Example #1
0
 function show($e_code, $pages = 1)
 {
     global $_CONF;
     $errmsg = array("0001" => "Could not connect to the forums database.", "0002" => "The forum you selected does not exist. Please go back and try again.", "0003" => "Password Incorrect.", "0004" => "Could not query the topics database.", "0005" => "Error getting messages from the database.", "0006" => "Please enter the Nickname and the Password.", "0007" => "You are not the Moderator of this forum therefore you can't perform this function.", "0008" => "You did not enter the correct password, please go back and try again.", "0009" => "Could not remove posts from the database.", "0010" => "Could not move selected topic to selected forum. Please go back and try again.", "0011" => "Could not lock the selected topic. Please go back and try again.", "0012" => "Could not unlock the selected topic. Please go back and try again.", "0013" => "Could not query the database. <BR>Error: " . DB_error() . "", "0014" => "No such user or post in the database.", "0015" => "Search Engine was unable to query the forums database.", "0016" => "That user does not exist. Please go back and search again.", "0017" => "You must type a subject to post. You can't post an empty subject. Go back and enter the subject", "0018" => "You must choose message icon to post. Go back and choose message icon.", "0019" => "You must type a message to post. You can't post an empty message. Go back and enter a message.", "0020" => "Could not enter data into the database. Please go back and try again.", "0021" => "Can't delete the selected message.", "0022" => "An error ocurred while querying the database.", "0023" => "Selected message was not found in the forum database.", "0024" => "You can't reply to that message. It wasn't sent to you.", "0025" => "You can't post a reply to this topic, it has been locked. Contact the administrator if you have any question.", "0026" => "The forum or topic you are attempting to post to does not exist. Please try again.", "0027" => "You must enter your username and password. Go back and do so.", "0028" => "You have entered an incorrect password. Go back and try again.", "0029" => "Couldn't update post count.", "0030" => "The forum you are attempting to post to does not exist. Please try again.", "0031" => "Unknown Error", "0035" => "You can't edit a post that's not yours.", "0036" => "You do not have permission to edit this post.", "0037" => "You did not supply the correct password or do not have permission to edit this post. Please go back and try again.", "1001" => "Please enter value for Title.", "1002" => "Please enter value for Phone.", "1003" => "Please enter value for Summary.", "1004" => "Please enter value for Address.", "1005" => "Please enter value for City.", "1006" => "Please enter value for State/Province.", "1007" => "Please enter value for Zipcode.", "1008" => "Please enter value for Description.", "1009" => "Vote for the selected resource only once.<br>All votes are logged and reviewed.", "1010" => "You cannot vote on the resource you submitted.<br>All votes are logged and reviewed.", "1011" => "No rating selected - no vote tallied.", "1013" => "Please enter a search query.", "1016" => "Please enter value for Filename.", "1017" => "The file was not uploaded - reported filesize of 0 bytes.", "1101" => "Upload approval Error: The temporary file was not found. Check error.log", "1102" => "Upload submit Error: The temporary filestore file was not created. Check error.log", "1103" => "The download info you provided is already in the database!", "1104" => "The download info was not complete - Need to enter a title for the new file", "1105" => "The download info was not complete - Need to enter a description for the new file", "1106" => "Upload Add Error: The new file was not created. Check error.log", "1107" => "Upload Add Error: The temporary file was not found. Check error.log", "1108" => "Duplicate file - already existing in filestore", "1109" => "File type not allowed", "1110" => "You must define and select a category for the uploaded file", "9999" => "Unknown Error");
     // determine the destination of this request
     $destination = COM_getCurrentURL();
     // validate the destination is not blank and is part of our site...
     if ($destination == '') {
         $destination = $_CONF['site_url'] . '/filemgmt/index.php';
     }
     if (substr($destination, 0, strlen($_CONF['site_url'])) != $_CONF['site_url']) {
         $destination = $_CONF['site_url'] . '/filemgmt/index.php';
     }
     $errorno = array_keys($errmsg);
     if (!in_array($e_code, $errorno)) {
         $e_code = '9999';
     }
     include_once $_CONF['path'] . 'plugins/filemgmt/include/header.php';
     $display = COM_siteHeader('menu');
     $display .= '<table width="100%" class="plugin" border="0" cellspacing="0" cellpadding="1">';
     $display .= '<tr><td class="pluginAlert" style="text-align:right;padding:5px;">File Management Plugin</td>';
     $display .= "<td class=\"pluginAlert\" width=\"50%\" style=\"padding:5px 0px 5px 10px;\">Error Code: {$e_code}</td></tr>";
     $display .= "<tr><td colspan=\"2\" class=\"pluginInfo\"><b>ERROR:</b> {$errmsg[$e_code]}</td></tr>";
     $display .= '<tr><td colspan="2" class="pluginInfo" style="text-align:center;padding:10px;">';
     $display .= '[ <a href="' . $destination . '">Go Back</a> ]</td></tr></table>';
     $display .= COM_siteFooter();
     echo $display;
     die("");
 }
 /**
  * Execute
  *
  * @param  string $comment
  * @return int
  */
 public function execute($comment)
 {
     global $result, $_CONF, $_TABLES, $LANG_SX00, $_USER;
     $url = COM_getCurrentURL();
     if (strpos($url, 'usersettings.php') !== false) {
         $this->result = PLG_SPAM_ACTION_DELETE;
         DB_change($_TABLES['users'], 'status', USER_ACCOUNT_DISABLED, 'uid', $_USER['uid']);
         SPAMX_log("User {$_USER['username']} banned for profile spam.");
     }
     return 1;
 }
Example #3
0
/**
* Check a security token.
*
* Checks the POST and GET data for a security token, if one exists, validates
* that it's for this user and URL. If the token is not valid, it asks the user
* to re-authenticate and resends the request if authentication was successful.
*
* @return   boolean     true if the token is valid; does not return if not!
*
*/
function SEC_checkToken()
{
    global $_CONF, $LANG20, $LANG_ADMIN;
    if (_sec_checkToken()) {
        SEC_createToken(-1);
        return true;
    }
    // determine the destination of this request
    $destination = COM_getCurrentURL();
    // validate the destination is not blank and is part of our site...
    if ($destination == '') {
        $destination = $_CONF['site_url'] . '/index.php';
    }
    if (substr($destination, 0, strlen($_CONF['site_url'])) != $_CONF['site_url']) {
        $destination = $_CONF['site_url'] . '/index.php';
    }
    $method = strtoupper($_SERVER['REQUEST_METHOD']) == 'GET' ? 'GET' : 'POST';
    $postdata = serialize($_POST);
    $getdata = serialize($_GET);
    $filedata = '';
    if (!empty($_FILES)) {
        foreach ($_FILES as $key => $file) {
            if (is_array($file['name'])) {
                foreach ($file['name'] as $offset => $filename) {
                    if (!empty($file['name'][$offset])) {
                        $filename = basename($file['tmp_name'][$offset]);
                        move_uploaded_file($file['tmp_name'][$offset], $_CONF['path_data'] . 'temp/' . $filename);
                        $_FILES[$key]['tmp_name'][$offset] = $filename;
                    }
                }
            } else {
                if (!empty($file['name']) && !empty($file['tmp_name'])) {
                    $filename = basename($file['tmp_name']);
                    move_uploaded_file($file['tmp_name'], $_CONF['path_data'] . 'temp/' . $filename);
                    $_FILES[$key]['tmp_name'] = $filename;
                }
            }
        }
        $filedata = serialize($_FILES);
    }
    SESS_setVar('glfusion.auth.method', $method);
    SESS_setVar('glfusion.auth.dest', $destination);
    SESS_setVar('glfusion.auth.post', $postdata);
    SESS_setVar('glfusion.auth.get', $getdata);
    if (!empty($filedata)) {
        SESS_setVar('glfusion.auth.file', $filedata);
    }
    $display = COM_siteHeader();
    $display .= SEC_tokenreauthForm('', $destination);
    $display .= COM_siteFooter();
    echo $display;
    exit;
}
Example #4
0
/**
* Send an email.
*
* All emails sent by Geeklog are sent through this function.
*
* NOTE: Please note that using CC: will expose the email addresses of
*       all recipients. Use with care.
