function blocks_rss2_block($row)
{
if (!pnSecAuthAction(0, 'RSSblock::', "{$row['title']}::", ACCESS_READ)) {
return;
}
advheadlines2($row);
}
function blocks_search_block($row)
{
if (!pnSecAuthAction(0, 'Searchblock::', "{$row['title']}::", ACCESS_READ)) {
return;
}
$vars = getVarsFrom_search_Content($row);
$content = "<form method=\"post\" action=\"modules.php\">" . "<input type=\"hidden\" name=\"op\" value=\"modload\">" . "<input type=\"hidden\" name=\"name\" value=\"Search\">" . "<input type=\"hidden\" name=\"file\" value=\"index\">" . "<input type=\"hidden\" name=\"action\" value=\"search\">" . "<input type=\"hidden\" name=\"overview\" value=\"1\">";
$content .= "<br><center><input type=\"text\" name=\"q\" size=\"14\">";
if (isset($vars[_SEARCH_DISPLAY_BTN])) {
$content .= ' <input type="submit" value="' . _SEARCH . '">';
}
$content .= '</center>';
// list of vars that don't need to be saved
$avdsearch_reserved_vars = array(_SEARCH_DISPLAY_BTN, 'authid', 'bid', 'title', 'position', 'language', 'refresh');
foreach ($vars as $key => $value) {
if (in_array($key, $avdsearch_reserved_vars)) {
continue;
}
if (is_array($value)) {
foreach ($value as $val) {
$content .= "<input type=\"hidden\" name=\"{$key}\" value=\"{$val}\">\n";
}
} else {
$content .= "<input type=\"hidden\" name=\"{$key}\" value=\"{$value}\">\n";
}
}
$content .= "</form>";
if (empty($row['title'])) {
$row['title'] = _SEARCH;
}
$row['content'] = $content;
return themesideblock($row);
}
function blocks_related_block($row)
{
global $sid, $story;
list($dbconn) = pnDBGetConn();
$pntable = pnDBGetTables();
if (!pnSecAuthAction(0, 'Relatedblock::', "{$row['title']}::", ACCESS_READ)) {
return;
}
if ($story['topic']) {
$row['content'] = '<font class="pn-normal">';
$column =& $pntable['stories_column'];
$sql = "SELECT {$column['sid']} as sid, {$column['title']} as title FROM {$pntable['stories']} WHERE {$column['topic']}=" . pnVarPrepForStore($story['topic']) . " ORDER BY {$column['counter']} DESC";
$result = $dbconn->SelectLimit($sql, 1);
$mrow = $result->GetRowAssoc(false);
$result->MoveNext();
$column =& $pntable['related_column'];
$result = $dbconn->Execute("SELECT {$column['name']} as name, {$column['url']} as url FROM {$pntable['related']} WHERE {$column['tid']}=" . pnVarPrepForStore($story['topic']) . "");
while (!$result->EOF) {
$lrow = $result->GetRowAssoc(false);
$result->MoveNext();
$row['content'] .= "<strong><big>·</big></strong> <a href=\"{$lrow['url']}\" target=\"_blank\">" . pnVarPrepForDisplay($lrow['name']) . "</a><br>\n";
}
$row['content'] .= "<strong><big>·</big></strong> <a href=\"advtopics.php?topic={$story['topic']}\">" . _MOREABOUT . " " . pnVarPrepForDisplay($story['topicname']) . "</a><br>\n" . "<strong><big>·</big></strong> <a class=\"pn-normal\" href=\"modules.php?op=modload&name=Search&file=index&action=search&overview=1&active_stories=1&stories_author={$story['aid']}\">" . _NEWSBY . " " . pnVarPrepForDisplay($story['aid']) . "</a><br>\n" . '</font><br><hr noshade width="95%" size="1"><b>' . _MOSTREAD . " " . pnVarPrepForDisplay($story['topicname']) . ":</b><br>\n" . "<center><a href=\"advarticle.php?sid={$mrow['sid']}\">" . pnVarPrepForDisplay($mrow['title']) . "</a></center><br><br>\n" . '<div align="right">' . "<a href=\"print.php?sid={$mrow['sid']}\"><img src=\"images/global/print.gif\" border=\"0\" alt=\"" . _PRINTER . "\"></a> " . "<a class=\"pn-normal\" href=\"modules.php?op=modload&name=Recommend_Us&file=index&req=FriendSend&sid={$sid}\"><img src=\"images/global/friend.gif\" border=\"0\" Alt=\"" . _FRIEND . "\"></a>\n" . '</div>';
return themesideblock($row);
}
}
/**
* Smarty function to display admin links for the example module
* based on the user's permissions
*
* Example
* <!--[exampleadminlinks start="[" end="]" seperator="|" class="pn-menuitem-title"]-->
*
* @author Andreas Krapohl
* @since 10/01/04
* @see function.exampleadminlinks.php::smarty_function_exampleadminlinks()
* @param array $params All attributes passed to this function from the template
* @param object &$smarty Reference to the Smarty object
* @param string $start start string
