function message_box() { global $prefix, $MAIN_CFG, $currentlang, $db, $userinfo; require_once CORE_PATH . 'nbbcode.php'; $query = $MAIN_CFG['global']['multilingual'] ? "AND (mlanguage='{$currentlang}' OR mlanguage='')" : ''; if (!is_admin()) { if (is_user()) { $query .= ' AND view!=2 AND view!=3'; } else { $query .= ' AND (view=0 OR view=3)'; } } $result = $db->sql_query('SELECT mid, title, content, date, expire, view FROM ' . $prefix . "_message WHERE active='1' {$query} ORDER BY date DESC"); while (list($mid, $title, $content, $date, $expire, $view) = $db->sql_fetchrow($result)) { $content = decode_bb_all($content, 1, true); if (!empty($title) && !empty($content)) { $output = ''; if ($view == 0) { $output = _MVIEWALL; } elseif ($view == 1) { $output = _MVIEWUSERS; } elseif ($view == 2) { $output = _MVIEWADMIN; } elseif ($view == 3) { $output = _MVIEWANON; } elseif ($view > 3 && (in_group($view - 3) || is_admin())) { // <= phpBB User Groups Integration $view = $view - 3; if (!in_group($view)) { list($output) = $db->sql_ufetchrow("SELECT group_name FROM " . $prefix . "_bbgroups WHERE group_id='{$view}'", SQL_NUM); } else { $output = in_group($view); } } if ($output != '') { $remain = ''; if (can_admin()) { if ($expire == 0) { $remain = _UNLIMITED; } else { $etime = ($date + $expire - time()) / 3600; $etime = intval($etime); $remain = $etime < 1 ? _EXPIRELESSHOUR : _EXPIREIN . " {$etime} " . _HOURS; } } global $cpgtpl; $cpgtpl->assign_block_vars('messageblock', array('S_TITLE' => $title, 'S_CONTENT' => $content, 'S_OUTPUT' => $output, 'S_DATE' => _POSTEDON . ' ' . formatDateTime($date, _DATESTRING2), 'S_REMAIN' => $remain, 'S_EDIT' => _EDIT, 'U_EDITMSG' => URL::admin('messages&edit=' . $mid))); } if ($expire != 0) { if ($date + $expire < time()) { $db->sql_query("UPDATE " . $prefix . "_message SET active='0' WHERE mid='{$mid}'"); } } } } $db->sql_freeresult($result); }
/** * beforeFilter * * Application hook which runs prior to each controller action * * @access public */ function checkAdminSession() { if ($this->Auth->user()) { $groups = $this->Session->read('Groups'); //debug($groups); //die; if (!in_group('Admin', $groups) && !in_group('Moderator', $groups)) { $this->Session->del('Auth'); $this->Session->del('Permissions'); $this->Session->del('Groups'); $this->Session->setFlash('You do not have permission to access the administration.'); $this->redirect(array('admin' => false, 'controller' => 'users', 'action' => 'login')); } // $this->redirect(array('admin' => true, 'controller' => low($this->name), 'action' => low($this->action))); } }
| at www.gnu.org/licenses/agpl.html. Removal of this | copyright header is strictly prohibited without | written permission from the original author(s). +--------------------------------------------------------*/ require_once "maincore.php"; require_once THEMES . "templates/header.php"; require_once INCLUDES . "comments_include.php"; require_once INCLUDES . "ratings_include.php"; require_once THEMES . "templates/global/custompage.php"; $locale = fusion_get_locale("", LOCALE . LOCALESET . "custom_pages.php"); $cp_data = array(); if (!isset($_GET['page_id']) || !isnum($_GET['page_id'])) { redirect("index.php"); } $_GET['rowstart'] = isset($_GET['rowstart']) && isnum($_GET['rowstart']) ? $_GET['rowstart'] : 0; $cp_result = dbquery("SELECT * FROM " . DB_CUSTOM_PAGES . "\n WHERE page_id='" . intval($_GET['page_id']) . "' AND " . groupaccess('page_access') . "\n " . (multilang_table("CP") ? "AND " . in_group("page_language", LANGUAGE) : "")); $info = array("title" => "", "error" => "", "body" => "", "count" => 0, "pagenav" => "", "show_comments" => "", "show_ratings" => ""); if (dbrows($cp_result) > 0) { $cp_data = dbarray($cp_result); add_to_title($locale['global_200'] . $cp_data['page_title']); add_breadcrumb(array('link' => BASEDIR . "viewpage.php?page_id=" . $_GET['page_id'], 'title' => $cp_data['page_title'])); if ($cp_data['page_keywords'] !== "") { set_meta("keywords", $cp_data['page_keywords']); } $info['title'] = $cp_data['page_title']; ob_start(); if (fusion_get_settings("allow_php_exe")) { eval("?>" . stripslashes($cp_data['page_content']) . "<?php "); } else { echo "<p>" . parse_textarea($cp_data['page_content']) . "</p>\n"; }
**********************************************/ if (!defined('CPG_NUKE')) { exit; } $cpg_dir = 'coppermine'; // without this, we get redirected to $referer/file=install ?? $pagetitle .= _SEARCH; require_once 'header.php'; require_once 'includes/nbbcode.php'; // Create an array of active modules with search.inc capabilities. $modlist = array(); $handle = opendir('modules'); while ($file = readdir($handle)) { if (is_dir('modules/' . $file) && file_exists("modules/{$file}/search.inc") && is_active($file)) { list($name, $view) = $db->sql_ufetchrow("SELECT custom_title,view FROM " . $prefix . "_modules WHERE title='" . $file . "'"); if ($view == 0 || $view == 1 && is_user() || $view == 3 && !is_user() || can_admin() || $view > 3 && in_group($view - 3)) { include_once "modules/{$file}/search.inc"; $sclass = $file . '_search'; if (class_exists($sclass)) { $modlist[$file]['search_class'] = $sclass; $modlist[$file]['module'] = $file; $modlist[$file]['title'] = $name != '' ? $name : $file; } } } } asort($modlist); if (!isset($_POST['search']) && !isset($_GET['search'])) { $topicimage = 'AllTopics.gif'; $topicimage = (file_exists("themes/{$CPG_SESS['theme']}/images/topics/{$topicimage}") ? "themes/{$CPG_SESS['theme']}/" : '') . "images/topics/{$topicimage}"; OpenTable();
public static function query_customPage($id = null) { $result = dbquery("\n SELECT cp.*, link.link_id, link.link_order\n FROM " . DB_CUSTOM_PAGES . " cp\n LEFT JOIN " . DB_SITE_LINKS . " link on (cp.page_link_cat = link.link_cat AND " . in_group("link.link_url", "viewpage.php?page_id=") . "\n AND " . in_group("link.link_url", "cp.page_id") . ")\n " . ($id !== NULL && isnum($id) ? " WHERE page_id= '" . intval($id) . "' " : "") . "\n "); return $result; }
