function find_by_criteria($id_in_module = null, $type = null, $identifier = null)
 {
     global $Sql;
     $criterias = array();
     if ($id_in_module != null) {
         $criterias[] = "id_in_module = '" . intval($id_in_module) . "'";
     }
     if ($type != null) {
         $criterias[] = "type = '" . strprotect($type) . "'";
     }
     if ($identifier != null) {
         $criterias[] = "identifier = '" . strprotect($identifier) . "'";
     }
     if (!empty($criterias)) {
         $array_result = array();
         $where_clause = "contribution_type = '" . ADMINISTRATOR_ALERT_TYPE . "' AND " . implode($criterias, " AND ");
         $result = $Sql->query_while("SELECT id, entitled, fixing_url, current_status, creation_date, identifier, id_in_module, type, priority, description\n\t\t\tFROM " . DB_TABLE_EVENTS . "\n\t\t\tWHERE " . $where_clause, __LINE__, __FILE__);
         while ($row = $Sql->fetch_assoc($result)) {
             $alert = new AdministratorAlert();
             $alert->build($row['id'], $row['entitled'], $row['description'], $row['fixing_url'], $row['current_status'], new Date(DATE_TIMESTAMP, TIMEZONE_SYSTEM, $row['creation_date']), $row['id_in_module'], $row['identifier'], $row['type'], $row['priority']);
             $array_result[] = $alert;
         }
         return $array_result;
     } else {
         return AdministratorAlertService::get_all_alerts();
     }
 }
 function find_by_criteria($module, $id_in_module = null, $type = null, $identifier = null, $poster_id = null, $fixer_id = null)
 {
     global $Sql;
     $criterias = array();
     if (empty($module) || !is_string($module)) {
         return array();
     }
     $criterias[] = "module = '" . strprotect($module) . "'";
     if ($id_in_module != null) {
         $criterias[] = "id_in_module = '" . intval($id_in_module) . "'";
     }
     if ($type != null) {
         $criterias[] = "type = '" . strprotect($type) . "'";
     }
     if ($identifier != null) {
         $criterias[] = "identifier = '" . strprotect($identifier) . "'";
     }
     if ($poster_id != null) {
         $criterias[] = "poster_id = '" . intval($poster_id) . "'";
     }
     if ($fixer_id != null) {
         $criterias[] = "fixer_id = '" . intval($fixer_id) . "'";
     }
     $array_result = array();
     $where_clause = "contribution_type = '" . CONTRIBUTION_TYPE . "' AND " . implode($criterias, " AND ");
     $result = $Sql->query_while("SELECT id, entitled, fixing_url, auth, current_status, module, creation_date, fixing_date, poster_id, fixer_id, poster_member.login poster_login, fixer_member.login fixer_login, identifier, id_in_module, type, description\n\t\tFROM " . DB_TABLE_EVENTS . " c\n\t\tLEFT JOIN " . DB_TABLE_MEMBER . " poster_member ON poster_member.user_id = c.poster_id\n\t\tLEFT JOIN " . DB_TABLE_MEMBER . " fixer_member ON fixer_member.user_id = c.fixer_id\n\t\tWHERE " . $where_clause, __LINE__, __FILE__);
     while ($row = $Sql->fetch_assoc($result)) {
         $contri = new Contribution();
         $contri->build($row['id'], $row['entitled'], $row['description'], $row['fixing_url'], $row['module'], $row['current_status'], new Date(DATE_TIMESTAMP, TIMEZONE_SYSTEM, $row['creation_date']), new Date(DATE_TIMESTAMP, TIMEZONE_SYSTEM, $row['fixing_date']), unserialize($row['auth']), $row['poster_id'], $row['fixer_id'], $row['id_in_module'], $row['identifier'], $row['type'], $row['poster_login'], $row['fixer_login']);
         $array_result[] = $contri;
     }
     return $array_result;
 }
Ejemplo n.º 3
0
 function Note($script, $idprov, $script_path, $notation_scale, $module_folder = '', $options = 0)
 {
     $this->module_folder = !empty($module_folder) ? strprotect($module_folder) : strprotect($script);
     $this->options = (int) $options;
     list($this->script, $this->idprov, $this->script_path, $this->notation_scale, $this->path) = array(strprotect($script), numeric($idprov), $script_path, $notation_scale, PATH_TO_ROOT . '/' . $this->module_folder . '/');
     $this->sql_table = $this->_get_table_module();
 }
 function parse_search_result(&$result_data)
 {
     global $Cache, $CONFIG, $LANG, $DOWNLOAD_LANG, $CONFIG_DOWNLOAD;
     $Cache->load('download');
     load_module_lang('download');
     $tpl = new Template('download/download_generic_results.tpl');
     import('util/date');
     $date = new Date(DATE_TIMESTAMP, TIMEZONE_USER, $result_data['timestamp']);
     import('content/note');
     $tpl->assign_vars(array('L_ADDED_ON' => sprintf($DOWNLOAD_LANG['add_on_date'], $date->format(DATE_FORMAT_TINY, TIMEZONE_USER)), 'U_LINK' => url(PATH_TO_ROOT . '/download/download.php?id=' . $result_data['id']), 'U_IMG' => $result_data['image'], 'E_TITLE' => strprotect($result_data['title']), 'TITLE' => $result_data['title'], 'SHORT_DESCRIPTION' => second_parse($result_data['short_contents']), 'L_NB_DOWNLOADS' => $DOWNLOAD_LANG['downloaded'] . ' ' . sprintf($DOWNLOAD_LANG['n_times'], $result_data['count']), 'L_NB_COMMENTS' => $result_data['nbr_com'] > 1 ? sprintf($DOWNLOAD_LANG['num_com'], $result_data['nbr_com']) : sprintf($DOWNLOAD_LANG['num_coms'], $result_data['nbr_com']), 'L_MARK' => $result_data['note'] > 0 ? Note::display_img($result_data['note'], $CONFIG_DOWNLOAD['note_max'], 5) : '<em>' . $LANG['no_note'] . '</em>'));
     return $tpl->parse(TEMPLATE_STRING_MODE);
 }
Ejemplo n.º 5
0
        $selected = $i == $CONFIG['timezone'] ? 'selected="selected"' : '';
        $name = !empty($i) ? $i > 0 ? ' + ' . $i : ' - ' . -$i : '';
        $select_timezone .= '<option value="' . $i . '" ' . $selected . '> [GMT' . $name . ']</option>';
    }
    $Template->assign_vars(array('SERVER_NAME' => !empty($CONFIG['server_name']) ? $CONFIG['server_name'] : $server_name, 'SERVER_PATH' => isset($CONFIG['server_path']) ? $CONFIG['server_path'] : $server_path, 'SELECT_TIMEZONE' => $select_timezone, 'CHECKED' => $CONFIG['rewrite'] == '1' ? 'checked="checked"' : '', 'UNCHECKED' => $CONFIG['rewrite'] == '0' ? 'checked="checked"' : '', 'CHECK_REWRITE' => $check_rewrite, 'HTACCESS_MANUAL_CONTENT' => !empty($CONFIG['htaccess_manual_content']) ? $CONFIG['htaccess_manual_content'] : '', 'GZ_DISABLED' => !function_exists('ob_gzhandler') || !@extension_loaded('zlib') ? 'disabled="disabled"' : '', 'GZHANDLER_ENABLED' => $CONFIG['ob_gzhandler'] == 1 && (function_exists('ob_gzhandler') && @extension_loaded('zlib')) ? 'checked="checked"' : '', 'GZHANDLER_DISABLED' => $CONFIG['ob_gzhandler'] == 0 ? 'checked="checked"' : '', 'SITE_COOKIE' => !empty($CONFIG['site_cookie']) ? $CONFIG['site_cookie'] : 'session', 'SITE_SESSION' => !empty($CONFIG['site_session']) ? $CONFIG['site_session'] : '3600', 'SITE_SESSION_VISIT' => !empty($CONFIG['site_session_invit']) ? $CONFIG['site_session_invit'] : '300', 'DEBUG_ENABLED' => DEBUG == 1 ? 'checked="checked"' : '', 'DEBUG_DISABLED' => DEBUG == 0 ? 