* @param string $end end string
* @param string $seperator link seperator
* @param string $class CSS class
* @return string the results of the module function
*/
function smarty_function_exampleadminlinks($params, &$smarty)
{
extract($params);
unset($params);
// set some defaults
if (!isset($start)) {
$start = '[';
}
if (!isset($end)) {
$end = ']';
}
if (!isset($seperator)) {
$seperator = '|';
}
if (!isset($class)) {
$class = 'pn-menuitem-title';
}
$adminlinks = "<span class=\"{$class}\">{$start} ";
if (pnSecAuthAction(0, 'Example::', '::', ACCESS_READ)) {
$adminlinks .= "<a href=\"" . pnVarPrepHTMLDisplay(pnModURL('Example', 'admin', 'view')) . "\">" . _VIEW . "</a> ";
}
if (pnSecAuthAction(0, 'Example::', '::', ACCESS_ADD)) {
$adminlinks .= "{$seperator} <a href=\"" . pnVarPrepHTMLDisplay(pnModURL('Example', 'admin', 'new')) . "\">" . _NEW . "</a> ";
}
if (pnSecAuthAction(0, 'Example::', '::', ACCESS_ADMIN)) {
$adminlinks .= "{$seperator} <a href=\"" . pnVarPrepHTMLDisplay(pnModURL('Example', 'admin', 'modifyconfig')) . "\">" . _MODIFYCONFIG . "</a> ";
}
$adminlinks .= "{$end}</span>\n";
return $adminlinks;
}
function blocks_html_block($row)
{
if (!pnSecAuthAction(0, 'HTMLblock::', "{$row['title']}::", ACCESS_OVERVIEW)) {
return;
}
return themesideblock($row);
}
function SERVICE_CMSOPEN_postnuke($authenticate_only)
{
global $phpnuke, $default_access, $web_root, $root_dir, $cms_user_access, $cms_type, $include_path;
if (!defined("LOADED_AS_MODULE") and $phpnuke == "false") {
die("You can't access this file directly...<br><br>Generally this means that Jinzora was " . "installed as a PostNuke module and you're trying to access it outside of PostNuke");
}
if (function_exists('pnSecAuthAction')) {
if (!pnSecAuthAction(0, 'Jinzora::', "::", ACCESS_READ)) {
include 'header.php';
die('Access Denied');
include 'footer.php';
}
}
// Now let's get the users name IF we need it
if (pnUserGetVar('uname') != "") {
$username = pnUserGetVar('uname');
} else {
$username = "******";
}
// Ok, now let's authenticate this user
userAuthenticate($username);
// Now let's see if we only wanted the user access
if ($authenticate_only == true) {
return;
}
include_once "header.php";
// Now let's open the table
OpenTable();
}
function blocks_ephem_block($row)
{
list($dbconn) = pnDBGetConn();
$pntable = pnDBGetTables();
$currentlang = pnUserGetLang();
if (!pnSecAuthAction(0, 'Ephemeridsblock::', "{$row['title']}::", ACCESS_READ)) {
return;
}
if (pnConfigGetVar('multilingual') == 1) {
$column =& $pntable['ephem_column'];
$querylang = "AND ({$column['elanguage']}='" . pnVarPrepForStore($currentlang) . "' OR {$column['elanguage']}='')";
} else {
$querylang = "";
}
$today = getdate();
$eday = $today['mday'];
$emonth = $today['mon'];
$column =& $pntable['ephem_column'];
$result = $dbconn->Execute("SELECT {$column['yid']}, {$column['content']}\n FROM {$pntable['ephem']}\n WHERE {$column['did']}='" . pnVarPrepForStore($eday) . "' AND {$column['mid']}='" . pnVarPrepForStore($emonth) . "' {$querylang}");
$boxstuff = '<span class="pn-normal"><b>' . _ONEDAY . '</b></span><br />';
while (list($yid, $content) = $result->fields) {
$result->MoveNext();
$boxstuff .= '<br /><br />';
$boxstuff .= '<b>' . pnVarPrepForDisplay($yid) . '</b><br />' . pnVarPrepHTMLDisplay(nl2br($content)) . '';
}
if (empty($row['title'])) {
$row['title'] = _EPHEMERIDS;
}
$row['content'] = $boxstuff;
return themesideblock($row);
}
function blocks_rss_block($row)
{
if (!pnSecAuthAction(0, 'RSSblock::', "{$row['title']}::", ACCESS_READ)) {
return;
}
$row = blocks_rss_refresh($row);
blocks_rss_display($row);
}
function blocks_thelang_block($row)
{
$currentlang = pnUserGetLang();
if (!pnSecAuthAction(0, 'Languageblock::', "{$row['title']}::", ACCESS_OVERVIEW)) {
return;
}
if (!pnConfigGetVar('multilingual')) {
return;
}
$currentURL = $_SERVER['REQUEST_URI'];
if ($currentURL === "") {
$currentURL = "index.php";
}
$pattern = '/\\?newlang=.../';
$currentURL = preg_replace($pattern, '', $currentURL);
$pattern = '/\\&newlang=.../';
$currentURL = pnVarPrepForDisplay(preg_replace($pattern, '', $currentURL));
$append = "&";
