function fncview($uid, $template)
{
$pi_name = "userbox";
global $_CONF;
global $LANG_USERBOX_ADMIN;
//template フォルダ
$tmplfld = DATABOX_templatePath('admin', 'default', $pi_name);
$tmpl = new Template($tmplfld);
$tmpl->set_file(array('view' => 'view.thtml'));
//--
$tmpl->set_var('site_admin_url', $_CONF['site_admin_url']);
if ($template === "") {
$tmpl->set_var('about_thispage', $LANG_USERBOX_ADMIN['about_admin_view']);
} else {
$tmpl->set_var('about_thispage', "");
}
$tmpl->parse('output', 'view');
$view = $tmpl->finish($tmpl->get_var('output'));
$information = array();
$retval = userbox_profile($uid, $template, "", "view");
$layout = $retval['layout'];
$information['headercode'] = $retval['headercode'];
$information['pagetitle'] = $retval['title'];
$display = $view;
$display .= $retval['display'];
$display = DATABOX_displaypage($pi_name, $layout, $display, $information);
COM_output($display);
}
function MG_access_denied()
{
global $LANG_MG00, $LANG_ACCESS;
$display = COM_startBlock($LANG_ACCESS['accessdenied'], '', COM_getBlockTemplate('_msg_block', 'header')) . '<br' . XHTML . '>' . $LANG_MG00['access_denied_msg'] . COM_endBlock(COM_getBlockTemplate('_msg_block', 'footer'));
$display = MG_createHTMLDocument($display);
COM_output($display);
exit;
}
function MG_invalidRequest()
{
global $LANG_MG02;
$display = COM_showMessageText($LANG_MG02['generic_error']);
$display = MG_createHTMLDocument($display);
COM_output($display);
exit;
}
function CUSTOM_handle404($alternate_url = '')
{
global $_CONF, $_USER, $LANG_404;
// send 404 in any case
header('HTTP/1.1 404 Not Found');
header('Status: 404 Not Found');
$display .= COM_startBlock($LANG_404[1]);
if (isset($_SERVER['SCRIPT_URI'])) {
$url = strip_tags($_SERVER['SCRIPT_URI']);
} else {
$request = $_SERVER['REQUEST_URI'];
$url = 'http://' . $_SERVER['HTTP_HOST'] . strip_tags($request);
}
// Add log stuff
if (isset($_USER['uid'])) {
$byuser = $_USER['uid'] . '@' . $_SERVER['REMOTE_ADDR'];
} else {
$byuser = '******' . $_SERVER['REMOTE_ADDR'];
}
$refurl = $_SERVER['HTTP_REFERER'];
$remoteaddress = $_SERVER['REMOTE_ADDR'];
$timestamp = @strftime('%c');
$logentry = "404 Error generated by {$byuser} for url: {$url} - Referring url: {$refurl}";
$logfile = $_CONF['path_log'] . '404.log';
if (!($file = fopen($logfile, 'a'))) {
} else {
fputs($file, "{$timestamp} - {$logentry} \n");
}
$display .= CUSTOM_getStaticpage('404');
$display .= sprintf($LANG_404[2], $url);
if ($alternate_url != '') {
$display .= sprintf($LANG_404[4], $alternate_url);
} else {
$display .= $LANG_404[3];
}
$display .= COM_endBlock();
// $display = COM_createHTMLDocument($display, array('pagetitle' => $LANG_404[1]));
$display = COM_createHTMLDocument($display, array('what' => 'none', 'pagetitle' => $LANG_404[1], 'rightblock' => false));
COM_output($display);
exit;
// Do not want to go any further
}
function show($e_code, $pages = 1)
{
global $_CONF;
$errmsg = array("0001" => "Could not connect to the forums database.", "0002" => "The forum you selected does not exist. Please go back and try again.", "0003" => "Password Incorrect.", "0004" => "Could not query the topics database.", "0005" => "Error getting messages from the database.", "0006" => "Please enter the Nickname and the Password.", "0007" => "You are not the Moderator of this forum therefore you can't perform this function.", "0008" => "You did not enter the correct password, please go back and try again.", "0009" => "Could not remove posts from the database.", "0010" => "Could not move selected topic to selected forum. Please go back and try again.", "0011" => "Could not lock the selected topic. Please go back and try again.", "0012" => "Could not unlock the selected topic. Please go back and try again.", "0013" => "Could not query the database. <br" . XHTML . ">Error: " . mysql_error(), "0014" => "No such user or post in the database.", "0015" => "Search Engine was unable to query the forums database.", "0016" => "That user does not exist. Please go back and search again.", "0017" => "You must type a subject to post. You can't post an empty subject. Go back and enter the subject", "0018" => "You must choose message icon to post. Go back and choose message icon.", "0019" => "You must type a message to post. You can't post an empty message. Go back and enter a message.", "0020" => "Could not enter data into the database. Please go back and try again.", "0021" => "Can't delete the selected message.", "0022" => "An error ocurred while querying the database.", "0023" => "Selected message was not found in the forum database.", "0024" => "You can't reply to that message. It wasn't sent to you.", "0025" => "You can't post a reply to this topic, it has been locked. Contact the administrator if you have any question.", "0026" => "The forum or topic you are attempting to post to does not exist. Please try again.", "0027" => "You must enter your username and password. Go back and do so.", "0028" => "You have entered an incorrect password. Go back and try again.", "0029" => "Couldn't update post count.", "0030" => "The forum you are attempting to post to does not exist. Please try again.", "0031" => "Unknown Error", "0035" => "You can't edit a post that's not yours.", "0036" => "You do not have permission to edit this post.", "0037" => "You did not supply the correct password or do not have permission to edit this post. Please go back and try again.", "1001" => "Please enter value for Title.", "1002" => "Please enter value for Phone.", "1003" => "Please enter value for Summary.", "1004" => "Please enter value for Address.", "1005" => "Please enter value for City.", "1006" => "Please enter value for State/Province.", "1007" => "Please enter value for Zipcode.", "1008" => "Please enter value for Description.", "1009" => "Vote for the selected resource only once.<br" . XHTML . ">All votes are logged and reviewed.", "1010" => "You cannot vote on the resource you submitted.<br" . XHTML . ">All votes are logged and reviewed.", "1011" => "No rating selected - no vote tallied.", "1013" => "Please enter a search query.", "1016" => "Please enter value for Filename.", "1017" => "The file was not uploaded - reported filesize of 0 bytes.", "1101" => "Upload approval Error: The temporary file was not found. Check error.log", "1102" => "Upload submit Error: The temporary filestore file was not created. Check error.log", "1103" => "The download info you provided is already in the database!", "1104" => "The download info was not complete - Need to enter a title for the new file", "1105" => "The download info was not complete - Need to enter a description for the new file", "1106" => "Upload Add Error: The new file was not created. Check error.log", "1107" => "Upload Add Error: The temporary file was not found. Check error.log", "1108" => "Duplicate file - already existing in filestore", "9999" => "OOPS! God Knows");
$errorno = array_keys($errmsg);
if (!in_array($e_code, $errorno)) {
$e_code = '9999';
}
include_once $_CONF[path_html] . "filemgmt/include/header.php";
$display = '';
$display .= '<table class="plugin" border="0" cellspacing="0" cellpadding="1" style="width:100%;">';
$display .= '<tr><td class="pluginAlert" style="text-align:right; padding:5px;">File Management Plugin</td>';
$display .= '<td class="pluginAlert" style="width:50%; padding:5px 0px 5px 10px;">Error Code: ' . $e_code . '</td></tr>';
$display .= '<tr><td colspan="2" class="pluginInfo"><b>ERROR:</b> ' . $errmsg[$e_code] . '</td></tr>';
$display .= '<tr><td colspan="2" class="pluginInfo" style="text-align:center;padding:10px;">';
$display .= '[ <a href="javascript:history.go(-' . $pages . ')">Go Back</a> ]</td></tr></table>';
if (function_exists('COM_createHTMLDocument')) {
$display = COM_createHTMLDocument($display);
} else {
$display = COM_siteHeader() . $display . COM_siteFooter();
}
COM_output($display);
die("");
}
function MG_processDir($dir, $album_id, $purgefiles, $recurse)
{
global $_TABLES, $LANG_MG02;
if (!@is_dir($dir)) {
$display = COM_showMessageText($LANG_MG02['invalid_directory'] . ' [ <a href=\'javascript:history.go(-1)\'>' . $LANG_MG02['go_back'] . '</a> ]');
$display = MG_createHTMLDocument($display);
COM_output($display);
exit;
}
if (!($dh = @opendir($dir))) {
$display = COM_showMessageText($LANG_MG02['directory_error'] . ' [ <a href=\'javascript:history.go(-1)\'>' . $LANG_MG02['go_back'] . '</a> ]');
$display = MG_createHTMLDocument($display);
COM_output($display);
exit;
}
while (($file = readdir($dh)) != false) {
if ($file == '..' || $file == '.') {
continue;
}
set_time_limit(60);
$filename = $file;
if (PHP_OS == "WINNT") {
$filetmp = $dir . "\\" . $file;
} else {
$filetmp = $dir . '/' . $file;
}
if (is_dir($filetmp)) {
if ($recurse) {
$statusMsg .= MG_processDir($filetmp, $album_id, $purgefiles, $recurse);
}
} else {
$max_filesize = DB_getItem($_TABLES['mg_albums'], 'max_filesize', 'album_id=' . intval($album_id));
if ($max_filesize != 0 && filesize($filetmp) > $max_filesize) {
