function show($e_code, $pages = 1)
{
global $_CONF;
$errmsg = array("0001" => "Could not connect to the forums database.", "0002" => "The forum you selected does not exist. Please go back and try again.", "0003" => "Password Incorrect.", "0004" => "Could not query the topics database.", "0005" => "Error getting messages from the database.", "0006" => "Please enter the Nickname and the Password.", "0007" => "You are not the Moderator of this forum therefore you can't perform this function.", "0008" => "You did not enter the correct password, please go back and try again.", "0009" => "Could not remove posts from the database.", "0010" => "Could not move selected topic to selected forum. Please go back and try again.", "0011" => "Could not lock the selected topic. Please go back and try again.", "0012" => "Could not unlock the selected topic. Please go back and try again.", "0013" => "Could not query the database. <BR>Error: " . DB_error() . "", "0014" => "No such user or post in the database.", "0015" => "Search Engine was unable to query the forums database.", "0016" => "That user does not exist. Please go back and search again.", "0017" => "You must type a subject to post. You can't post an empty subject. Go back and enter the subject", "0018" => "You must choose message icon to post. Go back and choose message icon.", "0019" => "You must type a message to post. You can't post an empty message. Go back and enter a message.", "0020" => "Could not enter data into the database. Please go back and try again.", "0021" => "Can't delete the selected message.", "0022" => "An error ocurred while querying the database.", "0023" => "Selected message was not found in the forum database.", "0024" => "You can't reply to that message. It wasn't sent to you.", "0025" => "You can't post a reply to this topic, it has been locked. Contact the administrator if you have any question.", "0026" => "The forum or topic you are attempting to post to does not exist. Please try again.", "0027" => "You must enter your username and password. Go back and do so.", "0028" => "You have entered an incorrect password. Go back and try again.", "0029" => "Couldn't update post count.", "0030" => "The forum you are attempting to post to does not exist. Please try again.", "0031" => "Unknown Error", "0035" => "You can't edit a post that's not yours.", "0036" => "You do not have permission to edit this post.", "0037" => "You did not supply the correct password or do not have permission to edit this post. Please go back and try again.", "1001" => "Please enter value for Title.", "1002" => "Please enter value for Phone.", "1003" => "Please enter value for Summary.", "1004" => "Please enter value for Address.", "1005" => "Please enter value for City.", "1006" => "Please enter value for State/Province.", "1007" => "Please enter value for Zipcode.", "1008" => "Please enter value for Description.", "1009" => "Vote for the selected resource only once.<br>All votes are logged and reviewed.", "1010" => "You cannot vote on the resource you submitted.<br>All votes are logged and reviewed.", "1011" => "No rating selected - no vote tallied.", "1013" => "Please enter a search query.", "1016" => "Please enter value for Filename.", "1017" => "The file was not uploaded - reported filesize of 0 bytes.", "1101" => "Upload approval Error: The temporary file was not found. Check error.log", "1102" => "Upload submit Error: The temporary filestore file was not created. Check error.log", "1103" => "The download info you provided is already in the database!", "1104" => "The download info was not complete - Need to enter a title for the new file", "1105" => "The download info was not complete - Need to enter a description for the new file", "1106" => "Upload Add Error: The new file was not created. Check error.log", "1107" => "Upload Add Error: The temporary file was not found. Check error.log", "1108" => "Duplicate file - already existing in filestore", "1109" => "File type not allowed", "1110" => "You must define and select a category for the uploaded file", "9999" => "Unknown Error");
// determine the destination of this request
$destination = COM_getCurrentURL();
// validate the destination is not blank and is part of our site...
if ($destination == '') {
$destination = $_CONF['site_url'] . '/filemgmt/index.php';
}
if (substr($destination, 0, strlen($_CONF['site_url'])) != $_CONF['site_url']) {
$destination = $_CONF['site_url'] . '/filemgmt/index.php';
}
$errorno = array_keys($errmsg);
if (!in_array($e_code, $errorno)) {
$e_code = '9999';
}
include_once $_CONF['path'] . 'plugins/filemgmt/include/header.php';
$display = COM_siteHeader('menu');
$display .= '<table width="100%" class="plugin" border="0" cellspacing="0" cellpadding="1">';
$display .= '<tr><td class="pluginAlert" style="text-align:right;padding:5px;">File Management Plugin</td>';
$display .= "<td class=\"pluginAlert\" width=\"50%\" style=\"padding:5px 0px 5px 10px;\">Error Code: {$e_code}</td></tr>";
$display .= "<tr><td colspan=\"2\" class=\"pluginInfo\"><b>ERROR:</b> {$errmsg[$e_code]}</td></tr>";
$display .= '<tr><td colspan="2" class="pluginInfo" style="text-align:center;padding:10px;">';
$display .= '[ <a href="' . $destination . '">Go Back</a> ]</td></tr></table>';
$display .= COM_siteFooter();
echo $display;
die("");
}
/**
* Execute
*
* @param string $comment
* @return int
*/
public function execute($comment)
{
global $result, $_CONF, $_TABLES, $LANG_SX00, $_USER;
$url = COM_getCurrentURL();
if (strpos($url, 'usersettings.php') !== false) {
$this->result = PLG_SPAM_ACTION_DELETE;
DB_change($_TABLES['users'], 'status', USER_ACCOUNT_DISABLED, 'uid', $_USER['uid']);
SPAMX_log("User {$_USER['username']} banned for profile spam.");
}
return 1;
}
/**
* Check a security token.
*
* Checks the POST and GET data for a security token, if one exists, validates
* that it's for this user and URL. If the token is not valid, it asks the user
* to re-authenticate and resends the request if authentication was successful.
*
* @return boolean true if the token is valid; does not return if not!
*
*/
function SEC_checkToken()
{
global $_CONF, $LANG20, $LANG_ADMIN;
if (_sec_checkToken()) {
SEC_createToken(-1);
return true;
}
// determine the destination of this request
$destination = COM_getCurrentURL();
// validate the destination is not blank and is part of our site...
if ($destination == '') {
$destination = $_CONF['site_url'] . '/index.php';
}
if (substr($destination, 0, strlen($_CONF['site_url'])) != $_CONF['site_url']) {
$destination = $_CONF['site_url'] . '/index.php';
}
$method = strtoupper($_SERVER['REQUEST_METHOD']) == 'GET' ? 'GET' : 'POST';
$postdata = serialize($_POST);
$getdata = serialize($_GET);
$filedata = '';
if (!empty($_FILES)) {
foreach ($_FILES as $key => $file) {
if (is_array($file['name'])) {
foreach ($file['name'] as $offset => $filename) {
if (!empty($file['name'][$offset])) {
$filename = basename($file['tmp_name'][$offset]);
move_uploaded_file($file['tmp_name'][$offset], $_CONF['path_data'] . 'temp/' . $filename);
$_FILES[$key]['tmp_name'][$offset] = $filename;
}
}
} else {
if (!empty($file['name']) && !empty($file['tmp_name'])) {
$filename = basename($file['tmp_name']);
move_uploaded_file($file['tmp_name'], $_CONF['path_data'] . 'temp/' . $filename);
$_FILES[$key]['tmp_name'] = $filename;
}
}
}
$filedata = serialize($_FILES);
}
SESS_setVar('glfusion.auth.method', $method);
SESS_setVar('glfusion.auth.dest', $destination);
SESS_setVar('glfusion.auth.post', $postdata);
SESS_setVar('glfusion.auth.get', $getdata);
if (!empty($filedata)) {
SESS_setVar('glfusion.auth.file', $filedata);
}
$display = COM_siteHeader();
$display .= SEC_tokenreauthForm('', $destination);
$display .= COM_siteFooter();
echo $display;
exit;
}
/**
* Send an email.
*
* All emails sent by Geeklog are sent through this function.
*
* NOTE: Please note that using CC: will expose the email addresses of
* all recipients. Use with care.
