/**
* Set the value of all variables from an array, either DB or a form
*
* @param array $A Array of fields
* @param boolean $fromDB True if $A is from the database, false for form
*/
public function SetVars($A, $fromDB = false)
{
if (isset($A['cal_id']) && !empty($A['cal_id'])) {
$this->cal_id = $A['cal_id'];
}
// These fields come in the same way from DB or form
$fields = array('cal_name', 'fgcolor', 'bgcolor', 'owner_id', 'group_id');
foreach ($fields as $field) {
if (isset($A[$field])) {
$this->{$field} = $A[$field];
}
}
if (isset($A['cal_status']) && $A['cal_status'] == 1) {
$this->cal_status = 1;
} else {
$this->cal_status = 0;
}
if (isset($A['cal_ena_ical']) && $A['cal_ena_ical'] == 1) {
$this->cal_ena_ical = 1;
} else {
$this->cal_ena_ical = 0;
}
if ($fromDB) {
$this->perm_owner = $A['perm_owner'];
$this->perm_group = $A['perm_group'];
$this->perm_members = $A['perm_members'];
$this->perm_anon = $A['perm_anon'];
} else {
$perms = SEC_getPermissionValues($_POST['perm_owner'], $_POST['perm_group'], $_POST['perm_members'], $_POST['perm_anon']);
$this->perm_owner = $perms[0];
$this->perm_group = $perms[1];
$this->perm_members = $perms[2];
$this->perm_anon = $perms[3];
}
}
function links_save_category($cid, $old_cid, $pid, $category, $description, $tid, $owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon)
{
global $_CONF, $_TABLES, $_USER, $LANG_LINKS, $LANG_LINKS_ADMIN, $_LI_CONF, $PLG_links_MESSAGE17;
// Convert array values to numeric permission values
if (is_array($perm_owner) or is_array($perm_group) or is_array($perm_members) or is_array($perm_anon)) {
list($perm_owner, $perm_group, $perm_members, $perm_anon) = SEC_getPermissionValues($perm_owner, $perm_group, $perm_members, $perm_anon);
}
// clean 'em up
$description = addslashes(COM_checkHTML(COM_checkWords($description), 'links.edit'));
$category = addslashes(COM_checkHTML(COM_checkWords($category), 'links.edit'));
$pid = addslashes(strip_tags($pid));
$cid = addslashes(strip_tags($cid));
$old_cid = addslashes(strip_tags($old_cid));
if (empty($category) || empty($description)) {
return 7;
}
// Check cid to make sure not illegal
if ($cid == addslashes($_LI_CONF['root']) || $cid == 'user') {
return 11;
}
if (!empty($cid) && $cid != $old_cid) {
// this is either a new category or an attempt to change the cid
// - check that cid doesn't exist yet
$ctrl = DB_getItem($_TABLES['linkcategories'], 'cid', "cid = '{$cid}'");
if (!empty($ctrl)) {
if (isset($PLG_links_MESSAGE17)) {
return 17;
} else {
return 11;
}
}
}
// Check that they didn't delete the cid. If so, get the hidden one
if (empty($cid) && !empty($old_cid)) {
$cid = $old_cid;
}
// Make sure they aren't making a parent category child of one of it's own
// children. This would create orphans
if ($cid == DB_getItem($_TABLES['linkcategories'], 'pid', "cid='{$pid}'")) {
return 12;
}
$access = 0;
if (DB_count($_TABLES['linkcategories'], 'cid', $old_cid) > 0) {
// update existing item, but new cid so get access from database with old cid
$result = DB_query("SELECT owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon FROM {$_TABLES['linkcategories']} WHERE cid='{$old_cid}'");
$A = DB_fetchArray($result);
$access = SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']);
// set flag
$update = "existing";
} else {
if (DB_count($_TABLES['linkcategories'], 'cid', $cid) > 0) {
// update existing item, same cid, so get access from database with existing cid
$result = DB_query("SELECT owner_id,group_id,perm_owner,perm_group, perm_members,perm_anon FROM {$_TABLES['linkcategories']} WHERE cid='{$cid}'");
$A = DB_fetchArray($result);
$access = SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']);
// set flag
$update = "same";
} else {
// new item, so use passed values
$access = SEC_hasAccess($owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon);
// set flag
$update = 'new';
}
}
if ($access < 3) {
// no access rights: user should not be here
COM_accessLog(sprintf($LANG_LINKS_ADMIN[60], $_USER['username'], $cid));
return 6;
} else {
// save item
if ($update == 'existing') {
// update an existing item but new cid
$sql = "UPDATE {$_TABLES['linkcategories']}\n SET cid='{$cid}',\n pid='{$pid}',\n tid='{$tid}',category='{$category}',\n description='{$description}',\n modified=NOW(),\n owner_id='{$owner_id}',group_id='{$group_id}',\n perm_owner='{$perm_owner}',perm_group='{$perm_group}',\n perm_members='{$perm_members}',perm_anon='{$perm_anon}'\n WHERE cid = '{$old_cid}'";
$result = DB_query($sql);
// Also need to update links for this category
$sql = "UPDATE {$_TABLES['links']} SET cid='{$cid}' WHERE cid='{$old_cid}'";
$result = DB_query($sql);
} else {
if ($update == 'same') {
// update an existing item
$sql = "UPDATE {$_TABLES['linkcategories']}\n SET pid='{$pid}',\n tid='{$tid}',category='{$category}',\n description='{$description}',\n modified=NOW(),\n owner_id='{$owner_id}',group_id='{$group_id}',\n perm_owner='{$perm_owner}',perm_group='{$perm_group}',\n perm_members='{$perm_members}',perm_anon='{$perm_anon}'\n WHERE cid = '{$cid}'";
$result = DB_query($sql);
} else {
// insert a new item
if (empty($cid)) {
$cid = COM_makeSid();
}
$sql = "INSERT INTO {$_TABLES['linkcategories']}\n (cid, pid, category, description, tid,\n created,modified,\n owner_id, group_id, perm_owner, perm_group,\n perm_members, perm_anon)\n VALUES\n ('{$cid}','{$pid}','{$category}',\n '{$description}','{$tid}',\n NOW(),NOW(),\n '{$owner_id}','{$group_id}','{$perm_owner}',\n '{$perm_group}','{$perm_members}','{$perm_anon}')";
$result = DB_query($sql);
}
}
if ($update == 'existing' && $cid != $old_cid) {
PLG_itemSaved($cid, 'links.category', $old_cid);
} else {
PLG_itemSaved($cid, 'links.category');
}
}
return 10;
// success message
}
/**
* Submit static page. The page is updated if it exists, or a new one is created
*
* @param array args Contains all the data provided by the client
* @param string &output OUTPUT parameter containing the returned text
* @param string &svc_msg OUTPUT parameter containing any service messages
* @return int Response code as defined in lib-plugins.php
*/
function service_submit_staticpages($args, &$output, &$svc_msg)
{
global $_CONF, $_TABLES, $_USER, $LANG_ACCESS, $LANG12, $LANG_STATIC, $LANG_LOGIN, $_GROUPS, $_SP_CONF;
$output = '';
if (!SEC_hasRights('staticpages.edit')) {
$output = COM_siteHeader('menu', $LANG_STATIC['access_denied']);
$output .= COM_showMessageText($LANG_STATIC['access_denied_msg'], $LANG_STATIC['access_denied'], true);
$output .= COM_siteFooter();
return PLG_RET_AUTH_FAILED;
}
if (defined('DEMO_MODE')) {
$output = COM_siteHeader('menu');
$output .= COM_showMessageText('Option disabled in Demo Mode', 'Option disabled in Demo Mode', true);
$output .= COM_siteFooter();
return PLG_REG_AUTH_FAILED;
}
$gl_edit = false;
if (isset($args['gl_edit'])) {
$gl_edit = $args['gl_edit'];
}
if ($gl_edit) {
// This is EDIT mode, so there should be an sp_old_id
if (empty($args['sp_old_id'])) {
if (!empty($args['id'])) {
$args['sp_old_id'] = $args['id'];
} else {
return PLG_RET_ERROR;
}
if (empty($args['sp_id'])) {
$args['sp_id'] = $args['sp_old_id'];
}
}
} else {
if (empty($args['sp_id']) && !empty($args['id'])) {
$args['sp_id'] = $args['id'];
}
}
if (empty($args['sp_uid'])) {
$args['sp_uid'] = $_USER['uid'];
}
if (empty($args['sp_title']) && !empty($args['title'])) {
$args['sp_title'] = $args['title'];
}
if (empty($args['sp_content']) && !empty($args['content'])) {
$args['sp_content'] = $args['content'];
}
if (isset($args['category']) && is_array($args['category']) && !empty($args['category'][0])) {
$args['sp_tid'] = $args['category'][0];
}
if (!isset($args['owner_id'])) {
$args['owner_id'] = $_USER['uid'];
}
if (empty($args['group_id'])) {
$args['group_id'] = SEC_getFeatureGroup('staticpages.edit', $_USER['uid']);
}
$args['sp_id'] = COM_sanitizeID($args['sp_id']);
if (!$gl_edit) {
if (strlen($args['sp_id']) > STATICPAGE_MAX_ID_LENGTH) {
if (function_exists('WS_makeId')) {
$args['sp_id'] = WS_makeId($slug, STATICPAGE_MAX_ID_LENGTH);
} else {
$args['sp_id'] = COM_makeSid();
}
}
}
// Apply filters to the parameters passed by the webservice
if ($args['gl_svc']) {
$par_str = array('mode', 'sp_id', 'sp_old_id', 'sp_tid', 'sp_format', 'postmode');
$par_num = array('sp_uid', 'sp_hits', 'owner_id', 'group_id', 'sp_where', 'sp_php', 'commentcode', 'sp_search', 'sp_status');
foreach ($par_str as $str) {
if (isset($args[$str])) {
$args[$str] = COM_applyBasicFilter($args[$str]);
} else {
$args[$str] = '';
}
}
foreach ($par_num as $num) {
if (isset($args[$num])) {
$args[$num] = COM_applyBasicFilter($args[$num], true);
} else {
$args[$num] = 0;
}
}
}
// START: Staticpages defaults
if ($args['sp_status'] != 1) {
$args['sp_status'] = 0;
}
if (empty($args['sp_format'])) {
$args['sp_format'] = 'allblocks';
}
if (empty($args['sp_tid'])) {
$args['sp_tid'] = 'all';
}
if ($args['sp_where'] < 0 || $args['sp_where'] > 4) {
$args['sp_where'] = 0;
}
if ($args['sp_php'] < 0 || $args['sp_php'] > 2) {
$args['sp_php'] = 0;
}
if ($args['commentcode'] < -1 || $args['commentcode'] > 1) {
$args['commentcode'] = $_CONF['comment_code'];
}
if ($args['sp_search'] != 1) {
$args['sp_search'] = 0;
}
if ($args['gl_svc']) {
// Permissions
if (!isset($args['perm_owner'])) {
$args['perm_owner'] = $_SP_CONF['default_permissions'][0];
} else {
$args['perm_owner'] = COM_applyBasicFilter($args['perm_owner'], true);
}
if (!isset($args['perm_group'])) {
$args['perm_group'] = $_SP_CONF['default_permissions'][1];
} else {
$args['perm_group'] = COM_applyBasicFilter($args['perm_group'], true);
}
if (!isset($args['perm_members'])) {
$args['perm_members'] = $_SP_CONF['default_permissions'][2];
} else {
$args['perm_members'] = COM_applyBasicFilter($args['perm_members'], true);
}
if (!isset($args['perm_anon'])) {
$args['perm_anon'] = $_SP_CONF['default_permissions'][3];
} else {
$args['perm_anon'] = COM_applyBasicFilter($args['perm_anon'], true);
}
if (!isset($args['sp_onmenu'])) {
$args['sp_onmenu'] = '';
} else {
if ($args['sp_onmenu'] == 'on' && empty($args['sp_label'])) {
$svc_msg['error_desc'] = 'Menu label missing';
return PLG_RET_ERROR;
}
}
if (empty($args['sp_content'])) {
$svc_msg['error_desc'] = 'No content';
return PLG_RET_ERROR;
}
if (empty($args['sp_inblock']) && $_SP_CONF['in_block'] == '1') {
$args['sp_inblock'] = 'on';
}
if (empty($args['sp_centerblock'])) {
$args['sp_centerblock'] = '';
}
}
// END: Staticpages defaults
$sp_id = $args['sp_id'];
$sp_status = $args['sp_status'];
$sp_uid = $args['sp_uid'];
$sp_title = $args['sp_title'];
$sp_content = $args['sp_content'];
$sp_hits = $args['sp_hits'];
$sp_format = $args['sp_format'];
$sp_onmenu = $args['sp_onmenu'];
$sp_label = '';
if (!empty($args['sp_label'])) {
$sp_label = $args['sp_label'];
}
$commentcode = $args['commentcode'];
$owner_id = $args['owner_id'];
$group_id = $args['group_id'];
$perm_owner = $args['perm_owner'];
$perm_group = $args['perm_group'];
$perm_members = $args['perm_members'];
$perm_anon = $args['perm_anon'];
$sp_php = $args['sp_php'];
$sp_nf = '';
if (!empty($args['sp_nf'])) {
$sp_nf = $args['sp_nf'];
}
$sp_old_id = $args['sp_old_id'];
$sp_centerblock = $args['sp_centerblock'];
$sp_help = '';
if (!empty($args['sp_help'])) {
$sp_help = $args['sp_help'];
}
$sp_tid = $args['sp_tid'];
$sp_where = $args['sp_where'];
$sp_inblock = $args['sp_inblock'];
$postmode = $args['postmode'];
$sp_search = $args['sp_search'];
if ($gl_edit && !empty($args['gl_etag'])) {
// First load the original staticpage to check if it has been modified
$o = array();
$s = array();
$r = service_get_staticpages(array('sp_id' => $sp_old_id, 'gl_svc' => true), $o, $s);
if ($r == PLG_RET_OK) {
if ($args['gl_etag'] != $o['updated']) {
$svc_msg['error_desc'] = 'A more recent version of the staticpage is available';
return PLG_RET_PRECONDITION_FAILED;
}
} else {
$svc_msg['error_desc'] = 'The requested staticpage no longer exists';
return PLG_RET_ERROR;
}
}
// Check for unique page ID
$duplicate_id = false;
$delete_old_page = false;
if (DB_count($_TABLES['staticpage'], 'sp_id', $sp_id) > 0) {
if ($sp_id != $sp_old_id) {
$duplicate_id = true;
}
} elseif (!empty($sp_old_id)) {
if ($sp_id != $sp_old_id) {
$delete_old_page = true;
}
}
if ($duplicate_id) {
$output .= COM_siteHeader('menu', $LANG_STATIC['staticpageeditor']);
$output .= COM_errorLog($LANG_STATIC['duplicate_id'], 2);
if (!$args['gl_svc']) {
$output .= PAGE_edit($sp_id);
}
$output .= COM_siteFooter();
$svc_msg['error_desc'] = 'Duplicate ID';
return PLG_RET_ERROR;
} elseif (!empty($sp_title) && !empty($sp_content)) {
if (empty($sp_hits)) {
$sp_hits = 0;
}
if ($sp_onmenu == 'on') {
$sp_onmenu = 1;
} else {
$sp_onmenu = 0;
}
if ($sp_nf == 'on') {
$sp_nf = 1;
} else {
$sp_nf = 0;
}
if ($sp_centerblock == 'on') {
$sp_centerblock = 1;
} else {
$sp_centerblock = 0;
}
if ($sp_inblock == 'on') {
$sp_inblock = 1;
} else {
$sp_inblock = 0;
}
// Clean up the text
if ($_SP_CONF['censor'] == 1) {
$sp_content = COM_checkWords($sp_content);
$sp_title = COM_checkWords($sp_title);
}
if ($_SP_CONF['filter_html'] == 1) {
$sp_content = COM_checkHTML($sp_content, 'staticpages.edit');
}
$sp_title = strip_tags($sp_title);
$sp_label = strip_tags($sp_label);
$sp_content = DB_escapeString($sp_content);
$sp_title = DB_escapeString($sp_title);
$sp_label = DB_escapeString($sp_label);
// If user does not have php edit perms, then set php flag to 0.
if ($_SP_CONF['allow_php'] != 1 || !SEC_hasRights('staticpages.PHP')) {
$sp_php = 0;
}
// make sure there's only one "entire page" static page per topic
if ($sp_centerblock == 1 && $sp_where == 0) {
$sql = "UPDATE {$_TABLES['staticpage']} SET sp_centerblock = 0 WHERE sp_centerblock = 1 AND sp_where = 0 AND sp_tid = '" . DB_escapeString($sp_tid) . "'";
// multi-language configuration - allow one entire page
// centerblock for all or none per language
if (!empty($_CONF['languages']) && !empty($_CONF['language_files']) && ($sp_tid == 'all' || $sp_tid == 'none')) {
$ids = explode('_', $sp_id);
if (count($ids) > 1) {
$lang_id = array_pop($ids);
$sql .= " AND sp_id LIKE '%\\_" . DB_escapeString($lang_id) . "'";
}
}
DB_query($sql);
}
$formats = array('allblocks', 'blankpage', 'leftblocks', 'rightblocks', 'noblocks');
if (!in_array($sp_format, $formats)) {
$sp_format = 'allblocks';
}
if (!$args['gl_svc']) {
list($perm_owner, $perm_group, $perm_members, $perm_anon) = SEC_getPermissionValues($perm_owner, $perm_group, $perm_members, $perm_anon);
}
DB_save($_TABLES['staticpage'], 'sp_id,sp_status,sp_uid,sp_title,sp_content,sp_date,sp_hits,sp_format,sp_onmenu,sp_label,commentcode,owner_id,group_id,' . 'perm_owner,perm_group,perm_members,perm_anon,sp_php,sp_nf,sp_centerblock,sp_help,sp_tid,sp_where,sp_inblock,postmode,sp_search', "'{$sp_id}',{$sp_status}, {$sp_uid},'{$sp_title}','{$sp_content}',NOW(),{$sp_hits},'{$sp_format}',{$sp_onmenu},'{$sp_label}','{$commentcode}',{$owner_id},{$group_id}," . "{$perm_owner},{$perm_group},{$perm_members},{$perm_anon},'{$sp_php}','{$sp_nf}',{$sp_centerblock},'{$sp_help}','{$sp_tid}',{$sp_where}," . "'{$sp_inblock}','{$postmode}',{$sp_search}");
if ($delete_old_page && !empty($sp_old_id)) {
DB_delete($_TABLES['staticpage'], 'sp_id', $sp_old_id);
DB_change($_TABLES['comments'], 'sid', DB_escapeString($sp_id), array('sid', 'type'), array(DB_escapeString($sp_old_id), 'staticpages'));
PLG_itemDeleted($sp_old_id, 'staticpages');
}
PLG_itemSaved($sp_id, 'staticpages');
$url = COM_buildURL($_CONF['site_url'] . '/page.php?page=' . $sp_id);
$output .= PLG_afterSaveSwitch($_SP_CONF['aftersave'], $url, 'staticpages');
$svc_msg['id'] = $sp_id;
return PLG_RET_OK;
} else {
$output .= COM_siteHeader('menu', $LANG_STATIC['staticpageeditor']);
$output .= COM_errorLog($LANG_STATIC['no_title_or_content'], 2);
if (!$args['gl_svc']) {
$output .= PAGE_edit($sp_id);
}
$output .= COM_siteFooter();
return PLG_RET_ERROR;
}
}
/**
* Save topic to the database
*
* @param string $tid Topic ID
* @param string $topic Name of topic (what the user sees)
* @param string $imageurl (partial) URL to topic image
* @param string $meta_description Topic meta description
* @param string $meta_keywords Topic meta keywords
* @param int $sortnum number for sort order in "Topics" block
* @param int $limitnews number of stories per page for this topic
* @param int $owner_id ID of owner
* @param int $group_id ID of group topic belongs to
* @param int $perm_owner Permissions the owner has
* @param int $perm_group Permissions the group has
* @param int $perm_member Permissions members have
* @param int $perm_anon Permissions anonymous users have
* @param string $is_default 'on' if this is the default topic
* @param string $is_archive 'on' if this is the archive topic
* @return string HTML redirect or error message
*/
function savetopic($tid, $topic, $imageurl, $meta_description, $meta_keywords, $sortnum, $limitnews, $owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon, $is_default, $is_archive)
{
global $_CONF, $_TABLES, $LANG27, $MESSAGE;
$retval = '';
// Convert array values to numeric permission values
list($perm_owner, $perm_group, $perm_members, $perm_anon) = SEC_getPermissionValues($perm_owner, $perm_group, $perm_members, $perm_anon);
$tid = COM_sanitizeID($tid);
$access = 0;
if (DB_count($_TABLES['topics'], 'tid', $tid) > 0) {
$result = DB_query("SELECT owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon FROM {$_TABLES['topics']} WHERE tid = '{$tid}'");
$A = DB_fetchArray($result);
$access = SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']);
} else {
$access = SEC_hasAccess($owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon);
}
if ($access < 3 || !SEC_inGroup($group_id)) {
$retval .= COM_siteHeader('menu', $MESSAGE[30]) . COM_showMessageText($MESSAGE[29], $MESSAGE[30]) . COM_siteFooter();
COM_accessLog("User {$_USER['username']} tried to illegally create or edit topic {$tid}.");
} elseif (!empty($tid) && !empty($topic)) {
if ($imageurl == '/images/topics/') {
$imageurl = '';
}
$topic = addslashes($topic);
$meta_description = addslashes(strip_tags($meta_description));
$meta_keywords = addslashes(strip_tags($meta_keywords));
if ($is_default == 'on') {
$is_default = 1;
DB_query("UPDATE {$_TABLES['topics']} SET is_default = 0 WHERE is_default = 1");
} else {
$is_default = 0;
}
$is_archive = $is_archive == 'on' ? 1 : 0;
$archivetid = DB_getItem($_TABLES['topics'], 'tid', "archive_flag=1");
if ($is_archive) {
// $tid is the archive topic
// - if it wasn't already, mark all its stories "archived" now
if ($archivetid != $tid) {
DB_query("UPDATE {$_TABLES['stories']} SET featured = 0, frontpage = 0, statuscode = " . STORY_ARCHIVE_ON_EXPIRE . " WHERE tid = '{$tid}'");
DB_query("UPDATE {$_TABLES['topics']} SET archive_flag = 0 WHERE archive_flag = 1");
}
} else {
// $tid is not the archive topic
// - if it was until now, reset the "archived" status of its stories
if ($archivetid == $tid) {
DB_query("UPDATE {$_TABLES['stories']} SET statuscode = 0 WHERE tid = '{$tid}'");
DB_query("UPDATE {$_TABLES['topics']} SET archive_flag = 0 WHERE archive_flag = 1");
}
}
DB_save($_TABLES['topics'], 'tid, topic, imageurl, meta_description, meta_keywords, sortnum, limitnews, is_default, archive_flag, owner_id, group_id, perm_owner, perm_group, perm_members, perm_anon', "'{$tid}', '{$topic}', '{$imageurl}', '{$meta_description}', '{$meta_keywords}','{$sortnum}','{$limitnews}',{$is_default},'{$is_archive}',{$owner_id},{$group_id},{$perm_owner},{$perm_group},{$perm_members},{$perm_anon}");
// update feed(s) and Older Stories block
COM_rdfUpToDateCheck('article', $tid);
COM_olderStuff();
$retval = COM_refresh($_CONF['site_admin_url'] . '/topic.php?msg=13');
} else {
$retval .= COM_siteHeader('menu', $LANG27[1]);
$retval .= COM_errorLog($LANG27[7], 2);
$retval .= COM_siteFooter();
}
return $retval;
}
function _loadFromArgs(&$array)
{
$corder = trim($array['corder']);
$this->_owner_id = COM_applyFilter($array['owner_id'], true);
$this->_group_id = COM_applyFilter($array['group_id'], true);
$this->_cid = COM_applyFilter(trim($array['cid']));
$this->_old_cid = COM_applyFilter(trim($array['old_cid']));
$this->_pid = COM_applyFilter(trim($array['pid']));
$this->_corder = empty($corder) ? 0 : COM_applyFilter($corder, true);
$this->_imgurl = COM_applyFilter($array['imgurl']);
$this->_imgurlold = COM_applyFilter($array['imgurlold']);
$this->_title = COM_checkHTML(COM_checkWords(trim($array['title'])));
$this->_is_enabled = $array['is_enabled'] == 'on' ? 1 : 0;
$this->_deleteimg = $array['deleteimg'] == 'on' ? 1 : 0;
// Convert array values to numeric permission values
list($this->_perm_owner, $this->_perm_group, $this->_perm_members, $this->_perm_anon) = SEC_getPermissionValues($array['perm_owner'], $array['perm_group'], $array['perm_members'], $array['perm_anon']);
$this->_editor_mode = COM_applyFilter($array['editor_mode']);
}
/**
* Saves link to the database
*
* @param string $lid ID for link
* @param string $old_lid old ID for link
* @param string $cid cid of category link belongs to
* @param string $categorydd Category links belong to
* @param string $url URL of link to save
* @param string $description Description of link
* @param string $title Title of link
* @param int $hits Number of hits for link
* @param int $owner_id ID of owner
* @param int $group_id ID of group link belongs to
* @param int $perm_owner Permissions the owner has
* @param int $perm_group Permissions the group has
* @param int $perm_members Permissions members have
* @param int $perm_anon Permissions anonymous users have
* @return string HTML redirect or error message
* @global array core config vars
* @global array core group data
* @global array core table data
* @global array core user data
* @global array core msg data
* @global array links plugin lang admin vars
*
*/
function savelink($lid, $old_lid, $cid, $categorydd, $url, $description, $title, $hits, $owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon)
{
global $_CONF, $_GROUPS, $_TABLES, $_USER, $MESSAGE, $LANG_LINKS_ADMIN, $_LI_CONF;
$retval = '';
// Convert array values to numeric permission values
if (is_array($perm_owner) or is_array($perm_group) or is_array($perm_members) or is_array($perm_anon)) {
list($perm_owner, $perm_group, $perm_members, $perm_anon) = SEC_getPermissionValues($perm_owner, $perm_group, $perm_members, $perm_anon);
}
// Remove any autotags the user doesn't have permission to use
$description = PLG_replaceTags($description, '', true);
// clean 'em up
$description = DB_escapeString(COM_checkHTML(COM_checkWords($description), 'links.edit'));
$title = DB_escapeString(strip_tags(COM_checkWords($title)));
$cid = DB_escapeString($cid);
if (empty($owner_id)) {
// this is new link from admin, set default values
$owner_id = $_USER['uid'];
if (isset($_GROUPS['Links Admin'])) {
$group_id = $_GROUPS['Links Admin'];
} else {
$group_id = SEC_getFeatureGroup('links.edit');
}
$perm_owner = 3;
$perm_group = 2;
$perm_members = 2;
$perm_anon = 2;
}
$lid = COM_sanitizeID($lid);
$old_lid = COM_sanitizeID($old_lid);
if (empty($lid)) {
if (empty($old_lid)) {
$lid = COM_makeSid();
} else {
$lid = $old_lid;
}
}
// check for link id change
if (!empty($old_lid) && $lid != $old_lid) {
// check if new lid is already in use
if (DB_count($_TABLES['links'], 'lid', $lid) > 0) {
// TBD: abort, display editor with all content intact again
$lid = $old_lid;
// for now ...
