}
if (isset($_GET['action']) && $_GET['action'] == "mu" && (isset($_GET['field_id']) && isnum($_GET['field_id']))) {
$data2 = dbarray(dbquery("SELECT * FROM " . DB_USER_FIELDS . " WHERE field_id='" . $_GET['field_id'] . " LIMIT 1'"));
$data = dbarray(dbquery("SELECT * FROM " . DB_USER_FIELDS . " WHERE field_group='" . $data2['field_group'] . "' AND field_order='" . intval($_GET['order']) . "'"));
$result = dbquery("UPDATE " . DB_USER_FIELDS . " SET field_order=field_order+1 WHERE field_id='" . $data['field_id'] . "'");
$result = dbquery("UPDATE " . DB_USER_FIELDS . " SET field_order=field_order-1 WHERE field_id='" . $_GET['field_id'] . "'");
redirect(FUSION_SELF . $aidlink);
} elseif (isset($_GET['action']) && $_GET['action'] == "md" && (isset($_GET['field_id']) && isnum($_GET['field_id']))) {
$data2 = dbarray(dbquery("SELECT * FROM " . DB_USER_FIELDS . " WHERE field_id='" . $_GET['field_id'] . " LIMIT 1'"));
$data = dbarray(dbquery("SELECT * FROM " . DB_USER_FIELDS . " WHERE field_group='" . $data2['field_group'] . "' AND field_order='" . intval($_GET['order']) . "'"));
$result = dbquery("UPDATE " . DB_USER_FIELDS . " SET field_order=field_order-1 WHERE field_id='" . $data['field_id'] . "'");
$result = dbquery("UPDATE " . DB_USER_FIELDS . " SET field_order=field_order+1 WHERE field_id='" . $_GET['field_id'] . "'");
redirect(FUSION_SELF . $aidlink);
} elseif (isset($_GET['enable']) && file_exists(INCLUDES . "user_fields/" . $_GET['enable'] . "_include_var.php") && file_exists(INCLUDES . "user_fields/" . $_GET['enable'] . "_include.php")) {
include INCLUDES . "user_fields/" . $_GET['enable'] . "_include_var.php";
$field_order = dbresult(dbquery("SELECT MAX(field_order) FROM " . DB_USER_FIELDS . " WHERE field_group='{$user_field_group}'"), 0) + 1;
if (!$user_field_dbinfo || ($result = dbquery("ALTER TABLE " . DB_USERS . " ADD " . $user_field_dbname . " " . $user_field_dbinfo))) {
$result = dbquery("INSERT INTO " . DB_USER_FIELDS . " (field_name, field_group, field_order) VALUES ('{$user_field_dbname}', '{$user_field_group}', '{$field_order}')");
}
redirect(FUSION_SELF . $aidlink);
} elseif (isset($_GET['disable']) && isnum($_GET['disable'])) {
$data = dbarray(dbquery("SELECT * FROM " . DB_USER_FIELDS . " WHERE field_id='" . $_GET['disable'] . "'"));
include INCLUDES . "user_fields/" . $data['field_name'] . "_include_var.php";
if (!$user_field_dbinfo || ($result = dbquery("ALTER TABLE " . DB_USERS . " DROP " . $user_field_dbname))) {
$result = dbquery("UPDATE " . DB_USER_FIELDS . " SET field_order=field_order-1 WHERE field_group='" . $data['field_group'] . "' AND field_order>'" . $data['field_order'] . "'");
$result = dbquery("DELETE FROM " . DB_USER_FIELDS . " WHERE field_id='" . $_GET['disable'] . "'");
}
redirect(FUSION_SELF . $aidlink);
}
$available_fields = array();
$enabled_fields = array();
include LOCALE . LOCALESET . "user_fields/" . stripinput($_GET['enable']) . ".php";
}
include INCLUDES . "user_fields/" . stripinput($_GET['enable']) . "_include_var.php";
if (isset($_POST['enable'])) {
$field_cat = isnum($_POST['field_cat']) ? $_POST['field_cat'] : 0;
$field_required = isset($_POST['field_required']) && $_POST['field_required'] == 1 ? 1 : 0;
$field_log = isset($_POST['field_log']) && $_POST['field_log'] == 1 ? 1 : 0;
$field_registration = isset($_POST['field_registration']) && $_POST['field_registration'] == 1 ? 1 : 0;
$rows = dbcount("(field_id)", DB_USER_FIELDS, "field_name='" . stripinput($_GET['enable']) . "'");
// existed in db. how come when enable there is existing record???
// check : not removed during disable??
if ($rows > 0) {
$result = dbquery("UPDATE " . DB_USER_FIELDS . " SET\r\n\t\t\t\t\tfield_cat='" . $field_cat . "', field_required='" . $field_required . "', field_log='" . $field_log . "',\r\n\t\t\t\t\tfield_registration='" . $field_registration . "'\r\n\t\t\t\tWHERE field_name='" . stripinput($_GET['enable']) . "'");
} else {
// new record
$field_order = dbresult(dbquery("SELECT MAX(field_order) FROM " . DB_USER_FIELDS . " WHERE field_cat='" . $field_cat . "'"), 0) + 1;
// new in api 1.02
$c_query = dbquery("SELECT * FROM " . DB_USER_FIELD_CATS . " WHERE field_cat_id='" . $field_cat . "' LIMIT 1");
if (dbrows($c_query) > 0) {
// existed
$c_data = dbarray($c_query);
$field_cat_db = $c_data['field_cat_db'] ? DB_PREFIX . $c_data['field_cat_db'] : DB_USERS;
}
// change here.
if (!$user_field_dbinfo || ($result = dbquery("ALTER TABLE " . $field_cat_db . " ADD " . $user_field_dbname . " " . $user_field_dbinfo))) {
$result = dbquery("INSERT INTO " . DB_USER_FIELDS . " (\r\n\t\t\t\t\t\tfield_name, field_cat, field_required, field_log, field_registration, field_order\r\n\t\t\t\t\t) VALUES (\r\n\t\t\t\t\t\t'" . $user_field_dbname . "', '" . $field_cat . "', '" . $field_required . "',\r\n\t\t\t\t\t\t'" . $field_log . "', '" . $field_registration . "', '" . $field_order . "'\r\n\t\t\t\t\t)");
}
}
//redirect(FUSION_SELF.$aidlink);
} else {
$result = dbquery("SELECT field_cat, field_required, field_log, field_registration FROM " . DB_USER_FIELDS . "\r\n\t\t\tWHERE field_name='" . stripinput($_GET['enable']) . "'");
$album_id = isnum($_POST['album_id']) ? $_POST['album_id'] : "0";
$photo_name = strtolower(substr($submit_criteria['photo_file'], 0, strrpos($submit_criteria['photo_file'], ".")));
$photo_ext = strtolower(strrchr($submit_criteria['photo_file'], "."));
$photo_dest = PHOTOS . (!SAFEMODE ? "album_" . $album_id . "/" : "");
$photo_file = image_exists($photo_dest, $photo_name . $photo_ext);
copy(PHOTOS . "submissions/" . $submit_criteria['photo_file'], $photo_dest . $photo_file);
chmod($photo_dest . $photo_file, 0644);
unlink(PHOTOS . "submissions/" . $submit_criteria['photo_file']);
$imagefile = @getimagesize($photo_dest . $photo_file);
$photo_thumb1 = image_exists($photo_dest, $photo_name . "_t1" . $photo_ext);
createthumbnail($imagefile[2], $photo_dest . $photo_file, $photo_dest . $photo_thumb1, $settings['thumb_w'], $settings['thumb_h']);
if ($imagefile[0] > $settings['photo_w'] || $imagefile[1] > $settings['photo_h']) {
$photo_thumb2 = image_exists($photo_dest, $photo_name . "_t2" . $photo_ext);
createthumbnail($imagefile[2], $photo_dest . $photo_file, $photo_dest . $photo_thumb2, $settings['photo_w'], $settings['photo_h']);
}
$photo_order = dbresult(dbquery("SELECT MAX(photo_order) FROM " . DB_PHOTOS . " WHERE album_id='{$album_id}'"), 0) + 1;
$result = dbquery("INSERT INTO " . DB_PHOTOS . " (album_id, photo_title, photo_description, photo_filename, photo_thumb1, photo_thumb2, photo_datestamp, photo_user, photo_views, photo_order, photo_allow_comments, photo_allow_ratings) VALUES ('{$album_id}', '{$photo_title}', '{$photo_description}', '{$photo_file}', '{$photo_thumb1}', '{$photo_thumb2}', '" . time() . "', '" . $data['submit_user'] . "', '0', '{$photo_order}', '1', '1' ,'" . LANGUAGE . "')");
$result = dbquery("DELETE FROM " . DB_SUBMISSIONS . " WHERE submit_id='" . $_GET['submit_id'] . "'");
opentable($locale['580']);
echo "<br /><div style='text-align:center'>" . $locale['581'] . "<br /><br />\n";
echo "<a href='" . FUSION_SELF . $aidlink . "'>" . $locale['402'] . "</a><br /><br />\n";
echo "<a href='index.php" . $aidlink . "'>" . $locale['403'] . "</a></div><br />\n";
closetable();
} else {
redirect(FUSION_SELF . $aidlink);
}
} else {
if (isset($_POST['delete']) && (isset($_GET['submit_id']) && isnum($_GET['submit_id']))) {
opentable($locale['582']);
$data = dbarray(dbquery("SELECT submit_criteria FROM " . DB_SUBMISSIONS . " WHERE submit_id='" . $_GET['submit_id'] . "'"));
$submit_criteria = unserialize($data['submit_criteria']);
if (!$error) {
if (isset($_GET['action']) && $_GET['action'] == "edit" && (isset($_GET['album_id']) && isnum($_GET['album_id']))) {
$old_album_order = dbresult(dbquery("SELECT album_order FROM " . DB_PHOTO_ALBUMS . " WHERE album_id='" . $_GET['album_id'] . "'"), 0);
if ($album_order > $old_album_order) {
$result = dbquery("UPDATE " . DB_PHOTO_ALBUMS . " SET album_order=(album_order-1)\r\n\t\t\t\t\t\tWHERE album_order>'{$old_album_order}' AND album_order<='{$album_order}'");
} elseif ($album_order < $old_album_order) {
$result = dbquery("UPDATE " . DB_PHOTO_ALBUMS . " SET album_order=(album_order+1)\r\n\t\t\t\t\t\tWHERE album_order<'{$old_album_order}' AND album_order>='{$album_order}'");
}
$result = dbquery("UPDATE " . DB_PHOTO_ALBUMS . " SET album_title='{$album_title}', album_description='{$album_description}',\r\n\t\t\t\t\t" . (isset($album_thumb) ? " album_thumb='{$album_thumb}'," : "") . " album_user='******'user_id'] . "',\r\n\t\t\t\t\talbum_parent='{$album_parent}', album_access='{$album_access}', album_order='{$album_order}' WHERE album_id='" . $_GET['album_id'] . "'");
// Pimped: Subcategories
$rowstart = $album_order > $settings['thumbs_per_page'] ? (ceil($album_order / $settings['thumbs_per_page']) - 1) * $settings['thumbs_per_page'] : "0";
redirect(FUSION_SELF . $aidlink . "&status=su&page={$rowstart}");
// Pimped
} else {
if (!$album_order) {
$album_order = dbresult(dbquery("SELECT MAX(album_order) FROM " . DB_PHOTO_ALBUMS . ""), 0) + 1;
}
$result = dbquery("UPDATE " . DB_PHOTO_ALBUMS . " SET album_order=(album_order+1) WHERE album_order>='{$album_order}'");
