function nv_block_data_config_html_submit($module, $lang_block) { $xhtml = filter_text_textarea('htmlcontent', '', NV_ALLOWED_HTML_TAGS); $return = array(); $return['error'] = array(); $return['config'] = array(); $return['config']['htmlcontent'] = defined('NV_EDITOR') ? nv_editor_nl2br($xhtml) : nv_nl2br($xhtml, '<br />'); return $return; }
/** * BoldKeywordInStr() * * @param mixed $str * @param mixed $keyword * @return */ function BoldKeywordInStr($str, $keyword, $logic) { global $db; $str = nv_br2nl($str); $str = nv_nl2br($str, " "); $str = nv_unhtmlspecialchars(strip_tags(trim($str))); $str = $db->unfixdb($str); $pos = false; if ($logic == 'AND') { $array_keyword = array($keyword, nv_EncString($keyword)); } else { $keyword .= " " . nv_EncString($keyword); $array_keyword = explode(" ", $keyword); $array_keyword = array_unique($array_keyword); } foreach ($array_keyword as $k) { unset($matches); if (preg_match("/^(.*?)" . preg_quote($k) . "/uis", $str, $matches)) { $strlen = nv_strlen($str); $kstrlen = nv_strlen($k); $residual = $strlen - 300; if ($residual > 0) { $lstrlen = nv_strlen($matches[1]); $rstrlen = $strlen - $lstrlen - $kstrlen; $medium = round((300 - $kstrlen) / 2); if ($lstrlen <= $medium) { $str = nv_clean60($str, 300); } elseif ($rstrlen <= $medium) { $str = nv_substr($str, $residual, 300); $str = nv_substr_clean($str, 'l'); } else { $str = nv_substr($str, $lstrlen - $medium, $strlen - $lstrlen + $medium); $str = nv_substr($str, 0, 300); $str = nv_substr_clean($str, 'lr'); } } $pos = true; break; } } if (!$pos) { return nv_clean60($str, 300); } $pattern = array(); foreach ($array_keyword as $k) { $pattern[] = "/(" . preg_quote($k) . ")/uis"; } $str = preg_replace($pattern, "{\\1}", $str); $str = str_replace(array("{", "}"), array("<span class=\"keyword\">", "</span>"), $str); return $str; }
/** * BoldKeywordInStr() * * @param mixed $str * @param mixed $keyword * @return */ function BoldKeywordInStr($str, $keyword, $logic) { $str = nv_br2nl($str); $str = nv_nl2br($str, ' '); $str = nv_unhtmlspecialchars(strip_tags(trim($str))); $pos = false; if ($logic == 'AND') { $array_keyword = array($keyword, nv_EncString($keyword)); } else { $keyword .= ' ' . nv_EncString($keyword); $array_keyword = explode(' ', $keyword); $array_keyword = array_unique($array_keyword); } foreach ($array_keyword as $k) { if (preg_match('/^(.*?)' . nv_preg_quote($k) . '/uis', $str, $matches)) { $strlen = nv_strlen($str); $kstrlen = nv_strlen($k); $residual = $strlen - 300; if ($residual > 0) { $lstrlen = nv_strlen($matches[1]); $rstrlen = $strlen - $lstrlen - $kstrlen; $medium = round((300 - $kstrlen) / 2); if ($lstrlen <= $medium) { $str = nv_clean60($str, 300); } elseif ($rstrlen <= $medium) { $str = nv_substr($str, $residual, 300); $str = nv_substr_clean($str, 'l'); } else { $str = nv_substr($str, $lstrlen - $medium, $strlen - $lstrlen + $medium); $str = nv_substr($str, 0, 300); $str = nv_substr_clean($str, 'lr'); } } $pos = true; break; } } if (!$pos) { return nv_clean60($str, 300); } $pattern = array(); foreach ($array_keyword as $k) { $pattern[] = '/(' . nv_preg_quote($k) . ')/uis'; } $str = preg_replace($pattern, '{\\1}', $str); $str = str_replace(array('{', '}'), array('<span class="keyword">', '</span>'), $str); return $str; }
function nv_write_lang_mod_admin($mod, $lang, $arr_new_lang) { global $funname; if (!empty($arr_new_lang)) { if (file_exists(NV_ROOTDIR . '/modules/' . $mod . '/language/admin_' . $lang . '.php')) { $content_lang = file_get_contents(NV_ROOTDIR . '/modules/' . $mod . '/language/admin_' . $lang . '.php'); $content_lang = trim($content_lang); $content_lang = rtrim($content_lang, '?>'); } else { $content_lang = "<?php\n\n"; $content_lang .= "/**\n"; $content_lang .= "* @Project NUKEVIET 4.x\n"; $content_lang .= "* @Author VINADES.,JSC (contact@vinades.vn)\n"; $content_lang .= "* @Copyright (C) " . date("Y") . " VINADES.,JSC. All rights reserved\n"; $content_lang .= "* @Language " . $language_array[$dirlang]['name'] . "\n"; $content_lang .= "* @License CC BY-SA (http://creativecommons.org/licenses/by-sa/4.0/)\n"; $content_lang .= "* @Createdate " . gmdate("M d, Y, h:i:s A", time()) . "\n"; $content_lang .= "*/\n"; $content_lang .= "\nif( ! defined( 'NV_ADMIN' ) or ! defined( 'NV_MAINFILE' ) )"; $content_lang .= " die( 'Stop!!!' );\n\n"; $array_translator['info'] = isset($array_translator['info']) ? $array_translator['info'] : ""; $content_lang .= "\$lang_translator['author'] = 'VINADES.,JSC (contact@vinades.vn)';\n"; $content_lang .= "\$lang_translator['createdate'] = '" . date('d/m/Y, H:i') . "';\n"; $content_lang .= "\$lang_translator['copyright'] = 'Copyright (C) ' . date( 'Y' ) . ' VINADES.,JSC. All rights reserved';\n"; $content_lang .= "\$lang_translator['info'] = '';\n"; $content_lang .= "\$lang_translator['langtype'] = 'lang_module';\n"; $content_lang .= "\n"; } $content_lang .= "\n\n//Lang for function " . $funname . "\n"; foreach ($arr_new_lang as $lang_key => $lang_value) { $lang_value = nv_unhtmlspecialchars($lang_value); $lang_value = str_replace("\\'", "'", $lang_value); $lang_value = str_replace("'", "\\'", $lang_value); $lang_value = nv_nl2br($lang_value); $lang_value = str_replace('<br />', '<br />', $lang_value); $content_lang .= "\$lang_module['" . $lang_key . "'] = '" . $lang_value . "';\n"; } if (!is_writable(NV_ROOTDIR . '/modules/' . $mod . '/language/admin_' . $lang . '.php')) { if (substr($sys_info['os'], 0, 3) != 'WIN') { chmod(NV_ROOTDIR . '/modules/' . $mod . '/language/admin_' . $lang . '.php', 0777); } } file_put_contents(NV_ROOTDIR . '/modules/' . $mod . '/language/admin_' . $lang . '.php', $content_lang, LOCK_EX); } }
$fcode = filter_text_input('fcode', 'post', ''); $check_valid_email = nv_check_valid_email($femail); if (empty($fname)) { $error = $lang_module['error_fullname']; } elseif (!empty($check_valid_email)) { $error = $check_valid_email; } elseif (empty($ftitle)) { $error = $lang_module['error_title']; } elseif (empty($fcon)) { $error = $lang_module['error_content']; } elseif (!isset($array_rows[$fpart])) { $error = $lang_module['error_part']; } elseif (!nv_capcha_txt($fcode)) { $error = $lang_module['error_captcha']; } else { $fcon = nv_nl2br($fcon); $sender_id = intval(defined('NV_IS_USER') ? $user_info['userid'] : 0); $sql = "INSERT INTO `" . NV_PREFIXLANG . "_" . $module_data . "_send` VALUES \n (NULL , " . $fpart . ", " . $db->dbescape($ftitle) . ", " . $db->dbescape($fcon) . ", \n " . NV_CURRENTTIME . ", " . $sender_id . ", " . $db->dbescape($fname) . ", " . $db->dbescape($femail) . ", \n " . $db->dbescape($fphone) . ", " . $db->dbescape($client_info['ip']) . ", 0, 0, '', 0, 0);"; $db->sql_query($sql); $website = "<a href=\"" . $global_config['site_url'] . "\">" . $global_config['site_name'] . "</a>"; $fcon .= "<br /><br />----------------------------------------<br /><br />"; if (empty($fphone)) { $fcon .= sprintf($lang_module['sendinfo'], $website, $fname, $femail, $client_info['ip'], $array_rows[$fpart]['full_name']); } else { $fcon .= sprintf($lang_module['sendinfo2'], $website, $fname, $femail, $fphone, $client_info['ip'], $array_rows[$fpart]['full_name']); } nv_SendMail2User($fpart, $fcon, $ftitle, $femail, $fname); $url = NV_BASE_SITEURL . "index.php?" . NV_LANG_VARIABLE . "=" . NV_LANG_DATA; $contents .= call_user_func("sendcontact", $url); include NV_ROOTDIR . "/includes/header.php"; echo nv_site_theme($contents);