}
}
$access = 0;
$old_lid = DB_escapeString($old_lid);
if (DB_count($_TABLES['links'], 'lid', $old_lid) > 0) {
$result = DB_query("SELECT owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon FROM {$_TABLES['links']} WHERE lid = '{$old_lid}'");
$A = DB_fetchArray($result);
$access = SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']);
} else {
$access = SEC_hasAccess($owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon);
}
if ($access < 3 || !SEC_inGroup($group_id)) {
$display .= COM_showMessageText($MESSAGE[29], $MESSAGE[30]);
$display = COM_createHTMLDocument($display, array('pagetitle' => $MESSAGE[30]));
COM_accessLog("User {$_USER['username']} tried to illegally submit or edit link {$lid}.");
COM_output($display);
exit;
} elseif (!empty($title) && !empty($description) && !empty($url)) {
if ($categorydd != $LANG_LINKS_ADMIN[7] && !empty($categorydd)) {
$cid = DB_escapeString($categorydd);
} else {
if ($categorydd != $LANG_LINKS_ADMIN[7]) {
echo COM_refresh($_CONF['site_admin_url'] . '/plugins/links/index.php');
}
}
DB_delete($_TABLES['linksubmission'], 'lid', $old_lid);
DB_delete($_TABLES['links'], 'lid', $old_lid);
DB_save($_TABLES['links'], 'lid,cid,url,description,title,date,hits,owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon', "'{$lid}','{$cid}','{$url}','{$description}','{$title}',NOW(),'{$hits}',{$owner_id},{$group_id},{$perm_owner},{$perm_group},{$perm_members},{$perm_anon}");
if (empty($old_lid) || $old_lid == $lid) {
PLG_itemSaved($lid, 'links');
} else {
PLG_itemSaved($lid, 'links', $old_lid);
}
// Get category for rdf check
$category = DB_getItem($_TABLES['linkcategories'], "category", "cid='{$cid}'");
COM_rdfUpToDateCheck('links', $category, $lid);
return PLG_afterSaveSwitch($_LI_CONF['aftersave'], COM_buildURL("{$_CONF['site_url']}/links/portal.php?what=link&item={$lid}"), 'links', 2);
} else {
// missing fields
$retval .= COM_errorLog($LANG_LINKS_ADMIN[10], 2);
if (DB_count($_TABLES['links'], 'lid', $old_lid) > 0) {
$retval .= editlink('edit', $old_lid);
} else {
$retval .= editlink('edit', '');
}
$retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG_LINKS_ADMIN[1]));
return $retval;
}
}
/**
* Sets all variables to the matching values from $rows.
*
* @param array $row Array of values, from DB or $_POST
* @param boolean $fromDB True if read from DB, false if from $_POST
*/
public function SetVars($row, $fromDB = false)
{
global $_EV_CONF;
if (!is_array($row)) {
return;
}
$this->date_start1 = isset($row['date_start1']) && !empty($row['date_start1']) ? $row['date_start1'] : date('Y-m-d');
$this->date_end1 = isset($row['date_end1']) && !empty($row['date_end1']) ? $row['date_end1'] : $this->date_start1;
$this->cal_id = $row['cal_id'];
$this->show_upcoming = isset($row['show_upcoming']) ? 1 : 0;
$this->recurring = isset($row['recurring']) && $row['recurring'] == 1 ? 1 : 0;
$this->show_upcoming = isset($row['show_upcoming']) && $row['show_upcoming'] == 1 ? 1 : 0;
if (isset($row['allday']) && $row['allday'] == 1) {
$this->allday = 1;
$this->split = 0;
} else {
$this->allday = 0;
$this->split = isset($row['split']) && $row['split'] == 1 ? 1 : 0;
}
// Multi-day events can't be split
if ($this->date_start1 != $this->date_end1) {
$this->split = 0;
}
$this->status = isset($row['status']) && $row['status'] == 1 ? 1 : 0;
$this->postmode = isset($row['postmode']) && $row['postmode'] == 'html' ? 'html' : 'plaintext';
$this->enable_reminders = isset($row['enable_reminders']) && $row['enable_reminders'] == 1 ? 1 : 0;
$this->owner_id = $row['owner_id'];
$this->group_id = $row['group_id'];
//$this->title = $row['title'];
if (isset($row['categories']) && is_array($row['categories'])) {
$this->categories = $row['categories'];
}
// Join or split the date values as needed
if ($fromDB) {
// dates are YYYY-MM-DD
$this->id = isset($row['id']) ? $row['id'] : '';
$this->rec_data = unserialize($row['rec_data']);
if (!$this->rec_data) {
$this->rec_data = array();
}
$this->det_id = $row['det_id'];
$this->hits = $row['hits'];
$this->perm_owner = $row['perm_owner'];
$this->perm_group = $row['perm_group'];
$this->perm_members = $row['perm_members'];
$this->perm_anon = $row['perm_anon'];
$this->time_start1 = $row['time_start1'];
$this->time_end1 = $row['time_end1'];
$this->time_start2 = $row['time_start2'];
$this->time_end2 = $row['time_end2'];
$this->options = unserialize($row['options']);
if (!$this->options) {
$this->options = array();
}
} else {
// Coming from the form
$this->id = isset($row['eid']) ? $row['eid'] : '';
// Ignore time entries & set to all day if flagged as such
if (isset($row['allday']) && $row['allday'] == '1') {
$this->time_start1 = '00:00:00';
$this->time_end1 = '23:59:59';
} else {
$tmp = EVLIST_12to24($row['starthour1'], $row['start1_ampm']);
$this->time_start1 = sprintf('%02d:%02d:00', $tmp, $row['startminute1']);
$tmp = EVLIST_12to24($row['endhour1'], $row['end1_ampm']);
$this->time_end1 = sprintf('%02d:%02d:00', $tmp, $row['endminute1']);
}
// If split, record second time/date values.
// Splits don't support allday events
if ($this->split == 1) {
$tmp = EVLIST_12to24($row['starthour2'], $row['start2_ampm']);
$this->time_start2 = sprintf('%02d:%02d:00', $tmp, $row['startminute2']);
$tmp = EVLIST_12to24($row['endhour2'], $row['end2_ampm']);
$this->time_end2 = sprintf('%02d:%02d:00', $tmp, $row['endminute1']);
} else {
$this->time_start2 = NULL;
$this->time_end2 = NULL;
}
if (isset($_POST['perm_owner'])) {
$perms = SEC_getPermissionValues($row['perm_owner'], $row['perm_group'], $row['perm_members'], $row['perm_anon']);
$this->perm_owner = $perms[0];
$this->perm_group = $perms[1];
$this->perm_members = $perms[2];
$this->perm_anon = $perms[3];
}
$this->owner_id = $row['owner_id'];
$this->group_id = $row['group_id'];
$this->options['contactlink'] = isset($row['contactlink']) ? 1 : 0;
$this->options['tickets'] = array();
if ($_EV_CONF['enable_rsvp']) {
$this->options['use_rsvp'] = (int) $row['use_rsvp'];
$this->options['max_rsvp'] = (int) $row['max_rsvp'];
$this->options['rsvp_waitlist'] = isset($row['rsvp_waitlist']) ? 1 : 0;
$this->options['rsvp_cutoff'] = (int) $row['rsvp_cutoff'];
if ($this->options['max_rsvp'] < 0) {
$this->options['max_rsvp'] = 0;
}
$this->options['max_user_rsvp'] = (int) $row['max_user_rsvp'];
if (!isset($row['tickets']) || !is_array($row['tickets'])) {
// if no ticket specified but rsvp is ensabled, make sure
// the general admission ticket is set for free
$row['tickets'] = array(1);
$row['tick_fees'] = array(0);
}
foreach ($row['tickets'] as $tick_id => $tick_data) {
$tick_fee = isset($row['tick_fees'][$tick_id]) ? (double) $row['tick_fees'][$tick_id] : 0;
$this->options['tickets'][$tick_id] = array('fee' => $tick_fee);
}
$this->options['rsvp_print'] = $row['rsvp_print'];
} else {
$this->options['use_rsvp'] = 0;
$this->options['max_rsvp'] = 0;
$this->options['rsvp_cutoff'] = 0;
$this->options['rsvp_waitlist'] = 0;
$this->options['max_user_rsvp'] = 1;
$this->options['rsvp_print'] = 0;
}
}
}
/**
* Save topic to the database
*
* @param string $tid Topic ID
* @param string $topic Name of topic (what the user sees)
* @param string $imageurl (partial) URL to topic image
* @param int $sortnum number for sort order in "Topics" block
* @param int $limitnews number of stories per page for this topic
* @param int $owner_id ID of owner
* @param int $group_id ID of group topic belongs to
* @param int $perm_owner Permissions the owner has
* @param int $perm_group Permissions the group has
* @param int $perm_members Permissions members have
* @param int $perm_anon Permissions anonymous users have
* @param string $is_default 'on' if this is the default topic
* @param string $archive_flag 'on' if this is the archive topic
* @return string HTML redirect or error message
*/
function TOPIC_save($T)
{
global $_CONF, $_TABLES, $LANG27, $MESSAGE;
$retval = '';
$tid = isset($T['tid']) ? $T['tid'] : '';
$topic = $T['topic'];
$imageurl = $T['imageurl'];
$sortnum = $T['sortnum'];
$sort_by = $T['sort_by'];
$limitnews = $T['limitnews'];
$sort_dir = $T['sort_dir'];
$owner_id = $T['owner_id'];
$group_id = $T['group_id'];
$perm_owner = $T['perm_owner'];
$perm_group = $T['perm_group'];
$perm_members = $T['perm_members'];
$perm_anon = $T['perm_anon'];
$is_default = $T['is_default'];
$archive_flag = $T['archive_flag'];
// error checks...
if (empty($tid)) {
$msg = $LANG27[7];
$retval .= COM_siteHeader();
$retval .= TOPIC_edit('', $T, $msg);
$retval .= COM_siteFooter();
return $retval;
}
if (empty($topic)) {
$msg = $LANG27[7];
$retval .= COM_siteHeader();
$retval .= TOPIC_edit('', $T, $msg);
$retval .= COM_siteFooter();
return $retval;
}
if (strstr($tid, ' ')) {
$msg = $LANG27[42];
$retval .= COM_siteHeader();
$retval .= TOPIC_edit('', $T, $msg);
$retval .= COM_siteFooter();
return $retval;
}
if ($sortnum != '') {
$tidSortNumber = DB_getItem($_TABLES['topics'], 'sortnum', 'tid="' . DB_escapeString($sortnum) . '"');
$newSortNum = $tidSortNumber + 1;
} else {
$newSortNum = 0;
}
$T['sortnum'] = $newSortNum;
list($perm_owner, $perm_group, $perm_members, $perm_anon) = SEC_getPermissionValues($perm_owner, $perm_group, $perm_members, $perm_anon);
$tid = COM_sanitizeID($tid);
$access = 0;
if (DB_count($_TABLES['topics'], 'tid', $tid) > 0) {
$result = DB_query("SELECT owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon FROM {$_TABLES['topics']} WHERE tid = '{$tid}'");
$A = DB_fetchArray($result);
if (SEC_inGroup('Topic Admin')) {
$access = 3;
} else {
$access = SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']);
}
} else {
if (SEC_inGroup('Topic Admin')) {
$access = 3;
} else {
$access = SEC_hasAccess($owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon);
}
}
if ($access < 3 || !SEC_inGroup($group_id)) {
$retval .= COM_siteHeader('menu', $MESSAGE[30]);
$retval .= COM_showMessageText($MESSAGE[32], $MESSAGE[30], true);
$retval .= COM_siteFooter();
COM_accessLog("User {$_USER['username']} tried to illegally create or edit topic {$tid}.");
} elseif (!empty($tid) && !empty($topic)) {
if ($imageurl == '/images/topics/') {
$imageurl = '';
}
$topic = DB_escapeString(strip_tags($topic));
if ($is_default == 'on') {
$is_default = 1;
DB_query("UPDATE {$_TABLES['topics']} SET is_default = 0 WHERE is_default = 1");
} else {
$is_default = 0;
}
$archive_flag = $archive_flag == 'on' ? 1 : 0;
$archivetid = DB_getItem($_TABLES['topics'], 'tid', "archive_flag=1");
if ($archive_flag) {
// $tid is the archive topic
// - if it wasn't already, mark all its stories "archived" now
if ($archivetid != $tid) {
DB_query("UPDATE {$_TABLES['stories']} SET featured = 0, frontpage = 0, statuscode = " . STORY_ARCHIVE_ON_EXPIRE . " WHERE tid = '{$tid}'");
DB_query("UPDATE {$_TABLES['topics']} SET archive_flag = 0 WHERE archive_flag = 1");
}
} else {
// $tid is not the archive topic
// - if it was until now, reset the "archived" status of its stories
if ($archivetid == $tid) {
DB_query("UPDATE {$_TABLES['stories']} SET statuscode = 0 WHERE tid = '{$tid}'");
DB_query("UPDATE {$_TABLES['topics']} SET archive_flag = 0 WHERE archive_flag = 1");
}
}
if ($sortnum != '') {
$tidSortNumber = DB_getItem($_TABLES['topics'], 'sortnum', 'tid="' . DB_escapeString($sortnum) . '"');
$newSortNum = $tidSortNumber + 1;
} else {
$newSortNum = 0;
}
DB_save($_TABLES['topics'], 'tid, topic, imageurl, sortnum, sort_by, sort_dir, limitnews, is_default, archive_flag, owner_id, group_id, perm_owner, perm_group, perm_members, perm_anon', "'{$tid}', '{$topic}', '{$imageurl}','{$newSortNum}',{$sort_by},'{$sort_dir}','{$limitnews}',{$is_default},'{$archive_flag}',{$owner_id},{$group_id},{$perm_owner},{$perm_group},{$perm_members},{$perm_anon}");
TOPIC_reorderTopics();
// update feed(s) and Older Stories block
COM_rdfUpToDateCheck('article', $tid);
COM_olderStuff();
CACHE_remove_instance('stmenu');
COM_setMessage(13);
$retval = COM_refresh($_CONF['site_admin_url'] . '/topic.php');
} else {
$retval .= COM_siteHeader('menu', $LANG27[1]);
$retval .= COM_errorLog($LANG27[7], 2);
$retval .= COM_siteFooter();
}
return $retval;
}
/**
* Saves a Auto Tag to the database
*
*/
function saveautotags($tag, $old_tag, $description, $is_enabled, $is_function, $replacement, $owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon)
{
global $_CONF, $LANG_AUTO, $_AUTO_CONF, $_TABLES;
// Convert array values to numeric permission values
if (is_array($perm_owner) or is_array($perm_group) or is_array($perm_members) or is_array($perm_anon)) {
list($perm_owner, $perm_group, $perm_members, $perm_anon) = SEC_getPermissionValues($perm_owner, $perm_group, $perm_members, $perm_anon);
}
$old_tag = COM_applyFilter($old_tag);
// Check for unique page ID
$duplicate_id = false;
$delete_old_page = false;
if (DB_count($_TABLES['autotags'], 'tag', $tag) > 0) {
if ($tag != $old_tag) {
$duplicate_id = true;
}
} elseif (!empty($old_tag)) {
if ($tag != $old_tag) {
$delete_old_page = true;
}
}
$is_function = $is_function == 'on' ? 1 : 0;
// If user does not have php edit perms, then set php flag to 0.
if ($_AUTO_CONF['allow_php'] != 1 || !SEC_hasRights('autotags.PHP')) {
$is_function = 0;
}
$retval = '';
if ($duplicate_id) {
$retval .= COM_siteHeader();
$retval .= COM_errorLog($LANG_AUTO['duplicate_tag'], 2);
$retval .= autotagseditor($tag);
$retval .= COM_siteFooter();
} elseif (!empty($tag) && in_array($tag, autotags_existing_tags())) {
$retval .= COM_siteHeader();
$retval .= COM_errorLog($LANG_AUTO['disallowed_tag'], 2);
$retval .= autotagseditor('');
$retval .= COM_siteFooter();
} elseif (!empty($tag) && (!empty($replacement) || $is_function == 1)) {
if ($is_enabled == 'on') {
$is_enabled = 1;
} else {
$is_enabled = 0;
}
// Clean up the text
$description = strip_tags($description);
$description = addslashes($description);
$replacement = addslashes($replacement);
DB_save($_TABLES['autotags'], 'tag,description,is_enabled,is_function,replacement,owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon', "'{$tag}','{$description}',{$is_enabled},{$is_function},'{$replacement}',{$owner_id},{$group_id},{$perm_owner},{$perm_group},{$perm_members},{$perm_anon}");
if ($delete_old_page && !empty($old_tag)) {
DB_delete($_TABLES['autotags'], 'tag', $old_tag);
}
$retval = COM_refresh($_CONF['site_admin_url'] . '/plugins/autotags/index.php');
} else {
$retval .= COM_siteHeader();
$retval .= COM_errorLog($LANG_AUTO['no_tag_or_replacement'], 2);
$retval .= autotagseditor($tag);
$retval .= COM_siteFooter();
}
return $retval;
}
if ($cat_id > 0) {
//catDelImage($cat_id);
adCategory::DelImage($cat_id);
}
$view = 'editcat';
break;*/
case 'resetadperms':
$perms = SEC_getPermissionValues($_POST['perm_owner'], $_POST['perm_group'], $_POST['perm_members'], $_POST['perm_anon']);
$sql = "UPDATE\n {$_TABLES['ad_ads']}\n SET\n perm_owner={$perms[0]},\n perm_group={$perms[1]},\n perm_members={$perms[2]},\n perm_anon={$perms[3]},\n group_id=" . COM_applyFilter($_POST['group_id'], true);
DB_query($sql);
$content .= COM_showMessage('09', $_CONF_ADVT['pi_name']);
$view = 'admin';
$actionval = 'other';
break;
case 'resetcatperms':
$perms = SEC_getPermissionValues($_POST['perm_owner'], $_POST['perm_group'], $_POST['perm_members'], $_POST['perm_anon']);
$sql = "UPDATE\n {$_TABLES['ad_category']}\n SET\n perm_owner={$perms[0]},\n perm_group={$perms[1]},\n perm_members={$perms[2]},\n perm_anon={$perms[3]},\n group_id=" . COM_applyFilter($_POST['group_id'], true);
DB_query($sql);
$content .= COM_showMessage('09', $_CONF_ADVT['pi_name']);
$view = 'admin';
$actionval = 'other';
break;
case 'toggleadtype':
USES_classifieds_class_adtype();
AdType::toggleEnabled($ad_id, $_REQUEST['enabled']);
$view = 'admintypes';
break;
/* case 'saveadtype':
USES_classifieds_class_adtype();
$AdType = new AdType($ad_id);
$AdType->SetVars($_POST);
/**
* Saves a poll
* Saves a poll topic and potential answers to the database
*
* @param string $pid Poll topic ID
* @param string $old_pid Previous poll topic ID
* @param array $Q Array of poll questions
* @param string $mainPage Checkbox: poll appears on homepage
* @param string $topic The text for the topic
* @param string $meta_description
* @param string $meta_keywords
* @param int $statusCode (unused)
* @param string $open Checkbox: poll open for voting
* @param string $hideResults Checkbox: hide results until closed
* @param int $commentCode Indicates if users can comment on poll
* @param array $A Array of possible answers
* @param array $V Array of vote per each answer
* @param array $R Array of remark per each answer
* @param int $owner_id ID of poll owner
* @param int $group_id ID of group poll belongs to
* @param int $perm_owner Permissions the owner has on poll
* @param int $perm_group Permissions the group has on poll
* @param int $perm_members Permissions logged in members have on poll
* @param int $perm_anon Permissions anonymous users have on poll
* @param bool $allow_multipleanswers
* @param string $topic_description
* @param string $description
* @return string|void
*/
function savepoll($pid, $old_pid, $Q, $mainPage, $topic, $meta_description, $meta_keywords, $statusCode, $open, $hideResults, $commentCode, $A, $V, $R, $owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon, $allow_multipleanswers, $topic_description, $description)
{
global $_CONF, $_TABLES, $_USER, $LANG21, $LANG25, $MESSAGE, $_POLL_VERBOSE, $_PO_CONF;
$retval = '';
// Convert array values to numeric permission values
list($perm_owner, $perm_group, $perm_members, $perm_anon) = SEC_getPermissionValues($perm_owner, $perm_group, $perm_members, $perm_anon);
$topic = COM_stripslashes($topic);
$topic = COM_checkHTML($topic);
$topic_description = strip_tags(COM_stripslashes($topic_description));
$meta_description = strip_tags(COM_stripslashes($meta_description));
$meta_keywords = strip_tags(COM_stripslashes($meta_keywords));
$pid = COM_sanitizeID($pid);
$old_pid = COM_sanitizeID($old_pid);
if (empty($pid)) {
if (empty($old_pid)) {
$pid = COM_makeSid();
} else {
$pid = $old_pid;
}
}
// check if any question was entered
if (empty($topic) || count($Q) === 0 || strlen($Q[0]) === 0 || strlen($A[0][0]) === 0) {
$retval .= COM_showMessageText($LANG25[2], $LANG21[32]);
$retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG25[5]));
return $retval;
}
if (!SEC_checkToken()) {
COM_accessLog("User {$_USER['username']} tried to save poll {$pid} and failed CSRF checks.");
COM_redirect($_CONF['site_admin_url'] . '/plugins/polls/index.php');
}
// check for poll id change
if (!empty($old_pid) && $pid != $old_pid) {
// check if new pid is already in use
if (DB_count($_TABLES['polltopics'], 'pid', $pid) > 0) {
// TBD: abort, display editor with all content intact again
$pid = $old_pid;
// for now ...
