/** * Order validation */ function _order_validate_delivery() { $_POST['exp_date'] = $_POST['exp_date_mm'] . $_POST['exp_date_yy']; $force_ship_type = module('shop')->FORCE_GROUP_SHIP[module('shop')->USER_GROUP]; if ($force_ship_type) { $_POST["ship_type"] = $force_ship_type; } if (!strlen($_POST["ship_type"]) || !isset(module('shop')->_ship_types[$_POST["ship_type"]])) { _re("Shipping type required"); } foreach ((array) module('shop')->_b_fields as $_field) { if (!strlen($_POST[$_field]) && in_array($_field, module('shop')->_required_fields)) { _re(t(str_replace("b_", "Billing ", $_field)) . " " . t("is required")); } } if ($_POST["email"] != "" && !common()->email_verify($_POST["email"])) { _re("email not valid."); } /* foreach ((array)module('shop')->_s_fields as $_field) { if (!strlen($_POST[$_field]) && in_array($_field, module('shop')->_required_fields)) { _re(t(str_replace("s_", "Shipping ", $_field))." ".t("is required")); } } if (!common()->email_verify($_POST["s_email"])) { _re("Shipping email not valid."); } */ }
/** */ function supplier_edit() { $_GET['id'] = intval($_GET['id']); if (empty($_GET['id'])) { return _e('Empty ID!'); } $supplier_info = db()->query_fetch('SELECT * FROM ' . db('shop_suppliers') . ' WHERE id=' . $_GET['id']); if (main()->is_post()) { if (!$_POST['name']) { _re('Product name must be filled'); } if (!common()->_error_exists()) { $sql_array = ['name' => $_POST['name'], 'url' => $_POST['url'] ?: common()->_propose_url_from_name($_POST['name']), 'desc' => $_POST['desc'], 'meta_keywords' => $_POST['meta_keywords'], 'meta_desc' => $_POST['meta_desc'], 'sort_order' => intval($_POST['sort_order'])]; module('manage_shop_revisions')->check_revision(__FUNCTION__, $_GET['id'], 'shop_suppliers'); db()->update('shop_suppliers', db()->es($sql_array), 'id=' . $_GET['id']); module('manage_shop_revisions')->new_revision(__FUNCTION__, $_GET['id'], 'shop_suppliers'); common()->admin_wall_add(['shop supplier updated: ' . $_POST['name'], $_GET['id']]); if (!empty($_FILES)) { $man_id = $_GET['id']; $this->_upload_image($man_id, $url); } } return js_redirect('./?object=' . main()->_get('object') . '&action=suppliers'); } $thumb_path = module('manage_shop')->supplier_img_dir . $supplier_info['url'] . '_' . $supplier_info['id'] . module('manage_shop')->THUMB_SUFFIX . '.jpg'; if (!file_exists($thumb_path)) { $thumb_path = ''; } else { $thumb_path = module('manage_shop')->supplier_img_webdir . $supplier_info['url'] . '_' . $supplier_info['id'] . module('manage_shop')->THUMB_SUFFIX . '.jpg'; } $replace = ['name' => $supplier_info['name'], 'sort_order' => $supplier_info['sort_order'], 'desc' => $supplier_info['desc'], 'thumb_path' => $thumb_path, 'delete_image_url' => './?object=' . main()->_get('object') . '&action=delete_image&id=' . $supplier_info['id'], 'form_action' => './?object=' . main()->_get('object') . '&action=supplier_edit&id=' . $supplier_info['id'], 'back_url' => './?object=' . main()->_get('object') . '&action=suppliers']; return form($replace)->text('name')->textarea('desc', 'Description')->text('url')->text('meta_keywords')->text('meta_desc')->save_and_back(); }
/** */ function coupon_edit() { $_GET['id'] = intval($_GET['id']); if (empty($_GET['id'])) { return _e('Empty ID!'); } $coupon_info = db()->query_fetch('SELECT * FROM ' . db('shop_coupons') . ' WHERE id=' . $_GET['id']); if (main()->is_post()) { if (!$_POST['code']) { _re('Code must be entered'); } else { $_POST['code'] = $this->_cleanup_code($_POST['code']); $cnt = db()->get_one("SELECT COUNT(`id`) AS `cnt` FROM `" . db('shop_coupons') . "` WHERE `code`='" . $_POST['code'] . "' AND `id`!=" . $_GET['id']); if ($cnt != 0) { _re('Code already exists'); } } if (!common()->_error_exists()) { $sql_array = ['code' => $this->_cleanup_code($_POST['code']), 'user_id' => intval($_POST['user_id']), 'sum' => intval($_POST['sum']), 'status' => intval($_POST['status']), 'cat_id' => intval($_POST['cat_id']), 'order_id' => intval($_POST['order_id']), 'time_start' => strtotime($_POST['time_start']), 'time_end' => strtotime($_POST['time_end'])]; db()->update('shop_coupons', db()->es($sql_array), 'id=' . $_GET['id']); common()->admin_wall_add(['shop coupon updated: ' . $this->_cleanup_code($_POST['code']), $_GET['id']]); return js_redirect('./?object=' . main()->_get('object') . '&action=coupons'); } } $replace = ['code' => $coupon_info['code'], 'user_id' => $coupon_info['user_id'], 'sum' => $coupon_info['sum'], 'status' => $coupon_info['status'], 'cat_id' => $coupon_info['cat_id'], 'order_id' => $coupon_info['order_id'], 'time_start' => date('d.m.Y I:s', $coupon_info['time_start']), 'time_end' => date('d.m.Y I:s', $coupon_info['time_end']), 'form_action' => './?object=' . main()->_get('object') . '&action=coupon_edit&id=' . $coupon_info['id'], 'back_url' => './?object=' . main()->_get('object') . '&action=coupons']; return form($replace)->text('code')->integer('user_id')->integer('sum')->select_box('status', $this->_statuses)->select_box('cat_id', module('manage_shop')->_cats_for_select, ['desc' => 'Main category', 'edit_link' => './?object=category_editor&action=show_items&id=shop_cats', 'translate' => 0])->integer('order_id')->datetime_select('time_start', null, ['with_time' => 1])->datetime_select('time_end', null, ['with_time' => 1])->save_and_back(); }
/** * Order step */ function _order_step_do_payment($FORCE_DISPLAY_FORM = false) { $basket_contents = module('shop')->_basket_api()->get_all(); if (module('shop')->FORCE_PAY_METHOD) { $_POST["pay_type"] = module('shop')->FORCE_PAY_METHOD; } // Show previous form if needed if (common()->_error_exists() || empty($_POST)) { return module('shop')->_order_step_select_payment(); } $ORDER_ID = intval($_POST["order_id"] ? $_POST["order_id"] : module('shop')->_CUR_ORDER_ID); if (empty($ORDER_ID)) { _re("Missing order ID"); } // Get order info $order_info = db()->query_fetch("SELECT * FROM " . db('shop_orders') . " WHERE id=" . intval($ORDER_ID) . " AND user_id=" . intval(main()->USER_ID) . " AND status='pending'"); if (empty($order_info["id"])) { _re("Missing order record"); } // Payment by courier, skip next step if (!common()->_error_exists() && $_POST["pay_type"] == 1 or $_POST["pay_type"] == 3 or $_POST["pay_type"] == 4) { module('shop')->_basket_api()->clean(); return js_redirect("./?object=shop&action=" . $_GET["action"] . "&id=finish&page=" . intval($ORDER_ID)); } // Authorize.net payment type if ($_POST["pay_type"] == 2) { module('shop')->_basket_api()->clean(); return module('shop')->_order_pay_authorize_net($order_info); } }
