function mail_password()
{
global $user_prefix, $db, $pagetitle, $userinfo;
if ((!isset($_POST['lost_username']) || empty($_POST['lost_username'])) && (!isset($_POST['lost_email']) || empty($_POST['lost_email']))) {
cpg_error('Please enter either a username or email address');
}
if (isset($_POST['lost_username']) && (!isset($_POST['lost_email']) || empty($_POST['lost_email']))) {
$username = Fix_Quotes($_POST['lost_username']);
if (empty($username) || strtolower($username) == 'anonymous') {
cpg_error('Invalid username');
}
$sql = "username='******'";
} else {
$sql = "user_email='" . Fix_Quotes($_POST['lost_email']) . "'";
}
$result = $db->sql_query('SELECT username, user_email, user_password, user_level FROM ' . $user_prefix . '_users WHERE ' . $sql);
$pagetitle .= ' ' . _BC_DELIM . ' ' . _PASSWORDLOST;
if ($db->sql_numrows($result) != 1) {
cpg_error(_SORRYNOUSERINFO);
} else {
$row = $db->sql_fetchrow($result);
$username = $row['username'];
if ($row['user_level'] > 0) {
global $sitename, $MAIN_CFG;
$code = $_POST['code'];
$areyou = substr($row['user_password'], 0, 10);
$from = 'noreply@' . str_replace('www.', '', $MAIN_CFG['server']['domain']);
if ($areyou == $code) {
$newpass = make_pass(8, 5);
$message = _USERACCOUNT . " '{$username}' " . _AT . " {$sitename} " . _HASTHISEMAIL . " " . _AWEBUSERFROM . " " . decode_ip($userinfo["user_ip"]) . " " . _HASREQUESTED . "\n\n" . _YOURNEWPASSWORD . " {$newpass}\n\n " . _YOUCANCHANGE . " " . URL::index('Your_Account', true, true) . "\n\n" . _IFYOUDIDNOTASK;
$subject = _USERPASSWORD4 . " {$username}";
if (!send_mail($mailer_message, $message, 0, $subject, $row['user_email'], $username, $from)) {
cpg_error($mailer_message);
}
// Next step: add the new password to the database
$cryptpass = md5($newpass);
$query = "UPDATE " . $user_prefix . "_users SET user_password='******' WHERE username='******'";
if (!$db->sql_query($query)) {
cpg_error(_UPDATEFAILED);
}
cpg_error(_PASSWORD4 . " {$username} " . _MAILED, _TB_INFO, URL::index());
// If no code, send it
} else {
$message = _USERACCOUNT . " '{$username}' " . _AT . " {$sitename} " . _HASTHISEMAIL . " " . _AWEBUSERFROM . " " . decode_ip($userinfo["user_ip"]) . " " . _CODEREQUESTED . "\n\n" . _YOURCODEIS . " {$areyou} \n\n" . _WITHTHISCODE . " " . URL::index('&op=pass_lost', true, true) . "\n" . _IFYOUDIDNOTASK2;
$subject = _CODEFOR . " {$username}";
if (!send_mail($mailer_message, $message, 0, $subject, $row['user_email'], $username, $from)) {
cpg_error($mailer_message);
}
cpg_error(_CODEFOR . " {$username} " . _MAILED, _TB_INFO, URL::index('&op=pass_lost'));
}
} elseif ($row['user_level'] == 0) {
cpg_error(_ACCSUSPENDED);
} elseif ($row['user_level'] == -1) {
cpg_error(_ACCDELETED);
}
}
}
function get_post_var($var, $pid, $html2bb = false)
{
$var_name = $var . $pid;
if (!isset($_POST[$var_name])) {
cpg_die(_CRITICAL_ERROR, PARAM_MISSING . " ({$var_name})", __FILE__, __LINE__);
}
if ($html2bb) {
return Fix_Quotes(html2bb($_POST[$var_name]));
} else {
return Fix_Quotes($_POST[$var_name], 1);
}
}
function automated_news()
{
global $prefix, $currentlang, $db;
$result = $db->sql_query('SELECT * FROM ' . $prefix . '_autonews WHERE time<=' . time());
while ($row2 = $db->sql_fetchrow($result, SQL_ASSOC)) {
$title = Fix_Quotes($row2['title']);
$hometext = Fix_Quotes($row2['hometext']);
$bodytext = Fix_Quotes($row2['bodytext']);
$notes = Fix_Quotes($row2['notes']);
$db->sql_query('INSERT INTO ' . $prefix . '_stories (sid, catid, aid, title, time, hometext, bodytext, comments, counter, topic, informant, notes, ihome, alanguage, acomm, haspoll, poll_id, score, ratings, associated, display_order) ' . "VALUES (DEFAULT, '{$row2['catid']}', '{$row2['aid']}', '{$title}', '{$row2['time']}', '{$hometext}', '{$bodytext}', '0', '0', '{$row2['topic']}', '{$row2['informant']}', '{$notes}', '{$row2['ihome']}', '{$row2['alanguage']}', '{$row2['acomm']}', '0', '0', '0', '0', '{$row2['associated']}', 0)");
}
if ($db->sql_numrows($result)) {
$db->sql_query('DELETE FROM ' . $prefix . '_autonews WHERE time<=' . time());
}
$db->sql_freeresult($result);
}
function online()
{
global $userinfo, $prefix, $db, $module_title, $SESS, $mainindex;
if ($SESS->dbupdate) {
$url = URL::uri();
$uname = $SESS->sess_id;
$guest = 1;
if (is_user()) {
$uname = $userinfo['username'];
$guest = 0;
} elseif (SEARCHBOT) {
$uname = SEARCHBOT;
$guest = 3;
}
if (is_admin()) {
global $CLASS;
if ($guest == 1) {
$uname = $CLASS['member']->admin['aid'];
}
$guest = 2;
if (defined('ADMIN_PAGES')) {
$url = $mainindex;
}
}
$uname = Fix_Quotes($uname);
if (empty($uname)) {
return;
}
# something screwey
$ctime = time();
$custom_title = Fix_Quotes($module_title ? $module_title : _HOME);
$url = Fix_Quotes(str_replace('&', '&', $url));
if ($db->sql_count($prefix . '_session', "uname='{$uname}'")) {
$db->sql_query('UPDATE ' . $prefix . "_session SET time='{$ctime}', module='{$custom_title}', url='{$url}', guest='{$guest}' WHERE uname='{$uname}'", true);
} else {
$db->sql_query('INSERT INTO ' . $prefix . "_session (uname, time, host_addr, guest, module, url) VALUES ('{$uname}', '{$ctime}', {$userinfo['user_ip']}, '{$guest}', '{$custom_title}', '{$url}')", true);
}
}
}
if (!$value['auth_read']) {
$ignore_forum_sql .= ($ignore_forum_sql != '' ? ', ' : '') . $key;
}
}
if ($ignore_forum_sql != '') {
$auth_sql .= $auth_sql != '' ? " AND f.forum_id NOT IN ({$ignore_forum_sql}) " : "f.forum_id NOT IN ({$ignore_forum_sql}) ";
}
}
//
// Author name search
//
if ($search_author != '') {
if (preg_match('#^[\\*%]+$#', trim($search_author)) || preg_match('#^[^\\*]{1,2}$#', str_replace(array('*', '%'), '', trim($search_author)))) {
$search_author = '';
}
$search_author = str_replace('*', '%', trim(Fix_Quotes($search_author)));
}
if ($total_match_count) {
if ($show_results == 'topics') {
//
// This one is a beast, try to seperate it a bit (workaround for connection timeouts)
//
$search_id_chunks = array();
$count = 0;
$chunk = 0;
if (count($search_ids) > $limiter) {
for ($i = 0; $i < count($search_ids); $i++) {
if ($count == $limiter) {
$chunk++;
$count = 0;
}
function search_attachments($order_by, &$total_rows)
{
global $db, $_POST, $_GET, $lang;
$where_sql = array();
//
// Get submitted Vars
//
$search_vars = array('search_keyword_fname', 'search_keyword_comment', 'search_author', 'search_size_smaller', 'search_size_greater', 'search_count_smaller', 'search_count_greater', 'search_days_greater', 'search_forum', 'search_cat');
for ($i = 0; $i < count($search_vars); $i++) {
if (isset($_POST[$search_vars[$i]]) || isset($_GET[$search_vars[$i]])) {
${$search_vars}[$i] = isset($_POST[$search_vars[$i]]) ? $_POST[$search_vars[$i]] : $_GET[$search_vars[$i]];
} else {
${$search_vars}[$i] = '';
}
}
//
// Author name search
//
if ($search_author != '') {
$search_author = str_replace('*', '%', trim(Fix_Quotes($search_author)));
//
// We need the post_id's, because we want to query the Attachment Table
//
$result = $db->sql_query('SELECT user_id FROM ' . USERS_TABLE . ' WHERE username LIKE \'' . $search_author . '\'');
$matching_userids = '';
if ($row = $db->sql_fetchrow($result)) {
do {
$matching_userids .= ($matching_userids != '' ? ', ' : '') . $row['user_id'];
} while ($row = $db->sql_fetchrow($result));
} else {
message_die(GENERAL_MESSAGE, $lang['No_attach_search_match']);
}
$where_sql[] = ' (t.user_id_1 IN (' . $matching_userids . ')) ';
}
//
// Search Keyword
//
if ($search_keyword_fname != '') {
$match_word = str_replace('*', '%', $search_keyword_fname);
$where_sql[] = ' (a.real_filename LIKE \'' . $match_word . '\') ';
}
if ($search_keyword_comment != '') {
$match_word = str_replace('*', '%', $search_keyword_comment);
$where_sql[] = ' (a.comment LIKE \'' . $match_word . '\') ';
}
//
// Search Download Count
//
if ($search_count_smaller != '' || $search_count_greater != '') {
if ($search_count_smaller != '') {
$where_sql[] = ' (a.download_count < ' . $search_count_smaller . ') ';
} else {
if ($search_count_greater != '') {
$where_sql[] = ' (a.download_count > ' . $search_count_greater . ') ';
}
}
}
//
// Search Filesize
//
if ($search_size_smaller != '' || $search_size_greater != '') {
if ($search_size_smaller != '') {
$where_sql[] = ' (a.filesize < ' . $search_size_smaller . ') ';
} else {
if ($search_size_greater != '') {
$where_sql[] = ' (a.filesize > ' . $search_size_greater . ') ';
}
}
}
//
// Search Attachment Time
//
if ($search_days_greater != '') {
$where_sql[] = ' (a.filetime < ' . (time() - $search_days_greater * 86400) . ') ';
}
$sql = 'SELECT a.*, t.post_id, p.post_time, p.topic_id
FROM ' . ATTACHMENTS_TABLE . ' t, ' . ATTACHMENTS_DESC_TABLE . ' a, ' . POSTS_TABLE . ' p WHERE ';
if (count($where_sql) > 0) {
$sql .= implode('AND', $where_sql) . ' AND ';
}
$sql .= '(t.post_id = p.post_id) AND (a.attach_id = t.attach_id) ';
$total_rows_sql = $sql;
$sql .= $order_by;
$result = $db->sql_query($sql);
