Ejemplo n.º 1
0
function selectHTML_forum($selected = '')
{
    global $_CONF, $_TABLES;
    $selectHTML = '';
    $asql = DB_query("SELECT * FROM {$_TABLES['forum_categories']} ORDER BY cat_order ASC");
    while ($A = DB_fetchArray($asql)) {
        $firstforum = true;
        $bsql = DB_query("SELECT * FROM {$_TABLES['forum_forums']} WHERE forum_cat='{$A['id']}' ORDER BY forum_order ASC");
        while ($B = DB_fetchArray($bsql)) {
            $groupname = DB_getItem($_TABLES['groups'], 'grp_name', "grp_id='{$B['grp_id']}'");
            if (SEC_inGroup($groupname)) {
                if ($firstforum) {
                    $selectHTML .= '<option value="-1">-------------------</option>';
                    $selectHTML .= '<option value="-1">' . $A['cat_name'] . '</option>';
                }
                $firstforum = false;
                if ($B['forum_id'] == $selected) {
                    $selectHTML .= LB . '<option value="' . $B['forum_id'] . '" selected="selected">&nbsp;&#187;&nbsp;&nbsp;' . $B['forum_name'] . '</option>';
                } else {
                    $selectHTML .= LB . '<option value="' . $B['forum_id'] . '">&nbsp;&#187;&nbsp;&nbsp;' . $B['forum_name'] . '</option>';
                }
            }
        }
    }
    return $selectHTML;
}
Ejemplo n.º 2
0
/**
 *	Check if user is authorized
 *	
 *	@return boolean true if access granted, false if no access
 */
function auth()
{
    // You can insert your own code over here to check if the user is authorized.
    // If you use a session variable, you've got to start the session first (session_start())
    global $_CONF;
    return SEC_inGroup('Root') || !$_CONF['filemanager_disabled'] && (SEC_inGroup('Filemanager Admin') || SEC_hasRights('filemanager.admin'));
}
Ejemplo n.º 3
0
function listDownloads()
{
    global $_CONF, $_TABLES, $LANG_ADMIN, $LANG_DLM;
    require_once $_CONF['path_system'] . 'lib-admin.php';
    $retval = '';
    $is_root_user = SEC_inGroup('Root');
    $admin_url = $_CONF['site_admin_url'] . '/plugins/downloads/index.php';
    $field_category = $LANG_DLM['category'];
    if (isset($_CONF['languages'])) {
        $field_category .= ' (' . $LANG_DLM['language'] . ')';
    }
    $header_arr = array(array('text' => $LANG_ADMIN['edit'], 'field' => 'edit', 'sort' => false), array('text' => $LANG_ADMIN['title'], 'field' => 'title', 'sort' => true), array('text' => $field_category, 'field' => 'cid', 'sort' => true), array('text' => $LANG_DLM['ver'], 'field' => 'version', 'sort' => true), array('text' => $LANG_DLM['size'], 'field' => 'size', 'sort' => true), array('text' => $LANG_DLM['submitdate'], 'field' => 'date', 'sort' => true));
    $defsort_arr = array('field' => 'date', 'direction' => 'desc');
    $menu_arr = array();
    if ($is_root_user) {
        $menu_arr[] = array('url' => $admin_url . '?op=listCategories', 'text' => $LANG_DLM['nav_categories']);
        $menu_arr[] = array('url' => $admin_url . '?op=newCategory', 'text' => $LANG_DLM['nav_addcategory']);
    }
    $sql = "SELECT COUNT(*) FROM {$_TABLES['downloadcategories']} WHERE cid != ''";
    list($count) = DB_fetchArray(DB_query($sql));
    if ($count > 0) {
        $menu_arr[] = array('url' => $admin_url . '?op=uploadFile', 'text' => $LANG_DLM['nav_addfile']);
    }
    $menu_arr[] = array('url' => $_CONF['site_admin_url'], 'text' => $LANG_ADMIN['admin_home']);
    $retval .= COM_startBlock($LANG_DLM['manager'], '', COM_getBlockTemplate('_admin_block', 'header'));
    $retval .= ADMIN_createMenu($menu_arr, $is_root_user ? $LANG_DLM['instructions'] : $LANG_DLM['instructions2'], plugin_geticon_downloads());
    $text_arr = array('has_extras' => true, 'form_url' => $admin_url);
    $sql = "SELECT lid, url, a.title, a.cid, date, version, size, " . "b.owner_id, group_id, perm_owner, perm_group, perm_members, perm_anon " . "FROM {$_TABLES['downloads']} a " . "LEFT JOIN {$_TABLES['downloadcategories']} b ON a.cid=b.cid " . "WHERE lid != '' " . COM_getPermSQL('AND', 0, 2, 'b');
    $query_arr = array('table' => 'downloads', 'sql' => $sql, 'query_fields' => array('title'), 'default_filter' => '');
    $retval .= ADMIN_list('downloads', 'downloads_getListField_Files', $header_arr, $text_arr, $query_arr, $defsort_arr);
    $retval .= COM_endBlock(COM_getBlockTemplate('_admin_block', 'footer'));
    return $retval;
}
Ejemplo n.º 4
0
function MG_selectUsers($page)
{
    global $glversion, $_CONF, $_MG_CONF, $_TABLES, $_USER, $LANG_MG00, $LANG_MG01;
    $retval = '';
    $T = new Template($_MG_CONF['template_path']);
    $T->set_file('admin', 'createmembers.thtml');
    $T->set_var(array('site_admin_url' => $_CONF['site_admin_url'], 'site_url' => $_CONF['site_url'], 'xhtml' => XHTML));
    $T->set_block('admin', 'UserRow', 'uRow');
    $start = $page * 50;
    $end = 50;
    $sql = "SELECT COUNT(gl.uid) AS count " . "FROM {$_TABLES['users']} AS gl " . "LEFT JOIN {$_TABLES['mg_userprefs']} AS mg ON gl.uid=mg.uid " . "WHERE gl.status = 3 AND gl.uid > 2 AND (mg.member_gallery IS NULL OR mg.member_gallery < 1)";
    $result = DB_query($sql);
    list($total_records) = DB_fetchArray($result);
    $sql = "SELECT gl.uid, gl.status, gl.username, gl.fullname, mg.member_gallery " . "FROM {$_TABLES['users']} AS gl " . "LEFT JOIN {$_TABLES['mg_userprefs']} AS mg ON gl.uid=mg.uid " . "WHERE gl.status = 3 AND gl.uid > 2 AND (mg.member_gallery IS NULL OR mg.member_gallery < 1) " . "ORDER BY gl.username ASC LIMIT {$start},{$end}";
    $result = DB_query($sql);
    while ($row = DB_fetchArray($result)) {
        if ($glversion[1] < 4) {
            $row['status'] = 3;
        }
        $uid = $row['uid'];
        $remote = SEC_inGroup("Remote Users", $uid) ? '(r)' : '';
        $username = $row['username'];
        $member_gallery = $row['member_gallery'];
        $T->set_var(array('uid' => $uid, 'username' => $username . ' ' . $remote . ' - ' . $row['fullname'], 'select' => '<input type="checkbox" name="user[]" value="' . $uid . '"' . XHTML . '>'));
        $T->parse('uRow', 'UserRow', true);
    }
    $T->set_var(array('lang_userid' => $LANG_MG01['userid'], 'lang_username' => $LANG_MG01['username'], 'lang_select' => $LANG_MG01['select'], 'lang_checkall' => $LANG_MG01['check_all'], 'lang_uncheckall' => $LANG_MG01['uncheck_all'], 'lang_save' => $LANG_MG01['save'], 'lang_cancel' => $LANG_MG01['cancel'], 'lang_reset' => $LANG_MG01['reset'], 's_form_action' => $_MG_CONF['admin_url'] . 'createmembers.php', 'pagenav' => COM_printPageNavigation($_MG_CONF['admin_url'] . 'createmembers.php', $page + 1, ceil($total_records / 50))));
    $retval .= $T->finish($T->parse('output', 'admin'));
    return $retval;
}
Ejemplo n.º 5
0
/**
* Display a reminder to execute the security check script
*
* @return   string      HTML for security reminder (or empty string)
*/
function security_check_reminder()
{
    global $_CONF, $_TABLES, $_IMAGE_TYPE, $MESSAGE;
    $retval = '';
    if (!SEC_inGroup('Root')) {
        return $retval;
    }
    $done = DB_getItem($_TABLES['vars'], 'value', "name = 'security_check'");
    if ($done != 1) {
        $retval .= COM_showMessage(92);
    }
    return $retval;
}
Ejemplo n.º 6
0
function taskconsoleShowNavbar($selected = 'My Tasks')
{
    global $_USER, $_CONF, $optLinkVars, $usermodeUID;
    $retval = '<div id="navbar1" style="display:;">';
    $navbar = new navbar();
    if ($_USER['uid'] > 1) {
        $navbar->add_menuitem('My Tasks', $_CONF['site_url'] . '/nexflow/index.php?op=mytasks' . $optLinkVars);
        $navbar->add_menuitem('My Flows', $_CONF['site_url'] . '/nexflow/index.php?op=myprojects' . $optLinkVars);
    }
    $navbar->add_menuitem('All Flows', $_CONF['site_url'] . '/nexflow/index.php?op=allprojects' . $optLinkVars);
    if (SEC_inGroup('nexflow Admin')) {
        $navbar->add_menuitem('Outstanding Tasks', $_CONF['site_admin_url'] . '/plugins/nexflow/outstanding.php?taskuser='******'uid'] > 1) {
        $navbar->add_menuitem('Start New Process', $_CONF['site_url'] . '/nexflow/newprocess.php?taskuser='******'</div>';
    return $retval;
}
Ejemplo n.º 7
0
 public function renderMenu()
 {
     global $_TABLES, $_CONF;
     $menuItems = false;
     $query = DB_query("SELECT grp_access FROM {$_TABLES['nexmenu']} WHERE pid=0 AND is_enabled=1 AND location='{$this->_type}'");
     while (list($grp_id) = DB_fetchArray($query)) {
         $grp_name = DB_getItem($_TABLES['groups'], "grp_name", "grp_id='{$grp_id}'");
         if (SEC_inGroup($grp_name)) {
             // There is atleast 1 item - set true and break out of loop
             $menuItems = true;
             break;
         }
     }
     if ($menuItems) {
         if ($this->_type == 'header') {
             return $this->_renderHeaderMenu();
         } elseif ($this->_type == 'block') {
             return $this->_renderBlockMenu();
         }
     } else {
         return '';
     }
 }
Ejemplo n.º 8
0
function upload_file()
{
    global $CONF_FE, $_TABLES, $GLOBALS, $_CONF;
    //upload the file
    $field_name = COM_applyFilter($_POST['current_upload_file']);
    $result_id = COM_applyFilter($_POST['res_id'], true);
    $form_id = COM_applyFilter($_POST['form_id'], true);
    $uploadfile = $_FILES[$field_name];
    $fieldID = COM_applyFilter($_REQUEST['field_id'], true);
    if ($result_id == 0) {
        //form has not been saved yet
        $result_id = nexform_dbsave($form_id, 0, false);
    }
    if (($rec = nexform_check4files($result_id, $field_name)) != 0) {
        $retval = '';
        $retval .= "&nbsp;<a href=\"{$CONF_FE['public_url']}/download.php?id={$rec}\" target=\"_new\">";
        $retval .= "<img src=\"{$CONF_FE['image_url']}/document_sm.gif\" border=\"0\">{$uploadfile['name'][0]}</a>&nbsp;";
        $edit_group = DB_getItem($_TABLES['nxform_definitions'], 'perms_edit', "id='{$form_id}'");
        if (SEC_inGroup($edit_group)) {
            $retval .= "<a href=\"#\" onClick='ajaxDeleteFile({$fieldID},{$rec},\"{$field_name}\"); return false;'>";
            $retval .= "<img src=\"{$CONF_FE['image_url']}/delete.gif\" border=\"0\"></a>&nbsp;";
        }
        $iserror = 'false';
    } else {
        //COM_fileLog("upload error:" . $GLOBALS['fe_errmsg']);
        $errmsg = $GLOBALS['fe_errmsg'];
        $err_fieldname = 'error_' . ppRandomFilename();
        $retval = '';
        if ($errmsg == '') {
            $errmsg = 'Your file could not be uploaded.';
        }
        $retval .= "<table id=\"tbl_{$err_fieldname}\"><tr id=\"{$err_fieldname}\"><td><img src=\"{$_CONF['layout_url']}/nexform/images/error.gif\"></td><td>{$errmsg}<br><center><font size=\"1\"><a href=\"#\" onClick=\"ajaxClearErrorMessage('{$err_fieldname}'); return false;\">[ Clear Message ]</a></font></center></td></tr></table>";
        $iserror = 'true';
    }
    return array($retval, $fieldID, $field_name, $form_id, $result_id, $iserror);
}
Ejemplo n.º 9
0
function MB_saveNewMenuElement()
{
    global $_CONF, $_TABLES, $_GROUPS, $MenuElementAllowedHTML;
    $filter = sanitizer::getInstance();
    $allowedElements = $filter->makeAllowedElements($MenuElementAllowedHTML);
    $filter->setAllowedElements($allowedElements);
    $filter->setPostmode('html');
    // build post vars
    $E['menu_id'] = COM_applyFilter($_POST['menu'], true);
    $E['pid'] = COM_applyFilter($_POST['pid'], true);
    $E['element_label'] = $filter->filterHTML($_POST['menulabel']);
    $E['element_type'] = COM_applyFilter($_POST['menutype'], true);
    $E['element_target'] = isset($_POST['urltarget']) ? COM_applyFilter($_POST['urltarget']) : '';
    $afterElementID = COM_applyFilter($_POST['menuorder'], true);
    $E['element_active'] = COM_applyFilter($_POST['menuactive'], true);
    $E['element_url'] = isset($_POST['menuurl']) ? trim(COM_applyFilter($_POST['menuurl'])) : '';
    $E['group_id'] = COM_applyFilter($_POST['group'], true);
    $menu = menu::getInstance($E['menu_id']);
    switch ($E['element_type']) {
        case 2:
            $E['element_subtype'] = DB_escapeString(COM_applyFilter($_POST['glfunction']));
            break;
        case 3:
            $E['element_subtype'] = COM_applyFilter($_POST['gltype'], true);
            break;
        case 4:
            $E['element_subtype'] = DB_escapeString(COM_applyFilter($_POST['pluginname']));
            break;
        case 5:
            $E['element_subtype'] = DB_escapeString(COM_applyFilter($_POST['spname']));
            break;
        case 6:
            $E['element_subtype'] = DB_escapeString(COM_applyFilter($_POST['menuurl']));
            /*
             * check URL if it needs http:// appended...
             */
            if (trim($E['element_subtype']) != '') {
                if (strpos($E['element_subtype'], "http") !== 0 && strpos($E['element_subtype'], "%site") === false && rtrim($E['element_subtype']) != '') {
                    $E['element_subtype'] = 'http://' . $E['element_subtype'];
                }
            }
            break;
        case 7:
            $E['element_subtype'] = DB_escapeString(COM_applyFilter($_POST['phpfunction']));
            break;
        case 9:
            $E['element_subtype'] = DB_escapeString(COM_applyFilter($_POST['topicname']));
            break;
        default:
            $E['element_subtype'] = '';
            break;
    }
    // check if URL needs the http:// added
    if (trim($E['element_url']) != '') {
        if (strpos($E['element_url'], "http") !== 0 && strpos($E['element_url'], "%site") === false && $E['element_url'][0] != '#' && rtrim($E['element_url']) != '') {
            $E['element_url'] = 'http://' . $E['element_url'];
        }
    }
    /*
     * Pull some constants..