*
* @param    string      $to         recipients name and email address
* @param    string      $subject    subject of the email
* @param    string      $message    the text of the email
* @param    string      $from       (optional) sender of the the email
* @param    boolean     $html       (optional) true if to be sent as HTML email
* @param    int         $priority   (optional) add X-Priority header, if > 0
* @param    mixed       $optional   (optional) other headers or CC:
* @return   boolean                 true if successful,  otherwise false
*
*/
function COM_mail($to, $subject, $message, $from = '', $html = false, $priority = 0, $optional = null)
{
    global $_CONF;
    static $mailobj;
    if (empty($from)) {
        $from = COM_formatEmailAddress($_CONF['site_name'], $_CONF['site_mail']);
    }
    $to = substr($to, 0, strcspn($to, "\r\n"));
    if ($optional != null && !is_array($optional)) {
        $optional = substr($optional, 0, strcspn($optional, "\r\n"));
    }
    $from = substr($from, 0, strcspn($from, "\r\n"));
    $subject = substr($subject, 0, strcspn($subject, "\r\n"));
    $subject = COM_emailEscape($subject);
    if (function_exists('CUSTOM_mail')) {
        return CUSTOM_mail($to, $subject, $message, $from, $html, $priority, $optional);
    }
    include_once 'Mail.php';
    include_once 'Mail/RFC822.php';
    $method = $_CONF['mail_settings']['backend'];
    if (!isset($mailobj)) {
        if ($method == 'sendmail' || $method == 'smtp') {
            $mailobj =& Mail::factory($method, $_CONF['mail_settings']);
        } else {
            $method = 'mail';
            $mailobj =& Mail::factory($method);
        }
    }
    $charset = COM_getCharset();
    $headers = array();
    $headers['From'] = $from;
    if ($method != 'mail') {
        $headers['To'] = $to;
    }
    if ($optional != null && !is_array($optional) && !empty($optional)) {
        // assume old (optional) CC: header
        $headers['Cc'] = $optional;
    }
    $headers['Date'] = date('r');
    // RFC822 formatted date
    if ($method == 'smtp') {
        list($usec, $sec) = explode(' ', microtime());
        $m = substr($usec, 2, 5);
        $headers['Message-Id'] = '<' . date('YmdHis') . '.' . $m . '@' . $_CONF['mail_settings']['host'] . '>';
    }
    if ($html) {
        $headers['Content-Type'] = 'text/html; charset=' . $charset;
        $headers['Content-Transfer-Encoding'] = '8bit';
    } else {
        $headers['Content-Type'] = 'text/plain; charset=' . $charset;
    }
    $headers['Subject'] = $subject;
    if ($priority > 0) {
        $headers['X-Priority'] = $priority;
    }
    $headers['X-Mailer'] = 'Geeklog ' . VERSION;
    if (!empty($_SERVER['REMOTE_ADDR']) && !empty($_SERVER['SERVER_ADDR']) && $_SERVER['REMOTE_ADDR'] != $_SERVER['SERVER_ADDR']) {
        $url = COM_getCurrentURL();
        if (substr($url, 0, strlen($_CONF['site_admin_url'])) != $_CONF['site_admin_url']) {
            $headers['X-Originating-IP'] = $_SERVER['REMOTE_ADDR'];
        }
    }
    // add optional headers last
    if ($optional != null && is_array($optional)) {
        foreach ($optional as $h => $v) {
            $headers[$h] = $v;
        }
    }
    $retval = $mailobj->send($to, $headers, $message);
    if ($retval !== true) {
        COM_errorLog($retval->toString(), 1);
    }
    return $retval === true ? true : false;
}
Example #5
0
/**
 * Display a 404 not found error message
 *
 * @param    string    $alternate_url  Point the user to another location
 */
function COM_handle404($alternate_url = '')
{
    global $_CONF, $_USER, $LANG_404;
    if (function_exists('CUSTOM_handle404')) {
        CUSTOM_handle404($alternate_url);
        exit;
    }
    // send 404 in any case
    header('HTTP/1.1 404 Not Found');
    header('Status: 404 Not Found');
    // Add log stuff
    $url = COM_getCurrentURL();
    if (isset($_USER['uid'])) {
        $byuser = $_USER['uid'] . '@' . $_SERVER['REMOTE_ADDR'];
    } else {
        $byuser = '******' . $_SERVER['REMOTE_ADDR'];
    }
    $refurl = $_SERVER['HTTP_REFERER'];
    $timestamp = @strftime('%c');
    $logentry = "404 Error generated by {$byuser} for url: {$url}";
    if (!empty($refurl)) {
        $logentry .= " - Referring url: {$refurl}";
    }
    $logentry = str_replace(array('<?', '?>'), array('(@', '@)'), $logentry);
    $logfile = $_CONF['path_log'] . '404.log';
    if ($file = fopen($logfile, 'a')) {
        fputs($file, "{$timestamp} - {$logentry} \n");
    }
    $display = COM_startBlock($LANG_404[1]);
    $display .= sprintf($LANG_404[2], $url);
    if ($alternate_url != '') {
        $display .= sprintf($LANG_404[4], $alternate_url);
    } else {
        $display .= $LANG_404[3];
    }
    $display .= COM_endBlock();
    $display = COM_createHTMLDocument($display, array('pagetitle' => $LANG_404[1]));
    COM_output($display);
    exit;
    // Do not want to go any further
}
Example #6
0
 private function _renderMenuItems()
 {
     global $_CONF, $_TABLES, $_USER, $_BLOCK_TEMPLATE;
     foreach ($this->_menuitems as $menuitem) {
         if ($this->_multiLangMode) {
             $label = $this->getMenuLabel($menuitem['id']);
         } else {
             $label = $menuitem['label'];
         }
         $target = $menuitem['type'] == 2 ? 'target=newWindow;' . $this->_targetFeatures : '';
         $menuitemImage = trim($menuitem['image']);
         if ($menuitemImage != '') {
             // Check and see if the full url is entered
             if (strpos($menuitemImage, 'http') === false) {
                 $menuitemImage = $_CONF['site_url'] . '/nexmenu/menuimages/' . $menuitemImage;
             }
         }
         if ($i == $this->_menuitemCount) {
             $lastitem = true;
         } else {
             $lastitem = false;
         }
         // Check and see if this item is a submenu
         if ($menuitem['type'] == 3) {
             // Type Submenu
             $url = str_replace('[siteurl]', $_CONF['site_url'], $menuitem['url']);
             $url = str_replace('[siteadminurl]', $_CONF['site_admin_url'], $url);
             if ($this->_type == 'header') {
                 $menuitemimagecss = 'headermenuitemimage';
             } else {
                 $menuitemimagecss = 'blocksubmenuitemimage';
             }
             if ($menuitemImage != '') {
                 $retval .= 'aI("image=' . $menuitemImage . ';text=' . $label . ';' . 'url=' . $url . ';' . $target . 'showmenu=nexmenu' . $menuitem['id'] . ';");';
             } else {
                 $retval .= 'aI("text=' . $label . ';' . 'url=' . $url . ';' . $target . 'showmenu=nexmenu' . $menuitem['id'] . ';");';
             }
         } elseif ($menuitem['type'] == 4) {
             // Core Menu
             switch ($menuitem['url']) {
                 case "adminmenu":
                     if ($_USER['uid'] > 1) {
                         $_BLOCK_TEMPLATE['admin_block'] = 'nexmenu/milonicmenu/blockheader-blank.thtml,nexmenu/milonicmenu/blockfooter-blank.thtml';
                         $_BLOCK_TEMPLATE['adminoption'] = 'nexmenu/milonicmenu/option.thtml,nexmenu/milonicmenu/option_off.thtml';
                         $plugin_options .= PLG_getAdminOptions();
                         $nrows = count($plugin_options);
                         if (SEC_isModerator() or $nrows > 0 or SEC_hasrights('story.edit,block.edit,topic.edit,link.edit,event.edit,poll.edit,user.edit,plugin.edit,user.mail', 'OR')) {
                             $retval .= COM_adminMenu();
                         }
                     }
                     break;
                 case "usermenu":
                     if ($_USER['uid'] > 1) {
                         $_BLOCK_TEMPLATE['user_block'] = 'nexmenu/milonicmenu/blockheader-blank.thtml,nexmenu/milonicmenu/blockfooter-blank.thtml';
                         $_BLOCK_TEMPLATE['useroption'] = 'nexmenu/milonicmenu/option.thtml,nexmenu/milonicmenu/option_off.thtml';
                         $retval .= COM_userMenu();
                     }
                     break;
                 case "topicmenu":
                     $_BLOCK_TEMPLATE['topicoption'] = 'nexmenu/milonicmenu/option.thtml,nexmenu/milonicmenu/option_off.thtml';
                     $retval .= COM_showTopics('', " sortnum < '{$CONF_NEXMENU['restricted_topics']}'");
                     break;
                 case "linksmenu":
                     if ($this->_linksPlugin) {
                         $retval .= $this->_milonicLinksPluginSiteLinks();
                     }
                     break;
                 case "spmenu":
                     if ($this->_staticpagesPlugin) {
                         if ($CONF_NEXMENU['sp_labelonly']) {
                             $sql = "SELECT sp_id,sp_title,sp_label FROM {$_TABLES['staticpage']} WHERE sp_onmenu=1 ";
                             $sql .= COM_getPermSql('AND');
                             $sql .= 'ORDER BY sp_title';
                             $spquery = DB_query($sql);
                         } else {
                             $sql = "SELECT sp_id,sp_title,sp_label FROM {$_TABLES['staticpage']} ";
                             $sql .= COM_getPermSql('WHERE');
                             $sql .= 'ORDER BY sp_title';
                             $spquery = DB_query($sql);
                         }
                         while (list($id, $title, $sp_label) = DB_fetchArray($spquery)) {
                             if (trim($sp_label) == '') {
                                 $label = $title;
                             } else {
                                 $label = $sp_label;
                             }
                             $url = "{$_CONF['site_url']}/staticpages/index.php?page={$id}";
                             $retval .= 'aI("text=' . $label . ';url=' . $_CONF['site_url'] . '/staticpages/index.php?page=' . $id . ';");';
                         }
                     }
                     break;
                 case "pluginmenu":
                     $result = DB_query("SELECT pi_name FROM {$_TABLES['plugins']} WHERE pi_enabled = 1");
                     $nrows = DB_numRows($result);
                     $menu = array();
                     for ($i = 1; $i <= $nrows; $i++) {
                         $A = DB_fetchArray($result);
                         $function = 'plugin_getmenuitems_' . $A['pi_name'];
                         if (function_exists($function)) {
                             $menuitems = $function();
                             if (is_array($menuitems) and count($menuitems) > 0) {
                                 foreach ($menuitems as $plugin_label => $plugin_link) {
                                     $retval .= 'aI("text=' . $plugin_label . ';' . $target . 'url=' . $plugin_link . ';");';
                                 }
                             }
                         }
                     }
                     break;
             }
             // End of menutype == 4  (Core Menu)
         } elseif ($menuitem['type'] == 5) {
             if (function_exists($menuitem['url'])) {
                 /* Pass the type of menu to custom php function */
                 $retval .= $menuitem['url']($this->_type);
             }
         } else {
             $url = str_replace('[siteurl]', $_CONF['site_url'], $menuitem['url']);
             $url = str_replace('[siteadminurl]', $_CONF['site_admin_url'], $url);
             // what's our current URL?
             $thisUrl = COM_getCurrentURL();
             if ($menuitemImage != '') {
                 $retval .= 'aI("image=' . $menuitemImage . ';text=' . $label . ';url=' . $url . ';' . $target . ';");';
             } else {
                 $retval .= 'aI("text=' . $label . ';url=' . $url . ';' . $target . ';");';
             }
         }
         $i++;
     }
     // Restore Template Setting
     $_BLOCK_TEMPLATE = $this->_currentBlockTemplate;
     return $retval;
 }
Example #7
0
/**
 * Generate a security token.
 *
 * This generates and stores a one time security token. Security tokens are
 * added to forms and urls in the admin section as a non-cookie double-check
 * that the admin user really wanted to do that...
 *
 * @param $ttl int Time to live for token in seconds. Default is 20 minutes.
