function Photo_Stream($userid, $friends = true)
{
if ($friends) {
return db_array('SELECT
photos.id AS photoid,
users.name AS username,
photos.title
FROM
photos CROSS JOIN users
ON photos.userid = users.id
CROSS JOIN friendships
ON users.id = friendships.following
WHERE
follower = ?
LIMIT 100', array($userid));
}
return db_array('SELECT
photos.id AS photoid,
users.name AS username,
photos.title
FROM
photos CROSS JOIN users
ON photos.userid = users.id
LIMIT 100');
}
public function ilist_by_category($att_categories_id)
{
$where = array('status' => 0);
if ($att_categories_id > 0) {
$where['att_categories_id'] = $att_categories_id;
}
return db_array($this->table_name, $where, 'add_time desc');
}
public function ilist($parent_id = NULL)
{
$where = '';
if (!is_null($parent_id)) {
$where .= 'and parent_id=' . dbq($parent_id);
}
return db_array("select * from " . $this->table_name . " where status=0 {$where} order by parent_id, prio desc, iname");
}
function db_clear($tables = false)
{
//cant find where this is called from. obsolete?
global $_josh;
$sql = $_josh["db"]["language"] == "mssql" ? "SELECT name FROM sysobjects WHERE type='u' AND status > 0" : "SHOW TABLES FROM " . $_josh["db"]["database"];
$tables = $tables ? explode(",", $tables) : db_array($sql);
foreach ($tables as $table) {
db_query("DELETE FROM " . $table);
}
}
public static function authenticate($username, $password)
{
$users = db_array('SELECT
id, name, password, hashing
FROM
users
WHERE
name = :username
LIMIT 1', compact('username'));
if (count($users)) {
$storedCrypto = $users[0]['password'];
$reEncrypted = blowfishEncrypt($password, $users[0]['hashing']);
if ($reEncrypted['password'] == $storedCrypto) {
return $users[0];
}
}
return false;
}
public static function listing($userid, $includeprivate = true)
{
$visibility = array('public');
if ($includeprivate) {
$visibility[] = 'private';
}
$rows = db_array('SELECT
id, text, type, created, visibility, userid
FROM
posts
WHERE
userid = :userid
AND visibility IN :visibility
AND deleted != "yes"
ORDER BY
DATE( created ) DESC, TIME( created ) ASC, id ASC', compact('userid', 'visibility'));
foreach ($rows as $i => $row) {
$rows[$i]['formatted'] = Post::format($row['text']);
}
return $rows;
}
public function ShowFormAction($form_id)
{
$id = $form_id + 0;
$dict_link_multi = array();
if ($this->fw->route['method'] == 'GET') {
if ($id > 0) {
$item = $this->model->one($id);
$item["ftime_str"] = DateUtils::int2timestr($item["ftime"]);
$dict_link_multi = FormUtils::ids2multi($item['dict_link_multi']);
} else {
#defaults
$item = array('fint' => 0, 'ffloat' => 0);
}
} else {
$itemdb = $id ? $this->model->one($id) : array();
$item = array_merge($itemdb, req('item'));
$dict_link_multi = req('dict_link_multi');
}
$ps = array('id' => $id, 'i' => $item, 'add_user_id_name' => fw::model('Users')->full_name($item['add_user_id']), 'upd_user_id_name' => fw::model('Users')->full_name($item['upd_user_id']), 'select_options_parent_id' => FormUtils::select_options_db(db_array("select id, iname from {$this->table_name} where parent_id=0 and status=0 order by iname"), $item['parent_id']), 'select_options_demo_dicts_id' => $this->model_related->get_select_options($item['demo_dicts_id']), 'dict_link_auto_id_iname' => $item['dict_link_auto_id'] ? $this->model_related->iname($item['dict_link_auto_id']) : $item['dict_link_auto_id_iname'], 'multi_datarow' => $this->model_related->get_multi_list($dict_link_multi), 'att_id_url_s' => $this->fw->model('Att')->get_url_direct($item['att_id'], 's'));
#combo date
#TODO FormUtils::combo4date( $item['fdate_combo'], $ps, 'fdate_combo');
return $ps;
}
function upgrade_1284()
{
# migrate the ALL domain to the superadmin column
# Note: The ALL domain is not (yet) deleted to stay backwards-compatible for now (will be done in a later upgrade function)
$result = db_query("SELECT username FROM " . table_by_key('domain_admins') . " where domain='ALL'");
if ($result['rows'] > 0) {
while ($row = db_array($result['result'])) {
printdebug("Setting superadmin flag for " . $row['username']);
db_update('admin', 'username', $row['username'], array('superadmin' => db_get_boolean(true)));
}
}
}
<?
