} if (isset($_GET['action']) && $_GET['action'] == "mu" && (isset($_GET['field_id']) && isnum($_GET['field_id']))) { $data2 = dbarray(dbquery("SELECT * FROM " . DB_USER_FIELDS . " WHERE field_id='" . $_GET['field_id'] . " LIMIT 1'")); $data = dbarray(dbquery("SELECT * FROM " . DB_USER_FIELDS . " WHERE field_group='" . $data2['field_group'] . "' AND field_order='" . intval($_GET['order']) . "'")); $result = dbquery("UPDATE " . DB_USER_FIELDS . " SET field_order=field_order+1 WHERE field_id='" . $data['field_id'] . "'"); $result = dbquery("UPDATE " . DB_USER_FIELDS . " SET field_order=field_order-1 WHERE field_id='" . $_GET['field_id'] . "'"); redirect(FUSION_SELF . $aidlink); } elseif (isset($_GET['action']) && $_GET['action'] == "md" && (isset($_GET['field_id']) && isnum($_GET['field_id']))) { $data2 = dbarray(dbquery("SELECT * FROM " . DB_USER_FIELDS . " WHERE field_id='" . $_GET['field_id'] . " LIMIT 1'")); $data = dbarray(dbquery("SELECT * FROM " . DB_USER_FIELDS . " WHERE field_group='" . $data2['field_group'] . "' AND field_order='" . intval($_GET['order']) . "'")); $result = dbquery("UPDATE " . DB_USER_FIELDS . " SET field_order=field_order-1 WHERE field_id='" . $data['field_id'] . "'"); $result = dbquery("UPDATE " . DB_USER_FIELDS . " SET field_order=field_order+1 WHERE field_id='" . $_GET['field_id'] . "'"); redirect(FUSION_SELF . $aidlink); } elseif (isset($_GET['enable']) && file_exists(INCLUDES . "user_fields/" . $_GET['enable'] . "_include_var.php") && file_exists(INCLUDES . "user_fields/" . $_GET['enable'] . "_include.php")) { include INCLUDES . "user_fields/" . $_GET['enable'] . "_include_var.php"; $field_order = dbresult(dbquery("SELECT MAX(field_order) FROM " . DB_USER_FIELDS . " WHERE field_group='{$user_field_group}'"), 0) + 1; if (!$user_field_dbinfo || ($result = dbquery("ALTER TABLE " . DB_USERS . " ADD " . $user_field_dbname . " " . $user_field_dbinfo))) { $result = dbquery("INSERT INTO " . DB_USER_FIELDS . " (field_name, field_group, field_order) VALUES ('{$user_field_dbname}', '{$user_field_group}', '{$field_order}')"); } redirect(FUSION_SELF . $aidlink); } elseif (isset($_GET['disable']) && isnum($_GET['disable'])) { $data = dbarray(dbquery("SELECT * FROM " . DB_USER_FIELDS . " WHERE field_id='" . $_GET['disable'] . "'")); include INCLUDES . "user_fields/" . $data['field_name'] . "_include_var.php"; if (!$user_field_dbinfo || ($result = dbquery("ALTER TABLE " . DB_USERS . " DROP " . $user_field_dbname))) { $result = dbquery("UPDATE " . DB_USER_FIELDS . " SET field_order=field_order-1 WHERE field_group='" . $data['field_group'] . "' AND field_order>'" . $data['field_order'] . "'"); $result = dbquery("DELETE FROM " . DB_USER_FIELDS . " WHERE field_id='" . $_GET['disable'] . "'"); } redirect(FUSION_SELF . $aidlink); } $available_fields = array(); $enabled_fields = array();
include LOCALE . LOCALESET . "user_fields/" . stripinput($_GET['enable']) . ".php"; } include INCLUDES . "user_fields/" . stripinput($_GET['enable']) . "_include_var.php"; if (isset($_POST['enable'])) { $field_cat = isnum($_POST['field_cat']) ? $_POST['field_cat'] : 0; $field_required = isset($_POST['field_required']) && $_POST['field_required'] == 1 ? 1 : 0; $field_log = isset($_POST['field_log']) && $_POST['field_log'] == 1 ? 1 : 0; $field_registration = isset($_POST['field_registration']) && $_POST['field_registration'] == 1 ? 1 : 0; $rows = dbcount("(field_id)", DB_USER_FIELDS, "field_name='" . stripinput($_GET['enable']) . "'"); // existed in db. how come when enable there is existing record??? // check : not removed during disable?? if ($rows > 0) { $result = dbquery("UPDATE " . DB_USER_FIELDS . " SET\r\n\t\t\t\t\tfield_cat='" . $field_cat . "', field_required='" . $field_required . "', field_log='" . $field_log . "',\r\n\t\t\t\t\tfield_registration='" . $field_registration . "'\r\n\t\t\t\tWHERE field_name='" . stripinput($_GET['enable']) . "'"); } else { // new record $field_order = dbresult(dbquery("SELECT MAX(field_order) FROM " . DB_USER_FIELDS . " WHERE field_cat='" . $field_cat . "'"), 0) + 1; // new in api 1.02 $c_query = dbquery("SELECT * FROM " . DB_USER_FIELD_CATS . " WHERE field_cat_id='" . $field_cat . "' LIMIT 1"); if (dbrows($c_query) > 0) { // existed $c_data = dbarray($c_query); $field_cat_db = $c_data['field_cat_db'] ? DB_PREFIX . $c_data['field_cat_db'] : DB_USERS; } // change here. if (!$user_field_dbinfo || ($result = dbquery("ALTER TABLE " . $field_cat_db . " ADD " . $user_field_dbname . " " . $user_field_dbinfo))) { $result = dbquery("INSERT INTO " . DB_USER_FIELDS . " (\r\n\t\t\t\t\t\tfield_name, field_cat, field_required, field_log, field_registration, field_order\r\n\t\t\t\t\t) VALUES (\r\n\t\t\t\t\t\t'" . $user_field_dbname . "', '" . $field_cat . "', '" . $field_required . "',\r\n\t\t\t\t\t\t'" . $field_log . "', '" . $field_registration . "', '" . $field_order . "'\r\n\t\t\t\t\t)"); } } //redirect(FUSION_SELF.$aidlink); } else { $result = dbquery("SELECT field_cat, field_required, field_log, field_registration FROM " . DB_USER_FIELDS . "\r\n\t\t\tWHERE field_name='" . stripinput($_GET['enable']) . "'");
$album_id = isnum($_POST['album_id']) ? $_POST['album_id'] : "0"; $photo_name = strtolower(substr($submit_criteria['photo_file'], 0, strrpos($submit_criteria['photo_file'], "."))); $photo_ext = strtolower(strrchr($submit_criteria['photo_file'], ".")); $photo_dest = PHOTOS . (!SAFEMODE ? "album_" . $album_id . "/" : ""); $photo_file = image_exists($photo_dest, $photo_name . $photo_ext); copy(PHOTOS . "submissions/" . $submit_criteria['photo_file'], $photo_dest . $photo_file); chmod($photo_dest . $photo_file, 0644); unlink(PHOTOS . "submissions/" . $submit_criteria['photo_file']); $imagefile = @getimagesize($photo_dest . $photo_file); $photo_thumb1 = image_exists($photo_dest, $photo_name . "_t1" . $photo_ext); createthumbnail($imagefile[2], $photo_dest . $photo_file, $photo_dest . $photo_thumb1, $settings['thumb_w'], $settings['thumb_h']); if ($imagefile[0] > $settings['photo_w'] || $imagefile[1] > $settings['photo_h']) { $photo_thumb2 = image_exists($photo_dest, $photo_name . "_t2" . $photo_ext); createthumbnail($imagefile[2], $photo_dest . $photo_file, $photo_dest . $photo_thumb2, $settings['photo_w'], $settings['photo_h']); } $photo_order = dbresult(dbquery("SELECT MAX(photo_order) FROM " . DB_PHOTOS . " WHERE album_id='{$album_id}'"), 0) + 1; $result = dbquery("INSERT INTO " . DB_PHOTOS . " (album_id, photo_title, photo_description, photo_filename, photo_thumb1, photo_thumb2, photo_datestamp, photo_user, photo_views, photo_order, photo_allow_comments, photo_allow_ratings) VALUES ('{$album_id}', '{$photo_title}', '{$photo_description}', '{$photo_file}', '{$photo_thumb1}', '{$photo_thumb2}', '" . time() . "', '" . $data['submit_user'] . "', '0', '{$photo_order}', '1', '1' ,'" . LANGUAGE . "')"); $result = dbquery("DELETE FROM " . DB_SUBMISSIONS . " WHERE submit_id='" . $_GET['submit_id'] . "'"); opentable($locale['580']); echo "<br /><div style='text-align:center'>" . $locale['581'] . "<br /><br />\n"; echo "<a href='" . FUSION_SELF . $aidlink . "'>" . $locale['402'] . "</a><br /><br />\n"; echo "<a href='index.php" . $aidlink . "'>" . $locale['403'] . "</a></div><br />\n"; closetable(); } else { redirect(FUSION_SELF . $aidlink); } } else { if (isset($_POST['delete']) && (isset($_GET['submit_id']) && isnum($_GET['submit_id']))) { opentable($locale['582']); $data = dbarray(dbquery("SELECT submit_criteria FROM " . DB_SUBMISSIONS . " WHERE submit_id='" . $_GET['submit_id'] . "'")); $submit_criteria = unserialize($data['submit_criteria']);
if (!$error) { if (isset($_GET['action']) && $_GET['action'] == "edit" && (isset($_GET['album_id']) && isnum($_GET['album_id']))) { $old_album_order = dbresult(dbquery("SELECT album_order FROM " . DB_PHOTO_ALBUMS . " WHERE album_id='" . $_GET['album_id'] . "'"), 0); if ($album_order > $old_album_order) { $result = dbquery("UPDATE " . DB_PHOTO_ALBUMS . " SET album_order=(album_order-1)\r\n\t\t\t\t\t\tWHERE album_order>'{$old_album_order}' AND album_order<='{$album_order}'"); } elseif ($album_order < $old_album_order) { $result = dbquery("UPDATE " . DB_PHOTO_ALBUMS . " SET album_order=(album_order+1)\r\n\t\t\t\t\t\tWHERE album_order<'{$old_album_order}' AND album_order>='{$album_order}'"); } $result = dbquery("UPDATE " . DB_PHOTO_ALBUMS . " SET album_title='{$album_title}', album_description='{$album_description}',\r\n\t\t\t\t\t" . (isset($album_thumb) ? " album_thumb='{$album_thumb}'," : "") . " album_user='******'user_id'] . "',\r\n\t\t\t\t\talbum_parent='{$album_parent}', album_access='{$album_access}', album_order='{$album_order}' WHERE album_id='" . $_GET['album_id'] . "'"); // Pimped: Subcategories $rowstart = $album_order > $settings['thumbs_per_page'] ? (ceil($album_order / $settings['thumbs_per_page']) - 1) * $settings['thumbs_per_page'] : "0"; redirect(FUSION_SELF . $aidlink . "&status=su&page={$rowstart}"); // Pimped } else { if (!$album_order) { $album_order = dbresult(dbquery("SELECT MAX(album_order) FROM " . DB_PHOTO_ALBUMS . ""), 0) + 1; } $result = dbquery("UPDATE " . DB_PHOTO_ALBUMS . " SET album_order=(album_order+1) WHERE album_order>='{$album_order}'"); $result = dbquery("\r\n\t\t\t\t\tINSERT INTO " . DB_PHOTO_ALBUMS . " \r\n\t\t\t\t\t(album_title, album_description, album_thumb, album_user, album_parent, album_access, album_order, album_datestamp)\r\n\t\t\t\t\tVALUES\r\n\t\t\t\t\t('{$album_title}', '{$album_description}', '" . (isset($album_thumb) ? $album_thumb : "") . "', '" . $userdata['user_id'] . "', \r\n\t\t\t\t\t'{$album_parent}', '{$album_access}', '{$album_order}', '" . time() . "')\r\n\t\t\t\t\t"); // Pimped: Subcategories $rowstart = $album_order > $settings['thumbs_per_page'] ? (ceil($album_order / $settings['thumbs_per_page']) - 1) * $settings['thumbs_per_page'] : "0"; redirect(FUSION_SELF . $aidlink . "&status=sn&page={$rowstart}"); // Pimped } } else { redirect(FUSION_SELF . $aidlink . "&status=se&error={$error}"); } } else { redirect(FUSION_SELF . $aidlink . "&status=se&error=5"); } } else {
