function replace_glossary_tag($matches)
{
global $content;
$inner = trim($matches[2]);
// search keyword in glossary table
$keyword = trim($matches[1]);
if ($keyword !== '') {
$keyword = html_entity_decode($keyword, ENT_QUOTES, PHPWCMS_CHARSET);
// check against cache
if (!isset($content['glossary_cache'][$keyword])) {
$like = aporeplace($keyword);
$where = 'glossary_status=1 AND glossary_highlight=1 AND (';
$where .= "glossary_keyword LIKE '" . $like . "' OR ";
$where .= "glossary_keyword LIKE '" . $like . ",%' OR ";
$where .= "glossary_keyword LIKE '%, " . $like . ",%' OR ";
$where .= "glossary_keyword LIKE '%, " . $like . "'";
$where .= ')';
// retrieve only single keyword that matches best
$entry = _dbGet('phpwcms_glossary', 'glossary_title, glossary_keyword, glossary_text, COUNT(glossary_id) AS count_all', $where, 'glossary_id', 'count_all DESC', '1');
if (isset($entry[0])) {
// get keywords to store each in cache
$keywords = convertStringToArray($entry[0]['glossary_keyword']);
$title = empty($entry[0]['glossary_title']) ? $inner : html($entry[0]['glossary_title']);
$text = trim(clean_slweg($entry[0]['glossary_text']));
// store glossary item in cache
foreach ($keywords as $key) {
$content['glossary_cache'][$key] = array('title' => $title, 'text' => $text);
}
}
}
// create ABBR
if (isset($content['glossary_cache'][$keyword])) {
$inner = '<abbr class="glossary" title="' . $content['glossary_cache'][$keyword]['title'] . ' :: ' . $content['glossary_cache'][$keyword]['text'] . '">' . $inner . '</abbr>';
}
}
return $inner;
}
require PHPWCMS_ROOT . '/include/inc_lib/dbcon.inc.php';
require PHPWCMS_ROOT . '/include/inc_lib/general.inc.php';
require PHPWCMS_ROOT . '/include/inc_lib/backend.functions.inc.php';
if (empty($_SESSION["wcs_user"])) {
headerRedirect('', 401);
die('Sorry, access forbidden');
}
if (isset($_POST['action'])) {
$action = isset($_POST['action']) ? $_POST['action'] : false;
$method = isset($_POST['method']) ? $_POST['method'] : 'json';
$value = isset($_POST['value']) ? clean_slweg($_POST['value'], 0, false) : '';
$jquery = false;
} elseif ($_GET['action']) {
$action = isset($_GET['action']) ? $_GET['action'] : false;
$method = isset($_GET['method']) ? $_GET['method'] : 'json';
$value = isset($_GET['value']) ? clean_slweg($_GET['value'], 0, false) : '';
$jquery = true;
}
if (empty($value)) {
$action = 'empty';
}
// do charset conversions for value
if (PHPWCMS_CHARSET != 'utf-8') {
$value = @mb_convert_encoding($value, PHPWCMS_CHARSET, 'utf-8');
}
$data = array();
switch ($action) {
case 'category':
$where = "cat_status=1 AND cat_type NOT IN('module_shop') AND ";
$where .= "cat_name LIKE '%" . _dbEscape(preg_replace('/[^\\w\\- ]/', '', $value), false) . "%'";
$result = _dbGet('phpwcms_categories', 'cat_name', $where, 'cat_name', 'cat_name', 20);
<?php
/**
* phpwcms content management system
*
* @author Oliver Georgi <*****@*****.**>
* @copyright Copyright (c) 2002-2015, Oliver Georgi
* @license http://opensource.org/licenses/GPL-2.0 GNU GPL-2
* @link http://www.phpwcms.de
*
**/
session_start();
$phpwcms = array();
require_once '../../include/config/conf.inc.php';
require_once '../inc_lib/default.inc.php';
require_once PHPWCMS_ROOT . '/include/inc_lib/helper.session.php';
require_once PHPWCMS_ROOT . '/include/inc_lib/dbcon.inc.php';
require_once PHPWCMS_ROOT . '/include/inc_lib/general.inc.php';
checkLogin();
validate_csrf_tokens();
require_once PHPWCMS_ROOT . '/include/inc_lib/backend.functions.inc.php';
$chat_message = clean_slweg(trim($_POST['chatmsg']));
$chatlist = intval($_POST['chatlist']);
if ($chat_message) {
$sql = "INSERT INTO " . DB_PREPEND . "phpwcms_chat (chat_uid, chat_name, chat_text, chat_cat) ";
$sql .= "VALUES (" . $_SESSION['wcs_user_id'] . "," . _dbEscape($_SESSION['wcs_user']) . "," . _dbEscape($chat_message) . ",0)";
_dbQuery($sql, 'INSERT');
}
headerRedirect(PHPWCMS_URL . 'phpwcms.php?' . get_token_get_string('csrftoken') . '&do=chat&p=1&l=' . $chatlist . '&' . get_token_get_string('csrftoken'));
/**
* phpwcms content management system
*
* @author Oliver Georgi <*****@*****.**>
* @copyright Copyright (c) 2002-2015, Oliver Georgi
* @license http://opensource.org/licenses/GPL-2.0 GNU GPL-2
* @link http://www.phpwcms.de
*
**/
// ----------------------------------------------------------------
// obligate check for phpwcms constants
if (!defined('PHPWCMS_ROOT')) {
die("You Cannot Access This Script Directly, Have a Nice Day.");
}
// ----------------------------------------------------------------
$_userInfo['delimeter'] = clean_slweg($_POST['delimeter']);
if (empty($_userInfo['delimeter'])) {
$_userInfo['delimeter'] = ';';
}
$_userInfo['subscribe_active'] = empty($_POST['subscribe_active']) ? 0 : 1;
$_userInfo['subscribe_all'] = empty($_POST['subscribe_all']) ? 0 : 1;
if (isset($_POST['subscribe_select']) && is_array($_POST['subscribe_select'])) {
$_userInfo['subscribe_select'] = $_POST['subscribe_select'];
} else {
$_userInfo['subscribe_select'] = array();
$_userInfo['subscribe_all'] = 1;
}
// check uploaded FILE
if (getimagesize($_FILES['cvsfile']['tmp_name'])) {
$_userInfo['csvError'] = 'False MIME TYPE. Be sure to upload CSV file only.';
} elseif (is_uploaded_file($_FILES['cvsfile']['tmp_name']) && !$_FILES['cvsfile']['error']) {