/** * nv_admin_read_lang() * * @param mixed $dirlang * @param mixed $idfile * @return error read file */ function nv_admin_read_lang($dirlang, $module, $admin_file = 1) { global $db, $global_config, $include_lang, $lang_module; $include_lang = ''; $modules_exit = nv_scandir(NV_ROOTDIR . '/modules', $global_config['check_module']); if ($module == 'global' and preg_match('/^block\\.global\\.([a-zA-Z0-9\\-\\_]+)\\.php$/', $admin_file, $m)) { $include_lang = NV_ROOTDIR . '/language/' . $dirlang . '/' . $admin_file; $admin_file = 'block.global.' . $m[1]; } elseif (preg_match('/^block\\.(global|module)\\.([a-zA-Z0-9\\-\\_]+)\\_' . $dirlang . '\\.php$/', $admin_file, $m)) { $include_lang = NV_ROOTDIR . '/modules/' . $module . '/language/' . $admin_file; $admin_file = 'block.' . $m[1] . '.' . $m[2]; } elseif ($module == 'global' and $admin_file == 1) { $include_lang = NV_ROOTDIR . '/language/' . $dirlang . '/admin_' . $module . '.php'; } elseif ($module == 'global' and $admin_file == 0) { $include_lang = NV_ROOTDIR . '/language/' . $dirlang . '/' . $module . '.php'; } elseif ($module == 'install' and $admin_file == 0) { $include_lang = NV_ROOTDIR . '/language/' . $dirlang . '/' . $module . '.php'; } elseif (in_array($module, $modules_exit) and $admin_file == 1) { $include_lang = NV_ROOTDIR . '/modules/' . $module . '/language/admin_' . $dirlang . '.php'; } elseif (in_array($module, $modules_exit) and $admin_file == 0) { $include_lang = NV_ROOTDIR . '/modules/' . $module . '/language/' . $dirlang . '.php'; } elseif (file_exists(NV_ROOTDIR . '/language/' . $dirlang . '/admin_' . $module . '.php')) { $admin_file = 1; $include_lang = NV_ROOTDIR . '/language/' . $dirlang . '/admin_' . $module . '.php'; } if ($include_lang != '' and file_exists($include_lang)) { $lang_module_temp = $lang_module; $lang_module = array(); $lang_global = array(); $lang_block = array(); $lang_translator = array(); include $include_lang; $sth = $db->prepare('SELECT idfile, langtype FROM ' . NV_LANGUAGE_GLOBALTABLE . '_file WHERE module = :module AND admin_file= :admin_file'); $sth->bindParam(':module', $module, PDO::PARAM_STR); $sth->bindParam(':admin_file', $admin_file, PDO::PARAM_STR); $sth->execute(); list($idfile, $langtype) = $sth->fetch(3); if (empty($idfile)) { $langtype = isset($lang_translator['langtype']) ? strip_tags($lang_translator['langtype']) : 'lang_module'; $lang_translator_save = array(); $lang_translator_save['author'] = isset($lang_translator['author']) ? strip_tags($lang_translator['author']) : 'VINADES.,JSC (contact@vinades.vn)'; $lang_translator_save['createdate'] = isset($lang_translator['createdate']) ? strip_tags($lang_translator['createdate']) : date('d/m/Y, H:i'); $lang_translator_save['copyright'] = isset($lang_translator['copyright']) ? strip_tags($lang_translator['copyright']) : 'Copyright (C) ' . date('Y') . ' VINADES.,JSC. All rights reserved'; $lang_translator_save['info'] = isset($lang_translator['info']) ? strip_tags($lang_translator['info']) : ''; $lang_translator_save['langtype'] = $langtype; $author = var_export($lang_translator_save, true); $data = array(); $data['module'] = $module; $data['admin_file'] = $admin_file; $data['langtype'] = $langtype; $data['author'] = $author; $idfile = $db->insert_id('INSERT INTO ' . NV_LANGUAGE_GLOBALTABLE . '_file (module, admin_file, langtype, author_' . $dirlang . ') VALUES (:module, :admin_file, :langtype, :author)', 'idfile', $data); if (empty($idfile)) { nv_info_die($lang_global['error_404_title'], $lang_global['error_404_title'], 'error read file: ' . str_replace(NV_ROOTDIR . '/', '', $include_lang)); } } else { $lang_translator_save = array(); $langtype = isset($lang_translator['langtype']) ? strip_tags($lang_translator['langtype']) : 'lang_module'; $lang_translator_save['author'] = isset($lang_translator['author']) ? strip_tags($lang_translator['author']) : 'VINADES.,JSC (contact@vinades.vn)'; $lang_translator_save['createdate'] = isset($lang_translator['createdate']) ? strip_tags($lang_translator['createdate']) : date('d/m/Y, H:i'); $lang_translator_save['copyright'] = isset($lang_translator['copyright']) ? strip_tags($lang_translator['copyright']) : 'Copyright (C) ' . date('Y') . ' VINADES.,JSC. All rights reserved'; $lang_translator_save['info'] = isset($lang_translator['info']) ? strip_tags($lang_translator['info']) : ''; $lang_translator_save['langtype'] = $langtype; $author = var_export($lang_translator_save, true); try { $sth = $db->prepare('UPDATE ' . NV_LANGUAGE_GLOBALTABLE . '_file SET author_' . $dirlang . '= :author WHERE idfile= ' . $idfile); $sth->bindParam(':author', $author, PDO::PARAM_STR, strlen($author)); $sth->execute(); } catch (PDOException $e) { nv_info_die($lang_global['error_404_title'], $lang_global['error_404_title'], $e->getMessage()); } } $temp_lang = array(); switch ($langtype) { case 'lang_global': $temp_lang = $lang_global; break; case 'lang_module': $temp_lang = $lang_module; break; case 'lang_block': $temp_lang = $lang_block; break; } $add_field = true; $array_lang_key = array(); $array_lang_value = array(); $columns_array = $db->columns_array(NV_LANGUAGE_GLOBALTABLE . '_file'); foreach ($columns_array as $row) { if (substr($row['field'], 0, 7) == 'author_' and $row['field'] != 'author_' . $dirlang) { $array_lang_key[] = str_replace('author_', 'lang_', $row['field']); $array_lang_value[] = ''; } } $string_lang_key = implode(', ', $array_lang_key); $string_lang_value = ''; if ($string_lang_key != '') { $string_lang_key = ', ' . $string_lang_key; $string_lang_value = implode("', '", $array_lang_value); $string_lang_value = ", '" . $string_lang_value . "'"; } $read_type = intval($global_config['read_type']); $sth_is = $db->prepare('INSERT INTO ' . NV_LANGUAGE_GLOBALTABLE . ' (idfile, lang_key, lang_' . $dirlang . ', update_' . $dirlang . ') VALUES (:idfile, :lang_key, :lang_value, ' . NV_CURRENTTIME . ')'); $sth_ud = $db->prepare('UPDATE ' . NV_LANGUAGE_GLOBALTABLE . ' SET lang_' . $dirlang . ' = :lang_value, update_' . $dirlang . ' = ' . NV_CURRENTTIME . ' WHERE idfile = :idfile AND lang_key = :lang_key'); while (list($lang_key, $lang_value) = each($temp_lang)) { $check_type_update = false; $lang_key = trim($lang_key); $lang_value = nv_nl2br($lang_value); $lang_value = preg_replace("/<br\\s*\\/>/", '<br />', $lang_value); $lang_value = preg_replace("/<\\/\\s*br\\s*>/", '<br />', $lang_value); if ($read_type == 0 or $read_type == 1) { try { $sth_is->bindParam(':idfile', $idfile, PDO::PARAM_INT); $sth_is->bindParam(':lang_key', $lang_key, PDO::PARAM_STR); $sth_is->bindParam(':lang_value', $lang_value, PDO::PARAM_STR); $sth_is->execute(); if ($read_type == 0 and !$sth_is->rowCount()) { $check_type_update = true; } } catch (PDOException $e) { if ($read_type == 0) { $check_type_update = true; } } } if ($read_type == 2 or $check_type_update) { $sth_ud->bindParam(':idfile', $idfile, PDO::PARAM_INT); $sth_ud->bindParam(':lang_key', $lang_key, PDO::PARAM_STR); $sth_ud->bindParam(':lang_value', $lang_value, PDO::PARAM_STR); $sth_ud->execute(); } } $lang_module = $lang_module_temp; return ''; } else { $include_lang = ''; return $lang_module['nv_error_exit_module'] . ' : ' . $module; } }
$db->sql_freeresult(); nv_del_moduleCache($module_name); Header("Location: " . NV_BASE_ADMINURL . "index.php?" . NV_NAME_VARIABLE . "=" . $module_name . "&" . NV_OP_VARIABLE . "=" . $op . ""); die; } else { $error = $lang_module['errorsave']; } } elseif ($catid > 0 and !empty($title)) { $check_exit = 0; if ($parentid != $parentid_old) { list($check_exit) = $db->sql_fetchrow($db->sql_query("SELECT count(*) FROM `" . NV_PREFIXLANG . "_" . $module_data . "_rows` WHERE `catid` = '" . $catid . "'")); } if (intval($check_exit) > 0) { $error = "error delete cat"; } else { $description = nv_nl2br($description, '<br />'); // $query = "UPDATE `" . NV_PREFIXLANG . "_" . $module_data . "_cat` SET `parentid`=" . $db->dbescape($parentid) . ", `title`=" . $db->dbescape($title) . ", `catimage` = " . $db->dbescape($catimage) . ", `alias` = " . $db->dbescape($alias) . ", `description`=" . $db->dbescape($description) . ", `keywords`= " . $db->dbescape($keywords) . ", `edit_time`=UNIX_TIMESTAMP( ) WHERE `catid` =" . $catid . ""; $db->sql_query($query); if ($db->sql_affectedrows() > 0) { $db->sql_freeresult(); if ($parentid != $parentid_old) { list($weight) = $db->sql_fetchrow($db->sql_query("SELECT max(`weight`) FROM `" . NV_PREFIXLANG . "_" . $module_data . "_cat` WHERE `parentid`=" . $db->dbescape($parentid) . "")); $weight = intval($weight) + 1; $sql = "UPDATE `" . NV_PREFIXLANG . "_" . $module_data . "_cat` SET `weight`=" . $weight . " WHERE `catid`=" . intval($catid); $db->sql_query($sql); nv_fix_cat($parentid); nv_fix_cat($parentid_old); nv_insert_logs(NV_LANG_DATA, $module_name, 'log_edit_cat', "catid " . $catid, $admin_info['userid']); } nv_del_moduleCache($module_name);
* begin: post data */ if ($nv_Request->get_int('save', 'post') == 1) { $data['catid'] = $nv_Request->get_int('catid', 'post', 0); $data['roomid'] = $nv_Request->get_int('roomid', 'post', 0); $data['fieldid'] = $nv_Request->get_int('fieldid', 'post', 0); $data['type'] = $nv_Request->get_int('type', 'post', 0); $data['title'] = $nv_Request->get_string('title', 'post', '', 0); $data['keywords'] = $nv_Request->get_string('keywords', 'post', '', 1); $alias = $nv_Request->get_string('alias', 'post', ''); $data['alias'] = $alias == "" ? change_alias($data['title']) : change_alias($alias); $hometext = $nv_Request->get_string('hometext', 'post', ''); $data['hometext'] = nv_nl2br(nv_htmlspecialchars(strip_tags($hometext)), '<br />'); $data['otherpath'] = $nv_Request->get_string('otherpath', 'post', ''); $bodytext = $nv_Request->get_string('bodytext', 'post', ''); $data['bodytext'] = defined('NV_EDITOR') ? nv_nl2br($bodytext, '') : nv_nl2br(nv_htmlspecialchars(strip_tags($bodytext)), '<br />'); $data['sign'] = $nv_Request->get_string('sign', 'post', ''); $signtime = $nv_Request->get_string('signtime', 'post', 0); $data['organid'] = $nv_Request->get_int('organid', 'post', 0); if (!empty($signtime) and !preg_match("/^([0-9]{1,2})\\/([0-9]{1,2})\\/([0-9]{4})\$/", $signtime)) { $signtime = ""; } if (empty($signtime)) { $data['signtime'] = 0; } else { $phour = date('H'); $pmin = date('i'); unset($m); preg_match("/^([0-9]{1,2})\\/([0-9]{1,2})\\/([0-9]{4})\$/", $signtime, $m); $data['signtime'] = mktime($phour, $pmin, 0, $m[2], $m[1], $m[3]); }
