function attach_add($at, $owner, $attach_opt = 0, $ext = 0) { $mime_type = (int) q_singleval("SELECT id FROM phpgw_fud_mime WHERE fl_ext='" . addslashes(substr(strrchr($at['name'], '.'), 1)) . "'"); $id = db_qid("INSERT INTO phpgw_fud_attach (location,message_id,original_name,owner,attach_opt,mime_type,fsize) VALUES('',0,'" . addslashes($at['name']) . "', " . $owner . ", " . $attach_opt . ", " . $mime_type . ", " . $at['size'] . ")"); safe_attachment_copy($at['tmp_name'], $id, $ext); return $id; }
function send_pmsg() { $this->pmsg_opt |= 16 | 32; $this->pmsg_opt &= 16 | 32 | 1 | 2 | 4; foreach ($GLOBALS['recv_user_id'] as $v) { $id = db_qid("INSERT INTO phpgw_fud_pmsg (\n\t\t\t\tto_list,\n\t\t\t\touser_id,\n\t\t\t\tip_addr,\n\t\t\t\thost_name,\n\t\t\t\tpost_stamp,\n\t\t\t\ticon,\n\t\t\t\tfldr,\n\t\t\t\tsubject,\n\t\t\t\tattach_cnt,\n\t\t\t\tfoff,\n\t\t\t\tlength,\n\t\t\t\tduser_id,\n\t\t\t\tref_msg_id,\n\t\t\t\tpmsg_opt\n\t\t\t) VALUES (\n\t\t\t\t" . strnull(addslashes($this->to_list)) . ",\n\t\t\t\t" . $this->ouser_id . ",\n\t\t\t\t'" . $this->ip_addr . "',\n\t\t\t\t" . $this->host_name . ",\n\t\t\t\t" . $this->post_stamp . ",\n\t\t\t\t" . strnull($this->icon) . ",\n\t\t\t\t1,\n\t\t\t\t'" . addslashes($this->subject) . "',\n\t\t\t\t" . intzero($this->attach_cnt) . ",\n\t\t\t\t" . $this->foff . ",\n\t\t\t\t" . $this->length . ",\n\t\t\t\t" . $v . ",\n\t\t\t\t" . strnull($this->ref_msg_id) . ",\n\t\t\t\t" . $this->pmsg_opt . ")"); $GLOBALS['send_to_array'][] = array($v, $id); $um[$v] = $id; } $c = uq('SELECT id, email, users_opt, icq FROM phpgw_fud_users WHERE id IN(' . implode(',', $GLOBALS['recv_user_id']) . ') AND users_opt>=64 AND (users_opt & 64) > 0'); $from = $GLOBALS['usr']->alias; reverse_fmt($from); $subject = $this->subject; reverse_fmt($subject); while ($r = db_rowarr($c)) { /* do not send notifications about messages sent to self */ if ($r[0] == $this->ouser_id) { continue; } if (!($r[2] & 4)) { $r[1] = $r[3] . '@pager.icq.com'; } send_pm_notification($r[1], $um[$r[0]], $subject, $from, $r[2]); } }
function th_add($root, $forum_id, $last_post_date, $thread_opt, $orderexpiry, $replies = 0, $lpi = 0) { if (!$lpi) { $lpi = $root; } return db_qid("INSERT INTO\n\t\tphpgw_fud_thread\n\t\t\t(forum_id, root_msg_id, last_post_date, replies, views, rating, last_post_id, thread_opt, orderexpiry)\n\t\tVALUES\n\t\t\t(" . $forum_id . ", " . $root . ", " . $last_post_date . ", " . $replies . ", 0, 0, " . $lpi . ", " . $thread_opt . ", " . $orderexpiry . ")"); }
