/**
* Returns permissions for a page category.
* @param string $cat Category code
* @return array Permissions array with keys: 'auth_read', 'auth_write', 'isadmin', 'auth_download'
* @todo Реализуй меня
*/
function cot_advboard_auth($cat = null)
{
if (empty($cat)) {
$cat = 'any';
}
$auth = array();
list($auth['auth_read'], $auth['auth_write'], $auth['isadmin'], $auth['auth_download']) = cot_auth('advboard', $cat, 'RWA1');
return $auth;
}
public function indexAction()
{
global $structure;
if (!cot_module_active('rss')) {
cot_die_message(404, TRUE);
}
$c = cot_import('c', 'G', 'TXT');
if (!empty($c)) {
if (!isset($structure['advboard'][$c])) {
cot_die_message(404, TRUE);
}
list(cot::$usr['auth_read'], cot::$usr['auth_write'], cot::$usr['isadmin']) = cot_auth('advboard', $c);
cot_block(cot::$usr['auth_read']);
}
$rss_title = cot::$L['advboard_rss_feed'] . cot::$cfg['maintitle'];
$rss_link = cot::$cfg['mainurl'];
$rss_description = cot::$cfg['subtitle'];
$domain = cot::$sys['domain'];
$condition = array(array('state', advboard_model_Advert::PUBLISHED), array('begin', cot::$sys['now'], '<='), array('SQL', "expire = 0 OR expire > " . cot::$sys['now']));
if (!empty($c)) {
$rss_title = cot::$L['advboard_rss_feed'] . $structure['advboard'][$c]['title'] . ' - ' . cot::$cfg['maintitle'];
$condition[] = array('category', $c);
}
$advertisement = advboard_model_Advert::find($condition, cot::$cfg['rss']['rss_maxitems'], 0, array(array('sort', 'desc')));
$t = new XTemplate(cot_tplfile('rss'));
$now = cot::$sys['now'];
$now += cot::$usr['timezone'] * 3600;
$t->assign(array('RSS_ENCODING' => cot::$cfg['rss']['rss_charset'], 'RSS_TITLE' => htmlspecialchars($rss_title), 'RSS_LINK' => $rss_link, 'RSS_LANG' => cot::$cfg['defaultlang'], 'RSS_DESCRIPTION' => htmlspecialchars($rss_description), 'RSS_DATE' => $this->fixPubDate(date("r", $now))));
if (!empty($advertisement)) {
foreach ($advertisement as $advert) {
$url = $advert->url;
if (!cot_url_check($url)) {
$url = COT_ABSOLUTE_URL . $url;
}
$date = '';
if (!empty($advert->created)) {
$date = strtotime($advert->created);
$date += cot::$usr['timezone'] * 3600;
$date = date('r', $date);
$date = $this->fixPubDate($date);
}
$text = $advert->text;
$textlength = intval(cot::$cfg['rss']['rss_pagemaxsymbols']);
if ($textlength > 0 && mb_strlen($text) > $textlength) {
$text = cot_string_truncate($text, $textlength, true, false, cot::$R['advboard_cuttext']);
}
$t->assign(array('RSS_ROW_TITLE' => htmlspecialchars($advert->title), 'RSS_ROW_DESCRIPTION' => $this->convertRelativeUrls($text), 'RSS_ROW_DATE' => $date, 'RSS_ROW_LINK' => $url));
$t->parse('MAIN.ITEM_ROW');
}
}
$t->parse('MAIN');
// ob_clean();
header('Content-type: text/xml; charset=UTF-8');
echo $t->text('MAIN');
exit;
}
/**
* Generates a link to PFS
*
* @global array $L
* @global array $cfg
* @global array $usr
* @global array $cot_groups
* @param int $id User ID
* @param string $c1 Form name
* @param string $c2 Input name
* @param string $title Link title
* @param string $parser Custom parser (otional)
* @return string
*/
function cot_build_pfs($id, $c1, $c2, $title, $parser = '')
{
global $L, $cfg, $usr, $cot_groups;
if ($id == 0) {
$res = "<a href=\"javascript:pfs('0','" . $c1 . "','" . $c2 . "','" . $parser . "')\">" . $title . "</a>";
} elseif (cot_auth('pfs', 'a', 'R')) {
$res = "<a href=\"javascript:pfs('" . $id . "','" . $c1 . "','" . $c2 . "','" . $parser . "')\">" . $title . "</a>";
} else {
$res = '';
}
return $res;
}
function cot_generate_sbrtags($item_data, $tag_prefix = '', $admin_rights = null, $pagepath_home = false)
{
global $db, $cot_extrafields, $cfg, $L, $Ls, $R, $db_sbr, $db_sbr_stages, $sys;
static $extp_first = null, $extp_main = null;
if (is_null($extp_first)) {
$extp_first = cot_getextplugins('sbrtags.first');
$extp_main = cot_getextplugins('sbrtags.main');
}
/* === Hook === */
foreach ($extp_first as $pl) {
include $pl;
}
/* ===== */
if (!is_array($item_data)) {
$sql = $db->query("SELECT * FROM {$db_sbr} WHERE sbr_id = '" . (int) $item_data . "' LIMIT 1");
$item_data = $sql->fetch();
}
if ($item_data['sbr_id'] > 0 && !empty($item_data['sbr_title'])) {
if (is_null($admin_rights)) {
$admin_rights = cot_auth('plug', 'sbr', 'A');
}
$patharray[] = array(cot_url('sbr'), $L['sbr']);
$patharray[] = array(cot_url('sbr', 'id=' . $item_data['sbr_id']), $item_data['sbr_title']);
$itempath = cot_breadcrumbs($patharray, $pagepath_home, true);
$temp_array = array('ID' => $item_data['sbr_id'], 'STATUS' => $item_data['sbr_status'], 'LOCALSTATUS' => $L['sbr_status_' . $item_data['sbr_status']], 'LABELSTATUS' => $R['sbr_labels'][$item_data['sbr_status']], 'URL' => cot_url('sbr', 'id=' . $item_data['sbr_id']), 'TITLE' => $itempath, 'SHORTTITLE' => $item_data['sbr_title'], 'CREATEDATE' => date('d.m.Y H:i', $item_data['sbr_create']), 'CREATEDATE_STAMP' => $item_data['sbr_create'], 'BEGINDATE' => date('d.m.Y H:i', $item_data['sbr_begin']), 'BEGINDATE_STAMP' => $item_data['sbr_begin'], 'DONEDATE' => date('d.m.Y H:i', $item_data['sbr_done']), 'DONEDATE_STAMP' => $item_data['sbr_done'], 'COST' => $item_data['sbr_cost'], 'TAX' => $item_data['sbr_tax'], 'TOTAL' => $item_data['sbr_cost'] + $item_data['sbr_tax'], 'USER_IS_ADMIN' => $admin_rights || $usr['id'] == $item_data['item_userid']);
if ($admin_rights || $usr['id'] == $item_data['sbr_employer']) {
$temp_array['ADMIN_EDIT'] = cot_rc_link(cot_url('sbr', 'm=edit&id=' . $item_data['sbr_id']), $L['Edit']);
$temp_array['ADMIN_EDIT_URL'] = cot_url('sbr', 'm=edit&id=' . $item_data['sbr_id']);
}
// Extrafields
if (isset($cot_extrafields[$db_sbr])) {
foreach ($cot_extrafields[$db_sbr] as $exfld) {
$tag = mb_strtoupper($exfld['field_name']);
$temp_array[$tag . '_TITLE'] = isset($L['sbr_' . $exfld['field_name'] . '_title']) ? $L['sbr_' . $exfld['field_name'] . '_title'] : $exfld['field_description'];
