function message_box()
{
global $prefix, $MAIN_CFG, $currentlang, $db, $userinfo;
require_once CORE_PATH . 'nbbcode.php';
$query = $MAIN_CFG['global']['multilingual'] ? "AND (mlanguage='{$currentlang}' OR mlanguage='')" : '';
if (!is_admin()) {
if (is_user()) {
$query .= ' AND view!=2 AND view!=3';
} else {
$query .= ' AND (view=0 OR view=3)';
}
}
$result = $db->sql_query('SELECT mid, title, content, date, expire, view FROM ' . $prefix . "_message WHERE active='1' {$query} ORDER BY date DESC");
while (list($mid, $title, $content, $date, $expire, $view) = $db->sql_fetchrow($result)) {
$content = decode_bb_all($content, 1, true);
if (!empty($title) && !empty($content)) {
$output = '';
if ($view == 0) {
$output = _MVIEWALL;
} elseif ($view == 1) {
$output = _MVIEWUSERS;
} elseif ($view == 2) {
$output = _MVIEWADMIN;
} elseif ($view == 3) {
$output = _MVIEWANON;
} elseif ($view > 3 && (in_group($view - 3) || is_admin())) {
// <= phpBB User Groups Integration
$view = $view - 3;
if (!in_group($view)) {
list($output) = $db->sql_ufetchrow("SELECT group_name FROM " . $prefix . "_bbgroups WHERE group_id='{$view}'", SQL_NUM);
} else {
$output = in_group($view);
}
}
if ($output != '') {
$remain = '';
if (can_admin()) {
if ($expire == 0) {
$remain = _UNLIMITED;
} else {
$etime = ($date + $expire - time()) / 3600;
$etime = intval($etime);
$remain = $etime < 1 ? _EXPIRELESSHOUR : _EXPIREIN . " {$etime} " . _HOURS;
}
}
global $cpgtpl;
$cpgtpl->assign_block_vars('messageblock', array('S_TITLE' => $title, 'S_CONTENT' => $content, 'S_OUTPUT' => $output, 'S_DATE' => _POSTEDON . ' ' . formatDateTime($date, _DATESTRING2), 'S_REMAIN' => $remain, 'S_EDIT' => _EDIT, 'U_EDITMSG' => URL::admin('messages&edit=' . $mid)));
}
if ($expire != 0) {
if ($date + $expire < time()) {
$db->sql_query("UPDATE " . $prefix . "_message SET active='0' WHERE mid='{$mid}'");
}
}
}
}
$db->sql_freeresult($result);
}
/**
* beforeFilter
*
* Application hook which runs prior to each controller action
*
* @access public
*/
function checkAdminSession()
{
if ($this->Auth->user()) {
$groups = $this->Session->read('Groups');
//debug($groups);
//die;
if (!in_group('Admin', $groups) && !in_group('Moderator', $groups)) {
$this->Session->del('Auth');
$this->Session->del('Permissions');
$this->Session->del('Groups');
$this->Session->setFlash('You do not have permission to access the administration.');
$this->redirect(array('admin' => false, 'controller' => 'users', 'action' => 'login'));
}
// $this->redirect(array('admin' => true, 'controller' => low($this->name), 'action' => low($this->action)));
}
}
| at www.gnu.org/licenses/agpl.html. Removal of this
| copyright header is strictly prohibited without
| written permission from the original author(s).
+--------------------------------------------------------*/
require_once "maincore.php";
require_once THEMES . "templates/header.php";
require_once INCLUDES . "comments_include.php";
require_once INCLUDES . "ratings_include.php";
require_once THEMES . "templates/global/custompage.php";
$locale = fusion_get_locale("", LOCALE . LOCALESET . "custom_pages.php");
$cp_data = array();
if (!isset($_GET['page_id']) || !isnum($_GET['page_id'])) {
redirect("index.php");
}
$_GET['rowstart'] = isset($_GET['rowstart']) && isnum($_GET['rowstart']) ? $_GET['rowstart'] : 0;
$cp_result = dbquery("SELECT * FROM " . DB_CUSTOM_PAGES . "\n WHERE page_id='" . intval($_GET['page_id']) . "' AND " . groupaccess('page_access') . "\n " . (multilang_table("CP") ? "AND " . in_group("page_language", LANGUAGE) : ""));
$info = array("title" => "", "error" => "", "body" => "", "count" => 0, "pagenav" => "", "show_comments" => "", "show_ratings" => "");
if (dbrows($cp_result) > 0) {
$cp_data = dbarray($cp_result);
add_to_title($locale['global_200'] . $cp_data['page_title']);
add_breadcrumb(array('link' => BASEDIR . "viewpage.php?page_id=" . $_GET['page_id'], 'title' => $cp_data['page_title']));
if ($cp_data['page_keywords'] !== "") {
set_meta("keywords", $cp_data['page_keywords']);
}
$info['title'] = $cp_data['page_title'];
ob_start();
if (fusion_get_settings("allow_php_exe")) {
eval("?>" . stripslashes($cp_data['page_content']) . "<?php ");
} else {
echo "<p>" . parse_textarea($cp_data['page_content']) . "</p>\n";
}
**********************************************/
if (!defined('CPG_NUKE')) {
exit;
}
$cpg_dir = 'coppermine';
// without this, we get redirected to $referer/file=install ??
$pagetitle .= _SEARCH;
require_once 'header.php';
require_once 'includes/nbbcode.php';
// Create an array of active modules with search.inc capabilities.
