function SiteCredits_isActive() { global $DBVARS; if (!isset($DBVARS['sitecredits-credits'])) { $DBVARS['sitecredits-credits'] = 0; Core_configRewrite(); } if ($DBVARS['sitecredits-credits'] < -1) { echo '<p>' . __('Website Administrator attention needed.' . ' Please log into your administration area (and check your email).') . '</p>'; Core_quit(); } }
/** * delete an uploaded file * * @return null */ function Forms_fileDelete() { $id = @$_REQUEST['id']; if ($id == '' || strpos('..', $id) !== false) { Core_quit(); } $dir = USERBASE . '/f/.files/forms/' . session_id() . '/'; if (!is_dir($dir)) { Core_quit(); } $dir .= $id; @unlink($dir); }
/** * Update the comments table * * @return null */ function Comments_update() { $id = $_REQUEST['id']; $comment = $_REQUEST['comment']; $allowed = in_array($id, $_SESSION['comment_ids']); if (!$allowed) { die('You do not have permission to do this'); } if (!is_numeric($id)) { Core_quit('Invalid id'); } dbQuery('update comments set comment = "' . addslashes($comment) . '" where id = ' . (int) $id); Core_cacheClear('comments'); return array('status' => 1, 'id' => $id, 'comment' => $comment); }
function News_getHeadlinesMonth() { $y = (int) $_REQUEST['y']; $m = (int) $_REQUEST['m']; $p = (int) $_REQUEST['pid']; if ($y < 1000 || $y > 9999 || $m < 1 || $m > 12) { Core_quit(); } $m = sprintf('%02d', $m); $sql = 'select id from pages where parent=' . $p . ' and associated_date>"' . $y . '-' . $m . '-00" and associated_date<date_add("' . $y . '-' . $m . '-01", interval 1 month) order by associated_date'; $ps = dbAll($sql); $headlines = array(); foreach ($ps as $p) { $page = Page::getInstance($p['id']); $headlines[] = array('url' => $page->getRelativeURL(), 'adate' => $page->associated_date, 'headline' => htmlspecialchars($page->alias)); } return $headlines; }
} // } // { load page data if ($id) { $PAGEDATA = Page::getInstance($id)->initValues(); } else { if ($page != '') { redirect('/', 'no page id for ' . $page); } Core_quit(__('no page loaded. If this is a new site, then please' . ' <a href="/ww.admin/">log into the admin area</a> and create your' . ' first page.', 'core')); } $c = Core_trigger('page-object-loaded'); // } // { if URL includes a plugin override, run that instead of displaying the page if (isset($_REQUEST['_p']) && isset($PLUGINS[$_REQUEST['_p']]['page-override'])) { Core_quit($PLUGINS[$_REQUEST['_p']]['page-override']($PAGEDATA)); } // } // { main content // { check if page is protected $access_allowed = 1; foreach ($PLUGINS as $p) { if ($access_allowed && isset($p['frontend']['page_display_test'])) { $access_allowed = $p['frontend']['page_display_test']($PAGEDATA); } } // } if (!$access_allowed) { $c .= '<h2>' . __('Permission Denied', 'core') . '</h2>' . '<p>' . __('This is a protected document.', 'core') . '</p><p>' . isset($_SESSION['userdata']) ? __('You are not in a user-group which has access to this page. If you' . ' think you should be, please contact the site administrator.', 'core') : '<p><strong>' . __('If you have a user account, please <a href="/_r?type=loginpage">' . 'click here</a> to log in.', 'core'); $c .= '</p><p>' . __('If you do not have a user account, but have been supplied with a' . ' password for the page, please enter it here and submit the form:', 'core') . '</p>' . '<form method="post"><input type="password" name="privacy_password" />' . '<input type="submit" /></form>'; } elseif (@$_REQUEST['cmsspecial'] == 'sitemap') {