$error = $lang_module['edit_error_email_exist']; } elseif (!empty($_user['password1']) and ($check_pass = nv_check_valid_pass($_user['password1'], NV_UPASSMAX, NV_UPASSMIN)) != '') { $error = $check_pass; } elseif (!empty($_user['password1']) and $_user['password1'] != $_user['password2']) { $error = $lang_module['edit_error_password']; } elseif (empty($_user['question'])) { $error = $lang_module['edit_error_question']; } elseif (empty($_user['answer'])) { $error = $lang_module['edit_error_answer']; } else { $query_field = array(); if (!empty($array_field_config)) { require NV_ROOTDIR . '/modules/users/fields.check.php'; } if (empty($error)) { $_user['sig'] = nv_nl2br($_user['sig'], '<br />'); if ($_user['gender'] != 'M' and $_user['gender'] != 'F') { $_user['gender'] = ''; } if (preg_match('/^([0-9]{1,2})\\/([0-9]{1,2})\\/([0-9]{4})$/', $_user['birthday'], $m)) { $_user['birthday'] = mktime(0, 0, 0, $m[2], $m[1], $m[3]); } else { $_user['birthday'] = 0; } $password = !empty($_user['password1']) ? $crypt->hash_password($_user['password1'], $global_config['hashprefix']) : $row['password']; // Check photo if ($_user['delpic'] or empty($photo)) { if (!empty($_user['photo'])) { $tmp_photo = NV_ROOTDIR . '/' . NV_TEMP_DIR . '/' . $_user['photo']; if (!file_exists($tmp_photo)) { $_user['photo'] = '';
} elseif ($db->sql_numrows($db->sql_query("SELECT `userid` FROM `" . NV_USERS_GLOBALTABLE . "` WHERE `email`=" . $db->dbescape($_user['email']))) != 0) { $error = $lang_module['edit_error_email_exist']; } elseif ($db->sql_numrows($db->sql_query("SELECT `userid` FROM `" . NV_USERS_GLOBALTABLE . "_reg` WHERE `email`=" . $db->dbescape($_user['email']))) != 0) { $error = $lang_module['edit_error_email_exist']; } elseif ($db->sql_numrows($db->sql_query("SELECT `userid` FROM `" . NV_USERS_GLOBALTABLE . "_openid` WHERE `email`=" . $db->dbescape($_user['email']))) != 0) { $error = $lang_module['edit_error_email_exist']; } elseif (($check_pass = nv_check_valid_pass($_user['password1'], NV_UPASSMAX, NV_UPASSMIN)) != "") { $error = $check_pass; } elseif ($_user['password1'] != $_user['password2']) { $error = $lang_module['edit_error_password']; } elseif (empty($_user['question'])) { $error = $lang_module['edit_error_question']; } elseif (empty($_user['answer'])) { $error = $lang_module['edit_error_answer']; } else { $_user['sig'] = nv_nl2br($_user['sig'], "<br />"); if ($_user['gender'] != "M" and $_user['gender'] != "F") { $_user['gender'] = ""; } if (preg_match("/^([0-9]{1,2})\\.([0-9]{1,2})\\.([0-9]{4})\$/", $_user['birthday'], $m)) { $_user['birthday'] = mktime(0, 0, 0, $m[2], $m[1], $m[3]); } else { $_user['birthday'] = 0; } $data_in_groups = !empty($_user['in_groups']) ? implode(',', $_user['in_groups']) : ''; $password = $crypt->hash($_user['password1']); $sql = "INSERT INTO `" . NV_USERS_GLOBALTABLE . "` (\n `userid`, `username`, `md5username`, `password`, `email`, `full_name`, `gender`, `birthday`, `sig`, `regdate`, \n `website`, `location`, `yim`, `telephone`, `fax`, `mobile`, `question`, `answer`, `passlostkey`, `view_mail`, \n `remember`, `in_groups`, `active`, `checknum`, `last_login`, `last_ip`, `last_agent`, `last_openid`) \n VALUES(\n\t\tNULL, \n\t\t" . $db->dbescape($_user['username']) . ",\n\t\t" . $db->dbescape(md5($_user['username'])) . ",\n\t\t" . $db->dbescape($password) . ",\n\t\t" . $db->dbescape($_user['email']) . ",\n\t\t" . $db->dbescape($_user['full_name']) . ",\n\t\t" . $db->dbescape($_user['gender']) . ",\n\t\t" . $_user['birthday'] . ",\n\t\t" . $db->dbescape($_user['sig']) . ",\n\t\t" . NV_CURRENTTIME . ",\n\t\t" . $db->dbescape($_user['website']) . ",\n\t\t" . $db->dbescape($_user['location']) . ",\n\t\t" . $db->dbescape($_user['yim']) . ",\n\t\t" . $db->dbescape($_user['telephone']) . ",\n\t\t" . $db->dbescape($_user['fax']) . ",\n\t\t" . $db->dbescape($_user['mobile']) . ",\n\t\t" . $db->dbescape($_user['question']) . ",\n\t\t" . $db->dbescape($_user['answer']) . ",\n\t\t'', \n " . $_user['view_mail'] . ", \n 1, \n " . $db->dbescape_string($data_in_groups) . ", \n 1, '', 0, '', '', '')"; $userid = $db->sql_query_insert_id($sql); if ($userid) { nv_insert_logs(NV_LANG_DATA, $module_name, 'log_add_user', "userid " . $userid, $admin_info['userid']); if (isset($_FILES['photo']) and is_uploaded_file($_FILES['photo']['tmp_name'])) {
$is_error = true; $error = $lang_module['file_error_title']; } elseif ($is_exists) { $is_error = true; $error = $lang_module['file_title_exists']; } elseif (!empty($array['author_email']) and ($check_valid_email = nv_check_valid_email($array['author_email'])) != '') { $is_error = true; $error = $check_valid_email; } elseif (!empty($array['author_url']) and !nv_is_url($array['author_url'])) { $is_error = true; $error = $lang_module['file_error_author_url']; } elseif (empty($array['fileupload']) and empty($array['linkdirect'])) { $is_error = true; $error = $lang_module['file_error_fileupload']; } else { $array['introtext'] = !empty($array['introtext']) ? nv_nl2br($array['introtext'], '<br />') : ''; $array['fileupload'] = !empty($array['fileupload']) ? implode('[NV]', $array['fileupload']) : ''; if (!empty($array['linkdirect'])) { $array['linkdirect'] = array_map('nv_nl2br', $array['linkdirect']); $array['linkdirect'] = implode('[NV]', $array['linkdirect']); } else { $array['linkdirect'] = ''; } $sql = "INSERT INTO " . NV_PREFIXLANG . "_" . $module_data . " (catid, title, alias, description, introtext, uploadtime, updatetime, user_id, user_name, author_name, author_email, author_url, fileupload, linkdirect, version, filesize, fileimage, status, copyright, view_hits, download_hits, groups_comment, groups_view, groups_download, comment_hits, rating_detail) VALUES (\n\t\t\t " . $array['catid'] . ",\n\t\t\t :title,\n\t\t\t :alias ,\n\t\t\t :description ,\n\t\t\t :introtext ,\n\t\t\t " . NV_CURRENTTIME . ",\n\t\t\t " . NV_CURRENTTIME . ",\n\t\t\t " . $admin_info['admin_id'] . ",\n\t\t\t :username,\n\t\t\t :author_name ,\n\t\t\t :author_email ,\n\t\t\t :author_url ,\n\t\t\t :fileupload ,\n\t\t\t :linkdirect ,\n\t\t\t :version ,\n\t\t\t " . $array['filesize'] . ",\n\t\t\t :fileimage ,\n\t\t\t 1,\n\t\t\t :copyright ,\n\t\t\t 0, 0,\n\t\t\t :groups_comment ,\n\t\t\t :groups_view ,\n\t\t\t :groups_download ,\n\t\t\t 0, '')"; $data_insert = array(); $data_insert['title'] = $array['title']; $data_insert['alias'] = $array['alias']; $data_insert['description'] = $array['description']; $data_insert['introtext'] = $array['introtext']; $data_insert['username'] = $admin_info['username']; $data_insert['author_name'] = $array['author_name'];
$array = array(); $is_error = false; $error = ""; if ($nv_Request->isset_request('submit', 'post')) { $array['subject'] = filter_text_input('subject', 'post', '', 1); $array['comment'] = filter_text_textarea('comment', '', NV_ALLOWED_HTML_TAGS); $array['admin_reply'] = filter_text_input('admin_reply', 'post', '', 1); $array['admin_id'] = (int) $row['admin_id']; if (empty($array['subject'])) { $is_error = true; $error = $lang_module['comment_edit_error1']; } elseif (empty($array['comment'])) { $is_error = true; $error = $lang_module['comment_edit_error2']; } else { $array['comment'] = nv_nl2br($array['comment'], "<br />"); if (!empty($array['admin_reply']) and $array['admin_reply'] != $row['admin_reply']) { $array['admin_id'] = $admin_info['admin_id']; } $sql = "UPDATE `" . NV_PREFIXLANG . "_" . $module_data . "_comments` SET \n `subject`=" . $db->dbescape($array['subject']) . ", \n `comment`=" . $db->dbescape($array['comment']) . ", \n `admin_reply`=" . $db->dbescape($array['admin_reply']) . ", \n `admin_id`=" . $array['admin_id'] . " \n WHERE `id`=" . $id; $result = $db->sql_query($sql); if (!$result) { $is_error = true; $error = $lang_module['file_error1']; } else { nv_del_moduleCache($module_name); Header("Location: " . NV_BASE_ADMINURL . "index.php?" . NV_NAME_VARIABLE . "=" . $module_name . "&" . NV_OP_VARIABLE . "=comment&status=" . $row['status']); exit; } } } else {
