function cookiedecode() { if (!pnUserLoggedIn()) { return; } global $cookie; $cookie = array(pnUserGetVar('uid'), pnUserGetVar('uname'), pnUserGetVar('pass'), pnUserGetVar('storynum'), pnUserGetVar('umode'), pnUserGetVar('uorder'), pnUserGetVar('thold'), pnUserGetVar('noscore'), pnUserGetVar('ublockon'), pnUserGetVar('theme'), pnUserGetVar('commentmax')); return $cookie; }
function blocks_login_block($row) { global $HTTP_SERVER_VARS; if (empty($row['title'])) { $row['title'] = 'Login'; } if (!pnSecAuthAction(0, 'Loginblock::', "{$row['title']}::", ACCESS_READ)) { return; } // code taken pnGetBaseURI to fix issue with IIS not passing request_uri // markwest // Start of with REQUEST_URI if (isset($HTTP_SERVER_VARS['REQUEST_URI'])) { $path = $HTTP_SERVER_VARS['REQUEST_URI']; } else { $path = getenv('REQUEST_URI'); } if (empty($path) || substr($path, -1, 1) == '/') { // REQUEST_URI was empty or pointed to a path // Try looking at PATH_INFO $path = getenv('PATH_INFO'); if (empty($path)) { // No luck there either // Try SCRIPT_NAME if (isset($HTTP_SERVER_VARS['SCRIPT_NAME'])) { $path = $HTTP_SERVER_VARS['SCRIPT_NAME']; } else { $path = getenv('SCRIPT_NAME'); } } } if (!pnUserLoggedIn()) { // prettified a little with a table for inputs and button to avoid bugs like #493456 (Andy Varganov) $boxstuff = '<form action="user.php" method="post">'; $boxstuff .= '<table border="0" width="100%" cellspacing="0" cellpadding="1"><tr><td>'; $boxstuff .= '<span class="pn-normal"> ' . _BLOCKNICKNAME . '</span></td></tr><tr><td>'; $boxstuff .= '<input type="text" name="uname" size="14" maxlength="25"></td></tr><tr><td>'; $boxstuff .= '<span class="pn-normal"> ' . _BLOCKPASSWORD . '</span></td></tr><tr><td>'; $boxstuff .= '<input type="password" name="pass" size="14" maxlength="20"></td></tr><tr><td>'; if (pnConfigGetVar('seclevel') != 'High') { $boxstuff .= '<input type="checkbox" value="1" name="rememberme" />'; $boxstuff .= '<span class="pn-normal"> ' . _REMEMBERME . '</span></td></tr><tr><td>'; } $boxstuff .= '<br>'; $boxstuff .= '<input type="hidden" name="module" value="NS-User" />'; $boxstuff .= '<input type="hidden" name="op" value="login" />'; $boxstuff .= '<input type="hidden" name="url" value="' . pnVarPrepForDisplay($path) . '" />'; $boxstuff .= '<input type="submit" value="' . _LOGIN . '" /></td></tr><tr><td>'; $boxstuff .= '<br /><span class="pn-normal">' . _ASREGISTERED . '</span></td></tr><tr><td></table></form>'; if (empty($row['title'])) { $row['title'] = _LOGIN; } $row['content'] = $boxstuff; return themesideblock($row); } }
function dplink_user_main() { $url = trim(pnModGetVar('dplink', 'url')); $window = pnModGetVar('dplink', 'use_window'); $wrap = pnModGetVar('dplink', 'use_postwrap'); $user_data = array(); $home = pnGetBaseURL(); $home .= 'user.php?op=loginscreen&module=NS-User'; if (!pnUserLoggedIn()) { pnRedirect($home); } // We need to get the user password string from the database $uid = pnUserGetVar('uid'); list($dbconn) = pnDBGetConn(); $pntables = pnDBGetTables(); $usertable = $pntables['users']; $usercol =& $pntables['users_column']; $sql = "SELECT {$usercol['uname']}, {$usercol['pass']}, {$usercol['name']}, {$usercol['email']} " . "FROM {$usertable} WHERE {$usercol['uid']} = {$uid}"; $result = $dbconn->Execute($sql); if ($dbconn->ErrorNo() != 0) { die('Could not get user details'); } if ($result->EOF) { die('Could not get user detail'); } list($uname, $password, $user_name, $user_email) = $result->fields; $result->Close(); $user_data['login'] = $uname; $user_data['passwd'] = $password; $user_data['name'] = $user_name; $user_data['email'] = $user_email; $parm = serialize($user_data); $check = md5($parm); $cparm = gzcompress($parm); $bparm = urlencode(base64_encode($cparm)); if ($window) { $url .= '/index.php?login=pn&userdata=' . $bparm . '&check=' . $check; header('Location: ' . $url); } else { $url .= '/index.php?login=pn%26userdata=' . $bparm . '%26check=' . $check; if ($wrap) { header('Location: modules.php?op=modload&name=PostWrap&file=index&page=' . $url); } else { header('Location: modules.php?op=modload&name=dplink&file=index&url=' . $url); } } exit; }
/** * display block * * @param array $blockinfo a blockinfo structure * @return output the rendered bock */ function FlashChatBridge_Onlineblock_display($blockinfo) { if (!SecurityUtil::checkPermission('FlashChatBridge:Onlineblock:', "::", ACCESS_READ)) { return false; } if (!pnModAvailable('FlashChatBridge') || !pnUserLoggedIn()) { return false; } //pnModLoad("FlashChatBridge"); $Users = pnModAPIFunc('FlashChatBridge', 'user', 'getChatterList'); $count = count($Users); $render = pnRender::getInstance('FlashChatBridge', false); $render->assign('Users', $Users); $render->assign('Count', $count); $blockinfo['content'] = $render->fetch('flashchatbridge_block_online.htm'); return pnBlockThemeBlock($blockinfo); }
function hasAlbumAccess($albumId, $access, $viewKey) { // Admin can do everything if (SecurityUtil::checkPermission('mediashare::', '::', ACCESS_ADMIN)) { return true; } $userId = (int) pnUserGetVar('uid'); // Owner can do everything if (!($album = pnModAPIFunc('mediashare', 'user', 'getAlbum', array('albumId' => $albumId)))) { return false; } if ($album['ownerId'] == $userId) { return true; } // Don't enable any edit access if not having normal Zikula edit access if (!SecurityUtil::checkPermission('mediashare::', '::', ACCESS_EDIT)) { $access = $access & ~mediashareAccessRequirementEditSomething; } // Must have normal PN read access to the module if (!SecurityUtil::checkPermission('mediashare::', '::', ACCESS_READ)) { return false; } // Anonymous is not allowed to add stuff, so remove those bits if (!pnUserLoggedIn()) { $access = $access & ~mediashareAccessRequirementAddSomething; } pnModDBInfoLoad('Groups'); // Make sure groups database info is available $pntable = pnDBGetTables(); $accessTable = $pntable['mediashare_access']; $accessColumn = $pntable['mediashare_access_column']; $membershipTable = $pntable['group_membership']; $membershipColumn = $pntable['group_membership_column']; $invitedAlbums = pnModAPIFunc('mediashare', 'invitation', 'getInvitedAlbums', array()); if (is_array($invitedAlbums) && $invitedAlbums[$albumId] && ($access & mediashareAccessRequirementView) == mediashareAccessRequirementView) { return true; } $sql = "SELECT COUNT(*)\n FROM {$accessTable}\n LEFT JOIN {$membershipTable}\n ON {$membershipColumn['gid']} = {$accessColumn['groupId']}\n AND {$membershipColumn['uid']} = {$userId}\n WHERE {$accessColumn['albumId']} = {$albumId}\n AND ({$accessColumn['access']} & {$access}) != 0\n AND ({$membershipColumn['gid']} IS NOT NULL OR {$accessColumn['groupId']} = -1)"; $result = DBUtil::executeSQL($sql); if ($result === false) { return LogUtil::registerError(__f('Error in %1$s: %2$s.', array('accessapi.hasAlbumAccess', 'Could not retrieve the user privilegies.'), $dom)); } $hasAccess = DBUtil::marshallObjects($result, array('count')); return $hasAccess[0]['count'] > 0; }
function blocks_user_block($row) { list($dbconn) = pnDBGetConn(); $pntable = pnDBGetTables(); if (!pnSecAuthAction(0, 'Userblock::', "{$row['title']}::", ACCESS_READ)) { return; } if (pnUserLoggedIn() && pnUserGetVar('ublockon') == 1) { $column =& $pntable['users_column']; $uid = pnUserGetVar('uid'); $getblock = $dbconn->Execute("SELECT {$column['ublock']} FROM {$pntable['users']} WHERE {$column['uid']}=" . pnVarPrepForStore($uid) . ""); list($ublock) = $getblock->fields; $username = pnUserGetVar('name'); $row['title'] = _MENUFOR . " " . pnVarPrepForDisplay($username) . ""; $row['content'] = $ublock; return themesideblock($row); } }
/** * display block * * @param array $blockinfo a blockinfo structure * @return output the rendered bock */ function FlashChatBridge_Bannerchatblock_display($blockinfo) { if (!SecurityUtil::checkPermission('FlashChatBridge:Bannerchatblock:', "::", ACCESS_READ)) { return false; } if (!pnModAvailable('FlashChatBridge') || !pnUserLoggedIn()) { return false; } $render = pnRender::getInstance('FlashChatBridge', false); $UserVars = pnUserGetVars(SessionUtil::getVar('uid')); $settings = pnModGetVar('FlashChatBridge'); $settings['init_user'] = $UserVars['uname']; $settings['init_password'] = $UserVars['pass']; $settings['width'] = "100%"; $settings['height'] = "150"; $render->assign('settings', $settings); $blockinfo['content'] = $render->fetch('flashchatbridge_user_chat_banner.htm'); return pnBlockThemeBlock($blockinfo); }