 *
 * @return string  Generated token, it'll be an MD5 hash (32chars)
 */
function SEC_createToken($ttl = 1200)
{
    global $_USER, $_TABLES, $_DB_dbms;
    static $last_token;
    if (isset($last_token)) {
        return $last_token;
    }
    /* Figure out the full url to the current page */
    $pageURL = COM_getCurrentURL();
    /* Generate the token */
    $token = md5($_USER['uid'] . $pageURL . uniqid(rand(), 1));
    $pageURL = addslashes($pageURL);
    /* Destroy exired tokens: */
    $sql['mssql'] = "DELETE FROM {$_TABLES['tokens']} WHERE (DATEADD(ss, ttl, created) < NOW()) AND (ttl > 0)";
    $sql['mysql'] = "DELETE FROM {$_TABLES['tokens']} WHERE (DATE_ADD(created, INTERVAL ttl SECOND) < NOW()) AND (ttl > 0)";
    DB_query($sql);
    /* Destroy tokens for this user/url combination */
    $sql = "DELETE FROM {$_TABLES['tokens']} WHERE owner_id={$_USER['uid']} AND urlfor='{$pageURL}'";
    DB_query($sql);
    /* Create a token for this user/url combination */
    /* NOTE: TTL mapping for PageURL not yet implemented */
    $sql = "INSERT INTO {$_TABLES['tokens']} (token, created, owner_id, urlfor, ttl) " . "VALUES ('{$token}', NOW(), {$_USER['uid']}, '{$pageURL}', {$ttl})";
    DB_query($sql);
    $last_token = $token;
    /* And return the token to the user */
    return $token;
}
Example #8
0
/**
 * Do any other initialisation here
 */
function theme_init_cool()
{
    global $_BLOCK_TEMPLATE, $_CONF, $TLANG, $_SCRIPTS, $TEMPLATE_OPTIONS, $_USER;
    $_CONF['left_blocks_in_footer'] = 1;
    $TEMPLATE_OPTIONS['override'] = 'denim';
    /*
     * For left/right block support there is no longer any need for the theme to
     * put code into functions.php to set specific templates for the left/right
     * versions of blocks. Instead, Geeklog will automagically look for
     * blocktemplate-left.thtml and blocktemplate-right.thtml if given
     * blocktemplate.thtml from $_BLOCK_TEMPLATE. So, if you want different left
     * and right templates from admin_block, just create blockheader-list-left.thtml
     * etc.
     */
    $_BLOCK_TEMPLATE['_msg_block'] = 'blockheader-message.thtml,blockfooter-message.thtml';
    $_BLOCK_TEMPLATE['configmanager_block'] = 'blockheader-config.thtml,blockfooter-config.thtml';
    $_BLOCK_TEMPLATE['configmanager_subblock'] = 'blockheader-config.thtml,blockfooter-config.thtml';
    $_BLOCK_TEMPLATE['whats_related_block'] = 'blockheader-related.thtml,blockfooter-related.thtml';
    $_BLOCK_TEMPLATE['story_options_block'] = 'blockheader-related.thtml,blockfooter-related.thtml';
    // Define the blocks that are a list of links styled as an unordered list - using class="blocklist"
    $_BLOCK_TEMPLATE['admin_block'] = 'blockheader-list.thtml,blockfooter-list.thtml';
    $_BLOCK_TEMPLATE['section_block'] = 'blockheader-list.thtml,blockfooter-list.thtml';
    if (!COM_isAnonUser()) {
        $_BLOCK_TEMPLATE['user_block'] = 'blockheader-list.thtml,blockfooter-list.thtml';
    }
    if (stripos(COM_getCurrentURL(), 'admin/index.php') !== FALSE) {
        $theme_path = $_CONF['path_themes'] . $_CONF['theme'] . '/';
        $langfile = $theme_path . 'language/' . $_CONF['language'] . '.php';
        if (file_exists($langfile)) {
            require_once $langfile;
        } else {
            require_once $theme_path . 'language/english.php';
        }
        $_SCRIPTS->setJavaScriptFile('jqColorPicker', '/layout/' . $_CONF['theme'] . '/javascript/jqColorPicker.min.js');
        $_SCRIPTS->setJavaScript("jQuery(document).ready(function() {\n\t\t    \$('.color').colorPicker();\n\t\t});", TRUE, TRUE);
    }
}
Example #9
0
    // Log attempt to access.log
    COM_accessLog("User {$_USER['username']} tried to illegally access the Filemanager.");
    COM_output($display);
    exit;
}
// Default values defined in filemanager.config.js.dist
$_FM_CONF = array('_comment' => 'IMPORTANT : go to the wiki page to know about options configuration https://github.com/simogeo/Filemanager/wiki/Filemanager-configuration-file', 'options' => array('culture' => 'en', 'lang' => 'php', 'theme' => 'flat-dark', 'defaultViewMode' => 'grid', 'autoload' => true, 'showFullPath' => false, 'showTitleAttr' => false, 'browseOnly' => false, 'showConfirmation' => true, 'showThumbs' => true, 'generateThumbnails' => true, 'searchBox' => true, 'listFiles' => true, 'fileSorting' => 'default', 'chars_only_latin' => true, 'dateFormat' => 'd M Y H:i', 'serverRoot' => true, 'fileRoot' => false, 'baseUrl' => false, 'logger' => false, 'capabilities' => array('select', 'download', 'rename', 'delete', 'replace'), 'plugins' => array()), 'security' => array('allowFolderDownload' => false, 'allowChangeExtensions' => false, 'allowNoExtension' => false, 'uploadPolicy' => 'DISALLOW_ALL', 'uploadRestrictions' => array('jpg', 'jpe', 'jpeg', 'gif', 'png', 'svg', 'txt', 'pdf', 'odp', 'ods', 'odt', 'rtf', 'doc', 'docx', 'xls', 'xlsx', 'ppt', 'pptx', 'csv', 'ogv', 'mp4', 'webm', 'm4v', 'ogg', 'mp3', 'wav', 'zip', 'rar')), 'upload' => array('multiple' => true, 'number' => 5, 'overwrite' => false, 'imagesOnly' => false, 'fileSizeLimit' => 16), 'exclude' => array('unallowed_files' => array('.htaccess', 'web.config'), 'unallowed_dirs' => array('_thumbs', '.CDN_ACCESS_LOGS', 'cloudservers'), 'unallowed_files_REGEXP' => '/^\\./uis', 'unallowed_dirs_REGEXP' => '/^\\./uis'), 'images' => array('imagesExt' => array('jpg', 'jpe', 'jpeg', 'gif', 'png', 'svg'), 'resize' => array('enabled' => true, 'maxWidth' => 1280, 'maxHeight' => 1024)), 'videos' => array('showVideoPlayer' => true, 'videosExt' => array('ogv', 'mp4', 'webm', 'm4v'), 'videosPlayerWidth' => 400, 'videosPlayerHeight' => 222), 'audios' => array('showAudioPlayer' => true, 'audiosExt' => array('ogg', 'mp3', 'wav')), 'pdfs' => array('showPdfReader' => true, 'pdfsExt' => array('pdf', 'odp'), 'pdfsReaderWidth' => 640, 'pdfsReaderHeight' => 480), 'edit' => array('enabled' => true, 'lineNumbers' => true, 'lineWrapping' => true, 'codeHighlight' => false, 'theme' => 'elegant', 'editExt' => array('txt', 'csv')), 'customScrollbar' => array('enabled' => true, 'theme' => 'inset-2-dark', 'button' => true), 'extras' => array('extra_js' => array(), 'extra_js_async' => true), 'icons' => array('path' => 'images/fileicons/', 'directory' => '_Open.png', 'default' => 'default.png'), 'url' => 'https://github.com/simogeo/Filemanager', 'version' => '2.0.0-dev');
// Values to be overridden by Geeklog (system)
$relPaths = array('Image' => 'images/library/Image/', 'Flash' => 'images/library/Flash/', 'Media' => 'images/library/Media/', 'File' => 'images/library/File/', 'Root' => 'images/');
$type = isset($_GET['Type']) ? COM_applyFilter($_GET['Type']) : '';
if (!array_key_exists($type, $relPaths)) {
    $type = 'Image';
}
$fileRoot = $_CONF['path_html'] . $relPaths[$type];
$fileRoot = str_replace('\\', '/', $fileRoot);
if (preg_match('@\\Ahttps?://[^/]+(/.*/)filemanager/index\\.php@i', COM_getCurrentURL(), $match)) {
    $relPath = $match[1];
} else {
    $relPath = '/';
}
$relPath .= $relPaths[$type];
$_FM_CONF['options']['culture'] = COM_getLangIso639Code();
$_FM_CONF['options']['defaultViewMode'] = $_CONF['filemanager_default_view_mode'];
$_FM_CONF['options']['browseOnly'] = $_CONF['filemanager_browse_only'];
$_FM_CONF['options']['showConfirmation'] = $_CONF['filemanager_show_confirmation'];
$_FM_CONF['options']['showThumbs'] = $_CONF['filemanager_show_thumbs'];
$_FM_CONF['options']['generateThumbnails'] = $_CONF['filemanager_generate_thumbnails'];
$_FM_CONF['options']['searchBox'] = $_CONF['filemanager_search_box'];
$_FM_CONF['options']['fileSorting'] = $_CONF['filemanager_file_sorting'];
$_FM_CONF['options']['chars_only_latin'] = $_CONF['filemanager_chars_only_latin'];
$_FM_CONF['options']['dateFormat'] = $_CONF['filemanager_date_format'];
Example #10
0
/**
* Prints administration menu
*
* This will return the administration menu items that the user has
* sufficient rights to -- Admin Block on right side.
*
* @param        string      $help       Help file to show
* @param        string      $title      Menu Title
* @param        string      $position   Side being shown on 'left', 'right' or blank.
