/**
* Add "root" category and fix categories
*
*/
function links_update_set_categories()
{
global $_TABLES, $_LI_CONF;
if (empty($_LI_CONF['root'])) {
$_LI_CONF['root'] = 'site';
}
$root = DB_escapeString($_LI_CONF['root']);
DB_query("INSERT INTO {$_TABLES['linkcategories']} (cid, pid, category, description, tid, created, modified, group_id, owner_id, perm_owner, perm_group, perm_members, perm_anon) VALUES ('{$root}', 'root', 'Root', 'Website root', NULL, NOW(), NOW(), 5, 2, 3, 3, 2, 2)");
// get Links admin group number
$group_id = DB_getItem($_TABLES['groups'], 'grp_id', "grp_name = 'Links Admin'");
// loop through adding to category table, then update links table with cids
$result = DB_query("SELECT DISTINCT cid AS category FROM {$_TABLES['links']}");
$nrows = DB_numRows($result);
for ($i = 0; $i < $nrows; $i++) {
$A = DB_fetchArray($result);
$category = DB_escapeString($A['category']);
$cid = $category;
DB_query("INSERT INTO {$_TABLES['linkcategories']} (cid,pid,category,description,tid,owner_id,group_id,created,modified) VALUES ('{$cid}','{$root}','{$category}','{$category}','all',2,'{$group_id}',NOW(),NOW())", 1);
if ($cid != $category) {
// still experimenting ...
DB_query("UPDATE {$_TABLES['links']} SET cid='{$cid}' WHERE cid='{$category}'", 1);
}
if (DB_error()) {
echo "Error inserting categories into linkcategories table";
return false;
}
}
}
function doValidLogin($login)
{
global $_CONF, $_TABLES, $status, $uid;
// Remote auth precludes usersubmission,
// and integrates user activation, see?;
$status = USER_ACCOUNT_ACTIVE;
// PHP replaces "." with "_"
$openid_identity = DB_escapeString($this->query['openid_identity']);
$openid_nickname = '';
if (isset($this->query['openid_sreg_nickname'])) {
$openid_nickname = $this->query['openid_sreg_nickname'];
}
// Check if that account is already registered.
$result = DB_query("SELECT uid FROM {$_TABLES['users']} WHERE remoteusername = '******' AND remoteservice = 'openid'");
$tmp = DB_error();
$nrows = DB_numRows($result);
if (!($tmp == 0) || !($nrows == 1)) {
// First time login with this OpenID, creating account...
if ($_CONF['disable_new_user_registration']) {
// not strictly correct - just to signal a failed login attempt
$status = USER_ACCOUNT_DISABLED;
$uid = 0;
return;
}
if (empty($openid_nickname)) {
$openid_nickname = $this->makeUsername($this->query['openid_identity']);
}
// we simply can't accept empty usernames ...
if (empty($openid_nickname)) {
COM_errorLog('Got an empty username for ' . $openid_identity);
// not strictly correct - just to signal a failed login attempt
$status = USER_ACCOUNT_DISABLED;
$uid = 0;
return;
}
// Ensure that remoteusername is unique locally.
$openid_nickname = USER_uniqueUsername($openid_nickname);
$openid_sreg_email = '';
if (isset($this->query['openid_sreg_email'])) {
$openid_sreg_email = $this->query['openid_sreg_email'];
}
$openid_sreg_fullname = '';
if (isset($this->query['openid_sreg_fullname'])) {
$openid_sreg_fullname = $this->query['openid_sreg_fullname'];
}
USER_createAccount($openid_nickname, $openid_sreg_email, '', $openid_sreg_fullname, '', $this->query['openid_identity'], 'openid');
$uid = DB_getItem($_TABLES['users'], 'uid', "remoteusername = '******' AND remoteservice = 'openid'");
// Store full remote account name:
DB_query("UPDATE {$_TABLES['users']} SET remoteusername = '******', remoteservice = 'openid', status = 3 WHERE uid = {$uid}");
// Add to remote users:
$remote_grp = DB_getItem($_TABLES['groups'], 'grp_id', "grp_name = 'Remote Users'");
DB_query("INSERT INTO {$_TABLES['group_assignments']} (ug_main_grp_id, ug_uid) VALUES ({$remote_grp}, {$uid})");
} else {
$result = DB_query("SELECT uid,status FROM {$_TABLES['users']} WHERE remoteusername = '******' AND remoteservice = 'openid'");
list($uid, $status) = DB_fetchArray($result);
}
}
/**
* Updates statistics of an spamx entry
*
* @param string $name plugin name
* @param string $value data
**/
protected function updateStat($name, $value)
{
global $_TABLES;
$name = DB_escapeString($name);
$value = DB_escapeString($value);
$timestamp = DB_escapeString(date('Y-m-d H:i:s'));
$sql = "UPDATE {$_TABLES['spamx']} " . "SET counter = counter + 1, regdate = '{$timestamp}' " . "WHERE name='{$name}' AND value='{$value}' ";
DB_query($sql, 1);
}
/**
* Replace the old $_STATES array with a free-form text field
*
*/
function calendar_update_move_states()
{
global $_TABLES, $_STATES;
if (isset($_STATES) && is_array($_STATES)) {
$tables = array($_TABLES['events'], $_TABLES['eventsubmission'], $_TABLES['personal_events']);
foreach ($_STATES as $key => $state) {
foreach ($tables as $table) {
DB_change($table, 'state', DB_escapeString($state), 'state', DB_escapeString($key));
}
}
}
}
/**
* Constructor
*/
function display()
{
global $_CONF, $_TABLES, $LANG_SX00;
$action = '';
if (isset($_GET['action'])) {
$action = $_GET['action'];
} elseif (isset($_POST['paction'])) {
$action = $_POST['paction'];
}
if ($action == 'delete' && SEC_checkToken()) {
$entry = $_GET['entry'];
if (!empty($entry)) {
$dbentry = DB_escapeString($entry);
DB_delete($_TABLES['spamx'], array('name', 'value'), array('HTTPHeader', $dbentry));
}
} elseif ($action == $LANG_SX00['addentry'] && SEC_checkToken()) {
$entry = '';
$name = COM_applyFilter($_REQUEST['header-name']);
$n = explode(':', $name);
$name = $n[0];
$value = $_REQUEST['header-value'];
if (!empty($name) && !empty($value)) {
$entry = $name . ': ' . $value;
}
$dbentry = DB_escapeString($entry);
if (!empty($entry)) {
$result = DB_query("INSERT INTO {$_TABLES['spamx']} VALUES ('HTTPHeader','{$dbentry}')");
}
}
$token = SEC_createToken();
$display = '<hr' . XHTML . '>' . LB . '<p><b>';
$display .= $LANG_SX00['headerblack'];
$display .= '</b></p>' . LB . '<ul>' . LB;
$result = DB_query("SELECT value FROM {$_TABLES['spamx']} WHERE name='HTTPHeader' ORDER BY value");
$nrows = DB_numRows($result);
for ($i = 0; $i < $nrows; $i++) {
list($e) = DB_fetchArray($result);
$display .= '<li>' . COM_createLink(htmlspecialchars($e), $_CONF['site_admin_url'] . '/plugins/spamx/index.php?command=EditHeader&action=delete&entry=' . urlencode($e) . '&' . CSRF_TOKEN . '=' . $token) . '</li>' . LB;
}
$display .= '</ul>' . LB . '<p>' . $LANG_SX00['e1'] . '</p>' . LB;
$display .= '<p>' . $LANG_SX00['e2'] . '</p>' . LB;
$display .= '<form method="post" action="' . $_CONF['site_admin_url'] . '/plugins/spamx/index.php?command=EditHeader">' . LB;
$display .= '<table border="0" width="100%">' . LB;
$display .= '<tr><td align="right"><b>Header:</b></td>' . LB;
$display .= '<td><input type="text" size="40" name="header-name"' . XHTML . '> e.g. <tt>User-Agent</tt></td></tr>' . LB;
$display .= '<tr><td align="right"><b>Content:</b></td>' . LB;
$display .= '<td><input type="text" size="40" name="header-value"' . XHTML . '> e.g. <tt>Mozilla</tt></td></tr>' . LB;
$display .= '</table>' . LB;
$display .= '<p><input type="submit" name="paction" value="' . $LANG_SX00['addentry'] . '"' . XHTML . '></p>';
$display .= '<input type="hidden" name="' . CSRF_TOKEN . "\" value=\"{$token}\"" . XHTML . '>' . LB;
$display .= '</form>' . LB;
return $display;
}
function initMenu($menuname, $skipCache = false)
{
global $_GROUPS, $_TABLES, $_USER;
$menu = NULL;
$cacheInstance = 'menuobject_' . $menuname . '_' . CACHE_security_hash() . '__data';
if ($skipCache == false) {
$retval = CACHE_check_instance($cacheInstance, 0);
if ($retval) {
$menu = unserialize($retval);
return $menu;
}
}
$mbadmin = SEC_hasRights('menu.admin');
$root = SEC_inGroup('Root');
if (COM_isAnonUser()) {
$uid = 1;
} else {
$uid = $_USER['uid'];
}
$result = DB_query("SELECT * FROM {$_TABLES['menu']} WHERE menu_active=1 AND menu_name='" . DB_escapeString($menuname) . "'", 1);
$menuRow = DB_fetchArray($result);
if ($menuRow) {
$menu = new menu();
$menu->id = $menuRow['id'];
$menu->name = $menuRow['menu_name'];
$menu->type = $menuRow['menu_type'];
$menu->active = $menuRow['menu_active'];
$menu->group_id = $menuRow['group_id'];
if ($mbadmin || $root) {
$menu->permission = 3;
} else {
if ($menuRow['group_id'] == 998) {
if (COM_isAnonUser()) {
$menu->permission = 3;
} else {
$menu->permission = 0;
return NULL;
}
} else {
if (in_array($menuRow['group_id'], $_GROUPS)) {
$menu->permission = 3;
} else {
return NULL;
}
}
}
$menu->getElements();
$cacheMenu = serialize($menu);
CACHE_create_instance($cacheInstance, $cacheMenu, 0);
}
return $menu;
}
public function Load($code)
{
global $_TABLES;
static $currencies = array();
if (!isset($currencies[$code])) {
$currencies[$code] = FALSE;
$res = DB_query("SELECT * FROM {$_TABLES['paypal.currency']}\n WHERE code = '" . DB_escapeString($code) . "'");
if ($res) {
$currencies[$code] = DB_fetchArray($res, false);
}
}
return $currencies[$code];
}
/**
* Add new config options
*
*/
function update_ConfValues()
{
global $_CONF, $_TABLES;
require_once $_CONF['path_system'] . 'classes/config.class.php';
// remove pdf_enabled option; this also makes room for new search options
DB_delete($_TABLES['conf_values'], 'name', 'pdf_enabled');
// move num_search_results options
DB_query("UPDATE {$_TABLES['conf_values']} SET sort_order = 651 WHERE sort_order = 670");
// change default for num_search_results
$thirty = DB_escapeString(serialize(30));
DB_query("UPDATE {$_TABLES['conf_values']} SET value = '{$thirty}', default_value = '{$thirty}' WHERE name = 'num_search_results'");
// fix censormode dropdown
DB_query("UPDATE {$_TABLES['conf_values']} SET selectionArray = 18 WHERE name = 'censormode'");
$c = config::get_instance();
// new options
