function MG_editCategory($cat_id, $mode) { global $album_jumpbox, $_USER, $_CONF, $_TABLES, $_MG_CONF, $LANG_MG00, $LANG_MG01, $LANG_MG03, $LANG_ACCESS; $retval = ''; $T = new Template($_MG_CONF['template_path'] . '/admin'); $T->set_var('site_url', $_CONF['site_url']); $T->set_var('site_admin_url', $_CONF['site_admin_url']); if ($cat_id == 0 && $mode == 'create') { // set the album_id $sql = "SELECT MAX(cat_id) + 1 AS nextcat_id FROM " . $_TABLES['mg_category']; $result = DB_query($sql); $row = DB_fetchArray($result); $A['cat_id'] = $row['nextcat_id']; if ($A['cat_id'] < 1) { $A['cat_id'] = 1; } if ($A['cat_id'] == 0) { COM_errorLog("Media Gallery Error - Returned 0 as cat_id"); $A['cat_id'] = 1; } $A['cat_name'] = ''; $A['cat_description'] = ''; } else { $A['cat_id'] = $cat_id; // pull info from DB $sql = "SELECT * FROM {$_TABLES['mg_category']} WHERE cat_id=" . (int) $cat_id; $result = DB_query($sql); $numRows = DB_numRows($result); if ($numRows > 0) { $A = DB_fetchArray($result); } } $T->set_var('cat_id', $A['cat_id']); // If edit, pull up the existing album information... $T->set_file(array('admin' => 'editcategory.thtml')); $T->set_var(array('action' => 'category', 'cat_id' => $A['cat_id'], 'cat_name' => $A['cat_name'], 'cat_description' => $A['cat_description'], 'lang_save' => $LANG_MG01['save'], 'lang_edit_category' => $mode == 'create' ? $LANG_MG01['create_category'] : $LANG_MG01['edit_category'], 's_form_action' => $_MG_CONF['admin_url'] . 'category.php', 'lang_cat_edit_help' => $LANG_MG01['cat_edit_help'], 'lang_title' => $LANG_MG01['title'], 'lang_description' => $LANG_MG01['description'], 'lang_cancel' => $LANG_MG01['cancel'], 'lang_delete' => $LANG_MG01['delete'], 'lang_delete_confirm' => $LANG_MG01['delete_item_confirm'], 'gltoken_name' => CSRF_TOKEN, 'gltoken' => SEC_createToken())); if ($_MG_CONF['htmlallowed'] == 1) { $T->set_var('allowed_html', COM_allowedHTML(SEC_getUserPermissions(), false, 'mediagallery', 'category_title')); } $T->parse('output', 'admin'); $retval .= $T->finish($T->get_var('output')); return $retval; }
COM_updateSpeedlimit('login'); COM_errorLog("OAuth Error: " . $consumer->error); echo COM_refresh($_CONF['site_url'] . '/users.php?msg=111'); // OAuth authentication error } $consumer->doAction($oauth_userinfo); } // end OAuth authentication method(s) } else { $status = -2; } if ($status == USER_ACCOUNT_ACTIVE || $status == USER_ACCOUNT_AWAITING_ACTIVATION) { // logged in AOK. SESS_completeLogin($uid); $_GROUPS = SEC_getUserGroups($_USER['uid']); $_RIGHTS = explode(',', SEC_getUserPermissions()); if ($_SYSTEM['admin_session'] > 0 && $local_login) { if (SEC_isModerator() || SEC_hasRights('story.edit,block.edit,topic.edit,user.edit,plugin.edit,user.mail,syndication.edit', 'OR') || count(PLG_getAdminOptions()) > 0) { $admin_token = SEC_createTokenGeneral('administration', $_SYSTEM['admin_session']); SEC_setCookie('token', $admin_token, 0, $_CONF['cookie_path'], $_CONF['cookiedomain'], $_CONF['cookiesecure'], true); } } if (!isset($_USER['theme'])) { $_USER['theme'] = $_CONF['theme']; $_CONF['path_layout'] = $_CONF['path_themes'] . $_USER['theme'] . '/'; $_CONF['layout_url'] = $_CONF['site_url'] . '/layout/' . $_USER['theme']; if ($_CONF['allow_user_themes'] == 1) { if (isset($_COOKIE[$_CONF['cookie_theme']])) { $theme = COM_sanitizeFilename($_COOKIE[$_CONF['cookie_theme']], true); if (is_dir($_CONF['path_themes'] . $theme)) { $_USER['theme'] = $theme;
/** * Authenticates the user if authentication headers are present * * Our handling of the speedlimit here requires some explanation ... * Atompub clients will usually try to do everything without logging in first. * Since that would mean that we can't provide feeds for drafts, items with * special permissions, etc. we ask them to log in (PLG_RET_AUTH_FAILED). * That, however, means that every request from an Atompub client will count * as one failed login attempt. So doing a couple of requests in quick * succession will surely get the client blocked. Therefore * - a request without any login credentials counts as one failed login attempt * - a request with wrong login credentials counts as two failed login attempts * - if, after a successful login, we have only one failed attempt on record, * we reset the speedlimit * This still ensures that * - repeated failed logins (without or with invalid credentials) will cause the * client to be blocked eventually * - this can not be used for dictionary attacks * */ function WS_authenticate() { global $_CONF, $_TABLES, $_USER, $_GROUPS, $_RIGHTS, $WS_VERBOSE; $uid = ''; $username = ''; $password = ''; $status = -1; if (isset($_SERVER['PHP_AUTH_USER'])) { $username = COM_applyBasicFilter($_SERVER['PHP_AUTH_USER']); $password = $_SERVER['PHP_AUTH_PW']; if ($WS_VERBOSE) { COM_errorLog("WS: Attempting to log in user '{$username}'"); } /** this does not work! ******************************************************* } elseif (!empty($_SERVER['HTTP_X_WSSE']) && (strpos($_SERVER['HTTP_X_WSSE'], 'UsernameToken') !== false)) { // this is loosely based on a code snippet taken from Elgg (elgg.org) $wsse = str_replace('UsernameToken', '', $_SERVER['HTTP_X_WSSE']); $wsse = explode(',', $wsse); $username = ''; $pwdigest = ''; $created = ''; $nonce = ''; foreach ($wsse as $element) { $element = explode('=', $element); $key = array_shift($element); if (count($element) == 1) { $val = $element[0]; } else { $val = implode('=', $element); } $key = trim($key); $val = trim($val, "\x22\x27"); if ($key == 'Username') { $username = COM_applyBasicFilter($val); } elseif ($key == 'PasswordDigest') { $pwdigest = $val; } elseif ($key == 'Created') { $created = $val; } elseif ($key == 'Nonce') { $nonce = $val; } } if (!empty($username) && !empty($pwdigest) && !empty($created) && !empty($nonce)) { $uname = DB_escapeString($username); $pwd = DB_getItem($_TABLES['users'], 'passwd', "username = '******'"); // ... and here we would need the _unencrypted_ password if (!empty($pwd)) { $mydigest = pack('H*', sha1($nonce . $created . $pwd)); $mydigest = base64_encode($mydigest); if ($pwdigest == $mydigest) { $password = $pwd; } } } if ($WS_VERBOSE) { COM_errorLog("WS: Attempting to log in user '$username' (via WSSE)"); } ******************************************************************************/ } elseif (!empty($_SERVER['REMOTE_USER'])) { /* PHP installed as CGI may not have access to authorization headers of * Apache. In that case, use .htaccess to store the auth header as * explained at * http://wiki.geeklog.net/wiki/index.php/Webservices_API#Authentication */ list($auth_type, $auth_data) = explode(' ', $_SERVER['REMOTE_USER']); list($username, $password) = explode(':', base64_decode($auth_data)); $username = COM_applyBasicFilter($username); if ($WS_VERBOSE) { COM_errorLog("WS: Attempting to log in user '{$username}' (via \$_SERVER['REMOTE_USER'])"); } } else { if ($WS_VERBOSE) { COM_errorLog("WS: No login given"); } // fallthrough (see below) } COM_clearSpeedlimit($_CONF['login_speedlimit'], 'wsauth'); if (COM_checkSpeedlimit('wsauth', $_CONF['login_attempts']) > 0) { WS_error(PLG_RET_PERMISSION_DENIED, 'Speed Limit exceeded'); } if (!empty($username) && !empty($password)) { if ($_CONF['user_login_method']['3rdparty']) { // remote users will have to use username@servicename $u = explode('@', $username); if (count($u) > 1) { $sv = $u[count($u) - 1]; if (!empty($sv)) { $modules = SEC_collectRemoteAuthenticationModules(); foreach ($modules as $smod) { if (strcasecmp($sv, $smod) == 0) { array_pop($u); // drop the service name $uname = implode('@', $u); $status = SEC_remoteAuthentication($uname, $password, $smod, $uid); break; } } } } } if ($status == -1 && $_CONF['user_login_method']['standard']) { $status = SEC_authenticate($username, $password, $uid); } } if ($status == USER_ACCOUNT_ACTIVE) { $_USER = SESS_getUserDataFromId($uid); PLG_loginUser($_USER['uid']); // Global array of groups current user belongs to $_GROUPS = SEC_getUserGroups($_USER['uid']); // Global array of current user permissions [read,edit] $_RIGHTS = explode(',', SEC_getUserPermissions()); if ($_CONF['restrict_webservices']) { if (!SEC_hasRights('webservices.atompub')) { COM_updateSpeedlimit('wsauth'); if ($WS_VERBOSE) { COM_errorLog("WS: User '{$_USER['username']}' ({$_USER['uid']}) does not have permission to use the webservices"); } // reset user, groups, and rights, just in case ... $_USER = array(); $_GROUPS = array(); $_RIGHTS = array(); WS_error(PLG_RET_AUTH_FAILED); } } if ($WS_VERBOSE) { COM_errorLog("WS: User '{$_USER['username']}' ({$_USER['uid']}) successfully logged in"); } // if there were less than 2 failed login attempts, reset speedlimit if (COM_checkSpeedlimit('wsauth', 2) == 0) { if ($WS_VERBOSE) { COM_errorLog("WS: Successful login - resetting speedlimit"); } COM_resetSpeedlimit('wsauth'); } } else { COM_updateSpeedlimit('wsauth'); if (!empty($username) && !empty($password)) { COM_updateSpeedlimit('wsauth'); if ($WS_VERBOSE) { COM_errorLog("WS: Wrong login credentials - counting as 2 failed attempts"); } } elseif ($WS_VERBOSE) { COM_errorLog("WS: Empty login credentials - counting as 1 failed attempt"); } WS_error(PLG_RET_AUTH_FAILED); } }
/** * Displays the static page form * * @param array $A Data to display * @param string $error Error message to display * */ function PAGE_form($A, $error = false) { global $_CONF, $_TABLES, $_USER, $_GROUPS, $_SP_CONF, $action, $sp_id, $LANG21, $LANG_STATIC, $LANG_ACCESS, $LANG_ADMIN, $LANG24, $LANG_postmodes, $MESSAGE; USES_lib_admin(); $menu_arr = array(array('url' => $_CONF['site_admin_url'] . '/plugins/staticpages/index.php', 'text' => $LANG_STATIC['page_list']), array('url' => $_CONF['site_admin_url'], 'text' => $LANG_ADMIN['admin_home'])); $template_path = staticpages_templatePath('admin'); if (!empty($sp_id) && ($action == 'edit' || $action == 'clone')) { $access = SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']); } else { $A['owner_id'] = $_USER['uid']; if (isset($_GROUPS['staticpages Admin'])) { $A['group_id'] = $_GROUPS['staticpages Admin']; } else { $A['group_id'] = SEC_getFeatureGroup('staticpages.edit'); } SEC_setDefaultPermissions($A, $_SP_CONF['default_permissions']); $access = 3; } $retval = ''; if (empty($A['owner_id'])) { $error = COM_startBlock($LANG_ACCESS['accessdenied'], '', COM_getBlockTemplate('_msg_block', 'header')); $error .= $LANG_STATIC['deny_msg']; $error .= COM_endBlock(COM_getBlockTemplate('_msg_block', 'footer')); } if ($error) { $retval .= $error . '<br/><br/>'; } else { $sp_template = new Template($template_path); $sp_template->set_file('form', 'editor.thtml'); $sp_template->set_var('lang_mode', $LANG24[3]); $sp_template->set_var('comment_options', COM_optionList($_TABLES['commentcodes'], 'code,name', $A['commentcode'])); $ownername = COM_getDisplayName($A['owner_id']); $sp_template->set_var(array('sp_search_checked' => $A['sp_search'] == 1 ? ' checked="checked"' : '', 'sp_status_checked' => $A['sp_status'] == 1 ? ' checked="checked"' : '', 'lang_accessrights' => $LANG_ACCESS['accessrights'], 'lang_owner' => $LANG_ACCESS['owner'], 'owner_username' => DB_getItem($_TABLES['users'], 'username', "uid = {$A['owner_id']}"), 'owner_name' => $ownername, 'owner' => $ownername, 'owner_id' => $A['owner_id'], 'lang_group' => $LANG_ACCESS['group'], 'group_dropdown' => SEC_getGroupDropdown($A['group_id'], $access), 'permissions_editor' => SEC_getPermissionsHTML($A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']), 'lang_permissions' => $LANG_ACCESS['permissions'], 'lang_perm_key' => $LANG_ACCESS['permissionskey'], 'permissions_msg' => $LANG_ACCESS['permmsg'], 'start_block_editor' => COM_startBlock($LANG_STATIC['staticpages'] . ' :: ' . $LANG_STATIC['staticpageeditor'], '', COM_getBlockTemplate('_admin_block', 'header')), 'lang_save' => $LANG_ADMIN['save'], 'lang_cancel' => $LANG_ADMIN['cancel'], 'lang_preview' => $LANG_ADMIN['preview'], 'lang_editor' => $LANG_STATIC['staticpageeditor'], 'lang_attributes' => $LANG_STATIC['attributes'])); if (SEC_hasRights('staticpages.delete') && $action != 'clone' && !empty($A['sp_old_id'])) { $delbutton = '<input type="submit" value="' . $LANG_ADMIN['delete'] . '" name="delete"%s/>'; $jsconfirm = ' onclick="return confirm(\'' . $MESSAGE[76] . '\');"'; $sp_template->set_var('delete_option', sprintf($delbutton, $jsconfirm)); $sp_template->set_var('delete_button', true); $sp_template->set_var('lang_delete_confirm', $MESSAGE[76]); $sp_template->set_var('lang_delete', $LANG_ADMIN['delete']); $sp_template->set_var('delete_option_no_confirmation', sprintf($delbutton, '')); } else { $sp_template->set_var('delete_option', ''); } $sp_template->set_var('lang_writtenby', $LANG_STATIC['writtenby']); $sp_template->set_var('username', DB_getItem($_TABLES['users'], 'username', "uid = {$A['sp_uid']}")); $authorname = COM_getDisplayName($A['sp_uid']); $sp_template->set_var('name', $authorname); $sp_template->set_var('author', $authorname); $sp_template->set_var('lang_url', $LANG_STATIC['url']); $sp_template->set_var('lang_id', $LANG_STATIC['id']); $sp_template->set_var('sp_uid', $A['sp_uid']); $sp_template->set_var('sp_id', $A['sp_id']); $sp_template->set_var('sp_old_id', $A['sp_old_id']); $sp_template->set_var('example_url', COM_buildURL($_CONF['site_url'] . '/page.php?page=' . $A['sp_id'])); $sp_template->set_var('lang_centerblock', $LANG_STATIC['centerblock']); $sp_template->set_var('lang_centerblock_help', $LANG_ADMIN['help_url']); $sp_template->set_var('lang_centerblock_include', $LANG21[51]); $sp_template->set_var('lang_centerblock_desc', $LANG21[52]); $sp_template->set_var('centerblock_help', $A['sp_help']); $sp_template->set_var('lang_centerblock_msg', $LANG_STATIC['centerblock_msg']); if (isset($A['sp_centerblock']) && $A['sp_centerblock'] == 1) { $sp_template->set_var('centerblock_checked', 'checked="checked"'); } else { $sp_template->set_var('centerblock_checked', ''); } $sp_template->set_var('lang_topic', $LANG_STATIC['topic']); $sp_template->set_var('lang_position', $LANG_STATIC['position']); $current_topic = ''; if (isset($A['sp_tid'])) { $current_topic = $A['sp_tid']; } if (empty($current_topic)) { $current_topic = 'none'; } $topics = COM_topicList('tid,topic', $current_topic, 1, true); $alltopics = '<option value="all"'; if ($current_topic == 'all') { $alltopics .= ' selected="selected"'; } $alltopics .= '>' . $LANG_STATIC['all_topics'] . '</option>' . LB; $allnhp = '<option value="allnhp"'; if ($current_topic == 'allnhp') { $allnhp .= ' selected="selected"'; } $allnhp .= '>' . $LANG_STATIC['allnhp_topics'] . '</option>' . LB; $notopic = '<option value="none"'; if ($current_topic == 'none') { $notopic .= ' selected="selected"'; } $notopic .= '>' . $LANG_STATIC['no_topic'] . '</option>' . LB; $sp_template->set_var('topic_selection', '<select name="sp_tid">' . $alltopics . $allnhp . $notopic . $topics . '</select>'); $position = '<select name="sp_where">'; $position .= '<option value="1"'; if ($A['sp_where'] == 1) { $position .= ' selected="selected"'; } $position .= '>' . $LANG_STATIC['position_top'] . '</option>'; $position .= '<option value="2"'; if ($A['sp_where'] == 2) { $position .= ' selected="selected"'; } $position .= '>' . $LANG_STATIC['position_feat'] . '</option>'; $position .= '<option value="3"'; if ($A['sp_where'] == 3) { $position .= ' selected="selected"'; } $position .= '>' . $LANG_STATIC['position_bottom'] . '</option>'; $position .= '<option value="0"'; if ($A['sp_where'] == 0) { $position .= ' selected="selected"'; } $position .= '>' . $LANG_STATIC['position_entire'] . '</option>'; $position .= '<option value="4"'; if ($A['sp_where'] == 4) { $position .= ' selected="selected"'; } $position .= '>' . $LANG_STATIC['position_nonews'] . '</option>'; $position .= '</select>'; $sp_template->set_var('pos_selection', $position); if ($_SP_CONF['allow_php'] == 1 && SEC_hasRights('staticpages.PHP')) { if (!isset($A['sp_php'])) { $A['sp_php'] = 0; } $selection = '<select name="sp_php">' . LB; $selection .= '<option value="0"'; if ($A['sp_php'] <= 0 || $A['sp_php'] > 2) { $selection .= ' selected="selected"'; } $selection .= '>' . $LANG_STATIC['select_php_none'] . '</option>' . LB; $selection .= '<option value="1"'; if ($A['sp_php'] == 1) { $selection .= ' selected="selected"'; } $selection .= '>' . $LANG_STATIC['select_php_return'] . '</option>' . LB; $selection .= '<option value="2"'; if ($A['sp_php'] == 2) { $selection .= ' selected="selected"'; } $selection .= '>' . $LANG_STATIC['select_php_free'] . '</option>' . LB; $selection .