$_CONF['path_layout'] = $_CONF['path_themes'] . $_USER['theme'] . '/';
$_CONF['layout_url'] = $_CONF['site_url'] . '/layout/' . $_USER['theme'];
if ($_CONF['allow_user_themes'] == 1) {
if (isset($_COOKIE[$_CONF['cookie_theme']])) {
$theme = COM_sanitizeFilename($_COOKIE[$_CONF['cookie_theme']], true);
if (is_dir($_CONF['path_themes'] . $theme)) {
$_USER['theme'] = $theme;
$_CONF['path_layout'] = $_CONF['path_themes'] . $theme . '/';
$_CONF['layout_url'] = $_CONF['site_url'] . '/layout/' . $theme;
}
}
}
}
COM_resetSpeedlimit('login');
// we are now fully logged in, let's see if there is someplace we need to go....
if (SESS_isSet('login_referer')) {
$_SERVER['HTTP_REFERER'] = SESS_getVar('login_referer');
SESS_unSet('login_referer');
}
if (!empty($_SERVER['HTTP_REFERER']) && strstr($_SERVER['HTTP_REFERER'], '/users.php') === false && substr($_SERVER['HTTP_REFERER'], 0, strlen($_CONF['site_url'])) == $_CONF['site_url']) {
$indexMsg = $_CONF['site_url'] . '/index.php?msg=';
if (substr($_SERVER['HTTP_REFERER'], 0, strlen($indexMsg)) == $indexMsg) {
echo COM_refresh($_CONF['site_url'] . '/index.php');
} else {
// If user is trying to login - force redirect to index.php
if (strstr($_SERVER['HTTP_REFERER'], 'mode=login') === false) {
// if article - we need to ensure we have the story
if (substr($_SERVER['HTTP_REFERER'], 0, strlen($_CONF['site_url'])) == $_CONF['site_url']) {
echo COM_refresh(COM_sanitizeUrl($_SERVER['HTTP_REFERER']));
} else {
echo COM_refresh($_CONF['site_url'] . '/index.php');
/**
* Plugin function that is called after comment form is submitted.
* Needs to at least save the comment and check return value.
* Add any additional logic your plugin may need to perform on comments.
*
* $title comment title
* $comment comment text
* $id Item id to which $cid belongs
* $pid comment parent
* $postmode 'html' or 'text'
*
*/
function _mg_savecomment($title, $comment, $id, $pid, $postmode)
{
global $_CONF, $_MG_CONF, $_TABLES, $LANG03;
$retval = '';
$title = strip_tags($title);
$pid = COM_applyFilter($pid, true);
$postmode = COM_applyFilter($postmode);
$ret = CMT_saveComment($title, $comment, $id, $pid, 'mediagallery', $postmode);
if ($ret > 0) {
$retval = '';
if (SESS_isSet('glfusion.commentpresave.error')) {
$retval = COM_showMessageText(SESS_getVar('glfusion.commentpresave.error'), '', true);
SESS_unSet('glfusion.commentpresave.error');
}
$retval .= CMT_commentform($title, $comment, $id, $pid, 'mediagallery', $LANG03[14], $postmode);
return $retval;
} else {
$comments = DB_count($_TABLES['comments'], array('sid', 'type'), array(DB_escapeString($id), 'mediagallery'));
DB_change($_TABLES['mg_media'], 'media_comments', $comments, 'media_id', DB_escapeString($id));
return COM_refresh($_MG_CONF['site_url'] . "/media.php?s={$id}#comments");
}
}
} elseif (isset($_GET[$provided])) {
$action = $provided;
}
}
$uid = 0;
if (isset($_POST['uid'])) {
$uid = COM_applyFilter($_POST['uid'], true);
} elseif (isset($_GET['uid'])) {
$uid = COM_applyFilter($_GET['uid'], true);
}
$grp_id = 0;
if (isset($_POST['grp_id'])) {
$grp_id = COM_applyFilter($_POST['grp_id'], true);
} elseif (isset($_GET['grp_id'])) {
$grp_id = COM_applyFilter($_GET['grp_id'], true);
} elseif (SESS_isSet('grp_id')) {
$grp_id = SESS_getVar('grp_id');
}
SESS_setVar('grp_id', $grp_id);
$msg = COM_getMessage();
switch ($action) {
case 'edit':
$display .= COM_siteHeader('menu', $LANG28[1]);
if ($uid == 1) {
$display .= COM_siteHeader('menu', $LANG28[11]);
$display .= COM_showMessageFromParameter();
$display .= USER_list();
$display .= COM_siteFooter();
} else {
$display .= USER_edit($uid, $msg);
$display .= COM_siteFooter();
/**
* Returns the groups a user belongs to
*
* This is part of the GL security implementation. This function returns
* all the groups a user belongs to. This function is called recursively
* as groups can belong to other groups
*
* Note: this is an expensive function -- if you are concerned about speed it should only
* be used once at the beginning of a page. The resulting array $_GROUPS can then be
* used through out the page.
*
* @param int $uid User ID to get information for. If empty current user.
* @return array Associative Array grp_name -> ug_main_grp_id of group ID's user belongs to
*
*/
function SEC_getUserGroups($uid = '')
{
global $_TABLES, $_USER, $_SEC_VERBOSE;
static $runonce = array();
if ($_SEC_VERBOSE) {
COM_errorLog("****************in getusergroups(uid={$uid},usergroups={$usergroups},cur_grp_id={$cur_grp_id})***************", 1);
}
$cache = false;
$groups = array();
if (empty($uid)) {
if (COM_isAnonUser()) {
$uid = 1;
} else {
$uid = $_USER['uid'];
$cache = true;
}
} else {
$uid = (int) $uid;
}
if ($uid == 1) {
$cache = true;
}
if (array_key_exists($uid, $runonce)) {
return $runonce[$uid];
}
if ($cache && SESS_isSet('glfusion.user_groups.' . $uid)) {
return unserialize(SESS_getVar('glfusion.user_groups.' . $uid));
}
$result = DB_query("SELECT ug_main_grp_id,grp_name FROM {$_TABLES['group_assignments']},{$_TABLES['groups']}" . " WHERE grp_id = ug_main_grp_id AND ug_uid = " . (int) $uid, 1);
if ($result == FALSE) {
$runonce[$uid] = $groups;
return $groups;
}
$nrows = DB_numRows($result);
if ($_SEC_VERBOSE) {
COM_errorLog("got {$nrows} rows", 1);
}
while ($nrows > 0) {
$cgroups = array();
for ($i = 1; $i <= $nrows; $i++) {
$A = DB_fetchArray($result);
if ($_SEC_VERBOSE) {
COM_errorLog('user is in group ' . $A['grp_name'], 1);
}
if (!in_array($A['ug_main_grp_id'], $groups)) {
array_push($cgroups, $A['ug_main_grp_id']);
$groups[ucfirst($A['grp_name'])] = $A['ug_main_grp_id'];
}
}
if (sizeof($cgroups) > 0) {
$glist = join(',', $cgroups);
$result = DB_query("SELECT ug_main_grp_id,grp_name FROM {$_TABLES["group_assignments"]},{$_TABLES["groups"]}" . " WHERE grp_id = ug_main_grp_id AND ug_grp_id IN ({$glist})", 1);
$nrows = DB_numRows($result);
} else {
$nrows = 0;
}
}
if (count($groups) == 0) {
$groups = array('All Users' => 2);
}
ksort($groups);
if ($_SEC_VERBOSE) {