if (strpos($currentURL, '?') === false) {
$append = "?";
}
$lang = languagelist();
$handle = opendir('language');
while ($f = readdir($handle)) {
if (is_dir("language/{$f}") && !empty($lang[$f])) {
$langlist[$f] = $lang[$f];
$sel_lang[$f] = '';
}
}
asort($langlist);
$content = '<center><font class="pn-normal">' . _SELECTGUILANG . '</font><br><br>';
if (pnConfigGetVar('useflags')) {
$i = 1;
foreach ($langlist as $k => $v) {
if ($i > 3) {
$content .= "<br>\n";
$i = 1;
}
$imgsize = @getimagesize("images/flags/flag-{$k}.png");
$content .= "<a href=\"{$currentURL}" . $append . "newlang={$k}\"><img src=\"images/flags/flag-{$k}.png\" border=\"0\" alt=\"{$lang[$k]}\" hspace=\"3\" vspace=\"3\" {$imgsize['3']}></a>";
$i++;
}
$content .= '</center>';
} else {
$content .= '<form method="post" action="index.php"><select class="pn-text" name="newlanguage" onChange="top.location.href=this.options[this.selectedIndex].value">';
$sel_lang[$currentlang] = ' selected';
foreach ($langlist as $k => $v) {
$content .= "<option value=\"{$currentURL}" . $append . "newlang={$k}\"{$sel_lang[$k]}>{$v}</option>\n";
}
$content .= '</select></form></center>';
}
if (empty($row['title'])) {
$row['title'] = _SELECTLANGUAGE;
}
$row['content'] = $content;
return themesideblock($row);
}
function blocks_topic_block($row)
{
//global $topic, $catid;
list($dbconn) = pnDBGetConn();
$pntable = pnDBGetTables();
$currentlang = pnUserGetLang();
if (!pnSecAuthAction(0, 'Topicblock::', "{$row['title']}::", ACCESS_READ)) {
return;
}
$language = pnConfigGetVar('language');
$topic = "";
$catid = "";
if (pnConfigGetVar('multilingual') == 1) {
$column =& $pntable['stories_column'];
$querylang = "AND ({$column['alanguage']}='{$currentlang}' OR {$column['alanguage']}='')";
/* the OR is needed to display stories who are posted to ALL languages */
} else {
$querylang = '';
}
$column =& $pntable['topics_column'];
$result = $dbconn->Execute("SELECT {$column['topicid']} AS topicid, {$column['topicname']} as topicname FROM {$pntable['topics']} ORDER BY topicname");
if ($result->EOF) {
return;
} else {
$boxstuff = '<span class="pn-normal">';
if ($topic == "") {
$boxstuff .= "<strong><big>·</big></strong> <b><a href=\"modules.php?op=modload&name=Topics&file=index\">" . _ALL_TOPICS . "</a></b><br>";
} else {
$boxstuff .= "<strong><big>·</big></strong> <a href=\"modules.php?op=modload&name=News&file=index&catid={$catid}\">" . _ALL_TOPICS . "</a><br>";
}
while (!$result->EOF) {
$srow = $result->GetRowAssoc(false);
$result->MoveNext();
if (pnSecAuthAction(0, 'Topics::Topic', "{$srow['topicname']}::{$srow['topicid']}", ACCESS_READ)) {
$column =& $pntable['stories_column'];
$result2 = $dbconn->Execute("SELECT {$column['time']} AS unixtime FROM {$pntable['stories']} WHERE {$column['topic']}={$srow['topicid']} {$querylang} ORDER BY {$column['time']} DESC");
if (!$result2->EOF) {
$story = $result2->GetRowAssoc(false);
$story['unixtime'] = $result2->UnixTimeStamp($story['unixtime']);
$sdate = ml_ftime(_DATEBRIEF, $story['unixtime']);
if ($topic == $srow['topicid']) {
$boxstuff .= "<strong><big>·</big></strong> <span class=\"pn-title\"><b>{$srow['topicname']}</b></span> <span class=\"pn-sub\">({$sdate})</span><br>";
} else {
$boxstuff .= "<strong><big>·</big></strong> <a class=\"pn-normal\" href=\"modules.php?op=modload&name=News&file=index&catid={$catid}&topic={$srow['topicid']}\">{$srow['topicname']}</a> <span class=\"pn-sub\">({$sdate})</span><br>";
}
}
}
}
}
$boxstuff .= '</span>';
if (empty($row['title'])) {
$row['title'] = _TOPICS;
}
$row['content'] = $boxstuff;
return themesideblock($row);
}
function blocks_login_block($row)
{
global $HTTP_SERVER_VARS;
if (empty($row['title'])) {
$row['title'] = 'Login';
}
if (!pnSecAuthAction(0, 'Loginblock::', "{$row['title']}::", ACCESS_READ)) {
return;
}
// code taken pnGetBaseURI to fix issue with IIS not passing request_uri
// markwest
// Start of with REQUEST_URI
if (isset($HTTP_SERVER_VARS['REQUEST_URI'])) {
$path = $HTTP_SERVER_VARS['REQUEST_URI'];
} else {
$path = getenv('REQUEST_URI');
}
if (empty($path) || substr($path, -1, 1) == '/') {
// REQUEST_URI was empty or pointed to a path
