function getLoginJSONP($type)
{
require_once "../leader/jsupport.php";
$success = false;
$username = "";
$key = "";
//Ignore any messages from the login system that may corrupt our JSON
ob_start();
if (array_key_exists("username", $_COOKIE) && array_key_exists("key", $_COOKIE)) {
//We may have saved these via javascript. Try loading them
$username = strtolower($_COOKIE["username"]);
$key = $_COOKIE["key"];
$success = true;
} else {
if (checkPostLogin() == 7) {
//Can we log in with leaderboards?
$username = strtolower(getPostValue("username"));
$key = getKey($username);
$success = true;
} else {
//Nope
$success = false;
}
}
ob_end_clean();
//Return their key formatted as specified
if ($success) {
if ($type === "JS") {
return "webchat.setUser(\"{$username}\", \"{$key}\", \"true\"); webchat.connect();";
} else {
if ($type === "JSON") {
return json_encode(array("success" => true, "username" => $username, "key" => $key));
}
}
} else {
if ($type === "JS") {
return "webchat.enableLogin(true); webchat.setLoginStatus(\"No Saved Login Found\");";
} else {
if ($type === "JSON") {
return json_encode(array("success" => false));
}
}
}
}
/**
* Invokes the whole application.
*/
public function invoke()
{
$this->_pageKey = getGetValue('page', 'accounts');
$this->_subKey = getGetValue('sub');
$sessionLang = jpWotSession::get('active_language');
if (empty($sessionLang)) {
jpWotSession::set('active_language', strtolower(trim(jpWotConfig::$lang)));
}
$changeLang = getPostValue('lang');
if (isset($changeLang['current'], $changeLang['new']) && $changeLang['current'] != $changeLang['new']) {
jpWotSession::set('active_language', $changeLang['new']);
$langKey = $changeLang['new'];
} else {
$langKey = jpWotSession::get('active_language');
}
$langKey = $this->getIniLanguageKey($langKey);
$language = jpWotLanguage::getInstance();
$language->load('main', BPATH, $langKey);
$language->load('filter', BPATH, $langKey);
$language->load($this->_pageKey, BPATH, $langKey);
$controller = $this->getControllerInstance();
$page = getPostValue('request');
if (!empty($page)) {
$controller->setRequestData($page);
}
$controller->index();
}
function initialize_page()
{
$category_id = requestIdParam();
$category = Categories::FindById($category_id);
$post_action = "";
if (isset($_POST['submit'])) {
$post_action = $_POST['submit'];
}
if (isset($_POST['delete'])) {
$category->delete(true);
setFlash("<h3>Category Deleted</h3>");
redirect("/admin/list_categories/");
} else {
if ($post_action == "Edit Category" || $post_action == "Edit and Return to List") {
$category->display_name = getPostValue('display_name');
$category->name = slug(getPostValue('display_name'));
$category->content = getPostValue('category_content');
$category->save();
setFlash("<h3>Category Edited</h3>");
if ($post_action == "Edit and Return to List") {
redirect("admin/list_categories/");
}
}
}
}
function getValue($name, $format = '', $fatal = false)
{
global $settings;
$val = getPostValue($name);
if (!isset($val)) {
$val = getGetValue($name);
}
// for older PHP versions...
if (!isset($val) && get_magic_quotes_gpc() == 1 && !empty($GLOBALS[$name])) {
$val = $GLOBALS[$name];
}
if (!isset($val)) {
return '';
}
if (!empty($format) && !preg_match('/^' . $format . '$/', $val)) {
// does not match
if ($fatal) {
if ($settings['mode'] == 'dev') {
$error_str = ' "' . $val . '"';
} else {
$error_str = '';
}
die_miserable_death(translate('Fatal Error') . ': ' . translate('Invalid data format for') . ' ' . $name . $error_str);
}
// ignore value
return '';
}
return $val;
}
function initialize_page()
{
$post_action = "";
if (isset($_POST['submit'])) {
$post_action = $_POST['submit'];
}
if ($post_action == "Add Category" || $post_action == "Add and Return to List") {
$category = MyActiveRecord::Create('Categories');
$category->display_name = getPostValue('display_name');
$category->name = slug(getPostValue('display_name'));
$category->content = getPostValue('category_content');
$category->save();
setFlash("<h3>Category Added</h3>");
if ($post_action == "Add and Return to List") {
redirect("admin/list_categories/");
}
}
}
header('Cache-Control: no-cache');
}
//end function
/*******************************************/
/*** Let's go ***/
/*******************************************/
$id = getIntValue('id', true);
$format = getValue('format');
if ($format != 'ical' && $format != 'vcal' && $format != 'pilot-csv' && $format != 'pilot-text') {
die_miserable_death("Invalid format '" . $format . "'");
}
$use_all_dates = getPostValue('use_all_dates');
if ($use_all_dates != 'y') {
$use_all_dates = '';
}
$include_layers = getPostValue('include_layers');
if ($include_layers != 'y') {
$include_layers = '';
}
$fromyear = getIntValue('fromyear', true);
$frommonth = getIntValue('frommonth', true);
$fromday = getIntValue('fromday', true);
$endyear = getIntValue('endyear', true);
$endmonth = getIntValue('endmonth', true);
$endday = getIntValue('endday', true);
$modyear = getIntValue('modyear', true);
$modmonth = getIntValue('modmonth', true);
$modday = getIntValue('modday', true);
mt_srand((double) microtime() * 1000000);
if (empty($id)) {
$id = "all";
// file in ways they shouldn't. Users may try to type in a URL to get around
// functions that are not being displayed on the web page to them.
