public function log($sql, array $params = null, array $types = null)
{
global $MAIN_CFG;
$this->query_start_time = get_microtime();
if (NEXOS_DEBUG || is_admin() && !empty($MAIN_CFG['debug']['database'])) {
$failed = false;
$this->_backtrace();
$new_log['line'] = $this->line;
$new_log['query'] = htmlprepare($sql);
$new_log['params'] = htmlprepare($params);
$new_log['types'] = htmlprepare($types);
$new_log['failed'] = $failed;
$this->query_list[$this->file][$this->num_queries] = $new_log;
}
}
function mmcache_encode_file($src, $out, $f, $c)
{
if (empty($out)) {
echo "\n// {$src}\n";
}
$prefix = '';
$cmp = mmcache_encode($src, $prefix);
if (empty($cmp)) {
mmcache_error("Can't compile file \"{$src}\"");
if ($f) {
if ($c && !empty($out)) {
global $web_error;
if (!empty($web_error)) {
echo "<font color=\"#ff0000\">{$web_error}</font><br />\n";
flush();
$web_error = '';
}
mmcache_copy_file($src, $out, $f);
}
}
} else {
$cmp = $prefix . '<?php if (!is_callable("mmcache_load") && !dl((PHP_OS=="WINNT"||PHP_OS=="WIN32")?"TurckLoader.dll":"TurckLoader.so")) { die("This PHP script has been encoded with Turck MMcache, to run it you must install <a href=\\"http://turck-mmcache.sourceforge.net/\\">Turck MMCache or Turck Loader</a>");} return mmcache_load(\'' . $cmp . "');?>\n";
if (!empty($out)) {
if (!$f && file_exists($out)) {
mmcache_error("Can't create output file \"{$out}\" (already exists)");
} else {
$file = fopen($out, 'wb');
if (!$file) {
mmcache_error("Can't open output file \"{$out}\"");
} else {
fwrite($file, $cmp);
unset($cmp);
fclose($file);
$stat = stat($src);
chmod($out, $stat['mode']);
echo "<font color=\"#00aa00\">Encoding: \"{$src}\" -> \"{$out}\"</font><br />\n";
}
}
} else {
echo '<pre>' . htmlprepare($cmp) . "</pre>\n";
unset($cmp);
}
}
}
function search_form($search_id = false)
{
global $db, $dl_prefix, $user_prefix, $module_name, $CPG_SESS, $bgcolor3;
$searchdata = $_POST;
$return = '';
if ($search_id) {
if (isset($CPG_SESS[$module_name]['search'][$search_id])) {
$searchdata = $CPG_SESS[$module_name]['search'][$search_id];
$return .= '<div style="background-color: ' . $bgcolor3 . '; padding: 3px;">Editing criteria for search #' . $search_id . '; <a href="' . URL::index('&file=search') . '">start new search</a></div>';
} else {
$return .= $this->show_error('Invalid or expired search session. Please start a new search below.');
}
}
$return .= '<form action="' . URL::index('&file=search') . '" method="post" enctype="multipart/form-data" accept-charset="utf-8">
<h3>Keywords</h3><input type="text" name="s_BASICSEARCH" size="53" value="' . (isset($searchdata['s_BASICSEARCH']) ? htmlprepare($searchdata['s_BASICSEARCH']) : '') . '" maxlength="255" /><br /><br />
<div style="float: left; width: 50%"><h3>Basic information</h3>
<label class="ulog" for="s_cid">' . _CATEGORY . '</label> ' . DL_Cat::selectbox(isset($searchdata['s_cid']) ? intval($searchdata['s_cid']) : 0, 's_cid', 2) . '<br />
<label class="ulog" for="s_submitter">' . _DLP_SUBMITTEDBY . '</label> <input type="text" name="s_submitter" id="s_submitter" size="30" maxlength="255" value="' . (isset($searchdata['s_submitter']) ? htmlprepare($searchdata['s_submitter']) : '') . '" /><br />
<label class="ulog" for="s_name">' . _AUTHORNAME . '</label> <input type="text" name="s_name" id="s_name" size="30" maxlength="255" value="' . (isset($searchdata['s_name']) ? htmlprepare($searchdata['s_name']) : '') . '" /><br />
<label class="ulog" for="s_email">' . _AUTHOREMAIL . '</label> <input type="text" name="s_email" id="s_email" size="30" maxlength="255" value="' . (isset($searchdata['s_email']) ? htmlprepare($searchdata['s_email']) : '') . '" /><br />
<h3>Special options</h3>
<label class="ulog" for="s_pick">' . _DLP_EDPICK . '</label> <input type="checkbox" name="s_pick" id="s_pick" value="1"' . (isset($searchdata['s_pick']) && $searchdata['s_pick'] == 1 ? ' checked="checked"' : '') . ' /> ' . _YES . '<br />
<label class="ulog" for="s_screenshot">Only downloads with screenshot(s)</label> <input type="checkbox" name="s_screenshot" id="s_screenshot" value="1"' . (isset($searchdata['s_screenshot']) && $searchdata['s_screenshot'] == 1 ? ' checked="checked"' : '') . ' /> ' . _YES . '<br />
<label class="ulog" for="s_date">Published in past</label> ' . select_option('s_date', isset($searchdata['s_date']) ? intval($searchdata['s_date']) : '', array('', 3, 7, 14, 30, 60, 90, 180, 365)) . ' days<br />
<label class="ulog" for="s_updated">Updated in past</label> ' . select_option('s_updated', isset($searchdata['s_updated']) ? intval($searchdata['s_updated']) : '', array('', 3, 7, 14, 30, 60, 90, 180, 365)) . ' days</div>
<div style="float: right; width: 50%"><h3>Additional information</h3>';
$result = $db->sql_uquery("SELECT * FROM " . $dl_prefix . "_fields \n\t\t\tWHERE visible > 0 \n\t\t\tORDER BY title");
while ($field = $db->sql_fetchrow($result)) {
$f_title = defined($field['title']) ? constant($field['title']) : $field['title'];
$f_title = $field['visible'] == 2 ? '* ' . $f_title : $f_title;
$return .= '<label class="ulog" for="s_' . $field['field'] . '">' . $f_title . '</label>';
if ($field['type'] == 1 || $field['type'] == 3) {
$f_value = isset($searchdata['s_' . $field['field']]) ? intval($searchdata['s_' . $field['field']]) : 0;
$return .= '<input type="checkbox" name="s_' . $field['field'] . '" id="s_' . $field['field'] . '" value="1"' . ($f_value == 1 ? ' checked="checked"' : '') . ' /> ' . _YES . '<br />';
} else {
$f_value = isset($searchdata['s_' . $field['field']]) ? htmlprepare($searchdata['s_' . $field['field']]) : '';
$return .= '<input type="text" name="s_' . $field['field'] . '" id="s_' . $field['field'] . '" size="30" maxlength="' . $field['size'] . '" value="' . $f_value . '" /><br />';
}
}
$return .= '</div><br /><br /><input type="submit" name="search" value="' . _SEARCH . '" /></form>';
return $return;
}
public function load_toc()
{
if ($fp = fopen($this->filename, 'rb')) {
# find ToC summary (Central Dir)
fseek($fp, -18, SEEK_END);
while (ftell($fp) > 76) {
$id = fread($fp, 4);
# "PK\x05\x06"
if ($id == "PK") {
$this->toc['cd'] = unpack('vdisk/vdisk_start/vdisk_entries/ventries/Vsize/Voffset/vcomment_size', fread($fp, 18));
$this->toc['cd']['comment'] = $this->toc['cd']['comment_size'] > 0 ? htmlprepare(fread($fp, $this->toc['cd']['comment_size'])) : '';
break;
}
fseek($fp, -5, SEEK_CUR);
}
if (empty($this->toc['cd'])) {
return false;
}
# Read all ToC entries
$dir = NULL;
fseek($fp, $this->toc['cd']['offset']);
for ($i = 0; $i < $this->toc['cd']['entries']; ++$i) {
$entry = $this->ReadFileHeader($fp);
if (substr($entry['filename'], -1) != '/') {
$this->toc['files'][$i] = $entry;
$dir['entries'][$i] =& $this->toc['files'][$i];
} else {
$this->toc['dirs'][$i] = $entry;
$dir =& $this->toc['dirs'][$i];
}
}
fclose($fp);
return true;
}
return false;
}
}
}
require_once 'header.php';
GraphicAdmin('_AMENU3');
if (isset($_GET['del'])) {
if (isset($_POST['cancel'])) {
URL::redirect(URL::admin('messages'));
}
cpg_delete_msg(URL::admin('&del=' . intval($_GET['del'])), _REMOVEMSG);
} else {
if (isset($_GET['edit'])) {
OpenTable();
$id = intval($_GET['edit']);
$result = $db->sql_query('SELECT title, content, date, expire, active, view, mlanguage FROM ' . $prefix . '_message WHERE mid=' . $id);
$row = $db->sql_fetchrow($result);
echo '<div style="text-align:center;" class="option">' . _EDITMSG . '</div>' . '<form name="edit_message" action="' . URL::admin('messages&save=' . $id) . '" method="post" enctype="multipart/form-data" accept-charset="utf-8">' . '<br /><strong>' . _MESSAGETITLE . '</strong><br />' . '<input type="text" name="title" value="' . htmlprepare($row['title']) . '" size="50" maxlength="100" /><br /><br />' . '<strong>' . _MESSAGECONTENT . '</strong><br />' . bbcode_table('content', 'edit_message', 1) . '<div style="float:left;"><textarea name="content" rows="15" wrap="virtual" cols="63" onselect="storeCaret(this);" onclick="storeCaret(this);" onkeyup="storeCaret(this);" onchange="storeCaret(this);">' . htmlprepare($row['content']) . '</textarea></div>
<div style="float:left; margin-left:5px;">' . smilies_table('inline', 'content', 'edit_message') . '</div><br /><br />';
if ($MAIN_CFG['global']['multilingual']) {
echo '<strong>' . _LANGUAGE . '</strong> ' . lang_selectbox($row['mlanguage'], 'language') . '<br /><br />';
} else {
echo '<input type="hidden" name="language" value="" />';
}
echo "<strong>" . _EXPIRATION . '</strong> ' . select_box('expire', $row['expire'], array(86400 => '1 ' . _DAY, 172800 => '2 ' . _DAYS, 432000 => '5 ' . _DAYS, 1296000 => '15 ' . _DAYS, 2592000 => '30 ' . _DAYS, 0 => _UNLIMITED)) . '<br /><br />' . '<strong>' . _ACTIVATE2 . '</strong> ' . yesno_option('active', $row['active']);
if ($row['active']) {
echo '<br /><br /><strong>' . _CHANGEDATE . '</strong> ' . yesno_option('chng_date', 0) . '<br /><br />';
