/** * @package DoceboSCS * @version $Id: functions.php 113 2006-03-08 18:08:42Z ema $ */ function getWriteBox(&$out, &$lang) { require_once _base_ . '/lib/lib.form.php'; $res = ""; if (isset($_POST["refreshrate"])) { $_SESSION["refreshrate"] = (int) $_POST["refreshrate"]; } $form = new Form(); $res .= $form->openForm('refresh_form', getPopupBaseUrl() . '&op=refresh') . '<div class="refresh_form">'; $res .= '<label for="refreshrate">' . $lang->def("_AUTOREFRESH") . '</label>' . $form->getInputTextfield('refreshtext', 'refreshrate', 'refreshrate', $_SESSION["refreshrate"], strip_tags($lang->def("_AUTOREFRESH")), 1000, ''); $res .= $lang->def("_SECONDS") . "\n"; $res .= $form->getButton('refresh', 'refresh', $lang->def("_REFRESH"), 'button_refresh'); $res .= '</div>' . $form->closeForm(); $res .= $form->openForm('msg_form', getPopupBaseUrl() . '&op=send') . '<div class="msg_form">'; $res .= '<label for="msgtxt">' . $lang->def("_MSGTXT") . '</label>' . $form->getInputTextfield('msgtext', 'msgtxt', 'msgtxt', '', strip_tags($lang->def("_MSGTXT")), 1000, ''); $res .= $form->getButton('send', 'send', $lang->def("_SEND"), 'button_send'); $res .= $form->getButton('savechat', 'savechat', $lang->def("_SAVE"), 'button_save'); $res .= '</div>' . $form->closeForm(); $res .= "<script type=\"text/javascript\">\n"; $res .= "document.forms[1].msgtxt.focus();"; $res .= "</script>\n"; $res .= '<div class="emoticons_container"><b>'; $res .= $lang->def("_EMOTICONS") . "</b>: \n"; $res .= $GLOBALS["chat_emo"]->emoticonList(); $res .= '</div>'; if ($_SESSION["refreshrate"] > 0) { $ref_meta = "<meta http-equiv=refresh content=\"" . $_SESSION["refreshrate"] . "; url="; $ref_meta .= getPopupBaseUrl() . "&op=refresh\" />\n"; $out->add($ref_meta, "page_head"); } return $res; }
function showWriteForm(&$out, &$lang) { require_once _base_ . '/lib/lib.form.php'; $form = new Form(); $res = ""; $res .= $form->openForm('msg_form', getPopupBaseUrl() . '&op=send') . '<div class="msg_form">'; $res .= '<label for="msgtxt">' . $lang->def("_MSGTXT") . '</label>' . $form->getInputTextfield('msgtext', 'msgtxt', 'msgtxt', '', strip_tags($lang->def("_MSGTXT")), 1000, ''); $res .= $form->getButton('send', 'send', $lang->def("_SEND"), 'button_send'); $res .= $form->getButton('savechat', 'savechat', $lang->def("_SAVE"), 'button_save'); $res .= '</div>' . $form->closeForm(); $res .= "<script type=\"text/javascript\">\n"; $res .= "document.forms[0].msgtxt.focus();"; $res .= "</script>\n"; $res .= $GLOBALS["chat_emo"]->emoticonList(); $out->add($res); }
function select_media(&$out, &$lang) { require_once _base_ . '/lib/lib.form.php'; require_once _base_ . '/lib/lib.multimedia.php'; $form = new Form(); $from = importVar("from"); $item_id = (int) importVar("item_id"); $src = ""; $title = ""; $path = ""; switch ($from) { case "cms": if (!canAccessCmsMedia()) { die("You can't access!"); } $path = _FPATH_INTERNAL; $relative_path = _FPATH; $preview_path = _PPATH; $qtxt = "SELECT t1.fname, t1.real_fname, t1.media_url, t2.title FROM " . $GLOBALS["prefix_cms"] . "_media as t1 "; $qtxt .