* @see function COM_userMenu
*
*/
function COM_adminMenu($help = '', $title = '', $position = '')
{
    global $_TABLES, $_USER, $_CONF;
    $retval = '';
    $link_array = array();
    if (COM_isAnonUser()) {
        return $retval;
    }
    $thisUrl = COM_getCurrentURL();
    if ($_CONF['hide_adminmenu'] && @strpos($thisUrl, $_CONF['site_admin_url']) === false) {
        return '';
    }
    if (empty($title)) {
        $title = DB_getItem($_TABLES['blocks'], 'title', "name = 'admin_block'");
    }
    $retval .= COM_startBlock($title, $help, COM_getBlockTemplate('admin_block', 'header', $position), 'admin_block');
    $menuData = getAdminMenu();
    $retval .= '<div id="adminmenu"><ul>';
    foreach ($menuData as $item) {
        $retval .= '<li><a href="' . $item['url'] . '">' . $item['label'] . '</a></li>';
    }
    $retval .= '</ul></div>';
    $retval .= COM_endBlock(COM_getBlockTemplate('admin_block', 'footer', $position));
    return $retval;
}
Example #11
0
// this file can't be used on its own
if (!defined('GVERSION')) {
    die('This file can not be used on its own.');
}
USES_lib_user();
/* --- Main Processing Loop --- */
$display = '';
$uid = '';
$status = '';
$token = '';
$message = '';
if (!isset($_SYSTEM['admin_session'])) {
    $_SYSTEM['admin_session'] = 1200;
}
// determine the destination of this request
$destination = COM_getCurrentURL();
// validate the destination is not blank and is part of our site...
if ($destination == '') {
    $destination = $_CONF['site_admin_url'] . '/index.php';
}
if (substr($destination, 0, strlen($_CONF['site_url'])) != $_CONF['site_url']) {
    $destination = $_CONF['site_admin_url'] . '/index.php';
}
if (!COM_isAnonUser()) {
    $currentUID = $_USER['uid'];
} else {
    $currentUID = 1;
}
// is user sending credentials?
if (isset($_POST['loginname']) && !empty($_POST['loginname']) && isset($_POST['passwd']) && !empty($_POST['passwd'])) {
    COM_updateSpeedlimit('login');
 protected function _saveUserPhoto($from, $to)
 {
     // Use Pear HTTP Request 2 since first Facebook url to profile picture redirects to a new location
     $ret = '';
     $request = new HTTP_Request2($from, HTTP_Request2::METHOD_GET);
     $request->setConfig(array('adapter' => 'HTTP_Request2_Adapter_Socket', 'connect_timeout' => 15, 'timeout' => 30, 'follow_redirects' => true, 'max_redirects' => 5, 'ssl_verify_peer' => false, 'ssl_verify_host' => false));
     $request->setHeader('User-Agent', 'Geeklog/' . VERSION);
     $request->setHeader('Referer', COM_getCurrentURL());
     $response = $request->send();
     if (200 == $response->getStatus()) {
         $img = $response->getBody();
         $ret = file_put_contents($to, $img);
     }
     return $ret;
 }
Example #13
0
/**
* nexform_showform: Used to display Calls a form
* Function will return the full HTML for the requested form
* If a result id is passed in then the values will be retrieved
* and displayed in the form.
*
* @param        string         $formid       Required: form id to generate html for
* @param        string         $resultid     Optional: result id if posted results are to be shown
* @parm         string         $mode         Optional: Used to pass in 'edit' option of previous results
* @param        string/array   $parms        Optional: parms passed in will be converted to hidden fields
*                                            Used if posted form will be handled by custom form and
*                                            it optional variables are required for post processing
* @param        string         $linkedforms  Optional: used to optionally only show pre linked or post linked forms
*                                            Valid values are: all, none, beforeonly, afternonly
* @return       mixed         returns formatted form HTML
*
**/
function nexform_showform($formid, $resultid = 0, $mode = 'view', $parms = '', $linkedforms = 'all', $style = '')
{
    global $_CONF, $_TABLES, $CONF_FE, $forms_used;
    $forms_used[$formid] = 0;
    $groupAccess = DB_getItem($_TABLES['nxform_definitions'], 'perms_access', "id='{$formid}'");
    if (SEC_inGroup($groupAccess)) {
        // Does user have access to this form
        $fields = 'name,post_method,post_option,intro_text,before_formid,after_formid,';
        $fields .= 'template,on_submit,show_mandatory_note';
        $formquery = DB_query("SELECT {$fields} FROM {$_TABLES['nxform_definitions']} WHERE id='{$formid}'");
        list($formname, $post_method, $post_option, $intro_text, $before_form, $after_form, $maintemplate, $onsubmit, $show_mandatory) = DB_fetchArray($formquery);
        // Check that template to be used exists - else use default
        $templatefile = "{$_CONF['path_layout']}nexform/{$maintemplate}";
        if (!file_exists($templatefile)) {
            $maintemplate = 'defaultform.thtml';
            COM_errorLog("nexform: Missing template {$templatefile}, using default. Form ID: {$formid}");
        }
        $page = new Template($_CONF['path_layout'] . 'nexform');
        $page->set_file(array('page' => $maintemplate, 'javascript' => 'form_javascript.thtml', 'formcontent' => 'singleform_content.thtml', 'fieldsetbegin' => 'fieldset_begin.thtml', 'fieldsetend' => 'fieldset_end.thtml', 'printfieldsetbegin' => 'print_fieldset_begin.thtml', 'printfieldsetend' => 'print_fieldset_end.thtml', 'recstyle1' => 'recstyle1.thtml', 'recstyle2' => 'recstyle2.thtml', 'fieldstyle1' => 'fieldstyle1.thtml', 'fieldstyle1R' => 'fieldstyle1R.thtml', 'fieldstyle2' => 'fieldstyle2.thtml', 'fieldstyle2R' => 'fieldstyle2R.thtml', 'fieldstyle3' => 'fieldstyle3.thtml', 'fieldstyle3R' => 'fieldstyle3R.thtml', 'mfile_field' => 'mfile_field.thtml', 'fieldstyle5' => 'fieldstyle5.thtml', 'fieldstyle5R' => 'fieldstyle5R.thtml', 'captchafield' => 'captchafield.thtml', 'editor' => 'advanced_editor.thtml', 'mfilejs' => 'mfile_js.thtml', 'mfieldjs' => 'mfield_js.thtml', 'dselectjs' => 'dselect_js.thtml', 'fieldhelp' => 'field_help.thtml', 'submit_button' => 'submit_button.thtml'));
        $page->set_var('form_name', "glform_{$formid}");
        $page->set_var('site_url', $_CONF['site_url']);
        $page->set_var('layout_url', $_CONF['layout_url']);
        $page->set_var('public_url', $CONF_FE['public_url']);
        $page->set_var('res_id', $resultid);
        $page->set_var('form_id', $formid);
        if ($_REQUEST['efpv'] == 1) {
            $page->set_var('efpv', 1);
        } else {
            $page->set_var('efpv', 0);
        }
        // This may get reset in the function nexFlow_showFormFields() if dynamic select detects a pre-selected option
        $page->set_var('setlists_onload', 'window.attachEvent("onload",initfilteredlist);');
        if (isset($parms) and is_array($parms)) {
            $hidden_fields = '';
            foreach ($parms as $key => $value) {
                $hidden_fields .= '<input type="hidden" name="' . $key . '" value="' . $value . '">';
            }
            $page->set_var('hidden_fields', $hidden_fields);
        }
        if ($resultid > 0) {
            $groupEditAccess = DB_getItem($_TABLES['nxform_definitions'], 'perms_edit', "id='{$formid}'");
            /* Need to add additional check for edit permissions for this form */
            // The customActionURL is a future use field - UI is not saving it currently
            //$customActionURL = DB_getItem($_TABLES['nxform_definitions'],'admin_url', "id='$formid'");
            // if ($customActionURL == '' OR $post_method == 'posturl') {
            $currentURL = COM_getCurrentURL();
            if (strpos($currentURL, 'admin/plugins/nexform/report.php') > 0) {
                $customActionURL = $_CONF['site_admin_url'] . '/plugins/nexform/report.php';
            } elseif ($post_method == 'posturl') {
                $customActionURL = $post_option;
            }
            if ($mode == 'edit') {
                if ($customActionURL == '') {
                    $form_action = $_CONF['site_admin_url'] . '/plugins/nexform/report.php?op=update&id=' . $formid . '&result=' . $resultid;
                    $page->set_var('form_action', $form_action);
                } else {
                    $customActionURL = str_replace('[siteurl]', $_CONF['site_url'], $customActionURL);
                    $customActionURL = str_replace('[siteadminurl]', $_CONF['site_admin_url'], $customActionURL);
                    $form_action = $customActionURL . '?op=update&formid=' . $formid . '&id=' . $resultid;
                    $page->set_var('form_action', $form_action);
                    $page->set_var('resultid', $resultid);
                }
                if ($parms['singleuse'] == 1) {
                    $page->set_var('autoclose', 'true');
                } else {
                    $page->set_var('autoclose', '');
                }
                $page->set_var('onsubmit', '');
            } else {
                if ($customActionURL == '') {
                    $form_action = $_CONF['site_admin_url'] . '/plugins/nexform/report.php?id=' . $formid;
                    $page->set_var('form_action', $form_action);
                } else {
                    $customActionURL = str_replace('[siteurl]', $_CONF['site_url'], $customActionURL);
                    $customActionURL = str_replace('[siteadminurl]', $_CONF['site_admin_url'], $customActionURL);
                    $form_action = $customActionURL . '?op=view&id=' . $formid . '&result=' . $resultid;
                    if ($mode != 'print') {
                        $page->set_var('form_action', $form_action);
                    }
                    $page->set_var('feShowSubmitButtons', 'none');
                }
                $page->set_var('onsubmit', '');
            }
        } elseif ($post_method == 'posturl') {
            $form_action = str_replace('[siteurl]', $_CONF['site_url'], $post_option);
            $page->set_var('form_action', $form_action);
            $page->set_var('showadminmode', 'none');
            // Hide the admin extra fields used when editing
            if (!empty($onsubmit)) {
                $onsubmit = $onsubmit;
            }
            $page->set_var('onsubmit', $onsubmit);
        } else {
            $form_action = $CONF_FE['post_url'] . '/index.php?id=' . $formid;
            $page->set_var('form_action', $form_action);
