function admin_user_edit($id)
{
global $db;
if (isset($_POST['submit'])) {
if ($db->result(DB_PRE . 'ecp_user', 'COUNT(ID)', 'username = \'' . strsave(htmlspecialchars($_POST['username'])) . '\' AND ID != ' . $id) or $_POST['username'] == '') {
$_POST['username'] = $db->result(DB_PRE . 'ecp_user', 'username', 'ID = ' . $id);
table(ERROR, ACCOUNT_ALLREADY_EXIST);
}
if ($db->result(DB_PRE . 'ecp_user', 'COUNT(ID)', 'email = \'' . strsave($_POST['username']) . '\' AND ID != ' . $id) or !check_email($_POST['email'])) {
$_POST['email'] = $db->result(DB_PRE . 'ecp_user', 'email', 'ID = ' . $id);
if (!check_email($_POST['email'])) {
table(ERROR, WRONG_EMAIL);
} else {
table(ERROR, EMAIL_ALLREADY_EXIST);
}
}
$geburtstag = explode('.', $_POST['birthday']);
$sql = sprintf('UPDATE ' . DB_PRE . 'ecp_user SET
username = \'%s\',email = \'%s\',country = \'%s\',
sex = \'%s\',signatur = \'%s\',realname = \'%s\',
geburtstag = \'%s\',homepage = \'%s\',icq = \'%s\',
msn = \'%s\',yahoo = \'%s\',skype = \'%s\',xfire = \'%s\',
clanname = \'%s\',clanirc = \'%s\',clanhomepage = \'%s\',
clanhistory = \'%s\',cpu = \'%s\',mainboard = \'%s\',
ram = \'%s\',gkarte = \'%s\',skarte = \'%s\',
monitor = \'%s\',maus = \'%s\',tastatur = \'%s\',
mauspad = \'%s\',internet = \'%s\',festplatte = \'%s\',
headset = \'%s\',aboutme = \'%s\', wohnort = \'%s\', aim = \'%s\'
WHERE ID = ' . $id, strsave(htmlspecialchars(@$_POST['username'])), strsave(@$_POST['email']), strsave(@$_POST['country']), @$_POST['sex'] == 'male' ? 'male' : 'female', strsave(comment_save(@$_POST['signatur'])), strsave(htmlspecialchars(@$_POST['realname'])), (int) @$geburtstag[2] . '-' . (int) @$geburtstag[1] . '-' . (int) @$geburtstag[0], strsave(htmlspecialchars(check_url(@$_POST['homepage']))), strsave(htmlspecialchars(@$_POST['icq'])), strsave(htmlspecialchars(@$_POST['msn'])), strsave(htmlspecialchars(@$_POST['yahoo'])), strsave(htmlspecialchars(@$_POST['skype'])), strsave(htmlspecialchars(@$_POST['xfire'])), strsave(htmlspecialchars(@$_POST['clanname'])), strsave(htmlspecialchars(@$_POST['clanirc'])), strsave(htmlspecialchars(check_url(@$_POST['clanhomepage']))), strsave(htmlspecialchars(@$_POST['clanhistory'])), strsave(htmlspecialchars(@$_POST['cpu'])), strsave(htmlspecialchars(@$_POST['mainboard'])), strsave(htmlspecialchars(@$_POST['ram'])), strsave(htmlspecialchars(@$_POST['gkarte'])), strsave(htmlspecialchars(@$_POST['skarte'])), strsave(htmlspecialchars(@$_POST['monitor'])), strsave(htmlspecialchars(@$_POST['maus'])), strsave(htmlspecialchars(@$_POST['tastatur'])), strsave(htmlspecialchars(@$_POST['mauspad'])), strsave(htmlspecialchars(@$_POST['internet'])), strsave(htmlspecialchars(@$_POST['festplatte'])), strsave(htmlspecialchars(@$_POST['headset'])), strsave(comment_save(@$_POST['aboutme'])), strsave(htmlspecialchars(@$_POST['wohnort'])), strsave(htmlspecialchars(@$_POST['aim'])));
if ($db->query($sql) and $db->query('UPDATE ' . DB_PRE . 'ecp_user_stats SET comments = ' . (int) $_POST['comments'] . ', money = ' . (double) $_POST['money'] . ' WHERE userID = ' . $id)) {
header1('?section=admin&site=user');
}
} else {
$tpl = new smarty();
$row = $db->fetch_assoc('SELECT `username`, `email`, `country`, `sex`, `signatur`, `realname`, `wohnort`, `geburtstag`, `homepage`, `icq`, `msn`, `yahoo`, `skype`, `xfire`,
`clanname`, `clanirc`, `clanhomepage`, `clanhistory`, `cpu`, `mainboard`, `ram`, `gkarte`, `skarte`, `monitor`, `maus`, `tastatur`, `mauspad`,
`internet`, `festplatte`, `headset`, `aboutme`, `ondelete`, aim, money, comments FROM ' . DB_PRE . 'ecp_user LEFT JOIN ' . DB_PRE . 'ecp_user_stats ON (userID = ID) WHERE ID = ' . $id);
$row['birthday'] = date('d.m.Y', strtotime($row['geburtstag']));
foreach ($row as $key => $value) {
$tpl->assign($key, $value);
}
ob_start();
$tpl->assign('countries', form_country($row['country']));
$tpl->display(DESIGN . '/tpl/admin/user_edit.html');
$content = ob_get_contents();
ob_end_clean();
main_content(ACCOUNT_EDIT, $content, '', 1);
}
}
function onsave($content)
{
if ($this->nosuchcomment) {
return PANEL_REDIRECT_DEFAULT;
}
$comment = comment_parse($_REQUEST['entry'], $_REQUEST['comment']);
if (isset($comment['loggedin'])) {
$content['loggedin'] = $comment['loggedin'];
}
$content['ip-address'] = $comment['ip-address'];
$content['date'] = $comment['date'];
$success = comment_save($_REQUEST['entry'], $content);
$this->smarty->assign('success', $success ? 1 : -1);
return PANEL_REDIRECT_CURRENT;
}
public function actionAddPraise()
{
if (isset($_POST['uid']) & isset($_POST['cid'])) {
$comment = comment_load($_POST['cid']);
$praise['value'] = $_POST['uid'];
if (in_array($praise, $comment->field_praise['und'])) {
$res['error_code'] = 1;
$res['error_msg'] = "您已点赞";
} else {
array_push($comment->field_praise['und'], $praise);
comment_save($comment);
$res['error_code'] = 0;
$res['error_msg'] = null;
}
$jsonObj = CJSON::encode($res);
echo $jsonObj;
} else {
$basic = new basic();
$basic->error_code = 1;
$basic->error_msg = "no input parameters";
$jsonObj = CJSON::encode($basic);
echo $jsonObj;
die(0);
}
}
/**
* Updates the local content with data from a Lingotek Document.