'checked="checked"' : '', 'L_SECONDS' => $LANG['unit_seconds'], 'L_REQUIRE_SERV' => $LANG['require_serv'], 'L_REQUIRE_NAME' => $LANG['require_name'], 'L_REQUIRE_COOKIE_NAME' => $LANG['require_cookie_name'], 'L_REQUIRE_SESSION_TIME' => $LANG['require_session_time'], 'L_REQUIRE_SESSION_INVIT' => $LANG['require_session_invit'], 'L_REQUIRE' => $LANG['require'], 'L_SERV_NAME' => $LANG['serv_name'], 'L_SERV_NAME_EXPLAIN' => $LANG['serv_name_explain'], 'L_SERV_PATH' => $LANG['serv_path'], 'L_SERV_PATH_EXPLAIN' => $LANG['serv_path_explain'], 'L_CONFIG' => $LANG['configuration'], 'L_CONFIG_MAIN' => $LANG['config_main'], 'L_CONFIG_ADVANCED' => $LANG['config_advanced'], 'L_REWRITE' => $LANG['rewrite'], 'L_EXPLAIN_REWRITE' => $LANG['explain_rewrite'], 'L_REWRITE_SERVER' => $LANG['server_rewrite'], 'L_HTACCESS_MANUAL_CONTENT' => $LANG['htaccess_manual_content'], 'L_HTACCESS_MANUAL_CONTENT_EXPLAIN' => $LANG['htaccess_manual_content_explain'], 'L_TIMEZONE_CHOOSE' => $LANG['timezone_choose'], 'L_TIMEZONE_CHOOSE_EXPLAIN' => $LANG['timezone_choose_explain'], 'L_DEBUG' => $LANG['debug_mode'], 'L_DEBUG_EXPLAIN' => $LANG['debug_mode_explain'], 'L_ACTIV' => $LANG['activ'], 'L_UNACTIVE' => $LANG['unactiv'], 'L_USER_CONNEXION' => $LANG['user_connexion'], 'L_COOKIE_NAME' => $LANG['cookie_name'], 'L_SESSION_TIME' => $LANG['session_time'], 'L_SESSION_TIME_EXPLAIN' => $LANG['session_time_explain'], 'L_SESSION_INVIT' => $LANG['session invit'], 'L_SESSION_INVIT_EXPLAIN' => $LANG['session invit_explain'], 'L_MISC' => $LANG['miscellaneous'], 'L_ACTIV_GZHANDLER' => $LANG['activ_gzhandler'], 'L_ACTIV_GZHANDLER_EXPLAIN' => $LANG['activ_gzhandler_explain'], 'L_CONFIRM_UNLOCK_ADMIN' => $LANG['confirm_unlock_admin'], 'L_UNLOCK_ADMIN' => $LANG['unlock_admin'], 'L_UNLOCK_ADMIN_EXPLAIN' => $LANG['unlock_admin_explain'], 'L_UNLOCK_LINK' => $LANG['send_unlock_admin'], 'L_UPDATE' => $LANG['update'], 'L_RESET' => $LANG['reset']));
    $Template->pparse('admin_config2');
} elseif (!empty($_POST['advanced'])) {
    $CONFIG['rewrite'] = 1;
    $CONFIG['server_name'] = trim(strprotect(retrieve(POST, 'server_name', $server_name, TSTRING_AS_RECEIVED), HTML_PROTECT, ADDSLASHES_NONE), '/');
    $CONFIG['server_path'] = trim(strprotect(retrieve(POST, 'server_path', $server_path, TSTRING_AS_RECEIVED), HTML_PROTECT, ADDSLASHES_NONE), '/');
    if ($CONFIG['server_path'] != '') {
        $CONFIG['server_path'] = '/' . $CONFIG['server_path'];
    }
    $CONFIG['timezone'] = retrieve(POST, 'timezone', 0);
    $CONFIG['ob_gzhandler'] = !empty($_POST['ob_gzhandler']) && function_exists('ob_gzhandler') && @extension_loaded('zlib') ? 1 : 0;
    $CONFIG['site_cookie'] = strprotect(retrieve(POST, 'site_cookie', 'session', TSTRING_UNCHANGE), HTML_PROTECT, ADDSLASHES_NONE);
    $CONFIG['site_session'] = retrieve(POST, 'site_session', 3600);
    $CONFIG['site_session_invit'] = retrieve(POST, 'site_session_invit', 300);
    $CONFIG['htaccess_manual_content'] = retrieve(POST, 'htaccess_manual_content', '', TSTRING_UNCHANGE);
    $CONFIG['debug_mode'] = retrieve(POST, 'debug', 0);
    if (!empty($CONFIG['server_name']) && !empty($CONFIG['site_cookie']) && !empty($CONFIG['site_session']) && !empty($CONFIG['site_session_invit'])) {
        list($host, $dir) = array($CONFIG['server_name'], $CONFIG['server_path']);
        if (empty($_POST['rewrite_engine']) || strpos($_SERVER['SERVER_NAME'], 'free.fr')) {
            $CONFIG['rewrite'] = 0;
        }
        $Sql->query_inject("UPDATE " . DB_TABLE_CONFIGS . " SET value = '" . addslashes(serialize($CONFIG)) . "' WHERE name = 'config'", __LINE__, __FILE__);
        ###### Régénération du cache $CONFIG #######
        $Cache->generate_file('config');
        $Cache->generate_file('debug');
        $Cache->Generate_file('htaccess');
        redirect($host . $dir . '/admin/admin_config.php?adv=1');
Ejemplo n.º 6
0
    $Forumfct->Track_topic($track_mail, FORUM_EMAIL_TRACKING);
    echo 1;
} elseif (!empty($untrack_mail) && $User->check_level(MEMBER_LEVEL)) {
    include_once '../forum/forum.class.php';
    $Forumfct = new Forum();
    $Forumfct->Untrack_topic($untrack_mail, FORUM_EMAIL_TRACKING);
    echo 2;
} elseif (!empty($msg_d)) {
    $Session->csrf_get_protect();
    $topic = $Sql->query_array(PREFIX . "forum_topics", "idcat", "user_id", "display_msg", "WHERE id = '" . $msg_d . "'", __LINE__, __FILE__);
    if (!empty($topic['user_id']) && $User->get_attribute('user_id') == $topic['user_id'] || $User->check_auth($CAT_FORUM[$topic['idcat']]['auth'], EDIT_CAT_FORUM)) {
        $Sql->query_inject("UPDATE " . PREFIX . "forum_topics SET display_msg = 1 - display_msg WHERE id = '" . $msg_d . "'", __LINE__, __FILE__);
        echo $topic['display_msg'] ? 2 : 1;
    }
} elseif (retrieve(GET, 'warning_moderation_panel', false) || retrieve(GET, 'punish_moderation_panel', false)) {
    $login = !empty($_POST['login']) ? strprotect(utf8_decode($_POST['login'])) : '';
    $login = str_replace('*', '%', $login);
    if (!empty($login)) {
        $i = 0;
        $result = $Sql->query_while("SELECT user_id, login FROM " . DB_TABLE_MEMBER . " WHERE login LIKE '" . $login . "%'", __LINE__, __FILE__);
        while ($row = $Sql->fetch_assoc($result)) {
            if (retrieve(GET, 'warning_moderation_panel', false)) {
                echo '<a href="moderation_forum.php?action=warning&amp;id=' . $row['user_id'] . '">' . $row['login'] . '</a><br />';
            } elseif (retrieve(GET, 'punish_moderation_panel', false)) {
                echo '<a href="moderation_forum.php?action=punish&amp;id=' . $row['user_id'] . '">' . $row['login'] . '</a><br />';
            }
            $i++;
        }
        if ($i == 0) {
            echo $LANG['no_result'];
        }
Ejemplo n.º 7
0
require_once '../admin/admin_begin.php';
load_module_lang('gallery');
define('TITLE', $LANG['administration']);
require_once '../admin/admin_header.php';
if (!empty($_POST['valid'])) {
    $Cache->load('gallery');
    $config_gallery = array();
    $config_gallery['width'] = isset($_POST['width']) ? numeric($_POST['width']) : '150';
    $config_gallery['height'] = isset($_POST['height']) ? numeric($_POST['height']) : '150';
    $config_gallery['width_max'] = isset($_POST['width_max']) ? numeric($_POST['width_max']) : '640';
    $config_gallery['height_max'] = isset($_POST['height_max']) ? numeric($_POST['height_max']) : '640';
    $config_gallery['weight_max'] = isset($_POST['weight_max']) ? numeric($_POST['weight_max']) : '1024';
    $config_gallery['quality'] = isset($_POST['quality']) ? numeric($_POST['quality']) : '80';
    $config_gallery['trans'] = isset($_POST['trans']) ? numeric($_POST['trans']) : '40';
    $config_gallery['logo'] = strprotect(retrieve(POST, 'logo', ''), HTML_PROTECT, ADDSLASHES_NONE);
    $config_gallery['activ_logo'] = isset($_POST['activ_logo']) ? numeric($_POST['activ_logo']) : '0';
    $config_gallery['d_width'] = isset($_POST['d_width']) ? numeric($_POST['d_width']) : '5';
    $config_gallery['d_height'] = isset($_POST['d_height']) ? numeric($_POST['d_height']) : '5';
    $config_gallery['nbr_column'] = isset($_POST['nbr_column']) ? numeric($_POST['nbr_column']) : '4';
    $config_gallery['nbr_pics_max'] = isset($_POST['nbr_pics_max']) ? numeric($_POST['nbr_pics_max']) : '16';
    $config_gallery['note_max'] = isset($_POST['note_max']) ? max(1, numeric($_POST['note_max'])) : '5';
    $config_gallery['activ_title'] = isset($_POST['activ_title']) ? numeric($_POST['activ_title']) : '0';
    $config_gallery['activ_com'] = isset($_POST['activ_com']) ? numeric($_POST['activ_com']) : '0';