$content["media_transparent"] = empty($_POST["cmedia_transparent"]) ? 0 : 1; $content["media_control"] = empty($_POST["cmedia_control"]) ? 0 : 1; $content["media_pos"] = intval($_POST["cimage_pos"]); $content["media_width"] = intval($_POST["cmedia_width"]); $content["media_width"] = $content["media_width"] ? $content["media_width"] : ''; $content["media_height"] = intval($_POST["cmedia_height"]); $content["media_height"] = $content["media_height"] ? $content["media_height"] : ''; $content["media_id"] = intval($_POST["cmedia_id"]); $content["media_name"] = clean_slweg($_POST["cmedia_name"]); $content["media_extern"] = clean_slweg($_POST["cmedia_extern"]); $content["image_name"] = clean_slweg($_POST["cimage_name"]); $content["image_id"] = empty($_POST["cimage_id"]) ? '' : intval($_POST["cimage_id"]); $content["image_caption"] = clean_slweg($_POST["cimage_caption"]); $content['media'] = array(); $content['media']["media_type"] = $content["media_type"]; $content['media']["media_player"] = $content["media_player"]; $content['media']["media_src"] = $content["media_src"]; $content['media']["media_auto"] = $content["media_auto"]; $content['media']["media_transparent"] = $content["media_transparent"]; $content['media']["media_control"] = $content["media_control"]; $content['media']["media_pos"] = $content["media_pos"]; $content['media']["media_width"] = $content["media_width"]; $content['media']["media_height"] = $content["media_height"]; $content['media']["media_id"] = $content["media_id"]; $content['media']["media_name"] = $content["media_name"]; $content['media']["media_extern"] = $content["media_extern"]; $content['media']["image_name"] = $content["image_name"]; $content['media']["image_id"] = $content["image_id"]; $content['media']["image_caption"] = $content["image_caption"]; $content["template"] = clean_slweg($_POST['template']);
$file_tags = '';
$file_granted = 0;
$file_gallerydownload = 0;
$file_sort = 0;
//Auswerten des Formulars
if (isset($_POST["file_aktion"]) && intval($_POST["file_aktion"]) == 1) {
if (!ini_get('safe_mode') && function_exists('set_time_limit')) {
set_time_limit(0);
}
$file_pid = intval($_POST["file_pid"]);
$file_aktiv = empty($_POST["file_aktiv"]) ? 0 : 1;
$file_public = empty($_POST["file_public"]) ? 0 : 1;
$file_shortinfo = clean_slweg($_POST["file_shortinfo"]);
$file_longinfo = slweg(trim($_POST["file_longinfo"]));
$file_copyright = clean_slweg($_POST["file_copyright"]);
$file_tags = trim(clean_slweg($_POST["file_tags"]), ',');
$file_granted = empty($_POST["file_granted"]) ? 0 : 1;
$file_gallerydownload = empty($_POST["file_gallerydownload"]) ? 0 : 1;
$file_keys = '';
$file_sort = intval($_POST["file_sort"]);
if (count($phpwcms['allowed_lang']) > 1) {
$file_vars = array();
foreach ($phpwcms['allowed_lang'] as $lang) {
$lang = strtolower($lang);
if (isset($_POST['file_longinfo_' . $lang])) {
$file_vars[$lang]['longinfo'] = slweg($_POST['file_longinfo_' . $lang]);
}
if (isset($_POST['file_copyright_' . $lang])) {
$file_vars[$lang]['copyright'] = slweg($_POST['file_copyright_' . $lang]);
}
}
$_SESSION['list_user_count'] = trim($_GET['c']) == 'all' ? '99999' : intval($_GET['c']);
}
if (isset($_GET['page'])) {
$_SESSION['subscriber_page'] = intval($_GET['page']);
}
// set default values for paginating
if (empty($_SESSION['list_user_count'])) {
$_SESSION['list_user_count'] = 25;
}
// get filter and paginating form values
if (isset($_POST['do_pagination'])) {
$_SESSION['list_active'] = empty($_POST['showactive']) ? 0 : 1;
$_SESSION['list_inactive'] = empty($_POST['showinactive']) ? 0 : 1;
$_SESSION['list_channel'] = empty($_POST['showchannel']) ? 0 : 1;
$_SESSION['subscriber_page'] = intval($_POST['page']);
$_SESSION['filter_subscriber'] = clean_slweg($_POST['filter']);
if (empty($_SESSION['filter_subscriber'])) {
unset($_SESSION['filter_subscriber']);
} else {
$_SESSION['filter_subscriber'] = convertStringToArray($_SESSION['filter_subscriber'], ' ');
}
}
if (empty($_SESSION['subscriber_page'])) {
$_SESSION['subscriber_page'] = 1;
}
// default settings for listing selected users
$_userInfo['list_active'] = isset($_SESSION['list_active']) ? $_SESSION['list_active'] : 1;
$_userInfo['list_inactive'] = isset($_SESSION['list_inactive']) ? $_SESSION['list_inactive'] : 1;
$_userInfo['list_channel'] = isset($_SESSION['list_channel']) ? $_SESSION['list_channel'] : 0;
if ($_userInfo['list_channel'] && isset($_POST['showchannel'])) {
$_userInfo['channel'] = empty($_POST['subscribe_select']) ? false : $_POST['subscribe_select'];
**/
// ----------------------------------------------------------------
// obligate check for phpwcms constants
if (!defined('PHPWCMS_ROOT')) {
die("You Cannot Access This Script Directly, Have a Nice Day.");
}
// ----------------------------------------------------------------
// try
if (isset($_GET['edit'])) {
$glossary['id'] = intval($_GET['edit']);
} else {
$glossary['id'] = 0;
}
// process post form
if (isset($_POST['glossary_title'])) {
$glossary['data'] = array('glossary_id' => intval($_POST['glossary_id']), 'glossary_title' => clean_slweg($_POST['glossary_title']), 'glossary_created' => date('Y-m-d H:i:s'), 'glossary_changed' => date('Y-m-d H:i:s'), 'glossary_tag' => clean_slweg($_POST['glossary_tag']), 'glossary_keyword' => clean_slweg($_POST['glossary_keyword']), 'glossary_text' => slweg($_POST['glossary_text']), 'glossary_object' => array(), 'glossary_status' => empty($_POST['glossary_status']) ? 0 : 1, 'glossary_highlight' => empty($_POST['glossary_highlight']) ? 0 : 1);
if (empty($glossary['data']['glossary_title'])) {
$glossary['error']['glossary_title'] = 1;
}
if (empty($glossary['data']['glossary_keyword'])) {
$glossary['error']['glossary_keyword'] = 1;
} else {
$sql = 'SELECT COUNT(*) FROM ' . DB_PREPEND . "phpwcms_glossary ";
$sql .= "WHERE glossary_keyword LIKE '" . aporeplace($glossary['data']['glossary_keyword']);
$sql .= "' AND glossary_id <> " . $glossary['data']['glossary_id'];
if (_dbQuery($sql, 'COUNT')) {
$glossary['error']['glossary_keyword'] = 1;
}
}
if (!isset($glossary['error'])) {
if ($glossary['data']['glossary_id']) {
// ----------------------------------------------------------------
$new_login = genlogname();
$new_password = generic_string(8);
$new_email = '';
$new_name = '';
$set_user_aktiv = 0;
$set_user_admin = 0;
$set_user_fe = 0;
$send_verification = 1;
$user_err = '';
if (isset($_POST["form_aktion"]) && $_POST["form_aktion"] == "create_account") {
//Create Account Daten verarbeiten
$new_login = slweg($_POST["form_newloginname"]);
$new_password = slweg($_POST["form_newpassword"]);