} $url = $nv_Request->get_string('url', 'post', ''); $is_myurl = $nv_Request->get_int('is_myurl', 'post', 0); if (empty($url)) { die($lang_module['file_checkUrl_error']); } $url = rawurldecode($url); if ($is_myurl) { $url = substr($url, strlen(NV_BASE_SITEURL)); $url = NV_ROOTDIR . '/' . $url; if (!file_exists($url)) { die($lang_module['file_checkUrl_error']); } } else { $url = trim($url); $url = nv_nl2br($url, "<br />"); $url = explode("<br />", $url); $url = array_map("trim", $url); foreach ($url as $l) { if (!empty($l)) { if (!nv_is_url($l)) { die($lang_module['file_checkUrl_error']); } if (!nv_check_url($l)) { die($lang_module['file_checkUrl_error']); } } } } die($lang_module['file_checkUrl_ok']); }
if ($submit) { $array_config = array(); $array_config['site_theme'] = filter_text_input('site_theme', 'post', '', 1, 255); $array_config['site_name'] = filter_text_input('site_name', 'post', '', 1, 255); $array_config['site_logo'] = filter_text_input('site_logo', 'post', '', 1, 255); if (!in_array($array_config['site_logo'], $images)) { $array_config['site_logo'] = "logo.png"; } $array_config['site_home_module'] = filter_text_input('site_home_module', 'post', '', 1, 255); $array_config['site_description'] = filter_text_input('site_description', 'post', '', 1, 255); $array_config['disable_site'] = $nv_Request->get_int('disable_site', 'post'); $array_config['disable_site_content'] = filter_text_textarea('disable_site_content', '', NV_ALLOWED_HTML_TAGS); if (empty($array_config['disable_site_content'])) { $array_config['disable_site_content'] = $lang_global['disable_site_content']; } $array_config['disable_site_content'] = nv_nl2br($array_config['disable_site_content'], '<br />'); // dung de save vao csdl foreach ($array_config as $config_name => $config_value) { $db->sql_query("UPDATE `" . NV_CONFIG_GLOBALTABLE . "` \r\n SET `config_value`=" . $db->dbescape($config_value) . " \r\n WHERE `config_name` = " . $db->dbescape($config_name) . " \r\n AND `lang` = '" . NV_LANG_DATA . "' AND `module`='global' \r\n LIMIT 1"); } if ($array_config['site_theme'] != $global_config['site_theme']) { $global_config['site_theme'] = $array_config['site_theme']; nv_set_layout_site(); } nv_save_file_config_global(); if (empty($errormess)) { Header('Location: ' . NV_BASE_ADMINURL . 'index.php?' . NV_NAME_VARIABLE . '=' . $module_name . '&rand=' . nv_genpass()); exit; } else { $sql = $db->constructQuery("SELECT `module`, `config_name`, `config_value` FROM `" . NV_CONFIG_GLOBALTABLE . "` \r\n WHERE `lang`=[s] OR `lang`=[s] ORDER BY `module` ASC", 'sys', NV_LANG_DATA); $result = $db->sql_query($sql);
/** * nv_admin_read_lang() * * @param mixed $dirlang * @param mixed $idfile * @return error read file */ function nv_admin_read_lang($dirlang, $module, $admin_file = 1) { global $db, $global_config, $include_lang, $lang_module; $include_lang = ""; $modules_exit = nv_scandir(NV_ROOTDIR . "/modules", $global_config['check_module']); if ($module == "global" and preg_match("/^block\\.global\\.([a-zA-Z0-9\\-\\_]+)\\.php\$/", $admin_file, $m)) { $include_lang = NV_ROOTDIR . "/language/" . $dirlang . "/" . $admin_file; $admin_file = 'block.global.' . $m[1]; } elseif (preg_match("/^block\\.(global|module)\\.([a-zA-Z0-9\\-\\_]+)\\_" . $dirlang . "\\.php\$/", $admin_file, $m)) { $include_lang = NV_ROOTDIR . "/modules/" . $module . "/language/" . $admin_file; $admin_file = 'block.' . $m[1] . '.' . $m[2]; } elseif ($module == "global" and $admin_file == 1) { $include_lang = NV_ROOTDIR . "/language/" . $dirlang . "/admin_" . $module . ".php"; } elseif ($module == "global" and $admin_file == 0) { $include_lang = NV_ROOTDIR . "/language/" . $dirlang . "/" . $module . ".php"; } elseif ($module == "install" and $admin_file == 0) { $include_lang = NV_ROOTDIR . "/language/" . $dirlang . "/" . $module . ".php"; } elseif (in_array($module, $modules_exit) and $admin_file == 1) { $include_lang = NV_ROOTDIR . "/modules/" . $module . "/language/admin_" . $dirlang . ".php"; } elseif (in_array($module, $modules_exit) and $admin_file == 0) { $include_lang = NV_ROOTDIR . "/modules/" . $module . "/language/" . $dirlang . ".php"; } elseif (file_exists(NV_ROOTDIR . "/language/" . $dirlang . "/admin_" . $module . ".php")) { $admin_file = 1; $include_lang = NV_ROOTDIR . "/language/" . $dirlang . "/admin_" . $module . ".php"; } if ($include_lang != "" and file_exists($include_lang)) { $lang_module_temp = $lang_module; $lang_module = array(); $lang_global = array(); $lang_block = array(); $lang_translator = array(); include $include_lang; list($idfile, $langtype) = $db->sql_fetchrow($db->sql_query("SELECT idfile, langtype FROM `" . NV_LANGUAGE_GLOBALTABLE . "_file` WHERE `module` =" . $db->dbescape($module) . " AND `admin_file`=" . $db->dbescape($admin_file))); if (intval($idfile) == 0) { $langtype = isset($lang_translator['langtype']) ? strip_tags($lang_translator['langtype']) : "lang_module"; $lang_translator_save = array(); $lang_translator_save['author'] = isset($lang_translator['author']) ? strip_tags($lang_translator['author']) : "VINADES.,JSC (contact@vinades.vn)"; $lang_translator_save['createdate'] = isset($lang_translator['createdate']) ? strip_tags($lang_translator['createdate']) : date("d/m/Y, H:i"); $lang_translator_save['copyright'] = isset($lang_translator['copyright']) ? strip_tags($lang_translator['copyright']) : "Copyright (C) 2010 VINADES.,JSC. All rights reserved"; $lang_translator_save['info'] = isset($lang_translator['info']) ? strip_tags($lang_translator['info']) : ""; $lang_translator_save['langtype'] = $langtype; //$author = base64_encode( serialize( $lang_translator_save ) ); $author = var_export($lang_translator_save, true); $idfile = $db->sql_query_insert_id("INSERT INTO `" . NV_LANGUAGE_GLOBALTABLE . "_file` (`idfile`, `module`, `admin_file`, `langtype`, `author_" . $dirlang . "`) VALUES (NULL, " . $db->dbescape($module) . ", " . $db->dbescape($admin_file) . ", " . $db->dbescape($langtype) . ", '" . mysql_real_escape_string($author) . "')"); if (!$idfile) { nv_info_die($lang_global['error_404_title'], $lang_global['error_404_title'], "Error insert file: " . $filelang); } } else { $lang_translator_save = array(); $langtype = isset($lang_translator['langtype']) ? strip_tags($lang_translator['langtype']) : "lang_module"; $lang_translator_save['author'] = isset($lang_translator['author']) ? strip_tags($lang_translator['author']) : "VINADES.,JSC (contact@vinades.vn)"; $lang_translator_save['createdate'] = isset($lang_translator['createdate']) ? strip_tags($lang_translator['createdate']) : date("d/m/Y, H:i"); $lang_translator_save['copyright'] = isset($lang_translator['copyright']) ? strip_tags($lang_translator['copyright']) : "Copyright (C) 2010 VINADES.,JSC. All rights reserved"; $lang_translator_save['info'] = isset($lang_translator['info']) ? strip_tags($lang_translator['info']) : ""; $lang_translator_save['langtype'] = $langtype; //$author = base64_encode( serialize( $lang_translator_save ) ); $author = var_export($lang_translator_save, true); $sql = "UPDATE `" . NV_LANGUAGE_GLOBALTABLE . "_file` SET `author_" . $dirlang . "` = '" . mysql_real_escape_string($author) . "' WHERE `idfile` = '" . $idfile . "'"; $db->sql_query($sql); } $temp_lang = array(); switch ($langtype) { case 'lang_global': $temp_lang = $lang_global; break; case 'lang_module': $temp_lang = $lang_module; break; case 'lang_block': $temp_lang = $lang_block; break; } $result = $db->sql_query("SHOW COLUMNS FROM `" . NV_LANGUAGE_GLOBALTABLE . "_file`"); $add_field = true; $array_lang_key = array(); $array_lang_value = array(); while ($row = $db->sql_fetch_assoc($result)) { if (substr($row['Field'], 0, 7) == "author_" and $row['Field'] != "author_" . $dirlang) { $array_lang_key[] = str_replace("author_", "lang_", $row['Field']); $array_lang_value[] = ""; } } $string_lang_key = implode("`, `", $array_lang_key); $string_lang_value = ""; if ($string_lang_key != "") { $string_lang_key = ", `" . $string_lang_key . "`"; $string_lang_value = implode("', '", $array_lang_value); $string_lang_value = ", '" . $string_lang_value . "'"; } $read_type = intval($global_config['read_type']); while (list($lang_key, $lang_value) = each($temp_lang)) { $check_type_update = false; $lang_key = trim($lang_key); $lang_value = nv_nl2br($lang_value); $lang_value = str_replace('<br />', '<br />', $lang_value); $lang_value = str_replace('<br />', '<br />', $lang_value); if ($read_type == 0 or $read_type == 1) { $sql = "INSERT INTO `" . NV_LANGUAGE_GLOBALTABLE . "` (`id`, `idfile`, `lang_key`, `lang_" . $dirlang . "`, `update_" . $dirlang . "` " . $string_lang_key . ") VALUES (NULL, '" . $idfile . "', '" . mysql_real_escape_string($lang_key) . "', '" . mysql_real_escape_string($lang_value) . "', UNIX_TIMESTAMP( ) " . $string_lang_value . ")"; if (!$db->sql_query_insert_id($sql) and $read_type == 0) { $check_type_update = true; } } if ($read_type == 2 or $check_type_update) { $sql = "UPDATE `" . NV_LANGUAGE_GLOBALTABLE . "` SET `lang_" . $dirlang . "` = '" . mysql_real_escape_string($lang_value) . "', `update_" . $dirlang . "` = UNIX_TIMESTAMP( ) WHERE `idfile` = '" . $idfile . "' AND `lang_key` = '" . mysql_real_escape_string($lang_key) . "' LIMIT 1"; $db->sql_query($sql); } } $lang_module = $lang_module_temp; return ""; } else { $include_lang = ""; return $lang_module['nv_error_exit_module'] . " : " . $module; } }