    $config_gallery['activ_note'] = isset($_POST['activ_note']) ? numeric($_POST['activ_note']) : '0';
    $config_gallery['display_nbrnote'] = isset($_POST['display_nbrnote']) ? numeric($_POST['display_nbrnote']) : '0';
    $config_gallery['activ_view'] = isset($_POST['activ_view']) ? numeric($_POST['activ_view']) : '0';
    $config_gallery['activ_user'] = isset($_POST['activ_user']) ? numeric($_POST['activ_user']) : '0';
    $config_gallery['limit_member'] = !empty($_POST['limit_member']) ? numeric($_POST['limit_member']) : '0';
    $config_gallery['limit_modo'] = !empty($_POST['limit_modo']) ? numeric($_POST['limit_modo']) : '0';
    $config_gallery['display_pics'] = !empty($_POST['display_pics']) ? numeric($_POST['display_pics']) : '0';
Ejemplo n.º 8
0
 function get_search_request($args)
 {
     global $CONFIG, $CAT_FORUM, $User, $Cache, $Sql;
     $weight = isset($args['weight']) && is_numeric($args['weight']) ? $args['weight'] : 1;
     $Cache->load('forum');
     $search = $args['search'];
     $idcat = !empty($args['ForumIdcat']) ? numeric($args['ForumIdcat']) : -1;
     $time = !empty($args['ForumTime']) ? numeric($args['ForumTime']) : 0;
     $where = !empty($args['ForumWhere']) ? strprotect($args['ForumWhere']) : 'title';
     $colorate_result = !empty($args['ForumColorate_result']) ? true : false;
     require_once PATH_TO_ROOT . '/forum/forum_defines.php';
     $auth_cats = '';
     if (is_array($CAT_FORUM)) {
         foreach ($CAT_FORUM as $id => $key) {
             if (!$User->check_auth($CAT_FORUM[$id]['auth'], READ_CAT_FORUM)) {
                 $auth_cats .= $id . ',';
             }
         }
     }
     $auth_cats = !empty($auth_cats) ? " AND c.id NOT IN (" . trim($auth_cats, ',') . ")" : '';
     if ($where == 'all') {
         return "SELECT " . $args['id_search'] . " AS `id_search`,\n                MIN(msg.id) AS `id_content`,\n                t.title AS `title`,\n                MAX(( 2 * MATCH(t.title) AGAINST('" . $search . "') + MATCH(msg.contents) AGAINST('" . $search . "') ) / 3) * " . $weight . " AS `relevance`,\n                " . $Sql->concat("'" . PATH_TO_ROOT . "'", "'/forum/topic.php?id='", 't.id', "'#m'", 'msg.id') . "  AS `link`\n            FROM " . PREFIX . "forum_msg msg\n            JOIN " . PREFIX . "forum_topics t ON t.id = msg.idtopic\n            JOIN " . PREFIX . "forum_cats c ON c.level != 0 AND c.aprob = 1 AND c.id = t.idcat\n            WHERE ( MATCH(t.title) AGAINST('" . $search . "') OR MATCH(msg.contents) AGAINST('" . $search . "') )\n            " . ($idcat != -1 ? " AND c.id_left BETWEEN '" . $CAT_FORUM[$idcat]['id_left'] . "' AND '" . $CAT_FORUM[$idcat]['id_right'] . "'" : '') . " " . $auth_cats . "\n            GROUP BY t.id\n            ORDER BY relevance DESC" . $Sql->limit(0, FORUM_MAX_SEARCH_RESULTS);
     }
     if ($where == 'contents') {
         return "SELECT " . $args['id_search'] . " AS `id_search`,\n                MIN(msg.id) AS `id_content`,\n                t.title AS `title`,\n                MAX(MATCH(msg.contents) AGAINST('" . $search . "')) * " . $weight . " AS `relevance`,\n                " . $Sql->concat("'" . PATH_TO_ROOT . "'", "'/forum/topic.php?id='", 't.id', "'#m'", 'msg.id') . "  AS `link`\n            FROM " . PREFIX . "forum_msg msg\n            JOIN " . PREFIX . "forum_topics t ON t.id = msg.idtopic\n            JOIN " . PREFIX . "forum_cats c ON c.level != 0 AND c.aprob = 1 AND c.id = t.idcat\n            WHERE MATCH(msg.contents) AGAINST('" . $search . "')\n            " . ($idcat != -1 ? " AND c.id_left BETWEEN '" . $CAT_FORUM[$idcat]['id_left'] . "' AND '" . $CAT_FORUM[$idcat]['id_right'] . "'" : '') . " " . $auth_cats . "\n            GROUP BY t.id\n            ORDER BY relevance DESC" . $Sql->limit(0, FORUM_MAX_SEARCH_RESULTS);
     } else {
         return "SELECT " . $args['id_search'] . " AS `id_search`,\n                msg.id AS `id_content`,\n                t.title AS `title`,\n                MATCH(t.title) AGAINST('" . $search . "') * " . $weight . " AS `relevance`,\n                " . $Sql->concat("'" . PATH_TO_ROOT . "'", "'/forum/topic.php?id='", 't.id', "'#m'", 'msg.id') . "  AS `link`\n            FROM " . PREFIX . "forum_msg msg\n            JOIN " . PREFIX . "forum_topics t ON t.id = msg.idtopic\n            JOIN " . PREFIX . "forum_cats c ON c.level != 0 AND c.aprob = 1 AND c.id = t.idcat\n            WHERE MATCH(t.title) AGAINST('" . $search . "')\n            " . ($idcat != -1 ? " AND c.id_left BETWEEN '" . $CAT_FORUM[$idcat]['id_left'] . "' AND '" . $CAT_FORUM[$idcat]['id_right'] . "'" : '') . " " . $auth_cats . "\n            GROUP BY t.id\n            ORDER BY relevance DESC" . $Sql->limit(0, FORUM_MAX_SEARCH_RESULTS);
     }
 }
Ejemplo n.º 9
0
} elseif ($remove_favorite > 0) {
    $Session->csrf_get_protect();
    $article_infos = $Sql->query_array(PREFIX . "wiki_articles", "encoded_title", "WHERE id = '" . $remove_favorite . "'", __LINE__, __FILE__);
    if (empty($article_infos['encoded_title'])) {
        redirect(HOST . DIR . '/wiki/' . url('wiki.php', '', '&'));
    }
    $is_favorite = $Sql->query("SELECT COUNT(*) FROM " . PREFIX . "wiki_favorites WHERE user_id = '" . $User->get_attribute('user_id') . "' AND id_article = '" . $remove_favorite . "'", __LINE__, __FILE__);
    if ($is_favorite > 0) {
        $Sql->query_inject("DELETE FROM " . PREFIX . "wiki_favorites WHERE id_article = '" . $remove_favorite . "' AND user_id = '" . $User->get_attribute('user_id') . "'", __LINE__, __FILE__);
        redirect(HOST . DIR . '/wiki/' . url('wiki.php?title=' . $article_infos['encoded_title'], $article_infos['encoded_title'], '&'));
    } else {
        redirect(HOST . DIR . '/wiki/' . url('favorites.php?error=e_no_favorite', '', '&') . '#errorh');
    }
} else {
    $Template->set_filenames(array('wiki_favorites' => 'wiki/favorites.tpl'));
    $error = !empty($_GET['error']) ? strprotect($_GET['error']) : '';
    if ($error == 'e_no_favorite') {
        $errstr = $LANG['wiki_article_is_not_a_favorite'];
    } elseif ($error == 'e_already_favorite') {
        $errstr = $LANG['wiki_already_favorite'];
    } else {
        $errstr = '';
    }
    if (!empty($errstr)) {
        $Errorh->handler($errstr, E_USER_WARNING);
    }
    $result = $Sql->query_while("SELECT f.id, a.id, a.title, a.encoded_title\n\tFROM " . PREFIX . "wiki_favorites f\n\tLEFT JOIN " . PREFIX . "wiki_articles a ON a.id = f.id_article\n\tWHERE user_id = '" . $User->get_attribute('user_id') . "'", __LINE__, __FILE__);
    $num_rows = $Sql->num_rows($result, "SELECT COUNT(*) FROM " . PREFIX . "wiki_articles WHERE user_id = '" . $User->get_attribute('user_id') . "'", __LINE__, __FILE__);
    if ($num_rows == 0) {
        $Template->assign_block_vars('no_favorite', array('L_NO_FAVORITE' => $LANG['wiki_no_favorite']));
    }
Ejemplo n.º 10
0
require_once '../admin/admin_header.php';
$update = !empty($_GET['update']) ? true : false;
if ($update) {
    $module_name = retrieve(GET, 'update', '');
    if (empty($module_name)) {
        foreach ($_POST as $key => $value) {
            if ($value == $LANG['update_module']) {
                $module_name = $key;
            }
        }