COM_errorLog("MG Upload: File " . $file . " exceeds maximum filesize for this album.");
$statusMsg = sprintf($LANG_MG02['upload_exceeds_max_filesize'] . '<br' . XHTML . '>', $file);
continue;
}
$filetype = "application/force-download";
$opt = array('upload' => 0, 'purgefiles' => $purgefiles, 'filetype' => $filetype);
list($rc, $msg) = MG_getFile($filetmp, $file, $album_id, $opt);
$statusMsg .= $file . ' ' . $msg . '<br' . XHTML . '>';
}
}
closedir($dh);
return $statusMsg;
}
/**
* Display a 404 not found error message
*
* @param string $alternate_url Point the user to another location
*/
function COM_handle404($alternate_url = '')
{
global $_CONF, $_USER, $LANG_404;
if (function_exists('CUSTOM_handle404')) {
CUSTOM_handle404($alternate_url);
exit;
}
// send 404 in any case
header('HTTP/1.1 404 Not Found');
header('Status: 404 Not Found');
// Add log stuff
$url = COM_getCurrentURL();
if (isset($_USER['uid'])) {
$byuser = $_USER['uid'] . '@' . $_SERVER['REMOTE_ADDR'];
} else {
$byuser = '******' . $_SERVER['REMOTE_ADDR'];
}
$refurl = $_SERVER['HTTP_REFERER'];
$timestamp = @strftime('%c');
$logentry = "404 Error generated by {$byuser} for url: {$url}";
if (!empty($refurl)) {
$logentry .= " - Referring url: {$refurl}";
}
$logentry = str_replace(array('<?', '?>'), array('(@', '@)'), $logentry);
$logfile = $_CONF['path_log'] . '404.log';
if ($file = fopen($logfile, 'a')) {
fputs($file, "{$timestamp} - {$logentry} \n");
}
$display = COM_startBlock($LANG_404[1]);
$display .= sprintf($LANG_404[2], $url);
if ($alternate_url != '') {
$display .= sprintf($LANG_404[4], $alternate_url);
} else {
$display .= $LANG_404[3];
}
$display .= COM_endBlock();
$display = COM_createHTMLDocument($display, array('pagetitle' => $LANG_404[1]));
COM_output($display);
exit;
// Do not want to go any further
}
/**
* Upload new topic icon, replaces previous icon if one exists
*
* @param string $tid ID of topic to prepend to filename
* @return string filename of new photo (empty = no new photo)
*/
function handleIconUpload($tid)
{
global $_CONF, $_TABLES, $LANG27;
$upload = new Upload();
if (!empty($_CONF['image_lib'])) {
if ($_CONF['image_lib'] == 'imagemagick') {
// Using imagemagick
$upload->setMogrifyPath($_CONF['path_to_mogrify']);
} elseif ($_CONF['image_lib'] == 'netpbm') {
// using netPBM
$upload->setNetPBM($_CONF['path_to_netpbm']);
} elseif ($_CONF['image_lib'] == 'gdlib') {
// using the GD library
$upload->setGDLib();
}
$upload->setAutomaticResize(true);
if (isset($_CONF['debug_image_upload']) && $_CONF['debug_image_upload']) {
$upload->setLogFile($_CONF['path'] . 'logs/error.log');
$upload->setDebug(true);
}
if (isset($_CONF['jpeg_quality'])) {
$upload->setJpegQuality($_CONF['jpeg_quality']);
}
}
$upload->setAllowedMimeTypes(array('image/gif' => '.gif', 'image/jpeg' => '.jpg,.jpeg', 'image/pjpeg' => '.jpg,.jpeg', 'image/x-png' => '.png', 'image/png' => '.png'));
if (!$upload->setPath($_CONF['path_images'] . 'topics')) {
$display = COM_showMessageText($upload->printErrors(false), $LANG27[29]);
$display = COM_createHTMLDocument($display, array('pagetitle' => $LANG27[29]));
COM_output($display);
exit;
// don't return
}
$filename = '';
// see if user wants to upload a (new) icon
$newIcon = $_FILES['newicon'];
if (!empty($newIcon['name'])) {
$pos = strrpos($newIcon['name'], '.') + 1;
$fExtension = substr($newIcon['name'], $pos);
$filename = 'topic_' . $tid . '.' . $fExtension;
}
// do the upload
if (!empty($filename)) {
$upload->setFileNames($filename);
$upload->setPerms('0644');
if ($_CONF['max_topicicon_width'] > 0 && $_CONF['max_topicicon_height'] > 0) {
$upload->setMaxDimensions($_CONF['max_topicicon_width'], $_CONF['max_topicicon_height']);
} else {
$upload->setMaxDimensions($_CONF['max_image_width'], $_CONF['max_image_height']);
}
if ($_CONF['max_topicicon_size'] > 0) {
$upload->setMaxFileSize($_CONF['max_topicicon_size']);
} else {
$upload->setMaxFileSize($_CONF['max_image_size']);
}
$upload->uploadFiles();
if ($upload->areErrors()) {
$display = COM_showMessageText($upload->printErrors(false), $LANG27[29]);
$display = COM_createHTMLDocument($display, array('pagetitle' => $LANG27[29]));
COM_output($display);
exit;
// don't return
}
if (strpos($_CONF['path_images'], $_CONF['path_html']) === 0) {
$filename = substr($_CONF['path_images'], strlen($_CONF['path_html']) - 1) . 'topics/' . $filename;
} else {
/**
* Not really used when the 'path_images' is outside of the webroot.
* Let's at least extract the name of the images directory then.
*/
$images = 'images';
$parts = explode('/', $_CONF['path_images']);
if (count($parts) > 1) {
$cnt = count($parts);
// e.g. from /path/to/myimages/ would extract "myimages"
if (empty($parts[$cnt - 1]) && !empty($parts[$cnt - 2])) {
$images = $parts[$cnt - 2];
}
$filename = '/' . $images . '/topics/' . $filename;
}
}
}
return $filename;
}
unlink($_CONF['path_log'] . $_POST['log']);
$timestamp = strftime("%c");
$fd = fopen($_CONF['path_log'] . $_POST['log'], a);
fputs($fd, "{$timestamp} - Log File Cleared \n");
fclose($fd);
$action = $LANG_MONITOR_1['view_log'];
}
if ($action == $LANG_MONITOR_1['view_log']) {
$retval .= "<hr><p><b>{$LANG_MONITOR_1['log_file']} " . $_POST['log'] . "</b></p><pre>";
$retval .= implode('', file($_CONF['path_log'] . $_POST['log']));
$retval .= "</pre>";
}
$T->set_var(array('configuration' => $LANG_MONITOR_1['configuration'], 'doc' => $LANG_MONITOR_1['doc'], 'admin_body' => $retval, 'site_admin_url' => $_CONF['site_admin_url'], 'cron' => $cron));
$T->parse('output', 'admin');
$display .= $T->finish($T->get_var('output'));
// Options
$html_infos['what'] = 'menu';
// If 'none' then no left blocks are returned, if 'menu' (default) then right blocks are returned
$html_infos['pagetitle'] = $MESSAGE[30];
// Optional content for the page's <title>
$html_infos['breadcrumbs'] = '';
// Optional content for the page's breadcrumb
$html_infos['headercode'] = '';
// Optional code to go into the page's <head>
$html_infos['rightblock'] = '';
// Whether or not to show blocks on right hand side default is no (-1)
$html_infos['custom'] = array();
// An array defining custom function to be used to format Rightblocks
//Output
COM_output(COM_createHTMLDocument($display, $html_infos));
/**
* Saves a poll
*
* Saves a poll topic and potential answers to the database
*
* @param string $pid Poll topic ID
* @param string $old_pid Previous poll topic ID
* @param array $Q Array of poll questions
* @param string $mainpage Checkbox: poll appears on homepage
* @param string $topic The text for the topic
* @param string $meta_description
* @param string $meta_keywords
* @param int $statuscode (unused)
* @param string $open Checkbox: poll open for voting
* @param string $hideresults Checkbox: hide results until closed
* @param int $commentcode Indicates if users can comment on poll
* @param array $A Array of possible answers
* @param array $V Array of vote per each answer
* @param array $R Array of remark per each answer
* @param int $owner_id ID of poll owner
* @param int $group_id ID of group poll belongs to
* @param int $perm_owner Permissions the owner has on poll
* @param int $perm_grup Permissions the group has on poll
* @param int $perm_members Permissions logged in members have on poll
* @param int $perm_anon Permissions anonymous users have on poll
* @return string HTML redirect or error message
*
*/
function savepoll($pid, $old_pid, $Q, $mainpage, $topic, $meta_description, $meta_keywords, $statuscode, $open, $hideresults, $commentcode, $A, $V, $R, $owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon)
{
global $_CONF, $_TABLES, $_USER, $LANG21, $LANG25, $MESSAGE, $_POLL_VERBOSE, $_PO_CONF;
$retval = '';
// Convert array values to numeric permission values
list($perm_owner, $perm_group, $perm_members, $perm_anon) = SEC_getPermissionValues($perm_owner, $perm_group, $perm_members, $perm_anon);
$topic = COM_stripslashes($topic);
$meta_description = strip_tags(COM_stripslashes($meta_description));
$meta_keywords = strip_tags(COM_stripslashes($meta_keywords));
$pid = COM_sanitizeID($pid);
$old_pid = COM_sanitizeID($old_pid);
if (empty($pid)) {
if (empty($old_pid)) {
$pid = COM_makeSid();
} else {
$pid = $old_pid;
}
}
// check if any question was entered
if (empty($topic) or count($Q) == 0 or strlen($Q[0]) == 0 or strlen($A[0][0]) == 0) {
$retval .= COM_siteHeader('menu', $LANG25[5]);
$retval .= COM_startBlock($LANG21[32], '', COM_getBlockTemplate('_msg_block', 'header'));
$retval .= $LANG25[2];
$retval .= COM_endBlock(COM_getBlockTemplate('_msg_block', 'footer'));
$retval .= COM_siteFooter();
return $retval;
}
if (!SEC_checkToken()) {
COM_accessLog("User {$_USER['username']} tried to save poll {$pid} and failed CSRF checks.");
return COM_refresh($_CONF['site_admin_url'] . '/plugins/polls/index.php');
}
// check for poll id change
if (!empty($old_pid) && $pid != $old_pid) {
// check if new pid is already in use
if (DB_count($_TABLES['polltopics'], 'pid', $pid) > 0) {
// TBD: abort, display editor with all content intact again
$pid = $old_pid;
// for now ...