FROM ' . TABLE_PHOTO_NAME . '_category WHERE category_id=' . $data['category_id'])->fetch(); $caption = $lang_module['category_edit']; } else { $caption = $lang_module['category_add']; } if ($nv_Request->get_int('save', 'post') == 1) { $data['category_id'] = $nv_Request->get_int('category_id', 'post', 0); $data['parentid_old'] = $nv_Request->get_int('parentid_old', 'post', 0); $data['parent_id'] = $nv_Request->get_int('parent_id', 'post', 0); $data['inhome'] = $nv_Request->get_int('inhome', 'post', 0); $data['status'] = $nv_Request->get_int('status', 'post', 0); $data['name'] = nv_substr($nv_Request->get_title('name', 'post', '', ''), 0, 255); $data['alias'] = nv_substr($nv_Request->get_title('alias', 'post', '', ''), 0, 255); $description = $nv_Request->get_string('description', 'post', ''); $data['description'] = defined('NV_EDITOR') ? nv_nl2br($description, '') : nv_nl2br(nv_htmlspecialchars(strip_tags($description)), '<br />'); $data['meta_title'] = nv_substr($nv_Request->get_title('meta_title', 'post', '', ''), 0, 255); $data['meta_description'] = nv_substr($nv_Request->get_title('meta_description', 'post', '', ''), 0, 255); $data['meta_keyword'] = nv_substr($nv_Request->get_title('meta_keyword', 'post', '', ''), 0, 255); $data['layout'] = nv_substr($nv_Request->get_title('layout', 'post', '', ''), 0, 255); if (empty($data['name'])) { $error['name'] = $lang_module['category_error_name']; } if (!empty($error) && !isset($error['warning'])) { $error['warning'] = $lang_module['category_error_warning']; } $_groups_post = $nv_Request->get_array('groups_view', 'post', array()); $data['groups_view'] = !empty($_groups_post) ? implode(',', nv_groups_post(array_intersect($_groups_post, array_keys($groups_list)))) : ''; $stmt = $db->prepare('SELECT COUNT(*) FROM ' . TABLE_PHOTO_NAME . '_category WHERE category_id !=' . $data['category_id'] . ' AND alias= :alias'); $stmt->bindParam(':alias', $data['alias'], PDO::PARAM_STR); $stmt->execute();
/** * nv_admin_write_lang() * * @param mixed $dirlang * @param mixed $idfile * @return error write file */ function nv_admin_write_lang($dirlang, $idfile) { global $db, $language_array, $global_config, $include_lang, $lang_module, $array_lang_exit, $array_lang_no_check; list($module, $admin_file, $langtype, $author_lang) = $db->sql_fetchrow($db->sql_query("SELECT `module`, `admin_file`, `langtype`, `author_" . $dirlang . "` FROM `" . NV_LANGUAGE_GLOBALTABLE . "_file` WHERE `idfile` ='" . intval($idfile) . "'")); if (!empty($dirlang) and !empty($module)) { if (empty($author_lang)) { $array_translator = array(); $array_translator['author'] = ""; $array_translator['createdate'] = ""; $array_translator['copyright'] = ""; $array_translator['info'] = ""; $array_translator['langtype'] = $langtype; } else { eval('$array_translator = ' . $author_lang . ';'); } $include_lang = ""; $modules_exit = nv_scandir(NV_ROOTDIR . "/modules", $global_config['check_module']); if ($module == "global" and preg_match("/^block\\.global\\.([a-zA-Z0-9\\-\\_]+)\$/", $admin_file)) { $include_lang = NV_ROOTDIR . "/language/" . $dirlang . "/" . $admin_file . ".php"; } elseif (in_array($module, $modules_exit) and preg_match("/^block\\.(global|module)\\.([a-zA-Z0-9\\-\\_]+)\$/", $admin_file)) { $include_lang = NV_ROOTDIR . "/modules/" . $module . "/language/" . $admin_file . "_" . $dirlang . ".php"; } elseif (in_array($module, $modules_exit) and $admin_file == 1) { $include_lang = NV_ROOTDIR . "/modules/" . $module . "/language/admin_" . $dirlang . ".php"; } elseif (in_array($module, $modules_exit) and $admin_file == 0) { $include_lang = NV_ROOTDIR . "/modules/" . $module . "/language/" . $dirlang . ".php"; } elseif ($module == "global" and $admin_file == 1) { $include_lang = NV_ROOTDIR . "/language/" . $dirlang . "/admin_" . $module . ".php"; } elseif ($module == "global" and $admin_file == 0) { $include_lang = NV_ROOTDIR . "/language/" . $dirlang . "/" . $module . ".php"; } elseif ($module == "install" and $admin_file == 0) { $include_lang = NV_ROOTDIR . "/language/" . $dirlang . "/" . $module . ".php"; } else { $admin_file = 1; $include_lang = NV_ROOTDIR . "/language/" . $dirlang . "/admin_" . $module . ".php"; } if ($include_lang == "") { return $lang_module['nv_error_write_module'] . " : " . $module; } else { if (preg_match("/^(0?\\d|[1-2]{1}\\d|3[0-1]{1})[\\-\\/\\.]{1}(0?\\d|1[0-2]{1})[\\-\\/\\.]{1}(19[\\d]{2}|20[\\d]{2})[\\-\\/\\.\\,\\s]{2}(0?\\d|[1]{1}\\d|2[0-4]{1})[\\-\\/\\.\\:]{1}([0-5]?[0-9])\$/", $array_translator['createdate'], $m)) { $createdate = mktime($m[4], $m[5], 0, $m[2], $m[1], $m[3]); } elseif (preg_match("/^(0?\\d|[1-2]{1}\\d|3[0-1]{1})[\\-\\/\\.]{1}(0?\\d|1[0-2]{1})[\\-\\/\\.]{1}(19[\\d]{2}|20[\\d]{2})\$/", $array_translator['createdate'], $m)) { $createdate = mktime(0, 0, 0, $m[2], $m[1], $m[3]); } else { $createdate = time(); } $content_lang_no_tran = ""; $content_lang = "<?php\n\n"; $content_lang .= "/**\n"; $content_lang .= "* @Project NUKEVIET 3.x\n"; $content_lang .= "* @Author VINADES.,JSC (contact@vinades.vn)\n"; $content_lang .= "* @Copyright (C) " . date("Y") . " VINADES.,JSC. All rights reserved\n"; $content_lang .= "* @Language " . $language_array[$dirlang]['name'] . "\n"; $content_lang .= "* @Createdate " . gmdate("M d, Y, h:i:s A", $createdate) . "\n"; $content_lang .= "*/\n"; if ($admin_file) { $content_lang .= "\nif( ! defined( 'NV_ADMIN' ) or ! defined( 'NV_MAINFILE' ) ) "; } else { $content_lang .= "\nif( ! defined( 'NV_MAINFILE' ) ) "; } $content_lang .= " die( 'Stop!!!' );\n\n"; $array_translator['info'] = isset($array_translator['info']) ? $array_translator['info'] : ""; $content_lang .= "\$lang_translator['author'] = '" . $array_translator['author'] . "';\n"; $content_lang .= "\$lang_translator['createdate'] = '" . $array_translator['createdate'] . "';\n"; $content_lang .= "\$lang_translator['copyright'] = '" . $array_translator['copyright'] . "';\n"; $content_lang .= "\$lang_translator['info'] = '" . $array_translator['info'] . "';\n"; $content_lang .= "\$lang_translator['langtype'] = '" . $array_translator['langtype'] . "';\n"; $content_lang .= "\n"; $content_lang_no_check = ""; $numrows = 0; if (in_array("vi", $array_lang_exit) and in_array("en", $array_lang_exit) and $dirlang != "vi" and $dirlang != "en") { $sql = "SELECT `lang_key`, `lang_vi`, `lang_en`, `lang_" . $dirlang . "`, `update_" . $dirlang . "` FROM `" . NV_LANGUAGE_GLOBALTABLE . "` WHERE `idfile`='" . $idfile . "' ORDER BY `id` ASC"; $result = $db->sql_query($sql); while (list($lang_key, $lang_value_vi, $lang_value_en, $lang_value, $update_time) = $db->sql_fetchrow($result)) { if ($lang_value != "") { $numrows++; $lang_value = nv_unhtmlspecialchars($lang_value); $lang_value = str_replace("\\'", "'", $lang_value); $lang_value = str_replace("'", "\\'", $lang_value); $lang_value = nv_nl2br($lang_value); $lang_value = str_replace('<br />', '<br />', $lang_value); $content_temp = "\$" . $langtype . "['" . $lang_key . "'] = '{$lang_value}';\n"; $content_temp .= "/*\n"; if ($dirlang != "vi" and !empty($lang_value_vi)) { $lang_value_vi = nv_unhtmlspecialchars($lang_value_vi); $lang_value_vi = str_replace("\\'", "'", $lang_value_vi); $lang_value_vi = str_replace("'", "\\'", $lang_value_vi); $lang_value_vi = nv_nl2br($lang_value_vi); $lang_value_vi = str_replace('<br />', '<br />', $lang_value_vi); $content_temp .= "\t vietnam:\t " . $lang_value_vi . "\n"; } if ($dirlang != "en" and !empty($lang_value_en)) { $lang_value_en = nv_unhtmlspecialchars($lang_value_en); $lang_value_en = str_replace("\\'", "'", $lang_value_en); $lang_value_en = str_replace("'", "\\'", $lang_value_en); $lang_value_en = nv_nl2br($lang_value_en); $lang_value_en = str_replace('<br />', '<br />', $lang_value_en); $content_temp .= "\t english:\t " . $lang_value_en . "\n"; } $content_temp .= "*/\n\n"; if ($update_time > 0) { $content_lang .= $content_temp; } else { $content_lang_no_check .= $content_temp; } } } if (!empty($content_lang_no_check)) { $content_lang .= "\n\n/*---------------------------------------- Language untested ----------------------------------------------*/\n"; $content_lang .= $content_lang_no_check; $array_lang_no_check[] = $include_lang; } } else { $sql = "SELECT `lang_key`, `lang_" . $dirlang . "` FROM `" . NV_LANGUAGE_GLOBALTABLE . "` WHERE `idfile`='" . $idfile . "' ORDER BY `id` ASC"; $result = $db->sql_query($sql); while (list($lang_key, $lang_value) = $db->sql_fetchrow($result)) { if ($lang_value != "") { $numrows++; $lang_value = nv_unhtmlspecialchars($lang_value); $lang_value = str_replace("\\'", "'", $lang_value); $lang_value = str_replace("'", "\\'", $lang_value); $lang_value = nv_nl2br($lang_value); $lang_value = str_replace('<br />', '<br />', $lang_value); $content_lang .= "\$" . $langtype . "['" . $lang_key . "'] = '{$lang_value}';\n"; } } } if ($numrows) { $content_lang .= "\n"; $content_lang .= "?>"; $number_bytes = file_put_contents($include_lang, $content_lang, LOCK_EX); if (empty($number_bytes)) { $errfile = str_replace(NV_ROOTDIR, "", str_replace('\\', '/', $include_lang)); return $lang_module['nv_error_write_file'] . " : " . $errfile; } } } return ""; } else { return $lang_module['nv_error_exit_module'] . " : " . $module; } }