$c->add('jpeg_quality', 75, 'text', 5, 23, NULL, 1495, FALSE);
$c->add('advanced_html', array('img' => array('width' => 1, 'height' => 1, 'src' => 1, 'align' => 1, 'valign' => 1, 'border' => 1, 'alt' => 1)), '**placeholder', 7, 34, NULL, 1721, TRUE);
// squeeze search options between 640 (lastlogin) and 680 (loginrequired)
$c->add('fs_search', NULL, 'fieldset', 0, 6, NULL, 0, TRUE);
$c->add('search_style', 'google', 'select', 0, 6, 19, 644, TRUE);
$c->add('search_limits', '10,15,25,30', 'text', 0, 6, NULL, 647, TRUE);
// see above: $c->add('num_search_results',30,'text',0,6,NULL,651,TRUE);
$c->add('search_show_limit', TRUE, 'select', 0, 6, 1, 654, TRUE);
$c->add('search_show_sort', TRUE, 'select', 0, 6, 1, 658, TRUE);
$c->add('search_show_num', TRUE, 'select', 0, 6, 1, 661, TRUE);
$c->add('search_show_type', TRUE, 'select', 0, 6, 1, 665, TRUE);
$c->add('search_separator', ' > ', 'text', 0, 6, NULL, 668, TRUE);
$c->add('search_def_keytype', 'phrase', 'select', 0, 6, 20, 672, TRUE);
$c->add('search_use_fulltext', FALSE, 'hidden', 0, 6);
// 675
// filename mask for db backup files
$c->add('mysqldump_filename_mask', 'geeklog_db_backup_%Y_%m_%d_%H_%M_%S.sql', 'text', 0, 5, NULL, 185, TRUE);
// DOCTYPE declaration, for {doctype} in header.thtml
$c->add('doctype', 'html401strict', 'select', 2, 10, 21, 195, TRUE);
// new comment options
$c->add('comment_edit', 0, 'select', 4, 21, 0, 1680, TRUE);
$c->add('commentsubmission', 0, 'select', 4, 21, 0, 1682, TRUE);
$c->add('comment_edittime', 1800, 'text', 4, 21, NULL, 1684, TRUE);
$c->add('article_comment_close_days', 30, 'text', 4, 21, NULL, 1686, TRUE);
$c->add('comment_close_rec_stories', 0, 'text', 4, 21, NULL, 1688, TRUE);
$c->add('allow_reply_notifications', 0, 'select', 4, 21, 0, 1689, TRUE);
// cookie to store name of anonymous commenters
$c->add('cookie_anon_name', 'anon_name', 'text', 7, 30, NULL, 577, TRUE);
// enable/disable clickable links
$c->add('clickable_links', 1, 'select', 7, 31, 1, 1753, TRUE);
// experimental: compress output before sending it to the browser
$c->add('compressed_output', 0, 'select', 7, 31, 1, 1756, TRUE);
// for the X-FRAME-OPTIONS header (Clickjacking protection)
$c->add('frame_options', 'DENY', 'select', 7, 31, 22, 1758, TRUE);
return true;
}
/**
* Constructor
*/
function display()
{
global $_CONF, $_TABLES, $LANG_SX00;
$action = '';
if (isset($_GET['action'])) {
$action = $_GET['action'];
} elseif (isset($_POST['paction'])) {
$action = $_POST['paction'];
}
$entry = '';
if (isset($_GET['entry'])) {
$entry = COM_stripslashes($_GET['entry']);
} elseif (isset($_POST['pentry'])) {
$entry = COM_stripslashes($_POST['pentry']);
}
if ($action == 'delete' && SEC_checkToken()) {
$entry = DB_escapeString($entry);
DB_delete($_TABLES['spamx'], array('name', 'value'), array('Personal', $entry));
} elseif ($action == $LANG_SX00['addentry'] && SEC_checkToken()) {
if (!empty($entry)) {
$entry = DB_escapeString($entry);
$result = DB_query("INSERT INTO {$_TABLES['spamx']} VALUES ('Personal', '{$entry}')");
}
} elseif ($action == $LANG_SX00['addcen'] && SEC_checkToken()) {
foreach ($_CONF['censorlist'] as $entry) {
$entry = DB_escapeString($entry);
$result = DB_query("INSERT INTO {$_TABLES['spamx']} VALUES ('Personal', '{$entry}')");
}
}
$token = SEC_createToken();
$display = '<hr' . XHTML . '>' . LB . '<p><b>';
$display .= $LANG_SX00['pblack'];
$display .= '</b></p>' . LB . '<ul>' . LB;
$result = DB_query("SELECT value FROM {$_TABLES['spamx']} WHERE name = 'Personal'");
$nrows = DB_numRows($result);
for ($i = 0; $i < $nrows; $i++) {
$A = DB_fetchArray($result);
$e = $A['value'];
$display .= '<li>' . COM_createLink(htmlspecialchars($e), $_CONF['site_admin_url'] . '/plugins/spamx/index.php?command=EditBlackList&action=delete&entry=' . urlencode($e) . '&' . CSRF_TOKEN . '=' . $token) . '</li>' . LB;
}
$display .= '</ul>' . LB . '<p>' . $LANG_SX00['e1'] . '</p>' . LB;
$display .= '<p>' . $LANG_SX00['e2'] . '</p>' . LB;
$display .= '<form method="post" action="' . $_CONF['site_admin_url'] . '/plugins/spamx/index.php?command=EditBlackList">' . LB;
$display .= '<div><input type="text" size="30" name="pentry"' . XHTML . '> ';
$display .= '<input type="submit" name="paction" value="' . $LANG_SX00['addentry'] . '"' . XHTML . '>' . LB;
$display .= '<p>' . $LANG_SX00['e3'] . '</p> ';
$display .= '<input type="submit" name="paction" value="' . $LANG_SX00['addcen'] . '"' . XHTML . '>' . LB;
$display .= '<input type="hidden" name="' . CSRF_TOKEN . "\" value=\"{$token}\"" . XHTML . '>' . LB;
$display .= '</div></form>' . LB;
return $display;
}
function parse($p1, $p2, $fulltag)
{
global $_TABLES, $_CONF;
$topic = DB_getItem($_TABLES['topics'], 'topic', "tid = '" . DB_escapeString($p1) . "'" . COM_getTopicSQL('AND'));
if (empty($topic)) {
return "<b>Unknown Topic</b>";
}
if (!empty($p2) && $p2 != $p1) {
$topic = $p2;
} else {
$topic = $topic;
}
return '<a href="' . $_CONF['site_url'] . '/index.php?topic=' . urlencode($p1) . '">' . htmlspecialchars($topic) . '</a>';
}
/**
* Perform the file upload
*
* Calls the parent function to upload the files, then calls
* MakeThumbs() to create thumbnails.
*/
public function uploadFiles()
{
global $_TABLES;
// Perform the actual upload
parent::uploadFiles();
// Seed image cache with thumbnails
$this->MakeThumbs();
foreach ($this->goodfiles as $filename) {
$sql = "INSERT INTO {$_TABLES['paypal.images']}\n (product_id, filename)\n VALUES (\n '{$this->product_id}', '" . DB_escapeString($filename) . "'\n )";
$result = DB_query($sql);
if (!$result) {
$this->addError("uploadFiles() : Failed to insert {$filename}");
}
}
}
/**
* Add new config options
*
*/
function update_ConfValuesFor161()
{
global $_CONF, $_TABLES;
require_once $_CONF['path_system'] . 'classes/config.class.php';
$c = config::get_instance();
// meta tag config options.
$c->add('meta_tags', 0, 'select', 0, 0, 23, 2000, TRUE);
$c->add('meta_description', 'Geeklog, the open source content management system designed with security in mind.', 'text', 0, 0, NULL, 2010, TRUE);
$c->add('meta_keywords', 'Geeklog, Blog, Content Management System, CMS, Open Source, Security', 'text', 0, 0, NULL, 2020, TRUE);
// new option to enable / disable closing of comments after x days
$c->add('article_comment_close_enabled', 0, 'select', 4, 21, 0, 1685, TRUE);
// the timezone config option is a dropdown now
$utc = DB_escapeString(serialize('UTC'));
// change default timezone to UTC
DB_query("UPDATE {$_TABLES['conf_values']} SET type = 'select', selectionArray = -1, default_value = '{$utc}' WHERE name = 'timezone' AND group_name = 'Core'");
return true;
}
function MG_adminEXIFsave()
{
global $_MG_CONF, $_TABLES, $_CONF, $LANG_MG01;
$numItems = count($_POST['sel']);
for ($i = 0; $i < $numItems; $i++) {
$exif[$i]['tag'] = $_POST['tag'][$i];
$exif[$i]['sel'] = $_POST['sel'][$i];
}
DB_query("UPDATE {$_TABLES['mg_exif_tags']} set selected=0");
// resets all to 0
for ($i = 0; $i < $numItems; $i++) {
$sql = "UPDATE {$_TABLES['mg_exif_tags']} set selected=1 WHERE name='" . DB_escapeString($exif[$i]['sel']) . "'";
DB_query($sql);
}
echo COM_refresh($_MG_CONF['admin_url'] . 'index.php?msg=3');
exit;
}
/**
* Hook up pollquestions with polltopics
*
*/
function polls_update_polltopics()
{
global $_TABLES;
$P_SQL = array();
$move_sql = "SELECT pid, topic FROM {$_TABLES['polltopics']}";
$move_rst = DB_query($move_sql);
$count_move = DB_numRows($move_rst);
for ($i = 0; $i < $count_move; $i++) {
$A = DB_fetchArray($move_rst);
$A[1] = DB_escapeString($A[1]);
$P_SQL[] = "INSERT INTO {$_TABLES['pollquestions']} (pid, question) VALUES ('{$A[0]}','{$A[1]}');";
}
foreach ($P_SQL as $sql) {
$rst = DB_query($sql);
if (DB_error()) {
echo "There was an error upgrading the polls, SQL: {$sql}<br>";
return false;
}
}
}
/**
* Return replacements for a given email address
*
* @param string $address
* @return array
*/
public function getReplacementsFor($address)
{
global $_CONF, $_TABLES;
$retval = array();
$address = DB_escapeString($address);
$sql = <<<SQL
SELECT u.*, i.location, i.lastgranted, i.lastlogin FROM {$_TABLES['users']} AS u
LEFT JOIN {$_TABLES['userinfo']} AS i
ON u.uid = i.uid
WHERE u.email = '{$address}'
SQL;
$resultSet = DB_query($sql);
if (!DB_error()) {
$A = DB_fetchArray($resultSet, false);
if (is_array($A) && count($A) > 0) {
$retval = array('{uid}' => $A['uid'], '{username}' => $A['username'], '{fullname}' => $A['fullname'], '{email}' => $A['email'], '{homepage}' => $A['homepage'], '{theme}' => $A['theme'], '{language}' => $A['language'], '{location}' => $A['location'], '{lastgranted}' => $A['lastgranted'], '{lastlogin}' => $A['lastlogin'], '{site_url}' => $_CONF['site_url'], '{site_name}' => $_CONF['site_name'], '{site_slogan}' => $_CONF['site_slogan'], '{owner_name}' => $_CONF['owner_name'], '{copyrightyear}' => $_CONF['copyrightyear'], '{site_mail}' => $_CONF['site_mail'], '{noreply_mail}' => $_CONF['noreply_mail']);
}
}
return $retval;
}
/**
* Fix site_url in content
* If the site's URL changed due to the migration, this function will replace
* the old URL with the new one in text content of the given tables.
*
* @param string $oldUrl the site's previous URL
* @param string $newUrl the site's new URL after the migration
* @param array $tableSpec (optional) list of tables to patch
* The $tablespec is an array of tablename => fieldlist pairs, where the field
* list contains the text fields to be searched and the table's index field
* as the first(!) entry.
* NOTE: This function may be used by plugins during PLG_migrate. Changes should
* ensure backward compatibility.
