Example #1
0
 /**
  * Apply a basic filter
  *
  * @param  string|array $var
  * @param  bool         $isNumeric
  * @return string|array
  */
 public static function applyFilter($var, $isNumeric = false)
 {
     if (is_array($var)) {
         return array_map(__METHOD__, $var);
     }
     if (is_callable('COM_applyBasicFilter')) {
         $var = COM_applyBasicFilter($var);
     } else {
         // Simulate COM_applyBasicFilter
         $var = \GLText::remove4byteUtf8Chars($var);
         $var = strip_tags($var);
         if (is_callable('COM_killJS')) {
             $var = COM_killJS($var);
             // doesn't help a lot right now, but still ...
         } else {
             $var = preg_replace('/(\\s)+[oO][nN](\\w*) ?=/', '\\1in\\2=', $var);
         }
         if ($isNumeric) {
             // Note: PHP's is_numeric() accepts values like 4e4 as numeric
             if (!is_numeric($var) || preg_match('/^-?\\d+$/', $var) == 0) {
                 $var = 0;
             }
         } else {
             $var = preg_replace('/\\/\\*.*/', '', $var);
             $var = explode("'", $var);
             $var = explode('"', $var[0]);
             $var = explode('`', $var[0]);
             $var = explode(';', $var[0]);
             $var = explode(',', $var[0]);
             $var = explode('\\', $var[0]);
             $var = $var[0];
         }
     }
     return $var;
 }
Example #2
0
function ppApplyFilter($parameter, $isnumeric = false, $returnzero = true)
{
    $p = COM_stripslashes($parameter);
    $p = strip_tags($p);
    $p = COM_killJS($p);
    if ($isnumeric) {
        // Note: PHP's is_numeric() accepts values like 4e4 as numeric
        // Strip out any common number formatting characters
        $p = preg_replace('/[\\s-\\(\\)]+/', '', $p);
        if (!is_numeric($p) || preg_match('/^([0-9]+)$/', $p) == 0) {
            if ($returnzero) {
                $p = 0;
            } else {
                $p = '';
            }
        }
    } else {
        $pa = explode("'", $p);
        $pa = explode('"', $pa['0']);
        $pa = explode('`', $pa['0']);
        $p = $pa['0'];
    }
    return $p;
}
Example #3
0
/**
* Shows a profile for a user
*
* This grabs the user profile for a given user and displays it
*
* @param    int     $user   User ID of profile to get
* @param    int     $msg    Message to display (if != 0)
* @return   string          HTML for user profile page
*
*/
function userprofile($user, $msg = 0)
{
    global $_CONF, $_TABLES, $_USER, $LANG01, $LANG04, $LANG09, $LANG_LOGIN;
    $retval = '';
    if (empty($_USER['username']) && ($_CONF['loginrequired'] == 1 || $_CONF['profileloginrequired'] == 1)) {
        $retval .= COM_siteHeader('menu');
        $retval .= COM_startBlock($LANG_LOGIN[1], '', COM_getBlockTemplate('_msg_block', 'header'));
        $login = new Template($_CONF['path_layout'] . 'submit');
        $login->set_file(array('login' => 'submitloginrequired.thtml'));
        $login->set_var('xhtml', XHTML);
        $login->set_var('login_message', $LANG_LOGIN[2]);
        $login->set_var('site_url', $_CONF['site_url']);
        $login->set_var('site_admin_url', $_CONF['site_admin_url']);
        $login->set_var('layout_url', $_CONF['layout_url']);
        $login->set_var('lang_login', $LANG_LOGIN[3]);
        $login->set_var('lang_newuser', $LANG_LOGIN[4]);
        $login->parse('output', 'login');
        $retval .= $login->finish($login->get_var('output'));
        $retval .= COM_endBlock(COM_getBlockTemplate('_msg_block', 'footer'));
        $retval .= COM_siteFooter();
        return $retval;
    }
    $result = DB_query("SELECT {$_TABLES['users']}.uid,username,fullname,regdate,homepage,about,location,pgpkey,photo,email FROM {$_TABLES['userinfo']},{$_TABLES['users']} WHERE {$_TABLES['userinfo']}.uid = {$_TABLES['users']}.uid AND {$_TABLES['users']}.uid = {$user}");
    $nrows = DB_numRows($result);
    if ($nrows == 0) {
        // no such user
        return COM_refresh($_CONF['site_url'] . '/index.php');
    }
    $A = DB_fetchArray($result);
    $display_name = COM_getDisplayName($user, $A['username'], $A['fullname']);
    // format date/time to user preference
    $curtime = COM_getUserDateTimeFormat($A['regdate']);
    $A['regdate'] = $curtime[0];
    $user_templates = new Template($_CONF['path_layout'] . 'users');
    $user_templates->set_file(array('profile' => 'profile.thtml', 'row' => 'commentrow.thtml', 'strow' => 'storyrow.thtml'));
    $user_templates->set_var('xhtml', XHTML);
    $user_templates->set_var('site_url', $_CONF['site_url']);
    $user_templates->set_var('start_block_userprofile', COM_startBlock($LANG04[1] . ' ' . $display_name));
    $user_templates->set_var('end_block', COM_endBlock());
    $user_templates->set_var('lang_username', $LANG04[2]);
    if ($_CONF['show_fullname'] == 1) {
        $user_templates->set_var('username', $A['fullname']);
        $user_templates->set_var('user_fullname', $A['username']);
    } else {
        $user_templates->set_var('username', $A['username']);
        $user_templates->set_var('user_fullname', $A['fullname']);
    }
    if (SEC_hasRights('user.edit')) {
        global $_IMAGE_TYPE, $LANG_ADMIN;
        $edit_icon = '<img src="' . $_CONF['layout_url'] . '/images/edit.' . $_IMAGE_TYPE . '" alt="' . $LANG_ADMIN['edit'] . '" title="' . $LANG_ADMIN['edit'] . '"' . XHTML . '>';
        $edit_link_url = COM_createLink($edit_icon, "{$_CONF['site_admin_url']}/user.php?mode=edit&amp;uid={$A['uid']}");
        $user_templates->set_var('edit_link', $edit_link_url);
    }
    $photo = USER_getPhoto($user, $A['photo'], $A['email'], -1);
    $user_templates->set_var('user_photo', $photo);
    $user_templates->set_var('lang_membersince', $LANG04[67]);
    $user_templates->set_var('user_regdate', $A['regdate']);
    $user_templates->set_var('lang_email', $LANG04[5]);
    $user_templates->set_var('user_id', $user);
    $user_templates->set_var('lang_sendemail', $LANG04[81]);
    $user_templates->set_var('lang_homepage', $LANG04[6]);
    $user_templates->set_var('user_homepage', COM_killJS($A['homepage']));
    $user_templates->set_var('lang_location', $LANG04[106]);
    $user_templates->set_var('user_location', strip_tags($A['location']));
    $user_templates->set_var('lang_bio', $LANG04[7]);
    $user_templates->set_var('user_bio', nl2br(stripslashes($A['about'])));
    $user_templates->set_var('lang_pgpkey', $LANG04[8]);
    $user_templates->set_var('user_pgp', nl2br($A['pgpkey']));
    $user_templates->set_var('start_block_last10stories', COM_startBlock($LANG04[82] . ' ' . $display_name));
    $user_templates->set_var('start_block_last10comments', COM_startBlock($LANG04[10] . ' ' . $display_name));
    $user_templates->set_var('start_block_postingstats', COM_startBlock($LANG04[83] . ' ' . $display_name));
    $user_templates->set_var('lang_title', $LANG09[16]);
    $user_templates->set_var('lang_date', $LANG09[17]);
    // for alternative layouts: use these as headlines instead of block titles
    $user_templates->set_var('headline_last10stories', $LANG04[82]);
    $user_templates->set_var('headline_last10comments', $LANG04[10]);
    $user_templates->set_var('headline_postingstats', $LANG04[83]);
    $result = DB_query("SELECT tid FROM {$_TABLES['topics']}" . COM_getPermSQL());
    $nrows = DB_numRows($result);
    $tids = array();
    for ($i = 0; $i < $nrows; $i++) {
        $T = DB_fetchArray($result);
        $tids[] = $T['tid'];
    }
    $topics = "'" . implode("','", $tids) . "'";
    // list of last 10 stories by this user
    if (count($tids) > 0) {
        $sql = "SELECT sid,title,UNIX_TIMESTAMP(date) AS unixdate FROM {$_TABLES['stories']} WHERE (uid = {$user}) AND (draft_flag = 0) AND (date <= NOW()) AND (tid IN ({$topics}))" . COM_getPermSQL('AND');
        $sql .= " ORDER BY unixdate DESC LIMIT 10";
        $result = DB_query($sql);
        $nrows = DB_numRows($result);
    } else {
        $nrows = 0;
    }
    if ($nrows > 0) {
        for ($i = 0; $i < $nrows; $i++) {
            $C = DB_fetchArray($result);
            $user_templates->set_var('cssid', $i % 2 + 1);
            $user_templates->set_var('row_number', $i + 1 . '.');
            $articleUrl = COM_buildUrl($_CONF['site_url'] . '/article.php?story=' . $C['sid']);
            $user_templates->set_var('article_url', $articleUrl);
            $C['title'] = str_replace('$', '&#36;', $C['title']);
            $user_templates->set_var('story_title', COM_createLink(stripslashes($C['title']), $articleUrl, array('class' => 'b')));
            $storytime = COM_getUserDateTimeFormat($C['unixdate']);
            $user_templates->set_var('story_date', $storytime[0]);
            $user_templates->parse('story_row', 'strow', true);
        }
    } else {
        $user_templates->set_var('story_row', '<tr><td>' . $LANG01[37] . '</td></tr>');
    }
    // list of last 10 comments by this user
    $sidArray = array();
    if (count($tids) > 0) {
        // first, get a list of all stories the current visitor has access to
        $sql = "SELECT sid FROM {$_TABLES['stories']} WHERE (draft_flag = 0) AND (date <= NOW()) AND (tid IN ({$topics}))" . COM_getPermSQL('AND');
        $result = DB_query($sql);
        $numsids = DB_numRows($result);
        for ($i = 1; $i <= $numsids; $i++) {
            $S = DB_fetchArray($result);
            $sidArray[] = $S['sid'];
        }
    }
    $sidList = implode("', '", $sidArray);
    $sidList = "'{$sidList}'";
    // then, find all comments by the user in those stories
    $sql = "SELECT sid,title,cid,UNIX_TIMESTAMP(date) AS unixdate FROM {$_TABLES['comments']} WHERE (uid = {$user}) GROUP BY sid,title,cid,UNIX_TIMESTAMP(date)";
    // SQL NOTE:  Using a HAVING clause is usually faster than a where if the
    // field is part of the select
    // if (!empty ($sidList)) {
    //     $sql .= " AND (sid in ($sidList))";
    // }
    if (!empty($sidList)) {
        $sql .= " HAVING sid in ({$sidList})";
    }
    $sql .= " ORDER BY unixdate DESC LIMIT 10";
    $result = DB_query($sql);
    $nrows = DB_numRows($result);
    if ($nrows > 0) {
        for ($i = 0; $i < $nrows; $i++) {
            $C = DB_fetchArray($result);
            $user_templates->set_var('cssid', $i % 2 + 1);
            $user_templates->set_var('row_number', $i + 1 . '.');
            $comment_url = $_CONF['site_url'] . '/comment.php?mode=view&amp;cid=' . $C['cid'];
            $C['title'] = str_replace('$', '&#36;', $C['title']);
            $user_templates->set_var('comment_title', COM_createLink(stripslashes($C['title']), $comment_url, array('class' => 'b')));
            $commenttime = COM_getUserDateTimeFormat($C['unixdate']);
            $user_templates->set_var('comment_date', $commenttime[0]);
            $user_templates->parse('comment_row', 'row', true);
        }
    } else {
        $user_templates->set_var('comment_row', '<tr><td>' . $LANG01[29] . '</td></tr>');
    }
    // posting stats for this user
    $user_templates->set_var('lang_number_stories', $LANG04[84]);
    $sql = "SELECT COUNT(*) AS count FROM {$_TABLES['stories']} WHERE (uid = {$user}) AND (draft_flag = 0) AND (date <= NOW())" . COM_getPermSQL('AND');
    $result = DB_query($sql);
    $N = DB_fetchArray($result);
    $user_templates->set_var('number_stories', COM_numberFormat($N['count']));
    $user_templates->set_var('lang_number_comments', $LANG04[85]);
    $sql = "SELECT COUNT(*) AS count FROM {$_TABLES['comments']} WHERE (uid = {$user})";
    if (!empty($sidList)) {
        $sql .= " AND (sid in ({$sidList}))";
    }
    $result = DB_query($sql);
    $N = DB_fetchArray($result);
    $user_templates->set_var('number_comments', COM_numberFormat($N['count']));
    $user_templates->set_var('lang_all_postings_by', $LANG04[86] . ' ' . $display_name);
    // Call custom registration function if enabled and exists
    if ($_CONF['custom_registration'] && function_exists('CUSTOM_userDisplay')) {
        $user_templates->set_var('customfields', CUSTOM_userDisplay($user));
    }
    PLG_profileVariablesDisplay($user, $user_templates);
    $user_templates->parse('output', 'profile');
    $retval .= $user_templates->finish($user_templates->get_var('output'));
    $retval .= PLG_profileBlocksDisplay($user);
    return $retval;
}
Example #4
0
/**
* Filter parameters
*
* NOTE:     Use this function instead of COM_applyFilter for parameters
*           _not_ coming in through a GET or POST request.
*
* @param    string    $parameter   the parameter to test
* @param    boolean   $isnumeric   true if $parameter is supposed to be numeric
* @return   string    the filtered parameter (may now be empty or 0)
* @see COM_applyFilter
*
*/
function COM_applyBasicFilter($parameter, $isnumeric = false)
{
    $log_manipulation = false;
    // set to true to log when the filter applied
    $p = strip_tags($parameter);
    $p = COM_killJS($p);
    // doesn't help a lot right now, but still ...
    if ($isnumeric) {
        // Note: PHP's is_numeric() accepts values like 4e4 as numeric
        if (!is_numeric($p) || preg_match('/^-?\\d+$/', $p) == 0) {
            $p = 0;
        }
    } else {
        $p = preg_replace('/\\/\\*.*/', '', $p);
        $pa = explode("'", $p);
        $pa = explode('"', $pa[0]);
        $pa = explode('`', $pa[0]);
        $pa = explode(';', $pa[0]);
        $pa = explode(',', $pa[0]);
        $pa = explode('\\', $pa[0]);
        $p = $pa[0];
    }
    if ($log_manipulation) {
        if (strcmp($p, $parameter) != 0) {
            COM_errorLog("Filter applied: >> {$parameter} << filtered to {$p} [IP {$_SERVER['REMOTE_ADDR']}]", 1);
        }
    }
    return $p;
}
Example #5
0
function MG_getFile($filename, $file, $album_id, $opt = array())
{
    global $_CONF, $_MG_CONF, $_USER, $_TABLES, $LANG_MG00, $LANG_MG01, $LANG_MG02, $_SPECIAL_IMAGES_MIMETYPE, $new_media_id;
    $caption = isset($opt['caption']) ? $opt['caption'] : '';
    $description = isset($opt['description']) ? $opt['description'] : '';
    $upload = isset($opt['upload']) ? $opt['upload'] : 1;
    $purgefiles = isset($opt['purgefiles']) ? $opt['purgefiles'] : 0;
    $filetype = isset($opt['filetype']) ? $opt['filetype'] : '';
    $atttn = isset($opt['atttn']) ? $opt['atttn'] : 0;
    $thumbnail = isset($opt['thumbnail']) ? $opt['thumbnail'] : '';
    $keywords = isset($opt['keywords']) ? $opt['keywords'] : '';
    $category = isset($opt['category']) ? $opt['category'] : 0;
    $dnc = isset($opt['dnc']) ? $opt['dnc'] : 0;
    $replace = isset($opt['replace']) ? $opt['replace'] : 0;
    $artist = '';
    $musicAlbum = '';
    $genre = '';
    $video_attached_thumbnail = 0;
    $successfulWatermark = 0;
    $dnc = 1;
    // What is this?
    $errors = 0;
    $errMsg = '';
    require_once $_CONF['path'] . 'plugins/mediagallery/include/classAlbum.php';
    $album = new mgAlbum($album_id);
    $root_album = new mgAlbum(0);
    if ($_MG_CONF['verbose']) {
        COM_errorLog("MG Upload: *********** Beginning media upload process...");
        COM_errorLog("Filename to process: " . $filename);
        COM_errorLog("UID=" . $_USER['uid']);
        COM_errorLog("album access=" . $album->access);
        COM_errorLog("album owner_id=" . $album->owner_id);
        COM_errorLog("member_uploads=" . $album->member_uploads);
    }
    clearstatcache();
    if (!file_exists($filename)) {
        $errMsg = $LANG_MG02['upload_not_found'];
        return array(false, $errMsg);
    }
    if (!is_readable($filename)) {
        $errMsg = $LANG_MG02['upload_not_readable'];
        return array(false, $errMsg);
    }
    // make sure we have the proper permissions to upload to this album....
    if (!isset($album->id)) {
        $errMsg = $LANG_MG02['album_nonexist'];
        // "Album does not exist, unable to process uploads";
        return array(false, $errMsg);
    }
    if ($album->access != 3 && !$root_album->owner_id && $album->member_uploads == 0) {
        COM_errorLog("Someone has tried to illegally upload to an album in Media Gallery. " . "User id: {$_USER['uid']}, Username: {$_USER['username']}, IP: " . $_SERVER['REMOTE_ADDR'], 1);
        return array(false, $LANG_MG00['access_denied_msg']);
    }
    sleep(0.1);
    // We do this to make sure we don't get dupe sid's
    /*
     * The following section of code will generate a unique name for a temporary
     * file and copy the uploaded file to the Media Gallery temp directory.
     * We do this to prevent any SAFE MODE issues when we later open the
     * file to determine the mime type.
     */
    if (empty($_USER['username'])) {
        $_USER['username'] = '******';
    }
    $tmpPath = $_MG_CONF['tmp_path'] . $_USER['username'] . COM_makesid() . '.tmp';
    if ($upload) {
        $rc = @move_uploaded_file($filename, $tmpPath);
    } else {
        $rc = @copy($filename, $tmpPath);
        $importSource = $filename;
    }
    if ($rc != 1) {
        COM_errorLog("Media Upload - Error moving uploaded file in generic processing....");
        COM_errorLog("Media Upload - Unable to copy file to: " . $tmpPath);
        $errors++;
        $errMsg .= sprintf($LANG_MG02['move_error'], $filename);
        @unlink($tmpPath);
        COM_errorLog("MG Upload: Problem uploading a media object");
        return array(false, $errMsg);
    }
    $filename = $tmpPath;
    $new_media_id = $replace > 0 ? $replace : COM_makesid();
    $media_time = time();
    $media_upload_time = $media_time;
    if (!isset($_USER['uid']) || $_USER['uid'] < 1) {
        $media_user_id = 1;
    } else {
        $media_user_id = $_USER['uid'];
    }
    $mimeInfo = MG_getMediaMetaData($filename);
    $mimeExt = strtolower(substr(strrchr($file, '.'), 1));
    $mimeInfo['type'] = $mimeExt;
    // override the determination for some filetypes
    $filetype = MG_getFileTypeFromExt($mimeExt, $filetype);
    if (empty($mimeInfo['mime_type'])) {
        COM_errorLog("MG Upload: getID3 was unable to detect mime type - using PHP detection");
        $mimeInfo['mime_type'] = $filetype;
    }
    $gotTN = 0;
    if ($mimeInfo['id3v2']['APIC'][0]['mime'] == 'image/jpeg') {
        $mp3AttachdedThumbnail = $mimeInfo['id3v2']['APIC'][0]['data'];
        $gotTN = 1;
    }
    if ($_MG_CONF['verbose']) {
        COM_errorLog("MG Upload: found mime type of " . $mimeInfo['type']);
    }
    if ($mimeExt == '' || $mimeInfo['mime_type'] == 'application/octet-stream' || $mimeInfo['mime_type'] == '') {
        // assume format based on file upload info...