include_once 'includes/init.php';
require_valide_referring_url();
load_user_layers();
$delete = getPostValue('delete');
$formtype = getPostValue('formtype');
$add = getPostValue('add');
$user = getPostValue('user');
$ufirstname = getPostValue('ufirstname');
$ulastname = getPostValue('ulastname');
$uemail = getPostValue('uemail');
$upassword1 = getPostValue('upassword1');
$upassword2 = getPostValue('upassword2');
$uis_admin = getPostValue('uis_admin');
$uenabled = getPostValue('uenabled');
$error = '';
if (!$is_admin) {
$user = $login;
}
$deleteStr = translate('Deleting users not supported.');
$notIdenticalStr = translate('The passwords were not identical.');
$noPasswordStr = translate('You have not entered a password.');
$blankUserStr = translate('Username cannot be blank.');
// Don't let them edit users if they'e not authorized.
if (empty($user)) {
// Asking to create a new user. Must be admin...
if (!$is_admin && !access_can_access_function(ACCESS_USER_MANAGEMENT)) {
send_to_preferred_view();
}
if (!$admin_can_add_user) {
$msg .= "\n\n" . $url;
}
$wantsAttach = get_pref_setting($participants[$i], 'EMAIL_ATTACH_ICS', 'N');
$attachId = $wantsAttach == 'Y' ? $id : '';
// Use WebCalMailer class.
$mail->WC_Send($login_fullname, $tempemail, $tempfullname, $name, $msg, $htmlmail, $from, $attachId);
activity_log($id, $login, $participants[$i], LOG_NOTIFICATION, '');
}
}
}
}
//end for loop participants
// Add external participants.
$ext_emails = $ext_names = $matches = array();
$ext_count = 0;
$externalparticipants = getPostValue('externalparticipants');
if ($single_user == 'N' && !empty($ALLOW_EXTERNAL_USERS) && $ALLOW_EXTERNAL_USERS == 'Y' && !empty($externalparticipants)) {
$lines = explode("\n", $externalparticipants);
if (!is_array($lines)) {
$lines = array($externalparticipants);
}
if (is_array($lines)) {
$linecnt = count($lines);
for ($i = 0; $i < $linecnt; $i++) {
$ext_words = explode(' ', $lines[$i]);
if (!is_array($ext_words)) {
$ext_words = array($lines[$i]);
}
if (is_array($ext_words)) {
$ext_wordscnt = count($ext_words);
$ext_emails[$ext_count] = $ext_names[$ext_count] = '';
$GLOBALS['CELLBG'] = $prefarray['CELLBG'];
$GLOBALS['WEEKENDBG'] = $prefarray['WEEKENDBG'];
$GLOBALS['OTHERMONTHBG'] = $prefarray['OTHERMONTHBG'];
$GLOBALS['FONTS'] = $prefarray['FONTS'];
$GLOBALS['MYEVENTS'] = $prefarray['MYEVENTS'];
//determine if we can set timezones, if not don't display any options
$can_set_timezone = set_env('TZ', $prefarray['TIMEZONE']);
$dateYmd = date('Ymd');
$selected = ' selected="selected" ';
$minutesStr = translate('minutes');
//allow css_cache to display public or NUC values
@session_start();
$_SESSION['webcal_tmp_login'] = $prefuser;
//Prh ... add user to edit_template to get/set correct template
$openStr = "\"window.open( 'edit_template.php?type=%s&user=%s','cal_template','dependent,menubar,scrollbars,height=500,width=500,outerHeight=520,outerWidth=520' );\"";
$currenttab = getPostValue('currenttab', 'settings');
$currenttab = !empty($currenttab) ? $currenttab : 'settings';
$BodyX = 'onload="altrows(); showTab( \'' . $currenttab . '\' );"';
$INC = array('js/visible.php', 'js/pref.php');
print_header($INC, '', $BodyX);
?>
<h2><?php
if ($updating_public) {
echo translate($PUBLIC_ACCESS_FULLNAME) . ' ';
}
etranslate('Preferences');
if ($is_nonuser_admin || $is_admin && substr($prefuser, 0, 5) == '_NUC_') {
nonuser_load_variables($user, 'nonuser');
echo '<br /><strong>-- ' . translate('Admin mode') . ': ' . $nonuserfullname . " --</strong>\n";
}
function getValue($name, $format = "", $fatal = false)
{
$val = getPostValue($name);
if (!isset($val)) {
$val = getGetValue($name);
}
// for older PHP versions...
if (!isset($val) && get_magic_quotes_gpc() == 1 && !empty($GLOBALS[$name])) {
$val = $GLOBALS[$name];
}
if (!isset($val)) {
return "";
}
if (!empty($format) && !preg_match("/^" . $format . "\$/", $val)) {
// does not match
if ($fatal) {
echo "Fatal Error: Invalid data format for {$name}\n";
exit;
}
// ignore value
return "";
}
return $val;
}
<?php
// Include common functions and declarations
require_once "../../include/common.php";
// Get category id
$category = new Category(getGetValue("categoryId"));
// Check if user has edit permission
if (!$category->hasEditPermission()) {
$login->printLoginForm();
exit;
}
// Delete entries
$deleteReferences = getPostValue("deleteReferences");
if (!empty($deleteReferences)) {
$references = getPostValue("references");
for ($i = 0; $i < sizeof($references); $i++) {
$dbi->query("DELETE FROM `" . categoryContentRefTableName . "` WHERE id=" . $dbi->quote($references[$i]));
}
// Redirect to category index
redirect(!empty($_SERVER["HTTP_REFERER"]) ? $_SERVER["HTTP_REFERER"] : scriptUrl . "/" . folderCategory . "/" . fileCategoryIndex);
}
// Validate page
$page = !empty($_GET["page"]) ? $_GET["page"] - 1 : 0;
// Generate navigation
$site->addNavigationLink(scriptUrl . "/" . folderAdmin, $lAdminIndex["Header"]);
$site->addNavigationLink(scriptUrl . "/" . folderCategory, $lAdminIndex["Categories"]);
$site->addNavigationLink(scriptUrl . "/" . folderCategory . "/" . fileCategory . "?categoryId=" . $category->id, $category->title);
// Print common header
$site->printHeader();
// Print section header
printf("<p>" . $lCategory["HeaderText"] . "</p>", $category->title);
/**
* Examines the posted fields, defines $this->_ValidationFields, and enforces the $this->Rules collection on them.