if(!check_perms('admin_dnu')) { error(403); }
if($_POST['submit'] == 'Delete'){ //Delete
if(!is_number($_POST['id']) || $_POST['id'] == ''){ error(0); }
$DB->query('DELETE FROM do_not_upload WHERE ID='.$_POST['id']);
} else { //Edit & Create, Shared Validation
$Val->SetFields('name', '1','string','The name must be set, and has a max length of 40 characters', array('maxlength'=>40, 'minlength'=>1));
$Val->SetFields('comment', '0','string','The description has a max length of 255 characters', array('maxlength'=>255));
$Err=$Val->ValidateForm($_POST); // Validate the form
if($Err){ error($Err); }
$P=array();
$P=db_array($_POST); // Sanitize the form
if($_POST['submit'] == 'Edit'){ //Edit
if(!is_number($_POST['id']) || $_POST['id'] == ''){ error(0); }
$DB->query("UPDATE do_not_upload SET
Name='$P[name]',
Comment='$P[comment]',
UserID='$LoggedUser[ID]',
Time='".sqltime()."'
WHERE ID='$P[id]'");
} else { //Create
$DB->query("INSERT INTO do_not_upload
(Name, Comment, UserID, Time) VALUES
('$P[name]','$P[comment]','$LoggedUser[ID]','".sqltime."')");
}
}
// Go back
}
} else {
$QueryID = $DB->query("\n\t\tSELECT\n\t\t\tSQL_CALC_FOUND_ROWS\n\t\t\tIP,\n\t\t\tStartTime,\n\t\t\tEndTime\n\t\tFROM users_history_ips\n\t\tWHERE UserID = '{$UserID}'\n\t\t\t{$SearchIPQuery}\n\t\tORDER BY StartTime DESC\n\t\tLIMIT {$Limit}");
}
if (isset($QueryID)) {
$DB->query('SELECT FOUND_ROWS()');
list($NumResults) = $DB->next_record();
$DB->set_query_id($QueryID);
$Results = $DB->to_array(false, MYSQLI_ASSOC);
$IPMatches = $IPMatchesUser = $IPMatchesIgnored = array();
} else {
$NumResults = 0;
$Results = array();
}
if (!empty($Results)) {
$IPs = db_array($DB->collect('IP'), array(), true);
$DB->query("\n\t\tSELECT\n\t\t\tUserID,\n\t\t\tIP,\n\t\t\tStartTime,\n\t\t\tEndTime\n\t\tFROM users_history_ips\n\t\tWHERE IP IN (" . implode(',', $IPs) . ")\n\t\t\tAND UserID != '{$UserID}'\n\t\t\tAND UserID != 0\n\t\tORDER BY StartTime DESC");
unset($IPs);
while ($Match = $DB->next_record(MYSQLI_ASSOC)) {
$OtherIP = $Match['IP'];
$OtherUserID = $Match['UserID'];
if (!isset($IPMatchesUser[$OtherIP][$OtherUserID])) {
$IPMatchesUser[$OtherIP][$OtherUserID] = 0;
}
if ($IPMatchesUser[$OtherIP][$OtherUserID] < 500) {
$IPMatches[$OtherIP][] = $Match;
} else {
if (!isset($IPMatchesIgnored[$OtherIP][$OtherUserID])) {
$IPMatchesIgnored[$OtherIP][$OtherUserID] = 0;
}
$IPMatchesIgnored[$OtherIP][$OtherUserID]++;
$channels = array_post_checkboxes('channels');
$languages = db_table('SELECT id, code FROM languages');
foreach ($languages as $l) {
$addresses = db_array('SELECT DISTINCT u.email FROM users u JOIN users_to_channels_prefs u2cp ON u.id = u2cp.user_id WHERE u.is_active = 1 AND u.language_id = ' . $l['id'] . ' AND u2cp.channel_id IN (' . implode(',', $channels) . ')');
$topic = db_grab('SELECT
ISNULL(u.nickname, u.firstname) firstname,
u.lastname,
t.title' . langExt($l['code']) . ' title,
t.description' . langExt($l['code']) . ' description,
y.title' . langExt($l['code']) . ' type,
t.created_date
FROM bb_topics t
LEFT JOIN bb_topics_types y ON t.type_id = y.id
JOIN users u ON t.created_user = u.id
WHERE t.id = ' . $id);
$channels_text = db_array('SELECT title' . langExt($l['code']) . ' FROM channels WHERE id IN (' . implode(',', $channels) . ')');
$channels_text = implode(', ', $channels_text);
