function cookiedecode()
{
if (!pnUserLoggedIn()) {
return;
}
global $cookie;
$cookie = array(pnUserGetVar('uid'), pnUserGetVar('uname'), pnUserGetVar('pass'), pnUserGetVar('storynum'), pnUserGetVar('umode'), pnUserGetVar('uorder'), pnUserGetVar('thold'), pnUserGetVar('noscore'), pnUserGetVar('ublockon'), pnUserGetVar('theme'), pnUserGetVar('commentmax'));
return $cookie;
}
function blocks_login_block($row)
{
global $HTTP_SERVER_VARS;
if (empty($row['title'])) {
$row['title'] = 'Login';
}
if (!pnSecAuthAction(0, 'Loginblock::', "{$row['title']}::", ACCESS_READ)) {
return;
}
// code taken pnGetBaseURI to fix issue with IIS not passing request_uri
// markwest
// Start of with REQUEST_URI
if (isset($HTTP_SERVER_VARS['REQUEST_URI'])) {
$path = $HTTP_SERVER_VARS['REQUEST_URI'];
} else {
$path = getenv('REQUEST_URI');
}
if (empty($path) || substr($path, -1, 1) == '/') {
// REQUEST_URI was empty or pointed to a path
// Try looking at PATH_INFO
$path = getenv('PATH_INFO');
if (empty($path)) {
// No luck there either
// Try SCRIPT_NAME
if (isset($HTTP_SERVER_VARS['SCRIPT_NAME'])) {
$path = $HTTP_SERVER_VARS['SCRIPT_NAME'];
} else {
$path = getenv('SCRIPT_NAME');
}
}
}
if (!pnUserLoggedIn()) {
// prettified a little with a table for inputs and button to avoid bugs like #493456 (Andy Varganov)
$boxstuff = '<form action="user.php" method="post">';
$boxstuff .= '<table border="0" width="100%" cellspacing="0" cellpadding="1"><tr><td>';
$boxstuff .= '<span class="pn-normal"> ' . _BLOCKNICKNAME . '</span></td></tr><tr><td>';
$boxstuff .= '<input type="text" name="uname" size="14" maxlength="25"></td></tr><tr><td>';
$boxstuff .= '<span class="pn-normal"> ' . _BLOCKPASSWORD . '</span></td></tr><tr><td>';
$boxstuff .= '<input type="password" name="pass" size="14" maxlength="20"></td></tr><tr><td>';
if (pnConfigGetVar('seclevel') != 'High') {
$boxstuff .= '<input type="checkbox" value="1" name="rememberme" />';
$boxstuff .= '<span class="pn-normal"> ' . _REMEMBERME . '</span></td></tr><tr><td>';
}
$boxstuff .= '<br>';
$boxstuff .= '<input type="hidden" name="module" value="NS-User" />';
$boxstuff .= '<input type="hidden" name="op" value="login" />';
$boxstuff .= '<input type="hidden" name="url" value="' . pnVarPrepForDisplay($path) . '" />';
$boxstuff .= '<input type="submit" value="' . _LOGIN . '" /></td></tr><tr><td>';
$boxstuff .= '<br /><span class="pn-normal">' . _ASREGISTERED . '</span></td></tr><tr><td></table></form>';
if (empty($row['title'])) {
$row['title'] = _LOGIN;
}
$row['content'] = $boxstuff;
return themesideblock($row);
}
}
function dplink_user_main()
{
$url = trim(pnModGetVar('dplink', 'url'));
$window = pnModGetVar('dplink', 'use_window');
$wrap = pnModGetVar('dplink', 'use_postwrap');
$user_data = array();
$home = pnGetBaseURL();
$home .= 'user.php?op=loginscreen&module=NS-User';
if (!pnUserLoggedIn()) {
pnRedirect($home);
}
// We need to get the user password string from the database
$uid = pnUserGetVar('uid');
list($dbconn) = pnDBGetConn();
$pntables = pnDBGetTables();
$usertable = $pntables['users'];
$usercol =& $pntables['users_column'];
$sql = "SELECT {$usercol['uname']}, {$usercol['pass']}, {$usercol['name']}, {$usercol['email']} " . "FROM {$usertable} WHERE {$usercol['uid']} = {$uid}";
$result = $dbconn->Execute($sql);
if ($dbconn->ErrorNo() != 0) {
die('Could not get user details');
}
if ($result->EOF) {
die('Could not get user detail');
}
list($uname, $password, $user_name, $user_email) = $result->fields;
$result->Close();
$user_data['login'] = $uname;
$user_data['passwd'] = $password;
$user_data['name'] = $user_name;
$user_data['email'] = $user_email;
$parm = serialize($user_data);
$check = md5($parm);
$cparm = gzcompress($parm);
$bparm = urlencode(base64_encode($cparm));
if ($window) {
$url .= '/index.php?login=pn&userdata=' . $bparm . '&check=' . $check;
header('Location: ' . $url);
} else {
$url .= '/index.php?login=pn%26userdata=' . $bparm . '%26check=' . $check;
if ($wrap) {
header('Location: modules.php?op=modload&name=PostWrap&file=index&page=' . $url);
} else {
header('Location: modules.php?op=modload&name=dplink&file=index&url=' . $url);
}
}
exit;
}
/**
* display block
*
* @param array $blockinfo a blockinfo structure
* @return output the rendered bock
*/
function FlashChatBridge_Onlineblock_display($blockinfo)
{
if (!SecurityUtil::checkPermission('FlashChatBridge:Onlineblock:', "::", ACCESS_READ)) {
return false;
}
if (!pnModAvailable('FlashChatBridge') || !pnUserLoggedIn()) {
return false;
}
//pnModLoad("FlashChatBridge");
$Users = pnModAPIFunc('FlashChatBridge', 'user', 'getChatterList');
$count = count($Users);
$render = pnRender::getInstance('FlashChatBridge', false);
$render->assign('Users', $Users);
$render->assign('Count', $count);
$blockinfo['content'] = $render->fetch('flashchatbridge_block_online.htm');
return pnBlockThemeBlock($blockinfo);
}
function hasAlbumAccess($albumId, $access, $viewKey)
{
// Admin can do everything
if (SecurityUtil::checkPermission('mediashare::', '::', ACCESS_ADMIN)) {
return true;
}
$userId = (int) pnUserGetVar('uid');
// Owner can do everything
if (!($album = pnModAPIFunc('mediashare', 'user', 'getAlbum', array('albumId' => $albumId)))) {
return false;
}
if ($album['ownerId'] == $userId) {
return true;
}
// Don't enable any edit access if not having normal Zikula edit access
if (!SecurityUtil::checkPermission('mediashare::', '::', ACCESS_EDIT)) {
$access = $access & ~mediashareAccessRequirementEditSomething;
}
// Must have normal PN read access to the module
if (!SecurityUtil::checkPermission('mediashare::', '::', ACCESS_READ)) {
return false;
}
// Anonymous is not allowed to add stuff, so remove those bits
if (!pnUserLoggedIn()) {
$access = $access & ~mediashareAccessRequirementAddSomething;
}
pnModDBInfoLoad('Groups');
// Make sure groups database info is available
$pntable = pnDBGetTables();
$accessTable = $pntable['mediashare_access'];
$accessColumn = $pntable['mediashare_access_column'];
$membershipTable = $pntable['group_membership'];
$membershipColumn = $pntable['group_membership_column'];
$invitedAlbums = pnModAPIFunc('mediashare', 'invitation', 'getInvitedAlbums', array());
if (is_array($invitedAlbums) && $invitedAlbums[$albumId] && ($access & mediashareAccessRequirementView) == mediashareAccessRequirementView) {
return true;
}
$sql = "SELECT COUNT(*)\n FROM {$accessTable}\n LEFT JOIN {$membershipTable}\n ON {$membershipColumn['gid']} = {$accessColumn['groupId']}\n AND {$membershipColumn['uid']} = {$userId}\n WHERE {$accessColumn['albumId']} = {$albumId}\n AND ({$accessColumn['access']} & {$access}) != 0\n AND ({$membershipColumn['gid']} IS NOT NULL OR {$accessColumn['groupId']} = -1)";
$result = DBUtil::executeSQL($sql);
if ($result === false) {
return LogUtil::registerError(__f('Error in %1$s: %2$s.', array('accessapi.hasAlbumAccess', 'Could not retrieve the user privilegies.'), $dom));
}
$hasAccess = DBUtil::marshallObjects($result, array('count'));
return $hasAccess[0]['count'] > 0;
}
function blocks_user_block($row)
{
list($dbconn) = pnDBGetConn();
$pntable = pnDBGetTables();
if (!pnSecAuthAction(0, 'Userblock::', "{$row['title']}::", ACCESS_READ)) {
return;
}
if (pnUserLoggedIn() && pnUserGetVar('ublockon') == 1) {
$column =& $pntable['users_column'];
$uid = pnUserGetVar('uid');
$getblock = $dbconn->Execute("SELECT {$column['ublock']} FROM {$pntable['users']} WHERE {$column['uid']}=" . pnVarPrepForStore($uid) . "");
list($ublock) = $getblock->fields;
$username = pnUserGetVar('name');
$row['title'] = _MENUFOR . " " . pnVarPrepForDisplay($username) . "";
$row['content'] = $ublock;
return themesideblock($row);
}
}
/**
* display block
*
* @param array $blockinfo a blockinfo structure
* @return output the rendered bock
*/
function FlashChatBridge_Bannerchatblock_display($blockinfo)
{
if (!SecurityUtil::checkPermission('FlashChatBridge:Bannerchatblock:', "::", ACCESS_READ)) {
return false;
}
if (!pnModAvailable('FlashChatBridge') || !pnUserLoggedIn()) {
return false;
}
$render = pnRender::getInstance('FlashChatBridge', false);
$UserVars = pnUserGetVars(SessionUtil::getVar('uid'));
$settings = pnModGetVar('FlashChatBridge');
$settings['init_user'] = $UserVars['uname'];
$settings['init_password'] = $UserVars['pass'];
$settings['width'] = "100%";
$settings['height'] = "150";
$render->assign('settings', $settings);
$blockinfo['content'] = $render->fetch('flashchatbridge_user_chat_banner.htm');
return pnBlockThemeBlock($blockinfo);
}
/**
* postcalendar_userapi_pcQueryEvents
* INPUT
* $args = Array of values possibly containing:
* $provider_id = array of provider ID numbers
*
* Returns an array containing the event's information
* @params array(key=>value)
* @params string key eventstatus
* @params int value -1 == hidden ; 0 == queued ; 1 == approved
* @return array $events[][]
*/
function &postcalendar_userapi_pcQueryEvents($args)
{
$end = '0000-00-00';
extract($args);
// echo "<!-- args = "; print_r($args); echo " -->\n"; // debugging
// $pc_username = pnVarCleanFromInput('pc_username');
$pc_username = $_SESSION['pc_username'];
// from Michael Brinson 2006-09-19
if (empty($pc_username) || is_array($pc_username)) {
$pc_username = "******";
}
//echo "DEBUG pc_username: $pc_username \n"; // debugging
$topic = pnVarCleanFromInput('pc_topic');
$category = pnVarCleanFromInput('pc_category');
if (!empty($pc_username) && strtolower($pc_username) != 'anonymous') {
if ($pc_username == '__PC_ALL__' || $pc_username == -1) {
$ruserid = -1;
} else {
$ruserid = getIDfromUser($pc_username);
}
}
if (!isset($eventstatus)) {
$eventstatus = 1;
}
// sanity check on eventstatus
if ((int) $eventstatus < -1 || (int) $eventstatus > 1) {
$eventstatus = 1;
}
if (!isset($start)) {
$start = Date_Calc::dateNow('%Y-%m-%d');
}
list($sy, $sm, $sd) = explode('-', $start);
list($dbconn) = pnDBGetConn();
$pntable = pnDBGetTables();
// link to the events tables
$table = $pntable['postcalendar_events'];
$cattable = $pntable['postcalendar_categories'];
$topictable = $pntable['postcalendar_topics'];
$sql = "SELECT DISTINCT a.pc_eid, a.pc_informant, a.pc_catid, " . "a.pc_title, a.pc_time, a.pc_hometext, a.pc_eventDate, a.pc_duration, " . "a.pc_endDate, a.pc_startTime, a.pc_recurrtype, a.pc_recurrfreq, " . "a.pc_recurrspec, a.pc_topic, a.pc_alldayevent, a.pc_location, " . "a.pc_conttel, a.pc_contname, a.pc_contemail, a.pc_website, a.pc_fee, " . "a.pc_sharing, a.pc_prefcatid, b.pc_catcolor, b.pc_catname, " . "b.pc_catdesc, a.pc_pid, a.pc_apptstatus, a.pc_aid, " . "concat(u.fname,' ',u.lname) as provider_name, " . "concat(pd.lname,', ',pd.fname) as patient_name, " . "concat(u2.fname, ' ', u2.lname) as owner_name, " . "DOB as patient_dob, a.pc_facility, pd.pubpid " . "FROM ( {$table} AS a ) " . "LEFT JOIN {$cattable} AS b ON b.pc_catid = a.pc_catid " . "LEFT JOIN users as u ON a.pc_aid = u.id " . "LEFT JOIN users as u2 ON a.pc_aid = u2.id " . "LEFT JOIN patient_data as pd ON a.pc_pid = pd.pid " . "WHERE a.pc_eventstatus = {$eventstatus} " . "AND ((a.pc_endDate >= '{$start}' AND a.pc_eventDate <= '{$end}') OR " . "(a.pc_endDate = '0000-00-00' AND a.pc_eventDate >= '{$start}' AND " . "a.pc_eventDate <= '{$end}')) ";
//==================================
//FACILITY FILTERING (lemonsoftware)(CHEMED)
if ($_SESSION['pc_facility']) {
$pc_facility = $_SESSION['pc_facility'];
$sql .= " AND a.pc_facility = {$pc_facility} ";
/*
AND u.facility_id = $pc_facility
AND u2.facility_id = $pc_facility "; */
} else {
if ($pc_facility) {
// pc_facility could be provided in the search arguments -- JRM March 2008
$sql .= " AND a.pc_facility = {$pc_facility} ";
/*.