function add($forum_id, $message_threshold, $forum_opt, $perm, $autoapprove = true) { if (!$this->post_stamp) { $this->post_stamp = __request_timestamp__; } if (!isset($this->ip_addr)) { $this->ip_addr = get_ip(); } $this->host_name = $GLOBALS['FUD_OPT_1'] & 268435456 ? "'" . addslashes(get_host($this->ip_addr)) . "'" : 'NULL'; $this->thread_id = isset($this->thread_id) ? $this->thread_id : 0; $this->reply_to = isset($this->reply_to) ? $this->reply_to : 0; $file_id = write_body($this->body, $length, $offset); /* determine if preview needs building */ if ($message_threshold && $message_threshold < strlen($this->body)) { $thres_body = trim_html($this->body, $message_threshold); $file_id_preview = write_body($thres_body, $length_preview, $offset_preview); } else { $file_id_preview = $offset_preview = $length_preview = 0; } poll_cache_rebuild($this->poll_id, $poll_cache); $poll_cache = $poll_cache ? @serialize($poll_cache) : null; $this->id = db_qid("INSERT INTO phpgw_fud_msg (\n\t\t\tthread_id,\n\t\t\tposter_id,\n\t\t\treply_to,\n\t\t\tip_addr,\n\t\t\thost_name,\n\t\t\tpost_stamp,\n\t\t\tsubject,\n\t\t\tattach_cnt,\n\t\t\tpoll_id,\n\t\t\ticon,\n\t\t\tmsg_opt,\n\t\t\tfile_id,\n\t\t\tfoff,\n\t\t\tlength,\n\t\t\tfile_id_preview,\n\t\t\toffset_preview,\n\t\t\tlength_preview,\n\t\t\tmlist_msg_id,\n\t\t\tpoll_cache\n\t\t) VALUES(\n\t\t\t" . $this->thread_id . ",\n\t\t\t" . $this->poster_id . ",\n\t\t\t" . (int) $this->reply_to . ",\n\t\t\t'" . $this->ip_addr . "',\n\t\t\t" . $this->host_name . ",\n\t\t\t" . $this->post_stamp . ",\n\t\t\t" . strnull(addslashes($this->subject)) . ",\n\t\t\t" . (int) $this->attach_cnt . ",\n\t\t\t" . (int) $this->poll_id . ",\n\t\t\t" . strnull(addslashes($this->icon)) . ",\n\t\t\t" . $this->msg_opt . ",\n\t\t\t" . $file_id . ",\n\t\t\t" . (int) $offset . ",\n\t\t\t" . (int) $length . ",\n\t\t\t" . $file_id_preview . ",\n\t\t\t" . $offset_preview . ",\n\t\t\t" . $length_preview . ",\n\t\t\t" . strnull($this->mlist_msg_id) . ",\n\t\t\t" . strnull(addslashes($poll_cache)) . "\n\t\t)"); $thread_opt = (int) ($perm & 4096 && isset($_POST['thr_locked'])); if (!$this->thread_id) { /* new thread */ if ($perm & 64 && isset($_POST['thr_ordertype'], $_POST['thr_orderexpiry'])) { if ((int) $_POST['thr_ordertype']) { $thread_opt |= (int) $_POST['thr_ordertype']; $thr_orderexpiry = (int) $_POST['thr_orderexpiry']; } } $this->thread_id = th_add($this->id, $forum_id, $this->post_stamp, $thread_opt, isset($thr_orderexpiry) ? $thr_orderexpiry : 0); q('UPDATE phpgw_fud_msg SET thread_id=' . $this->thread_id . ' WHERE id=' . $this->id); } else { th_lock($this->thread_id, $thread_opt & 1); } if ($autoapprove && $forum_opt & 2) { $this->approve($this->id, true); } return $this->id; }
${$v} = $_POST[$v]; } if (isset($_POST['btn_all'])) { $c = uq('SELECT id FROM ' . $tbl . 'forum'); while ($r = db_rowarr($c)) { $frm_list[$r[0]] = $r[0]; } } } else { $edit = $a_subject = $a_text = ''; list($d_year, $d_month, $d_day) = explode(' ', gmdate('Y m d', __request_timestamp__)); list($d2_year, $d2_month, $d2_day) = explode(' ', gmdate('Y m d', __request_timestamp__ + 86400)); } } if (isset($_POST['btn_submit'])) { $id = db_qid('INSERT INTO ' . $tbl . 