function pligg_validate() { // returns the value for register validation $vars = array('validate' => misc_validate); check_actions('pligg_validate', $vars); return $vars['validate']; }
function Logout($url = './') { $this->user_login = ""; $this->authenticated = FALSE; $this->SetIDCookie(0, ''); define('wheretoreturn', $url); check_actions('logout_success'); //header("Pragma: no-cache"); header("Cache-Control: no-cache, must-revalidate"); header("Location: {$url}"); header("Expires: " . gmdate("r", time() - 3600)); header("ETag: \"logingout" . time() . "\""); die; }
function delete_storylink($linkid) { if (!is_numeric($linkid)) { return; } $query = "SELECT * FROM " . table_links . " WHERE link_id = '{$linkid}'"; if (!($result = mysql_query($query))) { error_page(mysql_error()); } else { $sql_array = mysql_fetch_object($result); } # delete the story link $query = "DELETE FROM " . table_links . " WHERE link_id = '{$linkid}'"; if (!($result = mysql_query($query))) { error_page(mysql_error()); } # delete the story comments $query = "DELETE FROM " . table_comments . " WHERE comment_link_id = '{$linkid}'"; if (!($result = mysql_query($query))) { error_page(mysql_error()); } # delete the saved links $query = "DELETE FROM " . table_saved_links . " WHERE saved_link_id = '{$linkid}'"; if (!($result = mysql_query($query))) { error_page(mysql_error()); } # delete the story tags $query = "DELETE FROM " . table_tags . " WHERE tag_link_id = '{$linkid}'"; if (!($result = mysql_query($query))) { error_page(mysql_error()); } # delete the story trackbacks $query = "DELETE FROM " . table_trackbacks . " WHERE trackback_link_id = '{$linkid}'"; if (!($result = mysql_query($query))) { error_page(mysql_error()); } # delete the story votes $query = "DELETE FROM " . table_votes . " WHERE vote_link_id = '{$linkid}'"; if (!($result = mysql_query($query))) { error_page(mysql_error()); } # delete additional categories $query = "DELETE FROM " . table_additional_categories . " WHERE ac_link_id = '{$linkid}'"; if (!($result = mysql_query($query))) { error_page(mysql_error()); } // module system hook $vars = array('link_id' => $linkid); check_actions('admin_story_delete', $vars); }
function insert_vote($user = 0, $value = 10) { if (parent::insert_vote($user, $value)) { $vote = new Vote(); $vote->type = 'links'; $vote->link = $this->id; if (Voting_Method == 2) { $this->votes = $vote->rating("!=0"); $this->votecount = $vote->count("!=0"); $this->reports = $this->count_all_votes("<0"); } else { $this->reports = $this->count_all_votes("<0"); $this->votes = $vote->count() - $this->reports; } $this->store_basic(); $this->check_should_publish(); $vars = array('vote' => $this); check_actions('link_insert_vote_post', $vars); return true; } return false; }
function delete_comment($key) { global $db; if (!is_numeric($key)) { return; } $link_id = $db->get_var("SELECT comment_link_id FROM `" . table_comments . "` WHERE `comment_id` = " . $key . ";"); $vars = array('comment_id' => $key); check_actions('comment_deleted', $vars); $comments = $db->get_results($sql = "SELECT comment_id FROM " . table_comments . " WHERE `comment_parent` = '{$key}'"); foreach ($comments as $comment) { $vars = array('comment_id' => $comment->comment_id); check_actions('comment_deleted', $vars); } $db->query('DELETE FROM `' . table_comments . '` WHERE `comment_parent` = "' . $key . '"'); $db->query('DELETE FROM `' . table_comments . '` WHERE `comment_id` = "' . $key . '"'); $link = new Link(); $link->id = $link_id; $link->read(); $link->recalc_comments(); $link->store(); }
function insert_anonymous_comment(&$vars) { global $db; $link_id = $vars['link_id']; $user_id = $vars['user_id']; $randkey = $vars['randkey']; $comment_content = $db->escape($vars['comment_content']); $a_username = $vars['a_username']; $a_email = $vars['a_email']; $a_website = $vars['a_website']; $sql = "INSERT INTO " . table_comments . " (comment_user_id, comment_link_id, comment_date, comment_randkey, comment_content,`comment_anonymous_username`, `comment_anonymous_email`, `comment_anonymous_website` ) VALUES ({$user_id}, {$link_id}, NOW(), {$randkey}, '{$comment_content}', '{$a_username}','{$a_email}', '{$a_website}')"; $result = $db->query($sql); // DB 04/15/11 $vars = array('comment' => $db->insert_id); check_actions('after_comment_submit', $vars); ///// // DB 12/17/08 $link = new Link(); $link->id = $link_id; $link->read(); $link->adjust_comment(1); $link->store(); ///// }
function insert_comment() { global $link, $db, $current_user, $main_smarty, $the_template, $story_url; $main_smarty->assign('TheComment', $_POST['comment_content']); if ($vars['error'] == true) { $error = true; return; } require_once mnminclude . 'comment.php'; $comment = new Comment(); $cancontinue = false; //anonymous comment $cancontinue_anon = false; $anon = $_POST['anon']; $comment->content = sanitize($_POST['comment_content'], 4); if (strlen($comment->content) > maxCommentLength) { $main_smarty->assign('url', $_SERVER['REQUEST_URI']); $main_smarty->assign('tpl_center', $the_template . '/comment_errors'); $main_smarty->display($the_template . '/pligg.tpl'); exit; } if (sanitize($_POST['link_id'], 3) == $link->id && $current_user->authenticated && sanitize($_POST['user_id'], 3) == $current_user->user_id && sanitize($_POST['randkey'], 3) > 0) { if (sanitize($_POST['comment_content'], 4) != '') { // this is a normal new comment $cancontinue = true; } if (is_array($_POST['reply_comment_content'])) { // comment replies foreach ($_POST['reply_comment_content'] as $id => $value) { if ($id > 0 && $value) { $comment->content = sanitize($value, 4); $comment->parent = $id; $cancontinue = true; break; } } } } elseif ($_POST['link_id'] == $link->id && $_POST['randkey'] > 0 && $anon == 1) { if (strlen($_POST['comment_content']) > 0) { check_actions('register_check_errors', $vars); if ($vars['error'] == true) { $error = true; } elseif (!