}
}
// start processing the poll topic
if ($_POLL_VERBOSE) {
COM_errorLog('**** Inside savepoll() in ' . $_CONF['site_admin_url'] . '/plugins/polls/index.php ***');
}
if (DB_count($_TABLES['polltopics'], 'pid', $pid) > 0) {
$result = DB_query("SELECT owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon FROM {$_TABLES['polltopics']} WHERE pid = '{$pid}'");
$P = DB_fetchArray($result);
$access = SEC_hasAccess($P['owner_id'], $P['group_id'], $P['perm_owner'], $P['perm_group'], $P['perm_members'], $P['perm_anon']);
} else {
$access = SEC_hasAccess($owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon);
}
if ($access < 3 || !SEC_inGroup($group_id)) {
$display = COM_showMessageText($MESSAGE[29], $MESSAGE[30]);
$display = COM_createHTMLDocument($display, array('pagetitle' => $MESSAGE[30]));
COM_accessLog("User {$_USER['username']} tried to illegally submit or edit poll {$pid}.");
COM_output($display);
exit;
}
if ($_POLL_VERBOSE) {
COM_errorLog('owner permissions: ' . $perm_owner, 1);
COM_errorLog('group permissions: ' . $perm_group, 1);
COM_errorLog('member permissions: ' . $perm_members, 1);
COM_errorLog('anonymous permissions: ' . $perm_anon, 1);
}
// we delete everything and re-create it with the input from the form
$del_pid = $pid;
if (!empty($old_pid) && $pid != $old_pid) {
$del_pid = $old_pid;
// delete by old pid, create using new pid below
}
// Retrieve Created Date before delete
$created_date = DB_getItem($_TABLES['polltopics'], 'created', "pid = '{$del_pid}'");
if ($created_date == '') {
$created_date = date('Y-m-d H:i:s');
}
DB_delete($_TABLES['polltopics'], 'pid', $del_pid);
DB_delete($_TABLES['pollanswers'], 'pid', $del_pid);
DB_delete($_TABLES['pollquestions'], 'pid', $del_pid);
$topic = GLText::remove4byteUtf8Chars($topic);
$topic = DB_escapeString($topic);
$topic_description = GLText::remove4byteUtf8Chars($topic_description);
$topic_description = DB_escapeString($topic_description);
$meta_description = GLText::remove4byteUtf8Chars($meta_description);
$meta_description = DB_escapeString($meta_description);
$meta_keywords = GLText::remove4byteUtf8Chars($meta_keywords);
$meta_keywords = DB_escapeString($meta_keywords);
$k = 0;
// set up a counter to make sure we do assign a straight line of question id's
// first dimension of array are the questions
$num_questions = count($Q);
$num_total_votes = 0;
$num_questions_exist = 0;
for ($i = 0; $i < $num_questions; $i++) {
$Q[$i] = COM_stripslashes($Q[$i]);
$Q[$i] = COM_checkHTML($Q[$i]);
$Q[$i] = GLText::remove4byteUtf8Chars($Q[$i]);
$allow_multipleanswers[$i] = GLText::remove4byteUtf8Chars(COM_stripslashes($allow_multipleanswers[$i]));
$description[$i] = GLText::remove4byteUtf8Chars(COM_checkHTML(COM_stripslashes($description[$i])));
if ($allow_multipleanswers[$i] == 'on') {
$allow_multipleanswers[$i] = 1;
} else {
$allow_multipleanswers[$i] = 0;
}
if (strlen($Q[$i]) > 0) {
// only insert questions that exist
$num_questions_exist++;
$Q[$i] = DB_escapeString($Q[$i]);
DB_save($_TABLES['pollquestions'], 'qid, pid, question,allow_multipleanswers,description', "'{$k}', '{$pid}', '{$Q[$i]}','{$allow_multipleanswers[$i]}','{$description[$i]}'");
// within the questions, we have another dimensions with answers,
// votes and remarks
$num_answers = count($A[$i]);
for ($j = 0; $j < $num_answers; $j++) {
$A[$i][$j] = COM_stripslashes($A[$i][$j]);
$A[$i][$j] = COM_checkHTML($A[$i][$j]);
$A[$i][$j] = GLText::remove4byteUtf8Chars($A[$i][$j]);
$R[$i][$j] = COM_stripslashes($R[$i][$j]);
$R[$i][$j] = COM_checkHTML($R[$i][$j]);
$R[$i][$j] = GLText::remove4byteUtf8Chars($R[$i][$j]);
if (strlen($A[$i][$j]) > 0) {
// only insert answers etc that exist
if (!is_numeric($V[$i][$j])) {
$V[$i][$j] = "0";
}
$A[$i][$j] = DB_escapeString($A[$i][$j]);
$R[$i][$j] = DB_escapeString($R[$i][$j]);
$sql = "INSERT INTO {$_TABLES['pollanswers']} (pid, qid, aid, answer, votes, remark) VALUES " . "('{$pid}', '{$k}', " . ($j + 1) . ", '{$A[$i][$j]}', {$V[$i][$j]}, '{$R[$i][$j]}');";
DB_query($sql);
$num_total_votes = $num_total_votes + $V[$i][$j];
}
}
$k++;
}
}
// determine the number of voters (cannot use records in pollvoters table since they get deleted after a time $_PO_CONF['polladdresstime'])
if ($num_questions_exist > 0) {
$numVoters = $num_total_votes / $num_questions_exist;
} else {
// This shouldn't happen
$numVoters = $num_total_votes;
}
// save topics after the questions so we can include question count into table
$sql = "'{$pid}','{$topic}','{$meta_description}','{$meta_keywords}',{$numVoters}, {$k}, '{$created_date}', '" . date('Y-m-d H:i:s');
if ($mainPage == 'on') {
$sql .= "',1";
} else {
$sql .= "',0";
}
if ($open == 'on') {
$sql .= ",1";
} else {
$sql .= ",0";
}
if ($hideResults == 'on') {
$sql .= ",1";
} else {
$sql .= ",0";
}
$sql .= ",'{$statusCode}','{$commentCode}',{$owner_id},{$group_id},{$perm_owner},{$perm_group},{$perm_members},{$perm_anon},'{$topic_description}'";
// Save poll topic
DB_save($_TABLES['polltopics'], "pid, topic, meta_description, meta_keywords, voters, questions, created, modified, display, is_open, hideresults, statuscode, commentcode, owner_id, group_id, perm_owner, perm_group, perm_members, perm_anon,description", $sql);
if (empty($old_pid) || $old_pid == $pid) {
PLG_itemSaved($pid, 'polls');
} else {
DB_change($_TABLES['comments'], 'sid', DB_escapeString($pid), array('sid', 'type'), array(DB_escapeString($old_pid), 'polls'));
DB_change($_TABLES['pollvoters'], 'pid', DB_escapeString($pid), 'pid', DB_escapeString($old_pid));
PLG_itemSaved($pid, 'polls', $old_pid);
}
if ($_POLL_VERBOSE) {
COM_errorLog('**** Leaving savepoll() in ' . $_CONF['site_admin_url'] . '/plugins/polls/index.php ***');
}
return PLG_afterSaveSwitch($_PO_CONF['aftersave'], $_CONF['site_url'] . '/polls/index.php?pid=' . $pid, 'polls', 19);
}
/**
* Insert or update an ad with form values. Setting $admin to true
* allows ads to be saved on behalf of another user.
*
* @param string $savetype Save action to perform
* @return array
* [0] = string value of page to redirect to
* [1] = content of any error message or text
*/
function adSave($savetype = 'edit')
{
global $_TABLES, $_CONF_ADVT, $_USER, $_CONF, $LANG_ADVT, $LANG12;
global $LANG_ADMIN;
$admin = SEC_hasRights($_CONF_ADVT['pi_name'] . '.admin');
// Sanitize form variables. There should always be an ad id defined
$A = array();
if (isset($_POST['ad_id'])) {
$A['ad_id'] = COM_sanitizeID($_POST['ad_id'], false);
} elseif (isset($_POST['id'])) {
$A['ad_id'] = COM_sanitizeID($_POST['id'], false);
}
if ($A['ad_id'] == '') {
return array(CLASSIFIEDS_URL, 'Missing Ad ID');
}
// Make sure the current user can edit this ad.
if (CLASSIFIEDS_checkAccess($A['ad_id']) < 3) {
return array();
}
$A['subject'] = trim($_POST['subject']);
$A['descript'] = trim($_POST['descript']);
if ($_POST['postmode'] == 'plaintext') {
$A['descript'] = nl2br($A['descript']);
}
$A['price'] = trim($_POST['price']);
$A['url'] = COM_sanitizeUrl($_POST['url'], array('http', 'https'), 'http');
$A['catid'] = (int) $_POST['catid'];
$A['ad_type'] = (int) $_POST['ad_type'];
$A['keywords'] = trim($_POST['keywords']);
$A['add_date'] = COM_applyFilter($_POST['add_date'], true);
$A['exp_date'] = COM_applyFilter($_POST['exp_date'], true);
if ($A['exp_date'] == 0) {
$A['exp_date'] = $A['add_date'];
}
$A['exp_sent'] = (int) $_POST['exp_sent'] == 1 ? 1 : 0;
$A['owner_id'] = (int) $_POST['owner_id'];
$A['group_id'] = (int) $_POST['group_id'];
$A['uid'] = $A['owner_id'];
$A['comments_enabled'] = (int) $_POST['comments_enabled'];
switch ($savetype) {
case 'moderate':
case 'adminupdate':
case 'savesubmission':
case 'editsubmission':
case 'submission':
$perms = SEC_getPermissionValues($_POST['perm_owner'], $_POST['perm_group'], $_POST['perm_members'], $_POST['perm_anon']);
$A['perms'] = $perms;
break;
case $LANG_ADMIN['save']:
case $LANG12[8]:
default:
$A['perms'] = array((int) $_POST['perm_owner'], (int) $_POST['perm_group'], (int) $_POST['perm_members'], (int) $_POST['perm_anon']);
break;
}
// Set anon permissions according to category if not an admin.
// To avoid form injection.
if (!$admin && DB_getItem($_TABLES['ad_category'], 'perm_anon', "cat_id='{$A['cat_id']}'") == '0') {
$A['perms'][3] = 0;
}
$photo = $_FILES['photo'];
$moredays = COM_applyFilter($_POST['moredays'], true);
if ($_CONF_ADVT['purchase_enabled'] && !$admin) {
// non-administrator is limited to the available days on account,
// if applicable.
USES_classifieds_class_userinfo();
$User = new adUserInfo();
$moredays = min($moredays, $User->getMaxDays());
}
// Validate some fields.
$errmsg = '';
if ($A['subject'] == '') {
$errmsg .= "<li>{$LANG_ADVT['subject_required']}</li>";
}
if ($A['descript'] == '') {
$errmsg .= "<li>{$LANG_ADVT['description_required']}</li>";
}
if ($errmsg != '') {
$errmsg = "<span class=\"alert\"><ul>{$errmsg}</ul></span>\n";
// return to edit page so user can correct
return array(1, $errmsg);
//return $errmsg;
}
// Calculate the new number of days. For an existing ad start from the
// date added, if new then start from now. If the ad has already expired,
// then $moredays will be added to now() rather than exp_date.
if ($moredays > 0) {
$moretime = $moredays * 86400;
$save_exp_date = $A['exp_date'];
if ($A['exp_date'] < time()) {
$basetime = time();
} else {
$basetime = $A['exp_date'];
}
$A['exp_date'] = min($basetime + $moretime, $A['add_date'] + intval($_CONF_ADVT['max_total_duration']) * 86400);
// Figure out the number of days added to this ad, and subtract
// it from the user's account.
$days_used = (int) (($A['exp_date'] - $save_exp_date) / 86400);
if ($_CONF_ADVT['purchase_enabled'] && !$admin) {
$User->UpdateDaysBalance($days_used * -1);
}
// Reset the "expiration notice sent" flag if the new date is at least
// one more day from the old one.
//if ($A['exp_date'] - $save_exp_date >= 86400) {
if ($days_used > 0) {
$A['exp_sent'] = 0;
}
}
$errmsg .= CLASSIFIEDS_UploadPhoto($A['ad_id'], 'photo');
if ($errmsg != '') {
// Display the real error message, if there is one
return array(1, "<span class=\"alert\"><ul>{$errmsg}</ul></span>\n");
//return "<span class=\"alert\"><ul>$errmsg</ul></span>\n";
}
if (($savetype == 'moderate' || $savetype == 'editsubmission' || $savetype == 'submission') && plugin_ismoderator_classifieds()) {
// If we're editing a submission, delete the submission item
// after moving data to the main table
$status = CLASSIFIEDS_insertAd($A, 'ad_ads');
if ($status == NULL) {
DB_delete($_TABLES['ad_submission'], 'ad_id', $A['ad_id']);
} else {
$errmsg = $status;
}
// Now we've duplicated most functions of the moderator approval,
// so call the plugin_ function to do the same post-approval stuff
plugin_moderationapprove_classifieds($A['ad_id'], $A['owner_id']);
} elseif (CLASSIFIEDS_checkAccess($A['ad_id']) == 3) {
CLASSIFIEDS_updateAd($A);
} else {
return array(1, "Acess Denied");
}
//$errmsg = COM_showMessage('02', $_CONF_ADVT['pi_name']);
//$errmsg = '';
if ($errmsg == '') {
return array(0, '02');
} else {
return array(1, $errmsg);
}
//return $errmsg;
}
/**
* Set values of one menuitem in global array $MI
*/
function CMED_setMI()
{
global $_CONF, $MI;
$url = trim($_POST['url']);
$icon_url = trim($_POST['icon_url']);
$menuorder = trim($_POST['menuorder']);
$MI = array('mid' => COM_applyFilter($_POST['mid']), 'pmid' => COM_applyFilter($_POST['pmid']), 'is_enabled' => $_POST['is_enabled'] == 'on' ? 1 : 0, 'type' => $_POST['type'], 'mode' => $_POST['mmode'], 'label' => $_POST['title_fixation'], 'label_var' => $_POST['title_variable'], 'php_function' => $_POST['php_function'], 'url' => empty($url) ? '' : strip_tags($url), 'icon_url' => empty($icon_url) ? '' : strip_tags($icon_url), 'tid' => COM_applyFilter($_POST['tid']), 'menuorder' => empty($menuorder) ? 0 : COM_applyFilter($menuorder, true), 'pattern' => $_POST['pattern'], 'is_preg' => $_POST['is_preg'] == 'on' ? 1 : 0, 'class_name' => COM_applyFilter($_POST['class_name']), 'owner_id' => COM_applyFilter($_POST['owner_id'], true), 'group_id' => COM_applyFilter($_POST['group_id'], true), 'perm_owner' => $_POST['perm_owner'], 'perm_group' => $_POST['perm_group'], 'perm_members' => $_POST['perm_members'], 'perm_anon' => $_POST['perm_anon'], 'old_mid' => COM_applyFilter($_POST['old_mid']));
// Convert array values to numeric permission values
list($MI['perm_owner'], $MI['perm_group'], $MI['perm_members'], $MI['perm_anon']) = SEC_getPermissionValues($MI['perm_owner'], $MI['perm_group'], $MI['perm_members'], $MI['perm_anon']);
}
/**
* Saves a block
*
* @param string $bid Block ID
* @param string $title Block title
* @param string $type Type of block
* @param int $blockorder Order block appears relative to the others
* @param string $content Content of block
* @param string $tid Topic block should appear in
* @param string $rdfurl URL to headline feed for portal blocks
* @param string $rdfupdated Date RSS/RDF feed was last updated
* @param string $rdflimit max. number of entries to import from feed
* @param string $phpblockfn Name of php function to call to get content
* @param int $onleft Flag indicates if block shows up on left or right
* @param int $owner_id ID of owner
* @param int $group_id ID of group block belongs to
* @param array $perm_owner Permissions the owner has on the object
* @param array $perm_group Permissions the group has on the object
* @param array $perm_members Permissions the logged in members have
* @param array $perm_anon Permissinos anonymous users have
* @param int $is_enabled Flag, indicates if block is enabled or not
* @return string HTML redirect or error message
*
*/
function saveblock($bid, $name, $title, $help, $type, $blockorder, $content, $tid, $rdfurl, $rdfupdated, $rdflimit, $phpblockfn, $onleft, $owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon, $is_enabled, $allow_autotags)
{
global $_CONF, $_TABLES, $LANG01, $LANG21, $MESSAGE;
$retval = '';
$title = addslashes(COM_stripslashes(strip_tags($title)));
$phpblockfn = addslashes(COM_stripslashes(trim($phpblockfn)));
if (empty($title)) {
$retval .= COM_siteHeader('menu', $LANG21[63]) . COM_startBlock($LANG21[63], '', COM_getBlockTemplate('_msg_block', 'header')) . $LANG21[64] . COM_endBlock(COM_getBlockTemplate('_msg_block', 'footer')) . editblock($bid) . COM_siteFooter();
return $retval;
}
// Convert array values to numeric permission values
list($perm_owner, $perm_group, $perm_members, $perm_anon) = SEC_getPermissionValues($perm_owner, $perm_group, $perm_members, $perm_anon);
$access = 0;
if ($bid > 0 && DB_count($_TABLES['blocks'], 'bid', $bid) > 0) {
$result = DB_query("SELECT owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon FROM {$_TABLES['blocks']} WHERE bid = '{$bid}'");
$A = DB_fetchArray($result);
$access = SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']);
} else {
$access = SEC_hasAccess($owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon);
}
if ($access < 3 || !hasBlockTopicAccess($tid) || !SEC_inGroup($group_id)) {
$retval .= COM_siteHeader('menu', $MESSAGE[30]) . COM_showMessageText($MESSAGE[29], $MESSAGE[30]) . COM_siteFooter();
COM_accessLog("User {$_USER['username']} tried to illegally create or edit block {$bid}.");
return $retval;
} elseif ($type == 'normal' && !empty($title) && !empty($content) or $type == 'portal' && !empty($title) && !empty($rdfurl) or $type == 'gldefault' && strlen($blockorder) > 0 or $type == 'phpblock' && !empty($phpblockfn) && !empty($title)) {
if ($is_enabled == 'on') {
$is_enabled = 1;
} else {
$is_enabled = 0;
}
if ($allow_autotags == 'on') {
$allow_autotags = 1;
} else {
$allow_autotags = 0;
}
if ($type == 'portal') {
$content = '';
$rdfupdated = '';
$phpblockfn = '';
// get rid of possible extra prefixes (e.g. "feed://http://...")