COM_errorLog("****************leaving getusergroups(uid={$uid})***************", 1);
}
$runonce[$uid] = $groups;
if ($cache) {
SESS_setVar('glfusion.user_groups.' . $uid, serialize($groups));
}
return $groups;
}
/**
* article: saves a comment
*
* @param string $title comment title
* @param string $comment comment text
* @param string $id Item id to which $cid belongs
* @param int $pid comment parent
* @param string $postmode 'html' or 'text'
* @return mixed false for failure, HTML string (redirect?) for success
*/
function plugin_savecomment_article($title, $comment, $id, $pid, $postmode)
{
global $_CONF, $_TABLES, $LANG03, $_USER;
$retval = '';
$commentcode = DB_getItem($_TABLES['stories'], 'commentcode', "(sid = '" . DB_escapeString($id) . "') AND (draft_flag = 0) AND (date <= NOW())" . COM_getPermSQL('AND'));
if (!isset($commentcode) || $commentcode != 0) {
return COM_refresh($_CONF['site_url'] . '/index.php');
}
$ret = CMT_saveComment($title, $comment, $id, $pid, 'article', $postmode);
if ($ret > 0) {
// failure
$msg = '';
if (SESS_isSet('glfusion.commentpresave.error')) {
$msg = COM_showMessageText(SESS_getVar('glfusion.commentpresave.error'), '', 1, 'error');
SESS_unSet('glfusion.commentpresave.error');
} else {
if (empty($title) || empty($comment)) {
$msg = COM_showMessageText($LANG03[12], '', 1, 'error');
}
}
$retval .= $msg . CMT_commentForm($title, $comment, $id, $pid, 'article', $LANG03[14], $postmode);
} else {
// success
$comments = DB_count($_TABLES['comments'], array('type', 'sid'), array('article', $id));
DB_change($_TABLES['stories'], 'comments', $comments, 'sid', $id);
COM_olderStuff();
// update comment count in Older Stories block
$retval = COM_refresh(COM_buildUrl($_CONF['site_url'] . "/article.php?story={$id}#comments"));
}
return $retval;
}
exit;
}
require_once $_CONF['path'] . 'plugins/mediagallery/include/init.php';
MG_initAlbums();
/*
* Main Function
*/
$album_id = 0;
if (isset($_GET['aid'])) {
$album_id = (int) COM_applyFilter($_GET['aid'], true);
}
$page = 0;
if (isset($_GET['page'])) {
$page = (int) COM_applyFilter($_GET['page'], true);
} else {
if (SESS_isSet('mediagallery.album.page')) {
$page = SESS_getVar('mediagallery.album.page');
}
}
$sortOrder = 0;
if (isset($_GET['sort'])) {
$sortOrder = (int) COM_applyFilter($_GET['sort'], true);
}
$media_id = 0;
if (isset($_GET['s'])) {
$media_id = COM_applyFilter($_GET['s'], true);
}
if ($page != 0) {
$page = $page - 1;
} else {
if ($media_id != 0) {
/**
* Returns message number if set
*
* @return int $msg message number to display or 0
*/
function COM_getMessage()
{
$msg = 0;
if (isset($_POST['msg'])) {
$msg = COM_applyFilter($_POST['msg'], true);
} elseif (isset($_GET['msg'])) {
$msg = COM_applyFilter($_GET['msg'], true);
} elseif (SESS_isSet('glfusion.infomessage')) {
$msg = COM_applyFilter(SESS_getVar('glfusion.infomessage'), true);
SESS_unSet('glfusion.infomessage');
}
return $msg;
}
function STORY_list()
{
global $_CONF, $_TABLES, $_IMAGE_TYPE, $LANG09, $LANG_ADMIN, $LANG_ACCESS, $LANG24;
USES_lib_admin();
$retval = '';
$form = new Template($_CONF['path_layout'] . 'admin/story/');
$form->set_file('form', 'story_admin.thtml');
if (!empty($_GET['tid'])) {
$current_topic = COM_applyFilter($_GET['tid']);
} elseif (!empty($_POST['tid'])) {
$current_topic = COM_applyFilter($_POST['tid']);
} elseif (!empty($_GET['ptid'])) {
$current_topic = COM_applyFilter($_GET['ptid']);
} else {
if (SESS_isSet('story_admin_topic')) {
$current_topic = SESS_getVar('story_admin_topic');
} else {
$current_topic = $LANG09[9];
}
}
SESS_setVar('story_admin_topic', $current_topic);
if ($current_topic == $LANG09[9]) {
$excludetopics = '';
$seltopics = '';
$topicsql = "SELECT tid,topic FROM {$_TABLES['topics']}" . COM_getPermSQL();
$tresult = DB_query($topicsql);
$trows = DB_numRows($tresult);
if ($trows > 0) {
$excludetopics .= ' (';
for ($i = 1; $i <= $trows; $i++) {
$T = DB_fetchArray($tresult);
if ($i > 1) {
$excludetopics .= ' OR ';
}
$excludetopics .= "tid = '{$T['tid']}'";
$seltopics .= '<option value="' . $T['tid'] . '"';
if ($current_topic == "{$T['tid']}") {
$seltopics .= ' selected="selected"';
}
$seltopics .= '>' . $T['topic'] . ' (' . $T['tid'] . ')' . '</option>' . LB;
}
$excludetopics .= ') ';
}
} else {
$excludetopics = " tid = '{$current_topic}' ";
$seltopics = COM_topicList('tid,topic', $current_topic, 1, true);
}
$alltopics = '<option value="' . $LANG09[9] . '"';
if ($current_topic == $LANG09[9]) {
$alltopics .= ' selected="selected"';
}
$alltopics .= '>' . $LANG09[9] . '</option>' . LB;
$filter = $LANG_ADMIN['topic'] . ': <select name="tid" style="width: 125px" onchange="this.form.submit()">' . $alltopics . $seltopics . '</select>';
$header_arr = array();
$header_arr[] = array('text' => $LANG_ADMIN['edit'], 'field' => 'edit', 'sort' => false, 'align' => 'center', 'width' => '35px');
$header_arr[] = array('text' => $LANG_ADMIN['copy'], 'field' => 'copy', 'sort' => false, 'align' => 'center', 'width' => '35px');
$header_arr[] = array('text' => $LANG_ADMIN['title'], 'field' => 'title', 'sort' => true);
$header_arr[] = array('text' => $LANG_ADMIN['topic'], 'field' => 'tid', 'sort' => true);
$header_arr[] = array('text' => $LANG_ACCESS['access'], 'field' => 'access', 'sort' => false, 'align' => 'center');
$header_arr[] = array('text' => $LANG24[34], 'field' => 'draft_flag', 'sort' => true, 'align' => 'center');
$header_arr[] = array('text' => $LANG24[32], 'field' => 'featured', 'sort' => true, 'align' => 'center');
$header_arr[] = array('text' => $LANG24[7], 'field' => 'username', 'sort' => true);
//author
$header_arr[] = array('text' => $LANG24[15], 'field' => 'unixdate', 'sort' => true, 'align' => 'center');
//date
if (SEC_hasRights('story.ping') && ($_CONF['trackback_enabled'] || $_CONF['pingback_enabled'] || $_CONF['ping_enabled'])) {
$header_arr[] = array('text' => $LANG24[20], 'field' => 'ping', 'sort' => false, 'align' => 'center');
}
$header_arr[] = array('text' => $LANG_ADMIN['delete'], 'field' => 'delete', 'sort' => false, 'align' => 'center');