$attachments = $db->sql_fetchrowset($result);
$num_attach = $db->sql_numrows($result);
if ($num_attach == 0) {
message_die(GENERAL_MESSAGE, $lang['No_attach_search_match']);
}
$result = $db->sql_query($total_rows_sql);
$total_rows = $db->sql_numrows($result);
return $attachments;
}
$fields[$f_field] = htmlprepare($val);
}
}
}
check_dl_details($_POST['in'], $errors);
if ($db->sql_count($dl_prefix . '_mirrors', "did={$mng_id}") < 1) {
$errors[] = 'You must specify at least 1 download URL';
}
if (empty($errors)) {
$fields['title'] = Fix_Quotes($in['title'], true);
$fields['screen'] = $in['screen'];
$fields['cid'] = intval($in['cat']);
$fields['desc_short'] = Fix_Quotes($in['desc_short'], true);
$fields['desc_long'] = Fix_Quotes($in['desc_long'], true);
$fields['name'] = Fix_Quotes($in['name'], true);
$fields['email'] = Fix_Quotes($in['email'], true);
$fields['active'] = can_admin($module_name) ? 1 : 2;
$fields['access'] = can_admin($module_name) ? intval($in['access']) : 0;
$fields['submitter'] = is_user() ? $userinfo['user_id'] : 'admin';
$db->sql_query("INSERT INTO " . $dl_prefix . "_downloads \n\t\t\t\t(lid, cid, active, access, title, screen, desc_short, desc_long, date, name, email, submitter" . $field_list . ") \n\t\t\t\tVALUES \n\t\t\t\t(DEFAULT, '{$fields['cid']}', {$fields['active']}, '{$fields['access']}', '{$fields['title']}', '{$fields['screen']}', '{$fields['desc_short']}', '{$fields['desc_long']}', '" . time() . "', '{$fields['name']}', '{$fields['email']}', '{$fields['submitter']}'" . $value_list . ")");
$next_id = $db->sql_nextid('lid');
$db->sql_query("UPDATE " . $dl_prefix . "_mirrors \n\t\t\t\tSET did={$next_id} \n\t\t\t\tWHERE did={$mng_id}");
$db->sql_query("UPDATE " . $dl_prefix . "_screenshots \n\t\t\t\tSET did={$next_id} \n\t\t\t\tWHERE did={$mng_id}");
if (can_admin($module_name)) {
$time = time();
$time_year = generate_date($time, 'Y');
$time_month = generate_date($time, 'm');
$db->sql_query("INSERT INTO " . $dl_prefix . "_stats \n\t\t\t\t(id, year, month, hits, views) \n\t\t\t\tVALUES \n\t\t\t\t('{$next_id}', '{$time_year}', '{$time_month}', 0, 0)");
}
if ($fields['version']) {
$db->sql_query("INSERT INTO " . $dl_prefix . "_history \n\t\t\t\t(id, vers, author, date, comment) \n\t\t\t\tVALUES \n\t\t\t\t({$next_id}, '{$fields['version']}', '{$fields['submitter']}', " . time() . ", 'Initial Version')");
$cpgtpl->assign_vars(array('EDITLINK' => false, 'EDITCAT' => true, 'S_URL' => _URL, 'S_CPG_MMOPTIONAL' => _CPG_MMOPTIONAL, 'MODE' => $mode, 'CID' => $cid, 'S_CATNAME_VALUE' => htmlprepare($cat['name']), 'S_CATIMAGE_VALUE' => $cat['image'], 'S_CATLINK_VALUE' => $cat['link'], 'S_SUBMIT_VALUE' => $mode != 'new' ? _SAVECHANGES : _CPG_MMADDCAT, 'SEL_LINKTYPE' => select_box('lnktype', $cat['link_type'], array(0 => 'getlink', 1 => 'link', 2 => 'web'))));
$cpgtpl->set_handle('body', 'admin/cpgmm_edit.html');
$cpgtpl->display('body');
} else {
cpg_error(_CPG_MMNOCAT);
}
} elseif (isset($_GET['savecat'])) {
if ($_POST['catname'] == '') {
cpg_error(_CPG_MMCATEMPTY);
}
if ($_GET['savecat'] == 'mod') {
$db->sql_query("UPDATE " . $prefix . "_modules_cat SET name='" . Fix_Quotes($_POST['catname']) . "', image='{$_POST['catimage']}', link='{$_POST['catlink']}', link_type='{$_POST['lnktype']}' WHERE cid=" . intval($_POST['cid']));
} else {
list($pos) = $db->sql_ufetchrow("SELECT pos FROM " . $prefix . "_modules_cat \n\t\t\tORDER BY pos DESC", SQL_NUM);
$pos = empty($pos) ? 0 : $pos + 1;
$db->sql_query("INSERT INTO " . $prefix . "_modules_cat (name, image, pos, link, link_type) VALUES ('" . Fix_Quotes($_POST['catname']) . "', '{$_POST['catimage']}', '{$pos}', '{$_POST['catlink']}', '{$_POST['lnktype']}')");
}
URL::redirect(URL::admin('cpgmm'));
} elseif ($mode == 'delcat' && intval($_GET['cid']) > 0) {
$cid = intval($_GET['cid']);
$result = $db->sql_query("SELECT name FROM " . $prefix . "_modules_cat WHERE cid=" . $cid);
if ($db->sql_numrows($result) > 0) {
$cat = $db->sql_fetchrow($result);
if (isset($_GET['ok'])) {
$db->sql_query("UPDATE " . $prefix . "_modules_links SET cat_id=0 WHERE cat_id=" . $cid);
$db->sql_query("UPDATE " . $prefix . "_modules SET cat_id=0 WHERE cat_id=" . $cid);
$db->sql_query("DELETE FROM " . $prefix . "_modules_cat WHERE cid=" . $cid);
URL::redirect(URL::admin('cpgmm'));
}
$cat['name'] = defined($cat['name']) ? constant($cat['name']) : $cat['name'];
$pagetitle .= ' ' . _BC_DELIM . ' Delete Category: ' . $cat['name'];
function Process_Form()
{
// Processes the form, writes the updated file
//
// returns the number of bytes written and status messages, which it
// gets from Write_File
//
include "msre_function_global_vars.php";
$new_file = array();
$bytes = 0;
$status_msg = "";
// Debugging... this displays all my post vars for me
/*
echo "<span class=\"debug\">\n";
echo "POST vars:<br>\n";
foreach ($_POST as $key => $value) {
echo "$key: $value<br>\n";
}
echo "</span>\n";
*/
// mmkay... what we'll want to do here is write out
// a new file with the updated rules that the user has
// just saved. Rather than trying to edit the file every
// time, I'm just going to overwrite it each time.
// But that means that I need to keep comments on the top...
// look thru the file, and grab comments on the top,
// stopping when we have reached a non-comment line
$previous_line = "";
$first_line = true;
foreach (preg_split("/\n/", $file_contents) as $line) {
if ($line == "" or substr($line, 0, 1) == "#" and !preg_match("/#DISABLED#/", $line)) {
if (!$first_line) {
$new_file[] = $previous_line . "\n";
}
} else {
break;
}
$previous_line = $line;
$first_line = false;
}
// to make my life easier (or possibly harder), I'm going
// to re-arrange the rule varibles from the _POST var
// into a single multi-dimensional array that will hold
// all the info i need for the rules.
$new_ruleset = array();
// I should know the number of rules I have... right?
// we do <= so that we can check for the add rule thingy,
// which will end up being on the end of the ruleset
// Also, we will be pulling out the "default" rule, if
// it exists, because we want to tack that back onto
// the end of the ruleset when we're done (default should
// stay @ the bottom)
$default_direction = "FromOrTo:";
$default_action = "";
$default_desc = "";
for ($i = -1; $i <= $_POST["rule_count"]; $i++) {
$rule_prefix = "rule" . $i . "_";
$description = $rule_prefix . "description";
$direction = $rule_prefix . "direction";
$target = $rule_prefix . "target";
$and = $rule_prefix . "and";
$and_direction = $rule_prefix . "and_direction";
$and_target = $rule_prefix . "and_target";
$action = $rule_prefix . "action";
$rule_action = $rule_prefix . "rule_action";
// we need to remove any "magic quoting" from the description, target,
// and action fields, so that it doesn't put it into the file
if (isset($_POST[$description])) {
$_POST[$description] = Fix_Quotes($_POST[$description]);
} else {
$_POST[$description] = "";
}
//echo "$description: " . $_POST[$description] . "<br>\n";
// check for "default" rule
if (isset($_POST[$target])) {
$_POST[$target] = Fix_Quotes($_POST[$target]);
} else {
$_POST[$target] = "default";
}
// strip out any embedded blanks from Target
$_POST[$target] = str_replace(" ", "", $_POST[$target]);
if (!isset($_POST[$and_direction])) {
$_POST[$and_direction] = "";
}
if (isset($_POST[$and_target])) {
$_POST[$and_target] = Fix_Quotes($_POST[$and_target]);
} else {
$_POST[$and_target] = "";
}
// strip out any embedded blanks from AndTarget
$_POST[$and_target] = str_replace(" ", "", $_POST[$and_target]);
if (isset($_POST[$action])) {
$_POST[$action] = Fix_Quotes($_POST[$action]);
} else {
$_POST[$action] = "";
}
// On no account allow invalid rule
// Target and Action must both have values
// delete rule if they don't
if ($_POST[$target] == "" or $_POST[$action] == "") {
continue;
}
if (strtolower($_POST[$target]) == "default") {
// Default 'direction' can only be "Virus:" or "FromOrTo:"
if ($_POST[$direction] == "Virus:") {
$default_direction = "Virus:";
} else {
$default_direction = "FromOrTo:";
}
$default_action = $_POST[$action];
$default_desc = $_POST[$description];
continue;
}
// check to see if any rule action was specified, like delete,
// disable, enable.
// If so, we need to do something here..
//echo "$rule_action: |" . $_POST[$rule_action] . "|<br>\n";
if (isset($_POST[$rule_action])) {
switch ($_POST[$rule_action]) {
case "Delete":
// deletions are simple, just ignore this rule and
// go to the next one (and it won't get written to
// the new file)
//echo "rule$i: $rule_action says delete<br>\n";
continue 2;
case "Disable":
// to disable a rule, we simply add "#DISABLED" to the
// beginning of the direction field,
// which will end up being the first thing on the line
$_POST[$direction] = "#DISABLED#" . $_POST[$direction];
break;
case "Enable":
// enable is the opposite of disable..