        $activ_module = retrieve(POST, $module_name . 'activ', 0);
    }
    $ckeck_module = $Sql->query("SELECT COUNT(*) FROM " . DB_TABLE_MODULES . " WHERE name = '" . strprotect($module_name) . "'", __LINE__, __FILE__);
    if (!empty($ckeck_module)) {
        $info_module = load_ini_file('../' . $module_name . '/lang/', get_ulang());
        $previous_version = $Sql->query("SELECT version FROM " . DB_TABLE_MODULES . " WHERE name = '" . strprotect($module_name) . "'", __LINE__, __FILE__);
        $dir_db_module = get_ulang();
        $dir = '../' . $module_name . '/db';
        import('io/filesystem/folder');
        $folder_path = new Folder($dir . '/' . $dir_db_module);
        foreach ($folder_path->get_folders('`^[a-z0-9_ -]+$`i') as $dir) {
            $dir_db_module = $dir->get_name();
            break;
        }
        $filesupdate = array();
        $dir_db = '../' . urldecode($module_name) . '/db/' . $dir_db_module . '/';
        $folder_path = new Folder($dir_db);
        foreach ($folder_path->get_files('`.*\\.(php|sql)$`i') as $files) {
            $file = $files->get_name();
            if (strpos($file, DBTYPE) !== false) {
                $array_info = explode('_', $file);
Ejemplo n.º 11
0
         foreach ($array_field as $value) {
             $field .= strprotect($value) . '|';
         }
     } elseif ($row['field'] == 6) {
         $field = '';
         $i = 0;
         $array_possible_values = explode('|', $row['possible_values']);
         foreach ($array_possible_values as $value) {
             $field .= !empty($_POST[$row['field_name'] . '_' . $i]) ? addslashes($_POST[$row['field_name'] . '_' . $i]) . '|' : '';
             $i++;
         }
         if ($row['required'] && empty($field)) {
             redirect(HOST . DIR . '/member/register' . url('.php?error=incomplete') . '#errorh');
         }
     } else {
         $field = strprotect($field);
     }
     if (!empty($field)) {
         if ($valid_field) {
             $req_update .= $row['field_name'] . ' = \'' . trim($field, '|') . '\', ';
             $req_field .= $row['field_name'] . ', ';
             $req_insert .= '\'' . trim($field, '|') . '\', ';
         }
     }
 }
 $Sql->query_close($result);
 $check_member = $Sql->query("SELECT COUNT(*) FROM " . DB_TABLE_MEMBER_EXTEND . " WHERE user_id = '" . $last_mbr_id . "'", __LINE__, __FILE__);
 if ($check_member && !empty($req_update)) {
     $Sql->query_inject("UPDATE " . DB_TABLE_MEMBER_EXTEND . " SET " . trim($req_update, ', ') . " WHERE user_id = '" . $last_mbr_id . "'", __LINE__, __FILE__);
 } else {
     if (!empty($req_insert)) {
Ejemplo n.º 12
0
                    } else {
                        if (!empty($req_insert)) {
                            $Sql->query_inject("INSERT INTO " . DB_TABLE_MEMBER_EXTEND . " (user_id, " . trim($req_field, ', ') . ") VALUES ('" . $id_post . "', " . trim($req_insert, ', ') . ")", __LINE__, __FILE__);
                        }
                    }
                }
                redirect(HOST . SCRIPT);
            } else {
                redirect(HOST . DIR . '/admin/admin_members' . url('.php?id=' . $id_post . '&error=incomplete') . '#errorh');
            }
        }
    } else {
        redirect(HOST . DIR . '/admin/admin_members' . url('.php?id=' . $id_post . '&error=incomplete') . '#errorh');
    }
} elseif ($add && !empty($_POST['add'])) {
    $login = !empty($_POST['login2']) ? strprotect(substr($_POST['login2'], 0, 25)) : '';
    $password = retrieve(POST, 'password2', '', TSTRING_UNCHANGE);
    $password_bis = retrieve(POST, 'password2_bis', '', TSTRING_UNCHANGE);
    $password_hash = !empty($password) ? strhash($password) : '';
    $level = retrieve(POST, 'level2', 0);
    $mail = strtolower(retrieve(POST, 'mail2', ''));
    if (check_mail($mail)) {
        $check_user = $Sql->query("SELECT COUNT(*) as compt FROM " . DB_TABLE_MEMBER . " WHERE login = '******'", __LINE__, __FILE__);
        $check_mail = $Sql->query("SELECT COUNT(*) as compt FROM " . DB_TABLE_MEMBER . " WHERE user_mail = '" . $mail . "'", __LINE__, __FILE__);
        if ($check_user >= 1) {
            redirect(HOST . DIR . '/admin/admin_members' . url('.php?error=pseudo_auth&add=1') . '#errorh');
        } elseif ($check_mail >= 1) {
            redirect(HOST . DIR . '/admin/admin_members' . url('.php?error=auth_mail&add=1') . '#errorh');
        } else {
            if (strlen($password) >= 6 && strlen($password_bis) >= 6) {
                if (!empty($login)) {
Ejemplo n.º 13
0
        if ($User->get_attribute('user_id') != $user_id) {
            if ($User->check_level(ADMIN_LEVEL)) {
                echo $Uploads->Rename_folder($id_folder, $name, $previous_name, $user_id, ADMIN_NO_CHECK);
            } else {
                echo $Uploads->Rename_folder($id_folder, $name, $previous_name, $User->get_attribute('user_id'), ADMIN_NO_CHECK);
            }
        } else {
            echo $Uploads->Rename_folder($id_folder, $name, $previous_name, $User->get_attribute('user_id'));
        }
    } else {
        echo 0;
    }
} elseif (!empty($_GET['rename_file'])) {
    $id_file = !empty($_POST['id_file']) ? numeric($_POST['id_file']) : '0';
    $user_id = !empty($_POST['user_id']) ? numeric($_POST['user_id']) : $User->get_attribute('user_id');
    $name = !empty($_POST['name']) ? strprotect(utf8_decode($_POST['name'])) : '';
    $previous_name = !empty($_POST['previous_name']) ? strprotect(utf8_decode($_POST['previous_name'])) : '';
    if (!empty($id_file) && !empty($name)) {
        if ($User->get_attribute('user_id') != $user_id) {
            if ($User->check_level(ADMIN_LEVEL)) {
                echo $Uploads->Rename_file($id_file, $name, $previous_name, $user_id, ADMIN_NO_CHECK);
            } else {
                echo $Uploads->Rename_file($id_file, $name, $previous_name, $User->get_attribute('user_id'), ADMIN_NO_CHECK);
            }
        } else {
            echo $Uploads->Rename_file($id_file, $name, $previous_name, $User->get_attribute('user_id'));
        }
    } else {
        echo 0;
    }
}
Ejemplo n.º 14
0
$del = !empty($_GET['del']) ? numeric($_GET['del']) : 0;
$move = !empty($_GET['move']) ? trim($_GET['move']) : 0;
$root = !empty($_GET['root']) ? numeric($_GET['root']) : 0;
define('READ_CAT_GALLERY', 0x1);
define('WRITE_CAT_GALLERY', 0x2);
define('EDIT_CAT_GALLERY', 0x4);
if (!empty($_POST['valid']) && !empty($id)) {
    $Cache->load('gallery');
    $to = !empty($_POST['category']) ? numeric($_POST['category']) : 0;
    $name = !empty($_POST['name']) ? strprotect($_POST['name']) : '';
    $contents = !empty($_POST['desc']) ? strprotect($_POST['desc']) : '';
    $status = isset($_POST['status']) ? numeric($_POST['status']) : 1;
    $aprob = isset($_POST['aprob']) ? numeric($_POST['aprob']) : 1;
    $array_auth_all = Authorizations::build_auth_array_from_form(READ_CAT_GALLERY, WRITE_CAT_GALLERY, EDIT_CAT_GALLERY);
    if (!empty($name)) {
        $Sql->query_inject("UPDATE " . PREFIX . "gallery_cats SET name = '" . $name . "', contents = '" . $contents . "', aprob = '" . $aprob . "', status = '" . $status . "', auth = '" . strprotect(serialize($array_auth_all), HTML_NO_PROTECT) . "' WHERE id = '" . $id . "'", __LINE__, __FILE__);
