COM_resetSpeedlimit('login');
// we are now fully logged in, let's see if there is someplace we need to go....
if (SESS_isSet('login_referer')) {
$_SERVER['HTTP_REFERER'] = SESS_getVar('login_referer');
SESS_unSet('login_referer');
}
if (!empty($_SERVER['HTTP_REFERER']) && strstr($_SERVER['HTTP_REFERER'], '/users.php') === false && substr($_SERVER['HTTP_REFERER'], 0, strlen($_CONF['site_url'])) == $_CONF['site_url']) {
$indexMsg = $_CONF['site_url'] . '/index.php?msg=';
if (substr($_SERVER['HTTP_REFERER'], 0, strlen($indexMsg)) == $indexMsg) {
echo COM_refresh($_CONF['site_url'] . '/index.php');
} else {
// If user is trying to login - force redirect to index.php
if (strstr($_SERVER['HTTP_REFERER'], 'mode=login') === false) {
// if article - we need to ensure we have the story
if (substr($_SERVER['HTTP_REFERER'], 0, strlen($_CONF['site_url'])) == $_CONF['site_url']) {
echo COM_refresh(COM_sanitizeUrl($_SERVER['HTTP_REFERER']));
} else {
echo COM_refresh($_CONF['site_url'] . '/index.php');
}
} else {
echo COM_refresh($_CONF['site_url'] . '/index.php');
}
}
} else {
echo COM_refresh($_CONF['site_url'] . '/index.php');
}
} else {
$msg = COM_getMessage();
if ($msg > 0) {
$pageBody .= COM_showMessage($msg, '', '', 0, 'info');
}
$T->parse('media_views', 'media_views');
}
$T->parse('media_cell', 'media_cell_image');
$retval = $T->finish($T->get_var('media_cell'));
return $retval;
}
/*
* Main Function
*/
if (isset($_REQUEST['mode'])) {
$mode = COM_applyFilter($_REQUEST['mode']);
} else {
$mode = '';
}
if (isset($_SERVER['HTTP_REFERER'])) {
$referer = COM_sanitizeUrl($_SERVER['HTTP_REFERER']);
} else {
$referer = '';
}
$themeStyle = MG_getThemeCSS(0);
if ($mode == $LANG_MG01['search'] && !empty($LANG_MG01['search']) || $mode == 'search') {
$keywords = isset($_REQUEST['keywords']) ? COM_applyFilter($_REQUEST['keywords']) : '';
$stype = isset($_REQUEST['keyType']) ? COM_applyFilter($_REQUEST['keyType']) : '';
$category = isset($_REQUEST['cat_id']) ? COM_applyFilter($_REQUEST['cat_id'], 1) : 0;
$skeywords = isset($_REQUEST['swhere']) ? COM_applyFilter($_REQUEST['swhere'], 1) : 1;
$numresults = isset($_REQUEST['numresults']) ? COM_applyFilter($_REQUEST['numresults'], true) : 10;
$users = isset($_REQUEST['uid']) ? COM_applyFilter($_REQUEST['uid'], true) : 0;
$sortyby = 'title';
$sortdirection = 'DESC';
if ($keywords == '') {
$display = MG_siteHeader();
/**
* Display an ad's detail
* @param string $ad_id ID of ad to display
*/
function adDetail($ad_id = '')
{
global $_USER, $_TABLES, $_CONF, $LANG_ADVT, $_CONF_ADVT;
USES_lib_comments();
// Determind if this is an administrator
$admin = SEC_hasRights($_CONF_ADVT['pi_name'] . '.admin');
$ad_id = COM_sanitizeID($ad_id);
if ($ad_id == '') {
// An ad id is required for this function
return CLASSIFIEDS_errorMsg($LANG_ADVT['missing_id'], 'alert');
}
$srchval = isset($_GET['query']) ? trim($_GET['query']) : '';
// We use this in a few places here, so might as well just
// figure it out once and save it.
$perm_sql = COM_getPermSQL('AND', 0, 2, 'ad') . ' ' . COM_getPermSQL('AND', 0, 2, 'cat');
// get the ad information.
$sql = "SELECT ad.*\n FROM {$_TABLES['ad_ads']} ad\n LEFT JOIN {$_TABLES['ad_category']} cat\n ON ad.cat_id = cat.cat_id\n WHERE ad_id='{$ad_id}'";
if (!$admin) {
$sql .= $perm_sql;
}
$result = DB_query($sql);
if (!$result || DB_numRows($result) < 1) {
return CLASSIFIEDS_errorMsg($LANG_ADVT['no_ad_found'], 'note', 'Oops...');
}
$ad = DB_fetchArray($result, false);
// Check access to the ad. If granted, check that access isn't
// blocked by any category.
$my_access = CLASSIFIEDS_checkAccess($ad['ad_id'], $ad);
if ($my_access >= 2) {
$my_cat_access = CLASSIFIEDS_checkCatAccess($ad['cat_id'], false);
if ($my_cat_access < $my_access) {
$my_access = $my_cat_access;
}
}
if ($my_access < 2) {
return CLASSIFIEDS_errorMsg($LANG_ADVT['no_permission'], 'alert', $LANG_ADVT['access_denied']);
}
$cat = (int) $ad['cat_id'];
// Increment the views counter
$sql = "UPDATE {$_TABLES['ad_ads']} \n SET views = views + 1 \n WHERE ad_id='{$ad_id}'";
DB_query($sql);
// Get the previous and next ads
$condition = " AND ad.cat_id={$cat}";
if (!$admin) {
$condition .= $perm_sql;
}
$sql = "SELECT ad_id\n FROM {$_TABLES['ad_ads']} ad\n LEFT JOIN {$_TABLES['ad_category']} cat\n ON ad.cat_id = cat.cat_id\n WHERE ad_id < '{$ad_id}' \n {$condition}\n ORDER BY ad_id DESC\n LIMIT 1";
$r = DB_query($sql);
list($preAd_id) = DB_fetchArray($r, false);
$sql = "SELECT ad_id\n FROM {$_TABLES['ad_ads']} ad\n LEFT JOIN {$_TABLES['ad_category']} cat\n ON ad.cat_id = cat.cat_id\n WHERE ad_id > '{$ad_id}' \n {$condition}\n ORDER BY ad_id ASC\n LIMIT 1";
$r = DB_query($sql);
list($nextAd_id) = DB_fetchArray($r, false);
// Get the user contact info. If none, just show the email link
$sql = "SELECT * \n FROM {$_TABLES['ad_uinfo']} \n WHERE uid='{$ad['uid']}'";
//echo $sql;
$result = DB_query($sql);
$uinfo = array();
if ($result && DB_numRows($result) > 0) {
$uinfo = DB_fetchArray($result);
} else {
$uinfo['uid'] = '';
$uinfo['address'] = '';
$uinfo['city'] = '';
$uinfo['state'] = '';
