Ejemplo n.º 1
0
             if (isset($_POST['sp_status_yes'])) {
                 $sp_status = 1;
             }
             if (isset($_POST['sp_status_no'])) {
                 $sp_status = 0;
             }
         } else {
             $sp_status = isset($_POST['sp_status']) ? 1 : 0;
         }
         $display .= PAGE_submit($sp_id, $sp_status, $sp_uid, isset($_POST['sp_title']) ? $_POST['sp_title'] : '', isset($_POST['sp_content']) ? $_POST['sp_content'] : '', isset($_POST['sp_hits']) ? COM_applyFilter($_POST['sp_hits'], true) : 0, isset($_POST['sp_format']) ? COM_applyFilter($_POST['sp_format']) : '', isset($_POST['sp_onmenu']) ? $_POST['sp_onmenu'] : '', isset($_POST['sp_label']) ? $_POST['sp_label'] : '', isset($_POST['commentcode']) ? COM_applyFilter($_POST['commentcode'], true) : 0, isset($_POST['owner_id']) ? COM_applyFilter($_POST['owner_id'], true) : 2, isset($_POST['group_id']) ? COM_applyFilter($_POST['group_id'], true) : 0, isset($_POST['perm_owner']) ? $_POST['perm_owner'] : '', isset($_POST['perm_group']) ? $_POST['perm_group'] : '', isset($_POST['perm_members']) ? $_POST['perm_members'] : '', isset($_POST['perm_anon']) ? $_POST['perm_anon'] : '', isset($_POST['sp_php']) ? $_POST['sp_php'] : '', isset($_POST['sp_nf']) ? $_POST['sp_nf'] : '', isset($_POST['sp_old_id']) ? COM_applyFilter($_POST['sp_old_id']) : '', isset($_POST['sp_nf']) ? $_POST['sp_centerblock'] : '', $sp_help, isset($_POST['sp_tid']) ? COM_applyFilter($_POST['sp_tid']) : '', isset($_POST['sp_where']) ? COM_applyFilter($_POST['sp_where'], true) : 0, isset($_POST['sp_inblock']) ? $_POST['sp_inblock'] : '', isset($_POST['postmode']) ? COM_applyFilter($_POST['postmode']) : '', isset($_POST['sp_search']) ? 1 : 0);
     } else {
         $display = COM_refresh($_CONF['site_admin_url'] . '/index.php');
     }
 } else {
     //token expired?
     SEC_setCookie($_CONF['cookie_name'] . 'adveditor', SEC_createTokenGeneral('advancededitor'), time() + 1200, $_CONF['cookie_path'], $_CONF['cookiedomain'], $_CONF['cookiesecure'], false);
     $display .= COM_siteHeader('menu', $LANG_STATIC['staticpageeditor']);
     $display .= COM_showMessage(501);
     $editor = '';
     if (isset($_GET['editor'])) {
         $editor = COM_applyFilter($_GET['editor']);
     }
     // $mode = 'edit';
     $owner_id = $_POST['owner_id'];
     $group_id = $_POST['group_id'];
     $perm_owner = $_POST['perm_owner'];
     $perm_group = $_POST['perm_group'];
     $perm_members = $_POST['perm_members'];
     $perm_anon = $_POST['perm_anon'];
     list($perm_owner, $perm_group, $perm_members, $perm_anon) = SEC_getPermissionValues($perm_owner, $perm_group, $perm_members, $perm_anon);
     $_POST['perm_owner'] = $perm_owner;
Ejemplo n.º 2
0
             // OAuth authentication error
         }
         $consumer->doAction($oauth_userinfo);
     }
     //  end OAuth authentication method(s)
 } else {
     $status = -2;
 }
 if ($status == USER_ACCOUNT_ACTIVE || $status == USER_ACCOUNT_AWAITING_ACTIVATION) {
     // logged in AOK.
     SESS_completeLogin($uid);
     $_GROUPS = SEC_getUserGroups($_USER['uid']);
     $_RIGHTS = explode(',', SEC_getUserPermissions());
     if ($_SYSTEM['admin_session'] > 0 && $local_login) {
         if (SEC_isModerator() || SEC_hasRights('story.edit,block.edit,topic.edit,user.edit,plugin.edit,user.mail,syndication.edit', 'OR') || count(PLG_getAdminOptions()) > 0) {
             $admin_token = SEC_createTokenGeneral('administration', $_SYSTEM['admin_session']);
             SEC_setCookie('token', $admin_token, 0, $_CONF['cookie_path'], $_CONF['cookiedomain'], $_CONF['cookiesecure'], true);
         }
     }
     if (!isset($_USER['theme'])) {
         $_USER['theme'] = $_CONF['theme'];
         $_CONF['path_layout'] = $_CONF['path_themes'] . $_USER['theme'] . '/';
         $_CONF['layout_url'] = $_CONF['site_url'] . '/layout/' . $_USER['theme'];
         if ($_CONF['allow_user_themes'] == 1) {
             if (isset($_COOKIE[$_CONF['cookie_theme']])) {
                 $theme = COM_sanitizeFilename($_COOKIE[$_CONF['cookie_theme']], true);
                 if (is_dir($_CONF['path_themes'] . $theme)) {
                     $_USER['theme'] = $theme;
                     $_CONF['path_layout'] = $_CONF['path_themes'] . $theme . '/';
                     $_CONF['layout_url'] = $_CONF['site_url'] . '/layout/' . $theme;
                 }
Ejemplo n.º 3
0
/**
* Shows the story submission form
*
*/
function submitstory($topic = '')
{
    global $_CONF, $_TABLES, $_USER, $LANG12, $LANG24, $REMOTE_ADDR;
    $retval = '';
    $story = new Story();
    if (isset($_POST['mode']) && $_POST['mode'] == $LANG12[32]) {
        // preview
        $story->loadSubmission();
        $retval .= COM_startBlock($LANG12[32]) . STORY_renderArticle($story, 'p') . COM_endBlock();
        $retval .= '<div style="border-bottom:1px solid #cccccc"></div>';
    } else {
        $story->initSubmission($topic);
        $story->loadSubmission();
    }
    if ($_CONF['story_submit_by_perm_only']) {
        $topicList = COM_topicList('tid,topic', $story->EditElements('tid'), 1, false, 3);
    } else {
        $topicList = COM_topicList('tid,topic', $story->EditElements('tid'));
    }
    // no topics
    if ($topicList == '') {
        $retval = COM_showMessageText($LANG24[66], '', 1, 'error');
        return $retval;
    }
    $retval .= COM_startBlock($LANG12[6]);
    $storyform = new Template($_CONF['path_layout'] . 'submit');
    $storyform->set_file('storyform', 'submitstory.thtml');
    if ($story->EditElements('postmode') == 'html') {
        $storyform->set_var('show_htmleditor', true);
    } else {
        $storyform->unset_var('show_htmleditor');
    }
    $storyform->set_var('site_admin_url', $_CONF['site_admin_url']);
    $storyform->set_var('lang_username', $LANG12[27]);
    if (!COM_isAnonUser()) {
        $storyform->set_var('story_username', $_USER['username']);
        $storyform->set_var('author', COM_getDisplayName());
        $storyform->set_var('status_url', $_CONF['site_url'] . '/users.php?mode=logout');
        $storyform->set_var('lang_loginout', $LANG12[34]);
    } else {
        $storyform->set_var('status_url', $_CONF['site_url'] . '/users.php');
        $storyform->set_var('lang_loginout', $LANG12[2]);
        if (!$_CONF['disable_new_user_registration']) {
            $storyform->set_var('separator', ' | ');
            $storyform->set_var('seperator', ' | ');
            $storyform->set_var('create_account', COM_createLink($LANG12[53], $_CONF['site_url'] . '/users.php?mode=new', array('rel' => "nofollow")));
        }
    }
    $storyform->set_var('lang_title', $LANG12[10]);
    $storyform->set_var('story_title', $story->EditElements('title'));
    $storyform->set_var('lang_topic', $LANG12[28]);
    $storyform->set_var('story_topic_options', $topicList);
    /*
        if ( $_CONF['story_submit_by_perm_only'] ) {
            $storyform->set_var('story_topic_options', COM_topicList('tid,topic',$story->EditElements('tid'),1,false,3));
        } else {
            $storyform->set_var('story_topic_options', COM_topicList('tid,topic',$story->EditElements('tid')));
        }
    */
    $storyform->set_var('lang_story', $LANG12[29]);
    $storyform->set_var('lang_introtext', $LANG12[54]);
    $storyform->set_var('lang_bodytext', $LANG12[55]);
    $storyform->set_var('story_introtext', $story->EditElements('introtext'));
    $storyform->set_var('story_bodytext', $story->EditElements('bodytext'));
    $storyform->set_var('lang_postmode', $LANG12[36]);
    $storyform->set_var('story_postmode_options', COM_optionList($_TABLES['postmodes'], 'code,name', $story->EditElements('postmode')));
    $storyform->set_var('postmode', $story->EditElements('postmode'));
    $storyform->set_var('allowed_html', COM_allowedHTML(SEC_getUserPermissions(), false, 'glfusion', 'story') . '<br/>' . COM_allowedAutotags(SEC_getUserPermissions(), false, 'glfusion', 'story'));
    $storyform->set_var('story_uid', $story->EditElements('uid'));
    $storyform->set_var('story_sid', $story->EditElements('sid'));
    $storyform->set_var('story_date', $story->EditElements('unixdate'));
    PLG_templateSetVars('story', $storyform);
    if ($_CONF['skip_preview'] == 1 || isset($_POST['mode']) && $_POST['mode'] == $LANG12[32]) {
        $storyform->set_var('save_button', '<input name="mode" type="submit" value="' . $LANG12[8] . '"' . XHTML . '>');
    }
    $storyform->set_var('lang_preview', $LANG12[32]);
    $storyform->parse('theform', 'storyform');
    $retval .= $storyform->finish($storyform->get_var('theform'));
    $retval .= COM_endBlock();
    $urlfor = 'advancededitor';
    if (COM_isAnonUser()) {
        $urlfor = 'advancededitor' . md5($REMOTE_ADDR);
    }
    $rc = @setcookie($_CONF['cookie_name'] . 'adveditor', SEC_createTokenGeneral($urlfor), time() + 1200, $_CONF['cookie_path'], $_CONF['cookiedomain'], $_CONF['cookiesecure']);
    return $retval;
}
Ejemplo n.º 4
0
function MG_HTML5Upload($album_id)
{
    global $album_jumpbox, $album_selectbox, $MG_albums, $_FILES, $_USER, $_CONF, $_TABLES, $_MG_CONF, $LANG_MG00, $LANG_MG01, $LANG_MG02, $LANG_MG03, $_POST;
    $retval = '';
    $valid_albums = 0;
    $level = 0;
    $select = $album_id;
    if ($_MG_CONF['verbose']) {
        COM_errorLog('***Inside MG_HTML5Upload()***');
    }
    // construct the album selectbox ...
    $album_selectbox = '<select name="album_id" onChange="onAlbumChange()">';
    $valid_albums += $MG_albums[0]->buildAlbumBox($select, 3, -1, 'upload');
    $album_selectbox .= '</select>';
    // tell the flash uploader what the maximum file size can be.