$defsort_arr = array('field' => 'unixdate', 'direction' => 'desc');
$menu_arr = array(array('url' => $_CONF['site_admin_url'] . '/story.php?edit=x', 'text' => $LANG_ADMIN['create_new']), array('url' => $_CONF['site_admin_url'] . '/moderation.php', 'text' => $LANG_ADMIN['submissions']));
if (SEC_inGroup('Root')) {
$menu_arr[] = array('url' => $_CONF['site_admin_url'] . '/story.php?global=x', 'text' => 'Global Settings');
}
$menu_arr[] = array('url' => $_CONF['site_admin_url'], 'text' => $LANG_ADMIN['admin_home']);
$form->set_var('block_start', COM_startBlock($LANG24[22], '', COM_getBlockTemplate('_admin_block', 'header')));
$form->set_var('admin_menu', ADMIN_createMenu($menu_arr, $LANG24[23], $_CONF['layout_url'] . '/images/icons/story.' . $_IMAGE_TYPE));
$text_arr = array('has_extras' => true, 'form_url' => $_CONF['site_admin_url'] . '/story.php');
$sql = "SELECT {$_TABLES['stories']}.*, {$_TABLES['users']}.username, {$_TABLES['users']}.fullname, " . "UNIX_TIMESTAMP(date) AS unixdate FROM {$_TABLES['stories']} " . "LEFT JOIN {$_TABLES['users']} ON {$_TABLES['stories']}.uid={$_TABLES['users']}.uid " . "WHERE 1=1 ";
if (!empty($excludetopics)) {
$excludetopics = 'AND ' . $excludetopics;
}
$query_arr = array('table' => 'stories', 'sql' => $sql, 'query_fields' => array('title', 'introtext', 'bodytext', 'sid', 'tid'), 'default_filter' => $excludetopics . COM_getPermSQL('AND'));
$token = SEC_createToken();
$form_arr = array('bottom' => '<input type="hidden" name="' . CSRF_TOKEN . '" value="' . $token . '"/>');
$form->set_var('admin_list', ADMIN_list('story', 'STORY_getListField', $header_arr, $text_arr, $query_arr, $defsort_arr, $filter, $token, '', $form_arr));
$form->set_var('block_end', COM_endBlock(COM_getBlockTemplate('_admin_block', 'footer')));
$retval = $form->parse('output', 'form');
return $retval;
}
/**
* Creates a list of data with a search, filter, clickable headers etc.
*
* @param string $component name of the list
* @param string $fieldfunction name of the function that handles special entries
* @param array $header_arr array of header fields with sortables and table fields
* @param array $text_arr array with different text strings
* @param array $query_arr array with sql-options
* @param array $defsort_arr default sorting values
* @param string $filter additional drop-down filters
* @param string $extra additional values passed to fieldfunction
* @param array $options_arr array of options - used for check-all feature
* @param array $form_arr optional extra forms at top or bottom
* @return string HTML output of function
*
*/
function ADMIN_list($component, $fieldfunction, $header_arr, $text_arr, $query_arr, $defsort_arr, $filter = '', $extra = '', $options_arr = '', $form_arr = '')
{
global $_CONF, $_TABLES, $LANG_ADMIN, $LANG_ACCESS, $LANG01, $_IMAGE_TYPE, $MESSAGE;
// retrieve the query
if (isset($_GET['q'])) {
$query = strip_tags($_GET['q']);
} else {
if (isset($_POST['q'])) {
$query = strip_tags($_POST['q']);
} else {
if (SESS_isSet($component . '_q')) {
$query = strip_tags(SESS_getVar($component . '_q'));
} else {
$query = '';
}
}
}
// retrieve the query_limit
if (isset($_GET['query_limit'])) {
$query_limit = COM_applyFilter($_GET['query_limit'], true);
} else {
if (isset($_POST['query_limit'])) {
$query_limit = COM_applyFilter($_POST['query_limit'], true);
} else {
if (SESS_isSet($component . '_query_limit')) {
$query_limit = COM_applyFilter(SESS_getVar($component . '_query_limit'), true);
} else {
$query_limit = 50;
}
}
}
// get the current page from the interface. The variable is linked to the
// component, i.e. the plugin/function calling this here to avoid overlap
// the default page number is 1
if (isset($_GET[$component . 'listpage'])) {
$page = COM_applyFilter($_GET[$component . 'listpage'], true);
$curpage = $page;
} else {
if (isset($_POST[$component . 'listpage'])) {
$page = COM_applyFilter($_POST[$component . 'listpage'], true);
$curpage = $page;
} else {
if (SESS_isSet($component . 'listpage')) {
$page = COM_applyFilter(SESS_getVar($component . 'listpage'), true);
$curpage = $page;
} else {
$page = '';
$curpage = 1;
}
}
}
$curpage = $curpage <= 0 ? 1 : $curpage;
// curpagee has to be > 0
// process text_arr for title, help url and form url
$title = (is_array($text_arr) and !empty($text_arr['title'])) ? $text_arr['title'] : '';
$help_url = (is_array($text_arr) and !empty($text_arr['help_url'])) ? $text_arr['help_url'] : '';
$form_url = (is_array($text_arr) and !empty($text_arr['form_url'])) ? $text_arr['form_url'] : '';
// determine what extra options we should use (search, limit, paging)
if (isset($text_arr['has_extras']) && $text_arr['has_extras']) {
# old option, denotes all
$has_search = true;
$has_limit = true;
$has_paging = true;
} else {
$has_search = isset($text_arr['has_search']) && $text_arr['has_search'] ? true : false;
$has_limit = isset($text_arr['has_limit']) && $text_arr['has_limit'] ? true : false;
$has_paging = isset($text_arr['has_paging']) && $text_arr['has_paging'] ? true : false;
}
// process options_arr for chkdelete/chkselect options if any
$chkselect = (is_array($options_arr) and (isset($options_arr['chkselect']) and $options_arr['chkselect'] or isset($options_arr['chkdelete']) and $options_arr['chkdelete'])) ? true : false;
$chkall = (is_array($options_arr) and isset($options_arr['chkall'])) ? $options_arr['chkall'] : true;
$chkname = (is_array($options_arr) and isset($options_arr['chkname'])) ? $options_arr['chkname'] : 'delitem';
$chkfield = (is_array($options_arr) and isset($options_arr['chkfield'])) ? $options_arr['chkfield'] : '';
$chkactions = (is_array($options_arr) and isset($options_arr['chkactions'])) ? $options_arr['chkactions'] : '';
$chkfunction = (is_array($options_arr) and isset($options_arr['chkfunction'])) ? $options_arr['chkfunction'] : 'ADMIN_chkDefault';
$chkminimum = (is_array($options_arr) and isset($options_arr['chkminimum'])) ? $options_arr['chkminimum'] : 1;