*
* @return bool
* TRUE if the content updates succeeded, FALSE otherwise.
*/
public function updateLocalContent()
{
$success = TRUE;
$metadata = $this->metadata();
if (!empty($metadata['document_id'])) {
$document_id = $metadata['document_id'];
$api = LingotekApi::instance();
$document = $api->getDocument($document_id);
foreach ($document->translationTargets as $target) {
$document_xml = $api->downloadDocument($metadata['document_id'], $target->language);
$target_language = Lingotek::convertLingotek2Drupal($target->language);
foreach ($document_xml as $drupal_field_name => $content) {
// Figure out which subkey of the field data we're targeting.
// "value" for standard text fields, or some other key for
// compound text fields (text with summary, for example).
$target_key = 'value';
$subfield_parts = explode('__', $drupal_field_name);
if (count($subfield_parts) == 2) {
$drupal_field_name = $subfield_parts[0];
$target_key = $subfield_parts[1];
}
$field = field_info_field($drupal_field_name);
if (!empty($field['lingotek_translatable'])) {
$comment_field =& $this->comment->{$drupal_field_name};
$index = 0;
foreach ($content as $text) {
$comment_field[$target_language][$index][$target_key] = decode_entities(lingotek_xml_decode($text));
// Copy filter format from source language field.
if (!empty($comment_field[$this->comment->language][0]['format'])) {
$comment_field[$target_language][$index]['format'] = $comment_field[$this->comment->language][0]['format'];
}
$index++;
}
}
}
$comment_node = LingotekNode::loadById($this->comment->nid);
$comment_fields = array_keys(field_info_instances('comment', 'comment_node_' . $comment_node->type));
foreach ($comment_fields as $field) {
// Copy any untranslated fields from the default language into this target.
if (isset($this->comment->{$field}[$this->comment->language]) && !isset($this->comment->{$field}[$target_language])) {
$this->comment->{$field}[$target_language] = $this->comment->{$field}[$this->comment->language];
}
// Ensure that all fields get their LANGUAGE_NONE field data populated with the
// comment's default language data, to support toggling off of comment translation
// at some point in the future.
if (!empty($this->comment->{$field}[$this->comment->language])) {
$this->comment->{$field}[LANGUAGE_NONE] = $this->comment->{$field}[$this->comment->language];
}
}
}
// This avoids an infitinite loop when hooks resulting from comment_save() are invoked.
self::$content_update_in_progress = TRUE;
comment_save($this->comment);
self::$content_update_in_progress = FALSE;
$this->comment = comment_load($this->comment->cid);
} else {
LingotekLog::error('Unable to refresh local contents for comment @cid. Could not find Lingotek Document ID.', array('@cid' => $this->comment->cid));
$success = FALSE;
}
return $success;
}
function comment_create($blog_serial, $comment_author, $comment_content, $comment_vcode)
{
if ($comment_vcode != $_SESSION[$_SERVER['HTTP_HOST']]['vcode']) {
return false;
}
$comment_serial = $blog_serial . '#' . str_replace(' ', '-', microtime());
return comment_save($comment_serial, $comment_author, $comment_content);
}
function forum_edit_replay($id, $bid, $tid)
{
global $db;
$thread = $db->fetch_assoc('SELECT `threadID`, `bID`, `threadname`, a.boardparentID, ' . DB_PRE . 'ecp_forum_threads.closed,userID, comment, attachs,postname, adatum,
a.editcom,a.editmocom,a.rightsread, a.commentsperpost, a.moneyperpost, a.boardparentID,
a.name, a.attachments, a.attachmaxsize, a.postcom, a.attachfiles, b.rightsread as parentRead
FROM ' . DB_PRE . 'ecp_forum_threads
LEFT JOIN ' . DB_PRE . 'ecp_forum_boards AS a ON (bID = a.boardID)
LEFT JOIN ' . DB_PRE . 'ecp_forum_boards AS b ON (b.boardID = a.boardparentID)
LEFT JOIN ' . DB_PRE . 'ecp_forum_comments ON (comID = ' . $id . ')
WHERE threadID = ' . $tid . ' AND bID = ' . $bid);
if (@$_SESSION['userID'] and find_access($thread['rightsread']) and find_access($thread['parentRead']) and (find_access($thread['editcom']) and $_SESSION['userID'] == $thread['userID'] or find_access($thread['editmocom'])) and $db->errorNum() == 0) {
if (isset($_POST['comment'])) {
if ($_POST['comment'] == '' or isset($_POST['username']) and $_POST['username'] == '' or isset($_POST['title']) and $_POST['title'] == '') {