= '</select>'; $sp_template->set_var('php_selector', $selection); $sp_template->set_var('php_warn', $LANG_STATIC['php_warn']); } else { $sp_template->set_var('php_selector', ''); $sp_template->set_var('php_warn', $LANG_STATIC['php_not_activated']); } $sp_template->set_var('php_msg', $LANG_STATIC['php_msg']); // old variables (for the 1.3-type checkbox) $sp_template->set_var('php_checked', ''); $sp_template->set_var('php_type', 'hidden'); if (isset($A['sp_nf']) && $A['sp_nf'] == 1) { $sp_template->set_var('exit_checked', 'checked="checked"'); } else { $sp_template->set_var('exit_checked', ''); } $sp_template->set_var('exit_msg', $LANG_STATIC['exit_msg']); $sp_template->set_var('exit_info', $LANG_STATIC['exit_info']); if (isset($A['sp_inblock']) && $A['sp_inblock'] == 1) { $sp_template->set_var('inblock_checked', 'checked="checked"'); } else { $sp_template->set_var('inblock_checked', ''); } $sp_template->set_var('inblock_msg', $LANG_STATIC['inblock_msg']); $sp_template->set_var('inblock_info', $LANG_STATIC['inblock_info']); $curtime = COM_getUserDateTimeFormat($A['unixdate']); $sp_template->set_var('lang_lastupdated', $LANG_STATIC['date']); $sp_template->set_var('sp_formateddate', $curtime[0]); $sp_template->set_var('sp_date', $curtime[1]); $sp_template->set_var('lang_title', $LANG_STATIC['title']); $title = ''; if (isset($A['sp_title'])) { $title = htmlspecialchars($A['sp_title']); } $sp_template->set_var('sp_title', $title); $sp_template->set_var('lang_addtomenu', $LANG_STATIC['addtomenu']); if (isset($A['sp_onmenu']) && $A['sp_onmenu'] == 1) { $sp_template->set_var('onmenu_checked', 'checked="checked"'); } else { $sp_template->set_var('onmenu_checked', ''); } $sp_template->set_var('lang_label', $LANG_STATIC['label']); if (isset($A['sp_label'])) { $sp_template->set_var('sp_label', $A['sp_label']); } else { $sp_template->set_var('sp_label', ''); } $sp_template->set_var('lang_pageformat', $LANG_STATIC['pageformat']); $sp_template->set_var('lang_blankpage', $LANG_STATIC['blankpage']); $sp_template->set_var('lang_noblocks', $LANG_STATIC['noblocks']); $sp_template->set_var('lang_leftblocks', $LANG_STATIC['leftblocks']); $sp_template->set_var('lang_rightblocks', $LANG_STATIC['rightblocks']); $sp_template->set_var('lang_leftrightblocks', $LANG_STATIC['leftrightblocks']); if (!isset($A['sp_format'])) { $A['sp_format'] = ''; } if ($A['sp_format'] == 'noblocks') { $sp_template->set_var('noblock_selected', 'selected="selected"'); } else { $sp_template->set_var('noblock_selected', ''); } if ($A['sp_format'] == 'leftblocks') { $sp_template->set_var('leftblocks_selected', 'selected="selected"'); } else { $sp_template->set_var('leftblocks_selected', ''); } if ($A['sp_format'] == 'rightblocks') { $sp_template->set_var('rightblocks_selected', 'selected="selected"'); } else { $sp_template->set_var('rightblocks_selected', ''); } if ($A['sp_format'] == 'blankpage') { $sp_template->set_var('blankpage_selected', 'selected="selected"'); } else { $sp_template->set_var('blankpage_selected', ''); } if ($A['sp_format'] == 'allblocks' or empty($A['sp_format'])) { $sp_template->set_var('allblocks_selected', 'selected="selected"'); } else { $sp_template->set_var('allblocks_selected', ''); } $sp_template->set_var('lang_content', $LANG_STATIC['content']); $content = ''; if (isset($A['sp_content'])) { $content = htmlspecialchars($A['sp_content']); } $sp_template->set_var('sp_content', $content); if ($_SP_CONF['filter_html'] == 1) { $sp_template->set_var('lang_allowedhtml', COM_allowedHTML(SEC_getUserPermissions(), false, 'staticpages', 'page')); } else { $sp_template->set_var('lang_allowedhtml', $LANG_STATIC['all_html_allowed']); } $sp_template->set_var('lang_hits', $LANG_STATIC['hits']); if (empty($A['sp_hits'])) { $sp_template->set_var('sp_hits', '0'); $sp_template->set_var('sp_hits_formatted', '0'); } else { $sp_template->set_var('sp_hits', $A['sp_hits']); $sp_template->set_var('sp_hits_formatted', COM_numberFormat($A['sp_hits'])); } $sp_template->set_var('end_block', COM_endBlock(COM_getBlockTemplate('_admin_block', 'footer'))); $sp_template->set_var('owner_dropdown', COM_buildOwnerList('owner_id', $A['owner_id'])); $sp_template->set_var('writtenby_dropdown', COM_buildOwnerList('sp_uid', $A['sp_uid'])); $sp_template->set_var('gltoken_name', CSRF_TOKEN); $sp_template->set_var('gltoken', SEC_createToken()); $sp_template->set_var('admin_menu', ADMIN_createMenu($menu_arr, $LANG_STATIC['instructions_edit'], plugin_geticon_staticpages())); PLG_templateSetVars('sp_editor', $sp_template); $retval .= $sp_template->parse('output', 'form'); } return $retval; }
function MG_mediaEdit($album_id, $media_id, $actionURL = '', $mqueue = 0, $view = 0, $back = '') { global $MG_albums, $_USER, $_CONF, $_MG_CONF, $_TABLES, $_MG_CONF, $LANG_MG00, $LANG_MG01, $LANG_MG03, $LANG_MG07, $_POST, $_DB_dbms; MG_initAlbums(); if ($actionURL == '') { $actionURL = $_MG_CONF['site_url'] . '/index.php'; } $retval = ''; $preview = ''; $preview_end = ''; $srcURL = ''; if ($view) { $srcURL = '&s=1'; } $T = new Template(MG_getTemplatePath($album_id)); $T->set_file(array('admin' => 'mediaedit.thtml', 'asf_options' => 'edit_asf_options.thtml', 'mp3_options' => 'edit_mp3_options.thtml', 'swf_options' => 'edit_swf_options.thtml', 'mov_options' => 'edit_mov_options.thtml', 'flv_options' => 'edit_flv_options.thtml')); $T->set_var('album_id', $album_id); // a little sanity check, make sure the media item really belongs to the passed album. $match = 0; // Find which albums this image is already in... $sql = "SELECT album_id FROM " . ($mqueue ? $_TABLES['mg_media_album_queue'] : $_TABLES['mg_media_albums']) . " WHERE media_id='" . DB_escapeString($media_id) . "'"; $result = DB_query($sql); $nRows = DB_numRows($result); $albums = array(); for ($i = 0; $i < $nRows; $i++) { $row = DB_fetchArray($result); $albums[$i] = $row['album_id']; if ($row['album_id'] == $album_id) { $match = 1; } } // pull the media information from the database... $sql = "SELECT * FROM " . ($mqueue ? $_TABLES['mg_mediaqueue'] : $_TABLES['mg_media']) . " WHERE media_id='" . DB_escapeString($media_id) . "'"; $result = DB_query($sql); $row = DB_fetchArray($result); if ($MG_albums[$album_id]->access != 3 && !SEC_inGroup($MG_albums[$album_id]->mod_group_id) && $row['media_user_id'] != $_USER['uid']) { COM_errorLog("Someone has tried to illegally sort albums in Media Gallery. User id: {$_USER['uid']}, Username: {$_USER['username']}, IP: {$REMOTE_ADDR}", 1); return MG_genericError($LANG_MG00['access_denied_msg']); } // Build Album List $level = 0; $album_jumpbox = '<select name="albums" width="40">'; $MG_albums[0]->buildJumpBox($album_id); $album_jumpbox .= '</select>'; // should check the above for errors, etc... if ($row['media_type'] == 0) { if (!function_exists('MG_readEXIF')) { require_once $_CONF['path'] . 'plugins/mediagallery/include/lib-exif.php'; } $exif_info = MG_readEXIF($row['media_id'], 1, $mqueue); if ($exif_info == '') { $exif_info = ''; } } else { $exif_info = ''; } $dtObject = new Date($row['media_time'], $_USER['tzid']); $media_time_month = $dtObject->month; $media_time_day = $dtObject->day; $media_time_year = $dtObject->year; $media_time_hour = $dtObject->hour; $media_time_minute = $dtObject->minute; $month_select = '<select name="media_month">'; $month_select .= COM_getMonthFormOptions($media_time_month); $month_select .= '</select>'; $day_select = '<select name="media_day">'; for ($i = 1; $i < 32; $i++) { $day_select .= '<option value="' . $i . '"' . ($media_time_day == $i ? 'selected="selected"' : "") . '>' . $i . '</option>'; } $day_select .= '</select>'; $current_year = (int) date("Y"); $end_year = $current_year + 10; $year_select = '<select name="media_year">'; for ($i = 1998; $i < $end_year; $i++) { $year_select .= '<option value="' . $i . '"' . ($media_time_year == $i ? 'selected="selected"' : "") . '>' . $i . '</option>'; } $year_select .= '</select>'; $hour_select = '<select name="media_hour">'; for ($i = 0; $i < 24; $i++) { $hour_select .= '<option value="' . $i . '"' . ($media_time_hour == $i ? 'selected="selected"' : "") . '>' . $i . '</option>'; } $hour_select .= '</select>'; $minute_select = '<select name="media_minute">'; for ($i = 0; $i < 60; $i++) { $minute_select .= '<option value="' . $i . '"' . ($media_time_minute == $i ? 'selected="selected"' : "") . '>' . ($i < 10 ? '0' : '') . $i . '</option>'; } $minute_select .= '</select>'; $i = 0; switch ($row['media_type']) { case 0: if (!file_exists($_MG_CONF['path_mediaobjects'] . 'disp/' . $row['media_filename'][0] . '/' . $row['media_filename'] . '.' . $row['media_mime_ext'])) { $pThumbnail = $row['media_filename'][0] . '/' . $row['media_filename'] . '.jpg'; } else { $pThumbnail = $row['media_filename'][0] . '/' . $row['media_filename'] . '.' . $row['media_mime_ext']; } $thumbnail = $_MG_CONF['mediaobjects_url'] . '/tn/' . $pThumbnail; $size = @getimagesize($_MG_CONF['path_mediaobjects'] . 'disp/' . $pThumbnail); if ($_CONF['image_lib'] == 'gdlib' && !function_exists("imagerotate")) { $rotate_right = ''; $rotate_left = ''; } else { $rotate_right = '<a href="' . $_MG_CONF['site_url'] . '/admin.php?mode=rotate&action=right' . $srcURL . '&queue=' . $mqueue . '&media_id=' . $row['media_id'] . '&album_id=' . $album_id . '">' . '<img src="' . $_MG_CONF['site_url'] . '/images/rotate_right_icon.gif" alt="' . $LANG_MG01['rotate_left'] . '" style="border:none;"/></a>'; $rotate_left = '<a href="' . $_MG_CONF['site_url'] . '/admin.php?mode=rotate&action=left' . $srcURL . '&queue=' . $mqueue . '&media_id=' . $row['media_id'] . '&album_id=' . $album_id . '">' . '<img src="' . $_MG_CONF['site_url'] . '/images/rotate_left_icon.gif" alt="' . $LANG_MG01['rotate_right'] . '" style="border:none;"/></a>'; } break; case 1: switch ($row['mime_type']) { case 'video/x-flv': $thumbnail = $_MG_CONF['mediaobjects_url'] . '/flv.png'; $size = @getimagesize($_MG_CONF['path_mediaobjects'] . 'flv.png'); $preview = "<a href=\"javascript:showVideo('" . $_MG_CONF['site_url'] . "/video.php?n=" . $row['media_id'] . ($mqueue ? "&s=q" : '') . "',415,540)\">"; $preview_end = "</a>"; break; case 'application/x-shockwave-flash': $thumbnail = $_MG_CONF['mediaobjects_url'] . '/flash.png'; $size = @getimagesize($_MG_CONF['path_mediaobjects'] . 'flash.png'); $preview = "<a href=\"javascript:showVideo('" . $_MG_CONF['site_url'] . "/video.php?n=" . $row['media_id'] . ($mqueue ? "&s=q" : '') . "',415,540)\">"; $preview_end = "</a>"; break; case 'video/mpeg': case 'video/x-mpeg': case 'video/x-mpeq2a': if ($_MG_CONF['use_wmp_mpeg'] == 1) { $thumbnail = $_MG_CONF['mediaobjects_url'] . '/wmp.png'; $size = @getimagesize($_MG_CONF['path_mediaobjects'] . 'wmp.png'); $preview = "<a href=\"javascript:showVideo('" . $_MG_CONF['site_url'] . "/video.php?n=" . $row['media_id'] . ($mqueue ? "&s=q" : '') . "',415,540)\">"; $preview_end = "</a>"; break; } case 'video/x-motion-jpeg': case 'video/quicktime': case 'video/x-qtc': case 'audio/mpeg': $thumbnail = $_MG_CONF['mediaobjects_url'] . '/quicktime.png'; $size = @getimagesize($_MG_CONF['path_mediaobjects'] . 'quicktime.png'); $preview = "<a href=\"javascript:showVideo('" . $_MG_CONF['site_url'] . "/video.php?n=" . $row['media_id'] . ($mqueue ? "&s=q" : '') . "',415,540)\">"; $preview_end = "</a>"; break; case 'video/x-ms-asf': case 'video/x-ms-asf-plugin': case 'video/avi': case 'video/msvideo': case 'video/x-msvideo': case 'video/avs-video': case 'video/x-ms-wmv': case 'video/x-ms-wvx': case 'video/x-ms-wm': case 'application/x-troff-msvideo': case 'application/x-ms-wmz': case 'application/x-ms-wmd': $thumbnail = $_MG_CONF['mediaobjects_url'] . '/wmp.png'; $size = @getimagesize($_MG_CONF['path_mediaobjects'] . 'wmp.png'); $preview = "<a href=\"javascript:showVideo('" . $_MG_CONF['site_url'] . "/video.php?n=" . $row['media_id'] . ($mqueue ? "&s=q" : '') . "',415,540)\">"; $preview_end = "</a>"; break; default: $thumbnail = $_MG_CONF['mediaobjects_url'] . '/video.png'; $size = @getimagesize($_MG_CONF['path_mediaobjects'] . 'video.png'); break; } $rotate_right = ''; $rotate_left = ''; break; case 2: $thumbnail = $_MG_CONF['mediaobjects_url'] . '/audio.png'; $size = @getimagesize($_MG_CONF['path_mediaobjects'] . 'audio.png'); $preview = "<a href=\"javascript:showVideo('" . $_MG_CONF['site_url'] . "/video.php?n=" . $row['media_id'] . ($mqueue ? "&s=q" : '') . "',325,330)\">"; $preview_end = "</a>"; $rotate_right = ''; $rotate_left = ''; break; case 4: switch ($row['mime_type']) { case 'application/zip': $thumbnail = $_MG_CONF['mediaobjects_url'] . '/zip.png'; $size = @getimagesize($_MG_CONF['path_mediaobjects'] . 'zip.png'); break; case 'application/pdf': $thumbnail = $_MG_CONF['mediaobjects_url'] . '/pdf.png'; $size = @getimagesize($_MG_CONF['path_mediaobjects'] . 'pdf.png'); break; default: $thumbnail = $_MG_CONF['mediaobjects_url'] . '/generic.png'; $size = @getimagesize($_MG_CONF['path_mediaobjects'] . 'generic.png'); break; } $rotate_right = ''; $rotate_left = ''; break; case 5: $thumbnail = $_MG_CONF['mediaobjects_url'] . '/remote.png'; $size = @getimagesize($_MG_CONF['path_mediaobjects'] . 'remote.png'); $rotate_left = ''; $rotate_right = ''; break; } $media_time = MG_getUserDateTimeFormat($row['media_time']); if ($row['media_tn_attached'] == 1) { foreach ($_MG_CONF['validExtensions'] as $ext) { if (file_exists($_MG_CONF['path_mediaobjects'] . 'tn/' . $row['media_filename'][0] . '/tn_' . $row['media_filename'] . $ext)) { $pAttachedThumbnail = $_MG_CONF['path_mediaobjects'] . 'tn/' . $row['media_filename'][0] . '/tn_' . $row['media_filename'] . $ext; $iAttachedThumbnail = $_MG_CONF['mediaobjects_url'] . '/tn/' . $row['media_filename'][0] . '/tn_' . $row['media_filename'] . $ext; break; } } $atnsize = @getimagesize($pAttachedThumbnail); if ($atnsize != FALSE) { if ($atnsize[0] > $atnsize[1]) { $ratio = $atnsize[0] / 200; $newwidth = 200; $newheight = round($atnsize[1] / $ratio); } else { $ratio = $atnsize[1] / 200; $newheight = 200; $newwidth = round($atnsize[0] / $ratio); } $atnsize = 'height="' . $newheight . '" width="' . $newwidth . '"'; } else { $atnsize = ''; } $T->set_var(array('attached_thumbnail' => '<img src="' . $_MG_CONF['mediaobjects_url'] . '/tn/' . $row['media_filename'][0] . '/tn_' . $row['media_filename'] . $ext . '" alt="" ' . $atnsize . '/>')); } // playback options, if needed... if ($row['mime_type'] == 'video/x-ms-asf' || $row['mime_type'] == 'video/x-ms-wvx' || $row['mime_type'] == 'video/x-ms-wm' || $row['mime_type'] == 'video/x-ms-wmx' || $row['mime_type'] == 'video/x-ms-wmv' || $row['mime_type'] == 'audio/x-ms-wma' || $row['mime_type'] == 'video/x-msvideo') { // pull defaults, then override... $playback_options['autostart'] = $_MG_CONF['asf_autostart']; $playback_options['enablecontextmenu'] = $_MG_CONF['asf_enablecontextmenu']; $playback_options['stretchtofit'] = $_MG_CONF['asf_stretchtofit']; $playback_options['uimode'] = $_MG_CONF['asf_uimode']; $playback_options['showstatusbar'] = $_MG_CONF['asf_showstatusbar']; $playback_options['playcount'] = $_MG_CONF['asf_playcount']; $playback_options['height'] = $_MG_CONF['asf_height']; $playback_options['width'] = $_MG_CONF['asf_width']; $playback_options['bgcolor'] = $_MG_CONF['asf_bgcolor']; $poResult = DB_query("SELECT * FROM {$_TABLES['mg_playback_options']} WHERE media_id='" . DB_escapeString($row['media_id']) . "'"); $poNumRows = DB_numRows($poResult); for ($i = 0; $i < $poNumRows; $i++) { $poRow = DB_fetchArray($poResult); $playback_options[$poRow['option_name']] = $poRow['option_value']; } $uimode_select = '<select name="uimode">'; $uimode_select .= '<option value="none" ' . ($playback_options['uimode'] == 'none' ? ' selected="selected"' : '') . '>' . $LANG_MG07['none'] . '</option>'; $uimode_select .= '<option value="mini" ' . ($playback_options['uimode'] == 'mini' ? ' selected="selected"' : '') . '>' . $LANG_MG07['mini'] . '</option>'; $uimode_select .= '<option value="full" ' . ($playback_options['uimode'] == 'full' ? ' selected="selected"' : '') . '>' . $LANG_MG07['full'] . '</option>'; $uimode_select .= '</select>'; $T->set_var(array('autostart_enabled' => $playback_options['autostart'] ? ' checked="checked"' : '', 'autostart_disabled' => $playback_options['autostart'] ? '' : ' checked="checked"', 'enablecontextmenu_enabled' => $playback_options['enablecontextmenu'] ? ' checked="checked"' : '', 'enablecontextmenu_disabled' => $playback_options['enablecontextmenu'] ? '' : ' checked="checked"', 'stretchtofit_enabled' => $playback_options['stretchtofit'] ? ' checked="checked"' : '', 'stretchtofit_disabled' => $playback_options['stretchtofit'] ? '' : ' checked="checked"', 'showstatusbar_enabled' => $playback_options['showstatusbar'] ? ' checked="checked"' : '', 'showstatusbar_disabled' => $playback_options['showstatusbar'] ? '' : ' checked="checked"', 'uimode_select' => $uimode_select, 'uimode' => $playback_options['uimode'], 'playcount' => $playback_options['playcount'], 'height' => $playback_options['height'], 'width' => $playback_options['width'], 'bgcolor' => $playback_options['bgcolor'], 'lang_playcount' => $LANG_MG07['playcount'], 'lang_playcount_help' => $LANG_MG07['playcount_help'], 'lang_playback_options' => $LANG_MG07['playback_options'], 'lang_option' => $LANG_MG07['option'], 'lang_description' => $LANG_MG07['description'], 'lang_on' => $LANG_MG07['on'], 'lang_off' => $LANG_MG07['off'], 'lang_auto_start' => $LANG_MG07['auto_start'], 'lang_auto_start_help' => $LANG_MG07['auto_start_help'], 'lang_enable_context_menu' => $LANG_MG07['enable_context_menu'], 'lang_enable_context_menu_help' => $LANG_MG07['enable_context_menu_help'], 'lang_stretch_to_fit' => $LANG_MG07['stretch_to_fit'], 'lang_stretch_to_fit_help' => $LANG_MG07['stretch_to_fit_help'], 'lang_status_bar' => $LANG_MG07['status_bar'], 'lang_status_bar_help' => $LANG_MG07['status_bar_help'], 'lang_ui_mode' => $LANG_MG07['ui_mode'], 'lang_ui_mode_help' => $LANG_MG07['ui_mode_help'], 'lang_height' => $LANG_MG07['height'], 'lang_width' => $LANG_MG07['width'], 'lang_height_help' => $LANG_MG07['height_help'], 'lang_width_help' => $LANG_MG07['width_help'], 'lang_bgcolor' => $LANG_MG07['bgcolor'], 'lang_resolution' => $LANG_MG07['resolution'], 'resolution' => $row['media_resolution_x'] > 0 && $row['media_resolution_y'] > 0 ? $row['media_resolution_x'] . 