$current_user->authenticated) { $vars = array('link_id' => $link->id, 'randkey' => $_POST['randkey'], 'user_id' => $_POST['user_id'], 'a_email' => $_POST['a_email'], 'a_username' => $_POST['a_username'], 'a_website' => $_POST['a_website'], 'comment_content' => sanitize($_POST['comment_content'], 4)); check_actions('anonymous_comment', $vars); } } } $parrent_comment_id = sanitize($_POST['parrent_comment_id'], 3); if ($cancontinue == true) { $comment->link = $link->id; if ($parrent_comment_id != 0) { $comment->parent = $parrent_comment_id; } else { $comment->parent = 0; } $comment->randkey = sanitize($_POST['randkey'], 3); $comment->author = sanitize($_POST['user_id'], 3); $vars = array('comment' => &$comment); check_actions('story_insert_comment', $vars); if ($vars['comment']->status) { $comment->status = $vars['comment']->status; } $comment->store(); $vars['comment'] = $comment->id; check_actions('after_comment_submit', $vars); $story_url = getmyurl("storyURL", $link->category_safe_names(), urlencode($link->title_url), $link->id); //$story_url; header('Location: ' . $story_url . "#comment-reply-" . $comment->id); die; } }
<?php // The source code packaged with this file is Free Software, Copyright (C) 2005 by // Ricardo Galli <gallir at uib dot es>. // It's licensed under the AFFERO GENERAL PUBLIC LICENSE unless stated otherwise. // You can get copies of the licenses here: // http://www.affero.org/oagpl.html // AFFERO GENERAL PUBLIC LICENSE is also included in the file called "COPYING". include_once 'Smarty.class.php'; $main_smarty = new Smarty(); include_once 'config.php'; include_once mnminclude . 'html1.php'; include_once mnminclude . 'link.php'; include_once mnminclude . 'tags.php'; include_once mnminclude . 'search.php'; include_once mnminclude . 'smartyvariables.php'; // pagename define('pagename', 'module'); $main_smarty->assign('pagename', pagename); $vars = ''; check_actions('module_page', $vars);
function insert_vote($user = 0, $value = 10) { global $anon_karma; require_once mnminclude . 'votes.php'; if (!is_numeric($this->id)) { return false; } $vote = new Vote(); $vote->type = 'comments'; $vote->user = $user; $vote->link = $this->id; $vote->value = $value; if ($vote->insert()) { $vote = new Vote(); $vote->type = 'comments'; $vote->link = $this->id; $this->votes = $vote->count() - $vote->count('<0'); if (comment_buries_spam > 0 && $vote->count_all("<0") >= comment_buries_spam) { $this->status = 'discard'; $this->store(); $vars = array('comment_id' => $this->id); check_actions('comment_spam', $vars); require_once mnminclude . 'link.php'; $link = new Link(); $link->id = $this->link; $link->read(); $link->recalc_comments(); $link->store(); } $vars = array('vote' => $this); check_actions('comment_insert_vote_post', $vars); return $vote->sum(); } return false; }
echo "\t<category>" . htmlspecialchars($category_name) . "</category>\n"; // Calculate total vote count based on votes-downvotes $vote_total = $link->votes - $link->reports; echo "\t<votes>" . $vote_total . "</votes>\n"; echo "\t<upvotes>" . $link->votes . "</upvotes>\n"; echo "\t<downvotes>" . $link->reports . "</downvotes>\n"; echo "\t<guid>" . getmyFullurl("storyURL", $link->category_safe_names($link->category), urlencode($link->title_url), $link->id) . "</guid>\n"; // module system hook $vars = array('item' => $link); check_actions('rss_item', $vars); echo "</item>\n\n"; } } // module system hook $vars = ''; check_actions('rss_end_data', $vars); do_rss_footer(); function do_rss_header($title) { global $last_modified, $dblang, $main_smarty; header('Content-type: text/xml; charset=utf-8', true); echo '<?xml version="1.0"?>' . "\n"; echo '<rss xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:media="http://search.yahoo.com/mrss/" xmlns:atom="http://www.w3.org/2005/Atom" version="2.0">' . "\n"; echo '<channel>' . "\n"; echo '<title>' . htmlspecialchars($main_smarty->get_config_vars("PLIGG_Visual_Name")) . ' ' . trim($title) . '</title>' . "\n"; echo '<link>' . my_base_url . my_pligg_base . '</link>' . "\n"; echo '<description>' . $main_smarty->get_config_vars("PLIGG_Visual_RSS_Description") . '</description>' . "\n"; echo '<pubDate>' . date('D, d M Y H:i:s T', $last_modified - misc_timezone * 3600) . '</pubDate>' . "\n"; echo '<language>' . $dblang . '</language>' . "\n"; } function do_rss_footer()
<?php include_once 'internal/Smarty.class.php'; $main_smarty = new Smarty(); include 'config.php'; include mnminclude . 'html1.php'; include mnminclude . 'link.php'; include mnminclude . 'smartyvariables.php'; $vars = ''; check_actions('error_404', $vars); define('pagename', 'error_404'); $main_smarty->assign('pagename', pagename); // sidebar $main_smarty = do_sidebar($main_smarty); // show the template header("HTTP/1.1 404 Not Found"); $main_smarty->assign('tpl_center', $the_template . '/error_404_center'); $main_smarty->display($the_template . '/pligg.tpl'); exit;
<?php // The source code packaged with this file is Free Software, Copyright (C) 2005 by // Ricardo Galli <gallir at uib dot es>. // It's licensed under the AFFERO GENERAL PUBLIC LICENSE unless stated otherwise. // You can get copies of the licenses here: // http://www.affero.org/oagpl.html // AFFERO GENERAL PUBLIC LICENSE is also included in the file called "COPYING". include_once 'Smarty.class.php'; $main_smarty = new Smarty(); include 'config.php'; include mnminclude . 'html1.php'; include mnminclude . 'link.php'; include mnminclude . 'smartyvariables.php'; $vars = ''; check_actions('404Error', $vars); define('pagename', '404'); $main_smarty->assign('pagename', pagename); // sidebar $main_smarty = do_sidebar($main_smarty); // show the template $main_smarty->assign('tpl_center', '404error'); $main_smarty->display($the_template . '/pligg.tpl');