table(ERROR, NOT_NEED_ALL_INPUTS);
$tpl = new smarty();
$tpl->assign('func', 'edit');
$tpl->assign('func2', '&comID=' . $id);
$tpl->assign('comment', $_POST['comment']);
if ($db->result(DB_PRE . 'ecp_forum_comments', 'COUNT(comID)', 'tID = ' . $tid . ' AND adatum < ' . $thread['adatum'] . ' ORDER BY adatum ASC') == 0) {
$tpl->assign('title', $thread['threadname']);
}
if ($thread['userID'] == 0) {
$tpl->assign('username', $thread['postname']);
}
ob_start();
if ($thread['attachments'] and $thread['attachmaxsize']) {
$attachs = $db->result(DB_PRE . 'ecp_forum_attachments', 'COUNT(attachID)', 'mID = ' . $id . ' AND tID = ' . $tid);
if ($thread['attachments'] > $attachs) {
$rand = get_random_string(16, 2);
$tpl->assign('attach', find_access($thread['attachfiles']));
$tpl->assign('maxsize', $thread['attachmaxsize']);
$tpl->assign('rand', $rand);
$tpl->assign('sid', session_name() . '=' . session_id());
$tpl->assign('maxuploads', $thread['attachments'] - $attachs);
$tpl->assign('uploadinfo', str_replace(array('{anzahl}', '{max}'), array($thread['attachments'] - $attachs, goodsize($thread['attachmaxsize'])), FORUM_ATTACH_INFO));
$_SESSION['forum']['attach'][$bid] = $rand;
}
}
$tpl->assign('quote', true);
$tpl->display(DESIGN . '/tpl/forum/comments_add_edit' . ((UPLOAD_METHOD == 'old' and $thread['attachments'] and $thread['attachmaxsize']) ? '_old' : '') . '.html');
$content = ob_get_contents();
ob_end_clean();
main_content(FORUM_POST_EDIT, $content, '', 1);
} else {
if ($db->query(sprintf('UPDATE ' . DB_PRE . 'ecp_forum_comments SET postname = \'%s\', comment = \'%s\', edits =edits +1, editdatum = %d, edituserID = %d WHERE comID = %d', strsave(htmlspecialchars(@$_POST['username'])), strsave(comment_save($_POST['comment'])), time(), @(int) $_SESSION['userID'], $id))) {
if (find_access($thread['attachfiles'])) {
if (UPLOAD_METHOD == 'old') {
$maxattach = $thread['attachments'] - $db->result(DB_PRE . 'ecp_forum_attachments', 'COUNT(attachID)', 'bID = ' . $bid . ' AND mID = ' . $id);
foreach ($_FILES as $key => $value) {
if ($_FILES[$key] == '' or $maxattach <= 0 or $_FILES[$key]['size'] > $thread['attachmaxsize']) {
continue;
}
$mine = getMimeType($_FILES[$key]['tmp_name'], $_FILES[$key]['name']);
if ($mine == 'application/zip' or $mine == 'application/x-rar-compressed' or $mine == 'image/bmp' or $mine == 'image/gif' or $mine == 'image/jpeg' or $mine == 'image/png' or $mine == 'application/pdf' or $mine == 'text/plain' or $mine == 'text/css' or $mine == 'text/html') {
$sha1 = sha1_file($_FILES[$key]['tmp_name']);
if ($db->query(sprintf('INSERT INTO ' . DB_PRE . 'ecp_forum_attachments (`bID`, `userID`, `name`, `size`, `strname`, uploadzeit, IP, tID, mID) VALUES (%d, %d, \'%s\', %d, \'%s\', %d, \'%s\', %d, %d)', $bid, @(int) $_SESSION['userID'], strsave($_FILES[$key]['name']), (int) $_FILES[$key]['size'], $sha1, time(), $_SERVER['REMOTE_ADDR'], $tid, $id))) {
move_uploaded_file($_FILES[$key]['tmp_name'], 'uploads/forum/' . $db->last_id() . '_' . $sha1);
umask(0);
chmod('uploads/forum/' . $db->last_id() . '_' . $sha1, CHMOD);
$db->query('UPDATE ' . DB_PRE . 'ecp_forum_threads SET anhaenge = 1 WHERE threadID = ' . $tid);
$db->query('UPDATE ' . DB_PRE . 'ecp_forum_comments SET attachs = 1 WHERE comID = ' . $id);
}
$maxattach--;
}
}
} else {
$db->query(sprintf('UPDATE ' . DB_PRE . 'ecp_forum_attachments SET `tID` = %d, `mID` = %d WHERE validation = \'%s\' AND bID = %d', $id, $comid, strsave($_GET['rand']), $bid));
if ($db->affekt_rows()) {
$db->query('UPDATE ' . DB_PRE . 'ecp_forum_threads SET anhaenge = 1 WHERE threadID = ' . $id);
$db->query('UPDATE ' . DB_PRE . 'ecp_forum_comments SET attachs = 1 WHERE comID = ' . $comid);
}
}
}
if ($db->result(DB_PRE . 'ecp_forum_comments', 'COUNT(comID)', 'tID = ' . $tid . ' AND adatum < ' . $thread['adatum'] . ' ORDER BY adatum ASC') == 0) {
$db->query('UPDATE ' . DB_PRE . 'ecp_forum_threads SET threadname = \'' . strsave(htmlspecialchars($_POST['title'])) . '\', vonname = \'' . strsave(htmlspecialchars(@$_POST['username'])) . '\' WHERE threadID = ' . $tid);
}
$last = $db->fetch_assoc('SELECT userID,postname,adatum, tID FROM ' . DB_PRE . 'ecp_forum_comments WHERE boardID = ' . $bid . ' ORDER BY adatum DESC LIMIT 1');