/** * send a load of SMSes * * @return array result */ function Sms_adminSendBulk() { $aid = (int) $_REQUEST['to']; $msg = $_REQUEST['msg']; if (!$msg || preg_replace('/a-zA-Z0-9 !_\\-.,:\'"/', '', $msg) != $msg) { Core_quit(); } $tos = array(); $to_names = array(); $subs = dbOne('select subscribers from sms_addressbooks where id=' . $aid . ' limit 1', 'subscribers'); $subs = dbAll('select name,phone from sms_subscribers where id in (' . preg_replace('/[^0-9,]/', '', $subs) . ')'); foreach ($subs as $sub) { $tos[] = $sub['phone']; $to_names[] = preg_replace('/[^a-zA-Z0-9 \\-.\']/', '', $sub['name']); } $ret = SMS_callApi('send-bulk', '&to=' . join(',', $tos) . '&message=' . urlencode($msg) . '&names=' . join(',', $to_names)); return $ret; }
/** * get a frame for images * * @return null */ function ImageGallery_frameGet() { if (isset($_REQUEST['ratio'])) { $ratio = (double) $_REQUEST['ratio']; } else { $ratio = 1; } $padding = explode(' ', $_REQUEST['pa']); $border = explode(' ', $_REQUEST['bo']); $width = $_REQUEST['w'] + ($padding[1] + $padding[3]) / $ratio; $height = $_REQUEST['h'] + ($padding[0] + $padding[2]) / $ratio; $file = USERBASE . '/f/' . $_REQUEST['_remainder']; if (strpos($file, '/.') !== false) { Core_quit(); } if (!file_exists($file)) { header('Location: /i/blank.gif'); Core_quit(); } $md5 = md5($_SERVER['REQUEST_URI']); $frame = USERBASE . '/ww.cache/image-gallery-frames/frame-' . $md5 . '.png'; if (!file_exists($frame)) { @mkdir(USERBASE . '/ww.cache/image-gallery-frames'); $imgO = imagecreatefrompng($file); if ($img0 === false) { // not a PNG header('Location: /i/blank.gif'); Core_quit(); } $imgOsize = getimagesize($file); $imgN = imagecreatetruecolor($width, $height); $black = imagecolorallocate($imgN, 0, 0, 0); imagecolortransparent($imgN, $black); // top left imagecopyresampled($imgN, $imgO, 0, 0, 0, 0, ceil($border[3] / $ratio), ceil($border[0] / $ratio), $border[3], $border[0]); // top right imagecopyresampled($imgN, $imgO, $width - floor($border[1] / $ratio) - 1, 0, $imgOsize[0] - $border[1] - 1, 0, ceil($border[1] / $ratio), ceil($border[0] / $ratio), $border[1], $border[0]); // bottom left imagecopyresampled($imgN, $imgO, 0, $height - floor($border[2] / $ratio) - 1, 0, $imgOsize[1] - $border[2] - 1, ceil($border[3] / $ratio), ceil($border[2] / $ratio), $border[3], $border[2]); // bottom right imagecopyresampled($imgN, $imgO, $width - floor($border[1] / $ratio) - 1, $height - floor($border[2] / $ratio) - 1, $imgOsize[0] - $border[1] - 1, $imgOsize[1] - $border[2] - 1, ceil($border[1] / $ratio), ceil($border[2] / $ratio), $border[1], $border[2]); // left imagecopyresampled($imgN, $imgO, 0, floor($border[0] / $ratio), 0, $border[0], ceil($border[3] / $ratio), $height - floor(($border[2] + $border[0]) / $ratio), $border[3], $imgOsize[1] - $border[2] - $border[0]); // right imagecopyresampled($imgN, $imgO, $width - floor($border[1] / $ratio) - 1, floor($border[0] / $ratio), $imgOsize[0] - $border[1] - 1, $border[0], ceil($border[1] / $ratio), $height - floor(($border[2] + $border[0]) / $ratio), $border[3], $imgOsize[1] - $border[2] - $border[0]); // top imagecopyresampled($imgN, $imgO, floor($border[3] / $ratio), 0, $border[3], 0, $width - floor(($border[3] + $border[1]) / $ratio), ceil($border[0] / $ratio), $imgOsize[0] - $border[3] - $border[1], $border[0]); // bottom imagecopyresampled($imgN, $imgO, floor($border[3] / $ratio), $height - floor($border[2] / $ratio) - 1, $border[3], $imgOsize[1] - $border[2] - 1, $width - floor(($border[3] + $border[1]) / $ratio), ceil($border[2] / $ratio), $imgOsize[0] - $border[3] - $border[1], $border[2]); } header('Content-type: image/png'); imagepng($imgN, $frame); header('Cache-Control: max-age=2592000, public'); header('Expires-Active: On'); header('Expires: Fri, 1 Jan 2500 01:01:01 GMT'); header('Pragma:'); header('Content-Length: ' . filesize($frame)); readfile($frame); }
