SESS_setSessionCookie($sessid, $_CONF['session_cookie_timeout'], $_CONF['cookie_session'], $_CONF['cookie_path'], $_CONF['cookiedomain'], $_CONF['cookiesecure']);
PLG_loginUser($_USER['uid']);
// Now that we handled session cookies, handle longterm cookie
if (!isset($_COOKIE[$_CONF['cookie_name']]) || !isset($_COOKIE['cookie_password'])) {
// Either their cookie expired or they are new
$cooktime = COM_getUserCookieTimeout();
if ($VERBOSE) {
COM_errorLog("Trying to set permanent cookie with time of {$cooktime}", 1);
}
if ($cooktime > 0) {
// They want their cookie to persist for some amount of time so set it now
if ($VERBOSE) {
COM_errorLog('Trying to set permanent cookie', 1);
}
SEC_setCookie($_CONF['cookie_name'], $_USER['uid'], time() + $cooktime);
SEC_setCookie($_CONF['cookie_password'], $_USER['passwd'], time() + $cooktime);
}
} else {
$userid = $_COOKIE[$_CONF['cookie_name']];
if (empty($userid) || $userid === 'deleted') {
unset($userid);
} else {
$userid = COM_applyFilter($userid, true);
if ($userid > 1) {
if ($VERBOSE) {
COM_errorLog('NOW trying to set permanent cookie', 1);
COM_errorLog('Got ' . $userid . ' from perm cookie in users.php', 1);
}
// Create new session
$userdata = SESS_getUserDataFromId($userid);
$_USER = $userdata;
//profile
//profile
case 'p':
require_once $_CONF['path_system'] . 'lib-user.php';
$display = COM_siteHeader('menu', $LANG_CLASSIFIEDS_1['profile']);
$display .= CLASSIFIEDS_user_menu();
function_exists('USER_showProfile') ? $display .= USER_showProfile($_GET['u'], true) : ($display .= CLASSIFIEDS_showProfile($_GET['u'], true));
$display .= COM_siteFooter(1);
break;
//Offert
//Offert
case 'o':
$_REQUEST['mode'] == 'o' ? SEC_setCookie('ads_type', 'o') : 0;
//Demand
//Demand
case 'd':
//Ads list
$_REQUEST['mode'] == 'd' ? SEC_setCookie('ads_type', 'd') : 0;
default:
$display = COM_siteHeader('menu', $LANG_CLASSIFIEDS_1['plugin_name']);
$display .= CLASSIFIEDS_user_menu();
if ($_CLASSIFIEDS_CONF['classifieds_main_header'] != '') {
$display .= '<div>' . PLG_replaceTags($_CLASSIFIEDS_CONF['classifieds_main_header']) . '</div>';
}
$display .= CLASSIFIEDS_displayAds(1);
if ($_CLASSIFIEDS_CONF['clasifieds_main_footer'] != '') {
$display .= '<div>' . PLG_replaceTags($_CLASSIFIEDS_CONF['classifieds_main_footer']) . '</div>';
}
$display .= COM_siteFooter(1);
}
COM_output($display);
$status = '';
}
$display = '';
if ($status == USER_ACCOUNT_ACTIVE) {
DB_change($_TABLES['users'], 'pwrequestid', "NULL", 'uid', $uid);
$_USER = SESS_getUserDataFromId($uid);
$sessid = SESS_newSession($_USER['uid'], $_SERVER['REMOTE_ADDR'], $_CONF['session_cookie_timeout'], $_CONF['cookie_ip']);
SESS_setSessionCookie($sessid, $_CONF['session_cookie_timeout'], $_CONF['cookie_session'], $_CONF['cookie_path'], $_CONF['cookiedomain'], $_CONF['cookiesecure']);
PLG_loginUser($_USER['uid']);
// Now that we handled session cookies, handle longterm cookie
if (!isset($_COOKIE[$_CONF['cookie_name']])) {
// Either their cookie expired or they are new
$cooktime = COM_getUserCookieTimeout();
if (!empty($cooktime)) {
// They want their cookie to persist for some amount of time so set it now
SEC_setCookie($_CONF['cookie_name'], $_USER['uid'], time() + $cooktime);
}
}
if (!SEC_hasRights('story.edit,block.edit,topic.edit,user.edit,plugin.edit,syndication.edit', 'OR')) {
COM_redirect($_CONF['site_admin_url'] . '/index.php');
} else {
COM_redirect($_CONF['site_url'] . '/index.php');
}
} elseif (!SEC_hasRights('story.edit,block.edit,topic.edit,user.edit,plugin.edit,user.mail,syndication.edit', 'OR') && count(PLG_getAdminOptions()) == 0 && !SEC_hasConfigAccess()) {
COM_updateSpeedlimit('login');
$display .= COM_startBlock($LANG20[1]);
if (!$_CONF['user_login_method']['standard']) {
$display .= '<p>' . $LANG_LOGIN[2] . '</p>';
} else {
if (isset($_POST['warn'])) {
$display .= $LANG20[2] . '<br' . XHTML . '><br' . XHTML . '>' . COM_accessLog($LANG20[3] . ' ' . $_POST['loginname']);
/**
* Saves user's preferences back to the database
*
* @A array User's data to save
*
*/
function savepreferences($A)
{
global $_CONF, $_TABLES, $_USER;
if (isset($A['noicons']) && $A['noicons'] == 'on') {
$A['noicons'] = 1;
} else {
$A['noicons'] = 0;
}
if (isset($A['willing']) && $A['willing'] == 'on') {
$A['willing'] = 1;
} else {
$A['willing'] = 0;
}
if (isset($A['noboxes']) && $A['noboxes'] == 'on') {
$A['noboxes'] = 1;
} else {
$A['noboxes'] = 0;
}
if (isset($A['emailfromadmin']) && $A['emailfromadmin'] == 'on') {
$A['emailfromadmin'] = 1;
} else {
$A['emailfromadmin'] = 0;
}
if (isset($A['emailfromuser']) && $A['emailfromuser'] == 'on') {
$A['emailfromuser'] = 1;
} else {
$A['emailfromuser'] = 0;
}
if (isset($A['showonline']) && $A['showonline'] == 'on') {
$A['showonline'] = 1;
} else {
$A['showonline'] = 0;
}
$A['maxstories'] = COM_applyFilter($A['maxstories'], true);
if (empty($A['maxstories'])) {
$A['maxstories'] = 0;
} else {
if ($A['maxstories'] > 0) {
if ($A['maxstories'] < $_CONF['minnews']) {
$A['maxstories'] = $_CONF['minnews'];
}
}
}
$TIDS = @array_values($A['topics']);
$AIDS = @array_values($A['selauthors']);
$BOXES = @array_values($A['blocks']);
$ETIDS = @array_values($A['dgtopics']);
$allowed_etids = USER_buildTopicList();
$AETIDS = explode(' ', $allowed_etids);
$tids = '';
if (sizeof($TIDS) > 0) {
$tids = DB_escapeString(implode(' ', array_intersect($AETIDS, $TIDS)));
}
$aids = '';
if (sizeof($AIDS) > 0) {
foreach ($AIDS as $key => $val) {
$AIDS[$key] = intval($val);
}
$aids = DB_escapeString(implode(' ', $AIDS));
}
$selectedblocks = '';
$selectedBoxes = array();
if (count($BOXES) > 0) {
foreach ($BOXES as $key => $val) {
$BOXES[$key] = intval($val);
}
$boxes = DB_escapeString(implode(',', $BOXES));
$blockresult = DB_query("SELECT bid,name FROM {$_TABLES['blocks']} WHERE bid NOT IN ({$boxes})");
$numRows = DB_numRows($blockresult);
for ($x = 1; $x <= $numRows; $x++) {
$row = DB_fetchArray($blockresult);
if ($row['name'] != 'user_block' and $row['name'] != 'admin_block' and $row['name'] != 'section_block') {
$selectedblocks .= $row['bid'];
if ($x != $numRows) {
$selectedblocks .= ' ';
}
}
}
}
$etids = '';
if (sizeof($ETIDS) > 0) {
$etids = DB_escapeString(implode(' ', array_intersect($AETIDS, $ETIDS)));
}
if (isset($A['tzid'])) {
$A['tzid'] = COM_applyFilter($A['tzid']);
} else {
$A['tzid'] = '';
}
if (isset($A['theme'])) {
$A['theme'] = COM_applyFilter($A['theme']);
}
if (empty($A['theme'])) {
$A['theme'] = $_CONF['theme'];
}
if (isset($A['language'])) {
$A['language'] = COM_applyFilter($A['language']);
}
if (empty($A['language'])) {
$A['language'] = $_CONF['language'];
}
if (isset($A['search_result_format'])) {
$A['search_result_format'] = COM_applyFilter($A['search_result_format']);
} else {
$A['search_result_format'] = 'google';
}
// Save theme, when doing so, put in cookie so we can set the user's theme
// even when they aren't logged in
$theme = DB_escapeString($A['theme']);
$language = DB_escapeString($A['language']);
DB_query("UPDATE {$_TABLES['users']} SET theme='{$theme}',language='{$language}' WHERE uid = {$_USER['uid']}");
SEC_setCookie($_CONF['cookie_theme'], $A['theme'], time() + 31536000, $_CONF['cookie_path'], $_CONF['cookiedomain'], $_CONF['cookiesecure'], false);
SEC_setCookie($_CONF['cookie_language'], $A['language'], time() + 31536000, $_CONF['cookie_path'], $_CONF['cookiedomain'], $_CONF['cookiesecure'], false);
SEC_setCookie($_CONF['cookie_tzid'], $A['tzid'], time() + 31536000, $_CONF['cookie_path'], $_CONF['cookiedomain'], $_CONF['cookiesecure'], false);
$A['dfid'] = (int) COM_applyFilter($A['dfid'], true);
DB_query("UPDATE {$_TABLES['userprefs']} SET search_result_format='" . DB_escapeString($A['search_result_format']) . "',noicons=" . (int) $A['noicons'] . ", willing=" . (int) $A['willing'] . ", dfid=" . (int) $A['dfid'] . ", tzid='" . DB_escapeString($A['tzid']) . "', emailfromadmin='" . DB_escapeString($A['emailfromadmin']) . "', emailfromuser="******", showonline=" . (int) $A['showonline'] . " WHERE uid=" . (int) $_USER['uid']);
if (empty($etids)) {
$etids = '-';
}
DB_save($_TABLES['userindex'], "uid,tids,aids,boxes,noboxes,maxstories,etids", "{$_USER['uid']},'{$tids}','{$aids}','{$selectedblocks}'," . (int) $A['noboxes'] . "," . (int) $A['maxstories'] . ",'{$etids}'");
$A['commentmode'] = COM_applyFilter($A['commentmode']);
if (empty($A['commentmode'])) {
$A['commentmode'] = $_CONF['comment_mode'];
}
$A['commentmode'] = DB_escapeString($A['commentmode']);
$A['commentorder'] = COM_applyFilter($A['commentorder']);
$A['commentorder'] = strtoupper($A['commentorder']) == 'DESC' ? 'DESC' : 'ASC';
$A['commentorder'] = DB_escapeString($A['commentorder']);
$A['commentlimit'] = COM_applyFilter($A['commentlimit'], true);
if ($A['commentlimit'] <= 0) {
$A['commentlimit'] = $_CONF['comment_limit'];
}
DB_save($_TABLES['usercomment'], 'uid,commentmode,commentorder,commentlimit', "{$_USER['uid']},'{$A['commentmode']}','{$A['commentorder']}'," . (int) $A['commentlimit']);
$subscription_deletes = @array_values($A['subdelete']);
if (is_array($subscription_deletes)) {
foreach ($subscription_deletes as $subid) {
DB_delete($_TABLES['subscriptions'], 'sub_id', (int) $subid);
}
}
PLG_userInfoChanged($_USER['uid']);
}
/**
* Saves the user's information back to the database
*
* @param array $A User's data
* @return string HTML error message or meta redirect
*
*/
function saveuser($A)
{
global $_CONF, $_TABLES, $_USER, $LANG04, $LANG24, $_US_VERBOSE;
if ($_US_VERBOSE) {
COM_errorLog('**** Inside saveuser in usersettings.php ****', 1);
}
$reqid = DB_getItem($_TABLES['users'], 'pwrequestid', "uid = {$_USER['uid']}");
if ($reqid != $A['uid']) {
DB_change($_TABLES['users'], 'pwrequestid', "NULL", 'uid', $_USER['uid']);
COM_accessLog("An attempt was made to illegally change the account information of user {$_USER['uid']}.");
return COM_refresh($_CONF['site_url'] . '/index.php');
}
if (!isset($A['cooktime'])) {
// If not set or possibly removed from template - set to default
$A['cooktime'] = $_CONF['default_perm_cookie_timeout'];
} else {
$A['cooktime'] = COM_applyFilter($A['cooktime'], true);
}
// If empty or invalid - set to user default
// So code after this does not fail the user password required test
if ($A['cooktime'] < 0) {
// note that == 0 is allowed!