    $file_size_limit = MG_getUploadLimit($album_id) . ' B';
    if ($_MG_CONF['verbose']) {
        COM_errorLog('file_size_limit=' . $file_size_limit);
    }
    // determine the valid filetypes for the current album
    $allowed_file_types = MG_getValidFileTypes($album_id);
    if ($_MG_CONF['verbose']) {
        COM_errorLog('allowed_file_types=' . $allowed_file_types);
    }
    $user_id = $_USER['uid'];
    $user_token = SEC_createTokenGeneral('html5upload', 14400);
    $T = new Template(MG_getTemplatePath($album_id));
    $T->set_file('mupload', 'html5upload.thtml');
    $T->set_var(array('site_url' => $_MG_CONF['site_url'], 'album_id' => $album_id, 'album_select' => $album_selectbox, 'lang_destination' => $LANG_MG01['destination_album'], 'user_id' => $user_id, 'user_token' => $user_token, 'html5upload_usage' => $LANG_MG01['html5upload_usage'], 'html5upload_allowed_types' => $LANG_MG01['html5upload_allowed_types'], 'html5upload_file_types' => $allowed_file_types, 'html5upload_file_size_limit' => $LANG_MG01['html5upload_file_size_limit'], 'html5upload_size_limit' => $file_size_limit));
    $T->parse('output', 'mupload');
    $retval .= $T->finish($T->get_var('output'));
    return $retval;
}
Ejemplo n.º 5
0
/**
* Complete the login process - setup new session
*
* Complete the login process - create new session for user
*
* @param    int     $uid        User ID of logged in user
* @return   none
*
*/
function SESS_completeLogin($uid)
{
    global $_TABLES, $_CONF, $_SYSTEM, $_USER;
    $request_ip = !empty($_SERVER['REMOTE_ADDR']) ? htmlspecialchars($_SERVER['REMOTE_ADDR']) : '';
    // build the $_USER array
    $userdata = SESS_getUserDataFromId($uid);
    $_USER = $userdata;
    // save old session data
    $savedSessionData = json_encode($_SESSION);
    // create the session
    $sessid = SESS_newSession($_USER['uid'], $request_ip, $_CONF['session_cookie_timeout']);
    if (isset($_COOKIE[$_CONF['cookie_session']])) {
        $cookie_domain = $_CONF['cookiedomain'];
        $cookie_path = $_CONF['cookie_path'];
        setcookie($_COOKIE[$_CONF['cookie_session']], '', time() - 42000, $cookie_path, $cookie_domain, $_CONF['cookiesecure'], true);
    }
    session_id($sessid);
    session_start();
    $_SESSION = json_decode($savedSessionData, true);
    // initialize session counter
    SESS_setVar('session.counter', 1);
    if (!isset($_USER['tzid']) || empty($_USER['tzid'])) {
        $_USER['tzid'] = $_CONF['timezone'];
    }
    // Let plugins act on login event
    PLG_loginUser($_USER['uid']);
    // check and see if they have remember me set
    $cooktime = (int) $_USER['cookietimeout'];
    if ($cooktime > 0) {
        $cookieTimeout = time() + $cooktime;
        $token_ttl = $cooktime;
        // set userid cookie
        SEC_setCookie($_CONF['cookie_name'], $_USER['uid'], $cookieTimeout, $_CONF['cookie_path'], $_CONF['cookiedomain'], $_CONF['cookiesecure'], true);
        $ltToken = SEC_createTokenGeneral('ltc', $token_ttl);
        // set long term cookie
        SEC_setCookie($_CONF['cookie_password'], $ltToken, $cookieTimeout, $_CONF['cookie_path'], $_CONF['cookiedomain'], $_CONF['cookiesecure'], true);
    }
    DB_query("UPDATE {$_TABLES['users']} set remote_ip='" . DB_escapeString($request_ip) . "' WHERE uid=" . (int) $_USER['uid'], 1);
    if ($_CONF['allow_user_themes']) {
        // set theme cookie (or update it )
        SEC_setcookie($_CONF['cookie_theme'], $_USER['theme'], time() + 31536000, $_CONF['cookie_path'], $_CONF['cookiedomain'], $_CONF['cookiesecure'], true);
    }
}
Ejemplo n.º 6
0
/**
* Saves the user's information back to the database
*
* @A        array       User's data
*
*/
function saveuser($A)
{
    global $_CONF, $_TABLES, $_USER, $LANG04, $LANG24, $_US_VERBOSE;
    if ($_US_VERBOSE) {
        COM_errorLog('**** Inside saveuser in usersettings.php ****', 1);
    }
    $reqid = DB_getItem($_TABLES['users'], 'pwrequestid', "uid = " . (int) $_USER['uid']);
    if ($reqid != $A['uid']) {
        DB_change($_TABLES['users'], 'pwrequestid', "NULL", 'uid', (int) $_USER['uid']);
        COM_accessLog("An attempt was made to illegally change the account information of user {$_USER['uid']}.");
        return COM_refresh($_CONF['site_url'] . '/index.php');
    }
    if (isset($_POST['merge'])) {
        if (COM_applyFilter($_POST['remoteuid'], true) != $_USER['uid']) {
            echo COM_refresh($_CONF['site_url'] . '/usersettings.php?mode=edit');
        }
        USER_mergeAccounts();
    }
    // If not set or possibly removed from template - initialize variable
    if (!isset($A['cooktime'])) {
        $A['cooktime'] = 0;
    } else {
        $A['cooktime'] = COM_applyFilter($A['cooktime'], true);
    }
    // If empty or invalid - set to user default
    // So code after this does not fail the user password required test
    if ($A['cooktime'] < 0) {
        // note that == 0 is allowed!
        $A['cooktime'] = $_USER['cookietimeout'];
    }
    // to change the password, email address, or cookie timeout,
    // we need the user's current password
    $account_type = DB_getItem($_TABLES['users'], 'account_type', "uid = {$_USER['uid']}");
    $service = DB_getItem($_TABLES['users'], 'remoteservice', "uid = {$_USER['uid']}");
    if ($service == '') {
        $current_password = DB_getItem($_TABLES['users'], 'passwd', "uid = {$_USER['uid']}");
        if (!empty($A['newp']) || $A['email'] != $_USER['email'] || $A['cooktime'] != $_USER['cookietimeout']) {
            if (empty($A['passwd']) || !SEC_check_hash($A['passwd'], $current_password)) {
                return COM_refresh($_CONF['site_url'] . '/usersettings.php?msg=83');
            } elseif ($_CONF['custom_registration'] && function_exists('CUSTOM_userCheck')) {
                $ret = CUSTOM_userCheck($A['username'], $A['email']);
                if (!empty($ret)) {
                    // Need a numeric return for the default message handler
                    // - if not numeric use default message
                    if (!is_numeric($ret)) {
                        $ret['number'] = 97;
                    }
                    return COM_refresh("{$_CONF['site_url']}/usersettings.php?msg={$ret}");
                }
            }
        } elseif ($_CONF['custom_registration'] && function_exists('CUSTOM_userCheck')) {
            $ret = CUSTOM_userCheck($A['username'], $A['email']);
            if (!empty($ret)) {
                // Need a numeric return for the default message hander - if not numeric use default message
                // - if not numeric use default message
                if (!is_numeric($ret)) {
                    $ret = 97;
                }
                return COM_refresh("{$_CONF['site_url']}/usersettings.php?msg={$ret}");
            }
        }
    }
    // Let plugins have a chance to decide what to do before saving the user, return errors.
    $msg = PLG_itemPreSave('useredit', $A['username']);
    if (!empty($msg)) {
        // need a numeric return value - otherwise use default message
        if (!is_numeric($msg)) {
            $msg = 97;
        }
        return COM_refresh("{$_CONF['site_url']}/usersettings.php?msg={$msg}");
    }
    // no need to filter the password as it's encoded anyway
    if ($_CONF['allow_username_change'] == 1) {
        $A['new_username'] = $A['new_username'];
        if (!empty($A['new_username']) && USER_validateUsername($A['new_username']) && $A['new_username'] != $_USER['username']) {
            $A['new_username'] = DB_escapeString($A['new_username']);
            if (DB_count($_TABLES['users'], 'username', $A['new_username']) == 0) {
                if ($_CONF['allow_user_photo'] == 1) {
                    $photo = DB_getItem($_TABLES['users'], 'photo', "uid = " . (int) $_USER['uid']);
                    if (!empty($photo) && strstr($photo, $_USER['username']) !== false) {
                        $newphoto = preg_replace('/' . $_USER['username'] . '/', $_USER['uid'], $photo, 1);
                        $imgpath = $_CONF['path_images'] . 'userphotos/';
                        @rename($imgpath . $photo, $imgpath . $newphoto);
                        DB_change($_TABLES['users'], 'photo', DB_escapeString($newphoto), "uid", (int) $_USER['uid']);
                    }
                }
                DB_change($_TABLES['users'], 'username', $A['new_username'], "uid", (int) $_USER['uid']);
            } else {
                return COM_refresh($_CONF['site_url'] . '/usersettings.php?msg=51');
            }
        }
    }
    // a quick spam check with the unfiltered field contents
    $profile = '<h1>' . $LANG04[1] . ' ' . $_USER['username'] . '</h1><p>';
    // this is a hack, for some reason remoteservice links made SPAMX SLV check barf
    if (empty($service)) {
        $profile .= COM_createLink($A['homepage'], $A['homepage']) . '<br />';
    }
    $profile .= $A['location'] . '<br />' . $A['sig'] . '<br />' . $A['about'] . '<br />' . $A['pgpkey'] . '</p>';
    $result = PLG_checkforSpam($profile, $_CONF['spamx']);
    if ($result > 0) {
        COM_displayMessageAndAbort($result, 'spamx', 403, 'Forbidden');
    }
    $A['email'] = COM_applyFilter($A['email']);
    $A['email_conf'] = COM_applyFilter($A['email_conf']);
    $A['homepage'] = COM_applyFilter($A['homepage']);
    // basic filtering only
    $A['fullname'] = COM_truncate(trim(USER_sanitizeName($A['fullname'])), 80);
    $A['location'] = strip_tags($A['location']);
    $A['sig'] = strip_tags($A['sig']);
    $A['about'] = strip_tags($A['about']);
    $A['pgpkey'] = strip_tags($A['pgpkey']);
    if (!COM_isEmail($A['email'])) {
        return COM_refresh($_CONF['site_url'] . '/usersettings.php?msg=52');
    } else {
        if ($A['email'] !== $A['email_conf']) {
            return COM_refresh($_CONF['site_url'] . '/usersettings.php?msg=78');
        } else {
            if (emailAddressExists($A['email'], $_USER['uid'])) {
                return COM_refresh($_CONF['site_url'] . '/usersettings.php?msg=56');
            } else {
                if ($service == '') {
                    if (!empty($A['newp'])) {
                        $A['newp'] = trim($A['newp']);
                        $A['newp_conf'] = trim($A['newp_conf']);
                        if ($A['newp'] == $A['newp_conf'] && SEC_check_hash($A['passwd'], $current_password)) {
                            $passwd = SEC_encryptPassword($A['newp']);
                            DB_change($_TABLES['users'], 'passwd', DB_escapeString($passwd), "uid", (int) $_USER['uid']);
                            if ($A['cooktime'] > 0) {
                                $cooktime = $A['cooktime'];
                                $token_ttl = $A['cooktime'];
                            } else {
                                $cooktime = 0;
                                $token_ttl = 14400;
                            }
                            $ltToken = SEC_createTokenGeneral('ltc', $token_ttl);
                            SEC_setCookie($_CONF['cookie_password'], $ltToken, time() + $cooktime);
                        } elseif (!SEC_check_hash($A['passwd'], $current_password)) {
                            return COM_refresh($_CONF['site_url'] . '/usersettings.php?msg=68');
                        } elseif ($A['newp'] != $A['newp_conf']) {
                            return COM_refresh($_CONF['site_url'] . '/usersettings.php?msg=67');
                        }
                    }
                } else {
                    // Cookie
                    if ($A['cooktime'] > 0) {
                        $cooktime = $A['cooktime'];
                    } else {
                        $cooktime = 0;
                    }
                    $ltToken = SEC_createTokenGeneral('ltc', $cooktime);
                    SEC_setCookie($_CONF['cookie_password'], $ltToken, time() + $cooktime);
                }
                if ($_US_VERBOSE) {
                    COM_errorLog('cooktime = ' . $A['cooktime'], 1);
                }
                if ($A['cooktime'] <= 0) {
                    $cookie_timeout = 0;
                    $token_ttl = 14400;
                } else {
                    $cookie_timeout = time() + $A['cooktime'];
                    $token_ttl = $A['cooktime'];
                }
                SEC_setCookie($_CONF['cookie_name'], $_USER['uid'], $cookie_timeout, $_CONF['cookie_path'], $_CONF['cookiedomain'], $_CONF['cookiesecure'], true);
                DB_query("DELETE FROM {$_TABLES['tokens']} WHERE owner_id=" . (int) $_USER['uid'] . " AND urlfor='ltc'");
                if ($cookie_timeout > 0) {
                    $ltToken = SEC_createTokenGeneral('ltc', $token_ttl);
                    SEC_setCookie($_CONF['cookie_password'], $ltToken, $cookie_timeout, $_CONF['cookie_path'], $_CONF['cookiedomain'], $_CONF['cookiesecure'], true);
                } else {
                    SEC_setCookie($_CONF['cookie_password'], '', -10000, $_CONF['cookie_path'], $_CONF['cookiedomain'], $_CONF['cookiesecure'], true);
                }
                if ($_CONF['allow_user_photo'] == 1) {
                    $delete_photo = '';
                    if (isset($A['delete_photo'])) {
                        $delete_photo = $A['delete_photo'];
                    }
                    $filename = handlePhotoUpload($delete_photo);
                }
                if (!empty($A['homepage'])) {
                    $pos = MBYTE_strpos($A['homepage'], ':');
                    if ($pos === false) {
                        $A['homepage'] = 'http://' . $A['homepage'];
                    } else {
                        $prot = substr($A['homepage'], 0, $pos + 1);
                        if ($prot != 'http:' && $prot != 'https:') {
                            $A['homepage'] = 'http:' . substr($A['homepage'], $pos + 1);
                        }
                    }
                    $A['homepage'] = DB_escapeString($A['homepage']);
                }
                $A['fullname'] = DB_escapeString($A['fullname']);
                $A['email'] = DB_escapeString($A['email']);
                $A['location'] = DB_escapeString($A['location']);
                $A['sig'] = DB_escapeString($A['sig']);
                $A['about'] = DB_escapeString($A['about']);
                $A['pgpkey'] = DB_escapeString($A['pgpkey']);
                if (!empty($filename)) {
                    if (!file_exists($_CONF['path_images'] . 'userphotos/' . $filename)) {
                        $filename = '';
                    }
                }
                DB_query("UPDATE {$_TABLES['users']} SET fullname='{$A['fullname']}',email='{$A['email']}',homepage='{$A['homepage']}',sig='{$A['sig']}',cookietimeout=" . (int) $A['cooktime'] . ",photo='" . DB_escapeString($filename) . "' WHERE uid=" . (int) $_USER['uid']);
                DB_query("UPDATE {$_TABLES['userinfo']} SET pgpkey='{$A['pgpkey']}',about='{$A['about']}',location='{$A['location']}' WHERE uid=" . (int) $_USER['uid']);
                // Call custom registration save function if enabled and exists
                if ($_CONF['custom_registration'] and function_exists('CUSTOM_userSave')) {
                    CUSTOM_userSave($_USER['uid']);
                }
                PLG_userInfoChanged((int) $_USER['uid']);
                // at this point, the user information has been saved, but now we're going to check to see if
                // the user has requested resynchronization with their remoteservice account
                $msg = 5;
                // default msg = Your account information has been successfully saved
                if (isset($A['resynch'])) {
                    if ($_CONF['user_login_method']['oauth'] && strpos($_USER['remoteservice'], 'oauth.') === 0) {
                        $modules = SEC_collectRemoteOAuthModules();
                        $active_service = count($modules) == 0 ? false : in_array(substr($_USER['remoteservice'], 6), $modules);
                        if (!$active_service) {
                            $status = -1;
                            $msg = 115;
                            // Remote service has been disabled.