        $to = $Sql->query("SELECT id FROM " . PREFIX . "gallery_cats WHERE id = '" . $to . "' AND id_left NOT BETWEEN '" . $CAT_GALLERY[$id]['id_left'] . "' AND '" . $CAT_GALLERY[$id]['id_right'] . "'", __LINE__, __FILE__);
        $change_cat = !empty($to) ? !($CAT_GALLERY[$to]['id_left'] < $CAT_GALLERY[$id]['id_left'] && $CAT_GALLERY[$to]['id_right'] > $CAT_GALLERY[$id]['id_right'] && $CAT_GALLERY[$id]['level'] - 1 == $CAT_GALLERY[$to]['level']) : $CAT_GALLERY[$id]['level'] > 0;
        if ($change_cat) {
            $nbr_cat = ($CAT_GALLERY[$id]['id_right'] - $CAT_GALLERY[$id]['id_left'] - 1) / 2 + 1;
            $list_cats = '';
            $result = $Sql->query_while("SELECT id\n\t\t\tFROM " . PREFIX . "gallery_cats \n\t\t\tWHERE id_left BETWEEN '" . $CAT_GALLERY[$id]['id_left'] . "' AND '" . $CAT_GALLERY[$id]['id_right'] . "'\n\t\t\tORDER BY id_left", __LINE__, __FILE__);
            while ($row = $Sql->fetch_assoc($result)) {
                $list_cats .= $row['id'] . ', ';
            }
            $Sql->query_close($result);
            $list_cats = trim($list_cats, ', ');
            $list_parent_cats = '';
            $result = $Sql->query_while("SELECT id \n\t\t\tFROM " . PREFIX . "gallery_cats \n\t\t\tWHERE id_left < '" . $CAT_GALLERY[$id]['id_left'] . "' AND id_right > '" . $CAT_GALLERY[$id]['id_right'] . "'", __LINE__, __FILE__);
            while ($row = $Sql->fetch_assoc($result)) {
                $list_parent_cats .= $row['id'] . ', ';
Ejemplo n.º 15
0
 function ModuleMiniMenu($module, $filename)
 {
     parent::Menu($module);
     $this->filename = strprotect($filename);
 }
Ejemplo n.º 16
0
                }
                if ($CONFIG_GALLERY['display_pics'] == 3) {
                    $display_link = HOST . DIR . '/gallery/show_pics' . url('.php?id=' . $row['id'] . '&amp;cat=' . $row['idcat']) . '" rel="lightbox[1]" onmousedown="increment_view(' . $row['id'] . ');" title="' . str_replace('"', '', stripslashes($row['name']));
                    $display_name = HOST . DIR . '/gallery/show_pics' . url('.php?id=' . $row['id'] . '&amp;cat=' . $row['idcat']) . '" rel="lightbox[2]" onmousedown="increment_view(' . $row['id'] . ');" title="' . str_replace('"', '', stripslashes($row['name']));
                } elseif ($CONFIG_GALLERY['display_pics'] == 2) {
                    $display_name = $display_link = 'javascript:increment_view(' . $row['id'] . ');display_pics_popup(\'' . HOST . DIR . '/gallery/show_pics' . url('.php?id=' . $row['id'] . '&amp;cat=' . $row['idcat']) . '\', \'' . $row['width'] . '\', \'' . $row['height'] . '\')';
                } elseif ($CONFIG_GALLERY['display_pics'] == 1) {
                    $display_name = $display_link = 'javascript:increment_view(' . $row['id'] . ');display_pics(' . $row['id'] . ', \'' . HOST . DIR . '/gallery/show_pics' . url('.php?id=' . $row['id'] . '&amp;cat=' . $row['idcat']) . '\')';
                } else {
                    $display_name = $display_link = url('gallery.php?cat=' . $row['idcat'] . '&amp;id=' . $row['id'], 'gallery-' . $row['idcat'] . '-' . $row['id'] . '.php') . '#pics_max';
                }
                $cat_list = '';
                foreach ($array_cat_list as $key_cat => $option_value) {
                    $cat_list .= $key_cat == $row['idcat'] ? sprintf($option_value, 'selected="selected"') : sprintf($option_value, '');
                }
                $activ_note = $CONFIG_GALLERY['activ_note'] == 1 && $is_connected;
                if ($activ_note) {
                    $Note = new Note('gallery', $row['id'], url('.php?cat=' . $row['idcat'] . '&amp;id=' . $row['id'], '-' . $row['idcat'] . '-' . $row['id'] . '.php'), $CONFIG_GALLERY['note_max'], '', NOTE_NODISPLAY_NBRNOTES | NOTE_DISPLAY_BLOCK);
                }
                $html_protected_name = strprotect($row['name'], HTML_PROTECT, ADDSLASHES_FORCE);
                $Template->assign_block_vars('pics_list', array('ID' => $row['id'], 'APROB' => $row['aprob'], 'IMG' => '<img src="pics/thumbnails/' . $row['path'] . '" alt="' . str_replace('"', '', stripslashes($row['name'])) . '" class="gallery_image" />', 'PATH' => $row['path'], 'NAME' => $CONFIG_GALLERY['activ_title'] == 1 ? '<a class="small_link" href="' . $display_name . '"><span id="fi_' . $row['id'] . '">' . wordwrap_html(stripslashes($row['name']), 22, ' ') . '</span></a> <span id="fi' . $row['id'] . '"></span>' : '<span id="fi_' . $row['id'] . '"></span></a> <span id="fi' . $row['id'] . '"></span>', 'POSTOR' => $CONFIG_GALLERY['activ_user'] == 1 ? '<br />' . $LANG['by'] . (!empty($row['login']) ? ' <a class="small_link" href="../member/member' . url('.php?id=' . $row['user_id'], '-' . $row['user_id'] . '.php') . '">' . $row['login'] . '</a>' : ' ' . $LANG['guest']) : '', 'VIEWS' => $CONFIG_GALLERY['activ_view'] == 1 ? '<br /><span id="gv' . $row['id'] . '">' . $row['views'] . '</span> <span id="gvl' . $row['id'] . '">' . ($row['views'] > 1 ? $LANG['views'] : $LANG['view']) . '</span>' : '', 'COM' => $CONFIG_GALLERY['activ_com'] == 1 ? '<br />' . Comments::com_display_link($row['nbr_com'], '../gallery/gallery' . url('.php?cat=' . $row['idcat'] . '&amp;id=' . $row['id'] . '&amp;com=0', '-' . $row['idcat'] . '-' . $row['id'] . '.php?com=0'), $row['id'], 'gallery') : '', 'KERNEL_NOTATION' => $activ_note ? $Note->display_form() : '', 'CAT' => $cat_list, 'RENAME' => $html_protected_name, 'RENAME_CUT' => $html_protected_name, 'IMG_APROB' => get_ulang() . '/' . ($row['aprob'] == 1 ? 'unvisible.png' : 'visible.png'), 'OPEN_TR' => is_int($j++ / $nbr_column_pics) ? '<tr>' : '', 'CLOSE_TR' => is_int($j / $nbr_column_pics) ? '</tr>' : '', 'L_APROB_IMG' => $row['aprob'] == 1 ? $LANG['unaprob'] : $LANG['aprob'], 'U_DEL' => url('.php?del=' . $row['id'] . '&amp;token=' . $Session->get_token() . '&amp;cat=' . $g_idcat, '-' . $g_idcat . '.php?token=' . $Session->get_token() . '&amp;del=' . $row['id']), 'U_MOVE' => url('.php?id=' . $row['id'] . '&amp;token=' . $Session->get_token() . '&amp;move=\' + this.options[this.selectedIndex].value', '-0-' . $row['id'] . '.php?token=' . $Session->get_token() . '&amp;move=\' + this.options[this.selectedIndex].value'), 'U_DISPLAY' => $display_link));
            }
            $Sql->query_close($result);
            while (!is_int($j / $nbr_column_pics)) {
                $Template->assign_block_vars('end_table', array('TD_END' => '<td style="margin:15px 0px;width:' . $column_width_pics . '%">&nbsp;</td>', 'TR_END' => is_int(++$j / $nbr_column_pics) ? '</tr>' : ''));
            }
        }
    }
    $Template->pparse('gallery');
}
require_once '../kernel/footer.php';
Ejemplo n.º 17
0
 function set_title($title)
 {
     $this->title = strprotect($title, HTML_PROTECT, ADDSLASHES_NONE);
 }
Ejemplo n.º 18
0
function retrieve($var_type, $var_name, $default_value, $force_type = NULL, $flags = 0)
{
    $var = null;
    switch ($var_type) {
        case GET:
            if (isset($_GET[$var_name])) {
                $var = $_GET[$var_name];
            }
            break;
        case POST:
            if (isset($_POST[$var_name])) {
                $var = $_POST[$var_name];
            }
            break;