// Try looking at PATH_INFO
$path = getenv('PATH_INFO');
if (empty($path)) {
// No luck there either
// Try SCRIPT_NAME
if (isset($HTTP_SERVER_VARS['SCRIPT_NAME'])) {
$path = $HTTP_SERVER_VARS['SCRIPT_NAME'];
} else {
$path = getenv('SCRIPT_NAME');
}
}
}
if (!pnUserLoggedIn()) {
// prettified a little with a table for inputs and button to avoid bugs like #493456 (Andy Varganov)
$boxstuff = '<form action="user.php" method="post">';
$boxstuff .= '<table border="0" width="100%" cellspacing="0" cellpadding="1"><tr><td>';
$boxstuff .= '<span class="pn-normal"> ' . _BLOCKNICKNAME . '</span></td></tr><tr><td>';
$boxstuff .= '<input type="text" name="uname" size="14" maxlength="25"></td></tr><tr><td>';
$boxstuff .= '<span class="pn-normal"> ' . _BLOCKPASSWORD . '</span></td></tr><tr><td>';
$boxstuff .= '<input type="password" name="pass" size="14" maxlength="20"></td></tr><tr><td>';
if (pnConfigGetVar('seclevel') != 'High') {
$boxstuff .= '<input type="checkbox" value="1" name="rememberme" />';
$boxstuff .= '<span class="pn-normal"> ' . _REMEMBERME . '</span></td></tr><tr><td>';
}
$boxstuff .= '<br>';
$boxstuff .= '<input type="hidden" name="module" value="NS-User" />';
$boxstuff .= '<input type="hidden" name="op" value="login" />';
$boxstuff .= '<input type="hidden" name="url" value="' . pnVarPrepForDisplay($path) . '" />';
$boxstuff .= '<input type="submit" value="' . _LOGIN . '" /></td></tr><tr><td>';
$boxstuff .= '<br /><span class="pn-normal">' . _ASREGISTERED . '</span></td></tr><tr><td></table></form>';
if (empty($row['title'])) {
$row['title'] = _LOGIN;
}
$row['content'] = $boxstuff;
return themesideblock($row);
}
}
function search_comments_opt()
{
global $bgcolor2, $textcolor1, $info;
$output = new pnHTML();
$output->SetInputMode(_PNH_VERBATIMINPUT);
if (pnSecAuthAction(0, 'Stories::', "::", ACCESS_READ)) {
$output->Text("<table border=\"0\" width=\"100%\"><tr bgcolor=\"{$bgcolor2}\"><td><font class=\"pn-normal\" style=\"text-color:{$textcolor1}\"><input type=\"checkbox\" name=\"active_comments\" id=\"active_comments\" value=\"1\" checked> " . _SEARCH_COMMENTS . "</font></td></tr></table>");
}
return $output->GetOutput();
}
function admin_menu($help_file = '')
{
$pntable = pnDBGetTables();
list($newsubs) = db_select_one_row("SELECT count(*) FROM {$pntable['queue']}");
if (!pnSecAuthAction(0, "::", '::', ACCESS_EDIT)) {
// suppress admin display - return to index.
pnRedirect('index.php');
} else {
menu_title('admin.php', _ADMINMENU);
menu_graphic(pnConfigGetVar('admingraphic'));
if ($help_file != '') {
menu_help($help_file, _ONLINEMANUAL);
}
$mods = pnModGetAdminMods();
if ($mods == false) {
// there aren't admin modules
return;
}
foreach ($mods as $mod) {
// Hack until the new news module comes into being
// TODO - remove this at appropriate time
if ($mod['name'] == 'AddStory') {
$mod['name'] = 'Stories';
}
if (pnSecAuthAction(0, "{$mod['name']}::", '::', ACCESS_EDIT)) {
if (file_exists("modules/" . pnVarPrepForOS($mod['directory']) . "/pnadmin.php")) {
$file = "modules/" . pnVarPrepForOS($mod['directory']) . "/pnimages/admin.";
if (file_exists($file . 'gif')) {
$imgfile = $file . 'gif';
} elseif (file_exists($file . 'jpg')) {
$imgfile = $file . 'jpg';
} elseif (file_exists($file . 'png')) {
$imgfile = $file . 'png';
} else {
$imgfile = 'modules/NS-Admin/images/default.gif';
}
menu_add_option(pnVarPrepForDisplay(pnModURL($mod['name'], 'admin')), $mod['displayname'], $imgfile);
} else {
$file = "modules/" . pnVarPrepForOS($mod['directory']) . "/images/admin.";
if (file_exists($file . 'gif')) {
$imgfile = $file . 'gif';
} elseif (file_exists($file . 'jpg')) {
$imgfile = $file . 'jpg';
} elseif (file_exists($file . 'png')) {
$imgfile = $file . 'png';
} else {
$imgfile = 'modules/NS-Admin/images/default.gif';
}
menu_add_option("admin.php?module={$mod['directory']}&op=main", $mod['displayname'], $imgfile);
}
}
}
}
}
function Tools_admin_main()
{
// Permission check.
if (!pnSecAuthAction(0, 'Tools::', '::', ACCESS_ADMIN)) {
return pnVarPrepHTMLDisplay(_MODNOAUTH);
}
// Create a new output object.
$pnRender =& new pnRender('Tools');
// Return template.