$message = '<p style="font-weight:bold;">' . $topic['firstname'] . ' ' . $topic['lastname'] . ' ' . getString('bb_notify', $l['code']) . '</p>
<p>' . getString('title', $l['code']) . ': ' . draw_link(url_base() . '/bb/topic.php?id=' . $id, $topic['title']) . '</p>
<p>' . getString('channels_label', $l['code']) . ': ' . $channels_text . '</p>';
if ($topic['type']) {
$message .= '<p>' . getString('category', $l['code']) . ': ' . $topic['type'] . '</p>';
}
$message .= '<div style="color:#555; border-top:1px dotted #555; padding-top:5px; margin-top:5px;">' . $topic['description'] . '</div>';
emailUser($addresses, $topic['title'], $message);
}
}
bbDrawRss();
url_change();
}
echo drawTop(drawSyndicateLink('bb'));
include "include.php";
if (isset($_GET["deleteID"])) {
if (db_grab("SELECT endDate FROM intranet_users WHERE userID = " . $_GET["deleteID"])) {
db_query("UPDATE intranet_users SET isActive = 0, deletedBy = {$user["id"]}, deletedOn = GETDATE() WHERE userID = " . $_GET["deleteID"]);
} else {
db_query("UPDATE intranet_users SET isActive = 0, deletedBy = {$user["id"]}, deletedOn = GETDATE(), endDate = GETDATE() WHERE userID = " . $_GET["deleteID"]);
}
url_query_drop("deleteID");
}
$orgs = array();
if (!isset($_GET["id"])) {
$_GET["id"] = 0;
}
$orgs[0] = "Shared";
$orgs = db_array("SELECT id, description FROM organizations ORDER BY description", $orgs);
drawTop();
?>
<table class="navigation staff" cellspacing="1">
<tr class="staff-hilite">
<?php
foreach ($orgs as $key => $value) {
?>
<td width="14.28%"<?php
if ($_GET["id"] == $key) {
?>
class="selected"<?php
}
?>
><?php
if ($_GET["id"] != $key) {
public static function get_combo_select_sql($sql, $sel_value)
{
$rows = db_array($sql);
$result = '';
foreach ($rows as $k => $row) {
$value = $row['id'];
$desc = $row['iname'];
if (!$value && !$desc) {
continue;
}
if ($value == $sel_value) {
$result .= "<option value=\"{$value}\" selected>{$desc}\n";
} else {
$result .= "<option value=\"{$value}\">{$desc}\n";
}
}
return $result;
}
/**
* Retrieve information on someone who is on vacation
* @return struct|boolean stored information on vacation - array(subject - string, message - string, active - boolean, activeFrom - date, activeUntil - date)
* will return false if no existing data
*/
function get_details()
{
$table_vacation = table_by_key('vacation');
$E_username = escape_string($this->username);
$sql = "SELECT * FROM {$table_vacation} WHERE email = '{$E_username}'";
$result = db_query($sql);
if ($result['rows'] != 1) {
return false;
}
$row = db_array($result['result']);
$boolean = $row['active'] == db_get_boolean(true);
# TODO: only return true and store the db result array in $this->whatever for consistency with the other classes
return array('subject' => $row['subject'], 'body' => $row['body'], 'active' => $boolean, 'interval_time' => $row['interval_time'], 'activeFrom' => $row['activefrom'], 'activeUntil' => $row['activeuntil']);
}
/* ----------------------- ПАРАМЕТРЫ СТРАНИЦЫ ----------------------- */
$page['title'] = 'Лог';
$page['desc'] = 'Лог сервера';
resource(['datatables/datatables/media/css/jquery.dataTables.min.css', 'datatables/datatables/media/js/jquery.dataTables.min.js', <<<JS
\$(document).ready(function() {
\$('table').DataTable( {
"language": {
"url": "//cdn.datatables.net/plug-ins/9dcbecd42ad/i18n/Russian.json"
}
} );
} );
JS
]);
/* ---------------------- КОНТРОЛЛЕР СТРАНИЦЫ ----------------------- */
