function header($header_text = '', $head = false, $menu = false) { if ($this->head || $head) { echoheader('', $header_text); } if ($menu && $this->menu) { return $this->show_return($this->menu); } }
function help_invoke_main() { $section = REQ('section'); $path = SKIN . '/help/sections/'; $scan = scan_dir($path); $result = array(); foreach ($scan as $id) { $id = str_replace('.tpl', '', $id); if (!$section || $section && $section == $id) { $result[$id] = proc_tpl("help/sections/{$id}"); } } cn_assign('help_sections', $result); if ($section) { echo exec_tpl('window', "style=help/style.css", "title=HELP - {$section}", 'content=' . exec_tpl('help/main')); } else { echoheader('-@help/style.css', 'Help section'); echo exec_tpl('help/main'); echofooter(); } }
public function header($header_text = '', $menu = false, $subhead = '', $css = array(), $script = array()) { if ($this->head) { echoheader('', $header_text); echo $this->superhead; echo $this->style; foreach ($css as $cs) { echo '<style type="text/css" media="all">@import url(' . $cs . ");</style>\n"; } echo $this->script; foreach ($script as $sc) { echo '<script type="text/javascript" src="' . $sc . "\"></script>\n"; } echo $this->subhead; echo $subhead; } $this->head = FALSE; if ($menu && $this->menu) { return $this->show_return($this->menu); } }
\t</div> \t </div> </div> </form> HTML; echofooter(); } else { if ($_REQUEST['action'] == "del" and $id) { if ($_REQUEST['user_hash'] == "" or $_REQUEST['user_hash'] != $dle_login_hash) { die("Hacking attempt! User not found"); } $db->query("DELETE FROM " . PREFIX . "_rss WHERE id = '{$id}'"); $db->query("INSERT INTO " . USERPREFIX . "_admin_logs (name, date, ip, action, extras) values ('" . $db->safesql($member_id['name']) . "', '{$_TIME}', '{$_IP}', '50', '{$id}')"); } echoheader("<i class=\"icon-rss\"></i>" . $lang['opt_rss'], $lang['header_rs_1']); $db->query("SELECT id, url, description FROM " . PREFIX . "_rss ORDER BY id DESC"); while ($row = $db->get_row()) { $row['description'] = stripslashes($row['description']); $menu_link = <<<HTML <div class="btn-group"> <button class="btn btn-default dropdown-toggle" data-toggle="dropdown"><i class="icon-cog"></i> {$lang['filter_action']} <span class="caret"></span></button> <ul class="dropdown-menu text-left"> <li><a href="?mod=rss&action=news&id={$row['id']}"><i class="icon-download"></i> {$lang['rss_news']}</a></li> <li><a href="?mod=rss&action=edit&id={$row['id']}"><i class="icon-pencil"></i> {$lang['rss_edit']}</a></li> \t\t\t<li class="divider"></li> <li><a href="?mod=rss&action=del&user_hash={$dle_login_hash}&id={$row['id']}"><i class="icon-trash"></i> {$lang['rss_del']}</a></li> </ul> </div> HTML; $entries .= "\n <tr>\n <td><b>{$row['id']}</b></td>\n <td style=\"word-break: break-all;\">{$row['url']}</td>\n <td>{$row['description']}</td>\n <td>{$menu_link}</td>\n </tr>";
\t\t <label class="control-label col-lg-2"></label> \t\t <div class="col-lg-10"> \t\t\t<input type="button" onClick="send(); return false;" class="btn btn-green" value="{$lang['btn_send']}"> <input onClick="preview()" type="button" class="btn btn-gray" value="{$lang['btn_preview']}"> \t\t </div> \t\t </div>\t \t\t \t</div> \t </div> </div>\t\t </form>\t\t HTML; echofooter(); } else { echoheader("<i class=\"icon-envelope\"></i>" . $lang['main_newsl'], $lang['header_ne_1']); $group_list = get_groups(); echo <<<HTML <form method="GET" action="" class="form-horizontal"> <input type="hidden" name="mod" value="newsletter"> <input type="hidden" name="action" value="message"> <div class="box"> <div class="box-header"> <div class="title">{$lang['nl_main']}</div> </div> <div class="box-content"> \t<div class="row box-section"> \t \t\t<div class="form-group"> \t\t <label class="control-label col-lg-2">{$lang['nl_type']}</label>
if ($row['id'] and $row['id'] != $catid) { msg("error", $lang['cat_error'], $lang['cat_eradd'], "javascript:history.go(-1)"); } if (in_array($parentid, get_sub_cats($catid))) { msg("error", $lang['cat_error'], $lang['cat_noparentid'], "{$PHP_SELF}?mod=categories"); } $db->query("UPDATE " . PREFIX . "_category set parentid='{$parentid}', name='{$cat_name}', alt_name='{$alt_cat_name}', icon='{$cat_icon}', skin='{$skin_name}', descr='{$description}', keywords='{$keywords}', news_sort='{$news_sort}', news_msort='{$news_msort}', news_number='{$news_number}', short_tpl='{$short_tpl}', full_tpl='{$full_tpl}', metatitle='{$meta_title}' WHERE id='{$catid}'"); $db->query("INSERT INTO " . USERPREFIX . "_admin_logs (name, date, ip, action, extras) values ('" . $db->safesql($member_id['name']) . "', '{$_TIME}', '{$_IP}', '14', '{$cat_name}')"); @unlink(ENGINE_DIR . '/cache/system/category.php'); clear_cache(); msg("info", $lang['cat_editok'], $lang['cat_editok_1'], "{$PHP_SELF}?mod=categories"); } // ******************************************************************************** // List all Categories // ******************************************************************************** echoheader("options", $lang['cat_head']); $categorylist = CategoryNewsSelection(0, 0); $skinlist = SelectSkin(''); echo <<<HTML <form method="post" action=""> <div style="padding-top:5px;padding-bottom:2px;"> <table width="100%"> <tr> <td width="4"><img src="engine/skins/images/tl_lo.gif" width="4" height="4" border="0"></td> <td background="engine/skins/images/tl_oo.gif"><img src="engine/skins/images/tl_oo.gif" width="1" height="4" border="0"></td> <td width="6"><img src="engine/skins/images/tl_ro.gif" width="6" height="4" border="0"></td> </tr> <tr> <td background="engine/skins/images/tl_lb.gif"><img src="engine/skins/images/tl_lb.gif" width="4" height="1" border="0"></td> <td style="padding:5px;" bgcolor="#FFFFFF"> <table width="100%">
die("Hacking attempt! User not found"); } $selected_complaint = $_POST['selected_complaint']; if (!$selected_complaint) { msg("error", $lang['mass_error'], $lang['opt_complaint_6'], "?mod=complaint"); } foreach ($selected_complaint as $complaint) { $complaint = intval($complaint); $db->query("DELETE FROM " . PREFIX . "_complaint WHERE id = '{$complaint}'"); } $db->query("INSERT INTO " . USERPREFIX . "_admin_logs (name, date, ip, action, extras) values ('" . $db->safesql($member_id['name']) . "', '{$_TIME}', '{$_IP}', '22', '')"); header("Location: ?mod=complaint"); die; } $found = false; echoheader("", ""); echo <<<HTML <script type="text/javascript"> <!-- begin function popupedit( name ){ \t\tvar rndval = new Date().getTime(); \t\t\$('body').append('<div id="modal-overlay" style="position: fixed; top: 0; left: 0; width: 100%; height: 100%; background: #666666; opacity: .40;filter:Alpha(Opacity=40); z-index: 999; display:none;"></div>'); \t\t\$('#modal-overlay').css({'filter' : 'alpha(opacity=40)'}).fadeIn('slow'); \t \t\t\$("#dleuserpopup").remove(); \t\t\$("body").append("<div id='dleuserpopup' title='{$lang['user_edhead']}' style='display:none'></div>"); \t \t\t\$('#dleuserpopup').dialog({ \t\t\tautoOpen: true,
\t\t </div>\t\t \t</div> \t </div> </div> <input type="hidden" name="user_hash" value="{$dle_login_hash}" /> </form> <script type="text/javascript"> \t\$(function(){ \t\t \$(".cat_select").chosen({allow_single_deselect:true, no_results_text: '{$lang['addnews_cat_fault']}'}); \t}); </script> HTML; echofooter(); } else { echoheader("<i class=\"icon-bar-chart\"></i>" . $lang['header_votes'], $lang['editvote']); echo "\n <script language=\"javascript\">\n <!-- begin\n function confirmdelete(id){\n\t DLEconfirm( '{$lang['vote_confirm']}', '{$lang['p_confirm']}', function () {\n\t\t\tdocument.location=\"?mod=editvote&action=delete&user_hash={$dle_login_hash}&id=\"+id;\n\t\t} );\n }\n function confirmclear(id){\n\t DLEconfirm( '{$lang['vote_clear']}', '{$lang['p_confirm']}', function () {\n\t\t\tdocument.location=\"?mod=editvote&action=clear&user_hash={$dle_login_hash}&id=\"+id;\n\t\t} );\n }\n // end -->\n </script>"; $db->query("SELECT * FROM " . PREFIX . "_vote ORDER BY id DESC"); $entries = ""; while ($row = $db->get_row()) { $item_id = $row['id']; $item_date = date("d.m.Y", strtotime($row['date'])); $title = htmlspecialchars(stripslashes($row['title']), ENT_QUOTES, $config['charset']); if ($row['start']) { $start_date = date("d.m.Y H:i", $row['start']); } else { $start_date = "--"; } if ($row['end']) { $end_date = date("d.m.Y H:i", $row['end']); } else {