$temp_array[$tag] = cot_build_extrafields_data('sbr', $exfld, $item_data['item_' . $exfld['field_name']]);
}
}
/* === Hook === */
foreach ($extp_main as $pl) {
include $pl;
}
/* ===== */
} else {
$temp_array = array('TITLE' => !empty($emptytitle) ? $emptytitle : $L['Deleted'], 'SHORTTITLE' => !empty($emptytitle) ? $emptytitle : $L['Deleted']);
}
$return_array = array();
foreach ($temp_array as $key => $val) {
$return_array[$tag_prefix . $key] = $val;
}
return $return_array;
}
function karma_gadget($user_id, $user_karma, $location, $location_id, $module = false)
{
global $usr, $cfg, $karma_cache, $color;
$color = explode(",", $cfg['plugin']['karma']['karma_color']);
if (!$karma_cache[$user_id]) {
$negative = !$cfg['plugin']['karma']['neg_rec'] && $usr['profile']['user_karma'] < 0 ? false : true;
$k_add = cot_auth('plug', 'karma', 'W') && $usr['id'] > 0 && $location != 'self' ? true : "";
$karmat = new XTemplate(cot_tplfile(array('karma', 'gadget'), true));
$module = urlencode($module);
$karmat->assign(array("PAGE_KARMA_D" => number_format($user_karma, '1', '.', ' '), "PAGE_KARMA_ADD" => $user_id != $usr['id'] && $k_add ? cot_url('plug', 'r=karma&act=change&lct=' . $location . '&value=add&fp=' . $location_id . '&mod=' . $module) : false, "PAGE_KARMA_DEL" => $user_id != $usr['id'] && $negative && $k_add ? cot_url('plug', 'r=karma&act=change&lct=' . $location . '&value=del&fp=' . $location_id . '&mod=' . $module) : false, "PAGE_KARMA_URL" => $k_add || $location == 'self' ? cot_url('plug', 'r=karma&act=show&fp=' . $user_id) : false, "PAGE_KARMA_MINI" => $cfg['plugin']['karma']['karma_com'] ? '' : 'karma_mini'));
$karmat->parse('MAIN');
$karma_cache[$user_id] = $karmat->text('MAIN');
}
return $karma_cache[$user_id];
}
function cot_ukarma_checkenablescore($userid, $area = '', $code = '')
{
global $db, $cfg, $sys, $usr, $db_ukarma;
if (cot_auth('plug', 'ukarma', 'W')) {
if ($usr['id'] == $userid) {
return false;
}
if (!cot_auth('plug', 'ukarma', 'A') && $cfg['plugin']['ukarma']['karma_rate'] > 0 && cot_ukarma($usr['id'], '', '', true) < $cfg['plugin']['ukarma']['karma_rate']) {
return false;
}
$where['ukarma_ownerid'] = "ukarma_ownerid=" . $usr['id'];
$where['ukarma_userid'] = "ukarma_userid=" . $userid;
if (!empty($area)) {
$where['ukarma_area'] = "ukarma_area='" . $area . "'";
}
if (!empty($code)) {
$where['ukarma_code'] = "ukarma_code='" . $code . "'";
}
$where = $where ? 'WHERE ' . implode(' AND ', $where) : '';
$score_isset = (bool) $db->query("SELECT ukarma_id FROM {$db_ukarma} {$where}")->fetch();
$score_enabled = !$score_isset ? true : false;
if ($cfg['plugin']['ukarma']['karma_daylimit'] > 0 && !cot_auth('plug', 'ukarma', 'A')) {
$lastdate = $sys['now'] - 24 * 60 * 60;
$score_count = $db->query("SELECT COUNT(*) FROM {$db_ukarma} WHERE ukarma_ownerid=" . $usr['id'] . " AND ukarma_date >" . $lastdate)->fetchColumn();
if ($score_count >= $cfg['plugin']['ukarma']['karma_daylimit']) {
$score_enabled = false;
}
}
if ($cfg['plugin']['ukarma']['karma_personaldaylimit'] > 0 && !cot_auth('plug', 'ukarma', 'A')) {
$lastdate = $sys['now'] - 24 * 60 * 60;
$score_count = $db->query("SELECT COUNT(*) FROM {$db_ukarma} WHERE ukarma_ownerid=" . $usr['id'] . " AND ukarma_userid=" . $userid . " AND ukarma_date >" . $lastdate)->fetchColumn();
if ($score_count >= $cfg['plugin']['ukarma']['karma_personaldaylimit']) {
$score_enabled = false;
}
}
return $score_enabled;
}
}
<?php
/* ====================
[BEGIN_COT_EXT]
Hooks=search.page.catlist
[END_COT_EXT]
==================== */
/**
* Search in system cat. Adds `system` to form field
*
* @package search_system
* @author Andrey Matsovkin
* @copyright Copyright (c) 2011-2016
* @license Distributed under BSD license.
*/
defined('COT_CODE') or die('Wrong URL.');
$cat = 'system';
if (cot_auth('page', $cat, 'R')) {
$x = $structure['page'][$cat];
$pages_cat_list[$cat] = $x['tpath'];
$pag_catauth[] = $db->prep($cat);
}
<?php
/**
* [BEGIN_COT_EXT]
* Hooks=market.add.tags
* [END_COT_EXT]
*/
/**
* plugin tagslance for Cotonti Siena
*
* @package tagslance
* @version 1.0.0
* @author CMSWorks Team
* @copyright Copyright (c) CMSWorks.ru, littledev.ru
* @license BSD
* */
defined('COT_CODE') or die('Wrong URL.');
if ($cfg['plugin']['tagslance']['market'] && cot_auth('plug', 'tags', 'W')) {
require_once cot_incfile('tags', 'plug');
$t->assign(array('PRDADD_TOP_TAGS' => $L['Tags'], 'PRDADD_TOP_TAGS_HINT' => $L['tags_comma_separated'], 'PRDADD_FORM_TAGS' => cot_rc('tags_input_editpage', array('tags' => ''))));
if (cot_get_caller() == 'i18n.market') {
$t->assign(array('I18N_PRD_TAGS' => implode(', ', cot_tag_list($id)), 'I18N_IPRD_TAGS' => cot_rc('tags_input_editpage', array('tags' => ''))));
}
$t->parse('MAIN.TAGS');
}
* @package projects
* @version 2.5.2
* @author CMSWorks Team
* @copyright Copyright (c) CMSWorks.ru, littledev.ru
* @license BSD
*/
defined('COT_CODE') or die('Wrong URL');
$id = cot_import('id', 'G', 'INT');
$r = cot_import('r', 'G', 'ALP');
list($usr['auth_read'], $usr['auth_write'], $usr['isadmin']) = cot_auth('projects', 'any', 'RWA');
cot_block($usr['auth_write']);
$item = $db->query("SELECT p.*, u.* FROM {$db_projects} AS p LEFT JOIN {$db_users} AS u ON u.user_id=p.item_userid WHERE item_id=" . (int) $id)->fetch();
if ($item['item_id'] != (int) $id) {
cot_die_message(404, TRUE);
}
list($usr['auth_read'], $usr['auth_write'], $usr['isadmin']) = cot_auth('projects', $item['item_cat']);
cot_block($usr['isadmin'] || $usr['auth_write'] && $usr['id'] == $item['item_userid']);
/* === Hook === */
foreach (cot_getextplugins('projects.preview.first') as $pl) {
include $pl;
}
/* ===== */
if ($a == 'save') {
cot_check_xg();
/* === Hook === */