            if (!empty($onsubmit)) {
                $onsubmit = $onsubmit;
            }
            $page->set_var('onsubmit', $onsubmit);
        }
        $page->set_var('form_handler', $post_method);
        /* Now show any linked forms - recursively but compare to see we don't go in a loop */
        $allforms = array();
        if (trim($linkedforms) == '') {
            // Assume all linked forms if null passed in
            $allforms = nexform_getlinkedform($formid, $allforms, 'all');
        } elseif ($linkedforms == 'none') {
            $allforms[] = $formid;
        } else {
            $allforms = nexform_getlinkedform($formid, $allforms, $linkedforms);
        }
        /* Determine if more then 1 linked form has the tabbed feature enabled */
        $formCntWithTabs = 0;
        foreach ($allforms as $chkformID) {
            if (DB_getItem($_TABLES['nxform_definitions'], 'show_as_tab', "id='{$chkformID}'")) {
                $formCntWithTabs++;
            }
        }
        $postmethod = '';
        $tab_active = false;
        $tabid = 0;
        $i = 1;
        $prediv_open = false;
        $CONF_FE['dynamicSelect'] = false;
        foreach ($allforms as $showform) {
            $fquery = DB_query("SELECT id,name,show_as_tab,tab_label FROM {$_TABLES['nxform_definitions']} WHERE id={$showform}");
            list($linkid, $formname, $taboption, $tablabel) = DB_fetchArray($fquery);
            $groupAccess = DB_getItem($_TABLES['nxform_definitions'], 'perms_access', "id='{$linkid}'");
            if (SEC_inGroup($groupAccess)) {
                // Does user have access to this form
                if (count($allforms) > 1 and $mode != 'print' and $formCntWithTabs > 1 and $taboption == 1 and !$tab_active) {
                    $tab_active = true;
                    $page->set_file(array('navbar' => 'form_tabnavbar.thtml', 'navtab' => 'tab.thtml', 'divbegin' => 'singleform_divbegin.thtml'));
                    $page->set_var('show_tab1', '');
                }
                $page->set_var('form_comment1', "<!-- **BEGIN** Form: {$formname} **** -->");
                nexform_showFormFields($showform, $form_action, $page, $resultid, $mode, $i);
                $page->set_var('toolbar', $CONF_FE['fckeditor_toolbar']);
                $page->set_var('init_function_calls', $ta2init_function_calls);
                $page->set_var('form_comment2', "<!-- **END** Form: {$formname} **** -->");
                if (count($allforms) > 1 and $mode != 'print' and $taboption) {
                    $tabid++;
                    $page->set_var('tabid', $tabid);
                    $page->parse('div_begin', 'divbegin');
                    $page->set_var("show_tab{$tabid}", 'none');
                    $page->set_var('tab_class', $tabid == 1 ? 'navsubcurrent' : 'navsubmenu');
                    $page->set_var('tab_label', $tablabel == '' ? $formname : $tablabel);
                    $page->parse('tabs', 'navtab', true);
                    $page->parse('tab_navbar', 'navbar');
                    $nexformid = $allforms[$i];
                    /* Check if next form is also a tabbed form */
                    $nexformTabType = DB_getItem($_TABLES['nxform_definitions'], 'show_as_tab', "id='{$nexformid}'");
                    if ($nexformTabType == 1) {
                        $page->set_var('div_end', '</div>');
                    } else {
                        $page->set_var('div_end', '');
                        $prevdiv_open = true;
                        // Next form is not to be in a separate div
                    }
                } elseif ($prevdiv_open) {
                    // May need to close previous div if tabbed form option was used
                    $page->set_var('div_begin', '');
                    $page->set_var('div_end', '</div>');
                } else {
                    $page->set_var('div_begin', '');
                    $page->set_var('div_end', '');
                }
                $page->parse('form_contents', 'formcontent', true);
                $page->parse('form_records', '');
                $i++;
                //Check if form has a field of type 'file' which needs a different posting method in the form HTML tag
                //also have to check through child forms
                $frms = array();
                $frms = nexform_getdynamicforms($showform, $frms);
                foreach ($frms as $frmid) {
                    $filequery = DB_query("SELECT * FROM {$_TABLES['nxform_fields']} WHERE formid='{$frmid}' AND (type = 'file' OR type='mfile')");
                    if (DB_fetchArray($filequery) != '') {
                        $postmethod = "\"post\" enctype=\"multipart/form-data\"";
                        $page->parse('mfile_js_functions', 'mfilejs');
                    }
                    $filequery = DB_query("SELECT * FROM {$_TABLES['nxform_fields']} WHERE formid='{$frmid}' AND (type = 'mtxt')");
                    if (DB_fetchArray($filequery) != '') {
                        $page->parse('mfield_js_functions', 'mfieldjs');
                    }
                    $filequery = DB_query("SELECT * FROM {$_TABLES['nxform_fields']} WHERE formid='{$frmid}' AND (type = 'textarea2')");
                    if (DB_fetchArray($filequery) != '') {
                        $page->parse('advancededitor', 'editor');
                    }
                }
            }
        }
        if ($postmethod == '') {
            $page->set_var('method', '"post"');
        } else {
            $page->set_var('method', $postmethod);
        }
        $page->set_var('introtext', $intro_text);
        if ($mode != 'print' and $show_mandatory and DB_count($_TABLES['nxform_fields'], array('formid', 'is_mandatory'), array($formid, '1')) > 1) {
            $page->set_var('msg_mandatory', 'Note: * Indicates mandatory Field');
        } else {
            $page->set_var('msg_mandatory', '');
        }
        if ($CONF_FE['dynamicSelect']) {
            $page->parse('dynamic_select_js', 'dselectjs');
        } else {
            $page->set_var('dynamic_select_js', '');
        }
        /* Check and see if Advanced Editor should be setup for textarea fields */
        if ($mode != 'print') {
            $page->set_var('formContainerClass', 'frm_maincontainer');
            if ($resultid > 0) {
                if ($mode == 'edit') {
                    $print_option = '<a href="#" onClick="document.glform_' . $formid . '.className=document.glform_';
                    $print_option .= $formid . '.action; document.glform_' . $formid . '.action=\'' . $CONF_FE['public_url'];
                    $print_option .= '/print.php?op=print&result=' . $resultid . '&epm=1&id=' . $formid;
                    $print_preview_option = '<a href="#" onClick="document.glform_' . $formid . '.className=document.glform_';
                    $print_preview_option .= $formid . '.action; document.glform_' . $formid . '.action=\'' . $CONF_FE['public_url'];
                    $print_preview_option .= '/print.php?op=print&style=preview&result=' . $resultid . '&epm=1&id=' . $formid;
                } else {
                    $print_option = '<a href="#" onClick="document.glform_' . $formid . '.className=document.glform_';
                    $print_option .= $formid . '.action; document.glform_' . $formid . '.action=\'' . $CONF_FE['public_url'];
                    $print_option .= '/print.php?op=print&result=' . $resultid . '&id=' . $formid;
                    $print_preview_option = '<a href="#" onClick="document.glform_' . $formid . '.className=document.glform_';
                    $print_preview_option .= $formid . '.action; document.glform_' . $formid . '.action=\'';
                    $print_preview_option .= $CONF_FE['public_url'] . '/print.php?op=print&style=preview&result=' . $resultid . '&id=' . $formid;
                }
                $print_option .= '\'; document.glform_' . $formid . '.target=\'printwindow\'; document.glform_' . $formid;
                $print_option .= '.submit();" onBlur="document.glform_' . $formid . '.action=document.glform_' . $formid;
                $print_option .= 'action=document.glform_' . $formid . '.className; document.glform_' . $formid . '.target=\'\';">[print]</a>';
                $print_preview_option .= '\'; document.glform_' . $formid . '.target=\'printwindow\'; document.glform_' . $formid;
                $print_preview_option .= '.submit();" onBlur="document.glform_' . $formid . '.action=document.glform_' . $formid;
                $print_preview_option .= '.className; document.glform_' . $formid . '.target=\'\';">[print preview]</a>';
                if ($parms['noprint']) {
                    $page->set_var('print_option', '');
                    $page->set_var('print_preview_option', '');
                } else {
                    $page->set_var('print_option', $print_option);
                    $page->set_var('print_preview_option', $print_preview_option);
                }
            } else {
                $page->set_var('print_option', '');
                $page->set_var('print_preview_option', '');
            }
        } elseif ($mode == 'print') {
            if ($style != 'preview') {
                $page->set_var('print_instructions', '<script type="text/javascript">
                window.print();
                setTimeout(\'window.close()\', 1000);
                </script>');
            }
        }
        if ($CONF_FE['dynamicSelect']) {
            $page->parse('dynamic_select_js', 'dselectjs');
        } else {
            $page->set_var('dynamic_select_js', '');
        }
        $page->set_var('form_id', $formid);
        $page->parse('javascript', 'javascript');
        $page->parse('output', 'page');
        if ($mode == 'edit' and $customActionURL == '') {
            $page->set_var('editstatus_message', '<h2 id="feHeadingEditMode" style="margin:0px;padding:10 5 10 50px;">Edit Mode</h2>');
        }
        $formhtml .= $page->finish($page->get_var('output'));
    } else {
        $formhtml = '';
    }
    return $formhtml;
}
Example #14
0
 /**
  * Send an email.
  * All emails sent by Geeklog are sent through this function.
  * NOTE: Please note that using CC: will expose the email addresses of
  *       all recipients. Use with care.