*
* @param array $PostedFields An associative array of posted fields to be validated.
* @param boolean $Insert A boolean value indicating if the posted fields are to be inserted or
* updated. If being inserted, the schema's required field rules will be enforced.
* @return boolean Whether or not the validation was successful.
*/
public function validate($PostedFields, $Insert = false)
{
// Create an array to hold validation result messages
if (!is_array($this->_ValidationResults) || $this->resetOnValidate()) {
$this->_ValidationResults = array();
}
// Check for a honeypot (anti-spam input)
$HoneypotName = C('Garden.Forms.HoneypotName', '');
$HoneypotContents = getPostValue($HoneypotName, '');
if ($HoneypotContents != '') {
$this->addValidationResult($HoneypotName, "You've filled our honeypot! We use honeypots to help prevent spam. If you're not a spammer or a bot, you should contact the application administrator for help.");
}
$FieldRules = $this->defineValidationRules($PostedFields, $Insert);
$Fields = $this->defineValidationFields($PostedFields, $Insert);
// Loop through the fields that should be validated
foreach ($Fields as $FieldName => $FieldValue) {
// If this field has rules to be enforced...
if (array_key_exists($FieldName, $FieldRules) && is_array($FieldRules[$FieldName])) {
// Enforce them.
$Rules = $FieldRules[$FieldName];
// Get the field info for the field.
$FieldInfo = array('Name' => $FieldName);
if (is_array($this->_Schema) && array_key_exists($FieldName, $this->_Schema)) {
$FieldInfo = array_merge($FieldInfo, (array) $this->_Schema[$FieldName]);
}
$FieldInfo = (object) $FieldInfo;
foreach ($Rules as $RuleName) {
if (array_key_exists($RuleName, $this->_Rules)) {
$Rule = $this->_Rules[$RuleName];
// echo '<div>FieldName: '.$FieldName.'; Rule: '.$Rule.'</div>';
if (substr($Rule, 0, 9) == 'function:') {
$Function = substr($Rule, 9);
if (!function_exists($Function)) {
trigger_error(errorMessage('Specified validation function could not be found.', 'Validation', 'Validate', $Function), E_USER_ERROR);
}
$ValidationResult = $Function($FieldValue, $FieldInfo, $PostedFields);
if ($ValidationResult !== true) {
// If $ValidationResult is not FALSE, assume it is an error message
$ErrorCode = $ValidationResult === false ? $Function : $ValidationResult;
// If there is a custom error, use it above all else
$ErrorCode = val($FieldName . '.' . $RuleName, $this->_CustomErrors, $ErrorCode);
// Add the result
$this->addValidationResult($FieldName, $ErrorCode);
// Only add one error per field
}
} elseif (substr($Rule, 0, 6) == 'regex:') {
$Regex = substr($Rule, 6);
if (ValidateRegex($FieldValue, $Regex) !== true) {
$ErrorCode = 'Regex';
// If there is a custom error, use it above all else
$ErrorCode = val($FieldName . '.' . $RuleName, $this->_CustomErrors, $ErrorCode);
// Add the result
$this->addValidationResult($FieldName, $ErrorCode);
}
}
}
}
}
}
$this->_ValidationFields = $Fields;
return count($this->_ValidationResults) === 0;
}
$comment->deleteComment($commentType > 0 ? true : false);
}
}
// Redirect
redirect(!empty($_SERVER["HTTP_REFERER"]) ? $_SERVER["HTTP_REFERER"] : scriptUrl . "/" . folderComment . "/" . folderCommentIndex);
}
// Delete spam comments
$deleteSpamComments = getPostValue("deleteSpamComments");
if (!empty($deleteSpamComments)) {
$comment = new Comment();
$comment->deleteSpamComments();
// Redirect
redirect(!empty($_SERVER["HTTP_REFERER"]) ? $_SERVER["HTTP_REFERER"] : scriptUrl . "/" . folderComment . "/" . folderCommentIndex);
}
// Delete trash comments
$deleteTrashComments = getPostValue("deleteTrashComments");
if (!empty($deleteTrashComments)) {
$comment = new Comment();
$comment->deleteTrashComments();
// Redirect
redirect(!empty($_SERVER["HTTP_REFERER"]) ? $_SERVER["HTTP_REFERER"] : scriptUrl . "/" . folderComment . "/" . folderCommentIndex);
}
// Mark comments as spam or not spam
$spam = getValue("spam");
$notSpam = getValue("notSpam");
if (!empty($spam) || !empty($notSpam)) {
$comments = getValue("comments");
if (!empty($comments)) {
for ($i = 0; $i < sizeof($comments); $i++) {
$comment = new Comment($comments[$i]);
$comment->setSpamStatus(!empty($spam) ? 1 : 0);
function initialize_page()
{
$post_action = $success = "";
$gallery = Galleries::FindById(requestIdParam());
if (isset($_POST['submit'])) {
$post_action = $_POST['submit'];
}
if ($post_action == "Edit Gallery" || $post_action == "Edit and Return to List" || $post_action == "Add Image to Gallery") {
if (isset($_POST['delete'])) {
$photos = $gallery->get_photos();
if (count($photos) > 0) {
$success .= "Photos deleted / ";
}
foreach ($photos as $thephoto) {
$thephoto->delete(true);
}
$gallery->delete(true);
$success .= "Gallery deleted / ";
setFlash("<h3>" . substr($success, 0, -3) . "</h3>");
redirect("/admin/list_galleries");
} else {
// Name has changed.