$A['cooktime'] = $_USER['cookietimeout'];
}
// to change the password, email address, or cookie timeout,
// we need the user's current password
$current_password = DB_getItem($_TABLES['users'], 'passwd', "uid = {$_USER['uid']}");
if (!empty($A['passwd']) || $A['email'] != $_USER['email'] || $A['cooktime'] != $_USER['cookietimeout']) {
if (empty($A['old_passwd']) || SEC_encryptPassword($A['old_passwd']) != $current_password) {
return COM_refresh($_CONF['site_url'] . '/usersettings.php?msg=83');
} elseif ($_CONF['custom_registration'] && function_exists('CUSTOM_userCheck')) {
$ret = CUSTOM_userCheck($A['username'], $A['email']);
if (!empty($ret)) {
// Need a numeric return for the default message handler
// - if not numeric use default message
if (!is_numeric($ret['number'])) {
$ret['number'] = 400;
}
return COM_refresh("{$_CONF['site_url']}/usersettings.php?msg={$ret['number']}");
}
}
} elseif ($_CONF['custom_registration'] && function_exists('CUSTOM_userCheck')) {
$ret = CUSTOM_userCheck($A['username'], $A['email']);
if (!empty($ret)) {
// Need a numeric return for the default message handler
// - if not numeric use default message
if (!is_numeric($ret['number'])) {
$ret['number'] = 400;
}
return COM_refresh("{$_CONF['site_url']}/usersettings.php?msg={$ret['number']}");
}
}
// no need to filter the password as it's encoded anyway
if ($_CONF['allow_username_change'] == 1) {
$A['new_username'] = COM_applyFilter($A['new_username']);
if (!empty($A['new_username']) && $A['new_username'] != $_USER['username']) {
$A['new_username'] = addslashes($A['new_username']);
if (DB_count($_TABLES['users'], 'username', $A['new_username']) == 0) {
if ($_CONF['allow_user_photo'] == 1) {
$photo = DB_getItem($_TABLES['users'], 'photo', "uid = {$_USER['uid']}");
if (!empty($photo)) {
$newphoto = preg_replace('/' . $_USER['username'] . '/', $A['new_username'], $photo, 1);
$imgpath = $_CONF['path_images'] . 'userphotos/';
if (rename($imgpath . $photo, $imgpath . $newphoto) === false) {
$display = COM_siteHeader('menu', $LANG04[21]);
$display .= COM_errorLog('Could not rename userphoto "' . $photo . '" to "' . $newphoto . '".');
$display .= COM_siteFooter();
return $display;
}
DB_change($_TABLES['users'], 'photo', addslashes($newphoto), "uid", $_USER['uid']);
}
}
DB_change($_TABLES['users'], 'username', $A['new_username'], "uid", $_USER['uid']);
} else {
return COM_refresh($_CONF['site_url'] . '/usersettings.php?msg=51');
}
}
}
// a quick spam check with the unfiltered field contents
$profile = '<h1>' . $LANG04[1] . ' ' . $_USER['username'] . '</h1>' . '<p>' . COM_createLink($A['homepage'], $A['homepage']) . '<br' . XHTML . '>' . $A['location'] . '<br' . XHTML . '>' . $A['sig'] . '<br' . XHTML . '>' . $A['about'] . '<br' . XHTML . '>' . $A['pgpkey'] . '</p>';
$result = PLG_checkforSpam($profile, $_CONF['spamx']);
if ($result > 0) {
COM_displayMessageAndAbort($result, 'spamx', 403, 'Forbidden');
}
$A['email'] = COM_applyFilter($A['email']);
$A['email_conf'] = COM_applyFilter($A['email_conf']);
$A['homepage'] = COM_applyFilter($A['homepage']);
// basic filtering only
$A['fullname'] = strip_tags(COM_stripslashes($A['fullname']));
$A['location'] = strip_tags(COM_stripslashes($A['location']));
$A['sig'] = strip_tags(COM_stripslashes($A['sig']));
$A['about'] = strip_tags(COM_stripslashes($A['about']));
$A['pgpkey'] = strip_tags(COM_stripslashes($A['pgpkey']));
if (!COM_isEmail($A['email'])) {
return COM_refresh($_CONF['site_url'] . '/usersettings.php?msg=52');
} else {
if ($A['email'] !== $A['email_conf']) {
return COM_refresh($_CONF['site_url'] . '/usersettings.php?msg=78');
} else {
if (emailAddressExists($A['email'], $_USER['uid'])) {
return COM_refresh($_CONF['site_url'] . '/usersettings.php?msg=56');
} else {
if (!empty($A['passwd'])) {
if ($A['passwd'] == $A['passwd_conf'] && SEC_encryptPassword($A['old_passwd']) == $current_password) {
$passwd = SEC_encryptPassword($A['passwd']);
DB_change($_TABLES['users'], 'passwd', "{$passwd}", "uid", $_USER['uid']);
if ($A['cooktime'] > 0) {
$cooktime = $A['cooktime'];
} else {
$cooktime = -1000;
}
SEC_setCookie($_CONF['cookie_password'], $passwd, time() + $cooktime);
} elseif (SEC_encryptPassword($A['old_passwd']) != $current_password) {
return COM_refresh($_CONF['site_url'] . '/usersettings.php?msg=68');
} elseif ($A['passwd'] != $A['passwd_conf']) {
return COM_refresh($_CONF['site_url'] . '/usersettings.php?msg=67');
}
}
if ($_US_VERBOSE) {
COM_errorLog('cooktime = ' . $A['cooktime'], 1);
}
if ($A['cooktime'] <= 0) {
$cooktime = 1000;
SEC_setCookie($_CONF['cookie_name'], $_USER['uid'], time() - $cooktime);
} else {
SEC_setCookie($_CONF['cookie_name'], $_USER['uid'], time() + $A['cooktime']);
}
if ($_CONF['allow_user_photo'] == 1) {
$delete_photo = '';
if (isset($A['delete_photo'])) {
$delete_photo = $A['delete_photo'];
}
$filename = handlePhotoUpload($delete_photo);
}
if (!empty($A['homepage'])) {
$pos = MBYTE_strpos($A['homepage'], ':');
if ($pos === false) {
$A['homepage'] = 'http://' . $A['homepage'];
} else {
$prot = substr($A['homepage'], 0, $pos + 1);
if ($prot != 'http:' && $prot != 'https:') {
$A['homepage'] = 'http:' . substr($A['homepage'], $pos + 1);
}
}
$A['homepage'] = addslashes($A['homepage']);
}
$A['fullname'] = addslashes($A['fullname']);
$A['email'] = addslashes($A['email']);
$A['location'] = addslashes($A['location']);
$A['sig'] = addslashes($A['sig']);
$A['about'] = addslashes($A['about']);
$A['pgpkey'] = addslashes($A['pgpkey']);
if (!empty($filename)) {
if (!file_exists($_CONF['path_images'] . 'userphotos/' . $filename)) {
$filename = '';
}
}
DB_query("UPDATE {$_TABLES['users']} SET fullname='{$A['fullname']}',email='{$A['email']}',homepage='{$A['homepage']}',sig='{$A['sig']}',cookietimeout={$A['cooktime']},photo='{$filename}' WHERE uid={$_USER['uid']}");
DB_query("UPDATE {$_TABLES['userinfo']} SET pgpkey='{$A['pgpkey']}',about='{$A['about']}',location='{$A['location']}' WHERE uid={$_USER['uid']}");
// Call custom registration save function if enabled and exists
if ($_CONF['custom_registration'] and function_exists('CUSTOM_userSave')) {
CUSTOM_userSave($_USER['uid']);
}
PLG_userInfoChanged($_USER['uid']);
if ($_US_VERBOSE) {
COM_errorLog('**** Leaving saveuser in usersettings.php ****', 1);
}
return COM_refresh($_CONF['site_url'] . '/users.php?mode=profile&uid=' . $_USER['uid'] . '&msg=5');
}
}
}
}
<?php
/* Reminder: always indent with 4 spaces (no tabs). */
//admin/plugins/databox/job/makecache.php
//権限チェックはしていません
//当プログラムを置くディレクトリは、BASIC認証を付加することを推奨します
//デバック用 true にすると、ログを出力します
$_CACHE_VERBOSE = false;
//↓ディレクトリ位置が変わる場合は修正してください
include '../../../../lib-common.php';
//静的ページキャッシュファイル作成
require_once $_CONF['path'] . 'plugins/databox/fnc_databoxcache.inc';
//強制的にログアウトする
if (!empty($_USER['uid']) and $_USER['uid'] > 1) {
SESS_endUserSession($_USER['uid']);
PLG_logoutUser($_USER['uid']);
}
SEC_setCookie($_CONF['cookie_session'], '', time() - 10000);
SEC_setCookie($_CONF['cookie_password'], '', time() - 10000);
SEC_setCookie($_CONF['cookie_name'], '', time() - 10000);
//★fnc_putcache("data" ,"データのcode" ,"テンプレートディレクトリ");
// データ(ヘッダフッタなし)
//★fnc_putcache("category" ,"カテゴリのcode" ,"テンプレートディレクトリ");
// カテゴリ(ヘッダフッタなし)
//★fnc_putcache("datapage" ,"データのcode" ,"テンプレートディレクトリ");
// データページ(ヘッダフッタは、設定による)
//★fnc_putcache("categorypage" ,"カテゴリのcode" ,"テンプレートディレクトリ");
// カテゴリページ(ヘッダフッタは、設定による)
fnc_databoxcache("category", "xxxx1");
//ホームに遷移
echo COM_refresh($_CONF['site_url'] . '/index.php');
SESS_setSessionCookie($sessid, $_CONF['session_cookie_timeout'], $_CONF['cookie_session'], $_CONF['cookie_path'], $_CONF['cookiedomain'], $_CONF['cookiesecure']);
PLG_loginUser($_USER['uid']);
// Now that we handled session cookies, handle longterm cookie
if (!isset($_COOKIE[$_CONF['cookie_name']]) || !isset($_COOKIE['password'])) {
// Either their cookie expired or they are new
$cooktime = COM_getUserCookieTimeout();
if ($VERBOSE) {
COM_errorLog("Trying to set permanent cookie with time of {$cooktime}", 1);
}
if ($cooktime > 0) {
// They want their cookie to persist for some amount of time so set it now
if ($VERBOSE) {
COM_errorLog('Trying to set permanent cookie', 1);
}
SEC_setCookie($_CONF['cookie_name'], $_USER['uid'], time() + $cooktime);
SEC_setCookie($_CONF['cookie_password'], SEC_encryptPassword($passwd), time() + $cooktime);
}
} else {
$userid = $_COOKIE[$_CONF['cookie_name']];
if (empty($userid) || $userid == 'deleted') {
unset($userid);
} else {
$userid = COM_applyFilter($userid, true);
if ($userid > 1) {
if ($VERBOSE) {
COM_errorLog('NOW trying to set permanent cookie', 1);
COM_errorLog('Got ' . $userid . ' from perm cookie in users.php', 1);
}
// Create new session
$userdata = SESS_getUserDataFromId($userid);
$_USER = $userdata;
public function sreq_userinfo_response($query)
{
$userinfo = array();
// COM_errorLog("BASE:sreq_userinfo_response()------------------");
try {
$this->token = $_COOKIE['request_token'];
$this->token_secret = $_COOKIE['request_token_secret'];
$verifier = $query[$this->callback_query_string];
// clear cookies
SEC_setCookie($_COOKIE['request_token'], '', time() - 10000);
SEC_setCookie($_COOKIE['request_token_secret'], '', time() - 10000);
$this->consumer = new HTTP_OAuth_Consumer($this->consumer_key, $this->consumer_secret, $this->token, $this->token_secret);
$this->consumer->accept($this->request);
$this->consumer->getAccessToken($this->url_accessToken, $verifier, array(), $this->method_accessToken);
$this->token = $this->consumer->getToken();
$this->token_secret = $this->consumer->getTokenSecret();
$this->consumer->setToken($this->token);
$this->consumer->setTokenSecret($this->token_secret);
$response = $this->consumer->sendRequest($this->url_userinfo, array(), $this->method_userinfo);
if ($response->getStatus() !== 200) {
$this->errormsg = $response->getStatus() . ' : ' . $response->getBody();
} else {
$userinfo = simplexml_load_string($response->getBody());
}
} catch (HTTP_OAuth_Consumer_Exception_Invalid_Response $e) {
$this->errormsg = get_class($e) . ': ' . $e->getBody();
} catch (Exception $e) {
$this->errormsg = get_class($e) . ': ' . $e->getMessage();
}
return $userinfo;
}
$getdata = urldecode($_POST['token_getdata']);
}
$filedata = '';
if (isset($_POST['token_filedata'])) {
$filedata = urldecode($_POST['token_filedata']);
}
$display = COM_siteHeader('menu');
$display .= SEC_reauthform($destination, $LANG20[9], $method, $postdata, $getdata, $filedata);
$display .= COM_siteFooter();
echo $display;
exit;
}
COM_resetSpeedlimit('login', $_SERVER['REMOTE_ADDR']);
if ($_SYSTEM['admin_session'] != 0) {
$token = SEC_createTokenGeneral('administration', $_SYSTEM['admin_session']);
SEC_setCookie('token', $token, 0, $_CONF['cookie_path'], $_CONF['cookiedomain'], $_CONF['cookiesecure'], true);
}
if ($currentUID != $_USER['uid']) {
// remove tokens for previous user
if ($currentUID > 1) {
DB_delete($_TABLES['tokens'], 'owner_id', (int) $currentUID);
}
echo COM_refresh($destination);
exit;
}
$method = '';
if (isset($_POST['token_requestmethod'])) {
$method = COM_applyFilter($_POST['token_requestmethod']);
}
$postdata = '';
if (isset($_POST['token_postdata'])) {
/**
* Shows story editor
*
* Displays the story entry form
*
* @param string $sid ID of story to edit
* @param string $action 'preview', 'edit', 'moderate', 'draft'
* @param string $errormsg a message to display on top of the page
* @param string $currenttopic topic selection for drop-down menu
* @return string HTML for story editor
*
*/
function STORY_edit($sid = '', $action = '', $errormsg = '', $currenttopic = '')
{
global $_CONF, $_GROUPS, $_TABLES, $_USER, $LANG24, $LANG33, $LANG_ACCESS, $LANG_ADMIN, $MESSAGE, $_IMAGE_TYPE;
USES_lib_admin();
$display = '';
switch ($action) {
case 'clone':
case 'edit':
case 'preview':
case 'error':
$title = $LANG24[5];
$saveoption = $LANG_ADMIN['save'];
$submission = false;
break;
case 'moderate':
$title = $LANG24[90];
$saveoption = $LANG_ADMIN['moderate'];
$submission = true;
break;
case 'draft':
$title = $LANG24[91];
$saveoption = $LANG_ADMIN['save'];
$submission = true;
$action = 'edit';
break;
default:
$title = $LANG24[5];
$saveoption = $LANG_ADMIN['save'];
$submission = false;
$action = 'edit';
break;
}
// Load HTML templates
$story_templates = new Template($_CONF['path_layout'] . 'admin/story');
$story_templates->set_file(array('editor' => 'storyeditor.thtml'));
if (!isset($_CONF['hour_mode'])) {
$_CONF['hour_mode'] = 12;
}
if (!empty($errormsg)) {
$display .= COM_showMessageText($errormsg, $LANG24[25], true);
}
if (!empty($currenttopic)) {
$allowed = DB_getItem($_TABLES['topics'], 'tid', "tid = '" . DB_escapeString($currenttopic) . "'" . COM_getTopicSql('AND'));
if ($allowed != $currenttopic) {
$currenttopic = '';
}
}
$story = new Story();
if ($action == 'preview' || $action == 'error') {
while (list($key, $value) = each($_POST)) {
if (!is_array($value)) {
