function getLoginJSONP($type) { require_once "../leader/jsupport.php"; $success = false; $username = ""; $key = ""; //Ignore any messages from the login system that may corrupt our JSON ob_start(); if (array_key_exists("username", $_COOKIE) && array_key_exists("key", $_COOKIE)) { //We may have saved these via javascript. Try loading them $username = strtolower($_COOKIE["username"]); $key = $_COOKIE["key"]; $success = true; } else { if (checkPostLogin() == 7) { //Can we log in with leaderboards? $username = strtolower(getPostValue("username")); $key = getKey($username); $success = true; } else { //Nope $success = false; } } ob_end_clean(); //Return their key formatted as specified if ($success) { if ($type === "JS") { return "webchat.setUser(\"{$username}\", \"{$key}\", \"true\"); webchat.connect();"; } else { if ($type === "JSON") { return json_encode(array("success" => true, "username" => $username, "key" => $key)); } } } else { if ($type === "JS") { return "webchat.enableLogin(true); webchat.setLoginStatus(\"No Saved Login Found\");"; } else { if ($type === "JSON") { return json_encode(array("success" => false)); } } } }
/** * Invokes the whole application. */ public function invoke() { $this->_pageKey = getGetValue('page', 'accounts'); $this->_subKey = getGetValue('sub'); $sessionLang = jpWotSession::get('active_language'); if (empty($sessionLang)) { jpWotSession::set('active_language', strtolower(trim(jpWotConfig::$lang))); } $changeLang = getPostValue('lang'); if (isset($changeLang['current'], $changeLang['new']) && $changeLang['current'] != $changeLang['new']) { jpWotSession::set('active_language', $changeLang['new']); $langKey = $changeLang['new']; } else { $langKey = jpWotSession::get('active_language'); } $langKey = $this->getIniLanguageKey($langKey); $language = jpWotLanguage::getInstance(); $language->load('main', BPATH, $langKey); $language->load('filter', BPATH, $langKey); $language->load($this->_pageKey, BPATH, $langKey); $controller = $this->getControllerInstance(); $page = getPostValue('request'); if (!empty($page)) { $controller->setRequestData($page); } $controller->index(); }
function initialize_page() { $category_id = requestIdParam(); $category = Categories::FindById($category_id); $post_action = ""; if (isset($_POST['submit'])) { $post_action = $_POST['submit']; } if (isset($_POST['delete'])) { $category->delete(true); setFlash("<h3>Category Deleted</h3>"); redirect("/admin/list_categories/"); } else { if ($post_action == "Edit Category" || $post_action == "Edit and Return to List") { $category->display_name = getPostValue('display_name'); $category->name = slug(getPostValue('display_name')); $category->content = getPostValue('category_content'); $category->save(); setFlash("<h3>Category Edited</h3>"); if ($post_action == "Edit and Return to List") { redirect("admin/list_categories/"); } } } }
function getValue($name, $format = '', $fatal = false) { global $settings; $val = getPostValue($name); if (!isset($val)) { $val = getGetValue($name); } // for older PHP versions... if (!isset($val) && get_magic_quotes_gpc() == 1 && !empty($GLOBALS[$name])) { $val = $GLOBALS[$name]; } if (!isset($val)) { return ''; } if (!empty($format) && !preg_match('/^' . $format . '$/', $val)) { // does not match if ($fatal) { if ($settings['mode'] == 'dev') { $error_str = ' "' . $val . '"'; } else { $error_str = ''; } die_miserable_death(translate('Fatal Error') . ': ' . translate('Invalid data format for') . ' ' . $name . $error_str); } // ignore value return ''; } return $val; }
function initialize_page() { $post_action = ""; if (isset($_POST['submit'])) { $post_action = $_POST['submit']; } if ($post_action == "Add Category" || $post_action == "Add and Return to List") { $category = MyActiveRecord::Create('Categories'); $category->display_name = getPostValue('display_name'); $category->name = slug(getPostValue('display_name')); $category->content = getPostValue('category_content'); $category->save(); setFlash("<h3>Category Added</h3>"); if ($post_action == "Add and Return to List") { redirect("admin/list_categories/"); } } }
header('Cache-Control: no-cache'); } //end function /*******************************************/ /*** Let's go ***/ /*******************************************/ $id = getIntValue('id', true); $format = getValue('format'); if ($format != 'ical' && $format != 'vcal' && $format != 'pilot-csv' && $format != 'pilot-text') { die_miserable_death("Invalid format '" . $format . "'"); } $use_all_dates = getPostValue('use_all_dates'); if ($use_all_dates != 'y') { $use_all_dates = ''; } $include_layers = getPostValue('include_layers'); if ($include_layers != 'y') { $include_layers = ''; } $fromyear = getIntValue('fromyear', true); $frommonth = getIntValue('frommonth', true); $fromday = getIntValue('fromday', true); $endyear = getIntValue('endyear', true); $endmonth = getIntValue('endmonth', true); $endday = getIntValue('endday', true); $modyear = getIntValue('modyear', true); $modmonth = getIntValue('modmonth', true); $modday = getIntValue('modday', true); mt_srand((double) microtime() * 1000000); if (empty($id)) { $id = "all";
