/** * Checks all requirements defined for some Extension * * @param array $info Extension info array, from setup file header * @param bool $mute_err_msg (optional) Disable error messages firing * @param bool $mute_info_msg (optional) Disable success messages. Disabled by default. * @return boolean Result of check * * @see cot_infoget() from `API - Extensions` package * @uses cot_requirements_satisfied() */ function cot_check_requirements($info, $mute_err_msg = false, $mute_info_msg = false) { foreach ($info as $key => $constraint) { if (strpos(trim($key), 'Requires') === 0) { list(, $package) = explode('_', $key, 2); $package = $package ?: 'Core'; $package = strtolower($package); if (in_array($package, array('plugins', 'modules'))) { // old style requirements check $list = explode(',', $constraint); foreach ($list as $extname) { $extname = trim($extname); $satisfied = cot_requirements_satisfied(substr($package, 0, -1), '*', $extname); if (!$satisfied) { break; } } } else { // new style constraints $check_installed = strpos($constraint, '?') === false; if (!$check_installed) { $constraint = str_replace('?', '', $constraint); } $satisfied = cot_requirements_satisfied($package, $constraint, null, $check_installed); } $requirement_str = " {$package}: {$info[$key]}"; if ($satisfied === false) { $mute_err_msg || cot_error(cot_rc('req_not_satisfied', array('req' => $requirement_str))); } elseif ($satisfied !== true) { // get error with constraint $mute_err_msg || cot_message(cot_rc('req_not_valid', array('req' => $requirement_str, 'error_msg' => $satisfied)), 'warning'); } else { $mute_info_msg || cot_message(cot_rc('req_satisfied', array('req' => $requirement_str)), 'ok'); } if ($satisfied !== true) { return false; } // #FIXME comment for test } } //return false; // #FIXME uncomment for test return true; }
function cfg_password_filter(&$input_value, $cfg_var, $minlength = 4) { if (!is_array($input_value)) { return NULL; } if ($input_value[0] == $input_value[1]) { if ($input_value[0] && mb_strlen($input_value[1]) < $minlength) { cot_error('min length: ' . $minlength, $cfg_var['config_name']); } else { return $input_value[1]; } } else { if ($input_value[1]) { cot_error('Password must match', $cfg_var['config_name']); } } $input_value = $cfg_var['config_value']; return NULL; }
/** * Импортировать файл */ function brs_importFile($inputname, $oldvalue = '') { global $lang, $cot_translit, $brs_allowed_ext, $brs_files_dir, $cfg; $import = !empty($_FILES[$inputname]) ? $_FILES[$inputname] : array(); $import['delete'] = cot_import('del_' . $inputname, 'P', 'BOL') ? 1 : 0; // Если пришел файл или надо удалить существующий if (is_array($import) && !$import['error'] && !empty($import['name'])) { $fname = mb_substr($import['name'], 0, mb_strrpos($import['name'], '.')); $ext = mb_strtolower(mb_substr($import['name'], mb_strrpos($import['name'], '.') + 1)); if (!file_exists($brs_files_dir)) { mkdir($brs_files_dir); } //check extension if (empty($brs_allowed_ext) || in_array($ext, $brs_allowed_ext)) { if ($lang != 'en') { require_once cot_langfile('translit', 'core'); $fname = is_array($cot_translit) ? strtr($fname, $cot_translit) : ''; } $fname = str_replace(' ', '_', $fname); $fname = preg_replace('#[^a-zA-Z0-9\\-_\\.\\ \\+]#', '', $fname); $fname = str_replace('..', '.', $fname); $fname = empty($fname) ? cot_unique() : $fname; $fname .= file_exists("{$brs_files_dir}/{$fname}.{$ext}") && $oldvalue != $fname . '.' . $ext ? date("YmjGis") : ''; $fname .= '.' . $ext; $file['old'] = !empty($oldvalue) && ($import['delete'] || $import['tmp_name']) ? $oldvalue : ''; $file['tmp'] = !$import['delete'] ? $import['tmp_name'] : ''; $file['new'] = !$import['delete'] ? $brs_files_dir . $fname : ''; if (!empty($file['old']) && file_exists($file['old'])) { unlink($file['old']); } if (!empty($file['tmp']) && !empty($file['tmp'])) { move_uploaded_file($file['tmp'], $file['new']); } return $file['new']; } else { cot_error(cot::$L['brs_err_inv_file_type'], $inputname); return ''; } } }
<?php /* ==================== [BEGIN_COT_EXT] Hooks=comments.send.first [END_COT_EXT] ==================== */ /** * mCAPTCHA validation * * @package MathCaptcha * @copyright (c) Cotonti Team * @license https://github.com/Cotonti/Cotonti/blob/master/License.txt */ defined('COT_CODE') or die("Wrong URL."); if ($cfg['captchamain'] == 'mcaptcha' && $usr['id'] == '0') { $rverify = cot_import('rverify', 'P', 'TXT'); if (!cot_captcha_validate($rverify)) { cot_error('captcha_verification_failed', 'rverify'); } }