/** * postcalendar_userapi_pcQueryEvents * INPUT * $args = Array of values possibly containing: * $provider_id = array of provider ID numbers * * Returns an array containing the event's information * @params array(key=>value) * @params string key eventstatus * @params int value -1 == hidden ; 0 == queued ; 1 == approved * @return array $events[][] */ function &postcalendar_userapi_pcQueryEvents($args) { $end = '0000-00-00'; extract($args); // echo "<!-- args = "; print_r($args); echo " -->\n"; // debugging // $pc_username = pnVarCleanFromInput('pc_username'); $pc_username = $_SESSION['pc_username']; // from Michael Brinson 2006-09-19 if (empty($pc_username) || is_array($pc_username)) { $pc_username = "******"; } //echo "DEBUG pc_username: $pc_username \n"; // debugging $topic = pnVarCleanFromInput('pc_topic'); $category = pnVarCleanFromInput('pc_category'); if (!empty($pc_username) && strtolower($pc_username) != 'anonymous') { if ($pc_username == '__PC_ALL__' || $pc_username == -1) { $ruserid = -1; } else { $ruserid = getIDfromUser($pc_username); } } if (!isset($eventstatus)) { $eventstatus = 1; } // sanity check on eventstatus if ((int) $eventstatus < -1 || (int) $eventstatus > 1) { $eventstatus = 1; } if (!isset($start)) { $start = Date_Calc::dateNow('%Y-%m-%d'); } list($sy, $sm, $sd) = explode('-', $start); list($dbconn) = pnDBGetConn(); $pntable = pnDBGetTables(); // link to the events tables $table = $pntable['postcalendar_events']; $cattable = $pntable['postcalendar_categories']; $topictable = $pntable['postcalendar_topics']; $sql = "SELECT DISTINCT a.pc_eid, a.pc_informant, a.pc_catid, " . "a.pc_title, a.pc_time, a.pc_hometext, a.pc_eventDate, a.pc_duration, " . "a.pc_endDate, a.pc_startTime, a.pc_recurrtype, a.pc_recurrfreq, " . "a.pc_recurrspec, a.pc_topic, a.pc_alldayevent, a.pc_location, " . "a.pc_conttel, a.pc_contname, a.pc_contemail, a.pc_website, a.pc_fee, " . "a.pc_sharing, a.pc_prefcatid, b.pc_catcolor, b.pc_catname, " . "b.pc_catdesc, a.pc_pid, a.pc_apptstatus, a.pc_aid, " . "concat(u.fname,' ',u.lname) as provider_name, " . "concat(pd.lname,', ',pd.fname) as patient_name, " . "concat(u2.fname, ' ', u2.lname) as owner_name, " . "DOB as patient_dob, a.pc_facility, pd.pubpid " . "FROM ( {$table} AS a ) " . "LEFT JOIN {$cattable} AS b ON b.pc_catid = a.pc_catid " . "LEFT JOIN users as u ON a.pc_aid = u.id " . "LEFT JOIN users as u2 ON a.pc_aid = u2.id " . "LEFT JOIN patient_data as pd ON a.pc_pid = pd.pid " . "WHERE a.pc_eventstatus = {$eventstatus} " . "AND ((a.pc_endDate >= '{$start}' AND a.pc_eventDate <= '{$end}') OR " . "(a.pc_endDate = '0000-00-00' AND a.pc_eventDate >= '{$start}' AND " . "a.pc_eventDate <= '{$end}')) "; //================================== //FACILITY FILTERING (lemonsoftware)(CHEMED) if ($_SESSION['pc_facility']) { $pc_facility = $_SESSION['pc_facility']; $sql .= " AND a.pc_facility = {$pc_facility} "; /* AND u.facility_id = $pc_facility AND u2.facility_id = $pc_facility "; */ } else { if ($pc_facility) { // pc_facility could be provided in the search arguments -- JRM March 2008 $sql .= " AND a.pc_facility = {$pc_facility} "; /*. " AND u.facility_id = $pc_facility". " AND u2.facility_id = $pc_facility "; */ } } //EOS FACILITY FILTERING (lemonsoftware) //================================== // The above 3 lines replaced these: // AND (a.pc_endDate >= '$start' OR a.pc_endDate = '0000-00-00') // AND a.pc_eventDate <= '$end' "; if (!empty($providerID)) { $ruserid = $providerID; } // eliminate ruserid if we're trying to query by provider_id -- JRM if (!empty($provider_id)) { unset($ruserid); } if (isset($ruserid)) { // get all events for the specified username if ($ruserid == -1) { $sql .= "AND (a.pc_sharing = '" . SHARING_BUSY . "' "; $sql .= "OR a.pc_sharing = '" . SHARING_PUBLIC . "') "; } else { $sql .= "AND a.pc_aid IN (0, " . $ruserid . ") "; } } elseif (!pnUserLoggedIn()) { // get all events for anonymous users $sql .= "AND a.pc_sharing = '" . SHARING_GLOBAL . "' "; } elseif (!empty($provider_id)) { // get all events for a variety of provider IDs -- JRM if ($provider_id[0] != "_ALL_") { /**add all the events from the clinic provider id = 0*/ $sql .= "AND a.pc_aid in (0," . implode(",", $provider_id) . ") "; } } else { // get all events for logged in user plus global events $sql .= "AND (a.pc_aid IN (0," . $_SESSION['authUserID'] . ") OR a.pc_sharing = '" . SHARING_GLOBAL . "') "; } //====================================================================== // START SEARCH FUNCTIONALITY //====================================================================== if (!empty($s_keywords)) { $sql .= "AND ({$s_keywords}) "; } if (!empty($s_category)) { $sql .= "AND ({$s_category}) "; } if (!empty($s_topic)) { $sql .= "AND ({$s_topic}) "; } if (!empty($category)) { $sql .= "AND (a.pc_catid = '" . pnVarPrepForStore($category) . "') "; } if (!empty($topic)) { $sql .= "AND (a.pc_topic = '" . pnVarPrepForStore($topic) . "') "; } //====================================================================== // Search sort and limitation //====================================================================== if (empty($sort)) { $sql .= "GROUP BY a.pc_eid ORDER BY a.pc_time DESC"; } else { $sql .= "GROUP BY a.pc_eid ORDER BY a.{$sort}"; } //====================================================================== // END SEARCH FUNCTIONALITY //====================================================================== //echo "<br>sq: $sql<br />"; // echo "<!-- " . $sql . " -->\n"; // debugging $result = $dbconn->Execute($sql); if ($dbconn->ErrorNo() != 0) { die($dbconn->ErrorMsg()); } // put the information into an array for easy access $events = array(); // return an empty array if we don't have any results if (!isset($result)) { return $events; } for ($i = 0; !$result->EOF; $result->MoveNext()) { // WHY are we using an array for intermediate storage??? -- Rod // get the results from the query if (isset($tmp)) { unset($tmp); } $tmp = array(); list($tmp['eid'], $tmp['uname'], $tmp['catid'], $tmp['title'], $tmp['time'], $tmp['hometext'], $tmp['eventDate'], $tmp['duration'], $tmp['endDate'], $tmp['startTime'], $tmp['recurrtype'], $tmp['recurrfreq'], $tmp['recurrspec'], $tmp['topic'], $tmp['alldayevent'], $tmp['location'], $tmp['conttel'], $tmp['contname'], $tmp['contemail'], $tmp['website'], $tmp['fee'], $tmp['sharing'], $tmp['prefcatid'], $tmp['catcolor'], $tmp['catname'], $tmp['catdesc'], $tmp['pid'], $tmp['apptstatus'], $tmp['aid'], $tmp['provider_name'], $tmp['patient_name'], $tmp['owner_name'], $tmp['patient_dob'], $tmp['facility'], $tmp['pubpid']) = $result->fields; // grab the name of the topic $topicname = pcGetTopicName($tmp['topic']); // get the user id of event's author $cuserid = @$nuke_users[strtolower($tmp['uname'])]; // check the current event's permissions // the user does not have permission to view this event // if any of the following evaluate as false if (!pnSecAuthAction(0, 'PostCalendar::Event', "{$tmp['title']}::{$tmp['eid']}", ACCESS_OVERVIEW)) { continue; } elseif (!pnSecAuthAction(0, 'PostCalendar::Category', "{$tmp['catname']}::{$tmp['catid']}", ACCESS_OVERVIEW)) { continue; } elseif (!pnSecAuthAction(0, 'PostCalendar::User', "{$tmp['uname']}::{$cuserid}", ACCESS_OVERVIEW)) { continue; } elseif (!pnSecAuthAction(0, 'PostCalendar::Topic', "{$topicname}::{$tmp['topic']}", ACCESS_OVERVIEW)) { continue; } elseif ($tmp['sharing'] == SHARING_PRIVATE && $cuserid != $userid) { continue; } // add event to the array if we passed the permissions check // this is the common information $events[$i]['intervals'] = $tmp['duration'] / 60 / $GLOBALS['day_calandar_interval']; //sets the number of rows this event should span $events[$i]['eid'] = $tmp['eid']; $events[$i]['uname'] = $tmp['uname']; $events[$i]['uid'] = $cuserid; $events[$i]['catid'] = $tmp['catid']; $events[$i]['time'] = $tmp['time']; $events[$i]['eventDate'] = $tmp['eventDate']; $events[$i]['duration'] = $tmp['duration']; // there has to be a more intelligent way to do this @(list($events[$i]['duration_hours'], $dmin) = @explode('.', $tmp['duration'] / 60 / 60)); $events[$i]['duration_minutes'] = substr(sprintf('%.2f', '.' . 60 * ($dmin / 100)), 2, 2); //'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''' $events[$i]['endDate'] = $tmp['endDate']; $events[$i]['startTime'] = $tmp['startTime']; $events[$i]['recurrtype'] = $tmp['recurrtype']; $events[$i]['recurrfreq'] = $tmp['recurrfreq']; $events[$i]['recurrspec'] = $tmp['recurrspec']; $events[$i]['topic'] = $tmp['topic']; $events[$i]['alldayevent'] = $tmp['alldayevent']; $events[$i]['catcolor'] = $tmp['catcolor']; // Modified 06-2009 by BM to translate the category if applicable $events[$i]['catname'] = xl_appt_category($tmp['catname']); $events[$i]['catdesc'] = $tmp['catdesc']; $events[$i]['pid'] = $tmp['pid']; $events[$i]['apptstatus'] = $tmp['apptstatus']; $events[$i]['pubpid'] = $tmp['pubpid']; $events[$i]['patient_name'] = $tmp['patient_name']; $events[$i]['provider_name'] = $tmp['provider_name']; $events[$i]['owner_name'] = $tmp['owner_name']; $events[$i]['patient_dob'] = $tmp['patient_dob']; $events[$i]['patient_age'] = getPatientAge($tmp['patient_dob']); $events[$i]['facility'] = getFacility($tmp['facility']); $events[$i]['sharing'] = $tmp['sharing']; $events[$i]['prefcatid'] = $tmp['prefcatid']; $events[$i]['aid'] = $tmp['aid']; $events[$i]['topictext'] = $topicname; $events[$i]['intervals'] = ceil($tmp['duration'] / 60 / $GLOBALS['calendar_interval']); if ($events[$i]['intervals'] == 0) { $events[$i]['intervals'] = 1; } // is this a public event to be shown as busy? if ($tmp['sharing'] == SHARING_BUSY && $cuserid != $userid) { // make it not display any information $events[$i]['title'] = _USER_BUSY_TITLE; $events[$i]['hometext'] = _USER_BUSY_MESSAGE; $events[$i]['desc'] = _USER_BUSY_MESSAGE; $events[$i]['conttel'] = ''; $events[$i]['contname'] = ''; $events[$i]['contemail'] = ''; $events[$i]['website'] = ''; $events[$i]['fee'] = ''; $events[$i]['location'] = ''; $events[$i]['street1'] = ''; $events[$i]['street2'] = ''; $events[$i]['city'] = ''; $events[$i]['state'] = ''; $events[$i]['postal'] = ''; } else { $display_type = substr($tmp['hometext'], 0, 6); if ($display_type == ':text:') { $prepFunction = 'pcVarPrepForDisplay'; $tmp['hometext'] = substr($tmp['hometext'], 6); } elseif ($display_type == ':html:') { $prepFunction = 'pcVarPrepHTMLDisplay'; $tmp['hometext'] = substr($tmp['hometext'], 6); } else { $prepFunction = 'pcVarPrepHTMLDisplay'; } unset($display_type); $events[$i]['title'] = $prepFunction($tmp['title']); $events[$i]['hometext'] = $prepFunction($tmp['hometext']); $events[$i]['desc'] = $events[$i]['hometext']; $events[$i]['conttel'] = $prepFunction($tmp['conttel']); $events[$i]['contname'] = $prepFunction($tmp['contname']); $events[$i]['contemail'] = $prepFunction($tmp['contemail']); $events[$i]['website'] = $prepFunction(postcalendar_makeValidURL($tmp['website'])); $events[$i]['fee'] = $prepFunction($tmp['fee']); $loc = unserialize($tmp['location']); $events[$i]['location'] = $prepFunction($loc['event_location']); $events[$i]['street1'] = $prepFunction($loc['event_street1']); $events[$i]['street2'] = $prepFunction($loc['event_street2']); $events[$i]['city'] = $prepFunction($loc['event_city']); $events[$i]['state'] = $prepFunction($loc['event_state']); $events[$i]['postal'] = $prepFunction($loc['event_postal']); } $i++; } unset($tmp); $result->Close(); return $events; }