$_POST[$direction] = preg_replace("/^#DISABLED#/", "", $_POST[$direction]);
break;
}
}
//echo "after case, rule $i<br>\n";
// make sure there's something there... direction is required
if (!isset($_POST[$and])) {
$_POST[$and] = "";
}
// if any of the "and" parts are missing, clear the whole and part
if ($_POST[$and] == "" or $_POST[$and_direction] == "" or $_POST[$and_target] == "") {
$_POST[$and] = "";
$_POST[$and_direction] = "";
$_POST[$and_target] = "";
}
if (isset($_POST[$direction])) {
if ($_POST[$direction]) {
//echo "$direction: $_POST[$direction]<br>\n";
$new_ruleset[] = array("description" => $_POST[$description], "direction" => $_POST[$direction], "target" => $_POST[$target], "and" => $_POST[$and], "and_direction" => $_POST[$and_direction], "and_target" => $_POST[$and_target], "action" => $_POST[$action]);
}
}
}
// ok, at this point I think we can finish assembling the new file
foreach ($new_ruleset as $new_rule) {
$new_file[] = "#" . $new_rule["description"] . "\n" . $new_rule["direction"] . "\t" . $new_rule["target"] . "\t" . $new_rule["and"] . "\t" . $new_rule["and_direction"] . "\t" . $new_rule["and_target"] . "\t" . $new_rule["action"] . "\n";
}
// and add on the default rule if there is one.
if ($default_action != "") {
$new_file[] = "#" . sanitizeInput($default_desc) . "\n";
$new_file[] = sanitizeInput($default_direction) . "\tdefault\t\t\t" . sanitizeInput($default_action) . "\n";
}
// ### ---> Debugging
/*
echo "<span class=\"debug\">\n";
echo "new file:<br>\n";
echo "<pre>";
foreach ($new_file as $line) {
echo $line;
}
echo "</pre>\n";
echo "</span>\n";
*/
// mmmkay, now we should be able to write the new file
$getFile = basename(sanitizeInput($_GET["file"]));
$filename = MSRE_RULESET_DIR . "/" . $getFile;
list($bytes, $status_msg) = Write_File($filename, $new_file);
// schedule a reload of mailscanner's stuff. We can't do an immediate
// reload w/out giving the apache user rights to run the MailScanner
// startup/reload script, and that could be a bad idea...
//So instead, I schedule a reload with the msre_reload.cron cron job
$status_msg .= "<span class=\"status\">\n";
$status_msg .= "Scheduling reload of MailScanner...";
$fh = fopen("/tmp/msre_reload", "w");
// we don't need to write to the file, just it existing is enough
if (!$fh) {
$status_msg .= "<span class=\"error\">**ERROR** Couldn't schedule a reload of " . "MailScanner! (You will have to manually do a " . "|/etc/init.d/MailScanner reload| )</span><br>\n";
} else {
$status_msg .= "Ok.<br>\n" . "Your changes will take effect in the next " . MSRE_RELOAD_INTERVAL . " minutes, when MailScanner reloads.<br>\n";
}
$status_msg .= "</span>\n";
$returnvalue = array($bytes, $status_msg);
return $returnvalue;
}
private static function log_serializer($log)
{
for ($i = 0; $i < count($log); ++$i) {
foreach ($log[$i] as $key => $val) {
$log[$i][$key] = Fix_Quotes($val, true);
}
}
return serialize($log);
}
$row = $db->sql_fetchrowset($result);
$num_rows = $db->sql_numrows($result);
if ($num_rows > 0) {
for ($i = 0; $i < $num_rows; $i++) {
if ($row[$i]['quota_desc'] == $quota_desc) {
$error = TRUE;
if (isset($error_msg)) {
$error_msg .= '<br />';
}
$error_msg .= sprintf($lang['Quota_limit_exist'], $extension_group);
}
}
}
if (!$error) {
$filesize = $size_select == 'kb' ? round($filesize * 1024) : ($size_select == 'mb' ? round($filesize * 1048576) : $filesize);
$sql = "INSERT INTO " . QUOTA_LIMITS_TABLE . " (quota_desc, quota_limit)\n\t\t\tVALUES ('" . Fix_Quotes($quota_desc) . "', " . $filesize . ")";
$db->sql_query($sql);
}
}
if (!$error) {
$message = $lang['Attach_config_updated'] . '<br /><br />' . sprintf($lang['Click_return_attach_config'], '<a href="' . URL::admin("&do=attachments&mode=quota") . '">', '</a>') . '<br /><br />' . sprintf($lang['Click_return_admin_index'], '<a href="' . URL::admin("Forums") . '">', '</a>');
message_die(GENERAL_MESSAGE, $message);
return;
}
} else {
if ($mode == 'quota') {
$template->set_filenames(array('body' => 'forums/admin/attach_quota_body.html'));
$max_add_filesize = intval($attach_config['max_filesize']);
$size = $max_add_filesize >= 1048576 ? 'mb' : ($max_add_filesize >= 1024 ? 'kb' : 'b');
if ($max_add_filesize >= 1048576) {
$max_add_filesize = round($max_add_filesize / 1048576 * 100) / 100;
public function upgrade($prev_version)
{
global $db, $prefix, $installer, $userinfo;
if (version_compare($prev_version, '3', '<')) {
$this->new_tables();
$installer->add_query('DROP', $this->prefix . '_modrequest');
$installer->add_query('DROP', $this->prefix . '_newdownload');
$installer->add_query('DROP', $this->prefix . '_editorials');
$installer->add_query('DROP', $this->prefix . '_votedata');
$installer->add_query('DEL', $this->prefix . '_categories', 'ldescription');
// $installer->add_query('DEL', $this->prefix.'_downloads', 'FOREIGN KEY sid');
$installer->add_query('DEL', $this->prefix . '_downloads', 'INDEX sid');
$installer->add_query('DEL', $this->prefix . '_downloads', 'INDEX title');
$installer->add_query('DEL', $this->prefix . '_downloads', 'COLUMN sid, DROP COLUMN downloadratingsummary, DROP COLUMN totalvotes, DROP COLUMN totalcomments');
$installer->add_query('CHANGE', $this->prefix . '_downloads', 'description desc_long TEXT');
$installer->add_query('CHANGE', $this->prefix . '_downloads', 'date date int UNSIGNED NOT NULL default ' . time());
$installer->add_query('ADD', $this->prefix . '_downloads', 'screen INT NOT NULL DEFAULT 0 AFTER url');
$installer->add_query('ADD', $this->prefix . '_downloads', 'desc_short varchar(255) NOT NULL AFTER screen');
$installer->add_query('ADD', $this->prefix . '_downloads', 'notes text NOT NULL AFTER desc_long');
$installer->add_query('ADD', $this->prefix . '_downloads', 'active TINYINT NOT NULL DEFAULT 1 AFTER cid');
$installer->add_query('ADD', $this->prefix . '_downloads', 'updated int UNSIGNED NOT NULL DEFAULT 0 AFTER date');
$installer->add_query('ADD', $this->prefix . '_downloads', 'compat varchar(255) NOT NULL AFTER homepage');
$installer->add_query('ADD', $this->prefix . '_downloads', 'pick TINYINT NOT NULL DEFAULT 0');
$installer->add_query('ADD', $this->prefix . '_downloads', 'access TINYINT NOT NULL DEFAULT 0 AFTER active');
$time = time();
$time_year = intval(L10NTime::date('Y', $time, $userinfo['user_dst'], $userinfo['user_timezone']));
$time_month = intval(L10NTime::date('m', $time, $userinfo['user_dst'], $userinfo['user_timezone'])) - 1;
if ($time_month < 1) {
$time_month = 12;
$time_year -= 1;
}
$result = $db->sql_uquery("SELECT lid, UNIX_TIMESTAMP(date), hits FROM " . $prefix . '_' . $this->prefix . "_downloads");
while ($row = $db->sql_fetchrow($result)) {
$installer->add_query('UPDATE', $this->prefix . '_downloads', "date='" . Fix_Quotes($row[1]) . "' WHERE lid='" . $row[0] . "'");
$installer->add_query('INSERT', $this->prefix . '_stats', "'" . $row[0] . "', '{$time_year}', '{$time_month}', '" . $row[3] . "', 0");
}
$installer->add_query('DEL', $this->prefix . '_downloads', 'hits');
$this->new_config();
$result = $db->sql_uquery("SELECT lid, url, filesize FROM " . $prefix . '_' . $this->prefix . "_downloads");
while ($row = $db->sql_fetchrow($result, SQL_NUM)) {
if (ereg('://', $row[1])) {
$row[2] = intval($row[2]);
$row[3] = 'N/A';
} else {
$row[2] = intval(filesize($row[2]));
$row[3] = md5_file($row[2]);
clearstatcache();
}
$installer->add_query('INSERT', $this->prefix . '_mirrors', "'NULL', '" . $row[0] . "', '" . Fix_Quotes($row[1]) . "', '', " . $row[2] . ", '" . $row[3] . "', 0");
}
$installer->add_query('DEL', $this->prefix . '_downloads', 'url');
}
// end upgrade < 3.0.0.0
// 3.0.0.0 upgrade SPECIAL for multi-screenshot system
if (version_compare($prev_version, '3.0.0.1', '<')) {
$installer->add_query('CHANGE', $this->prefix . '_downloads', 'screen screen INT NOT NULL DEFAULT 0');
$db->sql_query('CREATE TABLE ' . $prefix . '_' . $this->prefix . '_screenshots (
id int(11) NOT NULL auto_increment,
did int(11) DEFAULT 0 NOT NULL,
url varchar(255) NOT NULL,
uploaded tinyint(4) DEFAULT 0 NOT NULL,
PRIMARY KEY (id))');
$result = $db->sql_query("SELECT lid, screen FROM " . $prefix . '_' . $this->prefix . "_downloads");
while ($row = $db->sql_fetchrow($result, SQL_NUM)) {
if (!empty($row[1])) {
$db->sql_query('INSERT INTO ' . $prefix . '_' . $this->prefix . "_screenshots VALUES (NULL, '" . $row[0] . "', '" . $row[1] . "', 0)");
$installer->add_query('UPDATE', $this->prefix . '_downloads', "screen='" . $db->sql_nextid('id') . "' WHERE lid='" . $row[0] . "'");
}
}
}
if (version_compare($prev_version, '3.0.0.2', '<')) {
$installer->add_query('INSERT', 'config_custom', '"' . $this->prefix . '", "anon_dl_remote", 1');
$installer->add_query('INSERT', 'config_custom', '"' . $this->prefix . '", "use_fetch_remote", 1');
}
if (version_compare($prev_version, '3.0.0.3', '<')) {
$installer->add_query('ADD', $this->prefix . '_ratings', 'active TINYINT NOT NULL DEFAULT 1 AFTER uid');
$installer->add_query('INSERT', 'config_custom', '"' . $this->prefix . '", "r_active", 1');
$installer->add_query('INSERT', 'config_custom', '"' . $this->prefix . '", "r_queue", 0');
}
if (version_compare($prev_version, '3.0.0.4', '<')) {
$installer->add_query('ADD', $this->prefix . '_broken', 'mid INT NOT NULL DEFAULT 0 AFTER lid');
}
if (version_compare($prev_version, '3.0.0.5', '<')) {
$installer->add_query('INDEX', $this->prefix . '_downloads', 'active', 'active');
$installer->add_query('INDEX', $this->prefix . '_stats', 'id', 'id');
}
if (version_compare($prev_version, '3.0.0.6', '<')) {
$installer->add_query('INSERT', 'config_custom', '"' . $this->prefix . '", "md5_local", 1');
$installer->add_query('INSERT', 'config_custom', '"' . $this->prefix . '", "md5_remote", 1');
}
if (version_compare($prev_version, '3.0.0.7', '<')) {
$installer->add_query('INSERT', 'config_custom', '"' . $this->prefix . '", "screen_max", 10');
}
if (version_compare($prev_version, '3.0.0.8', '<')) {
$installer->add_query('INSERT', 'config_custom', '"' . $this->prefix . '", "pub_mirror", 1');
$installer->add_query('ADD', $this->prefix . '_mirrors', 'uid mediumint(8) UNSIGNED NOT NULL DEFAULT 0 AFTER did');
$installer->add_query('ADD', $this->prefix . '_mirrors', 'active TINYINT NOT NULL DEFAULT 1');
$result = $db->sql_query("SELECT lid, submitter FROM " . $prefix . '_' . $this->prefix . "_downloads");
while ($row = $db->sql_fetchrow($result, SQL_NUM)) {
$installer->add_query('UPDATE', $this->prefix . '_mirrors', "uid='" . $row[1] . "' WHERE did='" . $row[0] . "'");
}
}
if (version_compare($prev_version, '3.0.0.9', '<')) {
$installer->add_query('DELETE', 'config_custom', 'cfg_name="' . $this->prefix . '" AND cfg_field="outside"');
}
return true;
}
while ($badname = $db->sql_fetchrow($nameresult)) {
if ($username == $badname[0]) {
$error = _SHOUTUSERBAN;
}
}
$db->sql_freeresult($nameresult);
}
//look for bad words, then censor them.