$adminpath[] = array(cot_url('admin', array('m' => 'other', 'p' => 'configeditor', 'n' => 'set', 'c' => $c)), $info['configcat_title']); $adminpath[] = $L['edit_cat']; $types_array = array(COT_CONFIG_TYPE_TEXT => $L['ccfg_type_text'], COT_CONFIG_TYPE_STRING => $L['ccfg_type_string'], COT_CONFIG_TYPE_SELECT => $L['ccfg_type_select'], COT_CONFIG_TYPE_RADIO => $L['ccfg_type_radio'], COT_CONFIG_TYPE_CALLBACK => $L['ccfg_type_callback'], COT_CONFIG_TYPE_HIDDEN => $L['ccfg_type_hidden'], COT_CONFIG_TYPE_SEPARATOR => $L['ccfg_type_separator'], COT_CONFIG_TYPE_RANGE => $L['ccfg_type_range'], COT_CONFIG_TYPE_CUSTOM => $L['ccfg_type_custom']); if ($a == 'add') { $name = cot_import('rname', 'P', "ALP"); $title = cot_import('rtitle', 'P', "TXT"); $desc = cot_import('rdesc', 'P', "HTM"); $order = cot_import('rorder', 'P', "INT"); $variants = cot_import('rvariants', 'P', "HTM"); $default = cot_import('rdefault', 'P', "HTM"); $type = cot_import('rtype', 'P', "INT"); if (empty($name)) { cot_error($L['err_no_name']); } if (cfg_editor::config_exists($name)) { cot_error($L['err_exists_name']); } if (!cot_error_found()) { cfg_editor::config_add($c, $name, $order, $title, $desc, $type, $default, $variants); cot_message('added_success'); } $cache && $cache->clear(); cot_redirect(cot_url('admin', array('m' => 'other', 'p' => 'configeditor', 'n' => 'edit', 'c' => $c), '', true)); } if ($a == 'update') { $titles = cot_import('rtitle', 'P', "ARR"); $descs = cot_import('rdesc', 'P', "ARR"); $orders = cot_import('rorder', 'P', "ARR"); $variantss = cot_import('rvariants', 'P', "ARR"); $defaults = cot_import('rdefault', 'P', "ARR"); $types = cot_import('rtype', 'P', "ARR");
} /* ===== */ if (!cot_error_found()) { $res = cot_structure_add($n, $rstructure, $is_module); if ($res === true) { cot_extrafield_movefiles(); /* === Hook === */ foreach (cot_getextplugins('admin.structure.add.done') as $pl) { include $pl; } /* ===== */ cot_message('Added'); } elseif (is_array($res)) { cot_error($res[0], $res[1]); } else { cot_error('Error'); } } cot_redirect(cot_url('admin', 'm=structure&n=' . $n . '&mode=' . $mode . '&d=' . $durl, '', true)); } elseif ($a == 'delete') { cot_check_xg(); if (cot_structure_delete($n, $c, $is_module)) { /* === Hook === */ foreach (cot_getextplugins('admin.structure.delete.done') as $pl) { include $pl; } /* ===== */ cot_message('Deleted'); } cot_redirect(cot_url('admin', 'm=structure&n=' . $n . '&mode=' . $mode . '&d=' . $durl, '', true)); } elseif ($a == 'resyncall') {
public function deleteAction() { $id = cot_import('id', 'G', 'INT'); $d = cot_import('d', 'G', 'INT'); $backUrlParams = array('m' => 'subscribe'); if (!empty($d)) { $backUrlParams['d'] = $d; } // Фильтры из списка $f = cot_import('f', 'G', 'ARR'); if (!empty($f)) { foreach ($f as $key => $val) { if ($key == 'id') { continue; } $backUrlParams["f[{$key}]"] = $val; } } $sort = cot_import('s', 'G', 'ALP'); // order field name $way = cot_import('w', 'G', 'ALP', 4); // order way (asc, desc) if ($sort != 'title') { $backUrlParams['s'] = $sort; } if ($way != 'asc') { $backUrlParams['w'] = $way; } if (!$id) { cot_error(cot::$L['subscribe_err_not_found']); cot_redirect(cot_url('admin', $backUrlParams)); } $item = subscribe_model_Subscribe::getById($id); if (!$item) { cot_error(cot::$L['subscribe_err_not_found']); cot_redirect(cot_url('admin', $backUrlParams)); } $title = $item->title; $item->delete(); cot_message(sprintf(cot::$L['subscribe_deleted'], $title)); cot_redirect(cot_url('admin', $backUrlParams, '', true)); }