function head() { global $index, $artpage, $topic, $hlpfile, $hr, $theme, $bgcolor1, $bgcolor2, $bgcolor3, $bgcolor4, $bgcolor5, $textcolor1, $textcolor2, $textcolor3, $textcolor4, $forumpage, $thename, $postnuke_theme, $pntheme, $themename, $themeimages, $additional_header, $themeOverrideCategory, $themeOverrideStory; // modification mouzaia .71 $cWhereIsPerso = WHERE_IS_PERSO; if (!empty($cWhereIsPerso)) { include "modules/NS-Multisites/head.inc.php"; } else { global $themesarein; if (pnUserLoggedIn() && pnConfigGetVar('theme_change') != 1) { $thistheme = pnUserGetTheme(); if (isset($theme)) { $thistheme = pnVarPrepForOs($theme); } } else { $thistheme = pnConfigGetVar('Default_Theme'); if (isset($theme)) { $thistheme = pnVarPrepForOs($theme); } } // eugenio themeover 20020413 // override the theme per category or story // precedence is story over category override if ($themeOverrideCategory != '' && file_exists("themes/{$themeOverrideCategory}")) { $thistheme = $themeOverrideCategory; } if ($themeOverrideStory != '' && file_exists("themes/{$themeOverrideStory}")) { $thistheme = $themeOverrideStory; } if (@file(WHERE_IS_PERSO . "themes/" . $thistheme . "/theme.php")) { $themesarein = WHERE_IS_PERSO; } else { $themesarein = ""; } } // eugenio themeover 20020413 pnThemeLoad($thistheme); /** * Simple XHTML Beginnings */ if (pnConfigGetVar('supportxhtml')) { //include("includes/xhtml.php"); xhtml_head_start(0); /* Transitional Support for now */ } else { echo "<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.01 Transitional//EN\">\n"; echo "<html>\n<head>\n"; if (defined("_CHARSET") && _CHARSET != "") { echo "<meta http-equiv=\"Content-Type\" " . "content=\"text/html; charset=" . _CHARSET . "\">\n"; } } if ($artpage == 1) { /** * article page output */ global $info, $hometext; echo "<title>{$info['title']} :: " . pnConfigGetVar('sitename') . ' :: ' . pnConfigGetVar('slogan') . "</title>\n"; if (pnConfigGetVar('dyn_keywords') == 1) { $htmlless = check_html($info['maintext'], $strip = 'nohtml'); $symbolLess = trim(ereg_replace('("|\\?|!|:|\\.|\\(|\\)|;|\\\\)+', ' ', $htmlless)); $keywords = ereg_replace('( |' . CHR(10) . '|' . CHR(13) . ')+', ',', $symbolLess); $metatags = ereg_replace(",+", ",", $keywords); echo "<meta http-equiv=\"Keywords\" content=\"{$metatags}\">\n"; } else { echo "<meta name=\"KEYWORDS\" content=\"" . pnConfigGetVar('metakeywords') . "\">\n"; } } else { /** * all other page output */ echo '<title>' . pnConfigGetVar('sitename') . ' :: ' . pnConfigGetVar('slogan') . "</title>\n"; echo '<meta name="KEYWORDS" content="' . pnConfigGetVar('metakeywords') . "\">\n"; } echo '<meta name="DESCRIPTION" content="' . pnConfigGetVar('slogan') . "\">\n"; echo "<meta name=\"ROBOTS\" content=\"INDEX,FOLLOW\">\n"; echo "<meta name=\"resource-type\" content=\"document\">\n"; echo "<meta http-equiv=\"expires\" content=\"0\">\n"; echo '<meta name="author" content="' . pnConfigGetVar('sitename') . "\">\n"; echo '<meta name="copyright" content="Copyright (c) 2003 by ' . pnConfigGetVar('sitename') . "\">\n"; echo "<meta name=\"revisit-after\" content=\"1 days\">\n"; echo "<meta name=\"distribution\" content=\"Global\">\n"; echo '<meta name="generator" content="PostNuke ' . _PN_VERSION_NUM . " - http://postnuke.com\">\n"; echo "<meta name=\"rating\" content=\"General\">\n"; global $themesarein; echo "<link rel=\"StyleSheet\" href=\"" . $themesarein . "themes/" . $thistheme . "/style/styleNN.css\" type=\"text/css\">\n"; echo "<style type=\"text/css\">"; echo "@import url(\"" . $themesarein . "themes/" . $thistheme . "/style/style.css\"); "; echo "</style>\n"; echo "<script type=\"text/javascript\" src=\"javascript/showimages.php\"></script>\n\n"; /* Enable Wysiwyg editor configuration at seeting Added by bharvey42 edited by Neo */ $pnWysiwygEditor = pnConfigGetVar('WYSIWYGEditor'); if (is_numeric($pnWysiwygEditor) && $pnWysiwygEditor == 1) { $pnWSEditorPath = pnGetBaseURI(); echo "<!--Visual Editor Plug-in-->" . "<script type=\"text/javascript\">QBPATH='" . $pnWSEditorPath . "/javascript'; VISUAL=0; SECURE=1;</script>" . "<script type=\"text/javascript\" src='" . $pnWSEditorPath . "/javascript/quickbuild.js'></script>" . "<script type=\"text/javascript\" src='" . $pnWSEditorPath . "/javascript/tabedit.js'></script>"; } else { } echo "<script type=\"text/javascript\" src=\"javascript/openwindow.php?hlpfile={$hlpfile}\"></script>\n\n"; if (isset($additional_header)) { echo @implode("\n", $additional_header); } themeheader(); }
/** * Arrange items */ function mediashare_edit_arrange($args) { $albumId = mediashareGetIntUrl('aid', $args, 1); // Check access if (!mediashareAccessAlbum($albumId, mediashareAccessRequirementAddMedia | mediashareAccessRequirementEditMedia, '')) { return LogUtil::registerPermissionError(); } if (isset($_POST['cancelButton'])) { return pnRedirect(pnModURL('mediashare', 'edit', 'view', array('aid' => $albumId))); } if (isset($_POST['saveButton'])) { return mediashareArrangeAlbum($args); } $dom = ZLanguage::getModuleDomain('mediashare'); if (!pnUserLoggedIn()) { return LogUtil::registerError(__('You must be logged in to use this feature', $dom)); } // Fetch current album if (!($album = pnModAPIFunc('mediashare', 'user', 'getAlbum', array('albumId' => $albumId)))) { return false; } if ($album === true) { return LogUtil::registerError(__('Unknown album.', $dom)); } // Fetch media items if (($items = pnModAPIFunc('mediashare', 'user', 'getMediaItems', array('albumId' => $albumId))) === false) { return false; } // Build the output $render =& pnRender::getInstance('mediashare', false); $render->assign('album', $album); $render->assign('mediaItems', $items); return $render->fetch('mediashare_edit_arrange.html'); }
/** * display block */ function admin_messages_messagesblock_display($row) { list($dbconn) = pnDBGetConn(); $pntable = pnDBGetTables(); if (!isset($row['title'])) { $row['title'] = ''; } if (!pnSecAuthAction(0, 'Admin Messages:Messagesblock:', "{$row['title']}::", ACCESS_READ)) { return; } $messagestable = $pntable['message']; $messagescolumn =& $pntable['message_column']; if (pnConfigGetVar('multilingual') == 1) { $currentlang = pnUserGetLang(); $querylang = "AND ({$messagescolumn['mlanguage']}='{$currentlang}' OR {$messagescolumn['mlanguage']}='')"; } else { $querylang = ''; } $sql = "SELECT {$messagescolumn['mid']},\n {$messagescolumn['title']},\n {$messagescolumn['content']},\n {$messagescolumn['date']},\n {$messagescolumn['view']}\n FROM {$messagestable}\n WHERE {$messagescolumn['active']} = 1 \n AND ( {$messagescolumn['expire']} > unix_timestamp(now())\n OR {$messagescolumn['expire']} = 0)\n {$querylang}\n ORDER by {$messagescolumn['mid']} DESC"; $result = $dbconn->Execute($sql); if ($dbconn->ErrorNo() != 0) { return; } $output = new pnHTML(); while (list($mid, $title, $content, $date, $view) = $result->fields) { $result->MoveNext(); $show = 0; if (pnSecAuthAction(0, 'Admin Messages:Messagesblock:', "{$row['title']}::{$mid}", ACCESS_READ)) { switch ($view) { case 1: // Message for everyone $show = 1; break; case 2: // Message for users if (pnUserLoggedIn()) { $show = 1; } break; case 3: // Messages for non-users if (!pnUserLoggedIn()) { $show = 1; } break; case 4: // Messages for administrators of any description if (pnSecAuthAction(0, '::', '::', ACCESS_ADMIN)) { $show = 1; } break; } } if ($show) { list($title, $content) = pnModCallHooks('item', 'transform', '', array($title, $content)); $output->TableStart('', '', 0); $output->SetInputMode(_PNH_VERBATIMINPUT); $output->SetOutputMode(_PNH_RETURNOUTPUT); $ttitle = $output->Linebreak(); $ttitle .= $output->Text($title); $ttitle .= $output->Linebreak(2); $output->SetOutputMode(_PNH_KEEPOUTPUT); $output->TableAddRow(array("<font class=\"pn-title\">" . pnVarPrepHTMLDisplay($ttitle) . "</font>"), 'center'); $output->TableAddRow(array("<font class=\"pn-normal\">" . pnVarPrepHTMLDisplay($content) . "</font>"), 'left'); $output->SetInputMode(_PNH_PARSEINPUT); $output->TableEnd(); } } if ($output->output != "") { // Don't want a title $row['title'] = ''; $row['content'] = $output->GetOutput(); return themesideblock($row); } }