}
}
// start processing the poll topic
if ($_POLL_VERBOSE) {
COM_errorLog('**** Inside savepoll() in ' . $_CONF['site_admin_url'] . '/plugins/polls/index.php ***');
}
$access = 0;
if (DB_count($_TABLES['polltopics'], 'pid', $pid) > 0) {
$result = DB_query("SELECT owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon FROM {$_TABLES['polltopics']} WHERE pid = '{$pid}'");
$P = DB_fetchArray($result);
$access = SEC_hasAccess($P['owner_id'], $P['group_id'], $P['perm_owner'], $P['perm_group'], $P['perm_members'], $P['perm_anon']);
} else {
$access = SEC_hasAccess($owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon);
}
if ($access < 3 || !SEC_inGroup($group_id)) {
$display .= COM_siteHeader('menu', $MESSAGE[30]) . COM_showMessageText($MESSAGE[29], $MESSAGE[30]) . COM_siteFooter();
COM_accessLog("User {$_USER['username']} tried to illegally submit or edit poll {$pid}.");
COM_output($display);
exit;
}
if (empty($voters)) {
$voters = 0;
}
if ($_POLL_VERBOSE) {
COM_errorLog('owner permissions: ' . $perm_owner, 1);
COM_errorLog('group permissions: ' . $perm_group, 1);
COM_errorLog('member permissions: ' . $perm_members, 1);
COM_errorLog('anonymous permissions: ' . $perm_anon, 1);
}
// we delete everything and re-create it with the input from the form
$del_pid = $pid;
if (!empty($old_pid) && $pid != $old_pid) {
$del_pid = $old_pid;
// delete by old pid, create using new pid below
}
DB_delete($_TABLES['polltopics'], 'pid', $del_pid);
DB_delete($_TABLES['pollanswers'], 'pid', $del_pid);
DB_delete($_TABLES['pollquestions'], 'pid', $del_pid);
$topic = addslashes($topic);
$meta_description = addslashes($meta_description);
$meta_keywords = addslashes($meta_keywords);
$k = 0;
// set up a counter to make sure we do assign a straight line of question id's
$v = 0;
// re-count votes sine they might have been changed
// first dimension of array are the questions
$num_questions = count($Q);
for ($i = 0; $i < $num_questions; $i++) {
$Q[$i] = COM_stripslashes($Q[$i]);
if (strlen($Q[$i]) > 0) {
// only insert questions that exist
$Q[$i] = addslashes($Q[$i]);
DB_save($_TABLES['pollquestions'], 'qid, pid, question', "'{$k}', '{$pid}', '{$Q[$i]}'");
// within the questions, we have another dimensions with answers,
// votes and remarks
$num_answers = count($A[$i]);
for ($j = 0; $j < $num_answers; $j++) {
$A[$i][$j] = COM_stripslashes($A[$i][$j]);
if (strlen($A[$i][$j]) > 0) {
// only insert answers etc that exist
if (!is_numeric($V[$i][$j])) {
$V[$i][$j] = "0";
}
$A[$i][$j] = addslashes($A[$i][$j]);
$R[$i][$j] = addslashes($R[$i][$j]);
$sql = "INSERT INTO {$_TABLES['pollanswers']} (pid, qid, aid, answer, votes, remark) VALUES " . "('{$pid}', '{$k}', " . ($j + 1) . ", '{$A[$i][$j]}', {$V[$i][$j]}, '{$R[$i][$j]}');";
DB_query($sql);
$v = $v + $V[$i][$j];
}
}
$k++;
}
}
// save topics after the questions so we can include question count into table
$sql = "'{$pid}','{$topic}','{$meta_description}','{$meta_keywords}',{$v}, {$k}, '" . date('Y-m-d H:i:s');
if ($mainpage == 'on') {
$sql .= "',1";
} else {
$sql .= "',0";
}
if ($open == 'on') {
$sql .= ",1";
} else {
$sql .= ",0";
}
if ($hideresults == 'on') {
$sql .= ",1";
} else {
$sql .= ",0";
}
$sql .= ",'{$statuscode}','{$commentcode}',{$owner_id},{$group_id},{$perm_owner},{$perm_group},{$perm_members},{$perm_anon}";
// Save poll topic
DB_save($_TABLES['polltopics'], "pid, topic, meta_description, meta_keywords, voters, questions, date, display, is_open, hideresults, statuscode, commentcode, owner_id, group_id, perm_owner, perm_group, perm_members, perm_anon", $sql);
if (empty($old_pid) || $old_pid == $pid) {
PLG_itemSaved($pid, 'polls');
} else {
DB_change($_TABLES['comments'], 'sid', addslashes($pid), array('sid', 'type'), array(addslashes($old_pid), 'polls'));
PLG_itemSaved($pid, 'polls', $old_pid);
}
if ($_POLL_VERBOSE) {
COM_errorLog('**** Leaving savepoll() in ' . $_CONF['site_admin_url'] . '/plugins/polls/index.php ***');
}
return PLG_afterSaveSwitch($_PO_CONF['aftersave'], $_CONF['site_url'] . '/polls/index.php?pid=' . $pid, 'polls', 19);
return COM_refresh($_CONF['site_admin_url'] . '/plugins/polls/index.php?msg=19');
}
/**
* Check a security token.
* Checks the POST and GET data for a security token, if one exists, validates
* that it's for this user and URL. If the token is not valid, it asks the user
* to re-authenticate and resends the request if authentication was successful.
*
* @return boolean true if the token is valid; does not return if not!
* @see SECINT_checkToken
* @link http://wiki.geeklog.net/index.php/Re-Authentication_for_expired_Tokens
*/
function SEC_checkToken()
{
global $_CONF, $LANG20, $LANG_ADMIN;
if (SECINT_checkToken()) {
// if this was a recreated request, recreate $_FILES array, too
SECINT_recreateFilesArray();
return true;
}
/**
* Token not valid (probably expired): Ask user to authenticate again
*/
$returnurl = COM_getCurrentUrl();
$method = strtoupper($_SERVER['REQUEST_METHOD']);
$postdata = serialize($_POST);
$getdata = serialize($_GET);
$files = '';
if (!empty($_FILES)) {
// rescue uploaded files
foreach ($_FILES as $key => $f) {
if (!empty($f['name'])) {
$filename = basename($f['tmp_name']);
move_uploaded_file($f['tmp_name'], $_CONF['path_data'] . $filename);
$_FILES[$key]['tmp_name'] = $filename;
// drop temp. dir
}
}
$files = serialize($_FILES);
}
$display = COM_showMessageText($LANG_ADMIN['token_expired']) . SECINT_authform($returnurl, $method, $postdata, $getdata, $files);
$display = COM_createHTMLDocument($display, array('pagetitle' => $LANG20[1]));
COM_output($display);
exit;
// we don't return from here
}
$retval .= "</select> ";
$retval .= "<input type=\"submit\" name=\"action\" value=\"{$LANG_CP00['view_file']}\"" . XHTML . ">";
$retval .= " ";
$retval .= "<input type=\"submit\" name=\"action\" value=\"{$LANG_CP00['clear_file']}\"" . XHTML . ">";
$retval .= "</form>";
$action = COM_applyFilter($_REQUEST['action']);
if ($action == $LANG_CP00['clear_file']) {
@unlink($_CONF['path_log'] . $log);
$timestamp = strftime("%c");
$fd = fopen($_CONF['path_log'] . $log, 'a');
fputs($fd, "{$timestamp} - {$LANG_CP00['file_cleared']} \n");
fclose($fd);
$action = $LANG_CP00['view_file'];
}
if ($action == $LANG_CP00['view_file']) {
$retval .= "<hr" . XHTML . "><p><b>{$LANG_CP00['file']} " . $log . "</b></p><div class=\"captcha_logview\">";
if (file_exists($_CONF['path_log'] . $log)) {
$retval .= implode('<br' . XHTML . '><br' . XHTML . '>', file($_CONF['path_log'] . $log));
}
$retval .= "</div>";
}
$T->set_var(array('admin_body' => $retval, 'title' => $LANG_CP00['log_viewer']));
$T->parse('output', 'admin');
$display .= $T->finish($T->get_var('output')) . COM_endBlock();
//Output
if (function_exists("COM_createHTMLDocument")) {
//Geeklog 2.0+
COM_output(COM_createHTMLDocument($display));
} else {
COM_output(COM_siteHeader() . $display . COM_siteFooter(true));
}
if ($msg <= 0) {
$msg = 0;
}
}
// Handle just template staticpage security here, rest done in services.
// Cannot view template staticpages directly. If template staticpage bail here
// if user doesn't have edit rights.
if (DB_getItem($_TABLES['staticpage'], 'template_flag', "sp_id = '{$page}'") == 1) {
if (SEC_hasRights('staticpages.edit')) {
$perms = SP_getPerms('', '3');
if (!empty($perms)) {
$perms = ' AND ' . $perms;
}
if (DB_getItem($_TABLES['staticpage'], 'sp_id', "sp_id = '{$page}'" . $perms) == '') {
COM_handle404();
exit;
}
} else {
COM_handle404();
exit;
}
}
$retval = SP_returnStaticpage($page, $display_mode, $comment_order, $comment_mode, $comment_page, $msg, $query);
if ($display_mode == 'print') {
header('Content-Type: text/html; charset=' . COM_getCharset());
if (!empty($_CONF['frame_options'])) {
header('X-FRAME-OPTIONS: ' . $_CONF['frame_options']);
}
}
COM_output($retval);
// | as published by the Free Software Foundation; either version 2 |
// | of the License, or (at your option) any later version. |
// | |
// | This program is distributed in the hope that it will be useful, |
// | but WITHOUT ANY WARRANTY; without even the implied warranty of |
// | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
// | GNU General Public License for more details. |
// | |
// | You should have received a copy of the GNU General Public License |
// | along with this program; if not, write to the Free Software Foundation, |
// | Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. |
// | |
// +---------------------------------------------------------------------------+
require_once '../../../lib-common.php';
if (!in_array('tag', $_PLUGINS)) {
COM_output(COM_refresh($_CONF['site_url'] . '/index.php'));
exit;
}
TAG_checkAdmin();
/**
* Main
*/
class TagStats
{
function TagStats()
{
}
function add()
{
}
function edit()
/**
* Create the links list depending on the category given
*
* @param array $message message(s) to display
* @return string the links page
*
*/
function links_list($message)
{
global $_CONF, $_TABLES, $_LI_CONF, $LANG_LINKS_ADMIN, $LANG_LINKS, $LANG_LINKS_STATS;
$cid = $_LI_CONF['root'];
$display = '';
if (isset($_GET['category'])) {
$cid = strip_tags(COM_stripslashes($_GET['category']));
} elseif (isset($_POST['category'])) {
$cid = strip_tags(COM_stripslashes($_POST['category']));
}
$cat = DB_escapeString($cid);
$page = 0;
if (isset($_GET['page'])) {
$page = COM_applyFilter($_GET['page'], true);
}
if ($page == 0) {
$page = 1;
}
if (empty($cid)) {
if ($page > 1) {
$page_title = sprintf($LANG_LINKS[114] . ' (%d)', $page);
} else {
$page_title = $LANG_LINKS[114];
}
} else {
if ($cid == $_LI_CONF['root']) {
$category = $LANG_LINKS['root'];
} else {
$category = DB_getItem($_TABLES['linkcategories'], 'category', "cid = '{$cat}'");
}
if ($page > 1) {
$page_title = sprintf($LANG_LINKS[114] . ': %s (%d)', $category, $page);
} else {
$page_title = sprintf($LANG_LINKS[114] . ': %s', $category);
}
}
// Check has access and existent to this category
if ($cid != $_LI_CONF['root']) {
$result = DB_query("SELECT owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon FROM {$_TABLES['linkcategories']} WHERE cid='{$cat}'");
$A = DB_fetchArray($result);