/** * Order validation */ function _order_validate_select_payment() { module('shop')->_order_validate_delivery(); if (!$_POST["pay_type"] || !isset(module('shop')->_pay_types[$_POST["pay_type"]])) { _re("Wrong payment type"); } }
/** * Order validation */ function _order_validate_do_payment() { module('shop')->_order_validate_select_payment(); if (empty($_POST["order_id"])) { _re("Missing order ID"); } if (empty($_POST["total_sum"])) { _re("Missing total sum"); } }
/** * validate order data for view order */ function _order_validate_data() { if (empty($_POST["order_id"])) { _re("Order empty"); } $order_info = db()->query_fetch("SELECT * FROM " . db('shop_orders') . " WHERE id=" . intval($_POST["order_id"])); if (empty($order_info)) { _re("No such order"); } if (empty($_POST["email"])) { _re("e-mail empty"); } elseif (!common()->email_verify($_POST["email"])) { _re("email not valid."); } elseif ($order_info["email"] != $_POST["email"]) { _re("The order has been issued on other name"); } }
/** */ function attribute_edit() { if (empty($_GET['id'])) { return _e('no id'); } $_GET['id'] = intval($_GET['id']); $A = db()->query_fetch('SELECT * FROM `' . db('shop_productparams') . '` WHERE `id`=' . $_GET['id']); $options = db()->get_2d('SELECT `id`,`title` FROM ' . db('shop_productparams_options') . ' WHERE `productparams_id`=' . $_GET['id'] . ' ORDER BY `title`'); $A['value_list'] = implode("\n", $options); if (main()->is_post()) { if (empty($_POST['title'])) { _re('Title is required'); } if (empty($_POST['value_list'])) { _re('Values list is required'); } if (!common()->_error_exists()) { $value_list = []; foreach ((array) explode("\n", $_POST['value_list']) as $val) { $v = trim($val); if ($v != '') { $value_list[$v] = $v; } } $options_list = array_flip($options); foreach ($value_list as $val) { if (!empty($options_list[$val])) { // same option - leave as is unset($options_list[$val]); } else { // insert new db()->INSERT('shop_productparams_options', ['productparams_id' => $_GET['id'], 'title' => $val]); } } if (count($options_list != 0)) { // options not found - delete these db()->query('DELETE FROM `' . db('shop_productparams_options') . '` WHERE `id` IN (' . implode(',', $options_list) . ') AND `productparams_id`=' . $_GET['id']); } db()->UPDATE('shop_productparams', db()->es(['title' => $_POST['title']]), 'id=' . $_GET['id']); common()->admin_wall_add(['shop product attribute updated: ' . $_POST['title'], $_GET['id']]); return js_redirect('./?object=' . main()->_get('object') . '&action=attributes'); } } $replace = ['form_action' => './?object=' . main()->_get('object') . '&action=' . $_GET['action'] . '&id=' . $A['id'], 'error' => _e(), 'title' => $A['title'], 'value_list' => $A['value_list'], 'back_url' => './?object=' . main()->_get('object') . '&action=attributes', 'active' => 1]; return form($replace)->text('title')->textarea('value_list')->save_and_back(); }
/** */ function edit() { $_GET['id'] = intval($_GET['id']); $a = db()->query_fetch('SELECT * FROM ' . db('comments') . ' WHERE id=' . intval($_GET['id'])); if (empty($a)) { return _e('No such record'); } if (main()->is_post()) { if (empty($_POST['text'])) { _re('Comment text required'); } if (!common()->_error_exists()) { db()->update_safe('comments', ['text' => $_POST['text']], 'id=' . intval($a['id'])); return js_redirect(''); } } return form($a + ['back_link' => './?object=' . $_GET['object']])->info_date('add_date', 'full')->info('object_name')->info('object_id')->user_info('user_id')->textarea('text')->save_and_back(); }
function show() { conf('_login_form_displayed', true); if (!empty($_POST)) { if (empty($_POST['login']) && empty($_POST['email'])) { _re('Login or Email required'); } // Check if user with such login exists if (!empty($_POST['login'])) { $A = db()->query_fetch('SELECT id,name,login,password,email,nick FROM ' . db('user') . ' WHERE login="******"'); if (empty($A['id'])) { _re('Login was not found', 'login'); } if (!common()->_error_exists()) { $result = $this->_send_info_to_user($A); if (!$result) { _re('Server mail error'); } } // Check if user with such email exists } elseif (!empty($_POST['email'])) { $Q = db()->query('SELECT id,name,login,password,email,nick FROM ' . db('user') . ' WHERE email="' . _es($_POST['email']) . '"'); if (!db()->num_rows($Q)) { _re('Email was not found', 'email'); } // Check if errors exists and send all found accounts if (!common()->_error_exists()) { while ($A = db()->fetch_assoc($Q)) { $result = $this->_send_info_to_user($A); if (!$result) { _re('Server mail error'); } } } } if (!common()->_error_exists()) { $success_msg = t('Password has been sent to your email address. It should arrive in a couple of minutes.'); } } $replace = ['form_action' => './?object=' . $_GET['object']]; $login_form = form($replace, ['legend' => 'Enter your login', 'class' => 'form-vertical'])->validate(['login' => 'trim|required'])->text('login', 'Enter your login')->submit('', 'Get Password', ['class' => 'btn btn-small']); $email_form = form($replace, ['legend' => 'Enter your email', 'class' => 'form-vertical'])->validate(['email' => 'trim|required'])->email('email', 'Enter your email')->submit('', 'Get Password', ['class' => 'btn btn-small']); return tpl()->parse(__CLASS__ . '/main', ['error' => _e(), 'success' => !empty($success_msg) ? $success_msg : '', 'login_form' => $login_form, 'email_form' => $email_form]); }