$result = dbquery("\r\n\t\t\t\t\tINSERT INTO " . DB_PHOTO_ALBUMS . " \r\n\t\t\t\t\t(album_title, album_description, album_thumb, album_user, album_parent, album_access, album_order, album_datestamp)\r\n\t\t\t\t\tVALUES\r\n\t\t\t\t\t('{$album_title}', '{$album_description}', '" . (isset($album_thumb) ? $album_thumb : "") . "', '" . $userdata['user_id'] . "', \r\n\t\t\t\t\t'{$album_parent}', '{$album_access}', '{$album_order}', '" . time() . "')\r\n\t\t\t\t\t");
// Pimped: Subcategories
$rowstart = $album_order > $settings['thumbs_per_page'] ? (ceil($album_order / $settings['thumbs_per_page']) - 1) * $settings['thumbs_per_page'] : "0";
redirect(FUSION_SELF . $aidlink . "&status=sn&page={$rowstart}");
// Pimped
}
} else {
redirect(FUSION_SELF . $aidlink . "&status=se&error={$error}");
}
} else {
redirect(FUSION_SELF . $aidlink . "&status=se&error=5");
}
} else {
echo "<td class='tbl1' align='left'>" . $locale['107'] . "</td>\n";
echo "<td class='tbl1' align='right'>\n";
echo "<select name='orderby' size='1' class='textbox' style='width:150px;'>" . orderbyOptions($orderby) . "</select>\n";
echo " <select name='expr' size='1' class='textbox' style='width:100px;'>" . exprOptions($expr) . "</select>\n";
echo "</td>\n</tr>\n<tr>\n";
echo "<td class='tbl1' align='left'>" . $locale['108'] . "</td>\n";
echo "<td class='tbl1' align='right'><input type='text' name='user' value='" . $user . "' class='textbox' style='width:252px;' /></td>\n";
echo "</tr>\n<tr>\n";
echo "<td class='tbl1'>" . $locale['115'] . "</td>";
echo "<td class='tbl1' align='right'><select name='userField' size='1' class='textbox' style='width:254px;'>" . userFieldOptions($userField) . "</select></td>";
echo "</tr>\n<tr>\n";
echo "<td class='tbl' align='left'></td>\n<td class='tbl' align='right'><input type='submit' value=' " . $locale['109'] . "' class='button' /></td>\n";
echo "</tr>\n</table>\n</form>\n";
echo "<br />";
$result = dbquery("SELECT SQL_CALC_FOUND_ROWS userlog_id, userlog_user_id, userlog_field, userlog_value_old, userlog_value_new, userlog_timestamp, user_name, user_status\n\t\t\t\t FROM " . DB_USER_LOG . "\n\t\t\t\t LEFT JOIN " . DB_USERS . " ON userlog_user_id=user_id\n\t\t\t\t " . $dbWhere . "\n\t\t\t\t " . $dbOrder . "\n\t\t\t\t LIMIT " . $_GET['rowstart'] . ",20");
$rows = dbresult(dbquery("SELECT FOUND_ROWS()"), 0);
if (dbrows($result)) {
echo "<table cellpadding='0' cellspacing='1' class='tbl-border center' style='width: 700px;'>\n";
echo "<tr>\n";
echo "<td class='tbl2' style='white-space:nowrap; width:100px;'>" . $locale['102'] . "</td>\n";
echo "<td class='tbl2' style='white-space:nowrap; width:150px;'>" . $locale['103'] . "</td>\n";
echo "<td class='tbl2' style='white-space:nowrap; width:140px;'>" . $locale['104'] . "</td>\n";
echo "<td class='tbl2' style='white-space:nowrap; width:160px;'>" . $locale['105'] . "</td>\n";
echo "<td class='tbl2' style='white-space:nowrap; width:160px;'>" . $locale['106'] . "</td>\n";
echo "<td class='tbl2' style='white-space:nowrap; width:160px;'>" . $locale['117'] . "</td>\n";
echo "</tr>\n";
$i = 1;
while ($data = dbarray($result)) {
$class = $i % 2 ? "tbl1" : "tbl2";
echo "<tr>\n";
echo "<td class='" . $class . "'>" . showdate("shortdate", $data['userlog_timestamp']) . "</td>\n";
| Author: PHP-Fusion Development Team
+--------------------------------------------------------+
| This program is released as free software under the
| Affero GPL license. You can redistribute it and/or
| modify it under the terms of this license which you
| can read by viewing the included agpl.txt or online
| at www.gnu.org/licenses/agpl.html. Removal of this
| copyright header is strictly prohibited without
| written permission from the original author(s).
+--------------------------------------------------------*/
pageAccess("PH");
$data = array("album_id" => 0, "album_title" => "", "album_keywords" => "", "album_description" => "", "album_access" => "", "album_language" => LANGUAGE, "album_image" => "", "album_thumb1" => "", "album_thumb2" => "", "album_order" => dbcount("(album_id)", DB_PHOTO_ALBUMS, multilang_table("PG") ? "album_language='" . LANGUAGE . "'" : "") + 1);
if (isset($_POST['save_album'])) {
$data = array("album_id" => form_sanitizer($_POST['album_id'], 0, "album_id"), "album_title" => form_sanitizer($_POST['album_title'], "", "album_title"), "album_keywords" => form_sanitizer($_POST['album_keywords'], "", "album_keywords"), "album_description" => form_sanitizer($_POST['album_description'], "", "album_description"), "album_access" => form_sanitizer($_POST['album_access'], "", "album_access"), "album_language" => form_sanitizer($_POST['album_language'], "", "album_language"), "album_order" => form_sanitizer($_POST['album_order'], "", "album_order"), "album_image" => "", "album_thumb1" => "", "album_thumb2" => "", "album_user" => $userdata['user_id'], "album_datestamp" => time());
if (empty($data['album_order'])) {
$data['album_order'] = dbresult(dbquery("SELECT MAX(album_order) FROM " . DB_PHOTO_ALBUMS . "\n\t\t\t\t" . (multilang_table("PG") ? "where album_language='" . LANGUAGE . "'" : "") . ""), 0) + 1;
}
// do delete image
if (defender::safe()) {
if (!empty($_FILES['album_image']) && is_uploaded_file($_FILES['album_image']['tmp_name'])) {
$upload = form_sanitizer($_FILES['album_image'], "", "album_image");
if (empty($upload['error'])) {
$data['album_image'] = $upload['image_name'];
$data['album_thumb1'] = $upload['thumb1_name'];
$data['album_thumb2'] = $upload['thumb2_name'];
}
} else {
if (isset($_POST['del_image'])) {
// album_id
$result = dbquery("select album_image, album_thumb1, album_thumb2 FROM " . DB_PHOTO_ALBUMS . " WHERE album_id='" . $data['album_id'] . "'");
if (dbrows($result) > 0) {
if (dbcount("('photo_id')", DB_PHOTOS, "album_id = '" . intval($_GET['cat_id']) . "'")) {
$list = get_albumOpts();
$albumArray[0] = $locale['album_0028'];
foreach ($list as $album_id => $album_title) {
$albumArray[$album_id] = sprintf($locale['album_0029'], $album_title);
}
// unset own album
unset($albumArray[$_GET['cat_id']]);
if (isset($_POST['confirm_delete'])) {
$targetAlbum = form_sanitizer($_POST['target_album'], '0', 'target_album');
// Purge or move photos
$photosResult = dbquery("SELECT * FROM " . DB_PHOTOS . " WHERE album_id = '" . intval($_GET['cat_id']) . "'");
if (dbrows($photosResult) > 0) {
if ($targetAlbum > 0) {
// move picture to $move_album
$target_max_order = dbresult(dbquery("SELECT MAX(photo_order) FROM " . DB_PHOTOS . " WHERE album_id='" . intval($targetAlbum) . "'"), 0) + 1;
while ($photo_data = dbarray($result)) {
$photo_data['photo_order'] = $target_max_order;
dbquery("UPDATE " . DB_PHOTO_ALBUMS . " SET album_id='" . intval($targetAlbum) . "' WHERE photo_id='" . $photo_data['photo_id'] . "'");
$target_max_order++;
}
addNotice("success", sprintf($locale['album_0031'], $albumArray[$targetAlbum]));
} else {
// delete all
$photoRows = 0;
while ($photo_data = dbarray($photosResult)) {
purgePhotoImage($photo_data);
dbquery("delete from " . DB_COMMENTS . " where comment_item_id='" . intval($photo_data['photo_id']) . "' and comment_type='P'");
dbquery("delete from " . DB_RATINGS . " where rating_item_id='" . intval($photo_data['photo_id']) . "' and rating_type='P'");
dbquery_insert(DB_PHOTOS, $photo_data, 'delete');
$photoRows++;
}
} else {
redirect(FUSION_SELF . $aidlink . "&error=4");
}
// Save Insert
} elseif (isset($_POST['btn_save'])) {
$version_h = substr(stripinput($_POST['version_h']), 0, 5);
$version_l = substr(stripinput($_POST['version_l']), 0, 5);
$version_s = substr(stripinput($_POST['version_s']), 0, 12);
$version_description = stripinput($_POST['version_description']);
if (empty($version_h) || empty($version_l)) {
redirect(FUSION_SELF . $aidlink . "&error=1");
} elseif (dbcount("(*)", DB_ADDON_VERSIONS, "version_h='{$version_h}' AND version_l='{$version_l}' AND version_s='{$version_s}'") != 0) {
redirect(FUSION_SELF . $aidlink . "&error=2");
} else {
$version_order = dbresult(dbquery("SELECT MAX(version_order) FROM " . DB_ADDON_VERSIONS), 0) + 1;
$result = dbquery("INSERT INTO " . DB_ADDON_VERSIONS . " VALUES(\r\n\t\t\t\t'',\r\n\t\t\t\t'" . $version_h . "',\r\n\t\t\t\t'" . $version_l . "',\r\n\t\t\t\t'" . $version_s . "',\r\n\t\t\t\t'" . $version_description . "',\r\n\t\t\t\t'" . $version_order . "'\r\n\t\t\t)");
redirect(FUSION_SELF . $aidlink . "&insert=ok");
}
} else {
$version_h = "";
$version_l = "";
$version_s = "";
$version_description = "";
$version_formaction = FUSION_SELF . $aidlink;
opentable($locale['addondb408']);
}