// Запрашиваем записи лога, относящиеся к API
$logs = db_array("SELECT *, " . "DATE_FORMAT(`created_at`, '%d.%m.%y в %H:%m:%s') AS `time` " . "FROM `log`" . "WHERE `type` = 'API'" . "ORDER BY `created_at` DESC");
/* -------------------------- ОТОБРАЖЕНИЕ ------------ */
ob_start();
?>
<h2>Лог запросов к серверу</h2>
<hr />
<table class="display" cellspacing="0" width="100%">
<thead>
<tr>
<th>ID</th>
<th>Время</th>
<th>Значение</th>
</tr>
</thead>
<tbody>
} else {
$checks = array();
}
if (!empty($f_options['variants'])) {
foreach ($f_options['variants'] as $num => $val) {
echo '<div class="checkbox"><label><input type="checkbox"';
echo ' name="' . $f_name . '[]"';
echo ' value="' . $num . '"';
if (array_search($num, $checks) !== false) {
echo ' checked=""';
}
echo '> ' . $val . '</label></div>';
}
} else {
if (!empty($f_options['mysql_query'])) {
$variants = db_array($f_options['mysql_query']);
foreach ($variants as $var) {
echo '<div class="checkbox"><label><input type="checkbox"';
echo ' name="' . $f_name . '[]"';
echo ' value="' . $var[$f_options['row_id']] . '"';
if (array_search($var[$f_options['row_id']], $checks) !== false) {
echo ' checked=""';
}
echo '> ' . $var[$f_options['row_title']] . '</label></div>';
}
}
}
break;
}
//if (!empty($f_options['dadata']['yandex_map'])) echo '<div id="' . $f_name . '_map" style="width: 100%; height: 180px"></div>';
?>
function print_import()
{
global $self, $xurl, $DB;
print_header();
?>
<center>
<h3>Import DB</h3>
<div class="frm">
<b>.sql</b> or <b>.gz</b> file: <input type="file" name="file1" value="" size=40><br>
<input type="hidden" name="doim" value="1">
<input type="submit" value=" Upload and Import " onclick="return ays()"><input type="button" value=" Cancel " onclick="window.location='<?php
eo($self . '?' . $xurl . '&db=' . $DB['db']);
?>
'">
</div>
<br><br><br>
<!--
<h3>Import one Table from CSV</h3>
<div class="frm">
.csv file (Excel style): <input type="file" name="file2" value="" size=40><br>
<input type="checkbox" name="r1" value="1" checked> first row contain field names<br>
<small>(note: for success, field names should be exactly the same as in DB)</small><br>
Character set of the file: <select name="chset"><?php
echo chset_select('utf8');
?>
</select>
<br><br>
Import into:<br>
<input type="radio" name="tt" value="1" checked="checked"> existing table:
<select name="t">
<option value=''>- select -</option>
<?php
echo sel(db_array('show tables', NULL, 0, 1), 0, '');
?>
</select>
<div style="margin-left:20px">
<input type="checkbox" name="ttr" value="1"> replace existing DB data<br>
<input type="checkbox" name="tti" value="1"> ignore duplicate rows
</div>
<input type="radio" name="tt" value="2"> create new table with name <input type="text" name="tn" value="" size="20">
<br><br>
<input type="hidden" name="doimcsv" value="1">
<input type="submit" value=" Upload and Import " onclick="return ays()"><input type="button" value=" Cancel " onclick="window.location='<?php
eo($self);
?>
'">
</div>
-->
</center>
<?php
print_footer();
exit;
}
<?
/*
* This is the backend of the AJAXy reports resolve (When you press the shiny submit button).
* This page shouldn't output anything except in error, if you do want output, it will be put
* straight into the table where the report used to be. Currently output is only given when
* a collision occurs or a POST attack is detected.