*/
function INST_updateSiteUrl($oldUrl, $newUrl, array $tableSpec = array())
{
global $_TABLES;
// standard tables to update if no $tablespec given
$tables = array('stories' => 'sid, introtext, bodytext, related', 'storysubmission' => 'sid, introtext, bodytext', 'comments' => 'cid, comment', 'trackback' => 'cid, excerpt, url', 'blocks' => 'bid, content');
if (count($tableSpec) === 0) {
$tableSpec = $tables;
}
if (empty($oldUrl) || empty($newUrl) || $oldUrl === $newUrl) {
return;
}
foreach ($tableSpec as $table => $fieldList) {
$fields = explode(',', str_replace(' ', '', $fieldList));
$index = array_shift($fields);
if (empty($_TABLES[$table]) || !DB_checkTableExists($table)) {
COM_errorLog("Table {$table} does not exist - skipping migration");
continue;
}
$result = DB_query("SELECT {$fieldList} FROM {$_TABLES[$table]}");
$numRows = DB_numRows($result);
for ($i = 0; $i < $numRows; $i++) {
$A = DB_fetchArray($result);
$changed = false;
foreach ($fields as $field) {
$newText = str_replace($oldUrl, $newUrl, $A[$field]);
if ($newText != $A[$field]) {
$A[$field] = $newText;
$changed = true;
}
}
if ($changed) {
$sql = "UPDATE {$_TABLES[$table]} SET ";
foreach ($fields as $field) {
$sql .= "{$field} = '" . DB_escapeString($A[$field]) . "', ";
}
$sql = substr($sql, 0, -2);
DB_query($sql . " WHERE {$index} = '" . DB_escapeString($A[$index]) . "'");
}
}
}
}
function MG_rotateMedia($album_id, $media_id, $direction, $actionURL = '')
{
global $_TABLES, $_MG_CONF;
$sql = "SELECT * FROM " . $_TABLES['mg_media'] . " WHERE media_id='" . DB_escapeString($media_id) . "'";
$result = DB_query($sql);
$numRows = DB_numRows($result);
if ($numRows == 0) {
$sql = "SELECT * FROM " . $_TABLES['mg_mediaqueue'] . " WHERE media_id='" . DB_escapeString($media_id) . "'";
$result = DB_query($sql);
$numRows = DB_numRows($result);
}
if ($numRows == 0) {
COM_errorLog("MG_rotateMedia: Unable to retrieve media object data");
if ($actionURL == '') {
return false;
}
echo COM_refresh($actionURL);
exit;
}
$row = DB_fetchArray($result);
$filename = $row['media_filename'];
$media_size = false;
foreach ($_MG_CONF['validExtensions'] as $ext) {
if (file_exists($_MG_CONF['path_mediaobjects'] . 'tn/' . $filename[0] . '/' . $filename . $ext)) {
$tn = $_MG_CONF['path_mediaobjects'] . 'tn/' . $filename[0] . '/' . $filename . $ext;
$disp = $_MG_CONF['path_mediaobjects'] . 'disp/' . $filename[0] . '/' . $filename . $ext;
break;
}
}
$orig = $_MG_CONF['path_mediaobjects'] . 'orig/' . $filename[0] . '/' . $filename . '.' . $row['media_mime_ext'];
list($rc, $msg) = IMG_rotateImage($tn, $direction);
list($rc, $msg) = IMG_rotateImage($disp, $direction);
list($rc, $msg) = IMG_rotateImage($orig, $direction);
if ($actionURL == -1 || $actionURL == '') {
return true;
}
echo COM_refresh($actionURL . '&t=' . time());
exit;
}
/**
* Returns array of (
* 'id' => $id (string),
* 'title' => $title (string),
* 'uri' => $uri (string),
* 'date' => $date (int: Unix timestamp),
* 'image_uri' => $image_uri (string),
* 'raw_data' => raw data of the item (stripslashed)
* )
*
* @return array Array described above
*/
function getItemById($id, $all_langs = false)
{
global $_CONF, $_TABLES;
$retval = array();
$sql = "SELECT e.date_start1, d.*\n\t\t FROM {$_TABLES['evlist_events']} e\n LEFT JOIN {$_TABLES['evlist_detail']} d\n ON e.det_id = d.det_id\n\t\t\t WHERE (e.id = '" . DB_escapeString($id) . "') ";
if ($this->uid > 0) {
$sql .= COM_getPermSql('AND', $this->uid, 'e');
}
$result = DB_query($sql);
if (DB_error()) {
return $retval;
}
if (DB_numRows($result) == 1) {
$A = DB_fetchArray($result, false);
$retval['id'] = $id;
$retval['title'] = $A['title'];
$retval['uri'] = COM_buildURL($_CONF['site_url'] . '/evlist/event.php?eid=' . rawurlencode($id));
$retval['date'] = strtotime($A['date_start1']);
$retval['image_uri'] = false;
$retval['raw_data'] = $A;
}
return $retval;
}
function migrate_deletestory($sid)
{
global $_TABLES, $_CONF;
$result = DB_query("SELECT ai_filename FROM {$_TABLES['article_images']} WHERE ai_sid='" . DB_escapeString($sid) . "'");
$nrows = DB_numRows($result);
for ($i = 1; $i <= $nrows; $i++) {
$A = DB_fetchArray($result);
$filename = $_CONF['path_html'] . 'images/articles/' . $A['ai_filename'];
if (!@unlink($filename)) {
// log the problem but don't abort the script
COM_errorLog('Unable to remove the following image from the article: ' . $filename);
}
// remove unscaled image, if it exists
$lFilename_large = substr_replace($A['ai_filename'], '_original.', strrpos($A['ai_filename'], '.'), 1);
$lFilename_large_complete = $_CONF['path_html'] . 'images/articles/' . $lFilename_large;
if (file_exists($lFilename_large_complete)) {
if (!@unlink($lFilename_large_complete)) {
// ;og the problem but don't abort the script
COM_errorLog('Unable to remove the following image from the article: ' . $lFilename_large_complete);
}
}
}
DB_delete($_TABLES['article_images'], 'ai_sid', DB_escapeString($sid));
DB_delete($_TABLES['comments'], 'sid', DB_escapeString($sid));
DB_delete($_TABLES['stories'], 'sid', DB_escapeString($sid));
// update RSS feed and Older Stories block
COM_rdfUpToDateCheck();
COM_olderStuff();
return;
}
/**
* Performs search on all stories
*
* @return object plugin object
*
*/
private function _searchStories()
{
global $_TABLES, $_DB_dbms, $LANG09;
// Make sure the query is SQL safe
$query = trim(DB_escapeString($this->_query));
$sql = 'SELECT s.sid AS id, s.title AS title, s.introtext AS description, ';
$sql .= 'UNIX_TIMESTAMP(s.date) AS date, s.uid AS uid, s.hits AS hits, ';
$sql .= 'CONCAT(\'/article.php?story=\',s.sid) AS url ';
$sql .= 'FROM ' . $_TABLES['stories'] . ' AS s, ' . $_TABLES['users'] . ' AS u, ' . $_TABLES['topic_assignments'] . ' AS ta ';
$sql .= 'WHERE (draft_flag = 0) AND (date <= NOW()) AND (u.uid = s.uid) ';
$sql .= 'AND ta.type = \'article\' AND ta.id = sid ';
$sql .= COM_getPermSQL('AND') . COM_getTopicSQL('AND', 0, 'ta') . COM_getLangSQL('sid', 'AND') . ' ';
if (!empty($this->_topic)) {
// Retrieve list of inherited topics
if ($this->_topic == TOPIC_ALL_OPTION) {
// Stories do not have an all option so just return all stories that meet the requirements and permissions
//$sql .= "AND (ta.inherit = 1 OR (ta.inherit = 0 AND ta.tid = '".$this->_topic."')) ";
} else {
$tid_list = TOPIC_getChildList($this->_topic);
$sql .= "AND (ta.tid IN({$tid_list}) AND (ta.inherit = 1 OR (ta.inherit = 0 AND ta.tid = '" . $this->_topic . "'))) ";
}
}
if (!empty($this->_author)) {
$sql .= 'AND (s.uid = \'' . $this->_author . '\') ';
}
$search_s = new SearchCriteria('stories', $LANG09[65]);
$columns = array('title' => 'title', 'introtext', 'bodytext');
$sql .= $search_s->getDateRangeSQL('AND', 'date', $this->_dateStart, $this->_dateEnd);
list($sql, $ftsql) = $search_s->buildSearchSQL($this->_keyType, $query, $columns, $sql);
$sql .= " GROUP BY s.sid";
$search_s->setSQL($sql);
$search_s->setFTSQL($ftsql);
$search_s->setRank(5);
$search_s->setURLRewrite(true);
// Search Story Comments
$sql = 'SELECT c.cid AS id, c.title AS title, c.comment AS description, ';
$sql .= 'UNIX_TIMESTAMP(c.date) AS date, c.uid AS uid, \'0\' AS hits, ';
// MSSQL has a problem when concatenating numeric values
if ($_DB_dbms == 'mssql') {
$sql .= '\'/comment.php?mode=view&cid=\' + CAST(c.cid AS varchar(10)) AS url ';
} else {
$sql .= 'CONCAT(\'/comment.php?mode=view&cid=\',c.cid) AS url ';
}
$sql .= 'FROM ' . $_TABLES['users'] . ' AS u, ' . $_TABLES['topic_assignments'] . ' AS ta, ' . $_TABLES['comments'] . ' AS c ';
$sql .= 'LEFT JOIN ' . $_TABLES['stories'] . ' AS s ON ((s.sid = c.sid) ';
$sql .= COM_getPermSQL('AND', 0, 2, 's') . COM_getLangSQL('sid', 'AND', 's') . ') ';
$sql .= 'WHERE (u.uid = c.uid) AND (s.draft_flag = 0) AND (s.commentcode >= 0) AND (s.date <= NOW()) ';
$sql .= 'AND ta.type = \'article\' AND ta.id = s.sid ' . COM_getTopicSQL('AND', 0, 'ta');
if (!empty($this->_topic)) {
if ($this->_topic == TOPIC_ALL_OPTION) {
// Stories do not have an all option so just return all story comments that meet the requirements and permissions
//$sql .= "AND (ta.inherit = 1 OR (ta.inherit = 0 AND ta.tid = '".$this->_topic."')) ";
} else {
$sql .= "AND (ta.tid IN({$tid_list}) AND (ta.inherit = 1 OR (ta.inherit = 0 AND ta.tid = '" . $this->_topic . "'))) ";
}
}
if (!empty($this->_author)) {
$sql .= 'AND (c.uid = \'' . $this->_author . '\') ';
}
$search_c = new SearchCriteria('comments', array($LANG09[65], $LANG09[66]));
$columns = array('title' => 'c.title', 'comment');
$sql .= $search_c->getDateRangeSQL('AND', 'c.date', $this->_dateStart, $this->_dateEnd);
list($sql, $ftsql) = $search_c->buildSearchSQL($this->_keyType, $query, $columns, $sql);
$sql .= " GROUP BY id";
$search_c->setSQL($sql);
$search_c->setFTSQL($ftsql);
$search_c->setRank(2);
return array($search_s, $search_c);
}
/**
* Perform database upgrades
*
* @param string $currentGlVersion Current Geeklog version
* @return bool True if successful
*/
private function doDatabaseUpgrades($currentGlVersion)
{
global $_TABLES, $_CONF, $_SP_CONF, $_DB, $_DB_dbms, $_DB_table_prefix;
$_DB->setDisplayError(true);
// Because the upgrade sql syntax can vary from dbms-to-dbms we are
// leaving that up to each Geeklog database driver
$done = false;
$progress = '';
$_SQL = array();
while (!$done) {
switch ($currentGlVersion) {
case '1.2.5-1':
// Get DMBS-specific update sql
require_once $_CONF['path'] . 'sql/updates/' . $_DB_dbms . '_1.2.5-1_to_1.3.php';
$this->updateDB($_SQL, $progress);
// OK, now we need to add all users except anonymous to the All Users group and Logged in users group
// I can hard-code these group numbers because the group table was JUST created with these numbers
$result = DB_query("SELECT uid FROM {$_TABLES['users']} WHERE uid <> 1");
$numRows = DB_numRows($result);
for ($i = 1; $i <= $numRows; $i++) {
$U = DB_fetchArray($result);
DB_query("INSERT INTO {$_TABLES['group_assignments']} VALUES (2, {$U['uid']}, NULL)");
DB_query("INSERT INTO {$_TABLES['group_assignments']} VALUES (13, {$U['uid']}, NULL)");
}
// Now take care of any orphans off the user table...and let me curse MySQL lack for supporting foreign
// keys at this time ;-)
$result = DB_query("SELECT MAX(uid) FROM {$_TABLES['users']}");
$ITEM = DB_fetchArray($result);
$max_uid = $ITEM[0];
if (!empty($max_uid) && $max_uid != 0) {
DB_query("DELETE FROM {$_TABLES['userindex']} WHERE uid > {$max_uid}");
DB_query("DELETE FROM {$_TABLES['userinfo']} WHERE uid > {$max_uid}");
DB_query("DELETE FROM {$_TABLES['userprefs']} WHERE uid > {$max_uid}");
DB_query("DELETE FROM {$_TABLES['usercomment']} WHERE uid > {$max_uid}");
}
$currentGlVersion = '1.3';
$_SQL = array();
break;
case '1.3':
require_once $_CONF['path'] . 'sql/updates/' . $_DB_dbms . '_1.3_to_1.3.1.php';
$this->updateDB($_SQL, $progress);
$currentGlVersion = '1.3.1';
$_SQL = array();
break;
case '1.3.1':
require_once $_CONF['path'] . 'sql/updates/' . $_DB_dbms . '_1.3.1_to_1.3.2.php';
$this->updateDB($_SQL, $progress);
$currentGlVersion = '1.3.2-1';
$_SQL = array();
break;
case '1.3.2':
case '1.3.2-1':
require_once $_CONF['path'] . 'sql/updates/' . $_DB_dbms . '_1.3.2-1_to_1.3.3.php';
$this->updateDB($_SQL, $progress);
// Now we need to switch how user blocks are stored. Right now we only store the blocks the
// user wants. This will switch it to store the ones they don't want which allows us to add
// new blocks and ensure they are shown to the user.
