function owner($article)
{
//checks if the logged author is the owner of a certain posting
$dosql = "SELECT author_id FROM " . $GLOBALS['prefix'] . "lb_postings \n WHERE id='" . $article . "';";
$result = mysql_query($dosql) or die(mysql_error());
$row = mysql_fetch_assoc($result);
if ($row['author_id'] == getuserid($_SESSION['nickname'])) {
return true;
} else {
return false;
}
}
function savepostedauthordata($editid)
{
global $settings;
$message = "";
//preparing posted data for saving
$putnick = htmlentities($_POST['nickname'], ENT_QUOTES, "UTF-8");
$putreal = htmlentities($_POST['realname'], ENT_QUOTES, "UTF-8");
$putmail = htmlentities($_POST['mail'], ENT_QUOTES, "UTF-8");
if (isset($_POST['edit_own'])) {
$putright1 = "1";
} else {
$putright1 = "0";
}
if (isset($_POST['publish_own'])) {
$putright2 = "1";
} else {
$putright2 = "0";
}
if (isset($_POST['edit_all'])) {
$putright3 = "1";
} else {
$putright3 = "0";
}
if (isset($_POST['publish_all'])) {
$putright4 = "1";
} else {
$putright4 = "0";
}
if (isset($_POST['admin'])) {
$putright5 = "1";
} else {
$putright5 = "0";
}
//you cannot degrade yourself, if you're an administrator!!
if ($putright5 == "0" and $editid == getuserid($_SESSION['nickname'])) {
$putright5 = "1";
$message = $message . "Administrators cannot degrade themselves! ";
}
//prepare password-change
if ($_POST['password'] != "default" and $_POST['password'] == $_POST['password2']) {
$putpass = "******" . md5($_POST['password']) . "',";
$message = $message . "Successfully saved changes! ";
} else {
$putpass = "";
if ($_POST['password'] != $_POST['password2']) {
$message = $message . "Password and confirmation did not match! ";
}
}
$dosql = "UPDATE " . $GLOBALS['prefix'] . "lb_authors SET\n " . $putpass . "\n nickname = '" . $putnick . "',\n realname = '" . $putreal . "',\n mail = '" . $putmail . "',\n edit_own = '" . $putright1 . "',\n publish_own = '" . $putright2 . "',\n edit_all = '" . $putright3 . "',\n publish_all = '" . $putright4 . "',\n admin = '" . $putright5 . "'\n \n WHERE id = '" . $editid . "';";
$result = mysql_query($dosql) or die(mysql_error());
echo "<p class=\"msg\">" . $message . "</p>";
}
function inputsvalidation()
{
$validateresult = array();
$validateresult['username'] = validateinput("username", "Username", array("required", 4));
$validateresult['secretword'] = validateinput("secretword", "Password", array("required", 8));
foreach ($validateresult as $key => $value) {
//echo $value. $control;
if ($value != 1) {
$inputsvalid = false;
$_SESSION['results']['message'] = "Username / Password is invalid";
header("Location: ../index.php");
} else {
${$key} = $_POST[$key];
}
}
if (validuser($username, $secretword)) {
$_SESSION['userid'] = getuserid($username);
header("Location: ../workspace.php");
} else {
$_SESSION['results']['message'] = "Username / Password is invalid";
header("Location: ../index.php");
}
}
//
$lang = getlang();
if (isset($lang)) {
if (file_exists("{$configdir}/{$lang}/config.php")) {
require "{$configdir}/{$lang}/config.php";
}
}
//
//
$pageid = getpageid();
if (!isset($pageid)) {
$pageid = $defaultpage;
}
$page_include = "include/" . $pageid;
$config_include = $configdir . "/" . $pageid;
if (file_exists($page_include)) {
if (file_exists($config_include)) {
require $config_include;
}
if (autherized(getuserid(), $pageauth)) {
require $page_include;
$page_var = page_init();
page_html_header($page_var);
page_main($page_var);
page_html_footer($page_var);
page_cleanup($page_var);
} else {
login();
}
}
// That's all folks ...