$uinfo['postal'] = '';
$uinfo['tel'] = '';
$uinfo['fax'] = '';
}
// Get the hot results (most viewed ads)
$time = time();
$sql = "SELECT ad.ad_id, ad.cat_id, ad.subject,\n cat.cat_id, cat.fgcolor, cat.bgcolor\n FROM {$_TABLES['ad_ads']} ad\n LEFT JOIN {$_TABLES['ad_category']} cat\n ON ad.cat_id = cat.cat_id\n WHERE ad.exp_date > {$time} \n {$perm_sql}\n ORDER BY views DESC \n LIMIT 4";
//echo $sql;die;
$hotresult = DB_query($sql);
// convert line breaks & others to html
$patterns = array('/\\n/');
$replacements = array('<br />');
$ad['descript'] = PLG_replaceTags(COM_checkHTML($ad['descript']));
$ad['descript'] = preg_replace($patterns, $replacements, $ad['descript']);
$ad['subject'] = strip_tags($ad['subject']);
$ad['price'] = strip_tags($ad['price']);
$ad['url'] = COM_sanitizeUrl($ad['url']);
$ad['keywords'] = strip_tags($ad['keywords']);
// Highlight search terms, if any
if ($srchval != '') {
$ad['subject'] = COM_highlightQuery($ad['subject'], $srchval);
$ad['descript'] = COM_highlightQuery($ad['descript'], $srchval);
}
$detail = new Template(CLASSIFIEDS_PI_PATH . '/templates');
$detail->set_file('detail', 'detail.thtml');
if ($admin) {
$base_url = CLASSIFIEDS_ADMIN_URL . '/index.php';
$del_link = $base_url . '?delete=ad&ad_id=' . $ad_id;
$edit_link = $base_url . '?edit=ad&ad_id=' . $ad_id;
} else {
$base_url = CLASSIFIEDS_URL . '/index.php';
$del_link = $base_url . '?mode=Delete&id=' . $ad_id;
$edit_link = $base_url . '?mode=editad&id=' . $ad_id;
}
// Set up the "add days" form if this user is the owner
// or an admin
if ($my_access == 3) {
// How many days has the ad run?
$max_add_days = CLASSIFIEDS_calcMaxAddDays(($ad['exp_date'] - $ad['add_date']) / 86400);
if ($max_add_days > 0) {
$detail->set_var('max_add_days', $max_add_days);
}
}
if ($ad['exp_date'] < $time) {
$detail->set_var('is_expired', 'true');
}
USES_classifieds_class_category();
$detail->set_var(array('base_url' => $base_url, 'edit_link' => $edit_link, 'del_link' => $del_link, 'curr_loc' => adCategory::BreadCrumbs($cat, true), 'subject' => $ad['subject'], 'add_date' => date($_CONF['shortdate'], $ad['add_date']), 'exp_date' => date($_CONF['shortdate'], $ad['exp_date']), 'views_no' => $ad['views'], 'descript' => $ad['descript'], 'ad_type' => CLASSIFIEDS_getAdTypeString($ad['ad_type']), 'uinfo_address' => $uinfo['address'], 'uinfo_city' => $uinfo['city'], 'uinfo_state' => $uinfo['state'], 'uinfo_postcode' => $uinfo['postcode'], 'uinfo_tel' => $uinfo['tel'], 'uinfo_fax' => $uinfo['fax'], 'price' => $ad['price'], 'ad_id' => $ad_id, 'ad_url' => $ad['url'], 'username' => $_CONF_ADVT['disp_fullname'] == 1 ? COM_getDisplayName($ad['uid']) : DB_getItem($_TABLES['users'], 'username', "uid={$ad['uid']}"), 'fgcolor' => $ad['fgcolor'], 'bgcolor' => $ad['bgcolor'], 'cat_id' => $ad['cat_id']));
// Display a link to email the poster, or other message as needed
$emailfromuser = DB_getItem($_TABLES['userprefs'], 'emailfromuser', "uid={$ad['uid']}");
if ($_CONF['emailuserloginrequired'] == 1 && COM_isAnonUser() || $emailfromuser < 1) {
$detail->set_var('ad_uid', '');
} else {
$detail->set_var('ad_uid', $ad['uid']);
}
if ($my_access == 3) {
$detail->set_var('have_userlinks', 'true');
if ($admin || $_CONF_ADVT['usercanedit'] == 1) {
$detail->set_var('have_editlink', 'true');
} else {
$detail->set_var('have_editlink', '');
}
} else {
$detail->set_var('have_userlinks', '');
}
// Retrieve the photos and put into the template
$sql = "SELECT photo_id, filename\n FROM {$_TABLES['ad_photo']} \n WHERE ad_id='{$ad_id}'";
$photo = DB_query($sql);
$photo_detail = '';
$detail->set_var('have_photo', '');
// assume no photo available
if ($photo && DB_numRows($photo) >= 1) {
while ($prow = DB_fetchArray($photo)) {
$img_small = LGLIB_ImageUrl(CLASSIFIEDS_IMGPATH . '/' . $prow['filename'], $_CONF_ADVT['detail_img_width']);
$img_disp = CLASSIFIEDS_dispUrl($prow['filename']);
if (!empty($img_small)) {
$detail->set_block('detail', 'PhotoBlock', 'PBlock');
$detail->set_var(array('tn_width' => $_CONF_ADVT['detail_img_width'], 'small_url' => $img_small, 'disp_url' => $img_disp));
$detail->parse('PBlock', 'PhotoBlock', true);
$detail->set_var('have_photo', 'true');
}
}
}
if (DB_count($_TABLES['ad_ads'], 'owner_id', (int) $ad['owner_id']) > 1) {
$detail->set_var('byposter_url', CLASSIFIEDS_URL . '/index.php?' . "page=byposter&uid={$ad['owner_id']}");
}
// Show previous and next ads
if ($preAd_id != '') {
$detail->set_var('previous', '<a href="' . CLASSIFIEDS_makeURL('detail', $preAd_id) . "\"><<</a>");
}
if ($nextAd_id != '') {
$detail->set_var('next', '<a href="' . CLASSIFIEDS_makeURL('detail', $nextAd_id) . "\"> >></a>");
}
// Show the "hot results"
$hot_data = '';
if ($hotresult) {
$detail->set_block('detail', 'HotBlock', 'HBlock');
while ($hotrow = DB_fetchArray($hotresult)) {
$detail->set_var(array('hot_title' => $hotrow['subject'], 'hot_url' => CLASSIFIEDS_makeURL('detail', $hotrow['ad_id']), 'hot_cat' => displayCat($hotrow['cat_id'])));
/*$hot_data .= "<tr><td class=\"hottitle\"><a href=\"" .
CLASSIFIEDS_makeURL('detail', $hotrow['ad_id']) .