$result = DB_query("SELECT {$_TABLES['users']}.uid,boxes FROM {$_TABLES['users']},{$_TABLES['userindex']} WHERE boxes IS NOT NULL AND boxes <> '' AND {$_TABLES['users']}.uid = {$_TABLES['userindex']}.uid");
$numRows = DB_numRows($result);
for ($i = 1; $i <= $numRows; $i++) {
$row = DB_fetchArray($result);
$uBlocks = str_replace(' ', ',', $row['boxes']);
$result2 = DB_query("SELECT bid,name FROM {$_TABLES['blocks']} WHERE bid NOT IN ({$uBlocks})");
$newBlocks = '';
for ($x = 1; $x <= DB_numRows($result2); $x++) {
$currentBlock = DB_fetchArray($result2);
if ($currentBlock['name'] !== 'user_block' && $currentBlock['name'] !== 'admin_block' && $currentBlock['name'] !== 'section_block') {
$newBlocks .= $currentBlock['bid'];
if ($x != DB_numRows($result2)) {
$newBlocks .= ' ';
}
}
}
DB_query("UPDATE {$_TABLES['userindex']} SET boxes = '{$newBlocks}' WHERE uid = {$row['uid']}");
}
$currentGlVersion = '1.3.3';
$_SQL = array();
break;
case '1.3.3':
require_once $_CONF['path'] . 'sql/updates/' . $_DB_dbms . '_1.3.3_to_1.3.4.php';
$this->updateDB($_SQL, $progress);
$currentGlVersion = '1.3.4';
$_SQL = array();
break;
case '1.3.4':
require_once $_CONF['path'] . 'sql/updates/' . $_DB_dbms . '_1.3.4_to_1.3.5.php';
$this->updateDB($_SQL, $progress);
$result = DB_query("SELECT ft_id FROM {$_TABLES['features']} WHERE ft_name = 'user.mail'");
$row = DB_fetchArray($result);
$mail_ft = $row['ft_id'];
$result = DB_query("SELECT grp_id FROM {$_TABLES['groups']} WHERE grp_name = 'Mail Admin'");
$row = DB_fetchArray($result);
$group_id = $row['grp_id'];
DB_query("INSERT INTO {$_TABLES['access']} (acc_grp_id, acc_ft_id) VALUES ({$group_id}, {$mail_ft})");
$currentGlVersion = '1.3.5';
$_SQL = array();
break;
case '1.3.5':
require_once $_CONF['path'] . 'sql/updates/' . $_DB_dbms . '_1.3.5_to_1.3.6.php';
$this->updateDB($_SQL, $progress);
if (!empty($_DB_table_prefix)) {
DB_query("RENAME TABLE staticpage TO {$_TABLES['staticpage']}");
}
$currentGlVersion = '1.3.6';
$_SQL = array();
break;
case '1.3.6':
// fix wrong permissions value
DB_query("UPDATE {$_TABLES['topics']} SET perm_anon = 2 WHERE perm_anon = 3");
// check for existence of 'date' field in gl_links table
DB_query("SELECT date FROM {$_TABLES['links']}", 1);
if (strpos(DB_error(), 'date') > 0) {
DB_query("ALTER TABLE {$_TABLES['links']} ADD date datetime default NULL");
}
// Fix primary key so that more than one user can add an event
// to his/her personal calendar.
DB_query("ALTER TABLE {$_TABLES['personal_events']} DROP PRIMARY KEY, ADD PRIMARY KEY (eid,uid)");
$currentGlVersion = '1.3.7';
$_SQL = array();
break;
case '1.3.7':
require_once $_CONF['path'] . 'sql/updates/' . $_DB_dbms . '_1.3.7_to_1.3.8.php';
$this->updateDB($_SQL, $progress);
// upgrade Static Pages plugin
$spVersion = $this->getStaticPagesVersion();
if ($spVersion == 1) {
// original version
DB_query("ALTER TABLE {$_TABLES['staticpage']} " . "ADD COLUMN group_id mediumint(8) unsigned DEFAULT '1'," . "ADD COLUMN owner_id mediumint(8) unsigned DEFAULT '1'," . "ADD COLUMN perm_owner tinyint(1) unsigned DEFAULT '3'," . "ADD COLUMN perm_group tinyint(1) unsigned DEFAULT '2'," . "ADD COLUMN perm_members tinyint(1) unsigned DEFAULT '2'," . "ADD COLUMN perm_anon tinyint(1) unsigned DEFAULT '2'," . "ADD COLUMN sp_php tinyint(1) unsigned DEFAULT '0'," . "ADD COLUMN sp_nf tinyint(1) unsigned DEFAULT '0'," . "ADD COLUMN sp_centerblock tinyint(1) unsigned NOT NULL default '0'," . "ADD COLUMN sp_tid varchar(20) NOT NULL default 'none'," . "ADD COLUMN sp_where tinyint(1) unsigned NOT NULL default '1'");
DB_query("INSERT INTO {$_TABLES['features']} (ft_name, ft_descr) VALUES ('staticpages.PHP','Ability to use PHP in static pages')");
$php_id = DB_insertId();
$group_id = DB_getItem($_TABLES['groups'], 'grp_id', "grp_name = 'Static Page Admin'");
DB_query("INSERT INTO {$_TABLES['access']} (acc_ft_id, acc_grp_id) VALUES ({$php_id}, {$group_id})");
} elseif ($spVersion == 2) {
// extended version by Phill or Tom
DB_query("ALTER TABLE {$_TABLES['staticpage']} " . "DROP COLUMN sp_pos," . "DROP COLUMN sp_search_keywords," . "ADD COLUMN sp_nf tinyint(1) unsigned DEFAULT '0'," . "ADD COLUMN sp_centerblock tinyint(1) unsigned NOT NULL default '0'," . "ADD COLUMN sp_tid varchar(20) NOT NULL default 'none'," . "ADD COLUMN sp_where tinyint(1) unsigned NOT NULL default '1'");
}
if ($spVersion > 0) {
// update plugin version number
DB_query("UPDATE {$_TABLES['plugins']} SET pi_version = '1.3', pi_gl_version = '1.3.8' WHERE pi_name = 'staticpages'");
// remove Static Pages 'lock' flag
DB_query("DELETE FROM {$_TABLES['vars']} WHERE name = 'staticpages'");
// remove Static Pages Admin group id
DB_query("DELETE FROM {$_TABLES['vars']} WHERE name = 'sp_group_id'");
if ($spVersion == 1) {
$result = DB_query("SELECT DISTINCT sp_uid FROM {$_TABLES['staticpage']}");
$authors = DB_numRows($result);
for ($i = 0; $i < $authors; $i++) {
$A = DB_fetchArray($result);
DB_query("UPDATE {$_TABLES['staticpage']} SET owner_id = '{$A['sp_uid']}' WHERE sp_uid = '{$A['sp_uid']}'");
}
}
$result = DB_query("SELECT sp_label FROM {$_TABLES['staticpage']} WHERE sp_title = 'Frontpage'");
if (DB_numRows($result) > 0) {
$A = DB_fetchArray($result);
if ($A['sp_label'] == 'nonews') {
DB_query("UPDATE {$_TABLES['staticpage']} SET sp_centerblock = 1, sp_where = 0 WHERE sp_title = 'Frontpage'");
} elseif (!empty($A['sp_label'])) {
DB_query("UPDATE {$_TABLES['staticpage']} SET sp_centerblock = 1, sp_title = '{$A['sp_label']}' WHERE sp_title = 'Frontpage'");
} else {
DB_query("UPDATE {$_TABLES['staticpage']} SET sp_centerblock = 1 WHERE sp_title = 'Frontpage'");
}
}
}
$currentGlVersion = '1.3.8';
$_SQL = array();
break;
case '1.3.8':
require_once $_CONF['path'] . 'sql/updates/' . $_DB_dbms . '_1.3.8_to_1.3.9.php';
$this->updateDB($_SQL, $progress);
$pos = strrpos($_CONF['rdf_file'], '/');
$filename = substr($_CONF['rdf_file'], $pos + 1);
$siteName = DB_escapeString($_CONF['site_name']);
$siteSlogan = DB_escapeString($_CONF['site_slogan']);
DB_query("INSERT INTO {$_TABLES['syndication']} (title, description, limits, content_length, filename, charset, language, is_enabled, updated, update_info) VALUES ('{$siteName}', '{$siteSlogan}', '{$_CONF['rdf_limit']}', {$_CONF['rdf_storytext']}, '{$filename}', '{$_CONF['default_charset']}', '{$_CONF['rdf_language']}', {$_CONF['backend']}, CURRENT_TIMESTAMP, NULL)");
// upgrade static pages plugin
$spVersion = $this->getStaticPagesVersion();
if ($spVersion > 0) {
if ($spVersion < 4) {
if (!isset($_SP_CONF['in_block'])) {
$_SP_CONF['in_block'] = 1;
} elseif ($_SP_CONF['in_block'] > 1) {
$_SP_CONF['in_block'] = 1;
} elseif ($_SP_CONF['in_block'] < 0) {
$_SP_CONF['in_block'] = 0;
}
DB_query("ALTER TABLE {$_TABLES['staticpage']} ADD COLUMN sp_inblock tinyint(1) unsigned DEFAULT '{$_SP_CONF['in_block']}'");
}
DB_query("UPDATE {$_TABLES['plugins']} SET pi_version = '1.4', pi_gl_version = '1.3.9' WHERE pi_name = 'staticpages'");
}
// recreate 'date' field for old links
$result = DB_query("SELECT lid FROM {$_TABLES['links']} WHERE date IS NULL");
$num = DB_numRows($result);
if ($num > 0) {
for ($i = 0; $i < $num; $i++) {
$A = DB_fetchArray($result);
$myYear = substr($A['lid'], 0, 4);
$myMonth = substr($A['lid'], 4, 2);
$myDay = substr($A['lid'], 6, 2);
$myHour = substr($A['lid'], 8, 2);
$myMin = substr($A['lid'], 10, 2);
$mySec = substr($A['lid'], 12, 2);
$mTime = mktime($myHour, $myMin, $mySec, $myMonth, $myDay, $myYear);
$date = date('Y-m-d H:i:s', $mTime);
DB_query("UPDATE {$_TABLES['links']} SET date = '{$date}' WHERE lid = '{$A['lid']}'");
}
}
// remove unused entries left over from deleted groups
$result = DB_query("SELECT grp_id FROM {$_TABLES['groups']}");
$num = DB_numRows($result);
$groups = array();