        switch ($filetype) {
            case 'audio/mpeg':
                $mimeInfo['type'] = 'mp3';
                $mimeInfo['mime_type'] = 'audio/mpeg';
                $mimeExt = 'mp3';
                break;
            case 'image/tga':
                $mimeInfo['type'] = 'tga';
                $mimeInfo['mime_type'] = 'image/tga';
                $mimeExt = 'tga';
                break;
            case 'image/psd':
                $mimeInfo['type'] = 'psd';
                $mimeInfo['mime_type'] = 'image/psd';
                $mimeExt = 'psd';
                break;
            case 'image/gif':
                $mimeInfo['type'] = 'gif';
                $mimeInfo['mime_type'] = 'image/gif';
                $mimeExt = 'gif';
                break;
            case 'image/jpeg':
            case 'image/jpg':
                $mimeInfo['type'] = 'jpg';
                $mimeInfo['mime_type'] = 'image/jpeg';
                $mimeExt = 'jpg';
                break;
            case 'image/png':
                $mimeInfo['type'] = 'png';
                $mimeInfo['mime_type'] = 'image/png';
                $mimeExt = 'png';
                break;
            case 'image/bmp':
                $mimeInfo['type'] = 'bmp';
                $mimeInfo['mime_type'] = 'image/bmp';
                $mimeExt = 'bmp';
                break;
            case 'application/x-shockwave-flash':
                $mimeInfo['type'] = 'swf';
                $mimeInfo['mime_type'] = 'application/x-shockwave-flash';
                $mimeExt = 'swf';
                break;
            case 'application/zip':
                $mimeInfo['type'] = 'zip';
                $mimeInfo['mime_type'] = 'application/zip';
                $mimeExt = 'zip';
                break;
            case 'audio/mpeg':
                $mimeInfo['type'] = 'mp3';
                $mimeInfo['mime_type'] = 'audio/mpeg';
                $mimeExt = 'mp3';
                break;
            case 'video/quicktime':
                $mimeInfo['type'] = 'mov';
                $mimeInfo['mime_type'] = 'video/quicktime';
                $mimeExt = 'mov';
                break;
            case 'video/x-m4v':
                $mimeInfo['type'] = 'mov';
                $mimeInfo['mime_type'] = 'video/x-m4v';
                $mimeExt = 'mov';
                break;
            case 'video/x-flv':
                $mimeInfo['type'] = 'flv';
                $mimeInfo['mime_type'] = 'video/x-flv';
                $mimeExt = 'flv';
                break;
            case 'audio/x-ms-wma':
                $mimeInfo['type'] = 'wma';
                $mimeInfo['mime_type'] = 'audio/x-ms-wma';
                $mimeExt = 'wma';
                break;
            default:
                switch ($mimeExt) {
                    case 'flv':
                        $mimeInfo['type'] = 'flv';
                        $mimeInfo['mime_type'] = 'video/x-flv';
                        break;
                    case 'wma':
                        $mimeInfo['type'] = 'wma';
                        $mimeInfo['mime_type'] = 'audio/x-ms-wma';
                        break;
                    default:
                        $mimeInfo['type'] = 'file';
                        $mimeInfo['mime_type'] = 'application/octet-stream';
                        if ($filetype != '') {
                            $mimeInfo['mime_type'] = $filetype;
                        }
                        break;
                }
                break;
        }
        if ($_MG_CONF['verbose']) {
            COM_errorLog("MG Upload: override mime type to: " . $mimeInfo['type'] . ' based upon file extension of: ' . $filetype);
        }
    }
    switch ($mimeInfo['mime_type']) {
        case 'audio/mpeg':
            $format_type = MG_MP3;
            break;
        case 'image/gif':
            $format_type = MG_GIF;
            break;
        case 'image/jpeg':
        case 'image/jpg':
            $format_type = MG_JPG;
            break;
        case 'image/png':
            $format_type = MG_PNG;
            break;
        case 'image/bmp':
            $format_type = MG_BMP;
            break;
        case 'application/x-shockwave-flash':
            $format_type = MG_SWF;
            break;
        case 'application/zip':
            $format_type = MG_ZIP;
            break;
        case 'video/mpeg':
        case 'video/x-motion-jpeg':
        case 'video/quicktime':
        case 'video/mpeg':
        case 'video/x-mpeg':
        case 'video/x-mpeq2a':
        case 'video/x-qtc':
        case 'video/x-m4v':
            $format_type = MG_MOV;
            break;
        case 'video/x-flv':
            $format_type = MG_FLV;
            break;
        case 'image/tiff':
            $format_type = MG_TIF;
            break;
        case 'image/x-targa':
        case 'image/tga':
            $format_type = MG_TGA;
            break;
        case 'image/psd':
            $format_type = MG_PSD;
            break;
        case 'application/ogg':
            $format_type = MG_OGG;
            break;
        case 'audio/x-ms-wma':
        case 'audio/x-ms-wax':
        case 'audio/x-ms-wmv':
        case 'video/x-ms-asf':
        case 'video/x-ms-asf-plugin':
        case 'video/avi':
        case 'video/msvideo':
        case 'video/x-msvideo':
        case 'video/avs-video':
        case 'video/x-ms-wmv':
        case 'video/x-ms-wvx':
        case 'video/x-ms-wm':
        case 'application/x-troff-msvideo':
        case 'application/x-ms-wmz':
        case 'application/x-ms-wmd':
            $format_type = MG_ASF;
            break;
        case 'application/pdf':
            $format_type = MG_OTHER;
            break;
        default:
            $format_type = MG_OTHER;
            break;
    }
    if (!($album->valid_formats & $format_type)) {
        return array(false, $LANG_MG02['format_not_allowed']);
    }
    $mimeType = $mimeInfo['mime_type'];
    if ($_MG_CONF['verbose']) {
        COM_errorLog("MG Upload: PHP detected mime type is : " . $filetype);
    }
    if ($filetype == 'video/x-m4v') {
        $mimeType = 'video/x-m4v';
        $mimeInfo['mime_type'] = 'video/x-m4v';
    }
    if ($replace > 0) {
        $sql = "SELECT * FROM {$_TABLES['mg_media']} WHERE media_id='" . addslashes($replace) . "'";
        $result = DB_query($sql);
        $row = DB_fetchArray($result);
        $media_filename = $row['media_filename'];
    } else {
        if ($_MG_CONF['preserve_filename'] == 1) {
            $loopCounter = 0;
            $digitCounter = 1;
            $file_name = stripslashes($file);
            $file_name = MG_replace_accents($file_name);
            $file_name = preg_replace("#[ ]#", "_", $file_name);
            // change spaces to underscore
            $file_name = preg_replace('#[^\\.\\-,\\w]#', '_', $file_name);
            //only parenthesis, underscore, letters, numbers, comma, hyphen, period - others to underscore
            $file_name = preg_replace('#(_)+#', '_', $file_name);
            //eliminate duplicate underscore
            $pos = strrpos($file_name, '.');
            if ($pos === false) {
                $basefilename = $file_name;
            } else {
                $basefilename = strtolower(substr($file_name, 0, $pos));
            }
            do {
                clearstatcache();
                $media_filename = substr(md5(uniqid(rand())), 0, $digitCounter) . '_' . $basefilename;
                $loopCounter++;
                if ($loopCounter > 16) {
                    $digitCounter++;
                    $loopCounter = 0;
                }
            } while (MG_file_exists($media_filename));
        } else {
            do {
                clearstatcache();
                $media_filename = md5(uniqid(rand()));
            } while (MG_file_exists($media_filename));
        }
    }
    // replace a few mime extentions here...
    //
    if ($mimeExt == 'php') {
        $mimeExt = 'phps';
    }
    if (in_array($mimeExt, array('pl', 'cgi', 'py', 'sh', 'rb'))) {
        $mimeExt = 'txt';
    }
    $disp_media_filename = $media_filename . '.' . $mimeExt;
    if ($_MG_CONF['verbose']) {
        COM_errorLog("MG Upload: Stored filename is : " . $disp_media_filename);
        COM_errorLog("MG Upload: Mime Type: " . $mimeType);
    }
    switch ($mimeType) {
        case 'image/psd':
        case 'image/x-targa':
        case 'image/tga':
        case 'image/photoshop':
        case 'image/x-photoshop':
        case 'image/psd':
        case 'application/photoshop':
        case 'application/psd':
        case 'image/tiff':
        case 'image/gif':
        case 'image/jpeg':
        case 'image/jpg':
        case 'image/png':
        case 'image/bmp':
            $dispExt = $mimeExt;
            if (in_array($mimeType, $_SPECIAL_IMAGES_MIMETYPE)) {
                $dispExt = 'jpg';
            }
            $media_orig = MG_getFilePath('orig', $media_filename, $mimeExt);
            $media_disp = MG_getFilePath('disp', $media_filename, $dispExt);
            $media_tn = MG_getFilePath('tn', $media_filename, $dispExt);
            $mimeType = $mimeInfo['mime_type'];
            // process image file
            $media_time = getOriginationTimestamp($filename);
            if ($media_time == null || $media_time < 0) {
                $media_time = time();
            }
            if ($_MG_CONF['verbose']) {
                COM_errorLog("MG Upload: About to move/copy file");
            }
            $rc = @copy($filename, $media_orig);
            if ($rc != 1) {
                COM_errorLog("Media Upload - Error moving uploaded file....");
                COM_errorLog("Media Upload - Unable to copy file to: " . $media_orig);
                $errors++;
                $errMsg .= sprintf($LANG_MG02['move_error'], $filename);
            } else {
                if ($purgefiles) {
                    @unlink($importSource);
                }
                @chmod($media_orig, 0644);
                list($rc, $msg) = MG_convertImage($media_orig, $media_tn, $media_disp, $mimeExt, $mimeType, $album_id, $media_filename, $dnc);
                if ($rc == false) {
                    $errors++;
                    $errMsg .= $msg;
                    // sprintf($LANG_MG02['convert_error'],$filename);
                } else {
                    $mediaType = 0;
                    if ($_MG_CONF['discard_original'] == 1 && ($mimeType == 'image/jpeg' || $mimeType == 'image/jpg' || $mimeType == 'image/png' || $mimeType == 'image/bmp' || $mimeType == 'image/gif')) {
                        if ($_MG_CONF['jhead_enabled'] && ($mimeType == 'image/jpeg' || $mimeType == 'image/jpg')) {
                            $rc = MG_execWrapper('"' . $_MG_CONF['jhead_path'] . "/jhead" . '"' . " -te " . $media_orig . " " . $media_disp);
                        }
                        @unlink($media_orig);
                    }
                    if ($album->wm_auto) {
                        if ($_MG_CONF['discard_original'] == 1) {
                            $rc = MG_watermark($media_disp, $album_id, 1);
                            if ($rc == true) {
                                $successfulWatermark = 1;
                            }
                        } else {
                            $rc1 = MG_watermark($media_orig, $album_id, 1);
                            $rc2 = MG_watermark($media_disp, $album_id, 0);
                            if ($rc1 == ture && $rc2 == true) {
                                $successfulWatermark = 1;
                            }
                        }
                    }
                    if ($dnc != 1) {
                        if (!in_array($mimeType, $_SPECIAL_IMAGES_MIMETYPE)) {
                            $mimeExt = 'jpg';
                            $mimeType = 'image/jpeg';
                        }
                    }
                }
            }
            break;
        case 'video/quicktime':
        case 'video/mpeg':
        case 'video/x-flv':
        case 'video/x-ms-asf':
        case 'video/x-ms-asf-plugin':
        case 'video/avi':
        case 'video/msvideo':
        case 'video/x-msvideo':
        case 'video/avs-video':
        case 'video/x-ms-wmv':
        case 'video/x-ms-wvx':
        case 'video/x-ms-wm':
        case 'application/x-troff-msvideo':
        case 'application/x-shockwave-flash':
        case 'video/mp4':
        case 'video/x-m4v':
            $mimeType = $mimeInfo['mime_type'];
            if ($filetype == 'video/mp4') {
                $mimeExt = 'mp4';
            }
            // process video format
            $media_orig = MG_getFilePath('orig', $media_filename, $mimeExt);
            $rc = @copy($filename, $media_orig);
            if ($rc != 1) {
                COM_errorLog("MG Upload: Error moving uploaded file in video processing....");
                COM_errorLog("Media Upload - Unable to copy file to: " . $media_orig);
                $errors++;
                $errMsg .= sprintf($LANG_MG02['move_error'], $filename);
            } else {
                if ($purgefiles) {
                    @unlink($importSource);
                }
                @chmod($media_orig, 0644);
                $mediaType = 1;
            }
            $video_attached_thumbnail = MG_videoThumbnail($album_id, $media_orig, $media_filename);
            break;
        case 'application/ogg':
        case 'audio/mpeg':
        case 'audio/x-ms-wma':
        case 'audio/x-ms-wax':
        case 'audio/x-ms-wmv':
            $mimeType = $mimeInfo['mime_type'];
            // process audio format
            $media_orig = MG_getFilePath('orig', $media_filename, $mimeExt);
            $rc = @copy($filename, $media_orig);
            COM_errorLog("MG Upload: Extracting audio meta data");
            if (isset($mimeInfo['tags']['id3v1']['title'][0])) {
                if ($caption == '') {
                    $caption = $mimeInfo['tags']['id3v1']['title'][0];
                }
            }
            if (isset($mimeInfo['tags']['id3v1']['artist'][0])) {
                $artist = addslashes($mimeInfo['tags']['id3v1']['artist'][0]);
            }
            if (isset($mimeInfo['tags']['id3v2']['genre'][0])) {
                $genre = addslashes($mimeInfo['tags']['id3v2']['genre'][0]);
            }
            if (isset($mimeInfo['tags']['id3v1']['album'][0])) {
                $musicAlbum = addslashes($mimeInfo['tags']['id3v1']['album'][0]);
            }
            if ($rc != 1) {
                COM_errorLog("Media Upload - Error moving uploaded file in audio processing....");
                COM_errorLog("Media Upload - Unable to copy file to: " . $media_orig);
                $errors++;
                $errMsg .= sprintf($LANG_MG02['move_error'], $filename);
            } else {
                if ($purgefiles) {
                    @unlink($importSource);
                }
                $mediaType = 2;
            }
            break;
        case 'zip':
        case 'application/zip':
            if ($_MG_CONF['zip_enabled']) {
                $errMsg .= MG_processZip($filename, $album_id, $purgefiles, $media_filename);
                break;
            }
            // NO BREAK HERE, fall through if enable zip isn't allowed
        // NO BREAK HERE, fall through if enable zip isn't allowed
        default:
            $media_orig = MG_getFilePath('orig', $media_filename, $mimeExt);
            $mimeType = $mimeInfo['mime_type'];
            $rc = @copy($filename, $media_orig);
            if ($rc != 1) {
                COM_errorLog("Media Upload - Error moving uploaded file in generic processing....");
                COM_errorLog("Media Upload - Unable to copy file to: " . $media_orig);
                $errors++;
                $errMsg .= sprintf($LANG_MG02['move_error'], $filename);
            } else {
                if ($purgefiles) {
                    @unlink($importSource);
                }
                $mediaType = 4;
            }
            $mediaType = 4;
            break;
    }
    // update quota
    $quota = $album->album_disk_usage;
    $quota += @filesize(MG_getFilePath('orig', $media_filename, $mimeExt));
    if ($_MG_CONF['discard_original'] == 1) {
        $quota += @filesize(MG_getFilePath('disp', $media_filename, 'jpg'));
    }
    DB_change($_TABLES['mg_albums'], 'album_disk_usage', $quota, 'album_id', intval($album_id));
    if ($errors) {
        @unlink($tmpPath);
        COM_errorLog("MG Upload: Problem uploading a media object");
        return array(false, $errMsg);
    }
    if (($mimeType != 'application/zip' || $_MG_CONF['zip_enabled'] == 0) && $errors == 0) {
        // Now we need to process an uploaded thumbnail
        if ($gotTN == 1) {
            $mp3TNFilename = $_MG_CONF['tmp_path'] . 'mp3tn' . time() . '.jpg';
            $fn = fopen($mp3TNFilename, "w");
            fwrite($fn, $mp3AttachdedThumbnail);
            fclose($fn);
            $saveThumbnailName = $_MG_CONF['path_mediaobjects'] . 'tn/' . $media_filename[0] . '/tn_' . $media_filename;
            MG_attachThumbnail($album_id, $mp3TNFilename, $saveThumbnailName);
            @unlink($mp3TNFilename);
            $atttn = 1;
        } else {
            if ($atttn == 1) {
                $saveThumbnailName = $_MG_CONF['path_mediaobjects'] . 'tn/' . $media_filename[0] . '/tn_' . $media_filename;
                MG_attachThumbnail($album_id, $thumbnail, $saveThumbnailName);
            }
        }
        if ($video_attached_thumbnail) {
            $atttn = 1;
        }
        if ($_MG_CONF['verbose']) {
            COM_errorLog("MG Upload: Building SQL and preparing to enter database");
        }
        if ($_MG_CONF['htmlallowed'] != 1) {
            $media_desc = addslashes(htmlspecialchars(strip_tags(COM_checkWords(COM_killJS($description)))));
            $media_caption = addslashes(htmlspecialchars(strip_tags(COM_checkWords(COM_killJS($caption)))));
            $media_keywords = addslashes(htmlspecialchars(strip_tags(COM_checkWords(COM_killJS($keywords)))));
        } else {
            $media_desc = addslashes(COM_checkHTML(COM_killJS($description)));
            $media_caption = addslashes(COM_checkHTML(COM_killJS($caption)));
            $media_keywords = addslashes(COM_checkHTML(COM_killJS($keywords)));
        }
        // Check and see if moderation is on.  If yes, place in mediasubmission
        if ($album->moderate == 1 && !$root_album->owner_id) {
            $tableMedia = $_TABLES['mg_mediaqueue'];
            $tableMediaAlbum = $_TABLES['mg_media_album_queue'];
            $queue = 1;
        } else {
            $tableMedia = $_TABLES['mg_media'];
            $tableMediaAlbum = $_TABLES['mg_media_albums'];
            $queue = 0;
        }
        $original_filename = addslashes($file);
        if ($album->filename_title) {
            if ($media_caption == '') {
                $pos = strrpos($original_filename, '.');
                if ($pos === false) {
                    $media_caption = $original_filename;
                } else {
                    $media_caption = substr($original_filename, 0, $pos);
                }
            }
        }
        if ($_MG_CONF['verbose']) {
            COM_errorLog("MG Upload: Inserting media record into mg_media");
        }
        $resolution_x = 0;
        $resolution_y = 0;
        // try to find a resolution if video...
        if ($mediaType == 1) {
            switch ($mimeType) {
                case 'application/x-shockwave-flash':
                case 'video/quicktime':
                case 'video/mpeg':
                case 'video/x-m4v':
                    $resolution_x = -1;
                    $resolution_y = -1;
                    if (isset($mimeInfo['video']['resolution_x']) && isset($mimeInfo['video']['resolution_x'])) {
                        $resolution_x = $mimeInfo['video']['resolution_x'];
                        $resolution_y = $mimeInfo['video']['resolution_y'];
                    }
                    break;
                case 'video/x-flv':
                    if ($mimeInfo['video']['resolution_x'] < 1 || $mimeInfo['video']['resolution_y'] < 1) {
                        $resolution_x = -1;
                        $resolution_y = -1;
                        if (isset($mimeInfo['meta']['onMetaData']['width']) && isset($mimeInfo['meta']['onMetaData']['height'])) {
                            $resolution_x = $mimeInfo['meta']['onMetaData']['width'];
                            $resolution_y = $mimeInfo['meta']['onMetaData']['height'];
                        }
                    } else {
                        $resolution_x = $mimeInfo['video']['resolution_x'];
                        $resolution_y = $mimeInfo['video']['resolution_y'];
                    }
                    break;
                case 'video/x-ms-asf':
                case 'video/x-ms-asf-plugin':
                case 'video/avi':
                case 'video/msvideo':
                case 'video/x-msvideo':
                case 'video/avs-video':
                case 'video/x-ms-wmv':
                case 'video/x-ms-wvx':
                case 'video/x-ms-wm':
                case 'application/x-troff-msvideo':
                    $resolution_x = -1;
                    $resolution_y = -1;
                    if (isset($mimeInfo['video']['streams']['2']['resolution_x']) && isset($mimeInfo['video']['streams']['2']['resolution_y'])) {
                        $resolution_x = $mimeInfo['video']['streams']['2']['resolution_x'];
                        $resolution_y = $mimeInfo['video']['streams']['2']['resolution_y'];
                    }
                    break;
            }
        }
        if ($replace > 0) {
            $sql = "UPDATE " . $tableMedia . " SET " . "media_filename='" . addslashes($media_filename) . "'," . "media_original_filename='" . $original_filename . "'," . "media_mime_ext='" . addslashes($mimeExt) . "'," . "mime_type='" . addslashes($mimeType) . "'," . "media_time='" . addslashes($media_time) . "'," . "media_user_id='" . addslashes($media_user_id) . "'," . "media_type='" . addslashes($mediaType) . "'," . "media_upload_time='" . addslashes($media_upload_time) . "'," . "media_watermarked='" . addslashes($successfulWatermark) . "'," . "media_resolution_x='" . intval($resolution_x) . "'," . "media_resolution_y='" . intval($resolution_y) . "' " . "WHERE media_id='" . addslashes($replace) . "'";
            DB_query($sql);
        } else {
            $sql = "INSERT INTO " . $tableMedia . " (media_id,media_filename,media_original_filename,media_mime_ext," . "media_exif,mime_type,media_title,media_desc,media_keywords,media_time," . "media_views,media_comments,media_votes,media_rating,media_tn_attached," . "media_tn_image,include_ss,media_user_id,media_user_ip,media_approval," . "media_type,media_upload_time,media_category,media_watermarked,v100," . "maint,media_resolution_x,media_resolution_y,remote_media,remote_url," . "artist,album,genre) " . "VALUES ('" . addslashes($new_media_id) . "','" . addslashes($media_filename) . "','" . $original_filename . "','" . addslashes($mimeExt) . "','1','" . addslashes($mimeType) . "','" . addslashes($media_caption) . "','" . addslashes($media_desc) . "','" . addslashes($media_keywords) . "','" . addslashes($media_time) . "','0','0','0','0.00','" . addslashes($atttn) . "','','1','" . addslashes($media_user_id) . "','','0','" . addslashes($mediaType) . "','" . addslashes($media_upload_time) . "','" . addslashes($category) . "','" . addslashes($successfulWatermark) . "','0','0'," . intval($resolution_x) . "," . intval($resolution_y) . ",0,'','" . addslashes($artist) . "','" . addslashes($musicAlbum) . "','" . addslashes($genre) . "');";
            DB_query($sql);
            if ($_MG_CONF['verbose']) {
                COM_errorLog("MG Upload: Updating Album information");
            }
            $x = 0;
            $sql = "SELECT MAX(media_order) + 10 AS media_seq FROM {$_TABLES['mg_media_albums']} WHERE album_id = " . intval($album_id);
            $result = DB_query($sql);
            $row = DB_fetchArray($result);
            $media_seq = $row['media_seq'];
            if ($media_seq < 10) {
                $media_seq = 10;
            }
            $sql = "INSERT INTO " . $tableMediaAlbum . " (media_id, album_id, media_order) " . "VALUES ('" . addslashes($new_media_id) . "', " . intval($album_id) . ", " . intval($media_seq) . ")";
            DB_query($sql);
            if ($mediaType == 1 && $resolution_x > 0 && $resolution_y > 0 && $_MG_CONF['use_default_resolution'] == 0) {
                DB_save($_TABLES['mg_playback_options'], 'media_id,option_name,option_value', "'{$new_media_id}','width', '{$resolution_x}'");
                DB_save($_TABLES['mg_playback_options'], 'media_id,option_name,option_value', "'{$new_media_id}','height','{$resolution_y}'");
            }
            PLG_itemSaved($new_media_id, 'mediagallery');
            // update the media count for the album, only if no moderation...