} else {
echo '<br /><div class="tiny">' . _IFYOUACTIVE . '</div><input type="hidden" name="chng_date" value="1" /><br />';
}
echo '<strong>' . _VIEWPRIV . '</strong> ' . group_selectbox('view', $row['view'], true) . '<br /><br /><input type="submit" value="' . _SAVECHANGES . '" /></form>';
} else {
OpenTable();
function parse_select_option($value)
{
if (!preg_match("/.+?no=(\\d+),album_nm='(.+?)',album_sort=(\\d+),action=(\\d)/", $value, $matches)) {
return false;
}
return array('album_no' => (int) $matches[1], 'album_nm' => htmlprepare($matches[2]), 'album_sort' => (int) $matches[3], 'action' => (int) $matches[4]);
}
public static function encode_html($text)
{
return false !== strpos($text, '<') ? htmlprepare($text, false, ENT_NOQUOTES) : $text;
}
if ($group_info = $db->sql_fetchrow($result)) {
$group_moderator = $group_info['group_moderator'];
//
// Handle Additions, removals, approvals and denials
//
if (!empty($_POST['add']) || !empty($_POST['remove']) || isset($_POST['approve']) || isset($_POST['deny'])) {
if (!is_user()) {
URL::redirect(URL::index('Your_Account'), true);
}
if (!$is_moderator && $group_moderator != $userinfo['user_id']) {
URL::refresh(URL::index());
$message = $lang['Not_group_moderator'] . '<br /><br />' . sprintf($lang['Click_return_index'], '<a href="' . URL::index() . '">', '</a>');
message_die(GENERAL_MESSAGE, $message);
}
if (isset($_POST['add'])) {
$username = isset($_POST['username']) ? htmlprepare($_POST['username']) : '';
$sql = "SELECT user_id, user_email, user_lang FROM " . USERS_TABLE . " WHERE username = '******'";
$result = $db->sql_query($sql);
if (!($row = $db->sql_fetchrow($result))) {
URL::refresh(URL::index("&" . POST_GROUPS_URL . "={$group_id}"));
$message = $lang['Could_not_add_user'] . "<br /><br />" . sprintf($lang['Click_return_group'], "<a href=\"" . URL::index("&" . POST_GROUPS_URL . "={$group_id}") . "\">", "</a>") . "<br /><br />" . sprintf($lang['Click_return_index'], "<a href=\"" . URL::index() . "\">", "</a>");
message_die(GENERAL_MESSAGE, $message);
}
if ($row['user_id'] == ANONYMOUS) {
URL::refresh(URL::index("&" . POST_GROUPS_URL . "={$group_id}"));
$message = $lang['Could_not_anon_user'] . '<br /><br />' . sprintf($lang['Click_return_group'], '<a href="' . URL::index("&" . POST_GROUPS_URL . "={$group_id}") . '">', '</a>') . '<br /><br />' . sprintf($lang['Click_return_index'], '<a href="' . URL::index() . '">', '</a>');
message_die(GENERAL_MESSAGE, $message);
}
$sql = "SELECT ug.user_id FROM " . USER_GROUP_TABLE . " ug, " . USERS_TABLE . " u\n\t\t\t\t\tWHERE u.user_id = " . $row['user_id'] . "\n\t\t\t\t\t\tAND ug.user_id = u.user_id\n\t\t\t\t\t\tAND ug.group_id = {$group_id}";
$result = $db->sql_query($sql);
if (!$db->sql_numrows($result)) {
cpg_error('Group doesn\'t exist');
}
$mode = 'editgroup';
echo 'Edit group';
} else {
$group_info = array('group_name' => '', 'group_description' => '', 'group_moderator' => '', 'group_type' => 0, 'username' => '');
$mode = 'newgroup';
echo 'Create new group';
}
$s_hidden_fields = '<input type="hidden" name="mode" value="' . $mode . '" /><input type="hidden" name="gid" value="' . $group_id . '" />';
echo '</th>
</tr>
<tr>
<td class="row1" width="38%"><span class="gen">Group name:</span></td>
<td class="row2" width="62%">
<input type="text" name="group_name" size="35" maxlength="40" value="' . htmlprepare($group_info['group_name']) . '" />
</td>
</tr><tr>
<td class="row1" width="38%"><span class="gen">Group description:</span></td>
<td class="row2" width="62%">
<textarea name="group_description" rows="10" cols="63">' . $group_info['group_description'] . '</textarea>
</td>
</tr><tr>
<td class="row1" width="38%"><span class="gen">Group moderator:</span></td>
<td class="row2" width="62%"><input type="text" class="post" name="username" maxlength="50" size="20" value="' . $group_info['username'] . '" /> <input type="submit" name="usersubmit" value="Find a username" class="liteoption" onclick="window.open(\'' . URL::index('Forums&file=search&mode=searchuser&popup=1&menu=1') . '\', \'_phpbbsearch\', \'HEIGHT=250,resizable=yes,WIDTH=400\');return false;" /></td>
</tr><tr>
<td class="row1" width="38%"><span class="gen">Group status:</span></td>
<td class="row2" width="62%">
<input type="radio" name="group_type" value="0" ' . ($group_info['group_type'] == 0 ? ' checked="checked"' : '') . ' /> Open group
<input type="radio" name="group_type" value="1" ' . ($group_info['group_type'] == 1 ? ' checked="checked"' : '') . ' /> Closed group
<input type="radio" name="group_type" value="2" ' . ($group_info['group_type'] == 2 ? ' checked="checked"' : '') . ' /> Hidden group</td>
CloseTable();
} else {
cpg_error(_CPG_MMNOLINK);
}
} elseif (isset($_GET['editcat'])) {
$cid = isset($_GET['cid']) ? intval($_GET['cid']) : '';
$mode = $_GET['editcat'];
$title = _CPG_MMCATNEW;
if ($mode == 'mod') {
$result = $db->sql_query("SELECT name, image, link_type, link FROM " . $prefix . "_modules_cat WHERE cid=" . $cid);
$title = _CPG_MMCATEDIT;
}
if ($mode != 'new' && $db->sql_numrows($result) > 0 || $mode == 'new') {
cpg_mm_admin_header($title);
$cat = $mode == 'new' ? array('name' => 'My title', 'image' => 'image.gif', 'link' => '', 'link_type' => 0) : $db->sql_fetchrow($result);
$cpgtpl->assign_vars(array('EDITLINK' => false, 'EDITCAT' => true, 'S_URL' => _URL, 'S_CPG_MMOPTIONAL' => _CPG_MMOPTIONAL, 'MODE' => $mode, 'CID' => $cid, 'S_CATNAME_VALUE' => htmlprepare($cat['name']), 'S_CATIMAGE_VALUE' => $cat['image'], 'S_CATLINK_VALUE' => $cat['link'], 'S_SUBMIT_VALUE' => $mode != 'new' ? _SAVECHANGES : _CPG_MMADDCAT, 'SEL_LINKTYPE' => select_box('lnktype', $cat['link_type'], array(0 => 'getlink', 1 => 'link', 2 => 'web'))));
$cpgtpl->set_handle('body', 'admin/cpgmm_edit.html');
$cpgtpl->display('body');
} else {
cpg_error(_CPG_MMNOCAT);
}
} elseif (isset($_GET['savecat'])) {
if ($_POST['catname'] == '') {
cpg_error(_CPG_MMCATEMPTY);
}
if ($_GET['savecat'] == 'mod') {
$db->sql_query("UPDATE " . $prefix . "_modules_cat SET name='" . Fix_Quotes($_POST['catname']) . "', image='{$_POST['catimage']}', link='{$_POST['catlink']}', link_type='{$_POST['lnktype']}' WHERE cid=" . intval($_POST['cid']));
} else {
list($pos) = $db->sql_ufetchrow("SELECT pos FROM " . $prefix . "_modules_cat \n\t\t\tORDER BY pos DESC", SQL_NUM);
$pos = empty($pos) ? 0 : $pos + 1;
$db->sql_query("INSERT INTO " . $prefix . "_modules_cat (name, image, pos, link, link_type) VALUES ('" . Fix_Quotes($_POST['catname']) . "', '{$_POST['catimage']}', '{$pos}', '{$_POST['catlink']}', '{$_POST['lnktype']}')");
function run_ranks()
{
global $db, $lang, $template, $op, $bgcolor1, $bgcolor2;
if (isset($_GET['mode']) || isset($_POST['mode'])) {
$mode = htmlprepare(isset($_GET['mode']) ? $_GET['mode'] : $_POST['mode']);
} else {
if (isset($_POST['add'])) {
$mode = 'add';
} else {
if (isset($_POST['save'])) {
$mode = 'save';
} else {
$mode = '';
}
}
}
if ($mode != '') {
if ($mode == 'edit' || $mode == 'add') {
//
// They want to add a new rank, show the form.
//
$rank_id = isset($_GET['id']) ? intval($_GET['id']) : 0;
$s_hidden_fields = '';
if ($mode == 'edit') {
if (empty($rank_id)) {
message_die(GENERAL_MESSAGE, $lang['Must_select_rank']);
}
$result = $db->sql_query("SELECT * FROM {$db->TBL->bbranks} WHERE rank_id = {$rank_id}");
$rank_info = $db->sql_fetchrow($result);
$s_hidden_fields .= '<input type="hidden" name="id" value="' . $rank_id . '" />';
} else {
$rank_info['rank_special'] = 0;
}
$s_hidden_fields .= '<input type="hidden" name="mode" value="save" />';
$rank_is_special = $rank_info['rank_special'] ? "checked=\"checked\"" : "";
$rank_is_not_special = !$rank_info['rank_special'] ? "checked=\"checked\"" : "";
$template->set_filenames(array('body' => 'forums/admin/ranks_edit_body.html'));
$template->assign_vars(array("RANK" => isset($rank_info['rank_title']) ? $rank_info['rank_title'] : '', "SPECIAL_RANK" => $rank_is_special, "NOT_SPECIAL_RANK" => $rank_is_not_special, "MINIMUM" => $rank_is_special ? "" : isset($rank_info['rank_min']) ? $rank_info['rank_min'] : '', "IMAGE" => isset($rank_info['rank_image']) && $rank_info['rank_image'] != "" ? $rank_info['rank_image'] : "", "IMAGE_DISPLAY" => isset($rank_info['rank_image']) && $rank_info['rank_image'] != "" ? '<img src="' . $rank_info['rank_image'] . '" alt="" />' : "", "L_RANKS_TITLE" => $lang['Ranks_title'], "L_RANKS_TEXT" => $lang['Ranks_explain'], "L_RANK_TITLE" => $lang['Rank_title'], "L_RANK_SPECIAL" => $lang['Rank_special'], "L_RANK_MINIMUM" => $lang['Rank_minimum'], "L_RANK_IMAGE" => $lang['Rank_image'], "L_RANK_IMAGE_EXPLAIN" => $lang['Rank_image_explain'], "L_SUBMIT" => $lang['Submit'], "L_RESET" => $lang['Reset'], "L_YES" => $lang['Yes'], "L_NO" => $lang['No'], "S_RANK_ACTION" => URL::admin("{$op}"), "S_HIDDEN_FIELDS" => $s_hidden_fields));
} else {
if ($mode == "save") {
//
// Ok, they sent us our info, let's update it.