*
* @param string $to recipients name and email address
* @param string $subject subject of the email
* @param string $message the text of the email
* @param string $from (optional) sender of the the email
* @param boolean $html (optional) true if to be sent as HTML email
* @param int $priority (optional) add X-Priority header, if > 0
* @param mixed $optional (optional) other headers or CC:
* @return boolean true if successful, otherwise false
*
*/
function COM_mail($to, $subject, $message, $from = '', $html = false, $priority = 0, $optional = null)
{
global $_CONF;
static $mailobj;
if (empty($from)) {
$from = COM_formatEmailAddress($_CONF['site_name'], $_CONF['site_mail']);
}
$to = substr($to, 0, strcspn($to, "\r\n"));
if ($optional != null && !is_array($optional)) {
$optional = substr($optional, 0, strcspn($optional, "\r\n"));
}
$from = substr($from, 0, strcspn($from, "\r\n"));
$subject = substr($subject, 0, strcspn($subject, "\r\n"));
$subject = COM_emailEscape($subject);
if (function_exists('CUSTOM_mail')) {
return CUSTOM_mail($to, $subject, $message, $from, $html, $priority, $optional);
}
include_once 'Mail.php';
include_once 'Mail/RFC822.php';
$method = $_CONF['mail_settings']['backend'];
if (!isset($mailobj)) {
if ($method == 'sendmail' || $method == 'smtp') {
$mailobj =& Mail::factory($method, $_CONF['mail_settings']);
} else {
$method = 'mail';
$mailobj =& Mail::factory($method);
}
}
$charset = COM_getCharset();
$headers = array();
$headers['From'] = $from;
if ($method != 'mail') {
$headers['To'] = $to;
}
if ($optional != null && !is_array($optional) && !empty($optional)) {
// assume old (optional) CC: header
$headers['Cc'] = $optional;
}
$headers['Date'] = date('r');
// RFC822 formatted date
if ($method == 'smtp') {
list($usec, $sec) = explode(' ', microtime());
$m = substr($usec, 2, 5);
$headers['Message-Id'] = '<' . date('YmdHis') . '.' . $m . '@' . $_CONF['mail_settings']['host'] . '>';
}
if ($html) {
$headers['Content-Type'] = 'text/html; charset=' . $charset;
$headers['Content-Transfer-Encoding'] = '8bit';
} else {
$headers['Content-Type'] = 'text/plain; charset=' . $charset;
}
$headers['Subject'] = $subject;
if ($priority > 0) {
$headers['X-Priority'] = $priority;
}
$headers['X-Mailer'] = 'Geeklog ' . VERSION;
if (!empty($_SERVER['REMOTE_ADDR']) && !empty($_SERVER['SERVER_ADDR']) && $_SERVER['REMOTE_ADDR'] != $_SERVER['SERVER_ADDR']) {
$url = COM_getCurrentURL();
if (substr($url, 0, strlen($_CONF['site_admin_url'])) != $_CONF['site_admin_url']) {
$headers['X-Originating-IP'] = $_SERVER['REMOTE_ADDR'];
}
}
// add optional headers last
if ($optional != null && is_array($optional)) {
foreach ($optional as $h => $v) {
$headers[$h] = $v;
}
}
$retval = $mailobj->send($to, $headers, $message);
if ($retval !== true) {
COM_errorLog($retval->toString(), 1);
}
return $retval === true ? true : false;
}
/**
* Display a 404 not found error message
*
* @param string $alternate_url Point the user to another location
*/
function COM_handle404($alternate_url = '')
{
global $_CONF, $_USER, $LANG_404;
if (function_exists('CUSTOM_handle404')) {
CUSTOM_handle404($alternate_url);
exit;
}
// send 404 in any case
header('HTTP/1.1 404 Not Found');
header('Status: 404 Not Found');
// Add log stuff
$url = COM_getCurrentURL();
if (isset($_USER['uid'])) {
$byuser = $_USER['uid'] . '@' . $_SERVER['REMOTE_ADDR'];
} else {
$byuser = '******' . $_SERVER['REMOTE_ADDR'];
}
$refurl = $_SERVER['HTTP_REFERER'];
$timestamp = @strftime('%c');
$logentry = "404 Error generated by {$byuser} for url: {$url}";
if (!empty($refurl)) {
$logentry .= " - Referring url: {$refurl}";
}
$logentry = str_replace(array('<?', '?>'), array('(@', '@)'), $logentry);
$logfile = $_CONF['path_log'] . '404.log';
if ($file = fopen($logfile, 'a')) {
fputs($file, "{$timestamp} - {$logentry} \n");
}
$display = COM_startBlock($LANG_404[1]);
$display .= sprintf($LANG_404[2], $url);
if ($alternate_url != '') {
$display .= sprintf($LANG_404[4], $alternate_url);
} else {
$display .= $LANG_404[3];
}
$display .= COM_endBlock();
$display = COM_createHTMLDocument($display, array('pagetitle' => $LANG_404[1]));
COM_output($display);
exit;
// Do not want to go any further
}
private function _renderMenuItems()
{
global $_CONF, $_TABLES, $_USER, $_BLOCK_TEMPLATE;
foreach ($this->_menuitems as $menuitem) {
if ($this->_multiLangMode) {
$label = $this->getMenuLabel($menuitem['id']);
} else {
$label = $menuitem['label'];
}
$target = $menuitem['type'] == 2 ? 'target=newWindow;' . $this->_targetFeatures : '';
$menuitemImage = trim($menuitem['image']);
if ($menuitemImage != '') {
// Check and see if the full url is entered
if (strpos($menuitemImage, 'http') === false) {
$menuitemImage = $_CONF['site_url'] . '/nexmenu/menuimages/' . $menuitemImage;
}
}
if ($i == $this->_menuitemCount) {
$lastitem = true;
} else {
$lastitem = false;
}
// Check and see if this item is a submenu
if ($menuitem['type'] == 3) {
// Type Submenu
$url = str_replace('[siteurl]', $_CONF['site_url'], $menuitem['url']);
$url = str_replace('[siteadminurl]', $_CONF['site_admin_url'], $url);
if ($this->_type == 'header') {
$menuitemimagecss = 'headermenuitemimage';
} else {
$menuitemimagecss = 'blocksubmenuitemimage';
}
if ($menuitemImage != '') {
$retval .= 'aI("image=' . $menuitemImage . ';text=' . $label . ';' . 'url=' . $url . ';' . $target . 'showmenu=nexmenu' . $menuitem['id'] . ';");';
} else {
$retval .= 'aI("text=' . $label . ';' . 'url=' . $url . ';' . $target . 'showmenu=nexmenu' . $menuitem['id'] . ';");';
}
} elseif ($menuitem['type'] == 4) {
// Core Menu
switch ($menuitem['url']) {
case "adminmenu":
if ($_USER['uid'] > 1) {
$_BLOCK_TEMPLATE['admin_block'] = 'nexmenu/milonicmenu/blockheader-blank.thtml,nexmenu/milonicmenu/blockfooter-blank.thtml';
$_BLOCK_TEMPLATE['adminoption'] = 'nexmenu/milonicmenu/option.thtml,nexmenu/milonicmenu/option_off.thtml';
$plugin_options .= PLG_getAdminOptions();
$nrows = count($plugin_options);
if (SEC_isModerator() or $nrows > 0 or SEC_hasrights('story.edit,block.edit,topic.edit,link.edit,event.edit,poll.edit,user.edit,plugin.edit,user.mail', 'OR')) {
$retval .= COM_adminMenu();
}
}
break;
case "usermenu":
if ($_USER['uid'] > 1) {
$_BLOCK_TEMPLATE['user_block'] = 'nexmenu/milonicmenu/blockheader-blank.thtml,nexmenu/milonicmenu/blockfooter-blank.thtml';
$_BLOCK_TEMPLATE['useroption'] = 'nexmenu/milonicmenu/option.thtml,nexmenu/milonicmenu/option_off.thtml';
$retval .= COM_userMenu();
}
break;
case "topicmenu":
$_BLOCK_TEMPLATE['topicoption'] = 'nexmenu/milonicmenu/option.thtml,nexmenu/milonicmenu/option_off.thtml';
$retval .= COM_showTopics('', " sortnum < '{$CONF_NEXMENU['restricted_topics']}'");
break;
case "linksmenu":
if ($this->_linksPlugin) {
$retval .= $this->_milonicLinksPluginSiteLinks();
}
break;
case "spmenu":
if ($this->_staticpagesPlugin) {
if ($CONF_NEXMENU['sp_labelonly']) {
$sql = "SELECT sp_id,sp_title,sp_label FROM {$_TABLES['staticpage']} WHERE sp_onmenu=1 ";
$sql .= COM_getPermSql('AND');
$sql .= 'ORDER BY sp_title';
$spquery = DB_query($sql);
} else {
$sql = "SELECT sp_id,sp_title,sp_label FROM {$_TABLES['staticpage']} ";
$sql .= COM_getPermSql('WHERE');
$sql .= 'ORDER BY sp_title';
$spquery = DB_query($sql);
}
while (list($id, $title, $sp_label) = DB_fetchArray($spquery)) {
if (trim($sp_label) == '') {
$label = $title;
} else {
$label = $sp_label;
}
$url = "{$_CONF['site_url']}/staticpages/index.php?page={$id}";
$retval .= 'aI("text=' . $label . ';url=' . $_CONF['site_url'] . '/staticpages/index.php?page=' . $id . ';");';
}
}
break;
case "pluginmenu":
$result = DB_query("SELECT pi_name FROM {$_TABLES['plugins']} WHERE pi_enabled = 1");
$nrows = DB_numRows($result);
$menu = array();
for ($i = 1; $i <= $nrows; $i++) {
$A = DB_fetchArray($result);
$function = 'plugin_getmenuitems_' . $A['pi_name'];
if (function_exists($function)) {
$menuitems = $function();
if (is_array($menuitems) and count($menuitems) > 0) {
foreach ($menuitems as $plugin_label => $plugin_link) {
$retval .= 'aI("text=' . $plugin_label . ';' . $target . 'url=' . $plugin_link . ';");';
}
}
}
}
break;
}
// End of menutype == 4 (Core Menu)
} elseif ($menuitem['type'] == 5) {
if (function_exists($menuitem['url'])) {
/* Pass the type of menu to custom php function */
$retval .= $menuitem['url']($this->_type);
}
} else {
$url = str_replace('[siteurl]', $_CONF['site_url'], $menuitem['url']);
$url = str_replace('[siteadminurl]', $_CONF['site_admin_url'], $url);
// what's our current URL?
$thisUrl = COM_getCurrentURL();
if ($menuitemImage != '') {
$retval .= 'aI("image=' . $menuitemImage . ';text=' . $label . ';url=' . $url . ';' . $target . ';");';
} else {
$retval .= 'aI("text=' . $label . ';url=' . $url . ';' . $target . ';");';
}
}
$i++;
}
// Restore Template Setting
$_BLOCK_TEMPLATE = $this->_currentBlockTemplate;
return $retval;
}
/**
* Generate a security token.
*
* This generates and stores a one time security token. Security tokens are
* added to forms and urls in the admin section as a non-cookie double-check
* that the admin user really wanted to do that...
*
* @param $ttl int Time to live for token in seconds. Default is 20 minutes.