if (substr($rdfurl, 0, 4) == 'rss:') {
$rdfurl = substr($rdfurl, 4);
} else {
if (substr($rdfurl, 0, 5) == 'feed:') {
$rdfurl = substr($rdfurl, 5);
}
}
if (substr($rdfurl, 0, 2) == '//') {
$rdfurl = substr($rdfurl, 2);
}
$rdfurl = COM_sanitizeUrl($rdfurl, array('http', 'https'));
}
if ($type == 'gldefault') {
if ($name != 'older_stories') {
$content = '';
}
$rdfurl = '';
$rdfupdated = '';
$rdflimit = 0;
$phpblockfn = '';
}
if ($type == 'phpblock') {
// NOTE: PHP Blocks must be within a function and the function
// must start with phpblock_ as the prefix. This will prevent
// the arbitrary execution of code
if (!stristr($phpblockfn, 'phpblock_')) {
$retval .= COM_siteHeader('menu', $LANG21[37]) . COM_startBlock($LANG21[37], '', COM_getBlockTemplate('_msg_block', 'header')) . $LANG21[38] . COM_endBlock(COM_getBlockTemplate('_msg_block', 'footer')) . editblock($bid) . COM_siteFooter();
return $retval;
}
$content = '';
$rdfurl = '';
$rdfupdated = '';
$rdflimit = 0;
}
if ($type == 'normal') {
$rdfurl = '';
$rdfupdated = '';
$rdflimit = 0;
$phpblockfn = '';
$content = addslashes($content);
}
if ($rdflimit < 0) {
$rdflimit = 0;
}
if (!empty($rdfurl)) {
$rdfurl = addslashes($rdfurl);
}
if (empty($rdfupdated)) {
$rdfupdated = '0000-00-00 00:00:00';
}
if ($bid > 0) {
DB_save($_TABLES['blocks'], 'bid,name,title,help,type,blockorder,content,tid,rdfurl,rdfupdated,rdflimit,phpblockfn,onleft,owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon,is_enabled,allow_autotags,rdf_last_modified,rdf_etag', "{$bid},'{$name}','{$title}','{$help}','{$type}','{$blockorder}','{$content}','{$tid}','{$rdfurl}','{$rdfupdated}','{$rdflimit}','{$phpblockfn}',{$onleft},{$owner_id},{$group_id},{$perm_owner},{$perm_group},{$perm_members},{$perm_anon},{$is_enabled},{$allow_autotags},NULL,NULL");
} else {
$sql = "INSERT INTO {$_TABLES['blocks']} " . '(name,title,help,type,blockorder,content,tid,rdfurl,rdfupdated,rdflimit,phpblockfn,onleft,owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon,is_enabled,allow_autotags) ' . "VALUES ('{$name}','{$title}','{$help}','{$type}','{$blockorder}','{$content}','{$tid}','{$rdfurl}','{$rdfupdated}','{$rdflimit}','{$phpblockfn}',{$onleft},{$owner_id},{$group_id},{$perm_owner},{$perm_group},{$perm_members},{$perm_anon},{$is_enabled},{$allow_autotags})";
DB_query($sql);
$bid = DB_insertId();
}
if ($type == 'gldefault' && $name == 'older_stories') {
COM_olderStuff();
}
return COM_refresh($_CONF['site_admin_url'] . '/block.php?msg=11');
} else {
$retval .= COM_siteHeader('menu', $LANG21[32]) . COM_startBlock($LANG21[32], '', COM_getBlockTemplate('_msg_block', 'header'));
if ($type == 'portal') {
// Portal block is missing fields
$retval .= $LANG21[33];
} else {
if ($type == 'phpblock') {
// PHP Block is missing field
$retval .= $LANG21[34];
} else {
if ($type == 'normal') {
// Normal block is missing field
$retval .= $LANG21[35];
} else {
if ($type == 'gldefault') {
// Default geeklog field missing
$retval .= $LANG21[42];
} else {
// Layout block missing content
$retval .= $LANG21[36];
}
}
}
}
$retval .= COM_endBlock(COM_getBlockTemplate('_msg_block', 'footer')) . editblock($bid) . COM_siteFooter();
}
return $retval;
}
function fncSave($edt_flg, $navbarMenu, $menuno)
{
$pi_name = "userbox";
global $_CONF;
global $_TABLES;
global $_USER;
global $_USERBOX_CONF;
global $LANG_USERBOX_ADMIN;
global $_FILES;
$addition_def = DATABOX_getadditiondef($pi_name);
$retval = '';
// clean 'em up
$id = COM_applyFilter($_POST['id'], true);
$fieldset_id = COM_applyFilter($_POST['fieldset'], true);
//@@@@@ username fullname
$username = COM_applyFilter($_POST['username']);
$username = addslashes(COM_checkHTML(COM_checkWords($username)));
$fullname = COM_applyFilter($_POST['fullname']);
$fullname = addslashes(COM_checkHTML(COM_checkWords($fullname)));
$page_title = COM_applyFilter($_POST['page_title']);
$page_title = addslashes(COM_checkHTML(COM_checkWords($page_title)));
$description = $_POST['description'];
//COM_applyFilter($_POST['description']);
$description = addslashes(COM_checkHTML(COM_checkWords($description)));
$defaulttemplatesdirectory = COM_applyFilter($_POST['defaulttemplatesdirectory']);
$defaulttemplatesdirectory = addslashes(COM_checkHTML(COM_checkWords($defaulttemplatesdirectory)));
$draft_flag = COM_applyFilter($_POST['draft_flag'], true);
// $hits =0;
// $comments=0;
$comment_expire_flag = COM_applyFilter($_POST['comment_expire_flag'], true);
if ($comment_expire_flag) {
$comment_expire_month = COM_applyFilter($_POST['comment_expire_month'], true);
$comment_expire_day = COM_applyFilter($_POST['comment_expire_day'], true);
$comment_expire_year = COM_applyFilter($_POST['comment_expire_year'], true);
$comment_expire_hour = COM_applyFilter($_POST['comment_expire_hour'], true);
$comment_expire_minute = COM_applyFilter($_POST['comment_expire_minute'], true);
if ($comment_expire_ampm == 'pm') {
if ($comment_expire_hour < 12) {
$comment_expire_hour = $comment_expire_hour + 12;
}
}
if ($comment_expire_ampm == 'am' and $comment_expire_hour == 12) {
$comment_expire_hour = '00';
}
} else {
$comment_expire_month = 0;
$comment_expire_day = 0;
$comment_expire_year = 0;
$comment_expire_hour = 0;
$comment_expire_minute = 0;
}
$commentcode = COM_applyFilter($_POST['commentcode'], true);
$trackbackcode = COM_applyFilter($_POST['trackbackcode'], true);
$cache_time = COM_applyFilter($_POST['cache_time'], true);
$meta_description = $_POST['meta_description'];
$meta_description = addslashes(COM_checkHTML(COM_checkWords($meta_description)));
$meta_keywords = $_POST['meta_keywords'];
$meta_keywords = addslashes(COM_checkHTML(COM_checkWords($meta_keywords)));
$language_id = COM_applyFilter($_POST['language_id']);
$language_id = addslashes(COM_checkHTML(COM_checkWords($language_id)));
$category = $_POST['category'];
//@@@@@
$additionfields = $_POST['afield'];
$additionfields_old = $_POST['afield'];
$additionfields_fnm = $_POST['afield_fnm'];
$additionfields_del = $_POST['afield_del'];
$additionfields_alt = $_POST['afield_alt'];
$additionfields_date = array();
$dummy = DATABOX_cleanaddtiondatas($additionfields, $addition_def, $additionfields_fnm, $additionfields_del, $additionfields_date, $additionfields_alt);
//
$owner_id = COM_applyFilter($_POST['owner_id'], true);
$group_id = COM_applyFilter($_POST['group_id'], true);
//
$array['perm_owner'] = $_POST['perm_owner'];
$array['perm_group'] = $_POST['perm_group'];
$array['perm_members'] = $_POST['perm_members'];
$array['perm_anon'] = $_POST['perm_anon'];
if (is_array($array['perm_owner']) || is_array($array['perm_group']) || is_array($array['perm_members']) || is_array($array['perm_anon'])) {
list($perm_owner, $perm_group, $perm_members, $perm_anon) = SEC_getPermissionValues($array['perm_owner'], $array['perm_group'], $array['perm_members'], $array['perm_anon']);
} else {
$perm_owner = COM_applyBasicFilter($array['perm_owner'], true);
$perm_group = COM_applyBasicFilter($array['perm_group'], true);
$perm_members = COM_applyBasicFilter($array['perm_members'], true);
$perm_anon = COM_applyBasicFilter($array['perm_anon'], true);
}
//編集日付
$modified_autoupdate = COM_applyFilter($_POST['modified_autoupdate'], true);
if ($modified_autoupdate == 1) {
//$udate = date('Ymd');
$modified_month = date('m');
$modified_day = date('d');
$modified_year = date('Y');
$modified_hour = date('H');
$modified_minute = date('i');
} else {
$modified_month = COM_applyFilter($_POST['modified_month'], true);
$modified_day = COM_applyFilter($_POST['modified_day'], true);
$modified_year = COM_applyFilter($_POST['modified_year'], true);
$modified_hour = COM_applyFilter($_POST['modified_hour'], true);
$modified_minute = COM_applyFilter($_POST['modified_minute'], true);
$modified_ampm = COM_applyFilter($_POST['modified_ampm']);
if ($modified_ampm == 'pm') {
if ($modified_hour < 12) {
$modified_hour = $modified_hour + 12;
}
}
if ($modified_ampm == 'am' and $modified_hour == 12) {
$modified_hour = '00';
}
}
//公開日
$released_month = COM_applyFilter($_POST['released_month'], true);
$released_day = COM_applyFilter($_POST['released_day'], true);
$released_year = COM_applyFilter($_POST['released_year'], true);
$released_hour = COM_applyFilter($_POST['released_hour'], true);
$released_minute = COM_applyFilter($_POST['released_minute'], true);
if ($released_ampm == 'pm') {
if ($released_hour < 12) {
$released_hour = $released_hour + 12;
}
}
if ($released_ampm == 'am' and $released_hour == 12) {
$released_hour = '00';
}
//公開終了日
$expired_flag = COM_applyFilter($_POST['expired_flag'], true);
if ($expired_flag) {
$expired_month = COM_applyFilter($_POST['expired_month'], true);
$expired_day = COM_applyFilter($_POST['expired_day'], true);
$expired_year = COM_applyFilter($_POST['expired_year'], true);
$expired_hour = COM_applyFilter($_POST['expired_hour'], true);
$expired_minute = COM_applyFilter($_POST['expired_minute'], true);
if ($expired_ampm == 'pm') {
if ($expired_hour < 12) {
$expired_hour = $expired_hour + 12;
}
}
if ($expired_ampm == 'am' and $expired_hour == 12) {
$expired_hour = '00';
}
} else {
$expired_month = 0;
$expired_day = 0;
$expired_year = 0;
$expired_hour = 0;
$expired_minute = 0;
}
$created = COM_applyFilter($_POST['created_un']);
$orderno = mb_convert_kana($_POST['orderno'], "a");
//全角英数字を半角英数字に変換する
$orderno = COM_applyFilter($orderno, true);
//$name = mb_convert_kana($name,"AKV");
//A:半角英数字を全角英数字に変換する
//K:半角カタカナを全角カタカナに変換する
//V:濁点つきの文字を1文字に変換する (K、H と共に利用する)
//$name = str_replace ("'", "’",$name);
//$code = mb_convert_kana($code,"a");//全角英数字を半角英数字に変換する
//-----
$type = 1;
$uuid = $_USER['uid'];
// CHECK はじめ
$err = "";
//id
if ($id == 0) {
//$err.=$LANG_USERBOX_ADMIN['err_uid']."<br {XHTML}>".LB;
} else {
if (!is_numeric($id)) {
$err .= $LANG_USERBOX_ADMIN['err_id'] . "<br {XHTML}>" . LB;
}
}
//文字数制限チェック
if (mb_strlen($description, 'UTF-8') > $_USERBOX_CONF['maxlength_description']) {
$err .= $LANG_USERBOX_ADMIN['description'] . $_USERBOX_CONF['maxlength_description'] . $LANG_USERBOX_ADMIN['err_maxlength'] . "<br/>" . LB;
}
if (mb_strlen($meta_description, 'UTF-8') > $_USERBOX_CONF['maxlength_meta_description']) {
$err .= $LANG_USERBOX_ADMIN['meta_description'] . $_USERBOX_CONF['maxlength_meta_description'] . $LANG_USERBOX_ADMIN['err_maxlength'] . "<br/>" . LB;
}
if (mb_strlen($meta_keywords, 'UTF-8') > $_USERBOX_CONF['maxlength_meta_keywords']) {
$err .= $LANG_USERBOX_ADMIN['meta_keywords'] . $_USERBOX_CONF['maxlength_meta_keywords'] . $LANG_USERBOX_ADMIN['err_maxlength'] . "<br/>" . LB;
}
//----追加項目チェック
$err .= DATABOX_checkaddtiondatas($additionfields, $addition_def, $pi_name, $additionfields_fnm, $additionfields_del, $additionfields_alt);
//編集日付
$modified = $modified_year . "-" . $modified_month . "-" . $modified_day;
if (checkdate($modified_month, $modified_day, $modified_year) == false) {
$err .= $LANG_USERBOX_ADMIN['err_modified'] . "<br {XHTML}>" . LB;
}
$modified = COM_convertDate2Timestamp($modified_year . "-" . $modified_month . "-" . $modified_day, $modified_hour . ":" . $modified_minute . "::00");
//公開日
$released = $released_year . "-" . $released_month . "-" . $released_day;
if (checkdate($released_month, $released_day, $released_year) == false) {
$err .= $LANG_USERBOX_ADMIN['err_released'] . "<br {XHTML}>" . LB;
}
$released = COM_convertDate2Timestamp($released_year . "-" . $released_month . "-" . $released_day, $released_hour . ":" . $released_minute . "::00");
//コメント受付終了日時
if ($comment_expire_flag) {
if (checkdate($comment_expire_month, $comment_expire_day, $comment_expire_year) == false) {
$err .= $LANG_USERBOX_ADMIN['err_comment_expire'] . "<br {XHTML}>" . LB;
}
$comment_expire = COM_convertDate2Timestamp($comment_expire_year . "-" . $comment_expire_month . "-" . $comment_expire_day, $comment_expire_hour . ":" . $comment_expire_minute . "::00");
} else {
$comment_expire = '0000-00-00 00:00:00';
//$comment_expire="";
}
//公開終了日
if ($expired_flag) {
if (checkdate($expired_month, $expired_day, $expired_year) == false) {
$err .= $LANG_USERBOX_ADMIN['err_expired'] . "<br {XHTML}>" . LB;
}
$expired = COM_convertDate2Timestamp($expired_year . "-" . $expired_month . "-" . $expired_day, $expired_hour . ":" . $expired_minute . "::00");
if ($expired < $released) {
$err .= $LANG_USERBOX_ADMIN['err_expired'] . "<br {XHTML}>" . LB;
}
} else {
$expired = '0000-00-00 00:00:00';
//$expired="";
}
//errorのあるとき
if ($err != "") {
$retval['title'] = $LANG_USERBOX_ADMIN['piname'] . $LANG_USERBOX_ADMIN['edit'];
$retval['display'] = fncEdit($id, $edt_flg, 3, $err);
return $retval;
}
// CHECK おわり
if ($id == 0) {
$w = DB_getItem($_TABLES['USERBOX_base'], "max(id)", "1=1");
if ($w == "") {
$w = 0;
}
$id = $w + 1;
$created_month = date('m');
$created_day = date('d');
$created_year = date('Y');
$created_hour = date('H');
$created_minute = date('i');
$created = COM_convertDate2Timestamp($created_year . "-" . $created_month . "-" . $created_day, $created_hour . ":" . $created_minute . "::00");
}
$hits = 0;
$comments = 0;
$fields = "id";
$values = "{$id}";
$fields .= ",page_title";
//
$values .= ",'{$page_title}'";
$fields .= ",description";
//
$values .= ",'{$description}'";
$fields .= ",defaulttemplatesdirectory";
//
$values .= ",'{$defaulttemplatesdirectory}'";
//$fields.=",hits";//
//$values.=",$hits";
$fields .= ",comments";
//
$values .= ",{$comments}";
$fields .= ",meta_description";
//
$values .= ",'{$meta_description}'";
$fields .= ",meta_keywords";
//
$values .= ",'{$meta_keywords}'";
$fields .= ",commentcode";
//
$values .= ",{$commentcode}";
$fields .= ",trackbackcode";
//
$values .= ",{$trackbackcode}";
$fields .= ",cache_time";
//
$values .= ",{$cache_time}";
$fields .= ",comment_expire";
//
if ($comment_expire == '0000-00-00 00:00:00') {
$values .= ",'{$comment_expire}'";
} else {
$values .= ",FROM_UNIXTIME('{$comment_expire}')";
}
$fields .= ",language_id";
//
$values .= ",'{$language_id}'";
$fields .= ",owner_id";
$values .= ",{$owner_id}";
$fields .= ",group_id";
$values .= ",{$group_id}";
$fields .= ",perm_owner";
$values .= ",{$perm_owner}";
$fields .= ",perm_group";
$values .= ",{$perm_group}";
$fields .= ",perm_members";
$values .= ",{$perm_members}";
$fields .= ",perm_anon";
$values .= ",{$perm_anon}";
$fields .= ",modified";
$values .= ",FROM_UNIXTIME('{$modified}')";
if ($created != "") {
$fields .= ",created";
$values .= ",FROM_UNIXTIME('{$created}')";
}
$fields .= ",expired";
if ($expired == '0000-00-00 00:00:00') {
$values .= ",'{$expired}'";
} else {
$values .= ",FROM_UNIXTIME('{$expired}')";
}
$fields .= ",released";
$values .= ",FROM_UNIXTIME('{$released}')";
$fields .= ",orderno";
//
$values .= ",{$orderno}";
$fields .= ",fieldset_id";
//
$values .= ",{$fieldset_id}";
$fields .= ",uuid";
$values .= ",{$uuid}";
$fields .= ",draft_flag";
$values .= ",{$draft_flag}";
DB_save($_TABLES['USERBOX_base'], $fields, $values);
//カテゴリ
$rt = DATABOX_savecategorydatas($id, $category, $pi_name);
//追加項目
DATABOX_uploadaddtiondatas($additionfields, $addition_def, $pi_name, $id, $additionfields_fnm, $additionfields_del, $additionfields_old, $additionfields_alt);
$rt = DATABOX_saveaddtiondatas($id, $additionfields, $addition_def, $pi_name);
//user (コアのテーブル)
//kokoka
$sql = "UPDATE " . $_TABLES['users'] . " SET ";
$sql .= " fullname ='" . $fullname . "'";
$sql .= " WHERE uid=" . $id;
DB_query($sql);
$rt = fncsendmail('data', $id);
$cacheInstance = 'userbox__' . $id . '__';
CACHE_remove_instance($cacheInstance);
//exit;// debug 用
// if ($edt_flg){
// $return_page=$_CONF['site_url'] . "/".THIS_SCRIPT;
// $return_page.="?id=".$id;
// }else{
// $return_page=$_CONF['site_admin_url'] . '/plugins/'.THIS_SCRIPT.'?msg=1';
// }
// return COM_refresh ($return_page);
if ($_USERBOX_CONF['aftersave_admin'] === 'no') {
$retval['title'] = $LANG_USERBOX_ADMIN['piname'] . $LANG_USERBOX_ADMIN['edit'];
$retval['display'] .= fncEdit($id, $edt_flg, 1, "");
return $retval;
} else {
if ($_USERBOX_CONF['aftersave_admin'] === 'list') {
$url = $_CONF['site_admin_url'] . "/plugins/{$pi_name}/profile.php";
$item_url = COM_buildURL($url);
$target = 'item';
} else {
$url = $_CONF['site_url'] . "/userbox/profile.php";
$url .= "?";
//コード使用の時
if ($_USERBOX_CONF['datacode']) {
$url .= "code=" . $username;
$url .= "&m=code";
} else {
$url .= "id=" . $id;
$url .= "&m=id";
}
$item_url = COM_buildUrl($url);
$target = $_USERBOX_CONF['aftersave_admin'];
}
}
$return_page = PLG_afterSaveSwitch($target, $item_url, 'userbox', 1);
echo $return_page;
exit;
}
/**
* Saves the global configuration to all albums
*
* @return string HTML
*
*/
function MG_saveGlobalAlbumPerm()
{
global $_CONF, $_TABLES, $_MG_CONF, $LANG_MG00;
if (!SEC_hasRights('mediagallery.admin')) {
COM_errorLog("Media Gallery user attempted to edit global album attributes without proper accss.");
return COM_showMessageText($LANG_MG00['access_denied_msg']);
}
$A['group_id'] = COM_applyFilter($_POST['group_id'], true);
$A['member_uploads'] = COM_applyFilter($_POST['member_upload'], true);
$A['moderate'] = COM_applyFilter($_POST['moderation'], true);
$A['mod_group_id'] = COM_applyFilter($_POST['mod_id'], true);
$A['email_mod'] = COM_applyFilter($_POST['email_mod'], true);
$adminMenu = COM_applyFilter($_POST['admin_menu'], true);
$perm_owner = $_POST['perm_owner'];
$perm_group = $_POST['perm_group'];
$perm_members = $_POST['perm_members'];
$perm_anon = $_POST['perm_anon'];
$group_id = $_POST['group_id'];
// Convert array values to numeric permission values
list($A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']) = SEC_getPermissionValues($perm_owner, $perm_group, $perm_members, $perm_anon);
$group_active = COM_applyFilter($_POST['group_active'], true);
$perm_active = COM_applyFilter($_POST['perm_active'], true);
$upload_active = COM_applyFilter($_POST['upload_active'], true);
$moderate_active = COM_applyFilter($_POST['moderate_active'], true);
$mod_group_active = COM_applyFilter($_POST['mod_group_active'], true);
$email_mod_active = COM_applyFilter($_POST['email_mod_active'], true);
$updateSQL = '';
$updateSQL .= $group_active ? "group_id={$group_id}" : '';
$updateSQL .= $perm_active ? ($updateSQL != '' ? ',' : '') . "perm_owner={$A['perm_owner']},perm_group={$A['perm_group']},perm_members={$A['perm_members']},perm_anon={$A['perm_anon']}" : '';
$updateSQL .= $upload_active ? ($updateSQL != '' ? ',' : '') . "member_uploads={$A['member_uploads']}" : '';
$updateSQL .= $moderate_active ? ($updateSQL != '' ? ',' : '') . "moderate={$A['moderate']}" : '';
$updateSQL .= $mod_group_active ? ($updateSQL != '' ? ',' : '') . "mod_group_id={$A['mod_group_id']}" : '';
$updateSQL .= $email_mod_active ? ($updateSQL != '' ? ',' : '') . "email_mod={$A['email_mod']}" : '';
if ($updateSQL != '') {
$sql = "UPDATE {$_TABLES['mg_albums']} SET " . $updateSQL;
DB_query($sql);
require_once $_CONF['path'] . 'plugins/mediagallery/include/rssfeed.php';
MG_buildFullRSS();
MG_GlobalrebuildAllAlbumsRSS(0);
}
if ($adminMenu == 1) {
echo COM_refresh($_MG_CONF['admin_url'] . '/index.php?msg=10');
} else {
echo COM_refresh($_MG_CONF['site_url'] . '/index.php');
}
exit;
}
function MG_saveMemberDefaults()
{
global $_CONF, $_MG_CONF, $_TABLES, $_USER, $_POST;
$member_albums = isset($_POST['member_albums']) ? COM_applyFilter($_POST['member_albums'], true) : 0;
$member_quota = COM_applyFilter($_POST['member_quota'], true) * 1048576;
$auto_create = isset($_POST['auto_create']) ? COM_applyFilter($_POST['auto_create'], true) : 0;
$allow_create = isset($_POST['allow_create']) ? COM_applyFilter($_POST['allow_create'], true) : 0;
$member_use_fullname = isset($_POST['member_use_fullname']) ? COM_applyFilter($_POST['member_use_fullname'], true) : 0;
$feature_member_album = isset($_POST['feature_member_album']) ? COM_applyFilter($_POST['feature_member_album'], true) : 0;
$allow_remote = isset($_POST['allow_remote']) ? COM_applyFilter($_POST['allow_remote'], true) : 0;
$member_root = isset($_POST['member_root']) ? COM_applyFilter($_POST['member_root'], true) : 0;
$member_archive = isset($_POST['member_archive']) ? COM_applyFilter($_POST['member_archive'], true) : 0;
$enable_random = isset($_POST['enable_random']) ? COM_applyFilter($_POST['enable_random'], true) : 0;
$max_image_width = COM_applyFilter($_POST['max_image_width'], true);
$max_image_height = COM_applyFilter($_POST['max_image_height'], true);
$max_filesize = COM_applyFilter($_POST['max_filesize'], true) * 1024;
$uploads = isset($_POST['uploads']) ? COM_applyFilter($_POST['uploads'], true) : 0;
$moderate = isset($_POST['moderate']) ? COM_applyFilter($_POST['moderate'], true) : 0;
$mod_id = COM_applyFilter($_POST['mod_id'], true);
$email_mod = isset($_POST['email_mod']) ? COM_applyFilter($_POST['email_mod'], true) : 0;
$tperm_owner = isset($_POST['perm_owner']) ? $_POST['perm_owner'] : 0;
$tperm_group = isset($_POST['perm_group']) ? $_POST['perm_group'] : 0;
$tperm_members = isset($_POST['perm_members']) ? $_POST['perm_members'] : 0;
$tperm_anon = isset($_POST['perm_anon']) ? $_POST['perm_anon'] : 0;
list($perm_owner, $perm_group, $perm_members, $perm_anon) = SEC_getPermissionValues($tperm_owner, $tperm_group, $tperm_members, $tperm_anon);
// valid media formats....