$modlist = array();
$handle = opendir('modules');
while ($file = readdir($handle)) {
if (is_dir('modules/' . $file) && file_exists("modules/{$file}/search.inc") && is_active($file)) {
list($name, $view) = $db->sql_ufetchrow("SELECT custom_title,view FROM " . $prefix . "_modules WHERE title='" . $file . "'");
if ($view == 0 || $view == 1 && is_user() || $view == 3 && !is_user() || can_admin() || $view > 3 && in_group($view - 3)) {
include_once "modules/{$file}/search.inc";
$sclass = $file . '_search';
if (class_exists($sclass)) {
$modlist[$file]['search_class'] = $sclass;
$modlist[$file]['module'] = $file;
$modlist[$file]['title'] = $name != '' ? $name : $file;
}
}
}
}
asort($modlist);
if (!isset($_POST['search']) && !isset($_GET['search'])) {
$topicimage = 'AllTopics.gif';
$topicimage = (file_exists("themes/{$CPG_SESS['theme']}/images/topics/{$topicimage}") ? "themes/{$CPG_SESS['theme']}/" : '') . "images/topics/{$topicimage}";
OpenTable();
public static function query_customPage($id = null)
{
$result = dbquery("\n SELECT cp.*, link.link_id, link.link_order\n FROM " . DB_CUSTOM_PAGES . " cp\n LEFT JOIN " . DB_SITE_LINKS . " link on (cp.page_link_cat = link.link_cat AND " . in_group("link.link_url", "viewpage.php?page_id=") . "\n AND " . in_group("link.link_url", "cp.page_id") . ")\n " . ($id !== NULL && isnum($id) ? " WHERE page_id= '" . intval($id) . "' " : "") . "\n ");
return $result;
}
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
**************************************************************************/
$monthnums = array("January" => 1, "February" => 2, "March" => 3, "April" => 4, "May" => 5, "June" => 6, "July" => 7, "August" => 8, "September" => 9, "October" => 10, "November" => 11, "December" => 12);
$sql = $data->select_query("calendar_items", "WHERE startdate > {$timestamp} ORDER BY startdate ASC");
$nextevent = array();
while ($temp = $data->fetch_array($sql)) {
$groups = unserialize($temp['groups']);
if (is_array($groups)) {
$allowed = in_group($groups);
} else {
$allowed = true;
}
if ($allowed) {
$temp['detail'] = truncate(strip_tags($temp['detail']), 150);
$nextevent[] = $temp;
}
if (count($nextevent) >= $config['numsidebox']) {
break;
}
}
$tpl->assign("nextevent", $nextevent);
} else {
$numteams = 0;
}
$post['topics'] = unserialize($post['topics']);
$post['related'] = unserialize($post['related']);
$tpl->assign('numevents', $numevents);
$tpl->assign('event', $event);
$tpl->assign('numalbum', $numalbum);
$tpl->assign('albums', $albums);
$tpl->assign("post", $post);
$result = $data->select_query("articletopics", "ORDER BY title ASC", "id, title, groups");
$numtopics = 0;
$topics = array();
while ($temp = $data->fetch_array($result)) {
$topicgroups = unserialize($temp['groups']);
if (in_group($topicgroups)) {
$topics[] = $temp;
$numtopics++;
}
}
$article = $data->select_fetch_all_rows($numarticles, "patrol_articles", "WHERE allowed=1 AND trash=0 AND ID != {$safe_id} ORDER BY title ASC");
$tpl->assign('numarticles', $numarticles);
$tpl->assign('article', $article);
$tpl->assign('numarticles', $numarticles);
$tpl->assign('article', $article);
$tpl->assign('numtopics', $numtopics);
$tpl->assign('topics', $topics);
$scriptList['tinyAdv'] = 1;
$submit = $_POST["Submit"];
if ($submit == "Submit") {
if (validate($_POST['validation'])) {
function form_selected_group($item, $s)
{
if (in_group($s, $item) == TRUE) {
$out = ' selected ';
return $out;
}
}
function mod_prj()
{
require_once _base_ . '/lib/lib.form.php';
$form = new Form();
$out =& $GLOBALS['page'];
$out->setWorkingZone('content');
$lang =& DoceboLanguage::createInstance('project', "lms");
// Controllo che l'utente non cerchi di entrare in progetti a cui non e' iscritto.
$id = $_GET["id"];
$myprj = user_projects(Docebo::user()->getIdSt());
$view_perm = checkPerm('mod', true);
if ($view_perm && in_array($id, $myprj) && is_owner(Docebo::user()->getIdSt(), $id)) {
//area title
$out->add(getTitleArea($lang->def("_PROJECT_MANAGER"), "project"));
$out->add('<div class="std_block">');
if (isset($_POST["applychanges"]) && $_POST["ptitle"] != "") {
$err = "";
$ptitle = isset($_POST["ptitle"]) ? $_POST["ptitle"] : "";
$pgroup = $_POST["pgroup"];
$old_pgroup = $_POST["old_pgroup"];
$psfiles = isset($_POST["psfiles"]) ? $_POST["psfiles"] : 0;
$pstasks = isset($_POST["pstasks"]) ? $_POST["pstasks"] : 0;
$psnews = isset($_POST["psnews"]) ? $_POST["psnews"] : 0;
$pstodo = isset($_POST["pstodo"]) ? $_POST["pstodo"] : 0;
$psmsg = isset($_POST["psmsg"]) ? $_POST["psmsg"] : 0;
$qtxt = "UPDATE " . $GLOBALS["prefix_lms"] . "_prj SET ptitle='{$ptitle}',psfiles='{$psfiles}',";
$qtxt .= "pstasks='{$pstasks}',psnews='{$psnews}',pstodo='{$pstodo}',psmsg='{$psmsg}' ";
if ($pgroup != $old_pgroup) {
if (in_group(getLogUserId(), $pgroup)) {
// Removing all admins:
$pgroup_qtxt = "DELETE FROM " . $GLOBALS["prefix_lms"] . "_prj_users ";
$pgroup_qtxt .= "WHERE flag='1' AND pid='" . $id . "'";
$q = sql_query($pgroup_qtxt);
if ($q) {
$qtxt .= ",pgroup='" . $pgroup . "' ";
}
} else {
$err = $lang->def("_PRJNOVALIDGROUP");
}
}
$qtxt .= "WHERE id='{$id}' LIMIT 1";
if (empty($err)) {
$q = sql_query($qtxt);
if ($q) {
//$out->add(getResultUi($lang->def('_OPERATION_SUCCESSFUL')));
Util::jump_to("index.php?modname=project&op=project");
}
} else {
$out->add(getErrorUi($err));
}
}
//$out->add("<div class=\"alignRight\"><a class=\"back_comand\" href=\"index.php?modname=project&op=project\">".$lang->def("_BACK")."</a></div>\n");
$query = sql_query("SELECT * FROM " . $GLOBALS["prefix_lms"] . "_prj WHERE id='{$id}';");