     */
    $meadmin = SEC_hasRights('menu.admin');
    $root = SEC_inGroup('Root');
    $groups = $_GROUPS;
    /* set element order */
    if ($afterElementID == 0) {
        $aorder = 0;
    } else {
        $aorder = DB_getItem($_TABLES['menu_elements'], 'element_order', 'id=' . $afterElementID);
    }
    $E['element_order'] = $aorder + 1;
    /*
     * build our class
     */
    $element = new menuElement();
    $element->constructor($E, $meadmin, $root, $groups, 1);
    $element->id = $element->createElementID($E['menu_id']);
    $element->saveElement();
    $pid = $E['pid'];
    $menu_id = $E['menu_id'];
    $menu->reorderMenu($pid);
    CACHE_remove_instance('menu');
}
Ejemplo n.º 10
0
/**
* Saves user to the database
*
* @param    int     $uid            user id
* @param    string  $usernmae       (short) username
* @param    string  $fullname       user's full name
* @param    string  $email          user's email address
* @param    string  $regdate        date the user registered with the site
* @param    string  $homepage       user's homepage URL
* @param    array   $groups         groups the user belongs to
* @param    string  $delete_photo   delete user's photo if == 'on'
* @return   string                  HTML redirect or error message
*
*/
function saveusers($uid, $username, $fullname, $passwd, $passwd_conf, $email, $regdate, $homepage, $groups, $delete_photo = '', $userstatus = 3, $oldstatus = 3)
{
    global $_CONF, $_TABLES, $_USER, $LANG28, $_USER_VERBOSE;
    $retval = '';
    $userChanged = false;
    if ($_USER_VERBOSE) {
        COM_errorLog("**** entering saveusers****", 1);
        COM_errorLog("group size at beginning = " . count($groups), 1);
    }
    $service = DB_getItem($_TABLES['users'], 'remoteservice', "uid = {$uid}");
    // If remote service then assume blank password
    if (!empty($service)) {
        $passwd = '';
        $passwd_conf = '';
    }
    $passwd_changed = true;
    if (empty($service) && SEC_encryptUserPassword($passwd, $uid) === 0 && $passwd_conf === '') {
        $passwd_changed = false;
    }
    if ($passwd_changed && $passwd != $passwd_conf) {
        // passwords don't match
        return edituser($uid, 67);
    }
    $nameAndEmailOkay = true;
    if (empty($username)) {
        $nameAndEmailOkay = false;
    } elseif (empty($email)) {
        if (empty($uid)) {
            $nameAndEmailOkay = false;
            // new users need an email address
        } else {
            if (empty($service)) {
                $nameAndEmailOkay = false;
                // not a remote user - needs email
            }
        }
    }
    if ($nameAndEmailOkay) {
        if (!empty($email) && !COM_isEmail($email)) {
            return edituser($uid, 52);
        }
        $uname = DB_escapeString($username);
        if (empty($uid)) {
            $ucount = DB_getItem($_TABLES['users'], 'COUNT(*)', "username = '******'");
        } else {
            if (!empty($service)) {
                $uservice = DB_escapeString($service);
                $ucount = DB_getItem($_TABLES['users'], 'COUNT(*)', "username = '******' AND uid <> {$uid} AND remoteservice = '{$uservice}'");
            } else {
                $ucount = DB_getItem($_TABLES['users'], 'COUNT(*)', "username = '******' AND uid <> {$uid} AND (remoteservice = '' OR remoteservice IS NULL)");
            }
        }
        if ($ucount > 0) {
            // Admin just changed a user's username to one that already exists
            return edituser($uid, 51);
        }
        $emailaddr = DB_escapeString($email);
        $exclude_remote = " AND (remoteservice IS NULL OR remoteservice = '')";
        if (empty($uid)) {
            $ucount = DB_getItem($_TABLES['users'], 'COUNT(*)', "email = '{$emailaddr}'" . $exclude_remote);
        } else {
            $old_email = DB_getItem($_TABLES['users'], 'email', "uid = '{$uid}'");
            if ($old_email == $email) {
                // email address didn't change so don't care
                $ucount = 0;
            } else {
                $ucount = DB_getItem($_TABLES['users'], 'COUNT(*)', "email = '{$emailaddr}' AND uid <> {$uid}" . $exclude_remote);
            }
        }
        if ($ucount > 0) {
            // Admin just changed a user's email to one that already exists
            return edituser($uid, 56);
        }
        if ($_CONF['custom_registration'] && function_exists('CUSTOM_userCheck')) {
            $ret = CUSTOM_userCheck($username, $email);
            if (!empty($ret)) {
                // need a numeric return value - otherwise use default message
                if (!is_numeric($ret['number'])) {
                    $ret['number'] = 400;
                }
                return edituser($uid, $ret['number']);
            }
        }
        if (empty($uid)) {
            if (empty($passwd)) {
                // no password? create one ...
                $passwd = SEC_generateRandomPassword();
            }
            $uid = USER_createAccount($username, $email, $passwd, $fullname, $homepage);
            if ($uid > 1) {
                DB_query("UPDATE {$_TABLES['users']} SET status = {$userstatus} WHERE uid = {$uid}");
            }
        } else {
            $fullname = DB_escapeString($fullname);
            $homepage = DB_escapeString($homepage);
            $curphoto = DB_getItem($_TABLES['users'], 'photo', "uid = {$uid}");
            if (!empty($curphoto) && $delete_photo == 'on') {
                USER_deletePhoto($curphoto);
                $curphoto = '';
            }
            if ($_CONF['allow_user_photo'] == 1 && !empty($curphoto)) {
                $curusername = DB_getItem($_TABLES['users'], 'username', "uid = {$uid}");
                if ($curusername != $username) {
                    // user has been renamed - rename the photo, too
                    $newphoto = preg_replace('/' . $curusername . '/', $username, $curphoto, 1);
                    $imgpath = $_CONF['path_images'] . 'userphotos/';
                    if (@rename($imgpath . $curphoto, $imgpath . $newphoto) === false) {
                        $retval .= COM_errorLog('Could not rename userphoto "' . $curphoto . '" to "' . $newphoto . '".');
                        return $retval;
                    }
                    $curphoto = $newphoto;
                }
            }
            $curphoto = DB_escapeString($curphoto);
            DB_query("UPDATE {$_TABLES['users']} SET username = '******', fullname = '{$fullname}', email = '{$email}', homepage = '{$homepage}', photo = '{$curphoto}', status='{$userstatus}' WHERE uid = {$uid}");
            if ($passwd_changed && !empty($passwd)) {
                SEC_updateUserPassword($passwd, $uid);
            }
            if ($_CONF['custom_registration'] and function_exists('CUSTOM_userSave')) {
                CUSTOM_userSave($uid);
            }
            if ($_CONF['usersubmission'] == 1 && $oldstatus == USER_ACCOUNT_AWAITING_APPROVAL && $userstatus == USER_ACCOUNT_ACTIVE) {
                USER_createAndSendPassword($username, $email, $uid);
            }
            if ($userstatus == USER_ACCOUNT_DISABLED) {
                SESS_endUserSession($uid);
            }
            $userChanged = true;
        }
        // check that the user is allowed to change group assignments
        if (is_array($groups) && SEC_hasRights('group.assign')) {
            if (!SEC_inGroup('Root')) {
                $rootgrp = DB_getItem($_TABLES['groups'], 'grp_id', "grp_name = 'Root'");
                if (in_array($rootgrp, $groups)) {
                    COM_accessLog("User {$_USER['username']} ({$_USER['uid']}) just tried to give Root permissions to user {$username}.");
                    echo COM_refresh($_CONF['site_admin_url'] . '/index.php');
                    exit;
                }
            }
            // make sure the Remote Users group is in $groups
            if (SEC_inGroup('Remote Users', $uid)) {
                $remUsers = DB_getItem($_TABLES['groups'], 'grp_id', "grp_name = 'Remote Users'");
                if (!in_array($remUsers, $groups)) {
                    $groups[] = $remUsers;
                }
            }
            if ($_USER_VERBOSE) {
                COM_errorLog("deleting all group_assignments for user {$uid}/{$username}", 1);
            }
            // remove user from all groups that the User Admin is a member of
            $UserAdminGroups = SEC_getUserGroups();
            $whereGroup = 'ug_main_grp_id IN (' . implode(',', $UserAdminGroups) . ')';
            DB_query("DELETE FROM {$_TABLES['group_assignments']} WHERE (ug_uid = {$uid}) AND " . $whereGroup);
            // make sure to add user to All Users and Logged-in Users groups
            $allUsers = DB_getItem($_TABLES['groups'], 'grp_id', "grp_name = 'All Users'");
            if (!in_array($allUsers, $groups)) {
                $groups[] = $allUsers;
            }
            $logUsers = DB_getItem($_TABLES['groups'], 'grp_id', "grp_name = 'Logged-in Users'");
            if (!in_array($logUsers, $groups)) {
                $groups[] = $logUsers;
            }
            foreach ($groups as $userGroup) {
                if (in_array($userGroup, $UserAdminGroups)) {
                    if ($_USER_VERBOSE) {
                        COM_errorLog("adding group_assignment " . $userGroup . " for {$username}", 1);
                    }
                    $sql = "INSERT INTO {$_TABLES['group_assignments']} (ug_main_grp_id, ug_uid) VALUES ({$userGroup}, {$uid})";
                    DB_query($sql);
                }
            }
        }
        if ($userChanged) {
            PLG_userInfoChanged($uid);
        }
        $errors = DB_error();
        if (empty($errors)) {
            echo PLG_afterSaveSwitch($_CONF['aftersave_user'], "{$_CONF['site_url']}/users.php?mode=profile&uid={$uid}", 'user', 21);
        } else {
            $retval .= COM_errorLog('Error in saveusers in ' . $_CONF['site_admin_url'] . '/user.php');
            $retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG28[22]));
            echo $retval;
            exit;
        }
    } else {
        $retval .= COM_showMessageText($LANG28[10]);
        if (!empty($uid) && $uid > 1 && DB_count($_TABLES['users'], 'uid', $uid) > 0) {
            $retval .= edituser($uid);
        } else {
            $retval .= edituser();
        }
        $retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG28[1]));
        COM_output($retval);
        exit;
    }
    if ($_USER_VERBOSE) {
        COM_errorLog("***************leaving saveusers*****************", 1);
    }
    return $retval;
}
Ejemplo n.º 11
0
function MG_mediaEdit($album_id, $media_id, $actionURL = '', $mqueue = 0, $view = 0, $back = '')
{
    global $_USER, $_CONF, $_MG_CONF, $_TABLES, $_MG_CONF, $LANG_MG00, $LANG_MG01, $LANG_MG03, $LANG_MG07, $_DB_dbms;
    $album = new mgAlbum($album_id);
    if ($actionURL == '') {
        $actionURL = $_MG_CONF['site_url'] . '/index.php';
    }
    $retval = '';
    $T = COM_newTemplate(MG_getTemplatePath($album_id));
    $T->set_file(array('admin' => 'mediaedit.thtml', 'asf_options' => 'edit_asf_options.thtml', 'mp3_options' => 'edit_mp3_options.thtml', 'swf_options' => 'edit_swf_options.thtml', 'mov_options' => 'edit_mov_options.thtml', 'flv_options' => 'edit_flv_options.thtml'));
    // pull the media information from the database...
    $sql = "SELECT * FROM ";
    if ($_DB_dbms == "mssql") {
        $sql = "SELECT *,CAST(media_desc AS TEXT) AS media_desc FROM ";
    }
    $sql .= ($mqueue ? $_TABLES['mg_mediaqueue'] : $_TABLES['mg_media']) . " WHERE media_id='" . addslashes($media_id) . "'";
    $result = DB_query($sql);
    $row = DB_fetchArray($result);
    if ($album->access != 3 && !SEC_inGroup($album->mod_group_id) && $row['media_user_id'] != $_USER['uid']) {
        COM_errorLog("Someone has tried to illegally sort albums in Media Gallery. " . "User id: {$_USER['uid']}, Username: {$_USER['username']}, IP: {$REMOTE_ADDR}", 1);
        return COM_showMessageText($LANG_MG00['access_denied_msg']);
    }
    // Build Album List
    $album_jumpbox = '<select name="albums" width="40">';
    $root_album = new mgAlbum(0);
    $root_album->buildJumpBox($album_jumpbox, $album_id);
    $album_jumpbox .= '</select>';
    // should check the above for errors, etc...
    $exif_info = '';
    if ($row['media_type'] == 0) {
        if (!function_exists('MG_readEXIF')) {
            require_once $_CONF['path'] . 'plugins/mediagallery/include/lib-exif.php';
        }
        $exif_info = MG_readEXIF($row['media_id'], 1, $mqueue);
        if (empty($exif_info)) {
            $exif_info = '';
        }
    }
    $media_time_month = date("m", $row['media_time']);
    $media_time_day = date("d", $row['media_time']);
    $media_time_year = date("Y", $row['media_time']);
    $media_time_hour = date("H", $row['media_time']);
    $media_time_minute = date("i", $row['media_time']);
    $month_select = '<select name="media_month">';
    $month_select .= COM_getMonthFormOptions($media_time_month);
    $month_select .= '</select>';
    $day_select = '<select name="media_day">';
    for ($i = 1; $i < 32; $i++) {
        $day_select .= '<option value="' . $i . '"' . ($media_time_day == $i ? 'selected="selected"' : "") . '>' . $i . '</option>';
    }
    $day_select .= '</select>';
    $current_year = (int) date("Y");
    $end_year = $current_year + 10;
    $year_select = '<select name="media_year">';
    for ($i = 1998; $i < $end_year; $i++) {
        $year_select .= '<option value="' . $i . '"' . ($media_time_year == $i ? 'selected="selected"' : "") . '>' . $i . '</option>';
    }
    $year_select .= '</select>';
    $hour_select = '<select name="media_hour">';
    for ($i = 0; $i < 24; $i++) {
        $hour_select .= '<option value="' . $i . '"' . ($media_time_hour == $i ? 'selected="selected"' : "") . '>' . $i . '</option>';
    }
    $hour_select .= '</select>';
    $minute_select = '<select name="media_minute">';
    for ($i = 0; $i < 60; $i++) {
        $minute_select .= '<option value="' . $i . '"' . ($media_time_minute == $i ? 'selected="selected"' : "") . '>' . ($i < 10 ? '0' : '') . $i . '</option>';
    }
    $minute_select .= '</select>';
    $media_time = MG_getUserDateTimeFormat($row['media_time']);
    $tn_size = 1;
    list($thumbnail, $pThumbnail, $size) = Media::getThumbInfo($row, $tn_size);
    $attached_thumbnail = '';
    if ($row['media_tn_attached'] == 1) {
        $atnsize = '';
        if ($size != false) {
            list($newwidth, $newheight) = Media::getImageWH($size[0], $size[1], 150, 150);
            $atnsize = 'width="' . $newwidth . '" height="' . $newheight . '"';
        }
        $attached_thumbnail = '<img src="' . $thumbnail . '" alt="" ' . $atnsize . XHTML . '>';
        $tmpthumb = Media::getDefaultThumbnail($row, $tn_size);
        $thumbnail = $_MG_CONF['mediaobjects_url'] . '/' . $tmpthumb;
        $size = getimagesize($_MG_CONF['path_mediaobjects'] . $tmpthumb);
    }
    $preview = '';
    $preview_end = '';
    if ($row['media_type'] == 0 || $row['media_type'] == 1 || $row['media_type'] == 2) {
        // image, video and music file
        if ($row['media_type'] == 2) {
            $win_width = 540;
            $win_height = 320;
        } elseif ($row['media_type'] == 1) {
            $win_width = 660;
            $win_height = 525;
        } elseif ($row['media_type'] == 0) {
            $path = Media::getFilePath('disp', $row['media_filename'], $row['media_mime_ext']);
            $media_size_disp = @getimagesize($path);
            $win_width = $media_size_disp[0] + 20;
            $win_height = $media_size_disp[1] + 20;
        } else {
            $win_width = 800;
            $win_height = 600;
        }
        $url = Media::getHref_showvideo($row['media_id'], $win_height, $win_width, $mqueue);
        $preview = "<a href=\"" . $url . "\">";
        $preview_end = "</a>";
    }
    $rotate_right = '';
    $rotate_left = '';
    if ($row['media_type'] == 0 && ($_CONF['image_lib'] != 'gdlib' || function_exists("imagerotate"))) {
        $rotate_right = '<a href="' . $_MG_CONF['site_url'] . '/admin.php?mode=rotate&amp;action=right&amp;media_id=' . $row['media_id'] . '&amp;album_id=' . $album_id . '">' . '<img src="' . $_MG_CONF['site_url'] . '/images/rotate_right_icon.gif" alt="' . $LANG_MG01['rotate_left'] . '" style="border:none;"' . XHTML . '></a>';
        $rotate_left = '<a href="' . $_MG_CONF['site_url'] . '/admin.php?mode=rotate&amp;action=left&amp;media_id=' . $row['media_id'] . '&amp;album_id=' . $album_id . '">' . '<img src="' . $_MG_CONF['site_url'] . '/images/rotate_left_icon.gif" alt="' . $LANG_MG01['rotate_right'] . '" style="border:none;"' . XHTML . '></a>';
    }
    $resolution = '';
    $lang_resolution = '';
    if ($row['media_type'] == 1) {
        // video file
        $resolution = 'unknown';
        if ($row['media_resolution_x'] > 0 && $row['media_resolution_y'] > 0) {
            $resolution = $row['media_resolution_x'] . 'x' . $row['media_resolution_y'];
        }
        $lang_resolution = $LANG_MG07['resolution'];
    }
    $sql = "SELECT * FROM {$_TABLES['mg_playback_options']} " . "WHERE media_id='" . addslashes($row['media_id']) . "'";
    $poResult = DB_query($sql);
    $poNumRows = DB_numRows($poResult);
    // playback options, if needed...
    if ($row['mime_type'] == 'video/x-ms-asf' || $row['mime_type'] == 'video/x-ms-wvx' || $row['mime_type'] == 'video/x-ms-wm' || $row['mime_type'] == 'video/x-ms-wmx' || $row['mime_type'] == 'video/x-ms-wmv' || $row['mime_type'] == 'audio/x-ms-wma' || $row['mime_type'] == 'video/x-msvideo') {
        // pull defaults, then override...