//
$rank_id = isset($_POST['id']) ? intval($_POST['id']) : 0;
$rank_title = isset($_POST['title']) ? trim($_POST['title']) : "";
$special_rank = $_POST['special_rank'] == 1 ? TRUE : 0;
$min_posts = isset($_POST['min_posts']) ? intval($_POST['min_posts']) : -1;
$rank_image = isset($_POST['rank_image']) ? trim($_POST['rank_image']) : "";
if ($rank_title == "") {
message_die(GENERAL_MESSAGE, $lang['Must_select_rank']);
}
if ($special_rank == 1) {
$max_posts = -1;
$min_posts = -1;
}
//
// The rank image has to be a jpg, gif or png
//
if ($rank_image != "") {
if (!preg_match("/(\\.gif|\\.png|\\.jpg)\$/is", $rank_image)) {
$rank_image = "";
}
}
if ($rank_id) {
if (!$special_rank) {
$db->sql_query("UPDATE " . USERS_TABLE . " SET user_rank = 0 WHERE user_rank = {$rank_id}");
}
$sql = "UPDATE {$db->TBL->bbranks}\n\t\t\t\t\tSET rank_title = '" . Fix_Quotes($rank_title) . "', rank_special = {$special_rank}, rank_min = {$min_posts}, rank_image = '" . Fix_Quotes($rank_image) . "'\n\t\t\t\t\tWHERE rank_id = {$rank_id}";
$message = $lang['Rank_updated'];
} else {
$sql = "INSERT INTO {$db->TBL->bbranks} (rank_title, rank_special, rank_min, rank_image)\n\t\t\t\t\tVALUES ('" . Fix_Quotes($rank_title) . "', {$special_rank}, {$min_posts}, '" . Fix_Quotes($rank_image) . "')";
$message = $lang['Rank_added'];
}
$db->sql_query($sql);
$message .= "<br /><br />" . sprintf($lang['Click_return_rankadmin'], "<a href=\"" . URL::admin("{$op}") . "\">", "</a>") . "<br /><br />" . sprintf($lang['Click_return_admin_index'], "<a href=\"" . URL::admin($op) . "\">", "</a>");
message_die(GENERAL_MESSAGE, $message);
} else {
if ($mode == "delete") {
//
// Ok, they want to delete their rank
//
if (isset($_POST['id']) || isset($_GET['id'])) {
$rank_id = isset($_POST['id']) ? intval($_POST['id']) : intval($_GET['id']);
} else {
$rank_id = 0;
}
if ($rank_id) {
$db->sql_query("DELETE FROM {$db->TBL->bbranks} WHERE rank_id = {$rank_id}");
$db->sql_query("UPDATE " . USERS_TABLE . " SET user_rank = 0 WHERE user_rank = {$rank_id}");
$message = $lang['Rank_removed'] . "<br /><br />" . sprintf($lang['Click_return_rankadmin'], "<a href=\"" . URL::admin("{$op}") . "\">", "</a>") . "<br /><br />" . sprintf($lang['Click_return_admin_index'], "<a href=\"" . URL::admin($op) . "\">", "</a>");
message_die(GENERAL_MESSAGE, $message);
} else {
message_die(GENERAL_MESSAGE, $lang['Must_select_rank']);
}
} else {
//
// They didn't feel like giving us any information. Oh, too bad, we'll just display the
// list then...
//
$template->set_filenames(array('body' => 'forums/admin/ranks_list_body.html'));
$result = $db->sql_query("SELECT * FROM {$db->TBL->bbranks} ORDER BY rank_min, rank_title");
$rank_rows = $db->sql_fetchrowset($result);
$rank_count = count($rank_rows);
$template->assign_vars(array("L_RANKS_TITLE" => $lang['Ranks_title'], "L_RANKS_TEXT" => $lang['Ranks_explain'], "L_RANK" => $lang['Rank_title'], "L_RANK_MINIMUM" => $lang['Rank_minimum'], "L_SPECIAL_RANK" => $lang['Special_rank'], "L_EDIT" => $lang['Edit'], "L_DELETE" => $lang['Delete'], "L_ADD_RANK" => $lang['Add_new_rank'], "L_ACTION" => $lang['Action'], "S_RANKS_ACTION" => URL::admin("{$op}")));
for ($i = 0; $i < $rank_count; $i++) {
$rank = $rank_rows[$i]['rank_title'];
$special_rank = $rank_rows[$i]['rank_special'];
$rank_id = $rank_rows[$i]['rank_id'];
$rank_min = $rank_rows[$i]['rank_min'];
if ($special_rank) {
$rank_min = $rank_max = "-";
}
$row_color = !($i % 2) ? $bgcolor2 : $bgcolor1;
$row_class = !($i % 2) ? 'row1' : 'row2';
$template->assign_block_vars("ranks", array("ROW_COLOR" => $row_color, "ROW_CLASS" => $row_class, "RANK" => $rank, "RANK_MIN" => $rank_min, "SPECIAL_RANK" => $special_rank == 1 ? $lang['Yes'] : $lang['No'], "U_RANK_EDIT" => URL::admin("{$op}&mode=edit&id={$rank_id}"), "U_RANK_DELETE" => URL::admin("{$op}&mode=delete&id={$rank_id}")));
}
}
}
}
} else {
//
// Show the default page
//
$template->set_filenames(array('body' => 'forums/admin/ranks_list_body.html'));
$result = $db->sql_query("SELECT * FROM {$db->TBL->bbranks} ORDER BY rank_min ASC, rank_special ASC");
$rank_count = $db->sql_numrows($result);
$rank_rows = $db->sql_fetchrowset($result);
$template->assign_vars(array("L_RANKS_TITLE" => $lang['Ranks_title'], "L_RANKS_TEXT" => $lang['Ranks_explain'], "L_RANK" => $lang['Rank_title'], "L_RANK_MINIMUM" => $lang['Rank_minimum'], "L_SPECIAL_RANK" => $lang['Rank_special'], "L_EDIT" => $lang['Edit'], "L_DELETE" => $lang['Delete'], "L_ADD_RANK" => $lang['Add_new_rank'], "L_ACTION" => $lang['Action'], "S_RANKS_ACTION" => URL::admin($op)));
for ($i = 0; $i < $rank_count; $i++) {
$rank = $rank_rows[$i]['rank_title'];
$special_rank = $rank_rows[$i]['rank_special'];
$rank_id = $rank_rows[$i]['rank_id'];
$rank_min = $rank_rows[$i]['rank_min'];
if ($special_rank == 1) {
$rank_min = $rank_max = "-";
}
$row_color = !($i % 2) ? $bgcolor2 : $bgcolor1;
$row_class = !($i % 2) ? 'row1' : 'row2';
$rank_is_special = $special_rank ? $lang['Yes'] : $lang['No'];
$template->assign_block_vars("ranks", array("ROW_COLOR" => $row_color, "ROW_CLASS" => $row_class, "RANK" => $rank, "SPECIAL_RANK" => $rank_is_special, "RANK_MIN" => $rank_min, "U_RANK_EDIT" => URL::admin("{$op}&mode=edit&id={$rank_id}"), "U_RANK_DELETE" => URL::admin("{$op}&mode=delete&id={$rank_id}")));
}
}
$template->display('body');
CloseTable();
}
$db->sql_freeresult($result);
}
$ranksrow = $db->sql_ufetchrowset("SELECT * FROM " . RANKS_TABLE . " ORDER BY rank_special, rank_min", SQL_ASSOC);
# Define censored word matches
$orig_word = array();
$replacement_word = array();
obtain_word_list($orig_word, $replacement_word);
# Censor topic title
if (count($orig_word)) {
$topic_title = preg_replace($orig_word, $replacement_word, $topic_title);
}
# Was a highlight request part of the URI?
$highlight_match = $highlight = '';
if (isset($_GET['highlight'])) {
// Split words and phrases
$words = explode(' ', htmlprepare($_GET['highlight']));
for ($i = 0; $i < sizeof($words); $i++) {
$words[$i] = trim($words[$i]);
if (trim($words[$i]) != '') {
$highlight_match .= ($highlight_match != '' ? '|' : '') . str_replace('*', '\\w*', phpbb_preg_quote($words[$i], '#'));
}
}
unset($words);
$highlight = urlencode($_GET['highlight']);
}
# Post, reply and other URL generation for templating vars
$printer_topic_url = URL::index("&file=viewtopic&printertopic=1&" . POST_TOPIC_URL . "={$topic_id}&start={$start}&postdays={$post_days}&postorder={$post_order}&vote=viewresult");
$new_topic_url = URL::index("&file=posting&mode=newtopic&" . POST_FORUM_URL . "={$forum_id}");
$reply_topic_url = URL::index("&file=posting&mode=reply&" . POST_TOPIC_URL . "={$topic_id}");
$view_forum_url = URL::index("&file=viewforum&" . POST_FORUM_URL . "={$forum_id}");
$view_prev_topic_url = URL::index("&file=viewtopic&" . POST_TOPIC_URL . "={$topic_id}&view=previous");
}
if ($desc != '') {
$post_titles[] = $desc;
}
}
}
}
// Iron out those Attachments assigned to us, but not more controlled by us. ;) (PM's)
if (count($post_titles) > 0) {
$delete_box = '<input type="checkbox" name="delete_id_list[]" value="' . $attachments[$i]['attach_id'] . '" />';
for ($j = 0; $j < count($delete_id_list); $j++) {
if ($delete_id_list[$j] == $attachments[$i]['attach_id']) {
$delete_box = '<input type="checkbox" name="delete_id_list[]" value="' . $attachments[$i]['attach_id'] . '" checked="checked" />';
break;
}
}
$post_titles = implode('<br />', $post_titles);
$hidden_field = '<input type="hidden" name="attach_id_list[]" value="' . $attachments[$i]['attach_id'] . '">';
$template->assign_block_vars('attachrow', array('ROW_NUMBER' => $i + ($_GET['start'] + 1), 'ROW_COLOR' => $row_color, 'ROW_CLASS' => $row_class, 'FILENAME' => $attachments[$i]['real_filename'], 'COMMENT' => nl2br(htmlprepare($attachments[$i]['comment'])), 'EXTENSION' => $attachments[$i]['extension'], 'SIZE' => round($attachments[$i]['filesize'] / MEGABYTE, 2), 'DOWNLOAD_COUNT' => $attachments[$i]['download_count'], 'POST_TIME' => create_date($board_config['default_dateformat'], $attachments[$i]['filetime']), 'POST_TITLE' => $post_titles, 'S_DELETE_BOX' => $delete_box, 'S_HIDDEN' => $hidden_field, 'U_VIEW_ATTACHMENT' => URL::index('Forums&file=download&id=' . $attachments[$i]['attach_id'])));
}
}
}
//
// Generate Pagination
//
if ($do_pagination && $total_rows > $board_config['topics_per_page']) {
$pagination = generate_pagination('&file=uacp&mode=' . $mode . '&order=' . $sort_order . '&' . POST_USERS_URL . '=' . $profiledata['user_id'], $total_rows, $board_config['topics_per_page'], $start) . ' ';
$template->assign_vars(array('PAGINATION' => $pagination, 'PAGE_NUMBER' => sprintf($lang['Page_of'], floor($start / $board_config['topics_per_page']) + 1, ceil($total_rows / $board_config['topics_per_page'])), 'L_GOTO_PAGE' => $lang['Goto_page']));
}
$template->set_filenames(array('body' => 'forums/uacp_body.html'));
require_once 'includes/phpBB/page_tail.php';
//
// Extension Management
//
if ($submit && $mode == 'extensions') {
//
// Change Extensions ?