if ($query && mysql_num_rows($query) > 0) {
$row = mysql_fetch_array($query);
}
$group_arr = getGroupsForProject($lang);
$url = "index.php?modname=project&op=project";
$out->add(getBackUi($url, $lang->def('_BACK')));
$url = "index.php?modname=project&op=modprj&id=" . $id;
$out->add($form->openForm("project_form", $url));
$out->add($form->openElementSpace());
$out->add($form->getTextfield($lang->def("_PTITLE"), "ptitle", "ptitle", 255, $row["ptitle"]));
$out->add($form->getDropdown($lang->def("_PGROUP"), "pgroup", "pgroup", $group_arr, $row["pgroup"]));
$out->add($form->getHidden("old_pgroup", "old_pgroup", $row["pgroup"]));
// TODO: add a fieldset labeled _POPTIONS
$out->add($form->getCheckbox($lang->def("_PSFILES"), "psfiles", "psfiles", 1, $row["psfiles"]));
$out->add($form->getCheckbox($lang->def("_PSTASKS"), "pstasks", "pstasks", 1, $row["pstasks"]));
$out->add($form->getCheckbox($lang->def("_PSNEWS"), "psnews", "psnews", 1, $row["psnews"]));
$out->add($form->getCheckbox($lang->def("_PSTODO"), "pstodo", "pstodo", 1, $row["pstodo"]));
$out->add($form->getCheckbox($lang->def("_PSMSG"), "psmsg", "psmsg", 1, $row["psmsg"]));
$out->add($form->getHidden("applychanges", "applychanges", 1));
$out->add($form->closeElementSpace());
$out->add($form->openButtonSpace());
$out->add($form->getButton('save', 'save', $lang->def('_SAVE')));
$out->add($form->getButton('undo', 'undo', $lang->def('_UNDO')));
$out->add($form->closeButtonSpace());
$out->add($form->closeForm());
return 0;
// OLD FORM:
$out->add("<form method=\"post\" action=\"index.php?modname=project&op=modprj&id={$id}\">\n" . '<input type="hidden" id="authentic_request_prj" name="authentic_request" value="' . Util::getSignature() . '" />');
$out->add("<table>\n");
$out->add("<tr><td><b>" . $lang->def("_PTITLE") . "</b>:\n");
$out->add("</td><td><input type=\"text\" id=\"ptitle\" name=\"ptitle\" size=\"40\" value=\"" . $row["ptitle"] . "\" />\n");
$out->add("</td></tr>\n");
$out->add("<tr><td style=\"vertical-align: top;\"><b>" . $lang->def("_POPTIONS") . ":</b>\n");
$out->add("</td><td>\n");
if ($row["psfiles"]) {
$chk = " checked";
} else {
$chk = "";
}
$out->add("<input type=\"checkbox\" id=\"psfiles\" name=\"psfiles\" value=\"1\"{$chk} />" . $lang->def("_PSFILES") . "<br />\n");
if ($row["pstasks"]) {
$chk = " checked";
} else {
$chk = "";
}
$out->add("<input type=\"checkbox\" id=\"pstasks\" name=\"pstasks\" value=\"1\"{$chk} />" . $lang->def("_PSTASKS") . "<br />\n");
if ($row["psnews"]) {
$chk = " checked";
} else {
$chk = "";
}
$out->add("<input type=\"checkbox\" id=\"psnews\" name=\"psnews\" value=\"1\"{$chk} />" . $lang->def("_PSNEWS") . "<br />\n");
if ($row["pstodo"]) {
$chk = " checked";
} else {
$chk = "";
}
$out->add("<input type=\"checkbox\" id=\"pstodo\" name=\"pstodo\" value=\"1\"{$chk} />" . $lang->def("_PSTODO") . "<br />\n");
if ($row["psmsg"]) {
$chk = " checked";
} else {
$chk = "";
}
$out->add("<input type=\"checkbox\" id=\"psmsg\" name=\"psmsg\" value=\"1\"{$chk} />" . $lang->def("_PSMSG") . "<br />\n");
$out->add("</td></tr>\n");
$out->add("</table><br />\n");
$out->add("<input type=\"hidden\" id=\"applychanges\" name=\"applychanges\" value=\"1\" />\n");
$out->add("<input class=\"button\" type=\"submit\" value=\"" . $lang->def("_SAVE") . "\" />\n");
$out->add("</form>\n");
$out->add('</div>');
} else {
die("You can't access");
}
}
function admin_login()
{
$this->layout = 'admin';
//$this->Auth->autoRedirect = false;
if ($this->Auth->user()) {
$groups = $this->Session->read('Groups');
//debug($groups);
//die;
if (!in_group('Admin', $groups) || !in_group('Moderator', $groups)) {
$this->Session->del('Auth');
$this->Session->del('Permissions');
$this->Session->del('Groups');
$this->Session->setFlash('You do not have permission to access the administration.');
$this->redirect(array('admin' => false, 'controller' => 'users', 'action' => 'login'));
}
$this->redirect('/admin/posts');
}
}
function article_listing()
{
global $aidlink, $locale;
global $aidlink, $locale;
// Remodel display results into straight view instead category container sorting.
// consistently monitor sql results rendertime. -- Do not Surpass 0.15
// all blog are uncategorized by default unless specified.
$limit = 15;
$total_rows = dbcount("(article_id)", DB_ARTICLES, multilang_table("AR") ? "article_language='" . LANGUAGE . "'" : "");
$rowstart = isset($_GET['rowstart']) && $_GET['rowstart'] <= $total_rows ? $_GET['rowstart'] : 0;
// add a filter browser
$catOpts = array("all" => $locale['articles_0023']);
$categories = dbquery("select article_cat_id, article_cat_name\n\t\t\t\tfrom " . DB_ARTICLE_CATS . " " . (multilang_table("AR") ? "where article_cat_language='" . LANGUAGE . "'" : "") . "");
if (dbrows($categories) > 0) {
while ($cat_data = dbarray($categories)) {
$catOpts[$cat_data['article_cat_id']] = $cat_data['article_cat_name'];
}
}
// prevent xss
$catFilter = "";
if (isset($_GET['filter_cid']) && isnum($_GET['filter_cid']) && isset($catOpts[$_GET['filter_cid']])) {
if ($_GET['filter_cid'] > 0) {
$catFilter = "and " . in_group("article_cat", intval($_GET['filter_cid']));
}
}
$langFilter = multilang_table("AR") ? "article_language='" . LANGUAGE . "'" : "";
if ($catFilter && $langFilter) {
$filter = $catFilter . " AND " . $langFilter;
} else {
$filter = $catFilter . $langFilter;
}
$result = dbquery("\n\tSELECT a.article_id, a.article_cat, a.article_subject, a.article_snippet, a.article_draft,\n\tcat.article_cat_id, cat.article_cat_name\n\tFROM " . DB_ARTICLES . " a\n\tLEFT JOIN " . DB_ARTICLE_CATS . " cat on cat.article_cat_id=a.article_cat\n\t" . ($filter ? "WHERE " . $filter : "") . "\n\tORDER BY article_draft DESC, article_datestamp DESC LIMIT {$rowstart}, {$limit}\n\t");