function postcalendar_admin_submit($args) { if (!PC_ACCESS_ADMIN) { return _POSTCALENDAR_NOAUTH; } pnModAPILoad(__POSTCALENDAR__, 'user'); $output = postcalendar_adminmenu(); // get the theme globals :: is there a better way to do this? pnThemeLoad(pnUserGetTheme()); global $bgcolor1, $bgcolor2, $bgcolor3, $bgcolor4, $bgcolor5, $textcolor1, $textcolor2; extract($args); $Date = postcalendar_getDate(); $year = substr($Date, 0, 4); $month = substr($Date, 4, 2); $day = substr($Date, 6, 2); // basic event information $event_subject = pnVarCleanFromInput('event_subject'); $event_desc = pnVarCleanFromInput('event_desc'); $event_sharing = pnVarCleanFromInput('event_sharing'); $event_category = pnVarCleanFromInput('event_category'); $event_topic = pnVarCleanFromInput('event_topic'); // event start information $event_startmonth = pnVarCleanFromInput('event_startmonth'); $event_startday = pnVarCleanFromInput('event_startday'); $event_startyear = pnVarCleanFromInput('event_startyear'); $event_starttimeh = pnVarCleanFromInput('event_starttimeh'); $event_starttimem = pnVarCleanFromInput('event_starttimem'); $event_startampm = pnVarCleanFromInput('event_startampm'); // event end information $event_endmonth = pnVarCleanFromInput('event_endmonth'); $event_endday = pnVarCleanFromInput('event_endday'); $event_endyear = pnVarCleanFromInput('event_endyear'); $event_endtype = pnVarCleanFromInput('event_endtype'); $event_dur_hours = pnVarCleanFromInput('event_dur_hours'); $event_dur_minutes = pnVarCleanFromInput('event_dur_minutes'); $event_duration = 60 * 60 * $event_dur_hours + 60 * $event_dur_minutes; $event_allday = pnVarCleanFromInput('event_allday'); // location data $event_location = pnVarCleanFromInput('event_location'); $event_street1 = pnVarCleanFromInput('event_street1'); $event_street2 = pnVarCleanFromInput('event_street2'); $event_city = pnVarCleanFromInput('event_city'); $event_state = pnVarCleanFromInput('event_state'); $event_postal = pnVarCleanFromInput('event_postal'); $event_location_info = serialize(compact('event_location', 'event_street1', 'event_street2', 'event_city', 'event_state', 'event_postal')); // contact data $event_contname = pnVarCleanFromInput('event_contname'); $event_conttel = pnVarCleanFromInput('event_conttel'); $event_contemail = pnVarCleanFromInput('event_contemail'); $event_website = pnVarCleanFromInput('event_website'); $event_fee = pnVarCleanFromInput('event_fee'); // event repeating data $event_repeat = pnVarCleanFromInput('event_repeat'); $event_repeat_freq = pnVarCleanFromInput('event_repeat_freq'); $event_repeat_freq_type = pnVarCleanFromInput('event_repeat_freq_type'); $event_repeat_on_num = pnVarCleanFromInput('event_repeat_on_num'); $event_repeat_on_day = pnVarCleanFromInput('event_repeat_on_day'); $event_repeat_on_freq = pnVarCleanFromInput('event_repeat_on_freq'); $event_recurrspec = serialize(compact('event_repeat_freq', 'event_repeat_freq_type', 'event_repeat_on_num', 'event_repeat_on_day', 'event_repeat_on_freq')); $pc_html_or_text = pnVarCleanFromInput('pc_html_or_text'); $form_action = pnVarCleanFromInput('form_action'); $pc_event_id = pnVarCleanFromInput('pc_event_id'); $data_loaded = pnVarCleanFromInput('data_loaded'); $is_update = pnVarCleanFromInput('is_update'); $authid = pnVarCleanFromInput('authid'); if (pnUserLoggedIn()) { $uname = pnUserGetVar('uname'); } else { $uname = pnConfigGetVar('anonymous'); } if (!isset($event_repeat)) { $event_repeat = 0; } // lets wrap all the data into array for passing to submit and preview functions if (!isset($pc_event_id) || empty($pc_event_id) || $data_loaded) { $eventdata = compact('event_subject', 'event_desc', 'event_sharing', 'event_category', 'event_topic', 'event_startmonth', 'event_startday', 'event_startyear', 'event_starttimeh', 'event_starttimem', 'event_startampm', 'event_endmonth', 'event_endday', 'event_endyear', 'event_endtype', 'event_dur_hours', 'event_dur_minutes', 'event_duration', 'event_allday', 'event_location', 'event_street1', 'event_street2', 'event_city', 'event_state', 'event_postal', 'event_location_info', 'event_contname', 'event_conttel', 'event_contemail', 'event_website', 'event_fee', 'event_repeat', 'event_repeat_freq', 'event_repeat_freq_type', 'event_repeat_on_num', 'event_repeat_on_day', 'event_repeat_on_freq', 'event_recurrspec', 'uname', 'Date', 'year', 'month', 'day', 'pc_html_or_text'); $eventdata['is_update'] = $is_update; $eventdata['pc_event_id'] = $pc_event_id; $eventdata['data_loaded'] = true; } else { $event = postcalendar_userapi_pcGetEventDetails($pc_event_id); $eventdata['event_subject'] = $event['title']; $eventdata['event_desc'] = $event['hometext']; $eventdata['event_sharing'] = $event['sharing']; $eventdata['event_category'] = $event['catid']; $eventdata['event_topic'] = $event['topic']; $eventdata['event_startmonth'] = substr($event['eventDate'], 5, 2); $eventdata['event_startday'] = substr($event['eventDate'], 8, 2); $eventdata['event_startyear'] = substr($event['eventDate'], 0, 4); $eventdata['event_starttimeh'] = substr($event['startTime'], 0, 2); $eventdata['event_starttimem'] = substr($event['startTime'], 3, 2); $eventdata['event_startampm'] = $eventdata['event_starttimeh'] < 12 ? _PC_AM : _PC_PM; $eventdata['event_endmonth'] = substr($event['endDate'], 5, 2); $eventdata['event_endday'] = substr($event['endDate'], 8, 2); $eventdata['event_endyear'] = substr($event['endDate'], 0, 4); $eventdata['event_endtype'] = $event['endDate'] == '0000-00-00' ? '0' : '1'; $eventdata['event_dur_hours'] = $event['duration_hours']; $eventdata['event_dur_minutes'] = $event['duration_minutes']; $eventdata['event_duration'] = $event['duration']; $eventdata['event_allday'] = $event['alldayevent']; $loc_data = unserialize($event['location']); $eventdata['event_location'] = $loc_data['event_location']; $eventdata['event_street1'] = $loc_data['event_street1']; $eventdata['event_street2'] = $loc_data['event_street2']; $eventdata['event_city'] = $loc_data['event_city']; $eventdata['event_state'] = $loc_data['event_state']; $eventdata['event_postal'] = $loc_data['event_postal']; $eventdata['event_location_info'] = $loc_data; $eventdata['event_contname'] = $event['contname']; $eventdata['event_conttel'] = $event['conttel']; $eventdata['event_contemail'] = $event['contemail']; $eventdata['event_website'] = $event['website']; $eventdata['event_fee'] = $event['fee']; $eventdata['event_repeat'] = $event['recurrtype']; $eventdata['event_pid'] = $event['pid']; $eventdata['event_aid'] = $event['aid']; $rspecs = unserialize($event['recurrspec']); $eventdata['event_repeat_freq'] = $rspecs['event_repeat_freq']; $eventdata['event_repeat_freq_type'] = $rspecs['event_repeat_freq_type']; $eventdata['event_repeat_on_num'] = $rspecs['event_repeat_on_num']; $eventdata['event_repeat_on_day'] = $rspecs['event_repeat_on_day']; $eventdata['event_repeat_on_freq'] = $rspecs['event_repeat_on_freq']; $eventdata['event_recurrspec'] = $rspecs; $eventdata['uname'] = $uname; $eventdata['Date'] = $Date; $eventdata['year'] = $year; $eventdata['month'] = $month; $eventdata['day'] = $day; $eventdata['is_update'] = true; $eventdata['pc_event_id'] = $pc_event_id; $eventdata['data_loaded'] = true; $eventdata['pc_html_or_text'] = $pc_html_or_text; } // lets get the module's information $modinfo = pnModGetInfo(pnModGetIDFromName(__POSTCALENDAR__)); $categories = pnModAPIFunc(__POSTCALENDAR__, 'user', 'getCategories'); //================================================================ // ERROR CHECKING //================================================================ $required_vars = array('event_subject', 'event_desc'); $required_name = array(_PC_EVENT_TITLE, _PC_EVENT_DESC); $error_msg = ''; $reqCount = count($required_vars); for ($r = 0; $r < $reqCount; $r++) { if (empty(${$required_vars}[$r]) || !preg_match('/\\S/i', ${$required_vars}[$r])) { $error_msg .= '<b>' . $required_name[$r] . '</b> ' . _PC_SUBMIT_ERROR4 . '<br />'; } } unset($reqCount); // check repeating frequencies if ($event_repeat == REPEAT) { if (!isset($event_repeat_freq) || $event_repeat_freq < 1 || empty($event_repeat_freq)) { $error_msg .= _PC_SUBMIT_ERROR5 . '<br />'; } elseif (!is_numeric($event_repeat_freq)) { $error_msg .= _PC_SUBMIT_ERROR6 . '<br />'; } } elseif ($event_repeat == REPEAT_ON) { if (!isset($event_repeat_on_freq) || $event_repeat_on_freq < 1 || empty($event_repeat_on_freq)) { $error_msg .= _PC_SUBMIT_ERROR5 . '<br />'; } elseif (!is_numeric($event_repeat_on_freq)) { $error_msg .= _PC_SUBMIT_ERROR6 . '<br />'; } } // check date validity if (_SETTING_TIME_24HOUR) { $startTime = $event_starttimeh . ':' . $event_starttimem; $endTime = $event_endtimeh . ':' . $event_endtimem; } else { if ($event_startampm == _AM_VAL) { $event_starttimeh = $event_starttimeh == 12 ? '00' : $event_starttimeh; } else { $event_starttimeh = $event_starttimeh != 12 ? $event_starttimeh += 12 : $event_starttimeh; } $startTime = $event_starttimeh . ':' . $event_starttimem; } $sdate = strtotime($event_startyear . '-' . $event_startmonth . '-' . $event_startday); $edate = strtotime($event_endyear . '-' . $event_endmonth . '-' . $event_endday); $tdate = strtotime(date('Y-m-d')); if ($edate < $sdate && $event_endtype == 1) { $error_msg .= _PC_SUBMIT_ERROR1 . '<br />'; } if (!checkdate($event_startmonth, $event_startday, $event_startyear)) { $error_msg .= _PC_SUBMIT_ERROR2 . '<br />'; } if (!checkdate($event_endmonth, $event_endday, $event_endyear)) { $error_msg .= _PC_SUBMIT_ERROR3 . '<br />'; } //================================================================ // Preview the event //================================================================ if ($form_action == 'preview') { if (!empty($error_msg)) { $preview = false; $output .= '<table border="0" width="100%" cellpadding="1" cellspacing="0"><tr><td bgcolor="red">'; $output .= '<table border="0" width="100%" cellpadding="1" cellspacing="0"><tr><td bgcolor="pink">'; $output .= '<center><b>' . _PC_SUBMIT_ERROR . '</b></center>'; $output .= '<br />'; $output .= $error_msg; $output .= '</td></td></table>'; $output .= '</td></td></table>'; $output .= '<br /><br />'; } else { $output .