function blocks_related_block($row)
{
global $sid, $story;
list($dbconn) = pnDBGetConn();
$pntable = pnDBGetTables();
if (!pnSecAuthAction(0, 'Relatedblock::', "{$row['title']}::", ACCESS_READ)) {
return;
}
if ($story['topic']) {
$row['content'] = '<font class="pn-normal">';
$column =& $pntable['stories_column'];
$sql = "SELECT {$column['sid']} as sid, {$column['title']} as title FROM {$pntable['stories']} WHERE {$column['topic']}=" . pnVarPrepForStore($story['topic']) . " ORDER BY {$column['counter']} DESC";
$result = $dbconn->SelectLimit($sql, 1);
$mrow = $result->GetRowAssoc(false);
$result->MoveNext();
$column =& $pntable['related_column'];
$result = $dbconn->Execute("SELECT {$column['name']} as name, {$column['url']} as url FROM {$pntable['related']} WHERE {$column['tid']}=" . pnVarPrepForStore($story['topic']) . "");
while (!$result->EOF) {
$lrow = $result->GetRowAssoc(false);
$result->MoveNext();
$row['content'] .= "<strong><big>·</big></strong> <a href=\"{$lrow['url']}\" target=\"_blank\">" . pnVarPrepForDisplay($lrow['name']) . "</a><br>\n";
}
$row['content'] .= "<strong><big>·</big></strong> <a href=\"advtopics.php?topic={$story['topic']}\">" . _MOREABOUT . " " . pnVarPrepForDisplay($story['topicname']) . "</a><br>\n" . "<strong><big>·</big></strong> <a class=\"pn-normal\" href=\"modules.php?op=modload&name=Search&file=index&action=search&overview=1&active_stories=1&stories_author={$story['aid']}\">" . _NEWSBY . " " . pnVarPrepForDisplay($story['aid']) . "</a><br>\n" . '</font><br><hr noshade width="95%" size="1"><b>' . _MOSTREAD . " " . pnVarPrepForDisplay($story['topicname']) . ":</b><br>\n" . "<center><a href=\"advarticle.php?sid={$mrow['sid']}\">" . pnVarPrepForDisplay($mrow['title']) . "</a></center><br><br>\n" . '<div align="right">' . "<a href=\"print.php?sid={$mrow['sid']}\"><img src=\"images/global/print.gif\" border=\"0\" alt=\"" . _PRINTER . "\"></a> " . "<a class=\"pn-normal\" href=\"modules.php?op=modload&name=Recommend_Us&file=index&req=FriendSend&sid={$sid}\"><img src=\"images/global/friend.gif\" border=\"0\" Alt=\"" . _FRIEND . "\"></a>\n" . '</div>';
return themesideblock($row);
}
}
/**
* Function to display banners in all pages
*/
function pnBannerDisplay($type = 0)
{
// test on config settings
if (pnConfigGetVar('banners') != 1) {
return ' ';
}
// added check for numeric type - markwest
if (!is_numeric($type)) {
return ' ';
}
$dbconn =& pnDBGetConn(true);
$pntable =& pnDBGetTables();
$column =& $pntable['banner_column'];
$bresult =& $dbconn->Execute("SELECT count(*) AS count FROM {$pntable['banner']}\n\t\t\t\t\t\t\t\tWHERE {$column['type']} = '" . (int) pnVarPrepForStore($type) . "'");
list($numrows) = $bresult->fields;
// we no longer need this, free the resources
$bresult->Close();
/* Get a random banner if exist any. */
/* More efficient random stuff, thanks to Cristian Arroyo from http://www.planetalinux.com.ar */
if ($numrows > 1) {
$numrows = $numrows - 1;
mt_srand((double) microtime() * 1000000);
$bannum = mt_rand(0, $numrows);
} else {
$bannum = 0;
}
$column =& $pntable['banner_column'];
//$query = buildSimpleQuery ('banner', array ('bid', 'imageurl','clickurl'), "$column[type] = $type", '', 1, $bannum);
$query = "SELECT {$column['bid']}, {$column['imageurl']}, {$column['clickurl']}\n\t\t\t\tFROM {$pntable['banner']}\n\t\t\t\tWHERE {$column['type']} = '" . (int) pnVarPrepForStore($type) . "'";
$bresult2 =& $dbconn->SelectLimit($query, 1, $bannum);
list($bid, $imageurl, $clickurl) = $bresult2->fields;
// we no longer need this, free the resources
$bresult2->Close();
$myIP = pnConfigGetVar('myIP');
$myhost = pnServerGetVar("REMOTE_ADDR");
if (!empty($myIP) && substr($myhost, 0, strlen($myIP)) == $myIP) {
// itevo, MNA: added temporary variable to check when inserting a finished banner (insert only when variable is not set)
$ignore_bannerfinish = 1;
} else {
$dbconn->Execute("UPDATE {$pntable['banner']}\n SET {$column['impmade']}={$column['impmade']}+1\n WHERE {$column['bid']}=" . (int) pnVarPrepForStore($bid) . "");
}
if ($numrows > 0) {
$aborrar =& $dbconn->Execute("SELECT {$column['cid']},{$column['imptotal']},\n {$column['impmade']}, {$column['clicks']},\n {$column['date']}\n FROM {$pntable['banner']}\n WHERE {$column['bid']}=" . (int) pnVarPrepForStore($bid) . "");
list($cid, $imptotal, $impmade, $clicks, $date) = $aborrar->fields;
$aborrar->Close();
/* Check if this impression is the last one and print the banner */
if ($imptotal == $impmade && !isset($ignore_bannerfinish)) {
$column =& $pntable['bannerfinish_column'];
$dbconn->Execute("INSERT INTO {$pntable['bannerfinish']}\n ( {$column['bid']}, {$column['cid']}, {$column['impressions']}, {$column['clicks']}, {$column['datestart']}, {$column['dateend']} )\n VALUES (NULL, '" . pnVarPrepForStore($cid) . "', '" . pnVarPrepForStore($impmade) . "', '" . pnVarPrepForStore($clicks) . "', '" . pnVarPrepForStore($date) . "', now())");
$dbconn->Execute("DELETE FROM {$pntable['banner']} WHERE {$column['bid']}=" . (int) pnVarPrepForStore($bid) . "");
}
list($bid, $clickurl, $imageurl) = pnVarPrepForDisplay($bid, $clickurl, $imageurl);
if ($type == 1 or $type == 2 or $type == 0) {
echo "<a href=\"banners.php?op=click&bid={$bid}\" title=\"{$clickurl}\"><img src=\"{$imageurl}\" alt=\"{$clickurl}\" /></a>";
} else {
$content = "<a href=\"banners.php?op=click&bid={$bid}\" title=\"{$clickurl}\"><img src=\"{$imageurl}\" alt=\"{$clickurl}\" /></a>";
return $content;
}
}
}
function updateUserPass($username, $md5pass)
{
list($dbconn) = pnDBGetConn();
$pntable = pnDBGetTables();
$column =& $pntable['users_column'];
$result = $dbconn->Execute("UPDATE {$pntable['users']}\n SET {$column['pass']} = '" . pnVarPrepForStore($md5pass) . "'\n WHERE {$column['uname']}='" . pnVarPrepForStore($username) . "'");
}
/**
* Smarty plugin
* -------------------------------------------------------------
* Type: resource
* Name: userdb
* Purpose: read user maintained source as a template
* $tpl_name is parsed as a uri type of string where
* the path to the template field is encoded as:
*
* table/source_field?field=condtional&field=conditional...
*
* results in:
* SELECT source_field FROM table WHERE conditions...
