function validateToken($tokenValue = false, $clearIfValid = true)
{
if (false !== $tokenValue) {
$handler = new XoopsSingleTokenHandler();
$token =& $handler->fetch(XOOPS_TOKEN_DEFAULT);
if ($token->validate($tokenValue)) {
if ($clearIfValid) {
$handler->unregister($token);
}
return true;
} else {
$this->setErrors('No token found');
return false;
}
}
return XoopsMultiTokenHandler::quickValidate(XOOPS_TOKEN_DEFAULT, $clearIfValid);
}
/**
* Constructor
*
* @param string $name "name" attribute
*/
function XoopsFormHiddenToken($name = null, $timeout = 360)
{
if (empty($name)) {
$token =& XoopsMultiTokenHandler::quickCreate(XOOPS_TOKEN_DEFAULT);
$name = $token->getTokenName();
} else {
$token =& XoopsSingleTokenHandler::quickCreate(XOOPS_TOKEN_DEFAULT);
}
$this->XoopsFormHidden($name, $token->getTokenValue());
}
}
$sql = sprintf("DELETE FROM %s WHERE cid = %u", $db->prefix("banner"), $cid);
$db->query($sql);
$sql = sprintf("DELETE FROM %s WHERE cid = %u", $db->prefix("bannerclient"), $cid);
$db->query($sql);
redirect_header("admin.php?fct=banners&op=BannersAdmin#top", 1, _AM_DBUPDATED);
break;
case "BannerClientEdit":
$cid = isset($_GET['cid']) ? intval($_GET['cid']) : 0;
if ($cid > 0) {
BannerClientEdit($cid);
}
break;
case "BannerClientChange":
$cid = isset($_POST['cid']) ? intval($_POST['cid']) : 0;
if ($cid <= 0 || !XoopsSingleTokenHandler::quickValidate('banners_ClientChange')) {
redirect_header("admin.php?fct=banners&op=BannersAdmin#top");
}
$name = isset($_POST['name']) ? trim($_POST['name']) : '';
$contact = isset($_POST['contact']) ? trim($_POST['contact']) : '';
$email = isset($_POST['email']) ? trim($_POST['email']) : '';
$login = isset($_POST['login']) ? trim($_POST['login']) : '';
$passwd = isset($_POST['passwd']) ? trim($_POST['passwd']) : '';
$extrainfo = isset($_POST['extrainfo']) ? trim($_POST['extrainfo']) : '';
$db =& Database::getInstance();
$myts =& MyTextSanitizer::getInstance();
$sql = sprintf("UPDATE %s SET name = %s, contact = %s, email = %s, login = %s, passwd = %s, extrainfo = %s WHERE cid = %d", $db->prefix("bannerclient"), $db->quoteString($myts->stripSlashesGPC($name)), $db->quoteString($myts->stripSlashesGPC($contact)), $db->quoteString($myts->stripSlashesGPC($email)), $db->quoteString($myts->stripSlashesGPC($login)), $db->quoteString($myts->stripSlashesGPC($passwd)), $db->quoteString($myts->stripSlashesGPC($extrainfo)), $cid);
$db->query($sql);
redirect_header("admin.php?fct=banners&op=BannersAdmin#top", 1, _AM_DBUPDATED);
break;
default:
} else {
if ($tplset == $xoopsConfig['template_set']) {
include_once XOOPS_ROOT_PATH . '/class/template.php';
xoops_template_touch($newtpl->getVar('tpl_id'));
}
echo ' Block template <b>' . $tplfiles[$i]->getVar('tpl_file') . '</b> added to the database.<br />';
}
}
flush();
unset($newtpl);
}
echo '<br />Module template files for template set <b>' . htmlspecialchars($tplset, ENT_QUOTES) . '</b> generated and installed.<br /></code><br /><a href="admin.php?fct=tplsets">' . _MD_AM_BTOTADMIN . '</a>';
xoops_cp_footer();
break;
case 'uploadtar_go':
if (!XoopsSingleTokenHandler::quickValidate('tplsets_uploadtar')) {
redirect_header('admin.php?fct=tplsets', 3, 'Ticket Error');
}
include_once XOOPS_ROOT_PATH . '/class/uploader.php';
$uploader = new XoopsMediaUploader(XOOPS_UPLOAD_PATH, array('application/x-gzip', 'application/gzip', 'application/gzip-compressed', 'application/x-gzip-compressed', 'application/x-tar', 'application/x-tar-compressed', 'application/octet-stream'), 1000000);
$uploader->setAllowedExtensions(array('tar', 'tar.gz', 'tgz', 'gz'));
$uploader->setPrefix('tmp');
xoops_cp_header();
echo '<code>';
if ($uploader->fetchMedia($_POST['xoops_upload_file'][0])) {