/** * download a CSV version of a product type in importable format * * @return null */ function Products_adminTypesGetSampleImport() { $ptypeid = (int) $_REQUEST['ptypeid']; if ($ptypeid) { $ptypes = dbAll('select * from products_types where id=' . $ptypeid); } else { $ptypes = dbAll('select * from products_types'); } $are_any_for_sale = 0; // { get list of data field names $names = array(); foreach ($ptypes as $p) { if ($p['is_for_sale']) { $are_any_for_sale = 1; } $dfs = json_decode($p['data_fields']); foreach ($dfs as $df) { if (!in_array($df->n, $names)) { $names[] = $df->n; } } } // } header('Content-type: text/csv; Charset=utf-8'); header('Content-Disposition: attachment; filename="product-types-' . $ptypeid . '.csv"'); // { header $row = array('_stocknumber', '_name', '_ean'); if ($are_any_for_sale) { $row[] = '_price'; $row[] = '_sale_price'; $row[] = '_bulk_price'; $row[] = '_bulk_amount'; $row[] = '_stockcontrol_total'; } foreach ($names as $n) { $row[] = $n; } $row[] = '_type'; $row[] = '_categories'; echo Products_arrayToCSV($row); // } // { sample rows foreach ($ptypes as $p) { $row = array('stock_number', 'name', 'barcode'); if ($are_any_for_sale) { $row[] = '0.00'; $row[] = '0.00'; $row[] = '0.00'; $row[] = '0'; $row[] = '0'; } foreach ($names as $n) { $row[] = ''; } $row[] = $p['name']; $row[] = ''; echo Products_arrayToCSV($row); } // } Core_quit(); }
/** * export po file * * @return status */ function Core_adminLanguagesExportPo() { $lang = $_REQUEST['lang']; $strings = array(); $rs = dbAll('select distinct str from languages'); foreach ($rs as $r) { $strings[$r['str']] = 1; } $rs = dbAll('select str,trstr from languages where lang="' . addslashes($lang) . '"' . ' order by str'); header('Content-Type: force/download'); header('Content-Disposition: attachment; filename="' . $lang . '.po"'); echo "msgid \"\"\nmsgstr \"\"\n\"MIME-Version: 1.0\\n\"\n" . "\"Content-Type: text/plain; charset=utf-8\\n\"\n" . "\"Content-Transfer-Encoding: 8bit\\n\"\n" . "\n"; foreach ($rs as $r) { echo 'msgid "' . $r['str'] . "\"\n"; echo 'msgstr "' . $r['trstr'] . "\"\n\n"; unset($strings[$r['str']]); } foreach ($strings as $r => $v) { echo 'msgid "' . $r . "\"\n"; echo "msgstr \"\"\n\n"; } Core_quit(); }
/** * redirect the browser to a different URL using a 301 redirect * * @param string $addr the address to redirect to * * @return null */ function redirect($addr, $reason = '') { header('HTTP/1.1 301 Moved Permanently'); header('Location: ' . $addr); if ($reason) { header('X-Redirect-Reason: ' . $reason); } echo '<html><head><script defer="defer" type="text/javascript">' . 'setTimeout(function(){document.location="' . $addr . '";},10);</script>' . '</head><body></body></html>'; Core_quit(); }
// } Core_quit('{"ok":1,"message":"' . addslashes($email) . '"}'); } break; // } // } case 'set-option': // { if (SiteCredits_apiVerify($params, $_REQUEST['sha1'])) { dbQuery('delete from sitecredits_options where name="' . addslashes($_REQUEST['payment-recipient']) . '"'); dbQuery('insert into sitecredits_options set name="' . addslashes($_REQUEST['name']) . '", value="' . addslashes($_REQUEST['value']) . '"'); Core_quit('{"credits":' . (double) @$GLOBALS['DBVARS']['sitecredits-credits'] . '}'); // } } case 'set-hosting-fee': // { $params = array('action' => 'set-hosting-fee', 'cdate' => $_REQUEST['cdate'], 'credits' => (double) $_REQUEST['credits'], 'time' => $_REQUEST['time']); if (SiteCredits_apiVerify($params, $_REQUEST['sha1'])) { dbQuery('delete from sitecredits_recurring where description="hosting"'); dbQuery('insert into sitecredits_recurring set description="hosting"' . ',amt=' . (double) $_REQUEST['credits'] . ',start_date="' . addslashes($_REQUEST['cdate']) . '",period="1 month"' . ',next_payment_date="' . addslashes($_REQUEST['cdate']) . '"'); Core_quit('{"ok":1}'); } break; // } // } default: // { Core_quit('{"error":"unknown action ' . addslashes($_REQUEST['action']) . '"}'); // } } echo '{"error":"checksum failed"}';