'x' . $row['media_resolution_y'] : 'unknown', 'lang_bgcolor_help' => $LANG_MG07['bgcolor_help'])); $T->parse('playback_options', 'asf_options'); } if ($row['mime_type'] == 'audio/mpeg') { // pull defaults, then override... $playback_options['autostart'] = $_MG_CONF['mp3_autostart']; $playback_options['enablecontextmenu'] = $_MG_CONF['mp3_enablecontextmenu']; $playback_options['uimode'] = $_MG_CONF['mp3_uimode']; $playback_options['showstatusbar'] = $_MG_CONF['mp3_showstatusbar']; $playback_options['loop'] = $_MG_CONF['mp3_loop']; $poResult = DB_query("SELECT * FROM {$_TABLES['mg_playback_options']} WHERE media_id='" . DB_escapeString($row['media_id']) . "'"); $poNumRows = DB_numRows($poResult); for ($i = 0; $i < $poNumRows; $i++) { $poRow = DB_fetchArray($poResult); $playback_options[$poRow['option_name']] = $poRow['option_value']; } $uimode_select = '<select name="uimode">'; $uimode_select .= '<option value="none" ' . ($playback_options['uimode'] == 'none' ? ' selected="selected"' : '') . '>' . $LANG_MG07['none'] . '</option>'; $uimode_select .= '<option value="mini" ' . ($playback_options['uimode'] == 'mini' ? ' selected="selected"' : '') . '>' . $LANG_MG07['mini'] . '</option>'; $uimode_select .= '<option value="full" ' . ($playback_options['uimode'] == 'full' ? ' selected="selected"' : '') . '>' . $LANG_MG07['full'] . '</option>'; $uimode_select .= '</select>'; $T->set_var(array('audio_tab' => true, 'autostart_enabled' => $playback_options['autostart'] ? ' checked="checked"' : '', 'autostart_disabled' => $playback_options['autostart'] ? '' : ' checked="checked"', 'enablecontextmenu_enabled' => $playback_options['enablecontextmenu'] ? ' checked="checked"' : '', 'enablecontextmenu_disabled' => $playback_options['enablecontextmenu'] ? '' : ' checked="checked"', 'showstatusbar_enabled' => $playback_options['showstatusbar'] ? ' checked="checked"' : '', 'showstatusbar_disabled' => $playback_options['showstatusbar'] ? '' : ' checked="checked"', 'loop_enabled' => $playback_options['loop'] ? ' checked="checked"' : '', 'loop_disabled' => $playback_options['loop'] ? '' : ' checked="checked"', 'uimode_select' => $uimode_select, 'uimode' => $playback_options['uimode'], 'lang_playback_options' => $LANG_MG07['playback_options'], 'lang_option' => $LANG_MG07['option'], 'lang_description' => $LANG_MG07['description'], 'lang_on' => $LANG_MG07['on'], 'lang_off' => $LANG_MG07['off'], 'lang_auto_start' => $LANG_MG07['auto_start'], 'lang_auto_start_help' => $LANG_MG07['auto_start_help'], 'lang_enable_context_menu' => $LANG_MG07['enable_context_menu'], 'lang_enable_context_menu_help' => $LANG_MG07['enable_context_menu_help'], 'lang_stretch_to_fit' => $LANG_MG07['stretch_to_fit'], 'lang_stretch_to_fit_help' => $LANG_MG07['stretch_to_fit_help'], 'lang_status_bar' => $LANG_MG07['status_bar'], 'lang_status_bar_help' => $LANG_MG07['status_bar_help'], 'lang_ui_mode' => $LANG_MG07['ui_mode'], 'lang_ui_mode_help' => $LANG_MG07['ui_mode_help'], 'lang_loop' => $LANG_MG07['loop'], 'lang_loop_help' => $LANG_MG07['loop_help'])); $T->parse('playback_options', 'mp3_options'); } if ($row['mime_type'] == 'application/x-shockwave-flash' || $row['mime_type'] == 'video/x-flv') { // pull defaults, then override... $playback_options['play'] = $_MG_CONF['swf_play']; $playback_options['menu'] = $_MG_CONF['swf_menu']; $playback_options['quality'] = $_MG_CONF['swf_quality']; $playback_options['height'] = $_MG_CONF['swf_height']; $playback_options['width'] = $_MG_CONF['swf_width']; $playback_options['loop'] = $_MG_CONF['swf_loop']; $playback_options['scale'] = $_MG_CONF['swf_scale']; $playback_options['wmode'] = $_MG_CONF['swf_wmode']; $playback_options['allowscriptaccess'] = $_MG_CONF['swf_allowscriptaccess']; $playback_options['bgcolor'] = $_MG_CONF['swf_bgcolor']; $playback_options['swf_version'] = $_MG_CONF['swf_version']; $poResult = DB_query("SELECT * FROM {$_TABLES['mg_playback_options']} WHERE media_id='" . DB_escapeString($row['media_id']) . "'"); $poNumRows = DB_numRows($poResult); for ($i = 0; $i < $poNumRows; $i++) { $poRow = DB_fetchArray($poResult); $playback_options[$poRow['option_name']] = $poRow['option_value']; } $quality_select = '<select name="quality">'; $quality_select .= '<option value="low" ' . ($playback_options['quality'] == 'low' ? ' selected="selected"' : '') . '>' . $LANG_MG07['low'] . '</option>'; $quality_select .= '<option value="high" ' . ($playback_options['quality'] == 'high' ? ' selected="selected"' : '') . '>' . $LANG_MG07['high'] . '</option>'; $quality_select .= '</select>'; $scale_select = '<select name="scale">'; $scale_select .= '<option value="showall" ' . ($playback_options['scale'] == 'showall' ? ' selected="selected"' : '') . '>' . $LANG_MG07['showall'] . '</option>'; $scale_select .= '<option value="noborder" ' . ($playback_options['scale'] == 'noborder' ? ' selected="selected"' : '') . '>' . $LANG_MG07['noborder'] . '</option>'; $scale_select .= '<option value="exactfit" ' . ($playback_options['scale'] == 'exactfit' ? ' selected="selected"' : '') . '>' . $LANG_MG07['exactfit'] . '</option>'; $scale_select .= '</select>'; $wmode_select = '<select name="wmode">'; $wmode_select .= '<option value="window" ' . ($playback_options['wmode'] == 'window' ? ' selected="selected"' : '') . '>' . $LANG_MG07['window'] . '</option>'; $wmode_select .= '<option value="opaque" ' . ($playback_options['wmode'] == 'opaque' ? ' selected="selected"' : '') . '>' . $LANG_MG07['opaque'] . '</option>'; $wmode_select .= '<option value="transparent" ' . ($playback_options['wmode'] == 'transparent' ? ' selected="selected"' : '') . '>' . $LANG_MG07['transparent'] . '</option>'; $wmode_select .= '</select>'; $asa_select = '<select name="allowscriptaccess">'; $asa_select .= '<option value="always" ' . ($playback_options['allowscriptaccess'] == 'always' ? ' selected="selected"' : '') . '>' . $LANG_MG07['always'] . '</option>'; $asa_select .= '<option value="sameDomain" ' . ($playback_options['allowscriptaccess'] == 'sameDomain' ? ' selected="selected"' : '') . '>' . $LANG_MG07['sameDomain'] . '</option>'; $asa_select .= '<option value="never" ' . ($playback_options['allowscriptaccess'] == 'never' ? ' selected="selected"' : '') . '>' . $LANG_MG07['never'] . '</option>'; $asa_select .= '</select>'; $T->set_var(array('play_enabled' => $playback_options['play'] ? ' checked="checked"' : '', 'play_disabled' => $playback_options['play'] ? '' : ' checked="checked"', 'menu_enabled' => $playback_options['menu'] ? ' checked="checked"' : '', 'menu_disabled' => $playback_options['menu'] ? '' : ' checked="checked"', 'loop_enabled' => $playback_options['loop'] ? ' checked="checked"' : '', 'loop_disabled' => $playback_options['loop'] ? '' : ' checked="checked"', 'quality_select' => $quality_select, 'scale_select' => $scale_select, 'wmode_select' => $wmode_select, 'asa_select' => $asa_select, 'flashvars' => isset($playback_options['flashvars']) ? $playback_options['flashvars'] : '', 'height' => $playback_options['height'], 'width' => $playback_options['width'], 'bgcolor' => $playback_options['bgcolor'], 'swf_version' => $playback_options['swf_version'], 'lang_playback_options' => $LANG_MG07['playback_options'], 'lang_option' => $LANG_MG07['option'], 'lang_description' => $LANG_MG07['description'], 'lang_on' => $LANG_MG07['on'], 'lang_off' => $LANG_MG07['off'], 'lang_height' => $LANG_MG07['height'], 'lang_width' => $LANG_MG07['width'], 'lang_height_help' => $LANG_MG07['height_help'], 'lang_width_help' => $LANG_MG07['width_help'], 'lang_auto_start' => $LANG_MG07['auto_start'], 'lang_auto_start_help' => $LANG_MG07['auto_start_help'], 'lang_menu' => $LANG_MG07['menu'], 'lang_menu_help' => $LANG_MG07['menu_help'], 'lang_scale' => $LANG_MG07['scale'], 'lang_swf_scale_help' => $LANG_MG07['swf_scale_help'], 'lang_wmode' => $LANG_MG07['wmode'], 'lang_wmode_help' => $LANG_MG07['wmode_help'], 'lang_loop' => $LANG_MG07['loop'], 'lang_loop_help' => $LANG_MG07['loop_help'], 'lang_quality' => $LANG_MG07['quality'], 'lang_quality_help' => $LANG_MG07['quality_help'], 'lang_flash_vars' => $LANG_MG07['flash_vars'], 'lang_asa' => $LANG_MG07['asa'], 'lang_asa_help' => $LANG_MG07['asa_help'], 'lang_bgcolor' => $LANG_MG07['bgcolor'], 'lang_bgcolor_help' => $LANG_MG07['bgcolor_help'], 'lang_swf_version_help' => $LANG_MG07['swf_version_help'])); if ($row['mime_type'] == 'application/x-shockwave-flash') { $T->parse('playback_options', 'swf_options'); } else { $T->parse('playback_options', 'flv_options'); } } if ($row['media_mime_ext'] == 'mov' || $row['media_mime_ext'] == 'mp4' || $row['mime_type'] == 'video/quicktime' || $row['mime_type'] == 'video/mpeg') { // pull defaults, then override... $playback_options['autoref'] = $_MG_CONF['mov_autoref']; $playback_options['autoplay'] = $_MG_CONF['mov_autoplay']; $playback_options['controller'] = $_MG_CONF['mov_controller']; $playback_options['kioskmode'] = isset($_MG_CONF['mov_kioskmod']) ? $_MG_CONF['mov_kiokmode'] : ''; $playback_options['scale'] = $_MG_CONF['mov_scale']; $playback_options['loop'] = $_MG_CONF['mov_loop']; $playback_options['height'] = $_MG_CONF['mov_height']; $playback_options['width'] = $_MG_CONF['mov_width']; $playback_options['bgcolor'] = $_MG_CONF['mov_bgcolor']; $poResult = DB_query("SELECT * FROM {$_TABLES['mg_playback_options']} WHERE media_id='" . DB_escapeString($row['media_id']) . "'"); $poNumRows = DB_numRows($poResult); for ($i = 0; $i < $poNumRows; $i++) { $poRow = DB_fetchArray($poResult); $playback_options[$poRow['option_name']] = $poRow['option_value']; } $scale_select = '<select name="scale">'; $scale_select .= '<option value="tofit" ' . ($playback_options['scale'] == 'tofit' ? ' selected="selected"' : '') . '>' . $LANG_MG07['to_fit'] . '</option>'; $scale_select .= '<option value="aspect" ' . ($playback_options['scale'] == 'aspect' ? ' selected="selected"' : '') . '>' . $LANG_MG07['aspect'] . '</option>'; $scale_select .= '<option value="1" ' . ($playback_options['scale'] == '1' ? ' selected="selected"' : '') . '>' . $LANG_MG07['normal_size'] . '</option>'; $scale_select .= '</select>'; $T->set_var(array('autoref_enabled' => $playback_options['autoref'] ? ' checked="checked"' : '', 'autoref_disabled' => $playback_options['autoref'] ? '' : ' checked="checked"', 'autoplay_enabled' => $playback_options['autoplay'] ? ' checked="checked"' : '', 'autoplay_disabled' => $playback_options['autoplay'] ? '' : ' checked="checked"', 'controller_enabled' => $playback_options['controller'] ? ' checked="checked"' : '', 'controller_disabled' => $playback_options['controller'] ? '' : ' checked="checked"', 'kioskmode_enabled' => $playback_options['kioskmode'] ? ' checked="checked"' : '', 'kioskmode_disabled' => $playback_options['kioskmode'] ? '' : ' checked="checked"', 'scale_select' => $scale_select, 'loop_enabled' => $playback_options['loop'] ? ' checked="checked"' : '', 'loop_disabled' => $playback_options['loop'] ? '' : ' checked="checked"', 'height' => $playback_options['height'], 'width' => $playback_options['width'], 'bgcolor' => $playback_options['bgcolor'], 'lang_playback_options' => $LANG_MG07['playback_options'], 'lang_option' => $LANG_MG07['option'], 'lang_description' => $LANG_MG07['description'], 'lang_on' => $LANG_MG07['on'], 'lang_off' => $LANG_MG07['off'], 'lang_height' => $LANG_MG07['height'], 'lang_width' => $LANG_MG07['width'], 'lang_height_help' => $LANG_MG07['height_help'], 'lang_width_help' => $LANG_MG07['width_help'], 'lang_auto_start' => $LANG_MG07['auto_start'], 'lang_auto_start_help' => $LANG_MG07['auto_start_help'], 'lang_auto_ref' => $LANG_MG07['auto_ref'], 'lang_auto_ref_help' => $LANG_MG07['auto_ref_help'], 'lang_controller' => $LANG_MG07['controller'], 'lang_controller_help' => $LANG_MG07['controller_help'], 'lang_kiosk_mode' => $LANG_MG07['kiosk_mode'], 'lang_kiosk_mode_help' => $LANG_MG07['kiosk_mode_help'], 'lang_scale' => $LANG_MG07['scale'], 'lang_scale_help' => $LANG_MG07['scale_help'], 'lang_loop' => $LANG_MG07['loop'], 'lang_loop_help' => $LANG_MG07['loop_help'], 'lang_bgcolor' => $LANG_MG07['bgcolor'], 'lang_bgcolor_help' => $LANG_MG07['bgcolor_help'])); $T->parse('playback_options', 'mov_options'); } $T->set_var(array('original_filename' => $row['media_original_filename'], 'attach_tn' => $row['media_tn_attached'], 'at_tn_checked' => $row['media_tn_attached'] == 1 ? ' checked="checked"' : '', 'album_id' => $album_id, 'media_thumbnail' => $thumbnail, 'nocache' => time(), 'media_id' => $row['media_id'], 'media_title' => $row['media_title'], 'media_desc' => $row['media_desc'], 'media_time' => $media_time[0], 'media_views' => $row['media_views'], 'media_comments' => $row['media_comments'], 'media_exif_info' => $exif_info, 'media_rating_max' => 5, 'height' => $size[1] + 50, 'width' => $size[0] + 40, 'queue' => $mqueue, 'month_select' => $month_select, 'day_select' => $day_select, 'year_select' => $year_select, 'hour_select' => $hour_select, 'minute_select' => $minute_select, 'user_ip' => $row['media_user_ip'], 'album_select' => $album_jumpbox, 'media_rating' => $row['media_rating'] / 2, 'media_votes' => $row['media_votes'], 's_mode' => 'edit', 's_title' => $LANG_MG01['edit_media'], 's_rotate_right' => $rotate_right, 's_rotate_left' => $rotate_left, 's_form_action' => $actionURL, 'allowed_html' => COM_allowedHTML(SEC_getUserPermissions(), false, 'mediagallery', 'media_title'), 'site_url' => $_MG_CONF['site_url'], 'preview' => $preview, 'preview_end' => $preview_end)); if ($row['remote_media'] == 1) { $T->set_var(array('remoteurl' => $row['remote_url'], 'lang_remote_url' => $LANG_MG01['remote_url'])); } else { $T->set_var(array('remoteurl' => $row['remote_url'], 'lang_remote_url' => $LANG_MG01['alternate_url'])); } if ($row['media_type'] == 1) { $T->set_var(array('lang_resolution' => $LANG_MG07['resolution'], 'resolution' => $row['media_resolution_x'] > 0 && $row['media_resolution_y'] > 0 ? $row['media_resolution_x'] . 'x' . $row['media_resolution_y'] : 'unknown')); } else { $T->set_var(array('lang_resolution' => '', 'resolution' => '')); } // Pull user information now if ($row['media_user_id'] != '') { if ($_CONF['show_fullname']) { $displayname = 'fullname'; } else { $displayname = 'username'; } $username = DB_getItem($_TABLES['users'], $displayname, "uid={$row['media_user_id']}"); } else { $username = ''; } $userselect = '<select name="owner_name"> '; $sql = "SELECT * FROM {$_TABLES['users']} WHERE status=3 AND uid > 1 ORDER BY username ASC"; $result = DB_query($sql); while ($userRow = DB_fetchArray($result)) { $userselect .= '<option value="' . $userRow['uid'] . '"' . ($userRow['uid'] == $row['media_user_id'] ? ' selected="selected"' : '') . '>' . $userRow['username'] . '</option>' . LB; } $userselect .= '</select>'; if (SEC_hasRights('mediagallery.admin')) { $T->set_var('username', $userselect); } else { $T->set_var('username', $username); } $cat_select = '<select name="cat_id" id="cat_id">'; $cat_select .= '<option value="">' . $LANG_MG01['no_category'] . '</option>'; $result = DB_query("SELECT * FROM {$_TABLES['mg_category']} ORDER BY cat_id ASC"); while ($catRow = DB_fetchArray($result)) { $cat_select .= '<option value="' . $catRow['cat_id'] . '" ' . ($catRow['cat_id'] == $row['media_category'] ? ' selected="selected"' : '') . '>' . $catRow['cat_name'] . '</option>'; } $cat_select .= '</select>'; // keywords $keywords = $row['media_keywords']; if ($back != '') { $T->set_var(array('rpath' => htmlentities($back, ENT_QUOTES, COM_getEncodingt()))); } else { $T->set_var(array('rpath' => '')); } $artist = $row['artist']; $musicalbum = $row['album']; $genre = $row['genre']; // language items... $T->set_var(array('lang_original_filename' => $LANG_MG01['original_filename'], 'lang_media_item' => $LANG_MG00['media_col_header'], 'lang_media_attributes' => $LANG_MG01['media_attributes'], 'lang_mediaattributes' => $LANG_MG01['mediaattributes'], 'lang_attached_thumbnail' => $LANG_MG01['attached_thumbnail'], 'lang_category' => $LANG_MG01['category'], 'lang_keywords' => $LANG_MG01['keywords'], 'lang_rating' => $LANG_MG03['rating'], 'lang_comments' => $LANG_MG03['comments'], 'lang_votes' => $LANG_MG03['votes'], 'media_edit_title' => $LANG_MG01['media_edit'], 'media_edit_help' => $LANG_MG01['media_edit_help'], 'rotate_left' => $LANG_MG01['rotate_left'], 'rotate_right' => $LANG_MG01['rotate_right'], 'lang_title' => $LANG_MG01['title'], 'albums' => $LANG_MG01['albums'], 'description' => $LANG_MG01['description'], 'capture_time' => $LANG_MG01['capture_time'], 'views' => $LANG_MG03['views'], 'uploaded_by' => $LANG_MG01['uploaded_by'], 'submit' => $LANG_MG01['submit'], 'cancel' => $LANG_MG01['cancel'], 'reset' => $LANG_MG01['reset'], 'lang_save' => $LANG_MG01['save'], 'lang_reset' => $LANG_MG01['reset'], 'lang_cancel' => $LANG_MG01['cancel'], 'lang_reset_rating' => $LANG_MG01['reset_rating'], 'lang_reset_views' => $LANG_MG01['reset_views'], 'cat_select' => $cat_select, 'media_keywords' => $keywords, 'lang_replacefile' => $LANG_MG01['replace_file'], 'artist' => $artist, 'musicalbum' => $musicalbum, 'genre' => $genre, 'lang_artist' => $LANG_MG01['artist'], 'lang_genre' => $LANG_MG01['genre'], 'lang_music_album' => $LANG_MG01['music_album'])); $T->parse('output', 'admin'); $retval .= $T->finish($T->get_var('output')); return $retval; }