//
$extension_change_list = isset($_POST['extension_change_list']) ? $_POST['extension_change_list'] : array();
$extension_explain_list = isset($_POST['extension_explain_list']) ? $_POST['extension_explain_list'] : array();
$group_select_list = isset($_POST['group_select']) ? $_POST['group_select'] : array();
//
// Generate correct Change List
//
$extensions = array();
for ($i = 0; $i < count($extension_change_list); $i++) {
$extensions['_' . $extension_change_list[$i]]['comment'] = htmlprepare($extension_explain_list[$i]);
$extensions['_' . $extension_change_list[$i]]['group_id'] = intval($group_select_list[$i]);
}
$result = $db->sql_query("SELECT * FROM " . EXTENSIONS_TABLE . " ORDER BY ext_id");
if ($db->sql_numrows($result) > 0) {
$extension_row = $db->sql_fetchrowset($result);
for ($i = 0; $i < count($extension_row); $i++) {
if ($extension_row[$i]['comment'] != $extensions['_' . $extension_row[$i]['ext_id']]['comment'] || intval($extension_row[$i]['group_id']) != intval($extensions['_' . $extension_row[$i]['ext_id']]['group_id'])) {
$sql = "UPDATE " . EXTENSIONS_TABLE . " \n\t\t\t\tSET comment = '" . $extensions['_' . $extension_row[$i]['ext_id']]['comment'] . "', group_id = " . $extensions['_' . $extension_row[$i]['ext_id']]['group_id'] . "\n\t\t\t\tWHERE ext_id = " . $extension_row[$i]['ext_id'];
$db->sql_query($sql);
}
}
}
//
// Delete Extension ?
//
$error = _SUSERSHORT;
}
if ($unum > 25) {
$error = _SUSERLONG;
}
if (eregi("javascript:(.*)", $username)) {
$error = _SUSERJS;
}
$username = ereg_replace("([^ ]{42})", "\\1", $username);
} else {
$username = $shoutconf['username'];
}
} else {
cpg_error('You\'re not allowed to post.');
}
$comment = htmlprepare($_POST['comment']);
//lots of little tests
$num = strlen($comment);
if ($num < 2) {
$error = _SHOUTSHORT;
}
if ($num > 2500) {
$error = _SHOUTLONG;
}
if (!$comment) {
$error = _SHOUTNONE;
}
//no more XSS....more or less...needs work..//
if (eregi("javascript:(.*)", $comment)) {
$error = _SHOUTJS;
}
} else {
$cpgtpl->assign_var('DL_REVIEWS', false);
}
$db->sql_freeresult($result);
if (can_admin($module_name) || $row['submitter'] == $userinfo['user_id']) {
// pagination
$cur_page2 = isset($_GET['p_page']) && $_GET['p_page'] > 0 ? intval($_GET['p_page']) : 1;
$limit2 = ($cur_page2 - 1) * $perpage;
$result = $db->sql_query("SELECT r.id, r.uid, r.ip, r.title, r.comment, r.score, r.timestamp, u.username, COUNT(r.score) AS votes FROM " . $dl_prefix . "_ratings r\n\tLEFT JOIN " . $user_prefix . "_users u ON (u.user_id = r.uid)\n\tWHERE r.lid='{$global_id}' AND r.comment!='' AND active=0 \n\tGROUP BY r.id DESC, r.uid, r.ip, r.title, r.comment, r.score, r.timestamp, u.username \n\tLIMIT {$perpage} OFFSET {$limit2}");
list($pending) = $db->sql_ufetchrow("SELECT COUNT(*) FROM " . $dl_prefix . "_ratings \n\tWHERE lid='{$global_id}' AND active=0");
if ($db->sql_numrows($result)) {
$cpgtpl->assign_vars(array('DL_P_REVIEW_PAGES' => ceil($pending / $perpage) > 1 ? gen_pagination($pending, $perpage, $cur_page2, '&file=details&id=' . $global_id, 'p_reviews', 'p_page') : false, 'DL_P_REVIEWS' => $pending));
$i = 0;
while (list($review_id, $review_uid, $review_ip, $review_title, $review_comment, $review_score, $review_timestamp, $review_uname, $review_votes) = $db->sql_fetchrow($result)) {
$rating_info = get_rating($review_score, $review_votes);
$cpgtpl->assign_block_vars('dl_p_review', array('ID' => $review_id, 'U_ID' => htmlprepare(URL::uri()) . '#r' . $review_id, 'RATING' => _DLP_REVIEW . ' #' . $review_id . ': ' . $rating_info['desc'], 'U_MEMBER' => URL::index('Your_Account&profile=' . $review_uid), 'MEMBERNAME' => $review_uname, 'DATE' => generate_date($review_timestamp), 'U_DEL' => can_admin($module_name) || $row['submitter'] == $userinfo['user_id'] ? '<a href="' . URL::index('&del_review=' . $review_id) . '">[' . strtolower(_DELETE) . ']</a>' : false, 'U_APPR' => can_admin($module_name) || $row['submitter'] == $userinfo['user_id'] ? '<a href="' . URL::index('&approve_review=' . $review_id) . '">[' . strtolower(_DLP_APPROVE) . ']</a>' : false, 'TITLE' => $review_title, 'COMMENT' => decode_bb_all($review_comment), 'IP' => decode_ip($review_ip), 'IMG_RATE' => dl_image('stars/' . $rating_info['rating'] . '.png'), 'SPACER' => $i > 0));
$i++;
}
} else {
$cpgtpl->assign_var('DL_P_REVIEWS', false);
}
$db->sql_freeresult($result);
} else {
$cpgtpl->assign_var('DL_P_REVIEWS', false);
}
}
if ($row['pick']) {
$cpgtpl->assign_block_vars('dl_image', array('SRC' => dl_image('pick.png'), 'TITLE' => _DLP_EDPICK));
}
// custom fields: images
$result = $db->sql_query("SELECT field, img_path, img_alt FROM " . $dl_prefix . "_fields \n\tWHERE type=3 AND visible > 0");
if ($db->sql_numrows($result) < 1) {
echo _NORESULTSTEXT;
} else {
while ($row = $db->sql_fetchrow($result)) {
$tid = $row['tid'];
$title = $row['title'];
echo "<strong><big>·</big></strong> <a href=\"" . getlink("&op=content&tid={$tid}&query={$query}") . "\">{$title}</a><br />";
}
}
echo "<br /><br />" . "<center><form action=\"" . getlink("&file=search") . "\" method=\"post\">" . "<input type=\"text\" size=\"20\" name=\"query\"> " . "<input type=\"hidden\" name=\"eid\" value=\"{$eid}\">" . "<input type=\"submit\" value=\"" . _SEARCH . "\">" . "</form><br /><br />" . "[ <a href=\"" . getlink() . "\">" . _RETURNTO . " " . _ENCYCLOPEDIA . "</a> ]<br /><br />" . _GOBACK . "</center>";
CloseTable();
} elseif (isset($_POST['query']) && !empty($_POST['query']) && $eid > 0) {
$result2 = $db->sql_query("SELECT title FROM " . $prefix . "_encyclopedia WHERE eid='{$eid}'", false, __FILE__, __LINE__);
$row = $db->sql_fetchrow($result2);
OpenTable();
echo '<center><b>' . _SEARCHRESULTSFOR . ' <i>' . htmlprepare($_POST['query']) . '</i></b></center><br /><br /><br />
<i><b>' . _RESULTSINTERMTITLE . '</b></i><br /><br />';
$query = Fix_Quotes($_POST['query'], 1);
$result = $db->sql_query("SELECT tid, title FROM " . $prefix . "_encyclopedia_text WHERE eid='{$eid}' AND title LIKE '%{$query}%'", false, __FILE__, __LINE__);
if ($db->sql_numrows($result) < 1) {
echo _NORESULTSTITLE;
} else {
while ($row = $db->sql_fetchrow($result)) {
$tid = $row[tid];
$title = $row[title];
echo "<strong><big>·</big></strong> <a href=\"" . getlink("&op=content&tid={$tid}") . "\">{$title}</a><br />";
}
}
$result = $db->sql_query("SELECT tid, title FROM " . $prefix . "_encyclopedia_text WHERE eid='{$eid}' AND text LIKE '%{$query}%'", false, __FILE__, __LINE__);
echo "<br /><br /><i><b>" . _RESULTSINTERMTEXT . "</b></i><br /><br />";
if ($db->sql_numrows($result) < 1) {
function saveuser(&$userinfo)
{
global $db, $user_prefix, $MAIN_CFG, $allowusertheme, $CPG_SESS, $SESS;
$mode = isset($_POST['save']) ? $_POST['save'] : 'profile';
if ($mode == 'admin' && !defined('ADMIN_PAGES')) {
$mode = 'profile';
}
if ($mode == 'profile') {
$section = 'section=1 OR section=2';
} elseif ($mode == 'private') {
$section = 'section=3';
} elseif ($mode == 'prefs') {
$section = 'section=5';
}
$sql = $pass_change = false;
if ($mode == 'reg_details') {
global $allowmailchange;
$current_password = isset($_POST['current_password']) ? md5($_POST['current_password']) : '';
if (isset($_POST['new_password'])) {
$new_password = $_POST['new_password'];
$verify_password = isset($_POST['verify_password']) ? $_POST['verify_password'] : '';
if ($new_password != $verify_password) {
cpg_error(_PASSDIFFERENT, 'ERROR: Password mismatch');
} elseif ($new_password != '') {
if (strlen($new_password) < $MAIN_CFG['member']['minpass']) {
cpg_error(_YOUPASSMUSTBE . ' <b>' . $MAIN_CFG['member']['minpass'] . '</b> ' . _CHARLONG, 'ERROR: Password too short');
}
$new_password = md5($new_password);
if ($new_password != $userinfo['user_password']) {
if (!defined('ADMIN_PAGES') && $current_password != $userinfo['user_password']) {
cpg_error('Password incorrect');
}
$sql = " user_password='******'";
$pass_change = true;
}
}
}
$user_email = isset($_POST['user_email']) ? $_POST['user_email'] : $userinfo['user_email'];
if (($allowmailchange || defined('ADMIN_PAGES')) && $user_email != $userinfo['user_email']) {
if ($current_password != $userinfo['user_password'] && !defined('ADMIN_PAGES')) {
cpg_error('Password incorrect');
}
if (is_email($user_email) < 1) {
cpg_error(_ERRORINVEMAIL);
}
if ($sql) {
$sql .= ', ';
}
$sql .= "user_email='{$user_email}'";
}
if (defined('ADMIN_PAGES') && isset($_POST['username']) && $_POST['username'] != $userinfo['username']) {
if (preg_match('#(\\ |\\*|#|\\\\|%|"|\'|`|&|\\^|@)', $_POST['username'])) {
cpg_error(_ERRORINVNICK);
}
if ($db->sql_count($user_prefix . '_users u, ' . $user_prefix . '_users_temp t', "u.username='******'username']}' OR t.username='******'username']}' LIMIT 1") > 0) {
cpg_error(_NICKTAKEN);
}
if ($sql) {
$sql .= ', ';
}
$sql .= "username='******'username']}'";
}
} elseif ($mode == 'avatar') {
require_once 'modules/' . basename(dirname(__FILE__)) . '/avatars.php';
// Local avatar?