} $title = nv_htmlspecialchars(strip_tags($nv_Request->get_string('title', 'post', ''))); $description = defined('NV_EDITOR') ? $nv_Request->get_string('description', 'post', '') : strip_tags($nv_Request->get_string('description', 'post', '')); $form = $nv_Request->get_string('form', 'post', 'sequential'); if (!in_array($form, $forms)) { $form = 'sequential'; } $width = $nv_Request->get_int('width', 'post', 0); $height = $nv_Request->get_int('height', 'post', 0); if (empty($title)) { $error = $lang_module['title_empty']; } elseif ($width < 50 or $height < 50) { $error = $lang_module['size_incorrect']; } else { if (!empty($description)) { $description = defined('NV_EDITOR') ? nv_nl2br($description, '') : nv_nl2br(nv_htmlspecialchars($description), '<br />'); } list($blang_old, $form_old) = $db->query('SELECT blang, form FROM ' . NV_BANNERS_GLOBALTABLE . '_plans WHERE id=' . intval($id))->fetch(3); $stmt = $db->prepare('UPDATE ' . NV_BANNERS_GLOBALTABLE . '_plans SET blang= :blang, title= :title, description= :description, form= :form, width=' . $width . ', height=' . $height . ' WHERE id=' . $id); $stmt->bindParam(':blang', $blang, PDO::PARAM_STR); $stmt->bindParam(':title', $title, PDO::PARAM_STR); $stmt->bindParam(':description', $description, PDO::PARAM_STR); $stmt->bindParam(':form', $form, PDO::PARAM_STR); $stmt->execute(); if ($form_old != $form or $blang_old != $blang) { nv_fix_banner_weight($id); } nv_insert_logs(NV_LANG_DATA, $module_name, 'log_edit_plan', 'planid ' . $id, $admin_info['userid']); nv_CreateXML_bannerPlan(); Header('Location: ' . NV_BASE_ADMINURL . 'index.php?' . NV_LANG_VARIABLE . '=' . NV_LANG_DATA . '&' . NV_NAME_VARIABLE . '=' . $module_name . '&' . NV_OP_VARIABLE . '=info_plan&id=' . $id); die;
/** * nv_admin_write_lang() * * @param mixed $dirlang * @param mixed $idfile * @return error write file */ function nv_admin_write_lang($dirlang, $idfile) { global $db, $language_array, $global_config, $include_lang, $lang_module, $array_lang_exit, $array_lang_no_check; list($module, $admin_file, $langtype, $author_lang) = $db->query('SELECT module, admin_file, langtype, author_' . $dirlang . ' FROM ' . NV_LANGUAGE_GLOBALTABLE . '_file WHERE idfile =' . intval($idfile))->fetch(3); if (!empty($dirlang) and !empty($module)) { if (empty($author_lang)) { $array_translator = array(); $array_translator['author'] = ''; $array_translator['createdate'] = ''; $array_translator['copyright'] = ''; $array_translator['info'] = ''; $array_translator['langtype'] = $langtype; } else { eval('$array_translator = ' . $author_lang . ';'); } $include_lang = ''; $modules_exit = nv_scandir(NV_ROOTDIR . '/modules', $global_config['check_module']); if ($module == 'global' and preg_match('/^block\\.global\\.([a-zA-Z0-9\\-\\_]+)$/', $admin_file)) { $include_lang = NV_ROOTDIR . '/includes/language/' . $dirlang . '/' . $admin_file . '.php'; } elseif (in_array($module, $modules_exit) and preg_match('/^block\\.(global|module)\\.([a-zA-Z0-9\\-\\_]+)$/', $admin_file)) { $include_lang = NV_ROOTDIR . '/modules/' . $module . '/language/' . $admin_file . '_' . $dirlang . '.php'; } elseif (in_array($module, $modules_exit) and $admin_file == 1) { $include_lang = NV_ROOTDIR . '/modules/' . $module . '/language/admin_' . $dirlang . '.php'; } elseif (in_array($module, $modules_exit) and $admin_file == 0) { $include_lang = NV_ROOTDIR . '/modules/' . $module . '/language/' . $dirlang . '.php'; } elseif ($module == 'global' and $admin_file == 1) { $include_lang = NV_ROOTDIR . '/includes/language/' . $dirlang . '/admin_' . $module . '.php'; } elseif ($module == 'global' and $admin_file == 0) { $include_lang = NV_ROOTDIR . '/includes/language/' . $dirlang . '/' . $module . '.php'; } elseif ($module == 'install' and $admin_file == 0) { $include_lang = NV_ROOTDIR . '/includes/language/' . $dirlang . '/' . $module . '.php'; } else { $admin_file = 1; $include_lang = NV_ROOTDIR . '/includes/language/' . $dirlang . '/admin_' . $module . '.php'; } if ($include_lang == '') { return $lang_module['nv_error_write_module'] . ' : ' . $module; } else { if (preg_match('/^(0?\\d|[1-2]{1}\\d|3[0-1]{1})[\\-\\/\\.]{1}(0?\\d|1[0-2]{1})[\\-\\/\\.]{1}(19[\\d]{2}|20[\\d]{2})[\\-\\/\\.\\,\\s]{2}(0?\\d|[1]{1}\\d|2[0-4]{1})[\\-\\/\\.\\:]{1}([0-5]?[0-9])$/', $array_translator['createdate'], $m)) { $createdate = mktime($m[4], $m[5], 0, $m[2], $m[1], $m[3]); } elseif (preg_match('/^(0?\\d|[1-2]{1}\\d|3[0-1]{1})[\\-\\/\\.]{1}(0?\\d|1[0-2]{1})[\\-\\/\\.]{1}(19[\\d]{2}|20[\\d]{2})$/', $array_translator['createdate'], $m)) { $createdate = mktime(0, 0, 0, $m[2], $m[1], $m[3]); } else { $createdate = time(); } $content_lang_no_tran = ''; $content_lang = "<?php\n\n"; $content_lang .= "/**\n"; $content_lang .= "* @Project NUKEVIET 4.x\n"; $content_lang .= "* @Author VINADES.,JSC (contact@vinades.vn)\n"; $content_lang .= "* @Copyright (C) " . date("Y") . " VINADES.,JSC. All rights reserved\n"; $content_lang .= "* @Language " . $language_array[$dirlang]['name'] . "\n"; $content_lang .= "* @License CC BY-SA (http://creativecommons.org/licenses/by-sa/4.0/)\n"; $content_lang .= "* @Createdate " . gmdate("M d, Y, h:i:s A", $createdate) . "\n"; $content_lang .= "*/\n"; if ($admin_file) { $content_lang .= "\nif (! defined('NV_ADMIN') or ! defined('NV_MAINFILE')) {"; } else { $content_lang .= "\nif (! defined('NV_MAINFILE')) {"; } $content_lang .= "\n die( 'Stop!!!' );\n}\n\n"; $array_translator['info'] = isset($array_translator['info']) ? $array_translator['info'] : ""; $content_lang .= "\$lang_translator['author'] = '" . $array_translator['author'] . "';\n"; $content_lang .= "\$lang_translator['createdate'] = '" . $array_translator['createdate'] . "';\n"; $content_lang .= "\$lang_translator['copyright'] = '" . $array_translator['copyright'] . "';\n"; $content_lang .= "\$lang_translator['info'] = '" . $array_translator['info'] . "';\n"; $content_lang .= "\$lang_translator['langtype'] = '" . $array_translator['langtype'] . "';\n"; $content_lang .= "\n"; $content_lang_no_check = ''; $numrows = 0; if (in_array('vi', $array_lang_exit) and in_array('en', $array_lang_exit) and $dirlang != 'vi' and $dirlang != 'en') { $result = $db->query('SELECT lang_key, lang_vi, lang_en, lang_' . $dirlang . ', update_' . $dirlang . ' FROM ' . NV_LANGUAGE_GLOBALTABLE . ' WHERE idfile=' . $idfile . ' ORDER BY id ASC'); while (list($lang_key, $lang_value_vi, $lang_value_en, $lang_value, $update_time) = $result->fetch(3)) { if ($lang_value != '') { $numrows++; $lang_value = nv_unhtmlspecialchars($lang_value); $lang_value = str_replace("\\'", "'", $lang_value); $lang_value = str_replace("'", "\\'", $lang_value); $lang_value = nv_nl2br($lang_value); $lang_value = str_replace('<br />', '<br />', $lang_value); $content_temp = "\$" . $langtype . "['" . $lang_key . "'] = '{$lang_value}';\n"; if ($update_time > 0) { $content_lang .= $content_temp; } else { $content_lang_no_check .= $content_temp; } } } if (!empty($content_lang_no_check)) { $content_lang .= "\n\n/*---------------------------------------- Language untested ----------------------------------------------*/\n"; $content_lang .= $content_lang_no_check; $array_lang_no_check[] = $include_lang; } } else { $result = $db->query('SELECT lang_key, lang_' . $dirlang . ' FROM ' . NV_LANGUAGE_GLOBALTABLE . ' WHERE idfile=' . $idfile . ' ORDER BY id ASC'); while (list($lang_key, $lang_value) = $result->fetch(3)) { if ($lang_value != '') { $numrows++; $lang_value = nv_unhtmlspecialchars($lang_value); $lang_value = str_replace("\\'", "'", $lang_value); $lang_value = str_replace("'", "\\'", $lang_value); $lang_value = nv_nl2br($lang_value); $lang_value = str_replace('<br />', '<br />', $lang_value); $content_lang .= "\$" . $langtype . "['" . $lang_key . "'] = '" . $lang_value . "';\n"; } } } if ($numrows) { $number_bytes = file_put_contents($include_lang, trim($content_lang), LOCK_EX); if (empty($number_bytes)) { $errfile = str_replace(NV_ROOTDIR, '', str_replace('\\', '/', $include_lang)); return $lang_module['nv_error_write_file'] . ' : ' . $errfile; } } } return ''; } else { return $lang_module['nv_error_exit_module'] . ' : ' . $module; } }