        $playback_options['autostart'] = $_MG_CONF['asf_autostart'];
        $playback_options['enablecontextmenu'] = $_MG_CONF['asf_enablecontextmenu'];
        $playback_options['stretchtofit'] = $_MG_CONF['asf_stretchtofit'];
        $playback_options['uimode'] = $_MG_CONF['asf_uimode'];
        $playback_options['showstatusbar'] = $_MG_CONF['asf_showstatusbar'];
        $playback_options['playcount'] = $_MG_CONF['asf_playcount'];
        $playback_options['height'] = $_MG_CONF['asf_height'];
        $playback_options['width'] = $_MG_CONF['asf_width'];
        $playback_options['bgcolor'] = $_MG_CONF['asf_bgcolor'];
        for ($i = 0; $i < $poNumRows; $i++) {
            $poRow = DB_fetchArray($poResult);
            $playback_options[$poRow['option_name']] = $poRow['option_value'];
        }
        $uimode_select = MG_optionlist(array('name' => 'uimode', 'current' => $playback_options['uimode'], 'values' => array('none' => $LANG_MG07['none'], 'mini' => $LANG_MG07['mini'], 'full' => $LANG_MG07['full'])));
        $T->set_var(array('autostart_enabled' => $playback_options['autostart'] ? ' checked="checked"' : '', 'autostart_disabled' => $playback_options['autostart'] ? '' : ' checked="checked"', 'enablecontextmenu_enabled' => $playback_options['enablecontextmenu'] ? ' checked="checked"' : '', 'enablecontextmenu_disabled' => $playback_options['enablecontextmenu'] ? '' : ' checked="checked"', 'stretchtofit_enabled' => $playback_options['stretchtofit'] ? ' checked="checked"' : '', 'stretchtofit_disabled' => $playback_options['stretchtofit'] ? '' : ' checked="checked"', 'showstatusbar_enabled' => $playback_options['showstatusbar'] ? ' checked="checked"' : '', 'showstatusbar_disabled' => $playback_options['showstatusbar'] ? '' : ' checked="checked"', 'uimode_select' => $uimode_select, 'uimode' => $playback_options['uimode'], 'playcount' => $playback_options['playcount'], 'height' => $playback_options['height'], 'width' => $playback_options['width'], 'bgcolor' => $playback_options['bgcolor'], 'lang_resolution' => $lang_resolution, 'resolution' => $resolution));
        $T->parse('playback_options', 'asf_options');
    }
    if ($row['mime_type'] == 'audio/mpeg') {
        // pull defaults, then override...
        $playback_options['autostart'] = $_MG_CONF['mp3_autostart'];
        $playback_options['enablecontextmenu'] = $_MG_CONF['mp3_enablecontextmenu'];
        $playback_options['uimode'] = $_MG_CONF['mp3_uimode'];
        $playback_options['showstatusbar'] = $_MG_CONF['mp3_showstatusbar'];
        $playback_options['loop'] = $_MG_CONF['mp3_loop'];
        for ($i = 0; $i < $poNumRows; $i++) {
            $poRow = DB_fetchArray($poResult);
            $playback_options[$poRow['option_name']] = $poRow['option_value'];
        }
        $uimode_select = MG_optionlist(array('name' => 'uimode', 'current' => $playback_options['uimode'], 'values' => array('none' => $LANG_MG07['none'], 'mini' => $LANG_MG07['mini'], 'full' => $LANG_MG07['full'])));
        $T->set_var(array('autostart_enabled' => $playback_options['autostart'] ? ' checked="checked"' : '', 'autostart_disabled' => $playback_options['autostart'] ? '' : ' checked="checked"', 'enablecontextmenu_enabled' => $playback_options['enablecontextmenu'] ? ' checked="checked"' : '', 'enablecontextmenu_disabled' => $playback_options['enablecontextmenu'] ? '' : ' checked="checked"', 'showstatusbar_enabled' => $playback_options['showstatusbar'] ? ' checked="checked"' : '', 'showstatusbar_disabled' => $playback_options['showstatusbar'] ? '' : ' checked="checked"', 'loop_enabled' => $playback_options['loop'] ? ' checked="checked"' : '', 'loop_disabled' => $playback_options['loop'] ? '' : ' checked="checked"', 'uimode_select' => $uimode_select, 'uimode' => $playback_options['uimode']));
        $T->parse('playback_options', 'mp3_options');
    }
    if ($row['mime_type'] == 'application/x-shockwave-flash' || $row['mime_type'] == 'video/x-flv') {
        // pull defaults, then override...
        $playback_options['play'] = $_MG_CONF['swf_play'];
        $playback_options['menu'] = $_MG_CONF['swf_menu'];
        $playback_options['quality'] = $_MG_CONF['swf_quality'];
        $playback_options['height'] = $_MG_CONF['swf_height'];
        $playback_options['width'] = $_MG_CONF['swf_width'];
        $playback_options['loop'] = $_MG_CONF['swf_loop'];
        $playback_options['scale'] = $_MG_CONF['swf_scale'];
        $playback_options['wmode'] = $_MG_CONF['swf_wmode'];
        $playback_options['allowscriptaccess'] = $_MG_CONF['swf_allowscriptaccess'];
        $playback_options['bgcolor'] = $_MG_CONF['swf_bgcolor'];
        $playback_options['swf_version'] = $_MG_CONF['swf_version'];
        for ($i = 0; $i < $poNumRows; $i++) {
            $poRow = DB_fetchArray($poResult);
            $playback_options[$poRow['option_name']] = $poRow['option_value'];
        }
        $quality_select = MG_optionlist(array('name' => 'quality', 'current' => $playback_options['quality'], 'values' => array('low' => $LANG_MG07['low'], 'high' => $LANG_MG07['high'])));
        $scale_select = MG_optionlist(array('name' => 'scale', 'current' => $playback_options['scale'], 'values' => array('showall' => $LANG_MG07['showall'], 'noborder' => $LANG_MG07['noborder'], 'exactfit' => $LANG_MG07['exactfit'])));
        $wmode_select = MG_optionlist(array('name' => 'wmode', 'current' => $playback_options['wmode'], 'values' => array('window' => $LANG_MG07['window'], 'opaque' => $LANG_MG07['opaque'], 'transparent' => $LANG_MG07['transparent'])));
        $asa_select = MG_optionlist(array('name' => 'allowscriptaccess', 'current' => $playback_options['allowscriptaccess'], 'values' => array('always' => $LANG_MG07['always'], 'sameDomain' => $LANG_MG07['sameDomain'], 'never' => $LANG_MG07['never'])));
        $T->set_var(array('play_enabled' => $playback_options['play'] ? ' checked="checked"' : '', 'play_disabled' => $playback_options['play'] ? '' : ' checked="checked"', 'menu_enabled' => $playback_options['menu'] ? ' checked="checked"' : '', 'menu_disabled' => $playback_options['menu'] ? '' : ' checked="checked"', 'loop_enabled' => $playback_options['loop'] ? ' checked="checked"' : '', 'loop_disabled' => $playback_options['loop'] ? '' : ' checked="checked"', 'quality_select' => $quality_select, 'scale_select' => $scale_select, 'wmode_select' => $wmode_select, 'asa_select' => $asa_select, 'flashvars' => isset($playback_options['flashvars']) ? $playback_options['flashvars'] : '', 'height' => $playback_options['height'], 'width' => $playback_options['width'], 'bgcolor' => $playback_options['bgcolor'], 'swf_version' => $playback_options['swf_version']));
        if ($row['mime_type'] == 'application/x-shockwave-flash') {
            $T->parse('playback_options', 'swf_options');
        } else {
            $T->parse('playback_options', 'flv_options');
        }
    }
    if ($row['media_mime_ext'] == 'mov' || $row['media_mime_ext'] == 'mp4' || $row['mime_type'] == 'video/quicktime' || $row['mime_type'] == 'video/mpeg') {
        // pull defaults, then override...
        $playback_options['autoref'] = $_MG_CONF['mov_autoref'];
        $playback_options['autoplay'] = $_MG_CONF['mov_autoplay'];
        $playback_options['controller'] = $_MG_CONF['mov_controller'];
        $playback_options['kioskmode'] = isset($_MG_CONF['mov_kioskmod']) ? $_MG_CONF['mov_kiokmode'] : '';
        $playback_options['scale'] = $_MG_CONF['mov_scale'];
        $playback_options['loop'] = $_MG_CONF['mov_loop'];
        $playback_options['height'] = $_MG_CONF['mov_height'];
        $playback_options['width'] = $_MG_CONF['mov_width'];
        $playback_options['bgcolor'] = $_MG_CONF['mov_bgcolor'];
        for ($i = 0; $i < $poNumRows; $i++) {
            $poRow = DB_fetchArray($poResult);
            $playback_options[$poRow['option_name']] = $poRow['option_value'];
        }
        $scale_select = MG_optionlist(array('name' => 'scale', 'current' => $playback_options['scale'], 'values' => array('tofit' => $LANG_MG07['to_fit'], 'aspect' => $LANG_MG07['aspect'], '1' => $LANG_MG07['normal_size'])));
        $T->set_var(array('autoref_enabled' => $playback_options['autoref'] ? ' checked="checked"' : '', 'autoref_disabled' => $playback_options['autoref'] ? '' : ' checked="checked"', 'autoplay_enabled' => $playback_options['autoplay'] ? ' checked="checked"' : '', 'autoplay_disabled' => $playback_options['autoplay'] ? '' : ' checked="checked"', 'controller_enabled' => $playback_options['controller'] ? ' checked="checked"' : '', 'controller_disabled' => $playback_options['controller'] ? '' : ' checked="checked"', 'kioskmode_enabled' => $playback_options['kioskmode'] ? ' checked="checked"' : '', 'kioskmode_disabled' => $playback_options['kioskmode'] ? '' : ' checked="checked"', 'loop_enabled' => $playback_options['loop'] ? ' checked="checked"' : '', 'loop_disabled' => $playback_options['loop'] ? '' : ' checked="checked"', 'height' => $playback_options['height'], 'width' => $playback_options['width'], 'bgcolor' => $playback_options['bgcolor']));
        $T->parse('playback_options', 'mov_options');
    }
    $remoteurl = $row['remote_url'];
    $lang_remote_url = $row['remote_media'] == 1 ? $LANG_MG01['remote_url'] : $LANG_MG01['alternate_url'];
    // user information
    $username = '';
    if (SEC_hasRights('mediagallery.admin')) {
        $username = '******';
        $sql = "SELECT * FROM {$_TABLES['users']} WHERE status=3 AND uid > 1 ORDER BY username ASC";
        $result = DB_query($sql);
        while ($userRow = DB_fetchArray($result)) {
            $username .= '<option value="' . $userRow['uid'] . '"' . ($userRow['uid'] == $row['media_user_id'] ? ' selected="selected"' : '') . '>' . $userRow['username'] . '</option>' . LB;
        }
        $username .= '</select>';
    } else {
        if ($row['media_user_id'] != '') {
            $displayname = $_CONF['show_fullname'] ? 'fullname' : 'username';
            $username = DB_getItem($_TABLES['users'], $displayname, "uid={$row['media_user_id']}");
        }
    }
    $cat_select = '<select name="cat_id" id="cat_id">';
    $cat_select .= '<option value="">' . $LANG_MG01['no_category'] . '</option>';
    $result = DB_query("SELECT * FROM {$_TABLES['mg_category']} ORDER BY cat_id ASC");
    while ($catRow = DB_fetchArray($result)) {
        $cat_select .= '<option value="' . $catRow['cat_id'] . '" ' . ($catRow['cat_id'] == $row['media_category'] ? ' selected="selected"' : '') . '>' . $catRow['cat_name'] . '</option>';
    }
    $cat_select .= '</select>';
    $T->set_var(array('original_filename' => $row['media_original_filename'], 'attach_tn' => $row['media_tn_attached'], 'at_tn_checked' => $row['media_tn_attached'] == 1 ? ' checked="checked"' : '', 'attached_thumbnail' => $attached_thumbnail, 'album_id' => $album_id, 'media_thumbnail' => $thumbnail, 'media_id' => $row['media_id'], 'media_title' => $row['media_title'], 'media_desc' => $row['media_desc'], 'media_time' => $media_time[0], 'media_views' => $row['media_views'], 'media_comments' => $row['media_comments'], 'media_exif_info' => $exif_info, 'media_rating_max' => 5, 'height' => $size[1] + 50, 'width' => $size[0] + 40, 'queue' => $mqueue, 'month_select' => $month_select, 'day_select' => $day_select, 'year_select' => $year_select, 'hour_select' => $hour_select, 'minute_select' => $minute_select, 'user_ip' => $row['media_user_ip'], 'album_select' => $album_jumpbox, 'media_rating' => $row['media_rating'] / 2, 'media_votes' => $row['media_votes'], 's_mode' => 'edit', 's_title' => $LANG_MG01['edit_media'], 's_rotate_right' => $rotate_right, 's_rotate_left' => $rotate_left, 's_form_action' => $actionURL, 'allowed_html' => COM_allowedHTML(), 'site_url' => $_MG_CONF['site_url'], 'preview' => $preview, 'preview_end' => $preview_end, 'rpath' => htmlentities($back, ENT_QUOTES, COM_getCharset()), 'remoteurl' => $remoteurl, 'lang_remote_url' => $lang_remote_url, 'resolution' => $resolution, 'lang_resolution' => $lang_resolution, 'username' => $username, 'cat_select' => $cat_select, 'media_keywords' => $row['media_keywords'], 'artist' => $row['artist'], 'musicalbum' => $row['album'], 'genre' => $row['genre']));
    // language items
    $T->set_var(array('lang_playcount' => $LANG_MG07['playcount'], 'lang_playcount_help' => $LANG_MG07['playcount_help'], 'lang_playback_options' => $LANG_MG07['playback_options'], 'lang_option' => $LANG_MG07['option'], 'lang_description' => $LANG_MG07['description'], 'lang_on' => $LANG_MG07['on'], 'lang_off' => $LANG_MG07['off'], 'lang_auto_start' => $LANG_MG07['auto_start'], 'lang_auto_start_help' => $LANG_MG07['auto_start_help'], 'lang_height' => $LANG_MG07['height'], 'lang_width' => $LANG_MG07['width'], 'lang_height_help' => $LANG_MG07['height_help'], 'lang_width_help' => $LANG_MG07['width_help'], 'lang_enable_context_menu' => $LANG_MG07['enable_context_menu'], 'lang_enable_context_menu_help' => $LANG_MG07['enable_context_menu_help'], 'lang_stretch_to_fit' => $LANG_MG07['stretch_to_fit'], 'lang_stretch_to_fit_help' => $LANG_MG07['stretch_to_fit_help'], 'lang_status_bar' => $LANG_MG07['status_bar'], 'lang_status_bar_help' => $LANG_MG07['status_bar_help'], 'lang_ui_mode' => $LANG_MG07['ui_mode'], 'lang_ui_mode_help' => $LANG_MG07['ui_mode_help'], 'lang_bgcolor' => $LANG_MG07['bgcolor'], 'lang_bgcolor_help' => $LANG_MG07['bgcolor_help'], 'lang_loop' => $LANG_MG07['loop'], 'lang_loop_help' => $LANG_MG07['loop_help'], 'lang_menu' => $LANG_MG07['menu'], 'lang_menu_help' => $LANG_MG07['menu_help'], 'lang_scale' => $LANG_MG07['scale'], 'lang_swf_scale_help' => $LANG_MG07['swf_scale_help'], 'lang_wmode' => $LANG_MG07['wmode'], 'lang_wmode_help' => $LANG_MG07['wmode_help'], 'lang_quality' => $LANG_MG07['quality'], 'lang_quality_help' => $LANG_MG07['quality_help'], 'lang_flash_vars' => $LANG_MG07['flash_vars'], 'lang_asa' => $LANG_MG07['asa'], 'lang_asa_help' => $LANG_MG07['asa_help'], 'lang_swf_version_help' => $LANG_MG07['swf_version_help'], 'lang_auto_ref' => $LANG_MG07['auto_ref'], 'lang_auto_ref_help' => $LANG_MG07['auto_ref_help'], 'lang_controller' => $LANG_MG07['controller'], 'lang_controller_help' => $LANG_MG07['controller_help'], 'lang_kiosk_mode' => $LANG_MG07['kiosk_mode'], 'lang_kiosk_mode_help' => $LANG_MG07['kiosk_mode_help'], 'lang_original_filename' => $LANG_MG01['original_filename'], 'lang_media_item' => $LANG_MG00['media_col_header'], 'lang_media_attributes' => $LANG_MG01['media_attributes'], 'lang_mediaattributes' => $LANG_MG01['mediaattributes'], 'lang_attached_thumbnail' => $LANG_MG01['attached_thumbnail'], 'lang_category' => $LANG_MG01['category'], 'lang_keywords' => $LANG_MG01['keywords'], 'lang_rating' => $LANG_MG03['rating'], 'lang_comments' => $LANG_MG03['comments'], 'lang_votes' => $LANG_MG03['votes'], 'media_edit_title' => $LANG_MG01['media_edit'], 'media_edit_help' => $LANG_MG01['media_edit_help'], 'rotate_left' => $LANG_MG01['rotate_left'], 'rotate_right' => $LANG_MG01['rotate_right'], 'lang_title' => $LANG_MG01['title'], 'albums' => $LANG_MG01['albums'], 'description' => $LANG_MG01['description'], 'capture_time' => $LANG_MG01['capture_time'], 'views' => $LANG_MG03['views'], 'uploaded_by' => $LANG_MG01['uploaded_by'], 'submit' => $LANG_MG01['submit'], 'cancel' => $LANG_MG01['cancel'], 'reset' => $LANG_MG01['reset'], 'lang_save' => $LANG_MG01['save'], 'lang_reset' => $LANG_MG01['reset'], 'lang_cancel' => $LANG_MG01['cancel'], 'lang_delete' => $LANG_MG01['delete'], 'lang_delete_confirm' => $LANG_MG01['delete_item_confirm'], 'lang_reset_rating' => $LANG_MG01['reset_rating'], 'lang_reset_views' => $LANG_MG01['reset_views'], 'lang_replacefile' => $LANG_MG01['replace_file'], 'lang_artist' => $LANG_MG01['artist'], 'lang_genre' => $LANG_MG01['genre'], 'lang_music_album' => $LANG_MG01['music_album']));
    $retval .= $T->finish($T->parse('output', 'admin'));
    return $retval;
}
Ejemplo n.º 12
0
        //$meta_description = stripslashes( DB_getItem( $_TABLES['topics'], 'meta_description', "tid = '$topic'" ));
        //$meta_keywords = stripslashes( DB_getItem( $_TABLES['topics'], 'meta_keywords', "tid = '$topic'" ));
        $header .= COM_createMetaTags($meta_description, $meta_keywords);
    }
} else {
    $header = '<link rel="microsummary" href="' . $_CONF['site_url'] . '/index.php?display=microsummary" title="Microsummary"' . XHTML . '>';
}
$display .= COM_siteHeader('menu', '', $header);
if (isset($_GET['msg'])) {
    $plugin = '';
    if (isset($_GET['plugin'])) {
        $plugin = COM_applyFilter($_GET['plugin']);
    }
    $display .= COM_showMessage(COM_applyFilter($_GET['msg'], true), $plugin);
}
if (SEC_inGroup('Root') && $page == 1) {
    $done = DB_getItem($_TABLES['vars'], 'value', "name = 'security_check'");
    if ($done != 1) {
        /**
         * we don't have the path to the admin directory, so try to figure it
         * out from $_CONF['site_admin_url']
         * @todo FIXME: this duplicates some code from admin/sectest.php
         */
        $adminurl = $_CONF['site_admin_url'];
        if (strrpos($adminurl, '/') == strlen($adminurl)) {
            $adminurl = substr($adminurl, 0, -1);
        }
        $pos = strrpos($adminurl, '/');
        if ($pos === false) {
            // only guessing ...