$avatar_local = isset($_POST['user_avatar']) ? $_POST['user_avatar'] : '';
// Remote avatar?
$avatar_remoteurl = !empty($_POST['avatarremoteurl']) ? htmlprepare($_POST['avatarremoteurl']) : '';
// Upload avatar thru remote or upload?
$avatar_upload = !empty($_POST['avatarurl']) ? trim($_POST['avatarurl']) : (!empty($_FILES['avatar']) && $_FILES['avatar']['tmp_name'] != "none" ? $_FILES['avatar']['tmp_name'] : '');
$avatar_name = !empty($_FILES['avatar']['name']) ? $_FILES['avatar']['name'] : '';
// 0 = USER_AVATAR_NONE
if (isset($_POST['avatardel']) || $avatar_local == '') {
$sql = avatar_delete($userinfo);
}
// 1 = USER_AVATAR_UPLOAD
if ((!empty($avatar_upload) || !empty($avatar_name)) && $MAIN_CFG['avatar']['allow_upload']) {
if (!empty($avatar_upload)) {
$sql = avatar_upload(empty($avatar_name), $userinfo, $avatar_upload, $_FILES['avatar']);
} elseif (!empty($avatar_name)) {
cpg_error(sprintf(_AVATAR_FILESIZE, round($MAIN_CFG['avatar']['filesize'] / 1024)), 'ERROR: Filesize');
}
} elseif ($avatar_remoteurl != $userinfo['user_avatar'] && $avatar_remoteurl != '' && $MAIN_CFG['avatar']['allow_remote']) {
if (!preg_match('#^(http)|(ftp):\\/\\/#i', $avatar_remoteurl)) {
$avatar_remoteurl = 'http://' . $avatar_remoteurl;
}
if (preg_match('#^((http)|(ftp):\\/\\/[\\w\\-]+?\\.([\\w\\-]+\\.)+[\\w]+(:[0-9]+)*\\/.*?\\.(gif|jpg|jpeg|png)$)#is', $avatar_remoteurl)) {
if (in_array('getimagesize', explode(',', ini_get('disable_functions'))) || ini_get('disable_functions') == 'getimagesize') {
cpg_error('getimagesize is disabled', _AVATAR_ERR_URL);
} elseif (!getimagesize($avatar_remoteurl)) {
cpg_error('Image has wrong filetype', _AVATAR_ERR_URL);
} elseif (!($file_data = get_fileinfo($avatar_remoteurl, !$MAIN_CFG['avatar']['animated']))) {
cpg_error(_AVATAR_ERR_URL);
} elseif ($file_data['size'] > $MAIN_CFG['avatar']['filesize']) {
cpg_error(sprintf(_AVATAR_FILESIZE, round($MAIN_CFG['avatar']['filesize'] / 1024)));
} elseif (!$MAIN_CFG['avatar']['animated'] && $file_data['animation']) {
cpg_error('Animated avatar not allowed');
}
if (avatar_size($avatar_remoteurl)) {
avatar_delete($userinfo);
$sql = "user_avatar='{$avatar_remoteurl}', user_avatar_type=2";
}
} else {
cpg_error('Image has wrong filetype', 'ERROR: Image filetype');
}
} elseif ($avatar_local != $userinfo['user_avatar'] && $avatar_local != '' && $MAIN_CFG['avatar']['allow_local'] && file_exists($MAIN_CFG['avatar']['gallery_path'] . '/' . $avatar_local)) {
avatar_delete($userinfo);
$sql = "user_avatar='{$avatar_local}', user_avatar_type=3";
}
} elseif ($mode == 'admin') {
$sql = 'user_allow_pm=' . intval($_POST['user_allow_pm']) . ', user_allowavatar=' . intval($_POST['user_allowavatar']) . ', user_rank=' . intval($_POST['user_rank']);
$suspendreason = isset($_POST['suspendreason']) ? $_POST['suspendreason'] : 'no reason';
if ($_POST['suspendreason'] != $userinfo['susdel_reason']) {
$sql .= ', susdel_reason=\'' . Fix_Quotes($suspendreason) . "'";
}
if (intval($_POST['user_suspend']) == 0 && $userinfo['user_level'] == 0) {
$sql .= ', user_level=1';
} elseif (intval($_POST['user_suspend']) > 0 && $userinfo['user_level'] > 0) {
$message = _SORRYTO . ' ' . $MAIN_CFG['global']['sitename'] . ' ' . _HASSUSPEND;
if ($suspendreason > '') {
$message .= "\n\n" . _SUSPENDREASON . "\n{$suspendreason}";
}
$from = 'noreply@' . str_replace('www.', '', $MAIN_CFG['server']['domain']);
if (!send_mail($mailer_message, $message, 0, _ACCTSUSPEND, $userinfo['user_email'], $userinfo['username'], $from)) {
trigger_error($mailer_message, E_USER_WARNING);
}
$sql .= ', user_level=0, susdel_reason=\'' . Fix_Quotes($suspendreason) . "'";
}
} else {
$result = $db->sql_query('SELECT field, type FROM ' . $user_prefix . '_users_fields WHERE ' . $section);
if ($db->sql_numrows($result) > 0) {
while ($row = $db->sql_fetchrow($result)) {
$field = $row['field'] == 'name' ? 'realname' : $row['field'];
$value = Fix_Quotes($_POST[$field], 1);
if ($row['field'] == 'user_lang' && !$MAIN_CFG['global']['multilingual']) {
continue;
}
if ($row['type'] == 1 || $row['type'] == 4) {
$value = intval($value);
} else {
if ($field == 'user_website') {
if (!preg_match('#^http[s]?:\\/\\/#i', $value)) {
$value = 'http://' . $value;
}
if (!preg_match('#^(http[s]?\\:\\/\\/)?([a-z0-9\\-\\.]+)?[a-z0-9\\-]+\\.[a-z]{2,4}$#i', $value)) {
$value = '';
}
}
}
if ($row['type'] == 7 && !$allowusertheme) {
$value = $MAIN_CFG['global']['Default_Theme'];
}
if ($row['type'] == 6) {
$value = date_raw($value);
if (checkdate(substr($value, 4, 2), substr($value, 6, 2), substr($value, 0, 4))) {
$sql .= ", {$row['field']}='{$value}'";
}
} elseif (array_key_exists($row['field'], $userinfo) && $userinfo[$row['field']] != $value) {
$sql .= ", {$row['field']}='{$value}'";
}
if ($field == 'user_timezone') {
$sql .= ', user_dst=' . intval($_POST['user_dst']);
}
}
if ($sql) {
$sql = substr($sql, 2);
}
}
}
if ($sql) {
$db->sql_query('UPDATE ' . $user_prefix . '_users SET ' . $sql . " WHERE user_id=" . intval($userinfo['user_id']));
$_SESSION['CPG_USER'] = false;
unset($_SESSION['CPG_USER']);
if (!defined('ADMIN_PAGES')) {
if ($pass_change) {
global $CLASS;
$CLASS['member']->setmemcookie($userinfo['user_id'], $userinfo['username'], $new_password);
}
if (isset($_POST['theme']) && $allowusertheme) {
$CPG_SESS['theme'] = $_POST['theme'];
unset($CPG_SESS['prevtheme']);
}
cpg_error(_TASK_COMPLETED, _TB_INFO, URL::index('&edit=' . $mode));
} else {
cpg_error(_TASK_COMPLETED, _TB_INFO, URL::admin('users&mode=edit&edit=' . $mode . '&id=' . $userinfo['user_id']));
}
}
if (!defined('ADMIN_PAGES')) {
URL::redirect(URL::index('&edit=' . $mode));
} else {
cpg_error('Nothing changed', 'No update', URL::admin('users&mode=edit&edit=' . $mode . '&id=' . $userinfo['user_id']));
}
}
if ($comments == 0) {
$commentlink = $story_link . _COMMENTSQ . '</a> | ';
} elseif ($comments == 1) {
$commentlink = $story_link . $comments . ' ' . _COMMENT . '</a> | ';
} elseif ($comments > 1) {
$commentlink = $story_link . $comments . ' ' . _COMMENTS . '</a> | ';
}
}
$printlink = '<a href="' . URL::index('News&file=print&sid=' . $row['sid']) . '"><img src="images/news/print.gif" alt="' . _PRINTER . '" title="' . _PRINTER . '" /></a>';
if ($row['catid'] != 0) {
$title = '<a href="' . URL::index('News&catid=' . $row['catid']) . '">' . $row['cattitle'] . '</a> : ' . $title;
$catlink = '<a href="' . URL::index('News&catid=' . $row['catid']) . '">' . $row['cattitle'] . '</a> | ';
}
$rated = 0;
if ($row['score'] != 0) {
$rated = substr($row['score'] / $row['ratings'], 0, 4);
}
$scorelink = _SCORE . ' ' . $rated;
$row['topicimage'] = $row['topicimage'] != '' ? $row['topicimage'] : 'AllTopics.gif';
$row['topictext'] = htmlprepare($row['topictext']);
$row['informant'] = $row['informant'] != '' ? '<a href="' . URL::index("Your_Account&profile={$row['informant']}") . "\">{$row['informant']}</a>" : _ANONYMOUS;
$cpgtpl->assign_block_vars('newstopic', array('IMG_TOPIC' => (file_exists("themes/{$CPG_SESS['theme']}/images/topics/{$row['topicimage']}") ? "themes/{$CPG_SESS['theme']}/" : '') . "images/topics/{$row['topicimage']}", 'S_AUTHOR' => $row['aid'], 'S_INFORMANT' => $row['informant'], 'S_MORELINK' => $morelink, 'S_COMMLINK' => $commentlink, 'S_PRNTLINK' => $printlink, 'S_CATLINK' => $catlink, 'S_SCORLINK' => $scorelink, 'S_NOTE' => _NOTE, 'S_NOTES' => $row['notes'], 'S_POSTEDBY' => _POSTEDBY, 'S_STORY' => $row['hometext'], 'S_ON' => _ON, 'S_TEXTCOLOR1' => $textcolor1, 'S_TEXTCOLOR2' => $textcolor2, 'S_TIME' => " {$datetime} ", 'S_READS' => "({$row['counter']} " . _READS . ")", 'S_TITLE' => $title, 'S_TOPIC' => $row['topictext'], 'S_WRITES' => _WRITES, 'S_SID' => $row['sid'], 'U_NEWTOPIC' => URL::index("News&topic={$row['topic']}")));
}
$db->sql_freeresult($result);
$tmp = 0 < $topic ? '&topic=' . $topic : (0 < $catid ? '&catid=' . $catid : '');
pagination('News' . $tmp . '&page=', $pages, 1, $page);
$cpgtpl->set_filenames(array('body' => 'news/index.html'));
$cpgtpl->display('body');
}
}
}
<input type="hidden" name="n_group" value="' . $group . '" />';
}
// Load the required wysiwyg class
require CORE_PATH . 'wysiwyg/wysiwyg.inc';
// Create as many wysiwyg instances as you need
$wysiwyg = new Wysiwyg('newsletter', 'content', '90%', '300px', $content);
// Set all the required wysiwyg headers
$wysiwyg->setHeader();
require 'header.php';
GraphicAdmin('_AMENU5');
OpenTable();