the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA **************************************************************************/ $monthnums = array("January" => 1, "February" => 2, "March" => 3, "April" => 4, "May" => 5, "June" => 6, "July" => 7, "August" => 8, "September" => 9, "October" => 10, "November" => 11, "December" => 12); $sql = $data->select_query("calendar_items", "WHERE startdate > {$timestamp} ORDER BY startdate ASC"); $nextevent = array(); while ($temp = $data->fetch_array($sql)) { $groups = unserialize($temp['groups']); if (is_array($groups)) { $allowed = in_group($groups); } else { $allowed = true; } if ($allowed) { $temp['detail'] = truncate(strip_tags($temp['detail']), 150); $nextevent[] = $temp; } if (count($nextevent) >= $config['numsidebox']) { break; } } $tpl->assign("nextevent", $nextevent);
} else { $numteams = 0; } $post['topics'] = unserialize($post['topics']); $post['related'] = unserialize($post['related']); $tpl->assign('numevents', $numevents); $tpl->assign('event', $event); $tpl->assign('numalbum', $numalbum); $tpl->assign('albums', $albums); $tpl->assign("post", $post); $result = $data->select_query("articletopics", "ORDER BY title ASC", "id, title, groups"); $numtopics = 0; $topics = array(); while ($temp = $data->fetch_array($result)) { $topicgroups = unserialize($temp['groups']); if (in_group($topicgroups)) { $topics[] = $temp; $numtopics++; } } $article = $data->select_fetch_all_rows($numarticles, "patrol_articles", "WHERE allowed=1 AND trash=0 AND ID != {$safe_id} ORDER BY title ASC"); $tpl->assign('numarticles', $numarticles); $tpl->assign('article', $article); $tpl->assign('numarticles', $numarticles); $tpl->assign('article', $article); $tpl->assign('numtopics', $numtopics); $tpl->assign('topics', $topics); $scriptList['tinyAdv'] = 1; $submit = $_POST["Submit"]; if ($submit == "Submit") { if (validate($_POST['validation'])) {
function form_selected_group($item, $s) { if (in_group($s, $item) == TRUE) { $out = ' selected '; return $out; } }
function mod_prj() { require_once _base_ . '/lib/lib.form.php'; $form = new Form(); $out =& $GLOBALS['page']; $out->setWorkingZone('content'); $lang =& DoceboLanguage::createInstance('project', "lms"); // Controllo che l'utente non cerchi di entrare in progetti a cui non e' iscritto. $id = $_GET["id"]; $myprj = user_projects(Docebo::user()->getIdSt()); $view_perm = checkPerm('mod', true); if ($view_perm && in_array($id, $myprj) && is_owner(Docebo::user()->getIdSt(), $id)) { //area title $out->add(getTitleArea($lang->def("_PROJECT_MANAGER"), "project")); $out->add('<div class="std_block">'); if (isset($_POST["applychanges"]) && $_POST["ptitle"] != "") { $err = ""; $ptitle = isset($_POST["ptitle"]) ? $_POST["ptitle"] : ""; $pgroup = $_POST["pgroup"]; $old_pgroup = $_POST["old_pgroup"]; $psfiles = isset($_POST["psfiles"]) ? $_POST["psfiles"] : 0; $pstasks = isset($_POST["pstasks"]) ? $_POST["pstasks"] : 0; $psnews = isset($_POST["psnews"]) ? $_POST["psnews"] : 0; $pstodo = isset($_POST["pstodo"]) ? $_POST["pstodo"] : 0; $psmsg = isset($_POST["psmsg"]) ? $_POST["psmsg"] : 0; $qtxt = "UPDATE " . $GLOBALS["prefix_lms"] . "_prj SET ptitle='{$ptitle}',psfiles='{$psfiles}',"; $qtxt .= "pstasks='{$pstasks}',psnews='{$psnews}',pstodo='{$pstodo}',psmsg='{$psmsg}' "; if ($pgroup != $old_pgroup) { if (in_group(getLogUserId(), $pgroup)) { // Removing all admins: $pgroup_qtxt = "DELETE FROM " . $GLOBALS["prefix_lms"] . "_prj_users "; $pgroup_qtxt .= "WHERE flag='1' AND pid='" . $id . "'"; $q = sql_query($pgroup_qtxt); if ($q) { $qtxt .= ",pgroup='" . $pgroup . "' "; } } else { $err = $lang->def("_PRJNOVALIDGROUP"); } } $qtxt .= "WHERE id='{$id}' LIMIT 1"; if (empty($err)) { $q = sql_query($qtxt); if ($q) { //$out->add(getResultUi($lang->def('_OPERATION_SUCCESSFUL'))); Util::jump_to("index.php?modname=project&op=project"); } } else { $out->add(getErrorUi($err)); } } //$out->add("<div class=\"alignRight\"><a class=\"back_comand\" href=\"index.php?modname=project&op=project\">".$lang->def("_BACK")."</a></div>\n"); $query = sql_query("SELECT * FROM " . $GLOBALS["prefix_lms"] . "_prj WHERE id='{$id}';"); if ($query && mysql_num_rows($query) > 0) { $row = mysql_fetch_array($query); } $group_arr = getGroupsForProject($lang); $url = "index.php?modname=project&op=project"; $out->add(getBackUi($url, $lang->def('_BACK'))); $url = "index.php?modname=project&op=modprj&id=" . $id; $out->add($form->openForm("project_form", $url)); $out->add($form->openElementSpace()); $out->add($form->getTextfield($lang->def("_PTITLE"), "ptitle", "ptitle", 255, $row["ptitle"])); $out->add($form->getDropdown($lang->def("_PGROUP"), "pgroup", "pgroup", $group_arr, $row["pgroup"])); $out->add($form->getHidden("old_pgroup", "old_pgroup", $row["pgroup"])); // TODO: add a fieldset labeled _POPTIONS $out->add($form->getCheckbox($lang->def("_PSFILES"), "psfiles", "psfiles", 1, $row["psfiles"])); $out->add($form->getCheckbox($lang->def("_PSTASKS"), "pstasks", "pstasks", 1, $row["pstasks"])); $out->add($form->getCheckbox($lang->def("_PSNEWS"), "psnews", "psnews", 