            $installdir = $_CONF['path_html'] . 'admin/install';
Ejemplo n.º 13
0
        $form_details .= "<b>Created:</b> {$createdDate}<br><b>&nbsp;&nbsp;by:</b> {$createdUser}";
        if ($lastUpdatedDate != 0) {
            $lastUpdatedDate = strftime("%Y-%m-%d %H:%M", $lastUpdatedDate);
            $lastUpdatedUser = COM_getDisplayName($lastUpdatedUid);
            $form_date = "<b>[U]</b> {$lastUpdatedDate}";
            $form_details .= "<br><b>Updated:</b> {$lastUpdatedDate}<br><b>&nbsp;&nbsp;by:</b> {$lastUpdatedUser}";
        }
        $p->set_var('form_details', $form_details);
        // Get last timestamp event for this form
        $q = DB_query("SELECT timestamp FROM {$_TABLES['nf_projecttimestamps']} WHERE project_formid='{$PD['id']}' ORDER BY timestamp DESC limit 1");
        list($timestamp) = DB_fetchArray($q);
        $p->set_var('form_date', strftime("%m-%d-%Y %H:%M:%S", $timestamp));
        $p->set_var('form_status', $CONF_NF['formstatus'][$PD['status']]);
        $p->set_var('form_name', $PD['formtype']);
        $p->set_var('form_url', '#" onClick="nfNewWindow(\'' . sprintf($viewFormURL, $PD['form_id'], $PD['results_id'], $project_id) . '\');"');
        if ($PD['created_by_uid'] == $_USER['uid'] or SEC_inGroup('nexflow Admin')) {
            $edit_link = '<a href="#" onClick="nfNewWindow(\'' . sprintf($editFormURL, $PD['form_id'], $PD['results_id'], $usermodeUID) . '\');">';
            $edit_link .= '<img src="' . $_CONF['layout_url'] . '/nexflow/images/edit.gif" Title="Edit Form" border="0"></a>';
        } else {
            $edit_link = '';
        }
        $p->set_var('edit_link', $edit_link);
        if ($f == 1) {
            $p->parse('form_records', 'projectforms');
        } else {
            $p->parse('form_records', 'projectforms', true);
        }
        $f++;
    }
    // while
}
Ejemplo n.º 14
0
// | of the License, or (at your option) any later version.                   |
// |                                                                          |
// | This program is distributed in the hope that it will be useful,          |
// | but WITHOUT ANY WARRANTY; without even the implied warranty of           |
// | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the            |
// | GNU General Public License for more details.                             |
// |                                                                          |
// | You should have received a copy of the GNU General Public License        |
// | along with this program; if not, write to the Free Software Foundation,  |
// | Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.          |
// |                                                                          |
// +--------------------------------------------------------------------------+
require_once '../../../lib-common.php';
require_once $_CONF['path'] . '/plugins/calendar/autoinstall.php';
USES_lib_install();
if (!SEC_inGroup('Root')) {
    // Someone is trying to illegally access this page
    COM_errorLog("Someone has tried to illegally access the Calendar install/uninstall page.  User id: {$_USER['uid']}, Username: {$_USER['username']}, IP: {$REMOTE_ADDR}", 1);
    $display = COM_siteHeader('menu', $LANG_ACCESS['accessdenied']) . COM_startBlock($LANG_ACCESS['accessdenied']) . $LANG_ACCESS['plugin_access_denied_msg'] . COM_endBlock() . COM_siteFooter();
    echo $display;
    exit;
}
/**
* Main Function
*/
if (SEC_checkToken()) {
    $action = COM_applyFilter($_GET['action']);
    if ($action == 'install') {
        if (plugin_install_calendar()) {
            // Redirects to the plugin editor
            echo COM_refresh($_CONF['site_admin_url'] . '/plugins.php?msg=44');
Ejemplo n.º 15
0
/**
* Displays the contact form
*
* @param    int     $uid        User ID of article author
* @param    string  $subject    Subject of email
* @param    string  $message    Text of message to send
* @return   string              HTML for the contact form
*
*/
function contactform($uid, $subject = '', $message = '')
{
    global $_CONF, $_TABLES, $_USER, $LANG08, $LANG_LOGIN;
    $retval = '';
    if (COM_isAnonUser() && ($_CONF['loginrequired'] == 1 || $_CONF['emailuserloginrequired'] == 1)) {
        $retval = COM_startBlock($LANG_LOGIN[1], '', COM_getBlockTemplate('_msg_block', 'header'));
        $login = new Template($_CONF['path_layout'] . 'submit');
        $login->set_file(array('login' => 'submitloginrequired.thtml'));
        $login->set_var('xhtml', XHTML);
        $login->set_var('site_url', $_CONF['site_url']);
        $login->set_var('site_admin_url', $_CONF['site_admin_url']);
        $login->set_var('layout_url', $_CONF['layout_url']);
        $login->set_var('login_message', $LANG_LOGIN[2]);
        $login->set_var('lang_login', $LANG_LOGIN[3]);
        $login->set_var('lang_newuser', $LANG_LOGIN[4]);
        $login->parse('output', 'login');
        $retval .= $login->finish($login->get_var('output'));
        $retval .= COM_endBlock(COM_getBlockTemplate('_msg_block', 'footer'));
    } else {
        $result = DB_query("SELECT emailfromadmin,emailfromuser FROM {$_TABLES['userprefs']} WHERE uid = '{$uid}'");
        $P = DB_fetchArray($result);
        if (SEC_inGroup('Root') || SEC_hasRights('user.mail')) {
            $isAdmin = true;
        } else {
            $isAdmin = false;
        }
        $displayname = COM_getDisplayName($uid);
        if ($P['emailfromadmin'] == 1 && $isAdmin || $P['emailfromuser'] == 1 && !$isAdmin) {
            $retval = COM_startBlock($LANG08[10] . ' ' . $displayname);
            $mail_template = new Template($_CONF['path_layout'] . 'profiles');
            $mail_template->set_file('form', 'contactuserform.thtml');
            $mail_template->set_var('xhtml', XHTML);
            $mail_template->set_var('site_url', $_CONF['site_url']);
            $mail_template->set_var('lang_description', $LANG08[26]);
            $mail_template->set_var('lang_username', $LANG08[11]);
            if (COM_isAnonUser()) {
                $sender = '';
                if (isset($_POST['author'])) {
                    $sender = strip_tags($_POST['author']);
                    $sender = substr($sender, 0, strcspn($sender, "\r\n"));
                    $sender = htmlspecialchars(trim($sender), ENT_QUOTES);
                }
                $mail_template->set_var('username', $sender);
            } else {
                $mail_template->set_var('username', COM_getDisplayName($_USER['uid'], $_USER['username'], $_USER['fullname']));
            }
            $mail_template->set_var('lang_useremail', $LANG08[12]);
            if (COM_isAnonUser()) {
                $email = '';
                if (isset($_POST['authoremail'])) {
                    $email = strip_tags($_POST['authoremail']);
                    $email = substr($email, 0, strcspn($email, "\r\n"));
                    $email = htmlspecialchars(trim($email), ENT_QUOTES);
                }
                $mail_template->set_var('useremail', $email);
            } else {
                $mail_template->set_var('useremail', $_USER['email']);
            }
            $mail_template->set_var('lang_cc', $LANG08[36]);
            $mail_template->set_var('lang_cc_description', $LANG08[37]);
            $mail_template->set_var('lang_subject', $LANG08[13]);
            $mail_template->set_var('subject', $subject);
            $mail_template->set_var('lang_message', $LANG08[14]);
            $mail_template->set_var('message', htmlspecialchars($message));
            $mail_template->set_var('lang_nohtml', $LANG08[15]);
            $mail_template->set_var('lang_submit', $LANG08[16]);
            $mail_template->set_var('uid', $uid);
            PLG_templateSetVars('contact', $mail_template);
            $mail_template->parse('output', 'form');
            $retval .= $mail_template->finish($mail_template->get_var('output'));
            $retval .= COM_endBlock();
        } else {
            $retval = COM_startBlock($LANG08[10] . ' ' . $displayname, '', COM_getBlockTemplate('_msg_block', 'header'));
            $retval .= $LANG08[35];
            $retval .= COM_endBlock(COM_getBlockTemplate('_msg_block', 'footer'));
        }
    }
    return $retval;
}
Ejemplo n.º 16
0
function MG_indexAll()
{
    global $_USER, $_MG_CONF, $_CONF, $_TABLES, $MG_albums, $LANG_MG00, $LANG_MG01, $LANG_MG02, $LANG_MG03, $themeStyle, $ImageSkin, $sortOrder, $displayColumns, $displayRows, $tnSize, $level, $album_jumpbox;
    $album_id = 0;
    if (isset($_GET['aid'])) {
        $album_id = (int) COM_applyFilter($_GET['aid'], true);
    }
    $page = 0;
    if (isset($_GET['page'])) {
        $page = (int) COM_applyFilter($_GET['page'], true);
    }
    if ($page != 0) {
        $page = $page - 1;
    }
    $lbSlideShow = '';
    $errorMessage = '';
    $columns_per_page = $displayColumns;
    $rows_per_page = $displayRows;
    $media_per_page = $columns_per_page * $rows_per_page;
    // image frame setup
    $nFrame = new mgFrame();
    $nFrame->constructor($ImageSkin);
    $imageFrameTemplate = $nFrame->getTemplate();
    $frWidth = $nFrame->frame['wHL'] + $nFrame->frame['wHR'];
    $frHeight = $nFrame->frame['hVT'] + $nFrame->frame['hVB'];
    $fCSS = $nFrame->getCSS();
    // Let's build our admin menu options
    $showAdminBox = 0;
    $admin_box = '<form name="adminbox" id="adminbox" action="' . $_MG_CONF['site_url'] . '/admin.php" method="get" style="margin:0;padding:0;">' . LB;
    $admin_box .= '<div>';
    $admin_box .= '<select onchange="javascript:forms[\'adminbox\'].submit();" name="mode">' . LB;
    $admin_box .= '<option label="' . $LANG_MG01['options'] . '" value="">' . $LANG_MG01['options'] . '</option>' . LB;
    if (($MG_albums[0]->member_uploads || $MG_albums[0]->access == 3) && (isset($_USER['uid']) && $_USER['uid'] > 1)) {
        $admin_box .= '<option value="upload">' . $LANG_MG01['add_media'] . '</option>' . LB;
        $showAdminBox = 1;
    }
    if ($MG_albums[0]->owner_id) {
        $admin_box .= '<option value="albumsort">' . $LANG_MG01['sort_albums'] . '</option>' . LB;
        $admin_box .= '<option value="globalattr">' . $LANG_MG01['globalattr'] . '</option>' . LB;
        $admin_box .= '<option value="globalperm">' . $LANG_MG01['globalperm'] . '</option>' . LB;
        $queue_count = DB_count($_TABLES['mg_media_album_queue']);
        $admin_box .= '<option value="moderate">' . $LANG_MG01['media_queue'] . ' (' . $queue_count . ')</option>' . LB;
        $admin_box .= '<option value="wmmanage">' . $LANG_MG01['wm_management'] . '</option>' . LB;
        $admin_box .= '<option value="create">' . $LANG_MG01['create_album'] . '</option>' . LB;
        $showAdminBox = 1;
    } elseif ($MG_albums[0]->access == 3) {
        $admin_box .= '<option value="create">' . $LANG_MG01['create_album'] . '</option>' . LB;
        $showAdminBox = 1;
    } elseif ($_MG_CONF['member_albums'] == 1 && (isset($_USER['uid']) && $_USER['uid'] > 1) && $_MG_CONF['member_album_root'] == 0 && $_MG_CONF['member_create_new']) {
        $admin_box .= '<option value="create">' . $LANG_MG01['create_album'] . '</option>' . LB;
        $showAdminBox = 1;
    }
    $admin_box .= '</select>' . LB;
    $admin_box .= '<input type="hidden" name="album_id" value="0"/>' . LB;
    $admin_box .= '&nbsp;<input type="submit" value="' . $LANG_MG03['go'] . '"/>' . LB;
    $admin_box .= '</div>';
    $admin_box .= '</form>';
    if ($showAdminBox == 0) {
        $admin_box = '';
    }
    // construct the album jumpbox...
    $level = 0;
    $album_jumpbox = '<form name="jumpbox" id="jumpbox" action="' . $_MG_CONF['site_url'] . '/album.php' . '" method="get" style="margin:0;padding:0"><div>';
    $album_jumpbox .= $LANG_MG03['jump_to'] . ':&nbsp;<select name="aid" onchange="forms[\'jumpbox\'].submit()">';
    $MG_albums[0]->buildJumpBox(0);
    $album_jumpbox .= '</select>';
    $album_jumpbox .= '&nbsp;<input type="submit" value="' . $LANG_MG03['go'] . '"/>';
    $album_jumpbox .= '<input type="hidden" name="page" value="1"/>';
    $album_jumpbox .= '</div></form>';
    // initialize our variables
    $total_media = 0;
    $arrayCounter = 0;
    $total_object_count = 0;
    $mediaObject = array();
    $begin = $media_per_page * $page;
    $end = $media_per_page;
    $MG_media = array();
    // loop thru all the albums and build a list of valid albums that the user can see
    $first = 0;
    $albumList = getAlbumList($album_id, $first);
    $orderBy = ' ORDER BY m.media_upload_time ' . $sortOrder;
    if ($albumList != '') {
        $sql = "SELECT COUNT(*) AS total FROM {$_TABLES['mg_media_albums']} as ma INNER JOIN " . $_TABLES['mg_media'] . " as m " . " ON ma.media_id=m.media_id WHERE ma.album_id IN (" . $albumList . ") " . $orderBy;
        $result = DB_query($sql);
        $row = DB_fetchArray($result);
        $cCount = $row['total'];
    } else {
        $cCount = 0;
    }
    if ($albumList != '') {
        $sql = "SELECT * FROM {$_TABLES['mg_media_albums']} as ma INNER JOIN " . $_TABLES['mg_media'] . " as m " . " ON ma.media_id=m.media_id WHERE ma.album_id IN (" . $albumList . ") " . $orderBy;
        $sql .= ' LIMIT ' . $begin . ',' . $end;
        $result = DB_query($sql);
        $nRows = DB_numRows($result);
    } else {
        $nRows = 0;
    }
    $mediaRows = 0;
    $lbss_count = 0;
    $posCount = 0;
    if ($nRows > 0) {
        while ($row = DB_fetchArray($result)) {
            $media = new MediaItem();
            $media->constructor($row, $row['album_id']);
            $MG_media[$arrayCounter] = $media;
            $MG_albums[$row['album_id']]->imageFrameTemplate = $imageFrameTemplate;
            $arrayCounter++;
            $mediaRows++;
        }
    }
    $total_media = $total_media + $mediaRows;
    $total_items_in_album = $cCount;
    $total_pages = ceil($total_items_in_album / $media_per_page);
    if ($page >= $total_pages) {
        $page = $total_pages - 1;
    }
    $start = $page * $media_per_page;
    $current_print_page = floor($start / $media_per_page) + 1;
    $total_print_pages = ceil($total_items_in_album / $media_per_page);
    if ($current_print_page == 0) {
        $current_print_page = 1;
    }
    if ($total_print_pages == 0) {
        $total_print_pages = 1;
    }
    // now build the admin select...