"\">{$hotrow['subject']}</a></small></td>\n";
$hot_data .= "<td class=\"hotcat\">( " . displayCat($hotrow['cat_id']) .
" )</td></tr>\n";*/
}
$detail->parse('HBlock', 'HotBlock', true);
}
$detail->set_var('whats_hot_row', $hot_data);
// Show the user comments
if (plugin_commentsupport_classifieds() && $ad['comments_enabled'] < 2) {
$detail->set_var('usercomments', CMT_userComments($ad_id, $ad['subject'], 'classifieds', '', '', 0, 1, false, false, $ad['comments_enabled']));
//$detail->set_var('usercomments', CMT_userComments($ad_id, $subject,
// 'classifieds'));
}
$detail->parse('output', 'detail');
$display = $detail->finish($detail->get_var('output'));
return $display;
}
if (!empty($sp_id)) {
if (!isset($_POST['sp_onmenu'])) {
$_POST['sp_onmenu'] = '';
}
if (!isset($_POST['sp_php'])) {
$_POST['sp_php'] = '';
}
if (!isset($_POST['sp_nf'])) {
$_POST['sp_nf'] = '';
}
if (!isset($_POST['sp_centerblock'])) {
$_POST['sp_centerblock'] = '';
}
$help = '';
if (isset($_POST['sp_help'])) {
$sp_help = COM_sanitizeUrl($_POST['sp_help'], array('http', 'https'));
}
if (!isset($_POST['sp_inblock'])) {
$_POST['sp_inblock'] = '';
}
$sp_uid = COM_applyFilter($_POST['sp_uid'], true);
if ($sp_uid == 0) {
$sp_uid = $_USER['uid'];
}
if (!isset($_POST['postmode'])) {
$_POST['postmode'] = '';
}
$sp_status = 0;
if (isset($_POST['sp_status_yes']) || isset($_POST['sp_status_no'])) {
if (isset($_POST['sp_status_yes'])) {
$sp_status = 1;
function handleunSubscribe($sid, $type)
{
global $_CONF, $_TABLES, $_USER;
$dirty_referer = isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : $_CONF['site_url'];
if ($dirty_referer == '') {
$dirty_referer = $_CONF['site_url'];
}
$referer = COM_sanitizeUrl($dirty_referer);
$sLength = strlen($_CONF['site_url']);
if (substr($referer, 0, $sLength) != $_CONF['site_url']) {
$referer = $_CONF['site_url'];
}
if (strcasecmp($referer, $_CONF['site_url'] . '/users.php') == 0) {
$referer = $_CONF['site_url'];
}
$hasargs = strstr($referer, '?');
if ($hasargs) {
$sep = '&';
} else {
$sep = '?';
}
if (COM_isAnonUser()) {
$display = COM_siteHeader();
$display .= SEC_loginRequiredForm();
$display .= COM_siteFooter();
echo $display;
exit;
}
$rc = PLG_unsubscribe('comment', $type, $sid);
echo COM_refresh($referer . $sep . 'msg=521' . '#comments');
exit;
}
/**
* Saves a block
*
* @param string $bid Block ID
* @param string $title Block title
* @param string $type Type of block
* @param int $blockorder Order block appears relative to the others
* @param string $content Content of block
* @param string $tid Ids of topics block is assigned to
* @param string $rdfurl URL to headline feed for portal blocks
* @param string $rdfupdated Date RSS/RDF feed was last updated
* @param string $rdflimit max. number of entries to import from feed
* @param string $phpblockfn Name of php function to call to get content
* @param int $onleft Flag indicates if block shows up on left or right
* @param int $owner_id ID of owner
* @param int $group_id ID of group block belongs to
* @param array $perm_owner Permissions the owner has on the object
* @param array $perm_group Permissions the group has on the object
* @param array $perm_members Permissions the logged in members have
* @param array $perm_anon Permissinos anonymous users have
* @param int $is_enabled Flag, indicates if block is enabled or not
* @return string HTML redirect or error message
*
*/
function saveblock($bid, $name, $title, $help, $type, $blockorder, $content, $rdfurl, $rdfupdated, $rdflimit, $phpblockfn, $onleft, $owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon, $is_enabled, $allow_autotags, $cache_time)
{
global $_CONF, $_TABLES, $LANG01, $LANG21, $MESSAGE, $_USER;
$retval = '';
$title = DB_escapeString(COM_stripslashes(strip_tags($title)));
$phpblockfn = DB_escapeString(COM_stripslashes(trim($phpblockfn)));
if (empty($title) || !TOPIC_checkTopicSelectionControl()) {
$retval .= COM_showMessageText($LANG21[64], $LANG21[63]) . editblock($bid);
$retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG21[63]));
return $retval;
}
// Convert array values to numeric permission values
list($perm_owner, $perm_group, $perm_members, $perm_anon) = SEC_getPermissionValues($perm_owner, $perm_group, $perm_members, $perm_anon);
$access = 0;
if ($bid > 0 && DB_count($_TABLES['blocks'], 'bid', $bid) > 0) {
$result = DB_query("SELECT owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon FROM {$_TABLES['blocks']} WHERE bid = '{$bid}'");
$A = DB_fetchArray($result);
$access = SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']);
} else {
$access = SEC_hasAccess($owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon);
}
if ($access < 3 || !TOPIC_hasMultiTopicAccess('topic') || !SEC_inGroup($group_id)) {
$retval .= COM_showMessageText($MESSAGE[29], $MESSAGE[30]);
$retval = COM_createHTMLDocument($retval, array('pagetitle' => $MESSAGE[30]));
COM_accessLog("User {$_USER['username']} tried to illegally create or edit block {$bid}.");
return $retval;
} elseif (!empty($name) and ($type == 'normal' && !empty($title) && !empty($content) or $type == 'portal' && !empty($title) && !empty($rdfurl) or $type == 'phpblock' && !empty($phpblockfn) && !empty($title) or $type == 'gldefault' && strlen($blockorder) > 0)) {
if ($is_enabled == 'on') {
$is_enabled = 1;
} else {
$is_enabled = 0;
}
if ($allow_autotags == 'on') {
$allow_autotags = 1;
} else {
$allow_autotags = 0;
}
if ($cache_time < -1 or $cache_time == "") {
$cache_time = $_CONF['default_cache_time_block'];
}
if ($type == 'portal') {
$content = '';
$rdfupdated = '';
$phpblockfn = '';
// get rid of possible extra prefixes (e.g. "feed://http://...")