1, $row["psnews"])); $out->add($form->getCheckbox($lang->def("_PSTODO"), "pstodo", "pstodo", 1, $row["pstodo"])); $out->add($form->getCheckbox($lang->def("_PSMSG"), "psmsg", "psmsg", 1, $row["psmsg"])); $out->add($form->getHidden("applychanges", "applychanges", 1)); $out->add($form->closeElementSpace()); $out->add($form->openButtonSpace()); $out->add($form->getButton('save', 'save', $lang->def('_SAVE'))); $out->add($form->getButton('undo', 'undo', $lang->def('_UNDO'))); $out->add($form->closeButtonSpace()); $out->add($form->closeForm()); return 0; // OLD FORM: $out->add("<form method=\"post\" action=\"index.php?modname=project&op=modprj&id={$id}\">\n" . '<input type="hidden" id="authentic_request_prj" name="authentic_request" value="' . Util::getSignature() . '" />'); $out->add("<table>\n"); $out->add("<tr><td><b>" . $lang->def("_PTITLE") . "</b>:\n"); $out->add("</td><td><input type=\"text\" id=\"ptitle\" name=\"ptitle\" size=\"40\" value=\"" . $row["ptitle"] . "\" />\n"); $out->add("</td></tr>\n"); $out->add("<tr><td style=\"vertical-align: top;\"><b>" . $lang->def("_POPTIONS") . ":</b>\n"); $out->add("</td><td>\n"); if ($row["psfiles"]) { $chk = " checked"; } else { $chk = ""; } $out->add("<input type=\"checkbox\" id=\"psfiles\" name=\"psfiles\" value=\"1\"{$chk} />" . $lang->def("_PSFILES") . "<br />\n"); if ($row["pstasks"]) { $chk = " checked"; } else { $chk = ""; } $out->add("<input type=\"checkbox\" id=\"pstasks\" name=\"pstasks\" value=\"1\"{$chk} />" . $lang->def("_PSTASKS") . "<br />\n"); if ($row["psnews"]) { $chk = " checked"; } else { $chk = ""; } $out->add("<input type=\"checkbox\" id=\"psnews\" name=\"psnews\" value=\"1\"{$chk} />" . $lang->def("_PSNEWS") . "<br />\n"); if ($row["pstodo"]) { $chk = " checked"; } else { $chk = ""; } $out->add("<input type=\"checkbox\" id=\"pstodo\" name=\"pstodo\" value=\"1\"{$chk} />" . $lang->def("_PSTODO") . "<br />\n"); if ($row["psmsg"]) { $chk = " checked"; } else { $chk = ""; } $out->add("<input type=\"checkbox\" id=\"psmsg\" name=\"psmsg\" value=\"1\"{$chk} />" . $lang->def("_PSMSG") . "<br />\n"); $out->add("</td></tr>\n"); $out->add("</table><br />\n"); $out->add("<input type=\"hidden\" id=\"applychanges\" name=\"applychanges\" value=\"1\" />\n"); $out->add("<input class=\"button\" type=\"submit\" value=\"" . $lang->def("_SAVE") . "\" />\n"); $out->add("</form>\n"); $out->add('</div>'); } else { die("You can't access"); } }
function admin_login() { $this->layout = 'admin'; //$this->Auth->autoRedirect = false; if ($this->Auth->user()) { $groups = $this->Session->read('Groups'); //debug($groups); //die; if (!in_group('Admin', $groups) || !in_group('Moderator', $groups)) { $this->Session->del('Auth'); $this->Session->del('Permissions'); $this->Session->del('Groups'); $this->Session->setFlash('You do not have permission to access the administration.'); $this->redirect(array('admin' => false, 'controller' => 'users', 'action' => 'login')); } $this->redirect('/admin/posts'); } }
function article_listing() { global $aidlink, $locale; global $aidlink, $locale; // Remodel display results into straight view instead category container sorting. // consistently monitor sql results rendertime. -- Do not Surpass 0.15 // all blog are uncategorized by default unless specified. $limit = 15; $total_rows = dbcount("(article_id)", DB_ARTICLES, multilang_table("AR") ? "article_language='" . LANGUAGE . "'" : ""); $rowstart = isset($_GET['rowstart']) && $_GET['rowstart'] <= $total_rows ? $_GET['rowstart'] : 0; // add a filter browser $catOpts = array("all" => $locale['articles_0023']); $categories = dbquery("select article_cat_id, article_cat_name\n\t\t\t\tfrom " . DB_ARTICLE_CATS . " " . (multilang_table("AR") ? "where article_cat_language='" . LANGUAGE . "'" : "") . ""); if (dbrows($categories) > 0) { while ($cat_data = dbarray($categories)) { $catOpts[$cat_data['article_cat_id']] = $cat_data['article_cat_name']; } } // prevent xss $catFilter = ""; if (isset($_GET['filter_cid']) && isnum($_GET['filter_cid']) && isset($catOpts[$_GET['filter_cid']])) { if ($_GET['filter_cid'] > 0) { $catFilter = "and " . in_group("article_cat", intval($_GET['filter_cid'])); } } $langFilter = multilang_table("AR") ? "article_language='" . LANGUAGE . "'" : ""; if ($catFilter && $langFilter) { $filter = $catFilter . " AND " . $langFilter; } else { $filter = $catFilter . $langFilter; } $result = dbquery("\n\tSELECT a.article_id, a.article_cat, a.article_subject, a.article_snippet, a.article_draft,\n\tcat.article_cat_id, cat.article_cat_name\n\tFROM " . DB_ARTICLES . " a\n\tLEFT JOIN " . DB_ARTICLE_CATS . " cat on cat.article_cat_id=a.article_cat\n\t" . ($filter ? "WHERE " . $filter : "") . "\n\tORDER BY article_draft DESC, article_datestamp DESC LIMIT {$rowstart}, {$limit}\n\t"); $rows = dbrows($result); echo "<div class='clearfix'>\n"; echo "<span class='pull-right m-t-10'>" . sprintf($locale['articles_0024'], $rows, $total_rows) . "</span>\n"; if (!empty($catOpts) > 0 && $total_rows > 0) { echo "<div class='pull-left m-t-5 m-r-10'>" . $locale['articles_0025'] . "</div>\n"; echo "<div class='dropdown pull-left m-r-10' style='position:relative'>\n"; echo "<a class='dropdown-toggle btn btn-default btn-sm' style='width: 200px;' data-toggle='dropdown'>\n<strong>\n"; if (isset($_GET['filter_cid']) && isset($catOpts[$_GET['filter_cid']])) { echo $catOpts[$_GET['filter_cid']]; } else { echo $locale['articles_0026']; } echo " <span class='caret'></span></strong>\n</a>\n"; echo "<ul class='dropdown-menu' style='max-height:180px; width:200px; overflow-y: scroll'>\n"; foreach ($catOpts