            if ($queue == 0) {
                $album->media_count++;
                DB_change($_TABLES['mg_albums'], 'media_count', $album->media_count, 'album_id', $album->id);
                MG_updateAlbumLastUpdate($album->id);
                if ($album->cover == -1 && ($mediaType == 0 || $atttn == 1)) {
                    if ($atttn == 1) {
                        $covername = 'tn_' . $media_filename;
                    } else {
                        $covername = $media_filename;
                    }
                    DB_change($_TABLES['mg_albums'], 'album_cover_filename', $covername, 'album_id', $album->id);
                }
                //                MG_resetAlbumCover($album->id);
            }
            $x++;
        }
    }
    if ($queue) {
        $errMsg .= $LANG_MG01['successful_upload_queue'];
        // ' successfully placed in Moderation queue';
    } else {
        $errMsg .= $LANG_MG01['successful_upload'];
        // ' successfully uploaded to album';
    }
    if ($queue == 0) {
        require_once $_CONF['path'] . 'plugins/mediagallery/include/rssfeed.php';
        MG_buildFullRSS();
        MG_buildAlbumRSS($album_id);
    }
    COM_errorLog("MG Upload: Successfully uploaded a media object");
    @unlink($tmpPath);
    return array(true, $errMsg);
}
Example #6
0
/**
* Shows the user's current settings
*
*/
function edituser()
{
    global $_CONF, $_TABLES, $_USER, $LANG_MYACCOUNT, $LANG04, $LANG_ADMIN, $_SCRIPTS;
    $result = DB_query("SELECT fullname,cookietimeout,email,homepage,sig,emailstories,about,location,pgpkey,photo,remoteservice FROM {$_TABLES['users']},{$_TABLES['userprefs']},{$_TABLES['userinfo']} WHERE {$_TABLES['users']}.uid = {$_USER['uid']} AND {$_TABLES['userprefs']}.uid = {$_USER['uid']} AND {$_TABLES['userinfo']}.uid = {$_USER['uid']}");
    $A = DB_fetchArray($result);
    $preferences = COM_newTemplate($_CONF['path_layout'] . 'preferences');
    $preferences->set_file(array('profile' => 'profile.thtml', 'photo' => 'userphoto.thtml', 'username' => 'username.thtml', 'password' => 'password.thtml', 'current_password' => 'current_password.thtml', 'resynch' => 'resynch.thtml', 'deleteaccount' => 'deleteaccount.thtml'));
    include $_CONF['path_system'] . 'classes/navbar.class.php';
    $navbar = new navbar();
    $cnt = 0;
    foreach ($LANG_MYACCOUNT as $id => $label) {
        $navbar->add_menuitem($label, 'showhideProfileEditorDiv("' . $id . '",' . $cnt . ');return false;', true);
        $cnt++;
    }
    $navbar->set_selected($LANG_MYACCOUNT['pe_namepass']);
    $preferences->set_var('navbar', $navbar->generate());
    //$preferences->set_var ('no_javascript_warning', $LANG04[150]);
    $preferences->set_var('noscript', COM_getNoScript());
    $preferences->set_var('cssid1', 1);
    $preferences->set_var('cssid2', 2);
    $preferences->set_var('preview', USER_showProfile($_USER['uid'], true));
    $preferences->set_var('prefs', editpreferences());
    // Add JavaScript
    $_SCRIPTS->setJavaScriptFile('profile_editor', '/javascript/profile_editor.js');
    $js = '<!-- JS Functions which will execute only if JS enabled will un-hide the special features that enhance the profile editor -->
    <script type="text/JavaScript">
    //<![CDATA[
        /* Initially the navbar is hidden - in case JS is disabled. Enable it now */
        document.getElementById("pe_navbar").style.display="";

        /* Now cycle through the profile tabs as the number in the template could have been modified (personalized)
           If you add custom panels, just ensure you use the class jsenabled_hide or jsenabled_show
           Build an object that can then be referenced in the functon showhideProfileEditorDiv
        */

        var profilepanels = new Object;
        var el;
        el=document.getElementsByTagName("div");
        for(i=0;i<el.length;i++) {
            var divname = el[i].id
            if(el[i].className == "jsenabled_show"){
                el[i].style.display = "";
                profilepanels[divname] = "show";
            } else if(el[i].className == "jsenabled_hide"){
                el[i].style.display = "none";
                profilepanels[divname] = "hidden";
            }
        }
    //]]>
    </script>';
    $_SCRIPTS->setJavaScript($js);
    // some trickery to ensure alternating colors with the available options ...
    if ($_CONF['allow_username_change'] == 1) {
        $first = 1;
        $second = 2;
    } else {
        $first = 2;
        $second = 1;
    }
    $preferences->set_var('cssid1u', $first);
    $preferences->set_var('cssid2u', $second);
    if ($_CONF['allow_user_photo'] == 1) {
        $tmp = $first;
        $first = $second;
        $second = $tmp;
    }
    $preferences->set_var('cssid1p', $first);
    $preferences->set_var('cssid2p', $second);
    $preferences->set_var('lang_fullname', $LANG04[3]);
    $preferences->set_var('lang_fullname_text', $LANG04[34]);
    $preferences->set_var('lang_username', $LANG04[2]);
    $preferences->set_var('lang_username_text', $LANG04[87]);
    $preferences->set_var('lang_password_help_title', $LANG04[146]);
    $preferences->set_var('lang_password_help', $LANG04[147]);
    $preferences->set_var('lang_password', $LANG04[4]);
    $preferences->set_var('lang_password_text', $LANG04[35]);
    $preferences->set_var('lang_password_conf', $LANG04[108]);
    $preferences->set_var('lang_password_text_conf', $LANG04[109]);
    $preferences->set_var('lang_old_password', $LANG04[110]);
    $preferences->set_var('lang_old_password_text', $LANG04[111]);
    $preferences->set_var('lang_cooktime', $LANG04[68]);
    $preferences->set_var('lang_cooktime_text', $LANG04[69]);
    $preferences->set_var('lang_email', $LANG04[5]);
    $preferences->set_var('lang_email_text', $LANG04[33]);
    $preferences->set_var('lang_email_conf', $LANG04[124]);
    $preferences->set_var('lang_email_conf_text', $LANG04[126]);
    $preferences->set_var('lang_userinfo_help_title', $LANG04[148]);
    $preferences->set_var('lang_userinfo_help', $LANG04[149]);
    $preferences->set_var('lang_homepage', $LANG04[6]);
    $preferences->set_var('lang_homepage_text', $LANG04[36]);
    $preferences->set_var('lang_location', $LANG04[106]);
    $preferences->set_var('lang_location_text', $LANG04[107]);
    $preferences->set_var('lang_signature', $LANG04[32]);
    $preferences->set_var('lang_signature_text', $LANG04[37]);
    $preferences->set_var('lang_userphoto', $LANG04[77]);
    $preferences->set_var('lang_userphoto_text', $LANG04[78]);
    $preferences->set_var('lang_about', $LANG04[7]);
    $preferences->set_var('lang_about_text', $LANG04[38]);
    $preferences->set_var('lang_pgpkey', $LANG04[8]);
    $preferences->set_var('lang_pgpkey_text', $LANG04[39]);
    $preferences->set_var('lang_submit', $LANG04[9]);
    $preferences->set_var('lang_cancel', $LANG_ADMIN['cancel']);
    $preferences->set_var('lang_preview_title', $LANG04[145]);
    $preferences->set_var('lang_enter_current_password', $LANG04[127]);
    $preferences->set_var('lang_name_legend', $LANG04[128]);
    $preferences->set_var('lang_password_email_legend', $LANG04[129]);
    $preferences->set_var('lang_personal_info_legend', $LANG04[130]);
    $preferences->set_var('lang_resynch', $LANG04[166]);
    $display_name = COM_getDisplayName($_USER['uid']);
    //$preferences->set_var ('start_block_profile',
    //        COM_startBlock ($LANG04[1] . ' ' . $display_name));
    //$preferences->set_var ('end_block', COM_endBlock ());
    $preferences->set_var('profile_headline', $LANG04[1] . ' ' . $display_name);
    if ($_CONF['allow_user_photo'] == 1) {
        $preferences->set_var('enctype', 'enctype="multipart/form-data"');
    } else {
        $preferences->set_var('enctype', '');
    }
    $preferences->set_var('fullname_value', htmlspecialchars($A['fullname']));
    $preferences->set_var('new_username_value', htmlspecialchars($_USER['username']));
    if ($A['remoteservice'] == '') {
        $preferences->set_var('password_value', '');
        $preferences->parse('password_option', 'password', true);
        $preferences->parse('current_password_option', 'current_password', true);
        $preferences->set_var('resynch_option', '');
    } else {
        $preferences->set_var('password_option', '');
        $preferences->set_var('current_password_option', '');
        if ($_CONF['user_login_method']['oauth'] && strpos($_USER['remoteservice'], 'oauth.') === 0) {
            // OAuth only supports re-synch at the moment
            $preferences->set_var('resynch_checked', '');
            $preferences->parse('resynch_option', 'resynch', true);
        } else {
            $preferences->set_var('resynch_option', '');
        }
    }
    if ($_CONF['allow_username_change'] == 1) {
        $preferences->parse('username_option', 'username', true);
    } else {
        $preferences->set_var('username_option', '');
    }
    $selection = '<select id="cooktime" name="cooktime">' . LB;
    $selection .= COM_optionList($_TABLES['cookiecodes'], 'cc_value,cc_descr', $A['cookietimeout'], 0);
    $selection .= '</select>';
    $preferences->set_var('cooktime_selector', $selection);
    $preferences->set_var('email_value', htmlspecialchars($A['email']));
    $preferences->set_var('homepage_value', htmlspecialchars(COM_killJS($A['homepage'])));
    $preferences->set_var('location_value', htmlspecialchars(strip_tags($A['location'])));
    $preferences->set_var('signature_value', htmlspecialchars($A['sig']));
    if ($_CONF['allow_user_photo'] == 1) {
        $photo = USER_getPhoto($_USER['uid'], $A['photo'], $A['email'], -1);
        if (empty($photo)) {
            $preferences->set_var('display_photo', '');
        } else {
            if (empty($A['photo'])) {
                // external avatar
                $photo = '<br' . XHTML . '>' . $photo;
            } else {
                // uploaded photo - add delete option
                $photo = '<br' . XHTML . '>' . $photo . '<br' . XHTML . '>' . $LANG04[79] . '&nbsp;<input type="checkbox" name="delete_photo"' . XHTML . '>' . LB;
            }
            $preferences->set_var('display_photo', $photo);
        }
        if (empty($_CONF['image_lib'])) {
            $scaling = $LANG04[162];
        } else {
            $scaling = $LANG04[161];
        }
        $preferences->set_var('photo_max_dimensions', sprintf($LANG04[160], $_CONF['max_photo_width'], $_CONF['max_photo_height'], $_CONF['max_photo_size'], $scaling));
        $preferences->parse('userphoto_option', 'photo', true);
    } else {
        $preferences->set_var('userphoto_option', '');
    }
    $result = DB_query("SELECT about,pgpkey FROM {$_TABLES['userinfo']} WHERE uid = {$_USER['uid']}");
    $A = DB_fetchArray($result);
    $reqid = substr(md5(uniqid(rand(), 1)), 1, 16);
    DB_change($_TABLES['users'], 'pwrequestid', $reqid, 'uid', $_USER['uid']);
    $preferences->set_var('about_value', htmlspecialchars($A['about']));
    $preferences->set_var('pgpkey_value', htmlspecialchars($A['pgpkey']));
    $preferences->set_var('uid_value', $reqid);
    $preferences->set_var('username_value', htmlspecialchars($_USER['username']));
    if ($_CONF['allow_account_delete'] == 1) {
        $preferences->set_var('lang_deleteaccount', $LANG04[156]);
        $preferences->set_var('delete_text', $LANG04[95]);
        $preferences->set_var('lang_button_delete', $LANG04[96]);
        $preferences->set_var('delete_mode', 'confirmdelete');
        $preferences->set_var('account_id', $reqid);
        if (isset($LANG04[157])) {
            $preferences->set_var('lang_deleteoption', $LANG04[157]);
        } else {
            $preferences->set_var('lang_deleteoption', $LANG04[156]);
        }
        $preferences->parse('delete_account_option', 'deleteaccount', false);
    } else {
        $preferences->set_var('delete_account_option', '');
    }
    // Call custom account form and edit function if enabled and exists
    if ($_CONF['custom_registration'] and function_exists('CUSTOM_userEdit')) {
        $preferences->set_var('customfields', CUSTOM_userEdit($_USER['uid']));
    }
    PLG_profileVariablesEdit($_USER['uid'], $preferences);
    $retval = $preferences->finish($preferences->parse('output', 'profile'));
    $retval .= PLG_profileBlocksEdit($_USER['uid']);
    return $retval;
}
Example #7
0
function USER_userinfoPanel($U, $newuser = 0)
{
    global $_CONF, $_SYSTEM, $_TABLES, $_USER, $LANG_MYACCOUNT, $LANG04;
    $uid = $U['uid'];
    // set template
    $userform = new Template($_CONF['path_layout'] . 'admin/user/');
    $userform->set_file('user', 'userinfopanel.thtml');
    $userform->set_var(array('lang_personal_info_legend' => $LANG04[130], 'lang_userinfo_help_title' => $LANG04[148], 'lang_userinfo_help' => $LANG04[149], 'lang_homepage' => $LANG04[6], 'lang_location' => $LANG04[106], 'lang_signature' => $LANG04[32], 'lang_about' => $LANG04[7], 'lang_pgpkey' => $LANG04[8], 'lang_social_follow' => $LANG04[198], 'lang_social_info' => $LANG04[199], 'lang_social_service' => $LANG04[200], 'lang_social_username' => $LANG04[201]));
    $follow_me = SOC_followMeProfile($uid);
    if (is_array($follow_me) && count($follow_me) > 0) {
        $userform->set_block('user', 'social_links', 'sl');
        $userform->set_var('social_followme_enabled', true);
        foreach ($follow_me as $service) {
            $userform->set_var('service_display_name', $service['service_display_name']);
            $userform->set_var('service', $service['service']);
            $userform->set_var('service_username', $service['service_username']);
            $userform->parse('sl', 'social_links', true);
        }
    } else {
        $userform->unset_var('social_followme_enabled');
    }
    if ($_CONF['allow_user_photo'] == 1) {
        $userform->set_var('lang_userphoto', $LANG04[77]);
    }
    $userform->set_var('homepage_value', @htmlspecialchars(COM_killJS($U['homepage']), ENT_NOQUOTES, COM_getEncodingt()));
    $userform->set_var('location_value', @htmlspecialchars(strip_tags($U['location']), ENT_NOQUOTES, COM_getEncodingt()));
    $userform->set_var('signature_value', @htmlspecialchars($U['sig'], ENT_NOQUOTES, COM_getEncodingt()));
    $userform->set_var('about_value', @htmlspecialchars($U['about'], ENT_NOQUOTES, COM_getEncodingt()));
    $userform->set_var('pgpkey_value', @htmlspecialchars($U['pgpkey'], ENT_NOQUOTES, COM_getEncodingt()));
    if ($_CONF['allow_user_photo'] == 1) {
        if (!empty($uid) && $uid > 1) {
            $photo = USER_getPhoto($uid, $U['photo'], $U['email'], -1);
            if (empty($photo)) {
                $userform->set_var('display_photo', '');
            } else {
                if (empty($U['photo'])) {
                    // external avatar
                    $photo = '<br/>' . $photo;
                } else {
                    // uploaded photo - add delete option
                    $photo = '<br/>' . $photo . '<br/>' . $LANG04[79] . '&nbsp;<input type="checkbox" name="delete_photo"/>' . LB;
                }
                $userform->set_var('display_photo', $photo);
            }
        } else {
            $userform->set_var('display_photo', '');
        }
    }
    if (!empty($uid) && $uid > 1) {
        $userform->set_var('plugin_userinfo_personalinfo', PLG_profileEdit($uid, 'userinfo', 'personalinfo'));
        $userform->set_var('plugin_userinfo', PLG_profileEdit($uid, 'userinfo'));
        if ($_CONF['custom_registration'] && function_exists('CUSTOM_userEdit')) {
            $userform->set_var('customfields', CUSTOM_userEdit($uid));
        }
    }
    $retval = $userform->finish($userform->parse('output', 'user'));
    return $retval;
}
Example #8
0
function MG_saveCategory($cat_id)
{
    global $_USER, $_CONF, $_TABLES, $_MG_CONF, $LANG_MG00, $LANG_MG01, $_POST;
    $update = 0;
    $A['cat_id'] = COM_applyFilter($_POST['cat_id'], true);
    //    if ($_MG_CONF['htmlallowed'] == 1 ) {
    //        $A['cat_name']          = DB_escapeString(COM_checkHTML(COM_killJS($_POST['cat_name'])));
    //        $A['cat_description']   = DB_escapeString(COM_checkHTML(COM_killJS($_POST['cat_desc'])));
    //    } else {
    $A['cat_name'] = DB_escapeString(htmlspecialchars(strip_tags(COM_checkWords(COM_killJS($_POST['cat_name'])))));
    $A['cat_description'] = DB_escapeString(htmlspecialchars(strip_tags(COM_checkWords(COM_killJS($_POST['cat_desc'])))));
    //    }
    if ($A['cat_name'] == "") {
        return MG_errorHandler($LANG_MG01['category_error']);
    }
    $sql = "SELECT MAX(cat_order) + 1 AS nextcat_order FROM " . $_TABLES['mg_category'];
    $result = DB_query($sql);
    $row = DB_fetchArray($result);
    if ($row == NULL || $result == NULL) {
        $A['cat_order'] = 10;
    } else {
        $A['cat_order'] = $row['nextcat_order'];
        if ($A['cat_order'] < 0) {
            $A['cat_order'] = 10;
        }
    }
    if ($A['cat_order'] == NULL) {
        $A['cat_order'] = 10;
    }
    //
    //  -- Let's make sure we don't have any SQL overflows...