echo '<form name="newsletter" action="' . URL::admin() . '" method="post" enctype="multipart/form-data" accept-charset="utf-8">
' . $wysiwyg->getSelect() . '
<table border="0" cellpadding="3" cellspacing="1" width="100%" class="forumline" style="margin:auto;">
<tr>
<td align="center" class="catleft" colspan="2"><b><span class="gen">' . $title . '</span></b></td>
</tr>' . $preview . '<tr>
<td class="row1"><span class="gen">' . _SUBJECT . '</span></td>
<td class="row2"><input type="text" name="subject" size="50" maxlength="255" value="' . htmlprepare($subject) . '" /></td>
</tr><tr>
<td class="row1"><span class="gen">' . _CONTENT . '</span></td>
<td class="row2">' . $wysiwyg->getHTML() . '</td>
</tr><tr>
<td class="row1"><span class="gen">' . _NL_RECIPS . '</span></td>
<td class="row2">' . newsletter_selection('group', $group) . '</td>
</tr>' . $notes . '<tr>
<td class="catbottom" colspan="2" align="center" height="28">
<input type="submit" name="preview" value="' . _PREVIEW . '" class="mainoption" />' . $submit . '
</td>
</tr></table></form>';
CloseTable();
# user configs, temporary here
# force HTTPS when $Module->https is active
define('HTTPS_REQUIRED', false);
require 'includes/cmsinit.inc';
//foreach (HOOKS::get('loader.name', 'cache')) {}
header('Last-Modified: ' . date('D, d M Y H:i:s', time()) . ' GMT');
header('X-Content-Type-Options: nosniff');
header('Expires: 0');
// should be moved to header.php
header('P3P: CP="' . $MAIN_CFG['header']['P3P'] . '"');
# standard privacy header change to yours
if ($SESS->new && $MAIN_CFG['global']['httpref'] && isset($_SERVER['HTTP_REFERER']) && !empty($_SERVER['HTTP_REFERER'])) {
$referer = Fix_Quotes($_SERVER['HTTP_REFERER']);
if (strpos($referer, '://') && !stripos($referer, $MAIN_CFG['server']['domain'])) {
if (!$db->sql_query('UPDATE ' . $prefix . '_referer SET lasttime=' . time() . ' WHERE url=\'' . htmlprepare($referer) . '\'', true) || !$db->sql_affectedrows()) {
$db->sql_query('INSERT INTO ' . $prefix . "_referer (url, lasttime) VALUES ('" . htmlprepare($referer) . "', " . time() . ")", true);
}
$numrows = $db->sql_count($prefix . '_referer');
$httprefmax = (int) $MAIN_CFG['global']['httprefmax'];
if ($numrows >= $httprefmax) {
$db->sql_query('DELETE FROM ' . $prefix . '_referer ORDER BY lasttime LIMIT ' . ($numrows - $httprefmax / 2));
}
}
}
/* acp insert new virtual modules, chroot example.php to /includes/load */
//Module::$custom[-2] = array('mid' => -2, 'name' => 'credits', 'file' => CORE_PATH.'info.inc', 'view' => 0);
//Module::$custom[-3] = array('mid' => -3, 'name' => 'privacy_policy', 'file' => CORE_PATH.'info.inc', 'view' => 0);
//Module::$custom[-4] = array('mid' => -4, 'name' => 'smilies', 'file' => CORE_PATH.'nbbcode.php', 'view' => 1);
//Module::$custom[-5] = array('mid' => -5, 'name' => 'user_search', 'file' => CORE_PATH.'user_search.php', 'view' => 1);
$name = !empty($_POST['name']) ? $_POST['name'] : (!empty($_GET['name']) ? $_GET['name'] : $MAIN_CFG['global']['main_module']);
if (!preg_match('#^[a-zA-Z0-9_\\-]+$#', $name)) {
}
}
//
// Assign Default Template Vars
//
$template->assign_vars(array('L_VIEW' => $lang['View'], 'L_SUBMIT' => $lang['Submit'], 'L_CONTROL_PANEL_TITLE' => $lang['Control_panel_title'], 'L_CONTROL_PANEL_EXPLAIN' => $lang['Control_panel_explain'], 'S_VIEW_SELECT' => $select_view, 'S_MODE_ACTION' => URL::admin('&do=attach_cp')));
if ($submit_change && $view == 'attachments') {
$attach_change_list = isset($_POST['attach_id_list']) ? $_POST['attach_id_list'] : array();
$attach_comment_list = isset($_POST['attach_comment_list']) ? $_POST['attach_comment_list'] : array();
$attach_download_count_list = isset($_POST['attach_count_list']) ? $_POST['attach_count_list'] : array();
//
// Generate correct Change List
//
$attachments = array();
for ($i = 0; $i < count($attach_change_list); $i++) {
$attachments['_' . $attach_change_list[$i]]['comment'] = htmlprepare($attach_comment_list[$i]);
$attachments['_' . $attach_change_list[$i]]['download_count'] = intval($attach_download_count_list[$i]);
}
$result = $db->sql_query("SELECT * FROM " . ATTACHMENTS_DESC_TABLE . " ORDER BY attach_id");
while ($attachrow = $db->sql_fetchrow($result)) {
if (isset($attachments['_' . $attachrow['attach_id']])) {
if ($attachrow['comment'] != $attachments['_' . $attachrow['attach_id']]['comment'] || intval($attachrow['download_count']) != intval($attachments['_' . $attachrow['attach_id']]['download_count'])) {
$sql = "UPDATE " . ATTACHMENTS_DESC_TABLE . " \n\t\t\t\tSET comment = '" . $attachments['_' . $attachrow['attach_id']]['comment'] . "', download_count = " . intval($attachments['_' . $attachrow['attach_id']]['download_count']) . "\n\t\t\t\tWHERE attach_id = " . $attachrow['attach_id'];
if (!$db->sql_query($sql)) {
message_die(GENERAL_ERROR, 'Couldn\'t update Attachments Informations', '', __LINE__, __FILE__, $sql);
}
}
}
}
} else {
if ($view == 'stats') {
function html_comments($pid)
{
global $CONFIG, $USER, $CURRENT_ALBUM_DATA, $username, $FAVPICS, $CURRENT_PIC_DATA, $THEME_DIR;
global $template_image_comments, $template_add_your_comment, $db;
$html = '';
if (!$CONFIG['enable_smilies']) {
$tmpl_comment_edit_box = template_extract_block($template_image_comments, 'edit_box_no_smilies', '{EDIT}');
template_extract_block($template_image_comments, 'edit_box_smilies');
template_extract_block($template_add_your_comment, 'input_box_smilies');
} else {
$tmpl_comment_edit_box = template_extract_block($template_image_comments, 'edit_box_smilies', '{EDIT}');
template_extract_block($template_image_comments, 'edit_box_no_smilies');
template_extract_block($template_add_your_comment, 'input_box_no_smilies');
}
$tmpl_comments_buttons = template_extract_block($template_image_comments, 'buttons', '{BUTTONS}');
$tmpl_comments_ipinfo = template_extract_block($template_image_comments, 'ipinfo', '{IPINFO}');
$result = $db->sql_query("SELECT msg_id, msg_author, msg_body, msg_date, author_id, author_md5_id, msg_raw_ip, msg_hdr_ip FROM {$CONFIG['TABLE_COMMENTS']} WHERE pid='{$pid}' ORDER BY msg_id ASC", false, __FILE__, __LINE__);
while ($row = $db->sql_fetchrow($result)) {
$user_can_edit = GALLERY_ADMIN_MODE || USER_ID > 1 && USER_ID == $row['author_id'] && USER_CAN_POST_COMMENTS || USER_ID < 2 && USER_CAN_POST_COMMENTS && $USER['ID'] == $row['author_md5_id'];
$comment_buttons = $user_can_edit ? $tmpl_comments_buttons : '';
$comment_edit_box = $user_can_edit ? $tmpl_comment_edit_box : '';
$comment_ipinfo = $row['msg_raw_ip'] && GALLERY_ADMIN_MODE ? $tmpl_comments_ipinfo : '';
if ($CONFIG['enable_smilies']) {
$comment_body = set_smilies(make_clickable($row['msg_body']));
$smilies = smilies_table('onerow', 'msg_body', "f{$row['msg_id']}");
} else {
$comment_body = make_clickable($row['msg_body']);
$smilies = '';
}
$params = array('{EDIT}' => &$comment_edit_box, '{BUTTONS}' => &$comment_buttons, '{IPINFO}' => &$comment_ipinfo);
$template = template_eval($template_image_comments, $params);
$info = '';
if (!in_array($pid, $FAVPICS)) {
$info = '<a href="' . URL::index('&file=addfav&pid=' . $CURRENT_PIC_DATA['pid']) . '" >' . ADDFAV . '</a>';
} else {
$info = '<a href="' . URL::index('&file=addfav&pid=' . $CURRENT_PIC_DATA['pid']) . '" >' . REMFAV . '</a>';
}
$params = array('{MSG_AUTHOR}' => $row['msg_author'], '{MSG_ID}' => $row['msg_id'], '{MSG_TYPE}' => GALLERY_ADMIN_MODE ? 'text' : 'hidden', '{EDIT_TITLE}' => COM_EDIT_TITLE, '{CONFIRM_DELETE}' => CONFIRM_DELETE_COM, '{DELETE_LINK}' => URL::index("&file=delete"), '{DELETE_TEXT}' => DELETE . ' ' . COMMENT, '{MSG_DATE}' => localised_date($row['msg_date'], COMMENT_DATE_FMT), '{MSG_BODY}' => &$comment_body, '{MSG_BODY_RAW}' => $row['msg_body'], '{OK}' => OK, '{SMILIES}' => $smilies, '{HDR_IP}' => NET::decode_ip($row['msg_hdr_ip']), '{RAW_IP}' => NET::decode_ip($row['msg_raw_ip']), '{ACTION}' => 'action="' . URL::index('&file=db_input') . '" enctype="multipart/form-data" accept-charset="utf-8"', '{ADDFAVLINK}' => URL::index("&file=addfav&pid={$pid}"), '{ADDFAVTEXT}' => $info, '{THEMEDIR}' => $THEME_DIR);
$html .= template_eval($template, $params);
}
if (USER_CAN_POST_COMMENTS && $CURRENT_ALBUM_DATA['comments']) {
if (USER_ID > 1) {
$username_input = '<input type="hidden" name="msg_author" value="' . CPG_USERNAME . '" />';
template_extract_block($template_add_your_comment, 'username_input', $username_input);
// $username = '';