foreach (cot_getextplugins('projects.preview.save.first') as $pl) {
include $pl;
}
/* ===== */
$prj = array();
if ($cfg['projects']['prevalidate'] && !$usr['isadmin']) {
$q = cot_import('q', 'G', 'INT');
// topic id
$p = cot_import('p', 'G', 'INT');
// post id
list($pg, $d, $durl) = cot_import_pagenav('d', $cfg['forums']['maxpostsperpage']);
/* === Hook === */
foreach (cot_getextplugins('forums.editpost.first') as $pl) {
include $pl;
}
/* ===== */
cot_blockguests();
cot_check_xg();
isset($structure['forums'][$s]) || cot_die();
$sql_forums = $db->query("SELECT * FROM {$db_forum_posts} WHERE fp_id = ? and fp_topicid = ? and fp_cat = ?", array($p, $q, $s));
if ($rowpost = $sql_forums->fetch()) {
list($usr['auth_read'], $usr['auth_write'], $usr['isadmin']) = cot_auth('forums', $s);
/* === Hook === */
foreach (cot_getextplugins('forums.editpost.rights') as $pl) {
include $pl;
}
/* ===== */
if (!$usr['isadmin'] && ($rowpost['fp_posterid'] != $usr['id'] || $cfg['forums']['edittimeout'] != '0' && $sys['now'] - $rowpost['fp_creation'] > $cfg['forums']['edittimeout'] * 3600)) {
cot_log('Attempt to edit a post without rights', 'sec');
cot_die();
}
cot_block($usr['auth_read']);
} else {
cot_die();
}
$is_first_post = $p == $db->query("SELECT fp_id FROM {$db_forum_posts} WHERE fp_topicid = ? ORDER BY fp_id ASC LIMIT 1", array($q))->fetchColumn();
$sql_forums = $db->query("SELECT ft_state, ft_mode, ft_title, ft_desc FROM {$db_forum_topics} WHERE ft_id = {$q} LIMIT 1");
$rs['pagsub'][] = 'all';
}
/* === Hook === */
foreach (cot_getextplugins('search.page.catlist') as $pl) {
include $pl;
}
/* ===== */
$t->assign(array('PLUGIN_PAGE_SEC_LIST' => cot_selectbox($rs['pagsub'], 'rs[pagsub][]', array_keys($pages_cat_list), array_values($pages_cat_list), false, 'multiple="multiple" style="width:50%"'), 'PLUGIN_PAGE_RES_SORT' => cot_selectbox($rs['pagsort'], 'rs[pagsort]', array('date', 'title', 'count', 'cat'), array($L['plu_pag_res_sort1'], $L['plu_pag_res_sort2'], $L['plu_pag_res_sort3'], $L['plu_pag_res_sort4']), false), 'PLUGIN_PAGE_RES_SORT_WAY' => cot_radiobox($rs['pagsort2'], 'rs[pagsort2]', array('DESC', 'ASC'), array($L['plu_sort_desc'], $L['plu_sort_asc'])), 'PLUGIN_PAGE_SEARCH_NAMES' => cot_checkbox($rs['pagtitle'] == 1 || count($rs['pagsub']) == 0, 'rs[pagtitle]', $L['plu_pag_search_names']), 'PLUGIN_PAGE_SEARCH_DESC' => cot_checkbox($rs['pagdesc'] == 1 || count($rs['pagsub']) == 0, 'rs[pagdesc]', $L['plu_pag_search_desc']), 'PLUGIN_PAGE_SEARCH_TEXT' => cot_checkbox($rs['pagtext'] == 1 || count($rs['pagsub']) == 0, 'rs[pagtext]', $L['plu_pag_search_text']), 'PLUGIN_PAGE_SEARCH_SUBCAT' => cot_checkbox($rs['pagsubcat'], 'rs[pagsubcat]', $L['plu_pag_set_subsec']), 'PLUGIN_PAGE_SEARCH_FILE' => cot_checkbox($rs['pagfile'] == 1, 'rs[pagfile]', $L['plu_pag_search_file'])));
if ($tab == 'pag' || empty($tab) && $cfg['plugin']['search']['extrafilters']) {
$t->parse('MAIN.PAGES_OPTIONS');
}
}
if (($tab == 'frm' || empty($tab)) && cot_module_active('forums') && $cfg['plugin']['search']['forumsearch']) {
$forum_cat_list['all'] = $L['plu_allsections'];
foreach ($structure['forums'] as $key => $val) {
if (cot_auth('forums', $key, 'R')) {
$forum_cat_list[$key] = $val['tpath'];
$frm_catauth[] = $db->prep($key);
}
}
if ($rs['frmsub'][0] == 'all' || !$rs['frmsub']) {
$rs['frmsub'] = array();
$rs['frmsub'][] = 'all';
}
$t->assign(array('PLUGIN_FORUM_SEC_LIST' => cot_selectbox($rs['frmsub'], 'rs[frmsub][]', array_keys($forum_cat_list), array_values($forum_cat_list), false, 'multiple="multiple" style="width:50%"'), 'PLUGIN_FORUM_RES_SORT' => cot_selectbox($rs['frmsort'], 'rs[frmsort]', array('updated', 'creationdate', 'title', 'postcount', 'viewcount', 'sectionid'), array($L['plu_frm_res_sort1'], $L['plu_frm_res_sort2'], $L['plu_frm_res_sort3'], $L['plu_frm_res_sort4'], $L['plu_frm_res_sort5'], $L['plu_frm_res_sort6']), false), 'PLUGIN_FORUM_RES_SORT_WAY' => cot_radiobox($rs['frmsort2'], 'rs[frmsort2]', array('DESC', 'ASC'), array($L['plu_sort_desc'], $L['plu_sort_asc'])), 'PLUGIN_FORUM_SEARCH_NAMES' => cot_checkbox($rs['frmtitle'] == 1 || count($rs['frmsub']) == 0, 'rs[frmtitle]', $L['plu_frm_search_names']), 'PLUGIN_FORUM_SEARCH_POST' => cot_checkbox($rs['frmtext'] == 1 || count($rs['frmsub']) == 0, 'rs[frmtext]', $L['plu_frm_search_post']), 'PLUGIN_FORUM_SEARCH_ANSW' => cot_checkbox($rs['frmreply'] == 1 || count($rs['frmsub']) == 0, 'rs[frmreply]', $L['plu_frm_search_answ']), 'PLUGIN_FORUM_SEARCH_SUBCAT' => cot_checkbox($rs['frmsubcat'], 'rs[frmsubcat]', $L['plu_frm_set_subsec'])));
if ($tab == 'frm' || empty($tab) && $cfg['plugin']['search']['extrafilters']) {
$t->parse('MAIN.FORUMS_OPTIONS');
}
}
if (!empty($sq)) {
$words = explode(' ', preg_replace("'\\s+'", " ", $sq));
<?php
/**
* Payments module
*
* @package payments
* @version 1.1.2
* @author CMSWorks Team
* @copyright Copyright (c) CMSWorks.ru
* @license BSD
*/
defined('COT_CODE') or die('Wrong URL.');
list($usr['auth_read'], $usr['auth_write'], $usr['isadmin']) = cot_auth('payments', 'any', 'RWA');
cot_block($usr['auth_write']);
require_once cot_incfile('forms');
$n = cot_import('n', 'G', 'ALP');
$pid = cot_import('pid', 'G', 'INT');
$rsumm = cot_import('rsumm', 'G', 'NUM');
if (empty($n)) {
$n = 'history';
}
$t = new XTemplate(cot_tplfile('payments.balance', 'module'));
$t->assign(array('BALANCE_SUMM' => cot_payments_getuserbalance($usr['id']), 'BALANCE_BILLING_URL' => cot_url('payments', 'm=balance&n=billing'), 'BALANCE_HISTORY_URL' => cot_url('payments', 'm=balance&n=history'), 'BALANCE_PAYOUT_URL' => cot_url('payments', 'm=balance&n=payouts'), 'BALANCE_TRANSFER_URL' => cot_url('payments', 'm=balance&n=transfer')));
if ($n == 'billing') {
$pid = cot_import('pid', 'G', 'INT');
if ($a == 'buy') {
$summ = cot_import('summ', 'P', 'NUM');