function insert_comment() { global $commentownerid, $link, $db, $current_user, $main_smarty, $the_template; check_actions('story_edit_comment', $vars); // Check if is a POST of a comment if (sanitize($_POST['link_id'], 3) == $link->id && $current_user->authenticated && sanitize($_POST['user_id'], 3) == $current_user->user_id && is_numeric(sanitize($_POST['randkey'], 3)) && sanitize($_POST['randkey'], 3) > 0 && sanitize($_POST['comment_content'], 4) != '') { require_once mnminclude . 'comment.php'; $comment = new Comment(); $comment->id = $link->commentid; $comment->read(); $comment->link = $link->id; $comment->randkey = sanitize($_POST['randkey'], 3); $comment->author = $commentownerid; $comment->content = sanitize($_POST['comment_content'], 4); if (strlen($comment->content) > maxCommentLength) { $main_smarty->assign('url', $_SERVER['REQUEST_URI']); $main_smarty->assign('tpl_center', $the_template . '/comment_errors'); $main_smarty->display($the_template . '/pligg.tpl'); exit; } $vars['comment'] = $comment->id; $vars = array('comment' => &$comment); check_actions('after_comment_edit', $vars); if ($vars['comment']->status) { $comment->status = $vars['comment']->status; } $comment->store(); header('Location: ' . getmyurl('story', sanitize($_POST['link_id'], 3))); die; } }
foreach ($links as $dblink) { $link->id = $dblink->link_id; $cached_links[$dblink->link_id] = $dblink; $link->read(); $category_name = $db->get_var("SELECT category_name FROM " . table_categories . " WHERE category_id = {$link->category} AND category_lang='{$dblang}'"); $link->content = str_replace("\n", "<br />", $link->content); $link->content = str_replace("’", "'", $link->content); $link->content = str_replace("–", "-", $link->content); $link->content = str_replace("—", "-", $link->content); $link->content = str_replace("“", "\"", $link->content); $link->content = str_replace("”", "\"", $link->content); echo "<item>\n"; echo "\t<title><![CDATA[" . $link->title . "]]></title>\n"; echo "\t<link>" . getmyFullurl("storyURL", $link->category_safe_names($link->category), $link->title_url, $link->id) . "</link>\n"; $vars = array('link' => $link); check_actions('rss_add_data', $vars); echo ' <source url="' . getmyFullurl("storyURL", $link->category_safe_names($link->category), $link->title_url, $link->id) . '"><![CDATA[' . $link->title . ']]></source>'; echo "\n\t<description><![CDATA[" . $link->content . " ]]></description>\n"; if (!empty($link_date)) { echo "\t<pubDate>" . date("r", $link->{$link_date} - misc_timezone * 3600) . "</pubDate>\n"; } else { echo "\t<pubDate>" . date("r", time() - misc_timezone * 3600) . "</pubDate>\n"; } echo "\t<author>" . $dblink->user_login . "</author>\n"; echo "\t<category>" . htmlspecialchars($category_name) . "</category>\n"; echo "\t<votes>" . $link->votes . "</votes>\n"; echo "\t<guid>" . getmyFullurl("storyURL", $link->category_safe_names($link->category), $link->title_url, $link->id) . "</guid>\n"; echo "</item>\n\n"; } } do_rss_footer();
// code to prevent CSRF $CSRF->check_expired('admin_users_edit'); // code to prevent CSRF if ($CSRF->check_valid(sanitize($_GET['token'], 3), 'admin_users_edit')) { $user = $db->get_row('SELECT * FROM ' . table_users . ' where user_login="******"user"], 3) . '"'); canIChangeUser($user->user_level); if ($user) { $userdata = new User(); $userdata->username = $user->user_login; if (!$userdata->read()) { echo "Error reading user data."; die; } // module system hook $vars = ''; check_actions('admin_users_save', $vars); $userdata->username = trim(sanitize($_GET["login"], 3)); $userdata->level = trim(sanitize($_GET["level"], 3)); $userdata->email = trim(sanitize($_GET["email"], 3)); if ($_GET["password"] && $_GET["password"] == $_GET["password2"]) { $userdata->pass = $_GET["password"]; } $userdata->store(); // breadcrumbs and page title $navwhere['text1'] = $main_smarty->get_config_vars('PLIGG_Visual_Header_AdminPanel'); $navwhere['link1'] = getmyurl('admin', ''); $navwhere['text2'] = $main_smarty->get_config_vars('PLIGG_Visual_Header_AdminPanel_1'); $navwhere['link2'] = my_pligg_base . "/admin/admin_users.php"; $navwhere['text3'] = $main_smarty->get_config_vars('PLIGG_Visual_Breadcrumb_Edit_User_Data_Saved'); $main_smarty->assign('navbar_where', $navwhere); $main_smarty->assign('posttitle', " / " . $main_smarty->get_config_vars('PLIGG_Visual_Header_AdminPanel'));
} // breadcrumbs and page title $navwhere['text1'] = $main_smarty->get_config_vars('PLIGG_Visual_Breadcrumb_Live'); $navwhere['link1'] = getmyurl('live', ''); $main_smarty->assign('navbar_where', $navwhere); $main_smarty->assign('posttitle', $main_smarty->get_config_vars('PLIGG_Visual_Breadcrumb_Live')); $main_smarty->assign('page_header', $main_smarty->get_config_vars('PLIGG_Visual_Breadcrumb_Live')); $globals['body-args'] = 'onload="start()"'; // misc smarty $main_smarty->assign('items_to_show', items_to_show); $main_smarty->assign('showsideleftsidebar', "no"); $main_smarty->assign('showsiderightsidebar', "no"); // pagename define('pagename', 'live'); $main_smarty->assign('pagename', pagename); // sidebar $main_smarty = do_sidebar($main_smarty); // module system hook $vars = ''; check_actions('live', $vars); // misc smarty that has to come after do_sidebar $main_smarty->assign('body_args', 'onload="start()"'); // restrict access to admins $canIhaveAccess = 0; $canIhaveAccess = $canIhaveAccess + checklevel('admin'); $canIhaveAccess = $canIhaveAccess + checklevel('moderator'); $main_smarty->assign('isAdmin', $canIhaveAccess); // show the template $main_smarty->assign('tpl_center', $the_template . '/live_center'); $main_smarty->display($the_template . '/pligg.tpl'); $main_smarty->display($the_template . '/functions/live_js.tpl');
