields'], 'field_values', "id='{$fieldID}'")); } $field_html = ''; if ($setresult) { $i = 0; foreach ($function_datavalues as $chkoption => $seloption) { $field_html .= "{$chkoption} <input type=\"radio\" id=\"{$fieldname}_{$i}\" name=\"{$fieldname}\" value=\"{$chkoption}\" "; if ($seloption == 1 or is_array($result_values) and in_array($chkoption, $result_values)) { $field_html .= 'CHECKED=CHECKED '; } $field_html .= " {$validatetag} "; if (!empty($field_attributes)) { $field_html .= html_entity_decode($field_attributes); } elseif (!empty($CONF_FE['defaultattributes']['radio'])) { $field_html .= html_entity_decode(key($CONF_FE['defaultattributes']['radio'])); } $field_html .= ' ' . html_entity_decode($javascript); if ($mode == 'review') { $field_html .= ' DISABLED'; } $field_html .= '> '; $i++; } } else { for ($a = 0; $a < count($default_values); $a++) { $dynValue = trim($default_values[$a]); $dynValue = str_replace(array('<br>', ' '), array('', ''), $dynValue); $field_html .= "<input type=\"radio\" id=\"{$fieldname}_{$a}\" name=\"{$fieldname}\" value=\"{$dynValue}\" "; if ($resultid > 0 and $dynValue == trim($field_value)) { $field_html .= ' CHECKED=CHECKED '; } $field_html .= " {$validatetag} "; if (!empty($field_attributes)) { $field_html .= html_entity_decode($field_attributes); } elseif (!empty($CONF_FE['defaultattributes']['radio'])) { $field_html .= html_entity_decode(key($CONF_FE['defaultattributes']['radio'])); } $field_html .= ' ' . html_entity_decode($javascript); if ($mode == 'review') { $field_html .= ' DISABLED'; } $field_html .= '> '; $field_html .= $default_values[$a]; } } $template->set_var('field', "{$field_html}"); if ($parsedLastRecordline) { $template->parse('fields', $fieldStyle); } else { $template->parse('fields', $fieldStyle, true); } if ($parseRecord) { $template->parse('form_records', $recStyle, true); $parsedLastRecordline = true; } else { $parsedLastRecordline = false; } break; case 'textarea1': if ($mode != 'print') { if (is_array($dynamic)) { $fieldname = "ta1_frm{$dynamic['0']}_{$dynamic['1']}_{$fieldID}_{$dynamic['2']}"; } elseif ($customfieldmode and $field_name != '') { $fieldname = $field_name; } else { $fieldname = "ta1_frm{$formID}_{$fieldID}"; } $field_html = "<textarea id=\"{$fieldname}\" name=\"{$fieldname}\" "; if (!empty($field_attributes)) { $field_html .= html_entity_decode($field_attributes); } elseif (!empty($CONF_FE['defaultattributes']['textarea1'])) { $field_html .= html_entity_decode(key($CONF_FE['defaultattributes']['textarea1'])); } $field_html .= " {$validatetag} "; $field_html .= html_entity_decode($javascript); if ($mode == 'review') { $field_html .= ' READONLY'; } $field_html .= '>'; if ($function_datavalues != '') { $field_html .= $function_datavalues . '</textarea>'; } else { $field_html .= $field_value . '</textarea>'; } } else { $field_html = '<table style="border: solid #A5ACB2 1px;" bgcolor="#FFFFFF"><tr><td bgcolor="#FFFFFF" width=600 height=60 valign="top">'; $field_html .= $field_value; $field_html .= '</td></tr></table>'; } $template->set_var('field', "{$field_html}"); if ($parsedLastRecordline) { $template->parse('fields', $fieldStyle); } else { $template->parse('fields', $fieldStyle, true); } if ($parseRecord) { $template->parse('form_records', $recStyle, true); $parsedLastRecordline = true; } else { $parsedLastRecordline = false; } break; case 'textarea2': if ($mode != 'print' and $mode != 'review') { if (is_array($dynamic)) { $fieldname = "ta2_frm{$dynamic['0']}_{$dynamic['1']}_{$fieldID}_{$dynamic['2']}"; } elseif ($customfieldmode and $field_name != '') { $fieldname = $field_name; } else { $fieldname = "ta2_frm{$formID}_{$fieldID}"; } $field_html = "<textarea id=\"{$fieldname}\" name=\"{$fieldname}\" "; if (!empty($field_attributes)) { $field_html .