$format_jpg = isset($_POST['format_jpg']) ? COM_applyFilter($_POST['format_jpg'], true) : 0;
$format_png = isset($_POST['format_png']) ? COM_applyFilter($_POST['format_png'], true) : 0;
$format_tif = isset($_POST['format_tif']) ? COM_applyFilter($_POST['format_tif'], true) : 0;
$format_gif = isset($_POST['format_gif']) ? COM_applyFilter($_POST['format_gif'], true) : 0;
$format_bmp = isset($_POST['format_bmp']) ? COM_applyFilter($_POST['format_bmp'], true) : 0;
$format_tga = isset($_POST['format_tga']) ? COM_applyFilter($_POST['format_tga'], true) : 0;
$format_psd = isset($_POST['format_psd']) ? COM_applyFilter($_POST['format_psd'], true) : 0;
$format_mp3 = isset($_POST['format_mp3']) ? COM_applyFilter($_POST['format_mp3'], true) : 0;
$format_ogg = isset($_POST['format_ogg']) ? COM_applyFilter($_POST['format_ogg'], true) : 0;
$format_asf = isset($_POST['format_asf']) ? COM_applyFilter($_POST['format_asf'], true) : 0;
$format_swf = isset($_POST['format_swf']) ? COM_applyFilter($_POST['format_swf'], true) : 0;
$format_mov = isset($_POST['format_mov']) ? COM_applyFilter($_POST['format_mov'], true) : 0;
$format_mp4 = isset($_POST['format_mp4']) ? COM_applyFilter($_POST['format_mp4'], true) : 0;
$format_mpg = isset($_POST['format_mpg']) ? COM_applyFilter($_POST['format_mpg'], true) : 0;
$format_zip = isset($_POST['format_zip']) ? COM_applyFilter($_POST['format_zip'], true) : 0;
$format_other = isset($_POST['format_other']) ? COM_applyFilter($_POST['format_other'], true) : 0;
$format_flv = isset($_POST['format_flv']) ? COM_applyFilter($_POST['format_flv'], true) : 0;
$format_rflv = isset($_POST['format_rflv']) ? COM_applyFilter($_POST['format_rflv'], true) : 0;
$format_emb = isset($_POST['format_emb']) ? COM_applyFilter($_POST['format_emb'], true) : 0;
$member_valid_formats = $format_jpg + $format_png + $format_tif + $format_gif + $format_bmp + $format_tga + $format_psd + $format_mp3 + $format_ogg + $format_asf + $format_swf + $format_mov + $format_mp4 + $format_mpg + $format_zip + $format_other + $format_flv + $format_rflv + $format_emb;
// put any error checking / validation here
DB_save($_TABLES['mg_config'], "config_name, config_value", "'member_albums','{$member_albums}'");
DB_save($_TABLES['mg_config'], "config_name, config_value", "'member_use_fullname','{$member_use_fullname}'");
DB_save($_TABLES['mg_config'], "config_name, config_value", "'feature_member_album','{$feature_member_album}'");
DB_save($_TABLES['mg_config'], "config_name, config_value", "'allow_remote','{$allow_remote}'");
DB_save($_TABLES['mg_config'], "config_name, config_value", "'member_quota','{$member_quota}'");
DB_save($_TABLES['mg_config'], "config_name, config_value", "'member_auto_create','{$auto_create}'");
DB_save($_TABLES['mg_config'], "config_name, config_value", "'member_create_new','{$allow_create}'");
DB_save($_TABLES['mg_config'], "config_name, config_value", "'member_album_root','{$member_root}'");
DB_save($_TABLES['mg_config'], "config_name, config_value", "'member_album_archive','{$member_archive}'");
DB_save($_TABLES['mg_config'], "config_name, config_value", "'member_enable_random','{$enable_random}'");
DB_save($_TABLES['mg_config'], "config_name, config_value", "'member_max_width','{$max_image_width}'");
DB_save($_TABLES['mg_config'], "config_name, config_value", "'member_max_height','{$max_image_height}'");
DB_save($_TABLES['mg_config'], "config_name, config_value", "'member_max_filesize','{$max_filesize}'");
DB_save($_TABLES['mg_config'], "config_name, config_value", "'member_uploads','{$uploads}'");
DB_save($_TABLES['mg_config'], "config_name, config_value", "'member_moderate','{$moderate}'");
DB_save($_TABLES['mg_config'], "config_name, config_value", "'member_mod_group_id','{$mod_id}'");
DB_save($_TABLES['mg_config'], "config_name, config_value", "'member_email_mod','{$email_mod}'");
DB_save($_TABLES['mg_config'], "config_name, config_value", "'member_perm_owner','{$perm_owner}'");
DB_save($_TABLES['mg_config'], "config_name, config_value", "'member_perm_group','{$perm_group}'");
DB_save($_TABLES['mg_config'], "config_name, config_value", "'member_perm_members','{$perm_members}'");
DB_save($_TABLES['mg_config'], "config_name, config_value", "'member_perm_anon','{$perm_anon}'");
DB_save($_TABLES['mg_config'], "config_name, config_value", "'member_valid_formats','{$member_valid_formats}'");
CACHE_remove_instance('stmenu');
echo COM_refresh($_MG_CONF['admin_url'] . 'index.php?msg=12');
exit;
}
/**
* Saves an event to the database
*
* @param array $_POST fields
* @return string HTML redirect or error message
*
*/
function CALENDAR_save($eid, $C)
{
global $_CONF, $_TABLES, $_USER, $LANG_CAL_ADMIN, $MESSAGE, $_CA_CONF;
$allday = isset($C['allday']) ? COM_applyFilter($C['allday']) : '';
$hour_mode = isset($C['hour_mode']) && $C['hour_mode'] == 24 ? 24 : 12;
if ($hour_mode == 24) {
// these aren't set in 24 hour mode
$C['start_ampm'] = '';
$C['end_ampm'] = '';
}
$status = $C['status'];
$title = $C['title'];
$event_type = $C['event_type'];
$url = $C['url'];
$start_month = COM_applyFilter($C['start_month'], true);
$start_day = COM_applyFilter($C['start_day'], true);
$start_year = COM_applyFilter($C['start_year'], true);
$start_hour = COM_applyFilter($C['start_hour'], true);
$start_minute = COM_applyFilter($C['start_minute'], true);
$start_ampm = $C['start_ampm'];
$end_month = COM_applyFilter($C['end_month'], true);
$end_day = COM_applyFilter($C['end_day'], true);
$end_year = COM_applyFilter($C['end_year'], true);
$end_hour = COM_applyFilter($C['end_hour'], true);
$end_minute = COM_applyFilter($C['end_minute'], true);
$end_ampm = $C['end_ampm'];
$location = $C['location'];
$address1 = $C['address1'];
$address2 = $C['address2'];
$city = $C['city'];
$state = $C['state'];
$zipcode = $C['zipcode'];
$description = $C['description'];
$postmode = $C['postmode'];
$owner_id = COM_applyFilter($C['owner_id'], true);
$group_id = COM_applyFilter($C['group_id'], true);
$perm_owner = $C['perm_owner'];
$perm_group = $C['perm_group'];
$perm_members = isset($C['perm_members']) ? $C['perm_members'] : '';
$perm_anon = isset($C['perm_anon']) ? $C['perm_anon'] : '';
$type = isset($C['type']) ? COM_applyFilter($C['type']) : '';
$C['datestart'] = sprintf('%4d-%02d-%02d', $start_year, $start_month, $start_day);
$C['timestart'] = $start_hour . ':' . $start_minute . ':00';
$C['dateend'] = sprintf('%4d-%02d-%02d', $end_year, $end_month, $end_day);
$C['timeend'] = $end_hour . ':' . $end_minute . ':00';
$C['allday'] = $allday;
$C['hits'] = 0;
$retval = '';
// Convert array values to numeric permission values
list($perm_owner, $perm_group, $perm_members, $perm_anon) = SEC_getPermissionValues($perm_owner, $perm_group, $perm_members, $perm_anon);
$access = 0;
if (DB_count($_TABLES['events'], 'eid', $eid) > 0) {
$result = DB_query("SELECT owner_id,group_id,perm_owner,perm_group," . "perm_members,perm_anon FROM {$_TABLES['events']} " . "WHERE eid = '{$eid}'");
$A = DB_fetchArray($result);
$access = SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']);
} else {
$access = SEC_hasAccess($owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon);
}
if ($access < 3 || !SEC_inGroup($group_id)) {
$retval .= COM_siteHeader('menu', $MESSAGE[30]);
$retval .= COM_showMessageText($MESSAGE[31], $MESSAGE[30], true);
$retval .= COM_siteFooter();
COM_accessLog("User {$_USER['username']} tried to illegally submit or edit event {$eid}.");
return $retval;
}
if ($hour_mode == 24) {
// to avoid having to mess with the tried and tested code below, map
// the 24-hour values onto their 12-hour counterparts and use those
if ($start_hour >= 12) {
$start_ampm = 'pm';
$start_hour = $start_hour - 12;
} else {
$start_ampm = 'am';
$start_hour = $start_hour;
}
if ($start_hour == 0) {
$start_hour = 12;
}
if ($end_hour >= 12) {
$end_ampm = 'pm';
$end_hour = $end_hour - 12;
} else {
$end_ampm = 'am';
$end_hour = $end_hour;
}
if ($end_hour == 0) {
$end_hour = 12;
}
}
if ($allday == 'on') {
$allday = 1;
} else {
$allday = 0;
}
// Make sure start date is before end date
if (checkdate($start_month, $start_day, $start_year)) {
$datestart = sprintf('%4d-%02d-%02d', $start_year, $start_month, $start_day);
$timestart = $start_hour . ':' . $start_minute . ':00';
} else {
$retval .= COM_siteHeader('menu', $LANG_CAL_ADMIN[2]);
$retval .= COM_showMessageText($LANG_CAL_ADMIN[23], $LANG_CAL_ADMIN[2], true);
$retval .= CALENDAR_edit('edit', $C, '');
$retval .= COM_siteFooter();
return $retval;
}
if (checkdate($end_month, $end_day, $end_year)) {
$dateend = sprintf('%4d-%02d-%02d', $end_year, $end_month, $end_day);
$timeend = $end_hour . ':' . $end_minute . ':00';
} else {
$retval .= COM_siteHeader('menu', $LANG_CAL_ADMIN[2]);
$retval .= COM_showMessageText($LANG_CAL_ADMIN[24], $LANG_CAL_ADMIN[2], true);
$retval .= CALENDAR_edit('edit', $C, '');
$retval .= COM_siteFooter();
return $retval;
}
if ($allday == 0) {
if ($dateend < $datestart) {
$retval .= COM_siteHeader('menu', $LANG_CAL_ADMIN[2]);
$retval .= COM_showMessageText($LANG_CAL_ADMIN[25], $LANG_CAL_ADMIN[2], true);
$retval .= CALENDAR_edit('edit', $C, '');
$retval .= COM_siteFooter();
return $retval;
}
} else {
if ($dateend < $datestart) {
// Force end date to be same as start date
$dateend = $datestart;
}
}
// clean 'em up
if ($postmode == 'html') {
$description = COM_checkHTML(COM_checkWords($description));
} else {
$postmode = 'plaintext';
$description = @htmlspecialchars(COM_checkWords($description));
}
$description = DB_escapeString($description);
$title = DB_escapeString(COM_checkHTML(COM_checkWords($title)));
$location = DB_escapeString(COM_checkHTML(COM_checkWords($location)));
$address1 = DB_escapeString(COM_checkHTML(COM_checkWords($address1)));
$address2 = DB_escapeString(COM_checkHTML(COM_checkWords($address2)));
$city = DB_escapeString(COM_checkHTML(COM_checkWords($city)));
$state = DB_escapeString(COM_checkHTML(COM_checkWords($state)));
$zipcode = DB_escapeString(COM_checkHTML(COM_checkWords($zipcode)));
$event_type = DB_escapeString(strip_tags(COM_checkWords($event_type)));
$url = DB_escapeString(strip_tags($url));
if ($allday == 0) {
// Add 12 to make time on 24 hour clock if needed
if ($start_ampm == 'pm' and $start_hour != 12) {
$start_hour = $start_hour + 12;
}
// If 12AM set hour to 00
if ($start_ampm == 'am' and $start_hour == 12) {
$start_hour = '00';
}
// Add 12 to make time on 24 hour clock if needed
if ($end_ampm == 'pm' and $end_hour != 12) {
$end_hour = $end_hour + 12;
}
// If 12AM set hour to 00
if ($end_ampm == 'am' and $end_hour == 12) {
$end_hour = '00';
}
$timestart = $start_hour . ':' . $start_minute . ':00';
$timeend = $end_hour . ':' . $end_minute . ':00';
}
if (!empty($eid) and !empty($description) and !empty($title)) {
DB_delete($_TABLES['eventsubmission'], 'eid', $eid);
DB_save($_TABLES['events'], 'eid,status,title,event_type,url,allday,datestart,dateend,timestart,' . 'timeend,location,address1,address2,city,state,zipcode,description,' . 'postmode,owner_id,group_id,perm_owner,perm_group,perm_members,' . 'perm_anon', "'{$eid}',{$status},'{$title}','{$event_type}','{$url}',{$allday},'{$datestart}'," . "'{$dateend}','{$timestart}','{$timeend}','{$location}','{$address1}'," . "'{$address2}','{$city}','{$state}','{$zipcode}','{$description}','{$postmode}'," . "{$owner_id},{$group_id},{$perm_owner},{$perm_group},{$perm_members},{$perm_anon}");
if (DB_count($_TABLES['personal_events'], 'eid', $eid) > 0) {
$result = DB_query("SELECT uid FROM {$_TABLES['personal_events']} " . "WHERE eid = '{$eid}'");
$numrows = DB_numRows($result);
for ($i = 1; $i <= $numrows; $i++) {
$P = DB_fetchArray($result);
DB_save($_TABLES['personal_events'], 'eid,status,title,event_type,datestart,dateend,address1,address2,' . 'city,state,zipcode,allday,url,description,postmode,' . 'group_id,owner_id,perm_owner,perm_group,perm_members,' . 'perm_anon,uid,location,timestart,timeend', "'{$eid}',{$status},'{$title}','{$event_type}','{$datestart}','{$dateend}'," . "'{$address1}','{$address2}','{$city}','{$state}','{$zipcode}'," . "{$allday},'{$url}','{$description}','{$postmode}',{$group_id}," . "{$owner_id},{$perm_owner},{$perm_group},{$perm_members}," . "{$perm_anon},{$P['uid']},'{$location}','{$timestart}','{$timeend}'");
}
}
PLG_itemSaved($eid, 'calendar');
COM_rdfUpToDateCheck('calendar', $event_type, $eid);
// if we just saved a submission, then return to the submissions page
if ($type == 'submission') {
return COM_refresh($_CONF['site_admin_url'] . '/moderation.php');
} else {
return PLG_afterSaveSwitch($_CA_CONF['aftersave'], $_CONF['site_url'] . '/calendar/event.php?eid=' . $eid, 'calendar', 17);
}
} else {
$retval .= COM_siteHeader('menu', $LANG_CAL_ADMIN[2]);
$retval .= COM_showMessageText($LANG_CAL_ADMIN[10], $LANG_CAL_ADMIN[2], true);
$retval .= CALENDAR_edit('edit', $C, '');
$retval .= COM_siteFooter();
return $retval;
}
}
/**
* Saves a block
*
* @param string $bid Block ID
* @param string $title Block title
* @param string $type Type of block
* @param int $blockorder Order block appears relative to the others
* @param string $content Content of block
* @param string $tid Ids of topics block is assigned to
* @param string $rdfurl URL to headline feed for portal blocks
* @param string $rdfupdated Date RSS/RDF feed was last updated
* @param string $rdflimit max. number of entries to import from feed
* @param string $phpblockfn Name of php function to call to get content
* @param int $onleft Flag indicates if block shows up on left or right
* @param int $owner_id ID of owner
* @param int $group_id ID of group block belongs to
* @param array $perm_owner Permissions the owner has on the object
* @param array $perm_group Permissions the group has on the object
* @param array $perm_members Permissions the logged in members have
* @param array $perm_anon Permissinos anonymous users have
* @param int $is_enabled Flag, indicates if block is enabled or not
* @return string HTML redirect or error message
*
*/
function saveblock($bid, $name, $title, $help, $type, $blockorder, $content, $rdfurl, $rdfupdated, $rdflimit, $phpblockfn, $onleft, $owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon, $is_enabled, $allow_autotags, $cache_time)
{
global $_CONF, $_TABLES, $LANG01, $LANG21, $MESSAGE, $_USER;
$retval = '';
$title = DB_escapeString(COM_stripslashes(strip_tags($title)));
$phpblockfn = DB_escapeString(COM_stripslashes(trim($phpblockfn)));
if (empty($title) || !TOPIC_checkTopicSelectionControl()) {
$retval .= COM_showMessageText($LANG21[64], $LANG21[63]) . editblock($bid);
$retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG21[63]));
return $retval;
}
// Convert array values to numeric permission values
list($perm_owner, $perm_group, $perm_members, $perm_anon) = SEC_getPermissionValues($perm_owner, $perm_group, $perm_members, $perm_anon);
$access = 0;
if ($bid > 0 && DB_count($_TABLES['blocks'], 'bid', $bid) > 0) {
$result = DB_query("SELECT owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon FROM {$_TABLES['blocks']} WHERE bid = '{$bid}'");
$A = DB_fetchArray($result);
$access = SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']);
} else {
$access = SEC_hasAccess($owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon);
}
if ($access < 3 || !TOPIC_hasMultiTopicAccess('topic') || !SEC_inGroup($group_id)) {
$retval .= COM_showMessageText($MESSAGE[29], $MESSAGE[30]);
$retval = COM_createHTMLDocument($retval, array('pagetitle' => $MESSAGE[30]));
COM_accessLog("User {$_USER['username']} tried to illegally create or edit block {$bid}.");
return $retval;
} elseif (!empty($name) and ($type == 'normal' && !empty($title) && !empty($content) or $type == 'portal' && !empty($title) && !empty($rdfurl) or $type == 'phpblock' && !empty($phpblockfn) && !empty($title) or $type == 'gldefault' && strlen($blockorder) > 0)) {
if ($is_enabled == 'on') {
$is_enabled = 1;
} else {
$is_enabled = 0;
}
if ($allow_autotags == 'on') {
$allow_autotags = 1;
} else {
$allow_autotags = 0;
}
if ($cache_time < -1 or $cache_time == "") {
$cache_time = $_CONF['default_cache_time_block'];
}
if ($type == 'portal') {
$content = '';
$rdfupdated = '';
$phpblockfn = '';
// get rid of possible extra prefixes (e.g. "feed://http://...")
if (substr($rdfurl, 0, 4) == 'rss:') {
$rdfurl = substr($rdfurl, 4);
} elseif (substr($rdfurl, 0, 5) == 'feed:') {
$rdfurl = substr($rdfurl, 5);
}
if (substr($rdfurl, 0, 2) == '//') {
$rdfurl = substr($rdfurl, 2);
}
$rdfurl = COM_sanitizeUrl($rdfurl, array('http', 'https'));
}
if ($type == 'gldefault') {
$content = '';
$rdfurl = '';
$rdfupdated = '';
$rdflimit = 0;
$phpblockfn = '';
}
if ($type == 'phpblock') {
// NOTE: PHP Blocks must be within a function and the function
// must start with phpblock_ as the prefix. This will prevent
// the arbitrary execution of code
if (!stristr($phpblockfn, 'phpblock_')) {
$retval .= COM_showMessageText($LANG21[38], $LANG21[37]) . editblock($bid);
$retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG21[37]));
return $retval;
}
$content = '';
$rdfurl = '';
$rdfupdated = '';
$rdflimit = 0;
}
if ($type == 'normal') {
$rdfurl = '';
$rdfupdated = '';
$rdflimit = 0;
$phpblockfn = '';
if ($allow_autotags == 1) {
// Remove any autotags the user doesn't have permission to use
$content = PLG_replaceTags($content, '', true);
}
$content = DB_escapeString($content);
}
if ($rdflimit < 0) {
$rdflimit = 0;
}
if (!empty($rdfurl)) {
$rdfurl = DB_escapeString($rdfurl);
}
if (empty($rdfupdated)) {
$rdfupdated = '0000-00-00 00:00:00';
}
if ($bid > 0) {
DB_save($_TABLES['blocks'], 'bid,name,title,help,type,blockorder,content,rdfurl,rdfupdated,rdflimit,phpblockfn,onleft,owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon,is_enabled,allow_autotags,cache_time,rdf_last_modified,rdf_etag', "{$bid},'{$name}','{$title}','{$help}','{$type}','{$blockorder}','{$content}','{$rdfurl}','{$rdfupdated}','{$rdflimit}','{$phpblockfn}',{$onleft},{$owner_id},{$group_id},{$perm_owner},{$perm_group},{$perm_members},{$perm_anon},{$is_enabled},{$allow_autotags},{$cache_time},NULL,NULL");
} else {
$sql = array();
$sql['mysql'] = $sql['mssql'] = "INSERT INTO {$_TABLES['blocks']} " . '(name,title,help,type,blockorder,content,rdfurl,rdfupdated,rdflimit,phpblockfn,onleft,owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon,is_enabled,allow_autotags,cache_time) ' . "VALUES ('{$name}','{$title}','{$help}','{$type}','{$blockorder}','{$content}','{$rdfurl}','{$rdfupdated}','{$rdflimit}','{$phpblockfn}',{$onleft},{$owner_id},{$group_id},{$perm_owner},{$perm_group},{$perm_members},{$perm_anon},{$is_enabled},{$allow_autotags},{$cache_time})";
$sql['pgsql'] = "INSERT INTO {$_TABLES['blocks']} " . '(bid,name,title,help,type,blockorder,content,rdfurl,rdfupdated,rdflimit,phpblockfn,onleft,owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon,is_enabled,allow_autotags,cache_time) ' . "VALUES ((SELECT NEXTVAL('{$_TABLES['blocks']}_bid_seq')),'{$name}','{$title}','{$help}','{$type}','{$blockorder}','{$content}','{$rdfurl}','1970-01-01','{$rdflimit}','{$phpblockfn}',{$onleft},{$owner_id},{$group_id},{$perm_owner},{$perm_group},{$perm_members},{$perm_anon},{$is_enabled},{$allow_autotags},{$cache_time})";
DB_query($sql);
$bid = DB_insertId();
}
TOPIC_saveTopicSelectionControl('block', $bid);
$cacheInstance = 'block__' . $bid . '__';
// remove any of this blocks instances if exists
CACHE_remove_instance($cacheInstance);
return COM_refresh($_CONF['site_admin_url'] . '/block.php?msg=11');
} else {
if (empty($name)) {
// empty block name
$msgtxt = $LANG21[50];
} elseif ($type == 'portal') {
// Portal block is missing fields
$msgtxt = $LANG21[33];
} elseif ($type == 'phpblock') {
// PHP Block is missing field
$msgtxt = $LANG21[34];
} elseif ($type == 'normal') {
// Normal block is missing field
$msgtxt = $LANG21[35];
} elseif ($type == 'gldefault') {
// Default geeklog field missing
$msgtxt = $LANG21[42];
} else {
// Layout block missing content
$msgtxt = $LANG21[36];
}
$retval .= COM_showMessageText($msgtxt, $LANG21[32]) . editblock($bid);
$retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG21[32]));
}
return $retval;
}
/**
* saves the specified album information
*
* @param int album_id album_id to edit
* @return string HTML
*
*/
function MG_saveAlbum($album_id, $actionURL = '')
{
global $_DB_dbms, $MG_albums, $_USER, $_CONF, $_TABLES, $_MG_CONF, $LANG_MG00, $LANG_MG01, $_POST;
$update = 0;
if (isset($_POST['album_id'])) {
$aid = COM_applyFilter($_POST['album_id'], true);
} else {
$aid = 0;
}
if (isset($_POST['force_child_update'])) {
$forceChildPermUpdate = COM_applyFilter($_POST['force_child_update'], true);
} else {
$forceChildPermUpdate = 0;
}
$thumb = $_FILES['thumbnail'];
$thumbnail = $thumb['tmp_name'];
if (isset($_POST['attach_tn'])) {
$att = COM_applyFilter($_POST['attach_tn']);
} else {
$att = 0;
}
if ($aid > 0) {
// should be 0 or negative 1 for create
$album = $MG_albums[$aid];
$oldparent = $album->parent;
$old_tn_attached = $album->tn_attached;
$old_featured = $album->featured;
$update = 1;
} else {
$album = new mgAlbum();
$album->id = $aid;
$update = 0;
$old_tn_attached = 0;
}
if ($_MG_CONF['htmlallowed'] == 1) {
$album->title = COM_checkHTML(COM_killJS($_POST['album_name']));
$album->description = COM_checkHTML(COM_killJS($_POST['album_desc']));
} else {
$album->title = htmlspecialchars(strip_tags(COM_checkWords(COM_killJS($_POST['album_name']))));
$album->description = htmlspecialchars(strip_tags(COM_checkWords(COM_killJS($_POST['album_desc']))));
}
if ($album->title == "") {
return MG_errorHandler("You must enter an Album Name");
}
$album->parent = COM_applyFilter($_POST['parentaid'], true);
// we should not need this
if (isset($_POST['hidden'])) {
$album->hidden = COM_applyFilter($_POST['hidden'], true);
} else {
$album->hidden = 0;
}
$album->cover = COM_applyFilter($_POST['cover']);
$album->cover_filename = COM_applyFilter($_POST['album_cover_filename']);
if (isset($_POST['enable_album_views'])) {
$album->enable_album_views = COM_applyFilter($_POST['enable_album_views'], true);
} else {
$album->enable_album_views = 0;
}
$album->image_skin = COM_applyFilter($_POST['skin']);
$album->album_skin = COM_applyFilter($_POST['askin']);
$album->display_skin = COM_applyFilter($_POST['dskin']);
if (isset($_POST['display_album_desc'])) {
$album->display_album_desc = COM_applyFilter($_POST['display_album_desc'], true);
} else {
$album->display_album_desc = 0;
}
if (isset($_POST['enable_comments'])) {
$album->enable_comments = COM_applyFilter($_POST['enable_comments'], true);
} else {
$album->enable_comments = 0;
}
$album->exif_display = COM_applyFilter($_POST['enable_exif'], true);
if (isset($_POST['enable_rating'])) {
$album->enable_rating = COM_applyFilter($_POST['enable_rating'], true);
} else {
$album->enable_rating = 0;
}
$album->playback_type = COM_applyFilter($_POST['playback_type'], true);
$album->tn_attached = isset($_POST['attach_tn']) ? COM_applyFilter($_POST['attach_tn'], true) : 0;
$album->enable_slideshow = COM_applyFilter($_POST['enable_slideshow'], true);
if (isset($_POST['enable_random'])) {
$album->enable_random = COM_applyFilter($_POST['enable_random'], true);
} else {
$album->enable_random = 0;
}
if (isset($_POST['enable_shutterfly'])) {
$album->enable_shutterfly = COM_applyFilter($_POST['enable_shutterfly'], true);
} else {
$album->enable_shutterfly = 0;
}
if (isset($_POST['enable_views'])) {
$album->enable_views = COM_applyFilter($_POST['enable_views'], true);
} else {
$album->enable_views = 0;
}
if (isset($_POST['enable_keywords'])) {
$album->enable_keywords = COM_applyFilter($_POST['enable_keywords'], true);
} else {
$album->enable_keywords = 0;
}
if (isset($_POST['enable_sort'])) {
$album->enable_sort = COM_applyFilter($_POST['enable_sort'], true);
} else {
$album->enable_sort = 0;
}
if (isset($_POST['enable_rss'])) {
$album->enable_rss = COM_applyFilter($_POST['enable_rss'], true);
} else {
$album->enable_rss = 0;
}
$album->enable_postcard = COM_applyFilter($_POST['enable_postcard'], true);
if (isset($_POST['albums_first'])) {
$album->albums_first = COM_applyFilter($_POST['albums_first'], true);
} else {
$album->albums_first = 0;
}
if (isset($_POST['allow_download'])) {
$album->allow_download = COM_applyFilter($_POST['allow_download'], true);
} else {
$album->allow_download = 0;
}
if (isset($_POST['usealternate'])) {
$album->useAlternate = COM_applyFilter($_POST['usealternate'], true);
} else {
$album->useAlternate = 0;