                        } else {
                            require_once $_CONF['path_system'] . 'classes/oauthhelper.class.php';
                            $service = substr($_USER['remoteservice'], 6);
                            $consumer = new OAuthConsumer($service);
                            $callback_url = $_CONF['site_url'];
                            $consumer->setRedirectURL($callback_url);
                            $user = $consumer->authenticate_user();
                            $consumer->doSynch($user);
                        }
                    }
                    if ($msg != 5) {
                        $msg = 114;
                        // Account saved but re-synch failed.
                        COM_errorLog($MESSAGE[$msg]);
                    }
                }
                PLG_profileExtrasSave();
                PLG_profileSave();
                if ($_US_VERBOSE) {
                    COM_errorLog('**** Leaving saveuser in usersettings.php ****', 1);
                }
                return COM_refresh($_CONF['site_url'] . '/users.php?mode=profile&amp;uid=' . $_USER['uid'] . '&amp;msg=' . $msg);
            }
        }
    }
}
Ejemplo n.º 7
0
 /**
  *  Creates the edit form.
  *
  *  @param  integer $id Optional ID, current record used if zero
  *  @return string      HTML for edit form
  */
 public function showForm()
 {
     global $_TABLES, $_CONF, $_PP_CONF, $LANG_PP, $_SYSTEM;
     $T = new Template(PAYPAL_PI_PATH . '/templates');
     if ($_SYSTEM['framework'] == 'uikit') {
         $T->set_file('category', 'category_form.uikit.thtml');
     } else {
         $T->set_file('category', 'category_form.thtml');
     }
     $id = $this->cat_id;
     // If we have a nonzero category ID, then we edit the existing record.
     // Otherwise, we're creating a new item.  Also set the $not and $items
     // values to be used in the parent category selection accordingly.
     if ($id > 0) {
         $retval = COM_startBlock($LANG_PP['edit'] . ': ' . $this->cat_name);
         $T->set_var('cat_id', $id);
         $not = 'NOT';
         $items = $id;
     } else {
         $retval = COM_startBlock($LANG_PP['create_category']);
         $T->set_var('cat_id', '');
         $not = '';
         $items = '';
     }
     $T->set_var(array('action_url' => PAYPAL_ADMIN_URL, 'pi_url' => PAYPAL_URL, 'cat_name' => $this->cat_name, 'description' => $this->description, 'ena_chk' => $this->enabled == 1 ? 'checked="checked"' : '', 'parent_sel' => PAYPAL_recurseCats('PAYPAL_callbackCatOptionList', $this->parent_id, 0, '', $not, $items), 'group_sel' => SEC_getGroupDropdown($this->grp_access, 3, 'grp_access'), 'doc_url' => PAYPAL_getDocURL('category_form')));
     if ($this->image != '') {
         $T->set_var('img_url', PAYPAL_PI_URL . '/images/categories/' . $this->image);
     }
     if (!$this->isUsed()) {
         $T->set_var('can_delete', 'true');
     }
     /*
             // Might want this later to set default buttons per category
             $T->set_block('product', 'BtnRow', 'BRow');
             foreach ($LANG_PP['buttons'] as $key=>$value) {
                 $T->set_var(array(
                     'btn_type'  => $key,
                     'btn_chk'   => isset($this->buttons[$key]) ? 
                                     'checked="checked"' : '',
                     'btn_name'  => $value,
                 ));
                 $T->parse('BRow', 'BtnRow', true);
             }*/
     // If there's an image for this category, display it and offer
     // a link to delete it
     if ($this->image != '') {
         $T->set_var('img_url', PAYPAL_URL . '/images/categories/' . $this->image);
         $T->set_var('del_img_url', PAYPAL_ADMIN_URL . '/index.php?action=delete_img&amp;img_id=' . $prow['img_id'] . '&amp;id=' . $this->id);
     }
     $retval .= $T->parse('output', 'category');
     @setcookie($_CONF['cookie_name'] . 'fckeditor', SEC_createTokenGeneral('advancededitor'), time() + 1200, $_CONF['cookie_path'], $_CONF['cookiedomain'], $_CONF['cookiesecure']);
     $retval .= COM_endBlock();
     return $retval;
 }
Ejemplo n.º 8
0
function FF_postEditor($postData, $forumData, $action, $viewMode)
{
    global $_CONF, $_TABLES, $_FF_CONF, $FF_userprefs, $_USER, $LANG_GF01, $LANG_GF02, $LANG_GF10, $REMOTE_ADDR;
    $retval = '';
    $editmoderator = false;
    $numAttachments = 0;
    $edit_val = '';
    $sticky_val = '';
    $locked_val = '';
    if (COM_isAnonUser()) {
        $uid = 1;
    } else {
        $uid = $_USER['uid'];
    }
    // initialize defaults
    if ($_FF_CONF['bbcode_disabled']) {
        $disable_bbcode_val = ' checked="checked"';
    } else {
        $disable_bbcode_val = '';
    }
    if ($_FF_CONF['smilies_disabled']) {
        $disable_smilies_val = ' checked="checked"';
    } else {
        $disable_smilies_val = '';
    }
    if ($_FF_CONF['urlparse_disabled']) {
        $disable_urlparse_val = ' checked="checked"';
    } else {
        $disable_urlparse_val = '';
    }
    // check postmode
    if (isset($postData['postmode'])) {
        // this means we are editing or previewing (or both)
        if (isset($postData['postmode_switch'])) {
            // means they selected a switch
            $chkpostmode = _ff_chkpostmode($postData['postmode'], $postData['postmode_switch']);
            if ($chkpostmode != $postData['postmode']) {
                $postData['postmode'] = $chkpostmode;
                $postData['postmode_switch'] = 0;
            }
        }
    } else {
        if ($_FF_CONF['post_htmlmode'] && $_FF_CONF['allow_html']) {
            $postData['postmode'] = 'html';
        } else {
            $postData['postmode'] = 'text';
        }
    }
    // verify postmode is allowed
    if ($postData['postmode'] == 'html' || $postData['postmode'] == 'HTML') {
        if ($_FF_CONF['allow_html'] || SEC_inGroup('Root') || SEC_hasRights('forum.html')) {
            $postData['postmode'] = 'html';
        } else {
            $postData['postmode'] = 'text';
        }
    }
    $postData['postmode_switch'] = 0;
    // action specific setup
    if ($action == 'edittopic' || $viewMode) {
        // need to see what options were checked...
        $status = 0;
        // get our options...
        if (isset($postData['disable_bbcode']) && $postData['disable_bbcode'] == 1) {
            $disable_bbcode_val = ' checked="checked"';
            $status += DISABLE_BBCODE;
        } else {
            $disable_bbcode_val = '';
        }
        if (isset($postData['disable_smilies']) && $postData['disable_smilies'] == 1) {
            $disable_smilies_val = ' checked="checked"';
            $status += DISABLE_SMILIES;
        } else {
            $disable_smilies_val = '';
        }
        if (isset($postData['disable_urlparse']) && $postData['disable_urlparse'] == 1) {
            $disable_urlparse_val = ' checked="checked"';
            $status += DISABLE_URLPARSE;
        } else {
            $disable_urlparse_val = '';
        }
    }
    // create our template
    $peTemplate = new Template($_CONF['path'] . 'plugins/forum/templates/');
    $peTemplate->set_file('posteditor', 'posteditor.thtml');
    if ($postData['postmode'] == 'html') {
        $peTemplate->set_var('html_mode', true);
    } else {
        $peTemplate->unset_var('html_mode');
    }
    if ($viewMode == PREVIEW_VIEW) {
        $peTemplate->set_var('preview_post', FF_previewPost($postData, $action));
    }
    $uniqueid = isset($postData['uniqueid']) ? COM_applyFilter($postData['uniqueid'], true) : mt_rand();
    $peTemplate->set_var('uniqueid', $uniqueid);
    if (SEC_inGroup($postData['use_attachment_grpid']) && $_FF_CONF['maxattachments'] > 0) {
        $peTemplate->set_var('use_attachments', true);
    }
    if ($action == 'newtopic') {
        $peTemplate->set_var('save_button', 'savetopic');
        $postmessage = $LANG_GF02['PostTopic'];
        $peTemplate->set_var('hidden_action', 'newtopic');
    }
    if ($action == 'edittopic') {
        $peTemplate->set_var('save_button', 'saveedit');
        if (isset($postData['forum']) && forum_modPermission($postData['forum'], $_USER['uid'], 'mod_edit')) {
            $editmoderator = true;
            $peTemplate->set_var('hidden_modedit', '1');
        } else {
            $peTemplate->set_var('hidden_modedit', '0');
            $editmoderator = false;
        }
        $postmessage = $LANG_GF02['EditTopic'];
        $peTemplate->set_var('hidden_action', 'edittopic');
        $peTemplate->set_var('hidden_editpost', 'yes');
        if ($editmoderator) {
            $username = $postData['name'];
        } elseif ($postData['uid'] > 1) {
            $username = COM_getDisplayName($postData['uid']);
        }
        $postData['comment'] = str_ireplace('</textarea>', '&lt;/textarea&gt;', $postData['comment']);
        if (isset($postData['pid'])) {
            $peTemplate->set_var('hidden_editpid', $postData['pid']);
        }
        $peTemplate->set_var('hidden_editid', $postData['id']);
        $edit_prompt = $LANG_GF02['msg190'] . '<br/><input type="checkbox" name="silentedit" ';
        if (isset($postData['silentedit']) && $postData['silentedit'] == 1 or !isset($postData['modedit']) and $_FF_CONF['silent_edit_default']) {
            $edit_prompt .= 'checked="checked" ';
            $edit_val = ' checked="checked" ';
        } else {
            $edit_val = '';
        }
        $edit_prompt .= 'value="1"/>';
        $peTemplate->set_var('attachments', '<div id="fileattachlist">' . _ff_showattachments($postData['id'], 'edit') . '</div>');
        $numAttachments = DB_Count($_TABLES['ff_attachments'], 'topic_id', $postData['id']);
        $allowedAttachments = $_FF_CONF['maxattachments'] - $numAttachments;
        $peTemplate->set_var('fcounter', $allowedAttachments);
    } else {
        $numAttachments = (int) DB_Count($_TABLES['ff_attachments'], 'topic_id', $uniqueid);
        $allowedAttachments = $_FF_CONF['maxattachments'] - $numAttachments;
        $peTemplate->set_var('fcounter', $allowedAttachments);
        $peTemplate->set_var('attachments', '');
        if ($uniqueid > 0) {
            $peTemplate->set_var('attachments', '<div id="fileattachlist">' . _ff_showattachments($uniqueid, 'edit') . '</div>');
        }
        $edit_prompt = '&nbsp;';
    }
    if ($action == 'newreply') {
        $peTemplate->set_var('save_button', 'savereply');
        $postmessage = $LANG_GF02['PostReply'];
        $peTemplate->set_var('hidden_action', 'newreply');
        if (!$viewMode) {
            $postData['subject'] = $LANG_GF01['RE'] . $postData['subject'];
        }
        $quoteid = isset($_GET['quoteid']) ? COM_applyFilter($_GET['quoteid'], true) : 0;
        $postData['mood'] = '';
        if ($quoteid > 0 && !$viewMode) {
            $quotesql = DB_query("SELECT * FROM {$_TABLES['ff_topic']} WHERE id=" . (int) $quoteid);
            $quotearray = DB_fetchArray($quotesql);
            $quotearray['name'] = urldecode($quotearray['name']);
            $quotearray['comment'] = $quotearray['comment'];
            $postData['comment'] = sprintf($_FF_CONF['quoteformat'], $quotearray['name'], $quotearray['comment']);
        }
        $postData['editpid'] = $postData['id'];
    }
    if ($_FF_CONF['use_sfs']) {
        $peTemplate->set_var('usesfs', 1);
    }
    if (COM_isAnonUser()) {
        if (!$_FF_CONF['use_sfs']) {
            $postData['email'] = '';
        }
        $peTemplate->set_var('anonymous_user', true);
        $peTemplate->set_var('post_message', $postmessage);
        $peTemplate->set_var('LANG_NAME', $LANG_GF02['msg33']);
        $peTemplate->set_var('name', htmlentities(strip_tags(COM_checkWords(trim(USER_sanitizeName(isset($postData['name']) ? $postData['name'] : ''))))), ENT_COMPAT, COM_getEncodingt());
        if (isset($postData['email'])) {
            $peTemplate->set_var('email', strip_tags($postData['email']));
        }
    } else {
        $peTemplate->set_var('member_user', true);
        $peTemplate->set_var('post_message', $postmessage);
        $peTemplate->set_var('LANG_NAME', $LANG_GF02['msg33']);
        if (!isset($username) or $username == '') {
            if ($action == 'edittopic') {
                if ($editmoderator) {
                    $username = $postData['name'];
                } else {
                    $username = COM_getDisplayName($_USER['uid']);
                }
            } else {
                $username = COM_getDisplayName($_USER['uid']);
            }
        }
        $peTemplate->set_var('username', $username);
        $peTemplate->set_var('xusername', urlencode($username));
    }
    $moodoptions = '';
    if ($_FF_CONF['show_moods']) {