if (substr($rdfurl, 0, 4) == 'rss:') {
$rdfurl = substr($rdfurl, 4);
} elseif (substr($rdfurl, 0, 5) == 'feed:') {
$rdfurl = substr($rdfurl, 5);
}
if (substr($rdfurl, 0, 2) == '//') {
$rdfurl = substr($rdfurl, 2);
}
$rdfurl = COM_sanitizeUrl($rdfurl, array('http', 'https'));
}
if ($type == 'gldefault') {
$content = '';
$rdfurl = '';
$rdfupdated = '';
$rdflimit = 0;
$phpblockfn = '';
}
if ($type == 'phpblock') {
// NOTE: PHP Blocks must be within a function and the function
// must start with phpblock_ as the prefix. This will prevent
// the arbitrary execution of code
if (!stristr($phpblockfn, 'phpblock_')) {
$retval .= COM_showMessageText($LANG21[38], $LANG21[37]) . editblock($bid);
$retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG21[37]));
return $retval;
}
$content = '';
$rdfurl = '';
$rdfupdated = '';
$rdflimit = 0;
}
if ($type == 'normal') {
$rdfurl = '';
$rdfupdated = '';
$rdflimit = 0;
$phpblockfn = '';
if ($allow_autotags == 1) {
// Remove any autotags the user doesn't have permission to use
$content = PLG_replaceTags($content, '', true);
}
$content = DB_escapeString($content);
}
if ($rdflimit < 0) {
$rdflimit = 0;
}
if (!empty($rdfurl)) {
$rdfurl = DB_escapeString($rdfurl);
}
if (empty($rdfupdated)) {
$rdfupdated = '0000-00-00 00:00:00';
}
if ($bid > 0) {
DB_save($_TABLES['blocks'], 'bid,name,title,help,type,blockorder,content,rdfurl,rdfupdated,rdflimit,phpblockfn,onleft,owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon,is_enabled,allow_autotags,cache_time,rdf_last_modified,rdf_etag', "{$bid},'{$name}','{$title}','{$help}','{$type}','{$blockorder}','{$content}','{$rdfurl}','{$rdfupdated}','{$rdflimit}','{$phpblockfn}',{$onleft},{$owner_id},{$group_id},{$perm_owner},{$perm_group},{$perm_members},{$perm_anon},{$is_enabled},{$allow_autotags},{$cache_time},NULL,NULL");
} else {
$sql = array();
$sql['mysql'] = $sql['mssql'] = "INSERT INTO {$_TABLES['blocks']} " . '(name,title,help,type,blockorder,content,rdfurl,rdfupdated,rdflimit,phpblockfn,onleft,owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon,is_enabled,allow_autotags,cache_time) ' . "VALUES ('{$name}','{$title}','{$help}','{$type}','{$blockorder}','{$content}','{$rdfurl}','{$rdfupdated}','{$rdflimit}','{$phpblockfn}',{$onleft},{$owner_id},{$group_id},{$perm_owner},{$perm_group},{$perm_members},{$perm_anon},{$is_enabled},{$allow_autotags},{$cache_time})";
$sql['pgsql'] = "INSERT INTO {$_TABLES['blocks']} " . '(bid,name,title,help,type,blockorder,content,rdfurl,rdfupdated,rdflimit,phpblockfn,onleft,owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon,is_enabled,allow_autotags,cache_time) ' . "VALUES ((SELECT NEXTVAL('{$_TABLES['blocks']}_bid_seq')),'{$name}','{$title}','{$help}','{$type}','{$blockorder}','{$content}','{$rdfurl}','1970-01-01','{$rdflimit}','{$phpblockfn}',{$onleft},{$owner_id},{$group_id},{$perm_owner},{$perm_group},{$perm_members},{$perm_anon},{$is_enabled},{$allow_autotags},{$cache_time})";
DB_query($sql);
$bid = DB_insertId();
}
TOPIC_saveTopicSelectionControl('block', $bid);
$cacheInstance = 'block__' . $bid . '__';
// remove any of this blocks instances if exists
CACHE_remove_instance($cacheInstance);
return COM_refresh($_CONF['site_admin_url'] . '/block.php?msg=11');
} else {
if (empty($name)) {
// empty block name
$msgtxt = $LANG21[50];
} elseif ($type == 'portal') {
// Portal block is missing fields
$msgtxt = $LANG21[33];
} elseif ($type == 'phpblock') {
// PHP Block is missing field
$msgtxt = $LANG21[34];
} elseif ($type == 'normal') {
// Normal block is missing field
$msgtxt = $LANG21[35];
} elseif ($type == 'gldefault') {
// Default geeklog field missing
$msgtxt = $LANG21[42];
} else {
// Layout block missing content
$msgtxt = $LANG21[36];
}
$retval .= COM_showMessageText($msgtxt, $LANG21[32]) . editblock($bid);
$retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG21[32]));
}
return $retval;
}
/**
* Insert or update an ad with form values. Setting $admin to true
* allows ads to be saved on behalf of another user.
*
* @param string $savetype Save action to perform
* @return array
* [0] = string value of page to redirect to
* [1] = content of any error message or text
*/
function adSave($savetype = 'edit')
{
global $_TABLES, $_CONF_ADVT, $_USER, $_CONF, $LANG_ADVT, $LANG12;
global $LANG_ADMIN;
$admin = SEC_hasRights($_CONF_ADVT['pi_name'] . '.admin');
// Sanitize form variables. There should always be an ad id defined
$A = array();
if (isset($_POST['ad_id'])) {
$A['ad_id'] = COM_sanitizeID($_POST['ad_id'], false);
} elseif (isset($_POST['id'])) {
$A['ad_id'] = COM_sanitizeID($_POST['id'], false);
}
if ($A['ad_id'] == '') {
return array(CLASSIFIEDS_URL, 'Missing Ad ID');
}
// Make sure the current user can edit this ad.
if (CLASSIFIEDS_checkAccess($A['ad_id']) < 3) {
return array();
}
$A['subject'] = trim($_POST['subject']);
$A['descript'] = trim($_POST['descript']);
if ($_POST['postmode'] == 'plaintext') {
$A['descript'] = nl2br($A['descript']);
}
$A['price'] = trim($_POST['price']);
$A['url'] = COM_sanitizeUrl($_POST['url'], array('http', 'https'), 'http');
$A['catid'] = (int) $_POST['catid'];
$A['ad_type'] = (int) $_POST['ad_type'];
$A['keywords'] = trim($_POST['keywords']);
$A['add_date'] = COM_applyFilter($_POST['add_date'], true);
$A['exp_date'] = COM_applyFilter($_POST['exp_date'], true);
if ($A['exp_date'] == 0) {
$A['exp_date'] = $A['add_date'];
}
$A['exp_sent'] = (int) $_POST['exp_sent'] == 1 ? 1 : 0;
$A['owner_id'] = (int) $_POST['owner_id'];
$A['group_id'] = (int) $_POST['group_id'];
$A['uid'] = $A['owner_id'];
$A['comments_enabled'] = (int) $_POST['comments_enabled'];
switch ($savetype) {
case 'moderate':
case 'adminupdate':
case 'savesubmission':
case 'editsubmission':
case 'submission':
$perms = SEC_getPermissionValues($_POST['perm_owner'], $_POST['perm_group'], $_POST['perm_members'], $_POST['perm_anon']);
$A['perms'] = $perms;
break;
case $LANG_ADMIN['save']:
case $LANG12[8]:
default:
$A['perms'] = array((int) $_POST['perm_owner'], (int) $_POST['perm_group'], (int) $_POST['perm_members'], (int) $_POST['perm_anon']);
break;
}
// Set anon permissions according to category if not an admin.