// file in ways they shouldn't. Users may try to type in a URL to get around // functions that are not being displayed on the web page to them. include_once 'includes/init.php'; require_valide_referring_url(); load_user_layers(); $delete = getPostValue('delete'); $formtype = getPostValue('formtype'); $add = getPostValue('add'); $user = getPostValue('user'); $ufirstname = getPostValue('ufirstname'); $ulastname = getPostValue('ulastname'); $uemail = getPostValue('uemail'); $upassword1 = getPostValue('upassword1'); $upassword2 = getPostValue('upassword2'); $uis_admin = getPostValue('uis_admin'); $uenabled = getPostValue('uenabled'); $error = ''; if (!$is_admin) { $user = $login; } $deleteStr = translate('Deleting users not supported.'); $notIdenticalStr = translate('The passwords were not identical.'); $noPasswordStr = translate('You have not entered a password.'); $blankUserStr = translate('Username cannot be blank.'); // Don't let them edit users if they'e not authorized. if (empty($user)) { // Asking to create a new user. Must be admin... if (!$is_admin && !access_can_access_function(ACCESS_USER_MANAGEMENT)) { send_to_preferred_view(); } if (!$admin_can_add_user) {
$msg .= "\n\n" . $url; } $wantsAttach = get_pref_setting($participants[$i], 'EMAIL_ATTACH_ICS', 'N'); $attachId = $wantsAttach == 'Y' ? $id : ''; // Use WebCalMailer class. $mail->WC_Send($login_fullname, $tempemail, $tempfullname, $name, $msg, $htmlmail, $from, $attachId); activity_log($id, $login, $participants[$i], LOG_NOTIFICATION, ''); } } } } //end for loop participants // Add external participants. $ext_emails = $ext_names = $matches = array(); $ext_count = 0; $externalparticipants = getPostValue('externalparticipants'); if ($single_user == 'N' && !empty($ALLOW_EXTERNAL_USERS) && $ALLOW_EXTERNAL_USERS == 'Y' && !empty($externalparticipants)) { $lines = explode("\n", $externalparticipants); if (!is_array($lines)) { $lines = array($externalparticipants); } if (is_array($lines)) { $linecnt = count($lines); for ($i = 0; $i < $linecnt; $i++) { $ext_words = explode(' ', $lines[$i]); if (!is_array($ext_words)) { $ext_words = array($lines[$i]); } if (is_array($ext_words)) { $ext_wordscnt = count($ext_words); $ext_emails[$ext_count] = $ext_names[$ext_count] = '';
$GLOBALS['CELLBG'] = $prefarray['CELLBG']; $GLOBALS['WEEKENDBG'] = $prefarray['WEEKENDBG']; $GLOBALS['OTHERMONTHBG'] = $prefarray['OTHERMONTHBG']; $GLOBALS['FONTS'] = $prefarray['FONTS']; $GLOBALS['MYEVENTS'] = $prefarray['MYEVENTS']; //determine if we can set timezones, if not don't display any options $can_set_timezone = set_env('TZ', $prefarray['TIMEZONE']); $dateYmd = date('Ymd'); $selected = ' selected="selected" '; $minutesStr = translate('minutes'); //allow css_cache to display public or NUC values @session_start(); $_SESSION['webcal_tmp_login'] = $prefuser; //Prh ... add user to edit_template to get/set correct template $openStr = "\"window.open( 'edit_template.php?type=%s&user=%s','cal_template','dependent,menubar,scrollbars,height=500,width=500,outerHeight=520,outerWidth=520' );\""; $currenttab = getPostValue('currenttab', 'settings'); $currenttab = !empty($currenttab) ? $currenttab : 'settings'; $BodyX = 'onload="altrows(); showTab( \'' . $currenttab . '\' );"'; $INC = array('js/visible.php', 'js/pref.php'); print_header($INC, '', $BodyX); ?> <h2><?php if ($updating_public) { echo translate($PUBLIC_ACCESS_FULLNAME) . ' '; } etranslate('Preferences'); if ($is_nonuser_admin || $is_admin && substr($prefuser, 0, 5) == '_NUC_') { nonuser_load_variables($user, 'nonuser'); echo '<br /><strong>-- ' . translate('Admin mode') . ': ' . $nonuserfullname . " --</strong>\n"; }
function getValue($name, $format = "", $fatal = false) { $val = getPostValue($name); if (!isset($val)) { $val = getGetValue($name); } // for older PHP versions... if (!isset($val) && get_magic_quotes_gpc() == 1 && !empty($GLOBALS[$name])) { $val = $GLOBALS[$name]; } if (!isset($val)) { return ""; } if (!empty($format) && !preg_match("/^" . $format . "\$/", $val)) { // does not match if ($fatal) { echo "Fatal Error: Invalid data format for {$name}\n"; exit; } // ignore value return ""; } return $val; }
<?php // Include common functions and declarations require_once "../../include/common.php"; // Get category id $category = new Category(getGetValue("categoryId")); // Check if user has edit permission if (!$category->hasEditPermission()) { $login->printLoginForm(); exit; } // Delete entries $deleteReferences = getPostValue("deleteReferences"); if (!empty($deleteReferences)) { $references = getPostValue("references"); for ($i = 0; $i < sizeof($references); $i++) { $dbi->query("DELETE FROM `" . categoryContentRefTableName . "` WHERE id=" . $dbi->quote($references[$i])); } // Redirect to category index redirect(!empty($_SERVER["HTTP_REFERER"]) ? $_SERVER["HTTP_REFERER"] : scriptUrl . "/" . folderCategory . "/" . fileCategoryIndex); } // Validate page $page = !empty($_GET["page"]) ? $_GET["page"] - 1 : 0; // Generate navigation $site->addNavigationLink(scriptUrl . "/" . folderAdmin, $lAdminIndex["Header"]); $site->addNavigationLink(scriptUrl . "/" . folderCategory, $lAdminIndex["Categories"]); $site->addNavigationLink(scriptUrl . "/" . folderCategory . "/" . fileCategory . "?categoryId=" . $category->id, $category->title); // Print common header $site->printHeader(); // Print section header printf("<p>" . $lCategory["HeaderText"] . "</p>", $category->title);