$_POST[$key] = $value;
} else {
while (list($subkey, $subvalue) = each($value)) {
$value[$subkey] = $subvalue;
}
}
}
$result = $story->loadFromArgsArray($_POST);
} else {
$result = $story->loadFromDatabase($sid, $action);
}
if ($result == STORY_PERMISSION_DENIED || $result == STORY_NO_ACCESS_PARAMS) {
$display .= COM_showMessageText($LANG24[42], $LANG_ACCESS['accessdenied'], true);
COM_accessLog("User {$_USER['username']} tried to access story {$sid}. - STORY_PERMISSION_DENIED or STORY_NO_ACCESS_PARAMS - " . $result);
return $display;
} elseif ($result == STORY_EDIT_DENIED || $result == STORY_EXISTING_NO_EDIT_PERMISSION) {
$display .= COM_showMessageText($LANG24[41], $LANG_ACCESS['accessdenied'], true);
$display .= STORY_renderArticle($story, 'p');
COM_accessLog("User {$_USER['username']} tried to illegally edit story {$sid}. - STORY_EDIT_DENIED or STORY_EXISTING_NO_EDIT_PERMISSION");
return $display;
} elseif ($result == STORY_INVALID_SID) {
if ($action == 'moderate') {
// that submission doesn't seem to be there any more (may have been
// handled by another Admin) - take us back to the moderation page
echo COM_refresh($_CONF['site_admin_url'] . '/moderation.php');
} else {
echo COM_refresh($_CONF['site_admin_url'] . '/story.php');
}
} elseif ($result == STORY_DUPLICATE_SID) {
$story_templates->set_var('error_message', $LANG24[24]);
} elseif ($result == STORY_EMPTY_REQUIRED_FIELDS) {
$story_templates->set_var('error_message', $LANG24[31]);
}
if (empty($currenttopic) && $story->EditElements('tid') == '') {
$story->setTid(DB_getItem($_TABLES['topics'], 'tid', 'is_default = 1' . COM_getPermSQL('AND')));
} else {
if ($story->EditElements('tid') == '') {
$story->setTid($currenttopic);
}
}
if (SEC_hasRights('story.edit')) {
$allowedTopicList = COM_topicList('tid,topic', $story->EditElements('tid'), 1, true, 0);
$allowedAltTopicList = '<option value="">' . $LANG33[44] . '</option>' . COM_topicList('tid,topic', $story->EditElements('alternate_tid'), 1, true, 0);
} else {
$allowedTopicList = COM_topicList('tid,topic', $story->EditElements('tid'), 1, true, 3);
$allowedAltTopicList = '<option value="">' . $LANG33[44] . '</option>' . COM_topicList('tid,topic', $story->EditElements('alternate_tid'), 1, true, 3);
}
if ($allowedTopicList == '') {
$display .= COM_showMessageText($LANG24[42], $LANG_ACCESS['accessdenied'], true);
COM_accessLog("User {$_USER['username']} tried to illegally access story {$sid}. No allowed topics.");
return $display;
}
$menu_arr = array(array('url' => $_CONF['site_admin_url'] . '/story.php', 'text' => $LANG_ADMIN['story_list']), array('url' => $_CONF['site_admin_url'] . '/moderation.php', 'text' => $LANG_ADMIN['submissions']));
if (SEC_inGroup('Root')) {
$menu_arr[] = array('url' => $_CONF['site_admin_url'] . '/story.php?global=x', 'text' => 'Global Settings');
}
$menu_arr[] = array('url' => $_CONF['site_admin_url'], 'text' => $LANG_ADMIN['admin_home']);
require_once $_CONF['path_system'] . 'classes/navbar.class.php';
$story_templates->set_var('hour_mode', $_CONF['hour_mode']);
if ($story->hasContent()) {
$previewContent = STORY_renderArticle($story, 'p');
if ($previewContent != '') {
$story_templates->set_var('preview_content', $previewContent);
}
}
$navbar = new navbar();
if (!empty($previewContent)) {
$navbar->add_menuitem($LANG24[79], 'showhideEditorDiv("preview",0);return false;', true);
$navbar->add_menuitem($LANG24[80], 'showhideEditorDiv("editor",1);return false;', true);
$navbar->add_menuitem($LANG24[81], 'showhideEditorDiv("publish",2);return false;', true);
$navbar->add_menuitem($LANG24[82], 'showhideEditorDiv("images",3);return false;', true);
$navbar->add_menuitem($LANG24[83], 'showhideEditorDiv("archive",4);return false;', true);
$navbar->add_menuitem($LANG24[84], 'showhideEditorDiv("perms",5);return false;', true);
$navbar->add_menuitem($LANG24[85], 'showhideEditorDiv("all",6);return false;', true);
} else {
$navbar->add_menuitem($LANG24[80], 'showhideEditorDiv("editor",0);return false;', true);
$navbar->add_menuitem($LANG24[81], 'showhideEditorDiv("publish",1);return false;', true);
$navbar->add_menuitem($LANG24[82], 'showhideEditorDiv("images",2);return false;', true);
$navbar->add_menuitem($LANG24[83], 'showhideEditorDiv("archive",3);return false;', true);
$navbar->add_menuitem($LANG24[84], 'showhideEditorDiv("perms",4);return false;', true);
$navbar->add_menuitem($LANG24[85], 'showhideEditorDiv("all",5);return false;', true);
}
if ($action == 'preview') {
$story_templates->set_var('show_preview', '');
$story_templates->set_var('show_htmleditor', 'none');
$story_templates->set_var('show_texteditor', 'none');
$story_templates->set_var('show_submitoptions', 'none');
$navbar->set_selected($LANG24[79]);
} else {
$navbar->set_selected($LANG24[80]);
$story_templates->set_var('show_preview', 'none');
}
$story_templates->set_var('navbar', $navbar->generate());
$story_templates->set_var('start_block', COM_startBlock($title, '', COM_getBlockTemplate('_admin_block', 'header')));
// start generating the story editor block
$story_templates->set_var('block_start', COM_startBlock($title, '', COM_getBlockTemplate('_admin_block', 'header')));
$oldsid = $story->EditElements('originalSid');
if (!empty($oldsid)) {
$delbutton = '<input type="submit" value="' . $LANG_ADMIN['delete'] . '" name="deletestory"%s/>';
$jsconfirm = ' onclick="return confirm(\'' . $MESSAGE[76] . '\');"';
$story_templates->set_var('delete_option', sprintf($delbutton, $jsconfirm));
$story_templates->set_var('delete_option_no_confirmation', sprintf($delbutton, ''));
$story_templates->set_var('lang_delete_confirm', $MESSAGE[76]);
}
if ($submission || $story->type == 'submission') {
$story_templates->set_var('submission_option', '<input type="hidden" name="type" value="submission"/>');
}
$story_templates->set_var('admin_menu', ADMIN_createMenu($menu_arr, $LANG24[92], $_CONF['layout_url'] . '/images/icons/story.' . $_IMAGE_TYPE));
$story_templates->set_var('lang_author', $LANG24[7]);
$storyauthor = COM_getDisplayName($story->EditElements('uid'));
$storyauthor_select = COM_optionList($_TABLES['users'], 'uid,username', $story->EditElements('uid'));
$story_templates->set_var('story_author', $storyauthor);
$story_templates->set_var('story_author_select', $storyauthor_select);
$story_templates->set_var('author', $storyauthor);
$story_templates->set_var('story_uid', $story->EditElements('uid'));
// user access info
$story_templates->set_var('lang_accessrights', $LANG_ACCESS['accessrights']);
$story_templates->set_var('lang_owner', $LANG_ACCESS['owner']);
$ownername = COM_getDisplayName($story->EditElements('owner_id'));
$story_templates->set_var('owner_username', DB_getItem($_TABLES['users'], 'username', 'uid = ' . (int) $story->EditElements('owner_id')));
$story_templates->set_var('owner_name', $ownername);
$story_templates->set_var('owner', $ownername);
$story_templates->set_var('owner_id', $story->EditElements('owner_id'));
if (SEC_hasRights('story.edit')) {
$story_templates->set_var('owner_dropdown', COM_buildOwnerList('owner_id', $story->EditElements('owner_id')));
} else {
$ownerInfo = '<input type="hidden" name="owner_id" value="' . $story->editElements('owner_id') . '" />' . $ownername;
$story_templates->set_var('owner_dropdown', $ownerInfo);
}
$story_templates->set_var('lang_group', $LANG_ACCESS['group']);
if (SEC_inGroup($story->EditElements('group_id'))) {
$story_templates->set_var('group_dropdown', SEC_getGroupDropdown($story->EditElements('group_id'), 3));
} else {
$gdrpdown = '<input type="hidden" name="group_id" value="' . $story->EditElements('group_id') . '"/>';
$grpddown .= DB_getItem($_TABLES['groups'], 'grp_name', 'grp_id=' . (int) $story->EditElements('group_id'));
$story_templates->set_var('group_dropdown', $grpddown);
}
$story_templates->set_var('lang_permissions', $LANG_ACCESS['permissions']);
$story_templates->set_var('lang_perm_key', $LANG_ACCESS['permissionskey']);
$story_templates->set_var('permissions_editor', SEC_getPermissionsHTML($story->EditElements('perm_owner'), $story->EditElements('perm_group'), $story->EditElements('perm_members'), $story->EditElements('perm_anon')));
$story_templates->set_var('permissions_msg', $LANG_ACCESS['permmsg']);
$curtime = COM_getUserDateTimeFormat($story->EditElements('date'));
$story_templates->set_var('lang_date', $LANG24[15]);
$story_templates->set_var('publish_second', $story->EditElements('publish_second'));
$publish_ampm = '';
$publish_hour = $story->EditElements('publish_hour');
if ($publish_hour >= 12) {
if ($publish_hour > 12) {
$publish_hour = $publish_hour - 12;
}
$ampm = 'pm';
} else {
$ampm = 'am';
}
$ampm_select = COM_getAmPmFormSelection('publish_ampm', $ampm);
$story_templates->set_var('publishampm_selection', $ampm_select);
$month_options = COM_getMonthFormOptions($story->EditElements('publish_month'));
$story_templates->set_var('publish_month_options', $month_options);
$day_options = COM_getDayFormOptions($story->EditElements('publish_day'));
$story_templates->set_var('publish_day_options', $day_options);
$year_options = COM_getYearFormOptions($story->EditElements('publish_year'));
$story_templates->set_var('publish_year_options', $year_options);
if ($_CONF['hour_mode'] == 24) {
$hour_options = COM_getHourFormOptions($story->EditElements('publish_hour'), 24);
} else {
$hour_options = COM_getHourFormOptions($publish_hour);
}
$story_templates->set_var('publish_hour_options', $hour_options);
$minute_options = COM_getMinuteFormOptions($story->EditElements('publish_minute'));
$story_templates->set_var('publish_minute_options', $minute_options);
$story_templates->set_var('publish_date_explanation', $LANG24[46]);
$story_templates->set_var('story_unixstamp', $story->EditElements('unixdate'));
$story_templates->set_var('expire_second', $story->EditElements('expire_second'));
$expire_ampm = '';
$expire_hour = $story->EditElements('expire_hour');
if ($expire_hour >= 12) {
if ($expire_hour > 12) {
$expire_hour = $expire_hour - 12;
}
$ampm = 'pm';
} else {
$ampm = 'am';
}
$ampm_select = COM_getAmPmFormSelection('expire_ampm', $ampm);
if (empty($ampm_select)) {
// have a hidden field to 24 hour mode to prevent JavaScript errors
$ampm_select = '<input type="hidden" name="expire_ampm" value=""/>';
}
$story_templates->set_var('expireampm_selection', $ampm_select);
$month_options = COM_getMonthFormOptions($story->EditElements('expire_month'));
$story_templates->set_var('expire_month_options', $month_options);
$day_options = COM_getDayFormOptions($story->EditElements('expire_day'));
$story_templates->set_var('expire_day_options', $day_options);
$year_options = COM_getYearFormOptions($story->EditElements('expire_year'));
$story_templates->set_var('expire_year_options', $year_options);
if ($_CONF['hour_mode'] == 24) {
$hour_options = COM_getHourFormOptions($story->EditElements('expire_hour'), 24);
} else {
$hour_options = COM_getHourFormOptions($expire_hour);
}
$story_templates->set_var('expire_hour_options', $hour_options);
$minute_options = COM_getMinuteFormOptions($story->EditElements('expire_minute'));
$story_templates->set_var('expire_minute_options', $minute_options);
$story_templates->set_var('expire_date_explanation', $LANG24[46]);
$story_templates->set_var('story_unixstamp', $story->EditElements('expirestamp'));
if ($story->EditElements('statuscode') == STORY_ARCHIVE_ON_EXPIRE) {
$story_templates->set_var('is_checked2', 'checked="checked"');
$story_templates->set_var('is_checked3', 'checked="checked"');
$story_templates->set_var('showarchivedisabled', 'false');
} elseif ($story->EditElements('statuscode') == STORY_DELETE_ON_EXPIRE) {
$story_templates->set_var('is_checked2', 'checked="checked"');
$story_templates->set_var('is_checked4', 'checked="checked"');
$story_templates->set_var('showarchivedisabled', 'false');
} else {
$story_templates->set_var('showarchivedisabled', 'true');
}
$story_templates->set_var('lang_archivetitle', $LANG24[58]);
$story_templates->set_var('lang_option', $LANG24[59]);
$story_templates->set_var('lang_enabled', $LANG_ADMIN['enabled']);
$story_templates->set_var('lang_story_stats', $LANG24[87]);
$story_templates->set_var('lang_optionarchive', $LANG24[61]);
$story_templates->set_var('lang_optiondelete', $LANG24[62]);
$story_templates->set_var('lang_title', $LANG_ADMIN['title']);
$story_templates->set_var('story_title', $story->EditElements('title'));
$story_templates->set_var('story_subtitle', $story->EditElements('subtitle'));
$story_templates->set_var('lang_topic', $LANG_ADMIN['topic']);
$story_templates->set_var('lang_alt_topic', $LANG_ADMIN['alt_topic']);
$story_templates->set_var('topic_options', $allowedTopicList);
$story_templates->set_var('alt_topic_options', $allowedAltTopicList);
$story_templates->set_var('lang_show_topic_icon', $LANG24[56]);
if ($story->EditElements('show_topic_icon') == 1) {
$story_templates->set_var('show_topic_icon_checked', 'checked="checked"');