'announce (date_started, date_ended, subject, text) VALUES (' . mk_date($_POST['d_year'], $_POST['d_month'], $_POST['d_day']) . ', ' . mk_date($_POST['d2_year'], $_POST['d2_month'], $_POST['d2_day']) . ', \'' . addslashes($_POST['a_subject']) . '\', \'' . addslashes($_POST['a_text']) . '\')'); } else { if (isset($_POST['btn_update'], $_POST['edit'])) { $id = (int) $_POST['edit']; q('UPDATE ' . $tbl . 'announce SET date_started=' . mk_date($_POST['d_year'], $_POST['d_month'], $_POST['d_day']) . ', date_ended=' . mk_date($_POST['d2_year'], $_POST['d2_month'], $_POST['d2_day']) . ', subject=\'' . addslashes($_POST['a_subject']) . '\', text=\'' . addslashes($_POST['a_text']) . '\' WHERE id=' . $id); } } if (isset($_POST['frm_list'], $id)) { $_POST['frm_list'] = array_unique($_POST['frm_list']); q('DELETE FROM ' . $tbl . 'ann_forums WHERE ann_id=' . $id); foreach ($_POST['frm_list'] as $v) {
function init_user() { $o1 =& $GLOBALS['FUD_OPT_1']; $o2 =& $GLOBALS['FUD_OPT_2']; $phpgw =& $GLOBALS['phpgw_info']['user']; /* delete old sessions */ if (!(rand() % 10)) { q("DELETE FROM phpgw_fud_ses WHERE time_sec+" . $GLOBALS['phpgw_info']['server']['sessions_timeout'] . " < " . __request_timestamp__); } $u = db_sab("SELECT \n\t\t\ts.id AS sid, s.data, s.returnto, \n\t\t\tt.id AS theme_id, t.lang, t.name AS theme_name, t.locale, t.theme, t.pspell_lang, t.theme_opt, \n\t\t\tu.alias, u.posts_ppg, u.time_zone, u.sig, u.last_visit, u.last_read, u.cat_collapse_status, u.users_opt, u.ignore_list, u.ignore_list, u.buddy_list, u.id, u.group_leader_list, u.email, u.login \n\t\t\tFROM phpgw_fud_ses s\n\t\t\tINNER JOIN phpgw_fud_users u ON u.id=(CASE WHEN s.user_id>2000000000 THEN 1 ELSE s.user_id END) \n\t\t\tINNER JOIN phpgw_fud_themes t ON t.id=u.theme WHERE s.ses_id='" . s . "'"); if (!$u) { /* registered user */ if ($phpgw['account_lid'] != $GLOBALS['ANON_NICK']) { /* this means we do not have an entry for this user in the sessions table */ $uid = q_singleval("SELECT id FROM phpgw_fud_users WHERE egw_id=" . (int) $phpgw['account_id']); $id = db_qid("INSERT INTO phpgw_fud_ses (user_id, ses_id, time_sec) VALUES(" . $uid . ", '" . s . "', " . __request_timestamp__ . ")"); $u = db_sab('SELECT s.id AS sid, s.data, s.returnto, t.id AS theme_id, t.lang, t.name AS theme_name, t.locale, t.theme, t.pspell_lang, t.theme_opt, u.alias, u.posts_ppg, u.time_zone, u.sig, u.last_visit, u.last_read, u.cat_collapse_status, u.users_opt, u.ignore_list, u.ignore_list, u.buddy_list, u.id, u.group_leader_list, u.email, u.login FROM phpgw_fud_ses s INNER JOIN phpgw_fud_users u ON u.id=s.user_id INNER JOIN phpgw_fud_themes t ON t.id=u.theme WHERE s.id=' . $id); } else { /* anonymous user */ do { $uid = 2000000000 + mt_rand(1, 147483647); } while (!