as $catID => $catName) { $active = isset($_GET['filter_cid']) && $_GET['filter_cid'] == $catID ? TRUE : FALSE; echo "<li" . ($active ? " class='active'" : "") . ">\n<a class='text-smaller' href='" . clean_request("filter_cid=" . $catID, array("section", "rowstart", "aid"), TRUE) . "'>\n"; echo $catName; echo "</a>\n</li>\n"; } echo "</ul>\n"; echo "</div>\n"; } if ($total_rows > $rows) { echo makepagenav($rowstart, $limit, $total_rows, $limit, clean_request("", array("aid", "section"), TRUE) . "&"); } echo "</div>\n"; echo "<ul class='list-group m-10'>\n"; if ($rows > 0) { while ($data2 = dbarray($result)) { echo "<li class='list-group-item'>\n"; echo "<div class='clearfix'>\n"; echo "<div class='m-b-10 pull-right'><strong>" . $locale['articles_0340'] . ":</strong>\n"; echo "<a class='display-inline-block badge' style='width:auto;' href='" . FUSION_SELF . $aidlink . "&action=edit&cat_id=" . $data2['article_cat_id'] . "&section=article_category'>"; echo $data2['article_cat_name']; echo "</a>"; echo "</div>\n"; echo "<span class='strong text-dark'>" . $data2['article_subject'] . "</span>\n"; echo "</div>\n"; $articleText = strip_tags(parse_textarea($data2['article_snippet'])); echo fusion_first_words($articleText, '50'); echo "<div class='block m-t-10'>\n\t\t\t<a href='" . FUSION_SELF . $aidlink . "&action=edit&section=article_form&article_id=" . $data2['article_id'] . "'>" . $locale['edit'] . "</a> -\n"; echo "<a href='" . FUSION_SELF . $aidlink . "&action=delete&section=article&article_id=" . $data2['article_id'] . "'\n\t\t\tonclick=\"return confirm('" . $locale['articles_0251'] . "');\">" . $locale['delete'] . "</a>\n"; echo "</div>\n"; echo "</li>\n"; } } else { echo "<div class='panel-body text-center'>\n"; echo $locale['articles_0343']; echo "</div>\n"; } echo "</ul>\n"; if ($total_rows > $rows) { echo makepagenav($rowstart, $limit, $total_rows, $limit, clean_request("", array("aid", "section"), TRUE) . "&"); } }
$Source: /cvs/html/modules/Your_Account/blocks/groups.php,v $ $Revision: 9.10 $ $Author: estlane $ $Date: 2009/10/14 18:56:07 $ **********************************************/ if (!defined('CPG_NUKE')) { exit; } if (is_user()) { // Group Memberships $result = $db->sql_query('SELECT ug.group_id, g.group_name, g.group_type FROM ' . $prefix . '_bbuser_group ug INNER JOIN ' . $prefix . '_bbgroups g ON (g.group_id = ug.group_id AND g.group_single_user = 0) WHERE ug.user_pending = 0 AND ug.user_id = ' . intval($userinfo['user_id'])); if ($db->sql_numrows($result)) { $g = array(); while ($row = $db->sql_fetchrow($result, SQL_NUM)) { if ($row[2] == 2 && (!in_group($row[0]) && !can_admin())) { continue; } else { $g[$row[0]] = $row[1]; } } if (count($g)) { $cpgtpl->assign_vars(array('GROUPS_TITLE' => $userinfo['username'] . '\'s ' . _MEMBERGROUPS)); foreach ($g as $gid => $gname) { $cpgtpl->assign_block_vars('group', array('URL' => URL::index('Groups&g=' . $gid), 'NAME' => $gname)); } $cpgtpl->set_handle('ya_block', 'your_account/blocks/groups.html'); $cpgtpl->display('ya_block'); } } }
private function allowed($view) { $view = intval($view); if (is_admin() || $view === 0 || $view === 1 && is_user() || $view === 3 && !is_user() || $view > 3 && in_group($view - 3)) { return true; } return; }
get_lang($module_name, -1); $showblocks = $module['blocks']; if ($module['custom_title'] != '') { $module_title = $module['custom_title']; } else { $module_title = defined('_' . $module_name . 'LANG') ? constant('_' . $module_name . 'LANG') : str_replace('_', ' ', $module_name); } $module_version = $module['version']; $module_id = $module['mid']; unset($module, $error); if ($view > 0 && !is_admin()) { if ($view == 1 && !is_user()) { $error = _MODULEUSERS . ($MAIN_CFG['member']['allowuserreg'] ? _MODULEUSERS2 : ''); } elseif ($view == 2) { $error = _MODULESADMINS; } elseif ($view > 3 && !in_group($view - 3)) { list($groupName) = $db->sql_ufetchrow('SELECT group_name FROM ' . $prefix . '_bbgroups WHERE group_id=' . ($view - 3)); $error = '<i>' . $groupName . '</i> ' . _MODULESGROUPS; } } if (isset($error)) { cpg_error('<br /><br /><strong>' . _RESTRICTEDAREA . '</strong><br /><br />' . $error, 401); } else { include $modpath; } } else { cpg_error('<br /><br />' . _MODULENOTACTIVE, 503); } } else { // index.php if ($SESS->new) {
/** * Blog Listing HTML */ function blog_listing() { global $aidlink, $locale; // Remodel display results into straight view instead category container sorting. // consistently monitor sql results rendertime. -- Do not Surpass 0.15 // all blog are uncategorized by default unless specified. $limit = 15; $total_rows = dbcount("(blog_id)", DB_BLOG, multilang_table("BL") ? "blog_language='" . LANGUAGE . "'" : ""); $rowstart = isset($_GET['rowstart']) && $_GET['rowstart'] <= $total_rows ? $_GET['rowstart'] : 0; // add a filter browser $catOpts = array("all" => $locale['blog_0460'], "0" => $locale['blog_0424']); $categories = dbquery("select blog_cat_id, blog_cat_name\n\t\t\t\tfrom " . DB_BLOG_CATS . " " . (multilang_table("BL") ? "where blog_cat_language='" . LANGUAGE . "'" : "") . ""); if (dbrows($categories) > 0) { while ($cat_data = dbarray($categories)) { $catOpts[$cat_data['blog_cat_id']] = $cat_data['blog_cat_name']; } } // prevent xss $catFilter = ""; if (isset($_GET['filter_cid']) && isnum($_GET['filter_cid']) && isset($catOpts[$_GET['filter_cid']])) { if ($_GET['filter_cid'] > 0) { $catFilter = "and " . in_group("blog_cat", intval($_GET['filter_cid'])); } } $langFilter = multilang_table("BL") ? "blog_language='" . LANGUAGE . "'" : ""; if ($catFilter && $langFilter) { $filter = $catFilter . " AND " . $langFilter; } else { $filter = $catFilter . $langFilter; } $result = dbquery("\n\tSELECT blog_id, blog_cat, blog_subject, blog_image, blog_image_t1, blog_image_t2, blog_blog, blog_draft\n\tFROM " . DB_BLOG . "\n\t" . ($filter ? "WHERE " . $filter : "") . "\n\tORDER BY blog_draft DESC, blog_sticky DESC, blog_datestamp DESC LIMIT {$rowstart}, {$limit}\n\t"); $rows = dbrows($result); echo "<div class='clearfix'>\n"; echo "<span class='pull-right m-t-10'>" . sprintf($locale['blog_0408'], $rows, $total_rows) . "</span>\n"; if (!empty($catOpts) > 0 && $total_rows > 0) { echo "<div class='pull-left m-t-5 m-r-10'>" . $locale['blog_0458'] . "</div>\n"; echo "<div class='dropdown pull-left m-r-10' style='position:relative'>\n"; echo "<a class='dropdown-toggle btn btn-default btn-sm' style='width: 200px;' data-toggle='dropdown'>\n<strong>\n"; if (isset($_GET['filter_cid']) && isset($catOpts[$_GET['filter_cid']])) { echo $catOpts[$_GET['filter_cid']]; } else { echo $locale['blog_0459']; } echo " <span class='caret'></span></strong>\n</a>\n"; echo "<ul class='dropdown-menu' style='max-height:180px; width:200px; overflow-y: scroll'>\n"; foreach ($catOpts as $catID => $catName) { $active = isset($_GET['filter_cid']) && $_GET['filter_cid'] == $catID ? true : false; echo "<li" . ($active ? " class='active'" : "") . ">\n<a class='text-smaller' href='" . clean_request("filter_cid=" . $catID, array("section", "rowstart", "aid"), true) . "'>\n"; echo $catName; echo "</a>\n</li>\n"; } echo "</ul>\n"; echo "</div>\n"; } if ($total_rows > $rows) { echo makepagenav($rowstart, $limit, $total_rows, $limit, clean_request("", array("aid", "section"), true) . "&"); } echo "</div>\n"; echo "<ul class='list-group m-10'>\n"; if ($rows > 0) { while ($data2 = dbarray($result)) { echo "<li class='list-group-item'>\n"; echo "<div class='pull-left m-r-10'>\n"; $image_thumb = get_blog_image_path($data2['blog_image'], $data2['blog_image_t1'], $data2['blog_image_t2']); if (!$image_thumb) { $image_thumb = IMAGES . "imagenotfound70.jpg"; } echo thumbnail($image_thumb, '70px'); echo "</div>\n"; echo "<div class='overflow-hide'>\n"; echo "<div><span class='strong text-dark'>" . $data2['blog_subject'] . "</span><br/>\n"; if (!empty($data2['blog_cat'])) { $blog_cat = str_replace(".", ",", $data2['blog_cat']); $result2 = dbquery("SELECT blog_cat_id, blog_cat_name\n from " . DB_BLOG_CATS . " WHERE blog_cat_id in ({$blog_cat})\n "); $rows2 = dbrows($result2); if ($rows2 > 0) { echo "<div class='m-b-10'><strong>" . $locale['blog_0407'] . ": </strong>\n"; $i = 1; while ($cdata = dbarray($result2)) { echo "<a href='" . FUSION_SELF . $aidlink . "&action=edit&cat_id=" . $cdata['blog_cat_id'] . "&section=blog_category'>"; echo $cdata['blog_cat_name']; echo "</a>"; echo $i == $rows2 ? "" : ", "; $i++; } echo "</div>\n"; } echo "</div>\n"; } $blogText = strip_tags(parse_textarea($data2['blog_blog'])); echo fusion_first_words($blogText, '50'); echo "<div class='block m-t-10'><a href='" . FUSION_SELF . $aidlink . "&action=edit&section=blog_form&blog_id=" . $data2['blog_id'] . "'>" . $locale['blog_0420'] . "</a> -\n"; echo "<a href='" . FUSION_SELF . $aidlink . "&action=delete&section=blog_form&blog_id=" . $data2['blog_id'] . "' onclick=\"return confirm('" . $locale['blog_0451'] . "');\">" . $locale['blog_0421'] . "</a>\n"; echo "</div>\n</div>\n"; echo "</li>\n"; } } else { echo "<div class='panel-body text-center'>\n"; echo $locale['blog_0456']; echo "</div>\n"; } echo "</ul>\n"; if ($total_rows > $rows) { echo makepagenav($rowstart, $limit, $total_rows, $limit, clean_request("", array("aid", "section"), true) . "&"); } }
public function cache_tags() { $tag_query = "SELECT * FROM " . DB_FORUM_TAGS . " WHERE tag_status=1\n " . (multilang_table("FO") ? "AND tag_language='" . LANGUAGE . "'" : "") . "\n ORDER BY tag_title ASC"; $tag_result = dbquery($tag_query); if (dbrows($tag_result) > 0) { while ($data = dbarray($tag_result)) { $data['tag_link'] = FORUM . "tags.php?tag_id=" . $data['tag_id']; $data['tag_active'] = isset($_GET['viewtags']) && isset($_GET['tag_id']) && $_GET['tag_id'] == $data['tag_id'] ? TRUE : FALSE; $this->tag_info['tags'][$data['tag_id']] = $data; $thread_query = "SELECT * FROM " . DB_FORUM_THREADS . " WHERE " . in_group('thread_tags', $data['tag_id']) . " ORDER BY thread_lastpost DESC LIMIT 1"; $thread_result = dbquery($thread_query); $thread_rows = dbrows($thread_result); if ($thread_rows > 0) { $tData = dbarray($thread_result); $this->tag_info['tags'][$data['tag_id']]['threads'] = $tData; } } // More $this->tag_info['tags'][0] = array('tag_id' => 0, 'tag_link' => FORUM . "tags.php", 'tag_title' => fusion_get_locale("global_700") . "…", 'tag_active' => '', 'tag_color' => ''); } }