}
$album->full = COM_applyFilter($_POST['full_display'], true);
$album->tn_size = COM_applyFilter($_POST['tn_size'], true);
$album->max_image_height = COM_applyFilter($_POST['max_image_height'], true);
$album->max_image_width = COM_applyFilter($_POST['max_image_width'], true);
$album->max_filesize = COM_applyFilter($_POST['max_filesize'], true);
if ($album->max_filesize != 0) {
$album->max_filesize = $album->max_filesize * 1024;
}
$album->display_image_size = COM_applyFilter($_POST['display_image_size'], true);
$album->display_rows = COM_applyFilter($_POST['display_rows'], true);
$album->display_columns = COM_applyFilter($_POST['display_columns'], true);
$album->skin = COM_applyFilter($_POST['album_theme']);
if (isset($_POST['filename_title'])) {
$album->filename_title = COM_applyFilter($_POST['filename_title'], true);
} else {
$album->filename_title = 0;
}
$album->shopping_cart = 0;
if (isset($_POST['wm_auto'])) {
$album->wm_auto = COM_applyFilter($_POST['wm_auto'], true);
} else {
$album->wm_auto = 0;
}
$album->wm_id = COM_applyFilter($_POST['wm_id']);
$album->wm_opacity = COM_applyFilter($_POST['wm_opacity'], true);
$album->wm_location = COM_applyFilter($_POST['wm_location'], true);
$album->album_sort_order = COM_applyFilter($_POST['album_sort_order'], true);
if (isset($_POST['uploads'])) {
$album->member_uploads = COM_applyFilter($_POST['uploads'], true);
} else {
$album->member_uploads = 0;
}
if (isset($_POST['moderate'])) {
$album->moderate = COM_applyFilter($_POST['moderate'], true);
} else {
$album->moderate = 0;
}
if (isset($_POST['email_mod'])) {
$album->email_mod = COM_applyFilter($_POST['email_mod'], true);
} else {
$album->email_mod = 0;
}
if (isset($_POST['podcast'])) {
$album->podcast = COM_applyFilter($_POST['podcast'], true);
} else {
$album->podcast = 0;
}
if (isset($_POST['mp3ribbon'])) {
$album->mp3ribbon = COM_applyFilter($_POST['mp3ribbon'], true);
} else {
$album->mp3ribbon = 0;
}
if (isset($_POST['rsschildren'])) {
$album->rssChildren = COM_applyFilter($_POST['rsschildren'], true);
} else {
$album->rssChildren = 0;
}
if (isset($_POST['tnheight'])) {
$album->tnHeight = COM_applyFilter($_POST['tnheight'], true);
if ($album->tnHeight == 0) {
$album->tnHeight = 200;
}
} else {
$album->tnHeight = 200;
}
if (isset($_POST['tnwidth'])) {
$album->tnWidth = COM_applyFilter($_POST['tnwidth'], true);
if ($album->tnWidth == 0) {
$album->tnWidth = 200;
}
} else {
$album->tnWidth = 200;
}
if (SEC_hasRights('mediagallery.admin')) {
$format_jpg = isset($_POST['format_jpg']) ? COM_applyFilter($_POST['format_jpg'], true) : 0;
$format_png = isset($_POST['format_png']) ? COM_applyFilter($_POST['format_png'], true) : 0;
$format_tif = isset($_POST['format_tif']) ? COM_applyFilter($_POST['format_tif'], true) : 0;
$format_gif = isset($_POST['format_gif']) ? COM_applyFilter($_POST['format_gif'], true) : 0;
$format_bmp = isset($_POST['format_bmp']) ? COM_applyFilter($_POST['format_bmp'], true) : 0;
$format_tga = isset($_POST['format_tga']) ? COM_applyFilter($_POST['format_tga'], true) : 0;
$format_psd = isset($_POST['format_psd']) ? COM_applyFilter($_POST['format_psd'], true) : 0;
$format_mp3 = isset($_POST['format_mp3']) ? COM_applyFilter($_POST['format_mp3'], true) : 0;
$format_ogg = isset($_POST['format_ogg']) ? COM_applyFilter($_POST['format_ogg'], true) : 0;
$format_asf = isset($_POST['format_asf']) ? COM_applyFilter($_POST['format_asf'], true) : 0;
$format_swf = isset($_POST['format_swf']) ? COM_applyFilter($_POST['format_swf'], true) : 0;
$format_mov = isset($_POST['format_mov']) ? COM_applyFilter($_POST['format_mov'], true) : 0;
$format_mp4 = isset($_POST['format_mp4']) ? COM_applyFilter($_POST['format_mp4'], true) : 0;
$format_mpg = isset($_POST['format_mpg']) ? COM_applyFilter($_POST['format_mpg'], true) : 0;
$format_zip = isset($_POST['format_zip']) ? COM_applyFilter($_POST['format_zip'], true) : 0;
$format_other = isset($_POST['format_other']) ? COM_applyFilter($_POST['format_other'], true) : 0;
$format_flv = isset($_POST['format_flv']) ? COM_applyFilter($_POST['format_flv'], true) : 0;
$format_rflv = isset($_POST['format_rflv']) ? COM_applyFilter($_POST['format_rflv'], true) : 0;
$format_emb = isset($_POST['format_emb']) ? COM_applyFilter($_POST['format_emb'], true) : 0;
$album->valid_formats = $format_jpg + $format_png + $format_tif + $format_gif + $format_bmp + $format_tga + $format_psd + $format_mp3 + $format_ogg + $format_asf + $format_swf + $format_mov + $format_mp4 + $format_mpg + $format_zip + $format_other + $format_flv + $format_rflv + $format_emb;
if (isset($_POST['featured'])) {
$album->featured = COM_applyFilter($_POST['featured'], true);
// admin only
} else {
$album->featured = 0;
}
$album->cbposition = COM_applyFilter($_POST['featureposition'], true);
// admin only
$album->cbpage = COM_applyFilter($_POST['featurepage']);
// admin only
$album->group_id = isset($_POST['group_id']) ? COM_applyFilter($_POST['group_id']) : 0;
// admin only
$album->mod_group_id = isset($_POST['mod_id']) ? COM_applyFilter($_POST['mod_id'], true) : 0;
// admin only
$perm_owner = isset($_POST['perm_owner']) ? $_POST['perm_owner'] : 0;
// admin only
$perm_group = isset($_POST['perm_group']) ? $_POST['perm_group'] : 0;
// admin only
$perm_members = isset($_POST['perm_members']) ? $_POST['perm_members'] : 0;
$perm_anon = isset($_POST['perm_anon']) ? $_POST['perm_anon'] : 0;
list($album->perm_owner, $album->perm_group, $album->perm_members, $album->perm_anon) = SEC_getPermissionValues($perm_owner, $perm_group, $perm_members, $perm_anon);
} else {
$perm_owner = $album->perm_owner;
// already set by existing album?
$perm_group = $album->perm_group;
// already set by existing album?
if ($update == 0) {
if (isset($MG_albums[$album->parent]->group_id)) {
$grp_id = $MG_albums[$album->parent]->group_id;
$album->group_id = $grp_id;
} else {
$gresult = DB_query("SELECT grp_id FROM {$_TABLES['groups']} WHERE grp_name LIKE 'mediagallery Admin'");
$grow = DB_fetchArray($gresult);
$grp_id = $grow['grp_id'];
$album->group_id = $grp_id;
// only do these two if create....
}
$album->mod_group_id = $_MG_CONF['member_mod_group_id'];
if ($album->mod_group_id == '' || $album->mod_group_id < 1) {
$album->mod_group_id = $grp_id;
}
}
$perm_members = $_POST['perm_members'];
$perm_anon = $_POST['perm_anon'];
list($junk1, $junk2, $album->perm_members, $album->perm_anon) = SEC_getPermissionValues($perm_owner, $perm_group, $perm_members, $perm_anon);
}
if (isset($_POST['owner_id'])) {
$album->owner_id = COM_applyFilter($_POST['owner_id']);
} else {
$album->owner_id = 2;
}
// simple check to see if we can create off the album root...
if (!SEC_hasRights('mediagallery.admin')) {
if ($album->parent == $_MG_CONF['member_album_root'] && $update == 0) {
if ($_MG_CONF['member_create_new'] == 0) {
return MG_errorHandler("Cannot create a new album off the member root, please select a new parent album");
}
}
}
// final permission check to make sure we have the proper rights to create here....
if ($album->parent == 0 && $update == 0 && !$_MG_CONF['member_albums'] == 1 && !$_MG_CONF['member_album_root'] == 0) {
// see if we are mediagallery.admin
if (!SEC_hasRights('mediagallery.admin')) {
COM_errorLog("MediaGallery: Someone has tried to illegally save a Media Gallery Album in Root. User id: {$_USER['uid']}, Username: {$_USER['username']}, IP: {$REMOTE_ADDR}", 1);
return MG_genericError($LANG_MG00['access_denied_msg']);
}
} elseif ($album->parent != 0) {
if (!isset($MG_albums[$album->parent]->id)) {
// does not exist...
COM_errorLog("MediaGallery: Someone has tried to save a album to non-existent parent album. User id: {$_USER['uid']}, Username: {$_USER['username']}, IP: {$REMOTE_ADDR}", 1);
return MG_genericError($LANG_MG00['access_denied_msg']);
} else {
if ($MG_albums[$album->parent]->access != 3 && !SEC_hasRights('mediagallery.admin') && !$_MG_CONF['member_albums'] && !($_MG_CONF['member_album_root'] == $MG_album[$album->parent]->id)) {
COM_errorLog("MediaGallery: Someone has tried to illegally save a Media Gallery Album. User id: {$_USER['uid']}, Username: {$_USER['username']}, IP: {$REMOTE_ADDR}", 1);
return MG_genericError($LANG_MG00['access_denied_msg']);
}
}
}
if ($old_tn_attached == 0 && $album->tn_attached == 1 && $thumb['tmp_name'] == '') {
$album->tn_attached = 0;
}
if ($old_tn_attached == 1 && $album->tn_attached == 0) {
$remove_old_tn = 1;
} else {
$remove_old_tn = 0;
}
if ($thumb['tmp_name'] != '' && $album->tn_attached == 1) {
$thumbnail = $thumb['tmp_name'];
$attachtn = 1;
} else {
$attachtn = 0;
}
// pull the watermark id associated with the filename...
if ($album->wm_id == 'blank.png') {
$wm_id = 0;
} else {
$wm_id = DB_getItem($_TABLES['mg_watermarks'], 'wm_id', 'filename="' . DB_escapeString($album->wm_id) . '"');
}
if ($wm_id == '') {
$wm_id = 0;
}
if ($wm_id == 0) {
$album->wm_auto = 0;
}
$album->wm_id = $wm_id;
// handle new featured albums
if (SEC_hasRights('mediagallery.admin')) {
if ($album->featured) {
// check for other featured albums, we can only have one
$sql = "SELECT album_id FROM {$_TABLES['mg_albums']} WHERE featured=1 AND cbpage='" . DB_escapeString($album->cbpage) . "'";
$result = DB_query($sql);
$nRows = DB_numRows($result);
if ($nRows > 0) {
$row = DB_fetchArray($result);
$sql = "UPDATE {$_TABLES['mg_albums']} SET featured=0 WHERE album_id=" . $row['album_id'];
DB_query($sql);
}
}
} else {
// if a new album, set the member album defaults since we are a non-admin
if ($album->isMemberAlbum() && update == 0) {
$album->perm_owner = $_MG_CONF['member_perm_owner'];
$album->perm_group = $_MG_CONF['member_perm_group'];
$album->enable_random = $_MG_CONF['member_enable_random'];
$album->max_image_height = $_MG_CONF['member_max_height'];
$album->max_image_width = $_MG_CONF['member_max_width'];
$album->max_filesize = $_MG_CONF['member_max_filesize'];
$album->member_uploads = $_MG_CONF['member_uploads'];
$album->moderate = $_MG_CONF['member_moderate'];
$album->email_mod = $_MG_CONF['member_email_mod'];
$album->valid_formats = $_MG_CONF['member_valid_formats'];
}
}
$album->title = substr($album->title, 0, 254);
if ($_DB_dbms == "mssql") {
$album->description = substr($album->description, 0, 1500);
}
if ($album->last_update == '') {
$album->last_update = 0;
}
$album->last_update = intval($album->last_update);
if ($album->id < 1) {
$album->id = $album->createAlbumID();
$aid = $album->id;
$album->order = $album->getNextSortOrder();
}
if ($album->id == 0) {
COM_errorLog("MediaGallery: Internal Error - album_id = 0 - Contact mark@glfusion.org ");
return MG_genericError($LANG_MG00['access_denied_msg']);
}
$album->saveAlbum();
$album->updateChildPermissions($forceChildPermUpdate);
// now handle the attached cover...
if ($attachtn == 1) {
if (!function_exists('MG_getFile')) {
require_once $_CONF['path'] . 'plugins/mediagallery/include/lib-upload.php';
}
$media_filename = $_MG_CONF['path_mediaobjects'] . 'covers/cover_' . $album->id;
MG_attachThumbnail($album->id, $thumbnail, $media_filename);
}
if ($remove_old_tn == 1) {
foreach ($_MG_CONF['validExtensions'] as $ext) {
if (file_exists($_MG_CONF['path_mediaobjects'] . 'covers/cover_' . $album->id . $ext)) {
@unlink($_MG_CONF['path_mediaobjects'] . 'covers/cover_' . $album->id . $ext);
break;
}
}
}
MG_initAlbums(1);
// do any album sorting here...
if (isset($MG_albums[$aid]) && $MG_albums[$aid]->parent == 0) {
switch ($MG_albums[$aid]->album_sort_order) {
case 0:
break;
case 3:
// upload, asc
MG_staticSortAlbum($aid, 2, 1, 0);
break;
case 4:
// upload, desc
MG_staticSortAlbum($aid, 2, 0, 0);
break;
case 5:
// title, asc
MG_staticSortAlbum($aid, 0, 1, 0);
break;
case 6:
// title, desc
MG_staticSortAlbum($aid, 0, 0, 0);
break;
case 7:
// rating, desc
MG_staticSortAlbum($aid, 3, 0, 0);
break;
case 8:
// rating, desc
MG_staticSortAlbum($aid, 3, 1, 0);
break;
default:
// skip it...
break;
}
} else {
// not a root album...
switch ($MG_albums[$MG_albums[$aid]->parent]->album_sort_order) {
case 0:
break;
case 3:
// upload, asc
MG_staticSortAlbum($MG_albums[$aid]->parent, 2, 1, 0);
break;
case 4:
// upload, desc
MG_staticSortAlbum($MG_albums[$aid]->parent, 2, 0, 0);
break;
case 5:
// title, asc
MG_staticSortAlbum($MG_albums[$aid]->parent, 0, 1, 0);
break;
case 6:
// title, desc
MG_staticSortAlbum($MG_albums[$aid]->parent, 0, 0, 0);
break;
case 7:
// rating, desc
MG_staticSortAlbum($MG_albums[$aid]->parent, 3, 0, 0);
break;
case 8:
// rating, desc
MG_staticSortAlbum($MG_albums[$aid]->parent, 3, 1, 0);
break;
default:
// skip it...
break;
}
// now call it for myself to sort my subs
switch ($MG_albums[$aid]->album_sort_order) {
case 0:
break;
case 3:
// upload, asc
MG_staticSortAlbum($aid, 2, 1, 0);
break;
case 4:
// upload, desc
MG_staticSortAlbum($aid, 2, 0, 0);
break;
case 5:
// title, asc
MG_staticSortAlbum($aid, 0, 1, 0);
break;
case 6:
// title, desc
MG_staticSortAlbum($aid, 0, 0, 0);
break;
case 7:
// rating, desc
MG_staticSortAlbum($aid, 3, 0, 0);
break;
case 8:
// rating, desc
MG_staticSortAlbum($aid, 3, 1, 0);
break;
default:
// skip it...
break;
}
}
if (!function_exists('MG_buildFullRSS')) {
require_once $_CONF['path'] . 'plugins/mediagallery/include/rssfeed.php';
}
MG_buildFullRSS();
MG_buildAlbumRSS($album->id);
$actionURL = $_MG_CONF['site_url'] . '/album.php?aid=' . $album->id;
echo COM_refresh($actionURL);
exit;
}
//token expired?
SEC_setCookie($_CONF['cookie_name'] . 'adveditor', SEC_createTokenGeneral('advancededitor'), time() + 1200, $_CONF['cookie_path'], $_CONF['cookiedomain'], $_CONF['cookiesecure'], false);
$display .= COM_siteHeader('menu', $LANG_STATIC['staticpageeditor']);
$display .= COM_showMessage(501);
$editor = '';
if (isset($_GET['editor'])) {
$editor = COM_applyFilter($_GET['editor']);
}
// $mode = 'edit';
$owner_id = $_POST['owner_id'];
$group_id = $_POST['group_id'];
$perm_owner = $_POST['perm_owner'];
$perm_group = $_POST['perm_group'];
$perm_members = $_POST['perm_members'];
$perm_anon = $_POST['perm_anon'];
list($perm_owner, $perm_group, $perm_members, $perm_anon) = SEC_getPermissionValues($perm_owner, $perm_group, $perm_members, $perm_anon);
$_POST['perm_owner'] = $perm_owner;
$_POST['perm_group'] = $perm_group;
$_POST['perm_members'] = $perm_members;
$_POST['perm_anon'] = $perm_anon;
$sp_centerblock = isset($_POST['sp_centerblock']) ? $_POST['sp_centerblock'] : '';
$sp_help = '';
if (!empty($_POST['sp_help'])) {
$sp_help = $_POST['sp_help'];
}
$sp_inblock = isset($_POST['sp_inblock']) ? $_POST['sp_inblock'] : '';
$sp_search = isset($_POST['sp_search']) ? $_POST['sp_search'] : '';
$sp_onmenu = isset($_POST['sp_onmenu']) ? $_POST['sp_onmenu'] : '';
$sp_nf = isset($_POST['sp_nf']) ? $_POST['sp_nf'] : '';
if ($sp_onmenu == 'on') {
$_POST['sp_onmenu'] = 1;
/**
* Saves an event to the database
*
* (parameters should be obvious - old list was incomplete anyway)
* @return string HTML redirect or error message
*
*/
function CALENDAR_saveEvent($eid, $title, $event_type, $url, $allday, $start_month, $start_day, $start_year, $start_hour, $start_minute, $start_ampm, $end_month, $end_day, $end_year, $end_hour, $end_minute, $end_ampm, $location, $address1, $address2, $city, $state, $zipcode, $description, $postmode, $owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon, $hour_mode)
{
global $_CONF, $_TABLES, $_USER, $LANG_CAL_ADMIN, $MESSAGE, $_CA_CONF;
$retval = '';
// Convert array values to numeric permission values
list($perm_owner, $perm_group, $perm_members, $perm_anon) = SEC_getPermissionValues($perm_owner, $perm_group, $perm_members, $perm_anon);
$access = 0;
if (DB_count($_TABLES['events'], 'eid', $eid) > 0) {
$result = DB_query("SELECT owner_id,group_id,perm_owner,perm_group," . "perm_members,perm_anon FROM {$_TABLES['events']} " . "WHERE eid = '{$eid}'");
$A = DB_fetchArray($result);
$access = SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']);
} else {
$access = SEC_hasAccess($owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon);
}
if ($access < 3 || !SEC_inGroup($group_id)) {
$retval .= COM_showMessageText($MESSAGE[29], $MESSAGE[30]);
$retval = COM_createHTMLDocument($retval, array('pagetitle' => $MESSAGE[30]));
COM_accessLog("User {$_USER['username']} tried to illegally submit or edit event {$eid}.");
return $retval;
}
if ($hour_mode == 24) {
// to avoid having to mess with the tried and tested code below, map
// the 24-hour values onto their 12-hour counterparts and use those
if ($start_hour >= 12) {
$start_ampm = 'pm';
$start_hour = $start_hour - 12;
} else {
$start_ampm = 'am';
$start_hour = $start_hour;
}
if ($start_hour == 0) {
$start_hour = 12;
}
if ($end_hour >= 12) {
$end_ampm = 'pm';
$end_hour = $end_hour - 12;
} else {
$end_ampm = 'am';
$end_hour = $end_hour;
}
if ($end_hour == 0) {
$end_hour = 12;
}
}
if ($allday == 'on') {
$allday = 1;
} else {
$allday = 0;
}
// Make sure start date is before end date
if (checkdate($start_month, $start_day, $start_year)) {
$datestart = sprintf('%4d-%02d-%02d', $start_year, $start_month, $start_day);
$timestart = $start_hour . ':' . $start_minute . ':00';
} else {
$retval .= COM_showMessageText($LANG_CAL_ADMIN[23], $LANG_CAL_ADMIN[2]);
$retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG_CAL_ADMIN[2]));
return $retval;
}
if (checkdate($end_month, $end_day, $end_year)) {
$dateend = sprintf('%4d-%02d-%02d', $end_year, $end_month, $end_day);
$timeend = $end_hour . ':' . $end_minute . ':00';
} else {
$retval .= COM_showMessageText($LANG_CAL_ADMIN[24], $LANG_CAL_ADMIN[2]);
$retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG_CAL_ADMIN[2]));
return $retval;
}
if ($allday == 0) {
if ($dateend < $datestart) {
$retval .= COM_showMessageText($LANG_CAL_ADMIN[25], $LANG_CAL_ADMIN[2]);
$retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG_CAL_ADMIN[2]));
return $retval;
}
} else {
if ($dateend < $datestart) {
// Force end date to be same as start date
$dateend = $datestart;
}
}
// Remove any autotags the user doesn't have permission to use
$description = PLG_replaceTags($description, '', true);
// clean 'em up
if ($postmode == 'html') {
$description = COM_checkHTML(COM_checkWords($description), 'calendar.edit');
} else {
$postmode = 'plaintext';
$description = htmlspecialchars(COM_checkWords($description));
}
$description = DB_escapeString($description);
$title = DB_escapeString(strip_tags(COM_checkWords($title)));
$location = DB_escapeString(COM_checkHTML(COM_checkWords($location), 'calendar.edit'));
$address1 = DB_escapeString(strip_tags(COM_checkWords($address1)));
$address2 = DB_escapeString(strip_tags(COM_checkWords($address2)));
$city = DB_escapeString(strip_tags(COM_checkWords($city)));
$zipcode = DB_escapeString(strip_tags(COM_checkWords($zipcode)));
$event_type = DB_escapeString(strip_tags(COM_checkWords($event_type)));
$url = DB_escapeString(strip_tags($url));
if ($allday == 0) {
// Add 12 to make time on 24 hour clock if needed
if ($start_ampm == 'pm' and $start_hour != 12) {
$start_hour = $start_hour + 12;
}
// If 12AM set hour to 00
if ($start_ampm == 'am' and $start_hour == 12) {
$start_hour = '00';
}
// Add 12 to make time on 24 hour clock if needed
if ($end_ampm == 'pm' and $end_hour != 12) {
$end_hour = $end_hour + 12;
}
// If 12AM set hour to 00
if ($end_ampm == 'am' and $end_hour == 12) {
$end_hour = '00';
}
$timestart = $start_hour . ':' . $start_minute . ':00';
$timeend = $end_hour . ':' . $end_minute . ':00';
}
if (!empty($eid) and !empty($description) and !empty($title)) {
if (!SEC_checkToken()) {
COM_accessLog("User {$_USER['username']} tried to save event {$eid} and failed CSRF checks.");
COM_redirect($_CONF['site_admin_url'] . '/plugins/calendar/index.php');
}
$hits = DB_getItem($_TABLES['events'], 'hits', "eid = '{$eid}'");
if (empty($hits)) {
$hits = 0;
}
DB_delete($_TABLES['eventsubmission'], 'eid', $eid);
DB_save($_TABLES['events'], 'eid,title,event_type,url,allday,datestart,dateend,timestart,' . 'timeend,location,address1,address2,city,state,zipcode,description,' . 'postmode,owner_id,group_id,perm_owner,perm_group,perm_members,' . 'perm_anon,hits', "'{$eid}','{$title}','{$event_type}','{$url}',{$allday},'{$datestart}'," . "'{$dateend}','{$timestart}','{$timeend}','{$location}','{$address1}'," . "'{$address2}','{$city}','{$state}','{$zipcode}','{$description}','{$postmode}'," . "{$owner_id},{$group_id},{$perm_owner},{$perm_group},{$perm_members},{$perm_anon},{$hits}");
if (DB_count($_TABLES['personal_events'], 'eid', $eid) > 0) {
$result = DB_query("SELECT uid FROM {$_TABLES['personal_events']} " . "WHERE eid = '{$eid}'");
$numrows = DB_numRows($result);
for ($i = 1; $i <= $numrows; $i++) {
$P = DB_fetchArray($result);
DB_save($_TABLES['personal_events'], 'eid,title,event_type,datestart,dateend,address1,address2,' . 'city,state,zipcode,allday,url,description,postmode,' . 'group_id,owner_id,perm_owner,perm_group,perm_members,' . 'perm_anon,uid,location,timestart,timeend', "'{$eid}','{$title}','{$event_type}','{$datestart}','{$dateend}'," . "'{$address1}','{$address2}','{$city}','{$state}','{$zipcode}'," . "{$allday},'{$url}','{$description}','{$postmode}',{$group_id}," . "{$owner_id},{$perm_owner},{$perm_group},{$perm_members}," . "{$perm_anon},{$P['uid']},'{$location}','{$timestart}','{$timeend}'");
}
}
PLG_itemSaved($eid, 'calendar');
COM_rdfUpToDateCheck('calendar', $event_type, $eid);
return PLG_afterSaveSwitch($_CA_CONF['aftersave'], $_CONF['site_url'] . '/calendar/event.php?eid=' . $eid, 'calendar', 17);
} else {
$retval .= COM_showMessageText($LANG_CAL_ADMIN[10], $LANG_CAL_ADMIN[2]);
$retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG_CAL_ADMIN[2]));
return $retval;
}
}
/**
* Saves a poll
*
* Saves a poll topic and potential answers to the database
*
* @param string $pid Poll topic ID
* @param string $old_pid Previous poll topic ID
* @param array $Q Array of poll questions
* @param string $mainpage Checkbox: poll appears on homepage
* @param string $topic The text for the topic
* @param string $meta_description
* @param string $meta_keywords
* @param int $statuscode (unused)
* @param string $open Checkbox: poll open for voting
* @param string $hideresults Checkbox: hide results until closed
* @param int $commentcode Indicates if users can comment on poll
* @param array $A Array of possible answers
* @param array $V Array of vote per each answer
* @param array $R Array of remark per each answer
* @param int $owner_id ID of poll owner
* @param int $group_id ID of group poll belongs to
* @param int $perm_owner Permissions the owner has on poll
* @param int $perm_grup Permissions the group has on poll
* @param int $perm_members Permissions logged in members have on poll
* @param int $perm_anon Permissions anonymous users have on poll
* @return string HTML redirect or error message
*
*/
function savepoll($pid, $old_pid, $Q, $mainpage, $topic, $meta_description, $meta_keywords, $statuscode, $open, $hideresults, $commentcode, $A, $V, $R, $owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon)
{
global $_CONF, $_TABLES, $_USER, $LANG21, $LANG25, $MESSAGE, $_POLL_VERBOSE, $_PO_CONF;
$retval = '';
// Convert array values to numeric permission values
list($perm_owner, $perm_group, $perm_members, $perm_anon) = SEC_getPermissionValues($perm_owner, $perm_group, $perm_members, $perm_anon);
$topic = COM_stripslashes($topic);
$meta_description = strip_tags(COM_stripslashes($meta_description));
$meta_keywords = strip_tags(COM_stripslashes($meta_keywords));
$pid = COM_sanitizeID($pid);
$old_pid = COM_sanitizeID($old_pid);
if (empty($pid)) {
if (empty($old_pid)) {
$pid = COM_makeSid();
} else {
$pid = $old_pid;
}
}
// check if any question was entered
if (empty($topic) or count($Q) == 0 or strlen($Q[0]) == 0 or strlen($A[0][0]) == 0) {
$retval .= COM_siteHeader('menu', $LANG25[5]);
$retval .= COM_startBlock($LANG21[32], '', COM_getBlockTemplate('_msg_block', 'header'));
$retval .= $LANG25[2];
$retval .= COM_endBlock(COM_getBlockTemplate('_msg_block', 'footer'));
$retval .= COM_siteFooter();
return $retval;
}
if (!SEC_checkToken()) {
COM_accessLog("User {$_USER['username']} tried to save poll {$pid} and failed CSRF checks.");
return COM_refresh($_CONF['site_admin_url'] . '/plugins/polls/index.php');
}
// check for poll id change
if (!empty($old_pid) && $pid != $old_pid) {
// check if new pid is already in use
if (DB_count($_TABLES['polltopics'], 'pid', $pid) > 0) {
// TBD: abort, display editor with all content intact again
$pid = $old_pid;
// for now ...