*
* @return string Generated token, it'll be an MD5 hash (32chars)
*/
function SEC_createToken($ttl = 1200)
{
global $_USER, $_TABLES, $_DB_dbms;
static $last_token;
if (isset($last_token)) {
return $last_token;
}
/* Figure out the full url to the current page */
$pageURL = COM_getCurrentURL();
/* Generate the token */
$token = md5($_USER['uid'] . $pageURL . uniqid(rand(), 1));
$pageURL = addslashes($pageURL);
/* Destroy exired tokens: */
$sql['mssql'] = "DELETE FROM {$_TABLES['tokens']} WHERE (DATEADD(ss, ttl, created) < NOW()) AND (ttl > 0)";
$sql['mysql'] = "DELETE FROM {$_TABLES['tokens']} WHERE (DATE_ADD(created, INTERVAL ttl SECOND) < NOW()) AND (ttl > 0)";
DB_query($sql);
/* Destroy tokens for this user/url combination */
$sql = "DELETE FROM {$_TABLES['tokens']} WHERE owner_id={$_USER['uid']} AND urlfor='{$pageURL}'";
DB_query($sql);
/* Create a token for this user/url combination */
/* NOTE: TTL mapping for PageURL not yet implemented */
$sql = "INSERT INTO {$_TABLES['tokens']} (token, created, owner_id, urlfor, ttl) " . "VALUES ('{$token}', NOW(), {$_USER['uid']}, '{$pageURL}', {$ttl})";
DB_query($sql);
$last_token = $token;
/* And return the token to the user */
return $token;
}
/**
* Do any other initialisation here
*/
function theme_init_cool()
{
global $_BLOCK_TEMPLATE, $_CONF, $TLANG, $_SCRIPTS, $TEMPLATE_OPTIONS, $_USER;
$_CONF['left_blocks_in_footer'] = 1;
$TEMPLATE_OPTIONS['override'] = 'denim';
/*
* For left/right block support there is no longer any need for the theme to
* put code into functions.php to set specific templates for the left/right
* versions of blocks. Instead, Geeklog will automagically look for
* blocktemplate-left.thtml and blocktemplate-right.thtml if given
* blocktemplate.thtml from $_BLOCK_TEMPLATE. So, if you want different left
* and right templates from admin_block, just create blockheader-list-left.thtml
* etc.
*/
$_BLOCK_TEMPLATE['_msg_block'] = 'blockheader-message.thtml,blockfooter-message.thtml';
$_BLOCK_TEMPLATE['configmanager_block'] = 'blockheader-config.thtml,blockfooter-config.thtml';
$_BLOCK_TEMPLATE['configmanager_subblock'] = 'blockheader-config.thtml,blockfooter-config.thtml';
$_BLOCK_TEMPLATE['whats_related_block'] = 'blockheader-related.thtml,blockfooter-related.thtml';
$_BLOCK_TEMPLATE['story_options_block'] = 'blockheader-related.thtml,blockfooter-related.thtml';
// Define the blocks that are a list of links styled as an unordered list - using class="blocklist"
$_BLOCK_TEMPLATE['admin_block'] = 'blockheader-list.thtml,blockfooter-list.thtml';
$_BLOCK_TEMPLATE['section_block'] = 'blockheader-list.thtml,blockfooter-list.thtml';
if (!COM_isAnonUser()) {
$_BLOCK_TEMPLATE['user_block'] = 'blockheader-list.thtml,blockfooter-list.thtml';
}
if (stripos(COM_getCurrentURL(), 'admin/index.php') !== FALSE) {
$theme_path = $_CONF['path_themes'] . $_CONF['theme'] . '/';
$langfile = $theme_path . 'language/' . $_CONF['language'] . '.php';
if (file_exists($langfile)) {
require_once $langfile;
} else {
require_once $theme_path . 'language/english.php';
}
$_SCRIPTS->setJavaScriptFile('jqColorPicker', '/layout/' . $_CONF['theme'] . '/javascript/jqColorPicker.min.js');
$_SCRIPTS->setJavaScript("jQuery(document).ready(function() {\n\t\t \$('.color').colorPicker();\n\t\t});", TRUE, TRUE);
}
}
// Log attempt to access.log
COM_accessLog("User {$_USER['username']} tried to illegally access the Filemanager.");
COM_output($display);
exit;
}
// Default values defined in filemanager.config.js.dist
$_FM_CONF = array('_comment' => 'IMPORTANT : go to the wiki page to know about options configuration https://github.com/simogeo/Filemanager/wiki/Filemanager-configuration-file', 'options' => array('culture' => 'en', 'lang' => 'php', 'theme' => 'flat-dark', 'defaultViewMode' => 'grid', 'autoload' => true, 'showFullPath' => false, 'showTitleAttr' => false, 'browseOnly' => false, 'showConfirmation' => true, 'showThumbs' => true, 'generateThumbnails' => true, 'searchBox' => true, 'listFiles' => true, 'fileSorting' => 'default', 'chars_only_latin' => true, 'dateFormat' => 'd M Y H:i', 'serverRoot' => true, 'fileRoot' => false, 'baseUrl' => false, 'logger' => false, 'capabilities' => array('select', 'download', 'rename', 'delete', 'replace'), 'plugins' => array()), 'security' => array('allowFolderDownload' => false, 'allowChangeExtensions' => false, 'allowNoExtension' => false, 'uploadPolicy' => 'DISALLOW_ALL', 'uploadRestrictions' => array('jpg', 'jpe', 'jpeg', 'gif', 'png', 'svg', 'txt', 'pdf', 'odp', 'ods', 'odt', 'rtf', 'doc', 'docx', 'xls', 'xlsx', 'ppt', 'pptx', 'csv', 'ogv', 'mp4', 'webm', 'm4v', 'ogg', 'mp3', 'wav', 'zip', 'rar')), 'upload' => array('multiple' => true, 'number' => 5, 'overwrite' => false, 'imagesOnly' => false, 'fileSizeLimit' => 16), 'exclude' => array('unallowed_files' => array('.htaccess', 'web.config'), 'unallowed_dirs' => array('_thumbs', '.CDN_ACCESS_LOGS', 'cloudservers'), 'unallowed_files_REGEXP' => '/^\\./uis', 'unallowed_dirs_REGEXP' => '/^\\./uis'), 'images' => array('imagesExt' => array('jpg', 'jpe', 'jpeg', 'gif', 'png', 'svg'), 'resize' => array('enabled' => true, 'maxWidth' => 1280, 'maxHeight' => 1024)), 'videos' => array('showVideoPlayer' => true, 'videosExt' => array('ogv', 'mp4', 'webm', 'm4v'), 'videosPlayerWidth' => 400, 'videosPlayerHeight' => 222), 'audios' => array('showAudioPlayer' => true, 'audiosExt' => array('ogg', 'mp3', 'wav')), 'pdfs' => array('showPdfReader' => true, 'pdfsExt' => array('pdf', 'odp'), 'pdfsReaderWidth' => 640, 'pdfsReaderHeight' => 480), 'edit' => array('enabled' => true, 'lineNumbers' => true, 'lineWrapping' => true, 'codeHighlight' => false, 'theme' => 'elegant', 'editExt' => array('txt', 'csv')), 'customScrollbar' => array('enabled' => true, 'theme' => 'inset-2-dark', 'button' => true), 'extras' => array('extra_js' => array(), 'extra_js_async' => true), 'icons' => array('path' => 'images/fileicons/', 'directory' => '_Open.png', 'default' => 'default.png'), 'url' => 'https://github.com/simogeo/Filemanager', 'version' => '2.0.0-dev');
// Values to be overridden by Geeklog (system)
$relPaths = array('Image' => 'images/library/Image/', 'Flash' => 'images/library/Flash/', 'Media' => 'images/library/Media/', 'File' => 'images/library/File/', 'Root' => 'images/');
$type = isset($_GET['Type']) ? COM_applyFilter($_GET['Type']) : '';
if (!array_key_exists($type, $relPaths)) {
$type = 'Image';
}
$fileRoot = $_CONF['path_html'] . $relPaths[$type];
$fileRoot = str_replace('\\', '/', $fileRoot);
if (preg_match('@\\Ahttps?://[^/]+(/.*/)filemanager/index\\.php@i', COM_getCurrentURL(), $match)) {
$relPath = $match[1];
} else {
$relPath = '/';
}
$relPath .= $relPaths[$type];
$_FM_CONF['options']['culture'] = COM_getLangIso639Code();
$_FM_CONF['options']['defaultViewMode'] = $_CONF['filemanager_default_view_mode'];
$_FM_CONF['options']['browseOnly'] = $_CONF['filemanager_browse_only'];
$_FM_CONF['options']['showConfirmation'] = $_CONF['filemanager_show_confirmation'];
$_FM_CONF['options']['showThumbs'] = $_CONF['filemanager_show_thumbs'];
$_FM_CONF['options']['generateThumbnails'] = $_CONF['filemanager_generate_thumbnails'];
$_FM_CONF['options']['searchBox'] = $_CONF['filemanager_search_box'];
$_FM_CONF['options']['fileSorting'] = $_CONF['filemanager_file_sorting'];
$_FM_CONF['options']['chars_only_latin'] = $_CONF['filemanager_chars_only_latin'];
$_FM_CONF['options']['dateFormat'] = $_CONF['filemanager_date_format'];
/**
* Prints administration menu
*
* This will return the administration menu items that the user has
* sufficient rights to -- Admin Block on right side.
*
* @param string $help Help file to show
* @param string $title Menu Title
* @param string $position Side being shown on 'left', 'right' or blank.