$rows = dbrows($result);
echo "<div class='clearfix'>\n";
echo "<span class='pull-right m-t-10'>" . sprintf($locale['articles_0024'], $rows, $total_rows) . "</span>\n";
if (!empty($catOpts) > 0 && $total_rows > 0) {
echo "<div class='pull-left m-t-5 m-r-10'>" . $locale['articles_0025'] . "</div>\n";
echo "<div class='dropdown pull-left m-r-10' style='position:relative'>\n";
echo "<a class='dropdown-toggle btn btn-default btn-sm' style='width: 200px;' data-toggle='dropdown'>\n<strong>\n";
if (isset($_GET['filter_cid']) && isset($catOpts[$_GET['filter_cid']])) {
echo $catOpts[$_GET['filter_cid']];
} else {
echo $locale['articles_0026'];
}
echo " <span class='caret'></span></strong>\n</a>\n";
echo "<ul class='dropdown-menu' style='max-height:180px; width:200px; overflow-y: scroll'>\n";
foreach ($catOpts as $catID => $catName) {
$active = isset($_GET['filter_cid']) && $_GET['filter_cid'] == $catID ? TRUE : FALSE;
echo "<li" . ($active ? " class='active'" : "") . ">\n<a class='text-smaller' href='" . clean_request("filter_cid=" . $catID, array("section", "rowstart", "aid"), TRUE) . "'>\n";
echo $catName;
echo "</a>\n</li>\n";
}
echo "</ul>\n";
echo "</div>\n";
}
if ($total_rows > $rows) {
echo makepagenav($rowstart, $limit, $total_rows, $limit, clean_request("", array("aid", "section"), TRUE) . "&");
}
echo "</div>\n";
echo "<ul class='list-group m-10'>\n";
if ($rows > 0) {
while ($data2 = dbarray($result)) {
echo "<li class='list-group-item'>\n";
echo "<div class='clearfix'>\n";
echo "<div class='m-b-10 pull-right'><strong>" . $locale['articles_0340'] . ":</strong>\n";
echo "<a class='display-inline-block badge' style='width:auto;' href='" . FUSION_SELF . $aidlink . "&action=edit&cat_id=" . $data2['article_cat_id'] . "&section=article_category'>";
echo $data2['article_cat_name'];
echo "</a>";
echo "</div>\n";
echo "<span class='strong text-dark'>" . $data2['article_subject'] . "</span>\n";
echo "</div>\n";
$articleText = strip_tags(parse_textarea($data2['article_snippet']));
echo fusion_first_words($articleText, '50');
echo "<div class='block m-t-10'>\n\t\t\t<a href='" . FUSION_SELF . $aidlink . "&action=edit&section=article_form&article_id=" . $data2['article_id'] . "'>" . $locale['edit'] . "</a> -\n";
echo "<a href='" . FUSION_SELF . $aidlink . "&action=delete&section=article&article_id=" . $data2['article_id'] . "'\n\t\t\tonclick=\"return confirm('" . $locale['articles_0251'] . "');\">" . $locale['delete'] . "</a>\n";
echo "</div>\n";
echo "</li>\n";
}
} else {
echo "<div class='panel-body text-center'>\n";
echo $locale['articles_0343'];
echo "</div>\n";
}
echo "</ul>\n";
if ($total_rows > $rows) {
echo makepagenav($rowstart, $limit, $total_rows, $limit, clean_request("", array("aid", "section"), TRUE) . "&");
}
}
$Source: /cvs/html/modules/Your_Account/blocks/groups.php,v $
$Revision: 9.10 $
$Author: estlane $
$Date: 2009/10/14 18:56:07 $
**********************************************/
if (!defined('CPG_NUKE')) {
exit;
}
if (is_user()) {
// Group Memberships
$result = $db->sql_query('SELECT ug.group_id, g.group_name, g.group_type FROM ' . $prefix . '_bbuser_group ug INNER JOIN ' . $prefix . '_bbgroups g ON (g.group_id = ug.group_id AND g.group_single_user = 0) WHERE ug.user_pending = 0 AND ug.user_id = ' . intval($userinfo['user_id']));
if ($db->sql_numrows($result)) {
$g = array();
while ($row = $db->sql_fetchrow($result, SQL_NUM)) {
if ($row[2] == 2 && (!in_group($row[0]) && !can_admin())) {
continue;
} else {
$g[$row[0]] = $row[1];
}
}
if (count($g)) {
$cpgtpl->assign_vars(array('GROUPS_TITLE' => $userinfo['username'] . '\'s ' . _MEMBERGROUPS));
foreach ($g as $gid => $gname) {
$cpgtpl->assign_block_vars('group', array('URL' => URL::index('Groups&g=' . $gid), 'NAME' => $gname));
}
$cpgtpl->set_handle('ya_block', 'your_account/blocks/groups.html');
$cpgtpl->display('ya_block');
}
}
}
private function allowed($view)
{
$view = intval($view);
if (is_admin() || $view === 0 || $view === 1 && is_user() || $view === 3 && !is_user() || $view > 3 && in_group($view - 3)) {
return true;
}
return;
}
get_lang($module_name, -1);
$showblocks = $module['blocks'];
if ($module['custom_title'] != '') {
$module_title = $module['custom_title'];
} else {
$module_title = defined('_' . $module_name . 'LANG') ? constant('_' . $module_name . 'LANG') : str_replace('_', ' ', $module_name);
}
$module_version = $module['version'];
$module_id = $module['mid'];
unset($module, $error);
if ($view > 0 && !is_admin()) {
if ($view == 1 && !is_user()) {
$error = _MODULEUSERS . ($MAIN_CFG['member']['allowuserreg'] ? _MODULEUSERS2 : '');
} elseif ($view == 2) {
$error = _MODULESADMINS;
} elseif ($view > 3 && !in_group($view - 3)) {
list($groupName) = $db->sql_ufetchrow('SELECT group_name FROM ' . $prefix . '_bbgroups WHERE group_id=' . ($view - 3));
$error = '<i>' . $groupName . '</i> ' . _MODULESGROUPS;
}
}
if (isset($error)) {
cpg_error('<br /><br /><strong>' . _RESTRICTEDAREA . '</strong><br /><br />' . $error, 401);
} else {
include $modpath;
}
} else {
cpg_error('<br /><br />' . _MODULENOTACTIVE, 503);
}
} else {
// index.php
if ($SESS->new) {
/**
* Blog Listing HTML
*/
function blog_listing()
{
global $aidlink, $locale;
// Remodel display results into straight view instead category container sorting.
// consistently monitor sql results rendertime. -- Do not Surpass 0.15
// all blog are uncategorized by default unless specified.