# get all template fields.
$admin_templates = new Template($_CONF['path_layout'] . 'admin/lists');
$admin_templates->set_file(array('search' => 'searchmenu.thtml', 'list' => 'list.thtml', 'header' => 'header.thtml', 'row' => 'listitem.thtml', 'field' => 'field.thtml', 'arow' => 'actionrow.thtml'));
# insert std. values into the template
$admin_templates->set_var('form_url', $form_url);
$admin_templates->set_var('lang_edit', $LANG_ADMIN['edit']);
$admin_templates->set_var('lang_delconfirm', $LANG01[125]);
if (isset($form_arr['top'])) {
$admin_templates->set_var('formfields_top', $form_arr['top']);
}
if (isset($form_arr['bottom'])) {
$admin_templates->set_var('formfields_bottom', $form_arr['bottom']);
}
// Check if the delete checkbox and support for the delete all feature should be displayed
if ($chkselect) {
if ($chkall) {
$admin_templates->set_var('header_text', '<input type="checkbox" name="chk_selectall" title="' . $LANG01[126] . '" onclick="caItems(this.form,\'' . $chkname . '\');"/>');
} else {
$admin_templates->set_var('header_text', '<input type="checkbox" name="disabled" value="x" style="visibility:hidden" disabled="disabled" />');
}
$admin_templates->set_var('class', 'admin-list-field');
$admin_templates->set_var('header_column_style', 'style="text-align:center;width:25px;"');
// always center checkbox
$admin_templates->parse('header_row', 'header', true);
}
$icon_arr = ADMIN_getIcons();
if ($has_search) {
// show search
$admin_templates->set_var('lang_search', $LANG_ADMIN['search']);
$admin_templates->set_var('lang_submit', $LANG_ADMIN['submit']);
$admin_templates->set_var('last_query', htmlspecialchars($query));
$admin_templates->set_var('filter', $filter);
}
$sql = $query_arr['sql'];
// get sql from array that builds data
if (isset($_GET['orderby']) || SESS_isSet($component . '_orderby')) {
if (isset($_GET['orderby'])) {
$orderbyidx = COM_applyFilter($_GET['orderby'], true);
} else {
$orderbyidx = COM_applyFilter(SESS_getVar($component . '_orderby'), true);
}
if (isset($header_arr[$orderbyidx]['field']) && $header_arr[$orderbyidx]['sort'] != false) {
$orderidx_link = "&orderby={$orderbyidx}";
// preserve the value for paging
$orderby = $header_arr[$orderbyidx]['field'];
// get the field name to sort by
} else {
$orderby = $defsort_arr['field'];
// not set - use default (this could be null)
$orderidx_link = '';
$orderbyidx = '';
}
} else {
$orderby = $defsort_arr['field'];
// not set - use default (this could be null)
$orderidx_link = '';
$orderbyidx = '';
}
// set sort direction. defaults to ASC
if (isset($_GET['direction'])) {
$direction = COM_applyFilter($_GET['direction']);
} else {
if (SESS_isSet($component . '_direction')) {
$direction = SESS_getVar($component . '_direction');
} else {
$direction = $defsort_arr['direction'];
}
}
$direction = strtoupper($direction) == 'DESC' ? 'DESC' : 'ASC';
// retrieve previous sort order field
if (isset($_GET['prevorder'])) {
$prevorder = COM_applyFilter($_GET['prevorder']);
} else {
$prevorder = '';
}
// reverse direction if previous order field was the same (this is a toggle)
if ($orderby == $prevorder) {
// reverse direction if prev. order was the same
$direction = $direction == 'DESC' ? 'ASC' : 'DESC';
}
SESS_setVar($component . 'listpage', $page);
SESS_setVar($component . '_q', $query);
SESS_setVar($component . '_query_limit', $query_limit);
SESS_setVar($component . '_direction', $direction);
SESS_setVar($component . '_orderby', $orderbyidx);
// ok now let's build the order sql
$orderbysql = !empty($orderby) ? "ORDER BY {$orderby} {$direction}" : '';
// assign proper arrow img based upon order
$arrow_img = $direction == 'ASC' ? 'ascending' : 'descending';
$img_arrow_url = "{$_CONF['layout_url']}/images/admin/{$arrow_img}.{$_IMAGE_TYPE}";
$attr['style'] = "vertical-align:text-top;";
$img_arrow = ' ' . COM_createImage($img_arrow_url, $arrow_img, $attr);
# HEADER FIELDS array(text, field, sort, align, class) =====================
// number of columns in each row
$ncols = count($header_arr);
for ($i = 0; $i < $ncols; $i++) {
$header_text = isset($header_arr[$i]['text']) && !empty($header_arr[$i]['text']) ? $header_arr[$i]['text'] : '';
// check to see if field is sortable
if (isset($header_arr[$i]['sort']) && $header_arr[$i]['sort'] != false) {
// add the sort indicator
$header_text .= $orderby == $header_arr[$i]['field'] ? $img_arrow : '';
// change the mouse to a pointer
$th_subtags = " onmouseover=\"this.style.cursor='pointer';\"";
// create an index so we know what to sort
$separator = strpos($form_url, '?') > 0 ? '&' : '?';
// ok now setup the parameters to preserve:
// sort field and direction
$th_subtags .= " onclick=\"window.location.href='{$form_url}{$separator}" . "orderby={$i}&prevorder={$orderby}&direction={$direction}";
// page number
$th_subtags .= !empty($page) ? '&' . $component . 'listpage=' . $page : '';
// query
$th_subtags .= !empty($query) ? '&q=' . urlencode($query) : '';
// query limit
$th_subtags .= !empty($query_limit) ? '&query_limit=' . $query_limit : '';
$th_subtags .= "';\"";
} else {
$th_subtags = '';
}
// apply field styling if specified
if (!empty($header_arr[$i]['header_class'])) {
$admin_templates->set_var('class', $header_arr[$i]['header_class']);
} else {
$admin_templates->set_var('class', 'admin-list-headerfield');
}
// apply field alignment options if specified
$header_column_style = '';
if (!empty($header_arr[$i]['align'])) {
if ($header_arr[$i]['align'] == 'center') {
$header_column_style = 'text-align:center;';
} elseif ($header_arr[$i]['align'] == 'right') {
$header_column_style = 'text-align:right;';
}
}
// apply field wrap option if specified
$header_column_style .= isset($header_arr[$i]['nowrap']) ? ' white-space:nowrap;' : '';
// apply field width option if specified
$header_column_style .= isset($header_arr[$i]['width']) ? ' width:' . $header_arr[$i]['width'] . ';' : '';
// apply field style option if specified
if (!empty($header_column_style)) {
$admin_templates->set_var('header_column_style', 'style="' . $header_column_style . '"');
} else {
$admin_templates->clear_var('header_column_style');
}
// output the header field
$admin_templates->set_var('header_text', $header_text);
$admin_templates->set_var('th_subtags', $th_subtags);
$admin_templates->parse('header_row', 'header', true);
// clear all for next header
$admin_templates->clear_var('th_subtags');
$admin_templates->clear_var('class');
$admin_templates->clear_var('header_text');
}
if ($has_limit) {
$admin_templates->set_var('lang_limit_results', $LANG_ADMIN['limit_results']);
$limit = !empty($query_limit) ? $query_limit : 50;
// query limit (default=50)
if ($query != '') {
# set query into form after search
$admin_templates->set_var('query', urlencode($query));
} else {
$admin_templates->set_var('query', '');
}
$admin_templates->set_var('query_limit', $query_limit);
# choose proper dropdown field for query limit
$admin_templates->set_var($limit . '_selected', 'selected="selected"');
// set the default sql filter (if any)
$filtersql = isset($query_arr['default_filter']) && !empty($query_arr['default_filter']) ? " {$query_arr['default_filter']}" : '';