* @see function COM_userMenu
*
*/
function COM_adminMenu($help = '', $title = '', $position = '')
{
global $_TABLES, $_USER, $_CONF;
$retval = '';
$link_array = array();
if (COM_isAnonUser()) {
return $retval;
}
$thisUrl = COM_getCurrentURL();
if ($_CONF['hide_adminmenu'] && @strpos($thisUrl, $_CONF['site_admin_url']) === false) {
return '';
}
if (empty($title)) {
$title = DB_getItem($_TABLES['blocks'], 'title', "name = 'admin_block'");
}
$retval .= COM_startBlock($title, $help, COM_getBlockTemplate('admin_block', 'header', $position), 'admin_block');
$menuData = getAdminMenu();
$retval .= '<div id="adminmenu"><ul>';
foreach ($menuData as $item) {
$retval .= '<li><a href="' . $item['url'] . '">' . $item['label'] . '</a></li>';
}
$retval .= '</ul></div>';
$retval .= COM_endBlock(COM_getBlockTemplate('admin_block', 'footer', $position));
return $retval;
}
// this file can't be used on its own
if (!defined('GVERSION')) {
die('This file can not be used on its own.');
}
USES_lib_user();
/* --- Main Processing Loop --- */
$display = '';
$uid = '';
$status = '';
$token = '';
$message = '';
if (!isset($_SYSTEM['admin_session'])) {
$_SYSTEM['admin_session'] = 1200;
}
// determine the destination of this request
$destination = COM_getCurrentURL();
// validate the destination is not blank and is part of our site...
if ($destination == '') {
$destination = $_CONF['site_admin_url'] . '/index.php';
}
if (substr($destination, 0, strlen($_CONF['site_url'])) != $_CONF['site_url']) {
$destination = $_CONF['site_admin_url'] . '/index.php';
}
if (!COM_isAnonUser()) {
$currentUID = $_USER['uid'];
} else {
$currentUID = 1;
}
// is user sending credentials?
if (isset($_POST['loginname']) && !empty($_POST['loginname']) && isset($_POST['passwd']) && !empty($_POST['passwd'])) {
COM_updateSpeedlimit('login');
protected function _saveUserPhoto($from, $to)
{
// Use Pear HTTP Request 2 since first Facebook url to profile picture redirects to a new location
$ret = '';
$request = new HTTP_Request2($from, HTTP_Request2::METHOD_GET);
$request->setConfig(array('adapter' => 'HTTP_Request2_Adapter_Socket', 'connect_timeout' => 15, 'timeout' => 30, 'follow_redirects' => true, 'max_redirects' => 5, 'ssl_verify_peer' => false, 'ssl_verify_host' => false));
$request->setHeader('User-Agent', 'Geeklog/' . VERSION);
$request->setHeader('Referer', COM_getCurrentURL());
$response = $request->send();
if (200 == $response->getStatus()) {
$img = $response->getBody();
$ret = file_put_contents($to, $img);
}
return $ret;
}
/**
* nexform_showform: Used to display Calls a form
* Function will return the full HTML for the requested form
* If a result id is passed in then the values will be retrieved
* and displayed in the form.
*
* @param string $formid Required: form id to generate html for
* @param string $resultid Optional: result id if posted results are to be shown
* @parm string $mode Optional: Used to pass in 'edit' option of previous results
* @param string/array $parms Optional: parms passed in will be converted to hidden fields
* Used if posted form will be handled by custom form and
* it optional variables are required for post processing
* @param string $linkedforms Optional: used to optionally only show pre linked or post linked forms
* Valid values are: all, none, beforeonly, afternonly
* @return mixed returns formatted form HTML
*
**/
function nexform_showform($formid, $resultid = 0, $mode = 'view', $parms = '', $linkedforms = 'all', $style = '')
{
global $_CONF, $_TABLES, $CONF_FE, $forms_used;
$forms_used[$formid] = 0;
$groupAccess = DB_getItem($_TABLES['nxform_definitions'], 'perms_access', "id='{$formid}'");
if (SEC_inGroup($groupAccess)) {
// Does user have access to this form
$fields = 'name,post_method,post_option,intro_text,before_formid,after_formid,';
$fields .= 'template,on_submit,show_mandatory_note';
$formquery = DB_query("SELECT {$fields} FROM {$_TABLES['nxform_definitions']} WHERE id='{$formid}'");
list($formname, $post_method, $post_option, $intro_text, $before_form, $after_form, $maintemplate, $onsubmit, $show_mandatory) = DB_fetchArray($formquery);
// Check that template to be used exists - else use default
$templatefile = "{$_CONF['path_layout']}nexform/{$maintemplate}";
if (!file_exists($templatefile)) {
$maintemplate = 'defaultform.thtml';
COM_errorLog("nexform: Missing template {$templatefile}, using default. Form ID: {$formid}");
}
$page = new Template($_CONF['path_layout'] . 'nexform');
$page->set_file(array('page' => $maintemplate, 'javascript' => 'form_javascript.thtml', 'formcontent' => 'singleform_content.thtml', 'fieldsetbegin' => 'fieldset_begin.thtml', 'fieldsetend' => 'fieldset_end.thtml', 'printfieldsetbegin' => 'print_fieldset_begin.thtml', 'printfieldsetend' => 'print_fieldset_end.thtml', 'recstyle1' => 'recstyle1.thtml', 'recstyle2' => 'recstyle2.thtml', 'fieldstyle1' => 'fieldstyle1.thtml', 'fieldstyle1R' => 'fieldstyle1R.thtml', 'fieldstyle2' => 'fieldstyle2.thtml', 'fieldstyle2R' => 'fieldstyle2R.thtml', 'fieldstyle3' => 'fieldstyle3.thtml', 'fieldstyle3R' => 'fieldstyle3R.thtml', 'mfile_field' => 'mfile_field.thtml', 'fieldstyle5' => 'fieldstyle5.thtml', 'fieldstyle5R' => 'fieldstyle5R.thtml', 'captchafield' => 'captchafield.thtml', 'editor' => 'advanced_editor.thtml', 'mfilejs' => 'mfile_js.thtml', 'mfieldjs' => 'mfield_js.thtml', 'dselectjs' => 'dselect_js.thtml', 'fieldhelp' => 'field_help.thtml', 'submit_button' => 'submit_button.thtml'));
$page->set_var('form_name', "glform_{$formid}");
$page->set_var('site_url', $_CONF['site_url']);
$page->set_var('layout_url', $_CONF['layout_url']);
$page->set_var('public_url', $CONF_FE['public_url']);
$page->set_var('res_id', $resultid);
$page->set_var('form_id', $formid);
if ($_REQUEST['efpv'] == 1) {
$page->set_var('efpv', 1);
} else {
$page->set_var('efpv', 0);
}
// This may get reset in the function nexFlow_showFormFields() if dynamic select detects a pre-selected option
$page->set_var('setlists_onload', 'window.attachEvent("onload",initfilteredlist);');
if (isset($parms) and is_array($parms)) {
$hidden_fields = '';
foreach ($parms as $key => $value) {
$hidden_fields .= '<input type="hidden" name="' . $key . '" value="' . $value . '">';
}
$page->set_var('hidden_fields', $hidden_fields);
}
if ($resultid > 0) {
$groupEditAccess = DB_getItem($_TABLES['nxform_definitions'], 'perms_edit', "id='{$formid}'");
/* Need to add additional check for edit permissions for this form */
// The customActionURL is a future use field - UI is not saving it currently
//$customActionURL = DB_getItem($_TABLES['nxform_definitions'],'admin_url', "id='$formid'");
// if ($customActionURL == '' OR $post_method == 'posturl') {
$currentURL = COM_getCurrentURL();
if (strpos($currentURL, 'admin/plugins/nexform/report.php') > 0) {
$customActionURL = $_CONF['site_admin_url'] . '/plugins/nexform/report.php';
} elseif ($post_method == 'posturl') {
$customActionURL = $post_option;
}
if ($mode == 'edit') {
if ($customActionURL == '') {
$form_action = $_CONF['site_admin_url'] . '/plugins/nexform/report.php?op=update&id=' . $formid . '&result=' . $resultid;
$page->set_var('form_action', $form_action);
} else {
$customActionURL = str_replace('[siteurl]', $_CONF['site_url'], $customActionURL);
$customActionURL = str_replace('[siteadminurl]', $_CONF['site_admin_url'], $customActionURL);
$form_action = $customActionURL . '?op=update&formid=' . $formid . '&id=' . $resultid;
$page->set_var('form_action', $form_action);
$page->set_var('resultid', $resultid);
}
if ($parms['singleuse'] == 1) {
$page->set_var('autoclose', 'true');
} else {
$page->set_var('autoclose', '');
}
$page->set_var('onsubmit', '');
} else {
if ($customActionURL == '') {
$form_action = $_CONF['site_admin_url'] . '/plugins/nexform/report.php?id=' . $formid;
$page->set_var('form_action', $form_action);
} else {
$customActionURL = str_replace('[siteurl]', $_CONF['site_url'], $customActionURL);
$customActionURL = str_replace('[siteadminurl]', $_CONF['site_admin_url'], $customActionURL);
$form_action = $customActionURL . '?op=view&id=' . $formid . '&result=' . $resultid;
if ($mode != 'print') {
$page->set_var('form_action', $form_action);
}
$page->set_var('feShowSubmitButtons', 'none');
}
$page->set_var('onsubmit', '');
}