    //
    $A['cat_name'] = substr($A['cat_name'], 0, 254);
    if ($A['cat_id'] == 0) {
        COM_errorLog("Media Gallery Internal Error - cat_id = 0 - Contact support@glfusion.org  ");
        return MG_genericError($LANG_MG00['access_denied_msg']);
    }
    DB_save($_TABLES['mg_category'], "cat_id,cat_name,cat_description,cat_order", "'{$A['cat_id']}','{$A['cat_name']}','{$A['cat_description']}',{$A['cat_order']}");
    echo COM_refresh($_MG_CONF['admin_url'] . 'category.php');
    exit;
}
Example #9
0
/**
* Shows a profile for a user
*
* This grabs the user profile for a given user and displays it
*
* @return   string          HTML for user profile page
*
*/
function userprofile()
{
    global $_CONF, $_TABLES, $_USER, $LANG01, $LANG04, $LANG09, $LANG28, $LANG_LOGIN;
    // @param    int     $user   User ID of profile to get
    // @param    int     $msg    Message to display (if != 0)
    // @param    string  $plugin optional plugin name for message
    $retval = '';
    if (COM_isAnonUser() && ($_CONF['loginrequired'] == 1 || $_CONF['profileloginrequired'] == 1)) {
        $retval .= SEC_loginRequiredForm();
        return $retval;
    }
    if (isset($_GET['uid'])) {
        $user = COM_applyFilter($_GET['uid'], true);
        if (!is_numeric($user) || $user < 2) {
            echo COM_refresh($_CONF['site_url'] . '/index.php');
        }
    } else {
        if (isset($_GET['username'])) {
            $username = $_GET['username'];
            if (!USER_validateUsername($username, 1)) {
                echo COM_refresh($_CONF['site_url'] . '/index.php');
            }
            if (empty($username) || $username == '') {
                echo COM_refresh($_CONF['site_url'] . '/index.php');
            }
            $username = DB_escapeString($username);
            $user = DB_getItem($_TABLES['users'], 'uid', "username = '******'");
            if ($user < 2) {
                echo COM_refresh($_CONF['site_url'] . '/index.php');
            }
        } else {
            echo COM_refresh($_CONF['site_url'] . '/index.php');
        }
    }
    $msg = 0;
    if (isset($_GET['msg'])) {
        $msg = COM_applyFilter($_GET['msg'], true);
    }
    $plugin = '';
    if ($msg > 0 && isset($_GET['plugin'])) {
        $plugin = COM_applyFilter($_GET['plugin']);
    }
    $result = DB_query("SELECT {$_TABLES['users']}.uid,username,fullname,regdate,lastlogin,homepage,about,location,pgpkey,photo,email,status,emailfromadmin,emailfromuser,showonline FROM {$_TABLES['userinfo']},{$_TABLES['userprefs']},{$_TABLES['users']} WHERE {$_TABLES['userinfo']}.uid = {$_TABLES['users']}.uid AND {$_TABLES['userinfo']}.uid = {$_TABLES['userprefs']}.uid AND {$_TABLES['users']}.uid = " . (int) $user);
    $nrows = DB_numRows($result);
    if ($nrows == 0) {
        // no such user
        echo COM_refresh($_CONF['site_url'] . '/index.php');
    }
    $A = DB_fetchArray($result);
    if ($A['status'] == USER_ACCOUNT_DISABLED && !SEC_hasRights('user.edit')) {
        COM_displayMessageAndAbort(30, '', 403, 'Forbidden');
    }
    $display_name = @htmlspecialchars(COM_getDisplayName($user, $A['username'], $A['fullname']), ENT_COMPAT, COM_getEncodingt());
    if ($msg > 0) {
        $retval .= COM_showMessage($msg, $plugin, '', 0, 'info');
    }
    // format date/time to user preference
    $curtime = COM_getUserDateTimeFormat($A['regdate']);
    $A['regdate'] = $curtime[0];
    $user_templates = new Template($_CONF['path_layout'] . 'users');
    $user_templates->set_file(array('profile' => 'profile.thtml', 'email' => 'email.thtml', 'row' => 'commentrow.thtml', 'strow' => 'storyrow.thtml'));
    $user_templates->set_var('layout_url', $_CONF['layout_url']);
    $user_templates->set_var('start_block_userprofile', COM_startBlock($LANG04[1] . ' ' . $display_name));
    $user_templates->set_var('end_block', COM_endBlock());
    $user_templates->set_var('lang_username', $LANG04[2]);
    $user_templates->set_var('tooltip', COM_getTooltipStyle());
    if ($_CONF['show_fullname'] == 1) {
        if (empty($A['fullname'])) {
            $username = $A['username'];
            $fullname = '';
        } else {
            $username = $A['fullname'];
            $fullname = $A['username'];
        }
    } else {
        $username = $A['username'];
        $fullname = '';
    }
    $username = @htmlspecialchars($username, ENT_COMPAT, COM_getEncodingt());
    $fullname = @htmlspecialchars($fullname, ENT_COMPAT, COM_getEncodingt());
    if ($A['status'] == USER_ACCOUNT_DISABLED) {
        $username = sprintf('%s - %s', $username, $LANG28[42]);
        if (!empty($fullname)) {
            $fullname = sprintf('% - %s', $fullname, $LANG28[42]);
        }
    }
    $user_templates->set_var('username', $username);
    $user_templates->set_var('user_fullname', $fullname);
    if (SEC_hasRights('user.edit') || isset($_USER['uid']) && $_USER['uid'] == $A['uid']) {
        global $_IMAGE_TYPE, $LANG_ADMIN;
        $edit_icon = '<img src="' . $_CONF['layout_url'] . '/images/edit.' . $_IMAGE_TYPE . '" alt="' . $LANG_ADMIN['edit'] . '" title="' . $LANG_ADMIN['edit'] . '" />';
        if ($_USER['uid'] == $A['uid']) {
            $edit_url = "{$_CONF['site_url']}/usersettings.php";
        } else {
            $edit_url = "{$_CONF['site_admin_url']}/user.php?edit=x&amp;uid={$A['uid']}";
        }
        $edit_link_url = COM_createLink($edit_icon, $edit_url);
        $user_templates->set_var('edit_icon', $edit_icon);
        $user_templates->set_var('edit_link', $edit_link_url);
        $user_templates->set_var('user_edit', $edit_url);
    } else {
        $user_templates->set_var('user_edit', '');
    }
    if (isset($A['photo']) && empty($A['photo'])) {
        $A['photo'] = '(none)';
        // user does not have a photo
    }
    $lastlogin = $A['lastlogin'];
    $lasttime = COM_getUserDateTimeFormat($lastlogin);
    $photo = USER_getPhoto($user, $A['photo'], $A['email'], -1, 0);
    $user_templates->set_var('user_photo', $photo);
    $user_templates->set_var('lang_membersince', $LANG04[67]);
    $user_templates->set_var('user_regdate', $A['regdate']);
    if ($_CONF['lastlogin'] && $A['showonline']) {
        $user_templates->set_var('lang_lastlogin', $LANG28[35]);
        if (!empty($lastlogin)) {
            $user_templates->set_var('user_lastlogin', $lasttime[0]);
        } else {
            $user_templates->set_var('user_lastlogin', $LANG28[36]);
        }
    }
    if ($A['showonline']) {
        if (DB_count($_TABLES['sessions'], 'uid', (int) $user)) {
            $user_templates->set_var('online', 'online');
        }
    }
    $user_templates->set_var('lang_email', $LANG04[5]);
    $user_templates->set_var('user_id', $user);
    if ($A['email'] == '' || $A['emailfromuser'] == 0) {
        $user_templates->set_var('email_option', '');
    } else {
        $user_templates->set_var('lang_sendemail', $LANG04[81]);
        $user_templates->parse('email_option', 'email', true);
    }
    $user_templates->set_var('lang_homepage', $LANG04[6]);
    $user_templates->set_var('user_homepage', COM_killJS($A['homepage']));
    $user_templates->set_var('lang_location', $LANG04[106]);
    $user_templates->set_var('user_location', strip_tags($A['location']));
    $user_templates->set_var('lang_online', $LANG04[160]);
    $user_templates->set_var('lang_bio', $LANG04[7]);
    $user_templates->set_var('user_bio', nl2br($A['about']));
    $user_templates->set_var('follow_me', SOC_getFollowMeIcons($user, 'follow_user_profile.thtml'));
    $user_templates->set_var('lang_pgpkey', $LANG04[8]);
    $user_templates->set_var('user_pgp', nl2br($A['pgpkey']));
    $user_templates->set_var('start_block_last10stories', COM_startBlock($LANG04[82] . ' ' . $display_name));
    if (!isset($_CONF['comment_engine']) || $_CONF['comment_engine'] == 'internal') {
        $user_templates->set_var('start_block_last10comments', COM_startBlock($LANG04[10] . ' ' . $display_name));
    }
    $user_templates->set_var('start_block_postingstats', COM_startBlock($LANG04[83] . ' ' . $display_name));
    $user_templates->set_var('lang_title', $LANG09[16]);
    $user_templates->set_var('lang_date', $LANG09[17]);
    // for alternative layouts: use these as headlines instead of block titles
    $user_templates->set_var('headline_last10stories', $LANG04[82] . ' ' . $display_name);
    if (!isset($_CONF['comment_engine']) || $_CONF['comment_engine'] == 'internal') {
        $user_templates->set_var('headline_last10comments', $LANG04[10] . ' ' . $display_name);
    }
    $user_templates->set_var('headline_postingstats', $LANG04[83] . ' ' . $display_name);
    $result = DB_query("SELECT tid FROM {$_TABLES['topics']}" . COM_getPermSQL());
    $nrows = DB_numRows($result);
    $tids = array();
    for ($i = 0; $i < $nrows; $i++) {
        $T = DB_fetchArray($result);
        $tids[] = $T['tid'];
    }
    $topics = "'" . implode("','", $tids) . "'";
    // list of last 10 stories by this user
    if (sizeof($tids) > 0) {
        $sql = "SELECT sid,title,UNIX_TIMESTAMP(date) AS unixdate FROM {$_TABLES['stories']} WHERE (uid = '" . (int) $user . "') AND (draft_flag = 0) AND (date <= NOW()) AND (tid IN ({$topics}))" . COM_getPermSQL('AND');
        $sql .= " ORDER BY unixdate DESC LIMIT 10";
        $result = DB_query($sql);
        $nrows = DB_numRows($result);
    } else {
        $nrows = 0;
    }
    if ($nrows > 0) {
        for ($i = 0; $i < $nrows; $i++) {
            $C = DB_fetchArray($result);
            $user_templates->set_var('cssid', $i % 2 + 1);
            $user_templates->set_var('row_number', $i + 1 . '.');
            $articleUrl = COM_buildUrl($_CONF['site_url'] . '/article.php?story=' . $C['sid']);
            $user_templates->set_var('article_url', $articleUrl);
            $C['title'] = str_replace('$', '&#36;', $C['title']);
            $user_templates->set_var('story_title', COM_createLink($C['title'], $articleUrl, array('class' => '')));
            $storytime = COM_getUserDateTimeFormat($C['unixdate']);
            $user_templates->set_var('story_date', $storytime[0]);
            $user_templates->parse('story_row', 'strow', true);
        }
    } else {
        $user_templates->set_var('story_row', '<tr><td>' . $LANG01[37] . '</td></tr>');
    }
    if (!isset($_CONF['comment_engine']) || $_CONF['comment_engine'] == 'internal') {
        // list of last 10 comments by this user
        $sidArray = array();
        if (sizeof($tids) > 0) {
            // first, get a list of all stories the current visitor has access to
            $sql = "SELECT sid FROM {$_TABLES['stories']} WHERE (draft_flag = 0) AND (date <= NOW()) AND (tid IN ({$topics}))" . COM_getPermSQL('AND');
            $result = DB_query($sql);
            $numsids = DB_numRows($result);
            for ($i = 1; $i <= $numsids; $i++) {
                $S = DB_fetchArray($result);
                $sidArray[] = $S['sid'];
            }
        }
        $sidList = implode("', '", $sidArray);
        $sidList = "'{$sidList}'";
        // then, find all comments by the user in those stories
        $sql = "SELECT sid,title,cid,UNIX_TIMESTAMP(date) AS unixdate FROM {$_TABLES['comments']} WHERE (uid = '" . (int) $user . "') GROUP BY sid,title,cid,UNIX_TIMESTAMP(date)";
        // SQL NOTE:  Using a HAVING clause is usually faster than a where if the
        // field is part of the select
        // if (!empty ($sidList)) {
        //     $sql .= " AND (sid in ($sidList))";
        // }
        if (!empty($sidList)) {
            $sql .= " HAVING sid in ({$sidList})";
        }
        $sql .= " ORDER BY unixdate DESC LIMIT 10";
        $result = DB_query($sql);
        $nrows = DB_numRows($result);
        if ($nrows > 0) {
            for ($i = 0; $i < $nrows; $i++) {
                $C = DB_fetchArray($result);
                $user_templates->set_var('cssid', $i % 2 + 1);
                $user_templates->set_var('row_number', $i + 1 . '.');
                $C['title'] = str_replace('$', '&#36;', $C['title']);
                $comment_url = $_CONF['site_url'] . '/comment.php?mode=view&amp;cid=' . $C['cid'];
                $user_templates->set_var('comment_title', COM_createLink($C['title'], $comment_url, array('class' => '')));
                $commenttime = COM_getUserDateTimeFormat($C['unixdate']);
                $user_templates->set_var('comment_date', $commenttime[0]);
                $user_templates->parse('comment_row', 'row', true);
            }
        } else {
            $user_templates->set_var('comment_row', '<tr><td>' . $LANG01[29] . '</td></tr>');
        }
    }
    // posting stats for this user
    $user_templates->set_var('lang_number_stories', $LANG04[84]);
    $sql = "SELECT COUNT(*) AS count FROM {$_TABLES['stories']} WHERE (uid = " . (int) $user . ") AND (draft_flag = 0) AND (date <= NOW())" . COM_getPermSQL('AND');
    $result = DB_query($sql);
    $N = DB_fetchArray($result);
    $user_templates->set_var('number_stories', COM_numberFormat($N['count']));
    if (!isset($_CONF['comment_engine']) || $_CONF['comment_engine'] == 'internal') {
        $user_templates->set_var('lang_number_comments', $LANG04[85]);
        $sql = "SELECT COUNT(*) AS count FROM {$_TABLES['comments']} WHERE (uid = " . (int) $user . ")";
        if (!empty($sidList)) {
            $sql .= " AND (sid in ({$sidList}))";
        }
        $result = DB_query($sql);
        $N = DB_fetchArray($result);
        $user_templates->set_var('number_comments', COM_numberFormat($N['count']));
        $user_templates->set_var('lang_all_postings_by', $LANG04[86] . ' ' . $display_name);
    }
    // hook to the profile icon display
    $profileIcons = PLG_profileIconDisplay($user);
    if (is_array($profileIcons) && count($profileIcons) > 0) {
        $user_templates->set_block('profile', 'profileicon', 'pi');
        for ($x = 0; $x < count($profileIcons); $x++) {
            if (isset($profileIcons[$x]['url']) && $profileIcons[$x]['url'] != '' && isset($profileIcons[$x]['icon']) && $profileIcons[$x]['icon'] != '') {
                $user_templates->set_var('profile_icon_url', $profileIcons[$x]['url']);
                $user_templates->set_var('profile_icon_icon', $profileIcons[$x]['icon']);
                $user_templates->set_var('profile_icon_text', $profileIcons[$x]['text']);
                $user_templates->parse('pi', 'profileicon', true);
            }
        }
    }
    // Call custom registration function if enabled and exists
    if ($_CONF['custom_registration'] && function_exists('CUSTOM_userDisplay')) {
        $user_templates->set_var('customfields', CUSTOM_userDisplay($user));
    }
    PLG_profileVariablesDisplay($user, $user_templates);
    $user_templates->parse('output', 'profile');
    $retval .= $user_templates->finish($user_templates->get_var('output'));
    $retval .= PLG_profileBlocksDisplay($user);
    return $retval;
}
Example #10
0
/**
* saves the specified album information
*
* @param    int     album_id    album_id to edit
* @return   string              HTML
*
*/
function MG_saveAlbum($album_id, $actionURL = '')
{
    global $_DB_dbms, $MG_albums, $_USER, $_CONF, $_TABLES, $_MG_CONF, $LANG_MG00, $LANG_MG01, $_POST;
    $update = 0;
    if (isset($_POST['album_id'])) {
        $aid = COM_applyFilter($_POST['album_id'], true);
    } else {
        $aid = 0;
    }
    if (isset($_POST['force_child_update'])) {
        $forceChildPermUpdate = COM_applyFilter($_POST['force_child_update'], true);
    } else {
        $forceChildPermUpdate = 0;
    }
    $thumb = $_FILES['thumbnail'];
    $thumbnail = $thumb['tmp_name'];
    if (isset($_POST['attach_tn'])) {
        $att = COM_applyFilter($_POST['attach_tn']);
    } else {
        $att = 0;
    }
    if ($aid > 0) {
        // should be 0 or negative 1 for create
        $album = $MG_albums[$aid];
        $oldparent = $album->parent;
        $old_tn_attached = $album->tn_attached;
        $old_featured = $album->featured;
        $update = 1;
    } else {
        $album = new mgAlbum();
        $album->id = $aid;
        $update = 0;
        $old_tn_attached = 0;
    }
    if ($_MG_CONF['htmlallowed'] == 1) {
        $album->title = COM_checkHTML(COM_killJS($_POST['album_name']));
        $album->description = COM_checkHTML(COM_killJS($_POST['album_desc']));
    } else {
        $album->title = htmlspecialchars(strip_tags(COM_checkWords(COM_killJS($_POST['album_name']))));
        $album->description = htmlspecialchars(strip_tags(COM_checkWords(COM_killJS($_POST['album_desc']))));
    }
    if ($album->title == "") {
        return MG_errorHandler("You must enter an Album Name");
    }
    $album->parent = COM_applyFilter($_POST['parentaid'], true);
    // we should not need this
    if (isset($_POST['hidden'])) {
        $album->hidden = COM_applyFilter($_POST['hidden'], true);
    } else {
        $album->hidden = 0;
    }
    $album->cover = COM_applyFilter($_POST['cover']);
    $album->cover_filename = COM_applyFilter($_POST['album_cover_filename']);
    if (isset($_POST['enable_album_views'])) {
        $album->enable_album_views = COM_applyFilter($_POST['enable_album_views'], true);
    } else {
        $album->enable_album_views = 0;
    }
    $album->image_skin = COM_applyFilter($_POST['skin']);
    $album->album_skin = COM_applyFilter($_POST['askin']);
    $album->display_skin = COM_applyFilter($_POST['dskin']);
    if (isset($_POST['display_album_desc'])) {
        $album->display_album_desc = COM_applyFilter($_POST['display_album_desc'], true);
    } else {
        $album->display_album_desc = 0;
    }
    if (isset($_POST['enable_comments'])) {
        $album->enable_comments = COM_applyFilter($_POST['enable_comments'], true);
    } else {
        $album->enable_comments = 0;
    }
    $album->exif_display = COM_applyFilter($_POST['enable_exif'], true);
    if (isset($_POST['enable_rating'])) {
        $album->enable_rating = COM_applyFilter($_POST['enable_rating'], true);
    } else {
        $album->enable_rating = 0;
    }
    $album->playback_type = COM_applyFilter($_POST['playback_type'], true);
    $album->tn_attached = isset($_POST['attach_tn']) ? COM_applyFilter($_POST['attach_tn'], true) : 0;
    $album->enable_slideshow = COM_applyFilter($_POST['enable_slideshow'], true);
    if (isset($_POST['enable_random'])) {
        $album->enable_random = COM_applyFilter($_POST['enable_random'], true);
    } else {
        $album->enable_random = 0;
    }
    if (isset($_POST['enable_shutterfly'])) {
        $album->enable_shutterfly = COM_applyFilter($_POST['enable_shutterfly'], true);
    } else {
        $album->enable_shutterfly = 0;
    }
    if (isset($_POST['enable_views'])) {
        $album->enable_views = COM_applyFilter($_POST['enable_views'], true);
    } else {
        $album->enable_views = 0;
    }
    if (isset($_POST['enable_keywords'])) {
        $album->enable_keywords = COM_applyFilter($_POST['enable_keywords'], true);
    } else {
        $album->enable_keywords = 0;
    }
    if (isset($_POST['enable_sort'])) {
        $album->enable_sort = COM_applyFilter($_POST['enable_sort'], true);
    } else {
        $album->enable_sort = 0;
    }
    if (isset($_POST['enable_rss'])) {
        $album->enable_rss = COM_applyFilter($_POST['enable_rss'], true);
    } else {
        $album->enable_rss = 0;
    }
    $album->enable_postcard = COM_applyFilter($_POST['enable_postcard'], true);
    if (isset($_POST['albums_first'])) {
        $album->albums_first = COM_applyFilter($_POST['albums_first'], true);
    } else {
        $album->albums_first = 0;
    }
    if (isset($_POST['allow_download'])) {
        $album->allow_download = COM_applyFilter($_POST['allow_download'], true);
    } else {
        $album->allow_download = 0;
    }
    if (isset($_POST['usealternate'])) {
        $album->useAlternate = COM_applyFilter($_POST['usealternate'], true);
    } else {
        $album->useAlternate = 0;
    }
    $album->full = COM_applyFilter($_POST['full_display'], true);
    $album->tn_size = COM_applyFilter($_POST['tn_size'], true);
    $album->max_image_height = COM_applyFilter($_POST['max_image_height'], true);
    $album->max_image_width = COM_applyFilter($_POST['max_image_width'], true);
    $album->max_filesize = COM_applyFilter($_POST['max_filesize'], true);
    if ($album->max_filesize != 0) {
        $album->max_filesize = $album->max_filesize * 1024;
    }
    $album->display_image_size = COM_applyFilter($_POST['display_image_size'], true);
    $album->display_rows = COM_applyFilter($_POST['display_rows'], true);
    $album->display_columns = COM_applyFilter($_POST['display_columns'], true);
    $album->skin = COM_applyFilter($_POST['album_theme']);
    if (isset($_POST['filename_title'])) {
        $album->filename_title = COM_applyFilter($_POST['filename_title'], true);
    } else {
        $album->filename_title = 0;
    }
    $album->shopping_cart = 0;
    if (isset($_POST['wm_auto'])) {
        $album->wm_auto = COM_applyFilter($_POST['wm_auto'], true);
    } else {
        $album->wm_auto = 0;
    }
    $album->wm_id = COM_applyFilter($_POST['wm_id']);
    $album->wm_opacity = COM_applyFilter($_POST['wm_opacity'], true);
    $album->wm_location = COM_applyFilter($_POST['wm_location'], true);
    $album->album_sort_order = COM_applyFilter($_POST['album_sort_order'], true);
    if (isset($_POST['uploads'])) {
        $album->member_uploads = COM_applyFilter($_POST['uploads'], true);
    } else {
        $album->member_uploads = 0;
    }
    if (isset($_POST['moderate'])) {
        $album->moderate = COM_applyFilter($_POST['moderate'], true);
    } else {
        $album->moderate = 0;
    }
    if (isset($_POST['email_mod'])) {
        $album->email_mod = COM_applyFilter($_POST['email_mod'], true);
    } else {
        $album->email_mod = 0;
    }
    if (isset($_POST['podcast'])) {
        $album->podcast = COM_applyFilter($_POST['podcast'], true);
    } else {
        $album->podcast = 0;
    }
    if (isset($_POST['mp3ribbon'])) {
        $album->mp3ribbon = COM_applyFilter($_POST['mp3ribbon'], true);
    } else {
        $album->mp3ribbon = 0;
    }
    if (isset($_POST['rsschildren'])) {
        $album->rssChildren = COM_applyFilter($_POST['rsschildren'], true);
    } else {
        $album->rssChildren = 0;
    }
    if (isset($_POST['tnheight'])) {
        $album->tnHeight = COM_applyFilter($_POST['tnheight'], true);
        if ($album->tnHeight == 0) {
            $album->tnHeight = 200;
        }
    } else {
        $album->tnHeight = 200;
    }
    if (isset($_POST['tnwidth'])) {
        $album->tnWidth = COM_applyFilter($_POST['tnwidth'], true);
        if ($album->tnWidth == 0) {
            $album->tnWidth = 200;
        }
    } else {
        $album->tnWidth = 200;
    }
    if (SEC_hasRights('mediagallery.admin')) {
        $format_jpg = isset($_POST['format_jpg']) ? COM_applyFilter($_POST['format_jpg'], true) : 0;
        $format_png = isset($_POST['format_png']) ? COM_applyFilter($_POST['format_png'], true) : 0;
        $format_tif = isset($_POST['format_tif']) ? COM_applyFilter($_POST['format_tif'], true) : 0;
        $format_gif = isset($_POST['format_gif']) ? COM_applyFilter($_POST['format_gif'], true) : 0;
        $format_bmp = isset($_POST['format_bmp']) ? COM_applyFilter($_POST['format_bmp'], true) : 0;
        $format_tga = isset($_POST['format_tga']) ? COM_applyFilter($_POST['format_tga'], true) : 0;
        $format_psd = isset($_POST['format_psd']) ? COM_applyFilter($_POST['format_psd'], true) : 0;
        $format_mp3 = isset($_POST['format_mp3']) ? COM_applyFilter($_POST['format_mp3'], true) : 0;
        $format_ogg = isset($_POST['format_ogg']) ? COM_applyFilter($_POST['format_ogg'], true) : 0;
        $format_asf = isset($_POST['format_asf']) ? COM_applyFilter($_POST['format_asf'], true) : 0;
        $format_swf = isset($_POST['format_swf']) ? COM_applyFilter($_POST['format_swf'], true) : 0;
        $format_mov = isset($_POST['format_mov']) ? COM_applyFilter($_POST['format_mov'], true) : 0;
        $format_mp4 = isset($_POST['format_mp4']) ? COM_applyFilter($_POST['format_mp4'], true) : 0;
        $format_mpg = isset($_POST['format_mpg']) ? COM_applyFilter($_POST['format_mpg'], true) : 0;
        $format_zip = isset($_POST['format_zip']) ? COM_applyFilter($_POST['format_zip'], true) : 0;
        $format_other = isset($_POST['format_other']) ? COM_applyFilter($_POST['format_other'], true) : 0;
        $format_flv = isset($_POST['format_flv']) ? COM_applyFilter($_POST['format_flv'], true) : 0;
        $format_rflv = isset($_POST['format_rflv']) ? COM_applyFilter($_POST['format_rflv'], true) : 0;
        $format_emb = isset($_POST['format_emb']) ? COM_applyFilter($_POST['format_emb'], true) : 0;
        $album->valid_formats = $format_jpg + $format_png + $format_tif + $format_gif + $format_bmp + $format_tga + $format_psd + $format_mp3 + $format_ogg + $format_asf + $format_swf + $format_mov + $format_mp4 + $format_mpg + $format_zip + $format_other + $format_flv + $format_rflv + $format_emb;
        if (isset($_POST['featured'])) {
            $album->featured = COM_applyFilter($_POST['featured'], true);
            // admin only
        } else {
            $album->featured = 0;
        }
        $album->cbposition = COM_applyFilter($_POST['featureposition'], true);
        // admin only
        $album->cbpage = COM_applyFilter($_POST['featurepage']);
        // admin only
        $album->group_id = isset($_POST['group_id']) ? COM_applyFilter($_POST['group_id']) : 0;
        // admin only
        $album->mod_group_id = isset($_POST['mod_id']) ? COM_applyFilter($_POST['mod_id'], true) : 0;
        // admin only
        $perm_owner = isset($_POST['perm_owner']) ? $_POST['perm_owner'] : 0;
        // admin only
        $perm_group = isset($_POST['perm_group']) ? $_POST['perm_group'] : 0;
        // admin only
        $perm_members = isset($_POST['perm_members']) ? $_POST['perm_members'] : 0;
        $perm_anon = isset($_POST['perm_anon']) ? $_POST['perm_anon'] : 0;
        list($album->perm_owner, $album->perm_group, $album->perm_members, $album->perm_anon) = SEC_getPermissionValues($perm_owner, $perm_group, $perm_members, $perm_anon);
    } else {
        $perm_owner = $album->perm_owner;
        // already set by existing album?