/* === Hook === */ foreach (cot_getextplugins('forums.editpost.update.first') as $pl) { include $pl; } /* ===== */ $rtopic['ft_title'] = cot_import('rtopictitle', 'P', 'TXT', 255); $rtopic['ft_desc'] = cot_import('rtopicdesc', 'P', 'TXT', 255); $rmsg = array(); $rmsg['fp_text'] = cot_import('rmsgtext', 'P', 'HTM'); $rmsg['fp_updater'] = $rowpost['fp_posterid'] == $usr['id'] && $sys['now'] < $rowpost['fp_updated'] + 300 && empty($rowpost['fp_updater']) ? '' : $usr['name']; $rmsg['fp_updated'] = $sys['now']; if (isset($_POST['rtopictitle']) && mb_strlen($rtopic['ft_title']) < $cfg['forums']['mintitlelength']) { cot_error('forums_titletooshort', 'rtopictitle'); } if (mb_strlen($rmsg['fp_text']) < $cfg['forums']['minpostlength']) { cot_error('forums_messagetooshort', 'rmsgtext'); } foreach ($cot_extrafields[$db_forum_topics] as $exfld) { $rtopic['ft_' . $exfld['field_name']] = cot_import_extrafields('rtopic' . $exfld['field_name'], $exfld); } foreach ($cot_extrafields[$db_forum_posts] as $exfld) { $rmsg['fp_' . $exfld['field_name']] = cot_import_extrafields('rmsg' . $exfld['field_name'], $exfld); } if (!cot_error_found()) { $db->update($db_forum_posts, $rmsg, "fp_id={$p}"); if (!empty($rtopic['ft_title']) && $db->query("SELECT fp_id FROM {$db_forum_posts} WHERE fp_topicid = {$q} ORDER BY fp_id ASC LIMIT 1")->fetchColumn() == $p) { if (mb_substr($rtopic['ft_title'], 0, 1) == "#") { $rtopic['ft_title'] = str_replace('#', '', $rtopic['ft_title']); } $rtopic['ft_preview'] = mb_substr(htmlspecialchars($rmsg['fp_text']), 0, 128); $db->update($db_forum_topics, $rtopic, "ft_id = {$q}");
cot_error(sprintf($L['adm_extrafield_not_updated'], $k)); } } } } //cot_redirect(cot_url('admin', "m=extrafields&n=$n&d=$durl", '', true)); } elseif ($a == 'del' && isset($name)) { /* === Hook === */ foreach (cot_getextplugins('admin.extrafields.delete') as $pl) { include $pl; } /* ===== */ if (cot_extrafield_remove($n, $name)) { cot_message('adm_extrafield_removed'); } else { cot_error('adm_extrafield_not_removed'); } //cot_redirect(cot_url('admin', "m=extrafields&n=$n&d=$durl", '', true)); } $cache && $cache->db->remove('cot_extrafields', 'system'); cot_load_extrafields(true); $totalitems = $db->query("SELECT COUNT(*) FROM {$db_extra_fields} WHERE field_location = '{$n}'")->fetchColumn(); $res = $db->query("SELECT * FROM {$db_extra_fields} WHERE field_location = '{$n}' ORDER BY field_name ASC LIMIT {$d}, " . $maxperpage); $pagenav = cot_pagenav('admin', 'm=extrafields&n=' . $n, $d, $totalitems, $maxperpage, 'd', '', $cfg['jquery'] && $cfg['turnajax']); $field_types = array('input', 'inputint', 'currency', 'double', 'textarea', 'select', 'checkbox', 'radio', 'datetime', 'country', 'range', 'checklistbox', 'file'); $ii = 0; /* === Hook - Part1 : Set === */ $extp = cot_getextplugins('admin.extrafields.loop'); /* ===== */ foreach ($res->fetchAll() as $row) { $ii++;
// Enforce cache loading require_once $cfg['system_dir'] . '/cache.php'; $cache = new Cache(); $cache->init(); } if ($a == 'purge' && $cache) { if (cot_check_xg() && $cache->clear()) { $db->update($db_users, array('user_auth' => ''), "user_auth != ''"); cot_message('adm_purgeall_done'); } else { cot_error('Error'); } } elseif ($a == 'delete') { cot_check_xg(); $name = $db->prep(cot_import('name', 'G', 'TXT')); $db->delete($db_cache, "c_name = '{$name}'") ? cot_message('adm_delcacheitem') : cot_error('Error'); } if ($cache && $cache->mem) { $info = $cache->get_info(); if ($info['available'] < 0) { $info['available'] = '?'; } $t->assign(array('ADMIN_CACHE_MEMORY_DRIVER' => str_replace('_driver', '', $cache->mem_driver), 'ADMIN_CACHE_MEMORY_PERCENTBAR' => ceil($info['occupied'] / $info['max'] * 100), 'ADMIN_CACHE_MEMORY_AVAILABLE' => $info['available'], 'ADMIN_CACHE_MEMORY_MAX' => $info['max'])); $t->parse('MAIN.ADMIN_CACHE_MEMORY'); } $sql = $db->query("SELECT * FROM {$db_cache} WHERE 1 ORDER by c_name ASC"); $cachesize = 0; $ii = 0; /* === Hook - Part1 : Set === */ $extp = cot_getextplugins('admin.cache.loop'); /* ===== */
$t->parse('MAIN.RESULTS.FORUMS.ITEM'); } $jj++; } $sql->closeCursor(); if ($jj > 0) { $t->parse('MAIN.RESULTS.FORUMS'); } } /* === Hook === */ foreach (cot_getextplugins('search.list') as $pl) { include $pl; } /* ===== */ if (array_sum($totalitems) < 1) { cot_error($L['plu_noneresult'] . $R['code_error_separator']); } if (!cot_error_found()) { $t->parse('MAIN.RESULTS'); } $rs_url_path = array(); foreach ($rs as $k => $v) { if (is_array($v)) { foreach ($v as $sk => $sv) { $rs_url_path['rs[' . $k . '][' . $sk . ']'] = $sv; } } else { $rs_url_path['rs[' . $k . ']'] = $v; } } $pagenav = cot_pagenav('plug', array('e' => 'search', 'sq' => $sq, 'tab' => $tab) + $rs_url_path, $d, array_sum($totalitems), $cfg_maxitems);