$limit = 15;
$total_rows = dbcount("(blog_id)", DB_BLOG, multilang_table("BL") ? "blog_language='" . LANGUAGE . "'" : "");
$rowstart = isset($_GET['rowstart']) && $_GET['rowstart'] <= $total_rows ? $_GET['rowstart'] : 0;
// add a filter browser
$catOpts = array("all" => $locale['blog_0460'], "0" => $locale['blog_0424']);
$categories = dbquery("select blog_cat_id, blog_cat_name\n\t\t\t\tfrom " . DB_BLOG_CATS . " " . (multilang_table("BL") ? "where blog_cat_language='" . LANGUAGE . "'" : "") . "");
if (dbrows($categories) > 0) {
while ($cat_data = dbarray($categories)) {
$catOpts[$cat_data['blog_cat_id']] = $cat_data['blog_cat_name'];
}
}
// prevent xss
$catFilter = "";
if (isset($_GET['filter_cid']) && isnum($_GET['filter_cid']) && isset($catOpts[$_GET['filter_cid']])) {
if ($_GET['filter_cid'] > 0) {
$catFilter = "and " . in_group("blog_cat", intval($_GET['filter_cid']));
}
}
$langFilter = multilang_table("BL") ? "blog_language='" . LANGUAGE . "'" : "";
if ($catFilter && $langFilter) {
$filter = $catFilter . " AND " . $langFilter;
} else {
$filter = $catFilter . $langFilter;
}
$result = dbquery("\n\tSELECT blog_id, blog_cat, blog_subject, blog_image, blog_image_t1, blog_image_t2, blog_blog, blog_draft\n\tFROM " . DB_BLOG . "\n\t" . ($filter ? "WHERE " . $filter : "") . "\n\tORDER BY blog_draft DESC, blog_sticky DESC, blog_datestamp DESC LIMIT {$rowstart}, {$limit}\n\t");
$rows = dbrows($result);
echo "<div class='clearfix'>\n";
echo "<span class='pull-right m-t-10'>" . sprintf($locale['blog_0408'], $rows, $total_rows) . "</span>\n";
if (!empty($catOpts) > 0 && $total_rows > 0) {
echo "<div class='pull-left m-t-5 m-r-10'>" . $locale['blog_0458'] . "</div>\n";
echo "<div class='dropdown pull-left m-r-10' style='position:relative'>\n";
echo "<a class='dropdown-toggle btn btn-default btn-sm' style='width: 200px;' data-toggle='dropdown'>\n<strong>\n";
if (isset($_GET['filter_cid']) && isset($catOpts[$_GET['filter_cid']])) {
echo $catOpts[$_GET['filter_cid']];
} else {
echo $locale['blog_0459'];
}
echo " <span class='caret'></span></strong>\n</a>\n";
echo "<ul class='dropdown-menu' style='max-height:180px; width:200px; overflow-y: scroll'>\n";
foreach ($catOpts as $catID => $catName) {
$active = isset($_GET['filter_cid']) && $_GET['filter_cid'] == $catID ? true : false;
echo "<li" . ($active ? " class='active'" : "") . ">\n<a class='text-smaller' href='" . clean_request("filter_cid=" . $catID, array("section", "rowstart", "aid"), true) . "'>\n";
echo $catName;
echo "</a>\n</li>\n";
}
echo "</ul>\n";
echo "</div>\n";
}
if ($total_rows > $rows) {
echo makepagenav($rowstart, $limit, $total_rows, $limit, clean_request("", array("aid", "section"), true) . "&");
}
echo "</div>\n";
echo "<ul class='list-group m-10'>\n";
if ($rows > 0) {
while ($data2 = dbarray($result)) {
echo "<li class='list-group-item'>\n";
echo "<div class='pull-left m-r-10'>\n";
$image_thumb = get_blog_image_path($data2['blog_image'], $data2['blog_image_t1'], $data2['blog_image_t2']);
if (!$image_thumb) {
$image_thumb = IMAGES . "imagenotfound70.jpg";
}
echo thumbnail($image_thumb, '70px');
echo "</div>\n";
echo "<div class='overflow-hide'>\n";
echo "<div><span class='strong text-dark'>" . $data2['blog_subject'] . "</span><br/>\n";
if (!empty($data2['blog_cat'])) {
$blog_cat = str_replace(".", ",", $data2['blog_cat']);
$result2 = dbquery("SELECT blog_cat_id, blog_cat_name\n from " . DB_BLOG_CATS . " WHERE blog_cat_id in ({$blog_cat})\n ");
$rows2 = dbrows($result2);
if ($rows2 > 0) {
echo "<div class='m-b-10'><strong>" . $locale['blog_0407'] . ": </strong>\n";
$i = 1;
while ($cdata = dbarray($result2)) {
echo "<a href='" . FUSION_SELF . $aidlink . "&action=edit&cat_id=" . $cdata['blog_cat_id'] . "&section=blog_category'>";
echo $cdata['blog_cat_name'];
echo "</a>";
echo $i == $rows2 ? "" : ", ";
$i++;
}
echo "</div>\n";
}
echo "</div>\n";
}
$blogText = strip_tags(parse_textarea($data2['blog_blog']));
echo fusion_first_words($blogText, '50');
echo "<div class='block m-t-10'><a href='" . FUSION_SELF . $aidlink . "&action=edit&section=blog_form&blog_id=" . $data2['blog_id'] . "'>" . $locale['blog_0420'] . "</a> -\n";
echo "<a href='" . FUSION_SELF . $aidlink . "&action=delete&section=blog_form&blog_id=" . $data2['blog_id'] . "' onclick=\"return confirm('" . $locale['blog_0451'] . "');\">" . $locale['blog_0421'] . "</a>\n";
echo "</div>\n</div>\n";
echo "</li>\n";
}
} else {
echo "<div class='panel-body text-center'>\n";
echo $locale['blog_0456'];
echo "</div>\n";
}
echo "</ul>\n";
if ($total_rows > $rows) {
echo makepagenav($rowstart, $limit, $total_rows, $limit, clean_request("", array("aid", "section"), true) . "&");
}
}
public function cache_tags()
{
$tag_query = "SELECT * FROM " . DB_FORUM_TAGS . " WHERE tag_status=1\n " . (multilang_table("FO") ? "AND tag_language='" . LANGUAGE . "'" : "") . "\n ORDER BY tag_title ASC";
$tag_result = dbquery($tag_query);
if (dbrows($tag_result) > 0) {
while ($data = dbarray($tag_result)) {
$data['tag_link'] = FORUM . "tags.php?tag_id=" . $data['tag_id'];
$data['tag_active'] = isset($_GET['viewtags']) && isset($_GET['tag_id']) && $_GET['tag_id'] == $data['tag_id'] ? TRUE : FALSE;
$this->tag_info['tags'][$data['tag_id']] = $data;
$thread_query = "SELECT * FROM " . DB_FORUM_THREADS . " WHERE " . in_group('thread_tags', $data['tag_id']) . " ORDER BY thread_lastpost DESC LIMIT 1";
$thread_result = dbquery($thread_query);
$thread_rows = dbrows($thread_result);
if ($thread_rows > 0) {
$tData = dbarray($thread_result);
$this->tag_info['tags'][$data['tag_id']]['threads'] = $tData;
}
}
// More
$this->tag_info['tags'][0] = array('tag_id' => 0, 'tag_link' => FORUM . "tags.php", 'tag_title' => fusion_get_locale("global_700") . "…", 'tag_active' => '', 'tag_color' => '');
}
}
$author_res = dbresult(dbquery("SELECT user_name FROM " . DB_USERS . " WHERE user_id='" . intval($_GET['author']) . "'"), 0);
add_breadcrumb(array('link' => INFUSIONS . "blog/blog.php?author=" . $_GET['author'], 'title' => $locale['global_070'] . $author_res));
if (isset($_GET['type']) && isset($info['allowed_filters'][$_GET['type']])) {
add_breadcrumb(array("link" => clean_request("", array("author"), true), "title" => $info['allowed_filters'][$_GET['type']]));
}