        $perm_group = $album->perm_group;
        // already set by existing album?
        if ($update == 0) {
            if (isset($MG_albums[$album->parent]->group_id)) {
                $grp_id = $MG_albums[$album->parent]->group_id;
                $album->group_id = $grp_id;
            } else {
                $gresult = DB_query("SELECT grp_id FROM {$_TABLES['groups']} WHERE grp_name LIKE 'mediagallery Admin'");
                $grow = DB_fetchArray($gresult);
                $grp_id = $grow['grp_id'];
                $album->group_id = $grp_id;
                // only do these two if create....
            }
            $album->mod_group_id = $_MG_CONF['member_mod_group_id'];
            if ($album->mod_group_id == '' || $album->mod_group_id < 1) {
                $album->mod_group_id = $grp_id;
            }
        }
        $perm_members = $_POST['perm_members'];
        $perm_anon = $_POST['perm_anon'];
        list($junk1, $junk2, $album->perm_members, $album->perm_anon) = SEC_getPermissionValues($perm_owner, $perm_group, $perm_members, $perm_anon);
    }
    if (isset($_POST['owner_id'])) {
        $album->owner_id = COM_applyFilter($_POST['owner_id']);
    } else {
        $album->owner_id = 2;
    }
    // simple check to see if we can create off the album root...
    if (!SEC_hasRights('mediagallery.admin')) {
        if ($album->parent == $_MG_CONF['member_album_root'] && $update == 0) {
            if ($_MG_CONF['member_create_new'] == 0) {
                return MG_errorHandler("Cannot create a new album off the member root, please select a new parent album");
            }
        }
    }
    // final permission check to make sure we have the proper rights to create here....
    if ($album->parent == 0 && $update == 0 && !$_MG_CONF['member_albums'] == 1 && !$_MG_CONF['member_album_root'] == 0) {
        // see if we are mediagallery.admin
        if (!SEC_hasRights('mediagallery.admin')) {
            COM_errorLog("MediaGallery: Someone has tried to illegally save a Media Gallery Album in Root.  User id: {$_USER['uid']}, Username: {$_USER['username']}, IP: {$REMOTE_ADDR}", 1);
            return MG_genericError($LANG_MG00['access_denied_msg']);
        }
    } elseif ($album->parent != 0) {
        if (!isset($MG_albums[$album->parent]->id)) {
            // does not exist...
            COM_errorLog("MediaGallery: Someone has tried to save a album to non-existent parent album.  User id: {$_USER['uid']}, Username: {$_USER['username']}, IP: {$REMOTE_ADDR}", 1);
            return MG_genericError($LANG_MG00['access_denied_msg']);
        } else {
            if ($MG_albums[$album->parent]->access != 3 && !SEC_hasRights('mediagallery.admin') && !$_MG_CONF['member_albums'] && !($_MG_CONF['member_album_root'] == $MG_album[$album->parent]->id)) {
                COM_errorLog("MediaGallery: Someone has tried to illegally save a Media Gallery Album.  User id: {$_USER['uid']}, Username: {$_USER['username']}, IP: {$REMOTE_ADDR}", 1);
                return MG_genericError($LANG_MG00['access_denied_msg']);
            }
        }
    }
    if ($old_tn_attached == 0 && $album->tn_attached == 1 && $thumb['tmp_name'] == '') {
        $album->tn_attached = 0;
    }
    if ($old_tn_attached == 1 && $album->tn_attached == 0) {
        $remove_old_tn = 1;
    } else {
        $remove_old_tn = 0;
    }
    if ($thumb['tmp_name'] != '' && $album->tn_attached == 1) {
        $thumbnail = $thumb['tmp_name'];
        $attachtn = 1;
    } else {
        $attachtn = 0;
    }
    // pull the watermark id associated with the filename...
    if ($album->wm_id == 'blank.png') {
        $wm_id = 0;
    } else {
        $wm_id = DB_getItem($_TABLES['mg_watermarks'], 'wm_id', 'filename="' . DB_escapeString($album->wm_id) . '"');
    }
    if ($wm_id == '') {
        $wm_id = 0;
    }
    if ($wm_id == 0) {
        $album->wm_auto = 0;
    }
    $album->wm_id = $wm_id;
    // handle new featured albums
    if (SEC_hasRights('mediagallery.admin')) {
        if ($album->featured) {
            // check for other featured albums, we can only have one
            $sql = "SELECT album_id FROM {$_TABLES['mg_albums']} WHERE featured=1 AND cbpage='" . DB_escapeString($album->cbpage) . "'";
            $result = DB_query($sql);
            $nRows = DB_numRows($result);
            if ($nRows > 0) {
                $row = DB_fetchArray($result);
                $sql = "UPDATE {$_TABLES['mg_albums']} SET featured=0 WHERE album_id=" . $row['album_id'];
                DB_query($sql);
            }
        }
    } else {
        // if a new album, set the member album defaults since we are a non-admin
        if ($album->isMemberAlbum() && update == 0) {
            $album->perm_owner = $_MG_CONF['member_perm_owner'];
            $album->perm_group = $_MG_CONF['member_perm_group'];
            $album->enable_random = $_MG_CONF['member_enable_random'];
            $album->max_image_height = $_MG_CONF['member_max_height'];
            $album->max_image_width = $_MG_CONF['member_max_width'];
            $album->max_filesize = $_MG_CONF['member_max_filesize'];
            $album->member_uploads = $_MG_CONF['member_uploads'];
            $album->moderate = $_MG_CONF['member_moderate'];
            $album->email_mod = $_MG_CONF['member_email_mod'];
            $album->valid_formats = $_MG_CONF['member_valid_formats'];
        }
    }
    $album->title = substr($album->title, 0, 254);
    if ($_DB_dbms == "mssql") {
        $album->description = substr($album->description, 0, 1500);
    }
    if ($album->last_update == '') {
        $album->last_update = 0;
    }
    $album->last_update = intval($album->last_update);
    if ($album->id < 1) {
        $album->id = $album->createAlbumID();
        $aid = $album->id;
        $album->order = $album->getNextSortOrder();
    }
    if ($album->id == 0) {
        COM_errorLog("MediaGallery: Internal Error - album_id = 0 - Contact mark@glfusion.org  ");
        return MG_genericError($LANG_MG00['access_denied_msg']);
    }
    $album->saveAlbum();
    $album->updateChildPermissions($forceChildPermUpdate);
    // now handle the attached cover...
    if ($attachtn == 1) {
        if (!function_exists('MG_getFile')) {
            require_once $_CONF['path'] . 'plugins/mediagallery/include/lib-upload.php';
        }
        $media_filename = $_MG_CONF['path_mediaobjects'] . 'covers/cover_' . $album->id;
        MG_attachThumbnail($album->id, $thumbnail, $media_filename);
    }
    if ($remove_old_tn == 1) {
        foreach ($_MG_CONF['validExtensions'] as $ext) {
            if (file_exists($_MG_CONF['path_mediaobjects'] . 'covers/cover_' . $album->id . $ext)) {
                @unlink($_MG_CONF['path_mediaobjects'] . 'covers/cover_' . $album->id . $ext);
                break;
            }
        }
    }
    MG_initAlbums(1);
    // do any album sorting here...
    if (isset($MG_albums[$aid]) && $MG_albums[$aid]->parent == 0) {
        switch ($MG_albums[$aid]->album_sort_order) {
            case 0:
                break;
            case 3:
                // upload, asc
                MG_staticSortAlbum($aid, 2, 1, 0);
                break;
            case 4:
                // upload, desc
                MG_staticSortAlbum($aid, 2, 0, 0);
                break;
            case 5:
                // title, asc
                MG_staticSortAlbum($aid, 0, 1, 0);
                break;
            case 6:
                // title, desc
                MG_staticSortAlbum($aid, 0, 0, 0);
                break;
            case 7:
                // rating, desc
                MG_staticSortAlbum($aid, 3, 0, 0);
                break;
            case 8:
                // rating, desc
                MG_staticSortAlbum($aid, 3, 1, 0);
                break;
            default:
                // skip it...
                break;
        }
    } else {
        // not a root album...
        switch ($MG_albums[$MG_albums[$aid]->parent]->album_sort_order) {
            case 0:
                break;
            case 3:
                // upload, asc
                MG_staticSortAlbum($MG_albums[$aid]->parent, 2, 1, 0);
                break;
            case 4:
                // upload, desc
                MG_staticSortAlbum($MG_albums[$aid]->parent, 2, 0, 0);
                break;
            case 5:
                // title, asc
                MG_staticSortAlbum($MG_albums[$aid]->parent, 0, 1, 0);
                break;
            case 6:
                // title, desc
                MG_staticSortAlbum($MG_albums[$aid]->parent, 0, 0, 0);
                break;
            case 7:
                // rating, desc
                MG_staticSortAlbum($MG_albums[$aid]->parent, 3, 0, 0);
                break;
            case 8:
                // rating, desc
                MG_staticSortAlbum($MG_albums[$aid]->parent, 3, 1, 0);
                break;
            default:
                // skip it...
                break;
        }
        // now call it for myself to sort my subs
        switch ($MG_albums[$aid]->album_sort_order) {
            case 0:
                break;
            case 3:
                // upload, asc
                MG_staticSortAlbum($aid, 2, 1, 0);
                break;
            case 4:
                // upload, desc
                MG_staticSortAlbum($aid, 2, 0, 0);
                break;
            case 5:
                // title, asc
                MG_staticSortAlbum($aid, 0, 1, 0);
                break;
            case 6:
                // title, desc
                MG_staticSortAlbum($aid, 0, 0, 0);
                break;
            case 7:
                // rating, desc
                MG_staticSortAlbum($aid, 3, 0, 0);
                break;
            case 8:
                // rating, desc
                MG_staticSortAlbum($aid, 3, 1, 0);
                break;
            default:
                // skip it...