<?php /** * Administration panel - Home page for administrators * * @package Cotonti * @copyright (c) Cotonti Team * @license https://github.com/Cotonti/Cotonti/blob/master/License.txt */ defined('COT_CODE') && defined('COT_ADMIN') or die('Wrong URL.'); $t = new XTemplate(cot_tplfile('admin.home', 'core')); if (!$cfg['debug_mode'] && file_exists('install.php') && is_writable('datas/config.php')) { cot_error('home_installable_error'); } $adminsubtitle = ''; // Empty means just "Administration" //Version Checking if ($cfg['check_updates'] && $cache) { $update_info = $cache->db->get('update_info'); if (!$update_info) { if (ini_get('allow_url_fopen')) { $update_info = @file_get_contents('http://www.cotonti.com/update-check'); if ($update_info) { $update_info = json_decode($update_info, TRUE); $cache->db->store('update_info', $update_info, COT_DEFAULT_REALM, 86400); } } elseif (function_exists('curl_init')) { $curl = curl_init(); curl_setopt($curl, CURLOPT_URL, 'http://www.cotonti.com/update-check'); curl_setopt($curl, CURLOPT_RETURNTRANSFER, TRUE); $update_info = curl_exec($curl);
foreach ($cot_extrafields[$db_com] as $exfld) { $comarray['com_' . $exfld['field_name']] = cot_import_extrafields('rcomments' . $exfld['field_name'], $exfld); } /* == Hook == */ foreach (cot_getextplugins('comments.send.first') as $pl) { include $pl; } /* ===== */ if (empty($rname) && $usr['id'] == 0) { cot_error($L['com_authortooshort'], 'rname'); } if (mb_strlen($rtext) < $cfg['plugin']['comments']['minsize']) { cot_error($L['com_commenttooshort'], 'rtext'); } if ($cfg['plugin']['comments']['commentsize'] && mb_strlen($rtext) > $cfg['plugin']['comments']['commentsize']) { cot_error($L['com_commenttoolong'], 'rtext'); } if (!cot_error_found()) { $comarray['com_area'] = $area; $comarray['com_code'] = $item; $comarray['com_author'] = $usr['id'] == 0 ? $rname : $usr['name']; $comarray['com_authorid'] = (int) $usr['id']; $comarray['com_authorip'] = $usr['ip']; $comarray['com_text'] = $rtext; $comarray['com_date'] = (int) $sys['now']; $sql = $db->insert($db_com, $comarray); $id = $db->lastInsertId(); if ($cache && $area == 'page') { if ($cfg['cache_page']) { $cache->page->clear('page/' . str_replace('.', '/', $structure['page'][$url_params['c']]['path'])); }
} $rusergroupsms = cot_import('rusergroupsms', 'P', 'ARR'); if (mb_strlen($ruser['user_name']) < 2 || mb_strpos($ruser['user_name'], ',') !== false || mb_strpos($ruser['user_name'], "'") !== false) { cot_error('aut_usernametooshort', 'rusername'); } if ($ruser['user_name'] != $urr['user_name'] && $db->query("SELECT COUNT(*) FROM {$db_users} WHERE user_name = ?", array($ruser['user_name']))->fetchColumn() > 0) { cot_error('aut_usernamealreadyindb', 'rusername'); } if (!cot_check_email($ruser['user_email'])) { cot_error('aut_emailtooshort', 'ruseremail'); } if ($ruser['user_email'] != $urr['user_email'] && $db->query("SELECT COUNT(*) FROM {$db_users} WHERE user_email = ?", array($ruser['user_email']))->fetchColumn() > 0) { cot_error('aut_emailalreadyindb', 'ruseremail'); } if (!empty($rusernewpass) && mb_strlen($rusernewpass) < 4) { cot_error('aut_passwordtooshort', 'rusernewpass'); } if (!cot_error_found()) { if (!empty($rusernewpass)) { $ruser['user_passsalt'] = cot_unique(16); $ruser['user_passfunc'] = empty($cfg['hashfunc']) ? 'sha256' : $cfg['hashfunc']; $ruser['user_password'] = cot_hash($rusernewpass, $ruser['user_passsalt'], $ruser['user_passfunc']); } $ruser['user_name'] = $ruser['user_name'] == '' ? $urr['user_name'] : $ruser['user_name']; $ruser['user_birthdate'] = is_null($ruser['user_birthdate']) ? '0000-00-00' : cot_stamp2date($ruser['user_birthdate']); if (!$ruserbanned) { $ruser['user_banexpire'] = 0; } if ($ruserbanned && $ruser['user_banexpire'] > 0) { $ruser['user_banexpire'] += $sys['now']; }
} } if (cot::$usr['id'] == 0 && !empty($cot_captcha)) { $rverify = cot_import('rverify', 'P', 'TXT'); if (!cot_captcha_validate($rverify)) { cot_error('captcha_verification_failed', 'rverify'); } } if ($rcontact['contact_author'] == '') { cot_error('contact_noname', 'ruser'); } if (!cot_check_email($rcontact['contact_email'])) { cot_error('contact_emailnotvalid', 'remail'); } if (mb_strlen($rcontact['contact_text']) < cot::$cfg['plugin']['contact']['minchars']) { cot_error('contact_entrytooshort', 'rtext'); } if (!cot_error_found()) { $rcontact['contact_authorid'] = (int) $usr['id']; $rcontact['contact_date'] = (int) $sys['now']; $rcontact['contact_val'] = 0; if (in_array($cfg['plugin']['contact']['save'], array('db', 'both'))) { $db->insert($db_contact, $rcontact); } $semail = !empty($cfg['plugin']['contact']['email']) ? $cfg['plugin']['contact']['email'] : $cfg['adminemail']; if (cot_check_email($semail) && in_array($cfg['plugin']['contact']['save'], array('email', 'both'))) { $headers = "From: \"" . $rcontact['contact_author'] . "\" <" . $rcontact['contact_email'] . ">\n"; $context = array('sitetitle' => $cfg["maintitle"], 'siteurl' => $cfg['mainurl'], 'author' => $rcontact['contact_author'], 'email' => $rcontact['contact_email'], 'subject' => $rcontact['contact_subject'], 'text' => $rcontact['contact_text']); $rextras = ''; if (!empty(cot::$extrafields[cot::$db->contact])) { foreach (cot::$extrafields[cot::$db->contact] as $exfld) {
$htparts[0] = $htdata; $htparts[1] = $hta; $htparts[2] = $custom_htaccess; $htparts[3] = ''; } $htdata = implode("\n### COTONTI URLTRANS ###\n", $htparts); file_put_contents('.htaccess', $htdata); $hta = $htdata; } $t->assign(array('ADMIN_URLS_CONF_NAME' => $conf_name, 'ADMIN_URLS_HTA' => $hta)); $t->parse('MAIN.HTA'); $cache && $cache->db->remove('cot_urltrans', 'system'); } // Check urltrans.dat if (!is_writeable('./datas/urltrans.dat')) { cot_error('adm_urls_error_dat'); } // Get list of valid areas $areas = array('*', 'plug', 'login'); $res = $db->query("SELECT ct_code FROM {$db_core} WHERE ct_plug = 0 ORDER BY ct_code"); foreach ($res->fetchAll() as $row) { $areas[] = $row['ct_code']; } sort($areas); /* FIXME: check block / actualize as not exists in template --------------------- */ // New rule contents foreach ($areas as $ar) { $t->assign(array('ADMIN_URLS_AREABOX_SELECTED' => $ar == '*' ? ' selected="selected"' : '', 'ADMIN_URLS_AREABOX_ITEM' => $ar)); $t->parse('MAIN.AREABOX'); } /* FIXME: [end_of_block] --------------------------------------------- */
/* ===== */ $rmsg['fp_text'] = cot_import('rmsgtext', 'P', 'HTM'); $rtopic['ft_title'] = cot_import('rtopictitle', 'P', 'TXT', 255); $rtopic['ft_desc'] = cot_import('rtopicdesc', 'P', 'TXT', 255); $rtopic['ft_mode'] = (int) (cot_import('rtopicmode', 'P', 'BOL') && $cfg['forums']['cat_' . $s]['allowprvtopics']) ? 1 : 0; $rtopic['ft_preview'] = cot_string_truncate($rmsg['fp_text'], 120); if (mb_strlen($rtopic['ft_title']) < $cfg['forums']['mintitlelength']) { cot_error('forums_titletooshort', 'rtopictitle'); } if (mb_strlen($rmsg['fp_text']) < $cfg['forums']['minpostlength']) { cot_error('forums_messagetooshort', 'rmsgtext'); } if (!strpos($structure['forums'][$s]['path'], '.')) { // Attempting to create a topic in a root category include cot_langfile('message', 'core'); cot_error($L['msg602_body']); } foreach ($cot_extrafields[$db_forum_topics] as $exfld) { $rtopic['ft_' . $exfld['field_name']] = cot_import_extrafields('rtopic' . $exfld['field_name'], $exfld); } foreach ($cot_extrafields[$db_forum_posts] as $exfld) { $rmsg['fp_' . $exfld['field_name']] = cot_import_extrafields('rmsg' . $exfld['field_name'], $exfld); } if (!cot_error_found()) { if (mb_substr($rtopic['ft_title'], 0, 1) == "#") { $rtopic['ft_title'] = str_replace('#', '', $rtopic['ft_title']); } $rtopic['ft_state'] = 0; $rtopic['ft_sticky'] = 0; $rtopic['ft_cat'] = $s; $rtopic['ft_creationdate'] = (int) $sys['now'];
<?php /* ==================== [BEGIN_COT_EXT] Hooks=users.register.add.first Order=10 [END_COT_EXT] ==================== */ /** * reCAPTCHA Plugin for Cotonti * * @package recaptchag * @version 2.0 * @author Alexeev vlad * @copyright Copyright (c) Alexeev vlad * @license Free */ defined('COT_CODE') or die('Wrong URL'); if ($cfg['captchamain'] == 'recaptcha') { $response = cot_import('g-recaptcha-response', 'P', 'TXT'); if (!cot_recaptcha_valid($response)) { cot_error('recaptcha_verification_failed', 'response'); } }
$sql_pm_users = $db->query("SELECT user_id, user_name FROM {$db_users} WHERE user_id IN {$touser_sql}"); } } $sql_pm_users && ($totalrecipients = $sql_pm_users->rowCount()); if ($totalrecipients > 0) { while ($row = $sql_pm_users->fetch()) { $touser_ids[] = $row['user_id']; $touser_names[] = htmlspecialchars($row['user_name']); } $sql_pm_users->closeCursor(); $touser = implode(", ", $touser_names); if ($totalrecipients < $touser_req) { cot_error('pm_wrongname', 'newpmrecipient'); } if (!$usr['isadmin'] && $totalrecipients > 10) { cot_error(sprintf($L['pm_toomanyrecipients'], 10), 'newpmrecipient'); } } } list($totalsentbox, $totalinbox) = cot_message_count($usr['id']); $title_params = array('PM' => $L['Private_Messages'], 'SEND_NEW' => $L['pm_sendnew']); $out['subtitle'] = cot_title('{SEND_NEW} - {PM}', $title_params); $out['head'] .= $R['code_noindex']; /* === Hook === */ foreach (cot_getextplugins('pm.send.main') as $pl) { include $pl; } /* ===== */ if ($id) { $pmsql = $db->query("SELECT *, u.user_name FROM {$db_pm} AS p LEFT JOIN {$db_users} AS u ON u.user_id=p.pm_touserid WHERE pm_id={$id} AND pm_tostate=0 LIMIT 1"); if ($pmsql->rowCount() != 0) {