        case REQUEST:
            if (isset($_REQUEST[$var_name])) {
                $var = $_REQUEST[$var_name];
            }
            break;
        case COOKIE:
            if (isset($_COOKIE[$var_name])) {
                $var = $_COOKIE[$var_name];
            }
            break;
        case FILES:
            if (isset($_FILES[$var_name])) {
                $var = $_FILES[$var_name];
            }
            break;
        default:
            break;
    }
    if ($var === null || $flags & USE_DEFAULT_IF_EMPTY != 0 && empty($var)) {
        return $default_value;
    }
    $force_type = !isset($force_type) ? gettype($default_value) : $force_type;
    switch ($force_type) {
        case TINTEGER:
            return (int) $var;
        case TSTRING:
            return strprotect($var);
        case TSTRING_UNCHANGE:
            if (MAGIC_QUOTES) {
                $var = trim(stripslashes($var));
            } else {
                $var = trim($var);
            }
            return (string) $var;
        case TSTRING_PARSE:
            return strparse($var);
        case TBOOL:
            return (bool) $var;
        case TUNSIGNED_INT:
            $var = (int) $var;
            return $var > 0 ? $var : max(0, $default_value);
        case TUNSIGNED_DOUBLE:
            $var = (double) $var;
            return $var > 0.0 ? $var : max(0.0, $default_value);
        case TSTRING_HTML:
            return strprotect($var, HTML_NO_PROTECT);
        case TSTRING_AS_RECEIVED:
            return (string) $var;
        case TARRAY:
            return (array) $var;
        case TDOUBLE:
            return (double) $var;
        case TNONE:
            return $var;
        default:
            return $default_value;
    }
}
 function send_text($mail_object, $message, $email_test = '')
 {
     global $_NEWSLETTER_CONFIG, $LANG, $Sql;
     $error_mailing_list = array();
     $header = 'From: ' . $_NEWSLETTER_CONFIG['newsletter_name'] . ' <' . $_NEWSLETTER_CONFIG['sender_mail'] . '>' . "\r\n";
     $header .= 'Reply-To: ' . $_NEWSLETTER_CONFIG['sender_mail'] . "\r\n";
     if ($email_test == '') {
         $nbr = $Sql->count_table('newsletter', __LINE__, __FILE__);
         $Sql->query_inject("INSERT INTO " . PREFIX . "newsletter_arch (title,message,timestamp,type,nbr) VALUES('" . strprotect($mail_object, HTML_NO_PROTECT, ADDSLASHES_FORCE) . "', '" . strprotect($message, HTML_NO_PROTECT, ADDSLASHES_FORCE) . "', '" . time() . "', 'text', '" . $nbr . "')", __LINE__, __FILE__);
         $mailing_list = array();
         $result = $Sql->query_while("SELECT id, mail \n\t\t\tFROM " . PREFIX . "newsletter \n\t\t\tORDER BY id", __LINE__, __FILE__);
         while ($row = $Sql->fetch_assoc($result)) {
             $mailing_list[] = array($row['id'], $row['mail']);
         }
         $Sql->query_close($result);
         $mail_sender = new Mail();
         $mail_sender->set_sender($_NEWSLETTER_CONFIG['sender_mail']);
         $mail_sender->set_mime(MIME_FORMAT_TEXT);
         $mail_sender->set_object($mail_object);
         foreach ($mailing_list as $array_mail) {
             $mail_sender->set_recipients($array_mail[1]);
             $mail_sender->set_content($message . "\n\n" . $LANG['newsletter_unscubscribe_text'] . HOST . DIR . '/newsletter/newsletter.php?id=' . $array_mail[0]);
             if (!$mail_sender->send()) {
                 $error_mailing_list[] = $array_mail[1];
             }
         }
         return $error_mailing_list;
     } else {
         $mail_sender = new Mail();
         $mail_sender->set_sender($_NEWSLETTER_CONFIG['sender_mail']);
         $mail_sender->set_mime(MIME_FORMAT_HTML);
         $mail_sender->set_recipients($email_test);
         $mail_sender->set_content($message);
         $mail_sender->set_object($mail_object);
         $mail_sender->send();
         return true;
     }
 }
Ejemplo n.º 20
0
 function _get_info_module()
 {
     global $Sql, $CONFIG;
     $info_module = load_ini_file(PATH_TO_ROOT . '/' . $this->module_folder . '/lang/', get_ulang());
     $check_script = false;
     if (isset($info_module['com'])) {
         if ($info_module['com'] == $this->script) {
             $info_sql_module = $Sql->query_array(PREFIX . strprotect($info_module['com']), "id", "nbr_com", "lock_com", "WHERE id = '" . $this->idprov . "'", __LINE__, __FILE__);
             if ($info_sql_module['id'] == $this->idprov) {
                 $check_script = true;
             }
         }
     }
     return $check_script ? array(strprotect($info_module['com']), $info_sql_module['nbr_com'], (bool) $info_sql_module['lock_com']) : array('', 0, 0);
 }
Ejemplo n.º 21
0
     } elseif ($password != $password_repeat) {
         return $LANG['admin_passwords_error'];
     } elseif (!Mail::check_validity($user_mail)) {
         return $LANG['admin_email_error'];
     } else {
         return '';
     }
 }
 $error = check_admin_account($login, $password, $password_repeat, $user_mail);
 if (empty($error)) {
     require_once 'functions.php';
     load_db_connection();
     import('core/cache');
     $Cache = new Cache();
     $Cache->load('config');
     $Sql->query_inject("UPDATE " . DB_TABLE_MEMBER . " SET login = '******', password = '******', level = '2', user_lang = '" . $CONFIG['lang'] . "', user_theme = '" . $CONFIG['theme'] . "', user_mail = '" . $user_mail . "', user_show_mail = '1', timestamp = '" . time() . "', user_aprob = '1', user_timezone = '" . $CONFIG['timezone'] . "' WHERE user_id = '1'", __LINE__, __FILE__);
     $unlock_admin = substr(strhash(uniqid(mt_rand(), true)), 0, 12);
     $CONFIG['unlock_admin'] = strhash($unlock_admin);
     $CONFIG['mail_exp'] = $user_mail;
     $CONFIG['mail'] = $user_mail;
     $Sql->query_inject("UPDATE " . DB_TABLE_CONFIGS . " SET value = '" . addslashes(serialize($CONFIG)) . "' WHERE name = 'config'", __LINE__, __FILE__);
     $Cache->Generate_file('config');
     $Cache->load('member');
     $CONFIG_USER['activ_register'] = (int) DISTRIBUTION_ENABLE_USER;
     $CONFIG_USER['msg_mbr'] = $LANG['site_config_msg_mbr'];
     $CONFIG_USER['msg_register'] = $LANG['site_config_msg_register'];
     $Sql->query_inject("UPDATE " . DB_TABLE_CONFIGS . " SET value = '" . addslashes(serialize($CONFIG_USER)) . "' WHERE name = 'member'", __LINE__, __FILE__);
     $Cache->generate_file('member');
     $LANG['admin'] = '';
     import('io/mail');
     $mail = new Mail();
Ejemplo n.º 22
0
function forum_history_collector($type, $user_id_action = '', $url_action = '')
{
    global $Sql, $User;
    $Sql->query_inject("INSERT INTO " . PREFIX . "forum_history (action, user_id, user_id_action, url, timestamp) VALUES('" . strprotect($type) . "', '" . $User->get_attribute('user_id') . "', '" . numeric($user_id_action) . "', '" . strprotect($url_action) . "', '" . time() . "')", __LINE__, __FILE__);
}
Ejemplo n.º 23
0
 function update_user_lang($user_lang)
 {
     global $Sql;
     if ($this->user_data['level'] > -1) {
         $Sql->query_inject("UPDATE " . DB_TABLE_MEMBER . " SET user_lang = '" . strprotect($user_lang) . "' WHERE user_id = '" . $this->user_data['user_id'] . "'", __LINE__, __FILE__);
     } else {