        if (isset($postData['mood']) && $postData['mood'] != '') {
            $postData['mood'] = COM_applyFilter($postData['mood']);
        }
        if (!isset($postData['mood']) || $postData['mood'] == '') {
            $moodoptions = '<option value="" selected="selected">' . $LANG_GF01['NOMOOD'] . '</option>';
        }
        if ($dir = @opendir($_CONF['path_html'] . '/forum/images/moods')) {
            while (($file = readdir($dir)) !== false) {
                if (strlen($file) > 3 && substr(strtolower(trim($file)), -4, 4) == '.gif') {
                    $file = str_replace(array('.gif', '.jpg'), array('', ''), $file);
                    if (isset($postData['mood']) && $file == $postData['mood']) {
                        $moodoptions .= "<option selected=\"selected\">" . $file . "</option>";
                    } else {
                        $moodoptions .= "<option>" . $file . "</option>";
                    }
                } else {
                    $moodoptions .= '';
                }
            }
            closedir($dir);
        }
        $peTemplate->set_var('LANG_MOOD', $LANG_GF02['msg36']);
        $peTemplate->set_var('moodoptions', $moodoptions);
    }
    $sub_dot = '...';
    $sub_none = '';
    $postData['subject'] = str_replace($sub_dot, $sub_none, $postData['subject']);
    if ($_FF_CONF['allow_smilies']) {
        $peTemplate->set_var('smiley_enabled', true);
    }
    if ($_FF_CONF['allow_img_bbcode']) {
        $peTemplate->set_var('allow_img_bbcode', true);
    }
    // if this is the first time showing the new submission form - then check if notify option should be on
    if (!$viewMode) {
        if (isset($postData['editpid']) && $postData['editpid'] > 0) {
            $notifyTopicid = $postData['editpid'];
        } else {
            $notifyTopicid = $postData['id'];
        }
        if (!isset($postData['forum'])) {
            $postData['forum'] = '';
        }
        if (DB_getItem($_TABLES['ff_userprefs'], 'alwaysnotify', "uid=" . (int) $uid) == 1 or FF_isSubscribed($postData['forum'], $notifyTopicid, $uid)) {
            $postData['notify'] = 'on';
            // check and see if user has un-subscribed to this topic
            $nid = -$notifyTopicid;
            if ($notifyTopicid > 0 and DB_getItem($_TABLES['subscriptions'], 'id', "type='forum' AND category=" . (int) $postData['forum'] . " AND id={$nid} AND uid={$uid}") > 1) {
                $postData['notify'] = '';
            }
        } else {
            $postData['notify'] = '';
        }
    }
    if ($editmoderator) {
        if (isset($postData['notify']) && $postData['notify'] == 'on' or isset($postData['notify']) && $postData['notify'] == 'on') {
            $notify_val = 'checked="checked"';
        } else {
            $notify_val = '';
        }
        $notify_prompt = $LANG_GF02['msg38'] . '<br/><input type="checkbox" name="notify" value="on" ' . $notify_val . '/>';
        // check that this is the parent topic - only able to make it skicky or locked
        if (!isset($postData['pid']) || $postData['pid'] == 0) {
            if (!isset($locked_val) and !isset($sticky_val) and $action == 'edittopic') {
                if (!isset($postData['locked_switch']) and isset($postData['locked']) && $postData['locked'] == 1 or isset($postData['locked_switch']) && $postData['locked_switch'] == 1) {
                    $locked_val = 'checked="checked"';
                } else {
                    $locked_val = '';
                }
                if (!isset($postData['sticky_switch']) and isset($postData['sticky']) && $postData['sticky'] == 1 or isset($postData['sticky_switch']) && $postData['sticky_switch'] == 1) {
                    $sticky_val = 'checked="checked"';
                } else {
                    $sticky_val = '';
                }
            }
            $locked_prompt = $LANG_GF02['msg109'] . '<br/><input type="checkbox" name="locked_switch" ' . $locked_val . ' value="1"/>';
            $sticky_prompt = $LANG_GF02['msg61'] . '<br/><input type="checkbox" name="sticky_switch" ' . $sticky_val . ' value="1"/>';
        } else {
            $locked_prompt = '';
            $sticky_prompt = '';
        }
    } else {
        if ($uid > 1) {
            if (isset($postData['notify']) && $postData['notify'] == 'on') {
                $notify_val = 'checked="checked"';
            } else {
                $notify_val = '';
            }
            $notify_prompt = $LANG_GF02['msg38'] . '<br/><input type="checkbox" name="notify" ' . $notify_val . '/>';
            $locked_prompt = '';
        } else {
            $notify_prompt = '';
            $locked_prompt = '';
        }
    }
    if ($postData['postmode'] == 'html' || $postData['postmode'] == 'HTML') {
        $postmode_msg = $LANG_GF01['TEXTMODE'];
        $postData['postmode'] = 'html';
    } else {
        $peTemplate->unset_var('show_htmleditor');
        $postmode_msg = $LANG_GF01['HTMLMODE'];
    }
    if ($_FF_CONF['allow_html'] || SEC_inGroup('Root') || SEC_hasRights('forum.html')) {
        if ($action == 'edittopic') {
            $mode_prompt = $postmode_msg . '<br/><input type="checkbox" name="postmode_switch" value="1"/><input type="hidden" name="postmode" value="' . $postData['postmode'] . '"/>';
        }
    }
    if ($action == 'edittopic') {
        $peTemplate->set_var('bbcodeeditor', true);
    }
    $postData['subject'] = str_replace('"', '&quot;', $postData['subject']);
    if (!$_FF_CONF['allow_smilies']) {
        $smilies = '';
    } else {
        $smilies = forumPLG_showsmilies(0);
    }
    $disable_bbcode_prompt = $LANG_GF01['disable_bbcode'] . '&nbsp;<input type="checkbox" name="disable_bbcode" value="1" ' . $disable_bbcode_val . '/>';
    if ($_FF_CONF['allow_smilies']) {
        $disable_smilies_prompt = $LANG_GF01['disable_smilies'] . '&nbsp;<input type="checkbox" name="disable_smilies" value="1"' . $disable_smilies_val . ' />';
    } else {
        $disable_smilies_prompt = '';
    }
    $disable_urlparse_prompt = $LANG_GF01['disable_urlparse'] . '&nbsp;<input type="checkbox" name="disable_urlparse" value="1"' . $disable_urlparse_val . ' />';
    $peTemplate->set_var('comment', @htmlspecialchars($postData['comment'], ENT_QUOTES, COM_getEncodingt()));
    $peTemplate->set_var(array('edit_val' => $edit_val, 'sticky_val' => $sticky_val, 'postmode_msg' => $postmode_msg, 'notify_val' => $notify_val, 'disable_bbcode_val' => $disable_bbcode_val, 'disable_smilies_val' => $disable_smilies_val, 'disable_urlparse_val' => $disable_urlparse_val, 'bbcode_prompt' => $disable_bbcode_prompt, 'smilies_prompt' => $disable_smilies_prompt, 'urlparse_prompt' => $disable_urlparse_prompt, 'LANG_SUBJECT' => $LANG_GF01['SUBJECT'], 'LANG_OPTIONS' => $LANG_GF01['OPTIONS'], 'mode_prompt' => isset($mode_prompt) ? $mode_prompt : '', 'notify_prompt' => $notify_prompt, 'locked_prompt' => $locked_prompt, 'sticky_prompt' => isset($sticky_prompt) ? $sticky_prompt : '', 'edit_prompt' => $edit_prompt, 'LANG_SUBMIT' => $LANG_GF01['SUBMIT'], 'LANG_PREVIEW' => $LANG_GF01['PREVIEW'], 'subject' => $postData['subject'], 'smilies' => $smilies, 'LANG_attachments' => $LANG_GF10['attachments'], 'LANG_maxattachments' => sprintf($LANG_GF10['maxattachments'], $_FF_CONF['maxattachments']), 'postmode' => $postData['postmode']));
    // Check and see if the filemgmt plugin is installed and enabled
    if (function_exists('filemgmt_buildAccessSql') && $_FF_CONF['enable_fm_integration'] == 1) {
        $peTemplate->set_var('filemgmt_category_options', gf_makeFilemgmtCatSelect($uid));
        $peTemplate->set_var('LANG_usefilemgmt', $LANG_GF10['usefilemgmt']);
        $peTemplate->set_var('LANG_description', $LANG_GF10['description']);
        $peTemplate->set_var('LANG_category', $LANG_GF10['category']);
    } else {
        $peTemplate->set_var('show_filemgmt_option', 'none');
    }
    if (COM_isAnonUser()) {
        $peTemplate->set_var('hide_notify', 'none');
    }
    if (function_exists('plugin_templatesetvars_captcha')) {
        plugin_templatesetvars_captcha('forum', $peTemplate);
    } else {
        $peTemplate->set_var('captcha', '');
    }
    if ($postData['id'] > 0) {
        $peTemplate->set_var('topic_id', $postData['id']);
    }
    $peTemplate->set_var(array('navbreadcrumbsimg' => _ff_getImage('nav_breadcrumbs'), 'navtopicimg' => _ff_getImage('nav_topic'), 'form_action' => $_CONF['site_url'] . '/forum/createtopic.php', 'referer' => $forumData['referer'], 'forum_id' => $forumData['forum'], 'cat_name' => $postData['cat_name'], 'cat_id' => $forumData['forum_cat'], 'forum_name' => $postData['forum_name'], 'subject' => @htmlspecialchars($postData['subject'], ENT_QUOTES, COM_getEncodingt()), 'LANG_HOME' => $LANG_GF01['HOMEPAGE'], 'forum_home' => $LANG_GF01['INDEXPAGE'], 'hidden_id' => $postData['id'], 'page' => $forumData['page'], 'LANG_bhelp' => $LANG_GF01['b_help'], 'LANG_ihelp' => $LANG_GF01['i_help'], 'LANG_uhelp' => $LANG_GF01['u_help'], 'LANG_qhelp' => $LANG_GF01['q_help'], 'LANG_chelp' => $LANG_GF01['c_help'], 'LANG_lhelp' => $LANG_GF01['l_help'], 'LANG_ohelp' => $LANG_GF01['o_help'], 'LANG_phelp' => $LANG_GF01['p_help'], 'LANG_whelp' => $LANG_GF01['w_help'], 'LANG_ahelp' => $LANG_GF01['a_help'], 'LANG_shelp' => $LANG_GF01['s_help'], 'LANG_fhelp' => $LANG_GF01['f_help'], 'LANG_hhelp' => $LANG_GF01['h_help'], 'LANG_thelp' => $LANG_GF01['t_help'], 'LANG_ehelp' => $LANG_GF01['e_help'], 'LANG_code' => $LANG_GF01['CODE'], 'LANG_fontcolor' => $LANG_GF01['FONTCOLOR'], 'LANG_fontsize' => $LANG_GF01['FONTSIZE'], 'LANG_closetags' => $LANG_GF01['CLOSETAGS'], 'LANG_codetip' => $LANG_GF01['CODETIP'], 'LANG_tiny' => $LANG_GF01['TINY'], 'LANG_small' => $LANG_GF01['SMALL'], 'LANG_normal' => $LANG_GF01['NORMAL'], 'LANG_large' => $LANG_GF01['LARGE'], 'LANG_huge' => $LANG_GF01['HUGE'], 'LANG_default' => $LANG_GF01['DEFAULT'], 'LANG_dkred' => $LANG_GF01['DKRED'], 'LANG_red' => $LANG_GF01['RED'], 'LANG_orange' => $LANG_GF01['ORANGE'], 'LANG_brown' => $LANG_GF01['BROWN'], 'LANG_yellow' => $LANG_GF01['YELLOW'], 'LANG_green' => $LANG_GF01['GREEN'], 'LANG_olive' => $LANG_GF01['OLIVE'], 'LANG_cyan' => $LANG_GF01['CYAN'], 'LANG_blue' => $LANG_GF01['BLUE'], 'LANG_dkblue' => $LANG_GF01['DKBLUE'], 'LANG_indigo' => $LANG_GF01['INDIGO'], 'LANG_violet' => $LANG_GF01['VIOLET'], 'LANG_white' => $LANG_GF01['WHITE'], 'LANG_black' => $LANG_GF01['BLACK']));
    $peTemplate->set_var('token_name', CSRF_TOKEN);
    $peTemplate->set_var('token', SEC_createToken());
    $peTemplate->set_var('postmode', $postData['postmode']);
    $peTemplate->unset_var('show_htmleditor');
    if ($_FF_CONF['use_wysiwyg_editor'] && $postData['postmode'] == 'html') {
        // hook into wysiwyg here
        switch (PLG_getEditorType()) {
            case 'ckeditor':
                $peTemplate->set_var('show_htmleditor', true);
                PLG_requestEditor('forum', 'forum_entry', 'ckeditor_forum.thtml');
                PLG_templateSetVars('forum_entry', $peTemplate);
                break;
            case 'tinymce':
                $peTemplate->set_var('show_htmleditor', true);
                PLG_requestEditor('forum', 'forum_entry', 'tinymce_forum.thtml');
                PLG_templateSetVars('forum_entry', $peTemplate);
                break;
            default:
                // don't support others right now
                break;
        }
    }
    $peTemplate->parse('output', 'posteditor');
    $retval .= $peTemplate->finish($peTemplate->get_var('output'));
    $urlfor = 'advancededitor';
    if ($uid == 1) {
        $urlfor = 'advancededitor' . md5($REMOTE_ADDR);
    }
    SEC_setCookie($_CONF['cookie_name'] . 'adveditor', SEC_createTokenGeneral($urlfor), time() + 1200, $_CONF['cookie_path'], $_CONF['cookiedomain'], $_CONF['cookiesecure'], false);
    if (!isset($_POST['editpost'])) {
        $_POST['editpost'] = '';
    }
    if ($action != 'newtopic' && $_POST['editpost'] != 'yes' && ($action == 'newreply' || $viewMode)) {
        if ($FF_userprefs['showiframe']) {
            $retval .= "<iframe src=\"{$_CONF['site_url']}/forum/viewtopic.php?mode=preview&amp;showtopic=" . $postData['id'] . "&amp;onlytopic=1&amp;lastpost=true\" height=\"300\" width=\"100%\"></iframe>";
        }
    }
    return $retval;
}
Ejemplo n.º 9
0
/**
* Shows story editor
*
* Displays the story entry form
*
* @param    string      $sid            ID of story to edit
* @param    string      $action         'preview', 'edit', 'moderate', 'draft'
* @param    string      $errormsg       a message to display on top of the page
* @param    string      $currenttopic   topic selection for drop-down menu
* @return   string      HTML for story editor
*
*/
function STORY_edit($sid = '', $action = '', $errormsg = '', $currenttopic = '')