if (!$uploader->upload()) {
xoops_error($uploader->getErrors());
} else {
include_once XOOPS_ROOT_PATH . '/class/class.tar.php';
$tar = new tar();
$tar->openTar($uploader->getSavedDestination());
$list .= ", <a href='" . XOOPS_URL . "/userinfo.php?uid={$id}' target='_blank'>" . htmlspecialchars($_POST['memberslist_uname'][$id]) . "</a>";
$hidden .= "<input type='hidden' name='memberslist_id[]' value='{$id}' />\n";
}
}
echo "<div><h4>" . sprintf(_AM_AYSYWTDU, " " . $list . " ") . "</h4>";
echo _AM_BYTHIS . "<br /><br />\n <form action='admin.php' method='post'>\n <input type='hidden' name='fct' value='users' />\n <input type='hidden' name='op' value='delete_many_ok' />\n <input type='submit' value='" . _YES . "' />\n <input type='button' value='" . _NO . "' onclick='javascript:location.href=\"admin.php?op=adminMain\"' />";
echo $token->getHtml();
echo $hidden;
echo "</form></div>";
} else {
echo _AM_NOUSERS;
}
xoops_cp_footer();
break;
case "delete_many_ok":
if (XoopsSingleTokenHandler::quickValidate('users_deletemany')) {
$count = count($_POST['memberslist_id']);
$output = "";
$member_handler =& xoops_gethandler('member');
for ($i = 0; $i < $count; $i++) {
$deluser =& $member_handler->getUser($_POST['memberslist_id'][$i]);
if (is_object($deluser)) {
$groups = $deluser->getGroups();
if (in_array(XOOPS_GROUP_ADMIN, $groups)) {
$output .= sprintf('Admin user cannot be deleted. (User: %s)', $deluser->getVar("uname")) . "<br />";
} else {
if (!$member_handler->deleteUser($deluser)) {
$output .= "Could not delete " . $deluser->getVar("uname") . "<br />";
} else {
$output .= $deluser->getVar("uname") . " deleted<br />";
}
//$avatar_tray = new XoopsFormElementTray(_US_AVATAR, " ");
//$avatar_tray->addElement($avatar_select);
//$avatar_tray->addElement($avatar_label);
//foreach ($a_dir_labels as $a_dir_label) {
// $avatar_tray->addElement($a_dir_label);
//}
$reg_form = new XoopsThemeForm(_US_USERREG, "userinfo", "register.php");
$uname_size = $xoopsConfigUser['maxuname'] < 25 ? $xoopsConfigUser['maxuname'] : 25;
$reg_form->addElement(new XoopsFormText(_US_NICKNAME, "uname", $uname_size, $uname_size, $myts->htmlSpecialChars($uname)), true);
$reg_form->addElement($email_tray);
$reg_form->addElement(new XoopsFormText(_US_WEBSITE, "url", 25, 255, $myts->htmlSpecialChars($url)));
$tzselected = $timezone_offset != "" ? $timezone_offset : $xoopsConfig['default_TZ'];
$reg_form->addElement(new XoopsFormSelectTimezone(_US_TIMEZONE, "timezone_offset", $tzselected));
//$reg_form->addElement($avatar_tray);
$reg_form->addElement(new XoopsFormPassword(_US_PASSWORD, "pass", 10, 32, $myts->htmlSpecialChars($pass)), true);
$reg_form->addElement(new XoopsFormPassword(_US_VERIFYPASS, "vpass", 10, 32, $myts->htmlSpecialChars($vpass)), true);
$reg_form->addElement(new XoopsFormRadioYN(_US_MAILOK, 'user_mailok', $user_mailok));
if ($xoopsConfigUser['reg_dispdsclmr'] != 0 && $xoopsConfigUser['reg_disclaimer'] != '') {
$disc_tray = new XoopsFormElementTray(_US_DISCLAIMER, '<br />');
$disc_text = new XoopsFormTextarea('', 'disclaimer', $xoopsConfigUser['reg_disclaimer'], 8);
$disc_text->setExtra('readonly="readonly"');
$disc_tray->addElement($disc_text);
$agree_chk = new XoopsFormCheckBox('', 'agree_disc', $agree_disc);
$agree_chk->addOption(1, _US_IAGREE);
$disc_tray->addElement($agree_chk);
$reg_form->addElement($disc_tray);
}
$reg_form->addElement(new XoopsFormHidden("op", "newuser"));
$reg_form->addElement(new XoopsFormToken(XoopsSingleTokenHandler::quickCreate('register_newuser')));
$reg_form->addElement(new XoopsFormButton("", "submit", _US_SUBMIT, "submit"));
$reg_form->setRequired($email_text);
/**
* static method.