if ($gallery->name != $_POST['name']) {
$gallery->name = $_POST['name'];
$gallery->slug = slug($_POST['name']);
$gallery->save();
$success .= "Gallery name saved / ";
}
// Update captions if they are different.
if (isset($_POST['captions'])) {
$captions = $_POST['captions'];
foreach ($captions as $key => $thecaption) {
$photo = Photos::FindById($key);
if ($photo->caption != $thecaption) {
$photo->caption = $thecaption;
$photo->save();
}
}
//$success .= "Captions edited / ";
}
// Reset the display order if the photos have been moved.
if (isset($_POST['photos_display_order'])) {
$display_orders = $_POST['photos_display_order'];
foreach ($display_orders as $key => $display_order) {
$photo = Photos::FindById($key);
if ($photo->display_order != $display_order) {
$photo->display_order = $display_order;
$photo->save();
}
}
//$success .= "Photo order saved / ";
}
// Upload and save a new file.
if (isset($_FILES['new_photo']) && $_FILES['new_photo']['error'] == 0) {
// Updating the record to include the filename stopped working in photos > save_uploaded_file Jan 2013
$photo = MyActiveRecord::Create('Photos', array('caption' => getPostValue("new_photo_caption"), 'gallery_id' => $gallery->id, 'display_order' => 1));
$photo->save();
$photo->save_uploaded_file($_FILES['new_photo']['tmp_name'], $_FILES['new_photo']['name']);
$photo->setDisplayOrder();
$success .= "New photo added / ";
} else {
// from http://php.net/manual/en/features.file-upload.errors.php
$upload_errors = array("0. UPLOAD_ERR_OK: No errors.", "1. UPLOAD_ERR_INI_SIZE: Larger than upload_max_filesize.", "2. UPLOAD_ERR_FORM_SIZE: Larger than form MAX_FILE_SIZE.", "3. UPLOAD_ERR_PARTIAL: Partial upload.", "4. UPLOAD_ERR_NO_FILE: No file.", "6. UPLOAD_ERR_NO_TMP_DIR: No temporary directory.", "7. UPLOAD_ERR_CANT_WRITE: Can't write to disk.", "8. UPLOAD_ERR_EXTENSION: File upload stopped by extension.", "UPLOAD_ERR_EMPTY: File is empty.");
$err_num = $_FILES['new_photo']['error'];
if ($err_num != 4) {
echo "Upload Error! " . $upload_errors[$err_num];
}
}
// Delete photos that were checked off to be removed
if (isset($_POST['deleted_photos'])) {
$deleted_ids = $_POST['deleted_photos'];
foreach ($deleted_ids as $status => $photo_id) {
$photo = Photos::FindById($photo_id);
$photo->delete(true);
}
$success .= "Photo deleted / ";
}
setFlash("<h3>" . substr($success, 0, -3) . "</h3>");
if ($post_action == "Edit and Return to List") {
redirect("admin/list_galleries");
}
}
}
}
<?php
// Include common functions and declarations
require_once "include/common.php";
// Add navigation link
$site->addNavigationLink(scriptUrl . "/" . fileProfileForgotPassword, $lForgotPassword["Header"]);
// Print header
$site->printHeader();
echo '<p>' . $lForgotPassword["HeaderText"] . '</p>';
// Get values
$send = getGetValue("send");
$username = getPostValue("username");
$email = getPostValue("email");
$id = getGetValue("id");
$key = getGetValue("key");
$success = getGetValue("success");
if (!empty($id) && !empty($key)) {
$user = new User($id);
if (!empty($user->id)) {
// Check if key matches key in database
$result = $dbi->query("SELECT username,activationKey FROM " . userTableName . " WHERE id=" . $dbi->quote($user->id));
if ($result->rows()) {
list($username, $activationKey) = $result->fetchrow_array();
if ($key == $activationKey) {
// Include password form
$forgotPassword = 1;
include scriptPath . '/' . folderUsers . '/include/form/userPasswordForm.php';
} else {
echo '<p>' . $lForgotPassword["InvalidKey"] . '</p>';
}
}
/** Save folder. */
function saveFolder()
{
if (!empty($this->id)) {
global $errors;
global $lFileEditFolder;
// Check if data is submitted from the form
checkSubmitter();
// Get values
$this->name = getPostValue("folderName");
$this->parent = new Folder(getPostValue("folderId"));
// Validate
if (empty($this->name)) {
$errors->addError("folderName", $lFileEditFolder["MissingFoldername"]);
}
if (!$errors->hasErrors()) {
// Rename folder
$this->renameFolder($this->name);
}
return $errors;
}
}
if (!empty($return_path)) {
$url = $return_path;
} else {
//$url=empty ( $STARTVIEW ) ? "month.php" : "$STARTVIEW.php";
$url = "month.php";
// $url = "index.php";
}
$lang = '';
if (!empty($LANGUAGE)) {
$lang = languageToAbbrev($LANGUAGE);
}
if (empty($lang)) {
$lang = 'fr';
}
$login = getPostValue('login');
$password = getPostValue('password');
// calculate path for cookie
if (empty($PHP_SELF)) {
$PHP_SELF = $_SERVER["PHP_SELF"];
}
$cookie_path = str_replace("login.php", "", $PHP_SELF);
//echo "Cookie path: $cookie_path\n";
if ($single_user == "Y") {
// No login for single-user mode
do_redirect("index.php");
} else {
if ($use_http_auth) {
// There is no login page when using HTTP authorization
do_redirect("index.php");
} else {
if (!empty($login) && !empty($password)) {
$settings['db_persistent'] = getPostValue('form_db_persistent');
$settings['single_user_login'] = getPostValue('form_single_user_login');
$settings['readonly'] = getPostValue('form_readonly');
if (getPostValue("form_user_inc") == "http") {
$settings['use_http_auth'] = 'true';
$settings['single_user'] = '******';
$settings['user_inc'] = 'user.php';
} else {
if (getPostValue("form_user_inc") == "none") {
$settings['use_http_auth'] = 'false';
$settings['single_user'] = '******';
$settings['user_inc'] = 'user.php';
} else {
$settings['use_http_auth'] = 'false';
$settings['single_user'] = '******';
$settings['user_inc'] = getPostValue('form_user_inc');
}
}
// Save settings to file now.