$new_email = clean_slweg($_POST["form_newemail"]);
$new_name = clean_slweg($_POST["form_newrealname"]);
$set_user_aktiv = isset($_POST["form_active"]) ? 1 : 0;
$set_user_admin = isset($_POST["form_admin"]) ? 1 : 0;
$set_user_fe = isset($_POST["form_feuser"]) ? intval($_POST["form_feuser"]) : 0;
if ($set_user_admin) {
$set_user_fe = 2;
}
$send_verification = isset($_POST["verification_email"]) ? 1 : 0;
if (isEmpty($new_login)) {
$user_err = $BL['be_admin_usr_err2'] . "\n";
} else {
$sql = "SELECT COUNT(*) AS anzahl FROM " . DB_PREPEND . "phpwcms_user WHERE usr_login='******'";
if ($result = mysql_query($sql, $db)) {
if ($check_anzahl = mysql_fetch_array($result)) {
if ($check_anzahl["anzahl"]) {
$user_err .= $BL['be_admin_usr_err1'] . "\n";
$content['glossary']['detail_entry'] = render_cnt_template($content['glossary']['detail_entry'], 'TITLE', html_specialchars($content['glossary']['entry']['glossary_title']));
$content['glossary']['item'] = $content['glossary']['detail_head'] . $content['glossary']['detail_entry'] . $content['glossary']['detail_footer'];
$content['glossary']['item'] = str_replace('{GLOSSARY_ID}', $content['glossary']['entry']['glossary_id'], $content['glossary']['item']);
$content['glossary']['item'] = str_replace('{BACKLINK}', rel_url(), $content['glossary']['item']);
// fine we will display given glossary ID
$CNT_TMP .= $content['glossary']['item'];
} else {
// get list entries template sections
$content['glossary']['list_head'] = get_tmpl_section('GLOSSARY_LIST_HEAD', $content['glossary']['glossary_template']);
$content['glossary']['list_footer'] = get_tmpl_section('GLOSSARY_LIST_FOOTER', $content['glossary']['glossary_template']);
$content['glossary']['list_entry'] = get_tmpl_section('GLOSSARY_LIST_ENTRY', $content['glossary']['glossary_template']);
$content['glossary']['list_spacer'] = get_tmpl_section('GLOSSARY_LIST_SPACER', $content['glossary']['glossary_template']);
// OK we build filter
$content['glossary']['glossary_alphabet'] = '0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ';
$content['glossary']['glossary_filter'] = convertStringToArray(strtoupper($content['glossary']['glossary_filter']), ' ');
$content['glossary']['glossary_filter_active'] = empty($GLOBALS['_getVar']['glossary']) ? '' : strtoupper(clean_slweg($GLOBALS['_getVar']['glossary']));
if (in_array($content['glossary']['glossary_filter_active'], $content['glossary']['glossary_filter'])) {
// build SQL query
if (strpos($content['glossary']['glossary_filter_active'], '-')) {
$content['glossary']['filter'] = explode('-', $content['glossary']['glossary_filter_active']);
$content['glossary']['filter'][0] = substr($content['glossary']['filter'][0], 0, 1);
$content['glossary']['filter'][1] = empty($content['glossary']['filter'][1]) ? '?' : substr($content['glossary']['filter'][1], 0, 1);
// is there start and end
if (strpos($content['glossary']['glossary_alphabet'], $content['glossary']['filter'][0]) !== false && strpos($content['glossary']['glossary_alphabet'], $content['glossary']['filter'][1]) !== false) {
$content['glossary']['glossary_alphabet'] = preg_split('//', $content['glossary']['glossary_alphabet'], -1, PREG_SPLIT_NO_EMPTY);
$content['glossary']['filters'] = array();
$content['glossary']['filter_run'] = false;
foreach ($content['glossary']['glossary_alphabet'] as $content['glossary']['char']) {
// OK start here
if ($content['glossary']['char'] == $content['glossary']['filter'][0]) {
$content['glossary']['filter_run'] = true;
$keyword["id"] = intval($_GET["keyid"]);
if ($keyword["id"]) {
$sql = "SELECT * FROM " . DB_PREPEND . "phpwcms_keyword WHERE keyword_id=" . $keyword["id"] . " LIMIT 1;";
if ($result = mysql_query($sql, $db) or die("error while retrieving keywords")) {
if ($row = mysql_fetch_array($result)) {
$keyword["name"] = $row["keyword_name"];
}
mysql_free_result($result);
}
$sendbutton = $BL['be_admin_fcat_button1'];
} else {
$sendbutton = $BL['be_admin_fcat_button2'];
}
if (isset($_POST["keyword_aktion"]) && intval($_POST["keyword_aktion"])) {
// show form for editing keywords
$keyword["name"] = clean_slweg($_POST["keyword_name"], 250);
$keyword["id"] = intval($_POST["keyword_id"]);
$keyword["name"] = str_replace(';', ' ', $keyword["name"]);
$keyword["name"] = str_replace(',', ' ', $keyword["name"]);
$keyword["name"] = preg_replace('/\\s{1,}/', ' ', $keyword["name"]);
if (empty($keyword["name"])) {
$keyword["error"] = 1;
} else {
if (!$keyword["id"]) {
$sql = "INSERT INTO " . DB_PREPEND . "phpwcms_keyword SET ";
$sql .= "keyword_name = '" . aporeplace($keyword["name"]) . "'";
} else {
$sql = "UPDATE " . DB_PREPEND . "phpwcms_keyword SET ";
$sql .= "keyword_name='" . aporeplace($keyword["name"]);
$sql .= "' WHERE keyword_id=" . $keyword["id"];
}
// set OnLoad (DomReady) JavaScript
if (count($block['js_ondomready'])) {
jsOnDomReady(implode(LF, $block['js_ondomready']));
}
// set OnUnLoad JavaScript
if (count($block['js_onunload'])) {
jsOnUnLoad(implode(LF, $block['js_onunload']));
}
// set Inline JS
if (count($block['js_inline'])) {
$block['custom_htmlhead']['inline'] = ' <script' . SCRIPT_ATTRIBUTE_TYPE . '>' . LF . SCRIPT_CDATA_START . LF;
$block['custom_htmlhead']['inline'] .= implode(LF, $block['js_inline']);
$block['custom_htmlhead']['inline'] .= LF . SCRIPT_CDATA_END . LF . ' </script>';
}
if (!empty($_GET['highlight'])) {
$highlight_words = explode(' ', clean_slweg(rawurldecode($_GET['highlight'])));
$content['all'] = preg_replace_callback("/<!--SEARCH_HIGHLIGHT_START\\/\\/-->(.*?)<!--SEARCH_HIGHLIGHT_END\\/\\/-->/si", "pregReplaceHighlightWrapper", $content['all']);
}
$content['all'] = str_replace(array('<!--SEARCH_HIGHLIGHT_START//-->', '<!--SEARCH_HIGHLIGHT_END//-->'), '', $content['all']);
// render content part pagination
if (!empty($_CpPaginate)) {
$content['all'] = str_replace(array('<!--CP_PAGINATE_START//-->', '<!--CP_PAGINATE_END//-->'), '', $content['all']);
unset($_getVar['aid'], $_getVar['id']);