cot_check(empty($summ), 'payments_balance_billing_error_emptysumm');
cot_check(!empty($summ) && $summ < 0, 'payments_balance_billing_error_wrongsumm');
if (!cot_error_found()) {
$options['desc'] = $L['payments_balance_billing_desc'];
$t->parse('MAIN.BEFORE_AJAX');
$t->parse('MAIN.AFTER_AJAX');
}
cot_display_messages($t);
$title[] = array(cot_url('pm'), $L['Private_Messages']);
$title[] = !$id ? $L['pmsend_title'] : $L['Edit'] . ' #' . $id;
$url_newpm = cot_url('pm', 'm=send');
$url_inbox = cot_url('pm');
$url_sentbox = cot_url('pm', 'f=sentbox');
if (COT_AJAX) {
// Attach rich text editors to AJAX loaded page
$rc_tmp = $out['footer_rc'];
$out['footer_rc'] = '';
if (is_array($cot_plugins['editor'])) {
foreach ($cot_plugins['editor'] as $k) {
if ($k['pl_code'] == $editor && cot_auth('plug', $k['pl_code'], 'R')) {
include $cfg['plugins_dir'] . '/' . $k['pl_file'];
break;
}
}
}
$text_editor_code = $out['footer_rc'];
$out['footer_rc'] = $rc_tmp;
}
$t->assign(array('PMSEND_TITLE' => cot_breadcrumbs($title, $cfg['homebreadcrumb']), 'PMSEND_SENDNEWPM' => $usr['auth_write'] ? cot_rc_link($url_newpm, $L['pm_sendnew'], array('class' => $cfg['pm']['turnajax'] ? 'ajax' : '')) : '', 'PMSEND_SENDNEWPM_URL' => $usr['auth_write'] ? $url_newpm : '', 'PMSEND_INBOX' => cot_rc_link($url_inbox, $L['pm_inbox'], array('class' => $cfg['pm']['turnajax'] ? 'ajax' : '')), 'PMSEND_INBOX_URL' => $url_inbox, 'PMSEND_INBOX_COUNT' => $totalinbox, 'PMSEND_SENTBOX' => cot_rc_link($url_sentbox, $L['pm_sentbox'], array('class' => $cfg['pm']['turnajax'] ? 'ajax' : '')), 'PMSEND_SENTBOX_URL' => $url_sentbox, 'PMSEND_SENTBOX_COUNT' => $totalsentbox, 'PMSEND_FORM_SEND' => cot_url('pm', 'm=send&a=send' . $idurl), 'PMSEND_FORM_TITLE' => cot_inputbox('text', 'newpmtitle', htmlspecialchars($newpmtitle), 'size="56" maxlength="255"'), 'PMSEND_FORM_TEXT' => cot_textarea('newpmtext', $newpmtext, 8, 56, '', 'input_textarea_editor') . $text_editor_code, 'PMSEND_FORM_TOUSER' => cot_textarea('newpmrecipient', $touser, 3, 56, 'class="userinput"'), 'PMSEND_FORM_NOT_TO_SENTBOX' => cot_checkbox(false, 'fromstate', cot::$L['pm_notmovetosentbox'], '', '3')));
/* === Hook === */
foreach (cot_getextplugins('pm.send.tags') as $pl) {
include $pl;
}
/* ===== */
if (!$id) {
$id = cot_import('id', 'G', 'INT');
$c = cot_import('c', 'G', 'TXT');
list($usr['auth_read'], $usr['auth_write'], $usr['isadmin']) = cot_auth('market', 'any', 'RWA');
/* === Hook === */
foreach (cot_getextplugins('market.edit.first') as $pl) {
include $pl;
}
/* ===== */
cot_block($usr['auth_read']);
if (!$id || $id < 0) {
cot_die_message(404);
}
$sql = $db->query("SELECT * FROM {$db_market} WHERE item_id='{$id}' LIMIT 1");
cot_die($sql->rowCount() == 0);
$item = $sql->fetch();
list($usr['auth_read'], $usr['auth_write'], $usr['isadmin']) = cot_auth('market', $item['item_cat']);
cot_block($usr['isadmin'] || $usr['auth_write'] && $usr['id'] == $item['item_userid']);
$sys['parser'] = $item['item_parser'];
$parser_list = cot_get_parsers();
if ($a == 'update') {
/* === Hook === */
foreach (cot_getextplugins('market.edit.update.first') as $pl) {
include $pl;
}
/* ===== */
cot_block($usr['isadmin'] || $usr['auth_write'] && $usr['id'] == $item['item_userid']);
$ritem = cot_market_import('POST', $item, $usr);
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
$rdelete = cot_import('rdelete', 'P', 'BOL');
} else {
$rdelete = cot_import('delete', 'G', 'BOL');
/**
* Generates ratings display for a given item
*
* @param string $ext_name Module or plugin code
* @param string $code Item identifier
* @param string $cat Item category code (optional)
* @param bool $readonly Display as read-only
* @return array Rendered HTML output for ratings and average integer value as an array with 2 elements
* @global CotDB $db
*/
function cot_ratings_display($ext_name, $code, $cat = '', $readonly = false)
{
global $db, $db_ratings, $db_rated, $db_users, $cfg, $usr, $sys, $L, $R;
// Check permissions
list($auth_read, $auth_write, $auth_admin) = cot_auth('plug', 'ratings');
$enabled = cot_ratings_enabled($ext_name, $cat, $code);
if (!$auth_read || !$enabled && !$auth_admin) {
return array('', 0);
}
// Get current rating value
$sql = $db->query("SELECT r.*, (SELECT COUNT(*) FROM {$db_rated} WHERE rated_area = ? AND rated_code = ?) AS `cnt` FROM {$db_ratings} AS r\n\t\tWHERE rating_area = ? AND rating_code = ? LIMIT 1", array($ext_name, $code, $ext_name, $code));
if ($row = $sql->fetch()) {
$rating_average = $row['rating_average'];
$item_has_rating = true;
if ($rating_average < 1) {
$rating_average = 1;
} elseif ($rating_average > 10) {
$rating_average = 10;
}
$rating_cntround = round($rating_average, 0);
$rating_raters_count = $row['cnt'];
} else {
$item_has_rating = false;
$rating_average = 0;
$rating_cntround = 0;
$rating_raters_count = 0;
}
// Render read-only image
$rating_fancy = cot_rc('icon_rating_stars', array('val' => $rating_cntround));
if (!$auth_write || $readonly) {
return array($rating_fancy, $rating_cntround, $rating_raters_count);
}
// Check if the user has voted already for this item
$already_voted = false;
if ($usr['id'] > 0) {
$sql1 = $db->query("SELECT rated_value FROM {$db_rated}\n\t\t\tWHERE rated_area = ? AND rated_code = ? AND rated_userid = ?", array($ext_name, $code, $usr['id']));
if ($rated_value = $sql1->fetchColumn()) {
$already_voted = true;
$rating_uservote = $L['rat_alreadyvoted'] . ' (' . $rated_value . ')';
}
}
if ($already_voted && !$cfg['plugin']['ratings']['ratings_allowchange']) {
return array($rating_fancy, $rating_cntround, $rating_raters_count);
}
$t = new XTemplate(cot_tplfile('ratings', 'plug'));
/* == Hook for the plugins == */
foreach (cot_getextplugins('ratings.main') as $pl) {
include $pl;
}
/* ===== */
// Get some extra information about votes