if (SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']) < 2) {
$display .= COM_showMessage(5, 'links');
$display = COM_createHTMLDocument($display, array('pagetitle' => $page_title));
COM_output($display);
exit;
}
// check existent
if (!isset($A['owner_id'])) {
$display .= COM_showMessage(16, 'links');
$display = COM_createHTMLDocument($display, array('pagetitle' => $page_title));
COM_output($display);
exit;
}
}
if (is_array($message) && !empty($message[0])) {
$display .= COM_showMessageText($message[1], $message[0]);
} else {
if (isset($_REQUEST['msg'])) {
$msg = COM_applyFilter($_REQUEST['msg'], true);
if ($msg > 0) {
$display .= COM_showMessage($msg, 'links');
}
}
}
$linklist = COM_newTemplate(CTL_plugin_templatePath('links'));
$linklist->set_file(array('linklist' => 'links.thtml', 'catlinks' => 'categorylinks.thtml', 'link' => 'linkdetails.thtml', 'catnav' => 'categorynavigation.thtml', 'catrow' => 'categoryrow.thtml', 'catcol' => 'categorycol.thtml', 'actcol' => 'categoryactivecol.thtml', 'pagenav' => 'pagenavigation.thtml', 'catdrop' => 'categorydropdown.thtml'));
$linklist->set_var('blockheader', COM_startBlock($LANG_LINKS[114]));
if ($_LI_CONF['linkcols'] > 0) {
// Create breadcrumb trail
$linklist->set_var('breadcrumbs', links_breadcrumbs($_LI_CONF['root'], $cid));
// Set dropdown for category jump
$linklist->set_var('lang_go', $LANG_LINKS[124]);
$linklist->set_var('link_dropdown', links_select_box(2, $cid));
// Show categories
$sql = "SELECT cid,pid,category,description FROM {$_TABLES['linkcategories']} WHERE pid='{$cat}'";
$sql .= COM_getLangSQL('cid', 'AND');
$sql .= COM_getPermSQL('AND') . " ORDER BY category";
$result = DB_query($sql);
$nrows = DB_numRows($result);
if ($nrows > 0) {
$linklist->set_var('lang_categories', $LANG_LINKS_ADMIN[14]);
for ($i = 1; $i <= $nrows; $i++) {
$C = DB_fetchArray($result);
// Get number of child links user can see in this category
$ccid = DB_escapeString($C['cid']);
$result1 = DB_query("SELECT COUNT(*) AS count FROM {$_TABLES['links']} WHERE cid='{$ccid}'" . COM_getPermSQL('AND'));
$D = DB_fetchArray($result1);
// Get number of child categories user can see in this category
$result2 = DB_query("SELECT COUNT(*) AS count FROM {$_TABLES['linkcategories']} WHERE pid='{$ccid}'" . COM_getPermSQL('AND'));
$E = DB_fetchArray($result2);
// Format numbers for display
$display_count = '';
// don't show zeroes
if ($E['count'] > 0) {
$display_count = COM_numberFormat($E['count']);
}
if ($E['count'] > 0 && $D['count'] > 0) {
$display_count .= ', ';
}
if ($D['count'] > 0) {
$display_count .= COM_numberFormat($D['count']);
}
// add brackets if child items exist
if ($display_count != '') {
$display_count = '(' . $display_count . ')';
}
$linklist->set_var('category_name', $C['category']);
if ($_LI_CONF['show_category_descriptions']) {
$linklist->set_var('category_description', PLG_replaceTags($C['description']));
} else {
$linklist->set_var('category_description', '');
}
$linklist->set_var('category_link', $_CONF['site_url'] . '/links/index.php?category=' . rawurlencode($C['cid']));
$linklist->set_var('category_count', $display_count);
$linklist->set_var('width', floor(100 / $_LI_CONF['linkcols']));
if (!empty($cid) && $cid == $C['cid']) {
$linklist->parse('category_col', 'actcol', true);
} else {
$linklist->parse('category_col', 'catcol', true);
}
if ($i % $_LI_CONF['linkcols'] == 0) {
$linklist->parse('category_row', 'catrow', true);
$linklist->set_var('category_col', '');
}
}
if ($nrows % $_LI_CONF['linkcols'] != 0) {
$linklist->parse('category_row', 'catrow', true);
}
$linklist->parse('category_navigation', 'catnav', true);
} else {
$linklist->set_var('category_navigation', '');
}
} else {
$linklist->set_var('category_navigation', '');
}
if ($_LI_CONF['linkcols'] == 0) {
$linklist->set_var('category_dropdown', '');
} else {
$linklist->parse('category_dropdown', 'catdrop', true);
}
$linklist->set_var('cid', $cid);
$linklist->set_var('cid_plain', $cid);
$linklist->set_var('cid_encoded', rawurlencode($cid));
$linklist->set_var('lang_addalink', $LANG_LINKS[116]);
// Build SQL for links
$sql = 'SELECT lid,cid,url,description,title,hits,owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon';
$from_where = " FROM {$_TABLES['links']}";
if ($_LI_CONF['linkcols'] > 0) {
if (!empty($cid)) {
$from_where .= " WHERE cid='" . DB_escapeString($cid) . "'";
} else {
$from_where .= " WHERE cid=''";
}
$from_where .= COM_getPermSQL('AND');
} else {
$from_where .= COM_getPermSQL();
}
$order = ' ORDER BY cid ASC,title';
$limit = '';
if ($_LI_CONF['linksperpage'] > 0) {
if ($page < 1) {
$start = 0;
} else {
$start = ($page - 1) * $_LI_CONF['linksperpage'];
}
$limit = ' LIMIT ' . $start . ',' . $_LI_CONF['linksperpage'];
}
$result = DB_query($sql . $from_where . $order . $limit);
$nrows = DB_numRows($result);
if ($nrows == 0) {
if ($cid == $_LI_CONF['root'] && $page <= 1 && $_LI_CONF['show_top10']) {
$result = DB_query("SELECT lid,url,title,description,hits,owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon FROM {$_TABLES['links']} WHERE (hits > 0)" . COM_getPermSQL('AND') . LINKS_getCategorySQL('AND') . " ORDER BY hits DESC LIMIT 10");
$nrows = DB_numRows($result);
if ($nrows > 0) {
$linklist->set_var('link_details', '');
$linklist->set_var('link_category', $LANG_LINKS_STATS['stats_headline']);
for ($i = 0; $i < $nrows; $i++) {
$A = DB_fetchArray($result);
prepare_link_item($A, $linklist);
$linklist->parse('link_details', 'link', true);
}
$linklist->parse('category_links', 'catlinks', true);
}
}
$linklist->set_var('page_navigation', '');
} else {
$currentcid = '';
for ($i = 0; $i < $nrows; $i++) {
$A = DB_fetchArray($result);
if (strcasecmp($A['cid'], $currentcid) != 0) {
// print the category and link
if ($i > 0) {
$linklist->parse('category_links', 'catlinks', true);
$linklist->set_var('link_details', '');
}
$currentcid = $A['cid'];
$currentcategory = DB_getItem($_TABLES['linkcategories'], 'category', "cid = '" . DB_escapeString($currentcid) . "'");
if ($A['cid'] == $_LI_CONF['root']) {
$linklist->set_var('link_category', $LANG_LINKS['root']);
} else {
$linklist->set_var('link_category', $currentcategory);
}
}
prepare_link_item($A, $linklist);
$linklist->parse('link_details', 'link', true);
}
$linklist->parse('category_links', 'catlinks', true);
$result = DB_query('SELECT COUNT(*) AS count ' . $from_where);
list($numlinks) = DB_fetchArray($result);
$pages = 0;
if ($_LI_CONF['linksperpage'] > 0) {
$pages = (int) ($numlinks / $_LI_CONF['linksperpage']);
if ($numlinks % $_LI_CONF['linksperpage'] > 0) {
$pages++;
}
}
if ($pages > 0) {
if ($_LI_CONF['linkcols'] > 0 && !empty($currentcid)) {
$catlink = '?category=' . rawurlencode($currentcid);
} else {
$catlink = '';
}
$linklist->set_var('page_navigation', COM_printPageNavigation($_CONF['site_url'] . '/links/index.php' . $catlink, $page, $pages));
} else {
$linklist->set_var('page_navigation', '');
}
}
$linklist->set_var('blockfooter', COM_endBlock());
$linklist->parse('output', 'linklist');
$display .= $linklist->finish($linklist->get_var('output'));
$display = COM_createHTMLDocument($display, array('pagetitle' => $page_title));
return $display;
}
/**
* Saves a poll
* Saves a poll topic and potential answers to the database
*
* @param string $pid Poll topic ID
* @param string $old_pid Previous poll topic ID
* @param array $Q Array of poll questions
* @param string $mainPage Checkbox: poll appears on homepage
* @param string $topic The text for the topic
* @param string $meta_description
* @param string $meta_keywords
* @param int $statusCode (unused)
* @param string $open Checkbox: poll open for voting
* @param string $hideResults Checkbox: hide results until closed
* @param int $commentCode Indicates if users can comment on poll
* @param array $A Array of possible answers
* @param array $V Array of vote per each answer
* @param array $R Array of remark per each answer
* @param int $owner_id ID of poll owner
* @param int $group_id ID of group poll belongs to
* @param int $perm_owner Permissions the owner has on poll
* @param int $perm_group Permissions the group has on poll
* @param int $perm_members Permissions logged in members have on poll
* @param int $perm_anon Permissions anonymous users have on poll
* @param bool $allow_multipleanswers
* @param string $topic_description
* @param string $description
* @return string|void
*/
function savepoll($pid, $old_pid, $Q, $mainPage, $topic, $meta_description, $meta_keywords, $statusCode, $open, $hideResults, $commentCode, $A, $V, $R, $owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon, $allow_multipleanswers, $topic_description, $description)
{
global $_CONF, $_TABLES, $_USER, $LANG21, $LANG25, $MESSAGE, $_POLL_VERBOSE, $_PO_CONF;
$retval = '';
// Convert array values to numeric permission values
list($perm_owner, $perm_group, $perm_members, $perm_anon) = SEC_getPermissionValues($perm_owner, $perm_group, $perm_members, $perm_anon);
$topic = COM_stripslashes($topic);
$topic = COM_checkHTML($topic);
$topic_description = strip_tags(COM_stripslashes($topic_description));
$meta_description = strip_tags(COM_stripslashes($meta_description));
$meta_keywords = strip_tags(COM_stripslashes($meta_keywords));
$pid = COM_sanitizeID($pid);
$old_pid = COM_sanitizeID($old_pid);
if (empty($pid)) {
if (empty($old_pid)) {
$pid = COM_makeSid();
} else {
$pid = $old_pid;
}
}
// check if any question was entered
if (empty($topic) || count($Q) === 0 || strlen($Q[0]) === 0 || strlen($A[0][0]) === 0) {
$retval .= COM_showMessageText($LANG25[2], $LANG21[32]);
$retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG25[5]));
return $retval;
}
if (!SEC_checkToken()) {
COM_accessLog("User {$_USER['username']} tried to save poll {$pid} and failed CSRF checks.");
COM_redirect($_CONF['site_admin_url'] . '/plugins/polls/index.php');
}
// check for poll id change
if (!empty($old_pid) && $pid != $old_pid) {
// check if new pid is already in use
if (DB_count($_TABLES['polltopics'], 'pid', $pid) > 0) {
// TBD: abort, display editor with all content intact again
$pid = $old_pid;
// for now ...