// To avoid form injection.
if (!$admin && DB_getItem($_TABLES['ad_category'], 'perm_anon', "cat_id='{$A['cat_id']}'") == '0') {
$A['perms'][3] = 0;
}
$photo = $_FILES['photo'];
$moredays = COM_applyFilter($_POST['moredays'], true);
if ($_CONF_ADVT['purchase_enabled'] && !$admin) {
// non-administrator is limited to the available days on account,
// if applicable.
USES_classifieds_class_userinfo();
$User = new adUserInfo();
$moredays = min($moredays, $User->getMaxDays());
}
// Validate some fields.
$errmsg = '';
if ($A['subject'] == '') {
$errmsg .= "<li>{$LANG_ADVT['subject_required']}</li>";
}
if ($A['descript'] == '') {
$errmsg .= "<li>{$LANG_ADVT['description_required']}</li>";
}
if ($errmsg != '') {
$errmsg = "<span class=\"alert\"><ul>{$errmsg}</ul></span>\n";
// return to edit page so user can correct
return array(1, $errmsg);
//return $errmsg;
}
// Calculate the new number of days. For an existing ad start from the
// date added, if new then start from now. If the ad has already expired,
// then $moredays will be added to now() rather than exp_date.
if ($moredays > 0) {
$moretime = $moredays * 86400;
$save_exp_date = $A['exp_date'];
if ($A['exp_date'] < time()) {
$basetime = time();
} else {
$basetime = $A['exp_date'];
}
$A['exp_date'] = min($basetime + $moretime, $A['add_date'] + intval($_CONF_ADVT['max_total_duration']) * 86400);
// Figure out the number of days added to this ad, and subtract
// it from the user's account.
$days_used = (int) (($A['exp_date'] - $save_exp_date) / 86400);
if ($_CONF_ADVT['purchase_enabled'] && !$admin) {
$User->UpdateDaysBalance($days_used * -1);
}
// Reset the "expiration notice sent" flag if the new date is at least
// one more day from the old one.
//if ($A['exp_date'] - $save_exp_date >= 86400) {
if ($days_used > 0) {
$A['exp_sent'] = 0;
}
}
$errmsg .= CLASSIFIEDS_UploadPhoto($A['ad_id'], 'photo');
if ($errmsg != '') {
// Display the real error message, if there is one
return array(1, "<span class=\"alert\"><ul>{$errmsg}</ul></span>\n");
//return "<span class=\"alert\"><ul>$errmsg</ul></span>\n";
}
if (($savetype == 'moderate' || $savetype == 'editsubmission' || $savetype == 'submission') && plugin_ismoderator_classifieds()) {
// If we're editing a submission, delete the submission item
// after moving data to the main table
$status = CLASSIFIEDS_insertAd($A, 'ad_ads');
if ($status == NULL) {
DB_delete($_TABLES['ad_submission'], 'ad_id', $A['ad_id']);
} else {
$errmsg = $status;
}
// Now we've duplicated most functions of the moderator approval,
// so call the plugin_ function to do the same post-approval stuff
plugin_moderationapprove_classifieds($A['ad_id'], $A['owner_id']);
} elseif (CLASSIFIEDS_checkAccess($A['ad_id']) == 3) {
CLASSIFIEDS_updateAd($A);
} else {
return array(1, "Acess Denied");
}
//$errmsg = COM_showMessage('02', $_CONF_ADVT['pi_name']);
//$errmsg = '';
if ($errmsg == '') {
return array(0, '02');
} else {
return array(1, $errmsg);
}
//return $errmsg;
}
// | |
// | You should have received a copy of the GNU General Public License |
// | along with this program; if not, write to the Free Software Foundation, |
// | Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. |
// | |
// +--------------------------------------------------------------------------+
require_once '../lib-common.php';
$display = '';
if (!SEC_inGroup('Root')) {
$display .= COM_siteHeader('menu');
$display .= COM_showMessageText($LANG20[6], $LANG20[1], true);
$display .= COM_siteFooter();
echo $display;
exit;
}
/*
* Main processing
*/
// validate the referer here - just to be safe....
$dirty_referer = isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : $_CONF['site_url'];
if ($dirty_referer == '') {
$dirty_referer = $_CONF['site_url'];
}
$referer = COM_sanitizeUrl($dirty_referer);
$sLength = strlen($_CONF['site_url']);
if (substr($referer, 0, $sLength) != $_CONF['site_url']) {
$referer = $_CONF['site_url'];
}
CTL_clearCache();
COM_setMessage(500);
echo COM_refresh($referer);
/**
* Saves a block
*
* @param string $bid Block ID
* @param string $title Block title
* @param string $type Type of block
* @param int $blockorder Order block appears relative to the others
* @param string $content Content of block
* @param string $tid Topic block should appear in
* @param string $rdfurl URL to headline feed for portal blocks
* @param string $rdfupdated Date RSS/RDF feed was last updated
* @param string $rdflimit max. number of entries to import from feed
* @param string $phpblockfn Name of php function to call to get content
* @param int $onleft Flag indicates if block shows up on left or right
* @param int $owner_id ID of owner
* @param int $group_id ID of group block belongs to
* @param array $perm_owner Permissions the owner has on the object
* @param array $perm_group Permissions the group has on the object
* @param array $perm_members Permissions the logged in members have
* @param array $perm_anon Permissinos anonymous users have
* @param int $is_enabled Flag, indicates if block is enabled or not
* @return string HTML redirect or error message
*
*/
function saveblock($bid, $name, $title, $help, $type, $blockorder, $content, $tid, $rdfurl, $rdfupdated, $rdflimit, $phpblockfn, $onleft, $owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon, $is_enabled, $allow_autotags)
{
global $_CONF, $_TABLES, $LANG01, $LANG21, $MESSAGE;
$retval = '';
$title = addslashes(COM_stripslashes(strip_tags($title)));
$phpblockfn = addslashes(COM_stripslashes(trim($phpblockfn)));
if (empty($title)) {
$retval .= COM_siteHeader('menu', $LANG21[63]) . COM_startBlock($LANG21[63], '', COM_getBlockTemplate('_msg_block', 'header')) . $LANG21[64] . COM_endBlock(COM_getBlockTemplate('_msg_block', 'footer')) . editblock($bid) . COM_siteFooter();
return $retval;
}
// Convert array values to numeric permission values
list($perm_owner, $perm_group, $perm_members, $perm_anon) = SEC_getPermissionValues($perm_owner, $perm_group, $perm_members, $perm_anon);
$access = 0;
if ($bid > 0 && DB_count($_TABLES['blocks'], 'bid', $bid) > 0) {
$result = DB_query("SELECT owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon FROM {$_TABLES['blocks']} WHERE bid = '{$bid}'");
$A = DB_fetchArray($result);
$access = SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']);
} else {
$access = SEC_hasAccess($owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon);
}
if ($access < 3 || !hasBlockTopicAccess($tid) || !SEC_inGroup($group_id)) {
$retval .= COM_siteHeader('menu', $MESSAGE[30]) . COM_showMessageText($MESSAGE[29], $MESSAGE[30]) . COM_siteFooter();
COM_accessLog("User {$_USER['username']} tried to illegally create or edit block {$bid}.");
return $retval;
} elseif ($type == 'normal' && !empty($title) && !empty($content) or $type == 'portal' && !empty($title) && !empty($rdfurl) or $type == 'gldefault' && strlen($blockorder) > 0 or $type == 'phpblock' && !empty($phpblockfn) && !empty($title)) {
if ($is_enabled == 'on') {
$is_enabled = 1;
} else {
$is_enabled = 0;
}
if ($allow_autotags == 'on') {
$allow_autotags = 1;
} else {
$allow_autotags = 0;
}
if ($type == 'portal') {
$content = '';
$rdfupdated = '';
$phpblockfn = '';
// get rid of possible extra prefixes (e.g. "feed://http://...")