echo "<form name='frm_version' method='post' action='{$version_formaction}'>\r\n<table align='center' cellpadding='0' cellspacing='0' class='tbl-border'>" . (isset($err) ? "<tr><td colspan='3' class='tbl1 error' align='center' colspan='2'>" . $err . "</td></tr>" : "") . "\r\n<tr>\r\n<td class='tbl1' nowrap>" . $locale['addondb401'] . "<strong><span style='color:red;'>*</span></strong>:</td>\r\n<td class='tbl1' nowrap>v <input type='text' class='textbox' name='version_h' value='" . $version_h . "' style='width:30px;text-align:right;'> . <input type='text' class='textbox' name='version_l' value='" . $version_l . "' style='width:50px;'> <input type='text' class='textbox' name='version_s' value='" . $version_s . "' style='width:100px;'></td>\r\n</tr>\r\n<tr>\r\n<td class='tbl1' nowrap valign='top'>" . $locale['addondb402'] . ":</td>\r\n<td class='tbl1' nowrap><textarea class='textbox' name='version_description' style='width:211px; height:40px;'>" . $version_description . "</textarea></td>\r\n</tr>\r\n<tr>\r\n<td class='tbl1' nowrap colspan='2' align='center'>" . $locale['addondb413'] . "</td>\r\n</tr>\r\n<tr>\r\n<td class='tbl1' nowrap colspan='2' align='center'><input type='submit' class='button' name='btn_save' value='" . $locale['addondb409'] . "'>" . (isset($_GET['action']) && $_GET['action'] == "edit" ? " <input type='submit' class='button' name='btn_cancel' value='" . $locale['addondb410'] . "'>" : "") . "</td>\r\n</tr>\r\n</table>\r\n</form>";
closetable();
opentable($locale['addondb400']);
$result = dbquery("SELECT * FROM " . DB_ADDON_VERSIONS . " ORDER BY version_order");
$forum_attach = isnum($_POST['forum_attach']) ? $_POST['forum_attach'] : 0;
$forum_attach_download = isnum($_POST['forum_attach_download']) ? $_POST['forum_attach_download'] : 0;
$forum_poll = isnum($_POST['forum_poll']) ? $_POST['forum_poll'] : 0;
$forum_vote = isnum($_POST['forum_vote']) ? $_POST['forum_vote'] : 0;
$forum_merge = isset($_POST['forum_merge']) && isnum($_POST['forum_merge']) ? $_POST['forum_merge'] : 0;
$result = dbquery("UPDATE " . DB_FORUMS . " SET forum_name='" . $forum_name . "', forum_cat='" . $forum_cat . "', forum_description='" . $forum_description . "', forum_moderators='" . $forum_mods . "', forum_access='" . $forum_access . "', forum_post='" . $forum_post . "', forum_reply='" . $forum_reply . "', forum_attach='" . $forum_attach . "', forum_attach_download='" . $forum_attach_download . "', forum_poll='" . $forum_poll . "', forum_vote='" . $forum_vote . "', forum_merge='" . $forum_merge . "', forum_language='" . $forum_language . "' WHERE forum_id='" . $_GET['forum_id'] . "'");
redirect(FUSION_SELF . $aidlink . "&status=savefu");
} else {
$uniqueCheck = dbcount("(forum_id)", DB_FORUMS, "" . (multilang_table("FO") ? "forum_language='" . LANGUAGE . "' AND" : "") . " forum_cat='" . $forum_cat . "' AND forum_name='" . $forum_name . "'");
if ($uniqueCheck != 0) {
$defender->stop();
$defender->addNotice($locale['517']);
}
$forum_order = isnum($_POST['forum_order']) ? $_POST['forum_order'] : "";
if (!$forum_order) {
$forum_order = dbresult(dbquery("SELECT MAX(forum_order) FROM " . DB_FORUMS . " " . (multilang_table("FO") ? "WHERE forum_language='" . LANGUAGE . "' AND" : "WHERE") . " forum_cat='{$forum_cat}'"), 0) + 1;
}
$result = dbquery("UPDATE " . DB_FORUMS . " SET forum_order=forum_order+1 " . (multilang_table("FO") ? "WHERE forum_language='" . LANGUAGE . "' AND" : "WHERE") . " forum_cat='{$forum_cat}' AND forum_order>='{$forum_order}'");
$result = dbquery("INSERT INTO " . DB_FORUMS . " (forum_cat, forum_name, forum_order, forum_description, forum_moderators, forum_access, forum_post, forum_reply, forum_attach, forum_attach_download, forum_poll, forum_vote, forum_lastpost, forum_lastuser, forum_merge, forum_language) VALUES ('" . $forum_cat . "', '" . $forum_name . "', '" . $forum_order . "', '" . $forum_description . "', '103', '101', '101', '101', '0', '0', '0', '0', '0', '0', '0', '" . $forum_language . "')");
redirect(FUSION_SELF . $aidlink . "&status=savefn");
}
}
} elseif (isset($_GET['action']) && $_GET['action'] == "mu" && (isset($_GET['forum_id']) && isnum($_GET['forum_id'])) && (isset($_GET['order']) && isnum($_GET['order']))) {
if (isset($_GET['t']) && $_GET['t'] == "cat") {
$data = dbarray(dbquery("SELECT forum_id FROM " . DB_FORUMS . " " . (multilang_table("FO") ? "WHERE forum_language='" . LANGUAGE . "' AND" : "WHERE") . " forum_cat='0' AND forum_order='" . $_GET['order'] . "'"));
$result = dbquery("UPDATE " . DB_FORUMS . " SET forum_order=forum_order+1 " . (multilang_table("FO") ? "WHERE forum_language='" . LANGUAGE . "' AND" : "WHERE") . " forum_id='" . $data['forum_id'] . "'");
$result = dbquery("UPDATE " . DB_FORUMS . " SET forum_order=forum_order-1 " . (multilang_table("FO") ? "WHERE forum_language='" . LANGUAGE . "' AND" : "WHERE") . " forum_id='" . $_GET['forum_id'] . "'");
} elseif (isset($_GET['t']) && $_GET['t'] == "forum" && (isset($_GET['cat']) && isnum($_GET['cat']))) {
$data = dbarray(dbquery("SELECT forum_id FROM " . DB_FORUMS . " " . (multilang_table("FO") ? "WHERE forum_language='" . LANGUAGE . "' AND" : "WHERE") . " forum_cat='" . $_GET['cat'] . "' AND forum_order='" . $_GET['order'] . "'"));
$result = dbquery("UPDATE " . DB_FORUMS . " SET forum_order=forum_order+1 " . (multilang_table("FO") ? "WHERE forum_language='" . LANGUAGE . "' AND" : "WHERE") . " forum_id='" . $data['forum_id'] . "'");
$result = dbquery("UPDATE " . DB_FORUMS . " SET forum_order=forum_order-1 " . (multilang_table("FO") ? "WHERE forum_language='" . LANGUAGE . "' AND" : "WHERE") . " forum_id='" . $_GET['forum_id'] . "'");
}
}
} elseif (isset($_POST['save_ac'])) {
$ac_name = trim(stripinput($_POST['ac_name']));
$ac_url = $_POST['ac_url'];
$ac_target = isnum($_POST['ac_target']) ? $_POST['ac_target'] : 0;
$ac_cat = isnum($_POST['ac_cat']) ? $_POST['ac_cat'] : 0;
if (isset($_GET['action']) && $_GET['action'] == "edit" && (isset($_GET['ac_id']) && isnum($_GET['ac_id'])) && (isset($_GET['t']) && $_GET['t'] == "ac")) {
$ac_access = isnum($_POST['ac_access']) ? $_POST['ac_access'] : 0;
$result = dbquery("UPDATE " . DB_AC_NAVIGATION . " SET ac_name='{$ac_name}', ac_cat='{$ac_cat}', ac_url='{$ac_url}', ac_target='{$ac_target}', ac_access='{$ac_access}' WHERE ac_id='" . $_GET['ac_id'] . "'");
redirect(FUSION_SELF . $aidlink . "&status=savefu");
} else {
if ($ac_name) {
$ac_order = isnum($_POST['ac_order']) ? $_POST['ac_order'] : "";
if (!$ac_order) {
$ac_order = dbresult(dbquery("SELECT MAX(ac_order) FROM " . DB_AC_NAVIGATION . " WHERE ac_cat='{$ac_cat}'"), 0) + 1;
}
$result = dbquery("UPDATE " . DB_AC_NAVIGATION . " SET ac_order=ac_order+1 WHERE ac_cat='{$ac_cat}' AND ac_order>='{$ac_order}'");
$result = dbquery("INSERT INTO " . DB_AC_NAVIGATION . " (ac_cat, ac_name, ac_url, ac_target, ac_access, ac_order) VALUES ('{$ac_cat}', '{$ac_name}', '{$ac_url}', '{$ac_target}', '{$ac_access}', '{$ac_order}')");
redirect(FUSION_SELF . $aidlink . "&status=savefn");
} else {
redirect(FUSION_SELF . $aidlink);
}
}
} elseif (isset($_GET['action']) && $_GET['action'] == "mu" && (isset($_GET['ac_id']) && isnum($_GET['ac_id'])) && (isset($_GET['order']) && isnum($_GET['order']))) {
if (isset($_GET['t']) && $_GET['t'] == "cat") {
$data = dbarray(dbquery("SELECT * FROM " . DB_AC_NAVIGATION . " WHERE ac_cat='0' AND ac_order='" . $_GET['order'] . "'"));
$result = dbquery("UPDATE " . DB_AC_NAVIGATION . " SET ac_order=ac_order+1 WHERE ac_id='" . $data['ac_id'] . "'");
$result = dbquery("UPDATE " . DB_AC_NAVIGATION . " SET ac_order=ac_order-1 WHERE ac_id='" . $_GET['ac_id'] . "'");
} elseif (isset($_GET['t']) && $_GET['t'] == "ac" && (isset($_GET['cat']) && isnum($_GET['cat']))) {
$data = dbarray(dbquery("SELECT * FROM " . DB_AC_NAVIGATION . " WHERE ac_cat='{$cat}' AND ac_order='" . $_GET['order'] . "'"));
/**
* Set CustomPage Links into Navigation Bar
* @param $data
*/
protected function set_customPageLinks($data)
{
$page_language = explode(".", $data['page_language']);
foreach ($page_language as $language) {
$link_order = dbresult(dbquery("SELECT MAX(link_order) FROM " . DB_SITE_LINKS . " " . (multilang_table("SL") ? "WHERE link_language='" . LANGUAGE . "' AND" : "WHERE") . " link_cat='" . $data['page_link_cat'] . "'"), 0) + 1;
$link_data = array('link_id' => !empty($data['link_id']) ? $data['link_id'] : 0, 'link_cat' => $data['page_link_cat'], 'link_name' => $data['page_title'], 'link_url' => 'viewpage.php?page_id=' . $data['page_id'], 'link_icon' => '', 'link_language' => $language, 'link_visibility' => 0, 'link_position' => 2, 'link_window' => 0, 'link_order' => $link_order);
print_p($link_data);
if (\PHPFusion\SiteLinks::verify_edit($link_data['link_id'])) {
dbquery_insert(DB_SITE_LINKS, $link_data, 'update');
} else {
dbquery_insert(DB_SITE_LINKS, $link_data, 'save');
}
}
}
/**
* Fetches username
* @param $user_id
* @return string
*/
function fusion_get_username($user_id)
{
$result = NULL;
$result = dbresult(dbquery("SELECT user_name FROM " . DB_USERS . " WHERE user_id='" . intval($user_id) . "'"), 0);
return $result !== NULL ? $result : fusion_get_locale("na");
}
$today_online[] = array("user_id" => $data['user_id'], "user_name" => $data['user_name'], "user_level" => $data['user_level']);
}
}
$rowspan++;
}
// Today's birthday
if ($settings['forum_statistics_birthday']) {
$today_birthday = "";
$birthday = false;
if (iMEMBER) {
if (isset($userdata['user_birthdate'])) {
$birthday = true;
}
} else {
$result = dbquery("SELECT field_name FROM " . DB_USER_FIELDS . " WHERE field_name='user_birthdate'");
$birthday = dbresult($result, 0);
}
if ($birthday) {
$result = dbquery("SELECT user_id, user_name, user_level, user_status, user_birthdate\r\n\t\t\t\tFROM " . DB_USERS . " WHERE user_birthdate LIKE '____-" . date("m") . "-" . date("d") . "'");