if ($shoutconf['censor']) {
$comment = check_words($comment);
}
//if error just reload page, else add posting.
if ($error) {
cpg_error($error);
} else {
$db->sql_query("INSERT INTO " . $prefix . "_shoutblock VALUES (NULL, '" . Fix_Quotes($username) . "', '" . Fix_Quotes($comment) . "', '" . gmtime() . "')");
url_redirect($CPG_SESS['user']['uri']);
}
}
function nav_shouts()
{
global $prefix, $db, $offset, $number, $shoutconf, $userinfo;
$offset = intval($offset);
$result = $db->sql_query("SELECT * FROM " . $prefix . "_shoutblock ORDER BY id DESC LIMIT {$offset},25");
$loop = $db->sql_numrows($result);
while ($row = $db->sql_fetchrow($result)) {
echo '<div class="content">';
$row[2] = set_smilies($row[2]);
echo '<a href="' . getlink('Your_Account&profile=' . $row[1]) . '"><strong>' . $row[1] . ':</strong></a>';
if ($shoutconf['date']) {
echo formatDateTime($row[3], '%d-%b-%Y ');
$row = $db->sql_fetchrowset($result);
$num_rows = $db->sql_numrows($result);
if ($num_rows > 0) {
for ($i = 0; $i < $num_rows; $i++) {
if ($row[$i]['group_name'] == $extension_group) {
$error = TRUE;
if ($error_msg != '') {
$error_msg .= '<br />';
}
$error_msg .= sprintf($lang['Extension_group_exist'], $extension_group);
}
}
}
if (!$error) {
$filesize = $size_select == 'kb' ? round($filesize * 1024) : ($size_select == 'mb' ? round($filesize * 1048576) : $filesize);
$sql = "INSERT INTO " . EXTENSION_GROUPS_TABLE . " (group_name, cat_id, allow_group, download_mode, upload_icon, max_filesize)\n\t\t\tVALUES ('" . Fix_Quotes($extension_group) . "', " . $cat_id . ", " . $is_allowed . ", " . $download_mode . ", '" . $upload_icon . "', " . $filesize . ")";
$db->sql_query($sql);
}
}
if (!$error) {
$message = $lang['Attach_config_updated'] . '<br /><br />' . sprintf($lang['Click_return_attach_config'], '<a href="' . URL::admin("&do=extensions&mode=groups") . '">', '</a>') . '<br /><br />' . sprintf($lang['Click_return_admin_index'], '<a href="' . URL::admin("forums") . '">', '</a>');
message_die(GENERAL_MESSAGE, $message);
}
}
if ($mode == 'groups') {
//
// Extension Groups
//
$template->set_filenames(array('body' => 'forums/admin/attach_extension_groups.html'));
if (empty($size) && !$submit) {
$max_add_filesize = intval($attach_config['max_filesize']);
} else {
while ($row = $db->sql_fetchrow($result)) {
$tid = $row['tid'];
$title = $row['title'];
echo "<strong><big>·</big></strong> <a href=\"" . getlink("&op=content&tid={$tid}&query={$query}") . "\">{$title}</a><br />";
}
}
echo "<br /><br />" . "<center><form action=\"" . getlink("&file=search") . "\" method=\"post\">" . "<input type=\"text\" size=\"20\" name=\"query\"> " . "<input type=\"hidden\" name=\"eid\" value=\"{$eid}\">" . "<input type=\"submit\" value=\"" . _SEARCH . "\">" . "</form><br /><br />" . "[ <a href=\"" . getlink() . "\">" . _RETURNTO . " " . _ENCYCLOPEDIA . "</a> ]<br /><br />" . _GOBACK . "</center>";
CloseTable();
} elseif (isset($_POST['query']) && !empty($_POST['query']) && $eid > 0) {
$result2 = $db->sql_query("SELECT title FROM " . $prefix . "_encyclopedia WHERE eid='{$eid}'", false, __FILE__, __LINE__);
$row = $db->sql_fetchrow($result2);
OpenTable();
echo '<center><b>' . _SEARCHRESULTSFOR . ' <i>' . htmlprepare($_POST['query']) . '</i></b></center><br /><br /><br />
<i><b>' . _RESULTSINTERMTITLE . '</b></i><br /><br />';
$query = Fix_Quotes($_POST['query'], 1);
$result = $db->sql_query("SELECT tid, title FROM " . $prefix . "_encyclopedia_text WHERE eid='{$eid}' AND title LIKE '%{$query}%'", false, __FILE__, __LINE__);
if ($db->sql_numrows($result) < 1) {
echo _NORESULTSTITLE;
} else {
while ($row = $db->sql_fetchrow($result)) {
$tid = $row[tid];
$title = $row[title];
echo "<strong><big>·</big></strong> <a href=\"" . getlink("&op=content&tid={$tid}") . "\">{$title}</a><br />";
}
}
$result = $db->sql_query("SELECT tid, title FROM " . $prefix . "_encyclopedia_text WHERE eid='{$eid}' AND text LIKE '%{$query}%'", false, __FILE__, __LINE__);
echo "<br /><br /><i><b>" . _RESULTSINTERMTEXT . "</b></i><br /><br />";
if ($db->sql_numrows($result) < 1) {
echo _NORESULTSTEXT;
} else {
cpg_error('The group doesn\'t exist');
}
if ($group_info['group_moderator'] != $group_moderator) {
if ($delete_old_moderator) {
$db->sql_query('DELETE FROM ' . $prefix . '_bbuser_group WHERE user_id = ' . $group_info['group_moderator'] . ' AND group_id = ' . $group_id);
}
$result = $db->sql_query("SELECT user_id FROM " . $prefix . "_bbuser_group WHERE user_id = {$group_moderator} AND group_id = {$group_id}");
if (!($row = $db->sql_fetchrow($result))) {
$db->sql_query("INSERT INTO " . $prefix . "_bbuser_group (group_id, user_id, user_pending) VALUES (" . $group_id . ", " . $group_moderator . ", 0)");
}
}
$db->sql_query("UPDATE " . $prefix . '_bbgroups' . "\n\t\t\t\t\tSET group_type = {$group_type}, group_name = '" . Fix_Quotes($group_name) . "', group_description = '" . Fix_Quotes($group_description) . "', group_moderator = {$group_moderator}\n\t\t\t\t\tWHERE group_id = {$group_id}");
group_msg('The group has been updated');
} else {
if ($mode == 'newgroup') {
$db->sql_query("INSERT INTO " . $prefix . '_bbgroups' . " (group_type, group_name, group_description, group_moderator, group_single_user)\n\t\t\t\t\tVALUES ({$group_type}, '" . Fix_Quotes($group_name) . "', '" . Fix_Quotes($group_description) . "', {$group_moderator},\t\t '0')");
$new_group_id = $db->sql_nextid('group_id');
$db->sql_query("INSERT INTO " . $prefix . "_bbuser_group (group_id, user_id, user_pending) VALUES ({$new_group_id}, {$group_moderator}, 0)");
group_msg('The group has been added');
} else {
cpg_error('No_group_action');
}
}
}
} else {
group_head();
// This is the main display of the page before the admin has selected any options.
