function SiteCredits_isActive()
{
global $DBVARS;
if (!isset($DBVARS['sitecredits-credits'])) {
$DBVARS['sitecredits-credits'] = 0;
Core_configRewrite();
}
if ($DBVARS['sitecredits-credits'] < -1) {
echo '<p>' . __('Website Administrator attention needed.' . ' Please log into your administration area (and check your email).') . '</p>';
Core_quit();
}
}
/**
* delete an uploaded file
*
* @return null
*/
function Forms_fileDelete()
{
$id = @$_REQUEST['id'];
if ($id == '' || strpos('..', $id) !== false) {
Core_quit();
}
$dir = USERBASE . '/f/.files/forms/' . session_id() . '/';
if (!is_dir($dir)) {
Core_quit();
}
$dir .= $id;
@unlink($dir);
}
/**
* Update the comments table
*
* @return null
*/
function Comments_update()
{
$id = $_REQUEST['id'];
$comment = $_REQUEST['comment'];
$allowed = in_array($id, $_SESSION['comment_ids']);
if (!$allowed) {
die('You do not have permission to do this');
}
if (!is_numeric($id)) {
Core_quit('Invalid id');
}
dbQuery('update comments set comment = "' . addslashes($comment) . '" where id = ' . (int) $id);
Core_cacheClear('comments');
return array('status' => 1, 'id' => $id, 'comment' => $comment);
}
function News_getHeadlinesMonth()
{
$y = (int) $_REQUEST['y'];
$m = (int) $_REQUEST['m'];
$p = (int) $_REQUEST['pid'];
if ($y < 1000 || $y > 9999 || $m < 1 || $m > 12) {
Core_quit();
}
$m = sprintf('%02d', $m);
$sql = 'select id from pages where parent=' . $p . ' and associated_date>"' . $y . '-' . $m . '-00" and associated_date<date_add("' . $y . '-' . $m . '-01", interval 1 month) order by associated_date';
$ps = dbAll($sql);
$headlines = array();
foreach ($ps as $p) {
$page = Page::getInstance($p['id']);
$headlines[] = array('url' => $page->getRelativeURL(), 'adate' => $page->associated_date, 'headline' => htmlspecialchars($page->alias));
}
return $headlines;
}
}
// }
// { load page data
if ($id) {
$PAGEDATA = Page::getInstance($id)->initValues();
} else {
if ($page != '') {
redirect('/', 'no page id for ' . $page);
}
Core_quit(__('no page loaded. If this is a new site, then please' . ' <a href="/ww.admin/">log into the admin area</a> and create your' . ' first page.', 'core'));
}
$c = Core_trigger('page-object-loaded');
// }
// { if URL includes a plugin override, run that instead of displaying the page
if (isset($_REQUEST['_p']) && isset($PLUGINS[$_REQUEST['_p']]['page-override'])) {
Core_quit($PLUGINS[$_REQUEST['_p']]['page-override']($PAGEDATA));
}
// }
// { main content
// { check if page is protected
$access_allowed = 1;
foreach ($PLUGINS as $p) {
if ($access_allowed && isset($p['frontend']['page_display_test'])) {
$access_allowed = $p['frontend']['page_display_test']($PAGEDATA);
}
}
// }
if (!$access_allowed) {
$c .= '<h2>' . __('Permission Denied', 'core') . '</h2>' . '<p>' . __('This is a protected document.', 'core') . '</p><p>' . isset($_SESSION['userdata']) ? __('You are not in a user-group which has access to this page. If you' . ' think you should be, please contact the site administrator.', 'core') : '<p><strong>' . __('If you have a user account, please <a href="/_r?type=loginpage">' . 'click here</a> to log in.', 'core');
$c .= '</p><p>' . __('If you do not have a user account, but have been supplied with a' . ' password for the page, please enter it here and submit the form:', 'core') . '</p>' . '<form method="post"><input type="password" name="privacy_password" />' . '<input type="submit" /></form>';
} elseif (@$_REQUEST['cmsspecial'] == 'sitemap') {
/**
* send a load of SMSes
*
* @return array result
*/
function Sms_adminSendBulk()
{
$aid = (int) $_REQUEST['to'];
$msg = $_REQUEST['msg'];
if (!$msg || preg_replace('/a-zA-Z0-9 !_\\-.,:\'"/', '', $msg) != $msg) {
Core_quit();
}
$tos = array();