/** * Order step */ function _order_step_select_payment($FORCE_DISPLAY_FORM = false) { // Show previous form if needed if (common()->_error_exists() || empty($_POST)) { return module('shop')->_order_step_delivery(); } if (module('shop')->FORCE_PAY_METHOD) { $_POST["pay_type"] = module('shop')->FORCE_PAY_METHOD; $FORCE_DISPLAY_FORM = false; } if (main()->is_post() && !$FORCE_DISPLAY_FORM) { module('shop')->_order_validate_select_payment(); // Verify products if (!common()->_error_exists()) { $ORDER_ID = module('shop')->_order_create(); $ORDER_ID = intval($ORDER_ID); } // Order id is required to continue, check it again if (empty($ORDER_ID) && !common()->_error_exists()) { _re("SHOP: Error while creating `order`, please <a href='" . process_url("./?object=support") . "'>contact</a> site admin"); } // Display next form if we have no errors if (!common()->_error_exists()) { module('shop')->_CUR_ORDER_ID = $ORDER_ID; return module('shop')->_order_step_do_payment(true); } } $DATA = $_POST; if (!isset($DATA["pay_type"])) { $DATA["pay_type"] = key(module('shop')->_pay_types); } $hidden_fields = ""; $hidden_fields .= module('shop')->_hidden_field("ship_type", $_POST["ship_type"]); foreach ((array) module('shop')->_b_fields as $_field) { $hidden_fields .= module('shop')->_hidden_field($_field, $_POST[$_field]); } /* foreach ((array)module('shop')->_s_fields as $_field) { $hidden_fields .= module('shop')->_hidden_field($_field, $_POST[$_field]); } */ $hidden_fields .= module('shop')->_hidden_field('card_num', $_POST['card_num']); $hidden_fields .= module('shop')->_hidden_field('exp_date', $_POST['exp_date']); $replace = ["form_action" => "./?object=shop&action=" . $_GET["action"] . "&id=" . $SELF_METHOD_ID, "error_message" => _e(), "pay_type_box" => module('shop')->_box("pay_type", $DATA["pay_type"]), "hidden_fields" => $hidden_fields, "back_link" => "./?object=shop&action=order&id=delivery", "cats_block" => module('shop')->_categories_show()]; return tpl()->parse("shop/order_select_payment", $replace); }
/** */ function unit_edit() { $_GET['id'] = intval($_GET['id']); if (empty($_GET['id'])) { return _e('Empty ID!'); } $unit_info = db()->query_fetch('SELECT * FROM ' . db('shop_product_units') . ' WHERE id=' . $_GET['id']); if (main()->is_post()) { if (!$_POST['title']) { _re('Unit title must be filled'); } if (!common()->_error_exists()) { $sql_array = ['title' => $_POST['title'], 'description' => $_POST['description'], 'step' => intval($_POST['step']), 'k' => tofloat($_POST['k'])]; db()->update('shop_product_units', _es($sql_array), 'id=' . $_GET['id']); common()->admin_wall_add(['shop product unit updated: ' . $_POST['title'], $_GET['id']]); } return js_redirect('./?object=' . main()->_get('object') . '&action=units'); } $replace = ['title' => $unit_info['title'], 'description' => $unit_info['description'], 'step' => $unit_info['step'], 'k' => $unit_info['k'], 'form_action' => './?object=' . main()->_get('object') . '&action=unit_edit&id=' . $unit_info['id'], 'back_url' => './?object=' . main()->_get('object') . '&action=units']; return form($replace)->text('title')->textarea('description', 'Description')->text('step')->text('k')->save_and_back(); }
/** */ function edit() { $_GET['id'] = intval($_GET['id']); // Do save data if (!empty($_POST)) { // Position could not be empty if (empty($_POST['ad'])) { _re('Place is empty'); } // Content html could not be empty if (empty($_POST['html'])) { _re('Html is empty'); } if (!_ee()) { return $this->save(); } } $info = db()->query_fetch('SELECT * FROM ' . db('advertising') . ' WHERE id=' . $_GET['id']); $editor = db()->query_fetch('SELECT * FROM ' . db('sys_admin') . ' WHERE id=' . $info['edit_user_id']); $replace = ['form_action' => './?object=' . $_GET['object'] . '&action=' . $_GET['action'] . '&id=' . $_GET['id'], 'ad' => $info['ad'], 'editor' => $editor['first_name'] . ' ' . $editor['last_name'], 'edit_date' => date('d/m/Y', $info['edit_date']), 'customer' => $info['customer'], 'date_start' => $info['date_start'] ? $info['date_start'] : time(), 'date_end' => $info['date_end'] ? $info['date_end'] : time(), 'cur_date' => time(), 'html' => stripslashes($info['html']), 'active' => $info['active'], 'error_message' => _e(), 'back_link' => './?object=' . $_GET['object'] . '&action=listing']; return form2($replace)->info('ad', 'Placeholder')->info('editor', 'Last editor')->info('edit_date', 'Edit date')->text('customer', 'Customer')->text('ad', 'Placeholder')->textarea('html', 'Content')->date_box('date_start', '', ['desc' => 'Date start'])->date_box('date_end', '', ['desc' => 'Date end'])->active_box()->save_and_back(); }
/** * Do upload archive to server */ function go($new_file_path, $name_in_form = 'archive') { ignore_user_abort(true); if (empty($new_file_path)) { trigger_error(__CLASS__ . ': New file path id required', E_USER_WARNING); return false; } if (empty($name_in_form)) { $name_in_form = 'archive'; } $ARCHIVE = is_array($name_in_form) ? $name_in_form : $_FILES[$name_in_form]; if ($ARCHIVE['type'] && !isset($this->ALLOWED_MIME_TYPES[$ARCHIVE['type']])) { _re('Invalid file mime type'); } if (common()->_error_exists()) { return false; } $ARCHIVE_DIR = dirname($new_file_path); if (!file_exists($ARCHIVE_DIR)) { mkdir($ARCHIVE_DIR, 0777, true); } $ARCHIVE_PATH = $new_file_path; if ($is_local) { $move_result = false; if (!file_exists($ARCHIVE_PATH) && file_exists($ARCHIVE['tmp_name'])) { file_put_contents($ARCHIVE_PATH, file_get_contents($ARCHIVE['tmp_name'])); unlink($ARCHIVE['tmp_name']); $move_result = true; } } else { $move_result = move_uploaded_file($ARCHIVE['tmp_name'], $ARCHIVE_PATH); } if (!$move_result || !file_exists($ARCHIVE_PATH) || !filesize($ARCHIVE_PATH) || !is_readable($ARCHIVE_PATH)) { trigger_error('Moving uploaded archive error', E_USER_WARNING); return false; } return true; }
/** * Email given text to a friend */ function go($text = "") { $cur_page_md5 = md5($_GET["object"] . "%%" . $_GET["action"] . "%%" . $_GET["id"]); // Verify and send email if (!empty($_POST["go"])) { // Check if email is already registered for someone if (!common()->email_verify($_POST["email"])) { _re("Invalid e-mail, please check your spelling!"); } if (empty($_POST["name"])) { _re("Friend name required!"); } if (empty($_POST["message"])) { _re("Message text required!"); } // Check for flood if (!empty($_SESSION[$this->SESSION_TTL_NAME][$cur_page_md5]) && $_SESSION[$this->SESSION_TTL_NAME][$cur_page_md5] > time() - $this->TTL) { _re("You are not allowed to send current page more than once in future " . ($_SESSION[$this->SESSION_TTL_NAME][$cur_page_md5] + $this->TTL - time()) . " seconds!"); } // Try to send email if (!common()->_error_exists()) { $subject = "Your friend " . $_POST["name"] . " sent to you from " . SITE_NAME; $text_to_send = (!empty($_POST["comment"]) ? $_POST["comment"] . "<br />\r\n<br />\r\n" : "") . $_POST["message"]; $send_result = common()->quick_send_mail($_POST["email"], $subject, $text_to_send); // Anti-flooder $_SESSION[$this->SESSION_TTL_NAME][$cur_page_md5] = time(); $replace2 = ["result" => intval((bool) $send_result)]; return tpl()->parse("system/common/email_page_result", $replace2); } } // Show form if (empty($_POST["go"]) || common()->_error_exists()) { $replace = ["error_message" => _e(), "form_action" => "./?object=" . $_GET["object"] . "&action=" . $_GET["action"] . "&id=" . $_GET["id"], "name" => _prepare_html(isset($_POST["name"]) ? $_POST["name"] : (!empty($this->_user_info["display_name"]) ? $this->_user_info["display_name"] : $this->_user_info["name"])), "email" => _prepare_html(isset($_POST["email"]) ? $_POST["email"] : $this->_user_info["email"]), "message" => _prepare_html(isset($_POST["message"]) ? $_POST["message"] : $text), "comment" => _prepare_html($_POST["comment"]), "page_preview" => isset($_POST["message"]) ? $_POST["message"] : $text]; return tpl()->parse("system/common/email_page_form", $replace); } }