= html_entity_decode($field_attributes); } elseif (!empty($CONF_FE['defaultattributes']['textarea2'])) { $field_html .= html_entity_decode(key($CONF_FE['defaultattributes']['textarea2'])); } $field_html .= " {$validatetag} "; $field_html .= html_entity_decode($javascript) . '>'; if ($function_datavalues != '') { $field_html .= $function_datavalues . '</textarea>'; } else { $field_html .= $field_value . '</textarea>'; } } elseif (trim($field_value) != '') { $field_html = '<table style="border: solid #A5ACB2 1px;" bgcolor="#FFFFFF"><tr><td bgcolor="#FFFFFF" width=600 valign="top">'; $field_html .= $field_value; $field_html .= '</td></tr></table>'; } $template->set_var('field', "{$field_html}"); if ($parsedLastRecordline) { $template->parse('fields', $fieldStyle); } else { $template->parse('fields', $fieldStyle, true); } if ($parseRecord) { $template->parse('form_records', $recStyle, true); $parsedLastRecordline = true; } else { $parsedLastRecordline = false; } break; case 'captcha': if ($resultid == 0 and DB_getItem($_TABLES['plugins'], 'pi_enabled', "pi_name='captcha'") == 1) { // Don't show field when viewing results $fieldname = "captcha"; // Assume only 1 CAPTCHA Field per form $field_html = "<input type=\"text\" name=\"{$fieldname}\" "; if (!empty($field_attributes)) { $field_html .= html_entity_decode($field_attributes); } else { $field_html .= html_entity_decode(key($CONF_FE['defaultattributes']['captcha'])); } $field_html .= " {$validatetag} "; $field_html .= html_entity_decode($javascript) . '>'; global $_CP_CONF; $sessid = CAPTCHA_sid(); $time = time(); DB_save($_TABLES['cp_sessions'], "session_id,cptime,validation,counter", "'{$sessid}','{$time}','','0'"); $field_html .= '<input type="hidden" name="csid" value="' . $sessid . '">'; $captchaImage = '<img src="' . $_CONF['site_url'] . '/captcha/captcha.php?csid=' . $sessid . '&.' . $_CP_CONF['gfxFormat'] . '">'; $template->set_var('captcha_image', $captchaImage); $template->set_var('verification_field', $field_html); $template->parse('field', 'captchafield'); if ($parsedLastRecordline) { $template->parse('fields', $fieldStyle); } else { $template->parse('fields', $fieldStyle, true); } if ($parseRecord) { $template->parse('form_records', $recStyle, true); $parsedLastRecordline = true; } else { $parsedLastRecordline = false; } } break; case 'submit': if ($mode != 'review' and $mode != 'print' and $linked_formnum == 1) { if ($customfieldmode and $field_name != '') { $fieldname = $field_name; } else { $fieldname = "sub_frm{$formID}_{$fieldID}"; } $field_html = "<input type=\"submit\" id=\"{$fieldname}\" name=\"{$fieldname}\" "; // Disable the enterkey $field_html .= "onFocus=\"this.form.action=document.getElementById('submit_url').value; this.form.target='';\""; if (empty($field_value) and !empty($label)) { $field_html .= " value=\"{$label}\" "; } else { $field_html .= " value=\"{$field_value}\" "; } if (!empty($field_attributes)) { $field_html .= html_entity_decode($field_attributes); } elseif (!empty($CONF_FE['defaultattributes']['submit'])) { $field_html .= html_entity_decode(key($CONF_FE['defaultattributes']['submit'])); } $field_html .