} else {
$story_templates->set_var('show_topic_icon_checked', '');
}
$story_templates->set_var('story_image_url', $story->EditElements('story_image'));
$story_templates->set_var('lang_draft', $LANG24[34]);
if ($story->EditElements('draft_flag')) {
$story_templates->set_var('is_checked', 'checked="checked"');
$story_templates->set_var('unpublished_selected', 'selected="selected"');
} else {
$story_templates->set_var('published_selected', 'selected="selected"');
}
$story_templates->set_var('lang_mode', $LANG24[3]);
$story_templates->set_var('status_options', COM_optionList($_TABLES['statuscodes'], 'code,name', $story->EditElements('statuscode')));
$story_templates->set_var('comment_options', COM_optionList($_TABLES['commentcodes'], 'code,name', $story->EditElements('commentcode')));
$story_templates->set_var('trackback_options', COM_optionList($_TABLES['trackbackcodes'], 'code,name', $story->EditElements('trackbackcode')));
// comment expire
$story_templates->set_var('lang_cmt_disable', $LANG24[63]);
if ($story->EditElements('cmt_close')) {
$story_templates->set_var('is_checked5', 'checked="checked"');
//check box if enabled
$story_templates->set_var('showcmtclosedisabled', 'false');
} else {
$story_templates->set_var('showcmtclosedisabled', 'true');
}
$month_options = COM_getMonthFormOptions($story->EditElements('cmt_close_month'));
$story_templates->set_var('cmt_close_month_options', $month_options);
$day_options = COM_getDayFormOptions($story->EditElements('cmt_close_day'));
$story_templates->set_var('cmt_close_day_options', $day_options);
$year_options = COM_getYearFormOptions($story->EditElements('cmt_close_year'));
$story_templates->set_var('cmt_close_year_options', $year_options);
$cmt_close_ampm = '';
$cmt_close_hour = $story->EditElements('cmt_close_hour');
//correct hour
if ($cmt_close_hour >= 12) {
if ($cmt_close_hour > 12) {
$cmt_close_hour = $cmt_close_hour - 12;
}
$ampm = 'pm';
} else {
$ampm = 'am';
}
$ampm_select = COM_getAmPmFormSelection('cmt_close_ampm', $ampm);
if (empty($ampm_select)) {
// have a hidden field to 24 hour mode to prevent JavaScript errors
$ampm_select = '<input type="hidden" name="cmt_close_ampm" value="" />';
}
$story_templates->set_var('cmt_close_ampm_selection', $ampm_select);
if ($_CONF['hour_mode'] == 24) {
$hour_options = COM_getHourFormOptions($story->EditElements('cmt_close_hour'), 24);
} else {
$hour_options = COM_getHourFormOptions($cmt_close_hour);
}
$story_templates->set_var('cmt_close_hour_options', $hour_options);
$minute_options = COM_getMinuteFormOptions($story->EditElements('cmt_close_minute'));
$story_templates->set_var('cmt_close_minute_options', $minute_options);
$story_templates->set_var('cmt_close_second', $story->EditElements('cmt_close_second'));
if ($_CONF['onlyrootfeatures'] == 1 && SEC_inGroup('Root') or $_CONF['onlyrootfeatures'] !== 1) {
$featured_options = "<select name=\"featured\">" . LB . COM_optionList($_TABLES['featurecodes'], 'code,name', $story->EditElements('featured')) . "</select>" . LB;
$featured_options_data = COM_optionList($_TABLES['featurecodes'], 'code,name', $story->EditElements('featured'));
$story_templates->set_var('featured_options_data', $featured_options_data);
} else {
$featured_options = "<input type=\"hidden\" name=\"featured\" value=\"0\"/>";
$story_templates->unset_var('featured_options_data');
}
$story_templates->set_var('featured_options', $featured_options);
$story_templates->set_var('frontpage_options', COM_optionList($_TABLES['frontpagecodes'], 'code,name', $story->EditElements('frontpage')));
$story_templates->set_var('story_introtext', $story->EditElements('introtext'));
$story_templates->set_var('story_bodytext', $story->EditElements('bodytext'));
$story_templates->set_var('lang_introtext', $LANG24[16]);
$story_templates->set_var('lang_bodytext', $LANG24[17]);
$story_templates->set_var('lang_postmode', $LANG24[4]);
$story_templates->set_var('lang_publishoptions', $LANG24[76]);
$story_templates->set_var('lang_publishdate', $LANG24[69]);
$story_templates->set_var('lang_nojavascript', $LANG24[77]);
$story_templates->set_var('postmode', $story->EditElements('postmode'));
if ($story->EditElements('postmode') == 'plaintext' || $story->EditElements('postmode') == 'text') {
$allowedHTML = '';
} else {
$allowedHTML = COM_allowedHTML(SEC_getUserPermissions(), false, 'glfusion', 'story') . '<br/>';
}
$allowedHTML .= COM_allowedAutotags(SEC_getUserPermissions(), false, 'glfusion', 'story');
$story_templates->set_var('lang_allowed_html', $allowedHTML);
$fileinputs = '';
$saved_images = '';
if ($_CONF['maximagesperarticle'] > 0) {
$story_templates->set_var('lang_images', $LANG24[47]);
$icount = DB_count($_TABLES['article_images'], 'ai_sid', DB_escapeString($story->getSid()));
if ($icount > 0) {
$result_articles = DB_query("SELECT * FROM {$_TABLES['article_images']} WHERE ai_sid = '" . DB_escapeString($story->getSid()) . "'");
for ($z = 1; $z <= $icount; $z++) {
$I = DB_fetchArray($result_articles);
$saved_images .= $z . ') ' . COM_createLink($I['ai_filename'], $_CONF['site_url'] . '/images/articles/' . $I['ai_filename']) . ' ' . $LANG_ADMIN['delete'] . ': <input type="checkbox" name="delete[' . $I['ai_img_num'] . ']" /><br />';
}
}
$newallowed = $_CONF['maximagesperarticle'] - $icount;
for ($z = $icount + 1; $z <= $_CONF['maximagesperarticle']; $z++) {
$fileinputs .= $z . ') <input type="file" dir="ltr" name="file[]' . '" />';
if ($z < $_CONF['maximagesperarticle']) {
$fileinputs .= '<br />';
}
}
$fileinputs .= '<br />' . $LANG24[51];
if ($_CONF['allow_user_scaling'] == 1) {
$fileinputs .= $LANG24[27];
}
$fileinputs .= $LANG24[28] . '<br />';
}
$story_templates->set_var('saved_images', $saved_images);
$story_templates->set_var('image_form_elements', $fileinputs);
$story_templates->set_var('lang_hits', $LANG24[18]);
$story_templates->set_var('story_hits', $story->EditElements('hits'));
$story_templates->set_var('lang_comments', $LANG24[19]);
$story_templates->set_var('story_comments', $story->EditElements('comments'));
$story_templates->set_var('lang_trackbacks', $LANG24[29]);
$story_templates->set_var('story_trackbacks', $story->EditElements('trackbacks'));
$story_templates->set_var('lang_emails', $LANG24[39]);
$story_templates->set_var('story_emails', $story->EditElements('numemails'));
if ($_CONF['rating_enabled']) {
$rating = @number_format($story->EditElements('rating'), 2);
$votes = $story->EditElements('votes');
$story_templates->set_var('rating', $rating);
$story_templates->set_var('votes', $votes);
}
$story_templates->set_var('attribution_url', $story->EditElements('attribution_url'));
$story_templates->set_var('attribution_name', $story->EditElements('attribution_name'));
$story_templates->set_var('attribution_author', $story->EditElements('attribution_author'));
$story_templates->set_var('lang_attribution_url', $LANG24[105]);
$story_templates->set_var('lang_attribution_name', $LANG24[106]);
$story_templates->set_var('lang_attribution_author', $LANG24[107]);
$story_templates->set_var('lang_attribution', $LANG24[108]);
$sec_token_name = CSRF_TOKEN;
$sec_token = SEC_createToken();
$story_templates->set_var('story_id', $story->getSid());
$story_templates->set_var('old_story_id', $story->EditElements('originalSid'));
$story_templates->set_var('lang_sid', $LANG24[12]);
$story_templates->set_var('lang_save', $saveoption);
$story_templates->set_var('lang_preview', $LANG_ADMIN['preview']);
$story_templates->set_var('lang_cancel', $LANG_ADMIN['cancel']);
$story_templates->set_var('lang_delete', $LANG_ADMIN['delete']);
$story_templates->set_var('lang_timeout', $LANG_ADMIN['timeout_msg']);
$story_templates->set_var('gltoken_name', CSRF_TOKEN);
$story_templates->set_var('gltoken', $sec_token);
$story_templates->set_var('security_token', $sec_token);
$story_templates->set_var('security_token_name', $sec_token_name);
$story_templates->set_var('end_block', COM_endBlock(COM_getBlockTemplate('_admin_block', 'footer')));
PLG_templateSetVars('storyeditor', $story_templates);
if ($story->EditElements('postmode') != 'html') {
$story_templates->unset_var('wysiwyg');
}
SEC_setCookie($_CONF['cookie_name'] . 'adveditor', SEC_createTokenGeneral('advancededitor'), time() + 1200, $_CONF['cookie_path'], $_CONF['cookiedomain'], $_CONF['cookiesecure'], false);
$story_templates->parse('output', 'editor');
$display .= $story_templates->finish($story_templates->get_var('output'));
return $display;
}
/**
* Merge User Accounts
*
* This validates the entered password and then merges a remote
* account with a local account.
*
* @return string HTML merge form if error, redirect on success
*
*/
function USER_mergeAccounts()
{
global $_CONF, $_SYSTEM, $_TABLES, $_USER, $LANG04, $LANG12, $LANG20;
$retval = '';
$remoteUID = COM_applyFilter($_POST['remoteuid'], true);
$localUID = COM_applyFilter($_POST['localuid'], true);
$localpwd = $_POST['localp'];
$localResult = DB_query("SELECT * FROM {$_TABLES['users']} WHERE uid=" . (int) $localUID);
$localRow = DB_fetchArray($localResult);
if (SEC_check_hash($localpwd, $localRow['passwd'])) {
// password is valid
$sql = "SELECT * FROM {$_TABLES['users']} WHERE remoteusername <> '' and email='" . DB_escapeString($localRow['email']) . "'";
$result = DB_query($sql);
$numRows = DB_numRows($result);
if ($numRows == 1) {
$remoteRow = DB_fetchArray($result);
if ($remoteUID == $remoteRow['uid']) {
$remoteUID = (int) $remoteRow['uid'];
$remoteService = substr($remoteRow['remoteservice'], 6);
} else {
echo COM_refresh($_CONF['site_url'] . '/index.php');
}
} else {
echo COM_refresh($_CONF['site_url'] . '/index.php');
}
$sql = "UPDATE {$_TABLES['users']} SET remoteusername='******'remoteusername']) . "'," . "remoteservice='" . DB_escapeString($remoteRow['remoteservice']) . "', " . "account_type=3 " . " WHERE uid=" . (int) $localUID;
DB_query($sql);
$_USER['uid'] = $localRow['uid'];
$local_login = true;
SESS_completeLogin($localUID);
$_GROUPS = SEC_getUserGroups($_USER['uid']);
$_RIGHTS = explode(',', SEC_getUserPermissions());
if ($_SYSTEM['admin_session'] > 0 && $local_login) {
if (SEC_isModerator() || SEC_hasRights('story.edit,block.edit,topic.edit,user.edit,plugin.edit,user.mail,syndication.edit', 'OR') || count(PLG_getAdminOptions()) > 0) {
$admin_token = SEC_createTokenGeneral('administration', $_SYSTEM['admin_session']);
SEC_setCookie('token', $admin_token, 0, $_CONF['cookie_path'], $_CONF['cookiedomain'], $_CONF['cookiesecure'], true);
}
}
COM_resetSpeedlimit('login');
// log the user out
SESS_endUserSession($remoteUID);
// Let plugins know a user is being merged
PLG_moveUser($remoteUID, $_USER['uid']);
// Ok, now delete everything related to this user
// let plugins update their data for this user
PLG_deleteUser($remoteUID);
if (function_exists('CUSTOM_userDeleteHook')) {
CUSTOM_userDeleteHook($remoteUID);
}
// Call custom account profile delete function if enabled and exists
if ($_CONF['custom_registration'] && function_exists('CUSTOM_userDelete')) {
CUSTOM_userDelete($remoteUID);
}
// remove from all security groups
DB_delete($_TABLES['group_assignments'], 'ug_uid', $remoteUID);
// remove user information and preferences
DB_delete($_TABLES['userprefs'], 'uid', $remoteUID);
DB_delete($_TABLES['userindex'], 'uid', $remoteUID);
DB_delete($_TABLES['usercomment'], 'uid', $remoteUID);
DB_delete($_TABLES['userinfo'], 'uid', $remoteUID);
// delete user photo, if enabled & exists
if ($_CONF['allow_user_photo'] == 1) {
$photo = DB_getItem($_TABLES['users'], 'photo', "uid = {$remoteUID}");
USER_deletePhoto($photo, false);
}
// delete subscriptions
DB_delete($_TABLES['subscriptions'], 'uid', $remoteUID);
// in case the user owned any objects that require Admin access, assign
// them to the Root user with the lowest uid
$rootgroup = DB_getItem($_TABLES['groups'], 'grp_id', "grp_name = 'Root'");
$result = DB_query("SELECT DISTINCT ug_uid FROM {$_TABLES['group_assignments']} WHERE ug_main_grp_id = '{$rootgroup}' ORDER BY ug_uid LIMIT 1");
$A = DB_fetchArray($result);
$rootuser = $A['ug_uid'];
if ($rootuser == '' || $rootuser < 2) {
$rootuser = 2;
}
DB_query("UPDATE {$_TABLES['blocks']} SET owner_id = {$rootuser} WHERE owner_id = {$remoteUID}");
DB_query("UPDATE {$_TABLES['topics']} SET owner_id = {$rootuser} WHERE owner_id = {$remoteUID}");
// now delete the user itself
DB_delete($_TABLES['users'], 'uid', $remoteUID);
} else {
// invalid password - let's try one more time
// need to set speed limit and give them 3 tries
COM_clearSpeedlimit($_CONF['login_speedlimit'], 'merge');
$last = COM_checkSpeedlimit('merge', 4);
if ($last > 0) {
COM_setMsg($LANG04[190], 'error');
echo COM_refresh($_CONF['site_url'] . '/users.php');
} else {
COM_updateSpeedlimit('merge');
USER_mergeAccountScreen($remoteUID, $localUID, $LANG20[3]);
}
return $retval;
}
// can't use COM_setMsg here since the session is being destroyed.