if (substr($rdfurl, 0, 4) == 'rss:') {
$rdfurl = substr($rdfurl, 4);
} else {
if (substr($rdfurl, 0, 5) == 'feed:') {
$rdfurl = substr($rdfurl, 5);
}
}
if (substr($rdfurl, 0, 2) == '//') {
$rdfurl = substr($rdfurl, 2);
}
$rdfurl = COM_sanitizeUrl($rdfurl, array('http', 'https'));
}
if ($type == 'gldefault') {
if ($name != 'older_stories') {
$content = '';
}
$rdfurl = '';
$rdfupdated = '';
$rdflimit = 0;
$phpblockfn = '';
}
if ($type == 'phpblock') {
// NOTE: PHP Blocks must be within a function and the function
// must start with phpblock_ as the prefix. This will prevent
// the arbitrary execution of code
if (!stristr($phpblockfn, 'phpblock_')) {
$retval .= COM_siteHeader('menu', $LANG21[37]) . COM_startBlock($LANG21[37], '', COM_getBlockTemplate('_msg_block', 'header')) . $LANG21[38] . COM_endBlock(COM_getBlockTemplate('_msg_block', 'footer')) . editblock($bid) . COM_siteFooter();
return $retval;
}
$content = '';
$rdfurl = '';
$rdfupdated = '';
$rdflimit = 0;
}
if ($type == 'normal') {
$rdfurl = '';
$rdfupdated = '';
$rdflimit = 0;
$phpblockfn = '';
$content = addslashes($content);
}
if ($rdflimit < 0) {
$rdflimit = 0;
}
if (!empty($rdfurl)) {
$rdfurl = addslashes($rdfurl);
}
if (empty($rdfupdated)) {
$rdfupdated = '0000-00-00 00:00:00';
}
if ($bid > 0) {
DB_save($_TABLES['blocks'], 'bid,name,title,help,type,blockorder,content,tid,rdfurl,rdfupdated,rdflimit,phpblockfn,onleft,owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon,is_enabled,allow_autotags,rdf_last_modified,rdf_etag', "{$bid},'{$name}','{$title}','{$help}','{$type}','{$blockorder}','{$content}','{$tid}','{$rdfurl}','{$rdfupdated}','{$rdflimit}','{$phpblockfn}',{$onleft},{$owner_id},{$group_id},{$perm_owner},{$perm_group},{$perm_members},{$perm_anon},{$is_enabled},{$allow_autotags},NULL,NULL");
} else {
$sql = "INSERT INTO {$_TABLES['blocks']} " . '(name,title,help,type,blockorder,content,tid,rdfurl,rdfupdated,rdflimit,phpblockfn,onleft,owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon,is_enabled,allow_autotags) ' . "VALUES ('{$name}','{$title}','{$help}','{$type}','{$blockorder}','{$content}','{$tid}','{$rdfurl}','{$rdfupdated}','{$rdflimit}','{$phpblockfn}',{$onleft},{$owner_id},{$group_id},{$perm_owner},{$perm_group},{$perm_members},{$perm_anon},{$is_enabled},{$allow_autotags})";
DB_query($sql);
$bid = DB_insertId();
}
if ($type == 'gldefault' && $name == 'older_stories') {
COM_olderStuff();
}
return COM_refresh($_CONF['site_admin_url'] . '/block.php?msg=11');
} else {
$retval .= COM_siteHeader('menu', $LANG21[32]) . COM_startBlock($LANG21[32], '', COM_getBlockTemplate('_msg_block', 'header'));
if ($type == 'portal') {
// Portal block is missing fields
$retval .= $LANG21[33];
} else {
if ($type == 'phpblock') {
// PHP Block is missing field
$retval .= $LANG21[34];
} else {
if ($type == 'normal') {
// Normal block is missing field
$retval .= $LANG21[35];
} else {
if ($type == 'gldefault') {
// Default geeklog field missing
$retval .= $LANG21[42];
} else {
// Layout block missing content
$retval .= $LANG21[36];
}
}
}
}
$retval .= COM_endBlock(COM_getBlockTemplate('_msg_block', 'footer')) . editblock($bid) . COM_siteFooter();
}
return $retval;
}
// | This program is distributed in the hope that it will be useful, |
// | but WITHOUT ANY WARRANTY; without even the implied warranty of |
// | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
// | GNU General Public License for more details. |
// | |
// | You should have received a copy of the GNU General Public License |
// | along with this program; if not, write to the Free Software Foundation, |
// | Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. |
// | |
// +--------------------------------------------------------------------------+
require_once 'lib-common.php';
header("HTTP/1.0 404 Not Found");
$display = COM_siteHeader('menu', $LANG_404[1]);
$display .= COM_startBlock($LANG_404[1]);
if (isset($_SERVER['SCRIPT_URI'])) {
$url = strip_tags($_SERVER['SCRIPT_URI']);
} else {
$pos = strpos($_SERVER['REQUEST_URI'], '?');
if ($pos === false) {
$request = $_SERVER['REQUEST_URI'];
} else {
$request = substr($_SERVER['REQUEST_URI'], 0, $pos);
}
$url = 'http://' . $_SERVER['HTTP_HOST'] . strip_tags($request);
}
$url = COM_sanitizeUrl($url);
$display .= sprintf($LANG_404[2], $url);
$display .= $LANG_404[3];
$display .= COM_endBlock();
$display .= COM_siteFooter();
echo $display;
private function setParams()
{
$tmp = isset($_SERVER['HTTP_REFERER']) ? COM_sanitizeUrl($_SERVER['HTTP_REFERER']) : '/';
$tmp = explode('?', $tmp);
$params = array();
if (isset($tmp[1]) && $tmp[1] != '') {
$params_tmp = explode('&', $tmp[1]);
if (is_array($params_tmp)) {