= ' ' . html_entity_decode($javascript) . '>'; $template->set_var('submit_btn', "{$field_html}"); $template->parse('submit', 'submit_button', true); } break; case 'cancel': if ($mode != 'review' and $mode != 'print') { if ($customfieldmode and $field_name != '') { $fieldname = $field_name; } else { $fieldname = "btn_frm{$formID}_{$fieldID}"; } if ($javascript == '') { $javascript = 'onclick=\'javascript:history.go(-1)\''; } $field_html = "<input type=\"button\" id=\"{$fieldname}\" name=\"{$fieldname}\" "; if (empty($field_value) and !empty($label)) { $field_html .= " value=\"{$label}\" "; } else { $field_html .= " value=\"{$field_value}\" "; } if (!empty($field_attributes)) { $field_html .= html_entity_decode($field_attributes); } elseif (!empty($CONF_FE['defaultattributes']['cancel'])) { $field_html .= html_entity_decode(key($CONF_FE['defaultattributes']['cancel'])); } $field_html .= html_entity_decode($javascript) . '>'; $template->set_var('cancel', $field_html); } break; case 'heading': $heading = "<div"; if ($style > 0) { $heading .= ' class="' . $CONF_FE['fieldstyles'][$style][1] . '"'; } if (!empty($field_attributes)) { $heading .= " " . html_entity_decode($field_attributes); } elseif (!empty($CONF_FE['defaultattributes']['heading'])) { $heading .= " " . html_entity_decode(key($CONF_FE['defaultattributes']['heading'])); } $heading .= ">"; $heading_label = ''; $heading_label .= $field_value != '' ? $field_value : $label; if ($heading_label == '') { $heading_label = $function_datavalues; } $heading .= $heading_label; $heading .= "</div>"; $template->set_var('label', "{$heading}"); $template->set_var('field', " "); if ($parsedLastRecordline) { $template->parse('fields', $fieldStyle); } else { $template->parse('fields', $fieldStyle, true); } if ($parseRecord) { $template->parse('form_records', $recStyle, true); $parsedLastRecordline = true; } else { $parsedLastRecordline = false; } break; case 'dynamic': if ($resultid == 0) { $dynamicFormID = $field_value; $template->set_var('field', nexform_dynamicFormHTML($formID, $fieldID, $dynamicFormID, $mode)); $instance = 1; } else { $dynamicFormResults = explode('|', $field_value); // Determine which form is to be used - in form definition $dynamicFormID = DB_getItem($_TABLES['nxform_fields'], 'field_values', "id='{$fieldID}'"); $instance = 0; $resultCount = count($dynamicFormResults) - 1; // Want to show the [add/remove] field after the last form instance foreach ($dynamicFormResults as $dynamicResult) { if ($instance == 0) { $template->set_var('field', nexform_dynamicFormHTML($formID, $fieldID, $dynamicFormID, $mode, false, $instance, $dynamicResult)); } else { $template->set_var('field', nexform_dynamicFormHTML($formID, $fieldID, $dynamicFormID, $mode, true, $instance, $dynamicResult), true); } $instance++; } } $values = DB_getItem($_TABLES['nxform_fields'], 'field_values', "id={$fieldID}"); $v_arr = explode(',', $values); $v2 = $v_arr[1]; if (($mode == 'edit' || $mode == 'view') && $v2 != 1) { $tmp_template = new Template($_CONF['path_layout'] . 'nexform'); $tmp_template->set_file('dynamicform_end', 'dynamicform_end.thtml'); $tmp_template->set_var('form_id', $formID); $tmp_template->set_var('dynamic_field_id', $fieldID); $tmp_template->set_var('dynamicform_id', $dynamicFormID); $tmp_template->set_var('last_id', $instance - 1); $tmp_template->set_var('cell_padding', $template->get_var('cell_padding')); $tmp_template->parse('output', 'dynamicform_end'); $dynamicform_end = $tmp_template->finish($tmp_template->get_var('output')); $template->set_var('field', $dynamicform_end, true); } if (!