    $admin_box = '';
    $admin_box = '<form name="adminbox" id="adminbox" action="' . $_MG_CONF['site_url'] . '/admin.php" method="get" style="margin:0;padding:0">';
    $admin_box .= '<div><input type="hidden" name="album_id" value="' . $album_id . '"/>';
    $admin_box .= '<select name="mode" onchange="forms[\'adminbox\'].submit()">';
    $admin_box .= '<option label="' . $LANG_MG01['options'] . '" value="">' . $LANG_MG01['options'] . '</option>';
    $admin_box .= '<option value="search">' . $LANG_MG01['search'] . '</option>';
    $uploadMenu = 0;
    $adminMenu = 0;
    if ($MG_albums[0]->owner_id) {
        $uploadMenu = 1;
        $adminMenu = 1;
    } else {
        if ($MG_albums[$album_id]->access == 3) {
            $uploadMenu = 1;
            $adminMenu = 1;
            if ($_MG_CONF['member_albums']) {
                if ($_MG_USERPREFS['active'] != 1) {
                    $uploadMenu = 0;
                    $adminMenu = 0;
                } else {
                    $uploadMenu = 1;
                    $adminMenu = 1;
                }
            }
        } else {
            if ($MG_albums[$album_id]->member_uploads == 1 && isset($_USER['uid']) && $_USER['uid'] >= 2) {
                $uploadMenu = 1;
                $adminMenu = 0;
            }
        }
    }
    if ($uploadMenu == 1) {
        $admin_box .= '<option value="upload">' . $LANG_MG01['add_media'] . '</option>';
    }
    if ($adminMenu == 1) {
        $admin_box .= '<option value="create">' . $LANG_MG01['create_album'] . '</option>';
    } elseif ($_MG_CONF['member_albums'] == 1 && !empty($_USER['username']) && $_MG_CONF['member_create_new'] == 1 && $_MG_USERPREFS['active'] == 1 && $album_id == $_MG_CONF['member_album_root']) {
        $admin_box .= '<option value="create">' . $LANG_MG01['create_album'] . '</option>';
        $adminMenu = 1;
    }
    // now check for moderation capabilities....
    if ($MG_albums[$album_id]->member_uploads == 1 && $MG_albums[$album_id]->moderate == 1) {
        // check to see if we are in the album_mod_group
        if (SEC_inGroup($MG_albums[$album_id]->mod_group_id) || $MG_albums[0]->owner_id) {
            $queue_count = DB_count($_TABLES['mg_media_album_queue'], 'album_id', $album_id);
            $admin_box .= '<option value="moderate">' . $LANG_MG01['media_queue'] . ' (' . $queue_count . ')</option>';
            $adminMenu = 1;
        }
    }
    $admin_box .= '</select>';
    $admin_box .= '&nbsp;<input type="submit" value="' . $LANG_MG03['go'] . '" style="padding:0px;margin:0px;"/>';
    $admin_box .= '</div></form>';
    if ($uploadMenu == 0 && $adminMenu == 0) {
        $admin_box = '';
    }
    if ($MG_albums[$album_id]->enable_sort == 1) {
        $sort_box = '<form name="sortbox" id="sortbox" action="' . $_MG_CONF['site_url'] . '/album.php" method="get" style="margin:0;padding:0"><div>';
        $sort_box .= '<input type="hidden" name="aid" value="' . $album_id . '"/>';
        $sort_box .= '<input type="hidden" name="page" value="' . $page . '"/>';
        $sort_box .= $LANG_MG03['sort_by'] . '&nbsp;<select name="sort" onchange="forms[\'sortbox\'].submit()">';
        $sort_box .= '<option value="0" ' . ($sortOrder == 0 ? ' selected="selected" ' : '') . '>' . $LANG_MG03['sort_default'] . '</option>';
        $sort_box .= '<option value="1" ' . ($sortOrder == 1 ? ' selected="selected" ' : '') . '>' . $LANG_MG03['sort_default_asc'] . '</option>';
        $sort_box .= '<option value="2" ' . ($sortOrder == 2 ? ' selected="selected" ' : '') . '>' . $LANG_MG03['sort_upload'] . '</option>';
        $sort_box .= '<option value="3" ' . ($sortOrder == 3 ? ' selected="selected" ' : '') . '>' . $LANG_MG03['sort_upload_asc'] . '</option>';
        $sort_box .= '<option value="4" ' . ($sortOrder == 4 ? ' selected="selected" ' : '') . '>' . $LANG_MG03['sort_capture'] . '</option>';
        $sort_box .= '<option value="5" ' . ($sortOrder == 5 ? ' selected="selected" ' : '') . '>' . $LANG_MG03['sort_capture_asc'] . '</option>';
        $sort_box .= '<option value="6" ' . ($sortOrder == 6 ? ' selected="selected" ' : '') . '>' . $LANG_MG03['sort_rating'] . '</option>';
        $sort_box .= '<option value="7" ' . ($sortOrder == 7 ? ' selected="selected" ' : '') . '>' . $LANG_MG03['sort_rating_asc'] . '</option>';
        $sort_box .= '<option value="8" ' . ($sortOrder == 8 ? ' selected="selected" ' : '') . '>' . $LANG_MG03['sort_views'] . '</option>';
        $sort_box .= '<option value="9" ' . ($sortOrder == 9 ? ' selected="selected" ' : '') . '>' . $LANG_MG03['sort_views_asc'] . '</option>';
        $sort_box .= '<option value="10" ' . ($sortOrder == 10 ? ' selected="selected" ' : '') . '>' . $LANG_MG03['sort_alpha'] . '</option>';
        $sort_box .= '<option value="11" ' . ($sortOrder == 11 ? ' selected="selected" ' : '') . '>' . $LANG_MG03['sort_alpha_asc'] . '</option>';
        $sort_box .= '</select>';
        $sort_box .= '&nbsp;<input type="submit" value="' . $LANG_MG03['go'] . '"/>';
        $sort_box .= '</div></form>';
    } else {
        $sort_box = '';
    }
    $owner_id = $MG_albums[$album_id]->owner_id;
    if ($owner_id == '' || !isset($MG_albums[$album_id]->owner_id)) {
        $owner_id = 0;
    }
    $ownername = DB_getItem($_TABLES['users'], 'username', "uid=" . (int) $owner_id);
    $album_last_update = MG_getUserDateTimeFormat($MG_albums[$album_id]->last_update);
    $T = new Template($_MG_CONF['template_path']);
    $T->set_file(array('page' => 'index-all.thtml'));
    //@TODO fix language tag
    $T->set_var(array('site_url' => $_MG_CONF['site_url'], 'album_title' => "All Photos - Sorted by Post Date", 'table_columns' => $columns_per_page, 'table_column_width' => intval(100 / $columns_per_page) . '%', 'top_pagination' => COM_printPageNavigation($_MG_CONF['site_url'] . '/index.php?aid=' . $album_id, $page + 1, ceil($total_items_in_album / $media_per_page)), 'bottom_pagination' => COM_printPageNavigation($_MG_CONF['site_url'] . '/index.php?aid=' . $album_id, $page + 1, ceil($total_items_in_album / $media_per_page)), 'page_number' => sprintf("%s %d %s %d", $LANG_MG03['page'], $current_print_page, $LANG_MG03['of'], $total_print_pages), 'jumpbox' => $album_jumpbox, 'album_id' => $album_id, 'lbslideshow' => $lbSlideShow, 'album_description' => $MG_albums[$album_id]->display_album_desc ? PLG_replaceTags($MG_albums[$album_id]->description) : '', 'album_id_display' => $MG_albums[0]->owner_id || $_MG_CONF['enable_media_id'] == 1 ? $LANG_MG03['album_id_display'] . $album_id : '', 'select_adminbox' => $admin_box, 'select_sortbox' => $sort_box, 'album_last_update' => $album_last_update[0], 'album_owner' => $ownername, 'media_count' => $MG_albums[$album_id]->getMediaCount(), 'lang_search' => $LANG_MG01['search'], 'table_columns' => $displayColumns));
    $T->set_var('select_adminbox', $admin_box);
    if ($_MG_CONF['rss_full_enabled']) {
        $feedUrl = MG_getFeedUrl($_MG_CONF['rss_feed_name'] . '.rss');
        $rsslink = '<a href="' . $feedUrl . '"' . ' type="application/rss+xml">';
        $rsslink .= '<img src="' . MG_getImageFile('feed.png') . '" alt="" style="border:none;"/></a>';
        $T->set_var('rsslink', $rsslink);
    } else {
        $T->set_var('rsslink', '');
    }
    // completed setting header / footer vars, parse them
    PLG_templateSetVars('mediagallery', $T);
    if ($total_media == 0) {
        $T->set_var(array('lang_no_image' => $LANG_MG03['no_media_objects']));
    }
    //
    // main processing of the album contents.
    //
    $noParse = 0;
    $needFinalParse = 0;
    if ($total_media > 0) {
        $k = 0;
        $T->set_block('page', 'ImageColumn', 'IColumn');
        $T->set_block('page', 'ImageRow', 'IRow');
        for ($i = 0; $i < $media_per_page; $i += $columns_per_page) {
            for ($j = $i; $j < $i + $columns_per_page; $j++) {
                if ($j >= $total_media) {
                    $k = $i + $columns_per_page - $j;
                    $m = $k % $columns_per_page;
                    for ($z = $m; $z > 0; $z--) {
                        $T->set_var(array('CELL_DISPLAY_IMAGE' => ''));
                        $T->parse('IColumn', 'ImageColumn', true);
                        $needFinalParse = 1;
                    }
                    if ($needFinalParse == 1) {
                        $T->parse('IRow', 'ImageRow', true);
                        $T->set_var('IColumn', '');
                    }
                    $noParse = 1;
                    break;
                }
                $previous_image = $i - 1;
                if ($previous_image < 0) {
                    $previous_image = -1;
                }
                $next_image = $i + 1;
                if ($next_image >= $total_media - 1) {
                    $next_image = -1;
                }
                $z = $j + $start;
                $celldisplay = $MG_media[$j]->displayThumb($z, 0, $imageFrameTemplate);
                if ($MG_media[$j]->type == 1) {
                    $PhotoURL = $_MG_CONF['mediaobjects_url'] . '/disp/' . $MG_media[$j]->filename[0] . '/' . $MG_media[$j]->filename . '.jpg';
                    $T->set_var(array('URL' => $PhotoURL));
                }
                $T->set_var(array('CELL_DISPLAY_IMAGE' => $celldisplay));
                $T->parse('IColumn', 'ImageColumn', true);
            }
            if ($noParse == 1) {
                break;
            }
            $T->parse('IRow', 'ImageRow', true);
            $T->set_var('IColumn', '');
        }
    }
    $T->parse('output', 'page');
    $fCSS = $nFrame->getCSS();
    if ($fCSS != '') {
        $outputHandle = outputHandler::getInstance();
        $outputHandle->addStyle($fCSS);
    }
    $display = MG_siteHeader(strip_tags($MG_albums[$album_id]->title));
    $display .= $T->finish($T->get_var('output'));
    $display .= MG_siteFooter();
    echo $display;
}
Ejemplo n.º 17
0
// +---------------------------------------------------------------------------+
require_once './include/security.inc';
if (!GUS_HasAccess()) {
    exit;
}
require_once './include/sql.inc';
require_once './include/util.inc';
/* 
* Main Function
*/
// Check for cached file
if (file_exists(GUS_cachefile()) and date('Yn') !== $year . $month) {
    $display = GUS_getcache();
} else {
    // no cached version found - generate page
    if (SEC_inGroup('Root') or SEC_hasRights('gus.view')) {
        $T = GUS_template_start('daily.thtml');
    } else {
        $T = GUS_template_start('daily-a.thtml');
    }
    $T->set_var('additional_nav', GUS_make_nav($day, $month, $year));
    $T->set_block('page', 'ROW', 'ABlock');
    $T->set_var(array('stats_name' => 'gus', 'site_url' => $_CONF['site_url'], 'period_title' => $LANG_GUS00['day_title'], 'anon_title' => $LANG_GUS00['anon_title'], 'reg_title' => $LANG_GUS00['reg_title'], 'page_title' => $LANG_GUS00['page_title'], 'story_title' => $LANG_GUS00['new_stories'], 'comm_title' => $LANG_GUS00['new_comments'], 'link_title' => $LANG_GUS00['link_title']));
    $anon = 0;
    $reg = 0;
    $pages = 0;
    $stories = 0;
    $comments = 0;
    $linksf = 0;
    $days = Date('t', mktime(0, 0, 0, $month, 1, $year));
    // special case for this month - don't show days in the future
Ejemplo n.º 18
0
/**
 * Checks if current user has access to the given object
 * This function takes the access info from a Geeklog object
 * and let's us know if they have access to the object
 * returns 3 for read/edit, 2 for read only and 0 for no
 * access
 *
 * @param        int $owner_id     ID of the owner of object
 * @param        int $group_id     ID of group object belongs to
 * @param        int $perm_owner   Permissions the owner has
 * @param        int $perm_group   Permissions the gorup has
 * @param        int $perm_members Permissions logged in members have
 * @param        int $perm_anon    Permissions anonymous users have
 * @param        int $uid          User id or 0 = current user
 * @return       int     returns 3 for read/edit 2 for read only 0 for no access
 */
function SEC_hasAccess($owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon, $uid = 0)
{
    global $_USER;
    if ($uid == 0) {
        // Cache current user id
        if (empty($_USER['uid'])) {
            $uid = 1;
        } else {
            $uid = $_USER['uid'];
        }
    }
    // If user is in Root group then return full access
    if (SEC_inGroup('Root', $uid)) {
        return 3;
    }
    // If user is owner then return 1 now
    if ($uid == $owner_id) {
        return $perm_owner;
    }
    // Not private, if user is in group then give access
    if (SEC_inGroup($group_id, $uid)) {
        return $perm_group;
    } else {
        if ($uid == 1) {
            // This is an anonymous user, return it's rights
            return $perm_anon;
        } else {
            // This is a logged in member, return their rights
            return $perm_members;
        }
    }
}
Ejemplo n.º 19
0
// | of the License, or (at your option) any later version.                   |
// |                                                                          |
// | This program is distributed in the hope that it will be useful,          |
// | but WITHOUT ANY WARRANTY; without even the implied warranty of           |
// | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the            |
// | GNU General Public License for more details.                             |
// |                                                                          |
// | You should have received a copy of the GNU General Public License        |
// | along with this program; if not, write to the Free Software Foundation,  |
// | Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.          |
// |                                                                          |
// +--------------------------------------------------------------------------+
require_once '../../../lib-common.php';
require_once '../../auth.inc.php';
$display = '';
if (!SEC_inGroup('Bad Behavior2 Admin')) {
    $display .= COM_siteHeader('menu');
    $display .= COM_showMessageText($LANG20[6], $LANG20[1], true);
    $display .= COM_siteFooter();
    echo $display;
    exit;
}
USES_lib_admin();
require_once $_CONF['path_html'] . '/bad_behavior2/bad-behavior-glfusion.php';
/**
* List logged requests
*
* @param    int     $page   page number
* @return   string          HTML for list of entries
*
*/
Ejemplo n.º 20
0
 /**
  * Modifies template location to prevent non-Root users from seeing it
  *
  * @param    string $location
  * @return   string   If the current user is in the Root group, $location is
  *                    unchanged.  Otherwise, $location is changed into a path
  *                    relative to $_CONF['path_layout'].