$birthday_rows = dbrows($result);
if ($birthday_rows) {
while ($data = dbarray($result)) {
$birthdate = explode("-", $data['user_birthdate']);
$year = date("Y") - $birthdate[0];
if ($today_birthday == "") {
if ($birthday_rows == 1) {
$today_birthday .= $locale['forum_stats_114'];
} else {
$today_birthday .= sprintf($locale['forum_stats_115'], $birthday_rows);
}
} else {
$add = $locale['addondb429'];
foreach ($addon_types as $k => $addon_typ) {
$addon_type_list .= "<li class='" . $k . "'>" . $addon_typ . "</li>\n";
$type == $k ? $add = $addon_typ : "";
}
$aob = $locale['func016'];
foreach ($addon_orderby as $k => $addon_orderby) {
$addon_orderby_list .= "<li class='" . $k . "'>" . $addon_orderby . "</li>\n";
$orderby == $k ? $aob = $addon_orderby : "";
}
$aobl = $locale['func023'];
foreach ($addon_orderby_dir as $k => $addon_orderby_dir) {
$addon_orderby_dir_list .= "<li class='" . $k . "'>" . $addon_orderby_dir . "</li>\n";
$sort == $k ? $aobl = $addon_orderby_dir : "";
}
$rows = dbresult(dbquery("SELECT COUNT(*) FROM " . DB_ADDON_CATS . " tc LEFT JOIN " . DB_ADDONS . " tm USING(addon_cat_id) LEFT JOIN " . DB_ADDON_VERSIONS . " tv USING(version_id) WHERE " . groupaccess('tc.addon_cat_access') . " AND " . $db_opts . " AND addon_status='0'"), 0);
$result = dbquery("\r\n\tSELECT tc.*,tm.*,tv.*\r\n\tFROM " . DB_ADDON_CATS . " tc\r\n\tLEFT JOIN " . DB_ADDONS . " tm USING(addon_cat_id)\r\n\tLEFT JOIN " . DB_ADDON_VERSIONS . " tv USING(version_id)\r\n\tWHERE " . $db_opts . " AND " . groupaccess('tc.addon_cat_access') . "\r\n\tGROUP BY addon_id, tc.addon_cat_id\r\n\tORDER BY addon_cat_name, " . $orderby . " " . $sort . "\r\n\tLIMIT " . $_GET['rowstart'] . "," . $settings_global['addons_per_page']);
add_to_title($locale['addondb435'] . $locale['addondb400']);
include ADDON_INC . "view_nav.php";
opentable($locale['addondb400']);
?>
<form name="filterform" method="get" action="<?php
echo FUSION_SELF;
?>
">
<div class="dropselect threecol">
<?php
echo $locale['addondb432'];
?>
<p class="field"><?php
echo $add;
$forum_attach = isnum($_POST['forum_attach']) ? $_POST['forum_attach'] : 0;
$forum_attach_download = isnum($_POST['forum_attach_download']) ? $_POST['forum_attach_download'] : 0;
$forum_poll = isnum($_POST['forum_poll']) ? $_POST['forum_poll'] : 0;
$forum_vote = isnum($_POST['forum_vote']) ? $_POST['forum_vote'] : 0;
$forum_merge = isset($_POST['forum_merge']) && isnum($_POST['forum_merge']) ? $_POST['forum_merge'] : 0;
$result = dbquery("UPDATE " . DB_FORUMS . " SET forum_name='" . $forum_name . "', forum_cat='" . $forum_cat . "', forum_parent='" . $forum_parent . "', forum_description='" . $forum_description . "', forum_moderators='" . $forum_mods . "', forum_access='" . $forum_access . "', forum_post='" . $forum_post . "', forum_reply='" . $forum_reply . "', forum_attach='" . $forum_attach . "', forum_attach_download='" . $forum_attach_download . "', forum_poll='" . $forum_poll . "', forum_vote='" . $forum_vote . "', forum_merge='" . $forum_merge . "' WHERE forum_id='" . $_GET['forum_id'] . "'");
//subforums
redirect(FUSION_SELF . $aidlink . "&status=savefu");
} else {
$uniqueCheck = dbcount("(forum_id)", DB_FORUMS, "forum_cat='" . $forum_cat . "' AND forum_name='" . $forum_name . "'");
if ($uniqueCheck != 0) {
redirect(FUSION_SELF . $aidlink . "&status=saveft");
}
$forum_order = isnum($_POST['forum_order']) ? $_POST['forum_order'] : "";
if (!$forum_order) {
$forum_order = dbresult(dbquery("SELECT MAX(forum_order) FROM " . DB_FORUMS . " WHERE forum_parent='{$forum_parent}' AND forum_cat='{$forum_cat}'"), 0) + 1;
}
//subforums
$result = dbquery("UPDATE " . DB_FORUMS . " SET forum_order=forum_order+1 WHERE forum_cat='{$forum_cat}' AND forum_parent='{$forum_parent}' AND forum_order>='{$forum_order}'");
//subforums
$result = dbquery("INSERT INTO " . DB_FORUMS . " (forum_cat, forum_parent, forum_name, forum_order, forum_description, forum_moderators, forum_access, forum_post, forum_reply, forum_attach, forum_attach_download, forum_poll, forum_vote, forum_lastpost, forum_lastuser, forum_merge) VALUES ('" . $forum_cat . "', '" . $forum_parent . "', '" . $forum_name . "', '" . $forum_order . "', '" . $forum_description . "', '103', '101', '101', '101', '0', '0', '0', '0', '0', '0', '0')");
//subforums
redirect(FUSION_SELF . $aidlink . "&status=savefn");
}
} else {
redirect(FUSION_SELF . $aidlink . "&status=saveft");
}
} elseif (isset($_GET['action']) && $_GET['action'] == "mu" && (isset($_GET['forum_id']) && isnum($_GET['forum_id'])) && (isset($_GET['order']) && isnum($_GET['order']))) {
if (isset($_GET['t']) && $_GET['t'] == "cat") {
$parent = isset($_GET['parent']) && isNum($_GET['parent']) ? " AND forum_parent='" . $_GET['parent'] . "'" : "";
//subforums
$upd_order = dbquery("UPDATE " . DB_AN_NEWS . " SET anews_order='" . $order . "' WHERE anews_id='" . $anid . "'");
$upd_order_all = dbquery("UPDATE " . DB_AN_NEWS . " SET anews_order=anews_order+1 WHERE anews_column='" . $column . "' AND anews_order>='" . $order . "' AND anews_order<'" . $old_order . "' AND anews_id<>'" . $anid . "'");
}
}
}
}
redirect(INFUSIONS . "al_news_panel/admin/index.php" . $aidlink . "&p=news");
}
if (isset($_POST['add'])) {
$nid = $_POST['nnews'];
//$text = trim(nl2br($_POST['ntext']));
$order2 = $_POST['norder'];
$order = $order2 == "0" ? 1 : $order2;
$column = $_POST['ncolumn'];
if (isnum($order)) {
$max = dbresult(dbquery("SELECT MAX(anews_order) FROM " . DB_AN_NEWS . " WHERE anews_column='" . $column . "'"), 0);
//print_r($_POST);
//var_dump($max);
$max_order = $max ? $max : 0;
if ($order > $max_order + 1) {
$order = $max_order + 1;
} elseif ($order <= $max_order) {
//refresh order
$refresh = dbquery("UPDATE " . DB_AN_NEWS . " SET anews_order=anews_order+1 WHERE anews_column='" . $column . "' AND anews_order>='" . $order . "'");
}
$add = dbquery("INSERT INTO " . DB_AN_NEWS . " (anews_news, anews_column, anews_order) VALUES ('" . $nid . "','" . $column . "','" . $order . "')");
}
// isnum
redirect(INFUSIONS . "al_news_panel/admin/index.php" . $aidlink . "&p=news");
}
if (isset($_GET['e']) && isnum($_GET['e'])) {
if ($info['download_max_rows']) {
switch ($_GET['type']) {
case 'recent':
$filter_condition = 'download_datestamp DESC';
break;
case 'comments':
$filter_condition = 'count_comment DESC';
break;
case 'ratings':
$filter_condition = 'sum_rating DESC';
break;
case 'download':
$filter_condition = 'download_count DESC';
break;
default:
$filter_condition = dbresult(dbquery("SELECT download_cat_sorting FROM " . DB_DOWNLOAD_CATS . " WHERE download_cat_id='" . intval($_GET['cat_id']) . "'"), 0);
}
$sql = "SELECT d.*, dc.*,\n\t\t\t\ttu.user_id, tu.user_name, tu.user_status, tu.user_avatar , tu.user_level, tu.user_joined,\n\t\t\t\tIF(SUM(tr.rating_vote)>0, SUM(tr.rating_vote), 0) AS sum_rating,\n\t\t\t\tCOUNT(tr.rating_item_id) AS count_votes,\n\t\t\t\tCOUNT(td.comment_item_id) AS count_comment,\n\t\t\t\tMAX(d.download_datestamp) as last_updated\n\t\t\t\tFROM " . DB_DOWNLOADS . " d\n\t\t\t\tINNER JOIN " . DB_DOWNLOAD_CATS . " dc ON d.download_cat=dc.download_cat_id\n\t\t\t\tLEFT JOIN " . DB_USERS . " tu ON d.download_user=tu.user_id\n\t\t\t\tLEFT JOIN " . DB_RATINGS . " tr ON tr.rating_item_id = d.download_id AND tr.rating_type='D'\n\t\t\t\tLEFT JOIN " . DB_COMMENTS . " td ON td.comment_item_id = d.download_id AND td.comment_type='D' AND td.comment_hidden='0'\n\t\t\t\t" . (multilang_table("DL") ? "WHERE download_cat_language='" . LANGUAGE . "' AND" : "WHERE") . " " . groupaccess('download_visibility') . "\n\t\t\t\tAND download_cat = '" . intval($_GET['cat_id']) . "'\n\t\t\t\tGROUP BY d.download_id\n\t\t\t\tORDER BY " . (!empty($filter_condition) ? $filter_condition : "dc.download_cat_sorting") . "\n\t\t\t\tLIMIT " . intval($_GET['rowstart']) . "," . intval($dl_settings['download_pagination']);
$result = dbquery($sql);
$info['download_rows'] = dbrows($result);
}
} else {
set_title($locale['download_1000']);
/**
* Everyone's Download Posts
*/
$info['download_max_rows'] = dbcount("('download_id')", DB_DOWNLOADS, groupaccess('download_visibility'));
$_GET['rowstart'] = isset($_GET['rowstart']) && isnum($_GET['rowstart']) && $_GET['rowstart'] <= $info['download_max_rows'] ? $_GET['rowstart'] : 0;
if ($info['download_max_rows'] > 0) {
$download_query = "SELECT d.*, dc.*,\n\t\t\t\ttu.user_id, tu.user_name, tu.user_status, tu.user_avatar , tu.user_level, tu.user_joined,\n\t\t\t\tIF(SUM(tr.rating_vote)>0, SUM(tr.rating_vote), 0) AS sum_rating,\n\t\t\t\tCOUNT(tr.rating_item_id) AS count_votes,\n\t\t\t\tCOUNT(td.comment_item_id) AS count_comment,\n\t\t\t\tmax(d.download_datestamp) as last_updated\n\t\t\t\tFROM " . DB_DOWNLOADS . " d\n\t\t\t\tINNER JOIN " . DB_DOWNLOAD_CATS . " dc ON d.download_cat=dc.download_cat_id\n\t\t\t\tLEFT JOIN " . DB_USERS . " tu ON d.download_user=tu.user_id\n\t\t\t\tLEFT JOIN " . DB_RATINGS . " tr ON tr.rating_item_id = d.download_id AND tr.rating_type='D'\n\t\t\t\tLEFT JOIN " . DB_COMMENTS . " td ON td.comment_item_id = d.download_id AND td.comment_type='D' AND td.comment_hidden='0'\n\t\t\t\t" . (multilang_table("DL") ? "WHERE dc.download_cat_language = '" . LANGUAGE . "' AND" : "WHERE") . " " . groupaccess('download_visibility') . "\n\t\t\t\t" . $condition . "\n\t\t\t\tGROUP BY d.download_id\n\t\t\t\tORDER BY " . ($filter_condition ? $filter_condition : "dc.download_cat_sorting") . "\n\t\t\t\tLIMIT " . intval($_GET['rowstart']) . "," . intval($dl_settings['download_pagination']);