if (empty($password)) {
$onload = "alert('Your settings have been saved.\\n\\n" . "Please be sure to set a password.\\n');";
$forcePassword = true;
} else {
$onload .= "alert('Your settings have been saved.\\n\\n');";
}
$fd = @fopen($file, "w+b", false);
if (empty($fd)) {
if (file_exists($file)) {
$onload = "alert('Error: unable to write to file {$file}\\nPlease change the file permissions of this file.');";
} else {
$onload = "alert('Error: unable to write to file {$file}\\nPlease change the file permissions of your includes directory\\nto allow writing by other users.');";
function initialize_page()
{
$event_id = getRequestVarAtIndex(4);
$event = Events::FindById($event_id);
$event_types = EventTypes::FindAll();
$event_periods = EventPeriods::FindAll();
$year = getRequestVarAtIndex(2);
$month = getRequestVarAtIndex(3);
$post_action = "";
if (isset($_POST['submit'])) {
$post_action = $_POST['submit'];
}
if ($post_action == "Edit Event" || $post_action == "Edit and Return to List") {
if (isset($_POST['delete'])) {
$event->delete(true);
setFlash("<h3>Event Deleted</h3>");
redirect("/admin/list_events");
}
$event->title = $_POST['title'];
$event->description = $_POST['description'];
if (!getPostValue('time_start')) {
$event->setDateStart(getPostValue('date_start'), "04:00:00");
} else {
$event->setDateStart(getPostValue('date_start'), getPostValue('time_start'));
}
if (!getPostValue('date_end') && !getPostValue('time_end')) {
$event->setDateEnd(getPostValue('date_start'), "04:00:00");
} else {
if (!getPostValue('date_end') && getPostValue('time_end')) {
$event->setDateEnd(getPostValue('date_start'), getPostValue('time_end'));
} else {
$event->setDateEnd(getPostValue('date_end'), getPostValue('time_end'));
}
}
$notdates = getPostValue('notdates');
$del_query = "DELETE FROM events_notdate WHERE event_id = {$event->id};";
mysql_query($del_query, MyActiveRecord::Connection());
if (is_array($notdates)) {
foreach ($notdates as $date) {
if (strlen($date) > 4) {
$query = "INSERT INTO events_notdate VALUES('{$event->id}','" . formatDateView($date, "Y-m-d") . "')";
mysql_query($query, MyActiveRecord::Connection()) or die($query);
}
}
}
$event->eventtype_id = isset($_POST['eventtype_id']) ? $_POST['eventtype_id'] : 1;
$event->eventperiod_id = $_POST['eventperiod_id'];
$event->save();
edit_eventUpdateRecurrences();
setFlash("<h3>Event changes saved</h3>");
if ($post_action == "Edit and Return to List") {
redirect("/admin/list_events/{$year}/{$month}");
} else {
redirect("/admin/edit_event/{$year}/{$month}/{$event_id}");
}
}
}
// see if a return path was set
$return_path = get_last_view(false);
}
}
if (!empty($return_path)) {
$return_path = clean_whitespace($return_path);
$url = $return_path;
} else {
$url = 'index.php';
}
// If Application Name is set to Title then get translation
// If not, use the Admin defined Application Name
$appStr = generate_application_name();
$login = getPostValue('login');
$password = getPostValue('password');
$remember = getPostValue('remember');
// calculate path for cookie
if (empty($PHP_SELF)) {
$PHP_SELF = $_SERVER['PHP_SELF'];
}
if ($single_user == 'Y') {
// No login for single-user mode
do_redirect('index.php');
} else {
if ($use_http_auth) {
// There is no login page when using HTTP authorization
do_redirect('index.php');
} else {
if (!empty($login) && !empty($password) && !$logout) {
if (get_magic_quotes_gpc()) {
$password = stripslashes($password);
/**
* Save blog in database.
* @param $readPost Read values from post.
* @return ErrorLog if there were errors.