}
}
// start processing the poll topic
if ($_POLL_VERBOSE) {
COM_errorLog('**** Inside savepoll() in ' . $_CONF['site_admin_url'] . '/plugins/polls/index.php ***');
}
if (DB_count($_TABLES['polltopics'], 'pid', $pid) > 0) {
$result = DB_query("SELECT owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon FROM {$_TABLES['polltopics']} WHERE pid = '{$pid}'");
$P = DB_fetchArray($result);
$access = SEC_hasAccess($P['owner_id'], $P['group_id'], $P['perm_owner'], $P['perm_group'], $P['perm_members'], $P['perm_anon']);
} else {
$access = SEC_hasAccess($owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon);
}
if ($access < 3 || !SEC_inGroup($group_id)) {
$display = COM_showMessageText($MESSAGE[29], $MESSAGE[30]);
$display = COM_createHTMLDocument($display, array('pagetitle' => $MESSAGE[30]));
COM_accessLog("User {$_USER['username']} tried to illegally submit or edit poll {$pid}.");
COM_output($display);
exit;
}
if ($_POLL_VERBOSE) {
COM_errorLog('owner permissions: ' . $perm_owner, 1);
COM_errorLog('group permissions: ' . $perm_group, 1);
COM_errorLog('member permissions: ' . $perm_members, 1);
COM_errorLog('anonymous permissions: ' . $perm_anon, 1);
}
// we delete everything and re-create it with the input from the form
$del_pid = $pid;
if (!empty($old_pid) && $pid != $old_pid) {
$del_pid = $old_pid;
// delete by old pid, create using new pid below
}
// Retrieve Created Date before delete
$created_date = DB_getItem($_TABLES['polltopics'], 'created', "pid = '{$del_pid}'");
if ($created_date == '') {
$created_date = date('Y-m-d H:i:s');
}
DB_delete($_TABLES['polltopics'], 'pid', $del_pid);
DB_delete($_TABLES['pollanswers'], 'pid', $del_pid);
DB_delete($_TABLES['pollquestions'], 'pid', $del_pid);
$topic = GLText::remove4byteUtf8Chars($topic);
$topic = DB_escapeString($topic);
$topic_description = GLText::remove4byteUtf8Chars($topic_description);
$topic_description = DB_escapeString($topic_description);
$meta_description = GLText::remove4byteUtf8Chars($meta_description);
$meta_description = DB_escapeString($meta_description);
$meta_keywords = GLText::remove4byteUtf8Chars($meta_keywords);
$meta_keywords = DB_escapeString($meta_keywords);
$k = 0;
// set up a counter to make sure we do assign a straight line of question id's
// first dimension of array are the questions
$num_questions = count($Q);
$num_total_votes = 0;
$num_questions_exist = 0;
for ($i = 0; $i < $num_questions; $i++) {
$Q[$i] = COM_stripslashes($Q[$i]);
$Q[$i] = COM_checkHTML($Q[$i]);
$Q[$i] = GLText::remove4byteUtf8Chars($Q[$i]);
$allow_multipleanswers[$i] = GLText::remove4byteUtf8Chars(COM_stripslashes($allow_multipleanswers[$i]));
$description[$i] = GLText::remove4byteUtf8Chars(COM_checkHTML(COM_stripslashes($description[$i])));
if ($allow_multipleanswers[$i] == 'on') {
$allow_multipleanswers[$i] = 1;
} else {
$allow_multipleanswers[$i] = 0;
}
if (strlen($Q[$i]) > 0) {
// only insert questions that exist
$num_questions_exist++;
$Q[$i] = DB_escapeString($Q[$i]);
DB_save($_TABLES['pollquestions'], 'qid, pid, question,allow_multipleanswers,description', "'{$k}', '{$pid}', '{$Q[$i]}','{$allow_multipleanswers[$i]}','{$description[$i]}'");
// within the questions, we have another dimensions with answers,
// votes and remarks
$num_answers = count($A[$i]);
for ($j = 0; $j < $num_answers; $j++) {
$A[$i][$j] = COM_stripslashes($A[$i][$j]);
$A[$i][$j] = COM_checkHTML($A[$i][$j]);
$A[$i][$j] = GLText::remove4byteUtf8Chars($A[$i][$j]);
$R[$i][$j] = COM_stripslashes($R[$i][$j]);
$R[$i][$j] = COM_checkHTML($R[$i][$j]);
$R[$i][$j] = GLText::remove4byteUtf8Chars($R[$i][$j]);
if (strlen($A[$i][$j]) > 0) {
// only insert answers etc that exist
if (!is_numeric($V[$i][$j])) {
$V[$i][$j] = "0";
}
$A[$i][$j] = DB_escapeString($A[$i][$j]);
$R[$i][$j] = DB_escapeString($R[$i][$j]);
$sql = "INSERT INTO {$_TABLES['pollanswers']} (pid, qid, aid, answer, votes, remark) VALUES " . "('{$pid}', '{$k}', " . ($j + 1) . ", '{$A[$i][$j]}', {$V[$i][$j]}, '{$R[$i][$j]}');";
DB_query($sql);
$num_total_votes = $num_total_votes + $V[$i][$j];
}
}
$k++;
}
}
// determine the number of voters (cannot use records in pollvoters table since they get deleted after a time $_PO_CONF['polladdresstime'])
if ($num_questions_exist > 0) {
$numVoters = $num_total_votes / $num_questions_exist;
} else {
// This shouldn't happen
$numVoters = $num_total_votes;
}
// save topics after the questions so we can include question count into table
$sql = "'{$pid}','{$topic}','{$meta_description}','{$meta_keywords}',{$numVoters}, {$k}, '{$created_date}', '" . date('Y-m-d H:i:s');
if ($mainPage == 'on') {
$sql .= "',1";
} else {
$sql .= "',0";
}
if ($open == 'on') {
$sql .= ",1";
} else {
$sql .= ",0";
}
if ($hideResults == 'on') {
$sql .= ",1";
} else {
$sql .= ",0";
}
$sql .= ",'{$statusCode}','{$commentCode}',{$owner_id},{$group_id},{$perm_owner},{$perm_group},{$perm_members},{$perm_anon},'{$topic_description}'";
// Save poll topic
DB_save($_TABLES['polltopics'], "pid, topic, meta_description, meta_keywords, voters, questions, created, modified, display, is_open, hideresults, statuscode, commentcode, owner_id, group_id, perm_owner, perm_group, perm_members, perm_anon,description", $sql);
if (empty($old_pid) || $old_pid == $pid) {
PLG_itemSaved($pid, 'polls');
} else {
DB_change($_TABLES['comments'], 'sid', DB_escapeString($pid), array('sid', 'type'), array(DB_escapeString($old_pid), 'polls'));
DB_change($_TABLES['pollvoters'], 'pid', DB_escapeString($pid), 'pid', DB_escapeString($old_pid));
PLG_itemSaved($pid, 'polls', $old_pid);
}
if ($_POLL_VERBOSE) {
COM_errorLog('**** Leaving savepoll() in ' . $_CONF['site_admin_url'] . '/plugins/polls/index.php ***');
}
return PLG_afterSaveSwitch($_PO_CONF['aftersave'], $_CONF['site_url'] . '/polls/index.php?pid=' . $pid, 'polls', 19);
}
/**
* Re-send a request after successful re-authentication
* Re-creates a GET or POST request based on data passed along in a form. Used
* in case of an expired security token so that the user doesn't lose changes.
*/
function resend_request()
{
global $_CONF;
$method = '';
if (isset($_POST['token_requestmethod'])) {
$method = COM_applyFilter($_POST['token_requestmethod']);
}
$returnUrl = '';
if (isset($_POST['token_returnurl'])) {
$returnUrl = urldecode($_POST['token_returnurl']);
if (substr($returnUrl, 0, strlen($_CONF['site_url'])) != $_CONF['site_url']) {
// only accept URLs on our site
$returnUrl = '';
}
}
$postData = '';
if (isset($_POST['token_postdata'])) {
$postData = urldecode($_POST['token_postdata']);
}
$getData = '';
if (isset($_POST['token_getdata'])) {
$getData = urldecode($_POST['token_getdata']);
}
$files = '';
if (isset($_POST['token_files'])) {
$files = urldecode($_POST['token_files']);
}
if (SECINT_checkToken() && !empty($method) && !empty($returnUrl) && ($method === 'POST' && !empty($postData) || $method === 'GET' && !empty($getData))) {
$magic = get_magic_quotes_gpc();
if ($method === 'POST') {
$req = new HTTP_Request2($returnUrl, HTTP_Request2::METHOD_POST);
$data = unserialize($postData);
foreach ($data as $key => $value) {
if ($key == CSRF_TOKEN) {
$req->addPostParameter($key, SEC_createToken());
} else {
if ($magic) {
$value = stripslashes_gpc_recursive($value);
}
$req->addPostParameter($key, $value);
}
}
if (!empty($files)) {
$files = unserialize($files);
}
if (!empty($files)) {
foreach ($files as $key => $value) {
$req->addPostParameter('_files_' . $key, $value);
}
}
} else {
$data = unserialize($getData);
foreach ($data as $key => &$value) {
if ($key == CSRF_TOKEN) {
$value = SEC_createToken();
} else {
if ($magic) {
$value = stripslashes_gpc_recursive($value);
}
}
}
$returnUrl = $returnUrl . '?' . http_build_query($data);
$req = new HTTP_Request2($returnUrl, HTTP_Request2::METHOD_GET);
}
$req->setHeader('User-Agent', 'Geeklog/' . VERSION);
// need to fake the referrer so the new token matches
$req->setHeader('Referer', COM_getCurrentUrl());
foreach ($_COOKIE as $cookie => $value) {
$req->addCookie($cookie, $value);
}
try {
$response = $req->send();
$status = $response->getStatus();
if ($status == 200) {
COM_output($response->getBody());
} else {
throw new HTTP_Request2_Exception('HTTP error: status code = ' . $status);
}
} catch (HTTP_Request2_Exception $e) {
if (!empty($files)) {
SECINT_cleanupFiles($files);
}
trigger_error("Resending {$method} request failed: " . $e->getMessage());
}
} else {
if (!empty($files)) {
SECINT_cleanupFiles($files);
}
COM_redirect($_CONF['site_url'] . '/index.php');
}
// don't return
exit;
}
function MAPS_exportCSV($map, $separator = ";", $fields = array())
{
global $_CONF, $_MAPS_CONF, $_TABLES, $LANG_MAPS_1;
$count = count($fields);
$i = 1;
$selected_fields = '';
$valid_fieds = MAPS_getFieldsImportExport();
foreach ($fields as $value) {
if (in_array($value, $valid_fieds)) {
$selected_fields .= $value;
if ($i < $count) {
$selected_fields .= ', ';
}
}
$i++;
}
//if ( $selected_fields == '' ) return;
$result = DB_query("SELECT \n\t\t\t\t\t\t\t{$selected_fields} \n\t\t\t\t\t\t\tFROM {$_TABLES['maps_markers']} WHERE mid={$map}");
//Check if there is at least 1 marker
$rows = DB_numRows($result);
if ($rows < 1 || $selected_fields == '') {
$display .= COM_siteHeader('menu', $LANG_MAPS_1['plugin_name']);
$display .= MAPS_admin_menu();
$display .= MAPS_message($LANG_MAPS_1['no_marker_to_export']);
$display .= COM_siteFooter(0);
COM_output($display);
exit;
}
$search = array(',', '\'', ' ', '.', '!', ':');
$sitename = str_replace($search, "_", $_CONF['site_name']);
// send response headers to the browser
header('Content-Type: text/csv');
header('Content-Disposition: attachment;filename=map_' . $map . '_' . $sitename . '.csv');
$fp1 = fopen('php://output', 'w');
while ($row = DB_fetchArray($result, false)) {
if ($separator == ',') {
fputcsv($fp1, $row, ",", '"');
} else {
if ($separator == 'tab') {
fputcsv($fp1, $row, "\t", '"');
} else {
fputcsv($fp1, $row, ";", '"');
}
}
}
fclose($fp1);
//header("Refresh: 0;url={$_CONF['site_admin_url']}/plugins/maps/import_export.php");