function do_sidebar($var_smarty, $navwhere = '') { // show the categories in the sidebar global $db, $dblang, $globals, $the_cats; if ($navwhere == '') { global $navwhere; } // fix for 'undefined index' errors if (!isset($navwhere['text4'])) { $navwhere['text4'] = ''; } else { $navwhere['text4'] = htmlspecialchars($navwhere['text4']); } if (!isset($navwhere['text3'])) { $navwhere['text3'] = ''; } else { $navwhere['text3'] = htmlspecialchars($navwhere['text3']); } if (!isset($navwhere['text2'])) { $navwhere['text2'] = ''; } else { $navwhere['text2'] = htmlspecialchars($navwhere['text2']); } if (!isset($navwhere['text1'])) { $navwhere['text1'] = ''; } else { $navwhere['text1'] = htmlspecialchars($navwhere['text1']); } if (!isset($navwhere['link4'])) { $navwhere['link4'] = ''; } if (!isset($navwhere['link3'])) { $navwhere['link3'] = ''; } if (!isset($navwhere['link2'])) { $navwhere['link2'] = ''; } if (!isset($navwhere['link1'])) { $navwhere['link1'] = ''; } $var_smarty->assign('navbar_where', $navwhere); $var_smarty->assign('body_args', ''); // fix for 'undefined index' errors $_caching = $var_smarty->cache; // get the current cache settings $var_smarty->cache = true; // cache has to be on otherwise is_cached will always be false $var_smarty->cache_lifetime = -1; // lifetime has to be set to something otherwise is_cached will always be false $thetpl = $var_smarty->get_template_vars('the_template_sidebar_modules') . '/categories.tpl'; // check to see if the category sidebar module is already cached // if it is, use it if (isset($_GET['category'])) { $thecat = sanitize($_GET['category'], 3); } else { $thecat = ''; } if ($var_smarty->is_cached($thetpl, 'sidebar|category|' . $thecat)) { $var_smarty->assign('cat_array', 'x'); // this is needed. sidebar.tpl won't include the category module if cat_array doesnt have some data } else { if (isset($_GET['category'])) { $thecat = get_cached_category_data('category_safe_name', urlencode(sanitize($_GET['category'], 1))); $thecat = $thecat->category_name; } $var_smarty->assign('UrlMethod', urlmethod); foreach ($the_cats as $cat) { if ($cat->category_id == $thecat && $cat->category_lang == $dblang && $cat->category_parent == 0) { $globals['category_id'] = $cat->category_id; $globals['category_name'] = $cat->category_name; } } $pos = strrpos($_SERVER["SCRIPT_NAME"], "/"); $script_name = substr($_SERVER["SCRIPT_NAME"], $pos + 1, 100); $script_name = str_replace(".php", "", $script_name); include_once 'dbtree.php'; $login_user = $db->escape(sanitize($_COOKIE['mnm_user'], 3)); if ($login_user) { /////// for user set category----sorojit. $sqlGeticategory = $db->get_var("SELECT user_categories from " . table_users . " where user_login = '******';"); $array1 = "SELECT * from " . table_categories . " where category__auto_id in ({$sqlGeticategory})"; $result = mysql_query($array1); $array = array(); while ($row = mysql_fetch_array($result)) { //print_r($row); $row[] = $row; } $right = array(); $array1 = "SELECT * from " . table_categories . " where category__auto_id in ({$sqlGeticategory}) ORDER BY lft"; $result1 = mysql_query($array1); while ($row = mysql_fetch_object($result1)) { $a[] = $row; } $result = $a; $i = 0; $lastspacer = 0; // added @ thanks to `parterburn` - http://www.pligg.com/forum/showthread.php?t=4888 foreach ($result as $row) { if (count($right) > 0) { // check if we should remove a node from the stack while ($right[count($right) - 1] < $row->rgt) { if (array_pop($right) == NULL) { break; // We've reached the top of the category chain } } } $array[$i]['principlecat'] = $row->rgt - $row->lft - 1; $array[$i]['spacercount'] = count($right); $array[$i]['lastspacercount'] = $lastspacer; $array[$i]['spacerdiff'] = abs($lastspacer - count($right)); $array[$i]['auto_id'] = $row->category__auto_id; $array[$i]['name'] = $row->category_name; $array[$i]['safename'] = $row->category_safe_name; if (isset($row->category_color)) { $array[$i]['color'] = $row->category_color; } if (isset($row->category_parent)) { $array[$i]['parent'] = $row->category_parent; $array[$i]['parent_name'] = GetCatName($row->category_parent); $array[$i]['parent_subcat_count'] = GetSubCatCount($row->category_parent); } $array[$i]['subcat_count'] = GetSubCatCount($row->category__auto_id); $lastspacer = count($right); $i = $i + 1; $right[] = $row->rgt; } ///////end of for user set category $var_smarty->assign('start', 0); } else { $array = tree_to_array(0, table_categories); $var_smarty->assign('start', 1); } $var_smarty->assign('lastspacer', 0); $var_smarty->assign('cat_array', $array); // use the 'totals' table now $published_count = get_story_count('published'); $var_smarty->assign('published_count', $published_count); // $sql = "select *, count(*) as count from " . table_links . ", " . table_categories . " where category_lang='$dblang' and category_id=link_category group by link_category ORDER BY category_name ASC"; // $categorylist = object_2_array($db->get_results($sql)); // $var_smarty->assign('categorylist', $categorylist); $var_smarty->assign('category_url', getmyurl('maincategory')); } $var_smarty->cache = $_caching; // set cache back to original value $vars = ''; check_actions('do_sidebar', $vars); return $var_smarty; }