// Our custom secure way of starting a php session
$error_msg = "";
if (isset($_POST['p'], $_POST['op'])) {
$password = filter_input(INPUT_POST, 'p', FILTER_SANITIZE_STRING);
if (strlen($password) != 128) {
// The hashed pwd should be 128 characters long.
// If it's not, something really odd has happened
$error_msg .= '<p class="error">Invalid password configuration.</p>';
}
$oldpassword = filter_input(INPUT_POST, 'op', FILTER_SANITIZE_STRING);
if (strlen($oldpassword) != 128) {
// The hashed pwd should be 128 characters long.
// If it's not, something really odd has happened
$error_msg .= '<p class="error">Invalid password configuration.</p>';
}
$userid = getuserid();
if ($userid == 'FAIL') {
$error_msg .= '<p class="error">You are not logged in, please try again.</p>';
}
$prep_stmt = "SELECT Username, Password, Salt FROM Users WHERE UserID = ? LIMIT 1";
$stmt = $mysql->prepare($prep_stmt);
if ($stmt) {
$stmt->bind_param('i', $userid);
$stmt->execute();
$stmt->bind_result($email, $dboldpassword, $salt);
$stmt->fetch();
$stmt->close();
}
// Hash the password with the unique salt.
$oldpassword = hash('sha512', $oldpassword . $salt);
if ($oldpassword != $dboldpassword) {
if (isset($request[1]) && is_numeric($request[1])) {
$sv = new Wp_termsService();
$input = json_decode(file_get_contents("php://input"));
// var_dump($input);
$rs = $sv->updatewp_terms($input, getuserid($input));
// var_dump($rs);
return $rs;
exit;
}
} else {
if ($method == 'DELETE' && $request[0] == 'test') {
if (isset($request[1]) && is_numeric($request[1])) {
$sv = new Wp_termsService();
$input = json_decode(file_get_contents("php://input"));
// var_dump($input);
$rs = $sv->deletewp_terms($request[1], getuserid($input));
// var_dump($rs);
return $rs;
exit;
}
} else {
}
}
}
}
}
} else {
}
function getuserid($input)
{
// var_dump($input->user->userid);
var usermenu = [
[
'<img src=./img/16/user.png>',' <?php
echo getuserid();
?>
',null,null,null,
_cmSplit,
['<img src=./img/16/exit.png>','Logout','index.php?pageid=logout.php',null,null],
],
_cmSplit,
[
'<img src=./img/16/ring.png>','',null,null,null,
['<img src=./img/16/wglb.png>','Developement','index.php?pageid=help.php',null,null],
['<img src=./img/16/user.png>','User','index.php?pageid=help.php',null,null],
_cmSplit,
['<img src=./img/16/wglb.png>','Debug','index.php?pageid=debug.php',null,null],
['<img src=./img/16/idea.png>','About ...','index.php?pageid=about.php',null,null],
],
];
$fileExtension = strrchr($_FILES['postfile']['name'], ".");
// get extension of the uploaded file
if (!in_array($fileExtension, $validExtensions)) {
die(json_encode(array("jquery-upload-file-error" => 'Invalid file type')));
}
// check if file Extension is on the list of allowed ones
$ret['imagetype'] = $fileExtension;
$ImageSize = $_FILES['postfile']['size'];
// Obtain original image size
$ret['size'] = $ImageSize;
if ($ImageSize > 10000000) {
die(json_encode(array("jquery-upload-file-error" => 'You require an image with a size of NOT more that 10MB. Your Image is Larger')));
}
$imagename = basename($_FILES["postfile"]["name"]);
$uploadhere = "imageholder/" . $imagename;
$uploadfolder = '../images/posts/' . getuserid() . '/';
//$clean = $uploadfolder."/". md5($imagename)."/";
if (!file_exists($uploadfolder)) {
@mkdir($uploadfolder);
}
chmod($uploadfolder, 0777);
//if (!file_exists( $clean )) { @mkdir( $clean ); }chmod( $clean,0777);