$author_res = dbresult(dbquery("SELECT user_name FROM " . DB_USERS . " WHERE user_id='" . intval($_GET['author']) . "'"), 0); add_breadcrumb(array('link' => INFUSIONS . "blog/blog.php?author=" . $_GET['author'], 'title' => $locale['global_070'] . $author_res)); if (isset($_GET['type']) && isset($info['allowed_filters'][$_GET['type']])) { add_breadcrumb(array("link" => clean_request("", array("author"), true), "title" => $info['allowed_filters'][$_GET['type']])); } $result = dbquery("SELECT tn.*,\n\t\t\ttu.user_id, tu.user_name, tu.user_status, tu.user_avatar , tu.user_level, tu.user_joined,\n\t\t\tSUM(tr.rating_vote) 'sum_rating',\n\t\t\tCOUNT(tr.rating_item_id) 'count_votes',\n\t\t\tCOUNT(td.comment_item_id) 'count_comment',\n\t\t\tmax(tn.blog_datestamp) as last_updated\n\t\t\tFROM " . DB_BLOG . " tn\n\t\t\tinner join " . DB_USERS . " tu on tn.blog_name=tu.user_id\n\t\t\tleft join " . DB_RATINGS . " tr on tr.rating_item_id = tn.blog_id AND tr.rating_type='B'\n\t\t\tleft join " . DB_COMMENTS . " td on td.comment_item_id = tn.blog_id AND td.comment_type='B' AND td.comment_hidden='0'\n\t\t\t" . (multilang_table("BL") ? "WHERE blog_language='" . LANGUAGE . "' AND" : "WHERE") . " " . groupaccess('blog_visibility') . "\n\t\t\tand (blog_start='0'||blog_start<=" . time() . ") and (blog_end='0'||blog_end>=" . time() . ") AND blog_draft='0' AND blog_name='" . intval($_GET['author']) . "'\n\t\t\tGROUP BY blog_id\n\t\t\tORDER BY blog_sticky DESC, " . $filter_condition . " LIMIT " . $_GET['rowstart'] . "," . $blog_settings['blog_pagination']); $info['blog_rows'] = dbrows($result); } } elseif (isset($_GET['cat_id']) && validate_blogCats($_GET['cat_id'])) { $catFilter = "and blog_cat =''"; if ($_GET['cat_id'] > 0) { $res = dbarray(dbquery("SELECT blog_cat_id, blog_cat_name FROM " . DB_BLOG_CATS . " WHERE blog_cat_id='" . intval($_GET['cat_id']) . "'")); add_breadcrumb(array('link' => INFUSIONS . "blog/blog.php?cat_id=" . $_GET['cat_id'], 'title' => $res['blog_cat_name'])); add_to_title($locale['global_201'] . $res['blog_cat_name']); $info['blog_title'] = $res['blog_cat_name']; $catFilter = "and " . in_group("blog_cat", intval($_GET['cat_id'])); } else { add_breadcrumb(array('link' => INFUSIONS . "blog/blog.php?cat_id=" . $_GET['cat_id'], 'title' => $locale['global_080'])); add_to_title($locale['global_201'] . $locale['global_080']); $info['blog_title'] = $locale['global_080']; } if (isset($_GET['type']) && isset($info['allowed_filters'][$_GET['type']])) { add_breadcrumb(array("link" => INFUSIONS . "blog/blog.php?cat_id=" . $_GET['cat_id'] . "&type=" . $_GET['type'], "title" => $info['allowed_filters'][$_GET['type']])); } $info['blog_max_rows'] = dbrows(dbquery("select blog_id from " . DB_BLOG . "\n\t\t\t" . (multilang_table("BL") ? "WHERE blog_language='" . LANGUAGE . "' and " : "where") . " " . groupaccess("blog_visibility") . "\n\t\t\tand (blog_start='0'||blog_start<=" . time() . ") and (blog_end='0'||blog_end>=" . time() . ") and blog_draft='0'\n\t\t\t" . $catFilter . "\n\t\t\t")); //xss $_GET['rowstart'] = isset($_GET['rowstart']) && isnum($_GET['rowstart']) && $_GET['rowstart'] <= $info['blog_max_rows'] ? $_GET['rowstart'] : 0; if ($info['blog_max_rows']) { $result = dbquery("\n\t\t\tSELECT tn.*, tc.*, IF(tn.blog_cat = 0, '" . $locale['global_080'] . "', blog_cat_name) as blog_cat_name,\n\t\t\ttu.user_id, tu.user_name, tu.user_status, tu.user_avatar , tu.user_level, tu.user_joined,\n\t\t\tIF(SUM(tr.rating_vote)>0, SUM(tr.rating_vote), 0) AS sum_rating,\n\t\t\tCOUNT(tr.rating_item_id) AS count_votes,\n\t\t\tCOUNT(td.comment_item_id) AS count_comment,\n\t\t\tmax(tn.blog_datestamp) as last_updated\n\t\t\tFROM " . DB_BLOG . " tn\n\t\t\tLEFT JOIN " . DB_USERS . " tu ON tn.blog_name=tu.user_id\n\t\t\tLEFT JOIN " . DB_BLOG_CATS . " tc ON tn.blog_cat=tc.blog_cat_id\n\t\t\tLEFT JOIN " . DB_RATINGS . " tr ON tr.rating_item_id = tn.blog_id AND tr.rating_type='B'\n\t\t\tLEFT JOIN " . DB_COMMENTS . " td ON td.comment_item_id = tn.blog_id AND td.comment_type='B' AND td.comment_hidden='0'\n\t\t\t" . (multilang_table("BL") ? "WHERE blog_language='" . LANGUAGE . "' AND" : "WHERE") . " " . groupaccess('blog_visibility') . "\n\t\t\t" . $catFilter . "\n\t\t\tAND (blog_start='0'||blog_start<=" . time() . ") AND (blog_end='0'||blog_end>=" . time() . ")\n\t\t\tAND blog_draft='0'\n\t\t\tGROUP BY tn.blog_id\n\t\t\tORDER BY blog_sticky DESC, " . $filter_condition . " LIMIT " . intval($_GET['rowstart']) . "," . intval($blog_settings['blog_pagination'])); $info['blog_rows'] = dbrows($result); }
$data['work'] .= ' <tr> <td id="blank" colspan="2"> </td> <td id="blank"><font color="[color_err]">Der User ist UrAdmin, sein Status<br /> kann nicht geänder werden</font></td> </tr>'; } $data['work'] .= ' <tr> <td id="blank" style="width:250px; vertical-align:top"><b>Usergruppen</b></td> <td id="blank"> </td> <td id="blank"> <select id="tab" name="groupids[]" size="5" style="width:100px" multiple>'; $r_group = db_query("SELECT\n name,\n groupid\n FROM " . $pref . "group ORDER BY groupid ASC"); while ($group = db_result($r_group)) { $data['work'] .= '<option value="' . $group['groupid'] . '"' . (in_group($user['groupids'], $group['groupid']) ? ' selected' : '') . '>' . $group['name'] . '</option>'; } $data['work'] .= ' </select> </td> </tr>'; foreach ($user_edit as $key => $value) { $data['work'] .= ' <tr> <td id="blank" style="width:250px; vertical-align:top"><b>' . $value[0] . '</b><br /><font size="1">' . $value[1] . '</font></td> <td id="blank"> </td><td id="blank" style="vertical-align:top">'; switch ($value[2]) { case 1: $data['work'] .= '<input type="text" size="10" name="user[' . $key . ']" value="' . $user[$key] . '" id="border-tab"/>'; break; case 2:
public function allow($check = false) { if (self::$is_home || 'Your_Account' === $this->name || in_array($this->name, self::$allow_access)) { return true; } if (!$this->active && !can_admin($this->name)) { $error = sprintf(_MODULENOEXIST, ''); } elseif (1 === $this->view && !is_user()) { global $MAIN_CFG; $error = _MODULEUSERS . ($MAIN_CFG['member']['allowuserreg'] ? _MODULEUSERS2 : ''); } elseif (2 === $this->view && !can_admin($this->name)) { $error = _MODULESADMINS; } elseif (3 < $this->view && !in_group($this->view - 3)) { global $db, $prefix; list($groupName) = $db->sql_ufetchrow('SELECT group_name FROM ' . $prefix . '_bbgroups WHERE group_id=' . ($this->view - 3)); $error = '<i>' . $groupName . '</i> ' . _MODULESGROUPS; } if (isset($error)) { if ($check) { return $error; } cpg_error($error, E_USER_ERROR); } return true; }