         $Sql->query_inject("UPDATE " . DB_TABLE_SESSIONS . " SET user_lang = '" . strprotect($user_lang) . "' WHERE level = -1 AND session_id = '" . $this->user_data['session_id'] . "'", __LINE__, __FILE__);
     }
 }
Ejemplo n.º 24
0
<?php

require_once '../admin/admin_begin.php';
load_module_lang('wiki');
define('TITLE', $LANG['administration'] . ' : ' . $LANG['wiki']);
require_once '../admin/admin_header.php';
include_once '../wiki/wiki_functions.php';
$Cache->load('wiki');
$wiki_name = strprotect(retrieve(POST, 'wiki_name', $LANG['wiki'], TSTRING_AS_RECEIVED), HTML_PROTECT, ADDSLASHES_NONE);
$index_text = stripslashes(wiki_parse(retrieve(POST, 'contents', '', TSTRING_AS_RECEIVED)));
$last_articles = retrieve(POST, 'last_articles', 0);
$display_cats = !empty($_POST['display_cats']) ? 1 : 0;
$count_hits = !empty($_POST['count_hits']) ? 1 : 0;
if (!empty($_POST['update'])) {
    $_WIKI_CONFIG['wiki_name'] = $wiki_name;
    $_WIKI_CONFIG['last_articles'] = $last_articles;
    $_WIKI_CONFIG['display_cats'] = $display_cats;
    $_WIKI_CONFIG['index_text'] = $index_text;
    $_WIKI_CONFIG['count_hits'] = $count_hits;
    $_WIKI_CONFIG['auth'] = serialize($_WIKI_CONFIG['auth']);
    $Sql->query_inject("UPDATE " . DB_TABLE_CONFIGS . " SET value = '" . addslashes(serialize($_WIKI_CONFIG)) . "' WHERE name = 'wiki'", __LINE__, __FILE__);
    $Cache->Generate_module_file('wiki');
}
$Cache->load('wiki');
$Template->set_filenames(array('wiki_config' => 'wiki/admin_wiki.tpl'));
$content_editor = new ContentFormattingFactory(BBCODE_LANGUAGE);
$editor = $content_editor->get_editor();
$editor->set_identifier('contents');
$Template->assign_vars(array('KERNEL_EDITOR' => $editor->display(), 'HITS_SELECTED' => $_WIKI_CONFIG['count_hits'] > 0 ? 'checked="checked"' : '', 'WIKI_NAME' => $_WIKI_CONFIG['wiki_name'], 'NOT_DISPLAY_CATS' => $_WIKI_CONFIG['display_cats'] == 0 ? 'checked="checked"' : '', 'DISPLAY_CATS' => $_WIKI_CONFIG['display_cats'] != 0 ? 'checked="checked"' : '', 'LAST_ARTICLES' => $_WIKI_CONFIG['last_articles'], 'DESCRIPTION' => wiki_unparse($_WIKI_CONFIG['index_text']), 'L_UPDATE' => $LANG['update'], 'L_RESET' => $LANG['reset'], 'L_WIKI_MANAGEMENT' => $LANG['wiki_management'], 'L_WIKI_GROUPS' => $LANG['wiki_groups_config'], 'L_CONFIG_WIKI' => $LANG['wiki_config'], 'L_WHOLE_WIKI' => $LANG['wiki_config_whole'], 'L_INDEX_WIKI' => $LANG['wiki_index'], 'L_COUNT_HITS' => $LANG['wiki_count_hits'], 'L_WIKI_NAME' => $LANG['wiki_name'], 'L_DISPLAY_CATS' => $LANG['wiki_display_cats'], 'L_NOT_DISPLAY' => $LANG['wiki_no_display'], 'L_DISPLAY' => $LANG['wiki_display'], 'L_LAST_ARTICLES' => $LANG['wiki_last_articles'], 'L_LAST_ARTICLES_EXPLAIN' => $LANG['wiki_last_articles_explain'], 'L_DESCRIPTION' => $LANG['wiki_desc']));
$Template->pparse('wiki_config');
require_once '../admin/admin_footer.php';
Ejemplo n.º 25
0
        $Cache->load('themes', RELOAD_CACHE);
        $Cache->Generate_file('css');
        redirect(HOST . SCRIPT);
    } else {
        redirect(HOST . DIR . '/admin/admin_themes_add.php?error=e_theme_already_exist#errorh');
    }
} elseif (!empty($_FILES['upload_theme']['name'])) {
    @clearstatcache();
    $dir = '../templates/';
    if (!is_writable($dir)) {
        $is_writable = @chmod($dir, 0777) ? true : false;
    }
    @clearstatcache();
    $error = '';
    if (is_writable($dir)) {
        $check_theme = $Sql->query("SELECT COUNT(*) FROM " . DB_TABLE_THEMES . " WHERE theme = '" . strprotect($_FILES['upload_theme']['name']) . "'", __LINE__, __FILE__);
        if (empty($check_theme) && !is_dir('../templates/' . $_FILES['upload_theme']['name'])) {
            import('io/upload');
            $Upload = new Upload($dir);
            if ($Upload->file('upload_theme', '`([a-z0-9()_-])+\\.(gzip|zip)+$`i')) {
                $archive_path = '../templates/' . $Upload->filename['upload_theme'];
                if ($Upload->extension['upload_theme'] == 'gzip') {
                    import('lib/pcl/pcltar', LIB_IMPORT);
                    if (!($zip_files = PclTarExtract($Upload->filename['upload_theme'], '../templates/'))) {
                        $error = $Upload->error;
                    }
                } elseif ($Upload->extension['upload_theme'] == 'zip') {
                    import('lib/pcl/pclzip', LIB_IMPORT);
                    $Zip = new PclZip($archive_path);
                    if (!($zip_files = $Zip->extract(PCLZIP_OPT_PATH, '../templates/', PCLZIP_OPT_SET_CHMOD, 0666))) {
                        $error = $Upload->error;
Ejemplo n.º 26
0
 function delete_mini_module($module)
 {
     global $Sql;
     $query = "SELECT id, object, enabled, block, position FROM " . DB_TABLE_MENUS . " WHERE\n            class='" . strtolower(MODULE_MINI_MENU__CLASS) . "' AND\n            title LIKE '" . strtolower(strprotect($module)) . "/%';";
     $result = $Sql->query_while($query, __LINE__, __FILE__);
     while ($row = $Sql->fetch_assoc($result)) {
         MenuService::delete(MenuService::_load($row));
     }
 }
Ejemplo n.º 27
0
        $Session->csrf_get_protect();
        $Template->assign_vars(array('C_QUERY_RESULT' => true));
        $lower_query = strtolower($query);
        if (strtolower(substr($query, 0, 6)) == 'select') {
            $result = $Sql->query_while(str_replace('phpboost_', PREFIX, $query), __LINE__, __FILE__);
            $i = 1;
            while ($row = $Sql->fetch_assoc($result)) {
                $Template->assign_block_vars('line', array());
                if ($i == 1) {
                    foreach ($row as $field_name => $field_value) {
                        $Template->assign_block_vars('line.field', array('FIELD' => '<strong>' . $field_name . '</strong>', 'CLASS' => 'row3'));
                    }
                    $Template->assign_block_vars('line', array());
                }
                foreach ($row as $field_name => $field_value) {
                    $Template->assign_block_vars('line.field', array('FIELD' => strprotect($field_value), 'CLASS' => 'row1', 'STYLE' => is_numeric($field_value) ? 'text-align:right;' : ''));
                }
                $i++;
            }
        } elseif (substr($lower_query, 0, 11) == 'insert into' || substr($lower_query, 0, 6) == 'update' || substr($lower_query, 0, 11) == 'delete from' || substr($lower_query, 0, 11) == 'alter table' || substr($lower_query, 0, 8) == 'truncate' || substr($lower_query, 0, 10) == 'drop table') {
            $result = $Sql->query_inject($query, __LINE__, __FILE__);
            $affected_rows = @$Sql->affected_rows($result, "");
        }
    } elseif (!empty($table)) {
        $query = "SELECT * FROM " . $table . " WHERE 1";
    }
    $Template->assign_vars(array('QUERY' => Sql::indent_query($query), 'QUERY_HIGHLIGHT' => Sql::highlight_query($query), 'L_REQUIRE' => $LANG['require'], 'L_EXPLAIN_QUERY' => $LANG['db_query_explain'], 'L_CONFIRM_QUERY' => $LANG['db_confirm_query'], 'L_EXECUTE' => $LANG['db_submit_query'], 'L_RESULT' => $LANG['db_query_result'], 'L_EXECUTED_QUERY' => $LANG['db_executed_query']));
} elseif (!empty($table)) {
    $table_structure = $backup->extract_table_structure(array($table));
    if (!isset($backup->tables[$table])) {
        redirect(HOST . DIR . '/database/admin_database.php');