" AND u.facility_id = $pc_facility".
" AND u2.facility_id = $pc_facility "; */
}
}
//EOS FACILITY FILTERING (lemonsoftware)
//==================================
// The above 3 lines replaced these:
// AND (a.pc_endDate >= '$start' OR a.pc_endDate = '0000-00-00')
// AND a.pc_eventDate <= '$end' ";
if (!empty($providerID)) {
$ruserid = $providerID;
}
// eliminate ruserid if we're trying to query by provider_id -- JRM
if (!empty($provider_id)) {
unset($ruserid);
}
if (isset($ruserid)) {
// get all events for the specified username
if ($ruserid == -1) {
$sql .= "AND (a.pc_sharing = '" . SHARING_BUSY . "' ";
$sql .= "OR a.pc_sharing = '" . SHARING_PUBLIC . "') ";
} else {
$sql .= "AND a.pc_aid IN (0, " . $ruserid . ") ";
}
} elseif (!pnUserLoggedIn()) {
// get all events for anonymous users
$sql .= "AND a.pc_sharing = '" . SHARING_GLOBAL . "' ";
} elseif (!empty($provider_id)) {
// get all events for a variety of provider IDs -- JRM
if ($provider_id[0] != "_ALL_") {
/**add all the events from the clinic provider id = 0*/
$sql .= "AND a.pc_aid in (0," . implode(",", $provider_id) . ") ";
}
} else {
// get all events for logged in user plus global events
$sql .= "AND (a.pc_aid IN (0," . $_SESSION['authUserID'] . ") OR a.pc_sharing = '" . SHARING_GLOBAL . "') ";
}
//======================================================================
// START SEARCH FUNCTIONALITY
//======================================================================
if (!empty($s_keywords)) {
$sql .= "AND ({$s_keywords}) ";
}
if (!empty($s_category)) {
$sql .= "AND ({$s_category}) ";
}
if (!empty($s_topic)) {
$sql .= "AND ({$s_topic}) ";
}
if (!empty($category)) {
$sql .= "AND (a.pc_catid = '" . pnVarPrepForStore($category) . "') ";
}
if (!empty($topic)) {
$sql .= "AND (a.pc_topic = '" . pnVarPrepForStore($topic) . "') ";
}
//======================================================================
// Search sort and limitation
//======================================================================
if (empty($sort)) {
$sql .= "GROUP BY a.pc_eid ORDER BY a.pc_time DESC";
} else {
$sql .= "GROUP BY a.pc_eid ORDER BY a.{$sort}";
}
//======================================================================
// END SEARCH FUNCTIONALITY
//======================================================================
//echo "<br>sq: $sql<br />";
// echo "<!-- " . $sql . " -->\n"; // debugging
$result = $dbconn->Execute($sql);
if ($dbconn->ErrorNo() != 0) {
die($dbconn->ErrorMsg());
}
// put the information into an array for easy access
$events = array();
// return an empty array if we don't have any results
if (!isset($result)) {
return $events;
}
for ($i = 0; !$result->EOF; $result->MoveNext()) {
// WHY are we using an array for intermediate storage??? -- Rod
// get the results from the query
if (isset($tmp)) {
unset($tmp);
}
$tmp = array();
list($tmp['eid'], $tmp['uname'], $tmp['catid'], $tmp['title'], $tmp['time'], $tmp['hometext'], $tmp['eventDate'], $tmp['duration'], $tmp['endDate'], $tmp['startTime'], $tmp['recurrtype'], $tmp['recurrfreq'], $tmp['recurrspec'], $tmp['topic'], $tmp['alldayevent'], $tmp['location'], $tmp['conttel'], $tmp['contname'], $tmp['contemail'], $tmp['website'], $tmp['fee'], $tmp['sharing'], $tmp['prefcatid'], $tmp['catcolor'], $tmp['catname'], $tmp['catdesc'], $tmp['pid'], $tmp['apptstatus'], $tmp['aid'], $tmp['provider_name'], $tmp['patient_name'], $tmp['owner_name'], $tmp['patient_dob'], $tmp['facility'], $tmp['pubpid']) = $result->fields;
// grab the name of the topic
$topicname = pcGetTopicName($tmp['topic']);
// get the user id of event's author
$cuserid = @$nuke_users[strtolower($tmp['uname'])];
// check the current event's permissions
// the user does not have permission to view this event
// if any of the following evaluate as false
if (!pnSecAuthAction(0, 'PostCalendar::Event', "{$tmp['title']}::{$tmp['eid']}", ACCESS_OVERVIEW)) {
continue;
} elseif (!pnSecAuthAction(0, 'PostCalendar::Category', "{$tmp['catname']}::{$tmp['catid']}", ACCESS_OVERVIEW)) {
continue;
} elseif (!pnSecAuthAction(0, 'PostCalendar::User', "{$tmp['uname']}::{$cuserid}", ACCESS_OVERVIEW)) {
continue;
} elseif (!pnSecAuthAction(0, 'PostCalendar::Topic', "{$topicname}::{$tmp['topic']}", ACCESS_OVERVIEW)) {
continue;
} elseif ($tmp['sharing'] == SHARING_PRIVATE && $cuserid != $userid) {
continue;
}
// add event to the array if we passed the permissions check
// this is the common information
$events[$i]['intervals'] = $tmp['duration'] / 60 / $GLOBALS['day_calandar_interval'];
//sets the number of rows this event should span
$events[$i]['eid'] = $tmp['eid'];
$events[$i]['uname'] = $tmp['uname'];
$events[$i]['uid'] = $cuserid;
$events[$i]['catid'] = $tmp['catid'];
$events[$i]['time'] = $tmp['time'];
$events[$i]['eventDate'] = $tmp['eventDate'];
$events[$i]['duration'] = $tmp['duration'];
// there has to be a more intelligent way to do this
@(list($events[$i]['duration_hours'], $dmin) = @explode('.', $tmp['duration'] / 60 / 60));
$events[$i]['duration_minutes'] = substr(sprintf('%.2f', '.' . 60 * ($dmin / 100)), 2, 2);
//''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
$events[$i]['endDate'] = $tmp['endDate'];
$events[$i]['startTime'] = $tmp['startTime'];
$events[$i]['recurrtype'] = $tmp['recurrtype'];
$events[$i]['recurrfreq'] = $tmp['recurrfreq'];
$events[$i]['recurrspec'] = $tmp['recurrspec'];
$events[$i]['topic'] = $tmp['topic'];
$events[$i]['alldayevent'] = $tmp['alldayevent'];
$events[$i]['catcolor'] = $tmp['catcolor'];
// Modified 06-2009 by BM to translate the category if applicable
$events[$i]['catname'] = xl_appt_category($tmp['catname']);
$events[$i]['catdesc'] = $tmp['catdesc'];
$events[$i]['pid'] = $tmp['pid'];
$events[$i]['apptstatus'] = $tmp['apptstatus'];
$events[$i]['pubpid'] = $tmp['pubpid'];
$events[$i]['patient_name'] = $tmp['patient_name'];
$events[$i]['provider_name'] = $tmp['provider_name'];
$events[$i]['owner_name'] = $tmp['owner_name'];
$events[$i]['patient_dob'] = $tmp['patient_dob'];
$events[$i]['patient_age'] = getPatientAge($tmp['patient_dob']);
$events[$i]['facility'] = getFacility($tmp['facility']);
$events[$i]['sharing'] = $tmp['sharing'];
$events[$i]['prefcatid'] = $tmp['prefcatid'];
$events[$i]['aid'] = $tmp['aid'];
$events[$i]['topictext'] = $topicname;
$events[$i]['intervals'] = ceil($tmp['duration'] / 60 / $GLOBALS['calendar_interval']);
if ($events[$i]['intervals'] == 0) {
$events[$i]['intervals'] = 1;
}
// is this a public event to be shown as busy?