*/
function saveBlog($readPost = true)
{
// Create ErrorLog object
$errorLog = new ErrorLog();
if ($this->hasAdministerPermission()) {
global $dbi, $log, $login, $module;
// Check if data is submitted from the form
checkSubmitter();
// Include language
include scriptPath . "/include/language/" . pageLanguage . "/general.php";
include scriptPath . "/" . folderBlog . "/include/language/" . $this->language . "/general.php";
// Save values from post
if ($readPost) {
$this->category = parseHtml(getPostValue("category"), 0);
$this->description = parseHtml(getPostValue("description"), 1);
$this->language = getPostValue("language");
$this->postLimit = getPostValue("postLimit");
$this->showRSSLink = getPostValue("showRSSLink");
$this->showRSSCommentsLink = getPostValue("showRSSCommentsLink");
$this->subscribers = parseHtml(getPostValue("subscribers"), 0);
$this->title = parseHtml(getPostValue("title"), 0);
}
// Validate data
if (empty($this->language)) {
$this->language = pageDefaultLanguage;
}
if (empty($this->title)) {
$errorLog->addError("title", $lBlogEdit["MissingTitle"]);
} else {
if (empty($this->id)) {
$blog = new Blog("", $this->title);
if (!empty($blog->id)) {
$errorLog->addError("title", $lBlogEdit["BlogExists"]);
}
}
}
// If there were no errors update database
if (!$errorLog->hasErrors()) {
if (empty($this->id)) {
// Get max position
$result = $dbi->query("SELECT MAX(position) FROM " . blogTableName);
if ($result->rows()) {
list($position) = $result->fetchrow_array();
$position++;
} else {
$position = 0;
}
// Insert blog into database
$dbi->query("INSERT INTO " . blogTableName . "(title,category,description,subscribers,language,postLimit,showRSSLink,showRSSCommentsLink,position) VALUES(" . $dbi->quote($this->title) . "," . $dbi->quote($this->category) . "," . $dbi->quote($this->description) . "," . $dbi->quote($this->subscribers) . "," . $dbi->quote($this->language) . "," . $dbi->quote($this->postLimit) . "," . $dbi->quote($this->showRSSLink) . "," . $dbi->quote($this->showRSSCommentsLink) . "," . $dbi->quote($position) . ")");
// Get new blog id
$this->id = $dbi->getInsertId();
// Set default permissions
$login->setModuleContentPermissions(blogContentId, $this->id, "Visitors", 0, 0, 1, 0, 0, 0, 0, 1);
$login->setModuleContentPermissions(blogContentId, $this->id, "Users", 0, 0, 1, 0, 0, 0, 0, 1);
} else {
// Update blog in database
$dbi->query("UPDATE " . blogTableName . " SET title=" . $dbi->quote($this->title) . ",category=" . $dbi->quote($this->category) . ",description=" . $dbi->quote($this->description) . ",subscribers=" . $dbi->quote($this->subscribers) . ",language=" . $dbi->quote($this->language) . ",postLimit=" . $dbi->quote($this->postLimit) . ",showRSSLink=" . $dbi->quote($this->showRSSLink) . ",showRSSCommentsLink=" . $dbi->quote($this->showRSSCommentsLink) . " WHERE id=" . $dbi->quote($this->id));
}
// Upload index picture
if (!empty($_FILES["img_0"])) {
uploadFile($_FILES["img_0"], "blog_" . $this->id, array("image/jpeg", "image/pjpeg", "image/gif"), 0, 50, 50);
}
// Log transaction
$log->logTransaction(blogContentId, $this->id);
} else {
if (!empty($_FILES["img_0"]["tmp_name"])) {
$errorLog->addError("upload", $lErrors["ReUploadImages"]);
}
}
}
return $errorLog;
}
function initialize_page()
{
$event_types = EventTypes::FindAll();
$event_periods = EventPeriods::FindAll();
$post_action = "";
if (isset($_POST['submit'])) {
$post_action = $_POST['submit'];
if ($post_action == "Add Event and add another" || $post_action == "Add and Return to List") {
$event = MyActiveRecord::Create('Events', $_POST);
if (!getPostValue('time_start')) {
$event->setDateStart(getPostValue('date_start'), "04:00:00");
} else {
$event->time_start = date("H:i:s", strtotime(getPostValue('time_start')));
}
if (!getPostValue('date_end') && !getPostValue('time_end')) {
$event->setDateEnd(getPostValue('date_start'), "04:00:00");
} else {
if (!getPostValue('date_end') && getPostValue('time_end')) {
$event->setDateEnd(getPostValue('date_start'), date("H:i:s", strtotime(getPostValue('time_end'))));
} else {
$event->setDateEnd(getPostValue('date_end'), date("H:i:s", strtotime(getPostValue('time_end'))));
}
}
$event->eventtype_id = isset($_POST['eventtype_id']) ? $_POST['eventtype_id'] : 1;
$event->eventperiod_id = $_POST['eventperiod_id'];
$event->save();
$notdates = getPostValue('notdates');
if (is_array($notdates)) {
foreach ($notdates as $date) {
if (strlen($date) > 4) {
$query = "INSERT INTO events_notdate VALUES('{$event->id}','" . formatDateView($date, "Y-m-d") . "')";
mysql_query($query, MyActiveRecord::Connection()) or die($query);
}
}
}
add_eventUpdateRecurrences($event);
$thisnewevent = Events::FindById($event->id);
if ($thisnewevent->date_end < $thisnewevent->date_start) {
setFlash("<h3>Whoops! Event Starts after it Ends! Please correct dates...</h3>");
$eventyear = parseDate($thisnewevent->date_start, "Y");
$eventmonth = parseDate($thisnewevent->date_start, "n");
redirect("/admin/edit_event/{$eventyear}/{$eventmonth}/{$thisnewevent->id}");
} else {
setFlash("<h3>Event added</h3>");
if ($post_action == "Add and Return to List") {
// Redirect user to the Main Event List
$datestart = explode("/", getPostValue('date_start'));
setFlash("<h3>Event added</h3>");
redirect("/admin/list_events/{$datestart['2']}/{$datestart['0']}");
}
}
}
}
}
$previewStr = translate('Preview');
$allStr = translate('All');
$purgingStr = translate('Purging events for');
$deleteStr = translate('Delete');
$delete = getPostValue('delete');
$do_purge = false;
if (!empty($delete)) {
$do_purge = true;
}
$purge_all = getPostValue('purge_all');
$purge_deleted = getPostValue('purge_deleted');
$end_year = getPostValue('end_year');
$end_month = getPostValue('end_month');
$end_day = getPostValue('end_day');
$username = getPostValue('username');
$preview = getPostValue('preview');
$preview = empty($preview) ? false : true;
$INC = array('js/visible.php');
print_header($INC);
?>
<table summary="">
<tr><td style="vertical-align:top; width:50%;">
<?php
echo '<h2>' . translate('Delete Events');
if ($preview) {
echo '[ ' . $previewStr . ']';
}
echo "</h2>\n";
echo display_admin_link();
if ($do_purge) {
// Move folders
$folders = getPostValue("folders");
if (!empty($folders)) {
for ($i = 0; $i < sizeof($folders); $i++) {
$moveFolderId = getPostValue("moveFolderId");
if (!empty($folders[$i]) && !empty($moveFolderId)) {
$tmpFolder = new Folder($folders[$i]);
$tmpFolder->moveFolder($moveFolderId);
}
}
}
// Move files
$files = getPostValue("files");
if (!empty($files)) {
for ($i = 0; $i < sizeof($files); $i++) {
$moveFolderId = getPostValue("moveFolderId");
if (!empty($files[$i]) && !empty($moveFolderId)) {
$tmpFile = new File($files[$i]);
$tmpFile->moveFile($moveFolderId);
}
}
}
// Redirect
redirect(scriptUrl . "/" . folderFilesAdmin . "/" . fileFilesIndex . (!empty($folder->id) ? "?folderId=" . $folder->id : ""));
}
// Add navigation links
$site->addNavigationLink(scriptUrl . "/" . folderAdmin, $lAdminIndex["Header"]);
$site->addNavigationLink(scriptUrl . "/" . folderFilesAdmin, $lFileIndex["Header"]);
// Print common header
$site->printHeader();
// Print description
<?php
/* $Id: about.php,v 1.16.2.3 2007/08/06 02:28:29 cknudsen Exp $ */
include_once 'includes/init.php';
$credits = getPostValue('Credits');
$data = '';
if (!empty($credits)) {
// Get Names from AUTHORS file.