= pnModAPIFunc(__POSTCALENDAR__, 'user', 'eventPreview', $eventdata); $output .= '<br />'; } } //================================================================ // Enter the event into the DB //================================================================ if ($form_action == 'commit') { //if (!pnSecConfirmAuthKey()) { return(_NO_DIRECT_ACCESS); } if (!empty($error_msg)) { $preview = false; $output .= '<table border="0" width="100%" cellpadding="1" cellspacing="0"><tr><td bgcolor="red">'; $output .= '<table border="0" width="100%" cellpadding="1" cellspacing="0"><tr><td bgcolor="pink">'; $output .= '<center><b>' . _PC_SUBMIT_ERROR . '</b></center>'; $output .= '<br />'; $output .= $error_msg; $output .= '</td></td></table>'; $output .= '</td></td></table>'; $output .= '<br /><br />'; } else { if (!pnModAPIFunc(__POSTCALENDAR__, 'admin', 'submitEvent', $eventdata)) { $output .= '<center><div style="padding:5px; border:1px solid red; background-color: pink;">'; $output .= "<b>" . _PC_EVENT_SUBMISSION_FAILED . "</b>"; $output .= '</div></center><br />'; $output .= '<br />'; } else { // clear the Smarty cache $tpl = new pcSmarty(); $tpl->clear_all_cache(); $output .= '<center><div style="padding:5px; border:1px solid green; background-color: lightgreen;">'; if ($is_update) { $output .= "<b>" . _PC_EVENT_EDIT_SUCCESS . "</b>"; } else { $output .= "<b>" . _PC_EVENT_SUBMISSION_SUCCESS . "</b>"; } $output .= '</div></center><br />'; $output .= '<br />'; // clear the form vars $event_subject = $event_desc = $event_sharing = $event_category = $event_topic = $event_startmonth = $event_startday = $event_startyear = $event_starttimeh = $event_starttimem = $event_startampm = $event_endmonth = $event_endday = $event_endyear = $event_endtype = $event_dur_hours = $event_dur_minutes = $event_duration = $event_allday = $event_location = $event_street1 = $event_street2 = $event_city = $event_state = $event_postal = $event_location_info = $event_contname = $event_conttel = $event_contemail = $event_website = $event_fee = $event_repeat = $event_repeat_freq = $event_repeat_freq_type = $event_repeat_on_num = $event_repeat_on_day = $event_repeat_on_freq = $event_recurrspec = $uname = $Date = $year = $month = $day = $pc_html_or_text = null; $is_update = false; $pc_event_id = 0; // lets wrap all the data into array for passing to submit and preview functions $eventdata = compact('event_subject', 'event_desc', 'event_sharing', 'event_category', 'event_topic', 'event_startmonth', 'event_startday', 'event_startyear', 'event_starttimeh', 'event_starttimem', 'event_startampm', 'event_endmonth', 'event_endday', 'event_endyear', 'event_endtype', 'event_dur_hours', 'event_dur_minutes', 'event_duration', 'event_allday', 'event_location', 'event_street1', 'event_street2', 'event_city', 'event_state', 'event_postal', 'event_location_info', 'event_contname', 'event_conttel', 'event_contemail', 'event_website', 'event_fee', 'event_repeat', 'event_repeat_freq', 'event_repeat_freq_type', 'event_repeat_on_num', 'event_repeat_on_day', 'event_repeat_on_freq', 'event_recurrspec', 'uname', 'Date', 'year', 'month', 'day', 'pc_html_or_text', 'is_update', 'pc_event_id'); } } } $output .= pnModAPIFunc('PostCalendar', 'admin', 'buildSubmitForm', $eventdata); return $output; }
/** * get a Time String in the right format * * @deprecated * * @param time $ - prefix string * @return mixed string if successfull, false if not */ function GetUserTime($time) { LogUtil::log(__f('Warning! Function %1$s is deprecated.', 'GetUserTime'), E_USER_DEPRECATED); if (empty($time)) { return; } if (pnUserLoggedIn()) { $time += (pnUserGetVar('tzoffset') - System::getVar('timezone_server')) * 3600; } else { $time += (System::getVar('timezone_offset') - System::getVar('timezone_server')) * 3600; } return ($time); }
function user_user_main($var) { include 'header.php'; user_menu_draw(); if (pnUserLoggedIn()) { $uname = pnUserGetVar('uname'); if (pnModAvailable('Comments')) { user_main_last10com($uname); } if (pnModAvailable('News')) { user_main_last10submit($uname); } include 'footer.php'; } // ?else }
function blocks_past_block($row) { $catid = pnVarCleanFromInput('catid'); list($dbconn) = pnDBGetConn(); $pntable = pnDBGetTables(); $oldnum = pnConfigGetVar('perpage'); if (!pnSecAuthAction(0, 'Pastblock::', "{$row['title']}::", ACCESS_READ)) { return; } if (pnUserLoggedIn()) { $storyhome = pnUserGetVar('storynum'); } else { $storyhome = pnConfigGetVar('storyhome'); } // Break out options from our content field $vars = pnBlockVarsFromContent($row['content']); // Defaults if (empty($storynum)) { $storynum = 10; } if (empty($vars['limit'])) { $vars['limit'] = 10; } $storynum = $vars['limit']; $column =& $pntable['stories_column']; if (!isset($catid) || $catid == '') { $articles = getArticles("{$column['ihome']}=0", "{$column['time']} DESC", $storynum, $storyhome); } else { $articles = getArticles("{$column['catid']}={$catid}", "{$column['time']} DESC", $storynum, $storyhome); } $time2 = ""; setlocale(LC_TIME, pnConfigGetVar('locale')); $boxstuff = "<table width=\"100%\" cellpadding=\"1\" cellspacing=\"0\" border=\"0\" class=\"pn-normal\">\n"; $vari = 0; $see = 0; foreach ($articles as $article) { $info = genArticleInfo($article); $links = genArticleLinks($info); $preformat = genArticlePreformat($info, $links); // a little bit tricky to remove the bold property from link description // (2001-11-15, hdonner) $preformat['title'] = str_replace("pn-title", "pn-normal", $preformat['title']); if (!pnSecAuthAction(0, 'Stories::Story', "{$info['aid']}:{$info['cattitle']}:{$info['sid']}", ACCESS_READ) || !pnSecAuthAction(0, 'Topics::Topic', "{$info['topicname']}::{$info['tid']}", ACCESS_READ)) { continue; } $see = 1; ereg("([0-9]{4})-([0-9]{1,2})-([0-9]{1,2}) ([0-9]{1,2}):([0-9]{1,2}):([0-9]{1,2})", $info['time'], $datetime2); $datetime2 = ml_ftime("" . _DATESTRING2 . "", mktime($datetime2[4], $datetime2[5], $datetime2[6], $datetime2[2], $datetime2[3], $datetime2[1])); $datetime2 = ucfirst($datetime2); if ($time2 == $datetime2) { $boxstuff .= "<tr><td valign=\"top\"><big><strong>·</strong></big></td>" . "<td valign=\"top\" width=\"100%\"><span class=\"pn-normal\">" . $preformat['title'] . " ({$info['comments']})</span></td></tr>\n"; } else { $boxstuff .= "<tr><td colspan=\"2\"><b>{$datetime2}</b></td></tr>\n" . "<tr><td valign=\"top\"><big><strong>·</strong></big></td>" . "<td valign=\"top\" width=\"100%\"><span class=\"pn-normal\">{$preformat['title']} ({$info['comments']})</span></td></tr>\n"; $time2 = $datetime2; } $vari++; if ($vari == $vars['limit']) { $usernum = pnUserGetVar('storynum'); if (!empty($usernum)) { $storynum = $usernum; } else { $storynum = pnConfigGetVar('storyhome'); } $min = $oldnum + $storynum; $boxstuff .= "<tr><td> </td><td valign=\"top\"><a class=\"pn-normal\""; if (!isset($catid)) { $boxstuff .= "href=\"modules.php?op=modload&name=Search&file=index&action=search&overview=1&active_stories=1\"><b>" . _OLDERARTICLES . "</b></a></td></tr>\n"; } else { $boxstuff .= "href=\"modules.php?op=modload&name=Search&file=index&action=search&overview=1&active_stories=1&stories_cat[0]={$catid}\"><b>" . _OLDERARTICLES . "</b></a></td></tr>\n"; } } } $boxstuff .= "</table>"; if ($see == 1) { if (empty($row['title'])) { $row['title'] = _PASTARTICLES; } $row['content'] = $boxstuff; return themesideblock($row); } }
<?php if (!defined("LOADED_AS_MODULE")) { die("You cannot access this file directly"); } if (!pnLocalReferer()) { die("You cannot access this file from an external site"); } if (!$url) { die("You must use the {} calling method in your menu, not []"); } $home = pnGetBaseURL(); $home .= "user.php?op=loginscreen&module=NS-User"; if (!pnUserLoggedIn()) { pnRedirect($home); } include "header.php"; echo "<iframe name='dplink' src='{$url}' width='100%' height='1600'\nmarginwidth=0 marginheight=0 frameborder=0></iframe>"; include "footer.php";
function checkuserblock($row) { list($dbconn) = pnDBGetConn(); $pntable = pnDBGetTables(); if (!isset($row['bid'])) { $row['bid'] = ''; } if (pnUserLoggedIn()) { $uid = pnUserGetVar('uid'); $column =& $pntable['userblocks_column']; $sql = "SELECT {$column['active']} FROM " . $pntable['userblocks'] . " WHERE " . $column['bid'] . "='" . pnVarPrepForStore($row['bid']) . "' AND " . $column['uid'] . "=" . pnVarPrepForStore($uid); $result = $dbconn->Execute($sql); if ($result === false) { PN_DBMsgError($dbconn, __FILE__, __LINE__, "Error <br>{$sql}"); } if ($result->EOF) { $uid = pnVarPrepForStore($uid); $row['bid'] = pnVarPrepForStore($row['bid']); $sql = "INSERT INTO {$pntable['userblocks']} ({$column['uid']}, {$column['bid']}, {$column['active']}) VALUES (" . pnVarPrepForStore($uid) . ", '{$row['bid']}', '1')"; $result = $dbconn->Execute($sql); if ($result === false) { PN_DBMsgError($dbconn, __FILE__, __LINE__, "Error <br>{$sql}"); } return true; } else { list($active) = $result->fields; return $active; } } else { return false; } }
/** * get a Time String in the right format * * * @param time $ - prefix string * @return mixed string if successfull, false if not */ function GetUserTime($time) { if (empty($time)) { return; } if (pnUserLoggedIn()) { $time += (pnUserGetVar('timezone_offset') - pnConfigGetVar('timezone_offset')) * 3600; } else { $time += (12 - pnConfigGetVar('timezone_offset')) * 3600; } return $time; }