echo COM_refresh($_CONF['site_url'] . '/index.php?msg=522');
}
/**
* Saves a block
*
* @param string $bid Block ID
* @param string $name Block name
* @param string $title Block title
* @param string $type Type of block
* @param int $blockorder Order block appears relative to the others
* @param string $content Content of block
* @param string $tid Topic block should appear in
* @param string $rdfurl URL to headline feed for portal blocks
* @param string $rdfupdated Date RSS/RDF feed was last updated
* @param string $rdflimit max. number of entries to import from feed
* @param string $phpblockfn Name of php function to call to get content
* @param int $onleft Flag indicates if block shows up on left or right
* @param int $owner_id ID of owner
* @param int $group_id ID of group block belongs to
* @param array $perm_owner Permissions the owner has on the object
* @param array $perm_group Permissions the group has on the object
* @param array $perm_members Permissions the logged in members have
* @param array $perm_anon Permissinos anonymous users have
* @param int $is_enabled Flag, indicates if block is enabled or not
* @param int $allow_autotags Flag, indicates if autotags are enabed or not
* @return string HTML redirect or error message
*
*/
function BLOCK_save($bid, $name, $title, $help, $type, $blockorder, $content, $tid, $rdfurl, $rdfupdated, $rdflimit, $phpblockfn, $onleft, $owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon, $is_enabled, $allow_autotags)
{
global $_CONF, $_TABLES, $LANG01, $LANG21, $MESSAGE;
$retval = '';
$B['bid'] = (int) $bid;
$B['name'] = $name;
$B['title'] = $title;
$B['type'] = $type;
$B['blockorder'] = $blockorder;
$B['content'] = $content;
$B['tid'] = $tid;
$B['rdfurl'] = $rdfurl;
$B['rdfupdated'] = $rdfupdated;
$B['rdflimit'] = $rdflimit;
$B['phpblockfn'] = $phpblockfn;
$B['onleft'] = $onleft;
$B['owner_id'] = $owner_id;
$B['group_id'] = $group_id;
$B['perm_owner'] = $perm_owner;
$B['perm_group'] = $perm_group;
$B['perm_members'] = $perm_members;
$B['perm_anon'] = $perm_anon;
$B['is_enabled'] = $is_enabled;
$B['allow_autotags'] = $allow_autotags;
$bid = (int) $bid;
$MenuElementAllowedHTML = "i[class|style],div[class|style],span[class|style],img[src|class|style],em,strong,del,ins,q,abbr,dfn,small";
$filter = sanitizer::getInstance();
$allowedElements = $filter->makeAllowedElements($MenuElementAllowedHTML);
$filter->setAllowedElements($allowedElements);
$filter->setPostmode('html');
$title = $filter->filterHTML($title);
$title = DB_escapeString($title);
$phpblockfn = DB_escapeString(trim($phpblockfn));
if (empty($title) || !BLOCK_validateName($name)) {
if (empty($title)) {
$msg = $LANG21[64];
} else {
$msg = $LANG21[70];
}
SEC_setCookie($_CONF['cookie_name'] . 'adveditor', SEC_createTokenGeneral('advancededitor'), time() + 1200, $_CONF['cookie_path'], $_CONF['cookiedomain'], $_CONF['cookiesecure'], false);
$retval .= COM_siteHeader('menu', $LANG21[63]) . COM_showMessageText($msg, $LANG21[63], true) . BLOCK_edit($bid, $B) . COM_siteFooter();
return $retval;
}
// Convert array values to numeric permission values
list($perm_owner, $perm_group, $perm_members, $perm_anon) = SEC_getPermissionValues($perm_owner, $perm_group, $perm_members, $perm_anon);
$access = 0;
if ($bid > 0 && DB_count($_TABLES['blocks'], 'bid', $bid) > 0) {
$result = DB_query("SELECT owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon FROM {$_TABLES['blocks']} WHERE bid = '{$bid}'");
$A = DB_fetchArray($result);
$access = SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']);
} else {
$access = SEC_hasAccess($owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon);
}
if ($access < 3 || !BLOCK_hasTopicAccess($tid) || !SEC_inGroup($group_id)) {
$retval .= COM_siteHeader('menu', $MESSAGE[30]);
$retval .= COM_showMessageText($MESSAGE[33], $MESSAGE[30], true);
$retval .= COM_siteFooter();
COM_accessLog("User {$_USER['username']} tried to illegally create or edit block {$bid}.");
return $retval;
} elseif ($type == 'normal' && !empty($title) && !empty($content) or $type == 'portal' && !empty($title) && !empty($rdfurl) or $type == 'gldefault' && strlen($blockorder) > 0 or $type == 'phpblock' && !empty($phpblockfn) && !empty($title)) {
if ($is_enabled == 'on') {
$is_enabled = 1;
} else {
$is_enabled = 0;
}
if ($allow_autotags == 1) {
$allow_autotags = 1;
} else {
$allow_autotags = 0;
}
if ($type == 'portal') {
$content = '';
$rdfupdated = '';
$phpblockfn = '';
// get rid of possible extra prefixes (e.g. "feed://http://...")
if (substr($rdfurl, 0, 4) == 'rss:') {
$rdfurl = substr($rdfurl, 4);
} else {
if (substr($rdfurl, 0, 5) == 'feed:') {
$rdfurl = substr($rdfurl, 5);
}
}
if (substr($rdfurl, 0, 2) == '//') {
$rdfurl = substr($rdfurl, 2);
}
$rdfurl = COM_sanitizeUrl($rdfurl, array('http', 'https'));
}
if ($type == 'gldefault') {
if ($name != 'older_stories') {
$content = '';
}
$rdfurl = '';
$rdfupdated = '';
$rdflimit = 0;
$phpblockfn = '';
}
if ($type == 'phpblock') {
// NOTE: PHP Blocks must be within a function and the function
// must start with phpblock_ as the prefix. This will prevent
// the arbitrary execution of code
if (!stristr($phpblockfn, 'phpblock_')) {
$retval .= COM_siteHeader('menu', $LANG21[37]) . COM_showMessageText($LANG21[38], $LANG21[37], true) . BLOCK_edit($bid, $B) . COM_siteFooter();
return $retval;
}
$content = '';
$rdfurl = '';
$rdfupdated = '';
$rdflimit = 0;
}
if ($type == 'normal') {
$rdfurl = '';
$rdfupdated = '';
$rdflimit = 0;
$phpblockfn = '';
$content = DB_escapeString($content);
}
if ($rdflimit < 0) {
$rdflimit = 0;
}
if (!empty($rdfurl)) {
$rdfurl = DB_escapeString($rdfurl);
}
if (empty($rdfupdated)) {
$rdfupdated = '1000-01-01 00:00:00';
}
$name = DB_escapeString($name);
if ($bid > 0) {
DB_save($_TABLES['blocks'], 'bid,name,title,help,type,blockorder,content,tid,rdfurl,rdfupdated,rdflimit,phpblockfn,onleft,owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon,is_enabled,allow_autotags,rdf_last_modified,rdf_etag', "{$bid},'{$name}','{$title}','{$help}','{$type}','{$blockorder}','{$content}','{$tid}','{$rdfurl}','{$rdfupdated}','{$rdflimit}','{$phpblockfn}',{$onleft},{$owner_id},{$group_id},{$perm_owner},{$perm_group},{$perm_members},{$perm_anon},{$is_enabled},{$allow_autotags},NULL,NULL");
} else {
$sql = "INSERT INTO {$_TABLES['blocks']} " . '(name,title,help,type,blockorder,content,tid,rdfurl,rdfupdated,rdflimit,phpblockfn,onleft,owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon,is_enabled,allow_autotags) ' . "VALUES ('{$name}','{$title}','{$help}','{$type}','{$blockorder}','{$content}','{$tid}','{$rdfurl}','{$rdfupdated}','{$rdflimit}','{$phpblockfn}',{$onleft},{$owner_id},{$group_id},{$perm_owner},{$perm_group},{$perm_members},{$perm_anon},{$is_enabled},{$allow_autotags})";
DB_query($sql);
$bid = DB_insertId();
}
if ($type == 'gldefault' && $name == 'older_stories') {
COM_olderStuff();
}
CTL_clearCache();
COM_setMessage(11);
return COM_refresh($_CONF['site_admin_url'] . '/block.php');
} else {
SEC_setCookie($_CONF['cookie_name'] . 'adveditor', SEC_createTokenGeneral('advancededitor'), time() + 1200, $_CONF['cookie_path'], $_CONF['cookiedomain'], $_CONF['cookiesecure'], false);
$retval .= COM_siteHeader('menu', $LANG21[32]);
if ($type == 'portal') {
// Portal block is missing fields
$msg = $LANG21[33];
} else {
if ($type == 'phpblock') {
// PHP Block is missing field
$msg = $LANG21[34];
} else {
if ($type == 'normal') {
// Normal block is missing field
$msg = $LANG21[35];
} else {
if ($type == 'gldefault') {
// Default glFusion field missing
$msg = $LANG21[42];
} else {
// Layout block missing content
$msg = $LANG21[36];
}
}
}
}
$retval .= COM_showMessageText($msg, $LANG21[32], true);
$retval .= BLOCK_edit($bid, $B);
$retval .= COM_siteFooter();
}
return $retval;
}
die;
}
if (!isset($_COOKIE['token'])) {
die;
}
$sql = "SELECT * FROM {$_TABLES['tokens']} WHERE token='" . DB_escapeString($token) . "'";
$result = DB_query($sql);
if (DB_numRows($result) != 1) {
die;
}
$advtoken = COM_applyFilter($_COOKIE[$_CONF['cookie_name'] . 'adveditor']);
$sql = "SELECT * FROM {$_TABLES['tokens']} WHERE token='" . DB_escapeString($advtoken) . "'";
$result = DB_query($sql);
if (DB_numRows($result) != 1) {
die;
}
$admtoken = COM_applyFilter($_COOKIE['token']);
$sql = "SELECT * FROM {$_TABLES['tokens']} WHERE token='" . DB_escapeString($admtoken) . "'";
$result = DB_query($sql);
if (DB_numRows($result) != 1) {
die;
}
// refresh tokens
$sql = "UPDATE {$_TABLES['tokens']} SET created=NOW() WHERE token='" . DB_escapeString($token) . "'";
DB_query($sql);
$sql = "UPDATE {$_TABLES['tokens']} SET created=NOW() WHERE token='" . DB_escapeString($advtoken) . "'";
DB_query($sql);
SEC_setCookie($_CONF['cookie_name'] . 'adveditor', $advtoken, time() + 1200, $_CONF['cookie_path'], $_CONF['cookiedomain'], $_CONF['cookiesecure'], false);
$sql = "UPDATE {$_TABLES['tokens']} SET created=NOW() WHERE token='" . DB_escapeString($admtoken) . "'";
DB_query($sql);
exit;
/**
* Saves the user's information back to the database
*
* @param array $A User's data
* @return string HTML error message or meta redirect
*
*/
function saveuser($A)
{
global $_CONF, $_TABLES, $_USER, $LANG04, $LANG24, $_US_VERBOSE;
if ($_US_VERBOSE) {
COM_errorLog('**** Inside saveuser in usersettings.php ****', 1);
}
$reqid = DB_getItem($_TABLES['users'], 'pwrequestid', "uid = {$_USER['uid']}");
if ($reqid != $A['uid']) {
DB_change($_TABLES['users'], 'pwrequestid', "NULL", 'uid', $_USER['uid']);
COM_accessLog("An attempt was made to illegally change the account information of user {$_USER['uid']}.");
return COM_refresh($_CONF['site_url'] . '/index.php');
}
if (!isset($A['cooktime'])) {
// If not set or possibly removed from template - set to default
$A['cooktime'] = $_CONF['default_perm_cookie_timeout'];
} else {
$A['cooktime'] = COM_applyFilter($A['cooktime'], true);
}
// If empty or invalid - set to user default
// So code after this does not fail the user password required test
if ($A['cooktime'] < 0) {
// note that == 0 is allowed!
$A['cooktime'] = $_USER['cookietimeout'];
}
// to change the password, email address, or cookie timeout,
// we need the user's current password
$service = DB_getItem($_TABLES['users'], 'remoteservice', "uid = {$_USER['uid']}");
if ($service == '') {
if (!empty($A['passwd']) || $A['email'] != $_USER['email'] || $A['cooktime'] != $_USER['cookietimeout']) {
// verify password
if (empty($A['old_passwd']) || SEC_encryptUserPassword($A['old_passwd'], $_USER['uid']) < 0) {
return COM_refresh($_CONF['site_url'] . '/usersettings.php?msg=83');
} elseif ($_CONF['custom_registration'] && function_exists('CUSTOM_userCheck')) {
$ret = CUSTOM_userCheck($A['username'], $A['email']);
if (!empty($ret)) {
// Need a numeric return for the default message handler
// - if not numeric use default message
if (!is_numeric($ret['number'])) {
$ret['number'] = 400;
}
return COM_refresh("{$_CONF['site_url']}/usersettings.php?msg={$ret['number']}");
}
}
} elseif ($_CONF['custom_registration'] && function_exists('CUSTOM_userCheck')) {
$ret = CUSTOM_userCheck($A['username'], $A['email']);
if (!empty($ret)) {
// Need a numeric return for the default message handler
// - if not numeric use default message
if (!is_numeric($ret['number'])) {
$ret['number'] = 400;
}
return COM_refresh("{$_CONF['site_url']}/usersettings.php?msg={$ret['number']}");
}
}
} else {
if ($A['email'] != $_USER['email'] || $A['cooktime'] != $_USER['cookietimeout']) {
// re athenticate remote user again for these changes to take place
// Can't just be done here since user may have to relogin to his service which then sends us back here and we lose his changes
}
}
// no need to filter the password as it's encoded anyway
if ($_CONF['allow_username_change'] == 1) {
$A['new_username'] = COM_applyFilter($A['new_username']);
if (!empty($A['new_username']) && $A['new_username'] != $_USER['username']) {
$A['new_username'] = DB_escapeString($A['new_username']);
if (DB_count($_TABLES['users'], 'username', $A['new_username']) == 0) {
if ($_CONF['allow_user_photo'] == 1) {
$photo = DB_getItem($_TABLES['users'], 'photo', "uid = {$_USER['uid']}");
if (!empty($photo)) {
$newphoto = preg_replace('/' . $_USER['username'] . '/', $A['new_username'], $photo, 1);
$imgpath = $_CONF['path_images'] . 'userphotos/';
if (rename($imgpath . $photo, $imgpath . $newphoto) === false) {
$display = COM_errorLog('Could not rename userphoto "' . $photo . '" to "' . $newphoto . '".');
$display = COM_createHTMLDocument($display, array('pagetitle' => $LANG04[21]));
return $display;
}
DB_change($_TABLES['users'], 'photo', DB_escapeString($newphoto), "uid", $_USER['uid']);
}
}
DB_change($_TABLES['users'], 'username', $A['new_username'], "uid", $_USER['uid']);
} else {
return COM_refresh($_CONF['site_url'] . '/usersettings.php?msg=51');
}
}
}
// a quick spam check with the unfiltered field contents
$profile = '<h1>' . $LANG04[1] . ' ' . $_USER['username'] . '</h1><p>';
// this is a hack, for some reason remoteservice links made SPAMX SLV check barf
if (empty($service)) {
$profile .= COM_createLink($A['homepage'], $A['homepage']) . '<br' . XHTML . '>';
}
$profile .= $A['location'] . '<br' . XHTML . '>' . $A['sig'] . '<br' . XHTML . '>' . $A['about'] . '<br' . XHTML . '>' . $A['pgpkey'] . '</p>';
$result = PLG_checkforSpam($profile, $_CONF['spamx']);
if ($result > 0) {
COM_displayMessageAndAbort($result, 'spamx', 403, 'Forbidden');
}
$A['email'] = COM_applyFilter($A['email']);
$A['email_conf'] = COM_applyFilter($A['email_conf']);
$A['homepage'] = COM_applyFilter($A['homepage']);
// basic filtering only
$A['fullname'] = strip_tags(COM_stripslashes($A['fullname']));
$A['location'] = strip_tags(COM_stripslashes($A['location']));
$A['sig'] = strip_tags(COM_stripslashes($A['sig']));
$A['about'] = strip_tags(COM_stripslashes($A['about']));
$A['pgpkey'] = strip_tags(COM_stripslashes($A['pgpkey']));
if (!COM_isEmail($A['email'])) {
return COM_refresh($_CONF['site_url'] . '/usersettings.php?msg=52');
} else {
if ($A['email'] !== $A['email_conf']) {
return COM_refresh($_CONF['site_url'] . '/usersettings.php?msg=78');
} else {
if (emailAddressExists($A['email'], $_USER['uid'])) {
return COM_refresh($_CONF['site_url'] . '/usersettings.php?msg=56');
} else {
$passwd = '';
if ($service == '') {
if (!empty($A['passwd'])) {
if ($A['passwd'] == $A['passwd_conf'] && SEC_encryptUserPassword($A['old_passwd'], $_USER['uid']) == 0) {
SEC_updateUserPassword($A['passwd'], $_USER['uid']);
if ($A['cooktime'] > 0) {
$cooktime = $A['cooktime'];
} else {
$cooktime = -1000;
}
SEC_setCookie($_CONF['cookie_password'], $passwd, time() + $cooktime);
} elseif (SEC_encryptUserPassword($A['old_passwd'], $_USER['uid']) < 0) {
return COM_refresh($_CONF['site_url'] . '/usersettings.php?msg=68');
} elseif ($A['passwd'] != $A['passwd_conf']) {
return COM_refresh($_CONF['site_url'] . '/usersettings.php?msg=67');
}
}
} else {
// Cookie
if ($A['cooktime'] > 0) {
$cooktime = $A['cooktime'];
} else {
$cooktime = -1000;
}
SEC_setCookie($_CONF['cookie_password'], $passwd, time() + $cooktime);
}
if ($_US_VERBOSE) {
COM_errorLog('cooktime = ' . $A['cooktime'], 1);
}
if ($A['cooktime'] <= 0) {
$cooktime = 1000;
SEC_setCookie($_CONF['cookie_name'], $_USER['uid'], time() - $cooktime);
} else {
SEC_setCookie($_CONF['cookie_name'], $_USER['uid'], time() + $A['cooktime']);
}
if ($_CONF['allow_user_photo'] == 1) {
$delete_photo = '';
if (isset($A['delete_photo'])) {
$delete_photo = $A['delete_photo'];
}
$filename = handlePhotoUpload($delete_photo);
}
if (!empty($A['homepage'])) {
$pos = MBYTE_strpos($A['homepage'], ':');
if ($pos === false) {
$A['homepage'] = 'http://' . $A['homepage'];
} else {
$prot = substr($A['homepage'], 0, $pos + 1);
if ($prot != 'http:' && $prot != 'https:') {
$A['homepage'] = 'http:' . substr($A['homepage'], $pos + 1);
}
}
$A['homepage'] = DB_escapeString($A['homepage']);
}
$A['fullname'] = DB_escapeString($A['fullname']);
$A['email'] = DB_escapeString($A['email']);
$A['location'] = DB_escapeString($A['location']);
$A['sig'] = DB_escapeString($A['sig']);
$A['about'] = DB_escapeString($A['about']);
$A['pgpkey'] = DB_escapeString($A['pgpkey']);
if (!empty($filename)) {
if (!file_exists($_CONF['path_images'] . 'userphotos/' . $filename)) {
$filename = '';
}
}
DB_query("UPDATE {$_TABLES['users']} SET fullname='{$A['fullname']}',email='{$A['email']}',homepage='{$A['homepage']}',sig='{$A['sig']}',cookietimeout={$A['cooktime']},photo='{$filename}' WHERE uid={$_USER['uid']}");
DB_query("UPDATE {$_TABLES['userinfo']} SET pgpkey='{$A['pgpkey']}',about='{$A['about']}',location='{$A['location']}' WHERE uid={$_USER['uid']}");
// Call custom registration save function if enabled and exists
if ($_CONF['custom_registration'] and function_exists('CUSTOM_userSave')) {
CUSTOM_userSave($_USER['uid']);
}
PLG_userInfoChanged($_USER['uid']);
// at this point, the user information has been saved, but now we're going to check to see if
// the user has requested resynchronization with their remoteservice account
$msg = 5;
// default msg = Your account information has been successfully saved
if (isset($A['resynch'])) {
if ($_CONF['user_login_method']['oauth'] && strpos($_USER['remoteservice'], 'oauth.') === 0) {
$modules = SEC_collectRemoteOAuthModules();
$active_service = count($modules) == 0 ? false : in_array(substr($_USER['remoteservice'], 6), $modules);
if (!$active_service) {
$status = -1;
$msg = 115;
// Remote service has been disabled.