} else { $rowcontent['homeimgthumb'] = 2; } } elseif (nv_is_url($rowcontent['homeimgfile'])) { $rowcontent['homeimgthumb'] = 3; } else { $rowcontent['homeimgfile'] = ''; } if (!array_key_exists($rowcontent['imgposition'], $array_imgposition)) { $rowcontent['imgposition'] = 1; } if (!array_key_exists($rowcontent['topicid'], $array_topic_module)) { $rowcontent['topicid'] = 0; } $bodyhtml = $nv_Request->get_string('bodyhtml', 'post', ''); $rowcontent['bodyhtml'] = defined('NV_EDITOR') ? nv_nl2br($bodyhtml, '') : nv_nl2br(nv_htmlspecialchars(strip_tags($bodyhtml)), '<br />'); $rowcontent['keywords'] = $nv_Request->get_title('keywords', 'post', '', 1); if (empty($rowcontent['title'])) { $error = $lang_module['error_title']; } elseif (empty($rowcontent['listcatid'])) { $error = $lang_module['error_cat']; } elseif (trim(strip_tags($rowcontent['bodyhtml'])) == '') { $error = $lang_module['error_bodytext']; } elseif (!nv_capcha_txt($fcode)) { $error = $lang_module['error_captcha']; } else { if ($array_post_user['postcontent'] && $nv_Request->isset_request('status1', 'post')) { $rowcontent['status'] = 1; } elseif ($nv_Request->isset_request('status0', 'post')) { $rowcontent['status'] = 5; } elseif ($nv_Request->isset_request('status4', 'post')) {
} $url = $nv_Request->get_string('url', 'post', ''); $is_myurl = $nv_Request->get_int('is_myurl', 'post', 0); if (empty($url)) { die($lang_module['file_checkUrl_error']); } $url = rawurldecode($url); if ($is_myurl) { $url = substr($url, strlen(NV_BASE_SITEURL)); $url = NV_ROOTDIR . '/' . $url; if (!file_exists($url)) { die($lang_module['file_checkUrl_error']); } } else { $url = trim($url); $url = nv_nl2br($url, '<br />'); $url = explode('<br />', $url); $url = array_map('trim', $url); foreach ($url as $l) { if (!empty($l)) { if (!nv_is_url($l)) { die($lang_module['file_checkUrl_error']); } if (!nv_check_url($l)) { die($lang_module['file_checkUrl_error']); } } } } die($lang_module['file_checkUrl_ok']); }
$row = $db->sql_fetchrow($result); unset($sql, $result); $row['error'] = ""; $row['action'] = nv_url_rewrite(NV_BASE_SITEURL . "index.php?" . NV_LANG_VARIABLE . "=" . NV_LANG_DATA . "&" . NV_NAME_VARIABLE . "=" . $module_name . "&" . NV_OP_VARIABLE . "=reportlink-" . $row['alias'] . "-" . $id, true); $row['id'] = $id; if ($id) { $check = false; if ($submit and $report_id) { $sql = "SELECT `type` FROM `" . NV_PREFIXLANG . "_" . $module_data . "_report` WHERE `id`='" . $report_id . "'"; $result = $db->sql_query($sql); $rows = $db->sql_fetchrow($result); $report = $nv_Request->get_int('report', 'post'); $report_note = filter_text_input('report_note', 'post', '', 1, 255); $row['report_note'] = $report_note; if ($report == 0 and empty($report_note)) { $row['error'] = $lang_module['error']; } elseif (!empty($report_note) and !isset($report_note[9])) { $row['error'] = $lang_module['error_word_min']; } elseif ($rows['type'] == $report) { $check = true; } else { $report_note = nv_nl2br($report_note); $sql = "INSERT INTO `" . NV_PREFIXLANG . "_" . $module_data . "_report` (`id`, `type`, `report_time`, `report_userid`, `report_ip`, `report_browse_key`, `report_browse_name`, `report_os_key`, `report_os_name`, `report_note`) VALUE ('" . $report_id . "', '" . $report . "', UNIX_TIMESTAMP(), '0', " . $db->dbescape_string($client_info['ip']) . ", " . $db->dbescape_string($client_info['browser']['key']) . ", " . $db->dbescape_string($client_info['browser']['name']) . ", " . $db->dbescape_string($client_info['client_os']['key']) . ", " . $db->dbescape_string($client_info['client_os']['name']) . ", " . $db->dbescape_string($report_note) . ")"; $check = $db->sql_query($sql); } } $contents = call_user_func("report", $row, $check); } else { die("you don't permission to access!!!"); exit; }
$array_site_cat_module = explode(',', $_module); } } $title = $note = $modfile = $error = ''; $modules_site = nv_scandir(NV_ROOTDIR . '/modules', $global_config['check_module']); if ($nv_Request->get_title('checkss', 'post') == NV_CHECK_SESSION) { $title = $nv_Request->get_title('title', 'post', '', 1); $modfile = $nv_Request->get_title('module_file', 'post', '', 1); $note = $nv_Request->get_title('note', 'post', '', 1); $title = strtolower(change_alias($title)); $modules_admin = nv_scandir(NV_ROOTDIR . '/' . NV_ADMINDIR, $global_config['check_module']); $error = $lang_module['vmodule_exit']; if (!empty($title) and !empty($modfile) and !in_array($title, $modules_site) and !in_array($title, $modules_admin) and preg_match($global_config['check_module'], $title) and preg_match($global_config['check_module'], $modfile)) { $version = ''; $author = ''; $note = nv_nl2br($note, '<br />'); $module_data = preg_replace('/(\\W+)/i', '_', $title); if (empty($array_site_cat_module) or in_array($modfile, $array_site_cat_module)) { try { $sth = $db->prepare('INSERT INTO ' . $db_config['prefix'] . '_setup_extensions (type, title, is_sys, is_virtual, basename, table_prefix, version, addtime, author, note) VALUES ( \'module\', :title, 0, 0, :basename, :table_prefix, :version, ' . NV_CURRENTTIME . ', :author, :note)'); $sth->bindParam(':title', $title, PDO::PARAM_STR); $sth->bindParam(':basename', $modfile, PDO::PARAM_STR); $sth->bindParam(':table_prefix', $module_data, PDO::PARAM_STR); $sth->bindParam(':version', $version, PDO::PARAM_STR); $sth->bindParam(':author', $author, PDO::PARAM_STR); $sth->bindParam(':note', $note, PDO::PARAM_STR); if ($sth->execute()) { nv_insert_logs(NV_LANG_DATA, $module_name, $lang_module['vmodule_add'] . ' ' . $module_data, '', $admin_info['userid']); Header('Location: ' . NV_BASE_ADMINURL . 'index.php?' . NV_LANG_VARIABLE . '=' . NV_LANG_DATA . '&' . NV_NAME_VARIABLE . '=' . $module_name . '&' . NV_OP_VARIABLE . '=setup&setmodule=' . $title . '&checkss=' . md5($title . NV_CHECK_SESSION)); die; }
$sql = "UPDATE `" . NV_AUTHORS_GLOBALTABLE . "` SET `edittime`=" . NV_CURRENTTIME . ", `is_suspend`=" . $new_suspend . ", `susp_reason`=" . $db->dbescape(serialize($susp_reason)) . " WHERE `admin_id`=" . $admin_id; if ($db->sql_query($sql)) { if (!empty($sendmail)) { $title = sprintf($lang_module['suspend_sendmail_title'], $global_config['site_name']); $my_sig = !empty($admin_info['sig']) ? $admin_info['sig'] : "All the best"; $my_mail = $admin_info['view_mail'] ? $admin_info['email'] : $global_config['site_email']; if ($new_suspend) { $message = sprintf($lang_module['suspend_sendmail_mess1'], $global_config['site_name'], nv_date("d/m/Y H:i", NV_CURRENTTIME), $new_reason, $my_mail); } else { $message = sprintf($lang_module['suspend_sendmail_mess0'], $global_config['site_name'], nv_date("d/m/Y H:i", NV_CURRENTTIME), $last_reason['info']); } $message = trim($message); $mess = $message; $mess .= "\r\n\r\n............................\r\n\r\n"; $mess .= nv_EncString($message); $mess = nv_nl2br($mess, "<br />"); $xtpl = new XTemplate("message.tpl", NV_ROOTDIR . "/themes/" . $global_config['admin_theme'] . "/system"); $xtpl->assign('SITE_CHARSET', $global_config['site_charset']); $xtpl->assign('SITE_NAME', $global_config['site_name']); $xtpl->assign('SITE_SLOGAN', $global_config['site_description']); $xtpl->assign('SITE_EMAIL', $global_config['site_email']); $xtpl->assign('SITE_FONE', $global_config['site_phone']); $xtpl->assign('SITE_URL', $global_config['site_url']); $xtpl->assign('TITLE', $title); $xtpl->assign('CONTENT', $mess); $xtpl->assign('AUTHOR_SIG', $my_sig); $xtpl->assign('AUTHOR_NAME', $admin_info['username']); $xtpl->assign('AUTHOR_POS', $admin_info['position']); $xtpl->assign('AUTHOR_EMAIL', $my_mail); $xtpl->parse('main'); $content = $xtpl->text('main');