/** * show an image of a QR code leading to a product * * @return null */ function Products_showQrCode() { $pid = (int) $_REQUEST['pid']; $product = Product::getInstance($pid); if (!$product) { redirect('/i/blank.gif'); } $fname = USERBASE . '/ww.cache/products/qr' . $pid; if (!file_exists($fname)) { require_once SCRIPTBASE . '/ww.incs/phpqrcode.php'; @mkdir(USERBASE . '/ww.cache/products'); QRcode::png('http://' . $_SERVER['HTTP_HOST'] . $product->getRelativeUrl(), $fname); } header('Content-type: image/png'); header('Cache-Control: max-age=2592000, public'); header('Expires-Active: On'); header('Expires: Fri, 1 Jan 2500 01:01:01 GMT'); header('Pragma:'); header('Content-Length: ' . filesize($fname)); readfile($fname); Core_quit(); }
<?php /** * activate SMS account with textr * * PHP version 5.2 * * @category None * @package None * @author Kae Verens <*****@*****.**> * @license GPL 2.0 * @link http://kvsites.ie/ */ require $_SERVER['DOCUMENT_ROOT'] . '/ww.incs/basics.php'; if (!Core_isAdmin()) { die('access denied'); } $url = 'http://textr.mobi/api.php?a=activate' . '&email=' . urlencode($DBVARS['sms_email']) . '&activation=' . urlencode($_REQUEST['key']); $res = file_get_contents($url); if ($res === false) { Core_quit('{"status":0,"error":"failed to contact textr.mobi. please wait a short' . ' while and try again."}'); } echo $res;
/** * follow an ad * * @return null */ function Ads_go() { $id = (int) $_REQUEST['id']; $r = dbRow('select * from ads where id=' . $id); if (!$r) { return false; } dbQuery('insert into ads_track set ad_id=' . $id . ', click=1, cdate=now()'); if (strpos($r['target_url'], 'www.') === 0) { $r['target_url'] = 'http://' . $r['target_url']; } header('Location: ' . $r['target_url']); Core_quit(); }
/** * update a password, using a verification code * * @return null */ function Core_updateUserPasswordUsingToken() { $email = $_REQUEST['email']; if (!filter_var($email, FILTER_VALIDATE_EMAIL)) { Core_quit('{"error":"please enter a properly formatted email address"}'); } $token = addslashes($_REQUEST['token']); if ($token == '') { Core_quit('{"error":"no token entered"}'); } $password = $_REQUEST['password']; if ($password == '') { Core_quit('{"error":"no new password entered"}'); } $u = dbRow("select * from user_accounts where email='{$email}' " . "and verification_hash='{$token}'"); if ($u && count($u)) { $password = md5($password); dbQuery("update user_accounts set password='******'," . "verification_hash='' where email='{$email}'"); Core_quit('{"ok":1}'); } Core_quit('{"error":"user not found, or verification token is out of date"}'); }
/** * Sets moderator groups for a forum * * @return array */ function Forum_adminGroupModeratorSet() { $group = $_REQUEST['group']; $forum = $_REQUEST['forum']; $action = $_REQUEST['action']; $response = array(); if (!(is_numeric($group) && is_numeric($forum))) { Core_quit('Invalid Parameters'); } $sql = 'select moderator_groups from forums where id = ' . $forum; $moderatorGroups = array(); if (dbOne($sql, 'moderator_groups')) { $mods = dbOne($sql, 'moderator_groups'); $moderatorGroups = explode(',', $mods); } if ($action == 'true') { //add a group $moderatorGroups[] = $group; } else { //remove a group foreach ($moderatorGroups as $k => $val) { if ($val == $group) { unset($moderatorGroups[$k]); } } $autoApprove = $_REQUEST['autoApprove']; if (!count($moderatorGroups) && $autoApprove == 'true') { // Approve all posts for forum $sql = 'select id from forums_posts where thread_id in ' . '(select id from forums_threads where forum_id = ' . $forum . ')' . 