/** * Examines the posted fields, defines $this->_ValidationFields, and enforces the $this->Rules collection on them. * * @param array $PostedFields An associative array of posted fields to be validated. * @param boolean $Insert A boolean value indicating if the posted fields are to be inserted or * updated. If being inserted, the schema's required field rules will be enforced. * @return boolean Whether or not the validation was successful. */ public function validate($PostedFields, $Insert = false) { // Create an array to hold validation result messages if (!is_array($this->_ValidationResults) || $this->resetOnValidate()) { $this->_ValidationResults = array(); } // Check for a honeypot (anti-spam input) $HoneypotName = C('Garden.Forms.HoneypotName', ''); $HoneypotContents = getPostValue($HoneypotName, ''); if ($HoneypotContents != '') { $this->addValidationResult($HoneypotName, "You've filled our honeypot! We use honeypots to help prevent spam. If you're not a spammer or a bot, you should contact the application administrator for help."); } $FieldRules = $this->defineValidationRules($PostedFields, $Insert); $Fields = $this->defineValidationFields($PostedFields, $Insert); // Loop through the fields that should be validated foreach ($Fields as $FieldName => $FieldValue) { // If this field has rules to be enforced... if (array_key_exists($FieldName, $FieldRules) && is_array($FieldRules[$FieldName])) { // Enforce them. $Rules = $FieldRules[$FieldName]; // Get the field info for the field. $FieldInfo = array('Name' => $FieldName); if (is_array($this->_Schema) && array_key_exists($FieldName, $this->_Schema)) { $FieldInfo = array_merge($FieldInfo, (array) $this->_Schema[$FieldName]); } $FieldInfo = (object) $FieldInfo; foreach ($Rules as $RuleName) { if (array_key_exists($RuleName, $this->_Rules)) { $Rule = $this->_Rules[$RuleName]; // echo '<div>FieldName: '.$FieldName.'; Rule: '.$Rule.'</div>'; if (substr($Rule, 0, 9) == 'function:') { $Function = substr($Rule, 9); if (!function_exists($Function)) { trigger_error(errorMessage('Specified validation function could not be found.', 'Validation', 'Validate', $Function), E_USER_ERROR); } $ValidationResult = $Function($FieldValue, $FieldInfo, $PostedFields); if ($ValidationResult !== true) { // If $ValidationResult is not FALSE, assume it is an error message $ErrorCode = $ValidationResult === false ? $Function : $ValidationResult; // If there is a custom error, use it above all else $ErrorCode = val($FieldName . '.' . $RuleName, $this->_CustomErrors, $ErrorCode); // Add the result $this->addValidationResult($FieldName, $ErrorCode); // Only add one error per field } } elseif (substr($Rule, 0, 6) == 'regex:') { $Regex = substr($Rule, 6); if (ValidateRegex($FieldValue, $Regex) !== true) { $ErrorCode = 'Regex'; // If there is a custom error, use it above all else $ErrorCode = val($FieldName . '.' . $RuleName, $this->_CustomErrors, $ErrorCode); // Add the result $this->addValidationResult($FieldName, $ErrorCode); } } } } } } $this->_ValidationFields = $Fields; return count($this->_ValidationResults) === 0; }
$comment->deleteComment($commentType > 0 ? true : false); } } // Redirect redirect(!empty($_SERVER["HTTP_REFERER"]) ? $_SERVER["HTTP_REFERER"] : scriptUrl . "/" . folderComment . "/" . folderCommentIndex); } // Delete spam comments $deleteSpamComments = getPostValue("deleteSpamComments"); if (!empty($deleteSpamComments)) { $comment = new Comment(); $comment->deleteSpamComments(); // Redirect redirect(!empty($_SERVER["HTTP_REFERER"]) ? $_SERVER["HTTP_REFERER"] : scriptUrl . "/" . folderComment . "/" . folderCommentIndex); } // Delete trash comments $deleteTrashComments = getPostValue("deleteTrashComments"); if (!empty($deleteTrashComments)) { $comment = new Comment(); $comment->deleteTrashComments(); // Redirect redirect(!empty($_SERVER["HTTP_REFERER"]) ? $_SERVER["HTTP_REFERER"] : scriptUrl . "/" . folderComment . "/" . folderCommentIndex); } // Mark comments as spam or not spam $spam = getValue("spam"); $notSpam = getValue("notSpam"); if (!empty($spam) || !empty($notSpam)) { $comments = getValue("comments"); if (!empty($comments)) { for ($i = 0; $i < sizeof($comments); $i++) { $comment = new Comment($comments[$i]); $comment->setSpamStatus(!empty($spam) ? 1 : 0);