return $pnRender->fetch('tools_admin.htm');
}
function blocks_php_block($row)
{
if (!pnSecAuthAction(0, 'PHPblock::', "{$row['title']}::", ACCESS_READ)) {
return;
}
ob_start();
print eval($row['content']);
$row['content'] = ob_get_contents();
ob_end_clean();
return themesideblock($row);
}
function blocks_category_block($row)
{
global $topic, $catid;
list($dbconn) = pnDBGetConn();
$pntable = pnDBGetTables();
if (!pnSecAuthAction(0, 'Categoryblock::', "{$row['title']}::", ACCESS_READ)) {
return;
}
if (pnConfigGetVar('multilingual') == 1) {
$column =& $pntable['stories_column'];
$querylang = "AND ({$column['alanguage']}='" . pnVarPrepForStore(pnUserGetLang()) . "' OR {$column['alanguage']}='')";
/* the OR is needed to display stories who are posted to ALL languages */
} else {
$querylang = '';
}
$column =& $pntable['stories_cat_column'];
$result = $dbconn->Execute("SELECT {$column['catid']} as catid, {$column['title']} as title FROM {$pntable['stories_cat']} ORDER BY {$column['title']}");
if ($result->EOF) {
return;
} else {
$boxstuff = '<span class="pn-normal">';
if ($catid == "") {
// $boxstuff .= '<strong><big>·</big></strong> <b>'._ALL_CATEGORIES.'</b><br />';
$boxstuff .= "";
} else {
$boxstuff .= "<strong><big>·</big></strong> <a href=\"modules.php?op=modload&name=News&file=index&topic={$topic}\">" . _ALL_CATEGORIES . "</a><br />";
}
for (; !$result->EOF; $result->MoveNext()) {
$srow = $result->GetRowAssoc(false);
if (pnSecAuthAction(0, 'Stories::Category', "{$srow['title']}::{$srow['catid']}", ACCESS_READ)) {
$column =& $pntable['stories_column'];
$result2 = $dbconn->Execute("SELECT {$column['time']} AS unixtime\n FROM {$pntable['stories']}\n WHERE {$column['catid']}=" . pnVarPrepForStore($srow['catid']) . " {$querylang}\n ORDER BY {$column['time']} DESC");
if (!$result2->EOF) {
$story = $result2->GetRowAssoc(false);
$story['unixtime'] = $result2->UnixTimeStamp($story['unixtime']);
$sdate = ml_ftime(_DATEBRIEF, $story['unixtime']);
if ($catid == $srow['catid']) {
$boxstuff .= "<strong><big>·</big></strong> <span class=\"pn-title\"><b>" . pnVarPrepForDisplay($srow['title']) . "</b></span> <span class=\"pn-sub\">(" . pnVarPrepForDisplay($sdate) . ")</span><br />";
} else {
$boxstuff .= "<strong><big>·</big></strong> <a class=\"pn-normal\" href=\"modules.php?op=modload&name=News&file=index&catid={$srow['catid']}&topic={$topic}\">" . pnVarPrepForDisplay($srow['title']) . "</a> <span class=\"pn-sub\">(" . pnVarPrepForDisplay($sdate) . ")</span><br />";
}
}
}
}
}
$boxstuff .= '</span>';
if (empty($row['title'])) {
$row['title'] = _CATEGORIES;
}
$row['content'] = $boxstuff;
return themesideblock($row);
}
function search_comments_opt()
{
global $bgcolor2, $textcolor1;
if (!pnModAvailable('Comments')) {
return;
}
$output =& new pnHTML();
$output->SetInputMode(_PNH_VERBATIMINPUT);
if (pnSecAuthAction(0, 'Stories::', "::", ACCESS_READ)) {
$output->Text("<table border=\"0\" width=\"100%\"><tr style=\"background-color:{$bgcolor2}\"><td>\n\t\t<span style=\"text-color:{$textcolor1}\">\n\t\t<input type=\"checkbox\" name=\"active_comments\" id=\"active_comments\" value=\"1\" checked=\"checked\" tabindex=\"0\" /> \n\t\t<label for=\"active_comments\">" . _SEARCH_COMMENTS . "</label>\n\t\t</span></td></tr></table>");
}
return $output->GetOutput();
}
function blocks_weblinks_display($row)
{
list($dbconn) = pnDBGetConn();
$pntable = pnDBGetTables();
if (!pnSecAuthAction(0, 'Weblinksblock::', "{$row['title']}::", ACCESS_READ)) {
return;
}
$url = explode('|', $row['url']);
if (!$url[0]) {
$row['content'] = 'You forgot to set the module name!';
return themesideblock($row);
}
if (!$url[1]) {
$url[1] = 10;
}
$links_col =& $pntable['links_links_column'];
$linksok = 0;
$linkcount = 0;
$result = $dbconn->Execute("SELECT {$links_col['cat_id']}, {$links_col['title']} FROM {$pntable['links_links']} ORDER BY {$links_col['date']} DESC");
while (list($cid, $title) = $result->fields) {
$result->MoveNext();
$linkcount++;
if (pnSecAuthAction(0, "Web Links::Category", "{$title}::{$cid}", ACCESS_READ)) {
$linksok++;
}
if ($linksok == $url[1]) {
break;
}
}
$oldurl = $url[1];
$url[1] = $linkcount;
$row['content'] = '<span class="pn-normal">';
$links_col =& $pntable['links_links_column'];
$cats_col =& $pntable['links_categories_column'];
$sql = "SELECT {$links_col['lid']} as lid, {$links_col['cat_id']} as catid, {$links_col['title']} as title, {$links_col['description']} as description, {$links_col['hits']} as hits, IF({$links_col['cat_id']}, CONCAT('/', {$cats_col['title']}), {$cats_col['title']}) AS cattitle\n FROM {$pntable['links_links']}\n LEFT JOIN {$pntable['links_categories']}\n ON {$cats_col['cat_id']}={$links_col['cat_id']}\n ORDER BY {$links_col['date']} DESC";
$result = $dbconn->SelectLimit($sql, $url[1]);
while (!$result->EOF) {
$lrow = $result->GetRowAssoc(false);
if (pnSecAuthAction(0, "Web Links::Category", "{$lrow['cattitle']}::{$lrow['catid']}", ACCESS_READ)) {
$lrow['title'] = pnVarPrepForDisplay($lrow['title']);