if ($fd = @fopen('AUTHORS', 'r')) {
// Read in contents of entire file first.
while (!feof($fd) && empty($error)) {
$data .= fgets($fd, 4096);
}
fclose($fd);
}
// $data = unhtmlentities ( $data );
$data = preg_replace('/<.+>+/', '', $data);
$data = preg_replace("/\n\\s/", '<br /> ', $data);
$data = preg_replace('/\\s\\s+/', ' ', $data);
$data = preg_replace('/\\n/', '<br />', $data);
}
print_header('', '', '', true, false, true);
echo '
<div align="left" style="margin-left:4px; position:absolute; bottom:0">';
if (empty($credits)) {
echo '
<a title="' . $PROGRAM_NAME . '" href="' . $PROGRAM_URL . '" target="_blank">
<h2 style="margin:0">' . translate('Title') . '</h2>
<p>' . str_replace('XXX', $PROGRAM_VERSION, translate('version XXX')) . '</p>
<p>' . $PROGRAM_DATE . '</p></a>
<p> </p>
<?php
// Include common functions and declarations
require_once "include/common.php";
// Get mode
$mode = getGetValue("mode");
// Send link
$success = 0;
if (!empty($mode)) {
$name = getPostValue("name");
$mail = getPostValue("email");
$message = getPostValue("message");
$subject = getPostValue("subject");
// Validate input
if (empty($name)) {
$errors->addError("name", $lSendMail["MissingName"]);
}
if (empty($mail)) {
$errors->addError("mail", $lSendMail["MissingMail"]);
}
if (!checkEmail($mail)) {
$errors->addError("mail", $lSendMail["InvalidMail"]);
}
if (empty($subject)) {
$errors->addError("subject", $lSendMail["MissingSubject"]);
}
// If there were no errors send mail
if (!$errors->hasErrors()) {
// Send link
if (mail(pageAdminMail, $subject, $message, "From: " . $name . " <" . $mail . ">\n")) {
$success = 1;
dbi_free_result($res);
} else {
$error = db_error();
}
}
if (!empty($_FILES['FileName'])) {
$file = $_FILES['FileName'];
}
// Make sure we clear $file if no file was upoaded.
if (!empty($file['tmp_name']) && $file['tmp_name'] == 'none') {
$file = '';
}
if (!$is_my_event) {
$error = print_not_auth(5);
}
$delete = getPostValue('delete');
if (empty($error) && !empty($delete)) {
// Delete this category.
if (!dbi_execute('DELETE FROM webcal_categories
WHERE cat_id = ? AND ( cat_owner = ?' . ($is_admin ? ' OR cat_owner IS NULL )' : ' )'), array($id, $login))) {
$error = db_error();
}
if (!dbi_execute('DELETE FROM webcal_entry_categories
WHERE cat_id = ? AND ( cat_owner = ?' . ($is_admin ? ' OR cat_owner IS NULL )' : ' )'), array($id, $login))) {
$error = db_error();
}
// Rename any icons associated with this cat_id.
renameIcon($id);
} else {
if (empty($error) && empty($catname)) {
$error = translate('Category name is required');
/**
* Save comment in database
* @param $moduleId Module id to add comment to.
* @param $moduleContentTypeId Identifier of content type.
* @param $moduleContentId Identifier of content.
* @return List of errors if any.