* -------------------------------------------------------------
*/
function smarty_resource_userdb_fetch($tpl_name, &$tpl_source, &$smarty, $default = false)
{
$_url = parse_url($tpl_name);
// (required) expected syntax: table/source_field
$_path_items = explode('/', $_url['path']);
$table = $_path_items[0];
$source = $_path_items[1];
// Theme Configuration
$skinid = pnModAPIFunc('Xanthia', 'user', 'getSkinID', array('skin' => $table));
$dbconn =& pnDBGetConn(true);
$pntable =& pnDBGetTables();
$table = $pntable['theme_tplsource'];
$column =& $pntable['theme_tplsource_column'];
$query = "SELECT {$column['tpl_source']}\n\t\t\t\t\tFROM {$table}\n\t\t\t\t\tWHERE {$column['tpl_file_name']}='{$source}'\n\t\t\t\t\tAND {$column['tpl_skin_id']}= '{$skinid}' LIMIT 1";
$result =& $dbconn->Execute($query);
if ($result->EOF) {
} else {
list($tpl_source) = $result->fields;
}
$result->MoveNext();
$result->Close();
if ($tpl_source) {
return true;
} else {
return $default;
}
}
/**
* upgrade
*
* @todo recode using DBUtil
*/
public function Upgrade($oldversion) {
switch ($oldversion) {
case '0.2':
// Create the system init hook (previous versions are for Zikula 1.2)
EventUtil::registerPersistentModuleHandler('IWstats', 'core.postinit', array('IWstats_Listeners', 'coreinit'));
case '3.0.0':
// Add new fields. Stop in case of error
if (!DBUtil::changeTable('IWstats')) {
return false;
}
// Create indexes. Don't stop in case of error
$table = pnDBGetTables();
$c = $table['IWstats_column'];
DBUtil::createIndex($c['ipForward'], 'IWstats', 'ipForward');
DBUtil::createIndex($c['ipClient'], 'IWstats', 'ipClient');
DBUtil::createIndex($c['userAgent'], 'IWstats', 'userAgent');
break;
}
// Update successful
return true;
}
function mediashare_mediahandlerapi_getHandlerInfo($args)
{
$dom = ZLanguage::getModuleDomain('mediashare');
$mimeType = strtolower($args['mimeType']);
$filename = strtolower($args['filename']);
if (!empty($filename)) {
$dotPos = strpos($filename, '.');
if ($dotPos === false) {
$fileType = '';
} else {
$fileType = substr($filename, $dotPos + 1);
}
} else {
$fileType = '';
}
$pntable = pnDBGetTables();
$handlersTable = $pntable['mediashare_mediahandlers'];
$handlersColumn = $pntable['mediashare_mediahandlers_column'];
$sql = "SELECT DISTINCT {$handlersColumn['handler']},\r\n {$handlersColumn['foundMimeType']},\r\n {$handlersColumn['foundFileType']}\r\n FROM {$handlersTable}\r\n WHERE {$handlersColumn['mimeType']} = '" . DataUtil::formatForStore($mimeType) . "'\r\n OR {$handlersColumn['fileType']} = '" . DataUtil::formatForStore($fileType) . "'\r\n\t\t\t\t\t\t\t\t\t\t\t\tAND {$handlersColumn['active']} =\t1 ";
$result = DBUtil::executeSQL($sql);
$errormsg = __f('Unable to locate media handler for \'%1$s\' (%2$s)', array($filename, $mimeType), $dom);
if ($result === false) {
return LogUtil::registerError(__f('Error in %1$s: %2$s.', array('mediahandlerapi.getHandlerInfo', $errormsg), $dom));
}
if (!$result) {
return LogUtil::registerError($errormsg);
}
$colArray = array('handlerName', 'mimeType', 'fileType');
$handler = DBUtil::marshallObjects($result, $colArray);
return $handler[0];
}
function blocks_ephem_block($row)
{
list($dbconn) = pnDBGetConn();
$pntable = pnDBGetTables();
$currentlang = pnUserGetLang();
if (!pnSecAuthAction(0, 'Ephemeridsblock::', "{$row['title']}::", ACCESS_READ)) {
return;
}
if (pnConfigGetVar('multilingual') == 1) {
$column =& $pntable['ephem_column'];
$querylang = "AND ({$column['elanguage']}='" . pnVarPrepForStore($currentlang) . "' OR {$column['elanguage']}='')";
} else {
$querylang = "";
}
$today = getdate();
$eday = $today['mday'];
$emonth = $today['mon'];
$column =& $pntable['ephem_column'];
$result = $dbconn->Execute("SELECT {$column['yid']}, {$column['content']}\n FROM {$pntable['ephem']}\n WHERE {$column['did']}='" . pnVarPrepForStore($eday) . "' AND {$column['mid']}='" . pnVarPrepForStore($emonth) . "' {$querylang}");
$boxstuff = '<span class="pn-normal"><b>' . _ONEDAY . '</b></span><br />';
while (list($yid, $content) = $result->fields) {
$result->MoveNext();
$boxstuff .= '<br /><br />';
$boxstuff .= '<b>' . pnVarPrepForDisplay($yid) . '</b><br />' . pnVarPrepHTMLDisplay(nl2br($content)) . '';
}
if (empty($row['title'])) {
$row['title'] = _EPHEMERIDS;
}
$row['content'] = $boxstuff;
return themesideblock($row);
}
function Lenses_adminapi_delete($args)
{
// Permission check.
if (!pnSecAuthAction(0, 'Lenses::', '::', ACCESS_ADMIN)) {
pnSessionSetVar('errormsg', _MODULENOAUTH);
return false;
}
// Extract arguments.
extract($args);
// Ensure valid values were passed in.
if (empty($tid) || !is_numeric($tid) || empty($item_type) || !is_string($item_type)) {
pnSessionSetVar('errormsg', _MODARGSERROR);
return false;
}
// Call API function to verify bifocal type exists.
$item_exists = pnModAPIFunc('Lenses', 'user', 'get', array('tid' => $tid, 'item_type' => $item_type));
// Verify sphere exists.
if (!$item_exists) {
pnSessionSetVar('errormsg', _NOSUCHITEM);
return false;
}
// Get a reference to the database object.
$dbconn =& pnDBGetConn(true);
// Get a reference to PostNuke's table info.
$pntable =& pnDBGetTables();
switch ($item_type) {
case 'lens':
$table =& $pntable['lenses'];
$field =& $pntable['lenses_column'];
break;
case 'company':
$table =& $pntable['lenses_companies'];
$field =& $pntable['lenses_companies_column'];
break;
case 'polymer':
$table =& $pntable['lenses_polymers'];
$field =& $pntable['lenses_polymers_column'];
break;
default:
break;
}
// Create an sql query to delete the sphere.
$sql = "DELETE FROM {$table} WHERE {$field['tid']} = '" . (int) $tid . "'";
// Execute the SQL query.
$result = $dbconn->Execute($sql);
// Check for any database errors.
if ($dbconn->ErrorNo() != 0) {
pnSessionSetVar('errormsg', _DELETEFAILED);
return false;
}
// Start a new output object.
// This function isn't an output function, but needs an output
// object started before the cache can be cleared.
$pnRender =& new pnRender('Lenses');
// Clear the cache.