$cot_groups[$row['grp_id']] = array('id' => $row['grp_id'], 'alias' => $row['grp_alias'], 'level' => $row['grp_level'], 'disabled' => $row['grp_disabled'], 'hidden' => $row['grp_hidden'], 'state' => $row['grp_state'], 'name' => htmlspecialchars($row['grp_name']), 'title' => htmlspecialchars($row['grp_title'])); } $res->closeCursor(); $usr['id'] = 1; // Install all at once // Note: installation statuses are ignored in this installer $selected_modules = cot_install_sort_extensions($selected_modules, true); foreach ($selected_modules as $ext) { if (!cot_extension_install($ext, true)) { cot_error("Installing {$ext} module has failed"); } } $selected_plugins = cot_install_sort_extensions($selected_plugins, false); foreach ($selected_plugins as $ext) { if (!cot_extension_install($ext, false)) { cot_error("Installing {$ext} plugin has failed"); } } } break; case 5: // End credits break; default: // Error cot_redirect(cot_url('index')); exit; } $inst_func_name = "cot_install_step" . $step . "_setup"; function_exists($inst_func_name) && $inst_func_name(); if (cot_error_found()) {
/** * Validates page data. * @param array $rpage Imported page data * @return boolean TRUE if validation is passed or FALSE if errors were found */ function cot_page_validate($rpage) { global $cfg, $structure; cot_check(empty($rpage['page_cat']), 'page_catmissing', 'rpagecat'); if ($structure['page'][$rpage['page_cat']]['locked']) { global $L; require_once cot_langfile('message', 'core'); cot_error('msg602_body', 'rpagecat'); } cot_check(mb_strlen($rpage['page_title']) < 2, 'page_titletooshort', 'rpagetitle'); cot_check(!empty($rpage['page_alias']) && preg_match('`[+/?%#&]`', $rpage['page_alias']), 'page_aliascharacters', 'rpagealias'); $allowemptytext = isset($cfg['page']['cat_' . $rpage['page_cat']]['allowemptytext']) ? $cfg['page']['cat_' . $rpage['page_cat']]['allowemptytext'] : $cfg['page']['cat___default']['allowemptytext']; cot_check(!$allowemptytext && empty($rpage['page_text']), 'page_textmissing', 'rpagetext'); return !cot_error_found(); }
cot_error('aut_usernametooshort', 'rusername'); } if (mb_strlen($rpassword1) < 4) { cot_error('aut_passwordtooshort', 'rpassword1'); } if (!cot_check_email($ruser['user_email'])) { cot_error('aut_emailtooshort', 'ruseremail'); } if ($user_exists) { cot_error('aut_usernamealreadyindb', 'rusername'); } if ($email_exists && !$cfg['useremailduplicate']) { cot_error('aut_emailalreadyindb', 'ruseremail'); } if ($rpassword1 != $rpassword2) { cot_error('aut_passwordmismatch', 'rpassword2'); } /* === Hook for the plugins === */ foreach (cot_getextplugins('users.register.add.validate') as $pl) { include $pl; } /* ===== */ if (!cot_error_found()) { $ruser['user_password'] = $rpassword1; $userid = cot_add_user($ruser); /* === Hook for the plugins === */ foreach (cot_getextplugins('users.register.add.done') as $pl) { include $pl; } /* ===== */ if ($cfg['users']['regnoactivation'] || $db->countRows($db_users) == 1) {
/** * Validates product data. * @param array $ritem Imported product data * @return boolean TRUE if validation is passed or FALSE if errors were found */ function cot_folio_validate($ritem) { global $cfg, $structure; cot_check(empty($ritem['item_cat']), 'folio_select_cat', 'rcat'); if ($structure['folio'][$ritem['item_cat']]['locked']) { global $L; require_once cot_langfile('message', 'core'); cot_error('msg602_body', 'rcat'); } cot_check(mb_strlen($ritem['item_title']) < 2, 'folio_empty_title', 'rtitle'); cot_check(!empty($ritem['item_alias']) && preg_match('`[+/?%#&]`', $ritem['item_alias']), 'folio_aliascharacters', 'ralias'); $allowemptytext = isset($cfg['folio']['cat_' . $ritem['item_cat']]['allowemptytext']) ? $cfg['folio']['cat_' . $ritem['item_cat']]['allowemptytext'] : $cfg['folio']['cat___default']['allowemptytext']; cot_check(!$allowemptytext && empty($ritem['item_text']), 'folio_empty_text', 'rtext'); return !cot_error_found(); }