// first build [1][2][3] paginate pages
if (strpos($content['all'], '{CP_PAGINATE}')) {
$content['CpPaginateNavi'] = array();
foreach ($content['CpPages'] as $key => $value) {
$content['CpPaginateNavi'][$key] = $template_default['attributes']['cp-paginate']['link-prefix'];
$content['CpPaginateNavi'][$key] .= '<a href="' . rel_url(array(), array(), $key ? 'aid=' . $aktion[1] . '-' . $key : '') . '" class="';
$content['CpPaginateNavi'][$key] .= $key == $content['aId_CpPage'] ? $template_default['classes']['cp-paginate-link'] : $template_default['classes']['cp-paginate-link-active'];
$content['CpPaginateNavi'][$key] .= '">' . $template_default['attributes']['cp-paginate']['value-prefix'] . $value . $template_default['attributes']['cp-paginate']['value-suffix'] . '</a>';
case 'newsletter':
/*
* Newsletter
*/
$form_newletter_setting = array();
$form_newletter_setting['double_optin'] = 0;
$form_value = array();
if ($POST_DO && ($cnt_form["fields"][$key]['required'] || isset($_POST[$POST_name]))) {
if (isset($_POST[$POST_name]) && is_array($_POST[$POST_name])) {
$POST_val[$POST_name] = array_map('combined_POST_cleaning', $_POST[$POST_name]);
$POST_val[$POST_name] = array_diff($POST_val[$POST_name], array(''));
if (!count($POST_val[$POST_name])) {
$POST_val[$POST_name] = false;
}
} else {
$POST_val[$POST_name] = isset($_POST[$POST_name]) ? remove_unsecure_rptags(clean_slweg($_POST[$POST_name])) : false;
}
if ($cnt_form["fields"][$key]['required'] && ($POST_val[$POST_name] === false || $POST_val[$POST_name] == '')) {
$POST_ERR[$key] = $cnt_form["fields"][$key]['error'];
$cnt_form["fields"][$key]['class'] = getFieldErrorClass($value['class'], $cnt_form["error_class"]);
} else {
$cnt_form["fields"][$key]['value'] = str_replace(' checked', '', $cnt_form["fields"][$key]['value']);
}
if (isset($POST_val[$POST_name])) {
$form_newletter_setting['selection'] = $POST_val[$POST_name];
} else {
$form_newletter_setting['selection'] = false;
}
}
// prepare default settings for newsletter field
$form_value_default = convertStringToArray($cnt_form["fields"][$key]['value'], "\n", 'UNIQUE', false);
mysql_free_result($guestbook['result']);
}
}
}
// Captcha check
if (empty($guestbook['captcha'])) {
$guestbook['form'] = replace_tmpl_section('CAPTCHA', $guestbook['form']);
} else {
$guestbook['captcha_maxchar'] = empty($guestbook['captcha_maxchar']) ? 5 : $guestbook['captcha_maxchar'];
$guestbook['form'] = str_replace('{CAPTCHA}', '<img src="img/captcha.php?regen=y&length=' . $guestbook['captcha_maxchar'] . '&' . time() . '" alt="Captcha" id="gbCaptchaImage" />', $guestbook['form']);
}
if (isset($_POST['guestbook_email']) && !empty($guestbook['captcha'])) {
include_once PHPWCMS_ROOT . '/include/inc_ext/SPAF_FormValidator.class.php';
// instantiate the object
$spaf_obj = new SPAF_FormValidator();
$guestbook['post']['captcha'] = isset($_POST['guestbook_captcha']) ? clean_slweg($_POST['guestbook_captcha']) : '';
if ($spaf_obj->validRequest($guestbook['post']['captcha'])) {
// destroy successful code
$spaf_obj->destroy();
} else {
$guestbook['error']['captcha'] = 'Fill in the correct captcha code. Proof it twice!';
}
}
if (isset($_POST['guestbook_email']) && !$guestbook['flooding']) {
// make global spam check
if (!checkFormTrackingValue()) {
$guestbook['flooding'] = 1;
$guestbook['readform'] = 1;
$guestbook['spamalert'] = '<div class="spamFormAlert">Your IP ' . getRemoteIP() . ' is not allowed to send form!</div>';
}
}
function update_404redirect()
{
$data = array('error' => array(), 'data' => array('rid' => intval($_POST['rid']), 'alias' => clean_slweg($_POST['alias']), 'id' => trim($_POST['id']) === '' ? '' : intval($_POST['id']), 'aid' => trim($_POST['aid']) === '' || !intval($_POST['aid']) ? '' : intval($_POST['aid']), 'type' => empty($_POST['type']) || !in_array($_POST['type'], array('alias', 'id', 'aid', 'link')) ? '' : clean_slweg($_POST['type']), 'active' => empty($_POST['active']) ? 0 : 1, 'shortcut' => empty($_POST['shortcut']) ? 0 : 1, 'code' => empty($_POST['code']) || !in_array($_POST['code'], array('301', '307', '404', '401', '503')) ? '' : clean_slweg($_POST['code']), 'target' => clean_slweg($_POST['target']), 'changed' => date('Y-m-d H:i:s')));
if (!$data['data']['aid'] && !$data['data']['alias'] && $data['data']['id'] == '' && !isset($_POST['delete_' . md5($data['data']['rid'])])) {
$data['error'][] = $GLOBALS['BL']['be_redirect_error1'];
}
if ($data['data']['type'] && $data['data']['target'] === '') {
$data['error'][] = $GLOBALS['BL']['be_redirect_error2'];
} elseif (($data['data']['type'] == 'id' || $data['data']['type'] == 'aid') && !is_intval($data['data']['target'])) {
$data['error'][] = $GLOBALS['BL']['be_redirect_error3'];
}
if (count($data['error'])) {
$data['data']['active'] = 0;
set_status_message(implode('<br />', $data['error']), 'error');
} else {
$data['error'] = NULL;
$rid = $data['data']['rid'];
unset($data['data']['rid']);
if ($rid) {
// Mark for deletion
if (isset($_POST['delete_' . md5($rid)])) {
$data['data']['active'] = 9;
$result = _dbQuery('DELETE FROM ' . DB_PREPEND . 'phpwcms_redirect WHERE rid=' . $rid, 'DELETE');
} else {
$result = _dbUpdate('phpwcms_redirect', $data['data'], 'rid=' . $rid);
}
} else {
$result = _dbInsert('phpwcms_redirect', $data['data']);
if (isset($result['INSERT_ID'])) {
$rid = $result['INSERT_ID'];
}
}
$data['data']['rid'] = $rid;
if ($result) {
if ($data['data']['active'] == 9) {
set_status_message(str_replace('{ID}', $data['data']['rid'], $GLOBALS['BL']['be_action_deleted']), 'success');
headerRedirect('phpwcms.php?' . get_token_get_string('csrftoken') . '&do=admin&p=14');
} else {
set_status_message($GLOBALS['BL']['be_successfully_saved'], 'success');
}
} else {
set_status_message($GLOBALS['BL']['be_error_while_save'], 'error');
}
}
return $data;
}
function cleanUpFormMailerPostValue($string = '')
{
if (strpos("\n", $string) !== false) {
return '';
}
$string = clean_slweg($string);