$pnRender->clear_cache();
// Return success.
return true;
}
/**
* Function to display banners in all pages
*/
function pnBannerDisplay($type = 0)
{
// test on config settings
if (pnConfigGetVar('banners') != 1) {
return ' ';
}
// added check for numeric type - markwest
if (!is_numeric($type)) {
return ' ';
}
list($dbconn) = pnDBGetConn();
$pntable = pnDBGetTables();
$column =& $pntable['banner_column'];
$bresult = $dbconn->Execute("SELECT count(*) AS count FROM {$pntable['banner']}\n\t\t\t\t\t\t\t\tWHERE {$column['type']} = {$type}");
list($numrows) = $bresult->fields;
// we no longer need this, free the resources
$bresult->Close();
/* Get a random banner if exist any. */
/* More efficient random stuff, thanks to Cristian Arroyo from http://www.planetalinux.com.ar */
if ($numrows > 1) {
$numrows = $numrows - 1;
mt_srand((double) microtime() * 1000000);
$bannum = mt_rand(0, $numrows);
} else {
$bannum = 0;
}
$column =& $pntable['banner_column'];
$query = buildSimpleQuery('banner', array('bid', 'imageurl', 'clickurl'), "{$column['type']} = {$type}", '', 1, $bannum);
$bresult2 = $dbconn->Execute($query);
list($bid, $imageurl, $clickurl) = $bresult2->fields;
// we no longer need this, free the resources
$bresult2->Close();
$myIP = pnConfigGetVar('myIP');
$myhost = getenv("REMOTE_ADDR");
if ($myIP == $myhost) {
// do nothing
} else {
$dbconn->Execute("UPDATE {$pntable['banner']}\n SET {$column['impmade']}={$column['impmade']}+1\n WHERE {$column['bid']}=" . pnVarPrepForStore($bid) . "");
}
if ($numrows > 0) {
$aborrar = $dbconn->Execute("SELECT {$column['cid']},{$column['imptotal']},\n {$column['impmade']}, {$column['clicks']},\n {$column['date']}\n FROM {$pntable['banner']}\n WHERE {$column['bid']}=" . pnVarPrepForStore($bid) . "");
list($cid, $imptotal, $impmade, $clicks, $date) = $aborrar->fields;
$aborrar->Close();
/* Check if this impression is the last one and print the banner */
if ($imptotal == $impmade) {
$column =& $pntable['bannerfinish_column'];
$dbconn->Execute("INSERT INTO {$pntable['bannerfinish']}\n ( {$column['bid']}, {$column['cid']}, {$column['impressions']}, {$column['clicks']}, {$column['datestart']}, {$column['dateend']} )\n VALUES (NULL, '" . pnVarPrepForStore($cid) . "', '" . pnVarPrepForStore($impmade) . "', '" . pnVarPrepForStore($clicks) . "', '" . pnVarPrepForStore($date) . "', now())");
$dbconn->Execute("DELETE FROM {$pntable['banner']} WHERE {$column['bid']}=" . pnVarPrepForStore($bid) . "");
}
if ($type == 1 or $type == 2 or $type == 0) {
echo "<a href=\"banners.php?op=click&bid={$bid}\" target=\"_blank\" title=\"{$clickurl}\"><img src=\"{$imageurl}\" border=\"0\" alt=\"" . _CLICK . "\"></a>";
} else {
$content = "<a href=\"banners.php?op=click&bid={$bid}\" target=\"_blank\" title=\"{$clickurl}\"><img src=\"{$imageurl}\" border=\"0\" alt=\"" . _CLICK . "\"></a>";
return $content;
}
}
}
function blocks_topic_block($row)
{
//global $topic, $catid;
list($dbconn) = pnDBGetConn();
$pntable = pnDBGetTables();
$currentlang = pnUserGetLang();
if (!pnSecAuthAction(0, 'Topicblock::', "{$row['title']}::", ACCESS_READ)) {
return;
}
$language = pnConfigGetVar('language');
$topic = "";
$catid = "";
if (pnConfigGetVar('multilingual') == 1) {
$column =& $pntable['stories_column'];
$querylang = "AND ({$column['alanguage']}='{$currentlang}' OR {$column['alanguage']}='')";
/* the OR is needed to display stories who are posted to ALL languages */
} else {
$querylang = '';
}
$column =& $pntable['topics_column'];
$result = $dbconn->Execute("SELECT {$column['topicid']} AS topicid, {$column['topicname']} as topicname FROM {$pntable['topics']} ORDER BY topicname");
if ($result->EOF) {
return;
} else {
$boxstuff = '<span class="pn-normal">';
if ($topic == "") {
$boxstuff .= "<strong><big>·</big></strong> <b><a href=\"modules.php?op=modload&name=Topics&file=index\">" . _ALL_TOPICS . "</a></b><br>";
} else {
$boxstuff .= "<strong><big>·</big></strong> <a href=\"modules.php?op=modload&name=News&file=index&catid={$catid}\">" . _ALL_TOPICS . "</a><br>";
}
while (!$result->EOF) {
$srow = $result->GetRowAssoc(false);
$result->MoveNext();
if (pnSecAuthAction(0, 'Topics::Topic', "{$srow['topicname']}::{$srow['topicid']}", ACCESS_READ)) {
$column =& $pntable['stories_column'];
$result2 = $dbconn->Execute("SELECT {$column['time']} AS unixtime FROM {$pntable['stories']} WHERE {$column['topic']}={$srow['topicid']} {$querylang} ORDER BY {$column['time']} DESC");
if (!$result2->EOF) {
$story = $result2->GetRowAssoc(false);
$story['unixtime'] = $result2->UnixTimeStamp($story['unixtime']);
$sdate = ml_ftime(_DATEBRIEF, $story['unixtime']);
if ($topic == $srow['topicid']) {
$boxstuff .= "<strong><big>·</big></strong> <span class=\"pn-title\"><b>{$srow['topicname']}</b></span> <span class=\"pn-sub\">({$sdate})</span><br>";
} else {
$boxstuff .= "<strong><big>·</big></strong> <a class=\"pn-normal\" href=\"modules.php?op=modload&name=News&file=index&catid={$catid}&topic={$srow['topicid']}\">{$srow['topicname']}</a> <span class=\"pn-sub\">({$sdate})</span><br>";
}
}
}
}
}
$boxstuff .= '</span>';
if (empty($row['title'])) {
$row['title'] = _TOPICS;
}
$row['content'] = $boxstuff;
return themesideblock($row);
}
function admin_menu($help_file = '')
{
$pntable = pnDBGetTables();
list($newsubs) = db_select_one_row("SELECT count(*) FROM {$pntable['queue']}");
if (!pnSecAuthAction(0, "::", '::', ACCESS_EDIT)) {
// suppress admin display - return to index.