$to_names = array();
$subs = dbOne('select subscribers from sms_addressbooks where id=' . $aid . ' limit 1', 'subscribers');
$subs = dbAll('select name,phone from sms_subscribers where id in (' . preg_replace('/[^0-9,]/', '', $subs) . ')');
foreach ($subs as $sub) {
$tos[] = $sub['phone'];
$to_names[] = preg_replace('/[^a-zA-Z0-9 \\-.\']/', '', $sub['name']);
}
$ret = SMS_callApi('send-bulk', '&to=' . join(',', $tos) . '&message=' . urlencode($msg) . '&names=' . join(',', $to_names));
return $ret;
}
/**
* get a frame for images
*
* @return null
*/
function ImageGallery_frameGet()
{
if (isset($_REQUEST['ratio'])) {
$ratio = (double) $_REQUEST['ratio'];
} else {
$ratio = 1;
}
$padding = explode(' ', $_REQUEST['pa']);
$border = explode(' ', $_REQUEST['bo']);
$width = $_REQUEST['w'] + ($padding[1] + $padding[3]) / $ratio;
$height = $_REQUEST['h'] + ($padding[0] + $padding[2]) / $ratio;
$file = USERBASE . '/f/' . $_REQUEST['_remainder'];
if (strpos($file, '/.') !== false) {
Core_quit();
}
if (!file_exists($file)) {
header('Location: /i/blank.gif');
Core_quit();
}
$md5 = md5($_SERVER['REQUEST_URI']);
$frame = USERBASE . '/ww.cache/image-gallery-frames/frame-' . $md5 . '.png';
if (!file_exists($frame)) {
@mkdir(USERBASE . '/ww.cache/image-gallery-frames');
$imgO = imagecreatefrompng($file);
if ($img0 === false) {
// not a PNG
header('Location: /i/blank.gif');
Core_quit();
}
$imgOsize = getimagesize($file);
$imgN = imagecreatetruecolor($width, $height);
$black = imagecolorallocate($imgN, 0, 0, 0);
imagecolortransparent($imgN, $black);
// top left
imagecopyresampled($imgN, $imgO, 0, 0, 0, 0, ceil($border[3] / $ratio), ceil($border[0] / $ratio), $border[3], $border[0]);
// top right
imagecopyresampled($imgN, $imgO, $width - floor($border[1] / $ratio) - 1, 0, $imgOsize[0] - $border[1] - 1, 0, ceil($border[1] / $ratio), ceil($border[0] / $ratio), $border[1], $border[0]);
// bottom left
imagecopyresampled($imgN, $imgO, 0, $height - floor($border[2] / $ratio) - 1, 0, $imgOsize[1] - $border[2] - 1, ceil($border[3] / $ratio), ceil($border[2] / $ratio), $border[3], $border[2]);
// bottom right
imagecopyresampled($imgN, $imgO, $width - floor($border[1] / $ratio) - 1, $height - floor($border[2] / $ratio) - 1, $imgOsize[0] - $border[1] - 1, $imgOsize[1] - $border[2] - 1, ceil($border[1] / $ratio), ceil($border[2] / $ratio), $border[1], $border[2]);
// left
imagecopyresampled($imgN, $imgO, 0, floor($border[0] / $ratio), 0, $border[0], ceil($border[3] / $ratio), $height - floor(($border[2] + $border[0]) / $ratio), $border[3], $imgOsize[1] - $border[2] - $border[0]);
// right
imagecopyresampled($imgN, $imgO, $width - floor($border[1] / $ratio) - 1, floor($border[0] / $ratio), $imgOsize[0] - $border[1] - 1, $border[0], ceil($border[1] / $ratio), $height - floor(($border[2] + $border[0]) / $ratio), $border[3], $imgOsize[1] - $border[2] - $border[0]);
// top
imagecopyresampled($imgN, $imgO, floor($border[3] / $ratio), 0, $border[3], 0, $width - floor(($border[3] + $border[1]) / $ratio), ceil($border[0] / $ratio), $imgOsize[0] - $border[3] - $border[1], $border[0]);
// bottom
imagecopyresampled($imgN, $imgO, floor($border[3] / $ratio), $height - floor($border[2] / $ratio) - 1, $border[3], $imgOsize[1] - $border[2] - 1, $width - floor(($border[3] + $border[1]) / $ratio), ceil($border[2] / $ratio), $imgOsize[0] - $border[3] - $border[1], $border[2]);
}
header('Content-type: image/png');
imagepng($imgN, $frame);
header('Cache-Control: max-age=2592000, public');
header('Expires-Active: On');
header('Expires: Fri, 1 Jan 2500 01:01:01 GMT');
header('Pragma:');
header('Content-Length: ' . filesize($frame));
readfile($frame);
}
/**
* download a CSV version of a product type in importable format