}
}
$display = '';
$menu_arr = array(array('url' => $_CONF['site_admin_url'], 'text' => $LANG_ADMIN['admin_home']));
$display = COM_startBlock($LANG_LOGVIEW['log_viewer'], '', COM_getBlockTemplate('_admin_block', 'header')) . ADMIN_createMenu($menu_arr, $LANG_LOGVIEW['info'], $_CONF['layout_url'] . '/images/icons/log_viewer.' . $_IMAGE_TYPE);
$display .= '<form method="post" action="' . $_CONF['site_admin_url'] . '/logviewer.php" class="uk-form"><div>' . $LANG_LOGVIEW['logs'] . ': ' . '<select name="log">';
foreach (glob($_CONF['path_log'] . '*.log') as $file) {
$file = basename($file);
$display .= '<option value="' . $file . '"';
if ($log === $file) {
$display .= ' selected="selected"';
}
$display .= '>' . $file . '</option>';
}
$display .= '</select> ' . '<button type="submit" name="viewlog" value="' . $LANG_LOGVIEW['view'] . '" class="uk-button">' . $LANG_LOGVIEW['view'] . '</button>' . ' ' . '<button type="submit" name="clearlog" value="' . $LANG_LOGVIEW['clear'] . '" class="uk-button" onclick="return confirm(\'' . $MESSAGE[76] . '\');">' . $LANG_LOGVIEW['clear'] . '</button>' . '</div></form>';
if (isset($_POST['clearlog'])) {
if (@unlink($_CONF['path_log'] . $log)) {
$timestamp = strftime("%c");
@file_put_contents($_CONF['path_log'] . $log, "{$timestamp} - Log File Cleared " . PHP_EOL, FILE_APPEND);
$_POST['viewlog'] = 1;
}
}
if (isset($_POST['viewlog'])) {
$display .= '<p><strong>' . $LANG_LOGVIEW['log_file'] . ': ' . $log . '</strong></p>' . '<div style="margin:10px 0 5px;border-bottom:1px solid #cccccc;"></div>' . '<pre style="overflow:scroll; height:500px;">' . htmlentities(file_get_contents($_CONF['path_log'] . $log), ENT_NOQUOTES, COM_getEncodingt()) . '</pre>';
}
$display .= COM_endBlock(COM_getBlockTemplate('_admin_block', 'footer'));
$output = COM_createHTMLDocument($display, array('pagetitle' => $LANG_LOGVIEW['log_viewer']));
header('Content-Type: text/html; charset=' . COM_getEncodingt());
header('X-XSS-Protection: 1; mode=block');
header('X-Content-Type-Options: nosniff');
COM_output($output);
function forum_chkUsercanAccess($secure = false)
{
global $_CONF, $LANG_GF01, $LANG_GF02, $CONF_FORUM, $_USER;
if ($CONF_FORUM['registration_required'] && $_USER['uid'] < 2) {
$display = COM_siteHeader();
$display .= '<table width="100%" height="100"><tr><td><center>';
$display .= sprintf($LANG_GF01['loginreqview'], '<a href="' . $_CONF['site_url'] . '/users.php?mode=new">', '<a href="' . $_CONF['site_url'] . '/users.php">');
$display .= '</center></td></tr></table>';
$display .= COM_siteFooter();
COM_output($display);
exit;
} elseif ($secure and empty($_USER['uid'])) {
$display = COM_siteHeader();
$display .= '<br' . XHTML . '>';
$display .= BlockMessage($LANG_GF01['ACCESSERROR'], $LANG_GF02['msg83'], false);
$display .= COM_siteFooter();
COM_output($display);
exit;
}
}
/**
* Upload new photo, delete old photo
*
* @param string $delete_photo 'on': delete old photo
* @return string filename of new photo (empty = no new photo)
*
*/
function handlePhotoUpload($delete_photo = '')
{
global $_CONF, $_TABLES, $_USER, $LANG24;
require_once $_CONF['path_system'] . 'classes/upload.class.php';
$upload = new upload();
if (!empty($_CONF['image_lib'])) {
if ($_CONF['image_lib'] == 'imagemagick') {
// Using imagemagick
$upload->setMogrifyPath($_CONF['path_to_mogrify']);
} elseif ($_CONF['image_lib'] == 'netpbm') {
// using netPBM
$upload->setNetPBM($_CONF['path_to_netpbm']);
} elseif ($_CONF['image_lib'] == 'gdlib') {
// using the GD library
$upload->setGDLib();
}
$upload->setAutomaticResize(true);
if (isset($_CONF['debug_image_upload']) && $_CONF['debug_image_upload']) {
$upload->setLogFile($_CONF['path'] . 'logs/error.log');
$upload->setDebug(true);
}
if (isset($_CONF['jpeg_quality'])) {
$upload->setJpegQuality($_CONF['jpeg_quality']);
}
}
$upload->setAllowedMimeTypes(array('image/gif' => '.gif', 'image/jpeg' => '.jpg,.jpeg', 'image/pjpeg' => '.jpg,.jpeg', 'image/x-png' => '.png', 'image/png' => '.png'));
if (!$upload->setPath($_CONF['path_images'] . 'userphotos')) {
$display = COM_siteHeader('menu', $LANG24[30]);
$display .= COM_startBlock($LANG24[30], '', COM_getBlockTemplate('_msg_block', 'header'));
$display .= $upload->printErrors(false);
$display .= COM_endBlock(COM_getBlockTemplate('_msg_block', 'footer'));
$display .= COM_siteFooter();
COM_output($display);
exit;
// don't return
}
$filename = '';
if (!empty($delete_photo) && $delete_photo == 'on') {
$delete_photo = true;
} else {
$delete_photo = false;
}
$curphoto = DB_getItem($_TABLES['users'], 'photo', "uid = {$_USER['uid']}");
if (empty($curphoto)) {
$delete_photo = false;
}
// see if user wants to upload a (new) photo
$newphoto = $_FILES['photo'];
if (!empty($newphoto['name'])) {
$pos = strrpos($newphoto['name'], '.') + 1;
$fextension = substr($newphoto['name'], $pos);
$filename = $_USER['username'] . '.' . $fextension;
if (!empty($curphoto) && $filename != $curphoto) {
$delete_photo = true;
} else {
$delete_photo = false;
}
}
// delete old photo first
if ($delete_photo) {
USER_deletePhoto($curphoto);
}
// now do the upload
if (!empty($filename)) {
$upload->setFileNames($filename);
$upload->setPerms('0644');
if ($_CONF['max_photo_width'] > 0 && $_CONF['max_photo_height'] > 0) {
$upload->setMaxDimensions($_CONF['max_photo_width'], $_CONF['max_photo_height']);
} else {
$upload->setMaxDimensions($_CONF['max_image_width'], $_CONF['max_image_height']);
}
if ($_CONF['max_photo_size'] > 0) {
$upload->setMaxFileSize($_CONF['max_photo_size']);
} else {
$upload->setMaxFileSize($_CONF['max_image_size']);
}
$upload->uploadFiles();
if ($upload->areErrors()) {
$display = COM_siteHeader('menu', $LANG24[30]);
$display .= COM_startBlock($LANG24[30], '', COM_getBlockTemplate('_msg_block', 'header'));
$display .= $upload->printErrors(false);
$display .= COM_endBlock(COM_getBlockTemplate('_msg_block', 'footer'));
$display .= COM_siteFooter();
COM_output($display);
exit;
// don't return
}
} else {
if (!$delete_photo && !empty($curphoto)) {
$filename = $curphoto;
}
}
return $filename;
}
function MG_rebuildThumb()
{
global $_MG_CONF, $LANG_MG01;
$sql = MG_buildMediaSql(array('where' => "m.media_type = 0", 'sortorder' => -1));
$result = DB_query($sql);
$nRows = DB_numRows($result);
if ($nRows > 0) {
$actionURL = $_MG_CONF['admin_url'] . 'index.php';
$session_description = $LANG_MG01['rebuild_thumb'];
$session_id = MG_beginSession('rebuildthumb', $actionURL, $session_description);
for ($x = 0; $x < $nRows; $x++) {
$row = DB_fetchArray($result);
$srcImage = '';
$imageDisplay = '';
$mfn = $row['media_filename'][0] . '/' . $row['media_filename'];
if ($_MG_CONF['discard_original'] == 1) {
$ext = MG_getMediaExt($_MG_CONF['path_mediaobjects'] . 'disp/' . $mfn);
if (!empty($ext)) {
$srcImage = $_MG_CONF['path_mediaobjects'] . 'disp/' . $mfn . $ext;
$imageDisplay = $_MG_CONF['path_mediaobjects'] . 'tn/' . $mfn . $ext;
$row['mime_type'] = '';
}
} else {
$ext = MG_getMediaExt($_MG_CONF['path_mediaobjects'] . 'orig/' . $mfn);
if (!empty($ext)) {
$srcImage = $_MG_CONF['path_mediaobjects'] . 'orig/' . $mfn . $ext;
$imageDisplay = $_MG_CONF['path_mediaobjects'] . 'tn/' . $mfn . $ext;
}
}
if ($srcImage == '' || !file_exists($srcImage)) {
$ext = MG_getMediaExt($_MG_CONF['path_mediaobjects'] . 'disp/' . $mfn);
if (!empty($ext)) {
$srcImage = $_MG_CONF['path_mediaobjects'] . 'disp/' . $mfn . $ext;
$imageDisplay = $_MG_CONF['path_mediaobjects'] . 'tn/' . $mfn . $ext;
$row['mime_type'] = '';
$row['media_mime_ext'] = $ext;
}
}
if ($srcImage == '') {
continue;
}
MG_registerSession(array('session_id' => $session_id, 'mid' => $row['mime_type'], 'aid' => $row['album_id'], 'data' => $srcImage, 'data2' => $imageDisplay, 'data3' => $row['media_mime_ext']));
}
$display = MG_continueSession($session_id, 0, $_MG_CONF['def_refresh_rate']);
$display = COM_createHTMLDocument($display);
COM_output($display);
exit;
} else {
echo COM_refresh($_MG_CONF['admin_url'] . 'index.php?msg=7');
exit;
}
}
/**
* Upload new topic icon, replaces previous icon if one exists
*
* @param string tid ID of topic to prepend to filename
* @return string filename of new photo (empty = no new photo)
*
*/
function handleIconUpload($tid)
{
global $_CONF, $_TABLES, $LANG27;
require_once $_CONF['path_system'] . 'classes/upload.class.php';
$upload = new upload();
if (!empty($_CONF['image_lib'])) {
if ($_CONF['image_lib'] == 'imagemagick') {
// Using imagemagick
$upload->setMogrifyPath($_CONF['path_to_mogrify']);
} elseif ($_CONF['image_lib'] == 'netpbm') {
// using netPBM
$upload->setNetPBM($_CONF['path_to_netpbm']);
} elseif ($_CONF['image_lib'] == 'gdlib') {
// using the GD library
$upload->setGDLib();
}
$upload->setAutomaticResize(true);
if (isset($_CONF['debug_image_upload']) && $_CONF['debug_image_upload']) {
$upload->setLogFile($_CONF['path'] . 'logs/error.log');
$upload->setDebug(true);
}
if (isset($_CONF['jpeg_quality'])) {
$upload->setJpegQuality($_CONF['jpeg_quality']);
}
}
$upload->setAllowedMimeTypes(array('image/gif' => '.gif', 'image/jpeg' => '.jpg,.jpeg', 'image/pjpeg' => '.jpg,.jpeg', 'image/x-png' => '.png', 'image/png' => '.png'));
if (!$upload->setPath($_CONF['path_images'] . 'topics')) {
$display = COM_siteHeader('menu', $LANG27[29]);
$display .= COM_startBlock($LANG27[29], '', COM_getBlockTemplate('_msg_block', 'header'));
$display .= $upload->printErrors(false);
$display .= COM_endBlock(COM_getBlockTemplate('_msg_block', 'footer'));
$display .= COM_siteFooter();
COM_output($display);
exit;
// don't return
}
$filename = '';
// see if user wants to upload a (new) icon
$newicon = $_FILES['newicon'];
if (!empty($newicon['name'])) {
$pos = strrpos($newicon['name'], '.') + 1;
$fextension = substr($newicon['name'], $pos);
$filename = 'topic_' . $tid . '.' . $fextension;
}
// do the upload
if (!empty($filename)) {
$upload->setFileNames($filename);
$upload->setPerms('0644');
if ($_CONF['max_topicicon_width'] > 0 && $_CONF['max_topicicon_height'] > 0) {
$upload->setMaxDimensions($_CONF['max_topicicon_width'], $_CONF['max_topicicon_height']);