$db->query('UPDATE ' . DB_PRE . 'ecp_forum_boards SET `lastpostuserID` = ' . (int) $last['userID'] . ', `lastpostuser` = \'' . $last['postname'] . '\', `lastpost` = ' . (int) $last['adatum'] . ', lastthreadID = ' . (int) $last['tID'] . ' WHERE (boardID = ' . $bid . ' OR boardID = ' . $thread['boardparentID'] . ')');
$last = $db->fetch_assoc('SELECT userID,postname,adatum FROM ' . DB_PRE . 'ecp_forum_comments WHERE tID = ' . $tid . ' ORDER BY adatum DESC LIMIT 1');
$db->query('UPDATE ' . DB_PRE . 'ecp_forum_threads SET `lastuserID` = ' . $last['userID'] . ', `lastusername` = \'' . $last['postname'] . '\', `lastreplay` = ' . $last['adatum'] . ' WHERE threadID = ' . $tid);
unset($_SESSION['forum']['attach'][$bid]);
$anzahl = $db->result(DB_PRE . 'ecp_forum_comments', 'COUNT(comID)', 'tID = ' . $tid . ' AND boardID =' . $bid . ' AND adatum < ' . $thread['adatum']);
header1('?section=forum&action=thread&boardID=' . $bid . '&threadID=' . $tid . '&page=' . (ceil(($anzahl - 1) / LIMIT_FORUM_COMMENTS) + 1) . '#com_' . $id);
}
}
} else {
$tpl = new smarty();
$tpl->assign('comment', htmlspecialchars($thread['comment']));
$tpl->assign('func', 'edit');
$tpl->assign('func2', '&comID=' . $id);
if ($db->result(DB_PRE . 'ecp_forum_comments', 'COUNT(comID)', 'tID = ' . $tid . ' AND adatum < ' . $thread['adatum'] . ' ORDER BY adatum ASC') == 0) {
$tpl->assign('title', $thread['threadname']);
}
if ($thread['userID'] == 0) {
$tpl->assign('username', $thread['postname']);
}
ob_start();
if ($thread['attachments'] and $thread['attachmaxsize']) {
$attachs = $db->result(DB_PRE . 'ecp_forum_attachments', 'COUNT(attachID)', 'mID = ' . $id . ' AND tID = ' . $tid);
if ($thread['attachments'] > $attachs) {
$rand = get_random_string(16, 2);
$tpl->assign('attach', find_access($thread['attachfiles']));
$tpl->assign('maxsize', $thread['attachmaxsize']);
$tpl->assign('rand', $rand);
$tpl->assign('sid', session_name() . '=' . session_id());
$tpl->assign('maxuploads', $thread['attachments'] - $attachs);
$tpl->assign('uploadinfo', str_replace(array('{anzahl}', '{max}'), array($thread['attachments'] - $attachs, goodsize($thread['attachmaxsize'])), FORUM_ATTACH_INFO));
$_SESSION['forum']['attach'][$bid] = $rand;
}
}
$tpl->assign('quote', true);
$tpl->display(DESIGN . '/tpl/forum/comments_add_edit' . ((UPLOAD_METHOD == 'old' and $thread['attachments'] and $thread['attachmaxsize']) ? '_old' : '') . '.html');
$content = ob_get_contents();
ob_end_clean();
main_content(FORUM_POST_EDIT, $content, '', 1);
}
} else {
table(ERROR, ACCESS_DENIED);
}
}
$node->casetracker['case_status_id'] = $tditem_completed ? 5 : 4;
// Save the node.
node_save($node);
// Hack to work around node.module's autotimestamping.
db_query('UPDATE {node} SET changed = %d WHERE nid = %d', $tditem_date, $node->nid);
// Get a clean copy of the casetracker datastructure.
$ct_copy = (array) $node->casetracker;
unset($ct_copy['nid'], $ct_copy['vid'], $ct_copy['case_number']);
foreach ($item->end()->find('>comments>comment') as $comment) {
$tdcomment_aid = $comment->find('>author-id')->text();
$tdcomment_author = $userMap[$tdcomment_aid];
$tdcomment_body = $comment->end()->find('>body')->text();
$tdcomment_subject = substr($tdcomment_body, 0, 32);
$tdcomment_date = @strtotime($comment->end()->find('>created-at:first')->text());
printf(' ' . $cformat, $tdcomment_author, $tdcomment_date);
// Write comment.
$comment = array('author' => $usernameMap[$tdcomment_aid], 'comment' => $tdcomment_body, 'format' => $default_format, 'nid' => $node->nid, 'uid' => $tdcomment_author, 'status' => 0, 'timestamp' => $tdcomment_date, 'subject' => $tdcomment_subject, 'op' => 'Save', 'submit' => 'Save', 'notifications_content_disable' => 0, 'notifications_team' => array('selected' => TRUE), 'casetracker' => $ct_copy);
//print_r($comment);
$cid = comment_save($comment);
// Hack to get around comment.module's automatic timestamp.
db_query('UPDATE {comments} SET timestamp = %s WHERE cid = %d', $tdcomment_date, $cid);
_comment_update_node_statistics($node->nid);
}
print PHP_EOL;
}
}
// Cleans up ordering for 'User Recent Activity' view.
// Updates all nodes from the past 24 hours (the ones just imported)
// that weren't caught and updates them.