$string = cleanUpSpecialHtmlEntities($string);
return $string;
}
//load default language EN
require_once PHPWCMS_ROOT . '/include/inc_lang/backend/en/lang.inc.php';
include_once PHPWCMS_ROOT . "/include/inc_lang/code.lang.inc.php";
// check modules
require_once PHPWCMS_ROOT . '/include/inc_lib/modules.check.inc.php';
require_once PHPWCMS_ROOT . '/include/inc_lib/backend.functions.inc.php';
require_once PHPWCMS_ROOT . '/include/inc_lib/imagick.convert.inc.php';
if (isset($_POST['action'])) {
$action = isset($_POST['action']) ? clean_slweg($_POST['action'], 0, false) : false;
// $method = isset($_POST['method']) ? $_POST['method'] : 'json';
$value = isset($_POST['value']) ? intval($_POST['value']) : 0;
$aid = isset($_POST['aid']) ? intval($_POST['aid']) : 0;
$cid = isset($_POST['cid']) ? intval($_POST['cid']) : 0;
$jquery = true;
} elseif (isset($_GET['action'])) {
$action = isset($_GET['action']) ? clean_slweg($_GET['action'], 0, false) : false;
// $method = isset($_GET['method']) ? $_GET['method'] : 'json';
$value = isset($_GET['value']) ? intval($_GET['value']) : 0;
$aid = isset($_GET['aid']) ? intval($_GET['aid']) : 0;
$cid = isset($_GET['cid']) ? intval($_GET['cid']) : 0;
$jquery = true;
} else {
$action = false;
// $method = false;
$value = false;
$aid = 0;
$cid = 0;
$jquery = false;
}
if (empty($value)) {
$action = 'empty';
// show search tester text
// read template
if (empty($crow["acontent_template"]) && is_file(PHPWCMS_TEMPLATE . 'inc_default/search.tmpl')) {
$crow["acontent_template"] = render_device(@file_get_contents(PHPWCMS_TEMPLATE . 'inc_default/search.tmpl'));
} elseif (is_file(PHPWCMS_TEMPLATE . 'inc_cntpart/search/' . $crow["acontent_template"])) {
$crow["acontent_template"] = render_device(@file_get_contents(PHPWCMS_TEMPLATE . 'inc_cntpart/search/' . $crow["acontent_template"]));
} else {
$crow["acontent_template"] = '';
}
$crow['template'] = array('header' => get_tmpl_section('SEARCH_HEADER', $crow["acontent_template"]), 'footer' => get_tmpl_section('SEARCH_FOOTER', $crow["acontent_template"]), 'item_space' => get_tmpl_section('SEARCH_ITEM_SPACER', $crow["acontent_template"]), 'item' => get_tmpl_section('SEARCH_ITEM', $crow["acontent_template"]), 'pagination' => trim(get_tmpl_section('SEARCH_PAGINATE', $crow["acontent_template"])), 'text' => '', 'form' => '', 'image_render' => false);
if (!empty($_POST["search_input_field"]) || !empty($_GET['searchwords'])) {
$s_run = 0;
// check search
// remove unsecure replacement tags
$content["search_word"] = empty($_POST["search_input_field"]) ? rawurldecode($_GET['searchwords']) : $_POST["search_input_field"];
$content["search_word"] = clean_slweg($content["search_word"]);
$content["search_word"] = clean_replacement_tags($content["search_word"]);
$content["search_word"] = cleanUpSpecialHtmlEntities($content["search_word"]);
// split all search words
$content["search_word"] = explode(' ', $content["search_word"]);
$content["search_word"] = array_unique($content["search_word"]);
$content['search']['highlight_result'] = empty($content["search"]['highlight_result']) ? false : true;
$content['search']['wordlimit'] = isset($content["search"]['wordlimit']) && is_intval($content["search"]['wordlimit']) ? intval($content["search"]['wordlimit']) : 35;
$content["search"]["result_per_page"] = empty($content["search"]['result_per_page']) ? 15 : $content["search"]['result_per_page'];
if ($content["search"]["result_per_page"] == -1) {
$content["search"]["result_per_page"] = 100000;
}
if (!isset($content["search"]["show_always"])) {
$content["search"]["show_always"] = 1;
}
if (!isset($content["search"]["show_top"])) {
if ($result = mysql_query($sql, $db) or die("error while getting file key infos")) {
if ($row = mysql_fetch_array($result)) {
$fkey["name"] = $row["fkey_name"];
$fkey["active"] = $row["fkey_aktiv"];
$fkey["cid"] = $row["fkey_cid"];
$fkey["sort"] = $row["fkey_sort"];
}
mysql_free_result($result);
}
$sendbutton = $BL['be_admin_fcat_button1'];
} else {
$sendbutton = $BL['be_admin_fcat_button2'];
}
if (!empty($_POST["fkey_aktion"])) {
//Formular zum Bearbeiten der Dateischlüssel-Namen
$fkey["name"] = clean_slweg($_POST["fkey_name"], 250);
$fkey["id"] = intval($_POST["fkey_id"]);
$fkey["active"] = intval($_POST["fkey_active"]);
$fkey["cid"] = intval($_POST["fkey_cid"]);
$fkey["sort"] = empty($_POST["fkey_sort"]) ? 0 : intval($_POST["fkey_sort"]);
if (isEmpty($fkey["name"])) {
$fkey["error"] = 1;
} else {
if (!$fkey["id"]) {
$sql = "INSERT INTO " . DB_PREPEND . "phpwcms_filekey (fkey_name, fkey_aktiv, fkey_cid, fkey_sort) VALUES ('";
$sql .= aporeplace($fkey["name"]) . "', " . $fkey["active"] . ", " . $fkey["cid"] . ", " . $fkey["sort"] . ")";
} else {
$sql = "UPDATE " . DB_PREPEND . "phpwcms_filekey SET fkey_name='" . aporeplace($fkey["name"]);
$sql .= "', fkey_aktiv=" . $fkey["active"] . ", fkey_cid=" . $fkey["cid"] . ", fkey_sort=" . $fkey["sort"] . " WHERE fkey_id=" . $fkey["id"];
}
if ($result = mysql_query($sql, $db) or die("error while inserting/updating file key")) {
**/
// ----------------------------------------------------------------
// obligate check for phpwcms constants
if (!defined('PHPWCMS_ROOT')) {
die("You Cannot Access This Script Directly, Have a Nice Day.");
}
// ----------------------------------------------------------------
// try
if (isset($_GET['edit'])) {
$plugin['id'] = intval($_GET['edit']);
} else {
$plugin['id'] = 0;
}
// process post form
if (isset($_POST['adcampaign_title'])) {