/** * Check user login */ public function _check_login() { // TODO: rewrite me if ($_POST['login'] == '') { _re('Login required'); // TODO: convert into query buidler } elseif ($this->db->query_num_rows('SELECT id FROM ' . $this->db->_real_name('user') . ' WHERE login="******"') >= 1) { _re('This login ' . $_POST['login'] . ' has already been registered with us!'); } }
/** */ function edit_var() { $_GET['id'] = trim($_GET['id']); // Try to find numeric id for the given string var if (!empty($_GET['id']) && !is_numeric($_GET['id'])) { $_GET['id'] = urldecode($_GET['id']); $var_info = db()->query_fetch('SELECT * FROM ' . db('locale_vars') . ' WHERE LOWER(REPLACE(CONVERT(value USING utf8), " ", "_")) = "' . _es($_GET['id']) . '"'); if ($var_info) { $_GET['id'] = $var_info['id']; } else { db()->insert_safe('locale_vars', ['value' => $_GET['id']]); $_GET['id'] = db()->INSERT_ID(); } } $_GET['id'] = intval($_GET['id']); $var_info = db()->query_fetch('SELECT * FROM ' . db('locale_vars') . ' WHERE id=' . intval($_GET['id'])); if (empty($var_info['id'])) { _re('No such var!', 'id'); return _e(); } $Q = db()->query('SELECT * FROM ' . db('locale_translate') . ' WHERE var_id=' . intval($var_info['id'])); while ($A = db()->fetch_assoc($Q)) { $var_tr[$A['locale']] = $A['value']; } if (is_post()) { if (!_ee()) { foreach ((array) $this->_cur_langs_array as $lang_id => $lang_info) { if (!isset($_POST[$lang_info['locale']])) { continue; } $sql_data = ['var_id' => intval($var_info['id']), 'value' => _es($_POST[$lang_info['locale']]), 'locale' => _es($lang_info['locale'])]; if (isset($var_tr[$lang_info['locale']])) { db()->UPDATE('locale_translate', $sql_data, 'var_id=' . intval($var_info['id']) . " AND locale='" . _es($lang_info["locale"]) . "'"); } else { db()->INSERT('locale_translate', $sql_data); } cache_del('locale_translate_' . $lang_info['locale']); } common()->admin_wall_add(['locale var updated: ' . $var_info['value'], $_GET['id']]); return js_redirect('/@object/show_vars'); } } foreach ((array) $this->_cur_langs_array as $lang_id => $lang_info) { // Paste default value for the english locale (if translation is absent) $tr_value = !isset($var_tr[$lang_info['locale']]) && $lang_info['locale'] == 'en' ? $var_info['value'] : $var_tr[$lang_info['locale']]; $langs[$lang_info['locale']] = ['locale' => $lang_info['locale'], 'name' => _prepare_html($lang_info['name']), 'tr_value' => _prepare_html(trim($tr_value))]; } $replace = ['form_action' => url('/@object/@action/@id'), 'back_link' => url('/@object/show_vars'), 'error_message' => _e(), 'langs' => $langs, 'var_value' => _prepare_html($var_info['value']), 'location' => $this->DISPLAY_VARS_LOCATIONS ? $this->_prepare_locations($var_info['location']) : '']; return tpl()->parse('@object/edit_var', $replace); }
function render_comment($comment, $args, $depth) { ob_start(); $GLOBALS['comment'] = $comment; $commentBoxIndentStyle = ' avatar-indent'; ?> <li <?php comment_class(); ?> id="li-comment-<?php comment_ID(); ?> "> <div id="comment-<?php comment_ID(); ?> " class="comment-div-wrapper"> <div class="comment-author vcard" style="line-height: 50px;"> <div class="comment_gravatar_wrapper"> <?php echo get_avatar($comment, $size = 50); ?> </div> <div class="comment-meta commentmetadata"> <?php printf(_r('<cite class="fn">%s</cite>'), get_comment_author_link()); ?> <div class="comment-meta-time"> <a href="<?php echo htmlspecialchars(get_comment_link($comment->comment_ID)); ?> "><?php printf(_r('%1$s at %2$s'), get_comment_date(), get_comment_time()); ?> </a> <?php edit_comment_link(_r('(Edit)'), ' ', ''); ?> </div> </div> <div class="clr"></div> </div> <?php if ($comment->comment_approved == '0') { ?> <span class="attention"><?php _re('Your comment is awaiting moderation.'); ?> </span> <?php } ?> <?php comment_text(); ?> <div class="reply"> <?php comment_reply_link(array_merge($args, array('depth' => $depth, 'max_depth' => $args['max_depth']))); ?> </div> <div class="clr"></div> </div> <?php echo ob_get_clean(); return; }
/** */ function active($params = []) { if (is_string($params)) { $params = ['table' => $params]; } if (!is_array($params)) { $params = []; } $params += (array) $this->params; $db = is_object($params['db']) ? $params['db'] : db(); $table = $db->_fix_table_name($params['table']); if (!$table) { _re('Wrong table name'); return false; } $fields = $params['fields']; $primary_field = $params['id'] ? $params['id'] : 'id'; $id = isset($params['input_' . $primary_field]) ? $params['input_' . $primary_field] : $_GET['id']; if (!empty($id)) { $info = $db->query_fetch('SELECT * FROM ' . $db->es($table) . ' WHERE `' . $db->es($primary_field) . '`="' . $db->es($id) . '" LIMIT 1'); } if ($info) { if (is_callable($params['on_before_update'])) { $params['on_before_update']($info); } if ($params['revisions']) { $n = $info; $n['active'] = (int) (!$info['active']); module_safe('manage_revisions')->add(['object_name' => $params['table'], 'object_id' => $id, 'old' => $info, 'new' => $n, 'action' => 'active']); } $db->update_safe($table, ['active' => (int) (!$info['active'])], $db->es($primary_field) . '="' . $db->es($id) . '"'); common()->admin_wall_add([$_GET['object'] . ': item in table ' . $table . ' ' . ($info['active'] ? 'inactivated' : 'activated'), $id]); if (is_callable($params['on_after_update'])) { $params['on_after_update']($info); } } if (conf('IS_AJAX')) { echo $info['active'] ? 0 : 1; } else { return js_redirect(url('/@object/' . _add_get() . $params['links_add'])); } }