if (file_exists($uploadfolder . $imagename)) {
$imagename = date('ydmhis') . $imagename;
}
$uploadfolder = $uploadfolder . $imagename;
if (!move_uploaded_file($_FILES["postfile"]["tmp_name"], $uploadfolder)) {
die(json_encode(array("jquery-upload-file-error" => 'Error Uploading the image. Please try again later')));
} else {
$imageproperties = $uploadfolder;
$original = new Imagick($imageproperties);
/**
* @deprecated, call getuserid() directly
*/
function getUser($number)
{
return getuserid($number);
}
if (isset($request[1]) && is_numeric($request[1])) {
$sv = new AutocompleteService();
$input = json_decode(file_get_contents("php://input"));
// var_dump($input);
$rs = $sv->updateautocomplete($input, getuserid($input));
// var_dump($rs);
return $rs;
exit;
}
} else {
if ($method == 'DELETE' && $request[0] == 'test') {
if (isset($request[1]) && is_numeric($request[1])) {
$sv = new AutocompleteService();
$input = json_decode(file_get_contents("php://input"));
// var_dump($input);
$rs = $sv->deleteautocomplete($request[1], getuserid($input));
// var_dump($rs);
return $rs;
exit;
}
} else {
}
}
}
}
}
} else {
// echo 'start';
// $sv = new AutocompleteService();
// $sv->search('dr');
}
/**
* checks if the logged author is the owner of a certain posting
*
* @param unknown_type $article
* @return unknown
*/
function owner($article)
{
$dosql = 'SELECT author_id FROM ' . $GLOBALS['prefix'] . 'lb_postings WHERE id="' . $article . '";';
$row = $GLOBALS['lbdata']->GetArray($dosql);
if ($row[0]['author_id'] == getuserid($_SESSION['nickname'])) {
return true;
} else {
return false;
}
}
} else {
header("Location: index.php?site=messenger&action=incoming");
}
} elseif (isset($_POST['send'])) {
include "_mysql.php";
include "_settings.php";
include "_functions.php";
$_language->read_module('messenger');
$touser = $_POST['touser'];
if ($touser[0] == "" and $_POST['touser_field'] != "*") {
$tmp = explode(",", $_POST['touser_field']);
for ($i = 0; $i < 5; $i++) {
if (isset($tmp[$i])) {
$tmp[$i] = trim($tmp[$i]);
if (!empty($tmp[$i])) {
$touser[$i] = getuserid($tmp[$i]);
} else {
break;
}
} else {
break;
}
}
}
if (isset($_POST['eachmember'])) {
unset($touser);
$ergebnis = safe_query("SELECT userID FROM " . PREFIX . "user");
while ($ds = mysql_fetch_array($ergebnis)) {
if (isclanmember($ds['userID'])) {
$touser[] = $ds['userID'];
}
if (isset($request[1]) && is_numeric($request[1])) {
$sv = new UserService();
$input = json_decode(file_get_contents("php://input"));
// var_dump($input);
$rs = $sv->updateUser($input, getuserid($input));
// var_dump($rs);
return $rs;
exit;
}
} else {
if ($method == 'DELETE' && $request[0] == 'test') {
if (isset($request[1]) && is_numeric($request[1])) {
$sv = new UserService();
$input = json_decode(file_get_contents("php://input"));
// var_dump($input);
$rs = $sv->deleteUser($request[1], getuserid($input));
// var_dump($rs);
return $rs;
exit;
}
} else {
}
}
}
}
}
} else {
// $sv = new UserService();
// $rs = $sv->getAllUser();
// var_dump($rs);
}
function getPost($id)
{
$pdo = getConnection();
$marray = array();
try {
$ss = "SELECT p.id,p.name,p.caption,p.thedate AS timeposted,p.numberofcomments,p.numberoflikes,u.username AS owner,CASE WHEN EXISTS (SELECT user_id FROM post WHERE user_id = ? AND id=p.id) THEN 'true' ELSE 'false' END AS owns,CASE WHEN EXISTS (SELECT user_id FROM instagram.like WHERE user_id = ? AND post_id=p.id) THEN 'true' ELSE 'false' END AS hasliked FROM post p LEFT JOIN user u ON p.user_id=u.id WHERE p.id=? ORDER BY p.id DESC";