function initialize_page() { $post_action = $success = ""; $gallery = Galleries::FindById(requestIdParam()); if (isset($_POST['submit'])) { $post_action = $_POST['submit']; } if ($post_action == "Edit Gallery" || $post_action == "Edit and Return to List" || $post_action == "Add Image to Gallery") { if (isset($_POST['delete'])) { $photos = $gallery->get_photos(); if (count($photos) > 0) { $success .= "Photos deleted / "; } foreach ($photos as $thephoto) { $thephoto->delete(true); } $gallery->delete(true); $success .= "Gallery deleted / "; setFlash("<h3>" . substr($success, 0, -3) . "</h3>"); redirect("/admin/list_galleries"); } else { // Name has changed. if ($gallery->name != $_POST['name']) { $gallery->name = $_POST['name']; $gallery->slug = slug($_POST['name']); $gallery->save(); $success .= "Gallery name saved / "; } // Update captions if they are different. if (isset($_POST['captions'])) { $captions = $_POST['captions']; foreach ($captions as $key => $thecaption) { $photo = Photos::FindById($key); if ($photo->caption != $thecaption) { $photo->caption = $thecaption; $photo->save(); } } //$success .= "Captions edited / "; } // Reset the display order if the photos have been moved. if (isset($_POST['photos_display_order'])) { $display_orders = $_POST['photos_display_order']; foreach ($display_orders as $key => $display_order) { $photo = Photos::FindById($key); if ($photo->display_order != $display_order) { $photo->display_order = $display_order; $photo->save(); } } //$success .= "Photo order saved / "; } // Upload and save a new file. if (isset($_FILES['new_photo']) && $_FILES['new_photo']['error'] == 0) { // Updating the record to include the filename stopped working in photos > save_uploaded_file Jan 2013 $photo = MyActiveRecord::Create('Photos', array('caption' => getPostValue("new_photo_caption"), 'gallery_id' => $gallery->id, 'display_order' => 1)); $photo->save(); $photo->save_uploaded_file($_FILES['new_photo']['tmp_name'], $_FILES['new_photo']['name']); $photo->setDisplayOrder(); $success .= "New photo added / "; } else { // from http://php.net/manual/en/features.file-upload.errors.php $upload_errors = array("0. UPLOAD_ERR_OK: No errors.", "1. UPLOAD_ERR_INI_SIZE: Larger than upload_max_filesize.", "2. UPLOAD_ERR_FORM_SIZE: Larger than form MAX_FILE_SIZE.", "3. UPLOAD_ERR_PARTIAL: Partial upload.", "4. UPLOAD_ERR_NO_FILE: No file.", "6. UPLOAD_ERR_NO_TMP_DIR: No temporary directory.", "7. UPLOAD_ERR_CANT_WRITE: Can't write to disk.", "8. UPLOAD_ERR_EXTENSION: File upload stopped by extension.", "UPLOAD_ERR_EMPTY: File is empty."); $err_num = $_FILES['new_photo']['error']; if ($err_num != 4) { echo "Upload Error! " . $upload_errors[$err_num]; } } // Delete photos that were checked off to be removed if (isset($_POST['deleted_photos'])) { $deleted_ids = $_POST['deleted_photos']; foreach ($deleted_ids as $status => $photo_id) { $photo = Photos::FindById($photo_id); $photo->delete(true); } $success .= "Photo deleted / "; } setFlash("<h3>" . substr($success, 0, -3) . "</h3>"); if ($post_action == "Edit and Return to List") { redirect("admin/list_galleries"); } } } }
<?php // Include common functions and declarations require_once "include/common.php"; // Add navigation link $site->addNavigationLink(scriptUrl . "/" . fileProfileForgotPassword, $lForgotPassword["Header"]); // Print header $site->printHeader(); echo '<p>' . $lForgotPassword["HeaderText"] . '</p>'; // Get values $send = getGetValue("send"); $username = getPostValue("username"); $email = getPostValue("email"); $id = getGetValue("id"); $key = getGetValue("key"); $success = getGetValue("success"); if (!empty($id) && !empty($key)) { $user = new User($id); if (!empty($user->id)) { // Check if key matches key in database $result = $dbi->query("SELECT username,activationKey FROM " . userTableName . " WHERE id=" . $dbi->quote($user->id)); if ($result->rows()) { list($username, $activationKey) = $result->fetchrow_array(); if ($key == $activationKey) { // Include password form $forgotPassword = 1; include scriptPath . '/' . folderUsers . '/include/form/userPasswordForm.php'; } else { echo '<p>' . $lForgotPassword["InvalidKey"] . '</p>'; } }
/** Save folder. */ function saveFolder() { if (!empty($this->id)) { global $errors; global $lFileEditFolder; // Check if data is submitted from the form checkSubmitter(); // Get values $this->name = getPostValue("folderName"); $this->parent = new Folder(getPostValue("folderId")); // Validate if (empty($this->name)) { $errors->addError("folderName", $lFileEditFolder["MissingFoldername"]); } if (!$errors->hasErrors()) { // Rename folder $this->renameFolder($this->name); } return $errors; } }
if (!empty($return_path)) { $url = $return_path; } else { //$url=empty ( $STARTVIEW ) ? "month.php" : "$STARTVIEW.php"; $url = "month.php"; // $url = "index.php"; } $lang = ''; if (!empty($LANGUAGE)) { $lang = languageToAbbrev($LANGUAGE); } if (empty($lang)) { $lang = 'fr'; } $login = getPostValue('login'); $password = getPostValue('password'); // calculate path for cookie if (empty($PHP_SELF)) { $PHP_SELF = $_SERVER["PHP_SELF"]; } $cookie_path = str_replace("login.php", "", $PHP_SELF); //echo "Cookie path: $cookie_path\n"; if ($single_user == "Y") { // No login for single-user mode do_redirect("index.php"); } else { if ($use_http_auth) { // There is no login page when using HTTP authorization do_redirect("index.php"); } else { if (!empty($login) && !empty($password)) {