$result = $db->sql_query('SELECT group_id, group_name FROM ' . $prefix . '_bbgroups WHERE group_single_user = 0 ORDER BY group_name');
$select_list = '';
$fa = can_admin('forums') ? 4 : 3;
if ($row = $db->sql_fetchrow($result)) {
$op = parse_select_option($option_value);
switch ($op['action']) {
case '0':
break;
case '1':
if (GALLERY_ADMIN_MODE) {
$category = intval($_POST['cat']);
} else {
$category = FIRST_USER_CAT + USER_ID;
}
echo "<tr><td colspan=\"6\" class=\"tableb\">" . sprintf('CREATE_ALB', $op['album_nm']) . "</td></tr>\n";
$album_nm = Fix_Quotes($op['album_nm']);
$db->sql_query("INSERT INTO {$CONFIG['TABLE_ALBUMS']} (category, title, uploads, pos) VALUES ('{$category}', '" . $album_nm . "', 'NO', '{$op['album_sort']}')", false, __FILE__, __LINE__);
break;
case '2':
$album_nm = Fix_Quotes($op['album_nm']);
echo "<tr><td colspan=\"6\" class=\"tableb\">" . sprintf(UPDATE_ALB, $op['album_no'], $op['album_nm'], $op['album_sort']) . "</td></tr>\n";
$db->sql_query("UPDATE {$CONFIG['TABLE_ALBUMS']} SET title='" . $album_nm . "', pos='{$op['album_sort']}' WHERE aid='{$op['album_no']}' {$restrict}", false, __FILE__, __LINE__);
break;
default:
cpg_die(CRITICAL_ERROR, $ERR_INVALID_DATA, __FILE__, __LINE__);
}
}
}
if ($need_caption) {
output_caption();
}
echo "<tr><td colspan=\"6\" class=\"tablef\" align=\"center\">\n";
echo "<div class=\"admin_menu_thumb\"><a href=\"" . URL::index("&file=albmgr") . "\" class=\"adm_menu\">" . CONTINU . "</a></div>\n";
echo "</td></tr>";
endtable();
if (!can_admin('history')) {
die('Access Denied');
}
$pagetitle .= ' ' . _BC_DELIM . ' ' . _EPHEMADMIN;
if (isset($_POST['createEntry'])) {
$day = intval($_POST['day']);
$month = intval($_POST['month']);
$year = Fix_Quotes($_POST['year'], 1);
$content = Fix_Quotes($_POST['content']);
$entry_language = $_POST['language'];
$db->sql_query("INSERT INTO " . $prefix . "_history (eid, did, mid, yid, content, language) VALUES (DEFAULT, '{$day}', '{$month}', '{$year}', '{$content}', '{$entry_language}')");
URL::redirect(URL::admin());
} elseif (isset($_POST['saveEntry'])) {
$id = intval($_POST['entry_id']);
$year = Fix_Quotes($_POST['entry_year'], 1);
$content = Fix_Quotes($_POST['entry_content']);
$entry_language = $_POST['entry_lang'];
$db->sql_query("UPDATE " . $prefix . "_history SET yid='{$year}', content='{$content}', language='{$entry_language}' WHERE eid='{$id}'");
URL::redirect(URL::admin('&edit=' . $id));
} elseif (isset($_GET['delete'])) {
if (isset($_POST['cancel'])) {
URL::redirect(URL::admin());
}
if (isset($_POST['confirm'])) {
$db->sql_query("DELETE FROM " . $prefix . "_history WHERE eid='" . intval($_GET['delete']) . "'");
URL::redirect(URL::admin());
}
cpg_delete_msg(URL::admin('&delete=' . intval($_GET['delete'])), sprintf(_ERROR_DELETE_CONF, 'this entry'));
} elseif (isset($_POST['transferEntry'])) {
$entry_day = intval($_POST['day']);
$entry_month = intval($_POST['month']);
if (isset($_GET['status'])) {
$statusMsg = intval($_GET['status']);
$result = $db->sql_query("SELECT active FROM " . $prefix . "_message WHERE mid='{$statusMsg}'");
if ($db->sql_numrows($result) > 0) {
list($status) = $db->sql_fetchrow($result);
if (is_numeric($status)) {
$status = intval(!$status);
$db->sql_query("UPDATE " . $prefix . "_message SET active='{$status}' WHERE mid='{$statusMsg}'");
}
}
URL::redirect(URL::admin('messages'));
} elseif (isset($_GET['save']) && isset($_POST['content'])) {
$id = intval($_GET['save']);
$title = Fix_Quotes($_POST['title']);
$content = Fix_Quotes(encode_bbcode($_POST['content']));
$language = Fix_Quotes($_POST['language']);
$expire = intval($_POST['expire']);
$active = intval($_POST['active']);
$view = intval($_POST['view']);
if ($id > 0) {
$newdate = $_POST['chng_date'] ? ', date=' . time() : '';
$result = $db->sql_query("UPDATE " . $prefix . "_message SET title='{$title}', content='{$content}' {$newdate}, expire={$expire}, active={$active}, view={$view}, mlanguage='{$language}' WHERE mid='{$id}'");
} else {
$db->sql_query("INSERT INTO " . $prefix . "_message (mid, title, content, date, expire, active, view, mlanguage) VALUES (DEFAULT, '{$title}', '{$content}', " . time() . ", {$expire}, {$active}, {$view}, '{$language}')");
}
URL::redirect(URL::admin('messages'));
} else {
if (isset($_GET['del']) && isset($_POST['confirm'])) {
$db->sql_query('DELETE FROM ' . $prefix . '_message WHERE mid=' . intval($_GET['del']));
$db->optimize_table($prefix . '_message');
URL::redirect(URL::admin('messages'));
if (!is_user()) {
cpg_error('You are not allowed to edit/create documents, please login or register');
} elseif (isset($_POST['content']) && !(isset($_POST['wysiwyg']) || isset($_POST['preview']))) {
if (!can_admin($module_name)) {
$msg = intval($_POST['page_id']) > 0 ? 'replace the current page.' : 'be added.';
$db->sql_query('INSERT INTO ' . $module_prefix . "_pages_wait (page_id, parent_id, title, user_id, comment, body) VALUES (" . intval($_POST['page_id']) . ", " . intval($_POST['parent_id']) . ", '" . Fix_Quotes($_POST['title']) . "', " . is_user() . ", '" . Fix_Quotes($_POST['comment']) . "', '" . Fix_Quotes($_POST['content']) . "')");
cpg_error('Page is added and is awaiting approval to ' . $msg, '', $MAIN_CFG['server']['path'] . URL::index());
}
// page_id is used for modifications
if (intval($_POST['page_id']) > 0) {
$id = intval($_POST['page_id']);
$sql = 'UPDATE ' . $module_prefix . "_pages SET" . ' parent_id=' . intval($_POST['parent_id']) . ', active=1' . ", title='" . Fix_Quotes($_POST['title']) . "', version=version+1" . ', supercede=' . time() . ', upd_user_id=' . is_user() . ", upd_author='" . Fix_Quotes($userinfo['username']) . "', comment='" . Fix_Quotes($_POST['comment']) . "', body='" . Fix_Quotes($_POST['content']) . "' WHERE id={$id}";
$db->sql_query($sql);
} else {
list($pos) = $db->sql_ufetchrow("SELECT COUNT(*) FROM " . $module_prefix . "_pages WHERE parent_id=" . intval($_POST['parent_id']));
$sql = 'INSERT INTO ' . $module_prefix . '_pages (parent_id, active, pos, title, time, user_id, author, comment, body) VALUES (' . intval($_POST['parent_id']) . ', 1, ' . ($pos + 1) . ", '" . Fix_Quotes($_POST['title']) . "', " . time() . ', ' . is_user() . ", '" . Fix_Quotes($userinfo['username']) . "', '" . Fix_Quotes($_POST['comment']) . "', '" . Fix_Quotes($_POST['content']) . "')";
$db->sql_query($sql);
$id = $db->sql_nextid('id');
}
cpg_error('Page is added', '', $MAIN_CFG['server']['path'] . URL::index('&id=' . $id));
} else {
$row['id'] = 0;
$row['parent_id'] = 0;
$row['title'] = '';
$row['comment'] = '';
$row['content'] = '<b>nothing</b> yet';
if (isset($_POST['wysiwyg']) || isset($_POST['preview'])) {
$row['id'] = $_POST['page_id'];
$row['parent_id'] = $_POST['parent_id'];
$row['title'] = $_POST['title'];
$row['comment'] = $_POST['comment'];
function search($search_id = '')
{
global $db, $dl_prefix, $user_prefix, $CPG_SESS, $module_name, $perpage, $limit;
$searchsess = array();
$s_opt = array('s_BASICSEARCH' => array('o' => 4, 't' => 'Keywords'), 's_cid' => array('o' => 2, 't' => _CATEGORY), 's_submitter' => array('o' => 2, 't' => _DLP_SUBMITTEDBY), 's_name' => array('o' => 1, 't' => _AUTHORNAME), 's_email' => array('o' => 1, 't' => _AUTHOREMAIL), 's_pick' => array('o' => 5, 't' => _DLP_EDPICK), 's_screenshot' => array('o' => 6, 't' => 'Have screenshot'), 's_date' => array('o' => 3, 't' => 'Published in past'), 's_updated' => array('o' => 3, 't' => 'Updated in past'));
$result = $db->sql_uquery("SELECT * FROM " . $dl_prefix . "_fields \n\t\t\tWHERE visible > 0 \n\t\t\tORDER BY title");
while ($field = $db->sql_fetchrow($result)) {
$f_title = defined($field['title']) ? constant($field['title']) : $field['title'];
$s_opt['s_' . $field['field']] = array('o' => $field['type'] == 1 || $field['type'] == 3 ? 5 : 1, 't' => $f_title);
}
$operator = 'AND';
$sq = $sq2 = array();
if (!empty($search_id)) {
if (!isset($CPG_SESS[$module_name]['search'][$search_id])) {
echo $this->show_error('Invalid session data');
return;
} else {
$dsource = $CPG_SESS[$module_name]['search'][$search_id];
}
} else {
$dsource = $_POST;
}
if (isset($_GET['sa'])) {
$dsource['s_submitter'] = $_GET['sa'];
} elseif (isset($_GET['key'])) {
if ($_GET['key'] == 'new') {
$dsource['s_date'] = 5;
} elseif ($_GET['key'] == 'pick') {
$dsource['s_pick'] = 1;
}
}
foreach ($s_opt as $value => $sp) {
if (isset($dsource[$value]) && !empty($dsource[$value])) {
if (empty($search_id)) {
$searchsess[$value] = $dsource[$value];
}
if ($sp['o'] == 5 || $sp['o'] == 6) {
$this->criteria[$sp['t']] = $dsource[$value] == 1 ? _YES : _NO;
} elseif ($value == 's_cid') {
list($cattitle) = $db->sql_ufetchrow("SELECT title FROM " . $dl_prefix . "_categories \n\t\t\t\t\t\tWHERE cid='" . intval($dsource[$value]) . "'");
$this->criteria[$sp['t']] = $cattitle;
} elseif ($value == 's_submitter') {
if (is_numeric($dsource[$value])) {
list($username) = $db->sql_ufetchrow("SELECT username FROM " . $user_prefix . "_users \n\t\t\t\t\t\t\tWHERE user_id='" . intval($dsource[$value]) . "'");
$this->criteria[$sp['t']] = $username;
} else {