* This method was created for quick protection of default modules.
* this method will be deleted in the near future.
* @deprecated
* @return bool
*/
function quickValidate($name, $clearIfValid = true)
{
$handler = new XoopsSingleTokenHandler();
return $handler->autoValidate($name, $clearIfValid);
}
function _validate_token()
{
$handler = new XoopsSingleTokenHandler();
return $handler->autoValidate($this->_TOKEN_NAME);
}
}
}
$sql = sprintf("UPDATE %s SET user_avatar = %s WHERE uid = %u", $xoopsDB->prefix('users'), $xoopsDB->quoteString($uploader->getSavedFileName()), $xoopsUser->getVar('uid'));
$xoopsDB->query($sql);
$avt_handler->addUser($avatar->getVar('avatar_id'), $xoopsUser->getVar('uid'));
redirect_header('userinfo.php?t=' . time() . '&uid=' . $xoopsUser->getVar('uid'), 0, _US_PROFUPDATED);
}
}
}
include XOOPS_ROOT_PATH . '/header.php';
echo $uploader->getErrors();
include XOOPS_ROOT_PATH . '/footer.php';
}
}
if ($op == 'avatarchoose') {
if (!XoopsSingleTokenHandler::quickValidate('avatarchoose')) {
redirect_header('index.php', 3, _US_NOEDITRIGHT);
exit;
}
$uid = 0;
if (!empty($_POST['uid'])) {
$uid = intval($_POST['uid']);
}
if (empty($uid) || $xoopsUser->getVar('uid') != $uid) {
redirect_header('index.php', 3, _US_NOEDITRIGHT);
exit;
}
$avt_handler =& xoops_gethandler('avatar');
$user_avatar = 'blank.gif';
$user_avatar_object = false;
$myts =& MyTextSanitizer::getInstance();
$xoopsMailer->setFromName($myts->oopsStripSlashesGPC($_POST['mail_fromname']));
$xoopsMailer->setFromEmail($myts->oopsStripSlashesGPC($_POST['mail_fromemail']));
$xoopsMailer->setSubject($myts->oopsStripSlashesGPC($_POST['mail_subject']));
$xoopsMailer->setBody($myts->oopsStripSlashesGPC($_POST['mail_body']));
if (in_array("mail", $_POST['mail_send_to'])) {
$xoopsMailer->useMail();
}
if (in_array("pm", $_POST['mail_send_to']) && empty($_POST['mail_inactive'])) {
$xoopsMailer->usePM();
}
$xoopsMailer->send(true);
echo $xoopsMailer->getSuccess();
echo $xoopsMailer->getErrors();
if ($added_count > $mail_end) {
$form = new XoopsThemeForm(_AM_SENDMTOUSERS, "mailusers", "admin.php?fct=mailusers");
$form->addElement(new XoopsFormToken(XoopsSingleTokenHandler::quickCreate('mailusers_send')));
if (!empty($_POST['mail_to_group'])) {
foreach ($_POST['mail_to_group'] as $mailgroup) {
$group_hidden = new XoopsFormHidden("mail_to_group[]", $mailgroup);
$form->addElement($group_hidden);
}
}
if (isset($_POST['mail_inactive'])) {
$form->addElement(new XoopsFormHidden("mail_inactive", intval($_POST['mail_inactive'])));
}
if (isset($_POST['mail_mailok'])) {
$form->addElement(new XoopsFormHidden("mail_mailok", intval($_POST['mail_mailok'])));
}
$lastlog_min_hidden = new XoopsFormHidden("mail_lastlog_min", $myts->makeTboxData4PreviewInForm($_POST['mail_lastlog_min']));
$lastlog_max_hidden = new XoopsFormHidden("mail_lastlog_max", $myts->makeTboxData4PreviewInForm($_POST['mail_lastlog_max']));
$regd_min_hidden = new XoopsFormHidden("mail_regd_min", $myts->makeTboxData4PreviewInForm($_POST['mail_regd_max']));
$form->addElement(new XoopsFormText(_MD_IMGCATWEIGHT, 'imgcat_weight', 3, 4, $imagecategory->getVar('imgcat_weight')));
$form->addElement(new XoopsFormRadioYN(_MD_IMGCATDISPLAY, 'imgcat_display', $imagecategory->getVar('imgcat_display'), _YES, _NO));
$storetype = array('db' => _MD_INDB, 'file' => _MD_ASFILE);