'and moderated=0'; $results = dbAll($sql); $response['posts'] = array(); foreach ($results as $result) { dbQuery('update forums_posts set moderated = 1 ' . 'where id = ' . $result['id']); $response['posts'][] = $result['id']; } } } if (count($moderatorGroups)) { $moderatorGroups = implode(',', $moderatorGroups); } else { $moderatorGroups = null; } dbQuery('update forums set moderator_groups = "' . addslashes($moderatorGroups) . '"' . ' where id = ' . $forum); $response['status'] = 1; return $response; }
/** * Sets moderation of comments * * PHP Version 5 * * @category CommentsPlugin * @package WebworksWebme * @subpackage CommentsPlugin * @author Belinda Hamilton <*****@*****.**> * @license GPL Version 2 * @link www.kvweb.me **/ require_once $_SERVER['DOCUMENT_ROOT'] . '/ww.incs/basics.php'; if (!Core_isAdmin()) { Core_quit('You do not have permission to do this'); } $set = dbOne('select value from site_vars where name="comments_no_moderation"', 'value'); if ($_REQUEST['value'] == 'true') { $val = 1; } elseif ($_REQUEST['value'] == 'false') { $val = 0; } if (!isset($set) && isset($val)) { dbQuery('insert into site_vars values("comments_no_moderation", ' . $val . ')'); } elseif (isset($val)) { dbQuery('update site_vars set value=' . $val . ' where name = "comments_no_moderation"'); } if ($val == 1) { dbQuery('update comments set isvalid=2 where isvalid=1');
/** * add a video to a gallery * * @return null */ function ImageGallery_adminAddVideo() { $id = (int) @$_REQUEST['id']; $link = @$_REQUEST['link']; $image = @$_REQUEST['image']; if ($id == 0 || $link == '') { Core_quit(__('ID or Link is missing')); } if ($image == 'http://') { $image = ''; } $meta = json_encode(array('href' => $link, 'image' => $image)); $query = 'insert into image_gallery (gallery_id,position,media,meta) values ' . '(' . $id . ',"9999","video","' . addslashes($meta) . '")'; dbQuery($query); }
<?php /** * Deletes a comment * * PHP Version 5.3 * * @category CommentsPlugin * @package WebworksWebme * @subpackage CommentsPlugin * @author Belinda Hamilton <*****@*****.**> * @license GPL Version 2 * @link www.kvweb.me **/ require_once $_SERVER['DOCUMENT_ROOT'] . '/ww.incs/basics.php'; $id = $_REQUEST['id']; $allowed = Core_isAdmin() || in_array($id, $_SESSION['comment_ids']); if (!$allowed) { die('You do not have permission to delete this comment'); } if (!is_numeric($id)) { Core_quit('Invalid id'); } dbQuery('delete from comments where id = ' . $id); Core_cacheClear('comments'); if (dbOne('select id from comments where id = ' . $id, 'id')) { echo '{"status":0}'; } else { echo '{"status":1, "id":' . $id . '}'; }
/** * get a PDF version of the invoice * * @return null */ function OnlineStore_invoicePdf() { $id = (int) $_REQUEST['id']; $order = dbRow('select invoice, meta, user_id from online_store_orders where id=' . $id); $ok = false; if ($order) { if ($order['user_id'] == $_SESSION['userdata']['id']) { $ok = true; } $meta = json_decode($order['meta'], true); if (isset($_REQUEST['auth']) && isset($meta['auth-md5']) && $meta['auth-md5'] == $_REQUEST['auth']) { $ok = true; } } if (!$ok) { Core_quit(); } $inv = $order['invoice']; // { check if it's already stored as a PDF if (isset($meta['invoice-type']) && $meta['invoice-type'] == 'pdf') { $pdf = base64_decode($inv); header('Content-type: application/pdf'); echo $pdf; Core_quit(); } // } // { else generate a PDF and output it $pdfFile = USERBASE . '/ww.cache/online-store/invoice-pdf-' . $id; if (!file_exists($pdfFile)) { $html = OnlineStore_invoiceGet($id); require_once $_SERVER['DOCUMENT_ROOT'] . '/ww.incs/dompdf/dompdf_config.inc.php'; $dompdf = new DOMPDF(); $dompdf->set_base_path($_SERVER['DOCUMENT_ROOT']); $dompdf->load_html(utf8_decode(str_replace('€', '€', $html)), 'UTF-8'); $dompdf->set_paper('a4'); $dompdf->render(); file_put_contents($pdfFile, $dompdf->output()); } header('Content-type: application/pdf'); $fp = fopen($pdfFile, 'r'); fpassthru($fp); fclose($fp); Core_quit(); // } }