function do_submit1() { global $db, $main_smarty, $dblang, $the_template, $linkres, $current_user, $Story_Content_Tags_To_Allow; $linkres = new Link(); $main_smarty->assign('auto_vote', auto_vote); $main_smarty->assign('Submit_Show_URL_Input', Submit_Show_URL_Input); $main_smarty->assign('Submit_Require_A_URL', Submit_Require_A_URL); $main_smarty->assign('link_id', sanitize($_POST['id'], 3)); define('pagename', 'submit'); $main_smarty->assign('pagename', pagename); $linkres->store(); $linkres->id = sanitize($_POST['id'], 3); $thecat = get_cached_category_data('category_id', $linkres->category); $main_smarty->assign('request_category_name', $thecat->category_name); if (!isset($_POST['summarytext'])) { $linkres->link_summary = utf8_substr(sanitize($_POST['bodytext'], 4, $Story_Content_Tags_To_Allow), 0, StorySummary_ContentTruncate - 1); $linkres->link_summary = close_tags(str_replace("\n", "<br />", $linkres->link_summary)); } else { $linkres->link_summary = sanitize($_POST['summarytext'], 4, $Story_Content_Tags_To_Allow); $linkres->link_summary = close_tags(str_replace("\n", "<br />", $linkres->link_summary)); if (utf8_strlen($linkres->link_summary) > StorySummary_ContentTruncate) { loghack('SubmitAStory-SummaryGreaterThanLimit', 'username: '******'|email: ' . sanitize($_POST["email"], 3), true); $linkres->link_summary = utf8_substr($linkres->link_summary, 0, StorySummary_ContentTruncate - 1); $linkres->link_summary = close_tags(str_replace("\n", "<br />", $linkres->link_summary)); } } $sid = $_POST["sid"]; tags_insert_string($sid, $dblang, $linkres->tags); //$main_smarty->assign('the_story', $linkres->print_summary('full', true)); $main_smarty->assign('tags', $linkres->tags); if (!empty($linkres->tags)) { $tags_words = str_replace(",", ", ", $linkres->tags); $tags_url = urlencode($linkres->tags); $main_smarty->assign('tags_words', $tags_words); $main_smarty->assign('tags_url', $tags_url); } $main_smarty->assign('submit_url_title', $linkres->url_title); $main_smarty->assign('submit_id', $linkres->id); $main_smarty->assign('submit_title', str_replace('"', """, $link_title)); $main_smarty->assign('submit_content', $link_content); include mnminclude . 'redirector.php'; $x = new redirector($_SERVER['REQUEST_URI']); //$Sid=$_SESSION['newSid']; header("Location:" . my_base_url . my_pligg_base . "/story.php?title={$sid}"); $vars = ''; check_actions('do_submit2', $vars); $_SESSION['step'] = 2; $main_smarty->display($the_template . '/pligg.tpl'); }
} $get = array(); foreach ($_GET as $k => $v) { $get[$k] = stripslashes(htmlentities(strip_tags($v), ENT_QUOTES, 'UTF-8')); } $get['return'] = addslashes($get['return']); $main_smarty->assign('get', $get); } $_REQUEST['search'] = str_replace(array(':\\', ':\\', '|'), array('://', ':/', '/'), $_REQUEST['search']); #$_GET['search'] = $_REQUEST['search'] = sanitize(str_replace(array(':\\',':\\','|'),array('://',':/','/'),$_REQUEST['search']),2); if ($_REQUEST['search'] == '-') { $_GET['search'] = $_REQUEST['search'] = ''; } // module system hook $vars = ''; check_actions('search_top', $vars); $search = new Search(); if (isset($_REQUEST['from'])) { $search->newerthan = sanitize($_REQUEST['from'], 3); } if (preg_match('/^\\s*((http[s]?:\\/+)?(www\\.)?([\\w_\\-\\d]+\\.)+\\w{2,4}(\\/[\\w_\\-\\d\\.]+)*\\/?(\\?[^\\s]*)?)\\s*$/i', $_REQUEST['search'], $m)) { $_REQUEST['url'] = $m[1]; } else { $search->searchTerm = $db->escape(sanitize($_REQUEST['search']), 3); } if (!isset($_REQUEST['search'])) { $search->orderBy = "link_modified DESC"; } if (isset($_REQUEST['tag'])) { $search->searchTerm = sanitize($_REQUEST['search'], 3); $search->isTag = true;
function save_profile() { global $user, $current_user, $db; if (!isset($_POST['save_profile']) || !isset($_POST['process']) || $_POST['user_id'] != $current_user->user_id) { return; } if (!check_email(cleanit($_POST['email']))) { echo '<p class="form-error">' . _(PLIGG_Visual_Profile_BadEmail) . '</p>'; } else { $user->email = cleanit($_POST['email']); } $user->url = cleanit($_POST['url']); $user->public_email = cleanit($_POST['public_email']); $user->location = cleanit($_POST['location']); $user->occupation = cleanit($_POST['occupation']); $user->aim = cleanit($_POST['aim']); $user->msn = cleanit($_POST['msn']); $user->yahoo = cleanit($_POST['yahoo']); $user->gtalk = cleanit($_POST['gtalk']); $user->skype = cleanit($_POST['skype']); $user->irc = cleanit($_POST['irc']); $user->names = cleanit($_POST['names']); check_actions('profile_save'); $avatar_source = cleanit($_POST['avatarsource']); if ($avatar_source != "" && $avatar_source != "useruploaded") { loghack('Updating profile, avatar source is not one of the list options.', 'username: '******'|email: ' . $_POST["email"]); $avatar_source == ""; } $user->avatar_source = $avatar_source; if (!empty($_POST['password']) || !empty($_POST['password2'])) { $oldpass = $_POST['oldpassword']; $userX = $db->get_row("SELECT user_id, user_pass, user_login FROM " . table_users . " WHERE user_login = '******'"); $saltedpass = generateHash($oldpass, substr($userX->user_pass, 0, SALT_LENGTH)); if ($userX->user_pass == $saltedpass) { if ($_POST['password'] !== $_POST['password2']) { $msg = '<p align=center><span class=error>' . _(PLIGG_Visual_Profile_BadPass) . '</span></p>'; return $msg; } else { $user->pass = trim($_POST['password']); $msg = '<p align=center><span class=error>' . _(PLIGG_Visual_Profile_PassUpdated) . '</span></p>'; } } else { $msg = '<p align=center><span class=error>' . PLIGG_Visual_Profile_BadOldPass . '</span></p>'; return $msg; } } $user->store(); $user->read(); $current_user->Authenticate($user->username, $user->pass); if (!$msg) { $msg = '<p align=center><span class=error>' . _(PLIGG_Visual_Profile_DataUpdated) . '</span></p>'; } return $msg; }