if ($tmp['sharing'] == SHARING_BUSY && $cuserid != $userid) {
// make it not display any information
$events[$i]['title'] = _USER_BUSY_TITLE;
$events[$i]['hometext'] = _USER_BUSY_MESSAGE;
$events[$i]['desc'] = _USER_BUSY_MESSAGE;
$events[$i]['conttel'] = '';
$events[$i]['contname'] = '';
$events[$i]['contemail'] = '';
$events[$i]['website'] = '';
$events[$i]['fee'] = '';
$events[$i]['location'] = '';
$events[$i]['street1'] = '';
$events[$i]['street2'] = '';
$events[$i]['city'] = '';
$events[$i]['state'] = '';
$events[$i]['postal'] = '';
} else {
$display_type = substr($tmp['hometext'], 0, 6);
if ($display_type == ':text:') {
$prepFunction = 'pcVarPrepForDisplay';
$tmp['hometext'] = substr($tmp['hometext'], 6);
} elseif ($display_type == ':html:') {
$prepFunction = 'pcVarPrepHTMLDisplay';
$tmp['hometext'] = substr($tmp['hometext'], 6);
} else {
$prepFunction = 'pcVarPrepHTMLDisplay';
}
unset($display_type);
$events[$i]['title'] = $prepFunction($tmp['title']);
$events[$i]['hometext'] = $prepFunction($tmp['hometext']);
$events[$i]['desc'] = $events[$i]['hometext'];
$events[$i]['conttel'] = $prepFunction($tmp['conttel']);
$events[$i]['contname'] = $prepFunction($tmp['contname']);
$events[$i]['contemail'] = $prepFunction($tmp['contemail']);
$events[$i]['website'] = $prepFunction(postcalendar_makeValidURL($tmp['website']));
$events[$i]['fee'] = $prepFunction($tmp['fee']);
$loc = unserialize($tmp['location']);
$events[$i]['location'] = $prepFunction($loc['event_location']);
$events[$i]['street1'] = $prepFunction($loc['event_street1']);
$events[$i]['street2'] = $prepFunction($loc['event_street2']);
$events[$i]['city'] = $prepFunction($loc['event_city']);
$events[$i]['state'] = $prepFunction($loc['event_state']);
$events[$i]['postal'] = $prepFunction($loc['event_postal']);
}
$i++;
}
unset($tmp);
$result->Close();
return $events;
}
function head()
{
global $index, $artpage, $topic, $hlpfile, $hr, $theme, $bgcolor1, $bgcolor2, $bgcolor3, $bgcolor4, $bgcolor5, $textcolor1, $textcolor2, $textcolor3, $textcolor4, $forumpage, $thename, $postnuke_theme, $pntheme, $themename, $themeimages, $additional_header, $themeOverrideCategory, $themeOverrideStory;
// modification mouzaia .71
$cWhereIsPerso = WHERE_IS_PERSO;
if (!empty($cWhereIsPerso)) {
include "modules/NS-Multisites/head.inc.php";
} else {
global $themesarein;
if (pnUserLoggedIn() && pnConfigGetVar('theme_change') != 1) {
$thistheme = pnUserGetTheme();
if (isset($theme)) {
$thistheme = pnVarPrepForOs($theme);
}
} else {
$thistheme = pnConfigGetVar('Default_Theme');
if (isset($theme)) {
$thistheme = pnVarPrepForOs($theme);
}
}
// eugenio themeover 20020413
// override the theme per category or story
// precedence is story over category override
if ($themeOverrideCategory != '' && file_exists("themes/{$themeOverrideCategory}")) {
$thistheme = $themeOverrideCategory;
}
if ($themeOverrideStory != '' && file_exists("themes/{$themeOverrideStory}")) {
$thistheme = $themeOverrideStory;
}
if (@file(WHERE_IS_PERSO . "themes/" . $thistheme . "/theme.php")) {
$themesarein = WHERE_IS_PERSO;
} else {
$themesarein = "";
}
}
// eugenio themeover 20020413
pnThemeLoad($thistheme);
/**
* Simple XHTML Beginnings
*/
if (pnConfigGetVar('supportxhtml')) {
//include("includes/xhtml.php");
xhtml_head_start(0);
/* Transitional Support for now */
} else {
echo "<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.01 Transitional//EN\">\n";
echo "<html>\n<head>\n";
if (defined("_CHARSET") && _CHARSET != "") {
echo "<meta http-equiv=\"Content-Type\" " . "content=\"text/html; charset=" . _CHARSET . "\">\n";
}
}
if ($artpage == 1) {
/**
* article page output
*/
global $info, $hometext;
echo "<title>{$info['title']} :: " . pnConfigGetVar('sitename') . ' :: ' . pnConfigGetVar('slogan') . "</title>\n";
if (pnConfigGetVar('dyn_keywords') == 1) {
$htmlless = check_html($info['maintext'], $strip = 'nohtml');
$symbolLess = trim(ereg_replace('("|\\?|!|:|\\.|\\(|\\)|;|\\\\)+', ' ', $htmlless));
$keywords = ereg_replace('( |' . CHR(10) . '|' . CHR(13) . ')+', ',', $symbolLess);
$metatags = ereg_replace(",+", ",", $keywords);
echo "<meta http-equiv=\"Keywords\" content=\"{$metatags}\">\n";
} else {
echo "<meta name=\"KEYWORDS\" content=\"" . pnConfigGetVar('metakeywords') . "\">\n";
}
} else {
/**
* all other page output
*/
echo '<title>' . pnConfigGetVar('sitename') . ' :: ' . pnConfigGetVar('slogan') . "</title>\n";
echo '<meta name="KEYWORDS" content="' . pnConfigGetVar('metakeywords') . "\">\n";
}
echo '<meta name="DESCRIPTION" content="' . pnConfigGetVar('slogan') . "\">\n";
echo "<meta name=\"ROBOTS\" content=\"INDEX,FOLLOW\">\n";
echo "<meta name=\"resource-type\" content=\"document\">\n";
echo "<meta http-equiv=\"expires\" content=\"0\">\n";
echo '<meta name="author" content="' . pnConfigGetVar('sitename') . "\">\n";
echo '<meta name="copyright" content="Copyright (c) 2003 by ' . pnConfigGetVar('sitename') . "\">\n";
echo "<meta name=\"revisit-after\" content=\"1 days\">\n";
echo "<meta name=\"distribution\" content=\"Global\">\n";
echo '<meta name="generator" content="PostNuke ' . _PN_VERSION_NUM . " - http://postnuke.com\">\n";
echo "<meta name=\"rating\" content=\"General\">\n";
global $themesarein;
echo "<link rel=\"StyleSheet\" href=\"" . $themesarein . "themes/" . $thistheme . "/style/styleNN.css\" type=\"text/css\">\n";
echo "<style type=\"text/css\">";
echo "@import url(\"" . $themesarein . "themes/" . $thistheme . "/style/style.css\"); ";
echo "</style>\n";
echo "<script type=\"text/javascript\" src=\"javascript/showimages.php\"></script>\n\n";
/* Enable Wysiwyg editor configuration at seeting Added by bharvey42 edited by Neo */
$pnWysiwygEditor = pnConfigGetVar('WYSIWYGEditor');
if (is_numeric($pnWysiwygEditor) && $pnWysiwygEditor == 1) {
$pnWSEditorPath = pnGetBaseURI();
echo "<!--Visual Editor Plug-in-->" . "<script type=\"text/javascript\">QBPATH='" . $pnWSEditorPath . "/javascript'; VISUAL=0; SECURE=1;</script>" . "<script type=\"text/javascript\" src='" . $pnWSEditorPath . "/javascript/quickbuild.js'></script>" . "<script type=\"text/javascript\" src='" . $pnWSEditorPath . "/javascript/tabedit.js'></script>";
} else {
}
echo "<script type=\"text/javascript\" src=\"javascript/openwindow.php?hlpfile={$hlpfile}\"></script>\n\n";
if (isset($additional_header)) {
echo @implode("\n", $additional_header);
}
themeheader();
}
/**
* Arrange items
*/
function mediashare_edit_arrange($args)
{
$albumId = mediashareGetIntUrl('aid', $args, 1);
// Check access
if (!mediashareAccessAlbum($albumId, mediashareAccessRequirementAddMedia | mediashareAccessRequirementEditMedia, '')) {
return LogUtil::registerPermissionError();
}
if (isset($_POST['cancelButton'])) {
return pnRedirect(pnModURL('mediashare', 'edit', 'view', array('aid' => $albumId)));
}
if (isset($_POST['saveButton'])) {
return mediashareArrangeAlbum($args);
}
$dom = ZLanguage::getModuleDomain('mediashare');
if (!pnUserLoggedIn()) {
return LogUtil::registerError(__('You must be logged in to use this feature', $dom));
}
// Fetch current album
if (!($album = pnModAPIFunc('mediashare', 'user', 'getAlbum', array('albumId' => $albumId)))) {
return false;
}
if ($album === true) {
return LogUtil::registerError(__('Unknown album.', $dom));
}
// Fetch media items
if (($items = pnModAPIFunc('mediashare', 'user', 'getMediaItems', array('albumId' => $albumId))) === false) {
return false;
}
// Build the output
$render =& pnRender::getInstance('mediashare', false);
$render->assign('album', $album);
$render->assign('mediaItems', $items);
return $render->fetch('mediashare_edit_arrange.html');
}
/**
* display block
*/
function admin_messages_messagesblock_display($row)
{
list($dbconn) = pnDBGetConn();
$pntable = pnDBGetTables();
if (!isset($row['title'])) {
$row['title'] = '';
}
if (!pnSecAuthAction(0, 'Admin Messages:Messagesblock:', "{$row['title']}::", ACCESS_READ)) {
return;
}
$messagestable = $pntable['message'];
$messagescolumn =& $pntable['message_column'];
if (pnConfigGetVar('multilingual') == 1) {
$currentlang = pnUserGetLang();
$querylang = "AND ({$messagescolumn['mlanguage']}='{$currentlang}' OR {$messagescolumn['mlanguage']}='')";
} else {
$querylang = '';
}
$sql = "SELECT {$messagescolumn['mid']},\n {$messagescolumn['title']},\n {$messagescolumn['content']},\n {$messagescolumn['date']},\n {$messagescolumn['view']}\n FROM {$messagestable}\n WHERE {$messagescolumn['active']} = 1 \n AND ( {$messagescolumn['expire']} > unix_timestamp(now())\n OR {$messagescolumn['expire']} = 0)\n {$querylang}\n ORDER by {$messagescolumn['mid']} DESC";
$result = $dbconn->Execute($sql);
if ($dbconn->ErrorNo() != 0) {
return;
}
$output = new pnHTML();
while (list($mid, $title, $content, $date, $view) = $result->fields) {
$result->MoveNext();
$show = 0;
if (pnSecAuthAction(0, 'Admin Messages:Messagesblock:', "{$row['title']}::{$mid}", ACCESS_READ)) {
switch ($view) {
case 1:
// Message for everyone
$show = 1;
break;
case 2:
// Message for users
if (pnUserLoggedIn()) {
$show = 1;
}
break;
case 3:
// Messages for non-users
if (!pnUserLoggedIn()) {
$show = 1;
}
break;
case 4:
// Messages for administrators of any description
if (pnSecAuthAction(0, '::', '::', ACCESS_ADMIN)) {
$show = 1;
}
break;
}
}
if ($show) {
list($title, $content) = pnModCallHooks('item', 'transform', '', array($title, $content));
$output->TableStart('', '', 0);
$output->SetInputMode(_PNH_VERBATIMINPUT);
$output->SetOutputMode(_PNH_RETURNOUTPUT);
$ttitle = $output->Linebreak();
$ttitle .= $output->Text($title);
$ttitle .= $output->Linebreak(2);
$output->SetOutputMode(_PNH_KEEPOUTPUT);
$output->TableAddRow(array("<font class=\"pn-title\">" . pnVarPrepHTMLDisplay($ttitle) . "</font>"), 'center');
$output->TableAddRow(array("<font class=\"pn-normal\">" . pnVarPrepHTMLDisplay($content) . "</font>"), 'left');
$output->SetInputMode(_PNH_PARSEINPUT);
$output->TableEnd();
}
}
if ($output->output != "") {
// Don't want a title
$row['title'] = '';
$row['content'] = $output->GetOutput();
return themesideblock($row);
}
}
function postcalendar_admin_submit($args)
{
if (!PC_ACCESS_ADMIN) {
return _POSTCALENDAR_NOAUTH;
}
pnModAPILoad(__POSTCALENDAR__, 'user');
$output = postcalendar_adminmenu();
// get the theme globals :: is there a better way to do this?
