/** * Deletes a given comment * * The function expects the calling function to check to make sure the * requesting user has the correct permissions and that the comment exits * for the specified $type and $sid. * * @author Vincent Furia, vinny01 AT users DOT sourceforge DOT net * @param string $type article, poll, or plugin identifier * @param string $sid id of object comment belongs to * @param int $cid Comment ID * @return string 0 indicates success, >0 identifies problem */ function CMT_deleteComment($cid, $sid, $type) { global $_CONF, $_TABLES, $_USER; $ret = 0; // Assume good status unless reported otherwise // Sanity check, note we return immediately here and no DB operations // are performed if (!is_numeric($cid) || $cid < 0 || empty($sid) || empty($type)) { COM_errorLog("CMT_deleteComment: {$_USER['uid']} from {$_SERVER['REMOTE_ADDR']} tried " . 'to delete a comment with one or more missing/bad values.'); return $ret = 1; } // Delete the comment from the DB and update the other comments to // maintain the tree structure // A lock is needed here to prevent other additions and/or deletions // from happening at the same time. A transaction would work better, // but aren't supported with MyISAM tables. DB_lockTable($_TABLES['comments']); $result = DB_query("SELECT pid, lft, rht FROM {$_TABLES['comments']} " . "WHERE cid = {$cid} AND sid = '{$sid}' AND type = '{$type}'"); if (DB_numRows($result) == 1) { list($pid, $lft, $rht) = DB_fetchArray($result); DB_change($_TABLES['comments'], 'pid', $pid, 'pid', $cid); DB_delete($_TABLES['comments'], 'cid', $cid); DB_query("UPDATE {$_TABLES['comments']} SET indent = indent - 1 " . "WHERE sid = '{$sid}' AND type = '{$type}' AND lft BETWEEN {$lft} AND {$rht}"); DB_query("UPDATE {$_TABLES['comments']} SET lft = lft - 2 " . "WHERE sid = '{$sid}' AND type = '{$type}' AND lft >= {$rht}"); DB_query("UPDATE {$_TABLES['comments']} SET rht = rht - 2 " . "WHERE sid = '{$sid}' AND type = '{$type}' AND rht >= {$rht}"); } else { COM_errorLog("CMT_deleteComment: {$_USER['uid']} from {$_SERVER['REMOTE_ADDR']} tried " . 'to delete a comment that doesn\'t exist as described.'); return $ret = 2; } DB_unlockTable($_TABLES['comments']); return $ret; }
/** * Creates new user session (short term cookie) * * Adds a new session to the database for the given userid and returns a new session ID. * Also deletes all expired sessions from the database, based on the given session lifespan. * * @param int $userid User ID to create session for * @param string $remote_ip IP address user is connected from * @param string $lifespan How long (seconds) this cookie should persist * @param string $md5_based If 1 session will be MD5 hash of ip address * @return string Session ID * */ function SESS_newSession($userid, $remote_ip, $lifespan, $md5_based = 0) { global $_TABLES, $_CONF, $_SESS_VERBOSE; if ($_SESS_VERBOSE) { COM_errorLog("*** Inside SESS_newSession ***", 1); COM_errorLog("Args to SESS_newSession: userid = {$userid}, " . "remote_ip = {$remote_ip}, lifespan = {$lifespan}, " . "md5_based = {$md5_based}", 1); } $sessid = mt_rand(); // For added security we are adding the option to build a IP-based // session ID. This has the advantage of better security but it may // required dialed users to login every time. You can turn the below // code on in the configuration (it's turned off by default) $md5_sessid = ''; if ($md5_based == 1) { $ip = str_replace('.', '', $remote_ip); $md5_sessid = md5($ip + $sessid); } $ctime = time(); $currtime = (string) $ctime; $expirytime = (string) ($ctime - $lifespan); if (!isset($_COOKIE[$_CONF['cookie_session']])) { // ok, delete any old sessons for this user if ($userid > 1) { DB_delete($_TABLES['sessions'], 'uid', $userid); } else { DB_delete($_TABLES['sessions'], array('uid', 'remote_ip'), array(1, $remote_ip)); } } else { DB_lockTable($_TABLES['sessions']); $deleteSQL = "DELETE FROM {$_TABLES['sessions']} WHERE (start_time < {$expirytime})"; $delresult = DB_query($deleteSQL); DB_unlockTable($_TABLES['sessions']); if ($_SESS_VERBOSE) { COM_errorLog("Attempted to delete rows from session table with following SQL\n{$deleteSQL}\n", 1); COM_errorLog("Got {$delresult} as a result from the query", 1); } if (!$delresult) { die("Delete failed in SESS_newSession()"); } } // Remove the anonymous session for this user if ($userid > 1) { // Retrieve any session variables that we need to add to the new logged in session // To come // Delete record DB_delete($_TABLES['sessions'], array('uid', 'remote_ip'), array(1, $remote_ip)); } // Create new session if ($md5_based == 1) { $sql = "INSERT INTO {$_TABLES['sessions']} " . "(sess_id, md5_sess_id, uid, start_time, remote_ip, whos_online) " . "VALUES ({$sessid}, '{$md5_sessid}', {$userid}, {$currtime}, '{$remote_ip}', 1)"; } else { $sql = "INSERT INTO {$_TABLES['sessions']} " . "(sess_id, uid, start_time, remote_ip, whos_online) " . "VALUES ({$sessid}, {$userid}, {$currtime}, '{$remote_ip}', 1)"; } $result = DB_query($sql); if (!