<?php
//operations
$submit_success = '';
//insert comments
if (isset($_REQUEST['com_name']) && isset($_REQUEST['com_description'])) {
if ($settings['guestbook_allow_comments'] == 'Y') {
$error->check_name(check_if_null($_REQUEST['com_name']), true);
$error->check_description(check_if_null($_REQUEST['com_description']), $settings['guestbook_max_comment_description'], 5, true);
if ($settings['guestbook_use_antispam'] !== 'N' && $_SESSION['captcha'] !== openld_hash($_REQUEST['captcha'])) {
$error->set_warning('captcha_warning', 'Wrong captcha inserted');
}
if ($settings['guestbook_links_within_comments'] == 'N' && strstr($_REQUEST['com_description'], 'http://') == true || strstr($_REQUEST['com_description'], 'https://') == true) {
$error->set_warning('description_warning', 'Links is not allowed within comments');
}
if ($error->transform_error()) {
$sql = array('INSERT' => ($settings['guestbook_use_comment_titles'] == 'Y' ? 'title, ' : '') . 'description,
name,
ip', 'INTO' => 'guestbook_comments', 'VALUES' => ($settings['guestbook_use_comment_titles'] == 'Y' ? '"' . $_REQUEST['com_title'] . '", ' : '') . '"' . $db->escape($_REQUEST['com_description']) . '", "' . $db->escape($_REQUEST['com_name']) . '", "' . $db->escape($_SERVER['REMOTE_ADDR']) . '"');
$db->query_build($sql) or error(__FILE__, __LINE__);
$submit_success = 'Comment was added' . ($settings['guestbook_display_unaccepted_comments'] == 'N' ? ' and is waiting for approval' : '');
}
} else {
error('Comments are not allowed at the moment');
}
}
//insert rating
if (isset($_REQUEST['rate']) && isset($_REQUEST['score'])) {
//check if the voter is unique
$query = array('SELECT' => 'ip', 'FROM' => 'guestbook_votes', 'WHERE' => 'comment_id=' . $_REQUEST['rate'] . ' AND ip="' . $db->escape($_SERVER['REMOTE_ADDR']) . '"');
$ip_sql = $db->query_build($query) or error(__FILE__, __LINE__);
OpenLD is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
************************************************************************/
define('OPENLD_ROOT', './');
require OPENLD_ROOT . "header.php";
($hook = get_hook('suggest_category_before_input_check')) ? eval($hook) : null;
if (!empty($_POST)) {
$id = isset($_POST['id']) && is_numeric($_POST['id']) ? $_POST['id'] : 0;
$_POST = openld_trim_array($_POST);
$error->check_category_title($_POST['title'] = check_if_null($_POST['title']), check_if_null($id));
$error->check_category_description($_POST['description'] = check_if_null($_POST['description']));
//and print to sql
$if_active_by_default = 0;
($hook = get_hook('suggest_category_input_control')) ? eval($hook) : null;
if ($error->transform_error()) {
$query = array('INSERT' => 'title, description, active, father_id, created', 'INTO' => 'categories', 'VALUES' => '"' . $db->escape($_POST['title']) . '", "' . $db->escape($_POST['description']) . '", ' . $if_active_by_default . ', ' . intval($id) . ', NOW()');
($hook = get_hook('suggest_sql')) ? eval($hook) : null;
$db->query_build($query) or error("Writing suggest category information to database was impossible", __FILE__, __LINE__);
}
}
$page = "suggest_category.php";
($hook = get_hook('suggest_category_before_page')) ? eval($hook) : null;
require "footer.php";
function add_a_category($category_id)
{
global $db, $error;
//$error->check_category_title($_REQUEST['category_title'] = check_if_null($_REQUEST['category_title']), check_if_null($category_id));
//Admin should not be forced to enter a description
//$error->check_category_description(check_if_null($_REQUEST['category_description']));
$error->check_category_id(check_if_null($category_id));
($hook = get_hook('admin_functions_add_a_category_check')) ? eval($hook) : null;
if ($error->transform_error()) {
$query = array('INSERT' => 'title, description, active, father_id, created', 'INTO' => 'categories', 'VALUES' => '"' . $db->escape($_REQUEST['category_title']) . '", "' . $db->escape($_REQUEST['category_description']) . '",1, ' . intval($category_id) . ', NOW()');