$result = dbquery("SELECT tn.*,\n\t\t\ttu.user_id, tu.user_name, tu.user_status, tu.user_avatar , tu.user_level, tu.user_joined,\n\t\t\tSUM(tr.rating_vote) 'sum_rating',\n\t\t\tCOUNT(tr.rating_item_id) 'count_votes',\n\t\t\tCOUNT(td.comment_item_id) 'count_comment',\n\t\t\tmax(tn.blog_datestamp) as last_updated\n\t\t\tFROM " . DB_BLOG . " tn\n\t\t\tinner join " . DB_USERS . " tu on tn.blog_name=tu.user_id\n\t\t\tleft join " . DB_RATINGS . " tr on tr.rating_item_id = tn.blog_id AND tr.rating_type='B'\n\t\t\tleft join " . DB_COMMENTS . " td on td.comment_item_id = tn.blog_id AND td.comment_type='B' AND td.comment_hidden='0'\n\t\t\t" . (multilang_table("BL") ? "WHERE blog_language='" . LANGUAGE . "' AND" : "WHERE") . " " . groupaccess('blog_visibility') . "\n\t\t\tand (blog_start='0'||blog_start<=" . time() . ") and (blog_end='0'||blog_end>=" . time() . ") AND blog_draft='0' AND blog_name='" . intval($_GET['author']) . "'\n\t\t\tGROUP BY blog_id\n\t\t\tORDER BY blog_sticky DESC, " . $filter_condition . " LIMIT " . $_GET['rowstart'] . "," . $blog_settings['blog_pagination']);
$info['blog_rows'] = dbrows($result);
}
} elseif (isset($_GET['cat_id']) && validate_blogCats($_GET['cat_id'])) {
$catFilter = "and blog_cat =''";
if ($_GET['cat_id'] > 0) {
$res = dbarray(dbquery("SELECT blog_cat_id, blog_cat_name FROM " . DB_BLOG_CATS . " WHERE blog_cat_id='" . intval($_GET['cat_id']) . "'"));
add_breadcrumb(array('link' => INFUSIONS . "blog/blog.php?cat_id=" . $_GET['cat_id'], 'title' => $res['blog_cat_name']));
add_to_title($locale['global_201'] . $res['blog_cat_name']);
$info['blog_title'] = $res['blog_cat_name'];
$catFilter = "and " . in_group("blog_cat", intval($_GET['cat_id']));
} else {
add_breadcrumb(array('link' => INFUSIONS . "blog/blog.php?cat_id=" . $_GET['cat_id'], 'title' => $locale['global_080']));
add_to_title($locale['global_201'] . $locale['global_080']);
$info['blog_title'] = $locale['global_080'];
}
if (isset($_GET['type']) && isset($info['allowed_filters'][$_GET['type']])) {
add_breadcrumb(array("link" => INFUSIONS . "blog/blog.php?cat_id=" . $_GET['cat_id'] . "&type=" . $_GET['type'], "title" => $info['allowed_filters'][$_GET['type']]));
}
$info['blog_max_rows'] = dbrows(dbquery("select blog_id from " . DB_BLOG . "\n\t\t\t" . (multilang_table("BL") ? "WHERE blog_language='" . LANGUAGE . "' and " : "where") . " " . groupaccess("blog_visibility") . "\n\t\t\tand (blog_start='0'||blog_start<=" . time() . ") and (blog_end='0'||blog_end>=" . time() . ") and blog_draft='0'\n\t\t\t" . $catFilter . "\n\t\t\t"));
//xss
$_GET['rowstart'] = isset($_GET['rowstart']) && isnum($_GET['rowstart']) && $_GET['rowstart'] <= $info['blog_max_rows'] ? $_GET['rowstart'] : 0;
if ($info['blog_max_rows']) {
$result = dbquery("\n\t\t\tSELECT tn.*, tc.*, IF(tn.blog_cat = 0, '" . $locale['global_080'] . "', blog_cat_name) as blog_cat_name,\n\t\t\ttu.user_id, tu.user_name, tu.user_status, tu.user_avatar , tu.user_level, tu.user_joined,\n\t\t\tIF(SUM(tr.rating_vote)>0, SUM(tr.rating_vote), 0) AS sum_rating,\n\t\t\tCOUNT(tr.rating_item_id) AS count_votes,\n\t\t\tCOUNT(td.comment_item_id) AS count_comment,\n\t\t\tmax(tn.blog_datestamp) as last_updated\n\t\t\tFROM " . DB_BLOG . " tn\n\t\t\tLEFT JOIN " . DB_USERS . " tu ON tn.blog_name=tu.user_id\n\t\t\tLEFT JOIN " . DB_BLOG_CATS . " tc ON tn.blog_cat=tc.blog_cat_id\n\t\t\tLEFT JOIN " . DB_RATINGS . " tr ON tr.rating_item_id = tn.blog_id AND tr.rating_type='B'\n\t\t\tLEFT JOIN " . DB_COMMENTS . " td ON td.comment_item_id = tn.blog_id AND td.comment_type='B' AND td.comment_hidden='0'\n\t\t\t" . (multilang_table("BL") ? "WHERE blog_language='" . LANGUAGE . "' AND" : "WHERE") . " " . groupaccess('blog_visibility') . "\n\t\t\t" . $catFilter . "\n\t\t\tAND (blog_start='0'||blog_start<=" . time() . ") AND (blog_end='0'||blog_end>=" . time() . ")\n\t\t\tAND blog_draft='0'\n\t\t\tGROUP BY tn.blog_id\n\t\t\tORDER BY blog_sticky DESC, " . $filter_condition . " LIMIT " . intval($_GET['rowstart']) . "," . intval($blog_settings['blog_pagination']));
$info['blog_rows'] = dbrows($result);
}
$data['work'] .= '
<tr>
<td id="blank" colspan="2"> </td>
<td id="blank"><font color="[color_err]">Der User ist UrAdmin, sein Status<br />
kann nicht geänder werden</font></td>
</tr>';
}
$data['work'] .= '
<tr>
<td id="blank" style="width:250px; vertical-align:top"><b>Usergruppen</b></td>
<td id="blank"> </td>
<td id="blank">
<select id="tab" name="groupids[]" size="5" style="width:100px" multiple>';
$r_group = db_query("SELECT\n name,\n groupid\n FROM " . $pref . "group ORDER BY groupid ASC");
while ($group = db_result($r_group)) {
$data['work'] .= '<option value="' . $group['groupid'] . '"' . (in_group($user['groupids'], $group['groupid']) ? ' selected' : '') . '>' . $group['name'] . '</option>';
}
$data['work'] .= '
</select>
</td>
</tr>';
foreach ($user_edit as $key => $value) {
$data['work'] .= '
<tr>
<td id="blank" style="width:250px; vertical-align:top"><b>' . $value[0] . '</b><br /><font size="1">' . $value[1] . '</font></td>
<td id="blank"> </td><td id="blank" style="vertical-align:top">';
switch ($value[2]) {
case 1:
$data['work'] .= '<input type="text" size="10" name="user[' . $key . ']" value="' . $user[$key] . '" id="border-tab"/>';
break;
case 2:
public function allow($check = false)
{
if (self::$is_home || 'Your_Account' === $this->name || in_array($this->name, self::$allow_access)) {
return true;
}
if (!$this->active && !can_admin($this->name)) {
$error = sprintf(_MODULENOEXIST, '');
} elseif (1 === $this->view && !is_user()) {
global $MAIN_CFG;
$error = _MODULEUSERS . ($MAIN_CFG['member']['allowuserreg'] ? _MODULEUSERS2 : '');
} elseif (2 === $this->view && !can_admin($this->name)) {
$error = _MODULESADMINS;
} elseif (3 < $this->view && !in_group($this->view - 3)) {
global $db, $prefix;
list($groupName) = $db->sql_ufetchrow('SELECT group_name FROM ' . $prefix . '_bbgroups WHERE group_id=' . ($this->view - 3));
$error = '<i>' . $groupName . '</i> ' . _MODULESGROUPS;
}
if (isset($error)) {
if ($check) {
return $error;
}
cpg_error($error, E_USER_ERROR);
}
return true;
}
/**
* @brief Returns array of channels which have recursive permission for a file
*
* @param $arr_allow_cid
* @param $arr_allow_gid
* @param $arr_deny_cid
* @param $arr_deny_gid
* @param $folder_hash
*/
function recursive_activity_recipients($arr_allow_cid, $arr_allow_gid, $arr_deny_cid, $arr_deny_gid, $folder_hash)
{
$ret = array();
$parent_arr = array();
$count_values = array();
$poster = get_app()->get_observer();
//turn allow_gid into allow_cid's
foreach ($arr_allow_gid as $gid) {
$in_group = in_group($gid);
$arr_allow_cid = array_unique(array_merge($arr_allow_cid, $in_group));
}
$count = 0;
while ($folder_hash) {
$x = q("SELECT allow_cid, allow_gid, deny_cid, deny_gid, folder FROM attach WHERE hash = '%s' LIMIT 1", dbesc($folder_hash));
//only process private folders
if ($x[0]['allow_cid'] || $x[0]['allow_gid'] || $x[0]['deny_cid'] || $x[0]['deny_gid']) {
$parent_arr['allow_cid'][] = expand_acl($x[0]['allow_cid']);
$parent_arr['allow_gid'][] = expand_acl($x[0]['allow_gid']);
/**
* @TODO should find a much better solution for the allow_cid <-> allow_gid problem.