$form->addElement(new XoopsFormLabel(_MD_IMGCATSTRTYPE, $storetype[$imagecategory->getVar('imgcat_storetype')]));
$form->addElement(new XoopsFormHidden('imgcat_id', $imgcat_id));
$form->addElement(new XoopsFormHidden('op', 'updatecat'));
$form->addElement(new XoopsFormHidden('fct', 'images'));
$form->addElement(new XoopsFormButton('', 'imgcat_button', _SUBMIT, 'submit'));
xoops_cp_header();
echo '<a href="admin.php?fct=images">' . _MD_IMGMAIN . '</a> <span style="font-weight:bold;">»»</span> ' . $imagecategory->getVar('imgcat_name') . '<br /><br />';
$form->display();
xoops_cp_footer();
exit;
}
if ($op == 'updatecat') {
if (!XoopsSingleTokenHandler::quickValidate('images_updatecat')) {
system_images_error("Ticket Error");
}
$imgcat_id = !empty($_POST['imgcat_id']) ? intval($_POST['imgcat_id']) : 0;
if ($imgcat_id <= 0) {
redirect_header('admin.php?fct=images', 1);
}
$imgcat_handler = xoops_gethandler('imagecategory');
$imagecategory =& $imgcat_handler->get($imgcat_id);
if (!is_object($imagecategory)) {
redirect_header('admin.php?fct=images', 1);
}
$imagecategory->setVar('imgcat_name', $_POST['imgcat_name']);
$imgcat_display = empty($_POST['imgcat_display']) ? 0 : 1;
$imagecategory->setVar('imgcat_display', $imgcat_display);
$imagecategory->setVar('imgcat_maxsize', $_POST['imgcat_maxsize']);
}
}
echo "</td><td align='center'>";
if ($_POST['oldweight'][$mid] != $_POST['weight'][$mid]) {
echo "<span style='color:#ff0000;font-weight:bold;'>" . $_POST['weight'][$mid] . "</span>";
} else {
echo $_POST['weight'][$mid];
}
echo "\n <input type='hidden' name='module[]' value='" . $mid . "' />\n <input type='hidden' name='oldname[" . $mid . "]' value='" . htmlspecialchars($_POST['oldname'][$mid], ENT_QUOTES) . "' />\n <input type='hidden' name='newname[" . $mid . "]' value='" . htmlspecialchars($newname[$mid], ENT_QUOTES) . "' />\n <input type='hidden' name='oldstatus[" . $mid . "]' value='" . $_POST['oldstatus'][$mid] . "' />\n <input type='hidden' name='newstatus[" . $mid . "]' value='" . $_POST['newstatus'][$mid] . "' />\n <input type='hidden' name='oldweight[" . $mid . "]' value='" . intval($_POST['oldweight'][$mid]) . "' />\n <input type='hidden' name='weight[" . $mid . "]' value='" . intval($_POST['weight'][$mid]) . "' />\n </td></tr>";
}
echo "\n <tr class='foot' align='center'><td colspan='3'><input type='submit' value='" . _MD_AM_SUBMIT . "' /> <input type='button' value='" . _MD_AM_CANCEL . "' onclick='location=\"admin.php?fct=modulesadmin\"' /></td></tr>\n </table>\n </form>";
xoops_cp_footer();
exit;
}
if ($op == "submit") {
if (!XoopsSingleTokenHandler::quickValidate('modulesadmin_submit')) {
system_modulesadmin_error("Ticket Error");
}
$ret = array();
$write = false;
foreach ($_POST['module'] as $mid) {
if (isset($_POST['newstatus'][$mid]) && $_POST['newstatus'][$mid] == 1) {
if ($_POST['oldstatus'][$mid] == 0) {
$ret[] = xoops_module_activate($mid);
}
} else {
if ($_POST['oldstatus'][$mid] == 1) {
$ret[] = xoops_module_deactivate($mid);
}
}
$newname[$mid] = trim($_POST['newname'][$mid]);
}
$f_timezone = $timezone_offset < 0 ? 'GMT ' . $timezone_offset : 'GMT +' . $timezone_offset;
echo _US_TIMEZONE . ": {$f_timezone}<br />";
echo "<form action='register.php' method='post'>";
echo $token->getHtml();
echo "<input type='hidden' name='uname' value='" . $myts->htmlSpecialChars($uname) . "' />\n <input type='hidden' name='email' value='" . $myts->htmlSpecialChars($email) . "' />";