= "LEFT JOIN " . $GLOBALS["prefix_cms"] . "_media_info as t2 ON (t2.idm=t1.idMedia) "; $qtxt .= "WHERE t1.idMedia='" . $item_id . "' AND t1.publish='1'"; $q = sql_query($qtxt); if ($q && mysql_num_rows($q) > 0) { $row = mysql_fetch_array($q); $src = $row["real_fname"]; $title = $row["title"]; if (!empty($row["media_url"])) { $src = $row["media_url"]; } else { $src = $row["real_fname"]; } } break; case "personal": if (!canAccessPersonalMedia()) { die("You can't access!"); } $user_id = Docebo::user()->getIdSt(); $path = _USER_FPATH_INTERNAL; $relative_path = _USER_FPATH; $preview_path = _USER_FPATH; $qtxt = "SELECT real_fname, media_url FROM " . $GLOBALS["prefix_fw"] . "_user_file "; $qtxt .= "WHERE id='" . $item_id . "' AND user_idst='" . $user_id . "' AND type='image'"; $q = sql_query($qtxt); if ($q && mysql_num_rows($q) > 0) { $row = mysql_fetch_array($q); if (!empty($row["media_url"])) { $src = $row["media_url"]; } else { $src = $row["real_fname"]; } } break; } // $src=rawurlencode($src); $res = ""; $url = getPopupBaseUrl() . "&op=main"; if (!empty($row["media_url"])) { $media_url = $row["media_url"]; $popup_file_path = $media_url; } else { $popup_file_path = $path . $src; } addMediaPopupJS($popup_file_path); // TODO: remove inline style if (file_exists($preview_path . $src)) { $style = "width: 100px; padding: 2px; border: 1px solid #AAAAAA; margin-bottom: 0.4em;"; $res .= "<img style=\"" . $style . "\" src=\"" . $preview_path . $src . "\" alt=\"" . $title . "\" title=\"" . $title . "\" />\n"; } else { $media_type = getMediaType($src); $style = "width: 64px; padding: 2px; border: 1px solid #AAAAAA; margin-bottom: 0.4em;"; $res .= "<img style=\"" . $style . "\" src=\"" . getPathImage('fw') . "media/" . $media_type . ".png\" alt=\"" . $title . "\" title=\"" . $title . "\" />\n"; } $res .= $form->openForm("popup_form", $url, false, false, '', "onSubmit=\"insItem();\" onReset=\"closePopup();\""); $res .= $form->openElementSpace(); $type = getPopupSelType(); switch ($type) { case "image": $res .= $form->getTextfield($lang->def("_ALT_TXT"), "alt_text", "alt_text", 255, $title); $res .= $form->getTextfield($lang->def("_TITLE"), "title_text", "title_text", 255, $title); //$res.=$form->getTextfield($lang->def("_BORDER"), "border", "border", 3, "0"); break; case "flash": $flash_info = getSwfInfoArray($relative_path . $src); $res .= $form->getTextfield($lang->def("_WIDTH"), "width", "width", 4, $flash_info["width"]); $res .= $form->getTextfield($lang->def("_HEIGHT"), "height", "height", 4, $flash_info["height"]); $res .= $form->getTextfield($lang->def("_BGCOLOR"), "bgcolor", "border", 7, "#FFF"); break; case "audio": case "video": case "streaming": require_once _base_ . '/lib/lib.json.php'; $json = new Services_JSON(); if (!empty($media_url)) { $code = getStreamingEmbed($media_url, FALSE, $src); } else { $cut_from = strlen($GLOBALS["where_files_relative"]); $base_relative_path = $GLOBALS["base_where_files_relative"] . substr($relative_path, $cut_from); $current_pl = Get::cur_plat(); $site_file_path = getPLSetting($current_pl, "url") . $base_relative_path; $code = getEmbedPlay($site_file_path, $src, FALSE, FALSE, FALSE, FALSE, FALSE, FALSE, TRUE); } $code = '<div>' . $code . '</div>'; $core_url = getPLSetting("framework", "url"); $bad_path = $GLOBALS["where_framework_relative"] . "/addons/players/"; $good_path = $core_url . "addons/players/"; $code = str_replace($bad_path, $good_path, $code); $content = array("code" => $code); $embed_code = $json->encode($content); $res .