*/
if(!check_perms('admin_reports')) {
error(403);
}
//Don't escape: Log message
$Escaped = db_array($_POST, array(15));
//If we're here from the delete torrent page instead of the reports page.
if(!isset($Escaped['from_delete'])) {
$Report = true;
} else if(!is_number($Escaped['from_delete'])) {
echo 'Hax occured in from_delete';
} else {
$Report = false;
}
$PMMessage = $_POST['uploader_pm'];
if(is_number($Escaped['reportid'])) {
$ReportID = $Escaped['reportid'];
} else {
echo 'Hax occured in the reportid';
die();
// check if table already exists, if so, don't recreate it
$r = db_query("SELECT relname FROM pg_class WHERE relname = 'config'");
if ($r['rows'] == 0) {
$pgsql = "\n CREATE TABLE " . table_by_key('config') . " ( \n id SERIAL,\n name VARCHAR(20) NOT NULL UNIQUE,\n value VARCHAR(20) NOT NULL,\n PRIMARY KEY(id)\n )";
db_query_parsed($pgsql);
}
} else {
$mysql = "\n CREATE TABLE {IF_NOT_EXISTS} " . table_by_key('config') . "(\n `id` {AUTOINCREMENT} {PRIMARY},\n `name` VARCHAR(20) {LATIN1} NOT NULL DEFAULT '',\n `value` VARCHAR(20) {LATIN1} NOT NULL DEFAULT '',\n UNIQUE name ( `name` )\n )\n ";
db_query_parsed($mysql, 0, " ENGINE = MYISAM COMMENT = 'PostfixAdmin settings'");
}
$sql = "SELECT * FROM config WHERE name = 'version'";
// insert into config('version', '01');
$r = db_query($sql);
if ($r['rows'] == 1) {
$rs = $r['result'];
$row = db_array($rs);
$version = $row['value'];
} else {
$version = 0;
}
_do_upgrade($version);
function _do_upgrade($current_version)
{
global $CONF;
$target_version = preg_replace('/[^0-9]/', '', '$Revision: 397 $');
if ($current_version >= $target_version) {
# already up to date
echo "Database is up to date";
return true;
}
echo "<p>Updating database:<p>old version: {$current_version}; target version: {$target_version}";
<?php
include '../include.php';
$emails = array('*****@*****.**', 'foo [at] bar', 'test@mweb.co.za;testest@clara.net');
$emails = db_array('SELECT email FROM users WHERE is_active = 1 ORDER BY email');
$good = $bad = array();
foreach ($emails as $e) {
if (!($good[] = format_email($e))) {
array_pop($good);
$bad[] = $e;
}
}
echo 'good emails:' . draw_list($good);
echo '<hr>bad emails:' . draw_list($bad);
//email($emails, 'this is some test content', 'this is a test');
}
if ($_SERVER['REQUEST_METHOD'] == "POST") {
$fUsername = escape_string($_POST['fUsername']);
$fPassword = escape_string($_POST['fPassword']);
$lang = safepost('lang');
if ($lang != check_language(0)) {
# only set cookie if language selection was changed
setcookie('lang', $lang, time() + 60 * 60 * 24 * 30);
# language cookie, lifetime 30 days
# (language preference cookie is processed even if username and/or password are invalid)
}
$active = db_get_boolean(True);
$query = "SELECT password FROM {$table_mailbox} WHERE username='******' AND active={$active}";
$result = db_query($query);
if ($result['rows'] == 1) {
$row = db_array($result['result']);
$password = pacrypt($fPassword, $row['password']);
$query = "SELECT * FROM {$table_mailbox} WHERE username='******' AND password='******' AND active={$active}";
$result = db_query($query);
if ($result['rows'] != 1) {
$error = 1;
$tMessage = $PALANG['pLogin_password_incorrect'];
$tUsername = $fUsername;
}
} else {
$error = 1;
$tMessage = $PALANG['pLogin_username_incorrect'];
}
if ($error != 1) {
session_regenerate_id();
$_SESSION['sessid'] = array();
<?php
/*
* This is the backend of the AJAXy reports resolve (When you press the shiny submit button).
* This page shouldn't output anything except in error. If you do want output, it will be put
* straight into the table where the report used to be. Currently output is only given when
* a collision occurs or a POST attack is detected.