/** * Save a group to the database * * @param string $grp_id ID of group to save * @param string $grp_name Group Name * @param string $grp_descr Description of group * @param boolean $grp_admin Flag that indicates this is an admin use group * @param boolean $grp_gl_core Flag that indicates if this is a core Geeklog group * @param boolean $grp_default Flag that indicates if this is a default group * @param boolean $grp_applydefault Flag that indicates whether to apply a change in $grp_default to all existing user accounts * @param array $features Features the group has access to * @param array $groups Groups this group will belong to * @return string HTML refresh or error message * */ function savegroup($grp_id, $grp_name, $grp_descr, $grp_admin, $grp_gl_core, $grp_default, $grp_applydefault, $features, $groups) { global $_CONF, $_TABLES, $_USER, $LANG_ACCESS, $_GROUP_VERBOSE; $retval = ''; if (!empty($grp_name) && !empty($grp_descr)) { $GroupAdminGroups = SEC_getUserGroups(); if (!empty($grp_id) && $grp_id > 0 && !in_array($grp_id, $GroupAdminGroups) && !SEC_groupIsRemoteUserAndHaveAccess($grp_id, $GroupAdminGroups)) { COM_accessLog("User {$_USER['username']} tried to edit group '{$grp_name}' ({$grp_id}) with insufficient privileges."); return COM_refresh($_CONF['site_admin_url'] . '/group.php'); } if ($grp_gl_core == 1 and !is_array($features)) { COM_errorLog("Sorry, no valid features were passed to this core group ({$grp_id}) and saving could cause problem...bailing."); return COM_refresh($_CONF['site_admin_url'] . '/group.php'); } // group names have to be unique, so check if this one exists already $g_id = DB_getItem($_TABLES['groups'], 'grp_id', "grp_name = '{$grp_name}'"); if ($g_id > 0) { if (empty($grp_id) || $grp_id != $g_id) { // there already is a group with that name - complain $retval .= COM_showMessageText($LANG_ACCESS['groupexistsmsg'], $LANG_ACCESS['groupexists']) . editgroup($grp_id); $retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG_ACCESS['groupeditor'])); return $retval; } } $grp_descr = COM_stripslashes($grp_descr); $grp_descr = DB_escapeString($grp_descr); $grp_applydefault_add = true; if (empty($grp_id)) { DB_save($_TABLES['groups'], 'grp_name,grp_descr,grp_gl_core,grp_default', "'{$grp_name}','{$grp_descr}',{$grp_gl_core},{$grp_default}"); $grp_id = DB_getItem($_TABLES['groups'], 'grp_id', "grp_name = '{$grp_name}'"); $new_group = true; } else { if ($grp_applydefault == 1) { // check if $grp_default changed $old_default = DB_getItem($_TABLES['groups'], 'grp_default', "grp_id = {$grp_id}"); if ($old_default == $grp_default) { // no change required $grp_applydefault = 0; } elseif ($old_default == 1) { $grp_applydefault_add = false; } } DB_save($_TABLES['groups'], 'grp_id,grp_name,grp_descr,grp_gl_core,grp_default', "{$grp_id},'{$grp_name}','{$grp_descr}',{$grp_gl_core},{$grp_default}"); $new_group = false; } if (empty($grp_id) || $grp_id < 1) { // "this shouldn't happen" COM_errorLog("Internal error: invalid group id"); $retval .= COM_showMessage(95); $retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG_ACCESS['groupeditor'])); return $retval; } // Use the field grp_gl_core to indicate if this non-core GL Group // is an Admin related group if ($grp_gl_core != 1 and $grp_id > 1) { if ($grp_admin == 1) { DB_query("UPDATE {$_TABLES['groups']} SET grp_gl_core=2 WHERE grp_id={$grp_id}"); } else { DB_query("UPDATE {$_TABLES['groups']} SET grp_gl_core=0 WHERE grp_id={$grp_id}"); } } // now save the features DB_delete($_TABLES['access'], 'acc_grp_id', $grp_id); $num_features = count($features); if (SEC_inGroup('Root')) { foreach ($features as $f) { DB_query("INSERT INTO {$_TABLES['access']} (acc_ft_id,acc_grp_id) VALUES ({$f},{$grp_id})"); } } else { $GroupAdminFeatures = SEC_getUserPermissions(); $availableFeatures = explode(',', $GroupAdminFeatures); foreach ($features as $f) { if (in_array($f, $availableFeatures)) { DB_query("INSERT INTO {$_TABLES['access']} (acc_ft_id,acc_grp_id) VALUES ({$f},{$grp_id})"); } } } if ($_GROUP_VERBOSE) { COM_errorLog('groups = ' . $groups); COM_errorLog("deleting all group_assignments for group {$grp_id}/{$grp_name}", 1); } DB_delete($_TABLES['group_assignments'], 'ug_grp_id', $grp_id); if (!empty($groups)) { foreach ($groups as $g) { if (in_array($g, $GroupAdminGroups)) { if ($_GROUP_VERBOSE) { COM_errorLog("adding group_assignment {$g} for {$grp_name}", 1); } $sql = "INSERT INTO {$_TABLES['group_assignments']} (ug_main_grp_id, ug_grp_id) VALUES ({$g},{$grp_id})"; DB_query($sql); } } } // Make sure Root group belongs to any new group if (DB_getItem($_TABLES['group_assignments'], 'COUNT(*)', "ug_main_grp_id = {$grp_id} AND ug_grp_id = 1") == 0) { DB_query("INSERT INTO {$_TABLES['group_assignments']} (ug_main_grp_id, ug_grp_id) VALUES ({$grp_id}, 1)"); } // make sure this Group Admin belongs to the new group if (!SEC_inGroup('Root')) { if (DB_count($_TABLES['group_assignments'], 'ug_uid', "(ug_uid = {$_USER['uid']}) AND (ug_main_grp_id = {$grp_id})") == 0) { DB_query("INSERT INTO {$_TABLES['group_assignments']} (ug_main_grp_id, ug_uid) VALUES ({$grp_id},{$_USER['uid']})"); } } if ($grp_applydefault == 1) { applydefaultgroup($grp_id, $grp_applydefault_add); } if ($new_group) { PLG_groupChanged($grp_id, 'new'); } else { PLG_groupChanged($grp_id, 'edit'); } if (isset($_REQUEST['chk_showall']) && $_REQUEST['chk_showall'] == 1) { return COM_refresh($_CONF['site_admin_url'] . '/group.php?msg=49&chk_showall=1'); } else { return COM_refresh($_CONF['site_admin_url'] . '/group.php?msg=49'); } } else { $retval .= COM_showMessageText($LANG_ACCESS['missingfieldsmsg'], $LANG_ACCESS['missingfields']) . editgroup($grp_id); $retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG_ACCESS['groupeditor'])); return $retval; } }
/** * edits or creates an album * * @param int album_id album_id to edit * @param string mode create or edit * @param string actionURL where to redirection on finish * @param int oldaid original album id * @return string HTML * */ function MG_editAlbum($album_id = 0, $mode = '', $actionURL = '', $oldaid = 0) { global $_USER, $_CONF, $_TABLES, $_MG_CONF, $LANG_MG00, $LANG_MG01, $LANG_MG03, $LANG_ACCESS, $REMOTE_ADDR; global $MG_albums, $album_selectbox, $_DB_dbms; $valid_albums = 0; if ($actionURL == '') { $actionURL = $_CONF['site_admin_url'] . '/plugins/mediagallery/index.php'; } if ($_DB_dbms == "mssql") { $sql = "SELECT *,CAST(album_desc AS TEXT) as album_desc FROM " . $_TABLES['mg_albums'] . " WHERE album_id=" . $album_id; } else { $sql = "SELECT * FROM " . $_TABLES['mg_albums'] . " WHERE album_id=" . intval($album_id); } $result = DB_query($sql); $numRows = DB_numRows($result); if ($numRows > 0) { $A = DB_fetchArray($result); } $retval = ''; $T = new Template(MG_getTemplatePath($album_id)); $T->set_var('site_url', $_CONF['site_url']); $T->set_var('site_admin_url', $_CONF['site_admin_url']); if ($album_id != 0 && $mode == 'edit') { // If edit, pull up the existing album information... if ($MG_albums[$album_id]->access != 3) { COM_errorLog("MediaGallery: Someone has tried to illegally edit a Media Gallery Album. User id: {$_USER['uid']}, Username: {$_USER['username']}, IP: {$REMOTE_ADDR}", 1); return MG_genericError($LANG_MG00['access_denied_msg']); } } else { if ($album_id == 0 && $mode == 'create') { // create the album... $A['album_id'] = -1; $A['album_order'] = 0; $album_id = -1; $A['album_parent'] = 0; $A['album_title'] = ''; $A['album_desc'] = ''; $A['hidden'] = 0; $A['album_cover'] = -1; $A['featured'] = 0; $A['cbposition'] = 0; $A['cbpage'] = 'all'; $A['owner_id'] = $_USER['uid']; $A['member_uploads'] = $_MG_CONF['ad_member_uploads']; $A['moderate'] = $_MG_CONF['ad_moderate']; $A['tn_attached'] = 0; $A['exif_display'] = $_MG_CONF['ad_exif_display']; $A['enable_slideshow'] = $_MG_CONF['ad_enable_slideshow']; $A['enable_random'] = $_MG_CONF['ad_enable_random']; $A['enable_shutterfly'] = $_MG_CONF['ad_enable_shutterfly']; $A['enable_views'] = $_MG_CONF['ad_enable_views']; $A['enable_keywords'] = $_MG_CONF['ad_enable_keywords']; $A['display_album_desc'] = $_MG_CONF['ad_display_album_desc']; $A['enable_album_views'] = $_MG_CONF['ad_enable_album_views']; $A['image_skin'] = $_MG_CONF['ad_image_skin']; $A['album_skin'] = $_MG_CONF['ad_album_skin']; $A['display_skin'] = $_MG_CONF['ad_display_skin']; $A['enable_sort'] = $_MG_CONF['ad_enable_sort']; $A['enable_rss'] = $_MG_CONF['ad_enable_rss']; $A['enable_postcard'] = $_MG_CONF['ad_enable_postcard']; $A['albums_first'] = $_MG_CONF['ad_albums_first']; $A['enable_rating'] = $_MG_CONF['ad_enable_rating']; $A['enable_comments'] = $_MG_CONF['ad_enable_comments']; $A['tn_size'] = $_MG_CONF['ad_tn_size']; $A['allow_download'] = $_MG_CONF['ad_allow_download']; $A['max_image_height'] = $_MG_CONF['ad_max_image_height']; $A['max_image_width'] = $_MG_CONF['ad_max_image_width']; $A['max_filesize'] = $_MG_CONF['ad_max_filesize']; $A['display_image_size'] = $_MG_CONF['ad_display_image_size']; $A['display_rows'] = $_MG_CONF['ad_display_rows']; $A['display_columns'] = $_MG_CONF['ad_display_columns']; $A['valid_formats'] = $_MG_CONF['ad_valid_formats']; $A['filename_title'] = $_MG_CONF['ad_filename_title']; $A['wm_auto'] = $_MG_CONF['ad_wm_auto']; $A['wm_id'] = $_MG_CONF['ad_wm_id']; $A['opacity'] = $_MG_CONF['ad_wm_opacity']; $A['wm_location'] = $_MG_CONF['ad_wm_location']; $A['album_sort_order'] = $_MG_CONF['ad_album_sort_order']; $A['email_mod'] = $_MG_CONF['ad_email_mod']; $A['album_cover_filename'] = ''; $A['last_update'] = 0; $A['media_count'] = 0; $A['full_display'] = $_MG_CONF['ad_full_display']; $A['playback_type'] = $_MG_CONF['ad_playback_type']; $A['podcast'] = isset($_MG_CONF['ad_podcast']) ? $_MG_CONF['ad_podcast'] : 0; $A['mp3ribbon'] = 0; $A['rsschildren'] = 0; $A['usealternate'] = isset($_MG_CONF['ad_use_alternate']) ? $_MG_CONF['ad_use_alternate'] : 0; $A['skin'] = isset($_MG_CONF['ad_skin']) ? $_MG_CONF['ad_skin'] : 'default'; $gresult = DB_query("SELECT grp_id FROM {$_TABLES['groups']} WHERE grp_name LIKE 'mediagallery Admin'"); $grow = DB_fetchArray($gresult); $grp_id = $grow['grp_id']; $A['group_id'] = $grp_id; $A['mod_group_id'] = $grp_id; $A['perm_owner'] = $_MG_CONF['ad_perm_owner']; $A['perm_group'] = $_MG_CONF['ad_perm_group']; $A['perm_members'] = $_MG_CONF['ad_perm_members']; $A['perm_anon'] = $_MG_CONF['ad_perm_anon']; $A['tnheight'] = $_MG_CONF['ad_tn_height']; $A['tnwidth'] = $_MG_CONF['ad_tn_width']; } } $T->set_var('album_id', $A['album_id']); $retval .= COM_startBlock($mode == 'create' ? $LANG_MG01['create_album'] : $LANG_MG01['edit_album'] . ' - ' . strip_tags($A['album_title']), '', COM_getBlockTemplate('_admin_block', 'header')); // If edit, pull up the existing album information... $T->set_file(array('admin' => 'editalbum.thtml', 'falbum' => 'featured_album.thtml', 'perms_admin' => 'edit_album_permissions.thtml', 'perms_member' => 'edit_album_perm_member.thtml', 'admin_attr' => 'editalbum_admin.thtml', 'admin_formats' => 'editalbum_formats.thtml')); // construct the album jumpbox... if ($mode == 'create') { $select = $oldaid; } else { $select = $A['album_parent']; } $album_selectbox = '<select name="parentaid">'; $valid_albums += $MG_albums[0]->buildAlbumBox($select, 3, $A['album_id'], $mode); $album_selectbox .= '</select>'; $album_select = $album_selectbox; if ($valid_albums == 0) { COM_errorLog("MediaGallery: Someone has tried to illegally create a Medig Gallery Album. User id: {$_USER['uid']}, Username: {$_USER['username']}, IP: {$REMOTE_ADDR}", 1); return MG_genericError($LANG_MG00['access_denied_msg']); } // build exif select box... $exif_select = '<select name="enable_exif">'; $exif_select .= '<option value="0"' . ($A['exif_display'] == 0 ? 'selected="selected"' : '') . '>' . $LANG_MG01['disable_exif'] . '</option>'; $exif_select .= '<option value="1"' . ($A['exif_display'] == 1 ? 'selected="selected"' : '') . '>' . $LANG_MG01['display_below_media'] . '</option>'; $exif_select .= '<option value="2"' . ($A['exif_display'] == 2 ? 'selected="selected"' : '') . '>' . $LANG_MG01['display_in_popup'] . '</option>'; $exif_select .= '<option value="3"' . ($A['exif_display'] == 3 ? 'selected="selected"' : '') . '>' . $LANG_MG01['both'] . '</option>'; $exif_select .= '</select>'; $full_select = '<select name="full_display"' . ($_MG_CONF['discard_original'] ? ' disabled=disabled ' : '') . '>'; $full_select .= '<option value="0"' . ($A['full_display'] == 0 ? 'selected="selected"' : '') . '>' . $LANG_MG01['always'] . '</option>'; $full_select .= '<option value="1"' . ($A['full_display'] == 1 ? 'selected="selected"' : '') . '>' . $LANG_MG01['members_only'] . '</option>'; $full_select .= '<option value="2"' . ($A['full_display'] == 2 ? 'selected="selected"' : '') . '>' . $LANG_MG01['disabled'] . '</option>'; $full_select .= '</select>'; $ranking_select = '<select name="enable_rating">'; $ranking_select .= '<option value="0"' . ($A['enable_rating'] == 0 ? 'selected="selected"' : '') . '>' . $LANG_MG01['disabled'] . '</option>'; $ranking_select .= '<option value="1"' . ($A['enable_rating'] == 1 ? 'selected="selected"' : '') . '>' . $LANG_MG01['members_only'] . '</option>'; $ranking_select .= '<option value="2"' . ($A['enable_rating'] == 2 ? 'selected="selected"' : '') . '>' . $LANG_MG01['always'] . '</option>'; $ranking_select .= '</select>'; $podcast_select = '<input type="checkbox" name="podcast" value="1" ' . ($A['podcast'] ? ' checked="checked"' : '') . '/>'; $mp3ribbon_select = '<input type="checkbox" name="mp3ribbon" value="1" ' . ($A['mp3ribbon'] ? ' checked="checked"' : '') . '/>'; $rsschildren_select = '<input type="checkbox" name="rsschildren" value="1" ' . ($A['rsschildren'] ? ' checked="checked"' : '') . '/>'; $comment_select = '<input type="checkbox" name="enable_comments" value="1" ' . ($A['enable_comments'] ? ' checked="checked"' : '') . '/>'; $ss_select = '<select name="enable_slideshow">'; $ss_select .= '<option value="0" ' . ($A['enable_slideshow'] == 0 ? ' selected="selected"' : '') . '>' . $LANG_MG01['disabled'] . '</option>'; $ss_select .= '<option value="1"' . ($A['enable_slideshow'] == 1 ? ' selected="selected"' : '') . '>' . $LANG_MG01['js_slideshow'] . '</option>'; $ss_select .= '<option value="2"' . ($A['enable_slideshow'] == 2 ? ' selected="selected"' : '') . '>' . $LANG_MG01['lightbox'] . '</option>'; $ss_select .= '<option value="3"' . ($A['enable_slideshow'] == 3 ? ' selected="selected"' : '') . '>' . $LANG_MG01['flash_slideshow_disp'] . '</option>'; $ss_select .= '<option value="4"' . ($A['enable_slideshow'] == 4 ? ' selected="selected"' : '') . '>' . $LANG_MG01['flash_slideshow_full'] . '</option>'; $ss_select .= '<option value="5"' . ($A['enable_slideshow'] == 5 ? ' selected="selected"' : '') . '>' . $LANG_MG01['mp3_jukebox'] . '</option>'; $ss_select .= '</select>'; $sf_select = '<input type="checkbox" name="enable_shutterfly" value="1" ' . ($A['enable_shutterfly'] ? ' checked="checked"' : '') . '/>'; $views_select = '<input type="checkbox" name="enable_views" value="1" ' . ($A['enable_views'] ? ' checked="checked"' : '') . '/>'; $keywords_select = '<input type="checkbox" name="enable_keywords" value="1" ' . ($A['enable_keywords'] ? ' checked="checked"' : '') . '/>'; $sort_select = '<input type="checkbox" name="enable_sort" value="1" ' . ($A['enable_sort'] ? ' checked="checked"' : '') . '/>'; $rss_select = '<input type="checkbox" name="enable_rss" value="1" ' . ($A['enable_rss'] ? ' checked="checked"' : '') . '/>'; $postcard_select = '<select name="enable_postcard">'; $postcard_select .= '<option value="0"' . ($A['enable_postcard'] == 0 ? 'selected="selected"' : '') . '>' . $LANG_MG01['disabled'] . '</option>'; $postcard_select .= '<option value="1"' . ($A['enable_postcard'] == 1 ? 'selected="selected"' : '') . '>' . $LANG_MG01['members_only'] . '</option>'; $postcard_select .= '<option value="2"' . ($A['enable_postcard'] == 2 ? 'selected="selected"' : '') . '>' . $LANG_MG01['all_users'] . '</option>'; $postcard_select .= '</select>'; $afirst_select = '<input type="checkbox" name="albums_first" value="1" ' . ($A['albums_first'] ? ' checked="checked"' : '') . '/>'; $usealternate_select = '<input type="checkbox" name="usealternate" value="1" ' . ($A['usealternate'] ? ' checked="checked"' : '') . '/>'; $album_views_select = '<input type="checkbox" name="enable_album_views" value="1" ' . ($A['enable_album_views'] ? ' checked="checked"' : '') . '/>'; $display_album_desc_select = '<input type="checkbox" name="display_album_desc" value="1" ' . ($A['display_album_desc'] ? ' checked="checked"' : '') . '/>'; $tn_size_select = '<select name="tn_size">'; $tn_size_select .= '<option value="0"' . ($A['tn_size'] == 0 ? 'selected="selected"' : '') . '>' . $LANG_MG01['small'] . '</option>'; $tn_size_select .= '<option value="1"' . ($A['tn_size'] == 1 ? 'selected="selected"' : '') . '>' . $LANG_MG01['medium'] . '</option>'; $tn_size_select .= '<option value="2"' . ($A['tn_size'] == 2 ? 'selected="selected"' : '') . '>' . $LANG_MG01['large'] . '</option>'; $tn_size_select .= '<option value="3"' . ($A['tn_size'] == 3 ? 'selected="selected"' : '') . '>' . $LANG_MG01['custom'] . '</option>'; $tn_size_select .= '<option value="4"' . ($A['tn_size'] == 4 ? 'selected="selected"' : '') . '>' . $LANG_MG01['square'] . '</option>'; $tn_size_select .= '</select>'; $display_image_size_select = '<select name="display_image_size">'; $display_image_size_select .= '<option value="0"' . ($A['display_image_size'] == 0 ? 'selected="selected"' : '') . '>' . $LANG_MG01['size_500x375'] . '</option>'; $display_image_size_select .= '<option value="1"' . ($A['display_image_size'] == 1 ? 'selected="selected"' : '') . '>' . $LANG_MG01['size_600x450'] . '</option>'; $display_image_size_select .= '<option value="2"' . ($A['display_image_size'] == 2 ? 'selected="selected"' : '') . '>' . $LANG_MG01['size_620x465'] . '</option>'; $display_image_size_select .