$stmnt = $pdo->prepare($ss);
$stmnt->execute(array(getuserid(), getuserid(), $id));
$resp = array();
while ($row = $stmnt->fetch(PDO::FETCH_OBJ)) {
$resp[] = $row;
}
$marray['response'] = $resp;
} catch (PDOExpetion $e) {
$marray['error'] = $e->getMessage();
}
echo json_encode($marray);
return false;
}
function survey()
{
global $prefix, $selected, $MySQL, $sqldbdb, $set;
require_once "addons/survey/settings.php";
if (file_exists("addons/survey/lang/lang_" . $set['language'] . ".php")) {
require_once "addons/survey/lang/lang_" . $set['language'] . ".php";
} else {
require_once "addons/survey/lang/lang_en_US.php";
}
$out = "";
if (isset($_POST['surveyvote'])) {
if (sanitize($_POST['surveyvote']) == "voted") {
// check if user already voted
$voterid = getuserid($_SESSION['user']);
if (!$voterid) {
$voterid = 9999;
}
$output = dbquery("SELECT * FROM " . $prefix . "surveyvotes WHERE surveyid=" . $_POST['surveyid'] . " AND voterid={$voterid}");
if (num_rows($output) && $voterid != 9999) {
$out .= "<h3 style=\"color: red;\">{$surveymessage['12']}</h3>\n";
} else {
dbquery("INSERT INTO " . $prefix . "surveyvotes (id, surveyid, vote, voterid) VALUES ( null, " . $_POST['surveyid'] . ", " . $_POST[$_POST['surveyid']] . ", {$voterid} )");
$_POST['surveyvote'] = "results";
}
}
}
$out .= "<div style=\"width: " . $surveywidth . "px; \">\n";
unset($row);
if (sanitize($_POST['surveyvote']) == "results") {
$out .= "<h3 id=\"surveytitle\">{$surveymessage['13']}</h3>\n";
$surveys = fetch_all(dbquery("SELECT * FROM " . $prefix . "surveynames WHERE surveyid=0"));
$s = 0;
while ($surveys[$s]['id']) {
$out .= "<p class=\"surveynames\">" . decode($surveys[$s]['surveyname']) . "</p>\n";
$query = "SELECT * FROM " . $prefix . "surveynames WHERE surveyid=" . $surveys[$s]['id'];
$row = fetch_all(dbquery($query));
$i = 0;
$out .= "<table class=\"surveyresults\">\n";
while ($row[$i]['id']) {
$out .= "<tr><td>" . decode($row[$i]['surveyname']) . " - </td><td>";
$output = dbquery("SELECT * FROM " . $prefix . "surveyvotes WHERE surveyid=" . $surveys[$s]['id'] . " AND vote=" . $row[$i]['place']);
$out .= num_rows($output);
$out .= "</td></tr>\n";
$i++;
}
$out .= "</table>\n";
$s++;
}
$out .= "<form name=\"surveyform\" method=\"POST\" id=\"surveyreturn\" action=\"\">\n";
$out .= "<p style=\" text-align: center; \"><br /><input type=\"submit\" name=\"aaa\" value=\"{$surveymessage['14']}\" /></p>\n</form>\n";
} else {
$row = fetch_all(dbquery("SELECT * FROM " . $prefix . "surveynames WHERE surveyid=0"));
$i = 0;
$adminlevel = 0;
while ($row[$i]['id']) {
$out .= "<form name=\"surveyform\" method=\"POST\" action=\"\">\n";
$out .= "<h3 id=\"surveytitle\">" . decode($row[$i]['surveyname']) . "</h3>\n";
$out .= "<ul class=\"surveylist\" style=\" list-style: none; margin-left: 20px;\">\n";
$adminlevel = $row[$i]['adminlevel'];
unset($row1);
if ($row1 = fetch_all(dbquery("SELECT * FROM " . $prefix . "surveynames WHERE surveyid=" . $row[$i]['id'] . " ORDER BY place"))) {
$j = 0;
while ($row1[$j]['id']) {
$out .= "<li>";
if (intval($_SESSION['adminlevel']) >= $adminlevel) {
$out .= "<input type = \"Radio\" Name =\"" . $row[$i]['id'] . "\" value= \"" . $row1[$j]['place'] . "\" /> - ";
}
$out .= decode($row1[$j]['surveyname']) . "</li>\n";
$j++;
}
}
$out .= "</ul>\n";
if (intval($_SESSION['adminlevel']) >= $adminlevel) {