<?php include_once 'Smarty.class.php'; $main_smarty = new Smarty(); include 'config.php'; include mnminclude . 'html1.php'; include mnminclude . 'link.php'; include mnminclude . 'group.php'; include mnminclude . 'smartyvariables.php'; include_once mnminclude . 'user.php'; global $current_user; // Reuqest user to login. if ($current_user->authenticated != TRUE) { $vars = ''; check_actions('anonymous_story_user_id', $vars); if ($vars['anonymous_story'] != true) { force_authentication(); } } $main_smarty->assign('tpl_center', $the_template . '/userDataset'); $main_smarty->display($the_template . '/pligg.tpl');
// Ricardo Galli <gallir at uib dot es>. // It's licensed under the AFFERO GENERAL PUBLIC LICENSE unless stated otherwise. // You can get copies of the licenses here: // http://www.affero.org/oagpl.html // AFFERO GENERAL PUBLIC LICENSE is also included in the file called "COPYING". include_once 'Smarty.class.php'; $main_smarty = new Smarty(); include 'config.php'; include mnminclude . 'html1.php'; include mnminclude . 'link.php'; include mnminclude . 'tags.php'; include mnminclude . 'search.php'; include mnminclude . 'smartyvariables.php'; // module system hook $vars = ''; check_actions('upcoming_top', $vars); // find the name of the current category if (isset($_REQUEST['category'])) { $thecat = get_cached_category_data('category_safe_name', sanitize($_REQUEST['category'], 1)); $main_smarty->assign('request_category_name', $thecat->category_name); $catID = $thecat->category_id; $thecat = $thecat->category_name; if (!$thecat) { header("Location: {$my_pligg_base}/404error.php"); // header("Location: 404error.php"); // $main_smarty->assign('tpl_center', '404error'); // $main_smarty->display($the_template . '/pligg.tpl'); die; } $main_smarty->assign('category', $thecat); }
define('pagename', 'admin_page'); $main_smarty->assign('pagename', pagename); // read the mysql database to get the pligg version $sql = "SELECT data FROM " . table_misc_data . " WHERE name = 'pligg_version'"; $pligg_version = $db->get_var($sql); $main_smarty->assign('version_number', $pligg_version); global $db; if (isset($_REQUEST['mode'])) { $mode = $_REQUEST['mode']; if (is_numeric($_REQUEST['link_id'])) { $link_id = $_REQUEST['link_id']; if ($mode == 'delete' && is_numeric($link_id)) { $db->query(" delete from " . table_links . " where link_id=" . $link_id); // module system hook $vars = array('link_id' => $link_id); check_actions('admin_story_delete', $vars); header("Location: " . my_pligg_base . "/admin/admin_page.php"); die; } } } $sql = " SELECT * from " . table_links . " where link_status='page'"; $page_id = $db->get_results($sql); if ($page_id) { foreach ($page_id as $page_results) { $page_title .= '<tr> <td> <a href="' . getmyurl("page", $page_results->link_title_url) . '" title="' . $page_results->link_title . '" target="_blank">' . $page_results->link_title . '</a> </td> <td style="text-align:center;"> <a href="' . $my_base_url . $my_pligg_base . '/admin/edit_page.php?link_id=' . $page_results->link_id . '"><img src="' . $my_base_url . $my_pligg_base . '/templates/admin/images/user_edit.gif" alt="' . $main_smarty->get_config_vars("PLIGG_Visual_AdminPanel_Page_Edit") . '" title="' . $main_smarty->get_config_vars("PLIGG_Visual_AdminPanel_Page_Edit") . '" /></a>
$results[$key]['status'] = $friend->get_friend_status($val['user_id']); } else { unset($results[$key]); } } $main_smarty->assign('userlist', $results); } $main_smarty->assign('search', $keyword); $main_smarty->assign('page_header', $user->username); $navwhere['text3'] = $main_smarty->get_config_vars('PLIGG_Visual_Search_SearchResults') . ' ' . $keyword; $main_smarty->assign('posttitle', $main_smarty->get_config_vars('PLIGG_Visual_Breadcrumb_Profile') . " " . $login . " - " . $main_smarty->get_config_vars('PLIGG_Visual_Search_SearchResults') . ' ' . $keyword); } $main_smarty->assign('navbar_where', $navwhere); // a hook $vars = ''; check_actions('user_post_views', $vars); // determine which user page to display global $db, $main_smarty, $view, $user, $rows, $page_size, $offset; $the_page = 'profile'; switch ($view) { case 'history': // Submitted do_history(); $main_smarty->assign('user_pagination', do_pages($rows, $page_size, $the_page, true)); break; case 'published': do_published(); $main_smarty->assign('user_pagination', do_pages($rows, $page_size, $the_page, true)); break; case 'shaken': do_shaken();
} elseif (str_ends_with($url['path'], '/page/1') || str_ends_with($url['path'], '/page/1/')) { header("HTTP/1.1 301 Moved Permanently"); header("Location: ../" . ($_SERVER['QUERY_STRING'] ? '?' . $_SERVER['QUERY_STRING'] : '')); exit; } include_once 'internal/Smarty.class.php'; $main_smarty = new Smarty(); include 'config.php'; include mnminclude . 'html1.php'; include mnminclude . 'link.php'; include mnminclude . 'tags.php'; include mnminclude . 'search.php'; include mnminclude . 'smartyvariables.php'; // module system hook $vars = ''; check_actions('index_top', $vars); // find the name of the current category if (isset($_REQUEST['category'])) { $thecat = get_cached_category_data('category_safe_name', sanitize($_REQUEST['category'], 1)); $main_smarty->assign('request_category_name', $thecat->category_name); $catID = $thecat->category_id; $thecat = $thecat->category_name; if (!$thecat) { header("Location: {$my_pligg_base}/error_404.php"); //$main_smarty->assign('tpl_center', 'error_404_center'); //$main_smarty->display($the_template . '/pligg.tpl'); die; } } // start a new search $search = new Search();