$yesterday = time() - 24 * 60 * 60;
$q = db_query('UPDATE {node} SET changed = created WHERE changed > %s', $yesterday);
$tpl->display(DESIGN . '/tpl/joinus/joinus.html');
$content = ob_get_contents();
ob_end_clean();
main_content(JOINUS, $content, '', 1);
} elseif (!$db->result(DB_PRE . 'ecp_teams', 'COUNT(tID)', 'joinus = 1 AND tID = ' . (int) $_POST['teamID'])) {
table(ERROR, JOINUS_NO_TEAM);
$tpl = new smarty();
ob_start();
$tpl->assign('countries', form_country($_POST['country']));
$tpl->assign('teams', get_teams_form_joinus($_POST['teamID']));
$tpl->display(DESIGN . '/tpl/joinus/joinus.html');
$content = ob_get_contents();
ob_end_clean();
main_content(JOINUS, $content, '', 1);
} else {
$sql = sprintf('INSERT INTO ' . DB_PRE . 'ecp_joinus (`name`, `username`, `email`, `icq`, `msn`, `age`, `country`, `teamID`, `comment`, `IP`, `datum`) VALUES (\'%s\',\'%s\',\'%s\',\'%s\',\'%s\',%d,\'%s\',%d,\'%s\',\'%s\',%d)', strsave(htmlspecialchars($_POST['name'])), strsave(htmlspecialchars($_POST['username'])), strsave($_POST['email']), strsave(htmlspecialchars($_POST['icq'])), strsave(htmlspecialchars($_POST['msn'])), (int) $_POST['age'], strsave(htmlspecialchars($_POST['country'])), (int) $_POST['teamID'], strsave(comment_save($_POST['comment'])), strsave($_SERVER['REMOTE_ADDR']), time());
if ($db->query($sql)) {
$id = $db->last_id();
$result = $db->query('SELECT groupID FROM ' . DB_PRE . 'ecp_groups WHERE admin LIKE "%joinus:view%"');
$search = 'gID = 1 ';
while ($row = $db->fetch_assoc()) {
$search .= 'OR gID = ' . $row['groupID'];
}
$result = $db->query('SELECT DISTINCT(userID) as userID, username, country FROM ' . DB_PRE . 'ecp_user_groups LEFT JOIN ' . DB_PRE . 'ecp_user ON ID = userID WHERE ' . $search);
$db->query('SELECT * FROM ' . DB_PRE . 'ecp_texte WHERE name = "NEW_JOINUS"');
$text = array();
while ($row = $db->fetch_assoc()) {
$text[$row['lang']] = $row;
}
while ($row = mysql_fetch_assoc($result)) {
$search = array('{username}', '{from_username}', '{id}');
function bootstrap_theme_create_comment_form_submit(&$form, &$form_state)
{
global $user;
$comment_form = $form_state['values'];
$comment = (object) array('nid' => $comment_form['nid'], 'uid' => $user->uid, 'mail' => '', 'is_anonymous' => FALSE, 'status' => COMMENT_PUBLISHED, 'language' => LANGUAGE_NONE, 'comment_body' => array(LANGUAGE_NONE => array(0 => array('value' => $comment_form['body'], 'format' => 'filtered_html'))));
comment_submit($comment);
comment_save($comment);
drupal_set_message('Successfully created new comment.');
$form_state['no_redirect'] = TRUE;
$form_state['rebuild'] = TRUE;
$form_state['programmed'] = FALSE;
}
/**
* Implement the save function for the entity.
*/
public function entity_save($entity)
{
comment_save($entity);
}
function guestbook_add()
{
global $db;
if (isset($_POST['submit'])) {
$last = @$db->result(DB_PRE . 'ecp_comments', 'datum', 'bereich="guestbook" AND IP =\'' . strsave($_SERVER['REMOTE_ADDR']) . '\'');
if ($_POST['author'] == '' or $_POST['commentstext'] == '' or $_POST['captcha'] == '') {
table(ERROR, NOT_NEED_ALL_INPUTS);
$tpl = new smarty();
ob_start();
$tpl->display(DESIGN . '/tpl/guestbook/guestbook_add.html');
$content = ob_get_contents();
ob_end_clean();
main_content(GUESTBOOK_ADD, $content, '', 1);
} elseif (!check_email($_POST['email']) and $_POST['email'] != '') {
table(ERROR, WRONG_EMAIL);
$tpl = new smarty();
ob_start();
$tpl->display(DESIGN . '/tpl/guestbook/guestbook_add.html');
$content = ob_get_contents();
ob_end_clean();
main_content(GUESTBOOK_ADD, $content, '', 1);
} elseif (strtolower($_POST['captcha']) != strtolower($_SESSION['captcha'])) {
table(ERROR, CAPTCHA_WRONG);
$tpl = new smarty();
ob_start();
$tpl->display(DESIGN . '/tpl/guestbook/guestbook_add.html');
$content = ob_get_contents();
ob_end_clean();
main_content(GUESTBOOK_ADD, $content, '', 1);
} elseif ($last > time() - SPAM_GUESTBOOK or @(int) $_COOKIE['guestbook'] > time() - SPAM_GUESTBOOK) {
$last > time() - SPAM_GUESTBOOK ? $zeit = SPAM_GUESTBOOK + $last - time() : ($zeit = SPAM_GUESTBOOK + $_COOKIE['guestbook'] - time());
table(ERROR, str_replace(array('{sek}', '{zeit}'), array(SPAM_GUESTBOOK, $zeit), SPAM_PROTECTION_MSG));
$tpl = new smarty();
ob_start();
$tpl->display(DESIGN . '/tpl/guestbook/guestbook_add.html');
$content = ob_get_contents();
ob_end_clean();
main_content(GUESTBOOK_ADD, $content, '', 1);
} else {
$sql = sprintf('INSERT INTO ' . DB_PRE . 'ecp_comments (`bereich`, `author`, `beitrag`, `email`, `homepage`, `datum`, `IP`) VALUES ("guestbook", \'%s\', \'%s\', \'%s\', \'%s\', %d, \'%s\')', strsave(htmlspecialchars($_POST['author'])), strsave(comment_save($_POST['commentstext'])), strsave(htmlspecialchars($_POST['email'])), strsave(htmlspecialchars(check_url($_POST['homepage']))), time(), strsave($_SERVER['REMOTE_ADDR']));
if ($db->query($sql)) {
setcookie('guestbook', time(), time() + 365 * 86400);
header1('?section=guestbook');
}
}
unset($_SESSION['captcha']);
} else {
$tpl = new smarty();
ob_start();
$tpl->display(DESIGN . '/tpl/guestbook/guestbook_add.html');
$content = ob_get_contents();
ob_end_clean();
main_content(GUESTBOOK_ADD, $content, '', 1);
}
}
public function post($route, $form)
{
global $user;
if ($route == 'comments.json') {
$options = $this->getOptions();
$node = node_load($options['nid']);
if ($options['uid'] != $user->uid || !is_object($node)) {
return false;
}
// Should we let the comment pass ?