pnThemeLoad(pnUserGetTheme());
global $bgcolor1, $bgcolor2, $bgcolor3, $bgcolor4, $bgcolor5, $textcolor1, $textcolor2;
extract($args);
$Date = postcalendar_getDate();
$year = substr($Date, 0, 4);
$month = substr($Date, 4, 2);
$day = substr($Date, 6, 2);
// basic event information
$event_subject = pnVarCleanFromInput('event_subject');
$event_desc = pnVarCleanFromInput('event_desc');
$event_sharing = pnVarCleanFromInput('event_sharing');
$event_category = pnVarCleanFromInput('event_category');
$event_topic = pnVarCleanFromInput('event_topic');
// event start information
$event_startmonth = pnVarCleanFromInput('event_startmonth');
$event_startday = pnVarCleanFromInput('event_startday');
$event_startyear = pnVarCleanFromInput('event_startyear');
$event_starttimeh = pnVarCleanFromInput('event_starttimeh');
$event_starttimem = pnVarCleanFromInput('event_starttimem');
$event_startampm = pnVarCleanFromInput('event_startampm');
// event end information
$event_endmonth = pnVarCleanFromInput('event_endmonth');
$event_endday = pnVarCleanFromInput('event_endday');
$event_endyear = pnVarCleanFromInput('event_endyear');
$event_endtype = pnVarCleanFromInput('event_endtype');
$event_dur_hours = pnVarCleanFromInput('event_dur_hours');
$event_dur_minutes = pnVarCleanFromInput('event_dur_minutes');
$event_duration = 60 * 60 * $event_dur_hours + 60 * $event_dur_minutes;
$event_allday = pnVarCleanFromInput('event_allday');
// location data
$event_location = pnVarCleanFromInput('event_location');
$event_street1 = pnVarCleanFromInput('event_street1');
$event_street2 = pnVarCleanFromInput('event_street2');
$event_city = pnVarCleanFromInput('event_city');
$event_state = pnVarCleanFromInput('event_state');
$event_postal = pnVarCleanFromInput('event_postal');
$event_location_info = serialize(compact('event_location', 'event_street1', 'event_street2', 'event_city', 'event_state', 'event_postal'));
// contact data
$event_contname = pnVarCleanFromInput('event_contname');
$event_conttel = pnVarCleanFromInput('event_conttel');
$event_contemail = pnVarCleanFromInput('event_contemail');
$event_website = pnVarCleanFromInput('event_website');
$event_fee = pnVarCleanFromInput('event_fee');
// event repeating data
$event_repeat = pnVarCleanFromInput('event_repeat');
$event_repeat_freq = pnVarCleanFromInput('event_repeat_freq');
$event_repeat_freq_type = pnVarCleanFromInput('event_repeat_freq_type');
$event_repeat_on_num = pnVarCleanFromInput('event_repeat_on_num');
$event_repeat_on_day = pnVarCleanFromInput('event_repeat_on_day');
$event_repeat_on_freq = pnVarCleanFromInput('event_repeat_on_freq');
$event_recurrspec = serialize(compact('event_repeat_freq', 'event_repeat_freq_type', 'event_repeat_on_num', 'event_repeat_on_day', 'event_repeat_on_freq'));
$pc_html_or_text = pnVarCleanFromInput('pc_html_or_text');
$form_action = pnVarCleanFromInput('form_action');
$pc_event_id = pnVarCleanFromInput('pc_event_id');
$data_loaded = pnVarCleanFromInput('data_loaded');
$is_update = pnVarCleanFromInput('is_update');
$authid = pnVarCleanFromInput('authid');
if (pnUserLoggedIn()) {
$uname = pnUserGetVar('uname');
} else {
$uname = pnConfigGetVar('anonymous');
}
if (!isset($event_repeat)) {
$event_repeat = 0;
}
// lets wrap all the data into array for passing to submit and preview functions
if (!isset($pc_event_id) || empty($pc_event_id) || $data_loaded) {
$eventdata = compact('event_subject', 'event_desc', 'event_sharing', 'event_category', 'event_topic', 'event_startmonth', 'event_startday', 'event_startyear', 'event_starttimeh', 'event_starttimem', 'event_startampm', 'event_endmonth', 'event_endday', 'event_endyear', 'event_endtype', 'event_dur_hours', 'event_dur_minutes', 'event_duration', 'event_allday', 'event_location', 'event_street1', 'event_street2', 'event_city', 'event_state', 'event_postal', 'event_location_info', 'event_contname', 'event_conttel', 'event_contemail', 'event_website', 'event_fee', 'event_repeat', 'event_repeat_freq', 'event_repeat_freq_type', 'event_repeat_on_num', 'event_repeat_on_day', 'event_repeat_on_freq', 'event_recurrspec', 'uname', 'Date', 'year', 'month', 'day', 'pc_html_or_text');
$eventdata['is_update'] = $is_update;
$eventdata['pc_event_id'] = $pc_event_id;
$eventdata['data_loaded'] = true;
} else {
$event = postcalendar_userapi_pcGetEventDetails($pc_event_id);
$eventdata['event_subject'] = $event['title'];
$eventdata['event_desc'] = $event['hometext'];
$eventdata['event_sharing'] = $event['sharing'];
$eventdata['event_category'] = $event['catid'];
$eventdata['event_topic'] = $event['topic'];
$eventdata['event_startmonth'] = substr($event['eventDate'], 5, 2);
$eventdata['event_startday'] = substr($event['eventDate'], 8, 2);
$eventdata['event_startyear'] = substr($event['eventDate'], 0, 4);
$eventdata['event_starttimeh'] = substr($event['startTime'], 0, 2);
$eventdata['event_starttimem'] = substr($event['startTime'], 3, 2);
$eventdata['event_startampm'] = $eventdata['event_starttimeh'] < 12 ? _PC_AM : _PC_PM;
$eventdata['event_endmonth'] = substr($event['endDate'], 5, 2);
$eventdata['event_endday'] = substr($event['endDate'], 8, 2);
$eventdata['event_endyear'] = substr($event['endDate'], 0, 4);
$eventdata['event_endtype'] = $event['endDate'] == '0000-00-00' ? '0' : '1';
$eventdata['event_dur_hours'] = $event['duration_hours'];
$eventdata['event_dur_minutes'] = $event['duration_minutes'];
$eventdata['event_duration'] = $event['duration'];
$eventdata['event_allday'] = $event['alldayevent'];
$loc_data = unserialize($event['location']);
$eventdata['event_location'] = $loc_data['event_location'];
$eventdata['event_street1'] = $loc_data['event_street1'];
$eventdata['event_street2'] = $loc_data['event_street2'];
$eventdata['event_city'] = $loc_data['event_city'];
$eventdata['event_state'] = $loc_data['event_state'];
$eventdata['event_postal'] = $loc_data['event_postal'];
$eventdata['event_location_info'] = $loc_data;
$eventdata['event_contname'] = $event['contname'];
$eventdata['event_conttel'] = $event['conttel'];
$eventdata['event_contemail'] = $event['contemail'];
$eventdata['event_website'] = $event['website'];
$eventdata['event_fee'] = $event['fee'];
$eventdata['event_repeat'] = $event['recurrtype'];
$eventdata['event_pid'] = $event['pid'];
$eventdata['event_aid'] = $event['aid'];
$rspecs = unserialize($event['recurrspec']);
$eventdata['event_repeat_freq'] = $rspecs['event_repeat_freq'];
$eventdata['event_repeat_freq_type'] = $rspecs['event_repeat_freq_type'];
$eventdata['event_repeat_on_num'] = $rspecs['event_repeat_on_num'];
$eventdata['event_repeat_on_day'] = $rspecs['event_repeat_on_day'];
$eventdata['event_repeat_on_freq'] = $rspecs['event_repeat_on_freq'];
$eventdata['event_recurrspec'] = $rspecs;
$eventdata['uname'] = $uname;
$eventdata['Date'] = $Date;
$eventdata['year'] = $year;
$eventdata['month'] = $month;
$eventdata['day'] = $day;
$eventdata['is_update'] = true;
$eventdata['pc_event_id'] = $pc_event_id;
$eventdata['data_loaded'] = true;
$eventdata['pc_html_or_text'] = $pc_html_or_text;
}
// lets get the module's information
$modinfo = pnModGetInfo(pnModGetIDFromName(__POSTCALENDAR__));
$categories = pnModAPIFunc(__POSTCALENDAR__, 'user', 'getCategories');
//================================================================
// ERROR CHECKING
//================================================================
$required_vars = array('event_subject', 'event_desc');
$required_name = array(_PC_EVENT_TITLE, _PC_EVENT_DESC);
$error_msg = '';
$reqCount = count($required_vars);
for ($r = 0; $r < $reqCount; $r++) {
if (empty(${$required_vars}[$r]) || !preg_match('/\\S/i', ${$required_vars}[$r])) {
$error_msg .= '<b>' . $required_name[$r] . '</b> ' . _PC_SUBMIT_ERROR4 . '<br />';
}
}
unset($reqCount);
// check repeating frequencies
if ($event_repeat == REPEAT) {
if (!isset($event_repeat_freq) || $event_repeat_freq < 1 || empty($event_repeat_freq)) {
$error_msg .= _PC_SUBMIT_ERROR5 . '<br />';
} elseif (!is_numeric($event_repeat_freq)) {
$error_msg .= _PC_SUBMIT_ERROR6 . '<br />';
}
} elseif ($event_repeat == REPEAT_ON) {
if (!isset($event_repeat_on_freq) || $event_repeat_on_freq < 1 || empty($event_repeat_on_freq)) {
$error_msg .= _PC_SUBMIT_ERROR5 . '<br />';
} elseif (!is_numeric($event_repeat_on_freq)) {
$error_msg .= _PC_SUBMIT_ERROR6 . '<br />';
}
}
// check date validity
if (_SETTING_TIME_24HOUR) {
$startTime = $event_starttimeh . ':' . $event_starttimem;
$endTime = $event_endtimeh . ':' . $event_endtimem;
} else {
if ($event_startampm == _AM_VAL) {
$event_starttimeh = $event_starttimeh == 12 ? '00' : $event_starttimeh;
} else {
$event_starttimeh = $event_starttimeh != 12 ? $event_starttimeh += 12 : $event_starttimeh;
}
$startTime = $event_starttimeh . ':' . $event_starttimem;
}
$sdate = strtotime($event_startyear . '-' . $event_startmonth . '-' . $event_startday);
$edate = strtotime($event_endyear . '-' . $event_endmonth . '-' . $event_endday);
$tdate = strtotime(date('Y-m-d'));
if ($edate < $sdate && $event_endtype == 1) {
$error_msg .= _PC_SUBMIT_ERROR1 . '<br />';
}
if (!checkdate($event_startmonth, $event_startday, $event_startyear)) {
$error_msg .= _PC_SUBMIT_ERROR2 . '<br />';
}
if (!checkdate($event_endmonth, $event_endday, $event_endyear)) {
$error_msg .= _PC_SUBMIT_ERROR3 . '<br />';
}
//================================================================
// Preview the event
//================================================================
if ($form_action == 'preview') {
if (!empty($error_msg)) {
$preview = false;