list($userid) = $db->sql_ufetchrow("SELECT user_id FROM " . $user_prefix . "_users \n\t\t\t\t\t\t\tWHERE username='******'");
$this->criteria[$sp['t']] = $dsource[$value];
$dsource['s_submitter'] = $userid;
}
} else {
$this->criteria[$sp['t']] = $dsource[$value];
}
$dbvalue = substr($value, 2);
if ($sp['o'] == 2 || $sp['o'] == 5) {
$sq2[] = 'd.' . $dbvalue . '=' . intval($dsource[$value]);
} elseif ($sp['o'] == 3) {
$advance = intval($dsource[$value]) * 86400;
$date = time() - $advance;
$sq2[] = 'd.' . $dbvalue . ' >= ' . $date;
$this->criteria[$sp['t']] = $dsource[$value] . ' days';
} elseif ($sp['o'] == 4) {
$sq[] = "d.title LIKE '%" . Fix_Quotes($dsource[$value]) . "%'";
$sq[] = "d.desc_short LIKE '%" . Fix_Quotes($dsource[$value]) . "%'";
$operator = 'OR';
} elseif ($sp['o'] == 6) {
$sq2[] = 'd.screen > 0';
} else {
$sq[] = "d.{$dbvalue} LIKE '%" . Fix_Quotes($dsource[$value]) . "%'";
}
}
}
if (empty($this->criteria)) {
echo $this->show_error('Please provide some criteria for your search') . $this->search_form();
return;
}
if (empty($search_id)) {
mt_srand((double) microtime() * 1000000);
$search_id = mt_rand();
foreach ($searchsess as $k => $v) {
$CPG_SESS[$module_name]['search'][$search_id][$k] = $v;
}
}
$this->search_id = $search_id;
$sq2[] = can_admin($module_name) ? 'd.active!=2' : 'd.active=1';
$qstring = implode($sq, ' ' . $operator . ' ');
$qstring2 = implode($sq2, ' AND ');
if (!empty($qstring) && !empty($qstring2)) {
$qstring2 .= ' AND ';
}
$result = $db->sql_query("SELECT d.*, SUM(r.score) AS score, COUNT(r.score) AS votes, s.url AS img_url, u.username FROM " . $dl_prefix . "_downloads d\n\t\t\tLEFT JOIN " . $dl_prefix . "_ratings r ON (r.lid = d.lid AND r.active = 1)\n\t\t\tLEFT JOIN " . $dl_prefix . "_screenshots s ON (s.id = d.screen)\n\t\t\tLEFT JOIN " . $user_prefix . "_users u ON (u.user_id = d.submitter)\n\t\t\tWHERE {$qstring2} " . (!empty($qstring) ? "({$qstring})" : '') . " \n\t\t\tGROUP BY d.lid, d.cid, d.active, d.access, d.title, d.screen, d.desc_short, d.desc_long, d.notes, d.date, d.updated, d.name, d.email, d.submitter, d.filesize, d.version, d.homepage, d.compat, d.pick, s.url, u.username \n\t\t\tLIMIT {$perpage} OFFSET {$limit}");
list($totalresults) = $db->sql_ufetchrow("SELECT COUNT(d.lid) FROM " . $dl_prefix . "_downloads d WHERE {$qstring2} " . (!empty($qstring) ? "({$qstring})" : ''));
$this->total_results = $totalresults;
while ($row = $db->sql_fetchrow($result)) {
$this->add_result($row);
}
}
require 'header.php';
OpenTable();
echo open_form($adminindex, false, _NOADMINYET) . '
<label class="set" for="name">' . _NICKNAME . '</label><input class="set" type="text" name="name" id="name" size="30" maxlength="25" /><br />
<label class="set" for="email">' . _EMAIL . '</label><input class="set" type="text" name="email" id="email" size="30" maxlength="255" /><br />
<label class="set" for="password">' . _PASSWORD . '</label><input class="set" type="password" name="pwd" id="pwd" size="20" maxlength="40" /><br />
<label class="set" for="user_new">' . _CREATEUSERDATA . '</label>' . yesno_option('user_new', 1) . '<br />
<input type="hidden" name="fop" value="create_first" />
<div style="text-align:center;"><input type="submit" class="sub" value="' . _SUBMIT . '" /></div>' . close_form();
CloseTable();
require 'footer.php';
} else {
if (isset($_POST['fop']) && $_POST['fop'] == 'create_first') {
if (preg_match('#^[0-9]#', $_POST['pwd']) && preg_match('#[a-z]#', $_POST['pwd']) && preg_match('#[A-Z]#', $_POST['pwd'])) {
$name = Fix_Quotes($_POST['name']);
$email = Fix_Quotes($_POST['email']);
$pwd = md5($_POST['pwd']);
$db->sql_query("INSERT INTO " . $prefix . "_admins (aid, email, pwd, radminsuper) VALUES ('{$name}', '{$email}', '{$pwd}', '1')");
if ($_POST['user_new'] == 1) {
$db->sql_query('INSERT INTO ' . $user_prefix . "_users (user_id, username, user_email, user_avatar, user_regdate, user_password, theme, commentmax, user_level, user_lang, user_dateformat)\n\t\t\t\t\tVALUES (DEFAULT,'{$name}','{$email}','" . $MAIN_CFG['avatar']['default'] . "','" . time() . "','{$pwd}','{$MAIN_CFG['global']['Default_Theme']}','4096', '2', 'english','D M d, Y g:i a')");
}
login();
} else {
cpg_error(_PASSWORD_MALFORMED);
}
}
}
exit;
}
}
function login()
function run_ranks()
{
global $db, $lang, $template, $op, $bgcolor1, $bgcolor2;
if (isset($_GET['mode']) || isset($_POST['mode'])) {
$mode = htmlprepare(isset($_GET['mode']) ? $_GET['mode'] : $_POST['mode']);
} else {
if (isset($_POST['add'])) {
$mode = 'add';
} else {
if (isset($_POST['save'])) {
$mode = 'save';
} else {
$mode = '';
}
}
}
if ($mode != '') {
if ($mode == 'edit' || $mode == 'add') {
//
// They want to add a new rank, show the form.
//
$rank_id = isset($_GET['id']) ? intval($_GET['id']) : 0;
$s_hidden_fields = '';
if ($mode == 'edit') {
if (empty($rank_id)) {
message_die(GENERAL_MESSAGE, $lang['Must_select_rank']);
}
$result = $db->sql_query("SELECT * FROM {$db->TBL->bbranks} WHERE rank_id = {$rank_id}");
$rank_info = $db->sql_fetchrow($result);
$s_hidden_fields .= '<input type="hidden" name="id" value="' . $rank_id . '" />';
} else {
$rank_info['rank_special'] = 0;
}
$s_hidden_fields .= '<input type="hidden" name="mode" value="save" />';
$rank_is_special = $rank_info['rank_special'] ? "checked=\"checked\"" : "";
$rank_is_not_special = !$rank_info['rank_special'] ? "checked=\"checked\"" : "";
$template->set_filenames(array('body' => 'forums/admin/ranks_edit_body.html'));
$template->assign_vars(array("RANK" => isset($rank_info['rank_title']) ? $rank_info['rank_title'] : '', "SPECIAL_RANK" => $rank_is_special, "NOT_SPECIAL_RANK" => $rank_is_not_special, "MINIMUM" => $rank_is_special ? "" : isset($rank_info['rank_min']) ? $rank_info['rank_min'] : '', "IMAGE" => isset($rank_info['rank_image']) && $rank_info['rank_image'] != "" ? $rank_info['rank_image'] : "", "IMAGE_DISPLAY" => isset($rank_info['rank_image']) && $rank_info['rank_image'] != "" ? '<img src="' . $rank_info['rank_image'] . '" alt="" />' : "", "L_RANKS_TITLE" => $lang['Ranks_title'], "L_RANKS_TEXT" => $lang['Ranks_explain'], "L_RANK_TITLE" => $lang['Rank_title'], "L_RANK_SPECIAL" => $lang['Rank_special'], "L_RANK_MINIMUM" => $lang['Rank_minimum'], "L_RANK_IMAGE" => $lang['Rank_image'], "L_RANK_IMAGE_EXPLAIN" => $lang['Rank_image_explain'], "L_SUBMIT" => $lang['Submit'], "L_RESET" => $lang['Reset'], "L_YES" => $lang['Yes'], "L_NO" => $lang['No'], "S_RANK_ACTION" => URL::admin("{$op}"), "S_HIDDEN_FIELDS" => $s_hidden_fields));
} else {
if ($mode == "save") {
//
// Ok, they sent us our info, let's update it.
//
$rank_id = isset($_POST['id']) ? intval($_POST['id']) : 0;
$rank_title = isset($_POST['title']) ? trim($_POST['title']) : "";
$special_rank = $_POST['special_rank'] == 1 ? TRUE : 0;
$min_posts = isset($_POST['min_posts']) ? intval($_POST['min_posts']) : -1;
$rank_image = isset($_POST['rank_image']) ? trim($_POST['rank_image']) : "";
if ($rank_title == "") {
message_die(GENERAL_MESSAGE, $lang['Must_select_rank']);
}
if ($special_rank == 1) {
$max_posts = -1;
$min_posts = -1;
}
//
// The rank image has to be a jpg, gif or png
//
if ($rank_image != "") {
if (!preg_match("/(\\.gif|\\.png|\\.jpg)\$/is", $rank_image)) {
$rank_image = "";
}
}
if ($rank_id) {
if (!$special_rank) {
$db->sql_query("UPDATE " . USERS_TABLE . " SET user_rank = 0 WHERE user_rank = {$rank_id}");
}
$sql = "UPDATE {$db->TBL->bbranks}\n\t\t\t\t\tSET rank_title = '" . Fix_Quotes($rank_title) . "', rank_special = {$special_rank}, rank_min = {$min_posts}, rank_image = '" . Fix_Quotes($rank_image) . "'\n\t\t\t\t\tWHERE rank_id = {$rank_id}";
$message = $lang['Rank_updated'];
} else {
$sql = "INSERT INTO {$db->TBL->bbranks} (rank_title, rank_special, rank_min, rank_image)\n\t\t\t\t\tVALUES ('" . Fix_Quotes($rank_title) . "', {$special_rank}, {$min_posts}, '" . Fix_Quotes($rank_image) . "')";
$message = $lang['Rank_added'];
}
$db->sql_query($sql);
$message .= "<br /><br />" . sprintf($lang['Click_return_rankadmin'], "<a href=\"" . URL::admin("{$op}") . "\">", "</a>") . "<br /><br />" . sprintf($lang['Click_return_admin_index'], "<a href=\"" . URL::admin($op) . "\">", "</a>");
message_die(GENERAL_MESSAGE, $message);
} else {
if ($mode == "delete") {
//
// Ok, they want to delete their rank
//
if (isset($_POST['id']) || isset($_GET['id'])) {
$rank_id = isset($_POST['id']) ? intval($_POST['id']) : intval($_GET['id']);
} else {
$rank_id = 0;
}
if ($rank_id) {
$db->sql_query("DELETE FROM {$db->TBL->bbranks} WHERE rank_id = {$rank_id}");
$db->sql_query("UPDATE " . USERS_TABLE . " SET user_rank = 0 WHERE user_rank = {$rank_id}");
$message = $lang['Rank_removed'] . "<br /><br />" . sprintf($lang['Click_return_rankadmin'], "<a href=\"" . URL::admin("{$op}") . "\">", "</a>") . "<br /><br />" . sprintf($lang['Click_return_admin_index'], "<a href=\"" . URL::admin($op) . "\">", "</a>");
message_die(GENERAL_MESSAGE, $message);
} else {
message_die(GENERAL_MESSAGE, $lang['Must_select_rank']);
}
} else {
//
// They didn't feel like giving us any information. Oh, too bad, we'll just display the
// list then...