  *
  * @param    string $to          recipients name and email address
  * @param    string $subject     subject of the email
  * @param    string $body        the text of the email
  * @param    string $from        (optional) sender of the the email
  * @param    bool   $html        (optional) true if to be sent as HTML email
  * @param    int    $priority    (optional) add X-Priority header, if > 0
  * @param    mixed  $optional    (optional) other headers or CC:
  * @param    array  $attachments (optional) attachment files
  * @return   bool                true if successful,  otherwise false
  */
 public static function send($to, $subject, $body, $from = '', $html = false, $priority = 0, $optional = null, array $attachments = array())
 {
     global $_CONF;
     if (empty($to)) {
         COM_errorLog("Invalid To address '{$to}' sent to COM_Mail.", 1);
         return false;
     }
     // Remove new lines
     $to = self::stripNewLine($to);
     $from = self::stripNewLine($from);
     $subject = self::stripNewLine($subject);
     // Set up transport
     switch ($_CONF['mail_settings']['backend']) {
         case 'sendmail':
             $arg = $_CONF['mail_settings']['sendmail_path'] . ' ' . $_CONF['mail_settings']['sendmail_args'];
             $transport = \Swift_SendmailTransport::newInstance($arg);
             break;
         case 'smtp':
             $transport = \Swift_SmtpTransport::newInstance($_CONF['mail_settings']['host'], $_CONF['mail_settings']['port']);
             if (!empty($_CONF['mail_settings']['auth'])) {
                 $transport->setUsername($_CONF['mail_settings']['username']);
                 $transport->setPassword($_CONF['mail_settings']['password']);
             }
             break;
         case 'mail':
         default:
             $transport = \Swift_MailTransport::newInstance();
             break;
     }
     $mailer = \Swift_Mailer::newInstance($transport);
     // Set up replacements
     $decorator = new \Swift_Plugins_DecoratorPlugin(new MailReplacements());
     $mailer->registerPlugin($decorator);
     // Create a message
     $message = \Swift_Message::newInstance();
     if (!empty($_CONF['mail_charset'])) {
         $message->setCharset($_CONF['mail_charset']);
     } else {
         $message->setCharset(COM_getCharset());
     }
     // Set subject
     $message->setSubject($subject);
     // Set from
     if (empty($from)) {
         $message->setFrom(array($_CONF['site_mail'] => $_CONF['site_name']));
     } else {
         $message->setFrom($from);
     }
     // Set to
     try {
         $message->setTo($to);
     } catch (\Swift_RfcComplianceException $e) {
         COM_errorLog(__METHOD__ . ': bad "to" ' . $to);
         return false;
     }
     if ($optional != null && !is_array($optional)) {
         $optional = self::stripNewLine($optional);
     }
     if ($optional != null && !is_array($optional) && !empty($optional)) {
         // assume old (optional) CC: header
         try {
             $message->setCc($optional);
         } catch (\Swift_RfcComplianceException $e) {
             COM_errorLog(__METHOD__ . ': bad "Cc" ' . $optional);
             return false;
         }
     }
     // Set body
     $message->setBody($body);
     if ($html) {
         $message->setContentType('text/html');
         $message->addPart($body, 'text/plain');
     } else {
         $message->setContentType('text/plain');
     }
     // Set priority
     if ($priority > 0) {
         $message->setPriority($priority);
     }
     // Add additional headers
     $headers = $message->getHeaders();
     $headers->addTextHeader('X-Mailer', 'Geeklog ' . VERSION);
     if (!empty($_SERVER['REMOTE_ADDR']) && !empty($_SERVER['SERVER_ADDR']) && $_SERVER['REMOTE_ADDR'] != $_SERVER['SERVER_ADDR']) {
         $url = COM_getCurrentURL();
         if (substr($url, 0, strlen($_CONF['site_admin_url'])) != $_CONF['site_admin_url']) {
             $headers->addTextHeader('X-Originating-IP', $_SERVER['REMOTE_ADDR']);
         }
     }
     if (is_array($optional) && count($optional) > 0) {
         foreach ($optional as $h => $v) {
             if (strcasecmp($h, 'Cc') === 0) {
                 try {
                     $message->setCc($v);
                 } catch (\Swift_RfcComplianceException $e) {
                     COM_errorLog(__METHOD__ . ': bad "Cc" ' . $v);
                     return false;
                 }
             } elseif (strcasecmp($h, 'Bcc') === 0) {
                 try {
                     $message->setBcc($v);
                 } catch (\Swift_RfcComplianceException $e) {
                     COM_errorLog(__METHOD__ . ': bad "Bcc" ' . $v);
                     return false;
                 }
             } else {
                 $headers->addTextHeader($h, $v);
             }
         }
     }
     // Set attachments
     if (count($attachments) > 0) {
         foreach ($attachments as $attachment) {
             $message->attach(\Swift_Attachment::fromPath($attachment));
         }
     }
     // Send a message
     $numSent = $mailer->send($message, $failures);
     if ($numSent != 1) {
         COM_errorLog(__METHOD__ . ': failed to send an email to ' . @$failures[0]);
     }
     return $numSent == 1;
 }
Example #15
0
function getAdminMenu()
{
    global $_SP_CONF, $_USER, $_TABLES, $LANG01, $LANG_MB01, $LANG_LOGO, $LANG_AM, $LANG_SOCIAL, $LANG29, $_CONF, $_DB_dbms, $_GROUPS, $config;
    $item_array = array();
    if (!COM_isAnonUser()) {
        $plugin_options = PLG_getAdminOptions();
        $num_plugins = count($plugin_options);
        if (SEC_isModerator() or SEC_hasRights('story.edit,block.edit,topic.edit,user.edit,plugin.edit,user.mail,syndication.edit,social.admin', 'OR') or $num_plugins > 0) {
            // what's our current URL?
            $elementUrl = COM_getCurrentURL();
            $topicsql = '';
            if (SEC_isModerator() || SEC_hasRights('story.edit')) {
                $tresult = DB_query("SELECT tid FROM {$_TABLES['topics']}" . COM_getPermSQL());
                $trows = DB_numRows($tresult);
                if ($trows > 0) {
                    $tids = array();
                    for ($i = 0; $i < $trows; $i++) {
                        $T = DB_fetchArray($tresult);
                        $tids[] = $T['tid'];
                    }
                    if (sizeof($tids) > 0) {
                        $topicsql = " (tid IN ('" . implode("','", $tids) . "'))";
                    }
                }
            }
            $modnum = 0;
            if (SEC_hasRights('story.edit,story.moderate', 'OR') || $_CONF['usersubmission'] == 1 && SEC_hasRights('user.edit,user.delete')) {
                if (SEC_hasRights('story.moderate')) {
                    if (empty($topicsql)) {
                        $modnum += DB_count($_TABLES['storysubmission']);
                    } else {
                        $sresult = DB_query("SELECT COUNT(*) AS count FROM {$_TABLES['storysubmission']} WHERE" . $topicsql);
                        $S = DB_fetchArray($sresult);
                        $modnum += $S['count'];
                    }
                }
                if ($_CONF['listdraftstories'] == 1 && SEC_hasRights('story.edit')) {
                    $sql = "SELECT COUNT(*) AS count FROM {$_TABLES['stories']} WHERE (draft_flag = 1)";
                    if (!empty($topicsql)) {
                        $sql .= ' AND' . $topicsql;
                    }
                    $result = DB_query($sql . COM_getPermSQL('AND', 0, 3));
                    $A = DB_fetchArray($result);
                    $modnum += $A['count'];
                }
                if ($_CONF['usersubmission'] == 1) {
                    if (SEC_hasRights('user.edit') && SEC_hasRights('user.delete')) {
                        $modnum += DB_count($_TABLES['users'], 'status', '2');
                    }
                }
            }
            // now handle submissions for plugins
            $modnum += PLG_getSubmissionCount();
            if (SEC_hasRights('story.edit')) {
                $url = $_CONF['site_admin_url'] . '/story.php';
                $label = $LANG01[11];
                if (empty($topicsql)) {
                    $numstories = DB_count($_TABLES['stories']);
                } else {
                    $nresult = DB_query("SELECT COUNT(*) AS count from {$_TABLES['stories']} WHERE" . $topicsql . COM_getPermSql('AND'));
                    $N = DB_fetchArray($nresult);
                    $numstories = $N['count'];
                }
                $label .= ' (' . COM_numberFormat($numstories) . ')';
                $item_array[] = array('label' => $label, 'url' => $url);
            }
            if (SEC_hasRights('block.edit')) {
                $result = DB_query("SELECT COUNT(*) AS count FROM {$_TABLES['blocks']}" . COM_getPermSql());
                list($count) = DB_fetchArray($result);
                $url = $_CONF['site_admin_url'] . '/block.php';
                $label = $LANG01[12] . ' (' . COM_numberFormat($count) . ')';
                $item_array[] = array('label' => $label, 'url' => $url);
            }
            if (SEC_hasRights('autotag.admin')) {
                $url = $_CONF['site_admin_url'] . '/autotag.php';
                $label = $LANG_AM['title'];
                $item_array[] = array('label' => $label, 'url' => $url);
            }
            if (SEC_inGroup('Root')) {
                $url = $_CONF['site_admin_url'] . '/clearctl.php';
                $label = $LANG01['ctl'];
                $item_array[] = array('label' => $label, 'url' => $url);
            }
            if (SEC_inGroup('Root')) {
                $url = $_CONF['site_admin_url'] . '/menu.php';
                $label = $LANG_MB01['menu_builder'];
                $item_array[] = array('label' => $label, 'url' => $url);
            }
            if (SEC_inGroup('Root')) {
                $url = $_CONF['site_admin_url'] . '/logo.php';
                $label = $LANG_LOGO['logo_admin'];
                $item_array[] = array('label' => $label, 'url' => $url);
            }
            if (SEC_hasRights('topic.edit')) {
                $result = DB_query("SELECT COUNT(*) AS count FROM {$_TABLES['topics']}" . COM_getPermSql());
                list($count) = DB_fetchArray($result);
                $url = $_CONF['site_admin_url'] . '/topic.php';
                $label = $LANG01[13] . ' (' . COM_numberFormat($count) . ')';
                $item_array[] = array('label' => $label, 'url' => $url);
            }
            if (SEC_hasRights('user.edit')) {
                $url = $_CONF['site_admin_url'] . '/user.php';
                $label = $LANG01[17] . ' (' . COM_numberFormat(DB_count($_TABLES['users']) - 1) . ')';
                $item_array[] = array('label' => $label, 'url' => $url);
            }
            if (SEC_hasRights('group.edit')) {
                if (SEC_inGroup('Root')) {
                    $grpFilter = '';
                } else {
                    $elementUsersGroups = SEC_getUserGroups();
                    $grpFilter = 'WHERE (grp_id IN (' . implode(',', $elementUsersGroups) . '))';
                }
                $result = DB_query("SELECT COUNT(*) AS count FROM {$_TABLES['groups']} {$grpFilter};");
                $A = DB_fetchArray($result);
                $url = $_CONF['site_admin_url'] . '/group.php';
                $label = $LANG01[96] . ' (' . COM_numberFormat($A['count']) . ')';
                $item_array[] = array('label' => $label, 'url' => $url);
            }
            if (SEC_hasRights('social.admin')) {
                $url = $_CONF['site_admin_url'] . '/social.php';
                $label = $LANG_SOCIAL['label'];
                $item_array[] = array('label' => $label, 'url' => $url);
            }
            if (SEC_inGroup('Root')) {
                $url = $_CONF['site_admin_url'] . '/envcheck.php';
                $label = $LANG01['env_check'];
                $item_array[] = array('label' => $label, 'url' => $url);
            }
            if (SEC_hasRights('user.mail')) {
                $url = $_CONF['site_admin_url'] . '/mail.php';
                $label = $LANG01[105] . ' (N/A)';
                $item_array[] = array('label' => $label, 'url' => $url);
            }
            if ($_CONF['backend'] == 1 && SEC_hasRights('syndication.edit')) {