} else {
$upload->setMaxDimensions($_CONF['max_image_width'], $_CONF['max_image_height']);
}
if ($_CONF['max_topicicon_size'] > 0) {
$upload->setMaxFileSize($_CONF['max_topicicon_size']);
} else {
$upload->setMaxFileSize($_CONF['max_image_size']);
}
$upload->uploadFiles();
if ($upload->areErrors()) {
$display = COM_siteHeader('menu', $LANG27[29]);
$display .= COM_startBlock($LANG27[29], '', COM_getBlockTemplate('_msg_block', 'header'));
$display .= $upload->printErrors(false);
$display .= COM_endBlock(COM_getBlockTemplate('_msg_block', 'footer'));
$display .= COM_siteFooter();
COM_output($display);
exit;
// don't return
}
$filename = '/images/topics/' . $filename;
}
return $filename;
}
$output .= COM_siteHeader();
$output .= nexmenu_debug();
$output .= COM_startBlock();
$output .= displayMenuRecords();
break;
case 'config':
$output .= COM_siteHeader();
$output .= nexmenu_debug();
$output .= COM_startBlock();
$output .= menuConfig();
break;
case 'saveconfig':
$statusmsg = menuSaveConfig();
if ($statusmsg != '') {
echo COM_refresh($_CONF['site_admin_url'] . '/plugins/nexmenu/index.php?op=config&writecss=' . $_POST['writecss'] . '&statusmsg=' . $statusmsg);
} else {
echo COM_refresh($_CONF['site_admin_url'] . '/plugins/nexmenu/index.php?op=config&writecss=' . $_POST['writecss']);
}
exit;
break;
default:
$output .= COM_siteHeader();
$output .= nexmenu_debug();
$output .= COM_startBlock();
$output .= displayMenuRecords();
break;
}
$output .= COM_endBlock();
$output .= COM_siteFooter();
echo COM_output($output);
function _reedit($method, $args = array())
{
$display = '';
if (method_exists($this, $method)) {
switch (count($args)) {
case 0:
$display = $this->{$method}();
break;
case 1:
$display = $this->{$method}($args[0]);
break;
case 2:
$display = $this->{$method}($args[0], $args[1]);
break;
case 3:
$display = $this->{$method}($args[0], $args[1], $args[2]);
break;
default:
$display = '';
break;
}
}
COM_output($display);
exit;
}
/**
* Saves link to the database
*
* @param string $lid ID for link
* @param string $old_lid old ID for link
* @param string $cid cid of category link belongs to
* @param string $categorydd Category links belong to
* @param string $url URL of link to save
* @param string $description Description of link
* @param string $title Title of link
* @param int $hits Number of hits for link
* @param int $owner_id ID of owner
* @param int $group_id ID of group link belongs to
* @param int $perm_owner Permissions the owner has
* @param int $perm_group Permissions the group has
* @param int $perm_members Permissions members have
* @param int $perm_anon Permissions anonymous users have
* @return string HTML redirect or error message
* @global array core config vars
* @global array core group data
* @global array core table data
* @global array core user data
* @global array core msg data
* @global array links plugin lang admin vars
*
*/
function savelink($lid, $old_lid, $cid, $categorydd, $url, $description, $title, $hits, $owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon)
{
global $_CONF, $_GROUPS, $_TABLES, $_USER, $MESSAGE, $LANG_LINKS_ADMIN, $_LI_CONF;
$retval = '';
// Convert array values to numeric permission values
if (is_array($perm_owner) or is_array($perm_group) or is_array($perm_members) or is_array($perm_anon)) {
list($perm_owner, $perm_group, $perm_members, $perm_anon) = SEC_getPermissionValues($perm_owner, $perm_group, $perm_members, $perm_anon);
}
// Remove any autotags the user doesn't have permission to use
$description = PLG_replaceTags($description, '', true);
// clean 'em up
$description = DB_escapeString(COM_checkHTML(COM_checkWords($description), 'links.edit'));
$title = DB_escapeString(strip_tags(COM_checkWords($title)));
$cid = DB_escapeString($cid);
if (empty($owner_id)) {
// this is new link from admin, set default values
$owner_id = $_USER['uid'];
if (isset($_GROUPS['Links Admin'])) {
$group_id = $_GROUPS['Links Admin'];
} else {
$group_id = SEC_getFeatureGroup('links.edit');
}
$perm_owner = 3;
$perm_group = 2;
$perm_members = 2;
$perm_anon = 2;
}
$lid = COM_sanitizeID($lid);
$old_lid = COM_sanitizeID($old_lid);
if (empty($lid)) {
if (empty($old_lid)) {
$lid = COM_makeSid();
} else {
$lid = $old_lid;
}
}
// check for link id change
if (!empty($old_lid) && $lid != $old_lid) {
// check if new lid is already in use
if (DB_count($_TABLES['links'], 'lid', $lid) > 0) {
// TBD: abort, display editor with all content intact again
$lid = $old_lid;
// for now ...
}
}
$access = 0;
$old_lid = DB_escapeString($old_lid);
if (DB_count($_TABLES['links'], 'lid', $old_lid) > 0) {
$result = DB_query("SELECT owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon FROM {$_TABLES['links']} WHERE lid = '{$old_lid}'");
$A = DB_fetchArray($result);
$access = SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']);
} else {
$access = SEC_hasAccess($owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon);
}
if ($access < 3 || !SEC_inGroup($group_id)) {
$display .= COM_showMessageText($MESSAGE[29], $MESSAGE[30]);
$display = COM_createHTMLDocument($display, array('pagetitle' => $MESSAGE[30]));
COM_accessLog("User {$_USER['username']} tried to illegally submit or edit link {$lid}.");
COM_output($display);
exit;
} elseif (!empty($title) && !empty($description) && !empty($url)) {
if ($categorydd != $LANG_LINKS_ADMIN[7] && !empty($categorydd)) {
$cid = DB_escapeString($categorydd);
} else {
if ($categorydd != $LANG_LINKS_ADMIN[7]) {
echo COM_refresh($_CONF['site_admin_url'] . '/plugins/links/index.php');
}
}
DB_delete($_TABLES['linksubmission'], 'lid', $old_lid);
DB_delete($_TABLES['links'], 'lid', $old_lid);
DB_save($_TABLES['links'], 'lid,cid,url,description,title,date,hits,owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon', "'{$lid}','{$cid}','{$url}','{$description}','{$title}',NOW(),'{$hits}',{$owner_id},{$group_id},{$perm_owner},{$perm_group},{$perm_members},{$perm_anon}");
if (empty($old_lid) || $old_lid == $lid) {
PLG_itemSaved($lid, 'links');
} else {
PLG_itemSaved($lid, 'links', $old_lid);
}
// Get category for rdf check
$category = DB_getItem($_TABLES['linkcategories'], "category", "cid='{$cid}'");
COM_rdfUpToDateCheck('links', $category, $lid);
return PLG_afterSaveSwitch($_LI_CONF['aftersave'], COM_buildURL("{$_CONF['site_url']}/links/portal.php?what=link&item={$lid}"), 'links', 2);
} else {
// missing fields
$retval .= COM_errorLog($LANG_LINKS_ADMIN[10], 2);
if (DB_count($_TABLES['links'], 'lid', $old_lid) > 0) {
$retval .= editlink('edit', $old_lid);
} else {
$retval .= editlink('edit', '');
}
$retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG_LINKS_ADMIN[1]));
return $retval;
}
}
/**
* Saves user to the database
*
* @param int $uid user id
* @param string $usernmae (short) username
* @param string $fullname user's full name
* @param string $email user's email address
* @param string $regdate date the user registered with the site
* @param string $homepage user's homepage URL
* @param array $groups groups the user belongs to
* @param string $delete_photo delete user's photo if == 'on'
* @return string HTML redirect or error message
*
*/
function saveusers($uid, $username, $fullname, $passwd, $passwd_conf, $email, $regdate, $homepage, $groups, $delete_photo = '', $userstatus = 3, $oldstatus = 3)
{
global $_CONF, $_TABLES, $_USER, $LANG28, $_USER_VERBOSE;
$retval = '';
$userChanged = false;
if ($_USER_VERBOSE) {
COM_errorLog("**** entering saveusers****", 1);
COM_errorLog("group size at beginning = " . count($groups), 1);
}
$service = DB_getItem($_TABLES['users'], 'remoteservice', "uid = {$uid}");
// If remote service then assume blank password
if (!empty($service)) {
$passwd = '';
$passwd_conf = '';
}
$passwd_changed = true;
if (empty($service) && SEC_encryptUserPassword($passwd, $uid) === 0 && $passwd_conf === '') {
$passwd_changed = false;
}
if ($passwd_changed && $passwd != $passwd_conf) {
// passwords don't match
return edituser($uid, 67);
}
$nameAndEmailOkay = true;
if (empty($username)) {
$nameAndEmailOkay = false;
} elseif (empty($email)) {
if (empty($uid)) {
$nameAndEmailOkay = false;
// new users need an email address
} else {
if (empty($service)) {
$nameAndEmailOkay = false;
// not a remote user - needs email
}
}
}
if ($nameAndEmailOkay) {
if (!empty($email) && !COM_isEmail($email)) {
return edituser($uid, 52);
}
$uname = DB_escapeString($username);
if (empty($uid)) {
$ucount = DB_getItem($_TABLES['users'], 'COUNT(*)', "username = '******'");
} else {
if (!empty($service)) {
$uservice = DB_escapeString($service);
$ucount = DB_getItem($_TABLES['users'], 'COUNT(*)', "username = '******' AND uid <> {$uid} AND remoteservice = '{$uservice}'");
} else {
$ucount = DB_getItem($_TABLES['users'], 'COUNT(*)', "username = '******' AND uid <> {$uid} AND (remoteservice = '' OR remoteservice IS NULL)");
}
}
if ($ucount > 0) {
// Admin just changed a user's username to one that already exists
return edituser($uid, 51);
}
$emailaddr = DB_escapeString($email);
$exclude_remote = " AND (remoteservice IS NULL OR remoteservice = '')";
if (empty($uid)) {
$ucount = DB_getItem($_TABLES['users'], 'COUNT(*)', "email = '{$emailaddr}'" . $exclude_remote);
} else {
$old_email = DB_getItem($_TABLES['users'], 'email', "uid = '{$uid}'");
if ($old_email == $email) {
// email address didn't change so don't care
$ucount = 0;
} else {
$ucount = DB_getItem($_TABLES['users'], 'COUNT(*)', "email = '{$emailaddr}' AND uid <> {$uid}" . $exclude_remote);
}
}
if ($ucount > 0) {
// Admin just changed a user's email to one that already exists
return edituser($uid, 56);
}
if ($_CONF['custom_registration'] && function_exists('CUSTOM_userCheck')) {
$ret = CUSTOM_userCheck($username, $email);
if (!empty($ret)) {
// need a numeric return value - otherwise use default message
if (!is_numeric($ret['number'])) {
$ret['number'] = 400;
}
return edituser($uid, $ret['number']);
}
}
if (empty($uid)) {
if (empty($passwd)) {
// no password? create one ...