function confirm() { // Send registration confirmation email if (!$this->CONFIRM_REGISTER) { return tpl()->parse('@object/confirm_messages', ['msg' => 'confirm_not_needed']); } // Check confirmation code if (!strlen($_GET['id'])) { return _e('Confirmation ID is required!'); } // Decode confirmation number list($user_id, $member_date) = explode('wvcn', trim(base64_decode($_GET['id']))); $user_id = intval($user_id); $member_date = intval($member_date); // Get target user info if (!empty($user_id)) { $target_user_info = user($user_id); } // User id is required if (empty($target_user_info['id'])) { return _e('Wrong user ID'); } // Check if user already confirmed if ($target_user_info['active']) { return tpl()->parse('@object/confirm_messages', ['msg' => 'already_confirmed']); } // Check if code is expired if (!common()->_error_exists()) { if (!empty($member_date) && time() - $member_date > $this->CONFIRM_TTL) { _re('Confirmation code has expired.'); } } if (!common()->_error_exists()) { if ($_GET['id'] != $target_user_info['verify_code']) { _re('Wrong confirmation code'); } } if (!common()->_error_exists()) { db()->update('user', ['active' => 1], $user_id); return tpl()->parse('@object/confirm_messages', ['msg' => 'confirm_success']); } $body .= _e(); $body .= tpl()->parse('@object/enter_code', $replace3); $body .= tpl()->parse('@object/resend_code', $replace4); return $body; }
/** * Export SQL */ function table_export($params = []) { $SINGLE_TABLE = !empty($_GET['table']) ? DB_PREFIX . $_GET['table'] : ''; if ($SINGLE_TABLE) { $A = db()->query_fetch('SHOW TABLE STATUS LIKE "' . $SINGLE_TABLE . '"'); $_single_table_info = ['name' => $A['Name'], 'engine' => $A['Engine'], 'rows' => $A['Rows'], 'data_size' => $A['Data_length'], 'collation' => $A['Collation']]; } if (!isset($this->_tables_names)) { foreach ((array) db()->meta_tables() as $cur_table_name) { $this->_tables_names[$cur_table_name] = $cur_table_name; } } $SILENT_MODE = $params['silent_mode']; $USE_TEMP_FILE = false; if (!$SINGLE_TABLE || $_single_table_info['rows'] >= 10000 || $_single_table_info['size'] >= 1000000) { $USE_TEMP_FILE = true; } if (!empty($params['where'])) { $USE_TEMP_FILE = false; } if (!empty($_POST['go']) || $SILENT_MODE) { set_time_limit(600); if ($params['single_table']) { $SINGLE_TABLE = $params['single_table']; } $TABLES = $_POST['tables']; if ($params['tables']) { $TABLES = $params['tables']; } $INSERT_FULL = $_POST['full_inserts']; if ($params['full_inserts']) { $INSERT_FULL = $params['full_inserts']; } $INSERT_EXTENDED = $_POST['ext_inserts']; if ($params['ext_inserts']) { $INSERT_EXTENDED = $params['ext_inserts']; } $EXPORT_TYPE = $_POST['export_type']; if ($params['export_type']) { $EXPORT_TYPE = $params['export_type']; } $EXPORTED_SQL = ''; $tables_to_export = []; if (!empty($SINGLE_TABLE)) { $tables_to_export[$SINGLE_TABLE] = $params['where'][$SINGLE_TABLE]; } elseif (!empty($TABLES)) { foreach ((array) $TABLES as $cur_table_name) { if (!isset($this->_tables_names[$cur_table_name])) { continue; } $tables_to_export[$cur_table_name] = $params['where'][$cur_table_name]; } } else { foreach ((array) $this->_tables_names as $v) { $tables_to_export[$v] = $params['where'][$v]; } } if (empty($tables_to_export)) { _re('No tables to export!'); } if (!isset($this->_export_types[$EXPORT_TYPE])) { _re('Wrong export type!'); } // checking if ($USE_TEMP_FILE) { $_temp_file_path = $this->_quick_export_with_mysqldump($tables_to_export); if ($_temp_file_path && file_exists($_temp_file_path) && filesize($_temp_file_path) > 2) { $QUICK_DUMPED = true; } } // TODO // $tables_infos $this->_get_tables_infos(); if (!common()->_error_exists() && !$QUICK_DUMPED) { if ($USE_TEMP_FILE) { $_temp_file_name = 'db_export' . ($SINGLE_TABLE ? '__' . $SINGLE_TABLE : '') . '_' . date('YmdHis', time()) . '.sql'; $_temp_file_path = INCLUDE_PATH . 'uploads/tmp/' . $_temp_file_name; _mkdir_m(dirname($_temp_file_path)); if (file_exists(dirname($_temp_file_path))) { $fh = fopen($_temp_file_path, 'w'); $_temp_file_name2 = $_temp_file_name . '.tmp'; $_temp_file_path2 = $_temp_file_path . '.tmp'; } else { $USE_TEMP_FILE = false; } } if ($params['add_create_table']) { $_add_create_table = PHP_EOL . '/*!40101 SET NAMES utf8 */;' . PHP_EOL; if ($USE_TEMP_FILE) { fwrite($fh, $_add_create_table); } else { $EXPORTED_SQL = $_add_create_table; } } foreach ((array) $tables_to_export as $cur_table_name => $WHERE_COND) { $sql_1 = $sql_2 = $sql_3 = $sql_4 = ''; $cols_names_array = []; $counter = 0; if ($params['add_create_table']) { $A = db()->query_fetch('SHOW CREATE TABLE ' . db()->escape_key($cur_table_name)); $_table_sql_header = PHP_EOL . 'DROP TABLE IF EXISTS ' . db()->escape_key($cur_table_name) . ';\\n'; $_table_sql_header .= str_replace('CREATE TABLE', 'CREATE TABLE IF NOT EXISTS', $A['Create Table']) . ';\\n\\n'; if ($USE_TEMP_FILE) { fwrite($fh, $_table_sql_header); } else { $EXPORTED_SQL .= $_table_sql_header; } } $meta_columns = db()->meta_columns($cur_table_name); foreach ((array) $meta_columns as $cur_col_name => $cur_col_info) { $cols_names_array[$cur_col_name] = db()->escape_key($cur_col_name); } $sql_1 = ($EXPORT_TYPE == 'insert' ? 'INSERT' : 'REPLACE') . ' INTO ' . db()->escape_key($cur_table_name) . ' '; $sql_2 = $INSERT_FULL ? '(' . implode(', ', $cols_names_array) . ') ' : ''; $sql_3 = 'VALUES \\n'; $Q = db()->query('SELECT * FROM ' . db()->escape_key(_es($cur_table_name)) . ($WHERE_COND ? ' WHERE ' . $WHERE_COND : '')); if (!db()->num_rows($Q)) { continue; } if ($USE_TEMP_FILE) { $fh2 = fopen($_temp_file_path2, 'w'); if ($INSERT_EXTENDED) { fwrite($fh2, $sql_1 . $sql_2 . $sql_3); } } while ($A = db()->fetch_assoc($Q)) { $cols_values_array = []; foreach ((array) $meta_columns as $cur_col_name => $cur_col_info) { $cols_values_array[$cur_col_name] = db()->escape_val(_es(stripslashes($A[$cur_col_name]))); } $need_break = $INSERT_EXTENDED && $counter >= $this->EXPORT_EXTENDED_PER_BLOCK; if ($need_break && strlen($sql_4)) { $sql_4 = substr($sql_4, 0, -2) . ';'; if ($USE_TEMP_FILE && $fh2) { fseek($fh2, -2, SEEK_CUR); fwrite($fh2, ';'); } } $sql_4_tmp = ''; $sql_4_tmp .= !$INSERT_EXTENDED || $need_break ? PHP_EOL . '' . $sql_1 . $sql_2 . $sql_3 : ''; $sql_4_tmp .= '(' . implode(', ', $cols_values_array) . ')'; $sql_4_tmp .= $INSERT_EXTENDED ? ',' : ';'; $sql_4_tmp .= PHP_EOL . ''; if ($need_break) { $counter = 0; } else { $counter++; } if ($USE_TEMP_FILE && $fh2) { fwrite($fh2, $sql_4_tmp); } else { $sql_4 .