$plugin['data'] = array('adcampaign_id' => intval($_POST['adcampaign_id']), 'adcampaign_title' => clean_slweg($_POST['adcampaign_title']), 'adcampaign_created' => date('Y-m-d H:i:s'), 'adcampaign_changed' => date('Y-m-d H:i:s'), 'adcampaign_comment' => clean_slweg($_POST['adcampaign_comment']), 'adcampaign_data' => array('max_views' => intval($_POST['adcampaign_max_views']), 'max_click' => intval($_POST['adcampaign_max_click']), 'width' => intval($_POST['adcampaign_width']), 'height' => intval($_POST['adcampaign_height']), 'unique' => empty($_POST['adcampaign_unique']) ? 0 : 1, 'url' => clean_slweg($_POST['adcampaign_url']), 'target' => clean_slweg($_POST['adcampaign_target'])), 'adcampaign_status' => empty($_POST['adcampaign_status']) ? 0 : 1, 'adcampaign_date_start' => clean_slweg($_POST['adcampaign_date_start']), 'adcampaign_date_end' => clean_slweg($_POST['adcampaign_date_end']), 'adcampaign_time_start' => clean_slweg($_POST['adcampaign_time_start']), 'adcampaign_time_end' => clean_slweg($_POST['adcampaign_time_end']), 'adcampaign_format' => intval($_POST['adcampaign_format']));
if (empty($plugin['data']['adcampaign_title'])) {
$plugin['error']['adcampaign_title'] = 1;
}
$plugin['error'] = 1;
if (false && !isset($plugin['error'])) {
if ($plugin['data']['glossary_id']) {
// UPDATE
$sql = 'UPDATE ' . DB_PREPEND . 'phpwcms_glossary SET ';
$sql .= "glossary_title='" . aporeplace($plugin['data']['glossary_title']) . "', ";
$sql .= "glossary_tag='" . aporeplace($plugin['data']['glossary_tag']) . "', ";
$sql .= "glossary_keyword='" . aporeplace($plugin['data']['glossary_keyword']) . "', ";
$sql .= "glossary_text='" . aporeplace($plugin['data']['glossary_text']) . "', ";
$sql .= "glossary_object='" . aporeplace(serialize($plugin['data']['glossary_object'])) . "', ";
$sql .= "glossary_changed='" . aporeplace($plugin['data']['glossary_changed']) . "', ";
$sql .= "glossary_status=" . $plugin['data']['glossary_status'] . ", ";
$fileinfo['filesize'] = $download['f_size'];
$fileinfo['method'] = empty($phpwcms["inline_download"]) ? 'attachment' : 'inline';
$fileinfo['mimetype'] = $download["f_type"];
$fileinfo['file'] = $fileinfo['path'] . $fileinfo['filename'];
$fileinfo['extension'] = $download["f_ext"];
$fileinfo['realfname'] = $phpwcms['sanitize_dlname'] ? phpwcms_remove_accents($download["f_name"]) : $download["f_name"];
// start download
$success = dl_file_resume($fileinfo['file'], $fileinfo, true);
}
}
// we hack in the stream.php here
} elseif ($file = isset($_GET['file']) ? clean_slweg($_GET['file'], 40) : '') {
$filename = basename($file);
$file = PHPWCMS_ROOT . '/' . PHPWCMS_FILES . $filename;
if (is_file($file)) {
$mime = empty($_GET['type']) ? '' : clean_slweg($_GET['type'], 100);
if (!is_mimetype_format($mime)) {
$mime = get_mimetype_by_extension(which_ext($file));
}
header('Content-Type: ' . $mime);
if (BROWSER_OS == 'iOS') {
require_once PHPWCMS_ROOT . '/include/inc_lib/functions.file.inc.php';
rangeDownload($file);
} else {
header('Content-Transfer-Encoding: binary');
if (!isset($_GET['ios'])) {
header('Content-Disposition: inline; filename="' . ($phpwcms['sanitize_dlname'] ? phpwcms_remove_accents($filename) : $filename) . '"');
}
header('Content-Length: ' . filesize($file));
readfile($file);
}
$content["guestbook"]["cookie"] = empty($_POST["cguestbook_cookie"]) ? 0 : 1;
$content["guestbook"]["captcha"] = empty($_POST["cguestbook_captcha"]) ? 0 : 1;
$content["guestbook"]["gb_login_show"] = empty($_POST["cguestbook_login_show"]) ? 0 : 1;
$content["guestbook"]["gb_login_post"] = empty($_POST["cguestbook_login_post"]) ? 0 : 1;
$content["guestbook"]["gb_urlcheck"] = empty($_POST["cguestbook_urlcheck"]) ? 0 : 1;
$content["guestbook"]["notify"] = empty($_POST["cguestbook_notify"]) ? 0 : 1;
$content["guestbook"]["notify_email"] = clean_slweg($_POST["cguestbook_notify_email"]);
if (empty($content["guestbook"]["notify_email"])) {
$content["guestbook"]["notify"] = 0;
} else {
$content["guestbook"]["notify_email"] = convertStringToArray(str_replace(',', ';', $content["guestbook"]["notify_email"]), ';');
foreach ($content["guestbook"]["notify_email"] as $key => $item) {
if (!is_valid_email($item)) {
unset($content["guestbook"]["notify_email"][$key]);
}
}
$content["guestbook"]["notify_email"] = implode(';', $content["guestbook"]["notify_email"]);
if ($content["guestbook"]["notify_email"] == '') {
$content["guestbook"]["notify"] = 0;
}
}
$content["guestbook"]["captcha_maxchar"] = intval($_POST['cguestbook_captchamaxchar']);
if (!$content["guestbook"]["captcha_maxchar"]) {
$content["guestbook"]["captcha_maxchar"] = 5;
} elseif ($content["guestbook"]["captcha_maxchar"] > 15) {
$content["guestbook"]["captcha_maxchar"] = 15;
}
$content["guestbook"]["max_image_filesize"] = return_bytes_shorten(clean_slweg($_POST["cguestbook_maximgsize"]));
if (!return_bytes($content["guestbook"]["max_image_filesize"])) {
$content["guestbook"]["max_image_filesize"] = return_bytes_shorten($phpwcms['file_maxsize']);
}
foreach ($plugin['data']['shopprod_images'] as $key => $value) {
if (isset($temp_img_row[$value])) {
$img_all[$key]['f_id'] = $temp_img_row[$value]['f_id'];
$img_all[$key]['f_name'] = $temp_img_row[$value]['f_name'];
$img_all[$key]['f_hash'] = $temp_img_row[$value]['f_hash'];
$img_all[$key]['f_ext'] = $temp_img_row[$value]['f_ext'];
$img_all[$key]['caption'] = isset($plugin['data']['shopprod_caption'][$key]) ? trim($plugin['data']['shopprod_caption'][$key]) : '';
}
}
$plugin['data']['shopprod_caption'] = array();
$plugin['data']['shopprod_images'] = $img_all;
unset($img_all);
}
}
// Attachments
$plugin['data']['shopprod_filecaption'] = clean_slweg($_POST["shopprod_filecaption"], 0, false);
$plugin['data']['shopprod_filecaption'] = explode(LF, $plugin['data']['shopprod_filecaption']);
$plugin['data']['shopprod_files'] = isset($_POST['shopprod_files']) && is_array($_POST['shopprod_files']) ? $_POST['shopprod_files'] : array();
if (is_array($plugin['data']['shopprod_files']) && count($plugin['data']['shopprod_files'])) {
$plugin['data']['shopprod_files'] = array_map('intval', $plugin['data']['shopprod_files']);
$plugin['data']['shopprod_files'] = array_diff($plugin['data']['shopprod_files'], array(0, '', NULL, false));
if (count($plugin['data']['shopprod_files'])) {
$img_all = _dbQuery('SELECT * FROM ' . DB_PREPEND . 'phpwcms_file WHERE f_id IN (' . implode(',', $plugin['data']['shopprod_files']) . ')');