define('LOADED_AS_MODULE', '1'); // load languages if (file_exists($currentlangfile = 'language/' . pnVarPrepForOS(pnUserGetLang()) . '/user.php')) { include $currentlangfile; } elseif (file_exists($defaultlangfile = 'language/' . pnVarPrepForOS(pnConfigGetVar('language')) . '/user.php')) { include $defaultlangfile; } // set module and op respective to the different cases if (!pnUserLoggedIn() && empty($op)) { $module = 'User'; $op = 'getlogin'; } if (isset($op) && $op == 'userinfo') { $module = 'User'; } if (pnUserLoggedIn() and (empty($op) or $op == 'adminMain')) { $module = 'User'; $op = 'main'; } // Load tools -- they might be needed in the legacy user plugins include_once 'modules/User/tools.php'; include_once 'modules/User/password.php'; if (file_exists($file = 'modules/' . pnVarPrepForOS($module) . '/user.php') || file_exists($file = 'modules/' . pnVarPrepForOS(preg_replace('/^NS-/', '', $module)) . '/user.php')) { user_menu(); include $file; if (substr($module, 0, 3) == 'NS-') { $function = substr($module, 3) . '_user_'; } else { $function = $module . '_user_'; } $function_op = $function . $op;
/** * Timezone Function * * @author Fred B (fredb86) */ function ml_ftime($datefmt, $timestamp = -1) { if (!isset($datefmt)) { return null; } if ($timestamp < 0) { $timestamp = time(); } $day_of_week_short = explode(' ', _DAY_OF_WEEK_SHORT); $month_short = explode(' ', _MONTH_SHORT); $day_of_week_long = explode(' ', _DAY_OF_WEEK_LONG); $month_long = explode(' ', _MONTH_LONG); $ml_date = ereg_replace('%a', $day_of_week_short[(int) strftime('%w', $timestamp)], $datefmt); $ml_date = ereg_replace('%A', $day_of_week_long[(int) strftime('%w', $timestamp)], $ml_date); $ml_date = ereg_replace('%b', $month_short[(int) strftime('%m', $timestamp) - 1], $ml_date); $ml_date = ereg_replace('%B', $month_long[(int) strftime('%m', $timestamp) - 1], $ml_date); if (pnUserLoggedIn()) { $thezone = pnUserGetVar('timezone_offset'); } else { $thezone = pnConfigGetVar('timezone_offset'); } $timezone_all = explode(' ', _TIMEZONES); $offset_all = explode(' ', _TZOFFSETS); $indexofzone = 0; for ($i = 0; $i < sizeof($offset_all); $i++) { if ($offset_all[$i] == $thezone) { $indexofzone = $i; } } $ml_date = ereg_replace('%Z', $timezone_all[$indexofzone], $ml_date); return strftime($ml_date, $timestamp); }
/** * get the options for commenting * * @public * @return array the comment options array */ function pnUserGetCommentOptionsArray() { if (pnUserLoggedIn()) { $mode = pnUserGetVar('umode'); $order = pnUserGetVar('uorder'); $thold = pnUserGetVar('thold'); } if (empty($mode)) { $mode = 'thread'; } if (empty($order)) { $order = 0; } if (empty($thold)) { $thold = 0; } return array('mode' => $mode, 'order' => $order, 'thold' => $thold); }
function postcalendar_userapi_eventDetail($args, $admin = false) { if (!(bool) PC_ACCESS_READ) { return _POSTCALENDARNOAUTH; } // get the theme globals :: is there a better way to do this? pnThemeLoad(pnUserGetTheme()); global $bgcolor1, $bgcolor2, $bgcolor3, $bgcolor4, $bgcolor5; global $textcolor1, $textcolor2; $popup = pnVarCleanFromInput('popup'); extract($args); unset($args); if (!isset($cacheid)) { $cacheid = null; } if (!isset($eid)) { return false; } if (!isset($nopop)) { $nopop = false; } $uid = pnUserGetVar('uid'); //================================================================= // Find out what Template we're using //================================================================= $template_name = _SETTING_TEMPLATE; if (!isset($template_name)) { $template_name = 'default'; } //================================================================= // Setup Smarty Template Engine //================================================================= $tpl = new pcSmarty(); if ($admin) { $template = $template_name . '/admin/details.html'; $args['cacheid'] = ''; $print = 0; $Date =& postcalendar_getDate(); $tpl->caching = false; } else { $template = $template_name . '/user/details.html'; } if (!$tpl->is_cached($template, $cacheid)) { // let's get the DB information list($dbconn) = pnDBGetConn(); $pntable = pnDBGetTables(); // get the event's information $event =& postcalendar_userapi_pcGetEventDetails($eid); // if the above is false, it's a private event for another user // we should not diplay this - so we just exit gracefully if ($event === false) { return false; } //================================================================= // get event's topic information //================================================================= $topics_table = $pntable['topics']; $topics_column = $pntable['topics_column']; $topicsql = "SELECT {$topics_column['topictext']},{$topics_column['topicimage']}\n FROM {$topics_table}\n WHERE {$topics_column['topicid']} = {$event['topic']}\n LIMIT 1"; $topic_result = $dbconn->Execute($topicsql); list($event['topictext'], $event['topicimg']) = $topic_result->fields; $location = unserialize($event['location']); $event['location'] = $location['event_location']; $event['street1'] = $location['event_street1']; $event['street2'] = $location['event_street2']; $event['city'] = $location['event_city']; $event['state'] = $location['event_state']; $event['postal'] = $location['event_postal']; $event['date'] = str_replace('-', '', $Date); //================================================================= // populate the template //================================================================= if (!empty($event['location']) || !empty($event['street1']) || !empty($event['street2']) || !empty($event['city']) || !empty($event['state']) || !empty($event['postal'])) { $tpl->assign('LOCATION_INFO', true); } else { $tpl->assign('LOCATION_INFO', false); } if (!empty($event['contname']) || !empty($event['contemail']) || !empty($event['conttel']) || !empty($event['website'])) { $tpl->assign('CONTACT_INFO', true); } else { $tpl->assign('CONTACT_INFO', false); } $display_type = substr($event['hometext'], 0, 6); if ($display_type == ':text:') { $prepFunction = 'pcVarPrepForDisplay'; $event['hometext'] = substr($event['hometext'], 6); } elseif ($display_type == ':html:') { $prepFunction = 'pcVarPrepHTMLDisplay'; $event['hometext'] = substr($event['hometext'], 6); } else { $prepFunction = 'pcVarPrepHTMLDisplay'; } unset($display_type); // prep the vars for output $event['title'] =& $prepFunction($event['title']); $event['hometext'] =& $prepFunction($event['hometext']); $event['desc'] =& $event['hometext']; $event['conttel'] =& $prepFunction($event['conttel']); $event['contname'] =& $prepFunction($event['contname']); $event['contemail'] =& $prepFunction($event['contemail']); $event['website'] =& $prepFunction(postcalendar_makeValidURL($event['website'])); $event['fee'] =& $prepFunction($event['fee']); $event['location'] =& $prepFunction($event['location']); $event['street1'] =& $prepFunction($event['street1']); $event['street2'] =& $prepFunction($event['street2']); $event['city'] =& $prepFunction($event['city']); $event['state'] =& $prepFunction($event['state']); $event['postal'] =& $prepFunction($event['postal']); $tpl->assign_by_ref('A_EVENT', $event); //================================================================= // populate the template $ADMIN_OPTIONS //================================================================= $target = ''; if (_SETTING_OPEN_NEW_WINDOW) { $target = 'target="csCalendar"'; } $admin_edit_url = $admin_delete_url = ''; if (pnSecAuthAction(0, 'PostCalendar::', '::', ACCESS_ADMIN)) { $admin_edit_url = pnModURL(__POSTCALENDAR__, 'admin', 'submit', array('pc_event_id' => $eid)); $admin_delete_url = pnModURL(__POSTCALENDAR__, 'admin', 'adminevents', array('action' => _ACTION_DELETE, 'pc_event_id' => $eid)); } $user_edit_url = $user_delete_url = ''; if (pnUserLoggedIn()) { $logged_in_uname = $_SESSION['authUser']; } else { $logged_in_uname = ''; } $can_edit = false; if (pnSecAuthAction(0, 'PostCalendar::', '::', ACCESS_ADD) && validateGroupStatus($logged_in_uname, getUsername($event['uname']))) { $user_edit_url = pnModURL(__POSTCALENDAR__, 'user', 'submit', array('pc_event_id' => $eid)); $user_delete_url = pnModURL(__POSTCALENDAR__, 'user', 'delete', array('pc_event_id' => $eid)); $can_edit = true; } $tpl->assign('STYLE', $GLOBALS['style']); $tpl->assign_by_ref('ADMIN_TARGET', $target); $tpl->assign_by_ref('ADMIN_EDIT', $admin_edit_url); $tpl->assign_by_ref('ADMIN_DELETE', $admin_delete_url); $tpl->assign_by_ref('USER_TARGET', $target); $tpl->assign_by_ref('USER_EDIT', $user_edit_url); $tpl->assign_by_ref('USER_DELETE', $user_delete_url); $tpl->assign_by_ref('USER_CAN_EDIT', $can_edit); } //================================================================= // Parse the template //================================================================= if ($popup != 1 && $print != 1) { $output = "\n\n<!-- START POSTCALENDAR OUTPUT [-: HTTP://POSTCALENDAR.TV :-] -->\n\n"; $output .= $tpl->fetch($template, $cacheid); $output .= "\n\n<!-- END POSTCALENDAR OUTPUT [-: HTTP://POSTCALENDAR.TV :-] -->\n\n"; } else { $theme = pnUserGetTheme(); echo "<html><head>"; echo "<LINK REL=\"StyleSheet\" HREF=\"themes/{$theme}/style/styleNN.css\" TYPE=\"text/css\">\n\n\n"; echo "<style type=\"text/css\">\n"; echo "@import url(\"themes/{$theme}/style/style.css\"); "; echo "</style>\n"; echo "</head><body>\n"; $tpl->display($template, $cacheid); echo postcalendar_footer(); echo "\n</body></html>"; session_write_close(); exit; } return $output; }