  */
 protected function _modifyTemplateLocation($location)
 {
     global $_CONF;
     static $switch = null;
     if ($switch === null) {
         $switch = $this->debug > 0 && SEC_inGroup('Root');
     }
     if (!$switch) {
         $location = str_ireplace($_CONF['path_layout'], '', $location);
     }
     return $location;
 }
Ejemplo n.º 21
0
/**
* Shows story editor
*
* Displays the story entry form
*
* @param    string      $sid            ID of story to edit
* @param    string      $mode           'preview', 'edit', 'editsubmission', 'clone'
* @param    string      $errormsg       a message to display on top of the page
* @return   string      HTML for story editor
*
*/
function storyeditor($sid = '', $mode = '', $errormsg = '')
{
    global $_CONF, $_TABLES, $_USER, $LANG24, $LANG_ACCESS, $LANG_ADMIN, $MESSAGE, $_SCRIPTS, $LANG_DIRECTION, $LANG_MONTH, $LANG_WEEK;
    $display = '';
    if (!isset($_CONF['hour_mode'])) {
        $_CONF['hour_mode'] = 12;
    }
    if (!empty($errormsg)) {
        $display .= COM_showMessageText($errormsg, $LANG24[25]);
    }
    $story = new Story();
    if ($mode == 'preview') {
        // Handle Magic GPC Garbage:
        while (list($key, $value) = each($_POST)) {
            if (!is_array($value)) {
                $_POST[$key] = COM_stripslashes($value);
            } else {
                while (list($subkey, $subvalue) = each($value)) {
                    $value[$subkey] = COM_stripslashes($subvalue);
                }
            }
        }
        $result = $story->loadFromArgsArray($_POST);
        if ($_CONF['maximagesperarticle'] > 0) {
            $errors = $story->checkAttachedImages();
            if (count($errors) > 0) {
                $msg = $LANG24[55] . LB . '<ul>' . LB;
                foreach ($errors as $err) {
                    $msg .= '<li>' . $err . '</li>' . LB;
                }
                $msg .= '</ul>' . LB;
                $display .= COM_showMessageText($msg, $LANG24[54]);
            }
        }
    } else {
        $result = $story->loadFromDatabase($sid, $mode);
    }
    if ($result == STORY_PERMISSION_DENIED || $result == STORY_NO_ACCESS_PARAMS) {
        $display .= COM_showMessageText($LANG24[42], $LANG_ACCESS['accessdenied']);
        COM_accessLog("User {$_USER['username']} tried to illegally access story {$sid}.");
        return $display;
    } elseif ($result == STORY_EDIT_DENIED || $result == STORY_EXISTING_NO_EDIT_PERMISSION) {
        $display .= COM_showMessageText($LANG24[41], $LANG_ACCESS['accessdenied']);
        $display .= STORY_renderArticle($story, 'p');
        COM_accessLog("User {$_USER['username']} tried to illegally edit story {$sid}.");
        return $display;
    } elseif ($result == STORY_INVALID_SID) {
        if ($mode == 'editsubmission') {
            // that submission doesn't seem to be there any more (may have been
            // handled by another Admin) - take us back to the moderation page
            return COM_refresh($_CONF['site_admin_url'] . '/moderation.php');
        } else {
            return COM_refresh($_CONF['site_admin_url'] . '/story.php');
        }
    } elseif ($result == STORY_DUPLICATE_SID) {
        $display .= COM_showMessageText($LANG24[24]);
    }
    // Load HTML templates
    $story_templates = COM_newTemplate($_CONF['path_layout'] . 'admin/story');
    if ($_CONF['advanced_editor'] && $_USER['advanced_editor']) {
        $story_templates->set_file(array('editor' => 'storyeditor_advanced.thtml'));
        $advanced_editormode = true;
        $story_templates->set_var('change_editormode', 'onchange="change_editmode(this);"');
        require_once $_CONF['path_system'] . 'classes/navbar.class.php';
        $story_templates->set_var('show_preview', 'none');
        $story_templates->set_var('lang_expandhelp', $LANG24[67]);
        $story_templates->set_var('lang_reducehelp', $LANG24[68]);
        $story_templates->set_var('lang_publishdate', $LANG24[69]);
        $story_templates->set_var('lang_toolbar', $LANG24[70]);
        $story_templates->set_var('toolbar1', $LANG24[71]);
        $story_templates->set_var('toolbar2', $LANG24[72]);
        $story_templates->set_var('toolbar3', $LANG24[73]);
        $story_templates->set_var('toolbar4', $LANG24[74]);
        $story_templates->set_var('toolbar5', $LANG24[75]);
        if ($story->EditElements('advanced_editor_mode') == 1 or $story->EditElements('postmode') == 'adveditor') {
            $story_templates->set_var('show_texteditor', 'none');
            $story_templates->set_var('show_htmleditor', '');
        } else {
            $story_templates->set_var('show_texteditor', '');
            $story_templates->set_var('show_htmleditor', 'none');
        }
    } else {
        $story_templates->set_file(array('editor' => 'storyeditor.thtml'));
        $advanced_editormode = false;
    }
    $story_templates->set_var('hour_mode', $_CONF['hour_mode']);
    if ($story->hasContent()) {
        $previewContent = STORY_renderArticle($story, 'p');
        if ($advanced_editormode and $previewContent != '') {
            $story_templates->set_var('preview_content', $previewContent);
        } elseif ($previewContent != '') {
            $display .= COM_startBlock($LANG24[26], '', COM_getBlockTemplate('_admin_block', 'header'));
            $display .= $previewContent;
            $display .= COM_endBlock(COM_getBlockTemplate('_admin_block', 'footer'));
        }
    }
    if ($advanced_editormode) {
        $navbar = new navbar();
        if (!empty($previewContent)) {
            $navbar->add_menuitem($LANG24[79], 'showhideEditorDiv("preview",0);return false;', true);
            $navbar->add_menuitem($LANG24[80], 'showhideEditorDiv("editor",1);return false;', true);
            $navbar->add_menuitem($LANG24[81], 'showhideEditorDiv("publish",2);return false;', true);
            $navbar->add_menuitem($LANG24[82], 'showhideEditorDiv("images",3);return false;', true);
            $navbar->add_menuitem($LANG24[83], 'showhideEditorDiv("archive",4);return false;', true);
            $navbar->add_menuitem($LANG24[84], 'showhideEditorDiv("perms",5);return false;', true);
            $navbar->add_menuitem($LANG24[85], 'showhideEditorDiv("all",6);return false;', true);
        } else {
            $navbar->add_menuitem($LANG24[80], 'showhideEditorDiv("editor",0);return false;', true);
            $navbar->add_menuitem($LANG24[81], 'showhideEditorDiv("publish",1);return false;', true);
            $navbar->add_menuitem($LANG24[82], 'showhideEditorDiv("images",2);return false;', true);
            $navbar->add_menuitem($LANG24[83], 'showhideEditorDiv("archive",3);return false;', true);
            $navbar->add_menuitem($LANG24[84], 'showhideEditorDiv("perms",4);return false;', true);
            $navbar->add_menuitem($LANG24[85], 'showhideEditorDiv("all",5);return false;', true);
        }
        if ($mode == 'preview') {
            $story_templates->set_var('show_preview', '');
            $story_templates->set_var('show_htmleditor', 'none');
            $story_templates->set_var('show_texteditor', 'none');
            $story_templates->set_var('show_submitoptions', 'none');
            $navbar->set_selected($LANG24[79]);
        } else {
            $navbar->set_selected($LANG24[80]);
        }
        $story_templates->set_var('navbar', $navbar->generate());
    }
    $oldsid = $story->EditElements('originalSid');
    if (!empty($oldsid) && $mode != 'clone') {
        $delbutton = '<input type="submit" value="' . $LANG_ADMIN['delete'] . '" name="mode"%s' . XHTML . '>';
        $jsconfirm = ' onclick="return confirm(\'' . $MESSAGE[76] . '\');"';
        $story_templates->set_var('delete_option', sprintf($delbutton, $jsconfirm));
        $story_templates->set_var('delete_option_no_confirmation', sprintf($delbutton, ''));
    }
    if ($mode == 'editsubmission' || $story->type == 'submission') {
        $story_templates->set_var('submission_option', '<input type="hidden" name="type" value="submission"' . XHTML . '>');
    }
    $story_templates->set_var('lang_author', $LANG24[7]);
    $storyauthor = COM_getDisplayName($story->EditElements('uid'));
    $story_templates->set_var('story_author', $storyauthor);
    $story_templates->set_var('author', $storyauthor);
    $story_templates->set_var('story_uid', $story->EditElements('uid'));
    // user access info
    $story_templates->set_var('lang_accessrights', $LANG_ACCESS['accessrights']);
    $story_templates->set_var('lang_owner', $LANG_ACCESS['owner']);
    $ownername = COM_getDisplayName($story->EditElements('owner_id'));
    $story_templates->set_var('owner_username', DB_getItem($_TABLES['users'], 'username', 'uid = ' . $story->EditElements('owner_id')));
    $story_templates->set_var('owner_name', $ownername);
    $story_templates->set_var('owner', $ownername);
    $story_templates->set_var('owner_id', $story->EditElements('owner_id'));
    $story_templates->set_var('lang_group', $LANG_ACCESS['group']);
    $story_templates->set_var('group_dropdown', SEC_getGroupDropdown($story->EditElements('group_id'), 3));
    $story_templates->set_var('lang_permissions', $LANG_ACCESS['permissions']);
    $story_templates->set_var('lang_perm_key', $LANG_ACCESS['permissionskey']);
    $story_templates->set_var('permissions_editor', SEC_getPermissionsHTML($story->EditElements('perm_owner'), $story->EditElements('perm_group'), $story->EditElements('perm_members'), $story->EditElements('perm_anon')));
    $story_templates->set_var('permissions_msg', $LANG_ACCESS['permmsg']);
    $story_templates->set_var('lang_permissions_msg', $LANG_ACCESS['permmsg']);
    $curtime = COM_getUserDateTimeFormat($story->EditElements('date'));
    $story_templates->set_var('lang_date', $LANG24[15]);
    $story_templates->set_var('publish_second', $story->EditElements('publish_second'));
    $publish_ampm = '';
    $publish_hour = $story->EditElements('publish_hour');
    if ($publish_hour >= 12) {
        if ($publish_hour > 12) {
            $publish_hour = $publish_hour - 12;
        }
        $ampm = 'pm';
    } else {
        $ampm = 'am';
    }
    $ampm_select = COM_getAmPmFormSelection('publish_ampm', $ampm);
    $story_templates->set_var('publishampm_selection', $ampm_select);
    $month_options = COM_getMonthFormOptions($story->EditElements('publish_month'));
    $story_templates->set_var('publish_month_options', $month_options);
    $day_options = COM_getDayFormOptions($story->EditElements('publish_day'));
    $story_templates->set_var('publish_day_options', $day_options);
    $year_options = COM_getYearFormOptions($story->EditElements('publish_year'));
    $story_templates->set_var('publish_year_options', $year_options);
    if ($_CONF['hour_mode'] == 24) {
        $hour_options = COM_getHourFormOptions($story->EditElements('publish_hour'), 24);
    } else {
        $hour_options = COM_getHourFormOptions($publish_hour);
    }
    $story_templates->set_var('publish_hour_options', $hour_options);
    $minute_options = COM_getMinuteFormOptions($story->EditElements('publish_minute'));
    $story_templates->set_var('publish_minute_options', $minute_options);
    $story_templates->set_var('publish_date_explanation', $LANG24[46]);
    $story_templates->set_var('story_unixstamp', $story->EditElements('unixdate'));
    $story_templates->set_var('expire_second', $story->EditElements('expire_second'));
    $expire_ampm = '';
    $expire_hour = $story->EditElements('expire_hour');
    if ($expire_hour >= 12) {
        if ($expire_hour > 12) {
            $expire_hour = $expire_hour - 12;
        }
        $ampm = 'pm';
    } else {
        $ampm = 'am';
    }
    $ampm_select = COM_getAmPmFormSelection('expire_ampm', $ampm);
    if (empty($ampm_select)) {
        // have a hidden field to 24 hour mode to prevent JavaScript errors
        $ampm_select = '<input type="hidden" name="expire_ampm" value=""' . XHTML . '>';
    }
    $story_templates->set_var('expireampm_selection', $ampm_select);
    $month_options = COM_getMonthFormOptions($story->EditElements('expire_month'));
    $story_templates->set_var('expire_month_options', $month_options);
    $day_options = COM_getDayFormOptions($story->EditElements('expire_day'));
    $story_templates->set_var('expire_day_options', $day_options);
    $year_options = COM_getYearFormOptions($story->EditElements('expire_year'));
    $story_templates->set_var('expire_year_options', $year_options);
    if ($_CONF['hour_mode'] == 24) {
        $hour_options = COM_getHourFormOptions($story->EditElements('expire_hour'), 24);
    } else {
        $hour_options = COM_getHourFormOptions($expire_hour);
    }
    $story_templates->set_var('expire_hour_options', $hour_options);
    $minute_options = COM_getMinuteFormOptions($story->EditElements('expire_minute'));
    $story_templates->set_var('expire_minute_options', $minute_options);
    $story_templates->set_var('expire_date_explanation', $LANG24[46]);
    $story_templates->set_var('story_unixstamp', $story->EditElements('expirestamp'));
    $atopic = DB_getItem($_TABLES['topics'], 'tid', "archive_flag = 1");
    $have_archive_topic = empty($atopic) ? false : true;
    if ($story->EditElements('statuscode') == STORY_ARCHIVE_ON_EXPIRE) {
        $story_templates->set_var('is_checked2', 'checked="checked"');
        $story_templates->set_var('is_checked3', 'checked="checked"');
        $js_showarchivedisabled = 'false';
        $have_archive_topic = true;
        // force display of auto archive option
    } elseif ($story->EditElements('statuscode') == STORY_DELETE_ON_EXPIRE) {
        $story_templates->set_var('is_checked2', 'checked="checked"');
        $story_templates->set_var('is_checked4', 'checked="checked"');
        if (!$have_archive_topic) {
            $story_templates->set_var('is_checked3', 'style="display:none;"');
        }
        $js_showarchivedisabled = 'false';
    } else {
        if (!$have_archive_topic) {
            $story_templates->set_var('is_checked3', 'style="display:none;"');
        }
        $js_showarchivedisabled = 'true';
    }
    $story_templates->set_var('lang_archivetitle', $LANG24[58]);
    $story_templates->set_var('lang_option', $LANG24[59]);
    $story_templates->set_var('lang_enabled', $LANG_ADMIN['enabled']);
    $story_templates->set_var('lang_story_stats', $LANG24[87]);
    if ($have_archive_topic) {
        $story_templates->set_var('lang_optionarchive', $LANG24[61]);
    } else {
        $story_templates->set_var('lang_optionarchive', '');
    }
    $story_templates->set_var('lang_optiondelete', $LANG24[62]);
    $story_templates->set_var('lang_title', $LANG_ADMIN['title']);
    $story_templates->set_var('story_title', $story->EditElements('title'));
    $story_templates->set_var('lang_page_title', $LANG_ADMIN['page_title']);
    $story_templates->set_var('page_title', $story->EditElements('page_title'));
    $story_templates->set_var('lang_metadescription', $LANG_ADMIN['meta_description']);
    $story_templates->set_var('meta_description', $story->EditElements('meta_description'));
    $story_templates->set_var('lang_metakeywords', $LANG_ADMIN['meta_keywords']);
    $story_templates->set_var('meta_keywords', $story->EditElements('meta_keywords'));
    if ($_CONF['meta_tags'] > 0) {
        $story_templates->set_var('hide_meta', '');
    } else {
        $story_templates->set_var('hide_meta', ' style="display:none;"');
    }
    $story_templates->set_var('lang_topic', $LANG_ADMIN['topic']);
    if ($mode == 'preview') {
        $tlist = TOPIC_getTopicSelectionControl('article', '', false, true, true);
    } else {
        $tlist = TOPIC_getTopicSelectionControl('article', $oldsid, false, true, true);
    }
    if (empty($tlist)) {
        $display .= COM_showMessage(101);
        return $display;
    }
    $story_templates->set_var('topic_selection', $tlist);
    $story_templates->set_var('lang_show_topic_icon', $LANG24[56]);
    if ($story->EditElements('show_topic_icon') == 1) {
        $story_templates->set_var('show_topic_icon_checked', 'checked="checked"');
    } else {
        $story_templates->set_var('show_topic_icon_checked', '');
    }
    $story_templates->set_var('lang_cachetime', $LANG24['cache_time']);
    $story_templates->set_var('lang_cachetime_desc', $LANG24['cache_time_desc']);
    $story_templates->set_var('cache_time', $story->EditElements('cache_time'));
    $story_templates->set_var('lang_draft', $LANG24[34]);