function save_profile() { global $user, $current_user, $db, $main_smarty, $CSRF, $canIhaveAccess, $language; if ($CSRF->check_valid(sanitize($_POST['token'], 3), 'profile_change')) { if (!isset($_POST['save_profile']) || !$_POST['process'] || !$canIhaveAccess && sanitize($_POST['user_id'], 3) != $current_user->user_id) { return; } if ($user->email != sanitize($_POST['email'], 3)) { if (!check_email(sanitize($_POST['email'], 3))) { $savemsg = $main_smarty->get_config_vars("PLIGG_Visual_Profile_BadEmail"); return $savemsg; } elseif (email_exists(trim(sanitize($_POST['email'], 3)))) { // if email already exists $savemsg = $main_smarty->get_config_vars("PLIGG_Visual_Register_Error_EmailExists"); return $savemsg; } else { if (pligg_validate()) { $encode = md5($_POST['email'] . $user->karma . $user->username . pligg_hash() . $main_smarty->get_config_vars('PLIGG_Visual_Name')); $domain = $main_smarty->get_config_vars('PLIGG_Visual_Name'); $validation = my_base_url . my_pligg_base . "/validation.php?code={$encode}&uid=" . urlencode($user->username) . "&email=" . urlencode($_POST['email']); $str = $main_smarty->get_config_vars('PLIGG_PassEmail_verification_message'); eval('$str = "' . str_replace('"', '\\"', $str) . '";'); $message = "{$str}"; if (phpnum() >= 5) { require "libs/class.phpmailer5.php"; } else { require "libs/class.phpmailer4.php"; } $mail = new PHPMailer(); $mail->From = $main_smarty->get_config_vars('PLIGG_PassEmail_From'); $mail->FromName = $main_smarty->get_config_vars('PLIGG_PassEmail_Name'); $mail->AddAddress($_POST['email']); $mail->AddReplyTo($main_smarty->get_config_vars('PLIGG_PassEmail_From')); $mail->IsHTML(false); $mail->Subject = $main_smarty->get_config_vars('PLIGG_PassEmail_Subject_verification'); $mail->Body = $message; $mail->CharSet = 'utf-8'; #print_r($mail); if (!$mail->Send()) { return false; } $savemsg = $main_smarty->get_config_vars("PLIGG_Visual_Register_Noemail") . ' ' . sprintf($main_smarty->get_config_vars("PLIGG_Visual_Register_ToDo"), $main_smarty->get_config_vars('PLIGG_PassEmail_From')); } else { $user->email = sanitize($_POST['email'], 2); } } } // User settings if (Allow_User_Change_Templates && file_exists("./templates/" . $_POST['template'] . "/header.tpl")) { $domain = $_SERVER['HTTP_HOST'] == 'localhost' ? '' : preg_replace('/^www/', '', $_SERVER['HTTP_HOST']); setcookie("template", $_POST['template'], time() + 60 * 60 * 24 * 30, '/', $domain); } $sqlGetiCategory = "SELECT category__auto_id from " . table_categories . " where category__auto_id!= 0;"; $sqlGetiCategoryQ = mysql_query($sqlGetiCategory); $arr = array(); while ($row = mysql_fetch_array($sqlGetiCategoryQ, MYSQL_NUM)) { $arr[] = $row[0]; } $select_check = $_POST['chack']; if (!$select_check) { $select_check = array(); } $diff = array_diff($arr, $select_check); $select_checked = $db->escape(implode(",", $diff)); $sql = "UPDATE " . table_users . " set user_categories='{$select_checked}' WHERE user_id = '{$user->id}'"; $query = mysql_query($sql); ///// // Santizie user input $user->url = sanitize($_POST['url'], 2); $user->public_email = sanitize($_POST['public_email'], 2); $user->location = sanitize($_POST['location'], 2); $user->occupation = sanitize($_POST['occupation'], 2); $user->facebook = sanitize($_POST['facebook'], 2); $user->twitter = sanitize($_POST['twitter'], 2); $user->linkedin = sanitize($_POST['linkedin'], 2); $user->googleplus = sanitize($_POST['googleplus'], 2); $user->skype = sanitize($_POST['skype'], 2); $user->pinterest = sanitize($_POST['pinterest'], 2); $user->names = sanitize($_POST['names'], 2); if (user_language) { $user->language = sanitize($_POST['language'], 2); } // Convert user input social URLs to username values $facebookUrl = $user->facebook; preg_match("/https?:\\/\\/(www\\.)?facebook\\.com\\/([^\\/]*)/", $facebookUrl, $matches); if ($matches) { $user->facebook = $matches[2]; } $twitterUrl = $user->twitter; preg_match("/https?:\\/\\/(www\\.)?twitter\\.com\\/(#!\\/)?@?([^\\/]*)/", $twitterUrl, $matches); if ($matches) { $user->twitter = $matches[3]; } $linkedinUrl = $user->linkedin; preg_match("/https?:\\/\\/(www\\.)?linkedin\\.com\\/in\\/([^\\/]*)/", $linkedinUrl, $matches); if ($matches) { $user->linkedin = $matches[2]; } $googleplusUrl = $user->googleplus; preg_match("/https?:\\/\\/plus\\.google\\.com\\/([^\\/]*)/", $googleplusUrl, $matches); if ($matches) { $user->googleplus = $matches[1]; } $pinterestUrl = $user->pinterest; preg_match("/https?:\\/\\/(www\\.)?pinterest\\.com\\/([^\\/]*)/", $pinterestUrl, $matches); if ($matches) { $user->pinterest = $matches[2]; } // module system hook $vars = ''; check_actions('profile_save', $vars); /* $avatar_source = sanitize($_POST['avatarsource'], 2); if($avatar_source != "" && $avatar_source != "useruploaded"){ loghack('Updating profile, avatar source is not one of the list options.', 'username: '******'|email: ' . sanitize($_POST["email"], 3)); $avatar_source == ""; } $user->avatar_source=$avatar_source; */ if ($user->level == "admin" || $user->level == "moderator") { if ($user->username != sanitize($_POST['user_login'], 3)) { $user_login = sanitize($_POST['user_login'], 2); if (preg_match('/\\pL/u', 'a')) { // Check if PCRE was compiled with UTF-8 support if (!preg_match('/^[_\\-\\d\\p{L}\\p{M}]+$/iu', $user_login)) { // if username contains invalid characters $savemsg = $main_smarty->get_config_vars('PLIGG_Visual_Register_Error_UserInvalid'); return $savemsg; } } else { if (!preg_match('/^[^~`@%&=\\/;:\\.,<>!"\\\'\\^\\.\\[\\]\\$\\(\\)\\|\\*\\+\\-\\?\\{\\}\\\\]+$/', $user_login)) { $savemsg = $main_smarty->get_config_vars('PLIGG_Visual_Register_Error_UserInvalid'); return $savemsg; } } if (user_exists(trim($user_login))) { $savemsg = $main_smarty->get_config_vars("PLIGG_Visual_Register_Error_UserExists"); $user->username = $user_login; return $savemsg; } else { $user->username = $user_login; $saved['username'] = 1; } } } if (!empty($_POST['newpassword']) || !empty($_POST['newpassword2'])) { $oldpass = sanitize($_POST['oldpassword'], 2); $userX = $db->get_row("SELECT user_id, user_pass, user_login FROM " . table_users . " WHERE user_login = '******'"); $saltedpass = generateHash($oldpass, substr($userX->user_pass, 0, SALT_LENGTH)); if ($userX->user_pass == $saltedpass) { if (sanitize($_POST['newpassword'], 3) !== sanitize($_POST['newpassword2'], 3)) { $savemsg = $main_smarty->get_config_vars("PLIGG_Visual_Profile_BadPass"); return $savemsg; } else { $saltedpass = generateHash(sanitize($_POST['newpassword'], 3)); $user->pass = $saltedpass; $saved['pass'] = 1; } } else { $savemsg = $main_smarty->get_config_vars("PLIGG_Visual_Profile_BadOldPass"); return $savemsg; } } $user->store(); $user->read(); if ($saved['pass'] == 1 || $saved['username'] == 1) { $current_user->Authenticate($user->username, $user->pass, false, $user->pass); } else { $current_user->Authenticate($user->username, $user->pass); $saved['profile'] = 1; } return $saved; } else { return 'There was a token error.'; } }