pnRedirect('index.php');
} else {
menu_title('admin.php', _ADMINMENU);
menu_graphic(pnConfigGetVar('admingraphic'));
if ($help_file != '') {
menu_help($help_file, _ONLINEMANUAL);
}
$mods = pnModGetAdminMods();
if ($mods == false) {
// there aren't admin modules
return;
}
foreach ($mods as $mod) {
// Hack until the new news module comes into being
// TODO - remove this at appropriate time
if ($mod['name'] == 'AddStory') {
$mod['name'] = 'Stories';
}
if (pnSecAuthAction(0, "{$mod['name']}::", '::', ACCESS_EDIT)) {
if (file_exists("modules/" . pnVarPrepForOS($mod['directory']) . "/pnadmin.php")) {
$file = "modules/" . pnVarPrepForOS($mod['directory']) . "/pnimages/admin.";
if (file_exists($file . 'gif')) {
$imgfile = $file . 'gif';
} elseif (file_exists($file . 'jpg')) {
$imgfile = $file . 'jpg';
} elseif (file_exists($file . 'png')) {
$imgfile = $file . 'png';
} else {
$imgfile = 'modules/NS-Admin/images/default.gif';
}
menu_add_option(pnVarPrepForDisplay(pnModURL($mod['name'], 'admin')), $mod['displayname'], $imgfile);
} else {
$file = "modules/" . pnVarPrepForOS($mod['directory']) . "/images/admin.";
if (file_exists($file . 'gif')) {
$imgfile = $file . 'gif';
} elseif (file_exists($file . 'jpg')) {
$imgfile = $file . 'jpg';
} elseif (file_exists($file . 'png')) {
$imgfile = $file . 'png';
} else {
$imgfile = 'modules/NS-Admin/images/default.gif';
}
menu_add_option("admin.php?module={$mod['directory']}&op=main", $mod['displayname'], $imgfile);
}
}
}
}
}
function blocks_category_block($row)
{
global $topic, $catid;
list($dbconn) = pnDBGetConn();
$pntable = pnDBGetTables();
if (!pnSecAuthAction(0, 'Categoryblock::', "{$row['title']}::", ACCESS_READ)) {
return;
}
if (pnConfigGetVar('multilingual') == 1) {
$column =& $pntable['stories_column'];
$querylang = "AND ({$column['alanguage']}='" . pnVarPrepForStore(pnUserGetLang()) . "' OR {$column['alanguage']}='')";
/* the OR is needed to display stories who are posted to ALL languages */
} else {
$querylang = '';
}
$column =& $pntable['stories_cat_column'];
$result = $dbconn->Execute("SELECT {$column['catid']} as catid, {$column['title']} as title FROM {$pntable['stories_cat']} ORDER BY {$column['title']}");
if ($result->EOF) {
return;
} else {
$boxstuff = '<span class="pn-normal">';
if ($catid == "") {
// $boxstuff .= '<strong><big>·</big></strong> <b>'._ALL_CATEGORIES.'</b><br />';
$boxstuff .= "";
} else {
$boxstuff .= "<strong><big>·</big></strong> <a href=\"modules.php?op=modload&name=News&file=index&topic={$topic}\">" . _ALL_CATEGORIES . "</a><br />";
}
for (; !$result->EOF; $result->MoveNext()) {
$srow = $result->GetRowAssoc(false);
if (pnSecAuthAction(0, 'Stories::Category', "{$srow['title']}::{$srow['catid']}", ACCESS_READ)) {
$column =& $pntable['stories_column'];
$result2 = $dbconn->Execute("SELECT {$column['time']} AS unixtime\n FROM {$pntable['stories']}\n WHERE {$column['catid']}=" . pnVarPrepForStore($srow['catid']) . " {$querylang}\n ORDER BY {$column['time']} DESC");
if (!$result2->EOF) {
$story = $result2->GetRowAssoc(false);
$story['unixtime'] = $result2->UnixTimeStamp($story['unixtime']);
$sdate = ml_ftime(_DATEBRIEF, $story['unixtime']);
if ($catid == $srow['catid']) {
$boxstuff .= "<strong><big>·</big></strong> <span class=\"pn-title\"><b>" . pnVarPrepForDisplay($srow['title']) . "</b></span> <span class=\"pn-sub\">(" . pnVarPrepForDisplay($sdate) . ")</span><br />";
} else {
$boxstuff .= "<strong><big>·</big></strong> <a class=\"pn-normal\" href=\"modules.php?op=modload&name=News&file=index&catid={$srow['catid']}&topic={$topic}\">" . pnVarPrepForDisplay($srow['title']) . "</a> <span class=\"pn-sub\">(" . pnVarPrepForDisplay($sdate) . ")</span><br />";
}
}
}
}
}
$boxstuff .= '</span>';
if (empty($row['title'])) {
$row['title'] = _CATEGORIES;
}
$row['content'] = $boxstuff;
return themesideblock($row);
}
function mediashare_sourcesapi_addSource($args)
{
$dom = ZLanguage::getModuleDomain('mediashare');
$title = $args['title'];
$name = $args['name'];
$pntable = pnDBGetTables();
$sourcesColumn = $pntable['mediashare_sources_column'];
$source = array('name' => $name, 'title' => $title, 'formEncType' => '');
$result = DBUtil::insertObject($source, 'mediashare_sources', 'id');
if ($result === false) {
return LogUtil::registerError(__f('Error in %1$s: %2$s.', array('sourcesapi.addSource', 'Could not add a source.'), $dom));
}
return true;
}
function blocks_weblinks_display($row)
{
list($dbconn) = pnDBGetConn();
$pntable = pnDBGetTables();
if (!pnSecAuthAction(0, 'Weblinksblock::', "{$row['title']}::", ACCESS_READ)) {
return;
}
$url = explode('|', $row['url']);
if (!$url[0]) {
$row['content'] = 'You forgot to set the module name!';
return themesideblock($row);
}
if (!$url[1]) {
$url[1] = 10;
}
$links_col =& $pntable['links_links_column'];
$linksok = 0;
$linkcount = 0;
$result = $dbconn->Execute("SELECT {$links_col['cat_id']}, {$links_col['title']} FROM {$pntable['links_links']} ORDER BY {$links_col['date']} DESC");
while (list($cid, $title) = $result->fields) {
$result->MoveNext();
$linkcount++;
if (pnSecAuthAction(0, "Web Links::Category", "{$title}::{$cid}", ACCESS_READ)) {
$linksok++;
}
if ($linksok == $url[1]) {
break;
}
}
$oldurl = $url[1];
$url[1] = $linkcount;
$row['content'] = '<span class="pn-normal">';
$links_col =& $pntable['links_links_column'];
$cats_col =& $pntable['links_categories_column'];
$sql = "SELECT {$links_col['lid']} as lid, {$links_col['cat_id']} as catid, {$links_col['title']} as title, {$links_col['description']} as description, {$links_col['hits']} as hits, IF({$links_col['cat_id']}, CONCAT('/', {$cats_col['title']}), {$cats_col['title']}) AS cattitle\n FROM {$pntable['links_links']}\n LEFT JOIN {$pntable['links_categories']}\n ON {$cats_col['cat_id']}={$links_col['cat_id']}\n ORDER BY {$links_col['date']} DESC";
$result = $dbconn->SelectLimit($sql, $url[1]);
while (!$result->EOF) {
$lrow = $result->GetRowAssoc(false);
if (pnSecAuthAction(0, "Web Links::Category", "{$lrow['cattitle']}::{$lrow['catid']}", ACCESS_READ)) {
$lrow['title'] = pnVarPrepForDisplay($lrow['title']);
$lrow['description'] = pnVarPrepHTMLDisplay($lrow['description']);
$lrow['cattitle'] = pnVarPrepForDisplay($lrow['cattitle']);
$row['content'] .= "<strong><big>·</big></strong> <a href=\"modules.php?op=modload&name={$url['0']}&file=index&req=visit&lid={$lrow['lid']}\" target=\"_blank\" title=\"{$lrow['cattitle']}:\n{$lrow['description']}\" class=\"pn-sub\">{$lrow['title']}</a><br>\n";
$result->MoveNext();
}
}
//$row['content'] .= "<div align=\"right\"><font class=\"pn-sub\"><a href=\"modules.php?op=modload&name=Web_Links&file=index&req=NewLinks&newlinkshowdays=10\">"._READMORE."</a></font></div>";