$lrow['description'] = pnVarPrepHTMLDisplay($lrow['description']);
$lrow['cattitle'] = pnVarPrepForDisplay($lrow['cattitle']);
$row['content'] .= "<strong><big>·</big></strong> <a href=\"modules.php?op=modload&name={$url['0']}&file=index&req=visit&lid={$lrow['lid']}\" target=\"_blank\" title=\"{$lrow['cattitle']}:\n{$lrow['description']}\" class=\"pn-sub\">{$lrow['title']}</a><br>\n";
$result->MoveNext();
}
}
//$row['content'] .= "<div align=\"right\"><font class=\"pn-sub\"><a href=\"modules.php?op=modload&name=Web_Links&file=index&req=NewLinks&newlinkshowdays=10\">"._READMORE."</a></font></div>";
$row['content'] .= '</span>';
return themesideblock($row);
}
function blocks_banner_block($row)
{
list($dbconn) = pnDBGetConn();
$pntable = pnDBGetTables();
if (!pnSecAuthAction(0, "Bannersblock::", "{$row['title']}::", ACCESS_READ)) {
return;
}
$url = explode('|', $row['url']);
// to have some start variables
if (!$url[0]) {
$url[0] = "3";
}
// get the banner through the new banner api and assign type
$row['content'] = "<br><center>" . pnBannerDisplay($url[0]) . "</center>";
return themesideblock($row);
}
/**
* display block
*/
function template_firstblock_display($blockinfo)
{
// Security check
if (!pnSecAuthAction(0, 'Template:Firstblock:', "{$blockinfo['title']}::", ACCESS_READ)) {
return;
}
// Get variables from content block
$vars = pnBlockVarsFromContent($blockinfo['content']);
// Defaults
if (empty($vars['numitems'])) {
$vars['numitems'] = 5;
}
// Database information
pnModDBInfoLoad('Template');
list($dbconn) = pnDBGetConn();
$pntable = pnDBGetTables();
$templatetable = $pntable['template'];
$templatecolumn =& $pntable['template_column'];
// Query
$sql = "SELECT {$templatecolumn['tid']},\n {$templatecolumn['name']}\n FROM {$templatetable}\n ORDER by {$templatecolumn['name']}";
$result = $dbconn->SelectLimit($sql, $vars['numitems']);
if ($dbconn->ErrorNo() != 0) {
return;
}
if ($result->EOF) {
return;
}
// Create output object
$output = new pnHTML();
// Display each item, permissions permitting
for (; !$result->EOF; $result->MoveNext()) {
list($tid, $name) = $result->fields;
if (pnSecAuthAction(0, 'Template::', "{$name}::{$tid}", ACCESS_OVERVIEW)) {
if (pnSecAuthAction(0, 'Template::', "{$name}::{$tid}", ACCESS_READ)) {
$output->URL(pnModURL('Template', 'user', 'viewdetail', array('tid' => $tid)), $name);
} else {
$output->Text($name);
}
$output->Linebreak();
}
}
// Populate block info and pass to theme
$blockinfo['content'] = $output->GetOutput();
return themesideblock($blockinfo);
}
function blocks_user_block($row)
{
list($dbconn) = pnDBGetConn();
$pntable = pnDBGetTables();
if (!pnSecAuthAction(0, 'Userblock::', "{$row['title']}::", ACCESS_READ)) {
return;
}
if (pnUserLoggedIn() && pnUserGetVar('ublockon') == 1) {
$column =& $pntable['users_column'];
$uid = pnUserGetVar('uid');
$getblock = $dbconn->Execute("SELECT {$column['ublock']} FROM {$pntable['users']} WHERE {$column['uid']}=" . pnVarPrepForStore($uid) . "");
list($ublock) = $getblock->fields;
$username = pnUserGetVar('name');
$row['title'] = _MENUFOR . " " . pnVarPrepForDisplay($username) . "";
$row['content'] = $ublock;
return themesideblock($row);
}
}
/**
* view items
* This is a standard function to provide an overview of all of the items
* available from the module.
*/
function postcalendar_user_view()
{
if (!pnSecAuthAction(0, 'PostCalendar::', '::', ACCESS_OVERVIEW)) {
return _POSTCALENDARNOAUTH;
}
// get the vars that were passed in
list($Date, $print, $viewtype, $jumpday, $jumpmonth, $jumpyear) = pnVarCleanFromInput('Date', 'print', 'viewtype', 'jumpday', 'jumpmonth', 'jumpyear');
$Date =& postcalendar_getDate();
if (!isset($viewtype)) {
$viewtype = _SETTING_DEFAULT_VIEW;
}
// added to allow the view & providers to remain as the user last saw it -- JRM
if ($_SESSION['viewtype']) {
$viewtype = $_SESSION['viewtype'];
}
if ($_SESSION['pc_username']) {
$pc_username = $_SESSION['pc_username'];
}
return postcalendar_user_display(array('viewtype' => $viewtype, 'Date' => $Date, 'print' => $print)) . postcalendar_footer();
}
function blocks_button_display($row)
{
list($dbconn) = pnDBGetConn();
$pntable = pnDBGetTables();
if (!pnSecAuthAction(0, 'Buttonblock::', "{$row['title']}::", ACCESS_READ)) {
return;
}
$buttons = array();
$column =& $pntable['blocks_buttons_column'];
$result = $dbconn->Execute("SELECT {$column['title']} as title, {$column['url']} as url, {$column['images']} as images\n FROM {$pntable['blocks_buttons']}\n WHERE {$column['bid']}={$row['bid']}");
while (!$result->EOF) {
$brow = $result->getRowAssoc(false);
$result->MoveNext();
$buttons[] = $brow;
}
srand(time());
shuffle($buttons);
shuffle($buttons);
$row['content'] = '<span style="text-align:center">';
$content = 0;
foreach ($buttons as $v) {
$img = explode('|', $v['images']);
if (count($img) > 1) {
$x = rand(0, count($img) - 1);
$img = $img[$x];
} else {
$img = $img[0];
}
$v['title'] = pnVarPrepForDisplay($v['title']);