$settings['db_persistent'] = getPostValue('form_db_persistent'); $settings['single_user_login'] = getPostValue('form_single_user_login'); $settings['readonly'] = getPostValue('form_readonly'); if (getPostValue("form_user_inc") == "http") { $settings['use_http_auth'] = 'true'; $settings['single_user'] = '******'; $settings['user_inc'] = 'user.php'; } else { if (getPostValue("form_user_inc") == "none") { $settings['use_http_auth'] = 'false'; $settings['single_user'] = '******'; $settings['user_inc'] = 'user.php'; } else { $settings['use_http_auth'] = 'false'; $settings['single_user'] = '******'; $settings['user_inc'] = getPostValue('form_user_inc'); } } // Save settings to file now. if (empty($password)) { $onload = "alert('Your settings have been saved.\\n\\n" . "Please be sure to set a password.\\n');"; $forcePassword = true; } else { $onload .= "alert('Your settings have been saved.\\n\\n');"; } $fd = @fopen($file, "w+b", false); if (empty($fd)) { if (file_exists($file)) { $onload = "alert('Error: unable to write to file {$file}\\nPlease change the file permissions of this file.');"; } else { $onload = "alert('Error: unable to write to file {$file}\\nPlease change the file permissions of your includes directory\\nto allow writing by other users.');";
function initialize_page() { $event_id = getRequestVarAtIndex(4); $event = Events::FindById($event_id); $event_types = EventTypes::FindAll(); $event_periods = EventPeriods::FindAll(); $year = getRequestVarAtIndex(2); $month = getRequestVarAtIndex(3); $post_action = ""; if (isset($_POST['submit'])) { $post_action = $_POST['submit']; } if ($post_action == "Edit Event" || $post_action == "Edit and Return to List") { if (isset($_POST['delete'])) { $event->delete(true); setFlash("<h3>Event Deleted</h3>"); redirect("/admin/list_events"); } $event->title = $_POST['title']; $event->description = $_POST['description']; if (!getPostValue('time_start')) { $event->setDateStart(getPostValue('date_start'), "04:00:00"); } else { $event->setDateStart(getPostValue('date_start'), getPostValue('time_start')); } if (!getPostValue('date_end') && !getPostValue('time_end')) { $event->setDateEnd(getPostValue('date_start'), "04:00:00"); } else { if (!getPostValue('date_end') && getPostValue('time_end')) { $event->setDateEnd(getPostValue('date_start'), getPostValue('time_end')); } else { $event->setDateEnd(getPostValue('date_end'), getPostValue('time_end')); } } $notdates = getPostValue('notdates'); $del_query = "DELETE FROM events_notdate WHERE event_id = {$event->id};"; mysql_query($del_query, MyActiveRecord::Connection()); if (is_array($notdates)) { foreach ($notdates as $date) { if (strlen($date) > 4) { $query = "INSERT INTO events_notdate VALUES('{$event->id}','" . formatDateView($date, "Y-m-d") . "')"; mysql_query($query, MyActiveRecord::Connection()) or die($query); } } } $event->eventtype_id = isset($_POST['eventtype_id']) ? $_POST['eventtype_id'] : 1; $event->eventperiod_id = $_POST['eventperiod_id']; $event->save(); edit_eventUpdateRecurrences(); setFlash("<h3>Event changes saved</h3>"); if ($post_action == "Edit and Return to List") { redirect("/admin/list_events/{$year}/{$month}"); } else { redirect("/admin/edit_event/{$year}/{$month}/{$event_id}"); } } }
// see if a return path was set $return_path = get_last_view(false); } } if (!empty($return_path)) { $return_path = clean_whitespace($return_path); $url = $return_path; } else { $url = 'index.php'; } // If Application Name is set to Title then get translation // If not, use the Admin defined Application Name $appStr = generate_application_name(); $login = getPostValue('login'); $password = getPostValue('password'); $remember = getPostValue('remember'); // calculate path for cookie if (empty($PHP_SELF)) { $PHP_SELF = $_SERVER['PHP_SELF']; } if ($single_user == 'Y') { // No login for single-user mode do_redirect('index.php'); } else { if ($use_http_auth) { // There is no login page when using HTTP authorization do_redirect('index.php'); } else { if (!empty($login) && !empty($password) && !$logout) { if (get_magic_quotes_gpc()) { $password = stripslashes($password);
/** * Save blog in database. * @param $readPost Read values from post. * @return ErrorLog if there were errors. */ function saveBlog($readPost = true) { // Create ErrorLog object $errorLog = new ErrorLog(); if ($this->hasAdministerPermission()) { global $dbi, $log, $login, $module; // Check if data is submitted from the form checkSubmitter(); // Include language include scriptPath . "/include/language/" . pageLanguage . "/general.php"; include scriptPath . "/" . folderBlog . "/include/language/" . $this->language . "/general.php"; // Save values from post if ($readPost) { $this->category = parseHtml(getPostValue("category"), 0); $this->description = parseHtml(getPostValue("description"), 1); $this->language = getPostValue("language"); $this->postLimit = getPostValue("postLimit"); $this->showRSSLink = getPostValue("showRSSLink"); $this->showRSSCommentsLink = getPostValue("showRSSCommentsLink"); $this->subscribers = parseHtml(getPostValue("subscribers"), 0); $this->title = parseHtml(getPostValue("title"), 0); } // Validate data if (empty($this->language)) { $this->language = pageDefaultLanguage; } if (empty($this->title)) { $errorLog->addError("title", $lBlogEdit["MissingTitle"]); } else { if (empty($this->id)) { $blog = new Blog("", $this->title); if (!empty($blog->id)) { $errorLog->addError("title", $lBlogEdit["BlogExists"]); } } } // If there were no errors update database if (!