* Do not use allow_gid for now. Instead lookup the members of the group directly and add them to allow_cid.
* */
if ($parent_arr['allow_gid']) {
foreach ($parent_arr['allow_gid'][$count] as $gid) {
$in_group = in_group($gid);
$parent_arr['allow_cid'][$count] = array_unique(array_merge($parent_arr['allow_cid'][$count], $in_group));
}
}
$parent_arr['deny_cid'][] = expand_acl($x[0]['deny_cid']);
$parent_arr['deny_gid'][] = expand_acl($x[0]['deny_gid']);
$count++;
}
$folder_hash = $x[0]['folder'];
}
//if none of the parent folders is private just return file perms
if (!$parent_arr['allow_cid'] && !$parent_arr['allow_gid'] && !$parent_arr['deny_cid'] && !$parent_arr['deny_gid']) {
$ret['allow_gid'] = $arr_allow_gid;
$ret['allow_cid'] = $arr_allow_cid;
$ret['deny_gid'] = $arr_deny_gid;
$ret['deny_cid'] = $arr_deny_cid;
return $ret;
}
//if there are no perms on the file we get them from the first parent folder
if (!$arr_allow_cid && !$arr_allow_gid && !$arr_deny_cid && !$arr_deny_gid) {
$arr_allow_cid = $parent_arr['allow_cid'][0];
$arr_allow_gid = $parent_arr['allow_gid'][0];
$arr_deny_cid = $parent_arr['deny_cid'][0];
$arr_deny_gid = $parent_arr['deny_gid'][0];
}
//allow_cid
$r_arr_allow_cid = false;
foreach ($parent_arr['allow_cid'] as $folder_arr_allow_cid) {
foreach ($folder_arr_allow_cid as $ac_hash) {
$count_values[$ac_hash]++;
}
}
foreach ($arr_allow_cid as $fac_hash) {
if ($count_values[$fac_hash] == $count) {
$r_arr_allow_cid[] = $fac_hash;
}
}
//allow_gid
$r_arr_allow_gid = false;
foreach ($parent_arr['allow_gid'] as $folder_arr_allow_gid) {
foreach ($folder_arr_allow_gid as $ag_hash) {
$count_values[$ag_hash]++;
}
}
foreach ($arr_allow_gid as $fag_hash) {
if ($count_values[$fag_hash] == $count) {
$r_arr_allow_gid[] = $fag_hash;
}
}
//deny_gid
foreach ($parent_arr['deny_gid'] as $folder_arr_deny_gid) {
$r_arr_deny_gid = array_merge($arr_deny_gid, $folder_arr_deny_gid);
}
$r_arr_deny_gid = array_unique($r_arr_deny_gid);
//deny_cid
foreach ($parent_arr['deny_cid'] as $folder_arr_deny_cid) {
$r_arr_deny_cid = array_merge($arr_deny_cid, $folder_arr_deny_cid);
}
$r_arr_deny_cid = array_unique($r_arr_deny_cid);
//if none is allowed restrict to self
if ($r_arr_allow_gid === false && $r_arr_allow_cid === false) {
$ret['allow_cid'] = $poster['xchan_hash'];
} else {
$ret['allow_gid'] = $r_arr_allow_gid;
$ret['allow_cid'] = $r_arr_allow_cid;
$ret['deny_gid'] = $r_arr_deny_gid;
$ret['deny_cid'] = $r_arr_deny_cid;
}
return $ret;
}
public static function send_pm($to, $from, $subject, $message, $smileys = 'y', $to_group = FALSE, $save_sent = TRUE)
{
include LOCALE . LOCALESET . "messages.php";
require_once INCLUDES . "sendmail_include.php";
require_once INCLUDES . "flood_include.php";
$strict = FALSE;
$locale = array();
$group_name = getgroupname($to);
$to = isnum($to) || !empty($group_name) ? $to : 0;
$from = isnum($from) ? $from : 0;
$smileys = preg_match("#(\\[code\\](.*?)\\[/code\\]|\\[geshi=(.*?)\\](.*?)\\[/geshi\\]|\\[php\\](.*?)\\[/php\\])#si", $message) ? "n" : $smileys;
if (!$to_group) {
// send to user
$pmStatus = self::get_pm_settings($to);
$myStatus = self::get_pm_settings($from);
if (!flood_control("message_datestamp", DB_MESSAGES, "message_from='" . intval($from) . "'")) {
// find receipient
$result = dbquery("SELECT u.user_id, u.user_name, u.user_email, u.user_level,\n\t\t\t\tCOUNT(m.message_id) 'message_count'\n\t\t\t\tFROM " . DB_USERS . " u\n\t\t\t\tLEFT JOIN " . DB_MESSAGES . " m ON m.message_user=u.user_id and message_folder='0'\n\t\t\t\tWHERE u.user_id='" . intval($to) . "' GROUP BY u.user_id\n\t\t\t\t");
if (dbrows($result) > 0) {
$data = dbarray($result);
$result2 = dbquery("SELECT user_id, user_name FROM " . DB_USERS . " WHERE user_id='" . intval($from) . "'");
if (dbrows($result2) > 0) {
$userdata = dbarray($result2);
if ($to != $from) {
if ($data['user_id'] == 1 || $data['user_level'] < USER_LEVEL_MEMBER || !$pmStatus['user_inbox'] || $data['message_count'] + 1 <= $pmStatus['user_inbox']) {
$inputData = array("message_id" => 0, "message_to" => $to, "message_user" => $to, "message_from" => $from, "message_subject" => $subject, "message_message" => $message, "message_smileys" => $smileys, "message_read" => 0, "message_datestamp" => time(), "message_folder" => 0);
dbquery_insert(DB_MESSAGES, $inputData, "save");
// this will flood the inbox when message is sent to group. -- fixed
if ($myStatus['user_pm_save_sent'] == '2' && $save_sent == TRUE) {
// user_outbox.