($hook = get_hook('admin_functions_add_a_category_before_sql')) ? eval($hook) : null;
$db->query_build($query) or error(__FILE__, __LINE__);
($hook = get_hook('admin_functions_add_a_category_after_sql')) ? eval($hook) : null;
} else {
($hook = get_hook('admin_functions_add_a_category_before_return')) ? eval($hook) : null;
$_REQUEST['add_cat'] = $category_id;
($hook = get_hook('admin_functions_add_a_category_after_return')) ? eval($hook) : null;
}
}
$_POST['display_unaccepted_links'] = isset($_POST['display_unaccepted_links']) ? 'Y' : 'N';
$_POST['open_links_in_new_windows'] = isset($_POST['open_links_in_new_windows']) ? 'Y' : 'N';
// Make sure that base_url doesn't end with a slash
$_POST['domain_name_or_path'] = remove_last_slash($_POST['domain_name_or_path']);
$error->check_email($_POST['admin_email'] = check_if_null($_POST['admin_email']));
//$error->check_admin_title(check_if_null($_POST['admin_title']));
//Admin should not be forced to enter a description
//$error->check_admin_description(check_if_null($_POST['site_description']));
$error->check_site_path(check_if_null($_POST['domain_name_or_path']));
$error->check_language_preference(check_if_null($_POST['language']));
$error->check_links_sorted_by(check_if_null($_POST['links_sorted_by']));
$error->check_column_number(check_if_null($_POST['number_of_columns']));
$error->check_links_per_page(check_if_null($_POST['links_per_page']));
$error->numeric_control('search_volume_warning', check_if_null($_POST['number_of_search_results_per_page']), SEARCH_OPTION_WARNING);
$error->check_maximum_vs_minimum_link_description(check_if_null($_POST['admin_max_description__link']), check_if_null($_POST['admin_min_description__link']));
$error->check_maximum_vs_minimum_category_description(check_if_null($_POST['admin_max_description_category']), check_if_null($_POST['admin_min_description_category']));
($hook = get_hook('admin_options_check')) ? eval($hook) : null;
// now.. print out the SQL
if ($error->transform_error()) {
($hook = get_hook('admin_options_before_insert_sql')) ? eval($hook) : null;
if ($_POST['rewrite_scheme'] !== 'off') {
//we need the $dot_htaccess of the selected seflayer, which will later be inserted.
require OPENLD_ROOT . 'include/seflayer/' . $_POST['rewrite_scheme'] . '.php';
($hook = get_hook('admin_options_rewrite')) ? eval($hook) : null;
$fh = @fopen(OPENLD_ROOT . '.htaccess', 'wb');
if (!$fh) {
error("Couldn't edit .htaccess.. check permissions in the root directory");
}
fwrite($fh, $dot_htaccess);
fclose($fh);
} elseif ($_POST['rewrite_scheme'] == 'off' && file_exists(OPENLD_ROOT . '.htaccess')) {
<div class="openld-block openld-form">
<h2><span><?php
echo ECF_CONTACT_LABEL;
?>
</span></h2>
<div class="openld-content">
<?php
if (!empty($_POST)) {
$email_value = check_if_null($_POST['email']);
$subject_value = check_if_null($_POST['subject']);
$message_value = check_if_null($_POST['message']);
$error->check_email($email_value);
$error->check_title($subject_value, 255, 1, true);
$error->check_description($message_value, 1024, 5, true);
//captcha check
if ($_SESSION['captcha'] !== openld_hash($_POST['captcha'])) {
$error->set_warning('captcha_warning', WRONG_CAPTCHA);
}
if ($error->transform_error()) {
mail($settings['email'], $subject_value, $message_value, "From: " . $email_value);
echo ECF_MAIL_SENT_TO_ADMIN;
} else {
?>
<form action="index.php?display=contact" accept-charset="utf-8" method="post"><div class="panel">
<table>
<tr>
<td width="100px"><?php
echo ECF_CONTACT_MAIL_FIELD;
?>
</td>
<td>
OpenLD is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
************************************************************************/
define('OPENLD_ROOT', './');
require OPENLD_ROOT . 'admin_header.php';
($hook = get_hook('admin_bans_before_input_check')) ? eval($hook) : null;
//handle input..