/** * @brief Returns array of channels which have recursive permission for a file * * @param $arr_allow_cid * @param $arr_allow_gid * @param $arr_deny_cid * @param $arr_deny_gid * @param $folder_hash */ function recursive_activity_recipients($arr_allow_cid, $arr_allow_gid, $arr_deny_cid, $arr_deny_gid, $folder_hash) { $ret = array(); $parent_arr = array(); $count_values = array(); $poster = get_app()->get_observer(); //turn allow_gid into allow_cid's foreach ($arr_allow_gid as $gid) { $in_group = in_group($gid); $arr_allow_cid = array_unique(array_merge($arr_allow_cid, $in_group)); } $count = 0; while ($folder_hash) { $x = q("SELECT allow_cid, allow_gid, deny_cid, deny_gid, folder FROM attach WHERE hash = '%s' LIMIT 1", dbesc($folder_hash)); //only process private folders if ($x[0]['allow_cid'] || $x[0]['allow_gid'] || $x[0]['deny_cid'] || $x[0]['deny_gid']) { $parent_arr['allow_cid'][] = expand_acl($x[0]['allow_cid']); $parent_arr['allow_gid'][] = expand_acl($x[0]['allow_gid']); /** * @TODO should find a much better solution for the allow_cid <-> allow_gid problem. * Do not use allow_gid for now. Instead lookup the members of the group directly and add them to allow_cid. * */ if ($parent_arr['allow_gid']) { foreach ($parent_arr['allow_gid'][$count] as $gid) { $in_group = in_group($gid); $parent_arr['allow_cid'][$count] = array_unique(array_merge($parent_arr['allow_cid'][$count], $in_group)); } } $parent_arr['deny_cid'][] = expand_acl($x[0]['deny_cid']); $parent_arr['deny_gid'][] = expand_acl($x[0]['deny_gid']); $count++; } $folder_hash = $x[0]['folder']; } //if none of the parent folders is private just return file perms if (!$parent_arr['allow_cid'] && !$parent_arr['allow_gid'] && !$parent_arr['deny_cid'] && !$parent_arr['deny_gid']) { $ret['allow_gid'] = $arr_allow_gid; $ret['allow_cid'] = $arr_allow_cid; $ret['deny_gid'] = $arr_deny_gid; $ret['deny_cid'] = $arr_deny_cid; return $ret; } //if there are no perms on the file we get them from the first parent folder if (!$arr_allow_cid && !$arr_allow_gid && !$arr_deny_cid && !$arr_deny_gid) { $arr_allow_cid = $parent_arr['allow_cid'][0]; $arr_allow_gid = $parent_arr['allow_gid'][0]; $arr_deny_cid = $parent_arr['deny_cid'][0]; $arr_deny_gid = $parent_arr['deny_gid'][0]; } //allow_cid $r_arr_allow_cid = false; foreach ($parent_arr['allow_cid'] as $folder_arr_allow_cid) { foreach ($folder_arr_allow_cid as $ac_hash) { $count_values[$ac_hash]++; } } foreach ($arr_allow_cid as $fac_hash) { if ($count_values[$fac_hash] == $count) { $r_arr_allow_cid[] = $fac_hash; } } //allow_gid $r_arr_allow_gid = false; foreach ($parent_arr['allow_gid'] as $folder_arr_allow_gid) { foreach ($folder_arr_allow_gid as $ag_hash) { $count_values[$ag_hash]++; } } foreach ($arr_allow_gid as $fag_hash) { if ($count_values[$fag_hash] == $count) { $r_arr_allow_gid[] = $fag_hash; } } //deny_gid foreach ($parent_arr['deny_gid'] as $folder_arr_deny_gid) { $r_arr_deny_gid = array_merge($arr_deny_gid, $folder_arr_deny_gid); } $r_arr_deny_gid = array_unique($r_arr_deny_gid); //deny_cid foreach ($parent_arr['deny_cid'] as $folder_arr_deny_cid) { $r_arr_deny_cid = array_merge($arr_deny_cid, $folder_arr_deny_cid); } $r_arr_deny_cid = array_unique($r_arr_deny_cid); //if none is allowed restrict to self if ($r_arr_allow_gid === false && $r_arr_allow_cid === false) { $ret['allow_cid'] = $poster['xchan_hash']; } else { $ret['allow_gid'] = $r_arr_allow_gid; $ret['allow_cid'] = $r_arr_allow_cid; $ret['deny_gid'] = $r_arr_deny_gid; $ret['deny_cid'] = $r_arr_deny_cid; } return $ret; }
public static function send_pm($to, $from, $subject, $message, $smileys = 'y', $to_group = FALSE, $save_sent = TRUE) { include LOCALE . LOCALESET . "messages.php"; require_once INCLUDES . "sendmail_include.php"; require_once INCLUDES . "flood_include.php"; $strict = FALSE; $locale = array(); $group_name = getgroupname($to); $to = isnum($to) || !empty($group_name) ? $to : 0; $from = isnum($from) ? $from : 0; $smileys = preg_match("#(\\[code\\](.*?)\\[/code\\]|\\[geshi=(.*?)\\](.*?)\\[/geshi\\]|\\[php\\](.*?)\\[/php\\])#si", $message) ? "n" : $smileys; if (!$to_group) { // send to user $pmStatus = self::get_pm_settings($to); $myStatus = self::get_pm_settings($from); if (!flood_control("message_datestamp", DB_MESSAGES, "message_from='" . intval($from) . "'")) { // find receipient $result = dbquery("SELECT u.user_id, u.user_name, u.user_email, u.user_level,\n\t\t\t\tCOUNT(m.message_id) 'message_count'\n\t\t\t\tFROM " . DB_USERS . " u\n\t\t\t\tLEFT JOIN " . DB_MESSAGES . " m ON m.message_user=u.user_id and message_folder='0'\n\t\t\t\tWHERE u.user_id='" . intval($to) . "' GROUP BY u.user_id\n\t\t\t\t"); if (dbrows($result) > 0) { $data = dbarray($result); $result2 = dbquery("SELECT user_id, user_name FROM " . DB_USERS . " WHERE user_id='" . intval($from) . "'"); if (dbrows($result2) > 0) { $userdata = dbarray($result2); if ($to != $from) { if ($data['user_id'] == 1 || $data['user_level'] < USER_LEVEL_MEMBER || !