*
* @return null
*/
function Products_adminTypesGetSampleImport()
{
$ptypeid = (int) $_REQUEST['ptypeid'];
if ($ptypeid) {
$ptypes = dbAll('select * from products_types where id=' . $ptypeid);
} else {
$ptypes = dbAll('select * from products_types');
}
$are_any_for_sale = 0;
// { get list of data field names
$names = array();
foreach ($ptypes as $p) {
if ($p['is_for_sale']) {
$are_any_for_sale = 1;
}
$dfs = json_decode($p['data_fields']);
foreach ($dfs as $df) {
if (!in_array($df->n, $names)) {
$names[] = $df->n;
}
}
}
// }
header('Content-type: text/csv; Charset=utf-8');
header('Content-Disposition: attachment; filename="product-types-' . $ptypeid . '.csv"');
// { header
$row = array('_stocknumber', '_name', '_ean');
if ($are_any_for_sale) {
$row[] = '_price';
$row[] = '_sale_price';
$row[] = '_bulk_price';
$row[] = '_bulk_amount';
$row[] = '_stockcontrol_total';
}
foreach ($names as $n) {
$row[] = $n;
}
$row[] = '_type';
$row[] = '_categories';
echo Products_arrayToCSV($row);
// }
// { sample rows
foreach ($ptypes as $p) {
$row = array('stock_number', 'name', 'barcode');
if ($are_any_for_sale) {
$row[] = '0.00';
$row[] = '0.00';
$row[] = '0.00';
$row[] = '0';
$row[] = '0';
}
foreach ($names as $n) {
$row[] = '';
}
$row[] = $p['name'];
$row[] = '';
echo Products_arrayToCSV($row);
}
// }
Core_quit();
}
/**
* export po file
*
* @return status
*/
function Core_adminLanguagesExportPo()
{
$lang = $_REQUEST['lang'];
$strings = array();
$rs = dbAll('select distinct str from languages');
foreach ($rs as $r) {
$strings[$r['str']] = 1;
}
$rs = dbAll('select str,trstr from languages where lang="' . addslashes($lang) . '"' . ' order by str');
header('Content-Type: force/download');
header('Content-Disposition: attachment; filename="' . $lang . '.po"');
echo "msgid \"\"\nmsgstr \"\"\n\"MIME-Version: 1.0\\n\"\n" . "\"Content-Type: text/plain; charset=utf-8\\n\"\n" . "\"Content-Transfer-Encoding: 8bit\\n\"\n" . "\n";
foreach ($rs as $r) {
echo 'msgid "' . $r['str'] . "\"\n";
echo 'msgstr "' . $r['trstr'] . "\"\n\n";
unset($strings[$r['str']]);
}
foreach ($strings as $r => $v) {
echo 'msgid "' . $r . "\"\n";
echo "msgstr \"\"\n\n";
}
Core_quit();
}
/**
* redirect the browser to a different URL using a 301 redirect
*
* @param string $addr the address to redirect to
*
* @return null
*/
function redirect($addr, $reason = '')
{
header('HTTP/1.1 301 Moved Permanently');
header('Location: ' . $addr);
if ($reason) {
header('X-Redirect-Reason: ' . $reason);
}
echo '<html><head><script defer="defer" type="text/javascript">' . 'setTimeout(function(){document.location="' . $addr . '";},10);</script>' . '</head><body></body></html>';
Core_quit();
}
// }
Core_quit('{"ok":1,"message":"' . addslashes($email) . '"}');
}
break;
// }
// }
case 'set-option':
// {
if (SiteCredits_apiVerify($params, $_REQUEST['sha1'])) {
dbQuery('delete from sitecredits_options where name="' . addslashes($_REQUEST['payment-recipient']) . '"');
dbQuery('insert into sitecredits_options set name="' . addslashes($_REQUEST['name']) . '", value="' . addslashes($_REQUEST['value']) . '"');
Core_quit('{"credits":' . (double) @$GLOBALS['DBVARS']['sitecredits-credits'] . '}');
// }
}
case 'set-hosting-fee':
// {
$params = array('action' => 'set-hosting-fee', 'cdate' => $_REQUEST['cdate'], 'credits' => (double) $_REQUEST['credits'], 'time' => $_REQUEST['time']);
if (SiteCredits_apiVerify($params, $_REQUEST['sha1'])) {
dbQuery('delete from sitecredits_recurring where description="hosting"');
dbQuery('insert into sitecredits_recurring set description="hosting"' . ',amt=' . (double) $_REQUEST['credits'] . ',start_date="' . addslashes($_REQUEST['cdate']) . '",period="1 month"' . ',next_payment_date="' . addslashes($_REQUEST['cdate']) . '"');