$out .= "<p style=\"text-align: center;\">";
$out .= "<input type=\"hidden\" name=\"surveyid\" value=\"" . $row[$i]['id'] . "\" />\n";
$out .= "<input type=\"hidden\" name=\"surveyvote\" value=\"voted\" /><input type=\"submit\" name=\"aaa\" value=\"{$surveymessage['10']}\" /><br />\n";
}
$out .= "</p></form>\n";
$i++;
}
$out .= "<form name=\"viewresults\" id=\"viewresults\" method=\"POST\" action=\"\">\n";
$out .= "<p style=\"text-align: center;\"><input type=\"hidden\" name=\"surveyvote\" value=\"results\" />";
$out .= "<input type=\"submit\" name=\"aaa\" value=\"{$surveymessage['11']}\" /></form></p>\n";
}
$out .= "</div>\n";
return $out;
}
}
}
}
////////////////// WHICH CONTENT DO WE SHOW?
//show the html-head which is always needed
include "inc/head.php";
//show the login-screen if access is denied
if (!$access) {
include "inc/backend_login.php";
} else {
//write login-data into session-data (if needed)
if (!isset($_SESSION['nickname'])) {
session_register('nickname');
session_register('password');
session_register('ipnumber');
session_register('authorid');
$_SESSION['nickname'] = $_POST['nickname'];
$_SESSION['authorid'] = getuserid($_POST['nickname']);
$_SESSION['password'] = md5($_POST['password']);
$_SESSION['ipnumber'] = $_SERVER['REMOTE_ADDR'];
}
//no url request? show postings as default
if (!isset($_GET['page'])) {
$loadme = "inc/backend_postings.php";
} else {
$loadme = "inc/backend_" . $_GET['page'] . ".php";
}
//yee-hah! finally we do show real content on our page!
include $loadme;
}
include "inc/footer.php";
require_once "databaseconnection.php";
function getuserid($name)
{
global $test;
$query = "SELECT user_id FROM user_name WHERE user_name = '" . $name . "'";
$statement = $test->prepare($query);
$statement->execute();
$userids = $statement->fetchAll();
$statement->closeCursor();
return $userids;
}
global $test;
$item = $_GET['item'];
$comment = filter_input(INPUT_POST, "comment", FILTER_SANITIZE_STRING);
$user = $_SESSION['user'];
$users = getuserid($user);
foreach ($users as $u) {
$user_id = $u['user_id'];
}
//echo $user_id." ";
//echo $item." ";
//ho $comment." ";
//echo $user." ";
// Begin a new Transaction -->
$test->beginTransaction();
// First insert the scripture INSERT INTO review (review, item_id, user_id) VALUES ("TEST", 1, 3)-->
$query = "INSERT INTO review (review, item_id, user_id) VALUES (:comment, :item, :user_name)";
$statement = $test->prepare($query);
$statement->bindValue(":comment", $comment);
$statement->bindValue(":item", $item);
$statement->bindValue(":user_name", $user_id);
function savepostedauthordata($editid)
{
global $settings;
$message = "";
$return = true;
$message = bla("msg_savesuccess");
$changepass = false;
//preparing posted data for saving
$putnick = htmlentities($_POST['nickname'], ENT_QUOTES, "UTF-8");
$putreal = htmlentities($_POST['realname'], ENT_QUOTES, "UTF-8");
$putmail = htmlentities($_POST['mail'], ENT_QUOTES, "UTF-8");
if (isset($_POST['edit_own'])) {
$putright1 = "1";
} else {
$putright1 = "0";
}
if (isset($_POST['publish_own'])) {
$putright2 = "1";
} else {
$putright2 = "0";
}
if (isset($_POST['edit_all'])) {
$putright3 = "1";
} else {
$putright3 = "0";
}
if (isset($_POST['publish_all'])) {
$putright4 = "1";
} else {
$putright4 = "0";
}
if (isset($_POST['admin'])) {
$putright5 = "1";
} else {
$putright5 = "0";
}
//you cannot degrade yourself, if you're an administrator!!