/** * upload a new category image * * @return null */ function ClassifiedAds_adminCategoryUploadImage() { $id = (int) $_REQUEST['id']; if (!file_exists(USERBASE . '/f/classified-ads/categories/' . $id)) { mkdir(USERBASE . '/f/classified-ads/categories/' . $id, 0777, true); } $imgs = new DirectoryIterator(USERBASE . '/f/classified-ads/categories/' . $id); foreach ($imgs as $img) { if ($img->isDot()) { continue; } unlink($img->getPathname()); } $from = $_FILES['Filedata']['tmp_name']; $ext = preg_replace('/.*\\./', '', $_FILES['Filedata']['name']); $url = '/classified-ads/categories/' . $id . '/icon.' . $ext; $to = USERBASE . '/f' . $url; move_uploaded_file($from, $to); dbQuery('update classifiedads_categories set' . ' icon="' . $url . '" where id=' . $id); Core_cacheClear(); echo $url; Core_quit(); }
* PHP version 5.2 * * @category None * @package None * @author Conor Mac Aoidh <*****@*****.**> * @author Kae Verens <*****@*****.**> * @license GPL 2.0 * @link http://kvsites.ie/ */ require_once $_SERVER['DOCUMENT_ROOT'] . '/ww.incs/basics.php'; require_once SCRIPTBASE . 'ww.admin/admin_libs.php'; if (isset($_POST['wizard-name'])) { // validate post data $name = $_POST['wizard-name']; if ($name == '') { Core_quit(__('All fields are required') . ' <input type="submit" value="' . htmlspecialchars(__('Back')) . '" class="back-link"/>'); } $_SESSION['wizard']['name'] = $name; } echo '<h2>' . __('Payment Details') . '</h2><i>' . __('Now, some basic details about payment. Everything here is optional,' . ' if you don\'t know what it is then just leave it blank') . '</i><div style="height:300px;overflow:auto"><table>'; // { admin email address $email = @$_SESSION['userdata']['email']; echo '<tr><th>' . __('What is your email address? When purchases are made, you will be alerted' . ' at this address.') . '</th><td><input type="email" name="wizard-email" value="' . htmlspecialchars($email) . '"/></td></tr>'; // } // { Users must log in to purchase echo ' <tr> <th>' . __('Do customers need to log in before purchasing?') . '</th> <td><select name="wizard-login"> <option value="no">' . __('No') . '</option> <option value="yes">' . __('Yes') . '</option>
* @package None * @subpackage Form * @author Kae Verens <*****@*****.**> * @license GPL Version 2 * @link www.kvweb.me */ $session_id = @$_POST['PHPSESSID']; session_id($session_id); require '../../../ww.incs/basics.php'; $dir = USERBASE . '/f/.files/forms/'; if (!is_dir($dir)) { // make forms dir mkdir($dir); } $dir .= $session_id . '/'; if (!is_dir($dir)) { // make dir named after $session_id mkdir($dir); } // { make sure too many files aren't being uploaded $size = CoreDirectory::getSize($dir); if ($size > 52428800) { // greater than 50mb CoreDirectory::delete($dir); Core_quit(__('Deleted')); } // } if (isset($_FILES['file-upload'])) { move_uploaded_file($_FILES['file-upload']['tmp_name'], $dir . $_FILES['file-upload']['name']); } echo __('Upload');