= '<option value="3"' . ($A['display_image_size'] == 3 ? 'selected="selected"' : '') . '>' . $LANG_MG01['size_720x540'] . '</option>'; $display_image_size_select .= '<option value="4"' . ($A['display_image_size'] == 4 ? 'selected="selected"' : '') . '>' . $LANG_MG01['size_800x600'] . '</option>'; $display_image_size_select .= '<option value="5"' . ($A['display_image_size'] == 5 ? 'selected="selected"' : '') . '>' . $LANG_MG01['size_912x684'] . '</option>'; $display_image_size_select .= '<option value="6"' . ($A['display_image_size'] == 6 ? 'selected="selected"' : '') . '>' . $LANG_MG01['size_1024x768'] . '</option>'; $display_image_size_select .= '<option value="7"' . ($A['display_image_size'] == 7 ? 'selected="selected"' : '') . '>' . $LANG_MG01['size_1152x864'] . '</option>'; $display_image_size_select .= '<option value="8"' . ($A['display_image_size'] == 8 ? 'selected="selected"' : '') . '>' . $LANG_MG01['size_1280x1024'] . '</option>'; $display_image_size_select .= '<option value="9"' . ($A['display_image_size'] == 9 ? 'selected="selected"' : '') . '>' . $LANG_MG01['size_custom'] . $_MG_CONF['custom_image_width'] . 'x' . $_MG_CONF['custom_image_height'] . '</option>'; $display_image_size_select .= '</select>'; $rows_input = '<input type="text" size="3" name="display_rows" value="' . $A['display_rows'] . '"/>'; $columns_input = '<input type="text" size="3" name="display_columns" value="' . $A['display_columns'] . '"/>'; $max_image_height_input = '<input type="text" size="4" name="max_image_height" value="' . $A['max_image_height'] . '"/>'; $max_image_width_input = '<input type="text" size="4" name="max_image_width" value="' . $A['max_image_width'] . '"/>'; $tnheight_input = '<input type="text" size="3" name="tnheight" value="' . $A['tnheight'] . '"/>'; $tnwidth_input = '<input type="text" size="3" name="tnwidth" value="' . $A['tnwidth'] . '"/>'; if ($A['max_filesize'] != 0) { $A['max_filesize'] = $A['max_filesize'] / 1024; } $max_filesize_input = '<input type="text" size="10" name="max_filesize" value="' . $A['max_filesize'] . '"/>'; $email_mod_select = '<input type="checkbox" name="email_mod" value="1" ' . ($A['email_mod'] ? ' checked="checked"' : '') . '/>'; $playback_type = '<select name="playback_type">'; $playback_type .= '<option value="0"' . ($A['playback_type'] == 0 ? 'selected="selected"' : '') . '>' . $LANG_MG01['play_in_popup'] . '</option>'; $playback_type .= '<option value="1"' . ($A['playback_type'] == 1 ? 'selected="selected"' : '') . '>' . $LANG_MG01['download_to_local'] . '</option>'; $playback_type .= '<option value="2"' . ($A['playback_type'] == 2 ? 'selected="selected"' : '') . '>' . $LANG_MG01['play_inline'] . '</option>'; $playback_type .= '<option value="3"' . ($A['playback_type'] == 3 ? 'selected="selected"' : '') . '>' . $LANG_MG01['use_mms'] . '</option>'; $playback_type .= '</select>'; $themes = MG_getThemes(); $album_theme_select = '<select name="album_theme">'; for ($i = 0; $i < count($themes); $i++) { $album_theme_select .= '<option value="' . $themes[$i] . '"' . ($A['skin'] == $themes[$i] ? 'selected="selected"' : '') . '>' . $themes[$i] . '</option>'; } $album_theme_select .= '</select>'; $attach_select = '<input type="checkbox" name="attach_tn" value="1" ' . ($A['tn_attached'] ? ' checked="checked"' : '') . '/>'; $result = DB_query("SELECT * FROM {$_TABLES['users']}"); $nRows = DB_numRows($result); $owner_select = '<select name="owner_id">'; for ($i = 0; $i < $nRows; $i++) { $row = DB_fetchArray($result); if ($row['uid'] == 1) { continue; } $owner_select .= '<option value="' . $row['uid'] . '"' . ($A['owner_id'] == $row['uid'] ? 'selected="selected"' : '') . '>' . COM_getDisplayName($row['uid'], $row['username'], $row['fullname'], $row['remoteusername'], $row['remoteservice']) . '</option>'; } $owner_select .= '</select>'; $album_sort_select = '<select name="album_sort_order">'; $album_sort_select .= '<option value="0"' . ($A['album_sort_order'] == 0 ? 'selected="selected"' : '') . '>' . $LANG_MG03['no_sort'] . '</option>'; $album_sort_select .= '<option value="1"' . ($A['album_sort_order'] == 1 ? 'selected="selected"' : '') . '>' . $LANG_MG03['sort_capture_asc'] . '</option>'; $album_sort_select .= '<option value="2"' . ($A['album_sort_order'] == 2 ? 'selected="selected"' : '') . '>' . $LANG_MG03['sort_capture'] . '</option>'; $album_sort_select .= '<option value="3"' . ($A['album_sort_order'] == 3 ? 'selected="selected"' : '') . '>' . $LANG_MG03['sort_upload_asc'] . '</option>'; $album_sort_select .= '<option value="4"' . ($A['album_sort_order'] == 4 ? 'selected="selected"' : '') . '>' . $LANG_MG03['sort_upload'] . '</option>'; $album_sort_select .= '<option value="5"' . ($A['album_sort_order'] == 5 ? 'selected="selected"' : '') . '>' . $LANG_MG03['sort_alpha'] . '</option>'; $album_sort_select .= '<option value="6"' . ($A['album_sort_order'] == 6 ? 'selected="selected"' : '') . '>' . $LANG_MG03['sort_alpha_asc'] . '</option>'; $album_sort_select .= '</select>'; if (SEC_hasRights('mediagallery.admin')) { // // -- build the featured selects and info... // $featured_select = '<input type="checkbox" name="featured" value="1" ' . ($A['featured'] ? ' checked="checked"' : '') . '/>'; // build featurepage select... $featurepage_select = '<select name="featurepage">'; $featurepage_select .= '<option value="all"' . ($A['cbpage'] == 'all' ? 'selected="selected"' : '') . '>' . $LANG_MG01['all'] . '</option>'; $featurepage_select .= '<option value="allnhp"' . ($A['cbpage'] == 'allnhp' ? 'selected="selected"' : '') . '>' . $LANG_MG01['all_nhp'] . '</option>'; $featurepage_select .= '<option value="none"' . ($A['cbpage'] == 'none' ? 'selected="selected"' : '') . '>' . $LANG_MG01['homepage_only'] . '</option>'; $featurepage_select .= COM_topicList('tid,topic', $A['cbpage']); $featurepage_select .= '</select>'; // position $feature_pos = '<select name="featureposition">'; $feature_pos .= '<option value="1"' . ($A['cbposition'] == 1 ? ' selected="selected"' : '') . '>' . $LANG_MG01['top'] . '</option>'; $feature_pos .= '<option value="2"' . ($A['cbposition'] == 2 ? ' selected="selected"' : '') . '>' . $LANG_MG01['after_featured_articles'] . '</option>'; $feature_pos .= '<option value="3"' . ($A['cbposition'] == 3 ? ' selected="selected"' : '') . '>' . $LANG_MG01['bottom'] . '</option>'; $feature_pos .= '</select> '; $T->set_var(array('featured_select' => $featured_select, 'feature_page_select' => $featurepage_select, 'feature_position' => $feature_pos, 'lang_featured_album' => $LANG_MG01['featured_album'], 'lang_set_featured' => $LANG_MG01['set_featured'], 'lang_featured_help' => $LANG_MG01['featured_help'], 'lang_position' => $LANG_MG01['position'], 'lang_topic' => $LANG_MG01['topic'])); $T->parse('featureselect', 'falbum'); $ri_select = '<input type="checkbox" name="enable_random" value="1" ' . ($A['enable_random'] ? ' checked="checked"' : '') . '/>'; $T->set_var(array('height_input' => $max_image_height_input, 'width_input' => $max_image_width_input, 'max_size_input' => $max_filesize_input, 'ri_select' => $ri_select, 'lang_ri_enable' => $LANG_MG01['ri_enable'], 'lang_max_image_height' => $LANG_MG01['max_image_height'], 'lang_max_image_width' => $LANG_MG01['max_image_width'], 'lang_max_filesize' => $LANG_MG01['max_filesize'])); $T->parse('adminattr', 'admin_attr'); $T->set_var(array('jpg_checked' => $A['valid_formats'] & MG_JPG ? ' checked="checked"' : '', 'png_checked' => $A['valid_formats'] & MG_PNG ? ' checked="checked"' : '', 'tif_checked' => $A['valid_formats'] & MG_TIF ? ' checked="checked"' : '', 'gif_checked' => $A['valid_formats'] & MG_GIF ? ' checked="checked"' : '', 'bmp_checked' => $A['valid_formats'] & MG_BMP ? ' checked="checked"' : '', 'tga_checked' => $A['valid_formats'] & MG_TGA ? ' checked="checked"' : '', 'psd_checked' => $A['valid_formats'] & MG_PSD ? ' checked="checked"' : '', 'mp3_checked' => $A['valid_formats'] & MG_MP3 ? ' checked="checked"' : '', 'ogg_checked' => $A['valid_formats'] & MG_OGG ? ' checked="checked"' : '', 'asf_checked' => $A['valid_formats'] & MG_ASF ? ' checked="checked"' : '', 'swf_checked' => $A['valid_formats'] & MG_SWF ? ' checked="checked"' : '', 'mov_checked' => $A['valid_formats'] & MG_MOV ? ' checked="checked"' : '', 'mp4_checked' => $A['valid_formats'] & MG_MP4 ? ' checked="checked"' : '', 'mpg_checked' => $A['valid_formats'] & MG_MPG ? ' checked="checked"' : '', 'zip_checked' => $A['valid_formats'] & MG_ZIP ? ' checked="checked"' : '', 'flv_checked' => $A['valid_formats'] & MG_FLV ? ' checked="checked"' : '', 'rflv_checked' => $A['valid_formats'] & MG_RFLV ? ' checked="checked"' : '', 'emb_checked' => $A['valid_formats'] & MG_EMB ? ' checked="checked"' : '', 'other_checked' => $A['valid_formats'] & MG_OTHER ? ' checked="checked"' : '', 'lang_jpg' => $LANG_MG01['jpg'], 'lang_png' => $LANG_MG01['png'], 'lang_tif' => $LANG_MG01['tif'], 'lang_gif' => $LANG_MG01['gif'], 'lang_bmp' => $LANG_MG01['bmp'], 'lang_tga' => $LANG_MG01['tga'], 'lang_psd' => $LANG_MG01['psd'], 'lang_mp3' => $LANG_MG01['mp3'], 'lang_ogg' => $LANG_MG01['ogg'], 'lang_asf' => $LANG_MG01['asf'], 'lang_swf' => $LANG_MG01['swf'], 'lang_mov' => $LANG_MG01['mov'], 'lang_mp4' => $LANG_MG01['mp4'], 'lang_mpg' => $LANG_MG01['mpg'], 'lang_zip' => $LANG_MG01['zip'], 'lang_flv' => $LANG_MG01['flv'], 'lang_rflv' => $LANG_MG01['rflv'], 'lang_emb' => $LANG_MG01['emb'], 'lang_other' => $LANG_MG01['other'], 'lang_allowed_formats' => $LANG_MG01['allowed_media_formats'], 'lang_image' => $LANG_MG01['image'], 'lang_audio' => $LANG_MG01['audio'], 'lang_video' => $LANG_MG01['video'])); $T->parse('valid_formats', 'admin_formats'); } $r = rand(); if ($A['tn_attached']) { $media_size = false; foreach ($_MG_CONF['validExtensions'] as $ext) { if (file_exists($_MG_CONF['path_mediaobjects'] . 'covers/cover_' . $A['album_id'] . $ext)) { $album_last_image = $_MG_CONF['mediaobjects_url'] . '/covers/cover_' . $A['album_id'] . $ext; $media_size = @getimagesize($_MG_CONF['path_mediaobjects'] . 'covers/cover_' . $A['album_id'] . $ext); if ($media_size != false) { $T->set_var('thumbnail', '<img src="' . $_MG_CONF['mediaobjects_url'] . '/covers/cover_' . $A['album_id'] . $ext . '?r=' . $r . '" alt=""/>'); } break; } } // $T->set_var('thumbnail','<img src="' . $_MG_CONF['mediaobjects_url'] . '/covers/cover_' . $A['album_id'] . '.jpg?r=' . $r . '" alt="">'); } $filename_title_select = '<input type="checkbox" name="filename_title" value="1" ' . ($A['filename_title'] ? ' checked="checked"' : '') . '/>'; // watermark stuff... $wm_auto_select = '<input type="checkbox" name="wm_auto" value="1" ' . ($A['wm_auto'] ? ' checked="checked"' : '') . '/>'; $wm_opacity_select = '<select name="wm_opacity">'; $wm_opacity_select .= '<option value="10"' . ($A['opacity'] == 10 ? 'selected="selected"' : '') . '>10%</option>'; $wm_opacity_select .= '<option value="20"' . ($A['opacity'] == 20 ? 'selected="selected"' : '') . '>20%</option>'; $wm_opacity_select .= '<option value="30"' . ($A['opacity'] == 30 ? 'selected="selected"' : '') . '>30%</option>'; $wm_opacity_select .= '<option value="40"' . ($A['opacity'] == 40 ? 'selected="selected"' : '') . '>40%</option>'; $wm_opacity_select .= '<option value="50"' . ($A['opacity'] == 50 ? 'selected="selected"' : '') . '>50%</option>'; $wm_opacity_select .= '<option value="60"' . ($A['opacity'] == 60 ? 'selected="selected"' : '') . '>60%</option>'; $wm_opacity_select .= '<option value="70"' . ($A['opacity'] == 70 ? 'selected="selected"' : '') . '>70%</option>'; $wm_opacity_select .= '<option value="80"' . ($A['opacity'] == 80 ? 'selected="selected"' : '') . '>80%</option>'; $wm_opacity_select .= '<option value="90"' . ($A['opacity'] == 90 ? 'selected="selected"' : '') . '>90%</option>'; $wm_opacity_select .= '</select>'; $wm_location_select = '<select name="wm_location">'; $wm_location_select .= '<option value="1"' . ($A['wm_location'] == 1 ? 'selected="selected"' : '') . '>' . $LANG_MG01['top_left'] . '</option>'; $wm_location_select .= '<option value="2"' . ($A['wm_location'] == 2 ? 'selected="selected"' : '') . '>' . $LANG_MG01['top_center'] . '</option>'; $wm_location_select .= '<option value="3"' . ($A['wm_location'] == 3 ? 'selected="selected"' : '') . '>' . $LANG_MG01['top_right'] . '</option>'; $wm_location_select .= '<option value="4"' . ($A['wm_location'] == 4 ? 'selected="selected"' : '') . '>' . $LANG_MG01['middle_left'] . '</option>'; $wm_location_select .= '<option value="5"' . ($A['wm_location'] == 5 ? 'selected="selected"' : '') . '>' . $LANG_MG01['middle_center'] . '</option>'; $wm_location_select .= '<option value="6"' . ($A['wm_location'] == 6 ? 'selected="selected"' : '') . '>' . $LANG_MG01['middle_right'] . '</option>'; $wm_location_select .= '<option value="7"' . ($A['wm_location'] == 7 ? 'selected="selected"' : '') . '>' . $LANG_MG01['bottom_left'] . '</option>'; $wm_location_select .= '<option value="8"' . ($A['wm_location'] == 8 ? 'selected="selected"' : '') . '>' . $LANG_MG01['bottom_center'] . '</option>'; $wm_location_select .= '<option value="9"' . ($A['wm_location'] == 9 ? 'selected="selected"' : '') . '>' . $LANG_MG01['bottom_right'] . '</option>'; $wm_location_select .= '</select>'; // now select what watermarks we have permission to use... $whereClause = " WHERE wm_id<>0 AND "; if (SEC_hasRights('mediagallery.admin')) { $whereClause .= "1=1"; } else { $whereClause .= "(owner_id=" . $_USER['uid'] . " OR owner_id=0)"; } $sql = "SELECT * FROM {$_TABLES['mg_watermarks']} " . $whereClause . " ORDER BY owner_id"; $result = DB_query($sql); $nRows = DB_numRows($result); $wm_select = '<select name="wm_id" onchange="change(this)">'; $wm_select .= '<option value="blank.png">' . $LANG_MG01['no_watermark'] . '</option>'; $wm_current = '<img src="' . $_MG_CONF['site_url'] . '/watermarks/blank.png" name="myImage" alt=""/>'; for ($i = 0; $i < $nRows; $i++) { $row = DB_fetchArray($result); $wm_select .= '<option value="' . $row['filename'] . '"' . ($A['wm_id'] == $row['wm_id'] ? 'selected="selected"' : '') . '>' . $row['filename'] . '</option>'; if ($A['wm_id'] == $row['wm_id']) { $wm_current = '<img src="' . $_MG_CONF['site_url'] . '/watermarks/' . $row['filename'] . '" name="myImage" alt=""/>'; } } $wm_select .= '</select>'; $frames = new mgFrame(); $skins = array(); $skins = $frames->getFrames(); $skin_select = '<select name="skin">'; $askin_select = '<select name="askin">'; $dskin_select = '<select name="dskin">'; for ($i = 0; $i < count($skins); $i++) { $skin_select .= '<option value="' . $skins[$i]['dir'] . '"' . ($A['image_skin'] == $skins[$i]['dir'] ? ' selected="selected" ' : '') . '>' . $skins[$i]['name'] . '</option>'; $askin_select .= '<option value="' . $skins[$i]['dir'] . '"' . ($A['album_skin'] == $skins[$i]['dir'] ? ' selected="selected" ' : '') . '>' . $skins[$i]['name'] . '</option>'; $dskin_select .= '<option value="' . $skins[$i]['dir'] . '"' . ($A['display_skin'] == $skins[$i]['dir'] ? ' selected="selected" ' : '') . '>' . $skins[$i]['name'] . '</option>'; } $skin_select .= '</select>'; $askin_select .= '</select>'; $dskin_select .= '</select>'; // permission template $usergroups = SEC_getUserGroups(); $groupdd = ''; $moddd = ''; $groupdd .= '<select name="group_id">'; $moddd .= '<select name="mod_id">'; for ($i = 0; $i < count($usergroups); $i++) { if ($usergroups[key($usergroups)] != 2 && $usergroups[key($usergroups)] != 13) { $groupdd .= '<option value="' . $usergroups[key($usergroups)] . '"'; $moddd .= '<option value="' . $usergroups[key($usergroups)] . '"'; if ($A['group_id'] == $usergroups[key($usergroups)]) { $groupdd .= ' selected="selected"'; } if ($A['mod_group_id'] == $usergroups[key($usergroups)]) { $moddd .= ' selected="selected"'; } $groupdd .= '>' . key($usergroups) . '</option>'; $moddd .= '>' . key($usergroups) . '</option>'; } next($usergroups); } $groupdd .= '</select>'; $moddd .