Core_quit('{"ok":1}');
}
break;
// }
// }
default:
// {
Core_quit('{"error":"unknown action ' . addslashes($_REQUEST['action']) . '"}');
// }
}
echo '{"error":"checksum failed"}';
/**
* show an image of a QR code leading to a product
*
* @return null
*/
function Products_showQrCode()
{
$pid = (int) $_REQUEST['pid'];
$product = Product::getInstance($pid);
if (!$product) {
redirect('/i/blank.gif');
}
$fname = USERBASE . '/ww.cache/products/qr' . $pid;
if (!file_exists($fname)) {
require_once SCRIPTBASE . '/ww.incs/phpqrcode.php';
@mkdir(USERBASE . '/ww.cache/products');
QRcode::png('http://' . $_SERVER['HTTP_HOST'] . $product->getRelativeUrl(), $fname);
}
header('Content-type: image/png');
header('Cache-Control: max-age=2592000, public');
header('Expires-Active: On');
header('Expires: Fri, 1 Jan 2500 01:01:01 GMT');
header('Pragma:');
header('Content-Length: ' . filesize($fname));
readfile($fname);
Core_quit();
}
<?php
/**
* activate SMS account with textr
*
* PHP version 5.2
*
* @category None
* @package None
* @author Kae Verens <*****@*****.**>
* @license GPL 2.0
* @link http://kvsites.ie/
*/
require $_SERVER['DOCUMENT_ROOT'] . '/ww.incs/basics.php';
if (!Core_isAdmin()) {
die('access denied');
}
$url = 'http://textr.mobi/api.php?a=activate' . '&email=' . urlencode($DBVARS['sms_email']) . '&activation=' . urlencode($_REQUEST['key']);
$res = file_get_contents($url);
if ($res === false) {
Core_quit('{"status":0,"error":"failed to contact textr.mobi. please wait a short' . ' while and try again."}');
}
echo $res;
/**
* follow an ad
*
* @return null
*/
function Ads_go()
{
$id = (int) $_REQUEST['id'];
$r = dbRow('select * from ads where id=' . $id);
if (!$r) {
return false;
}
dbQuery('insert into ads_track set ad_id=' . $id . ', click=1, cdate=now()');
if (strpos($r['target_url'], 'www.') === 0) {
$r['target_url'] = 'http://' . $r['target_url'];
}
header('Location: ' . $r['target_url']);
Core_quit();
}
/**
* update a password, using a verification code
*
* @return null
*/
function Core_updateUserPasswordUsingToken()
{
$email = $_REQUEST['email'];
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
Core_quit('{"error":"please enter a properly formatted email address"}');
}
$token = addslashes($_REQUEST['token']);
if ($token == '') {
Core_quit('{"error":"no token entered"}');
}
$password = $_REQUEST['password'];
if ($password == '') {
Core_quit('{"error":"no new password entered"}');
}
$u = dbRow("select * from user_accounts where email='{$email}' " . "and verification_hash='{$token}'");
if ($u && count($u)) {
$password = md5($password);
dbQuery("update user_accounts set password='******'," . "verification_hash='' where email='{$email}'");
Core_quit('{"ok":1}');
}
Core_quit('{"error":"user not found, or verification token is out of date"}');
}
/**
* Sets moderator groups for a forum
*
* @return array
*/
function Forum_adminGroupModeratorSet()
{
$group = $_REQUEST['group'];
$forum = $_REQUEST['forum'];
$action = $_REQUEST['action'];
$response = array();
if (!(is_numeric($group) && is_numeric($forum))) {
Core_quit('Invalid Parameters');
}
$sql = 'select moderator_groups from forums where id = ' . $forum;
$moderatorGroups = array();
if (dbOne($sql, 'moderator_groups')) {
$mods = dbOne($sql, 'moderator_groups');
$moderatorGroups = explode(',', $mods);
}
if ($action == 'true') {
//add a group
$moderatorGroups[] = $group;
} else {
//remove a group
foreach ($moderatorGroups as $k => $val) {
if ($val == $group) {
unset($moderatorGroups[$k]);
}
}
$autoApprove = $_REQUEST['autoApprove'];
if (!count($moderatorGroups) && $autoApprove == 'true') {
// Approve all posts for forum