                break;
        }
    }
    if (!function_exists('MG_buildFullRSS')) {
        require_once $_CONF['path'] . 'plugins/mediagallery/include/rssfeed.php';
    }
    MG_buildFullRSS();
    MG_buildAlbumRSS($album->id);
    $actionURL = $_MG_CONF['site_url'] . '/album.php?aid=' . $album->id;
    echo COM_refresh($actionURL);
    exit;
}
Example #11
0
function ppFilterText($parameter)
{
    // Need to call addslashes again as COM_checkHTML stips it out
    $var = COM_checkHTML($parameter);
    $var = COM_checkWords($var);
    $var = COM_killJS($var);
    $var = addslashes($var);
    return $var;
}
Example #12
0
/**
 * Shows a profile for a user
 * This grabs the user profile for a given user and displays it
 *
 * @param    int     $uid     User ID of profile to get
 * @param    boolean $preview whether being called as preview from My Account
 * @param    int     $msg     Message to display (if != 0)
 * @param    string  $plugin  optional plugin name for message
 * @return   string              HTML for user profile page
 */
function USER_showProfile($uid, $preview = false, $msg = 0, $plugin = '')
{
    global $_CONF, $_TABLES, $_USER, $_IMAGE_TYPE, $LANG01, $LANG04, $LANG09, $LANG28, $LANG_LOGIN, $LANG_ADMIN;
    $retval = '';
    if (COM_isAnonUser() && ($_CONF['loginrequired'] == 1 || $_CONF['profileloginrequired'] == 1)) {
        $retval .= SEC_loginRequiredForm();
        $retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG_LOGIN[1]));
        return $retval;
    }
    $result = DB_query("SELECT {$_TABLES['users']}.uid,username,fullname,regdate,homepage,about,location,pgpkey,photo,email,status FROM {$_TABLES['userinfo']},{$_TABLES['users']} WHERE {$_TABLES['userinfo']}.uid = {$_TABLES['users']}.uid AND {$_TABLES['users']}.uid = {$uid}");
    $numRows = DB_numRows($result);
    if ($numRows == 0) {
        // no such user
        COM_handle404();
    }
    $A = DB_fetchArray($result);
    if ($A['status'] == USER_ACCOUNT_DISABLED && !SEC_hasRights('user.edit')) {
        COM_displayMessageAndAbort(30, '', 403, 'Forbidden');
    }
    if ($A['status'] != USER_ACCOUNT_ACTIVE && !SEC_hasRights('user.edit')) {
        COM_handle404();
    }
    $display_name = COM_getDisplayName($uid, $A['username'], $A['fullname']);
    $display_name = htmlspecialchars($display_name);
    if (!$preview) {
        if ($msg > 0) {
            $retval .= COM_showMessage($msg, $plugin);
        }
    }
    // format date/time to user preference
    $currentTime = COM_getUserDateTimeFormat($A['regdate']);
    $A['regdate'] = $currentTime[0];
    $user_templates = COM_newTemplate($_CONF['path_layout'] . 'users');
    $user_templates->set_file(array('profile' => 'profile.thtml', 'email' => 'email.thtml', 'row' => 'commentrow.thtml', 'strow' => 'storyrow.thtml'));
    $user_templates->set_var('start_block_userprofile', COM_startBlock($LANG04[1] . ' ' . $display_name));
    $user_templates->set_var('end_block', COM_endBlock());
    $user_templates->set_var('lang_username', $LANG04[2]);
    if ($_CONF['show_fullname'] == 1) {
        if (empty($A['fullname'])) {
            $userName = $A['username'];
            $fullName = '';
        } else {
            $userName = $A['fullname'];
            $fullName = $A['username'];
        }
    } else {
        $userName = $A['username'];
        $fullName = $A['fullname'];
    }
    $userName = htmlspecialchars($userName);
    $fullName = htmlspecialchars($fullName);
    if ($A['status'] == USER_ACCOUNT_DISABLED) {
        $userName = sprintf('<s title="%s">%s</s>', $LANG28[42], $userName);
        if (!empty($fullName)) {
            $fullName = sprintf('<s title="%s">%s</s>', $LANG28[42], $fullName);
        }
    }
    $user_templates->set_var('username', $userName);
    $user_templates->set_var('user_fullname', $fullName);
    if ($preview) {
        $user_templates->set_var('edit_icon', '');
        $user_templates->set_var('edit_link', '');
        $user_templates->set_var('user_edit', '');
    } elseif (!COM_isAnonUser() && $_USER['uid'] == $uid) {
        $edit_icon = '<img src="' . $_CONF['layout_url'] . '/images/edit.' . $_IMAGE_TYPE . '" alt="' . $LANG01[48] . '" title="' . $LANG01[48] . '"' . XHTML . '>';
        $edit_link_url = COM_createLink($edit_icon, $_CONF['site_url'] . '/usersettings.php');
        $user_templates->set_var('edit_icon', $edit_icon);
        $user_templates->set_var('edit_link', $edit_link_url);
        $user_templates->set_var('user_edit', $edit_link_url);
    } elseif (SEC_hasRights('user.edit')) {
        $edit_icon = '<img src="' . $_CONF['layout_url'] . '/images/edit.' . $_IMAGE_TYPE . '" alt="' . $LANG_ADMIN['edit'] . '" title="' . $LANG_ADMIN['edit'] . '"' . XHTML . '>';
        $edit_link_url = COM_createLink($edit_icon, "{$_CONF['site_admin_url']}/user.php?mode=edit&amp;uid={$A['uid']}");
        $user_templates->set_var('edit_icon', $edit_icon);
        $user_templates->set_var('edit_link', $edit_link_url);
        $user_templates->set_var('user_edit', $edit_link_url);
    }
    if (isset($A['photo']) && empty($A['photo'])) {
        $A['photo'] = '(none)';
        // user does not have a photo
    }
    $photo = USER_getPhoto($uid, $A['photo'], $A['email'], -1);
    $user_templates->set_var('user_photo', $photo);
    $user_templates->set_var('lang_membersince', $LANG04[67]);
    $user_templates->set_var('user_regdate', $A['regdate']);
    $user_templates->set_var('lang_email', $LANG04[5]);
    $user_templates->set_var('user_id', $uid);
    $user_templates->set_var('uid', $uid);
    if ($A['email'] != '') {
        $user_templates->set_var('lang_sendemail', $LANG04[81]);
        $user_templates->parse('email_option', 'email', true);
    } else {
        $user_templates->set_var('email_option', '');
    }
    $user_templates->set_var('lang_homepage', $LANG04[6]);
    $user_templates->set_var('user_homepage', COM_killJS($A['homepage']));
    $user_templates->set_var('lang_location', $LANG04[106]);
    $user_templates->set_var('user_location', strip_tags($A['location']));
    $user_templates->set_var('lang_bio', $LANG04[7]);
    $user_templates->set_var('user_bio', COM_nl2br(stripslashes($A['about'])));
    $user_templates->set_var('lang_pgpkey', $LANG04[8]);
    $user_templates->set_var('user_pgp', COM_nl2br($A['pgpkey']));
    $user_templates->set_var('start_block_last10stories', COM_startBlock($LANG04[82] . ' ' . $display_name));
    $user_templates->set_var('start_block_last10comments', COM_startBlock($LANG04[10] . ' ' . $display_name));
    $user_templates->set_var('start_block_postingstats', COM_startBlock($LANG04[83] . ' ' . $display_name));
    $user_templates->set_var('lang_title', $LANG09[16]);
    $user_templates->set_var('lang_date', $LANG09[17]);
    // for alternative layouts: use these as headlines instead of block titles
    $user_templates->set_var('headline_last10stories', $LANG04[82]);
    $user_templates->set_var('headline_last10comments', $LANG04[10]);
    $user_templates->set_var('headline_postingstats', $LANG04[83]);
    $tids = TOPIC_getList(0, true, false);
    $topics = "'" . implode("','", $tids) . "'";
    // list of last 10 stories by this user
    if (count($tids) > 0) {
        $sql = "SELECT sid,title,UNIX_TIMESTAMP(date) AS unixdate\n            FROM {$_TABLES['stories']}, {$_TABLES['topic_assignments']} ta\n            WHERE (uid = {$uid}) AND (draft_flag = 0) AND (date <= NOW()) AND (tid IN ({$topics}))" . COM_getPermSQL('AND') . "\n            AND ta.type = 'article' AND ta.id = sid AND ta.tdefault = 1\n            ORDER BY unixdate DESC LIMIT 10";
        $result = DB_query($sql);
        $numRows = DB_numRows($result);
    } else {
        $numRows = 0;
    }
    if ($numRows > 0) {
        for ($i = 0; $i < $numRows; $i++) {
            $C = DB_fetchArray($result);
            $user_templates->set_var('cssid', $i % 2 + 1);
            $user_templates->set_var('row_number', $i + 1 . '.');
            $articleUrl = COM_buildURL($_CONF['site_url'] . '/article.php?story=' . $C['sid']);
            $user_templates->set_var('article_url', $articleUrl);
            $C['title'] = str_replace('$', '&#36;', $C['title']);
            $user_templates->set_var('story_title', COM_createLink(stripslashes($C['title']), $articleUrl, array('class' => 'b')));
            $storyTime = COM_getUserDateTimeFormat($C['unixdate']);
            $user_templates->set_var('story_date', $storyTime[0]);
            $user_templates->parse('story_row', 'strow', true);
        }
    } else {
        $story_row = $LANG01[37];
        if ($_CONF['supported_version_theme'] == '1.8.1') {
            $story_row = '<tr><td>' . $story_row . '</td></tr>';
        }
        $user_templates->set_var('story_row', $story_row);
    }
    // list of last 10 comments by this user
    $new_plugin_comments = PLG_getWhatsNewComment('', 10, $uid);
    if (!empty($new_plugin_comments)) {
        // Sort array by element lastdate newest to oldest
        foreach ($new_plugin_comments as $k => $v) {
            $b[$k] = strtolower($v['unixdate']);
        }
        arsort($b);
        foreach ($b as $key => $val) {
            $temp[] = $new_plugin_comments[$key];
        }
        $new_plugin_comments = $temp;
        $i = 0;
        foreach ($new_plugin_comments as $C) {
            $i = $i + 1;
            $user_templates->set_var('cssid', $i % 2);
            $user_templates->set_var('row_number', $i . '.');
            $C['title'] = str_replace('$', '&#36;', $C['title']);
            $comment_url = $_CONF['site_url'] . '/comment.php?mode=view&amp;cid=' . $C['cid'];
            $user_templates->set_var('comment_title', COM_createLink(stripslashes($C['title']), $comment_url, array('class' => 'b')));
            $commentTime = COM_getUserDateTimeFormat($C['unixdate']);
            $user_templates->set_var('comment_date', $commentTime[0]);
            $user_templates->parse('comment_row', 'row', true);
            if ($i == 10) {
                break;
            }
        }
    } else {
        $comment_row = $LANG01[29];
        if ($_CONF['supported_version_theme'] == '1.8.1') {
            $comment_row = '<tr><td>' . $comment_row . '</td></tr>';
        }
        $user_templates->set_var('comment_row', $comment_row);
    }
    // posting stats for this user
    $user_templates->set_var('lang_number_stories', $LANG04[84]);
    $sql = "SELECT COUNT(*) AS count FROM {$_TABLES['stories']} WHERE (uid = {$uid}) AND (draft_flag = 0) AND (date <= NOW())" . COM_getPermSQL('AND');
    $result = DB_query($sql);
    $N = DB_fetchArray($result);
    $user_templates->set_var('number_stories', COM_numberFormat($N['count']));
    $user_templates->set_var('lang_number_comments', $LANG04[85]);
    $sql = "SELECT COUNT(*) AS count FROM {$_TABLES['comments']} WHERE (uid = {$uid})";
    $result = DB_query($sql);
    $N = DB_fetchArray($result);
    $user_templates->set_var('number_comments', COM_numberFormat($N['count']));
    $user_templates->set_var('lang_all_postings_by', $LANG04[86] . ' ' . $display_name);
    // Call custom registration function if enabled and exists
    if ($_CONF['custom_registration'] && function_exists('CUSTOM_userDisplay')) {
        $user_templates->set_var('customfields', CUSTOM_userDisplay($uid));
    }
    PLG_profileVariablesDisplay($uid, $user_templates);
    $user_templates->parse('output', 'profile');
    $retval .= $user_templates->finish($user_templates->get_var('output'));
    $retval .= PLG_profileBlocksDisplay($uid);
    if (!$preview) {
        $retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG04[1] . ' ' . $display_name));
    }
    return $retval;
}
Example #13
0
function _MG_getFile($filename, $file, $albums, $caption = '', $description = '', $upload = 1, $purgefiles = 0, $filetype, $atttn, $thumbnail, $keywords = '', $category = 0, $dnc = 0, $replace = 0, $userid)
{
    global $MG_albums, $_CONF, $_MG_CONF, $_USER, $_TABLES, $LANG_MG00, $LANG_MG01, $LANG_MG02, $new_media_id;
    $artist = '';
    $musicAlbum = '';
    $genre = '';
    $video_attached_thumbnail = 0;
    $successfulWatermark = 0;
    $dnc = 1;
    $errors = 0;
    $errMsg = '';
    clearstatcache();
    if (!file_exists($filename)) {
        $errMsg = $LANG_MG02['upload_not_found'];
        return array(false, $errMsg);
    }
    clearstatcache();
    if (!is_readable($filename)) {
        $errMsg = $LANG_MG02['upload_not_readable'];
        return array(false, $errMsg);
    }
    // make sure we have the proper permissions to upload to this album....
    if (!isset($MG_albums[$albums]->id)) {
        $errMsg = $LANG_MG02['album_nonexist'];
        // "Album does not exist, unable to process uploads";
        return array(false, $errMsg);
    }
    sleep(1);
    // We do this to make sure we don't get dupe sid's
    /*
     * The following section of code will generate a unique name for a temporary
     * file and copy the uploaded file to the Media Gallery temp directory.
     * We do this to prevent any SAFE MODE issues when we later open the
     * file to determine the mime type.
     */
    if (empty($_USER['username']) || $_USER['username'] == '') {
        $_USER['username'] = '******';
    }
    $tmpPath = $_MG_CONF['tmp_path'] . '/' . $_USER['username'] . COM_makesid() . '.tmp';
    if ($upload) {
        $rc = @move_uploaded_file($filename, $tmpPath);
    } else {
        $rc = @copy($filename, $tmpPath);
        $importSource = $filename;
    }
    if ($rc != 1) {
        $errors++;
        $errMsg .= sprintf($LANG_MG02['move_error'], $filename);
        @unlink($tmpPath);
        return array(false, $errMsg);
    }
    $filename = $tmpPath;
    if ($replace > 0) {
        $new_media_id = $replace;
    } else {
        $new_media_id = COM_makesid();
    }
    $media_time = time();
    $media_upload_time = time();
    $media_user_id = $userid;
    $mimeInfo = IMG_getMediaMetaData($filename);
    $mimeExt = strtolower(substr(strrchr($file, "."), 1));
    $mimeInfo['type'] = $mimeExt;
    if (!isset($mimeInfo['mime_type']) || $mimeInfo['mime_type'] == '') {
        $mimeInfo['mime_type'] = $filetype;
    }
    $gotTN = 0;
    if (isset($mimeInfo['id3v2']['APIC'][0]['mime']) && $mimeInfo['id3v2']['APIC'][0]['mime'] == 'image/jpeg') {
        $mp3AttachdedThumbnail = $mimeInfo['id3v2']['APIC'][0]['data'];
        $gotTN = 1;
    }
    if ($mimeExt == '' || $mimeInfo['mime_type'] == 'application/octet-stream' || $mimeInfo['mime_type'] == '') {
        // assume format based on file upload info...
        switch ($filetype) {
            case 'audio/mpeg':
                $mimeInfo['type'] = 'mp3';
                $mimeInfo['mime_type'] = 'audio/mpeg';
                $mimeExt = 'mp3';
                break;
            case 'image/tga':
                $mimeInfo['type'] = 'tga';
                $mimeInfo['mime_type'] = 'image/tga';
                $mimeExt = 'tga';
                break;
            case 'image/psd':
                $mimeInfo['type'] = 'psd';
                $mimeInfo['mime_type'] = 'image/psd';
                $mimeExt = 'psd';
                break;
            case 'image/gif':
                $mimeInfo['type'] = 'gif';
                $mimeInfo['mime_type'] = 'image/gif';
                $mimeExt = 'gif';
                break;
            case 'image/jpeg':
            case 'image/jpg':
                $mimeInfo['type'] = 'jpg';
                $mimeInfo['mime_type'] = 'image/jpeg';
                $mimeExt = 'jpg';
                break;
            case 'image/png':
                $mimeInfo['type'] = 'png';
                $mimeInfo['mime_type'] = 'image/png';
                $mimeExt = 'png';
                break;
            case 'image/bmp':
                $mimeInfo['type'] = 'bmp';
                $mimeInfo['mime_type'] = 'image/bmp';
                $mimeExt = 'bmp';
                break;
            case 'application/x-shockwave-flash':
                $mimeInfo['type'] = 'swf';
                $mimeInfo['mime_type'] = 'application/x-shockwave-flash';
                $mimeExt = 'swf';
                break;
            case 'application/zip':
                $mimeInfo['type'] = 'zip';
                $mimeInfo['mime_type'] = 'application/zip';
                $mimeExt = 'zip';
                break;
            case 'audio/mpeg':
                $mimeInfo['type'] = 'mp3';
                $mimeInfo['mime_type'] = 'audio/mpeg';
                $mimeExt = 'mp3';
                break;
            case 'video/quicktime':
                $mimeInfo['type'] = 'mov';
                $mimeInfo['mime_type'] = 'video/quicktime';
                $mimeExt = 'mov';
                break;
            case 'video/x-m4v':
                $mimeInfo['type'] = 'mov';
                $mimeInfo['mime_type'] = 'video/x-m4v';
                $mimeExt = 'mov';
                break;
            case 'video/x-flv':
                $mimeInfo['type'] = 'flv';
                $mimeInfo['mime_type'] = 'video/x-flv';
                $mimeExt = 'flv';
                break;
            case 'audio/x-ms-wma':
                $mimeInfo['type'] = 'wma';
                $mimeInfo['mime_type'] = 'audio/x-ms-wma';
                $mimeExt = 'wma';
                break;
            default:
                $file_extension = strtolower(substr(strrchr($file, "."), 1));
                switch ($file_extension) {
                    case 'flv':
                        $mimeInfo['type'] = 'flv';
                        $mimeInfo['mime_type'] = 'video/x-flv';
                        $mimeExt = 'flv';
                        break;
                    case 'wma':
                        $mimeInfo['type'] = 'wma';
                        $mimeInfo['mime_type'] = 'audio/x-ms-wma';
                        $mimeExt = 'wma';
                        break;
                    default:
                        $mimeInfo['type'] = 'file';
                        if ($filetype != '') {
                            $mimeInfo['mime_type'] = $filetype;
                        } else {
                            $mimeInfo['mime_type'] = 'application/octet-stream';
                        }
                        $mimeExt = $file_extension;
                        break;
                }
        }
    }
    switch ($mimeInfo['mime_type']) {
        case 'audio/mpeg':
            $format_type = MG_MP3;
            break;
        case 'image/gif':
            $format_type = MG_GIF;
            break;
        case 'image/jpeg':
        case 'image/jpg':
            $format_type = MG_JPG;
            break;
        case 'image/png':
            $format_type = MG_PNG;
            break;
        case 'image/bmp':
            $format_type = MG_BMP;
            break;
        case 'application/x-shockwave-flash':
            $format_type = MG_SWF;
            break;
        case 'application/zip':
            $format_type = MG_ZIP;
            break;
        case 'video/mpeg':
        case 'video/x-motion-jpeg':
        case 'video/quicktime':
        case 'video/mpeg':
        case 'video/x-mpeg':
        case 'video/x-mpeq2a':
        case 'video/x-qtc':
        case 'video/x-m4v':
            $format_type = MG_MOV;
            break;
        case 'video/x-flv':
            $format_type = MG_FLV;
            break;
        case 'image/tiff':
            $format_type = MG_TIF;
            break;
        case 'image/x-targa':
        case 'image/tga':
            $format_type = MG_TGA;
            break;
        case 'image/psd':
            $format_type = MG_PSD;
            break;
        case 'application/ogg':
            $format_type = MG_OGG;
            break;
        case 'audio/x-ms-wma':
        case 'audio/x-ms-wax':
        case 'audio/x-ms-wmv':
        case 'video/x-ms-asf':
        case 'video/x-ms-asf-plugin':
        case 'video/avi':
        case 'video/msvideo':
        case 'video/x-msvideo':
        case 'video/avs-video':
        case 'video/x-ms-wmv':
        case 'video/x-ms-wvx':
        case 'video/x-ms-wm':
        case 'application/x-troff-msvideo':
        case 'application/x-ms-wmz':
        case 'application/x-ms-wmd':
            $format_type = MG_ASF;
            break;
        case 'application/pdf':
            $format_type = MG_OTHER;
            break;
        default:
            $format_type = MG_OTHER;
            break;
    }
    $mimeType = $mimeInfo['mime_type'];
    if ($filetype == 'video/x-m4v') {
        $mimeType = 'video/x-m4v';
        $mimeInfo['mime_type'] = 'video/x-m4v';
    }
    if (!($MG_albums[$albums]->valid_formats & $format_type)) {
        return array(false, $LANG_MG02['format_not_allowed']);
    }
    if ($replace > 0) {
        $sql = "SELECT * FROM {$_TABLES['mg_media']} WHERE media_id='" . DB_escapeString($replace) . "'";
        $result = DB_query($sql);
        $row = DB_fetchArray($result);
        $media_filename = $row['media_filename'];
    } else {
        if ($_MG_CONF['preserve_filename'] == 1) {
            $loopCounter = 0;
            $digitCounter = 1;
            $file_name = stripslashes($file);
            $file_name = MG_replace_accents($file_name);
            $file_name = preg_replace("#[ ]#", "_", $file_name);
            // change spaces to underscore
            $file_name = preg_replace('#[^\\.\\-,\\w]#', '_', $file_name);
            //only parenthesis, underscore, letters, numbers, comma, hyphen, period - others to underscore
            $file_name = preg_replace('#(_)+#', '_', $file_name);
            //eliminate duplicate underscore
            $pos = strrpos($file_name, '.');
            if ($pos === false) {
                $basefilename = $file_name;
            } else {
                $basefilename = strtolower(substr($file_name, 0, $pos));
            }
            do {
                clearstatcache();
                $media_filename = substr(md5(uniqid(rand())), 0, $digitCounter) . '_' . $basefilename;
                $loopCounter++;
                if ($loopCounter > 16) {
                    $digitCounter++;
                    $loopCounter = 0;
                }
            } while (MG_file_exists($media_filename));
        } else {
            do {
                clearstatcache();
                $media_filename = md5(uniqid(rand()));
            } while (MG_file_exists($media_filename));
        }
    }
    // replace a few mime extentions here...