if ($row['votes']) { $poll = $db->super_query("SELECT * FROM " . PREFIX . "_poll where news_id = '{$row['id']}'"); $poll['title'] = $parse->decodeBBCodes($poll['title'], false); $poll['frage'] = $parse->decodeBBCodes($poll['frage'], false); $poll['body'] = $parse->decodeBBCodes($poll['body'], false); $poll['multiple'] = $poll['multiple'] ? "checked" : ""; } $expires = $db->super_query("SELECT * FROM " . PREFIX . "_post_log where news_id = '{$row['id']}'"); if ($expires['expires']) { $expires['expires'] = date("Y-m-d", $expires['expires']); } $js_array[] = "engine/skins/calendar.js"; $js_array[] = "engine/skins/tabs.js"; $js_array[] = "engine/skins/autocomplete.js"; $js_array[] = "engine/skins/chosen/chosen.js"; echoheader("editnews", $lang['edit_head']); if (!$user_group[$member_id['user_group']]['allow_html']) { $config['allow_admin_wysiwyg'] = 0; } // Доп. поля $xfieldsaction = "categoryfilter"; include ENGINE_DIR . '/inc/xfields.php'; echo $categoryfilter; echo <<<HTML <script type="text/javascript"> <!-- begin function popupedit( name ){ \t\tvar rndval = new Date().getTime(); \t\t\$('body').append('<div id="modal-overlay" style="position: fixed; top: 0; left: 0; width: 100%; height: 100%; background: #666666; opacity: .40;filter:Alpha(Opacity=40); z-index: 999; display:none;"></div>');
function msg($type, $title, $text, $back = FALSE) { global $lang; if ($back) { $back = "<br /><br> <a class=main href=\"{$back}\">{$lang['func_msg']}</a>"; } echoheader($type, $title); echo <<<HTML <div style="padding-top:5px;padding-bottom:2px;"> <table width="100%"> <tr> <td width="4"><img src="engine/skins/images/tl_lo.gif" width="4" height="4" border="0"></td> <td background="engine/skins/images/tl_oo.gif"><img src="engine/skins/images/tl_oo.gif" width="1" height="4" border="0"></td> <td width="6"><img src="engine/skins/images/tl_ro.gif" width="6" height="4" border="0"></td> </tr> <tr> <td background="engine/skins/images/tl_lb.gif"><img src="engine/skins/images/tl_lb.gif" width="4" height="1" border="0"></td> <td style="padding:5px;" bgcolor="#FFFFFF"> <table width="100%"> <tr> <td bgcolor="#EFEFEF" height="29" style="padding-left:10px;"><div class="navigation">{$title}</div></td> </tr> </table> <div class="unterline"></div> <table width="100%"> <tr> <td height="100" align="center">{$text} {$back}</td> </tr> </table> </td> <td background="engine/skins/images/tl_rb.gif"><img src="engine/skins/images/tl_rb.gif" width="6" height="1" border="0"></td> </tr> <tr> <td><img src="engine/skins/images/tl_lu.gif" width="4" height="6" border="0"></td> <td background="engine/skins/images/tl_ub.gif"><img src="engine/skins/images/tl_ub.gif" width="1" height="6" border="0"></td> <td><img src="engine/skins/images/tl_ru.gif" width="6" height="6" border="0"></td> </tr> </table> </div> HTML; echofooter(); exit; }
http://dle-news.ru/ ----------------------------------------------------- Copyright (c) 2004,2013 SoftNews Media Group ===================================================== Данный код защищен авторскими правами ===================================================== Файл: main.php ----------------------------------------------------- Назначение: Статистика и автопроверка ===================================================== */ if (!defined('DATALIFEENGINE') or !defined('LOGGED_IN')) { die("Hacking attempt!"); } $js_array[] = "engine/skins/tabset.js"; echoheader("home", ""); $config['max_users_day'] = intval($config['max_users_day']); $maxmemory = @ini_get('memory_limit') != '' ? @ini_get('memory_limit') : $lang['undefined']; $disabledfunctions = strlen(ini_get('disable_functions')) > 1 ? @ini_get('disable_functions') : $lang['undefined']; $disabledfunctions = str_replace(",", ", ", $disabledfunctions); $safemode = @ini_get('safe_mode') == 1 ? $lang['safe_mode_on'] : $lang['safe_mode_off']; $licence = $lang['licence_full']; $offline = $config['site_offline'] == "no" ? $lang['safe_mode_on'] : "<font color=\"red\">" . $lang['safe_mode_off'] . "</font>"; if (function_exists('apache_get_modules')) { if (array_search('mod_rewrite', apache_get_modules())) { $mod_rewrite = $lang['safe_mode_on']; } else { $mod_rewrite = "<font color=\"red\">" . $lang['safe_mode_off'] . "</font>"; } } else { $mod_rewrite = $lang['undefined'];
$format_file = strtolower(end(explode('.', $file_open))); if (is_writable($file_open) && in_array($format_file, $allowed_extensions) && file_exists($file_open)) { $file = fopen($file_open, "r+"); file_put_contents($file_open, ''); fputs($file, $content); fclose($file); echo 'Файл шаблона был успешно сохранён!'; } else { echo 'Файл шаблона не найден'; } die; break; //################### Главная ###################// //################### Главная ###################// default: echoheader(900); //Если загружаем другой шаблон if (isset($_POST['chahe_skin'])) { $config['temp'] = strip_data($_POST['newtemp']); } echohtmlstart("Управление шаблонами"); //Чтение всех шаблон в папке "templates" $root = ROOT_DIR . '/templates/'; $root_dir = scandir($root); foreach ($root_dir as $templates) { if ($templates != '.' && $templates != '..' && $templates != '.htaccess') { $for_select .= str_replace('value="' . $config['temp'] . '"', 'value="' . $config['temp'] . '" selected', '<option value="' . $templates . '">' . $templates . '</option>'); } } echo "<form method=\"POST\" action=\"\"><div class=\"fllogall\" style=\"width:240px\">Выбранный шаблон для редактирования:</div>\r\n\t\t<select name=\"newtemp\" class=\"inpu fl_l\">{$for_select}</select>\r\n\t\t<div class=\"button_div fl_l\" style=\"margin-left:10px;margin-top:-10px;margin-bottom:5px\"><button name=\"chahe_skin\" class=\"inp\" >Выполнить</button></div>\r\n\t\t<div class=\"mgcler\"></div></form>"; htmlclear();