} elseif ($post_method == 'posturl') {
$form_action = str_replace('[siteurl]', $_CONF['site_url'], $post_option);
$page->set_var('form_action', $form_action);
$page->set_var('showadminmode', 'none');
// Hide the admin extra fields used when editing
if (!empty($onsubmit)) {
$onsubmit = $onsubmit;
}
$page->set_var('onsubmit', $onsubmit);
} else {
$form_action = $CONF_FE['post_url'] . '/index.php?id=' . $formid;
$page->set_var('form_action', $form_action);
if (!empty($onsubmit)) {
$onsubmit = $onsubmit;
}
$page->set_var('onsubmit', $onsubmit);
}
$page->set_var('form_handler', $post_method);
/* Now show any linked forms - recursively but compare to see we don't go in a loop */
$allforms = array();
if (trim($linkedforms) == '') {
// Assume all linked forms if null passed in
$allforms = nexform_getlinkedform($formid, $allforms, 'all');
} elseif ($linkedforms == 'none') {
$allforms[] = $formid;
} else {
$allforms = nexform_getlinkedform($formid, $allforms, $linkedforms);
}
/* Determine if more then 1 linked form has the tabbed feature enabled */
$formCntWithTabs = 0;
foreach ($allforms as $chkformID) {
if (DB_getItem($_TABLES['nxform_definitions'], 'show_as_tab', "id='{$chkformID}'")) {
$formCntWithTabs++;
}
}
$postmethod = '';
$tab_active = false;
$tabid = 0;
$i = 1;
$prediv_open = false;
$CONF_FE['dynamicSelect'] = false;
foreach ($allforms as $showform) {
$fquery = DB_query("SELECT id,name,show_as_tab,tab_label FROM {$_TABLES['nxform_definitions']} WHERE id={$showform}");
list($linkid, $formname, $taboption, $tablabel) = DB_fetchArray($fquery);
$groupAccess = DB_getItem($_TABLES['nxform_definitions'], 'perms_access', "id='{$linkid}'");
if (SEC_inGroup($groupAccess)) {
// Does user have access to this form
if (count($allforms) > 1 and $mode != 'print' and $formCntWithTabs > 1 and $taboption == 1 and !$tab_active) {
$tab_active = true;
$page->set_file(array('navbar' => 'form_tabnavbar.thtml', 'navtab' => 'tab.thtml', 'divbegin' => 'singleform_divbegin.thtml'));
$page->set_var('show_tab1', '');
}
$page->set_var('form_comment1', "<!-- **BEGIN** Form: {$formname} **** -->");
nexform_showFormFields($showform, $form_action, $page, $resultid, $mode, $i);
$page->set_var('toolbar', $CONF_FE['fckeditor_toolbar']);
$page->set_var('init_function_calls', $ta2init_function_calls);
$page->set_var('form_comment2', "<!-- **END** Form: {$formname} **** -->");
if (count($allforms) > 1 and $mode != 'print' and $taboption) {
$tabid++;
$page->set_var('tabid', $tabid);
$page->parse('div_begin', 'divbegin');
$page->set_var("show_tab{$tabid}", 'none');
$page->set_var('tab_class', $tabid == 1 ? 'navsubcurrent' : 'navsubmenu');
$page->set_var('tab_label', $tablabel == '' ? $formname : $tablabel);
$page->parse('tabs', 'navtab', true);
$page->parse('tab_navbar', 'navbar');
$nexformid = $allforms[$i];
/* Check if next form is also a tabbed form */
$nexformTabType = DB_getItem($_TABLES['nxform_definitions'], 'show_as_tab', "id='{$nexformid}'");
if ($nexformTabType == 1) {
$page->set_var('div_end', '</div>');
} else {
$page->set_var('div_end', '');
$prevdiv_open = true;
// Next form is not to be in a separate div
}
} elseif ($prevdiv_open) {
// May need to close previous div if tabbed form option was used
$page->set_var('div_begin', '');
$page->set_var('div_end', '</div>');
} else {
$page->set_var('div_begin', '');
$page->set_var('div_end', '');
}
$page->parse('form_contents', 'formcontent', true);
$page->parse('form_records', '');
$i++;
//Check if form has a field of type 'file' which needs a different posting method in the form HTML tag
//also have to check through child forms
$frms = array();
$frms = nexform_getdynamicforms($showform, $frms);
foreach ($frms as $frmid) {
$filequery = DB_query("SELECT * FROM {$_TABLES['nxform_fields']} WHERE formid='{$frmid}' AND (type = 'file' OR type='mfile')");
if (DB_fetchArray($filequery) != '') {
$postmethod = "\"post\" enctype=\"multipart/form-data\"";
$page->parse('mfile_js_functions', 'mfilejs');
}
$filequery = DB_query("SELECT * FROM {$_TABLES['nxform_fields']} WHERE formid='{$frmid}' AND (type = 'mtxt')");
if (DB_fetchArray($filequery) != '') {
$page->parse('mfield_js_functions', 'mfieldjs');
}
$filequery = DB_query("SELECT * FROM {$_TABLES['nxform_fields']} WHERE formid='{$frmid}' AND (type = 'textarea2')");
if (DB_fetchArray($filequery) != '') {
$page->parse('advancededitor', 'editor');
}
}
}
}
if ($postmethod == '') {
$page->set_var('method', '"post"');
} else {
$page->set_var('method', $postmethod);
}
$page->set_var('introtext', $intro_text);
if ($mode != 'print' and $show_mandatory and DB_count($_TABLES['nxform_fields'], array('formid', 'is_mandatory'), array($formid, '1')) > 1) {
$page->set_var('msg_mandatory', 'Note: * Indicates mandatory Field');
} else {
$page->set_var('msg_mandatory', '');
}
if ($CONF_FE['dynamicSelect']) {
$page->parse('dynamic_select_js', 'dselectjs');
} else {
$page->set_var('dynamic_select_js', '');
}
/* Check and see if Advanced Editor should be setup for textarea fields */
if ($mode != 'print') {
$page->set_var('formContainerClass', 'frm_maincontainer');
if ($resultid > 0) {
if ($mode == 'edit') {
$print_option = '<a href="#" onClick="document.glform_' . $formid . '.className=document.glform_';
$print_option .= $formid . '.action; document.glform_' . $formid . '.action=\'' . $CONF_FE['public_url'];
$print_option .= '/print.php?op=print&result=' . $resultid . '&epm=1&id=' . $formid;
$print_preview_option = '<a href="#" onClick="document.glform_' . $formid . '.className=document.glform_';
$print_preview_option .= $formid . '.action; document.glform_' . $formid . '.action=\'' . $CONF_FE['public_url'];
$print_preview_option .= '/print.php?op=print&style=preview&result=' . $resultid . '&epm=1&id=' . $formid;
} else {
$print_option = '<a href="#" onClick="document.glform_' . $formid . '.className=document.glform_';
$print_option .= $formid . '.action; document.glform_' . $formid . '.action=\'' . $CONF_FE['public_url'];
$print_option .= '/print.php?op=print&result=' . $resultid . '&id=' . $formid;
$print_preview_option = '<a href="#" onClick="document.glform_' . $formid . '.className=document.glform_';
$print_preview_option .= $formid . '.action; document.glform_' . $formid . '.action=\'';
$print_preview_option .= $CONF_FE['public_url'] . '/print.php?op=print&style=preview&result=' . $resultid . '&id=' . $formid;
}
$print_option .= '\'; document.glform_' . $formid . '.target=\'printwindow\'; document.glform_' . $formid;
$print_option .= '.submit();" onBlur="document.glform_' . $formid . '.action=document.glform_' . $formid;
$print_option .= 'action=document.glform_' . $formid . '.className; document.glform_' . $formid . '.target=\'\';">[print]</a>';
$print_preview_option .= '\'; document.glform_' . $formid . '.target=\'printwindow\'; document.glform_' . $formid;
$print_preview_option .= '.submit();" onBlur="document.glform_' . $formid . '.action=document.glform_' . $formid;
$print_preview_option .= '.className; document.glform_' . $formid . '.target=\'\';">[print preview]</a>';
if ($parms['noprint']) {
$page->set_var('print_option', '');
$page->set_var('print_preview_option', '');
} else {
$page->set_var('print_option', $print_option);
$page->set_var('print_preview_option', $print_preview_option);
}
} else {
$page->set_var('print_option', '');
$page->set_var('print_preview_option', '');
}
} elseif ($mode == 'print') {
if ($style != 'preview') {
$page->set_var('print_instructions', '<script type="text/javascript">
window.print();
setTimeout(\'window.close()\', 1000);
</script>');
}
}
if ($CONF_FE['dynamicSelect']) {
$page->parse('dynamic_select_js', 'dselectjs');
} else {
$page->set_var('dynamic_select_js', '');
}
$page->set_var('form_id', $formid);
$page->parse('javascript', 'javascript');
$page->parse('output', 'page');
if ($mode == 'edit' and $customActionURL == '') {
$page->set_var('editstatus_message', '<h2 id="feHeadingEditMode" style="margin:0px;padding:10 5 10 50px;">Edit Mode</h2>');
}
$formhtml .= $page->finish($page->get_var('output'));
} else {
$formhtml = '';
}
return $formhtml;
}
/**
* Send an email.
* All emails sent by Geeklog are sent through this function.
* NOTE: Please note that using CC: will expose the email addresses of
* all recipients. Use with care.