{
    global $_CONF, $_GROUPS, $_TABLES, $_USER, $LANG24, $LANG33, $LANG_ACCESS, $LANG_ADMIN, $MESSAGE, $_IMAGE_TYPE;
    USES_lib_admin();
    $display = '';
    switch ($action) {
        case 'clone':
        case 'edit':
        case 'preview':
        case 'error':
            $title = $LANG24[5];
            $saveoption = $LANG_ADMIN['save'];
            $submission = false;
            break;
        case 'moderate':
            $title = $LANG24[90];
            $saveoption = $LANG_ADMIN['moderate'];
            $submission = true;
            break;
        case 'draft':
            $title = $LANG24[91];
            $saveoption = $LANG_ADMIN['save'];
            $submission = true;
            $action = 'edit';
            break;
        default:
            $title = $LANG24[5];
            $saveoption = $LANG_ADMIN['save'];
            $submission = false;
            $action = 'edit';
            break;
    }
    // Load HTML templates
    $story_templates = new Template($_CONF['path_layout'] . 'admin/story');
    $story_templates->set_file(array('editor' => 'storyeditor.thtml'));
    if (!isset($_CONF['hour_mode'])) {
        $_CONF['hour_mode'] = 12;
    }
    if (!empty($errormsg)) {
        $display .= COM_showMessageText($errormsg, $LANG24[25], true);
    }
    if (!empty($currenttopic)) {
        $allowed = DB_getItem($_TABLES['topics'], 'tid', "tid = '" . DB_escapeString($currenttopic) . "'" . COM_getTopicSql('AND'));
        if ($allowed != $currenttopic) {
            $currenttopic = '';
        }
    }
    $story = new Story();
    if ($action == 'preview' || $action == 'error') {
        while (list($key, $value) = each($_POST)) {
            if (!is_array($value)) {
                $_POST[$key] = $value;
            } else {
                while (list($subkey, $subvalue) = each($value)) {
                    $value[$subkey] = $subvalue;
                }
            }
        }
        $result = $story->loadFromArgsArray($_POST);
    } else {
        $result = $story->loadFromDatabase($sid, $action);
    }
    if ($result == STORY_PERMISSION_DENIED || $result == STORY_NO_ACCESS_PARAMS) {
        $display .= COM_showMessageText($LANG24[42], $LANG_ACCESS['accessdenied'], true);
        COM_accessLog("User {$_USER['username']} tried to access story {$sid}. - STORY_PERMISSION_DENIED or STORY_NO_ACCESS_PARAMS - " . $result);
        return $display;
    } elseif ($result == STORY_EDIT_DENIED || $result == STORY_EXISTING_NO_EDIT_PERMISSION) {
        $display .= COM_showMessageText($LANG24[41], $LANG_ACCESS['accessdenied'], true);
        $display .= STORY_renderArticle($story, 'p');
        COM_accessLog("User {$_USER['username']} tried to illegally edit story {$sid}. - STORY_EDIT_DENIED or STORY_EXISTING_NO_EDIT_PERMISSION");
        return $display;
    } elseif ($result == STORY_INVALID_SID) {
        if ($action == 'moderate') {
            // that submission doesn't seem to be there any more (may have been
            // handled by another Admin) - take us back to the moderation page
            echo COM_refresh($_CONF['site_admin_url'] . '/moderation.php');
        } else {
            echo COM_refresh($_CONF['site_admin_url'] . '/story.php');
        }
    } elseif ($result == STORY_DUPLICATE_SID) {
        $story_templates->set_var('error_message', $LANG24[24]);
    } elseif ($result == STORY_EMPTY_REQUIRED_FIELDS) {
        $story_templates->set_var('error_message', $LANG24[31]);
    }
    if (empty($currenttopic) && $story->EditElements('tid') == '') {
        $story->setTid(DB_getItem($_TABLES['topics'], 'tid', 'is_default = 1' . COM_getPermSQL('AND')));
    } else {
        if ($story->EditElements('tid') == '') {
            $story->setTid($currenttopic);
        }
    }
    if (SEC_hasRights('story.edit')) {
        $allowedTopicList = COM_topicList('tid,topic', $story->EditElements('tid'), 1, true, 0);
        $allowedAltTopicList = '<option value="">' . $LANG33[44] . '</option>' . COM_topicList('tid,topic', $story->EditElements('alternate_tid'), 1, true, 0);
    } else {
        $allowedTopicList = COM_topicList('tid,topic', $story->EditElements('tid'), 1, true, 3);
        $allowedAltTopicList = '<option value="">' . $LANG33[44] . '</option>' . COM_topicList('tid,topic', $story->EditElements('alternate_tid'), 1, true, 3);
    }
    if ($allowedTopicList == '') {
        $display .= COM_showMessageText($LANG24[42], $LANG_ACCESS['accessdenied'], true);
        COM_accessLog("User {$_USER['username']} tried to illegally access story {$sid}. No allowed topics.");
        return $display;
    }
    $menu_arr = array(array('url' => $_CONF['site_admin_url'] . '/story.php', 'text' => $LANG_ADMIN['story_list']), array('url' => $_CONF['site_admin_url'] . '/moderation.php', 'text' => $LANG_ADMIN['submissions']));
    if (SEC_inGroup('Root')) {
        $menu_arr[] = array('url' => $_CONF['site_admin_url'] . '/story.php?global=x', 'text' => 'Global Settings');
    }
    $menu_arr[] = array('url' => $_CONF['site_admin_url'], 'text' => $LANG_ADMIN['admin_home']);
    require_once $_CONF['path_system'] . 'classes/navbar.class.php';
    $story_templates->set_var('hour_mode', $_CONF['hour_mode']);
    if ($story->hasContent()) {
        $previewContent = STORY_renderArticle($story, 'p');
        if ($previewContent != '') {
            $story_templates->set_var('preview_content', $previewContent);
        }
    }
    $navbar = new navbar();
    if (!empty($previewContent)) {
        $navbar->add_menuitem($LANG24[79], 'showhideEditorDiv("preview",0);return false;', true);
        $navbar->add_menuitem($LANG24[80], 'showhideEditorDiv("editor",1);return false;', true);
        $navbar->add_menuitem($LANG24[81], 'showhideEditorDiv("publish",2);return false;', true);
        $navbar->add_menuitem($LANG24[82], 'showhideEditorDiv("images",3);return false;', true);
        $navbar->add_menuitem($LANG24[83], 'showhideEditorDiv("archive",4);return false;', true);
        $navbar->add_menuitem($LANG24[84], 'showhideEditorDiv("perms",5);return false;', true);
        $navbar->add_menuitem($LANG24[85], 'showhideEditorDiv("all",6);return false;', true);
    } else {
        $navbar->add_menuitem($LANG24[80], 'showhideEditorDiv("editor",0);return false;', true);
        $navbar->add_menuitem($LANG24[81], 'showhideEditorDiv("publish",1);return false;', true);
        $navbar->add_menuitem($LANG24[82], 'showhideEditorDiv("images",2);return false;', true);
        $navbar->add_menuitem($LANG24[83], 'showhideEditorDiv("archive",3);return false;', true);
        $navbar->add_menuitem($LANG24[84], 'showhideEditorDiv("perms",4);return false;', true);
        $navbar->add_menuitem($LANG24[85], 'showhideEditorDiv("all",5);return false;', true);
    }
    if ($action == 'preview') {
        $story_templates->set_var('show_preview', '');
        $story_templates->set_var('show_htmleditor', 'none');
        $story_templates->set_var('show_texteditor', 'none');
        $story_templates->set_var('show_submitoptions', 'none');
        $navbar->set_selected($LANG24[79]);
    } else {
        $navbar->set_selected($LANG24[80]);
        $story_templates->set_var('show_preview', 'none');
    }
    $story_templates->set_var('navbar', $navbar->generate());
    $story_templates->set_var('start_block', COM_startBlock($title, '', COM_getBlockTemplate('_admin_block', 'header')));
    // start generating the story editor block
    $story_templates->set_var('block_start', COM_startBlock($title, '', COM_getBlockTemplate('_admin_block', 'header')));
    $oldsid = $story->EditElements('originalSid');
    if (!empty($oldsid)) {
        $delbutton = '<input type="submit" value="' . $LANG_ADMIN['delete'] . '" name="deletestory"%s/>';
        $jsconfirm = ' onclick="return confirm(\'' . $MESSAGE[76] . '\');"';
        $story_templates->set_var('delete_option', sprintf($delbutton, $jsconfirm));
        $story_templates->set_var('delete_option_no_confirmation', sprintf($delbutton, ''));
        $story_templates->set_var('lang_delete_confirm', $MESSAGE[76]);
    }
    if ($submission || $story->type == 'submission') {
        $story_templates->set_var('submission_option', '<input type="hidden" name="type" value="submission"/>');
    }
    $story_templates->set_var('admin_menu', ADMIN_createMenu($menu_arr, $LANG24[92], $_CONF['layout_url'] . '/images/icons/story.' . $_IMAGE_TYPE));
    $story_templates->set_var('lang_author', $LANG24[7]);
    $storyauthor = COM_getDisplayName($story->EditElements('uid'));
    $storyauthor_select = COM_optionList($_TABLES['users'], 'uid,username', $story->EditElements('uid'));
    $story_templates->set_var('story_author', $storyauthor);
    $story_templates->set_var('story_author_select', $storyauthor_select);
    $story_templates->set_var('author', $storyauthor);
    $story_templates->set_var('story_uid', $story->EditElements('uid'));
    // user access info
    $story_templates->set_var('lang_accessrights', $LANG_ACCESS['accessrights']);
    $story_templates->set_var('lang_owner', $LANG_ACCESS['owner']);
    $ownername = COM_getDisplayName($story->EditElements('owner_id'));
    $story_templates->set_var('owner_username', DB_getItem($_TABLES['users'], 'username', 'uid = ' . (int) $story->EditElements('owner_id')));
    $story_templates->set_var('owner_name', $ownername);
    $story_templates->set_var('owner', $ownername);
    $story_templates->set_var('owner_id', $story->EditElements('owner_id'));
    if (SEC_hasRights('story.edit')) {
        $story_templates->set_var('owner_dropdown', COM_buildOwnerList('owner_id', $story->EditElements('owner_id')));
    } else {
        $ownerInfo = '<input type="hidden" name="owner_id" value="' . $story->editElements('owner_id') . '" />' . $ownername;
        $story_templates->set_var('owner_dropdown', $ownerInfo);
    }
    $story_templates->set_var('lang_group', $LANG_ACCESS['group']);
    if (SEC_inGroup($story->EditElements('group_id'))) {
        $story_templates->set_var('group_dropdown', SEC_getGroupDropdown($story->EditElements('group_id'), 3));
    } else {
        $gdrpdown = '<input type="hidden" name="group_id" value="' . $story->EditElements('group_id') . '"/>';
        $grpddown .= DB_getItem($_TABLES['groups'], 'grp_name', 'grp_id=' . (int) $story->EditElements('group_id'));
        $story_templates->set_var('group_dropdown', $grpddown);
    }
    $story_templates->set_var('lang_permissions', $LANG_ACCESS['permissions']);
    $story_templates->set_var('lang_perm_key', $LANG_ACCESS['permissionskey']);
    $story_templates->set_var('permissions_editor', SEC_getPermissionsHTML($story->EditElements('perm_owner'), $story->EditElements('perm_group'), $story->EditElements('perm_members'), $story->EditElements('perm_anon')));
    $story_templates->set_var('permissions_msg', $LANG_ACCESS['permmsg']);
    $curtime = COM_getUserDateTimeFormat($story->EditElements('date'));
    $story_templates->set_var('lang_date', $LANG24[15]);
    $story_templates->set_var('publish_second', $story->EditElements('publish_second'));
    $publish_ampm = '';
    $publish_hour = $story->EditElements('publish_hour');
    if ($publish_hour >= 12) {
        if ($publish_hour > 12) {
            $publish_hour = $publish_hour - 12;
        }
        $ampm = 'pm';
    } else {
        $ampm = 'am';
    }
    $ampm_select = COM_getAmPmFormSelection('publish_ampm', $ampm);
    $story_templates->set_var('publishampm_selection', $ampm_select);
    $month_options = COM_getMonthFormOptions($story->EditElements('publish_month'));
    $story_templates->set_var('publish_month_options', $month_options);
    $day_options = COM_getDayFormOptions($story->EditElements('publish_day'));
    $story_templates->set_var('publish_day_options', $day_options);
    $year_options = COM_getYearFormOptions($story->EditElements('publish_year'));
    $story_templates->set_var('publish_year_options', $year_options);
    if ($_CONF['hour_mode'] == 24) {
        $hour_options = COM_getHourFormOptions($story->EditElements('publish_hour'), 24);
    } else {
        $hour_options = COM_getHourFormOptions($publish_hour);
    }
    $story_templates->set_var('publish_hour_options', $hour_options);
    $minute_options = COM_getMinuteFormOptions($story->EditElements('publish_minute'));
    $story_templates->set_var('publish_minute_options', $minute_options);
    $story_templates->set_var('publish_date_explanation', $LANG24[46]);
    $story_templates->set_var('story_unixstamp', $story->EditElements('unixdate'));
    $story_templates->set_var('expire_second', $story->EditElements('expire_second'));
    $expire_ampm = '';
    $expire_hour = $story->EditElements('expire_hour');
    if ($expire_hour >= 12) {