    //
    $mimeExtLower = strtolower($mimeExt);
    if ($mimeExtLower == 'php') {
        $mimeExt = 'phps';
    } else {
        if ($mimeExtLower == 'pl') {
            $mimeExt = 'txt';
        } else {
            if ($mimeExtLower == 'cgi') {
                $mimeExt = 'txt';
            } else {
                if ($mimeExtLower == 'py') {
                    $mimeExt = 'txt';
                } else {
                    if ($mimeExtLower == 'sh') {
                        $mimeExt = 'txt';
                    } else {
                        if ($mimeExtLower == 'rb') {
                            $mimeExt = 'txt';
                        }
                    }
                }
            }
        }
    }
    $disp_media_filename = $media_filename . '.' . $mimeExt;
    switch ($mimeType) {
        case 'image/psd':
        case 'image/x-targa':
        case 'image/tga':
        case 'image/photoshop':
        case 'image/x-photoshop':
        case 'image/psd':
        case 'application/photoshop':
        case 'application/psd':
        case 'image/tiff':
        case 'image/gif':
        case 'image/jpeg':
        case 'image/jpg':
        case 'image/png':
        case 'image/bmp':
            if ($mimeType == 'image/psd' || $mimeType == 'image/x-targa' || $mimeType == 'image/tga' || $mimeType == 'image/photoshop' || $mimeType == 'image/x-photoshop' || $mimeType == 'image/psd' || $mimeType == 'application/photoshop' || $mimeType == 'application/psd' || $mimeType == 'image/tiff') {
                $media_orig = $_MG_CONF['path_mediaobjects'] . 'orig/' . $media_filename[0] . '/' . $media_filename . "." . $mimeExt;
                $media_disp = $_MG_CONF['path_mediaobjects'] . 'disp/' . $media_filename[0] . '/' . $media_filename . ".jpg";
                $media_tn = $_MG_CONF['path_mediaobjects'] . 'tn/' . $media_filename[0] . '/' . $media_filename . ".jpg";
            } else {
                $media_orig = $_MG_CONF['path_mediaobjects'] . 'orig/' . $media_filename[0] . '/' . $media_filename . "." . $mimeExt;
                $media_disp = $_MG_CONF['path_mediaobjects'] . 'disp/' . $media_filename[0] . '/' . $media_filename . "." . $mimeExt;
                $media_tn = $_MG_CONF['path_mediaobjects'] . 'tn/' . $media_filename[0] . '/' . $media_filename . "." . $mimeExt;
            }
            $mimeType = $mimeInfo['mime_type'];
            // process image file
            $media_time = getOriginationTimestamp($filename);
            if ($media_time == null || $media_time < 0) {
                $media_time = time();
            }
            $rc = @copy($filename, $media_orig);
            if ($rc != 1) {
                $errors++;
                $errMsg .= sprintf($LANG_MG02['move_error'], $filename);
            } else {
                if ($purgefiles) {
                    @unlink($importSource);
                }
                @chmod($media_orig, 0644);
                list($rc, $msg) = MG_convertImage($media_orig, $media_tn, $media_disp, $mimeExt, $mimeType, $albums, $media_filename, $dnc);
                if ($rc == false) {
                    $errors++;
                    $errMsg .= $msg;
                    // sprintf($LANG_MG02['convert_error'],$filename);
                } else {
                    $mediaType = 0;
                    if ($_MG_CONF['discard_original'] == 1 && ($mimeType == 'image/jpeg' || $mimeType == 'image/jpg' || $mimeType == 'image/png' || $mimeType == 'image/bmp' || $mimeType == 'image/gif')) {
                        if ($_MG_CONF['jhead_enabled'] && ($mimeType == 'image/jpeg' || $mimeType == 'image/jpg')) {
                            $rc = MG_execWrapper('"' . $_MG_CONF['jhead_path'] . "/jhead" . '"' . " -te " . $media_orig . " " . $media_disp);
                        }
                        @unlink($media_orig);
                    }
                    if ($MG_albums[$albums]->wm_auto) {
                        if ($_MG_CONF['discard_original'] == 1) {
                            $rc = MG_watermark($media_disp, $albums, 1);
                            if ($rc == TRUE) {
                                $successfulWatermark = 1;
                            }
                        } else {
                            $rc1 = MG_watermark($media_orig, $albums, 1);
                            $rc2 = MG_watermark($media_disp, $albums, 0);
                            if ($rc1 == TRUE && $rc2 == TRUE) {
                                $successfulWatermark = 1;
                            }
                        }
                    }
                    if ($dnc != 1) {
                        if ($mimeType != 'image/tga' && $mimeType != 'image/x-targa' && $mimeType != 'image/tiff') {
                            if ($mimeType != 'image/photoshop' && $mimeType != 'image/x-photoshop' && $mimeType != 'image/psd' && $mimeType != 'application/photoshop' && $mimeType != 'application/psd') {
                                $mimeExt = 'jpg';
                                $mimeType = 'image/jpeg';
                            }
                        }
                    }
                }
            }
            break;
        case 'video/quicktime':
        case 'video/mpeg':
        case 'video/x-flv':
        case 'video/x-ms-asf':
        case 'video/x-ms-asf-plugin':
        case 'video/avi':
        case 'video/msvideo':
        case 'video/x-msvideo':
        case 'video/avs-video':
        case 'video/x-ms-wmv':
        case 'video/x-ms-wvx':
        case 'video/x-ms-wm':
        case 'application/x-troff-msvideo':
        case 'application/x-shockwave-flash':
        case 'video/mp4':
        case 'video/x-m4v':
            $mimeType = $mimeInfo['mime_type'];
            if ($filetype == 'video/mp4') {
                $mimeExt = 'mp4';
            }
            // process video format
            $media_orig = $_MG_CONF['path_mediaobjects'] . 'orig/' . $media_filename[0] . '/' . $media_filename . '.' . $mimeExt;
            $rc = @copy($filename, $media_orig);
            if ($rc != 1) {
                $errors++;
                $errMsg .= sprintf($LANG_MG02['move_error'], $filename);
            } else {
                if ($purgefiles) {
                    @unlink($importSource);
                }
                @chmod($media_orig, 0644);
                $mediaType = 1;
            }
            $video_attached_thumbnail = MG_videoThumbnail($albums, $media_orig, $media_filename);
            break;
        case 'application/ogg':
        case 'audio/mpeg':
        case 'audio/x-ms-wma':
        case 'audio/x-ms-wax':
        case 'audio/x-ms-wmv':
            $mimeType = $mimeInfo['mime_type'];
            // process audio format
            $media_orig = $_MG_CONF['path_mediaobjects'] . 'orig/' . $media_filename[0] . '/' . $media_filename . '.' . $mimeExt;
            $rc = @copy($filename, $media_orig);
            if (isset($mimeInfo['tags']['id3v1']['title'][0])) {
                if ($caption == '') {
                    $caption = $mimeInfo['tags']['id3v1']['title'][0];
                }
            }
            if (isset($mimeInfo['tags']['id3v1']['artist'][0])) {
                $artist = DB_escapeString($mimeInfo['tags']['id3v1']['artist'][0]);
            }
            if (isset($mimeInfo['tags']['id3v2']['genre'][0])) {
                $genre = DB_escapeString($mimeInfo['tags']['id3v2']['genre'][0]);
            }
            if (isset($mimeInfo['tags']['id3v1']['album'][0])) {
                $musicAlbum = DB_escapeString($mimeInfo['tags']['id3v1']['album'][0]);
            }
            if ($rc != 1) {
                $errors++;
                $errMsg .= sprintf($LANG_MG02['move_error'], $filename);
            } else {
                if ($purgefiles) {
                    @unlink($importSource);
                }
                $mediaType = 2;
            }
            break;
        case 'zip':
        case 'application/zip':
            if ($_MG_CONF['zip_enabled']) {
                $errMsg .= MG_processZip($filename, $albums, $purgefiles, $media_filename);
                break;
            }
            // NO BREAK HERE, fall through if enable zip isn't allowed
        // NO BREAK HERE, fall through if enable zip isn't allowed
        default:
            $media_orig = $_MG_CONF['path_mediaobjects'] . 'orig/' . $media_filename[0] . '/' . $media_filename . "." . $mimeExt;
            $mimeType = $mimeInfo['mime_type'];
            $rc = @copy($filename, $media_orig);
            if ($rc != 1) {
                $errors++;
                $errMsg .= sprintf($LANG_MG02['move_error'], $filename);
            } else {
                if ($purgefiles) {
                    @unlink($importSource);
                }
                $mediaType = 4;
            }
            $mediaType = 4;
            break;
    }
    // update quota
    $quota = $MG_albums[$albums]->album_disk_usage;
    if ($_MG_CONF['discard_original'] == 1) {
        $quota += @filesize($_MG_CONF['path_mediaobjects'] . 'orig/' . $media_filename[0] . '/' . $media_filename . '.' . $mimeExt);
        $quota += @filesize($_MG_CONF['path_mediaobjects'] . 'disp/' . $media_filename[0] . '/' . $media_filename . '.jpg');
    } else {
        $quota += @filesize($_MG_CONF['path_mediaobjects'] . 'orig/' . $media_filename[0] . '/' . $media_filename . '.' . $mimeExt);
    }
    DB_query("UPDATE {$_TABLES['mg_albums']} SET album_disk_usage=" . $quota . " WHERE album_id=" . $albums);
    if ($errors) {
        @unlink($tmpPath);
        return array(false, $errMsg);
    }
    if (($mimeType != 'application/zip' || $_MG_CONF['zip_enabled'] == 0) && $errors == 0) {
        // Now we need to process an uploaded thumbnail
        if ($gotTN == 1) {
            $mp3TNFilename = $_MG_CONF['tmp_path'] . '/mp3tn' . time() . '.jpg';
            $fn = fopen($mp3TNFilename, "w");
            fwrite($fn, $mp3AttachdedThumbnail);
            fclose($fn);
            $saveThumbnailName = $_MG_CONF['path_mediaobjects'] . 'tn/' . $media_filename[0] . '/tn_' . $media_filename;
            MG_attachThumbnail($albums, $mp3TNFilename, $saveThumbnailName);
            @unlink($mp3TNFilename);
            $atttn = 1;
        } else {
            if ($atttn == 1) {
                $saveThumbnailName = $_MG_CONF['path_mediaobjects'] . 'tn/' . $media_filename[0] . '/tn_' . $media_filename;
                MG_attachThumbnail($albums, $thumbnail, $saveThumbnailName);
            }
        }
        if ($video_attached_thumbnail) {
            $atttn = 1;
        }
        if ($MG_albums[$albums]->enable_html != 1) {
            //        if ($_MG_CONF['htmlallowed'] != 1 ) {
            $media_desc = DB_escapeString(htmlspecialchars(strip_tags(COM_checkWords(COM_killJS($description)))));
            $media_caption = DB_escapeString(htmlspecialchars(strip_tags(COM_checkWords(COM_killJS($caption)))));
            $media_keywords = DB_escapeString(htmlspecialchars(strip_tags(COM_checkWords(COM_killJS($keywords)))));
        } else {
            $media_desc = DB_escapeString(COM_checkHTML(COM_killJS($description)));
            $media_caption = DB_escapeString(COM_checkHTML(COM_killJS($caption)));
            $media_keywords = DB_escapeString(COM_checkHTML(COM_killJS($keywords)));
        }
        // Check and see if moderation is on.  If yes, place in mediasubmission
        if ($MG_albums[$albums]->moderate == 1 && !$MG_albums[0]->owner_id) {
            $tableMedia = $_TABLES['mg_mediaqueue'];
            $tableMediaAlbum = $_TABLES['mg_media_album_queue'];
            $queue = 1;
        } else {
            $tableMedia = $_TABLES['mg_media'];
            $tableMediaAlbum = $_TABLES['mg_media_albums'];
            $queue = 0;
        }
        $original_filename = DB_escapeString($file);
        if ($MG_albums[$albums]->filename_title) {
            if ($media_caption == '') {
                $pos = strrpos($original_filename, '.');
                if ($pos === false) {
                    $media_caption = $original_filename;
                } else {
                    $media_caption = substr($original_filename, 0, $pos);
                }
            }
        }
        $resolution_x = 0;
        $resolution_y = 0;
        // try to find a resolution if video...
        if ($mediaType == 1) {
            switch ($mimeType) {
                case 'application/x-shockwave-flash':
                case 'video/quicktime':
                case 'video/mpeg':
                case 'video/x-m4v':
                    if (isset($mimeInfo['video']['resolution_x']) && isset($mimeInfo['video']['resolution_x'])) {
                        $resolution_x = $mimeInfo['video']['resolution_x'];
                        $resolution_y = $mimeInfo['video']['resolution_y'];
                    } else {
                        $resolution_x = -1;
                        $resolution_y = -1;
                    }
                    break;
                case 'video/x-flv':
                    if ($mimeInfo['video']['resolution_x'] < 1 || $mimeInfo['video']['resolution_y'] < 1) {
                        if (isset($mimeInfo['meta']['onMetaData']['width']) && isset($mimeInfo['meta']['onMetaData']['height'])) {
                            $resolution_x = $mimeInfo['meta']['onMetaData']['width'];
                            $resolution_y = $mimeInfo['meta']['onMetaData']['height'];
                        } else {
                            $resolution_x = -1;
                            $resolution_y = -1;
                        }
                    } else {
                        $resolution_x = $mimeInfo['video']['resolution_x'];
                        $resolution_y = $mimeInfo['video']['resolution_y'];
                    }
                    break;
                case 'video/x-ms-asf':
                case 'video/x-ms-asf-plugin':
                case 'video/avi':
                case 'video/msvideo':
                case 'video/x-msvideo':
                case 'video/avs-video':
                case 'video/x-ms-wmv':
                case 'video/x-ms-wvx':
                case 'video/x-ms-wm':
                case 'application/x-troff-msvideo':
                    if (isset($mimeInfo['video']['streams']['2']['resolution_x']) && isset($mimeInfo['video']['streams']['2']['resolution_y'])) {
                        $resolution_x = $mimeInfo['video']['streams']['2']['resolution_x'];
                        $resolution_y = $mimeInfo['video']['streams']['2']['resolution_y'];
                    } else {
                        $resolution_x = -1;
                        $resolution_y = -1;
                    }
                    break;
            }
        }
        if ($replace > 0) {
            $sql = "UPDATE " . $tableMedia . " SET\n\t        \t\t\t\t\tmedia_filename='" . DB_escapeString($media_filename) . "',\n\t        \t\t\t\t\tmedia_original_filename='{$original_filename}',\n\t        \t\t\t\t\tmedia_mime_ext='" . DB_escapeString($mimeExt) . "',\n\t        \t\t\t\t\tmime_type='" . DB_escapeString($mimeType) . "',\n\t        \t\t\t\t\tmedia_time='" . DB_escapeString($media_time) . "',\n\t        \t\t\t\t\tmedia_user_id='" . DB_escapeString($media_user_id) . "',\n\t        \t\t\t\t\tmedia_type='" . DB_escapeString($mediaType) . "',\n\t        \t\t\t\t\tmedia_upload_time='" . DB_escapeString($media_upload_time) . "',\n\t        \t\t\t\t\tmedia_watermarked='" . DB_escapeString($successfulWatermark) . "',\n\t        \t\t\t\t\tmedia_resolution_x='" . DB_escapeString($resolution_x) . "',\n\t        \t\t\t\t\tmedia_resolution_y='" . DB_escapeString($resolution_y) . "'\n\t        \t\t\t\t\tWHERE media_id='" . DB_escapeString($replace) . "'";
            DB_query($sql);
        } else {
            $sql = "INSERT INTO " . $tableMedia . " (media_id,media_filename,media_original_filename,media_mime_ext,media_exif,mime_type,media_title,media_desc,media_keywords,media_time,media_views,media_comments,media_votes,media_rating,media_tn_attached,media_tn_image,include_ss,media_user_id,media_user_ip,media_approval,media_type,media_upload_time,media_category,media_watermarked,v100,maint,media_resolution_x,media_resolution_y,remote_media,remote_url,artist,album,genre)\n\t                VALUES ('{$new_media_id}','{$media_filename}','{$original_filename}','{$mimeExt}','1','{$mimeType}','{$media_caption}','{$media_desc}','{$media_keywords}','{$media_time}','0','0','0','0.00','{$atttn}','','1','{$media_user_id}','','0','{$mediaType}','{$media_upload_time}','{$category}','{$successfulWatermark}','0','0',{$resolution_x},{$resolution_y},0,'','{$artist}','{$musicAlbum}','{$genre}');";
            DB_query($sql);
            $x = 0;
            $sql = "SELECT MAX(media_order) + 10 AS media_seq FROM " . $_TABLES['mg_media_albums'] . " WHERE album_id = " . $albums;
            $result = DB_query($sql);
            $row = DB_fetchArray($result);
            $media_seq = $row['media_seq'];
            if ($media_seq < 10) {
                $media_seq = 10;
            }
            $sql = "INSERT INTO " . $tableMediaAlbum . " (media_id, album_id, media_order) VALUES ('{$new_media_id}', {$albums}, {$media_seq} )";
            DB_query($sql);
            if ($mediaType == 1 && $resolution_x > 0 && $resolution_y > 0 && $_MG_CONF['use_default_resolution'] == 0) {
                DB_save($_TABLES['mg_playback_options'], 'media_id,option_name,option_value', "'{$new_media_id}','width',       '{$resolution_x}'");
                DB_save($_TABLES['mg_playback_options'], 'media_id,option_name,option_value', "'{$new_media_id}','height',      '{$resolution_y}'");
            }
            // update the media count for the album, only if no moderation...
            if ($queue == 0) {
                $MG_albums[$albums]->media_count++;
                DB_query("UPDATE " . $_TABLES['mg_albums'] . " SET media_count=" . $MG_albums[$albums]->media_count . ",last_update=" . $media_upload_time . " WHERE album_id='" . $MG_albums[$albums]->id . "'");
                if ($_MG_CONF['update_parent_lastupdated'] == 1) {
                    $currentAID = $MG_albums[$albums]->parent;
                    while ($MG_albums[$currentAID]->id != 0) {
                        DB_query("UPDATE " . $_TABLES['mg_albums'] . " SET last_update=" . $media_upload_time . " WHERE album_id='" . $MG_albums[$currentAID]->id . "'");
                        $currentAID = $MG_albums[$currentAID]->parent;
                    }
                }
                if ($MG_albums[$albums]->cover == -1 && ($mediaType == 0 || $atttn == 1)) {
                    if ($atttn == 1) {
                        $covername = 'tn_' . $media_filename;
                    } else {
                        $covername = $media_filename;
                    }
                    DB_query("UPDATE {$_TABLES['mg_albums']} SET album_cover_filename='" . $covername . "'" . " WHERE album_id='" . $MG_albums[$albums]->id . "'");
                }
            }
            $x++;
        }
    }
    if ($queue) {
        $errMsg .= $LANG_MG01['successful_upload_queue'];
        // ' successfully placed in Moderation queue';
    } else {
        $errMsg .= $LANG_MG01['successful_upload'];
        // ' successfully uploaded to album';
    }
    if ($queue == 0) {
        require_once $_CONF['path'] . 'plugins/mediagallery/include/rssfeed.php';
        MG_buildFullRSS();
        MG_buildAlbumRSS($albums);
        CACHE_remove_instance('whatsnew');
    }
    @unlink($tmpPath);
    return array(true, $errMsg);
}
Example #14
0
function MG_saveCategory($cat_id)
{
    global $_USER, $_CONF, $_TABLES, $_MG_CONF, $LANG_MG00, $LANG_MG01, $LANG_MG02;
    $update = 0;
    $A['cat_id'] = COM_applyFilter($_POST['cat_id'], true);
    if ($_MG_CONF['htmlallowed'] == 1) {
        $A['cat_name'] = addslashes(COM_checkHTML(COM_killJS($_POST['cat_name'])));
        $A['cat_description'] = addslashes(COM_checkHTML(COM_killJS($_POST['cat_desc'])));
    } else {
        $A['cat_name'] = addslashes(htmlspecialchars(strip_tags(COM_checkWords(COM_killJS($_POST['cat_name'])))));
        $A['cat_description'] = addslashes(htmlspecialchars(strip_tags(COM_checkWords(COM_killJS($_POST['cat_desc'])))));
    }
    if (empty($A['cat_name'])) {
        return COM_showMessageText($LANG_MG01['category_error'] . '  [ <a href=\'javascript:history.go(-1)\'>' . $LANG_MG02['go_back'] . '</a> ]');
    }
    $sql = "SELECT MAX(cat_order) + 1 AS nextcat_order FROM " . $_TABLES['mg_category'];
    $result = DB_query($sql);
    $row = DB_fetchArray($result);
    if ($row == NULL || $result == NULL) {
        $A['cat_order'] = 10;
    } else {
        $A['cat_order'] = $row['nextcat_order'];
        if ($A['cat_order'] < 0) {
            $A['cat_order'] = 10;
        }
    }
    if ($A['cat_order'] == NULL) {
        $A['cat_order'] = 10;
    }
    //
    //  -- Let's make sure we don't have any SQL overflows...
    //
    $A['cat_name'] = substr($A['cat_name'], 0, 254);
    if ($A['cat_id'] == 0) {
        COM_errorLog("Media Gallery Internal Error - cat_id = 0 - Contact mark@gllabs.org  ");
        return COM_showMessageText($LANG_MG00['access_denied_msg']);
    }
    DB_save($_TABLES['mg_category'], "cat_id,cat_name,cat_description,cat_order", "'{$A['cat_id']}','{$A['cat_name']}','{$A['cat_description']}',{$A['cat_order']}");
    echo COM_refresh($_MG_CONF['admin_url'] . 'category.php');
    exit;
}
Example #15
0
function MG_watermarkUploadSave()
{
    global $_USER, $_CONF, $_TABLES, $_MG_CONF, $LANG_MG00, $LANG_MG01, $LANG_MG02, $LANG_MG03;
    // ok, we just check the type, we will accept png,jpg for now...