$errorLog->hasErrors()) { if (empty($this->id)) { // Get max position $result = $dbi->query("SELECT MAX(position) FROM " . blogTableName); if ($result->rows()) { list($position) = $result->fetchrow_array(); $position++; } else { $position = 0; } // Insert blog into database $dbi->query("INSERT INTO " . blogTableName . "(title,category,description,subscribers,language,postLimit,showRSSLink,showRSSCommentsLink,position) VALUES(" . $dbi->quote($this->title) . "," . $dbi->quote($this->category) . "," . $dbi->quote($this->description) . "," . $dbi->quote($this->subscribers) . "," . $dbi->quote($this->language) . "," . $dbi->quote($this->postLimit) . "," . $dbi->quote($this->showRSSLink) . "," . $dbi->quote($this->showRSSCommentsLink) . "," . $dbi->quote($position) . ")"); // Get new blog id $this->id = $dbi->getInsertId(); // Set default permissions $login->setModuleContentPermissions(blogContentId, $this->id, "Visitors", 0, 0, 1, 0, 0, 0, 0, 1); $login->setModuleContentPermissions(blogContentId, $this->id, "Users", 0, 0, 1, 0, 0, 0, 0, 1); } else { // Update blog in database $dbi->query("UPDATE " . blogTableName . " SET title=" . $dbi->quote($this->title) . ",category=" . $dbi->quote($this->category) . ",description=" . $dbi->quote($this->description) . ",subscribers=" . $dbi->quote($this->subscribers) . ",language=" . $dbi->quote($this->language) . ",postLimit=" . $dbi->quote($this->postLimit) . ",showRSSLink=" . $dbi->quote($this->showRSSLink) . ",showRSSCommentsLink=" . $dbi->quote($this->showRSSCommentsLink) . " WHERE id=" . $dbi->quote($this->id)); } // Upload index picture if (!empty($_FILES["img_0"])) { uploadFile($_FILES["img_0"], "blog_" . $this->id, array("image/jpeg", "image/pjpeg", "image/gif"), 0, 50, 50); } // Log transaction $log->logTransaction(blogContentId, $this->id); } else { if (!empty($_FILES["img_0"]["tmp_name"])) { $errorLog->addError("upload", $lErrors["ReUploadImages"]); } } } return $errorLog; }
function initialize_page() { $event_types = EventTypes::FindAll(); $event_periods = EventPeriods::FindAll(); $post_action = ""; if (isset($_POST['submit'])) { $post_action = $_POST['submit']; if ($post_action == "Add Event and add another" || $post_action == "Add and Return to List") { $event = MyActiveRecord::Create('Events', $_POST); if (!getPostValue('time_start')) { $event->setDateStart(getPostValue('date_start'), "04:00:00"); } else { $event->time_start = date("H:i:s", strtotime(getPostValue('time_start'))); } if (!getPostValue('date_end') && !getPostValue('time_end')) { $event->setDateEnd(getPostValue('date_start'), "04:00:00"); } else { if (!getPostValue('date_end') && getPostValue('time_end')) { $event->setDateEnd(getPostValue('date_start'), date("H:i:s", strtotime(getPostValue('time_end')))); } else { $event->setDateEnd(getPostValue('date_end'), date("H:i:s", strtotime(getPostValue('time_end')))); } } $event->eventtype_id = isset($_POST['eventtype_id']) ? $_POST['eventtype_id'] : 1; $event->eventperiod_id = $_POST['eventperiod_id']; $event->save(); $notdates = getPostValue('notdates'); if (is_array($notdates)) { foreach ($notdates as $date) { if (strlen($date) > 4) { $query = "INSERT INTO events_notdate VALUES('{$event->id}','" . formatDateView($date, "Y-m-d") . "')"; mysql_query($query, MyActiveRecord::Connection()) or die($query); } } } add_eventUpdateRecurrences($event); $thisnewevent = Events::FindById($event->id); if ($thisnewevent->date_end < $thisnewevent->date_start) { setFlash("<h3>Whoops! Event Starts after it Ends! Please correct dates...</h3>"); $eventyear = parseDate($thisnewevent->date_start, "Y"); $eventmonth = parseDate($thisnewevent->date_start, "n"); redirect("/admin/edit_event/{$eventyear}/{$eventmonth}/{$thisnewevent->id}"); } else { setFlash("<h3>Event added</h3>"); if ($post_action == "Add and Return to List") { // Redirect user to the Main Event List $datestart = explode("/", getPostValue('date_start')); setFlash("<h3>Event added</h3>"); redirect("/admin/list_events/{$datestart['2']}/{$datestart['0']}"); } } } } }
$previewStr = translate('Preview'); $allStr = translate('All'); $purgingStr = translate('Purging events for'); $deleteStr = translate('Delete'); $delete = getPostValue('delete'); $do_purge = false; if (!empty($delete)) { $do_purge = true; } $purge_all = getPostValue('purge_all'); $purge_deleted = getPostValue('purge_deleted'); $end_year = getPostValue('end_year'); $end_month = getPostValue('end_month'); $end_day = getPostValue('end_day'); $username = getPostValue('username'); $preview = getPostValue('preview'); $preview = empty($preview) ? false : true; $INC = array('js/visible.php'); print_header($INC); ?> <table summary=""> <tr><td style="vertical-align:top; width:50%;"> <?php echo '<h2>' . translate('Delete Events'); if ($preview) { echo '[ ' . $previewStr . ']'; } echo "</h2>\n"; echo display_admin_link(); if ($do_purge) {