*
* @param string $to recipients name and email address
* @param string $subject subject of the email
* @param string $body the text of the email
* @param string $from (optional) sender of the the email
* @param bool $html (optional) true if to be sent as HTML email
* @param int $priority (optional) add X-Priority header, if > 0
* @param mixed $optional (optional) other headers or CC:
* @param array $attachments (optional) attachment files
* @return bool true if successful, otherwise false
*/
public static function send($to, $subject, $body, $from = '', $html = false, $priority = 0, $optional = null, array $attachments = array())
{
global $_CONF;
if (empty($to)) {
COM_errorLog("Invalid To address '{$to}' sent to COM_Mail.", 1);
return false;
}
// Remove new lines
$to = self::stripNewLine($to);
$from = self::stripNewLine($from);
$subject = self::stripNewLine($subject);
// Set up transport
switch ($_CONF['mail_settings']['backend']) {
case 'sendmail':
$arg = $_CONF['mail_settings']['sendmail_path'] . ' ' . $_CONF['mail_settings']['sendmail_args'];
$transport = \Swift_SendmailTransport::newInstance($arg);
break;
case 'smtp':
$transport = \Swift_SmtpTransport::newInstance($_CONF['mail_settings']['host'], $_CONF['mail_settings']['port']);
if (!empty($_CONF['mail_settings']['auth'])) {
$transport->setUsername($_CONF['mail_settings']['username']);
$transport->setPassword($_CONF['mail_settings']['password']);
}
break;
case 'mail':
default:
$transport = \Swift_MailTransport::newInstance();
break;
}
$mailer = \Swift_Mailer::newInstance($transport);
// Set up replacements
$decorator = new \Swift_Plugins_DecoratorPlugin(new MailReplacements());
$mailer->registerPlugin($decorator);
// Create a message
$message = \Swift_Message::newInstance();
if (!empty($_CONF['mail_charset'])) {
$message->setCharset($_CONF['mail_charset']);
} else {
$message->setCharset(COM_getCharset());
}
// Set subject
$message->setSubject($subject);
// Set from
if (empty($from)) {
$message->setFrom(array($_CONF['site_mail'] => $_CONF['site_name']));
} else {
$message->setFrom($from);
}
// Set to
try {
$message->setTo($to);
} catch (\Swift_RfcComplianceException $e) {
COM_errorLog(__METHOD__ . ': bad "to" ' . $to);
return false;
}
if ($optional != null && !is_array($optional)) {
$optional = self::stripNewLine($optional);
}
if ($optional != null && !is_array($optional) && !empty($optional)) {
// assume old (optional) CC: header
try {
$message->setCc($optional);
} catch (\Swift_RfcComplianceException $e) {
COM_errorLog(__METHOD__ . ': bad "Cc" ' . $optional);
return false;
}
}
// Set body
$message->setBody($body);
if ($html) {
$message->setContentType('text/html');
$message->addPart($body, 'text/plain');
} else {
$message->setContentType('text/plain');
}
// Set priority
if ($priority > 0) {
$message->setPriority($priority);
}
// Add additional headers
$headers = $message->getHeaders();
$headers->addTextHeader('X-Mailer', 'Geeklog ' . VERSION);
if (!empty($_SERVER['REMOTE_ADDR']) && !empty($_SERVER['SERVER_ADDR']) && $_SERVER['REMOTE_ADDR'] != $_SERVER['SERVER_ADDR']) {
$url = COM_getCurrentURL();
if (substr($url, 0, strlen($_CONF['site_admin_url'])) != $_CONF['site_admin_url']) {
$headers->addTextHeader('X-Originating-IP', $_SERVER['REMOTE_ADDR']);
}
}
if (is_array($optional) && count($optional) > 0) {
foreach ($optional as $h => $v) {
if (strcasecmp($h, 'Cc') === 0) {
try {
$message->setCc($v);
} catch (\Swift_RfcComplianceException $e) {
COM_errorLog(__METHOD__ . ': bad "Cc" ' . $v);
return false;
}
} elseif (strcasecmp($h, 'Bcc') === 0) {
try {
$message->setBcc($v);
} catch (\Swift_RfcComplianceException $e) {
COM_errorLog(__METHOD__ . ': bad "Bcc" ' . $v);
return false;
}
} else {
$headers->addTextHeader($h, $v);
}
}
}
// Set attachments
if (count($attachments) > 0) {
foreach ($attachments as $attachment) {
$message->attach(\Swift_Attachment::fromPath($attachment));
}
}
// Send a message
$numSent = $mailer->send($message, $failures);
if ($numSent != 1) {
COM_errorLog(__METHOD__ . ': failed to send an email to ' . @$failures[0]);
}
return $numSent == 1;
}
function getAdminMenu()
{
global $_SP_CONF, $_USER, $_TABLES, $LANG01, $LANG_MB01, $LANG_LOGO, $LANG_AM, $LANG_SOCIAL, $LANG29, $_CONF, $_DB_dbms, $_GROUPS, $config;
$item_array = array();
if (!COM_isAnonUser()) {
$plugin_options = PLG_getAdminOptions();
$num_plugins = count($plugin_options);
if (SEC_isModerator() or SEC_hasRights('story.edit,block.edit,topic.edit,user.edit,plugin.edit,user.mail,syndication.edit,social.admin', 'OR') or $num_plugins > 0) {
// what's our current URL?
$elementUrl = COM_getCurrentURL();
$topicsql = '';
if (SEC_isModerator() || SEC_hasRights('story.edit')) {
$tresult = DB_query("SELECT tid FROM {$_TABLES['topics']}" . COM_getPermSQL());
$trows = DB_numRows($tresult);
if ($trows > 0) {
$tids = array();
for ($i = 0; $i < $trows; $i++) {
$T = DB_fetchArray($tresult);
$tids[] = $T['tid'];
}
if (sizeof($tids) > 0) {
$topicsql = " (tid IN ('" . implode("','", $tids) . "'))";
}
}
}
$modnum = 0;
if (SEC_hasRights('story.edit,story.moderate', 'OR') || $_CONF['usersubmission'] == 1 && SEC_hasRights('user.edit,user.delete')) {
if (SEC_hasRights('story.moderate')) {
if (empty($topicsql)) {
$modnum += DB_count($_TABLES['storysubmission']);
} else {
$sresult = DB_query("SELECT COUNT(*) AS count FROM {$_TABLES['storysubmission']} WHERE" . $topicsql);
$S = DB_fetchArray($sresult);
$modnum += $S['count'];
}
}
if ($_CONF['listdraftstories'] == 1 && SEC_hasRights('story.edit')) {
$sql = "SELECT COUNT(*) AS count FROM {$_TABLES['stories']} WHERE (draft_flag = 1)";
if (!empty($topicsql)) {
$sql .= ' AND' . $topicsql;
}
$result = DB_query($sql . COM_getPermSQL('AND', 0, 3));
$A = DB_fetchArray($result);
$modnum += $A['count'];
}
if ($_CONF['usersubmission'] == 1) {
if (SEC_hasRights('user.edit') && SEC_hasRights('user.delete')) {
$modnum += DB_count($_TABLES['users'], 'status', '2');
}
}
}
// now handle submissions for plugins
$modnum += PLG_getSubmissionCount();
if (SEC_hasRights('story.edit')) {
$url = $_CONF['site_admin_url'] . '/story.php';
$label = $LANG01[11];
if (empty($topicsql)) {
$numstories = DB_count($_TABLES['stories']);
} else {
$nresult = DB_query("SELECT COUNT(*) AS count from {$_TABLES['stories']} WHERE" . $topicsql . COM_getPermSql('AND'));
$N = DB_fetchArray($nresult);
$numstories = $N['count'];
}
$label .= ' (' . COM_numberFormat($numstories) . ')';
$item_array[] = array('label' => $label, 'url' => $url);
}
if (SEC_hasRights('block.edit')) {
$result = DB_query("SELECT COUNT(*) AS count FROM {$_TABLES['blocks']}" . COM_getPermSql());
list($count) = DB_fetchArray($result);
$url = $_CONF['site_admin_url'] . '/block.php';
$label = $LANG01[12] . ' (' . COM_numberFormat($count) . ')';
$item_array[] = array('label' => $label, 'url' => $url);
}
if (SEC_hasRights('autotag.admin')) {
$url = $_CONF['site_admin_url'] . '/autotag.php';
$label = $LANG_AM['title'];
$item_array[] = array('label' => $label, 'url' => $url);
}
if (SEC_inGroup('Root')) {
$url = $_CONF['site_admin_url'] . '/clearctl.php';
$label = $LANG01['ctl'];
$item_array[] = array('label' => $label, 'url' => $url);
}
if (SEC_inGroup('Root')) {
$url = $_CONF['site_admin_url'] . '/menu.php';
$label = $LANG_MB01['menu_builder'];
$item_array[] = array('label' => $label, 'url' => $url);
}
if (SEC_inGroup('Root')) {
$url = $_CONF['site_admin_url'] . '/logo.php';
$label = $LANG_LOGO['logo_admin'];
$item_array[] = array('label' => $label, 'url' => $url);
}
if (SEC_hasRights('topic.edit')) {
$result = DB_query("SELECT COUNT(*) AS count FROM {$_TABLES['topics']}" . COM_getPermSql());
list($count) = DB_fetchArray($result);
$url = $_CONF['site_admin_url'] . '/topic.php';
$label = $LANG01[13] . ' (' . COM_numberFormat($count) . ')';
$item_array[] = array('label' => $label, 'url' => $url);
}
if (SEC_hasRights('user.edit')) {
$url = $_CONF['site_admin_url'] . '/user.php';
$label = $LANG01[17] . ' (' . COM_numberFormat(DB_count($_TABLES['users']) - 1) . ')';
$item_array[] = array('label' => $label, 'url' => $url);
}
if (SEC_hasRights('group.edit')) {
if (SEC_inGroup('Root')) {
$grpFilter = '';
} else {
$elementUsersGroups = SEC_getUserGroups();
$grpFilter = 'WHERE (grp_id IN (' . implode(',', $elementUsersGroups) . '))';
}
$result = DB_query("SELECT COUNT(*) AS count FROM {$_TABLES['groups']} {$grpFilter};");
$A = DB_fetchArray($result);
$url = $_CONF['site_admin_url'] . '/group.php';
$label = $LANG01[96] . ' (' . COM_numberFormat($A['count']) . ')';
$item_array[] = array('label' => $label, 'url' => $url);
}
if (SEC_hasRights('social.admin')) {
$url = $_CONF['site_admin_url'] . '/social.php';
$label = $LANG_SOCIAL['label'];