/** * delete a message from a forum * * @return array */ function Forum_delete() { if (!isset($_SESSION['userdata']) || !$_SESSION['userdata']['id']) { Core_quit(); } $post_id = (int) $_REQUEST['id']; $errs = array(); if (!$post_id) { $errs[] = 'no post selected'; } $post = dbRow('select author_id,thread_id from forums_posts where id=' . $post_id); if (!$post) { return array('error' => 'post does not exist'); } if (!Core_isAdmin() && $post['author_id'] != $_SESSION['userdata']['id']) { $errs[] = 'this is not your post, or post does not exist'; } if (count($errs)) { return array('errors' => $errs); } dbQuery('delete from forums_posts where id=' . $post_id); $sql = 'select count(id) from forums_posts where thread_id=' . $post['author_id']; if ((int) dbOne($sql, 'count(id)') < 1) { dbQuery('delete from forums_threads where id=' . $post['thread_id']); } dbQuery('update forums_threads set num_posts=' . '(select count(id) as ids from forums_posts ' . 'where thread_id=forums_threads.id)'); dbQuery('select from forums_threads where num_posts=0'); return array('ok' => 1); }
} } $data = addslashes(json_encode($data)); $sql = "messaging_notifier set data='{$data}'"; if ($id) { $sql = "update {$sql} where id={$id}"; dbQuery($sql); } else { $sql = "insert into {$sql}"; dbQuery($sql); $id = dbOne('select last_insert_id() as id', 'id'); } $ret = array('id' => $id, 'id_was' => $id_was, 'datastr' => $_REQUEST['data'], 'dataobj' => $data); echo json_encode($ret); Core_cacheClear('messaging_notifier'); Core_quit(); } if (isset($_REQUEST['id'])) { $id = (int) $_REQUEST['id']; } else { $id = 0; } echo '<a href="javascript:;" id="messaging_notifier_editlink_' . $id . '" class="button messaging_notifier_editlink">view or edit feeds</a><br />'; // { show story title echo '<strong>hide story title</strong><br />' . '<select name="hide_story_title"><option value="0">No</option>' . '<option value="1"'; if (@$_REQUEST['hide_story_title'] == 1) { echo ' selected="selected"'; } echo '>Yes</option></select><br />'; // } // { characters shown per story
<?php /** * Edits a review * * PHP Version 5 * * @category CommentsPlugin * @package WebworksWebme * @subpackage CommentsPlugin * @author Belinda Hamilton <*****@*****.**> * @license GPL Version 2 * @link www.kvweb.me **/ require_once $_SERVER['DOCUMENT_ROOT'] . '/ww.incs/basics.php'; $id = $_REQUEST['id']; if (!is_numeric($id)) { Core_quit('The supplied id is invalid'); } dbQuery('update comments set comment="' . addslashes($_REQUEST['comment']) . '" where id=' . $id); Core_cacheClear('comments'); $comment = dbRow('select * from comments where id = ' . $id); echo json_encode(array('id' => $id, 'comment' => $comment));
/** * check that a file can be accessed * * @param array $vars array * * @return null */ function ProtectedFiles_check($vars) { global $PAGEDATA; $fname = $vars['requested_file']; $protected_files = Core_cacheLoad('protected_files', 'all'); if (!$protected_files) { $protected_files = dbAll('select * from protected_files'); Core_cacheSave('protected_files', 'all', $protected_files); } foreach ($protected_files as $pr) { if (strpos($fname, $pr['directory'] . '/') === 0) { if (!isset($pr['details'])) { $details = array('type' => 1); } else { $details = json_decode($pr['details'], true); } switch ((int) $details['type']) { case 1: // { email $email = ''; if (isset($_SESSION['protected_files_email']) && $_SESSION['protected_files_email']) { $email = $_SESSION['protected_files_email']; } elseif (isset($_SESSION['userdata']['email']) && $_SESSION['userdata']['email']) { $email = $_SESSION['userdata']['email']; } elseif (isset($_REQUEST['email']) && filter_var($_REQUEST['email'], FILTER_VALIDATE_EMAIL)) { $email = $_REQUEST['email']; } if ($email) { require_once SCRIPTBASE . 'ww.incs/common.php'; $_SESSION['protected_files_email'] = $email; if (!isset($_SESSION['protected_files_stage2'])) { $_SESSION['protected_files_stage2'] = 1; $PAGEDATA = Page::getInstance(0); $PAGEDATA->title = 'File Download'; list($smarty, $template) = ProtectedFiles_getTemplate($pr['template']); $smarty->assign('METADATA', '<title>File Download</title>'); $smarty->assign('PAGECONTENT', '<p>Your download should begin in two seconds. ' . 