/** * get authorisation information for this user * @public * @returns array * @return two-element array of user and group permissions */ function pnSecGetAuthInfo() { list($dbconn) = pnDBGetConn(); $pntable = pnDBGetTables(); // Tables we use $userpermtable = $pntable['user_perms']; $userpermcolumn =& $pntable['user_perms_column']; $groupmembershiptable = $pntable['group_membership']; $groupmembershipcolumn =& $pntable['group_membership_column']; $grouppermtable = $pntable['group_perms']; $grouppermcolumn =& $pntable['group_perms_column']; $realmtable = $pntable['realms']; $realmcolumn =& $pntable['realms_column']; // Empty arrays $userperms = array(); $groupperms = array(); $uids[] = -1; // Get user ID if (!pnUserLoggedIn()) { // Unregistered UID $uids[] = 0; $vars['Active User'] = '******'; } else { $uids[] = pnUserGetVar('uid'); $vars['Active User'] = pnUserGetVar('uid'); } $uids = implode(",", $uids); // Get user permissions $query = "SELECT {$userpermcolumn['realm']},\n {$userpermcolumn['component']},\n {$userpermcolumn['instance']},\n {$userpermcolumn['level']}\n FROM {$userpermtable}\n WHERE {$userpermcolumn['uid']} IN (" . pnVarPrepForStore($uids) . ")\n ORDER by {$userpermcolumn['sequence']}"; $result = $dbconn->Execute($query); if ($dbconn->ErrorNo() != 0) { return array($userperms, $groupperms); } while (list($realm, $component, $instance, $level) = $result->fields) { $result->MoveNext(); // Fix component and instance to auto-insert '.*' $component = preg_replace('/^$/', '.*', $component); $component = preg_replace('/^:/', '.*:', $component); $component = preg_replace('/::/', ':.*:', $component); $component = preg_replace('/:$/', ':.*', $component); $instance = preg_replace('/^$/', '.*', $instance); $instance = preg_replace('/^:/', '.*:', $instance); $instance = preg_replace('/::/', ':.*:', $instance); $instance = preg_replace('/:$/', ':.*', $instance); $userperms[] = array("realm" => $realm, "component" => $component, "instance" => $instance, "level" => $level); } // Get all groups that user is in $query = "SELECT {$groupmembershipcolumn['gid']}\n FROM {$groupmembershiptable}\n WHERE {$groupmembershipcolumn['uid']} IN (" . pnVarPrepForStore($uids) . ")"; $result = $dbconn->Execute($query); if ($dbconn->ErrorNo() != 0) { return array($userperms, $groupperms); } $usergroups[] = -1; if (!pnUserLoggedIn()) { // Unregistered GID $usergroups[] = 0; } while (list($gid) = $result->fields) { $result->MoveNext(); $usergroups[] = $gid; } $usergroups = implode(",", $usergroups); // Get all group permissions $query = "SELECT {$grouppermcolumn['realm']},\n {$grouppermcolumn['component']},\n {$grouppermcolumn['instance']},\n {$grouppermcolumn['level']}\n FROM {$grouppermtable}\n WHERE {$grouppermcolumn['gid']} IN (" . pnVarPrepForStore($usergroups) . ")\n ORDER by {$grouppermcolumn['sequence']}"; $result = $dbconn->Execute($query); if ($dbconn->ErrorNo() != 0) { return array($userperms, $groupperms); } while (list($realm, $component, $instance, $level) = $result->fields) { $result->MoveNext(); // Fix component and instance to auto-insert '.*' where // there is nothing there $component = preg_replace('/^$/', '.*', $component); $component = preg_replace('/^:/', '.*:', $component); $component = preg_replace('/::/', ':.*:', $component); $component = preg_replace('/:$/', ':.*', $component); $instance = preg_replace('/^$/', '.*', $instance); $instance = preg_replace('/^:/', '.*:', $instance); $instance = preg_replace('/::/', ':.*:', $instance); $instance = preg_replace('/:$/', ':.*', $instance); // Search/replace of special names while (preg_match("/<([^>]+)>/", $instance, $res)) { $instance = preg_replace("/<([^>]+)>/", $vars[$res[1]], $instance, 1); } $groupperms[] = array("realm" => $realm, "component" => $component, "instance" => $instance, "level" => $level); } return array($userperms, $groupperms); }
function pnMailHackAttempt($detecting_file = "(no filename available)", $detecting_line = "(no line number available)", $hack_type = "(no type given)", $message = "(no message given)") { # Backwards compatibility fix with php 4.0.x and 4.1.x or greater Neo if (phpversion() >= "4.2.0") { $_pv = $_POST; $_gv = $_GET; $_rv = $_REQUEST; $_sv = $_SERVER; $_ev = $_ENV; $_cv = $_COOKIE; $_fv = $_FILES; $_snv = $_SESSION; } else { global $HTTP_POST_VARS, $HTTP_GET_VARS, $HTTP_SERVER_VARS, $HTTP_ENV_VARS, $HTTP_COOKIE_VARS, $HTTP_POST_FILES, $HTTP_SESSION_VARS; $_pv = $HTTP_POST_VARS; $_gv = $HTTP_GET_VARS; $_rv = array(); $_sv = $HTTP_SERVER_VARS; $_ev = $HTTP_ENV_VARS; $_cv = $HTTP_COOKIE_VARS; $_fv = $HTTP_POST_FILES; $_snv = $HTTP_SESSION_VARS; } $output = "Attention site admin of " . pnConfigGetVar('sitename') . ",\n"; $output .= "On " . ml_ftime(_DATEBRIEF, GetUserTime(time())); $output .= " at " . ml_ftime(_TIMEBRIEF, GetUserTime(time())); $output .= " the Postnuke code has detected that somebody tried to" . " send information to your site that may have been intended" . " as a hack. Do not panic, it may be harmless: maybe this" . " detection was triggered by something you did! Anyway, it" . " was detected and blocked. \n"; $output .= "The suspicious activity was recognized in {$detecting_file} " . "on line {$detecting_line}, and is of the type {$hack_type}. \n"; $output .= "Additional information given by the code which detected this: " . $message; $output .= "\n\nBelow you will find a lot of information obtained about " . "this attempt, that may help you to find what happened and " . "maybe who did it.\n\n"; $output .= "\n=====================================\n"; $output .= "Information about this user:\n"; $output .= "=====================================\n"; if (!pnUserLoggedIn()) { $output .= "This person is not logged in.\n"; } else { $output .= "Postnuke username: "******"\n" . "Registered email of this Postnuke user: "******"\n" . "Registered real name of this Postnuke user: "******"\n"; } $output .= "IP numbers: [note: when you are dealing with a real cracker " . "these IP numbers might not be from the actual computer he is " . "working on]" . "\n\t IP according to HTTP_CLIENT_IP: " . getenv('HTTP_CLIENT_IP') . "\n\t IP according to REMOTE_ADDR: " . getenv('REMOTE_ADDR') . "\n\t IP according to GetHostByName(\$REMOTE_ADDR): " . GetHostByName($REMOTE_ADDR) . "\n\n"; $output .= "\n=====================================\n"; $output .= "Information in the \$_REQUEST array\n"; $output .= "=====================================\n"; while (list($key, $value) = each($_rv)) { $output .= "REQUEST * {$key} : {$value}\n"; } $output .= "\n=====================================\n"; $output .= "Information in the \$_GET array\n"; $output .= "This is about variables that may have been "; $output .= "in the URL string or in a 'GET' type form.\n"; $output .= "=====================================\n"; while (list($key, $value) = each($_gv)) { $output .= "GET * {$key} : {$value}\n"; } $output .= "\n=====================================\n"; $output .= "Information in the \$_POST array\n"; $output .= "This is about visible and invisible form elements.\n"; $output .= "=====================================\n"; while (list($key, $value) = each($_pv)) { $output .= "POST * {$key} : {$value}\n"; } $output .= "\n=====================================\n"; $output .= "Browser information\n"; $output .= "=====================================\n"; global $HTTP_USER_AGENT; $output .= "HTTP_USER_AGENT: " . $HTTP_USER_AGENT . "\n"; $browser = (array) get_browser(); while (list($key, $value) = each($browser)) { $output .= "BROWSER * {$key} : {$value}\n"; } $output .= "\n=====================================\n"; $output .= "Information in the \$_SERVER array\n"; $output .= "=====================================\n"; while (list($key, $value) = each($_sv)) { $output .= "SERVER * {$key} : {$value}\n"; } $output .= "\n=====================================\n"; $output .= "Information in the \$_ENV array\n"; $output .= "=====================================\n"; while (list($key, $value) = each($_ev)) { $output .= "ENV * {$key} : {$value}\n"; } $output .= "\n=====================================\n"; $output .= "Information in the \$_COOKIE array\n"; $output .= "=====================================\n"; while (list($key, $value) = each($_cv)) { $output .= "COOKIE * {$key} : {$value}\n"; } $output .= "\n=====================================\n"; $output .= "Information in the \$_FILES array\n"; $output .= "=====================================\n"; while (list($key, $value) = each($_fv)) { $output .= "FILES * {$key} : {$value}\n"; } $output .= "\n=====================================\n"; $output .= "Information in the \$_SESSION array\n"; $output .= "This is session info. The variables\n"; $output .= " starting with PNSV are PostNukeSessionVariables.\n"; $output .= "=====================================\n"; while (list($key, $value) = each($_snv)) { $output .= "SESSION * {$key} : {$value}\n"; } $sitename = pnConfigGetVar('sitename'); $adminmail = pnConfigGetVar('adminmail'); $headers = "From: {$sitename} <{$adminmail}>\n" . "X-Priority: 1 (Highest)\n"; pnMail($adminmail, 'Attempted hack on your site? (type: ' . $hack_type . ')', $output, $headers); return; }