= '</select>'; $upload_select = '<input type="checkbox" name="uploads" value="1" ' . ($A['member_uploads'] ? ' checked="checked"' : '') . '/>'; $moderate_select = '<input type="checkbox" name="moderate" value="1" ' . ($A['moderate'] ? ' checked="checked"' : '') . '/>'; $child_update_select = '<input type="checkbox" name="force_child_update" value="1"/>'; $hidden_select = '<input type="checkbox" name="hidden" value="1" ' . ($A['hidden'] ? ' checked="checked"' : '') . '/>'; $allow_download_select = '<input type="checkbox" name="allow_download" value="1" ' . ($A['allow_download'] ? ' checked="checked"' : '') . '/>'; if (SEC_hasRights('mediagallery.admin')) { $perm_editor = SEC_getPermissionsHTML($A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']); } else { $perm_editor = MG_getMemberPermissionsHTML($A['perm_members'], $A['perm_anon']); } $T->set_var(array('lang_uploads' => $LANG_MG01['anonymous_uploads_prompt'], 'lang_accessrights' => $LANG_ACCESS['accessrights'], 'lang_owner' => $LANG_ACCESS['owner'], 'owner_username' => DB_getItem($_TABLES['users'], 'username', "uid={$A['owner_id']}"), 'owner_id' => $A['owner_id'], 'lang_group' => $LANG_ACCESS['group'], 'lang_permissions' => $LANG_ACCESS['permissions'], 'lang_perm_key' => $LANG_ACCESS['permissionskey'], 'lang_hidden' => $LANG_MG01['hidden'], 'permissions_msg' => $LANG_ACCESS['permmsg'], 'permissions_editor' => $perm_editor, 'origaid' => '<input type="hidden" name="origaid" value="' . $oldaid . '"/>', 'group_dropdown' => $groupdd, 'mod_dropdown' => $moddd, 'lang_member_upload' => $LANG_MG01['member_upload'], 'lang_moderate_album' => $LANG_MG01['mod_album'], 'lang_mod_group' => $LANG_MG01['moderation_group'], 'uploads' => $upload_select, 'moderate' => $moderate_select, 'hidden' => $hidden_select, 'force_child_update' => $child_update_select, 'lang_force_child_update' => $LANG_MG01['force_child_update'], 'lang_allow_download' => $LANG_MG01['allow_download'], 'owner_select' => $owner_select, 'email_mod_select' => $email_mod_select, 'lang_email_mods_on_submission' => $LANG_MG01['email_mods_on_submission'])); if (SEC_hasRights('mediagallery.admin')) { $T->parse('perm_editor', 'perms_admin'); } else { $T->parse('perm_editor', 'perms_member'); } $T->set_var(array('action' => 'album', 'path_mg' => $_MG_CONF['site_url'], 'attach_select' => $attach_select, 'comment_select' => $comment_select, 'exif_select' => $exif_select, 'ranking_select' => $ranking_select, 'podcast_select' => $podcast_select, 'mp3ribbon_select' => $mp3ribbon_select, 'rsschildren_select' => $rsschildren_select, 'full_select' => $full_select, 'ss_select' => $ss_select, 'sf_select' => $sf_select, 'views_select' => $views_select, 'keywords_select' => $keywords_select, 'album_views_select' => $album_views_select, 'display_album_desc_select' => $display_album_desc_select, 'sort_select' => $sort_select, 'rss_select' => $rss_select, 'postcard_select' => $postcard_select, 'afirst_select' => $afirst_select, 'tn_size_select' => $tn_size_select, 'display_image_size' => $display_image_size_select, 'rows_input' => $rows_input, 'columns_input' => $columns_input, 'playback_type' => $playback_type, 'album_title' => $A['album_title'], 'album_desc' => $A['album_desc'], 'album_id' => $A['album_id'], 'parent_select' => $album_select, 'album_cover' => $A['album_cover'], 'album_owner' => $A['owner_id'], 'album_order' => $A['album_order'], 'album_cover_filename' => $A['album_cover_filename'], 'last_update' => $A['last_update'], 'media_count' => $A['media_count'], 'wm_auto_select' => $wm_auto_select, 'wm_opacity_select' => $wm_opacity_select, 'wm_location_select' => $wm_location_select, 'wm_select' => $wm_select, 'wm_current' => $wm_current, 'album_theme_select' => $album_theme_select, 'album_sort_select' => $album_sort_select, 'allow_download_select' => $allow_download_select, 'filename_title_select' => $filename_title_select, 'skin_select' => $skin_select, 'askin_select' => $askin_select, 'dskin_select' => $dskin_select, 'tnheight_input' => $tnheight_input, 'tnwidth_input' => $tnwidth_input, 'usealternate_select' => $usealternate_select, 'lang_usealternate' => $LANG_MG01['use_alternate_url'], 'lang_tnheight' => $LANG_MG01['tn_height'], 'lang_tnwidth' => $LANG_MG01['tn_width'], 'lang_save' => $LANG_MG01['save'], 'lang_edit_title' => $mode == 'create' ? $LANG_MG01['create_album'] : $LANG_MG01['edit_album'], 's_form_action' => $actionURL, 'lang_image_skin' => $LANG_MG01['image_skin'], 'lang_album_skin' => $LANG_MG01['album_skin'], 'lang_display_skin' => $LANG_MG01['display_skin'], 'lang_album_edit_help' => $LANG_MG01['album_edit_help'], 'lang_title' => $LANG_MG01['title'], 'lang_podcast' => $LANG_MG01['podcast'], 'lang_mp3ribbon' => $LANG_MG01['mp3ribbon'], 'lang_rsschildren' => $LANG_MG01['rsschildren'], 'lang_parent_album' => $LANG_MG01['parent_album'], 'lang_description' => $LANG_MG01['description'], 'lang_cancel' => $LANG_MG01['cancel'], 'lang_delete' => $LANG_MG01['delete'], 'lang_comments' => $LANG_MG01['comments_prompt'], 'lang_enable_exif' => $LANG_MG01['enable_exif'], 'lang_enable_ratings' => $LANG_MG01['enable_ratings'], 'lang_ss_enable' => $LANG_MG01['ss_enable'], 'lang_sf_enable' => $LANG_MG01['sf_enable'], 'lang_tn_size' => $LANG_MG01['tn_size'], 'lang_rows' => $LANG_MG01['rows'], 'lang_columns' => $LANG_MG01['columns'], 'lang_av_play_album' => $LANG_MG01['av_play_album'], 'lang_av_play_options' => $LANG_MG01['av_play_options'], 'lang_attached_thumbnail' => $LANG_MG01['attached_thumbnail'], 'lang_thumbnail' => $LANG_MG01['thumbnail'], 'lang_album_attributes' => $LANG_MG01['album_attributes'], 'lang_album_cover' => $LANG_MG01['album_cover'], 'lang_enable_views' => $LANG_MG01['enable_views'], 'lang_enable_keywords' => $LANG_MG01['enable_keywords'], 'lang_enable_album_views' => $LANG_MG01['enable_album_views'], 'lang_enable_sort' => $LANG_MG01['enable_sort'], 'lang_enable_rss' => $LANG_MG01['enable_rss'], 'lang_enable_postcard' => $LANG_MG01['enable_postcard'], 'lang_albums_first' => $LANG_MG01['albums_first'], 'lang_full_display' => $LANG_MG01['full_display'], 'lang_display_image_size' => $LANG_MG01['display_image_size'], 'lang_album_sort' => $LANG_MG01['default_album_sort'], 'lang_watermark' => $LANG_MG01['watermark'], 'lang_wm_auto' => $LANG_MG01['watermark_auto'], 'lang_wm_opacity' => $LANG_MG01['watermark_opacity'], 'lang_wm_location' => $LANG_MG01['watermark_location'], 'lang_wm_id' => $LANG_MG01['watermark_image'], 'lang_unlimited' => $LANG_MG01['zero_unlimited'], 'lang_display_album_desc' => $LANG_MG01['display_album_desc'], 'lang_filename_title' => $LANG_MG01['filename_title'], 'lang_media_attributes' => $LANG_MG01['media_attributes'], 'lang_theme_select' => $LANG_MG01['album_theme'])); if ($_MG_CONF['htmlallowed'] == 1) { $T->set_var('allowed_html', COM_allowedHTML(SEC_getUserPermissions(), false, 'mediagallery', 'album_title')); } $T->parse('output', 'admin'); $retval .= $T->finish($T->get_var('output')); $retval .= COM_endBlock(COM_getBlockTemplate('_admin_block', 'footer')); return $retval; }
/** * Authenticates the user if authentication headers are present * * Our handling of the speedlimit here requires some explanation ... * Atompub clients will usually try to do everything without logging in first. * Since that would mean that we can't provide feeds for drafts, items with * special permissions, etc. we ask them to log in (PLG_RET_AUTH_FAILED). * That, however, means that every request from an Atompub client will count * as one failed login attempt. So doing a couple of requests in quick * succession will surely get the client blocked. Therefore * - a request without any login credentials counts as one failed login attempt * - a request with wrong login credentials counts as two failed login attempts * - if, after a successful login, we have only one failed attempt on record, * we reset the speedlimit * This still ensures that * - repeated failed logins (without or with invalid credentials) will cause the * client to be blocked eventually * - this can not be used for dictionary attacks * */ function WS_authenticate() { global $_CONF, $_TABLES, $_USER, $_GROUPS, $_RIGHTS, $WS_VERBOSE; $uid = ''; $username = ''; $password = ''; $status = -1; if (isset($_SERVER['PHP_AUTH_USER'])) { $username = $_SERVER['PHP_AUTH_USER']; $password = $_SERVER['PHP_AUTH_PW']; $username = COM_applyFilter($username); $password = COM_applyFilter($password); if ($WS_VERBOSE) { COM_errorLog("WS: Attempting to log in user '{$username}'"); } } elseif (!empty($_SERVER['REMOTE_USER'])) { /* PHP installed as CGI may not have access to authorization headers of * Apache. In that case, use .htaccess to store the auth header */ list($auth_type, $auth_data) = explode(' ', $_SERVER['REMOTE_USER']); list($username, $password) = explode(':', base64_decode($auth_data)); $username = COM_applyFilter($username); $password = COM_applyFilter($password); if ($WS_VERBOSE) { COM_errorLog("WS: Attempting to log in user '{$username}' (via \$_SERVER['REMOTE_USER'])"); } } else { if ($WS_VERBOSE) { COM_errorLog("WS: No login given"); } // fallthrough (see below) } COM_clearSpeedlimit($_CONF['login_speedlimit'], 'wsauth'); if (COM_checkSpeedlimit('wsauth', $_CONF['login_attempts']) > 0) { WS_error(PLG_RET_PERMISSION_DENIED, 'Speed Limit exceeded'); } if (!empty($username) && !empty($password)) { if ($_CONF['user_login_method']['3rdparty']) { // remote users will have to use username@servicename $u = explode('@', $username); if (count($u) > 1) { $sv = $u[count($u) - 1]; if (!empty($sv)) { $modules = SEC_collectRemoteAuthenticationModules(); foreach ($modules as $smod) { if (strcasecmp($sv, $smod) == 0) { array_pop($u); // drop the service name $uname = implode('@', $u); $status = SEC_remoteAuthentication($uname, $password, $smod, $uid); break; } } } } } if ($status == -1 && $_CONF['user_login_method']['standard']) { $status = SEC_authenticate($username, $password, $uid); } } if ($status == USER_ACCOUNT_ACTIVE) { $_USER = SESS_getUserDataFromId($uid); PLG_loginUser($_USER['uid']); // Global array of groups current user belongs to $_GROUPS = SEC_getUserGroups($_USER['uid']); // Global array of current user permissions [read,edit] $_RIGHTS = explode(',', SEC_getUserPermissions()); if ($_CONF['restrict_webservices']) { if (!SEC_hasRights('webservices.atompub')) { COM_updateSpeedlimit('wsauth'); if ($WS_VERBOSE) { COM_errorLog("WS: User '{$_USER['username']}' ({$_USER['uid']}) does not have permission to use the webservices"); } // reset user, groups, and rights, just in case ... $_USER = array(); $_GROUPS = array(); $_RIGHTS = array(); WS_error(PLG_RET_AUTH_FAILED); } } if ($WS_VERBOSE) { COM_errorLog("WS: User '{$_USER['username']}' ({$_USER['uid']}) successfully logged in"); } // if there were less than 2 failed login attempts, reset speedlimit if (COM_checkSpeedlimit('wsauth', 2) == 0) { if ($WS_VERBOSE) { COM_errorLog("WS: Successful login - resetting speedlimit"); } COM_resetSpeedlimit('wsauth'); } } else { COM_updateSpeedlimit('wsauth'); if (!empty($username) && !empty($password)) { COM_updateSpeedlimit('wsauth'); if ($WS_VERBOSE) { COM_errorLog("WS: Wrong login credentials - counting as 2 failed attempts"); } } elseif ($WS_VERBOSE) { COM_errorLog("WS: Empty login credentials - counting as 1 failed attempt"); } WS_error(PLG_RET_AUTH_FAILED); } }
/** * Shows the story submission form * */ function submitstory($topic = '') { global $_CONF, $_TABLES, $_USER, $LANG12, $LANG24, $REMOTE_ADDR; $retval = ''; $story = new Story(); if (isset($_POST['mode']) && $_POST['mode'] == $LANG12[32]) { // preview $story->loadSubmission(); $retval .= COM_startBlock($LANG12[32]) . STORY_renderArticle($story, 'p') . COM_endBlock(); $retval .= '<div style="border-bottom:1px solid #cccccc"></div>'; } else { $story->initSubmission($topic); $story->loadSubmission(); } if ($_CONF['story_submit_by_perm_only']) { $topicList = COM_topicList('tid,topic', $story->EditElements('tid'), 1, false, 3); } else { $topicList = COM_topicList('tid,topic', $story->EditElements('tid')); } // no topics if ($topicList == '') { $retval = COM_showMessageText($LANG24[66], '', 1, 'error'); return $retval; } $retval .= COM_startBlock($LANG12[6]); $storyform = new Template($_CONF['path_layout'] . 'submit'); $storyform->set_file('storyform', 'submitstory.thtml'); if ($story->EditElements('postmode') == 'html') { $storyform->set_var('show_htmleditor', true); } else { $storyform->unset_var('show_htmleditor'); } $storyform->set_var('site_admin_url', $_CONF['site_admin_url']); $storyform->set_var('lang_username', $LANG12[27]); if (!COM_isAnonUser()) { $storyform->set_var('story_username', $_USER['username']); $storyform->set_var('author', COM_getDisplayName()); $storyform->set_var('status_url', $_CONF['site_url'] . '/users.php?mode=logout'); $storyform->set_var('lang_loginout', $LANG12[34]); } else { $storyform->set_var('status_url', $_CONF['site_url'] . '/users.php'); $storyform->set_var('lang_loginout', $LANG12[2]); if (!$_CONF['disable_new_user_registration']) { $storyform->set_var('separator', ' | '); $storyform->set_var('seperator', ' | '); $storyform->set_var('create_account', COM_createLink($LANG12[53], $_CONF['site_url'] . '/users.php?mode=new', array('rel' => "nofollow"))); } } $storyform->set_var('lang_title', $LANG12[10]); $storyform->set_var('story_title', $story->EditElements('title')); $storyform->set_var('lang_topic', $LANG12[28]); $storyform->set_var('story_topic_options', $topicList); /* if ( $_CONF['story_submit_by_perm_only'] ) { $storyform->set_var('story_topic_options', COM_topicList('tid,topic',$story->EditElements('tid'),1,false,3)); } else { $storyform->set_var('story_topic_options', COM_topicList('tid,topic',$story->EditElements('tid'))); } */ $storyform->set_var('lang_story', $LANG12[29]); $storyform->set_var('lang_introtext', $LANG12[54]); $storyform->set_var('lang_bodytext', $LANG12[55]); $storyform->set_var('story_introtext', $story->EditElements('introtext')); $storyform->set_var('story_bodytext', $story->EditElements('bodytext')); $storyform->set_var('lang_postmode', $LANG12[36]); $storyform->set_var('story_postmode_options', COM_optionList($_TABLES['postmodes'], 'code,name', $story->EditElements('postmode'))); $storyform->set_var('postmode', $story->EditElements('postmode')); $storyform->set_var('allowed_html', COM_allowedHTML(SEC_getUserPermissions(), false, 'glfusion', 'story') . '<br/>' . COM_allowedAutotags(SEC_getUserPermissions(), false, 'glfusion', 'story')); $storyform->set_var('story_uid', $story->EditElements('uid')); $storyform->set_var('story_sid', $story->EditElements('sid')); $storyform->set_var('story_date', $story->EditElements('unixdate')); PLG_templateSetVars('story', $storyform); if ($_CONF['skip_preview'] == 1 || isset($_POST['mode']) && $_POST['mode'] == $LANG12[32]) { $storyform->set_var('save_button', '<input name="mode" type="submit" value="' . $LANG12[8] . '"' . XHTML . '>'); } $storyform->set_var('lang_preview', $LANG12[32]); $storyform->parse('theform', 'storyform'); $retval .= $storyform->finish($storyform->get_var('theform')); $retval .= COM_endBlock(); $urlfor = 'advancededitor'; if (COM_isAnonUser()) { $urlfor = 'advancededitor' . md5($REMOTE_ADDR); } $rc = @setcookie($_CONF['cookie_name'] . 'adveditor', SEC_createTokenGeneral($urlfor), time() + 1200, $_CONF['cookie_path'], $_CONF['cookiedomain'], $_CONF['cookiesecure']); return $retval; }
/** * Shows event editor * * @param string $action action we are performing: 'edit', 'clone' or 'moderate' * @param array $A array holding the event's details * @param string $msg an optional error message to display * @return string HTML for event editor or error message * */ function CALENDAR_edit($action, $A, $msg = '') { global $_CONF, $_USER, $_GROUPS, $_TABLES, $_USER, $_CA_CONF, $LANG_CAL_1, $LANG_CAL_ADMIN, $LANG10, $LANG12, $LANG_ACCESS, $LANG_ADMIN, $MESSAGE; USES_lib_admin(); $retval = ''; $menu_arr = array(array('url' => $_CONF['site_admin_url'] . '/plugins/calendar/index.php', 'text' => $LANG_CAL_ADMIN[40]), array('url' => $_CONF['site_admin_url'] . '/moderation.php', 'text' => $LANG_ADMIN['submissions']), array('url' => $_CONF['site_admin_url'] . '/plugins/calendar/index.php?batchadmin=x', 'text' => $LANG_CAL_ADMIN[38]), array('url' => $_CONF['site_admin_url'], 'text' => $LANG_ADMIN['admin_home'])); switch ($action) { case 'edit': case 'clone': $blocktitle = $LANG_CAL_ADMIN[1]; // Event Editor $saveoption = $LANG_ADMIN['save']; // Save break; case 'moderate': $blocktitle = $LANG_CAL_ADMIN[37]; // Moderate Event $saveoption = $LANG_ADMIN['moderate']; // Save & Approve break; } if (!empty($msg)) { $retval .= COM_showMessageText($msg, $LANG_CAL_ADMIN[2], true); } $event_templates = new Template($_CONF['path'] . 'plugins/calendar/templates/admin'); $event_templates->set_file('editor', 'eventeditor.thtml'); $event_templates->set_var('lang_allowed_html', COM_allowedHTML(SEC_getUserPermissions(), false, 'calendar', 'description')); $event_templates->set_var('lang_postmode', $LANG_CAL_ADMIN[3]); if (!isset($A['perm_owner'])) { $A['perm_owner'][0] = "0"; } if (!isset($A['perm_group'])) { $A['perm_group'][0] = "0"; } if (!isset($A['perm_members'])) { $A['perm_members'][0] = "0"; } if (!isset($A['perm_anon'])) { $A['perm_anon'][0] = "0"; } if ($action != 'moderate' and !empty($A['eid'])) { // Get what level of access user has to this object $access = SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']); if ($access == 0 or $access == 2) { // Uh, oh! User doesn't have access to this object $retval .= COM_showMessageText($LANG_CAL_ADMIN[17], $LANG_ACCESS['accessdenied'], true); COM_accessLog("User {$_USER['username']} tried to illegally submit or edit event {$eid}."); return $retval; } } else { if (!isset($A['owner_id']) || $A['owner_id'] == '') { $A['owner_id'] = $_USER['uid']; } if (isset($_GROUPS['Calendar Admin'])) { $A['group_id'] = $_GROUPS['Calendar Admin']; } else { $A['group_id'] = SEC_getFeatureGroup('calendar.edit'); } SEC_setDefaultPermissions($A, $_CA_CONF['default_permissions']); $access = 3; } if ($action == 'moderate') { $event_templates->set_var('post_options', COM_optionList($_TABLES['postmodes'], 'code,name', 'plaintext')); } else { if (!isset($A['postmode'])) { $A['postmode'] = $_CONF['postmode']; } $event_templates->set_var('post_options', COM_optionList($_TABLES['postmodes'], 'code,name', $A['postmode'])); } $retval .= COM_startBlock($blocktitle, '', COM_getBlockTemplate('_admin_block', 'header')); $retval .