if (preg_match('/^cat\\_form\\_([a-zA-Z0-9\\-\\_]+)\\.tpl$/', $_form, $m)) { $cat_form_exit[] = $m[1]; } } if (!empty($savecat)) { $field_lang = nv_file_table($table_name); $data['catid'] = $nv_Request->get_int('catid', 'post', 0); $data['typeprice'] = $nv_Request->get_int('typeprice', 'post', 2); $data['parentid_old'] = $nv_Request->get_int('parentid_old', 'post', 0); $data['parentid'] = $nv_Request->get_int('parentid', 'post', 0); $data['title'] = nv_substr($nv_Request->get_title('title', 'post', '', 1), 0, 255); $data['title_custom'] = nv_substr($nv_Request->get_title('title_custom', 'post', '', 1), 0, 255); $data['keywords'] = nv_substr($nv_Request->get_title('keywords', 'post', '', 1), 0, 255); $data['alias'] = nv_substr($nv_Request->get_title('alias', 'post', '', 1), 0, 255); $data['description'] = $nv_Request->get_string('description', 'post', ''); $data['description'] = nv_nl2br(nv_htmlspecialchars(strip_tags($data['description'])), '<br />'); $data['descriptionhtml'] = $nv_Request->get_editor('descriptionhtml', '', NV_ALLOWED_HTML_TAGS); $data['viewdescriptionhtml'] = $nv_Request->get_int('viewdescriptionhtml', 'post', 0); $data['cat_allow_point'] = $nv_Request->get_int('cat_allow_point', 'post', 0); $data['cat_number_point'] = $nv_Request->get_int('cat_number_point', 'post', 0); $data['cat_number_product'] = $nv_Request->get_int('cat_number_product', 'post', 0); $data['alias'] = $data['alias'] == '' ? change_alias($data['title']) : change_alias($data['alias']); // Cat mo ta cho chinh xac if (strlen($data['description']) > 255) { $data['description'] = nv_clean60($data['description'], 250); } $_groups_post = $nv_Request->get_array('groups_view', 'post', array()); $data['groups_view'] = !empty($_groups_post) ? implode(',', nv_groups_post(array_intersect($_groups_post, array_keys($groups_list)))) : ''; if ($data['title'] == '') { $error = $lang_module['error_cat_name']; }
$alias = filter_text_input('alias', 'post', '', 1); $parentid = $nv_Request->get_int('parentid', 'post', 0); $alias = $alias == "" ? change_alias($title) : change_alias($alias); $url = filter_text_input('url', 'post', ''); $image = filter_text_input('image', 'post', ''); if (!nv_is_url($image) and file_exists(NV_DOCUMENT_ROOT . $image)) { $lu = strlen(NV_BASE_SITEURL . NV_UPLOADS_DIR . "/"); if (substr($image, 0, $lu) == NV_BASE_SITEURL . NV_UPLOADS_DIR . "/") { $image = substr($image, $lu); } } $admin_phone = ""; $admin_email = ""; $note = ""; $description = filter_text_textarea('description', '', NV_ALLOWED_HTML_TAGS); $description = defined('NV_EDITOR') ? nv_editor_nl2br($description) : nv_nl2br($description, '<br />'); $status = $nv_Request->get_int('status', 'post') == 1 ? 1 : 0; //check url if (empty($url) || !nv_is_url($url) || !check_url($id, $url)) { $error = $lang_module['error_url']; } elseif (empty($title)) { $error = $lang_module['error_title']; } elseif (strip_tags($description) == "") { $error = $lang_module['error_description']; } else { if ($id > 0) { $query = "UPDATE `" . NV_PREFIXLANG . "_" . $module_data . "_rows` SET `catid`=" . $catid . ", `title`=" . $db->dbescape($title) . ", `alias` = " . $db->dbescape($alias) . ", `url` = " . $db->dbescape($url) . ", `urlimg` = " . $db->dbescape($image) . ", `description`=" . $db->dbescape($description) . ", `edit_time` = UNIX_TIMESTAMP(), `status`=" . $status . " WHERE `id` =" . $id . ""; $db->sql_query($query); if ($db->sql_affectedrows() > 0) { nv_insert_logs(NV_LANG_DATA, $module_name, 'log_edit_content', "id " . $id, $admin_info['userid']); Header("Location: " . NV_BASE_ADMINURL . "index.php?" . NV_NAME_VARIABLE . "=" . $module_name . "");
$value = strip_tags($value, $allowed_html_tags); $value = nv_nl2br($value, '<br />'); if ($row_f['match_type'] == 'regex') { if (!preg_match("/" . $row_f['match_regex'] . "/", $value)) { $error = sprintf($lang_module['field_match_type_error'], $row_f['title']); } } elseif ($row_f['match_type'] == 'callback') { if (function_exists($row_f['func_callback'])) { if (!call_user_func($row_f['func_callback'], $value)) { $error = sprintf($lang_module['field_match_type_error'], $row_f['title']); } } else { $error = "error function not exists " . $row_f['func_callback']; } } $value = $row_f['question_type'] == 'textarea' ? nv_nl2br($value, '<br />') : nv_editor_nl2br($value); $strlen = nv_strlen($value); if ($strlen < $row_f['min_length'] or $strlen > $row_f['max_length']) { $error = sprintf($lang_module['field_min_max_error'], $row_f['title'], $row_f['min_length'], $row_f['max_length']); } } elseif ($row_f['question_type'] == 'checkbox' or $row_f['question_type'] == 'multiselect') { $temp_value = array(); $row_f['question_choices'] = unserialize($row_f['question_choices']); foreach ($value as $value_i) { if (isset($row_f['question_choices'][$value_i])) { $temp_value[] = $value_i; } } $value = implode(',', $temp_value); } elseif ($row_f['question_type'] == 'select' or $row_f['question_type'] == 'radio') { $row_f['question_choices'] = unserialize($row_f['question_choices']);
list($is_exists) = $db->sql_fetchrow($result); } if (empty($array['title'])) { $is_error = true; $error = $lang_module['faq_error_title']; } elseif ($is_exists) { $is_error = true; $error = $lang_module['faq_title_exists']; } elseif (empty($array['question'])) { $is_error = true; $error = $lang_module['faq_error_question']; } elseif (empty($array['answer'])) { $is_error = true; $error = $lang_module['faq_error_answer']; } else { $array['question'] = nv_nl2br($array['question'], "<br />"); $array['answer'] = nv_editor_nl2br($array['answer']); if (defined('IS_EDIT')) { if ($array['catid'] != $row['catid']) { $sql = "SELECT MAX(weight) AS new_weight FROM `" . NV_PREFIXLANG . "_" . $module_data . "` WHERE `catid`=" . $array['catid']; $result = $db->sql_query($sql); list($new_weight) = $db->sql_fetchrow($result); $new_weight = (int) $new_weight; $new_weight++; } else { $new_weight = $row['weight']; } $sql = "UPDATE `" . NV_PREFIXLANG . "_" . $module_data . "` SET \r\n `catid`=" . $array['catid'] . ", \r\n `title`=" . $db->dbescape($array['title']) . ", \r\n `alias`=" . $db->dbescape($alias) . ", \r\n `question`=" . $db->dbescape($array['question']) . ", \r\n `answer`=" . $db->dbescape($array['answer']) . ", \r\n `weight`=" . $new_weight . " \r\n WHERE `id`=" . $id; $result = $db->sql_query($sql); if (!$result) { $is_error = true;
*/ if (!defined('NV_IS_FILE_ADMIN')) { die('Stop!!!'); } $page_title = $lang_module['playlists']; $error = ''; $savecat = 0; list($playlist_id, $title, $alias, $description, $image, $keywords, $status, $private_mode) = array(0, '', '', '', '', '', 1, 1); $savecat = $nv_Request->get_int('savecat', 'post', 0); if (!empty($savecat)) { $playlist_id = $nv_Request->get_int('playlist_id', 'post', 0); $title = $nv_Request->get_title('title', 'post', '', 1); $keywords = $nv_Request->get_title('keywords', 'post', '', 1); $alias = $nv_Request->get_title('alias', 'post', ''); $description = $nv_Request->get_string('description', 'post', ''); $description = nv_nl2br(nv_htmlspecialchars(strip_tags($description)), '<br/>'); $alias = $alias == '' ? change_alias($title) : change_alias($alias); $status = $nv_Request->get_int('status', 'post', 0); $private_mode = $nv_Request->get_int('private_mode', 'post', 0); $image = $nv_Request->get_string('image', 'post', ''); if (is_file(NV_DOCUMENT_ROOT . $image)) { $lu = strlen(NV_BASE_SITEURL . NV_UPLOADS_DIR . '/' . $module_upload . '/img/'); $image = substr($image, $lu); } else { $image = ''; } if (empty($title)) { $error = $lang_module['error_name']; } elseif ($playlist_id == 0) { $weight = $db->query("SELECT max(weight) FROM " . NV_PREFIXLANG . "_" . $module_data . "_playlist_cat")->fetchColumn(); $weight = intval($weight) + 1;
$error = $lang_module['file_error_title']; } elseif ($is_exists) { $is_error = true; $error = $lang_module['file_title_exists']; } elseif (!empty($array['author_email']) and ($check_valid_email = nv_check_valid_email($array['author_email'])) != '') { $is_error = true; $error = $check_valid_email; } elseif (!empty($array['author_url']) and !nv_is_url($array['author_url'])) { $is_error = true; $error = $lang_module['file_error_author_url']; } elseif (empty($array['fileupload']) and empty($array['linkdirect']) and empty($array['fileupload2'])) { $is_error = true; $error = $lang_module['file_error_fileupload']; } else { $alias = change_alias($array['title']); $array['introtext'] = nv_nl2br($array['introtext'], '<br />'); if ($row['user_id']) { $array['user_name'] = $row['user_name']; } if (!empty($array['fileupload2'])) { $array['fileupload'] = $array['fileupload2']; } elseif (!empty($array['fileupload'])) { $fileupload = $array['fileupload']; $array['fileupload'] = array(); foreach ($fileupload as $file) { $file = NV_UPLOADS_DIR . $file; $newfile = basename($file); if (preg_match('/(.*)(\\.[a-zA-Z0-9]{32})(\\.[a-zA-Z]+)$/', $newfile, $m)) { $newfile = $m[1] . $m[3]; } $newfile2 = $newfile;