    $retval = '<h2>' . $LANG_MG03['upload_results'] . '</h2>';
    $T = COM_newTemplate(MG_getTemplatePath(0));
    $T->set_file('mupload', 'useruploadstatus.thtml');
    $statusMsg = '';
    $errors = 0;
    $file = array();
    $file = $_FILES['newmedia'];
    $public = isset($_POST['wm_public']) ? COM_applyFilter($_POST['wm_public'], true) : 0;
    foreach ($file['name'] as $key => $name) {
        $filename = $file['name'][$key];
        $filetype = $file['type'][$key];
        $filesize = $file['size'][$key];
        $filetmp = $file['tmp_name'][$key];
        $error = $file['error'][$key];
        $description = $_POST['description'][$key];
        if ($filesize > 65536) {
            // right now we hard coded 64kb
            COM_errorLog("MG Upload: File " . $filename . " exceeds maximum allowed filesize for this album");
            $tmpmsg = sprintf($LANG_MG02['upload_exceeds_max_filesize'], $filename);
            $statusMsg .= $tmpmsg . '<br' . XHTML . '>';
            continue;
        }
        if ($error != UPLOAD_ERR_OK) {
            switch ($error) {
                case 1:
                    $tmpmsg = sprintf($LANG_MG02['upload_too_big'], $filename);
                    $statusMsg .= $tmpmsg . '<br' . XHTML . '>';
                    COM_errorLog('Media Gallery Error - ' . $tmpmsg);
                    break;
                case 2:
                    $tmpmsg = sprintf($LANG_MG02['upload_too_big_html'], $filename);
                    $statusMsg .= $tmpmsg . '<br' . XHTML . '>';
                    COM_errorLog('Media Gallery Error - ' . $tmpmsg);
                    break;
                case 3:
                    $tmpmsg = sprintf($LANG_MG02['partial_upload'], $filename);
                    $statusMsg .= $tmpmsg . '<br' . XHTML . '>';
                    COM_errorLog('Media Gallery Error - ' . $tmpmsg);
                    break;
                case 4:
                    $tmpmsg = $LANG_MG02['no_file_uploaded'];
                    $statusMsg .= $tmpmsg . '<br' . XHTML . '>';
                    COM_errorLog('Media Gallery Error - ' . $tmpmsg);
                    break;
                case 6:
                    $statusMsg .= $LANG_MG02['missing_tmp'] . '<br' . XHTML . '>';
                    break;
                case 7:
                    $statusMsg .= $LANG_MG02['disk_fail'] . '<br' . XHTML . '>';
                    break;
                default:
                    $statusMsg .= $LANG_MG02['unknown_err'] . '<br' . XHTML . '>';
                    break;
            }
            continue;
        }
        $uid = $_USER['uid'];
        if ($public == 1) {
            $uid = 0;
        }
        //This will set the Content-Type to the appropriate setting for the file
        $file_extension = strtolower(substr(strrchr($filename, "."), 1));
        switch ($file_extension) {
            case "png":
                $filetype = "image/png";
                break;
            case "jpg":
                $filetype = "image/jpeg";
                break;
            case "gif":
                $filetype = "image/gif";
                break;
            default:
                $statusMsg .= $filename . $LANG_MG02['unsupported_wm_type'];
                continue;
                break;
        }
        $sql = "SELECT MAX(wm_id) + 1 AS nextwm_id FROM " . $_TABLES['mg_watermarks'];
        $result = DB_query($sql);
        $row = DB_fetchArray($result);
        $wm_id = $row['nextwm_id'];
        if ($wm_id < 1) {
            $wm_id = 1;
        }
        if ($wm_id == 0) {
            COM_errorLog("Media Gallery Error - Returned 0 as wm_id");
            $wm_id = 1;
        }
        $wm_filename = $_MG_CONF['path_html'] . 'watermarks/' . $uid . '_' . $filename;
        if (file_exists($wm_filename)) {
            $statusMsg .= sprintf($LANG_MG02['wm_already_exists'], $filename);
        } else {
            $rc = move_uploaded_file($filetmp, $wm_filename);
            if ($rc != 1) {
                COM_errorLog("Media Upload - Error moving uploaded file....rc = " . $rc);
                $statusMsg .= sprintf($LANG_MG02['move_error'], $filename);
            } else {
                chmod($wm_filename, 0644);
                $media_title_safe = substr($description, 0, 254);
                if ($_MG_CONF['htmlallowed'] != 1) {
                    $media_title = addslashes(htmlspecialchars(strip_tags(COM_checkWords(COM_killJS($media_title_safe)))));
                } else {
                    $media_title = addslashes(htmlspecialchars(COM_checkHTML(COM_checkWords(COM_killJS($media_title_safe)))));
                }
                $saveFileName = addslashes($uid . '_' . $filename);
                $sql = "INSERT INTO {$_TABLES['mg_watermarks']} (wm_id,owner_id,filename,description)\n                        VALUES ({$wm_id},'{$uid}','{$saveFileName}','{$media_title}')";
                DB_query($sql);
                if ($_MG_CONF['verbose']) {
                    COM_errorLog("MG Upload: Updating Album information");
                }
                if (DB_error()) {
                    COM_errorLog("MediaGallery: Error inserting watermark data into database");
                    @unlink($wm_filename);
                    $statusMsg .= $filename . " - " . DB_error();
                } else {
                    $statusMsg .= $filename . $LANG_MG02['wm_success'];
                }
            }
        }
    }
    $T->set_var('status_message', $statusMsg);
    $tmp = $_MG_CONF['site_url'] . '/admin.php?album_id=0&mode=wmmanage';
    $redirect = sprintf($LANG_MG01['watermark_redirect'], $tmp);
    $T->set_var('redirect', $redirect);
    $retval .= $T->finish($T->parse('output', 'mupload'));
    return $retval;
}
Example #16
0
 private function _applyFilter($parameter, $isnumeric = false)
 {
     $p = COM_stripslashes($parameter);
     $p = strip_tags($p);
     $p = COM_killJS($p);
     // doesn't help a lot right now, but still ...
     if ($isnumeric) {
         // Note: PHP's is_numeric() accepts values like 4e4 as numeric
         if (!is_numeric($p) || preg_match('/^-?\\d+$/', $p) == 0) {
             $p = 0;
         }
     } else {
         if ($this->_checkwords) {
             $p = COM_checkWords($p);
         }
         $p = preg_replace('/\\/\\*.*/', '', $p);
         $pa = explode("'", $p);
         $pa = explode('"', $pa[0]);
         $pa = explode('`', $pa[0]);
         $pa = explode(';', $pa[0]);
         //$pa = explode( ',', $pa[0] );
         $pa = explode('\\', $pa[0]);
         $p = $pa[0];
         if ($this->_prepfordb) {
             $p = addslashes($p);
         } elseif ($this->_prepforweb) {
             $p = stripslashes($p);
         }
     }
     if ($this->_maxlength > 0) {
         $p = substr($p, 0, $this->_maxlength);
     }
     if ($this->_logmode) {
         if (strcmp($p, $parameter) != 0) {
             COM_errorLog("Filter applied: >> {$parameter} << filtered to {$p} [IP {$_SERVER['REMOTE_ADDR']}]", 1);
         }
     }
     return $p;
 }
Example #17
0
function MG_getRemote($URL, $mimeType, $albumId, $caption, $description, $keywords, $category, $attachedThumbnail, $thumbnail, $resolution_x, $resolution_y)
{
    global $MG_albums, $_CONF, $_MG_CONF, $_USER, $_TABLES, $LANG_MG00, $LANG_MG01, $LANG_MG02, $new_media_id;
    if ($_MG_CONF['verbose']) {
        COM_errorLog("MG Upload: Entering MG_getRemote()");
        COM_errorLog("MG Upload: URL to process: " . htmlentities($URL));
    }
    $resolution_x = 0;
    $resolution_y = 0;
    $urlArray = array();
    $urlArray = parse_url($URL);
    // make sure we have the proper permissions to upload to this album....
    $sql = "SELECT * FROM {$_TABLES['mg_albums']} WHERE album_id=" . intval($albumId);
    $aResult = DB_query($sql);
    $aRows = DB_numRows($aResult);
    if ($aRows != 1) {
        $errMsg = $LANG_MG02['album_nonexist'];
        // "Album does not exist, unable to process uploads";
        return array(false, $errMsg);
    }
    $albumInfo = DB_fetchArray($aResult);
    $access = SEC_hasAccess($albumInfo['owner_id'], $albumInfo['group_id'], $albumInfo['perm_owner'], $albumInfo['perm_group'], $albumInfo['perm_members'], $albumInfo['perm_anon']);
    if ($access != 3 && !$MG_albums[0]->owner_id && $albumInfo['member_uploads'] == 0) {
        COM_errorLog("Someone has tried to illegally upload to an album in Media Gallery.  User id: {$_USER['uid']}, Username: {$_USER['username']}, IP: {$_SERVER['REMOTE_ADDR']}", 1);
        return array(false, $LANG_MG00['access_denied_msg']);
    }
    $errors = 0;
    $errMsg = '';
    sleep(1);
    // We do this to make sure we don't get dupe sid's
    $new_media_id = COM_makesid();
    $media_time = time();
    $media_upload_time = time();
    $media_user_id = $_USER['uid'];
    // we expect the mime type (player type) to be passed to this function
    //  - Image
    //  - Video - Windows Media
    //  - Video - QuickTime
    //  - Video - Flash Video
    //  - Audio - Windows Media
    //  - Audio - QuickTime
    //  - Audio - MP3
    //  - Embed - YouTube/Google/etc...
    switch ($mimeType) {
        case 'embed':
            $format_type = MG_EMB;
            $mimeExt = 'flv';
            $mediaType = 5;
            break;
        case 'image/gif':
            $format_type = MG_GIF;
            $mimeExt = 'gif';
            $mediaType = 0;
            break;
        case 'image/jpg':
            $format_type = MG_JPG;
            $mimeExt = 'jpg';
            $mediaType = 0;
            break;
        case 'image/png':
            $format_type = MG_PNG;
            $mimeExt = 'png';
            $mediaType = 0;
            break;
        case 'image/bmp':
            $format_type = MG_BMP;
            $mimeExt = 'bmp';
            $mediaType = 0;
            break;
        case 'application/x-shockwave-flash':
            $format_type = MG_SWF;
            $mimeExt = 'swf';
            $mediaType = 1;
            break;
        case 'video/quicktime':
            $format_type = MG_MOV;
            $mimeExt = 'mov';
            $mediaType = 1;
            break;
        case 'video/x-flv':
            $format_type = MG_RFLV;
            $mimeExt = 'flv';
            $mediaType = 1;
            break;
        case 'video/x-ms-asf':
            $format_type = MG_ASF;
            $mimeExt = 'asf';
            $mediaType = 1;
            break;
        case 'audio/mpeg':
            $format_type = MG_MP3;
            $mimeExt = 'mp3';
            $mediaType = 2;
            break;
        case 'audio/x-ms-wma':
            $format_type = MG_ASF;
            $mimeExt = 'wma';
            $mediaType = 2;
            break;
    }
    if (!($MG_albums[$albumId]->valid_formats & $format_type)) {
        return array(false, $LANG_MG02['format_not_allowed']);
    }
    // create the unique filename to store this under
    do {
        clearstatcache();
        $media_filename = md5(uniqid(rand()));
    } while (MG_file_exists($media_filename));
    $disp_media_filename = $media_filename . '.' . $mimeExt;
    // for remote files this will be a 0 byte file
    if ($_MG_CONF['verbose']) {
        COM_errorLog("MG Upload: Stored filename is : " . $disp_media_filename);
    }
    if ($_MG_CONF['verbose']) {
        COM_errorLog("MG Upload: Mime Type: " . $mimeType);
    }
    // now we pretent to process the file
    $media_orig = $_MG_CONF['path_mediaobjects'] . 'orig/' . $media_filename[0] . '/' . $media_filename . "." . $mimeExt;
    $media_time = time();
    // create a 0 byte file in the orig directory...
    touch($media_orig);
    if ($errors) {
        COM_errorLog("MG Upload: Problem uploading a media object");
        return array(false, $errMsg);
    }
    // Now we need to process an uploaded thumbnail
    if ($_MG_CONF['verbose']) {
        COM_errorLog("MG Upload: attachedThumbnail: " . $attachedThumbnail);
        COM_errorLog("MG Upload: thumbnail: " . $thumbnail);
    }
    if ($attachedThumbnail == 1 && $thumbnail != '') {
        // see if it is remote, if yes go get it...
        if (preg_match("/http/i", $thumbnail)) {
            $tmp_thumbnail = $_MG_CONF['tmp_path'] . '/' . $media_filename . '.jpg';
            $rc = MG_getRemoteThumbnail($thumbnail, $tmp_thumbnail);
            $tmp_image_size = @getimagesize($tmp_thumbnail);
            if ($tmp_image_size != false) {
                $resolution_x = $tmp_image_size[0];
                $resolution_y = $tmp_image_size[1];
            }
            $thumbnail = $tmp_thumbnail;
        } else {
            $rc = true;
        }
        if ($rc == true) {
            $saveThumbnailName = $_MG_CONF['path_mediaobjects'] . 'tn/' . $media_filename[0] . '/tn_' . $media_filename;
            MG_attachThumbnail($albumId, $thumbnail, $saveThumbnailName);
        }
    }
    if ($_MG_CONF['verbose']) {
        COM_errorLog("MG Upload: Building SQL and preparing to enter database");
    }
    if ($_MG_CONF['htmlallowed'] != 1) {
        $media_desc = DB_escapeString(htmlspecialchars(strip_tags(COM_checkWords(COM_killJS($description)))));
        $media_caption = DB_escapeString(htmlspecialchars(strip_tags(COM_checkWords(COM_killJS($caption)))));
        $media_keywords = DB_escapeString(htmlspecialchars(strip_tags(COM_checkWords(COM_killJS($keywords)))));
    } else {
        $media_desc = DB_escapeString(COM_checkHTML(COM_killJS($description)));
        $media_caption = DB_escapeString(COM_checkHTML(COM_killJS($caption)));
        $media_keywords = DB_escapeString(COM_checkHTML(COM_killJS($keywords)));
    }
    // Check and see if moderation is on.  If yes, place in mediasubmission
    if ($albumInfo['moderate'] == 1 && !$MG_albums[0]->owner_id) {
        //  && !SEC_hasRights('mediagallery.create')) {
        $tableMedia = $_TABLES['mg_mediaqueue'];
        $tableMediaAlbum = $_TABLES['mg_media_album_queue'];
        $queue = 1;
    } else {
        $tableMedia = $_TABLES['mg_media'];
        $tableMediaAlbum = $_TABLES['mg_media_albums'];
        $queue = 0;
    }
    $pathParts = array();
    $pathParts = explode('/', $urlArray['path']);
    $ppCount = count($pathParts);
    $pPath = '';
    for ($i = 1; $i < $ppCount - 1; $i++) {
        $pPath .= '/' . $pathParts[$i];
    }
    $videoFile = $pathParts[$ppCount - 1];
    if ($mediaType != 5) {
        $original_filename = $videoFile;
    } else {
        $original_filename = '';
    }
    if ($_MG_CONF['verbose']) {
        COM_errorLog("MG Upload: Inserting media record into mg_media");
    }
    if (($resolution_x == 0 || $resolution_y == 0) && $mediaType != 0) {
        $resolution_x = 320;
        $resolution_y = 240;
    }
    $remoteURL = DB_escapeString($URL);
    $sql = "INSERT INTO " . $tableMedia . " (media_id,media_filename,media_original_filename,media_mime_ext,media_exif,mime_type,media_title,media_desc,media_keywords,media_time,media_views,media_comments,media_votes,media_rating,media_tn_attached,media_tn_image,include_ss,media_user_id,media_user_ip,media_approval,media_type,media_upload_time,media_category,media_watermarked,v100,maint,media_resolution_x,media_resolution_y,remote_media,remote_url)\n            VALUES ('" . DB_escapeString($new_media_id) . "','" . DB_escapeString($media_filename) . "','" . DB_escapeString($original_filename) . "','" . DB_escapeString($mimeExt) . "','1','" . DB_escapeString($mimeType) . "','{$media_caption}','{$media_desc}','{$media_keywords}','" . DB_escapeString($media_time) . "','0','0','0','0.00','" . DB_escapeString($attachedThumbnail) . "','','1','" . intval($media_user_id) . "','','0','" . DB_escapeString($mediaType) . "','" . DB_escapeString($media_upload_time) . "','" . DB_escapeString($category) . "','0','0','0',{$resolution_x},{$resolution_y},1,'{$remoteURL}');";
    DB_query($sql);
    if ($_MG_CONF['verbose']) {
        COM_errorLog("MG Upload: Updating Album information");
    }
    $sql = "SELECT MAX(media_order) + 10 AS media_seq FROM " . $_TABLES['mg_media_albums'] . " WHERE album_id = " . intval($albumId);
    $result = DB_query($sql);
    $row = DB_fetchArray($result);
    $media_seq = $row['media_seq'];
    if ($media_seq < 10) {
        $media_seq = 10;
    }
    $sql = "INSERT INTO " . $tableMediaAlbum . " (media_id, album_id, media_order) VALUES ('" . DB_escapeString($new_media_id) . "', " . intval($albumId) . ", {$media_seq} )";
    DB_query($sql);
    if ($mediaType == 1 && $resolution_x > 0 && $resolution_y > 0) {
        DB_save($_TABLES['mg_playback_options'], 'media_id,option_name,option_value', "'{$new_media_id}','width',       '{$resolution_x}'");
        DB_save($_TABLES['mg_playback_options'], 'media_id,option_name,option_value', "'{$new_media_id}','height',      '{$resolution_y}'");
    }
    // update the media count for the album, only if no moderation...
    if ($queue == 0) {
        $media_count = $albumInfo['media_count'] + 1;
        DB_query("UPDATE " . $_TABLES['mg_albums'] . " SET media_count=" . $media_count . ",last_update=" . $media_upload_time . " WHERE album_id='" . $albumInfo['album_id'] . "'");
        if ($albumInfo['album_cover'] == -1 && ($mediaType == 0 || $attachedThumbnail == 1)) {
            if ($attachedThumbnail == 1) {
                $covername = 'tn_' . $media_filename;
            } else {
                $covername = $media_filename;
            }
            if ($_MG_CONF['verbose']) {
                COM_errorLog("MG Upload: Setting album cover filename to " . $covername);
            }
            DB_query("UPDATE {$_TABLES['mg_albums']} SET album_cover_filename='" . $covername . "'" . " WHERE album_id='" . $albumInfo['album_id'] . "'");
        }
    }
    if ($queue) {
        $errMsg .= $LANG_MG01['successful_upload_queue'];
        // ' successfully placed in Moderation queue';
    } else {
        $errMsg .= $LANG_MG01['successful_upload'];
        // ' successfully uploaded to album';
    }
    if ($queue == 0) {
        require_once $_CONF['path'] . 'plugins/mediagallery/include/rssfeed.php';
        MG_buildFullRSS();
        MG_buildAlbumRSS($albumId);
    }
    COM_errorLog("MG Upload: Successfully uploaded a media object");
    return array(true, $errMsg);
}
Example #18
0
$templateID = COM_applyFilter($_POST['templateID'], true);
if ($templateID == 0) {
    $templateID = COM_applyFilter($_GET['templateID'], true);
}
$taskID = COM_applyFilter($_POST['taskID'], true);
$editid = COM_applyFilter($_POST['templateTaskID'], true);
$lID = COM_applyFilter($_POST['logicalID'], true);
$handlerID = COM_applyFilter($_POST['idhandler'], true);
$stepID = COM_applyFilter($_POST['idstepType'], true);
//$taskName = ppPrepareForDB($_POST['taskName'],true);
if (!get_magic_quotes_gpc()) {
    $taskName = addslashes($_POST['taskName']);
} else {
    $taskName = $_POST['taskName'];
}
$taskName = COM_killJS($taskName);
$op = COM_applyFilter($_POST['operation'], false);
$moveop = COM_applyFilter($_POST['moveoperation'], false);
$regen = COM_applyFilter($_POST['regenerate'], true);
$regenAllTasks = COM_applyFilter($_POST['regenerateAllLive'], true);
$taskassigntype = COM_applyFilter($_POST['taskassigntype']);
$retval = '';
echo COM_siteHeader('menu');
$navbar = new navbar();
$navbar->add_menuitem('My Tasks', $CONF_NF['TaskConsole_URL']);
if ($templateID > 0) {
    $navbar->add_menuitem('Edit Template', $_CONF['site_admin_url'] . '/plugins/nexflow/index.php?templateID=' . $templateID);
    $navbar->set_selected('Edit Template');
}
$navbar->add_menuitem('View Templates', $_CONF['site_admin_url'] . '/plugins/nexflow/templates.php');
$navbar->add_menuitem('Edit Handlers', $_CONF['site_admin_url'] . '/plugins/nexflow/handlers.php');
Example #19
0
function nexform_emailresults()
{
    global $_USER, $_TABLES, $_CONF, $_POST, $form_id;
    $date = time();
    if (!isset($_USER['uid'])) {
        $username = '******';
    } else {
        $username = DB_getItem($_TABLES['users'], 'fullname', "uid={$_USER['uid']}");
    }
    $date = COM_getUserDateTimeFormat();
    $formname = DB_getItem($_TABLES['nxform_definitions'], 'name', "id='{$form_id}'");
    $heading = 'Results from submitted form => Form name: ' . $formname;
    $page = new Template($_CONF['path_layout'] . 'nexform');
    $page->set_file(array('page' => 'emailform.thtml', 'records' => 'emailrecords.thtml'));
    $page->set_var('LANG_date', 'Date');
    $page->set_var('date', $date[0]);
    $page->set_var('heading', $heading);
    $page->set_var('LANG_postedby', 'Submitted By');
    $page->set_var('postedby_name', $username);
    $page->set_var('begin_data', '=============SUBMITTED DATA FROM FORM  =============');
    $page->set_var('end_data', '==================== END OF DATA ====================');
    foreach ($_POST as $var => $value) {
        if ($var != 'form_id' and $var != 'formhandler') {
            /* The variable names contain the fieldtype and fieldid */
            /* XXX_form{formid}_{fieldid}    - where XXX is the fieldtype */
            $parts = explode('_', $var);
            $fieldtype = $parts[0];
            $field_id = (int) $parts[2];
            /* Check if this field is a textarea field */
            if ($fieldtype == 'ta1' or $fieldtype == 'ta2') {
                if ($fieldtype == 'ta1') {
                    $value = COM_checkWords(COM_checkHTML(COM_killJS($value)));
                } else {
                    $value = COM_checkWords(COM_killJS($value));
                }
                $label = DB_getItem($_TABLES['nxform_fields'], 'label', "id='{$field_id}'");
                $page->set_var('label', $label);
                $page->set_var('field_value', $value);
                $page->parse('email_records', 'records', true);
            } elseif ($fieldtype == 'mchk') {
                if (is_array($value)) {
                    $value = implode(',', $value);
                }
                $label = DB_getItem($_TABLES['nxform_fields'], 'label', "id='{$field_id}'");
                $page->set_var('label', $label);
                $page->set_var('field_value', $value);
                $page->parse('email_records', 'records', true);
            } elseif ($fieldtype != 'sub' and $fieldtype != 'btn') {
                $value = COM_checkWords(COM_checkHTML(COM_killJS($value)));
                $label = DB_getItem($_TABLES['nxform_fields'], 'label', "id='{$field_id}'");
                $page->set_var('label', $label);
                $page->set_var('field_value', $value);
                $page->parse('email_records', 'records', true);
            }
        }
    }
    /* Check for any uploaded files */
    $filelinks = nexform_check4files();
    if ($filelinks != '') {
        $page->set_var('label', 'Attachments');
        $page->set_var('field_value', $filelinks);
        $page->parse('email_records', 'records', true);
    }
    $page->parse('output', 'page');
    $message = $page->finish($page->get_var('output'));
    //echo "<br>Send message:<br>$message";
    $to = DB_getItem($_TABLES['nxform_definitions'], 'post_option', "id='{$form_id}'");
    COM_mail($to, $heading, $message);
}