if ($node->comment != COMMENT_NODE_OPEN || !user_access('post comments')) {
// Access denied.
return false;
}
if (!empty($form->values['cid'])) {
$comment = comment_load($form->values['cid']);
if (!is_object($comment)) {
// Not existent CID.. Access denied
return false;
}
$nodeSubmittedComment = node_load($comment->nid);
if (!is_object($nodeSubmittedComment) || $nodeSubmittedComment->nid != $node->nid) {
return FALSE;
// BAD nid.. Or node non existent
}
// Publish
if ($form->values['toPublish']) {
if (user_access('administer comments') && user_access('post comments')) {
$comment->status = COMMENT_PUBLISHED;
comment_save($comment);
}
return;
}
// Deletion
if ($form->values['toDelete']) {
if (user_access('administer comments') && user_access('post comments')) {
comment_delete($comment->cid);
}
return;
}
if (!comment_access('edit', $comment)) {
return FALSE;
// No access to edit the comment.
}
}
if (empty($comment)) {
$pid = NULL;
if (!empty($form->values['pid'])) {
if ($form->values['pid'] == (int) $form->values['pid']) {
if ($comment_parent = comment_load((int) $form->values['pid'])) {
$pid = $form->values['pid'];
}
}
}
$comment = new stdClass();
$comment->nid = $node->nid;
$comment->pid = $pid;
$comment->uid = $user->uid;
$comment->name = check_plain($form->values['author']);
}
$comment->subject = check_plain($form->values['subject']);
$field = field_info_field('comment_body');
$langcode = field_is_translatable('comment', $field) ? entity_language('comment', $comment) : LANGUAGE_NONE;
$field_infos = field_info_instance('comment', 'comment_body', 'comment_node_' . $node->type);
$format = $options['comment-body-format'];
$text_processing = $field_infos['settings']['text_processing'];
$body = $form->values['body'];
$body = $format != 'plain_text' && $text_processing ? check_markup($body, $format) : check_plain($body);
if ($text_processing) {
$comment->comment_body[$langcode][0]['format'] = $format;
}
$comment->comment_body = array($langcode => array());
$comment->comment_body[$langcode][0]['value'] = $body;
comment_submit($comment);
comment_save($comment);
cache_clear_all();
}
}
function commentform()
{
global $smarty, $lang, $fpdb, $fp_params;
$comment_formid = 'fp-comments';
$smarty->assign('comment_formid', $comment_formid);
if (!empty($_POST)) {
# utils_nocache_headers();
// add http to url
if (!empty($_POST['url']) && strpos($_POST['url'], 'http://') === false) {
$_POST['url'] = 'http://' . $_POST['url'];
}
// custom hook here!!
if ($arr = comment_validate()) {
global $fp_config;
$id = comment_save($fp_params['entry'], $arr);
do_action('comment_post', $fp_params['entry'], array($id, $arr));
$q = new FPDB_Query(array('id' => $fp_params['entry'], 'fullparse' => false), null);
list($entryid, $e) = $q->getEntry();
if ($fp_config['general']['notify'] && !user_loggedin()) {
global $post;
$comm_mail = isset($arr['email']) ? "<{$arr['email']}>" : '';
$from_mail = $fp_config['general']['email'];
$post = $e;
// plugin such as prettyurls might need this...
$lang = lang_load('comments');
$mail = str_replace(array('%toname%', '%fromname%', '%frommail%', '%entrytitle%', '%commentlink%', '%content%', '%blogtitle%'), array($fp_config['general']['author'], $arr['name'], $comm_mail, $e['subject'], get_comments_link($entryid) . '#' . $id, $arr['content'], $fp_config['general']['title']), $lang['comments']['mail']);
@utils_mail($from_mail, "New comment on {$fp_config['general']['title']}", $mail);
}
// if comment is valid, this redirect will clean the postdata
$location = str_replace('&', '&', get_comments_link($entryid)) . '#' . $id;
utils_redirect($location, true);
exit;
} else {
$smarty->assign('values', $_POST);
}
}
// Cookies
$smarty->assign('cookie', array('name' => @$_COOKIE['comment_author_' . COOKIEHASH], 'email' => @$_COOKIE['comment_author_email_' . COOKIEHASH], 'url' => @$_COOKIE['comment_author_url_' . COOKIEHASH]));
}
function message_send($to, $from, $title, $msg, $save = 1, $system = 0)
{
global $db;
if ($system) {
if ($db->query(sprintf('INSERT INTO ' . DB_PRE . 'ecp_messages (`touser`, `title`, `msg`, `fromdel`, `datum`) VALUES (%d, \'%s\', \'%s\', 1, %d)', (int) $to, strsave($title), strsave($msg), time()))) {
$db->query('UPDATE ' . DB_PRE . 'ecp_user_stats SET msg_r = msg_r + 1 WHERE userID = ' . (int) $to);
return true;
} else {
return false;
}
} else {