        if ($expire_hour > 12) {
            $expire_hour = $expire_hour - 12;
        }
        $ampm = 'pm';
    } else {
        $ampm = 'am';
    }
    $ampm_select = COM_getAmPmFormSelection('expire_ampm', $ampm);
    if (empty($ampm_select)) {
        // have a hidden field to 24 hour mode to prevent JavaScript errors
        $ampm_select = '<input type="hidden" name="expire_ampm" value=""/>';
    }
    $story_templates->set_var('expireampm_selection', $ampm_select);
    $month_options = COM_getMonthFormOptions($story->EditElements('expire_month'));
    $story_templates->set_var('expire_month_options', $month_options);
    $day_options = COM_getDayFormOptions($story->EditElements('expire_day'));
    $story_templates->set_var('expire_day_options', $day_options);
    $year_options = COM_getYearFormOptions($story->EditElements('expire_year'));
    $story_templates->set_var('expire_year_options', $year_options);
    if ($_CONF['hour_mode'] == 24) {
        $hour_options = COM_getHourFormOptions($story->EditElements('expire_hour'), 24);
    } else {
        $hour_options = COM_getHourFormOptions($expire_hour);
    }
    $story_templates->set_var('expire_hour_options', $hour_options);
    $minute_options = COM_getMinuteFormOptions($story->EditElements('expire_minute'));
    $story_templates->set_var('expire_minute_options', $minute_options);
    $story_templates->set_var('expire_date_explanation', $LANG24[46]);
    $story_templates->set_var('story_unixstamp', $story->EditElements('expirestamp'));
    if ($story->EditElements('statuscode') == STORY_ARCHIVE_ON_EXPIRE) {
        $story_templates->set_var('is_checked2', 'checked="checked"');
        $story_templates->set_var('is_checked3', 'checked="checked"');
        $story_templates->set_var('showarchivedisabled', 'false');
    } elseif ($story->EditElements('statuscode') == STORY_DELETE_ON_EXPIRE) {
        $story_templates->set_var('is_checked2', 'checked="checked"');
        $story_templates->set_var('is_checked4', 'checked="checked"');
        $story_templates->set_var('showarchivedisabled', 'false');
    } else {
        $story_templates->set_var('showarchivedisabled', 'true');
    }
    $story_templates->set_var('lang_archivetitle', $LANG24[58]);
    $story_templates->set_var('lang_option', $LANG24[59]);
    $story_templates->set_var('lang_enabled', $LANG_ADMIN['enabled']);
    $story_templates->set_var('lang_story_stats', $LANG24[87]);
    $story_templates->set_var('lang_optionarchive', $LANG24[61]);
    $story_templates->set_var('lang_optiondelete', $LANG24[62]);
    $story_templates->set_var('lang_title', $LANG_ADMIN['title']);
    $story_templates->set_var('story_title', $story->EditElements('title'));
    $story_templates->set_var('story_subtitle', $story->EditElements('subtitle'));
    $story_templates->set_var('lang_topic', $LANG_ADMIN['topic']);
    $story_templates->set_var('lang_alt_topic', $LANG_ADMIN['alt_topic']);
    $story_templates->set_var('topic_options', $allowedTopicList);
    $story_templates->set_var('alt_topic_options', $allowedAltTopicList);
    $story_templates->set_var('lang_show_topic_icon', $LANG24[56]);
    if ($story->EditElements('show_topic_icon') == 1) {
        $story_templates->set_var('show_topic_icon_checked', 'checked="checked"');
    } else {
        $story_templates->set_var('show_topic_icon_checked', '');
    }
    $story_templates->set_var('story_image_url', $story->EditElements('story_image'));
    $story_templates->set_var('lang_draft', $LANG24[34]);
    if ($story->EditElements('draft_flag')) {
        $story_templates->set_var('is_checked', 'checked="checked"');
        $story_templates->set_var('unpublished_selected', 'selected="selected"');
    } else {
        $story_templates->set_var('published_selected', 'selected="selected"');
    }
    $story_templates->set_var('lang_mode', $LANG24[3]);
    $story_templates->set_var('status_options', COM_optionList($_TABLES['statuscodes'], 'code,name', $story->EditElements('statuscode')));
    $story_templates->set_var('comment_options', COM_optionList($_TABLES['commentcodes'], 'code,name', $story->EditElements('commentcode')));
    $story_templates->set_var('trackback_options', COM_optionList($_TABLES['trackbackcodes'], 'code,name', $story->EditElements('trackbackcode')));
    // comment expire
    $story_templates->set_var('lang_cmt_disable', $LANG24[63]);
    if ($story->EditElements('cmt_close')) {
        $story_templates->set_var('is_checked5', 'checked="checked"');
        //check box if enabled
        $story_templates->set_var('showcmtclosedisabled', 'false');
    } else {
        $story_templates->set_var('showcmtclosedisabled', 'true');
    }
    $month_options = COM_getMonthFormOptions($story->EditElements('cmt_close_month'));
    $story_templates->set_var('cmt_close_month_options', $month_options);
    $day_options = COM_getDayFormOptions($story->EditElements('cmt_close_day'));
    $story_templates->set_var('cmt_close_day_options', $day_options);
    $year_options = COM_getYearFormOptions($story->EditElements('cmt_close_year'));
    $story_templates->set_var('cmt_close_year_options', $year_options);
    $cmt_close_ampm = '';
    $cmt_close_hour = $story->EditElements('cmt_close_hour');
    //correct hour
    if ($cmt_close_hour >= 12) {
        if ($cmt_close_hour > 12) {
            $cmt_close_hour = $cmt_close_hour - 12;
        }
        $ampm = 'pm';
    } else {
        $ampm = 'am';
    }
    $ampm_select = COM_getAmPmFormSelection('cmt_close_ampm', $ampm);
    if (empty($ampm_select)) {
        // have a hidden field to 24 hour mode to prevent JavaScript errors
        $ampm_select = '<input type="hidden" name="cmt_close_ampm" value="" />';
    }
    $story_templates->set_var('cmt_close_ampm_selection', $ampm_select);
    if ($_CONF['hour_mode'] == 24) {
        $hour_options = COM_getHourFormOptions($story->EditElements('cmt_close_hour'), 24);
    } else {
        $hour_options = COM_getHourFormOptions($cmt_close_hour);
    }
    $story_templates->set_var('cmt_close_hour_options', $hour_options);
    $minute_options = COM_getMinuteFormOptions($story->EditElements('cmt_close_minute'));
    $story_templates->set_var('cmt_close_minute_options', $minute_options);
    $story_templates->set_var('cmt_close_second', $story->EditElements('cmt_close_second'));
    if ($_CONF['onlyrootfeatures'] == 1 && SEC_inGroup('Root') or $_CONF['onlyrootfeatures'] !== 1) {
        $featured_options = "<select name=\"featured\">" . LB . COM_optionList($_TABLES['featurecodes'], 'code,name', $story->EditElements('featured')) . "</select>" . LB;
        $featured_options_data = COM_optionList($_TABLES['featurecodes'], 'code,name', $story->EditElements('featured'));
        $story_templates->set_var('featured_options_data', $featured_options_data);
    } else {
        $featured_options = "<input type=\"hidden\" name=\"featured\" value=\"0\"/>";
        $story_templates->unset_var('featured_options_data');
    }
    $story_templates->set_var('featured_options', $featured_options);
    $story_templates->set_var('frontpage_options', COM_optionList($_TABLES['frontpagecodes'], 'code,name', $story->EditElements('frontpage')));
    $story_templates->set_var('story_introtext', $story->EditElements('introtext'));
    $story_templates->set_var('story_bodytext', $story->EditElements('bodytext'));
    $story_templates->set_var('lang_introtext', $LANG24[16]);
    $story_templates->set_var('lang_bodytext', $LANG24[17]);
    $story_templates->set_var('lang_postmode', $LANG24[4]);
    $story_templates->set_var('lang_publishoptions', $LANG24[76]);
    $story_templates->set_var('lang_publishdate', $LANG24[69]);
    $story_templates->set_var('lang_nojavascript', $LANG24[77]);
    $story_templates->set_var('postmode', $story->EditElements('postmode'));
    if ($story->EditElements('postmode') == 'plaintext' || $story->EditElements('postmode') == 'text') {
        $allowedHTML = '';
    } else {
        $allowedHTML = COM_allowedHTML(SEC_getUserPermissions(), false, 'glfusion', 'story') . '<br/>';
    }
    $allowedHTML .= COM_allowedAutotags(SEC_getUserPermissions(), false, 'glfusion', 'story');
    $story_templates->set_var('lang_allowed_html', $allowedHTML);
    $fileinputs = '';
    $saved_images = '';
    if ($_CONF['maximagesperarticle'] > 0) {
        $story_templates->set_var('lang_images', $LANG24[47]);
        $icount = DB_count($_TABLES['article_images'], 'ai_sid', DB_escapeString($story->getSid()));
        if ($icount > 0) {
            $result_articles = DB_query("SELECT * FROM {$_TABLES['article_images']} WHERE ai_sid = '" . DB_escapeString($story->getSid()) . "'");
            for ($z = 1; $z <= $icount; $z++) {
                $I = DB_fetchArray($result_articles);
                $saved_images .= $z . ') ' . COM_createLink($I['ai_filename'], $_CONF['site_url'] . '/images/articles/' . $I['ai_filename']) . '&nbsp;&nbsp;&nbsp;' . $LANG_ADMIN['delete'] . ': <input type="checkbox" name="delete[' . $I['ai_img_num'] . ']" /><br />';
            }
        }
        $newallowed = $_CONF['maximagesperarticle'] - $icount;
        for ($z = $icount + 1; $z <= $_CONF['maximagesperarticle']; $z++) {
            $fileinputs .= $z . ') <input type="file" dir="ltr" name="file[]' . '" />';
            if ($z < $_CONF['maximagesperarticle']) {
                $fileinputs .= '<br />';
            }
        }
        $fileinputs .= '<br />' . $LANG24[51];
        if ($_CONF['allow_user_scaling'] == 1) {
            $fileinputs .= $LANG24[27];
        }
        $fileinputs .= $LANG24[28] . '<br />';
    }
    $story_templates->set_var('saved_images', $saved_images);
    $story_templates->set_var('image_form_elements', $fileinputs);
    $story_templates->set_var('lang_hits', $LANG24[18]);
    $story_templates->set_var('story_hits', $story->EditElements('hits'));
    $story_templates->set_var('lang_comments', $LANG24[19]);
    $story_templates->set_var('story_comments', $story->EditElements('comments'));
    $story_templates->set_var('lang_trackbacks', $LANG24[29]);
    $story_templates->set_var('story_trackbacks', $story->EditElements('trackbacks'));
    $story_templates->set_var('lang_emails', $LANG24[39]);
    $story_templates->set_var('story_emails', $story->EditElements('numemails'));
    if ($_CONF['rating_enabled']) {
        $rating = @number_format($story->EditElements('rating'), 2);
        $votes = $story->EditElements('votes');
        $story_templates->set_var('rating', $rating);
        $story_templates->set_var('votes', $votes);
    }
    $story_templates->set_var('attribution_url', $story->EditElements('attribution_url'));
    $story_templates->set_var('attribution_name', $story->EditElements('attribution_name'));
    $story_templates->set_var('attribution_author', $story->EditElements('attribution_author'));
    $story_templates->set_var('lang_attribution_url', $LANG24[105]);
    $story_templates->set_var('lang_attribution_name', $LANG24[106]);
    $story_templates->set_var('lang_attribution_author', $LANG24[107]);
    $story_templates->set_var('lang_attribution', $LANG24[108]);
    $sec_token_name = CSRF_TOKEN;
    $sec_token = SEC_createToken();
    $story_templates->set_var('story_id', $story->getSid());
    $story_templates->set_var('old_story_id', $story->EditElements('originalSid'));
    $story_templates->set_var('lang_sid', $LANG24[12]);
    $story_templates->set_var('lang_save', $saveoption);
    $story_templates->set_var('lang_preview', $LANG_ADMIN['preview']);
    $story_templates->set_var('lang_cancel', $LANG_ADMIN['cancel']);
    $story_templates->set_var('lang_delete', $LANG_ADMIN['delete']);
    $story_templates->set_var('lang_timeout', $LANG_ADMIN['timeout_msg']);
    $story_templates->set_var('gltoken_name', CSRF_TOKEN);
    $story_templates->set_var('gltoken', $sec_token);
    $story_templates->set_var('security_token', $sec_token);
    $story_templates->set_var('security_token_name', $sec_token_name);
    $story_templates->set_var('end_block', COM_endBlock(COM_getBlockTemplate('_admin_block', 'footer')));
    PLG_templateSetVars('storyeditor', $story_templates);
    if ($story->EditElements('postmode') != 'html') {
        $story_templates->unset_var('wysiwyg');
    }
    SEC_setCookie($_CONF['cookie_name'] . 'adveditor', SEC_createTokenGeneral('advancededitor'), time() + 1200, $_CONF['cookie_path'], $_CONF['cookiedomain'], $_CONF['cookiesecure'], false);
    $story_templates->parse('output', 'editor');
    $display .= $story_templates->finish($story_templates->get_var('output'));
    return $display;
}
Ejemplo n.º 10
0
/**
* Merge User Accounts
*
* This validates the entered password and then merges a remote
* account with a local account.