if (!pnSecAuthAction(0, 'Buttonblock::', "{$row['title']}:{$row['url']}:{$img}", ACCESS_READ)) {
continue;
}
$imgsize = @getimagesize($img);
$row['content'] .= "<a href=\"{$v['url']}\" target=\"_blank\" title=\"{$v['title']}\"><img src=\"{$img}\"\n alt=\"{$v['title']}\" border=\"0\" {$imgsize['3']} /></a><br />\n";
$content = 1;
}
$row['content'] .= '</span>';
if ($content == 1) {
return themesideblock($row);
}
}
function blocks_big_block($row)
{
$pntable = pnDBGetTables();
if (!pnSecAuthAction(0, 'Bigblock::', "{$row['title']}::", ACCESS_READ)) {
return;
}
$today = getdate();
$day = $today["mday"];
if ($day < 10) {
$day = "0{$day}";
}
$month = $today["mon"];
if ($month < 10) {
$month = "0{$month}";
}
$year = $today["year"];
$tdate = "{$year}-{$month}-{$day}";
$column =& $pntable['stories_column'];
$articles = getArticles("{$column['time']} LIKE '%{$tdate}%'\n AND {$column['ihome']} = 0\n AND {$column['counter']} > 0", "{$column['counter']} DESC", "1");
if (empty($articles)) {
return;
} else {
$info = genArticleInfo($articles[0]);
if (pnSecAuthAction(0, 'Stories::Story', "{$info['aid']}:{$info['cattitle']}:{$info['sid']}", ACCESS_READ) && pnSecAuthAction(0, 'Topics::Topic', "{$info['topicname']}::{$info['tid']}", ACCESS_READ)) {
$links = genArticleLinks($articles[0]);
$preformat = genArticlePreformat($info, $links);
$content = '<span class="pn-normal">' . _BIGSTORY . '</span><br /><br />';
$content .= $preformat['title'];
} else {
return;
}
}
if (empty($row['title'])) {
$row['title'] = _TODAYBIG;
}
if (empty($content)) {
return;
}
$row['content'] = $content;
return themesideblock($row);
}
function blocks_finclude_block($row)
{
if (!pnSecAuthAction(0, "fincludeblock::", "{$row['title']}::", ACCESS_READ)) {
return;
}
$url = explode('|', $row['url']);
$file = $url[0];
$type = $url[1];
if (!file_exists($file)) {
$row['content'] = "File: " . $file . " does not exist.";
return themesideblock($row);
}
$lines = file($file);
foreach ($lines as $line_num => $line) {
if ($type == 1) {
$row['content'] .= $line;
}
if ($type == 0) {
$row['content'] .= $line . "<br/>";
}
}
return themesideblock($row);
}
function blocks_online_block($row)
{
list($dbconn) = pnDBGetConn();
$pntable = pnDBGetTables();
if (!pnSecAuthAction(0, 'Onlineblock::', "{$row['title']}::", ACCESS_READ)) {
return;
}
$sessioninfocolumn =& $pntable['session_info_column'];
$sessioninfotable = $pntable['session_info'];
$sessioninfocolumn =& $pntable['session_info_column'];
$sessioninfotable = $pntable['session_info'];
$activetime = time() - pnConfigGetVar('secinactivemins') * 60;
$query = "SELECT count( 1 )\n FROM {$sessioninfotable}\n WHERE {$sessioninfocolumn['lastused']} > {$activetime} AND {$sessioninfocolumn['uid']} >0\n\t\t GROUP BY {$sessioninfocolumn['uid']}\n\t\t ";
$result = $dbconn->Execute($query);
$numusers = $result->RecordCount();
$result->Close();
$query2 = "SELECT count( 1 )\n FROM {$sessioninfotable}\n WHERE {$sessioninfocolumn['lastused']} > {$activetime} AND {$sessioninfocolumn['uid']} = '0'\n\t\t\t GROUP BY {$sessioninfocolumn['ipaddr']}\n\t\t\t ";
$result2 = $dbconn->Execute($query2);
$numguests = $result2->RecordCount();
$result2->Close();
// Pluralise
if ($numguests == 1) {
$guests = _GUEST;
} else {
$guests = _GUESTS;
}
if ($numusers == 1) {
$users = _MEMBER;
} else {
$users = _MEMBERS;
}
$content = "<span class=\"pn-normal\">" . _CURRENTLY . " " . pnVarPrepForDisplay($numguests) . " " . pnVarPrepForDisplay($guests) . " " . _AND . " " . pnVarPrepForDisplay($numusers) . " " . pnVarPrepForDisplay($users) . " " . _ONLINE . "<br />\n";
if (pnUserLoggedIn()) {
$content .= '<br />' . _YOUARELOGGED . ' <b>' . pnUserGetVar('uname') . '</b>.<br />';
if (pnModAvailable('Messages')) {
// display private messages only when module is active
$column =& $pntable['priv_msgs_column'];
$result2 = $dbconn->Execute("SELECT count(*) FROM {$pntable['priv_msgs']} WHERE {$column['to_userid']}=" . pnUserGetVar('uid'));
list($numrow) = $result2->fields;
// get unread messages
$result3 = $dbconn->Execute("SELECT count(*) FROM {$pntable['priv_msgs']} WHERE {$column['to_userid']}=" . pnUserGetVar('uid') . " AND {$column['read_msg']}='0'");
list($unreadrow) = $result3->fields;
if ($numrow == 0) {
$content .= '<br /></span>';
} else {
$content .= "<br />" . _YOUHAVE . " (<a class=\"pn-normal\" href=\"modules.php?op=modload&name=Messages&file=index\" title=\"" . _PRIVATEMSGS . "\">" . pnVarPrepForDisplay($numrow) . "</a>|<a class=\"pn-normal\" href=\"modules.php?op=modload&name=Messages&file=index\" title=\"" . _PRIVATEMSGNEW . "\">" . pnVarPrepForDisplay($unreadrow) . "</a>) ";
if ($numrow == 1) {
$content .= _PRIVATEMSG;
} elseif ($numrow > 1) {
$content .= _PRIVATEMSGS;
}
$content .= "</span><br />";
}
}
} else {
$content .= '<br />' . _YOUAREANON . '</span><br />';
}
if (empty($row['title'])) {
$row['title'] = _WHOSONLINE;
}
$row['content'] = $content;
return themesideblock($row);
}
/**
* Selects all of a given item from database.