*/
if (!check_perms('admin_reports')) {
error(403);
}
authorize();
//Don't escape: Log message, Admin message
$Escaped = db_array($_POST, array('log_message', 'admin_message', 'raw_name'));
//If we're here from the delete torrent page instead of the reports page.
if (!isset($Escaped['from_delete'])) {
$Report = true;
} elseif (!is_number($Escaped['from_delete'])) {
echo 'Hax occurred in from_delete';
} else {
$Report = false;
}
$PMMessage = $_POST['uploader_pm'];
if (is_number($Escaped['reportid'])) {
$ReportID = $Escaped['reportid'];
} else {
echo 'Hax occurred in the reportid';
die;
}
if ($Escaped['pm_type'] != 'Uploader') {
$Escaped['uploader_pm'] = '';
/**
* Attempt to log a user in.
* @param string $username
* @param string $password
* @return boolean true on successful login (i.e. password matches etc)
*/
public function login($username, $password)
{
$username = escape_string($username);
$table = table_by_key($this->db_table);
$active = db_get_boolean(True);
$query = "SELECT password FROM {$table} WHERE " . $this->id_field . "='{$username}' AND active='{$active}'";
$result = db_query($query);
if ($result['rows'] == 1) {
$row = db_array($result['result']);
$crypt_password = pacrypt($password, $row['password']);
if ($row['password'] == $crypt_password) {
return true;
}
}
return false;
}
function addRow($field)
{
global $_josh;
extract($field);
$return = "";
if ($type == "hidden") {
$return .= draw_form_hidden($name, $value);
} else {
if ($label) {
$return .= '<dt class="' . $type . '">' . $label;
if ($additional && $type == "checkboxes") {
$return .= $additional;
}
$return .= '</dt>' . $_josh["newline"];
}
$return .= '<dd class="' . $type . '">';
if ($type == "checkbox") {
$return .= '<div class="checkbox_option">' . draw_form_checkbox($name, $value) . '<span class="option_name" onclick="javascript:form_checkbox_toggle(\'' . $name . '\');">' . $additional . '</span></div>';
} elseif ($type == "checkboxes") {
if ($value) {
$options = db_query("SELECT o.id, o.name, (SELECT COUNT(*) FROM {$linking_table} l WHERE l.option_id = o.id AND l.object_id = {$value}) checked FROM {$options_table} o ORDER BY o.name");
} else {
$options = db_query("SELECT id, name, 0 checked FROM {$options_table} ORDER BY name");
}
while ($o = db_fetch($options)) {
$name = "chk_" . str_replace("_", "-", $options_table) . "_" . $o["id"];
$return .= '<div class="checkbox_option">' . draw_form_checkbox($name, $o["checked"]) . '<span class="option_name" onclick="javascript:form_checkbox_toggle(\'' . $name . '\');">' . $o["name"] . '</span></div>';
}
} elseif ($type == "date") {
$return .= draw_form_date($name, $value, false) . $additional;
} elseif ($type == "datetime") {
$return .= draw_form_date($name, $value, true) . $additional;
} elseif ($type == "note") {
$return .= "<div class='note'>" . $additional . "</div>";
} elseif ($type == "password") {
$return .= draw_form_password($name, $value, $class, 255, false) . $additional;
} elseif ($type == "radio") {
if (!$options) {
if (!$sql) {
$sql = "SELECT id, name FROM options_" . str_replace("_id", "", $name);
}
$options = db_array($sql);
}
if ($append) {
while (list($addkey, $addval) = each($append)) {
$options[$addkey] = $addval;
}
}
foreach ($options as $id => $description) {
$return .= '<div class="radio_option">' . draw_form_radio($name, $id, $value == $id, $class) . $description . '</div>';
}
} elseif ($type == "select") {
if (!$options) {
if (!$sql) {
$sql = "SELECT id, name FROM options_" . str_replace("_id", "", $name);
}
$options = db_array($sql);
}
if ($append) {
while (list($addkey, $addval) = each($append)) {
$options[$addkey] = $addval;
}
}