echo "<td class='tbl1' align='left'>" . $locale['107'] . "</td>\n"; echo "<td class='tbl1' align='right'>\n"; echo "<select name='orderby' size='1' class='textbox' style='width:150px;'>" . orderbyOptions($orderby) . "</select>\n"; echo " <select name='expr' size='1' class='textbox' style='width:100px;'>" . exprOptions($expr) . "</select>\n"; echo "</td>\n</tr>\n<tr>\n"; echo "<td class='tbl1' align='left'>" . $locale['108'] . "</td>\n"; echo "<td class='tbl1' align='right'><input type='text' name='user' value='" . $user . "' class='textbox' style='width:252px;' /></td>\n"; echo "</tr>\n<tr>\n"; echo "<td class='tbl1'>" . $locale['115'] . "</td>"; echo "<td class='tbl1' align='right'><select name='userField' size='1' class='textbox' style='width:254px;'>" . userFieldOptions($userField) . "</select></td>"; echo "</tr>\n<tr>\n"; echo "<td class='tbl' align='left'></td>\n<td class='tbl' align='right'><input type='submit' value=' " . $locale['109'] . "' class='button' /></td>\n"; echo "</tr>\n</table>\n</form>\n"; echo "<br />"; $result = dbquery("SELECT SQL_CALC_FOUND_ROWS userlog_id, userlog_user_id, userlog_field, userlog_value_old, userlog_value_new, userlog_timestamp, user_name, user_status\n\t\t\t\t FROM " . DB_USER_LOG . "\n\t\t\t\t LEFT JOIN " . DB_USERS . " ON userlog_user_id=user_id\n\t\t\t\t " . $dbWhere . "\n\t\t\t\t " . $dbOrder . "\n\t\t\t\t LIMIT " . $_GET['rowstart'] . ",20"); $rows = dbresult(dbquery("SELECT FOUND_ROWS()"), 0); if (dbrows($result)) { echo "<table cellpadding='0' cellspacing='1' class='tbl-border center' style='width: 700px;'>\n"; echo "<tr>\n"; echo "<td class='tbl2' style='white-space:nowrap; width:100px;'>" . $locale['102'] . "</td>\n"; echo "<td class='tbl2' style='white-space:nowrap; width:150px;'>" . $locale['103'] . "</td>\n"; echo "<td class='tbl2' style='white-space:nowrap; width:140px;'>" . $locale['104'] . "</td>\n"; echo "<td class='tbl2' style='white-space:nowrap; width:160px;'>" . $locale['105'] . "</td>\n"; echo "<td class='tbl2' style='white-space:nowrap; width:160px;'>" . $locale['106'] . "</td>\n"; echo "<td class='tbl2' style='white-space:nowrap; width:160px;'>" . $locale['117'] . "</td>\n"; echo "</tr>\n"; $i = 1; while ($data = dbarray($result)) { $class = $i % 2 ? "tbl1" : "tbl2"; echo "<tr>\n"; echo "<td class='" . $class . "'>" . showdate("shortdate", $data['userlog_timestamp']) . "</td>\n";
| Author: PHP-Fusion Development Team +--------------------------------------------------------+ | This program is released as free software under the | Affero GPL license. You can redistribute it and/or | modify it under the terms of this license which you | can read by viewing the included agpl.txt or online | at www.gnu.org/licenses/agpl.html. Removal of this | copyright header is strictly prohibited without | written permission from the original author(s). +--------------------------------------------------------*/ pageAccess("PH"); $data = array("album_id" => 0, "album_title" => "", "album_keywords" => "", "album_description" => "", "album_access" => "", "album_language" => LANGUAGE, "album_image" => "", "album_thumb1" => "", "album_thumb2" => "", "album_order" => dbcount("(album_id)", DB_PHOTO_ALBUMS, multilang_table("PG") ? "album_language='" . LANGUAGE . "'" : "") + 1); if (isset($_POST['save_album'])) { $data = array("album_id" => form_sanitizer($_POST['album_id'], 0, "album_id"), "album_title" => form_sanitizer($_POST['album_title'], "", "album_title"), "album_keywords" => form_sanitizer($_POST['album_keywords'], "", "album_keywords"), "album_description" => form_sanitizer($_POST['album_description'], "", "album_description"), "album_access" => form_sanitizer($_POST['album_access'], "", "album_access"), "album_language" => form_sanitizer($_POST['album_language'], "", "album_language"), "album_order" => form_sanitizer($_POST['album_order'], "", "album_order"), "album_image" => "", "album_thumb1" => "", "album_thumb2" => "", "album_user" => $userdata['user_id'], "album_datestamp" => time()); if (empty($data['album_order'])) { $data['album_order'] = dbresult(dbquery("SELECT MAX(album_order) FROM " . DB_PHOTO_ALBUMS . "\n\t\t\t\t" . (multilang_table("PG") ? "where album_language='" . LANGUAGE . "'" : "") . ""), 0) + 1; } // do delete image if (defender::safe()) { if (!empty($_FILES['album_image']) && is_uploaded_file($_FILES['album_image']['tmp_name'])) { $upload = form_sanitizer($_FILES['album_image'], "", "album_image"); if (empty($upload['error'])) { $data['album_image'] = $upload['image_name']; $data['album_thumb1'] = $upload['thumb1_name']; $data['album_thumb2'] = $upload['thumb2_name']; } } else { if (isset($_POST['del_image'])) { // album_id $result = dbquery("select album_image, album_thumb1, album_thumb2 FROM " . DB_PHOTO_ALBUMS . " WHERE album_id='" . $data['album_id'] . "'"); if (dbrows($result) > 0) {
if (dbcount("('photo_id')", DB_PHOTOS, "album_id = '" . intval($_GET['cat_id']) . "'")) { $list = get_albumOpts(); $albumArray[0] = $locale['album_0028']; foreach ($list as $album_id => $album_title) { $albumArray[$album_id] = sprintf($locale['album_0029'], $album_title); } // unset own album unset($albumArray[$_GET['cat_id']]); if (isset($_POST['confirm_delete'])) { $targetAlbum = form_sanitizer($_POST['target_album'], '0', 'target_album'); // Purge or move photos $photosResult = dbquery("SELECT * FROM " . DB_PHOTOS . " WHERE album_id = '" . intval($_GET['cat_id']) . "'"); if (dbrows($photosResult) > 0) { if ($targetAlbum > 0) { // move picture to $move_album $target_max_order = dbresult(dbquery("SELECT MAX(photo_order) FROM " . DB_PHOTOS . " WHERE album_id='" . intval($targetAlbum) . "'"), 0) + 1; while ($photo_data = dbarray($result)) { $photo_data['photo_order'] = $target_max_order; dbquery("UPDATE " . DB_PHOTO_ALBUMS . " SET album_id='" . intval($targetAlbum) . "' WHERE photo_id='" . $photo_data['photo_id'] . "'"); $target_max_order++; } addNotice("success", sprintf($locale['album_0031'], $albumArray[$targetAlbum])); } else { // delete all $photoRows = 0; while ($photo_data = dbarray($photosResult)) { purgePhotoImage($photo_data); dbquery("delete from " . DB_COMMENTS . " where comment_item_id='" . intval($photo_data['photo_id']) . "' and comment_type='P'"); dbquery("delete from " . DB_RATINGS . " where rating_item_id='" . intval($photo_data['photo_id']) . "' and rating_type='P'"); dbquery_insert(DB_PHOTOS, $photo_data, 'delete'); $photoRows++;
} } else { redirect(FUSION_SELF . $aidlink . "&error=4"); } // Save Insert } elseif (isset($_POST['btn_save'])) { $version_h = substr(stripinput($_POST['version_h']), 0, 5); $version_l = substr(stripinput($_POST['version_l']), 0, 5); $version_s = substr(stripinput($_POST['version_s']), 0, 12); $version_description = stripinput($_POST['version_description']); if (empty($version_h) || empty($version_l)) { redirect(FUSION_SELF . $aidlink . "&error=1"); } elseif (dbcount("(*)", DB_ADDON_VERSIONS, "version_h='{$version_h}' AND version_l='{$version_l}' AND version_s='{$version_s}'") != 0) { redirect(FUSION_SELF . $aidlink . "&error=2"); } else { $version_order = dbresult(dbquery("SELECT MAX(version_order) FROM " . DB_ADDON_VERSIONS), 0) + 1; $result = dbquery("INSERT INTO " . DB_ADDON_VERSIONS . " VALUES(\r\n\t\t\t\t'',\r\n\t\t\t\t'" . $version_h . "',\r\n\t\t\t\t'" . $version_l . "',\r\n\t\t\t\t'" . $version_s . "',\r\n\t\t\t\t'" . $version_description . "',\r\n\t\t\t\t'" . $version_order . "'\r\n\t\t\t)"); redirect(FUSION_SELF . $aidlink . "&insert=ok"); } } else { $version_h = ""; $version_l = ""; $version_s = ""; $version_description = ""; $version_formaction = FUSION_SELF . $aidlink; opentable($locale['addondb408']); } echo "<form name='frm_version' method='post' action='{$version_formaction}'>\r\n<table align='center' cellpadding='0' cellspacing='0' class='tbl-border'>" . (isset($err) ? "<tr><td colspan='3' class='tbl1 error' align='center' colspan='2'>" . $err . "</td></tr>" : "") . "\r\n<tr>\r\n<td class='tbl1' nowrap>" . $locale['addondb401'] . "<strong><span style='color:red;'>*</span></strong>:</td>\r\n<td class='tbl1' nowrap>v <input type='text' class='textbox' name='version_h' value='" . $version_h . "' style='width:30px;text-align:right;'> . <input type='text' class='textbox' name='version_l' value='" . $version_l . "' style='width:50px;'> <input type='text' class='textbox' name='version_s' value='" . $version_s . "' style='width:100px;'></td>\r\n</tr>\r\n<tr>\r\n<td class='tbl1' nowrap valign='top'>" . $locale['addondb402'] . ":</td>\r\n<td class='tbl1' nowrap><textarea class='textbox' name='version_description' style='width:211px; height:40px;'>" . $version_description . "</textarea></td>\r\n</tr>\r\n<tr>\r\n<td class='tbl1' nowrap colspan='2' align='center'>" . $locale['addondb413'] . "</td>\r\n</tr>\r\n<tr>\r\n<td class='tbl1' nowrap colspan='2' align='center'><input type='submit' class='button' name='btn_save' value='" . $locale['addondb409'] . "'>" . (isset($_GET['action']) && $_GET['action'] == "edit" ? " <input type='submit' class='button' name='btn_cancel' value='" . $locale['addondb410'] . "'>" : "") . "</td>\r\n</tr>\r\n</table>\r\n</form>"; closetable(); opentable($locale['addondb400']); $result = dbquery("SELECT * FROM " . DB_ADDON_VERSIONS . " ORDER BY version_order");
$forum_attach = isnum($_POST['forum_attach']) ? $_POST['forum_attach'] : 0; $forum_attach_download = isnum($_POST['forum_attach_download']) ? $_POST['forum_attach_download'] : 0; $forum_poll = isnum($_POST['forum_poll']) ? $_POST['forum_poll'] : 0; $forum_vote = isnum($_POST['forum_vote']) ? $_POST['forum_vote'] : 0; $forum_merge = isset($_POST['forum_merge']) && isnum($_POST['forum_merge']) ? $_POST['forum_merge'] : 0; $result = dbquery("UPDATE " . DB_FORUMS . " SET forum_name='" . $forum_name . "', forum_cat='" . $forum_cat . "', forum_description='" . $forum_description . "', forum_moderators='" . $forum_mods . "', forum_access='" . $forum_access . "', forum_post='" . $forum_post . "', forum_reply='" . $forum_reply . "', forum_attach='" . $forum_attach . "', forum_attach_download='" . $forum_attach_download . "', forum_poll='" . $forum_poll . "', forum_vote='" . $forum_vote . "', forum_merge='" . $forum_merge . "', forum_language='" . $forum_language . "' WHERE forum_id='" . $_GET['forum_id'] . "'"); redirect(FUSION_SELF . $aidlink . "&status=savefu"); } else { $uniqueCheck = dbcount("(forum_id)", DB_FORUMS, "" . (multilang_table("FO") ? "forum_language='" . LANGUAGE . "' AND" : "") . " forum_cat='" . $forum_cat . "' AND forum_name='" . $forum_name . "'"); if ($uniqueCheck != 0) { $defender->stop(); $defender->addNotice($locale['517']); } $forum_order = isnum($_POST['forum_order']) ? $_POST['forum_order'] : ""; if (!$forum_order) { $forum_order = dbresult(dbquery("SELECT MAX(forum_order) FROM " . DB_FORUMS . " " . (multilang_table("FO") ? "WHERE forum_language='" . LANGUAGE . "' AND" : "WHERE") . " forum_cat='{$forum_cat}'"), 0) + 1; } $result = dbquery("UPDATE " . DB_FORUMS . " SET forum_order=forum_order+1 " . (multilang_table("FO") ? "WHERE forum_language='" . LANGUAGE . "' AND" : "WHERE") . " forum_cat='{$forum_cat}' AND forum_order>='{$forum_order}'"); $result = dbquery("INSERT INTO " . DB_FORUMS . " (forum_cat, forum_name, forum_order, forum_description, forum_moderators, forum_access, forum_post, forum_reply, forum_attach, forum_attach_download, forum_poll, forum_vote, forum_lastpost, forum_lastuser, forum_merge, forum_language) VALUES ('" . $forum_cat . "', '" . $forum_name . "', '" . $forum_order . "', '" . $forum_description . "', '103', '101', '101', '101', '0', '0', '0', '0', '0', '0', '0', '" . $forum_language . "')"); redirect(FUSION_SELF . $aidlink . "&status=savefn"); } } } elseif (isset($_GET['action']) && $_GET['action'] == "mu" && (isset($_GET['forum_id']) && isnum($_GET['forum_id'])) && (isset($_GET['order']) && isnum($_GET['order']))) { if (isset($_GET['t']) && $_GET['t'] == "cat") { $data = dbarray(dbquery("SELECT forum_id FROM " . DB_FORUMS . " " . (multilang_table("FO") ? "WHERE forum_language='" . LANGUAGE . "' AND" : "WHERE") . " forum_cat='0' AND forum_order='" . $_GET['order'] . "'")); $result = dbquery("UPDATE " . DB_FORUMS . " SET forum_order=forum_order+1 " . (multilang_table("FO") ? "WHERE forum_language='" . LANGUAGE . "' AND" : "WHERE") . " forum_id='" . $data['forum_id'] . "'"); $result = dbquery("UPDATE " . DB_FORUMS . " SET forum_order=forum_order-1 " . (multilang_table("FO") ? "WHERE forum_language='" . LANGUAGE . "' AND" : "WHERE") . " forum_id='" . $_GET['forum_id'] . "'"); } elseif (isset($_GET['t']) && $_GET['t'] == "forum" && (isset($_GET['cat']) && isnum($_GET['cat']))) { $data = dbarray(dbquery("SELECT forum_id FROM " . DB_FORUMS . " " . (multilang_table("FO") ? "WHERE forum_language='" . LANGUAGE . "' AND" : "WHERE") . " forum_cat='" . $_GET['cat'] . "' AND forum_order='" . $_GET['order'] . "'")); $result = dbquery("UPDATE " . DB_FORUMS . " SET forum_order=forum_order+1 " . (multilang_table("FO") ? "WHERE forum_language='" . LANGUAGE . "' AND" : "WHERE") . " forum_id='" . $data['forum_id'] . "'"); $result = dbquery("UPDATE " . DB_FORUMS . " SET forum_order=forum_order-1 " . (multilang_table("FO") ? "WHERE forum_language='" . LANGUAGE . "' AND" : "WHERE") . " forum_id='" . $_GET['forum_id'] . "'");
} } } elseif (isset($_POST['save_ac'])) { $ac_name = trim(stripinput($_POST['ac_name'])); $ac_url = $_POST['ac_url']; $ac_target = isnum($_POST['ac_target']) ? $_POST['ac_target'] : 0; $ac_cat = isnum($_POST['ac_cat']) ? $_POST['ac_cat'] : 0; if (isset($_GET['action']) && $_GET['action'] == "edit" && (isset($_GET['ac_id']) && isnum($_GET['ac_id'])) && (isset($_GET['t']) && $_GET['t'] == "ac")) { $ac_access = isnum($_POST['ac_access']) ? $_POST['ac_access'] : 0; $result = dbquery("UPDATE " . DB_AC_NAVIGATION . " SET ac_name='{$ac_name}', ac_cat='{$ac_cat}', ac_url='{$ac_url}', ac_target='{$ac_target}', ac_access='{$ac_access}' WHERE ac_id='" . $_GET['ac_id'] . "'"); redirect(FUSION_SELF . $aidlink . "&status=savefu"); } else { if ($ac_name) { $ac_order = isnum($_POST['ac_order']) ? $_POST['ac_order'] : ""; if (!$ac_order) { $ac_order = dbresult(dbquery("SELECT MAX(ac_order) FROM " . DB_AC_NAVIGATION . " WHERE ac_cat='{$ac_cat}'"), 0) + 1; } $result = dbquery("UPDATE " . DB_AC_NAVIGATION . " SET ac_order=ac_order+1 WHERE ac_cat='{$ac_cat}' AND ac_order>='{$ac_order}'"); $result = dbquery("INSERT INTO " . DB_AC_NAVIGATION . " (ac_cat, ac_name, ac_url, ac_target, ac_access, ac_order) VALUES ('{$ac_cat}', '{$ac_name}', '{$ac_url}', '{$ac_target}', '{$ac_access}', '{$ac_order}')"); redirect(FUSION_SELF . $aidlink . "&status=savefn"); } else { redirect(FUSION_SELF . $aidlink); } } } elseif (isset($_GET['action']) && $_GET['action'] == "mu" && (isset($_GET['ac_id']) && isnum($_GET['ac_id'])) && (isset($_GET['order']) && isnum($_GET['order']))) { if (isset($_GET['t']) && $_GET['t'] == "cat") { $data = dbarray(dbquery("SELECT * FROM " . DB_AC_NAVIGATION . " WHERE ac_cat='0' AND ac_order='" . $_GET['order'] . "'")); $result = dbquery("UPDATE " . DB_AC_NAVIGATION . " SET ac_order=ac_order+1 WHERE ac_id='" . $data['ac_id'] . "'"); $result = dbquery("UPDATE " . DB_AC_NAVIGATION . " SET ac_order=ac_order-1 WHERE ac_id='" . $_GET['ac_id'] . "'"); } elseif (isset($_GET['t']) && $_GET['t'] == "ac" && (isset($_GET['cat']) && isnum($_GET['cat']))) { $data = dbarray(dbquery("SELECT * FROM " . DB_AC_NAVIGATION . " WHERE ac_cat='{$cat}' AND ac_order='" . $_GET['order'] . "'"));
/** * Set CustomPage Links into Navigation Bar * @param $data */ protected function set_customPageLinks($data) { $page_language = explode(".", $data['page_language']); foreach ($page_language as $language) { $link_order = dbresult(dbquery("SELECT MAX(link_order) FROM " . DB_SITE_LINKS . " " . (multilang_table("SL") ? "WHERE link_language='" . LANGUAGE . "' AND" : "WHERE") . " link_cat='" . $data['page_link_cat'] . "'"), 0) + 1; $link_data = array('link_id' => !empty($data['link_id']) ? $data['link_id'] : 0, 'link_cat' => $data['page_link_cat'], 'link_name' => $data['page_title'], 'link_url' => 'viewpage.php?page_id=' . $data['page_id'], 'link_icon' => '', 'link_language' => $language, 'link_visibility' => 0, 'link_position' => 2, 'link_window' => 0, 'link_order' => $link_order); print_p($link_data); if (\PHPFusion\SiteLinks::verify_edit($link_data['link_id'])) { dbquery_insert(DB_SITE_LINKS, $link_data, 'update'); } else { dbquery_insert(DB_SITE_LINKS, $link_data, 'save'); } } }
/** * Fetches username * @param $user_id * @return string */ function fusion_get_username($user_id) { $result = NULL; $result = dbresult(dbquery("SELECT user_name FROM " . DB_USERS . " WHERE user_id='" . intval($user_id) . "'"), 0); return $result !== NULL ? $result : fusion_get_locale("na"); }