}
}
// start processing the poll topic
if ($_POLL_VERBOSE) {
COM_errorLog('**** Inside savepoll() in ' . $_CONF['site_admin_url'] . '/plugins/polls/index.php ***');
}
$access = 0;
if (DB_count($_TABLES['polltopics'], 'pid', $pid) > 0) {
$result = DB_query("SELECT owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon FROM {$_TABLES['polltopics']} WHERE pid = '{$pid}'");
$P = DB_fetchArray($result);
$access = SEC_hasAccess($P['owner_id'], $P['group_id'], $P['perm_owner'], $P['perm_group'], $P['perm_members'], $P['perm_anon']);
} else {
$access = SEC_hasAccess($owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon);
}
if ($access < 3 || !SEC_inGroup($group_id)) {
$display .= COM_siteHeader('menu', $MESSAGE[30]) . COM_showMessageText($MESSAGE[29], $MESSAGE[30]) . COM_siteFooter();
COM_accessLog("User {$_USER['username']} tried to illegally submit or edit poll {$pid}.");
COM_output($display);
exit;
}
if (empty($voters)) {
$voters = 0;
}
if ($_POLL_VERBOSE) {
COM_errorLog('owner permissions: ' . $perm_owner, 1);
COM_errorLog('group permissions: ' . $perm_group, 1);
COM_errorLog('member permissions: ' . $perm_members, 1);
COM_errorLog('anonymous permissions: ' . $perm_anon, 1);
}
// we delete everything and re-create it with the input from the form
$del_pid = $pid;
if (!empty($old_pid) && $pid != $old_pid) {
$del_pid = $old_pid;
// delete by old pid, create using new pid below
}
DB_delete($_TABLES['polltopics'], 'pid', $del_pid);
DB_delete($_TABLES['pollanswers'], 'pid', $del_pid);
DB_delete($_TABLES['pollquestions'], 'pid', $del_pid);
$topic = addslashes($topic);
$meta_description = addslashes($meta_description);
$meta_keywords = addslashes($meta_keywords);
$k = 0;
// set up a counter to make sure we do assign a straight line of question id's
$v = 0;
// re-count votes sine they might have been changed
// first dimension of array are the questions
$num_questions = count($Q);
for ($i = 0; $i < $num_questions; $i++) {
$Q[$i] = COM_stripslashes($Q[$i]);
if (strlen($Q[$i]) > 0) {
// only insert questions that exist
$Q[$i] = addslashes($Q[$i]);
DB_save($_TABLES['pollquestions'], 'qid, pid, question', "'{$k}', '{$pid}', '{$Q[$i]}'");
// within the questions, we have another dimensions with answers,
// votes and remarks
$num_answers = count($A[$i]);
for ($j = 0; $j < $num_answers; $j++) {
$A[$i][$j] = COM_stripslashes($A[$i][$j]);
if (strlen($A[$i][$j]) > 0) {
// only insert answers etc that exist
if (!is_numeric($V[$i][$j])) {
$V[$i][$j] = "0";
}
$A[$i][$j] = addslashes($A[$i][$j]);
$R[$i][$j] = addslashes($R[$i][$j]);
$sql = "INSERT INTO {$_TABLES['pollanswers']} (pid, qid, aid, answer, votes, remark) VALUES " . "('{$pid}', '{$k}', " . ($j + 1) . ", '{$A[$i][$j]}', {$V[$i][$j]}, '{$R[$i][$j]}');";
DB_query($sql);
$v = $v + $V[$i][$j];
}
}
$k++;
}
}
// save topics after the questions so we can include question count into table
$sql = "'{$pid}','{$topic}','{$meta_description}','{$meta_keywords}',{$v}, {$k}, '" . date('Y-m-d H:i:s');
if ($mainpage == 'on') {
$sql .= "',1";
} else {
$sql .= "',0";
}
if ($open == 'on') {
$sql .= ",1";
} else {
$sql .= ",0";
}
if ($hideresults == 'on') {
$sql .= ",1";
} else {
$sql .= ",0";
}
$sql .= ",'{$statuscode}','{$commentcode}',{$owner_id},{$group_id},{$perm_owner},{$perm_group},{$perm_members},{$perm_anon}";
// Save poll topic
DB_save($_TABLES['polltopics'], "pid, topic, meta_description, meta_keywords, voters, questions, date, display, is_open, hideresults, statuscode, commentcode, owner_id, group_id, perm_owner, perm_group, perm_members, perm_anon", $sql);
if (empty($old_pid) || $old_pid == $pid) {
PLG_itemSaved($pid, 'polls');
} else {
DB_change($_TABLES['comments'], 'sid', addslashes($pid), array('sid', 'type'), array(addslashes($old_pid), 'polls'));
PLG_itemSaved($pid, 'polls', $old_pid);
}
if ($_POLL_VERBOSE) {
COM_errorLog('**** Leaving savepoll() in ' . $_CONF['site_admin_url'] . '/plugins/polls/index.php ***');
}
return PLG_afterSaveSwitch($_PO_CONF['aftersave'], $_CONF['site_url'] . '/polls/index.php?pid=' . $pid, 'polls', 19);
return COM_refresh($_CONF['site_admin_url'] . '/plugins/polls/index.php?msg=19');
}
/**
* Loads the basic details of an article into the internal
* variables, cleaning them up nicely.
* @access Private
* @param $array Array of POST/GET data (by ref).
* @return Nothing.
*/
function _loadBasics(&$array)
{
/* For the really, really basic stuff, we can very easily load them
* based on an array that defines how to COM_applyFilter them.
*/
foreach ($this->_postFields as $key => $value) {
$vartype = $value[0];
$varname = $value[1];
// If we have a value
if (array_key_exists($key, $array)) {
// And it's alphanumeric or numeric, filter it and use it.
if ($vartype == STORY_AL_ALPHANUM || $vartype == STORY_AL_NUMERIC) {
$this->{$varname} = COM_applyFilter($array[$key], $vartype);
} elseif ($vartype == STORY_AL_ANYTHING) {
$this->{$varname} = $array[$key];
} elseif ($array[$key] === 'on' || $array[$key] === 1) {
// If it's a checkbox that is on
$this->{$varname} = 1;
} else {
// Otherwise, it must be a checkbox that is off:
$this->{$varname} = 0;
}
} elseif ($vartype == STORY_AL_NUMERIC || $vartype == STORY_AL_CHECKBOX) {
// If we don't have a value, and have a numeric or text box, default to 0
$this->{$varname} = 0;
}
}
// SID's are a special case:
$sid = COM_sanitizeID($array['sid']);
if (isset($array['old_sid'])) {
$oldsid = COM_sanitizeID($array['old_sid'], false);
} else {
$oldsid = '';
}
if (empty($sid)) {
$sid = $oldsid;
}
if (empty($sid)) {
$sid = COM_makeSid();
}
$this->_sid = $sid;
$this->_originalSid = $oldsid;
/* Need to deal with the postdate and expiry date stuff */
$publish_ampm = '';
if (isset($array['publish_ampm'])) {
$publish_ampm = COM_applyFilter($array['publish_ampm']);
}
$publish_hour = 0;
if (isset($array['publish_hour'])) {
$publish_hour = COM_applyFilter($array['publish_hour'], true);
}
$publish_minute = 0;
if (isset($array['publish_minute'])) {
$publish_minute = COM_applyFilter($array['publish_minute'], true);
}
$publish_second = 0;
if (isset($array['publish_second'])) {
$publish_second = COM_applyFilter($array['publish_second'], true);
}
if ($publish_ampm == 'pm') {
if ($publish_hour < 12) {
$publish_hour = $publish_hour + 12;
}
}
if ($publish_ampm == 'am' and $publish_hour == 12) {
$publish_hour = '00';
}
$publish_year = 0;
if (isset($array['publish_year'])) {
$publish_year = COM_applyFilter($array['publish_year'], true);
}
$publish_month = 0;
if (isset($array['publish_month'])) {
$publish_month = COM_applyFilter($array['publish_month'], true);
}
$publish_day = 0;
if (isset($array['publish_day'])) {
$publish_day = COM_applyFilter($array['publish_day'], true);
}
$this->_date = strtotime("{$publish_month}/{$publish_day}/{$publish_year} {$publish_hour}:{$publish_minute}:{$publish_second}");
$archiveflag = 0;
if (isset($array['archiveflag'])) {
$archiveflag = COM_applyFilter($array['archiveflag'], true);
}
/* Override status code if no archive flag is set: */
if ($archiveflag != 1) {
$this->_statuscode = 0;
}
if (array_key_exists('expire_ampm', $array)) {
$expire_ampm = COM_applyFilter($array['expire_ampm']);
$expire_hour = COM_applyFilter($array['expire_hour'], true);
$expire_minute = COM_applyFilter($array['expire_minute'], true);
$expire_second = COM_applyFilter($array['expire_second'], true);
$expire_year = COM_applyFilter($array['expire_year'], true);
$expire_month = COM_applyFilter($array['expire_month'], true);
$expire_day = COM_applyFilter($array['expire_day'], true);
if ($expire_ampm == 'pm') {
if ($expire_hour < 12) {
$expire_hour = $expire_hour + 12;
}
}
if ($expire_ampm == 'am' and $expire_hour == 12) {
$expire_hour = '00';
}
$expiredate = strtotime("{$expire_month}/{$expire_day}/{$expire_year} {$expire_hour}:{$expire_minute}:{$expire_second}");
} else {
$expiredate = time();
}
$this->_expire = $expiredate;
// comment expire time
if (isset($array['cmt_close_flag'])) {
$cmt_close_ampm = COM_applyFilter($array['cmt_close_ampm']);
$cmt_close_hour = COM_applyFilter($array['cmt_close_hour'], true);
$cmt_close_minute = COM_applyFilter($array['cmt_close_minute'], true);
$cmt_close_second = COM_applyFilter($array['cmt_close_second'], true);
$cmt_close_year = COM_applyFilter($array['cmt_close_year'], true);
$cmt_close_month = COM_applyFilter($array['cmt_close_month'], true);
$cmt_close_day = COM_applyFilter($array['cmt_close_day'], true);
if ($cmt_close_ampm == 'pm') {
if ($cmt_close_hour < 12) {
$cmt_close_hour = $cmt_close_hour + 12;
}
}
if ($cmt_close_ampm == 'am' and $cmt_close_hour == 12) {
$cmt_close_hour = '00';
}
$cmt_close_date = strtotime("{$cmt_close_month}/{$cmt_close_day}/{$cmt_close_year} {$cmt_close_hour}:{$cmt_close_minute}:{$cmt_close_second}");
$this->_comment_expire = $cmt_close_date;
} else {
$this->_comment_expire = 0;
}
/* Then grab the permissions */
// Convert array values to numeric permission values
if (is_array($array['perm_owner']) || is_array($array['perm_group']) || is_array($array['perm_members']) || is_array($array['perm_anon'])) {
list($this->_perm_owner, $this->_perm_group, $this->_perm_members, $this->_perm_anon) = SEC_getPermissionValues($array['perm_owner'], $array['perm_group'], $array['perm_members'], $array['perm_anon']);
} else {
$this->_perm_owner = $array['perm_owner'];
$this->_perm_group = $array['perm_group'];
$this->_perm_members = $array['perm_members'];
$this->_perm_anon = $array['perm_anon'];
}
}
/**
* Submit static page. The page is updated if it exists, or a new one is created
*
* @param array args Contains all the data provided by the client
* @param string &output OUTPUT parameter containing the returned text
* @param string &svc_msg OUTPUT parameter containing any service messages
* @return int Response code as defined in lib-plugins.php
*/
function service_submit_staticpages($args, &$output, &$svc_msg)
{
global $_CONF, $_TABLES, $_USER, $LANG_ACCESS, $LANG12, $LANG_STATIC, $_GROUPS, $_SP_CONF;
if (!$_CONF['disable_webservices']) {
require_once $_CONF['path_system'] . 'lib-webservices.php';
}
$output = '';
if (!SEC_hasRights('staticpages.edit')) {
$output = COM_siteHeader('menu', $LANG_STATIC['access_denied']);
$output .= COM_startBlock($LANG_STATIC['access_denied'], '', COM_getBlockTemplate('_msg_block', 'header'));
$output .= $LANG_STATIC['access_denied_msg'];
$output .= COM_endBlock(COM_getBlockTemplate('_msg_block', 'footer'));
$output .= COM_siteFooter();
return PLG_RET_AUTH_FAILED;
}
$gl_edit = false;
if (isset($args['gl_edit'])) {
$gl_edit = $args['gl_edit'];
}
if ($gl_edit) {
// This is EDIT mode, so there should be an sp_old_id
if (empty($args['sp_old_id'])) {
if (!empty($args['id'])) {
$args['sp_old_id'] = $args['id'];
} else {
return PLG_RET_ERROR;
}
if (empty($args['sp_id'])) {
$args['sp_id'] = $args['sp_old_id'];
}
}
} else {
if (empty($args['sp_id']) && !empty($args['id'])) {
$args['sp_id'] = $args['id'];
}
}
if (empty($args['sp_title']) && !empty($args['title'])) {
$args['sp_title'] = $args['title'];
}
if (empty($args['sp_content']) && !empty($args['content'])) {
$args['sp_content'] = $args['content'];
}
if (isset($args['category']) && is_array($args['category']) && !empty($args['category'][0])) {
$args['sp_tid'] = $args['category'][0];
}
if (!isset($args['owner_id'])) {
$args['owner_id'] = $_USER['uid'];
}
if (empty($args['group_id'])) {
$args['group_id'] = SEC_getFeatureGroup('staticpages.edit', $_USER['uid']);
}
$args['sp_id'] = COM_sanitizeID($args['sp_id']);
if (!$gl_edit) {
if (strlen($args['sp_id']) > STATICPAGE_MAX_ID_LENGTH) {
$slug = '';
if (isset($args['slug'])) {
$slug = $args['slug'];
}
if (function_exists('WS_makeId')) {
$args['sp_id'] = WS_makeId($slug, STATICPAGE_MAX_ID_LENGTH);
} else {
$args['sp_id'] = COM_makeSid();
}
}
}
// Apply filters to the parameters passed by the webservice
if ($args['gl_svc']) {
$par_str = array('mode', 'sp_id', 'sp_old_id', 'sp_tid', 'sp_format', 'postmode');
$par_num = array('sp_hits', 'owner_id', 'group_id', 'sp_where', 'sp_php', 'commentcode');
foreach ($par_str as $str) {
if (isset($args[$str])) {
$args[$str] = COM_applyBasicFilter($args[$str]);
} else {
$args[$str] = '';
}
}
foreach ($par_num as $num) {
if (isset($args[$num])) {
$args[$num] = COM_applyBasicFilter($args[$num], true);
} else {
$args[$num] = 0;
}
}
}
// START: Staticpages defaults
if (empty($args['sp_format'])) {
$args['sp_format'] = 'allblocks';
}
if (empty($args['sp_tid'])) {
$args['sp_tid'] = 'all';
}
if ($args['sp_where'] < 0 || $args['sp_where'] > 3) {
$args['sp_where'] = 0;
}
if ($args['sp_php'] < 0 || $args['sp_php'] > 2) {
$args['sp_php'] = 0;
}
if ($args['commentcode'] < -1 || $args['commentcode'] > 1) {
$args['commentcode'] = $_CONF['comment_code'];
}
if ($args['gl_svc']) {
// Permissions
if (!isset($args['perm_owner'])) {
$args['perm_owner'] = $_SP_CONF['default_permissions'][0];
} else {
$args['perm_owner'] = COM_applyBasicFilter($args['perm_owner'], true);
}
if (!isset($args['perm_group'])) {
$args['perm_group'] = $_SP_CONF['default_permissions'][1];
} else {
$args['perm_group'] = COM_applyBasicFilter($args['perm_group'], true);
}
if (!isset($args['perm_members'])) {
$args['perm_members'] = $_SP_CONF['default_permissions'][2];
} else {
$args['perm_members'] = COM_applyBasicFilter($args['perm_members'], true);
}
if (!isset($args['perm_anon'])) {
$args['perm_anon'] = $_SP_CONF['default_permissions'][3];
} else {
$args['perm_anon'] = COM_applyBasicFilter($args['perm_anon'], true);
}
if (!isset($args['sp_onmenu'])) {
$args['sp_onmenu'] = '';
} elseif ($args['sp_onmenu'] == 'on' && empty($args['sp_label'])) {
$svc_msg['error_desc'] = 'Menu label missing';
return PLG_RET_ERROR;
}
if (empty($args['sp_content'])) {
$svc_msg['error_desc'] = 'No content';
return PLG_RET_ERROR;
}
if (empty($args['sp_inblock']) && $_SP_CONF['in_block'] == '1') {
$args['sp_inblock'] = 'on';
}
if (empty($args['sp_centerblock'])) {
$args['sp_centerblock'] = '';
}
if (empty($args['draft_flag']) && $_SP_CONF['draft_flag'] == '1') {
$args['draft_flag'] = 'on';
}
if (empty($args['template_flag'])) {
$args['template_flag'] = '';
}
if (empty($args['template_id'])) {
$args['template_id'] = '';
}
}
// END: Staticpages defaults
$sp_id = $args['sp_id'];
$sp_title = $args['sp_title'];
$sp_page_title = $args['sp_page_title'];
$sp_content = $args['sp_content'];
$sp_hits = $args['sp_hits'];
$sp_format = $args['sp_format'];
$sp_onmenu = $args['sp_onmenu'];
$sp_label = '';
if (!empty($args['sp_label'])) {
$sp_label = $args['sp_label'];
}
$meta_description = $args['meta_description'];
$meta_keywords = $args['meta_keywords'];
$commentcode = $args['commentcode'];
$owner_id = $args['owner_id'];
$group_id = $args['group_id'];
$perm_owner = $args['perm_owner'];
$perm_group = $args['perm_group'];
$perm_members = $args['perm_members'];
$perm_anon = $args['perm_anon'];
$sp_php = $args['sp_php'];
$sp_nf = '';
if (!empty($args['sp_nf'])) {
$sp_nf = $args['sp_nf'];
}
$sp_old_id = $args['sp_old_id'];
$sp_centerblock = $args['sp_centerblock'];
$draft_flag = $args['draft_flag'];
$template_flag = $args['template_flag'];
$template_id = $args['template_id'];
$sp_help = '';
if (!empty($args['sp_help'])) {
$sp_help = $args['sp_help'];
}
$sp_tid = $args['sp_tid'];
$sp_where = $args['sp_where'];
$sp_inblock = $args['sp_inblock'];
$postmode = $args['postmode'];
if ($gl_edit && !empty($args['gl_etag'])) {
// First load the original staticpage to check if it has been modified
$o = array();
$s = array();
$r = service_get_staticpages(array('sp_id' => $sp_old_id, 'gl_svc' => true), $o, $s);
if ($r == PLG_RET_OK) {
if ($args['gl_etag'] != $o['updated']) {
$svc_msg['error_desc'] = 'A more recent version of the staticpage is available';
return PLG_RET_PRECONDITION_FAILED;
}
} else {
$svc_msg['error_desc'] = 'The requested staticpage no longer exists';
return PLG_RET_ERROR;
}
}
// Check for unique page ID
$duplicate_id = false;
$delete_old_page = false;
if (DB_count($_TABLES['staticpage'], 'sp_id', $sp_id) > 0) {
if ($sp_id != $sp_old_id) {
$duplicate_id = true;
}
} elseif (!empty($sp_old_id)) {
if ($sp_id != $sp_old_id) {
$delete_old_page = true;
}
}
if ($duplicate_id) {
$output .= COM_siteHeader('menu', $LANG_STATIC['staticpageeditor']);
$output .= COM_errorLog($LANG_STATIC['duplicate_id'], 2);
if (!$args['gl_svc']) {
$output .= staticpageeditor($sp_id);
}
$output .= COM_siteFooter();
$svc_msg['error_desc'] = 'Duplicate ID';
return PLG_RET_ERROR;
} elseif (!empty($sp_title) && !empty($sp_content)) {
if (empty($sp_hits)) {
$sp_hits = 0;
}
if ($sp_onmenu == 'on') {
$sp_onmenu = 1;
} else {
$sp_onmenu = 0;
}
if ($sp_nf == 'on') {
$sp_nf = 1;
} else {
$sp_nf = 0;
}
if ($sp_centerblock == 'on') {
$sp_centerblock = 1;
} else {
$sp_centerblock = 0;
}
if ($sp_inblock == 'on') {
$sp_inblock = 1;
} else {
$sp_inblock = 0;
}
if ($draft_flag == 'on') {
$draft_flag = 1;
} else {
$draft_flag = 0;
}
if ($template_flag == 'on') {
$template_flag = 1;
} else {
$template_flag = 0;
}
// Remove any autotags the user doesn't have permission to use
$sp_content = PLG_replaceTags($sp_content, '', true);
// Clean up the text
if ($_SP_CONF['censor'] == 1) {
$sp_content = COM_checkWords($sp_content);
$sp_title = COM_checkWords($sp_title);
}
if ($_SP_CONF['filter_html'] == 1) {
$sp_content = COM_checkHTML($sp_content, 'staticpages.edit');
}
$sp_title = strip_tags($sp_title);
$sp_page_title = strip_tags($sp_page_title);
$sp_label = strip_tags($sp_label);
$meta_description = strip_tags($meta_description);
$meta_keywords = strip_tags($meta_keywords);
$sp_content = addslashes($sp_content);
$sp_title = addslashes($sp_title);
$sp_page_title = addslashes($sp_page_title);
$sp_label = addslashes($sp_label);
$meta_description = addslashes($meta_description);
$meta_keywords = addslashes($meta_keywords);
// If user does not have php edit perms, then set php flag to 0.