} else {
$username = isset($USER['name']) ? '"' . htmlprepare($USER['name']) . '"' : '"' . YOUR_NAME . '" onclick="javascript:this.value=\'\';"';
}
if (!in_array($pid, $FAVPICS)) {
$info = '<a href="' . URL::index('&file=addfav&pid=' . $CURRENT_PIC_DATA['pid']) . '" >' . ADDFAV . '</a>';
} else {
$info = '<a href="' . URL::index('&file=addfav&pid=' . $CURRENT_PIC_DATA['pid']) . '" >' . REMFAV . '</a>';
}
$params = array('{ADD_YOUR_COMMENT}' => ADD_YOUR_COMMENT, '{NAME}' => COM_NAME, '{COMMENT}' => COMMENT, '{PIC_ID}' => $pid, '{username}' => $username, '{MAX_COM_LENGTH}' => $CONFIG['max_com_size'], '{OK}' => OK, '{SMILIES}' => '', '{ACTION}' => 'action="' . URL::index("&file=db_input") . '" enctype="multipart/form-data" accept-charset="utf-8"', '{ADDFAVLINK}' => URL::index("&file=addfav&pid={$pid}"), '{ADDFAVTEXT}' => $info);
if ($CONFIG['enable_smilies']) {
$params['{SMILIES}'] = smilies_table('onerow', 'message', 'post');
}
// if ($CONFIG['enable_smilies']) $params['{SMILIES}'] = generate_smilies();
$html .= template_eval($template_add_your_comment, $params);
}
if (USER_ID > 1 or $CONFIG['allow_anon_fullsize'] or USER_IS_ADMIN) {
return $html;
}
}
while ($row = $db->sql_fetchrow($result)) {
$post_id_sql .= ($post_id_sql != '' ? ', ' : '') . intval($row['post_id']);
}
$db->sql_freeresult($result);
$sql = "SELECT post_id, poster_id, topic_id, post_time FROM " . POSTS_TABLE . "\n\t\t WHERE post_id IN ({$post_id_sql}) ORDER BY post_time ASC";
$result = $db->sql_query($sql);
if ($row = $db->sql_fetchrow($result)) {
$first_poster = $row['poster_id'];
$topic_id = $row['topic_id'];
$post_time = $row['post_time'];
$user_id_sql = $post_id_sql = '';
do {
$user_id_sql .= ($user_id_sql != '' ? ', ' : '') . intval($row['poster_id']);
$post_id_sql .= ($post_id_sql != '' ? ', ' : '') . intval($row['post_id']);
} while ($row = $db->sql_fetchrow($result));
$post_subject = htmlprepare($_POST['subject']);
if (empty($post_subject)) {
message_die(GENERAL_MESSAGE, $lang['Empty_subject']);
}
$new_forum_id = intval($_POST['new_forum_id']);
$topic_time = time();
$sql = "INSERT INTO " . TOPICS_TABLE . " (topic_title, topic_poster, topic_time, forum_id, topic_status, topic_type)\n\t\t\tVALUES ('" . Fix_Quotes($post_subject) . "', {$first_poster}, " . $topic_time . ", {$new_forum_id}, " . TOPIC_UNLOCKED . ", " . POST_NORMAL . ")";
$db->sql_query($sql);
$new_topic_id = $db->sql_nextid('topic_id');
// Update topic watch table, switch users whose posts
// have moved, over to watching the new topic
$sql = "UPDATE " . TOPICS_WATCH_TABLE . "\n\t\t\tSET topic_id = {$new_topic_id}\n\t\t\tWHERE topic_id = {$topic_id}\n\t\t\t\tAND user_id IN ({$user_id_sql})";
$db->sql_query($sql);
$sql_where = !empty($_POST['split_type_beyond']) ? " post_time >= {$post_time} AND topic_id = {$topic_id}" : "post_id IN ({$post_id_sql})";
$sql = "UPDATE " . POSTS_TABLE . "\n\t\t\tSET topic_id = {$new_topic_id}, forum_id = {$new_forum_id}\n\t\t\tWHERE {$sql_where}";
$db->sql_query($sql);
// application/rss+xml
// <ttl>60</ttl> a number of minutes that indicates how long a channel can be cached before refresh.
echo '<?xml version="1.0" encoding="UTF-8"?>
<rss version="2.0">
<channel>
<title>' . htmlprepare($sitename) . '</title>
<link>' . $BASEHREF . '</link>
<description>' . htmlprepare($backend_title) . '</description>
<language>' . $backend_language . '</language>
<pubDate>' . $date . '</pubDate>
<ttl>' . 60 * 24 . '</ttl>
<generator>CPG-Nuke Dragonfly</generator>
<copyright>' . htmlprepare($sitename) . '</copyright>
<category>Downloads</category>
<docs>http://backend.userland.com/rss</docs>
<image>
<url>' . $BASEHREF . 'images/' . $MAIN_CFG['global']['site_logo'] . '</url>
<title>' . htmlprepare($sitename) . '</title>
<link>' . $BASEHREF . "</link>\n </image>\n\n";
if ($row) {
do {
echo '<item>
<title>' . htmlprepare($row['title']) . '</title>
<link>' . URL::index('Downloads&file=details&id=' . $row['lid'], true, true) . '</link>
<description>' . htmlprepare($row['desc_short'], false, ENT_QUOTES, true) . '</description>
<pubDate>' . date('D, d M Y H:i:s \\G\\M\\T', $row['date']) . "</pubDate>\n</item>\n\n";
} while ($row = $db->sql_fetchrow($result));
}
?>
</channel>
</rss>
foreach ($modlist as $mod) {
if (class_exists($mod['search_class'])) {
$search = new $mod['search_class']();
if ($search->options) {
echo '<hr /><div><strong>' . _ADVOPTIONSFOR . ' ' . $mod['title'] . ':</strong><br />' . $search->options . '<br /></div>';
}
}
}
echo '</form>';
CloseTable();
} else {
$page = isset($_GET['page']) ? intval($_GET['page']) : 0;
$limit = isset($_GET['limit']) ? intval($_GET['limit']) : 10;
$query = isset($_POST['search']) ? $_POST['search'] : $_GET['search'];
$sql_query = Fix_Quotes($query);
$the_query = htmlprepare($query);
$url_query = urlencode($query);
$modules = array();
if (isset($_POST['modules'])) {
foreach ($_POST['modules'] as $mod) {
if (isset($modlist[$mod])) {
$modules[$mod] = $modlist[$mod];
}
}
} else {
if (isset($_GET['mod'])) {
if (isset($modlist[$_GET['mod']])) {
$modules[$_GET['mod']] = $modlist[$_GET['mod']];
}
} else {
$modules = $modlist;
$selects .= '<optgroup label="' . $cat['crumb'] . '">';
} else {
$selects .= '<option value="' . $cat['cid'] . '"' . (isset($_GET['c']) && $cat['cid'] == intval($_GET['c']) || $cat['cid'] == $in['cat'] ? ' selected="selected"' : '') . '>' . $cat['crumb'] . '</option>';
}
}
$selects .= '</optgroup></select>';
}
require_once 'header.php';
$images = DL_Image::output_list($mng_id, $in['screen']);
$cpgtpl->assign_vars(array('DL_MENU' => dl_menu(), 'DL_ERRORS' => !empty($errors), 'DL_WARNINGS' => !empty($warnings), 'DL_MIRRORS' => DL_Mirror::output_list($mng_id), 'DL_IMAGES' => $images, 'IS_NEW_DL' => !can_admin($module_name), 'CAN_ADMIN' => can_admin($module_name), 'B_SCREENSHOT' => $dl_config['screen_active'] || can_admin($module_name), 'B_ADD_IMAGE' => $dl_config['screen_active'] && $images < $dl_config['screen_max'], 'B_NOTES' => false, 'B_REASON' => false, 'B_UPL_FILE' => $dl_config['upl_file'] || can_admin($module_name), 'B_UPL_IMAGE' => $dl_config['upl_image'] || can_admin($module_name), 'B_PENDING' => false, 'B_FETCH_PAD' => $fetch_pad, 'B_REM_MD5' => $dl_config['md5_remote'], 'L_YES' => _YES, 'L_NO' => _NO, 'L_DELETE' => _DELETE, 'L_UPDATE' => 'Update', 'L_CATEGORY' => _CATEGORY, 'L_SHORT_DESC' => 'Short Description', 'L_MAX_CHARS' => sprintf(_M_CHARS, 255), 'L_DESCRIPTION' => _DESCRIPTION, 'L_AUTHORNAME' => _AUTHORNAME, 'L_AUTHOREMAIL' => _AUTHOREMAIL, 'L_MD5' => 'MD5', 'S_BBCODE' => bbcode_table('in[desc_long]', 'add_download', true), 'DL_TITLE' => htmlprepare($in['title']), 'DL_ACCESS' => group_selectbox('in[access]', $in['access']), 'DL_CATSEL' => $selects, 'DL_DESC_SHORT' => htmlprepare($in['desc_short']), 'DL_DESC_LONG' => htmlprepare($in['desc_long']), 'DL_NOTES' => '', 'DL_REASON' => '', 'DL_NAME' => htmlprepare($in['name']), 'DL_EMAIL' => $in['email'], 'U_DL_FORM' => URL::index('&file=add')));
foreach ($errors as $error) {
$cpgtpl->assign_block_vars('dl_errors', array('S_ENTRY' => $error));
}
foreach ($warnings as $warning) {
$cpgtpl->assign_block_vars('dl_warnings', array('S_ENTRY' => $warning));
}
$result = $db->sql_uquery("SELECT * FROM " . $dl_prefix . "_fields \n\tWHERE visible > 0" . (!can_admin($module_name) ? ' AND visible < 3' : '') . " \n\tORDER BY title");
while ($field = $db->sql_fetchrow($result)) {
$f_title = defined($field['title']) ? constant($field['title']) : $field['title'];
$f_title = $field['visible'] == 2 ? '* ' . $f_title : $f_title;
if ($field['type'] == 1 || $field['type'] == 3) {
$f_value = isset($in[$field['field']]) ? intval($in[$field['field']]) : $field['size'];
$f_value = $f_value > 0 ? array(' checked="checked"', '') : array('', ' checked="checked"');
$cpgtpl->assign_block_vars('fields', array('TITLE' => $f_title, 'TYPE' => $field['type'], 'NAME' => $field['field'], 'S_YES' => $f_value[0], 'S_NO' => $f_value[1]));
} else {
$f_value = isset($in[$field['field']]) ? htmlprepare($in[$field['field']]) : '';
$cpgtpl->assign_block_vars('fields', array('TITLE' => $f_title, 'TYPE' => $field['type'], 'NAME' => $field['field'], 'SIZE' => $field['size'], 'VALUE' => $f_value));
}
}
$cpgtpl->set_filenames(array('body' => 'downloads/manage.html'));
$cpgtpl->display('body');
// <ttl>60</ttl> a number of minutes that indicates how long a channel can be cached before refresh.