$passwd = SEC_generateRandomPassword();
}
$uid = USER_createAccount($username, $email, $passwd, $fullname, $homepage);
if ($uid > 1) {
DB_query("UPDATE {$_TABLES['users']} SET status = {$userstatus} WHERE uid = {$uid}");
}
} else {
$fullname = DB_escapeString($fullname);
$homepage = DB_escapeString($homepage);
$curphoto = DB_getItem($_TABLES['users'], 'photo', "uid = {$uid}");
if (!empty($curphoto) && $delete_photo == 'on') {
USER_deletePhoto($curphoto);
$curphoto = '';
}
if ($_CONF['allow_user_photo'] == 1 && !empty($curphoto)) {
$curusername = DB_getItem($_TABLES['users'], 'username', "uid = {$uid}");
if ($curusername != $username) {
// user has been renamed - rename the photo, too
$newphoto = preg_replace('/' . $curusername . '/', $username, $curphoto, 1);
$imgpath = $_CONF['path_images'] . 'userphotos/';
if (@rename($imgpath . $curphoto, $imgpath . $newphoto) === false) {
$retval .= COM_errorLog('Could not rename userphoto "' . $curphoto . '" to "' . $newphoto . '".');
return $retval;
}
$curphoto = $newphoto;
}
}
$curphoto = DB_escapeString($curphoto);
DB_query("UPDATE {$_TABLES['users']} SET username = '******', fullname = '{$fullname}', email = '{$email}', homepage = '{$homepage}', photo = '{$curphoto}', status='{$userstatus}' WHERE uid = {$uid}");
if ($passwd_changed && !empty($passwd)) {
SEC_updateUserPassword($passwd, $uid);
}
if ($_CONF['custom_registration'] and function_exists('CUSTOM_userSave')) {
CUSTOM_userSave($uid);
}
if ($_CONF['usersubmission'] == 1 && $oldstatus == USER_ACCOUNT_AWAITING_APPROVAL && $userstatus == USER_ACCOUNT_ACTIVE) {
USER_createAndSendPassword($username, $email, $uid);
}
if ($userstatus == USER_ACCOUNT_DISABLED) {
SESS_endUserSession($uid);
}
$userChanged = true;
}
// check that the user is allowed to change group assignments
if (is_array($groups) && SEC_hasRights('group.assign')) {
if (!SEC_inGroup('Root')) {
$rootgrp = DB_getItem($_TABLES['groups'], 'grp_id', "grp_name = 'Root'");
if (in_array($rootgrp, $groups)) {
COM_accessLog("User {$_USER['username']} ({$_USER['uid']}) just tried to give Root permissions to user {$username}.");
echo COM_refresh($_CONF['site_admin_url'] . '/index.php');
exit;
}
}
// make sure the Remote Users group is in $groups
if (SEC_inGroup('Remote Users', $uid)) {
$remUsers = DB_getItem($_TABLES['groups'], 'grp_id', "grp_name = 'Remote Users'");
if (!in_array($remUsers, $groups)) {
$groups[] = $remUsers;
}
}
if ($_USER_VERBOSE) {
COM_errorLog("deleting all group_assignments for user {$uid}/{$username}", 1);
}
// remove user from all groups that the User Admin is a member of
$UserAdminGroups = SEC_getUserGroups();
$whereGroup = 'ug_main_grp_id IN (' . implode(',', $UserAdminGroups) . ')';
DB_query("DELETE FROM {$_TABLES['group_assignments']} WHERE (ug_uid = {$uid}) AND " . $whereGroup);
// make sure to add user to All Users and Logged-in Users groups
$allUsers = DB_getItem($_TABLES['groups'], 'grp_id', "grp_name = 'All Users'");
if (!in_array($allUsers, $groups)) {
$groups[] = $allUsers;
}
$logUsers = DB_getItem($_TABLES['groups'], 'grp_id', "grp_name = 'Logged-in Users'");
if (!in_array($logUsers, $groups)) {
$groups[] = $logUsers;
}
foreach ($groups as $userGroup) {
if (in_array($userGroup, $UserAdminGroups)) {
if ($_USER_VERBOSE) {
COM_errorLog("adding group_assignment " . $userGroup . " for {$username}", 1);
}
$sql = "INSERT INTO {$_TABLES['group_assignments']} (ug_main_grp_id, ug_uid) VALUES ({$userGroup}, {$uid})";
DB_query($sql);
}
}
}
if ($userChanged) {
PLG_userInfoChanged($uid);
}
$errors = DB_error();
if (empty($errors)) {
echo PLG_afterSaveSwitch($_CONF['aftersave_user'], "{$_CONF['site_url']}/users.php?mode=profile&uid={$uid}", 'user', 21);
} else {
$retval .= COM_errorLog('Error in saveusers in ' . $_CONF['site_admin_url'] . '/user.php');
$retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG28[22]));
echo $retval;
exit;
}
} else {
$retval .= COM_showMessageText($LANG28[10]);
if (!empty($uid) && $uid > 1 && DB_count($_TABLES['users'], 'uid', $uid) > 0) {
$retval .= edituser($uid);
} else {
$retval .= edituser();
}
$retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG28[1]));
COM_output($retval);
exit;
}
if ($_USER_VERBOSE) {
COM_errorLog("***************leaving saveusers*****************", 1);
}
return $retval;
}
// +---------------------------------------------------------------------------+ // | Based on JCART v1.1 | // | | // | Copyright (C) 2010 by the following authors: | // | JCART v1.1 http://conceptlogic.com/jcart/ | // | | // +---------------------------------------------------------------------------+ // | | // | This program is free software; you can redistribute it and/or | // | modify it under the terms of the GNU General Public License | // | as published by the Free Software Foundation; either version 2 | // | of the License, or (at your option) any later version. | // | | // | This program is distributed in the hope that it will be useful, | // | but WITHOUT ANY WARRANTY; without even the implied warranty of | // | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | // | GNU General Public License for more details. | // | | // | You should have received a copy of the GNU General Public License | // | along with this program; if not, write to the Free Software Foundation, | // | Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. | // | | // +---------------------------------------------------------------------------+ // THIS FILE TAKES INPUT FROM AJAX REQUESTS VIA JQUERY post AND get METHODS, THEN PASSES DATA TO JCART // RETURNS UPDATED CART HTML BACK TO SUBMITTING PAGE /** * require core geeklog code */ require_once '../../lib-common.php'; COM_output(PAYPAL_displayCart(0));
$mode = COM_applyFilter($_GET['mode']);
}
}
$T = new Template($_MG_CONF['template_path']);
$T->set_file('admin', 'administration.thtml');
$T->set_var(array('site_admin_url' => $_CONF['site_admin_url'], 'site_url' => $_MG_CONF['site_url'], 'lang_admin' => $LANG_MG00['admin'], 'xhtml' => XHTML));
if ($mode == $LANG_MG01['save'] && !empty($LANG_MG01['save'])) {
MG_createUsers();
exit;
} elseif ($mode == $LANG_MG01['cancel']) {
echo COM_refresh($_MG_CONF['admin_url'] . 'index.php');
exit;
} else {
if (isset($_REQUEST['page'])) {
$page = COM_applyFilter($_REQUEST['page'], true) - 1;
if ($page < 0) {
$page = 0;
}
} else {
$page = 0;
}
$T->set_var(array('admin_body' => MG_selectUsers($page), 'title' => $LANG_MG01['batch_create_members'], 'lang_help' => '<img src="' . MG_getImageFile('button_help.png') . '" style="border:none;" alt="?"' . XHTML . '>', 'help_url' => $_MG_CONF['site_url'] . '/docs/usage.html#Batch_Create_Member_Albums'));
}
$T->parse('output', 'admin');
$display = COM_startBlock($LANG_MG00['admin'], '', COM_getBlockTemplate('_admin_block', 'header'));
$display .= MG_showAdminMenu('member_albums');
$display .= $T->finish($T->get_var('output'));
$display .= COM_endBlock(COM_getBlockTemplate('_admin_block', 'footer'));
$display = COM_createHTMLDocument($display);
COM_output($display);
$display .= MAPS_ViewMarkerInfos($_REQUEST['mkid']);
} else {
echo COM_refresh($_MAPS_CONF['site_url'] . '/index.php');
}
break;
case 'print':
if (isset($_REQUEST['mid']) && isset($_REQUEST['mkid'])) {
$display = COM_siteHeader('none', $LANG_MAPS_1['maps'] . ' | ' . $A['name'] . $more_title);
$display = MAPS_getMarkerDetail($_REQUEST['mid'], $_REQUEST['mkid']);
$display .= MAPS_ViewMarkerInfos($_REQUEST['mkid']);
$display .= COM_siteFooter(-1);
COM_output($display);
exit;
} else {
echo COM_refresh($_MAPS_CONF['site_url'] . '/index.php');
}
break;
default:
$display .= '<h1>' . $LANG_MAPS_1['my_markers'] . '</h1>';
$display .= MAPS_listUserMarkers();
}
//Page title
$pagetitle = '';
if (defined('MAPS_PAGE_TITLE')) {
$pagetitle = ' | ' . MAPS_PAGE_TITLE;
}
$page = COM_siteHeader('menu', $LANG_MAPS_1['maps'] . $pagetitle);
$page .= MAPS_user_menu() . $display;
$page .= COM_siteFooter(0);
COM_output($page);