$hidelabel) { $template->set_var('label', "{$label}"); } if ($parsedLastRecordline) { $template->parse('fields', $fieldStyle); } else { $template->parse('fields', $fieldStyle, true); } if ($parseRecord) { $template->parse('form_records', $recStyle, true); $parsedLastRecordline = true; } else { $parsedLastRecordline = false; } break; default: // Check for any custom field definition types using custom templates if (array_key_exists($type, $CONF_FE['customfieldmap'])) { $template->set_file('custom_field', 'custom/' . $CONF_FE['customfieldmap'][$type]['form']); if ($mode == 'print') { $printTemplateFiles = explode(',', $CONF_FE['customfieldmap'][$type]['print']); if (count($printTemplateFiles) > 1) { $template->set_file('custom_field', 'custom/' . $printTemplateFiles[0]); $template->set_file('custom_field_rec', 'custom/' . $printTemplateFiles[1]); } else { $template->set_file('custom_field_rec', 'custom/' . $printTemplateFiles[0]); } } else { $template->set_file('custom_field_rec', 'custom/' . $CONF_FE['customfieldmap'][$type]['record']); } $template->set_var('field_id', $fieldID); $template->set_var('form_id', $formID); if ($resultid > 0 or $mode == 'print') { if ($mode == 'print' and $resultid == 0) { $field_value = $_POST[$field_name]; } $field_value = unserialize($field_value); if ($mode == 'edit') { $template->set_file('custom_js', 'custom/' . $CONF_FE['customfieldmap'][$type]['javascript']); $template->parse('javascript_functions', 'custom_js'); } else { $template->set_var('showcustomfieldctl', 'none'); } $i = 0; do { $k = 1; $template->set_var('row', $i); if (is_array($field_value)) { $printCustomRec = false; foreach ($field_value as $custom_value) { if ($mode == 'print') { $custom_value[$i] = nl2br($custom_value[$i]); } $template->set_var("cust_value{$k}", $custom_value[$i]); $k++; } } if ($printCustomRec and $i == 0) { $template->parse('custom_record', 'custom_field_rec'); } elseif ($printCustomRec) { $template->parse('custom_record', 'custom_field_rec', true); } $i++; } while (isset($custom_value[$i])); } elseif ($function_datavalues != '') { /* Form wants to use a function to format this field */ $template->set_file('custom_js', 'custom/' . $CONF_FE['customfieldmap'][$type]['javascript']); $template->parse('javascript_functions', 'custom_js'); $template->set_var('custom_record', $function_datavalues); } else { $template->set_file("custom_field{$fieldID}", 'custom/' . $CONF_FE['customfieldmap'][$type]['form']); $template->set_file("custom_field_rec{$fieldID}", 'custom/' . $CONF_FE['customfieldmap'][$type]['record']); $template->set_file("custom_js{$fieldID}", 'custom/' . $CONF_FE['customfieldmap'][$type]['javascript']); $template->parse('javascript_functions', "custom_js{$fieldID}", true); $template->parse('custom_record', "custom_field_rec{$fieldID}"); } $template->parse('field', "custom_field{$fieldID}"); if (!$hidelabel) { $template->set_var('label', "{$label}"); } if ($parsedLastRecordline) { $template->parse('fields', $fieldStyle); } else { $template->parse('fields', $fieldStyle, true); } if ($parseRecord) { $template->parse('form_records', $recStyle, true); $parsedLastRecordline = true; } else { $parsedLastRecordline = false; } } break; } // switch $template->set_var('validatetag', $validatetag); $i++; if ($parsedLastRecordline) { $fieldset_mode = false; } } // Check for internal_use fields } // while // Flush the last field form records if the template has not been parsed if (!$parsedLastRecordline) { $template->parse('form_records', $recStyle, true); } }