echo '<?xml version="1.0" encoding="UTF-8"?>
<rss version="2.0">
<channel>
<title>' . htmlprepare($sitename) . '</title>
<link>' . $BASEHREF . '</link>
<description>' . htmlprepare($backend_title) . '</description>
<language>' . $backend_language . '</language>
<pubDate>' . $date . '</pubDate>
<ttl>' . 60 * 24 . '</ttl>
<generator>NexOS RSS Feeder</generator>
<copyright>' . htmlprepare($sitename) . '</copyright>
<category>News</category>
<docs>http://cyber.law.harvard.edu/rss/rss.html</docs>
<image>
<url>' . $BASEHREF . 'images/' . $MAIN_CFG['global']['site_logo'] . '</url>
<title>' . htmlprepare($sitename) . '</title>
<link>' . $BASEHREF . "</link>\n </image>\n\n";
if ($row) {
do {
echo '<item>
<title>' . htmlprepare($row['title']) . '</title>
<link>' . URL::index('News&file=article&sid=' . $row['sid'], true, true) . '</link>
<description>' . htmlprepare(decode_bb_all($row['hometext'], 1, true), false, ENT_QUOTES, true) . '</description>
<pubDate>' . date('D, d M Y H:i:s \\G\\M\\T', $row['time']) . "</pubDate>\n</item>\n\n";
} while ($row = $db->sql_fetchrow($result));
}
?>
</channel>
</rss>
}
if ($mode != "") {
if ($mode == "edit" || $mode == "add") {
$word_id = isset($_GET['id']) ? intval($_GET['id']) : 0;
$template->set_filenames(array('body' => 'forums/admin/words_edit_body.html'));
$s_hidden_fields = '';
if ($mode == "edit") {
if ($word_id) {
$result = $db->sql_query("SELECT * FROM " . WORDS_TABLE . " WHERE word_id = {$word_id}");
$word_info = $db->sql_fetchrow($result);
$s_hidden_fields .= '<input type="hidden" name="id" value="' . $word_id . '" />';
} else {
message_die(GENERAL_MESSAGE, $lang['No_word_selected']);
}
}
$template->assign_vars(array("WORD" => isset($word_info['word']) ? htmlprepare($word_info['word']) : '', "REPLACEMENT" => isset($word_info['replacement']) ? htmlprepare($word_info['replacement']) : '', "L_WORDS_TITLE" => $lang['Words_title'], "L_WORDS_TEXT" => $lang['Words_explain'], "L_WORD_CENSOR" => $lang['Edit_word_censor'], "L_WORD" => $lang['Word'], "L_REPLACEMENT" => $lang['Replacement'], "L_SUBMIT" => $lang['Submit'], "S_WORDS_ACTION" => URL::admin("&do=words"), "S_HIDDEN_FIELDS" => $s_hidden_fields));
} else {
if ($mode == "save") {
$word_id = isset($_POST['id']) ? intval($_POST['id']) : 0;
$word = isset($_POST['word']) ? trim($_POST['word']) : "";
$replacement = isset($_POST['replacement']) ? trim($_POST['replacement']) : "";
if ($word == "" || $replacement == "") {
message_die(GENERAL_MESSAGE, $lang['Must_enter_word']);
}
if ($word_id) {
$sql = "UPDATE " . WORDS_TABLE . "\n\t\t\t\tSET word = '" . Fix_Quotes($word) . "', replacement = '" . Fix_Quotes($replacement) . "'\n\t\t\t\tWHERE word_id = {$word_id}";
$message = $lang['Word_updated'];
} else {
$sql = "INSERT INTO " . WORDS_TABLE . " (word, replacement)\n\t\t\t\tVALUES ('" . Fix_Quotes($word) . "', '" . Fix_Quotes($replacement) . "')";
$message = $lang['Word_added'];
}
protected function display_attachment_bodies()
{
global $attach_config, $db, $is_auth, $lang, $mode, $template, $upload_dir, $userdata, $forum_id;
global $phpbb_root_path;
$value_add = $value_posted = '';
//
// Choose what to display
//
if (intval($attach_config['show_apcp'])) {
if (!empty($_POST['add_attachment_box'])) {
$value_add = $this->add_attachment_body == 0 ? '1' : '0';
$this->add_attachment_body = intval($value_add);
} else {
$value_add = $this->add_attachment_body == 0 ? '0' : '1';
}
if (!empty($_POST['posted_attachments_box'])) {
$value_posted = $this->posted_attachments_body == 0 ? '1' : '0';
$this->posted_attachments_body = intval($value_posted);
} else {
$value_posted = $this->posted_attachments_body == 0 ? '0' : '1';
}
$template->assign_block_vars('show_apcp', array());
} else {
$this->add_attachment_body = 1;
$this->posted_attachments_body = 1;
}
$template->set_filenames(array('attachbody' => 'forums/posting_attach_body.html'));
//display_compile_cache_clear($template->files['attachbody'], 'attachbody');
$s_hidden = '<input type="hidden" name="add_attachment_body" value="' . $value_add . '" />';
$s_hidden .= '<input type="hidden" name="posted_attachments_body" value="' . $value_posted . '" />';
$u_rules_id = $forum_id;
$template->assign_vars(array('L_ATTACH_POSTING_CP' => $lang['Attach_posting_cp'], 'L_ATTACH_POSTING_CP_EXPLAIN' => $lang['Attach_posting_cp_explain'], 'L_OPTIONS' => $lang['Options'], 'L_ADD_ATTACHMENT_TITLE' => $lang['Add_attachment_title'], 'L_POSTED_ATTACHMENTS' => $lang['Posted_attachments'], 'L_FILE_NAME' => $lang['File_name'], 'L_FILE_COMMENT' => $lang['File_comment'], 'POSTED_ATTACHMENTS_BODY' => '', 'RULES' => '<a href="' . URL::index("Forums&file=attach_rules&f={$u_rules_id}&popup=1") . '" target="_blank">' . $lang['Allowed_extensions_and_sizes'] . '</a>', 'S_HIDDEN' => $s_hidden));
$attachments = array();
if (count($this->attachments) > 0) {
if (intval($attach_config['show_apcp'])) {
$template->assign_block_vars('switch_posted_attachments', array());
}
}
if ($this->add_attachment_body) {
$template->set_filenames(array('addbody' => 'forums/add_attachment_body.html'));
$form_enctype = 'enctype="multipart/form-data" accept-charset="utf-8"';
$template->assign_vars(array('L_ADD_ATTACH_TITLE' => $lang['Add_attachment_title'], 'L_ADD_ATTACH_EXPLAIN' => $lang['Add_attachment_explain'], 'L_ADD_ATTACHMENT' => $lang['Add_attachment'], 'FILE_COMMENT' => htmlprepare($this->file_comment), 'FILESIZE' => intval($attach_config['max_filesize']), 'FILENAME' => $this->filename, 'S_FORM_ENCTYPE' => $form_enctype));
$template->assign_var_from_handle('ADD_ATTACHMENT_BODY', 'addbody');
}
if ($this->posted_attachments_body && count($this->attachments) > 0) {
$template->set_filenames(array('postedbody' => 'forums/posted_attachments_body.html'));
$template->assign_vars(array('L_POSTED_ATTACHMENTS' => $lang['Posted_attachments'], 'L_UPDATE_COMMENT' => $lang['Update_comment'], 'L_UPLOAD_NEW_VERSION' => $lang['Upload_new_version'], 'L_DELETE_ATTACHMENT' => $lang['Delete_attachment'], 'L_DELETE_THUMBNAIL' => $lang['Delete_thumbnail'], 'L_OPTIONS' => $lang['Options']));
for ($i = 0; $i < count($this->attachments); $i++) {
if ($this->attachments[$i]['attach_id'] < 1) {
$download_link = $upload_dir . '/' . $this->attachments[$i]['physical_filename'];
} else {
global $module_name;
$module = $module_name == 'Private_Messages' ? 'Forums' : $module_name;
$download_link = URL::index($module_name . '&file=download&id=' . $this->attachments[$i]['attach_id']);
}
$template->assign_block_vars('attach_row', array('FILE_NAME' => $this->attachments[$i]['real_filename'], 'ATTACH_FILENAME' => $this->attachments[$i]['physical_filename'], 'FILE_COMMENT' => htmlprepare($this->attachments[$i]['comment']), 'ATTACH_ID' => $this->attachments[$i]['attach_id'], 'U_VIEW_ATTACHMENT' => $download_link));
//
// Thumbnail there ? And is the User Admin or Mod ? Then present the 'Delete Thumbnail' Button
//
if (intval($this->attachments[$i]['thumbnail']) == 1 && ($is_auth['auth_mod'] || $userdata['user_level'] == ADMIN)) {
$template->assign_block_vars('attach_row.switch_thumbnail', array());
}
if ($this->attachments[$i]['attach_id'] > 0) {
$template->assign_block_vars('attach_row.switch_update_attachment', array());
}
}
$template->assign_var_from_handle('POSTED_ATTACHMENTS_BODY', 'postedbody');
}
$template->assign_var_from_handle('ATTACHBOX', 'attachbody');
}