if ($item_has_rating) {
$sql = $db->query("SELECT COUNT(*) FROM {$db_rated}\n\t\t\tWHERE rated_area = ? AND rated_code = ?", array($ext_name, $code));
$rating_voters = $sql->fetchColumn();
$rating_since = $L['rat_since'] . ' ' . cot_date('datetime_medium', $row['rating_creationdate']);
$rating_since_stamp = $row['rating_creationdate'];
$rating_averageimg = cot_rc('icon_rating_stars', array('val' => $rating_cntround));
} else {
$rating_voters = 0;
$rating_since = '';
$rating_since_stamp = '';
$rating_averageimg = '';
}
// Assign tags
$t->assign(array('RATINGS_CODE' => $code, 'RATINGS_AVERAGE' => round($rating_average), 'RATINGS_AVERAGEIMG' => $rating_averageimg, 'RATINGS_VOTERS' => $rating_voters, 'RATINGS_SINCE' => $rating_since, 'RATINGS_SINCE_STAMP' => $rating_since_stamp, 'RATINGS_FANCYIMG' => $rating_fancy, 'RATINGS_USERVOTE' => $rating_uservote));
/* == Hook for the plugins == */
foreach (cot_getextplugins('ratings.tags') as $pl) {
include $pl;
}
/* ===== */
// Render voting form
$vote_block = $auth_write && (!$already_voted || $cfg['plugin']['ratings']['ratings_allowchange']) ? 'NOTVOTED.' : 'VOTED.';
for ($i = 1; $i <= 10; $i++) {
$checked = $i <= $rating_cntround ? 'checked="checked"' : '';
$t->assign(array('RATINGS_ROW_VALUE' => $i, 'RATINGS_ROW_TITLE' => $L['rat_choice' . $i], 'RATINGS_ROW_CHECKED' => $checked));
$t->parse('RATINGS.' . $vote_block . 'RATINGS_ROW');
}
if ($vote_block == 'NOTVOTED.') {
// 'r=ratings&area=' . $ext_name . '&code=' . $code.'&inr=send'
$t->assign('RATINGS_FORM_SEND', cot_url('plug', array('r' => 'ratings', 'inr' => 'send', 'area' => $ext_name, 'code' => $code, 'cat' => $cat)));
$t->parse('RATINGS.NOTVOTED');
} else {
$t->parse('RATINGS.VOTED');
}
// Parse and return
$t->parse('RATINGS');
$res = $t->text('RATINGS');
return array($res, round($rating_cntround), $rating_raters_count);
}
/**
* [BEGIN_COT_EXT]
* Hooks=ajax
* [END_COT_EXT]
*/
/**
* Reviews plugin
*
* @package reviews
* @version 2.0.0
* @author CMSWorks Team
* @copyright Copyright (c) CMSWorks.ru, littledev.ru
* @license BSD
*/
defined('COT_CODE') && defined('COT_PLUG') or die('Wrong URL');
list($usr['auth_read'], $usr['auth_write'], $usr['isadmin']) = cot_auth('plug', 'reviews', 'RWA');
$touser = cot_import('touser', 'G', 'INT');
$itemid = cot_import('itemid', 'G', 'INT');
$area = cot_import('area', 'G', 'TXT');
$code = cot_import('code', 'P', 'TXT');
$redirect = cot_import('redirect', 'G', 'TXT');
$area = empty($area) ? 'users' : $area;
if ($cfg['pligin']['reviews']['checkprojects'] && cot_module_active('projects') && $usr['id'] > 0 && $touser > 0 && $usr['id'] != $touser && $usr['auth_write']) {
require_once cot_incfile('projects', 'module');
global $db_projects_offers, $db_projects;
$bothprj = $db->query("SELECT COUNT(*) FROM {$db_projects_offers} AS o\n\t\tLEFT JOIN {$db_projects} AS p ON p.item_id=o.offer_pid\n\t\tWHERE (p.item_userid = '" . $touser . "' AND o.offer_userid='" . $usr['id'] . "' OR p.item_userid = '" . $usr['id'] . "' AND o.offer_userid='" . $touser . "') AND o.offer_choise='performer'")->fetchColumn();
$usr['auth_write'] = (int) $bothprj == 0 ? false : $usr['auth_write'];
}
cot_block($usr['auth_write']);
if ($a == 'add') {
cot_shield_protect();
<?php
/**
* Stage info of sbr.
*
* @package sbr
* @version 1.0.0
* @author CMSWorks Team
* @copyright Copyright (c) CMSWorks.ru
* @license BSD
*/
defined('COT_CODE') or die('Wrong URL');
require_once cot_incfile('forms');
list($usr['auth_read'], $usr['auth_write'], $usr['isadmin']) = cot_auth('plug', 'sbr');
/* === Hook === */
foreach (cot_getextplugins('sbr.stage.first') as $pl) {
include $pl;
}
/* ===== */
if (!empty($num)) {
$sql = $db->query("SELECT * FROM {$db_sbr_stages} WHERE stage_sid=" . $id . " AND stage_num=" . $num . " LIMIT 1");
$stage = $sql->fetch();
}
$t->assign(array('STAGE_NUM' => $stage['stage_num'], 'STAGE_ID' => $stage['stage_id'], 'STAGE_TITLE' => $stage['stage_title'], 'STAGE_TEXT' => $stage['stage_text'], 'STAGE_COST' => $stage['stage_cost'], 'STAGE_DAYS' => $stage['stage_days'], 'STAGE_STATUS' => $stage['stage_status'], 'STAGE_BEGIN' => $stage['stage_begin'], 'STAGE_DONE' => $stage['stage_done'], 'STAGE_EXPIRE' => $stage['stage_expire'], 'STAGE_EXPIREDATE' => $stage['stage_begin'] + $stage['stage_days'] * 24 * 60 * 60, 'STAGE_EXPIREDAYS' => cot_build_timegap($sys['now'], $stage['stage_begin'] + $stage['stage_days'] * 24 * 60 * 60), 'STAGE_DONE_URL' => cot_url('sbr', 'id=' . $id . '&num=' . $stage['stage_num'] . '&action=done'), 'STAGE_CLAIM_URL' => cot_url('sbr', 'id=' . $id . '&num=' . $stage['stage_num'] . '&action=claim'), 'STAGE_DECISION_URL' => cot_url('sbr', 'id=' . $id . '&num=' . $stage['stage_num'] . '&action=decision')));
$stagefiles = $db->query("SELECT * FROM {$db_sbr_files} WHERE file_sid=" . $id . " AND file_area='stage' AND file_code='" . $stage['stage_num'] . "' ORDER BY file_id ASC")->fetchAll();
if (count($stagefiles) > 0) {
foreach ($stagefiles as $file) {
$t->assign(array('FILE_ROW_ID' => $file['file_id'], 'FILE_ROW_URL' => $file['file_url'], 'FILE_ROW_TITLE' => $file['file_title'], 'FILE_ROW_EXT' => $file['file_ext'], 'FILE_ROW_SIZE' => $file['file_size']));
$t->parse('MAIN.SBR.STAGE.FILES.FILE_ROW');
}
$t->parse('MAIN.SBR.STAGE.FILES');
/**
* [BEGIN_COT_EXT]
* Hooks=projects.edit.update.done
* [END_COT_EXT]
*/
/**
* plugin tagslance for Cotonti Siena
*
* @package tagslance
* @version 1.0.0
* @author CMSWorks Team
* @copyright Copyright (c) CMSWorks.ru, littledev.ru
* @license BSD
* */
defined('COT_CODE') or die('Wrong URL.');
if ($cfg['plugin']['tagslance']['projects'] && cot_auth('plug', 'tags', 'W')) {
require_once cot_incfile('tags', 'plug');
// I18n
if (cot_get_caller() == 'i18n.projects') {
global $i18n_locale;