$result = dbquery($download_query);
$object->use_resume = true;
$object->download();
exit;
} elseif (!empty($data['download_url'])) {
$res = 1;
redirect($data['download_url']);
}
}
}
if ($res == 0) {
redirect("downloads.php");
}
}
// Statistics
$dl_stats = "";
$i_alt = dbresult(dbquery("SELECT SUM(download_count) FROM " . DB_DOWNLOADS), 0);
$dl_stats .= "<table cellpadding='0' cellspacing='1' class='tbl-border' style='width:100%;'>\n";
$dl_stats .= "<tr>\n<td class='tbl2' valign='middle'><img src='" . get_image("statistics") . "' alt='" . $locale['429'] . "' /></td>\n";
$dl_stats .= "<td width='100%' align='left' class='tbl1'>\n";
$dl_stats .= "<span class='small'>" . $locale['415'] . " " . dbcount("(download_cat)", DB_DOWNLOADS) . "</span><br />\n";
$dl_stats .= "<span class='small'>" . $locale['440'] . " " . ($i_alt ? $i_alt : "0") . "</span><br />";
$result = dbquery("SELECT td.download_id, td.download_title, td.download_count, td.download_cat,\n\t\t\t\ttc.download_cat_id, tc.download_cat_access\n\t\tFROM " . DB_DOWNLOADS . " td\n\t\tLEFT JOIN " . DB_DOWNLOAD_CATS . " tc ON td.download_cat=tc.download_cat_id\n\t\tWHERE " . groupaccess('download_cat_access') . "\n\t\tORDER BY download_count DESC LIMIT 0,1");
if (dbrows($result) != 0) {
while ($data = dbarray($result)) {
$download_title = $data['download_title'];
$dl_stats .= "<span class='small'>" . $locale['441'];
$dl_stats .= " <a href='" . FUSION_SELF . "?download_id=" . $data['download_id'] . "' title='" . $download_title . "' class='side'>" . trimlink($data['download_title'], 100) . "</a>";
$dl_stats .= " [ " . $data['download_count'] . " ]</span><br />";
}
}
$result = dbquery("SELECT td.download_id, td.download_title, td.download_count, td.download_cat, td.download_datestamp,\n\t\t\t\ttc.download_cat_id, tc.download_cat_access\n\t\tFROM " . DB_DOWNLOADS . " td\n\t\tLEFT JOIN " . DB_DOWNLOAD_CATS . " tc ON td.download_cat=tc.download_cat_id\n\t\tWHERE " . groupaccess('download_cat_access') . "\n\t\tORDER BY download_datestamp DESC LIMIT 0,1");
/**
* MYSQL update and save forum
*/
private function set_forumDB()
{
global $aidlink;
// Save_permission
if (isset($_POST['save_permission'])) {
$this->data['forum_id'] = form_sanitizer($_POST['forum_id'], '', 'forum_id');
$this->data = self::get_forum($this->data['forum_id']);
if (!empty($this->data)) {
$this->data['forum_access'] = form_sanitizer($_POST['forum_access'], USER_LEVEL_PUBLIC, 'forum_access');
$this->data['forum_post'] = form_sanitizer($_POST['forum_post'], USER_LEVEL_MEMBER, 'forum_post');
$this->data['forum_reply'] = form_sanitizer($_POST['forum_reply'], USER_LEVEL_MEMBER, 'forum_reply');
$this->data['forum_post_ratings'] = form_sanitizer($_POST['forum_post_ratings'], USER_LEVEL_MEMBER, 'forum_post_ratings');
$this->data['forum_poll'] = form_sanitizer($_POST['forum_poll'], USER_LEVEL_MEMBER, 'forum_poll');
$this->data['forum_vote'] = form_sanitizer($_POST['forum_vote'], USER_LEVEL_MEMBER, 'forum_vote');
$this->data['forum_answer_threshold'] = form_sanitizer($_POST['forum_answer_threshold'], 0, 'forum_answer_threshold');
$this->data['forum_attach'] = form_sanitizer($_POST['forum_attach'], USER_LEVEL_MEMBER, 'forum_attach');
$this->data['forum_attach_download'] = form_sanitizer($_POST['forum_attach_download'], USER_LEVEL_PUBLIC, 'forum_attach_download');
$this->data['forum_mods'] = isset($_POST['forum_mods']) ? form_sanitizer($_POST['forum_mods'], '', 'forum_mods') : "";
dbquery_insert(DB_FORUMS, $this->data, 'update');
addnotice('success', self::$locale['forum_notice_10']);
if (\defender::safe()) {
redirect(FUSION_SELF . $aidlink . $this->ext);
}
}
}
if (isset($_POST['save_forum'])) {
$this->data = array('forum_id' => form_sanitizer($_POST['forum_id'], 0, 'forum_id'), 'forum_name' => form_sanitizer($_POST['forum_name'], '', 'forum_name'), 'forum_description' => form_sanitizer($_POST['forum_description'], '', 'forum_description'), 'forum_cat' => form_sanitizer($_POST['forum_cat'], 0, 'forum_cat'), 'forum_type' => form_sanitizer($_POST['forum_type'], '', 'forum_type'), 'forum_language' => form_sanitizer($_POST['forum_language'], '', 'forum_language'), 'forum_alias' => form_sanitizer($_POST['forum_alias'], '', 'forum_alias'), 'forum_meta' => form_sanitizer($_POST['forum_meta'], '', 'forum_meta'), 'forum_rules' => form_sanitizer($_POST['forum_rules'], '', 'forum_rules'), 'forum_image_enable' => isset($_POST['forum_image_enable']) ? 1 : 0, 'forum_merge' => isset($_POST['forum_merge']) ? 1 : 0, 'forum_allow_attach' => isset($_POST['forum_allow_attach']) ? 1 : 0, 'forum_quick_edit' => isset($_POST['forum_quick_edit']) ? 1 : 0, 'forum_allow_poll' => isset($_POST['forum_allow_poll']) ? 1 : 0, 'forum_poll' => USER_LEVEL_MEMBER, 'forum_users' => isset($_POST['forum_users']) ? 1 : 0, 'forum_lock' => isset($_POST['forum_lock']) ? 1 : 0, 'forum_permissions' => isset($_POST['forum_permissions']) ? form_sanitizer($_POST['forum_permissions'], 0, 'forum_permissions') : 0, 'forum_order' => isset($_POST['forum_order']) ? form_sanitizer($_POST['forum_order']) : '', 'forum_branch' => get_hkey(DB_FORUMS, 'forum_id', 'forum_cat', $this->data['forum_cat']), 'forum_image' => '', 'forum_mods' => "");
$this->data['forum_alias'] = $this->data['forum_alias'] ? str_replace(' ', '-', $this->data['forum_alias']) : '';
// Checks for unique forum alias
if ($this->data['forum_alias']) {
if ($this->data['forum_id']) {
$alias_check = dbcount("('alias_id')", DB_PERMALINK_ALIAS, "alias_url='" . $this->data['forum_alias'] . "' AND alias_item_id !='" . $this->data['forum_id'] . "'");
} else {
$alias_check = dbcount("('alias_id')", DB_PERMALINK_ALIAS, "alias_url='" . $this->data['forum_alias'] . "'");
}
if ($alias_check) {
\defender::stop();
addNotice('warning', self::$locale['forum_error_6']);
}
}
// check forum name unique
$this->data['forum_name'] = $this->check_validForumName($this->data['forum_name'], $this->data['forum_id']);
// Uploads or copy forum image or use back the forum image existing
if (!empty($_FILES) && is_uploaded_file($_FILES['forum_image']['tmp_name'])) {
$upload = form_sanitizer($_FILES['forum_image'], '', 'forum_image');
if ($upload['error'] == 0) {
if (!empty($upload['thumb1_name'])) {
$this->data['forum_image'] = $upload['thumb1_name'];
} else {
$this->data['forum_image'] = $upload['image_name'];
}
}
} elseif (isset($_POST['forum_image_url']) && $_POST['forum_image_url'] != "") {
require_once INCLUDES . "photo_functions_include.php";
// if forum_image_header is not empty
$type_opts = array('0' => BASEDIR, '1' => '');
// the url
$this->data['forum_image'] = $type_opts[intval($_POST['forum_image_header'])] . form_sanitizer($_POST['forum_image_url'], '', 'forum_image_url');
$upload = copy_file($this->data['forum_image'], FORUM . "images/");
if ($upload['error'] == TRUE) {
\defender::stop();
addNotice('danger', self::$locale['forum_error_9']);
} else {
$this->data['forum_image'] = $upload['name'];
}
} else {
$this->data['forum_image'] = isset($_POST['forum_image']) ? form_sanitizer($_POST['forum_image'], '', 'forum_image') : "";
}
if (!$this->data['forum_id']) {
$this->data += array('forum_access' => USER_LEVEL_PUBLIC, 'forum_post' => USER_LEVEL_MEMBER, 'forum_reply' => USER_LEVEL_MEMBER, 'forum_post_ratings' => USER_LEVEL_MEMBER, 'forum_poll' => USER_LEVEL_MEMBER, 'forum_vote' => USER_LEVEL_MEMBER, 'forum_mods' => "");
}
// Set last order
if (!$this->data['forum_order']) {
$this->data['forum_order'] = dbresult(dbquery("SELECT MAX(forum_order) FROM " . DB_FORUMS . " " . (multilang_table("FO") ? "WHERE forum_language='" . LANGUAGE . "' AND" : "WHERE") . " forum_cat='" . $this->data['forum_cat'] . "'"), 0) + 1;
}
if (\defender::safe()) {
if ($this->verify_forum($this->data['forum_id'])) {
$result = dbquery_order(DB_FORUMS, $this->data['forum_order'], 'forum_order', $this->data['forum_id'], 'forum_id', $this->data['forum_cat'], 'forum_cat', 1, 'forum_language', 'update');
if ($result) {
dbquery_insert(DB_FORUMS, $this->data, 'update');
}
addNotice('success', self::$locale['forum_notice_9']);
redirect(FUSION_SELF . $aidlink . $this->ext);
} else {
$new_forum_id = 0;
$result = dbquery_order(DB_FORUMS, $this->data['forum_order'], 'forum_order', FALSE, FALSE, $this->data['forum_cat'], 'forum_cat', 1, 'forum_language', 'save');
if ($result) {
dbquery_insert(DB_FORUMS, $this->data, 'save');
$new_forum_id = dblastid();
}
if ($this->data['forum_cat'] == 0) {
redirect(FUSION_SELF . $aidlink . "&action=p_edit&forum_id=" . $new_forum_id . "&parent_id=0");
} else {
switch ($this->data['forum_type']) {
case '1':
addNotice('success', self::$locale['forum_notice_1']);
break;
case '2':
addNotice('success', self::$locale['forum_notice_2']);
break;
case '3':
addNotice('success', self::$locale['forum_notice_3']);
break;
case '4':