= ADMIN_createMenu($menu_arr, $LANG_CAL_ADMIN[41], plugin_geticon_calendar()); if (!empty($A['eid'])) { $delbutton = '<input type="submit" value="' . $LANG_ADMIN['delete'] . '" name="delete"%s/>'; $jsconfirm = ' onclick="return confirm(\'' . $MESSAGE[76] . '\');"'; $event_templates->set_var('lang_delete_confirm', $MESSAGE[76]); $event_templates->set_var('delete_option', sprintf($delbutton, $jsconfirm)); $event_templates->set_var('delete_option_no_confirmation', sprintf($delbutton, '')); if ($action == 'moderate') { $event_templates->set_var('submission_option', '<input type="hidden" name="type" value="submission"/>'); } } else { // new event $A['eid'] = COM_makesid(); $A['status'] = 1; $A['title'] = ''; $A['description'] = ''; $A['url'] = ''; $A['hits'] = 0; // in case a start date/time has been passed from the calendar, // pick it up for the end date/time if (empty($A['dateend'])) { $A['dateend'] = $A['datestart']; } if (empty($A['timeend'])) { $A['timeend'] = $A['timestart']; } $A['event_type'] = ''; $A['location'] = ''; $A['address1'] = ''; $A['address2'] = ''; $A['city'] = ''; $A['state'] = ''; $A['zipcode'] = ''; $A['allday'] = 0; } $event_templates->set_var('event_id', $A['eid']); $event_templates->set_var('lang_eventtitle', $LANG_ADMIN['title']); $A['title'] = str_replace('{', '{', $A['title']); $A['title'] = str_replace('}', '}', $A['title']); $A['title'] = str_replace('"', '"', $A['title']); $event_templates->set_var('event_title', $A['title']); $event_templates->set_var('lang_eventtype', $LANG_CAL_1[37]); $event_templates->set_var('lang_editeventtypes', $LANG12[50]); $event_templates->set_var('type_options', CALENDAR_eventTypeList($A['event_type'])); $event_templates->set_var('status_checked', $A['status'] == 1 ? ' checked="checked"' : ''); $event_templates->set_var('lang_eventurl', $LANG_CAL_ADMIN[4]); $event_templates->set_var('max_url_length', 255); $event_templates->set_var('event_url', $A['url']); $event_templates->set_var('lang_includehttp', $LANG_CAL_ADMIN[9]); $event_templates->set_var('lang_eventstartdate', $LANG_CAL_ADMIN[5]); //$event_templates->set_var('event_startdate', $A['datestart']); $event_templates->set_var('lang_starttime', $LANG_CAL_1[30]); // Combine date/time for easier manipulation $A['datestart'] = trim($A['datestart'] . ' ' . $A['timestart']); if (empty($A['datestart'])) { $start_stamp = time(); } else { $start_stamp = strtotime($A['datestart']); } $A['dateend'] = trim($A['dateend'] . ' ' . $A['timeend']); if (empty($A['dateend'])) { $end_stamp = time(); } else { $end_stamp = strtotime($A['dateend']); } $start_month = date('m', $start_stamp); $start_day = date('d', $start_stamp); $start_year = date('Y', $start_stamp); $end_month = date('m', $end_stamp); $end_day = date('d', $end_stamp); $end_year = date('Y', $end_stamp); $start_hour = date('H', $start_stamp); $start_minute = intval(date('i', $start_stamp) / 15) * 15; if ($start_hour >= 12) { $startampm = 'pm'; } else { $startampm = 'am'; } $start_hour_24 = $start_hour % 24; if ($start_hour > 12) { $start_hour = $start_hour - 12; } else { if ($start_hour == 0) { $start_hour = 12; } } $end_hour = date('H', $end_stamp); $end_minute = intval(date('i', $end_stamp) / 15) * 15; if ($end_hour >= 12) { $endampm = 'pm'; } else { $endampm = 'am'; } $end_hour_24 = $end_hour % 24; if ($end_hour > 12) { $end_hour = $end_hour - 12; } else { if ($end_hour == 0) { $end_hour = 12; } } $month_options = COM_getMonthFormOptions($start_month); $event_templates->set_var('startmonth_options', $month_options); $month_options = COM_getMonthFormOptions($end_month); $event_templates->set_var('endmonth_options', $month_options); $day_options = COM_getDayFormOptions($start_day); $event_templates->set_var('startday_options', $day_options); $day_options = COM_getDayFormOptions($end_day); $event_templates->set_var('endday_options', $day_options); $year_options = COM_getYearFormOptions($start_year); $event_templates->set_var('startyear_options', $year_options); $year_options = COM_getYearFormOptions($end_year); $event_templates->set_var('endyear_options', $year_options); if (isset($_CA_CONF['hour_mode']) && $_CA_CONF['hour_mode'] == 24) { $hour_options = COM_getHourFormOptions($start_hour_24, 24); $event_templates->set_var('starthour_options', $hour_options); $hour_options = COM_getHourFormOptions($end_hour_24, 24); $event_templates->set_var('endhour_options', $hour_options); $event_templates->set_var('hour_mode', 24); } else { $hour_options = COM_getHourFormOptions($start_hour); $event_templates->set_var('starthour_options', $hour_options); $hour_options = COM_getHourFormOptions($end_hour); $event_templates->set_var('endhour_options', $hour_options); $event_templates->set_var('hour_mode', 12); } $event_templates->set_var('startampm_selection', CALENDAR_getAmPmFormSelection('start_ampm', $startampm, 'update_ampm()')); $event_templates->set_var('endampm_selection', CALENDAR_getAmPmFormSelection('end_ampm', $endampm)); $event_templates->set_var('startminute_options', COM_getMinuteFormOptions($start_minute, 15)); $event_templates->set_var('endminute_options', COM_getMinuteFormOptions($end_minute, 15)); $event_templates->set_var('lang_enddate', $LANG12[13]); $event_templates->set_var('lang_eventenddate', $LANG_CAL_ADMIN[6]); $event_templates->set_var('event_enddate', $A['dateend']); $event_templates->set_var('lang_enddate', $LANG12[13]); $event_templates->set_var('lang_endtime', $LANG_CAL_1[29]); $event_templates->set_var('lang_alldayevent', $LANG_CAL_1[31]); if ($A['allday'] == 1) { $event_templates->set_var('allday_checked', 'checked="checked"'); } $event_templates->set_var('lang_location', $LANG12[51]); $event_templates->set_var('event_location', $A['location']); $event_templates->set_var('lang_addressline1', $LANG12[44]); $event_templates->set_var('event_address1', $A['address1']); $event_templates->set_var('lang_addressline2', $LANG12[45]); $event_templates->set_var('event_address2', $A['address2']); $event_templates->set_var('lang_city', $LANG12[46]); $event_templates->set_var('event_city', $A['city']); $event_templates->set_var('lang_state', $LANG12[47]); $event_templates->set_var('state_options', ''); $event_templates->set_var('event_state', $A['state']); $event_templates->set_var('lang_zipcode', $LANG12[48]); $event_templates->set_var('event_zipcode', $A['zipcode']); $event_templates->set_var('lang_eventlocation', $LANG_CAL_ADMIN[7]); $event_templates->set_var('event_location', $A['location']); $event_templates->set_var('lang_eventdescription', $LANG_CAL_ADMIN[8]); $event_templates->set_var('event_description', $A['description']); $event_templates->set_var('lang_hits', $LANG10[30]); $event_templates->set_var('hits', COM_numberFormat($A['hits'])); $event_templates->set_var('lang_save', $saveoption); $event_templates->set_var('lang_cancel', $LANG_ADMIN['cancel']); // user access info $event_templates->set_var('lang_accessrights', $LANG_ACCESS['accessrights']); $event_templates->set_var('lang_owner', $LANG_ACCESS['owner']); $ownername = COM_getDisplayName($A['owner_id']); $event_templates->set_var('owner_username', DB_getItem($_TABLES['users'], 'username', "uid = {$A['owner_id']}")); $event_templates->set_var('owner_name', $ownername); $event_templates->set_var('owner', $ownername); $event_templates->set_var('owner_id', $A['owner_id']); $event_templates->set_var('lang_group', $LANG_ACCESS['group']); $event_templates->set_var('group_dropdown', SEC_getGroupDropdown($A['group_id'], $access)); $event_templates->set_var('lang_permissions', $LANG_ACCESS['permissions']); $event_templates->set_var('lang_permissionskey', $LANG_ACCESS['permissionskey']); $event_templates->set_var('permissions_editor', SEC_getPermissionsHTML($A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon'])); $event_templates->set_var('gltoken_name', CSRF_TOKEN); $event_templates->set_var('gltoken', SEC_createToken()); $event_templates->parse('output', 'editor'); $retval .= $event_templates->finish($event_templates->get_var('output')); $retval .= COM_endBlock(COM_getBlockTemplate('_admin_block', 'footer')); return $retval; }
/** * Shows story editor * * Displays the story entry form * * @param string $sid ID of story to edit * @param string $action 'preview', 'edit', 'moderate', 'draft' * @param string $errormsg a message to display on top of the page * @param string $currenttopic topic selection for drop-down menu * @return string HTML for story editor * */ function STORY_edit($sid = '', $action = '', $errormsg = '', $currenttopic = '') { global $_CONF, $_GROUPS, $_TABLES, $_USER, $LANG24, $LANG33, $LANG_ACCESS, $LANG_ADMIN, $MESSAGE, $_IMAGE_TYPE; USES_lib_admin(); $display = ''; switch ($action) { case 'clone': case 'edit': case 'preview': case 'error': $title = $LANG24[5]; $saveoption = $LANG_ADMIN['save']; $submission = false; break; case 'moderate': $title = $LANG24[90]; $saveoption = $LANG_ADMIN['moderate']; $submission = true; break; case 'draft': $title = $LANG24[91]; $saveoption = $LANG_ADMIN['save']; $submission = true; $action = 'edit'; break; default: $title = $LANG24[5]; $saveoption = $LANG_ADMIN['save']; $submission = false; $action = 'edit'; break; } // Load HTML templates $story_templates = new Template($_CONF['path_layout'] . 'admin/story'); $story_templates->set_file(array('editor' => 'storyeditor.thtml')); if (!isset($_CONF['hour_mode'])) { $_CONF['hour_mode'] = 12; } if (!empty($errormsg)) { $display .= COM_showMessageText($errormsg, $LANG24[25], true); } if (!empty($currenttopic)) { $allowed = DB_getItem($_TABLES['topics'], 'tid', "tid = '" . DB_escapeString($currenttopic) . "'" . COM_getTopicSql('AND')); if ($allowed != $currenttopic) { $currenttopic = ''; } } $story = new Story(); if ($action == 'preview' || $action == 'error') { while (list($key, $value) = each($_POST)) { if (!is_array($value)) { $_POST[$key] = $value; } else { while (list($subkey, $subvalue) = each($value)) { $value[$subkey] = $subvalue; } } } $result = $story->loadFromArgsArray($_POST); } else { $result = $story->loadFromDatabase($sid, $action); } if ($result == STORY_PERMISSION_DENIED || $result == STORY_NO_ACCESS_PARAMS) { $display .= COM_showMessageText($LANG24[42], $LANG_ACCESS['accessdenied'], true); COM_accessLog("User {$_USER['username']} tried to access story {$sid}. - STORY_PERMISSION_DENIED or STORY_NO_ACCESS_PARAMS - " . $result); return $display; } elseif ($result == STORY_EDIT_DENIED || $result == STORY_EXISTING_NO_EDIT_PERMISSION) { $display .= COM_showMessageText($LANG24[41], $LANG_ACCESS['accessdenied'], true); $display .= STORY_renderArticle($story, 'p'); COM_accessLog("User {$_USER['username']} tried to illegally edit story {$sid}. - STORY_EDIT_DENIED or STORY_EXISTING_NO_EDIT_PERMISSION"); return $display; } elseif ($result == STORY_INVALID_SID) { if ($action == 'moderate') { // that submission doesn't seem to be there any more (may have been // handled by another Admin) - take us back to the moderation page echo COM_refresh($_CONF['site_admin_url'] . '/moderation.php'); } else { echo COM_refresh($_CONF['site_admin_url'] . '/story.php'); } } elseif ($result == STORY_DUPLICATE_SID) { $story_templates->set_var('error_message', $LANG24[24]); } elseif ($result == STORY_EMPTY_REQUIRED_FIELDS) { $story_templates->set_var('error_message', $LANG24[31]); } if (empty($currenttopic) && $story->EditElements('tid') == '') { $story->setTid(DB_getItem($_TABLES['topics'], 'tid', 'is_default = 1' . COM_getPermSQL('AND'))); } else { if ($story->EditElements('tid') == '') { $story->setTid($currenttopic); } } if (SEC_hasRights('story.edit')) { $allowedTopicList = COM_topicList('tid,topic', $story->EditElements('tid'), 1, true, 0); $allowedAltTopicList = '<option value="">' . $LANG33[44] . '</option>' . COM_topicList('tid,topic', $story->EditElements('alternate_tid'), 1, true, 0); } else { $allowedTopicList = COM_topicList('tid,topic', $story->EditElements('tid'), 1, true, 3); $allowedAltTopicList = '<option value="">' . $LANG33[44] . '</option>' . COM_topicList('tid,topic', $story->EditElements('alternate_tid'), 1, true, 3); } if ($allowedTopicList == '') { $display .= COM_showMessageText($LANG24[42], $LANG_ACCESS['accessdenied'], true); COM_accessLog("User {$_USER['username']} tried to illegally access story {$sid}. No allowed topics."); return $display; } $menu_arr = array(array('url' => $_CONF['site_admin_url'] . '/story.php', 'text' => $LANG_ADMIN['story_list']), array('url' => $_CONF['site_admin_url'] . '/moderation.php', 'text' => $LANG_ADMIN['submissions'])); if (SEC_inGroup('Root')) { $menu_arr[] = array('url' => $_CONF['site_admin_url'] . '/story.php?global=x', 'text' => 'Global Settings'); } $menu_arr[] = array('url' => $_CONF['site_admin_url'], 'text' => $LANG_ADMIN['admin_home']); require_once $_CONF['path_system'] . 'classes/navbar.class.php'; $story_templates->set_var('hour_mode', $_CONF['hour_mode']); if ($story->hasContent()) { $previewContent = STORY_renderArticle($story, 'p'); if ($previewContent != '') { $story_templates->set_var('preview_content', $previewContent); } } $navbar = new navbar(); if (!empty($previewContent)) { $navbar->add_menuitem($LANG24[79], 'showhideEditorDiv("preview",0);return false;', true); $navbar->add_menuitem($LANG24[80], 'showhideEditorDiv("editor",1);return false;', true); $navbar->add_menuitem($LANG24[81], 'showhideEditorDiv("publish",2);return false;', true); $navbar->add_menuitem($LANG24[82], 'showhideEditorDiv("images",3);return false;', true); $navbar->add_menuitem($LANG24[83], 'showhideEditorDiv("archive",4);return false;', true); $navbar->add_menuitem($LANG24[84], 'showhideEditorDiv("perms",5);return false;', true); $navbar->add_menuitem($LANG24[85], 'showhideEditorDiv("all",6);return false;', true); } else { $navbar->add_menuitem($LANG24[80], 'showhideEditorDiv("editor",0);return false;', true); $navbar->add_menuitem($LANG24[81], 'showhideEditorDiv("publish",1);return false;', true); $navbar->add_menuitem($LANG24[82], 'showhideEditorDiv("images",2);return false;', true); $navbar->add_menuitem($LANG24[83], 'showhideEditorDiv("archive",3);return false;', true); $navbar->add_menuitem($LANG24[84], 'showhideEditorDiv("perms",4);return false;', true); $navbar->add_menuitem($LANG24[85], 'showhideEditorDiv("all",5);return false;', true); } if ($action == 'preview') { $story_templates->set_var('show_preview', ''); $story_templates->set_var('show_htmleditor', 'none'); $story_templates->set_var('show_texteditor', 'none'); $story_templates->set_var('show_submitoptions', 'none'); $navbar->set_selected($LANG24[79]); } else { $navbar->set_selected($LANG24[80]); $story_templates->set_var('show_preview', 'none'); } $story_templates->set_var('navbar', $navbar->generate()); $story_templates->set_var('start_block', COM_startBlock($title, '', COM_getBlockTemplate('_admin_block', 'header'))); // start generating the story editor block $story_templates->set_var('block_start', COM_startBlock($title, '', COM_getBlockTemplate('_admin_block', 'header'))); $oldsid = $story->EditElements('originalSid'); if (!empty($oldsid)) { $delbutton = '<input type="submit" value="' . $LANG_ADMIN['delete'] . '" name="deletestory"%s/>'; $jsconfirm = ' onclick="return confirm(\'' . $MESSAGE[76] . '\');"'; $story_templates->set_var('delete_option', sprintf($delbutton, $jsconfirm)); $story_templates->set_var('delete_option_no_confirmation', sprintf($delbutton, '')); $story_templates->set_var('lang_delete_confirm', $MESSAGE[76]); } if ($submission || $story->type == 'submission') { $story_templates->set_var('submission_option', '<input type="hidden" name="type" value="submission"/>'); } $story_templates->set_var('admin_menu', ADMIN_createMenu($menu_arr, $LANG24[92], $_CONF['layout_url'] . '/images/icons/story.' . $_IMAGE_TYPE)); $story_templates->set_var('lang_author', $LANG24[7]); $storyauthor = COM_getDisplayName($story->EditElements('uid')); $storyauthor_select = COM_optionList($_TABLES['users'], 'uid,username', $story->EditElements('uid')); $story_templates->set_var('story_author', $storyauthor); $story_templates->set_var('story_author_select', $storyauthor_select); $story_templates->set_var('author', $storyauthor); $story_templates->set_var('story_uid', $story->EditElements('uid')); // user access info $story_templates->set_var('lang_accessrights', $LANG_ACCESS['accessrights']); $story_templates->set_var('lang_owner', $LANG_ACCESS['owner']); $ownername = COM_getDisplayName($story->EditElements('owner_id')); $story_templates->set_var('owner_username', DB_getItem($_TABLES['users'], 'username', 'uid = ' . (int) $story->EditElements('owner_id'))); $story_templates->set_var('owner_name', $ownername); $story_templates->set_var('owner', $ownername); $story_templates->set_var('owner_id', $story->EditElements('owner_id')); if (SEC_hasRights('story.edit')) { $story_templates->set_var('owner_dropdown', COM_buildOwnerList('owner_id', $story->EditElements('owner_id'))); } else { $ownerInfo = '<input type="hidden" name="owner_id" value="' . $story->editElements('owner_id') . '" />' . $ownername; $story_templates->set_var('owner_dropdown', $ownerInfo); } $story_templates->set_var('lang_group', $LANG_ACCESS['group']); if (SEC_inGroup($story->EditElements('group_id'))) { $story_templates->set_var('group_dropdown', SEC_getGroupDropdown($story->EditElements('group_id'), 3)); } else { $gdrpdown = '<input type="hidden" name="group_id" value="' . $story->EditElements('group_id') . '"/>'; $grpddown .