// now add the query fields
if (!empty($query)) {
# add query fields with search term
$filtersql .= " AND (";
for ($f = 0; $f < count($query_arr['query_fields']); $f++) {
$filtersql .= $query_arr['query_fields'][$f] . " LIKE '%" . DB_escapeString($query) . "%'";
if ($f < count($query_arr['query_fields']) - 1) {
$filtersql .= " OR ";
}
}
$filtersql .= ")";
}
$num_pagessql = $sql . $filtersql;
$num_pagesresult = DB_query($num_pagessql);
$num_rows = DB_numRows($num_pagesresult);
$num_pages = ceil($num_rows / $limit);
$curpage = $num_pages < $curpage ? 1 : $curpage;
// don't go beyond possible results
$offset = ($curpage - 1) * $limit;
$limitsql = "LIMIT {$offset},{$limit}";
// get only current page data
$admin_templates->set_var('lang_records_found', $LANG_ADMIN['records_found']);
$admin_templates->set_var('records_found', COM_numberFormat($num_rows));
}
if ($has_search || $has_limit || $has_paging) {
$admin_templates->parse('search_menu', 'search', true);
} else {
$admin_templates->set_var('search_menu', '');
}
# form the sql query to retrieve the data
if (!isset($filtersql)) {
$filtersql = '';
}
if (!isset($orderbysql)) {
$orderbysql = '';
}
if (!isset($limitsql)) {
$limitsql = '';
}
$sql .= "{$filtersql} {$orderbysql} {$limitsql};";
$result = DB_query($sql);
// number of rows/records to display
$nrows = DB_numRows($result);
$r = 1;
# r is the counter for the actual displayed rows for correct coloring
for ($i = 0; $i < $nrows; $i++) {
# now go through actual data
$A = DB_fetchArray($result);
$row_output = false;
# as long as no fields are returned, dont print row
if ($chkselect) {
$admin_templates->set_var('class', 'admin-list-field');
$admin_templates->set_var('column_style', 'style="text-align:center;"');
// always center checkbox
if ($chkfunction($A)) {
$admin_templates->set_var('itemtext', '<input type="checkbox" name="' . $chkname . '[]" value="' . $A[$chkfield] . '" title="' . $LANG_ADMIN['select'] . '"/>');
} else {
$admin_templates->set_var('itemtext', '<input type="checkbox" name="disabled" value="x" style="visibility:hidden" disabled="disabled" />');
}
$admin_templates->parse('item_field', 'field', true);
}
for ($j = 0; $j < $ncols; $j++) {
$fieldname = $header_arr[$j]['field'];
# get field name from headers
$fieldvalue = '';
if (!empty($A[$fieldname])) {
# is there a field in data like that?
$fieldvalue = $A[$fieldname];
# yes, get its data
}
if (!empty($fieldfunction) && !empty($extra)) {
$fieldvalue = $fieldfunction($fieldname, $fieldvalue, $A, $icon_arr, $extra);
} else {
if (!empty($fieldfunction)) {
# do we have a fieldfunction?
$fieldvalue = $fieldfunction($fieldname, $fieldvalue, $A, $icon_arr);
} else {
# if not just take the value
$fieldvalue = $fieldvalue;
}
}
if ($fieldvalue !== false) {
# return was there, so write line
$row_output = true;
} else {
$fieldvalue = '';
// dont give empty fields
}
if (!empty($header_arr[$j]['field_class'])) {
$admin_templates->set_var('class', $header_arr[$j]['field_class']);
} else {
$admin_templates->set_var('class', 'admin-list-field');
}
// process field alignment option if specified
$column_style = '';
if (!empty($header_arr[$j]['align'])) {
if ($header_arr[$j]['align'] == 'center') {
$column_style = 'text-align:center;';
} elseif ($header_arr[$j]['align'] == 'right') {
$column_style = 'text-align:right;';
}
}
$column_style .= isset($header_arr[$j]['nowrap']) ? ' white-space:nowrap;' : '';
if (!empty($column_style)) {
$admin_templates->set_var('column_style', 'style="' . $column_style . '"');
} else {
$admin_templates->clear_var('column_style');
}
$admin_templates->set_var('itemtext', $fieldvalue);
# write field
$admin_templates->parse('item_field', 'field', true);
}
if ($row_output) {
# there was data in at least one field, so print line
$r++;
# switch to next color
$admin_templates->set_var('cssid', $r % 2 + 1);
# make alternating table color
$admin_templates->parse('item_row', 'row', true);
# process the complete row
}
$admin_templates->clear_var('item_field');
# clear field
}
if ($nrows == 0) {
# there is no data. return notification message.
$message = isset($no_data) ? $text_arr['no_data'] : $LANG_ADMIN['no_results'];
$admin_templates->set_var('message', $message);
} else {
// $footer_cols = ($chkselect) ? $ncols + 1 : $ncols;
// $admin_templates->set_var('footer_row', '<tr><td colspan="' . $footer_cols . '"><div style="margin:2px 0 2px 0;border-top:1px solid #cccccc"></div></td></tr>');
}
// if we displayed data, and chkselect option is available, display the
// actions row for all selected items. provide a delete action as a minimum
if ($nrows > 0 and $chkselect) {
$actions = '<td style="text-align:center;">' . '<img src="' . $_CONF['layout_url'] . '/images/admin/action.' . $_IMAGE_TYPE . '" alt="" /></td>';
$actions .= '<td colspan="' . $ncols . '">' . $LANG_ADMIN['action'] . ' ';
if (empty($chkactions)) {
$actions .= '<input name="delbutton" type="image" src="' . $_CONF['layout_url'] . '/images/admin/delete.' . $_IMAGE_TYPE . '" style="vertical-align:text-bottom;" title="' . $LANG01[124] . '" onclick="return confirm(\'' . $LANG01[125] . '\');"' . '/> ' . $LANG_ADMIN['delete'];
} else {
$actions .= $chkactions;
}
$actions .= '</td>';
$admin_templates->set_var('actions', $actions);
$admin_templates->parse('action_row', 'arow', true);
}
// perform the paging
if ($has_paging) {
$hasargs = strstr($form_url, '?');
if ($hasargs) {
$sep = '&';
} else {
$sep = '?';
}
if (!empty($query)) {
# port query to next page
$base_url = $form_url . $sep . 'q=' . urlencode($query) . "&query_limit={$query_limit}{$orderidx_link}&direction={$direction}";
} else {
$base_url = $form_url . $sep . "query_limit={$query_limit}{$orderidx_link}&direction={$direction}";
}
if ($num_pages > 1) {
# print actual google-paging
$admin_templates->set_var('google_paging', COM_printPageNavigation($base_url, $curpage, $num_pages, $component . 'listpage='));
} else {
$admin_templates->set_var('google_paging', '');
}
}
// return the html output
$admin_templates->parse('output', 'list');
$retval = !empty($title) ? COM_startBlock($title, $help_url, COM_getBlockTemplate('_admin_block', 'header')) : '';
$retval .= $admin_templates->finish($admin_templates->get_var('output'));
$retval .= !empty($title) ? COM_endBlock(COM_getBlockTemplate('_admin_block', 'footer')) : '';
return $retval;
}
function FF_saveTopic($forumData, $postData, $action)
{
global $_CONF, $_TABLES, $_FF_CONF, $_USER, $LANG03, $LANG_GF01, $LANG_GF02;
$retval = '';
$uploadErrors = '';
$msg = '';
$errorMessages = '';
$email = '';
$forumfiles = array();
$okToSave = true;
$dt = new Date('now', $_USER['tzid']);
$date = $dt->toUnix();
$REMOTE_ADDR = $_SERVER['REMOTE_ADDR'];
if (COM_isAnonUser()) {
$uid = 1;
} else {
$uid = $_USER['uid'];
}
// verify postmode is allowed
if (strtolower($postData['postmode']) == 'html') {
if ($_FF_CONF['allow_html'] || SEC_inGroup('Root') || SEC_hasRights('forum.html')) {
$postData['postmode'] = 'html';
} else {
$postData['postmode'] = 'text';
}
}
// is forum readonly?