$today_online[] = array("user_id" => $data['user_id'], "user_name" => $data['user_name'], "user_level" => $data['user_level']); } } $rowspan++; } // Today's birthday if ($settings['forum_statistics_birthday']) { $today_birthday = ""; $birthday = false; if (iMEMBER) { if (isset($userdata['user_birthdate'])) { $birthday = true; } } else { $result = dbquery("SELECT field_name FROM " . DB_USER_FIELDS . " WHERE field_name='user_birthdate'"); $birthday = dbresult($result, 0); } if ($birthday) { $result = dbquery("SELECT user_id, user_name, user_level, user_status, user_birthdate\r\n\t\t\t\tFROM " . DB_USERS . " WHERE user_birthdate LIKE '____-" . date("m") . "-" . date("d") . "'"); $birthday_rows = dbrows($result); if ($birthday_rows) { while ($data = dbarray($result)) { $birthdate = explode("-", $data['user_birthdate']); $year = date("Y") - $birthdate[0]; if ($today_birthday == "") { if ($birthday_rows == 1) { $today_birthday .= $locale['forum_stats_114']; } else { $today_birthday .= sprintf($locale['forum_stats_115'], $birthday_rows); } } else {
$add = $locale['addondb429']; foreach ($addon_types as $k => $addon_typ) { $addon_type_list .= "<li class='" . $k . "'>" . $addon_typ . "</li>\n"; $type == $k ? $add = $addon_typ : ""; } $aob = $locale['func016']; foreach ($addon_orderby as $k => $addon_orderby) { $addon_orderby_list .= "<li class='" . $k . "'>" . $addon_orderby . "</li>\n"; $orderby == $k ? $aob = $addon_orderby : ""; } $aobl = $locale['func023']; foreach ($addon_orderby_dir as $k => $addon_orderby_dir) { $addon_orderby_dir_list .= "<li class='" . $k . "'>" . $addon_orderby_dir . "</li>\n"; $sort == $k ? $aobl = $addon_orderby_dir : ""; } $rows = dbresult(dbquery("SELECT COUNT(*) FROM " . DB_ADDON_CATS . " tc LEFT JOIN " . DB_ADDONS . " tm USING(addon_cat_id) LEFT JOIN " . DB_ADDON_VERSIONS . " tv USING(version_id) WHERE " . groupaccess('tc.addon_cat_access') . " AND " . $db_opts . " AND addon_status='0'"), 0); $result = dbquery("\r\n\tSELECT tc.*,tm.*,tv.*\r\n\tFROM " . DB_ADDON_CATS . " tc\r\n\tLEFT JOIN " . DB_ADDONS . " tm USING(addon_cat_id)\r\n\tLEFT JOIN " . DB_ADDON_VERSIONS . " tv USING(version_id)\r\n\tWHERE " . $db_opts . " AND " . groupaccess('tc.addon_cat_access') . "\r\n\tGROUP BY addon_id, tc.addon_cat_id\r\n\tORDER BY addon_cat_name, " . $orderby . " " . $sort . "\r\n\tLIMIT " . $_GET['rowstart'] . "," . $settings_global['addons_per_page']); add_to_title($locale['addondb435'] . $locale['addondb400']); include ADDON_INC . "view_nav.php"; opentable($locale['addondb400']); ?> <form name="filterform" method="get" action="<?php echo FUSION_SELF; ?> "> <div class="dropselect threecol"> <?php echo $locale['addondb432']; ?> <p class="field"><?php echo $add;
$forum_attach = isnum($_POST['forum_attach']) ? $_POST['forum_attach'] : 0; $forum_attach_download = isnum($_POST['forum_attach_download']) ? $_POST['forum_attach_download'] : 0; $forum_poll = isnum($_POST['forum_poll']) ? $_POST['forum_poll'] : 0; $forum_vote = isnum($_POST['forum_vote']) ? $_POST['forum_vote'] : 0; $forum_merge = isset($_POST['forum_merge']) && isnum($_POST['forum_merge']) ? $_POST['forum_merge'] : 0; $result = dbquery("UPDATE " . DB_FORUMS . " SET forum_name='" . $forum_name . "', forum_cat='" . $forum_cat . "', forum_parent='" . $forum_parent . "', forum_description='" . $forum_description . "', forum_moderators='" . $forum_mods . "', forum_access='" . $forum_access . "', forum_post='" . $forum_post . "', forum_reply='" . $forum_reply . "', forum_attach='" . $forum_attach . "', forum_attach_download='" . $forum_attach_download . "', forum_poll='" . $forum_poll . "', forum_vote='" . $forum_vote . "', forum_merge='" . $forum_merge . "' WHERE forum_id='" . $_GET['forum_id'] . "'"); //subforums redirect(FUSION_SELF . $aidlink . "&status=savefu"); } else { $uniqueCheck = dbcount("(forum_id)", DB_FORUMS, "forum_cat='" . $forum_cat . "' AND forum_name='" . $forum_name . "'"); if ($uniqueCheck != 0) { redirect(FUSION_SELF . $aidlink . "&status=saveft"); } $forum_order = isnum($_POST['forum_order']) ? $_POST['forum_order'] : ""; if (!$forum_order) { $forum_order = dbresult(dbquery("SELECT MAX(forum_order) FROM " . DB_FORUMS . " WHERE forum_parent='{$forum_parent}' AND forum_cat='{$forum_cat}'"), 0) + 1; } //subforums $result = dbquery("UPDATE " . DB_FORUMS . " SET forum_order=forum_order+1 WHERE forum_cat='{$forum_cat}' AND forum_parent='{$forum_parent}' AND forum_order>='{$forum_order}'"); //subforums $result = dbquery("INSERT INTO " . DB_FORUMS . " (forum_cat, forum_parent, forum_name, forum_order, forum_description, forum_moderators, forum_access, forum_post, forum_reply, forum_attach, forum_attach_download, forum_poll, forum_vote, forum_lastpost, forum_lastuser, forum_merge) VALUES ('" . $forum_cat . "', '" . $forum_parent . "', '" . $forum_name . "', '" . $forum_order . "', '" . $forum_description . "', '103', '101', '101', '101', '0', '0', '0', '0', '0', '0', '0')"); //subforums redirect(FUSION_SELF . $aidlink . "&status=savefn"); } } else { redirect(FUSION_SELF . $aidlink . "&status=saveft"); } } elseif (isset($_GET['action']) && $_GET['action'] == "mu" && (isset($_GET['forum_id']) && isnum($_GET['forum_id'])) && (isset($_GET['order']) && isnum($_GET['order']))) { if (isset($_GET['t']) && $_GET['t'] == "cat") { $parent = isset($_GET['parent']) && isNum($_GET['parent']) ? " AND forum_parent='" . $_GET['parent'] . "'" : ""; //subforums
$upd_order = dbquery("UPDATE " . DB_AN_NEWS . " SET anews_order='" . $order . "' WHERE anews_id='" . $anid . "'"); $upd_order_all = dbquery("UPDATE " . DB_AN_NEWS . " SET anews_order=anews_order+1 WHERE anews_column='" . $column . "' AND anews_order>='" . $order . "' AND anews_order<'" . $old_order . "' AND anews_id<>'" . $anid . "'"); } } } } redirect(INFUSIONS . "al_news_panel/admin/index.php" . $aidlink . "&p=news"); } if (isset($_POST['add'])) { $nid = $_POST['nnews']; //$text = trim(nl2br($_POST['ntext'])); $order2 = $_POST['norder']; $order = $order2 == "0" ? 1 : $order2; $column = $_POST['ncolumn']; if (isnum($order)) { $max = dbresult(dbquery("SELECT MAX(anews_order) FROM " . DB_AN_NEWS . " WHERE anews_column='" . $column . "'"), 0); //print_r($_POST); //var_dump($max); $max_order = $max ? $max : 0; if ($order > $max_order + 1) { $order = $max_order + 1; } elseif ($order <= $max_order) { //refresh order $refresh = dbquery("UPDATE " . DB_AN_NEWS . " SET anews_order=anews_order+1 WHERE anews_column='" . $column . "' AND anews_order>='" . $order . "'"); } $add = dbquery("INSERT INTO " . DB_AN_NEWS . " (anews_news, anews_column, anews_order) VALUES ('" . $nid . "','" . $column . "','" . $order . "')"); } // isnum redirect(INFUSIONS . "al_news_panel/admin/index.php" . $aidlink . "&p=news"); } if (isset($_GET['e']) && isnum($_GET['e'])) {
if ($info['download_max_rows']) { switch ($_GET['type']) { case 'recent': $filter_condition = 'download_datestamp DESC'; break; case 'comments': $filter_condition = 'count_comment DESC'; break; case 'ratings': $filter_condition = 'sum_rating DESC'; break; case 'download': $filter_condition = 'download_count DESC'; break; default: $filter_condition = dbresult(dbquery("SELECT download_cat_sorting FROM " . DB_DOWNLOAD_CATS . " WHERE download_cat_id='" . intval($_GET['cat_id']) . "'"), 0); } $sql = "SELECT d.*, dc.*,\n\t\t\t\ttu.user_id, tu.user_name, tu.user_status, tu.user_avatar , tu.user_level, tu.user_joined,\n\t\t\t\tIF(SUM(tr.rating_vote)>0, SUM(tr.rating_vote), 0) AS sum_rating,\n\t\t\t\tCOUNT(tr.rating_item_id) AS count_votes,\n\t\t\t\tCOUNT(td.comment_item_id) AS count_comment,\n\t\t\t\tMAX(d.download_datestamp) as last_updated\n\t\t\t\tFROM " . DB_DOWNLOADS . " d\n\t\t\t\tINNER JOIN " . DB_DOWNLOAD_CATS . " dc ON d.download_cat=dc.download_cat_id\n\t\t\t\tLEFT JOIN " . DB_USERS . " tu ON d.download_user=tu.user_id\n\t\t\t\tLEFT JOIN " . DB_RATINGS . " tr ON tr.rating_item_id = d.download_id AND tr.rating_type='D'\n\t\t\t\tLEFT JOIN " . DB_COMMENTS . " td ON td.comment_item_id = d.download_id AND td.comment_type='D' AND td.comment_hidden='0'\n\t\t\t\t" . (multilang_table("DL") ? "WHERE download_cat_language='" . LANGUAGE . "' AND" : "WHERE") . " " . groupaccess('download_visibility') . "\n\t\t\t\tAND download_cat = '" . intval($_GET['cat_id']) . "'\n\t\t\t\tGROUP BY d.download_id\n\t\t\t\tORDER BY " . (!empty($filter_condition) ? $filter_condition : "dc.download_cat_sorting") . "\n\t\t\t\tLIMIT " . intval($_GET['rowstart']) . "," . intval($dl_settings['download_pagination']); $result = dbquery($sql); $info['download_rows'] = dbrows($result); } } else { set_title($locale['download_1000']); /** * Everyone's Download Posts */ $info['download_max_rows'] = dbcount("('download_id')", DB_DOWNLOADS, groupaccess('download_visibility')); $_GET['rowstart'] = isset($_GET['rowstart']) && isnum($_GET['rowstart']) && $_GET['rowstart'] <= $info['download_max_rows'] ? $_GET['rowstart'] : 0; if ($info['download_max_rows'] > 0) { $download_query = "SELECT d.*, dc.*,\n\t\t\t\ttu.user_id, tu.user_name, tu.user_status, tu.user_avatar , tu.user_level, tu.user_joined,\n\t\t\t\tIF(SUM(tr.rating_vote)>0, SUM(tr.rating_vote), 0) AS sum_rating,\n\t\t\t\tCOUNT(tr.rating_item_id) AS count_votes,\n\t\t\t\tCOUNT(td.comment_item_id) AS count_comment,\n\t\t\t\tmax(d.download_datestamp) as last_updated\n\t\t\t\tFROM " . DB_DOWNLOADS . " d\n\t\t\t\tINNER JOIN " . DB_DOWNLOAD_CATS . " dc ON d.download_cat=dc.download_cat_id\n\t\t\t\tLEFT JOIN " . DB_USERS . " tu ON d.download_user=tu.user_id\n\t\t\t\tLEFT JOIN " . DB_RATINGS . " tr ON tr.rating_item_id = d.download_id AND tr.rating_type='D'\n\t\t\t\tLEFT JOIN " . DB_COMMENTS . " td ON td.comment_item_id = d.download_id AND td.comment_type='D' AND td.comment_hidden='0'\n\t\t\t\t" . (multilang_table("DL") ? "WHERE dc.download_cat_language = '" . LANGUAGE . "' AND" : "WHERE") . " " . groupaccess('download_visibility') . "\n\t\t\t\t" . $condition . "\n\t\t\t\tGROUP BY d.download_id\n\t\t\t\tORDER BY " . ($filter_condition ? $filter_condition : "dc.download_cat_sorting") . "\n\t\t\t\tLIMIT " . intval($_GET['rowstart']) . "," . intval($dl_settings['download_pagination']); $result = dbquery($download_query);