$output .= '<table border="0" width="100%" cellpadding="1" cellspacing="0"><tr><td bgcolor="red">';
$output .= '<table border="0" width="100%" cellpadding="1" cellspacing="0"><tr><td bgcolor="pink">';
$output .= '<center><b>' . _PC_SUBMIT_ERROR . '</b></center>';
$output .= '<br />';
$output .= $error_msg;
$output .= '</td></td></table>';
$output .= '</td></td></table>';
$output .= '<br /><br />';
} else {
$output .= pnModAPIFunc(__POSTCALENDAR__, 'user', 'eventPreview', $eventdata);
$output .= '<br />';
}
}
//================================================================
// Enter the event into the DB
//================================================================
if ($form_action == 'commit') {
//if (!pnSecConfirmAuthKey()) { return(_NO_DIRECT_ACCESS); }
if (!empty($error_msg)) {
$preview = false;
$output .= '<table border="0" width="100%" cellpadding="1" cellspacing="0"><tr><td bgcolor="red">';
$output .= '<table border="0" width="100%" cellpadding="1" cellspacing="0"><tr><td bgcolor="pink">';
$output .= '<center><b>' . _PC_SUBMIT_ERROR . '</b></center>';
$output .= '<br />';
$output .= $error_msg;
$output .= '</td></td></table>';
$output .= '</td></td></table>';
$output .= '<br /><br />';
} else {
if (!pnModAPIFunc(__POSTCALENDAR__, 'admin', 'submitEvent', $eventdata)) {
$output .= '<center><div style="padding:5px; border:1px solid red; background-color: pink;">';
$output .= "<b>" . _PC_EVENT_SUBMISSION_FAILED . "</b>";
$output .= '</div></center><br />';
$output .= '<br />';
} else {
// clear the Smarty cache
$tpl = new pcSmarty();
$tpl->clear_all_cache();
$output .= '<center><div style="padding:5px; border:1px solid green; background-color: lightgreen;">';
if ($is_update) {
$output .= "<b>" . _PC_EVENT_EDIT_SUCCESS . "</b>";
} else {
$output .= "<b>" . _PC_EVENT_SUBMISSION_SUCCESS . "</b>";
}
$output .= '</div></center><br />';
$output .= '<br />';
// clear the form vars
$event_subject = $event_desc = $event_sharing = $event_category = $event_topic = $event_startmonth = $event_startday = $event_startyear = $event_starttimeh = $event_starttimem = $event_startampm = $event_endmonth = $event_endday = $event_endyear = $event_endtype = $event_dur_hours = $event_dur_minutes = $event_duration = $event_allday = $event_location = $event_street1 = $event_street2 = $event_city = $event_state = $event_postal = $event_location_info = $event_contname = $event_conttel = $event_contemail = $event_website = $event_fee = $event_repeat = $event_repeat_freq = $event_repeat_freq_type = $event_repeat_on_num = $event_repeat_on_day = $event_repeat_on_freq = $event_recurrspec = $uname = $Date = $year = $month = $day = $pc_html_or_text = null;
$is_update = false;
$pc_event_id = 0;
// lets wrap all the data into array for passing to submit and preview functions
$eventdata = compact('event_subject', 'event_desc', 'event_sharing', 'event_category', 'event_topic', 'event_startmonth', 'event_startday', 'event_startyear', 'event_starttimeh', 'event_starttimem', 'event_startampm', 'event_endmonth', 'event_endday', 'event_endyear', 'event_endtype', 'event_dur_hours', 'event_dur_minutes', 'event_duration', 'event_allday', 'event_location', 'event_street1', 'event_street2', 'event_city', 'event_state', 'event_postal', 'event_location_info', 'event_contname', 'event_conttel', 'event_contemail', 'event_website', 'event_fee', 'event_repeat', 'event_repeat_freq', 'event_repeat_freq_type', 'event_repeat_on_num', 'event_repeat_on_day', 'event_repeat_on_freq', 'event_recurrspec', 'uname', 'Date', 'year', 'month', 'day', 'pc_html_or_text', 'is_update', 'pc_event_id');
}
}
}
$output .= pnModAPIFunc('PostCalendar', 'admin', 'buildSubmitForm', $eventdata);
return $output;
}
/**
* get a Time String in the right format
*
* @deprecated
*
* @param time $ - prefix string
* @return mixed string if successfull, false if not
*/
function GetUserTime($time)
{
LogUtil::log(__f('Warning! Function %1$s is deprecated.', 'GetUserTime'), E_USER_DEPRECATED);
if (empty($time)) {
return;
}
if (pnUserLoggedIn()) {
$time += (pnUserGetVar('tzoffset') - System::getVar('timezone_server')) * 3600;
} else {
$time += (System::getVar('timezone_offset') - System::getVar('timezone_server')) * 3600;
}
return ($time);
}
function user_user_main($var)
{
include 'header.php';
user_menu_draw();
if (pnUserLoggedIn()) {
$uname = pnUserGetVar('uname');
if (pnModAvailable('Comments')) {
user_main_last10com($uname);
}
if (pnModAvailable('News')) {
user_main_last10submit($uname);
}
include 'footer.php';
}
// ?else
}
function blocks_past_block($row)
{
$catid = pnVarCleanFromInput('catid');
list($dbconn) = pnDBGetConn();
$pntable = pnDBGetTables();
$oldnum = pnConfigGetVar('perpage');
if (!pnSecAuthAction(0, 'Pastblock::', "{$row['title']}::", ACCESS_READ)) {
return;
}
if (pnUserLoggedIn()) {
$storyhome = pnUserGetVar('storynum');
} else {
$storyhome = pnConfigGetVar('storyhome');
}
// Break out options from our content field
$vars = pnBlockVarsFromContent($row['content']);
// Defaults
if (empty($storynum)) {
$storynum = 10;
}
if (empty($vars['limit'])) {
$vars['limit'] = 10;
}
$storynum = $vars['limit'];
$column =& $pntable['stories_column'];
if (!isset($catid) || $catid == '') {
$articles = getArticles("{$column['ihome']}=0", "{$column['time']} DESC", $storynum, $storyhome);
} else {
$articles = getArticles("{$column['catid']}={$catid}", "{$column['time']} DESC", $storynum, $storyhome);
}
$time2 = "";
setlocale(LC_TIME, pnConfigGetVar('locale'));
$boxstuff = "<table width=\"100%\" cellpadding=\"1\" cellspacing=\"0\" border=\"0\" class=\"pn-normal\">\n";
$vari = 0;
$see = 0;
foreach ($articles as $article) {
$info = genArticleInfo($article);
$links = genArticleLinks($info);
$preformat = genArticlePreformat($info, $links);
// a little bit tricky to remove the bold property from link description
// (2001-11-15, hdonner)
$preformat['title'] = str_replace("pn-title", "pn-normal", $preformat['title']);
if (!pnSecAuthAction(0, 'Stories::Story', "{$info['aid']}:{$info['cattitle']}:{$info['sid']}", ACCESS_READ) || !pnSecAuthAction(0, 'Topics::Topic', "{$info['topicname']}::{$info['tid']}", ACCESS_READ)) {
continue;
}
$see = 1;
ereg("([0-9]{4})-([0-9]{1,2})-([0-9]{1,2}) ([0-9]{1,2}):([0-9]{1,2}):([0-9]{1,2})", $info['time'], $datetime2);
$datetime2 = ml_ftime("" . _DATESTRING2 . "", mktime($datetime2[4], $datetime2[5], $datetime2[6], $datetime2[2], $datetime2[3], $datetime2[1]));
$datetime2 = ucfirst($datetime2);
if ($time2 == $datetime2) {
$boxstuff .= "<tr><td valign=\"top\"><big><strong>·</strong></big></td>" . "<td valign=\"top\" width=\"100%\"><span class=\"pn-normal\">" . $preformat['title'] . " ({$info['comments']})</span></td></tr>\n";
} else {
$boxstuff .= "<tr><td colspan=\"2\"><b>{$datetime2}</b></td></tr>\n" . "<tr><td valign=\"top\"><big><strong>·</strong></big></td>" . "<td valign=\"top\" width=\"100%\"><span class=\"pn-normal\">{$preformat['title']} ({$info['comments']})</span></td></tr>\n";
$time2 = $datetime2;
}
$vari++;
if ($vari == $vars['limit']) {
$usernum = pnUserGetVar('storynum');
if (!empty($usernum)) {
$storynum = $usernum;
} else {
$storynum = pnConfigGetVar('storyhome');
}
$min = $oldnum + $storynum;
$boxstuff .= "<tr><td> </td><td valign=\"top\"><a class=\"pn-normal\"";
if (!isset($catid)) {
$boxstuff .= "href=\"modules.php?op=modload&name=Search&file=index&action=search&overview=1&active_stories=1\"><b>" . _OLDERARTICLES . "</b></a></td></tr>\n";
} else {
$boxstuff .= "href=\"modules.php?op=modload&name=Search&file=index&action=search&overview=1&active_stories=1&stories_cat[0]={$catid}\"><b>" . _OLDERARTICLES . "</b></a></td></tr>\n";
}
}
}
$boxstuff .= "</table>";
if ($see == 1) {
if (empty($row['title'])) {
$row['title'] = _PASTARTICLES;
}
$row['content'] = $boxstuff;
return themesideblock($row);
}
}
<?php
if (!defined("LOADED_AS_MODULE")) {
die("You cannot access this file directly");
}
if (!pnLocalReferer()) {
die("You cannot access this file from an external site");
}
if (!$url) {
die("You must use the {} calling method in your menu, not []");
}
$home = pnGetBaseURL();
$home .= "user.php?op=loginscreen&module=NS-User";
if (!pnUserLoggedIn()) {
pnRedirect($home);
}
include "header.php";
echo "<iframe name='dplink' src='{$url}' width='100%' height='1600'\nmarginwidth=0 marginheight=0 frameborder=0></iframe>";
include "footer.php";
function checkuserblock($row)
{
list($dbconn) = pnDBGetConn();
$pntable = pnDBGetTables();
if (!isset($row['bid'])) {
$row['bid'] = '';
}
if (pnUserLoggedIn()) {
$uid = pnUserGetVar('uid');
$column =& $pntable['userblocks_column'];
$sql = "SELECT {$column['active']} FROM " . $pntable['userblocks'] . " WHERE " . $column['bid'] . "='" . pnVarPrepForStore($row['bid']) . "' AND " . $column['uid'] . "=" . pnVarPrepForStore($uid);
$result = $dbconn->Execute($sql);
if ($result === false) {
PN_DBMsgError($dbconn, __FILE__, __LINE__, "Error <br>{$sql}");
}
if ($result->EOF) {
$uid = pnVarPrepForStore($uid);
$row['bid'] = pnVarPrepForStore($row['bid']);
$sql = "INSERT INTO {$pntable['userblocks']} ({$column['uid']}, {$column['bid']}, {$column['active']}) VALUES (" . pnVarPrepForStore($uid) . ", '{$row['bid']}', '1')";
$result = $dbconn->Execute($sql);
if ($result === false) {
PN_DBMsgError($dbconn, __FILE__, __LINE__, "Error <br>{$sql}");
}
return true;
} else {
list($active) = $result->fields;
return $active;
}
} else {
return false;
}
}
/**
* get a Time String in the right format
*
*
* @param time $ - prefix string
* @return mixed string if successfull, false if not