= $sql_4_tmp; } } if ($INSERT_EXTENDED) { $sql_4 = substr($sql_4, 0, -2) . ';'; if ($USE_TEMP_FILE && $fh2) { fseek($fh2, -2, SEEK_CUR); fwrite($fh2, ';'); } } if ($USE_TEMP_FILE && $fh2) { fclose($fh2); } // Glue all SQL parts togetther with options if ($USE_TEMP_FILE) { fwrite($fh, file_get_contents($_temp_file_path2)); unlink($_temp_file_path2); } else { $EXPORTED_SQL .= ($INSERT_EXTENDED ? $sql_1 . $sql_2 . $sql_3 : '') . $sql_4 . PHP_EOL . ''; } } if ($USE_TEMP_FILE) { fclose($fh); } } $EXPORTED_SQL = trim($EXPORTED_SQL); // Compress SQL and throw as file if ($_POST['compress']) { $_exported_name = 'export' . ($SINGLE_TABLE ? '__' . $SINGLE_TABLE : '') . '.sql'; if ($USE_TEMP_FILE) { $_exported_file_path = $_temp_file_path; } else { $_exported_file_path = INCLUDE_PATH . 'uploads/tmp/' . $_exported_name; _mkdir_m(dirname($_exported_file_path)); if (file_exists(dirname($_exported_file_path))) { file_put_contents($_exported_file_path, $EXPORTED_SQL); } } } // Compress, stage 2 if ($_POST['compress'] && file_exists($_exported_file_path) && filesize($_exported_file_path) > 2) { // Free some memory $EXPORTED_SQL = null; // Try to Gzip result (degrade gracefully if could not gzip) $gzip_path = defined('OS_WINDOWS') && OS_WINDOWS ? 'd:\\' : ''; exec($gzip_path . 'gzip -fq9 ' . $_exported_file_path); if (file_exists($_exported_file_path . '.gz') && filesize($_exported_file_path . '.gz') > 2) { if (file_exists($_exported_file_path)) { unlink($_exported_file_path); } $_exported_name .= '.gz'; $_exported_file_path .= '.gz'; // Manual method } elseif (function_exists('gzwrite')) { $gz = gzopen($_exported_file_path . '.gz', 'w1'); gzwrite($gz, file_get_contents($_exported_file_path)); gzclose($gz); if (file_exists($_exported_file_path . '.gz') && filesize($_exported_file_path . '.gz') > 2) { unlink($_exported_file_path); $_exported_name .= '.gz'; $_exported_file_path .= '.gz'; } } no_graphics(true); header('Content-Type: application/force-download; name=\'' . $_exported_name . '\''); header('Content-Disposition: attachment; filename=\'' . $_exported_name . '\''); header('Content-Transfer-Encoding: binary'); header('Content-Length: ' . intval(filesize($_exported_file_path))); readfile($_exported_file_path); unlink($_exported_file_path); exit; return false; // Not needed with exit(), but leave it here :-) } if ($USE_TEMP_FILE && file_exists($_temp_file_path)) { $EXPORTED_SQL = file_get_contents($_temp_file_path); unlink($_temp_file_path); } if ($SILENT_MODE) { return $EXPORTED_SQL; } if (!common()->_error_exists()) { $replace2 = ['sql_text' => _prepare_html($EXPORTED_SQL, 0), 'back_link' => url('/@object')]; return tpl()->parse('@object/export_text_result', $replace2); } } $replace = ['form_action' => url('/@object/@action'), 'error_message' => _e(), 'back_link' => url('/@object'), 'single_table' => _prepare_html($SINGLE_TABLE), 'table_num_rows' => intval($_single_table_info['rows']), 'table_size' => common()->format_file_size($_single_table_info['data_size'])]; return tpl()->parse('@object/export', $replace); }
</div> <div class="clear"></div> </div> </div> <!-- End Post --> <?php } ?> <?php } else { ?> <h1 class="rt-pagetitle"> <?php _re('Sorry, no pages matched your criteria.'); ?> </h1> <?php } ?> <?php wp_reset_query(); ?> </div> </div>
/** * Email Page */ function email_page() { $a = $this->_get_page_from_db(); $this->_set_global_info($a); // Show error message if (empty($a)) { _re('No such page!'); $body = _e(); } else { $body = common()->email_page($a['text']); } return $body; }
?> </div> <div class="clear"></div> </div><br /> <?php } ?> <!-- End Navigation --> <?php } else { ?> <h1 class="rt-pagetitle"> <?php _re("No posts found. Try a different search?"); ?> </h1> <?php } ?> <?php wp_reset_query(); ?> </div> </div>
/** * Do upload image to server */ function go($new_file_path, $name_in_form = 'image', $max_image_size = 0, $is_local = false) { // We do not want to user break our operation ignore_user_abort(true); // New name is required if (empty($new_file_path)) { trigger_error('UPLOAD_IMAGE: New file path id required', E_USER_WARNING); return false; } // Default name in form if (empty($name_in_form)) { $name_in_form = 'image'; } // Prepare params // If $name_in_form is an array - then we think that it is $_FILES array with cur image info // (useful when uploading several images at once) $PHOTO = is_array($name_in_form) ? $name_in_form : $_FILES[$name_in_form]; $MAX_IMAGE_SIZE = $max_image_size; // Check image size (first attempt) if (empty($PHOTO['size']) || !empty($MAX_IMAGE_SIZE) && $PHOTO['size'] > $MAX_IMAGE_SIZE) { _re('Invalid image size'); } // First mime type check (quick and simple) if (!$PHOTO['type'] || !isset($this->ALLOWED_MIME_TYPES[$PHOTO['type']])) { _re('Invalid image type'); } // Check for errors and stop if exists if (common()->_error_exists()) { return false; } // Create folder if not exists $photo_dir = dirname($new_file_path); if (!file_exists($photo_dir)) { _class('dir')->mkdir_m($photo_dir, 0777, 1); } // Upload original photo $photo_path = $new_file_path; if ($is_local) { $move_result = false; if (!file_exists($photo_path) && file_exists($PHOTO['tmp_name'])) { file_put_contents($photo_path, file_get_contents($PHOTO['tmp_name'])); unlink($PHOTO['tmp_name']); $move_result = true; } } else { $move_result = move_uploaded_file($PHOTO['tmp_name'], $photo_path); } // Check if file uploaded successfully if (!$move_result || !file_exists($photo_path) || !filesize($photo_path) || !is_readable($photo_path)) { _re('Uploading image error #001. Please <a href="' . process_url('./?object=help&action=email_form') . '">contact</a> site admin.'); trigger_error('Moving uploaded image error', E_USER_WARNING); return false; } // Second image type check (using GD) $real_image_info = @getimagesize($photo_path); if (empty($real_image_info) || !