Ejemplo n.º 28
0
 function Rename_pics($id_pics, $name, $previous_name)
 {
     global $Sql;
     $Sql->query_inject("UPDATE " . PREFIX . "gallery SET name = '" . strprotect($name, HTML_PROTECT, ADDSLASHES_FORCE) . "' WHERE id = '" . $id_pics . "'", __LINE__, __FILE__);
     return stripslashes(strlen(html_entity_decode($name, ENT_COMPAT, 'ISO-8859-1')) > 22 ? htmlentities(substr(html_entity_decode($name, ENT_COMPAT, 'ISO-8859-1'), 0, 22), ENT_COMPAT, 'ISO-8859-1') . PATH_TO_ROOT . '.' : $name);
 }
Ejemplo n.º 29
0
                    $idpic = $Gallery->Add_pics($idcat_post, $name, $Upload->filename['gallery'], $User->get_attribute('user_id'));
                    if (!empty($Gallery->error)) {
                        redirect(HOST . DIR . '/gallery/admin_gallery_add.php?error=' . $Gallery->error . '#errorh');
                    }
                    $Cache->Generate_module_file('gallery');
                }
            }
        }
    }
    redirect(HOST . DIR . '/gallery/admin_gallery_add.php?add=' . $idpic);
} elseif (!empty($_POST['valid']) && !empty($nbr_pics_post)) {
    for ($i = 1; $i <= $nbr_pics_post; $i++) {
        $activ = !empty($_POST[$i . 'activ']) ? trim($_POST[$i . 'activ']) : '';
        $uniq = !empty($_POST[$i . 'uniq']) ? strprotect($_POST[$i . 'uniq']) : '';
        if ($activ && !empty($uniq)) {
            $name = !empty($_POST[$i . 'name']) ? strprotect($_POST[$i . 'name']) : 0;
            $cat = !empty($_POST[$i . 'cat']) ? numeric($_POST[$i . 'cat']) : 0;
            $del = !empty($_POST[$i . 'del']) ? numeric($_POST[$i . 'del']) : 0;
            if ($del) {
                delete_file('pics/' . $uniq);
            } else {
                $Gallery->Add_pics($cat, $name, $uniq, $User->get_attribute('user_id'));
            }
        }
    }
    $Cache->Generate_module_file('gallery');
    redirect(HOST . DIR . '/gallery/admin_gallery_add.php');
} else {
    $Template->set_filenames(array('admin_gallery_add' => 'gallery/admin_gallery_add.tpl'));
    $get_error = !empty($_GET['error']) ? trim($_GET['error']) : '';
    $array_error = array('e_upload_invalid_format', 'e_upload_max_weight', 'e_upload_max_dimension', 'e_upload_error', 'e_upload_failed_unwritable', 'e_upload_already_exist', 'e_unlink_disabled', 'e_unsupported_format', 'e_unabled_create_pics', 'e_error_resize', 'e_no_graphic_support', 'e_unabled_incrust_logo', 'delete_thumbnails');
Ejemplo n.º 30
0
function gallery_mini($position, $block)
{
    global $Cache, $User, $CAT_GALLERY, $CONFIG_GALLERY, $LANG, $_array_random_pics, $Sql;
    $tpl = new Template('gallery/gallery_mini.tpl');
    import('core/menu_service');
    MenuService::assign_positions_conditions($tpl, $block);
    load_module_lang('gallery');
    $Cache->load('gallery');
    $i = 0;
    $array_pics_mini = 'var array_pics_mini = new Array();' . "\n";
    list($nbr_pics, $sum_height, $sum_width, $scoll_mode, $height_max, $width_max) = array(0, 0, 0, 0, 142, 142);
    if (isset($_array_random_pics) && $_array_random_pics !== array()) {
        if (!defined('READ_CAT_GALLERY')) {
            define('READ_CAT_GALLERY', 0x1);
        }
        $gallery_mini = array();
        shuffle($_array_random_pics);
        $CAT_GALLERY[0]['auth'] = $CONFIG_GALLERY['auth_root'];
        $break = 0;
        foreach ($_array_random_pics as $array_pics_info) {
            if ($User->check_auth($CAT_GALLERY[$array_pics_info['idcat']]['auth'], READ_CAT_GALLERY)) {
                $gallery_mini[] = $array_pics_info;
                $break++;
            }
            if ($break == $CONFIG_GALLERY['nbr_pics_mini']) {
                break;
            }
        }
        if (count($gallery_mini) == 0) {
            $_array_random_pics = array();
            $result = $Sql->query_while("SELECT g.id, g.name, g.path, g.width, g.height, g.idcat, gc.auth\n    \t\tFROM " . PREFIX . "gallery g\n    \t\tLEFT JOIN " . PREFIX . "gallery_cats gc on gc.id = g.idcat\n    \t\tWHERE g.aprob = 1 AND gc.aprob = 1\n    \t\tORDER BY RAND()\n    \t\t" . $Sql->limit(0, $CONFIG_GALLERY['nbr_pics_mini']), __LINE__, __FILE__);
            while ($row = $Sql->fetch_assoc($result)) {
                $_array_random_pics[] = $row;
            }
            $break = 0;
            foreach ($_array_random_pics as $key => $array_pics_info) {
                if ($User->check_auth($CAT_GALLERY[$array_pics_info['idcat']]['auth'], READ_CAT_GALLERY)) {
                    $gallery_mini[] = $array_pics_info;
                    $break++;
                }
                if ($break == $CONFIG_GALLERY['nbr_pics_mini']) {
                    break;
                }
            }
        }
        switch ($CONFIG_GALLERY['scroll_type']) {
            case 0:
                $tpl->assign_vars(array('C_FADE' => true));
                break;
            case 1:
                $tpl->assign_vars(array('C_VERTICAL_SCROLL' => true));
                break;
            case 2:
                $tpl->assign_vars(array('C_HORIZONTAL_SCROLL' => true));
                break;
            case 3:
                $tpl->assign_vars(array('C_STATIC' => true));
                break;
        }
        include_once PATH_TO_ROOT . '/gallery/gallery.class.php';
        $Gallery = new Gallery();
        foreach ($gallery_mini as $key => $row) {
            if (!is_file(PATH_TO_ROOT . '/gallery/pics/thumbnails/' . $row['path'])) {
                $Gallery->Resize_pics(PATH_TO_ROOT . '/gallery/pics/' . $row['path']);
            }
            if ($row['width'] == 0 || $row['height'] == 0) {
                list($row['width'], $row['height']) = @getimagesize(PATH_TO_ROOT . '/gallery/pics/thumbnails/' . $row['path']);
            }
            if ($row['width'] == 0 || $row['height'] == 0) {
                list($row['width'], $row['height']) = array(142, 142);
            }
            $tpl->assign_block_vars('pics_mini', array('ID' => $i, 'PICS' => TPL_PATH_TO_ROOT . '/gallery/pics/thumbnails/' . $row['path'], 'NAME' => strprotect($row['name'], HTML_PROTECT, ADDSLASHES_FORCE), 'HEIGHT' => $row['height'], 'WIDTH' => $row['width'], 'U_PICS' => TPL_PATH_TO_ROOT . '/gallery/gallery' . url('.php?cat=' . $row['idcat'] . '&amp;id=' . $row['id'], '-' . $row['idcat'] . '-' . $row['id'] . '.php')));
            $sum_height += $row['height'] + 5;
            $sum_width += $row['width'] + 5;
            $i++;
            if ($CONFIG_GALLERY['scroll_type'] == 3) {
                break;
            }
        }
    }
    $tpl->assign_vars(array('SID' => SID, 'MODULE_DATA_PATH' => $tpl->get_module_data_path('gallery'), 'ARRAY_PICS' => $array_pics_mini, 'HEIGHT_DIV' => $CONFIG_GALLERY['height'], 'SUM_HEIGHT' => $sum_height + 10, 'HIDDEN_HEIGHT' => $CONFIG_GALLERY['height'] + 10, 'WIDTH_DIV' => $CONFIG_GALLERY['width'], 'SUM_WIDTH' => $sum_width + 30, 'HIDDEN_WIDTH' => $CONFIG_GALLERY['width'] * 3 + 30, 'SCROLL_DELAY' => 0.2 * (11 - $CONFIG_GALLERY['speed_mini_pics']), 'L_RANDOM_PICS' => $LANG['random_img'], 'L_NO_RANDOM_PICS' => $i == 0 ? '<br /><span class="text_small"><em>' . $LANG['no_random_img'] . '</em></span><br />' : '', 'L_GALLERY' => $LANG['gallery']));
    return $tpl->parse(TEMPLATE_STRING_MODE);
}