$regemail = sane_post_var($regemail); $regpassword = sane_post_var($regpassword); $all_users = file("./data/users.db.php"); foreach ($all_users as $user_line) { $user_arr = explode("|", $user_line); if ($user_arr[2] == $regusername) { msg("error", "Username Conflict", "This username is already taken"); } } $add_time = time() + $config_date_adjust * 60; $regpassword = md5(md5($regpassword)); $old_users_file = file("./data/users.db.php"); $new_users_file = fopen("./data/users.db.php", "a"); fwrite($new_users_file, "{$add_time}|{$config_users_deflevel}|{$regusername}|{$regpassword}|{$regnickname}|{$regemail}|0|0||||||||\n"); fclose($new_users_file); msg("user", "Commenter Added", "You were successfully added to our database.<br />You may now <a href=\"index.php\">login</a>."); } else { echoheader("user", "Please Login"); echo "<div style=\"float: left;\">\n <form id=\"login\" action=\"{$PHP_SELF}\" method=\"post\">\n \t<p>\n \t<label for=\"username\">Username</label><br />\n \t<input tabindex=\"1\" size=\"28\" id=\"username\" type=\"text\" name=\"username\" value=\"{$lastusername}\" />\n \t</p>\n \t<p>\n \t<label for=\"password\">Password</label><br />\n \t<input tabindex=\"2\" size=\"28\" id=\"password\" type=\"password\" name=\"password\" />\n \t</p>\n \t<p>\n\t\t<input tabindex=\"3\" accesskey=\"s\" type=\"submit\" value=\" Login... \" />\n\t\t</p>\n\t\t<p>\n\t\t{$result}\n\t\t<input type=\"hidden\" name=\"action\" value=\"dologin\" />\n\t\t</p>\n </form>\n\t"; if ($config_users_selfregister == "allow") { echo "<form id=\"newreg\" action=\"{$PHP_SELF}\" method=\"post\">\n\t\t\t<p>\n\t\t\t\t<input type=\"hidden\" name=\"action\" value=\"registerform\" />\n\t\t\t\t<input type=\"submit\" accesskey=\"n\" size=\"28\" tabindex=\"4\" value=\"New user\" />\n\t\t\t</p>\n\t\t\t</form>"; } echo "\n\t</div>"; } echo "\n<div id=\"main_boxcontent\">\n\t<div class=\"boxcontent_box\">\n\t<h3>About AJ-Fork</h3>\n<p>\nAj-Fork is a branch of the CuteNews script by <a href=\"http://www.cutephp.com\">CutePHP / Flexer</a>. It focuses on adding\nuseful hacks, security updates, a plugin architecture and general code updates in the absence of periodical official CuteNews releases.</p>\n<p>AJ-Fork is Licensed under the GNU GPL license (inherited from CuteNews - read the accompanying LICENSE file).</p>\n<p>Copyright 2004 <a href=\"http://appelsinjuice.org/\">Øivind Hoel</a>\n</p>\n\t</div>\n</div>\n"; echofooter(); } elseif ($is_loged_in == TRUE) { //---------------------------------- // Check Referer //---------------------------------- if ($config_check_referer == TRUE) {
$category_list[] = $value; } else { $category_list[] = intval($value); } } $category = $db->safesql(implode(',', $category_list)); $title = $db->safesql($parse->BB_Parse($parse->process($_POST['title']), false)); $body = $db->safesql($parse->BB_Parse($parse->process($_POST['body']), false)); $id = intval($_REQUEST['id']); $db->query("UPDATE " . PREFIX . "_vote set category='{$category}', title='{$title}', body='{$body}', start='{$start_date}', end='{$end_date}' where id={$id}"); @unlink(ENGINE_DIR . '/cache/system/vote.php'); $db->query("INSERT INTO " . USERPREFIX . "_admin_logs (name, date, ip, action, extras) values ('" . $db->safesql($member_id['name']) . "', '{$_TIME}', '{$_IP}', '3', '{$title}')"); msg("info", $lang['vote_str_4'], $lang['vote_str_4'], "?mod=editvote"); } elseif (!$stop) { $js_array[] = "engine/skins/calendar.js"; echoheader("vote", $lang[addvote]); $canedit = false; $start_date = ""; $stop_date = ""; // ******************************************************************************** // Add Form // ******************************************************************************** if ($_GET['action'] == "edit" && $id != '') { $canedit = true; $row = $db->super_query("SELECT * FROM " . PREFIX . "_vote WHERE id='{$id}' LIMIT 0,1"); $title = $parse->decodeBBCodes($row['title'], false); $body = $parse->decodeBBCodes($row['body'], false); $icategory = explode(',', $row['category']); if ($row['category'] == "all") { $all_cats = "selected"; } else {