echo "<input type='hidden' name='user_viewemail' value='" . $user_viewemail . "' />\n <input type='hidden' name='timezone_offset' value='" . (double) $timezone_offset . "' />\n <input type='hidden' name='url' value='" . $myts->htmlSpecialChars($url) . "' />\n <input type='hidden' name='pass' value='" . $myts->htmlSpecialChars($pass) . "' />\n <input type='hidden' name='vpass' value='" . $myts->htmlSpecialChars($vpass) . "' />\n <input type='hidden' name='user_mailok' value='" . $user_mailok . "' />\n <br /><br /><input type='hidden' name='op' value='finish' /><input type='submit' value='" . _US_FINISH . "' /></form>";
} else {
echo "<span style='color:#ff0000;'>{$stop}</span>";
include 'include/registerform.php';
$reg_form->display();
}
include 'footer.php';
break;
case 'finish':
if (!XoopsSingleTokenHandler::quickValidate('register_finish')) {
exit;
}
include 'header.php';
$stop = userCheck($uname, $email, $pass, $vpass);
if (empty($stop)) {
$member_handler =& xoops_gethandler('member');
$newuser =& $member_handler->createUser();
$newuser->setVar('user_viewemail', $user_viewemail, true);
$newuser->setVar('uname', $uname, true);
$newuser->setVar('email', $email, true);
if ($url != '') {
$newuser->setVar('url', formatURL($url), true);
}
$newuser->setVar('user_avatar', 'blank.gif', true);
$actkey = substr(md5(uniqid(mt_rand(), 1)), 0, 8);
function BannerClientEdit($cid)
{
$cid = intval($cid);
$token =& XoopsSingleTokenHandler::quickCreate('banners_ClientChange');
global $xoopsConfig, $xoopsModule;
$xoopsDB =& Database::getInstance();
$myts =& MyTextSanitizer::getInstance();
xoops_cp_header();
$result = $xoopsDB->query("SELECT name, contact, email, login, passwd, extrainfo FROM " . $xoopsDB->prefix("bannerclient") . " WHERE cid={$cid}");
list($name, $contact, $email, $login, $passwd, $extrainfo) = $xoopsDB->fetchRow($result);
$name = $myts->makeTboxData4Edit($name);
$contact = $myts->makeTboxData4Show($contact);
$email = $myts->makeTboxData4Edit($email);
$login = $myts->makeTboxData4Edit($login);
$passwd = $myts->makeTboxData4Edit($passwd);
$extrainfo = $myts->makeTareaData4Show($extrainfo);
echo "<table width='100%' border='0' cellspacing='1' class='outer'><tr><td class=\"odd\">";
echo "\r\n <h4>" . _AM_EDITADVCLI . "</h4>\r\n <form action='admin.php' method='post'>";
echo $token->getHtml();
echo _AM_CLINAMET . "<input type='text' name='name' value='{$name}' size='30' maxlength='60' /><br />\r\n " . _AM_CONTNAMET . "<input type='text' name='contact' value='{$contact}' size='30' maxlength='60' /><br />\r\n " . _AM_CONTMAILT . "<input type='text' name='email' size='30' maxlength='60' value='{$email}' /><br />\r\n " . _AM_CLILOGINT . "<input type='text' name='login' size='12' maxlength='10' value='{$login}' /><br />\r\n " . _AM_CLIPASST . "<input type='text' name='passwd' size='12' maxlength='10' value='{$passwd}' /><br />\r\n " . _AM_EXTINFO . "<br /><textarea name='extrainfo' cols='60' rows='10'>{$extrainfo}</textarea><br />\r\n <input type='hidden' name='cid' value='{$cid}' />\r\n <input type='hidden' name='op' value='BannerClientChange' />\r\n <input type='hidden' name='fct' value='banners' />\r\n <input type='submit' value='" . _AM_CHGCLI . "' />";
echo "</td></tr></table>";
xoops_cp_footer();
}