/** * add core data to the template * * This function adds some basic data to the template depending on the * current user and the PN settings. * * @param list of module names. all mod vars of these modules will be included too The mod vars of the current module will always be included * @return boolean true if ok, otherwise false * @access public */ function add_core_data() { $pncore = array(); $pncore['version_num'] = _PN_VERSION_NUM; $pncore['version_id'] = _PN_VERSION_ID; $pncore['version_sub'] = _PN_VERSION_SUB; $pncore['logged_in'] = pnUserLoggedIn(); $pncore['language'] = pnUserGetLang(); $pncore['themeinfo'] = pnThemeInfo(pnUserGetTheme()); pnThemeLoad($pncore['themeinfo']['name']); $colors = array(); $colors['bgcolor1'] = pnThemeGetVar('bgcolor1'); $colors['bgcolor2'] = pnThemeGetVar('bgcolor2'); $colors['bgcolor3'] = pnThemeGetVar('bgcolor3'); $colors['bgcolor4'] = pnThemeGetVar('bgcolor4'); $colors['bgcolor5'] = pnThemeGetVar('bgcolor5'); $colors['sepcolor'] = pnThemeGetVar('sepcolor'); $colors['textcolor1'] = pnThemeGetVar('textcolor1'); $colors['textcolor2'] = pnThemeGetVar('textcolor2'); // add userdata $pncore['user'] = pnUserGetVars(pnSessionGetVar('uid')); // add modvars of current module $pncore[$this->module] = pnModGetVar($this->module); // add mod vars of all modules supplied as parameter foreach (func_get_args() as $modulename) { // if the modulename is empty do nothing if (!empty($modulename) && !is_array($modulename) && $modulename != $this->module) { // check if user wants to have /PNConfig if ($modulename == _PN_CONFIG_MODULE) { $pnconfig = pnModGetVar(_PN_CONFIG_MODULE); foreach ($pnconfig as $key => $value) { // unserialize all config vars $pncore['pnconfig'][$key] = @unserialize($value); } } else { $pncore[$modulename] = pnModGetVar($modulename); } } } $this->assign('pncore', $pncore); $this->assign($colors); return true; }
/** * get authorisation information for this user * * @public * @return array two element array of user and group permissions */ function pnSecGetAuthInfo() { // Load the groups db info pnModDBInfoLoad('Groups'); pnModDBInfoLoad('Permissions'); $dbconn =& pnDBGetConn(true); $pntable =& pnDBGetTables(); // Tables we use $userpermtable = $pntable['user_perms']; $userpermcolumn =& $pntable['user_perms_column']; $groupmembershiptable = $pntable['group_membership']; $groupmembershipcolumn =& $pntable['group_membership_column']; $grouppermtable = $pntable['group_perms']; $grouppermcolumn =& $pntable['group_perms_column']; $realmtable = $pntable['realms']; $realmcolumn =& $pntable['realms_column']; // Empty arrays $userperms = array(); $groupperms = array(); $uids[] = -1; // Get user ID if (!pnUserLoggedIn()) { // Unregistered UID $uids[] = 0; $vars['Active User'] = '******'; } else { $uids[] = pnUserGetVar('uid'); $vars['Active User'] = pnUserGetVar('uid'); } $uids = implode(",", $uids); // Get user permissions $query = "SELECT {$userpermcolumn['realm']},\n {$userpermcolumn['component']},\n {$userpermcolumn['instance']},\n {$userpermcolumn['level']}\n FROM {$userpermtable}\n WHERE {$userpermcolumn['uid']} IN (" . pnVarPrepForStore($uids) . ")\n ORDER by {$userpermcolumn['sequence']}"; $result =& $dbconn->Execute($query); if ($dbconn->ErrorNo() != 0) { return array($userperms, $groupperms); } while (list($realm, $component, $instance, $level) = $result->fields) { $result->MoveNext(); //itevo $component = fixsecuritystring($component); $instance = fixsecuritystring($instance); $userperms[] = array('realm' => $realm, 'component' => $component, 'instance' => $instance, 'level' => $level); } // Get all groups that user is in $query = "SELECT {$groupmembershipcolumn['gid']}\n FROM {$groupmembershiptable}\n WHERE {$groupmembershipcolumn['uid']} IN (" . pnVarPrepForStore($uids) . ")"; $result =& $dbconn->Execute($query); if ($dbconn->ErrorNo() != 0) { return array($userperms, $groupperms); } $usergroups[] = -1; if (!pnUserLoggedIn()) { // Unregistered GID $usergroups[] = 0; } while (list($gid) = $result->fields) { $result->MoveNext(); $usergroups[] = $gid; } $usergroups = implode(",", $usergroups); // Get all group permissions $query = "SELECT {$grouppermcolumn['realm']},\n {$grouppermcolumn['component']},\n {$grouppermcolumn['instance']},\n {$grouppermcolumn['level']}\n FROM {$grouppermtable}\n WHERE {$grouppermcolumn['gid']} IN (" . pnVarPrepForStore($usergroups) . ")\n ORDER by {$grouppermcolumn['sequence']}"; $result =& $dbconn->Execute($query); if ($dbconn->ErrorNo() != 0) { return array($userperms, $groupperms); } while (list($realm, $component, $instance, $level) = $result->fields) { $result->MoveNext(); //itevo $component = fixsecuritystring($component); $instance = fixsecuritystring($instance); // Search/replace of special names preg_match_all("/<([^>]+)>/", $instance, $res); for ($i = 0; $i < count($res[1]); $i++) { $instance = preg_replace("/<([^>]+)>/", $vars[$res[1][$i]], $instance, 1); } $groupperms[] = array('realm' => $realm, 'component' => $component, 'instance' => $instance, 'level' => $level); } // we've now got the permissions info $GLOBALS['authinfogathered'] = 1; return array($userperms, $groupperms); }
/** * Checks if user controlled block state * * Checks if the user has a state set for a current block * Sets the default state for that block if not present * * @access private */ function pnCheckUserBlock($row) { if (!isset($row['bid'])) { $row['bid'] = ''; } if (pnUserLoggedIn()) { $uid = pnUserGetVar('uid'); $dbconn =& pnDBGetConn(true); $pntable =& pnDBGetTables(); $column =& $pntable['userblocks_column']; $sql = "SELECT {$column['active']}\n\t\t FROM {$pntable['userblocks']}\n\t\t WHERE {$column['bid']} = '" . pnVarPrepForStore($row['bid']) . "'\n\t\t\t AND {$column['uid']} = '" . pnVarPrepForStore($uid) . "'"; $result =& $dbconn->Execute($sql); if ($dbconn->ErrorNo() != 0) { pnSessionSetVar('errormsg', 'Error: ' . $dbconn->ErrorNo() . ': ' . $dbconn->ErrorMsg()); return true; } if ($result->EOF) { $uid = pnVarPrepForStore($uid); $row['bid'] = pnVarPrepForStore($row['bid']); $sql = "INSERT INTO {$pntable['userblocks']}\n\t\t\t \t\t ({$column['uid']},\n\t\t\t\t\t \t\t\t{$column['bid']},\n\t\t\t\t\t \t\t\t{$column['active']})\n\t\t\t\t\tVALUES (" . pnVarPrepForStore($uid) . ",\n\t\t\t\t\t '{$row['bid']}',\n\t\t\t\t\t\t\t" . pnVarPrepForStore($row['defaultstate']) . ")"; $result =& $dbconn->Execute($sql); if ($dbconn->ErrorNo() != 0) { pnSessionSetVar('errormsg', 'Error: ' . $dbconn->ErrorNo() . ': ' . $dbconn->ErrorMsg()); return true; } return true; } else { list($active) = $result->fields; return $active; } } else { return false; } }
function blocks_online_block($row) { list($dbconn) = pnDBGetConn(); $pntable = pnDBGetTables(); if (!pnSecAuthAction(0, 'Onlineblock::', "{$row['title']}::", ACCESS_READ)) { return; } $sessioninfocolumn =& $pntable['session_info_column']; $sessioninfotable = $pntable['session_info']; $sessioninfocolumn =& $pntable['session_info_column']; $sessioninfotable = $pntable['session_info']; $activetime = time() - pnConfigGetVar('secinactivemins') * 60; $query = "SELECT count( 1 )\n FROM {$sessioninfotable}\n WHERE {$sessioninfocolumn['lastused']} > {$activetime} AND {$sessioninfocolumn['uid']} >0\n\t\t GROUP BY {$sessioninfocolumn['uid']}\n\t\t "; $result = $dbconn->Execute($query); $numusers = $result->RecordCount(); $result->Close(); $query2 = "SELECT count( 1 )\n FROM {$sessioninfotable}\n WHERE {$sessioninfocolumn['lastused']} > {$activetime} AND {$sessioninfocolumn['uid']} = '0'\n\t\t\t GROUP BY {$sessioninfocolumn['ipaddr']}\n\t\t\t "; $result2 = $dbconn->Execute($query2); $numguests = $result2->RecordCount(); $result2->Close(); // Pluralise if ($numguests == 1) { $guests = _GUEST; } else { $guests = _GUESTS; } if ($numusers == 1) { $users = _MEMBER; } else { $users = _MEMBERS; } $content = "<span class=\"pn-normal\">" . _CURRENTLY . " " . pnVarPrepForDisplay($numguests) . " " . pnVarPrepForDisplay($guests) . " " . _AND . " " . pnVarPrepForDisplay($numusers) . " " . pnVarPrepForDisplay($users) . " " . _ONLINE . "<br />\n"; if (pnUserLoggedIn()) { $content .= '<br />' . _YOUARELOGGED . ' <b>' . pnUserGetVar('uname') . '</b>.<br />'; if (pnModAvailable('Messages')) { // display private messages only when module is active $column =& $pntable['priv_msgs_column']; $result2 = $dbconn->Execute("SELECT count(*) FROM {$pntable['priv_msgs']} WHERE {$column['to_userid']}=" . pnUserGetVar('uid')); list($numrow) = $result2->fields; // get unread messages $result3 = $dbconn->Execute("SELECT count(*) FROM {$pntable['priv_msgs']} WHERE {$column['to_userid']}=" . pnUserGetVar('uid') . " AND {$column['read_msg']}='0'"); list($unreadrow) = $result3->fields; if ($numrow == 0) { $content .= '<br /></span>'; } else { $content .= "<br />" . _YOUHAVE . " (<a class=\"pn-normal\" href=\"modules.php?op=modload&name=Messages&file=index\" title=\"" . _PRIVATEMSGS . "\">" . pnVarPrepForDisplay($numrow) . "</a>|<a class=\"pn-normal\" href=\"modules.php?op=modload&name=Messages&file=index\" title=\"" . _PRIVATEMSGNEW . "\">" . pnVarPrepForDisplay($unreadrow) . "</a>) "; if ($numrow == 1) { $content .= _PRIVATEMSG; } elseif ($numrow > 1) { $content .= _PRIVATEMSGS; } $content .= "</span><br />"; } } } else { $content .= '<br />' . _YOUAREANON . '</span><br />'; } if (empty($row['title'])) { $row['title'] = _WHOSONLINE; } $row['content'] = $content; return themesideblock($row); }
if (file_exists($currentlangfile)) { include $currentlangfile; } elseif (file_exists($defaultlangfile)) { include $defaultlangfile; } global $stop, $minage, $module; if (!pnUserLoggedIn() && empty($op)) { $module = 'NS-User'; $op = 'getlogin'; } if (isset($op) && $op == 'userinfo') { $module = 'NS-User'; } // New module way // $module / $op control if (pnUserLoggedIn() and (!isset($op) or $op == 'adminMain')) { $module = 'NS-User'; $op = 'main'; } if (file_exists($file = 'modules/' . pnVarPrepForOS($module) . '/user.php')) { user_menu(); include $file; if (substr($module, 0, 3) == 'NS-') { $function = substr($module, 3) . '_user_'; } else { $function = $module . '_user_'; } $function_op = $function . $op; $function_main = $function . 'main'; $var = array_merge($GLOBALS['HTTP_GET_VARS'], $GLOBALS['HTTP_POST_VARS']); if (function_exists($function_op)) {