user_addban($add_ip); } // from editcomments if ($action == "quickadd") { die_stat(false, str_replace('%1', $add_ip, lang('The IP %1 is now banned from commenting'))); } } elseif ($action == "remove") { if (empty($remove_ip)) { msg("error", lang('Error!'), lang("The IP or nick cannot be blank"), '#GOBACK'); } user_remove_ban($remove_ip); } // ******************************************************************************** // List all IP // ******************************************************************************** echoheader("options", lang("Blocking IP / Nickname"), make_breadcrumbs('main/options=options/Block IP or nickname')); $c = 0; $iplist = array(); // read all lines $ips = fopen(SERVDIR . '/cdata/ipban.db.php', 'r'); while (!feof($ips)) { $dip = explode('|', fgets($ips)); if (empty($dip[0])) { continue; } if (substr($dip[0], 0, 2) == '<' . '?') { continue; } $e = $dip[2] ? format_date($dip[2], 'since-short') : 'never'; $iplist[] = array('ip' => $dip[0], 'bg' => $c++ % 2 ? 'bgcolor="#F7F8FF"' : '', 'times' => $dip[1], 'expire' => $e); }
item_category = document.all["category"]; } else if (document.layers) { item_type = document.layers["type"]; item_category = document.layers["category"]; } if (item_type) { onTypeChange(item_type.value); onCategoryChange(item_category.value); } // --> </script> <?php echofooter(); break; default: echoheader("options", ""); ?> <form action="<?php echo $_SERVER["PHP_SELF"]; ?> " method="get" name="xfieldsform"> <input type="hidden" name="mod" value="xfields"> <input type="hidden" name="xfieldsaction" value="configure"> <input type="hidden" name="xfieldssubactionadd" value=""> <input type="hidden" name="user_hash" value="<?php echo $dle_login_hash; ?> "> <div style="padding-top:5px;padding-bottom:2px;"> <table width="100%"> <tr>
} if (file_exists(ROOT_DIR . '/language/' . $selected_language . '/adminlogs.lng')) { require_once ROOT_DIR . '/language/' . $selected_language . '/adminlogs.lng'; } $start_from = intval($_REQUEST['start_from']); $config['adminlog_maxdays'] = intval($config['adminlog_maxdays']); $news_per_page = 50; if ($start_from < 0) { $start_from = 0; } if ($config['adminlog_maxdays'] < 30) { $config['adminlog_maxdays'] = 30; } $thisdate = $_TIME - $config['adminlog_maxdays'] * 3600 * 24; $db->query("DELETE FROM " . USERPREFIX . "_admin_logs WHERE date < '{$thisdate}'"); echoheader("<i class=\"icon-globe\"></i>" . $lang['opt_logs'], $lang['header_log_1']); if ($action == "auth") { $lang['opt_logsc'] = $lang['admin_logs_auth']; } echo <<<HTML <script language="javascript" type="text/javascript"> <!-- function popupedit( name ){ \t\tvar rndval = new Date().getTime(); \t\t\$('body').append('<div id="modal-overlay" style="position: fixed; top: 0; left: 0; width: 100%; height: 100%; background: #666666; opacity: .40;filter:Alpha(Opacity=40); z-index: 999; display:none;"></div>'); \t\t\$('#modal-overlay').css({'filter' : 'alpha(opacity=40)'}).fadeIn('slow'); \t \t\t\$("#dleuserpopup").remove(); \t\t\$("body").append("<div id='dleuserpopup' title='{$lang['user_edhead']}' style='display:none'></div>");
Назначение: настройка пользователей ===================================================== */ if (!defined('DATALIFEENGINE') or !defined('LOGGED_IN')) { die("Hacking attempt!"); } if (!$user_group[$member_id['user_group']]['admin_editusers']) { msg("error", $lang['index_denied'], $lang['index_denied']); } $id = intval($_REQUEST['id']); // ******************************************************************************** // Список пользователей // ******************************************************************************** if ($action == "list") { $js_array[] = "engine/skins/calendar.js"; echoheader("users", $lang['user_head']); echo <<<HTML <script type="text/javascript"> <!-- begin function popupedit( id ){ \t\tvar rndval = new Date().getTime(); \t\t\$('body').append('<div id="modal-overlay" style="position: fixed; top: 0; left: 0; width: 100%; height: 100%; background: #666666; opacity: .40;filter:Alpha(Opacity=40); z-index: 999; display:none;"></div>'); \t\t\$('#modal-overlay').css({'filter' : 'alpha(opacity=40)'}).fadeIn('slow'); \t \t\t\$("#dleuserpopup").remove(); \t\t\$("body").append("<div id='dleuserpopup' title='{$lang['user_edhead']}' style='display:none'></div>"); \t \t\t\$('#dleuserpopup').dialog({ \t\t\tautoOpen: true,