addNotice('success', self::$locale['forum_notice_4']);
break;
}
redirect(FUSION_SELF . $aidlink . $this->ext);
}
}
}
}
}
if (isset($_POST['savecat'])) {
$cat_name = stripinput($_POST['cat_name']);
$cat_order = isnum($_POST['cat_order']) ? $_POST['cat_order'] : 0;
if ($cat_name != "") {
if (isset($_GET['action']) && $_GET['action'] == "edit" && (isset($_GET['cat_id']) && isnum($_GET['cat_id']))) {
$old_cat_order = dbresult(dbquery("SELECT field_cat_order FROM " . DB_USER_FIELD_CATS . " WHERE field_cat_id='" . $_GET['cat_id'] . "'"), 0);
if ($cat_order > $old_cat_order) {
$result = dbquery("UPDATE " . DB_USER_FIELD_CATS . " SET field_cat_order=field_cat_order-1 WHERE field_cat_order>'" . $old_cat_order . "' AND field_cat_order<='" . $cat_order . "'");
} elseif ($cat_order < $old_cat_order) {
$result = dbquery("UPDATE " . DB_USER_FIELD_CATS . " SET field_cat_order=field_cat_order+1 WHERE field_cat_order<'" . $old_cat_order . "' AND field_cat_order>='" . $cat_order . "'");
}
$result = dbquery("UPDATE " . DB_USER_FIELD_CATS . " SET field_cat_name='" . $cat_name . "', field_cat_order='{$cat_order}' WHERE field_cat_id='" . $_GET['cat_id'] . "'");
redirect(FUSION_SELF . $aidlink . "&status=su");
} else {
if ($cat_order == 0) {
$cat_order = dbresult(dbquery("SELECT MAX(field_cat_order) FROM " . DB_USER_FIELD_CATS . ""), 0) + 1;
}
$result = dbquery("UPDATE " . DB_USER_FIELD_CATS . " SET field_cat_order=field_cat_order+1 WHERE field_cat_order>='" . $cat_order . "'");
$result = dbquery("INSERT INTO " . DB_USER_FIELD_CATS . " (field_cat_name, field_cat_order) VALUES ('" . $cat_name . "', '" . $cat_order . "')");
redirect(FUSION_SELF . $aidlink . "&status=sn");
}
} else {
redirect(FUSION_SELF . $aidlink);
}
}
if (isset($_GET['action']) && $_GET['action'] == "edit" && (isset($_GET['cat_id']) && isnum($_GET['cat_id']))) {
$result = dbquery("SELECT field_cat_id, field_cat_name, field_cat_order FROM " . DB_USER_FIELD_CATS . " WHERE field_cat_id='" . $_GET['cat_id'] . "'");
if (dbrows($result)) {
$data = dbarray($result);
$cat_name = $data['field_cat_name'];
$cat_order = $data['field_cat_order'];
}
if (!$error) {
if (isset($_GET['action']) && $_GET['action'] == "edit" && (isset($_GET['photo_id']) && isnum($_GET['photo_id']))) {
$old_photo_order = dbresult(dbquery("SELECT photo_order FROM " . DB_PHOTOS . " WHERE photo_id='" . $_GET['photo_id'] . "'"), 0);
if ($photo_order > $old_photo_order) {
$result = dbquery("UPDATE " . DB_PHOTOS . " SET photo_order=(photo_order-1) WHERE photo_order>'{$old_photo_order}' AND photo_order<='{$photo_order}' AND album_id='" . $_GET['album_id'] . "'");
} elseif ($photo_order < $old_photo_order) {
$result = dbquery("UPDATE " . DB_PHOTOS . " SET photo_order=(photo_order+1) WHERE photo_order<'{$old_photo_order}' AND photo_order>='{$photo_order}' AND album_id='" . $_GET['album_id'] . "'");
}
$update_photos = $photo_file ? "photo_filename='{$photo_file}', photo_thumb1='{$photo_thumb1}', photo_thumb2='{$photo_thumb2}', " : "";
$result = dbquery("UPDATE " . DB_PHOTOS . " SET photo_title='{$photo_title}', photo_description='{$photo_description}', " . $update_photos . "photo_datestamp='" . time() . "', photo_order='{$photo_order}', photo_allow_comments='{$photo_comments}', photo_allow_ratings='{$photo_ratings}' WHERE photo_id='" . $_GET['photo_id'] . "'");
$rowstart = $photo_order > $settings['thumbs_per_page'] ? (ceil($photo_order / $settings['thumbs_per_page']) - 1) * $settings['thumbs_per_page'] : "0";
redirect(FUSION_SELF . $aidlink . "&status=su&album_id=" . $_GET['album_id'] . "&rowstart={$rowstart}");
} else {
if (!$photo_order) {
$photo_order = dbresult(dbquery("SELECT MAX(photo_order) FROM " . DB_PHOTOS . " WHERE album_id='" . $_GET['album_id'] . "'"), 0) + 1;
}
$result = dbquery("UPDATE " . DB_PHOTOS . " SET photo_order=(photo_order+1) WHERE photo_order>='{$photo_order}' AND album_id='" . $_GET['album_id'] . "'");
$result = dbquery("INSERT INTO " . DB_PHOTOS . " (album_id, photo_title, photo_description, photo_filename, photo_thumb1, photo_thumb2, photo_datestamp, photo_user, photo_views, photo_order, photo_allow_comments, photo_allow_ratings) VALUES ('" . $_GET['album_id'] . "', '{$photo_title}', '{$photo_description}', '{$photo_file}', '{$photo_thumb1}', '{$photo_thumb2}', '" . time() . "', '" . $userdata['user_id'] . "', '0', '{$photo_order}', '{$photo_comments}', '{$photo_ratings}')");
$rowstart = $photo_order > $settings['thumbs_per_page'] ? (ceil($photo_order / $settings['thumbs_per_page']) - 1) * $settings['thumbs_per_page'] : "0";
redirect(FUSION_SELF . $aidlink . "&status=sn&album_id=" . $_GET['album_id'] . "&rowstart={$rowstart}");
}
}
if ($error) {
redirect(FUSION_SELF . $aidlink . "&status=se&error={$error}&album_id=" . $_GET['album_id']);
}
} else {
if (isset($_GET['action']) && $_GET['action'] == "edit" && (isset($_GET['photo_id']) && isnum($_GET['photo_id']))) {
$result = dbquery("SELECT * FROM " . DB_PHOTOS . " WHERE photo_id='" . $_GET['photo_id'] . "'");
if (dbrows($result)) {
$data = dbarray($result);
if (iMEMBER && $userdata['user_id'] != $user_data['user_id']) {
array_unshift($lastvis_array, $userdata['user_id'] . "|" . time());
$change = true;
}
array_splice($lastvis_array, $lastvis_showcount);
if ($change) {
$lastivsquery = dbquery("UPDATE " . DB_USERS . " SET user_lastvisitors=" . _db(implode(".", $lastvis_array)) . " WHERE user_id='" . (int) $user_data['user_id'] . "'");
}
$lastvis_show = "";
if (is_array($lastvis_array) && count($lastvis_array)) {
foreach ($lastvis_array as $lastvis_data) {
$lvinfo = explode("|", $lastvis_data);
$lastvis_uname = false;
$lastvis_ava = false;
$lastvis_ava = dbresult(dbquery("SELECT user_avatar FROM " . DB_USERS . " WHERE user_id='" . $lvinfo[0] . "'"), 0);
if (isnum($lvinfo[0]) && $lvinfo[0] && ($lastvis_uname = dbresult(dbquery("SELECT user_name FROM " . DB_USERS . " WHERE user_id='" . $lvinfo[0] . "'"), 0))) {
if (!$lastvis_ava) {
$lastvis_ava = "noavatar.jpg";
}
$lastvis_show .= ($lastvis_show != "" ? " " : "") . "<table border='0' cellpadding='5' cellspacing='5' align='left'><tr><td align='center'>" . profile_link($lvinfo[0], $lastvis_uname, '0', 'profile-link', $lastvis_uname, '', "<img src='" . IMAGES . "avatars/" . $lastvis_ava . "' alt='" . $lastvis_uname . "' border='0' width='" . $ava_size . "' height='" . $ava_size . "' />") . "<br />" . profile_link($lvinfo[0], $lastvis_uname, '0', 'profile-link', $lastvis_uname, '', $lastvis_uname) . "</td></tr></table>\n";
}
}
}
if ($lastvis_show == "") {
#echo "</tr>\n";
echo "</table>";
echo "<div style='margin:5px'></div>\n";
echo "<table cellpadding='0' cellspacing='1' width='400' class='tbl-border center'>\n<tr>\n";
echo "<td class='tbl2' colspan='2'><strong>" . $locale['uf_lastvis_03'] . "</strong></td>\n";
echo "</tr>\n<tr>\n";
echo "<td align='center' class='tbl' colspan='2'>" . sprintf($locale['uf_lastvis_04'], $daysshown) . "</td>\n";
define("SAFEMODE", @ini_get("safe_mode") ? true : false);
add_to_title($locale['global_200'] . $locale['400']);
if (isset($_GET['photo_id']) && isnum($_GET['photo_id'])) {
$result = dbquery("SELECT tp.photo_title, tp.photo_description, tp.photo_filename, tp.photo_thumb2, tp.photo_datestamp, tp.photo_views,\n\t\ttp.photo_order, tp.photo_allow_comments, tp.photo_allow_ratings, ta.album_id, ta.album_title, ta.album_access,\n\t\ttu.user_id, tu.user_name, tu.user_status, SUM(tr.rating_vote) AS sum_rating, COUNT(tr.rating_item_id) AS count_votes\n\t\tFROM " . DB_PHOTOS . " tp\n\t\tLEFT JOIN " . DB_PHOTO_ALBUMS . " ta USING (album_id)\n\t\tLEFT JOIN " . DB_USERS . " tu ON tp.photo_user=tu.user_id\n\t\tLEFT JOIN " . DB_RATINGS . " tr ON tr.rating_item_id = tp.photo_id AND tr.rating_type='P'\n\t\tWHERE photo_id='" . $_GET['photo_id'] . "' GROUP BY tp.photo_id");
$data = dbarray($result);
if (!checkgroup($data['album_access'])) {
redirect(FUSION_SELF);
} else {
define("PHOTODIR", PHOTOS . (!SAFEMODE ? "album_" . $data['album_id'] . "/" : ""));
include INCLUDES . "comments_include.php";
include INCLUDES . "ratings_include.php";
$result = dbquery("UPDATE " . DB_PHOTOS . " SET photo_views=(photo_views+1) WHERE photo_id='" . $_GET['photo_id'] . "'");
$pres = dbquery("SELECT photo_id FROM " . DB_PHOTOS . " WHERE photo_order='" . ($data['photo_order'] - 1) . "' AND album_id='" . $data['album_id'] . "'");
$nres = dbquery("SELECT photo_id FROM " . DB_PHOTOS . " WHERE photo_order='" . ($data['photo_order'] + 1) . "' AND album_id='" . $data['album_id'] . "'");
$fres = dbquery("SELECT photo_id FROM " . DB_PHOTOS . " WHERE photo_order='1' AND album_id='" . $data['album_id'] . "'");
$lastres = dbresult(dbquery("SELECT MAX(photo_order) FROM " . DB_PHOTOS . " WHERE album_id='" . $data['album_id'] . "'"), 0);
$lres = dbquery("SELECT photo_id FROM " . DB_PHOTOS . " WHERE photo_order>='" . $lastres . "' AND album_id='" . $data['album_id'] . "'");
if (dbrows($pres)) {
$prev = dbarray($pres);
}
if (dbrows($nres)) {
$next = dbarray($nres);
}
if (dbrows($fres)) {
$first = dbarray($fres);
}
if (dbrows($lres)) {
$last = dbarray($lres);
}
opentable($locale['450']);
echo "<!--pre_photo-->";
function htmlekle2($id)
{
// bunun tek farki echo yapmaz. return eder.