$row['content'] .= '</span>';
return themesideblock($row);
}
function dplink_user_main()
{
$url = trim(pnModGetVar('dplink', 'url'));
$window = pnModGetVar('dplink', 'use_window');
$wrap = pnModGetVar('dplink', 'use_postwrap');
$user_data = array();
$home = pnGetBaseURL();
$home .= 'user.php?op=loginscreen&module=NS-User';
if (!pnUserLoggedIn()) {
pnRedirect($home);
}
// We need to get the user password string from the database
$uid = pnUserGetVar('uid');
list($dbconn) = pnDBGetConn();
$pntables = pnDBGetTables();
$usertable = $pntables['users'];
$usercol =& $pntables['users_column'];
$sql = "SELECT {$usercol['uname']}, {$usercol['pass']}, {$usercol['name']}, {$usercol['email']} " . "FROM {$usertable} WHERE {$usercol['uid']} = {$uid}";
$result = $dbconn->Execute($sql);
if ($dbconn->ErrorNo() != 0) {
die('Could not get user details');
}
if ($result->EOF) {
die('Could not get user detail');
}
list($uname, $password, $user_name, $user_email) = $result->fields;
$result->Close();
$user_data['login'] = $uname;
$user_data['passwd'] = $password;
$user_data['name'] = $user_name;
$user_data['email'] = $user_email;
$parm = serialize($user_data);
$check = md5($parm);
$cparm = gzcompress($parm);
$bparm = urlencode(base64_encode($cparm));
if ($window) {
$url .= '/index.php?login=pn&userdata=' . $bparm . '&check=' . $check;
header('Location: ' . $url);
} else {
$url .= '/index.php?login=pn%26userdata=' . $bparm . '%26check=' . $check;
if ($wrap) {
header('Location: modules.php?op=modload&name=PostWrap&file=index&page=' . $url);
} else {
header('Location: modules.php?op=modload&name=dplink&file=index&url=' . $url);
}
}
exit;
}
function blocks_banner_block($row)
{
list($dbconn) = pnDBGetConn();
$pntable = pnDBGetTables();
if (!pnSecAuthAction(0, "Bannersblock::", "{$row['title']}::", ACCESS_READ)) {
return;
}
$url = explode('|', $row['url']);
// to have some start variables
if (!$url[0]) {
$url[0] = "3";
}
// get the banner through the new banner api and assign type
$row['content'] = "<br><center>" . pnBannerDisplay($url[0]) . "</center>";
return themesideblock($row);
}
function updateFile($orgFileReference, $newFilename)
{
$dom = ZLanguage::getModuleDomain('mediashare');
$pntable = pnDBGetTables();
$mediadbTable = $pntable['mediashare_mediadb'];
$mediadbColumn = $pntable['mediashare_mediadb_column'];
$data = file_get_contents($newFilename);
$bytes = count($data);
$orgFileReference = DataUtil::formatForStore($orgFileReference);
$sql = "UPDATE {$mediadbTable}\n SET {$mediadbColumn['data']} = '" . DataUtil::formatForStore($data) . "',\n {$mediadbColumn['bytes']} = '{$bytes}'\n WHERE {$mediadbColumn['fileref']} = '{$orgFileReference}'";
$result = DBUtil::executeSQL($sql);
if ($result === false) {
return LogUtil::registerError(__f('Error in %1$s: %2$s.', array('vfsHandlerDB.updateFile', 'Could not update the file information.'), $dom));
}
return true;
}
/**
* display block
*/
function template_firstblock_display($blockinfo)
{
// Security check
if (!pnSecAuthAction(0, 'Template:Firstblock:', "{$blockinfo['title']}::", ACCESS_READ)) {
return;
}
// Get variables from content block
$vars = pnBlockVarsFromContent($blockinfo['content']);
// Defaults
if (empty($vars['numitems'])) {
$vars['numitems'] = 5;
}
// Database information
pnModDBInfoLoad('Template');
list($dbconn) = pnDBGetConn();
$pntable = pnDBGetTables();
$templatetable = $pntable['template'];
$templatecolumn =& $pntable['template_column'];
// Query
$sql = "SELECT {$templatecolumn['tid']},\n {$templatecolumn['name']}\n FROM {$templatetable}\n ORDER by {$templatecolumn['name']}";
$result = $dbconn->SelectLimit($sql, $vars['numitems']);
if ($dbconn->ErrorNo() != 0) {
return;
}
if ($result->EOF) {
return;
}
// Create output object
$output = new pnHTML();
// Display each item, permissions permitting
for (; !$result->EOF; $result->MoveNext()) {
list($tid, $name) = $result->fields;
if (pnSecAuthAction(0, 'Template::', "{$name}::{$tid}", ACCESS_OVERVIEW)) {
if (pnSecAuthAction(0, 'Template::', "{$name}::{$tid}", ACCESS_READ)) {
$output->URL(pnModURL('Template', 'user', 'viewdetail', array('tid' => $tid)), $name);
} else {
$output->Text($name);
}
$output->Linebreak();
}
}
// Populate block info and pass to theme
$blockinfo['content'] = $output->GetOutput();
return themesideblock($blockinfo);
}
function blocks_user_block($row)
{
list($dbconn) = pnDBGetConn();
$pntable = pnDBGetTables();
if (!pnSecAuthAction(0, 'Userblock::', "{$row['title']}::", ACCESS_READ)) {
return;
}
if (pnUserLoggedIn() && pnUserGetVar('ublockon') == 1) {
$column =& $pntable['users_column'];
$uid = pnUserGetVar('uid');
$getblock = $dbconn->Execute("SELECT {$column['ublock']} FROM {$pntable['users']} WHERE {$column['uid']}=" . pnVarPrepForStore($uid) . "");
list($ublock) = $getblock->fields;
$username = pnUserGetVar('name');
$row['title'] = _MENUFOR . " " . pnVarPrepForDisplay($username) . "";
$row['content'] = $ublock;
return themesideblock($row);
}
}
function blocks_big_block($row)
{
$pntable = pnDBGetTables();
if (!pnSecAuthAction(0, 'Bigblock::', "{$row['title']}::", ACCESS_READ)) {
return;
}
$today = getdate();
$day = $today["mday"];
if ($day < 10) {
$day = "0{$day}";
}
$month = $today["mon"];
if ($month < 10) {
$month = "0{$month}";
}
$year = $today["year"];
$tdate = "{$year}-{$month}-{$day}";
$column =& $pntable['stories_column'];
$articles = getArticles("{$column['time']} LIKE '%{$tdate}%'\n AND {$column['ihome']} = 0\n AND {$column['counter']} > 0", "{$column['counter']} DESC", "1");
if (empty($articles)) {
return;
} else {
$info = genArticleInfo($articles[0]);
if (pnSecAuthAction(0, 'Stories::Story', "{$info['aid']}:{$info['cattitle']}:{$info['sid']}", ACCESS_READ) && pnSecAuthAction(0, 'Topics::Topic', "{$info['topicname']}::{$info['tid']}", ACCESS_READ)) {
$links = genArticleLinks($articles[0]);
$preformat = genArticlePreformat($info, $links);
$content = '<span class="pn-normal">' . _BIGSTORY . '</span><br /><br />';
$content .= $preformat['title'];
} else {
return;
}
}
if (empty($row['title'])) {
$row['title'] = _TODAYBIG;
}
if (empty($content)) {
return;
}
$row['content'] = $content;
return themesideblock($row);
}
function getusrinfo($user)
{
global $userinfo;
if (empty($user)) {
return;
}
if (isset($userinfo['uid'])) {
return $userinfo;
}
$user3 = cookiedecode();
list($dbconn) = pnDBGetConn();
$pntable = pnDBGetTables();
$column = $pntable['users_column'];