$item_array[] = array('label' => $label, 'url' => $url);
}
if (SEC_inGroup('Root')) {
$url = $_CONF['site_admin_url'] . '/envcheck.php';
$label = $LANG01['env_check'];
$item_array[] = array('label' => $label, 'url' => $url);
}
if (SEC_hasRights('user.mail')) {
$url = $_CONF['site_admin_url'] . '/mail.php';
$label = $LANG01[105] . ' (N/A)';
$item_array[] = array('label' => $label, 'url' => $url);
}
if ($_CONF['backend'] == 1 && SEC_hasRights('syndication.edit')) {
$url = $_CONF['site_admin_url'] . '/syndication.php';
$label = $LANG01[38] . ' (' . COM_numberFormat(DB_count($_TABLES['syndication'])) . ')';
$item_array[] = array('label' => $label, 'url' => $url);
}
if (($_CONF['trackback_enabled'] || $_CONF['pingback_enabled'] || $_CONF['ping_enabled']) && SEC_hasRights('story.ping')) {
$url = $_CONF['site_admin_url'] . '/trackback.php';
$label = $LANG01[116] . ' (' . COM_numberFormat(DB_count($_TABLES['pingservice'])) . ')';
$item_array[] = array('label' => $label, 'url' => $url);
}
if (SEC_hasRights('plugin.edit')) {
$url = $_CONF['site_admin_url'] . '/plugins.php';
$label = $LANG01[77] . ' (' . COM_numberFormat(DB_count($_TABLES['plugins'])) . ')';
$item_array[] = array('label' => $label, 'url' => $url);
}
if (SEC_inGroup('Root')) {
$url = $_CONF['site_admin_url'] . '/configuration.php';
$label = $LANG01[129] . ' (' . COM_numberFormat(count($config->_get_groups())) . ')';
$item_array[] = array('label' => $label, 'url' => $url);
}
// This will show the admin options for all installed plugins (if any)
for ($i = 0; $i < $num_plugins; $i++) {
$plg = current($plugin_options);
$url = $plg->adminurl;
$label = $plg->adminlabel;
if (empty($plg->numsubmissions)) {
$label .= '';
} else {
$label .= ' (' . COM_numberFormat($plg->numsubmissions) . ')';
}
$item_array[] = array('label' => $label, 'url' => $url);
next($plugin_options);
}
if (SEC_inGroup('Root')) {
$url = $_CONF['site_admin_url'] . '/database.php';
$label = $LANG01[103] . '';
$item_array[] = array('label' => $label, 'url' => $url);
}
if (SEC_inGroup('Root')) {
$url = $_CONF['site_admin_url'] . '/logview.php';
$label = $LANG01['logview'] . '';
$item_array[] = array('label' => $label, 'url' => $url);
}
if ($_CONF['link_documentation'] == 1) {
$doclang = COM_getLanguageName();
if (@file_exists($_CONF['path_html'] . 'docs/' . $doclang . '/index.html')) {
$docUrl = $_CONF['site_url'] . '/docs/' . $doclang . '/index.html';
} else {
$docUrl = $_CONF['site_url'] . '/docs/english/index.html';
}
$url = $docUrl;
$label = $LANG01[113] . '';
$item_array[] = array('label' => $label, 'url' => $url);
}
if (SEC_inGroup('Root')) {
$url = $_CONF['site_admin_url'] . '/vercheck.php';
$label = $LANG01[107] . ' (' . GVERSION . PATCHLEVEL . ')';
$item_array[] = array('label' => $label, 'url' => $url);
}
if (SEC_isModerator()) {
$url = $_CONF['site_admin_url'] . '/moderation.php';
$label = $LANG01[10] . ' (' . COM_numberFormat($modnum) . ')';
$item_array[] = array('label' => $label, 'url' => $url);
}
if ($_CONF['sort_admin']) {
usort($item_array, '_mb_cmp');
}
$url = $_CONF['site_admin_url'] . '/index.php';
$label = $LANG29[34];
$cc_item = array('label' => $LANG29[34], 'url' => $url);
$item_array = array_merge(array($cc_item), $item_array);
}
}
return $item_array;
}
private function _renderMenuItems($pid = 0)
{
global $_CONF, $_TABLES, $_USER, $_BLOCK_TEMPLATE;
foreach ($this->_menuitems as $menuitem) {
if ($this->_multiLangMode) {
$label = $this->getMenuLabel($menuitem['id']);
} else {
$label = $menuitem['label'];
}
$target = $menuitem['type'] == 2 ? 'target=newWindow;' . $this->_targetFeatures : '';
$menuitemImage = trim($menuitem['image']);
if ($menuitemImage != '') {
// Check and see if the full url is entered
if (strpos($menuitemImage, 'http') === false) {
$menuitemImage = $_CONF['site_url'] . '/nexmenu/menuimages/' . $menuitemImage;
}
}
if ($i == $this->_menuitemCount) {
$lastitem = true;
} else {
$lastitem = false;
}
// Check and see if this item is a submenu
if ($menuitem['type'] == 3) {
// Type Submenu
$url = str_replace('[siteurl]', $_CONF['site_url'], $menuitem['url']);
$url = str_replace('[siteadminurl]', $_CONF['site_admin_url'], $url);
if ($this->_type == 'header') {
$menuitemimagecss = 'headermenuitemimage';
} else {
$menuitemimagecss = 'blocksubmenuitemimage';
}
$t = new Template($_CONF['path_layout'] . 'nexmenu/procssmenu');
if ($pid == 0) {
if ($this->_type == 'header') {
$t->set_file('menu', 'headersubmenu.thtml');
} else {
$t->set_file('menu', 'submenu.thtml');
}
$t->set_var('menuitem_url', $url);
if ($menuitemImage != '') {
$image = '<img src="' . $menuitemImage . '" border="0"> ';
$label = "{$image}<span id=\"{$menuitemimagecss}\">{$label}</span>";
$t->set_var('menuitem_label', $label);
} else {
$t->set_var('menuitem_label', $label);
}
if ($pid == 0) {
$t->set_var('imgclass', 'drop');
} else {
$t->set_var('imgclass', 'fly');
}
if ($i == $this->_menuitemCount) {
$t->set_var('lastitemclass', 'class="enclose"');
}
} else {
$t->set_file('menu', 'flysubmenu.thtml');
$t->set_var('menuitem_url', $url);
$t->set_var('menuitem_label', $label);
}
parent::initMenuItems($menuitem['id']);
$t->set_var('submenu_items', $this->_renderMenuItems($menuitem['id']));
$t->parse('output', 'menu');
$retval .= $t->finish($t->get_var('output'));
} elseif ($menuitem['type'] == 4) {
// Core Menu
switch ($menuitem['url']) {
case "adminmenu":
if ($_USER['uid'] > 1) {
$_BLOCK_TEMPLATE['admin_block'] = 'nexmenu/procssmenu/blank.thtml,nexmenu/procssmenu/blank.thtml';
$_BLOCK_TEMPLATE['adminoption'] = 'nexmenu/procssmenu/menuitem.thtml,nexmenu/procssmenu/menuitem_on.thtml';
$plugin_options .= PLG_getAdminOptions();
$nrows = count($plugin_options);
if (SEC_isModerator() or $nrows > 0 or SEC_hasrights('story.edit,block.edit,topic.edit,link.edit,event.edit,poll.edit,user.edit,plugin.edit,user.mail', 'OR')) {
$retval .= COM_adminMenu();
}
}
break;
case "usermenu":
if ($_USER['uid'] > 1) {
$_BLOCK_TEMPLATE['user_block'] = 'nexmenu/procssmenu/blank.thtml,nexmenu/procssmenu/blank.thtml';
$_BLOCK_TEMPLATE['useroption'] = 'nexmenu/procssmenu/menuitem.thtml,nexmenu/procssmenu/menuitem_on.thtml';
$retval .= COM_userMenu();
}
break;
case "topicmenu":
$_BLOCK_TEMPLATE['topicoption'] = 'nexmenu/procssmenu/menuitem2.thtml,nexmenu/procssmenu/menuitem2_on.thtml';
$retval .= COM_showTopics('', " sortnum < '{$CONF_NEXMENU['restricted_topics']}'");
break;
case "linksmenu":
if ($this->_linksPlugin) {
$retval .= nexmenu_showlinks($pid, $this->_type, 'site', $numcategories, 0, $lastitem);
}
break;
case "spmenu":
if ($this->_staticpagesPlugin) {
if ($CONF_NEXMENU['sp_labelonly']) {
$sql = "SELECT sp_id,sp_title,sp_label FROM {$_TABLES['staticpage']} WHERE sp_onmenu=1 ";
$sql .= COM_getPermSql('AND');
$sql .= 'ORDER BY sp_title';
$spquery = DB_query($sql);
} else {
$sql = "SELECT sp_id,sp_title,sp_label FROM {$_TABLES['staticpage']} ";
$sql .= COM_getPermSql('WHERE');
$sql .= 'ORDER BY sp_title';
$spquery = DB_query($sql);
}
while (list($id, $title, $sp_label) = DB_fetchArray($spquery)) {
if (trim($sp_label) == '') {
$label = $title;
} else {
$label = $sp_label;
}
$url = "{$_CONF['site_url']}/staticpages/index.php?page={$id}";
$retval .= "<li><a href=\"{$url}\" {$target}>{$label}</a></li>" . LB;
}
}
break;
case "pluginmenu":
$result = DB_query("SELECT pi_name FROM {$_TABLES['plugins']} WHERE pi_enabled = 1");
$nrows = DB_numRows($result);
$menu = array();
for ($i = 1; $i <= $nrows; $i++) {
$A = DB_fetchArray($result);
$function = 'plugin_getmenuitems_' . $A['pi_name'];
if (function_exists($function)) {
$menuitems = $function();
if (is_array($menuitems) and count($menuitems) > 0) {
foreach ($menuitems as $plugin_label => $plugin_link) {
if ($pid == 0) {
$retval .= "<li class=\"top\"><a class=\"top_link\" href=\"{$plugin_link}\" {$target}><span>{$plugin_label}</span></a></li>" . LB;
} else {
$retval .= "<li><a href=\"{$plugin_link}\" {$target}><span>{$plugin_label}</span></a></li>" . LB;
}
}
}
}
}
break;
case "headermenu":
$t = new Template($_CONF['path_layout'] . 'nexmenu/procssmenu');
$t->set_file(array('menu' => 'siteheader_menuitems.thtml', 'menuitem' => 'headermenu_item.thtml', 'menuitem_last' => 'headermenu_item.thtml'));
$plugin_menu = PLG_getMenuItems();
COM_renderMenu($t, $plugin_menu);
$t->parse('output', 'menu');
$retval .= $t->finish($t->get_var('output'));
break;
}
// End of menutype == 4 (Core Menu)
} elseif ($menuitem['type'] == 5) {
if (function_exists($menuitem['url'])) {
/* Pass the type of menu to custom php function */
$retval .= $menuitem['url']($this->_type);
}
} else {
$url = str_replace('[siteurl]', $_CONF['site_url'], $menuitem['url']);
$url = str_replace('[siteadminurl]', $_CONF['site_admin_url'], $url);
// what's our current URL?