if (isset($_POST['add_ban'])) {
$error->check_new_ip_ban(check_if_null($_POST['ban_ip']));
($hook = get_hook('admin_bans_add_ban_check')) ? eval($hook) : null;
if ($error->transform_error()) {
$query = array('INSERT' => 'ip', 'INTO' => 'ip_bans', 'VALUES' => '"' . $db->escape($_POST['ban_ip']) . '"');
($hook = get_hook('admin_bans_add_ban_before_sql')) ? eval($hook) : null;
$db->query_build($query) or error(__FILE__, __LINE__);
generate_bans_cache();
}
} elseif (isset($_POST['remove_ban']) && isset($_POST['unban'])) {
$error->numeric_control('remove_ban_error', $_POST['unban'], YOU_MUST_SELECT_AN_IP);
($hook = get_hook('admin_bans_remove_ban_check')) ? eval($hook) : null;
if ($error->transform_error()) {
$query = array('DELETE' => 'ip_bans', 'WHERE' => 'id=' . intval($_POST['unban']));
($hook = get_hook('admin_bans_remove_ban_before_sql')) ? eval($hook) : null;
$db->query_build($query) or error(print_r($query), __FILE__, __LINE__);
generate_bans_cache();
($hook = get_hook('admin_words_add_word_after_sql')) ? eval($hook) : null;
}
} elseif (isset($_POST['remove_word'])) {
$error->check_censor_word_id(check_if_null($_POST['id']));
($hook = get_hook('admin_words_remove_word_check')) ? eval($hook) : null;
if ($error->transform_error()) {
$query = array('DELETE' => 'illegal_words', 'WHERE' => 'id=' . intval($_POST['id']));
($hook = get_hook('admin_words_remove_sql')) ? eval($hook) : null;
$db->query_build($query) or error("Couldn't delete a row", __FILE__, __LINE__);
($hook = get_hook('admin_words_remove_word_after_sql')) ? eval($hook) : null;
}
} elseif (isset($_POST['update'])) {
$error->check_censor_word_id(check_if_null($_POST['id']));
$error->null_control('censor_word_warning', check_if_null($_POST['edit_censored_word']), EDIT_CENSORED_NOT_FOUND);
$_POST['edit_replace_word'] = isset($_POST['edit_replace_word']) ? $_POST['edit_replace_word'] : '';
$error->update_old_censor_word(check_if_null($_POST['edit_censored_word']), check_if_null($_POST['id']));
$_POST['if_total_ban'] = isset($_POST['if_total_ban']) ? 'T' : 'N';
($hook = get_hook('admin_words_update_word_check')) ? eval($hook) : null;
if ($error->transform_error()) {
$query = array('UPDATE' => 'illegal_words', 'SET' => 'spam_word="' . $db->escape($_POST['edit_censored_word']) . '", replace_word="' . $db->escape($_POST['edit_replace_word']) . '", ban_type="' . $db->escape($_POST['if_total_ban']) . '"', 'WHERE' => 'id=' . intval($_POST['id']));
($hook = get_hook('admin_words_update_sql')) ? eval($hook) : null;
$db->query_build($query) or error("Couldn't update a row", __FILE__, __LINE__);
($hook = get_hook('admin_words_update_word_after_sql')) ? eval($hook) : null;
}
}
}
($hook = get_hook('admin_words_after_input_check')) ? eval($hook) : null;
//get all censored words
$query = array('SELECT' => 'spam_word, id, replace_word, ban_type', 'FROM' => 'illegal_words');
($hook = get_hook('admin_words_sql')) ? eval($hook) : null;
$result = $db->query_build($query) or error("Could not select spam_word in illegal_words", __FILE__, __LINE__);
$_POST['admin_username'] = openld_trim($_POST['admin_username']);
$_POST['admin_password'] = openld_trim($_POST['admin_password']);
$_POST['admin_email'] = strtolower(openld_trim($_POST['admin_email']));
$_POST['site_title'] = openld_trim($_POST['site_title']);
$_POST['site_description'] = openld_trim($_POST['site_description']);
$error->check_new_username_vs_password(check_if_null($_POST['admin_username']), check_if_null($_POST['admin_password']));