$real_image_info['mime'] || !isset($this->ALLOWED_MIME_TYPES[$real_image_info['mime']])) { _re('Invalid image type'); trigger_error('Invalid image type', E_USER_WARNING); unlink($photo_path); return false; } $_image_type_short = $this->ALLOWED_MIME_TYPES[$real_image_info['mime']]; // Check for wrong photos that crashed GD (only if we do not have NETPBM) if ((!defined('NETPBM_PATH') || NETPBM_PATH == '') && (!defined('IMAGICK_PATH') || IMAGICK_PATH == '')) { if ($_image_type_short == 'jpeg') { $c_func = 'imagecreatefromjpeg'; } elseif ($_image_type_short == 'png') { $c_func = 'imagecreatefrompng'; } elseif ($_image_type_short == 'gif') { $c_func = 'imagecreatefromgif'; } if ($c_func && false === @$c_func($photo_path)) { _re('Uploading image error #002. Please <a href="' . process_url('./?object=help&action=email_form') . '">contact</a> site admin.'); trigger_error('Image that crashes GD found', E_USER_WARNING); unlink($photo_path); return false; } } // Second image size checking (from the real file) if (!empty($MAX_IMAGE_SIZE) && filesize($photo_path) > $MAX_IMAGE_SIZE) { _re('Invalid image size'); trigger_error('Image size hacking attempt', E_USER_WARNING); unlink($photo_path); return false; } // Third image size checking (force resize it if needed) $LIMIT_X = defined('FORCE_RESIZE_WIDTH') ? FORCE_RESIZE_WIDTH : 1280; $LIMIT_Y = defined('FORCE_RESIZE_HEIGHT') ? FORCE_RESIZE_HEIGHT : 1024; if (defined('FORCE_RESIZE_IMAGE_SIZE') && filesize($photo_path) > FORCE_RESIZE_IMAGE_SIZE || defined('FORCE_RESIZE_WIDTH') && $real_image_info[0] > FORCE_RESIZE_WIDTH || defined('FORCE_RESIZE_HEIGHT') && $real_image_info[1] > FORCE_RESIZE_HEIGHT) { return common()->make_thumb($photo_path, $photo_path, $LIMIT_X, $LIMIT_Y); } return true; }
?> </div> <div class="clear"></div> </div><br /> <?php } ?> <!-- End Navigation --> <?php } else { ?> <h1 class="rt-pagetitle"> <?php _re("Sorry, but there aren't any posts matching your query."); ?> </h1> <?php } ?> <?php wp_reset_query(); ?> </div> </div>
/** */ function product_image_search() { $_GET['id'] = intval($_GET['id']); if ($_GET['id']) { $product = module('manage_shop')->_product_get_info($_GET['id']); } if (!$product['id']) { return _e('No such product!'); } $sql = 'SELECT * FROM ' . db('shop_products') . ' WHERE id = ' . $_GET['id']; $product_info = db()->query_fetch($sql); if (empty($product_info)) { return js_redirect($_SERVER['HTTP_REFERER'], true, 'wrong product ID'); } if (!empty($_POST['src'])) { $tmp_file = '/tmp/search_image_' . $_GET['id']; exec('wget ' . $_POST['src'] . ' -O ' . $tmp_file); if (!filesize($tmp_file)) { _re("Error. Bad image."); } else { $_FILES['image']['tmp_name'][] = $tmp_file; if (!empty($_POST['w']) && !empty($_POST['h'])) { common()->crop_image($tmp_file, $tmp_file, $_POST['w'], $_POST['h'], $_POST['x'], $_POST['y']); } } } // Image upload if (!empty($_FILES)) { $this->product_image_upload(); //Delete temprary file if (!empty($tmp_file)) { @unlink($tmp_file); } } $images = common()->shop_get_images($product_info['id']); $base_url = WEB_PATH; $media_host = defined('MEDIA_HOST') ? MEDIA_HOST : false; if (!empty($media_host)) { $base_url = '//' . $media_host . '/'; } foreach ((array) $images as $A) { $product_image_delete_url = './?object=' . main()->_get('object') . '&action=product_image_delete&id=' . $product_info['id'] . '&key=' . $A['id']; $replace2 = ['img_path' => $base_url . $A['big'], 'thumb_path' => $base_url . $A['thumb'], 'del_url' => $product_image_delete_url, 'image_key' => $A['id']]; $items .= tpl()->parse('manage_shop/image_items', $replace2); } $search_url = 'http://yandex.com/images/search?text=' . urlencode($product_info['name']); $cache_key = 'external_images_' . $_GET['id']; $search_results = cache_get($cache_key); if (empty($search_results)) { $search_results = file_get_contents($search_url); preg_match_all('/<a class="serp-item__link".*?c.hit\\((.*?)\\)/umis', $search_results, $search_results); $search_results = $search_results[1]; foreach ($search_results as $key => $item) { $item = json_decode('[' . html_entity_decode($item) . ']', true); $search_results[$key] = $item[1]['href']; } cache_set($cache_key, $search_results); } $replace = ['form_action' => './?object=manage_shop&action=product_image_search&id=' . $product_info['id'], 'search_url' => $search_url, 'search_results' => json_encode($search_results), 'product_info' => $product_info, 'image' => $items, 'product_url' => './?object=' . main()->_get('object') . '&action=product_edit&id=' . $product_info['id']]; return tpl()->parse($_GET['object'] . '/product_image_search', $replace); }
/** * Export vars */ function export_vars() { if (main()->is_post()) { if (empty($_POST['file_format']) || !isset($this->_file_formats[$_POST['file_format']])) { _re('Please select file format'); } $IS_TEMPLATE = intval((bool) $_POST['is_template']); if (empty($_POST['lang_code']) && !$IS_TEMPLATE) { _re('Please select language to export'); } $cur_locale = !empty($_POST['lang_code']) ? $_POST['lang_code'] : 'en'; $cur_lang_info = ['locale' => $cur_locale, 'name' => $this->_cur_langs[$cur_locale]]; if (!$IS_TEMPLATE) { $Q = db()->query('SELECT * FROM ' . db('locale_translate') . ' WHERE locale = "' . _es($cur_locale) . '"'); while ($A = db()->fetch_assoc($Q)) { $tr_vars[$A['var_id']] = $A['value']; } } $Q = db()->query('SELECT * FROM ' . db('locale_vars') . ' ORDER BY value ASC'); while ($A = db()->fetch_assoc($Q)) { $source = $A['value']; $translation = $IS_TEMPLATE ? $A['value'] : $tr_vars[$A['id']]; // Skip not translated vars if (!$IS_TEMPLATE && empty($translation)) { continue; } // Export only for specified location if (!$IS_TEMPLATE && !empty($_POST['location']) && false === strpos($A['location'], $_POST['location'])) { continue; } // Export only for specified module if (!empty($_POST['module'])) { $is_admin_module = false; if (substr($_POST['module'], 0, strlen('admin:')) == 'admin:') { $_POST['module'] = substr($_POST['module'], strlen('admin:')); $is_admin_module = true; } if (false === strpos($A['location'], ($is_admin_module ? ADMIN_MODULES_DIR : USER_MODULES_DIR) . $_POST['module'] . '.class.php') && (false === strpos($A['location'], '/' . $_POST['module'] . '/') || false === strpos($A['location'], '.stpl'))) { continue; } } $tr_array[$A['id']] = ['source' => trim($source), 'translation' => trim($translation)]; } // Check for errors if (!common()->_error_exists()) { // Get vars to export if ($_POST['file_format'] == 'csv') { $body .= "source;translation" . PHP_EOL; // Process vars foreach ((array) $tr_array as $info) { $body .= "\"" . str_replace("\"", "\"\"", $info["source"]) . "\";\"" . str_replace("\"", "\"\"", $info["translation"]) . "\"" . PHP_EOL; } // Generate result file_name $file_name = $cur_lang_info["locale"] . "_translation.csv"; } elseif ($_POST["file_format"] == "xml") { // Generate XML string $body .= "<!DOCTYPE tr><tr>" . PHP_EOL; $body .= "\t<info>" . PHP_EOL; $body .= "\t\t<locale>" . _prepare_html($cur_lang_info["locale"]) . "</locale>" . PHP_EOL; $body .