}
$sql = sprintf("DELETE FROM %s WHERE cid = %u", $db->prefix("banner"), $cid);
$db->query($sql);
$sql = sprintf("DELETE FROM %s WHERE cid = %u", $db->prefix("bannerclient"), $cid);
$db->query($sql);
redirect_header("admin.php?fct=banners&op=BannersAdmin#top", 1, _AM_DBUPDATED);
break;
case "BannerClientEdit":
$cid = isset($_GET['cid']) ? intval($_GET['cid']) : 0;
if ($cid > 0) {
BannerClientEdit($cid);
}
break;
case "BannerClientChange":
$cid = isset($_POST['cid']) ? intval($_POST['cid']) : 0;
if ($cid <= 0 || !XoopsSingleTokenHandler::quickValidate('banners_ClientChange')) {
redirect_header("admin.php?fct=banners&op=BannersAdmin#top");
}
$name = isset($_POST['name']) ? trim($_POST['name']) : '';
$contact = isset($_POST['contact']) ? trim($_POST['contact']) : '';
$email = isset($_POST['email']) ? trim($_POST['email']) : '';
$login = isset($_POST['login']) ? trim($_POST['login']) : '';
$passwd = isset($_POST['passwd']) ? trim($_POST['passwd']) : '';
$extrainfo = isset($_POST['extrainfo']) ? trim($_POST['extrainfo']) : '';
$db =& Database::getInstance();
$myts =& MyTextSanitizer::getInstance();
$sql = sprintf("UPDATE %s SET name = %s, contact = %s, email = %s, login = %s, passwd = %s, extrainfo = %s WHERE cid = %d", $db->prefix("bannerclient"), $db->quoteString($myts->stripSlashesGPC($name)), $db->quoteString($myts->stripSlashesGPC($contact)), $db->quoteString($myts->stripSlashesGPC($email)), $db->quoteString($myts->stripSlashesGPC($login)), $db->quoteString($myts->stripSlashesGPC($passwd)), $db->quoteString($myts->stripSlashesGPC($extrainfo)), $cid);
$db->query($sql);
redirect_header("admin.php?fct=banners&op=BannersAdmin#top", 1, _AM_DBUPDATED);
break;
default:
$list .= ", <a href='" . XOOPS_URL . "/userinfo.php?uid={$id}' target='_blank'>" . htmlspecialchars($_POST['memberslist_uname'][$id]) . "</a>";
$hidden .= "<input type='hidden' name='memberslist_id[]' value='{$id}' />\n";
}
}
echo "<div><h4>" . sprintf(_AM_AYSYWTDU, " " . $list . " ") . "</h4>";
echo _AM_BYTHIS . "<br /><br />\n <form action='admin.php' method='post'>\n <input type='hidden' name='fct' value='users' />\n <input type='hidden' name='op' value='delete_many_ok' />\n <input type='submit' value='" . _YES . "' />\n <input type='button' value='" . _NO . "' onclick='javascript:location.href=\"admin.php?op=adminMain\"' />";
echo $token->getHtml();
echo $hidden;
echo "</form></div>";
} else {
echo _AM_NOUSERS;
}
xoops_cp_footer();
break;
case "delete_many_ok":
if (XoopsSingleTokenHandler::quickValidate('users_deletemany')) {
$count = count($_POST['memberslist_id']);
$output = "";
$member_handler =& xoops_gethandler('member');
for ($i = 0; $i < $count; $i++) {
$deluser =& $member_handler->getUser($_POST['memberslist_id'][$i]);
if (is_object($deluser)) {
$groups = $deluser->getGroups();
if (in_array(XOOPS_GROUP_ADMIN, $groups)) {
$output .= sprintf('Admin user cannot be deleted. (User: %s)', $deluser->getVar("uname")) . "<br />";
} else {
if (!$member_handler->deleteUser($deluser)) {
$output .= "Could not delete " . $deluser->getVar("uname") . "<br />";
} else {
$output .= $deluser->getVar("uname") . " deleted<br />";
}
} else {
if ($tplset == $xoopsConfig['template_set']) {
include_once XOOPS_ROOT_PATH . '/class/template.php';
xoops_template_touch($newtpl->getVar('tpl_id'));
}
echo ' Block template <b>' . $tplfiles[$i]->getVar('tpl_file') . '</b> added to the database.<br />';
}
}
flush();
unset($newtpl);
}
echo '<br />Module template files for template set <b>' . htmlspecialchars($tplset, ENT_QUOTES) . '</b> generated and installed.<br /></code><br /><a href="admin.php?fct=tplsets">' . _MD_AM_BTOTADMIN . '</a>';
xoops_cp_footer();
break;
case 'uploadtar_go':
if (!XoopsSingleTokenHandler::quickValidate('tplsets_uploadtar')) {
redirect_header('admin.php?fct=tplsets', 3, 'Ticket Error');