foreach ($params_tmp as $value) {
$tmp = explode('=', $value);
if (isset($tmp[0]) && $tmp[0] != '' && isset($tmp[1]) && $tmp[1] != '') {
$params[$tmp[0]] = $tmp[1];
}
}
}
}
$this->params = $params;
}
/**
* Saves a block
*
* @param string $bid Block ID
* @param string $name Block name
* @param string $title Block title
* @param string $type Type of block
* @param int $blockorder Order block appears relative to the others
* @param string $content Content of block
* @param string $tid Topic block should appear in
* @param string $rdfurl URL to headline feed for portal blocks
* @param string $rdfupdated Date RSS/RDF feed was last updated
* @param string $rdflimit max. number of entries to import from feed
* @param string $phpblockfn Name of php function to call to get content
* @param int $onleft Flag indicates if block shows up on left or right
* @param int $owner_id ID of owner
* @param int $group_id ID of group block belongs to
* @param array $perm_owner Permissions the owner has on the object
* @param array $perm_group Permissions the group has on the object
* @param array $perm_members Permissions the logged in members have
* @param array $perm_anon Permissinos anonymous users have
* @param int $is_enabled Flag, indicates if block is enabled or not
* @param int $allow_autotags Flag, indicates if autotags are enabed or not
* @return string HTML redirect or error message
*
*/
function BLOCK_save($bid, $name, $title, $help, $type, $blockorder, $content, $tid, $rdfurl, $rdfupdated, $rdflimit, $phpblockfn, $onleft, $owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon, $is_enabled, $allow_autotags)
{
global $_CONF, $_TABLES, $LANG01, $LANG21, $MESSAGE;
$retval = '';
$B['bid'] = (int) $bid;
$B['name'] = $name;
$B['title'] = $title;
$B['type'] = $type;
$B['blockorder'] = $blockorder;
$B['content'] = $content;
$B['tid'] = $tid;
$B['rdfurl'] = $rdfurl;
$B['rdfupdated'] = $rdfupdated;
$B['rdflimit'] = $rdflimit;
$B['phpblockfn'] = $phpblockfn;
$B['onleft'] = $onleft;
$B['owner_id'] = $owner_id;
$B['group_id'] = $group_id;
$B['perm_owner'] = $perm_owner;
$B['perm_group'] = $perm_group;
$B['perm_members'] = $perm_members;
$B['perm_anon'] = $perm_anon;
$B['is_enabled'] = $is_enabled;
$B['allow_autotags'] = $allow_autotags;
$bid = (int) $bid;
$MenuElementAllowedHTML = "i[class|style],div[class|style],span[class|style],img[src|class|style],em,strong,del,ins,q,abbr,dfn,small";
$filter = sanitizer::getInstance();
$allowedElements = $filter->makeAllowedElements($MenuElementAllowedHTML);
$filter->setAllowedElements($allowedElements);
$filter->setPostmode('html');
$title = $filter->filterHTML($title);
$title = DB_escapeString($title);
$phpblockfn = DB_escapeString(trim($phpblockfn));
if (empty($title) || !BLOCK_validateName($name)) {
if (empty($title)) {
$msg = $LANG21[64];
} else {
$msg = $LANG21[70];
}
SEC_setCookie($_CONF['cookie_name'] . 'adveditor', SEC_createTokenGeneral('advancededitor'), time() + 1200, $_CONF['cookie_path'], $_CONF['cookiedomain'], $_CONF['cookiesecure'], false);
$retval .= COM_siteHeader('menu', $LANG21[63]) . COM_showMessageText($msg, $LANG21[63], true) . BLOCK_edit($bid, $B) . COM_siteFooter();
return $retval;
}
// Convert array values to numeric permission values
list($perm_owner, $perm_group, $perm_members, $perm_anon) = SEC_getPermissionValues($perm_owner, $perm_group, $perm_members, $perm_anon);
$access = 0;
if ($bid > 0 && DB_count($_TABLES['blocks'], 'bid', $bid) > 0) {
$result = DB_query("SELECT owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon FROM {$_TABLES['blocks']} WHERE bid = '{$bid}'");
$A = DB_fetchArray($result);
$access = SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']);
} else {
$access = SEC_hasAccess($owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon);
}
if ($access < 3 || !BLOCK_hasTopicAccess($tid) || !SEC_inGroup($group_id)) {
$retval .= COM_siteHeader('menu', $MESSAGE[30]);
$retval .= COM_showMessageText($MESSAGE[33], $MESSAGE[30], true);
$retval .= COM_siteFooter();
COM_accessLog("User {$_USER['username']} tried to illegally create or edit block {$bid}.");
return $retval;
} elseif ($type == 'normal' && !empty($title) && !empty($content) or $type == 'portal' && !empty($title) && !empty($rdfurl) or $type == 'gldefault' && strlen($blockorder) > 0 or $type == 'phpblock' && !empty($phpblockfn) && !empty($title)) {
if ($is_enabled == 'on') {
$is_enabled = 1;
} else {
$is_enabled = 0;
}
if ($allow_autotags == 1) {
$allow_autotags = 1;
} else {
$allow_autotags = 0;
}
if ($type == 'portal') {
$content = '';
$rdfupdated = '';
$phpblockfn = '';
// get rid of possible extra prefixes (e.g. "feed://http://...")