*
* @return   string          HTML merge form if error, redirect on success
*
*/
function USER_mergeAccounts()
{
    global $_CONF, $_SYSTEM, $_TABLES, $_USER, $LANG04, $LANG12, $LANG20;
    $retval = '';
    $remoteUID = COM_applyFilter($_POST['remoteuid'], true);
    $localUID = COM_applyFilter($_POST['localuid'], true);
    $localpwd = $_POST['localp'];
    $localResult = DB_query("SELECT * FROM {$_TABLES['users']} WHERE uid=" . (int) $localUID);
    $localRow = DB_fetchArray($localResult);
    if (SEC_check_hash($localpwd, $localRow['passwd'])) {
        // password is valid
        $sql = "SELECT * FROM {$_TABLES['users']} WHERE remoteusername <> '' and email='" . DB_escapeString($localRow['email']) . "'";
        $result = DB_query($sql);
        $numRows = DB_numRows($result);
        if ($numRows == 1) {
            $remoteRow = DB_fetchArray($result);
            if ($remoteUID == $remoteRow['uid']) {
                $remoteUID = (int) $remoteRow['uid'];
                $remoteService = substr($remoteRow['remoteservice'], 6);
            } else {
                echo COM_refresh($_CONF['site_url'] . '/index.php');
            }
        } else {
            echo COM_refresh($_CONF['site_url'] . '/index.php');
        }
        $sql = "UPDATE {$_TABLES['users']} SET remoteusername='******'remoteusername']) . "'," . "remoteservice='" . DB_escapeString($remoteRow['remoteservice']) . "', " . "account_type=3 " . " WHERE uid=" . (int) $localUID;
        DB_query($sql);
        $_USER['uid'] = $localRow['uid'];
        $local_login = true;
        SESS_completeLogin($localUID);
        $_GROUPS = SEC_getUserGroups($_USER['uid']);
        $_RIGHTS = explode(',', SEC_getUserPermissions());
        if ($_SYSTEM['admin_session'] > 0 && $local_login) {
            if (SEC_isModerator() || SEC_hasRights('story.edit,block.edit,topic.edit,user.edit,plugin.edit,user.mail,syndication.edit', 'OR') || count(PLG_getAdminOptions()) > 0) {
                $admin_token = SEC_createTokenGeneral('administration', $_SYSTEM['admin_session']);
                SEC_setCookie('token', $admin_token, 0, $_CONF['cookie_path'], $_CONF['cookiedomain'], $_CONF['cookiesecure'], true);
            }
        }
        COM_resetSpeedlimit('login');
        // log the user out
        SESS_endUserSession($remoteUID);
        // Let plugins know a user is being merged
        PLG_moveUser($remoteUID, $_USER['uid']);
        // Ok, now delete everything related to this user
        // let plugins update their data for this user
        PLG_deleteUser($remoteUID);
        if (function_exists('CUSTOM_userDeleteHook')) {
            CUSTOM_userDeleteHook($remoteUID);
        }
        // Call custom account profile delete function if enabled and exists
        if ($_CONF['custom_registration'] && function_exists('CUSTOM_userDelete')) {
            CUSTOM_userDelete($remoteUID);
        }
        // remove from all security groups
        DB_delete($_TABLES['group_assignments'], 'ug_uid', $remoteUID);
        // remove user information and preferences
        DB_delete($_TABLES['userprefs'], 'uid', $remoteUID);
        DB_delete($_TABLES['userindex'], 'uid', $remoteUID);
        DB_delete($_TABLES['usercomment'], 'uid', $remoteUID);
        DB_delete($_TABLES['userinfo'], 'uid', $remoteUID);
        // delete user photo, if enabled & exists
        if ($_CONF['allow_user_photo'] == 1) {
            $photo = DB_getItem($_TABLES['users'], 'photo', "uid = {$remoteUID}");
            USER_deletePhoto($photo, false);
        }
        // delete subscriptions
        DB_delete($_TABLES['subscriptions'], 'uid', $remoteUID);
        // in case the user owned any objects that require Admin access, assign
        // them to the Root user with the lowest uid
        $rootgroup = DB_getItem($_TABLES['groups'], 'grp_id', "grp_name = 'Root'");
        $result = DB_query("SELECT DISTINCT ug_uid FROM {$_TABLES['group_assignments']} WHERE ug_main_grp_id = '{$rootgroup}' ORDER BY ug_uid LIMIT 1");
        $A = DB_fetchArray($result);
        $rootuser = $A['ug_uid'];
        if ($rootuser == '' || $rootuser < 2) {
            $rootuser = 2;
        }
        DB_query("UPDATE {$_TABLES['blocks']} SET owner_id = {$rootuser} WHERE owner_id = {$remoteUID}");
        DB_query("UPDATE {$_TABLES['topics']} SET owner_id = {$rootuser} WHERE owner_id = {$remoteUID}");
        // now delete the user itself
        DB_delete($_TABLES['users'], 'uid', $remoteUID);
    } else {
        // invalid password - let's try one more time
        // need to set speed limit and give them 3 tries
        COM_clearSpeedlimit($_CONF['login_speedlimit'], 'merge');
        $last = COM_checkSpeedlimit('merge', 4);
        if ($last > 0) {
            COM_setMsg($LANG04[190], 'error');
            echo COM_refresh($_CONF['site_url'] . '/users.php');
        } else {
            COM_updateSpeedlimit('merge');
            USER_mergeAccountScreen($remoteUID, $localUID, $LANG20[3]);
        }
        return $retval;
    }
    // can't use COM_setMsg here since the session is being destroyed.
    echo COM_refresh($_CONF['site_url'] . '/index.php?msg=522');
}
Ejemplo n.º 11
0
 /**
  *  Creates the edit form.
  *
  *  @param  integer $id Optional ID, current record used if zero
  *  @return string      HTML for edit form
  */
 public function showForm()
 {
     global $_TABLES, $_CONF, $_PP_CONF, $LANG_PP;
     $T = new Template(PAYPAL_PI_PATH . '/templates');
     $T->set_file(array('category' => 'category_form.thtml'));
     $id = $this->cat_id;
     // If we have a nonzero category ID, then we edit the existing record.
     // Otherwise, we're creating a new item.  Also set the $not and $items
     // values to be used in the parent category selection accordingly.
     if ($id > 0) {
         //if (!$this->Read($id)) {
         //    return PAYPAL_errorMessage($LANG_PP['invalid_category_id'], 'info');
         //}
         //$id = $this->cat_id;
         $retval = COM_startBlock($LANG_PP['edit'] . ': ' . $this->cat_name);
         $T->set_var('cat_id', $id);
         $not = 'NOT';
         $items = $id;
     } else {
         //$id = $this->cat_id;
         $retval = COM_startBlock($LANG_PP['create_category']);
         $T->set_var('cat_id', '');
         $not = '';
         $items = '';
     }
     $T->set_var(array('site_url' => $_CONF['site_url'], 'action_url' => PAYPAL_ADMIN_URL, 'pi_url' => PAYPAL_URL, 'cat_name' => $this->cat_name, 'description' => $this->description, 'ena_chk' => $this->enabled == 1 ? 'checked="checked"' : '', 'parent_sel' => PAYPAL_recurseCats('PAYPAL_callbackCatOptionList', $this->parent_id, 0, '', $not, $items), 'permissions_editor' => SEC_getPermissionsHTML($this->perm_owner, $this->perm_group, $this->perm_members, $this->perm_anon), 'group_sel' => SEC_getGroupDropdown($this->group_id, 3), 'owner_sel' => COM_optionList($_TABLES['users'], 'uid,username', $this->owner_id, 1)));
     if ($this->image != '') {
         $T->set_var('img_url', PAYPAL_PI_URL . '/images/categories/' . $this->image);
     }
     if (!$this->isUsed()) {
         $T->set_var('can_delete', 'true');
     }
     /*
             // Might want this later to set default buttons per category
             $T->set_block('product', 'BtnRow', 'BRow');
             foreach ($LANG_PP['buttons'] as $key=>$value) {
                 $T->set_var(array(
                     'btn_type'  => $key,
                     'btn_chk'   => isset($this->buttons[$key]) ? 
                                     'checked="checked"' : '',
                     'btn_name'  => $value,
                 ));
                 $T->parse('BRow', 'BtnRow', true);
             }*/
     if ($this->image != '') {
         $T->set_var('img_url', PAYPAL_URL . '/images/categories/' . $this->image);
         $T->set_var('del_img_url', PAYPAL_ADMIN_URL . '/index.php?action=delete_img&amp;img_id=' . $prow['img_id'] . '&amp;id=' . $this->id);
     }
     $retval .= $T->parse('output', 'category');
     @setcookie($_CONF['cookie_name'] . 'fckeditor', SEC_createTokenGeneral('advancededitor'), time() + 1200, $_CONF['cookie_path'], $_CONF['cookiedomain'], $_CONF['cookiesecure']);
     $retval .= COM_endBlock();
     return $retval;
 }
Ejemplo n.º 12
0
/**
* Saves a block
*
* @param    string  $bid            Block ID
* @param    string  $name           Block name
* @param    string  $title          Block title
* @param    string  $type           Type of block
* @param    int     $blockorder     Order block appears relative to the others
* @param    string  $content        Content of block
* @param    string  $tid            Topic block should appear in
* @param    string  $rdfurl         URL to headline feed for portal blocks
* @param    string  $rdfupdated     Date RSS/RDF feed was last updated
* @param    string  $rdflimit       max. number of entries to import from feed
* @param    string  $phpblockfn     Name of php function to call to get content
* @param    int     $onleft         Flag indicates if block shows up on left or right
* @param    int     $owner_id       ID of owner
* @param    int     $group_id       ID of group block belongs to
* @param    array   $perm_owner     Permissions the owner has on the object
* @param    array   $perm_group     Permissions the group has on the object
* @param    array   $perm_members   Permissions the logged in members have
* @param    array   $perm_anon      Permissinos anonymous users have
* @param    int     $is_enabled     Flag, indicates if block is enabled or not
* @param    int     $allow_autotags Flag, indicates if autotags are enabed or not
* @return   string                  HTML redirect or error message
*
*/
function BLOCK_save($bid, $name, $title, $help, $type, $blockorder, $content, $tid, $rdfurl, $rdfupdated, $rdflimit, $phpblockfn, $onleft, $owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon, $is_enabled, $allow_autotags)
{
    global $_CONF, $_TABLES, $LANG01, $LANG21, $MESSAGE;
    $retval = '';
    $B['bid'] = (int) $bid;
    $B['name'] = $name;
    $B['title'] = $title;
    $B['type'] = $type;
    $B['blockorder'] = $blockorder;
    $B['content'] = $content;
    $B['tid'] = $tid;
    $B['rdfurl'] = $rdfurl;
    $B['rdfupdated'] = $rdfupdated;
    $B['rdflimit'] = $rdflimit;
    $B['phpblockfn'] = $phpblockfn;
    $B['onleft'] = $onleft;
    $B['owner_id'] = $owner_id;
    $B['group_id'] = $group_id;
    $B['perm_owner'] = $perm_owner;
    $B['perm_group'] = $perm_group;
    $B['perm_members'] = $perm_members;
    $B['perm_anon'] = $perm_anon;
    $B['is_enabled'] = $is_enabled;
    $B['allow_autotags'] = $allow_autotags;
    $bid = (int) $bid;
    $MenuElementAllowedHTML = "i[class|style],div[class|style],span[class|style],img[src|class|style],em,strong,del,ins,q,abbr,dfn,small";
    $filter = sanitizer::getInstance();
    $allowedElements = $filter->makeAllowedElements($MenuElementAllowedHTML);
    $filter->setAllowedElements($allowedElements);
    $filter->setPostmode('html');
    $title = $filter->filterHTML($title);
    $title = DB_escapeString($title);
    $phpblockfn = DB_escapeString(trim($phpblockfn));
    if (empty($title) || !BLOCK_validateName($name)) {
        if (empty($title)) {
            $msg = $LANG21[64];
        } else {
            $msg = $LANG21[70];
        }
        SEC_setCookie($_CONF['cookie_name'] . 'adveditor', SEC_createTokenGeneral('advancededitor'), time() + 1200, $_CONF['cookie_path'], $_CONF['cookiedomain'], $_CONF['cookiesecure'], false);
        $retval .= COM_siteHeader('menu', $LANG21[63]) . COM_showMessageText($msg, $LANG21[63], true) . BLOCK_edit($bid, $B) . COM_siteFooter();
        return $retval;
    }
    // Convert array values to numeric permission values
    list($perm_owner, $perm_group, $perm_members, $perm_anon) = SEC_getPermissionValues($perm_owner, $perm_group, $perm_members, $perm_anon);
    $access = 0;
    if ($bid > 0 && DB_count($_TABLES['blocks'], 'bid', $bid) > 0) {
        $result = DB_query("SELECT owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon FROM {$_TABLES['blocks']} WHERE bid = '{$bid}'");
        $A = DB_fetchArray($result);
        $access = SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']);
    } else {
        $access = SEC_hasAccess($owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon);
    }
    if ($access < 3 || !BLOCK_hasTopicAccess($tid) || !SEC_inGroup($group_id)) {
        $retval .= COM_siteHeader('menu', $MESSAGE[30]);
        $retval .= COM_showMessageText($MESSAGE[33], $MESSAGE[30], true);
        $retval .= COM_siteFooter();
        COM_accessLog("User {$_USER['username']} tried to illegally create or edit block {$bid}.");
        return $retval;
    } elseif ($type == 'normal' && !empty($title) && !empty($content) or $type == 'portal' && !empty($title) && !empty($rdfurl) or $type == 'gldefault' && strlen($blockorder) > 0 or $type == 'phpblock' && !empty($phpblockfn) && !empty($title)) {
        if ($is_enabled == 'on') {
            $is_enabled = 1;
        } else {
            $is_enabled = 0;
        }
        if ($allow_autotags == 1) {
            $allow_autotags = 1;
        } else {
            $allow_autotags = 0;
        }
        if ($type == 'portal') {
            $content = '';
            $rdfupdated = '';
            $phpblockfn = '';
            // get rid of possible extra prefixes (e.g. "feed://http://...")