} $file = $_FILES[$code]; if (!empty($file['tmp_name']) && $file['size'] > 0 && is_uploaded_file($file['tmp_name'])) { $gd_supported = array('jpg', 'jpeg', 'png', 'gif'); $var = explode(".", $file['name']); $file_ext = strtolower(array_pop($var)); $fcheck = cot_file_check($file['tmp_name'], $file['name'], $file_ext); if (in_array($file_ext, $gd_supported) && $fcheck == 1) { $file['name'] = cot_safename($file['name'], true); $filename_full = $usr['id'] . '-' . strtolower($file['name']); $filepath = $code == 'avatar' ? $cfg['avatars_dir'] . '/' . $filename_full : $cfg['photos_dir'] . '/' . $filename_full; if (file_exists($filepath)) { unlink($filepath); } move_uploaded_file($file['tmp_name'], $filepath); cot_imageresize($filepath, $filepath, $settings['width'], $settings['height'], $settings['crop'], '', 100); @chmod($filepath, $cfg['file_perms']); /* === Hook === */ foreach (cot_getextplugins('profile.update.' . $code) as $pl) { include $pl; } /* ===== */ $sql = $db->update($db_users, array("user_" . $code => $filepath), "user_id='" . $usr['id'] . "'"); } elseif ($fcheck == 2) { cot_error(sprintf($L['pfs_filemimemissing'], $file_ext), $code); } else { cot_error(sprintf($L['userimages_' . $code . 'notvalid'], $file_ext), $code); } } } }
/** * Validates product data. * @param array $ritem Imported product data * @return boolean TRUE if validation is passed or FALSE if errors were found */ function cot_market_validate($ritem) { global $cfg, $structure; cot_check(empty($ritem['item_cat']), 'market_select_cat', 'rcat'); if ($structure['market'][$ritem['item_cat']]['locked']) { cot_error('market_locked_cat', 'rcat'); } cot_check(mb_strlen($ritem['item_title']) < 2, 'market_empty_title', 'rtitle'); cot_check(!empty($ritem['item_alias']) && preg_match('`[+/?%#&]`', $ritem['item_alias']), 'market_aliascharacters', 'ralias'); $allowemptytext = isset($cfg['market']['cat_' . $ritem['item_cat']]['allowemptytext']) ? $cfg['market']['cat_' . $ritem['item_cat']]['allowemptytext'] : $cfg['market']['cat___default']['allowemptytext']; cot_check(!$allowemptytext && empty($ritem['item_text']), 'market_empty_text', 'rtext'); return !cot_error_found(); }
public function deleteAction() { $id = cot_import('id', 'G', 'INT'); $d = cot_import('d', 'G', 'INT'); $backUrlParams = array('m' => 'subscribe', 'n' => 'queue'); if (!empty($d)) { $backUrlParams['d'] = $d; } // Фильтры из списка $f = cot_import('f', 'G', 'ARR'); if (!empty($f)) { foreach ($f as $key => $val) { if ($key == 'id') { continue; } $backUrlParams["f[{$key}]"] = $val; } } if (!$id) { cot_error(cot::$L['nf']); cot_redirect(cot_url('admin', $backUrlParams)); } $item = subscribe_model_Queue::getById($id); if (!$item) { cot_error(cot::$L['nf']); cot_redirect(cot_url('admin', $backUrlParams)); } $item->delete(); cot_message(cot::$L['Deleted']); cot_redirect(cot_url('admin', $backUrlParams, '', true)); }
/** * Check Poll form */ function cot_poll_check() { global $cfg, $L, $poll_id, $poll_text, $poll_multiple, $poll_state, $poll_options; $poll_id = cot_import('poll_id', 'P', 'INT'); $poll_delete = cot_import('poll_delete', 'P', 'BOL'); $poll_reset = cot_import('poll_reset', 'P', 'BOL'); $poll_text = trim(cot_import('poll_text', 'P', 'HTM')); $poll_multiple = cot_import('poll_multiple', 'P', 'BOL'); $poll_state = cot_import('poll_state', 'P', 'BOL'); $poll_options = cot_import('poll_option', 'P', 'ARR'); if ($poll_delete && (int) $poll_id > 0) { cot_poll_delete($poll_id); $poll_id = ''; } if (isset($_POST['poll_id'])) { if ($poll_reset && (int) $poll_id > 0) { cot_poll_reset($poll_id); } $poll_options_temp = array(); foreach ($poll_options as $key => $val) { $val = trim(cot_import($val, 'D', 'TXT')); if (!empty($val)) { $poll_options_temp[$key] = $val; } } $poll_options = $poll_options_temp; if (is_int($poll_id) || $cfg['polls']['del_dup_options']) { $poll_options = array_unique($poll_options); } if (mb_strlen($poll_text) < 4) { cot_error('polls_error_title', 'poll_text'); } if (count($poll_options) < 2) { cot_error('polls_error_count', 'poll_option'); } } }