= "\t\t<lang_name>" . _prepare_html($cur_lang_info["name"]) . "</lang_name>" . PHP_EOL; $body .= "\t</info>" . PHP_EOL; // Process vars foreach ((array) $tr_array as $info) { $body .= "\t<message>" . PHP_EOL; $body .= "\t\t<source>" . _prepare_html($info["source"]) . "</source>" . PHP_EOL; $body .= "\t\t<translation>" . _prepare_html($info["translation"]) . "</translation>" . PHP_EOL; $body .= "\t</message>" . PHP_EOL; } $body .= "</tr>"; // Generate result file_name $file_name = $cur_lang_info["locale"] . "_translation.xml"; } } if (!common()->_error_exists()) { if (empty($body)) { _re("Error while exporting data"); } } if (!common()->_error_exists()) { main()->NO_GRAPHICS = true; header("Content-Type: application/force-download; name=\"" . $file_name . "\""); header("Content-Type: text/" . $_POST["file_format"] . ";charset=utf-8"); header("Content-Transfer-Encoding: binary"); header("Content-Length: " . strlen($body)); header("Content-Disposition: attachment; filename=\"" . $file_name . "\""); echo $body; exit; } } $this->_used_locations[''] = t('-- ALL --'); foreach ((array) $this->_get_all_vars_locations() as $cur_location => $num_vars) { if (empty($num_vars)) { continue; } $this->_used_locations[$cur_location] = $cur_location . ' (' . intval($num_vars) . ')'; } $replace = ['form_action' => './?object=' . $_GET['object'] . '&action=' . $_GET['action'], 'back_link' => './?object=' . $_GET['object'], 'error_message' => _e(), 'langs_box' => $this->_box('cur_langs', -1), 'file_formats_box' => $this->_box('file_format', 'csv'), 'location_box' => $this->_box('location', -1), 'modules_box' => $this->_box('module', -1)]; return tpl()->parse($_GET['object'] . '/export_vars', $replace); }
/** * chmod */ function edit_chmod() { $_SELECTED_FILES = []; if ($this->GET_PATH) { $this->GET_PATH = $this->_urldecode($this->GET_PATH); $_SELECTED_FILES[] = $this->_prepare_path($this->GET_PATH); } elseif (!empty($_POST["selected"])) { foreach ((array) $_POST["selected"] as $path) { $path = $this->_urldecode($path); $_SELECTED_FILES[] = $this->_prepare_path($path); } } else { _re("File path missing"); } if (common()->_error_exists()) { return js_redirect($_SERVER["HTTP_REFERER"]); } // Check that given path is not a root folder or path foreach ((array) $_SELECTED_FILES as $path) { $tmp_dir_name = rtrim($path, "/"); if (substr_count($tmp_dir_name, "/") < 1) { return js_redirect($_SERVER["HTTP_REFERER"]); } } if ($this->ALLOW_CHANGE_OWNER) { // Init server commands class $this->SERVER_OBJ =& _class("server_commands"); // Find all users $system_users_array = $this->SERVER_OBJ->get_system_users($this->_server_info); foreach ((array) $system_users_array as $v) { $users_array[$v["user_name"]] = $v["user_name"]; } asort($users_array); // Find all groups $system_groups_array = $this->SERVER_OBJ->get_system_groups($this->_server_info); foreach ((array) $system_groups_array as $v) { $groups_array[$v["group_name"]] = $v["group_name"]; } asort($groups_array); } if (count($_SELECTED_FILES) == 1) { // Find file info $file_info = $this->SSH_OBJ->file_info($this->_server_info, $path); $perms = substr($file_info["perms"], 1); } else { $perms = "rwxrwxrwx"; } $perms_array = [[t("read"), $perms[0]], [t("write"), $perms[1]], [t("execute"), $perms[2]], [t("read"), $perms[3]], [t("write"), $perms[4]], [t("execute"), $perms[5]], [t("read"), $perms[6]], [t("write"), $perms[7]], [t("execute"), $perms[8]]]; // if (!empty($_POST["user"]) || !empty($_POST["group"])) { if (main()->is_post()) { // Save data if ($_POST["mass_selected"]) { $_POST["mass_selected"] = unserialize($_POST["mass_selected"]); } $_POST["perms_octal"] = intval($_POST["perms_octal"]); $recurs = $_POST["change_recurs"] ? 1 : 0; if (!empty($_POST["perms_octal"])) { // Convert octal form to string form if (strlen($_POST["perms_octal"]) != 3) { _re(t("Wrong permission") . "!"); } $octal_array = str_split($_POST["perms_octal"]); foreach ((array) $octal_array as $octal) { if (intval($octal) > 7) { _re(t("Wrong permission") . "!"); } } if (!common()->_error_exists()) { foreach ((array) $_POST["mass_selected"] as $path) { // Change chmod $this->SSH_OBJ->chmod($this->_server_info, $path, $_POST["perms_octal"], $recurs); } } } elseif (!empty($_POST["perms"])) { foreach (range(0, 7) as $v) { if (!isset($_POST["perms"][$v])) { $_POST["perms"][$v] = "-"; } } ksort($_POST["perms"]); $perm_string = implode("", $_POST["perms"]); $octal = $this->_perm_str2num($perm_string); if (!common()->_error_exists()) { foreach ((array) $_POST["mass_selected"] as $path) { // Change chmod $this->SSH_OBJ->chmod($this->_server_info, $path, $octal, $recurs); } } } if ($this->ALLOW_CHANGE_OWNER) { // Change group and (or) owner if (!common()->_error_exists()) { foreach ((array) $_POST["mass_selected"] as $path) { $this->SSH_OBJ->chown($this->_server_info, $path, $_POST["user"], $_POST["group"], $recurs); } } } return js_redirect("./?object=" . $_GET["object"] . "&action=show&id=" . ($this->SERVER_ID ? $this->SERVER_ID . "&page=" : "") . $this->_urlencode(dirname($path))); } $replace = ["filepath" => _prepare_html($path), "group_box" => $this->ALLOW_CHANGE_OWNER ? common()->select_box("group", $groups_array, count($_SELECTED_FILES) == 1 ? $file_info["group"] : "root") : "", "user_box" => $this->ALLOW_CHANGE_OWNER ? common()->select_box("user", $users_array, count($_SELECTED_FILES) == 1 ? $file_info["user"] : "******") : "", "perms" => $perms_array, "form_action" => "./?object=" . $_GET["object"] . "&action=edit_chmod&id=" . ($this->SERVER_ID ? $this->SERVER_ID . "&page=" : "") . $this->_urlencode($path), "error_message" => _e(), "is_folder" => $file_info["type"] == "d" ? 1 : 0, "back_url" => "./?object=" . $_GET["object"] . "&action=show&id=" . ($this->SERVER_ID ? $this->SERVER_ID . "&page=" : "") . $this->_urlencode(dirname($path)), "mass_selected" => _prepare_html(serialize($_SELECTED_FILES))]; return tpl()->parse($_GET["object"] . "/chmod_form", $replace); }
/** * Check spam */ function _spam_check($text) { preg_match_all(module('comments')->HTML_LINK_REGEX, $text, $result); preg_match_all(module('comments')->BBCODE_LINK_REGEX, $text, $result2); $count_links = count($result[1]) + count($result2[1]); if (empty(main()->USER_ID)) { if ($count_links > 1) { _re('Too many links'); } } else { if ($count_links > 3) { _re('Too many links'); } } }