$sql = 'select id from forums_posts where thread_id in ' . '(select id from forums_threads where forum_id = ' . $forum . ')' . 'and moderated=0';
$results = dbAll($sql);
$response['posts'] = array();
foreach ($results as $result) {
dbQuery('update forums_posts set moderated = 1 ' . 'where id = ' . $result['id']);
$response['posts'][] = $result['id'];
}
}
}
if (count($moderatorGroups)) {
$moderatorGroups = implode(',', $moderatorGroups);
} else {
$moderatorGroups = null;
}
dbQuery('update forums set moderator_groups = "' . addslashes($moderatorGroups) . '"' . ' where id = ' . $forum);
$response['status'] = 1;
return $response;
}
/**
* Sets moderation of comments
*
* PHP Version 5
*
* @category CommentsPlugin
* @package WebworksWebme
* @subpackage CommentsPlugin
* @author Belinda Hamilton <*****@*****.**>
* @license GPL Version 2
* @link www.kvweb.me
**/
require_once $_SERVER['DOCUMENT_ROOT'] . '/ww.incs/basics.php';
if (!Core_isAdmin()) {
Core_quit('You do not have permission to do this');
}
$set = dbOne('select value from site_vars where name="comments_no_moderation"', 'value');
if ($_REQUEST['value'] == 'true') {
$val = 1;
} elseif ($_REQUEST['value'] == 'false') {
$val = 0;
}
if (!isset($set) && isset($val)) {
dbQuery('insert into site_vars
values("comments_no_moderation", ' . $val . ')');
} elseif (isset($val)) {
dbQuery('update site_vars set value=' . $val . ' where name = "comments_no_moderation"');
}
if ($val == 1) {
dbQuery('update comments set isvalid=2 where isvalid=1');
/**
* add a video to a gallery
*
* @return null
*/
function ImageGallery_adminAddVideo()
{
$id = (int) @$_REQUEST['id'];
$link = @$_REQUEST['link'];
$image = @$_REQUEST['image'];
if ($id == 0 || $link == '') {
Core_quit(__('ID or Link is missing'));
}
if ($image == 'http://') {
$image = '';
}
$meta = json_encode(array('href' => $link, 'image' => $image));
$query = 'insert into image_gallery (gallery_id,position,media,meta) values ' . '(' . $id . ',"9999","video","' . addslashes($meta) . '")';
dbQuery($query);
}
<?php
/**
* Deletes a comment
*
* PHP Version 5.3
*
* @category CommentsPlugin
* @package WebworksWebme
* @subpackage CommentsPlugin
* @author Belinda Hamilton <*****@*****.**>
* @license GPL Version 2
* @link www.kvweb.me
**/
require_once $_SERVER['DOCUMENT_ROOT'] . '/ww.incs/basics.php';
$id = $_REQUEST['id'];
$allowed = Core_isAdmin() || in_array($id, $_SESSION['comment_ids']);
if (!$allowed) {
die('You do not have permission to delete this comment');
}
if (!is_numeric($id)) {
Core_quit('Invalid id');
}
dbQuery('delete from comments where id = ' . $id);
Core_cacheClear('comments');
if (dbOne('select id from comments where id = ' . $id, 'id')) {
echo '{"status":0}';
} else {
echo '{"status":1, "id":' . $id . '}';
}
/**
* get a PDF version of the invoice
*
* @return null
*/
function OnlineStore_invoicePdf()
{
$id = (int) $_REQUEST['id'];
$order = dbRow('select invoice, meta, user_id from online_store_orders where id=' . $id);
$ok = false;
if ($order) {
if ($order['user_id'] == $_SESSION['userdata']['id']) {
$ok = true;
}
$meta = json_decode($order['meta'], true);
if (isset($_REQUEST['auth']) && isset($meta['auth-md5']) && $meta['auth-md5'] == $_REQUEST['auth']) {
$ok = true;
}
}
if (!$ok) {
Core_quit();
}
$inv = $order['invoice'];
// { check if it's already stored as a PDF
if (isset($meta['invoice-type']) && $meta['invoice-type'] == 'pdf') {
$pdf = base64_decode($inv);
header('Content-type: application/pdf');
echo $pdf;
Core_quit();
}
// }
// { else generate a PDF and output it
$pdfFile = USERBASE . '/ww.cache/online-store/invoice-pdf-' . $id;
if (!file_exists($pdfFile)) {
$html = OnlineStore_invoiceGet($id);
require_once $_SERVER['DOCUMENT_ROOT'] . '/ww.incs/dompdf/dompdf_config.inc.php';