function msg($type, $title, $text, $back = FALSE) { echoheader($type, $title); global $lang; echo "{$text}"; if ($back) { echo "<br /><br /> <a href=\"{$back}\">go back</a>"; } echofooter(); exit; }
flock($new_db, LOCK_UN); fclose($new_db); if (count($selected_news) == $moved_articles) { msg("info", lang("News Moved"), str_replace('%1', $moved_articles, lang("All articles that you selected (%1) were moved to the specified category"))); } else { msg("error", lang("News Moved (with errors)"), str_replace(array('%1', '%2'), array($moved_articles, count($selected_news)), lang("%1 of %2 articles that you selected were moved to the specified category"))); } } elseif ($action == "mass_archive") { if (!$selected_news) { msg("error", lang('Error!'), lang("You have not specified any articles"), "#GOBACK"); } if ($source != "") { msg("error", lang('Error!'), lang("These news are already archived or are in postpone queue"), "#GOBACK"); } $CSRF = CSRFMake(); echoheader("options", lang("Send News To Archive")); echo "<form method=post action=\"{$PHP_SELF}\">\n <table border=0 cellpadding=0 cellspacing=0 width=100% height=100%><tr><td >" . lang('Are you sure you want to send all selected news to the archive') . " (<b>" . count($selected_news) . "</b>)?<br><br>\n <input type=button value=\" No \" onclick=\"javascript:document.location='{$PHP_SELF}?mod=editnews&action=list&source={$source}'\"> <input type=submit value=\" " . lang('Yes') . " \">\n <input type=hidden name=action value=\"do_mass_archive\">\n <input type=hidden name=csrf_code value=\"{$CSRF}\">\n <input type=hidden name=mod value=\"massactions\">"; foreach ($selected_news as $newsid) { echo "<input type=hidden name=selected_news[] value=\"{$newsid}\">\n"; } echo "</td></tr></table></form>"; echofooter(); } elseif ($action == "do_mass_archive") { CSRFCheck(); if ($member_db[UDB_ACL] != ACL_LEVEL_ADMIN) { msg("error", lang("Access Denied"), lang("You can not perform this action if you are not admin"), "#GOBACK"); } if (!$selected_news) { msg("error", lang('Error!'), lang("You have not specified any articles"), "#GOBACK"); } if (!is_writable(SERVDIR . "/cdata/archives/")) {
msg("error", $lang['index_denied'], $lang['static_not_allowed']); } $row['template'] = htmlspecialchars(stripslashes($row['template'])); } else { if ($row['allow_br'] != '1' or $config['allow_static_wysiwyg'] == "yes") { $row['template'] = $parse->decodeBBCodes($row['template'], true, $config['allow_static_wysiwyg']); } else { $row['template'] = $parse->decodeBBCodes($row['template'], false); } } $skinlist = SelectSkin($row['template_folder']); $row['descr'] = stripslashes($row['descr']); $row['metatitle'] = stripslashes($row['metatitle']); $itemdate = @date("Y-m-d H:i", $row['date']); $js_array[] = "engine/skins/calendar.js"; echoheader("static", "static"); echo <<<HTML <!-- calendar stylesheet --> <link rel="stylesheet" type="text/css" media="all" href="engine/skins/calendar-blue.css" title="win2k-cold-1" /> <script language="javascript"> function CheckStatus(Form){ \tif(Form.allow_date.checked) { \t\tForm.allow_now.disabled = true; \t\tForm.allow_now.checked = false; \t} else { \t\tForm.allow_now.disabled = false; \t} } function confirmdelete(id) {
<div class="mgcler"></div> <div class="fllogall" style="width:140px"> </div> <input type="submit" value="Сохранить" class="inp" name="save" style="margin-top:0px" /> <input type="submit" value="Назад" class="inp" style="margin-top:0px" onClick="history.go(-1); return false" /> </form> HTML; echohtmlend(); } } else { msgbox('Ошибка', 'Сообщество не найдено', '?mod=groups'); } die; } echoheader(); $se_uid = intval($_GET['se_uid']); if (!$se_uid) { $se_uid = ''; } $se_user_id = intval($_GET['se_user_id']); if (!$se_user_id) { $se_user_id = ''; } $sort = intval($_GET['sort']); $se_name = textFilter($_GET['se_name'], false, true); if ($se_uid or $sort or $se_name or $se_user_id or $_GET['ban'] or $_GET['delet']) { if ($se_uid) { $where_sql .= "AND id = '" . $se_uid . "' "; } if ($se_user_id) {