for ($i = 0; $i < $num; $i++) {
$A = DB_fetchArray($result);
$groups[] = $A['grp_id'];
}
$groupList = '(' . implode(',', $groups) . ')';
DB_query("DELETE FROM {$_TABLES['group_assignments']} WHERE (ug_main_grp_id NOT IN {$groupList}) OR (ug_grp_id NOT IN {$groupList})");
$currentGlVersion = '1.3.9';
$_SQL = array();
break;
case '1.3.9':
require_once $_CONF['path'] . 'sql/updates/' . $_DB_dbms . '_1.3.9_to_1.3.10.php';
$this->updateDB($_SQL, $progress);
commentsToPreorderTree();
$result = DB_query("SELECT sid,introtext,bodytext FROM {$_TABLES['stories']}");
$numStories = DB_numRows($result);
for ($i = 0; $i < $numStories; $i++) {
$A = DB_fetchArray($result);
$related = DB_escapeString(implode("\n", UPDATE_extractLinks($A['introtext'] . ' ' . $A['bodytext'])));
if (empty($related)) {
DB_query("UPDATE {$_TABLES['stories']} SET related = NULL WHERE sid = '{$A['sid']}'");
} else {
DB_query("UPDATE {$_TABLES['stories']} SET related = '{$related}' WHERE sid = '{$A['sid']}'");
}
}
$spVersion = $this->getStaticPagesVersion();
if ($spVersion > 0) {
// no database changes this time, but set new version number
DB_query("UPDATE {$_TABLES['plugins']} SET pi_version = '1.4.1', pi_gl_version = '1.3.10' WHERE pi_name = 'staticpages'");
}
// install SpamX plugin
// (also handles updates from version 1.0)
install_spamx_plugin();
$currentGlVersion = '1.3.10';
$_SQL = array();
break;
case '1.3.10':
require_once $_CONF['path'] . 'sql/updates/' . $_DB_dbms . '_1.3.10_to_1.3.11.php';
$this->updateDB($_SQL, $progress);
$currentGlVersion = '1.3.11';
$_SQL = array();
break;
case '1.3.11':
require_once $_CONF['path'] . 'sql/updates/' . $_DB_dbms . '_1.3.11_to_1.4.0.php';
$this->updateDB($_SQL, $progress);
upgrade_addFeature();
upgrade_uniqueGroupNames();
$currentGlVersion = '1.4.0';
$_SQL = array();
break;
case '1.4.0':
require_once $_CONF['path'] . 'sql/updates/' . $_DB_dbms . '_1.4.0_to_1.4.1.php';
$this->updateDB($_SQL, $progress);
upgrade_addSyndicationFeature();
upgrade_ensureLastScheduledRunFlag();
upgrade_plugins_141();
$currentGlVersion = '1.4.1';
$_SQL = array();
break;
case '1.4.1':
require_once $_CONF['path'] . 'sql/updates/' . $_DB_dbms . '_1.4.1_to_1.5.0.php';
$this->updateDB($_SQL, $progress);
upgrade_addWebservicesFeature();
create_ConfValues();
require_once $_CONF['path_system'] . 'classes/config.class.php';
$config = config::get_instance();
if (file_exists($_CONF['path'] . 'config.php')) {
// Read the values from config.php and use them to populate conf_values
$tempPath = $_CONF['path'];
// We'll need this to remember what the correct path is.
// Including config.php will overwrite all our $_CONF values.
require $tempPath . 'config.php';
// Load some important values from config.php into conf_values
foreach ($_CONF as $key => $val) {
$config->set($key, $val);
}
if (!$this->setDefaultCharset($this->env['siteconfig_path'], $_CONF['default_charset'])) {
exit($this->LANG['INSTALL'][26] . ' ' . $this->env['siteconfig_path'] . $this->LANG['INSTALL'][58]);
}
require $this->env['siteconfig_path'];
require $this->env['dbconfig_path'];
}
// Update the GL configuration with the correct paths.
$config->set('path_html', $this->env['html_path']);
$config->set('path_log', $_CONF['path'] . 'logs/');
$config->set('path_language', $_CONF['path'] . 'language/');
$config->set('backup_path', $_CONF['path'] . 'backups/');
$config->set('path_data', $_CONF['path'] . 'data/');
$config->set('path_images', $this->env['html_path'] . 'images/');
$config->set('path_themes', $this->env['html_path'] . 'layout/');
$config->set('path_editors', $this->env['html_path'] . 'editors/');
$config->set('rdf_file', $this->env['html_path'] . 'backend/geeklog.rss');
$config->set('path_pear', $_CONF['path_system'] . 'pear/');
// core plugin updates are done in the plugins themselves
$currentGlVersion = '1.5.0';
$_SQL = array();
break;
case '1.5.0':
require_once $_CONF['path'] . 'sql/updates/' . $_DB_dbms . '_1.5.0_to_1.5.1.php';
$this->updateDB($_SQL, $progress);
$currentGlVersion = '1.5.1';
$_SQL = array();
break;
case '1.5.1':
// there were no core database changes in 1.5.2
$currentGlVersion = '1.5.2';
$_SQL = array();
break;
case '1.5.2':
require_once $_CONF['path'] . 'sql/updates/' . $_DB_dbms . '_1.5.2_to_1.6.0.php';
$this->updateDB($_SQL, $progress);
update_ConfValues();
upgrade_addNewPermissions();
upgrade_addIsoFormat();
$this->fixOptionalConfig();
$currentGlVersion = '1.6.0';
$_SQL = array();
break;
case '1.6.0':
require_once $_CONF['path'] . 'sql/updates/' . $_DB_dbms . '_1.6.0_to_1.6.1.php';
$this->updateDB($_SQL, $progress);
update_ConfValuesFor161();
$currentGlVersion = '1.6.1';
$_SQL = array();
break;
case '1.6.1':
require_once $_CONF['path'] . 'sql/updates/' . $_DB_dbms . '_1.6.1_to_1.7.0.php';
$this->updateDB($_SQL, $progress);
update_ConfValuesFor170();
$currentGlVersion = '1.7.0';
$_SQL = array();
break;
case '1.7.0':
$currentGlVersion = '1.7.2';
// skip ahead
$_SQL = array();
break;
case '1.7.1':
// there were no database changes in 1.7.1
// there were no database changes in 1.7.1
case '1.7.2':
require_once $_CONF['path'] . 'sql/updates/' . $_DB_dbms . '_1.7.2_to_1.8.0.php';
$this->updateDB($_SQL, $progress);
update_ConfValuesFor180();
update_ConfigSecurityFor180();
update_UsersFor180();
$currentGlVersion = '1.8.0';
$_SQL = array();
break;
case '1.8.0':
case '1.8.1':
case '1.8.2':
// there were no database changes in 1.8.x
require_once $_CONF['path'] . 'sql/updates/' . $_DB_dbms . '_1.8.2_to_2.0.0.php';
$this->updateDB($_SQL, $progress);
update_ConfValuesFor200();
update_BlockTopicAssignmentsFor200();
update_StoryTopicAssignmentsFor200();
$currentGlVersion = '2.0.0';
$_SQL = array();
break;
case '2.0.0':
require_once $_CONF['path'] . 'sql/updates/' . $_DB_dbms . '_2.0.0_to_2.1.0.php';
$this->updateDB($_SQL, $progress);
update_addFilemanager();
update_ConfValuesFor210();
$currentGlVersion = '2.1.0';
$_SQL = array();
break;
case '2.1.1':
require_once $_CONF['path'] . 'sql/updates/' . $_DB_dbms . '_2.1.1_to_2.1.2.php';
$this->updateDB($_SQL, $progress);
update_ConfValuesFor212();
$currentGlVersion = '2.1.2';
$_SQL = array();
break;
default:
$done = true;
}
}
$this->setVersion($this->env['siteconfig_path']);
// delete the security check flag on every update to force the user
// to run admin/sectest.php again
DB_delete($_TABLES['vars'], 'name', 'security_check');
return true;
}
/**
* Extract story ID (sid) from the URL
* Accepts rewritten and old-style URLs. Also checks permissions.
*
* @param string $url targetURI, a URL on our site
* @return string story ID or empty string for error
*/
function PNB_getSid($url)
{
global $_CONF, $_TABLES;
$retval = '';
$sid = '';
$params = substr($url, strlen($_CONF['site_url'] . '/article.php'));
if (substr($params, 0, 1) === '?') {
// old-style URL
$pos = strpos($params, 'story=');
if ($pos !== false) {
$part = substr($params, $pos + strlen('story='));
$parts = explode('&', $part);
$sid = $parts[0];
}
} elseif (substr($params, 0, 1) == '/') {
// rewritten URL
$parts = explode('/', substr($params, 1));
$sid = $parts[0];
}
if (!empty($sid)) {
$parts = explode('#', $sid);
$sid = $parts[0];
}
// okay, so we have a SID - but are they allowed to access the story?
if (!empty($sid)) {
$testsid = DB_escapeString($sid);
$result = DB_query("SELECT trackbackcode FROM {$_TABLES['stories']}, {$_TABLES['topic_assignments']} ta WHERE ta.type = 'article' AND ta.id = sid AND sid = '{$testsid}'" . COM_getPermSql('AND') . COM_getTopicSql('AND', 0, ta));
if (DB_numRows($result) == 1) {
$A = DB_fetchArray($result);
if ($A['trackbackcode'] == 0) {
$retval = $sid;
}
}
}
return $retval;
}
/**
* Copies and installs new style plugins
*
* Copies all files the proper place and runs the automated installer
* or upgrade.