$return .= draw_form_select($name, $options, $value, $required, $class, $action);
} elseif ($type == "submit") {
$return .= draw_form_submit($value, $class) . $additional;
} elseif ($type == "text") {
$return .= draw_form_text($name, $value, $class, $maxlength, false, false) . $additional;
} elseif ($type == "textarea") {
$return .= draw_form_textarea($name, $value, $class) . $additional;
}
$return .= '</dd>' . $_josh["newline"];
}
return $return;
}
function langUnsetFields($form, $names)
{
//unset fields for other languages
//todo - take multiple names
//if (!getOption('languages')) return false;
$names = array_separated($names);
foreach ($names as $name) {
$languages = db_array('SELECT code FROM languages WHERE id <> ' . $_SESSION['language_id']);
foreach ($languages as &$l) {
$l = $name . langExt($l);
}
$form->unset_fields(implode(',', $languages));
}
}
foreach ($addresses as $lang => $emails) {
$topic = db_grab('SELECT
t.title' . langExt($lang) . ' title,
y.title' . langExt($lang) . ' type,
t.created_date
FROM bb_topics t
LEFT JOIN bb_topics_types y ON t.type_id = y.id
WHERE t.id = ' . $_POST['topic_id']);
$reply = db_grab('SELECT
f.description' . langExt($lang) . ' description,
ISNULL(u.nickname, u.firstname) firstname,
u.lastname
FROM bb_followups f
JOIN users u ON f.created_user = u.id
WHERE f.id = ' . $id);
$channels_text = db_array('SELECT c.title' . langExt($lang) . ' FROM bb_topics_to_channels t2c JOIN channels c ON t2c.channel_id = c.id WHERE t2c.topic_id = ' . $_POST['topic_id']);
$channels_text = implode(', ', $channels_text);
$message = '<p style="font-weight:bold;">' . $reply['firstname'] . ' ' . $reply['lastname'] . ' ' . getString('bb_followup', $lang) . '</p>
<p>' . getString('title', $lang) . ': ' . draw_link(url_base() . '/bb/topic.php?id=' . $id, $topic['title']) . '</p>
<p>' . getString('channels_label', $lang) . ': ' . $channels_text . '</p>';
if ($topic['type']) {
$message .= '<p>' . getString('category', $lang) . ': ' . $topic['type'] . '</p>';
}
$message .= '<div style="color:#555; border-top:1px dotted #555; padding-top:5px; margin-top:5px;">' . $reply['description'] . '</div>';
emailUser($emails, 'RE: ' . $topic['title'], $message);
}
}
bbDrawRss();
url_change();
} elseif (isset($_GET['delete'])) {
db_delete('bb_topics');
function do_export()
{
global $DB, $VERSION;
$rt = $_REQUEST['t'];
$t = split(",", $rt);
$th = array_flip($t);
$ct = count($t);
$z = db_array("show variables like 'max_allowed_packet'");
$MAXI = floor($z[0]['Value'] * 0.8);
if (!$MAXI) {
$MAXI = 838860;
}
if ($ct == 1 && $_REQUEST['et'] == 'csv') {
header('Content-type: text/csv');
header("Content-Disposition: attachment; filename=\"{$t['0']}.csv\"");
$csv_data = "First Name,Last Name,Email,ClickBank ID,Registered\n";
$sth = db_query("select * from `{$t['0']}`");
$fn = mysql_num_fields($sth);
for ($i = 0; $i < $fn; $i++) {
$m = mysql_fetch_field($sth, $i);
echo qstr($m->name) . ($i < $fn - 1 ? "," : "");
}
echo "\n";
while ($row = mysql_fetch_row($sth)) {
echo to_csv_row($row);
}
exit;
}
header('Content-type: text/plain');
header("Content-Disposition: attachment; filename=\"{$DB['db']}" . ($ct == 1 && $t[0] ? ".{$t['0']}" : ($ct > 1 ? '.' . $ct . 'tables' : '')) . ".sql\"");
echo "-- phpMiniAdmin dump {$VERSION}\n-- Datetime: " . date('Y-m-d H:i:s') . "\n-- Host: {$DB['host']}\n-- Database: {$DB['db']}\n\n/*!40030 SET max_allowed_packet={$MAXI} */;\n\n";
$sth = db_query("show tables from {$DB['db']}");
while ($row = mysql_fetch_row($sth)) {
if (!$rt || array_key_exists($row[0], $th)) {
do_export_table($row[0], 1, $MAXI);
}
}
exit;
}
$sql_join .= " LEFT JOIN {$table_quota2} ON {$table_mailbox}.username={$table_quota2}.username ";