*/
function GetUserTime($time)
{
if (empty($time)) {
return;
}
if (pnUserLoggedIn()) {
$time += (pnUserGetVar('timezone_offset') - pnConfigGetVar('timezone_offset')) * 3600;
} else {
$time += (12 - pnConfigGetVar('timezone_offset')) * 3600;
}
return $time;
}
define('LOADED_AS_MODULE', '1');
// load languages
if (file_exists($currentlangfile = 'language/' . pnVarPrepForOS(pnUserGetLang()) . '/user.php')) {
include $currentlangfile;
} elseif (file_exists($defaultlangfile = 'language/' . pnVarPrepForOS(pnConfigGetVar('language')) . '/user.php')) {
include $defaultlangfile;
}
// set module and op respective to the different cases
if (!pnUserLoggedIn() && empty($op)) {
$module = 'User';
$op = 'getlogin';
}
if (isset($op) && $op == 'userinfo') {
$module = 'User';
}
if (pnUserLoggedIn() and (empty($op) or $op == 'adminMain')) {
$module = 'User';
$op = 'main';
}
// Load tools -- they might be needed in the legacy user plugins
include_once 'modules/User/tools.php';
include_once 'modules/User/password.php';
if (file_exists($file = 'modules/' . pnVarPrepForOS($module) . '/user.php') || file_exists($file = 'modules/' . pnVarPrepForOS(preg_replace('/^NS-/', '', $module)) . '/user.php')) {
user_menu();
include $file;
if (substr($module, 0, 3) == 'NS-') {
$function = substr($module, 3) . '_user_';
} else {
$function = $module . '_user_';
}
$function_op = $function . $op;
/**
* Timezone Function
*
* @author Fred B (fredb86)
*/
function ml_ftime($datefmt, $timestamp = -1)
{
if (!isset($datefmt)) {
return null;
}
if ($timestamp < 0) {
$timestamp = time();
}
$day_of_week_short = explode(' ', _DAY_OF_WEEK_SHORT);
$month_short = explode(' ', _MONTH_SHORT);
$day_of_week_long = explode(' ', _DAY_OF_WEEK_LONG);
$month_long = explode(' ', _MONTH_LONG);
$ml_date = ereg_replace('%a', $day_of_week_short[(int) strftime('%w', $timestamp)], $datefmt);
$ml_date = ereg_replace('%A', $day_of_week_long[(int) strftime('%w', $timestamp)], $ml_date);
$ml_date = ereg_replace('%b', $month_short[(int) strftime('%m', $timestamp) - 1], $ml_date);
$ml_date = ereg_replace('%B', $month_long[(int) strftime('%m', $timestamp) - 1], $ml_date);
if (pnUserLoggedIn()) {
$thezone = pnUserGetVar('timezone_offset');
} else {
$thezone = pnConfigGetVar('timezone_offset');
}
$timezone_all = explode(' ', _TIMEZONES);
$offset_all = explode(' ', _TZOFFSETS);
$indexofzone = 0;
for ($i = 0; $i < sizeof($offset_all); $i++) {
if ($offset_all[$i] == $thezone) {
$indexofzone = $i;
}
}
$ml_date = ereg_replace('%Z', $timezone_all[$indexofzone], $ml_date);
return strftime($ml_date, $timestamp);
}
/**
* get the options for commenting
*
* @public
* @return array the comment options array
*/
function pnUserGetCommentOptionsArray()
{
if (pnUserLoggedIn()) {
$mode = pnUserGetVar('umode');
$order = pnUserGetVar('uorder');
$thold = pnUserGetVar('thold');
}
if (empty($mode)) {
$mode = 'thread';
}
if (empty($order)) {
$order = 0;
}
if (empty($thold)) {
$thold = 0;
}
return array('mode' => $mode, 'order' => $order, 'thold' => $thold);
}
function postcalendar_userapi_eventDetail($args, $admin = false)
{
if (!(bool) PC_ACCESS_READ) {
return _POSTCALENDARNOAUTH;
}
// get the theme globals :: is there a better way to do this?
pnThemeLoad(pnUserGetTheme());
global $bgcolor1, $bgcolor2, $bgcolor3, $bgcolor4, $bgcolor5;
global $textcolor1, $textcolor2;
$popup = pnVarCleanFromInput('popup');
extract($args);
unset($args);
if (!isset($cacheid)) {
$cacheid = null;
}
if (!isset($eid)) {
return false;
}
if (!isset($nopop)) {
$nopop = false;
}
$uid = pnUserGetVar('uid');
//=================================================================
// Find out what Template we're using
//=================================================================
$template_name = _SETTING_TEMPLATE;
if (!isset($template_name)) {
$template_name = 'default';
}
//=================================================================
// Setup Smarty Template Engine
//=================================================================
$tpl = new pcSmarty();
if ($admin) {
$template = $template_name . '/admin/details.html';
$args['cacheid'] = '';
$print = 0;
$Date =& postcalendar_getDate();
$tpl->caching = false;
} else {
$template = $template_name . '/user/details.html';
}
if (!$tpl->is_cached($template, $cacheid)) {
// let's get the DB information
list($dbconn) = pnDBGetConn();
$pntable = pnDBGetTables();
// get the event's information
$event =& postcalendar_userapi_pcGetEventDetails($eid);
// if the above is false, it's a private event for another user
// we should not diplay this - so we just exit gracefully
if ($event === false) {
return false;
}
//=================================================================
// get event's topic information
//=================================================================
$topics_table = $pntable['topics'];
$topics_column = $pntable['topics_column'];
$topicsql = "SELECT {$topics_column['topictext']},{$topics_column['topicimage']}\n FROM {$topics_table}\n WHERE {$topics_column['topicid']} = {$event['topic']}\n LIMIT 1";
$topic_result = $dbconn->Execute($topicsql);
list($event['topictext'], $event['topicimg']) = $topic_result->fields;
$location = unserialize($event['location']);
$event['location'] = $location['event_location'];
$event['street1'] = $location['event_street1'];
$event['street2'] = $location['event_street2'];
$event['city'] = $location['event_city'];
$event['state'] = $location['event_state'];
$event['postal'] = $location['event_postal'];
$event['date'] = str_replace('-', '', $Date);
//=================================================================
// populate the template
//=================================================================
if (!empty($event['location']) || !empty($event['street1']) || !empty($event['street2']) || !empty($event['city']) || !empty($event['state']) || !empty($event['postal'])) {
$tpl->assign('LOCATION_INFO', true);
} else {
$tpl->assign('LOCATION_INFO', false);
}
if (!empty($event['contname']) || !empty($event['contemail']) || !empty($event['conttel']) || !empty($event['website'])) {
$tpl->assign('CONTACT_INFO', true);
} else {
$tpl->assign('CONTACT_INFO', false);
}
$display_type = substr($event['hometext'], 0, 6);
if ($display_type == ':text:') {
$prepFunction = 'pcVarPrepForDisplay';
$event['hometext'] = substr($event['hometext'], 6);
} elseif ($display_type == ':html:') {
$prepFunction = 'pcVarPrepHTMLDisplay';
$event['hometext'] = substr($event['hometext'], 6);
} else {
$prepFunction = 'pcVarPrepHTMLDisplay';
}
unset($display_type);
// prep the vars for output
$event['title'] =& $prepFunction($event['title']);
$event['hometext'] =& $prepFunction($event['hometext']);
$event['desc'] =& $event['hometext'];
$event['conttel'] =& $prepFunction($event['conttel']);
$event['contname'] =& $prepFunction($event['contname']);
$event['contemail'] =& $prepFunction($event['contemail']);
$event['website'] =& $prepFunction(postcalendar_makeValidURL($event['website']));
$event['fee'] =& $prepFunction($event['fee']);
$event['location'] =& $prepFunction($event['location']);
$event['street1'] =& $prepFunction($event['street1']);
$event['street2'] =& $prepFunction($event['street2']);
$event['city'] =& $prepFunction($event['city']);
$event['state'] =& $prepFunction($event['state']);
$event['postal'] =& $prepFunction($event['postal']);
$tpl->assign_by_ref('A_EVENT', $event);
//=================================================================
// populate the template $ADMIN_OPTIONS
//=================================================================
$target = '';
if (_SETTING_OPEN_NEW_WINDOW) {
$target = 'target="csCalendar"';
}
$admin_edit_url = $admin_delete_url = '';
if (pnSecAuthAction(0, 'PostCalendar::', '::', ACCESS_ADMIN)) {
$admin_edit_url = pnModURL(__POSTCALENDAR__, 'admin', 'submit', array('pc_event_id' => $eid));
$admin_delete_url = pnModURL(__POSTCALENDAR__, 'admin', 'adminevents', array('action' => _ACTION_DELETE, 'pc_event_id' => $eid));
}
$user_edit_url = $user_delete_url = '';
if (pnUserLoggedIn()) {
$logged_in_uname = $_SESSION['authUser'];
} else {
$logged_in_uname = '';
}
$can_edit = false;
if (pnSecAuthAction(0, 'PostCalendar::', '::', ACCESS_ADD) && validateGroupStatus($logged_in_uname, getUsername($event['uname']))) {
$user_edit_url = pnModURL(__POSTCALENDAR__, 'user', 'submit', array('pc_event_id' => $eid));
$user_delete_url = pnModURL(__POSTCALENDAR__, 'user', 'delete', array('pc_event_id' => $eid));
$can_edit = true;
}
$tpl->assign('STYLE', $GLOBALS['style']);
$tpl->assign_by_ref('ADMIN_TARGET', $target);
$tpl->assign_by_ref('ADMIN_EDIT', $admin_edit_url);
$tpl->assign_by_ref('ADMIN_DELETE', $admin_delete_url);
$tpl->assign_by_ref('USER_TARGET', $target);
$tpl->assign_by_ref('USER_EDIT', $user_edit_url);
$tpl->assign_by_ref('USER_DELETE', $user_delete_url);
$tpl->assign_by_ref('USER_CAN_EDIT', $can_edit);
}
//=================================================================
// Parse the template
//=================================================================
if ($popup != 1 && $print != 1) {
$output = "\n\n<!-- START POSTCALENDAR OUTPUT [-: HTTP://POSTCALENDAR.TV :-] -->\n\n";
$output .= $tpl->fetch($template, $cacheid);
$output .= "\n\n<!-- END POSTCALENDAR OUTPUT [-: HTTP://POSTCALENDAR.TV :-] -->\n\n";
} else {
$theme = pnUserGetTheme();
echo "<html><head>";
echo "<LINK REL=\"StyleSheet\" HREF=\"themes/{$theme}/style/styleNN.css\" TYPE=\"text/css\">\n\n\n";
echo "<style type=\"text/css\">\n";
echo "@import url(\"themes/{$theme}/style/style.css\"); ";