$sql = "SELECT {$column['uid']} AS uid,\n {$column['name']} AS name,\n {$column['uname']} AS uname,\n {$column['email']} AS email,\n {$column['femail']} AS femail,\n {$column['url']} AS url,\n {$column['user_avatar']} AS user_avatar,\n {$column['user_icq']} AS user_icq,\n {$column['user_occ']} AS user_occ,\n {$column['user_from']} AS user_from,\n {$column['user_intrest']} AS user_intrest,\n {$column['user_sig']} AS user_sig,\n {$column['user_viewemail']} AS user_viewemail,\n {$column['user_theme']} AS user_theme,\n {$column['user_aim']} AS user_aim,\n {$column['user_yim']} AS user_yim,\n {$column['user_msnm']} AS user_msnm,\n {$column['pass']} AS pass,\n {$column['storynum']} AS storynum,\n {$column['umode']} AS umode,\n {$column['uorder']} AS uorder,\n {$column['thold']} AS thold,\n {$column['noscore']} AS noscore,\n {$column['bio']} AS bio,\n {$column['ublockon']} AS ublockon,\n {$column['ublock']} AS ublock,\n {$column['theme']} AS theme,\n {$column['commentmax']} AS commentmax,\n {$column['timezone_offset']} AS timezone_offset\n FROM {$pntable['users']}\n WHERE {$column['uname']} = '" . pnVarPrepForStore($user3[1]) . "'";
$result = $dbconn->Execute($sql);
if ($result->PO_RecordCount() == 1) {
$userinfo = $result->GetRowAssoc(false);
} else {
echo "Problem obtaining user information<br>";
}
return $userinfo;
}
function mediashare_searchapi_search($args)
{
$dom = ZLanguage::getModuleDomain('mediashare');
pnModDBInfoLoad('mediashare');
pnModDBInfoLoad('Search');
$pntable = pnDBGetTables();
$mediaTable = $pntable['mediashare_media'];
$mediaColumn = $pntable['mediashare_media_column'];
$albumsTable = $pntable['mediashare_albums'];
$albumsColumn = $pntable['mediashare_albums_column'];
$searchTable = $pntable['search_result'];
$searchColumn = $pntable['search_result_column'];
$sessionId = session_id();
// Find accessible albums
$accessibleAlbumSql = pnModAPIFunc('mediashare', 'user', 'getAccessibleAlbumsSql', array('access' => mediashareAccessRequirementViewSomething, 'field' => "media.{$mediaColumn['parentAlbumId']}"));
$albumText = __('Multimedia file in album: ', $dom);
$sql = "\nINSERT INTO {$searchTable}\n ({$searchColumn['title']},\n {$searchColumn['text']},\n {$searchColumn['module']},\n {$searchColumn['extra']},\n {$searchColumn['created']},\n {$searchColumn['session']})\nSELECT CONCAT(media.{$mediaColumn['title']}, ' [{$albumText}', album.{$albumsColumn['title']}, ']'),\n media.{$mediaColumn['description']},\n 'mediashare',\n CONCAT(album.{$albumsColumn['id']}, ':', media.{$mediaColumn['id']}),\n media.{$mediaColumn['createdDate']},\n '{$sessionId}'\nFROM {$mediaTable} media\nINNER JOIN {$albumsTable} album\n ON album.{$albumsColumn['id']} = media.{$mediaColumn['parentAlbumId']}\nWHERE ({$accessibleAlbumSql}) AND ";
$sql .= search_construct_where($args, array("media.{$mediaColumn['title']}", "media.{$mediaColumn['description']}", "media.{$mediaColumn['keywords']}"));
$dbresult = DBUtil::executeSQL($sql);
if (!$dbresult) {
return LogUtil::registerError(__('Error! Could not load items.', $dom));
}
return true;
}
function blocks_online_block($row)
{
list($dbconn) = pnDBGetConn();
$pntable = pnDBGetTables();
if (!pnSecAuthAction(0, 'Onlineblock::', "{$row['title']}::", ACCESS_READ)) {
return;
}
$sessioninfocolumn =& $pntable['session_info_column'];
$sessioninfotable = $pntable['session_info'];
$sessioninfocolumn =& $pntable['session_info_column'];
$sessioninfotable = $pntable['session_info'];
$activetime = time() - pnConfigGetVar('secinactivemins') * 60;
$query = "SELECT count( 1 )\n FROM {$sessioninfotable}\n WHERE {$sessioninfocolumn['lastused']} > {$activetime} AND {$sessioninfocolumn['uid']} >0\n\t\t GROUP BY {$sessioninfocolumn['uid']}\n\t\t ";
$result = $dbconn->Execute($query);
$numusers = $result->RecordCount();
$result->Close();
$query2 = "SELECT count( 1 )\n FROM {$sessioninfotable}\n WHERE {$sessioninfocolumn['lastused']} > {$activetime} AND {$sessioninfocolumn['uid']} = '0'\n\t\t\t GROUP BY {$sessioninfocolumn['ipaddr']}\n\t\t\t ";
$result2 = $dbconn->Execute($query2);
$numguests = $result2->RecordCount();
$result2->Close();
// Pluralise
if ($numguests == 1) {
$guests = _GUEST;
} else {
$guests = _GUESTS;
}
if ($numusers == 1) {
$users = _MEMBER;
} else {
$users = _MEMBERS;
}
$content = "<span class=\"pn-normal\">" . _CURRENTLY . " " . pnVarPrepForDisplay($numguests) . " " . pnVarPrepForDisplay($guests) . " " . _AND . " " . pnVarPrepForDisplay($numusers) . " " . pnVarPrepForDisplay($users) . " " . _ONLINE . "<br />\n";
if (pnUserLoggedIn()) {
$content .= '<br />' . _YOUARELOGGED . ' <b>' . pnUserGetVar('uname') . '</b>.<br />';
if (pnModAvailable('Messages')) {
// display private messages only when module is active
$column =& $pntable['priv_msgs_column'];
$result2 = $dbconn->Execute("SELECT count(*) FROM {$pntable['priv_msgs']} WHERE {$column['to_userid']}=" . pnUserGetVar('uid'));
list($numrow) = $result2->fields;
// get unread messages
$result3 = $dbconn->Execute("SELECT count(*) FROM {$pntable['priv_msgs']} WHERE {$column['to_userid']}=" . pnUserGetVar('uid') . " AND {$column['read_msg']}='0'");
list($unreadrow) = $result3->fields;
if ($numrow == 0) {
$content .= '<br /></span>';
} else {
$content .= "<br />" . _YOUHAVE . " (<a class=\"pn-normal\" href=\"modules.php?op=modload&name=Messages&file=index\" title=\"" . _PRIVATEMSGS . "\">" . pnVarPrepForDisplay($numrow) . "</a>|<a class=\"pn-normal\" href=\"modules.php?op=modload&name=Messages&file=index\" title=\"" . _PRIVATEMSGNEW . "\">" . pnVarPrepForDisplay($unreadrow) . "</a>) ";
if ($numrow == 1) {
$content .= _PRIVATEMSG;
} elseif ($numrow > 1) {
$content .= _PRIVATEMSGS;
}
$content .= "</span><br />";
}
}
} else {
$content .= '<br />' . _YOUAREANON . '</span><br />';
}
if (empty($row['title'])) {
$row['title'] = _WHOSONLINE;
}
$row['content'] = $content;
return themesideblock($row);
}
/**
* Get the uid of a user from the username
*
* @access public
* @author Michael Halbrook
* @since 1.9 - 19/04/2004
* @param uname $ the username
* @return mixed userid if found, false if not, void upon error
*/
function pnUserGetIDFromName($uname)
{
$uname = isset($uname) ? $uname : '';
if (!pnVarValidate($uname, 'uname')) {
return false;
}
static $uid = array();
if (isset($uid[$uname])) {
return $uid[$uname];
}
$dbconn =& pnDBGetConn(true);
$pntable =& pnDBGetTables();
$userstable = $pntable['users'];
$userscolumn =& $pntable['users_column'];
$query = "SELECT {$userscolumn['uid']}\n FROM {$userstable}\n WHERE {$userscolumn['uname']} = '" . pnVarPrepForStore($uname) . "'";
$result =& $dbconn->Execute($query);
if ($dbconn->ErrorNo() != 0) {
return;
}
if ($result->EOF) {
$uid[$uname] = false;
return false;
}
list($uid[$uname]) = $result->fields;
$result->Close();
return $uid[$uname];
}
/**
* Selects all of a given item from database.