} else {
require_once $_CONF['path_system'] . 'classes/oauthhelper.class.php';
$service = substr($_USER['remoteservice'], 6);
$consumer = new OAuthConsumer($service);
$callback_url = $_CONF['site_url'];
$consumer->setRedirectURL($callback_url);
$user = $consumer->authenticate_user();
$consumer->doSynch($user);
}
}
if ($msg != 5) {
$msg = 114;
// Account saved but re-synch failed.
COM_errorLog($MESSAGE[$msg]);
}
}
if ($_US_VERBOSE) {
COM_errorLog('**** Leaving saveuser in usersettings.php ****', 1);
}
return COM_refresh($_CONF['site_url'] . '/users.php?mode=profile&uid=' . $_USER['uid'] . '&msg=' . $msg);
}
}
}
}
function FF_postEditor($postData, $forumData, $action, $viewMode)
{
global $_CONF, $_TABLES, $_FF_CONF, $FF_userprefs, $_USER, $LANG_GF01, $LANG_GF02, $LANG_GF10, $REMOTE_ADDR;
$retval = '';
$editmoderator = false;
$numAttachments = 0;
$edit_val = '';
$sticky_val = '';
$locked_val = '';
if (COM_isAnonUser()) {
$uid = 1;
} else {
$uid = $_USER['uid'];
}
// initialize defaults
if ($_FF_CONF['bbcode_disabled']) {
$disable_bbcode_val = ' checked="checked"';
} else {
$disable_bbcode_val = '';
}
if ($_FF_CONF['smilies_disabled']) {
$disable_smilies_val = ' checked="checked"';
} else {
$disable_smilies_val = '';
}
if ($_FF_CONF['urlparse_disabled']) {
$disable_urlparse_val = ' checked="checked"';
} else {
$disable_urlparse_val = '';
}
// check postmode
if (isset($postData['postmode'])) {
// this means we are editing or previewing (or both)
if (isset($postData['postmode_switch'])) {
// means they selected a switch
$chkpostmode = _ff_chkpostmode($postData['postmode'], $postData['postmode_switch']);
if ($chkpostmode != $postData['postmode']) {
$postData['postmode'] = $chkpostmode;
$postData['postmode_switch'] = 0;
}
}
} else {
if ($_FF_CONF['post_htmlmode'] && $_FF_CONF['allow_html']) {
$postData['postmode'] = 'html';
} else {
$postData['postmode'] = 'text';
}
}
// verify postmode is allowed
if ($postData['postmode'] == 'html' || $postData['postmode'] == 'HTML') {
if ($_FF_CONF['allow_html'] || SEC_inGroup('Root') || SEC_hasRights('forum.html')) {
$postData['postmode'] = 'html';
} else {
$postData['postmode'] = 'text';
}
}
$postData['postmode_switch'] = 0;
// action specific setup
if ($action == 'edittopic' || $viewMode) {
// need to see what options were checked...
$status = 0;
// get our options...
if (isset($postData['disable_bbcode']) && $postData['disable_bbcode'] == 1) {
$disable_bbcode_val = ' checked="checked"';
$status += DISABLE_BBCODE;
} else {
$disable_bbcode_val = '';
}
if (isset($postData['disable_smilies']) && $postData['disable_smilies'] == 1) {
$disable_smilies_val = ' checked="checked"';
$status += DISABLE_SMILIES;
} else {
$disable_smilies_val = '';
}
if (isset($postData['disable_urlparse']) && $postData['disable_urlparse'] == 1) {
$disable_urlparse_val = ' checked="checked"';
$status += DISABLE_URLPARSE;
} else {
$disable_urlparse_val = '';
}
}
// create our template
$peTemplate = new Template($_CONF['path'] . 'plugins/forum/templates/');
$peTemplate->set_file('posteditor', 'posteditor.thtml');
if ($postData['postmode'] == 'html') {
$peTemplate->set_var('html_mode', true);
} else {
$peTemplate->unset_var('html_mode');
}
if ($viewMode == PREVIEW_VIEW) {
$peTemplate->set_var('preview_post', FF_previewPost($postData, $action));
}
$uniqueid = isset($postData['uniqueid']) ? COM_applyFilter($postData['uniqueid'], true) : mt_rand();
$peTemplate->set_var('uniqueid', $uniqueid);
if (SEC_inGroup($postData['use_attachment_grpid']) && $_FF_CONF['maxattachments'] > 0) {
$peTemplate->set_var('use_attachments', true);
}
if ($action == 'newtopic') {
$peTemplate->set_var('save_button', 'savetopic');
$postmessage = $LANG_GF02['PostTopic'];
$peTemplate->set_var('hidden_action', 'newtopic');
}
if ($action == 'edittopic') {
$peTemplate->set_var('save_button', 'saveedit');
if (isset($postData['forum']) && forum_modPermission($postData['forum'], $_USER['uid'], 'mod_edit')) {
$editmoderator = true;
$peTemplate->set_var('hidden_modedit', '1');
} else {
$peTemplate->set_var('hidden_modedit', '0');
$editmoderator = false;
}
$postmessage = $LANG_GF02['EditTopic'];
$peTemplate->set_var('hidden_action', 'edittopic');
$peTemplate->set_var('hidden_editpost', 'yes');
if ($editmoderator) {
$username = $postData['name'];
} elseif ($postData['uid'] > 1) {
$username = COM_getDisplayName($postData['uid']);
}
$postData['comment'] = str_ireplace('</textarea>', '</textarea>', $postData['comment']);
if (isset($postData['pid'])) {
$peTemplate->set_var('hidden_editpid', $postData['pid']);
}
$peTemplate->set_var('hidden_editid', $postData['id']);
$edit_prompt = $LANG_GF02['msg190'] . '<br/><input type="checkbox" name="silentedit" ';
if (isset($postData['silentedit']) && $postData['silentedit'] == 1 or !isset($postData['modedit']) and $_FF_CONF['silent_edit_default']) {
$edit_prompt .= 'checked="checked" ';
$edit_val = ' checked="checked" ';
} else {
$edit_val = '';
}
$edit_prompt .= 'value="1"/>';
$peTemplate->set_var('attachments', '<div id="fileattachlist">' . _ff_showattachments($postData['id'], 'edit') . '</div>');
$numAttachments = DB_Count($_TABLES['ff_attachments'], 'topic_id', $postData['id']);
$allowedAttachments = $_FF_CONF['maxattachments'] - $numAttachments;
$peTemplate->set_var('fcounter', $allowedAttachments);
} else {
$numAttachments = (int) DB_Count($_TABLES['ff_attachments'], 'topic_id', $uniqueid);
$allowedAttachments = $_FF_CONF['maxattachments'] - $numAttachments;
$peTemplate->set_var('fcounter', $allowedAttachments);
$peTemplate->set_var('attachments', '');
if ($uniqueid > 0) {
$peTemplate->set_var('attachments', '<div id="fileattachlist">' . _ff_showattachments($uniqueid, 'edit') . '</div>');
}
$edit_prompt = ' ';
}
if ($action == 'newreply') {
$peTemplate->set_var('save_button', 'savereply');
$postmessage = $LANG_GF02['PostReply'];
$peTemplate->set_var('hidden_action', 'newreply');
if (!$viewMode) {
$postData['subject'] = $LANG_GF01['RE'] . $postData['subject'];
}
$quoteid = isset($_GET['quoteid']) ? COM_applyFilter($_GET['quoteid'], true) : 0;
$postData['mood'] = '';
if ($quoteid > 0 && !$viewMode) {
$quotesql = DB_query("SELECT * FROM {$_TABLES['ff_topic']} WHERE id=" . (int) $quoteid);
$quotearray = DB_fetchArray($quotesql);
$quotearray['name'] = urldecode($quotearray['name']);
$quotearray['comment'] = $quotearray['comment'];
$postData['comment'] = sprintf($_FF_CONF['quoteformat'], $quotearray['name'], $quotearray['comment']);
}
$postData['editpid'] = $postData['id'];
}
if ($_FF_CONF['use_sfs']) {
$peTemplate->set_var('usesfs', 1);
}
if (COM_isAnonUser()) {
if (!$_FF_CONF['use_sfs']) {
$postData['email'] = '';
}
$peTemplate->set_var('anonymous_user', true);
$peTemplate->set_var('post_message', $postmessage);
$peTemplate->set_var('LANG_NAME', $LANG_GF02['msg33']);
$peTemplate->set_var('name', htmlentities(strip_tags(COM_checkWords(trim(USER_sanitizeName(isset($postData['name']) ? $postData['name'] : ''))))), ENT_COMPAT, COM_getEncodingt());
if (isset($postData['email'])) {
$peTemplate->set_var('email', strip_tags($postData['email']));
}
} else {
$peTemplate->set_var('member_user', true);
$peTemplate->set_var('post_message', $postmessage);
$peTemplate->set_var('LANG_NAME', $LANG_GF02['msg33']);
if (!isset($username) or $username == '') {
if ($action == 'edittopic') {
if ($editmoderator) {
$username = $postData['name'];
} else {
$username = COM_getDisplayName($_USER['uid']);
}
} else {
$username = COM_getDisplayName($_USER['uid']);
}
}
$peTemplate->set_var('username', $username);
$peTemplate->set_var('xusername', urlencode($username));
}
$moodoptions = '';
if ($_FF_CONF['show_moods']) {
if (isset($postData['mood']) && $postData['mood'] != '') {
$postData['mood'] = COM_applyFilter($postData['mood']);
}
if (!isset($postData['mood']) || $postData['mood'] == '') {
$moodoptions = '<option value="" selected="selected">' . $LANG_GF01['NOMOOD'] . '</option>';
}
if ($dir = @opendir($_CONF['path_html'] . '/forum/images/moods')) {
while (($file = readdir($dir)) !== false) {
if (strlen($file) > 3 && substr(strtolower(trim($file)), -4, 4) == '.gif') {
$file = str_replace(array('.gif', '.jpg'), array('', ''), $file);
if (isset($postData['mood']) && $file == $postData['mood']) {
$moodoptions .= "<option selected=\"selected\">" . $file . "</option>";
} else {
$moodoptions .= "<option>" . $file . "</option>";
}
} else {
$moodoptions .= '';
}
}
closedir($dir);
}
$peTemplate->set_var('LANG_MOOD', $LANG_GF02['msg36']);
$peTemplate->set_var('moodoptions', $moodoptions);
}
$sub_dot = '...';
$sub_none = '';
$postData['subject'] = str_replace($sub_dot, $sub_none, $postData['subject']);
if ($_FF_CONF['allow_smilies']) {
$peTemplate->set_var('smiley_enabled', true);
}
if ($_FF_CONF['allow_img_bbcode']) {
$peTemplate->set_var('allow_img_bbcode', true);
}
// if this is the first time showing the new submission form - then check if notify option should be on
if (!$viewMode) {
if (isset($postData['editpid']) && $postData['editpid'] > 0) {
$notifyTopicid = $postData['editpid'];
} else {
$notifyTopicid = $postData['id'];
}
if (!isset($postData['forum'])) {
$postData['forum'] = '';
}
if (DB_getItem($_TABLES['ff_userprefs'], 'alwaysnotify', "uid=" . (int) $uid) == 1 or FF_isSubscribed($postData['forum'], $notifyTopicid, $uid)) {
$postData['notify'] = 'on';
// check and see if user has un-subscribed to this topic
$nid = -$notifyTopicid;
if ($notifyTopicid > 0 and DB_getItem($_TABLES['subscriptions'], 'id', "type='forum' AND category=" . (int) $postData['forum'] . " AND id={$nid} AND uid={$uid}") > 1) {