$id = trim($id);
if ($id == "") {
return "id bo verilmi. (htmlekle2)";
}
if (kayitsayisi("html", "id='{$id}'") == 0) {
return "({$id}) id'li kod bulunamadi. eklemek icin <a href=/kafe/admin/htmlkodekle.php?id={$id}>buraya tiklayiniz</a> ";
}
global $nestcount;
$nestcount++;
if ($nestcount > 100) {
echo "<hr>C*k fazla icice dongu(nest) var.(100 adet)";
exit;
}
$query = "select * from html where id='{$id}'";
$kod = dbresult($query, array("htmlkodu"));
//$kod="<kodadi=$id>".$kod."</kodadi=$id>";
$parcalar = explode("{kod}", $kod[0]);
$sayi = count($parcalar);
$out = "";
$out .= "\n<kodadi={$id}>";
for ($i = 0; $i < $sayi; $i++) {
if (iseven($i)) {
$out .= $parcalar[$i];
} else {
$out .= htmlekle2($parcalar[$i]);
}
}
$nestcount--;
$out .= "</kodadi={$id}>";
return $out;
}
} else {
$fim = "<img src='" . get_image("foldernew") . "' alt='" . $locale['560'] . "' />";
}
} else {
$fim = "<img src='" . get_image("folder") . "' alt='" . $locale['561'] . "' />";
}
echo "<tr>\n";
echo "<td align='center' width='1%' class='tbl2' style='white-space:nowrap'>{$fim}</td>\n";
echo "<td class='tbl1 forum_name'><!--forum_name--><a href='viewforum.php?forum_id=" . $data['forum_id'] . "'>" . $data['forum_name'] . "</a><br />\n";
if ($data['forum_description'] || $moderators) {
echo "<span class='small'>" . nl2br(parseubb($data['forum_description'])) . ($data['forum_description'] && $moderators ? "<br />\n" : "");
echo ($moderators ? "<strong>" . $locale['411'] . "</strong>" . $moderators . "</span>\n" : "</span>\n") . "\n";
}
//subforums begin
$threadcount = dbresult(dbquery("SELECT SUM(forum_threadcount) FROM " . DB_FORUMS . " WHERE " . groupaccess('forum_access') . " AND forum_parent='" . $data['forum_id'] . "' OR forum_id='" . $data['forum_id'] . "'"), 0);
$postcount = dbresult(dbquery("SELECT SUM(forum_postcount) FROM " . DB_FORUMS . " WHERE " . groupaccess('forum_access') . " AND forum_parent='" . $data['forum_id'] . "' OR forum_id='" . $data['forum_id'] . "'"), 0);
$parent_result = dbquery("SELECT forum_id, forum_name, forum_parent FROM " . DB_FORUMS . " WHERE " . groupaccess('forum_access') . " AND forum_parent='" . $data['forum_id'] . "' ORDER BY forum_order");
$i = dbrows($parent_result);
$subforums = $i > 0 ? "<br />\n<span class='small'><strong>" . $locale['412'] . "</strong>\n " : "";
echo $subforums;
while ($parent_data = dbarray($parent_result)) {
$i--;
if ($parent_data['forum_id'] != $data['forum_id']) {
echo "<a href='" . FORUM . "viewforum.php?forum_id=" . $parent_data['forum_id'] . "'>" . $parent_data['forum_name'] . "</a>\n";
if ($i > 0) {
echo " , ";
}
}
}
echo "</td>\n";
echo "<td align='center' width='1%' class='tbl2' style='white-space:nowrap'>" . ($threadcount == 0 ? "0" : $threadcount) . "</td>\n";
function sql_manage_order($db, $id = false, $id_col = false, $cat = false, $cat_col = false, $order, $order_col, $opts = false)
{
/* Revision : save, update, delete */
//sql_manage_order($db, $dmdata['field_id'], "field_id", "", "", $dmdata['field_order'], "field_order", array("mode"=>"update"));
if (is_array($opts)) {
if (array_key_exists("mode", $opts)) {
if ($opts['mode'] == "save") {
$mode = 1;
} elseif ($opts['mode'] == "update") {
$mode = 2;
} elseif ($opts['mode'] == "delete") {
$mode = 3;
}
}
} else {
$mode = 2;
// mode is always on update by default. so $id_col and $id is REQUIRED.
}
if ($mode == "1") {
// save mode
if (!empty($cat) && !empty($cat_col)) {
// nested category
// there is a neet for $cat and $cat_col but id, and id_col not necessary for save.
$result = dbquery("UPDATE " . $db . " SET {$order_col}={$order_col}+1 WHERE {$cat_col}='{$cat}' AND {$order_col}>='{$order}'");
} else {
//no category - single line type
// see that there is no need for [ id, id_col, cat, cat_col ] for straight ordering.
$result = dbquery("UPDATE " . $db . " SET {$order_col}={$order_col}+1 WHERE {$order_col}>='{$order}'");
}
} elseif ($mode == "2") {
// update mode
// in update mode, id and id col is REQUIRED.
$old_order = dbresult(dbquery("SELECT {$order_col} FROM " . $db . " WHERE {$id_col}='{$id}'"), 0);
//print_p(" dbresult(dbquery('SELECT $order_col FROM ".$db." WHERE $id_col='$id''), 0);");
//print_p($old_order);
if (!empty($cat) && !empty($cat_col)) {
if ($old_order !== "0") {
if ($order > $old_order) {
$result = dbquery("UPDATE " . $db . " SET {$order_col}={$order_col}-1 WHERE {$cat_col}='{$cat}' AND {$order_col}>'{$old_order}' AND {$order_col}<='{$order}'");
//echo "Current Order Dropped";
} elseif ($order < $old_order) {
$result = dbquery("UPDATE " . $db . " SET {$order_col}={$order_col}+1 WHERE {$cat_col}='{$cat}' AND {$order_col}<'{$old_order}' AND {$order_col}>='{$order}'");
//echo "Current Order Escalated";
}
}
} else {
//no category - single line type
if ($order > $old_order) {
$result = dbquery("UPDATE " . $db . " SET {$order_col}={$order_col}-1 WHERE {$order_col}>'{$old_order}' AND {$order_col}<='{$order}'");
//echo "Current Order Dropped - $order_col=$order_col-1 from 1 to 5, so all field order that is more than 1 goes 0 and negative, and field order that is less than 5 all less down ";
} elseif ($order < $old_order) {
$result = dbquery("UPDATE " . $db . " SET {$order_col}={$order_col}+1 WHERE {$order_col}<'{$old_order}' AND {$order_col}>='{$order}'");
//echo "Current Order Escalated";
}
}
} elseif ($mode == "3") {
// delete mode
// $id and $id_col is not necessary in delete mode.
if (!empty($cat) && !empty($cat_col)) {
// in nested mode, $cat and $cat_col is REQUIRED.