if ($db->query(sprintf('INSERT INTO ' . DB_PRE . 'ecp_messages (`touser`, `title`, `msg`, `fromdel`, `datum`, fromuser) VALUES (%d, \'%s\', \'%s\', 0, %d, %d)', (int) $to, strsave(htmlspecialchars($title)), strsave(comment_save($msg)), time(), (int) $from))) {
$db->query('UPDATE ' . DB_PRE . 'ecp_user_stats SET msg_r = msg_r + 1 WHERE userID = ' . (int) $to);
$db->query('UPDATE ' . DB_PRE . 'ecp_user_stats SET msg_s = msg_s + 1 WHERE userID = ' . (int) $from);
return true;
} else {
return false;
}
}
}
$content = ob_get_contents();
ob_end_clean();
echo html_ajax_convert($content);
}
} else {
echo html_ajax_convert(ACCESS_DENIED);
}
break;
case 'thread_survey_edit':
$array = $db->fetch_assoc('SELECT ende, frage, antworten, c.threadID, bID, vonID, a.boardID, a.boardparentID, a.rightsread, a.editcom, a.editmocom, a.delcom, b.rightsread as parentRead FROM ' . DB_PRE . 'ecp_forum_survey AS s LEFT JOIN ' . DB_PRE . 'ecp_forum_threads AS c ON (c.threadID = s.threadID) LEFT JOIN ' . DB_PRE . 'ecp_forum_boards AS a ON (s.boardID = a.boardID) LEFT JOIN ' . DB_PRE . 'ecp_forum_boards AS b ON (a.boardparentID = b.boardID) WHERE s.fsurveyID = ' . (int) $_GET['id']);
if (isset($array['rightsread']) and find_access($array['rightsread']) and find_access($array['parentRead']) and (isset($array['delcom']) and find_access($array['delcom']) or isset($array['editcom']) and find_access($array['editcom']) and $array['userID'] == @$_SESSION['userID'] or isset($array['editmocom']) and find_access($array['editmocom']))) {
if (isset($_POST['frage'])) {
if ($_POST['frage'] == '') {
echo NOT_NEED_ALL_INPUTS;
} else {
if ($db->query('UPDATE ' . DB_PRE . 'ecp_forum_survey SET frage = \'' . strsave(comment_save($_POST['frage'])) . '\', ende = ' . (int) @strtotime($_POST['ende']) . ', antworten = ' . (int) $_POST['antworten'] . ' WHERE fsurveyID = ' . (int) $_GET['id'])) {
echo 'ok';
}
}
} else {
ob_start();
$tpl = new Smarty();
$tpl->assign('id', (int) $_GET['id']);
$tpl->assign('frage', $array['frage']);
if ($array['ende'] != 0) {
$tpl->assign('ende', date('Y-m-d H:i:s', $array['ende']));
}
$tpl->assign('antworten', $array['antworten']);
$tpl->display(DESIGN . '/tpl/forum/survey_edit.html');
$content = ob_get_contents();
ob_end_clean();
function account_edit()
{
global $db;
if (isset($_POST['submit'])) {
if ($db->result(DB_PRE . 'ecp_user', 'COUNT(ID)', 'username = \'' . strsave(htmlspecialchars($_POST['username'])) . '\' AND ID != ' . $_SESSION['userID']) or $_POST['username'] == '') {
$_POST['username'] = $db->result(DB_PRE . 'ecp_user', 'username', 'ID = ' . $_SESSION['userID']);
table(ERROR, ACCOUNT_ALLREADY_EXIST);
}
if ($db->result(DB_PRE . 'ecp_user', 'COUNT(ID)', 'email = \'' . strsave($_POST['username']) . '\' AND ID != ' . $_SESSION['userID']) or !check_email($_POST['email'])) {
$_POST['email'] = $db->result(DB_PRE . 'ecp_user', 'email', 'ID = ' . $_SESSION['userID']);
if (!check_email($_POST['email'])) {
table(ERROR, WRONG_EMAIL);
} else {
table(ERROR, EMAIL_ALLREADY_EXIST);
}
}
$geburtstag = explode('.', $_POST['birthday']);
$sql = sprintf('UPDATE ' . DB_PRE . 'ecp_user SET
username = \'%s\',email = \'%s\',country = \'%s\',
sex = \'%s\',signatur = \'%s\',realname = \'%s\',
geburtstag = \'%s\',homepage = \'%s\',icq = \'%s\',
msn = \'%s\',yahoo = \'%s\',skype = \'%s\',xfire = \'%s\',
clanname = \'%s\',clanirc = \'%s\',clanhomepage = \'%s\',
clanhistory = \'%s\',cpu = \'%s\',mainboard = \'%s\',
ram = \'%s\',gkarte = \'%s\',skarte = \'%s\',
monitor = \'%s\',maus = \'%s\',tastatur = \'%s\',
mauspad = \'%s\',internet = \'%s\',festplatte = \'%s\',
headset = \'%s\',aboutme = \'%s\', wohnort = \'%s\', aim = \'%s\', koord = \'%s\'
WHERE ID = ' . $_SESSION['userID'], strsave(htmlspecialchars(@$_POST['username'])), strsave(@$_POST['email']), strsave(@$_POST['country']), @$_POST['sex'] == 'male' ? 'male' : 'female', strsave(comment_save(@$_POST['signatur'])), strsave(htmlspecialchars(@$_POST['realname'])), (int) @$geburtstag[2] . '-' . (int) @$geburtstag[1] . '-' . (int) @$geburtstag[0], strsave(htmlspecialchars(check_url(@$_POST['homepage']))), strsave(htmlspecialchars(@$_POST['icq'])), strsave(htmlspecialchars(@$_POST['msn'])), strsave(htmlspecialchars(@$_POST['yahoo'])), strsave(htmlspecialchars(@$_POST['skype'])), strsave(htmlspecialchars(@$_POST['xfire'])), strsave(htmlspecialchars(@$_POST['clanname'])), strsave(htmlspecialchars(@$_POST['clanirc'])), strsave(htmlspecialchars(check_url(@$_POST['clanhomepage']))), strsave(htmlspecialchars(@$_POST['clanhistory'])), strsave(htmlspecialchars(@$_POST['cpu'])), strsave(htmlspecialchars(@$_POST['mainboard'])), strsave(htmlspecialchars(@$_POST['ram'])), strsave(htmlspecialchars(@$_POST['gkarte'])), strsave(htmlspecialchars(@$_POST['skarte'])), strsave(htmlspecialchars(@$_POST['monitor'])), strsave(htmlspecialchars(@$_POST['maus'])), strsave(htmlspecialchars(@$_POST['tastatur'])), strsave(htmlspecialchars(@$_POST['mauspad'])), strsave(htmlspecialchars(@$_POST['internet'])), strsave(htmlspecialchars(@$_POST['festplatte'])), strsave(htmlspecialchars(@$_POST['headset'])), strsave(comment_save(@$_POST['aboutme'])), strsave(htmlspecialchars(@$_POST['wohnort'])), strsave(htmlspecialchars(@$_POST['aim'])), strsave(htmlspecialchars(@$_POST['koord'])));