cot_redirect(cot_url('admin', 'm=other&p=userimages', '', true)); } if ($a == 'edit') { $code = cot_import('code', 'G', 'ALP'); $width = cot_import('userimg_width', 'P', 'INT'); $height = cot_import('userimg_height', 'P', 'INT'); $crop = cot_import('userimg_crop', 'P', 'TXT'); if (!cot_userimages_config_edit($code, $width, $height, $crop)) { cot_error('userimages_emptycode', 'code'); } cot_redirect(cot_url('admin', 'm=other&p=userimages', '', true)); } if ($a == 'remove') { $code = cot_import('code', 'G', 'ALP'); if (!cot_userimages_config_remove($code)) { cot_error('userimages_emptycode'); } cot_redirect(cot_url('admin', 'm=other&p=userimages', '', true)); } $userimg = cot_userimages_config_get(true); foreach ($userimg as $code => $settings) { $tt->assign(array('CODE' => $code, 'WIDTH' => $settings['width'], 'HEIGHT' => $settings['height'], 'CROP' => $settings['crop'], 'EDIT_URL' => cot_url('admin', 'm=other&p=userimages&a=edit&code=' . $code), 'REMOVE' => cot_rc('userimg_remove', array('url' => cot_url('admin', 'm=other&p=userimages&a=remove&code=' . $code))))); $tt->parse('MAIN.USERIMG_LIST'); } cot_display_messages($tt); // use cot_message() /* === Hook === */ foreach (cot_getextplugins('userimages.admin.tags') as $pl) { include $pl; } /* ===== */
$pag_i18n['ipage_text'] = $pag['page_text']; } $t->assign(array('I18N_ACTION' => cot_url('plug', "e=i18n&m=page&a=add&id={$id}"), 'I18N_TITLE' => $L['i18n_adding'], 'I18N_ORIGINAL_LANG' => $i18n_locales[$cfg['defaultlang']], 'I18N_LOCALIZED_LANG' => cot_selectbox('', 'locale', $lc_values, $lc_names, false), 'I18N_PAGE_TITLE' => htmlspecialchars($pag['page_title']), 'I18N_PAGE_DESC' => htmlspecialchars($pag['page_desc']), 'I18N_PAGE_TEXT' => cot_parse($pag['page_text'], $cfg['page']['markup']), 'I18N_IPAGE_TITLE' => htmlspecialchars($pag_i18n['ipage_title']), 'I18N_IPAGE_DESC' => htmlspecialchars($pag_i18n['ipage_desc']), 'I18N_IPAGE_TEXT' => cot_textarea('translate_text', $pag_i18n['ipage_text'], 32, 80, '', 'input_textarea_editor'))); cot_display_messages($t); /* === Hook === */ foreach (cot_getextplugins('i18n.page.translate.tags') as $pl) { include $pl; } /* =============*/ } elseif ($a == 'edit' && $pag_i18n && ($i18n_admin || $i18n_edit || $usr['id'] == $pag_i18n['ipage_translatorid'])) { if ($_SERVER['REQUEST_METHOD'] == 'POST') { // Update the translation $pag_i18n['ipage_date'] = $sys['now']; $pag_i18n['ipage_title'] = cot_import('title', 'P', 'TXT'); if (mb_strlen($pag_i18n['ipage_title']) < 2) { cot_error('page_titletooshort', 'rpagetitle'); } $pag_i18n['ipage_desc'] = cot_import('desc', 'P', 'TXT'); $pag_i18n['ipage_text'] = cot_import('translate_text', 'P', 'HTM'); if (cot_error_found()) { cot_redirect(cot_url('plug', "e=i18n&m=page&a=edit&id={$id}&l={$i18n_locale}", '', true)); exit; } $db->update($db_i18n_pages, $pag_i18n, "ipage_id = ? AND ipage_locale = ?", array($id, $i18n_locale)); /* === Hook === */ foreach (cot_getextplugins('i18n.page.edit.update') as $pl) { include $pl; } /* =============*/ cot_message('Updated'); $page_urlp = empty($pag['page_alias']) ? 'c=' . $pag['page_cat'] . "&id={$id}&l={$i18n_locale}" : 'c=' . $pag['page_cat'] . '&al=' . $pag['page_alias'] . '&l=' . $i18n_locale;
/** * Displays redirect page * * @param string $url Target URI */ function cot_redirect($url) { global $cfg, $env, $error_string, $sys; if (cot_error_found() && $_SERVER['REQUEST_METHOD'] == 'POST') { // Save the POST data if (!empty($error_string)) { // Message should not be lost cot_error($error_string); } cot_import_buffer_save(); } if (!cot_url_check($url)) { // No redirects to foreign domains if ($url == '/' || $url == $sys['site_uri']) { $url = COT_ABSOLUTE_URL; } else { if ($url[0] === '/') { $url = mb_substr($url, 1); } $url = COT_ABSOLUTE_URL . $url; } } if (defined('COT_AJAX') && COT_AJAX) { // Save AJAX state, some browsers loose it after redirect (e.g. FireFox 3.6) $sep = strpos($url, '?') === false ? '?' : '&'; $url .= $sep . '_ajax=1'; } if (isset($env['status'])) { $protocol = isset($_SERVER['SERVER_PROTOCOL']) ? $_SERVER['SERVER_PROTOCOL'] : 'HTTP/1.1'; header($protocol . ' ' . $env['status']); } if ($cfg['redirmode']) { $output = $cfg['doctype'] . <<<HTM \t\t<html> \t\t<head> \t\t<meta http-equiv="content-type" content="text/html; charset=UTF-8" /> \t\t<meta http-equiv="refresh" content="0; url={$url}" /> \t\t<title>Redirecting...</title></head> \t\t<body>Redirecting to <a href="{$url}">{$url}</a> \t\t</body> \t\t</html> HTM; header('Refresh: 0; URL=' . $url); echo $output; exit; } else { header('Location: ' . $url); exit; } }