$error->check_email(check_if_null($_POST['admin_email']), false);
//$error->check_admin_title(check_if_null($_POST['site_title']));
//$error->check_admin_description(check_if_null($_POST['site_description']));
$error->check_site_path(check_if_null($_POST['site_domain']));
$error->string_control('ext_error', check_if_null($_POST['db_extension']), EXTENSION_ERROR);
$error->string_control('host_error', check_if_null($_POST['db_host']), HOST_ERROR);
$error->string_control('name_error', check_if_null($_POST['db_name']), NAME_ERROR);
$error->string_control('username_error', check_if_null($_POST['db_username']), USERNAME_ERROR);
$error->string_control('password_error', check_if_null($_POST['db_password']), PASSWORD_ERROR);
$error->string_control('prefix_error', check_if_null($_POST['db_prefix']), PREFIX_ERROR);
switch ($_POST['db_extension']) {
case 'mysqli':
case 'mysqli_innodb':
if (!function_exists('mysqli_connect')) {
$error->set_warning('ext_error', NO_VALID_DB_SELECTED);
}
break;
case 'mysql':
case 'mysql_innodb':
if (!function_exists('mysql_connect')) {
$error->set_warning('ext_error', NO_VALID_DB_SELECTED);
}
break;
case 'sqlite':
if (!function_exists('sqlite_open')) {
function check_new_ip_ban($ban_ip)
{
global $db;
$this->check_ip(check_if_null($ban_ip));
$query = array('SELECT' => 'ip', 'FROM' => 'ip_bans', 'WHERE' => 'ip="' . $db->escape($ban_ip) . '"');
$ip_insert_control = $db->query_build($query) or error(__FILE__, __LINE__);
if ($db->num_rows($ip_insert_control) > 0) {
$this->set_warning('ip_warning', IP_ALLREADY_BANNED);
}
}
if (!empty($_POST) && (isset($_POST['title']) || isset($_POST['url']))) {
$_GET['cat_id'] = isset($_REQUEST['cat_id']) && is_numeric($_REQUEST['cat_id']) ? $_REQUEST['cat_id'] : 0;
$_POST = openld_trim_array($_POST);
$_REQUEST = openld_trim_array($_REQUEST);
$_POST['url'] = remove_last_slash($_POST['url']);
if ($settings['reciprocal_links_option'] == 'Y' && $_POST['linktype'] == 'reciprocal') {
$error->check_linktype(check_if_null($_POST['linktype']), $_POST['reciprocal_url'] = check_if_null($_POST['reciprocal_url']), check_if_null($_POST['url']));
} else {
$error->check_linktype(check_if_null($_POST['linktype']), null, check_if_null($_POST['url']));
}
$error->check_link_email($_POST['email'] = check_if_null($_POST['email']));
$error->check_name($_POST['name'] = check_if_null($_POST['name']));
$error->check_link_title($_POST['title'] = check_if_null($_POST['title']));
$error->check_link_description($_POST['description'] = check_if_null($_POST['description']));
$error->check_link_url($_POST['url'] = check_if_null($_POST['url']));
$error->check_link_category_id(check_if_null($_POST['cat_id']));
$if_reciprocal_column_name = $settings['reciprocal_links_option'] == 'Y' && $_POST['linktype'] == 'reciprocal' ? ', reciprocal_url' : '';
//goes into the DB.. no lang variable
$if_reciprocal_column_value = $settings['reciprocal_links_option'] == 'Y' && $_POST['linktype'] == 'reciprocal' ? ', ' . "'" . $db->escape($_POST['reciprocal_url']) . "'" : '';
//goes into the DB.. no lang variable
//and print to sql
$if_active_by_default = 0;
($hook = get_hook('submit_input_control')) ? eval($hook) : null;
if ($error->transform_error()) {
switch ($_POST['linktype']) {
case 'regular':
if ($settings['regular_links_option'] == 'Y') {
$_POST['linktype'] = 'a';
} else {
error("Regular links not supported");
}