$_SESSION['username'] = htmlspecialchars($_POST['username']);
$_SESSION['email'] = $_POST['email'];
if ($db->query($sql)) {
if ($_POST['password1'] != '') {
if ($_POST['password1'] != $_POST['password2']) {
table(ERROR, DIFFERENT_PW);
} elseif (strlen($_POST['password1']) < PW_MIN_LENGTH) {
table(ERROR, SHORT_PW . PW_MIN_LENGTH . SHORT_PW_1);
} elseif ($db->result(DB_PRE . 'ecp_user', 'passwort', 'ID = ' . $_SESSION['userID']) != sha1($_POST['password'])) {
table(ERROR, WRONG_OLD_PW);
} else {
$db->query('UPDATE ' . DB_PRE . 'ecp_user SET passwort = \'' . strsave(sha1($_POST['password1'])) . '\' WHERE ID = ' . $_SESSION['userID']);
table(INFO, PW_SUCCESS_CHANGE);
}
}
table(INFO, ACCOUNT_EDIT_SUCCESS);
unset($_POST['submit']);
account_edit();
}
} else {
$tpl = new smarty();
$row = $db->fetch_assoc('SELECT `username`, `email`, `country`, `sex`, `signatur`, `realname`, `wohnort`, `geburtstag`, `homepage`, `icq`, `msn`, `yahoo`, `skype`, `xfire`,
`clanname`, `clanirc`, `clanhomepage`, `clanhistory`, `cpu`, `mainboard`, `ram`, `gkarte`, `skarte`, `monitor`, `maus`, `tastatur`, `mauspad`,
`internet`, `festplatte`, `headset`, `aboutme`, `ondelete`, aim, koord FROM ' . DB_PRE . 'ecp_user WHERE ID = ' . $_SESSION['userID']);
if ($row['ondelete']) {
table(INFO, str_replace('{zeit}', date('d.m.Y H:i', $row['ondelete']), ACCOUNT_DELETE_ON));
}
//$row['birthday'] = date('d.m.Y', strtotime($row['geburtstag']));
$geb = explode('-', $row['geburtstag']);
$row['birthday'] = "{$geb['2']}.{$geb['1']}.{$geb['0']}";
foreach ($row as $key => $value) {
$tpl->assign($key, $value);
}
ob_start();
$tpl->assign('countries', form_country($row['country']));
$tpl->display(DESIGN . '/tpl/account/account_edit.html');
$content = ob_get_contents();
ob_end_clean();
main_content(ACCOUNT_EDIT, $content, '', 1);
}
}
main_content(FIGHTUS, $content, '', 1);
} elseif (strtolower(@$_SESSION['captcha']) != strtolower($_POST['captcha'])) {
table(ERROR, CAPTCHA_WRONG);
$tpl = new smarty();
$tpl->assign('games', get_games_form((int) $_POST['gameID'], 0));
$tpl->assign('teams', get_teams_form((int) $_POST['teamID'], 0));
$tpl->assign('liggen', get_matchtype_form((int) $_POST['matchtypeID'], 0));
ob_start();
$tpl->display(DESIGN . '/tpl/fightus/fightus.html');
$content = ob_get_contents();
ob_end_clean();
main_content(FIGHTUS, $content, '', 1);
} else {
global $db;
$sql = sprintf('INSERT INTO ' . DB_PRE . 'ecp_fightus (`gID`, `mID`, `teamID`, `clanname`, `homepage`, `email`, `icq`, `skype`, `msn`, `wardatum`, `serverip`, `info`, `IP`, datum) VALUES
(%d, %d, %d, \'%s\',\'%s\',\'%s\',\'%s\',\'%s\',\'%s\',%d,\'%s\',\'%s\',\'%s\', %d)', (int) $_POST['gameID'], (int) $_POST['matchtypeID'], (int) $_POST['teamID'], strsave(htmlspecialchars($_POST['clanname'])), strsave(check_url(htmlspecialchars($_POST['homepage']))), strsave($_POST['email']), strsave(htmlspecialchars($_POST['icq'])), strsave(htmlspecialchars($_POST['skype'])), strsave(htmlspecialchars($_POST['msn'])), strtotime($_POST['datum']), strsave(htmlspecialchars($_POST['serverip'])), strsave(comment_save($_POST['info'])), $_SERVER['REMOTE_ADDR'], time());
if ($db->query($sql)) {
$id = $db->last_id();
$result = $db->query('SELECT groupID FROM ' . DB_PRE . 'ecp_groups WHERE admin LIKE "%fightus:view%"');
$search = 'gID = 1 ';
while ($row = $db->fetch_assoc()) {
$search .= ' OR gID = ' . $row['groupID'];
}
$result = $db->query('SELECT DISTINCT(userID) as userID, username, country FROM ' . DB_PRE . 'ecp_user_groups LEFT JOIN ' . DB_PRE . 'ecp_user ON ID = userID WHERE ' . $search);
$db->query('SELECT * FROM ' . DB_PRE . 'ecp_texte WHERE name = "NEW_FIGHTUS"');
$text = array();
while ($row = $db->fetch_assoc()) {
$text[$row['lang']] = $row;
}
while ($row = mysql_fetch_assoc($result)) {
$search = array('{username}', '{from_clan}', '{id}');