$tags_extra = array('tag_locale' => $i18n_locale);
} else {
$tags_extra = null;
}
$rtags = cot_import('rtags', 'P', 'TXT');
$tags = cot_tag_parse($rtags);
$old_tags = cot_tag_list($id, 'projects', $tags_extra);
$kept_tags = array();
$new_tags = array();
// Find new tags, count old tags that have been left
$cnt = 0;
/**
* Select market cat for search from
*
* @global array $structure
* @param type $check
* @param type $name
* @param type $subcat
* @param type $hideprivate
* @param type $is_module
* @return type
*/
function cot_market_selectcat($check, $name, $subcat = '', $hideprivate = true)
{
global $structure;
$structure['market'] = is_array($structure['market']) ? $structure['market'] : array();
$result_array = array();
foreach ($structure['market'] as $i => $x) {
$display = $hideprivate ? cot_auth('market', $i, 'R') : true;
if (!empty($subcat) && isset($structure['market'][$subcat])) {
$mtch = $structure['market'][$subcat]['path'] . ".";
$mtchlen = mb_strlen($mtch);
$display = mb_substr($x['path'], 0, $mtchlen) == $mtch || $i === $subcat;
}
if ((!$is_module || cot_auth('market', $i, 'R')) && $i != 'all' && $display) {
$result_array[$i] = $x['tpath'];
}
}
$result = cot_selectbox($check, $name, array_keys($result_array), array_values($result_array), true);
return $result;
}
unset($cot_cfg);
/* === Hook === */
foreach (cot_getextplugins('input') as $pl) {
include $pl;
}
/* ======================== */
/* ======== Maintenance mode ======== */
if ($cfg['maintenance'] && !defined('COT_INSTALL')) {
$sqll = $db->query("SELECT grp_maintenance FROM {$db_groups} WHERE grp_id='" . $usr['maingrp'] . "' ");
$roow = $sqll->fetch();
if (!$roow['grp_maintenance'] && !defined('COT_AUTH')) {
cot_redirect(cot_url('login'));
}
}
/* ======== Anti-hammering =========*/
if ($cfg['shieldenabled'] && ($usr['id'] == 0 || !cot_auth('admin', 'a', 'A') || $cfg['shield_force'])) {
$shield_limit = $_SESSION['online_shield'];
$shield_action = $_SESSION['online_action'];
$shield_hammer = cot_shield_hammer($_SESSION['online_hammer'], $shield_action, $_SESSION['online_lastseen']);
$sys['online_hammer'] = $shield_hammer;
$_SESSION['online_lastseen'] = (int) $sys['now'];
}
/* ======== Zone variables ======== */
$m = cot_import('m', 'G', 'ALP', 24);
$n = cot_import('n', 'G', 'ALP', 24);
$a = cot_import('a', 'G', 'ALP', 24);
$b = cot_import('b', 'G', 'ALP', 24);
/* ======== Language ======== */
require_once cot_langfile('main', 'core');
require_once cot_langfile('users', 'core');
if (defined('COT_ADMIN')) {
}
if ($cfg['projects']['notif_admin_moderate']) {
$nbody = cot_rc($L['project_notif_admin_moderate_mail_body'], array('user_name' => $usr['profile']['user_name'], 'prj_name' => $ritem['item_title'], 'sitename' => $cfg['maintitle'], 'link' => COT_ABSOLUTE_URL . $r_url));
cot_mail($cfg['adminemail'], $L['project_notif_admin_moderate_mail_subj'], $nbody);
}
break;
}
cot_redirect($r_url);
exit;
} else {
cot_redirect(cot_url('projects', 'm=add&c=' . $c . '&type=' . $type, '', true));
}
}
if (empty($ritem['item_cat']) && !empty($c)) {
$ritem['item_cat'] = $c;
$usr['isadmin'] = cot_auth('projects', $ritem['item_cat'], 'A');
}
if (empty($ritem['item_type']) && !empty($type)) {
$ritem['item_type'] = $type;
}
$out['subtitle'] = $L['projects_add_project_title'];
$out['head'] .= $R['code_noindex'];
$sys['sublocation'] = $structure['projects'][$c]['title'];
$mskin = cot_tplfile(array('projects', 'add', $structure['projects'][$ritem['item_cat']]['tpl']));
/* === Hook === */
foreach (cot_getextplugins('projects.add.main') as $pl) {
include $pl;
}
/* ===== */
$t = new XTemplate($mskin);
// Error and message handling
<?php
/* ====================
[BEGIN_COT_EXT]
* Hooks=standalone
[END_COT_EXT]
==================== */
defined('COT_CODE') && defined('COT_PLUG') or die('Wrong URL');
require_once cot_incfile('paytop', 'plug');
$pt_cfg = cot_cfg_paytop();
if (empty($m)) {
$area = cot_import('area', 'G', 'ALP');
if (empty($pt_cfg[$area]) || empty($pt_cfg[$area]['cost'])) {
cot_block();
}
list($auth_read, $auth_write, $auth_admin) = cot_auth('plug', 'paytop');
cot_block($auth_write);
if ($a == 'buy') {
if (!cot_error_found()) {
$options['desc'] = $L['paytop_buytop_paydesc'] . ' (' . $pt_cfg[$area]['name'] . ')';
$options['time'] = !empty($pt_cfg[$area]['period']) ? $pt_cfg[$area]['period'] : 2592000;
if ($db->fieldExists($db_payments, "pay_redirect")) {
$options['redirect'] = $cfg['mainurl'] . '/' . cot_url('payments', 'm=balance', '', true);
}
cot_payments_create_order('paytop.' . $area, $pt_cfg[$area]['cost'], $options);
}
}
$t = new XTemplate(cot_tplfile(array('paytop', $area), 'plug'));
cot_display_messages($t);
$t->assign(array('TOP_FORM_ACTION' => cot_url('plug', 'e=paytop&a=buy&area=' . $area), 'TOP_FORM_COST' => $pt_cfg[$area]['cost'], 'TOP_FORM_AREA_NAME' => $pt_cfg[$area]['name']));
} elseif ($m == 'my') {
$al = $db->prep(cot_import('al', 'G', 'TXT'));
$c = cot_import('c', 'G', 'TXT');
/* === Hook === */
foreach (cot_getextplugins('folio.first') as $pl) {
include $pl;
}
/* ===== */
if ($id > 0 || !empty($al)) {
$where = !empty($al) ? "item_alias='" . $al . "'" : 'item_id=' . $id;
$sql = $db->query("SELECT f.*, u.* FROM {$db_folio} AS f \n\t\tLEFT JOIN {$db_users} AS u ON u.user_id=f.item_userid WHERE {$where} LIMIT 1");
}
if (!$id && empty($al) || !$sql || $sql->rowCount() == 0) {
cot_die_message(404, TRUE);
}
$item = $sql->fetch();
list($usr['auth_read'], $usr['auth_write'], $usr['isadmin']) = cot_auth('folio', $item['item_cat'], 'RWA');
cot_block($usr['auth_read']);
if ($item['item_state'] != 0 && !$usr['isadmin'] && $usr['id'] != $item['item_userid']) {
cot_log("Attempt to directly access an un-validated", 'sec');
cot_redirect(cot_url('message', "msg=930", '', true));
exit;
}