$object->use_resume = true; $object->download(); exit; } elseif (!empty($data['download_url'])) { $res = 1; redirect($data['download_url']); } } } if ($res == 0) { redirect("downloads.php"); } } // Statistics $dl_stats = ""; $i_alt = dbresult(dbquery("SELECT SUM(download_count) FROM " . DB_DOWNLOADS), 0); $dl_stats .= "<table cellpadding='0' cellspacing='1' class='tbl-border' style='width:100%;'>\n"; $dl_stats .= "<tr>\n<td class='tbl2' valign='middle'><img src='" . get_image("statistics") . "' alt='" . $locale['429'] . "' /></td>\n"; $dl_stats .= "<td width='100%' align='left' class='tbl1'>\n"; $dl_stats .= "<span class='small'>" . $locale['415'] . " " . dbcount("(download_cat)", DB_DOWNLOADS) . "</span><br />\n"; $dl_stats .= "<span class='small'>" . $locale['440'] . " " . ($i_alt ? $i_alt : "0") . "</span><br />"; $result = dbquery("SELECT td.download_id, td.download_title, td.download_count, td.download_cat,\n\t\t\t\ttc.download_cat_id, tc.download_cat_access\n\t\tFROM " . DB_DOWNLOADS . " td\n\t\tLEFT JOIN " . DB_DOWNLOAD_CATS . " tc ON td.download_cat=tc.download_cat_id\n\t\tWHERE " . groupaccess('download_cat_access') . "\n\t\tORDER BY download_count DESC LIMIT 0,1"); if (dbrows($result) != 0) { while ($data = dbarray($result)) { $download_title = $data['download_title']; $dl_stats .= "<span class='small'>" . $locale['441']; $dl_stats .= " <a href='" . FUSION_SELF . "?download_id=" . $data['download_id'] . "' title='" . $download_title . "' class='side'>" . trimlink($data['download_title'], 100) . "</a>"; $dl_stats .= " [ " . $data['download_count'] . " ]</span><br />"; } } $result = dbquery("SELECT td.download_id, td.download_title, td.download_count, td.download_cat, td.download_datestamp,\n\t\t\t\ttc.download_cat_id, tc.download_cat_access\n\t\tFROM " . DB_DOWNLOADS . " td\n\t\tLEFT JOIN " . DB_DOWNLOAD_CATS . " tc ON td.download_cat=tc.download_cat_id\n\t\tWHERE " . groupaccess('download_cat_access') . "\n\t\tORDER BY download_datestamp DESC LIMIT 0,1");
/** * MYSQL update and save forum */ private function set_forumDB() { global $aidlink; // Save_permission if (isset($_POST['save_permission'])) { $this->data['forum_id'] = form_sanitizer($_POST['forum_id'], '', 'forum_id'); $this->data = self::get_forum($this->data['forum_id']); if (!empty($this->data)) { $this->data['forum_access'] = form_sanitizer($_POST['forum_access'], USER_LEVEL_PUBLIC, 'forum_access'); $this->data['forum_post'] = form_sanitizer($_POST['forum_post'], USER_LEVEL_MEMBER, 'forum_post'); $this->data['forum_reply'] = form_sanitizer($_POST['forum_reply'], USER_LEVEL_MEMBER, 'forum_reply'); $this->data['forum_post_ratings'] = form_sanitizer($_POST['forum_post_ratings'], USER_LEVEL_MEMBER, 'forum_post_ratings'); $this->data['forum_poll'] = form_sanitizer($_POST['forum_poll'], USER_LEVEL_MEMBER, 'forum_poll'); $this->data['forum_vote'] = form_sanitizer($_POST['forum_vote'], USER_LEVEL_MEMBER, 'forum_vote'); $this->data['forum_answer_threshold'] = form_sanitizer($_POST['forum_answer_threshold'], 0, 'forum_answer_threshold'); $this->data['forum_attach'] = form_sanitizer($_POST['forum_attach'], USER_LEVEL_MEMBER, 'forum_attach'); $this->data['forum_attach_download'] = form_sanitizer($_POST['forum_attach_download'], USER_LEVEL_PUBLIC, 'forum_attach_download'); $this->data['forum_mods'] = isset($_POST['forum_mods']) ? form_sanitizer($_POST['forum_mods'], '', 'forum_mods') : ""; dbquery_insert(DB_FORUMS, $this->data, 'update'); addnotice('success', self::$locale['forum_notice_10']); if (\defender::safe()) { redirect(FUSION_SELF . $aidlink . $this->ext); } } } if (isset($_POST['save_forum'])) { $this->data = array('forum_id' => form_sanitizer($_POST['forum_id'], 0, 'forum_id'), 'forum_name' => form_sanitizer($_POST['forum_name'], '', 'forum_name'), 'forum_description' => form_sanitizer($_POST['forum_description'], '', 'forum_description'), 'forum_cat' => form_sanitizer($_POST['forum_cat'], 0, 'forum_cat'), 'forum_type' => form_sanitizer($_POST['forum_type'], '', 'forum_type'), 'forum_language' => form_sanitizer($_POST['forum_language'], '', 'forum_language'), 'forum_alias' => form_sanitizer($_POST['forum_alias'], '', 'forum_alias'), 'forum_meta' => form_sanitizer($_POST['forum_meta'], '', 'forum_meta'), 'forum_rules' => form_sanitizer($_POST['forum_rules'], '', 'forum_rules'), 'forum_image_enable' => isset($_POST['forum_image_enable']) ? 1 : 0, 'forum_merge' => isset($_POST['forum_merge']) ? 1 : 0, 'forum_allow_attach' => isset($_POST['forum_allow_attach']) ? 1 : 0, 'forum_quick_edit' => isset($_POST['forum_quick_edit']) ? 1 : 0, 'forum_allow_poll' => isset($_POST['forum_allow_poll']) ? 1 : 0, 'forum_poll' => USER_LEVEL_MEMBER, 'forum_users' => isset($_POST['forum_users']) ? 1 : 0, 'forum_lock' => isset($_POST['forum_lock']) ? 1 : 0, 'forum_permissions' => isset($_POST['forum_permissions']) ? form_sanitizer($_POST['forum_permissions'], 0, 'forum_permissions') : 0, 'forum_order' => isset($_POST['forum_order']) ? form_sanitizer($_POST['forum_order']) : '', 'forum_branch' => get_hkey(DB_FORUMS, 'forum_id', 'forum_cat', $this->data['forum_cat']), 'forum_image' => '', 'forum_mods' => ""); $this->data['forum_alias'] = $this->data['forum_alias'] ? str_replace(' ', '-', $this->data['forum_alias']) : ''; // Checks for unique forum alias if ($this->data['forum_alias']) { if ($this->data['forum_id']) { $alias_check = dbcount("('alias_id')", DB_PERMALINK_ALIAS, "alias_url='" . $this->data['forum_alias'] . "' AND alias_item_id !='" . $this->data['forum_id'] . "'"); } else { $alias_check = dbcount("('alias_id')", DB_PERMALINK_ALIAS, "alias_url='" . $this->data['forum_alias'] . "'"); } if ($alias_check) { \defender::stop(); addNotice('warning', self::$locale['forum_error_6']); } } // check forum name unique $this->data['forum_name'] = $this->check_validForumName($this->data['forum_name'], $this->data['forum_id']); // Uploads or copy forum image or use back the forum image existing if (!empty($_FILES) && is_uploaded_file($_FILES['forum_image']['tmp_name'])) { $upload = form_sanitizer($_FILES['forum_image'], '', 'forum_image'); if ($upload['error'] == 0) { if (!empty($upload['thumb1_name'])) { $this->data['forum_image'] = $upload['thumb1_name']; } else { $this->data['forum_image'] = $upload['image_name']; } } } elseif (isset($_POST['forum_image_url']) && $_POST['forum_image_url'] != "") { require_once INCLUDES . "photo_functions_include.php"; // if forum_image_header is not empty $type_opts = array('0' => BASEDIR, '1' => ''); // the url $this->data['forum_image'] = $type_opts[intval($_POST['forum_image_header'])] . form_sanitizer($_POST['forum_image_url'], '', 'forum_image_url'); $upload = copy_file($this->data['forum_image'], FORUM . "images/"); if ($upload['error'] == TRUE) { \defender::stop(); addNotice('danger', self::$locale['forum_error_9']); } else { $this->data['forum_image'] = $upload['name']; } } else { $this->data['forum_image'] = isset($_POST['forum_image']) ? form_sanitizer($_POST['forum_image'], '', 'forum_image') : ""; } if (!$this->data['forum_id']) { $this->data += array('forum_access' => USER_LEVEL_PUBLIC, 'forum_post' => USER_LEVEL_MEMBER, 'forum_reply' => USER_LEVEL_MEMBER, 'forum_post_ratings' => USER_LEVEL_MEMBER, 'forum_poll' => USER_LEVEL_MEMBER, 'forum_vote' => USER_LEVEL_MEMBER, 'forum_mods' => ""); } // Set last order if (!$this->data['forum_order']) { $this->data['forum_order'] = dbresult(dbquery("SELECT MAX(forum_order) FROM " . DB_FORUMS . " " . (multilang_table("FO") ? "WHERE forum_language='" . LANGUAGE . "' AND" : "WHERE") . " forum_cat='" . $this->data['forum_cat'] . "'"), 0) + 1; } if (\defender::safe()) { if ($this->verify_forum($this->data['forum_id'])) { $result = dbquery_order(DB_FORUMS, $this->data['forum_order'], 'forum_order', $this->data['forum_id'], 'forum_id', $this->data['forum_cat'], 'forum_cat', 1, 'forum_language', 'update'); if ($result) { dbquery_insert(DB_FORUMS, $this->data, 'update'); } addNotice('success', self::$locale['forum_notice_9']); redirect(FUSION_SELF . $aidlink . $this->ext); } else { $new_forum_id = 0; $result = dbquery_order(DB_FORUMS, $this->data['forum_order'], 'forum_order', FALSE, FALSE, $this->data['forum_cat'], 'forum_cat', 1, 'forum_language', 'save'); if ($result) { dbquery_insert(DB_FORUMS, $this->data, 'save'); $new_forum_id = dblastid(); } if ($this->data['forum_cat'] == 0) { redirect(FUSION_SELF . $aidlink . "&action=p_edit&forum_id=" . $new_forum_id . "&parent_id=0"); } else { switch ($this->data['forum_type']) { case '1': addNotice('success', self::$locale['forum_notice_1']); break; case '2': addNotice('success', self::$locale['forum_notice_2']); break; case '3': addNotice('success', self::$locale['forum_notice_3']); break; case '4': addNotice('success', self::$locale['forum_notice_4']); break; } redirect(FUSION_SELF . $aidlink . $this->ext); } } } } }