$dompdf = new DOMPDF();
$dompdf->set_base_path($_SERVER['DOCUMENT_ROOT']);
$dompdf->load_html(utf8_decode(str_replace('€', '€', $html)), 'UTF-8');
$dompdf->set_paper('a4');
$dompdf->render();
file_put_contents($pdfFile, $dompdf->output());
}
header('Content-type: application/pdf');
$fp = fopen($pdfFile, 'r');
fpassthru($fp);
fclose($fp);
Core_quit();
// }
}
/**
* upload a new category image
*
* @return null
*/
function ClassifiedAds_adminCategoryUploadImage()
{
$id = (int) $_REQUEST['id'];
if (!file_exists(USERBASE . '/f/classified-ads/categories/' . $id)) {
mkdir(USERBASE . '/f/classified-ads/categories/' . $id, 0777, true);
}
$imgs = new DirectoryIterator(USERBASE . '/f/classified-ads/categories/' . $id);
foreach ($imgs as $img) {
if ($img->isDot()) {
continue;
}
unlink($img->getPathname());
}
$from = $_FILES['Filedata']['tmp_name'];
$ext = preg_replace('/.*\\./', '', $_FILES['Filedata']['name']);
$url = '/classified-ads/categories/' . $id . '/icon.' . $ext;
$to = USERBASE . '/f' . $url;
move_uploaded_file($from, $to);
dbQuery('update classifiedads_categories set' . ' icon="' . $url . '" where id=' . $id);
Core_cacheClear();
echo $url;
Core_quit();
}
* PHP version 5.2
*
* @category None
* @package None
* @author Conor Mac Aoidh <*****@*****.**>
* @author Kae Verens <*****@*****.**>
* @license GPL 2.0
* @link http://kvsites.ie/
*/
require_once $_SERVER['DOCUMENT_ROOT'] . '/ww.incs/basics.php';
require_once SCRIPTBASE . 'ww.admin/admin_libs.php';
if (isset($_POST['wizard-name'])) {
// validate post data
$name = $_POST['wizard-name'];
if ($name == '') {
Core_quit(__('All fields are required') . ' <input type="submit" value="' . htmlspecialchars(__('Back')) . '" class="back-link"/>');
}
$_SESSION['wizard']['name'] = $name;
}
echo '<h2>' . __('Payment Details') . '</h2><i>' . __('Now, some basic details about payment. Everything here is optional,' . ' if you don\'t know what it is then just leave it blank') . '</i><div style="height:300px;overflow:auto"><table>';
// { admin email address
$email = @$_SESSION['userdata']['email'];
echo '<tr><th>' . __('What is your email address? When purchases are made, you will be alerted' . ' at this address.') . '</th><td><input type="email" name="wizard-email" value="' . htmlspecialchars($email) . '"/></td></tr>';
// }
// { Users must log in to purchase
echo '
<tr>
<th>' . __('Do customers need to log in before purchasing?') . '</th>
<td><select name="wizard-login">
<option value="no">' . __('No') . '</option>
<option value="yes">' . __('Yes') . '</option>
* @package None
* @subpackage Form
* @author Kae Verens <*****@*****.**>
* @license GPL Version 2
* @link www.kvweb.me
*/
$session_id = @$_POST['PHPSESSID'];
session_id($session_id);
require '../../../ww.incs/basics.php';
$dir = USERBASE . '/f/.files/forms/';
if (!is_dir($dir)) {
// make forms dir
mkdir($dir);
}
$dir .= $session_id . '/';
if (!is_dir($dir)) {
// make dir named after $session_id
mkdir($dir);
}
// { make sure too many files aren't being uploaded
$size = CoreDirectory::getSize($dir);
if ($size > 52428800) {
// greater than 50mb
CoreDirectory::delete($dir);
Core_quit(__('Deleted'));
}
// }
if (isset($_FILES['file-upload'])) {
move_uploaded_file($_FILES['file-upload']['tmp_name'], $dir . $_FILES['file-upload']['name']);
}
echo __('Upload');
/**
* delete a message from a forum
*
* @return array
*/
function Forum_delete()
{
if (!isset($_SESSION['userdata']) || !$_SESSION['userdata']['id']) {
Core_quit();
}
$post_id = (int) $_REQUEST['id'];
$errs = array();
if (!$post_id) {
$errs[] = 'no post selected';
}
$post = dbRow('select author_id,thread_id from forums_posts where id=' . $post_id);
if (!$post) {