$cdata = dbarray(dbquery("SELECT COUNT(message_id) AS outbox_count, MIN(message_id) AS last_message FROM\n\t\t\t\t\t\t\t\t\t" . DB_MESSAGES . " WHERE message_to='" . $userdata['user_id'] . "' AND message_user='******'user_id'] . "' AND message_folder='1' GROUP BY message_to"));
// check my outbox limit and if surpass, remove oldest message
if ($myStatus['user_outbox'] != "0" && $cdata['outbox_count'] + 1 > $myStatus['user_outbox']) {
dbquery("DELETE FROM " . DB_MESSAGES . " WHERE message_id='" . $cdata['last_message'] . "' AND message_to='" . $userdata['user_id'] . "'");
}
$inputData['message_user'] = $userdata['user_id'];
$inputData['message_folder'] = 1;
$inputData['message_from'] = $to;
$inputData['message_to'] = $userdata['user_id'];
dbquery_insert(DB_MESSAGES, $inputData, "save");
}
$send_email = $pmStatus['user_pm_email_notify'];
if ($send_email == "2") {
$message_content = str_replace("[SUBJECT]", $subject, $locale['626']);
$message_content = str_replace("[USER]", $userdata['user_name'], $message_content);
$template_result = dbquery("SELECT template_key, template_active FROM " . DB_EMAIL_TEMPLATES . " WHERE template_key='PM' LIMIT 1");
if (dbrows($template_result)) {
$template_data = dbarray($template_result);
if ($template_data['template_active'] == "1") {
sendemail_template("PM", $subject, trimlink($message, 150), $userdata['user_name'], $data['user_name'], "", $data['user_email']);
} else {
sendemail($data['user_name'], $data['user_email'], fusion_get_settings("siteusername"), fusion_get_settings("siteemail"), $locale['625'], $data['user_name'] . $message_content);
}
} else {
sendemail($data['user_name'], $data['user_email'], fusion_get_settings("siteusername"), fusion_get_settings("siteemail"), $locale['625'], $data['user_name'] . $message_content);
}
}
} else {
// Inbox is full
if ($strict) {
die("User inbox is full. Try delete it or upgrade it to 102 or 103 status");
}
\defender::stop();
addNotice("danger", $locale['628']);
}
}
} else {
// Sender does not exist in DB
if ($strict) {
die("Sender User ID does not exist in DB. Sequence Aborted.");
}
\defender::stop();
addNotice("danger", $locale['482']);
}
} else {
\defender::stop();
if ($strict) {
die("Message Recepient User ID is invalid");
}
addNotice("danger", $locale['482']);
}
} else {
if ($strict) {
die("You are flooding, send_pm halted");
}
\defender::stop();
addNotice("danger", sprintf($locale['487'], fusion_get_settings("flood_interval")));
}
} else {
$result = NULL;
if ($to <= -101 && $to >= -103) {
// -101, -102, -103 only
$result = dbquery("SELECT user_id from " . DB_USERS . " WHERE user_level <='" . intval($to) . "' AND user_status='0'");
} else {
// ## --- deprecate -- WHERE user_groups REGEXP('^\\\.{$to}$|\\\.{$to}\\\.|\\\.{$to}$') #
$result = dbquery("SELECT user_id FROM " . DB_USERS . " WHERE " . in_group("user_groups", $to) . " AND user_status='0'");
}
if (dbrows($result) > 0) {
while ($data = dbarray($result)) {
self::send_pm($data['user_id'], $from, $subject, $message, $smileys, FALSE, FALSE);
}
} else {
\defender::stop();
addNotice("danger", $locale['492']);
}
}
}
$numtopics++;
}
$submit = $_POST["Submit"];
if ($submit == "Submit") {
$title = safesql($_POST['title'], "text");
$photo = safesql($_POST['photo'], "int");
$event = safesql($_POST['event'], "int");
$story = safesql($_POST['editor'], "text", false);
$auth = safesql($_POST['auth'], "text");
$patrol = safesql($_POST['patrol'], "int");
$topics = $_POST['topics'];
$pic = safesql($_POST['articlephoto'], "int");
$result = $data->select_query("articletopics", "ORDER BY title ASC", "id, groups");
$numtopics = 0;
while ($temp = $data->fetch_array($result)) {
if (in_group(unserialize($temp['groups'])) == false) {
$topics[$temp['id']] = 1;
}
}
$topics = safesql(serialize($topics), "text");
$order = safesql($_POST['order'], "int");
$summary = safesql($_POST['summary'], "text");
$related = safesql(serialize($_POST['articles']), "text");
if ($action == "edit") {
$filename = safesql($filename, "text");
$sql = $data->update_query("patrol_articles", "patrol={$patrol}, title={$title}, detail={$story}, date_post={$timestamp}, album_id={$photo}, event_id={$event}, author={$auth}, pic={$pic}, topics={$topics}, `order`={$order}, summary={$summary}, related={$related}", "ID={$id}");
} elseif ($action == "new") {
$filename = safesql($filename, "text");
$data->insert_query("patrol_articles", "'', {$patrol}, {$pic}, {$title}, {$story}, {$timestamp}, {$photo}, {$event}, {$auth}, 1, {$topics}, {$order}, {$summary}, {$related}, 0");
}
if ($sql && $action == "edit") {
function confirm($type)
{
global $config;
$confirm = true;
switch ($type) {
case 'article':
$confirmtype = $config['confirmarticle'];
break;
case 'poll':
$confirmtype = $config['confirmpoll'];
break;
case 'event':
$confirmtype = $config['confirmevent'];
break;
case 'album':
$confirmtype = $config['confirmalbum'];
break;
case 'download':
$confirmtype = $config['confirmdownload'];
break;
case 'news':
$confirmtype = $config['confirmnews'];
break;
case 'photo':
$confirmtype = $config['confirmphoto'];
break;
case 'comment':
$confirmtype = $config['confirmcomment'];
break;
}
switch ($confirmtype) {
case 2:
$confirm = true;
break;
case 1:
$confirm = !in_group($config['exclusion']);
break;
case 0:
$confirm = false;
break;
}
return $confirm;
}