if ($usr['id'] != $item['item_userid'] && (!$usr['isadmin'] || $cfg['folio']['count_admin'])) {
$item['item_count']++;
$db->update($db_folio, array('item_count' => $item['item_count']), "item_id=" . (int) $item['item_id']);
}
$title_params = array('TITLE' => empty($item['item_metatitle']) ? $item['item_title'] : $item['item_metatitle'], 'CATEGORY' => $structure['folio'][$item['item_cat']]['title']);
$out['subtitle'] = cot_title($cfg['folio']['title_folio'], $title_params);
$out['desc'] = !empty($item['item_metadesc']) ? $item['item_metadesc'] : cot_cutstring(strip_tags(cot_parse($item['item_text'], $cfg['folio']['markup'], $item['item_parser'])), 160);
$out['meta_keywords'] = !empty($item['item_keywords']) ? $item['item_keywords'] : $structure['folio'][$item['item_cat']]['keywords'];
// Building the canonical URL
/* ====================
[BEGIN_COT_EXT]
Hooks=header.main
[END_COT_EXT]
==================== */
/**
* Ads board module for Cotonti Siena
*
* @package Advboard
* @author Kalnov Alexey <*****@*****.**>
* @copyright (c) 2015 Portal30 Studio http://portal30.ru
*/
defined('COT_CODE') or die('Wrong URL');
if (!defined('COT_ADMIN') && cot::$cfg['advboard']['rssToHeader'] == 1 && cot_module_active('rss')) {
require_once cot_incfile('advboard', 'module');
// Получить все категории
if (!empty($structure['advboard'])) {
foreach ($structure['advboard'] as $adv_rssCode => $adv_rssCat) {
if ($adv_rssCat['count'] == 0 || !cot_auth('advboard', $adv_rssCode, 'R')) {
continue;
}
$advCatTitle = htmlspecialchars($adv_rssCat['title']);
$adv_rssUrl = cot_url('advboard', array('m' => 'rss', 'c' => $adv_rssCode));
if (!cot_url_check($adv_rssUrl)) {
$adv_rssUrl = COT_ABSOLUTE_URL . $adv_rssUrl;
}
cot::$out['head_head'] .= "\n" . '<link rel="alternate" type="application/rss+xml" title="' . cot::$L['advboard_rss_feed'] . $advCatTitle . '" href="' . $adv_rssUrl . '" />';
}
}
}
<?php
/**
* market module
*
* @package market
* @version 2.5.2
* @author CMSWorks Team
* @copyright Copyright (c) CMSWorks.ru, littledev.ru
* @license BSD
*/
list($usr['auth_read'], $usr['auth_write'], $usr['isadmin']) = cot_auth('market', 'any', 'RWA');
cot_block($usr['auth_read']);
$sort = cot_import('sort', 'G', 'ALP');
$c = cot_import('c', 'G', 'ALP');
$sq = cot_import('sq', 'G', 'TXT');
$sq = $db->prep($sq);
$maxrowsperpage = $cfg['market']['cat_' . $c]['maxrowsperpage'] ? $cfg['market']['cat_' . $c]['maxrowsperpage'] : $cfg['market']['cat___default']['maxrowsperpage'];
list($pn, $d, $d_url) = cot_import_pagenav('d', $maxrowsperpage);
/* === Hook === */
foreach (cot_getextplugins('market.list.first') as $pl) {
include $pl;
}
/* ===== */
if (!empty($c)) {
$out['subtitle'] = !empty($cfg['market']['cat_' . $c]['metatitle']) ? $cfg['market']['cat_' . $c]['metatitle'] : $cfg['market']['cat___default']['metatitle'];
$out['subtitle'] = !empty($out['subtitle']) ? $out['subtitle'] : $L['market'];
$out['desc'] = !empty($cfg['market']['cat_' . $c]['metadesc']) ? $cfg['market']['cat_' . $c]['metadesc'] : $cfg['market']['cat___default']['metadesc'];
$out['keywords'] = !empty($cfg['market']['cat_' . $c]['keywords']) ? $cfg['market']['cat_' . $c]['keywords'] : $cfg['market']['cat___default']['keywords'];
} else {
$out['subtitle'] = !empty($cfg['market']['cat___default']['metatitle']) ? $cfg['market']['cat___default']['metatitle'] : $L['market'];
/**
* Imports page data from request parameters.
* @param string $source Source request method for parameters
* @param array $rpage Existing page data from database
* @param array $auth Permissions array
* @return array Page data
*/
function cot_page_import($source = 'POST', $rpage = array(), $auth = array())
{
global $cfg, $db_pages, $cot_extrafields, $usr, $sys;
if (count($auth) == 0) {
$auth = cot_page_auth($rpage['page_cat']);
}
if ($source == 'D' || $source == 'DIRECT') {
// A trick so we don't have to affect every line below
global $_PATCH;
$_PATCH = $rpage;
$source = 'PATCH';
}
$rpage['page_cat'] = cot_import('rpagecat', $source, 'TXT');
$rpage['page_keywords'] = cot_import('rpagekeywords', $source, 'TXT');
$rpage['page_alias'] = cot_import('rpagealias', $source, 'TXT');
$rpage['page_title'] = cot_import('rpagetitle', $source, 'TXT');
$rpage['page_desc'] = cot_import('rpagedesc', $source, 'TXT');
$rpage['page_text'] = cot_import('rpagetext', $source, 'HTM');
$rpage['page_parser'] = cot_import('rpageparser', $source, 'ALP');
$rpage['page_author'] = cot_import('rpageauthor', $source, 'TXT');
$rpage['page_file'] = intval(cot_import('rpagefile', $source, 'INT'));
$rpage['page_url'] = cot_import('rpageurl', $source, 'TXT');
$rpage['page_size'] = (int) cot_import('rpagesize', $source, 'INT');
$rpage['page_file'] = $rpage['page_file'] == 0 && !empty($rpage['page_url']) ? 1 : $rpage['page_file'];
$rpagedatenow = cot_import('rpagedatenow', $source, 'BOL');
$rpage['page_date'] = cot_import_date('rpagedate', true, false, $source);
$rpage['page_date'] = $rpagedatenow || is_null($rpage['page_date']) ? $sys['now'] : (int) $rpage['page_date'];
$rpage['page_begin'] = (int) cot_import_date('rpagebegin');
$rpage['page_expire'] = (int) cot_import_date('rpageexpire');
$rpage['page_expire'] = $rpage['page_expire'] <= $rpage['page_begin'] ? 0 : $rpage['page_expire'];
$rpage['page_updated'] = $sys['now'];
$rpage['page_keywords'] = cot_import('rpagekeywords', $source, 'TXT');
$rpage['page_metatitle'] = cot_import('rpagemetatitle', $source, 'TXT');
$rpage['page_metadesc'] = cot_import('rpagemetadesc', $source, 'TXT');
$rpublish = cot_import('rpublish', $source, 'ALP');
// For backwards compatibility
$rpage['page_state'] = $rpublish == 'OK' ? 0 : cot_import('rpagestate', $source, 'INT');
if ($auth['isadmin'] && isset($rpage['page_ownerid'])) {
$rpage['page_count'] = cot_import('rpagecount', $source, 'INT');