*/
function saveComment($moduleId, $moduleContentTypeId, $moduleContentId)
{
global $dbi, $errors, $login, $referer, $settings, $spamFilter;
global $lComment, $lEditComment;
// Check if data is submitted from the form
checkSubmitter();
// Get user ip
$ip = getenv("REMOTE_ADDR");
// Get values
$this->moduleId = $moduleId;
$this->moduleContentTypeId = $moduleContentTypeId;
$this->moduleContentId = $moduleContentId;
$this->name = parseString(stripHtml(getValue("name")));
$this->mail = parseString(stripHtml(getValue("mail")));
$this->link = parseString(stripHtml(getValue("link")));
$this->subject = parseString(stripHtml(getValue("subject")));
$this->message = parseString(stripHtml(getValue("message")));
$this->spam = getValue("spam");
$this->userId = getValue("userId");
// Get default name
$defaultName = parseString(getPostValue("defaultName"));
// Validate comment data
if (empty($this->id)) {
if (!$this->hasCommentPermission()) {
$errors->addError("permissions", $lEditComment["InsufficientPermissions"]);
}
if (!$login->isLoggedIn()) {
if ($settings->commentsRequireValidation) {
if (!audit()) {
$errors->addError("validation", $lComment["WrongValidation"]);
}
}
if (empty($this->name) || $this->name == $defaultName) {
$errors->addError("name", $lEditComment["MissingName"]);
}
}
} else {
if (!$this->hasEditPermission()) {
$errors->addError("permissions", $lEditComment["InsufficientPermissions"]);
} else {
if (empty($this->name) && empty($this->userId)) {
$errors->addError("name", $lEditComment["MissingName"]);
}
}
}
if (empty($this->subject)) {
$errors->addError("subject", $lEditComment["MissingSubject"]);
}
if (empty($this->message)) {
$errors->addError("message", $lEditComment["MissingText"]);
}
// Check if message could be classified as spam
$spam = $spamFilter->isSpam($this->name, $this->mail, $this->subject, $this->message);
// Check if this ip has been spam before
if (!$spam) {
$result = $dbi->query("SELECT COUNT(*) FROM " . commentTableName . " WHERE spam=1 AND ip=" . $dbi->quote($ip));
if ($result->rows()) {
list($count) = $result->fetchrow_array();
if ($count != 0) {
$spam = true;
}
}
}
// If there were no errors insert or update comment
if (!$errors->hasErrors()) {
if (empty($this->id)) {
// Insert into comment database
$dbi->query("INSERT INTO " . commentTableName . "(moduleId,moduleContentTypeId,moduleContentId,userId,name,mail,link,subject,message,ip,posted,spam,trash) VALUES(" . $dbi->quote($moduleId) . "," . $dbi->quote($moduleContentTypeId) . "," . $dbi->quote($moduleContentId) . "," . ($login->isLoggedIn() ? $login->id : 0) . "," . $dbi->quote($this->name) . "," . $dbi->quote($this->mail) . "," . $dbi->quote($this->link) . "," . $dbi->quote($this->subject) . "," . $dbi->quote($this->message) . "," . $dbi->quote($ip) . ",NOW()," . $dbi->quote($spam) . ",0)");
// Get new comment id
$this->id = $dbi->getInsertId();
} else {
// Update values in database
$dbi->query("UPDATE " . commentTableName . " SET name=" . $dbi->quote($this->name) . ",mail=" . $dbi->quote($this->mail) . ",link=" . $dbi->quote($this->link) . ",subject=" . $dbi->quote($this->subject) . ",message=" . $dbi->quote($this->message) . ",posted=posted,spam=" . $dbi->quote($spam) . " WHERE (id=" . $dbi->quote($this->id) . ")");
}
// Remember poster
$remember = getValue("remember");
if (!empty($remember)) {
$poster["name"] = stripslashes($this->name);
$poster["mail"] = stripslashes($this->mail);
$poster["link"] = stripslashes($this->link);
$poster["remember"] = stripslashes($remember);
setcookie("commentPoster", addslashes(serialize($poster)), time() + 31536000);
}
}
// Return errors if any
return $errors;
}
function subscribedata($instance, $chargeIds, $rateplancharges, $rateplanId)
{
global $CCInfo;
global $Name;
global $FirstName;
global $LastName;
global $StartDate;
global $WorkEmail;
global $WorkPhone;
global $Address1;
global $Address2;
global $City;
global $State;
global $Country;
global $PostalCode;
global $CreditCardHolderName;
global $CreditCardNumber;
global $CreditCardExpirationMonth;
global $CreditCardExpirationYear;
global $CreditCardType;
global $CreditCardPostalCode;
$subscriptionName = " New Signup - From Open House(" . date('m/d/Y h:i:s') . ")";
$account = makeAccount(getPostValue($Name), 'USD', 'Draft');
// $contact = makeContact(getPostValue($FirstName),getPostValue($LastName),getPostValue($Address1),getPostValue($Address2),getPostValue($City),getPostValue($State),getPostValue($Country),getPostValue($PostalCode),getPostValue($WorkEmail),getPostValue($WorkPhone));
// $paymentmethod = makePaymentMethod(getPostValue($CreditCardHolderName), getPostValue($Address1),getPostValue($Address2), getPostValue($City), getPostValue($State), getPostValue($Country), getPostValue($PostalCode), getPostValue($CreditCardType), getPostValue($CreditCardNumber), getPostValue($CreditCardExpirationMonth),getPostValue($CreditCardExpirationYear));
$subscription = makeSubscription($subscriptionName, null);
$zSubscriptionData = makeSubscriptionData($subscription, $chargeIds, $rateplancharges, $rateplanId);
// $zSubscribeOptions = new Zuora_SubscribeOptions(false,false);
$result = $instance->PMD_CreateAcct($account, $zSubscriptionData);
// $result = $instance->subscribe($account, $zSubscriptionData, $contact, $paymentmethod, $zSubscribeOptions, $contact);
createMessage($result);
}
$ulastname = getPostValue('ulastname');
$user = trim(getPostValue('user'));
// translate ( 'Illegal characters in login' )
if ($user != addslashes($user)) {
$error = str_replace('XXX', htmlentities($user), translate('Illegal characters in login XXX.'));
}
// Check to make sure user doesn't already exist.
check_username($user);
// Check to make sure email address doesn't already exist.
check_email($uemail);
}
if (empty($error) && !empty($control)) {
if ($control == 'full') {
// Process full account addition.
$upassword1 = getPostValue('upassword1');
$upassword2 = getPostValue('upassword2');
// Do some checking of user info.
if (!empty($user) && !empty($upassword1)) {
if (get_magic_quotes_gpc()) {
$upassword1 = stripslashes($upassword1);
$user = stripslashes($user);
}
$user = trim($user);
if ($user != addslashes($user)) {
$error = str_replace('XXX', htmlentities($user), translate('Illegal characters in login XXX.'));
}
} else {
if ($upassword1 != $upassword2) {
$control = '';
$error = translate('The passwords were not identical.');
}