= $form->getHidden("embed_code", "embed_code", rawurlencode($embed_code)); $res .= $src; break; } $res .= $form->closeElementSpace(); $res .= $form->openButtonSpace(); $res .= $form->getButton('apply', 'apply', $lang->def('_SAVE')); $res .= $form->getReset('undo', 'undo', $lang->def('_UNDO')); $res .= $form->closeButtonSpace(); $res .= $form->closeForm(); $out->add($res); }
// check for remote file inclusion attempt ------------------------------- $list = array('GLOBALS', '_POST', '_GET', '_COOKIE', '_SESSION'); while (list(, $elem) = each($list)) { if (isset($_REQUEST[$elem])) { die('Request overwrite attempt detected'); } } require_once dirname(__FILE__) . "/header.php"; YuiLib::load(); if (!isset($_GET['op'])) { $_GET['op'] = 'default'; } switch ($_GET['op']) { case "getmess": ob_clean(); echo getMsgBuffer($lang, false, true); if (Docebo::user()->isLoggedIn()) { Docebo::user()->SaveInSession(); } exit; break; default: $script = "\r\n\t\t<script type=\"text/javascript\">\r\n\t\t<!--\r\n\t\t\r\n\t\tfunction loadXMLDoc(url)\r\n\t\t{\r\n\t\t\tvar callback =\r\n\t\t\t{\r\n\t\t\t\tsuccess: function(req)\r\n\t\t\t\t{\r\n\t\t\t\t\tvar write = document.getElementById(\"write_here\");\r\n\t\t\t\t\tif(write)\r\n\t\t\t\t\t{\r\n\t\t\t\t\t\twhile( write.childNodes.length > 200 )\r\n\t\t\t\t\t\t\twrite.removeChild( write.firstChild );\r\n\t\t\t\t\t\t\r\n\t\t\t\t\t\tif(req.responseText.length != 0)\r\n\t\t\t\t\t\t{\r\n\t\t\t\t\t\t\tvar newline = document.createElement(\"div\");\r\n\t\t\t\t\t\t\tnewline.innerHTML = req.responseText;\r\n\t\t\t\t\t\t\twrite.appendChild(newline);\r\n\t\t\t\t\t\t}\r\n\t\t\t\t\t\t\r\n\t\t\t\t\t\tscroll(1, 10000000);\r\n\t\t\t\t\t}\r\n\t\t\t\t\telse\r\n\t\t\t\t\t{\r\n\t\t\t\t\t\talert(\"where to write not found\");\r\n\t\t\t\t\t\twindow.clearInterval(id_interval);\r\n\t\t\t\t\t}\r\n\t\t\t\t},\r\n\t\t\t\t\r\n\t\t\t\tfailure: {}, \r\n\t\t\t\t\r\n\t\t\t\tcache: false\r\n\t\t\t}\r\n\t\t\tvar transaction = YAHOO.util.Connect.asyncRequest('GET', url, callback, null);\r\n\t\t}\r\n\t\t\r\n\t\tfunction sd() {\r\n\t\t\tscroll(1, 10000000);\r\n\t\t}\r\n\t\t\r\n\t\tfunction endRefresh() {\r\n\t\t\twindow.clearInterval(id_interval);\r\n\t\t}\r\n\t\t\r\n\t\t-->\r\n\t\t</script>\r\n\t"; $out->add($script, "page_head"); $out->add('<div class="intestation_2">' . $lang->def('_CHAT') . '</div>' . '<div class="chatText" id="write_here">' . '<div>' . getMsgBuffer($lang) . '</div>' . '</div>' . '<script type="text/javascript"> var id_interval = window.setInterval("loadXMLDoc(\'' . getPopupBaseUrl() . '&op=getmess\')", ' . _REFRESH_RATE . ' * 1000); sd(); </script>'); } // ------------------------------------------------------------------- require_once dirname(__FILE__) . "/footer.php";