}
include_once XOOPS_ROOT_PATH . '/class/uploader.php';
$uploader = new XoopsMediaUploader(XOOPS_UPLOAD_PATH, array('application/x-gzip', 'application/gzip', 'application/gzip-compressed', 'application/x-gzip-compressed', 'application/x-tar', 'application/x-tar-compressed', 'application/octet-stream'), 1000000);
$uploader->setAllowedExtensions(array('tar', 'tar.gz', 'tgz', 'gz'));
$uploader->setPrefix('tmp');
xoops_cp_header();
echo '<code>';
if ($uploader->fetchMedia($_POST['xoops_upload_file'][0])) {
if (!$uploader->upload()) {
xoops_error($uploader->getErrors());
} else {
include_once XOOPS_ROOT_PATH . '/class/class.tar.php';
$tar = new tar();
$tar->openTar($uploader->getSavedDestination());
}
}
$sql = sprintf("UPDATE %s SET user_avatar = %s WHERE uid = %u", $xoopsDB->prefix('users'), $xoopsDB->quoteString($uploader->getSavedFileName()), $xoopsUser->getVar('uid'));
$xoopsDB->query($sql);
$avt_handler->addUser($avatar->getVar('avatar_id'), $xoopsUser->getVar('uid'));
redirect_header('userinfo.php?t=' . time() . '&uid=' . $xoopsUser->getVar('uid'), 0, _US_PROFUPDATED);
}
}
}
include XOOPS_ROOT_PATH . '/header.php';
echo $uploader->getErrors();
include XOOPS_ROOT_PATH . '/footer.php';
}
}
if ($op == 'avatarchoose') {
if (!XoopsSingleTokenHandler::quickValidate('avatarchoose')) {
redirect_header('index.php', 3, _US_NOEDITRIGHT);
exit;
}
$uid = 0;
if (!empty($_POST['uid'])) {
$uid = intval($_POST['uid']);
}
if (empty($uid) || $xoopsUser->getVar('uid') != $uid) {
redirect_header('index.php', 3, _US_NOEDITRIGHT);
exit;
}
$avt_handler =& xoops_gethandler('avatar');
$user_avatar = 'blank.gif';
$user_avatar_object = false;
$myts =& MyTextSanitizer::getInstance();
include_once XOOPS_ROOT_PATH . "/class/xoopsformloader.php";
$op = "form";
if (!empty($_POST['op']) && $_POST['op'] == "send") {
$op = $_POST['op'];
}
if ($op == "form") {
xoops_cp_header();
//OpenTable();
$display_criteria = 1;
include XOOPS_ROOT_PATH . "/modules/system/admin/mailusers/mailform.php";
$form->display();
//CloseTable();
xoops_cp_footer();
}
if ($op == "send" && !empty($_POST['mail_send_to'])) {
if (!XoopsSingleTokenHandler::quickValidate('mailusers_send')) {
xoops_cp_header();
xoops_error("Ticket Error");
xoops_cp_footer();
exit;
}
$added = array();
$added_id = array();
$criteria = array();
if (!empty($_POST['mail_inactive'])) {
$criteria[] = "level = 0";
} else {
if (!empty($_POST['mail_mailok'])) {
$criteria[] = 'user_mailok = 1';
}
if (!empty($_POST['mail_to_group'])) {
$form->addElement(new XoopsFormText(_MD_IMGCATWEIGHT, 'imgcat_weight', 3, 4, $imagecategory->getVar('imgcat_weight')));
$form->addElement(new XoopsFormRadioYN(_MD_IMGCATDISPLAY, 'imgcat_display', $imagecategory->getVar('imgcat_display'), _YES, _NO));
$storetype = array('db' => _MD_INDB, 'file' => _MD_ASFILE);
$form->addElement(new XoopsFormLabel(_MD_IMGCATSTRTYPE, $storetype[$imagecategory->getVar('imgcat_storetype')]));
$form->addElement(new XoopsFormHidden('imgcat_id', $imgcat_id));
$form->addElement(new XoopsFormHidden('op', 'updatecat'));
$form->addElement(new XoopsFormHidden('fct', 'images'));
$form->addElement(new XoopsFormButton('', 'imgcat_button', _SUBMIT, 'submit'));
xoops_cp_header();
echo '<a href="admin.php?fct=images">' . _MD_IMGMAIN . '</a> <span style="font-weight:bold;">»»</span> ' . $imagecategory->getVar('imgcat_name') . '<br /><br />';
$form->display();
xoops_cp_footer();
exit;
}
if ($op == 'updatecat') {
if (!XoopsSingleTokenHandler::quickValidate('images_updatecat')) {
system_images_error("Ticket Error");
}
$imgcat_id = !empty($_POST['imgcat_id']) ? intval($_POST['imgcat_id']) : 0;
if ($imgcat_id <= 0) {
redirect_header('admin.php?fct=images', 1);
}
$imgcat_handler = xoops_gethandler('imagecategory');
$imagecategory =& $imgcat_handler->get($imgcat_id);