$result = dbquery("UPDATE " . $db . " SET {$order_col}={$order_col}-1 WHERE {$cat_col}='{$cat}' AND {$order_col}>'{$order}'");
} else {
$result = dbquery("UPDATE " . $db . " SET {$order_col}={$order_col}-1 WHERE {$order_col}>'{$order}'");
}
}
}
redirect(FUSION_SELF . $aidlink . "&error=3");
}
} else {
redirect(FUSION_SELF . $aidlink . "&error=4");
}
} elseif (isset($_POST['btn_save'])) {
$addon_cat_type = stripinput($_POST['addon_cat_type']);
$addon_cat_name = stripinput($_POST['addon_cat_name']);
$addon_cat_description = stripinput($_POST['addon_cat_description']);
$addon_cat_access = stripinput($_POST['addon_cat_access']);
if (empty($addon_cat_name)) {
redirect(FUSION_SELF . $aidlink . "&error=1");
} elseif (dbcount("(*)", DB_ADDON_CATS, "addon_cat_name='{$addon_cat_name}' AND addon_cat_type='{$addon_cat_type}'") != 0) {
redirect(FUSION_SELF . $aidlink . "&error=2");
} else {
$addon_cat_order = dbresult(dbquery("SELECT MAX(addon_cat_order) FROM " . DB_ADDON_CATS . " WHERE addon_cat_type='{$addon_cat_type}'"), 0) + 1;
$result = dbquery("INSERT INTO " . DB_ADDON_CATS . " \r\n\t\t\tVALUES('','" . $addon_cat_type . "', '" . $addon_cat_name . "','" . $addon_cat_description . "','" . $addon_cat_access . "','" . $addon_cat_order . "')");
redirect(FUSION_SELF . $aidlink . "&insert=ok");
}
} else {
$addon_cat_type = "";
$addon_cat_name = "";
$addon_cat_description = "";
$addon_cat_access = "";
opentable($locale['addondb436']);
$cat_formaction = FUSION_SELF . $aidlink;
}
$user_groups = getusergroups();
$access_opts = "";
$sel = "";
while (list($key, $user_group) = each($user_groups)) {
$forum_attach = isnum($_POST['forum_attach']) ? $_POST['forum_attach'] : 0;
$forum_poll = isnum($_POST['forum_poll']) ? $_POST['forum_poll'] : 0;
$forum_vote = isnum($_POST['forum_vote']) ? $_POST['forum_vote'] : 0;
$result = dbquery("UPDATE " . DB_FORUMS . " SET forum_name='{$forum_name}', forum_cat='{$forum_cat}', forum_description='{$forum_description}', forum_moderators='{$forum_mods}', forum_access='{$forum_access}', forum_post='{$forum_post}', forum_reply='{$forum_reply}', forum_attach='{$forum_attach}', forum_poll='{$forum_poll}', forum_vote='{$forum_vote}' WHERE forum_id='" . $_GET['forum_id'] . "'");
// start fb4 mod
$forum_icon = addslash(stripinput($_POST['forum_icon']));
$forum_parent = isset($_POST['forum_parent']) && isNum($_POST['forum_parent']) ? $_POST['forum_parent'] : 0;
$result = dbquery("UPDATE " . $db_prefix . "fb_forums set forum_icon='{$forum_icon}', forum_parent='{$forum_parent}' where forum_id='" . $_GET['forum_id'] . "'");
// end fb4 mod
redirect(FUSION_SELF . $aidlink . "§ion=forums&status=savefu");
} else {
if ($forum_name) {
$forum_order = isnum($_POST['forum_order']) ? $_POST['forum_order'] : "";
$forum_parent = isset($_POST['forum_parent']) && isNum($_POST['forum_parent']) ? $_POST['forum_parent'] : 0;
if (!$forum_order) {
$forum_order = dbresult(dbquery("SELECT MAX(forum_order) FROM " . DB_FORUMS . " f\n\t\t\t\tleft join " . DB_PREFIX . "fb_forums f2 on f2.forum_id=f.forum_id\n\t\t\t\tWHERE f2.forum_parent='{$forum_parent}'"), 0) + 1;
}
$result2 = dbquery("select * from " . DB_FORUMS . " f\n\t\t\tleft join " . DB_PREFIX . "fb_forums f2 on f2.forum_id=f.forum_id\n\t\t\tWHERE forum_cat='{$forum_cat}' AND forum_order>='{$forum_order}'" . ($forum_parent ? " AND f2.forum_parent='{$forum_parent}'" : ""));
while ($data2 = dbarray($result2)) {
$result = dbquery("UPDATE " . DB_FORUMS . " SET forum_order=forum_order+1 where forum_id='" . $data2['forum_id'] . "'");
}
$result = dbquery("INSERT INTO " . DB_FORUMS . " (forum_cat, forum_name, forum_order, forum_description, forum_moderators, forum_access, forum_post, forum_reply, forum_attach, forum_poll, forum_vote, forum_lastpost, forum_lastuser) VALUES ('{$forum_cat}', '{$forum_name}', '{$forum_order}', '{$forum_description}', '', '0', '101', '101', '101', '0', '0', '0', '0')");
$result = dbquery("INSERT INTO " . DB_PREFIX . "fb_forums (forum_id, forum_icon,forum_parent,forum_collapsed) VALUES('" . mysql_insert_id() . "', '', '{$forum_parent}', '0')");
redirect(FUSION_SELF . $aidlink . "§ion=forums&status=savefn");
} else {
redirect(FUSION_SELF . $aidlink . "§ion=forums");
}
}
} elseif (isset($_GET['action']) && $_GET['action'] == "mu" && (isset($_GET['forum_id']) && isnum($_GET['forum_id'])) && (isset($_GET['order']) && isnum($_GET['order']))) {
if (isset($_GET['t']) && $_GET['t'] == "cat") {
$data = dbarray(dbquery("SELECT * FROM " . DB_FORUMS . " WHERE forum_cat='0' AND forum_order='" . $_GET['order'] . "'"));
$inf_admin_image = $inf_adminpanel[$i]['image'] ? $inf_adminpanel[$i]['image'] : "infusion_panel.gif";
if (!dbcount("(admin_id)", DB_ADMIN, "admin_rights='" . $inf_adminpanel[$i]['rights'] . "'")) {
$result = dbquery("INSERT INTO " . DB_ADMIN . " (admin_rights, admin_image, admin_title, admin_link, admin_page) VALUES ('" . $inf_adminpanel[$i]['rights'] . "', '" . $inf_admin_image . "', '" . $inf_adminpanel[$i]['title'] . "', '" . INFUSIONS . $inf_folder . "/" . $inf_adminpanel[$i]['panel'] . "', '4')");
$result = dbquery("SELECT user_id, user_rights FROM " . DB_USERS . " WHERE user_level='103'");
while ($data = dbarray($result)) {
$result2 = dbquery("UPDATE " . DB_USERS . " SET user_rights='" . $data['user_rights'] . "." . $inf_adminpanel[$i]['rights'] . "' WHERE user_id='" . $data['user_id'] . "'");
}
} else {
$error = 1;
}
}
}
if (!$error) {
if (isset($inf_sitelink) && is_array($inf_sitelink) && count($inf_sitelink)) {
for ($i = 1; $i < count($inf_sitelink) + 1; $i++) {
$link_order = dbresult(dbquery("SELECT MAX(link_order) FROM " . DB_SITE_LINKS), 0) + 1;
$result = dbquery("INSERT INTO " . DB_SITE_LINKS . " (link_name, link_url, link_visibility, link_position, link_window, link_order) VALUES ('" . $inf_sitelink[$i]['title'] . "', '" . str_replace("../", "", INFUSIONS) . $inf_folder . "/" . $inf_sitelink[$i]['url'] . "', '" . $inf_sitelink[$i]['visibility'] . "', '1', '0', '" . $link_order . "')");
}
}
if (isset($inf_newtable) && is_array($inf_newtable) && count($inf_newtable)) {
for ($i = 1; $i < count($inf_newtable) + 1; $i++) {
$result = dbquery("CREATE TABLE " . $inf_newtable[$i]);
}
}
if (isset($inf_insertdbrow) && is_array($inf_insertdbrow) && count($inf_insertdbrow)) {
for ($i = 1; $i < count($inf_insertdbrow) + 1; $i++) {
$result = dbquery("INSERT INTO " . $inf_insertdbrow[$i]);
}
}
$result = dbquery("INSERT INTO " . DB_INFUSIONS . " (inf_title, inf_folder, inf_version) VALUES ('" . $inf_title . "', '" . $inf_folder . "', '" . $inf_version . "')");
}
/**
* Site Links Form
*/
private function display_sitelinks_form()
{
$locale = fusion_get_locale();
fusion_confirm_exit();
if (isset($_POST['savelink'])) {
$this->data = array("link_id" => form_sanitizer($_POST['link_id'], 0, 'link_id'), "link_cat" => form_sanitizer($_POST['link_cat'], 0, 'link_cat'), "link_name" => form_sanitizer($_POST['link_name'], '', 'link_name'), "link_url" => form_sanitizer($_POST['link_url'], '', 'link_url'), "link_icon" => form_sanitizer($_POST['link_icon'], '', 'link_icon'), "link_language" => form_sanitizer($_POST['link_language'], '', 'link_language'), "link_visibility" => form_sanitizer($_POST['link_visibility'], '', 'link_visibility'), "link_position" => form_sanitizer($_POST['link_position'], '', 'link_position'), "link_order" => form_sanitizer($_POST['link_order'], '', 'link_order'), "link_window" => form_sanitizer(isset($_POST['link_window']) && $_POST['link_window'] == 1 ? 1 : 0, 0, 'link_window'));
if ($this->data['link_position'] > 3) {
$this->data['link_position'] = form_sanitizer($_POST['link_position_id'], 3, 'link_position_id');
}
if (empty($this->data['link_order'])) {
$max_order_query = "SELECT MAX(link_order) 'link_order' FROM " . DB_SITE_LINKS . "\n " . (multilang_table("SL") ? "WHERE link_language='" . LANGUAGE . "' AND" : "WHERE") . "\n link_cat='" . $this->data['link_cat'] . "'";
$this->data['link_order'] = dbresult(dbquery($max_order_query), 0) + 1;
}
if (\defender::safe()) {
if (!empty($this->data['link_id'])) {
dbquery_order(DB_SITE_LINKS, $this->data['link_order'], "link_order", $this->data['link_id'], "link_id", $this->data['link_cat'], "link_cat", multilang_table("SL"), "link_language", "update");
dbquery_insert(DB_SITE_LINKS, $this->data, 'update');
addNotice("success", $locale['SL_0016']);
} else {
dbquery_order(DB_SITE_LINKS, $this->data['link_order'], "link_order", $this->data['link_id'], "link_id", $this->data['link_cat'], "link_cat", multilang_table("SL"), "link_language", "save");
dbquery_insert(DB_SITE_LINKS, $this->data, 'save');
addNotice("success", $locale['SL_0015']);
}
redirect(clean_request("link_cat=" . $this->data['link_cat'], array('ref'), FALSE));
}
}
echo "<div class='m-t-20'>\n";
echo openform('link_administration_frm', 'post', FUSION_REQUEST);
echo "<div class='row'>\n";
echo "<div class='col-xs-12 col-sm-12 col-md-8 col-lg-8'>\n";
echo form_hidden('link_id', '', $this->data['link_id']);
echo form_textarea('link_name', $locale['SL_0020'], $this->data['link_name'], array('max_length' => 100, 'required' => TRUE, 'error_text' => $locale['SL_0085'], 'form_name' => 'linkform', 'type' => 'bbcode', 'inline' => TRUE));
echo form_text('link_icon', 'Link Icon', $this->data['link_icon'], array('max_length' => 100, 'inline' => TRUE));
echo form_text('link_url', $locale['SL_0021'], $this->data['link_url'], array('required' => TRUE, 'error_text' => $locale['SL_0086'], 'inline' => TRUE));
echo form_text('link_order', $locale['SL_0023'], $this->data['link_order'], array('class' => 'pull-left', 'inline' => TRUE, 'width' => '250px', 'type' => 'number'));
// There will be a trick to manipulate the situation here
if ($this->data['link_position'] > 3) {
$this->data['link_position_id'] = $this->data['link_position'];
$this->data['link_position'] = 4;
}
echo form_select('link_position', $locale['SL_0024'], $this->data['link_position'], array('options' => $this->position_opts, 'inline' => TRUE, 'stacked' => form_text('link_position_id', '', $this->data['link_position_id'], array('required' => true, 'placeholder' => 'ID', 'type' => 'number', 'type' => 'number', 'width' => '150px'))));
add_to_jquery("\n checkLinkPosition( " . $this->data['link_position'] . " );\n \$('#link_position').bind('change', function(e) {\n checkLinkPosition( \$(this).val() );\n });\n ");
echo "</div>\n";
echo "<div class='col-xs-12 col-sm-12 col-md-4 col-lg-4'>\n";
echo form_select_tree("link_cat", $locale['SL_0029'], $this->data['link_cat'], array('input_id' => 'link_categorys', "parent_value" => $locale['parent'], 'width' => '100%', 'query' => multilang_table("SL") ? "WHERE link_language='" . LANGUAGE . "'" : '', 'disable_opts' => $this->data['link_id'], 'hide_disabled' => 1), DB_SITE_LINKS, "link_name", "link_id", "link_cat");
echo form_select('link_language', $locale['global_ML100'], $this->data['link_language'], array('options' => $this->language_opts, 'placeholder' => $locale['choose'], 'width' => '100%'));
echo form_select('link_visibility', $locale['SL_0022'], $this->data['link_visibility'], array('options' => self::get_LinkVisibility(), 'placeholder' => $locale['choose'], 'width' => '100%'));
echo form_checkbox('link_window', $locale['SL_0028'], $this->data['link_window']);
echo "</div>\n";
echo "</div>\n";
echo form_button('savelink', $locale['SL_0040'], $locale['SL_0040'], array('class' => 'btn-primary m-r-10', 'input_id' => 'savelink_2'));
echo form_button("cancel", $locale['cancel'], "cancel", array('input_id' => 'cancel2'));
echo closeform();
echo "</div>\n";
}