// Move folders $folders = getPostValue("folders"); if (!empty($folders)) { for ($i = 0; $i < sizeof($folders); $i++) { $moveFolderId = getPostValue("moveFolderId"); if (!empty($folders[$i]) && !empty($moveFolderId)) { $tmpFolder = new Folder($folders[$i]); $tmpFolder->moveFolder($moveFolderId); } } } // Move files $files = getPostValue("files"); if (!empty($files)) { for ($i = 0; $i < sizeof($files); $i++) { $moveFolderId = getPostValue("moveFolderId"); if (!empty($files[$i]) && !empty($moveFolderId)) { $tmpFile = new File($files[$i]); $tmpFile->moveFile($moveFolderId); } } } // Redirect redirect(scriptUrl . "/" . folderFilesAdmin . "/" . fileFilesIndex . (!empty($folder->id) ? "?folderId=" . $folder->id : "")); } // Add navigation links $site->addNavigationLink(scriptUrl . "/" . folderAdmin, $lAdminIndex["Header"]); $site->addNavigationLink(scriptUrl . "/" . folderFilesAdmin, $lFileIndex["Header"]); // Print common header $site->printHeader(); // Print description
<?php /* $Id: about.php,v 1.16.2.3 2007/08/06 02:28:29 cknudsen Exp $ */ include_once 'includes/init.php'; $credits = getPostValue('Credits'); $data = ''; if (!empty($credits)) { // Get Names from AUTHORS file. if ($fd = @fopen('AUTHORS', 'r')) { // Read in contents of entire file first. while (!feof($fd) && empty($error)) { $data .= fgets($fd, 4096); } fclose($fd); } // $data = unhtmlentities ( $data ); $data = preg_replace('/<.+>+/', '', $data); $data = preg_replace("/\n\\s/", '<br /> ', $data); $data = preg_replace('/\\s\\s+/', ' ', $data); $data = preg_replace('/\\n/', '<br />', $data); } print_header('', '', '', true, false, true); echo ' <div align="left" style="margin-left:4px; position:absolute; bottom:0">'; if (empty($credits)) { echo ' <a title="' . $PROGRAM_NAME . '" href="' . $PROGRAM_URL . '" target="_blank"> <h2 style="margin:0">' . translate('Title') . '</h2> <p>' . str_replace('XXX', $PROGRAM_VERSION, translate('version XXX')) . '</p> <p>' . $PROGRAM_DATE . '</p></a> <p> </p>
<?php // Include common functions and declarations require_once "include/common.php"; // Get mode $mode = getGetValue("mode"); // Send link $success = 0; if (!empty($mode)) { $name = getPostValue("name"); $mail = getPostValue("email"); $message = getPostValue("message"); $subject = getPostValue("subject"); // Validate input if (empty($name)) { $errors->addError("name", $lSendMail["MissingName"]); } if (empty($mail)) { $errors->addError("mail", $lSendMail["MissingMail"]); } if (!checkEmail($mail)) { $errors->addError("mail", $lSendMail["InvalidMail"]); } if (empty($subject)) { $errors->addError("subject", $lSendMail["MissingSubject"]); } // If there were no errors send mail if (!$errors->hasErrors()) { // Send link if (mail(pageAdminMail, $subject, $message, "From: " . $name . " <" . $mail . ">\n")) { $success = 1;
dbi_free_result($res); } else { $error = db_error(); } } if (!empty($_FILES['FileName'])) { $file = $_FILES['FileName']; } // Make sure we clear $file if no file was upoaded. if (!empty($file['tmp_name']) && $file['tmp_name'] == 'none') { $file = ''; } if (!$is_my_event) { $error = print_not_auth(5); } $delete = getPostValue('delete'); if (empty($error) && !empty($delete)) { // Delete this category. if (!dbi_execute('DELETE FROM webcal_categories WHERE cat_id = ? AND ( cat_owner = ?' . ($is_admin ? ' OR cat_owner IS NULL )' : ' )'), array($id, $login))) { $error = db_error(); } if (!dbi_execute('DELETE FROM webcal_entry_categories WHERE cat_id = ? AND ( cat_owner = ?' . ($is_admin ? ' OR cat_owner IS NULL )' : ' )'), array($id, $login))) { $error = db_error(); } // Rename any icons associated with this cat_id. renameIcon($id); } else { if (empty($error) && empty($catname)) { $error = translate('Category name is required');
/** * Save comment in database * @param $moduleId Module id to add comment to. * @param $moduleContentTypeId Identifier of content type. * @param $moduleContentId Identifier of content. * @return List of errors if any. */ function saveComment($moduleId, $moduleContentTypeId, $moduleContentId) { global $dbi, $errors, $login, $referer, $settings, $spamFilter; global $lComment, $lEditComment; // Check if data is submitted from the form checkSubmitter(); // Get user ip $ip = getenv("REMOTE_ADDR"); // Get values $this->moduleId = $moduleId; $this->moduleContentTypeId = $moduleContentTypeId; $this->moduleContentId = $moduleContentId; $this->name = parseString(stripHtml(getValue("name"))); $this->mail = parseString(stripHtml(getValue("mail"))); $this->link = parseString(stripHtml(getValue("link"))); $this->subject = parseString(stripHtml(getValue("subject"))); $this->message = parseString(stripHtml(getValue("message"))); $this->spam = getValue("spam"); $this->userId = getValue("userId"); // Get default name $defaultName = parseString(getPostValue("defaultName")); // Validate comment data if (empty($this->id)) { if (!$this->hasCommentPermission()) { $errors->addError("permissions", $lEditComment["InsufficientPermissions"]); } if (!$login->isLoggedIn()) { if ($settings->commentsRequireValidation) { if (!audit()) { $errors->addError("validation", $lComment["WrongValidation"]); } } if (empty($this->name) || $this->name == $defaultName) { $errors->addError("name", $lEditComment["MissingName"]); } } } else { if (!