if ($forumData['is_readonly'] == 1) {
// Check if this user has moderation rights now to allow a post to a locked topic
if (!forum_modPermission($forumData['forum'], $uid, 'mod_edit')) {
_ff_accessError();
}
}
if ($action == 'saveedit') {
// does the forum match the forum id of the posted data?
if ($forumData['forum'] != 0 && $forumData['forum'] != $postData['forum']) {
_ff_accessError();
}
$editid = COM_applyFilter($postData['editid'], true);
$forum = COM_applyFilter($postData['forum'], true);
$editAllowed = false;
if (forum_modPermission($forumData['forum'], $_USER['uid'], 'mod_edit')) {
$editAllowed = true;
} else {
if ($_FF_CONF['allowed_editwindow'] > 0) {
$t1 = DB_getItem($_TABLES['ff_topic'], 'date', "id=" . (int) $postData['id']);
$t2 = $_FF_CONF['allowed_editwindow'];
$time = time();
if (time() - $t2 < $t1) {
$editAllowed = true;
}
} else {
$editAllowed = true;
}
}
if ($postData['editpid'] < 1 && trim($postData['subject']) == '') {
$retval .= FF_BlockMessage('', $LANG_GF02['msg18'], false);
$okToSave = false;
} elseif (!$editAllowed) {
$link = $_CONF['site_url'] . '/forum/viewtopic.php?showtopic=' . (int) $postData['$id'];
$retval .= _ff_alertMessage('', $LANG_GF02['msg189'], sprintf($LANG_GF02['msg187'], $link));
$okToSave = false;
}
} else {
if (!COM_isAnonUser() && $_FF_CONF['use_sfs']) {
$email = isset($_USER['email']) ? $_USER['email'] : '';
}
}
if (isset($postData['name']) && $postData['name'] != '') {
$name = _ff_preparefordb(@htmlspecialchars(strip_tags(trim(COM_checkWords(USER_sanitizeName($postData['name'])))), ENT_QUOTES, COM_getEncodingt()), 'text');
$name = urldecode($name);
} else {
$okToSave = false;
$errorMessages .= $LANG_GF02['invalid_name'] . '<br />';
}
// speed limit check
if (!SEC_hasRights('forum.edit')) {
COM_clearSpeedlimit($_FF_CONF['post_speedlimit'], 'forum');
$last = COM_checkSpeedlimit('forum');
if ($last > 0) {
$errorMessages .= sprintf($LANG_GF01['SPEEDLIMIT'], $last, $_FF_CONF['post_speedlimit']) . '<br/>';
$okToSave = false;
}
}
// standard edit checks
if (strlen(trim($postData['name'])) < $_FF_CONF['min_username_length'] || strlen(trim($postData['subject'])) < $_FF_CONF['min_subject_length'] || strlen(trim($postData['comment'])) < $_FF_CONF['min_comment_length']) {
$errorMessages .= $LANG_GF02['msg18'] . '<br/>';
$okToSave = false;
}
// CAPTCHA check
if (function_exists('plugin_itemPreSave_captcha') && $okToSave == true) {
if (!isset($postData['captcha'])) {
$postData['captcha'] = '';
}
$msg = plugin_itemPreSave_captcha('forum', $postData['captcha']);
if ($msg != '') {
$errorMessages .= $msg . '<br/>';
$okToSave = false;
}
}
$status = 0;
if (isset($postData['disable_bbcode']) && $postData['disable_bbcode'] == 1) {
$status += DISABLE_BBCODE;
}
if (isset($postData['disable_smilies']) && $postData['disable_smilies'] == 1) {
$status += DISABLE_SMILIES;
}
if (isset($postData['disable_urlparse']) && $postData['disable_urlparse'] == 1) {
$status += DISABLE_URLPARSE;
}
// spamx check
if ($_FF_CONF['use_spamx_filter'] == 1 && $okToSave == true) {
SESS_unSet('spamx_msg');
// clear out the message.
// Check for SPAM
$spamcheck = '<h1>' . $postData['subject'] . '</h1><p>' . FF_formatTextBlock($postData['comment'], $postData['postmode'], 'preview', $status) . '</p>';
$result = PLG_checkforSpam($spamcheck, $_CONF['spamx']);
// Now check the result and redirect to index.php if spam action was taken
if ($result > 0) {
// then tell them to get lost ...