header('Location: ' . $my_pligg_base . '/' . $redirectUrl); } } if (isset($_REQUEST['comment_id'])) { global $db; $comment_id = $_REQUEST['comment_id']; if (!is_numeric($comment_id)) { die; } $link_id = $db->get_var("SELECT comment_link_id FROM `" . table_comments . "` WHERE `comment_id` = {$comment_id}"); $vars = array('comment_id' => $comment_id); check_actions('comment_deleted', $vars); $db->query('DELETE FROM `' . table_comments . '` WHERE `comment_id` = "' . $comment_id . '"'); $comments = $db->get_results($sql = "SELECT comment_id FROM " . table_comments . " WHERE `comment_parent` = '{$comment_id}'"); foreach ($comments as $comment) { $vars = array('comment_id' => $comment->comment_id); check_actions('comment_deleted', $vars); } $db->query('DELETE FROM `' . table_comments . '` WHERE `comment_parent` = "' . $comment_id . '"'); $link = new Link(); $link->id = $link_id; $link->read(); $link->recalc_comments(); $link->store(); $link = ''; if ($_SERVER['HTTP_REFERER'] && strpos($_SERVER['HTTP_REFERER'], $my_base_url . $my_pligg_base) === 0) { header('Location: ' . $_SERVER['HTTP_REFERER']); } else { header('Location: ' . $my_base_url . $my_pligg_base); } }
if (pligg_validate() && $user->user_lastlogin == "0000-00-00 00:00:00") { $errorMsg = $main_smarty->get_config_vars('PLIGG_Visual_Resend_Email') . "<form method='post'>\r\n\t\t\t\t\t\t<div class='input-append notvalidated'>\r\n\t\t\t\t\t\t\t<input type='text' class='col-md-2' name='email'> \r\n\t\t\t\t\t\t\t<input type='submit' class='btn btn-default' value='Send'>\r\n\t\t\t\t\t\t\t<input type='hidden' name='processlogin' value='5'/>\r\n\t\t\t\t\t\t</div>\r\n\t\t\t\t\t</form>"; } else { $errorMsg = $main_smarty->get_config_vars('PLIGG_Visual_Login_Error'); } } else { $sql = "DELETE FROM " . table_login_attempts . " WHERE login_ip='{$lastip}' "; $db->query($sql); if (strlen(sanitize($_POST['return'], 3)) > 1) { $return = sanitize($_POST['return'], 3); } else { $return = my_pligg_base . '/'; } define('logindetails', $username . ";" . $password . ";" . $return); $vars = ''; check_actions('login_success_pre_redirect', $vars); if (strpos($_SERVER['SERVER_SOFTWARE'], "IIS") && strpos(php_sapi_name(), "cgi") >= 0) { echo '<SCRIPT LANGUAGE="JavaScript">window.location="' . $return . '";</script>'; echo $main_smarty->get_config_vars('PLIGG_Visual_IIS_Logged_In') . '<a href = "' . $return . '">' . $main_smarty->get_config_vars('PLIGG_Visual_IIS_Continue') . '</a>'; } else { header('Location: ' . $return); } die; } } } if ($_POST["processlogin"] == 3) { // if user requests forgotten password $email = sanitize($db->escape(trim($_POST['email'])), 4); if (check_email($email)) { $user = $db->get_row("SELECT * FROM `" . table_users . "` where `user_email` = '" . $email . "' AND user_level!='Spammer'");
function evaluate_formulas() { global $db; $res = $db->get_results("select * from " . table_formulas . " where type = 'report' and enabled = 1;"); if (!$res) { return; } foreach ($res as $formula) { $reports = $this->count_all_votes("< 0"); $votes = $this->count_all_votes("> 0"); $from = $this->date; $now = time(); $diff = $now - $from; $hours = $diff / 3600; $hours_since_submit = intval($hours * 100) / 100; $evalthis = 'if (' . $formula->formula . '){return "1";}else{return "0";}'; if (eval($evalthis) == 1 && $this->status != 'spam') { totals_adjust_count($this->status, -1); totals_adjust_count('discard', 1); $this->status = 'discard'; $this->store_basic(); $vars = array('link_id' => $this->id); check_actions('story_discard', $vars); } } }
function do_submit3() { global $db; $linkres = new Link(); $linkres->id = sanitize($_POST['id'], 3); if (!is_numeric($linkres->id)) { die; } if (!Submit_Complete_Step2 && $_SESSION['step'] != 2) { die('Wrong step'); } $linkres->read(); totals_adjust_count($linkres->status, -1); totals_adjust_count('queued', 1); $linkres->status = 'queued'; $vars = array('linkres' => &$linkres); check_actions('do_submit3', $vars); if ($vars['linkres']->status == 'discard') { $vars = array('link_id' => $linkres->id); check_actions('story_discard', $vars); } elseif ($vars['linkres']->status == 'spam') { $vars = array('link_id' => $linkres->id); check_actions('story_spam', $vars); } $linkres->store_basic(); $linkres->check_should_publish(); if (isset($_POST['trackback']) && sanitize($_POST['trackback'], 3) != '') { require_once mnminclude . 'trackback.php'; $trackres = new Trackback(); $trackres->url = sanitize($_POST['trackback'], 3); $trackres->link = $linkres->id; $trackres->title = $linkres->title; $trackres->author = $linkres->author; $trackres->content = $linkres->content; $res = $trackres->send(); } $vars = array('linkres' => $linkres); check_actions('submit_pre_redirect', $vars); if ($vars['redirect']) { header('Location: ' . $vars['redirect']); } elseif ($linkres->link_group_id == 0) { header("Location: " . getmyurl('upcoming')); } else { $redirect = getmyurl("group_story", $linkres->link_group_id); header("Location: {$redirect}"); } die; }