            if (substr($rdfurl, 0, 4) == 'rss:') {
                $rdfurl = substr($rdfurl, 4);
            } else {
                if (substr($rdfurl, 0, 5) == 'feed:') {
                    $rdfurl = substr($rdfurl, 5);
                }
            }
            if (substr($rdfurl, 0, 2) == '//') {
                $rdfurl = substr($rdfurl, 2);
            }
            $rdfurl = COM_sanitizeUrl($rdfurl, array('http', 'https'));
        }
        if ($type == 'gldefault') {
            if ($name != 'older_stories') {
                $content = '';
            }
            $rdfurl = '';
            $rdfupdated = '';
            $rdflimit = 0;
            $phpblockfn = '';
        }
        if ($type == 'phpblock') {
            // NOTE: PHP Blocks must be within a function and the function
            // must start with phpblock_ as the prefix.  This will prevent
            // the arbitrary execution of code
            if (!stristr($phpblockfn, 'phpblock_')) {
                $retval .= COM_siteHeader('menu', $LANG21[37]) . COM_showMessageText($LANG21[38], $LANG21[37], true) . BLOCK_edit($bid, $B) . COM_siteFooter();
                return $retval;
            }
            $content = '';
            $rdfurl = '';
            $rdfupdated = '';
            $rdflimit = 0;
        }
        if ($type == 'normal') {
            $rdfurl = '';
            $rdfupdated = '';
            $rdflimit = 0;
            $phpblockfn = '';
            $content = DB_escapeString($content);
        }
        if ($rdflimit < 0) {
            $rdflimit = 0;
        }
        if (!empty($rdfurl)) {
            $rdfurl = DB_escapeString($rdfurl);
        }
        if (empty($rdfupdated)) {
            $rdfupdated = '1000-01-01 00:00:00';
        }
        $name = DB_escapeString($name);
        if ($bid > 0) {
            DB_save($_TABLES['blocks'], 'bid,name,title,help,type,blockorder,content,tid,rdfurl,rdfupdated,rdflimit,phpblockfn,onleft,owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon,is_enabled,allow_autotags,rdf_last_modified,rdf_etag', "{$bid},'{$name}','{$title}','{$help}','{$type}','{$blockorder}','{$content}','{$tid}','{$rdfurl}','{$rdfupdated}','{$rdflimit}','{$phpblockfn}',{$onleft},{$owner_id},{$group_id},{$perm_owner},{$perm_group},{$perm_members},{$perm_anon},{$is_enabled},{$allow_autotags},NULL,NULL");
        } else {
            $sql = "INSERT INTO {$_TABLES['blocks']} " . '(name,title,help,type,blockorder,content,tid,rdfurl,rdfupdated,rdflimit,phpblockfn,onleft,owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon,is_enabled,allow_autotags) ' . "VALUES ('{$name}','{$title}','{$help}','{$type}','{$blockorder}','{$content}','{$tid}','{$rdfurl}','{$rdfupdated}','{$rdflimit}','{$phpblockfn}',{$onleft},{$owner_id},{$group_id},{$perm_owner},{$perm_group},{$perm_members},{$perm_anon},{$is_enabled},{$allow_autotags})";
            DB_query($sql);
            $bid = DB_insertId();
        }
        if ($type == 'gldefault' && $name == 'older_stories') {
            COM_olderStuff();
        }
        CTL_clearCache();
        COM_setMessage(11);
        return COM_refresh($_CONF['site_admin_url'] . '/block.php');
    } else {
        SEC_setCookie($_CONF['cookie_name'] . 'adveditor', SEC_createTokenGeneral('advancededitor'), time() + 1200, $_CONF['cookie_path'], $_CONF['cookiedomain'], $_CONF['cookiesecure'], false);
        $retval .= COM_siteHeader('menu', $LANG21[32]);
        if ($type == 'portal') {
            // Portal block is missing fields
            $msg = $LANG21[33];
        } else {
            if ($type == 'phpblock') {
                // PHP Block is missing field
                $msg = $LANG21[34];
            } else {
                if ($type == 'normal') {
                    // Normal block is missing field
                    $msg = $LANG21[35];
                } else {
                    if ($type == 'gldefault') {
                        // Default glFusion field missing
                        $msg = $LANG21[42];
                    } else {
                        // Layout block missing content
                        $msg = $LANG21[36];
                    }
                }
            }
        }
        $retval .= COM_showMessageText($msg, $LANG21[32], true);
        $retval .= BLOCK_edit($bid, $B);
        $retval .= COM_siteFooter();
    }
    return $retval;
}
Ejemplo n.º 13
0
/**
* Shows the form the admin uses to send glFusion members a message. Now you
* can email a user or an entire group depending upon whether uid or grp_id is
* set.  if both arguments are >0, the group send function takes precedence
*
* @return   string      HTML for the email form
*
*/
function MAIL_displayForm($uid = 0, $grp_id = 0, $from = '', $replyto = '', $subject = '', $message = '')
{
    global $_CONF, $_TABLES, $_USER, $LANG31, $LANG03, $LANG_ADMIN;
    USES_lib_admin();
    $retval = '';
    if (isset($_POST['postmode'])) {
        $postmode = COM_applyFilter($_POST['postmode']);
        if ($postmode != 'html' || $postmode != 'plaintext') {
            $postmode = $_CONF['postmode'];
        }
    } else {
        $postmode = $_CONF['postmode'];
    }
    $mail_templates = new Template($_CONF['path_layout'] . 'admin/mail');
    $mail_templates->set_file('form', 'mailform.thtml');
    if ($postmode == 'html') {
        $mail_templates->set_var('show_htmleditor', true);
    } else {
        $mail_templates->unset_var('show_htmleditor');
    }
    $mail_templates->set_var('postmode', $postmode);
    $mail_templates->set_var('lang_postmode', $LANG03[2]);
    $mail_templates->set_var('postmode_options', COM_optionList($_TABLES['postmodes'], 'code,name', $postmode));
    $mail_templates->set_var('startblock_email', COM_startBlock($LANG31[1], '', COM_getBlockTemplate('_admin_block', 'header')));
    $mail_templates->set_var('php_self', $_CONF['site_admin_url'] . '/mail.php');
    $usermode = $uid > 0 && $grp_id == 0 ? true : false;
    $send_to_group = $usermode ? '' : '1';
    $mail_templates->set_var('send_to_group', $send_to_group);
    $menu_arr = array(array('url' => $_CONF['site_admin_url'] . '/user.php', 'text' => $LANG_ADMIN['admin_users']), array('url' => $_CONF['site_admin_url'] . '/group.php', 'text' => $LANG_ADMIN['admin_groups']), array('url' => $_CONF['site_admin_url'], 'text' => $LANG_ADMIN['admin_home']));
    $instructions = $usermode ? $LANG31[28] : $LANG31[19];
    $icon = $_CONF['layout_url'] . '/images/icons/mail.png';
    $admin_menu = ADMIN_createMenu($menu_arr, $instructions, $icon);
    $mail_templates->set_var('admin_menu', $admin_menu);
    if ($usermode) {
        // we're sending e-Mail to a specific user
        $mail_templates->set_var('lang_instructions', $LANG31[28]);
        $mail_templates->set_var('lang_to', $LANG31[18]);
        $to_user = '';
        $lang_warning = $LANG31[29];
        $warning = '';
        // get the user data, and check the privacy settings
        $result = DB_query("SELECT username,fullname,email FROM {$_TABLES['users']} WHERE uid = " . (int) $uid);
        $nrows = DB_numRows($result);
        if ($nrows > 0) {
            $A = DB_fetchArray($result);
            $username = $_CONF['show_fullname'] ? $A['fullname'] : $A['username'];
            $to_user = $username . ' (' . $A['email'] . ')';
            $emailfromadmin = DB_getItem($_TABLES['userprefs'], 'emailfromadmin', "uid = " . (int) $uid);
            $warning = $emailfromadmin == 1 ? '' : $LANG31[30];
        }
        $mail_templates->set_var('to_user', $to_user);
        $mail_templates->set_var('to_uid', $uid);
        $mail_templates->set_var('lang_warning', $lang_warning);
        $mail_templates->set_var('warning', $warning);
    } else {
        // we're sending e-Mail to a group of users
        $mail_templates->set_var('lang_instructions', $LANG31[19]);
        $mail_templates->set_var('lang_to', $LANG31[27]);
        $mail_templates->set_var('lang_selectgroup', $LANG31[25]);
        // build group options select, allow for possibility grp_id has been supplied
        $group_options = '';
        $result = DB_query("SELECT grp_id, grp_name FROM {$_TABLES['groups']} WHERE grp_name <> 'All Users'");
        $nrows = DB_numRows($result);
        $groups = array();
        for ($i = 0; $i < $nrows; $i++) {
            $A = DB_fetchArray($result);
            $groups[$A['grp_id']] = ucwords($A['grp_name']);
        }
        asort($groups);
        foreach ($groups as $groupID => $groupName) {
            if (SEC_inGroup('Root') || SEC_inGroup($groupName) && $groupName != 'Logged-in Users' && $groupName != 'Mail Admin') {
                $group_options .= '<option value="' . $groupID . '"';
                $group_options .= $groupID == $grp_id ? ' selected="selected"' : '';
                $group_options .= '>' . $groupName . '</option>';
            }
        }
        $mail_templates->set_var('group_options', $group_options);
    }
    $mail_templates->set_var('lang_from', $LANG31[2]);
    $frm = empty($from) ? $_CONF['site_name'] : $from;
    $mail_templates->set_var('site_name', $frm);
    $mail_templates->set_var('lang_replyto', $LANG31[3]);
    $rto = empty($replyto) ? $_CONF['site_mail'] : $replyto;
    $mail_templates->set_var('site_mail', $rto);
    $mail_templates->set_var('lang_subject', $LANG31[4]);
    $mail_templates->set_var('subject', $subject);
    $mail_templates->set_var('lang_body', $LANG31[5]);
    $mail_templates->set_var('message_text', $message);
    $mail_templates->set_var('message_html', $message);
    $mail_templates->set_var('lang_sendto', $LANG31[6]);
    $mail_templates->set_var('lang_allusers', $LANG31[7]);
    $mail_templates->set_var('lang_admin', $LANG31[8]);
    $mail_templates->set_var('lang_options', $LANG31[9]);
    $mail_templates->set_var('lang_HTML', $LANG31[10]);
    $mail_templates->set_var('lang_urgent', $LANG31[11]);
    $mail_templates->set_var('lang_ignoreusersettings', $LANG31[14]);
    $mail_templates->set_var('lang_send', $LANG31[12]);
    $mail_templates->set_var('end_block', COM_endBlock(COM_getBlockTemplate('_admin_block', 'footer')));
    $mail_templates->set_var('gltoken_name', CSRF_TOKEN);
    $mail_templates->set_var('gltoken', SEC_createToken());
    PLG_templateSetVars('contact', $mail_templates);
    $mail_templates->parse('output', 'form');
    $retval = $mail_templates->finish($mail_templates->get_var('output'));
    SEC_setCookie($_CONF['cookie_name'] . 'adveditor', SEC_createTokenGeneral('advancededitor'), time() + 1200, $_CONF['cookie_path'], $_CONF['cookiedomain'], $_CONF['cookiesecure'], false);
    return $retval;
}