($id = db_li("INSERT INTO phpgw_fud_ses (time_sec, ses_id, user_id) VALUES (" . __request_timestamp__ . ", '" . s . "', " . $uid . ")", $ef, 1))); $u = db_sab('SELECT s.id AS sid, s.data, s.returnto, t.id AS theme_id, t.lang, t.name AS theme_name, t.locale, t.theme, t.pspell_lang, t.theme_opt, u.alias, u.posts_ppg, u.time_zone, u.sig, u.last_visit, u.last_read, u.cat_collapse_status, u.users_opt, u.ignore_list, u.ignore_list, u.buddy_list, u.id, u.group_leader_list, u.email, u.login FROM phpgw_fud_ses s INNER JOIN phpgw_fud_users u ON u.id=1 INNER JOIN phpgw_fud_themes t ON t.id=u.theme WHERE s.id=' . $id); } } /* grant admin access */ if (!empty($phpgw['apps']['admin'])) { $u->users_opt |= 1048576; } /* this is ugly, very ugly, but there is no way around it, we need to see if the * user's language had changed and we can only do it this way. */ $langl = array('bg' => 'bulgarian', 'zh' => 'chinese_big5', 'cs' => 'czech', 'nl' => 'dutch', 'fr' => 'french', 'de' => 'german', 'it' => 'italian', 'lv' => 'latvian', 'no' => 'norwegian', 'pl' => 'polish', 'pt' => 'portuguese', 'ro' => 'romanian', 'ru' => 'russian', 'sk' => 'slovak', 'es' => 'spanish', 'sv' => 'swedish', 'tr' => 'turkish', 'en' => 'english'); $lang =& $phpgw['preferences']['common']['lang']; if (isset($langl[$lang]) && $langl[$lang] != $u->lang) { if (!($o = db_sab("SELECT * FROM phpgw_fud_themes WHERE lang='{$langl[$lang]}'"))) { fud_use('compiler.inc', true); fud_use('theme.inc', true); $thm = new fud_theme(); $thm->name = $thm->lang = $langl[$lang]; $thm->theme = 'default'; $thm->pspell_lang = file_get_contents($GLOBALS['DATA_DIR'] . 'thm/default/i18n/' . $langl[$lang] . '/pspell_lang'); $thm->locale = file_get_contents($GLOBALS['DATA_DIR'] . 'thm/default/i18n/' . $langl[$lang] . '/locale'); $thm->theme_opt = 1; $thm->add(); compile_all('default', $langl[$lang], $langl[$lang]); $o = db_sab("SELECT * FROM phpgw_fud_themes WHERE lang='{$langl[$lang]}'"); } $u->lang = $o->lang; $u->theme_name = $o->name; $u->locale = $o->locale; $u->theme_id = $o->id; $u->theme = $o->theme; $u->pspell_lang = $o->pspell_lang; $u->theme_opt = $o->theme_opt; q("UPDATE phpgw_fud_users SET theme=" . $u->theme_id . " WHERE id=" . $u->id); } if ($u->data) { $u->data = @unserialize($u->data); } $u->users_opt = (int) $u->users_opt; /* set timezone */ @putenv('TZ=' . $u->time_zone); /* set locale */ setlocale(LC_ALL, $u->locale); /* view format for threads & messages */ define('d_thread_view', $u->users_opt & 256 ? 'msg' : 'tree'); define('t_thread_view', $u->users_opt & 128 ? 'thread' : 'threadt'); /* theme path */ @define('fud_theme', 'theme/' . ($u->theme_name ? $u->theme_name : 'default') . '/'); /* define _uid, which, will tell us if this is a 'real' user or not */ define('__fud_real_user__', $u->id != 1 ? $u->id : 0); define('_uid', __fud_real_user__); if (__fud_real_user__) { q('UPDATE phpgw_fud_users SET last_visit=' . __request_timestamp__ . ' WHERE id=' . $u->id); } return $u; }
function poll_opt_add($name, $poll_id) { return db_qid("INSERT INTO phpgw_fud_poll_opt (poll_id,name) VALUES(" . $poll_id . ", '" . addslashes($name) . "')"); }