if (isset($_POST['savecat'])) { $cat_name = stripinput($_POST['cat_name']); $cat_order = isnum($_POST['cat_order']) ? $_POST['cat_order'] : 0; if ($cat_name != "") { if (isset($_GET['action']) && $_GET['action'] == "edit" && (isset($_GET['cat_id']) && isnum($_GET['cat_id']))) { $old_cat_order = dbresult(dbquery("SELECT field_cat_order FROM " . DB_USER_FIELD_CATS . " WHERE field_cat_id='" . $_GET['cat_id'] . "'"), 0); if ($cat_order > $old_cat_order) { $result = dbquery("UPDATE " . DB_USER_FIELD_CATS . " SET field_cat_order=field_cat_order-1 WHERE field_cat_order>'" . $old_cat_order . "' AND field_cat_order<='" . $cat_order . "'"); } elseif ($cat_order < $old_cat_order) { $result = dbquery("UPDATE " . DB_USER_FIELD_CATS . " SET field_cat_order=field_cat_order+1 WHERE field_cat_order<'" . $old_cat_order . "' AND field_cat_order>='" . $cat_order . "'"); } $result = dbquery("UPDATE " . DB_USER_FIELD_CATS . " SET field_cat_name='" . $cat_name . "', field_cat_order='{$cat_order}' WHERE field_cat_id='" . $_GET['cat_id'] . "'"); redirect(FUSION_SELF . $aidlink . "&status=su"); } else { if ($cat_order == 0) { $cat_order = dbresult(dbquery("SELECT MAX(field_cat_order) FROM " . DB_USER_FIELD_CATS . ""), 0) + 1; } $result = dbquery("UPDATE " . DB_USER_FIELD_CATS . " SET field_cat_order=field_cat_order+1 WHERE field_cat_order>='" . $cat_order . "'"); $result = dbquery("INSERT INTO " . DB_USER_FIELD_CATS . " (field_cat_name, field_cat_order) VALUES ('" . $cat_name . "', '" . $cat_order . "')"); redirect(FUSION_SELF . $aidlink . "&status=sn"); } } else { redirect(FUSION_SELF . $aidlink); } } if (isset($_GET['action']) && $_GET['action'] == "edit" && (isset($_GET['cat_id']) && isnum($_GET['cat_id']))) { $result = dbquery("SELECT field_cat_id, field_cat_name, field_cat_order FROM " . DB_USER_FIELD_CATS . " WHERE field_cat_id='" . $_GET['cat_id'] . "'"); if (dbrows($result)) { $data = dbarray($result); $cat_name = $data['field_cat_name']; $cat_order = $data['field_cat_order'];
} if (!$error) { if (isset($_GET['action']) && $_GET['action'] == "edit" && (isset($_GET['photo_id']) && isnum($_GET['photo_id']))) { $old_photo_order = dbresult(dbquery("SELECT photo_order FROM " . DB_PHOTOS . " WHERE photo_id='" . $_GET['photo_id'] . "'"), 0); if ($photo_order > $old_photo_order) { $result = dbquery("UPDATE " . DB_PHOTOS . " SET photo_order=(photo_order-1) WHERE photo_order>'{$old_photo_order}' AND photo_order<='{$photo_order}' AND album_id='" . $_GET['album_id'] . "'"); } elseif ($photo_order < $old_photo_order) { $result = dbquery("UPDATE " . DB_PHOTOS . " SET photo_order=(photo_order+1) WHERE photo_order<'{$old_photo_order}' AND photo_order>='{$photo_order}' AND album_id='" . $_GET['album_id'] . "'"); } $update_photos = $photo_file ? "photo_filename='{$photo_file}', photo_thumb1='{$photo_thumb1}', photo_thumb2='{$photo_thumb2}', " : ""; $result = dbquery("UPDATE " . DB_PHOTOS . " SET photo_title='{$photo_title}', photo_description='{$photo_description}', " . $update_photos . "photo_datestamp='" . time() . "', photo_order='{$photo_order}', photo_allow_comments='{$photo_comments}', photo_allow_ratings='{$photo_ratings}' WHERE photo_id='" . $_GET['photo_id'] . "'"); $rowstart = $photo_order > $settings['thumbs_per_page'] ? (ceil($photo_order / $settings['thumbs_per_page']) - 1) * $settings['thumbs_per_page'] : "0"; redirect(FUSION_SELF . $aidlink . "&status=su&album_id=" . $_GET['album_id'] . "&rowstart={$rowstart}"); } else { if (!$photo_order) { $photo_order = dbresult(dbquery("SELECT MAX(photo_order) FROM " . DB_PHOTOS . " WHERE album_id='" . $_GET['album_id'] . "'"), 0) + 1; } $result = dbquery("UPDATE " . DB_PHOTOS . " SET photo_order=(photo_order+1) WHERE photo_order>='{$photo_order}' AND album_id='" . $_GET['album_id'] . "'"); $result = dbquery("INSERT INTO " . DB_PHOTOS . " (album_id, photo_title, photo_description, photo_filename, photo_thumb1, photo_thumb2, photo_datestamp, photo_user, photo_views, photo_order, photo_allow_comments, photo_allow_ratings) VALUES ('" . $_GET['album_id'] . "', '{$photo_title}', '{$photo_description}', '{$photo_file}', '{$photo_thumb1}', '{$photo_thumb2}', '" . time() . "', '" . $userdata['user_id'] . "', '0', '{$photo_order}', '{$photo_comments}', '{$photo_ratings}')"); $rowstart = $photo_order > $settings['thumbs_per_page'] ? (ceil($photo_order / $settings['thumbs_per_page']) - 1) * $settings['thumbs_per_page'] : "0"; redirect(FUSION_SELF . $aidlink . "&status=sn&album_id=" . $_GET['album_id'] . "&rowstart={$rowstart}"); } } if ($error) { redirect(FUSION_SELF . $aidlink . "&status=se&error={$error}&album_id=" . $_GET['album_id']); } } else { if (isset($_GET['action']) && $_GET['action'] == "edit" && (isset($_GET['photo_id']) && isnum($_GET['photo_id']))) { $result = dbquery("SELECT * FROM " . DB_PHOTOS . " WHERE photo_id='" . $_GET['photo_id'] . "'"); if (dbrows($result)) { $data = dbarray($result);
if (iMEMBER && $userdata['user_id'] != $user_data['user_id']) { array_unshift($lastvis_array, $userdata['user_id'] . "|" . time()); $change = true; } array_splice($lastvis_array, $lastvis_showcount); if ($change) { $lastivsquery = dbquery("UPDATE " . DB_USERS . " SET user_lastvisitors=" . _db(implode(".", $lastvis_array)) . " WHERE user_id='" . (int) $user_data['user_id'] . "'"); } $lastvis_show = ""; if (is_array($lastvis_array) && count($lastvis_array)) { foreach ($lastvis_array as $lastvis_data) { $lvinfo = explode("|", $lastvis_data); $lastvis_uname = false; $lastvis_ava = false; $lastvis_ava = dbresult(dbquery("SELECT user_avatar FROM " . DB_USERS . " WHERE user_id='" . $lvinfo[0] . "'"), 0); if (isnum($lvinfo[0]) && $lvinfo[0] && ($lastvis_uname = dbresult(dbquery("SELECT user_name FROM " . DB_USERS . " WHERE user_id='" . $lvinfo[0] . "'"), 0))) { if (!$lastvis_ava) { $lastvis_ava = "noavatar.jpg"; } $lastvis_show .= ($lastvis_show != "" ? " " : "") . "<table border='0' cellpadding='5' cellspacing='5' align='left'><tr><td align='center'>" . profile_link($lvinfo[0], $lastvis_uname, '0', 'profile-link', $lastvis_uname, '', "<img src='" . IMAGES . "avatars/" . $lastvis_ava . "' alt='" . $lastvis_uname . "' border='0' width='" . $ava_size . "' height='" . $ava_size . "' />") . "<br />" . profile_link($lvinfo[0], $lastvis_uname, '0', 'profile-link', $lastvis_uname, '', $lastvis_uname) . "</td></tr></table>\n"; } } } if ($lastvis_show == "") { #echo "</tr>\n"; echo "</table>"; echo "<div style='margin:5px'></div>\n"; echo "<table cellpadding='0' cellspacing='1' width='400' class='tbl-border center'>\n<tr>\n"; echo "<td class='tbl2' colspan='2'><strong>" . $locale['uf_lastvis_03'] . "</strong></td>\n"; echo "</tr>\n<tr>\n"; echo "<td align='center' class='tbl' colspan='2'>" . sprintf($locale['uf_lastvis_04'], $daysshown) . "</td>\n";
define("SAFEMODE", @ini_get("safe_mode") ? true : false); add_to_title($locale['global_200'] . $locale['400']); if (isset($_GET['photo_id']) && isnum($_GET['photo_id'])) { $result = dbquery("SELECT tp.photo_title, tp.photo_description, tp.photo_filename, tp.photo_thumb2, tp.photo_datestamp, tp.photo_views,\n\t\ttp.photo_order, tp.photo_allow_comments, tp.photo_allow_ratings, ta.album_id, ta.album_title, ta.album_access,\n\t\ttu.user_id, tu.user_name, tu.user_status, SUM(tr.rating_vote) AS sum_rating, COUNT(tr.rating_item_id) AS count_votes\n\t\tFROM " . DB_PHOTOS . " tp\n\t\tLEFT JOIN " . DB_PHOTO_ALBUMS . " ta USING (album_id)\n\t\tLEFT JOIN " . DB_USERS . " tu ON tp.photo_user=tu.user_id\n\t\tLEFT JOIN " . DB_RATINGS . " tr ON tr.rating_item_id = tp.photo_id AND tr.rating_type='P'\n\t\tWHERE photo_id='" . $_GET['photo_id'] . "' GROUP BY tp.photo_id"); $data = dbarray($result); if (!checkgroup($data['album_access'])) { redirect(FUSION_SELF); } else { define("PHOTODIR", PHOTOS . (!SAFEMODE ? "album_" . $data['album_id'] . "/" : "")); include INCLUDES . "comments_include.php"; include INCLUDES . "ratings_include.php"; $result = dbquery("UPDATE " . DB_PHOTOS . " SET photo_views=(photo_views+1) WHERE photo_id='" . $_GET['photo_id'] . "'"); $pres = dbquery("SELECT photo_id FROM " . DB_PHOTOS . " WHERE photo_order='" . ($data['photo_order'] - 1) . "' AND album_id='" . $data['album_id'] . "'"); $nres = dbquery("SELECT photo_id FROM " . DB_PHOTOS . " WHERE photo_order='" . ($data['photo_order'] + 1) . "' AND album_id='" . $data['album_id'] . "'"); $fres = dbquery("SELECT photo_id FROM " . DB_PHOTOS . " WHERE photo_order='1' AND album_id='" . $data['album_id'] . "'"); $lastres = dbresult(dbquery("SELECT MAX(photo_order) FROM " . DB_PHOTOS . " WHERE album_id='" . $data['album_id'] . "'"), 0); $lres = dbquery("SELECT photo_id FROM " . DB_PHOTOS . " WHERE photo_order>='" . $lastres . "' AND album_id='" . $data['album_id'] . "'"); if (dbrows($pres)) { $prev = dbarray($pres); } if (dbrows($nres)) { $next = dbarray($nres); } if (dbrows($fres)) { $first = dbarray($fres); } if (dbrows($lres)) { $last = dbarray($lres); } opentable($locale['450']); echo "<!--pre_photo-->";