$postData['notify'] = '';
}
} else {
$postData['notify'] = '';
}
}
if ($editmoderator) {
if (isset($postData['notify']) && $postData['notify'] == 'on' or isset($postData['notify']) && $postData['notify'] == 'on') {
$notify_val = 'checked="checked"';
} else {
$notify_val = '';
}
$notify_prompt = $LANG_GF02['msg38'] . '<br/><input type="checkbox" name="notify" value="on" ' . $notify_val . '/>';
// check that this is the parent topic - only able to make it skicky or locked
if (!isset($postData['pid']) || $postData['pid'] == 0) {
if (!isset($locked_val) and !isset($sticky_val) and $action == 'edittopic') {
if (!isset($postData['locked_switch']) and isset($postData['locked']) && $postData['locked'] == 1 or isset($postData['locked_switch']) && $postData['locked_switch'] == 1) {
$locked_val = 'checked="checked"';
} else {
$locked_val = '';
}
if (!isset($postData['sticky_switch']) and isset($postData['sticky']) && $postData['sticky'] == 1 or isset($postData['sticky_switch']) && $postData['sticky_switch'] == 1) {
$sticky_val = 'checked="checked"';
} else {
$sticky_val = '';
}
}
$locked_prompt = $LANG_GF02['msg109'] . '<br/><input type="checkbox" name="locked_switch" ' . $locked_val . ' value="1"/>';
$sticky_prompt = $LANG_GF02['msg61'] . '<br/><input type="checkbox" name="sticky_switch" ' . $sticky_val . ' value="1"/>';
} else {
$locked_prompt = '';
$sticky_prompt = '';
}
} else {
if ($uid > 1) {
if (isset($postData['notify']) && $postData['notify'] == 'on') {
$notify_val = 'checked="checked"';
} else {
$notify_val = '';
}
$notify_prompt = $LANG_GF02['msg38'] . '<br/><input type="checkbox" name="notify" ' . $notify_val . '/>';
$locked_prompt = '';
} else {
$notify_prompt = '';
$locked_prompt = '';
}
}
if ($postData['postmode'] == 'html' || $postData['postmode'] == 'HTML') {
$postmode_msg = $LANG_GF01['TEXTMODE'];
$postData['postmode'] = 'html';
} else {
$peTemplate->unset_var('show_htmleditor');
$postmode_msg = $LANG_GF01['HTMLMODE'];
}
if ($_FF_CONF['allow_html'] || SEC_inGroup('Root') || SEC_hasRights('forum.html')) {
if ($action == 'edittopic') {
$mode_prompt = $postmode_msg . '<br/><input type="checkbox" name="postmode_switch" value="1"/><input type="hidden" name="postmode" value="' . $postData['postmode'] . '"/>';
}
}
if ($action == 'edittopic') {
$peTemplate->set_var('bbcodeeditor', true);
}
$postData['subject'] = str_replace('"', '"', $postData['subject']);
if (!$_FF_CONF['allow_smilies']) {
$smilies = '';
} else {
$smilies = forumPLG_showsmilies(0);
}
$disable_bbcode_prompt = $LANG_GF01['disable_bbcode'] . ' <input type="checkbox" name="disable_bbcode" value="1" ' . $disable_bbcode_val . '/>';
if ($_FF_CONF['allow_smilies']) {
$disable_smilies_prompt = $LANG_GF01['disable_smilies'] . ' <input type="checkbox" name="disable_smilies" value="1"' . $disable_smilies_val . ' />';
} else {
$disable_smilies_prompt = '';
}
$disable_urlparse_prompt = $LANG_GF01['disable_urlparse'] . ' <input type="checkbox" name="disable_urlparse" value="1"' . $disable_urlparse_val . ' />';
$peTemplate->set_var('comment', @htmlspecialchars($postData['comment'], ENT_QUOTES, COM_getEncodingt()));
$peTemplate->set_var(array('edit_val' => $edit_val, 'sticky_val' => $sticky_val, 'postmode_msg' => $postmode_msg, 'notify_val' => $notify_val, 'disable_bbcode_val' => $disable_bbcode_val, 'disable_smilies_val' => $disable_smilies_val, 'disable_urlparse_val' => $disable_urlparse_val, 'bbcode_prompt' => $disable_bbcode_prompt, 'smilies_prompt' => $disable_smilies_prompt, 'urlparse_prompt' => $disable_urlparse_prompt, 'LANG_SUBJECT' => $LANG_GF01['SUBJECT'], 'LANG_OPTIONS' => $LANG_GF01['OPTIONS'], 'mode_prompt' => isset($mode_prompt) ? $mode_prompt : '', 'notify_prompt' => $notify_prompt, 'locked_prompt' => $locked_prompt, 'sticky_prompt' => isset($sticky_prompt) ? $sticky_prompt : '', 'edit_prompt' => $edit_prompt, 'LANG_SUBMIT' => $LANG_GF01['SUBMIT'], 'LANG_PREVIEW' => $LANG_GF01['PREVIEW'], 'subject' => $postData['subject'], 'smilies' => $smilies, 'LANG_attachments' => $LANG_GF10['attachments'], 'LANG_maxattachments' => sprintf($LANG_GF10['maxattachments'], $_FF_CONF['maxattachments']), 'postmode' => $postData['postmode']));
// Check and see if the filemgmt plugin is installed and enabled
if (function_exists('filemgmt_buildAccessSql') && $_FF_CONF['enable_fm_integration'] == 1) {
$peTemplate->set_var('filemgmt_category_options', gf_makeFilemgmtCatSelect($uid));
$peTemplate->set_var('LANG_usefilemgmt', $LANG_GF10['usefilemgmt']);
$peTemplate->set_var('LANG_description', $LANG_GF10['description']);
$peTemplate->set_var('LANG_category', $LANG_GF10['category']);
} else {
$peTemplate->set_var('show_filemgmt_option', 'none');
}
if (COM_isAnonUser()) {
$peTemplate->set_var('hide_notify', 'none');
}
if (function_exists('plugin_templatesetvars_captcha')) {
plugin_templatesetvars_captcha('forum', $peTemplate);
} else {
$peTemplate->set_var('captcha', '');
}
if ($postData['id'] > 0) {
$peTemplate->set_var('topic_id', $postData['id']);
}
$peTemplate->set_var(array('navbreadcrumbsimg' => _ff_getImage('nav_breadcrumbs'), 'navtopicimg' => _ff_getImage('nav_topic'), 'form_action' => $_CONF['site_url'] . '/forum/createtopic.php', 'referer' => $forumData['referer'], 'forum_id' => $forumData['forum'], 'cat_name' => $postData['cat_name'], 'cat_id' => $forumData['forum_cat'], 'forum_name' => $postData['forum_name'], 'subject' => @htmlspecialchars($postData['subject'], ENT_QUOTES, COM_getEncodingt()), 'LANG_HOME' => $LANG_GF01['HOMEPAGE'], 'forum_home' => $LANG_GF01['INDEXPAGE'], 'hidden_id' => $postData['id'], 'page' => $forumData['page'], 'LANG_bhelp' => $LANG_GF01['b_help'], 'LANG_ihelp' => $LANG_GF01['i_help'], 'LANG_uhelp' => $LANG_GF01['u_help'], 'LANG_qhelp' => $LANG_GF01['q_help'], 'LANG_chelp' => $LANG_GF01['c_help'], 'LANG_lhelp' => $LANG_GF01['l_help'], 'LANG_ohelp' => $LANG_GF01['o_help'], 'LANG_phelp' => $LANG_GF01['p_help'], 'LANG_whelp' => $LANG_GF01['w_help'], 'LANG_ahelp' => $LANG_GF01['a_help'], 'LANG_shelp' => $LANG_GF01['s_help'], 'LANG_fhelp' => $LANG_GF01['f_help'], 'LANG_hhelp' => $LANG_GF01['h_help'], 'LANG_thelp' => $LANG_GF01['t_help'], 'LANG_ehelp' => $LANG_GF01['e_help'], 'LANG_code' => $LANG_GF01['CODE'], 'LANG_fontcolor' => $LANG_GF01['FONTCOLOR'], 'LANG_fontsize' => $LANG_GF01['FONTSIZE'], 'LANG_closetags' => $LANG_GF01['CLOSETAGS'], 'LANG_codetip' => $LANG_GF01['CODETIP'], 'LANG_tiny' => $LANG_GF01['TINY'], 'LANG_small' => $LANG_GF01['SMALL'], 'LANG_normal' => $LANG_GF01['NORMAL'], 'LANG_large' => $LANG_GF01['LARGE'], 'LANG_huge' => $LANG_GF01['HUGE'], 'LANG_default' => $LANG_GF01['DEFAULT'], 'LANG_dkred' => $LANG_GF01['DKRED'], 'LANG_red' => $LANG_GF01['RED'], 'LANG_orange' => $LANG_GF01['ORANGE'], 'LANG_brown' => $LANG_GF01['BROWN'], 'LANG_yellow' => $LANG_GF01['YELLOW'], 'LANG_green' => $LANG_GF01['GREEN'], 'LANG_olive' => $LANG_GF01['OLIVE'], 'LANG_cyan' => $LANG_GF01['CYAN'], 'LANG_blue' => $LANG_GF01['BLUE'], 'LANG_dkblue' => $LANG_GF01['DKBLUE'], 'LANG_indigo' => $LANG_GF01['INDIGO'], 'LANG_violet' => $LANG_GF01['VIOLET'], 'LANG_white' => $LANG_GF01['WHITE'], 'LANG_black' => $LANG_GF01['BLACK']));
$peTemplate->set_var('token_name', CSRF_TOKEN);
$peTemplate->set_var('token', SEC_createToken());
$peTemplate->set_var('postmode', $postData['postmode']);
$peTemplate->unset_var('show_htmleditor');
if ($_FF_CONF['use_wysiwyg_editor'] && $postData['postmode'] == 'html') {
// hook into wysiwyg here
switch (PLG_getEditorType()) {
case 'ckeditor':
$peTemplate->set_var('show_htmleditor', true);
PLG_requestEditor('forum', 'forum_entry', 'ckeditor_forum.thtml');
PLG_templateSetVars('forum_entry', $peTemplate);
break;
case 'tinymce':
$peTemplate->set_var('show_htmleditor', true);
PLG_requestEditor('forum', 'forum_entry', 'tinymce_forum.thtml');
PLG_templateSetVars('forum_entry', $peTemplate);
break;
default:
// don't support others right now
break;
}
}
$peTemplate->parse('output', 'posteditor');
$retval .= $peTemplate->finish($peTemplate->get_var('output'));
$urlfor = 'advancededitor';
if ($uid == 1) {
$urlfor = 'advancededitor' . md5($REMOTE_ADDR);
}
SEC_setCookie($_CONF['cookie_name'] . 'adveditor', SEC_createTokenGeneral($urlfor), time() + 1200, $_CONF['cookie_path'], $_CONF['cookiedomain'], $_CONF['cookiesecure'], false);
if (!isset($_POST['editpost'])) {
$_POST['editpost'] = '';
}
if ($action != 'newtopic' && $_POST['editpost'] != 'yes' && ($action == 'newreply' || $viewMode)) {
if ($FF_userprefs['showiframe']) {
$retval .= "<iframe src=\"{$_CONF['site_url']}/forum/viewtopic.php?mode=preview&showtopic=" . $postData['id'] . "&onlytopic=1&lastpost=true\" height=\"300\" width=\"100%\"></iframe>";
}
}
return $retval;
}
/**
* Sets the session cookie
*
* This saves the session ID to the session cookie on client's machine for
* later use
*
* @param string $sessid Session ID to save to cookie
* @param int $cookietime Cookie timeout value (not used)
* @param string $cookiename Name of cookie to save sessiond ID to
* @param string $cookiepath Path in which cookie should be sent to server for
* @param string $cookiedomain Domain in which cookie should be sent to server for
* @param int $cookiesecure if =1, set cookie only on https connection
*
*/
function SESS_setSessionCookie($sessid, $cookietime, $cookiename, $cookiepath, $cookiedomain, $cookiesecure)
{
global $_SESS_VERBOSE;
// This sets a cookie that will persist until the user closes their browser
// window. since session expiry is handled on the server-side, cookie expiry
// time isn't a big deal.