echo "</style>\n";
echo "</head><body>\n";
$tpl->display($template, $cacheid);
echo postcalendar_footer();
echo "\n</body></html>";
session_write_close();
exit;
}
return $output;
}
/**
* get authorisation information for this user
* @public
* @returns array
* @return two-element array of user and group permissions
*/
function pnSecGetAuthInfo()
{
list($dbconn) = pnDBGetConn();
$pntable = pnDBGetTables();
// Tables we use
$userpermtable = $pntable['user_perms'];
$userpermcolumn =& $pntable['user_perms_column'];
$groupmembershiptable = $pntable['group_membership'];
$groupmembershipcolumn =& $pntable['group_membership_column'];
$grouppermtable = $pntable['group_perms'];
$grouppermcolumn =& $pntable['group_perms_column'];
$realmtable = $pntable['realms'];
$realmcolumn =& $pntable['realms_column'];
// Empty arrays
$userperms = array();
$groupperms = array();
$uids[] = -1;
// Get user ID
if (!pnUserLoggedIn()) {
// Unregistered UID
$uids[] = 0;
$vars['Active User'] = '******';
} else {
$uids[] = pnUserGetVar('uid');
$vars['Active User'] = pnUserGetVar('uid');
}
$uids = implode(",", $uids);
// Get user permissions
$query = "SELECT {$userpermcolumn['realm']},\n {$userpermcolumn['component']},\n {$userpermcolumn['instance']},\n {$userpermcolumn['level']}\n FROM {$userpermtable}\n WHERE {$userpermcolumn['uid']} IN (" . pnVarPrepForStore($uids) . ")\n ORDER by {$userpermcolumn['sequence']}";
$result = $dbconn->Execute($query);
if ($dbconn->ErrorNo() != 0) {
return array($userperms, $groupperms);
}
while (list($realm, $component, $instance, $level) = $result->fields) {
$result->MoveNext();
// Fix component and instance to auto-insert '.*'
$component = preg_replace('/^$/', '.*', $component);
$component = preg_replace('/^:/', '.*:', $component);
$component = preg_replace('/::/', ':.*:', $component);
$component = preg_replace('/:$/', ':.*', $component);
$instance = preg_replace('/^$/', '.*', $instance);
$instance = preg_replace('/^:/', '.*:', $instance);
$instance = preg_replace('/::/', ':.*:', $instance);
$instance = preg_replace('/:$/', ':.*', $instance);
$userperms[] = array("realm" => $realm, "component" => $component, "instance" => $instance, "level" => $level);
}
// Get all groups that user is in
$query = "SELECT {$groupmembershipcolumn['gid']}\n FROM {$groupmembershiptable}\n WHERE {$groupmembershipcolumn['uid']} IN (" . pnVarPrepForStore($uids) . ")";
$result = $dbconn->Execute($query);
if ($dbconn->ErrorNo() != 0) {
return array($userperms, $groupperms);
}
$usergroups[] = -1;
if (!pnUserLoggedIn()) {
// Unregistered GID
$usergroups[] = 0;
}
while (list($gid) = $result->fields) {
$result->MoveNext();
$usergroups[] = $gid;
}
$usergroups = implode(",", $usergroups);
// Get all group permissions
$query = "SELECT {$grouppermcolumn['realm']},\n {$grouppermcolumn['component']},\n {$grouppermcolumn['instance']},\n {$grouppermcolumn['level']}\n FROM {$grouppermtable}\n WHERE {$grouppermcolumn['gid']} IN (" . pnVarPrepForStore($usergroups) . ")\n ORDER by {$grouppermcolumn['sequence']}";
$result = $dbconn->Execute($query);
if ($dbconn->ErrorNo() != 0) {
return array($userperms, $groupperms);
}
while (list($realm, $component, $instance, $level) = $result->fields) {
$result->MoveNext();
// Fix component and instance to auto-insert '.*' where
// there is nothing there
$component = preg_replace('/^$/', '.*', $component);
$component = preg_replace('/^:/', '.*:', $component);
$component = preg_replace('/::/', ':.*:', $component);
$component = preg_replace('/:$/', ':.*', $component);
$instance = preg_replace('/^$/', '.*', $instance);
$instance = preg_replace('/^:/', '.*:', $instance);
$instance = preg_replace('/::/', ':.*:', $instance);
$instance = preg_replace('/:$/', ':.*', $instance);
// Search/replace of special names
while (preg_match("/<([^>]+)>/", $instance, $res)) {
$instance = preg_replace("/<([^>]+)>/", $vars[$res[1]], $instance, 1);
}
$groupperms[] = array("realm" => $realm, "component" => $component, "instance" => $instance, "level" => $level);
}
return array($userperms, $groupperms);
}
function pnMailHackAttempt($detecting_file = "(no filename available)", $detecting_line = "(no line number available)", $hack_type = "(no type given)", $message = "(no message given)")
{
# Backwards compatibility fix with php 4.0.x and 4.1.x or greater Neo
if (phpversion() >= "4.2.0") {
$_pv = $_POST;
$_gv = $_GET;
$_rv = $_REQUEST;
$_sv = $_SERVER;
$_ev = $_ENV;
$_cv = $_COOKIE;
$_fv = $_FILES;
$_snv = $_SESSION;
} else {
global $HTTP_POST_VARS, $HTTP_GET_VARS, $HTTP_SERVER_VARS, $HTTP_ENV_VARS, $HTTP_COOKIE_VARS, $HTTP_POST_FILES, $HTTP_SESSION_VARS;
$_pv = $HTTP_POST_VARS;
$_gv = $HTTP_GET_VARS;
$_rv = array();
$_sv = $HTTP_SERVER_VARS;
$_ev = $HTTP_ENV_VARS;
$_cv = $HTTP_COOKIE_VARS;
$_fv = $HTTP_POST_FILES;
$_snv = $HTTP_SESSION_VARS;
}
$output = "Attention site admin of " . pnConfigGetVar('sitename') . ",\n";
$output .= "On " . ml_ftime(_DATEBRIEF, GetUserTime(time()));
$output .= " at " . ml_ftime(_TIMEBRIEF, GetUserTime(time()));
$output .= " the Postnuke code has detected that somebody tried to" . " send information to your site that may have been intended" . " as a hack. Do not panic, it may be harmless: maybe this" . " detection was triggered by something you did! Anyway, it" . " was detected and blocked. \n";
$output .= "The suspicious activity was recognized in {$detecting_file} " . "on line {$detecting_line}, and is of the type {$hack_type}. \n";
$output .= "Additional information given by the code which detected this: " . $message;
$output .= "\n\nBelow you will find a lot of information obtained about " . "this attempt, that may help you to find what happened and " . "maybe who did it.\n\n";
$output .= "\n=====================================\n";
$output .= "Information about this user:\n";
$output .= "=====================================\n";
if (!pnUserLoggedIn()) {
$output .= "This person is not logged in.\n";
} else {
$output .= "Postnuke username: "******"\n" . "Registered email of this Postnuke user: "******"\n" . "Registered real name of this Postnuke user: "******"\n";
}
$output .= "IP numbers: [note: when you are dealing with a real cracker " . "these IP numbers might not be from the actual computer he is " . "working on]" . "\n\t IP according to HTTP_CLIENT_IP: " . getenv('HTTP_CLIENT_IP') . "\n\t IP according to REMOTE_ADDR: " . getenv('REMOTE_ADDR') . "\n\t IP according to GetHostByName(\$REMOTE_ADDR): " . GetHostByName($REMOTE_ADDR) . "\n\n";
$output .= "\n=====================================\n";
$output .= "Information in the \$_REQUEST array\n";
$output .= "=====================================\n";
while (list($key, $value) = each($_rv)) {
$output .= "REQUEST * {$key} : {$value}\n";
}
$output .= "\n=====================================\n";
$output .= "Information in the \$_GET array\n";
$output .= "This is about variables that may have been ";
$output .= "in the URL string or in a 'GET' type form.\n";
$output .= "=====================================\n";
while (list($key, $value) = each($_gv)) {
$output .= "GET * {$key} : {$value}\n";
}
$output .= "\n=====================================\n";
$output .= "Information in the \$_POST array\n";
$output .= "This is about visible and invisible form elements.\n";
$output .= "=====================================\n";
while (list($key, $value) = each($_pv)) {
$output .= "POST * {$key} : {$value}\n";
}
$output .= "\n=====================================\n";
$output .= "Browser information\n";
$output .= "=====================================\n";
global $HTTP_USER_AGENT;
$output .= "HTTP_USER_AGENT: " . $HTTP_USER_AGENT . "\n";
$browser = (array) get_browser();
while (list($key, $value) = each($browser)) {
$output .= "BROWSER * {$key} : {$value}\n";
}
$output .= "\n=====================================\n";
$output .= "Information in the \$_SERVER array\n";
$output .= "=====================================\n";
while (list($key, $value) = each($_sv)) {
$output .= "SERVER * {$key} : {$value}\n";
}
$output .= "\n=====================================\n";
$output .= "Information in the \$_ENV array\n";
$output .= "=====================================\n";
while (list($key, $value) = each($_ev)) {
$output .= "ENV * {$key} : {$value}\n";
}
$output .= "\n=====================================\n";
$output .= "Information in the \$_COOKIE array\n";
$output .= "=====================================\n";
while (list($key, $value) = each($_cv)) {
$output .= "COOKIE * {$key} : {$value}\n";
}
$output .= "\n=====================================\n";
$output .= "Information in the \$_FILES array\n";
$output .= "=====================================\n";
while (list($key, $value) = each($_fv)) {
$output .= "FILES * {$key} : {$value}\n";
}
$output .= "\n=====================================\n";
$output .= "Information in the \$_SESSION array\n";
$output .= "This is session info. The variables\n";
$output .= " starting with PNSV are PostNukeSessionVariables.\n";
$output .= "=====================================\n";
while (list($key, $value) = each($_snv)) {
$output .= "SESSION * {$key} : {$value}\n";
}
$sitename = pnConfigGetVar('sitename');
$adminmail = pnConfigGetVar('adminmail');
$headers = "From: {$sitename} <{$adminmail}>\n" . "X-Priority: 1 (Highest)\n";
pnMail($adminmail, 'Attempted hack on your site? (type: ' . $hack_type . ')', $output, $headers);
return;
}
/**
* add core data to the template
*
* This function adds some basic data to the template depending on the
* current user and the PN settings.