//
$template->set_filenames(array('body' => 'forums/admin/ranks_list_body.html'));
$result = $db->sql_query("SELECT * FROM {$db->TBL->bbranks} ORDER BY rank_min, rank_title");
$rank_rows = $db->sql_fetchrowset($result);
$rank_count = count($rank_rows);
$template->assign_vars(array("L_RANKS_TITLE" => $lang['Ranks_title'], "L_RANKS_TEXT" => $lang['Ranks_explain'], "L_RANK" => $lang['Rank_title'], "L_RANK_MINIMUM" => $lang['Rank_minimum'], "L_SPECIAL_RANK" => $lang['Special_rank'], "L_EDIT" => $lang['Edit'], "L_DELETE" => $lang['Delete'], "L_ADD_RANK" => $lang['Add_new_rank'], "L_ACTION" => $lang['Action'], "S_RANKS_ACTION" => URL::admin("{$op}")));
for ($i = 0; $i < $rank_count; $i++) {
$rank = $rank_rows[$i]['rank_title'];
$special_rank = $rank_rows[$i]['rank_special'];
$rank_id = $rank_rows[$i]['rank_id'];
$rank_min = $rank_rows[$i]['rank_min'];
if ($special_rank) {
$rank_min = $rank_max = "-";
}
$row_color = !($i % 2) ? $bgcolor2 : $bgcolor1;
$row_class = !($i % 2) ? 'row1' : 'row2';
$template->assign_block_vars("ranks", array("ROW_COLOR" => $row_color, "ROW_CLASS" => $row_class, "RANK" => $rank, "RANK_MIN" => $rank_min, "SPECIAL_RANK" => $special_rank == 1 ? $lang['Yes'] : $lang['No'], "U_RANK_EDIT" => URL::admin("{$op}&mode=edit&id={$rank_id}"), "U_RANK_DELETE" => URL::admin("{$op}&mode=delete&id={$rank_id}")));
}
}
}
}
} else {
//
// Show the default page
//
$template->set_filenames(array('body' => 'forums/admin/ranks_list_body.html'));
$result = $db->sql_query("SELECT * FROM {$db->TBL->bbranks} ORDER BY rank_min ASC, rank_special ASC");
$rank_count = $db->sql_numrows($result);
$rank_rows = $db->sql_fetchrowset($result);
$template->assign_vars(array("L_RANKS_TITLE" => $lang['Ranks_title'], "L_RANKS_TEXT" => $lang['Ranks_explain'], "L_RANK" => $lang['Rank_title'], "L_RANK_MINIMUM" => $lang['Rank_minimum'], "L_SPECIAL_RANK" => $lang['Rank_special'], "L_EDIT" => $lang['Edit'], "L_DELETE" => $lang['Delete'], "L_ADD_RANK" => $lang['Add_new_rank'], "L_ACTION" => $lang['Action'], "S_RANKS_ACTION" => URL::admin($op)));
for ($i = 0; $i < $rank_count; $i++) {
$rank = $rank_rows[$i]['rank_title'];
$special_rank = $rank_rows[$i]['rank_special'];
$rank_id = $rank_rows[$i]['rank_id'];
$rank_min = $rank_rows[$i]['rank_min'];
if ($special_rank == 1) {
$rank_min = $rank_max = "-";
}
$row_color = !($i % 2) ? $bgcolor2 : $bgcolor1;
$row_class = !($i % 2) ? 'row1' : 'row2';
$rank_is_special = $special_rank ? $lang['Yes'] : $lang['No'];
$template->assign_block_vars("ranks", array("ROW_COLOR" => $row_color, "ROW_CLASS" => $row_class, "RANK" => $rank, "SPECIAL_RANK" => $rank_is_special, "RANK_MIN" => $rank_min, "U_RANK_EDIT" => URL::admin("{$op}&mode=edit&id={$rank_id}"), "U_RANK_DELETE" => URL::admin("{$op}&mode=delete&id={$rank_id}")));
}
}
$template->display('body');
CloseTable();
}
private function do_insert_attachment($mode, $message_type, $message_id)
{
global $db, $upload_dir;
if (intval($message_id) < 0) {
return FALSE;
}
if ($message_type == 'pm') {
global $userdata, $to_userdata;
$post_id = 0;
$privmsgs_id = $message_id;
$user_id_1 = $userdata['user_id'];
$user_id_2 = $to_userdata['user_id'];
} else {
if ($message_type = 'post') {
global $post_info, $userdata;
$post_id = $message_id;
$privmsgs_id = 0;
$user_id_1 = isset($post_info['poster_id']) ? $post_info['poster_id'] : 0;
$user_id_2 = 0;
if (!$user_id_1) {
$user_id_1 = $userdata['user_id'];
}
}
}
if ($mode == 'attach_list') {
for ($i = 0; $i < count($this->attachments); $i++) {
$this->attachments[$i]['comment'] = Fix_Quotes($this->attachments[$i]['comment']);
$this->attachments[$i]['real_filename'] = Fix_Quotes($this->attachments[$i]['real_filename']);
if ($this->attachments[$i]['attach_id'] > 0) {
//
// update entry in db if attachment already stored in db and filespace
//
$sql = "UPDATE " . ATTACHMENTS_DESC_TABLE . " \n\t\t\t\t\tSET comment = '" . trim($this->attachments[$i]['comment']) . "'\n\t\t\t\t\tWHERE attach_id = " . $this->attachments[$i]['attach_id'];
$db->sql_query($sql);
} else {
//
// insert attachment into db
//
$sql = "INSERT INTO " . ATTACHMENTS_DESC_TABLE . " (physical_filename, real_filename, comment, extension, mimetype, filesize, filetime, thumbnail) \n\t\t\t\t\tVALUES ( '" . $this->attachments[$i]['physical_filename'] . "', '" . $this->attachments[$i]['real_filename'] . "', '" . trim($this->attachments[$i]['comment']) . "', '" . $this->attachments[$i]['extension'] . "', '" . $this->attachments[$i]['mimetype'] . "', " . $this->attachments[$i]['filesize'] . ", " . $this->attachments[$i]['filetime'] . ", " . $this->attachments[$i]['thumbnail'] . ")";
$db->sql_query($sql);
$attach_id = $db->sql_nextid('attach_id');
$sql = 'INSERT INTO ' . ATTACHMENTS_TABLE . ' (attach_id, post_id, privmsgs_id, user_id_1, user_id_2) VALUES (' . $attach_id . ', ' . $post_id . ', ' . $privmsgs_id . ', ' . $user_id_1 . ', ' . $user_id_2 . ')';
$db->sql_query($sql);
}
}
return TRUE;
}
if ($mode == 'last_attachment') {
if ($this->post_attach && !isset($_POST['update_attachment'])) {
//
// insert attachment into db, here the user submited it directly
//
$sql = "INSERT INTO " . ATTACHMENTS_DESC_TABLE . " (physical_filename, real_filename, comment, extension, mimetype, filesize, filetime, thumbnail) \n\t\t\t\tVALUES ( '" . $this->attach_filename . "', '" . Fix_Quotes($this->filename) . "', '" . trim(Fix_Quotes($this->file_comment)) . "', '" . $this->extension . "', '" . $this->type . "', " . $this->filesize . ", " . $this->filetime . ", " . $this->thumbnail . ")";
$db->sql_query($sql);
$attach_id = $db->sql_nextid('attach_id');
$sql = 'INSERT INTO ' . ATTACHMENTS_TABLE . ' (attach_id, post_id, privmsgs_id, user_id_1, user_id_2)
VALUES (' . $attach_id . ', ' . $post_id . ', ' . $privmsgs_id . ', ' . $user_id_1 . ', ' . $user_id_2 . ')';
$db->sql_query($sql);
}
}
}
private function loginadmin()
{
$aid = isset($_POST['alogin']) ? Fix_Quotes($_POST['alogin']) : NULL;
$pwd = isset($_POST['pwd']) ? $_POST['pwd'] : NULL;
if ($aid && $pwd) {
global $sec_code, $CPG_SESS;
if ($sec_code & 1) {
$gfxid = isset($_POST['gfxid']) ? $_POST['gfxid'] : 0;
$code = $CPG_SESS['gfx'][$gfxid];
$gfx_check = isset($_POST['gfx_check']) ? $_POST['gfx_check'] : '';
if (strlen($gfx_check) < 2 || $code != $gfx_check) {
return false;
}
}
global $db, $prefix;
$pwd = md5($pwd);
$result = $db->sql_query('SELECT * FROM ' . $prefix . "_admins WHERE aid='{$aid}'");
$row = $db->sql_fetchrow($result, SQL_ASSOC);
if (isset($row['admin_id'])) {
if (!($login = Cache::array_load('login', 'a', false)) || !isset($login[$row['admin_id']])) {
$login[$row['admin_id']] = 1;
} else {
if ($login[$row['admin_id']] >= 5) {
cpg_error('Too many failed login attempts');
} else {
$login[$row['admin_id']]++;
}
}
if ($row['pwd'] == $pwd && $row['pwd'] != '') {
$this->setadmcookie(true, $row['admin_id'], $pwd, isset($_POST['persistent']));
unset($row['pwd']);
$this->admin = $row;
$this->admin_id = $row['aid'];
$this->demo = CPGN_DEMO && false !== strpos($this->admin_id, 'demo');
unset($CPG_SESS['admin']);
$login[$row['admin_id']] = 1;
}
Cache::array_save('login', 'a', $login);
}
}
return $this->admin_id;
}
function DownloadsModEditorial()
{
global $downloadsprefix, $db;
$db->sql_query("update " . $downloadsprefix . "_editorials set editorialtext='" . Fix_Quotes($_POST['editorialtext']) . "', editorialtitle='" . Fix_Quotes($_POST['editorialtitle']) . "' where downloadid=" . intval($_POST['downloadid']));
url_redirect(adminlink("&mode=DownloadsModDownload&lid={$downloadid}"));
}
}
}
$template->assign_vars(array("WORD" => isset($word_info['word']) ? htmlprepare($word_info['word']) : '', "REPLACEMENT" => isset($word_info['replacement']) ? htmlprepare($word_info['replacement']) : '', "L_WORDS_TITLE" => $lang['Words_title'], "L_WORDS_TEXT" => $lang['Words_explain'], "L_WORD_CENSOR" => $lang['Edit_word_censor'], "L_WORD" => $lang['Word'], "L_REPLACEMENT" => $lang['Replacement'], "L_SUBMIT" => $lang['Submit'], "S_WORDS_ACTION" => URL::admin("&do=words"), "S_HIDDEN_FIELDS" => $s_hidden_fields));