// take all values from db
$temp_img_row = array();
foreach ($img_all as $value) {
$temp_img_row[$value['f_id']] = $value;
}
$img_all = array();
// now run though image result - but keep sorting
foreach ($plugin['data']['shopprod_files'] as $key => $value) {
<!--
body { background-color: #EBF2F4; }
-->
</style>
</head>
<body bgcolor="#EBF2F4" text="#000000" link="#000000" vlink="#000000" alink="#000000" leftmargin="15" topmargin="15" marginwidth="15" marginheight="15">
<?php
if (!$ftp["error"]) {
$ftp["dir"] = intval($_POST["file_dir"]);
$ftp["short_info"] = clean_slweg($_POST["file_shortinfo"]);
$ftp["aktiv"] = empty($_POST["file_aktiv"]) ? 0 : 1;
$ftp["public"] = empty($_POST["file_public"]) ? 0 : 1;
$ftp["replace"] = empty($_POST["file_replace"]) ? 0 : 1;
$ftp["long_info"] = slweg($_POST["file_longinfo"]);
$ftp["copyright"] = slweg($_POST["file_copyright"]);
$ftp["tags"] = trim(trim(clean_slweg($_POST["file_tags"]), ','));
$ftp["keywords"] = isset($_POST["file_keywords"]) ? $_POST["file_keywords"] : array();
$ftp["keys"] = "";
if (is_array($ftp["keywords"]) && count($ftp["keywords"])) {
foreach ($ftp["keywords"] as $key => $value) {
unset($ftp["keywords"][$key]);
$key = intval($key);
if ($value != "0_1") {
$ftp["keys"] .= ($ftp["keys"] ? ":" : "") . $key . "_" . intval($value);
$ftp["keywords"][$key] = intval($value);
} else {
$file_error["keywords"][$key] = 1;
}
}
}
$ftp['fileVarsField'] = '';
**/
// ----------------------------------------------------------------
// obligate check for phpwcms constants
if (!defined('PHPWCMS_ROOT')) {
die("You Cannot Access This Script Directly, Have a Nice Day.");
}
// ----------------------------------------------------------------
// try
if (isset($_GET['edit'])) {
$plugin['id'] = intval($_GET['edit']);
} else {
$plugin['id'] = 0;
}
// process post form
if (isset($_POST['adcampaign_title'])) {
$plugin['data'] = array('adcampaign_id' => intval($_POST['adcampaign_id']), 'adcampaign_title' => clean_slweg($_POST['adcampaign_title']), 'adcampaign_created' => date('Y-m-d H:i:s'), 'adcampaign_changed' => date('Y-m-d H:i:s'), 'adcampaign_comment' => clean_slweg($_POST['adcampaign_comment']), 'adcampaign_data' => array('width' => intval($_POST['adcampaign_width']), 'height' => intval($_POST['adcampaign_height']), 'unique' => empty($_POST['adcampaign_unique']) ? 0 : 1, 'url' => clean_slweg($_POST['adcampaign_url']), 'target' => clean_slweg($_POST['adcampaign_target']), 'image' => isset($_POST['adcampaign_image']) ? clean_slweg($_POST['adcampaign_image']) : '', 'flash' => isset($_POST['adcampaign_flash']) ? clean_slweg($_POST['adcampaign_flash']) : '', 'html' => slweg($_POST['adcampaign_html']), 'alt_text' => clean_slweg($_POST['adcampaign_alt_text']), 'title_text' => clean_slweg($_POST['adcampaign_title_text']), 'css' => isset($_POST['adcampaign_css']) ? clean_slweg($_POST['adcampaign_css']) : '', 'bgcolor' => clean_slweg($_POST['adcampaign_bgcolor']), 'bordercolor' => clean_slweg($_POST['adcampaign_bordercolor']), 'flashversion' => clean_slweg($_POST['adcampaign_flashversion'])), 'adcampaign_status' => empty($_POST['adcampaign_status']) ? 0 : 1, 'adcampaign_date_start' => clean_slweg($_POST['adcampaign_date_start']), 'adcampaign_date_end' => clean_slweg($_POST['adcampaign_date_end']), 'adcampaign_time_start' => clean_slweg($_POST['adcampaign_time_start']), 'adcampaign_time_end' => clean_slweg($_POST['adcampaign_time_end']), 'adcampaign_type' => empty($_POST['adcampaign_type']) ? 0 : intval($_POST['adcampaign_type']), 'adcampaign_place' => intval($_POST['adcampaign_place']), 'adcampaign_maxview' => intval($_POST['adcampaign_max_views']), 'adcampaign_maxclick' => intval($_POST['adcampaign_max_click']), 'adcampaign_maxviewuser' => intval($_POST['adcampaign_max_viewuser']), 'adcampaign_duplicate' => empty($_POST['adcampaign_duplicate']) ? 0 : 1);
if (empty($plugin['data']['adcampaign_data']['flashversion'])) {
$plugin['data']['adcampaign_data']['flashversion'] = '7';
}
if ($plugin['data']['adcampaign_type'] > 4) {
$plugin['data']['adcampaign_type'] = 0;
}
// clean up date/time
include_once $phpwcms['modules'][$module]['path'] . 'inc/processing.datetime.inc.php';
if (empty($plugin['data']['adcampaign_title'])) {
$plugin['error']['adcampaign_title'] = 1;
}
// handle media upload
if ($plugin['data']['adcampaign_id'] && !empty($_FILES['adcampaign_upload_image']['name'])) {
// image upload
$plugin['data']['upload'] = saveUploadedFile('adcampaign_upload_image', PHPWCMS_CONTENT . 'ads/' . $plugin['data']['adcampaign_id'] . '/', '', '1,2,3', '1,4');
window.opener.document.articlecontent.cmap_location_x.value=kx;
window.opener.document.articlecontent.cmap_location_y.value=ky;
window.opener.document.articlecontent.cmap_location_edited.value='1';
}
</script>
<style type="text/css">
body {
font-family: "Helvetica Neue", Helvetica, Arial, sans-serif;
font-size: 10px;
margin:0;
padding:0;
}
</style>
</head>
<body><?php
$map_img = clean_slweg($_GET['map']);
if ($map_img && ($map_data = getimagesize(PHPWCMS_TEMPLATE . 'inc_cntpart/map/map_img/' . $map_img))) {
$map = '';
$p = array();
if (isset($_GET['points'])) {
$points = explode(':|:', $_GET['points']);
if (count($points)) {
foreach ($points as $value) {
$point = explode(':::', $value);
if (empty($point[1])) {
$point[1] = 0;
}
if (empty($point[2])) {
$point[2] = '';
}
$map .= '<area shape="rect" coords="' . ($point[0] - 3) . ',' . ($point[1] - 3) . ',' . ($point[0] + 4) . ',' . ($point[1] + 4) . '" href="#" title="' . $point[2] . '">';
*
**/
// ----------------------------------------------------------------
// obligate check for phpwcms constants
if (!defined('PHPWCMS_ROOT')) {
die("You Cannot Access This Script Directly, Have a Nice Day.");
}
// ----------------------------------------------------------------
$dir_error = 0;
//Auswerten des Formulars
if (isset($_POST["dir_aktion"]) && intval($_POST["dir_aktion"]) == 2) {