$rpage['page_ownerid'] = cot_import('rpageownerid', $source, 'INT');
$rpage['page_filecount'] = cot_import('rpagefilecount', $source, 'INT');
} else {
$rpage['page_ownerid'] = $usr['id'];
}
$parser_list = cot_get_parsers();
if (empty($rpage['page_parser']) || !in_array($rpage['page_parser'], $parser_list) || $rpage['page_parser'] != 'none' && !cot_auth('plug', $rpage['page_parser'], 'W')) {
$rpage['page_parser'] = isset($sys['parser']) ? $sys['parser'] : $cfg['page']['parser'];
}
// Extra fields
foreach ($cot_extrafields[$db_pages] as $exfld) {
$rpage['page_' . $exfld['field_name']] = cot_import_extrafields('rpage' . $exfld['field_name'], $exfld, $source, $rpage['page_' . $exfld['field_name']]);
}
return $rpage;
}
<?php
/* ====================
[BEGIN_COT_EXT]
Hooks=tools
[END_COT_EXT]
==================== */
/**
* Trashcan interface
*
* @package TrashCan
* @copyright (c) Cotonti Team
* @license https://github.com/Cotonti/Cotonti/blob/master/License.txt
*/
defined('COT_CODE') && defined('COT_ADMIN') or die('Wrong URL.');
list($usr['auth_read'], $usr['auth_write'], $usr['isadmin']) = cot_auth('plug', 'trashcan');
cot_block($usr['isadmin']);
require_once cot_incfile('users', 'module');
cot_module_active('page') && (require_once cot_incfile('page', 'module'));
cot_module_active('forums') && (require_once cot_incfile('forums', 'module'));
$cfg['comments'] && (require_once cot_incfile('comments', 'plug'));
require_once cot_incfile('trashcan', 'plug');
require_once cot_langfile('trashcan', 'plug');
$adminhelp = $L['adm_help_trashcan'];
$adminsubtitle = $L['Trashcan'];
$id = cot_import('id', 'G', 'INT');
$maxperpage = $cfg['maxrowsperpage'] && is_numeric($cfg['maxrowsperpage']) && $cfg['maxrowsperpage'] > 0 ? $cfg['maxrowsperpage'] : 15;
list($pg, $d, $durl) = cot_import_pagenav('d', $maxperpage);
$info = $a == 'info' ? 1 : 0;
/* === Hook === */
foreach (cot_getextplugins('trashcan.admin.first') as $pl) {
<?php
/**
* marketorders plugin
*
* @package marketorders
* @version 1.0.0
* @author CMSWorks Team
* @copyright Copyright (c) CMSWorks.ru
* @license BSD
*/
defined('COT_CODE') or die('Wrong URL');
$id = cot_import('id', 'G', 'INT');
$key = cot_import('key', 'G', 'TXT');
list($usr['auth_read'], $usr['auth_write'], $usr['isadmin']) = cot_auth('plug', 'marketorders');
cot_block($usr['auth_read']);
if ($id > 0) {
$sql = $db->query("SELECT * FROM {$db_market_orders} AS o\n\t\tLEFT JOIN {$db_market} AS m ON m.item_id=o.order_pid\n\t\tWHERE order_status!='new' AND order_id=" . $id . " LIMIT 1");
}
if (!$id || !$sql || $sql->rowCount() == 0) {
cot_die_message(404, TRUE);
}
$marketorder = $sql->fetch();
cot_block($usr['isadmin'] || $usr['id'] == $marketorder['order_userid'] || $usr['id'] == $marketorder['order_seller'] || !empty($key) && $usr['id'] == 0);
if ($usr['id'] == 0) {
$hash = sha1($marketorder['order_email'] . '&' . $marketorder['order_id']);
cot_block($key == $hash);
}
/* === Hook === */
$extp = cot_getextplugins('marketorders.order.first');
foreach ($extp as $pl) {
<?php
/**
* Administration panel - PHP Infos
*
* @package Cotonti
* @copyright (c) Cotonti Team
* @license https://github.com/Cotonti/Cotonti/blob/master/License.txt
*/
defined('COT_CODE') && defined('COT_ADMIN') or die('Wrong URL.');
list($usr['auth_read'], $usr['auth_write'], $usr['isadmin']) = cot_auth('admin', 'a');
cot_block($usr['auth_read']);
$t = new XTemplate(cot_tplfile('admin.infos', 'core'));
$adminpath[] = array(cot_url('admin', 'm=other'), $L['Other']);
$adminpath[] = array(cot_url('admin', 'm=infos'), $L['adm_infos']);
$adminhelp = $L['adm_help_versions'];
$adminsubtitle = $L['adm_infos'];
/* === Hook === */
foreach (cot_getextplugins('admin.infos.first') as $pl) {
include $pl;
}
/* ===== */
@error_reporting(0);
$t->assign(array('ADMIN_INFOS_PHPVER' => function_exists('phpversion') ? phpversion() : $L['adm_help_config'], 'ADMIN_INFOS_ZENDVER' => function_exists('zend_version') ? zend_version() : $L['adm_help_config'], 'ADMIN_INFOS_INTERFACE' => function_exists('php_sapi_name') ? php_sapi_name() : $L['adm_help_config'], 'ADMIN_INFOS_CACHEDRIVERS' => is_array($cot_cache_drivers) ? implode(', ', $cot_cache_drivers) : '', 'ADMIN_INFOS_OS' => function_exists('php_uname') ? php_uname() : $L['adm_help_config'], 'ADMIN_INFOS_DATE' => cot_date('datetime_medium', $sys['now'], false), 'ADMIN_INFOS_GMDATE' => gmdate('Y-m-d H:i'), 'ADMIN_INFOS_GMTTIME' => $usr['gmttime'], 'ADMIN_INFOS_USRTIME' => $usr['localtime'], 'ADMIN_INFOS_TIMETEXT' => $usr['timetext']));
/* === Hook === */
foreach (cot_getextplugins('admin.infos.tags') as $pl) {
include $pl;
}
/* ===== */
$t->parse('MAIN');
$adminmain = $t->text('MAIN');
<?php
/* ====================
[BEGIN_COT_EXT]
Hooks=tools
[END_COT_EXT]
==================== */
/**
* Administration panel - Referers manager
*
* @package Referers
* @copyright (c) Cotonti Team
* @license https://github.com/Cotonti/Cotonti/blob/master/License.txt
*/
defined('COT_CODE') && defined('COT_ADMIN') or die('Wrong URL.');
list($usr['auth_read'], $usr['auth_write'], $usr['isadmin']) = cot_auth('plug', 'referers');
cot_block($usr['auth_read']);
$tt = new XTemplate(cot_tplfile('referers.admin', 'plug', true));
cot::$db->registerTable('referers');
require_once cot_langfile('referers', 'plug');
$adminhelp = $L['adm_help_referers'];
$adminsubtitle = $L['Referers'];
$maxperpage = $cfg['maxrowsperpage'] && is_numeric($cfg['maxrowsperpage']) && $cfg['maxrowsperpage'] > 0 ? $cfg['maxrowsperpage'] : 15;
list($pg, $d, $durl) = cot_import_pagenav('d', $maxperpage);
/* === Hook === */
foreach (cot_getextplugins('referers.admin.first') as $pl) {
include $pl;
}
/* ===== */
if ($a == 'prune' && $usr['isadmin']) {
$db->query("TRUNCATE {$db_referers}") ? cot_message('adm_ref_prune') : cot_message('Error');