*
* @param $from STRING required table name to select items from.
* @return array of options for dropdowns.
*/
function Meds_userapi_DBselect($args)
{
// Initialize the return variable early on.
$select = array();
// Permission check.
if (!pnSecAuthAction(0, 'Meds::', '::', ACCESS_OVERVIEW)) {
return $select;
}
// Define table to select from. (comparable to $object in other functions)
$from = (string) $args['from'];
// Define tables that can be selected from for dropdowns.
$tables = array('chem', 'company', 'moa', 'preserve');
// Ensure a valid table name was passed.
if (!in_array($from, $tables)) {
pnSessionSetVar('errormsg', 'Error selecting table from database.');
return false;
}
// Get database connection and tables references.
$dbconn =& pnDBGetConn(true);
$pntable =& pnDBGetTables();
// Dynamically create the table/field references based on $from.
$table =& $pntable['rx_' . $from];
$field =& $pntable['rx_' . $from . '_column'];
// Dynamically create the $id_field to select by.
$id_field = substr($from, 0, 4) . '_id';
// Create SQL to select the id and name of the item.
$sql = "SELECT {$field[$id_field]},\n {$field['name']}\n FROM {$table}\n ORDER BY {$field['name']}";
// Execute query.
$result = $dbconn->Execute($sql);
// Check for database errors.
if ($dbconn->ErrorNo() != 0) {
pnSessionSetVar('errormsg', _GETFAILED);
return false;
}
// Loop through $result set.
for (; !$result->EOF; $result->MoveNext()) {
// Extract data from result set.
list($id, $name) = $result->fields;
// Assign the data to the select array.
$select[$id] = array($id_field => $id, 'name' => $name);
}
// Close $result set.
$result->Close();
// Return.
return $select;
}
function httpreferer()
{
global $HTTP_SERVER_VARS;
/***
* Here we set up some variables for the rest of the script.
* if you want to see whats going on, set $DEBUG to 1
* I use $HTTP_HOST here because i dont want to deal with the need to have
* to see if $nuke_url is set correctly and whatnot. if you prefer to use
* $nuke_url isntead of HTTP_HOST, just uncomment the appropriate lines.
*/
$DEBUG = 0;
$HTTP_REFERER = getenv('HTTP_REFERER');
$HTTP_HOST = getenv('HTTP_HOST');
// nkame: PWS/IIS doesn't put those variables in the environment
if (empty($HTTP_HOST)) {
$HTTP_HOST = 'http://' . $HTTP_SERVER_VARS['HTTP_HOST'];
$HTTP_REFERER = $HTTP_SERVER_VARS['HTTP_REFERER'];
}
list($dbconn) = pnDBGetConn();
$pntable = pnDBGetTables();
if ($DEBUG == 1) {
echo "HTTP_HOST = " . $HTTP_HOST . "<br> HTTP_REFERER = " . $HTTP_REFERER . "<br>";
}
/***
* This is the first thing we need to check. what this does is see if
* HTTP_HOST is anywhere in HTTP_REFERER. This is so we dont log hits coming
* from our own domain.
*/
if (!ereg("{$HTTP_HOST}", $HTTP_REFERER)) {
/***
* If $HTTP_REFERER is not set, set $HTTP_REFERER to value "bookmark"
* This is to show how many people have this bookmarked or type in the
* URL into the browser. also so we dont have empty referers.
*/
if ($HTTP_REFERER == "") {
$HTTP_REFERER = "bookmark";
}
// grab a reference to our table column defs for easier reading below
$column =& $pntable['referer_column'];
/***
* Lets select from the table where we have $HTTP_REFERER (whether it be
* a valid referer or 'bookmark'. if we return 1 row, that means someones
* used this referer before and update the set appropriatly.
*
* If we dont have any rows (it returns 0), we have a new entry in the
* table, update accordingly.
*
* After we figure out what SQL statement we are using, lets perform the
* query and we're done !
*/
$check_sql = "SELECT count({$column['rid']}) as c \n FROM {$pntable['referer']} \n WHERE {$column['url']} = '" . $HTTP_REFERER . "'";
$result = $dbconn->Execute($check_sql);
if ($result === false) {
PN_DBMsgError($dbconn, __FILE__, __LINE__, "Error accesing to the database");
}
$row = $result->fields;
$count = $row[0];
if ($count == 1) {
$update_sql = "UPDATE {$pntable['referer']}\n SET {$column['frequency']} = {$column['frequency']} + 1\n WHERE {$column['url']} = '" . $HTTP_REFERER . "'";
} else {
/***
* "auto-increment" isn't portable so we have to use the standard
* interface for grabbing sequence numbers. The underlying
* implementation handles the correct method for the RDBMS we are
* using.
*/
$rid = $dbconn->GenId($pntable['referer'], true);
$update_sql = "INSERT INTO {$pntable['referer']}\n ({$column['rid']},\n {$column['url']},\n {$column['frequency']})\n VALUES\n (" . pnVarPrepForStore($rid) . ",\n '" . pnVarPrepForStore($HTTP_REFERER) . "',\n 1)";
}
$result = $dbconn->Execute($update_sql);
if ($result === false) {
error_log("error in referer.php, " . __LINE__ . ", sql='{$update_sql}'");
PN_DBMsgError($dbconn, __FILE__, __LINE__, "Error accesing to the database");
}
if ($DEBUG == 1) {
echo "<br>" . $check_sql . "<br>" . $update_sql . "<br>";
}
}
}
/**
* PHP function to garbage collect session information
* @private
*/
function pnSessionGC($maxlifetime)
{
list($dbconn) = pnDBGetConn();
$pntable = pnDBGetTables();
$sessioninfocolumn =& $pntable['session_info_column'];
$sessioninfotable = $pntable['session_info'];
switch (pnConfigGetVar('seclevel')) {
case 'Low':
// Low security - delete session info if user decided not to
// remember themself
$where = "WHERE {$sessioninfocolumn['vars']} NOT LIKE '%PNSVrememberme|%'\n AND {$sessioninfocolumn['lastused']} < " . (time() - pnConfigGetVar('secinactivemins') * 60);
break;
case 'Medium':
// Medium security - delete session info if session cookie has
// expired or user decided not to remember
// themself
$where = "WHERE ({$sessioninfocolumn['vars']} NOT LIKE '%PNSVrememberme|%'\n AND {$sessioninfocolumn['lastused']} < " . (time() - pnConfigGetVar('secinactivemins') * 60) . ")\n OR {$sessioninfocolumn['firstused']} < " . (time() - pnConfigGetVar('secmeddays') * 86400);
break;
case 'High':
default:
// High security - delete session info if user is inactive
$where = "WHERE {$sessioninfocolumn['lastused']} < " . (time() - pnConfigGetVar('secinactivemins') * 60);
break;
}
$query = "DELETE FROM {$sessioninfotable} {$where}";
$dbconn->Execute($query);
if ($dbconn->ErrorNo() != 0) {
return false;
}
return true;
}
/**
* get authorisation information for this user
*
* @public
* @return array two element array of user and group permissions
*/
function pnSecGetAuthInfo()
{