                $url = $_CONF['site_admin_url'] . '/syndication.php';
                $label = $LANG01[38] . ' (' . COM_numberFormat(DB_count($_TABLES['syndication'])) . ')';
                $item_array[] = array('label' => $label, 'url' => $url);
            }
            if (($_CONF['trackback_enabled'] || $_CONF['pingback_enabled'] || $_CONF['ping_enabled']) && SEC_hasRights('story.ping')) {
                $url = $_CONF['site_admin_url'] . '/trackback.php';
                $label = $LANG01[116] . ' (' . COM_numberFormat(DB_count($_TABLES['pingservice'])) . ')';
                $item_array[] = array('label' => $label, 'url' => $url);
            }
            if (SEC_hasRights('plugin.edit')) {
                $url = $_CONF['site_admin_url'] . '/plugins.php';
                $label = $LANG01[77] . ' (' . COM_numberFormat(DB_count($_TABLES['plugins'])) . ')';
                $item_array[] = array('label' => $label, 'url' => $url);
            }
            if (SEC_inGroup('Root')) {
                $url = $_CONF['site_admin_url'] . '/configuration.php';
                $label = $LANG01[129] . ' (' . COM_numberFormat(count($config->_get_groups())) . ')';
                $item_array[] = array('label' => $label, 'url' => $url);
            }
            // This will show the admin options for all installed plugins (if any)
            for ($i = 0; $i < $num_plugins; $i++) {
                $plg = current($plugin_options);
                $url = $plg->adminurl;
                $label = $plg->adminlabel;
                if (empty($plg->numsubmissions)) {
                    $label .= '';
                } else {
                    $label .= ' (' . COM_numberFormat($plg->numsubmissions) . ')';
                }
                $item_array[] = array('label' => $label, 'url' => $url);
                next($plugin_options);
            }
            if (SEC_inGroup('Root')) {
                $url = $_CONF['site_admin_url'] . '/database.php';
                $label = $LANG01[103] . '';
                $item_array[] = array('label' => $label, 'url' => $url);
            }
            if (SEC_inGroup('Root')) {
                $url = $_CONF['site_admin_url'] . '/logview.php';
                $label = $LANG01['logview'] . '';
                $item_array[] = array('label' => $label, 'url' => $url);
            }
            if ($_CONF['link_documentation'] == 1) {
                $doclang = COM_getLanguageName();
                if (@file_exists($_CONF['path_html'] . 'docs/' . $doclang . '/index.html')) {
                    $docUrl = $_CONF['site_url'] . '/docs/' . $doclang . '/index.html';
                } else {
                    $docUrl = $_CONF['site_url'] . '/docs/english/index.html';
                }
                $url = $docUrl;
                $label = $LANG01[113] . '';
                $item_array[] = array('label' => $label, 'url' => $url);
            }
            if (SEC_inGroup('Root')) {
                $url = $_CONF['site_admin_url'] . '/vercheck.php';
                $label = $LANG01[107] . ' (' . GVERSION . PATCHLEVEL . ')';
                $item_array[] = array('label' => $label, 'url' => $url);
            }
            if (SEC_isModerator()) {
                $url = $_CONF['site_admin_url'] . '/moderation.php';
                $label = $LANG01[10] . ' (' . COM_numberFormat($modnum) . ')';
                $item_array[] = array('label' => $label, 'url' => $url);
            }
            if ($_CONF['sort_admin']) {
                usort($item_array, '_mb_cmp');
            }
            $url = $_CONF['site_admin_url'] . '/index.php';
            $label = $LANG29[34];
            $cc_item = array('label' => $LANG29[34], 'url' => $url);
            $item_array = array_merge(array($cc_item), $item_array);
        }
    }
    return $item_array;
}
Example #16
0
 private function _renderMenuItems($pid = 0)
 {
     global $_CONF, $_TABLES, $_USER, $_BLOCK_TEMPLATE;
     foreach ($this->_menuitems as $menuitem) {
         if ($this->_multiLangMode) {
             $label = $this->getMenuLabel($menuitem['id']);
         } else {
             $label = $menuitem['label'];
         }
         $target = $menuitem['type'] == 2 ? 'target=newWindow;' . $this->_targetFeatures : '';
         $menuitemImage = trim($menuitem['image']);
         if ($menuitemImage != '') {
             // Check and see if the full url is entered
             if (strpos($menuitemImage, 'http') === false) {
                 $menuitemImage = $_CONF['site_url'] . '/nexmenu/menuimages/' . $menuitemImage;
             }
         }
         if ($i == $this->_menuitemCount) {
             $lastitem = true;
         } else {
             $lastitem = false;
         }
         // Check and see if this item is a submenu
         if ($menuitem['type'] == 3) {
             // Type Submenu
             $url = str_replace('[siteurl]', $_CONF['site_url'], $menuitem['url']);
             $url = str_replace('[siteadminurl]', $_CONF['site_admin_url'], $url);
             if ($this->_type == 'header') {
                 $menuitemimagecss = 'headermenuitemimage';
             } else {
                 $menuitemimagecss = 'blocksubmenuitemimage';
             }
             $t = new Template($_CONF['path_layout'] . 'nexmenu/procssmenu');
             if ($pid == 0) {
                 if ($this->_type == 'header') {
                     $t->set_file('menu', 'headersubmenu.thtml');
                 } else {
                     $t->set_file('menu', 'submenu.thtml');
                 }
                 $t->set_var('menuitem_url', $url);
                 if ($menuitemImage != '') {
                     $image = '<img src="' . $menuitemImage . '" border="0">&nbsp;';
                     $label = "{$image}<span id=\"{$menuitemimagecss}\">{$label}</span>";
                     $t->set_var('menuitem_label', $label);
                 } else {
                     $t->set_var('menuitem_label', $label);
                 }
                 if ($pid == 0) {
                     $t->set_var('imgclass', 'drop');
                 } else {
                     $t->set_var('imgclass', 'fly');
                 }
                 if ($i == $this->_menuitemCount) {
                     $t->set_var('lastitemclass', 'class="enclose"');
                 }
             } else {
                 $t->set_file('menu', 'flysubmenu.thtml');
                 $t->set_var('menuitem_url', $url);
                 $t->set_var('menuitem_label', $label);
             }
             parent::initMenuItems($menuitem['id']);
             $t->set_var('submenu_items', $this->_renderMenuItems($menuitem['id']));
             $t->parse('output', 'menu');
             $retval .= $t->finish($t->get_var('output'));
         } elseif ($menuitem['type'] == 4) {
             // Core Menu
             switch ($menuitem['url']) {
                 case "adminmenu":
                     if ($_USER['uid'] > 1) {
                         $_BLOCK_TEMPLATE['admin_block'] = 'nexmenu/procssmenu/blank.thtml,nexmenu/procssmenu/blank.thtml';
                         $_BLOCK_TEMPLATE['adminoption'] = 'nexmenu/procssmenu/menuitem.thtml,nexmenu/procssmenu/menuitem_on.thtml';
                         $plugin_options .= PLG_getAdminOptions();
                         $nrows = count($plugin_options);
                         if (SEC_isModerator() or $nrows > 0 or SEC_hasrights('story.edit,block.edit,topic.edit,link.edit,event.edit,poll.edit,user.edit,plugin.edit,user.mail', 'OR')) {
                             $retval .= COM_adminMenu();
                         }
                     }
                     break;
                 case "usermenu":
                     if ($_USER['uid'] > 1) {
                         $_BLOCK_TEMPLATE['user_block'] = 'nexmenu/procssmenu/blank.thtml,nexmenu/procssmenu/blank.thtml';
                         $_BLOCK_TEMPLATE['useroption'] = 'nexmenu/procssmenu/menuitem.thtml,nexmenu/procssmenu/menuitem_on.thtml';
                         $retval .= COM_userMenu();
                     }
                     break;
                 case "topicmenu":
                     $_BLOCK_TEMPLATE['topicoption'] = 'nexmenu/procssmenu/menuitem2.thtml,nexmenu/procssmenu/menuitem2_on.thtml';
                     $retval .= COM_showTopics('', " sortnum < '{$CONF_NEXMENU['restricted_topics']}'");
                     break;
                 case "linksmenu":
                     if ($this->_linksPlugin) {
                         $retval .= nexmenu_showlinks($pid, $this->_type, 'site', $numcategories, 0, $lastitem);
                     }
                     break;
                 case "spmenu":
                     if ($this->_staticpagesPlugin) {
                         if ($CONF_NEXMENU['sp_labelonly']) {
                             $sql = "SELECT sp_id,sp_title,sp_label FROM {$_TABLES['staticpage']} WHERE sp_onmenu=1 ";
                             $sql .= COM_getPermSql('AND');
                             $sql .= 'ORDER BY sp_title';
                             $spquery = DB_query($sql);
                         } else {
                             $sql = "SELECT sp_id,sp_title,sp_label FROM {$_TABLES['staticpage']} ";
                             $sql .= COM_getPermSql('WHERE');
                             $sql .= 'ORDER BY sp_title';
                             $spquery = DB_query($sql);
                         }
                         while (list($id, $title, $sp_label) = DB_fetchArray($spquery)) {
                             if (trim($sp_label) == '') {
                                 $label = $title;
                             } else {
                                 $label = $sp_label;
                             }
                             $url = "{$_CONF['site_url']}/staticpages/index.php?page={$id}";
                             $retval .= "<li><a href=\"{$url}\" {$target}>{$label}</a></li>" . LB;
                         }
                     }
                     break;
                 case "pluginmenu":
                     $result = DB_query("SELECT pi_name FROM {$_TABLES['plugins']} WHERE pi_enabled = 1");
                     $nrows = DB_numRows($result);
                     $menu = array();
                     for ($i = 1; $i <= $nrows; $i++) {
                         $A = DB_fetchArray($result);
                         $function = 'plugin_getmenuitems_' . $A['pi_name'];
                         if (function_exists($function)) {
                             $menuitems = $function();
                             if (is_array($menuitems) and count($menuitems) > 0) {
                                 foreach ($menuitems as $plugin_label => $plugin_link) {
                                     if ($pid == 0) {
                                         $retval .= "<li class=\"top\"><a class=\"top_link\" href=\"{$plugin_link}\" {$target}><span>{$plugin_label}</span></a></li>" . LB;
                                     } else {
                                         $retval .= "<li><a href=\"{$plugin_link}\" {$target}><span>{$plugin_label}</span></a></li>" . LB;
                                     }
                                 }
                             }
                         }
                     }
                     break;
                 case "headermenu":
                     $t = new Template($_CONF['path_layout'] . 'nexmenu/procssmenu');
                     $t->set_file(array('menu' => 'siteheader_menuitems.thtml', 'menuitem' => 'headermenu_item.thtml', 'menuitem_last' => 'headermenu_item.thtml'));
                     $plugin_menu = PLG_getMenuItems();
                     COM_renderMenu($t, $plugin_menu);
                     $t->parse('output', 'menu');
                     $retval .= $t->finish($t->get_var('output'));
                     break;
             }
             // End of menutype == 4  (Core Menu)
         } elseif ($menuitem['type'] == 5) {
             if (function_exists($menuitem['url'])) {
                 /* Pass the type of menu to custom php function */
                 $retval .= $menuitem['url']($this->_type);
             }
         } else {
             $url = str_replace('[siteurl]', $_CONF['site_url'], $menuitem['url']);
             $url = str_replace('[siteadminurl]', $_CONF['site_admin_url'], $url);
             // what's our current URL?