$this->hasEditPermission()) { $errors->addError("permissions", $lEditComment["InsufficientPermissions"]); } else { if (empty($this->name) && empty($this->userId)) { $errors->addError("name", $lEditComment["MissingName"]); } } } if (empty($this->subject)) { $errors->addError("subject", $lEditComment["MissingSubject"]); } if (empty($this->message)) { $errors->addError("message", $lEditComment["MissingText"]); } // Check if message could be classified as spam $spam = $spamFilter->isSpam($this->name, $this->mail, $this->subject, $this->message); // Check if this ip has been spam before if (!$spam) { $result = $dbi->query("SELECT COUNT(*) FROM " . commentTableName . " WHERE spam=1 AND ip=" . $dbi->quote($ip)); if ($result->rows()) { list($count) = $result->fetchrow_array(); if ($count != 0) { $spam = true; } } } // If there were no errors insert or update comment if (!$errors->hasErrors()) { if (empty($this->id)) { // Insert into comment database $dbi->query("INSERT INTO " . commentTableName . "(moduleId,moduleContentTypeId,moduleContentId,userId,name,mail,link,subject,message,ip,posted,spam,trash) VALUES(" . $dbi->quote($moduleId) . "," . $dbi->quote($moduleContentTypeId) . "," . $dbi->quote($moduleContentId) . "," . ($login->isLoggedIn() ? $login->id : 0) . "," . $dbi->quote($this->name) . "," . $dbi->quote($this->mail) . "," . $dbi->quote($this->link) . "," . $dbi->quote($this->subject) . "," . $dbi->quote($this->message) . "," . $dbi->quote($ip) . ",NOW()," . $dbi->quote($spam) . ",0)"); // Get new comment id $this->id = $dbi->getInsertId(); } else { // Update values in database $dbi->query("UPDATE " . commentTableName . " SET name=" . $dbi->quote($this->name) . ",mail=" . $dbi->quote($this->mail) . ",link=" . $dbi->quote($this->link) . ",subject=" . $dbi->quote($this->subject) . ",message=" . $dbi->quote($this->message) . ",posted=posted,spam=" . $dbi->quote($spam) . " WHERE (id=" . $dbi->quote($this->id) . ")"); } // Remember poster $remember = getValue("remember"); if (!empty($remember)) { $poster["name"] = stripslashes($this->name); $poster["mail"] = stripslashes($this->mail); $poster["link"] = stripslashes($this->link); $poster["remember"] = stripslashes($remember); setcookie("commentPoster", addslashes(serialize($poster)), time() + 31536000); } } // Return errors if any return $errors; }
function subscribedata($instance, $chargeIds, $rateplancharges, $rateplanId) { global $CCInfo; global $Name; global $FirstName; global $LastName; global $StartDate; global $WorkEmail; global $WorkPhone; global $Address1; global $Address2; global $City; global $State; global $Country; global $PostalCode; global $CreditCardHolderName; global $CreditCardNumber; global $CreditCardExpirationMonth; global $CreditCardExpirationYear; global $CreditCardType; global $CreditCardPostalCode; $subscriptionName = " New Signup - From Open House(" . date('m/d/Y h:i:s') . ")"; $account = makeAccount(getPostValue($Name), 'USD', 'Draft'); // $contact = makeContact(getPostValue($FirstName),getPostValue($LastName),getPostValue($Address1),getPostValue($Address2),getPostValue($City),getPostValue($State),getPostValue($Country),getPostValue($PostalCode),getPostValue($WorkEmail),getPostValue($WorkPhone)); // $paymentmethod = makePaymentMethod(getPostValue($CreditCardHolderName), getPostValue($Address1),getPostValue($Address2), getPostValue($City), getPostValue($State), getPostValue($Country), getPostValue($PostalCode), getPostValue($CreditCardType), getPostValue($CreditCardNumber), getPostValue($CreditCardExpirationMonth),getPostValue($CreditCardExpirationYear)); $subscription = makeSubscription($subscriptionName, null); $zSubscriptionData = makeSubscriptionData($subscription, $chargeIds, $rateplancharges, $rateplanId); // $zSubscribeOptions = new Zuora_SubscribeOptions(false,false); $result = $instance->PMD_CreateAcct($account, $zSubscriptionData); // $result = $instance->subscribe($account, $zSubscriptionData, $contact, $paymentmethod, $zSubscribeOptions, $contact); createMessage($result); }
$ulastname = getPostValue('ulastname'); $user = trim(getPostValue('user')); // translate ( 'Illegal characters in login' ) if ($user != addslashes($user)) { $error = str_replace('XXX', htmlentities($user), translate('Illegal characters in login XXX.')); } // Check to make sure user doesn't already exist. check_username($user); // Check to make sure email address doesn't already exist. check_email($uemail); } if (empty($error) && !empty($control)) { if ($control == 'full') { // Process full account addition. $upassword1 = getPostValue('upassword1'); $upassword2 = getPostValue('upassword2'); // Do some checking of user info. if (!empty($user) && !empty($upassword1)) { if (get_magic_quotes_gpc()) { $upassword1 = stripslashes($upassword1); $user = stripslashes($user); } $user = trim($user); if ($user != addslashes($user)) { $error = str_replace('XXX', htmlentities($user), translate('Illegal characters in login XXX.')); } } else { if ($upassword1 != $upassword2) { $control = ''; $error = translate('The passwords were not identical.'); }