$dir_id = abs(intval($_POST["dir_id"]));
$dir_aktiv = empty($_POST["dir_aktiv"]) ? 0 : 1;
$dir_public = empty($_POST["dir_public"]) ? 0 : 1;
$dir_newname = clean_slweg($_POST["dir_newname"]);
$dir_longinfo = clean_slweg($_POST["dir_longinfo"]);
$dir_gallery = empty($_POST["dir_gallery"]) ? 0 : intval($_POST["dir_gallery"]);
$dir_sort = intval($_POST["dir_sort"]);
$dir_pid = abs(intval($_POST['dir_pid']));
switch ($dir_gallery) {
case 2:
case 3:
break;
default:
$dir_gallery = 0;
}
if ($dir_id == $dir_pid) {
$dir_error += 2;
}
if (empty($dir_newname)) {
$dir_error += 1;
**/
// ----------------------------------------------------------------
// obligate check for phpwcms constants
if (!defined('PHPWCMS_ROOT')) {
die("You Cannot Access This Script Directly, Have a Nice Day.");
}
// ----------------------------------------------------------------
// Content Type Article List Menu
$content["alist"]["cat"] = isset($_POST['calist_cat']) ? intval($_POST['calist_cat']) : 0;
$content["alist"]["catid"] = intval($_POST['calist_catid']);
$content["alist"]["headertext"] = isset($_POST['calist_headertext']) ? 1 : 0;
$content["alist"]["ul"] = isset($_POST['calist_ul']) ? intval($_POST['calist_ul']) : 0;
$content["alist"]["class"] = clean_slweg($_POST['calist_class']);
$content["alist"]["maxchar"] = intval($_POST['calist_maxchar']);
$content["alist"]["morelink"] = slweg($_POST['calist_morelink']);
$content["alist"]["titlewrap"] = clean_slweg($_POST['calist_titlewrap']);
$content["alist"]["hideactive"] = empty($_POST['calist_hideactive']) ? 0 : 1;
$content["alist"]["titleasnumber"] = empty($_POST['calist_titleasnumber']) ? 0 : 1;
$content["alist"]["break"] = slweg($_POST['calist_break'], 0, false);
$content["alist"]["label"] = slweg($_POST['calist_label']);
switch ($content["alist"]["ul"]) {
case 4:
break;
// SPAN
// SPAN
case 3:
break;
// DL
// DL
case 2:
break;
* phpwcms content management system
* This script is a module for PHPWCMS Copyright (c) 2002-2013, Oliver Georgi http://www.phpwcms.de
*
* SliderJS Module
* @version v1.3
* @author breitsch - webrealisierung gmbh <*****@*****.**>
* @copyright Copyright (c) 2013, webrealisierung gmbh
* @license http://opensource.org/licenses/GPL-2.0 GNU GPL-2
*
**/
// obligate check for phpwcms constants
if (!defined('PHPWCMS_ROOT')) {
die("You Cannot Access This Script Directly, Have a Nice Day.");
}
//SLIDESJS
$content['br_sliderjs']['slidesjs']['jqs_autoplay'] = empty($_POST['jqs_slidesjs_autoplay']) ? 0 : 1;
$content['br_sliderjs']['slidesjs']['jqs_caption'] = empty($_POST['jqs_slidesjs_caption']) ? 0 : 1;
$content['br_sliderjs']['slidesjs']['jqs_cssadv'] = empty($_POST['jqs_slidesjs_cssadv']) ? 0 : 1;
$content['br_sliderjs']['slidesjs']['jqs_jscode'] = empty($_POST['jqs_slidesjs_jscode']) ? '' : clean_slweg($_POST['jqs_slidesjs_jscode']);
$content['br_sliderjs']['slidesjs']['jqs_effect'] = empty($_POST['jqs_slidesjs_effect']) ? 'slide' : clean_slweg($_POST['jqs_slidesjs_effect']);
$content['br_sliderjs']['slidesjs']['jqs_imgheight'] = empty($_POST['jqs_slidesjs_imgheight']) ? '300' : intval($_POST['jqs_slidesjs_imgheight']);
$content['br_sliderjs']['slidesjs']['jqs_imgrand'] = empty($_POST['jqs_slidesjs_imgrand']) ? 0 : 1;
$content['br_sliderjs']['slidesjs']['jqs_imgwidth'] = empty($_POST['jqs_slidesjs_imgwidth']) ? '600' : intval($_POST['jqs_slidesjs_imgwidth']);
$content['br_sliderjs']['slidesjs']['jqs_interval'] = empty($_POST['jqs_slidesjs_interval']) ? '5000' : intval($_POST['jqs_slidesjs_interval']);
$content['br_sliderjs']['slidesjs']['jqs_navigation'] = empty($_POST['jqs_slidesjs_navigation']) ? 0 : 1;
$content['br_sliderjs']['slidesjs']['jqs_pagination'] = empty($_POST['jqs_slidesjs_pagination']) ? 0 : 1;
$content['br_sliderjs']['slidesjs']['jqs_pauseOnHover'] = empty($_POST['jqs_slidesjs_pauseOnHover']) ? 0 : 1;
$content['br_sliderjs']['slidesjs']['jqs_play'] = empty($_POST['jqs_slidesjs_play']) ? 0 : 1;
$content['br_sliderjs']['slidesjs']['jqs_speed'] = empty($_POST['jqs_slidesjs_speed']) ? '200' : intval($_POST['jqs_slidesjs_speed']);
$content['br_sliderjs']['slidesjs']['jqs_theme'] = empty($_POST['jqs_slidesjs_theme']) ? 'default' : clean_slweg($_POST['jqs_slidesjs_theme']);
$content['br_sliderjs']['slidesjs']['plugin_name'] = 'SLIDESJS';
**/
// ----------------------------------------------------------------
// obligate check for phpwcms constants
if (!defined('PHPWCMS_ROOT')) {
die("You Cannot Access This Script Directly, Have a Nice Day.");
}
// ----------------------------------------------------------------
// try
if (isset($_GET['edit'])) {
$plugin['id'] = intval($_GET['edit']);
} else {
$plugin['id'] = 0;
}
// process post form
if (isset($_POST['adplace_title'])) {
$plugin['data'] = array('adplace_id' => intval($_POST['adplace_id']), 'adplace_title' => clean_slweg($_POST['adplace_title']), 'adplace_created' => date('Y-m-d H:i:s'), 'adplace_changed' => date('Y-m-d H:i:s'), 'adplace_status' => empty($_POST['adplace_status']) ? 0 : 1, 'adplace_format' => intval($_POST['adplace_format']), 'adplace_width' => intval($_POST['adplace_width']), 'adplace_height' => intval($_POST['adplace_height']), 'adplace_prefix' => slweg($_POST['adplace_prefix']), 'adplace_suffix' => slweg($_POST['adplace_suffix']));
if (empty($plugin['data']['adplace_title'])) {
$plugin['error']['adplace_title'] = 1;
}
if (empty($plugin['data']['adplace_format'])) {
$plugin['error']['adplace_format'] = 1;
}
if (!isset($plugin['error'])) {
if ($plugin['data']['adplace_id']) {
// UPDATE
$sql = 'UPDATE ' . DB_PREPEND . 'phpwcms_ads_place SET ';
$sql .= "adplace_changed='" . aporeplace($plugin['data']['adplace_changed']) . "', ";
$sql .= "adplace_status=" . $plugin['data']['adplace_status'] . ", ";
$sql .= "adplace_title='" . aporeplace($plugin['data']['adplace_title']) . "', ";
$sql .= "adplace_format=" . $plugin['data']['adplace_format'] . ", ";
$sql .= "adplace_width=" . $plugin['data']['adplace_width'] . ", ";