return array('error' => 'post does not exist');
}
if (!Core_isAdmin() && $post['author_id'] != $_SESSION['userdata']['id']) {
$errs[] = 'this is not your post, or post does not exist';
}
if (count($errs)) {
return array('errors' => $errs);
}
dbQuery('delete from forums_posts where id=' . $post_id);
$sql = 'select count(id) from forums_posts where thread_id=' . $post['author_id'];
if ((int) dbOne($sql, 'count(id)') < 1) {
dbQuery('delete from forums_threads where id=' . $post['thread_id']);
}
dbQuery('update forums_threads set num_posts=' . '(select count(id) as ids from forums_posts ' . 'where thread_id=forums_threads.id)');
dbQuery('select from forums_threads where num_posts=0');
return array('ok' => 1);
}
}
}
$data = addslashes(json_encode($data));
$sql = "messaging_notifier set data='{$data}'";
if ($id) {
$sql = "update {$sql} where id={$id}";
dbQuery($sql);
} else {
$sql = "insert into {$sql}";
dbQuery($sql);
$id = dbOne('select last_insert_id() as id', 'id');
}
$ret = array('id' => $id, 'id_was' => $id_was, 'datastr' => $_REQUEST['data'], 'dataobj' => $data);
echo json_encode($ret);
Core_cacheClear('messaging_notifier');
Core_quit();
}
if (isset($_REQUEST['id'])) {
$id = (int) $_REQUEST['id'];
} else {
$id = 0;
}
echo '<a href="javascript:;" id="messaging_notifier_editlink_' . $id . '" class="button messaging_notifier_editlink">view or edit feeds</a><br />';
// { show story title
echo '<strong>hide story title</strong><br />' . '<select name="hide_story_title"><option value="0">No</option>' . '<option value="1"';
if (@$_REQUEST['hide_story_title'] == 1) {
echo ' selected="selected"';
}
echo '>Yes</option></select><br />';
// }
// { characters shown per story
<?php
/**
* Edits a review
*
* PHP Version 5
*
* @category CommentsPlugin
* @package WebworksWebme
* @subpackage CommentsPlugin
* @author Belinda Hamilton <*****@*****.**>
* @license GPL Version 2
* @link www.kvweb.me
**/
require_once $_SERVER['DOCUMENT_ROOT'] . '/ww.incs/basics.php';
$id = $_REQUEST['id'];
if (!is_numeric($id)) {
Core_quit('The supplied id is invalid');
}
dbQuery('update comments set comment="' . addslashes($_REQUEST['comment']) . '" where id=' . $id);
Core_cacheClear('comments');
$comment = dbRow('select * from comments where id = ' . $id);
echo json_encode(array('id' => $id, 'comment' => $comment));
/**
* check that a file can be accessed
*
* @param array $vars array
*
* @return null
*/
function ProtectedFiles_check($vars)
{
global $PAGEDATA;
$fname = $vars['requested_file'];
$protected_files = Core_cacheLoad('protected_files', 'all');
if (!$protected_files) {
$protected_files = dbAll('select * from protected_files');
Core_cacheSave('protected_files', 'all', $protected_files);
}
foreach ($protected_files as $pr) {
if (strpos($fname, $pr['directory'] . '/') === 0) {
if (!isset($pr['details'])) {
$details = array('type' => 1);
} else {
$details = json_decode($pr['details'], true);
}
switch ((int) $details['type']) {
case 1:
// { email
$email = '';
if (isset($_SESSION['protected_files_email']) && $_SESSION['protected_files_email']) {
$email = $_SESSION['protected_files_email'];
} elseif (isset($_SESSION['userdata']['email']) && $_SESSION['userdata']['email']) {
$email = $_SESSION['userdata']['email'];
} elseif (isset($_REQUEST['email']) && filter_var($_REQUEST['email'], FILTER_VALIDATE_EMAIL)) {
$email = $_REQUEST['email'];
}
if ($email) {
require_once SCRIPTBASE . 'ww.incs/common.php';
$_SESSION['protected_files_email'] = $email;
if (!isset($_SESSION['protected_files_stage2'])) {
$_SESSION['protected_files_stage2'] = 1;
$PAGEDATA = Page::getInstance(0);
$PAGEDATA->title = 'File Download';
list($smarty, $template) = ProtectedFiles_getTemplate($pr['template']);