*
* @return string Formatted HTML containing the page body
*
*/
function post_uploadProcess()
{
global $_CONF, $_PLUGINS, $_TABLES, $autotagData, $LANG32, $_DB_dbms, $_DB_table_prefix;
$retval = '';
$upgrade = false;
$masterErrorCount = 0;
$masterErrorMsg = '';
$autotagData = array();
$autotagData['id'] = COM_applyFilter($_POST['pi_name']);
$autotagData['name'] = $autotagData['id'];
$autotagData['version'] = COM_applyFilter($_POST['pi_version']);
$autotagData['glfusionversion'] = COM_applyFilter($_POST['pi_gl_version']);
$tdir = COM_applyFilter($_POST['temp_dir']);
$tdir = preg_replace('/[^a-zA-Z0-9\\-_\\.]/', '', $tdir);
$tdir = str_replace('..', '', $tdir);
$tmp = $_CONF['path_data'] . $tdir;
$autotagData = array();
$rc = _at_parseXML($tmp);
if ($rc == -1) {
// no xml file found
return _at_errorBox($LANG32[74]);
}
clearstatcache();
$permError = 0;
$permErrorList = '';
// copy to proper directories
if (defined('DEMO_MODE')) {
_pi_deleteDir($tmp);
echo COM_refresh($_CONF['site_admin_url'] . '/autotag.php?msg=503');
exit;
}
if (function_exists('set_time_limit')) {
@set_time_limit(30);
}
$autotagData['id'] = preg_replace('/[^a-zA-Z0-9\\-_\\.]/', '', $autotagData['id']);
$rc = _pi_file_copy($tmp . '/' . $autotagData['id'] . '.class.php', $_CONF['path_system'] . 'autotags/');
if ($rc === false) {
$errorMessage = '<h2>' . $LANG32[42] . '</h2>' . $LANG32[43] . $permErrorList . '<br />' . $LANG32[44];
_pi_deleteDir($tmp);
return _at_errorBox($errorMessage);
}
// copy template files, if any
if (isset($autotagData['template']) && is_array($autotagData['template'])) {
foreach ($autotagData['template'] as $filename) {
$rc = _pi_file_copy($tmp . '/' . $filename, $_CONF['path_system'] . 'autotags/');
if ($rc === false) {
@unlink($_CONF['path_system'] . $autotagData['id'] . '.class.php');
$errorMessage = '<h2>' . $LANG32[42] . '</h2>' . $LANG32[43] . $permErrorList . '<br />' . $LANG32[44];
_pi_deleteDir($tmp);
return _at_errorBox($errorMessage);
}
}
}
$tag = DB_escapeString($autotagData['id']);
$desc = DB_escapeString($autotagData['description']);
$is_enabled = 1;
$is_function = 1;
$replacement = '';
DB_query("REPLACE INTO {$_TABLES['autotags']} (tag,description,is_enabled,is_function,replacement) VALUES ('" . $tag . "','" . $desc . "'," . $is_enabled . "," . $is_function . ",'')");
_pi_deleteDir($tmp);
CTL_clearCache();
// show status (success or fail)
return $retval;
}
/**
* Save topic to the database
*
* @param string $tid Topic ID
* @param string $topic Name of topic (what the user sees)
* @param int $inherit whether to inherit
* @param int $hidden whether to hide
* @param string $parent_id Parent ID
* @param string $imageUrl (partial) URL to topic image
* @param string $meta_description Topic meta description
* @param string $meta_keywords Topic meta keywords
* @param int $sortNum number for sort order in "Topics" block
* @param int $limitNews number of stories per page for this topic
* @param int $owner_id ID of owner
* @param int $group_id ID of group topic belongs to
* @param int $perm_owner Permissions the owner has
* @param int $perm_group Permissions the group has
* @param int $perm_members Permissions members have
* @param int $perm_anon Permissions anonymous users have
* @param string $is_default 'on' if this is the default topic
* @param string $is_archive 'on' if this is the archive topic
* @return string HTML redirect or error message
*/
function savetopic($tid, $topic, $inherit, $hidden, $parent_id, $imageUrl, $meta_description, $meta_keywords, $sortNum, $limitNews, $owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon, $is_default, $is_archive)
{
global $_CONF, $_TABLES, $_USER, $LANG27, $MESSAGE;
$retval = '';
// Convert array values to numeric permission values
list($perm_owner, $perm_group, $perm_members, $perm_anon) = SEC_getPermissionValues($perm_owner, $perm_group, $perm_members, $perm_anon);
$tid = COM_sanitizeID($tid);
// Check if tid is a restricted name
$restricted_tid = false;
if (!strcasecmp($tid, TOPIC_ALL_OPTION) || !strcasecmp($tid, TOPIC_NONE_OPTION) || !strcasecmp($tid, TOPIC_HOMEONLY_OPTION) || !strcasecmp($tid, TOPIC_SELECTED_OPTION) || !strcasecmp($tid, TOPIC_ROOT)) {
$restricted_tid = true;
}
// Check if tid is used by another topic
$duplicate_tid = false;
$old_tid = '';
if (isset($_POST['old_tid'])) {
$old_tid = COM_applyFilter($_POST['old_tid']);
if (!empty($old_tid)) {
$old_tid = COM_sanitizeID($old_tid);
// See if new topic id
if (strcasecmp($tid, $old_tid)) {
if (!strcasecmp($tid, DB_getItem($_TABLES['topics'], 'tid', "tid = '{$tid}'"))) {
$duplicate_tid = true;
}
}
} else {
if (!strcasecmp($tid, DB_getItem($_TABLES['topics'], 'tid', "tid = '{$tid}'"))) {
$duplicate_tid = true;
}
}
}
// Make sure parent id exists
$parent_id_found = false;
if ($parent_id == DB_getItem($_TABLES['topics'], 'tid', "tid = '{$parent_id}'") || $parent_id == TOPIC_ROOT) {
$parent_id_found = true;
}
// Check if parent archive topic, if so bail
$archive_parent = false;
$archive_tid = DB_getItem($_TABLES['topics'], 'tid', 'archive_flag = 1');
if ($parent_id == $archive_tid) {
$archive_parent = true;
}
// If archive topic, make sure no child topics else bail
$archive_child = false;
$is_archive = $is_archive == 'on' ? 1 : 0;
if ($is_archive) {
if ($tid == DB_getItem($_TABLES['topics'], 'parent_id', "parent_id = '{$tid}'")) {
$archive_child = true;
}
}
if (DB_count($_TABLES['topics'], 'tid', $tid) > 0) {
$result = DB_query("SELECT owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon FROM {$_TABLES['topics']} WHERE tid = '{$tid}'");
$A = DB_fetchArray($result);
$access = SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']);
} else {
$access = SEC_hasAccess($owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon);
}
if ($access < 3 || !SEC_inGroup($group_id)) {
$retval .= COM_showMessageText($MESSAGE[29], $MESSAGE[30]);
$retval = COM_createHTMLDocument($retval, array('pagetitle' => $MESSAGE[30]));
COM_accessLog("User {$_USER['username']} tried to illegally create or edit topic {$tid}.");
} else {
// Now check access to parent topic
if ($parent_id != TOPIC_ROOT) {
if (DB_count($_TABLES['topics'], 'tid', $parent_id) > 0) {
$result = DB_query("SELECT owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon FROM {$_TABLES['topics']} WHERE tid = '{$parent_id}'");
$A = DB_fetchArray($result);
$access = SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']);
}
$in_Group = SEC_inGroup($A['group_id']);
} else {
$access = 3;
$in_Group = true;
}
if ($access < 3 || !$in_Group) {
$retval .= COM_showMessageText($MESSAGE[29], $MESSAGE[30]);
$retval = COM_createHTMLDocument($retval, array('pagetitle' => $MESSAGE[30]));
COM_accessLog("User {$_USER['username']} tried to illegally assign topic {$tid} to {$parent_id}.");
} elseif (!empty($tid) && !empty($topic) && !$restricted_tid && !$duplicate_tid && !$archive_parent && !$archive_child && $parent_id_found) {
if ($imageUrl === '/images/topics/') {
$imageUrl = '';
}
$topic = GLText::remove4byteUtf8Chars(strip_tags($topic));
$topic = DB_escapeString($topic);
$meta_description = GLText::remove4byteUtf8Chars(strip_tags($meta_description));
$meta_description = DB_escapeString($meta_description);
$meta_keywords = GLText::remove4byteUtf8Chars(strip_tags($meta_keywords));
$meta_keywords = DB_escapeString($meta_keywords);
if ($is_default == 'on') {
$is_default = 1;
DB_query("UPDATE {$_TABLES['topics']} SET is_default = 0 WHERE is_default = 1");
} else {
$is_default = 0;
}
if ($is_archive) {
// $tid is the archive topic
// - if it wasn't already, mark all its stories "archived" now
if ($archive_tid != $tid) {
$sql = "UPDATE {$_TABLES['stories']} s, {$_TABLES['topic_assignments']} ta\n SET s.featured = 0, s.frontpage = 0, s.statuscode = " . STORY_ARCHIVE_ON_EXPIRE . "\n WHERE ta.type = 'article' AND ta.tid = '{$tid}' AND ta.id = s.sid";
DB_query($sql);
$sql = "UPDATE {$_TABLES['topics']} SET archive_flag = 0 WHERE archive_flag = 1";
DB_query($sql);
}
// Set hidden and inherit to false since archive topic now
$inherit = '';
$hidden = '';
} else {
// $tid is not the archive topic
// - if it was until now, reset the "archived" status of its stories
if ($archive_tid == $tid) {
$sql = "UPDATE {$_TABLES['stories']} s, {$_TABLES['topic_assignments']} ta\n SET s.statuscode = 0\n WHERE ta.type = 'article' AND ta.tid = '{$tid}' AND ta.id = s.sid";
DB_query($sql);
$sql = "UPDATE {$_TABLES['topics']} SET archive_flag = 0 WHERE archive_flag = 1";
DB_query($sql);
}
}
$inherit = $inherit == 'on' ? 1 : 0;
$hidden = $hidden == 'on' ? 1 : 0;
// Cannot hide root topics so switch if needed
if ($parent_id == TOPIC_ROOT && $hidden == 1) {
$hidden = 0;
}
// If not a new topic and id change then...
if (!empty($old_tid)) {
if ($tid != $old_tid) {
changetopicid($tid, $old_tid);
$old_tid = DB_escapeString($old_tid);
DB_delete($_TABLES['topics'], 'tid', $old_tid);
}
}
DB_save($_TABLES['topics'], 'tid, topic, inherit, hidden, parent_id, imageurl, meta_description, meta_keywords, sortnum, limitnews, is_default, archive_flag, owner_id, group_id, perm_owner, perm_group, perm_members, perm_anon', "'{$tid}', '{$topic}', {$inherit}, {$hidden}, '{$parent_id}', '{$imageUrl}', '{$meta_description}', '{$meta_keywords}','{$sortNum}','{$limitNews}',{$is_default},'{$is_archive}',{$owner_id},{$group_id},{$perm_owner},{$perm_group},{$perm_members},{$perm_anon}");
if ($old_tid != $tid) {
PLG_itemSaved($tid, 'topic', $old_tid);
} else {
PLG_itemSaved($tid, 'topic');
}
// Reorder Topics, Delete topic cache and reload topic tree
reorderTopics();
// update feed(s)
COM_rdfUpToDateCheck('article', $tid);
COM_redirect($_CONF['site_admin_url'] . '/topic.php?msg=13');
} elseif ($restricted_tid) {
$retval .= COM_errorLog($LANG27[31], 2);
$retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG27[1]));
} elseif ($duplicate_tid) {
$retval .= COM_errorLog($LANG27[49], 2);
$retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG27[1]));
} elseif ($archive_parent) {
$retval .= COM_errorLog($LANG27[46], 2);
$retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG27[1]));
} elseif ($archive_child) {
$retval .= COM_errorLog($LANG27[47], 2);
$retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG27[1]));
} elseif (!$parent_id_found) {
$retval .= COM_errorLog($LANG27[48], 2);
$retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG27[1]));
} else {
$retval .= COM_errorLog($LANG27[7], 2);
$retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG27[1]));
}
}
return $retval;
}
function MB_saveEditMenuElement()
{
global $_CONF, $_TABLES, $MenuElementAllowedHTML;
$filter = sanitizer::getInstance();
$allowedElements = $filter->makeAllowedElements($MenuElementAllowedHTML);
$filter->setAllowedElements($allowedElements);
$filter->setPostmode('html');
$id = COM_applyFilter($_POST['id'], true);
$menu_id = COM_applyFilter($_POST['menu']);
$pid = COM_applyFilter($_POST['pid'], true);
$label = DB_escapeString($filter->filterHTML($_POST['menulabel']));
$type = COM_applyFilter($_POST['menutype'], true);
$target = COM_applyFilter($_POST['urltarget']);
$menu = menu::getInstance($menu_id);
if ($type == 0) {
$type = 1;
}
switch ($type) {
case 2:
$subtype = COM_applyFilter($_POST['glfunction']);
break;
case 3:
$subtype = COM_applyFilter($_POST['gltype'], true);
break;
case 4:
$subtype = COM_applyFilter($_POST['pluginname']);
break;
case 5:
$subtype = COM_applyFilter($_POST['spname']);
break;
case 6:
$subtype = COM_applyFilter($_POST['menuurl']);
if (strpos($subtype, "http") !== 0 && strpos($subtype, "%site") === false && $subtype[0] != '#' && rtrim($subtype) != '') {
$subtype = 'http://' . $subtype;
}
break;
case 7:
$subtype = COM_applyFilter($_POST['phpfunction']);
break;
case 9:
$subtype = COM_applyFIlter($_POST['topicname']);
break;
default:
$subtype = '';
break;
}
$active = COM_applyFilter($_POST['menuactive'], true);
$url = '';
if (isset($_POST['menuurl']) && $_POST['menuurl'] != '') {
$url = trim(DB_escapeString(COM_applyFilter($_POST['menuurl'])));
if (strpos($url, "http") !== 0 && strpos($url, "%site") === false && $url[0] != '#' && rtrim($url) != '') {
$url = 'http://' . $url;
}
}
$group_id = COM_applyFilter($_POST['group'], true);
$aid = COM_applyFilter($_POST['menuorder'], true);
$aorder = DB_getItem($_TABLES['menu_elements'], 'element_order', 'id=' . $aid);
$neworder = $aorder + 1;
$sql = "UPDATE {$_TABLES['menu_elements']} SET pid=" . (int) $pid . ", element_order=" . (int) $neworder . ", element_label='{$label}', element_type='{$type}', element_subtype='{$subtype}', element_active={$active}, element_url='{$url}', element_target='" . DB_escapeString($target) . "', group_id=" . (int) $group_id . " WHERE id=" . (int) $id;
DB_query($sql);
$menu->reorderMenu($pid);
}
$album_id = COM_applyFilter($_GET['aid'], true);
$media_id = COM_applyFilter($_GET['mid']);
$T = new Template(MG_getTemplatePath($album_id));
$T->set_file('page', 'view_image.thtml');
$T->set_var('header', $LANG_MG00['plugin']);
$T->set_var('site_url', $_CONF['site_url']);
$T->set_var('plugin', 'mediagallery');
//
// -- Verify that image really does belong to this album
//
$sql = "SELECT * FROM " . $_TABLES['mg_media_albums'] . " WHERE media_id='" . DB_escapeString($mid) . "' AND album_id='" . intval($aid) . "'";
$result = DB_query($sql);
if (DB_numRows($result) < 1) {
die("ERROR #2");
}
// Get Album Info...