if (!is_object($imagecategory)) {
redirect_header('admin.php?fct=images', 1);
}
$imagecategory->setVar('imgcat_name', $_POST['imgcat_name']);
$imgcat_display = empty($_POST['imgcat_display']) ? 0 : 1;
$imagecategory->setVar('imgcat_display', $imgcat_display);
$imagecategory->setVar('imgcat_maxsize', $_POST['imgcat_maxsize']);
}
}
echo "</td><td align='center'>";
if ($_POST['oldweight'][$mid] != $_POST['weight'][$mid]) {
echo "<span style='color:#ff0000;font-weight:bold;'>" . $_POST['weight'][$mid] . "</span>";
} else {
echo $_POST['weight'][$mid];
}
echo "\n <input type='hidden' name='module[]' value='" . $mid . "' />\n <input type='hidden' name='oldname[" . $mid . "]' value='" . htmlspecialchars($_POST['oldname'][$mid], ENT_QUOTES) . "' />\n <input type='hidden' name='newname[" . $mid . "]' value='" . htmlspecialchars($newname[$mid], ENT_QUOTES) . "' />\n <input type='hidden' name='oldstatus[" . $mid . "]' value='" . $_POST['oldstatus'][$mid] . "' />\n <input type='hidden' name='newstatus[" . $mid . "]' value='" . $_POST['newstatus'][$mid] . "' />\n <input type='hidden' name='oldweight[" . $mid . "]' value='" . intval($_POST['oldweight'][$mid]) . "' />\n <input type='hidden' name='weight[" . $mid . "]' value='" . intval($_POST['weight'][$mid]) . "' />\n </td></tr>";
}
echo "\n <tr class='foot' align='center'><td colspan='3'><input type='submit' value='" . _MD_AM_SUBMIT . "' /> <input type='button' value='" . _MD_AM_CANCEL . "' onclick='location=\"admin.php?fct=modulesadmin\"' /></td></tr>\n </table>\n </form>";
xoops_cp_footer();
exit;
}
if ($op == "submit") {
if (!XoopsSingleTokenHandler::quickValidate('modulesadmin_submit')) {
system_modulesadmin_error("Ticket Error");
}
$ret = array();
$write = false;
foreach ($_POST['module'] as $mid) {
if (isset($_POST['newstatus'][$mid]) && $_POST['newstatus'][$mid] == 1) {
if ($_POST['oldstatus'][$mid] == 0) {
$ret[] = xoops_module_activate($mid);
}
} else {
if ($_POST['oldstatus'][$mid] == 1) {
$ret[] = xoops_module_deactivate($mid);
}
}
$newname[$mid] = trim($_POST['newname'][$mid]);
}
$f_timezone = $timezone_offset < 0 ? 'GMT ' . $timezone_offset : 'GMT +' . $timezone_offset;
echo _US_TIMEZONE . ": {$f_timezone}<br />";
echo "<form action='register.php' method='post'>";
echo $token->getHtml();
echo "<input type='hidden' name='uname' value='" . $myts->htmlSpecialChars($uname) . "' />\n <input type='hidden' name='email' value='" . $myts->htmlSpecialChars($email) . "' />";
echo "<input type='hidden' name='user_viewemail' value='" . $user_viewemail . "' />\n <input type='hidden' name='timezone_offset' value='" . (double) $timezone_offset . "' />\n <input type='hidden' name='url' value='" . $myts->htmlSpecialChars($url) . "' />\n <input type='hidden' name='pass' value='" . $myts->htmlSpecialChars($pass) . "' />\n <input type='hidden' name='vpass' value='" . $myts->htmlSpecialChars($vpass) . "' />\n <input type='hidden' name='user_mailok' value='" . $user_mailok . "' />\n <br /><br /><input type='hidden' name='op' value='finish' /><input type='submit' value='" . _US_FINISH . "' /></form>";
} else {
echo "<span style='color:#ff0000;'>{$stop}</span>";
include 'include/registerform.php';
$reg_form->display();
}
include 'footer.php';
break;
case 'finish':
if (!XoopsSingleTokenHandler::quickValidate('register_finish')) {
exit;
}
include 'header.php';
$stop = userCheck($uname, $email, $pass, $vpass);
if (empty($stop)) {
$member_handler =& xoops_gethandler('member');
$newuser =& $member_handler->createUser();
$newuser->setVar('user_viewemail', $user_viewemail, true);
$newuser->setVar('uname', $uname, true);
$newuser->setVar('email', $email, true);
if ($url != '') {
$newuser->setVar('url', formatURL($url), true);
}
$newuser->setVar('user_avatar', 'blank.gif', true);
$actkey = substr(md5(uniqid(mt_rand(), 1)), 0, 8);