*
* @param $from STRING required table name to select items from.
* @return array of options for dropdowns.
*/
function Meds_userapi_DBselect($args)
{
// Initialize the return variable early on.
$select = array();
// Permission check.
if (!pnSecAuthAction(0, 'Meds::', '::', ACCESS_OVERVIEW)) {
return $select;
}
// Define table to select from. (comparable to $object in other functions)
$from = (string) $args['from'];
// Define tables that can be selected from for dropdowns.
$tables = array('chem', 'company', 'moa', 'preserve');
// Ensure a valid table name was passed.
if (!in_array($from, $tables)) {
pnSessionSetVar('errormsg', 'Error selecting table from database.');
return false;
}
// Get database connection and tables references.
$dbconn =& pnDBGetConn(true);
$pntable =& pnDBGetTables();
// Dynamically create the table/field references based on $from.
$table =& $pntable['rx_' . $from];
$field =& $pntable['rx_' . $from . '_column'];
// Dynamically create the $id_field to select by.
$id_field = substr($from, 0, 4) . '_id';
// Create SQL to select the id and name of the item.
$sql = "SELECT {$field[$id_field]},\n {$field['name']}\n FROM {$table}\n ORDER BY {$field['name']}";
// Execute query.
$result = $dbconn->Execute($sql);
// Check for database errors.
if ($dbconn->ErrorNo() != 0) {
pnSessionSetVar('errormsg', _GETFAILED);
return false;
}
// Loop through $result set.
for (; !$result->EOF; $result->MoveNext()) {
// Extract data from result set.
list($id, $name) = $result->fields;
// Assign the data to the select array.
$select[$id] = array($id_field => $id, 'name' => $name);
}
// Close $result set.
$result->Close();
// Return.
return $select;
}
// ----------------------------------------------------------------------
// Original Author of file: Francisco Burzi
// Purpose of file:
// ----------------------------------------------------------------------
// include base api
include 'includes/pnAPI.php';
// start PN
pnInit();
// Get module
$module = pnVarCleanFromInput('module');
if (empty($module)) {
// call for admin.php without module parameter
pnRedirect(pnModURL('Admin', 'admin', 'adminpanel'));
exit;
} else {
if (!pnModAvailable($module) || !pnSecAuthAction(0, "{$module}::", '::', ACCESS_EDIT)) {
// call for an unavailable module - either not available or not authorized
header('HTTP/1.0 403 Access Denied');
include 'header.php';
echo 'Module <strong>' . pnVarPrepForDisplay($module) . '</strong> not available';
include 'footer.php';
exit;
}
}
// get the module information
$modinfo = pnModGetInfo(pnModGetIDFromName($module));
if ($modinfo['type'] == 2 || $modinfo['type'] == 3) {
// Redirect to new style admin panel
pnRedirect(pnModURL($module, 'admin'));
exit;
}
function authorised($testrealm, $testcomponent, $testinstance, $testlevel)
{
$testrealm = isset($testrealm) ? $testrealm : null;
$testcomponent = isset($testcomponent) ? $testcomponent : null;
$testinstance = isset($testinstance) ? $testinstance : null;
$testlevel = isset($testlevel) ? $testlevel : 0;
// Wrapper for new pnSecAuthAction() function
return pnSecAuthAction($testrealm, $testcomponent, $testinstance, $testlevel);
}
/**
* clean user input
* <br>
* Gets a global variable, cleaning it up to try to ensure that
* hack attacks don't work
* @param var name of variable to get
* @param ...
* @returns string/array
* @return prepared variable if only one variable passed
* in, otherwise an array of prepared variables
*/
function pnVarCleanFromInput()
{
$search = array('|</?\\s*SCRIPT.*?>|si', '|</?\\s*FRAME.*?>|si', '|</?\\s*OBJECT.*?>|si', '|</?\\s*META.*?>|si', '|</?\\s*APPLET.*?>|si', '|</?\\s*LINK.*?>|si', '|</?\\s*IFRAME.*?>|si', '|STYLE\\s*=\\s*"[^"]*"|si');
$replace = array('');
$resarray = array();
foreach (func_get_args() as $var) {
// Get var
global ${$var};
if (empty($var)) {
return;
}
$ourvar = ${$var};
if (!isset($ourvar)) {
array_push($resarray, NULL);
continue;
}
if (empty($ourvar)) {
array_push($resarray, $ourvar);
continue;
}
// Clean var
if (check_magic_quotes()) {
pnStripslashes($ourvar);
}
if (!pnSecAuthAction(0, '::', '::', ACCESS_ADMIN)) {
$ourvar = preg_replace($search, $replace, $ourvar);
}
// Add to result array
array_push($resarray, $ourvar);
}
// Return vars
if (func_num_args() == 1) {
return $resarray[0];
} else {
return $resarray;
}
}