$thisUrl = COM_getCurrentURL();
if ($menuitemImage != '') {
if ($this->_type == 'header') {
$menuitemimagecss = 'headermenuitemimage';
} else {
$menuitemimagecss = 'blockmenuitemimage';
}
$image = '<img src="' . $menuitemImage . '" border="0"> ';
if ($i == 1 and $pid > 0) {
$retval .= "<li><a href=\"{$url}\" {$target} class=\"enclose\">{$image}<span id=\"{$menuitemimagecss}\">{$label}</span></a></li>" . LB;
} elseif ($i == $menurows and $pid == 0) {
$retval .= "<li><a href=\"{$url}\" {$target} class=\"enclose\">{$image}<span id=\"{$menuitemimagecss}\">{$label}</span></a></li>" . LB;
} elseif ($url == $thisUrl) {
$retval .= "<li id=\"menuitem_current\"><a href=\"{$url}\" {$target}>{$image}<span id=\"{$menuitemimagecss}\">{$label}</span></a></li>" . LB;
} else {
$retval .= "<li><a href=\"{$url}\" {$target}>{$image}<span id=\"{$menuitemimagecss}\">{$label}</span></a></li>" . LB;
}
} else {
if ($pid == 0) {
$retval .= "<li class=\"top\"><a class=\"top_link\" href=\"{$url}\" {$target}><span>{$label}</span></a></li>" . LB;
} else {
$retval .= "<li><a href=\"{$url}\" {$target}><span>{$label}</span></a></li>" . LB;
}
}
}
$i++;
}
// Restore Template Setting
$_BLOCK_TEMPLATE = $this->_currentBlockTemplate;
return $retval;
}
/**
* Include any code in this function to add custom template variables.
*
* Called from within Geeklog for:
* - 'header' (site header)
* - 'footer' (site footer)
* - 'storytext', 'featuredstorytext', 'archivestorytext' (story templates)
* - 'story' (story submission)
* - 'comment' (comment submission form)
* - 'registration' (user registration form)
* - 'contact' (email user form)
* - 'emailstory' (email story to a friend)
* - 'loginblock' (login form in the side bar)
* - 'loginform' (login form in the content area)
* - 'search' (advanced search form; simple search is usually part of 'header')
*
* This function is called whenever PLG_templateSetVars is called, i.e. in
* addition to the templates listed here, it may also be called from plugins.
*
* @param string $templatename name of the template, e.g. 'header'
* @param ref &$template reference to the template
* @return void
* @see PLG_templateSetVars
*
*/
function CUSTOM_templateSetVars($templatename, &$template)
{
// define a {hello_world} variable available in header.thtml and
// a {hello_again} variable available in the story templates
global $_CONF, $_PLUGINS, $_USER, $LANG01, $LANG_JPN, $page, $topic;
switch ($templatename) {
case 'header':
// User Agent: 'custom_class', 'custom_os', 'custom_browser', 'custom_version', 'custom_alias', 'custom_mobile'
$ua = Useragent::getInstance();
$ua->setTemplateVars($template);
$template->set_var('hello_world', 'Hello, world!');
// 話題ID:topic_id
$template->set_var('topic_id', $topic);
// 静的ページID:sp_id
$pageurl = COM_getCurrentURL();
if (strpos($pageurl, "staticpages")) {
$template->set_var('sp_id', $page);
}
// HOME状態:home_id ('home','sub')
if (COM_isFrontpage()) {
$home_id = 'sub';
} else {
$home_id = 'home';
}
$template->set_var('home_id', $home_id);
// ログインしている時
if (COM_isAnonUser()) {
$login_status = 'guest';
$prof_url_jp = "{$_CONF['site_url']}/";
} else {
$login_status = 'member';
$prof_url_jp = "{$_CONF['site_url']}/users.php?mode=profile&uid={$_USER['uid']}";
}
// ログイン状態:login_status ('member','guest')
$template->set_var('login_status', $login_status);
// プロフィールのURL:prof_url_jp
$template->set_var('prof_url_jp', $prof_url_jp);
break;
case 'storytext':
case 'featuredstorytext':
case 'archivestorytext':
$template->set_var('hello_again', 'Hello (again)!');
break;
}
// Sets the name of the current plugin as {plugin_name}
$pluginFound = FALSE;
if (isset($_PLUGINS) and count($_PLUGINS) > 0) {
$pattern = '|^' . preg_quote($_CONF['site_url'], '|') . '/(?:admin/plugins/)?(.+?)/|';
if (preg_match($pattern, COM_getCurrentURL(), $match)) {
foreach ($_PLUGINS as $plugin) {
if (strcasecmp($plugin, $match[1]) === 0) {
$template->set_var('plugin_name', $plugin);
$pluginFound = TRUE;
break;
}
}
}
}
if ($pluginFound === FALSE) {
$template->set_var('plugin_name', '');
}
}
/**
* Generate a security token.
* This generates and stores a one time security token. Security tokens are
* added to forms and urls in the admin section as a non-cookie double-check
* that the admin user really wanted to do that...
*
* @param int $ttl Time to live for token in seconds. Default is 20 minutes.
* @return string Generated token, it'll be an MD5 hash (32chars)
* @see SEC_checkToken
*/
function SEC_createToken($ttl = 1200)
{
global $_TABLES, $_USER;
static $last_token;
if (isset($last_token)) {
return $last_token;
}
$uid = isset($_USER['uid']) ? $_USER['uid'] : 1;
/* Figure out the full url to the current page */
$pageURL = COM_getCurrentURL();
/* Generate the token */
$token = md5($uid . $pageURL . uniqid(rand(), 1));
$pageURL = DB_escapeString($pageURL);
/* Destroy exired tokens: */
$sql['mysql'] = "DELETE FROM {$_TABLES['tokens']} WHERE (DATE_ADD(created, INTERVAL ttl SECOND) < NOW())" . " AND (ttl > 0)";
$sql['pgsql'] = "DELETE FROM {$_TABLES['tokens']} WHERE ROUND(EXTRACT(EPOCH FROM ABSTIME(created)))::int4 + (SELECT ttl from {$_TABLES['tokens']} LIMIT 1) < ROUND(EXTRACT(EPOCH FROM ABSTIME(NOW())))::int4" . " AND (ttl > 0)";
DB_query($sql);
/* Destroy tokens for this user/url combination. Since annonymous user share same id do not delete */
if ($uid != 1) {
$sql = "DELETE FROM {$_TABLES['tokens']} WHERE owner_id = '{$uid}' AND urlfor= '{$pageURL}'";
DB_query($sql);
}
/* Create a token for this user/url combination */
/* NOTE: TTL mapping for PageURL not yet implemented */
$sql = "INSERT INTO {$_TABLES['tokens']} (token, created, owner_id, urlfor, ttl) " . "VALUES ('{$token}', NOW(), {$uid}, '{$pageURL}', {$ttl})";
DB_query($sql);
$last_token = $token;
/* And return the token to the user */
return $token;
}
/**
* Provides a PHP function to be used in blocks
*/
function phpblock_themetester()
{
global $_CONF, $_PLUGINS, $_TABLES, $_USER;
$retval = '';
if (!defined('XHTML')) {
define('XHTML', '');
}
if (!defined('LB')) {
define('LB', "\n");
}
// Users are not allowed to change the theme or the user is accessing with
// a mobile phone
if ($_CONF['allow_user_themes'] == 0 or THEMETESTER_isMobile() === TRUE) {
return $retval;
}
$installed_themes = THEMETESTER_getThemes();
if (count($installed_themes) <= 1) {
// No choice
return $retval;
}
if (isset($_POST['themetester_theme'])) {
$theme = COM_applyFilter($_POST['themetester_theme']);
} else {
$theme = '';
}
// Gets the current theme
if (isset($_USER['uid']) and $_USER['uid'] > 1) {
// Logged-in user
$current_theme = DB_getItem($_TABLES['users'], 'theme', "(uid = '" . addslashes($_USER['uid']) . "')");
} else {
// Anon
if (isset($_COOKIE[$_CONF['cookie_theme']])) {
$current_theme = COM_applyFilter($_COOKIE[$_CONF['cookie_theme']]);
}
}
if ($current_theme == '') {
$current_theme = $_CONF['theme'];
}
// Gets the current URL and XSS-clean it
$url = COM_getCurrentURL();
$url = THEMETESTER_cleanUrl($url);
if (empty($url)) {
$url = $_CONF['site_url'];
}
$url = THEMETESTER_escape($url);
// The theme was changed
if (!empty($theme) and $theme != $current_theme and in_array($theme, $installed_themes)) {
// In case of a registered user, we save the change into DB
if (isset($_USER['uid']) and $_USER['uid'] > 1) {
$sql = "UPDATE {$_TABLES['users']} " . "SET theme='" . addslashes($theme) . "' " . "WHERE (uid = '" . addslashes($_USER['uid']) . "')";
DB_query($sql);
}
// If possible, we save the new theme into cookie and refresh
if (!headers_sent()) {
setcookie($_CONF['cookie_theme'], THEMETESTER_escape($theme), time() + 3600 * 24 * 365, $_CONF['cookie_path'], $_CONF['cookiedomain'], $_CONF['cookiesecure']);
// Redirects to the current page
header('Location: ' . $url);
exit;
// In reality, this is unnecessary
}
}
// Displays a form in which users change the theme
$retval .= '<div id="themetester">' . LB . ' <form action="' . $url . '" method="post">' . LB . ' <select name="themetester_theme" onchange="this.form.submit()">' . LB;
foreach ($installed_themes as $theme) {
$retval .= ' <option value="' . THEMETESTER_escape($theme) . '"';
if ($theme == $current_theme) {
$retval .= ' selected="selected"';
}
$retval .= '>' . THEMETESTER_escape($theme) . '</option>' . LB;
}
$retval .= ' </select>' . LB . ' <noscript>' . LB . ' <input name="submit" type="submit" value="選択"' . XHTML . '>' . LB . ' </noscript>' . LB . ' </form>' . LB . '</div>' . LB;
return $retval;
}