$errorMessages .= $LANG_GF02['spam_detected'];
if (SESS_isSet('spamx_msg')) {
$errorMessages .= '<br>' . SESS_getVar('spamx_msg') . '<br>';
SESS_unSet('spamx_msg');
}
$okToSave = false;
}
}
if ($_FF_CONF['use_sfs'] == 1 && COM_isAnonUser() && function_exists('plugin_itemPreSave_spamx')) {
$spamCheckData = array('username' => $postData['name'], 'email' => $email, 'ip' => $REMOTE_ADDR);
$msg = plugin_itemPreSave_spamx('forum', $spamCheckData);
if ($msg) {
$errorMessages .= $msg;
$okToSave = false;
}
}
if ($okToSave == false) {
$retval .= _ff_alertMessage($errorMessages, $LANG_GF01['ERROR'], ' ');
return array(false, $retval);
}
if ($okToSave == true) {
if (!isset($postData['postmode_switch'])) {
$postData['postmode_switch'] = 0;
}
$postmode = _ff_chkpostmode($postData['postmode'], $postData['postmode_switch']);
// validate postmode
if ($postmode == 'html' || $postmode == 'HTML') {
if ($_FF_CONF['allow_html'] || SEC_inGroup('Root') || SEC_hasRights('forum.html')) {
$postmode = 'html';
} else {
$postmode = 'text';
}
}
$subject = _ff_preparefordb(strip_tags($postData['subject']), 'text');
$comment = _ff_preparefordb($postData['comment'], $postmode);
$mood = isset($postData['mood']) ? COM_applyFilter($postData['mood']) : '';
$id = COM_applyFilter($postData['id'], true);
$forum = COM_applyFilter($postData['forum'], true);
$notify = isset($postData['notify']) ? COM_applyFilter($postData['notify']) : '';
// If user has moderator edit rights only
$locked = 0;
$sticky = 0;
if (isset($postData['modedit']) && $postData['modedit'] == 1) {
if (isset($postData['locked_switch']) && $postData['locked_switch'] == 1) {
$locked = 1;
}
if (isset($postData['sticky_switch']) && $postData['sticky_switch'] == 1) {
$sticky = 1;
}
}
if ($action == 'savetopic') {
$fields = "forum,name,email,date,lastupdated,subject,comment,postmode,ip,mood,uid,pid,sticky,locked,status";
$sql = "INSERT INTO {$_TABLES['ff_topic']} ({$fields}) ";
$sql .= "VALUES (" . (int) $forum . "," . "'" . DB_escapeString($name) . "'," . "'" . DB_escapeString($email) . "'," . "'" . DB_escapeString($date) . "'," . "'" . DB_escapeString($date) . "'," . "'" . $subject . "'," . "'" . $comment . "'," . "'" . DB_escapeString($postmode) . "'," . "'" . DB_escapeString($REMOTE_ADDR) . "'," . "'" . DB_escapeString($mood) . "'," . (int) $uid . "," . "0," . (int) $sticky . "," . (int) $locked . "," . (int) $status . ")";
DB_query($sql);
// Find the id of the last inserted topic
list($lastid) = DB_fetchArray(DB_query("SELECT max(id) FROM {$_TABLES['ff_topic']} "));
$savedPostID = $lastid;
$topicPID = $lastid;
/* Check for any uploaded files - during add of new topic */
$uploadErrors = _ff_check4files($lastid);
// Check and see if there are no [file] bbcode tags in content and reset the show_inline value
// This is needed in case user had used the file bbcode tag and then removed it
$imagerecs = '';
$imagerecs = implode(',', $forumfiles);
$sql = "UPDATE {$_TABLES['ff_attachments']} SET show_inline = 0 WHERE topic_id=" . (int) $lastid . " ";
if ($imagerecs != '') {
$sql .= "AND id NOT IN ({$imagerecs})";
}
DB_query($sql);
// Update forums record
DB_query("UPDATE {$_TABLES['ff_forums']} SET post_count=post_count+1, topic_count=topic_count+1, last_post_rec=" . (int) $lastid . " WHERE forum_id=" . (int) $forum);
if (DB_Count($_TABLES['ff_attachments'], 'topic_id', (int) $lastid)) {
DB_query("UPDATE {$_TABLES['ff_topic']} SET attachments=1 WHERE id=" . (int) $lastid);
}
DB_query("DELETE FROM {$_TABLES['ff_log']} WHERE topic=" . (int) $topicPID . " and time > 0");
} else {
if ($action == 'savereply') {
$fields = "name,email,date,subject,comment,postmode,ip,mood,uid,pid,forum,status";
$sql = "INSERT INTO {$_TABLES['ff_topic']} ({$fields}) ";
$sql .= "VALUES (" . "'" . DB_escapeString($name) . "'," . "'" . DB_escapeString($email) . "'," . "'" . DB_escapeString($date) . "'," . "'{$subject}'," . "'{$comment}'," . "'" . DB_escapeString($postmode) . "'," . "'" . DB_escapeString($REMOTE_ADDR) . "'," . "'" . DB_escapeString($mood) . "'," . (int) $uid . "," . (int) $id . "," . (int) $forum . "," . (int) $status . ")";
DB_query($sql);
// Find the id of the last inserted topic
list($lastid) = DB_fetchArray(DB_query("SELECT max(id) FROM {$_TABLES['ff_topic']} "));
$savedPostID = $lastid;
$topicPID = $id;
/* Check for any uploaded files - during adding reply post */
$uploadErrors = _ff_check4files($lastid);
// Check and see if there are no [file] bbcode tags in content and reset the show_inline value
// This is needed in case user had used the file bbcode tag and then removed it
$imagerecs = '';
$imagerecs = implode(',', $forumfiles);
$sql = "UPDATE {$_TABLES['ff_attachments']} SET show_inline = 0 WHERE topic_id=" . (int) $lastid;
if ($imagerecs != '') {
$sql .= " AND id NOT IN ({$imagerecs})";
}
DB_query($sql);
DB_query("UPDATE {$_TABLES['ff_topic']} SET replies=replies+1, lastupdated='" . DB_escapeString($date) . "',last_reply_rec=" . (int) $lastid . " WHERE id=" . (int) $id);
DB_query("UPDATE {$_TABLES['ff_forums']} SET post_count=post_count+1, last_post_rec=" . (int) $lastid . " WHERE forum_id=" . (int) $forum);
if (DB_Count($_TABLES['ff_attachments'], 'topic_id', (int) $lastid)) {
DB_query("UPDATE {$_TABLES['ff_topic']} SET attachments=1 WHERE id=" . (int) $id);
}
DB_query("DELETE FROM {$_TABLES['ff_log']} WHERE topic=" . (int) $topicPID . " and time > 0");
} elseif ($action == 'saveedit') {
$sql = "UPDATE {$_TABLES['ff_topic']} SET " . "subject='{$subject}'," . "comment='{$comment}'," . "postmode='" . DB_escapeString($postmode) . "'," . "mood='" . DB_escapeString($mood) . "'," . "sticky=" . (int) $sticky . "," . "locked=" . (int) $locked . "," . "status=" . (int) $status . " " . "WHERE (id=" . (int) $editid . ")";
DB_query($sql);
/* Check for any uploaded files - during save of edit */
$uploadErrors = _ff_check4files($editid);
// Check and see if there are no [file] bbcode tags in content and reset the show_inline value
// This is needed in case user had used the file bbcode tag and then removed it
$imagerecs = '';
$imagerecs = implode(',', $forumfiles);
$sql = "UPDATE {$_TABLES['ff_attachments']} SET show_inline = 0 WHERE topic_id=" . (int) $editid . " ";
if ($imagerecs != '') {
$sql .= "AND id NOT IN ({$imagerecs})";
}
DB_query($sql);