$sql = "SELECT * FROM " . $_TABLES['mg_albums'] . " WHERE album_id=" . intval($album_id);
$result = DB_query($sql);
$row = DB_fetchArray($result);
// Check access rights
$access = SEC_hasAccess($row['owner_id'], $row['group_id'], $row['perm_owner'], $row['perm_group'], $row['perm_members'], $row['perm_anon']);
if ($access == 0) {
$display .= COM_siteHeader('menu') . COM_showMessageText($LANG_MG00['access_denied_msg'], $LANG_ACCESS['accessdenied'], true) . COM_siteFooter();
echo $display;
exit;
}
$sql = "SELECT * FROM " . $_TABLES['mg_media'] . " WHERE media_id='" . DB_escapeString($media_id) . "'";
$result = DB_query($sql);
$row = DB_fetchArray($result);
echo '<img src="' . $_MG_CONF['mediaobjects_url'] . '/disp/' . $row['media_filename'][0] . '/' . $row['media_filename'] . '.jpg' . '">';
exit;
/**
* Submit static page. The page is updated if it exists, or a new one is created
*
* @param array args Contains all the data provided by the client
* @param string &output OUTPUT parameter containing the returned text
* @param string &svc_msg OUTPUT parameter containing any service messages
* @return int Response code as defined in lib-plugins.php
*/
function service_submit_staticpages($args, &$output, &$svc_msg)
{
global $_CONF, $_TABLES, $_USER, $LANG_ACCESS, $LANG12, $LANG_STATIC, $LANG_LOGIN, $_GROUPS, $_SP_CONF;
$output = '';
if (!SEC_hasRights('staticpages.edit')) {
$output = COM_siteHeader('menu', $LANG_STATIC['access_denied']);
$output .= COM_showMessageText($LANG_STATIC['access_denied_msg'], $LANG_STATIC['access_denied'], true);
$output .= COM_siteFooter();
return PLG_RET_AUTH_FAILED;
}
if (defined('DEMO_MODE')) {
$output = COM_siteHeader('menu');
$output .= COM_showMessageText('Option disabled in Demo Mode', 'Option disabled in Demo Mode', true);
$output .= COM_siteFooter();
return PLG_REG_AUTH_FAILED;
}
$gl_edit = false;
if (isset($args['gl_edit'])) {
$gl_edit = $args['gl_edit'];
}
if ($gl_edit) {
// This is EDIT mode, so there should be an sp_old_id
if (empty($args['sp_old_id'])) {
if (!empty($args['id'])) {
$args['sp_old_id'] = $args['id'];
} else {
return PLG_RET_ERROR;
}
if (empty($args['sp_id'])) {
$args['sp_id'] = $args['sp_old_id'];
}
}
} else {
if (empty($args['sp_id']) && !empty($args['id'])) {
$args['sp_id'] = $args['id'];
}
}
if (empty($args['sp_uid'])) {
$args['sp_uid'] = $_USER['uid'];
}
if (empty($args['sp_title']) && !empty($args['title'])) {
$args['sp_title'] = $args['title'];
}
if (empty($args['sp_content']) && !empty($args['content'])) {
$args['sp_content'] = $args['content'];
}
if (isset($args['category']) && is_array($args['category']) && !empty($args['category'][0])) {
$args['sp_tid'] = $args['category'][0];
}
if (!isset($args['owner_id'])) {
$args['owner_id'] = $_USER['uid'];
}
if (empty($args['group_id'])) {
$args['group_id'] = SEC_getFeatureGroup('staticpages.edit', $_USER['uid']);
}
$args['sp_id'] = COM_sanitizeID($args['sp_id']);
if (!$gl_edit) {
if (strlen($args['sp_id']) > STATICPAGE_MAX_ID_LENGTH) {
if (function_exists('WS_makeId')) {
$args['sp_id'] = WS_makeId($slug, STATICPAGE_MAX_ID_LENGTH);
} else {
$args['sp_id'] = COM_makeSid();
}
}
}
// Apply filters to the parameters passed by the webservice
if ($args['gl_svc']) {
$par_str = array('mode', 'sp_id', 'sp_old_id', 'sp_tid', 'sp_format', 'postmode');
$par_num = array('sp_uid', 'sp_hits', 'owner_id', 'group_id', 'sp_where', 'sp_php', 'commentcode', 'sp_search', 'sp_status');
foreach ($par_str as $str) {
if (isset($args[$str])) {
$args[$str] = COM_applyBasicFilter($args[$str]);
} else {
$args[$str] = '';
}
}
foreach ($par_num as $num) {
if (isset($args[$num])) {
$args[$num] = COM_applyBasicFilter($args[$num], true);
} else {
$args[$num] = 0;
}
}
}
// START: Staticpages defaults
if ($args['sp_status'] != 1) {
$args['sp_status'] = 0;
}
if (empty($args['sp_format'])) {
$args['sp_format'] = 'allblocks';
}
if (empty($args['sp_tid'])) {
$args['sp_tid'] = 'all';
}
if ($args['sp_where'] < 0 || $args['sp_where'] > 4) {
$args['sp_where'] = 0;
}
if ($args['sp_php'] < 0 || $args['sp_php'] > 2) {
$args['sp_php'] = 0;
}
if ($args['commentcode'] < -1 || $args['commentcode'] > 1) {
$args['commentcode'] = $_CONF['comment_code'];
}
if ($args['sp_search'] != 1) {
$args['sp_search'] = 0;
}
if ($args['gl_svc']) {
// Permissions
if (!isset($args['perm_owner'])) {
$args['perm_owner'] = $_SP_CONF['default_permissions'][0];
} else {
$args['perm_owner'] = COM_applyBasicFilter($args['perm_owner'], true);
}
if (!isset($args['perm_group'])) {
$args['perm_group'] = $_SP_CONF['default_permissions'][1];
} else {
$args['perm_group'] = COM_applyBasicFilter($args['perm_group'], true);
}
if (!isset($args['perm_members'])) {
$args['perm_members'] = $_SP_CONF['default_permissions'][2];
} else {
$args['perm_members'] = COM_applyBasicFilter($args['perm_members'], true);
}
if (!isset($args['perm_anon'])) {
$args['perm_anon'] = $_SP_CONF['default_permissions'][3];
} else {
$args['perm_anon'] = COM_applyBasicFilter($args['perm_anon'], true);
}
if (!isset($args['sp_onmenu'])) {
$args['sp_onmenu'] = '';
} else {
if ($args['sp_onmenu'] == 'on' && empty($args['sp_label'])) {
$svc_msg['error_desc'] = 'Menu label missing';
return PLG_RET_ERROR;
}
}
if (empty($args['sp_content'])) {
$svc_msg['error_desc'] = 'No content';
return PLG_RET_ERROR;
}
if (empty($args['sp_inblock']) && $_SP_CONF['in_block'] == '1') {
$args['sp_inblock'] = 'on';
}
if (empty($args['sp_centerblock'])) {
$args['sp_centerblock'] = '';
}
}
// END: Staticpages defaults
$sp_id = $args['sp_id'];
$sp_status = $args['sp_status'];
$sp_uid = $args['sp_uid'];
$sp_title = $args['sp_title'];
$sp_content = $args['sp_content'];
$sp_hits = $args['sp_hits'];
$sp_format = $args['sp_format'];
$sp_onmenu = $args['sp_onmenu'];
$sp_label = '';
if (!empty($args['sp_label'])) {
$sp_label = $args['sp_label'];
}
$commentcode = $args['commentcode'];
$owner_id = $args['owner_id'];
$group_id = $args['group_id'];
$perm_owner = $args['perm_owner'];
$perm_group = $args['perm_group'];
$perm_members = $args['perm_members'];
$perm_anon = $args['perm_anon'];
$sp_php = $args['sp_php'];
$sp_nf = '';
if (!empty($args['sp_nf'])) {
$sp_nf = $args['sp_nf'];
}
$sp_old_id = $args['sp_old_id'];
$sp_centerblock = $args['sp_centerblock'];
$sp_help = '';
if (!empty($args['sp_help'])) {
$sp_help = $args['sp_help'];
}
$sp_tid = $args['sp_tid'];
$sp_where = $args['sp_where'];
$sp_inblock = $args['sp_inblock'];
$postmode = $args['postmode'];
$sp_search = $args['sp_search'];
if ($gl_edit && !empty($args['gl_etag'])) {
// First load the original staticpage to check if it has been modified
$o = array();
$s = array();
$r = service_get_staticpages(array('sp_id' => $sp_old_id, 'gl_svc' => true), $o, $s);
if ($r == PLG_RET_OK) {
if ($args['gl_etag'] != $o['updated']) {
$svc_msg['error_desc'] = 'A more recent version of the staticpage is available';
return PLG_RET_PRECONDITION_FAILED;
}
} else {
$svc_msg['error_desc'] = 'The requested staticpage no longer exists';
return PLG_RET_ERROR;
}
}
// Check for unique page ID
$duplicate_id = false;
$delete_old_page = false;
if (DB_count($_TABLES['staticpage'], 'sp_id', $sp_id) > 0) {
if ($sp_id != $sp_old_id) {
$duplicate_id = true;
}
} elseif (!empty($sp_old_id)) {
if ($sp_id != $sp_old_id) {
$delete_old_page = true;
}
}
if ($duplicate_id) {
$output .= COM_siteHeader('menu', $LANG_STATIC['staticpageeditor']);
$output .= COM_errorLog($LANG_STATIC['duplicate_id'], 2);
if (!$args['gl_svc']) {
$output .= PAGE_edit($sp_id);
}
$output .= COM_siteFooter();
$svc_msg['error_desc'] = 'Duplicate ID';
return PLG_RET_ERROR;
} elseif (!empty($sp_title) && !empty($sp_content)) {
if (empty($sp_hits)) {
$sp_hits = 0;
}
if ($sp_onmenu == 'on') {
$sp_onmenu = 1;
} else {
$sp_onmenu = 0;
}
if ($sp_nf == 'on') {
$sp_nf = 1;
} else {
$sp_nf = 0;
}
if ($sp_centerblock == 'on') {
$sp_centerblock = 1;
} else {
$sp_centerblock = 0;
}
if ($sp_inblock == 'on') {
$sp_inblock = 1;
} else {
$sp_inblock = 0;
}
// Clean up the text
if ($_SP_CONF['censor'] == 1) {
$sp_content = COM_checkWords($sp_content);
$sp_title = COM_checkWords($sp_title);
}
if ($_SP_CONF['filter_html'] == 1) {
$sp_content = COM_checkHTML($sp_content, 'staticpages.edit');
}
$sp_title = strip_tags($sp_title);
$sp_label = strip_tags($sp_label);
$sp_content = DB_escapeString($sp_content);
$sp_title = DB_escapeString($sp_title);
$sp_label = DB_escapeString($sp_label);
// If user does not have php edit perms, then set php flag to 0.