$result) { echo DB_error() . ": " . DB_error() . "<br" . XHTML . ">"; die("Insert failed in SESS_newSession()"); } if ($_CONF['lastlogin'] == true) { // Update userinfo record to record the date and time as lastlogin DB_query("UPDATE {$_TABLES['userinfo']} SET lastlogin = UNIX_TIMESTAMP() WHERE uid={$userid}"); } if ($_SESS_VERBOSE) { COM_errorLog("Assigned the following session id: {$sessid}", 1); COM_errorLog("*** Leaving SESS_newSession ***", 1); } if ($md5_based == 1) { return $md5_sessid; } return $sessid; }
foreach ($func() as $info) { $footer = true; if (isset($info['footer']) && !$info['footer']) { $footer = false; } $priority = !empty($info['priority']) ? $info['priority'] : 100; $_SCRIPTS->setJavaScriptFile(md5($info['file']), $info['file'], $footer, $priority); } } $func = "theme_init_" . $_CONF['theme']; if (function_exists($func)) { $func(); } unset($theme_config, $func); // Clear out any expired sessions DB_lockTable($_TABLES['sessions']); DB_query("UPDATE {$_TABLES['sessions']} SET whos_online = 0 WHERE start_time < " . (time() - $_CONF['whosonline_threshold'])); DB_unlockTable($_TABLES['sessions']); /** * Global array of groups current user belongs to * * @global array $_GROUPS * */ if (!COM_isAnonUser()) { $_GROUPS = SEC_getUserGroups($_USER['uid']); } else { $_GROUPS = SEC_getUserGroups(1); } /** * Global array of current user permissions [read,edit]
function DLM_saveComment(&$C) { global $_CONF, $_TABLES, $_USER, $_LANG_CONV, $_SUCCESS; $retval = ''; $title = addslashes($C['title']); $comment = addslashes($C['comment']); $sid = addslashes(str_replace('fileid_', '', $C['sid'])); $pid = (int) $C['pid']; $type = 'downloads'; $name = addslashes($C['name']); $ipaddress = addslashes($C['ipaddress']); $uid = (int) $C['uid']; if ($pid > 0) { DB_lockTable($_TABLES['comments']); $result = DB_query("SELECT rht, indent FROM {$_TABLES['comments']} " . "WHERE cid = {$pid} AND sid = '{$sid}'"); if (DB_error()) { $retval .= '<p>' . $_LANG_CONV['db_error'] . '</p>' . LB; $_SUCCESS = false; return $retval; } list($rht, $indent) = DB_fetchArray($result); $rht2 = $rht + 1; $indent += 1; DB_query("UPDATE {$_TABLES['comments']} SET lft = lft + 2 " . "WHERE sid = '{$sid}' AND type = '{$type}' AND lft >= {$rht}"); if (DB_error()) { $retval .= '<p>' . $_LANG_CONV['db_error'] . '</p>' . LB; $_SUCCESS = false; return $retval; } DB_query("UPDATE {$_TABLES['comments']} SET rht = rht + 2 " . "WHERE sid = '{$sid}' AND type = '{$type}' AND rht >= {$rht}"); if (DB_error()) { $retval .= '<p>' . $_LANG_CONV['db_error'] . '</p>' . LB; $_SUCCESS = false; return $retval; } if (isset($name)) { DB_save($_TABLES['comments'], 'sid,uid,comment,date,title,pid,lft,rht,indent,type,ipaddress,name', "'{$sid}',{$uid},'{$comment}',now(),'{$title}',{$pid},{$rht},{$rht2},{$indent},'{$type}','{$ipaddress}','{$name}'"); } else { DB_save($_TABLES['comments'], 'sid,uid,comment,date,title,pid,lft,rht,indent,type,ipaddress', "'{$sid}',{$uid},'{$comment}',now(),'{$title}',{$pid},{$rht},{$rht2},{$indent},'{$type}','{$ipaddress}'"); } } else { $rht = DB_getItem($_TABLES['comments'], 'MAX(rht)', "sid = '{$sid}'"); if (DB_error()) { $rht = 0; } $rht2 = $rht + 1; $rht3 = $rht + 2; if (isset($name)) { DB_save($_TABLES['comments'], 'sid,uid,comment,date,title,pid,lft,rht,indent,type,ipaddress,name', "'{$sid}',{$uid},'{$comment}',now(),'{$title}',{$pid},{$rht2},{$rht3},0,'{$type}','{$ipaddress}','{$name}'"); } else { DB_save($_TABLES['comments'], 'sid,uid,comment,date,title,pid,lft,rht,indent,type,ipaddress', "'{$sid}',{$uid},'{$comment}',now(),'{$title}',{$pid},{$rht2},{$rht3},0,'{$type}','{$ipaddress}'"); } } if (DB_error()) { $retval .= '<p>' . $_LANG_CONV['db_error'] . '</p>' . LB; $_SUCCESS = false; return $retval; } $result = DB_query("SELECT LAST_INSERT_ID()"); list($last_cid) = DB_fetchArray($result); $C['new_cid'] = $last_cid; DB_unlockTable($_TABLES['comments']); $cid = (int) $C['new_cid']; $date = addslashes($C['date']); $name = addslashes($C['name']); $score = (int) $C['score']; $reason = (int) $C['reason']; DB_query("UPDATE {$_TABLES['comments']} SET " . "date='{$date}', " . (!empty($name) ? "name='{$name}', " : "name=NULL, ") . "score={$score}, " . "reason={$reason} " . "WHERE cid={$cid}"); if (DB_error()) { $retval .= '<p>' . $_LANG_CONV['db_error'] . '</p>' . LB; $_SUCCESS = false; return $retval; } return $retval; }