$topicPID = DB_getITEM($_TABLES['ff_topic'], "pid", "id=" . (int) $editid);
if ($topicPID == 0) {
$topicPID = $editid;
}
$savedPostID = $editid;
if ($postData['silentedit'] != 1) {
DB_query("UPDATE {$_TABLES['ff_topic']} SET lastupdated='" . DB_escapeString($date) . "' WHERE id=" . (int) $topicPID);
//Remove any lastviewed records in the log so that the new updated topic indicator will appear
DB_query("DELETE FROM {$_TABLES['ff_log']} WHERE topic=" . (int) $topicPID . " and time > 0");
}
if (DB_Count($_TABLES['ff_attachments'], 'topic_id', (int) $editid)) {
DB_query("UPDATE {$_TABLES['ff_topic']} SET attachments=1 WHERE id=" . (int) $topicPID);
}
$topicparent = $topicPID;
}
}
COM_updateSpeedLimit('forum');
PLG_itemSaved($savedPostID, 'forum');
CACHE_remove_instance('forumcb');
if (!COM_isAnonUser()) {
//NOTIFY - Checkbox variable in form set to "on" when checked and they don't already have subscribed to forum or topic
$nid = -$topicPID;
$currentForumNotifyRecID = (int) DB_getItem($_TABLES['subscriptions'], 'sub_id', "type='forum' AND category='" . DB_escapeString($forum) . "' AND id=0 AND uid=" . (int) $uid);
$currentTopicNotifyRecID = (int) DB_getItem($_TABLES['subscriptions'], 'sub_id', "type='forum' AND category='" . DB_escapeString($forum) . "' AND id='" . DB_escapeString($topicPID) . "' AND uid=" . (int) $uid);
$currentTopicUnNotifyRecID = (int) DB_getItem($_TABLES['subscriptions'], 'sub_id', "type='forum' AND category='" . DB_escapeString($forum) . "' AND id='" . DB_escapeString($nid) . "' AND uid=" . (int) $uid);
$forum_name = DB_getItem($_TABLES['ff_forums'], 'forum_name', 'forum_id=' . (int) $forum);
$topic_name = $subject;
if ($notify == 'on' and ($currentForumNotifyRecID < 1 and $currentTopicNotifyRecID < 1)) {
$sql = "INSERT INTO {$_TABLES['subscriptions']} (type,category,category_desc,id,id_desc,uid,date_added) ";
$sql .= "VALUES ('forum','" . DB_escapeString($forum) . "','" . DB_escapeString($forum_name) . "','" . DB_escapeString($topicPID) . "','" . $subject . "'," . (int) $uid . ",now() )";
DB_query($sql);
} elseif ($notify == 'on' and $currentTopicUnNotifyRecID > 1) {
// Had un-subcribed to topic and now wants to subscribe
DB_query("DELETE FROM {$_TABLES['subscriptions']} WHERE sub_id=" . (int) $currentTopicUnNotifyRecID);
} elseif ($notify == '' and $currentTopicNotifyRecID > 1) {
// Subscribed to topic - but does not want to be notified anymore
DB_query("DELETE FROM {$_TABLES['subscriptions']} WHERE type='forum' AND uid=" . (int) $uid . " AND category='" . DB_escapeString($forum) . "' and id = '" . DB_escapeString($topicPID) . "'");
} elseif ($notify == '' and $currentForumNotifyRecID > 1) {
// Subscribed to forum - but does not want to be notified about this topic
DB_query("DELETE FROM {$_TABLES['subscriptions']} WHERE type='forum' AND uid=" . (int) $uid . " AND category='" . DB_escapeString($forum) . "' and id = '" . DB_escapeString($topicPID) . "'");
DB_query("DELETE FROM {$_TABLES['subscriptions']} WHERE type='forum' AND uid=" . (int) $uid . " AND category='" . DB_escapeString($forum) . "' and id = '" . DB_escapeString($nid) . "'");
DB_query("INSERT INTO {$_TABLES['subscriptions']} (type,category,category_desc,id,id_desc,uid,date_added) VALUES ('forum','" . DB_escapeString($forum) . "','" . DB_escapeString($forum_name) . "','" . DB_escapeString($nid) . "','" . $subject . "'," . (int) $uid . ",now() )");
}
}
if ($action != 'saveedit') {
_ff_chknotifications($forum, $savedPostID, $uid);
}
$link = $_CONF['site_url'] . '/forum/viewtopic.php?showtopic=' . $topicPID . '&topic=' . $savedPostID . '#' . $savedPostID;
if ($uploadErrors != '') {
$autorefresh = false;
} else {
$autorefresh = true;
}
$retval .= FF_statusMessage($uploadErrors . $LANG_GF02['msg19'], $link, $LANG_GF02['msg19'], false, '', $autorefresh);
} else {
$retval .= _ff_alertMessage($LANG_GF02['msg18']);
}
return array(true, $retval);
}
function _rebuild_data()
{
global $_CONF;
$method = '';
if (SESS_isSet('glfusion.auth.method')) {
$method = SESS_getVar('glfusion.auth.method');
SESS_unSet('glfusion.auth.method');
}
$postdata = '';
if (SESS_isSet('glfusion.auth.post')) {
$postdata = SESS_getVar('glfusion.auth.post');
SESS_unSet('glfusion.auth.post');
}
$getdata = '';
if (SESS_isSet('glfusion.auth.get')) {
$getdata = SESS_getVar('glfusion.auth.get');
SESS_unSet('glfusion.auth.get');
}
$filedata = '';
if (SESS_isSet('glfusion.auth.file')) {
$filedata = SESS_getVar('glfusion.auth.file');
SESS_unSet('glfusion.auth.file');
$file_array = unserialize($filedata);
}
$filedata = '';
if (empty($_FILES) && isset($file_array) && is_array($file_array)) {
foreach ($file_array as $fkey => $file) {
if (isset($file['name']) && is_array($file['name'])) {
foreach ($file as $key => $data) {
foreach ($data as $offset => $value) {
if ($key == 'tmp_name') {
$filename = COM_sanitizeFilename(basename($value), true);
$value = $_CONF['path_data'] . 'temp/' . $filename;
if ($filename == '') {
$value = '';
}
$_FILES[$fkey]['_data_dir'][$offset] = true;
}
$_FILES[$fkey][$key][$offset] = $value;
if (!isset($_FILES[$fkey]['tmp_name']) || !isset($_FILES[$fkey]['tmp_name'][$offset]) || !file_exists($_FILES[$fkey]['tmp_name'][$offset])) {
$_FILES[$fkey]['tmp_name'][$offset] = '';
$_FILES[$fkey]['error'][$offset] = 4;
}
}
}
} else {
foreach ($file as $key => $value) {
if ($key == 'tmp_name') {
$filename = COM_sanitizeFilename(basename($value), true);
$value = $_CONF['path_data'] . 'temp/' . $filename;
if ($filename == '') {
$value = '';
}
// set _data_dir attribute to key upload class to not use move_uploaded_file()
$_FILES[$fkey]['_data_dir'] = true;
}
$_FILES[$fkey][$key] = $value;
}
if (!file_exists($_FILES[$fkey]['tmp_name'])) {
$_FILES[$fkey]['tmp_name'] = '';
$_FILES[$fkey]['error'] = 4;
}
}
}
}
$_POST = array();
$_GET = array();
$_SERVER['REQUEST_METHOD'] = $method;
$_POST = unserialize($postdata);
$_GET = unserialize($getdata);
// refresh the token (easier to create new one than try to fake referer)
if (@array_key_exists(CSRF_TOKEN, $_POST) || @array_key_exists(CSRF_TOKEN, $_GET)) {
$newToken = SEC_createToken();
$_POST[CSRF_TOKEN] = $newToken;
$_GET[CSRF_TOKEN] = $newToken;
}
if (!isset($_GET) || !is_array($_GET)) {
$_GET = array();
}
if (!isset($_POST) || !is_array($_POST)) {
$_POST = array();
}
$_REQUEST = array_merge($_GET, $_POST);
return;
}