= DB_getItem($_TABLES['groups'], 'grp_name', 'grp_id=' . (int) $story->EditElements('group_id')); $story_templates->set_var('group_dropdown', $grpddown); } $story_templates->set_var('lang_permissions', $LANG_ACCESS['permissions']); $story_templates->set_var('lang_perm_key', $LANG_ACCESS['permissionskey']); $story_templates->set_var('permissions_editor', SEC_getPermissionsHTML($story->EditElements('perm_owner'), $story->EditElements('perm_group'), $story->EditElements('perm_members'), $story->EditElements('perm_anon'))); $story_templates->set_var('permissions_msg', $LANG_ACCESS['permmsg']); $curtime = COM_getUserDateTimeFormat($story->EditElements('date')); $story_templates->set_var('lang_date', $LANG24[15]); $story_templates->set_var('publish_second', $story->EditElements('publish_second')); $publish_ampm = ''; $publish_hour = $story->EditElements('publish_hour'); if ($publish_hour >= 12) { if ($publish_hour > 12) { $publish_hour = $publish_hour - 12; } $ampm = 'pm'; } else { $ampm = 'am'; } $ampm_select = COM_getAmPmFormSelection('publish_ampm', $ampm); $story_templates->set_var('publishampm_selection', $ampm_select); $month_options = COM_getMonthFormOptions($story->EditElements('publish_month')); $story_templates->set_var('publish_month_options', $month_options); $day_options = COM_getDayFormOptions($story->EditElements('publish_day')); $story_templates->set_var('publish_day_options', $day_options); $year_options = COM_getYearFormOptions($story->EditElements('publish_year')); $story_templates->set_var('publish_year_options', $year_options); if ($_CONF['hour_mode'] == 24) { $hour_options = COM_getHourFormOptions($story->EditElements('publish_hour'), 24); } else { $hour_options = COM_getHourFormOptions($publish_hour); } $story_templates->set_var('publish_hour_options', $hour_options); $minute_options = COM_getMinuteFormOptions($story->EditElements('publish_minute')); $story_templates->set_var('publish_minute_options', $minute_options); $story_templates->set_var('publish_date_explanation', $LANG24[46]); $story_templates->set_var('story_unixstamp', $story->EditElements('unixdate')); $story_templates->set_var('expire_second', $story->EditElements('expire_second')); $expire_ampm = ''; $expire_hour = $story->EditElements('expire_hour'); if ($expire_hour >= 12) { if ($expire_hour > 12) { $expire_hour = $expire_hour - 12; } $ampm = 'pm'; } else { $ampm = 'am'; } $ampm_select = COM_getAmPmFormSelection('expire_ampm', $ampm); if (empty($ampm_select)) { // have a hidden field to 24 hour mode to prevent JavaScript errors $ampm_select = '<input type="hidden" name="expire_ampm" value=""/>'; } $story_templates->set_var('expireampm_selection', $ampm_select); $month_options = COM_getMonthFormOptions($story->EditElements('expire_month')); $story_templates->set_var('expire_month_options', $month_options); $day_options = COM_getDayFormOptions($story->EditElements('expire_day')); $story_templates->set_var('expire_day_options', $day_options); $year_options = COM_getYearFormOptions($story->EditElements('expire_year')); $story_templates->set_var('expire_year_options', $year_options); if ($_CONF['hour_mode'] == 24) { $hour_options = COM_getHourFormOptions($story->EditElements('expire_hour'), 24); } else { $hour_options = COM_getHourFormOptions($expire_hour); } $story_templates->set_var('expire_hour_options', $hour_options); $minute_options = COM_getMinuteFormOptions($story->EditElements('expire_minute')); $story_templates->set_var('expire_minute_options', $minute_options); $story_templates->set_var('expire_date_explanation', $LANG24[46]); $story_templates->set_var('story_unixstamp', $story->EditElements('expirestamp')); if ($story->EditElements('statuscode') == STORY_ARCHIVE_ON_EXPIRE) { $story_templates->set_var('is_checked2', 'checked="checked"'); $story_templates->set_var('is_checked3', 'checked="checked"'); $story_templates->set_var('showarchivedisabled', 'false'); } elseif ($story->EditElements('statuscode') == STORY_DELETE_ON_EXPIRE) { $story_templates->set_var('is_checked2', 'checked="checked"'); $story_templates->set_var('is_checked4', 'checked="checked"'); $story_templates->set_var('showarchivedisabled', 'false'); } else { $story_templates->set_var('showarchivedisabled', 'true'); } $story_templates->set_var('lang_archivetitle', $LANG24[58]); $story_templates->set_var('lang_option', $LANG24[59]); $story_templates->set_var('lang_enabled', $LANG_ADMIN['enabled']); $story_templates->set_var('lang_story_stats', $LANG24[87]); $story_templates->set_var('lang_optionarchive', $LANG24[61]); $story_templates->set_var('lang_optiondelete', $LANG24[62]); $story_templates->set_var('lang_title', $LANG_ADMIN['title']); $story_templates->set_var('story_title', $story->EditElements('title')); $story_templates->set_var('story_subtitle', $story->EditElements('subtitle')); $story_templates->set_var('lang_topic', $LANG_ADMIN['topic']); $story_templates->set_var('lang_alt_topic', $LANG_ADMIN['alt_topic']); $story_templates->set_var('topic_options', $allowedTopicList); $story_templates->set_var('alt_topic_options', $allowedAltTopicList); $story_templates->set_var('lang_show_topic_icon', $LANG24[56]); if ($story->EditElements('show_topic_icon') == 1) { $story_templates->set_var('show_topic_icon_checked', 'checked="checked"'); } else { $story_templates->set_var('show_topic_icon_checked', ''); } $story_templates->set_var('story_image_url', $story->EditElements('story_image')); $story_templates->set_var('lang_draft', $LANG24[34]); if ($story->EditElements('draft_flag')) { $story_templates->set_var('is_checked', 'checked="checked"'); $story_templates->set_var('unpublished_selected', 'selected="selected"'); } else { $story_templates->set_var('published_selected', 'selected="selected"'); } $story_templates->set_var('lang_mode', $LANG24[3]); $story_templates->set_var('status_options', COM_optionList($_TABLES['statuscodes'], 'code,name', $story->EditElements('statuscode'))); $story_templates->set_var('comment_options', COM_optionList($_TABLES['commentcodes'], 'code,name', $story->EditElements('commentcode'))); $story_templates->set_var('trackback_options', COM_optionList($_TABLES['trackbackcodes'], 'code,name', $story->EditElements('trackbackcode'))); // comment expire $story_templates->set_var('lang_cmt_disable', $LANG24[63]); if ($story->EditElements('cmt_close')) { $story_templates->set_var('is_checked5', 'checked="checked"'); //check box if enabled $story_templates->set_var('showcmtclosedisabled', 'false'); } else { $story_templates->set_var('showcmtclosedisabled', 'true'); } $month_options = COM_getMonthFormOptions($story->EditElements('cmt_close_month')); $story_templates->set_var('cmt_close_month_options', $month_options); $day_options = COM_getDayFormOptions($story->EditElements('cmt_close_day')); $story_templates->set_var('cmt_close_day_options', $day_options); $year_options = COM_getYearFormOptions($story->EditElements('cmt_close_year')); $story_templates->set_var('cmt_close_year_options', $year_options); $cmt_close_ampm = ''; $cmt_close_hour = $story->EditElements('cmt_close_hour'); //correct hour if ($cmt_close_hour >= 12) { if ($cmt_close_hour > 12) { $cmt_close_hour = $cmt_close_hour - 12; } $ampm = 'pm'; } else { $ampm = 'am'; } $ampm_select = COM_getAmPmFormSelection('cmt_close_ampm', $ampm); if (empty($ampm_select)) { // have a hidden field to 24 hour mode to prevent JavaScript errors $ampm_select = '<input type="hidden" name="cmt_close_ampm" value="" />'; } $story_templates->set_var('cmt_close_ampm_selection', $ampm_select); if ($_CONF['hour_mode'] == 24) { $hour_options = COM_getHourFormOptions($story->EditElements('cmt_close_hour'), 24); } else { $hour_options = COM_getHourFormOptions($cmt_close_hour); } $story_templates->set_var('cmt_close_hour_options', $hour_options); $minute_options = COM_getMinuteFormOptions($story->EditElements('cmt_close_minute')); $story_templates->set_var('cmt_close_minute_options', $minute_options); $story_templates->set_var('cmt_close_second', $story->EditElements('cmt_close_second')); if ($_CONF['onlyrootfeatures'] == 1 && SEC_inGroup('Root') or $_CONF['onlyrootfeatures'] !== 1) { $featured_options = "<select name=\"featured\">" . LB . COM_optionList($_TABLES['featurecodes'], 'code,name', $story->EditElements('featured')) . "</select>" . LB; $featured_options_data = COM_optionList($_TABLES['featurecodes'], 'code,name', $story->EditElements('featured')); $story_templates->set_var('featured_options_data', $featured_options_data); } else { $featured_options = "<input type=\"hidden\" name=\"featured\" value=\"0\"/>"; $story_templates->unset_var('featured_options_data'); } $story_templates->set_var('featured_options', $featured_options); $story_templates->set_var('frontpage_options', COM_optionList($_TABLES['frontpagecodes'], 'code,name', $story->EditElements('frontpage'))); $story_templates->set_var('story_introtext', $story->EditElements('introtext')); $story_templates->set_var('story_bodytext', $story->EditElements('bodytext')); $story_templates->set_var('lang_introtext', $LANG24[16]); $story_templates->set_var('lang_bodytext', $LANG24[17]); $story_templates->set_var('lang_postmode', $LANG24[4]); $story_templates->set_var('lang_publishoptions', $LANG24[76]); $story_templates->set_var('lang_publishdate', $LANG24[69]); $story_templates->set_var('lang_nojavascript', $LANG24[77]); $story_templates->set_var('postmode', $story->EditElements('postmode')); if ($story->EditElements('postmode') == 'plaintext' || $story->EditElements('postmode') == 'text') { $allowedHTML = ''; } else { $allowedHTML = COM_allowedHTML(SEC_getUserPermissions(), false, 'glfusion', 'story') . '<br/>'; } $allowedHTML .= COM_allowedAutotags(SEC_getUserPermissions(), false, 'glfusion', 'story'); $story_templates->set_var('lang_allowed_html', $allowedHTML); $fileinputs = ''; $saved_images = ''; if ($_CONF['maximagesperarticle'] > 0) { $story_templates->set_var('lang_images', $LANG24[47]); $icount = DB_count($_TABLES['article_images'], 'ai_sid', DB_escapeString($story->getSid())); if ($icount > 0) { $result_articles = DB_query("SELECT * FROM {$_TABLES['article_images']} WHERE ai_sid = '" . DB_escapeString($story->getSid()) . "'"); for ($z = 1; $z <= $icount; $z++) { $I = DB_fetchArray($result_articles); $saved_images .= $z . ') ' . COM_createLink($I['ai_filename'], $_CONF['site_url'] . '/images/articles/' . $I['ai_filename']) . ' ' . $LANG_ADMIN['delete'] . ': <input type="checkbox" name="delete[' . $I['ai_img_num'] . ']" /><br />'; } } $newallowed = $_CONF['maximagesperarticle'] - $icount; for ($z = $icount + 1; $z <= $_CONF['maximagesperarticle']; $z++) { $fileinputs .= $z . ') <input type="file" dir="ltr" name="file[]' . '" />'; if ($z < $_CONF['maximagesperarticle']) { $fileinputs .= '<br />'; } } $fileinputs .= '<br />' . $LANG24[51]; if ($_CONF['allow_user_scaling'] == 1) { $fileinputs .= $LANG24[27]; } $fileinputs .= $LANG24[28] . '<br />'; } $story_templates->set_var('saved_images', $saved_images); $story_templates->set_var('image_form_elements', $fileinputs); $story_templates->set_var('lang_hits', $LANG24[18]); $story_templates->set_var('story_hits', $story->EditElements('hits')); $story_templates->set_var('lang_comments', $LANG24[19]); $story_templates->set_var('story_comments', $story->EditElements('comments')); $story_templates->set_var('lang_trackbacks', $LANG24[29]); $story_templates->set_var('story_trackbacks', $story->EditElements('trackbacks')); $story_templates->set_var('lang_emails', $LANG24[39]); $story_templates->set_var('story_emails', $story->EditElements('numemails')); if ($_CONF['rating_enabled']) { $rating = @number_format($story->EditElements('rating'), 2); $votes = $story->EditElements('votes'); $story_templates->set_var('rating', $rating); $story_templates->set_var('votes', $votes); } $story_templates->set_var('attribution_url', $story->EditElements('attribution_url')); $story_templates->set_var('attribution_name', $story->EditElements('attribution_name')); $story_templates->set_var('attribution_author', $story->EditElements('attribution_author')); $story_templates->set_var('lang_attribution_url', $LANG24[105]); $story_templates->set_var('lang_attribution_name', $LANG24[106]); $story_templates->set_var('lang_attribution_author', $LANG24[107]); $story_templates->set_var('lang_attribution', $LANG24[108]); $sec_token_name = CSRF_TOKEN; $sec_token = SEC_createToken(); $story_templates->set_var('story_id', $story->getSid()); $story_templates->set_var('old_story_id', $story->EditElements('originalSid')); $story_templates->set_var('lang_sid', $LANG24[12]); $story_templates->set_var('lang_save', $saveoption); $story_templates->set_var('lang_preview', $LANG_ADMIN['preview']); $story_templates->set_var('lang_cancel', $LANG_ADMIN['cancel']); $story_templates->set_var('lang_delete', $LANG_ADMIN['delete']); $story_templates->set_var('lang_timeout', $LANG_ADMIN['timeout_msg']); $story_templates->set_var('gltoken_name', CSRF_TOKEN); $story_templates->set_var('gltoken', $sec_token); $story_templates->set_var('security_token', $sec_token); $story_templates->set_var('security_token_name', $sec_token_name); $story_templates->set_var('end_block', COM_endBlock(COM_getBlockTemplate('_admin_block', 'footer'))); PLG_templateSetVars('storyeditor', $story_templates); if ($story->EditElements('postmode') != 'html') { $story_templates->unset_var('wysiwyg'); } SEC_setCookie($_CONF['cookie_name'] . 'adveditor', SEC_createTokenGeneral('advancededitor'), time() + 1200, $_CONF['cookie_path'], $_CONF['cookiedomain'], $_CONF['cookiesecure'], false); $story_templates->parse('output', 'editor'); $display .= $story_templates->finish($story_templates->get_var('output')); return $display; }
/** * Merge User Accounts * * This validates the entered password and then merges a remote * account with a local account. * * @return string HTML merge form if error, redirect on success * */ function USER_mergeAccounts() { global $_CONF, $_SYSTEM, $_TABLES, $_USER, $LANG04, $LANG12, $LANG20; $retval = ''; $remoteUID = COM_applyFilter($_POST['remoteuid'], true); $localUID = COM_applyFilter($_POST['localuid'], true); $localpwd = $_POST['localp']; $localResult = DB_query("SELECT * FROM {$_TABLES['users']} WHERE uid=" . (int) $localUID); $localRow = DB_fetchArray($localResult); if (SEC_check_hash($localpwd, $localRow['passwd'])) { // password is valid $sql = "SELECT * FROM {$_TABLES['users']} WHERE remoteusername <> '' and email='" . DB_escapeString($localRow['email']) . "'"; $result = DB_query($sql); $numRows = DB_numRows($result); if ($numRows == 1) { $remoteRow = DB_fetchArray($result); if ($remoteUID == $remoteRow['uid']) { $remoteUID = (int) $remoteRow['uid']; $remoteService = substr($remoteRow['remoteservice'], 6); } else { echo COM_refresh($_CONF['site_url'] . '/index.php'); } } else { echo COM_refresh($_CONF['site_url'] . '/index.php'); } $sql = "UPDATE {$_TABLES['users']} SET remoteusername='******'remoteusername']) . "'," . "remoteservice='" . DB_escapeString($remoteRow['remoteservice']) . "', " . "account_type=3 " . " WHERE uid=" . (int) $localUID; DB_query($sql); $_USER['uid'] = $localRow['uid']; $local_login = true; SESS_completeLogin($localUID); $_GROUPS = SEC_getUserGroups($_USER['uid']); $_RIGHTS = explode(',', SEC_getUserPermissions()); if ($_SYSTEM['admin_session'] > 0 && $local_login) { if (SEC_isModerator() || SEC_hasRights('story.edit,block.edit,topic.edit,user.edit,plugin.edit,user.mail,syndication.edit', 'OR') || count(PLG_getAdminOptions()) > 0) { $admin_token = SEC_createTokenGeneral('administration', $_SYSTEM['admin_session']); SEC_setCookie('token', $admin_token, 0, $_CONF['cookie_path'], $_CONF['cookiedomain'], $_CONF['cookiesecure'], true); } } COM_resetSpeedlimit('login'); // log the user out SESS_endUserSession($remoteUID); // Let plugins know a user is being merged PLG_moveUser($remoteUID, $_USER['uid']); // Ok, now delete everything related to this user // let plugins update their data for this user PLG_deleteUser($remoteUID); if (function_exists('CUSTOM_userDeleteHook')) { CUSTOM_userDeleteHook($remoteUID); } // Call custom account profile delete function if enabled and exists if ($_CONF['custom_registration'] && function_exists('CUSTOM_userDelete')) { CUSTOM_userDelete($remoteUID); } // remove from all security groups DB_delete($_TABLES['group_assignments'], 'ug_uid', $remoteUID); // remove user information and preferences DB_delete($_TABLES['userprefs'], 'uid', $remoteUID); DB_delete($_TABLES['userindex'], 'uid', $remoteUID); DB_delete($_TABLES['usercomment'], 'uid', $remoteUID); DB_delete($_TABLES['userinfo'], 'uid', $remoteUID); // delete user photo, if enabled & exists if ($_CONF['allow_user_photo'] == 1) { $photo = DB_getItem($_TABLES['users'], 'photo', "uid = {$remoteUID}"); USER_deletePhoto($photo, false); } // delete subscriptions DB_delete($_TABLES['subscriptions'], 'uid', $remoteUID); // in case the user owned any objects that require Admin access, assign // them to the Root user with the lowest uid $rootgroup = DB_getItem($_TABLES['groups'], 'grp_id', "grp_name = 'Root'"); $result = DB_query("SELECT DISTINCT ug_uid FROM {$_TABLES['group_assignments']} WHERE ug_main_grp_id = '{$rootgroup}' ORDER BY ug_uid LIMIT 1"); $A = DB_fetchArray($result); $rootuser = $A['ug_uid']; if ($rootuser == '' || $rootuser < 2) { $rootuser = 2; } DB_query("UPDATE {$_TABLES['blocks']} SET owner_id = {$rootuser} WHERE owner_id = {$remoteUID}"); DB_query("UPDATE {$_TABLES['topics']} SET owner_id = {$rootuser} WHERE owner_id = {$remoteUID}"); // now delete the user itself DB_delete($_TABLES['users'], 'uid', $remoteUID); } else { // invalid password - let's try one more time // need to set speed limit and give them 3 tries COM_clearSpeedlimit($_CONF['login_speedlimit'], 'merge'); $last = COM_checkSpeedlimit('merge', 4); if ($last > 0) { COM_setMsg($LANG04[190], 'error'); echo COM_refresh($_CONF['site_url'] . '/users.php'); } else { COM_updateSpeedlimit('merge'); USER_mergeAccountScreen($remoteUID, $localUID, $LANG20[3]); } return $retval; } // can't use COM_setMsg here since the session is being destroyed. echo COM_refresh($_CONF['site_url'] . '/index.php?msg=522'); }