'If it doesn\'t, please <a href="' . $_SERVER['REQUEST_URI'] . '">click here</a></p>' . '<script defer="defer">setTimeout(function(){document.location="' . htmlspecialchars($_SERVER['REQUEST_URI']) . '";},2000);</script><p>' . '<a href="' . $_SESSION['referer'] . '">Click here</a> to return to the referring page.</p>'); $smarty->display($template . '.html'); Core_quit(); } else { cmsMail($pr['recipient_email'], '[' . $_SERVER['HTTP_HOST'] . '] protected file downloaded', 'protected file "' . addslashes($fname) . '" was downloaded by "' . addslashes($email) . '"'); ProtectedFiles_log($fname, 1, $email, $pr['id']); unset($_SESSION['referer']); } } else { unset($_SESSION['protected_files_stage2']); if (!isset($_SESSION['referer'])) { $_SESSION['referer'] = isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : ''; } ProtectedFiles_log($fname, 0, '', $pr['id']); $PAGEDATA = Page::getInstance(0); $PAGEDATA->title = 'File Download'; list($smarty, $template) = ProtectedFiles_getTemplate($pr['template']); $smarty->assign('METADATA', '<title>File Download</title>'); $smarty->assign('PAGECONTENT', $pr['message'] . '<form method="post" action="/f' . htmlspecialchars($fname) . '">' . '<input name="email" /><input type="submit" value="Please en' . 'ter your email address" /></form>'); $smarty->display($template . '.html'); Core_quit(); } break; // } // } case 2: // { groups if (isset($_SESSION['userdata']['groups'])) { $valid = explode(',', $details['groups']); foreach ($valid as $g) { if ($g != '' && isset($_SESSION['userdata']['groups'][$g])) { return; // ok - this user is a member of a valid group } } } $PAGEDATA = Page::getInstance(0); $PAGEDATA->title = 'File Download'; list($smarty, $template) = ProtectedFiles_getTemplate($pr['template']); $smarty->assign('METADATA', '<title>File Download</title>'); $smarty->assign('PAGECONTENT', $pr['message'] . '<p>Please <a href="/_r?type=privacy">login</a> ' . 'to view this page</p>'); $smarty->display($template . '.html'); Core_quit(); // } } } } }
/** * return a fwe invoices as a zipped collection of PDFs * * @return null */ function OnlineStore_adminInvoicesGetAsPdf() { $ids = explode(',', $_REQUEST['ids']); $files = array(); $foundIds = array(); foreach ($ids as $id) { $id = (int) $id; $pfile = USERBASE . '/ww.cache/online-store/invoice' . $id . '.pdf'; if (!file_exists($pfile)) { $hfile = USERBASE . '/ww.cache/online-store/invoice' . $id; if (!file_exists($hfile) || !filesize($hfile)) { $i = dbOne('select invoice from online_store_orders where id=' . $id, 'invoice'); if (!$i) { continue; } file_put_contents($hfile, "" . '<html><head><meta http-equiv="Content-Type"' . ' content="text/html;' . ' charset=UTF-8" /></head><body>' . utf8_encode($i) . '</body></html>'); } require_once $_SERVER['DOCUMENT_ROOT'] . '/ww.incs/dompdf/dompdf_config.inc.php'; $html = file_get_contents($hfile); $dompdf = new DOMPDF(); $dompdf->set_base_path($_SERVER['DOCUMENT_ROOT']); $dompdf->load_html(utf8_decode(str_replace('€', '€', $html)), 'UTF-8'); $dompdf->set_paper('a4'); $dompdf->render(); file_put_contents($pfile, $dompdf->output()); } $files[] = 'invoice' . $id . '.pdf'; $foundIds[] = $id; } $zdir = USERBASE . '/ww.cache/online-store/'; $zfile = USERBASE . '/ww.cache/online-store/invoices-' . join(',', $foundIds) . '.zip'; $filesToZip = join(' ', $files); `cd {$zdir} && zip -D {$zfile} {$filesToZip}`; header('Content-type: application/zip'); header('Content-Disposition: attachment; filename="invoices.zip"'); $fp = fopen($zfile, 'r'); fpassthru($fp); fclose($fp); Core_quit(); }