function htmlekle2($id) { // bunun tek farki echo yapmaz. return eder. $id = trim($id); if ($id == "") { return "id bo verilmi. (htmlekle2)"; } if (kayitsayisi("html", "id='{$id}'") == 0) { return "({$id}) id'li kod bulunamadi. eklemek icin <a href=/kafe/admin/htmlkodekle.php?id={$id}>buraya tiklayiniz</a> "; } global $nestcount; $nestcount++; if ($nestcount > 100) { echo "<hr>C*k fazla icice dongu(nest) var.(100 adet)"; exit; } $query = "select * from html where id='{$id}'"; $kod = dbresult($query, array("htmlkodu")); //$kod="<kodadi=$id>".$kod."</kodadi=$id>"; $parcalar = explode("{kod}", $kod[0]); $sayi = count($parcalar); $out = ""; $out .= "\n<kodadi={$id}>"; for ($i = 0; $i < $sayi; $i++) { if (iseven($i)) { $out .= $parcalar[$i]; } else { $out .= htmlekle2($parcalar[$i]); } } $nestcount--; $out .= "</kodadi={$id}>"; return $out; }
} else { $fim = "<img src='" . get_image("foldernew") . "' alt='" . $locale['560'] . "' />"; } } else { $fim = "<img src='" . get_image("folder") . "' alt='" . $locale['561'] . "' />"; } echo "<tr>\n"; echo "<td align='center' width='1%' class='tbl2' style='white-space:nowrap'>{$fim}</td>\n"; echo "<td class='tbl1 forum_name'><!--forum_name--><a href='viewforum.php?forum_id=" . $data['forum_id'] . "'>" . $data['forum_name'] . "</a><br />\n"; if ($data['forum_description'] || $moderators) { echo "<span class='small'>" . nl2br(parseubb($data['forum_description'])) . ($data['forum_description'] && $moderators ? "<br />\n" : ""); echo ($moderators ? "<strong>" . $locale['411'] . "</strong>" . $moderators . "</span>\n" : "</span>\n") . "\n"; } //subforums begin $threadcount = dbresult(dbquery("SELECT SUM(forum_threadcount) FROM " . DB_FORUMS . " WHERE " . groupaccess('forum_access') . " AND forum_parent='" . $data['forum_id'] . "' OR forum_id='" . $data['forum_id'] . "'"), 0); $postcount = dbresult(dbquery("SELECT SUM(forum_postcount) FROM " . DB_FORUMS . " WHERE " . groupaccess('forum_access') . " AND forum_parent='" . $data['forum_id'] . "' OR forum_id='" . $data['forum_id'] . "'"), 0); $parent_result = dbquery("SELECT forum_id, forum_name, forum_parent FROM " . DB_FORUMS . " WHERE " . groupaccess('forum_access') . " AND forum_parent='" . $data['forum_id'] . "' ORDER BY forum_order"); $i = dbrows($parent_result); $subforums = $i > 0 ? "<br />\n<span class='small'><strong>" . $locale['412'] . "</strong>\n " : ""; echo $subforums; while ($parent_data = dbarray($parent_result)) { $i--; if ($parent_data['forum_id'] != $data['forum_id']) { echo "<a href='" . FORUM . "viewforum.php?forum_id=" . $parent_data['forum_id'] . "'>" . $parent_data['forum_name'] . "</a>\n"; if ($i > 0) { echo " , "; } } } echo "</td>\n"; echo "<td align='center' width='1%' class='tbl2' style='white-space:nowrap'>" . ($threadcount == 0 ? "0" : $threadcount) . "</td>\n";
function sql_manage_order($db, $id = false, $id_col = false, $cat = false, $cat_col = false, $order, $order_col, $opts = false) { /* Revision : save, update, delete */ //sql_manage_order($db, $dmdata['field_id'], "field_id", "", "", $dmdata['field_order'], "field_order", array("mode"=>"update")); if (is_array($opts)) { if (array_key_exists("mode", $opts)) { if ($opts['mode'] == "save") { $mode = 1; } elseif ($opts['mode'] == "update") { $mode = 2; } elseif ($opts['mode'] == "delete") { $mode = 3; } } } else { $mode = 2; // mode is always on update by default. so $id_col and $id is REQUIRED. } if ($mode == "1") { // save mode if (!empty($cat) && !empty($cat_col)) { // nested category // there is a neet for $cat and $cat_col but id, and id_col not necessary for save. $result = dbquery("UPDATE " . $db . " SET {$order_col}={$order_col}+1 WHERE {$cat_col}='{$cat}' AND {$order_col}>='{$order}'"); } else { //no category - single line type // see that there is no need for [ id, id_col, cat, cat_col ] for straight ordering. $result = dbquery("UPDATE " . $db . " SET {$order_col}={$order_col}+1 WHERE {$order_col}>='{$order}'"); } } elseif ($mode == "2") { // update mode // in update mode, id and id col is REQUIRED. $old_order = dbresult(dbquery("SELECT {$order_col} FROM " . $db . " WHERE {$id_col}='{$id}'"), 0); //print_p(" dbresult(dbquery('SELECT $order_col FROM ".$db." WHERE $id_col='$id''), 0);"); //print_p($old_order); if (!empty($cat) && !empty($cat_col)) { if ($old_order !== "0") { if ($order > $old_order) { $result = dbquery("UPDATE " . $db . " SET {$order_col}={$order_col}-1 WHERE {$cat_col}='{$cat}' AND {$order_col}>'{$old_order}' AND {$order_col}<='{$order}'"); //echo "Current Order Dropped"; } elseif ($order < $old_order) { $result = dbquery("UPDATE " . $db . " SET {$order_col}={$order_col}+1 WHERE {$cat_col}='{$cat}' AND {$order_col}<'{$old_order}' AND {$order_col}>='{$order}'"); //echo "Current Order Escalated"; } } } else { //no category - single line type if ($order > $old_order) { $result = dbquery("UPDATE " . $db . " SET {$order_col}={$order_col}-1 WHERE {$order_col}>'{$old_order}' AND {$order_col}<='{$order}'"); //echo "Current Order Dropped - $order_col=$order_col-1 from 1 to 5, so all field order that is more than 1 goes 0 and negative, and field order that is less than 5 all less down "; } elseif ($order < $old_order) { $result = dbquery("UPDATE " . $db . " SET {$order_col}={$order_col}+1 WHERE {$order_col}<'{$old_order}' AND {$order_col}>='{$order}'"); //echo "Current Order Escalated"; } } } elseif ($mode == "3") { // delete mode // $id and $id_col is not necessary in delete mode. if (!empty($cat) && !empty($cat_col)) { // in nested mode, $cat and $cat_col is REQUIRED. $result = dbquery("UPDATE " . $db . " SET {$order_col}={$order_col}-1 WHERE {$cat_col}='{$cat}' AND {$order_col}>'{$order}'"); } else { $result = dbquery("UPDATE " . $db . " SET {$order_col}={$order_col}-1 WHERE {$order_col}>'{$order}'"); } } }
redirect(FUSION_SELF . $aidlink . "&error=3"); } } else { redirect(FUSION_SELF . $aidlink . "&error=4"); } } elseif (isset($_POST['btn_save'])) { $addon_cat_type = stripinput($_POST['addon_cat_type']); $addon_cat_name = stripinput($_POST['addon_cat_name']); $addon_cat_description = stripinput($_POST['addon_cat_description']); $addon_cat_access = stripinput($_POST['addon_cat_access']); if (empty($addon_cat_name)) { redirect(FUSION_SELF . $aidlink . "&error=1"); } elseif (dbcount("(*)", DB_ADDON_CATS, "addon_cat_name='{$addon_cat_name}' AND addon_cat_type='{$addon_cat_type}'") != 0) { redirect(FUSION_SELF . $aidlink . "&error=2"); } else { $addon_cat_order = dbresult(dbquery("SELECT MAX(addon_cat_order) FROM " . DB_ADDON_CATS . " WHERE addon_cat_type='{$addon_cat_type}'"), 0) + 1; $result = dbquery("INSERT INTO " . DB_ADDON_CATS . " \r\n\t\t\tVALUES('','" . $addon_cat_type . "', '" . $addon_cat_name . "','" . $addon_cat_description . "','" . $addon_cat_access . "','" . $addon_cat_order . "')"); redirect(FUSION_SELF . $aidlink . "&insert=ok"); } } else { $addon_cat_type = ""; $addon_cat_name = ""; $addon_cat_description = ""; $addon_cat_access = ""; opentable($locale['addondb436']); $cat_formaction = FUSION_SELF . $aidlink; } $user_groups = getusergroups(); $access_opts = ""; $sel = ""; while (list($key, $user_group) = each($user_groups)) {