// Load the groups db info
pnModDBInfoLoad('Groups');
pnModDBInfoLoad('Permissions');
$dbconn =& pnDBGetConn(true);
$pntable =& pnDBGetTables();
// Tables we use
$userpermtable = $pntable['user_perms'];
$userpermcolumn =& $pntable['user_perms_column'];
$groupmembershiptable = $pntable['group_membership'];
$groupmembershipcolumn =& $pntable['group_membership_column'];
$grouppermtable = $pntable['group_perms'];
$grouppermcolumn =& $pntable['group_perms_column'];
$realmtable = $pntable['realms'];
$realmcolumn =& $pntable['realms_column'];
// Empty arrays
$userperms = array();
$groupperms = array();
$uids[] = -1;
// Get user ID
if (!pnUserLoggedIn()) {
// Unregistered UID
$uids[] = 0;
$vars['Active User'] = '******';
} else {
$uids[] = pnUserGetVar('uid');
$vars['Active User'] = pnUserGetVar('uid');
}
$uids = implode(",", $uids);
// Get user permissions
$query = "SELECT {$userpermcolumn['realm']},\n {$userpermcolumn['component']},\n {$userpermcolumn['instance']},\n {$userpermcolumn['level']}\n FROM {$userpermtable}\n WHERE {$userpermcolumn['uid']} IN (" . pnVarPrepForStore($uids) . ")\n ORDER by {$userpermcolumn['sequence']}";
$result =& $dbconn->Execute($query);
if ($dbconn->ErrorNo() != 0) {
return array($userperms, $groupperms);
}
while (list($realm, $component, $instance, $level) = $result->fields) {
$result->MoveNext();
//itevo
$component = fixsecuritystring($component);
$instance = fixsecuritystring($instance);
$userperms[] = array('realm' => $realm, 'component' => $component, 'instance' => $instance, 'level' => $level);
}
// Get all groups that user is in
$query = "SELECT {$groupmembershipcolumn['gid']}\n FROM {$groupmembershiptable}\n WHERE {$groupmembershipcolumn['uid']} IN (" . pnVarPrepForStore($uids) . ")";
$result =& $dbconn->Execute($query);
if ($dbconn->ErrorNo() != 0) {
return array($userperms, $groupperms);
}
$usergroups[] = -1;
if (!pnUserLoggedIn()) {
// Unregistered GID
$usergroups[] = 0;
}
while (list($gid) = $result->fields) {
$result->MoveNext();
$usergroups[] = $gid;
}
$usergroups = implode(",", $usergroups);
// Get all group permissions
$query = "SELECT {$grouppermcolumn['realm']},\n {$grouppermcolumn['component']},\n {$grouppermcolumn['instance']},\n {$grouppermcolumn['level']}\n FROM {$grouppermtable}\n WHERE {$grouppermcolumn['gid']} IN (" . pnVarPrepForStore($usergroups) . ")\n ORDER by {$grouppermcolumn['sequence']}";
$result =& $dbconn->Execute($query);
if ($dbconn->ErrorNo() != 0) {
return array($userperms, $groupperms);
}
while (list($realm, $component, $instance, $level) = $result->fields) {
$result->MoveNext();
//itevo
$component = fixsecuritystring($component);
$instance = fixsecuritystring($instance);
// Search/replace of special names
preg_match_all("/<([^>]+)>/", $instance, $res);
for ($i = 0; $i < count($res[1]); $i++) {
$instance = preg_replace("/<([^>]+)>/", $vars[$res[1][$i]], $instance, 1);
}
$groupperms[] = array('realm' => $realm, 'component' => $component, 'instance' => $instance, 'level' => $level);
}
// we've now got the permissions info
$GLOBALS['authinfogathered'] = 1;
return array($userperms, $groupperms);
}
/**
* set a configuration variable
* @param name the name of the variable
* @param value the value of the variable
* @returns bool
* @return true on success, false on failure
*/
function pnConfigSetVar($name, $value)
{
/*
* The database parameter are not allowed to change
*/
if (empty($name) || $name == 'dbtype' || $name == 'dbhost' || $name == 'dbuname' || $name == 'dbpass' || $name == 'dbname' || $name == 'system' || $name == 'prefix' || $name == 'encoded') {
return false;
}
/*
* Test on missing record
*
* Also solve SF-bug #580951
*/
$must_insert = true;
global $pnconfig;
foreach ($pnconfig as $k => $v) {
/*
* Test if the key name is in the array
*/
if ($k == $name) {
/*
* Set flag
*/
$must_insert = false;
/*
* Test on change. If not, just quit now
*/
if ($v == $value) {
return true;
}
/*
* End loop after success
*/
break;
}
}
/*
* Fetch base data
*/
list($dbconn) = pnDBGetConn();
$pntable = pnDBGetTables();
$table = $pntable['module_vars'];
$columns =& $pntable['module_vars_column'];
/*
* Update the table
*/
if ($must_insert) {
/*
* Insert
*/
$query = "INSERT INTO {$table}\n ({$columns['modname']},\n {$columns['name']},\n {$columns['value']})\n VALUES ('" . pnVarPrepForStore(_PN_CONFIG_MODULE) . "',\n '" . pnVarPrepForStore($name) . "',\n '" . pnVarPrepForStore(serialize($value)) . "')";
} else {
/*
* Update
*/
$query = "UPDATE {$table}\n SET {$columns['value']}='" . pnVarPrepForStore(serialize($value)) . "'\n WHERE {$columns['modname']}='" . pnVarPrepForStore(_PN_CONFIG_MODULE) . "'\n AND {$columns['name']}='" . pnVarPrepForStore($name) . "'";
}
$dbconn->Execute($query);
if ($dbconn->ErrorNo() != 0) {
return false;
}
/*
* Update my vars
*/
$pnconfig[$name] = $value;
return true;
}
$os = "SunOS";
} elseif (ereg("IRIX", getenv("HTTP_USER_AGENT"))) {
$os = "IRIX";
} elseif (ereg("BeOS", getenv("HTTP_USER_AGENT"))) {
$os = "BeOS";
} elseif (ereg("OS/2", getenv("HTTP_USER_AGENT"))) {
$os = "OS/2";
} elseif (ereg("AIX", getenv("HTTP_USER_AGENT"))) {
$os = "AIX";
} else {
$os = "Other";
}
/* Save on the databases the obtained values */
//global $pntable, $dbconn;
list($dbconn) = pnDBGetConn();
$pntable = pnDBGetTables();
$column =& $pntable['counter_column'];
$dbconn->Execute("UPDATE {$pntable['counter']}\n SET {$column['count']}={$column['count']}+1\n WHERE ({$column['type']}='total' AND {$column['var']}='hits')\n OR ({$column['var']}='" . pnVarPrepForStore($browser) . "' AND {$column['type']}='browser')\n OR ({$column['var']}='" . pnVarPrepForStore($os) . "' AND {$column['type']}='os')");
/* Per-Day-Counter */
$xydate = date("dmY");
$column =& $pntable['stats_date_column'];
$xyval = $dbconn->Execute("SELECT {$column['hits']} as hits\n FROM {$pntable['stats_date']}\n WHERE {$column['date']}='" . pnVarPrepForStore($xydate) . "'");
if ($dbconn->ErrorNo() != 0) {
echo "Error accessing stats information<P>";
}
$ttemp = $xyval->GetRowAssoc(false);
$xyval->MoveNext();
$happend = $ttemp['hits'];
if ($happend == "" || $happend == false || !$happend) {
$column =& $pntable['stats_date_column'];
$dbconn->Execute("INSERT INTO {$pntable['stats_date']}\n ({$column['date']}, {$column['hits']}) VALUES ('" . pnVarPrepForStore($xydate) . "','1')");