if ($_SP_CONF['allow_php'] != 1 || !SEC_hasRights('staticpages.PHP')) {
$sp_php = 0;
}
// make sure there's only one "entire page" static page per topic
if ($sp_centerblock == 1 && $sp_where == 0) {
$sql = "UPDATE {$_TABLES['staticpage']} SET sp_centerblock = 0 WHERE sp_centerblock = 1 AND sp_where = 0 AND sp_tid = '" . DB_escapeString($sp_tid) . "'";
// multi-language configuration - allow one entire page
// centerblock for all or none per language
if (!empty($_CONF['languages']) && !empty($_CONF['language_files']) && ($sp_tid == 'all' || $sp_tid == 'none')) {
$ids = explode('_', $sp_id);
if (count($ids) > 1) {
$lang_id = array_pop($ids);
$sql .= " AND sp_id LIKE '%\\_" . DB_escapeString($lang_id) . "'";
}
}
DB_query($sql);
}
$formats = array('allblocks', 'blankpage', 'leftblocks', 'rightblocks', 'noblocks');
if (!in_array($sp_format, $formats)) {
$sp_format = 'allblocks';
}
if (!$args['gl_svc']) {
list($perm_owner, $perm_group, $perm_members, $perm_anon) = SEC_getPermissionValues($perm_owner, $perm_group, $perm_members, $perm_anon);
}
DB_save($_TABLES['staticpage'], 'sp_id,sp_status,sp_uid,sp_title,sp_content,sp_date,sp_hits,sp_format,sp_onmenu,sp_label,commentcode,owner_id,group_id,' . 'perm_owner,perm_group,perm_members,perm_anon,sp_php,sp_nf,sp_centerblock,sp_help,sp_tid,sp_where,sp_inblock,postmode,sp_search', "'{$sp_id}',{$sp_status}, {$sp_uid},'{$sp_title}','{$sp_content}',NOW(),{$sp_hits},'{$sp_format}',{$sp_onmenu},'{$sp_label}','{$commentcode}',{$owner_id},{$group_id}," . "{$perm_owner},{$perm_group},{$perm_members},{$perm_anon},'{$sp_php}','{$sp_nf}',{$sp_centerblock},'{$sp_help}','{$sp_tid}',{$sp_where}," . "'{$sp_inblock}','{$postmode}',{$sp_search}");
if ($delete_old_page && !empty($sp_old_id)) {
DB_delete($_TABLES['staticpage'], 'sp_id', $sp_old_id);
DB_change($_TABLES['comments'], 'sid', DB_escapeString($sp_id), array('sid', 'type'), array(DB_escapeString($sp_old_id), 'staticpages'));
PLG_itemDeleted($sp_old_id, 'staticpages');
}
PLG_itemSaved($sp_id, 'staticpages');
$url = COM_buildURL($_CONF['site_url'] . '/page.php?page=' . $sp_id);
$output .= PLG_afterSaveSwitch($_SP_CONF['aftersave'], $url, 'staticpages');
$svc_msg['id'] = $sp_id;
return PLG_RET_OK;
} else {
$output .= COM_siteHeader('menu', $LANG_STATIC['staticpageeditor']);
$output .= COM_errorLog($LANG_STATIC['no_title_or_content'], 2);
if (!$args['gl_svc']) {
$output .= PAGE_edit($sp_id);
}
$output .= COM_siteFooter();
return PLG_RET_ERROR;
}
}
function INSTALLER_uninstall($A)
{
global $_TABLES;
$reverse = array_reverse($A);
$plugin = array();
foreach ($reverse as $step) {
if ($step['type'] == 'feature') {
$ft_name = DB_escapeString($step['feature']);
$ft_id = DB_getItem($_TABLES['features'], 'ft_id', "ft_name = '{$ft_name}'");
COM_errorLog("AutoInstall: Removing feature {$step['feature']}....");
DB_query("DELETE FROM {$_TABLES['access']} WHERE acc_ft_id = {$ft_id}", 1);
DB_query("DELETE FROM {$_TABLES['features']} WHERE ft_id = {$ft_id}", 1);
} else {
if ($step['type'] == 'group') {
$grp_name = DB_escapeString($step['group']);
$grp_id = DB_getItem($_TABLES['groups'], 'grp_id', "grp_name = '{$grp_name}'");
COM_errorLog("AutoInstall: Removing group {$step['group']}....");
DB_query("DELETE FROM {$_TABLES['access']} WHERE acc_grp_id = {$grp_id}", 1);
DB_query("DELETE FROM {$_TABLES['group_assignments']} WHERE ug_main_grp_id = {$grp_id} OR ug_grp_id = {$grp_id}", 1);
DB_query("DELETE FROM {$_TABLES['groups']} WHERE grp_id = {$grp_id}", 1);
} else {
if ($step['type'] == 'table') {
COM_errorLog("AutoInstall: Dropping table {$step['table']}....");
DB_query("DROP TABLE {$step['table']}", 1);
} else {
if ($step['type'] == 'block') {
COM_errorLog("AutoInstall: Removing block {$step['name']}....");
DB_query("DELETE FROM {$_TABLES['blocks']} WHERE name = '{$step['name']}'", 1);
} else {
if ($step['type'] == 'sql') {
if (isset($step['rev_log'])) {
COM_errorLog("AutoInstall: " . $step['rev_log']);
}
if (isset($step['rev'])) {
DB_query($step['rev'], 1);
}
} else {
if (array_key_exists('type', $step)) {
$function = 'INSTALLER_uninstall_' . $step['type'];
if (function_exists($function)) {
$function($step);
}
}
}
}
}
}
}
}
if (array_key_exists('plugin', $A)) {
$plugin = $A['plugin'];
COM_errorLog("AutoInstall: Removing plugin {$plugin['name']} from plugins table", 1);
DB_query("DELETE FROM {$_TABLES['plugins']} WHERE pi_name = '{$plugin['name']}'", 1);
}
COM_errorLog("AutoInstall: Uninstall complete");
return true;
}
/**
* Performs search on all comments
*
* @author Tony Bibbs <tony AT geeklog DOT net>
* Sami Barakat <s.m.barakat AT gmail DOT com>
* @access private
* @return object plugin object
*
*/
function _searchComments()
{
global $_CONF, $_TABLES, $_DB_dbms, $LANG09;
// Make sure the query is SQL safe
$query = trim(DB_escapeString(htmlspecialchars($this->_query)));
$sql = "SELECT s.sid AS id, c.title AS title, c.comment AS description, UNIX_TIMESTAMP(c.date) AS date, c.uid AS uid, '0' AS hits, ";
if ($_CONF['url_rewrite']) {
$sql .= "CONCAT('/article.php/',s.sid,'#comments') AS url ";
} else {
$sql .= "CONCAT('/article.php?story=',s.sid,'#comments') AS url ";
}
$sql .= "FROM {$_TABLES['users']} AS u, {$_TABLES['comments']} AS c ";
$sql .= "LEFT JOIN {$_TABLES['stories']} AS s ON ((s.sid = c.sid) ";
$sql .= COM_getPermSQL('AND', 0, 2, 's') . COM_getTopicSQL('AND', 0, 's') . COM_getLangSQL('sid', 'AND', 's') . ") ";
$sql .= "WHERE (u.uid = c.uid) AND (s.draft_flag = 0) AND (s.commentcode >= 0) AND (s.date <= NOW()) ";
if (!empty($this->_topic)) {
$sql .= "AND (s.tid = '" . DB_escapeString($this->_topic) . "') ";
}
if (!empty($this->_author)) {
$sql .= "AND (c.uid = " . (int) $this->_author . ") ";
}
$search = new SearchCriteria('comments', $LANG09[65] . ' > ' . $LANG09[66]);
$columns = array('comment', 'c.title');
$sql .= $search->getDateRangeSQL('AND', 'UNIX_TIMESTAMP(c.date)', $this->_dateStart, $this->_dateEnd);
list($sql, $ftsql) = $search->buildSearchSQL($this->_keyType, $query, $columns, $sql);
$search->setSQL($sql);
$search->setFTSQL($ftsql);
$search->setRank(2);
return $search;
}
}
if ($order == $prevorder) {
$direction = $direction == "DESC" ? "ASC" : "DESC";
} else {
$direction = $direction == "ASC" ? "ASC" : "DESC";
}
$returnPostfix = '';
// need to grab referer
if ($forum != 0) {
$returnPostfix = '?forum=' . $forum;
}
if ($dCat != 0) {
$returnPostfix = '?cat=' . $dCat;
}
$html_query = strip_tags($_REQUEST['query']);
$query = DB_escapeString($_REQUEST['query']);
$report->set_var(array('form_action' => $_CONF['site_url'] . '/forum/index.php?op=search', 'LANG_TITLE' => $LANG_GF02['msg119'] . ' ' . @htmlentities($html_query, ENT_QUOTES, COM_getEncodingt()), 'returnlink' => $_CONF['site_url'] . '/forum/index.php' . $returnPostfix, 'LANG_return' => $LANG_GF02['msg175'], 'LANG_Heading1' => $LANG_GF01['SUBJECT'], 'LANG_Heading2' => $LANG_GF01['REPLIES'], 'LANG_Heading3' => $LANG_GF01['VIEWS'], 'LANG_Heading4' => $LANG_GF01['DATE'], 'op' => "&op=search&query=" . @htmlentities($html_query, ENT_QUOTES, COM_getEncodingt()), 'prevorder' => $order, 'direction' => $direction, 'page' => '1'));
if ($_FF_CONF['usermenu'] == 'navbar') {
$report->set_var('navmenu', FF_NavbarMenu());
} else {
$report->set_var('navmenu', '');
}
if ($forum != 0) {
$inforum = "AND (forum = " . (int) $forum . ")";
} else {
$inforum = "";
}
$sql = "SELECT * FROM {$_TABLES['ff_topic']} WHERE (subject LIKE '%{$query}%') {$inforum} OR ";
$sql .= "(comment LIKE '%{$query}%') {$inforum} GROUP BY {$orderby} ORDER BY {$orderby} {$direction} LIMIT 100";
$result = DB_query($sql);
$nrows = DB_numRows($result);