    if ($story->EditElements('draft_flag')) {
        $story_templates->set_var('is_checked', 'checked="checked"');
    }
    $story_templates->set_var('lang_mode', $LANG24[3]);
    $story_templates->set_var('status_options', COM_optionList($_TABLES['statuscodes'], 'code,name', $story->EditElements('statuscode')));
    $story_templates->set_var('comment_options', COM_optionList($_TABLES['commentcodes'], 'code,name', $story->EditElements('commentcode')));
    $story_templates->set_var('trackback_options', COM_optionList($_TABLES['trackbackcodes'], 'code,name', $story->EditElements('trackbackcode')));
    // comment expire
    $story_templates->set_var('lang_cmt_disable', $LANG24[63]);
    if ($story->EditElements('cmt_close')) {
        $story_templates->set_var('is_checked5', 'checked="checked"');
        $js_showcmtclosedisabled = 'false';
    } else {
        $js_showcmtclosedisabled = 'true';
    }
    $month_options = COM_getMonthFormOptions($story->EditElements('cmt_close_month'));
    $story_templates->set_var('cmt_close_month_options', $month_options);
    $day_options = COM_getDayFormOptions($story->EditElements('cmt_close_day'));
    $story_templates->set_var('cmt_close_day_options', $day_options);
    // ensure that the year dropdown includes the close year
    $endtm = mktime(0, 0, 0, date('m'), date('d') + $_CONF['article_comment_close_days'], date('Y'));
    $yoffset = date('Y', $endtm) - date('Y');
    $close_year = $story->EditElements('cmt_close_year');
    if ($yoffset < -1) {
        $year_options = COM_getYearFormOptions($close_year, $yoffset);
    } elseif ($yoffset > 5) {
        $year_options = COM_getYearFormOptions($close_year, -1, $yoffset);
    } else {
        $year_options = COM_getYearFormOptions($close_year);
    }
    $story_templates->set_var('cmt_close_year_options', $year_options);
    $cmt_close_ampm = '';
    $cmt_close_hour = $story->EditElements('cmt_close_hour');
    //correct hour
    if ($cmt_close_hour >= 12) {
        if ($cmt_close_hour > 12) {
            $cmt_close_hour = $cmt_close_hour - 12;
        }
        $ampm = 'pm';
    } else {
        $ampm = 'am';
    }
    $ampm_select = COM_getAmPmFormSelection('cmt_close_ampm', $ampm);
    if (empty($ampm_select)) {
        // have a hidden field to 24 hour mode to prevent JavaScript errors
        $ampm_select = '<input type="hidden" name="cmt_close_ampm" value=""' . XHTML . '>';
    }
    $story_templates->set_var('cmt_close_ampm_selection', $ampm_select);
    if ($_CONF['hour_mode'] == 24) {
        $hour_options = COM_getHourFormOptions($story->EditElements('cmt_close_hour'), 24);
    } else {
        $hour_options = COM_getHourFormOptions($cmt_close_hour);
    }
    $story_templates->set_var('cmt_close_hour_options', $hour_options);
    $minute_options = COM_getMinuteFormOptions($story->EditElements('cmt_close_minute'));
    $story_templates->set_var('cmt_close_minute_options', $minute_options);
    $story_templates->set_var('cmt_close_second', $story->EditElements('cmt_close_second'));
    if ($_CONF['onlyrootfeatures'] == 1 && SEC_inGroup('Root') or $_CONF['onlyrootfeatures'] !== 1) {
        $featured_options = "<select name=\"featured\">" . LB . COM_optionList($_TABLES['featurecodes'], 'code,name', $story->EditElements('featured')) . "</select>" . LB;
    } else {
        $featured_options = "<input type=\"hidden\" name=\"featured\" value=\"0\"" . XHTML . ">";
    }
    $story_templates->set_var('featured_options', $featured_options);
    $story_templates->set_var('frontpage_options', COM_optionList($_TABLES['frontpagecodes'], 'code,name', $story->EditElements('frontpage')));
    $story_templates->set_var('story_introtext', $story->EditElements('introtext'));
    $story_templates->set_var('story_bodytext', $story->EditElements('bodytext'));
    $story_templates->set_var('lang_introtext', $LANG24[16]);
    $story_templates->set_var('lang_bodytext', $LANG24[17]);
    $story_templates->set_var('lang_postmode', $LANG24[4]);
    $story_templates->set_var('lang_publishoptions', $LANG24[76]);
    $story_templates->set_var('noscript', COM_getNoScript(false, $LANG24[77], sprintf($LANG24[78], $_CONF['site_admin_url'], $sid)));
    $postmode = $story->EditElements('postmode');
    if ($_CONF['advanced_editor'] && $_USER['advanced_editor']) {
        if ($story->EditElements('advanced_editor_mode') == 1 or $story->EditElements('postmode') == 'adveditor') {
            $postmode = '';
        }
    }
    $post_options = COM_optionList($_TABLES['postmodes'], 'code,name', $postmode);
    $postmode_list = 'plaintext,html';
    // If Advanced Mode - add post option and set default if editing story created with Advanced Editor
    if ($_CONF['advanced_editor'] && $_USER['advanced_editor']) {
        $postmode_list .= ',adveditor';
        if ($story->EditElements('advanced_editor_mode') == 1 or $story->EditElements('postmode') == 'adveditor') {
            $post_options .= '<option value="adveditor" selected="selected">' . $LANG24[86] . '</option>';
        } else {
            $post_options .= '<option value="adveditor">' . $LANG24[86] . '</option>';
        }
    }
    if ($_CONF['wikitext_editor']) {
        $postmode_list .= ',wikitext';
        if ($story->EditElements('postmode') == 'wikitext') {
            $post_options .= '<option value="wikitext" selected="selected">' . $LANG24[88] . '</option>';
        } else {
            $post_options .= '<option value="wikitext">' . $LANG24[88] . '</option>';
        }
    }
    $story_templates->set_var('post_options', $post_options);
    $postmode_array = explode(',', $postmode_list);
    $allowed_html = '';
    foreach ($postmode_array as $pm) {
        $allowed_html .= COM_allowedHTML('story.edit', false, 1, $pm);
    }
    $allowed_tags = array('code', 'raw');
    if ($_CONF['allow_page_breaks'] == 1) {
        $allowed_tags = array_merge($allowed_tags, array('page_break'));
    }
    $allowed_html .= COM_allowedAutotags(false, $allowed_tags);
    $story_templates->set_var('lang_allowed_html', $allowed_html);
    $fileinputs = '';
    $saved_images = '';
    if ($_CONF['maximagesperarticle'] > 0) {
        $story_templates->set_var('lang_images', $LANG24[47]);
        $icount = DB_count($_TABLES['article_images'], 'ai_sid', $story->getSid());
        if ($icount > 0) {
            $result_articles = DB_query("SELECT * FROM {$_TABLES['article_images']} WHERE ai_sid = '" . $story->getSid() . "'");
            for ($z = 1; $z <= $icount; $z++) {
                $I = DB_fetchArray($result_articles);
                $saved_images .= $z . ') ' . COM_createLink($I['ai_filename'], $_CONF['site_url'] . '/images/articles/' . $I['ai_filename']) . '&nbsp;&nbsp;&nbsp;' . $LANG_ADMIN['delete'] . ': <input type="checkbox" name="delete[' . $I['ai_img_num'] . ']"' . XHTML . '><br' . XHTML . '>';
            }
        }
        $newallowed = $_CONF['maximagesperarticle'] - $icount;
        for ($z = $icount + 1; $z <= $_CONF['maximagesperarticle']; $z++) {
            $fileinputs .= $z . ') <input type="file" dir="ltr" name="file' . $z . '"' . XHTML . '>';
            if ($z < $_CONF['maximagesperarticle']) {
                $fileinputs .= '<br' . XHTML . '>';
            }
        }
        $fileinputs .= '<br' . XHTML . '>' . $LANG24[51];
        if ($_CONF['allow_user_scaling'] == 1) {
            $fileinputs .= $LANG24[27];
        }
        $fileinputs .= $LANG24[28] . '<br' . XHTML . '>';
    }
    // Add JavaScript
    $_SCRIPTS->setJavaScriptFile('story_editor', '/javascript/story_editor.js');
    if ($_CONF['titletoid']) {
        $_SCRIPTS->setJavaScriptFile('title_2_id', '/javascript/title_2_id.js');
        $story_templates->set_var('titletoid', true);
    }
    $_SCRIPTS->setJavaScriptFile('postmode_control', '/javascript/postmode_control.js');
    // Loads jQuery UI datepicker and timepicker-addon
    $_SCRIPTS->setJavaScriptLibrary('jquery.ui.slider');
    //    $_SCRIPTS->setJavaScriptLibrary('jquery.ui.button');
    $_SCRIPTS->setJavaScriptLibrary('jquery.ui.datepicker');
    $_SCRIPTS->setJavaScriptLibrary('jquery-ui-i18n');
    $_SCRIPTS->setJavaScriptLibrary('jquery-ui-timepicker-addon');
    $_SCRIPTS->setJavaScriptLibrary('jquery-ui-timepicker-addon-i18n');
    //    $_SCRIPTS->setJavaScriptLibrary('jquery-ui-slideraccess');
    $_SCRIPTS->setJavaScriptFile('datetimepicker', '/javascript/datetimepicker.js');
    $langCode = COM_getLangIso639Code();
    $toolTip = $MESSAGE[118];
    $imgUrl = $_CONF['site_url'] . '/images/calendar.png';
    $_SCRIPTS->setJavaScript("jQuery(function () {" . "  geeklog.hour_mode = {$_CONF['hour_mode']};" . "  geeklog.datetimepicker.set('publish', '{$langCode}', '{$toolTip}', '{$imgUrl}');" . "  geeklog.datetimepicker.set('expire', '{$langCode}', '{$toolTip}', '{$imgUrl}');" . "  geeklog.datetimepicker.set('cmt_close', '{$langCode}', '{$toolTip}', '{$imgUrl}');" . "});", TRUE, TRUE);
    // Setup Advanced Editor
    COM_setupAdvancedEditor('/javascript/storyeditor_adveditor.js');
    $story_templates->set_var('saved_images', $saved_images);
    $story_templates->set_var('image_form_elements', $fileinputs);
    $story_templates->set_var('lang_hits', $LANG24[18]);
    $story_templates->set_var('story_hits', $story->EditElements('hits'));
    $story_templates->set_var('lang_comments', $LANG24[19]);
    $story_templates->set_var('story_comments', $story->EditElements('comments'));
    $story_templates->set_var('lang_trackbacks', $LANG24[29]);
    $story_templates->set_var('story_trackbacks', $story->EditElements('trackbacks'));
    $story_templates->set_var('lang_emails', $LANG24[39]);
    $story_templates->set_var('story_emails', $story->EditElements('numemails'));
    if ($mode == 'clone') {
        $story_templates->set_var('story_id', COM_makesid());
    } else {
        $story_templates->set_var('story_id', $story->getSid());
        $story_templates->set_var('old_story_id', $story->EditElements('originalSid'));
    }
    $story_templates->set_var('lang_sid', $LANG24[12]);
    $story_templates->set_var('lang_save', $LANG_ADMIN['save']);
    $story_templates->set_var('lang_preview', $LANG_ADMIN['preview']);
    $story_templates->set_var('lang_cancel', $LANG_ADMIN['cancel']);
    $story_templates->set_var('lang_delete', $LANG_ADMIN['delete']);
    $story_templates->set_var('gltoken_name', CSRF_TOKEN);
    $token = SEC_createToken();
    $story_templates->set_var('gltoken', $token);
    $story_templates->parse('output', 'editor');
    $display .= COM_startBlock($LANG24[5], '', COM_getBlockTemplate('_admin_block', 'header'));
    $display .= SEC_getTokenExpiryNotice($token, $LANG24[91]);
    $display .= $story_templates->finish($story_templates->get_var('output'));
    $display .= COM_endBlock(COM_getBlockTemplate('_admin_block', 'footer'));
    return $display;
}
Ejemplo n.º 22
0
function glFusionConf()
{
    global $_CONF, $_CK_CONF;
    if (SEC_inGroup('Root')) {
        $createDir = "php/createdir.php";
        $deleteDir = "php/deletedir.php";
        $moveDir = "php/movedir.php";
        $copyDir = "php/copydir.php";
        $renameDir = "php/renamedir.php";
        $deleteFile = "php/deletefile.php";
        $moveFile = "php/movefile.php";
        $copyFile = "php/copyfile.php";
        $renameFile = "php/renamefile.php";
        $uploadFile = "php/upload.php";
        $downloadFile = "php/download.php";
        $downloadDir = "php/downloaddir.php";
    } else {
        $createDir = "";
        $deleteDir = "";
        $moveDir = "";
        $copyDir = "";
        $renameDir = "";
        $deleteFile = "";
        $moveFile = "";
        $copyFile = "";
        $renameFile = "";
        if ($_CK_CONF['filemanager_browse_only']) {
            $uploadFile = "";
            $downloadFile = "";
            $downloadDir = "";
        } else {
            $uploadFile = "php/upload.php";
            $downloadFile = "php/download.php";
            $downloadDir = "php/downloaddir.php";
        }
    }
    if ($_CK_CONF['filemanager_default_view_mode'] == 'grid') {
        $defaultView = "thumb";
    } else {
        $defaultView = "list";
    }
    if (!isset($_CK_CONF['filemanager_fileperm'])) {
        $_CK_CONF['filemanager_fileperm'] = '0664';
    }
    if (!isset($_CK_CONF['filemanager_dirperm'])) {
        $_CK_CONF['filemanager_dirperm'] = '0775';
    }
    $cfgarray = array("FILES_ROOT" => "", "RETURN_URL_PREFIX" => "", "SESSION_PATH_KEY" => "fileman_files_root", "THUMBS_VIEW_WIDTH" => "140", "THUMBS_VIEW_HEIGHT" => "120", "PREVIEW_THUMB_WIDTH" => "100", "PREVIEW_THUMB_HEIGHT" => "100", "MAX_IMAGE_WIDTH" => "1000", "MAX_IMAGE_HEIGHT" => "1000", "INTEGRATION" => "ckeditor", "DIRLIST" => "php/dirtree.php", "CREATEDIR" => $createDir, "DELETEDIR" => $deleteDir, "MOVEDIR" => $moveDir, "COPYDIR" => $copyDir, "RENAMEDIR" => $renameDir, "FILESLIST" => "php/fileslist.php", "UPLOAD" => $uploadFile, "DOWNLOAD" => $downloadFile, "DOWNLOADDIR" => $downloadDir, "DELETEFILE" => $deleteFile, "MOVEFILE" => $moveFile, "COPYFILE" => $copyFile, "RENAMEFILE" => $renameFile, "GENERATETHUMB" => "php/thumb.php", "DEFAULTVIEW" => $defaultView, "FORBIDDEN_UPLOADS" => "tar gz arj bz bz2 bzip 7z zip js jsp jsb html mhtml mht xhtml xht php phtml php3 php4 php5 phps shtml jhtml pl sh py cgi exe application gadget hta cpl msc jar vb jse ws wsf wsc wsh ps1 ps2 psc1 psc2 msh msh1 msh2 inf reg scf msp scr dll msi vbs bat com pif cmd vxd cpl htpasswd htaccess config", "ALLOWED_UPLOADS" => "", "FILEPERMISSIONS" => $_CK_CONF['filemanager_fileperm'], "DIRPERMISSIONS" => $_CK_CONF['filemanager_dirperm'], "LANG" => "auto", "DATEFORMAT" => "dd/MM/yyyy HH =>mm", "OPEN_LAST_DIR" => "yes");
    return $cfgarray;
}
Ejemplo n.º 23
0
 $sql = "SELECT * FROM {$_TABLES['ff_topic']} WHERE (subject LIKE '%{$query}%') {$inforum} OR ";
 $sql .= "(comment LIKE '%{$query}%') {$inforum} GROUP BY {$orderby} ORDER BY {$orderby} {$direction} LIMIT 100";
 $result = DB_query($sql);
 $nrows = DB_numRows($result);
 $report->set_block('report', 'reportrow', 'rrow');
 if ($nrows > 0) {
     if ($_FF_CONF['enable_user_rating_system'] && !COM_isAnonUser()) {
         $user_rating = intval(DB_getItem($_TABLES['ff_userinfo'], 'rating', 'uid=' . (int) $_USER['uid']));
     }
     $csscode = 1;
     for ($i = 1; $i <= $nrows; $i++) {
         $P = DB_fetchArray($result);
         $fres = DB_query("SELECT grp_id,rating_view FROM {$_TABLES['ff_forums']} WHERE forum_id=" . (int) $P['forum']);
         list($forumgrpid, $view_rating) = DB_fetchArray($fres);
         $groupname = DB_getItem($_TABLES['groups'], 'grp_name', "grp_id=" . (int) $forumgrpid);
         if (SEC_inGroup($groupname)) {
             if ($_FF_CONF['enable_user_rating_system'] && !COM_isAnonUser()) {
                 if ($view_rating > $user_rating) {
                     continue;
                 }
             }
             if ($_FF_CONF['use_censor']) {
                 $P['subject'] = COM_checkWords($P['subject']);
             }
             $postdate = COM_getUserDateTimeFormat($P['date']);
             $link = '<a href="' . $_CONF['site_url'] . '/forum/viewtopic.php?forum=' . $P['forum'] . '&amp;showtopic=' . $P['id'] . '&amp;highlight=' . htmlentities($html_query, ENT_QUOTES, COM_getEncodingt()) . '">';
             $report->set_var(array('post_start_ahref' => $link, 'post_subject' => $P['subject'], 'post_end_ahref' => '</a>', 'post_date' => $postdate[0], 'post_replies' => $P['replies'], 'post_views' => $P['views'], 'csscode' => $csscode));
             $report->parse('rrow', 'reportrow', true);
             if ($csscode == 2) {
                 $csscode = 1;
             } else {
Ejemplo n.º 24
0
 function testIfUserCanApprove($useriddoingtheapproving, $useridtoapprove)
 {
     global $CONF_NEXTIME, $_USER;
     $useriddoingtheapproving = intval($useriddoingtheapproving);
     if ($useriddoingtheapproving == 0) {
         $useriddoingtheapproving = $_USER['uid'];
     }
     $list = nexlistOptionList('alist', '', $CONF_NEXTIME['nexlist_employee_to_supervisor'], 0, '', '0:' . $useridtoapprove . ',1:' . $useriddoingtheapproving);
     if (count($list) < 1) {
         $list = nexlistOptionList('alist', '', $CONF_NEXTIME['nexlist_employee_to_delegate'], 0, '', '0:' . $useridtoapprove . ',1:' . $useriddoingtheapproving);
     }
     $isNextimeAdmin = SEC_inGroup('nexTime Admin', $useriddoingtheapproving);
     if (count($list) > 0 || $isNextimeAdmin) {
         return true;