if ($putright5 == "0" and $editid == getuserid($_SESSION['nickname'])) {
$putright5 = "1";
$message = bla("msg_admindegrade");
$return = false;
}
//prepare password-change
if ($_POST['password'] != "default" and $_POST['password'] == $_POST['password2']) {
$putpass = "******" . md5($_POST['password']) . "',";
$return = true;
$changepass = true;
} else {
$putpass = "";
if ($_POST['password'] != $_POST['password2']) {
$message = bla("msg_errorpassconfirm");
$return = false;
}
}
$dosql = "UPDATE " . $GLOBALS['prefix'] . "lb_authors SET\n " . $putpass . "\n nickname = '" . $putnick . "',\n realname = '" . $putreal . "',\n mail = '" . $putmail . "',\n edit_own = '" . $putright1 . "',\n publish_own = '" . $putright2 . "',\n edit_all = '" . $putright3 . "',\n publish_all = '" . $putright4 . "',\n admin = '" . $putright5 . "'\n \n WHERE id = '" . $editid . "';";
$GLOBALS['lbdata']->Execute($dosql);
echo "<p class=\"msg\">" . $message . "</p>";
//set fresh cookies, if user is editing his own data
if ($editid == getuserid($_SESSION['nickname'])) {
$_SESSION['nickname'] = $putnick;
if ($changepass) {
$_SESSION['password'] = md5($_POST['password']);
}
}
return $return;
}
##########################################################################
*/
$_language->read_module('profile');
$profile_username = $_GET['username'];
if (isset($_GET['id'])) {
$id = (int) $_GET['id'];
} else {
$id = $userID;
}
if (isset($_GET['action'])) {
$action = $_GET['action'];
} else {
$action = '';
}
if (isset($_GET['username'])) {
$id = getuserid($_GET['username']);
}
if (isset($id) and getnickname($id) != '') {
if (isbanned($id)) {
$banned = '<div id="profile_banned">This user is Banned.</div>';
} else {
$banned = '';
}
if (isbanned($id)) {
$bannedpic = '';
} else {
$bannedpic = '';
}
if ($action == "galleries") {
//galleries
eval("\$title_profile = \"" . gettemplate("title_profile") . "\";");
function users_getid($m)
{
global $xmlrpcerruser;
$err = "";
// get the param values (should add integrity checking here)
$un = $m->getParam(0);
//
$username = $un->scalarval();
list($username, $archives) = explode("___", $username);
if (file_exists("{$_SERVER['PWUSERS_DIR']}/{$username}/userinfo.dat")) {
$userid = getuserid($username);
} else {
$userid = 0;
}
// if we generated an error, create an error return response
if ($err) {
return new xmlrpcresp(0, $xmlrpcerruser, $err);
} else {
// otherwise, we create the right response
// with the state name
return new xmlrpcresp(new xmlrpcval($userid, 'int'));
}
}