} else {
if ($mode == "save") {
$word_id = isset($_POST['id']) ? intval($_POST['id']) : 0;
$word = isset($_POST['word']) ? trim($_POST['word']) : "";
$replacement = isset($_POST['replacement']) ? trim($_POST['replacement']) : "";
if ($word == "" || $replacement == "") {
message_die(GENERAL_MESSAGE, $lang['Must_enter_word']);
}
if ($word_id) {
$sql = "UPDATE " . WORDS_TABLE . "\n\t\t\t\tSET word = '" . Fix_Quotes($word) . "', replacement = '" . Fix_Quotes($replacement) . "'\n\t\t\t\tWHERE word_id = {$word_id}";
$message = $lang['Word_updated'];
} else {
$sql = "INSERT INTO " . WORDS_TABLE . " (word, replacement)\n\t\t\t\tVALUES ('" . Fix_Quotes($word) . "', '" . Fix_Quotes($replacement) . "')";
$message = $lang['Word_added'];
}
if (!($result = $db->sql_query($sql))) {
message_die(GENERAL_ERROR, "Could not insert data into words table", $lang['Error'], __LINE__, __FILE__, $sql);
}
$message .= "<br /><br />" . sprintf($lang['Click_return_wordadmin'], "<a href=\"" . URL::admin("&do=words") . "\">", "</a>") . "<br /><br />" . sprintf($lang['Click_return_admin_index'], "<a href=\"" . URL::admin($op) . "\">", "</a>");
message_die(GENERAL_MESSAGE, $message);
} else {
if ($mode == "delete") {
if (isset($_POST['id']) || isset($_GET['id'])) {
$word_id = isset($_POST['id']) ? $_POST['id'] : $_GET['id'];
$word_id = intval($word_id);
} else {
$word_id = 0;
}
//forum specific
//grab the forum name so we can confirm it
$db->sql_query("SELECT forum_name FROM " . FORUMS_TABLE . " WHERE forum_id = {$forum_id}");
$forum_row = $db->sql_fetchrowset($result);
$db->sql_freeresult($result);
$forum_name = $forum_row[0]['forum_name'];
$forum_text = $lang_icons_admin['remove003'];
}
$template->assign_vars(array('L_TITLE' => $lang_icons_admin['remove001'], 'L_EXPLAIN1' => $lang_icons_admin['remove002'], 'L_EXPLAIN2' => $forum_text, 'L_CONFIRM_REMOVE' => $lang_icons_admin['remove005'], 'ICON_TO_REMOVE_SRC' => $icon_url, 'FORUM_TO_REMOVE_FROM' => $forum_name, 'S_ACTION' => URL::admin("&do=topic_icons"), 'S_HIDDEN_FIELDS' => '<input type="hidden" name="icon_id" value="' . $icon_id . '">'));
return;
}
}
//check for add request
if (isset($_POST['addicon'])) {
$forum_ids = $_POST['forum_id_list'];
$icon_name = Fix_Quotes($_POST['icon_name']);
$icon_path = $_POST['icon_path'];
$global = $_POST['addglobal'];
//add global
if (isset($global) && !empty($icon_name) && !empty($icon_path)) {
$db->sql_query("INSERT INTO " . TOPIC_ICONS_TABLE . " (forum_id, icon_url, icon_name) VALUES(-1, '{$icon_path}', '{$icon_name}')");
} else {
if (!empty($forum_ids) && !empty($icon_name) && !empty($icon_path)) {
//add forum specific
//create the icon for each forum
for ($i = 0; $i < count($forum_ids); $i++) {
$forum_id = intval($forum_ids[$i]);
$db->sql_query("INSERT INTO " . TOPIC_ICONS_TABLE . " (forum_id, icon_url, icon_name) VALUES({$forum_id}, '{$icon_path}', '{$icon_name}')");
}
}
}
function addrating($ratinglid, $ratinguser, $rating, $ratinghost_name, $ratingcomments)
{
global $downloadsprefix, $db, $userinfo, $module_name, $MAIN_CFG, $module_name, $outsidewaitdays, $anonymous;
$passtest = true;
include "header.php";
completevoteheader();
if (is_user()) {
$ratinguser = $userinfo['user_id'];
} else {
if (isset($_POST['ratinguser'])) {
$ratinguser = "******";
} else {
$ratinguser = $anonymous;
}
}
$results3 = $db->sql_query("SELECT title FROM " . $downloadsprefix . "_downloads WHERE lid={$ratinglid}");
while (list($title) = $db->sql_fetchrow($results3)) {
$ttitle = $title;
}
/* Make sure only 1 anonymous from an IP in a single day. */
$ip = gethostbyaddr($_SERVER['REMOTE_ADDR']);
//returns ip on function failure
/* Check if Rating is Null */
if ($rating == "--") {
$error = "nullerror";
completevote($error);
$passtest = false;
}
/* Check if Download POSTER is voting (UNLESS Anonymous users allowed to post) */
if ($ratinguser != $anonymous && $ratinguser != "outside") {
$result = $db->sql_query("SELECT submitter FROM " . $downloadsprefix . "_downloads WHERE lid={$ratinglid}");
while (list($ratinguserDB) = $db->sql_fetchrow($result)) {
if ($ratinguserDB == $ratinguser) {
$error = "postervote";
completevote($error);
$passtest = false;
}
}
}
/* Check if REG user is trying to vote twice. */
if ($ratinguser != $anonymous && $ratinguser != "outside") {
$result = $db->sql_query("SELECT ratinguser FROM " . $downloadsprefix . "_votedata WHERE ratinglid={$ratinglid}");
while (list($ratinguserDB) = $db->sql_fetchrow($result)) {
if ($ratinguserDB == $ratinguser) {
$error = "regflood";
completevote($error);
$passtest = false;
}
}
}
/* Check if ANONYMOUS user is trying to vote more than once per day. */
if ($ratinguser == $anonymous) {
$yesterdaytimestamp = time() - 86400 * $MAIN_CFG[$module_name]['anonwaitdays'];
$ytsDB = Date("Y-m-d H:i:s", $yesterdaytimestamp);
$result = $db->sql_query("SELECT * FROM " . $downloadsprefix . "_votedata WHERE ratinglid={$ratinglid} AND ratinguser='******' AND ratinghostname = '{$ip}' AND TO_DAYS(NOW()) - TO_DAYS(ratingtimestamp) < " . $MAIN_CFG[$module_name]['anonwaitdays']);
$anonvotecount = $db->sql_numrows($result);
if ($anonvotecount >= 1) {
$error = "anonflood";
completevote($error);
$passtest = false;
}
}
/* Check if OUTSIDE user is trying to vote more than once per day. */
if ($ratinguser == "outside") {
$yesterdaytimestamp = time() - 86400 * $outsidewaitdays;
$ytsDB = Date("Y-m-d H:i:s", $yesterdaytimestamp);
$result = $db->sql_query("SELECT * FROM " . $downloadsprefix . "_votedata WHERE ratinglid={$ratinglid} AND ratinguser='******' AND ratinghostname = '{$ip}' AND TO_DAYS(NOW()) - TO_DAYS(ratingtimestamp) < {$outsidewaitdays}");
$outsidevotecount = $db->sql_numrows($result);
if ($outsidevotecount >= 1) {
$error = "outsideflood";
completevote($error);
$passtest = false;
}
}
/* Passed Tests */
if ($passtest) {
$ratingcomments = Fix_Quotes($ratingcomments);
/* All is well. Add to Line Item Rate to DB. */
$db->sql_query("INSERT into " . $downloadsprefix . "_votedata values (NULL,'{$ratinglid}', '{$ratinguser}', '{$rating}', '{$ip}', '{$ratingcomments}', now())");
/* All is well. Calculate Score & Add to Summary (for quick retrieval & sorting) to DB. */
/* NOTE: If weight is modified, ALL downloads need to be refreshed with new weight. */
/* Running a SQL statement with your modded calc for ALL downloads will accomplish this. */
$voteresult = $db->sql_query("SELECT rating, ratinguser, ratingcomments FROM " . $downloadsprefix . "_votedata WHERE ratinglid = {$ratinglid}");
$totalvotesDB = $db->sql_numrows($voteresult);
include "modules/{$module_name}/voteinclude.php";
$db->sql_query("UPDATE " . $downloadsprefix . "_downloads SET downloadratingsummary={$finalrating},totalvotes={$totalvotesDB},totalcomments={$truecomments} WHERE lid = {$ratinglid}");
$error = "none";
completevote($error);
}
completevotefooter($ratinglid, $ttitle, $ratinguser);
include "footer.php";
}
function update_user($user_id)
{
global $db, $CONFIG, $lang_usermgr_php, $lang_register_php;
$user_active_cp = $_POST['user_active_cp'];
$user_group_cp = $_POST['user_group_cp'];
$group_list = isset($_POST['group_list']) ? $_POST['group_list'] : '';
$username = isset($username) ? $username : '';
$sql = "SELECT user_id FROM {$CONFIG['TABLE_USERS']} WHERE username = '******' AND user_id != {$user_id}";
$result = $db->sql_query($sql);
if ($db->sql_numrows($result)) {
cpg_die(_ERROR, $lang_register_php['err_user_exists'], __FILE__, __LINE__);
return false;
}
$db->sql_freeresult($result);
$user_group_list = '';
if (is_array($group_list)) {
foreach ($group_list as $group) {
$user_group_list .= $group != $user_group_cp ? $group . ',' : '';
}
$user_group_list = substr($user_group_list, 0, -1);
}
$sql_update = "UPDATE {$CONFIG['TABLE_USERS']} SET " . "user_active_cp = '{$user_active_cp}', " . "user_group_cp = '{$user_group_cp}', " . "user_group_list_cp = '{$user_group_list}' " . "WHERE user_id = '{$user_id}'";
$db->sql_query($sql_update);
}