if ($_SESS_VERBOSE) {
COM_errorLog("Setting session cookie: setcookie({$cookiename}, {$sessid}, 0, {$cookiepath}, {$cookiedomain}, {$cookiesecure});", 1);
}
if (SEC_setCookie($cookiename, $sessid, 0, $cookiepath, $cookiedomain, $cookiesecure) === false) {
COM_errorLog('Failed to set session cookie.', 1);
}
}
/**
* Complete the login process - setup new session
*
* Complete the login process - create new session for user
*
* @param int $uid User ID of logged in user
* @return none
*
*/
function SESS_completeLogin($uid)
{
global $_TABLES, $_CONF, $_SYSTEM, $_USER;
$request_ip = !empty($_SERVER['REMOTE_ADDR']) ? htmlspecialchars($_SERVER['REMOTE_ADDR']) : '';
// build the $_USER array
$userdata = SESS_getUserDataFromId($uid);
$_USER = $userdata;
// save old session data
$savedSessionData = json_encode($_SESSION);
// create the session
$sessid = SESS_newSession($_USER['uid'], $request_ip, $_CONF['session_cookie_timeout']);
if (isset($_COOKIE[$_CONF['cookie_session']])) {
$cookie_domain = $_CONF['cookiedomain'];
$cookie_path = $_CONF['cookie_path'];
setcookie($_COOKIE[$_CONF['cookie_session']], '', time() - 42000, $cookie_path, $cookie_domain, $_CONF['cookiesecure'], true);
}
session_id($sessid);
session_start();
$_SESSION = json_decode($savedSessionData, true);
// initialize session counter
SESS_setVar('session.counter', 1);
if (!isset($_USER['tzid']) || empty($_USER['tzid'])) {
$_USER['tzid'] = $_CONF['timezone'];
}
// Let plugins act on login event
PLG_loginUser($_USER['uid']);
// check and see if they have remember me set
$cooktime = (int) $_USER['cookietimeout'];
if ($cooktime > 0) {
$cookieTimeout = time() + $cooktime;
$token_ttl = $cooktime;
// set userid cookie
SEC_setCookie($_CONF['cookie_name'], $_USER['uid'], $cookieTimeout, $_CONF['cookie_path'], $_CONF['cookiedomain'], $_CONF['cookiesecure'], true);
$ltToken = SEC_createTokenGeneral('ltc', $token_ttl);
// set long term cookie
SEC_setCookie($_CONF['cookie_password'], $ltToken, $cookieTimeout, $_CONF['cookie_path'], $_CONF['cookiedomain'], $_CONF['cookiesecure'], true);
}
DB_query("UPDATE {$_TABLES['users']} set remote_ip='" . DB_escapeString($request_ip) . "' WHERE uid=" . (int) $_USER['uid'], 1);
if ($_CONF['allow_user_themes']) {
// set theme cookie (or update it )
SEC_setcookie($_CONF['cookie_theme'], $_USER['theme'], time() + 31536000, $_CONF['cookie_path'], $_CONF['cookiedomain'], $_CONF['cookiesecure'], true);
}
}
if (isset($_POST['sp_status_yes'])) {
$sp_status = 1;
}
if (isset($_POST['sp_status_no'])) {
$sp_status = 0;
}
} else {
$sp_status = isset($_POST['sp_status']) ? 1 : 0;
}
$display .= PAGE_submit($sp_id, $sp_status, $sp_uid, isset($_POST['sp_title']) ? $_POST['sp_title'] : '', isset($_POST['sp_content']) ? $_POST['sp_content'] : '', isset($_POST['sp_hits']) ? COM_applyFilter($_POST['sp_hits'], true) : 0, isset($_POST['sp_format']) ? COM_applyFilter($_POST['sp_format']) : '', isset($_POST['sp_onmenu']) ? $_POST['sp_onmenu'] : '', isset($_POST['sp_label']) ? $_POST['sp_label'] : '', isset($_POST['commentcode']) ? COM_applyFilter($_POST['commentcode'], true) : 0, isset($_POST['owner_id']) ? COM_applyFilter($_POST['owner_id'], true) : 2, isset($_POST['group_id']) ? COM_applyFilter($_POST['group_id'], true) : 0, isset($_POST['perm_owner']) ? $_POST['perm_owner'] : '', isset($_POST['perm_group']) ? $_POST['perm_group'] : '', isset($_POST['perm_members']) ? $_POST['perm_members'] : '', isset($_POST['perm_anon']) ? $_POST['perm_anon'] : '', isset($_POST['sp_php']) ? $_POST['sp_php'] : '', isset($_POST['sp_nf']) ? $_POST['sp_nf'] : '', isset($_POST['sp_old_id']) ? COM_applyFilter($_POST['sp_old_id']) : '', isset($_POST['sp_nf']) ? $_POST['sp_centerblock'] : '', $sp_help, isset($_POST['sp_tid']) ? COM_applyFilter($_POST['sp_tid']) : '', isset($_POST['sp_where']) ? COM_applyFilter($_POST['sp_where'], true) : 0, isset($_POST['sp_inblock']) ? $_POST['sp_inblock'] : '', isset($_POST['postmode']) ? COM_applyFilter($_POST['postmode']) : '', isset($_POST['sp_search']) ? 1 : 0);
} else {
$display = COM_refresh($_CONF['site_admin_url'] . '/index.php');
}
} else {
//token expired?
SEC_setCookie($_CONF['cookie_name'] . 'adveditor', SEC_createTokenGeneral('advancededitor'), time() + 1200, $_CONF['cookie_path'], $_CONF['cookiedomain'], $_CONF['cookiesecure'], false);
$display .= COM_siteHeader('menu', $LANG_STATIC['staticpageeditor']);
$display .= COM_showMessage(501);
$editor = '';
if (isset($_GET['editor'])) {
$editor = COM_applyFilter($_GET['editor']);
}
// $mode = 'edit';
$owner_id = $_POST['owner_id'];
$group_id = $_POST['group_id'];
$perm_owner = $_POST['perm_owner'];
$perm_group = $_POST['perm_group'];
$perm_members = $_POST['perm_members'];
$perm_anon = $_POST['perm_anon'];
list($perm_owner, $perm_group, $perm_members, $perm_anon) = SEC_getPermissionValues($perm_owner, $perm_group, $perm_members, $perm_anon);
$_POST['perm_owner'] = $perm_owner;
public function sreq_userinfo_response($query)
{
global $_CONF;
// COM_errorLog("FB:sreq_userinfo_response()------------------");
$userinfo = array();
try {
// COM_errorLog("upon entry, _COOKIE[request_token]={$_COOKIE['request_token']}");
// COM_errorLog("upon entry, _COOKIE[request_token_secret]={$_COOKIE['request_token_secret']}");
$verifier = $query[$this->callback_query_string];
$callback_url = $_CONF['site_url'] . '/users.php?oauth_login=facebook';
$params = array('client_id' => $this->consumer_key, 'redirect_uri' => $callback_url, 'client_secret' => $this->consumer_secret, 'code' => $verifier);
// first request obtains access token
$url_auth = $this->url_accessToken . '?' . http_build_query($params, null, '&');
// COM_errorLog("FB:sreq_userinfo_response() req1: " . $url_auth);
$this->request->setUrl($url_auth);
$response = $this->request->send();
$rdata = $response->getBody();
// COM_errorLog("FB:sreq_userinfo_response() rsp1: " . $rdata);
parse_str($rdata, $data);
if (isset($data['access_token'])) {
$this->token = $data['access_token'];
SEC_setCookie('request_token', $data['access_token']);
} else {
// COM_errorLog("error: access_token not retrieved");
$data = json_decode($rdata);
if (!empty($data->error)) {
$this->errormsg = $data->error->message;
}
return;
// early exit
}
// second request obtains what basic user info that the graphs API
// will give us without additional requests (everything but photo)
$params = array('access_token' => $this->token);
$url_me = $this->url_userinfo . '?' . http_build_query($params, null, '&');
// COM_errorLog("FB:sreq_userinfo_response() req2: " . $url_me);
$this->request->setUrl($url_me);
$response = $this->request->send();
$rdata = $response->getBody();
// COM_errorLog("FB:sreq_userinfo_response() rsp2: " . $rdata);
$data = json_decode($rdata);
if (!empty($data->error)) {
$this->errormsg = $data->error->message;
return;
}
$userinfo = $data;
// third request retrieves the user's photo URL
$url_photo = $this->url_userinfo_photo . '?' . http_build_query($params, null, '&');
$this->request->setUrl($url_photo);
// COM_errorLog("FB:sreq_serinfo_response() req3: " . $url_photo);
$response = $this->request->send();
if ($response->getStatus() == '302' and $response->getReasonPhrase() == 'Found') {
$header = $response->getHeader();
$userinfo->photo_url = $header['location'];
// COM_errorLog("photo_url=" . $userinfo->photo_url);
} else {
$userinfo->photo_url = '';
// COM_errorLog("photo_url=(null)");
}
} catch (Exception $e) {
$this->errormsg = get_class($e) . ': ' . $e->getMessage();
}
// COM_errorLog("upon exit, request_token cookie={$this->token}");
// COM_errorLog("upon entry, request_token secret cookie={$this->token_secret}");
return $userinfo;
}
/**
* Log user out
*
* This logs the user out of the system and clears all session vars
*
* @return none Redirects user to index page
*
*/
function userLogout()
{
global $_CONF, $_TABLES, $_USER, $_COOKIE;
if (!empty($_USER['uid']) and $_USER['uid'] > 1) {
DB_query("UPDATE {$_TABLES['users']} set remote_ip='' WHERE uid=" . $_USER['uid'], 1);
SESS_endUserSession($_USER['uid']);
PLG_logoutUser($_USER['uid']);
}
SEC_setCookie($_CONF['cookie_session'], '', time() - 10000, $_CONF['cookie_path'], $_CONF['cookiedomain'], $_CONF['cookiesecure'], true);
SEC_setCookie($_CONF['cookie_password'], '', time() - 10000, $_CONF['cookie_path'], $_CONF['cookiedomain'], $_CONF['cookiesecure'], true);
SEC_setCookie($_CONF['cookie_name'], '', time() - 10000, $_CONF['cookie_path'], $_CONF['cookiedomain'], $_CONF['cookiesecure'], true);
if (isset($_COOKIE['token'])) {
$token = $_COOKIE['token'];
DB_delete($_TABLES['tokens'], 'token', DB_escapeString($token));
SEC_setCookie('token', '', time() - 10000, $_CONF['cookie_path'], $_CONF['cookiedomain'], $_CONF['cookiesecure'], true);
}
DB_delete($_TABLES['tokens'], 'owner_id', (int) $_USER['uid']);
echo COM_refresh($_CONF['site_url'] . '/index.php?msg=8');
}
/**
* Shows the form the admin uses to send glFusion members a message. Now you
* can email a user or an entire group depending upon whether uid or grp_id is
* set. if both arguments are >0, the group send function takes precedence
*
* @return string HTML for the email form
*
*/
function MAIL_displayForm($uid = 0, $grp_id = 0, $from = '', $replyto = '', $subject = '', $message = '')
{
global $_CONF, $_TABLES, $_USER, $LANG31, $LANG03, $LANG_ADMIN;
USES_lib_admin();
$retval = '';
if (isset($_POST['postmode'])) {
$postmode = COM_applyFilter($_POST['postmode']);
if ($postmode != 'html' || $postmode != 'plaintext') {
$postmode = $_CONF['postmode'];
}
} else {
$postmode = $_CONF['postmode'];
}
$mail_templates = new Template($_CONF['path_layout'] . 'admin/mail');
$mail_templates->set_file('form', 'mailform.thtml');
if ($postmode == 'html') {
$mail_templates->set_var('show_htmleditor', true);
} else {
$mail_templates->unset_var('show_htmleditor');
}
$mail_templates->set_var('postmode', $postmode);
$mail_templates->set_var('lang_postmode', $LANG03[2]);
$mail_templates->set_var('postmode_options', COM_optionList($_TABLES['postmodes'], 'code,name', $postmode));
$mail_templates->set_var('startblock_email', COM_startBlock($LANG31[1], '', COM_getBlockTemplate('_admin_block', 'header')));
$mail_templates->set_var('php_self', $_CONF['site_admin_url'] . '/mail.php');
$usermode = $uid > 0 && $grp_id == 0 ? true : false;
$send_to_group = $usermode ? '' : '1';
$mail_templates->set_var('send_to_group', $send_to_group);
$menu_arr = array(array('url' => $_CONF['site_admin_url'] . '/user.php', 'text' => $LANG_ADMIN['admin_users']), array('url' => $_CONF['site_admin_url'] . '/group.php', 'text' => $LANG_ADMIN['admin_groups']), array('url' => $_CONF['site_admin_url'], 'text' => $LANG_ADMIN['admin_home']));
$instructions = $usermode ? $LANG31[28] : $LANG31[19];
$icon = $_CONF['layout_url'] . '/images/icons/mail.png';
$admin_menu = ADMIN_createMenu($menu_arr, $instructions, $icon);
$mail_templates->set_var('admin_menu', $admin_menu);
if ($usermode) {
// we're sending e-Mail to a specific user
$mail_templates->set_var('lang_instructions', $LANG31[28]);
$mail_templates->set_var('lang_to', $LANG31[18]);
$to_user = '';
$lang_warning = $LANG31[29];
$warning = '';
// get the user data, and check the privacy settings
$result = DB_query("SELECT username,fullname,email FROM {$_TABLES['users']} WHERE uid = " . (int) $uid);
$nrows = DB_numRows($result);
if ($nrows > 0) {
$A = DB_fetchArray($result);
$username = $_CONF['show_fullname'] ? $A['fullname'] : $A['username'];
$to_user = $username . ' (' . $A['email'] . ')';
$emailfromadmin = DB_getItem($_TABLES['userprefs'], 'emailfromadmin', "uid = " . (int) $uid);
$warning = $emailfromadmin == 1 ? '' : $LANG31[30];
}
$mail_templates->set_var('to_user', $to_user);
$mail_templates->set_var('to_uid', $uid);
$mail_templates->set_var('lang_warning', $lang_warning);
$mail_templates->set_var('warning', $warning);
} else {
// we're sending e-Mail to a group of users
$mail_templates->set_var('lang_instructions', $LANG31[19]);
$mail_templates->set_var('lang_to', $LANG31[27]);
$mail_templates->set_var('lang_selectgroup', $LANG31[25]);
// build group options select, allow for possibility grp_id has been supplied
$group_options = '';
$result = DB_query("SELECT grp_id, grp_name FROM {$_TABLES['groups']} WHERE grp_name <> 'All Users'");
$nrows = DB_numRows($result);
$groups = array();
for ($i = 0; $i < $nrows; $i++) {
$A = DB_fetchArray($result);
$groups[$A['grp_id']] = ucwords($A['grp_name']);
}
asort($groups);
foreach ($groups as $groupID => $groupName) {
if (SEC_inGroup('Root') || SEC_inGroup($groupName) && $groupName != 'Logged-in Users' && $groupName != 'Mail Admin') {
$group_options .= '<option value="' . $groupID . '"';
$group_options .= $groupID == $grp_id ? ' selected="selected"' : '';
$group_options .= '>' . $groupName . '</option>';
}
}
$mail_templates->set_var('group_options', $group_options);
}
$mail_templates->set_var('lang_from', $LANG31[2]);
$frm = empty($from) ? $_CONF['site_name'] : $from;
$mail_templates->set_var('site_name', $frm);
$mail_templates->set_var('lang_replyto', $LANG31[3]);
$rto = empty($replyto) ? $_CONF['site_mail'] : $replyto;
$mail_templates->set_var('site_mail', $rto);
$mail_templates->set_var('lang_subject', $LANG31[4]);
$mail_templates->set_var('subject', $subject);
$mail_templates->set_var('lang_body', $LANG31[5]);
$mail_templates->set_var('message_text', $message);
$mail_templates->set_var('message_html', $message);
$mail_templates->set_var('lang_sendto', $LANG31[6]);
$mail_templates->set_var('lang_allusers', $LANG31[7]);
$mail_templates->set_var('lang_admin', $LANG31[8]);
$mail_templates->set_var('lang_options', $LANG31[9]);
$mail_templates->set_var('lang_HTML', $LANG31[10]);
$mail_templates->set_var('lang_urgent', $LANG31[11]);
$mail_templates->set_var('lang_ignoreusersettings', $LANG31[14]);
$mail_templates->set_var('lang_send', $LANG31[12]);
$mail_templates->set_var('end_block', COM_endBlock(COM_getBlockTemplate('_admin_block', 'footer')));
$mail_templates->set_var('gltoken_name', CSRF_TOKEN);
$mail_templates->set_var('gltoken', SEC_createToken());
PLG_templateSetVars('contact', $mail_templates);
$mail_templates->parse('output', 'form');
$retval = $mail_templates->finish($mail_templates->get_var('output'));
SEC_setCookie($_CONF['cookie_name'] . 'adveditor', SEC_createTokenGeneral('advancededitor'), time() + 1200, $_CONF['cookie_path'], $_CONF['cookiedomain'], $_CONF['cookiesecure'], false);
return $retval;
}