$smarty->assign('METADATA', '<title>File Download</title>');
$smarty->assign('PAGECONTENT', '<p>Your download should begin in two seconds. ' . 'If it doesn\'t, please <a href="' . $_SERVER['REQUEST_URI'] . '">click here</a></p>' . '<script defer="defer">setTimeout(function(){document.location="' . htmlspecialchars($_SERVER['REQUEST_URI']) . '";},2000);</script><p>' . '<a href="' . $_SESSION['referer'] . '">Click here</a> to return to the referring page.</p>');
$smarty->display($template . '.html');
Core_quit();
} else {
cmsMail($pr['recipient_email'], '[' . $_SERVER['HTTP_HOST'] . '] protected file downloaded', 'protected file "' . addslashes($fname) . '" was downloaded by "' . addslashes($email) . '"');
ProtectedFiles_log($fname, 1, $email, $pr['id']);
unset($_SESSION['referer']);
}
} else {
unset($_SESSION['protected_files_stage2']);
if (!isset($_SESSION['referer'])) {
$_SESSION['referer'] = isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : '';
}
ProtectedFiles_log($fname, 0, '', $pr['id']);
$PAGEDATA = Page::getInstance(0);
$PAGEDATA->title = 'File Download';
list($smarty, $template) = ProtectedFiles_getTemplate($pr['template']);
$smarty->assign('METADATA', '<title>File Download</title>');
$smarty->assign('PAGECONTENT', $pr['message'] . '<form method="post" action="/f' . htmlspecialchars($fname) . '">' . '<input name="email" /><input type="submit" value="Please en' . 'ter your email address" /></form>');
$smarty->display($template . '.html');
Core_quit();
}
break;
// }
// }
case 2:
// { groups
if (isset($_SESSION['userdata']['groups'])) {
$valid = explode(',', $details['groups']);
foreach ($valid as $g) {
if ($g != '' && isset($_SESSION['userdata']['groups'][$g])) {
return;
// ok - this user is a member of a valid group
}
}
}
$PAGEDATA = Page::getInstance(0);
$PAGEDATA->title = 'File Download';
list($smarty, $template) = ProtectedFiles_getTemplate($pr['template']);
$smarty->assign('METADATA', '<title>File Download</title>');
$smarty->assign('PAGECONTENT', $pr['message'] . '<p>Please <a href="/_r?type=privacy">login</a> ' . 'to view this page</p>');
$smarty->display($template . '.html');
Core_quit();
// }
}
}
}
}
/**
* return a fwe invoices as a zipped collection of PDFs
*
* @return null
*/
function OnlineStore_adminInvoicesGetAsPdf()
{
$ids = explode(',', $_REQUEST['ids']);
$files = array();
$foundIds = array();
foreach ($ids as $id) {
$id = (int) $id;
$pfile = USERBASE . '/ww.cache/online-store/invoice' . $id . '.pdf';
if (!file_exists($pfile)) {
$hfile = USERBASE . '/ww.cache/online-store/invoice' . $id;
if (!file_exists($hfile) || !filesize($hfile)) {
$i = dbOne('select invoice from online_store_orders where id=' . $id, 'invoice');
if (!$i) {
continue;
}
file_put_contents($hfile, "" . '<html><head><meta http-equiv="Content-Type"' . ' content="text/html;' . ' charset=UTF-8" /></head><body>' . utf8_encode($i) . '</body></html>');
}
require_once $_SERVER['DOCUMENT_ROOT'] . '/ww.incs/dompdf/dompdf_config.inc.php';
$html = file_get_contents($hfile);
$dompdf = new DOMPDF();
$dompdf->set_base_path($_SERVER['DOCUMENT_ROOT']);
$dompdf->load_html(utf8_decode(str_replace('€', '€', $html)), 'UTF-8');
$dompdf->set_paper('a4');
$dompdf->render();
file_put_contents($pfile, $dompdf->output());
}
$files[] = 'invoice' . $id . '.pdf';
$foundIds[] = $id;
}
$zdir = USERBASE . '/ww.cache/online-store/';
$zfile = USERBASE . '/ww.cache/online-store/invoices-' . join(',', $foundIds) . '.zip';
$filesToZip = join(' ', $files);
`cd {$zdir} && zip -D {$zfile} {$filesToZip}`;
header('Content-type: application/zip');
header('Content-Disposition: attachment; filename="invoices.zip"');
$fp = fopen($zfile, 'r');
fpassthru($fp);
fclose($fp);
Core_quit();
}