if (substr($rdfurl, 0, 4) == 'rss:') {
$rdfurl = substr($rdfurl, 4);
} else {
if (substr($rdfurl, 0, 5) == 'feed:') {
$rdfurl = substr($rdfurl, 5);
}
}
if (substr($rdfurl, 0, 2) == '//') {
$rdfurl = substr($rdfurl, 2);
}
$rdfurl = COM_sanitizeUrl($rdfurl, array('http', 'https'));
}
if ($type == 'gldefault') {
if ($name != 'older_stories') {
$content = '';
}
$rdfurl = '';
$rdfupdated = '';
$rdflimit = 0;
$phpblockfn = '';
}
if ($type == 'phpblock') {
// NOTE: PHP Blocks must be within a function and the function
// must start with phpblock_ as the prefix. This will prevent
// the arbitrary execution of code
if (!stristr($phpblockfn, 'phpblock_')) {
$retval .= COM_siteHeader('menu', $LANG21[37]) . COM_showMessageText($LANG21[38], $LANG21[37], true) . BLOCK_edit($bid, $B) . COM_siteFooter();
return $retval;
}
$content = '';
$rdfurl = '';
$rdfupdated = '';
$rdflimit = 0;
}
if ($type == 'normal') {
$rdfurl = '';
$rdfupdated = '';
$rdflimit = 0;
$phpblockfn = '';
$content = DB_escapeString($content);
}
if ($rdflimit < 0) {
$rdflimit = 0;
}
if (!empty($rdfurl)) {
$rdfurl = DB_escapeString($rdfurl);
}
if (empty($rdfupdated)) {
$rdfupdated = '1000-01-01 00:00:00';
}
$name = DB_escapeString($name);
if ($bid > 0) {
DB_save($_TABLES['blocks'], 'bid,name,title,help,type,blockorder,content,tid,rdfurl,rdfupdated,rdflimit,phpblockfn,onleft,owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon,is_enabled,allow_autotags,rdf_last_modified,rdf_etag', "{$bid},'{$name}','{$title}','{$help}','{$type}','{$blockorder}','{$content}','{$tid}','{$rdfurl}','{$rdfupdated}','{$rdflimit}','{$phpblockfn}',{$onleft},{$owner_id},{$group_id},{$perm_owner},{$perm_group},{$perm_members},{$perm_anon},{$is_enabled},{$allow_autotags},NULL,NULL");
} else {
$sql = "INSERT INTO {$_TABLES['blocks']} " . '(name,title,help,type,blockorder,content,tid,rdfurl,rdfupdated,rdflimit,phpblockfn,onleft,owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon,is_enabled,allow_autotags) ' . "VALUES ('{$name}','{$title}','{$help}','{$type}','{$blockorder}','{$content}','{$tid}','{$rdfurl}','{$rdfupdated}','{$rdflimit}','{$phpblockfn}',{$onleft},{$owner_id},{$group_id},{$perm_owner},{$perm_group},{$perm_members},{$perm_anon},{$is_enabled},{$allow_autotags})";
DB_query($sql);
$bid = DB_insertId();
}
if ($type == 'gldefault' && $name == 'older_stories') {
COM_olderStuff();
}
CTL_clearCache();
COM_setMessage(11);
return COM_refresh($_CONF['site_admin_url'] . '/block.php');
} else {
SEC_setCookie($_CONF['cookie_name'] . 'adveditor', SEC_createTokenGeneral('advancededitor'), time() + 1200, $_CONF['cookie_path'], $_CONF['cookiedomain'], $_CONF['cookiesecure'], false);
$retval .= COM_siteHeader('menu', $LANG21[32]);
if ($type == 'portal') {
// Portal block is missing fields
$msg = $LANG21[33];
} else {
if ($type == 'phpblock') {
// PHP Block is missing field
$msg = $LANG21[34];
} else {
if ($type == 'normal') {
// Normal block is missing field
$msg = $LANG21[35];
} else {
if ($type == 'gldefault') {
// Default glFusion field missing
$msg = $LANG21[42];
} else {
// Layout block missing content
$msg = $LANG21[36];
}
}
}
}
$retval .= COM_showMessageText($msg, $LANG21[32], true);
$retval .= BLOCK_edit($bid, $B);
$retval .= COM_siteFooter();
}
return $retval;
}
$extra_vars = '&' . implode('&', $url);
} else {
$extra_vars = '';
}
if (substr($urlpart, -($lang_len + 1)) == '_' . $oldlang) {
$urlpart = substr_replace($urlpart, $newlang, -$lang_len);
}
$retval = $urlpart . $extra_vars;
}
return $retval;
}
// MAIN
$ret_url = '';
if (isset($_SERVER['HTTP_REFERER'])) {
if (strpos($_SERVER['HTTP_REFERER'], $_CONF['site_url']) !== false) {
$ret_url = COM_sanitizeUrl($_SERVER['HTTP_REFERER']);
}
}
// if not allowed, just ignore and return
if ($_CONF['allow_user_language'] == 1) {
COM_setArgNames(array('lang'));
$lang = strtolower(COM_applyFilter(COM_getArgument('lang')));
$lang = preg_replace('/[^a-z0-9\\-_]/', '', $lang);
$oldlang = COM_getLanguageId();
// do we really have a new language to switch to?
if (!empty($lang) && array_key_exists($lang, $_CONF['language_files'])) {
// does such a language file exist?
$langfile = $_CONF['language_files'][$lang];
if (is_file($_CONF['path_language'] . $langfile . '.php')) {
// Set the language cookie.
// Mainly used for anonymous users so the rest of their session
if (!isset($_CONF['rating_speedlimit'])) {
$_CONF['rating_speedlimit'] = 15;
}
//getting the values
$vote_sent = preg_replace("/[^0-9]/", "", $_REQUEST['j']);
$id_sent = COM_applyFilter($_GET['q']);
$ip_num = preg_replace("/[^0-9\\.]/", "", $_REQUEST['t']);
$units = preg_replace("/[^0-9]/", "", $_REQUEST['c']);
$size = preg_replace("/[^0-9a-zA-Z]/", "", $_REQUEST['s']);
$plugin = COM_applyFilter($_GET['p']);
$ip = $_SERVER['REMOTE_ADDR'];
$ratingdate = time();
$uid = isset($_USER['uid']) ? $_USER['uid'] : 1;
$uid = (int) $uid;
// validate the referer here - just to be safe....
$referer = isset($_SERVER['HTTP_REFERER']) ? COM_sanitizeUrl($_SERVER['HTTP_REFERER']) : $_CONF['site_url'];
if ($referer == '') {
$referer = $_CONF['site_url'];
}
$sLength = strlen($_CONF['site_url']);
if (substr($referer, 0, $sLength) != $_CONF['site_url']) {
$referer = $_CONF['site_url'];
}
if ($vote_sent > $units) {
die("Sorry, vote appears to be invalid.");
// kill the script because normal users will never see this.
}
$canRate = PLG_canUserRate($plugin, $id_sent, $uid);
if (!$canRate) {
header("Location: {$referer}");
}
function handleunSubscribe($album_id)
{
global $_CONF, $_TABLES, $_USER;
$referer = isset($_SERVER['HTTP_REFERER']) ? COM_sanitizeUrl($_SERVER['HTTP_REFERER']) : $_CONF['site_url'];
if ($referer == '') {
$referer = $_CONF['site_url'];
}
$sLength = strlen($_CONF['site_url']);
if (substr($referer, 0, $sLength) != $_CONF['site_url']) {
$referer = $_CONF['site_url'];
}
$hasargs = strstr($referer, '?');
if ($hasargs) {
$sep = '&';
} else {
$sep = '?';
}
$rc = PLG_unsubscribe('mediagallery', '', $album_id);
echo COM_refresh($referer . $sep . 'msg=521');
exit;
}