} function makeDropDown($options, $name, $selected) { $output = "<select size=1 name=\"{$name}\">\r\n"; foreach ($options as $value => $description) { $output .= "<option value=\"{$value}\""; if ($selected == $value) { $output .= " selected "; } $output .= ">{$description}</option>\n"; } $output .= "</select>"; return $output; } // ---------- show options echoheader("options", lang("System Configuration"), make_breadcrumbs($bc)); echo proc_tpl('options/syscon.top', array('add_fields' => hook('field_options_buttons'))); if (!($handle = opendir(SERVDIR . "/skins"))) { die_stat(false, "Can not open directory ./skins "); } while (false !== ($file = readdir($handle))) { $file_arr = explode(".", $file); if ($file_arr[1] == "skin") { $sys_con_skins_arr[$file_arr[0]] = $file_arr[0]; } elseif ($file_arr[1] == "lang") { $sys_con_langs_arr[$file_arr[0]] = $file_arr[0]; } } closedir($handle); // News if (is_dir(SERVDIR . '/core/ckeditor')) {
function msgbox($title, $text, $link = false) { echoheader(); echohtmlstart($title); echo '<center>' . $text . '<br /><a href="' . $link . '">Вернуться назад</a></center>'; echohtmlend(); }
function header() { echoheader($this->lang['title'] . " v." . $this->config['version'], $this->lang['desc']); echo "<link href=\"engine/modules/billing/theme/styles.css\" media=\"screen\" rel=\"stylesheet\" type=\"text/css\" />"; echo '<script src="engine/modules/billing/theme/highcharts.js"></script> <script src="engine/modules/billing/theme/exporting.js"></script>'; echo '<script type="text/javascript"> function checkAll(obj) { var items = obj.form.getElementsByTagName("input"), len, i; for (i = 0, len = items.length; i < len; i += 1) { if (items.item(i).type && items.item(i).type === "checkbox") { if (obj.checked) { items.item(i).checked = true; } else { items.item(i).checked = false; } } } } function selectText(){ var oTextBox = document.getElementById("someTextField"); oTextBox.focus(); oTextBox.select(); } </script>'; return ""; }
echofooter(); } elseif ($action == "dosaverss") { if (strpos($rss_news_include_url, 'http://') === false) { msg("error", lang('Error!'), lang("The URL where you include your news must start with <b>http://</b>")); } $handler = fopen(SERVDIR . "/cdata/rss_config.php", "w") or msg("error", lang('Error!'), "Can not open file ./cdata/rss_config.php"); fwrite($handler, "<?PHP \n\n//RSS Configurations (Auto Generated file)\n\n"); fwrite($handler, "\$rss_news_include_url = \"" . htmlspecialchars($rss_news_include_url) . "\";\n\n"); fwrite($handler, "\$rss_title = \"" . htmlspecialchars($rss_title) . "\";\n\n"); fwrite($handler, "\$rss_encoding = \"" . htmlspecialchars($rss_encoding) . "\";\n\n"); fwrite($handler, "\$rss_language = \"" . htmlspecialchars($rss_language) . "\";\n\n"); fwrite($handler, "?>"); fclose($handler); msg("wizard", lang("RSS Configuration Saved"), lang("The configurations were saved successfully") . ".<br><br><input onClick=\"document.location='{$PHP_SELF}?mod=wizards&action=customizerss';\" type=button value='Proceed With RSS Customization >>'>"); } elseif ($action == "customizerss") { echoheader("wizard", lang("RSS Customization"), make_breadcrumbs('main/options=options/wizards=Choose Wizards/wizards:rss=Rss Setup/wizards:rss_step2=Configuration/Complete')); // Detect the categories (if any) $cat_lines = file(SERVDIR . "/cdata/category.db.php"); if (count($cat_lines) > 0) { $cat_options .= '<select style="" id=categories multiple size=5>' . "\n"; foreach ($cat_lines as $single_line) { $cat_arr = explode("|", $single_line); $cat_options .= "<option value=\"{$cat_arr['0']}\">(ID:{$cat_arr['0']}) {$cat_arr['1']}</option>\n"; } $cat_options .= "</select><br><label for=allcategories><input onclick=\"if(this.checked){getElementById('categories').style.display='none';}else{getElementById('categories').style.display='';}\" type=checkbox id=allcategories value=yes>" . lang('Or show from all Categories') . "</label>"; } else { $cat_options = lang("You do not have any categories") . ". <input type=hidden id=categories><input type=hidden id=allcategories>"; } // Show the HTML echo proc_tpl('wizard/customizerss', array('config_http_script_dir' => $config_http_script_dir, 'cat_options' => $cat_options)); echofooter();
if (stripos($image, ".htaccess") !== false) { die("Hacking attempt!"); } $img_name_arr = explode(".", $image); $type = totranslit(end($img_name_arr)); if (!in_array($type, $allowed_extensions)) { die("Hacking attempt!"); } @unlink($config_path_image_upload . $image); @unlink($config_path_image_upload . "thumbs/" . $image); @unlink($config_path_image_upload . "medium/" . $image); $db->query("INSERT INTO " . USERPREFIX . "_admin_logs (name, date, ip, action, extras) values ('" . $db->safesql($member_id['name']) . "', '{$_TIME}', '{$_IP}', '37', '{$image}')"); } } $js_array[] = "engine/classes/uploads/html5/fileuploader.js"; echoheader("<i class=\"icon-file-alt\"></i>" . $lang['header_f_1'], $lang['header_f_2']); $folder_list = "<select class=\"uniform\" onchange=\"window.open(this.options[this.selectedIndex].value,'_top')\"><option value=\"?mod=files\">--</option>"; $current_dir = opendir(ROOT_DIR . "/uploads"); while ($entryname = readdir($current_dir)) { if (is_dir(ROOT_DIR . "/uploads/{$entryname}") and ($entryname != "." and $entryname != ".." and $entryname != "files")) { if ($userdir == $entryname . "/") { $sel_dir = "selected"; } else { $sel_dir = ""; } if ($entryname == "fotos") { $listname = $lang['images_foto']; } elseif ($entryname == "thumbs") { $listname = $lang['images_thumb']; } elseif ($entryname == "posts") { $listname = $lang['images_news'];