             $thisUrl = COM_getCurrentURL();
             if ($menuitemImage != '') {
                 if ($this->_type == 'header') {
                     $menuitemimagecss = 'headermenuitemimage';
                 } else {
                     $menuitemimagecss = 'blockmenuitemimage';
                 }
                 $image = '<img src="' . $menuitemImage . '" border="0">&nbsp;';
                 if ($i == 1 and $pid > 0) {
                     $retval .= "<li><a href=\"{$url}\" {$target} class=\"enclose\">{$image}<span id=\"{$menuitemimagecss}\">{$label}</span></a></li>" . LB;
                 } elseif ($i == $menurows and $pid == 0) {
                     $retval .= "<li><a href=\"{$url}\" {$target} class=\"enclose\">{$image}<span id=\"{$menuitemimagecss}\">{$label}</span></a></li>" . LB;
                 } elseif ($url == $thisUrl) {
                     $retval .= "<li id=\"menuitem_current\"><a href=\"{$url}\" {$target}>{$image}<span id=\"{$menuitemimagecss}\">{$label}</span></a></li>" . LB;
                 } else {
                     $retval .= "<li><a href=\"{$url}\" {$target}>{$image}<span id=\"{$menuitemimagecss}\">{$label}</span></a></li>" . LB;
                 }
             } else {
                 if ($pid == 0) {
                     $retval .= "<li class=\"top\"><a class=\"top_link\" href=\"{$url}\" {$target}><span>{$label}</span></a></li>" . LB;
                 } else {
                     $retval .= "<li><a href=\"{$url}\" {$target}><span>{$label}</span></a></li>" . LB;
                 }
             }
         }
         $i++;
     }
     // Restore Template Setting
     $_BLOCK_TEMPLATE = $this->_currentBlockTemplate;
     return $retval;
 }
/**
* Include any code in this function to add custom template variables.
*
* Called from within Geeklog for:
* - 'header' (site header)
* - 'footer' (site footer)
* - 'storytext', 'featuredstorytext', 'archivestorytext' (story templates)
* - 'story' (story submission)
* - 'comment' (comment submission form)
* - 'registration' (user registration form)
* - 'contact' (email user form)
* - 'emailstory' (email story to a friend)
* - 'loginblock' (login form in the side bar)
* - 'loginform' (login form in the content area)
* - 'search' (advanced search form; simple search is usually part of 'header')
*
* This function is called whenever PLG_templateSetVars is called, i.e. in
* addition to the templates listed here, it may also be called from plugins.
*
* @param    string  $templatename   name of the template, e.g. 'header'
* @param    ref    &$template       reference to the template
* @return   void
* @see      PLG_templateSetVars
*
*/
function CUSTOM_templateSetVars($templatename, &$template)
{
    // define a {hello_world} variable available in header.thtml and
    // a {hello_again} variable available in the story templates
    global $_CONF, $_PLUGINS, $_USER, $LANG01, $LANG_JPN, $page, $topic;
    switch ($templatename) {
        case 'header':
            // User Agent: 'custom_class', 'custom_os', 'custom_browser', 'custom_version', 'custom_alias', 'custom_mobile'
            $ua = Useragent::getInstance();
            $ua->setTemplateVars($template);
            $template->set_var('hello_world', 'Hello, world!');
            // 話題ID:topic_id
            $template->set_var('topic_id', $topic);
            // 静的ページID:sp_id
            $pageurl = COM_getCurrentURL();
            if (strpos($pageurl, "staticpages")) {
                $template->set_var('sp_id', $page);
            }
            // HOME状態:home_id ('home','sub')
            if (COM_isFrontpage()) {
                $home_id = 'sub';
            } else {
                $home_id = 'home';
            }
            $template->set_var('home_id', $home_id);
            // ログインしている時
            if (COM_isAnonUser()) {
                $login_status = 'guest';
                $prof_url_jp = "{$_CONF['site_url']}/";
            } else {
                $login_status = 'member';
                $prof_url_jp = "{$_CONF['site_url']}/users.php?mode=profile&amp;uid={$_USER['uid']}";
            }
            // ログイン状態:login_status ('member','guest')
            $template->set_var('login_status', $login_status);
            // プロフィールのURL:prof_url_jp
            $template->set_var('prof_url_jp', $prof_url_jp);
            break;
        case 'storytext':
        case 'featuredstorytext':
        case 'archivestorytext':
            $template->set_var('hello_again', 'Hello (again)!');
            break;
    }
    // Sets the name of the current plugin as {plugin_name}
    $pluginFound = FALSE;
    if (isset($_PLUGINS) and count($_PLUGINS) > 0) {
        $pattern = '|^' . preg_quote($_CONF['site_url'], '|') . '/(?:admin/plugins/)?(.+?)/|';
        if (preg_match($pattern, COM_getCurrentURL(), $match)) {
            foreach ($_PLUGINS as $plugin) {
                if (strcasecmp($plugin, $match[1]) === 0) {
                    $template->set_var('plugin_name', $plugin);
                    $pluginFound = TRUE;
                    break;
                }
            }
        }
    }
    if ($pluginFound === FALSE) {
        $template->set_var('plugin_name', '');
    }
}
Example #18
0
/**
 * Generate a security token.
 * This generates and stores a one time security token. Security tokens are
 * added to forms and urls in the admin section as a non-cookie double-check
 * that the admin user really wanted to do that...
 *
 * @param  int $ttl Time to live for token in seconds. Default is 20 minutes.
 * @return string  Generated token, it'll be an MD5 hash (32chars)
 * @see SEC_checkToken
 */
function SEC_createToken($ttl = 1200)
{
    global $_TABLES, $_USER;
    static $last_token;
    if (isset($last_token)) {
        return $last_token;
    }
    $uid = isset($_USER['uid']) ? $_USER['uid'] : 1;
    /* Figure out the full url to the current page */
    $pageURL = COM_getCurrentURL();
    /* Generate the token */
    $token = md5($uid . $pageURL . uniqid(rand(), 1));
    $pageURL = DB_escapeString($pageURL);
    /* Destroy exired tokens: */
    $sql['mysql'] = "DELETE FROM {$_TABLES['tokens']} WHERE (DATE_ADD(created, INTERVAL ttl SECOND) < NOW())" . " AND (ttl > 0)";
    $sql['pgsql'] = "DELETE FROM {$_TABLES['tokens']} WHERE ROUND(EXTRACT(EPOCH FROM ABSTIME(created)))::int4 + (SELECT ttl from {$_TABLES['tokens']} LIMIT 1) < ROUND(EXTRACT(EPOCH FROM ABSTIME(NOW())))::int4" . " AND (ttl > 0)";
    DB_query($sql);
    /* Destroy tokens for this user/url combination. Since annonymous user share same id do not delete */
    if ($uid != 1) {
        $sql = "DELETE FROM {$_TABLES['tokens']} WHERE owner_id = '{$uid}' AND urlfor= '{$pageURL}'";
        DB_query($sql);
    }
    /* Create a token for this user/url combination */
    /* NOTE: TTL mapping for PageURL not yet implemented */
    $sql = "INSERT INTO {$_TABLES['tokens']} (token, created, owner_id, urlfor, ttl) " . "VALUES ('{$token}', NOW(), {$uid}, '{$pageURL}', {$ttl})";
    DB_query($sql);
    $last_token = $token;
    /* And return the token to the user */
    return $token;
}
/**
* Provides a PHP function to be used in blocks
*/
function phpblock_themetester()
{
    global $_CONF, $_PLUGINS, $_TABLES, $_USER;
    $retval = '';
    if (!defined('XHTML')) {
        define('XHTML', '');
    }
    if (!defined('LB')) {
        define('LB', "\n");
    }
    // Users are not allowed to change the theme or the user is accessing with
    // a mobile phone
    if ($_CONF['allow_user_themes'] == 0 or THEMETESTER_isMobile() === TRUE) {
        return $retval;
    }
    $installed_themes = THEMETESTER_getThemes();
    if (count($installed_themes) <= 1) {
        // No choice
        return $retval;
    }
    if (isset($_POST['themetester_theme'])) {
        $theme = COM_applyFilter($_POST['themetester_theme']);
    } else {
        $theme = '';
    }
    // Gets the current theme
    if (isset($_USER['uid']) and $_USER['uid'] > 1) {
        // Logged-in user
        $current_theme = DB_getItem($_TABLES['users'], 'theme', "(uid = '" . addslashes($_USER['uid']) . "')");
    } else {
        // Anon
        if (isset($_COOKIE[$_CONF['cookie_theme']])) {
            $current_theme = COM_applyFilter($_COOKIE[$_CONF['cookie_theme']]);
        }
    }
    if ($current_theme == '') {
        $current_theme = $_CONF['theme'];
    }
    // Gets the current URL and XSS-clean it
    $url = COM_getCurrentURL();
    $url = THEMETESTER_cleanUrl($url);
    if (empty($url)) {
        $url = $_CONF['site_url'];
    }
    $url = THEMETESTER_escape($url);
    // The theme was changed
    if (!empty($theme) and $theme != $current_theme and in_array($theme, $installed_themes)) {
        // In case of a registered user, we save the change into DB
        if (isset($_USER['uid']) and $_USER['uid'] > 1) {
            $sql = "UPDATE {$_TABLES['users']} " . "SET theme='" . addslashes($theme) . "' " . "WHERE (uid = '" . addslashes($_USER['uid']) . "')";
            DB_query($sql);
        }
        // If possible, we save the new theme into cookie and refresh
        if (!headers_sent()) {
            setcookie($_CONF['cookie_theme'], THEMETESTER_escape($theme), time() + 3600 * 24 * 365, $_CONF['cookie_path'], $_CONF['cookiedomain'], $_CONF['cookiesecure']);
            // Redirects to the current page
            header('Location: ' . $url);
            exit;
            // In reality, this is unnecessary
        }
    }
    // Displays a form in which users change the theme
    $retval .= '<div id="themetester">' . LB . '  <form action="' . $url . '" method="post">' . LB . '    <select name="themetester_theme" onchange="this.form.submit()">' . LB;
    foreach ($installed_themes as $theme) {
        $retval .= '      <option value="' . THEMETESTER_escape($theme) . '"';
        if ($theme == $current_theme) {
            $retval .= ' selected="selected"';
        }
        $retval .= '>' . THEMETESTER_escape($theme) . '</option>' . LB;
    }
    $retval .= '    </select>' . LB . '    <noscript>' . LB . '      <input name="submit" type="submit" value="選択"' . XHTML . '>' . LB . '    </noscript>' . LB . '  </form>' . LB . '</div>' . LB;
    return $retval;
}