*
* @param list of module names. all mod vars of these modules will be included too
The mod vars of the current module will always be included
* @return boolean true if ok, otherwise false
* @access public
*/
function add_core_data()
{
$pncore = array();
$pncore['version_num'] = _PN_VERSION_NUM;
$pncore['version_id'] = _PN_VERSION_ID;
$pncore['version_sub'] = _PN_VERSION_SUB;
$pncore['logged_in'] = pnUserLoggedIn();
$pncore['language'] = pnUserGetLang();
$pncore['themeinfo'] = pnThemeInfo(pnUserGetTheme());
pnThemeLoad($pncore['themeinfo']['name']);
$colors = array();
$colors['bgcolor1'] = pnThemeGetVar('bgcolor1');
$colors['bgcolor2'] = pnThemeGetVar('bgcolor2');
$colors['bgcolor3'] = pnThemeGetVar('bgcolor3');
$colors['bgcolor4'] = pnThemeGetVar('bgcolor4');
$colors['bgcolor5'] = pnThemeGetVar('bgcolor5');
$colors['sepcolor'] = pnThemeGetVar('sepcolor');
$colors['textcolor1'] = pnThemeGetVar('textcolor1');
$colors['textcolor2'] = pnThemeGetVar('textcolor2');
// add userdata
$pncore['user'] = pnUserGetVars(pnSessionGetVar('uid'));
// add modvars of current module
$pncore[$this->module] = pnModGetVar($this->module);
// add mod vars of all modules supplied as parameter
foreach (func_get_args() as $modulename) {
// if the modulename is empty do nothing
if (!empty($modulename) && !is_array($modulename) && $modulename != $this->module) {
// check if user wants to have /PNConfig
if ($modulename == _PN_CONFIG_MODULE) {
$pnconfig = pnModGetVar(_PN_CONFIG_MODULE);
foreach ($pnconfig as $key => $value) {
// unserialize all config vars
$pncore['pnconfig'][$key] = @unserialize($value);
}
} else {
$pncore[$modulename] = pnModGetVar($modulename);
}
}
}
$this->assign('pncore', $pncore);
$this->assign($colors);
return true;
}
/**
* get authorisation information for this user
*
* @public
* @return array two element array of user and group permissions
*/
function pnSecGetAuthInfo()
{
// Load the groups db info
pnModDBInfoLoad('Groups');
pnModDBInfoLoad('Permissions');
$dbconn =& pnDBGetConn(true);
$pntable =& pnDBGetTables();
// Tables we use
$userpermtable = $pntable['user_perms'];
$userpermcolumn =& $pntable['user_perms_column'];
$groupmembershiptable = $pntable['group_membership'];
$groupmembershipcolumn =& $pntable['group_membership_column'];
$grouppermtable = $pntable['group_perms'];
$grouppermcolumn =& $pntable['group_perms_column'];
$realmtable = $pntable['realms'];
$realmcolumn =& $pntable['realms_column'];
// Empty arrays
$userperms = array();
$groupperms = array();
$uids[] = -1;
// Get user ID
if (!pnUserLoggedIn()) {
// Unregistered UID
$uids[] = 0;
$vars['Active User'] = '******';
} else {
$uids[] = pnUserGetVar('uid');
$vars['Active User'] = pnUserGetVar('uid');
}
$uids = implode(",", $uids);
// Get user permissions
$query = "SELECT {$userpermcolumn['realm']},\n {$userpermcolumn['component']},\n {$userpermcolumn['instance']},\n {$userpermcolumn['level']}\n FROM {$userpermtable}\n WHERE {$userpermcolumn['uid']} IN (" . pnVarPrepForStore($uids) . ")\n ORDER by {$userpermcolumn['sequence']}";
$result =& $dbconn->Execute($query);
if ($dbconn->ErrorNo() != 0) {
return array($userperms, $groupperms);
}
while (list($realm, $component, $instance, $level) = $result->fields) {
$result->MoveNext();
//itevo
$component = fixsecuritystring($component);
$instance = fixsecuritystring($instance);
$userperms[] = array('realm' => $realm, 'component' => $component, 'instance' => $instance, 'level' => $level);
}
// Get all groups that user is in
$query = "SELECT {$groupmembershipcolumn['gid']}\n FROM {$groupmembershiptable}\n WHERE {$groupmembershipcolumn['uid']} IN (" . pnVarPrepForStore($uids) . ")";
$result =& $dbconn->Execute($query);
if ($dbconn->ErrorNo() != 0) {
return array($userperms, $groupperms);
}
$usergroups[] = -1;
if (!pnUserLoggedIn()) {
// Unregistered GID
$usergroups[] = 0;
}
while (list($gid) = $result->fields) {
$result->MoveNext();
$usergroups[] = $gid;
}
$usergroups = implode(",", $usergroups);
// Get all group permissions
$query = "SELECT {$grouppermcolumn['realm']},\n {$grouppermcolumn['component']},\n {$grouppermcolumn['instance']},\n {$grouppermcolumn['level']}\n FROM {$grouppermtable}\n WHERE {$grouppermcolumn['gid']} IN (" . pnVarPrepForStore($usergroups) . ")\n ORDER by {$grouppermcolumn['sequence']}";
$result =& $dbconn->Execute($query);
if ($dbconn->ErrorNo() != 0) {
return array($userperms, $groupperms);
}
while (list($realm, $component, $instance, $level) = $result->fields) {
$result->MoveNext();
//itevo
$component = fixsecuritystring($component);
$instance = fixsecuritystring($instance);
// Search/replace of special names
preg_match_all("/<([^>]+)>/", $instance, $res);
for ($i = 0; $i < count($res[1]); $i++) {
$instance = preg_replace("/<([^>]+)>/", $vars[$res[1][$i]], $instance, 1);
}
$groupperms[] = array('realm' => $realm, 'component' => $component, 'instance' => $instance, 'level' => $level);
}
// we've now got the permissions info
$GLOBALS['authinfogathered'] = 1;
return array($userperms, $groupperms);
}
/**
* Checks if user controlled block state
*
* Checks if the user has a state set for a current block
* Sets the default state for that block if not present
*
* @access private
*/
function pnCheckUserBlock($row)
{
if (!isset($row['bid'])) {
$row['bid'] = '';
}
if (pnUserLoggedIn()) {
$uid = pnUserGetVar('uid');
$dbconn =& pnDBGetConn(true);
$pntable =& pnDBGetTables();
$column =& $pntable['userblocks_column'];
$sql = "SELECT {$column['active']}\n\t\t FROM {$pntable['userblocks']}\n\t\t WHERE {$column['bid']} = '" . pnVarPrepForStore($row['bid']) . "'\n\t\t\t AND {$column['uid']} = '" . pnVarPrepForStore($uid) . "'";
$result =& $dbconn->Execute($sql);
if ($dbconn->ErrorNo() != 0) {
pnSessionSetVar('errormsg', 'Error: ' . $dbconn->ErrorNo() . ': ' . $dbconn->ErrorMsg());
return true;
}
if ($result->EOF) {
$uid = pnVarPrepForStore($uid);
$row['bid'] = pnVarPrepForStore($row['bid']);
$sql = "INSERT INTO {$pntable['userblocks']}\n\t\t\t \t\t ({$column['uid']},\n\t\t\t\t\t \t\t\t{$column['bid']},\n\t\t\t\t\t \t\t\t{$column['active']})\n\t\t\t\t\tVALUES (" . pnVarPrepForStore($uid) . ",\n\t\t\t\t\t '{$row['bid']}',\n\t\t\t\t\t\t\t" . pnVarPrepForStore($row['defaultstate']) . ")";
$result =& $dbconn->Execute($sql);
if ($dbconn->ErrorNo() != 0) {
pnSessionSetVar('errormsg', 'Error: ' . $dbconn->ErrorNo() . ': ' . $dbconn->ErrorMsg());
return true;
}
return true;
} else {
list($active) = $result->fields;
return $active;
}
} else {
return false;
}
}
function blocks_online_block($row)
{
list($dbconn) = pnDBGetConn();
$pntable = pnDBGetTables();
if (!pnSecAuthAction(0, 'Onlineblock::', "{$row['title']}::", ACCESS_READ)) {
return;
}
$sessioninfocolumn =& $pntable['session_info_column'];
$sessioninfotable = $pntable['session_info'];
$sessioninfocolumn =& $pntable['session_info_column'];
$sessioninfotable = $pntable['session_info'];
$activetime = time() - pnConfigGetVar('secinactivemins') * 60;
$query = "SELECT count( 1 )\n FROM {$sessioninfotable}\n WHERE {$sessioninfocolumn['lastused']} > {$activetime} AND {$sessioninfocolumn['uid']} >0\n\t\t GROUP BY {$sessioninfocolumn['uid']}\n\t\t ";
$result = $dbconn->Execute($query);
$numusers = $result->RecordCount();
$result->Close();
$query2 = "SELECT count( 1 )\n FROM {$sessioninfotable}\n WHERE {$sessioninfocolumn['lastused']} > {$activetime} AND {$sessioninfocolumn['uid']} = '0'\n\t\t\t GROUP BY {$sessioninfocolumn['ipaddr']}\n\t\t\t ";
$result2 = $dbconn->Execute($query2);
$numguests = $result2->RecordCount();
$result2->Close();
// Pluralise
if ($numguests == 1) {
$guests = _GUEST;
} else {
$guests = _GUESTS;
}
if ($numusers == 1) {
$users = _MEMBER;
} else {
$users = _MEMBERS;
}
$content = "<span class=\"pn-normal\">" . _CURRENTLY . " " . pnVarPrepForDisplay($numguests) . " " . pnVarPrepForDisplay($guests) . " " . _AND . " " . pnVarPrepForDisplay($numusers) . " " . pnVarPrepForDisplay($users) . " " . _ONLINE . "<br />\n";
if (pnUserLoggedIn()) {
$content .= '<br />' . _YOUARELOGGED . ' <b>' . pnUserGetVar('uname') . '</b>.<br />';
if (pnModAvailable('Messages')) {
// display private messages only when module is active
$column =& $pntable['priv_msgs_column'];
$result2 = $dbconn->Execute("SELECT count(*) FROM {$pntable['priv_msgs']} WHERE {$column['to_userid']}=" . pnUserGetVar('uid'));
list($numrow) = $result2->fields;
// get unread messages
$result3 = $dbconn->Execute("SELECT count(*) FROM {$pntable['priv_msgs']} WHERE {$column['to_userid']}=" . pnUserGetVar('uid') . " AND {$column['read_msg']}='0'");
list($unreadrow) = $result3->fields;
if ($numrow == 0) {
$content .= '<br /></span>';
} else {
$content .= "<br />" . _YOUHAVE . " (<a class=\"pn-normal\" href=\"modules.php?op=modload&name=Messages&file=index\" title=\"" . _PRIVATEMSGS . "\">" . pnVarPrepForDisplay($numrow) . "</a>|<a class=\"pn-normal\" href=\"modules.php?op=modload&name=Messages&file=index\" title=\"" . _PRIVATEMSGNEW . "\">" . pnVarPrepForDisplay($unreadrow) . "</a>) ";
if ($numrow == 1) {
$content .= _PRIVATEMSG;
} elseif ($numrow > 1) {
$content .= _PRIVATEMSGS;
}
$content .= "</span><br />";
}
}
} else {
$content .= '<br />' . _YOUAREANON . '</span><br />';
}
if (empty($row['title'])) {
$row['title'] = _WHOSONLINE;
}
$row['content'] = $content;
return themesideblock($row);
}
if (file_exists($currentlangfile)) {
include $currentlangfile;
} elseif (file_exists($defaultlangfile)) {
include $defaultlangfile;
}
global $stop, $minage, $module;
if (!pnUserLoggedIn() && empty($op)) {
$module = 'NS-User';
$op = 'getlogin';
}
if (isset($op) && $op == 'userinfo') {
$module = 'NS-User';
}
// New module way
// $module / $op control
if (pnUserLoggedIn() and (!isset($op) or $op == 'adminMain')) {
$module = 'NS-User';
$op = 'main';
}
if (file_exists($file = 'modules/' . pnVarPrepForOS($module) . '/user.php')) {
user_menu();
include $file;
if (substr($module, 0, 3) == 'NS-') {
$function = substr($module, 3) . '_user_';
} else {
$function = $module . '_user_';
}
$function_op = $function . $op;
$function_main = $function . 'main';
$var = array_merge($GLOBALS['HTTP_GET_VARS'], $GLOBALS['HTTP_POST_VARS']);
if (function_exists($function_op)) {