$symbol_count++; if ($symbol_count == $word_count) { $result .= ' '; $symbol_count = 0; $new_word = true; } } return $result; } if ($action == 'update') { $need_update = false; $last_version_file = fopen("http://cutephp.com/cutenews/latest_version.php", "r"); ob_start(); fpassthru($last_version_file); list($last_version, $last_version_name) = explode('|', ob_get_clean()); if ($last_version > $config_version_id) { $need_update = true; } if ($need_update) { $update_key = base64_encode(create_random_string(50, 7)); $update_temp = fopen(SERVDIR . '/cdata/update_temp.php', "w"); fwrite($update_temp, "<?php\n\$update_key='" . $update_key . "';\n?>"); fclose($update_temp); setcookie('update', $update_key, time() + 60 * 60, '/'); echoheader('info', lang("Update status"), make_breadcrumbs('main/options=options/Update Status')); echo proc_tpl('update/status'); echofooter(); } else { msg('info', lang('Update status'), lang('No update: your revision is the latest one')); } }
</tr> <tr> <td><img src="engine/skins/images/tl_lu.gif" width="4" height="6" border="0"></td> <td background="engine/skins/images/tl_ub.gif"><img src="engine/skins/images/tl_ub.gif" width="1" height="6" border="0"></td> <td><img src="engine/skins/images/tl_ru.gif" width="6" height="6" border="0"></td> </tr> </table> </div></form> HTML; echofooter(); exit; } elseif ($action == "mass_edit_author") { if ($member_id['user_group'] != 1) { msg("error", $lang['index_denied'], $lang['index_denied'], $_SESSION['admin_referrer']); } echoheader("options", $lang['mass_cat']); $count = count($selected_news); echo <<<HTML <form action="{$PHP_SELF}" method="post"> <div style="padding-top:5px;padding-bottom:2px;"> <table width="100%"> <tr> <td width="4"><img src="engine/skins/images/tl_lo.gif" width="4" height="4" border="0"></td> <td background="engine/skins/images/tl_oo.gif"><img src="engine/skins/images/tl_oo.gif" width="1" height="4" border="0"></td> <td width="6"><img src="engine/skins/images/tl_ro.gif" width="6" height="4" border="0"></td> </tr> <tr> <td background="engine/skins/images/tl_lb.gif"><img src="engine/skins/images/tl_lb.gif" width="4" height="1" border="0"></td> <td style="padding:5px;" bgcolor="#FFFFFF"> <table width="100%"> <tr>
if (!$row['users_id']) { $db->query("INSERT INTO " . USERPREFIX . "_banned (users_id, descr, date, days) values ('{$id}', '{$banned_descr}', '{$this_time}', '{$banned_date}')"); } else { if ($row['days'] != $banned_date) { $db->query("UPDATE " . USERPREFIX . "_banned SET descr='{$banned_descr}', days='{$banned_date}', date='{$this_time}' WHERE users_id = '{$id}'"); } else { $db->query("UPDATE " . USERPREFIX . "_banned set descr='{$banned_descr}' WHERE users_id = '{$id}'"); } } @unlink(ENGINE_DIR . '/cache/system/banned.php'); $db->query("UPDATE " . USERPREFIX . "_users SET banned='yes' WHERE user_id ='{$id}'"); } clear_cache(); msg("info", $lang['massusers_head_3'], $lang['massusers_banok'], "?mod=editusers&action=list"); } elseif ($_POST['action'] == "mass_delete_pm") { echoheader("options", $lang['mass_head']); echo <<<HTML <form action="{$PHP_SELF}" method="post"> <div style="padding-top:5px;padding-bottom:2px;"> <table width="100%"> <tr> <td width="4"><img src="engine/skins/images/tl_lo.gif" width="4" height="4" border="0"></td> <td background="engine/skins/images/tl_oo.gif"><img src="engine/skins/images/tl_oo.gif" width="1" height="4" border="0"></td> <td width="6"><img src="engine/skins/images/tl_ro.gif" width="6" height="4" border="0"></td> </tr> <tr> <td background="engine/skins/images/tl_lb.gif"><img src="engine/skins/images/tl_lb.gif" width="4" height="1" border="0"></td> <td style="padding:5px;" bgcolor="#FFFFFF"> <table width="100%"> <tr> <td bgcolor="#EFEFEF" height="29" style="padding-left:10px;"><div class="navigation">{$lang['massusers_head_4']}</div></td>