}
if (Config::bool('used_quotas') && !Config::bool('new_quota_table')) {
$table_quota = table_by_key('quota');
$sql_select .= ", {$table_quota}.current ";
$sql_join .= " LEFT JOIN {$table_quota} ON {$table_mailbox}.username={$table_quota}.username ";
$sql_where .= " AND ( {$table_quota}.path='quota/storage' OR {$table_quota}.path IS NULL ) ";
}
$mailbox_pagebrowser_query = "{$sql_from}\n{$sql_join}\n{$sql_where}\n{$sql_order}";
$query = "{$sql_select}\n{$mailbox_pagebrowser_query}\n{$sql_limit}";
$result = db_query($query);
if ($result['rows'] > 0) {
$delimiter = preg_quote($CONF['recipient_delimiter'], "/");
$goto_single_rec_del = "";
$tMailbox = array();
while ($row = db_array($result['result'])) {
if ($display_mailbox_aliases) {
$goto_split = explode(",", $row['goto']);
$row['goto_mailbox'] = 0;
$row['goto_other'] = array();
foreach ($goto_split as $goto_single) {
if (!empty($CONF['recipient_delimiter'])) {
$goto_single_rec_del = preg_replace('/' . $delimiter . '[^' . $delimiter . '@]*@/', "@", $goto_single);
}
if ($goto_single == $row['username'] || $goto_single_rec_del == $row['username']) {
# delivers to mailbox
$row['goto_mailbox'] = 1;
} elseif (Config::bool('vacation') && strstr($goto_single, '@' . $CONF['vacation_domain'])) {
# vacation alias - TODO: check for full vacation alias
# skip the vacation alias, vacation status is detected otherwise
} else {
<?php
authorize();
include SERVER_ROOT . '/classes/validate.class.php';
$Val = new VALIDATE();
$P = array();
$P = db_array($_POST);
if ($P['category'] > 0 || check_perms('site_collages_renamepersonal')) {
$Val->SetFields('name', '1', 'string', 'The name must be between 3 and 100 characters', array('maxlength' => 100, 'minlength' => 3));
} else {
// Get a collage name and make sure it's unique
$name = $LoggedUser['Username'] . "'s personal collage";
$P['name'] = db_string($name);
$DB->query("\n\t\tSELECT ID\n\t\tFROM collages\n\t\tWHERE Name = '" . $P['name'] . "'");
$i = 2;
while ($DB->has_results()) {
$P['name'] = db_string("{$name} no. {$i}");
$DB->query("\n\t\t\tSELECT ID\n\t\t\tFROM collages\n\t\t\tWHERE Name = '" . $P['name'] . "'");
$i++;
}
}
$Val->SetFields('description', '1', 'string', 'The description must be between 10 and 65535 characters', array('maxlength' => 65535, 'minlength' => 10));
$Err = $Val->ValidateForm($_POST);
if (!$Err && $P['category'] === '0') {
$DB->query("\n\t\tSELECT COUNT(ID)\n\t\tFROM collages\n\t\tWHERE UserID = '{$LoggedUser['ID']}'\n\t\t\tAND CategoryID = '0'\n\t\t\tAND Deleted = '0'");
list($CollageCount) = $DB->next_record();
if ($CollageCount >= $LoggedUser['Permissions']['MaxCollages'] || !check_perms('site_collages_personal')) {
$Err = 'You may not create a personal collage.';
} elseif (check_perms('site_collages_renamepersonal') && !stristr($P['name'], $LoggedUser['Username'])) {
$Err = 'Your personal collage\'s title must include your username.';
}
</td>
</tr>
<?php
}
?>
<tr>
<td class="left"><?php
echo getString('permissions');
?>
</td>
<td colspan="2">
<?php
if ($r['is_admin']) {
echo "Site Administrator";
} else {
$permissions = array_merge(db_array('SELECT m.title' . langExt() . ' title FROM modules m JOIN users_to_modules a ON m.id = a.module_id WHERE a.user_id = ' . $_GET['id'] . ' AND a.is_admin = 1 ORDER BY m.title'), db_array('SELECT m.title' . langExt() . ' title FROM modulettes m JOIN users_to_modulettes a ON m.id = a.modulette_id WHERE a.user_id = ' . $_GET['id'] . ' ORDER BY m.title'));
if (count($permissions)) {
sort($permissions);
echo draw_list($permissions);
} else {
echo getString('none');
}
}
?>
</td>
</tr>
<?php
}
if (getOption("staff_showhome")) {
?>
<tr class="group">