$forum_attach = isnum($_POST['forum_attach']) ? $_POST['forum_attach'] : 0; $forum_poll = isnum($_POST['forum_poll']) ? $_POST['forum_poll'] : 0; $forum_vote = isnum($_POST['forum_vote']) ? $_POST['forum_vote'] : 0; $result = dbquery("UPDATE " . DB_FORUMS . " SET forum_name='{$forum_name}', forum_cat='{$forum_cat}', forum_description='{$forum_description}', forum_moderators='{$forum_mods}', forum_access='{$forum_access}', forum_post='{$forum_post}', forum_reply='{$forum_reply}', forum_attach='{$forum_attach}', forum_poll='{$forum_poll}', forum_vote='{$forum_vote}' WHERE forum_id='" . $_GET['forum_id'] . "'"); // start fb4 mod $forum_icon = addslash(stripinput($_POST['forum_icon'])); $forum_parent = isset($_POST['forum_parent']) && isNum($_POST['forum_parent']) ? $_POST['forum_parent'] : 0; $result = dbquery("UPDATE " . $db_prefix . "fb_forums set forum_icon='{$forum_icon}', forum_parent='{$forum_parent}' where forum_id='" . $_GET['forum_id'] . "'"); // end fb4 mod redirect(FUSION_SELF . $aidlink . "§ion=forums&status=savefu"); } else { if ($forum_name) { $forum_order = isnum($_POST['forum_order']) ? $_POST['forum_order'] : ""; $forum_parent = isset($_POST['forum_parent']) && isNum($_POST['forum_parent']) ? $_POST['forum_parent'] : 0; if (!$forum_order) { $forum_order = dbresult(dbquery("SELECT MAX(forum_order) FROM " . DB_FORUMS . " f\n\t\t\t\tleft join " . DB_PREFIX . "fb_forums f2 on f2.forum_id=f.forum_id\n\t\t\t\tWHERE f2.forum_parent='{$forum_parent}'"), 0) + 1; } $result2 = dbquery("select * from " . DB_FORUMS . " f\n\t\t\tleft join " . DB_PREFIX . "fb_forums f2 on f2.forum_id=f.forum_id\n\t\t\tWHERE forum_cat='{$forum_cat}' AND forum_order>='{$forum_order}'" . ($forum_parent ? " AND f2.forum_parent='{$forum_parent}'" : "")); while ($data2 = dbarray($result2)) { $result = dbquery("UPDATE " . DB_FORUMS . " SET forum_order=forum_order+1 where forum_id='" . $data2['forum_id'] . "'"); } $result = dbquery("INSERT INTO " . DB_FORUMS . " (forum_cat, forum_name, forum_order, forum_description, forum_moderators, forum_access, forum_post, forum_reply, forum_attach, forum_poll, forum_vote, forum_lastpost, forum_lastuser) VALUES ('{$forum_cat}', '{$forum_name}', '{$forum_order}', '{$forum_description}', '', '0', '101', '101', '101', '0', '0', '0', '0')"); $result = dbquery("INSERT INTO " . DB_PREFIX . "fb_forums (forum_id, forum_icon,forum_parent,forum_collapsed) VALUES('" . mysql_insert_id() . "', '', '{$forum_parent}', '0')"); redirect(FUSION_SELF . $aidlink . "§ion=forums&status=savefn"); } else { redirect(FUSION_SELF . $aidlink . "§ion=forums"); } } } elseif (isset($_GET['action']) && $_GET['action'] == "mu" && (isset($_GET['forum_id']) && isnum($_GET['forum_id'])) && (isset($_GET['order']) && isnum($_GET['order']))) { if (isset($_GET['t']) && $_GET['t'] == "cat") { $data = dbarray(dbquery("SELECT * FROM " . DB_FORUMS . " WHERE forum_cat='0' AND forum_order='" . $_GET['order'] . "'"));
$inf_admin_image = $inf_adminpanel[$i]['image'] ? $inf_adminpanel[$i]['image'] : "infusion_panel.gif"; if (!dbcount("(admin_id)", DB_ADMIN, "admin_rights='" . $inf_adminpanel[$i]['rights'] . "'")) { $result = dbquery("INSERT INTO " . DB_ADMIN . " (admin_rights, admin_image, admin_title, admin_link, admin_page) VALUES ('" . $inf_adminpanel[$i]['rights'] . "', '" . $inf_admin_image . "', '" . $inf_adminpanel[$i]['title'] . "', '" . INFUSIONS . $inf_folder . "/" . $inf_adminpanel[$i]['panel'] . "', '4')"); $result = dbquery("SELECT user_id, user_rights FROM " . DB_USERS . " WHERE user_level='103'"); while ($data = dbarray($result)) { $result2 = dbquery("UPDATE " . DB_USERS . " SET user_rights='" . $data['user_rights'] . "." . $inf_adminpanel[$i]['rights'] . "' WHERE user_id='" . $data['user_id'] . "'"); } } else { $error = 1; } } } if (!$error) { if (isset($inf_sitelink) && is_array($inf_sitelink) && count($inf_sitelink)) { for ($i = 1; $i < count($inf_sitelink) + 1; $i++) { $link_order = dbresult(dbquery("SELECT MAX(link_order) FROM " . DB_SITE_LINKS), 0) + 1; $result = dbquery("INSERT INTO " . DB_SITE_LINKS . " (link_name, link_url, link_visibility, link_position, link_window, link_order) VALUES ('" . $inf_sitelink[$i]['title'] . "', '" . str_replace("../", "", INFUSIONS) . $inf_folder . "/" . $inf_sitelink[$i]['url'] . "', '" . $inf_sitelink[$i]['visibility'] . "', '1', '0', '" . $link_order . "')"); } } if (isset($inf_newtable) && is_array($inf_newtable) && count($inf_newtable)) { for ($i = 1; $i < count($inf_newtable) + 1; $i++) { $result = dbquery("CREATE TABLE " . $inf_newtable[$i]); } } if (isset($inf_insertdbrow) && is_array($inf_insertdbrow) && count($inf_insertdbrow)) { for ($i = 1; $i < count($inf_insertdbrow) + 1; $i++) { $result = dbquery("INSERT INTO " . $inf_insertdbrow[$i]); } } $result = dbquery("INSERT INTO " . DB_INFUSIONS . " (inf_title, inf_folder, inf_version) VALUES ('" . $inf_title . "', '" . $inf_folder . "', '" . $inf_version . "')"); }
/** * Site Links Form */ private function display_sitelinks_form() { $locale = fusion_get_locale(); fusion_confirm_exit(); if (isset($_POST['savelink'])) { $this->data = array("link_id" => form_sanitizer($_POST['link_id'], 0, 'link_id'), "link_cat" => form_sanitizer($_POST['link_cat'], 0, 'link_cat'), "link_name" => form_sanitizer($_POST['link_name'], '', 'link_name'), "link_url" => form_sanitizer($_POST['link_url'], '', 'link_url'), "link_icon" => form_sanitizer($_POST['link_icon'], '', 'link_icon'), "link_language" => form_sanitizer($_POST['link_language'], '', 'link_language'), "link_visibility" => form_sanitizer($_POST['link_visibility'], '', 'link_visibility'), "link_position" => form_sanitizer($_POST['link_position'], '', 'link_position'), "link_order" => form_sanitizer($_POST['link_order'], '', 'link_order'), "link_window" => form_sanitizer(isset($_POST['link_window']) && $_POST['link_window'] == 1 ? 1 : 0, 0, 'link_window')); if ($this->data['link_position'] > 3) { $this->data['link_position'] = form_sanitizer($_POST['link_position_id'], 3, 'link_position_id'); } if (empty($this->data['link_order'])) { $max_order_query = "SELECT MAX(link_order) 'link_order' FROM " . DB_SITE_LINKS . "\n " . (multilang_table("SL") ? "WHERE link_language='" . LANGUAGE . "' AND" : "WHERE") . "\n link_cat='" . $this->data['link_cat'] . "'"; $this->data['link_order'] = dbresult(dbquery($max_order_query), 0) + 1; } if (\defender::safe()) { if (!empty($this->data['link_id'])) { dbquery_order(DB_SITE_LINKS, $this->data['link_order'], "link_order", $this->data['link_id'], "link_id", $this->data['link_cat'], "link_cat", multilang_table("SL"), "link_language", "update"); dbquery_insert(DB_SITE_LINKS, $this->data, 'update'); addNotice("success", $locale['SL_0016']); } else { dbquery_order(DB_SITE_LINKS, $this->data['link_order'], "link_order", $this->data['link_id'], "link_id", $this->data['link_cat'], "link_cat", multilang_table("SL"), "link_language", "save"); dbquery_insert(DB_SITE_LINKS, $this->data, 'save'); addNotice("success", $locale['SL_0015']); } redirect(clean_request("link_cat=" . $this->data['link_cat'], array('ref'), FALSE)); } } echo "<div class='m-t-20'>\n"; echo openform('link_administration_frm', 'post', FUSION_REQUEST); echo "<div class='row'>\n"; echo "<div class='col-xs-12 col-sm-12 col-md-8 col-lg-8'>\n"; echo form_hidden('link_id', '', $this->data['link_id']); echo form_textarea('link_name', $locale['SL_0020'], $this->data['link_name'], array('max_length' => 100, 'required' => TRUE, 'error_text' => $locale['SL_0085'], 'form_name' => 'linkform', 'type' => 'bbcode', 'inline' => TRUE)); echo form_text('link_icon', 'Link Icon', $this->data['link_icon'], array('max_length' => 100, 'inline' => TRUE)); echo form_text('link_url', $locale['SL_0021'], $this->data['link_url'], array('required' => TRUE, 'error_text' => $locale['SL_0086'], 'inline' => TRUE)); echo form_text('link_order', $locale['SL_0023'], $this->data['link_order'], array('class' => 'pull-left', 'inline' => TRUE, 'width' => '250px', 'type' => 'number')); // There will be a trick to manipulate the situation here if ($this->data['link_position'] > 3) { $this->data['link_position_id'] = $this->data['link_position']; $this->data['link_position'] = 4; } echo form_select('link_position', $locale['SL_0024'], $this->data['link_position'], array('options' => $this->position_opts, 'inline' => TRUE, 'stacked' => form_text('link_position_id', '', $this->data['link_position_id'], array('required' => true, 'placeholder' => 'ID', 'type' => 'number', 'type' => 'number', 'width' => '150px')))); add_to_jquery("\n checkLinkPosition( " . $this->data['link_position'] . " );\n \$('#link_position').bind('change', function(e) {\n checkLinkPosition( \$(this).val() );\n });\n "); echo "</div>\n"; echo "<div class='col-xs-12 col-sm-12 col-md-4 col-lg-4'>\n"; echo form_select_tree("link_cat", $locale['SL_0029'], $this->data['link_cat'], array('input_id' => 'link_categorys', "parent_value" => $locale['parent'], 'width' => '100%', 'query' => multilang_table("SL") ? "WHERE link_language='" . LANGUAGE . "'" : '', 'disable_opts' => $this->data['link_id'], 'hide_disabled' => 1), DB_SITE_LINKS, "link_name", "link_id", "link_cat"); echo form_select('link_language', $locale['global_ML100'], $this->data['link_language'], array('options' => $this->language_opts, 'placeholder' => $locale['choose'], 'width' => '100%')); echo form_select('link_visibility', $locale['SL_0022'], $this->data['link_visibility'], array('options' => self::get_LinkVisibility(), 'placeholder' => $locale['choose'], 'width' => '100%')); echo form_checkbox('link_window', $locale['SL_0028'], $this->data['link_window']); echo "</div>\n"; echo "</div>\n"; echo form_button('savelink', $locale['SL_0040'], $locale['SL_0040'], array('class' => 'btn-primary m-r-10', 'input_id' => 'savelink_2')); echo form_button("cancel", $locale['cancel'], "cancel", array('input_id' => 'cancel2')); echo closeform(); echo "</div>\n"; }