$pmStatus['user_inbox'] || $data['message_count'] + 1 <= $pmStatus['user_inbox']) { $inputData = array("message_id" => 0, "message_to" => $to, "message_user" => $to, "message_from" => $from, "message_subject" => $subject, "message_message" => $message, "message_smileys" => $smileys, "message_read" => 0, "message_datestamp" => time(), "message_folder" => 0); dbquery_insert(DB_MESSAGES, $inputData, "save"); // this will flood the inbox when message is sent to group. -- fixed if ($myStatus['user_pm_save_sent'] == '2' && $save_sent == TRUE) { // user_outbox. $cdata = dbarray(dbquery("SELECT COUNT(message_id) AS outbox_count, MIN(message_id) AS last_message FROM\n\t\t\t\t\t\t\t\t\t" . DB_MESSAGES . " WHERE message_to='" . $userdata['user_id'] . "' AND message_user='******'user_id'] . "' AND message_folder='1' GROUP BY message_to")); // check my outbox limit and if surpass, remove oldest message if ($myStatus['user_outbox'] != "0" && $cdata['outbox_count'] + 1 > $myStatus['user_outbox']) { dbquery("DELETE FROM " . DB_MESSAGES . " WHERE message_id='" . $cdata['last_message'] . "' AND message_to='" . $userdata['user_id'] . "'"); } $inputData['message_user'] = $userdata['user_id']; $inputData['message_folder'] = 1; $inputData['message_from'] = $to; $inputData['message_to'] = $userdata['user_id']; dbquery_insert(DB_MESSAGES, $inputData, "save"); } $send_email = $pmStatus['user_pm_email_notify']; if ($send_email == "2") { $message_content = str_replace("[SUBJECT]", $subject, $locale['626']); $message_content = str_replace("[USER]", $userdata['user_name'], $message_content); $template_result = dbquery("SELECT template_key, template_active FROM " . DB_EMAIL_TEMPLATES . " WHERE template_key='PM' LIMIT 1"); if (dbrows($template_result)) { $template_data = dbarray($template_result); if ($template_data['template_active'] == "1") { sendemail_template("PM", $subject, trimlink($message, 150), $userdata['user_name'], $data['user_name'], "", $data['user_email']); } else { sendemail($data['user_name'], $data['user_email'], fusion_get_settings("siteusername"), fusion_get_settings("siteemail"), $locale['625'], $data['user_name'] . $message_content); } } else { sendemail($data['user_name'], $data['user_email'], fusion_get_settings("siteusername"), fusion_get_settings("siteemail"), $locale['625'], $data['user_name'] . $message_content); } } } else { // Inbox is full if ($strict) { die("User inbox is full. Try delete it or upgrade it to 102 or 103 status"); } \defender::stop(); addNotice("danger", $locale['628']); } } } else { // Sender does not exist in DB if ($strict) { die("Sender User ID does not exist in DB. Sequence Aborted."); } \defender::stop(); addNotice("danger", $locale['482']); } } else { \defender::stop(); if ($strict) { die("Message Recepient User ID is invalid"); } addNotice("danger", $locale['482']); } } else { if ($strict) { die("You are flooding, send_pm halted"); } \defender::stop(); addNotice("danger", sprintf($locale['487'], fusion_get_settings("flood_interval"))); } } else { $result = NULL; if ($to <= -101 && $to >= -103) { // -101, -102, -103 only $result = dbquery("SELECT user_id from " . DB_USERS . " WHERE user_level <='" . intval($to) . "' AND user_status='0'"); } else { // ## --- deprecate -- WHERE user_groups REGEXP('^\\\.{$to}$|\\\.{$to}\\\.|\\\.{$to}$') # $result = dbquery("SELECT user_id FROM " . DB_USERS . " WHERE " . in_group("user_groups", $to) . " AND user_status='0'"); } if (dbrows($result) > 0) { while ($data = dbarray($result)) { self::send_pm($data['user_id'], $from, $subject, $message, $smileys, FALSE, FALSE); } } else { \defender::stop(); addNotice("danger", $locale['492']); } } }
$numtopics++; } $submit = $_POST["Submit"]; if ($submit == "Submit") { $title = safesql($_POST['title'], "text"); $photo = safesql($_POST['photo'], "int"); $event = safesql($_POST['event'], "int"); $story = safesql($_POST['editor'], "text", false); $auth = safesql($_POST['auth'], "text"); $patrol = safesql($_POST['patrol'], "int"); $topics = $_POST['topics']; $pic = safesql($_POST['articlephoto'], "int"); $result = $data->select_query("articletopics", "ORDER BY title ASC", "id, groups"); $numtopics = 0; while ($temp = $data->fetch_array($result)) { if (in_group(unserialize($temp['groups'])) == false) { $topics[$temp['id']] = 1; } } $topics = safesql(serialize($topics), "text"); $order = safesql($_POST['order'], "int"); $summary = safesql($_POST['summary'], "text"); $related = safesql(serialize($_POST['articles']), "text"); if ($action == "edit") { $filename = safesql($filename, "text"); $sql = $data->update_query("patrol_articles", "patrol={$patrol}, title={$title}, detail={$story}, date_post={$timestamp}, album_id={$photo}, event_id={$event}, author={$auth}, pic={$pic}, topics={$topics}, `order`={$order}, summary={$summary}, related={$related}", "ID={$id}"); } elseif ($action == "new") { $filename = safesql($filename, "text"); $data->insert_query("patrol_articles", "'', {$patrol}, {$pic}, {$title}, {$story}, {$timestamp}, {$photo}, {$event}, {$auth}, 1, {$topics}, {$order}, {$summary}, {$related}, 0"); } if ($sql && $action == "edit") {
function confirm($type) { global $config; $confirm = true; switch ($type) { case 'article': $confirmtype = $config['confirmarticle']; break; case 'poll': $confirmtype = $config['confirmpoll']; break; case 'event': $confirmtype = $config['confirmevent']; break; case 'album': $confirmtype = $config['confirmalbum']; break; case 'download': $confirmtype = $config['confirmdownload']; break; case 'news': $confirmtype = $config['confirmnews']; break; case 'photo': $confirmtype = $config['confirmphoto']; break; case 'comment': $confirmtype = $config['confirmcomment']; break; } switch ($confirmtype) { case 2: $confirm = true; break; case 1: $confirm = !in_group($config['exclusion']); break; case 0: $confirm = false; break; } return $confirm; }