if ($_SP_CONF['allow_php'] != 1 || !SEC_hasRights('staticpages.PHP')) {
$sp_php = 0;
}
// If marked as a template then set id to nothing and other default settings
if ($template_flag == 1) {
$template_id = '';
$sp_onmenu = 0;
$sp_label = "";
$sp_centerblock = 0;
$sp_php = 0;
$sp_inblock = 0;
$sp_nf = 0;
$sp_hits = 0;
$meta_description = "";
$meta_keywords = "";
} else {
// See if it was a template before, if so and option changed, remove use from other pages
if (DB_getItem($_TABLES['staticpage'], 'template_flag', "sp_id = '{$sp_old_id}'") == 1) {
$sql = "UPDATE {$_TABLES['staticpage']} SET template_id = '' WHERE template_id = '{$sp_old_id}'";
$result = DB_query($sql);
}
if ($template_id != '') {
// If using a template, make sure php disabled
$sp_php = 0;
// Double check template id exists and is still a template
$perms = SP_getPerms();
if (!empty($perms)) {
$perms = ' AND ' . $perms;
}
if (DB_getItem($_TABLES['staticpage'], 'COUNT(sp_id)', "sp_id = '{$template_id}' AND template_flag = 1 AND (draft_flag = 0)" . $perms) == 0) {
$template_id = '';
}
}
}
// make sure there's only one "entire page" static page per topic
if ($sp_centerblock == 1 && $sp_where == 0) {
$sql = "UPDATE {$_TABLES['staticpage']} SET sp_centerblock = 0 WHERE (sp_centerblock = 1) AND (sp_where = 0) AND (sp_tid = '{$sp_tid}') AND (draft_flag = 0)";
// if we're in a multi-language setup, we need to allow one "entire
// page" centerblock for 'all' or 'none' per language
if (!empty($_CONF['languages']) && !empty($_CONF['language_files']) && ($sp_tid == 'all' || $sp_tid == 'none')) {
$ids = explode('_', $sp_id);
if (count($ids) > 1) {
$lang_id = array_pop($ids);
$sql .= " AND sp_id LIKE '%\\_{$lang_id}'";
}
}
DB_query($sql);
}
$formats = array('allblocks', 'blankpage', 'leftblocks', 'noblocks');
if (!in_array($sp_format, $formats)) {
$sp_format = 'allblocks';
}
if (!$args['gl_svc']) {
list($perm_owner, $perm_group, $perm_members, $perm_anon) = SEC_getPermissionValues($perm_owner, $perm_group, $perm_members, $perm_anon);
}
// Retrieve created date
$datecreated = DB_getItem($_TABLES['staticpage'], 'created', "sp_id = '{$sp_id}'");
if ($datecreated == '') {
$datecreated = date('Y-m-d H:i:s');
}
DB_save($_TABLES['staticpage'], 'sp_id,sp_title,sp_page_title, sp_content,created,modified,sp_hits,sp_format,sp_onmenu,sp_label,commentcode,meta_description,meta_keywords,template_flag,template_id,draft_flag,owner_id,group_id,' . 'perm_owner,perm_group,perm_members,perm_anon,sp_php,sp_nf,sp_centerblock,sp_help,sp_tid,sp_where,sp_inblock,postmode', "'{$sp_id}','{$sp_title}','{$sp_page_title}','{$sp_content}','{$datecreated}',NOW(),{$sp_hits},'{$sp_format}',{$sp_onmenu},'{$sp_label}','{$commentcode}','{$meta_description}','{$meta_keywords}',{$template_flag},'{$template_id}',{$draft_flag},{$owner_id},{$group_id}," . "{$perm_owner},{$perm_group},{$perm_members},{$perm_anon},'{$sp_php}','{$sp_nf}',{$sp_centerblock},'{$sp_help}','{$sp_tid}',{$sp_where}," . "'{$sp_inblock}','{$postmode}'");
if ($delete_old_page && !empty($sp_old_id)) {
// If a template and the id changed, update any staticpages that use it
if ($template_flag == 1) {
$sql = "UPDATE {$_TABLES['staticpage']} SET template_id = '{$sp_id}' WHERE template_id = '{$sp_old_id}'";
$result = DB_query($sql);
}
DB_delete($_TABLES['staticpage'], 'sp_id', $sp_old_id);
}
if (empty($sp_old_id) || $sp_id == $sp_old_id) {
if (!$template_flag) {
PLG_itemSaved($sp_id, 'staticpages');
} else {
// If template then have to notify of all pages that use this template that a change to the page happened
$sql = "SELECT sp_id FROM {$_TABLES['staticpage']} WHERE template_id = '{$sp_id}'";
$result = DB_query($sql);
while ($A = DB_fetchArray($result)) {
PLG_itemSaved($A['sp_id'], 'staticpages');
}
}
} else {
DB_change($_TABLES['comments'], 'sid', addslashes($sp_id), array('sid', 'type'), array(addslashes($sp_old_id), 'staticpages'));
if (!$template_flag) {
PLG_itemSaved($sp_id, 'staticpages', $sp_old_id);
} else {
// If template then have to notify of all pages that use this template that a change to the page happened
$sql = "SELECT sp_id FROM {$_TABLES['staticpage']} WHERE template_id = '{$sp_id}'";
$result = DB_query($sql);
while ($A = DB_fetchArray($result)) {
PLG_itemSaved($A['sp_id'], 'staticpages');
}
}
}
$url = COM_buildURL($_CONF['site_url'] . '/staticpages/index.php?page=' . $sp_id);
$output .= PLG_afterSaveSwitch($_SP_CONF['aftersave'], $url, 'staticpages', 19);
$svc_msg['id'] = $sp_id;
return PLG_RET_OK;
} else {
$output .= COM_siteHeader('menu', $LANG_STATIC['staticpageeditor']);
$output .= COM_errorLog($LANG_STATIC['no_title_or_content'], 2);
if (!$args['gl_svc']) {
$output .= staticpageeditor($sp_id);
}
$output .= COM_siteFooter();
return PLG_RET_ERROR;
}
}
COM_errorLog("Someone has tried to illegally access the external Admin page. User id: {$_USER['uid']}, Username: {$_USER['username']}, IP: {$REMOTE_ADDR}", 1);
$display = COM_siteHeader();
$display .= COM_startBlock($LANG_EX00['access_denied']);
$display .= $LANG_EX00['access_denied_msg'];
$display .= COM_endBlock();
$display .= COM_siteFooter(true);
echo $display;
exit;
}
/**
* Main
*/
$exid = (int) $_REQUEST['exid'];
switch ($_REQUEST['action']) {
case $LANG_EX00['save']:
list($perm_owner, $perm_group, $perm_members, $perm_anon) = SEC_getPermissionValues($_REQUEST['perm_owner'], $_REQUEST['perm_group'], $_REQUEST['perm_members'], $_REQUEST['perm_anon']);
if ($exid == 0) {
$sql = "INSERT INTO ";
} else {
$sql = "UPDATE ";
}
$sql .= " {$_TABLES['external']} SET\n title='" . DB_escapeString($_REQUEST['title']) . "',\n url='" . DB_escapeString($_REQUEST['url']) . "',\n hits='" . DB_escapeString($_REQUEST['hits']) . "',\n group_id=" . (int) $_REQUEST['group_id'] . ",\n owner_id=" . (int) $_REQUEST['owner_id'] . ",\n perm_owner={$perm_owner},\n perm_group={$perm_group},\n perm_members={$perm_members},\n perm_anon={$perm_anon} ";
if ($exid != 0) {
$sql .= " WHERE exid={$exid}";
}
DB_query($sql);
echo COM_refresh($_CONF['site_admin_url'] . "/plugins/external/index.php");
exit;
case $LANG_EX00['delete']:
DB_delete($_TABLES['external'], 'exid', $exid);
echo COM_refresh($_CONF['site_admin_url'] . "/plugins/external/index.php");
/**
* Prepare an array of the standard permission values
* This helper functions does the following:
* 1) filter permission values, e.g. after a POST request
* 2) translates the permission checkbox arrays into numerical values
* 3) ensures that all the standard permission entries are set, so you don't
* have to check with isset() all the time
* <code>
* $PERM = SEC_filterPermissions($_POST);
* if ($PERM['perm_anon'] != 0) { ...
* </code>
*
* @param array $A array to filter on, e.g. $_POST
* @return array array of only the 6 standard permission values
* @see SEC_getPermissionValues
*/
function SEC_filterPermissions($A)
{
$retval = array();
if (isset($A['owner_id'])) {
$retval['owner_id'] = COM_applyFilter($A['owner_id'], true);
} else {
$retval['owner_id'] = 0;
}
if (isset($A['group_id'])) {
$retval['group_id'] = COM_applyFilter($A['group_id'], true);
} else {
$retval['group_id'] = 0;
}
$perms = array('perm_owner', 'perm_group', 'perm_members', 'perm_anon');
$B = array();
foreach ($perms as $p) {
if (isset($A[$p])) {
$B[$p] = $A[$p];
} else {
$B[$p] = array();
}
}
$B = SEC_getPermissionValues($B['perm_owner'], $B['perm_group'], $B['perm_members'], $B['perm_anon']);
for ($i = 0; $i < 4; $i++) {
$retval[$perms[$i]] = $B[$i];
}
return $retval;
}
/**
* Sets all variables to the matching values from the provided array
*
* @param array $A Array of values, from DB or $_POST
*/
function SetVars($A, $fromDB = false)
{
if (!is_array($A)) {
return;
}
$this->cat_id = $A['cat_id'];
$this->papa_id = $A['papa_id'];
$this->cat_name = $A['cat_name'];
$this->description = $A['description'];
$this->add_date = $A['add_date'];
$this->group_id = $A['group_id'];
$this->owner_id = $A['owner_id'];
$this->price = $A['price'];
$this->ad_type = $A['ad_type'];
$this->keywords = $A['keywords'];
$this->image = $A['image'];
$this->fgcolor = $A['fgcolor'];
$this->bgcolor = $A['bgcolor'];
if ($fromDB) {
// perm values are already int
$this->perm_owner = $A['perm_owner'];
$this->perm_group = $A['perm_group'];
$this->perm_members = $A['perm_members'];
$this->perm_anon = $A['perm_anon'];
} else {
// perm values are in arrays from form
list($perm_owner, $perm_group, $perm_members, $perm_anon) = SEC_getPermissionValues($A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']);
$this->perm_owner = $perm_owner;
$this->perm_group = $perm_group;
$this->perm_members = $perm_members;
$this->perm_anon = $perm_anon;
}
}
/**
* Save topic to the database
*
* @param string $tid Topic ID
* @param string $topic Name of topic (what the user sees)
* @param int $inherit whether to inherit
* @param int $hidden whether to hide
* @param string $parent_id Parent ID
* @param string $imageUrl (partial) URL to topic image
* @param string $meta_description Topic meta description
* @param string $meta_keywords Topic meta keywords
* @param int $sortNum number for sort order in "Topics" block
* @param int $limitNews number of stories per page for this topic
* @param int $owner_id ID of owner
* @param int $group_id ID of group topic belongs to
* @param int $perm_owner Permissions the owner has
* @param int $perm_group Permissions the group has
* @param int $perm_members Permissions members have
* @param int $perm_anon Permissions anonymous users have
* @param string $is_default 'on' if this is the default topic
* @param string $is_archive 'on' if this is the archive topic
* @return string HTML redirect or error message
*/
function savetopic($tid, $topic, $inherit, $hidden, $parent_id, $imageUrl, $meta_description, $meta_keywords, $sortNum, $limitNews, $owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon, $is_default, $is_archive)
{
global $_CONF, $_TABLES, $_USER, $LANG27, $MESSAGE;
$retval = '';
// Convert array values to numeric permission values
list($perm_owner, $perm_group, $perm_members, $perm_anon) = SEC_getPermissionValues($perm_owner, $perm_group, $perm_members, $perm_anon);
$tid = COM_sanitizeID($tid);
// Check if tid is a restricted name
$restricted_tid = false;
if (!strcasecmp($tid, TOPIC_ALL_OPTION) || !strcasecmp($tid, TOPIC_NONE_OPTION) || !strcasecmp($tid, TOPIC_HOMEONLY_OPTION) || !strcasecmp($tid, TOPIC_SELECTED_OPTION) || !strcasecmp($tid, TOPIC_ROOT)) {
$restricted_tid = true;
}
// Check if tid is used by another topic
$duplicate_tid = false;
$old_tid = '';
if (isset($_POST['old_tid'])) {
$old_tid = COM_applyFilter($_POST['old_tid']);
if (!empty($old_tid)) {
$old_tid = COM_sanitizeID($old_tid);
// See if new topic id
if (strcasecmp($tid, $old_tid)) {
if (!strcasecmp($tid, DB_getItem($_TABLES['topics'], 'tid', "tid = '{$tid}'"))) {
$duplicate_tid = true;
}
}
} else {
if (!strcasecmp($tid, DB_getItem($_TABLES['topics'], 'tid', "tid = '{$tid}'"))) {
$duplicate_tid = true;
}
}
}
// Make sure parent id exists
$parent_id_found = false;
if ($parent_id == DB_getItem($_TABLES['topics'], 'tid', "tid = '{$parent_id}'") || $parent_id == TOPIC_ROOT) {
$parent_id_found = true;
}
// Check if parent archive topic, if so bail
$archive_parent = false;
$archive_tid = DB_getItem($_TABLES['topics'], 'tid', 'archive_flag = 1');
if ($parent_id == $archive_tid) {
$archive_parent = true;
}
// If archive topic, make sure no child topics else bail
$archive_child = false;
$is_archive = $is_archive == 'on' ? 1 : 0;
if ($is_archive) {
if ($tid == DB_getItem($_TABLES['topics'], 'parent_id', "parent_id = '{$tid}'")) {
$archive_child = true;
}
}
if (DB_count($_TABLES['topics'], 'tid', $tid) > 0) {
$result = DB_query("SELECT owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon FROM {$_TABLES['topics']} WHERE tid = '{$tid}'");
$A = DB_fetchArray($result);
$access = SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']);
} else {
$access = SEC_hasAccess($owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon);
}
if ($access < 3 || !SEC_inGroup($group_id)) {
$retval .= COM_showMessageText($MESSAGE[29], $MESSAGE[30]);
$retval = COM_createHTMLDocument($retval, array('pagetitle' => $MESSAGE[30]));
COM_accessLog("User {$_USER['username']} tried to illegally create or edit topic {$tid}.");
} else {
// Now check access to parent topic
if ($parent_id != TOPIC_ROOT) {
if (DB_count($_TABLES['topics'], 'tid', $parent_id) > 0) {
$result = DB_query("SELECT owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon FROM {$_TABLES['topics']} WHERE tid = '{$parent_id}'");
$A = DB_fetchArray($result);
$access = SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']);
}
$in_Group = SEC_inGroup($A['group_id']);
} else {
$access = 3;
$in_Group = true;
}
if ($access < 3 || !$in_Group) {
$retval .= COM_showMessageText($MESSAGE[29], $MESSAGE[30]);
$retval = COM_createHTMLDocument($retval, array('pagetitle' => $MESSAGE[30]));
COM_accessLog("User {$_USER['username']} tried to illegally assign topic {$tid} to {$parent_id}.");
} elseif (!empty($tid) && !empty($topic) && !$restricted_tid && !$duplicate_tid && !$archive_parent && !$archive_child && $parent_id_found) {
if ($imageUrl === '/images/topics/') {
$imageUrl = '';
}
$topic = GLText::remove4byteUtf8Chars(strip_tags($topic));
$topic = DB_escapeString($topic);
$meta_description = GLText::remove4byteUtf8Chars(strip_tags($meta_description));
$meta_description = DB_escapeString($meta_description);
$meta_keywords = GLText::remove4byteUtf8Chars(strip_tags($meta_keywords));
$meta_keywords = DB_escapeString($meta_keywords);
if ($is_default == 'on') {
$is_default = 1;
DB_query("UPDATE {$_TABLES['topics']} SET is_default = 0 WHERE is_default = 1");
} else {
$is_default = 0;
}
if ($is_archive) {
// $tid is the archive topic
// - if it wasn't already, mark all its stories "archived" now
if ($archive_tid != $tid) {
$sql = "UPDATE {$_TABLES['stories']} s, {$_TABLES['topic_assignments']} ta\n SET s.featured = 0, s.frontpage = 0, s.statuscode = " . STORY_ARCHIVE_ON_EXPIRE . "\n WHERE ta.type = 'article' AND ta.tid = '{$tid}' AND ta.id = s.sid";
DB_query($sql);
$sql = "UPDATE {$_TABLES['topics']} SET archive_flag = 0 WHERE archive_flag = 1";
DB_query($sql);
}
// Set hidden and inherit to false since archive topic now
$inherit = '';
$hidden = '';
} else {
// $tid is not the archive topic
// - if it was until now, reset the "archived" status of its stories
if ($archive_tid == $tid) {
$sql = "UPDATE {$_TABLES['stories']} s, {$_TABLES['topic_assignments']} ta\n SET s.statuscode = 0\n WHERE ta.type = 'article' AND ta.tid = '{$tid}' AND ta.id = s.sid";
DB_query($sql);
$sql = "UPDATE {$_TABLES['topics']} SET archive_flag = 0 WHERE archive_flag = 1";
DB_query($sql);
}
}
$inherit = $inherit == 'on' ? 1 : 0;
$hidden = $hidden == 'on' ? 1 : 0;
// Cannot hide root topics so switch if needed
if ($parent_id == TOPIC_ROOT && $hidden == 1) {
$hidden = 0;
}
// If not a new topic and id change then...
if (!empty($old_tid)) {
if ($tid != $old_tid) {
changetopicid($tid, $old_tid);
$old_tid = DB_escapeString($old_tid);
DB_delete($_TABLES['topics'], 'tid', $old_tid);
}
}
DB_save($_TABLES['topics'], 'tid, topic, inherit, hidden, parent_id, imageurl, meta_description, meta_keywords, sortnum, limitnews, is_default, archive_flag, owner_id, group_id, perm_owner, perm_group, perm_members, perm_anon', "'{$tid}', '{$topic}', {$inherit}, {$hidden}, '{$parent_id}', '{$imageUrl}', '{$meta_description}', '{$meta_keywords}','{$sortNum}','{$limitNews}',{$is_default},'{$is_archive}',{$owner_id},{$group_id},{$perm_owner},{$perm_group},{$perm_members},{$perm_anon}");
if ($old_tid != $tid) {
PLG_itemSaved($tid, 'topic', $old_tid);
} else {
PLG_itemSaved($tid, 'topic');
}
// Reorder Topics, Delete topic cache and reload topic tree
reorderTopics();
// update feed(s)
COM_rdfUpToDateCheck('article', $tid);
COM_redirect($_CONF['site_admin_url'] . '/topic.php?msg=13');
} elseif ($restricted_tid) {
$retval .= COM_errorLog($LANG27[31], 2);
$retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG27[1]));
} elseif ($duplicate_tid) {
$retval .= COM_errorLog($LANG27[49], 2);
$retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG27[1]));
} elseif ($archive_parent) {
$retval .= COM_errorLog($LANG27[46], 2);
$retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG27[1]));
} elseif ($archive_child) {
$retval .= COM_errorLog($LANG27[47], 2);
$retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG27[1]));
} elseif (!$parent_id_found) {
$retval .= COM_errorLog($LANG27[48], 2);
$retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG27[1]));
} else {
$retval .= COM_errorLog($LANG27[7], 2);
$retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG27[1]));
}
}
return $retval;
}
/**
* Sets all variables to the matching values from $rows
*
* @param array $row Array of values, from DB or $_POST
* @param boolean $fromDB True if read from DB, false if from form
*/
public function SetVars($row, $fromDB = false)
{
if (!is_array($row)) {
return;
}
$this->cat_id = $row['cat_id'];
$this->parent_id = $row['parent_id'];
$this->description = $row['description'];
$this->enabled = $row['enabled'];
$this->cat_name = $row['cat_name'];
$this->keywords = $row['keywords'];
$this->image = $row['image'];
$this->group_id = $row['group_id'];
$this->owner_id = $row['owner_id'];
if ($fromDB) {
$this->perm_owner = $row['perm_owner'];
$this->perm_group = $row['perm_group'];
$this->perm_members = $row['perm_members'];
$this->perm_anon = $row['perm_anon'];
} else {
if (isset($_POST['perm_owner'])) {
$perms = SEC_getPermissionValues($row['perm_owner'], $row['perm_group'], $row['perm_members'], $row['perm_anon']);
$this->perm_owner = $perms[0];
$this->perm_group = $perms[1];
$this->perm_members = $perms[2];
$this->perm_anon = $perms[3];
}
}
}