     } else {
         return false;
     }
 }
Ejemplo n.º 25
0
/**
 * Save topic to the database
 *
 * @param    string $tid              Topic ID
 * @param    string $topic            Name of topic (what the user sees)
 * @param    int    $inherit          whether to inherit
 * @param    int    $hidden           whether to hide
 * @param    string $parent_id        Parent ID
 * @param    string $imageUrl         (partial) URL to topic image
 * @param    string $meta_description Topic meta description
 * @param    string $meta_keywords    Topic meta keywords
 * @param    int    $sortNum          number for sort order in "Topics" block
 * @param    int    $limitNews        number of stories per page for this topic
 * @param    int    $owner_id         ID of owner
 * @param    int    $group_id         ID of group topic belongs to
 * @param    int    $perm_owner       Permissions the owner has
 * @param    int    $perm_group       Permissions the group has
 * @param    int    $perm_members     Permissions members have
 * @param    int    $perm_anon        Permissions anonymous users have
 * @param    string $is_default       'on' if this is the default topic
 * @param    string $is_archive       'on' if this is the archive topic
 * @return   string                   HTML redirect or error message
 */
function savetopic($tid, $topic, $inherit, $hidden, $parent_id, $imageUrl, $meta_description, $meta_keywords, $sortNum, $limitNews, $owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon, $is_default, $is_archive)
{
    global $_CONF, $_TABLES, $_USER, $LANG27, $MESSAGE;
    $retval = '';
    // Convert array values to numeric permission values
    list($perm_owner, $perm_group, $perm_members, $perm_anon) = SEC_getPermissionValues($perm_owner, $perm_group, $perm_members, $perm_anon);
    $tid = COM_sanitizeID($tid);
    // Check if tid is a restricted name
    $restricted_tid = false;
    if (!strcasecmp($tid, TOPIC_ALL_OPTION) || !strcasecmp($tid, TOPIC_NONE_OPTION) || !strcasecmp($tid, TOPIC_HOMEONLY_OPTION) || !strcasecmp($tid, TOPIC_SELECTED_OPTION) || !strcasecmp($tid, TOPIC_ROOT)) {
        $restricted_tid = true;
    }
    // Check if tid is used by another topic
    $duplicate_tid = false;
    $old_tid = '';
    if (isset($_POST['old_tid'])) {
        $old_tid = COM_applyFilter($_POST['old_tid']);
        if (!empty($old_tid)) {
            $old_tid = COM_sanitizeID($old_tid);
            // See if new topic id
            if (strcasecmp($tid, $old_tid)) {
                if (!strcasecmp($tid, DB_getItem($_TABLES['topics'], 'tid', "tid = '{$tid}'"))) {
                    $duplicate_tid = true;
                }
            }
        } else {
            if (!strcasecmp($tid, DB_getItem($_TABLES['topics'], 'tid', "tid = '{$tid}'"))) {
                $duplicate_tid = true;
            }
        }
    }
    // Make sure parent id exists
    $parent_id_found = false;
    if ($parent_id == DB_getItem($_TABLES['topics'], 'tid', "tid = '{$parent_id}'") || $parent_id == TOPIC_ROOT) {
        $parent_id_found = true;
    }
    // Check if parent archive topic, if so bail
    $archive_parent = false;
    $archive_tid = DB_getItem($_TABLES['topics'], 'tid', 'archive_flag = 1');
    if ($parent_id == $archive_tid) {
        $archive_parent = true;
    }
    // If archive topic, make sure no child topics else bail
    $archive_child = false;
    $is_archive = $is_archive == 'on' ? 1 : 0;
    if ($is_archive) {
        if ($tid == DB_getItem($_TABLES['topics'], 'parent_id', "parent_id = '{$tid}'")) {
            $archive_child = true;
        }
    }
    if (DB_count($_TABLES['topics'], 'tid', $tid) > 0) {
        $result = DB_query("SELECT owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon FROM {$_TABLES['topics']} WHERE tid = '{$tid}'");
        $A = DB_fetchArray($result);
        $access = SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']);
    } else {
        $access = SEC_hasAccess($owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon);
    }
    if ($access < 3 || !SEC_inGroup($group_id)) {
        $retval .= COM_showMessageText($MESSAGE[29], $MESSAGE[30]);
        $retval = COM_createHTMLDocument($retval, array('pagetitle' => $MESSAGE[30]));
        COM_accessLog("User {$_USER['username']} tried to illegally create or edit topic {$tid}.");
    } else {
        // Now check access to parent topic
        if ($parent_id != TOPIC_ROOT) {
            if (DB_count($_TABLES['topics'], 'tid', $parent_id) > 0) {
                $result = DB_query("SELECT owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon FROM {$_TABLES['topics']} WHERE tid = '{$parent_id}'");
                $A = DB_fetchArray($result);
                $access = SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']);
            }
            $in_Group = SEC_inGroup($A['group_id']);
        } else {
            $access = 3;
            $in_Group = true;
        }
        if ($access < 3 || !$in_Group) {
            $retval .= COM_showMessageText($MESSAGE[29], $MESSAGE[30]);
            $retval = COM_createHTMLDocument($retval, array('pagetitle' => $MESSAGE[30]));
            COM_accessLog("User {$_USER['username']} tried to illegally assign topic {$tid} to {$parent_id}.");
        } elseif (!empty($tid) && !empty($topic) && !$restricted_tid && !$duplicate_tid && !$archive_parent && !$archive_child && $parent_id_found) {
            if ($imageUrl === '/images/topics/') {
                $imageUrl = '';
            }
            $topic = GLText::remove4byteUtf8Chars(strip_tags($topic));
            $topic = DB_escapeString($topic);
            $meta_description = GLText::remove4byteUtf8Chars(strip_tags($meta_description));
            $meta_description = DB_escapeString($meta_description);
            $meta_keywords = GLText::remove4byteUtf8Chars(strip_tags($meta_keywords));
            $meta_keywords = DB_escapeString($meta_keywords);
            if ($is_default == 'on') {
                $is_default = 1;
                DB_query("UPDATE {$_TABLES['topics']} SET is_default = 0 WHERE is_default = 1");
            } else {
                $is_default = 0;
            }
            if ($is_archive) {
                // $tid is the archive topic
                // - if it wasn't already, mark all its stories "archived" now
                if ($archive_tid != $tid) {
                    $sql = "UPDATE {$_TABLES['stories']} s, {$_TABLES['topic_assignments']} ta\n                            SET s.featured = 0, s.frontpage = 0, s.statuscode = " . STORY_ARCHIVE_ON_EXPIRE . "\n                            WHERE ta.type = 'article' AND ta.tid = '{$tid}' AND ta.id = s.sid";
                    DB_query($sql);
                    $sql = "UPDATE {$_TABLES['topics']} SET archive_flag = 0 WHERE archive_flag = 1";
                    DB_query($sql);
                }
                // Set hidden and inherit to false since archive topic now
                $inherit = '';
                $hidden = '';
            } else {
                // $tid is not the archive topic
                // - if it was until now, reset the "archived" status of its stories
                if ($archive_tid == $tid) {
                    $sql = "UPDATE {$_TABLES['stories']} s, {$_TABLES['topic_assignments']} ta\n                            SET s.statuscode = 0\n                            WHERE ta.type = 'article' AND ta.tid = '{$tid}' AND ta.id = s.sid";
                    DB_query($sql);
                    $sql = "UPDATE {$_TABLES['topics']} SET archive_flag = 0 WHERE archive_flag = 1";
                    DB_query($sql);
                }
            }
            $inherit = $inherit == 'on' ? 1 : 0;
            $hidden = $hidden == 'on' ? 1 : 0;
            // Cannot hide root topics so switch if needed
            if ($parent_id == TOPIC_ROOT && $hidden == 1) {
                $hidden = 0;
            }
            // If not a new topic and id change then...
            if (!empty($old_tid)) {
                if ($tid != $old_tid) {
                    changetopicid($tid, $old_tid);
                    $old_tid = DB_escapeString($old_tid);
                    DB_delete($_TABLES['topics'], 'tid', $old_tid);
                }
            }
            DB_save($_TABLES['topics'], 'tid, topic, inherit, hidden, parent_id, imageurl, meta_description, meta_keywords, sortnum, limitnews, is_default, archive_flag, owner_id, group_id, perm_owner, perm_group, perm_members, perm_anon', "'{$tid}', '{$topic}', {$inherit}, {$hidden}, '{$parent_id}', '{$imageUrl}', '{$meta_description}', '{$meta_keywords}','{$sortNum}','{$limitNews}',{$is_default},'{$is_archive}',{$owner_id},{$group_id},{$perm_owner},{$perm_group},{$perm_members},{$perm_anon}");
            if ($old_tid != $tid) {
                PLG_itemSaved($tid, 'topic', $old_tid);
            } else {
                PLG_itemSaved($tid, 'topic');
            }
            // Reorder Topics, Delete topic cache and reload topic tree
            reorderTopics();
            // update feed(s)
            COM_rdfUpToDateCheck('article', $tid);
            COM_redirect($_CONF['site_admin_url'] . '/topic.php?msg=13');
        } elseif ($restricted_tid) {
            $retval .= COM_errorLog($LANG27[31], 2);
            $retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG27[1]));
        } elseif ($duplicate_tid) {
            $retval .= COM_errorLog($LANG27[49], 2);
            $retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG27[1]));
        } elseif ($archive_parent) {
            $retval .= COM_errorLog($LANG27[46], 2);
            $retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG27[1]));
        } elseif ($archive_child) {
            $retval .= COM_errorLog($LANG27[47], 2);
            $retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG27[1]));
        } elseif (!$parent_id_found) {
            $retval .= COM_errorLog($LANG27[48], 2);
            $retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG27[1]));
        } else {
            $retval .= COM_errorLog($LANG27[7], 2);
            $retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG27[1]));
        }
    }
    return $retval;
}
Ejemplo n.º 26
0
        //Reload the session.
        session_id($_COOKIE['sessionID']);
        session_start();
    } else {
        //Create new session and set the cookie for sessionID
        session_start();
        setcookie("sessionID", session_id(), time() + 31436000);
        //one year
        echo "<script>window.location='products.php';</script>";
    }
} else {
    session_start();
}
require_once '../lib-common.php';
require_once 'user_shipping_functions.php';
if (!SEC_inGroup('Logged-in Users')) {
    echo "You must be logged in, inorder to see this page.";
    exit;
}
echo COM_siteHeader();
if (isset($_POST['update_shipping_address'])) {
    $error = update_address(COM_applyFilter($_GET['id']));
} else {
    if (isset($_POST['add_shipping_address'])) {
        $error = add_shipping_address($_USER['uid']);
    } else {
        if (isset($_POST['delete_shipping_address'])) {
            $error = delete_shipping_address(COM_applyFilter($_GET['id']), "index.php?op=shipping_address");
        } else {
            if (isset($_GET['delete_id'])) {
                $error = delete_shipping_address(COM_applyFilter($_GET['delete_id']), "index.php?op=shipping_address");
Ejemplo n.º 27
0
 /**
  * This function checks html tags.
  *
  * Checks to see that the HTML tags are on the approved list and
  * removes them if not.
  *
  * @param   string  $str          HTML to check
  * @param   string  $permissions  comma-separated list of rights which identify the current user as an "Admin"
  * @return  string  Filtered HTML
  * @access  public
  *
  */
 public static function checkHTML($str, $permissions = 'story.edit')
 {
     global $_CONF, $_USER;
     //        $str = COM_stripslashes($str); // it should not be here
     // Get rid of any newline characters
     $str = str_replace("\n", '', $str);
     $str = self::_handleSpecialTag_callback($str, array('[code]', '[/code]', '<pre><code>', '</code></pre>'), '_escapeSPChars');
     $str = self::_handleSpecialTag_callback($str, array('[raw]', '[/raw]', '[raw2]', '[/raw2]'), '_escapeSPChars');
     // To begin with, why handle '$' and '\' as the special character?
     //
     // // replace any \ with &#092; (HTML equiv)
     // $str = str_replace('\\', '&#92;', $str);
     //
     // // Replace any $ with &#36; (HTML equiv)
     // $str = str_replace( '$', '&#36;', $str);
     if (!SEC_hasRights('htmlfilter.skip') && ($_CONF['skip_html_filter_for_root'] != 1 || !SEC_inGroup('Root'))) {
         $str = self::_htmLawed($str, $permissions);
     }
     // Replace [raw][/raw] with <!--raw--><!--/raw-->, note done "late" because
     // of the above noted // strip_tags() gets confused by HTML comments ...
     $str = str_replace('[raw2]', '<!--raw--><span class="raw">', $str);
     $str = str_replace('[/raw2]', '</span><!--/raw-->', $str);
     return $str;
 }
Ejemplo n.º 28
0
*
*   @author     Lee Garner <*****@*****.**>
*   @copyright  Copyright (c) 2012-2014 Lee Garner <*****@*****.**>
*   @package    lglib
*   @version    0.0.5
*   @license    http://opensource.org/licenses/gpl-2.0.php 
*               GNU Public License v2 or later
*   @filesource
*/
require_once '../../../lib-common.php';
require_once '../../auth.inc.php';
$display = '';
$pi_title = $_LGLIB_CONF['pi_display_name'] . ' ' . $LANG32[36] . ' ' . $_LGLIB_CONF['pi_version'];
LGLIB_setGlobal('pi_title', $pi_title);
// If user isn't a root user or if the backup feature is disabled, bail.
if (!SEC_inGroup('Root') || GVERSION > '1.6.0') {
    COM_accessLog("User {$_USER['username']} tried to illegally access the lglib admin page.");
    COM_404();
    exit;
}
/**
*   Sort backup files with newest first, oldest last.
*   For use with usort() function.
*   This is needed because the sort order of the backup files, coming from the
* ' readdir' function, might not be that way.
*
*   @param  string  $pFileA     First file to compare
*   @param  string  $pFileB     Second filename to compare
*   @return integer     1 if A newer than B, -1 if B newer than A, 0 if equal
*/
function DBADMIN_compareBackupFiles($pFileA, $pFileB)
Ejemplo n.º 29
0
// |                                                                           |
// | This program is distributed in the hope that it will be useful,           |
// | but WITHOUT ANY WARRANTY; without even the implied warranty of            |
// | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the             |
// | GNU General Public License for more details.                              |
// |                                                                           |
// | You should have received a copy of the GNU General Public License         |
// | along with this program; if not, write to the Free Software Foundation,   |
// | Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.           |
// |                                                                           |
// +---------------------------------------------------------------------------+
//
require_once '../lib-common.php';
$project_id = COM_applyFilter($_POST['projectid'], true);
$taskuser = COM_applyFilter($_REQUEST['taskuser'], true);
if ($taskuser > 0 and SEC_inGroup('nexflow Admin')) {
    $usermodeUID = $taskuser;
} else {
    $usermodeUID = $_USER['uid'];
}
if (DB_count($_TABLES['nf_projects'], 'id', $project_id) == 1) {
    if ($CONF_NF['debug']) {
        COM_errorLog("Reclaim Project:{$project_id}");
    }
    $status = DB_getItem($_TABLES['nf_projects'], 'status', "id='{$project_id}'");
    $prev_status = DB_getItem($_TABLES['nf_projects'], 'prev_status', "id='{$project_id}'");
    if ($prev_status < 1 or $status == $prev_status) {
        $prev_status = 1;
    }
    if ($status == 6) {
        // Currently in Recycled State
Ejemplo n.º 30
0
 function _checkHasAccess()
 {
     global $_USER, $LANG_DLM;
     // only users who belong to the Root group can full access
     if (!SEC_inGroup('Root')) {
         // deny access
         COM_accessLog("User {$_USER['username']} tried illegally to edit category {$this->_cid}.");
         $display = COM_showMessage(6, 'downloads');
         $display = DLM_createHTMLDocument($display, array('pagetitle' => $LANG_DLM['manager']));
         COM_output($display);
         exit;
     }
 }