function showWikiSelect(&$out, &$lang) { require_once _base_ . "/lib/lib.form.php"; require_once _base_ . '/lib/lib.urlmanager.php'; require_once $GLOBALS["where_framework"] . "/lib/lib.wiki.php"; $um =& UrlManager::getInstance(); $um->setStdQuery("sn=" . Get::cur_plat() . "&op=wiki_sel"); //$um->setBaseUrl($_SERVER["script_name"]); $wiki_id = getEditorWikiId(); $cwp = new CoreWikiPublic($wiki_id); $form = new Form(); $from = importVar("from"); $item_id = (int) importVar("item_id"); $title = ""; $res = ""; //$res.=$cwp->getWikiLangFlags(); $url = getPopupBaseUrl() . "&op=wiki_sel"; addLinkPopupJS(); $res .= $form->openForm("popup_form", $url, false, false, '', "onReset=\"closePopup();\""); $res .= $form->openElementSpace(); $type = getPopupSelType(); /* $res.=$form->getTextfield($lang->def("_PAGE_TITLE"), "title", "title", 255); $res.=$form->getTextfield($lang->def("_EXTENDED_TITLE"), "ext_title", "ext_title", 255); */ $wiki_lang = $cwp->getWikiLanguage(); // TODO: change getLanguage() with the current wiki language; // try to pass arguments in a better way, like using GET.. [?] $wiki_page_db = new TreeDb_WikiDb($cwp->wikiManager->getWikiPageTable(), $cwp->wikiManager->getWikiPageInfoTable(), $wiki_id, $wiki_lang); $treeView = new TreeView_WikiView($wiki_page_db, 'wiki_tree'); $treeView->hideAction(); $treeView->parsePositionData($_POST, $_POST, $_POST); $folder_id = $treeView->getSelectedFolderId(); $folder_name = $treeView->getFolderPrintName($wiki_page_db->getFolderById($folder_id)); $res .= $treeView->autoLoad(); if ($folder_id > 0) { $other_param = 'onClick="insItem();"'; $page_id =& $folder_id; $page_info = $cwp->wikiManager->getPageInfo($wiki_id, $wiki_lang, FALSE, $page_id); $res .= $form->getHidden("title", "title", $page_info["title"]); $res .= $form->getHidden("page_code", "page_code", $page_info["page_code"]); } else { $other_param = 'disabled="disabled"'; } $res .= $form->closeElementSpace(); $res .= $form->openButtonSpace(); $res .= $form->getButton('apply', 'apply', $lang->def('_SAVE'), FALSE, $other_param); $res .= $form->getReset('undo', 'undo', $lang->def('_UNDO')); $res .= $form->closeButtonSpace(); $res .= $form->closeForm(); $out->add($res); }
function sendChatMsg() { $room = $_SESSION["chat_room_id"]; $backurl = getPopupBaseUrl() . "&op=write"; if (!isset($_SESSION["chat_user_id"]) || !userCanPost()) { Util::jump_to($backurl); } else { $id_user = $_SESSION["chat_user_id"]; $userid = $_SESSION["chat_user_name"]; } $txt = $GLOBALS["chat_emo"]->drawEmoticon(htmlentities($_POST["msgtxt"], ENT_COMPAT, 'UTF-8')); if ($userid != "Anonymous") { $qtxt = "INSERT INTO " . $GLOBALS["prefix_scs"] . "_chat_msg (id_user, id_room, userid, sent_date, text) "; $qtxt .= "VALUES('" . $id_user . "', '" . $room . "', '" . $userid . "', '" . date("Y-m-d H:i:s") . "', '" . $txt . "')"; $q = sql_query($qtxt); sql_query("UPDATE " . $GLOBALS['prefix_lms'] . "_tracksession" . " SET lastTime = '" . date('Y-m-d H:i:s') . "'," . " lastFunction = 'chat'" . " WHERE idEnter = '" . $_SESSION['id_enter_course'] . "'" . " AND idCourse = '" . $_SESSION['idCourse'] . "'" . " AND idUser = '******'"); } Util::jump_to($backurl); }